[Prev][Next][Index][Thread]
Re: Randal Schwartz Cracking Conviction
In article <DEGF3I.K0n@online.tmx.com.au> tony@online.tmx.com.au (Tony Cook) writes:
>Vin McLellan (vin@shore.net) wrote:
>: Mr. Kegler is an impassioned advocate, but this discussion seems to
>: have slipped some crucial factual moorings. As I recall, Mr. Schwartz's
>: explanation of his situation acknowledged that these explorations of a
>: specific system's security were launched with a stolen or illicitly
>: appropriated password which gave him his initial access to the system in
>: question.
>
>This doesn't match the dicussion that I've seen here - 'stolen or
>illicitly appropriated' passwords were only used to check that they
>worked. The machines which he ran gate and door on were machines
>which he legally had access to AFAIK - the only problem with these
>were that they allowed Randal access to Intel machines from
>elsewhere.
There is never a reason to verify that cracked passwords work by
actually using them. I believe that this might even be a violation of
the federal ECPA law even if Randall's claim is he did this under the
aegis of his system administrator status, though I'd have to go back
and read ECPA to be sure. I will point out that this is just my opinion
and you should consider what you paid me for it -- nothing.
My point here isn't to say that Randall is an even bigger monster than
Oregon and Intel thinks he is, rather to point out that a user's account
=must= be treated as sacred and an administrator should never violate
the privacy of that account, even if they consider it to be insecure.
The correct way to secure an insecure account is to disable it and
contact the owner.
Given Randall's helpfulness in the past, I continue to believe that
Randall honestly and sincerely felt he was doing Intel and the users
on their systems a huge favor.
--
John F. Haugh II PSP Division, IBM/Austin
SneakerNet: 905/4E016 MaBell: 512-823-8817
InterNet: jfh@austin.ibm.com [Member SECA] VNET: HAUGH at AUSTIN
Follow-Ups:
References: