Re: Rate Stratfor's Incident Response

["Giles Coochey" <giles () coochey net>]

+1 to the below.

The days where you could hood-wink a judge and say you were just playing
on the computer are over. Get with it.

On Fri, January 13, 2012 11:57, Ferenc Kovacs wrote:
> On Thu, Jan 12, 2012 at 10:46 PM, Benjamin Kreuter
> <ben.kreuter () gmail com>wrote:
>
> > On Thu, 12 Jan 2012 16:06:53 -0500
> > Valdis.Kletnieks () vt edu wrote:
> >
> > > On Thu, 12 Jan 2012 15:16:19 EST, Benjamin Kreuter said:
> > >
> > > > Really, calling it "breaking in" is a stretch.  You connected a
> > > > computer to a publicly accessible computer network, where anyone can
> > > > send anything to your computer.  If hacking such a system is
> > > > "breaking in," you might as well claim that shouting across your
> > > > neighbor's yard is "breaking in."
> > >
> > > Bad analogy.  Closer would be if you have a house that's got a
> > > driveway on a public street, and you claim it's not breaking and
> > > entering if you walk up the driveway, try the doorknob, find it
> > > unlocked, and let yourself in without the permission of the
> > > residents.  Saying that "anybody could walk up and let themselves in
> > > the door" doesn't make it legal.
> >
> > Would you say that we should arrest the person who walks into the
> > house, takes a picture of themselves standing next to an expensive
> > television and leaves the picture next to a note that says "your door
> > was unlocked?"
> yeah, it would still be an offence in most country.
>
>
> > Really though, it is still a terrible analogy.  You can disconnect a
> > computer from the Internet; you cannot disconnect a building from a
> > street.  A hacker in a foreign country might be attacking your computer
> > system from that country, and could be outside the jurisdiction of any
> > relevant law enforcement agency; a person who breaks into a building is
> > committing a crime in whatever jurisdiction the building is in.
>
> the crime would still be a crime in the country where the
> building/computer
> is located, you just can't get the offender prosecuted, just like if he
> would flee the country after trespassing into your house.
>
>
> > Analogies are nice and they help non-technical folks understand what
> > is going on, but let's not get carried away with them. Someone who
> > attacks a computer system over the Internet (or any other network) is
> > sending unwanted/malicious messages.  This is not the same as physically
> > breaking into a building, locker, or computer. It may be illegal, but
> > it is still very different from other crimes.
>
>
> why is it different? the only difference imo is that the whole
> IT/networking stuff is relatively new, and the law was lagging behind, and
> some people still that it is, when it isn't really anymore.
> you can get the same amount of fine/years in prison whether you stole the
> money/confidential info through physical or electronical means.
>
>
> >  If anything, the closest
> > type of criminal would be a con man, which seems fitting given how many
> > of today's attacks have an element of social engineering.
>
> nope.
> of course social engineering can be compared to Confidence trick, because
> it is a Confidence trick.
> but social engineering is only one vulnerability from the many, and
> usually
> it is used together with other methods (you get the credentials using
> that,
> then you proceed and access the system using those credentials, which is
> the gaining unauthorized access to the system.
>
> --
> Ferenc Kovács
> @Tyr43l - http://tyrael.hu
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/