Re: tlug: telnet: different question + others

["Stephen J. Turnbull" <turnbull@example.com>]

>>>>> "FB" == Frank Bennett <bennett@example.com> writes:

    FB> On Mon, May 29, 2000 at 03:42:14PM +0900, Stephen J. Turnbull
    FB> wrote:

    >> This thread is discussing means of obtaining privileges on a
    >> system, privileges that the system's owner clearly does not
    >> wish to grant.

    FB> Nothing discussed involved spoofing the ID or the source of
    FB> the connection; the scam was to be run in the user's own
    FB> account space, in

User's OWN account space?  On WHOSE machine?  The University's.  After
the April committee fiascos at our Universities, how do you think
they'll view this?  And as Chris points out indirectly, we're talking
about tampering with records which are University property.

Suppose while you were out taking a leak the student walked into your
office and changed the attendance record on paper, which you had
written in pencil.  Sure, your ass is grass for being so incautious---
but do you think the student escapes scot-free if it were proved?

>>>>> "Selva" == Selva Nair <selva@example.com> writes:

    Selva> The original poster want to use it for, IMHO, an unethical
    Selva> purpose but that is for him/her to worry, I guess.

    Selva> I am missing something ?

Yes.
<A HREF="standard-disclaimers#IANAL>
  If I am correct,
</A>
technically what those who have provided advice are doing is called
"aiding and abetting the commission of a crime."  Even
<A HREF="standard-disclaimers#INAPPLICABLE REASON="He IS a lawyer">
  if Frank says he thinks
</A>
the defendent's case is easier, I wouldn't bet against the advisors
being indicted for A&A.

Even if you're confident of winning, do you really want to spend the
time in court?

As for the computing technical points:

    Selva> By the way ssh can run from a script by setting batchmode =
    Selva> yes.

Since this is a public machine, the student has just done something
similar to setting up a rootkit on it, where other students can use
it.  (batchmode = yes only works if the ssh identity does not require
authentication for use.)

    Selva> As long as this is set to be automatically executed for
    Selva> loging in from machine A to machine B between which
    Selva> interactive login is anyway allowed, the user is not
    Selva> grabing any privilege not granted to him, no?

Read what you just wrote: he is grabbing the privilege of interactive
login _noninteractively_, thus without permission.

Sheesh.  I used to think teaching classes in the "ethics of computing"
was overdoing it.  Not any more; it's obviously necessary.

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
--------------------------------------------------------------------
Next Nomikai Meeting: June 16 (Fri), 19:00   Tengu TokyoEkiMae
Next Technical Meeting: July 8 (Sat) 13:30   Topic: TBA
--------------------------------------------------------------------
more info: http://www.tlug.gr.jp        Sponsor: Global Online Japan