[Gllug] Insecure practices at my ISP
David Pashley
david at parguild.co.uk
Fri Apr 4 10:00:15 UTC 2003
On Apr 04, 2003 at 10:30, Chris Ball praised the llamas by saying:
> >> On 4 Apr 2003 10:19:37, David Pashley <david at parguild.co.uk> said:
>
> >> If he has not actually accessed areas of the system he is not
> >> authorised to access there has been no offence.
>
> > <http://www.ddplus.co.uk/DDPlus_Website/News_Community/
> > Easynet_Story/Easynet_dont_shoot_the_messenger.htm>
>
> Not analogous at all. In the article, "Certainly, he strayed into an
> account (or accounts) other than his own, but wouldn't anyone with a
> healthy sense of curiosity be tempted to do exactly the same?". Well,
> no, not anyone who wants to stay out of prison..
>
> Notifying your ISP that the version of {sendmail, bind, mysql} that
> they're running is insecure and exploitable *without* getting a root
> shell from it yourself can never be against the Computer Misuse Act,
> which classifies against unauthorised access and modification, as
> Jason said.
>
But looking at other peoples directories could be classified as
unauthorised access. Looking at /etc/shadow could be classified as
unauthorised access.
--
David Pashley
david at davidpashley.com
Nihil curo de ista tua stulta superstitione.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20030404/f024c91e/attachment.pgp>
More information about the GLLUG
mailing list