What to do?

[Hall, Tony, JCW]

You said you gained access to a network printer. I can think of nothing
better than to print a document to their printer informing them that their
network is insecure...

-----Original Message-----
From: Jason Clinton [mailto:clintonj at umkc.edu] 
Sent: Friday, January 10, 2003 1:50 PM
To: gphillip at kaiser.aafp.org
Cc: j_r_sanchez at yahoo.com; kclug at kclug.org
Subject: Re: What to do?

gphillip at kaiser.aafp.org wrote:
> First of all don't post on a mailing list that you stole there client 
> database.  Even if you didn't do anything malicious, downloading a 
> client database is not good (even though they left the network open).
> 
> As far as informing them, it would be a good samaritan thing if you 
> sent them an anonymous note.  I wouldn't offer to fix the network.  
> They may higher a consultant that is able to go through any log files, 
> find that files were downloaded, then assume that you did all kinds of 
> bad things to their network.
>

First, I agree with both recommendations so far. Stay far, far away from 
any liability. I've read one-too-many stories about someone who was well 
intentioned getting slammed with criminal charges.

I also agree with the recommendation of sending an anonymous note. I 
should point out, however, that doing this electronically is extremely 
hard. You're better off to sending a snailmail postcard that you 
handeled with rubber gloves and that was written by friend in pencil. 
And either delivered in the middle of the night to their doorstep or 
sent via mail with a stamp that was moistened with water (NOT saliva) (I 
know this sounds paranoid, but you'd be surprised at the quantity of 
resources the FBI has devoted to 'catching those evil hackers' in the past.)

-- 
Jason Clinton
I don't believe in witty sigs.