Bad Raps for Non-Hacks

Bad Raps for Non-Hacks
Mark Rasch, 2003-06-16

A few odd cases show that you don't have be a digital desparado to be accused of a cybercrime... particularly if you embarrass the wrong bureaucrats.

Expand all | Post comment

the girl next door 2003-06-16
Kees Huyser

Bad Raps for Non-Hacks 2003-06-16
blacklight

Pen-testing own (hosted) domain 2003-06-17
Andy (1 replies)

Pen-testing own (hosted) domain 2003-06-18
Anonymous

Bad Raps for Non-Hacks 2003-06-17
Anonymous (3 replies)

Inadvertent Straying While Pen Testing 2003-06-17
Mark Rasch (1 replies)

If you inadvertently go beyond the range of IP adresses you intend to test (e.g., mistype an IP address) you are likely not CRIMINALLY liable, as the statute requires intentional access without authorization -- but this presupposses that the prosecutor believes you when you tell him it was an accident. Sort of like breaking into the wrong car in a parking lot, because you forgot your keys -- they may not believe you and you may go to trial, or worse, to jail! If you want to test your own domain which is hosted by someone else, you likely need their consent as well. More difficult is when you accidentally cause damage during a pen test - you can be civilly liable for this. Finally, and the point of the article -- a mere ping sweep ALONE -- or a port scan -- may be enough to open civil or criminal liability!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/167/20499#20499

Inadvertent Straying While Pen Testing 2003-06-23
Anonymous

Bad Raps for Non-Hacks 2003-06-19
blacklight

Bad Raps for Non-Hacks 2003-06-19
Elc0chin0 (1 replies)

Bad Raps for Non-Hacks 2003-06-23
Ferg (1 replies)

Bad Raps for Non-Hacks 2003-06-24
blacklight

Bad Raps for Non-Hacks 2003-06-18
Elc0chin0

Bad Raps for Non-Hacks 2003-06-20
Hamster1