Thanks for the links, Derek. Starting from Randall's page at stonehenge.com
it took me only a few links to confirm my previous impression that Randall
was guilty of violating both the letter and the spirit of the law. Now I've
seen primary sources that validate the previous indirect commentary I'd read.
BTW, I'd argue your statement about who the enemy is, it's still the crackers
(not hackers, get the correct terminology, dangnabit! :-) whether they happen
to be an respected PERL guru or a scriptkiddy who doesn't know the keyboard
well enough to distingush letters from numbers.
In Randall's case, he was his own worst enemy, and his arrogance turned him
into an enemy to the folks who had been his employers. Nice job.
Incidentally, I agree wholeheartedly with Derek's advice about getting it in
writing whenever you're mucking about in even remotely questionable areas.
The security field is rife with horror stories about authorized penetration
tests gone bad and such. Personally, I'd urge extreme caution in these areas
even if you *KNOW* it's your job to test and address security issues, and if
you don't have that certainty you should stay scrupulously away from those
areas.
--Bruce McCulley, CISSP
"Derek D. Martin" wrote:
> ... and ironically, the enemy often is not the hackers... Just
> ask Randall Schwartz.
>
> [...snip...] The risks to YOU are potentially VERY
> serious. Just ask Randall Schwartz.
>
> http://www.lightlink.com/spacenka/fors/faqv4p1.html#q4
>
> http://www.lightlink.com/spacenka/fors/
>
> http://www.stonehenge.com/merlyn/ (see: The biggest news in my life
> at the moment)
