Fraggin:

One could technically argue that, in the case of the web site, port 80 is the only _public_ port. Thus, finding an open port for ftp, (21), could be considered exactly the same as going through the back door into the warehouse of your local supermarket because it was unlocked. At a minimum you can be charged with trespass. If you download a single file or cause any expense to the supermarket then you are a burglar.... Simple as that really. I believe the same applies to the internet... if my DNS points you to a web server or mail server or whatever then those are the "public" doors to my business. All others, be it by intent, misconfiguration or sheer stupidity are not your's to even "rattle the door of"... they are mine, period. The fact that you _can_ enter doesn't mean you _have_ to enter.

Then again, even my "public" port _should_ have some reasonable expectation of "proper use". Download my web pages, fill in my forms, buy stuff from me.... whatever.... but when you start trying to exploit the system in any way you become no better than the shoplifter who entered by the front door of the supermarket... Your intent may not be criminal, (maybe you are just trying to prove that you can steal a dozen eggs), but the moment you get outside the door with those eggs you have stolen them.... Similarly, using "devious" means to enter my supermarket can be considered to be equally criminal.

It's back to my original question..... What does the 'violated" person consider the meaning of the word "harmless".... In any case it will cost the owner money to mitigate the issue.... Thus, technically, _you_ just stole from him.