Re: Recent Attacks

• Previous message: Staggs, Michael: "RE: Recent Attacks"
• Maybe in reply to: hndat_private: "Recent Attacks"
• Next in thread: Don Kendrick: "Re: Recent Attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 18 Feb 2000, David LeBlanc wrote:
> It is all a matter of usage.  If I use a hammer to build a building, I get
> paid.  If I use it to smash windshields, I get thrown in jail.  There isn't
> any law against checking security of your own systems.  There is a law
> against breaking into other people's systems.  At least ISS made a good
> faith effort to keep the Scanner's licensing such that it at least slowed
> the crackers down for a while before they could use it.  That's more than I
> can say for several other auditing tool vendors.

Then you think Mixter doesn't deserve punishment, or he does and ISS
doesn't because IS is a "good" tool?  A few other folks say Mixter
deserves ...well, something.. they're not specific.  We don't even know
for sure his stuff was used.  We also don't know the attacker didn't use
IS to break into the zombie systems.  I've used IS to break into other
people's systems.  It works real well.

> 
> This really has nothing to do that I can see with the current discussion.

If you advocate harsh penalties for malicious "hackers", and then you
happen to get classified as one due to some idiotic legal wording, where
does that leave you?  My example is an attempt to personalize the
situation for the readers of this list.

> 
> >How about releasing the "firewall" toolkit full of holes?  
> 
> I have no idea what you're talking about.  fwtk?  ISS' 'firewall scanner'
> stuff?

That's a poke at marcus.

> 
> >$100M
> >each?
> 
> I hope you're joking.  If so, you should have put <g> liberally.
> 

It should be obvious that I wouldn't seriously advocate an action against
people who release tools of any sort, buggy or otherwise.  

However, say it was discovered that the attackers were using ISS's
Internet Scanner.  Let's say the feds get away with nailing him with 1.2B
or more in damages.  Wouldn't that leave a nice path open for suits
against Mixter and ISS?  Wouldn't 10% of the damages (or a little less) be
a reasonable amount to nail them with?  Especially ISS who actually has
the money?

Be careful about advocating huge amounts of damages, especially if you
work in the security industry.  There are a lot of scary laws up for vote
right now, and not a lot of sympathy for anyone who wants to use the title
"hacker" for anything.

					Ryan

• Next message: Don Kendrick: "Re: Recent Attacks"
• Previous message: Staggs, Michael: "RE: Recent Attacks"
• Maybe in reply to: hndat_private: "Recent Attacks"
• Next in thread: Don Kendrick: "Re: Recent Attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:11 PDT