What to do?
Jason Clinton
clintonj at umkc.edu
Fri Jan 10 19:50:42 CST 2003
gphillip at kaiser.aafp.org wrote:
> First of all don't post on a mailing list that you stole there client
> database. Even if you didn't do anything malicious, downloading a client
> database is not good (even though they left the network open).
>
> As far as informing them, it would be a good samaritan thing if you sent
> them an anonymous note. I wouldn't offer to fix the network. They may
> higher a consultant that is able to go through any log files, find that
> files were downloaded, then assume that you did all kinds of bad things to
> their network.
>
First, I agree with both recommendations so far. Stay far, far away from
any liability. I've read one-too-many stories about someone who was well
intentioned getting slammed with criminal charges.
I also agree with the recommendation of sending an anonymous note. I
should point out, however, that doing this electronically is extremely
hard. You're better off to sending a snailmail postcard that you
handeled with rubber gloves and that was written by friend in pencil.
And either delivered in the middle of the night to their doorstep or
sent via mail with a stamp that was moistened with water (NOT saliva) (I
know this sounds paranoid, but you'd be surprised at the quantity of
resources the FBI has devoted to 'catching those evil hackers' in the past.)
--
Jason Clinton
I don't believe in witty sigs.
More information about the Kclug
mailing list