Re: CRIME EarthLink Password Security Story

From: Lyle Leavitt (lylel@private)
Date: Wed Jun 19 2002 - 13:27:40 PDT

  • Next message: George Heuston: "CRIME FW: NIPC Advisory 02-005 Remote Vulnerability in Apache Web Serve r Software"

    Seth,
    
    Good point. I forget that in our court system "white-hat hacker" is an
    oxymoron. So I should just tell the media that the "rumor" is that
    default passwords are going unchecked at AT&T. That's my story and I'm
    sticking to it. End of story. Bad guys win. Why did I waste my time?
    
    A 'White Hat' Goes to Jail 
    http://www.wired.com/news/politics/0,1283,44007,00.html
    
    Geo - Is this legal stuff covered in the PRS training?
    
    -Lyle
    
    Seth Arnold wrote:
    > 
    > On Wed, Jun 19, 2002 at 03:42:09AM -0700, Lyle Leavitt wrote:
    > > I selected several email addresses from the results. I then tried
    > > logging into their email with password as the password. Sure enough I
    > > got in 2 out of the 8 that I tried.
    > 
    > Lyle, I'd like to discourage doing this in the future; you've actually
    > accessed several accounts without proper authorization. Lets not forget
    > that Randal Schwartz did several years of community service for simply
    > _finding_ passwords on intel machines -- he didn't even try any of them.
    > _I_ know your intentions are good, _you_ know your intentions are good,
    > but proving that to a jury might be difficult or pointless or both.
    > 
    > Cheers
    > 
    > --
    > http://www.wirex.com/
    > 
    >   ----------------------------------------------------------------------
    >    Part 1.2Type: application/pgp-signature
    



    This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 14:32:49 PDT