[1933] in linux-security and linux-alert archive
[linux-security] Re: WARNING: Break-in attempts
daemon@ATHENA.MIT.EDU (Jon Lewis)
Tue Jun 23 03:24:34 1998
Date: Mon, 22 Jun 1998 19:35:48 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: "Paul D. Robertson" <proberts@clark.net>
cc: Rogier Wolff <R.E.Wolff@BitWizard.nl>,
Shaun Hedges <shedges@shaw.wave.ca>, linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.91.980622073952.25279C-100000@gargoyle>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Mon, 22 Jun 1998, Paul D. Robertson wrote:
> Stretch in logic, yes, stretch in the Oregon statute? Please read it and
> draw your own conclusions. Both the 1993 aned 1995 revisions are
> available at the lightlink site. The gist is that if there is intent to
> access without authorization then it's illegal.
This "authorization" issue is far too vague. If I send a broadcast icmp
echo request into some remote network because I'm scanning the net to make
a list of possible smurf amp networks, is that unauthorized access? If
they don't want me sending icmp echo requests, they should filter them. If
I run my copy of Word for Windows under WABI, is that unauthorized use of
a licensed program? Word was certainly not intended to be used under
other operating systems. If I run Crack on a system that I maintain, but
my employer didn't specifically tell me to, is that unauthorized access?
> > Has anyone seriously looked into challenging the constitutionality of
> > Oregon's computer crimes law?
>
> Exactly which part of the US Consitution do you think is being violated?
Ok...bad choice of words. The law is stupid...but the constitution
doesn't doesn't forbid stupid laws. I had a quick rereading of the
ammendments and a bit of the articles, and did find one interesting part
in article 1, section 10.
No state shall enter into any treaty, alliance, or confederation; grant
letters of marque and reprisal; coin money; emit bills of credit; make
anything but gold and silver coin a tender in payment of debts; pass any
bill of attainder, ex post facto law, or law impairing the obligation of
contracts, or grant any title of nobility.
I don't have any law degrees, but you might be able to argue that such a
vague law makes working on a network (especially in an administrative
position) impossible, impairing the obligation of your employment
contract. Maybe that's a huge stretch.
> (4) Any person who knowingly and without authorization uses,
> accesses or attempts to access any computer, computer system,
> computer network, or any computer software, program,
> documentation or data contained in such computer, computer
> system or computer network, commits computer crime.
This part is just too vague. Is it a crime to ping a system in Oregon?
Nobody's given me authorization to do so. The silver lining though is
that this makes it pretty clearly a crime to relay spam through computers
located in Oregon.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or
Network Administrator | drawn and quartered...whichever
Florida Digital Turnpike | is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null