Sorry, Mike, but that's way over my head. I'm not very firm in laws, regulations etc. As most people (hopefully), I'm pro for getting real hackers into prison etc, bladibla. But I can't believe that there will be a law - whenever - to "face i.e. CodeRed/Nimda victims with prison sentences". Try to realize what this means: If you're not fast enough to close a security gap, you might get imprisoned because a hacker uses your system to attack other systems. That's "kill the courier for the message he carries". Are you sure, your system is absolutely secure and nobody will ever use it - w/o your knowledge of course - to attack others? If not, you should immediately disconnect it from the web to not become prosecuted..... Please differentiate hackers from men in the middle! Cheers, Ralf
Hi Ralf,
first it is not so easy to get the e-mail address of a dialup or even ADSL/cable user (at best I can contact his provider), it takes a lot of work for a technican while a complaint can be done by one of the secretaries.
While it is correct, that currently the police will not care, the anti-hacking proposal of the EU Commission implies that "illegal access will be considered a serious attack against informationsystems even if the access was unintentional", so - if the current timeline (implemention into local lawsystem of EU member nations until 2003) is correct - the CodeRed/Nimda "victims" are faced with a minimum highest prison sentence of 4 years (see "http://cryptome.org/eu- antihack.htm"). The cybercrime act includes a cooperation agreement of all participating countires, including the US.
So even if they do not care today, they will have to care in 2003, and we can show them how much work that means.
mike
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com