[Gllug] Insecure practices at my ISP
Chris Ball
chris at void.printf.net
Fri Apr 4 09:30:37 UTC 2003
>> On 4 Apr 2003 10:19:37, David Pashley <david at parguild.co.uk> said:
>> If he has not actually accessed areas of the system he is not
>> authorised to access there has been no offence.
> <http://www.ddplus.co.uk/DDPlus_Website/News_Community/
> Easynet_Story/Easynet_dont_shoot_the_messenger.htm>
Not analogous at all. In the article, "Certainly, he strayed into an
account (or accounts) other than his own, but wouldn't anyone with a
healthy sense of curiosity be tempted to do exactly the same?". Well,
no, not anyone who wants to stay out of prison..
Notifying your ISP that the version of {sendmail, bind, mysql} that
they're running is insecure and exploitable *without* getting a root
shell from it yourself can never be against the Computer Misuse Act,
which classifies against unauthorised access and modification, as
Jason said.
- Chris.
--
$a="printf.net"; Chris Ball | chris at void.$a | www.$a | finger: chris@$a
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list