![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Im in BIG trouble guys...
- Thread starter darkecho
- Start date
He accepted responsibility for pre-existing conditions when he used the equipment w/o the owner's permission. In court this is where he would get nailed to the wall.
To say the machine was in tip top shape, or even working order, is wrong. A reboot is a normal operation, in fact expected should there be a power loss (did they have a backup generator to ensure no power loss). Just because the parents leave them machine on, doesn't mean it should fail if it reboots.
To say the machine was in tip top shape, or even working order, is wrong. A reboot is a normal operation, in fact expected should there be a power loss (did they have a backup generator to ensure no power loss). Just because the parents leave them machine on, doesn't mean it should fail if it reboots.
Phoenix86 said:
He did act in good faith when he got permission to use it from his friend, and could probably claim that he thought there existed some previous agreement between him and his parents, depending on, among other things, the age of the friend. I'm not sure how this holds up in court, of course.
Good faith only goes so far, do you really think a child can act as on behalf of their parent? Think about where that would get you? "Sure everone, come on over to my house, PARTY!!!"HHunt said:
Age might matter, if the friend is over 18, but it's still the parent's house.
bonkrowave
2[H]4U
- Joined
- Oct 12, 2004
- Messages
- 3,049
HHunt said:
Not going to fly ?? how was anyone to know there was a pre-exsiting condition that would cause the computer to not boot. No one could tell until the machine was actually rebooted. Therefore the rebooting he did cause the system to fail.
If you use someone elses property .. regardless what it is ... and you break it you are held liable. Im not sure why this applies to cars, atvs, anything ... yet for some reason it does not apply to this computer ??
Regardless of legal rullings it is bad form to not accept responsibility for your actions .. even if they were not the direct cause of the problem.
For example in business ... if you ship something and the shiping company screws up ... the customer doesn't care about the shipping company .. and to save face, and to do the responsible thing .. the company shipping is always the one to make good.
It doesn't matter whether there was a pre-exsisting condition or if your actions were not the sole reason for the failure. You take responsibility because something you did helped the computer fail. To blame it on spyware and virii , something which is not sentient and cannot be held responsible for its own actions, is like blamming the weather for a car accident. It wasn't the weathers fault ... it was your fault for driving like a moron, in an already bad situation.
Direwolf20
2[H]4U
- Joined
- Mar 10, 2004
- Messages
- 2,467
bonkrowave said:
Did you even read my post?
Second, you obviously have no understanding of how a computer works. HE DID NOT BREAK IT. It was broken, or on the very teetering edge of being broken, and then it was pushed over the edge when he did one of the most basic things possible. Its not his fault that rebooting caused it to not boot. It would not have booted up regardless of who was doing it. I don't care if it was the kids parents, or Bill Gates himself, regardless of who happened to press the reboot button, it would have crashed. The machine was in a broken state before he touched it. PERIOD.
Ever see apollo 13 the movie? Remember when its the astronaut's job to "Stir the tanks" refering to the oxygen tanks. Due to a fault in the line, the act of stirring the tanks (which was a VERY normal and basic procedure) caused an explosion. Who's fault was it? The engineer who poorly designed the line, or the guy who pressed the "stir the tanks" button?
bonkrowave, you realize the OP did just that, took responsibility and fixed the machine right?
You also realize if he got permission, then it wouldn't be his fault unless he maliciously did something.
If I ask to borrow your car, and I do nothing "special" to cause an accident, but wreck the car because of bad brakes, that's your fault. If I grab the keys w/o permission, drive it, and wreck it because you didn't maintain the brakes, that's my fault.
The state of the computer before he touched it is irrelevant. All that matters is it broke when he was operating it w/o permission.
You also realize if he got permission, then it wouldn't be his fault unless he maliciously did something.
If I ask to borrow your car, and I do nothing "special" to cause an accident, but wreck the car because of bad brakes, that's your fault. If I grab the keys w/o permission, drive it, and wreck it because you didn't maintain the brakes, that's my fault.
The state of the computer before he touched it is irrelevant. All that matters is it broke when he was operating it w/o permission.
Actually, it was NASA's fault. During a ground test leading up to the launch the Oxygen tanks were filled, and the heaters powered from the ground. But NASA had made all the electrical connections use the same connectors, regardless of voltage. So a crewman connected 18V to the oxygen tanks 12V connection, fusing the thermocouple responsible for limiting the heater. While the oxygen level was high, the heater was immersed, and there was no problem...but when it was uncovered, it caught fire, and the tank exploded. The "stir" was a coincidence...the tank was essentially a bomb as it was launched.Direwolf20 said:
Direwolf20
2[H]4U
- Joined
- Mar 10, 2004
- Messages
- 2,467
O[H]-Zone said:
Hehe, yea but my point still stands
. It wasn't the astronaut's fault (Played by Kevin Bacon)bonkrowave
2[H]4U
- Joined
- Oct 12, 2004
- Messages
- 3,049
Yes i realize he took care of the machine ... which is the responsible thing to do ... yet many people continue to argue that he shoul dnot have been responsible for it. Regardless if you can be held laible or not the mature thing to do is take responsibility for your own actions.
What I am saying is liability should not play a part in responsibilty when courts are not involved. In this case it really doesn't matter. The right thing to do was to take responsibility. Anyone how thinks otherwise has a lot of growing up to do.
If the printer breaks in your office and you cant get your report done. Do you blame it on the printer and say oh well I cant do my job (well if you do think this way, be prepared for a short career). You dont, you take responsibility and go find another printer or find some other way to print so you can rectify the situation.
What I am saying is liability should not play a part in responsibilty when courts are not involved. In this case it really doesn't matter. The right thing to do was to take responsibility. Anyone how thinks otherwise has a lot of growing up to do.
If the printer breaks in your office and you cant get your report done. Do you blame it on the printer and say oh well I cant do my job (well if you do think this way, be prepared for a short career). You dont, you take responsibility and go find another printer or find some other way to print so you can rectify the situation.
Direwolf20
2[H]4U
- Joined
- Mar 10, 2004
- Messages
- 2,467
Phoenix86 said:
Yeap, I agree Phoenix, I'm just stating that he did not break it himself.
Once again, a useless post. What do you do, search for posts made by me, and respond with irritating comments? You like chineese water torture, constant agrivation.O[H]-Zone said:
OK, so you have a grandma, she has Parkinson's disease, and is very unstable on her feet. I rob her coming out of the subway, she falls down the staris and dies because she is unstable due to her illness.
According to you, I am not responsible for her death because I only took her purse. Normal people don't fall/die, it's her pre-existing condition of Parkinson's disease that cause her to be unstable and fall to her death. Someone without Perkinson's would have survived.
Am I responsible for her death? Yes. Why? Because I accepted responsibility for her pre-existing conditions when I robbed him (commited a crime).
BTW, it isn't legal to use property w/o permission, thus he was commiting a crime and accepted responsibility for the pre-existing conditions of the computer.
TrechMaggotface
Limp Gawd
- Joined
- Aug 15, 2002
- Messages
- 372
If the owners would have just turned off their secondary logon service then a second person wouldnt have been able to log on to the machine. Its actually all microsofts fault for providing the secondary logon service, allowing a second person to logon to the machine.Phoenix86 said:
bonkrowave
2[H]4U
- Joined
- Oct 12, 2004
- Messages
- 3,049
It saddens me people believe it was not his responsibility...
I have less respect for human beings because of this....
the only thing I have left to say is Grow Up..
I have less respect for human beings because of this....
the only thing I have left to say is Grow Up..
Direwolf20
2[H]4U
- Joined
- Mar 10, 2004
- Messages
- 2,467
Phoenix86 said:Agreed, but it's still his responsibility to fix.
Agreed.
. I never said it wasn't his responsibilty to fix, I said it wasn't his fault that it broke.
Direwolf20
2[H]4U
- Joined
- Mar 10, 2004
- Messages
- 2,467
Phoenix86 said:
Mine too. Whenever their computers aren't working, they say "Does this mean I can go home?". I just tell them "Only if I can go home too..."
Phoenix86 said:
Nope, I just point out the things you post that are utter nonsense. I've talked to my Dad the lawyer, his law partner, two of their law clerks, and 3 of their friends, all lawyers. They all agree. You're wrong. This person has no legal liability.
Find me aggravating? (spelled correctly...make a note) Then stop posting rubbish. Repeating it doesn't make it true
Your thinking it doesn't make it true
Your not liking me doesn't make it true
It's bullshit.
