RE: Tracking a (potential) abuser?

From: Ralph Los (RLosat_private)
Date: Mon Feb 10 2003 - 08:28:51 PST

Next message: Jeremy Shelley: "Re: Tracking a (potential) abuser?"

Previous message: Chris DeVoney: "RE: Tracking a (potential) abuser?"
Maybe in reply to: Ralph Los: "Tracking a (potential) abuser?"
Next in thread: ktabic: "Re: Tracking a (potential) abuser?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It wasn't my call.  Although a good point was made to me personally about
the fact that if the school doesn't have a clearly-defined AUP, and ap
privacy policy, it may not even be illegal to "hack" their systems...if
there's nothing saying it's not legal.

As far as my personal views?...I understand that privacy is what the policy
makes it out to be.  If you you're using MY system for legitimate purposes
according to my acceptable use policy, there's nothing you should be hiding
there which is "confidential or private" anyway.  A home directory is used
(as defined in acceptable use) for storage of scholatic and
classroom-related material, research, and non-personal items.  I think that
defines it very clearly.  If you want to store porn, your personal dirty
emails, do it on your home machine - not on the school's hard disk space.
Perhaps I'm being a bit over-zealous and I surely don't eman to start a war
here, but...that's just my **personal** philosophy.

/Ralph/

-----Original Message-----
From: Tom [mailto:TheTomat_private] 
Sent: Friday, February 07, 2003 6:09 AM
To: Ralph Los
Cc: forensicsat_private
Subject: Re: Tracking a (potential) abuser?


Hi,

> 	I'm doing some work for a school which has approx. 1,000 users 
> (students + staff) sharing the same Win2k-AD network resources.  
> Windows permissions, shares and passwords are obviously not 
> strengthened (why would they be, that would make this easy!) so there 
> are suspicions that students are running rampant on this network.  I 
> was asked to come and investigate for signs of mis-use, abuse, or 
> "hacking".  What I DID find was a student's directory which had 
> *explicit deny* for the administrators group to all rights.  I had to 
> go and "take ownership" to get a view into this student's directory.

I'm quite shocked. Do you guys ever think about violating peoples privacy?
:-\

Thomas






-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jeremy Shelley: "Re: Tracking a (potential) abuser?"
Previous message: Chris DeVoney: "RE: Tracking a (potential) abuser?"
Maybe in reply to: Ralph Los: "Tracking a (potential) abuser?"
Next in thread: ktabic: "Re: Tracking a (potential) abuser?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 09:42:35 PST