[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Jan 2004 16:48:02 -0200
From: Daniel.Capo@....net.br
To: computerguy@....rr.com
Cc: BUGTRAQ@...urityfocus.com
Subject: Re: Major hack attack on the U.S. Senate
~Kevin DavisĀ³ wrote:
> This was clearly not a "hack attack". The title and opening content of this
> article is quite intentionally misleading. The phrases "infiltration",
> "monitoring secret memos", "exploited computer glitch", "hack attack" are
> used. If you read the entire article you will find out the following:
>
> First, "A technician hired by the new judiciary chairman, Patrick Leahy,
> Democrat of Vermont, apparently made a mistake that allowed anyone to access
> newly created accounts on a Judiciary Committee server shared by both
> parties -- even though the accounts were supposed to restrict access only to
> those with the right password."
>
> Which means the Democrats screwed up setting up their own share point and
> allowed public access to it. There was no "computer glitch" which was
> "exploited". This was completely a human screw-up. And there was no
> hacking ("exploitation of a computer glitch") done by the Republicans.
> Unless you wish to call clicking on a share point configured with public
> access and opening it up "hacking".
AFAIK, "hacking" is legally defined in the USA as being unauthorized
access to computer resources. It doesn't matter if the resource was
adequately protected (or protected at all) in first place or not. If you
were not given permission to make use of that resource, you are
criminally liable.
--
Daniel C. Sobral
Powered by blists - more mailing lists