[176091] in North American Network Operators' Group
Re: Kind of sad
daemon@ATHENA.MIT.EDU (Justin M. Streiner)
Wed Nov 12 10:58:23 2014
X-Original-To: nanog@nanog.org
Date: Wed, 12 Nov 2014 10:57:59 -0500 (EST)
From: "Justin M. Streiner" <streiner@cluebyfour.org>
To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <D088E609.2311D%Joshua_Sholes@cable.comcast.com>
Errors-To: nanog-bounces@nanog.org
On Wed, 12 Nov 2014, Sholes, Joshua wrote:
> I concur. I was recently an admin/ITSO for a defense contractor, and
> from a network logging standpoint it is VERY difficult to tell the
> difference between what you posted and a really subtle
> social-engineering-enabled attack--and EVERY attacker these days has to be
> assumed to be subtle.
Agree completely. While the OP's intentions might be honorable, even if
he notified the organization directly, they might not react the way he
would want:
"Thank you for bringing this to our attention! We will get it fixed
immediately."
I am not a lawyer, but I would strongly advise against randomly logging
into hosts on a network where I don't have a formal business relationship
that includes explicit authorization to do pen-testing and other
[insert-color-here]-hat activities.
Being a good Samaritan and the current state of computer crime laws do not
always line up very nicely with each other.
Bottom line: Tread carefully.
jms