Phoenix86 said:
That would be assault during the comission of a felony...he never assaulted anybody, and no felony was comitted. This example has no bearing, it's just more drivel.
Phoenix86 said:
I already explained that, but in your arrogance you seem to feel that you can just make a statement to make it go away. He had permission therefore there was no crime, but you simply can't understand it. Not my problem...
bonkrowave
2[H]4U
- Joined
- Oct 12, 2004
- Messages
- 3,049
I would just fire them .. that seems to make ppl understand real quick. I dont know how you can work with ppl who are so clueless they dont try to find alternatives to problems.
Phoenix86 said:
I do suspect that in a courtroom, they would look at things like "did they suspect the parents wouldn't have allowed this if they were present", "should they've expected anything wrong to come from this" etc., and end up concluding something to the essence of "not guilty". The border here is extremely grey.
It would be madness to sue a kid because your son allowed him to use your telephone, yet an absolutely strict reading of what you're saying would support it.
I might trust the good sense of american judges/jurys too much, but I don't think so.
So, essentially: Yes, I do believe that a child can act as a representative of the parent, up to some vague, undefined, point that moves with age and trust.
The legal side of this is grey area for most all of us, unless someone is a lawyer. These are state laws anyways, variations x50... You may be completely right.
This would be small claims, so no jury (and a much lower bar for guilt and evidence), just you and a judge ala Judge Judy (where I got the example above about pre-existing conditions). Yes, it's not a "real" court, it's mediation, but they still have to follow local law.
O[H]-Zone, drivel? See sig. Pot meet kettle.
This would be small claims, so no jury (and a much lower bar for guilt and evidence), just you and a judge ala Judge Judy (where I got the example above about pre-existing conditions). Yes, it's not a "real" court, it's mediation, but they still have to follow local law.
O[H]-Zone, drivel? See sig. Pot meet kettle.
Dude, I see your sig.
I know people in:
Carrier Corp, here in Syracuse...my buddy works there. They have over 2000 computers there. My buddy just started, and when he talked to the IT department he asked them about it. They all thought shutting off ALL unnecessary services was pretty standard. EVERY computer there is stripped to the minimum number of services required. Period.
The school I'm currently attending...I've talked to several of the IT guys. They all said the same thing...it's standard practice to shut off all unneccessary services. EVERY computer there is stripped down to the minimum number of services needed. Period.
Reliant Energy Systems...my sister works there in IT; since she started they've been sold twice. Their original policy, and that of both the companies to buy them, was to shut off ALL unneccessary services. When I mentioned that there was a guy on the forums I go to that was trying to mock me in his sig because I shut off "secondary logon" service, she asked why. I said "he says it's more stable". She said "well, he's wrong. It just plain stupid to run services that aren't needed...why would you use resources to leave a security hole open"? EVERY computer there, and in their satellite locations is stripped down to the minimum number of services needed. Period.
I have a buddy in Japan...he works on security for US military bases in the Pacific theater. He says "only an idiot would keep unneeded services running; I don't care WHAT his reasons are". EVERY computer in the US Pacific Theater of operations (that uses an NT kernal OS) is stripped down to the minimum number of services needed. Period.
So...
PLEASE leave that line in your sig. It makes one of us look like a moron, and brother...
it ain't me!
I know people in:
Carrier Corp, here in Syracuse...my buddy works there. They have over 2000 computers there. My buddy just started, and when he talked to the IT department he asked them about it. They all thought shutting off ALL unnecessary services was pretty standard. EVERY computer there is stripped to the minimum number of services required. Period.
The school I'm currently attending...I've talked to several of the IT guys. They all said the same thing...it's standard practice to shut off all unneccessary services. EVERY computer there is stripped down to the minimum number of services needed. Period.
Reliant Energy Systems...my sister works there in IT; since she started they've been sold twice. Their original policy, and that of both the companies to buy them, was to shut off ALL unneccessary services. When I mentioned that there was a guy on the forums I go to that was trying to mock me in his sig because I shut off "secondary logon" service, she asked why. I said "he says it's more stable". She said "well, he's wrong. It just plain stupid to run services that aren't needed...why would you use resources to leave a security hole open"? EVERY computer there, and in their satellite locations is stripped down to the minimum number of services needed. Period.
I have a buddy in Japan...he works on security for US military bases in the Pacific theater. He says "only an idiot would keep unneeded services running; I don't care WHAT his reasons are". EVERY computer in the US Pacific Theater of operations (that uses an NT kernal OS) is stripped down to the minimum number of services needed. Period.
So...
PLEASE leave that line in your sig. It makes one of us look like a moron, and brother...
it ain't me!
TrechMaggotface
Limp Gawd
- Joined
- Aug 15, 2002
- Messages
- 372
Since we are throwing out credentials, Hi I am an MCT and have been teaching for Microsoft on how to use their products for over 5 years. The secondary logon service does not do what you think it does and disabling it does not make your computer any more secure and people who do so are actually removing a security FEATURE aka the runas service. Thank you move along...
Ok...my original point was that I DON'T WANT the "Run As" feature. I run as Admin at all times (for reasons that you don't need to know). Since I do, the secondary logon service is of no value to me. If I'm logged in as admin, I'd never want to run anything "As" anybody else, right? So the secondary logon service, for my purposes, does me no good.
Since I'm never going to use it, should I leave it running?
Now let's set up a scenario...
Let's say someone compromises my machine...they get logged into some other account, without admin priveledges. I have the guest account disabled (of course), but are there others? After one update, I had a ".net" account, so it's possible for M$ to install a user without my permission. Are there ones I can't see? Maybe...so if I left secondary logon service running, it would be a way for someone who has hacked into some other account to break in farther. That's what I meant when I said "I don't want anybody else logging on to my machine", and I said it at the time. They could take their time, and eventually I'm owned. Odds? Pretty slim, but not impossible.
What are the odds of someone breaking in using a service that I've disabled? Zero. Zip. Nada. Nothing. Null set.
So...which odds are better, zero or slim? Zero is less than slim, and it's a service I don't need or use.
So is it smarter to leave all the services running the way M$ set them from the factory, or to eliminate a potential threat with no negative impact?
Since I'm never going to use it, should I leave it running?
Now let's set up a scenario...
Let's say someone compromises my machine...they get logged into some other account, without admin priveledges. I have the guest account disabled (of course), but are there others? After one update, I had a ".net" account, so it's possible for M$ to install a user without my permission. Are there ones I can't see? Maybe...so if I left secondary logon service running, it would be a way for someone who has hacked into some other account to break in farther. That's what I meant when I said "I don't want anybody else logging on to my machine", and I said it at the time. They could take their time, and eventually I'm owned. Odds? Pretty slim, but not impossible.
What are the odds of someone breaking in using a service that I've disabled? Zero. Zip. Nada. Nothing. Null set.
So...which odds are better, zero or slim? Zero is less than slim, and it's a service I don't need or use.
So is it smarter to leave all the services running the way M$ set them from the factory, or to eliminate a potential threat with no negative impact?
TrechMaggotface
Limp Gawd
- Joined
- Aug 15, 2002
- Messages
- 372
You proved my point. Running as admin, although lots of people do it, is a security risk. Just like running as root in any *nix distro. The secondary logon service solves this risk just like su does in *nix. If someone were able to use the secondary logon service to logon to your machine then that means they have a user account on your machine and the presence of the secondary logon service is irrelevant at that point. If I had a user account on your machine I dont NEED the secondary logon service to get in. Your idea of how it works is incorrect. Disabling the service and running as admin is actually a security FLAW and invites more administrative overhead.O[H]-Zone said:
TrechMaggotface said:
No, I refuted your point.
TrechMaggotface said:
True, but as I mentioned, that is not an option for me.
TrechMaggotface said:
No, what I said was that if someone got access, they could use the secondary logon service to get in farther. And it wouldn't mean that "they have a user account on (my) machine". It would mean they hacked me.
TrechMaggotface said:
Sure, but you'd be logged into a limited account. You were just saying that a limited account is good security...now you're saying that "if they're in, they're in". So which is it? If someone gets in to a limited account, they can't do much. But if they use the secondary logon service to take their time and get admin access, then I'd be screwed.
Right?
TrechMaggotface said:
Again, I simply don't have that option. So, given that fact, secondary logon service is not needed, and a potential security risk. Isn't that why M$ set it up so we could customize the services running? If I don't need it, it would be stupid to run it.
Right?
My idea of how secondary logon service works is that you can do things that your account status wouldn't normally let you do, by providing the proper username and password. If someone has access to a limited account, they could use a passwork cracker for weeks, if needed, to try to run something "as" admin. And once they did, they'd have my admin password. That would be bad.
Right?
I don't need that.
I don't want anybody else using it.
It's disabled.
TrechMaggotface
Limp Gawd
- Joined
- Aug 15, 2002
- Messages
- 372
Incorrect. If I can get in your machine the secondary logon service will not allow me to get in farther.
You do not understand the service. The secondary logon service does not allow someone to "get admin access". It is a logon service. Like the netlogon service is.
Please stop and take the word of people that have more experience than you.
You work for M$? Man...
Ok...I get hacked, but the hacker gets into a limited account.
OK?
There they are...in a limited account. It doesn't do them much good (you said running as a limited user was better security, right?)
What do they do from here? If they right-click on an executable, one of the options is "Run As"
OK?
Then they start a password cracker going. I'm unaware, because they're logged into a different account than I am.
OK?
They leave it going...maybe for weeks. Finally, they get a response...they've cracked my admin password.
OK?
If I didn't have the secondary logon service running, there wouldn't be any "Run As'. There would be no way to let a password cracker to run.
OK?
So for me, running as admin and no other option, secondary login service is not needed, and a potential security risk.
OK?
Ok...I get hacked, but the hacker gets into a limited account.
OK?
There they are...in a limited account. It doesn't do them much good (you said running as a limited user was better security, right?)
What do they do from here? If they right-click on an executable, one of the options is "Run As"
OK?
Then they start a password cracker going. I'm unaware, because they're logged into a different account than I am.
OK?
They leave it going...maybe for weeks. Finally, they get a response...they've cracked my admin password.
OK?
If I didn't have the secondary logon service running, there wouldn't be any "Run As'. There would be no way to let a password cracker to run.
OK?
So for me, running as admin and no other option, secondary login service is not needed, and a potential security risk.
OK?
TrechMaggotface
Limp Gawd
- Joined
- Aug 15, 2002
- Messages
- 372
The big thing youre missing is if they logged on with a limited account then they could have just run the password cracker at the initial logon. Besides none of that would be an issue if you had a decent account lockout policy definedO[H]-Zone said:
And that would be completely airtight if a password cracker was the only way in. It's not. It was an example. Since I do not know every possible vector a hacker might use to compromise my box, I choose to go with the "minimum exposure" line of thought.
If I don't need it, I don't run it.
Pretty straightforward.
If I don't need it, I don't run it.
Pretty straightforward.
TrechMaggotface
Limp Gawd
- Joined
- Aug 15, 2002
- Messages
- 372
I sometimes wear foil on my head outside because ya know, even though there isnt evidence of alien mind control rays and even though Im not sure foil would help me even if there was, I can never be too careful...
Why wouldn't the hacker "get into" your admin account instead? You're completely skipping how the breach happened by saying "got into a limited account." How?
Security isn't about locking down evreything, then opening up what you use.
Phoenix86 said:
Again, as I mentioned before:
I don't know every vector that an intruder might use to get in. And I'm willing to bet that you don't either. So I disable whatever I don't use. Standard security practice...
And I never said I lock down everything, and then open what I use. This is just more drivel...I said that I disable whatever I know I won't use. Since I have no use for secondary logon service, why would I keep it running?
What purpose would it serve?
How would it help me?
What would it do, other than being a potential security problem?
And why would I use my system resources to keep it running? It has to load into memory, so it has to use some of my RAM. And it doesn't get there by magic, so it has to use processor cycles. I didn't say "I think someone will try to hack me this way". I said "With it shut off, I know they can't".
Why?
And why is this so difficult to understand? It's:
Common sense
Standard practice
Let's cut out the argument; can you guarantee with 100% certainty that secondary logon service cannot be exploited? No, you can't. You can say "it hasn't been yet", but it's not possible to say it never will be.
I can say with 100% certainty that MINE can't be exploited. It's not running.
So...I use less resources, and I'm more secure because it's not running.
Why would I run it?
Well, I can believe:Phoenix86 said:
All the network guys at Carrier Corp.
All the network guys here at school.
All the network guys at Reliant energy Systems, and the two other companies that owned them.
Or I can believe:
A guy on the internet who I have personally proved wrong several times.
Looks like you lose, bucko...