Results 1 to 4 of 4

Thread: N. Dakota Judge rules that "host -l" command constitutes hacking

  1. #1
    Member
    Join Date
    Jul 2007
    Posts
    145

    Default N. Dakota Judge rules that "host -l" command constitutes hacking

    Thought you guys would find this interesting to read.

    A North Dakota judge issued a ruling in Sierra Corporate Design v. Ritz that has some pretty stunning implications about the use of the "host -l" command when accessing DNS records. In the judgment (which was prepared by the plaintiff's counsel and sent to the judge), the use of the "host -l" command is tantamount to computer hijacking and hacking.

    For the uninitiated, when using the "host -l" command on a DNS server, the user will receive a list (hence the "l") of all information pertaining to the domain's zone file, assuming it has not been protected. The same way WHOIS returns information on the owner of a domain, "host -l" returns information about hosts on that domain.

    And although this was a civil matter, this ruling could (and we stress could, no need getting ahead of ourselves) lead to "unauthorized" "host-l" usage to be deemed a criminal act, per North Dakota's computer crime statute.

    Before even discussing the merits (or lack thereof) of the case in question, this judgment just strikes us as uninformed, bizarre and wrong. The "host -l" command when accessing DNS records does not reveal any information that is not set for public display. The plaintiff's contention in this case was that the information obtained by "host -l," non-routable IP addresses, host names and domain registrations was not meant to be publicly accessible. Because the defendant was able to procure this information and published it in various USENET groups, the plaintiff claims that the act was a violation of the computer crime statute.

    Here's the problem: "host -l" will only show information that the administrator has allowed to be public. Just because it is a DNS command that many computer users are unaware of does not mean that leaving information that one wishes to remain undisclosed is safe.
    Some background on the case:

    Jerry Reynolds and his company Sierra Corporate Design has been a target of anti-spam crusaders, who were able to unearth proof that servers under his operation were responsible for (at the time) the majority of spam on the Internet. Reynolds response has been to sue his accusers for defamation (those lawsuits have been dropped due to lack of jurisdiction control of the defendant).

    In 2005, he filed a lawsuit against David Ritz, an anti-spam crusader, alleging that by publishing Reynold's server information, Reynolds business was compromised. Today's judgment awarded Reynolds (via his company) the full amount of actual damages (nearly $3000) and an additional $50,000.00 in exemplary damages.

    Again, even without discussing the merits of the actual lawsuit in the first place, ruling that using a command to access public information constitutes "hacking" if the command is unauthorized is completely and utterly wrong.

    While we can understand that it would be upsetting for information you think is private to be made public, ultimately it is the administrators responsibility to make sure that the information released under host lookup is information they want to be open to the public.
    http://www.downloadsquad.com/2008/01...tutes-hacking/

    What do you guys think about it? I think it's stupid WHOIS uses the same way!

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    It's Deja-vu all over again.

    This was posted yesterday.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Member
    Join Date
    Jul 2007
    Posts
    145

    Default

    Quote Originally Posted by streaker69 View Post
    It's Deja-vu all over again.

    This was posted yesterday.
    oh I figured it was new today, haha oh well

    i don't come in the gen IT discussion very often.

  4. #4
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Quote Originally Posted by unlazyfree View Post
    oh I figured it was new today, haha oh well

    i don't come in the gen IT discussion very often.
    Just Click "New Posts" instead of going through different areas.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •