[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Congratulations Andrew
- To: T Biehn <tbiehn@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Congratulations Andrew
- From: "Thor (Hammer of God)" <Thor@xxxxxxxxxxxxxxx>
- Date: Wed, 16 Jun 2010 20:09:53 +0000
"Acceptable use" and "reasonable and customary" clauses, plus a host of other
legal associations.
I'm not disputing the *logic* behind what you are saying - I would have to say
that I of all people think that if you have a search box, that it is perfectly
"legal" for me to type 'or 1=1-into it without fear of some whimpering jackass
calling the cops on you-- I'm just noting that there is *no law* that
explicitly grants you legal right to data simply because it is not otherwise
protected.
It was your use of "legal right" that I was disputing. The unfortunate truth
is that we live in a world where the owner of the asset, even if they can't
properly deploy or secure a site, is the one who gets to determine what access
was being granted, and what access exceeds their intended usage.
Sorry if my "complete horse hockey" response was a bit strong :)
t
From: T Biehn [mailto:tbiehn@xxxxxxxxx]
Sent: Wednesday, June 16, 2010 12:59 PM
To: Thor (Hammer of God)
Cc: wilder_jeff Wilder; full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Congratulations Andrew
So what grants you legal access to aol.com<http://aol.com> (HTTP port 80 get /
)?
I'm confused? Does search engine indexing grant legal access to online
resources?
-Travis
On Wed, Jun 16, 2010 at 3:34 PM, Thor (Hammer of God)
<Thor@xxxxxxxxxxxxxxx<mailto:Thor@xxxxxxxxxxxxxxx>> wrote:
By the same logic, then yes you would. Which is why the statement "if a system
has no password, then you have a legal right to whatever data is on it" is
complete horse hockey.
Don't take technical advice from your lawyer, and don't take legal advice from
people on security lists.
t
From:
full-disclosure-bounces@xxxxxxxxxxxxxxxxx<mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx>
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx<mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx>]
On Behalf Of wilder_jeff Wilder
Sent: Wednesday, June 16, 2010 11:56 AM
To: full-disclosure@xxxxxxxxxxxxxxxxx<mailto:full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Congratulations Andrew
By that same standard.. if you leave your house unlocked.... does that give
someone the right to enter it?
just my thoughts
________________________________
Date: Wed, 16 Jun 2010 19:58:27 +0200
From: uuf6429@xxxxxxxxx<mailto:uuf6429@xxxxxxxxx>
To: tbiehn@xxxxxxxxx<mailto:tbiehn@xxxxxxxxx>
CC:
full-disclosure@xxxxxxxxxxxxxxxxx<mailto:full-disclosure@xxxxxxxxxxxxxxxxx>;
Valdis.Kletnieks@xxxxxx<mailto:Valdis.Kletnieks@xxxxxx>
Subject: Re: [Full-disclosure] Congratulations Andrew
Reminds be of Al Capone and tax evasion ;-)
Good ol' America.
On Wed, Jun 16, 2010 at 7:49 PM, T Biehn
<tbiehn@xxxxxxxxx<mailto:tbiehn@xxxxxxxxx>> wrote:
Yes.
The FBI was investigating the AT&T incident, presumably the AT&T incident was
what the fed were serving against.
What possible valid search warrant could be executed? There was no hack,
breach, illegal access of data, or anything else for that matter.
If you leave a system online with no password which allows you to scrape
content you have a legal right to scrape that content.
-Travis
On Wed, Jun 16, 2010 at 11:10 AM,
<Valdis.Kletnieks@xxxxxx<mailto:Valdis.Kletnieks@xxxxxx>> wrote:
On Wed, 16 Jun 2010 10:09:22 EDT, T Biehn said:
> I doubt the search warrant will hold up in court.
Do you have any actual basis for saying that? Sure, the warrant might be
bullshit, it might be solid - the article doesn't give us enough info either
way to tell.
"Auernheimer was also arrested in March for giving a false name to law
enforcement officers responding to a parking complaint."
Sad. The dude may have the intelligence to pull the hack, but not have the
wisdom to not dig a hole deeper. Just man up and take the frikking parking
ticket. ;)
--
FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox. Get
started.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/