[KLUG Members] Re: legality

[Adam Tauno Williams]

>>>It is so frustrating  to see people so concerned with covering
>>>thier asses that they don't try the straight forward method of talking
>>>to people when you have a problem.
>>understand your point, it's a good one and I agree.  
>>Now let's look at it from a more practice point of view:
>>Suppose I discover the box at ip185.battle-creek2.mi.pub-ip.psi.net
>>(38.33.131.185) has a big security hole.  HOW DO I CONTACT THE OWNER?
>>My point is your only option may be to contact the ISP since you cannot
>>always get an email address from an IP address, especially if it's a 
>>dynamically assigned IP, or the IP is owned by the ISP.
>>> ... I can literally sue anyone for whatever grounds I like however
>>> unjustified they may be.  ...
>>Correct, and that's the reason everyone is trying to cover their ass
>>and the reason for the original message:  to determine the best way
>>to handle such a situation.
>>I like the idea of contacting the owner too, IF POSSIBLE.
>Which is what the original poster was doing, the most direct way he could.  
>Probably the only certain way.
 
Not certain at all.  How many average users check C:\ for any sudden new
files? 
Zero of mine.  Windows Explorer? Huh, whats that for.  An average
Windows user
could go for years and never see that file.

>>Personally I don't go looking for security holes in other people's
>>computers, so I don't have to worry about contacting anyone!  :-)
>Agreed in general, but here's another point that everybody seems to be ignoring.  
>This machine was sharing files (OK, all of them) with the Internet.  It was 
>SERVING files to anybody who could find it.  This was no hack attempt,
this was
>a client-server transaction like any other.  

No, the intent of the operator of the remote machine does matter.  I'm
not saying leaving the file was wrong (morally),  but it was very much
illegal.  These two, and reason for that matter, have nothing to do with
each other.  The "victim" could claim with certainty that the person who
left the note recognized that the victim's machine was not for public
access simply based upon the content of the note.  Whose to say I didn't
steal his Quicken files, and then leave a note so I look like a good
samaritan.  Then I sell his credit card numbers to the local card
jacker.

>Let's try an example.  If a farmer sets up a vegetable stand at the side of the 
>road, and the cash box is sitting there unlocked next to the zuchinni,
would a 
>guy get in trouble for slipping a Post-it note into the cash box
telling him it 
>wasn't locked?  

Oh yes he would!  Farmer finds note, has said person's fingerprints on
it,  Farmer says $500 dollars is missing.  Said person gets arrested.
If said person for whatever reason already had a criminal record or was
a resident alien they are in big trouble.  Said person was stupid!  And
if someone sees him WHILE he has the lid open,  criminal intent will be
assumed as he had NO BUSINESS being inside the box.