Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!newstop!jethro!geraldo.Central.Sun.COM!texsun!convex!tighe From: tighe@convex.com (Mike Tighe) Newsgroups: comp.org.eff.talk Subject: Re: Should we let students run COPS to get each other's passwords? Message-ID: <1991Jun17.161159.4438@convex.com> Date: 17 Jun 91 16:11:59 GMT References: <27111@as0c.sei.cmu.edu> <1991Jun17.045200.31773@wpi.WPI.EDU> <27137@as0c.sei.cmu.edu> Sender: usenet@convex.com (news access account) Organization: Convex Computer Corporation Lines: 40 Nntp-Posting-Host: hydra.convex.com In article <27137@as0c.sei.cmu.edu> df@sei.cmu.edu (Dan Farmer) writes: >In article , ear@wpi.WPI.EDU (Eric A Rasmussen) writes: >> In article df@sei.cmu.edu (Dan Farmer) writes: >>> In article , mcovingt@athena.cs.uga.edu (Michael A. Covington) writes: >>>> OK then, if passwords aren't secret, give me yours!!! >>> Sure: >>> df:T8oOksRWnnA8Y:3271:20:Dan:/usr/users/df:/usr/local/bin/tcsh >>> Break it if you can. >> By distributing your password in encrypted form and encouraging others to >> crack it, are you guilty of the same 'crime' as that student who >> distributed his system's /etc/passwd file to a known cracker? Should any >> action be taken against you for possibly compromising the security of your >> system, and if so what? > I suppose if my machine was somehow broken into because of my post, I might > get into trouble, although if they would need physical access to the > machine, and then passwords would be the last of my problems. Well, if Dan can get in trouble for giving away his encrypted password, what about the person who solicited it? Is Michael Convington now guilty of something, since he attempted (and succeeded) in getting several folks to post their encrypted passwords to the net? What if some bad guy sees these encrypted postings, and breaks into these systems. Is Mike at fault? After all, if he had not solicited for these passwords, that would not have been posted. Right? My view is no, neither Dan Farmer are guilt of anything. Only the person who broke into the systems is guilty. One could argue that Dan and Mike etl. al. did not exercise good judgement, but they didn't break into anything, and more importantly, they had not intent to. Other views? -- ------------------------------------------------------------- Mike Tighe, Internet: tighe@convex.com, Voice: (214) 497-4206 -------------------------------------------------------------