Fired, yes, but it is NOT a CRIMINAL offence, unless you do something like illegally break someone's password to do it.
However, other web sites have had services to help people sneak on in violation of company policy. There is one subscription anonymity service, that I use to be able to circumvent geographic restrictions on Capital FM in London, or Clear Channel and Pandora in the U.S., that is also aimed at people wanting to ciircumvent company policy, and there are no shortage of people people a minumum of $28 per year for the service. What this one companyh is doing is NOT illegal in Ensenada, Mexico, where they are based, so they can LEGALLY sell their services to anyone in the world they wish, and they do.
Wrong, stealing company resources is criminal in some areas. Turning in time that wasn't worked is actually stealing in many countries, that's criminal.
Keep telling people that they can't be detected and when someone gets fired for it you might just end up on the wrong side of legal case.
And do you believe that "because someone else does it" that it's a valid way to excuse you for being unethical? Every hear the "if someone jumped off a bridge would you?"....
Face it, you keep trying to defend your unethical actions and your unethical practices.... You're just unethical, face it, don't deny your foundation, you've clearly said you support violating company policy for personal reasons.
USA: Computer Fraud and Abuse Statutes, Title 18 Part 1 Chapter 47 section 1030
(a) Whoever-- (4) knowing and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value [...]
Note: use of a telecommunication service to receive information -would- be considered a "thing of value".
Note: if you haven't been authorized to access arbitrary outside services, e.g., if you have violated a company security policy, then that falls under "exceeds authorized access".
Canada: Canada Criminal Code (C-46) 342.1(1) Every one who, fraudulently and without colour of right, (a) obtains, directly or indirectly, any computer service
If you read the whole of the Canada Computer Security Act, you will find that the key to the act is whether permission for the access was obtained *in advance*. In Canada, there is NO defence for "innocent infringement", NO defence for "I thought it would be okay" or "I didn't realize that there was an actual law about it!": in Canada, if you access a computer and you didn't get explicit permission
-before- the attempt to use the computer in that particular way, then you have likely violated the Canada Criminal Code.
You'd be surprised at what is illegal in some countries.
For example, if you live near a radio station, you can power a lightbulb simply by connecting it to an antenna. Illegal? Maybe not where you live - but in Germany a law was specifically created for "stealing electricity", after somebody used an antenna to get power to light a small garden shed back in the 1930s...
However, I have got a NEW trick up my sleave, which some people seem to be ignoring in my posts. I created a subdom,ain, under my domain, and have it pointed at the server that server I am currently assigned to on the Live 365 network. Since the Live 365 players, both the web-based player application and the Radio 365 client, use the raw IP number to connect to a station. By creating a subdomain and pointing it at the IP for my station, this will thrown filtering software for a loop, when it goes to do a lookup on the IP to see if its in any banned domains. What will happen now is that it will see my domain, instead of live365.com, and allow my station through, as well as any other Live 365 stations operating off the same server (they have about 100 servers), even when the rest of Live 365 is blocked.
And contraty to what some people might think, it is NOT illegal in either Australia (where my radio station is based), France (where my web server is based), OR in the United States (where Live 365, my streamingf provider, is located), to subvert filtering software in that manner.
Because of this, I can take down all the information I previously had on subverting filtering systems, because I do all the leg-work, and what I do will now be INVISIBLE to users AND their network admins.
If the filtering software FAILS to block my station, becuase it sees my domain, instead of the live365.com domain, then said employee CANNOT be charged with ANY crime. If the filter fails to do its job and block my station, then the employee CANNOT be held CRIMINALLY responsible in ANY country. And creating a subdomain with the purpose of subverting filtering systems does NOT violate ANY law, in ANY country.
Again, you're missing the point, the connection is EASY TO SPOT and it will only take a few minutes to report it as a site to block to the companies that build such lists.
No matter what you can think of in that unethical mind, people like me, and even ones smarter, can block access to your crap from the networks we design and in most cases we don't have to do anything extra. In all cases, on our network, all sites except direct business partner sites are blocked - so, that really throws a wrench in your plan....
Get ready for the admins WORST NIGHTMARE, coming up in about
20 months, at the World Figure Skating Championships, in 2009. Any why do you ask? Becuase U.S. Figure Skating is currently shopping for a company to provide exclcusive online video coverage for major events in the U.S., of which three scheduled, leading up to the 2010 Olympics in Canada. Skate America 2007, the 2008 North American Championships and 2009 Worlds are scheduled to be in the U.S.
