Kind of sad
Justin M. Streiner
streiner at cluebyfour.org
Wed Nov 12 15:57:59 UTC 2014
On Wed, 12 Nov 2014, Sholes, Joshua wrote:
> I concur. I was recently an admin/ITSO for a defense contractor, and
> from a network logging standpoint it is VERY difficult to tell the
> difference between what you posted and a really subtle
> social-engineering-enabled attack--and EVERY attacker these days has to be
> assumed to be subtle.
Agree completely. While the OP's intentions might be honorable, even if
he notified the organization directly, they might not react the way he
"Thank you for bringing this to our attention! We will get it fixed
I am not a lawyer, but I would strongly advise against randomly logging
into hosts on a network where I don't have a formal business relationship
that includes explicit authorization to do pen-testing and other
Being a good Samaritan and the current state of computer crime laws do not
always line up very nicely with each other.
Bottom line: Tread carefully.
More information about the NANOG