Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!rpi!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!emory!athena.cs.uga.edu!mcovingt
From: mcovingt@athena.cs.uga.edu (Michael A. Covington)
Newsgroups: comp.org.eff.talk
Subject: Re: Student suspended for distributing /etc/passwd
Message-ID: <1991Jun12.171553.4514@athena.cs.uga.edu>
Date: 12 Jun 91 17:15:53 GMT
References: <31124@hydra.gatech.EDU> <1991Jun12.020800.25985@metapro.DIALix.oz.au>
Organization: University of Georgia, Athens
Lines: 26

The way we originally found out /etc/passwd had been mailed is that
an unauthorized user of another system left a copy of it behind,
complete with email header.

We would not look at the mail or files of an authorized user. In this case
we were dealing with files that were stored on the machine without
authorization, by a person we could not identify, and we looked at 
them to see what they were.

On finding it, my first thought was of course that the email header was
bogus, or that the "sender"'s account had been broken into.

We deactivated the account, figuring that our hapless student was a victim
of a break-in and would want a new password.

To our astonishment the hapless student came around immediately and admitted
the whole thing, bragging about an "elite" group of hackers and phreaks
that he belonged to.

There. We're not the fascists you thought, are we?

-- 
-------------------------------------------------------
Michael A. Covington | Artificial Intelligence Programs
The University of Georgia  |  Athens, GA 30602   U.S.A.
-------------------------------------------------------