[33216] in bugtraq
Re: Major hack attack on the U.S. Senate
daemon@ATHENA.MIT.EDU (Daniel.Capo@tco.net.br)
Sat Jan 24 13:29:38 2004
From: Daniel.Capo@tco.net.br
To: computerguy@cfl.rr.com
Cc: BUGTRAQ@securityfocus.com
Message-ID: <40116C62.5010109@tco.net.br>
Date: Fri, 23 Jan 2004 16:48:02 -0200
MIME-Version: 1.0
In-Reply-To: <005001c3e161$1907e150$2a29a8c0@fastguy>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
~Kevin Davisł wrote:
> This was clearly not a "hack attack". The title and opening content of this
> article is quite intentionally misleading. The phrases "infiltration",
> "monitoring secret memos", "exploited computer glitch", "hack attack" are
> used. If you read the entire article you will find out the following:
>
> First, "A technician hired by the new judiciary chairman, Patrick Leahy,
> Democrat of Vermont, apparently made a mistake that allowed anyone to access
> newly created accounts on a Judiciary Committee server shared by both
> parties -- even though the accounts were supposed to restrict access only to
> those with the right password."
>
> Which means the Democrats screwed up setting up their own share point and
> allowed public access to it. There was no "computer glitch" which was
> "exploited". This was completely a human screw-up. And there was no
> hacking ("exploitation of a computer glitch") done by the Republicans.
> Unless you wish to call clicking on a share point configured with public
> access and opening it up "hacking".
AFAIK, "hacking" is legally defined in the USA as being unauthorized
access to computer resources. It doesn't matter if the resource was
adequately protected (or protected at all) in first place or not. If you
were not given permission to make use of that resource, you are
criminally liable.
--
Daniel C. Sobral
