I remember someone in my college days who found their way into the bank details of all the students. It was on a hidden samba share with poor permissions, able to be accessed with a user account's cached credentials from some batch file.
Needless to say, this guy was completely baffled. He hadn't much knowledge in computing, but still managed to gain access to a Cisco router that was in the provider's HQ as well as local admin access and multiple other things. He didn't mess about, young and naieve as he was he saw it as his duty to report it.
So basically about 4-5 threats of expulsion later he decides that ensuring his and his friend's bank details and personal information, as well as staff CVs and other sensitive data is not worth being expelled from the course. One last time handing in the keys for the safe (which he keeps finding sitting on the floor infront of the reception desk) he decides to call it quits and doesn't speak a word about it again.
Eventually a teacher quits out of disgust after hearing the story of what went on in the educational institute he was employed in, and is immediately hated by everybody who thought he was the nicest person and the best of the lot. From there, the Computing classes slide down the chute and nobody learns anything from underpaid, overworked and non-qualified teachers.
No analogy, this is a true story that highlights just how cruel and misunderstanding people can be even when they understand (or think they understand) what has happened.
In the end, though, Gary DID get into the system in such a way as it was clear that he should not be doing that. I can understand he might have seen it as a challenge, especially considering that a psychiatrist suggested he might be autistic, but that's not an excuse. However, he should not have to pay for companies to patch exploits that are problems with the software itself.
He's being used as a scapegoat by 'The Man' as far as I see, a clear message to all the innocent tinkerers and hackers.
I say a slap on the wrists is what he needs, and maybe a job interview:) if anything he could simply work for them and help them patch the system or at least tell them exactly what he did so they can get others to.
Slashdot Mirror
I remember someone in my college days who found their way into the bank details of all the students. It was on a hidden samba share with poor permissions, able to be accessed with a user account's cached credentials from some batch file.
Needless to say, this guy was completely baffled. He hadn't much knowledge in computing, but still managed to gain access to a Cisco router that was in the provider's HQ as well as local admin access and multiple other things. He didn't mess about, young and naieve as he was he saw it as his duty to report it.
So basically about 4-5 threats of expulsion later he decides that ensuring his and his friend's bank details and personal information, as well as staff CVs and other sensitive data is not worth being expelled from the course. One last time handing in the keys for the safe (which he keeps finding sitting on the floor infront of the reception desk) he decides to call it quits and doesn't speak a word about it again.
Eventually a teacher quits out of disgust after hearing the story of what went on in the educational institute he was employed in, and is immediately hated by everybody who thought he was the nicest person and the best of the lot. From there, the Computing classes slide down the chute and nobody learns anything from underpaid, overworked and non-qualified teachers.
No analogy, this is a true story that highlights just how cruel and misunderstanding people can be even when they understand (or think they understand) what has happened.
In the end, though, Gary DID get into the system in such a way as it was clear that he should not be doing that. I can understand he might have seen it as a challenge, especially considering that a psychiatrist suggested he might be autistic, but that's not an excuse. However, he should not have to pay for companies to patch exploits that are problems with the software itself.
He's being used as a scapegoat by 'The Man' as far as I see, a clear message to all the innocent tinkerers and hackers.
I say a slap on the wrists is what he needs, and maybe a job interview :) if anything he could simply work for them and help them patch the system or at least tell them exactly what he did so they can get others to.
Call it community service.