RE: Comcast man-in-the-middle attack - ethics

From: J Edgar Hoover (zorch@totally.righteous.net)
Date: 02/11/02


Date: Mon, 11 Feb 2002 11:33:40 -0800 (PST)
From: J Edgar Hoover <zorch@totally.righteous.net>
To: "Maslyar, George" <george.maslyar@tfn.com>

On Mon, 11 Feb 2002, Maslyar, George wrote:

> It's not wrong in Maryland and Virginia.
> We are, unfortunately, UCITA states.
> Posting to a website makes a clause enforceable.

Cool.

Please visit my site;

http://totally.righteous.net/tos.html

If I sign a contract authorizing you to shoot me, does that free you from
criminal prosecution?

My point has always been that this is wiretapping and eavesdropping, both
of which are illegal under state and federal _Criminal_ law.

I don't think a civil agreement supercedes criminal law.

Regardless, as i've said repeatedly, I am not interested in debating the
legal points in this forum. If some of you feel what Comcast is doing is
right or legal, then provide your ad-hoc free legal advice to Comcast.
Defending them here serves no useful purpose.

If anyone wants to discuss the technical issues involved in
avoiding/trashing/owning an Inktomi Traffic Server 4.0 running on linux,
then let's rock.

The Inktomi Traffic Server is vulnerable on a number of levels, and the
neat part is it can be exploited through it's evilest feature. It steals
messages that weren't addressed to it, and trusts the content.

If I send messages to a server I control, and these messages are stolen by
a machine that chokes on them, whose fault is that?

Oh, Just because you don't have Comcast cable doesn't mean you have to
miss out. These proxies are open from the outside via ports 80 and 554
(rtsp).

You can even use them to scan/probe/exploit Comcast's internal RFC-1918
network.

Anything named cas??.*.comcast.net is a free open proxy.

z