Sure, what Lamo does is illegal. So are lots of other things. Spam is illegal, to varying degrees in different locales. Last month we witnessed the spectacle of criminal charges (later dropped) against the operator of a site that searches for open mail relays, because his test program happened to crash the mail system of the local government of a Michigan town. Yup, he broke the law. However, this wasn't his intent, and the initial reaction seemed to suggest that the officials involved were more concerned with punishing him for causing him embarassment than they were with the fact that they may have been unwittingly helping a legion of porn providers advertise themselves.

Security is a difficult and unpleasant task, and more of a journey than a destination. If there are so many vulnerable operations, it suggests that perhaps IT departments need to use more auditing services to help discover the holes they've missed before the really bad guys exploit them. Then more people like Lamo could do what they do for a living, under an aegis of legitimacy. Instead, we seem to be a seeing a rush to hide under the skirts of the Lady of Justice by passing more laws and "trowing the book" at the few individuals who are caught to try to make examples of them. This smacks to a degree of desperation.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/70/11545#11545