Dave Warren wrote:
>
> As a non-lawyer, I don't see the problem. The key, to me, is that the
> remote (infected) system initiated contact with me. If I went seeking out
> vulnerable servers that had no prior contact with me, it would be different.
The problem lies in this situation: you are causing damage to another
company's property. You are willfully causing their web site (or other
services) to be suspended for a period of time, potentially leading to a
loss of business.
If, by chance, it was Microsoft's web server, and that meant its users
couldn't get information about their products, Microsoft would have
sufficient grounds (I believe) to file suit against you.
It's likely they would succeed, too.
Here's an example from the Real(tm) world:
Under Canadian law, you may use *reasonable* force to expunge a trespasser
(e.g. robber) from your property. Reasonable force does not necessarily
mean lethal force. The safe way of playing it is to use a level of force
one step above the level of force threatened upon you. So if a guy just
has his fists, you can use a baseball bat, but don't use a knife or gun
(or at least, don't attempt to lethally injure him with them). However,
if you are being threatened with a gun, you are within your right to
"shoot to kill."
But you're only allowed to use this to get him to leave your property. If
he is in the process of walking away from your property (or still on it,
but walking towards a boundary) you cannot continue to use force against
him.
If you violate this, the trespasser (or his/her estate) can file charges
and sue you for the damages caused.
n.b.: I'm not a lawyer, but I would like to play one on TV.
-kb
--
Kris Benson
ABC Communications
+1 (250)612-5270 x14
+1 (888)235-1174 x14
