|laziness, impatience, and hubris|
Investigate before posting...
From merlyn's Fund Daemon's text:
I was a sysadm for SSD about a year and a half previous, and I still had an active account on a lab machine at SSD. I had discovered that a user at SSD had picked a dictionary word ("deacon") for a password on the lab machine. Fearing that the SSD folks had stopped running crack regularly, I copied the SSD password file (using the cracked password from the lab machine) and found that my fears were justified. (The vice president's password was "pre$ident", for example.) However, I now had vital information that I had obtained through the use of a cracked password, and I was in an awkward situation. Before I reported the findings to SSD, a co-worker noticed the crack runs (they were 6-8 days long!) running under my own userID on the systems that we shared at HF, and feared the worst: that I had turned into a spy and was actually stealing secrets. Yes, as you can see, I made a number of bone-headed mistakes (not getting the rules about internet access clear, not reporting the single bad cracked password, and not immediately reporting the results of the crack run), and I probably should have been terminated for
Merlyn's homepage describes how to get the full text.
In short: he was just doing his job.
In reply to Re: So merlyn why did you hack the password file?