PaulDotCom mailing list archives

Need domain for examples

From: NSweaney at tulsacash.com (Nathan Sweaney)
Date: Thu, 12 Mar 2009 12:40:44 -0500

I'm not sure the judge's stance is that wrong.  
 
This is just speculation, but it sounds like perhaps there's a little
bit of journalistic slight of hand going on to make the judge sound like
an idiot.  For example, the article quotes The Court rejects the test
for "authorization" articulated by defendant's expert, Lawrence Baldwin.
To find all access "authorized" which is successful would essentially
turn the computer crime laws of this country upside down."  So in other
words, the guy's lawyer tried to argue that if the system didn't stop
him, then it was ok.  I have a hard time expecting the court to agree
with that.  However the article's response to that quote is totally off.
They're trying to suggest that the quote says the court rejected an
argument that it was ok to access the servers because it was designed to
be a public server.  There's a huge difference between "accessing a
server designed for the public" and "accessing a server that doesn't
stop you". That sounds to me like Ritz's lawyer tried to make the wrong
argument.  
 
The second quote is almost as bad. The article quotes the court as
saying, "Ritz has engaged in a variety of activities without
authorization on the Internet. Those activities include port scanning,
hijacking computers, and the compilation and publication of Whois
lookups without authorization from Network Solutions."  But then
journalist goes on to rant about the fact that the quote mentions Whois
lookups.  Now I agree that the whois thing is a mistake, but that's just
one, & the last one at that, in a list of examples of activities that
Ritz has done.  
 
I'm not saying that Ritz is guilty here, but I don't think he got
screwed by the court.  If anything, he got screwed by his lawyer.
However I will suggest that you look at the rest of the court documents.
Here's a link to more info: http://www.spamsuite.com/node/351
 
Lastly, I found this interesting in the court's findings, "Ritz has
hijacked computers, i.e. taken control without permission, of the
computers of third parties such as Verizon. He admitted to hacking
Verizon and further admitted to doing so without authorization."  I'm
not saying this guy deserves to be found guilty in this particular case,
but he's certainly not as innocent as they're trying to portray him.  
 
I think the bigger issue, and more interesting discussion is what kind
of impact small mistakes like this in a court finding can have as
precendence in future cases.  
 

________________________________

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Adrian
Crenshaw
Sent: Thursday, March 12, 2009 7:23 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Need domain for examples


Ok, this has me a little paranoid:
http://www.circleid.com/posts/811611_david_ritz_court_spam/

Adrian


2009/3/12 Jim Halfpenny <jim.halfpenny at gmail.com>


        If you want a nice big zone transfer try checking out some of
the academic networks (e.g. .edu, .ac.uk). I'll leave it as an exercise
for the reader but checking the NS entries for an academic institution
and then attempting a zone xfer from each can yield some good results.
        
        Jim
        
        
        2009/3/12 Adrian Crenshaw <irongeek at irongeek.com>
        

                I need to show off how to do a zone transfer in an
upcoming class, but I'm having problems finding a DNS server that will
allow it. Most folks seem to have locked that don't by now. Suggestions?
                
                Adrian
                
                
                _______________________________________________
                Pauldotcom mailing list
                Pauldotcom at mail.pauldotcom.com
        
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
                Main Web Site: http://pauldotcom.com
                



        _______________________________________________
        Pauldotcom mailing list
        Pauldotcom at mail.pauldotcom.com
        http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
        Main Web Site: http://pauldotcom.com
        


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090312/db364dd6/attachment.htm

Current thread:

Need domain for examples, (continued)
- - - Need domain for examples Adrian Crenshaw (Mar 11)
    - Need domain for examples iamnowonmai (Mar 11)
    - Need domain for examples Stephen Reese (Mar 11)
    - Need domain for examples Adrian Crenshaw (Mar 11)
    - Need domain for examples Rob Fuller (Mar 11)
    - Need domain for examples d4ncingd4n at gmail.com (Mar 11)
- Need domain for examples Jim Halfpenny (Mar 12)
  - Need domain for examples Adrian Crenshaw (Mar 12)
    - Need domain for examples Rob Fuller (Mar 12)
    - Need domain for examples Adrian Crenshaw (Mar 12)
    - Need domain for examples Nathan Sweaney (Mar 12)