s. keeling <keeling@nucleus.com>: > Randy Yates <yates@ieee.org>: > > I sure hope things have changed in the last four years: > > > > http://www.securityfocus.com/news/4004 > > > > Is this still illegal? What a load of crap. > > You log onto my client's computers and you're warned with a banner I wrote that before reading the whole article. Most of my complaints are mentioned there, but I still don't think that article's anything to worry about. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Unruh <unruh-spam@physics.ubc.ca>: > "s. keeling" <keeling@nucleus.com> writes: > >Randy Yates <yates@ieee.org>: > >> I sure hope things have changed in the last four years: > >> > >> http://www.securityfocus.com/news/4004 > >> > >> Is this still illegal? What a load of crap. > > >you're not authorized to do so, you're trespassing and are yourself > >guilty of theft of communications. > > It is NOT trespassing and it is NOT theft of communications, since > they are not a real property that could be stolen. Of course it is. Everything involved cost somebody or something money to get it there. You use it without their say so, and it's theft. They have reasons for putting it there, and you're not part of that plan. You're interfering with its use. Ignoring the cost of the infrastructure behind those electrons passed back and forth just displays ignorance. Big-iron corporate computing has to worry about this stuff because laws tell them they have to safeguard personal information. If just any script kiddie's allowed to wander around on the box at will, that's negligence on the part of its owner. Things like Payment Card Industry or Sarbanes-Oxley non-compliance have real consequences; expensive ones. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Randy Yates <yates@ieee.org>: > PedroArthur_JEdi <pedro.forum@gmail.com> writes: > > On Dec 4, 8:54 pm, Randy Yates <ya...@ieee.org> wrote: > >> Is this still illegal? What a load of crap. > > > > Hi I am a system administrator and I have a honeynet deployment. But I > > live at Brazil, so I can't answer your question but at > > http://www.honeynet.org/book/Chp8.pdf you may find a text about it > > written by a guy from the department of justice of your country. You > > may also search for ``Honeypots: Tracking Hackers''. It is also a book > > Looks like a wonderful text on the subject. > > I'm sorry if I gave the impression I'm in this deeply - I'm not. This I didn't get that impression. > idea of defending the criminal makes me angry. Ditto, and I'm not into this deeply myself. I just think if the law goes the cracker's way, the law's wrong. Getting away with cracking other's boxes because you couldn't see the login banner, which every legitimate user would see, is just plain wrong. It *has* to be legal to secure access to your systems, else they're not really yours. Surveilling/logging *what's hitting on your network* has to be part of that. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

"s. keeling" <keeling@nucleus.com> writes: >Unruh <unruh-spam@physics.ubc.ca>: >> "s. keeling" <keeling@nucleus.com> writes: >> >Randy Yates <yates@ieee.org>: >> >> I sure hope things have changed in the last four years: >> >> >> >> http://www.securityfocus.com/news/4004 >> >> >> >> Is this still illegal? What a load of crap. >> >> >you're not authorized to do so, you're trespassing and are yourself >> >guilty of theft of communications. >> >> It is NOT trespassing and it is NOT theft of communications, since >> they are not a real property that could be stolen. >Of course it is. Everything involved cost somebody or something money Of course it is not. So what if "everything involves costs". The law does NOT say "theft is anything involving costs". >to get it there. You use it without their say so, and it's theft. No it is not. Learn a bit of law. >They have reasons for putting it there, and you're not part of that >plan. You're interfering with its use. Ignoring the cost of the >infrastructure behind those electrons passed back and forth just >displays ignorance. ??? What has any of this to do with theft. If I open a coffee shop and Starbucks opens one across the street and I loose my business, it involved costs. i It involves plans that they were not a part of. But it is NOT theft. It is just business, and a perfectly legal action on Starbucks part. >Big-iron corporate computing has to worry about this stuff because >laws tell them they have to safeguard personal information. If just >any script kiddie's allowed to wander around on the box at will, >that's negligence on the part of its owner. Things like Payment Card Yes, it is negligence. >Industry or Sarbanes-Oxley non-compliance have real consequences; >expensive ones. Yes, so they had better protect the stuff. but it is not theft.

"s. keeling" <keeling@nucleus.com> writes: >Randy Yates <yates@ieee.org>: >> PedroArthur_JEdi <pedro.forum@gmail.com> writes: >> > On Dec 4, 8:54 pm, Randy Yates <ya...@ieee.org> wrote: >> >> Is this still illegal? What a load of crap. >> > >> > Hi I am a system administrator and I have a honeynet deployment. But I >> > live at Brazil, so I can't answer your question but at >> > http://www.honeynet.org/book/Chp8.pdf you may find a text about it >> > written by a guy from the department of justice of your country. You >> > may also search for ``Honeypots: Tracking Hackers''. It is also a book >> >> Looks like a wonderful text on the subject. >> >> I'm sorry if I gave the impression I'm in this deeply - I'm not. This >I didn't get that impression. >> idea of defending the criminal makes me angry. >Ditto, and I'm not into this deeply myself. I just think if the law >goes the cracker's way, the law's wrong. Getting away with cracking >other's boxes because you couldn't see the login banner, which every >legitimate user would see, is just plain wrong. It *has* to be legal >to secure access to your systems, else they're not really yours. >Surveilling/logging *what's hitting on your network* has to be part of >that. The question was NOT whether or not it is legal to secure access to your system. The question was whether or not a so called "honeypot" is legal. Whether recording communication between the cracker and others is legal, whether a cracker going into a system whose whole purpose is to allow, indeed encourage, the cracker to go into it makes the cracker's actions illegal. And just because it is legal to secure your system does not mean that anything you do, which you think secures it, is legal.

Randy Yates <yates@ieee.org> writes: >Unruh <unruh-spam@physics.ubc.ca> writes: >> [...] >> It is not the criminal I want to defend, it is myself against people >> who think that they can be lawyer, jury, judge and hangman for things >> that they consider to be crimes. >This is the problem - there are folks like you who attempt to make lines >that are perfectly clear blurry. No it is you who try to make lines so broad that they encompass everything. Why not just have a law stating "Everything is illegal" and then leave it up to the prosecution to decide what to prosecute? Laws should be very specific.

"mr.b" <mist@b.com> writes: >On Thu, 06 Dec 2007 13:31:18 -0500, Douglas O'Neal wrote: >> Make it a bit more specific. You have a picture on your wall. I look at >> your picture without your permission. Have I then stolen your picture? >> If not, what is the difference between using your computer with only >> trivial traces of that use left and using the picture as was intended? >> What exactly has been "stolen" in either case? >this is interesting...I'm thinking...even though we've gotten a bit away >from the legality of honeypots...which I employ...and enjoy...but >accessing a publicly accessible computer is definitively different from >passively observing a picture on a wall, is it not? the law is fairly >clear about unauthorised access -at least here in Canada. Well, yes, the Canadian Law is clear. And it is clear that anyone operating any computer is violating Canadian law. Read the Mischief to Data act which is part of the Canadian Criminal Code. Anyone altering data is guilty of a crime, and there is no excuse for colour of right or any other defences. Since noone can run a computer without altering data, (as I am doing now in typing this onto my compter screen) it is clear that we are all criminals under Canadian law. They seem to have the attitude that everything should be illegal and leaving it up to the courts to only prosecute those who really deserve it. (The unauthorized access law at least has a defense of the colour of right, but the Mischief to Data act has not). And the police and prosecutors have charged people for altering their own data.

