Re: Perl Co-inventor Convicted

• Subject: Re: Perl Co-inventor Convicted
• From: jeffrey@best.com (Jeffrey Kegler)
• Date: 1 Sep 1995 11:57:11 -0700
• Newsgroups: comp.security.unix, comp.security.misc, misc.legal.computing
• Organization: Best Internet Communications, Inc. (info@best.com)
• References: <NEWTNews.808669857.3579.lsantist@lsantist.dfrc.nasa.gov> <950831155623.11223AABkn.wendy@ln1p1570nwk> <427bec$2t7@hubcap.clemson.edu> <DE8n9H.AM0@uns.bris.ac.uk>
• Xref: uuneo.neosoft.com comp.security.unix:19336 comp.security.misc:20681 misc.legal.computing:16761

In article <DE8n9H.AM0@uns.bris.ac.uk>, Paul Smee <P.Smee@bristol.ac.uk> wrote:
>And, most things you do for your boss don't (or shouldn't) look like
>illegal activities - unless you've got a seriously weird job.

By this definition, Internet security is necessarily a "seriously
wierd job".  This is a serious problem for our profession in the
Oregon v. Schwartz case.  The only safe way to be sure you are
legal is to avoid any appearance of illegality.  And the only way
to do that is to avoid doing security audits, that is, to not do
one's job.

In particular, if you are a sysadmin and you do a security check,
the risk is now that someone finds that you are doing it and screams,
"Oh my god, our sysadmin has turned hacker!".  Intent forms no part
of the law, so you are guilty even if you prove that you had no
criminal or malicious intent.  In Randal's case the prosecution
presented no evidence of malicious intent in court, I am told.

This case should be very encouraging to the real criminals.
It means a lot fewer people will be trying to find or even
stop them.

To help make the point that a hacker and a diligent sysadmin look
exactly the same doing their work, look in the index for Cheswick
& Bellovin's _Firewalls and Internet Security_ book under "hacking
tools".  The entry consist solely of a cross-reference to "auditing,
tools".

The only way one can start to distinguish hackers on the payroll
from legitimate security guys is by whether they attempt to disguise
their efforts.  Randal made no effort to disguise what he was doing.
He didn't hide crack from ps, and he ran it under his own account.
But he got convicted of 3 felonies, anyway.

If you are serious about Internet security, this case is of concern
to you.

Jeffrey Kegler, President, Algorists, Inc.
743 East El Camino Real, #338, Sunnyvale CA 94087, jeffrey@best.com
-- 

Jeffrey Kegler, President, Algorists, Inc.
743 East El Camino Real, #338, Sunnyvale CA 94087, jeffrey@best.com

• Re: Perl Co-inventor Convicted
• From: markm@bogart.cse.ogi.edu (Mark Morrissey)
• Re: Perl Co-inventor Convicted
• From: ccpes@sun.cse.bris.ac.uk (Paul Smee)
• Re: Perl Co-inventor Convicted
• From: jfh@austin.ibm.com (John F. Haugh II)

• Re: Perl Co-inventor Convicted
• From: lsantist@lsantist.dfrc.nasa.gov
• Re: Perl Co-inventor Convicted
• From: wendy
• Re: Perl Co-inventor Convicted
• From: sspoon@hubcap.clemson.edu (Lex Spoon)
• Re: Perl Co-inventor Convicted
• From: ccpes@sun.cse.bris.ac.uk (Paul Smee)

• Prev: Re: Perl Co-inventor Convicted
• Next: Re: Perl Co-inventor Convicted
• Index: Mail Index
• Thread: Mail Thread Index