Full Disclosure mailing list archives
Re: Rate Stratfor's Incident Response
From: Benjamin Kreuter <ben.kreuter () gmail com>
Date: Thu, 12 Jan 2012 16:46:15 -0500
On Thu, 12 Jan 2012 16:06:53 -0500 Valdis.Kletnieks () vt edu wrote:
On Thu, 12 Jan 2012 15:16:19 EST, Benjamin Kreuter said:Really, calling it "breaking in" is a stretch. You connected a computer to a publicly accessible computer network, where anyone can send anything to your computer. If hacking such a system is "breaking in," you might as well claim that shouting across your neighbor's yard is "breaking in."Bad analogy. Closer would be if you have a house that's got a driveway on a public street, and you claim it's not breaking and entering if you walk up the driveway, try the doorknob, find it unlocked, and let yourself in without the permission of the residents. Saying that "anybody could walk up and let themselves in the door" doesn't make it legal.
Would you say that we should arrest the person who walks into the house, takes a picture of themselves standing next to an expensive television and leaves the picture next to a note that says "your door was unlocked?" Really though, it is still a terrible analogy. You can disconnect a computer from the Internet; you cannot disconnect a building from a street. A hacker in a foreign country might be attacking your computer system from that country, and could be outside the jurisdiction of any relevant law enforcement agency; a person who breaks into a building is committing a crime in whatever jurisdiction the building is in. Analogies are nice and they help non-technical folks understand what is going on, but let's not get carried away with them. Someone who attacks a computer system over the Internet (or any other network) is sending unwanted/malicious messages. This is not the same as physically breaking into a building, locker, or computer. It may be illegal, but it is still very different from other crimes. If anything, the closest type of criminal would be a con man, which seems fitting given how many of today's attacks have an element of social engineering. -- Ben -- Benjamin R Kreuter UVA Computer Science brk7bx () virginia edu -- "If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell
Attachment:
signature.asc
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Rate Stratfor's Incident Response, (continued)
- Re: Rate Stratfor's Incident Response Giles Coochey (Jan 12)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 12)
- Re: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 12)
- Re: Rate Stratfor's Incident Response Byron Sonne (Jan 12)
- Re: Rate Stratfor's Incident Response Giles Coochey (Jan 12)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Jeffrey Walton (Jan 12)
- Re: Rate Stratfor's Incident Response BMF (Jan 12)
- Re: Rate Stratfor's Incident Response Thor (Hammer of God) (Jan 12)
- Re: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 13)
- Re: Rate Stratfor's Incident Response Giles Coochey (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 13)
- Re: Rate Stratfor's Incident Response J. von Balzac (Jan 13)
- Re: Rate Stratfor's Incident Response Michael Schmidt (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 13)
- Re: Rate Stratfor's Incident Response Laurelai (Jan 13)
- Re: Rate Stratfor's Incident Response Gage Bystrom (Jan 13)