[870] in Intrusion Detection Systems
Re: Update on mail bombing threats--not so funny
daemon@ATHENA.MIT.EDU (David Kennedy)
Sun Jan 26 05:05:58 1997
Date: 23 Jan 97 13:13:08 EST
From: David Kennedy <76702.3557@compuserve.com>
To: Max Vision <vision@gryphon.com>, Intrusion Detection Syst <ids@uow.edu.au>
Reply-To: ids@uow.edu.au
>Uhm, read the USCS 1029 and 1030. They have to do with illicit
>access devices, applicable to passwords, credit card numbers,
>etc. Sending someone email has _nothing_ to do with access
>device fraud. Read. Think. flaming people who talk about law
>but are basically clueless, Max
1. I don't believe I flamed anyone. I have that skill, but would like to
think, seldom used. And IDS is among the *best* of all the lists I read for
content quality and flame retarding properties (pat on back, Mod).
2. 18 USC 1029 was not mentioned because it does not apply to the original
incident description. You are correct IRT access device and this citation, but
access device misuse was never an issue.
3. What *is* an issue is denial of service which in my experienced opinion is
included in 18USC1030 especially with the 1994 and 1996 amendments. The
original incident description indicated to me a deliberate effort to attack the
victim for their refusal to carry a particular web page/site. The attack
consumed considerable resources of the company to react to the attack and denied
service to both users and customers. While not addressed in the original Public
Law, the 1994 amendments broadened the law and specifically included language to
address DoS attacks (and some pretty poor wording on viruses but that's
off-topic and has been changed now anyway). The Economic Espionage Act from
last year changed the wording and paragraph ordering of the law and AFAIK has
not yet been published as codified law (I checked on two net archives for the
USC two weeks ago, but have not checked Lexis or Westlaw which will probably
have it first). You can pull a copy of last year's Act from Thomas and then do
a cut and paste with your favorite text processor.
___________________
Dave Kennedy CISSP
Protect what you connect
Look both ways before crossing the Net
National Computer Security Assoc
76702.3557@compuserve.com
