Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Gov Says Existing Laws Enough to Fight Cybercrime

Hemos posted more than 14 years ago | from the who-are-the-evil-guys dept.

The Internet 128

pluteus_larva writes "According to this CNN story, an interagency report released by the Clinton administration claimed there is no need for new laws to prosecute the bad guys. Apparently lots of "top industry executives" were involved in the outcome of the report; Janet Reno was flanked by Commerce Secretary William Daley and some lawyer from AOL at the press conference where the report was released. "

cancel ×

128 comments

Sorry! There are no comments related to the filter you selected.

now isn't that special (1)

DarkClown (7673) | more than 14 years ago | (#1211790)

I spend a week unfucking and securing a network that a script kiddy got a hold of and the fbi's response is basically 'we don't get involved in anything where less than $40k damage happened.' What's the recourse? Getting someones dial up account cancelled by kerking around with their isp? Whoopty doo......

Here's a Real Crime (5)

mochaone (59034) | more than 14 years ago | (#1211791)

Rob Malda is selling us out. I found these following cookies that slashdot stores:

religion
soc_sec_num
mothers_maiden_name
income_bracket
sexual_orientation

You guys can mod me down for being Off-Topic all you want. I don't give a damn about karma. I want an answer as to why those cookies are being stored and where Rob Malda is getting the information. You people need to know this. Don't blindly mod me down without thinking about the ramification.

Clinton's a walking Kludge (2)

Iron_Slinger (126682) | more than 14 years ago | (#1211792)

Let's not prosecute or even investigate internet attacks, we might find out that China is the one committing the crimes. We wouldn't want anyone to limit Clinton's second income. Of course we do need at least a billion more gun laws that don't do anything.

So... (1)

hetfield (129762) | more than 14 years ago | (#1211793)

What about the crackers from other countries? The Russians 'claim' to be able to crack any US server at any time they want. How will we prosecute them? This is all just a bunch of crap designed to make big business feel better. In reality the government doesn't have a whole lot of options when it comes to crackers. They'll just keep using "reports" like this and examples like Kevin Mitnick to scare potential script kiddies.

What I'd like to know is what would happen if I set up a server running Linux on an IP from my ISP and it is cracked into. Will Janet Reno and her crack crew of lawyers spring into action for me? Doubtful.

New Laws (2)

palutke (58340) | more than 14 years ago | (#1211794)

This may be a good thing. I'd rather have no new laws than a law that is poorly thought out and just gives federal people a legal justification to invade my privacy.

Wild West Web? (3)

DaveHowe (51510) | more than 14 years ago | (#1211795)

Hmmm. It's nice to see that the americans are starting to come to their senses about the web - it is good, it is big, but it is essentially another form of communication, like telephones and post, and can be dealt with accordingly.
I *would* question their assumption that all web-criminals are also likely to be american though - not only is it insulting to americans, but may lead law enforcement into a false sense of security - give it to the FBI, they will track down the varmit no matter which state he hides in :+)
--

Thank G-d, For Once We Have "No New Laws" (4)

Fleet Admiral Ackbar (57723) | more than 14 years ago | (#1211796)

How wonderful that the government decides, for once in its existence, that no new laws are needed. Given that existing federal law permits the FBI to drive a tank through the side wall of your home and CS gas you until you suffocate and die, I would hate to see what the "new" laws would provide. Perhaps the freedom to cook up a little "Crystal Night" of your own...

I still maintain that the government should leave the Net alone. If there are no laws to let lax security administrators have the post-coital satisfaction of having skr1pt k1ddy5 hanged, at least we don't have to, say, have equal racial representation in every photo posted in a corporate website. Government intervention, like stuffing a hamster up your own ass, seems like a good idea intially, and can even feel good for a moment, but when the beast goes crazy it's a world of pain and sadness...

Nice... (2)

Millennium (2451) | more than 14 years ago | (#1211797)

Now, all we have to do is hope the government takes this report seriously.

Once they've stopped making bad new laws, they can work on fixing the bad old laws, so that they catch the bad guys without interfering unnecessarily with the good guys (which they do now).

It's not as much of a good step as, say, repealing UCITA and declaring all mandated filtering unconstitutional, but it's a good step nonetheless.

I don't have those cookies (1)

Gothland (34482) | more than 14 years ago | (#1211798)

I moderated you down in another thread, and by responding here, I'm giving up my ability to do it again.

The reason you were moderated down in my case is because I have no such cookies.

Perhaps what you have is the remnant of last year's April Fools joke. I hear there were some questionable cookies in that.

I've looked at your user info, you seem well-meaning, merely misinformed. That's why I'm not moderating you down again.

Of course there are (2)

smoondog (85133) | more than 14 years ago | (#1211799)

You know, its funny, really, that government thinks there are enough laws to fight cybercrime. I'm sure that this isn't a statement about the laws that exist, but a statement about the ones that don't. Does anyone know of good laws that fight cybercrime without throwing privacy out the window? Neither does government, and this is just a reflection of that. Punishment is certainly harsh enough, when someone who just mentions an attack can make front page world news.
-- Moondog

scary thought (1)

jmorse (90107) | more than 14 years ago | (#1211800)

Now, I guess this just means that existing law is repressive enough... It's not the government's job to maintain network security. That's a form of corporate welfare.

Huh? (1)

cprincipe (100684) | more than 14 years ago | (#1211801)

What the fsck are you talking about? Why the hell would slashdot need or store these cookies? Where did you find them in the first place?

All this government talk (5)

Dungeon Dweller (134014) | more than 14 years ago | (#1211802)

All of this government talk has me more than a little bit concerned.

A lot of this legislation is completely misguided, and often rooted in the hands of people who are completely clueless about what they are talking about in this area.

Many of the government's decisions in relation to anything computer related of late have seemed irrational, misguided, and harmful. Much of which shows a high degree of paranoia, and a lack of knowledge about the subjects at hand.

I hate to see a politician stand up at a podium and spout about how our world is at the mercy of "hackers." Or how "dangerous" those damn DoS attacks were a couple of weeks ago.

If this doesn't stop, this world won't be a safe place for anyone, us in particular. We'll have big software corporations that can shut down our computer for not renewing a site license on their screensaver package, they already passed the ever damned UCITA in my state (Virginia), people will be able to seize my computer because my third cousin was suspected of using a banned encryption algorithm in his sappy love letters to his girlfriend, and in general, we'll take a nice smackdown every day and beg for more because everyone who votes will be too dumb to figure out what the hell any of this means, and they'll cry when someone says "HACKER."

Ok, this is probably a bit much. But still, even talking like this, and showing this much ignorance, and passing misguided laws that smack of a lack of understanding and paranoia... It just irritates me.

A reversal that quick? (2)

Rares Marian (83629) | more than 14 years ago | (#1211803)

Between the flaming and crusading did anyone notice that that's the opposite Reno said like yesterday:http://www.theregister.co.uk/000309-0000 11.html

Here's one less DDoS conspiracy theory... (1)

Enoch Root (57473) | more than 14 years ago | (#1211804)

According to one of the conspiracy theories that made the rounds immediately following the DDoS attacks, the attacks were secretly coordinated by Clinton's administration in order to cause a flood of panic in businesses that would lead to a toughening of cyberlaws and the imposition of a cyber-New World Order. Ah, drat... I guess this report means it's not true.

