Subj : Re: Security Breach
To   : Bob Short
From : Robert Couture
Date : Thu Dec 05 2002 03:00 pm

Hello Bob!

On 04/12/2002, Bob Short was caught whispering to Ross Cassell about
Re: Security Breach.

RC>> My apologies to all for not having the security access level set properly
RC>> f this echo, which allowed Roy Witt of Fidonet 1:10/22, to log on as a
RC>> DAN CEPPAHOLE and plaster 4 messages into this area, this has been
RC>> repaired.

 BS> But... but... he /is/ a moderator.  ;-)

This was known after that fact.  At the time of the occurance, this fact could
not readily be irrefutably proven.

Therefore the apology is valid although his inclusion of Roy's name in it is
irrelevent to the breech itself.

It would have been proper to just apologize for the breech and not taint the
apology to ensure that everyone would feel as if the breech itself was
anything less than an oversight in configuration by the operator.  In no way
does Roy's involvement make Ross any less responsible that the breach could
happen in the first place.

That Roy logged on as "Dan Ceppahole" in the first place was bad enough, yes.
However, the breech could have been performed by /anyone/.  And that is the
only thing that needed an apology.  That Roy was the perpetrator is
irrelevent.

No, it does not justify what Roy did.  That was plainly wrong.  I would even
go as far as to say immature.

The lesson learned is that we should all be checking to make sure we haven't
made a similar oversight in our BBS configurations.

Robert.

--- FTNed 2001 Build 0054-RC3/Win2k
 * Origin: RuneKeep - Internet BinkD/E-Mail/FTP/Transx Hub (1:229/2000)

.