Slashdot Mirror
Blaster Writer Caught
Henry V .009 writes "The FBI will be arresting an 18 year-old in connection with MS Blaster, reports The Washington Post." According to the article, the teen was witnessed testing the worm, and then turned in by a bystander. It's also worth noting that this is merely one of the Blaster variations. Hope whoever it was had fun, because a world of pain is waiting in store now.
How on Earth do you witness somebody writing a virus?
He's sitting in front of a computer, hitting keys on the keyboard and looking at the monitor. That describes the person who wrote this story, the person who submitted this story, the person who posted the story, me getting first post, and everybody reading and moderating this and every other post to come.
It also describes RMS writing Emacs, Linus debugging the kernel, and SCO issuing another press release.
Did this witness actually read the code? What kind of idiot virus-writer lets someone he doesn't know pull up a chair and start auditing his code?
Or was the witness tipped off when the screen start flashing "NOW TESTING VIRUS"? Damn, I hate when that happens!
This doesn't sound quite right.
Is this truly the only Earth I can live on?
He'll get hired by IBM in 8 months to work on internet security.
Also reported by the BBC
http://blog.nexusuk.org
The FBI will be arresting an 18 year-old
Coder: Huh? They are coming for me? I'd better get moving before they get here.
Lucky the authorities got to him first that is. Well they say there are more virus authors out there. Hopefully all that dental equipment I bought on Ebay will be put to good use.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
They're planning to do WHAT Friday morning?!?!?
I mean, maybe he borrowed his mates computer to do something, saw something interesting, then got told to take a long walk off a short plank when he tried to blackmail him.
Well until someone is caught and Proven to have written the virus, as far as im concerned it is a bunch of FUD.
Life is like a box of chocolates, you never know when your gonna get food poisoning.
That sounds fishy.
The average person wouldn't have a clue about what a developer was doing. There's no way someone can walk by and know that the guy was testing a virus.
I'm no sure about the world of pain. Given the age, given the media, I predict the sympathy angle will start to be played for all is worth.
The article states that this "18 year old" is the author, but later on it talks about how he was "observed testing" which all sounds a bit dubious. Assuming he is the author I have very little sympathy, virus writers need to be accountable for their actions. If however he is just been made a scapegoat......
This is a ~10 year old vulnerability in DCOM.
Corporate neglagence is still a crime. and Corporations are Individuals, therefore Microsoft, Inc. Should be incarcerated.
Buttsex.
I submitted this story sometime ago, but got rejected. The kid actually did not write the MSBlaster worm, he modified it to make it more potent and released it. story here
.ACMD setaloiv siht gnidaeR
Perhaps, as some kids are at that age do (not all before you flame me), he had been bragging about it in an irc chat room, had an enemy/concerned chatter catch wind of it and reported it to the feds with logs and IP information.
Why not eh? stranger things have happened at sea.
--Mods giveth, Mods taketh away--
my progeny worm
set loose to exploit your holes
mine left for inmates
Didn't download the patch huh?
-Vercingetorix
"Necessitas non habet legem." -St. Augustine
...I got a virus in my computer and... and... it wrote another itself!
Just remember this
I'm a chainsmokin' alcoholic sociopath, so-ci-o-path
It can take weeks of computer forensics to identify what someone was creating on a computer, so I doubt very much that they're 100% certain this kid is guilty without inspecting his equipment. And last I checked they need proof before assigning guilt (unless Ashcroft's already removed that clause from US law).
Yo, RFTP/RTFA. It says in both the article and the post that the witness saw the person "testing" the virus, not writing it. Which is even more scary in a way. How did the witness know what he was doing? What day was it? Which version is he supposed to have written? Oh, and there has been "no arrest made in this matter yet."
The BBC article contains a bit more info: It says he's suspected of altering the original MSBlast worm into one that would cause more damage.
It also says: "Reports suggest he is likely to be arrested by the end of the day." WTF? They're giving him advance warning?!? Run, boy, RUN!!! LOL.
I wonder if this could be the variation they suspect the teen worked on? If so, it could turn into a slippery moral slope for the press to take a stand on either way...
Thank god he's 18 and fully accountable.
Anyone who's imagenation peaks at nameing one of the most significant viruses of out time as 'MS Blaster' deserves to get caught!
IIRC, the boy tried to DDOS www.windowsupdate.com, which is not the URL people usually use for windowsupdate.
Makes you wonder what a professional terrorist could do. The worm could have been far more destructive.
