+1 to the below. The days where you could hood-wink a judge and say you were just playing on the computer are over. Get with it.
On Fri, January 13, 2012 11:57, Ferenc Kovacs wrote: > On Thu, Jan 12, 2012 at 10:46 PM, Benjamin Kreuter > <ben.kreu...@gmail.com>wrote: > >> On Thu, 12 Jan 2012 16:06:53 -0500 >> valdis.kletni...@vt.edu wrote: >> >> > On Thu, 12 Jan 2012 15:16:19 EST, Benjamin Kreuter said: >> > >> > > Really, calling it "breaking in" is a stretch. You connected a >> > > computer to a publicly accessible computer network, where anyone can >> > > send anything to your computer. If hacking such a system is >> > > "breaking in," you might as well claim that shouting across your >> > > neighbor's yard is "breaking in." >> > >> > Bad analogy. Closer would be if you have a house that's got a >> > driveway on a public street, and you claim it's not breaking and >> > entering if you walk up the driveway, try the doorknob, find it >> > unlocked, and let yourself in without the permission of the >> > residents. Saying that "anybody could walk up and let themselves in >> > the door" doesn't make it legal. >> >> Would you say that we should arrest the person who walks into the >> house, takes a picture of themselves standing next to an expensive >> television and leaves the picture next to a note that says "your door >> was unlocked?" >> >> > yeah, it would still be an offence in most country. > > >> Really though, it is still a terrible analogy. You can disconnect a >> computer from the Internet; you cannot disconnect a building from a >> street. A hacker in a foreign country might be attacking your computer >> system from that country, and could be outside the jurisdiction of any >> relevant law enforcement agency; a person who breaks into a building is >> committing a crime in whatever jurisdiction the building is in. >> > > the crime would still be a crime in the country where the > building/computer > is located, you just can't get the offender prosecuted, just like if he > would flee the country after trespassing into your house. > > >> >> Analogies are nice and they help non-technical folks understand what >> is going on, but let's not get carried away with them. Someone who >> attacks a computer system over the Internet (or any other network) is >> sending unwanted/malicious messages. This is not the same as physically >> breaking into a building, locker, or computer. It may be illegal, but >> it is still very different from other crimes. > > > why is it different? the only difference imo is that the whole > IT/networking stuff is relatively new, and the law was lagging behind, and > some people still that it is, when it isn't really anymore. > you can get the same amount of fine/years in prison whether you stole the > money/confidential info through physical or electronical means. > > >> If anything, the closest >> type of criminal would be a con man, which seems fitting given how many >> of today's attacks have an element of social engineering. >> > > nope. > of course social engineering can be compared to Confidence trick, because > it is a Confidence trick. > but social engineering is only one vulnerability from the many, and > usually > it is used together with other methods (you get the credentials using > that, > then you proceed and access the system using those credentials, which is > the gaining unauthorized access to the system. > > -- > Ferenc Kovács > @Tyr43l - http://tyrael.hu > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/