Security Basics mailing list archives
Re: application for an employment
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 3 Apr 2006 02:42:49 +0200
On 2006-04-03 Craig Wright wrote:
I don't know why you are taking a private conversation back on-list, but so be it.As I am having the same conversation with multiple people on and off the list it is simpler to have it on the list.
Then I suggest you ask for permission to do so first, because dragging private communication into public is not only offensive but may be considered an actual offense under german jurisdiction (the BGH already decided on this, see Az. I ZR 211/53).
In particular; Article 6: Misuse of devices/possession and misuse of systems and tools that are suitable for carrying out an action as in Article 2-5.You obviously fail to understand that for these articles to apply I have to actually do something illegitimate. However, contrary to your belief using a portscanner to find out what services a host provides, or even using an open relay to send out mail (as long as it's not spam, but this is covered by other laws), is NOT illegal.Actually, you fail to comprehend that these are being setup as strict liability offenses. This is similar to how a parking ticket is strict liability as a simplistic way of explaining the concept. Just as you do not need to have intent to get a parking ticket - you do not need intent for the A 2.5 issues.
Wrong. Each of the articles 2 through 5 and also article 6 *expressly* state "when committed intentionally". Read it up. And the discussed matter is still not subject to these laws, because all of them require that either the action was illegal to begin with or that at least some actual damage was done. The former is not the case and the latter is not subject to this discussion, no matter how often you try to bring it in.
No. This is exactly the point where you are wrong. I do have the right to access a host without getting explicit permission beforehand, so these laws simply don't apply.EM paragraphs 47-48, 58, 62, 68 and 77
What is "EM" supposed to mean? The european convention on cyber-crime has only 48 articles, and I fail to see what other document you might be referring to by that abbreviation.
also make clear that the use of such tools for the purpose of security testing authorized by the system owner is not a crime. You are not the system owner or as a member of the public authorised.
As long as they say nothing about a general prohibit it doesn't matter in which cases they are expressly allowed. That's just examples.
However, what service a host on the Internet is running, does in no way qualify as privacy-related data.Actually it can and generally does -
No. If you really believe so, you are misinterpreting the term privacy as it is used in the BDSG. privacy-related data are data that can be associated with a person (like address, date of birth, license number, medical records, etc.). The term does not generally refer to all data that may be considered private.
just as a system has some public facing pages does not make it all public information.
It does for at least the public facing pages. [ Article 6 snipped ]
Article 5 - transmitting data without right that causes harm. If the port scanner intentionally or not causes a system to reboot for whatever reason, then there is an offence. What you feel, like want - irrelevant.
This is NOT what article 5 says. You may want to make a reality-check: | Article 5 - System interference | | Each Party shall adopt such legislative and other measures as may be | necessary to establish as criminal offences under its domestic law, | when committed intentionally, the serious hindering without right of | the functioning of a computer system by inputting, transmitting, | damaging, deleting, deteriorating, altering or suppressing computer | data. You'll note that contrary to your belief the article actually does say that intent is a required precondition. You'll also note, that the article talks about "serious hindering". Whether a single reboot would qualify as such is arguable. And I already said from the beginning that one in fact may be held liable for causing damage, even if it was done unintentionally. However, this does by no means imply that the action leading to the damage was illegal to begin with. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: application for an employment, (continued)
- RE: application for an employment David Gillett (Apr 04)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- Re: application for an employment D. Bolliger (Apr 05)
- Re: application for an employment Micheal Espinola Jr (Apr 05)
- RE: application for an employment Craig Wright (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- Re: application for an employment Anthony Ettinger (Apr 03)
- RE: application for an employment Mike Fetherston (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)
- Re: application for an employment Raoul Armfield (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- RE: application for an employment Ramsdell, Scott (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment John E. Fleming (Apr 03)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 05)
- RE: application for an employment onowlin (Apr 03)
- RE: application for an employment Craddock, Larry (Apr 03)
- RE: application for an employment Craig Wright (Apr 03)