Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Act as If You Care About Security

    Written by

    Peter Coffee
    Published May 29, 2006
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      If a path crosses private property, and theres a long-standing habit of public use of that path, and the owner of the property makes no effort to demonstrate ownership—for example, by building a gate and closing it for one day each year—then the owner risks a judgment in law that a public right of way has come to exist.

      This is perhaps the strongest (or even the only) argument available in the defense of Gary McKinnon—a self-labeled “bumbling computer nerd” who faced, as of mid-May, the risk of extradition from Britain to face trial in the United States on charges of repeated illegal access to government computers.

      McKinnons two-pronged argument might begin with his public assertion that the systems he accessed had default administrative user IDs and no password protection—not merely trivial passwords, but no passwords at all. “The fact that I logged on with no password meant there was no security to begin with,” McKinnon said in May to reporters in London.

      This 40-year-old is not a devious hacker seeking riches or revenge. McKinnon is a minimally educated stoner who was looking for evidence of multinational government dealings with extraterrestrials. Far from employing advanced techniques, he used freely downloadable tools and made no effort to disguise himself on the Net.

      /zimages/5/28571.gifThe Government Accountability Office slammed the IRSs security procedures. Click here to read more.

      McKinnon went after a target of opportunity: “I found out that the U.S. military uses [Microsoft] Windows,” he told the BBC last summer, “and having realized this, I assumed it would probably be an easy hack if they hadnt secured it properly.”

      Prosecutors will doubtless call that last statement an admission of knowingly doing wrong, but McKinnon has another point to make: “Once youre on the network, you can do a command called NetStat—Network Status—and it lists all the connections to that machine,” he explained to another interviewer from a UFO-related Web site. “There were hackers from Denmark, Italy, Germany, Turkey, Thailand …” The incredulous interviewer asked him, “All at once?” McKinnons reply: “Every night.”

      So, heres the picture that McKinnons defense team can paint: These systems had their front doors wide open, with a cosmopolitan come-as-you-are party going on inside. Lawyers can invoke at least three different labels to describe this situation, with many variations under the law in different countries.

      “Permissive easement” can arise if you continually let a person do something with your property; at some point, a court may find that that person has acquired the right to keep on doing it.

      “Estoppel by acquiescence” may be found to arise if you dont complain that youve been harmed; your silence becomes a consent that bars future complaint.

      “Laches” can become another partys affirmative defense if you dont assert a right promptly against that party, and that party proceeds in (presumed) ignorance of your right. You cant then ambush the infringer, complaining of an augmented offense that you could have prevented by earlier action to minimize your own harm. Its like a statute of limitations, but one thats based on fairness rather than an arbitrary length of time.

      Regardless of the lawyerly label, though, youre in a weak position if someone accesses your systems and can claim that there was no barrier—not even a notice of ownership—to make it clear that a resource on the public network was not being offered for public use. Centuries of precedent make it the obligation of an owner to assert control or lose it.

      Im not wearing a “Free Gary” T-shirt, nor am I even asserting that these defenses ought to succeed in this case. What Im urging here is that you think about the situation that youd be in if someone intruded on your systems, perhaps causing damage that clearly was not intended, and claimed that there was no clear notice on the path that permission was required to pass.

      Your own systems should be nontrivially defended and prominently labeled to eliminate the chance that either an intruder or a careless employee will be able to disclaim responsibility for abusing your IT assets.

      /zimages/5/28571.gifFor reader response to this column, click here.

      Technology Editor Peter Coffee can be reached at [email protected].

      /zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Peter Coffee
      Peter Coffee
      Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×