> =A0- The act of hacking alone does not imply criminal intent. For example=
,
> a person who enjoys hacking for sport, might break into a system, and
> then send off an e-mail to the administrator letting them know they
> found a vulnerability.
I would be real real careful about this, but IANAL.
It would be one thing if you perhaps innocently stumbled into some
security blunder, backed out immediately, got witness and a logfile
trail, and sent an email-with-apology to an administrator. But in
today's sue-happy society, you might still find yourself in trouble.
The assumption would be, until you proved your own innocence, that you
did not simply "stumble" into this massive security blunder.
Maybe you happen to notice that someone's website is running an out of
date version of PHP and is wide-open to a code injection attack. You
do the nice white-hat thing and tell someone about it. The next day,
they're subjected to that exact same attack and it brings their
business to a standstill while all their web traffic is redirected to
some Russian kiddie-porn website. I think it is fair to expect that
someone is going to UNFAIRLY assume you're connected to this nefarious
behavior.
> =A0- Stiff legal penalties discourage beneficial hacking.
There is no "Good Samaritan" law that I am aware of that applies to
[h/cr]acking. I'd love to assume that "common sense" would rule the
day, but we saw how well that worked out for that network admin from
San Francisco.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Aug 31 13:00:45 2010
This archive was generated by hypermail 2.1.8 : Tue Aug 31 2010 - 13:00:46 AKDT