Unruh <unruh-spam@physics.ubc.ca>: > "s. keeling" <keeling@nucleus.com> writes: > > >Unruh <unruh-spam@physics.ubc.ca>: > >> "s. keeling" <keeling@nucleus.com> writes: > >> >Randy Yates <yates@ieee.org>: > >> >> I sure hope things have changed in the last four years: > >> >> > >> >> http://www.securityfocus.com/news/4004 > >> >> > >> >> Is this still illegal? What a load of crap. > >> > >> >you're not authorized to do so, you're trespassing and are yourself > >> >guilty of theft of communications. > >> > >> It is NOT trespassing and it is NOT theft of communications, since > >> they are not a real property that could be stolen. > > >Of course it is. Everything involved cost somebody or something money > > Of course it is not. So what if "everything involves costs". The law does > NOT say "theft is anything involving costs". I was not speaking as a lawyer. I couldn't care less what the legal definition of theft is. "dict theft" mentions: ... every part of the property stolen must be removed, however slightly, from its former position Note "However slightly." It's perfectly fair to include cpu cycles and bytes transferred in there. > >to get it there. You use it without their say so, and it's theft. > > No it is not. Learn a bit of law. I've no intention of learning law, thanks. I'll buy it when I need it. As a layman, theft describes this perfectly. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Unruh <unruh-spam@physics.ubc.ca>: > "Dave {Reply Address in.Sig}" <noone$$@llondel.org> writes: > > > >as computers go, there's theft of electricity, because making a computer do > >something potentially causes it to use more power than if it had been left > >idle. > > There is a maxim of law that the law does not concern itself with triffles. Glad to hear it. > equally idiotic to prosecute for that theft of electricity ( which is less > than the electricity used if I walk past your house and cause the IR > detector on your lights to switch on your ourside lights-- should I be > prosecuted for that?) You appear to have a problem here understanding Human Action. If you install an IR detector on your lights and it's set off by a leaf blowing by, who are you going to sue? Why should you sue? You installed the thing. If you wanted it to only go off when your actions set it off, you should have bought a better detector. I am not doing anything wrong by walking down a public sidewalk which your detector is monitoring. You told that detector to waste that electricity, not me. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Daniel James <wastebasket@nospam.aaisp.org>: > > If a would-be cracker visits my honeypot and my honeypot records his > activities while there it is NOT "intercepting" communications, as the > cracker has chosen to send packets to the honeypot and it is the > honeypot that is handling those packets (albeit not in the way the > cracker expected -- but the honeypot has made no representation as to > what will be done with them, and so is entitled to do as I please with > them). > > However, a /firewall/ intercepts packets addressed to another machine > and take actions such as logging them and/or refusing to handle them. > If that's not interception I don't know what is. Are firewalls illegal? "A firewall intercepts packets addressed to another machine ..." Is that other machine yours too? If so, it's routing, not interception. Should smtp relays be made illegal? If it's not your machine, why are you intercepting them? -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

"s. keeling" <keeling@nucleus.com> writes: >Unruh <unruh-spam@physics.ubc.ca>: >> "s. keeling" <keeling@nucleus.com> writes: >> >> >Unruh <unruh-spam@physics.ubc.ca>: >> >> "s. keeling" <keeling@nucleus.com> writes: >> >> >Randy Yates <yates@ieee.org>: >> >> >> I sure hope things have changed in the last four years: >> >> >> >> >> >> http://www.securityfocus.com/news/4004 >> >> >> >> >> >> Is this still illegal? What a load of crap. >> >> >> >> >you're not authorized to do so, you're trespassing and are yourself >> >> >guilty of theft of communications. >> >> >> >> It is NOT trespassing and it is NOT theft of communications, since >> >> they are not a real property that could be stolen. >> >> >Of course it is. Everything involved cost somebody or something money >> >> Of course it is not. So what if "everything involves costs". The law does >> NOT say "theft is anything involving costs". >I was not speaking as a lawyer. I couldn't care less what the legal >definition of theft is. "dict theft" mentions: > ... every part of the property stolen must be removed, > however slightly, from its former position >Note "However slightly." It's perfectly fair to include cpu cycles >and bytes transferred in there. >> >to get it there. You use it without their say so, and it's theft. >> >> No it is not. Learn a bit of law. >I've no intention of learning law, thanks. I'll buy it when I need >it. As a layman, theft describes this perfectly. Glad you feel that all this language stuff is a waste of time-- grunts and gestures are good enough for you.

>reductio ad absurdum here I think, but I'll grant you that what we've been >tossing back and forth really describes Break and Enter or trespass and >not classically "theft" No it is NOT break and enter nor is it trespass. It is not murder or treason either. Nor is it running a red light or speeding. It may be "unauthorized computer access" or "Mischief to data", but it is not spitting on a sidewalk, or installing plumbing without a license.

Walter Mautner <nodeleaf.20.eatallspam@spamgourmet.com> writes: >s. keeling wrote: >> Ditto, and I'm not into this deeply myself. I just think if the law >> goes the cracker's way, the law's wrong. Getting away with cracking >> other's boxes because you couldn't see the login banner, which every >> legitimate user would see, is just plain wrong. It *has* to be legal >Well, there must be some "criminal energy" involved to get in. A honeypot What in the world is "criminal energy"? >should be firewalled or password-protected the same way (but obviously >different ports, different passwords) as the protected box/network. >If it is possible to "break in" without effort, there is no break-in in >fact. >> to secure access to your systems, else they're not really yours. >> Surveilling/logging *what's hitting on your network* has to be part of >> that. >> >Agreed.

