On Mon, 6 Nov 2000, Jim Choate wrote:
no. the argument is: if you make probing illegal, we'll see even more (and *much* more) "security through obscurity" - because figuring out that this crap is insecure will land you in jail.
Going to jail won't stop anyone from figuring it out if that's what they want. I would be so bold as to suggest that if they make it illegal then you'll see a significant rise in the behaviour, along with increased use of anonymous remailers and Open Source software than can be kludged.
My personal opinion is that if the Government(tm) wants to make security illegal, then they should suffer for their actions. The research will go on, no matter what. Making it illegal is not going to stop human curiosity. What I think should happen is that anyone in the security industry should refuse to help the feds in any form. They should not help them secure their systems. They should not let them have access to their ftp servers. (Hosts.deny is your friend.) They should let them feel the pain of their stupidity. And after they get rooted by the script kiddies for the millionth time, maybe they will get a clue and allow people to find and fix the holes without having to worry about the feds carting off every thing they own. Making security work illegal is a BIG hint that they do not like security. I certainly won't work with someone who holds a grudge against me. Neither should anyone else. alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys. "In the future, everything will have its 15 minutes of blame."