[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A serious question of ethics



Ok, I'm in a bit of a quandry.  While surfing the net last week, I
happened across an address addached to a machine that belongs the the 
federal reserve.  No big deal.  I telnetted there on a lark, and entered 
'guest' for the account.  It dropped me into a shell.  It didn't ask for 
a password.  Intrigued, I did a little looking around.  Nothing special, 
a CDRom and about 80 accounts.  But(!!), /etc/passwd was there and 
available and not using shadows.  No, I didn't snatch a copy.

Quandry(ies)

1)  Should I alert someone there about the obvious (and, IMHO serious) 
seciruty hole?

	or

2)  Should I ignore it?

3)  Should I take advantage of it (well, maybe not)

----------

I don't like to see systems so open, no matter who they belong too, and 
the fact that the governments (whether you like them or not) has one this 
open REALLY bothers me. 

But, I also wonder what kind of trouble I could get into.  Technically, I 
violated something just by being there as I didn't have permission, and 
the fact I accessed the passwd file makes it even worse.  If I report it, 
I could be in deep shit.

I could mail to them via a remailer (like penet.fi, so that they could 
answer for more information if needed).  That is a little securer and 
Julf is out of jurisdiction of the FBI hunting me down.

Yes, I'm a little paranoid, but Uncle Sam likes to make examples out of 
white-collar hackers, and for me it was pure and dumb luck (like a jury 
would believe a 22 year-old computer geek isn't trying to gain illegal 
access).

Any suggestions?  Please?  I consider this to be serious (most may not).