RE: CRIME EarthLink Password Security Story

From: Zot O'Connor (zot@private)
Date: Sun Jun 23 2002 - 03:20:25 PDT

  • Next message: Zot O'Connor: "RE: CRIME Study: Open, closed source equally secure"

    On Fri, 2002-06-21 at 12:35, SCRIMSHER,JOHN (HP-Corvallis,ex1) wrote:
    > This raises an interesting legality question.  If a server is publicly
    > available for use as, for instance, a web server.  Can we assume then that
    > all sites / pages on that server that are publicly available without use of
    > an authentication mechanism imply authorization to access said system via
    > the channel offered for access, in this instance port 80.
    > 
    > If the authorization to access the system via port 80 to a publicly
    > available document is implied through its availability, then would you be
    > truly acting illegally to utilize vulnerabilities such as directory
    > traversal to access more data, including the execution of programs on the
    > system?  My point is that some vulnerabilities require no special hacking
    > skills, merely the ability to walk through the open door.  
    > 
    
    Come on.  Be real.  Does access to the mall entrance allow access to
    locked doors?
    
    No.
    
    Even if the locks suck.
    
    
    > Alteration and or destruction of data would be illegal, I believe, no matter
    > the method of access.  But merely walking in the door that is open to the
    > public.... Would that also be illegal?
    > 
    > John
    > 
    > > -----Original Message-----
    > > From: Tom Tintera [mailto:Tom_Tintera@private] 
    > > 
    > > Randal did use one of the passwords to copy a larger password 
    > > file and also installed a back door through Intel's firewall. 
    > > However, ORS 164.377 states that:4) Any person who knowingly 
    > > and without authorization uses, accesses or attempts to 
    > > access any computer, computer system, computer network, or 
    > > any computer software, program, documentation or data 
    > > contained in such computer, computer system or computer 
    > > network, commits computer crime. Class A misdemeanor. 
    > > 
    > > Caution is advised if there is no authorization.
    > 
    -- 
    Zot O'Connor
    
    http://www.ZotConsulting.com
    http://www.WhiteKnightHackers.com
    



    This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 04:35:07 PDT