[Gllug] Insecure practices at my ISP

David Pashley david at parguild.co.uk
Fri Apr 4 10:15:23 UTC 2003


On Apr 04, 2003 at 11:07, Jason Clifford praised the llamas by saying:
> On Fri, 4 Apr 2003, David Pashley wrote:
> 
> > > Not analogous at all.  In the article, "Certainly, he strayed into an
> > > account (or accounts) other than his own, but wouldn't anyone with a
> > > healthy sense of curiosity be tempted to do exactly the same?". Well,
> > > no, not anyone who wants to stay out of prison..
> > > 
> > But looking at other peoples directories could be classified as
> > unauthorised access. Looking at /etc/shadow could be classified as
> > unauthorised access.
> 
> Does the same apply to the use of `ls -al` or find though? After all 
> that's all anyone would need to run in order to determine the security 
> issues Gary mentioned.
> 
> It might even be considered a reasonable thing to do given that he might 
> be trusting a vital part of his business operation to the system.

If the ISP consider it to be unauthorised, then yes, he would be
breaking the Computer Misuse Act. Has he been given permission to look
at other peoples files?
> 
> Jason Clifford

-- 
David Pashley
david at davidpashley.com
Nihil curo de ista tua stulta superstitione.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20030404/531ed18e/attachment.pgp>


More information about the GLLUG mailing list