On Tue, Sep 10, 2002 at 03:28:42AM -0700, Vineet Kumar wrote: > * Michael Renzmann ([EMAIL PROTECTED]) [020910 03:12]: > > Hi. > > > > Vineet Kumar wrote: > > >>Phillip Hofmeister stated that one could use the Nimda backdoor on the > > >>server that connects our server to setup a warning message on the > > >>attacking computer's desktop. > > >If you do, be prepared to go to jail... > > > > For what reason? For telling stupid webserver administrators about a > > security problem they have? > > As the law is concerned, this is like telling people they've left their > front door unlocked by inviting yourself in and taking a dump on their > couch. It's not yours, and you have no right to enter, let alone change > (deface) the site, no matter how easy it is, or how much good you think > you might be accomplishing.
Wrong analogy. Imagine instead a car that is always unlocked and is used nightly by hooligans when they go joy-riding. The warning message + lockup technique is more like leaving a note behind the wind-shield of the car and locking its doors. In the real world, such behavior might be called "being a concerned citizen". -- Erik Rossen ^ OpenPGP key: 2935D0B9 [EMAIL PROTECTED] /e\ "Use GnuPG, see the http://people.linux-gull.ch/rossen --- black helicopters."
