> Actually, just accessing the third parties server as a privleged user
> without their prior authorization is illegal in the U.S.
Why don't I set up an insecure website, run the web server as administrator,
then spam. Anyone that hits the web server (Accesses an administrator level
account) is guilty, right?
To me, exploiting a bug in the software is a problem. Using a script
installed on said server for it's intended purpose should not be illegal.
I'm not in the US either, which helps.
Ultimately, I think the key is who accessed who first. Since the
compromised server accessed me first, and attempted to hack me, a reasonable
response would be to prevent the machine from causing damage, without
causing permanent harm to the machine (Nothing a reboot won't solve), and
alerting the owner (Via the popup).
Whether lawyers would see it the same way, I'm not sure. But I still think
that a few over-seas webservers with code like this could do a LOT of good.
Or, anyone want to "hack" my webserver and install this default.ida for me,
without my knowledge? I mean, anyone going after me for a web server that I
maintain that was compromised and attacked a machine that attempted to hack
me would be equally guilty, right?
Yeah, I'm getting beyond reasonability and into absurdity. But then, NIMDA
beat me to that particular punch.
========================================================
Dave Warren,
devilsplayground.net administrator
Email: [EMAIL PROTECTED]
========================================================
