[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Kind of sad

Subject: Kind of sad
From: streiner at cluebyfour.org (Justin M. Streiner)
Date: Wed, 12 Nov 2014 10:57:59 -0500 (EST)
In-reply-to: <D088E609.2311D%[email protected]>
References: <CA+zb_vFkpF5WYRZNBS82EMoc=L1btBZkAF151SAV0dULxR_UcQ@mail.gmail.com> <CAE_vMvcwmWCBAPnmdLU4jKhc_bd1vNKULg6AXivsZxWvFs8cgQ@mail.gmail.com> <CA+zb_vHrkodVrff0wyZGrVJcqzUqjbBqXvqHX3Cz8mKnOZYxdg@mail.gmail.com> <EMeR1p01l1cZc5601MeTcB> <[email protected]> <D088E609.2311D%[email protected]>

On Wed, 12 Nov 2014, Sholes, Joshua wrote:

> I concur.   I was recently an admin/ITSO for a defense contractor, and
> from a network logging standpoint it is VERY difficult to tell the
> difference between what you posted and a really subtle
> social-engineering-enabled attack--and EVERY attacker these days has to be
> assumed to be subtle.

Agree completely.  While the OP's intentions might be honorable, even if 
he notified the organization directly, they might not react the way he 
would want:

"Thank you for bringing this to our attention!  We will get it fixed 
immediately."

I am not a lawyer, but I would strongly advise against randomly logging 
into hosts on a network where I don't have a formal business relationship 
that includes explicit authorization to do pen-testing and other 
[insert-color-here]-hat activities.

Being a good Samaritan and the current state of computer crime laws do not 
always line up very nicely with each other.

Bottom line: Tread carefully.

jms

References:
- Kind of sad
  - From: jbfixurpc at gmail.com (Joe)
- Kind of sad
  - From: marine64 at gmail.com (Brian Henson)
- Kind of sad
  - From: jbfixurpc at gmail.com (Joe)
- Kind of sad
  - From: larrysheldon at cox.net (Larry Sheldon)
- Kind of sad
  - From: Joshua_Sholes at cable.comcast.com (Sholes, Joshua)

Prev by Date: Kind of sad
Next by Date: Cisco CCNA Training
Previous by thread: Kind of sad
Next by thread: Kind of sad
Index(es):
- Date
- Thread