Ok, I'm in a bit of a quandry. While surfing the net last week, I happened across an address addached to a machine that belongs the the federal reserve. No big deal. I telnetted there on a lark, and entered 'guest' for the account. It dropped me into a shell. It didn't ask for a password. Intrigued, I did a little looking around. Nothing special, a CDRom and about 80 accounts. But(!!), /etc/passwd was there and available and not using shadows. No, I didn't snatch a copy.
Quandry(ies)
1) Should I alert someone there about the obvious (and, IMHO serious) seciruty hole?
or
2) Should I ignore it?
3) Should I take advantage of it (well, maybe not)
----------
I don't like to see systems so open, no matter who they belong too, and the fact that the governments (whether you like them or not) has one this open REALLY bothers me.
But, I also wonder what kind of trouble I could get into. Technically, I violated something just by being there as I didn't have permission, and the fact I accessed the passwd file makes it even worse. If I report it, I could be in deep shit.
I could mail to them via a remailer (like penet.fi, so that they could answer for more information if needed). That is a little securer and Julf is out of jurisdiction of the FBI hunting me down.
Yes, I'm a little paranoid, but Uncle Sam likes to make examples out of white-collar hackers, and for me it was pure and dumb luck (like a jury would believe a 22 year-old computer geek isn't trying to gain illegal access).
Any suggestions? Please? I consider this to be serious (most may not).
Go to a COCOT and call Ms Flanagan below. *Not* the Tech contact, who is most likely the person who fucked up and will want to cover his butt. The admin contact should be more sympathetic... 20th and C Streets, NW Washington, DC 20551 Domain Name: FRB.GOV Administrative Contact: Flanagan, Elizabeth R. (ERF7) erf@FED.FRB.GOV (202) 452-2672 Technical Contact, Zone Contact: Drzyzgula, Robert P. (RPD5) rcd@FED.FRB.GOV (202) 452-3425 Record last updated on 14-Aug-91. Domain servers in listed order: NS.UU.NET 137.39.1.3 UUCP-GW-1.PA.DEC.COM 16.1.0.18 UUCP-GW-2.PA.DEC.COM 16.1.0.19