Re: CRIME EarthLink Password Security Story

From: Seth Arnold (sarnold@private)
Date: Wed Jun 19 2002 - 10:23:48 PDT

  • Next message: Heidi Henry: "CRIME text layout"

    On Wed, Jun 19, 2002 at 03:42:09AM -0700, Lyle Leavitt wrote:
    > I selected several email addresses from the results. I then tried
    > logging into their email with password as the password. Sure enough I
    > got in 2 out of the 8 that I tried. 
    
    Lyle, I'd like to discourage doing this in the future; you've actually
    accessed several accounts without proper authorization. Lets not forget
    that Randal Schwartz did several years of community service for simply
    _finding_ passwords on intel machines -- he didn't even try any of them.
    _I_ know your intentions are good, _you_ know your intentions are good,
    but proving that to a jury might be difficult or pointless or both.
    
    Cheers
    
    -- 
    http://www.wirex.com/
    
    
    



    This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 11:41:31 PDT