[1933] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: WARNING: Break-in attempts

daemon@ATHENA.MIT.EDU (Jon Lewis)
Tue Jun 23 03:24:34 1998

Date: Mon, 22 Jun 1998 19:35:48 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: "Paul D. Robertson" <proberts@clark.net>
cc: Rogier Wolff <R.E.Wolff@BitWizard.nl>,
  Shaun Hedges <shedges@shaw.wave.ca>, linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.91.980622073952.25279C-100000@gargoyle>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On Mon, 22 Jun 1998, Paul D. Robertson wrote:

> Stretch in logic, yes, stretch in the Oregon statute?  Please read it and 
> draw your own conclusions.  Both the 1993 aned 1995 revisions are 
> available at the lightlink site.  The gist is that if there is intent to 
> access without authorization then it's illegal.

This "authorization" issue is far too vague.  If I send a broadcast icmp
echo request into some remote network because I'm scanning the net to make
a list of possible smurf amp networks, is that unauthorized access?  If
they don't want me sending icmp echo requests, they should filter them. If
I run my copy of Word for Windows under WABI, is that unauthorized use of
a licensed program?  Word was certainly not intended to be used under
other operating systems.  If I run Crack on a system that I maintain, but
my employer didn't specifically tell me to, is that unauthorized access?

> > Has anyone seriously looked into challenging the constitutionality of
> > Oregon's computer crimes law?
> 
> Exactly which part of the US Consitution do you think is being violated?  

Ok...bad choice of words.  The law is stupid...but the constitution
doesn't doesn't forbid stupid laws.  I had a quick rereading of the
ammendments and a bit of the articles, and did find one interesting part
in article 1, section 10.

No state shall enter into any treaty, alliance, or confederation; grant
letters of marque and reprisal; coin money; emit bills of credit; make
anything but gold and silver coin a tender in payment of debts; pass any
bill of attainder, ex post facto law, or law impairing the obligation of
contracts, or grant any title of nobility.

I don't have any law degrees, but you might be able to argue that such a
vague law makes working on a network (especially in an administrative
position) impossible, impairing the obligation of your employment
contract.  Maybe that's a huge stretch.

> (4) Any person who knowingly and without authorization uses,
>     accesses or attempts to access any computer, computer system,
>     computer network, or any computer software, program,
>     documentation or data contained in such computer, computer
>     system or computer network, commits computer crime.

This part is just too vague.  Is it a crime to ping a system in Oregon? 
Nobody's given me authorization to do so.  The silver lining though is
that this makes it pretty clearly a crime to relay spam through computers
located in Oregon. 

------------------------------------------------------------------
 Jon Lewis <jlewis@fdt.net>  |  Spammers will be winnuked or 
 Network Administrator       |  drawn and quartered...whichever
 Florida Digital Turnpike    |  is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post