Kind of sad
Justin M. Streiner
streiner at cluebyfour.org
Wed Nov 12 15:57:59 UTC 2014
On Wed, 12 Nov 2014, Sholes, Joshua wrote:
> I concur. I was recently an admin/ITSO for a defense contractor, and
> from a network logging standpoint it is VERY difficult to tell the
> difference between what you posted and a really subtle
> social-engineering-enabled attack--and EVERY attacker these days has to be
> assumed to be subtle.
Agree completely. While the OP's intentions might be honorable, even if
he notified the organization directly, they might not react the way he
would want:
"Thank you for bringing this to our attention! We will get it fixed
immediately."
I am not a lawyer, but I would strongly advise against randomly logging
into hosts on a network where I don't have a formal business relationship
that includes explicit authorization to do pen-testing and other
[insert-color-here]-hat activities.
Being a good Samaritan and the current state of computer crime laws do not
always line up very nicely with each other.
Bottom line: Tread carefully.
jms
More information about the NANOG
mailing list