-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was quite interested in this thread myself so I wrote a quick post to incidents. Here is one of the best responses I got back with links included.
Hope the group is doing well, Leon " Though the case is not cited, the 2 Mar 90 Defense Data Network Security Bulletin advises, "A court recently threw out a suit against a computer system intruder because the logon prompt was preceded with "Welcome to..." and implored administrators to cease using "Welcome" in logon banners. (http://csrc.ncsl.nist.gov/secalert/ddn/1990/sec-9004.txt) Again, without citing a case, NASA's GRC (Glenn Research Center) exclaims in chapter 9 of its Directive 2810.1, "To the maximum extent of their capabilities, all GRC systems must display a warning to all users at the time they log on. Recent criminal prosecutions have emphasized the value of well-written logon banners. In one case several years ago, a quick-thinking defense attorney convinced a jury that an external intruder could not possibly have been a criminal computer trespasser because the system that he had broken into had had a logon banner that WELCOMED him to the system. Far from being an uninvited intruder, he was actually a welcome guest!" (http://www.grc.nasa.gov/WWW/Directives/2810.1-Chap9.html) And it appears that this is not a U.S.-centric issue; the following exerpt from the Australian University of Queensland Security Emergency Response Team Advisory SA-93:03A bulletin exhorts, "SERT recommends that any login banner or system initial message should not imply consent to use the computer services (E.g., words such as "greeting" or "welcome"), unless it is the express intention that any user is free to use the system, whether they are authorised or not." (http://www.attrition.org/security/advisory/auscert/AA-93.03.Suggested .Login .Banner) You may want to contact these organizations directly for more detail. However, there's plenty of discussion on the flip side of the coin, too; e.g., see "Trespassing, IP and the Law (REALLY long) (was Re: Virus to Virus Idea" at http://www.der-keiler.de/Mailing-Lists/securityfocus/security-basics/2 001-09 /0096.html. " -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPJy6VNqAgf0xoaEuEQJ3HgCguTo0mTEPdUCJ0Bz2ylExexq3h+AAoPEl Vz3F+ULl0eAeOD231OzpdeA6 =AuB2 -----END PGP SIGNATURE-----
