Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!lehi3b15!porphano
From: porphano@lehi3b15.csee.Lehigh.EDU (Paul Orphanos)
Newsgroups: comp.org.eff.talk
Subject: Re: Student suspended for distributing /etc/passwd
Message-ID: <1637@lehi3b15.csee.Lehigh.EDU>
Date: 12 Jun 91 12:30:51 GMT
References: <31124@hydra.gatech.EDU>
Reply-To: porphano@lehi3b15.csee.Lehigh.EDU (Paul Orphanos)
Organization: CSEE Dept. Lehigh University, Bethlehem, PA
Lines: 27

In article <31124@hydra.gatech.EDU> ccastmg@prism.gatech.EDU (Michael G. Goldsman) writes:
>
>---Subject: Student suspended for helping hackers
>---Summary: Student deliberately compromised security of athena.cs.uga.edu
>---Date: 11 Jun 91 04:21:01 GMT
>---Organization: University of Georgia, Athens
>
>I didn't know that doing things with an /etc/passwd
>would be considered unauthoprized use.
>
>the file is readable by the world after all.
>The uga student was not the one who broke in.
>
>-Mike Goldsman
>

The fact of the matter is that the student in question mailed the
passwd file off to someone. That's like telling bank robbers where the
safe is, and how to disable the alarms.  Sure, you did'nt give them
the combination, and you might not have been near the scene of the
crime. But are you guilty of being an accomplis? Most definitely.

With a passwd file, you don't have to guess ANY user id's, only
passwords. And we all know how careful users are in choosing
passwords.

Paul