Everhart, Glenn (FUSA) wrote:
>When discussing these things however I would recommend NOT using the term
>"honey pot" or anything else
>that suggests that the system has any kind of attraction for passers by,
>real or electronic.

One thing that might help is to continue describing honey pots as
a class of intrusion detection systems. In many cases, they are.
So you just pitch them as an IDS that logs a whole lot of stuff
for evidentiary purposes. E presto! :)

Seriously, though - in my various corporate doings I've had
more involvement with lawyers than I care to admit and I
have concluded that in general they are extremely conservative
beasts, trained to reflexively say "no" to anything that is not
compulsory. If you ask a lawyer if a honeypot is entrapment
they'll tell you "it could be! don't do it!" - see, until there's enough
case law out there that argues whether it's entrapment or not,
they're going to try to give you advice intended for you _not_ to
be one of those cases. Thus, the path of cowardly wimpiness
is enshrined as "the right thing to do." I believe there's lots of
case law that defines that the owner of a system can pretty much
do whatever they want with it, and under some rare circumstances
other authorized users of the system may have expectations of privacy.
Therein is the important point: someone coming into a honeypot is
not an authorized user. The fact that a door is tempingly left ajar is
NOT a defense for trespass any more than the fact that you're connected
to the Internet is a justification for being hacked. There's a lot of
blaming the
victim being done out there, but none of it has ever stood up in court.

Can anyone point to _one_ case where a hacker has pleaded entrapment
or gotten off because of the threat of such a plea? I'll be very surprised if
there is one, and until there's a preponderance of such cases I'll continue
to use my computers and networks as I (and my authorized users) see fit.
And you should do likewise.

I think I will call my honeypot a "packet pimp" -- is that entrapment? ;)

mjr.

---------------------------------------------------------------------
To unsubscribe, e-mail: honeypots-unsubscribesecurityfocus.com
For additional commands, e-mail: honeypots-helpsecurityfocus.com
---------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service
which automatically alerts you to the latest security vulnerabilities.
Please, see: https://alerts.securityfocus.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]