Infected computers were programmed to automatically launch an attack on a Web site operated by Microsoft, which the software maker easily blunted. The site, windowsupdate.com, is used to deliver repairing software patches to Microsoft customers to prevent against these types of infections.
:\
Talk about an advertisement.
Anyway, doesn't it ever occur to the press that Microsoft could actually be doing a better job researching into securifying their products *pre* release? Right now (as everyone knows), they're submitting corporate-level products to corporations, making gazillions of dollars, and ignoring any bugs until someone points them out.
When is somebody going to finally decide to call them on this and force Microsoft to do a security audit?
www.sitetronics.com/wordpress
Now I gotta know what it was renamed to...
The whole world isn't against you... There are BILLIONS who just don't care one way or another. - ziggy's shrink
The worlds most intelligent bystander has just been identified.
Since the laws have gotten tougher in the United States, Crackers and Virus Writers are no longer sent to "Club Fed" - they are incarcerated in "Federal Pound-you-in-the-ass Prison". I guess, he'd really be a "Cracker" then, huh? (so to speak)
...and the rest of the (anti)virus companies should be sending this guy care packages or something to help this him out. If not for him and other virus writers (i.e. the ones who really wrote the virus), all those companies would be out of business. Business for them has been booming because of all the virus activity, the kid should at least get a free carton of cigarettes before he's carted off to jail.
-Look lively. LOOK LIVELY!!! --Mr. Shmallow
Infected computers were programmed to automatically launch an attack on a Web site operated by Microsoft, which the software maker easily blunted. The site, windowsupdate.com, is used to deliver repairing software patches to Microsoft customers to prevent against these types of infections.
uh, yeah, if you mean by blunted they took the site down. i can block the worm from my computer too! just let me pull this power cor/
The FBI will be arresting someone.. Hm. I wonder if thats Kevin Mitnick/Guantanamo Bay-style "will be arresting" or they really will arrest him so he can have a proper trial.
There's something deeply ironic about the .NET Messenger messenges I've been getting from M$ today telling me that my Linux-based MSN client is a security risk.
You're going to enter a world of pain, son. We know that this is your homework. We know you ...
Any chance he goes around calling himself "Zero Cool"?
Or have we forgotten how the system works?
Alleged writer. Innocent until proven guilty beyond all reasonable doubt.
Based on this report, the evidence so far is one witness of unknown competence. "Testing the infection"? I "tested the infection" yesterday by making sure that AVG can contain Blaster.
Oh, I'm sure that the FBI aren't (quite) dumb enough to announce this without doing some investigation, but the fact that they're announcing it as a fait accompli before they've even made the arrest indicates that this is a PR exercise.
But that's irrelevant speculation, because whatever their or my or your opinion on it, this guy is innocent... pause for breath... until proven guilty beyond all reasonable doubt. Let's drop the tabloid press pack mentality here.
If you were blocking sigs, you wouldn't have to read this.
....what can just as easily be attributed to stupidity.
I guess this puts a finish to the "spammers are releasing viri into the wild" theories??
----- In Your Cubicle No One Can Hear You Scream...
I can just imagine all those security departments dropping job offers at him...
Just goes to show how unneccessary this QA malarkey is.
Researchers also discovered another message hidden inside the infection that appeared (emphasis added) to taunt Microsoft Chairman Bill Gates: "billy gates why do you make this possible? Stop making money and fix your software!"
Yup, that's cryptic alright. I'll bet the FBI's first question will be to ask what he meant by that.
Yeah. And his cellmate won't have to worry about being charged with Statutory Rape, either. ;+)
from the story:
The "Blaster.B" version of the infection, which began spreading Aug. 13, was remarkably similar to the original Blaster worm that struck two days earlier; experts said its author made few changes, including renaming the infecting-file from "msblast" to an anatomical reference.
can you say "PENIS.EXE" that was the executable name of the variant.
And any bystander seeing some kid playing with "PENIS" might call the police.
How to code this: "RENAME MSBLAST.EXE PENIS.EXE" (and a replace of the strings)
***World crippled by 12 year old***
Who would've gotten blamed then and what would've been the consequences?
-Look lively. LOOK LIVELY!!! --Mr. Shmallow
This is the beauty of OPEN SOURCE!! He got ahold of some code, modified and improved it, and released it back into the public domain! That's how it's SUPPOSED to work!
Think of the outrage that would have been touched off if he kept the modified code for his own use... INFORMATION WANTS TO BE FREE!!!
Where do I send my money? This guy is a HERO, not a CRIMINAL!
"Ask not what your country can do for you." --John F. Kennedy
Why? Only a kid really at 18 and it's not like anyone's going to get anything back from the blaster mess.
You're a fool if it effected you anyway.
Clearly this is not the best advertisement!
The kernel of truth in your criticism is that they claimed to have audited their own code over a year ago, in a highly publicized move. This raises doubts about how thorough that was, since MSBlast affects even their most recent release, Server 2003.
The whole world isn't against you... There are BILLIONS who just don't care one way or another. - ziggy's shrink
The obstical to progress is lack of discussion about solving the problem, and especially lack of discussion about selecting technology based on technical merits rather than admiration of Bill Gates' personal wealth.
It is very difficult for casual users to find a way off the Wintel hamster wheel. Not only do OEMs push only MS products, computer magazines do not publish real product reviews any more. It's like one big cult and discussion or critique of technical issues turns ad hominem. e.g. "Oh, you just hate MS".
It's even harder for the non-technical, general public. Radio, television, and newspapers contribute to the problem by effectively providing spin / damage control for MS by omitting the obvious fact that all these worms and viruses are due to product defects either in design or implementation or both. Instead of refering to all MSTDs as "Interent Worms" or "E-mail Viruses, news sources could easily be pointing out the cause of the problem or replacement technologies. e.g. Point out mail clients like Eudora, Evolution, Mozilla, Opera, and even old pine are consistently higher quality, especially in regards to stability and security. Or, point out operating systems like Linux, BSD, Solaris, Netware, QNX, or OS X which are easier to maintain, more stable, and more secure. Now that KDE is as easy (or difficult) as WInXp, there's no excuse not to.
It's probably time to ask, "Is Windows ready for the Internet?" The answer is likely to be a resounding, "NO!"
Or an accounting audit. Microsoft is a firm which has grown through acquiring other technolgies and companies. Growth-through-acquisiting firms tend to drop like a rock once they stop expanding.Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
The U.S. attorney in Seattle is heading the case, hmmm why Seattle?? this kid is in some trouble....Oh, and It did effect me, (at work) but patching hundreds of Windows systems is not my responsibility. He will get what he deserves, he knew better.
Yes, I did. And in fact I did before the virus was even released. Further, I blocked port 135 at my router the day the virus was released. I have never even once had a virus infect any computer I own, even the ones running Microsoft OSes and Outlook/Outlook Express, and I've owned computers since 1980 starting with a TRS-80 Model 1.
Don't assume that because I think the little shits that write viruses should be held accountable for their actions that I am a newbie, a Microsoft fanboy, or a victim. You would be very wrong on all three counts.
If I were to remove the driver side window from my car and replace it with a piece of trash bag, making the car obviously insecure to anyone with more than two brain cells, that still does not give someone the right to damage the interior of my car. Likewise, just because Microsoft peddles insecure garbage does not give some little pimple-faced moron with no social life other than his left hand the right to damage someone's computer.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
Well, trying to read between the lines of the article I think that Microsoft did a security audit and one outcome of it is stuff like the article. Because with that you give a message to the public that says
So the average "John Doe" is fine because he didn't do something wrong and justice is brought to the bad guys. And of course its not the fault of anybody that a software is insecure since we all know that its impossible to write software without bugs. Brave new world!
They're probably watching a handful of suspects and they're going to see if any of them run.
Hammer of Truth
That's your GNU/gnu, you insensitive clod!
All this is a clever trick. FBI is waiting at the border looking for script kiddies fleeing to Canada in panic.
getSexySig();
Few years ago, one of our local companies got hacked and it took like 1 week to catch the "hacker".
How? He started bragging about what he did in a IRC chat room... But oops.... few days later caught!
For gods sake he was like 23 years old!
> because a world of pain is waiting in store now.
Jeeesus, with all the real pain waiting for you as you cross the street, seems from this (and other people's) post we are really exagerating.
It's not a bullet planted in your front...
Together with the developers of Apache and sendmail. These software-packages had security-holes too.
...You are over-qualified and under-paid. If we give you a raise, we will break the cosmic balance of the universe.
I am pretty sure it isn't illegal. What is illegal is putting it on someone's computer or network without permission, intentionally spreading it (in an active form) or allowing it to spread itself across space one does not own.
Since a virus is nothing more than a computer program, it would be incredibly difficult to make writing one illegal without catching a lot of legitimate software in the same net.
eg - Under a literal interpretation of one of Britain's early "anti-virus/anti-trojan" statutes, Windows 95 would have qualified as a 70 megabyte trojan!
So the writers of these virii certainly are doing a bad thing and certainly are aware of this, but it seems to me that Windows/Outlook/Office ship with a big red button and endless admonitions not to push it. Of the two, the button maker and the button pusher, I know who I find fault with most, but I suspect that the media and most observers are becoming accustomed to these ridiculous risk exposures as somehow inherent in computing and thus tend not to blame the button maker. Think also that this effect has something to do with why these problems never seem to actually get *fixed*.
Mafiaboy.
Given the age (he was only 15!), and given the media, he was still crucified. There was no sympathy angle, there was no "youngster gets hassled by overzealous feds" angle. He was, as could be expected, generally portrayed as an evil h4x0r who DoSed eTrade, eBay, Yahoo, etc.
No, whomever launched MSBlaster.B is not going to become a media darling, and he damned sure isn't going to win the hearts and minds of Joe Sixpack, whose computer kept rebooting itself due to the various incarnations of MSBlaster.
From a personal standpoint, I think it's sort of shitty that this kid is getting busted for what seems to amount to no more than a bit of hex editing. I'd rather see the FBI investing its resources into tracking down the author of the original MSBlaster (as opposed to a barely-modified variant which didn't propagate widely)... And I'd much rather see them go after whatever assclown is responsible for SoBig.F, of which I've now received more than 6,000 copies at 100KB apiece. That's not to say that they aren't investigating these things, and I hope they find the perps eventually; but I think it's a bad deal that they're going to bust a kid who made a knock-off instead of the guy who started it.
I really don't buy the sympathy angle. The guy allegedly launched a worm variant, he probably bragged about it (another similarity to Mafiaboy), according to MSNBC, the FBI subpoenaed IRC server logs to track him down. Launch a worm and gloat about it to your 31337 buddies, and you get what's coming.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Dude, that was totally incoherent. Go get your coffee, and try again.
Mod point free since 2001
At least some high-profile software is now verifiably authored in the USA . I guess having the virus writers too far from Mc. Affee, Norton etc. didn't work ;)
This is not a signature.
...the way they use the future tense to make sure we know that the Post is publishing this story before the arrest actually happens...you know...just in case the guy who writes viruses happens to get on that crazy internet thing where he might see this announcement and decide it'd be a terrific time to check out the weather in Rio?
Every report i've seen on this is saying the kid was about to be arrested for sobig. One of them opened with a headline about blaster, then started showing screenshots about sobig and talking about spam.
In other news, whooping cranes have been spotted flying out of tom brokaw's ass.
What if he wrote the one that PATCHED the system vulnerability? Just as much of a pain in the neck but the intent behinds it appears benevolent.
Folks, I know that "prison rape" jokes sound funny. I know that everyone gets a laugh when someone mentions "federal pound-me-in-the-ass prison." Yes, Office Space was one of the best movies ever made. No, that doesn't make prison rape hilarious.
Imagine if it were you in prison.
I have been incarcerated, and while I wasn't physically accosted (though I don't doubt that it may have happened if I'd been prescribed a longer stay), the sexual humiliation was probably the worst part of the experience. Prisoners have to shower. Together. And the jailors have seemingly no end of dick-jokes.
You have to disrobe before you get into the shower, obviously. You leave your prison garb in a "cubby" type lockeresque rack, and you hope that a) you remember which cubby you put your garb in and b) some joker doesn't forget such and take yours by accident.
After taking your clothes off, you have to pass by several guards before you get into the showers proper. And the guards utter sexually oriented insults to every inmate who walks past. "Hey smallcock." "How come you're so eager to get in the shower with a bunch of naked men?" "I bet all these guys want to have a big orgy!" "Today was grits and eggs for breakfast, but it must be sausage for dinner!" "Look at this, a whole shower full of little dicks!" etc. No, I'm not joking, the jailors really say this shit.
This was humiliating enough. I can't imagine the torture of actual prison rape. It happens, people, and it's very real. The things that go on in jail, most people (who, of course, have never been to jail) would not believe unless they witnessed it themselves. I hope that you don't have to, but at the same time, please have a modicum of respect for those of us who have been there, and those who are still there for whatever reason. I'm not asking you to have sympathy for people who have committed crimes; you do the crime, you do the time. But being a criminal does not mean you deserve sexual assault.
No aspect of prison is funny.
None.
