SecurityFocus

Major hack attack on the U.S. Senate Jan 22 2004 05:25PM
Richard M. Smith (rms computerbytesman com) (2 replies)

Re: Major hack attack on the U.S. Senate Jan 23 2004 03:28PM
Brian C. Lane (bcl brianlane com) (2 replies)

Re: [work] Re: Major hack attack on the U.S. Senate Jan 24 2004 06:46PM
opticfiber (opticfiber topsight net) (1 replies)

Re: [work] Re: Major hack attack on the U.S. Senate Jan 24 2004 08:27PM
Jonathan A. Zdziarski (jonathan nuclearelephant com)

Re: Major hack attack on the U.S. Senate Jan 23 2004 08:59PM
Kevin Reardon (Kevin Reardon oracle com)

Re: Major hack attack on the U.S. Senate Jan 23 2004 03:29AM
~Kevin Davis³ (computerguy cfl rr com) (3 replies)

Re: Major hack attack on the U.S. Senate Jan 24 2004 05:16AM
rsh idirect com

Re: Major hack attack on the U.S. Senate Jan 23 2004 07:58PM
Kirk Spencer (kspencer ngrl org) (1 replies)

Re: Major hack attack on the U.S. Senate Jan 25 2004 02:06AM
Crispin Cowan (crispin immunix com)

Kirk Spencer wrote:

>Agreed this was not a "hack attack" as usually considered. However, I would
>raise two points. The first is simple - If someone starts reading files on a
>computer to which they are not supposed to have access, do we not consider
>this an attack? Even if the reason they got in is configuration errors?
>
That would depend on the configuration error. In particular, if your
"configuration error" was to publish a page to a web server where you
didn't want people to read it, and the "attack" was just surfing URLs,
or even manually editing the URLs, then I think you'd have a hard time
making the case for "intrusion". In particular, you effectively offered
the page for public viewing, so it breaks the notion of "not supposed to
have access".

The problem is that the barrier of what an anonymous visitor is
"supposed" to have access to is fuzzy. Then again, if it was not fuzzy,
it would be relatively easy to secure, too.

Caveat: IANAL, so my opinion that the courts will decide this fuzzy
issue in favor of whoever has the most money holds to weight :)

Crispin

--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
CTO, Immunix http://immunix.com
Immunix 7.3 http://www.immunix.com/shop/

[ reply ]

Re: Major hack attack on the U.S. Senate Jan 23 2004 06:48PM
Daniel Capo tco net br (2 replies)

Re: Major hack attack on the U.S. Senate Jan 29 2004 04:09PM
Mariusz Woloszyn (emsi ipartners pl) (3 replies)

RE: Major hack attack on the U.S. Senate Feb 03 2004 04:17PM
David Schwartz (davids webmaster com)

Re: Major hack attack on the U.S. Senate Feb 03 2004 02:56PM
Christian Vogel (chris obelix hedonism cx) (2 replies)

Re: Major hack attack on the U.S. Senate Feb 03 2004 08:06PM
Ron DuFresne (dufresne winternet com)

Re: Major hack attack on the U.S. Senate Feb 03 2004 04:13PM
Daniel Capo tco net br (1 replies)

Re: Major hack attack on the U.S. Senate Feb 04 2004 04:39PM
Thomas M. Payerle (payerle physics umd edu)

Re: [security] Re: Major hack attack on the U.S. Senate Feb 03 2004 04:02AM
rsh idirect com (1 replies)

Re: [security] Re: Major hack attack on the U.S. Senate Feb 03 2004 10:08PM
Bernie, CTA (cta hcsin net) (1 replies)

RE: [security] Re: Major hack attack on the U.S. Senate Feb 05 2004 11:41AM
Larry Seltzer (larry larryseltzer com)

Re: Major hack attack on the U.S. Senate Jan 24 2004 07:11PM
Dinesh Nair (dinesh alphaque com) (1 replies)

Re: Major hack attack on the U.S. Senate Jan 24 2004 08:32PM
ed the7thbeer com