BOARD-L Archives

Archiver > BOARD > 2005-01 > 1105817348


From: "Angie Rayfield" <>
Subject: RE: [BOARD-L] Serious Breach of Ethics
Date: Sat, 15 Jan 2005 13:29:25 -0600
In-Reply-To: <Pine.GSO.4.44.0501150914590.9634-100000@nyx3.nyx.net>


Shari's lapse in having the information available on line in a place she
mistakenly believed would be inaccessible (which is something to
consider separately) does not excuse someone else's behavior in hacking
in, stealing it, and publishing it.

Angie Rayfield
SEMA SC Representative


>-----Original Message-----
>
>
>>From reading both sides of the issue, I would say it was the NC's
>booboo for putting the passwords online to begin with.
>
>David
>
>
>
>On Fri, 14 Jan 2005, Shari Handley wrote:
>
>> Yesterday evening, someone (whose identity is known to the
>AB) accessed
>> my personal links page and compromised the security of several of the
>> RootsWeb mailing lists I am admin for. Specifically, among
>others, this
>> person accessed the BOARD-EXEC list utilities using my password, then
>> published the password online.
>>
>> Somehow, this person got ahold of the URL for my computer's
>"home" page.
>> This page, which contained links to sites I and my family frequently
>> visit, WAS located in the root directory of my Somerset
>County Maryland
>> RootsWeb web space. I had placed the page online so that it could be
>> accessed through any of my computers and so that updating it
>would be a
>> one-step process rather than changing a resident page on
>each computer.
>> Since the "home" page was not linked to from any other
>sites, and since
>> there is an "index.html" page in the Somerset root
>directory, it was my
>> understanding that the page could not be spidered or
>otherwise found. I
>> do not know how the URL came to be in this person's
>possession. So the
>> links to all of my listowner utilities pages included the
>passwords to
>> save some time when I accessed them, taking me directly to
>the utility
>> page and bypassing the password entry page.
>>
>> The information on the page was not intended to be public. What this
>> person did, using stolen passwords to access
>password-protected, private
>> and/or confidential information belonging to me as an
>individual and to
>> The USGenWeb Project as an organization, then publishing that
>> information AND the stolen passwords, is reprehensible.
>>
>> I ask that the Advisory Board take action regarding this very serious
>> violation, a critically serious ethical breach. I will ask
>that the AB
>> expel this person from USGenWeb outright.
>>
>> Shari Handley
>> National Coordinator
>> The USGenWeb Project
>>

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.6.12 - Release Date: 1/14/2005


This thread: