Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re[2]: Re[2]: [suse-security] Excotic Firewall Police
- From: Ralf Koch <info@xxxxxxxxxx>
- Date: Mon, 26 Nov 2001 14:30:22 +0100
- Message-id: <PM-DB.20011126143022.CA6DA.5.1D@xxxxxxxxxxxxx>
Sorry, Mike, but that's way over my head.
I'm not very firm in laws, regulations etc. As most people (hopefully),
I'm pro for getting real hackers into prison etc, bladibla.
But I can't believe that there will be a law - whenever - to "face i.e.
CodeRed/Nimda victims with prison sentences". Try to realize what this
means: If you're not fast enough to close a security gap, you might get
imprisoned because a hacker uses your system to attack other systems.
That's "kill the courier for the message he carries". Are you sure, your
system is absolutely secure and nobody will ever use it - w/o your
knowledge of course - to attack others? If not, you should immediately
disconnect it from the web to not become prosecuted.....
Please differentiate hackers from men in the middle!
Cheers,
Ralf
>Hi Ralf,
>
>first it is not so easy to get the e-mail address of a dialup or even
>ADSL/cable user (at best I can contact his provider), it takes a lot
>of work for a technican while a complaint can be done by one of the
>secretaries.
>
>While it is correct, that currently the police will not care, the
>anti-hacking proposal of the EU Commission implies that "illegal
>access will be considered a serious attack against informationsystems
>even if the access was unintentional", so - if the current timeline
>(implemention into local lawsystem of EU member nations until 2003)
>is correct - the CodeRed/Nimda "victims" are faced with a minimum
>highest prison sentence of 4 years (see "http://cryptome.org/eu-
>antihack.htm"). The cybercrime act includes a cooperation agreement
>of all participating countires, including the US.
>
>So even if they do not care today, they will have to care in 2003,
>and we can show them how much work that means.
>
>mike
>
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>
I'm not very firm in laws, regulations etc. As most people (hopefully),
I'm pro for getting real hackers into prison etc, bladibla.
But I can't believe that there will be a law - whenever - to "face i.e.
CodeRed/Nimda victims with prison sentences". Try to realize what this
means: If you're not fast enough to close a security gap, you might get
imprisoned because a hacker uses your system to attack other systems.
That's "kill the courier for the message he carries". Are you sure, your
system is absolutely secure and nobody will ever use it - w/o your
knowledge of course - to attack others? If not, you should immediately
disconnect it from the web to not become prosecuted.....
Please differentiate hackers from men in the middle!
Cheers,
Ralf
>Hi Ralf,
>
>first it is not so easy to get the e-mail address of a dialup or even
>ADSL/cable user (at best I can contact his provider), it takes a lot
>of work for a technican while a complaint can be done by one of the
>secretaries.
>
>While it is correct, that currently the police will not care, the
>anti-hacking proposal of the EU Commission implies that "illegal
>access will be considered a serious attack against informationsystems
>even if the access was unintentional", so - if the current timeline
>(implemention into local lawsystem of EU member nations until 2003)
>is correct - the CodeRed/Nimda "victims" are faced with a minimum
>highest prison sentence of 4 years (see "http://cryptome.org/eu-
>antihack.htm"). The cybercrime act includes a cooperation agreement
>of all participating countires, including the US.
>
>So even if they do not care today, they will have to care in 2003,
>and we can show them how much work that means.
>
>mike
>
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>
| < Previous | Next > |