From: Bit Twister on 21 Jan 2010 09:05 On 21 Jan 2010 12:41:09 GMT, Ansgar -59cobalt- Wiechers wrote: > Bit Twister <BitTwister(a)mouse-potato.com> wrote: > Your analogy is indeed very poor, because with TCP/IP any driver on that > road can only distinguish between a building he can or cannot enter by > actually trying if the door is locked (port closed), open but declared > private (authentication required) or open to the public (any other > case). But the human is doing the driving, not the driver. :) > Answer me this question: how do you get authorization to use any service > on the Internet (like, say, Google)? I don't recall ever having > requested or being granted explicit permission to use their service. I hear what you are saying. google example would be you going into a Wallmart or any business open to the public, > Also - speaking of Google - you just declared the business of every > search engine existing to be illegal. If you don't understand why: take > a look at how spiders work and then ask yourself how *they* get > permission to do what they're doing. Heheheh, yes I know about spiders. And yes, Technically google is breaking the law. > IOW you just requested nothing short of the Internet being shut down. NO, anyone can drive around on the internet, just not allowed to drive onto just anyone's property. >> That means a ping is trespassing. > > Which is simply ridiculous. But has to be that way to keep hackers lawyers saying "but system allowed it" > "If you have reached this page, the content you are seeking has been > moved." Sorry, I did not check the link. It has been awhile. http://www.statutes.legis.state.tx.us/Docs/PE/htm/PE.33.htm Texas Penal Code, Title 7, Offenses Against Property, Chapter 33, Computer Crimes, is quite clear about unauthorised scanning. Read 33.01. Definitions (1) "Access" then 33.02. Breach of Computer Security (a) > Besides, according to your own logic, I just commited an act of criminal > trespassing by accessing that page, since I never got express permission > by its owner. Not my logic. Just a fact of law. Your logic is not going to be a defense if you access a power substation or water damn/lock control system.
From: Ansgar -59cobalt- Wiechers on 21 Jan 2010 10:08 Bit Twister <BitTwister(a)mouse-potato.com> wrote: > On 21 Jan 2010 12:41:09 GMT, Ansgar -59cobalt- Wiechers wrote: >> Bit Twister <BitTwister(a)mouse-potato.com> wrote: > >> Your analogy is indeed very poor, because with TCP/IP any driver on >> that road can only distinguish between a building he can or cannot >> enter by actually trying if the door is locked (port closed), open >> but declared private (authentication required) or open to the public >> (any other case). > > But the human is doing the driving, not the driver. :) Har. >> Answer me this question: how do you get authorization to use any >> service on the Internet (like, say, Google)? I don't recall ever >> having requested or being granted explicit permission to use their >> service. > > I hear what you are saying. google example would be you going into a > Wallmart or any business open to the public, However, the only way to distinguish Walmart (or Farmer Fred's Produce Plant) from Joe Average's house is to go looking. Which technically means to send packets of some kind. >> Also - speaking of Google - you just declared the business of every >> search engine existing to be illegal. If you don't understand why: >> take a look at how spiders work and then ask yourself how *they* get >> permission to do what they're doing. > > Heheheh, yes I know about spiders. And yes, Technically google is > breaking the law. Technically that kind of law is breaking the Internet. Keep in mind that this doesn't apply only to Google, but to *every* *single* entity using the Internet. >> IOW you just requested nothing short of the Internet being shut down. > > NO, anyone can drive around on the internet, just not allowed to drive > onto just anyone's property. That's like saying you can drive around public streets, but you can't get off (or even look around) anywhere. Makes the whole thing rather pointless, don't you think? And just in case anyone was wondering: yes, on the Internet "looking" does mean sending and receiving packets. That's how TCP/IP works. >>> That means a ping is trespassing. >> >> Which is simply ridiculous. > > But has to be that way to keep hackers lawyers saying "but system > allowed it" Only if you believe that people do have the right to remain ignorant. Which I resent. And, repeating myself, it in turn would mean that nobody can legally use the Internet. Ever. >> "If you have reached this page, the content you are seeking has been >> moved." > > Sorry, I did not check the link. It has been awhile. > http://www.statutes.legis.state.tx.us/Docs/PE/htm/PE.33.htm > Texas Penal Code, Title 7, Offenses Against Property, Chapter > 33, Computer Crimes, is quite clear about unauthorised scanning. > > Read 33.01. Definitions (1) "Access" > then 33.02. Breach of Computer Security (a) Basically this means: unless you can assume the owner's implicit consent, every single Texan citizen using the Internet is in violation of the law. I'll leave it as an exercise to the reader to decide how sensible this point of view is. >> Besides, according to your own logic, I just commited an act of >> criminal trespassing by accessing that page, since I never got >> express permission by its owner. > > Not my logic. Just a fact of law. Not where I live. And AFAICS not in most other places. > Your logic is not going to be a defense if you access a power > substation or water damn/lock control system. *sigh* Did you ever ask yourself why that kind of system should have any connection to the Internet in the first place? Doesn't the term "due diligence" mean anything to anyone except me anymore? In my book, not the person accessing that kind of system ought to be prosecuted, but those who failed to properly secure it. Tar and feathers come to mind. Like I said above: I resent the idea that people have the right to remain ignorant. cu 59cobalt -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
