lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 24 Jan 2004 13:46:40 -0500
From: opticfiber <opticfiber@...sight.net>
To: "Brian C. Lane" <bcl@...anlane.com>
Cc: BUGTRAQ@...URITYFOCUS.COM
Subject: Re: [work] Re: Major hack attack on the U.S. Senate


How is that difrent then sneakiing into a hotel room and stealing tapes? 
Even if the hotel room door is unlocked any honest person would stay 
out.. So while the security may have failed because of the an idiot 
tech, the republican party still has to be helf responsible for the 
actions of there constituents. Also, I agree this is hardly a "Hack Attack".

Bill
http://www.topsight.net


Brian C. Lane wrote:

>On Thu, 2004-01-22 at 09:25, Richard M. Smith wrote:
>  
>
>>http://www.boston.com/news/nation/articles/2004/01/22/infiltration_of_files_
>>seen_as_extensive?mode=PF
>> 
>>Infiltration of files seen as extensive
>>Senate panel's GOP staff pried on Democrats
>>By Charlie Savage, Globe Staff, 1/22/2004
>>
>>WASHINGTON -- Republican staff members of the US Senate Judiciary Commitee
>>infiltrated opposition computer files for a year, monitoring secret strategy
>>memos and periodically passing on copies to the media, Senate officials told
>>The Globe.
>>
>>    
>>
>
>[snip]
>
>You left off the most important fact in your snip. The final paragraph
>pretty well sums it up:
>
>"A technician hired by the new judiciary chairman, Patrick Leahy,
>Democrat of Vermont, apparently made a mistake that allowed anyone to
>access newly created accounts on a Judiciary Committee server shared by
>both parties -- even though the accounts were supposed to restrict
>access only to those with the right password."
>
>I sure wouldn't call this a major hack attack. Someone goofed. Someone
>else took advantage of the goof (and according to some reports even
>reported it to the bonehead technician).
>
>One one hand you really shouldn't look at someone else's files. On the
>other hand if you're cooking up dirty tricks you darn well ought to make
>sure your memos are protected, not stored in the clear on a shared
>system.
>
>And these are the jokers who want to dictate to us how to secure the
>Internet and stop SPAM? Heh!
>
>Brian
>
>---[Office 71.6F]--[Fridge 38.4F]---[Fozzy 88.8F]--[Coaster 71.7F]---
>Linux Software Developer http://www.brianlane.com
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