|On Wed, Jun 19, 2002 at 03:42:09AM -0700, Lyle Leavitt wrote: |> I selected several email addresses from the results. I then tried |> logging into their email with password as the password. Sure enough I |> got in 2 out of the 8 that I tried. | |Lyle, I'd like to discourage doing this in the future; you've actually accessed several accounts without proper |authorization. Lets not forget that Randal Schwartz did several years of community service for simply _finding_ passwords |on intel machines -- he didn't even try any of them. _I_ know your intentions are good, _you_ know your intentions are |good, but proving that to a jury might be difficult or pointless or both. | |Cheers I don't know how people on this list feel about the Randal Schwartz trial, but I think the facts are a bit different than "he didn't even try any of them". He did use them and his intent was to bypass the system administrators attempts to enforce their policy. You can read more lots of places. For example: http://www.cs.uidaho.edu/~frincke/research/security/articles/schwartz3.t xt BTW, I knew randal in the early 80's when he worked at Sequent. --phil
This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 10:19:06 PDT