[Prev][Next][Index][Thread]

Re: Randal Schwartz Cracking Conviction



>His argument all along has been that --
>despite his efforts to break down the security of the target system;
>despite the fact that he broke security to make the initial entry into
>this system -- his intentions were not criminal nor malovelent, right?   

In checking the strength of security the best technique is often
to attempt to break it.  In checking the strength of passwords,
this is just about the *only* technique.

Randal's intent is shown by his *actions*.  He ran crack under its
own name, undisguised.  He used his own account.  Everything ran
on Intel's site -- he took none of the dirty work off site, where
it would be safer from detection by the "victim".  Randal knows
how to cover up this things.  He was only caught because he had no
fear of being caught.  He showed no fear of being caught because
he was acting in a good faith what he was doing was legal and would
be applauded by his client when he showed them his results.

This is the sick thing about this whole matter.  It is a method of
enforcing security which will only work against those who do not
attempt to cover their actions.  It's fake security.  The methods
used to catch Randal would be useless to catch real crackers.  They
will be quite effective in scaring people from stopping such
criminals.

-- 

Jeffrey Kegler, President, Algorists, Inc.
743 East El Camino Real, #338, Sunnyvale CA 94087, jeffrey@best.com


Follow-Ups: References: