Re: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?

Valdis.Kletnieks_at_vt.edu
Date: 06/30/04

  • Next message: Jim Burwell: "Re: [Full-Disclosure] PIX vs CheckPoint" 
    To: Morning Wood <se_cur_ity@hotmail.com>
Date: Wed, 30 Jun 2004 17:08:32 -0400

    On Wed, 30 Jun 2004 10:56:28 PDT, Morning Wood <se_cur_ity@hotmail.com> said:

    > As a side note, I would like to know if using a exploit on a non passworded
    > site ( access restriction )
    > to obtain / change data is in fact illegal ( in the USA ) , as I recall it
    > is a violation to bypass
    > an ACCESS CONTROL DEVCE. If no access control is present is there a
    > violation of a law?

    Note that 17 USC 1201(a)(1)(A) says: "No person shall circumvent a
    technological measure that effectively controls access to a work protected
    under this title". In other words, the anti-circumvention clause is
    *only* concerned with the case of you circumventing something to get at
    copyrighted data.

    If there's no copyright issue, or no access control, that clause doesn't
    apply.

    You however *may* still be in deep bovine-based fertilizer from
    possible violations of 18 USC 2101, 18 USC 1030, other US Code sections,
    and quite possibly any state laws that pertain to whatever you did...

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Jim Burwell: "Re: [Full-Disclosure] PIX vs CheckPoint"