Another conspiracy theory shot down in flames... Along with the theory that the Y2K panic was another such opportunity for the US Gov. The Right-Wing needs to review their conspiracy cookbooks!

On a side-note, I first read the title as, 'GoD Says Existing Laws...' Guess watching God, the Devil and Bob left a mark on my impressionable mind. :)

Re:Huh? (2)

mochaone (59034) | more than 14 years ago | (#1211805)

This is lifted directly from my cookies file. The interesting this is Ionly have these cookies on my work PC (NT) but I don't have them on my Linux box at home:


.slashdot.org TRUE / FALSE 1238366381 religion 9588955.83171397

.slashdot.org TRUE / FALSE 1238367387 soc_sec_num 4333867.61695147

.slashdot.org TRUE / FALSE 1238374397 mothers_maiden_name 7192354.57945615

.slashdot.org TRUE / FALSE 1238374457 income_bracket 5040447.43720442

.slashdot.org TRUE / FALSE 1238374543 sexual_orientation 3360304.50649559


I don't know why slashdot would need these cookies. That's why I'm asking. I've sent Rob an email. I just wanted to give everyone else a heads up in case they have the same cookies.

What no "Net Force"? (1)

Saltine Cracker (116414) | more than 14 years ago | (#1211806)

I guess this means it will be a while before we see a real life version of Tom Clancy's Net Force implemented.

Maybe someday the powers that be will wise up and realize that they aren't the only ones who have to worry about information security.

The alternative being? (2)

Christopher B. Brown (1267) | more than 14 years ago | (#1211807)

Did you have any expectation that they'd set up legislation that would mandate that if your PC gets hacked,
Janet Reno and her crack team of commando lawyers spring into action?

I don't even consider their rejection of creating new legislation to be "putting their heads in the sand." It is not an unreasonable idea to try to apply the existing laws.

It's fairly silly when legislators make up new legislation (that will never be enforced) in order to make it look like they're doing something about a problem to which existing laws ( that are also not being enforced) already apply.

Add in appropriate levels of cynicism as needed...

Re:Here's a Real Crime (3)

John Fulmer (5840) | more than 14 years ago | (#1211808)

> Rob Malda is selling us out. I found these
> following cookies that slashdot stores:

Yeah, right.. You forgot one though...

is_idiot

It's a boolean cookie....

> I want an answer as to why those cookies are
> being stored

Rob is actually a lab mouse and this is all part of his master plan to take over the world..

> and where Rob Malda is getting the information.

He gets his info from Santa Claus [santa.com] , of course. Santa runs a huge database in conjunction with Doubleclick and Microsoft to track everyone and find out if they're naughty or nice. Much easier than the old fashioned way.

Santa knows EVERYTHING!

Puh-LEEZ.

Re:Here's a Real Crime (0)

Anonymous Coward | more than 14 years ago | (#1211809)

Well, let's see what kind of cookies I have.... WTF? I don't have ANY cookies! Did somebody take my cookies? Oh, no. I wonder if... oh, yep... I'm not accepting any cookies. Well, I guess I don't have to worry about that, now do i?

Re:Thank G-d, For Once We Have "No New Laws" (1)

palutke (58340) | more than 14 years ago | (#1211810)

Government intervention, like stuffing a hamster up your own ass, seems like a good idea intially, and can even feel good for a moment, but when the beast goes crazy it's a world of pain and sadness...

I must say that that's one of the most disturbing analogies I've heard in a while.

Oh yeah, thank God (1)

Dungeon Dweller (134014) | more than 14 years ago | (#1211811)

Oh yeah, I meant to say "Thank God they said this"...BUT, also, a lot of the application of existing laws is misguided, and will lead to the downfall of western civilization :-) Also, to hear Reno and a bunch of others talk a few weeks ago, what do you think? Right...

Re:I don't have those cookies (1)

mochaone (59034) | more than 14 years ago | (#1211812)

Thanks for the explanation. You have to understand that seeing those cookies is very disturbing to say the least. I hope it is some kind of joke. I just wonder why they weren't deleted if it was intended as a joke.

Haha, good sutff (3)

whoop (194) | more than 14 years ago | (#1211813)

For this administration, there can never be too many laws. Just wait until Mr. Gore discovers that this beast he created is far too evil. I picture a McCain sort of moment at a town hall meeting, a mother in tears steps up to a microphone and tells the horrors her family went through because little Jimmy was on a chat room and some old guy sends them a nude picture of himself.

Then the Internet will be upgraded to the status guns and tobacco are today. Who cares if the Columbine boys broke some 20ish laws, or if the drug addict mom/uncle of the Michigan six year old would ever pay attention to laws? Politicians will get up to their podiums during this race and proclaim more laws to not be enforced. No report like this will live long when it's an election year.

Lobbying at its finest (1)

Xafloc (48004) | more than 14 years ago | (#1211814)

This has to be a perfect example of lobbying at its finest. I mean how many of you think Bill Clinton would pass on creating any new laws to restrict the people. If it werent for the fact that his buddy Al Gore is running for office, you can bet this article would be reversed.

The fact that AOL/Time Warner had anything to say about it, Im sure means nothing *grin*.

Makes me wanna toss my cookies! (2)

jabber (13196) | more than 14 years ago | (#1211815)

mochaone is right..

I have the following cookies:

slashdot.org FALSE / FALSE ######### income_bracket #########.#########

slashdot.org FALSE / FALSE ######### high_school_gpa #########.#########

slashdot.org FALSE / FALSE ######### sexual_orientation #########.#########

slashdot.org FALSE / FALSE ######### mothers_maiden_name #########.#########

slashdot.org FALSE / FALSE ######### last_time_you_brushed_teeth #########.#########

slashdot.org FALSE / FALSE ######### soc_sec_num #########.#########

slashdot.org FALSE / FALSE ######### iq #########.#########

slashdot.org FALSE / FALSE ######### religion #########.#########

slashdot.org FALSE / FALSE ######### visa_num #########.#########

I can sort of understand the interests in my VISA #'s, and religion and stuff... But the last time I brushed my teeth is my own gosh-darned business Malda!!

Doesn't this seem strange? (1)

sandidge (150265) | more than 14 years ago | (#1211816)

Okay, they say they don't need new laws to prosecute/catch cybercriminals, yet, as this article [wired.com] stated (I think nthis was also on /. the other day), they want to possibly eliminate privacy online? Isn's this a little weird/stupid or am I the only one?

Re:Here's a Real Crime (1)

mochaone (59034) | more than 14 years ago | (#1211817)

there's no need for that.

But... (0)

Anonymous Coward | more than 14 years ago | (#1211818)

are the existing laws enough to make sure that I get the -1 I so richly deserve.

Randy West web... (0)

Anonymous Coward | more than 14 years ago | (#1211819)

nuff said.

Re:now isn't that special (1)

lar (148557) | more than 14 years ago | (#1211820)

It's early and this is off the top of my head, so, if it's too stupid, be kind...

Why don't the corporations start paying these hackers who do these types of things? If you think about it, the only thing this "script kiddy" did, in the big picture, to your network was make it stronger. Sure, he made you work hard for a weekend, but, if you're network was weak enough to go down from this in the first place, it was going to happen eventually. And now, I'm sure, you got the network back up, and at sufficient enough strength to withstand the same kind of attack in the future.

Here's what I see (right now):

So the businesses start paying these types of hackers. Networks go down all over the place as hackers succeed in their job. Alright, so that's a negative for the businesses. However, it's also a plus. It's better to have your security breached by someone on your payroll than by someone whose sole purpose is malicious. Businesses then pay their sysadmins to work out these security problems. Networks get stronger everywhere. Less networks get hacked into. Security improves everywhere.


The biggest advantage I see to this, though, is not the security. By making the general hacking of a network acceptable by paying hackers to do it, it becomes easier for businesses and the government to prosecute those people who do do it for malicious purposes. And to make it encompass everybody (as in, make anyone who hacks your network susceptible to this), the hackers aren't employees of any one company. Instead, it could be more of an at large type thing.

Look at it this way: If you're paying someone to break your system, it becomes only a matter of an employee stealing company files when this person (who is getting paid to hack) hacks into something vulnerable and steals credit card numbers (or whatever). The prosecutors don't have to worry about internet law anymore; they already have all the precedent they need with normal business/employee law.

I'm sure there are a lot of problems in this, but it's an idea worth discussing further, I think.

==

Stop being a dick... (0)

Anonymous Coward | more than 14 years ago | (#1211821)

and spell out God's name.

This is great! (2)

Ogre332 (145645) | more than 14 years ago | (#1211822)

I guess this means I can keep right on building my 600+ full album mp3 collection. not to mention i can now rest assured that i will never have to actually buy software again. thank god for democrats!

That CNN Story is a little off... (5)

ATKeiper (141486) | more than 14 years ago | (#1211823)

Check out the C|Net version [cnet.com] of the story or the Wired version [wired.com] and you'll see that the goverment is still at least considering new rules and regulations - including some that would severely threaten the online anonymity we all take for granted.

You can read the DOJ report for yourself here [usdoj.gov] . CNN is somewhat correct - it does say that "existing substantive federal laws appear to be generally adequate." However, it emphasizes the dangers to security posed by anonymity, and it does not shut the door on new laws.

We've got an archive of other related articles on our Law Enforcement Online [tecsoc.org] page.

A. Keiper

Just my .02$ USD (3)

Dr Caleb (121505) | more than 14 years ago | (#1211824)

New laws just mean more people will be guilty of something. What people should be focusing on is prevention. Due dillegence my friends!

Where I live, there is still a law that says if the Sherrif asks you to leave town, he must provide you with a horse with saddle and blankets, bedding, a weeks tack and a 30-30 rifle with 10 rounds of ammunition. Imagine trying to enforce that one!

New laws in the US just mean more people from outside the US will be hacking US servers. "But the FBI will haul their asses in." Yea right. Let's see the FBI arrest someone from Cuba, China, or Russia! *[Ooooh we're breaking US laws!] *translated from Mandarin

It's good to see they aren't going to waste their time with more laws that won't work. What they need to push are sites that deal with security! How to lock down those B2B servers!

Noooo.... (0)

Anonymous Coward | more than 14 years ago | (#1211825)

but have a Biscuit you so richly deserve...

Have you tried Powdermilk Biscuits?
My, they're tasty, and expeditious...

thank you.

Re:Nice... (1)

filbo (147228) | more than 14 years ago | (#1211826)

Uh, the UCITA has yet to be enacted anywhere. Furthermore, uniform acts are designed to be enacted as state law, not federal law (e.g., uniform partnership act, uniform trade secret act, uniform common interest development act). The federal government is really powerless to do much about the UCITA, unless it passes a similar act that would preempt the UCITA, which is somethign that Congress doesn't do on a very frequent basis.

freedom and liberty is so new (3)

coyo (126580) | more than 14 years ago | (#1211827)

All in all, I'm impressed by the report's conclusion. What worries me still is that more laws will be pushed forward anyway.

Freedom and Liberty have been known about for quite some time, but we've not been a free country very long. Civil rights were won in the sixties. That was not so long ago. We've been talking the talk for quite some time, but we've only started to tiptoe the walk of freedom.

The net is a new opportunity. We have a great idea, we take for granted that it is free. No, that is not quite the truth. We feel sorrow and anger when someone threatens are ideal perception of what the net is. There is nothing intrinsic about the net that makes it free. It was simply largly constructed by scientists and engineers who are used to free exchange of ideas and aren't quite the control freaks a lot of these well meaning normals are.

We'd rather be a free people than not. I think when asked, even many in the government would prefer that. I see a lot of anti-government posts here, and I get the feeling from their hostility they would rather have a government that they can yell at and be angry at than not. Strange to me. I don't like to be angry.

-coyo

It was a joke... (3)

Mark F. Komarinski (97174) | more than 14 years ago | (#1211828)

I caught them a few months ago and realized they were a joke. I wrote CmdrTaco about it, and he said it was part of an April Fools joke. I figured everyone else knew about it and I just missed it till November.

Guess it was that obscure.

because you're a brainless fucking imbecile. (0)

Anonymous Coward | more than 14 years ago | (#1211829)

You have to understand that seeing those cookies is very disturbing to say the least

what i "understand" is the fact that you are a fucking moron.

I just wonder why they weren't deleted if it was intended as a joke.

because, you wretched bottom-feeding invertebrate, it's so obviously a fucking joke that everybody on earth gets it except for you and your asshole friend who moderated it down elsewhere!

get it? it'a a joke. it's an obvious joke. it's a funny joke.

how the fuck is your fucking web browser going to fucking know your fucking social security number and your fucking sexual preference?! IT IS NOT POSSIBLE TO DO THAT.

YOU ARE A GODDAMN CREDULOUS BABOON.


you have a brain the size of a pea. you're too fucking stupid to walk upright. your descendants a hundred million years hence may possibly develop opposable thumbs, but don't bet on it.

Re:It was a joke... (1)

mochaone (59034) | more than 14 years ago | (#1211830)

thanks for that info. Rob sure has a weird sense of humour. The least he could have done was delete the cookies.

Sigh (5)

Ross C. Brackett (5878) | more than 14 years ago | (#1211831)

The attorney general likened the current dilemma to a modern day "Wild West."


"Perhaps it's a little like the Wild West in the development of America [with some] who say, 'Let not government be involved.' But there was also the marshals and Wyatt Earp and others who brought some order to it."


The Wild West indeed. Allow me to extend your metaphor, Ms. Reno.

For many years before the West was Wild, Native Americans lived there in relative peace and harmony with the earth and each other. There was no money. There was no need for written laws. Then, profit-seekers, outcasts and jerks from the east decided to head west to seek their fame and fortune. When they arrived, they walked around the place like they owned it, imposing their laws and ideologies; taking more and more away from the native peoples, until the land was no longer theirs at all.

Sound familiar?

We were here first, Ms. Reno. The US government didn't need to pass any laws that were specific to the Old West. Just imposing existing US law then was enough to ruin it for the original residents. Now how does that saying about history repeating itself go?

Umm... (1)

DrgnDancer (137700) | more than 14 years ago | (#1211832)

Mybe I am reading this worng, but aren't those boelean values, an thus completely inappropriate for storing the data listed (Religion = true, huh?). Probably a joke.

Re:now isn't that special (1)

um... Lucas (13147) | more than 14 years ago | (#1211833)

IBM does this already.

There's lots of paperwork that needs to be filled out, since in many times trespassing a computer network is a crime in and of itself, so IBM makes sure they won't be held liable.

But the point is, they exist. It should be a companies decision to hire them or not, not just if some bored kid decides to break into your system, then ask for a paycheck..

I think in most cases, as long as a server asks for a password, to proceed any further without the owner or administrators consent is and should be wrong and illegal.

Don't say that hackers are benevolent.... Even if they do nothing but poke around, it should still be up to the company in question as to whether or not they have their security audited.

fishy... (1)

Anonymous Coward | more than 14 years ago | (#1211834)

This smells like an election year stunt. I don't believe that they are sincere. Just last week they were attacking "cyber-terrorists" and calling for more law enforcement powers and the end of anonymity. This is nothing more than trying to make friends in the tech sector for Al-Gore Jr. If he gets elected, he'll be back on the Internet control bandwagon the next day.

Re:Huh? (0)

Anonymous Coward | more than 14 years ago | (#1211835)

heh heh, you sly fuck.

you're good. :)

Gov't still needs to clarify issues. i.e., USENET (0)

Anonymous Coward | more than 14 years ago | (#1211836)

Here's a scenario:

(1) someone posts kiddie pr0n to comp.os.linux.misc
(2) anonymous tipster says, "I (meaning the ISP I run) have kiddie pr0n on my machines".
(3) Feds kick down my doors, sieze all my equipment, etc.
(4) Search results, well, yes officer, there's pron there. I didn't put it there. Yes officer, I forwarded it. I forward all incoming news traffic. There's easily 1GB of articles flowing through the net pipe per day. I can't screen it all.
(5) Local papers runs rticle of how evil pedophile (me) is busted and how kids are just a little safer today.
(6) Months/years later, conviction is finally overturned. News media makes no apology. I get no (working) equipment back. I get no compensation for lost business. My name still stands in ruins.

ISP's need to be granded official "common carrier" status from the gov't. It's not enough that gov't usually won't prosecute, or that convictions get overturned or charges dropped. THE LAW NEEDS TO BE CHANGED TO PROTECT ALL 3rd PARTY CARRIERS/FORWARDEDS OF NET TRAFFIC. Of course, any attempt to do so will be labeled as "supporting pedophiles and perverts" so no one will vote for such a bill. *sigh*.

Re:scary thought (1)

number_six (160080) | more than 14 years ago | (#1211837)

You know, you're right. It's not government's job. It's Pinkerton's job to enforce network security.

It's government's job to see to it that the Pinkerton employees have ergonomic rubber hoses and clubs, to prevent RSI.

A few new laws would be useful (3)

frinsore (153020) | more than 14 years ago | (#1211838)

I'd rather have new laws that are well thought out and do what they're supposed to then no laws at all.

I'd like laws that protect my personal information and privacy, yes some old laws cover this but they don't cover the scope or were not written with the abibity to transfer mass amounts of data with little effort.

I'd like laws that prosecute faulty software. Software that doesn't do what it's supposed to or does something more then it's supposed to. I'd like a law the outlaws net taxs, most net sales still use UPS or such, wouldn't be easier to tax them?

I'd like the laws to be enforced by the UN so there isn't any jurisdiction crap, if someone in the US steals credit cards from germany I'd like there to be just one jurisdiction it falls under, not multiple.

I'd like investigators to just copy my hard drive rather then impounding my computer, or atleast give me the dollar value of my equipment when it was impounded.

I'd like a law that says any crpto that can be cracked wasn't a good one in the first place and it's the corperation's problem for not protecting their data.

I'd like to own anything that resides on my computer, if I want to decompile a filtering software to see what it filters, I should be able to.

But most of all I'd like only as many laws as needed to protect the people on the net, not the corperations.

oh, dammit. i owe you an apology. they're there. (0)

Anonymous Coward | more than 14 years ago | (#1211839)

right fucking there where you said they'd be. shit, this is embarrassing. i was wrong and i apologize.

it's worse than embarrassing, it's ridiculous! what the fuck?! i mean, hello, isn't this site supposed to be about the community? doesn't rob frequently post stories thrashing anybody who deals dishonestly with the community? he sure does!

so rob is sitting back on his stock options, making money hand over fist by attacking people who abuse the community -- while he's abusing the community himself in a really outrageous way.

dammit, i think we deserve an explanation here!

Who is this mystery "top AOL lawyer"? (3)

SnatMandu (15204) | more than 14 years ago | (#1211840)

Does it bother anyone else that Reno has been touring with this "top AOL lawyer"? I dunno, I just get this mental image of a demonic figure standing in the shadows just to the rear-left, his eyes glowing a pale red...

I understand why AOL is interested in the prospect of new legislation, but to be making public appearances? Does the Administration think that this corporate poster-boy lends them some credibility or something? I'd feel better about seeing John Perry Barlow.

Re:because you're a brainless fucking imbecile. (1)

mochaone (59034) | more than 14 years ago | (#1211841)

My God, you are one angry, bitter person. I feel sorry for you. You must be a very unhappy, unsatisfied person. Hopefully, things will start looking up for you.

As to your comment regarding the obviousness of the cookies being a joke, I apologize for not knowing Rob's sense of humour.

As to your assertion that it's not possible for slashdot to know my personal information, you may technically be correct on that. But if you've been following the doings of DoubleClick, there are ways to match your information to databases of info that do have your personal information.

Re:Thank G-d, For Once We Have "No New Laws" (0)

Anonymous Coward | more than 14 years ago | (#1211842)

Government intervention, like stuffing a hamster up your own ass, seems like a good idea intially, and can even feel good for a moment, but when the beast goes crazy it's a world of pain and sadness...

Oh my ghod, that's funny. ROTFL!

Man, are you wrong (0)

Anonymous Coward | more than 14 years ago | (#1211843)

Reno and Dailey are demanding 100% traceability of all email, ISPs must hang on to logfiles, and packets must provide real time identification of originator.

And both want more laws to implement and enforce "accountability." Even the ACLU, Clinton lovers to the end, are protesting this.

This article is so totally wrong. Nobody considers CNN a credible source. What planet are you people living on?

Current laws convenient for hiding other things (2)

RancidPickle (160946) | more than 14 years ago | (#1211844)

While old laws can be used to prosecute, what does need to happen is the laws need to be made uniform and not at the mercy of uninformed technophobes. If Johnny gets nabbed running script kiddie files on Corporate Server, then the punishment should be relatively uniform and reasonable.

I hate using a cliche, but take the Mitnik case. He got nabbed doing nasty things or having someone else's data. Yes, he should've gotten his peepee slapped. 3 years probation, requirement that he goes to school or secures gainful employment, and maybe 30 days in the local slammer. 4 years? Imbecilic.

I noticed that Ryan said he and his colleagues in the Information Technology Association of America are committed to working with the government "to balance the privacy interests" of users with the need to find "those who seek to abuse it." What about privacy abuses like Doubleclick's tactics? How about companies like Symantec secretly sending out data about your computer? (See previous story about Peacefire for details)

Someone up the thread noted that the FBI won't get involved when the theoretical loss was less than $40K. No wonder the losses are artificially inflated! I bet, though, that these companies that scream they lost millions will 'forget' to include the loss when they report their data to the FTC or shareholders, which is also illegal and against FTC regulations. As an example, I give you Sun Corporation... They said Mitnik ripped off millions, but did not report it to the FTC or shareholders. What happened? Not a damn thing.

As an aside, I am not a Mitnik fanatic, I just used the examples because I was familiar with them.

Re:Doesn't this seem strange? (1)

number_six (160080) | more than 14 years ago | (#1211845)

Correction: "They" want to eliminate anonymnity online. That's different than privacy.

Anonymnity is the freedom to wear a ski mask (even if you have obvious bulky items under your trench coat) when withdrawing money from your savings account.

Privacy is not having to go through a strip-search every time you enter the bank lobby.

They are very different things.

Re:Clinton's a walking traitor (0)

Anonymous Coward | more than 14 years ago | (#1211846)

dang straight. you know, when people figure out just how bad Clinton sold us out to China, he will be charged for treason and executed for the traitor he is.

Re:Sigh (0)

Anonymous Coward | more than 14 years ago | (#1211847)

Ms. Reno will rape the internet [expage.com] just like the indians were killed off their land. Its all about the "gold."

Re:scary thought (1)

Stary (151493) | more than 14 years ago | (#1211848)

Now, I guess this just means that existing law is repressive enough...

Yes it is.

It's not the government's job to maintain network security. That's a form of corporate welfare.

Isn't that kinda like using "it's not the government's job to maintain house security" as a reason to not have laws against burglaries?

Re:now isn't that special (3)

DarkClown (7673) | more than 14 years ago | (#1211849)

If you think about it, the only thing this "script kiddy" did, in the big picture, to your network was make it stronger. Sure, he made you work hard for a weekend, but, if you're network was weak enough to go down from this in the first place, it was going to happen eventually. And now, I'm sure, you got the network back up, and at sufficient enough strength to withstand the same kind of attack in the future.

That is true, and is what I pointed out to the client - 'you may be in a bit of a huff from this happening, but you are better from it.'

In this particular case I was brought in as a consultant by a nonprofit organization, so I didn't charge my usual rates. What really ticked me off was law enforcement's unwillingness to help a non-corporate entity solely because of a lack of sufficient financial damage. That's not what they're about - making money - but they were significantly crippled operationaly, and needy people were hurt by it.
As a side note, another aspect that pissed me off about the episode is why it happened: an older gentleman that does most of their tech stuff thought he would give linux a try as their file server in a windows environment and was delighted that he was able to get it configured and working by himself without much pain.... well, he simply had no idea that the red hat installation had opened up ports he just didn't need (or what a port is for that matter) and that by default it is pretty freaking insecure after installation. So he got a bad impression of linux. I explained that NT was flawed by a factor more, but it ticked me off a bit. Open bsd and linuxppc seem to have the right idea in having most services basically shut down until someone comes along and enables them. Mandrake, I've noticed, has a security level setup as part of their install - I hope to see this kind of thing become more of a standard....

Holy pessimism, Batman (1)

Wraithlyn (133796) | more than 14 years ago | (#1211850)

If I had a penny for every time I read a "This is all just a bunch of crap" comment...

This isn't a bunch of crap, this is life. A few days ago everyone was decrying the DMCA for being a bunch of crap designed to solely benefit big greedy corporations. Now the Clinton administration states that existing laws are sufficient, and THIS is a bunch of crap done for the businesses.

Not to mention the 20 some odd completely irrelevant posts about cookies I read through. I'm starting to forget why I visit this place so much :) I'm not trying to be an asshole but I think there's more "crap" in this here thread than the new report that this forum is supposedly about. /RANT (This is a relatively early post.. I have faith there will be lots of good content in this thread given a few hours to simmer.)

"The world is changing every day; the only question is who's doing it.

Re:Of course there are (1)

um... Lucas (13147) | more than 14 years ago | (#1211851)

I think that trespassing, larceny, and breaking & entering pretty much 99% of cybercrime... Just stick the term "computer" in front of each of those, think up some suitable penalties, and that sounds like a reasonable penal system.

That doesn't throw privacy out the window.

Nor does mandating that all ISP's set up their machines to log who has which IP address in the event that one day the FBI needs to track down the next great DDOS d00d... It's really not that bad, i don't think, so law as everything is phrased correctly.

Rather than lobby against any and all government intrusion on the internet, which is going to happen no matter how much every doesn't want it to, why doesn't everyone think together, try to figure out what they're trying to accomplish (no super-conspiracy theorists, please!) and work with them to ensure that they can have what they want while we keep what we want?

Re:oh, dammit. i owe you an apology. they're there (0)

Anonymous Coward | more than 14 years ago | (#1211852)

It only takes a few wired psychotic morons to ruin a whole article. Congrats. No, I mean that. Really.

Re:Huh? (1)

mochaone (59034) | more than 14 years ago | (#1211853)

dude, I'm being very serious. I'm not trolling, honest ! It appears that it was a big April Fool's joke that I missed. I usually don't pay attention to cookies but I'm very recently become interested in them.

Yet another cliched view of native americans (4)

rambone (135825) | more than 14 years ago | (#1211854)

For many years before the West was Wild, Native Americans lived there in relative peace and harmony with the earth and each other. There was no money. There was no need for written laws.

This is utter and complete claptrap.

Indian cultures warred on each other with great ferocity. Indian agriculture resembled closely what we refer to as "strip farming".

In other words, they were real people with as many faults and warts as their European invaders, who were simply better armed.

Please folks, don't get your image of native Americans from John Wayne films.

Re:freedom and liberty is so new (3)

Stonehand (71085) | more than 14 years ago | (#1211855)

We'd rather be a free people than not? I'm not so sure of that, at least in the absolute sense. I seem to recall that in the general populace, there *isn't* a lot of outrage when fundamental freedoms like those guaranteed by the Bill of Rights are grossly infringed upon. We note, for instance, that the first amendment requires that the freedom of speech will not be abridged. This does not specify only *popular* speech. This does not specify only *friendly* speech. It means *all* speech. That includes bigots, radical Stalinists, fascists, the criminally insane, and what not. This includes hostile speech. This includes practically everything short of slander or speech that violates contractual agreements like oaths of secrecy, and certain immediate safety issues like pretending to hijack a plane, all of which tie into other offenses.

