Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Mother, May I?
Mark Rasch, 2008-01-23

"Mommy, can I have a cookie?"

Comments Mode:
Thanks Mark 2008-01-23
Andy S.
Mother, May I? 2008-01-23
Anonymous (1 replies)
Re: Mother, May I? 2008-01-24
Mark D. Rasch
You're overlooking some issues. 2008-01-23
Anonymous (2 replies)
Re: You're overlooking some issues. 2008-01-24
Mark D. Rasch
Re: You're overlooking some issues. 2008-02-14
Anonymous
Mother, May I? 2008-01-23
Erik N
Mother^H^H^H^H^H^H directory manager, May I? 2008-01-23
reiisi
OS utilities and public "keys" 2008-01-23
Ole Juul (1 replies)
Re: OS utilities and public "keys" 2008-01-28
Mark D. Rasch (1 replies)
Re: Re: OS utilities and public "keys" 2008-01-29
Jon Hash
Be careful what you ask for 2008-01-23
overshoot
Mother, May I? 2008-01-24
Thomas Downing (1 replies)
Internet as Commons 2008-01-28
Mark D. Rasch (1 replies)
Re: Internet as Commons 2008-01-29
Jon Hash (1 replies)
Re: Re: Internet as Commons 2008-02-01
Mark D. Rasch
Mother, May I? 2008-01-24
stacy
Not much of a cheese shop, is it? 2008-01-24
Mitch Smith (2 replies)
Re: Not much of a cheese shop, is it? 2008-01-28
Mark D. Rasch (1 replies)
The only question I have is, are you offering a service by not expressly disabling it? Clearly the "service" can be run. I agree that all analogies ultimately fail, and that the law only deals by analogies, so it is very imperfect. However, the "if it CAN be run it MAY be run" argument then permits SQL injection attacks, viruses, worms, Trojans, key loggers, and almost all malware, because you "allowed" it to be run. Now the Ritz case is different because it was a common service running, and reasonable people can differ about whether the use of that service was "authorized" or whether Ritz could be said to have KNOWN it was unauthorized (the standard in ND law.) Under these circumstances, the court looked at motive and intent, not just authorization. Why he did it rather than what he did. Another user, doing exactly the same thing either "accidentally" or inadvertently might have escaped liability.

PS I dont care how freking runny it is...

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/463/34890#34890
Re: Re: Not much of a cheese shop, is it? 2008-01-29
Camambert
Re: Not much of a cheese shop, is it? 2008-01-29
Anonymous
Mother, May I? 2008-01-27
Anonymous (1 replies)
Re: Mother, May I? 2008-02-01
Mark D. Rasch
Mother, May I browse your public server? 2008-01-28
Anonymous (1 replies)
Re: Mother, May I browse your public server? 2008-02-01
Mark D. Rasch
It's Like a Phone Book 2008-01-30
danielc
Mother, May I? - WPAD hack appears to be legal 2008-02-01
Bertman
Mother, May I? 2008-02-07
Victor (1 replies)
Re: Mother, May I? 2008-02-07
Mark D. Rasch
Mother, May I?: Yet another real-world analogy, the court's homework, and ..."Microsoft itself"? 2008-02-09
Anonymous







 

Privacy Statement
Copyright 2007, SecurityFocus