Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Some DNS Requests Ruled Illegal in North Dakota

samzenpus posted more than 6 years ago | from the that's-a-paddling dept.

The Courts 331

jgreco writes "A judge in North Dakota has just ruled that requesting a zone transfer from a public DNS server is criminal activity within the meaning of the North Dakota Computer Crimes Law. A zone transfer is a simple request that a DNS server hand over information in bulk, and a DNS server may be configured to allow or deny such requests. That the owner of a DNS server would configure the server to allow such requests, and then claim such requests were unauthorized, is simply stunning."

cancel ×

331 comments

Sorry! There are no comments related to the filter you selected.

beware (4, Funny)

ratonu (868505) | more than 6 years ago | (#22079222)

So now there is a good chance i can go buy some adwords and advertise my website and then sue anyone who will access it... A good business model.

Re:beware (2, Informative)

Nos. (179609) | more than 6 years ago | (#22079716)

It says (even in the summary) we're talking about zone transfers, not regular lookups. So sue all you want, just don't be surprised when every case is thrown out.

Unbelievable (3, Insightful)

Chrisq (894406) | more than 6 years ago | (#22079230)

This in effect means that you cannot set up a secondary DNS server in North Dakota. Any ISPs in the state should probably relocate!

Re:Unbelievable (1)

Anonymous Coward | more than 6 years ago | (#22079262)

What gave you that idea? It simply means that you cannot request the zone transfer *without authorization*. That is: if you have authorization, it's okay to do it.

However, given how stupid the decision is, relocation might be a good idea.

Re:Unbelievable (0)

Anonymous Coward | more than 6 years ago | (#22079302)

As the saying goes, "stupidity cannot be concealed".

Re:Unbelievable (2, Interesting)

BoomerSooner (308737) | more than 6 years ago | (#22079726)

This is typical of most judges I've encountered. They are too lazy to actually understand the information in front of them they are adjudicating. For example, getting divorced. 10k pages of discovery and the judge just flips through it. No understanding of accounting or much of anything else. It's like arguing to a 5th grader about law. 99% goes over their head if it's not criminal related. So beware if you're in any kind of trial where it's a technical field, or hell, even anything with discovery beyond what the court 'thinks' is relevant.

Re:Unbelievable (4, Interesting)

billcopc (196330) | more than 6 years ago | (#22080134)

I don't think a judge should be expected to read through 10k pages of vindictive banter in order to decide how to split a marriage. I don't expect them to become an expert in the simple-yet-confusing DNS system either. The important facts should be presented in concise layman's terms.

"Sir, a zone transfer is when you type 'dig google.com axfr'. It is a standard feature of the DNS protocol and software suite. The only way it can be abused is if it is left unprotected by the network administrator, much the same as a house can be abused if you leave your doors and windows unlocked."

J:"I get it. Plaintiff, you're an idiot! Case dismissed."

The fact that these simple truths can be irreversibly concealed through the one-way hash known as legalese, is just evidence that the legal system is broken beyond repair. At least you can brute-force RSA :/

Re:Unbelievable (4, Informative)

Intron (870560) | more than 6 years ago | (#22080180)

FINDINGS OF FACT

"In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server. A secondary intended purpose for zone transfers is to permit trouble shooting in which case zone transfers may sometimes be undertaken via the manually conducted host -l command. In those instances, however, the person conducting the diagnosis acts with the authorization of the operator of the system and is usually the network administrator for the system."

Sounds like the judge understood it pretty well to me.

Re:Unbelievable (5, Insightful)

MyLongNickName (822545) | more than 6 years ago | (#22079788)

What is more unbelievable is that you'd take an article summary like this as being the gospel. More often than not, it is someone who hasn't really read the whole article, but wants to see his name on the front page of Slashdot. Dispense with a few facts, create some sensationalism, and the crack Slashdot editing team puts it up without fact checking.

Re:Unbelievable (2, Insightful)

ari_j (90255) | more than 6 years ago | (#22079984)

The article isn't much better. I think that it's going to be nothing but sensationalism unless someone gets ahold of the actual court documents.

Re:Unbelievable (1)

nschubach (922175) | more than 6 years ago | (#22080296)

Did you see the findings [spamsuite.com] ?

Re:Unbelievable (1)

nschubach (922175) | more than 6 years ago | (#22080262)

wants to see his name on the front page of Slashdot
You're just jealous... poo-poo head.

You have to wonder though: Why would data transfer (of publicly available and non-copyright data) be illegal? Was he using this to perform some kind of DoS attack (polling for a transfer over and over)? If so, why doesn't the DNS server detect and restrict this? If this is a concern over the private data, why wouldn't the DNS only transfer public records (and is this possible)? Maybe he is guilty for the intent of his actions, but it should be a learning experience for anyone working with the DNS servers and/or code to restrict this in the future.

Re:Unbelievable (-1)

Simon Brooke (45012) | more than 6 years ago | (#22079796)

This in effect means that you cannot set up a secondary DNS server in North Dakota. Any ISPs in the state should probably relocate!

