[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [dvd-discuss] Hang the RIAA in their own noose.
- To: "'dvd-discuss(at)cyber.law.harvard.edu'" <dvd-discuss(at)cyber.law.harvard.edu>
- Subject: RE: [dvd-discuss] Hang the RIAA in their own noose.
- From: Richard Hartman <hartman(at)onetouch.com>
- Date: Thu, 18 Oct 2001 14:05:11 -0700
- Reply-To: dvd-discuss(at)cyber.law.harvard.edu
- Sender: owner-dvd-discuss(at)cyber.law.harvard.edu
> -----Original Message-----
> From: Jeme A Brelin [mailto:jeme@brelin.net]
> Sent: Thursday, October 18, 2001 11:46 AM
> To: Openlaw DMCA Forum
> Subject: RE: [dvd-discuss] Hang the RIAA in their own noose.
>
>
>
> On Thu, 18 Oct 2001, Ballowe, Charles wrote:
> > What is considered granting access? Does the fact that the machine
> > allows me to access the content mean that I was granted
> access to that
> > content? My personal thought is that the machine grants access based
> > on the policies that it is aware of. If those policies
> don't match the
> > intent of the operator, then it wouldn't be the "intruder" who is at
> > fault for accessing information not intended for them.
>
> And a computer doesn't know when it's being exploited.
>
> If you overflow some buffer and get some arbitrary code to
> execute, you've
> gained access. Running a service that allows for buffer
> overflow is, in
> essence, just like an open port.
Not quite, Jeme. Up until now we've been talking about
running a standard service on a standard port and accessing
via the protocol standards.
What you are talking about is exploitation of a bug. It is
not how the service is _intended_ to run, therefore we are
talking a violation here.
>
> Personally, I think private information shouldn't be kept on publicly
> accessible machines.
Granted. Some government agencies are finally figuring that
out. The only real secure machine is one that is not connected
to the network.
>And that's the end of that story. If
> you think you
> can build a perfectly secure box, go for it. But don't go
> crying to me
> when someone gets hold of your data without your permission.
But again, we weren't talking about people violating the
protections. We were talking about, setting the server up
wide-open and then attempting to say that any (normal) access
is a violation because you only intended that data for your
own remote use.
--
-Richard M. Hartman
hartman@onetouch.com
186,000 mi./sec ... not just a good idea, it's the LAW!