Unruh <unruh-spam@physics.ubc.ca>: > "s. keeling" <keeling@nucleus.com> writes: > > > >I've no intention of learning law, thanks. I'll buy it when I need > >it. As a layman, theft describes this perfectly. > > Glad you feel that all this language stuff is a waste of time-- > grunts and gestures are good enough for you. You can completely ignore the distinction between layman and lawyer? How focussed you are; almost tunnel visioned. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Unruh <unruh-spam@physics.ubc.ca>: > "s. keeling" <keeling@nucleus.com> writes: > > >The cracker is not authorised to be there. If he'd bothered to login > >as any legitimate user, he'd be presented with a banner stating his > >actions may be monitored. Ignorance of the law is no excuse, and > >everyone knows what trespassing is. > > Except apparently you, who clearly does not know what it is! I certainly do not (again!) know the legal definition of it. I'm (again!) not a lawyer. Layman != lawyer, thank $deity. Speak English, not legalese! > >That box is not encouraging the cracker to break in. It's just > >passively sitting there waiting. What the cracker makes of that's up > >to him. Honeypots don't initiate attacks on crackers. They're a > >defence against crackers. > > A defence where you have purposely put a computer there for crackers to > crack, which has not other purpose to being put on the net. "No, your honour, that's an unimaged, hot-spare backup machine. We run it as a honeypot to burn it in and test all its functionality. Of course, we need to analyze its logs to ensure it's fully functional." Bite me, your honour. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Daniel James <wastebasket@nospam.aaisp.org>: > In article news:<slrnfljh67.8cr.keeling@heretic.nucleus.com>, S. > keeling wrote: > > "A firewall intercepts packets addressed to another machine ..." Is > > that other machine yours too? If so, it's routing, not interception. > > It's only routing if the packets reach the machine to which they are > addressed. If the firewall drops packets rather than delivering them > then it's interception. Whatever happened to that old maxim that the net's a cooperative effort between individual systems and their system administrators, the latter of which are gods on their systems, and those systems are private property? If a firewall dropping packets is interception, what's spamassassin or procmail or exim rules? This whole subject just doesn't pass the smell test. I am *still* not a lawyer, and expect to keep it that way. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Rick Pikul <rwpikul@sympatico.ca>: > > Under Canadian law there is no such thing as implied consent. No warning > is needed for access to be unauthorized, only the fact that it is not > authorized. Take that, ambulance chasers. We don't need to hire lawyers to vet login screen banners in this enlightened people's paradise. :-) How sensible. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Walter Mautner <nodeleaf.20.eatallspam@spamgourmet.com>: > s. keeling wrote: > > > > Ditto, and I'm not into this deeply myself. I just think if the law > > goes the cracker's way, the law's wrong. Getting away with cracking > > other's boxes because you couldn't see the login banner, which every > > legitimate user would see, is just plain wrong. It *has* to be legal > > Well, there must be some "criminal energy" involved to get in. A honeypot Connecting to a box you know you've no authorization to connect to? > should be firewalled or password-protected the same way (but obviously Firewalls aren't a legal requirement. Yeah, passwordless accounts are just dumb in a lot of ways (*spam*, zombies, ...), but a "come hither" to unsuspecting crackers? Come on. > different ports, different passwords) as the protected box/network. > If it is possible to "break in" without effort, there is no break-in in > fact. So, leaving your front door unlocked leaves you no defence legally against a burglar who takes advantage of that? -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

"s. keeling" <keeling@nucleus.com> writes: >Unruh <unruh-spam@physics.ubc.ca>: >> "s. keeling" <keeling@nucleus.com> writes: >> > >> >I've no intention of learning law, thanks. I'll buy it when I need >> >it. As a layman, theft describes this perfectly. >> >> Glad you feel that all this language stuff is a waste of time-- >> grunts and gestures are good enough for you. >You can completely ignore the distinction between layman and lawyer? >How focussed you are; almost tunnel visioned. When you talk about legal things, the people to talk to are lawyers. When you talk bullshit, grunts and gestures are good enough for you apparently. >-- >Any technology distinguishable from magic is insufficiently advanced. >(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 >- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

"s. keeling" <keeling@nucleus.com> writes: >Rick Pikul <rwpikul@sympatico.ca>: >> >> Under Canadian law there is no such thing as implied consent. No warning >> is needed for access to be unauthorized, only the fact that it is not >> authorized. >Take that, ambulance chasers. We don't need to hire lawyers to vet >login screen banners in this enlightened people's paradise. :-) Yes, so when you read a web page from Canada you are breaking the law, since you are accessing and altering data on that computer (see log files) without authorization. Real enlightened.

