Slashdot Mirror

← Back to Stories (view on slashdot.org)

Battle Creek, Michigan Settles Dispute with ORBZ

Posted by timothy on from the retractions dept.

Peter Sachs, Esq. writes: "According to a press release that now appears on its official website, the City of Battle Creek, Michigan has 'settled"' its dispute with ORBZ.ORG. The City concluded that ORBZ.ORG had no criminal intent to cause the City harm by testing the 'open relay' status its server. In fact, the Assistant to the City Manager said, '...we recognize that [ORBZ.ORG] has done us a service. We are going to be taking a close look at our policies regarding Lotus security updates and how we can avoid the issue in general'"

20 of 259 comments (clear)

  1. About fucking time... by Bonker · · Score: 2, Insightful

    "...we recognize that [ORBZ.ORG] has done us a service."

    It's about fucking time that someone pulled their heads out of their asses and realized that it wasn't necessary to start filing lawsuits and criminal charges to punish *smart* tech behavior!

    Unfortuneately, it may already be too late for ORBZ. Here's hoping that ORBZ comes back up in light of this statement.

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  2. Good News, Bad News by Astral+Jung · · Score: 4, Insightful

    The good news: For once, a government entity came to communicate with someone who wasn't really doing it harm, but actually good, and managed to realize that.

    The bad news: They still haven't quite understood the situation yet, based on the article taken from the City of Battle Creek page:

    Spam refers to a computer prank that causes multiple duplicate emails, sometimes several hundred at once, to clog up the recipient's mail server.

    They are getting better, though.

    --
    "What's so random about flipping a coin? Ever heard of the I Ching?"
  3. Better late than never? by Bronster · · Score: 2, Insightful

    Pity that their first reply was to sue, before even considering the case. It's a pity that ORBZ let itself be SLAPPed out of existance first.

    Unfortunately, there really isn't any way to stop this sort of behaviour apart from instuting very harsh penalties for threatening to sue and not following through with the threat or reaching an adequate mediated position with all affected parties.

    A$#*holes I say - even if they have recanted now, it's too late to fix the damage. For example the mail-filters plugin for Squirrelmail has had orbz removed - even if it comes back up, people running that code won't be using it.

    1. Re:Better late than never? by legLess · · Score: 4, Insightful
      Breath into a paper bag for a minute before you hyperventilate. First, this wasn't a SLAPP, it was a court order. It wasn't even a criminal charge yet. More to the point, it was justified. Here's what the press release (which you obviously didn't read) says:
      "The purpose of the search warrant was to determine the identity of the person who sent the email that caused our system to fail so we could then determine whether further investigation would be necessary."
      Think for a second: you're a government agency, and you notice someone sending bits to your server that make it crash. What's your first response? What's anyone's first response? Find out who did it, and search warrants are very good at that.

      Second, this all could have been avoided if Ian Gulliver hadn't freaked when he got the order. If he'd waited a bleeding 24 hours this would have been resolved and ORBZ could have gone on its merry way.

      I'm going to resist drawing any parallels between your hysterical and incorrect assessment of the situation and Ian's similar reaction, except to say: pay attention. Life is hard enough without going off half-cocked on incomplete information.
      --
      This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
    2. Re:Better late than never? by Troy+Roberts · · Score: 2, Insightful

      It certainly is not like checking cars in a parking lot.

      Ian sent a syntax valid (check RFC2821) mail header to a mail server. Said mail serve is attached to the internet. What the hell do you think it is for? Let me give you a clue. Recieving mail. The server should not crash/lockup etc. because it recieves valid headers. This is like having a building that callapsed if you knock on the door. You might claim you door was for entering the building, not knocking, but that would not make it my fault the building collapsed.

    3. Re:Better late than never? by floridaisp · · Score: 2, Insightful

      Let's, just slightly, change your analogy from checking car doors to checking the doors of business establishments, which are normally expecting public access. So when your hypothetical door checker goes around finding out who's open no law is broken because front doors and public access are expected.

      Well, if you interface a mail server to the public Internet you should expect occasional probing, illicit as well as legitimate, to occur. If you were on an intranet you could expect exclusivity but not so on the public Internet.

      The apparently inept manager who failed to keep their server current and thus avoid the exploit should be held responsible. She apparently ignored this fact and failed to tell the investigating officer that fact. Let's see 'hmm, I'm too lazy to do this upgrade so go arrest this kid in NY'.

      These people acted irresponsibly and abused their power. They should have known better.

  4. Re:more info? by Senior+Frac · · Score: 3, Insightful

    ORBZ was scanning for open relays.
    One of the known exploits for spammers to use open relays also happens to overlap with an old flaw in Lotus Notes, causing it to go into an infinite loop.
    Battlecreek got whammied by ORBZ, unintentionally, and filed criminal charges.

  5. Re:Absolutely amazing. by Monkelectric · · Score: 3, Insightful

    No, I think this is still scary. They launched an investigation because *someone sent an email that locked up their server*. Not flooded the server, not spammed ... just sent an email.

    They should be investigating the marklars at lotus who apparently are not great programmers. No email should *ever* be able to bring down an e-mail server.

