Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US
From: "Eliah Kagan" <degeneracypressure () gmail com>
Date: Tue, 30 Sep 2008 16:30:09 -0400

Here's a question, relating to the PUBLIC DOMAIN issue. I don't know
the answer, but it seems relevant.

When a http indexing bot (like those used by Google, for instance)
comes upon a hyperlink into a page that is http authenticated, does it
follow the link and try a blank password, or does it not follow the
link? Is there some accepted standard for that?

If it is considered acceptable to assume that access is permitted to
any system that doesn't have passwords set but present http
authentication, it would be hard to argue that other forms of
authentication are different. Of course, having gained access, making
deliberate modifications, however slight, would be illegal.

Here's another question...suppose someone finds that a Pentagon system
is open to access and modification by anyone in the world, and then
that person informs the appropriate governmental authorities rather
than accessing the system. In response to that information, wouldn't
the system administrators then **also have to investigate and then,
regardless of the outcome, flatten and rebuild the system**?

The argument that it is the system administrators who caused the
*expense* to be incurred, and not McKinnon, seems to have some weight
to it.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]