View previous topic :: View next topic |
Author |
Message |
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Thu Oct 24, 2002 12:16 pm Post subject: Legal Info Regarding Using Open Proxies |
|
|
Is it legal to surf the web through these proxies?
As far as we can tell, the answer is yes. The primary argument against open proxies is that their owners may not have intended for them to be used by the public. However, by running a service on a machine accessible to the public, without restricting access to that service, the machine's administrator is implicitly consenting for that service to be used by the public. A proxy server is just like a web server, an FTP server, or any other net service: if it's running and accepting connections, it's fair game. The internet is a public network.
With regard to US law in particular, 18 USC 1030 (which covers computer-related fraud and theft) applies only when the user has knowingly accessed a computer without authorization or has knowingly exceeded his authorized access on that computer. Because an open HTTP proxy, by default, allows connections and use of the service by anyone in the world, the proxy's administrator has essentially "authorized" everyone to use the service. There's no intentional bypassing of security taking place. Just as you don't need Google's express written permission to connect to google.com, you don't need a proxy admin's express written permission to use his open proxy server.
Naturally it's not legal to use a proxy for illegal purposes, but if that's your cup of tea, the proxy is probably the least of your worries!
From: http://www.winfosec.com/proxies/info.php#faq6
Last edited by ShaolinTiger on Thu Dec 12, 2002 6:59 pm; edited 1 time in total |
|
Back to top |
|
|
Jhonbus Guest
|
Posted: Sun Nov 10, 2002 2:11 pm Post subject: |
|
|
Just thought I'd post about this case which is a possible legal precedent to the use of open proxies. I can't seem to find anything about it online (not that I've looked hard - just reuters and the new scientist website) but I will quote (rip off) the article in the new scientist:
Quote: |
Guessing a Web address need not make you a hacker
IF YOU guess the address of a compan's Web page when there are no links to it anywhere on their website, are you hacking? A Swedish company thinks so.
Software developer Intentia International of Stockholm last week filed a criminal complaint against news agency Reuters, after one if its reporters guessed a URL and accessed Intentia's financial results before their scheduled release. Intentia alleges that the Reuters report on its financial performance resulted from hacking.
Reuters says that the figures were public as soon as Intentia pposted it to its Web server, whether there was a link or not. The reporter simply guessed the URL based on those of its previous quarterly reports, a Reuters spokeswoman says.
Instead of being mounted on a staging server, where a Web page can be checked and kept before bing posted to a public server, Intentia's third-quarter report was placed on the public server ahead of time. The firm intended to "release" it later by placing a link to it on its home page.
The company has since improved security, an Intentia spokesman said.
While Reuters did not break any security measires such as password protection, anti-hacking laws guard so broadly against unauthorised access that they might not help its case. Intentia maintains that Reuters' access was unauthorised.
But all docuiments on the Web are assumed to be public, says Lee Tien, staff attorney for San Fransico-based pressure group Electronic Frontier Foundation. "This is no different than someone putting something in a flimsy wrapper on the street and hoping no one will notice it."
|
I'll try to find out more about this case, and hopefully it will go in Reuters' favour.
|
|
Back to top |
|
|
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Sun Nov 10, 2002 3:03 pm Post subject: |
|
|
I think that Reuters have not done anything wrong.
What gets me is how did they know the exact address of the document if there was no link to it anywhere?
J
|
|
Back to top |
|
|
Jhonbus Guest
|
Posted: Sun Nov 10, 2002 3:25 pm Post subject: |
|
|
They guessed it because the URL was the same format as the previous releases - probably something like
q42001.html
q12002.html
q22002.html
so it's logical to guess that the 3rd quarter release is going to be published at q32002.html
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
|
Back to top |
|
|
Jhonbus Guest
|
Posted: Sun Nov 10, 2002 4:47 pm Post subject: |
|
|
So it is
Sorry, I'm new to this forum so I haven't read all the older threads yet.
Well I guess it's no harm to have a link to that here, given the parallels.
BTW, *great* forum you've got here, fellas!
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Sun Nov 10, 2002 5:51 pm Post subject: |
|
|
No worries dude, no harm done
Thanks and enjoy your stay.
|
|
Back to top |
|
|
Guardian Just Arrived
Joined: 09 Dec 2002 Posts: 0 Location: UK
|
Posted: Sat Apr 19, 2003 4:37 pm Post subject: |
|
|
I think there is room to argue and there are other issues involved.
I posted some notes at Scanning and Law and Advice Needed Urgently! regarding scanning and BF.
The same arguments apply to the use of proxies.
Use of Proxies has the additional aspect of bandwidth theft. Users using a proxy on someone else's server are utilising the bandwidth allocated and paid for the authenticated users thus limiting the legitimate use by users.
I am sure there are many who would disagree, but that is their prerogative.
Last edited by Guardian on Wed Oct 20, 2004 10:33 am; edited 1 time in total |
|
Back to top |
|
|
o0O-neo-O0o Just Arrived
Joined: 20 Apr 2003 Posts: 0 Location: London UK
|
Posted: Wed Aug 27, 2003 2:14 pm Post subject: |
|
|
Jhonbus wrote: |
Just thought I'd post about this case which is a possible legal precedent to the use of open proxies. I can't seem to find anything about it online (not that I've looked hard - just reuters and the new scientist website) but I will quote (rip off) the article in the new scientist:
Quote: |
Guessing a Web address need not make you a hacker
IF YOU guess the address of a compan's Web page when there are no links to it anywhere on their website, are you hacking? A Swedish company thinks so.
Software developer Intentia International of Stockholm last week filed a criminal complaint against news agency Reuters, after one if its reporters guessed a URL and accessed Intentia's financial results before their scheduled release. Intentia alleges that the Reuters report on its financial performance resulted from hacking.
Reuters says that the figures were public as soon as Intentia pposted it to its Web server, whether there was a link or not. The reporter simply guessed the URL based on those of its previous quarterly reports, a Reuters spokeswoman says.
Instead of being mounted on a staging server, where a Web page can be checked and kept before bing posted to a public server, Intentia's third-quarter report was placed on the public server ahead of time. The firm intended to "release" it later by placing a link to it on its home page.
The company has since improved security, an Intentia spokesman said.
While Reuters did not break any security measires such as password protection, anti-hacking laws guard so broadly against unauthorised access that they might not help its case. Intentia maintains that Reuters' access was unauthorised.
But all docuiments on the Web are assumed to be public, says Lee Tien, staff attorney for San Fransico-based pressure group Electronic Frontier Foundation. "This is no different than someone putting something in a flimsy wrapper on the street and hoping no one will notice it."
|
I'll try to find out more about this case, and hopefully it will go in Reuters' favour. |
In responce to this and after reading it i thought about it and Routers are right
anyone could of got this info and not by guessing the URL either
the trusted good old "google hack" would of found these results in one hit
LOL
so no one is hacking here - if you ask me - maybe being a little sneaky and maybe a little cheeky but if it is on the web it is public domain and if you didnt secure against the google hack its your fault (hardline way of thinking i know) anyone one care to take me up on this and discuss further ?
email me --> o0O-neo-O0o@filetopia3.com
thanks
|
|
Back to top |
|
|
o0O-neo-O0o Just Arrived
Joined: 20 Apr 2003 Posts: 0 Location: London UK
|
Posted: Wed Aug 27, 2003 2:18 pm Post subject: |
|
|
jasonlambert wrote: |
I think that Reuters have not done anything wrong.
What gets me is how did they know the exact address of the document if there was no link to it anywhere?
J |
ok ok here is how it is done...
go to google and type the following
inurl: and any text you want here (what ya searching for)
ie "inurl:3Aq42001.html"
and that will give you this
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=inurl%3Aq42001.html
now spend enough time looking through those links and tell me if ya find the doc they wanted not to be found
LOL
for more info on the GooGle hack do a search on google and read up about it - it is a very interesteing read!!
|
|
Back to top |
|
|
ryansutton Trusted SF Member
Joined: 25 Aug 2004 Posts: 67 Location: San Francisco, California
|
Posted: Thu Sep 30, 2004 11:26 pm Post subject: |
|
|
Guardian wrote: |
I think there is room to argue and there are other issues involved.
I posted some notes at Scanning and Law and Advice Needed Urgently! regarding scanning and BF.
The same arguments apply to the use of proxies.
Use of Proxies has the additional aspect of bandwidth theft. Users using a proxy on someone else's server are utilising the bandwidth allocated and paid for the authenticated users thus limiting the legitimate use by users.
I am sure there are many who would disagree, but that is their prerogative.
|
In reference to your comment about bandwidth, that does not apply in this situation as (already stated) the document was on a web server. Now if this was a private or restricted server you would have a valid point, However if you have something stored on a public server AKA www.mydomain.com/whatever then you cannot single out certain people and say they can't access it as it is public.
|
|
Back to top |
|
|
|