Honeypots Illegal? - Security

This is a discussion on Honeypots Illegal? - Security ; "Rick Pikul" writes: >On Sat, 08 Dec 2007 17:18:03 +0100, Walter Mautner wrote: >> mr.b wrote: >> >>> this is interesting...I'm thinking...even though we've gotten a bit away >>> from the legality of honeypots...which I employ...and enjoy...but >>> accessing a ...

+ Reply to Thread
Page 3 of 4 FirstFirst 1 2 3 4 LastLast
Results 41 to 60 of 77

Thread: Honeypots Illegal?

  1. Re: Honeypots Illegal?

    "Rick Pikul" writes:

    >On Sat, 08 Dec 2007 17:18:03 +0100, Walter Mautner wrote:


    >> mr.b wrote:
    >>
    >>> this is interesting...I'm thinking...even though we've gotten a bit away
    >>> from the legality of honeypots...which I employ...and enjoy...but
    >>> accessing a publicly accessible computer is definitively different from
    >>> passively observing a picture on a wall, is it not? the law is fairly
    >>> clear about unauthorised access -at least here in Canada.

    >>
    >> Once you, as the "intruder" get the warning, it is unauthorized.
    >> But then, a "publicly accessible" computer is what it is - either by
    >> intention or by missing basic protection (AKA blondeness) like passwords
    >> and firewalls.


    >Under Canadian law there is no such thing as implied consent. No warning
    >is needed for access to be unauthorized, only the fact that it is not
    >authorized.


    There is however intent under all criminal laws. Ie, if the entry was made
    in good faith, with no intent to intrude in an unauthorized way, it is not
    a crime. Showing that the intent is there becomes difficulty if you stick a
    computer onto the net with no warnings, etc.

    >--
    > Phoenix


  2. Re: Honeypots Illegal?

    Rick Pikul wrote:

    > On Sat, 08 Dec 2007 17:18:03 +0100, Walter Mautner wrote:

    .....
    >> Once you, as the "intruder" get the warning, it is unauthorized.
    >> But then, a "publicly accessible" computer is what it is - either by
    >> intention or by missing basic protection (AKA blondeness) like passwords
    >> and firewalls.

    >
    > Under Canadian law there is no such thing as implied consent. No warning
    > is needed for access to be unauthorized, only the fact that it is not
    > authorized.
    >

    Well, but on a public network ... maybe even with (in that case accidently)
    open shares, some surfer may just discover another computer in his network,
    when he cannot distinguish between his house/dormatory network and the
    others on the same broadband access router.
    Or, with p2p (limewire and others) and bad configuration, someone else might
    as well have access to data not intended for that.
    Where is the border if it isn't visible to the "intruder"?
    --
    vista policy violation: Microsoft optical mouse found penguin patterns
    on mousepad. Partition scan in progress to remove offending
    incompatible products. Reactivate MS software.
    Linux 2.6.22.12-1mdvcustom [LinuxCounter#295241,ICQ#4918962]

  3. Re: Honeypots Illegal?

    Unruh wrote:

    > Walter Mautner writes:

    ......
    >>Well, there must be some "criminal energy" involved to get in. A honeypot

    >
    > What in the world is "criminal energy"?
    >

    Well, the same "criminal energy" that is required to break a lock or
    a "effective" copy protection (not just pressing the shift key or having
    turned autoplay off by default). At least the border must be clearly
    visible to the possible intruder, in a public network. I don't think it's
    just another computer/network/netbios name that's required. At least a
    password must be set.
    --
    vista policy violation: Microsoft optical mouse found penguin patterns
    on mousepad. Partition scan in progress to remove offending
    incompatible products. Reactivate MS software.
    Linux 2.6.22.12-1mdvcustom [LinuxCounter#295241,ICQ#4918962]

  4. Re: Honeypots Illegal?

    Walter Mautner writes:

    >Unruh wrote:


    >> Walter Mautner writes:

    >.....
    >>>Well, there must be some "criminal energy" involved to get in. A honeypot

    >>
    >> What in the world is "criminal energy"?
    >>

    >Well, the same "criminal energy" that is required to break a lock or


    Yee gads, you continue to try to defend this idiotic term? There is nothing
    in the world which corresponds to "criminal energy", and what seem to be
    refering to is not criminal and is not energy.


