By the legal definition I am looking at right now, a "peeping-Tom"-type voyeur is guilty if trespassing on private space. If I read this right, a party who can see the view from the sidewalk or a public road isn't violating the law, even if he has to go to some trouble to do so (e.g., find some elevated location to see over a fence or similar, presuming the chosen way to accomplish that is not itself trespassing).

Then let's suppose it's not someone's body being viewed for jollies, but rather, something informational which can be discerned from a suitable vantage point. I'm guessing the law wouldn't differ much. In either case, the resident is leaving the window blinds up without considering what may be visible through the window and how easily it can be viewed.

Where would the law come down on this in a civil action? Would the viewer be subject to penalty for having climbed a tree in his own yard or that of a compliant neighbor, thus to

Sierra's DNS server is the open window and the information retrieved from it is the stuff spied upon. I should think the court would, at the very least, insist that Sierra do its part and shut the window blinds. No mention is made of that.

Now, the homework part:

Courts are not staffed by IT experts and have to depend on their own research and expert testimony. This ruling has disturbing indications that this court did a pretty sloppy job preparing for the case. While most of these do not necessarily negate a particular finding, they do cast doubt upon the court's competency to deliver an informed ruling.

HELO is part of every SMTP transfer. VRFY isn't, but it's still a standard part of SMTP. The court finds fault in Ritz issuing those commands manually apparently because they are not "commonly known to the average computer user." Not only is the issuing of those commands hardly worthy of censure, but the reason given in the context of this paragraph shows the court didn't really have a grasp on what they are for and what they mean.

Ritz is accused of accessing Sierra's servers "via a UNIX operating system" [what in heaven's name does that have to do with anything] and using a shell account." No kidding; see the foregoing. If the court knew what those things were they would not be mentioned in any context that associates them with wrongdoing.

Paragraph 10 leaves me unsure if I should laugh, cry or shake my head in abject wonder.

"...Microsoft itself, as well as various other authorities, all refer to [zone transfers of this kind] as 'unauthorized.'"

To perceive Microsoft as an "authority" on Internet use and practice is to live in a fantasy world. A court lacking even the fundamental knowledge of the Internet's history and functional nature to know better is woefully ill-prepared to rule on a case of this nature.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/463/34920#34920