honeypots leagal? - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: honeypots leagal?

  1. #11
    Senior Member
    Join Date
    Sep 2003
    Posts
    126
    If you had a voice recorder set up in your house and a crook broke in and happened to use his cell phone while he was their it would be admissible in court....so why if someone breaks into a honey pot would that be a violation of their privacy? Maybe I'm missing something here but if they are illegally intruding on your property then I would think they gave up the right to keep what they are doing private.
    [Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above[/shadow]

  2. #12
    Member
    Join Date
    Jan 2003
    Posts
    47
    i found this site it helped me out thought i post it here http://www.securityfocus.com/infocus/1703

  3. #13
    Senior Member
    Join Date
    Feb 2002
    Posts
    500
    Originally posted here by nihil
    2. They came to you, you did not go to them, or security cameras would be illegal?..............they monitor people's activity?

    Just a thought
    I may be wrong, but at most stores and gas stations, they need signs posted saying they are monitering via cameras ("this facility is monitered by camera"). Maybe if you place something similar on your box, readme.txt files or something, maybe even name the machine/honeypot "monitered" that would bypass some of this privacy concern... just a thought...
    Ron Paul: Hope for America
    http://www.ronpaul2008.com/

  4. #14
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    a while back I posted a thread entitled "use a honeypot, go to prison?" It was a link to an interesting article writen by Kevin Poulsen at SecurityFocus and posted by our paranoid friends over at the Register... anyway, you can find my original thread here

    or you can find the direct link to the Register story here

    So far I know of no court cases against honeypots so this is still a "grey" area for legality purposes. My view is that I don't think it's illegal to run or operate a honeypot... but I could be wrong on this (let's hope not).

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  5. #15
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I may be wrong, but at most stores and gas stations, they need signs posted saying they are monitering via cameras
    I think that is probably to deter robbers and shoplifters.................but there are none in banks and post offices, yet the cameras are still there................also in bars...............if I saw a sign like that in a bar I would leave before the fighting started Hotels & airports have them as well?

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #16
    Junior Member
    Join Date
    Feb 2004
    Posts
    5
    remember that if :

    1) your machine is compromised and then
    2) used to attack another machine and
    3) you have *deliberatly* left your machine open

    then you could probabily be sued.
    \"If money could talk it would say goodbye\"
    -Anon

  7. #17
    Custom User
    Join Date
    Oct 2001
    Posts
    503
    What if you set up a machine that extensively logged all access in the same way that a honeypot would, but you didn't just set it up to be hacked. For example, I've got a linux box running with sshd and apache which I use to make work that I've done at home available to me at uni, and so my friends can download stuff off me easily. If someone came onto my computer and I decided to log all their access and monitor what they were doing, would I be invading their privacy? (bearing in mind that this computer is not set up as a honeypot)

    ac

  8. #18
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    If someone came onto my computer and I decided to log all their access and monitor what they were doing, would I be invading their privacy? (bearing in mind that this computer is not set up as a honeypot)
    Technically yes if you did not inform them that they were being monitored. You know those support calls you make and you hear that lovely but monotoned voice that says "This call may be monitored for quality assurance". While the call is between you and the tech support (and any managers thereafter depending on the level of experience of the techie), the fact that the call is logged and potentially open (your expectation of privacy is gone) you have to be informed.

    While logging activities would be, IMO, a grey area I'd still put up a notice so that people know there isn't an expectation of privacy. Just as a CYA policy.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #19
    Custom User
    Join Date
    Oct 2001
    Posts
    503
    MsMittens, I'm not doubting you. I see what you're saying and it sounds logical to me, but why then, are large website administrators, etc. not prosecuted for having log files on their computers? I mean, plenty of people must access their sites, and by default, most httpd's take a decent amount of logs.

    For example, could antionline be sued just because the site doesn't have a big banner on the front of it that says that access to the site is logged? I would really doubt that there is no logging for a site like this.

    Again, this comment isn't meant to be a flame or anything...I agree with you, but the fact is that I don't know enough about this, so I've got to assume that other do and ask questions.

    Thanks,

    ac

    [edit] I see there is a link to a security policy at the bottom of the main page which explains in great detail how information is used. Is that for this site, or for some of the advertisements at the bottom of the page? [/edit]

  10. #20
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I see there is a link to a security policy at the bottom of the main page which explains in great detail how information is used. Is that for this site, or for some of the advertisements at the bottom of the page?
    You mean the Privacy Policy? That's for AO and some of the advertising on the site. As long as you have it written somewhere that you are collecting information and how you intend to use it (to indicate the level of expected privacy then you are covered).

    What information are you collecting and how are you collecting it?

    Every computer connected to the Internet is given a domain name and a set of numbers, that serve as that computer's "Internet Protocol" IP address. When a visitor requests a page from any Web site within the JUPM Network, our Web servers automatically recognize that visitor's domain name and IP address. The domain name and IP address reveal nothing personal about you other than the IP address from which you have accessed our site. We use this information to examine our traffic in aggregate, and to investigate misuse of the JUPM Network, its users, or to cooperate with law enforcement. See also Will you disclose the information you collect to outside third parties? We do not collect and evaluate this information for specific individuals. Our Web servers do not automatically record e-mail addresses of the visitors.
    As you can see, JUPM does collect information about users via logging. In effect, the Privacy Policy found at most Websites is the CYA policy. I believe that should answer your initial question as to why webmasters at large websites aren't prosecuted for keeping logs. While most people don't read the Privacy Policy at websites (and really you should to see what information is open, what is being monitored regularly and what they do with your information), it is the Privacy Policies that usually indicate how information (logging and data mining) is being ued and what level of privacy expectation someone should have for a particular site.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides