[Prev][Next][Index][Thread]
Re: Schwartz VS. Intel
darrell@teleport.com (Darrell Fuhriman) wrote:
>Randal is one of the most technically competent people around.
>If he had been concerned about getting caught, he wouldn't have
>been.
As far as I've been able to discern, he didn't think he'd be caught
because he thought security was even worse than it was.
>Intel complains that Schwartz was violating their security, but I
>would assert that any system that has non-shadowed passwords has
>no security.
That viewpoint is not supported by law. It is just as illegal to walk
up to an unlocked terminal in a public place and "break in" as it is to
use high-tech spy gear to tap the network wires in a big paranoid corp.
>It's true that his actions were irresponsible, but that makes his
>crime stupidity, not computer theft.
The crime of which he's been accused is one of misuse of a facility,
not for stupidity (nor arrogance, which was the actual moral failing that
appears to have led him to the current situation.)
>I think Randal was actually trying to do a good thing, and point
>out Intel's lack of security... it's unfortunate he chose such a
>poor way to do it.
I suspect his lawyer will attempt to use that as a defense.
Unfortunately, the way to point out lack of security is to actually talk
to the people in charge of it (he was well able to do this) about the
weaknesses, and absolutely NOT to do any of this "cracking" in any kind
of secretive way. Intel has quite an extensive security group which is
quite open to having people point out lapses in security, if they can also
point out ways to plug those holes.
Hutch
References: