Re: Oracle (aiding and abetting)

[BlueBoar () THIEVCO COM (Blue Boar)]

Shashi Dookhee wrote:
> Um, why exactly was this message allowed to go through?  Help someone not
> get caught entering a system without authorisation?  C'mon, be serious...
> As a Systems Administrator, I take offence to this! :)  I mean, this guy
> obviously doesnt even know much about computing since he dont even know what
> type of network he's on (for sure)... Sort it out, B-Boar ;)

I let a reply through from the original poster which was semi-inflamatory,
but I've given him special permission to speak.  I'm going to address
my part, and then drop the subject about helping out bad guys (the
Oracle thread can continue if there is more technical info to come.)

First of all: Is the list going to help the "bad guys"?  Sure.  Is
it going to do it overtly?  Not always.  Much of this list is
dedicated to developing things that will aid in unauthorized access.
I see protecting and attacking as two sides of the same coin.  I
need to be able to do one to do the other.

The difference here is that we've got someone who appears to be admitting
to unauthorized activity.  There are several reason I may let such a post
through:

-He may be authorized, though not by the DBA.  In my day job as corporate
security guy, I would often break into systems.  Sometimes, I would do
so to prove a point, and purposely not tell the admin.  I did this with
several Lucent systems (the we owned), and they failed miserably at
noticing/reacting.

-He may be incriminating himself. Frankly, some folks may put me in a
spot that may legally obligate me to turn them in (BTW, please don't
do that.)  I'm of the opinion that making such a post public is one
way to help relieve myself of such a burden.  There are a number
of law enforcement and government subscribers to the list; they just
don't post.

-He may not be doing anything illegal where he's at, but perhaps the
admin could be alerted.  Some folks aren't aware that Hotmail logs your
IP address when you use it.  Others are painfully aware of that, and
take measures to accommodate that.  This guy gives every appearance
of being outside the US.

-He may be lying about how bad he's being, just for fun.

So, folks shouldn't assume I let posts through regardless or without
thought.

While we're on the subject, what DON'T I let through?  So far, I've
denied posts regarding vulnerabilities at specific sites, and posts
where the poster has stated or given the appearance they are trying
to be anonymous, but the headers give them away.  (For the latter
case, it's nearly always for fear of repercussion at work, and nothing
to do with breaking the law.)  Should it come up that some poster
out-and-out admits to a crime, I may have to turn them in, I may
just let the post through so they can incriminate themselves, or
I may just drop it.  If you're not sure, send my a hypothetical note
first.  If you're looking for journalistic protection of source,
I can point you at folks who can make a much better case at being
journalists than I.

                                        BB