[KLUG Members] Re: legality

[Mike Williams]

>Date: Tue, 24 Jul 2001 13:17:40 -0400
>From: Bruce Smith <bruce@armintl.com>
>To: members@kalamazoolinux.org
>Subject: Re: [KLUG Members] Re: legality
>Reply-To: members@kalamazoolinux.org
>
>> It is so frustrating  to see people so concerned with covering
>> thier asses that they don't try the straight forward method of talking
>> to people when you have a problem.
>
>I understand your point, it's a good one and I agree.  
>
>Now let's look at it from a more practice point of view:
>
>Suppose I discover the box at ip185.battle-creek2.mi.pub-ip.psi.net
>(38.33.131.185) has a big security hole.  HOW DO I CONTACT THE OWNER?
>
>My point is your only option may be to contact the ISP since you cannot
>always get an email address from an IP address, especially if it's a 
>dynamically assigned IP, or the IP is owned by the ISP.
>
>> ... I can literally sue anyone for whatever grounds I like however
>> unjustified they may be.  ...
>
>Correct, and that's the reason everyone is trying to cover their ass
>and the reason for the original message:  to determine the best way
>to handle such a situation.
>
>I like the idea of contacting the owner too, IF POSSIBLE.

Which is what the original poster was doing, the most direct way he could.  Probably the only certain way.

>Personally I don't go looking for security holes in other people's
>computers, so I don't have to worry about contacting anyone!  :-)
>
Agreed in general, but here's another point that everybody seems to be ignoring.  This machine was sharing files (OK, all of them) with the Internet.  It was SERVING files to anybody who could find it.  This was no hack attempt, this was a client-server transaction like any other.  

Let's try an example.  If a farmer sets up a vegetable stand at the side of the road, and the cash box is sitting there unlocked next to the zuchinni, would a guy get in trouble for slipping a Post-it note into the cash box telling him it wasn't locked?