[plug] Community Hacking...

Bret Busby bret at clearsol.iinet.net.au
Tue Aug 22 13:10:48 WST 2000 

Christian wrote:
> 
> On Tue, Aug 22, 2000 at 12:47:47PM +0800, Petter Reinholdtsen wrote:
> >
> > [Ben Burns]
> > > Ok, who sent .bash_history --> /dev/null??
> >
> > [Kevin Shackleton]
> > > that was _bound_ to happen wasn't it?!
> >
> > [Ben Burns]
> > > :=)  Yep - guess it was.
> >
> > No it was not _bound_ to happend.  I feel sorry for the idiot who did
> > it.  It was unnessesary and stupid, and did not prove anything but the
> > existence of idiots in the world -- and that point is already well
> > proven.
> 
> Thanks.
> 
> Someone sends an open account to a public mailing list basically opening
> his machine to the world.  Not only that, if I understand the problem
> correctly, it can't be fixed without root privileges either so the
> account is just a hole really.  I log in, check there is no one else
> logged in via the account (yet) and change the password.  I then log out
> and email the owner of the machine, explaining what I did and why.  I
> figure I was doing him a favour because it's entirely possible that
> someone on this list (or someone who just happens to find the message
> archived or ...) would log in and do much worse.  Either way, I offered
> to reverse the situation and open the account back up if he really
> wanted.  I stopped the bash logging more out of habit than anything.
> It's just something I do when I get a new account.  The .bash_history
> file is a disaster waiting to happen.  It didn't matter either way since
> the account was now locked and, possibly, it would also alert the owner
> of the machine as to why this whole thing wasn't a good idea.  Anyway,
> overall, from my perspective I was doing the right thing but apparently
> that makes me an idiot.
> 
> However, before I return the favour, perhaps you'd like to justify what
> you just said.  Why was it not bound to happen?  Seems incredibly
> obvious to me that it would. (Kevin seems to think so too).  Which make
> believe world do you live in where bad things don't happen to people who
> leave their doors wide open?  Sure sounds nice there.  I understand why
> you feel sorry for myself and the other people who have to live in the
> real world.

I have had many disagreemnets with Christian in the past, with many
things, and, I cannot fault what he has said here.

If a person leaves their house door keys under the mat, and then tells
the world, saying "here you are, everyone's welcome to enter", and
someone goes in, thinks "this looks a bit silly", changes the locks, and
advises the owner of what they have done, and why, to me, that is a
thing worthy of praise, not condemnation. 

What would have happened, if some nasty person had properly sabotaged
the system?

The owner could not have cried foul, having published the passwords.

-- 

Bret Busby

......................................

More information about the plug mailing list