Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: Re: Draft Convention on Cybercrime

Re: Draft Convention on Cybercrime

From: Simple Nomad <thegnome_at_nmrc.org>
Date: Sun, 4 Jun 2000 22:49:52 -0500 (CDT)

On Sat, 3 Jun 2000, Matt Marnell wrote:
> for all you who still don't see how nmap is banned in this treaty (and I
> don't blame you...it took a second look for me to catch it too), here is
> how it applies:
>
> When you scan a system, you are accessing that system (whether you have
> permission or not). Now, nmap scans computer systems.

Define access. Under current law within the U.S., the traditional "de
facto standard" access that is considered illegal involves direct
interaction and access to the data contained within that computer. This is
why the FBI has stated scanning is not illegal, and they cannot and will
not even try to prosecute someone solely based upon scanning (this is
straight from the horse's mouth, from the FBI's Dallas computer crime guys
who worked the Global Hell and Phonemaster cases, told to me personally).

Now this does not mean they aren't interested in who is scanning, and
would love for people who are scanned to share logs with them, as it is
fairly common that a person who scans a lot against systems she/he does
not directly control will often try to "directly control" them shortly
afterward.

It is very possible that the legislation used to enact our participation
in this treaty will be considered to "already exist", and since the Feds
won't usually touch a case unless there is at least $10k of damage (with a
few minor exceptions, but certainly scanning is not an exception, once
again from the horse's mouth) it is a moot point.

As a researcher I do not think twice about scanning a site, although I
often will follow up with an email explaining what I was doing if it is
more than a quick one-target scan. I will continue to do it until scanning
itself has been specifically labeled as illegal, which I seriously doubt
will happen anytime soon. If so, it will be like speeding -- most people
will get away with it because they will not get caught.

- Simple Nomad - No rest for the Wicca'd -
- thegnome_at_nmrc.org - www.nmrc.org -
- thegnome_at_razor.bindview.com - razor.bindview.com -
Received on Jun 04 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos