I'd still be super careful doing that without explicit written authorisation. You "got away with it", not everybody does. (Although I'll note he admits to having made some "stupid" decisions which perhaps you avoided. And I'm guessing he knowingly or unknowingly pissed off someone powerful enough to push through 3 felony convictions, even if they were borderline enough to be completely expunged 12 years later. You never want to piss those guys off without appropriate in-writing justification):
"He installed a program called "Crack" that automatically guesses passwords. Like most tools, it's used by both good guys and bad guys, by those who abuse computer systems and by system administrators who want to find out whether users are avoiding such easy targets as plain English words. It's even distributed by the Computer Emergency Response Team at Carnegie Mellon University.
He installed the program without telling his boss, something that he today admits was "stupid." But the program proved his point: Crack quickly guessed nearly 50 passwords of the 600 users of that system -- one belonging to a company vice president. Instead of reporting the company's security problem right away, Schwartz has said, he decided to continue testing. Again, he admits in hindsight, "stupid."
Other system administrators discovered the program and traced it back to Schwartz.
Schwartz insisted he never used the passwords for any nefarious purpose, and said he only acted because the company's lax security bugged him."
Oh, and another good story from when I still had the same boss. A few years later I thought I would prank my office-mate (and show how easy it was to spoof email headers). This was back in the days with SMTP didn't have any security. From a hallway computer (not directly traceable to me), I composed a "You're Fired!" email from my boss to my office-mate. My office-mate had an east-European surname that was easy to misspell and I did. So the email bounced back to my boss and my office-mate never saw it. My boss knew right away who was responsible. He laughed.
https://www.washingtonpost.com/archive/business/1997/09/15/t...
"He installed a program called "Crack" that automatically guesses passwords. Like most tools, it's used by both good guys and bad guys, by those who abuse computer systems and by system administrators who want to find out whether users are avoiding such easy targets as plain English words. It's even distributed by the Computer Emergency Response Team at Carnegie Mellon University.
He installed the program without telling his boss, something that he today admits was "stupid." But the program proved his point: Crack quickly guessed nearly 50 passwords of the 600 users of that system -- one belonging to a company vice president. Instead of reporting the company's security problem right away, Schwartz has said, he decided to continue testing. Again, he admits in hindsight, "stupid."
Other system administrators discovered the program and traced it back to Schwartz.
Schwartz insisted he never used the passwords for any nefarious purpose, and said he only acted because the company's lax security bugged him."