[KLUG Members] Re: legality

[Richard Vincent]

Adam,

I hope this particular user doesn't go for years without recognizing this
text file (filename in all caps). I dropped it in the [c:\windows\desktop]
folder which is their desktop.

PS

I was geuinly trying to help the owner of the PC in question and I agree
maybe the way I went about informing this person may not have been the best
way.

Rich
----- Original Message -----
From: "Adam Tauno Williams" <awilliam@whitemice.org>
To: <members@kalamazoolinux.org>
Sent: Wednesday, July 25, 2001 6:41 AM
Subject: Re: [KLUG Members] Re: legality


>
> >>>It is so frustrating  to see people so concerned with covering
> >>>thier asses that they don't try the straight forward method of talking
> >>>to people when you have a problem.
> >>understand your point, it's a good one and I agree.
> >>Now let's look at it from a more practice point of view:
> >>Suppose I discover the box at ip185.battle-creek2.mi.pub-ip.psi.net
> >>(38.33.131.185) has a big security hole.  HOW DO I CONTACT THE OWNER?
> >>My point is your only option may be to contact the ISP since you cannot
> >>always get an email address from an IP address, especially if it's a
> >>dynamically assigned IP, or the IP is owned by the ISP.
> >>> ... I can literally sue anyone for whatever grounds I like however
> >>> unjustified they may be.  ...
> >>Correct, and that's the reason everyone is trying to cover their ass
> >>and the reason for the original message:  to determine the best way
> >>to handle such a situation.
> >>I like the idea of contacting the owner too, IF POSSIBLE.
> >Which is what the original poster was doing, the most direct way he
could.
> >Probably the only certain way.
>
> Not certain at all.  How many average users check C:\ for any sudden new
> files?
> Zero of mine.  Windows Explorer? Huh, whats that for.  An average
> Windows user
> could go for years and never see that file.
>
> >>Personally I don't go looking for security holes in other people's
> >>computers, so I don't have to worry about contacting anyone!  :-)
> >Agreed in general, but here's another point that everybody seems to be
ignoring.
> >This machine was sharing files (OK, all of them) with the Internet.  It
was
> >SERVING files to anybody who could find it.  This was no hack attempt,
> this was
> >a client-server transaction like any other.
>
> No, the intent of the operator of the remote machine does matter.  I'm
> not saying leaving the file was wrong (morally),  but it was very much
> illegal.  These two, and reason for that matter, have nothing to do with
> each other.  The "victim" could claim with certainty that the person who
> left the note recognized that the victim's machine was not for public
> access simply based upon the content of the note.  Whose to say I didn't
> steal his Quicken files, and then leave a note so I look like a good
> samaritan.  Then I sell his credit card numbers to the local card
> jacker.
>
> >Let's try an example.  If a farmer sets up a vegetable stand at the side
of the
> >road, and the cash box is sitting there unlocked next to the zuchinni,
> would a
> >guy get in trouble for slipping a Post-it note into the cash box
> telling him it
> >wasn't locked?
>
> Oh yes he would!  Farmer finds note, has said person's fingerprints on
> it,  Farmer says $500 dollars is missing.  Said person gets arrested.
> If said person for whatever reason already had a criminal record or was
> a resident alien they are in big trouble.  Said person was stupid!  And
> if someone sees him WHILE he has the lid open,  criminal intent will be
> assumed as he had NO BUSINESS being inside the box.
>
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
> 
>