Security Incidents mailing list archives
Re: Korea (was RE: ?)
From: Paul.Kincaid () BLACKBAUD COM (Paul Kincaid)
Date: Tue, 1 Feb 2000 10:02:22 -0500
One thing that has not been pointed out is that this computer is in Korea. Everyone is talking about what would happen with an American Judicial twist to it. Other countries have VERY differnet laws. What might be a perfect, air-tight sense of protecting property might be something very different in Korea. The arguement is good if it were an American computer that you were trying to help out and patch a hole, but if its somewhere else - they might have an implied Terms of Service agreement. All I would say is be careful where you go and what you do. My opinion is as soon as you discover that you might possibly have found a root shell on a system, immediately report it to the SysAdmin or Technical Contact. I personally would be very offended and quite upset if someone came along and "patched" my server to make it more secure - it might very well have been a honeypot I installed to catch someone who was attempting to do something to me and now someone else comes along, good samaritan or not, but changes my server. Just a thought Paul. -----Original Message----- From: David Brumley [mailto:dbrumley () RTFM STANFORD EDU] Sent: Friday, January 28, 2000 4:18 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Korea (was RE: ?) In my opinion, it's all about intent. If you expect and or try to gain unauthorized access, it's bad (the whole discussion on whether or not you had to see the ToS has been done...conclusion: we need a court case that goes to trial to decide). -me On Fri, 28 Jan 2000, JJ Gray wrote:
Hi folks,
Hmmm, might possibly be an ethical question but it's not really a
legal
one - if you are dropped straight to a prompt with no terms and conditions of use, statements of authorised users only and the like then the chances
of
legal action would be almost non-existant IMHO. I don't see how
connecting
to an internet visible computer & port is illegal in itself and the
comment
on condoning cracking is a little harsh don't you think ? Extrapolating that argument would result in connecting to a web server on port 80 being regarded as cracking ???? Where do you draw the line ? I regularly see in my firewall logs that various mailservers, DNS servers and the like are pinging me - is this scanning ? Is this legal ? *shrug* I decide what I consider benign or aggressive behaviour on percieved
intent,
not specific action. Just my two penneth ;-) Regards, JJ Sed quis custodiet ipsos custodes ? ----- Original Message ----- From: Brooke, O'Neil <o'neil.brooke () LMCO COM> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Thursday, January 27, 2000 11:40 PM Subject: Re: Korea (was RE: ?)Well, while you're there, why don't you poke around and see if you canfindout who ownz that box? Could be useful to know that... RGF Robert G. Ferrell Internet Technologist National Business Center, US DoI Robert_G_Ferrell () nbc govThis is not a very ethical statement. Especially when you consider the email address you have used to send this message. Does the National Business Center condone 'cracking', when it is useful?
-- #+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+# David Brumley - Stanford Computer Security - dbrumley () Stanford EDU Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley Fax: +1-650-725-9121 PGP: finger dbrumley-pgp () sunset Stanford EDU #+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+# c:\winnt> secure_nt.exe Securing NT. Insert Linux boot disk to continue...... "I have opinions, my employer does not."
Current thread:
- Re: Korea (was RE: ?) Russell Fulton (Jan 31)
- <Possible follow-ups>
- Re: Korea (was RE: ?) Jon Lewis (Jan 31)
- Re: Korea (was RE: ?) Joe User (Feb 01)
- R: Re: Korea (was RE: ?) Raistlin (Feb 03)
- Re: R: Re: Korea (was RE: ?) CyberPsychotic (Feb 05)
- Re: Korea (was RE: ?) Paul Kincaid (Feb 01)
- Re: Korea (was RE: ?) Douglas Cho (Feb 08)
