Re: [fw-wiz] Botnets, IRC servers and firewalls?

From: Paul Robertson (
Date: 02/05/04

  • Next message: Michael H: "[fw-wiz] Uploading config files to Pix 515"
    To: Gadi Evron <>
    Date: Thu, 5 Feb 2004 14:25:15 -0500 (EST)

    On Thu, 5 Feb 2004, Gadi Evron wrote:

    > > Not in this country, and nor should you- morally the theif and the
    > > murderer are the ones at fault. I can use your *pen* to kill someone
    > > quite easily- does this mean that you're now required to have a "pen
    > > safe?" I can use the category 5 cable connecting your computer to the
    > > jack in the wall to strangle someone- does that now have to be locked up?
    > > Any legal system flawed enough to produce liability in such cases on a
    > > regular basis is doomed to more abuse than the original damage.
    > Most computer crimes are not "hacking", they are about computers being
    > used to perpetrate/help commit a crime, such as fraud.

    In fraud cases in my experience (and those of the folks I generally work
    with) it's either the victim's computer (company) or the perp's computer
    (fraud against home users.) Very rarely is it a disintrested 3rd party's
    computer, unless it's the perp's employer- which isn't a random 3rd party.
    [I keep up to date on this area pretty agressively.]

    > Economic damages caused by computer crimes, worms, etc. are sky-rocketing.

    Worms and Trojans are where the end user issues tend to intersect with the
    crime issues.

    > The difference between if a person stole your gun to kill someone, or
    > your .. cable.. is that a gun is a weapon.

    That makes it "essentially no difference." In the US, other than
    situaitons where a juvenile has access to the weapon and the state has a
    specific law about that (common on the East Coast) there's no criminal
    liability. If I have children in my house, then I'm obligated to have
    trigger locks on my firearms, otherwise I'm not. I'm never obligated to
    have a trigger lock on a Bosch cordless drill, which can also do damage-
    but that's only because of specific "feel good" legislation (if you think
    someone with access to the property can't find the key...) None the less,
    outside of places where that specific legislation is in place, it won't
    end in a successful legal action. If my firearms are in my house, and
    somone breaks in, I'm not liable if they use them to do something bad,
    nor should I be.

    > If someone stole your gun and committed a crime you may not be tried for
    > murder, but you will be for negligence.

    You *may* be civilly sued for negligence, but you're not likely to be
    tried for criminal negligence and the civil suit is likely doomed to fail.

    > DDoS is a weapon, used for blackmail, economic harm, etc.

    But the computer isn't normally used to DDoS, so it's more like a drill
    than a gun (if you take the opinion that guns have some inherrent property
    that makes them "bad"- which also means you're not following the
    statistics of how many guns save how many lives each year compared to
    deaths- again with US-centric stats.)

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation
    firewall-wizards mailing list

  • Next message: Michael H: "[fw-wiz] Uploading config files to Pix 515"