Full Disclosure mailing list archives
Re: Rate Stratfor's Incident Response
From: "Giles Coochey" <giles () coochey net>
Date: Fri, 13 Jan 2012 12:17:57 +0100
+1 to the below. The days where you could hood-wink a judge and say you were just playing on the computer are over. Get with it. On Fri, January 13, 2012 11:57, Ferenc Kovacs wrote:
On Thu, Jan 12, 2012 at 10:46 PM, Benjamin Kreuter <ben.kreuter () gmail com>wrote:On Thu, 12 Jan 2012 16:06:53 -0500 Valdis.Kletnieks () vt edu wrote:On Thu, 12 Jan 2012 15:16:19 EST, Benjamin Kreuter said:Really, calling it "breaking in" is a stretch. You connected a computer to a publicly accessible computer network, where anyone can send anything to your computer. If hacking such a system is "breaking in," you might as well claim that shouting across your neighbor's yard is "breaking in."Bad analogy. Closer would be if you have a house that's got a driveway on a public street, and you claim it's not breaking and entering if you walk up the driveway, try the doorknob, find it unlocked, and let yourself in without the permission of the residents. Saying that "anybody could walk up and let themselves in the door" doesn't make it legal.Would you say that we should arrest the person who walks into the house, takes a picture of themselves standing next to an expensive television and leaves the picture next to a note that says "your door was unlocked?"yeah, it would still be an offence in most country.Really though, it is still a terrible analogy. You can disconnect a computer from the Internet; you cannot disconnect a building from a street. A hacker in a foreign country might be attacking your computer system from that country, and could be outside the jurisdiction of any relevant law enforcement agency; a person who breaks into a building is committing a crime in whatever jurisdiction the building is in.the crime would still be a crime in the country where the building/computer is located, you just can't get the offender prosecuted, just like if he would flee the country after trespassing into your house.Analogies are nice and they help non-technical folks understand what is going on, but let's not get carried away with them. Someone who attacks a computer system over the Internet (or any other network) is sending unwanted/malicious messages. This is not the same as physically breaking into a building, locker, or computer. It may be illegal, but it is still very different from other crimes.why is it different? the only difference imo is that the whole IT/networking stuff is relatively new, and the law was lagging behind, and some people still that it is, when it isn't really anymore. you can get the same amount of fine/years in prison whether you stole the money/confidential info through physical or electronical means.If anything, the closest type of criminal would be a con man, which seems fitting given how many of today's attacks have an element of social engineering.nope. of course social engineering can be compared to Confidence trick, because it is a Confidence trick. but social engineering is only one vulnerability from the many, and usually it is used together with other methods (you get the credentials using that, then you proceed and access the system using those credentials, which is the gaining unauthorized access to the system. -- Ferenc Kovács @Tyr43l - http://tyrael.hu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Rate Stratfor's Incident Response, (continued)
- Re: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 12)
- Re: Rate Stratfor's Incident Response Byron Sonne (Jan 12)
- Re: Rate Stratfor's Incident Response Giles Coochey (Jan 12)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Jeffrey Walton (Jan 12)
- Re: Rate Stratfor's Incident Response BMF (Jan 12)
- Re: Rate Stratfor's Incident Response Thor (Hammer of God) (Jan 12)
- Re: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 13)
- Re: Rate Stratfor's Incident Response Giles Coochey (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 13)
- Re: Rate Stratfor's Incident Response J. von Balzac (Jan 13)
- Re: Rate Stratfor's Incident Response Michael Schmidt (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 13)
- Re: Rate Stratfor's Incident Response Laurelai (Jan 13)
- Re: Rate Stratfor's Incident Response Gage Bystrom (Jan 13)
- Re: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 14)
- Re: Rate Stratfor's Incident Response Sanguinarious Rose (Jan 14)