From: Bit Twister on
On 21 Jan 2010 12:41:09 GMT, Ansgar -59cobalt- Wiechers wrote:
> Bit Twister <BitTwister(a)mouse-potato.com> wrote:

> Your analogy is indeed very poor, because with TCP/IP any driver on that
> road can only distinguish between a building he can or cannot enter by
> actually trying if the door is locked (port closed), open but declared
> private (authentication required) or open to the public (any other
> case).

But the human is doing the driving, not the driver. :)


> Answer me this question: how do you get authorization to use any service
> on the Internet (like, say, Google)? I don't recall ever having
> requested or being granted explicit permission to use their service.

I hear what you are saying. google example would be you going into a
Wallmart or any business open to the public,

> Also - speaking of Google - you just declared the business of every
> search engine existing to be illegal. If you don't understand why: take
> a look at how spiders work and then ask yourself how *they* get
> permission to do what they're doing.

Heheheh, yes I know about spiders. And yes, Technically google is
breaking the law.


> IOW you just requested nothing short of the Internet being shut down.

NO, anyone can drive around on the internet, just not allowed to drive
onto just anyone's property.


>> That means a ping is trespassing.
>
> Which is simply ridiculous.

But has to be that way to keep hackers lawyers saying "but system
allowed it"


> "If you have reached this page, the content you are seeking has been
> moved."

Sorry, I did not check the link. It has been awhile.
http://www.statutes.legis.state.tx.us/Docs/PE/htm/PE.33.htm
Texas Penal Code, Title 7, Offenses Against Property, Chapter
33, Computer Crimes, is quite clear about unauthorised scanning.

Read 33.01. Definitions (1) "Access"
then 33.02. Breach of Computer Security (a)



> Besides, according to your own logic, I just commited an act of criminal
> trespassing by accessing that page, since I never got express permission
> by its owner.

Not my logic. Just a fact of law.

Your logic is not going to be a defense if you access a power
substation or water damn/lock control system.
From: Ansgar -59cobalt- Wiechers on
Bit Twister <BitTwister(a)mouse-potato.com> wrote:
> On 21 Jan 2010 12:41:09 GMT, Ansgar -59cobalt- Wiechers wrote:
>> Bit Twister <BitTwister(a)mouse-potato.com> wrote:
>
>> Your analogy is indeed very poor, because with TCP/IP any driver on
>> that road can only distinguish between a building he can or cannot
>> enter by actually trying if the door is locked (port closed), open
>> but declared private (authentication required) or open to the public
>> (any other case).
>
> But the human is doing the driving, not the driver. :)

Har.

>> Answer me this question: how do you get authorization to use any
>> service on the Internet (like, say, Google)? I don't recall ever
>> having requested or being granted explicit permission to use their
>> service.
>
> I hear what you are saying. google example would be you going into a
> Wallmart or any business open to the public,

However, the only way to distinguish Walmart (or Farmer Fred's Produce
Plant) from Joe Average's house is to go looking. Which technically
means to send packets of some kind.

>> Also - speaking of Google - you just declared the business of every
>> search engine existing to be illegal. If you don't understand why:
>> take a look at how spiders work and then ask yourself how *they* get
>> permission to do what they're doing.
>
> Heheheh, yes I know about spiders. And yes, Technically google is
> breaking the law.

Technically that kind of law is breaking the Internet.

Keep in mind that this doesn't apply only to Google, but to *every*
*single* entity using the Internet.

>> IOW you just requested nothing short of the Internet being shut down.
>
> NO, anyone can drive around on the internet, just not allowed to drive
> onto just anyone's property.

That's like saying you can drive around public streets, but you can't
get off (or even look around) anywhere. Makes the whole thing rather
pointless, don't you think?

And just in case anyone was wondering: yes, on the Internet "looking"
does mean sending and receiving packets. That's how TCP/IP works.

>>> That means a ping is trespassing.
>>
>> Which is simply ridiculous.
>
> But has to be that way to keep hackers lawyers saying "but system
> allowed it"

Only if you believe that people do have the right to remain ignorant.
Which I resent.

And, repeating myself, it in turn would mean that nobody can legally use
the Internet. Ever.

>> "If you have reached this page, the content you are seeking has been
>> moved."
>
> Sorry, I did not check the link. It has been awhile.
> http://www.statutes.legis.state.tx.us/Docs/PE/htm/PE.33.htm
> Texas Penal Code, Title 7, Offenses Against Property, Chapter
> 33, Computer Crimes, is quite clear about unauthorised scanning.
>
> Read 33.01. Definitions (1) "Access"
> then 33.02. Breach of Computer Security (a)

Basically this means: unless you can assume the owner's implicit
consent, every single Texan citizen using the Internet is in violation
of the law. I'll leave it as an exercise to the reader to decide how
sensible this point of view is.

>> Besides, according to your own logic, I just commited an act of
>> criminal trespassing by accessing that page, since I never got
>> express permission by its owner.
>
> Not my logic. Just a fact of law.

