Re: FW: Careful. This is for information only.

To: Nathan E Norman <nnorman@micromuse.com>
Cc: debian-user@lists.debian.org
Subject: Re: FW: Careful. This is for information only.
From: William T Wilson <fluffy@snurgle.org>
Date: Tue, 7 Aug 2001 00:00:33 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.21.0108062356330.944-100000@benatar.snurgle.org>
In-reply-to: <[🔎] 20010806225410.A25527@micromuse.com>

On Mon, 6 Aug 2001, Nathan E Norman wrote:

> I have to agree with John ... using a security hole in someone else's
> server for good or evil is probably not a good idea legally.  I'd
> advise against it.

In states with "Good Samaritan" laws you are likely to be shielded from
liability as long as any action you take is clearly intended as help.

Considering the fact that tens of thousands of malicious security attacks
per year go unprosecuted, I doubt that anything non-malicious would be a
big risk.  Unless you have deep pockets.

That said, it's traditional to send the admin a message using the root
account when a hole is found, but it isn't at all necessary.  Just send
the relevant excerpt from your log that shows they are attacking you to
several good guesses at the relevant account (root@host, abuse@domain,
etc.) and leave it at that.

Reply to:

Follow-Ups:
- RE: FW: Careful. This is for information only.
  - From: "Ian Perry" <iperry@inertia.com.au>
- Re: FW: Careful. This is for information only.
  - From: John Hasler <john@dhh.gt.org>

References:
- Re: FW: Careful. This is for information only.
  - From: Nathan E Norman <nnorman@micromuse.com>

Prev by Date: Re: FW: Careful. This is for information only.
Next by Date: Re: dosemu mystery
Previous by thread: Re: FW: Careful. This is for information only.
Next by thread: RE: FW: Careful. This is for information only.
Index(es):
- Date
- Thread