lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 24 Jan 2004 00:16:32 -0500
From: rsh@...rect.com
To: ~Kevin DavisĀ³ <computerguy@....rr.com>,
	BUGTRAQ@...URITYFOCUS.COM
Subject: Re: Major hack attack on the U.S. Senate


Your view will depend on whether you are a Republican or a Democrat IF
you are in the US. If you are a member of another party in the US you
will likely say a pox on both. If you are not in the US you will sit
there laughing at both sides.

Whether a hack or a bad configuration, from a moral point what the
Republicans did is still dirty pool, and they would be screaming if it
were the other way around.  Lets be realistic and call a spade a spade -
in the US both parties are big business and neither will give the other
the time of day if they can help it. This is simply one more example of
what can happen.

Does it really matter if it was a hack or it was a screw-up which gave
the opponents a free entry into what they KNEW was not their material
and they KNEW they were supposed to stay out of?  Is anyone suggesting
that its wrong if you hack in to get the info but okay if it does not
require you actually hack in?  Get real... moral turpitude has NOT
changed, but then to claim that either the Democrats or the Republicans
are morally better than their opposites is hypocrisy in any event.

Give me a better democracy... Like that in Canada or the UK or New
Zealand or Australia... where we KNOW that the PM is both the head of
the executive and the head of the legislative and the current US bull is
NOT part of the mix.

FWIW

RSH

--------------------

On Thu, 22 Jan 2004 22:29:21 -0500, you wrote:

>This was clearly not a "hack attack".  The title and opening content of this
>article is quite intentionally misleading.  The phrases "infiltration",
>"monitoring secret memos", "exploited computer glitch", "hack attack" are
>used.  If you read the entire article you will find out the following:
>
>First, "A technician hired by the new judiciary chairman, Patrick Leahy,
>Democrat of Vermont, apparently made a mistake that allowed anyone to access
>newly created accounts on a Judiciary Committee server shared by both
>parties -- even though the accounts were supposed to restrict access only to
>those with the right password."
>
>Which means the Democrats screwed up setting up their own share point and
>allowed public access to it.  There was no "computer glitch" which was
>"exploited".  This was completely a human screw-up.  And there was no
>hacking ("exploitation of a computer glitch") done by the Republicans.
>Unless you wish to call clicking on a share point configured with public
>access and opening it up "hacking".
>
>Additionally the Republicans allegedly "in the summer of 2002, their
>computer technician informed his Democratic counterpart of the glitch".
>
>The Republicans knew that the share was supposed to be protected (why else
>would they inform the Democrats of the misconfiguration?) so they certainly
>did something wrong despite (supposedly) warning the Democrats of the
>problem, but not to the extent that the article - in the way that it was
>written - would like you to believe.
>
>----- Original Message ----- 
>From: "Richard M. Smith" <rms@...puterbytesman.com>
>To: "BUGTRAQ@...URITYFOCUS. COM" <BUGTRAQ@...urityfocus.com>
>Sent: Thursday, January 22, 2004 12:25 PM
>Subject: Major hack attack on the U.S. Senate
>
>
>>
>http://www.boston.com/news/nation/articles/2004/01/22/infiltration_of_files_
>> seen_as_extensive?mode=PF
>>
>> Infiltration of files seen as extensive
>> Senate panel's GOP staff pried on Democrats
>> By Charlie Savage, Globe Staff, 1/22/2004
>>
>> WASHINGTON -- Republican staff members of the US Senate Judiciary Commitee
>> infiltrated opposition computer files for a year, monitoring secret
>strategy
>> memos and periodically passing on copies to the media, Senate officials
>told
>> The Globe.
>>
>> From the spring of 2002 until at least April 2003, members of the GOP
>> committee staff exploited a computer glitch that allowed them to access
>> restricted Democratic communications without a password. Trolling through
>> hundreds of memos, they were able to read talking points and accounts of
>> private meetings discussing which judicial nominees Democrats would
>fight --
>> and with what tactics.
>>
>> The office of Senate Sergeant-at-Arms William Pickle has already launched
>an
>> investigation into how excerpts from 15 Democratic memos showed up in the
>> pages of the conservative-leaning newspapers and were posted to a website
>> last November.
>>
>> With the help of forensic computer experts from General Dynamics and the
>US
>> Secret Service, his office has interviewed about 120 people to date and
>> seized more than half a dozen computers -- including four Judiciary
>servers,
>> one server from the office of Senate majority leader Bill Frist of
>> Tennessee, and several desktop hard drives.
>>
>> ...
>>
>>
>>
>
>

=====================================================
R.S.H.                            Toronto, ON, Canada

                 Copyright retained.
             My opinions - no one elses...
 If this is illegal where you are, do not read it!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