"s. keeling" <keeling@nucleus.com> wrote in message news:slrnfljecd.8cr.keeling@heretic.nucleus.com... > Unruh <unruh-spam@physics.ubc.ca>: >> "s. keeling" <keeling@nucleus.com> writes: >> >Unruh <unruh-spam@physics.ubc.ca>: >> >> "s. keeling" <keeling@nucleus.com> writes: >> >> >Randy Yates <yates@ieee.org>: >> >> >> I sure hope things have changed in the last four years: >> >> >> >> >> >> http://www.securityfocus.com/news/4004 >> >> >> >> >> >> Is this still illegal? What a load of crap. >> >> >> >> >you're not authorized to do so, you're trespassing and are yourself >> >> >guilty of theft of communications. >> >> >> >> It is NOT trespassing and it is NOT theft of communications, since >> >> they are not a real property that could be stolen. >> >> >Of course it is. Everything involved cost somebody or something money >> >> Of course it is not. So what if "everything involves costs". The law >> does >> NOT say "theft is anything involving costs". > > I was not speaking as a lawyer. I couldn't care less what the legal > definition of theft is. "dict theft" mentions: > > ... every part of the property stolen must be removed, > however slightly, from its former position > > Note "However slightly." It's perfectly fair to include cpu cycles > and bytes transferred in there. Absolute nonsense. Neither CPU cycles nor bytes are "removed". Bytes are not removed, because you cannot point to a place where they used to be and aren't now. That only becomes true if the hacker starts *deleting* your data, which is not what we've been discussing at all. CPU cycles would have taken place anyway - you could I suppose argue that they have been "stolen" (as in repurposed) if and only if the CPU is running at 100% load - which most systems aren't. >> >to get it there. You use it without their say so, and it's theft. >> >> No it is not. Learn a bit of law. > > I've no intention of learning law, thanks. I'll buy it when I need > it. As a layman, theft describes this perfectly. No, it doesn't. That's the kind of layman language that leads to debates about "copyright theft", when theft is quite simply the wrong word. Theft involves depriving someone else of something tangible, and neither unauthorised computer access nor copyright infringement is theft, most of the time. (The former is akin to theft if you copy the data off the system and then delete the original, and the latter is akin to theft only if the infringement replaces a purchase.) CC

"s. keeling" <keeling@nucleus.com> wrote in message news:slrnflsckh.8cr.keeling@heretic.nucleus.com... > Walter Mautner <nodeleaf.20.eatallspam@spamgourmet.com>: >> s. keeling wrote: >> > >> > Ditto, and I'm not into this deeply myself. I just think if the law >> > goes the cracker's way, the law's wrong. Getting away with cracking >> > other's boxes because you couldn't see the login banner, which every >> > legitimate user would see, is just plain wrong. It *has* to be legal >> >> Well, there must be some "criminal energy" involved to get in. A >> honeypot > > Connecting to a box you know you've no authorization to connect to? > >> should be firewalled or password-protected the same way (but obviously > > Firewalls aren't a legal requirement. Yeah, passwordless accounts are > just dumb in a lot of ways (*spam*, zombies, ...), but a "come hither" > to unsuspecting crackers? Come on. > >> different ports, different passwords) as the protected box/network. >> If it is possible to "break in" without effort, there is no break-in in >> fact. > > So, leaving your front door unlocked leaves you no defence legally > against a burglar who takes advantage of that? Got it! You use the word theft, when what you actually mean is trespass. The offence a stranger commits by entering your unlocked house uninvited is not theft or burglary (assuming he steals nothing), it's trespass. If the house is locked it's breaking & entering. So the cyber-equivalents of this are interesting. It's theft only if s/he deletes something on your system (and keeps a copy of it - otherwise it's criminal damage). It's breaking and entering if they had to hack in, and it's trespass if you left them an unlocked door (passwordless login, or whatever). So just as it's not illegal to leave your house unlocked, it shouldn't be illegal to leave an unprotected system on your network (whether as a honeypot or for any other purpose). CC

