[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "suspicious" apache log entries



* Michael Renzmann (mrenzmann@dylanic.de) [020910 03:12]:
> Hi.
> 
> Vineet Kumar wrote:
> >>Phillip Hofmeister stated that one could use the Nimda backdoor on the 
> >>server that connects our server to setup a warning message on the 
> >>attacking computer's desktop. 
> >If you do, be prepared to go to jail...
> 
> For what reason? For telling stupid webserver administrators about a 
> security problem they have?

As the law is concerned, this is like telling people they've left their
front door unlocked by inviting yourself in and taking a dump on their
couch.  It's not yours, and you have no right to enter, let alone change
(deface) the site, no matter how easy it is, or how much good you think
you might be accomplishing.

> Well, while thinking about it, you may be right. There have been several 
> incidents in the US where someone pointed out security problems and got 
> sued because of that a few days/weeks later.

This is even less of an issue of demonstrating or discussing a weakness,
the discussion was about exploiting one.  I think it's obvious that this
is not okay, in any circumstances.

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."  --Benjamin Franklin

Attachment: pgp5XXVRAQFNE.pgp
Description: PGP signature


Reply to: