http://www.perlmonks.org?node_id=134329


in reply to Reaped: So merlyn why did you hack the password file?

Investigate before posting...

From merlyn's Fund Daemon's text:
I was a sysadm for SSD about a year and a half previous, and I still had an active account on a lab machine at SSD. I had discovered that a user at SSD had picked a dictionary word ("deacon") for a password on the lab machine. Fearing that the SSD folks had stopped running crack regularly, I copied the SSD password file (using the cracked password from the lab machine) and found that my fears were justified. (The vice president's password was "pre$ident", for example.) However, I now had vital information that I had obtained through the use of a cracked password, and I was in an awkward situation. Before I reported the findings to SSD, a co-worker noticed the crack runs (they were 6-8 days long!) running under my own userID on the systems that we shared at HF, and feared the worst: that I had turned into a spy and was actually stealing secrets. Yes, as you can see, I made a number of bone-headed mistakes (not getting the rules about internet access clear, not reporting the single bad cracked password, and not immediately reporting the results of the crack run), and I probably should have been terminated for

Merlyn's homepage describes how to get the full text.

In short: he was just doing his job.

2;0 juerd@ouranos:~$ perl -e'undef christmas' Segmentation fault 2;139 juerd@ouranos:~$

Replies are listed 'Best First'.
Re: Re: So merlyn why did you hack the password file?
by Anonymous Monk on Dec 26, 2001 at 09:10 UTC
    " In short: he was just doing his job. "

    He was no longer under the particular contract that gave him administrative access to the SSD division machines so he was not in fact "doing his job". He was, according to his own admission, trying to further his soon to be over unrelated contract by demonstrating lax security in the SSD division. Were your pool cleaner to compromise the security of your house without permission and take a few things with only the intent of demonstrating your home's lack of security and to try to sell you his security consulting services, I think you would consider those actions both unethical and illegal and not in any way shape or form connected to his current contract with you to clean your pool. Wake up and stop propogating the misconception that Randal was indicted for "doing his job". If it were his job he would not have been repeatedly warned by superiors to stop doing it!

    And as for Randal's further self-defensive suggestion below that he was only helping out the cause, that seems questionable given his own admission as having done it to further his own contract. He may say "we didn't care "who's job is it"", but the evidence indicates he did care whose job it was, and that he wanted it to be his. Stop the silly white knight stuff.