Hi Patrick The story you refer to also rung a bell (no pun intended) I think it was with regards to British Telecom, who if memory serves, had a contractor working for them who had access to systems on the network, he looked around at what else was available to him, and found he had access to the ex-directory phone list including numbers such as the UK's security services, the private numbers for Buckingham Palace and many others. He published his findings to the press, see an article in Computer Weekly 01 Dec 1994 page 14. BT prosecuted him, but he got off on the basis that the data was on the system he had access to and there was no notification that he should not access it unless specifically authorised. I am not a legal authority, but I guess you could call that a precedent, I believe he still got prosecuted for disclosing the data under the data protection act though. Following that authorised login banners were born. Hope this helps. Paul > ---------- > From: Patrick Kingi[SMTP:Patrick.Kingiat_private] > Sent: 18 February 2003 00:55 > To: pen-testat_private > Subject: login banners > > Greetings all, > > It has been standard practice to ensure systems ensure their login banners > warn the users that unauthorised access is not allowed, your activity may > be > logged etc... > > A client has asked if there is any evidence that this really matters. I > heard a story once upon a time that a hacker did not get prosecuted > because > the login banner said something like "Welcome to your friendly > neighborhood > computer". Is this an urban legend? > > Does anyone have any evidence that the login banner has been used in > court? > > Any help would be appreciated. > > regards, > Patrick > > > -------------------------------------------------------------------------- > -- > > Do you know the base address of the Global Offset Table (GOT) on a Solaris > 8 > box? > CORE IMPACT does. > www.securityfocus.com/core > ************************************************************* The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Any opinions expressed are those of the individual and do not represent the opinion of the organisation. Access to this email by persons other than the intended recipient is strictly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or other action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email is subject to the terms and conditions expressed in the applicable Portcullis Computer Security Limited terms of business. ************************************************************** ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. http://www.securityfocus.com/core
This archive was generated by hypermail 2b30 : Thu Feb 20 2003 - 08:11:59 PST