Daniel James <wastebasket@nospam.aaisp.org> writes: >In article news:<slrnflsbln.8cr.keeling@heretic.nucleus.com>, S. keeling >wrote: >> If a firewall dropping packets is interception, what's spamassassin or >> procmail or exim rules? This whole subject just doesn't pass the >> smell test. >I think you're missing some irony, somewhere along the line. >I wasn't suggesting that firewalls were or should be illegal, I was >using the example of firewalls -- which I think everyone agrees are not >only legal but are also essential security tools -- to highlight the >point about honeypots. However, a crucial feature of honeypots is that the owners read the logs and use the logs to carry legal or other actions. It is of course not the computer that does anything. It is the owners or controllers of the computers that do it. >A honeypot does not intercept packets, it just handles packets that are >addressed to it. And the person then reads the results of those interceptions. That is where the problems arise. >A firewall does intercept packets, it handles packets that are addressed >to some other server process and filters them. >Ergo: if the act of interception is the criterion by which legality is >to be judged then honeypots are legal and firewalls are not (or to put >it another way: The law is an ass). >Capisce? >Cheers, > Daniel. >

Daniel James <wastebasket@nospam.aaisp.org> writes: >In article news:<kyA7j.29921$Ji6.3563@edtnps89>, Unruh wrote: >> >A honeypot does not intercept packets, it just handles packets that are >> >addressed to it. >> >> And the person then reads the results of those interceptions. That is >> where the problems arise. >No, the logs aren't interceptions, either. Logging is what the honeypot >does, it's not intercepting anything -- just doing its job. Anyone who >knew what the honeypot was and did would expect logging, an would expect >that the logs would be read. honey pots are there so that people do NOT know that they are honeypots. If everyone knows they are honeypots ( sites set up specifically to entrap people engaging in "bad" behaviour) they loose their purpose. >Anyone trying to crack the system might not know that it was a honeypot, >but then they almost certainly didn't ask. The logs are interceptions. Just because a honeypot does it does not make it not an interception. Humans read those logs. If those logs indicate communication between two people, neither of whom agreed to the recording of the data, they would fall under wiretap laws, is what the argument is. >Where interception might come into all of this is later on. If the logs >from the honeypot are used to identify the IP address of a wannabe >cracker, say, and that IP address is blocked from the site as a whole. >THAT would be interception ... but I'd be amused (and horrified) to see a No that would be banning them from the site. The interception occured when the communication was recorded. It does not matter what was done with the recording. The crime is in the recording. >court rule it to be an unreasonable act (whatever the law said).