Not where I live. And AFAICS not in most other places.

> Your logic is not going to be a defense if you access a power
> substation or water damn/lock control system.

*sigh*

Did you ever ask yourself why that kind of system should have any
connection to the Internet in the first place? Doesn't the term "due
diligence" mean anything to anyone except me anymore? In my book, not
the person accessing that kind of system ought to be prosecuted, but
those who failed to properly secure it. Tar and feathers come to mind.

Like I said above: I resent the idea that people have the right to
remain ignorant.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
From: Bit Twister on
On 21 Jan 2010 15:08:25 GMT, Ansgar -59cobalt- Wiechers wrote:
> Bit Twister <BitTwister(a)mouse-potato.com> wrote:
>> Your logic is not going to be a defense if you access a power
>> substation or water damn/lock control system.
>
> *sigh*
>
> Did you ever ask yourself why that kind of system should have any
> connection to the Internet in the first place?

Profit. Only need the idiot setting in a control room controlling
remote devices. That dedicated phone line and equipment on both end
cost too much. :)


> Doesn't the term "due
> diligence" mean anything to anyone except me anymore? In my book, not
> the person accessing that kind of system ought to be prosecuted, but
> those who failed to properly secure it. Tar and feathers come to mind.
>
> Like I said above: I resent the idea that people have the right to
> remain ignorant.

I hear where you are coming from. Should everyone have to be able to
put their car together from scratch to be licensed to drive.

What about the best damn malware magnet OS being allowed for sale.
Cars makers can be sued for bad design. I think Micro$loth should be
made to supply best of breed anti-(virus,ad,spyware,rootkit,..) and
database subscriptions for as long as user runs M$ OS. :-D

Of course 55,000 new malware releases a day does keep the user a fair
distance behind the curve.

Using your rule, there would be no way to prosecute the botnet master
causing a denial of service.

Defense lawyer: Your honor, not my client's problem because the
victim did not buy enough internet capacity/bandwidth and have enough
horsepower to sustain the load. Also should have had software to
block my client's net's ip addresses. No law broken here.
From: Ansgar -59cobalt- Wiechers on
Bit Twister <BitTwister(a)mouse-potato.com> wrote:
> On 21 Jan 2010 15:08:25 GMT, Ansgar -59cobalt- Wiechers wrote:
>> Doesn't the term "due diligence" mean anything to anyone except me
>> anymore? In my book, not the person accessing that kind of system
>> ought to be prosecuted, but those who failed to properly secure it.
>> Tar and feathers come to mind.
>>
>> Like I said above: I resent the idea that people have the right to
>> remain ignorant.
>
> I hear where you are coming from. Should everyone have to be able to
> put their car together from scratch to be licensed to drive.

No. But everyone who *does* should be held responsible if they screw up.
And everyone who doesn't want that should leave their car to a garage.
Who should be held responsible if *they* screw up.

> What about the best damn malware magnet OS being allowed for sale.

What about it? Even Windows can be run in a way that doesn't promote
malware distribution.

> Cars makers can be sued for bad design. I think Micro$loth should be
> made to supply best of breed anti-(virus,ad,spyware,rootkit,..) and
> database subscriptions for as long as user runs M$ OS. :-D

Microsoft should be held responsible for the really bad default
configuration they ship, yes. Everyone else should be held responsible
for not changing those (well known) bad defaults, though.

I've been running Windows (as well as other systems) for more than a
decade now, and I can count the number of infections on one hand. Not to
mention that a significant number of infections (I'd even go as far as
saying most of them) could have been avoided by very simple means, like
timely application of security patches, using a limited user account for
day-to-day work, or disabling auto-play.

There really is no technical reason at all why a computer running
Windows 2000, XP or newer must be more vulnerable than a computer
running Linux or Mac OS X.

[...]
> Using your rule, there would be no way to prosecute the botnet master
> causing a denial of service.

That's simply not true (well, not where I live at least). The principal
of a crime can always be held responsible in just the same way as the
one actually committing the crime. However, there *is* something like
gross negligence in virtually any other area. Why are IT systems (and
particularly the vendor of an all-too-well-known operating system)
treated so much differently?

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
From: Skywise on
Ansgar -59cobalt- Wiechers <usenet-2010(a)planetcobalt.net> wrote in
news:7rrhg3Fi9tU1(a)mid.individual.net:

> I've been running Windows (as well as other systems) for more than a
> decade now, and I can count the number of infections on one hand.

I can do better. ZERO infections. Running windows since 3.1.

Practice safe hex.

Brian
--
http://www.skywise711.com - Lasers, Seismology, Astronomy, Skepticism
Seismic FAQ: http://www.skywise711.com/SeismicFAQ/SeismicFAQ.html
Quake "predictions": http://www.skywise711.com/quakes/EQDB/index.html
Sed quis custodiet ipsos Custodes?