Actually, it means more than this. It means you cannot look at a web page in North Dakota. WHOIS information, and other DNS information, is public data deliberately published on the internet so that other people may read it. If they couldn't read it, the modern internet as we know it - with meaningful names instead of dotted quad addresses - could not work. Web pages - public web pages - are also public data which is deliberately published on the Internet so that other people may read it. If reading DNS records without specific authorisation is illegal, so is looking at web pages. So if you're in North Dakota and you're reading this, you better run for them thar boondocks, boy. We're coming to git you!

Re:Unbelievable (0)

Anonymous Coward | more than 6 years ago | (#22080024)

you better run for them thar boondocks, boy. We're coming to git you!

Oh ya?

Re:Unbelievable (3, Funny)

Crazy_CorranH (1207148) | more than 6 years ago | (#22080298)

So if you're in North Dakota and you're reading this, you better run for them thar boondocks, boy. We're coming to git you!

Well, coming from ND, I'd have to say it's all boondocks. Where should I run to now?

Appeal? (1)

MoxFulder (159829) | more than 6 years ago | (#22080306)

No word in TFA if he plans to appeal... let's hope so!!!

consequence of bad computer crime laws (4, Insightful)

j0nb0y (107699) | more than 6 years ago | (#22079242)

Most states have computer crime laws that pretty much say this: It is illegal to access a computer that you are not authorized to access.

This basically means that if you don't have written permission to access a computer, you can't access it legally.

So everyone who uses computers breaks the law, and the law is only truly defined by who prosecutors decide to prosecute.

This state of affairs is completely ridiculous, but unless you find a tech savvy Judge, the situation is unlikely to be changed through the courts.

Re:consequence of bad computer crime laws (3, Insightful)

mcvos (645701) | more than 6 years ago | (#22079456)

By this reasoning, looking at a website without written permission of the webmaster would be illegal too. The Judge has basically declared the internet illegal.

Re:consequence of bad computer crime laws (2, Insightful)

CastrTroy (595695) | more than 6 years ago | (#22079628)

The act of putting up a website (or any other internet server) on the public internet should be enough to say the operator of the server gave you permission to access it. If you don't want people accessing your server, at least put a password on it for basic access control, or if it requires more security, than put it behind a VPN/Firewall box.

Re:consequence of bad computer crime laws (2, Informative)

Simon Brooke (45012) | more than 6 years ago | (#22079808)

The act of putting up a website (or any other internet server) on the public internet should be enough to say the operator of the server gave you permission to access it. If you don't want people accessing your server, at least put a password on it for basic access control, or if it requires more security, than put it behind a VPN/Firewall box.

The act of putting up a DNS server is exactly the same. But we now know it's illegal to access a DNS server, therefore it must be illegal to access a web server.

Without written permission in triplicate, signed in longhand by the owner of the data using a quill pen and attested by the county registrar and the sheriff, of course.

Re:consequence of bad computer crime laws (0)

Anonymous Coward | more than 6 years ago | (#22080188)

Exactly his point -- the server was configured to allow this access and had no security measure in place. On the internet it is accepted that when lacking anything to the contrary it is legal to push every available button and to walk through every unlocked door.

Re:consequence of bad computer crime laws (1)

mcvos (645701) | more than 6 years ago | (#22080216)

The act of putting up a website (or any other internet server) on the public internet should be enough to say the operator of the server gave you permission to access it.

Should be, but what if I didn't intend the whole world to see it? Perhaps my webpage is only for my friends or family. My sister did that, actually. Set up a website with het pregnancy log, mail the address to the family and request that nobody link to it so google wouldn't find it. The intent is clearly that not everybody has permission to access this website, but would that hold up in court? As much as I respect her privacy, I really hope not.

Same thing with public DNS or open wifi. If you don't intend for it to be open, don't make it open.

Re:consequence of bad computer crime laws (1)

mini me (132455) | more than 6 years ago | (#22080308)

Just because I encourage you to request zone transfers from my public DNS server does not mean that you can request zone transfers from all public DNS servers (as indicated by this case). By the same token, just because I encourage you to read my website, it does not mean you have permission to read all websites.

Re:consequence of bad computer crime laws (4, Interesting)

_Spirit (23983) | more than 6 years ago | (#22079694)

I always think it rather silly to state that a judge declared something illegal. Yes I know that he interprets the law. But all the judge does is look at the law and the case. So all the judge has done is show that the law is stupid. The laws that make this illegal were already around. Don't blame the judge, blame the legislators and push to get the law changed!

Re:consequence of bad computer crime laws (3, Insightful)

strangel (110237) | more than 6 years ago | (#22079860)

The reason people say that a judge declared something illegal is that in order for there to be consequences in such a case, there must be a trial. A trial will always go through a judge, so a judge always has to interpret the law. Part of this interpretation depends upon past precedent...therefore it is possible that if the next judge isn't bright enough to recognize a bad precedent when he/she sees one, he/she will follow the precedent. This further strengthens the precedent for later cases.

Re:consequence of bad computer crime laws (1)

vtcodger (957785) | more than 6 years ago | (#22079540)

***This basically means that if you don't have written permission to access a computer, you can't access it legally.***

My written permission to access slashdot? Yes officer. I have it around here somewhere. ... Just give me a minute ... Waddyamean 'I have a right to an attorney' ... Hey, not so tight with those handcuffs mate ....

Re:consequence of bad computer crime laws (3, Funny)

kalirion (728907) | more than 6 years ago | (#22080166)

Be glad he didn't tase you, bro.

Re:consequence of bad computer crime laws (5, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#22079582)

It IS completely ridiculous. I doubt very much that OSDN or SourceForge (or whatever they're called this week) wants to have to give explicit permission to each and every user on Slashdot, but that's what it appears to have come to because judges are techno-illiterates.

If a service is running on a machine connected to the Internet and that service is obviously not secured, then the only thing that can be assumed is that permission to use that service is implicitly granted, especially in absence of notices stating otherwise.

IOW, if you run a Web server on port 80 and require no authentication, then it can be easily assumed that you intend to publish any materials served via the Web server to the public Internet -- you expect people to access it.

Ditto if you run a DNS service that allows zone transfers to all comers -- you expect that DNS zone transfer will occur and no one will need permission from you to do so.

To rule otherwise is nothing but pure stupidity.

Mod parent up! (1)

strangel (110237) | more than 6 years ago | (#22079820)

I was going to make this same point.

Well said, morgan_greywolf.

Re:consequence of bad computer crime laws (1)

MightyYar (622222) | more than 6 years ago | (#22080232)

I agree wholeheartedly, but there is one more element to consider. If you KNOW that the DNS server is mistakenly configured, then you should not access it. It would be very hard to prove this in court, but it is analogous to taking a "free" New York times because the latch on the newspaper stand was broken.

That doesn't seem to be the case here - it looks like this guy is an anti-spammer using the usual common tools to do his work. I don't know what "hijacking" he did, but that's a separate issue.

Re:consequence of bad computer crime laws (3, Informative)

aproposofwhat (1019098) | more than 6 years ago | (#22080280)

More to the point, what idiot would put DNS records relating their internal private network on a publically accessible DNS server?

That's what Sierra did, according to the court decision.

Either the admin responsible is incredibly stupid, incredibly lazy or just hasn't thought through the security implications.

Re:consequence of bad computer crime laws (1)

Bert64 (520050) | more than 6 years ago | (#22079722)

Yes, can i see your written permission to access the computers comprising slashdot.org please?

Re:consequence of bad computer crime laws (0)

Anonymous Coward | more than 6 years ago | (#22079922)

I was involved in a court case less than a week ago where I submitted video evidence to the court.

I took the security camera footage from a stand alone system and converted it to DVD via standard tools. Since the evidence was not identical to the original (bit for bit at least) the defense attempted to have my 'format shifted' evidence thrown out.

Luckly the Judge was logical enough to see that the video hadn't changed, just the format, and allowed it to be entered. However, I could see how a lazy, or luddite judge could throw the evidence out.

DNS illegal now? Read again. (5, Informative)

Anonymous Coward | more than 6 years ago | (#22079248)

Might want to read the actual court ruling instead of the populistic and alarmist comments surrounding it. As I read it, the defendant already had been told by the court to stop bothering the plaintiff, and he then proceeded to ignore that. In and of itself the ruling doesn't outlaw dns requests, altough the judge's grasp of the technology clearly could stand improvement.

Re:DNS illegal now? Read again. (1)

Ngarrang (1023425) | more than 6 years ago | (#22079306)

Might want to read the actual court ruling instead of the populistic and alarmist comments surrounding it. As I read it, the defendant already had been told by the court to stop bothering the plaintiff, and he then proceeded to ignore that. In and of itself the ruling doesn't outlaw dns requests, altough the judge's grasp of the technology clearly could stand improvement.
But, quickly posted inflammatory remarks based solely on the posts of others who did not read the article is required policy! Populistic? I am going to have to find a way of using that word today in conversation. *grin*

Re:DNS illegal now? Read again. (5, Insightful)

tgd (2822) | more than 6 years ago | (#22079340)

See this is why we need a (-1 Informative) moderation... because clearly from the tone of the post and the the majority of the replies, rational response is not the goal of this story submission.

Re:DNS illegal now? Read again. (0)

Anonymous Coward | more than 6 years ago | (#22079380)

Might want to read the actual court ruling instead of the populistic and alarmist comments surrounding it
You must be new here.

Re:DNS illegal now? Read again. (5, Informative)

autocracy (192714) | more than 6 years ago | (#22079424)

TFA really sucks. The linked judgment is much more useful to read. I'm kind of saddened by the judges focus on "zone transfers," but it's clear that the issue is not about zone transfers. The issue is a pattern of malicious activity that the defendant had an injunction placed on him for. He violated that injunction. It was corporate cyber-stalking harassment, really. I'd say that the zone transfer was illegal in context, especially with an outstanding injunction to stay off the company's servers.

Re:DNS illegal now? Read again. (1)

ari_j (90255) | more than 6 years ago | (#22080032)

It's also not a criminal case, as far as I can tell. The article was dumb, but the Slashdot version is dumber.

Facts from the ruling (3, Informative)

InvisiBill (706958) | more than 6 years ago | (#22079584)

18. Ritz was not an authoritative name server, a DNS server, nor any kind of computer at the time he accessed Sierra's computer.
I'm pretty sure that one wins some sort of award reserved for the highest level of intellectuals.

21. The information which Ritz published was not public. Moreover, much of the information was not publicly accessible.
In all seriousness, I think this is where the major issue lies. The judge ruled that because most people don't know about host -l, that the information was private, even though it was publicly available with a standard command.

If Ritz had previously been ordered to leave Sierra alone, and hadn't, then that's a basis for the ruling right there, completely ignoring any aspect of DNS. From the court documents, the guy sounds like quite a piehole.

Re:Facts from the ruling (1)

twistedsymphony (956982) | more than 6 years ago | (#22079634)

In all seriousness, I think this is where the major issue lies. The judge ruled that because most people don't know about host -l, that the information was private, even though it was publicly available with a standard command.
Exactly, that's like saying walking through an unlocked door to a shop is illegal because most people don't know how to turn a door knob.

Re:Facts from the ruling (2, Insightful)

codefool (189025) | more than 6 years ago | (#22079864)

It's more like dressing up like a repairman, going through the unlocked gate, the unlocked door, and raiding the unlocked refrigerator. He clearly took all precautions to not be detected and this passes the "walks like a duck" test. His past behavior and public admissions did not help his case. While I wish all the court documents were available, I've read the finding of fact and law and I agree with it. He dug himself a deep hole and now he can't climb out of it.

Re:Facts from the ruling (4, Insightful)

squiggleslash (241428) | more than 6 years ago | (#22080116)

Well, the ruling's more like being told that you can't enter a shop that happens to have a door unlocked at the front after you've repeatedly entered it and been told explicitly to go away because the shop's not open yet.

Re:Facts from the ruling (3, Informative)

onecheapgeek (964280) | more than 6 years ago | (#22080142)

From the ruling:
7. Ritz, at all times material, acted intentionally and with the intent to gather as much DNS and other information as possible about Sierra and its principals, agents and related entities and persons. Ritz made the information he gathered available to several persons, including a competitor of Sierra, SuperNews and SuperNews accessed that information. Ritz has admitted that SuperNews personnel accessed the zilla queries file where it resided on his computer via http connection.

8. The intended purpose of a zone transfer is primarily one of redundancy. Zone
-3-
transfers are the means by which a primary authoritative domain name server copies the domain structure to a secondary authoritative domain name server for the purpose of redundancy. Generally, both of those servers pertain to the same domain. In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server. A secondary intended purpose for zone transfers is to permit trouble shooting in which case zone transfers may sometimes be undertaken via the manually conducted host -l command. In those instances, however, the person conducting the diagnosis acts with the authorization of the operator of the system and is usually the network administrator for the system.

9. The evidence presented at trial produced no treatises or authoritative sources to suggest that any other intended purpose exists for a zone transfer. The academic and technical resources put in evidence at trial uniformly indicate that zone transfers have no intended purposes beyond those mentioned above.

10. The literature available on the subject all refers to access attempts such as the host -l command issued by Ritz under the circumstances of this case as "unauthorized." Microsoft itself, as well as various other, authorities all refer to zone transfers conducted by an individual other than the network administrator or an authoritative name server as "unauthorized."

11. Ritz accessed Sierra's computer, copied and disclosed information found on that computer beginning at least with the February 27, 2005 access and continuing thereafter through the summer of 2005. Ritz made several access attempts which were also unsuccessful after April 1, 2005.

12. Publication of the zilla queries file containing information about Sierra including its internal domain structure created a grave security risk for Sierra. That information, in the
-4-
hands of outsiders with malicious intent. threatens the integrity of Sierra's computer system. Publication of that information also competitively injured Sierra since a competitor such as SuperNews can use the information to better evaluate and compete with Sierra.

13. Ritz has port scanned thousands of computed, including those of Sierra.

14. Ritz frequently attempted to access Sierra's computers from a variety of locations in case Sierra was blocking access from his known IP address. He also concealed the IP address of his point of origin in order to shield himself from blame or, as he put it, "taking the beat."

15. Ritz has participated in approximately eighteen UseNet death penalties ("UDP"). A UDP is an attempt to force a Usenet service provider to change its behavior by threatening to have peers cancel their relationships with the target of the UDP, canceling messages propagated from the target of the UDP and if that fails, to go to other providers to convince them to cease doing business with the target. Once he was armed with Sierra's internal domain structure and published that information. Ritz called for a UDP against Sierra.

16. Ritz has issued Internet mail bombs and undertaken efforts which resulted in disconnecting third parties from the Internet

This guy was not doing ANYTHING legitimate. He was trying to damage their business through whatever means he could, including attacking their customer base. On top of it all, he began to try to circumvent the actions they took to prevent him from accessing the information. He started using proxies to bypass an IP block. To say this has any effect on a secondary DNS doing a zone transfer for DNS purposes is beyond stupid.

Re:DNS illegal now? Read again. (1)

0xdeadbeef (28836) | more than 6 years ago | (#22079730)

3. At various other times, Ritz issued a variety of commands, including host -l, helo, and vrfy. The afore-mentioned commands are not commonly known to the average computer user.

4. Ritz frequently accomplished his access to Sierra's computers by concealing his identity via proxies and by accessing the servers via a Unix operating system and using a shell accounts, among other methods. He also disguised himself as a mail server.

The Court rejects the test for "authorization" articulated by defendant's expert, Lawrence Baldwin. To find all access "authorized" which is successful would essentially turn the computer crime laws of this country upside down. Any backer could allege that any form of access was authorized because he was able to penetrate the system, regardless of whether the commands utilized were well-formed.

Oh noes! The judge is being alarmist and populist! (Whining about alarmism and populism ought to be the new Godwin. It only marks the speaker as a tool.)

That the defendant dug his own hole is immaterial to the actual controversy. If he were only being punished for ignoring an injunction, no one would care. No, the plaintiff is a spammer and is misrepresenting the nature of computer security to a stupid, compliant judge to seek vengeance.

How fast do you think they'd reverse their argument if someone sued them for pumping unauthorized spam to users on a mail server?

Re:DNS illegal now? Read again. (1)

Kizeh (71312) | more than 6 years ago | (#22079848)

Also, the article is a bit unclear as to just what he obtained. If he used programmatic tools to harvest information out of whois, he was in violation of the terms under which this information is provided. Just do a whois query on any .com and actually read the disclaimer.

Re:DNS illegal now? Read again. (4, Insightful)

squiggleslash (241428) | more than 6 years ago | (#22079888)

What's absolutely hilarious about this are the number of replies to this article complaining about "clueless" Judges who "don't understand the issues" and aren't prepared to "read the evidence" right in front of them. Uh-hum. Because all you guys did, right?

Oops (4, Funny)

slarrg (931336) | more than 6 years ago | (#22079250)

I didn't mean for anyone to read this post on the internet. So it illegal.

Re:Oops (4, Funny)

mulvane (692631) | more than 6 years ago | (#22079554)

Damn YOU!!!!

I try to be a somewhat law abiding citizen. Thanks for my first criminal act of the day I didn't even mean to commit.

Re:Oops (1)

Arancaytar (966377) | more than 6 years ago | (#22079790)

Well damn. I didn't scroll down fast enough. I hope I won't end up sued!

(And I didn't even try to find out if I was authorized to reply!)

I just love clueless polititions (1)

drspliff (652992) | more than 6 years ago | (#22079258)

Because eventually their going to make most of my job illegal so I can move onto other more interesting things... like working in marketing or middle management

How the hell are you supposed to run redundant DNS setups when zone transfers aren't allowed? Sure there are inventive ways, but... DNS WAS FRIKKEN DESIGNED FOR THIS!

Re:I just love clueless polititions (1)

Porchroof (726270) | more than 6 years ago | (#22079494)

Polititions?

Re:I just love clueless polititions (1)

plover (150551) | more than 6 years ago | (#22079558)

Polititions?
Y'know, when grub chops your drives up from one big drive into smaller polititions.

Re:I just love clueless polititions (0)

Dragonslicer (991472) | more than 6 years ago | (#22079706)

I would guess that you aren't from the United States (or are just trolling). Judges are generally not politicians.

Re:I just love clueless polititions (1)

VJ42 (860241) | more than 6 years ago | (#22079872)

Judges are generally not politicians.
Indeed, but it's the politicians who wrote the law that this Judge ruled on, so they are not entirely blameless either.

Re:I just love clueless polititions (1)

blackdew (1161277) | more than 6 years ago | (#22080136)

Ok, they win, screw this illegal IT shit, lets all go make and sell drugs and weapons.

Turn computer crime laws upside down (4, Interesting)

unlametheweak (1102159) | more than 6 years ago | (#22079260)

From TFA:

"The Court rejects the test for "authorization" articulated by defendant's expert, Lawrence Baldwin. To find all access "authorized" which is successful would essentially turn the computer crime laws of this country upside down."
One could only hope.

Default settings allow it... (2, Informative)

mnslinky (1105103) | more than 6 years ago | (#22079270)

BIND 9.x and earlier allow this activity by default. This being the case, a new and/or ignorant system administrator may not realize their zone file is available for the taking.

One more example of the law having to protect the stupid, but I can *sorta* see the point of it. This falls in line with stealing wifi from unprotected networks. Just because it's not secured doesn't mean it OK to break in.

Re:Default settings allow it... (1)

Klaus_1250 (987230) | more than 6 years ago | (#22079676)

This falls in line with stealing wifi from unprotected networks. Just because it's not secured doesn't mean it OK to break in.
That's turning the world upside down. If someone transmits a signal in an public space, without security, how can you break in? And how does that protect the other "stupid", e.g. people who have set their WiFi-card to connect automatically to any available Accesspoint? If someone does not protect their WiFi, or does not mark it as private, it is not. Same goes on the internet. Internet is public space. If you do not take any provisions to secure/restrict access to certain sources/services/spaces, than those are public as well. You can't expect a "reasonable person" to think otherwise.

Re:Default settings allow it... (1)

mnslinky (1105103) | more than 6 years ago | (#22079782)

I'm not saying it's right or makes sense. Rather, I'm lumping this latest motion made by the legal system in with the other stuff that doesn't quite make any sense. Just because you have your wireless card set to automatically join any available wifi networks, doesn't mean it's ok, or legal. That's along the same lines of setting your cruise control to 65mph when the speed limit is 55mph, and arguing when you're pulled over that it's OK, beause the road didn't limit their speed. After all, the road is public space.

On the other hand, I agree with your points, in part. There should be some responsibility on the part of the administrator to secure the network, or at least make an effort to do so.

Re:Default settings allow it... (1)

Hatta (162192) | more than 6 years ago | (#22080320)

Just because it's not secured doesn't mean it OK to break in.

It's not breaking in if it's not secured. Servers that do not require authorization are implicitly open for all to use. That's just how the internet works. Imagine if you needed written authorization to access a website. That's obviously absurd. Well it works the same way for every ftp, irc, DNS, DHCP, NNTP and every other server out there.

FUD (4, Informative)

Telephone Sanitizer (989116) | more than 6 years ago | (#22079292)

It's a civil case.

The worst that can be said about it is that it's bad precedent and the judgment was wrong.

The judge did not make DNS requests illegal.

Re:FUD (0)

Anonymous Coward | more than 6 years ago | (#22080118)

Agreed. Besides, this only affects the 5 people in North Dakota that have internet access, and we were all present at the trial.

Public information? (2, Interesting)

suso (153703) | more than 6 years ago | (#22079296)

Asking a public internet server for public information that it is configured to provide upon demand?

This quote from the article is debatable and the reason why its not a good idea to allow zone transfers. A lot of times, information that you would rather not be public is in zone files. I've seen a some people put processor information in HINFO records. This is bad because there was a cryptographer in the 90s that discovered that its possible to determine random number generation sequences based on your processor model and frequency. So it wouldn't be good for that info to be public.

Its not a good idea to allow zone transfers. Although its useful when an ISP that you are transfering a zone from doesn't want to give you all the zone records.

Re:Public information? (1)

SharpFang (651121) | more than 6 years ago | (#22079596)

Therefore you disable it or restrict access. You don't litigate everyone who accesses it.

Say, instead of using a bank, I leave all my money as cash right by my trashcan on the street, and then sue everyone and accuse them of thievery for taking it.

Re:Public information? (1)

entrigant (233266) | more than 6 years ago | (#22080184)

Um.. you DO realize the entire point of placing a HINFO record in the zone is so that people can.. I dunno.. query the HINFO record. You do.. don't you?

Why am I not suprised? (0)

flajann (658201) | more than 6 years ago | (#22079312)

The Law has never been about logic and reason, and as The Law intersects more and more with technology, we shall see even more of this type of tomfoolery.

To expect a Judge to be able to understand one iota of network technology is is simply expecting too much. A Judge that tech savvy would not be a Judge for very long!

I suspect many wind up in Law and various civil servant positions precisely because they fail at technology and understanding it.

Being a Judge comes under the rubric of:
If you're smart enough to do the job,
You're not dumb enough to do the job!

Re:Why am I not suprised? (5, Insightful)

plover (150551) | more than 6 years ago | (#22079724)

That's not at all true. The judges I've had dealings with have been damn smart people.

What you're forgetting is that in most court cases, the defendant is there for one of two possible reasons: they really weren't responsible, or they were responsible but are now lying about it. And the plaintiff or complainant is there to make sure something "legal" happens in their favor, and they're not above lying to get their desired outcome, either. Usually there's a lot of both. That means the judges are professionally sitting at the mouth of a never ending river of bullshit, and they have to keep control of the situation.

It's not that judges can't or refuse to understand the technology; it's that the cases are about the people, which is where their focus must remain. The computer didn't act of its own accord. It operated under the direction of its owner. The question of "was there malicious intent?" has nothing to do with DNS or any other logic-based technology and everything to do with the two guys standing in the courtroom.

A bit like door locks? (1)

91degrees (207121) | more than 6 years ago | (#22079336)

A door can be set to allow visitors to enter or block them. That the owner of a house could configure his door to allow visitors to enter and then claim such entrances are trespass is simply stunning.

I'm not saying this is the case, but it's possible the server was misconfigured, and it's possible that the "hacker" knew it was misconfigured but took advantage of this.

Re:A bit like door locks? (1)

jimicus (737525) | more than 6 years ago | (#22079374)

It's still theft if someone steals from your house while you left the door open.

Re:A bit like door locks? (1)

TheCRAIGGERS (909877) | more than 6 years ago | (#22079566)

It's still theft if someone steals from your house while you left the door open.
It's also illegal if I burn your house down. However, both these statements have no connection with what the GP's point was. What was stolen in TFA?

Re:A bit like door locks? (0)

Anonymous Coward | more than 6 years ago | (#22079746)

Bad analogy and you know it. How about a garage sale with a sign reading "every piece $0". Still theft?

The sole purpose of a DNS server or web server is people accessing the information.

Re:A bit like door locks? (0)

Anonymous Coward | more than 6 years ago | (#22079786)

Try claiming that on your theft insurance for someone you invited into your house though... hah!

Re:A bit like door locks? (0)

Anonymous Coward | more than 6 years ago | (#22079816)

But try and get your insurance to cover it.

How would he obtain permission to access it? (2, Funny)

Rogerborg (306625) | more than 6 years ago | (#22079338)

He can't email them, because clearly that's zomg h4xx0rz1ng their email server.

Earful (1)

unchiujar (1030510) | more than 6 years ago | (#22079384)

One should send all the comments on this article to the judge (yes the goatse.cx links also :) ).

an old proverb (3, Funny)

tylersaurus (1221772) | more than 6 years ago | (#22079394)

Those who can: write code. Those who can't: write laws.

Can you imagine if every politician in the house and senate knew how to program? Granted a good portion of them would still be writing awful spaghetti code... but for the most part at least they would not be able to compile it.

Re:an old proverb (1)

Crane Style (1196643) | more than 6 years ago | (#22079998)

Yes because unless you know how to program you can't understand the finer details of the tubes..........

Purpose is important to the law. (0)

Per Abrahamsen (1397) | more than 6 years ago | (#22079436)

Zone transfer is not illegal in itself, zone transfer for certain purposes are illegal.

The law of Survival of the Weakest (1)

malkavian (9512) | more than 6 years ago | (#22079448)

It seems more and more that the Law is heading towards penalizing anyone that employs some knowledge in the technical arena that worries people who don't understand it.
The end result is that people in the countries where the laws preventing basic (and in some cases slightly cavalier) activities becomes a criminal offense, thus dissuading a large amount of the indigenous populace from testing the limits themselves (without doing hard time/losing the shirt).
Net effect: Foreign countries that are immune from prosecution by the Law of the Land have a huge advantage, as no well meaning "White Hat" can help a company shore up its defences. There is no adaptation and evolution of the security mechanisms.
If some group then decides en masse to perform some disruption, the security is far less than it ever should be (i.e. non-existent). Resulting in huge damage to the infrastructure (possibly unrecoverable).

Not to say this is new behaviour; back in the Medieval period, distinctly unpleasant lords would 'shoot the messenger' when soldiers disagreed with their defence arrangements. However, historically, the bloodlines of these particular lords were thinned out as their defences were overwhelmed in battle and they were slaughtered.

Not that I'm making any predictions, I just think it's an interesting historical trend.

Computer systems vs human systems (4, Insightful)

mlwmohawk (801821) | more than 6 years ago | (#22079462)

What I find interesting is that "computer systems" i.e. networks, disk drives, files, etc. ae well understood by us computer folk. What is "obvious" to us has come from a lot of experience and learning. More over, in constructing things like the internet, we develop a lot of "rules" that make sense within this context.

In the non-nerd world, a lot of the rules created by us nerds run afoul of what most people expect. DNS is a perfect example. To us, it is MADE to serve data. If you put data into DNS, you've made it public. To the rest of the world, however, that doesn't make sense. Its the same issue with HTTP. We see putting stuff on a web site as making it public, but non-nerds see things like deep linking a violation of their site because it does not promote the interaction they expect (viewing ads etc.) and have invested in. To them, you are circumventing their revenue model.

I'm not 100% sure we're 100% right. I don't think we are wrong in our views, but I see the gray area between the two.

Re:Computer systems vs human systems (2, Insightful)

pla (258480) | more than 6 years ago | (#22079810)

I'm not 100% sure we're 100% right

Since we made the whole damned ball of wax for our own amusement, and Joe Public decided to tag along for the free porn, I'd have to say that yes, only the geek interpretation matters. Joe can thank us (as can the Hunters of Commerce who hungrily stalk Joe and his kind), but his "interpretations" of the scenario simply do not matter.

If you don't understand the rules of poker and try to play, you'll go home shirtless. The same idea applies here. If they want into our game, they'd damned well better learn the rules before playing for anything more than token plastic chips.


The only "crime" here results from a judge who doesn't understand that DNS servers exist to serve, unless told otherwise (a not difficult task). Yes, you could say the defendant "harassed" the company - Which the company could have stopped with one line in a config file.

Re:Computer systems vs human systems (1)

mlwmohawk (801821) | more than 6 years ago | (#22080110)

Since we made the whole damned ball of wax for our own amusement,

This is a far cry from true. A lot of the things *we* did we did on university, government, and corporate moneys.

Re:Computer systems vs human systems (1)

nomadic (141991) | more than 6 years ago | (#22080246)

Since we made the whole damned ball of wax for our own amusement, and Joe Public decided to tag along for the free porn,

Alright, first of all unless you're one of a very small number of people, you didn't help make the internet. You can't take credit for something that someone else did, chances are before you were born. Secondly ARPAnet/the Internet were created because of Joe Public's tax dollars. Joe Public paid his dues, and the whole ball of wax belongs to him as well.

Re:Computer systems vs human systems (3, Interesting)

cyxxon (773198) | more than 6 years ago | (#22079828)

Well, yes, you are right with what you wrote, but you basically forget the IMO most important angle: "we techies" invented this shit so that it gets used the way we want it. "They" only hopped on, and actually built e.g. their websites in "our" realm. Then, all of a sudden, they realize that our realnm has some consequences that they didn't foresee (for failure to understand the concept, or most often just simply for failure to try to do so), and begin to sue and badmouth those that are leftovers from the original phase, or those that adhere to the original philosphy.

In this case (ignoring the fact that the defendant already had an injunction against him) the operators could probably have prevented their DNS server to serve this data (probably, as I am not an admin in this area). In other cases, such as deep linking, well, it is a little rougher, but they could for example not use frames, but good page layout, which automatically shows all their ads in the standard headers and such, or make stuff password protected, or use .htaccess to redirect requests that go straight for their meat back to the frontpage, just like many free image hosters do now for hotlinking. But no, they just decide to litigate...

Re:Computer systems vs human systems (1)

mlwmohawk (801821) | more than 6 years ago | (#22080148)

"we techies" invented this shit so that it gets used the way we want it.

"we techies" certainly didn't/don't pay for the infrastructure. Government, university, and corporate money developed the hard infrastructure of the internet. Much of the software development was directed and funded.

It isn't "our" realm. It may have been our genius that created it, but it now belongs to everyone, and with that, comes cultural differences. The internet neighborhood is changing. Like it or not, other people's views and opinions have to be heard.

It ain't Darpa any more.

How can it be wrong if it feels so right? (1)

Crane Style (1196643) | more than 6 years ago | (#22079780)

The judge just amended the definition of "unauthorized" to include public internet servers that were expressly configured to provide info to anybody who asks for that info.
I'm breaking the law right now reading this article..........I think I'm going to grease back my hear and roll my carton of cigarettes up in my sleeve. I'm a bad man.

Re:How can it be wrong if it feels so right? (1)

atomic-penguin (100835) | more than 6 years ago | (#22079942)

I think I'm going to grease back my hear and roll my carton of cigarettes up in my sleeve. I'm a bad man.

A whole carton? Damn, those must be some big sleeves!

Re:How can it be wrong if it feels so right? (1)

BlueStrat (756137) | more than 6 years ago | (#22080130)

...and roll my carton of cigarettes up in my sleeve. I'm a bad man.

You must certainly be a bad man if you have arms large enough to roll an entire carton of 10 packs of smokes up in your T-shirt sleeve!!

Cheers!! (and please don't hurt me!!)

Strat

Clearly, computers operate themselves (1)

Celarnor (835542) | more than 6 years ago | (#22079856)

Ritz was not an authoritative name server, a DNS server, nor any kind of computer at the time he accessed Sierra's computer. Ritz has never been an employee, agent, or network administrator for Sierra.
I'm usually not a computer the times I access other computer. I mean, there was that time when I was assimilated, but ...

What? (0)

Anonymous Coward | more than 6 years ago | (#22079926)

I don't understand, can anyone put it in terms of tubes or trucks?

Best. Ruling. EVER! (5, Interesting)

InfinityWpi (175421) | more than 6 years ago | (#22079932)

Why the hell aren't we celebrating this, people? Okay, for DNS, it sucks... but look at it this way...

It doesn't matter if you set up your system to 'automaticly' share the files you just downloaded... people who accessed them did so without authorization. It can't be considered 'sharing' if you didn't authorize people to download them from you... could this ruling be a tool agaisnt the MAFIAA?

A human analogy (3, Insightful)

oz1cz (535384) | more than 6 years ago | (#22079956)

I can lock my house, but even if I do not do so, you will still be trespassing if you enter my house.

Re:A human analogy (1)

jimmypw (895344) | more than 6 years ago | (#22080108)

Thats entirely different your house was/is/will never be public. DNS servers accessable from the internet are public. It is then down to the administrator exactly how public they are. Yes you can restrict transfers to certain IP's yes you can use TSIG authentication and yes you can use both thats perfectly acceptable.

A better analogy (1)

kalirion (728907) | more than 6 years ago | (#22080270)

I can tape a poster of my wife naked to the outside of the front door, and anybody who looks at it is invading her privacy.

Obviously hypothetical as.

Let the slashbots loose (0)

Anonymous Coward | more than 6 years ago | (#22080048)

http://www.casscountynd.gov/ [casscountynd.gov]

Good thing I'm from the OTHER Dakota (1)

demon (1039) | more than 6 years ago | (#22080090)

I'd be embarrassed to be from there right about now.

Is the Judge living in the New Lakota Nation? (0, Offtopic)

myspace-cn (1094627) | more than 6 years ago | (#22080098)

Our government is completely fucking out of control in the United States.

I wonder if that judge is living inside the new Lakota Nation?
If so his bullshit fucking (fuck the common sense) laws no longer apply.

http://users.dma.ucla.edu/~estevancarlos/images/lakotanation.jpg [ucla.edu]
http://en.wikipedia.org/wiki/Lakota_Nation [wikipedia.org]

Hey guys? (1)

thegnu (557446) | more than 6 years ago | (#22080258)

You can all use my DNS servers. Like, whenever you want. It's cool.
-thegnu

It gets worse. (1)

Minwee (522556) | more than 6 years ago | (#22080276)

According to the Findings of Law [spamsuite.com] , item 31, he is guilty of using the name "Bastard Operator From Hell" when his name is really David Ritz.

You just don't do that in North Dakota.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>