Report Security Problems, Face The Consequences

← Back to Stories (view on slashdot.org)

Report Security Problems, Face The Consequences

Posted by ryuzaki0 on Saturday August 18, 2001 @05:09AM from the maybe-he-should-just-edit-the-page dept.

An Anonymous Coward writes: "Doing a good deed has caused one man a lot of trouble in the past year. Brian K. West, a tech support junky in a SE. Oklahoman ISP is now facing felony charges due to alerting his competition about a serious security flaw in their systems. The full story can be found at LinuxFreak.org ... I find this rather disturbing that our federal government would do such a thing to someone.." The details of the story lead to some head-scratching.

8 of 552 comments (clear)

Min score:

Reason:

Sort:

Better off dead by phantumstranger · 2001-08-18 05:14 · Score: 0, Offtopic

Could someone please help me with the difference between a "good dead" and a bad one? Is it like the joke about a fast death?
You're alive, you're alive, you're alive, you're dead.
...as opposed to a slow one;
You're alive, you're alive, you're alive, you're dead.

--
"From of old, there are not lacking things that have attained Oneness." - Lao Tzu
1. Re:Better off dead by imagineer_bob · 2001-08-18 05:20 · Score: 0, Offtopic
  
  I'd be careful.
  
  I was the FIRST PERSON to point out a misspelling in a story about "Florda", yet I was moderated down as "redundant" -- the L1nux sissies who read Slashdot thought that, somehow, I'd know that people would post the same comment _after_ I did.
  
  It's the zeal of the linux crazies on Slashdot that caused me to dump Linux and run FreeBSD.
  
  Which gets me back to this story. The only facts we know are what some site called "LinuxFreak" says. I don't know the facts of the trial. I'm sure the FBI thought he did *something* wrong.
Slashdot effect... by Robber+Baron · 2001-08-18 05:40 · Score: 1, Offtopic

Give 'em a whiff of the grape! (or at least the "slashdot effect"!)

--
You're using her as bait, Master!
Re:From the FBI viewpoint. by arkham6 · 2001-08-18 05:53 · Score: 0, Offtopic

Wtf? Rob, there is a bug, my whole comment has disappeared. *sigh* Guess I will have to repost.

With all the news lately about high profile 'cybercrime', and the foundation of 9 new divisions to help combat it, the FBI is under a lot of pressure to provide a lot of results and visibility. In essence, they have to make a lot of arrests, valid or not, to warrent the increased budget they have been given. No arrests, no money. The agents on this case probably realize that he had good intent, but they needed to arrest him anyways, just to get their stats up. They also know that he most likely will get off, but well, thats not THEIR problem. They just arrested him, DA's are supposed to get convictions.

And if it costs this poor bastard thousands of dollars? Sorry bub, but they gotta keep their budget.

Is this right? You tell me.
Re:The DMCA strikes again! by Eryq · 2001-08-18 06:23 · Score: 1, Offtopic
Don't laugh. Consider:
Let's say that in the future, company X uses website cookies which contain encrypted information. You're curious, so you capture your HTTP dialog with their website and, after a little fiddling, discover that the cookie is your Social Security Number, base64-encoded. Except that you never gave them your SSN. You call them up:
- How the hell did you get a hold of my SSN?
- What are you talking about?
- Your website cookies are base-64 encoded SSNs!
- They are? I didn't know that. Please hold...
And the next day you're sued under the DMCA for cracking their "data protection scheme" (base64) and sharing information on how to crack it (with their customer service rep).
Yeah, right, that's sounds ridiculous. Could never happen. Not in the USA. We don't do things like that here. All our arrests make sense...
--
I'm a bloodsucking fiend! Look at my outfit!
Similar experience, but with a happy ending. by Faldgan · 2001-08-18 06:35 · Score: 1, Offtopic

I was talking to a friend who still worked at a place where I had been previously employed(Both of us in IT), when he mentioned that they had moved their web services to a 'professional' hosting company. I had been playing around with SAINT, and during the conversation, (I forget who mentioned it) we decided to scan the machine hosting their site. The scan showed anon FTP with write access. I logged in (anonymous) and noticed that I had write access to the entire site, including all the scripts that dealt with the credit card numbers. After checking to see that the write access was real (I created a file in the root directory, containing my name and phone number, and an explanation of what I was doing) I told my friend to have that company called up and have the problem fixed immediatly. Later that day, I got a phone call from the 'professional' company that was hosting them, slightly upset at my actions, but just happy that I *was* benign. They could have done the same to me as has been done to Brian West, but instead they fixed their problem, and let me live.

--
Nathan Brazil?
Re:[OT] Re:Who-hoo! Land of the Free! by Anonymous Coward · 2001-08-18 09:42 · Score: 0, Offtopic

how is this sack of shit informative, but my concise response above it isn't?

think about it this way.. if customs weren't at the first point of entry, you could buy a ticket to cuntchomp, idaho and get off in New York, smuggling all the goods youd like.
Re:Doesn't Matter by AndyChrist · 2001-08-20 04:31 · Score: 0, Offtopic

So if I were whacking off to kiddie porn near a state border and I COULD have spooged into the next state, but the wind shifted, I'm facing FEDERAL instead of STATE charges?

Oh, man...