Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Notifying user of open Internet access

Reply
Thread Tools

Notifying user of open Internet access

 
 
Bit Twister
Guest
Posts: n/a
 
      12-12-2004
On 11 Dec 2004 21:02:24 EST, winged wrote:
>> http://www.capitol.state.tx.us/statutes/pe.toc.htm
>> Read 33.01. Definitions (1) "Access"
>> then 33.02. Breach of Computer Security (a)
>>
>>
>> http://www.umpqua.cc.or.us/policy/oregon-law.htm
>> Read 1 (a) then (4)

>
>
>
> "Effective consent" is a key issue of both the Texas


Texas escapes the consent with _or defect_ in (c)

> and the Oregon laws cited.


Oregon did not even bother with consent.

They did that on purpose. Oregon was tired of the lawyers indicating
the same kind of logic you proposed.

Your "exposed computer in a public area" is not consent just like my
public exposure of my house's front door is not consent for you to
"communicate with the door knob" by twisting it.

 
Reply With Quote
 
 
 
 
winged
Guest
Posts: n/a
 
      12-12-2004
Bit Twister wrote:
> On 11 Dec 2004 21:02:24 EST, winged wrote:
>
>>>http://www.capitol.state.tx.us/statutes/pe.toc.htm
>>>Read 33.01. Definitions (1) "Access"
>>>then 33.02. Breach of Computer Security (a)
>>>
>>>
>>>http://www.umpqua.cc.or.us/policy/oregon-law.htm
>>>Read 1 (a) then (4)

>>
>>
>>
>>"Effective consent" is a key issue of both the Texas

>
>
> Texas escapes the consent with _or defect_ in (c)
>
>
>>and the Oregon laws cited.

>
>
> Oregon did not even bother with consent.
>
> They did that on purpose. Oregon was tired of the lawyers indicating
> the same kind of logic you proposed.
>
> Your "exposed computer in a public area" is not consent just like my
> public exposure of my house's front door is not consent for you to
> "communicate with the door knob" by twisting it.
>

"Effective Consent" does allow me to knock on the door. If you leave
the door open effective consent is implied. Effective consent may also
apply to a login on the system if it does not have a password, for
example some services may require a login (door closed) depending on the
generally accepted use of the service. A service with a login password
does not have effective consent to use that specific service (door
locked) unless effective consent was given to me by the system owner by
providing a login password. To make matters worse their are "some"
cases where a login password also provides "effective consent"
(anonymous FTP servers that require a mail addy for password comes to mind).

Effective consent does apply to the Oregon law. Effective consent is a
principle in law. It does not "have" to be specifically stated.

If a service is exposed and the service has no warnings on the specific
service, "effective consent" is implied under either states statutes.
If you exploit a service (for example using a buffer overrun) to gain
access that was not otherwise exposed, you are in violation of the
"effective consent" principle.

Under your argument any HTTP server I accessed in Texas or Oregon could
be considered illegal because did not have specific permission to access
the site.

"Effective consent" does not allow me to do any damage the system in
question, but if a service is open and exposed, one has implied consent
to access the system.

Exposed ICMP does provide effective consent under the law. If I pound
the ICMP port enough to impede or significantly impact the devices
normal operation I have lost effective consent because that can not be
considered reasonable use.

It is key, if one works in the computer security field, to understand
this concept. You must lock the computer doors with reasonable
precautions to prevent "effective consent".

Winged
 
Reply With Quote
 
 
 
 
Bit Twister
Guest
Posts: n/a
 
      12-12-2004
On 12 Dec 2004 00:41:36 EST, winged wrote:
> If you leave the door open


Was not open, just not locked.

> Effective consent does apply to the Oregon law.


The law did not say so. That is my main point. The law was made that loose
because of the same kinds of arguments you have provied.

Some of the arguments by cracker's lawers were
How was my client to know the sys op was not giving consent because
the sys op failed to secure his machine correctly.

As for what computer industry thinks and what the lawyer provied is
just word twisting. What comes to mind whas the @home ads showing
unlimited internet access and the cutomers complaing of
throttled cablem modems and download quotas. Seems the unlimited
access meant you did not have to login to access the internet.
 
Reply With Quote
 
EDOOD
Guest
Posts: n/a
 
      12-13-2004
Holy S..T!!!!!
I may never use my computer again!!!! Just kidding.
I guess my only thought is, I have had a hacked Web Site (Chinese hackers,
by tracing back logs and IP numbers), and had a virus attack, that the ISP
said that I was sending out Viruses. If I received a note/letter/email
stating that my firewall was WIDE OPEN, I would first close it, and second,
thank whomever told me.

It is hard for me to believe that someone shouldn't do anything....I think
we are all "CLOSET HACKER". I would bet everyone on this list has used an
IP discovery tool. So, I will let the FOOL go down into the abyss of hacker
hell!!!

Thanks for the reply's!!!


 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      12-13-2004
In article <Ibmvd.42401$(E-Mail Removed)> , "EDOOD"
<info<nospam>@thecomputerdood.com> says...
> Holy S..T!!!!!
> I may never use my computer again!!!! Just kidding.
> I guess my only thought is, I have had a hacked Web Site (Chinese hackers,
> by tracing back logs and IP numbers), and had a virus attack, that the ISP
> said that I was sending out Viruses. If I received a note/letter/email
> stating that my firewall was WIDE OPEN, I would first close it, and second,
> thank whomever told me.
>
> It is hard for me to believe that someone shouldn't do anything....I think
> we are all "CLOSET HACKER". I would bet everyone on this list has used an
> IP discovery tool. So, I will let the FOOL go down into the abyss of hacker
> hell!!!


