On Thu, 5 Aug 1999, John Horn wrote: > > Hmmm, interesting. Nevertheless, such activity contravenes various federal > statutes and/or possibly state statutes at either the point of origination > and/or the destination (or both). I would suggest that anyone interested > in accepting this offer consider the relevant legal issues before actually > making a compromise attempt on the site. It should be noted that Microsoft > does not have the authority to waive prosecution under at least one (or > possibly more) federal statutes. It is quite possible to be prosecuted > completely without Microsoft's consent. Good point. As with any security test that's open to the public, one should always consider the legal implications. However, I would think that based upon the fact that MS openly states that you may attempt a security breach of their site, most municipalities would have no grounds by which to pursue the matter. I don't know about other states, but in Florida, the law deals mainly with *unauthorized* activity, which is obviously not the case if they invite you to compromise their system. Further more, there have been many other public security tests, many which offer a bounty if you can compromise the system in question, most notably for ISV firewall packages. And what about security professionals who get paid to attempt to compromise systems? Undoubtedly they consider the legal implications before accepting those tasks. Perhaps someone else on the list, who is familiar with state law as a whole, can shed more light. regards, Ray Barnes Tical Network Solutions, Inc.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:17 PDT