[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A question of ethics.
>Ok, I'm in a bit of a quandry. While surfing the net last week, I
>happened across an address addached to a machine that belongs the the
>federal reserve. No big deal. I telnetted there on a lark, and entered
>'guest' for the account. It dropped me into a shell. It didn't ask for
>a password. Intrigued, I did a little looking around. Nothing special,
>a CDRom and about 80 accounts. But(!!), /etc/passwd was there and
>available and not using shadows. No, I didn't snatch a copy.
>
>Quandry(ies)
>
>1) Should I alert someone there about the obvious (and, IMHO serious)
>seciruty hole?
>
> or
>
>2) Should I ignore it?
>
>3) Should I take advantage of it (well, maybe not)
>
>----------
>
>I don't like to see systems so open, no matter who they belong too, and
>the fact that the governments (whether you like them or not) has one this
>open REALLY bothers me.
>
>But, I also wonder what kind of trouble I could get into. Technically, I
>violated something just by being there as I didn't have permission, and
>the fact I accessed the passwd file makes it even worse. If I report it,
>I could be in deep shit.
>
>I could mail to them via a remailer (like penet.fi, so that they could
>answer for more information if needed). That is a little securer and
>Julf is out of jurisdiction of the FBI hunting me down.
>
>Yes, I'm a little paranoid, but Uncle Sam likes to make examples out of
>white-collar hackers, and for me it was pure and dumb luck (like a jury
>would believe a 22 year-old computer geek isn't trying to gain illegal
>access).
>
>Any suggestions? Please? I consider this to be serious (most may not).
Go to a COCOT and call Ms Flanagan below. *Not* the Tech contact, who is
most likely the person who fucked up and will want to cover his butt. The
admin contact should be more sympathetic...
20th and C Streets, NW
Washington, DC 20551
Domain Name: FRB.GOV
Administrative Contact:
Flanagan, Elizabeth R. (ERF7) [email protected]
(202) 452-2672
Technical Contact, Zone Contact:
Drzyzgula, Robert P. (RPD5) [email protected]
(202) 452-3425
Record last updated on 14-Aug-91.
Domain servers in listed order:
NS.UU.NET 137.39.1.3
UUCP-GW-1.PA.DEC.COM 16.1.0.18
UUCP-GW-2.PA.DEC.COM 16.1.0.19