Re: CRIME EarthLink Password Security Story

From: Sarah Mocas (sarah@private)
Date: Thu Jun 20 2002 - 13:47:54 PDT

  • Next message: Sarah Mocas: "Re: CRIME Who is controling SPAM on our list?"

    Lyle,
    
    PRS training, at a minimum, is letting us know that there is 
    a lot about the law that we shouldn't assume.  When in doubt a 
    good source on Federal guidelines is:
    
    http://www.usdoj.gov/criminal/cybercrime/searching.html
    Searching and Seizing Computers and Obtaining Electronic Evidence 
    in Criminal Investigations
    
    Sarah 
    
    > 
    > Seth,
    > 
    > Good point. I forget that in our court system "white-hat hacker" is an
    > oxymoron. So I should just tell the media that the "rumor" is that
    > default passwords are going unchecked at AT&T. That's my story and I'm
    > sticking to it. End of story. Bad guys win. Why did I waste my time?
    > 
    > A 'White Hat' Goes to Jail 
    > http://www.wired.com/news/politics/0,1283,44007,00.html
    > 
    > Geo - Is this legal stuff covered in the PRS training?
    > 
    > -Lyle
    > 
    > Seth Arnold wrote:
    > > 
    > > On Wed, Jun 19, 2002 at 03:42:09AM -0700, Lyle Leavitt wrote:
    > > > I selected several email addresses from the results. I then tried
    > > > logging into their email with password as the password. Sure enough I
    > > > got in 2 out of the 8 that I tried.
    > > 
    > > Lyle, I'd like to discourage doing this in the future; you've actually
    > > accessed several accounts without proper authorization. Lets not forget
    > > that Randal Schwartz did several years of community service for simply
    > > _finding_ passwords on intel machines -- he didn't even try any of them.
    > > _I_ know your intentions are good, _you_ know your intentions are good,
    > > but proving that to a jury might be difficult or pointless or both.
    > > 
    > > Cheers
    > > 
    > > --
    > > http://www.wirex.com/
    > > 
    > >   ----------------------------------------------------------------------
    > >    Part 1.2Type: application/pgp-signature
    > 
    



    This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 14:48:35 PDT