Honeypots Illegal? - Security

This is a discussion on Honeypots Illegal? - Security ; On Thu, 06 Dec 2007 13:31:18 -0500, Douglas O'Neal wrote: > Make it a bit more specific. You have a picture on your wall. I look at > your picture without your permission. Have I then stolen your picture? > ...

+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast
Results 21 to 40 of 77

Thread: Honeypots Illegal?

  1. Re: Honeypots Illegal?

    On Thu, 06 Dec 2007 13:31:18 -0500, Douglas O'Neal wrote:

    > Make it a bit more specific. You have a picture on your wall. I look at
    > your picture without your permission. Have I then stolen your picture?
    > If not, what is the difference between using your computer with only
    > trivial traces of that use left and using the picture as was intended?
    > What exactly has been "stolen" in either case?


    this is interesting...I'm thinking...even though we've gotten a bit away
    from the legality of honeypots...which I employ...and enjoy...but
    accessing a publicly accessible computer is definitively different from
    passively observing a picture on a wall, is it not? the law is fairly
    clear about unauthorised access -at least here in Canada.


  2. Re: Honeypots Illegal?

    On Thu, 06 Dec 2007 17:58:36 +0000, Unruh wrote:

    > "mr.b" writes:
    >
    >>On Thu, 06 Dec 2007 01:32:10 +0000, Unruh wrote:

    >
    >>> "mr.b" writes:
    >>>
    >>>>On Wed, 05 Dec 2007 03:03:48 +0000, Unruh wrote:
    >>>
    >>>>> "s. keeling" writes:
    >>>>>
    >>>>>>Randy Yates :
    >>>>>>> I sure hope things have changed in the last four years:
    >>>>>>>
    >>>>>>> http://www.securityfocus.com/news/4004
    >>>>>>>
    >>>>>>> Is this still illegal? What a load of crap.
    >>>>>
    >>>>>>You log onto my client's computers and you're warned with a banner
    >>>>>>that it's private property, your actions may be monitored and
    >>>>>>captured, and anything done on the machine may become public
    >>>>>>knowledge, as in used as evidence in court. If you continue and
    >>>>>>you're not authorized to do so, you're trespassing and are yourself
    >>>>>>guilty of theft of communications.
    >>>>>
    >>>>> It is NOT trespassing and it is NOT theft of communications, since
    >>>>> they are not a real property that could be stolen.
    >>>
    >>>>IYHO, but I disagree IMHO. Who owns the hardware? Who pays for the
    >>>>connection? If you sit down at the wheel of my Jag parked on the
    >>>>street, and decide to take it for a ride without my permission, have
    >>>>you not stolen it?
    >>>
    >>>
    >>> Get out your lawbooks or the laws of your country and read the
    >>> definition of trespassing and of theft. You are using analogies which
    >>> are usually dangerous.
    >>> What the hell has sitting in Jag got to do with doing anything on a
    >>> computer. Unless you are asking about someone coming into your house,
    >>> taking the cover off your computer and sitting in it, your analogy is
    >>> inappropriate and irrelevant.

    >
    >>hmmm...I guess I'll have to simplify this for you. I have a thing and it
    >>is mine, not yours. You help yourself to my thing without my permission.

    >
    > Problem 1. You do not have a "thing". A "thing" is tangible property- it
    > can be touched, lifted.


    Interpretation on your part I think. If you access my vaporous web
    presence in Canada, without my permission, it's a Criminal Code offense.
    There must be a rationale for this codifying of the "intangible" as you
    see it

    >>You have stolen my thing. It doesn't matter what the thing is.

    Mine=not
    >
    > I have not stolen your "thing" since there was no thing to steal. s in
    > copyright, a "thing" has the property that one and only one person can
    > possess it at a time. It has premanance in time and uniqueness in space.


    See above

    >>yours. Law regarding unauthorised access to computers is just about as
    >>clear, and as simple. My analogy was both relevant and appropriate,
    >>your not so humble opinion notwithstanding. Your interpretation of real
    >>property etc. appeared to me as little more than semantic dithering. Are
    >>you a lawyer by any chance?

    >
    > Why? YOu think that a lawyer talking about the law would be a bad thing,
    > would get in the way or your attempt to generalise the concept of theft
    > out of all recognition? No I am not. I do however attempt to use
    > language precisely and recognize that analogy is not identity. One of
    > the key aspects of law is its attempt at both precision and generality.
    > This is to ensure that a person actually can recognize when he is
    > breaking a law. If any analogy dreamt up by a prosecutor is valid, then
    > all actions are illegal, since an analogy can be found ( sometimes far
    > fetched) to link any activity with any law.


    The last half I agree with, the first half no. I ask not to invalidate
    the opinion of a trained lawyer but to clarify your potential for having
    personal practical knowledge...which wouldn't of course exclude the
    possiblity that some lawyers make their bread by dithering semantically ;-)

  3. Re: Honeypots Illegal?

    On Thu, 06 Dec 2007 17:47:24 +0000, Magnate wrote:

    > Um ... well ... no. Your argument presumes an agreed definition of
    > "thing", which is incorrect.


    and this is why I personally think Shakespeare was correct ;-)

    > For physical items (like, say, cars) your
    > logic is correct. For something as tricky to define as access to a
    > computer, it's not. This is the conundrum at the centre of the IP debate:


    in Canada the debate is moot and the rules clearly defined

    > theft is depriving someone else of something, not simply helping
    > yourself to it.


    but this is the point, helping yourself to something that is not yours
    implies an impropriety, and here in the Great White North that's a big
    no-no...Federal...Criminal Code...

    > If I hack into your PC, I have not deprived you of
    > anything, therefore I have not commited theft. I may commit all sorts of
    > other evil and malicious illegal acts, but theft is not among them.


    in American terms, cracking my box has deprived me of the right I have to
    the peaceful enjoyment of the box/service that I have paid for, for the
    legal purposes intended...sounds like a tort to me

  4. Re: Honeypots Illegal?

    "mr.b" writes:

    >On Thu, 06 Dec 2007 13:31:18 -0500, Douglas O'Neal wrote:


    >> Make it a bit more specific. You have a picture on your wall. I look at
    >> your picture without your permission. Have I then stolen your picture?
    >> If not, what is the difference between using your computer with only
    >> trivial traces of that use left and using the picture as was intended?
    >> What exactly has been "stolen" in either case?


    >this is interesting...I'm thinking...even though we've gotten a bit away
    >from the legality of honeypots...which I employ...and enjoy...but
    >accessing a publicly accessible computer is definitively different from
    >passively observing a picture on a wall, is it not? the law is fairly
    >clear about unauthorised access -at least here in Canada.


    Well, yes, the Canadian Law is clear. And it is clear that anyone operating
    any computer is violating Canadian law. Read the Mischief to Data act which
    is part of the Canadian Criminal Code. Anyone altering data is guilty of a
    crime, and there is no excuse for colour of right or any other defences.
    Since noone can run a computer without altering data, (as I am doing now in
    typing this onto my compter screen)
    it is clear that we are all criminals under Canadian law. They seem to
    have the attitude that everything should be illegal and leaving it up to
    the courts to only prosecute those who really deserve it.

    (The unauthorized access law at least has a defense of the colour of right,
    but the Mischief to Data act has not). And the police and prosecutors have
    charged people for altering their own data.


  5. Re: Honeypots Illegal?

    "mr.b" writes:

    >On Thu, 06 Dec 2007 17:58:36 +0000, Unruh wrote:


    >> "mr.b" writes:
    >>
    >>>On Thu, 06 Dec 2007 01:32:10 +0000, Unruh wrote:

    >>
    >>>> "mr.b" writes:
    >>>>
    >>>>>On Wed, 05 Dec 2007 03:03:48 +0000, Unruh wrote:
    >>>>
    >>>>>> "s. keeling" writes:
    >>>>>>
    >>>>>>>Randy Yates :
    >>>>>>>> I sure hope things have changed in the last four years:
    >>>>>>>>
    >>>>>>>> http://www.securityfocus.com/news/4004
    >>>>>>>>
    >>>>>>>> Is this still illegal? What a load of crap.
    >>>>>>
    >>>>>>>You log onto my client's computers and you're warned with a banner
    >>>>>>>that it's private property, your actions may be monitored and
    >>>>>>>captured, and anything done on the machine may become public
    >>>>>>>knowledge, as in used as evidence in court. If you continue and
    >>>>>>>you're not authorized to do so, you're trespassing and are yourself
    >>>>>>>guilty of theft of communications.
    >>>>>>
    >>>>>> It is NOT trespassing and it is NOT theft of communications, since
    >>>>>> they are not a real property that could be stolen.
    >>>>
    >>>>>IYHO, but I disagree IMHO. Who owns the hardware? Who pays for the
    >>>>>connection? If you sit down at the wheel of my Jag parked on the
    >>>>>street, and decide to take it for a ride without my permission, have
    >>>>>you not stolen it?
    >>>>
    >>>>
    >>>> Get out your lawbooks or the laws of your country and read the
    >>>> definition of trespassing and of theft. You are using analogies which
    >>>> are usually dangerous.
    >>>> What the hell has sitting in Jag got to do with doing anything on a
    >>>> computer. Unless you are asking about someone coming into your house,
    >>>> taking the cover off your computer and sitting in it, your analogy is
    >>>> inappropriate and irrelevant.

    >>
    >>>hmmm...I guess I'll have to simplify this for you. I have a thing and it
    >>>is mine, not yours. You help yourself to my thing without my permission.

    >>
    >> Problem 1. You do not have a "thing". A "thing" is tangible property- it
    >> can be touched, lifted.


    >Interpretation on your part I think. If you access my vaporous web
    >presence in Canada, without my permission, it's a Criminal Code offense.
    >There must be a rationale for this codifying of the "intangible" as you
    >see it


    It may be a Criminal Code offense but the offense is NOT theft.
    Note it is an offense under the Criminal Code of Canada for you to access
    your own vapourous web presence, or at least to alter anything in it.


    >>>You have stolen my thing. It doesn't matter what the thing is.

    >Mine=not
    >>
    >> I have not stolen your "thing" since there was no thing to steal. s in
    >> copyright, a "thing" has the property that one and only one person can
    >> possess it at a time. It has premanance in time and uniqueness in space.


    >See above


    Yes, read the Criminal Code on Theft. And notice that the law you quote
    does not occur under the sections on theft.

    >
    >>>yours. Law regarding unauthorised access to computers is just about as
    >>>clear, and as simple. My analogy was both relevant and appropriate,
    >>>your not so humble opinion notwithstanding. Your interpretation of real
    >>>property etc. appeared to me as little more than semantic dithering. Are
    >>>you a lawyer by any chance?

    >>
    >> Why? YOu think that a lawyer talking about the law would be a bad thing,
    >> would get in the way or your attempt to generalise the concept of theft
    >> out of all recognition? No I am not. I do however attempt to use
    >> language precisely and recognize that analogy is not identity. One of
    >> the key aspects of law is its attempt at both precision and generality.
    >> This is to ensure that a person actually can recognize when he is
    >> breaking a law. If any analogy dreamt up by a prosecutor is valid, then
    >> all actions are illegal, since an analogy can be found ( sometimes far
    >> fetched) to link any activity with any law.


    >The last half I agree with, the first half no. I ask not to invalidate
    >the opinion of a trained lawyer but to clarify your potential for having
    >personal practical knowledge...which wouldn't of course exclude the
    >possiblity that some lawyers make their bread by dithering semantically ;-)



  6. Re: Honeypots Illegal?

    "mr.b" writes:

    >On Thu, 06 Dec 2007 17:47:24 +0000, Magnate wrote:


    >> Um ... well ... no. Your argument presumes an agreed definition of
    >> "thing", which is incorrect.


