* Michael Renzmann (mrenzmann@dylanic.de) [020910 03:12]: > Hi. > > Vineet Kumar wrote: > >>Phillip Hofmeister stated that one could use the Nimda backdoor on the > >>server that connects our server to setup a warning message on the > >>attacking computer's desktop. > >If you do, be prepared to go to jail... > > For what reason? For telling stupid webserver administrators about a > security problem they have? As the law is concerned, this is like telling people they've left their front door unlocked by inviting yourself in and taking a dump on their couch. It's not yours, and you have no right to enter, let alone change (deface) the site, no matter how easy it is, or how much good you think you might be accomplishing. > Well, while thinking about it, you may be right. There have been several > incidents in the US where someone pointed out security problems and got > sued because of that a few days/weeks later. This is even less of an issue of demonstrating or discussing a weakness, the discussion was about exploiting one. I think it's obvious that this is not okay, in any circumstances. good times, Vineet -- http://www.doorstop.net/ -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin
Attachment:
pgp2em38cIU2m.pgp
Description: PGP signature