[Prev][Next][Index][Thread]
Re: Tim O'Reilly on Randal Schwartz Prosecution
Vin McLellan (vin@shore.net) wrote:
: I would also be very very surprised if Section 502 did not criminalize
: unauthorized acts to obtain and illicitly process an (ORA) encrypted
^^^^^^^^^^^^
: password file, when those actions resulted in the perpetrator gaining
: access to another person's restricted data, including but not limited to
: his secret password and other access information.
Isn't the whole argument here about what a security consultant is
implicity "authorised" to do in order to complete the job.
I am not explicitly "authorised" to do most of the system security analysis
on this machine yet I run crack twice a year to discover stupidly simple
passwords so we can advise the users to be more aware of their own
responsibilities. I also sometimes run Satan against other machines which I
know have .rhosts files refering to this machine.
If everything that was not explicitly permitted was forbidden I would be
unable to do my job.
--
Geoff. Lane. | mailto:zzassgl@cs6400.mcc.ac.uk | http://gl.mcc.ac.uk/
CS6400 Admin, MCC, Manchester University, Oxford Rd, Manchester, M13 9PL, UK
Actually, what I'd like is a little toy spaceship!
Follow-Ups:
References: