[KLUG Members] City of Battle Creek Vs. ORBZ

[Adam Williams]

>I wouldn't be so quick to jump on the City of Battle Creek.  Gulliver knew 
>his software crashed Lotus Domino servers and continued to use it.  Was he 
>trying to point out a weakness in that type of server?  Sounds like a hacker 
>rationalization to me.

Laws should not attempt to consider "intent".  A mail message should not
be able to crash a mail server, period.  Rationalization or not, the
response by the City is foolish.  Intent is far to fuzzy a concept and
interpreted ultimately through the prejudices of law enforcement and
even judges.

>"It seems one of Gulliver's tests to validate whether a server is really an 
>open relay or not was causing Lotus Domino machines to crash.  One of 10 or 
>so e-mail tests routinely conducted, the code in one was causing Domino SMTP 
>servers to enter an endless mail loop, consuming 100 percent of the CPU and 
>putting it out of commission.
>Laura Atkins, newly installed president of the non-profit anti-spam outfit 
>SpamCon Foundation, said the code changes needed to correct the bug was 
>"trivial" but one Gulliver, for one reason or another, was unwilling to 
>correct."
>http://www.internetnews.com/bus-news/article/0,,3_995251,00.html

I've seen this Lotus bug mentioned on several other anti-spam sites,
which apparently didn't see fit to incorporate a
oh-please-protect-Lotus-Notes patch either.  I'd like to see a response
from Gulliver on this issue and not a "for one reason or another"
pejorative.  Does this patch perhaps weaken the test, etc...?  

The above is very sloppy journalism as there is not rebuttal.  It drones
on into a quote from some lawyer (who is associated with this case how?)
"Incidences such as this just create animosity that makes it harder for
the process to work the way it was intended. Blacklist owners have to
assess what their real motivations are, and if their motivation is not
to assist they need to take a look at what makes the process work." 

Asking someone to access their "real" motivations?  Come on!  This is
clearly a prejudicial statement.  Translated: 'Hackers are bad,  we need
to be suspicious of them.'

Again,  laws should try to avoid dealing with "motivations".  Either it
is legal to transmit messages to someones mail server or it is not.

>I would criticize Battle Creek for continuing to use a server with known 
>vulnerabilities.  But just because Gulliver wears a white hat doesn't mean 
>that he can write buggy code, 

We don't know his code is buggy.  We haven't heard from him on that
issue.  We've only heard from this lady elected head of SpamCon, who
having been elected to such a position, I'll wager is *NOT* technically
proficient.  Management types mostly say what their lawyers tell them to
say.

>know about problems that cause a server to 
>crash, and continue to use the code on servers owned by others.  He 
>should pay the City for the time it took to get the server back up, and for 
>any losses incurred.

So if my mail message crashes your server you have to determine if I
"knowingly" sent the message?  What if I know about a bug in Exchange, 
send a message that happens to exploit the bug but was meant to actually
be delivered to an user (clearly normal usage),  but I didn't know you
used Exchange?  What if the mail server I sent it via wrote the message
headers in that way but my company has no IT staff?  What if I didn't
know that the mail server wrote the headers that way?  But then again I
didn't bother to check to make sure it didn't?

Pretty soon we will need to outfit every courtroom with crystals,
candles, and symbols of power so the resident psychic can probe the
unconscious mind of the "perpetrator".
 
If they want to exist in a technological world then organizations need
to take responsibility for their infrastructure.  All this banter about
intent, motives and what not simply falls apart in a complex
environment.  The world has changed,  technology distributes power. 
People and their corporations need to evolve and not depend upon the
nebulous authority of government to protect them from all possible
consequences of the world as it is today.  Appointing a group of guys to
patrol the camp at night and keep a look out for wolves and bandits (an
original form of government) is a concept that simply cannot be
translated into the world of technology.  What does a bandit look like? 
The exact same way as everyone else: 01101001000101001000101110......