1994-02-03 - A serious question of ethics

Header Data

From: nobody@pmantis.berkeley.edu
To: cypherpunks@toad.com
Message Hash: 53ca91782d83f8518c213c6ef9f8fa3e5c1a881f080bbf01dbe9574300e5c514
Message ID: <9402030727.AA27027@pmantis.berkeley.edu>
Reply To: N/A
UTC Datetime: 1994-02-03 07:31:05 UTC
Raw Date: Wed, 2 Feb 94 23:31:05 PST

Raw message

From: nobody@pmantis.berkeley.edu
Date: Wed, 2 Feb 94 23:31:05 PST
To: cypherpunks@toad.com
Subject: A serious question of ethics
Message-ID: <9402030727.AA27027@pmantis.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Ok, I'm in a bit of a quandry.  While surfing the net last week, I
happened across an address addached to a machine that belongs the the 
federal reserve.  No big deal.  I telnetted there on a lark, and entered 
'guest' for the account.  It dropped me into a shell.  It didn't ask for 
a password.  Intrigued, I did a little looking around.  Nothing special, 
a CDRom and about 80 accounts.  But(!!), /etc/passwd was there and 
available and not using shadows.  No, I didn't snatch a copy.

Quandry(ies)

1)  Should I alert someone there about the obvious (and, IMHO serious) 
seciruty hole?

	or

2)  Should I ignore it?

3)  Should I take advantage of it (well, maybe not)

----------

I don't like to see systems so open, no matter who they belong too, and 
the fact that the governments (whether you like them or not) has one this 
open REALLY bothers me. 

But, I also wonder what kind of trouble I could get into.  Technically, I 
violated something just by being there as I didn't have permission, and 
the fact I accessed the passwd file makes it even worse.  If I report it, 
I could be in deep shit.

I could mail to them via a remailer (like penet.fi, so that they could 
answer for more information if needed).  That is a little securer and 
Julf is out of jurisdiction of the FBI hunting me down.

Yes, I'm a little paranoid, but Uncle Sam likes to make examples out of 
white-collar hackers, and for me it was pure and dumb luck (like a jury 
would believe a 22 year-old computer geek isn't trying to gain illegal 
access).

Any suggestions?  Please?  I consider this to be serious (most may not).






Thread