[Gllug] Insecure practices at my ISP
Alain Williams
addw at phcomp.co.uk
Fri Apr 4 10:16:57 UTC 2003
On Fri, Apr 04, 2003 at 11:07:56AM +0100, Jason Clifford wrote:
> On Fri, 4 Apr 2003, David Pashley wrote:
>
> > > Not analogous at all. In the article, "Certainly, he strayed into an
> > > account (or accounts) other than his own, but wouldn't anyone with a
> > > healthy sense of curiosity be tempted to do exactly the same?". Well,
> > > no, not anyone who wants to stay out of prison..
> > >
> > But looking at other peoples directories could be classified as
> > unauthorised access. Looking at /etc/shadow could be classified as
> > unauthorised access.
>
> Does the same apply to the use of `ls -al` or find though? After all
> that's all anyone would need to run in order to determine the security
> issues Gary mentioned.
>
> It might even be considered a reasonable thing to do given that he might
> be trusting a vital part of his business operation to the system.
More to the point: he would have an obligation:
* to his shareholders - to ensure the continued profitability of his business; a cracked
web site can be financially damaging.
* under the data protection act to ensure that any personal details (think credit card
numbers) are kept secure.
I would have thought it very bad business practice for the ISP to sue someone anyway,
it is hardly likely to inspire confidence to potential customers.
--
Alain Williams
#include <std_disclaimer.h>
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list