Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Responses to SecurityFocus article

From: Fyodor <fyodor () insecure org>
Date: Tue, 19 Dec 2000 21:51:47 -0800 (PST)

Here are three responses to the SecurityFocus article about port scanning
legality:

Date: Tue, 19 Dec 2000 21:28:38 -0500
From: James Fischer <jfischer () supercollider com>
To: 'Fyodor' <fyodor () insecure org>,
     "nmap-hackers () insecure org" <nmap-hackers () insecure org>
Subject: RE: Port scans legal, judge says (NOT)

The article clearly contradicts the title.

Even a quick glance at the text of the
article would have revealed this.

The judge did not address the legality of
port scanning, but only noted that in THIS
specific incident, the port scan did not
"cause damage", and that the costs of
"investigating" are not, in themselves,
"damages" for the purposes of a civil suit.

In fact, the port scanner still faces criminal
charges, even though the scanning was
done by someone who had both reasonable
"authorization" and a legitimate technical
reason to scan.

I quote the article ( www.securityfocus.com/news/126):


Scott Moulton, president of Network Installation
Computer Services (NICS), is still facing criminal
charges of attempted computer trespass under
Georgia's computer crime laws for port scanning a
system owned by a competing contractor.


Kevin Polsen should be ashamed of himself
for putting such a misleading title on an article.

Next time, READ the article.  :)



Date: Tue, 19 Dec 2000 21:02:04 -0800 (PST)
From: Kevin L. Poulsen <klp () securityfocus com>
To: James Fischer <jfischer () supercollider com>
Cc: 'Fyodor' <fyodor () insecure org>,
     "nmap-hackers () insecure org" <nmap-hackers () insecure org>
Subject: RE: Port scans legal, judge says (NOT)


James --

The judge ruled that port scans are legal, in as much as the federal
Computer Fraud and Abuse Act (18 U.S.C. 1030) can not be used to win civil
judgements against people for merely conducting them. I agree that the
headline doesn't tell the whole story, which is why another 700 words
followed it.

K

Kevin L. Poulsen
Editorial Director
SecurityFocus.com
Washington D.C.
(202)232-5200



Date: Tue, 19 Dec 2000 21:31:20 -0500
From: Jonathan Jessup <jjessup () bdigitalusa com>
To: SEAN SMITH <tssmith () chaka AtlanticCo ca>, nmap-hackers () insecure org
Subject: Re: SecurityFocus: Port scans legal, judge says

Hello to everyone on the list.  Perhaps I'm missing the point of this list
in saying my opinion here, if so, my apologies.

Mr. Smith,

Without knowing any more details than what was said here, I think it is a
good decision.  It seems to me that laws only make security on paper, and
not in practice.  I distrust malicious hackers and the authorities who
want to outlaw and restrict freedoms.  This view results in more
responsibility (a bit more work) on people to secure their systems, and
perhaps getting better security in the process.

I think letting government handle the proactive side (before it happens)
of IP security is deserving of great scrutiny and caution.

Cheers,
Jonathan




--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: