Archive of UserLand's first discussion group, started October 5, 1998.

Security holes, Law, and Control

Author:Ernest Argetsinger
Posted:5/10/2000; 10:12:03 AM
Topic:Security holes, Law, and Control
Msg #:17159
Prev/Next:17158 / 17160

I'm just not very excited about the latest web security crisis, whereby malicious server-side code can exploit web-based tools.

Nothing functionally prevents this, apparently, to which I say, "So what?"

IMHO, the relevant question is: would such an act be illegal? Probably. It comprises identity theft, if nothing else, and a creative prosecuter could probably bring in some felony wiretapping offenses or the like. So the exploitation of this "security hole" is procedurally prevented by society. Isn't that enough? It's traceable, too, because it's an attack from a web server.

A metaphor: when we shop at a brick and mortar store using paper money, who is more liable to get counterfeit money? Either the proprieter or the customer could pass the other funny money. Both would be committing an illegal act, and one is much much easier for the secret service to track down and prosecute.

Let's look to the law to fix this "hole". If it isn't tough enough, we make it tougher. Sometimes, a procedural control is better than a functional one.

e.

There are responses to this message:

This page was archived on 6/13/2001; 4:55:09 PM.

© Copyright 1998-2001 UserLand Software, Inc.