In reading this:
http://www.spamsuite.com/node/351 which elaborates futher on the case it would appear that the ruling really swings off these three findings:
Quote:
8. The intended purpose of a zone transfer is primarily one of redundancy. Zone
-3-
transfers are the means by which a primary authoritative domain name server copies the domain structure to a secondary authoritative domain name server for the purpose of redundancy. Generally, both of those servers pertain to the same domain. In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server. A secondary intended purpose for zone transfers is to permit trouble shooting in which case zone transfers may sometimes be undertaken via the manually conducted host -l command. In those instances, however, the person conducting the diagnosis acts with the authorization of the operator of the system and is usually the network administrator for the system.
9. The evidence presented at trial produced no treatises or authoritative sources to suggest that any other intended purpose exists for a zone transfer. The academic and technical resources put in evidence at trial uniformly indicate that zone transfers have no intended purposes beyond those mentioned above.
10. The literature available on the subject all refers to access attempts such as the host -l command issued by Ritz under the circumstances of this case as "unauthorized." Microsoft itself, as well as various other, authorities all refer to zone transfers conducted by an individual other than the network administrator or an authoritative name server as "unauthorized."
|
Therefore the question of law at issue is one of authorised use of the tool. which given the evidence or lack of counter evidence shown would mean that the ruling is still in question.
I like the analogy that was posted in the blog below the decision:
Quote:
Here is an analogy of the zone transfer (correct me if you disagree):
A company has a large office building in downtown. The front doors of said building are open. Any citizen (employee or not) may walk into the front doors. Once inside, the citizen is standing in a lobby. This is a public waiting area.
There can be a security guard preventing further access into the building, or it could be unguarded allowing access. However, if there is an office directory hanging on the wall, telling who is in what office, the citizen may look at this because it is in the public domain. Using the information from this directory to commit a crime does not make the use of the directory a crime. And if the company did not want to let people know the information contained in the directory, they merely have to take it down.
Make sense?
|
I think that there are quite a few problems with the ruling and in particular the order below:
Quote:
|
12. Defendant Ritz is directed to immediately destroy any and all copies of Sierra's computers, websites, servers, network, or computer systems and any information about Sierra that are in their possession, whether such copies and information are in digital, electronic or physical form.
|
It looks like an interesting case notwithstanding the poor writing of the findings.