Re: Intel v. Randal Schwartz: Why care?

• Subject: Re: Intel v. Randal Schwartz: Why care?
• From: adt@netcom.com (Anthony D. Tribelli)
• Date: Fri, 5 Jan 1996 01:54:31 GMT
• Distribution: inet
• Followup-To: comp.org.eff.talk,comp.security.unix,comp.security.misc,misc.legal.computing,comp.sys.intel
• Newsgroups: comp.org.eff.talk, comp.security.unix, comp.security.misc, misc.legal.computing, comp.sys.intel
• Organization: NETCOM On-line Communication Services (408 261-4700 guest)
• References: <slrn4egrc2.974.jeffrey@jeffrey.vip.best.com> <4cb2hp$e1h@hecate.umd.edu> <slrn4ejer0.c8q.jeffrey@jeffrey.vip.best.com> <4ccos2$4c9@news.xs4all.nl> <adtDKo8t5.4n0@netcom.com> <slrn4eohjm.uta.jeffrey@jeffrey.vip.best.com>
• Sender: adt@netcom19.netcom.com
• Xref: nntp.teleport.com comp.org.eff.talk:68814 comp.security.unix:23460 comp.security.misc:24457 misc.legal.computing:18584 comp.sys.intel:70917

Jeffrey Kegler (jeffrey@algor2.algorists.com) wrote:
: In article <adtDKo8t5.4n0@netcom.com>, Anthony D. Tribelli wrote:
: >System administrators already have authority to do this. Randal WAS NOT a 
: >system administrator, that is why he would need permission.

: Randal was a sysadmin, and had been a sysadmin for all the machines
: involved.  He was not at the time a sysadmin for some of the machines
: on which he cracked passwords.

Sorry for not being clear, this is what I was attempting to say :-). That
he was not currently responsible for these machines.

: Intel maintains it has a clearly defined "Maginot Line" policy on
: password security, whereby nobody can crack passwords except on
: a machine for which they are currently sysadmin.  They don't have
: any evidence Randal would have know of this "Don't ask, don't tell"
: approach to security.

IMHO, common sense says you should not be cracking passwords on machines 
you are not responsible for. Lack of common sense or lack of good 
judgement has never been an acceptable defense for criminal activity.

: Again, if Intel wants a foolish security policy, and wants to fire
: people who violate it, whether innocently or not, I do not have a major
: problem with that...

Foolish? The majority of white collar crime involves insiders. Criminal 
employees and contractors are a greater threat than outsiders usually.

Cracking passwords is not innocent behavior. Assuming you are not the
sysadmin of the system, it is negligence or malpractice at best. 

: ... Their carelessness might make them a
: haven from which hackers can compromise other Internet machines ...

I would suspect that their "aggressive" prosecution of Randal is part of 
a policy to deter people from unauthorized use of their machines.

: It is the perversion of the criminal courts into enforcing Intel work
: rules I strongly object to.  I would object even if the work rules
: were sensible and consistently enforced.

Perhaps consistency is part of the reason they prosecuted Randal. If they
had declined to prosecute Randal, but attempted to prosecute the next
person cracking their passwords, this second person may have tried to sway
a jury with some sort of selective enforcement argument. That he was
really the victim of a vendetta. Yes, this is a weak argument, but juries
have been known to buy all sorts of weak arguments. 

Tony
-- 
------------------
Tony Tribelli
adtribelli@acm.org

• Re: Intel v. Randal Schwartz: Why care?
• From: unruh@physics.ubc.ca (William Unruh)

• Intel v. Randal Schwartz: Why care?
• From: jeffrey@algor2.algorists.com (Jeffrey Kegler)
• Re: Intel v. Randal Schwartz: Why care?
• From: ram@mbisgi.umd.edu (Ram Samudrala)
• Re: Intel v. Randal Schwartz: Why care?
• From: jeffrey@algor2.algorists.com (Jeffrey Kegler)
• Re: Intel v. Randal Schwartz: Why care?
• From: cor@xs4all.nl (Cor Bosman)
• Re: Intel v. Randal Schwartz: Why care?
• From: adt@netcom.com (Anthony D. Tribelli)
• Re: Intel v. Randal Schwartz: Why care?
• From: jeffrey@algor2.algorists.com (Jeffrey Kegler)

• Prev: Re: Intel v. Randal Schwartz: Why care?
• Next: Re: Intel v. Randal Schwartz: Why care?
• Index: Mail Index
• Thread: Mail Thread Index