Re: CRIME EarthLink Password Security Story

From: Seth Arnold (sarnold@private)
Date: Wed Jun 19 2002 - 10:23:48 PDT

Next message: Heidi Henry: "CRIME text layout"

Previous message: Heidi Henry: "CRIME More SPAM"
In reply to: Lyle Leavitt: "Re: CRIME EarthLink Password Security Story"
Next in thread: Lyle Leavitt: "Re: CRIME EarthLink Password Security Story"
Next in thread: Christiansen, John (SEA): "RE: CRIME EarthLink Password Security Story"
Reply: Lyle Leavitt: "Re: CRIME EarthLink Password Security Story"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 19, 2002 at 03:42:09AM -0700, Lyle Leavitt wrote:
> I selected several email addresses from the results. I then tried
> logging into their email with password as the password. Sure enough I
> got in 2 out of the 8 that I tried. 

Lyle, I'd like to discourage doing this in the future; you've actually
accessed several accounts without proper authorization. Lets not forget
that Randal Schwartz did several years of community service for simply
_finding_ passwords on intel machines -- he didn't even try any of them.
_I_ know your intentions are good, _you_ know your intentions are good,
but proving that to a jury might be difficult or pointless or both.

Cheers

-- 
http://www.wirex.com/

application/pgp-signature attachment: stored

Next message: Heidi Henry: "CRIME text layout"
Previous message: Heidi Henry: "CRIME More SPAM"
In reply to: Lyle Leavitt: "Re: CRIME EarthLink Password Security Story"
Next in thread: Lyle Leavitt: "Re: CRIME EarthLink Password Security Story"
Next in thread: Christiansen, John (SEA): "RE: CRIME EarthLink Password Security Story"
Reply: Lyle Leavitt: "Re: CRIME EarthLink Password Security Story"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 11:41:31 PDT