At one time or another, before being information of it being against the
TOS for my ISP at the time (not the current one), I use to look/help
people that were exposed. When I use to get probed from SQL servers I
would open a session with them and send a NET SEND to their entire LAN
from the SQL Server telling everyone that the SQL server was fully
exposed (without a password) to the internet. In all that time, I never
saw one SQL server fixed or one computer fixed.

People that are exposed just don't get it, they don't really care, and
if they did care they would already have learned something about it.

What would be great is if the ISP's blocked ports 135~139 and 445
internally as well as externally, then we would have a lot less problems
with Windows based systems.


--
--
http://www.velocityreviews.com/forums/(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
EDOOD
Guest
Posts: n/a
 
      12-13-2004
On this idea of "effective consent", the person has no password control,
allowing anyone to "MAP" effective drives to it. You use the usual FTP, and
HTTP rule. Are these exclusive to the rule.? Mapping a drive, using a NET
USE or NET VIEW command, and then viewing the contents, without a password,
would be considered "effective consent". I don't see the difference. The
WEB is made up of Clients (Browsers) and Servers (Web Hosts). So, basically
I can use my "BROWSER" i.e. Windows "Net View" command (Port 139 Scan) to
look for hosts.
This idea of Public or Private is confusing, If I set up an FTP Server for
myself, with "anonymous" as a user, have I given consent? Why is HTTP or
FTP (protocols) any different than from NET VIEW (Port 139) protocol scans.

I guess the idea is, if we see a car on fire, with people in it...Don't
help, because they might blame you for starting the fire!!!


 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      12-13-2004
In article <%wmvd.42404$(E-Mail Removed) >, "EDOOD"
<info<nospam>@thecomputerdood.com> says...
> I guess the idea is, if we see a car on fire, with people in it...Don't
> help, because they might blame you for starting the fire!!!


No, there are laws to protect you from civil suites in cases of
emergency assistance, unless you are a medical type, then you are not
protected.

In the case of probes, looking for exposed systems, the users are
unaware that their systems are exposed, so no consent was intended or
provided.


--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
donnie
Guest
Posts: n/a
 
      12-14-2004
On Mon, 13 Dec 2004 19:59:55 GMT, "EDOOD"
<info<nospam>@thecomputerdood.com> wrote:

>I guess the idea is, if we see a car on fire, with people in it...Don't
>help, because they might blame you for starting the fire!!!
>

############################
Unfortunately, when it comes to computer and telephone systems, that
is the case. They will blame you for the security holes or at least
exploiting them. Only once, did I tell someone that their computer
had files sharing enabled. The reason I notified them (and I say them
because it was a family network) was because they had wingate running
and someone was using their PC to post bad thinngs to usenet. I looked
up their # and called using a pre-paid calling card. The guy was very
appreciative but that's not always the case.
As an update to computers w/ file sharing enabled, it's almost down to
none. There was a time when one could find 40 opened PCs on a class C
subnet but now if there are 4 opened PCs on a class C subnet, it's a
lot. People have become a little more savvy either blocking it
manually or running firewalls.
donnie.
 
Reply With Quote
 
winged
Guest
Posts: n/a
 
      12-14-2004
Leythos wrote:
> In article <Ibmvd.42401$(E-Mail Removed)> , "EDOOD"
> <info<nospam>@thecomputerdood.com> says...
>
>>Holy S..T!!!!!
>>I may never use my computer again!!!! Just kidding.
>>I guess my only thought is, I have had a hacked Web Site (Chinese hackers,
>>by tracing back logs and IP numbers), and had a virus attack, that the ISP
>>said that I was sending out Viruses. If I received a note/letter/email
>>stating that my firewall was WIDE OPEN, I would first close it, and second,
>>thank whomever told me.
>>
>>It is hard for me to believe that someone shouldn't do anything....I think
>>we are all "CLOSET HACKER". I would bet everyone on this list has used an
>>IP discovery tool. So, I will let the FOOL go down into the abyss of hacker
>>hell!!!

>
>
> At one time or another, before being information of it being against the
> TOS for my ISP at the time (not the current one), I use to look/help
> people that were exposed. When I use to get probed from SQL servers I
> would open a session with them and send a NET SEND to their entire LAN
> from the SQL Server telling everyone that the SQL server was fully
> exposed (without a password) to the internet. In all that time, I never
> saw one SQL server fixed or one computer fixed.
>
> People that are exposed just don't get it, they don't really care, and
> if they did care they would already have learned something about it.
>
> What would be great is if the ISP's blocked ports 135~139 and 445
> internally as well as externally, then we would have a lot less problems
> with Windows based systems.
>
>

AMEN

Winged
 
Reply With Quote
 
donnie
Guest
Posts: n/a
 
      12-14-2004
On 13 Dec 2004 21:26:21 EST, winged <(E-Mail Removed)> wrote:

>> What would be great is if the ISP's blocked ports 135~139 and 445
>> internally as well as externally, then we would have a lot less problems
>> with Windows based systems.
>>
>>

>AMEN
>
>Winged

######################
ISPs can't block those ports. There are people who want to share files
and they have the right to do that. Passwds are free, let them pick
one. That could be part of the TOS.
donnie.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Notifying a user on demand Nick ASP .Net 2 07-09-2008 03:32 AM
Notifying user of running process? (Pete Cresswell) HTML 5 10-24-2004 12:42 AM
Re: Notifying clients in asp.net Eliyahu Goldin ASP .Net 0 08-04-2004 01:50 PM
MSCE 2000 And notifying microsfot. Jonathan Lackey MCSE 14 02-28-2004 11:18 AM
Prometric closed my test center without notifying me Tommy MCSE 0 10-22-2003 02:18 AM



Advertisments