[LINK] Super fund security breach lands good Samaritan in hot water
kauer at biplane.com.au
Wed Oct 19 12:35:12 AEDT 2011
On Wed, 2011-10-19 at 09:43 +1100, Stephen Wilson wrote:
> Yet the technicality remains: if you circumvent a
> security system, you may be in trouble.
If I push open an unlocked door, have I "circumvented security" just
because the door had a lock?
What if I push the door to see if it is locked? And surely it also makes
a difference depening on what I do once I am through the door?
That's why this is not black and white. Circumvention must (almost by
definition) have both an element of intent of the part of the
circumventer, and an element of notice given by the circumventee. For
example, if the door has a large sign on it saying "private property
keep out" and I go through it, even if it is unlocked, the situation is
different to me going through some random unmarked door.
If security software is supposed to do X, Y and Z, but actually does
only X and Y, then the situation could be seen as analogous to having
three doors, only two of which are locked. Is it bad to stroll through
the unlocked door?
Or to take a similar but different analogy, if I have a big bunch of
keys, and I try them all in a lock, and one of them unlocks the door, I
have not "defeated" the lock, I opened it in the standard manner. What
if the lock is old and worn, and one of my keys works, even though it's
not actually the "right" key? What if I use a skeleton key? There are
many shades of grey even with a physical door, and many more when it
comes to computer security.
So I really think that intent and awareness are important.
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/kauer/ +61-428-957160 (mob)
GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part
More information about the Link