> In case you have been living under a rock the past few weeks. You should > know that our civil liberties are under attack. Kevin Poulsen wrote: > "Hackers, virus-writers and web site defacers would face life imprisonment > without the possibility of parole under legislation proposed by the Bush > Administration that would classify most computer crimes as acts of > terrorism." > Perhaps you think this could not happen to you. Well I would suggest you > read the story on Jerome Heckenkamp ( http://www.freesk8.org/ ). I > contributor to BugTraq who wrote a exploit for qpop who is now facing 16 > counts of computer crimes, a maximum sentence of 85 years, and up to $4 > million in fines. After Qualcomm reported him to the FBI. This case is harsh > now, just imagine if this happen under the 'Anti-Terrorism' bill. This could > happen to you. This may or may not be the valid place to discuss this, but I think this raises an interesting point. Look at these two excerpts... What is 'hacking'? What is not? More importantly... what does this mean about full disclosure? For instance, eEye released exploit code when they discovered the .IDA buffer overflow that the Code Red worm and its kin used to compromise a good number of Windows machines. Many have criticized eEye for this, saying that their exploit code led to the development of the worms. Would this new law make the release of exploits illegal since one (most likely someone not familiar with our work) could say that releasing the exploit is like arming a terrorist? To take things to an extreme, could this make vulnerability scanners quasi-legal... or illegal? After all, a "computer terrorist" could use such a thing... even nmap... to determine if a machine is vulnerable. To 'case out the target', so to speak. If this does become the case... wouldn't that make security professionals, such as ourselves, guilty under this same law that is supposed to catch those we oppose? This new movement in Washington, DC, troubles me deeply, as it should all of us. I believe we should all oppose this as well... Some script kiddie who runs a DoS against my machine is annoying (extremely annoying at times), but he's not a 'terrorist'. Why should he be considered as such? And, more importantly, we should oppose this lest, by our inaction, we become ensnared in it. (You may think I'm predicting an excessive amount of doom and gloom and that this will never come to pass. I hope you're right.) -- Chris Ess System Administrator / CDTT (Certified Duct Tape Technician)
This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 10:56:19 PDT