nanog mailing list archives
Re: Kind of sad
From: "Justin M. Streiner" <streiner () cluebyfour org>
Date: Wed, 12 Nov 2014 10:57:59 -0500 (EST)
On Wed, 12 Nov 2014, Sholes, Joshua wrote:
I concur. I was recently an admin/ITSO for a defense contractor, and from a network logging standpoint it is VERY difficult to tell the difference between what you posted and a really subtle social-engineering-enabled attack--and EVERY attacker these days has to be assumed to be subtle.
Agree completely. While the OP's intentions might be honorable, even if he notified the organization directly, they might not react the way he would want:
"Thank you for bringing this to our attention! We will get it fixed immediately."
I am not a lawyer, but I would strongly advise against randomly logging into hosts on a network where I don't have a formal business relationship that includes explicit authorization to do pen-testing and other [insert-color-here]-hat activities.
Being a good Samaritan and the current state of computer crime laws do not always line up very nicely with each other.
Bottom line: Tread carefully. jms
Current thread:
- Re: Kind of sad, (continued)
- Re: Kind of sad Karl Auer (Nov 11)
- Re: Kind of sad Javier J (Nov 11)
- Re: Kind of sad Javier J (Nov 11)
- Re: Kind of sad Ariel Biener (Nov 11)
- Re: Kind of sad Michael Thomas (Nov 11)
- Re: Kind of sad Ariel Biener (Nov 11)
- Re: Kind of sad Karl Auer (Nov 11)
- Re: Kind of sad Ricky Beam (Nov 11)
- Message not available
- Re: Kind of sad Larry Sheldon (Nov 11)
- Re: Kind of sad Sholes, Joshua (Nov 12)
- Re: Kind of sad Justin M. Streiner (Nov 12)