[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [dvd-discuss] Hang the RIAA in their own noose.
- To: dvd-discuss(at)cyber.law.harvard.edu
- Subject: RE: [dvd-discuss] Hang the RIAA in their own noose.
- From: Michael.A.Rolenz(at)aero.org
- Date: Fri, 19 Oct 2001 14:25:13 -0700
- Reply-To: dvd-discuss(at)cyber.law.harvard.edu
- Sender: owner-dvd-discuss(at)cyber.law.harvard.edu
WRT to the script kiddies, I wasn't referring to their spending a little
time to write the tools but the time the tool spends executing. I don't
make a distinction between typing in all that stuff personally and writing
a scritpt to do it automatically. The time spend doing the "picking" is
I think the question of the fence really comes down to how often I try to
get through it. If you keep walking into it and moving over and suddenly
find a break in it, I'm not as inclined to call it inadvertant. Similarly,
if someone is scanning all the TCP ports on a computer and keeps hitting
the invisible wall that is also a type of message that says keep out.
Suddenly finding the open port and leaping through it accidently doesn't
sound like much of a defense. OTOH IF I just happend to be walking with my
eyes closed and just happend to walk through the fence at the right place,
then by some wierd sort of circumstances a technial trespass occured and
it's up to the court to decide if my defense is valid or not and what the
punishment should bet - but I should get my day in court rather than the
owner of the property judging and executioning.
Jeme A Brelin <firstname.lastname@example.org>
Sent by: email@example.com
10/19/01 02:00 PM
Please respond to dvd-discuss
To: Openlaw DMCA Forum <firstname.lastname@example.org>
Subject: RE: [dvd-discuss] Hang the RIAA in their own noose.
On Fri, 19 Oct 2001 Michael.A.Rolenz@aero.org wrote:
> I hate to use the lock analogy but a buffer overflow attack is
> analogous to opening a lock that you know is not yours with a
> lockpick. Furthermore, it shows intent. Somebody is spending a lot of
> time to do something.
Well, not if it's a known exploit and the script kiddies have got the
tools in the kit.
It's not like using a lockpick at that point, it's like using a Master
> One problem here is what constitutes a 'publically accessable"
> machine. This is a pretty gray area.
If a machine receives packets of any type on any port that can be accessed
with a globally routable address:port socket description pair, then that
machine is publicly accessible.
> On the other extreme. Putting up a firewall is analogous to putting up
> a do not trespass sign and a fence.
Not quite. A firewall that drops all non-return packets originating
outside the firewall is like an invisible fence.
I don't know any firewalls that let you know that you're about to pass
through them the way a "no trespassing" sign would.
> At what point do you tell someone "look. just because the fence was
> only 10 foot tall and you had a 12 foot pole for vaulting isn't a
> defense against trespassing."
If you can go through the fence without noticing it, is it really a fence?
A firewall that passes port 80 is a not a fence if you're heading toward
port 80. It's like it's not even there.
Are you going to argue that someone can be accused of trespass for walking
through a hole in an invisible fence?
Jeme A Brelin