[Prev][Next][Index][Thread]

Re: Perl Co-inventor Convicted

Sean Donelan (sean@sdg.dra.com) wrote:
: > Woodard said Intel spent money and time making sure Schwartz had not
: > installed unauthorized programs in their systems.
: >
: > ``We were the victim. We were not the prosecutors in this case,'' said
: > Woodard, who is concerned that some people mistakenly see the case as
: > Intel vs. Schwartz.

: "We were the victim."  Hint, does the $60,000 go to the prosecutors or
: to Intel?  Shouldn't Intel be regularly checking their computers for
: unauthorized programs anyway?  Why should Intel be compensated for
: actions a reasonable, and prudent company already should be doing?  

And, of course, as a contracted admin at Intel it was Randal's JOB to
check security.  He demonstrated quite well the 'web of trust' concepts
that SATAN guesses at.

: Its like claiming a trespasser owes Intel $60,000 because Intel had to
: pay its security guards to check if all the doors are locked after the
: trespasser was discovered.

2 man-years with typical pay in Oregon. Maybe be nice and say it includes
the cost of benefits and free coffee: one man year.  Does it REALLY take
that long to check their systems?

Of course, the proper analogy for Randal's actions is that he was a burglar
alarm installer caught checking the door locks at a clients site.  If
it were anything other than computers the case would be laughed out
of court.  But computers are something the average citizen (and mediabot)
don't understand, so the legal system gets trashed.

: Trespassing is bad.  But these kind of "damages" are silly.  They bring
: back bad memories of another company with dollar amounts that had little
: to do with reality.  Worse, these damage claims often subvert the
: legislature's authority to delinate different crimes and punishments.

Perhaps the damages were computed on a Pentium.

This incident has convinced me that Intel is filled with morons (more
so than the Pentium problems did).  Simple little details like if
Randal REALLY wanted to steal passwords, he has access to plenty of
computing horsepower outside of intel.com to run crack on.  He certainly
knows how to rename crack into something less obvious.  And he certainly
knows crack takes days to do a real check with a good-sized password file
and dictionary.

Running crack as an admin isn't a bad thing at all (see Dan Farmer's paper
on Cracking for Admins), as well as ftp.cert.org for crack itself.  (Gosh,
if crack is so bad, why is it on CERT's ftp site?)

Perhaps if they merely ASKED Randal what he was doing before calling in
the police they would have saved themselves some hassles.
Follow-Ups: References: