Vulnerability Development mailing list archives
Re: Cons and Security Validation
From: Crispin Cowan <crispin () WIREX COM>
Date: Fri, 9 Feb 2001 17:43:23 -0800
Matt Barringer wrote:
On Wed, 7 Feb 2001, Dan Kaminsky wrote:platform! Perhaps there's something to be said for allowing remote testing of secure environments without the accompanying burst of empty hype and subsequent DoSing that contests spawn?This brings up the interesting question of legality (and it has probably been discussed before). Would we would be partially liable for damages caused by anyone who is able to r00t the machine's subsequent terrorization of network and system administrators?
IANAL, but I don't see how we could be any more liable than an ISP who rents shell accounts. We would have a posted security policy that says "you're welcome to crack into this machine, but cracking anything else from here is prohibited, and will disqualify you from any prize money." Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- Re: Cons and Security Validation, (continued)
- Re: Cons and Security Validation Andrew R. Reiter (Feb 06)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Pavel Slavin (Feb 07)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Blue Boar (Feb 06)
- Re: Cons and Security Validation Greg KH (Feb 06)
- Re: Cons and Security Validation Blue Boar (Feb 06)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Dan Kaminsky (Feb 07)
- Re: Cons and Security Validation Matt Barringer (Feb 07)
- Re: Cons and Security Validation H D Moore (Feb 08)
- Re: Cons and Security Validation Crispin Cowan (Feb 10)
- Re: Cons and Security Validation Greg KH (Feb 06)
- Re: Cons and Security Validation Andrew R. Reiter (Feb 06)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Robert A. Seace (Feb 07)
- Re: Cons and Security Validation Blue Boar (Feb 08)
- Re: Cons and Security Validation Michel Kaempf (Feb 08)
- Re: Cons and Security Validation Blue Boar (Feb 08)
- Re: Cons and Security Validation Pavel Kankovsky (Feb 13)