Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: If Lycos can attack spammer sites, can we all start doing it?
From: n3td3v <xploitable () gmail com>
Date: Thu, 2 Dec 2004 03:47:06 +0000

On Wed, 01 Dec 2004 22:22:30 -0500, KrispyKringle
<krispykringle () gmail com> wrote:
Not being a lawyer, I still think you've missed the point.

The defense Lycos is using is NOT that these are spammers sites, so this
is somehow legal--it would not be. Vigilantiism is never legal; you
would never be able to defend something that would otherwise be criminal
as legal simply because it is being done against a criminal. The defense
they are using is that it is a fundamental principle of the Internet
that one can visit a Web server, and that to visit the server many
times--even at risk of denying service--is not illegal.

The Computer Fraud and Abuse Act
(http://www.usdoj.gov/criminal/cybercrime/1030_new.html) forbids one to,
among other things, ``knowingly cause the transmission of a program,
information, code, or command, and as a result of such conduct,
intentionally cause damage without authorization, to a protected
computer,'' which pretty much covers viruses and other malware. This
would appear to apply to the Lycos software as well, given that it
``causes damage without authorization to a protected computer.'' So that
is the key point, one that has not, to my knowledge, been tested in court.

I'm actually unable to find anything more specific regarding DoS attacks
in the Computer Fraud and Abuse Act, but I don't know much more about
what laws govern these actions. The CFAA seems to be focussed on
unauthorized access, not denial of service.

Of course, there's also the civil common law issues, specifically
whether it is negligent of Lycos to distribute such a program.


Hey, thanks for the insight. I can't see Lycos introducing the
screensaver without talking with legal teams first, so surely we can
presume everything is legal and above board?! Otherwise, why would
Lycos want to put themselves in a legal tangle? Unless they weighed up
the legal costs against the profit they would make from the PR stunt,
from which all I can see, is all this whole thing appears to be.

An investment to break the law -maybe- vs making lots of money and get
lots of public attention for new e-mail signups. From which many will
signup to the premium mail services.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]