FW: CRIME EarthLink Password Security Story

From: George Heuston (GeorgeH@private)
Date: Mon Jun 24 2002 - 11:28:14 PDT

  • Next message: SCRIMSHER,JOHN (HP-Corvallis,ex1): "RE: CRIME EarthLink Password Security Story"

     
    -----Original Message-----
    From: Justin Kurynny [mailto:justink@private] 
    Sent: Monday, June 24, 2002 11:09 AM
    To: George Heuston
    Subject: RE: CRIME EarthLink Password Security Story
    
    
    
    thanks George. did your reply go to the list? my headers show it only came
    to me. i thought your reply was very informative.
    
    thanks again. 
    justin 
    
    * 
    
    -----Original Message----- 
    From: George Heuston [ mailto:GeorgeH@private
    <mailto:GeorgeH@private> ] 
    Sent: Monday, June 24, 2002 10´30 
    To: 'Justin Kurynny' 
    Subject: RE: CRIME EarthLink Password Security Story 
    
    
    
    These observations illustrate why E-banners on systems become very important
    regarding the issues you bring up.  They define/remind  the users (even
    
    trespassers) of level of acceptable use, and the resident degree of privacy
    on the System.  
      
    As for reading/stealing:  If you are reading information from an area you're
    not authorized to be in, this is, at very least, a trespass (unauthorized
    access). That is a criminal offense.  If the 'hostile' remotely stores that
    info in any way (ie, temp files, etc) the information has been stolen
    
    (transferred) from the rightful owner to the hostile.  That's a criminal
    offense, whether the theory is plain theft, or computer crime, as variously
    set forth in common law, and state and federal statutes. 
    
    
    Geo 
      
      
    
    -----Original Message----- 
    From: Justin Kurynny [ mailto:justink@private <mailto:justink@private>
    ] 
    Sent: Monday, June 24, 2002 9:51 AM 
    To: 'crime@private' 
    Subject: RE: CRIME EarthLink Password Security Story 
    
    
    
    what exactly is the definition of "breaking and entering" in legal terms? 
    
    if one does not break anything to gain access, yet does not enter but only
    looks around and gains knowledge of contents as you mentioned, John, are
    they acting illegally?
    
    the interesting thing about cyberspace is that it appears as though it's a
    lot harder to distinguish the act of reading information from the act of
    accessing (entering) as system to read it. i.e., one action is integrally a
    part of the other.
    
    furthermore, is the act of reading information the same thing as stealing
    information? without proper posted warning, how can someone know that the
    information they are about to learn will be illegal for them to possess?
    (yikes. there's something of a shade of 'minority report' in there
    
    somewhere.) 
    
    justin 
    
    * 
    
    -----Original Message----- 
    From: SCRIMSHER,JOHN (HP-Corvallis,ex1) [ mailto:john_scrimsher@private
    <mailto:john_scrimsher@private>  < mailto:john_scrimsher@private
    <mailto:john_scrimsher@private> > ] 
    Sent: Friday, June 21, 2002 15´27 
    To: 'Jordan Gackowski'; 'CRIME' 
    Subject: RE: CRIME EarthLink Password Security Story 
    
    
    > -----Original Message----- 
    > From: Jordan Gackowski [ mailto:jgackowski@private
    <mailto:jgackowski@private>  
    < mailto:jgackowski@private <mailto:jgackowski@private> > ] 
    > Using a method to access data that you normally wouldn't be 
    > able to access (such at the dir x-versal you mention) would 
    > (should) still be illegal. Like taking the money out of a 
    > cash register and using the excuse that it had a crappy lock 
    > so it was OK to get in there. 
    > 
    
    Actually, a more appropriate analogy would be if a person were to enter a 
    store and notice a door at the back with no signs on it and unlocked.. Being
    
    
    curious, they open the door to look in to find whatever is there... Could be
    
    
    a bathroom, storage closet, or vault... The person doesn't know until they 
    look into it.  If they then walk back out, without taking and/or vandalizing
    
    
    anything that they found, other than the knowledge of what they saw, are 
    they acting illegally? 
    
    Your analogy of stealing the cash from an improperly secured register goes 
    back to one of my main statements that theft or destruction is/should be 
    illegal regardless of access methodology. 
    
    John 
    



    This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 12:36:13 PDT