    >a "effective" copy protection (not just pressing the shift key or having
    >turned autoplay off by default). At least the border must be clearly


    As has been pointed out Under DMCA or Canadian law, "effective" is
    irrelevant.

    >visible to the possible intruder, in a public network. I don't think it's
    >just another computer/network/netbios name that's required. At least a
    >password must be set.


    "Must" according to whom?

  5. Re: Honeypots Illegal?

    On Sat, 08 Dec 2007 22:44:41 +0000, Unruh wrote:

    > "Rick Pikul" writes:
    >
    >>Under Canadian law there is no such thing as implied consent. No warning
    >>is needed for access to be unauthorized, only the fact that it is not
    >>authorized.

    >
    > There is however intent under all criminal laws. Ie, if the entry was made
    > in good faith, with no intent to intrude in an unauthorized way, it is not
    > a crime. Showing that the intent is there becomes difficulty if you stick a
    > computer onto the net with no warnings, etc.


    You just described the defense of implied consent, which is not a legal
    defense in Canada[1].

    The person intended to access the system, and he knew that he had not had
    authorization expressly granted. That satisfies mens rea for unauthorized
    access.


    [1] If it is the only defense you enter, then you run the risk of finding
    yourself at the business end of a directed conviction.

    --
    Phoenix

  6. Re: Honeypots Illegal?

    Unruh :
    > "s. keeling" writes:
    > >
    > >I've no intention of learning law, thanks. I'll buy it when I need
    > >it. As a layman, theft describes this perfectly.

    >
    > Glad you feel that all this language stuff is a waste of time--
    > grunts and gestures are good enough for you.


    You can completely ignore the distinction between layman and lawyer?
    How focussed you are; almost tunnel visioned.


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

  7. Re: Honeypots Illegal?

    Unruh :
    > "s. keeling" writes:
    >
    > >The cracker is not authorised to be there. If he'd bothered to login
    > >as any legitimate user, he'd be presented with a banner stating his
    > >actions may be monitored. Ignorance of the law is no excuse, and
    > >everyone knows what trespassing is.

    >
    > Except apparently you, who clearly does not know what it is!


    I certainly do not (again!) know the legal definition of it. I'm
    (again!) not a lawyer. Layman != lawyer, thank $deity. Speak
    English, not legalese!

    > >That box is not encouraging the cracker to break in. It's just
    > >passively sitting there waiting. What the cracker makes of that's up
    > >to him. Honeypots don't initiate attacks on crackers. They're a
    > >defence against crackers.

    >
    > A defence where you have purposely put a computer there for crackers to
    > crack, which has not other purpose to being put on the net.


    "No, your honour, that's an unimaged, hot-spare backup machine. We
    run it as a honeypot to burn it in and test all its functionality. Of
    course, we need to analyze its logs to ensure it's fully functional."

    Bite me, your honour.


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

  8. Re: Honeypots Illegal?

    Daniel James :
    > In article news:, S.
    > keeling wrote:
    > > "A firewall intercepts packets addressed to another machine ..." Is
    > > that other machine yours too? If so, it's routing, not interception.

    >
    > It's only routing if the packets reach the machine to which they are
    > addressed. If the firewall drops packets rather than delivering them
    > then it's interception.


    Whatever happened to that old maxim that the net's a cooperative
    effort between individual systems and their system administrators, the
    latter of which are gods on their systems, and those systems are
    private property?

    If a firewall dropping packets is interception, what's spamassassin or
    procmail or exim rules? This whole subject just doesn't pass the
    smell test.

    I am *still* not a lawyer, and expect to keep it that way.


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

  9. Re: Honeypots Illegal?

    Rick Pikul :
    >
    > Under Canadian law there is no such thing as implied consent. No warning
    > is needed for access to be unauthorized, only the fact that it is not
    > authorized.


    Take that, ambulance chasers. We don't need to hire lawyers to vet
    login screen banners in this enlightened people's paradise. :-)

    How sensible.


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

  10. Re: Honeypots Illegal?

    Walter Mautner :
    > s. keeling wrote:
    > >
    > > Ditto, and I'm not into this deeply myself. I just think if the law
    > > goes the cracker's way, the law's wrong. Getting away with cracking
    > > other's boxes because you couldn't see the login banner, which every
    > > legitimate user would see, is just plain wrong. It *has* to be legal

    >
    > Well, there must be some "criminal energy" involved to get in. A honeypot


    Connecting to a box you know you've no authorization to connect to?

    > should be firewalled or password-protected the same way (but obviously


    Firewalls aren't a legal requirement. Yeah, passwordless accounts are
    just dumb in a lot of ways (*spam*, zombies, ...), but a "come hither"
    to unsuspecting crackers? Come on.

    > different ports, different passwords) as the protected box/network.
    > If it is possible to "break in" without effort, there is no break-in in
    > fact.


    So, leaving your front door unlocked leaves you no defence legally
    against a burglar who takes advantage of that?


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

  11. Re: Honeypots Illegal?

    Unruh :
    > Walter Mautner writes:
    >
    > >Unruh wrote:

    >
    > >> Walter Mautner writes:

    > >.....
    > >>>Well, there must be some "criminal energy" involved to get in. A honeypot
    > >>
    > >> What in the world is "criminal energy"?
    > >>

    > >Well, the same "criminal energy" that is required to break a lock or

    >
    > Yee gads, you continue to try to defend this idiotic term? There is nothing


    dict pedant. Note the double quotes.


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

  12. Re: Honeypots Illegal?

    "s. keeling" writes:

    >Unruh :
    >> "s. keeling" writes:
    >> >
    >> >I've no intention of learning law, thanks. I'll buy it when I need
    >> >it. As a layman, theft describes this perfectly.

    >>
    >> Glad you feel that all this language stuff is a waste of time--
    >> grunts and gestures are good enough for you.


    >You can completely ignore the distinction between layman and lawyer?
    >How focussed you are; almost tunnel visioned.


    When you talk about legal things, the people to talk to are lawyers. When
    you talk bull****, grunts and gestures are good enough for you apparently.



    >--
    >Any technology distinguishable from magic is insufficiently advanced.
    >(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
    >- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


  13. Re: Honeypots Illegal?

    "s. keeling" writes:

    >Rick Pikul :
    >>
    >> Under Canadian law there is no such thing as implied consent. No warning
    >> is needed for access to be unauthorized, only the fact that it is not
    >> authorized.


    >Take that, ambulance chasers. We don't need to hire lawyers to vet
    >login screen banners in this enlightened people's paradise. :-)



    Yes, so when you read a web page from Canada you are breaking the law,
    since you are accessing and altering data on that computer (see log files)
    without authorization. Real enlightened.


  14. Re: Honeypots Illegal?

    "s. keeling" wrote in message
    news:slrnflsckh.8cr.keeling@heretic.nucleus.com...
    > Walter Mautner :
    >> s. keeling wrote:
    >> >
    >> > Ditto, and I'm not into this deeply myself. I just think if the law
    >> > goes the cracker's way, the law's wrong. Getting away with cracking
    >> > other's boxes because you couldn't see the login banner, which every
    >> > legitimate user would see, is just plain wrong. It *has* to be legal

    >>
    >> Well, there must be some "criminal energy" involved to get in. A
    >> honeypot

    >
    > Connecting to a box you know you've no authorization to connect to?
    >
    >> should be firewalled or password-protected the same way (but obviously

    >
    > Firewalls aren't a legal requirement. Yeah, passwordless accounts are
    > just dumb in a lot of ways (*spam*, zombies, ...), but a "come hither"
    > to unsuspecting crackers? Come on.
    >
    >> different ports, different passwords) as the protected box/network.
    >> If it is possible to "break in" without effort, there is no break-in in
    >> fact.

    >
    > So, leaving your front door unlocked leaves you no defence legally
    > against a burglar who takes advantage of that?


    Got it! You use the word theft, when what you actually mean is trespass. The
    offence a stranger commits by entering your unlocked house uninvited is not
    theft or burglary (assuming he steals nothing), it's trespass. If the house
    is locked it's breaking & entering.

    So the cyber-equivalents of this are interesting. It's theft only if s/he
    deletes something on your system (and keeps a copy of it - otherwise it's
    criminal damage). It's breaking and entering if they had to hack in, and
    it's trespass if you left them an unlocked door (passwordless login, or
    whatever).

    So just as it's not illegal to leave your house unlocked, it shouldn't be
    illegal to leave an unprotected system on your network (whether as a
    honeypot or for any other purpose).

    CC



  15. Re: Honeypots Illegal?

    In article news:<8Gq7j.49133$Zn.41718@edtnps90>, Unruh wrote:
    > >> Under Canadian law there is no such thing as implied consent. No
    > >> warning is needed for access to be unauthorized, only the fact that
    > >> it is not authorized.

    [snip]
    > Yes, so when you read a web page from Canada you are breaking the law,
    > since you are accessing and altering data on that computer (see log
    > files) without authorization. Real enlightened.


    No, not AIUI. When you access such a site you *MAY* be breaking the law,
    but you probably aren't.

    You may legally view such a site if you have the consent of the site
    owner. The law may not enshrine a doctrine of implied consent, but in
    practice the owners of publicly accessible website make those sites public
    with the intent that they will be accessed by third parties and *do* give
    consent for those parties to access the site. You will only be prosecuted
    if you access a site that was not intended to be public -- and those are
    usually quite hard to find. I see no reason to suspect that the casual
    surfer will accidentally stray into a minefield.

    If a website is mentioned in an advertisement, say, and you visit it to
    discover more about the advertised product or to place an oder you can
    point to the advertisement as an explicit statement of consent.

    Cheers,
    Daniel.
    (Not a lawyer)




  16. Re: Honeypots Illegal?

    In article news:, S. keeling
    wrote:
    > If a firewall dropping packets is interception, what's spamassassin or
    > procmail or exim rules? This whole subject just doesn't pass the
    > smell test.


    I think you're missing some irony, somewhere along the line.

    I wasn't suggesting that firewalls were or should be illegal, I was
    using the example of firewalls -- which I think everyone agrees are not
    only legal but are also essential security tools -- to highlight the
    point about honeypots.

    A honeypot does not intercept packets, it just handles packets that are
    addressed to it.

    A firewall does intercept packets, it handles packets that are addressed
    to some other server process and filters them.

    Ergo: if the act of interception is the criterion by which legality is
    to be judged then honeypots are legal and firewalls are not (or to put
    it another way: The law is an ass).

    Capisce?

    Cheers,
    Daniel.



  17. Re: Honeypots Illegal?

    "Magnate" writes:

    >"s. keeling" wrote in message
    >news:slrnflsckh.8cr.keeling@heretic.nucleus.com...
    >> Walter Mautner :
    >>> s. keeling wrote:
    >>> >
    >>> > Ditto, and I'm not into this deeply myself. I just think if the law
    >>> > goes the cracker's way, the law's wrong. Getting away with cracking
    >>> > other's boxes because you couldn't see the login banner, which every
    >>> > legitimate user would see, is just plain wrong. It *has* to be legal
    >>>
    >>> Well, there must be some "criminal energy" involved to get in. A
    >>> honeypot

    >>
    >> Connecting to a box you know you've no authorization to connect to?
    >>
    >>> should be firewalled or password-protected the same way (but obviously

    >>
    >> Firewalls aren't a legal requirement. Yeah, passwordless accounts are
    >> just dumb in a lot of ways (*spam*, zombies, ...), but a "come hither"
    >> to unsuspecting crackers? Come on.
    >>
    >>> different ports, different passwords) as the protected box/network.
    >>> If it is possible to "break in" without effort, there is no break-in in
    >>> fact.

    >>
    >> So, leaving your front door unlocked leaves you no defence legally
    >> against a burglar who takes advantage of that?


    >Got it! You use the word theft, when what you actually mean is trespass. The
    >offence a stranger commits by entering your unlocked house uninvited is not
    >theft or burglary (assuming he steals nothing), it's trespass. If the house
    >is locked it's breaking & entering.


    >So the cyber-equivalents of this are interesting. It's theft only if s/he


    No even that is not theft.

    >deletes something on your system (and keeps a copy of it - otherwise it's
    >criminal damage). It's breaking and entering if they had to hack in, and


    No that is NOT breaking and entering under any legal system I know of. You
    are also using analogy as if it were identity.

    >it's trespass if you left them an unlocked door (passwordless login, or
    >whatever).


    Even that is not trespass. It may be unauthorized use of computer
    equipment, or may be mischief to data if you delete it, but it is neither
    theft not trespass not breaking and entering.


    >So just as it's not illegal to leave your house unlocked, it shouldn't be
    >illegal to leave an unprotected system on your network (whether as a
    >honeypot or for any other purpose).


    It is not illegal. Whether or not it should be is contentious matter. If
    you by your negligence contribute to damage to a third party, a strong
    argument could be made that that should be illegal, or at least open you to
    civil damages. Placing your computer
    on the net with no protection IS negligence, and it can certainly damage
    third parties (DOS attacks, breakin attacks, etc)

    The problem of course is what level of protection is sufficient? Passwords?
    firewall? No attachment to the net unless absolutely necessary? No
    attachment to the net at all?

    And if you leave your house unlocked and you are robbed, the insurance
    company will refuse to pay, and if your neighbour's TV set is stolen
    because you did not lock your door, you could well be civilly liable to your
    neighbour. If your house is therefor used to commit a criminal offense, you
    might also be criminally liable, although that would be a stretch. However,
    your ability to persue trespass charges could well be weakened.





  18. Re: Honeypots Illegal?

    Daniel James writes:

    >In article news:<8Gq7j.49133$Zn.41718@edtnps90>, Unruh wrote:
    >> >> Under Canadian law there is no such thing as implied consent. No
    >> >> warning is needed for access to be unauthorized, only the fact that
    >> >> it is not authorized.

    >[snip]
    >> Yes, so when you read a web page from Canada you are breaking the law,
    >> since you are accessing and altering data on that computer (see log
    >> files) without authorization. Real enlightened.


    >No, not AIUI. When you access such a site you *MAY* be breaking the law,
    >but you probably aren't.


    >You may legally view such a site if you have the consent of the site
    >owner. The law may not enshrine a doctrine of implied consent, but in


    Ah, so canada DOES have a doctrine of implied consent. You are claiming it
    is in the practice not the written law. But practice has legal force.
    Canada follows precident as well as written law.

    >practice the owners of publicly accessible website make those sites public
    >with the intent that they will be accessed by third parties and *do* give
    >consent for those parties to access the site. You will only be prosecuted


    No None that I know of give express consent.

    >if you access a site that was not intended to be public -- and those are
    >usually quite hard to find. I see no reason to suspect that the casual
    >surfer will accidentally stray into a minefield.


    You make my point perfectly. Canadian law tends to be written so as to make
    everything illegal ( over broad laws) in the expectation that the court
    system will only apply it in the "right" circumstances. Which of course
    does not always occur. Thus people HAVE been prosecuted under the Mischief
    to Data act for deleting their own data. Fortunately the appeal courts have
    not gone along with it.


    >If a website is mentioned in an advertisement, say, and you visit it to
    >discover more about the advertised product or to place an oder you can
    >point to the advertisement as an explicit statement of consent.


    Hardly. It is at best implied consent, since none of those state "You have
    premission to access this web site." And usually they point to only a
    single page, but the actual material is linked to from that page, and you
    surely cannot mean that consent is transitive-- if I give you consent to A
    I am giving you consent to everything I own.


    >Cheers,
    > Daniel.
    > (Not a lawyer)
    >




  19. Re: Honeypots Illegal?

    Daniel James writes:

    >In article news:, S. keeling
    >wrote:
    >> If a firewall dropping packets is interception, what's spamassassin or
    >> procmail or exim rules? This whole subject just doesn't pass the
    >> smell test.


    >I think you're missing some irony, somewhere along the line.


    >I wasn't suggesting that firewalls were or should be illegal, I was
    >using the example of firewalls -- which I think everyone agrees are not
    >only legal but are also essential security tools -- to highlight the
    >point about honeypots.


    However, a crucial feature of honeypots is that the owners read the logs
    and use the logs to carry legal or other actions. It is of course not the
    computer that does anything. It is the owners or controllers of the
    computers that do it.


    >A honeypot does not intercept packets, it just handles packets that are
    >addressed to it.


    And the person then reads the results of those interceptions. That is
    where the problems arise.


    >A firewall does intercept packets, it handles packets that are addressed
    >to some other server process and filters them.


    >Ergo: if the act of interception is the criterion by which legality is
    >to be judged then honeypots are legal and firewalls are not (or to put
    >it another way: The law is an ass).


    >Capisce?


    >Cheers,
    > Daniel.
    >



  20. Re: Honeypots Illegal?

    s. keeling wrote:

    > Walter Mautner :

    .....
    >> Well, there must be some "criminal energy" involved to get in. A
    >> honeypot

    >
    > Connecting to a box you know you've no authorization to connect to?
    >

    I had p2p networking as an example. No "authentication", but often enough
    accidently open shares.

    >> should be firewalled or password-protected the same way (but obviously

    >
    > Firewalls aren't a legal requirement. Yeah, passwordless accounts are
    > just dumb in a lot of ways (*spam*, zombies, ...), but a "come hither"
    > to unsuspecting crackers? Come on.
    >

    Depends upon the (proven/to prove) intent of the intruder. It may be just a
    accident, in particular if there is no visible sign of some sort
    of "fence".

    >> different ports, different passwords) as the protected box/network.
    >> If it is possible to "break in" without effort, there is no break-in in
    >> fact.

    >
    > So, leaving your front door unlocked leaves you no defence legally
    > against a burglar who takes advantage of that?
    >

    If the burglar can see it's some private property (fence around it, or a
    closed door with a lock though left open, and no "come-on-in" sign), it is
    beyond legality to enter. However, on the net (again, p2p, instant
    messaging, sharing) there are not always visible fences and locks.

    A open door does not make a theft legal, but leaving the front door open or
    the key inserted while leaving the house/the car, can create some part
    guiltieness.
    At least the insurance will see it that way, and refuse to pay damages.


    --
    vista policy violation: Microsoft optical mouse found penguin patterns
    on mousepad. Partition scan in progress to remove offending
    incompatible products. Reactivate MS software.
    Linux 2.6.22.12-1mdvcustom [LinuxCounter#295241,ICQ#4918962]

+ Reply to Thread
Page 3 of 4 FirstFirst 1 2 3 4 LastLast