[Prev][Next][Index][Thread]
Re: Schwartz VS. Intel
It seems to me that it's one thing to tell the company that's contracting
you "Hey, did you know how vulnerable you are to having your password file
cracked?"
It's another thing to say, "Look -- I just started up a password cracking
program to demonstrate to you how easy it would be for someone to do this.
Even though this is not something you've contracted me to look into."
It's another thing to say, "I just broke into your account with a password
I cracked by running a program for the past week, just to demonstrate to
you how vulnerable you are. Even though this is not something you've
contracted me to do."
It's another thing to say, "Here's a file I stole from your account, just
to show you how vulnerable you are. Even though this is not something
you've contracted me to do."
I could go on.
I think that a responsible contractor might do the first thing on this
list. If the client doesn't respond intelligently, that's certainly not
the contractor's responsibility.
Maybe a responsible contractor who really really cared about his client
would do the second thing on this list, if that's what it took to get the
client's attention.
Anything beyond that seems way out of line to me, and I would never
knowingly hire someone who would do such things.
Moreover, if I _caught_ a cracker program running and only _after_ being
confronted by me did the contractor come up with his oh-so-benevolent
explanation that he was going to spring a cracked password or stolen file
on me, just to get my attention for my own good, you can be sure that I
would call the district attorney's office myself.
-- Dave Goldman
Research Software Design
P.S. It's too bad that of all the interestingly controversial threads that
happen here, Randal ("Just Another Usenetter Since Before the Rest of You
Were Born") Schwartz won't be putting in his two cents this time!
Follow-Ups:
References: