[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [dvd-discuss] Hang the RIAA in their own noose.

To: dvd-discuss(at)cyber.law.harvard.edu
Subject: RE: [dvd-discuss] Hang the RIAA in their own noose.
From: Michael.A.Rolenz(at)aero.org
Date: Fri, 19 Oct 2001 14:25:13 -0700
Reply-To: dvd-discuss(at)cyber.law.harvard.edu
Sender: owner-dvd-discuss(at)cyber.law.harvard.edu

WRT to the script kiddies, I wasn't referring to their spending a little 
time to write the tools but the time the tool spends executing. I don't 
make a distinction between typing in all that stuff personally and writing 
a scritpt to do it automatically. The time spend doing the "picking" is 
what counts.

I think the question of the fence really comes down to how often I try to 
get through it. If you keep walking into it and moving over and suddenly 
find a break in it, I'm not as inclined to call it inadvertant. Similarly, 
if someone is scanning all the TCP ports on a computer  and keeps hitting 
the invisible wall that is also a type of message that says keep out. 
Suddenly finding the open port and leaping through it accidently doesn't 
sound like much of a defense. OTOH IF I just happend to be walking with my 
eyes closed and just happend to walk through the fence at the right place, 
then by some wierd sort of circumstances a technial trespass occured and 
it's up to the court to decide if my defense is valid or not and what the 
punishment should bet - but I should get my day in court rather than the 
owner of the property judging and executioning. 

Jeme A Brelin <jeme@brelin.net>
Sent by: owner-dvd-discuss@eon.law.harvard.edu
10/19/01 02:00 PM
Please respond to dvd-discuss

        To:     Openlaw DMCA Forum <dvd-discuss@eon.law.harvard.edu>
        cc: 
        Subject:        RE: [dvd-discuss] Hang the RIAA in their own noose.

On Fri, 19 Oct 2001 Michael.A.Rolenz@aero.org wrote:
> I hate to use the lock analogy but a buffer overflow attack is
> analogous to opening a lock that you know is not yours with a
> lockpick. Furthermore, it shows intent. Somebody is spending a lot of
> time to do something.

Well, not if it's a known exploit and the script kiddies have got the
tools in the kit.

It's not like using a lockpick at that point, it's like using a Master
Key.

> One problem here is what constitutes a 'publically accessable"
> machine.  This is a pretty gray area.

If a machine receives packets of any type on any port that can be accessed
with a globally routable address:port socket description pair, then that
machine is publicly accessible.

> On the other extreme. Putting up a firewall is analogous to putting up
> a do not trespass sign and a fence.

Not quite.  A firewall that drops all non-return packets originating
outside the firewall is like an invisible fence.

I don't know any firewalls that let you know that you're about to pass
through them the way a "no trespassing" sign would.

> At what point do you tell someone "look. just because the fence was
> only 10 foot tall and you had a 12 foot pole for vaulting isn't a
> defense against trespassing."

If you can go through the fence without noticing it, is it really a fence?

A firewall that passes port 80 is a not a fence if you're heading toward
port 80.  It's like it's not even there.

Are you going to argue that someone can be accused of trespass for walking
through a hole in an invisible fence?

J.
-- 
   -----------------
     Jeme A Brelin
    jeme@brelin.net
   -----------------
 [cc] counter-copyright
 http://www.openlaw.org

Prev by Date: Re: [dvd-discuss] EFF opposes blacklisting spammers
Next by Date: Re: [dvd-discuss] EFF opposes blacklisting spammers
Previous by thread: RE: [dvd-discuss] Hang the RIAA in their own noose.
Next by thread: RE: [dvd-discuss] USG Investigates Online Music Cartel
Index(es):
- Date
- Thread