[ale] kimset

Mike Panetta ahuitzot at mindspring.com
Thu Feb 13 11:16:28 EST 2003


First let me appologise about the horrible formatting of this message, as Mindsprings webmail client is horrible at replies.

I understand your point, but since I am not very good at explaining what I mean in this sort of venue (text, instead of spoken word), I will try to explain my position in more detail. 

I am of the opinion that laws like the DMCA (Digital Melinnium Copyrights Act, for the person that asked) are just lawyer fodder.  They allow companies and individuals to shirk responsibility for their own security and protection, and place it in the hands of lawyers.  It also helps "muddy" the definition of ownership.  Now in this case I think ownership is pretty clear, as its the other persons system that is being hacked, its clearly not anyone elses, including the attackers.  But its still the responsibility of the owner to secure that system.  You personally should be worried about such a law because it can relieve you of your job (if all you have to do is sue someone for millions of $$$ after they may have caused you thousands in damage, why do you need a security expert? Its profitable to just let the hole stay there.)  I personally am worried about the law because it disallows me to "hack" into things (in this case my TiVo or DVD player) that I OWN, because I would be circumventing an access control in a piece of software or hardware that has been "licensed" to me.  I think the problem is the law is black and white, there really is no (or should not be) any grey.  If someone circumvents an access control to access someones network, its illegal by the DMCA, if I circumvent the DVD "copy" protection, or circumvent the region controls on my DVD player so that I can play a DVD that I OWN, its also illegal by the same law.  You can't wine about it on one hand and praise it on the other.  That fact alone proves to me that its lawyer fodder, and it should be removed from existance and people should be forced to take responseability for their own stuff.

I think I have said enough for now, hopefully I have not been too flaming, my intent was not to flame, but point out the two sidedness of how we handle a situation like this.

Mike
-------Original Message-------
From: Jonathan Rickman <jonathan at xcorps.net>
To: ale at ale.org
Sent: 02/12/03 11:30 PM
To: ale at ale.org
Subject: Re: [ale] kimset

> 
> On 12 Feb 2003, Mike Panetta wrote:> On Tue, 2003-02-11 at 19:13, Jonathan Rickman wrote:>> > You're on shaky ground, and in my not so humble opinion, deservewhatever> > you get. Detecting networks is one thing, perfectly acceptable.Accessing> > them when they're wide open and inviting you in is a grey area.Blatantly> > circumventing access controls, however weak and useless, is a> > crime...period.>> So you agree with the DMCA then?  This is a DMCA issue, it says> circumvention (for any reason) is illegal.  I know this is sort of off> topic, but the statement you made has DMCA written all over it.  This is> exactly why the DMCA was written, to allow people to have weak security> and make it possible for them to keep weak security by persecuting> anyone that tries to break it (for any reason).  I believe what he did> is acceptable, assuming he did not do it for any malicious reason.> Please do not add any fuel to the DMCA fire by making statements like> this.I expected this to come up, but refrained from clarifying for the sake ofletting the issue drop. Allow me to clarify. Blatently circumventingaccess controls designed to keep you out of someone else's stuff is acrime. I dont know how much more clear I can be about it. Are yousuggesting that I should be allowed to crack your systems as long as myintentions are good? What if I inadvertantly damage one of your missioncritical systems? Is that ok, because I was just "seeking knowledge"?Those days are over guys. Back in the day (long before I hit the scene)that may have been ok. We live in a different world now. Deal with it.--Jonathan RickmanX Corps Securityhttp://www.xcorps.net_______________________________________________Ale mailing listAle at ale.orghttp://www.ale.org/mailman/listinfo/ale
>
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list