Is there outrage 'bout this, in general? Not really. We've got a climate where, apparently, encouraging sensitivity has precedence over freedom.

If memory serves, the President has been rather intellectually dishonest in blatantly exploiting the case of the Michigan juvenile shooting, calling for measures that, according to rational thought, would be irrelevant -- considering that the shooting was not an accident, and that the main actors were not exactly law-abiding citizens of the sort to, regardless of law, have proper keeping of their firearm(s). I've not seen a lot of outrage 'bout this, either.

If you, say, listen to Brokaw or Rather, then we might conclude that the plight of a river salmon, is worthier of a spotlight than anything that might in the slightest jar people out of their complacency regarding the Constitution.

THIS sort of behavior, by both media outlets and the Government, has earned at LOT of distrust over the years. When CNN downplays the possibility of new laws, while other sources consider the same data and spin it more cautiously, and given that it's an election year (thus leading naturally towards excess), expect some irritation and distrust.

Re:The alternative being? (1)

hetfield (129762) | more than 14 years ago | (#1211856)

Did you have any expectation that they'd set up legislation that would mandate that if your PC gets hacked,

No. It's just funny to see this show of farce, I mean force, by the DOJ. They are basically saying that they will use existing laws to punish crackers. Fine. My point is that if my house is broken into the local police will investigate even minimal damage/loss (I know cuz it happened, I lost $70 to a burglar who threatened to shoot my brother who caught him in the act even though he didn't have a gun). If my computer is cracked into nothing will happen. This report is merely hot air, unless your computer/data is worth $40,000+ and then it means someone might care. It doesn't mean that they can do anything about it.

It is not an unreasonable idea to try to apply the existing laws

Sure, if it involves an US server being cracked by a US citizen. Outside of that, what will happen? Nothing. The foreign government has to cooperate with US authorities. Do you think that will happen in places like Russia or the Middle East? Did they catch that guy who stole the database of credit card numbers? They know who he is... Why won't they do anything? Because they can't. He's in Russia (I think). Unless someone else knows different, in which case I'll stand humbly

a problem to which existing laws ... already apply.

This isn't legislation. This was a report designed to make Americans feel better about what is being done about crackers. Maybe they don't realize it, but all it will do is lull corporate America into believing that they are protected.

This is another example of legislators who think that the Internet doesn't stretch beyond our borders. Sure we invented it, but it's way too late to try and control it. The emphasis should be on educating Sys Admins on how to secure their network better rather than telling them they can rely on the DOJ to handle problems after the fact.
--

Re:Sigh (2)

technos (73414) | more than 14 years ago | (#1211857)

The profit-seekers, outcasts, and jerks have already arrived.

They're the 'dot-com' slimes, the 'e-tailers'. The AOLusers and the chat-room addicts. They're the spammers that force us to read through pyramid schemes and 'Swiss penile enlargement' advertisments at the breakfast table, the morons that brought Usenet to it's knees.

And what can we do? Some of their new ways are appealing. They've brought a new brand of e-booze that many of us are so satiated with we've forgotten. Unlike the 'Wild West', the natives are better armed than the invaders. DoS them into nonexistance whan they screw around. Shoot 'em in the knees with bans, 'spammer go away' and respond with like flame. Do not go quietly..

Re:freedom and liberty is so new (2)

TheCarp (96830) | more than 14 years ago | (#1211858)

> We'd rather be a free people than not. I think
> when asked, even many in the government would
> prefer that.
> I see a lot of anti-government posts here, and I
> get the feeling from their hostility they would
> rather have a government that they can yell at
> and be angry at than not. Strange to me.

Not strange at all. We have had a government all
our lives (and for several centuraies/millenia
previously). People are USED to government and
feel secure with one.

I remember a social psychology course I took in
colledge. People dislike not being free to some
extent...they will complain about lack of options.
However, psychologically, they feel more secure
and satisfied when they don't have to make
choices. They actually feel better knowing that
the choice is already made.

How many police are there per capita? maybe a
hundered police per 100,000 people? They are
not omnipresent. Yet...we are instilled with
this constant safe feeling knowing "they are
right around the corner". Talk to anyone and ask
them "At 4 am, when you come to an intesection
and stop at the red light, you see no cars
comming from anywehre...why do you wait for
it to turn green?"

The standard answer "Cuz if I don't I could get a
ticket". There is no logical reason to sit there.
There are no police anywehre in view...yet we
conform because we have been trained to. That is
the essence of Authority.

> I don't
> like to be angry

That reminds me of the Hitchhikers Guide:
(paraphrase)
"To combat this unhappiness people developed
systems which involved moving around small
pieces of green paper, which was quite curious
because it wasn't small peices of paper that
were unhappy to begin with"

Re:Yet another cliched view of native americans (2)

zantispam (78764) | more than 14 years ago | (#1211859)

"Please folks, don't get your image of native Americans from John Wayne films."

Where, pray, does your image come from?

(Genuine questtion)

Here's my [redrival.com] copy of DeCSS. Where's yours?

Re:Here's one less DDoS conspiracy theory... (0)

Anonymous Coward | more than 14 years ago | (#1211860)

Not true... I know a guy who knows a guy (no names) that says the NSA was behind the DDoS attacks, at Clinton's order. But Clinton took one look at the Slashdot coverage and realized the game was up.

We'll be targeted next. Hemos and CmdrTaco will be replaced with bland, passionless, droning robots. (They got to JonKatz months ago) Then one day *BANG* Slashdot.org is selling Clinton's saxaphone. Think about it!

I must go now... they'll be coming soon.

Conspiracy Guy

Re:Yet another cliched view of native americans (1)

whoop (194) | more than 14 years ago | (#1211861)

Nah, man. The Indians were just hippies deep down. Peace, Love, not war. They wore mocassins and beads, just hung out at their teepees smoking, just like hippies. It's not like hippies went around killing people. Er wait, maybe a few. And scalping was just their attempt to reach a hand out and say, "I like your hair, let me study how you braid it like that." ;)

Re:Just my .02$ USD (1)

Kevin T. (25654) | more than 14 years ago | (#1211862)

New laws in the US just mean more people from outside the US will be hacking US servers. "But the FBI will haul their asses in." Yea right. Let's see the FBI arrest someone from Cuba, China, or Russia! *[Ooooh we're breaking US laws!] *translated from Mandarin Actually, back in the early 90s, the U.S. passed a controversial law that basically says that the FBI _does_ have the power to go to other countries and arrest people who, say, smuggle drugs into the U.S. In fact, the U.S. is the only country in the world (to my knowledge) that claims police jurisdiction outside its borders. [This is all from memory. Anyone who can correct me/ provide more information, please speak up.] Beyond that nasty bit of foreign policy awkwardness, there are such things as extradition treaties, Interpol, etc. Basically, if you're a cracker working against U.S. targets (including the assets of U.S. corps in foreign lands), you probably fall into three categories: 1) Working for a government. You are a spy/ cyber-commando. Your deeds are acts of espionage and/or war. 2) Working for a corporation. You are a corporate hacker and subject to laws that govern such things. Since you're working for a corporation that bothers to, say, hack AOL's servers for information on their customers, you probably aren't working in the type of country that doesn't collaborate with the U.S. authorities to punish people like you. 3) Working on your own. You are a common thief, or possibly a terrorist, and your government probably won't protect you. The U.S., and other countries, have laws and methods to deal with all three. Computers are the tool. In the U.S.'s eyes, spies and terrorists are the users of that tool. The U.S. has spent the last 10 years throwing a lot of muscle at spies, terrorists, and smugglers-- foreign and domestic.

