It wasn't my call. Although a good point was made to me personally about the fact that if the school doesn't have a clearly-defined AUP, and ap privacy policy, it may not even be illegal to "hack" their systems...if there's nothing saying it's not legal. As far as my personal views?...I understand that privacy is what the policy makes it out to be. If you you're using MY system for legitimate purposes according to my acceptable use policy, there's nothing you should be hiding there which is "confidential or private" anyway. A home directory is used (as defined in acceptable use) for storage of scholatic and classroom-related material, research, and non-personal items. I think that defines it very clearly. If you want to store porn, your personal dirty emails, do it on your home machine - not on the school's hard disk space. Perhaps I'm being a bit over-zealous and I surely don't eman to start a war here, but...that's just my **personal** philosophy. /Ralph/ -----Original Message----- From: Tom [mailto:TheTomat_private] Sent: Friday, February 07, 2003 6:09 AM To: Ralph Los Cc: forensicsat_private Subject: Re: Tracking a (potential) abuser? Hi, > I'm doing some work for a school which has approx. 1,000 users > (students + staff) sharing the same Win2k-AD network resources. > Windows permissions, shares and passwords are obviously not > strengthened (why would they be, that would make this easy!) so there > are suspicions that students are running rampant on this network. I > was asked to come and investigate for signs of mis-use, abuse, or > "hacking". What I DID find was a student's directory which had > *explicit deny* for the administrators group to all rights. I had to > go and "take ownership" to get a view into this student's directory. I'm quite shocked. Do you guys ever think about violating peoples privacy? :-\ Thomas ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 09:42:35 PST