Lyle, PRS training, at a minimum, is letting us know that there is a lot about the law that we shouldn't assume. When in doubt a good source on Federal guidelines is: http://www.usdoj.gov/criminal/cybercrime/searching.html Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Sarah > > Seth, > > Good point. I forget that in our court system "white-hat hacker" is an > oxymoron. So I should just tell the media that the "rumor" is that > default passwords are going unchecked at AT&T. That's my story and I'm > sticking to it. End of story. Bad guys win. Why did I waste my time? > > A 'White Hat' Goes to Jail > http://www.wired.com/news/politics/0,1283,44007,00.html > > Geo - Is this legal stuff covered in the PRS training? > > -Lyle > > Seth Arnold wrote: > > > > On Wed, Jun 19, 2002 at 03:42:09AM -0700, Lyle Leavitt wrote: > > > I selected several email addresses from the results. I then tried > > > logging into their email with password as the password. Sure enough I > > > got in 2 out of the 8 that I tried. > > > > Lyle, I'd like to discourage doing this in the future; you've actually > > accessed several accounts without proper authorization. Lets not forget > > that Randal Schwartz did several years of community service for simply > > _finding_ passwords on intel machines -- he didn't even try any of them. > > _I_ know your intentions are good, _you_ know your intentions are good, > > but proving that to a jury might be difficult or pointless or both. > > > > Cheers > > > > -- > > http://www.wirex.com/ > > > > ---------------------------------------------------------------------- > > Part 1.2Type: application/pgp-signature >
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 14:48:35 PDT