I think you would have to take reasonable steps to verify the credentials of the requestor. That is what I am doing! On 24 March 2010 13:39, Joel Slowik <jslowik@xxxxxxxxx> wrote: > “if they are attempting to illegally gain access then we can be > prosecuted for helping them.” > > > > That’s the case even though the request to the list appeared to be genuine? > Good Samaritan / good faith does not apply here? > > > > *From:* oracle-l-bounce@xxxxxxxxxxxxx [mailto: > oracle-l-bounce@xxxxxxxxxxxxx] *On Behalf Of *Howard Latham > *Sent:* Wednesday, March 24, 2010 9:07 AM > *To:* Goulet, Richard > *Cc:* david.robillard@xxxxxxxxx; robertgfreeman@xxxxxxxxx; oracle-l > *Subject:* Re: password > > > > Only if the person asking for help is genuine and that is the issue - if > they are attempting to illegally gain access then we can be prosecuted for > helping them. > > On 24 March 2010 13:03, Goulet, Richard <Richard.Goulet@xxxxxxxxxxx> > wrote: > > Howard, > > > > Now I don't know about British law and I'm no attorney so take it with > a truck load of salt, but US law does make a distinction between malicious > and non-malicious hacking. Meaning that it's illegal to hack a system to > gain improper access but OK if it's has a proper business purpose. In the > case here I believe it would be looked upon as OK since it's an internal > person trying to do their specified job that's doing the hacking because > they have no recourse. > > > > *Dick Goulet* > Senior Oracle DBA/NA Team Lead > PAREXEL International > > > > > ------------------------------ > > *From:* oracle-l-bounce@xxxxxxxxxxxxx [mailto: > oracle-l-bounce@xxxxxxxxxxxxx] *On Behalf Of *Howard Latham > *Sent:* Wednesday, March 24, 2010 7:53 AM > *To:* david.robillard@xxxxxxxxx > *Cc:* robertgfreeman@xxxxxxxxx; oracle-l > *Subject:* Re: password > > Are the members here vetted in anyway? > In the UK you can be prosecuted for Aiding a Hacker- And the email here is > good for evidence. So lets be careful out there guys. > Hey Ive got this great way to crack an Oracle password ......... > > On 24 March 2010 06:53, David Robillard <david.robillard@xxxxxxxxx> wrote: > > > In fact, a well done presentation that demonstrates the vulnerability of > > an existing database using publicly available hacking tools is often > > very eye opening to management types if you are trying to secure a > > database and such management types are hesitant to spend the time/money. > > Hi Robert, > > Could you please share some URLs to such presentations? > > Many thanks, > > David > -- > David Robillard > UNIX team leader & Oracle DBA > CISSP, RHCE, SCSA & SCSECA > Notarius > -- > //www.freelists.org/webpage/oracle-l > > > > > -- > Howard A. Latham > > > > > -- > Howard A. Latham > > Confidentiality Note: This electronic message transmission is intended > only for the person or entity to which it is addressed and may contain > information that is privileged, confidential or otherwise protected from > disclosure. If you have received this transmission, but are not the intended > recipient, you are hereby notified that any disclosure, copying, > distribution or use of the contents of this information is strictly > prohibited. If you have received this e-mail in error, please contact > Continuum Performance Systems at {203.245.5000} and delete and destroy the > original message and all copies. > -- Howard A. Latham