On Fri, 02 Jun 2006 17:05:26 +0200, =?windows-1252?Q?Marcos_Ag=FCero?= said:
ad@heapoverflow.com escribió:
That is why the definition of ?damage? is so important. If there is no
impairment to the integrity and availability of the network, then there
is no crime.
So, It's seems that portscanning is not a crime but, what if I scan a
network and sell/trade/lend the results to some guy that will cause that
impairment to the network? Is it a crime to sell such information?
At least in the US, it's a slam dunk, and one of the primary ways that
hackers get taken down (quite possibly as many as under 1030(a)(5) which
covers actually hacking in yourself).
18 USC 1030 (a)(6):
(6) knowingly and with intent to defraud traffics (as defined in section 1029)
in any password or similar information through which a computer may be accessed
without authorization, if:
(A) such trafficking affects interstate or foreign commerce; or
(B) such computer is used by or for the Government of the United States; [1]
"passwords or similar information". If it's info that lets the guy hack in,
like "the box is vulernable to MS06-229", you're probably in trouble. There's
more than a few script kiddies now walking around with a criminal record
because they got caught copying files of Windows password hashes around so they
could run a password cracker on them.
pgpLOQWq8vGe5.pgp
Description: PGP signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
