[prev in list] [next in list] [prev in thread] [next in thread] 

List:       inet-access
Subject:    Re: Life Sentence for Hacking
From:       NET-LINK <netlink () netlinkcorp ! com>
Date:       2001-09-30 7:02:09
[Download RAW message or body]

> On Sat, Sep 29, 2001 at 09:36:51PM -0400, NET-LINK wrote:
> >I agree. The only ones who will be pissed at this type of
> >severity is someone whose regular disturbance of networks is
> >inconvenienced [ie. the attackers].
> 


> Tell that to the people who end up in trouble for reporting security holes
> to the owners of a system.  This is the type of law that just screams for
> abuse by government officials who suffer from clue deprivation.
> 
> Bill


I am sure gov. officials will have panic syndrome built in
and 'we wanna set examples' mentality or as you aptly
put it suffer from "clue deprivation". 

As most know, an owner of a system can not be made to correct anything 
[ie. budget] but they can be made aware of the situation. Failure to
correct 
it after awareness is then the owner responsibility. If the owner is
PO'd for 
that type of reporting, then time for a new job anyway. If the owner is
negligent
because of prior awareness, his insurance company will balk and not pay
but he
still will be able to prosecute a hacker/attacker and most likely win.

If I leave my backdoor open [ie. security hole] on my house, it 
doesn't mean someone is justified to come check and see if the door is
locked. 
Someone can and most likely will come and check that door eventually.
If they find the door open [ie. hack into my computer] and enter inside
as a result, 
it is still trespassing [ie. against the law]. Obviously it would mean
that
I need to improve security and have suffered a security break-in because
of my
own stupidity especially if made aware of the security problem earlier
but it is still no excuse to enter and trespass on my property [break
the law].

Prosecuting in most cases would mean I am publicly letting people know
how little  
clue I had as a system owner yet winning in spite of it due to overall
cluelessness.

If joe system owner happens to be a bank with thousands of pieces of
credit
and financial info, I'll be curious to see how quick joe
system owner comes out publicly to say they have been broken into and
want to prosecute joe attacker. Joe attacker most likely will be on his 
way with my info. The bank due to cluelessness won't even know until it
is too late but I don't think they'll be going public too rapidly with
it when they
do find out. If they fire the consultant/employee for the failure even
if he/she
made the problem known, they would get backlashed there too.
-------
R. Hall
NET-LINK Corp.
-
Recent archives of the list can be found at:
http://mix.twistedpair.ca/pipermail/inet-access/
Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave.
Eat sushi frequently.   inet@inet-access.net is the human contact address.

[prev in list] [next in list] [prev in thread] [next in thread]