On Fri, 02 Jun 2006 00:34:35 EDT, Simon Smith said: > who ran nessus against you but never penetrated your systems. From > expereince, the FBI only takes interest in crimes that cause roughly > $50,000.00 in damage or more. If you are below that mark or if they are > too busy... you won't get jack unless you pay for it. Note however that there is case-law precedent in the US where the costs of investigation and clean-up can be counted toward the $5,000 requirement in 18 USC 1030(a)5(B)(i). The big gotchas there are the phrases "would have caused" and "aggregated". http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html What's this mean? It means that if you scan some lame-ass system and it crashes as a result, you might be in deep shit. And "it shouldn't have crashed from a portscan" does *not* hold up in court.
Attachment:
pgp2qgD05UgWp.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/