[NTLUG:Discuss] OT: What constitutes unauthorized access?

Steve Baker sjbaker1 at airmail.net
Sun Jun 22 11:23:18 CDT 2003 

David wrote:

>>Does someone have to NOTIFY you of their don't access beyond this point
>>boundery?
> 
> 
> Tradition and common practice tells us what you intended to permit.
> In the front-door analogy, the commonly accepted uses are considered
> permitted, but that's just an assumption that YOU in particular have
> permitted them, because most people do.  You could be more explicit,
> for example, posting a "No Solicitations" sign.

Seems we could have a better analogy here.

What happens in these cases?

   1) You lock your front door and keep they key with you at all times.
   2) You lock your front door and keep the key under a flowerpot.
   3) You leave your front door unlocked
   4) You leave your front door wide open.

In every case - including the last one - there is NO implication that
random members of the public are allowed to go wandering around inside
your house.

However, opening your (not locked) garden gate in order to walk up to
the path to your front door in order to knock politely on it IS implied
as an OK thing to do.  Opening a gate to the back yard of your house in order
to knock politely on the BACK door to your house is not generally considered
OK.

It's all down to expectations and 'common courtesy'.   It's certainly not
a case of "everything is OK if the door isn't locked" - and it's also not
a case of "you can't step onto my property without a signed affidavit".

However, it's not clear in the world of the Internet where those boundaries
lie.

   1) If the computer responds to an http request for a page called 'index.html',
      then there is clearly an expectation that this is an OK thing to do.

   2) Repeatedly trying random ssh passwords in order to gain root access
      clearly is NOT an OK thing to do.

Everywhere between those limits is kinda grey.  Some people have been sued
for 'deep linking' - which is only half a notch above (1).   Random port
probing to see what services a computer is offering is seen by some as an
OK thing to do - and it's only half a notch below (2).

I don't think this is at all a clear matter.

Right now, everyone has to err on the side of caution - lock EVERYTHING
you don't want people to gain access to (and don't leave the key under
a flowerpot!) - and on the other side, be ultra careful not to do anything
to someone's computer that they don't obviously intend you to do to it.

---------------------------- Steve Baker -------------------------
HomeEmail: <sjbaker1 at airmail.net>    WorkEmail: <sjbaker at link.com>
HomePage : http://www.sjbaker.org
Projects : http://plib.sf.net    http://tuxaqfh.sf.net
            http://tuxkart.sf.net http://prettypoly.sf.net
-----BEGIN GEEK CODE BLOCK-----
GCS d-- s:+ a+ C++++$ UL+++$ P--- L++++$ E--- W+++ N o+ K? w--- !O M- V--
PS++ PE- Y-- PGP-- t+ 5 X R+++ tv b++ DI++ D G+ e++ h--(-) r+++ y++++
-----END GEEK CODE BLOCK-----

More information about the Discuss mailing list