« DLM: Hard Core Negotiating Tactics for Car Purchases | Main | Bush's Delusion Illustrated »

Rasch on ND Ruling

If you hadn't heard, a fellow named David Ritz was ruled against in a North Dakota civil case earlier this month for finding information on alleged spammer Sierra Corporate Design. At the core of the case was Ritz's use of DNS zone transfers to determine the full extent of named servers within Sierra's network, which was ruled to amount to unauthorized access. The conundrum is this: in general, access to network services is presumed on the Internet to be implicitly authorized, unless labeled otherwise. Furthermore, even if the network service is misconfigured to provide more information than is desired, it is still generally assumed that the information is "public" by virtue of being available. Unfortunately, as Rasch explains, in the ND case, intent was also factored into the equation. So, just because Ritz could perform a DNS zone transfer does not mean that he was authorized to do so. This conclusion is somewhat specific to DNS zone transfers (we hope) because it is an area where there isn't necessarily a good case for demonstrating implicit permission simply because the query can be performed.

You can read the whole story here. Rasch concludes by saying:

Again, it’s a close call. Under other circumstances, a court could easily conclude that the use of a particular command was, in fact implicitly authorized. Security researchers use publicly available and widely used tools to probe Internet accessible computers all the time. Courts in the future are likely to look both at the motives of these researchers and the impact of what they do in deciding whether or not their actions give rise to civil or potential criminal liability. So we need to learn to play nice with other children.

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/531

Post a comment

About

This page contains a single entry from the blog posted on January 23, 2008 2:23 PM.

The previous post in this blog was DLM: Hard Core Negotiating Tactics for Car Purchases.

The next post in this blog is Bush's Delusion Illustrated.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.