Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US
From: "Eliah Kagan" <degeneracypressure () gmail com>
Date: Tue, 30 Sep 2008 17:03:07 -0400

Michael Krymson wrote:
Wow, this whole discussion with a troll has gone on far longer than it ever
should have.

So basically what you're saying is that we should all shut up and not
talk about an actual issue, and that trolls should be trolls and stay
away from discussion of actual issues?

Oh, I'm sorry, was that a straw man characterization? Were you saying
something subtly different? A lot of that going around.

n3td3v thinks that a server with passwords not set is fundamentally
different from an unlocked door. ("Can we get over houses, and cars,
this is the internet, the systems were PUBLIC DOMAIN.") I'd like to
see him defend that position.

But just in case you can't bring yourself to *believe* that it's a
defensible position, here's some food for thought:

SYN = May I come in.
SYN ACK = Sure.
ACK = OK, I'm coming in, in accordance with your wishes.

FIN (when server to client) = Time for you to leave.
FIN ACK (when client to server) = OK, I'm leaving.

RST (when server to client) = If you're in here then GTFO!

Once the three-way handshake is complete, the client is in the
server's house, and may go into any room (this is application-layer
now) not forbidden by a security mechanism or law of the land. One
would be hard pressed to argue that an authentication system without a
password set is a security mechanism.

Going through an open door into the bedroom may be impolite, and it
may incite bad feeling in the house's owner. But one would be
hard-pressed to say it would be illegal.

Is that a totally wrong analogy? Maybe. If it is, are we be sure it is

Again though, once you start leaving notes under the pillow in the
bedroom or opening a window to get in later, you've said GTFO to the
legal defensibility of your actions.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]