On 11/11/2014 15:37, Ricky Beam wrote:
On Mon, 10 Nov 2014 22:43:09 -0500, Joe <jbfixurpc@gmail.com> wrote:
Generally speaking its best you do what your good at and this is not it.
Exposing there is a window open to a gov agency is not hacking, trust me. I would say go back to fathering children and once you have a few more years under your belt feel free to join in.
And you, sir, should consult a lawyer before publicly slinging insults.
I'm not a lawyer, but I have worked with one in this area. What you have post *is* evidence of a crime under the Computer and Fraud Abuse Act. The wording of that law is horrible, but it is what it is; the bar for of "unauthorized access" is *very* low. How you found it is irrelevant. You connected it to it -- knowing full well you are not authorized -- and proceeded to attempt to login, even if in jest.
(Government agencies have zero sense of humor. And judges have next to no understanding of technology. Merely being charged can be a career killer.)
As an ex-admin I completely--we took action for such things. My understanding is that you can get a nasty lead overdose for standing next to a car with a Slim Jim, or trying doors to houses and warehouses to see if they are locked. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
On 11/11/14, 9:25 PM, "Larry Sheldon" <larrysheldon@cox.net> wrote:
On 11/11/2014 15:37, Ricky Beam wrote:
On Mon, 10 Nov 2014 22:43:09 -0500, Joe <jbfixurpc@gmail.com> wrote:
Generally speaking its best you do what your good at and this is not it.
Exposing there is a window open to a gov agency is not hacking, trust me. I would say go back to fathering children and once you have a few more years under your belt feel free to join in.
And you, sir, should consult a lawyer before publicly slinging insults.
I'm not a lawyer, but I have worked with one in this area. What you have post *is* evidence of a crime under the Computer and Fraud Abuse Act. The wording of that law is horrible, but it is what it is; the bar for of "unauthorized access" is *very* low. How you found it is irrelevant. You connected it to it -- knowing full well you are not authorized -- and proceeded to attempt to login, even if in jest.
(Government agencies have zero sense of humor. And judges have next to no understanding of technology. Merely being charged can be a career killer.)
As an ex-admin I completely--we took action for such things.
I concur. I was recently an admin/ITSO for a defense contractor, and from a network logging standpoint it is VERY difficult to tell the difference between what you posted and a really subtle social-engineering-enabled attack--and EVERY attacker these days has to be assumed to be subtle. --Josh
On Wed, 12 Nov 2014, Sholes, Joshua wrote:
I concur. I was recently an admin/ITSO for a defense contractor, and from a network logging standpoint it is VERY difficult to tell the difference between what you posted and a really subtle social-engineering-enabled attack--and EVERY attacker these days has to be assumed to be subtle.
Agree completely. While the OP's intentions might be honorable, even if he notified the organization directly, they might not react the way he would want: "Thank you for bringing this to our attention! We will get it fixed immediately." I am not a lawyer, but I would strongly advise against randomly logging into hosts on a network where I don't have a formal business relationship that includes explicit authorization to do pen-testing and other [insert-color-here]-hat activities. Being a good Samaritan and the current state of computer crime laws do not always line up very nicely with each other. Bottom line: Tread carefully. jms
participants (3)
-
Justin M. Streiner -
Larry Sheldon -
Sholes, Joshua