Penetration Testing mailing list archives

Re: Default Admin Account

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 10 Feb 2009 12:09:18 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 4 Feb 2009, J.Hart, Elec.Eng.Tech. wrote:

That's exactly what I am trying to figure out - who is at fault and
who should take ownership.  If it were a car and I left the keys in it
and it was stolen, if the perpetrator was caught her would be charged,
but my insurance company would not cover me cause I left the car in an
unsecure state. So both take ownership - is it the same as in this
situation?

Actualy, in some state, you would also be charged or ticketed, as it isagainst local laws to leave the keys in the car as well.


btdt...



Thanks,

Ron DuFresne


On 2/4/09, Scott C. Kennedy <sck () nogas org> wrote:

Why does it matter if there were "default administration account on the US
Military machines", it doesn't change the alleged fact that he accessed
computers & networks without permission.

One's reason for breaking the law doesn't matter whether he was "motivated
by curiosity about evidence of UFOs" or not.

If you broke into people's luggage at the airport, using the default
luggage combination set from the factory because you were motivated by
curiosity about evidence of Bigfoot. Would that make it any less of a
crime?

Scott

On Mon, February 2, 2009 8:48 am, J.Hart, Elec.Eng.Tech. wrote:

Hey all,

I have been following the Gary McKinnon case for years now.
My interest is in the legal area of penetration testing and the
evolution of cyber law.
What do IT Security experts and pen-testers think about the default
administration account on the US Military machines? You can read about
the case here http://freegary.org.uk/

--
"For the best in web site design - StarNET
http://www.s-t-a-r.net

- --~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame.    --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFJkbTBst+vzJSwZikRAvdWAKCVj46hijuD2H8jWGk1OVeUm5miPgCfY3rf
1p60jMcXdYPMoeagaPrxwt0=
=2TZF
-----END PGP SIGNATURE-----

Current thread:

Default Admin Account J.Hart, Elec.Eng.Tech. (Feb 03)
- RE: Default Admin Account Prodigi Child (Feb 05)
  - Re: Default Admin Account J. Oquendo (Feb 09)
    - RE: Default Admin Account Prodigi Child (Feb 10)
    - Re: Default Admin Account David Howe (Feb 11)
- Message not available
  - Re: Default Admin Account J.Hart, Elec.Eng.Tech. (Feb 05)
    - Re: Default Admin Account Paul Slade (Feb 10)
    - RE: Default Admin Account Levenglick, Jeff (Feb 10)
    - Re: Default Admin Account R. DuFresne (Feb 10)
    - Re: Default Admin Account M.D.Mufambisi (Feb 10)
    - Re: Default Admin Account J. Oquendo (Feb 11)
    - Re: Default Admin Account J.Hart, Elec.Eng.Tech. (Feb 11)
    - Re: Default Admin Account pand0ra (Feb 11)
- Re: Default Admin Account pand0ra (Feb 11)
- <Possible follow-ups>
- RE: Default Admin Account jay . tomas (Feb 10)