Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!umich!umeecs!zip!bagchi From: bagchi@eecs.umich.edu (Ranjan Bagchi) Newsgroups: comp.admin.policy Subject: Re: Footnote to user who mailed /etc/passwd Message-ID: Date: 30 Jun 91 02:12:41 GMT References: <1991Jun27.183621.14667@athena.mit.edu> <1991Jun28.143520.11399@athena.mit.edu> Sender: usenet@zip.eecs.umich.edu (Mr. News) Organization: Recreational Creationists, Inc. Lines: 64 In-Reply-To: purdon@athena.mit.edu's message of 28 Jun 91 14: 35:20 GMT In article <1991Jun28.143520.11399@athena.mit.edu> purdon@athena.mit.edu (James R. Purdon III) writes: >In article bagchi@eecs.umich.edu (Ranjan Bagchi) writes: >> >> Michael Covington has at least once gone through the ways that >>that /etc/passwd mailer was identified. They had an account which >>they knew/suspected was pirated, for lack of a better word. They ^^^^ |--> not suspected, known. Don't know why I said the former. >>searched the account, and found a copy of the message with /etc/passwd >>in it. They verified the header, and had the person who mailed it. >> >> It's not that I agree with the punishment, I've stated >>repeatedly that I think suspension is much too harsh. But blind >>speculation as to what happened just discredits you. > >Perhaps I'm not making myself clear. I think its wrong to search accounts, >read email, or log sessions without prior warning. If users are informed >at the time they obtain their logins, or at login time that a policy of >logging sessions / search on suspicion is in effect, then I have no problems >with those sorts of actions. All it takes is the statement "All transactions >are logged and may be reviewed at any time by system administration" in the >motd or issue files and system administrators can search to their hearts >content (though it might be nice to have such disclaimers on outging email >as well). Otherwise, they are on shakey ethical ground. I agree with what you think. Searching accounts/reading email/logging sessions is a nasty bad thing. Everybody agrees. But that's not what happened. In a past article, M. Covington responded to this speculation that it was known that an account was not being used by the person to whom it was issued. So it was searched. And a copy of the mailed /etc/passwd was found (why it was there is a strange point...the infiltrator could get all the copies she needed). I don't think that the searching (find . -print | xargs cat?) of a known broken account is necessarily a bad thing. Sysadmins jobs are, after all, to try and prevent breakins and track down perpetrators if possible. > >As for the Georgia law, my opinion is that its terribly broad and leaves >too much for the authorities to define at their whim. For example, is >fingerd a service? It certainly consumes cycles and impacts network >bandwidth. Is authorization required for someone to connect to it? >It seems to me that this is at the whim of the administrators. I can >believe one could be charged with violating the law by running a finger >against athena.cs.uga.edu. I don't think such laws should be used in >place of policy. Agreed. Probably someone explained modern computing to a lawyer in about 15 minutes. A lawyer who believes "Wargames". > >-- > >Jim > >Once I was a fetus. Now I am a person, and a married person as well. -- Ranjan Bagchi | cd /tmp; while (1) bagchi@eecs.umich.edu | mkdir spam; cd spam | end