Bugtraq mailing list archives
Re: Major hack attack on the U.S. Senate
From: Kirk Spencer <kspencer () ngrl org>
Date: Fri, 23 Jan 2004 14:58:24 -0500
Agreed this was not a "hack attack" as usually considered. However, I would raise two points. The first is simple - If someone starts reading files on a computer to which they are not supposed to have access, do we not consider this an attack? Even if the reason they got in is configuration errors? Second, there is a question of which side's position is easier to believe. You said: " Additionally the Republicans allegedly 'in the summer of 2002, their computer technician informed his Democratic counterpart of the glitch.' You cut off the next sentence which says: " Other staffers, however, denied that the Democrats were told anything about it before November 2003." The article does not state whether it was Democrat or Republican staffers. I'll ask a simple question which indicates why I think the latter is more probable: Can you think of a sysadmin who wouldn't act when told that _all_ his clients' passwords were invalid because the permissions were misapplied? I think that the word "hack" is wrong. Otherwise, yes, I think the tenor of the article has validity. Kirk Spencer On Thursday 22 January 2004 10:29 pm, ~Kevin DavisĀ³ wrote:
This was clearly not a "hack attack". The title and opening content of this article is quite intentionally misleading. The phrases "infiltration", "monitoring secret memos", "exploited computer glitch", "hack attack" are used. If you read the entire article you will find out the following: First, "A technician hired by the new judiciary chairman, Patrick Leahy, Democrat of Vermont, apparently made a mistake that allowed anyone to access newly created accounts on a Judiciary Committee server shared by both parties -- even though the accounts were supposed to restrict access only to those with the right password." Which means the Democrats screwed up setting up their own share point and allowed public access to it. There was no "computer glitch" which was "exploited". This was completely a human screw-up. And there was no hacking ("exploitation of a computer glitch") done by the Republicans. Unless you wish to call clicking on a share point configured with public access and opening it up "hacking". Additionally the Republicans allegedly "in the summer of 2002, their computer technician informed his Democratic counterpart of the glitch". The Republicans knew that the share was supposed to be protected (why else would they inform the Democrats of the misconfiguration?) so they certainly did something wrong despite (supposedly) warning the Democrats of the problem, but not to the extent that the article - in the way that it was written - would like you to believe.
(snip)
Current thread:
- Major hack attack on the U.S. Senate Richard M. Smith (Jan 22)
- Re: Major hack attack on the U.S. Senate ~Kevin DavisĀ³ (Jan 23)
- Re: Major hack attack on the U.S. Senate rsh (Jan 24)
- Re: Major hack attack on the U.S. Senate Kirk Spencer (Jan 24)
- Re: Major hack attack on the U.S. Senate Crispin Cowan (Jan 26)
- Re: Major hack attack on the U.S. Senate Daniel . Capo (Jan 24)
- Re: Major hack attack on the U.S. Senate Dinesh Nair (Jan 24)
- Re: Major hack attack on the U.S. Senate ed (Jan 24)
- Re: Major hack attack on the U.S. Senate ~Kevin DavisĀ³ (Jan 23)
- Re: Major hack attack on the U.S. Senate Brian C. Lane (Jan 23)
- Re: Major hack attack on the U.S. Senate Kevin Reardon (Jan 24)
- Re: [work] Re: Major hack attack on the U.S. Senate opticfiber (Jan 24)
- Re: [work] Re: Major hack attack on the U.S. Senate Jonathan A. Zdziarski (Jan 24)
- <Possible follow-ups>
- RE: Major hack attack on the U.S. Senate B. Kinney (Jan 24)
- Message not available
- RE: Major hack attack on the U.S. Senate bugtraq (Jan 24)
- Message not available