I agree with you on the point that a student at the university probably has no reason to scan you. Though you're so adamant about it, I wonder if you're trying to hide something. Obscurity is not Security.
What I do not agree with is what you propose as a solution. Shutting down a user's account becuase it was used for a port scan is simply wrong. First, the owner of the account was mostlikely not the person resposible for the scan if they had any intent of cracking your computer. Second, even if the owner of the account was responsible for the scan, it might very well have been done by accident while trying to scan something else.
A policy such as you proposed, would in no way stop scanning from student accounts. Morelikely, the policy would be used as a means of revenge by crackers against particular students.
There is a difference between checking if someones door is wide open and wiggling the doorknob to see if it is unlocked.
Port scanning is more like the former, you look and see if someones door is open or closed. The door might be open because, someone wants you to come in, for instance port 80 at 64.28.67.48 (slashdot.org)
wiggling the doorknob would be equivalent to checking to see if the sysadmin used 'god' as their password for 'root' or worse simply doesn't have a password.
My biggest fear from this bill is how it might effect the little guys.
For instance, I have a web site myself. On it I have a webboard and a mailing list signup, each of these collect user information such as the user's name and email address. Also, I have several shockwave games here and we log connections to these as well. All this stuff is offered free to use by anyone on the web.
But, I also offer my services as a freelance shockwave developer and advertise this on my site.
I worry that as a result of my offering commercial services in addition to the free ones, I may be considered commercial according to this law and could be sued if someone visiting my site misuses information found there which I wasn't even responsible for posting.
So services, I set up so that others could voice their opinions or recieve information about new games I created might have to be removed from my site just because I can not afford the amounts of money required to improve my security to what the bill defines as a 'satisfactory' level.
People need to remember that information is information regardless of how it is stored. Whether it is added to a database when you fill out a form or is included in a comment you post to Slashdot because you typed it in by hand, it is still information which could be misused.
I only hope that our freedom to speak our minds on the Internet will not be too badly hurt by this bill.
I guess you didn't read your history very well. If you did you might remember that Hilter had the Pope's blessing for a while. A lot of people joined the Nazi Cause because it had God's blessing. They were doing God's will. As far as the 'white-coat guys' are concerned, who is being more amoral? Them for developing our understanding of our own genetics, or you for labeling them as being amoral and having bulging brains? As far as I'm concerned, it is not the scientists who need to understand the consequences of their work but rather the rest of us. We are the ones who will inevitable decide how this technology will be used.
Slashdot Mirror
I agree with you on the point that a student at the university probably has no reason to scan you. Though you're so adamant about it, I wonder if you're trying to hide something. Obscurity is not Security.
What I do not agree with is what you propose as a solution. Shutting down a user's account becuase it was used for a port scan is simply wrong. First, the owner of the account was mostlikely not the person resposible for the scan if they had any intent of cracking your computer. Second, even if the owner of the account was responsible for the scan, it might very well have been done by accident while trying to scan something else.
A policy such as you proposed, would in no way stop scanning from student accounts. Morelikely, the policy would be used as a means of revenge by crackers against particular students.
There is a difference between checking if someones door is wide open and wiggling the doorknob to see if it is unlocked.
Port scanning is more like the former, you look and see if someones door is open or closed. The door might be open because, someone wants you to come in, for instance port 80 at 64.28.67.48 (slashdot.org)
wiggling the doorknob would be equivalent to checking to see if the sysadmin used 'god' as their password for 'root' or worse simply doesn't have a password.
At least, that is how I see it.
My biggest fear from this bill is how it might effect the little guys.
For instance, I have a web site myself. On it I have a webboard and a mailing list signup, each of these collect user information such as the user's name and email address. Also, I have several shockwave games here and we log connections to these as well. All this stuff is offered free to use by anyone on the web.
But, I also offer my services as a freelance shockwave developer and advertise this on my site.
I worry that as a result of my offering commercial services in addition to the free ones, I may be considered commercial according to this law and could be sued if someone visiting my site misuses information found there which I wasn't even responsible for posting.
So services, I set up so that others could voice their opinions or recieve information about new games I created might have to be removed from my site just because I can not afford the amounts of money required to improve my security to what the bill defines as a 'satisfactory' level.
People need to remember that information is information regardless of how it is stored. Whether it is added to a database when you fill out a form or is included in a comment you post to Slashdot because you typed it in by hand, it is still information which could be misused.
I only hope that our freedom to speak our minds on the Internet will not be too badly hurt by this bill.
I guess you didn't read your history very well. If you did you might remember that Hilter had the Pope's blessing for a while. A lot of people joined the Nazi Cause because it had God's blessing. They were doing God's will. As far as the 'white-coat guys' are concerned, who is being more amoral? Them for developing our understanding of our own genetics, or you for labeling them as being amoral and having bulging brains? As far as I'm concerned, it is not the scientists who need to understand the consequences of their work but rather the rest of us. We are the ones who will inevitable decide how this technology will be used.