Re:Yet another cliched view of native americans (0)

Anonymous Coward | more than 14 years ago | (#1211863)

They learned the art of scalping from the French and Portugese, who had a bad habit of doing it to natives they didn't like. European bastards...

Re:scary thought (0)

Anonymous Coward | more than 14 years ago | (#1211864)

That's a form of corporate welfare

don.t you mean corporate warfare...
the easiest way to eliminate your competition...

Re:Yet another cliched view of native americans (2)

rambone (135825) | more than 14 years ago | (#1211865)

Where, pray, does your image come from?

History. Its not like this is hidden information - almost any public library of any stature will have numerous references available.

Re:It was a joke... (1)

Kaa (21510) | more than 14 years ago | (#1211866)

It was a joke...

Well, duh! People who needed this told to them are beyond help anyway IMAO.

Kaa

I think you are right. (1)

coyo (126580) | more than 14 years ago | (#1211867)

And it makes me wonder if we've really ever been truely free. Is our freedom just 'on paper'?

-coyo

An, uhh, interesting version of history (3)

hawk (1151) | more than 14 years ago | (#1211868)

Or are we supposed to call it "herstory" when it diverges this far from reality?

I don't think we know much about how well the native americans lived in
harmony with nature, but we do know that a few thousand years ago
newcomers came from the *west* and, as near as we can tell, killed them all
off. These newcomers came to be known as "Indians" when Columbus
thought he'd travelled to India. The name stuck, but modernly there
are folks calling this group "Native Americans."

This new group had a great many cultures, many of which were quite
different. Some were peacefull, licving with nature, etc. Others
were warlike, violent, and bloodthirsty. Some of these tortured
their captives, by such endearing methods as burning them alive to
test their bravery. Others enslaved other groups. Still others
exterminated others completely. The paths across the continent
of some of the warlike groups can still be traced by some of the
characteristics of the groups they displaced.

Eventually another group showed up from the east. These were more
warlike than some, and quite less warlike than other of the native
inhabitants. However, they were much better at war, and had better
weapons. They eventually ended up with most of the good land,
regardless of whether the peaceful or warlike groups previously held it.

Unless you get your history from political rallies, the American
Indians/Native Americans/whatever were rather diverse. The myth
about universally living in peace and harmony with nature is just
that, a myth. Some did, some didn't.

Re:now isn't that special (1)

mtnbkr (8981) | more than 14 years ago | (#1211869)

While we are at it, let's pay bank robbers or people who break into your house. Obviously, they are just pointing out security weaknesses too. We could extend this courtesy to all sorts of so called criminals. Whatever....

Chris

Re:All this government talk (1)

latcarf (143356) | more than 14 years ago | (#1211870)

A lot of this legislation is completely misguided, and often rooted in the hands of people who are completely clueless about what they are talking about in this area.

We can complain about the balance of certain laws (or laws in general) but it is not true that the Congress and various interagency committees are clueless. They are provided with expertise by various interested parties and respond to the concerns that they hear about. The Internet Alliance ("IA") is willing to take some credit for the final shape of the cybercrine report. You can see their news release at here [internetalliance.org] . The IA is concerned that any new laws would shift more responsibilty for enforcing the law onto the private sector which would be a form of tax. The news release cited above concludes with the statement that the IA was recently acquired by the Direct Marketing Association.

I happen to agree that there are plenty of laws available to prosecute "cybercriminals" when they do serious damage and the users of the web need to take more responsibility for making sure their own computers are secure.

Re:Yet another cliched view of native americans (1)

ronfar (52216) | more than 14 years ago | (#1211871)

I read that it was done (first by Europeans) because the hair was worth money to wig makers (see the O. Henry story "Gift of the Magi" for an example of hair being a valuable commodity.)

Re:Yet another cliched view of native americans (2)

Ross C. Brackett (5878) | more than 14 years ago | (#1211872)

Oh, please. If you would just drop the Randite Objectivism BS for two seconds, you would see that I'm actually arguing for a more libretarian attitude towards Internet government.

Most of the Internet problems that big business goes crying to about the government nowadays could be solved through technological mesaures. If companies would spend their effort working on a RBL-blacklist-on-steriods solution rather than calling in the FBI every time a script kiddie 0wnz them, or filing a lawsuit when they get one or two spam messages, the Internet would be able to govern itself just fine.

I'm sure if I had used a metaphor about the Boston Tea Party or something, you wouldn't have minded, since American colonists are an oppressed minority that were "better armed".

Re:Thank G-d, For Once We Have "No New Laws" (1)

Kaa (21510) | more than 14 years ago | (#1211873)

Government intervention, like stuffing a hamster up your own ass, seems like a good idea intially ...

I think that this is a very valid comparison. I agree that people who think that government intervention is a good idea tend to be the same people who think that stuffing a hamster up your ass is a good idea. At least the IQ level and ability to foresee consequences seem to be the same.

Kaa

Re:Who is this mystery "top AOL lawyer"? (1)

latcarf (143356) | more than 14 years ago | (#1211874)

Read the Internet Alliance news release here [internetalliance.org] and you will understand.

Re:All this government talk (1)

Dungeon Dweller (134014) | more than 14 years ago | (#1211875)

Committees are for reference, but politicians may not understand what these committees are getting at. Also, the unfortunate downfall of our wonderful political system is the same of it strength. Politicians must bow the the whims of their constituents. While this may mean that they are controlled by the people, it also means that they have to get the attention of people. By passing an "anti-hacker" law, a legislator can get much more attention, than by voting it down, as their constituents may not understand/believe that it is misguided.

UCITA got voted up in my state... That is a good enough example. That document is an abomination, yet I am sure that next term, many delegates will say how they voted for it and it enables commerce.

I am sorry, but I maintain my position. I'm not saying that these people are foolish, but I am saying that they make mistakes... Or sometimes moves merely for political interest. And I am not decrying them for this. It is a necessary evil. The legal system will fix itself over time, this I know, that is what makes our country great. But Prohibition... Slavery... You get the picture.

Re:It was a joke... (2)

gorilla (36491) | more than 14 years ago | (#1211876)

Those of us who were awake noticed them on April 1st.

Re:now isn't that special (2)

El Volio (40489) | more than 14 years ago | (#1211877)

There's already something similar (though not exactly what you're proposing). Security audits doing just this are often performed by 'tiger teams', whether by internal employees or external auditors hired for that purpose.

I work in network security for a large corporation, and the problem with the view that "hackers only point out weaknesses in your network, so you should thank them" is that they're exactly the people we need to keep out. This business of non-malicious vs malicious is not the point. Was the person authorized? No? Then it was wrong. Yes, I personally am glad they may not have had intent to do something further, since that means that there's less work to be done. But the fact that someone went somewhere they're not supposed to go is not excused by the fact that our security had a chink in it.

All that aside, authorized audits are a good thing. This way, you guarantee that they're not malicious (assuming you trust the auditors ;> ), and still find holes.

Re:It was a joke... (0)

Anonymous Coward | more than 14 years ago | (#1211878)

IMAO

In My Asshole Opinion ?

Left hand, right hand, only taxpayer money (2)

unitron (5733) | more than 14 years ago | (#1211879)

Too late for karma but...
As I noted in a previous story's thread, The Register had an article [theregister.co.uk] about a General Accounting Office report that basically says the DOJ is going about this in entirely the wrong way because of turf concerns.

hmm (1)

rbf (2305) | more than 14 years ago | (#1211880)

That's good they are not going to create a bunch of new useless laws.. but ya gotta wonder what their hidden agenda with this is!

rbf aka pulsar

Fixing the problem so it stays fixed (5)

Animats (122034) | more than 14 years ago | (#1211881)

The whole denial-of-service problem is being quietly fixed by people who are putting small changes into server and router code. What law enforcement does is largely irrelevant. In the end, all they can do is maybe find some kid and put him in jail. That isn't effective enough, because there are too many kids.

Here's my checklist of what needs to be fixed:

  • SYN flooding Don't commit TCP connection resources until the transition to ESTAB. Fixes exist.
  • Packet traffic overloading from valid IP addresses Turn on fair queuing (plug: I invented that; see my RFCs) at the upstream router. Cisco routers do this for T1 and down by default; make sure it's on. Big sites generally have enough inbound bandwidth this isn't a killer problem.
  • Packet traffic overloading from invalid IP addresses This is the hard one. Turn on outbound filtering where possible. Routers need a feature that accepts a request to turn on record route for the next few seconds for packets to a specified destination. This makes possible a sort of "reverse traceroute". Requires R&D, a standard, and programs that implement it.
  • HTTP request overloading Impose fairness scheduling at the listen queue level. Needs R&D, some kernel coding, and support in the HTTP server, but isn't that hard.
  • Attacks on large numbers of machines A small percentage of machines on the net need to be booby-trapped to trace back, silently, attacks on them. There should be voluntary services to which you can subscribe (something like SpamCop [spamcop.com] ) that takes attack reports, correlates them, and locates the offender. This doesn't need to be government-run; it's a reasonable business.

Doing this will actually fix the problem. Much more effective than holding press conferences.

John Nagle

Could it be... SATAN? (1)

SEWilco (27983) | more than 14 years ago | (#1211882)

If a company requests a security examination, the examiners can legally do to that company whatever the company says they can do. If someone does the same thing without permission it's vandalism, breaking & entering, property damage, or theft. An obvious example is the first act of the movie Sneakers [borders.com] . And any real system security auditor would simply give the administrator a description of the problems, not abuse them until discovered. The administrator would also be in a position to trust that no damage was done or back doors had been installed, and would be able to stop employees who discover the activity in progress from wasting time dealing with an apparent threat [fatbrain.com] .

Been there, done that.

Re:All this government talk (1)

nido (102070) | more than 14 years ago | (#1211883)

I hate to see a politician stand up at a podium and spout about how our world is at the mercy of "hackers." Or how "dangerous" those damn DoS attacks were a couple of weeks ago.

I believe it was Benjamin Franklin who said, when commenting on the lack of progess on revisions to the Articles of the Confederation (don't really know in what context this was said, if anyone out there knows the exact quote please post it or e-mail me), "if we take too much longer putting together this government, people might start to realise that they get along fine without us." If you don't want people to realise that they get along fine without you, you ought to make yourself seem important. Standing on the podium is one way to draw attention to yourself...

Re:Of course there are (1)

SEWilco (27983) | more than 14 years ago | (#1211884)

You missed the point. Do not stick "computer" ahead of any of those, and do not think up new penalty levels. Breaking & entering laws are fine, whether a computer is involved or not.

Break a $200 door and steal a $200 TV and you'll get the same penalty as making a system administrator use $400 of his time cleaning up a mess (actually, that's probably not enough money for most situations...).

Re:What no "Net Force"? (1)

SEWilco (27983) | more than 14 years ago | (#1211885)

Please, no references to the TV version. Only references to the book version are relevant.

Re:because you're a brainless fucking imbecile. (2)

MattMann (102516) | more than 14 years ago | (#1211886)

how the fuck is your fucking web browser going to fucking know your fucking social security number and your fucking sexual preference?! IT IS NOT POSSIBLE TO DO THAT.

your browser does not generate cookies, servers do, so pull your opposable thumb from out of your ass, OR IS IT NOT POSSIBLE TO DO THAT?

And how would the server know? Well, have you followed the Doubleclick controversy? Do you have your own IP address, or do you share one with the rest of AOL? Because all of the cool people have their own IP address (I have 269 of them :), and when they go to Slashdot, and from there to somewhere else, read the story, back and post a comment... why, it does not take long to figure out who goes with which IP address if they're somewhat active. It's happening only rarely now, but all the records are accumulating, companies are merging... it's just not that far fetched.

Anyway, so the guy made a mistake. He's one out of thousands of people. If you've ever run a big mailing list or organized a big event (yeah, like your 10th birthday to infinity), you quickly come to realize that when 1000s of people are involved, just by probability alone a small number of perfectly intelligent people are going to miss the instructions, not see an obvious sign, etc. It's really no big deal. But when you make a big deal out of it when other people make a mistake, you then find yourself feeling especially humilated when you make a mistake yourself. Luckily, you still live with your mother and she can comfort you, but when you get big you'll realize that it's better to just explain things to people.

Re:All this government talk (1)

Dungeon Dweller (134014) | more than 14 years ago | (#1211887)

Exactly. The strength of our government is that our legislators must appease the people. The weakness is that they must advertise to them.

Re:Sigh (1)

SEWilco (27983) | more than 14 years ago | (#1211888)

"Native Americans lived there in relative peace and harmony"
Please give us your definition of the word commonly known as "Sioux" and why the Chippewa (Ojibway) used that term...

Re:freedom and liberty is so new (1)

QuasEye (98125) | more than 14 years ago | (#1211889)

You know, there's an interesting quote that sums up that post...

"Freedom of choice / Is what you got.
Freedom from choice / Is what you want."
- Devo, Freedom of Choice

bp

"If I removed everything here that I thought was pointless, there would be like two messages here."

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>