I don't understand this justification. The system owners can't know that to be true and have to proceed as if the systems are compromised. Would you still feel safe if a burglar broke into your house and left a note saying they didn't take anything?
Also, I didn't actually go in anyone's house. If passwords are really so inherently private even apart from their access implications, maybe we shouldn't be sharing Ken Thompson's old password.
Hell no. Otherwise you could just set up one gigantic crime by comitting a bunch of small "no damage done" crimes along the way-say, stealing a string of credentials one at a time, but not actually using them until you have all of them together and then you commit your major heist/crime.
> I'd just log in with the admin account and run pwdump
I was a kid, I was stupid, but I wasn't an asshole. I didn't go peeking and violating people's privacy because that would have been a dick move. Just like tons of people on Hacker News today have access to personal data on SaaS systems we maintain and don't go peeking. Just like tons of people are perfectly capable of picking their neighbor's locks but don't walk into their house for no reason. It's not even tempting. I don't care what's in my neighbor's house, and I don't care what's in random other students' homework documents or email or whatever. The only interesting part was breaking the security.
SOURCE: am locksmith
That doesn't make it okay, but it certainly should result in a much lesser sentence than if the perpetrator had damaged or stolen property.
You really believe this? What makes you think you speak for people in general, or know the mind of the average burglar?
And how far does your equivalence view stretch, if someone trespasses and uses your pool is that the same as taking your outdoor furniture? Why not?
Just make it more secure so the next people can have a bigger challenge.
You might feel safe if he didn’t, but you wouldn’t actually be safe, would you?