I've read about Lamo's activities before. As I understand it all he is doing is useing a web browser in a nonstandard way to explore the extent of what he can see. The NYT placed a computer on a public access point and invited the public in via http port 80 access, ie a standartd web browser. If anybody useing just a web broswer finds more access than the owner of the NYT's web site had intended to make available to the public that's a problem for the webmaster to correct. As I understand things, Lamo did not break any law. He was legitmatly accessing a public web site with nothing more than a web browser. He did not deface of alter any content on the web site. All he did was explore the web site better than anybody had done in the past. The NYT, and every web master, should get better security / configuration control over their publicly accessable web sites. As I see it, you put up the web site for the public to explore. You can't complain if someone in the public explores it better than you expect. of course I could be wrong.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/358/11606#11606