[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
A serious question of ethics
Ok, I'm in a bit of a quandry. While surfing the net last week, I
happened across an address addached to a machine that belongs the the
federal reserve. No big deal. I telnetted there on a lark, and entered
'guest' for the account. It dropped me into a shell. It didn't ask for
a password. Intrigued, I did a little looking around. Nothing special,
a CDRom and about 80 accounts. But(!!), /etc/passwd was there and
available and not using shadows. No, I didn't snatch a copy.
Quandry(ies)
1) Should I alert someone there about the obvious (and, IMHO serious)
seciruty hole?
or
2) Should I ignore it?
3) Should I take advantage of it (well, maybe not)
----------
I don't like to see systems so open, no matter who they belong too, and
the fact that the governments (whether you like them or not) has one this
open REALLY bothers me.
But, I also wonder what kind of trouble I could get into. Technically, I
violated something just by being there as I didn't have permission, and
the fact I accessed the passwd file makes it even worse. If I report it,
I could be in deep shit.
I could mail to them via a remailer (like penet.fi, so that they could
answer for more information if needed). That is a little securer and
Julf is out of jurisdiction of the FBI hunting me down.
Yes, I'm a little paranoid, but Uncle Sam likes to make examples out of
white-collar hackers, and for me it was pure and dumb luck (like a jury
would believe a 22 year-old computer geek isn't trying to gain illegal
access).
Any suggestions? Please? I consider this to be serious (most may not).