Re: [Full-disclosure] [inbox] Re: Supporters urge halt to, hacker's, extradition to US

Michael Krymson wrote:
Wow, this whole discussion with a troll has gone on far longer than it ever
should have.

So basically what you're saying is that we should all shut up and not
talk about an actual issue, and that trolls should be trolls and stay
away from discussion of actual issues?

Oh, I'm sorry, was that a straw man characterization? Were you saying
something subtly different? A lot of that going around.

n3td3v thinks that a server with passwords not set is fundamentally
different from an unlocked door. ("Can we get over houses, and cars,
this is the internet, the systems were PUBLIC DOMAIN.") I'd like to
see him defend that position.

But just in case you can't bring yourself to *believe* that it's a
defensible position, here's some food for thought:

SYN = May I come in.
SYN ACK = Sure.
ACK = OK, I'm coming in, in accordance with your wishes.

FIN (when server to client) = Time for you to leave.
FIN ACK (when client to server) = OK, I'm leaving.

RST (when server to client) = If you're in here then GTFO!

Once the three-way handshake is complete, the client is in the
server's house, and may go into any room (this is application-layer
now) not forbidden by a security mechanism or law of the land. One
would be hard pressed to argue that an authentication system without a
password set is a security mechanism.

Going through an open door into the bedroom may be impolite, and it
may incite bad feeling in the house's owner. But one would be
hard-pressed to say it would be illegal.

Is that a totally wrong analogy? Maybe. If it is, are we be sure it is
a wrong analogy, BEYOND REASONABLE DOUBT?

Again though, once you start leaving notes under the pillow in the
bedroom or opening a window to get in later, you've said GTFO to the
legal defensibility of your actions.

-Eliah

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: Can we use DAPs to access remote MDB files?
    ... web server (from the client) and others seem to be saying it's NOT ... I think people are saying that you can, but it would be of limited practical ... multi-user database pretty well straight out of the box. ... Well I wouldn't unless I checked the record against the server version each ...
    (comp.databases.ms-access)
  • Re: win98 clients cant connect after sbs4.0 to sbs2003 migration
    ... saying they were owning the domain. ... I also loaded the DS client everywhere to be safe and all ... the old NT 4.0 server ... I opened network neighborhood and the ...
    (microsoft.public.windows.server.sbs)
  • Re: Yes, ADTpro again...
    ... Are you saying you can transfer disks successfully at 9600 and 19200 ... baud, but not 115.2k? ... then I suspect you have a mismatch of client and server across ...
    (comp.sys.apple2)
  • Re: [SLE] Its SuSE not SUSE
    ... but as a client I'm entitled to dislike it. ... There is a saying in ... Wouldn't that depend on the server? ...
    (SuSE)
  • Re: What doesnt lend itself to OO?
    ... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
    (comp.object)