    >and this is why I personally think Shakespeare was correct ;-)


    >> For physical items (like, say, cars) your
    >> logic is correct. For something as tricky to define as access to a
    >> computer, it's not. This is the conundrum at the centre of the IP debate:


    >in Canada the debate is moot and the rules clearly defined


    >> theft is depriving someone else of something, not simply helping
    >> yourself to it.


    >but this is the point, helping yourself to something that is not yours
    >implies an impropriety, and here in the Great White North that's a big
    >no-no...Federal...Criminal Code...


    >> If I hack into your PC, I have not deprived you of
    >> anything, therefore I have not commited theft. I may commit all sorts of
    >> other evil and malicious illegal acts, but theft is not among them.


    >in American terms, cracking my box has deprived me of the right I have to
    >the peaceful enjoyment of the box/service that I have paid for, for the
    >legal purposes intended...sounds like a tort to me


    So if I walk into Starbucks where you are enjoying your cup of coffee and I
    start talking to you, I have committed a tort and should be thrown in jail, since I have deprived you of the enjoyment of your coffee?

    Depriving of peaceful enjoyment should not in itself be a crime of any
    kind, except in exceptional circumstances.

    (Note that in Canada, under the Crimial Code, if I talk to you while you
    are reading your email, I have committed a criminal code offense, so in
    Canada you are right.)


  7. Re: Honeypots Illegal?

    "Unruh" wrote in message
    news:7d76j.20374$Ji6.2929@edtnps89...
    > "mr.b" writes:
    >
    >>On Thu, 06 Dec 2007 17:47:24 +0000, Magnate wrote:

    >
    >>> Um ... well ... no. Your argument presumes an agreed definition of
    >>> "thing", which is incorrect.

    >
    >>and this is why I personally think Shakespeare was correct ;-)

    >
    >>> For physical items (like, say, cars) your
    >>> logic is correct. For something as tricky to define as access to a
    >>> computer, it's not. This is the conundrum at the centre of the IP
    >>> debate:

    >
    >>in Canada the debate is moot and the rules clearly defined

    >
    >>> theft is depriving someone else of something, not simply helping
    >>> yourself to it.

    >
    >>but this is the point, helping yourself to something that is not yours
    >>implies an impropriety, and here in the Great White North that's a big
    >>no-no...Federal...Criminal Code...

    >
    >>> If I hack into your PC, I have not deprived you of
    >>> anything, therefore I have not commited theft. I may commit all sorts of
    >>> other evil and malicious illegal acts, but theft is not among them.

    >
    >>in American terms, cracking my box has deprived me of the right I have to
    >>the peaceful enjoyment of the box/service that I have paid for, for the
    >>legal purposes intended...sounds like a tort to me

    >
    > So if I walk into Starbucks where you are enjoying your cup of coffee and
    > I
    > start talking to you, I have committed a tort and should be thrown in
    > jail, since I have deprived you of the enjoyment of your coffee?
    >
    > Depriving of peaceful enjoyment should not in itself be a crime of any
    > kind, except in exceptional circumstances.
    >
    > (Note that in Canada, under the Crimial Code, if I talk to you while you
    > are reading your email, I have committed a criminal code offense, so in
    > Canada you are right.)


    Really? WTF is this wacky Canadian law?? I thought Canadians were quite
    progressive about this kind of thing (blank CD levy instead of DMCA etc.)
    .... what happened?

    Goes off to Google for "Canadians pass bizarro tech law" ...

    CC



  8. Re: Honeypots Illegal?

    On Fri, 07 Dec 2007 08:02:14 +0000, Unruh wrote:

    > Well, yes, the Canadian Law is clear. And it is clear that anyone operating
    > any computer is violating Canadian law. Read the Mischief to Data act which
    > is part of the Canadian Criminal Code.


    Good idea, so why didn't you?

    > Anyone altering data is guilty of
    > a crime, and there is no excuse for colour of right or any other
    > defences. Since noone can run a computer without altering data, (as I am
    > doing now in typing this onto my compter screen)


    You are incorrect:

    S 429: (2) No person shall be convicted of an offence under sections 430
    to 446 where he proves that he acted with legal justification or excuse
    and with colour of right.

    Mischief, including Mischief in relation to data, is found in section 430.


    The only way you can be convicted of Mischief in relation to something you
    are the sole owner of, is if you do it with intent to defraud.

    --
    Phoenix

  9. Re: Honeypots Illegal?

    Unruh :
    > "s. keeling" writes:
    > >
    > >legitimate user would see, is just plain wrong. It *has* to be
    > >legal to secure access to your systems, else they're not really
    > >yours. Surveilling/logging *what's hitting on your network* has to
    > >be part of that.

    >
    > The question was NOT whether or not it is legal to secure access to
    > your system. The question was whether or not a so called "honeypot"
    > is legal.


    Why would anyone run a honeypot? I would think for intelligence data
    on the sorts of malicious things that are coming at their network.
    Doing that research is part of securing their network. Of course
    that's legal.

    > Whether recording communication between the cracker and others is
    > legal, whether a cracker going into a system whose whole purpose is
    > to allow, indeed encourage, the cracker to go into it makes the
    > cracker's actions illegal.


    The cracker is not authorised to be there. If he'd bothered to login
    as any legitimate user, he'd be presented with a banner stating his
    actions may be monitored. Ignorance of the law is no excuse, and
    everyone knows what trespassing is.

    That box is not encouraging the cracker to break in. It's just
    passively sitting there waiting. What the cracker makes of that's up
    to him. Honeypots don't initiate attacks on crackers. They're a
    defence against crackers.

    > And just because it is legal to secure your system does not mean
    > that anything you do, which you think secures it, is legal.


    The law is an ass in many ways, but shooting crackers on sight is
    excessive force. On the other hand, documenting their unauthorized
    actions on your systems to defend your systems or to use in a court
    action is not lawless behaviour. It's part of due diligence.


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

  10. Re: Honeypots Illegal?

    "Magnate" writes:

    >"Unruh" wrote in message
    >news:7d76j.20374$Ji6.2929@edtnps89...
    >> "mr.b" writes:
    >>
    >>>On Thu, 06 Dec 2007 17:47:24 +0000, Magnate wrote:

    >>
    >>>> Um ... well ... no. Your argument presumes an agreed definition of
    >>>> "thing", which is incorrect.

    >>
    >>>and this is why I personally think Shakespeare was correct ;-)

    >>
    >>>> For physical items (like, say, cars) your
    >>>> logic is correct. For something as tricky to define as access to a
    >>>> computer, it's not. This is the conundrum at the centre of the IP
    >>>> debate:

    >>
    >>>in Canada the debate is moot and the rules clearly defined

    >>
    >>>> theft is depriving someone else of something, not simply helping
    >>>> yourself to it.

    >>
    >>>but this is the point, helping yourself to something that is not yours
    >>>implies an impropriety, and here in the Great White North that's a big
    >>>no-no...Federal...Criminal Code...

    >>
    >>>> If I hack into your PC, I have not deprived you of
    >>>> anything, therefore I have not commited theft. I may commit all sorts of
    >>>> other evil and malicious illegal acts, but theft is not among them.

    >>
    >>>in American terms, cracking my box has deprived me of the right I have to
    >>>the peaceful enjoyment of the box/service that I have paid for, for the
    >>>legal purposes intended...sounds like a tort to me

    >>
    >> So if I walk into Starbucks where you are enjoying your cup of coffee and
    >> I
    >> start talking to you, I have committed a tort and should be thrown in
    >> jail, since I have deprived you of the enjoyment of your coffee?
    >>
    >> Depriving of peaceful enjoyment should not in itself be a crime of any
    >> kind, except in exceptional circumstances.
    >>
    >> (Note that in Canada, under the Crimial Code, if I talk to you while you
    >> are reading your email, I have committed a criminal code offense, so in
    >> Canada you are right.)


    >Really? WTF is this wacky Canadian law?? I thought Canadians were quite
    >progressive about this kind of thing (blank CD levy instead of DMCA etc.)
    >... what happened?


    >Goes off to Google for "Canadians pass bizarro tech law" ...


    >CC



    Canadian Criminal Code. Mischief to Data.

    The key problem is that there is no defence stated in the act of colour of
    right. It is also an overly broad law ( which Canadians like passing--
    leaving it up to the courts to sort out those that really deserve
    punishment, from those criminals who are just inadvertant criminals).


  11. Re: Honeypots Illegal?

    Unruh :
    > "Dave {Reply Address in.Sig}" writes:
    > >
    > >as computers go, there's theft of electricity, because making a computer do
    > >something potentially causes it to use more power than if it had been left
    > >idle.

    >
    > There is a maxim of law that the law does not concern itself with triffles.


    Glad to hear it.

    > equally idiotic to prosecute for that theft of electricity ( which is less
    > than the electricity used if I walk past your house and cause the IR
    > detector on your lights to switch on your ourside lights-- should I be
    > prosecuted for that?)


    You appear to have a problem here understanding Human Action. If you
    install an IR detector on your lights and it's set off by a leaf
    blowing by, who are you going to sue? Why should you sue? You
    installed the thing. If you wanted it to only go off when your
    actions set it off, you should have bought a better detector. I am
    not doing anything wrong by walking down a public sidewalk which your
    detector is monitoring. You told that detector to waste that
    electricity, not me.


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

  12. Re: Honeypots Illegal?

    Daniel James :
    >
    > If a would-be cracker visits my honeypot and my honeypot records his
    > activities while there it is NOT "intercepting" communications, as the
    > cracker has chosen to send packets to the honeypot and it is the
    > honeypot that is handling those packets (albeit not in the way the
    > cracker expected -- but the honeypot has made no representation as to
    > what will be done with them, and so is entitled to do as I please with
    > them).
    >
    > However, a /firewall/ intercepts packets addressed to another machine
    > and take actions such as logging them and/or refusing to handle them.
    > If that's not interception I don't know what is. Are firewalls illegal?


    "A firewall intercepts packets addressed to another machine ..." Is
    that other machine yours too? If so, it's routing, not interception.
    Should smtp relays be made illegal?

    If it's not your machine, why are you intercepting them?


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

  13. Re: Honeypots Illegal?

    On Fri, 07 Dec 2007 08:09:39 +0000, Unruh wrote:

    > "mr.b" writes:
    >
    >>On Thu, 06 Dec 2007 17:47:24 +0000, Magnate wrote:

    >
    >>> Um ... well ... no. Your argument presumes an agreed definition of
    >>> "thing", which is incorrect.

    >
    >>and this is why I personally think Shakespeare was correct ;-)

    >
    >>> For physical items (like, say, cars) your logic is correct. For
    >>> something as tricky to define as access to a computer, it's not. This
    >>> is the conundrum at the centre of the IP debate:

    >
    >>in Canada the debate is moot and the rules clearly defined

    >
    >>> theft is depriving someone else of something, not simply helping
    >>> yourself to it.

    >
    >>but this is the point, helping yourself to something that is not yours
    >>implies an impropriety, and here in the Great White North that's a big
    >>no-no...Federal...Criminal Code...

    >
    >>> If I hack into your PC, I have not deprived you of anything, therefore
    >>> I have not commited theft. I may commit all sorts of other evil and
    >>> malicious illegal acts, but theft is not among them.

    >
    >>in American terms, cracking my box has deprived me of the right I have to
    >>the peaceful enjoyment of the box/service that I have paid for, for the
    >>legal purposes intended...sounds like a tort to me

    >
    > So if I walk into Starbucks where you are enjoying your cup of coffee and
    > I start talking to you, I have committed a tort and should be thrown in
    > jail, since I have deprived you of the enjoyment of your coffee?
    >
    > Depriving of peaceful enjoyment should not in itself be a crime of any
    > kind, except in exceptional circumstances.
    >
    > (Note that in Canada, under the Crimial Code, if I talk to you while you
    > are reading your email, I have committed a criminal code offense, so in
    > Canada you are right.)


    reductio ad absurdum here I think, but I'll grant you that what we've been
    tossing back and forth really describes Break and Enter or trespass and
    not classically "theft"


  14. Re: Honeypots Illegal?

    "s. keeling" writes:

    >Unruh :
    >> "s. keeling" writes:
    >> >
    >> >legitimate user would see, is just plain wrong. It *has* to be
    >> >legal to secure access to your systems, else they're not really
    >> >yours. Surveilling/logging *what's hitting on your network* has to
    >> >be part of that.

    >>
    >> The question was NOT whether or not it is legal to secure access to
    >> your system. The question was whether or not a so called "honeypot"
    >> is legal.


    >Why would anyone run a honeypot? I would think for intelligence data
    >on the sorts of malicious things that are coming at their network.
    >Doing that research is part of securing their network. Of course
    >that's legal.


    >> Whether recording communication between the cracker and others is
    >> legal, whether a cracker going into a system whose whole purpose is
    >> to allow, indeed encourage, the cracker to go into it makes the
    >> cracker's actions illegal.


    >The cracker is not authorised to be there. If he'd bothered to login
    >as any legitimate user, he'd be presented with a banner stating his
    >actions may be monitored. Ignorance of the law is no excuse, and
    >everyone knows what trespassing is.


    Except apparently you, who clearly does not know what it is!


    >That box is not encouraging the cracker to break in. It's just
    >passively sitting there waiting. What the cracker makes of that's up
    >to him. Honeypots don't initiate attacks on crackers. They're a
    >defence against crackers.


    A defence where you have purposely put a computer there for crackers to
    crack, which has not other purpose to being put on the net.


    >> And just because it is legal to secure your system does not mean
    >> that anything you do, which you think secures it, is legal.


    >The law is an ass in many ways, but shooting crackers on sight is
    >excessive force. On the other hand, documenting their unauthorized
    >actions on your systems to defend your systems or to use in a court
    >action is not lawless behaviour. It's part of due diligence.




  15. Re: Honeypots Illegal?


    >reductio ad absurdum here I think, but I'll grant you that what we've been
    >tossing back and forth really describes Break and Enter or trespass and
    >not classically "theft"



    No it is NOT break and enter nor is it trespass. It is not murder or
    treason either. Nor is it running a red light or speeding. It may be
    "unauthorized computer access" or "Mischief to data", but it is not
    spitting on a sidewalk, or installing plumbing without a license.


  16. Re: Honeypots Illegal?

    In article news:, S.
    keeling wrote:
    > "A firewall intercepts packets addressed to another machine ..." Is
    > that other machine yours too? If so, it's routing, not interception.


    It's only routing if the packets reach the machine to which they are
    addressed. If the firewall drops packets rather than delivering them
    then it's interception.

    Is it still only routing if the firewall delivers the packets as
    requested but also logs them? I'm not sure.

    > If it's not your machine, why are you intercepting them?


    I could, say, be running a firewall as a service for other users ...
    but we're losing sight of the point. The point is that what a honeypot
    does isn't interception, so a honeypot can't contravene laws that
    (only) prohibit interception (whereas a firewall might, if that law
    were taken literally and simplistically).
    --
    Cheers,
    Daniel.







  17. Re: Honeypots Illegal?

    mr.b wrote:

    > On Thu, 06 Dec 2007 13:31:18 -0500, Douglas O'Neal wrote:
    >
    >> Make it a bit more specific. You have a picture on your wall. I look at
    >> your picture without your permission. Have I then stolen your picture?
    >> If not, what is the difference between using your computer with only
    >> trivial traces of that use left and using the picture as was intended?
    >> What exactly has been "stolen" in either case?

    >
    > this is interesting...I'm thinking...even though we've gotten a bit away
    > from the legality of honeypots...which I employ...and enjoy...but
    > accessing a publicly accessible computer is definitively different from
    > passively observing a picture on a wall, is it not? the law is fairly
    > clear about unauthorised access -at least here in Canada.


    Once you, as the "intruder" get the warning, it is unauthorized.
    But then, a "publicly accessible" computer is what it is - either by
    intention or by missing basic protection (AKA blondeness) like passwords
    and firewalls. As an example, if you deliberatly change the defaults (XP
    firewall on) to make your computer accessible, it is ... well, a publicly
    accessible computer. Someone else just taking a peek then, isn't a
    criminal, as long as he doesn't damage/change your data or your computer.
    That could happen to you having p2p software loaded and running, as an
    example. There isn't a damage, if you missed the obligation to protect your
    data or at least place a visible warning in the way.
    --
    vista policy violation: Microsoft optical mouse found penguin patterns
    on mousepad. Partition scan in progress to remove offending
    incompatible products. Reactivate MS software.
    Linux 2.6.22.9-1mdvcustom [LinuxCounter#295241,ICQ#4918962]

  18. Re: Honeypots Illegal?

    s. keeling wrote:

    > Ditto, and I'm not into this deeply myself. I just think if the law
    > goes the cracker's way, the law's wrong. Getting away with cracking
    > other's boxes because you couldn't see the login banner, which every
    > legitimate user would see, is just plain wrong. It *has* to be legal


    Well, there must be some "criminal energy" involved to get in. A honeypot
    should be firewalled or password-protected the same way (but obviously
    different ports, different passwords) as the protected box/network.
    If it is possible to "break in" without effort, there is no break-in in
    fact.

    > to secure access to your systems, else they're not really yours.
    > Surveilling/logging *what's hitting on your network* has to be part of
    > that.
    >

    Agreed.

    --
    vista policy violation: Microsoft optical mouse found penguin patterns
    on mousepad. Partition scan in progress to remove offending
    incompatible products. Reactivate MS software.
    Linux 2.6.22.9-1mdvcustom [LinuxCounter#295241,ICQ#4918962]

  19. Re: Honeypots Illegal?

    On Sat, 08 Dec 2007 17:18:03 +0100, Walter Mautner wrote:

    > mr.b wrote:
    >
    >> this is interesting...I'm thinking...even though we've gotten a bit away
    >> from the legality of honeypots...which I employ...and enjoy...but
    >> accessing a publicly accessible computer is definitively different from
    >> passively observing a picture on a wall, is it not? the law is fairly
    >> clear about unauthorised access -at least here in Canada.

    >
    > Once you, as the "intruder" get the warning, it is unauthorized.
    > But then, a "publicly accessible" computer is what it is - either by
    > intention or by missing basic protection (AKA blondeness) like passwords
    > and firewalls.


    Under Canadian law there is no such thing as implied consent. No warning
    is needed for access to be unauthorized, only the fact that it is not
    authorized.

    --
    Phoenix

  20. Re: Honeypots Illegal?

    Walter Mautner writes:

    >s. keeling wrote:


    >> Ditto, and I'm not into this deeply myself. I just think if the law
    >> goes the cracker's way, the law's wrong. Getting away with cracking
    >> other's boxes because you couldn't see the login banner, which every
    >> legitimate user would see, is just plain wrong. It *has* to be legal


    >Well, there must be some "criminal energy" involved to get in. A honeypot


    What in the world is "criminal energy"?

    >should be firewalled or password-protected the same way (but obviously
    >different ports, different passwords) as the protected box/network.
    >If it is possible to "break in" without effort, there is no break-in in
    >fact.


    >> to secure access to your systems, else they're not really yours.
    >> Surveilling/logging *what's hitting on your network* has to be part of
    >> that.
    >>

    >Agreed.



+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast