On Fri, 2002-06-21 at 12:35, SCRIMSHER,JOHN (HP-Corvallis,ex1) wrote: > This raises an interesting legality question. If a server is publicly > available for use as, for instance, a web server. Can we assume then that > all sites / pages on that server that are publicly available without use of > an authentication mechanism imply authorization to access said system via > the channel offered for access, in this instance port 80. > > If the authorization to access the system via port 80 to a publicly > available document is implied through its availability, then would you be > truly acting illegally to utilize vulnerabilities such as directory > traversal to access more data, including the execution of programs on the > system? My point is that some vulnerabilities require no special hacking > skills, merely the ability to walk through the open door. > Come on. Be real. Does access to the mall entrance allow access to locked doors? No. Even if the locks suck. > Alteration and or destruction of data would be illegal, I believe, no matter > the method of access. But merely walking in the door that is open to the > public.... Would that also be illegal? > > John > > > -----Original Message----- > > From: Tom Tintera [mailto:Tom_Tintera@private] > > > > Randal did use one of the passwords to copy a larger password > > file and also installed a back door through Intel's firewall. > > However, ORS 164.377 states that:4) Any person who knowingly > > and without authorization uses, accesses or attempts to > > access any computer, computer system, computer network, or > > any computer software, program, documentation or data > > contained in such computer, computer system or computer > > network, commits computer crime. Class A misdemeanor. > > > > Caution is advised if there is no authorization. > -- Zot O'Connor http://www.ZotConsulting.com http://www.WhiteKnightHackers.com
This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 04:35:07 PDT