From: Bit Twister on 21 Jan 2010 10:39 On 21 Jan 2010 15:08:25 GMT, Ansgar -59cobalt- Wiechers wrote: > Bit Twister <BitTwister(a)mouse-potato.com> wrote: >> Your logic is not going to be a defense if you access a power >> substation or water damn/lock control system. > > *sigh* > > Did you ever ask yourself why that kind of system should have any > connection to the Internet in the first place? Profit. Only need the idiot setting in a control room controlling remote devices. That dedicated phone line and equipment on both end cost too much. :) > Doesn't the term "due > diligence" mean anything to anyone except me anymore? In my book, not > the person accessing that kind of system ought to be prosecuted, but > those who failed to properly secure it. Tar and feathers come to mind. > > Like I said above: I resent the idea that people have the right to > remain ignorant. I hear where you are coming from. Should everyone have to be able to put their car together from scratch to be licensed to drive. What about the best damn malware magnet OS being allowed for sale. Cars makers can be sued for bad design. I think Micro$loth should be made to supply best of breed anti-(virus,ad,spyware,rootkit,..) and database subscriptions for as long as user runs M$ OS. :-D Of course 55,000 new malware releases a day does keep the user a fair distance behind the curve. Using your rule, there would be no way to prosecute the botnet master causing a denial of service. Defense lawyer: Your honor, not my client's problem because the victim did not buy enough internet capacity/bandwidth and have enough horsepower to sustain the load. Also should have had software to block my client's net's ip addresses. No law broken here.
From: Ansgar -59cobalt- Wiechers on 21 Jan 2010 12:33 Bit Twister <BitTwister(a)mouse-potato.com> wrote: > On 21 Jan 2010 15:08:25 GMT, Ansgar -59cobalt- Wiechers wrote: >> Doesn't the term "due diligence" mean anything to anyone except me >> anymore? In my book, not the person accessing that kind of system >> ought to be prosecuted, but those who failed to properly secure it. >> Tar and feathers come to mind. >> >> Like I said above: I resent the idea that people have the right to >> remain ignorant. > > I hear where you are coming from. Should everyone have to be able to > put their car together from scratch to be licensed to drive. No. But everyone who *does* should be held responsible if they screw up. And everyone who doesn't want that should leave their car to a garage. Who should be held responsible if *they* screw up. > What about the best damn malware magnet OS being allowed for sale. What about it? Even Windows can be run in a way that doesn't promote malware distribution. > Cars makers can be sued for bad design. I think Micro$loth should be > made to supply best of breed anti-(virus,ad,spyware,rootkit,..) and > database subscriptions for as long as user runs M$ OS. :-D Microsoft should be held responsible for the really bad default configuration they ship, yes. Everyone else should be held responsible for not changing those (well known) bad defaults, though. I've been running Windows (as well as other systems) for more than a decade now, and I can count the number of infections on one hand. Not to mention that a significant number of infections (I'd even go as far as saying most of them) could have been avoided by very simple means, like timely application of security patches, using a limited user account for day-to-day work, or disabling auto-play. There really is no technical reason at all why a computer running Windows 2000, XP or newer must be more vulnerable than a computer running Linux or Mac OS X. [...] > Using your rule, there would be no way to prosecute the botnet master > causing a denial of service. That's simply not true (well, not where I live at least). The principal of a crime can always be held responsible in just the same way as the one actually committing the crime. However, there *is* something like gross negligence in virtually any other area. Why are IT systems (and particularly the vendor of an all-too-well-known operating system) treated so much differently? cu 59cobalt -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
From: Skywise on 21 Jan 2010 23:13 Ansgar -59cobalt- Wiechers <usenet-2010(a)planetcobalt.net> wrote in news:7rrhg3Fi9tU1(a)mid.individual.net: > I've been running Windows (as well as other systems) for more than a > decade now, and I can count the number of infections on one hand. I can do better. ZERO infections. Running windows since 3.1. Practice safe hex. Brian -- http://www.skywise711.com - Lasers, Seismology, Astronomy, Skepticism Seismic FAQ: http://www.skywise711.com/SeismicFAQ/SeismicFAQ.html Quake "predictions": http://www.skywise711.com/quakes/EQDB/index.html Sed quis custodiet ipsos Custodes?
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: Iptables rules Access by MAC and redirect Next: Netscreen 5gt |