Sponsor's Message

Well not really, but when an Aardvark reader alerted me to a gaping security hole they stumbled across in a locally operated website, I pointed my browser at the IP number they sent me and voila! There I was staring at a list of files I'm sure I shouldn't be able to see or download.

Was I trespassing?

Was I really "hacking" into the bowels of this website?

Hell no -- this is simply a hole in a really poorly configured webserver that anyone (even your mother) could accidentally stumble into.

Why don't site operators check the most basic security aspects of a site before they open the doors and invite masses of scruffy websurfers to their servers?

Earlier this week we saw that one of NZ's most notorious crackers, Jodi "Venomous" Jones, was slapped upside his head by Judge David Harvey for his misdeeds.

An interesting twist in this case was the statement by Crown prosecutor Simon Mount that there was little problem in bringing a successful prosecution against Jones using existing laws. So why is the Crimes Amendment Bill (CAB) still being pushed through parliament?

Readers Say (updated irregularly) Nothing Yet Have Your Say

The reason I ask is that, under the terms of the CAB, the mere act of typing' in a 12-digit IP number as described above, or just clicking the wrong link to someone's poorly configured webserver, could leave me liable to prosecution as a "hacker".

I liken this to walking up to someone's front door, knocking in the usual way, and funding that the door swings open -- having been incorrectly latched.

Is this "breaking and entering?" In the case of the CAB a case could probably be mounted that it is.

In the "real world" -- entering someone's house without permission (even if they leave their door open) and taking something is a crime that is easy to detect. "Hey Ma, where have the TV and VCR gone?".

In cyberspace however, an evil villain can rifle through all your files and download copies without the owner even being aware they have a problem. Short of trawling the sever logs for unexpected accesses, such crimes may go totally unnoticed.

What's just as bad is that if my fleeting visit to the site in question was logged, a silly, frightened systems operator may have assumed that I downloaded all the files when I simply checked to see if they were readable.

Odds are that I would then be required to prove that I didn't.

Be careful folks, accidentally mis-typing a URL could land you in very hot water once the CAB is passed.

Lighten Up
With the threat of terrorism still looming large in our every-day lives, this page offers some very sound advice that you might want to print out and carry around with you -- just in case.

Today's edition of Aardvark carries a security alert for users of Windows Me. If this scares you, why not upgrade to Windows RG?

And finally, here's a page for the women in the ranks of Aardvark's readers. Now doesn't that give you the warm fuzzies girls?

Contacting Aardvark
As always, readers are invited to submit their comments on material covered in this column. If you'd like your comments published here then please be sure to use this form and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!