Problem is (from my understanding) this isn't what Lamo does. He doesn't do buffer overflows or any of those sort of exploits. He simply types in a URL in his web browser and accesses supposedly private web pages that are wide open to the public.

The breaking and entering analogy is kinda weak there. Even the tresspassing analogy is a little weak.

A better analogy would be wandering around the exhibit floor of a trade show that is open to the public. Off in an obsecure corner you see an unmarked door which is wide open. You walk through the door and find a room which is full of stuff that looks like it should be private and confidential... and yet there it is in an open area very near a space which is clearly intended for the public.

Is this breaking and entering? Legaly I don't think it is... since in order to accuse some-one of breaking and entering you must have made at least some attempt to secure the space that they entered.

Is it even trespassing? Even thats kind of marginal. Since to effectively prove tresspassing under that sitution you must have made at least some attempt to indicate that the area was off-limits to the public.

Clearly Lamo knew that he was in an area that he shouldn't have been in because he is pretty technicaly savvy and because he hung around for so long. However I'd hate to see a less savvy person get prosecuted for simply typing in the wrong URL.

Essentialy, I think Corporations bear the onus of making some attempt to secure pages that they wish to consider private. If an individual defeats those security measures then the corporation has the right to take action against the individual. However, if the site is available simply by typing in a url without requiring any authentication then the corporation really loses the right to pursue action against the individual due thier own negligance.

You can't accuse some-one of stealing your property if you abandon it on a park bench and then walk away.

Mel

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/358/11437#11437