Nmap Announce mailing list archives
RE: publicly available resources and the law
From: Benjamin Smee <ben () itaudit com au>
Date: Wed, 24 Feb 1999 09:42:07 +1100
Hello, I have often wondered the specifics of this myself. Here is my understanding: One of the key things in relation to what Daemor is talking about is Warning. I know that there was a case in the states where a 'hacker' was let off at court as he pleaded he did not know that he not authorised to access a system. The system had no legal banners in place. Having said that I know that in Australia the aforesaid hacker would not have gotten off. The key.... WARNINGS on the site about illegal access and use of the system. The thing is that still doesnt clarify the problem. AFAIK in the western world most computer crime laws are based on the ones from the USA. With this in mind the problem seems somewhat Universal, in that almost all are worded so badly that any Internet savvy person would cringe. In Australia the computer crime laws are so badly written that I wouldn't be surprised to hear that someone could be charge with "insertion or modification of data without authorisation" just by sending an email with an attachment. Relating this specifically to port scanning though and at least in Autralia we are safe :) There are no laws that could even be interpreted as considering port scanning illegal.
Daemor wrote:Communicate with? Retrieve data from? Who authorizes me to connect to port 80 at www.nsa.gov? No one, it is made publicly available. No authorazation is required to access the data. Port scanning simply asks which services are offered by a computer. Unless measures have been taken to restrict access to the data and the individual has attempted to circumvent those measures then I see no crime. Being charged with a misdemeanor simply for port scanning ALONE seems a bit rediculous to me. I realize that scanning a host is often followed by an attack on a system or is part of a search for vulnerable systems but simply asking if the information is publicly available should not be a crime.Along these lines, I was wondering what the legal status of accessing FTP servers with anonmyous logins, wide open NFS exports, or NetBIOS shares. There needs to be some clarification of what is considered public access and what is simply misconfiguration. Anyone have something to contribute about what is actually legal to access and what is invasion? Is any resource that can be accessed without special authorization considered public access in the terms of the law?
regards, Benjamin Smee Senior Computer Security Consultant Fingerprint: 4574 41AD D801 1533 455C E5F8 79C4 CEF1 AED8 58C1 ___________________________ IT Audit & Consulting (ITAC) Pty Ltd ben () itaudit com au
Current thread:
- Re: publicly available resources and the law, (continued)
- Re: publicly available resources and the law Brian Gosnell (Feb 23)
- RE: publicly available resources and the law Meritt, Jim (Feb 23)
- Re: publicly available resources and the law Benjamin Tomhave (Feb 23)
- Re: publicly available resources and the law Bennett Todd (Feb 23)
- Re: publicly available resources and the law Ken Williams (Feb 24)
- Re: publicly available resources and the law Fyodor (Feb 24)
- Re: publicly available resources and the law Jesse Whyte (Feb 25)
- Re: publicly available resources and the law David Dennis (Feb 25)
- publicly available resources and the law System Administrator (Feb 25)
- Re: publicly available resources and the law vik bajaj (Feb 25)
- Re: publicly available resources and the law Bennett Todd (Feb 26)