in reply to Automatic phish form filler

Is that any more legal or ethical than phishing?

If you want to write and post something, I suggest that you write something that can notify the hosting provider -- with human oversight.

Replies are listed 'Best First'.
Re^2: Automatic phish form filler
by Tanktalus (Canon) on May 07, 2005 at 21:11 UTC

    It's sort of like beating up the neighbourhood drug dealers in an attempt to pursuade them to stop selling drugs. It's not legal, although they're unlikely to turn you in to the cops, it's only ethical if you think that the ends justifies the means, and, most likely, all you'll end up doing is getting them to move on to new victims making them someone else's problem.

    But, for those with a mildly violent streak, it'll feel good while you're doing it ;-)

[reply]
      Without getting in to a legal debate since I'm not in any respects a lawyer, how on earth is giving random information to a random webpage on the internet illegal? Does that mean everytime you sign up for one of those ridiculous "phpbb" scripts and you aren't 100% truthful, you're breaking the law? I could see how falsifying information to legal entity, such as the government or an actual bank you're trying to sign a contract with would be illegal, but I don't see phishers falling in to that category.
[reply]
Re^2: Automatic phish form filler
by Roy Johnson (Monsignor) on May 07, 2005 at 22:14 UTC
    Of course it's "more legal" than phishing. There are laws against phishing, and there are no laws against giving phishers false information. And since there's no attempt to harm or defraud anyone, it's more ethical, too.

    Do you want to try to suppport your suggestion that it's illegal and/or unethical?

    Caution: Contents may have been coded under pressure.
[reply]

      Is there an effective difference between distributing a program that submits random information to an alleged phishing site a thousand times and distributing a DoS client, besides "Oh, but I don't like those people?"

      Do all phishing sites live on their own boxes with their own IP addresses, leased lines, and networks, or is there a possibility that there are innocent bystanders nearby?

[reply]
        There's certainly a difference between a hundred and a thousand. If thousands of people were hitting it thousands of times, it would be a DDOS. What I have proposed is orders of magnitude smaller, because my objective is not to carry out a DDOS.

        So yes, there is an effective difference. By design. I have no intention of dragging down the network. Filling out a form is not a high-bandwidth activity, and it will not be an activity that is synchronized among hundreds or thousands of users.

        I love the "alleged phishing site". Yeah, those are really hard to recognize definitively. There's always a chance that it's a legitimate site asking for you to "verify your password", despite the warnings posted on the home site of whomever they are spoofing saying that they will never do that.

        Caution: Contents may have been coded under pressure.
[reply]

In Section Seekers of Perl Wisdom