self-destruction@xxxxxxxxxxx wrote: > New generations of teenagers will be scared of doing online > exploration. I'm not talking about damaging other companies' computer > systems. I'm talking about accessing them illegally *without* > revealing private information to the public or harming any data that > has been accessed. Even if rootkits aren't actually installed and information isn't actually revealed, the victim cannot be sure of that. Once they discover that unauthorised access has occurred, they have to act accordingly (e.g. notify customers, issue new cards, re-install the system etc). Anyone who manages to obtain unauthorised access may have already done harm, regardless of what (if anything) they do with that access thereafter. Regarding new "hacking" laws, a more serious threat to overall security is the idea of criminalising the posession of "hacking tools", which will make even legitimate pen-testing difficult. It may not be possible to simply outsource pen-testing to a country where such tools are legal (e.g. due to laws restricting the transfer of sensitive data abroad). -- Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx>
