Nmap Announce mailing list archives
Responses to SecurityFocus article
From: Fyodor <fyodor () insecure org>
Date: Tue, 19 Dec 2000 21:51:47 -0800 (PST)
Here are three responses to the SecurityFocus article about port scanning legality: Date: Tue, 19 Dec 2000 21:28:38 -0500 From: James Fischer <jfischer () supercollider com> To: 'Fyodor' <fyodor () insecure org>, "nmap-hackers () insecure org" <nmap-hackers () insecure org> Subject: RE: Port scans legal, judge says (NOT) The article clearly contradicts the title. Even a quick glance at the text of the article would have revealed this. The judge did not address the legality of port scanning, but only noted that in THIS specific incident, the port scan did not "cause damage", and that the costs of "investigating" are not, in themselves, "damages" for the purposes of a civil suit. In fact, the port scanner still faces criminal charges, even though the scanning was done by someone who had both reasonable "authorization" and a legitimate technical reason to scan. I quote the article ( www.securityfocus.com/news/126):
Scott Moulton, president of Network Installation Computer Services (NICS), is still facing criminal charges of attempted computer trespass under Georgia's computer crime laws for port scanning a system owned by a competing contractor.
Kevin Polsen should be ashamed of himself for putting such a misleading title on an article. Next time, READ the article. :) Date: Tue, 19 Dec 2000 21:02:04 -0800 (PST) From: Kevin L. Poulsen <klp () securityfocus com> To: James Fischer <jfischer () supercollider com> Cc: 'Fyodor' <fyodor () insecure org>, "nmap-hackers () insecure org" <nmap-hackers () insecure org> Subject: RE: Port scans legal, judge says (NOT) James -- The judge ruled that port scans are legal, in as much as the federal Computer Fraud and Abuse Act (18 U.S.C. 1030) can not be used to win civil judgements against people for merely conducting them. I agree that the headline doesn't tell the whole story, which is why another 700 words followed it. K Kevin L. Poulsen Editorial Director SecurityFocus.com Washington D.C. (202)232-5200 Date: Tue, 19 Dec 2000 21:31:20 -0500 From: Jonathan Jessup <jjessup () bdigitalusa com> To: SEAN SMITH <tssmith () chaka AtlanticCo ca>, nmap-hackers () insecure org Subject: Re: SecurityFocus: Port scans legal, judge says Hello to everyone on the list. Perhaps I'm missing the point of this list in saying my opinion here, if so, my apologies. Mr. Smith, Without knowing any more details than what was said here, I think it is a good decision. It seems to me that laws only make security on paper, and not in practice. I distrust malicious hackers and the authorities who want to outlaw and restrict freedoms. This view results in more responsibility (a bit more work) on people to secure their systems, and perhaps getting better security in the process. I think letting government handle the proactive side (before it happens) of IP security is deserving of great scrutiny and caution. Cheers, Jonathan -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Responses to SecurityFocus article Fyodor (Dec 19)