Comments on: Expert challenges UFO hacker’s $700k bill | 22 Sep 2009 | ComputerWeekly.com http://dropsafe.crypticide.com/article/3473 security, software, cycles, food, drink, life... Wed, 08 Sep 2010 12:07:17 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: alecm http://dropsafe.crypticide.com/article/3473/comment-page-1#comment-22815 alecm Mon, 28 Sep 2009 20:48:55 +0000 http://www.crypticide.com/dropsafe/?p=3473#comment-22815 I knew a hacker once (anyone know what happened to "Snurt?") who was a spotty teen whose party trick was to tell Primes to drop their hard drive heads onto the platter ("park" system call) whilst the disks were still spinning/rotation; this usually caused several tens of thousands of pounds of hardware damage, back in the '80s. For *that* I would be interested in compansation. But if someone gets into a system and creates a few extra log records - or even if they trigger logging but don't get in - should they be gonged for theft of disk space and/or of electricity, as was tried as a prosecution also back in the 80s? I think not... It does come down to details, you're right - but I am willing to take it on faith that any figure like the above is likely inflated by (for instance) pro-rata salaries of the people doing the investigation and cleanup, people who ought and probably *are* be on the payroll in the first place. I don't believe that is someone hacks my site that somehow they are magically to blame for the salaries of my security team; lawyers with an eye on the bottom line will probably see that differently, but that is where they and I clearly diverge... I knew a hacker once (anyone know what happened to “Snurt?”) who was a spotty teen whose party trick was to tell Primes to drop their hard drive heads onto the platter (“park” system call) whilst the disks were still spinning/rotation; this usually caused several tens of thousands of pounds of hardware damage, back in the ’80s.

For *that* I would be interested in compansation.

But if someone gets into a system and creates a few extra log records – or even if they trigger logging but don’t get in – should they be gonged for theft of disk space and/or of electricity, as was tried as a prosecution also back in the 80s?

I think not…

It does come down to details, you’re right – but I am willing to take it on faith that any figure like the above is likely inflated by (for instance) pro-rata salaries of the people doing the investigation and cleanup, people who ought and probably *are* be on the payroll in the first place.

I don’t believe that is someone hacks my site that somehow they are magically to blame for the salaries of my security team; lawyers with an eye on the bottom line will probably see that differently, but that is where they and I clearly diverge…

]]> By: Simon http://dropsafe.crypticide.com/article/3473/comment-page-1#comment-22814 Simon Mon, 28 Sep 2009 20:37:20 +0000 http://www.crypticide.com/dropsafe/?p=3473#comment-22814 Isn't Sommer wrong here in raising what an insurer would cover? Your insurance typically won't cover riot, but you can press or be awarded damages against a rioter. And it doesn't matter how "safe" your house was against rioting, criminal damage is criminal damage. As such if there were consequential damage then he should be paying for it. If they had inadequate defenses he can't reasonably be charged for them implementing what they should have had in the first place. Certainly $700,000 sounds excessive, but without a detailed breakdown I'm not sure I have enough information to comment further. Isn’t Sommer wrong here in raising what an insurer would cover? Your insurance typically won’t cover riot, but you can press or be awarded damages against a rioter. And it doesn’t matter how “safe” your house was against rioting, criminal damage is criminal damage.

As such if there were consequential damage then he should be paying for it.

If they had inadequate defenses he can’t reasonably be charged for them implementing what they should have had in the first place.

Certainly $700,000 sounds excessive, but without a detailed breakdown I’m not sure I have enough information to comment further.

]]> By: William http://dropsafe.crypticide.com/article/3473/comment-page-1#comment-22739 William Wed, 23 Sep 2009 09:22:03 +0000 http://www.crypticide.com/dropsafe/?p=3473#comment-22739 Spot on Alex. I think Peter Sommer has this right. The trial we dreaded may turn out to be more interesting than we thought.... Spot on Alex. I think Peter Sommer has this right. The trial we dreaded may turn out to be more interesting than we thought….

]]> By: alecm http://dropsafe.crypticide.com/article/3473/comment-page-1#comment-22737 alecm Wed, 23 Sep 2009 09:18:59 +0000 http://www.crypticide.com/dropsafe/?p=3473#comment-22737 more crack == guns: http://groups.google.com/group/alt.security/browse_thread/thread/82634b96399c1e24/1ce33dba56fd7ede more crack == guns:

http://groups.google.com/group/alt.security/browse_thread/thread/82634b96399c1e24/1ce33dba56fd7ede

]]> By: Nick Palmer http://dropsafe.crypticide.com/article/3473/comment-page-1#comment-22736 Nick Palmer Wed, 23 Sep 2009 09:18:15 +0000 http://www.crypticide.com/dropsafe/?p=3473#comment-22736 I also am with Sommer on this, but I think he's basically on to a loser with this argument. We know that the whole basis for calculating the "damage" that McKinnon caused was not based upon anything other than making each incident exactly meet the amount required to trigger the most serious federal charges; there is no relationship to actual damage or cost. Consequently, I think that even were Sommer's argument to be made successfully, the US would simply substitute some other made-up "cost". I also am with Sommer on this, but I think he’s basically on to a loser with this argument. We know that the whole basis for calculating the “damage” that McKinnon caused was not based upon anything other than making each incident exactly meet the amount required to trigger the most serious federal charges; there is no relationship to actual damage or cost. Consequently, I think that even were Sommer’s argument to be made successfully, the US would simply substitute some other made-up “cost”.

]]> By: bartb http://dropsafe.crypticide.com/article/3473/comment-page-1#comment-22735 bartb Wed, 23 Sep 2009 09:17:50 +0000 http://www.crypticide.com/dropsafe/?p=3473#comment-22735 While it may be usual to be asked to pay for a door that one has broken down this seems more like being asked to pay for installing a door after having walked through a <a href="http://images.google.com/images?q=door+curtain" rel="nofollow">door curtain</a> to get into the building initially... While it may be usual to be asked to pay for a door that one has broken down this seems more like being asked to pay for installing a door after having walked through a door curtain to get into the building initially…

]]>