There are several companies competing for the rights to provide a SECURE online video transmission of these events. Based on what will be speficially required, I see the encrypted video transmission of whoever gets to do this being UNDETECTABLE and UNSTOPPABLE by network admins, and when the 2009 World championships come around, I would expect that anything that takes place during the workday anyway to bring corporate networks all over the place to a grinding halt, as employess all try to log on to the transmission, and network admins start tearng their hair out to figure out how to stop it. My station is looking into bidding for the online video rights as one of the feeds we use for live audio can also transmit secure video as well. Its just a matter of connecting a camera to our network, and changing a few settings on that program, and we will be transmitting encrypted and secure video that cannot be cracked, ananlysed, monitored, detected, blocked, or sniffed.
WHOEVER gets the online video rights for the afforementioned figure skating events will quickly become the WORST NIGHTMARE for corporate network admins all over the globe, when whoever gets the rights puts out a secure transmission that cannot be detected, cracked, analysed, monitored, cracked, or sniffed.
Our radio coverage of the Pan Am Games (which we do becuase there a few Commonwealth nations in the event) has been bringing in more listeners since I invoked my trick to throw the all the filteirng programs for a loop. I have been in Rio for the Pan Am Games for the past few days. When we go live with our coverage, I can say that the number of workplaces tuning in from the the United States and Canada go through the roof, mostly due to the fact that I have thrown all the filteirng programs for a loop with my little IP lookup trick. And as of right now, my domain is NOT in any of the block lists of any of the major filtering providers, I just checked, so my station can still be heard in the majority of workplaces around the globe.
In fact I have seen a lot of listenership coming from an open proxy in Oman, and from an open relay in the Phillpines. The Phillpine proxy is now on a few Spam blacklists, becuase people have apparently sent a lot of spam from there. I Googled the address and it is in a lot of Spam blacklists.
As for the Oman address, when I Googled that one, I found it is one several addresses owned by a company that has its own anonymising service, which they specifically advertise is allowing you to get past even the most restrictive of firewalls at work or school, and touting their 128-bit encrypted, so your connection cannot be monitored or sniffed. Based on what this one company I just found offers, even the restrictive firewalls you design could be breached by this one new service. They even say that attempts to monitor you "would only yield heavily encrypted, useless data", in the words of the company.
So in short, person or persons unknown are connecting to me through this heavily encrypted anonymisation service, and could even be doing it from behind YOUR restrictive firewall, right under your nose, and you would not even know what they were up to, other than they they were sending heavily encrypted traffic to a strange address in Oman.
There is no such thing as undetectable -- I might not know WHAT all this bandwidth is, but I'll know what it isn't. Specifically, it isn't business legitimate traffic.
Get ready to not be connected to from properly firewalled networks, there is nothing users inside a properly secured network can do about it
- encryption or not, they can't connect to you if they can't connect to proxy type services and they are easy to block. As a matter of fact, you keep suggesting that encryption has something to do with hiding that the person is connected - you keep failing to understand that a SSL connection stands out like a flare in the night and so do most other connections. The content doesn't have to be know, just that it's not an approved connection point, that's all it takes to fire someone for violating company policy.
Wait till one of these fired people comes after you for the lies you are telling them.
You are completely wrong, they can't connect through ANY service to you from ANY of our clients, it's not possible, but you can't seem to understand that for some unknown reason.
Why don't you ask your technical people how users are doing to connect if they can only connect to approved sites?
He tried this same spew last year, saying that it can't be detected, can't be seen, etc... each time he's proven wrong, exposed, shows his unethical head, he just comes back with another stupid path that is even more wrong than the last.
That's like saying that if your front door lock is pickable by the properly shaped jimmy, that unlocking it is not a crime.
Have another look at my prior posting today. USC 18 1030(a). Exceeding authorized access is a US Criminal Offence. "Authorized access" is defined by the company published security policy, not by which technical measures can be sidestepped.
Indeed, as long as there were -some- elementary security elements in place (so that the systems do not fall under the public-place kiosk exemption), then the published security policy is *all* that is required, and even if there are -no- technical counter-measures at all, exceeding one's authorized access would be a USC 18 1030 violation. Technology does not define authorization: policy does.
