-
February 26th, 2004, 09:48 PM
#21
Hmmm,
I was wondering if the "rules" are different for a private computer as opposed to one that is "visible" on the net and/or open to the public?
Seems to me that it is the person hacking into the private computer who is commiting the invasion of privacy?
Cheers
-
February 26th, 2004, 09:53 PM
#22
Seems to me that it is the person hacking into the private computer who is commiting the invasion of privacy?
Actually, last I checked, that was B&E. I find laws to be a bit weird when you get down to the technicalities of the law.
-
February 27th, 2004, 12:25 AM
#23
Junior Member
IMHO a honeypot is just like any other computer. It would just happen to be a computer that has good loging systems/IDS's.
If you hacked joe shmoe, and joe requests the logfile from a proxy that the attacker went through, would it be illegal for the proxy to give up that log?
How can you define what the true intent of a computers use is.....all the admin has to say is that its his personal PC and no one could say other wise.
just my thoughts, take them with a grain of salt
-
February 27th, 2004, 10:11 PM
#24
Junior Member
According to CISSP cert info., honeypots are legal. Honepots are used for enticement, which is not illegal.
Anything used for entrapment, such as a user clicking on a link but actaully downloads illegal software is illegal.
-
February 27th, 2004, 10:20 PM
#25
If you hacked joe shmoe, and joe requests the logfile from a proxy that the attacker went through, would it be illegal for the proxy to give up that log?
I'd say it'd depend on how they define their privacy policy. Reality is that if the FBI comes with a warrant only an idiot wanting to get a new roommate called "Bubba" would balk. If an individual requests it, it'd be unlikely if the proxy would respond at all. Joe Shmoe has a better chance if he files a complaint with police and let them take it further with the court system.
How can you define what the true intent of a computers use is.....all the admin has to say is that its his personal PC and no one could say other wise.
Uh. No. Companies identify what they own so as to avoid issues of ownership and to enforce security measures. Computers, networks, proprietary information are all property of the company. So an admin cannot just say "it's my personal pc" unless it really is. Intent is a hard thing to prove but it's done all the time in murder cases (Murder in the First degree versus Murder in the Second Degree: the difference? Intent) so it's not that impossible.
According to CISSP cert info., honeypots are legal. Honepots are used for enticement, which is not illegal.
Anything used for entrapment, such as a user clicking on a link but actaully downloads illegal software is illegal.
CISSP/ISC(2) is not the law. I think scanning is perfectly legal. Courts in various states might disagree with that. Until it's tested in court, it's still grey area IMHO.
As far as the Entrapment possibility.. Let's remember that Google is so much fun. Let's be clear first what entrapment means.
The inducement, by law enforcement officers or their agents, of another person to commit a crime for the purposes of bringing charges for the commission of that artificially-provoked crime. This technique, because it involves abetting the commission of a crime, which is itself a crime, is severely curtailed under the constitutional law of many states.
So unless you are a police officer or a member of some other law enforcement agency, or encouraged by a law enforcement agency, you are NOT committing entrapment if you setup a honeypot and the user chooses to download illegal software or what-have-you.
-
February 28th, 2004, 01:07 AM
#26
There was a story on TechTV about four months ago that had to do with a man who was having problems with people getting into his system, He built a honeypot for collecting info on the hackers and to try to get their ISP to help stop them. I do not know if anything happened to him, but the info he collected was turned over to the FBI. as for scanning, was not illegal in itself, but posting the info is. I just wish I could remember the name of the story for the honeypot.
Thank you for your time.
paper on a court case about port scannng,
http://216.239.39.104/search?q=cache...hl=en&ie=UTF-8
a colunm by Dan Gillmor
http://weblog.siliconvalley.com/colu...s/000946.shtml
I have 315 relays and 118 switches and have all the power of a calculator.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|