Bugtraq mailing list archives
Re: Major hack attack on the U.S. Senate
From: Kevin Reardon <Kevin.Reardon () oracle com>
Date: Fri, 23 Jan 2004 12:59:33 -0800
Actually what they did was illegal regardless of the cause. Hopefully they realized that storing anything on a shared piece of hardware will subject it to the possibility of attacks due to human failure. Human failure is a major contributor to computer exploits and the one constant in the considerations for computer security.
---K Brian C. Lane wrote:
On Thu, 2004-01-22 at 09:25, Richard M. Smith wrote:http://www.boston.com/news/nation/articles/2004/01/22/infiltration_of_files_ seen_as_extensive?mode=PF Infiltration of files seen as extensive Senate panel's GOP staff pried on Democrats By Charlie Savage, Globe Staff, 1/22/2004 WASHINGTON -- Republican staff members of the US Senate Judiciary Commitee infiltrated opposition computer files for a year, monitoring secret strategy memos and periodically passing on copies to the media, Senate officials told The Globe.[snip] You left off the most important fact in your snip. The final paragraph pretty well sums it up: "A technician hired by the new judiciary chairman, Patrick Leahy, Democrat of Vermont, apparently made a mistake that allowed anyone to access newly created accounts on a Judiciary Committee server shared by both parties -- even though the accounts were supposed to restrict access only to those with the right password." I sure wouldn't call this a major hack attack. Someone goofed. Someone else took advantage of the goof (and according to some reports even reported it to the bonehead technician). One one hand you really shouldn't look at someone else's files. On the other hand if you're cooking up dirty tricks you darn well ought to make sure your memos are protected, not stored in the clear on a shared system. And these are the jokers who want to dictate to us how to secure the Internet and stop SPAM? Heh! Brian ---[Office 71.6F]--[Fridge 38.4F]---[Fozzy 88.8F]--[Coaster 71.7F]--- Linux Software Developer http://www.brianlane.com
Current thread:
- Major hack attack on the U.S. Senate Richard M. Smith (Jan 22)
- Re: Major hack attack on the U.S. Senate ~Kevin DavisĀ³ (Jan 23)
- Re: Major hack attack on the U.S. Senate rsh (Jan 24)
- Re: Major hack attack on the U.S. Senate Kirk Spencer (Jan 24)
- Re: Major hack attack on the U.S. Senate Crispin Cowan (Jan 26)
- Re: Major hack attack on the U.S. Senate Daniel . Capo (Jan 24)
- Re: Major hack attack on the U.S. Senate Dinesh Nair (Jan 24)
- Re: Major hack attack on the U.S. Senate ed (Jan 24)
- Re: Major hack attack on the U.S. Senate ~Kevin DavisĀ³ (Jan 23)
- Re: Major hack attack on the U.S. Senate Brian C. Lane (Jan 23)
- Re: Major hack attack on the U.S. Senate Kevin Reardon (Jan 24)
- Re: [work] Re: Major hack attack on the U.S. Senate opticfiber (Jan 24)
- Re: [work] Re: Major hack attack on the U.S. Senate Jonathan A. Zdziarski (Jan 24)
- <Possible follow-ups>
- RE: Major hack attack on the U.S. Senate B. Kinney (Jan 24)
- Message not available
- RE: Major hack attack on the U.S. Senate bugtraq (Jan 24)
- Message not available