Walter Mautner <nodeleaf.20.eatallspam@spamgourmet.com>: > mr.b wrote: > > > On Thu, 06 Dec 2007 13:31:18 -0500, Douglas O'Neal wrote: > > > >> Make it a bit more specific. You have a picture on your wall. I look at > >> your picture without your permission. Have I then stolen your picture? > >> If not, what is the difference between using your computer with only > >> trivial traces of that use left and using the picture as was intended? > >> What exactly has been "stolen" in either case? > > > > this is interesting...I'm thinking...even though we've gotten a bit away > > from the legality of honeypots...which I employ...and enjoy...but > > accessing a publicly accessible computer is definitively different from > > passively observing a picture on a wall, is it not? the law is fairly > > clear about unauthorised access -at least here in Canada. > > Once you, as the "intruder" get the warning, it is unauthorized. > But then, a "publicly accessible" computer is what it is - either by > intention or by missing basic protection (AKA blondeness) like passwords > and firewalls. As an example, if you deliberatly change the defaults (XP > firewall on) to make your computer accessible, it is ... well, a publicly > accessible computer. Someone else just taking a peek then, isn't a > criminal, as long as he doesn't damage/change your data or your computer. Interesting. Where is the line between cracking and interoperability? Is identd cracking? Hardly. finger? But this is a new era when interop is less important than security, so we secure, then interop. :-P > That could happen to you having p2p software loaded and running, as an > example. There isn't a damage, if you missed the obligation to protect your > data or at least place a visible warning in the way. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Unruh <unruh-spam@physics.ubc.ca>: > "s. keeling" <keeling@nucleus.com> writes: > > >Rick Pikul <rwpikul@sympatico.ca>: > >> > >> Under Canadian law there is no such thing as implied consent. No warning > >> is needed for access to be unauthorized, only the fact that it is not > >> authorized. > > >Take that, ambulance chasers. We don't need to hire lawyers to vet > >login screen banners in this enlightened people's paradise. :-) > > Yes, so when you read a web page from Canada you are breaking the law, > since you are accessing and altering data on that computer (see log files) > without authorization. Real enlightened. The owner of that server told it to do that (in its config), not me. Get a clue. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Daniel James <wastebasket@nospam.aaisp.org>: > In article news:<slrnflsbln.8cr.keeling@heretic.nucleus.com>, S. keeling > wrote: > > If a firewall dropping packets is interception, what's spamassassin or > > procmail or exim rules? This whole subject just doesn't pass the > > smell test. > > I think you're missing some irony, somewhere along the line. > > I wasn't suggesting that firewalls were or should be illegal, I was > using the example of firewalls -- which I think everyone agrees are not > only legal but are also essential security tools -- to highlight the > point about honeypots. > > A honeypot does not intercept packets, it just handles packets that are > addressed to it. > > A firewall does intercept packets, it handles packets that are addressed > to some other server process and filters them. > > Ergo: if the act of interception is the criterion by which legality is > to be judged then honeypots are legal and firewalls are not (or to put > it another way: The law is an ass). > > Capisce? Eminently, and an excellent exposition. "The smell test" wasn't directed at your comments. It was intended for the OP. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Unruh <unruh-spam@physics.ubc.ca>: > "Magnate" <contact.me@some.other.way> writes: > > >So just as it's not illegal to leave your house unlocked, it shouldn't be > >illegal to leave an unprotected system on your network (whether as a > >honeypot or for any other purpose). > > It is not illegal. Whether or not it should be is contentious matter. If > you by your negligence contribute to damage to a third party, a strong Huh? Of course! > civil damages. Placing your computer on the net with no protection > IS negligence, and it can certainly damage third parties (DOS > attacks, breakin attacks, etc) I think you've a different understanding of "honeypot" from what I have. I understand it as, "Anything can get in. Nothing gets out." Honeypots are supposed to simulate successful execution for the cracker, yes? Honeypots should not be capable of being turned into zombies. They gather information. They do not facilitate connectivity. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Magnate <contact.me@some.other.way>: > "s. keeling" <keeling@nucleus.com> wrote in message > news:slrnfljecd.8cr.keeling@heretic.nucleus.com... > > > > Note "However slightly." It's perfectly fair to include cpu cycles > > and bytes transferred in there. > > Absolute nonsense. Neither CPU cycles nor bytes are "removed". Bytes are not > removed, because you cannot point to a place where they used to be and Ridiculous! On a heavily used server, every clock tick is worth money. I've worked with systems which cost the owner millions of dollars per minute when they were down. Any unauthorized logins costs the owner of those systems money, in many ways. You would not believe what my present clients spends on security and controls for its systems. Really. And with Payment Card Industry and Sarbanes-Oxley spec requirements these days, any unauthorised access can be disastrous to a corp's rep. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

"s. keeling" <keeling@nucleus.com> writes: >Unruh <unruh-spam@physics.ubc.ca>: >> "Magnate" <contact.me@some.other.way> writes: >> >> >So just as it's not illegal to leave your house unlocked, it shouldn't be i ^^^^^^^^^^^^^^^ >> >illegal to leave an unprotected system on your network (whether as a ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> >honeypot or for any other purpose). ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Note the phrase I was refering to. >> >> It is not illegal. Whether or not it should be is contentious matter. If >> you by your negligence contribute to damage to a third party, a strong >Huh? Of course! But that would make it illegal to leave an unprotected system...., something he said should never be illegal. >> civil damages. Placing your computer on the net with no protection >> IS negligence, and it can certainly damage third parties (DOS >> attacks, breakin attacks, etc) >I think you've a different understanding of "honeypot" from what I >have. I understand it as, "Anything can get in. Nothing gets out." >Honeypots are supposed to simulate successful execution for the >cracker, yes? Honeypots should not be capable of being turned into >zombies. They gather information. They do not facilitate >connectivity.