Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cons and Security Validation

From: Crispin Cowan <crispin () WIREX COM>
Date: Fri, 9 Feb 2001 17:43:23 -0800
Matt Barringer wrote:


On Wed, 7 Feb 2001, Dan Kaminsky wrote:


platform!  Perhaps there's something to be said for allowing remote testing
of secure environments without the accompanying burst of empty hype and
subsequent DoSing that contests spawn?


This brings up the interesting question of legality (and it has probably
been discussed before).  Would we would be partially liable
for damages caused by anyone who is able to r00t the machine's subsequent
terrorization of network and system administrators?


IANAL, but I don't see how we could be any more liable than an ISP who rents
shell accounts.  We would have a posted security policy that says "you're
welcome to crack into this machine, but cracking anything else from here is
prohibited, and will disqualify you from any prize money."

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org
Previous By Date Next
Previous By Thread Next

Current thread: