In 1995 a Finnish criminal law was amended to cover computer break in.
This statute criminalizes also attempt, so rattling doorknobs is a crime
at least here in Finland. Apart from that I don't think unsolicited
security testing is anything else than a feeble excuse to go hacking
other peoples sites. No offence meant, but I feel bit strongly on this.
Another question is the usefullness of "bait" systems. The police have
limited resources (at least here and I believe elsewhere too) and are
not too keen to investigate crime if there is no real damage. Also your
company may not be happy to get all the publicity to prosecute for
breaking in to the weakened system. My experience of the press is, They
tell you had a serious hacker attack no matter if they never even get in
and your customers opinion of your security goes down. Or am I wrong?
Sakari Myllym�ki
> -----Alkuper�inen viesti-----
> L�hett�j�: Bill Stackpole [SMTP:[EMAIL PROTECTED]]
> L�hetetty: 20. hein�kuuta 1999 18:33
> Kopio: [EMAIL PROTECTED]
> Aihe: RE: Response to hack attempt? - The ethics of rattling door
> knobs .
>
> Just curious what other think about the rattling door knobs question.
> Is it
> wrong to probe a system for security flaws if you have no evil intent?
> I
> check my neighbor's doors when they are on vacation to make sure no
> one has
> broken in, look in the windows to make sure everything is normal.
> Does that
> make me a criminal? I doubt it.
>
> Over the years, I've called many a company to inform them of potential
> security risks I have observed. Some have come to me in the mail,
> some as
> extraneous packets on my Internet connection and others as the result
> of my
> testing the effectiveness of certain security tools.
>
> I do such things to help people build more secure systems. I'm
> interested
> in what others think about the ethics or criminality of such conduct.
>
> Your comments.
>
>
>
>
> > -----Original Message-----
> > From: Rabid Wombat [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, July 19, 1999 6:45 PM
> > To: Bill Stackpole
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: Response to hack attempt?
> >
> >
> > This is why setting up a "bait" system with a chroot "jail" is a
> good
> > idea. If you can't nail them for probing, you get a chance to nail
> them
> > for hacking into the (deliberately weakened) system, and have logs
> to show
> > what they try to do from there. Probing may be akin to rattling the
> > doornob to see if it's locked, but hacking the bait system is B&E.
> >
> > -r.w.
> >
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
