|
|
|
|
|
|
by Natsu
3675 days ago
|
|
|
I think we'd be better off if we were the ones suggesting ways to define unauthorized access. I've thought about this quite a bit and I posted something on that subject about a week ago with my own suggested definition thereof. Quoting from that earlier comment: ===== For 'unauthorized access' to a computer system you (should) need to knowingly access a protected system in a way not permitted by the rights granted to you by the computer system, or by deliberate deception of either the computer systems or people. So for 'knowing' we have to actually know (via banners, etc.) that we're somewhere we shouldn't be. For 'protected' it has to be actually protected (none of this "I found unprotected files lying around with no password" nonsense). The last two clauses cover privilege escalation attacks and social engineering. So it should matter if you're operating the system normally or if you accidentally just click/type something wrong and found your way in vs. you were deliberately hacking / social engineering your way in. I'd also add a safe harbor for anyone who in good faith reported the issue to the site operators, police, or government regulatory bodies to prevent reprisal like this ugly case. Sadly, I don't get to write these laws. |
|
|