Penetration Testing mailing list archives
Re: Default Admin Account
From: pand0ra <pand0ra.usa () gmail com>
Date: Tue, 10 Feb 2009 13:07:30 -0700
My .02 is that the govt failed to do their due diligence, here's the sign for them for being stupid (if it really was because of default passwords). On the other side, Gary knew he was not authorized on the system(s) he broke into. He knew he was committing a crime. He did not report any of the security issues to the govt either to show a concern for the problem. Additionally, he is stating in his note that his goal is to disrupt something, showing his intentions to be a miscreant. If it was 1 computer system and didn't leave a stupid note then I could see the "I didn't know" excuse but here it seems that he was attacking the systems. The "damages" most likely had come from the forensics and recovery of his actions. No one knows what he did or to how many systems so it will cost money to get people to look into that. http://en.wikipedia.org/wiki/Gary_McKinnon "The Glasgow-born systems administrator who attended Highgate Wood Secondary School in north London, is accused of hacking into 97 United States military and NASA computers in 2001 and 2002. The computer networks he is accused of hacking include networks owned by NASA, the US Army, US Navy, Department of Defense, and the US Air Force. The US estimates claim the costs of tracking and correcting the problems he allegedly caused were around $700,000 but he has always denied causing any damage and disputes the financial loss claimed by the US. He did admit leaving a note on one computer: US foreign policy is akin to government-sponsored terrorism these days... It was not a mistake that there was a huge security stand-down on September 11 last year... I am SOLO. I will continue to disrupt at the highest levels. " On Mon, Feb 2, 2009 at 9:48 AM, J.Hart, Elec.Eng.Tech. <starnetmaster () gmail com> wrote:
Hey all, I have been following the Gary McKinnon case for years now. My interest is in the legal area of penetration testing and the evolution of cyber law. What do IT Security experts and pen-testers think about the default administration account on the US Military machines? You can read about the case here http://freegary.org.uk/ -- "For the best in web site design - StarNET http://www.s-t-a-r.net
Current thread:
- RE: Default Admin Account, (continued)
- RE: Default Admin Account Prodigi Child (Feb 10)
- Re: Default Admin Account David Howe (Feb 11)
- Message not available
- Re: Default Admin Account J.Hart, Elec.Eng.Tech. (Feb 05)
- Re: Default Admin Account Paul Slade (Feb 10)
- RE: Default Admin Account Levenglick, Jeff (Feb 10)
- Re: Default Admin Account R. DuFresne (Feb 10)
- Re: Default Admin Account M.D.Mufambisi (Feb 10)
- Re: Default Admin Account J. Oquendo (Feb 11)
- Re: Default Admin Account J.Hart, Elec.Eng.Tech. (Feb 11)
- Re: Default Admin Account pand0ra (Feb 11)