[Gllug] OT Stupid legal stuff was Insecure practices at my IS P

James Bailey James.Bailey at osm.co.uk
Fri Apr 4 12:15:35 UTC 2003 


> -----Original Message-----
> From: David Pashley [mailto:david at parguild.co.uk]
> Sent: Friday, April 04, 2003 12:42 PM
> To: gllug at linux.co.uk
> Subject: Re: [Gllug] Insecure practices at my ISP
> 
> 
> On Apr 04, 2003 at 11:03, James Bailey praised the llamas by saying:
> > 
> > 
> > > 
> > > 
> > > >> On 4 Apr 2003 10:19:37, David Pashley 
> <david at parguild.co.uk> said:
> > > 
> > >    >> If he has not actually accessed areas of the system 
> he is not
> > >    >> authorised to access there has been no offence.
> > > 
> > >    > <http://www.ddplus.co.uk/DDPlus_Website/News_Community/
> > >    > Easynet_Story/Easynet_dont_shoot_the_messenger.htm>
> > > 
> > > Not analogous at all.  In the article, "Certainly, he 
> strayed into an
> > > account (or accounts) other than his own, but wouldn't 
> anyone with a
> > > healthy sense of curiosity be tempted to do exactly the 
> same?". Well,
> > > no, not anyone who wants to stay out of prison..
> > > 
> > > Notifying your ISP that the version of {sendmail, bind, 
> mysql} that
> > > they're running is insecure and exploitable *without* 
> getting a root
> > > shell from it yourself can never be against the Computer 
> Misuse Act,
> > > which classifies against unauthorised access and modification, as 
> > > Jason said.
> > > 
> > Surely if the ISP has set 755 permission on a directory 
> they are saying the
> > owner can read, write and execute this file and group and 
> other can read and
> > execute.  If they have got this wrong then they should own 
> up and fix the
> > problem not attack the person who quite rightly explored 
> the limits of his
> > account and when feeling that some of the areas he was 
> allowed into should
> > in fact be closed off to him and others advises them of this fact.
> >
> Entering a property through an open door or window does not stop it
> being theft. 
> 
> Section 1:
> 
>  1.-(1) A person is guilty of an offence if-
>  (a) he causes a computer to perform any function with intent 
> to secure
>      access to any program or data held in any computer;
>  
>  (b) the access he intends to secure is unauthorised; and
>  
>  (c) he knows at the time when he causes the computer to perform the
>      function that that is the case.
> 
> (2) The intent a person has to have to commit an offence under this
>     section need not be directed at-
>  (a) any particular program or data;
>  
>  (b) a program or data of any particular kind; or
>  
>  (c) a program or data held in any particular computer.
> 
> (3) A person guilty of an offence under this section shall be 
> liable on
>     summary conviction to imprisonment for a term not 
> exceeding six months
>     or to a fine not exceeding level 5 on the standard scale 
> or to both.
> 
> http://www.legislation.hmso.gov.uk/acts/acts1990/Ukpga_1990001
8_en_2.htm#mdiv1

If he views any data which he knows is unauthorised, he is guilty of an
offense unders section 1 of the Computer Misuse Act (1990). The ISP
could argue that viewing anything other than his files has not be
authorised. Esp if you assume everything is unauthorised unless
permitted.

It is because of puerile idiocy like this and the witless cretins that abuse
it, that I stopped obeying the law and started learning to do the right
thing.

This is going off topic at least for me this is about bad IT laws not
anything particularly Linux.  The law regarding connecting to wireless nodes
is equally stupid and I am bored with that too.

Peace Jim

"Before the white man gave us a history, we had the truth"
-- some Redskin on a reservation.

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list