On Sat, 23 Mar 2002, leon wrote: > There is a thread going on, on the sf-basics list about logon banners and > legalities. The general consecutions seems to be one of two groups of > thought; 1) If you put welcome in your logon on banner this could make > you legally responsible if you are attacked (meaning the attacker can say, > "well it said welcome".) 2) This is an urban legend and not really true. > > My question is can anyone provide links showing that there have been court > cases decided upon this? I found a reference in one of my cisco design > books but it does not provide links or any other cross-reference. You don't make it clear which country's court cases you're interested in, but <http://www.attrition.org/security/advisory/auscert/AA-93.03.Suggested.Login.Banner> references a case in New Zealand. <http://www.fcw.com/fcw/articles/2000/0814/cov-law-08-14-00.asp> offers similar information about US court cases which have hinged on banner statements (though the issues involved in those cases were monitoring of users vs. prohibitions against unreasonable search and seizure, not welcoming / not welcoming external crackers). CERT Advisory 92:19 (I think -- my handwriting's a little blurred ;-) covers much the same ground (again, US law about banner statements vs unreasonable search and seizure). The latter are actually more relevant than warnings to outside crackers, since most security breaches are internal.... At any rate, if you want specific court cases, you'll probably want to take this over to LACC (laccat_private), where the people who actually know that sort of thing hang out. It's primarily US-centric (even though it's hosted in Australia), so hopefully that's what you're after.... See <http://www.cultural.com/web/security/mailing.lists/lacc.html> for all the gory details. I'm not sure if it's still active -- I've not read it in a few years. later, chris ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Mar 23 2002 - 19:38:02 PST