It starts out like this. a game, a pleasant game that surrounds with pleasang glowing balls. If we play the game the game rewards you with a wonderful mellow feeling....... Crap. Next thing you know no one will be controlling the ship.
I was playing with IE6 on XP last night and if it wasn't for the fact that it was MS. I would be using it right now. But here I am safely behind my BSD box browsing with Mozilla 2002050708. Worrying about my own insecurities.
This is interesting as we were wanted desperatly to integrate our AS400 with our WIndows network.. Even though AS400 can do basic NT PDC stuff we needed something better. Well about a month ago I figured it out. We are using Samba-TNG/LDAP to handle domain logins and handle the password scheduling. Then when a user changes their password on the domain the Samba -TNG Server runs the 'unix program sync' option which is a remote exec program that runs WRKUSRPRF on the AS400 to change the password. We thought we were in heaven.. We can now syncronize all the passwords to our samba server.
We have successfully used mpd on FreeBSD to connect our Windows 2000/98 machines and it has worked flawlessly. We use this for our vendors to support there products and we haven't heard a problem about it. I have tried this with Windows and I could never successfully set it without problems.
We still have 25+ year old code that is still in production This code was converted from punch card code. When I say converted I mean recompile with no changes. Indicators are evil. Taking a 1, 2 or 3 on rpg 2 code reeks nastiness. Were cleaning up for hours after one of these babies has a fit.
And now RPG can do the same things that C can. Altough the thought really does scare me.
Being the locksmith is like being root. Misusing the tools of locksmith's can get you into big trouble. Since you granted 'emergency use only status' the use in a non emergency situation justs portray you as inmoral and you would still get the the 'theft' laws on you.
Actually this is kind of incorrect. Now if Mom placed perminent permissions on everything inside the house and then put a notice on the fridge that said you can not touch the money that is sitting out on the counter. Now your getting close to what this is about. Although most people don't have a relationship with there ISP in the same way as there Mom. So the notices and permissions are important.
"But you didn't say that I couldn't do it!"
This is actually quite incorrect as permissions say this specifically. Then notices/policies enforce this or add on to.
that's actually another way that I create a good long text file. 'ls/home > hackme.txt':)
Actually it just created a long list that was useful to do some heavy processing. You know doing a ls/home and cat/etc/passwd is identical in opportunities.:)
To say this: if a user is granted access to the system, has read access to the passwd file and then runs crack on it. It is illegal? I think not. Systems that store passwords in/etc/passwd are asking for trouble. Now grant it that back in 1995 the passwords are stored/etc/passwd. So if Intel said no he can not access the system, verbal or written. Then he is toast because the basic enforcements are set. I believe they also told him to stop doing what he was doing in the first place and he chose to continue. There fore he was breaking the law.
It can't be theft if you are granted access to it. This is the Operating System world. All authorization is granted or denied by the by the people who have to authority to to grant those authorizations. This is done with permissions and policies that state there position. If he was granted permission by the system and nobody said you can not do this. You go off the most basic permission. This now becomes a moral question and not a legal question.
I ran sort on/etc/passwd. They though I was trying to use it as a customer list. It was proven that it doesn't matter how secret the passwd file is that if it has read permission by everyone and their is no policy/Logon Banner telling the user otherwise then there was no legal issue
I know exactly how he feels this is currently happening to me. One of the charges was dropped in the prelimary hearing. The owner of the server learned the hard way that permissions/Logon banners/Policies are critical if you want to prove that the person did not have permission. I read his case thoroughly when I was first charged and found some items that were the same.
Slashdot Mirror
It starts out like this. a game, a pleasant game that surrounds with pleasang glowing balls. If we play the game the game rewards you with a wonderful mellow feeling....... Crap. Next thing you know no one will be controlling the ship.
I was playing with IE6 on XP last night and if it wasn't for the fact that it was MS. I would be using it right now. But here I am safely behind my BSD box browsing with Mozilla 2002050708. Worrying about my own insecurities.
Did /. post this before?..... This seems to be a repeat.
This is interesting as we were wanted desperatly to integrate our AS400 with our WIndows network.. Even though AS400 can do basic NT PDC stuff we needed something better. Well about a month ago I figured it out. We are using Samba-TNG/LDAP to handle domain logins and handle the password scheduling. Then when a user changes their password on the domain the Samba -TNG Server runs the 'unix program sync' option which is a remote exec program that runs WRKUSRPRF on the AS400 to change the password. We thought we were in heaven.. We can now syncronize all the passwords to our samba server.
We have successfully used mpd on FreeBSD to connect our Windows 2000/98 machines and it has worked flawlessly. We use this for our vendors to support there products and we haven't heard a problem about it. I have tried this with Windows and I could never successfully set it without problems.
We still have 25+ year old code that is still in production This code was converted from punch card code. When I say converted I mean recompile with no changes. Indicators are evil. Taking a 1, 2 or 3 on rpg 2 code reeks nastiness. Were cleaning up for hours after one of these babies has a fit.
And now RPG can do the same things that C can. Altough the thought really does scare me.
Being the locksmith is like being root. Misusing the tools of locksmith's can get you into big trouble. Since you granted 'emergency use only status' the use in a non emergency situation justs portray you as inmoral and you would still get the the 'theft' laws on you.
Actually this is kind of incorrect. Now if Mom placed perminent permissions on everything inside the house and then put a notice on the fridge that said you can not touch the money that is sitting out on the counter. Now your getting close to what this is about. Although most people don't have a relationship with there ISP in the same way as there Mom. So the notices and permissions are important. "But you didn't say that I couldn't do it!" This is actually quite incorrect as permissions say this specifically. Then notices/policies enforce this or add on to.
that's actually another way that I create a good long text file. 'ls /home > hackme.txt' :)
Actually it just created a long list that was useful to do some heavy processing. You know doing a ls /home and cat /etc/passwd is identical in opportunities. :)
To say this: if a user is granted access to the system, has read access to the passwd file and then runs crack on it. It is illegal? I think not. Systems that store passwords in /etc/passwd are asking for trouble. Now grant it that back in 1995 the passwords are stored /etc/passwd. So if Intel said no he can not access the system, verbal or written. Then he is toast because the basic enforcements are set. I believe they also told him to stop doing what he was doing in the first place and he chose to continue. There fore he was breaking the law.
It can't be theft if you are granted access to it. This is the Operating System world. All authorization is granted or denied by the by the people who have to authority to to grant those authorizations. This is done with permissions and policies that state there position. If he was granted permission by the system and nobody said you can not do this. You go off the most basic permission. This now becomes a moral question and not a legal question.
definition of authorizion is permissions + prohibition. which means if he has the file permissions and there was no policy against it then it is ok
I ran sort on /etc/passwd. They though I was trying to use it as a customer list. It was proven that it doesn't matter how secret the passwd file is that if it has read permission by everyone and their is no policy/Logon Banner telling the user otherwise then there was no legal issue
I know exactly how he feels this is currently happening to me. One of the charges was dropped in the prelimary hearing. The owner of the server learned the hard way that permissions/Logon banners/Policies are critical if you want to prove that the person did not have permission. I read his case thoroughly when I was first charged and found some items that were the same.