    --

    Religion is a gateway psychosis. -- Dave Foley

  6. Gee, the city manager agrees with me. by Russ+Nelson · · Score: 4, Insightful

    I told Ian, time and time again, that he shouldn't be testing innocent servers. Test servers that have sent spam, yes, by all means. But you can't go around invading innocent servers.
    -russ

    --
    Don't piss off The Angry Economist
    1. Re:Gee, the city manager agrees with me. by afidel · · Score: 3, Insightful

      I think you are missing the destinction between likely and potential. An open relay is a very likely source of abuse, a given man from the general population is a potential but unlikely rapist. Although the two are close in common English usage their legal and logical definitions are not the same. See necessary and sufficient conditions in a logic text for further explanation.

      This English lesson was brought to you by letters P and Q.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  7. Incompetent Sysadmin by Anonymous Coward · · Score: 3, Insightful
    What this boils down to is the city's system administrator saw the system go down, and didn't know how to fix it. It took her 24 hours to get the system back up, and to protect her job she cried wolf to the police, shifting the blame from her incompetence to an evil "hacker".

    Note to Battle Creek city managers: hire competent IT professionals, and this won't happen.

  8. Re:A better analogy... by Performer+Guy · · Score: 4, Insightful

    Ahh, these are both perfect examples of why reasoning by analogy is the exclusive preserve of imbeciles. ORBZ tested mail servers. He did not distribute crack to children and he did not shoot anyone.

    I'm not into reasoning by analogy but if you feel the need in future here are some alternatives you might try, at the very least they betray your disgusting attempts to impugn ORBZ:

    ORBZ is squeezing the fruit in the supermarket to see if it's ripe.

    Another:

    ORBZ is playing a tune to see if they approve of the melody.

    Now go scurry under your rock and stop implying that what ORBZ did is anything other than a public service, or worse; equating it to selling coke to kids. These things are not morally equivalent you dolt.

  9. Re:Absolutely amazing. by Lucky+Kevin · · Score: 2, Insightful

    Unfortunately when we could no longer use Orbz we switched to using another database. I wonder how many other people switched and will not switch back. Quite a few I should imagine.

    --
    Kevin
    "It's not the cough that carries you off, it's the coffin they carry you off in" O. Nash
  10. Re:Absolutely amazing. by caferace · · Score: 2, Insightful
    It was just an investigation. There is nothing scary about that.

    Hmmm. I'll tell you what. Do something, anything, even a bit mildly innocuous and find yourself the subject of an investigation. A search warrant is issued and people enter your home, without your consent. You're interrogated and have to spend big bucks on a lawyer even though legally, you did nothing wrong.

    If you don't think that's "scary", you're either one bad-ass mofo or just trolling.

  11. Re:Absolutely amazing. by yintercept · · Score: 3, Insightful

    It was just an investigation.

    Uh, there is no such thing as "just an investigation."

    I worked for a government agency. It was absurd because all of the policies would go through these weird legal distortions. If they wanted a simple policy, say changing from a 15 to 20 minute break, they would pass a law, and it would be illegal to take an 15 minute break. They lost the ability for people to communicate with people as people.

    ORBZ may have been a bit cavalier in its testing of security holes in servers, but was altruistically trying to perform a service. Instead of trying to communicate, however, the legal system immediately jumps into litigation confrontation and threats. It is really a screwed up system.

  12. Re:Shooting people to tests for vests by darkonc · · Score: 3, Insightful
    When I was first reading that letter, I was expecting it to be a (badly written) lead-in to a request for volunteer support. This could have been a good thing.

    The "you are a prick" part caught me off guard. If Mr. Darga needs some help, he is NEVER going to get it with that kind of attitude (even from his co-workers and underlings).

    I think that Mr. Darge needs a vacation, a good course in stress management and another course in dealing with the public.

    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.
  13. Re:Shooting people to tests for vests by Anonymous Coward · · Score: 4, Insightful

    So why didn't you send this information to the local newspaper? Seems to me the voters would love to see what a foul-mouth guy this "Jeff Darga" allegedly is.

  14. Re:Shooting people to tests for vests by hawk · · Score: 3, Insightful
    >I think that Mr. Darge needs a vacation,


    Nah. The local paper needs a copy of the letter. It does wonders for political careers when the paper has to note that it cannot include the entire letter sent from a school board member to a citizen because "he wrote things that can't be printed in a family newspaper" . . .


    hawk

  15. Re:Shooting people to tests for vests by WoodstockJeff · · Score: 2, Insightful
    When I find a school or church organization that is relaying for spammers, I include words like these in the message to whomever:

    This time it was just a stock scam; who's to say that the next time won't be a child pornographer? Until you fix this, YOU can't!

    I don't remember any such relay that wasn't fixed within a couple of days...

  16. Re:Absolutely amazing. by treat · · Score: 3, Insightful
    They weren't making laws. They were making rules. Congress makes laws, agencies enforce them.

    The rules/regulations that agencies make have the force of law, however. That is, you can be imprisoned for not following them, with the full force of the US government behind them.