In message <Pine.3.89.9503310518.C96-0100000@madhouse.com>, you write: >> packet file which can later be replayed through Watcher. Most importantly, >> Watcher allows the admin to CONTROL network users by instantly terminating >> any connection, setting up makeshift firewalls, or even TAKING OVER >> (hijacking) any connection. >Sounds ok if your charged with providing security for a corporate, >government or military site, but in the case of pay commercial hosts this >should be illiegal, if not downright immoral. How much privacy should I >expect from a provider? I mean I am paying for services, and there was >some limited agreement to services. I think you better put in a >statement saying YOUR SESSION WILL BE WATCHED AND IF WE FEEL YOU'RE >BEING POLITCALLY INCORRECT WE WILL TAKE OVER YOUR SESSION. >Am I the only one who feels this is an invasion of privacy? Of course it isn't. You never had any privacy to begin with. If you aren't doing anything yourself to guarantee your own security and privacy, you neither have nor deserve any. This hard truth should be known to a few people on this list who deal with security every day -- you can't just expect people to hand it to you (well, you can, but there might as well be a bridge with it). While the America Online generation has been whining about Mr. Neuman's "advertisement" and invading their "privacy", some of us are thankful to have reviewable code to such a tool. When I talk to people who are responsible for keeping things secure, theory and papers don't cut it. I need to be able to whip out a real live program and SHOW them how vulnerable their systems are before they will even acknowledge the existence of a problem. You can whine about it all you want, but the crackers have had such tools for a good little while. It's about time some good come out of it -- enough people see that it's a problem to merit it getting solved (hint from previous discussion: this one ain't gonna be easy, folks). -Craig