RE: RE: cybercop sting

[David.S.Endler () usa xerox com (Endler, David S)]

        >needs some work to become a fully mature product. The developers at
NAI are
        >hot on the trail of these improvements. If you must have a real
        >vulnerability, build a sacrificial lamb box and give it no rights-
just
        >disinformation files. Imagine the fun of giving your corporate
competition
        >some really wacky financial data- say a plan to do a hostile
takeover of
        >company XYZ- XYZ just happens to be the intruder. Use your
imagination.

        The sacfrifical lamb suggestion is a great idea generally, but be
careful about the legal pitfalls of "disinformation." Leading an attacker to
commit a crime by providing an open door (aka no warning banners, weak
passwords, etc.) is commonly called entrapment and can be counterproductive.
You can get in a lot of serious trouble with your own organization as well
by spreading false data which could result in nasty rumors about earnings
which could affect stock prices negatively, etc.  Even with the best of
intentions, you can still land in a lot of trouble for acting without
permission (see Intel vs. Randal Schwartz).

        Make sure you consult with your local legal counsel and superiors
before trying to reenact "The Cukoo's Egg."  I'm curious if anyone has had
experience in the legal questions involved with deploying a honey pot?

                                -Dave