However, my latest IP trick I mentioned up thread, that throws filtering programs for a loop, is the most effetive I have found. It also does NOT break ANY laws, in Australia, Germany, France, Austria, Britain, or the United States. There is NO law against subverting filtering, by registering a domain, creating a subdoman, and pointing it at the IP that Live 365 currently has my station assigned to. "Spoofing" filtering software, such as Websense, Surftcntrol, etc., to let users get past filtering does NOT violate ANY laws in the afforementioned countries. I also do that for the chat room I run for my site. I created another subdomain, and pointed it at the chat server that is hosting my chat room. Then all any users have to do if they want to access my chat server from work is to simply use the raw IP number, and they get through. Becuase the filter simply fails to do its job, neither myself, nor the users, that do this, can be held liable under ANY laws, by ANY company, whose filtering system fails to do its job and block me. It would be risky to fire someone just because the filter failed to do its job and block either my chat room or my radio station, becuase they would NOT be using ANY circumvention tools.
But they do NOT have to use ANY circumvention tools, or "pick" ANY electronic locks.
But they do NOT *HAVE* to sidestep ANY technical measures on their part. I have already done FOR them by creating a subdomain and pointing it at the IP assigned to my radio station. Since they are not using ANY circumvention tools WHATSOEVER to sidstep ANY tehnical measures. All they have to do is start their web browser (or the Radio 365 player, if they have it installed), and just "plug and play", as they say. *I* have done the work of subverting most filtering systems with my subdomain trick. Because Live 365 does sometimes randomly assign you to another IP, I just have to keep on top of that, and redirect my subdomain, as is needed
To "exceed authorised access", you would have to do something like break a passoword to get it. If what you are doing is NOT password-protected, then "exceeding authorised access" DOES NOT APPLY. If the filteirng software fails to do its job, then you CANNOT be charged with a crime, becuase it would be assumed to be authorised access. The law ONLY applies if you gain access to a site that you KNOW has been blocked. If the site is acessible WITHOUT the use of open proxies, anonymity services, or ANY circumvention tools, then it is considered authorised, under the law, and is NOT subject to ANY criminal or civil liabiliy.
Just like if you have an open relay on your computer, and someone uses it to do something illegal, it is YOU that will be in trouble for it. Why? Becusae you have an access point that is NOT password protected, then it is considered PUBLIC under the law, and YOU are legally reposible if someone does something illegal through your computer. That is the one risk of having open relays on your machine.
Right now I am sitting back and ENJOYING the increased listenership to my radio network that my IP trick has created, NO circumvention of technical measures needed on the part of the user, so NO risk of civil or criminal liability to the user.
If you think moving IPs and domains is all it takes, you're even more deluded then you let on...
You would be incorrect.
USA: Computer Fraud and Abuse Statutes, Title 18 Part 1 Chapter 47 section 1030
(a) Whoever-- (4) knowing and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains
In other words, the user could well be attested if they were informed that such behaviour is not permitted.
Not risky at all, that's what a network use policy is for. As long as it excludes all activities by default, then includes activities which are business functions, anything outside of the scope is forbidden.
More importantly, why would a filter allow you to connect just because it doesn't know your IP? It's trivially simple to lock down a network to only allow access to IPs or hosts specified in advance, specifically, those with a legitimate business need.
The fact that people *are* accessing it doesn't mean it's allowed, or that anyone has tried to stop it. When I worked at an ISP, we had literally all the bandwidth we could dream of, and so there were no bandwidth related restrictions.
At my current job, we are extremely bandwidth limited, so there are restrictions in place -- There are very few technical filters at all since we need full internet access to do our jobs (we're a software development and support organization, with all but one of our products being in the e-mail field, being able to connect to client's servers is mandatory to do the job of anyone in the company other then perhaps sales, marketing, and administrative staff), yet you can easily be fired for streaming (and a couple people were written up over it -- Both now bring their music and videos from home, and no one complains)
On MY end, though, *I* would *NOT* be criminally liable, because I am PAYING GoDaddy for the right to use my domain, and I am PAYING Live 365 a big chunk of money per year (annual subscrption) for the right to broadcast through their servers, so registering a subdomain and pointing at the Live 365 server to which my station is currently assigned does NOT violate in laws, in either Australia (where my online radio station is based), France (where the server for my web site is currently located), nor the United States (where Live 365 is located). As long as *I* am paying for the domains, *I* am paying the licensing fees (to the appropriate copyright authorities), and *I* am paying Live 365 for the right to broadcast through their servers, there is NO LAW in any of the afforementioned countries that prohibits me from registering a domain, and/or pointing any part of it to the server currently assigned to me by Live 365, and there is nothing under the Live 365 AUP banning it , as long as I have listeners connect by either the Live 365 web-based player, or the the Radio 365 client app. So what *I* am doing is *LEGAL* on MY part, under Australian, French, and American laws. If the filters fail to do their job and block me, then I CANNOT be held criminally or civilly liable in ANY of the three afforementioned countries.
If I am duely authorized person at a company, and I publish a security policy that says,
The only internet site that you are allowed to access is
formatting link
then any access to any other site is unauthorized access, whether or not there are technical measures that block access to -anything-. "Authorized" under US and Canadian law do not mean "Whatever you can trick the system to get away with": they refer to established policy.
Not under Canadian law. C-46 342 . There is no presumption of authorization of access under Canadian law: instead, under Canadian law, the presumption is that all access is UNauthorized unless prior permission has been explicitly granted. Yes, this *does* mean that if I create a web site in Canada and someone accesses it without my having (somehow) invited them to, that that access would be a violation of the law, even if the web site is on the standard port and has no "Go Away!" marking on it. The law is not written in terms of technology and sophistication of counter-measures and so on: the law is written in terms of permission, and in Canada there is no implicit permission.
Under that logic, if you have an unpatched security hole, then whatever that can be parleyed into would be "public" access and so legal. That interpretation has no legal foundation in Canada or the USA: if you haven't been given permission for what you are doing, then it is not legal.
If you leave your car unlocked and the key in the ignition and the car running, and you step into a store, and while you are in the store someone unknown to you drives your car around the parking lot and returns it before you get back, then as far as the law is concerned, the perpetrator stole the car for that period, no matter that they returned it or that you weren't using it then or that you hadn't protected it: the theft occured at the moment of the usage without prior authorization, and "car left running" is *not* authorization.
But if someone asks you how to get around their company's security policy so that they can listen to your station, and you provide them with that information, and they do then listen, then you would risk a count of conspiracy to violate USC 18:1030 (if the access was from the USA.)
"Walter Roberson" wrote in message news:GFVpi.7077$fJ5.4602@pd7urf1no...
However, all I would have to do is regularly use Evidence Eliminator on my computers, to DESTROY any evidence on my hard disks of what I have done (which I ALWAYS do, before I travel to the United States, because the ICE is scanning a lot more hard disks now that the 9th circuit has allowed the practice). Any evidence against me would be UNRECOVERABLE from any computers I bring into the United States. And with all the malware out there that can bring things like warez, illegal p*rn, and the like onto your computer without your knowldge, it is a good idea to scrub your hard disks before attempting to enter the United States. That has become policy at our station now, to do a session with Evidence Elminator, set at *MAXIMUM DESTRUCTION*, before any travel to the United States is attempted. This will assure that Customs will NOT be able to recover ANYTHING that might get me arrested upon entering the United States. Like I said, with all the malware that can put stuff like warez, illegal p*rn, and the like on your computer, it is a good idea. Our procedure is to first ghost the hard disk to get rid of any malware that is there, and then do a session of Evidence Eliminator set to the maximum amount of destruction possible. At this setting, it usually takes EE about 24 hours to do its job, but when its done, even top-of-the- line forensic software, which costs the FBI US$7000 per user licence, cannot recover anything, and I can have piece of mind that if my computer equipment is scanned by ICE, upon attempting to enter the U.S., that they will get NOTHING that could EVER be used against me in a court of law.
When I travel from Havana (where I go next week) to a skating event in Canada the week after next, I will be doing this, so that if the aircraft DID have to make an emergency landing in America, and Customs decides to scan my computers, they will get nothing. I also do this on flights where the flight path either flies over U.S. territory, or is any U.S. airports are on the list of "alternatte" airports in the event of any inflight emergency (this also includes domestic flights in Canada, Mexico, and Cuba)
You also make one good point that you never KNOW what law something on your computer might be breaking, in increasingly fascistic America, which is why I do a session of Evidence Eliminator at the MAXIMUM level of destruction, before attempting ANY travel either to, or through, the United States.
Using it might well have saved my ass on at least ONE occasion in 2004, when I was in the U.S. for a figure skating competition, and someone, from back home in Australia, accessed my computer, and created a "repository" for Australians to download a few banned films and video games, including the p*rn flick Ken Park, which is banned in Australia. Before returning to Australia, I ghosted the machine to get rid of the offending material, and then ran Evidence Eliminator. When my disks were scanned by Customs in Australia, upon my return, they got NOTHING, and I was allowed to re-enter the country without any further problems.
Becuase someone found a hole in the machine I was using, and loaded all that Australia-banned material on it, and there was NO password protection on the access they found, I would NOT have had ANY legal grounds to track down and prosecute the perps (whoever they were) under either Australian OR American law. The ONLY remedy I could take was to OBLITERATE the offending material from my hard disks. with Evidence Eliminator, before attempting to return to Australia with the station's computer equipment.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.