Re: Microsoft ask users to crack win2000 site

[corrupt () SHELLX TICAL NET (Ray Barnes)]

On Thu, 5 Aug 1999, John Horn wrote:

> Hmmm, interesting. Nevertheless, such activity contravenes various federal
> statutes and/or possibly state statutes at either the point of origination
> and/or the destination (or both). I would suggest that anyone interested
> in accepting this offer consider the relevant legal issues before actually
> making a compromise attempt on the site. It should be noted that Microsoft
> does not have the authority to waive prosecution under at least one (or
> possibly more) federal statutes. It is quite possible to be prosecuted
> completely without Microsoft's consent.

Good point.  As with any security test that's open to the public, one
should always consider the legal implications.  However, I would think
that based upon the fact that MS openly states that you may attempt a
security breach of their site, most municipalities would have no grounds
by which to pursue the matter.  I don't know about other states, but in
Florida, the law deals mainly with *unauthorized* activity, which is
obviously not the case if they invite you to compromise their system.

Further more, there have been many other public security tests, many which
offer a bounty if you can compromise the system in question, most notably
for ISV firewall packages.  And what about security professionals who get
paid to attempt to compromise systems?  Undoubtedly they consider the
legal implications before accepting those tasks.

Perhaps someone else on the list, who is familiar with state law as a
whole, can shed more light.

regards,

Ray Barnes
Tical Network Solutions, Inc.