I'm not defending the virus writer here, but doesn't it take at least two to cause problems on the scale Blaster and others have? There's the buggy OS or some rubbishy server software or bad IT mgt to blame too. Can anyone say 'scapegoat'? I personally don't think locking up (or whatever) some 18yr old kid will make the net a safer place to be, that comes with good software and mgt.
:)
If I were to defend the virus writer: virii are often very clever and neat pieces of code. They usually show that someone has been wise enough to spot an exploit and demonstrate it. In some cases they only get out by mistake. Surely it's better to know about holes in software than hide from them? Virii practically do software vendors the service of testing their code - perhaps they should even be paid for it?!?!
I like that idea: virii could be seen as an overt way to force closed source software into improving? A kinda predatory unit test
According to Seattle Times, The 18-year-old suspect already has been questioned and put under surveillance, and is expected to be in custody by 1:30 p.m. (PST) and will also be charged as an adult
What's under yellowstone?
What port do you imagine they will connect to the kernel on?
In my understanding the accused just developed and released a variant based on the original.
See my journal, I write things there
Did he license it properly from the owner of the original MSBlaster? I see another SCO type case!
Are they sure it wasn't the new Sims Virus Beta?
I guess you design what virus' do, how they affect computers, and watch them in a 'real world' simulation. You can even turn off firewalls and watch them tear through corporate networks (no nightmares please).
This could be illegal, but it's perfectly fine to blast away innocent people (and evil orcs) on Quake XII. As long as you don't do it in real life, it should be alright (and maybe a bad idea for impressionable minors).
Hunger is the best sauce.
He ain't a minor anymore. Welcome to the big leagues, buddy. Kiss jeuvey hall goodbye.
the Agents will wipe the kid's slate clean, to give him a fresh start. All they ask in return is his cooperation in bringing a known terrorist to justice.
He's sorta right, it's similar here in the US. Anytime you are detained, you are technically under arrest. If you say "Can I leave now" and they say "no", then you are basically under arrest. At that time it's best to not say anything more.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Redmond, VA: The youngster will be charged by two companies with accusations of reverse engineering. Citing the Digital Millennium Copyright Act (DMCA), Microsoft is accusing him of implementing a piece of code that circunvents patented Microsoft's Windows protection.
Richard Ludwig, attorney for Microsoft, said "My clients believe that the writer of this virus is actively destroying the value of my client's proprietary technology, and demand that this viral activity cease immediately."
Mark Scheise, attorney for SCO, said the teenager violated its intellectual property rights by using SCO code in the virus. He said that each bit from its code was a perfect match with SCO's code. "He was using exactly the same two bits as SCO, just in another sequence". Scheise also added that this was not just a coincidence, and denied any request to disclose wich are the two bits. "I can't tell you wich are these two bits, but I assure you they're the same as thos used by SCO".
-
Roses are #FF0000, Violets are #0000FF, find / -name '*base*' |xargs chown -R us && mv zig greatjustice
If that were the case, such administrator could have some responsability too, if he knew about the virus and didn't stop the guy.
It could be that there isn't any 18 year old programmer, nor any witness either. It may be only a tactic to spread FUD among any potential future virus writers, so that they think "Hey! They've actually caught one virus writer. They could also catch me."
So... my particular conspiracy theory is that there's no one about to be caught, but that this FUD move would serve these purposes:
i hope he gets to finish his Big Gulp before the feds throw him in the van...
Good proposal...but in England it's the afternoon already.
I think the problem was more his accent.
I'm a friend of a friend of the working class.
is that this guy was caught using telnet/pine to read his mail at home and some other kid saw this "very complicated" screen with no buttons and not even a paper clip to help in this task
So, he's quite obviously 1337 h4x0r...
how long until
Translation: hunt-sabs = saboteur of a fox-hunt.
You know they call 'em fingers but I've never seen 'em fing. Oh, there they go.
Remember we are not talking about a drug baron here with millions of dollars and access to and knowledge of a foriegn country. We are talking about an 18-year old kid, probably a university student, mostlikely the dorky-always-in-front-of-the-computer type. He probably does not have the means nor knowledge to flee the country, even if he could do so without the FBI knowing.
In a case like this it would not be hard for the FBI to talk to him, decide he was their man, keep an eye on him (or enlist the local police to help do that) and tell him not to go anywhere. For someone with large finincial resources and knowledge of the world, this would be a bad idea as they might attempt to flee but for your average young person it just isn't feasable.
At that time it's best to not say anything more.
Especially if you have not been read your rights. Technicalities like that can sometimes get you away scott free, guilty or not.
Usually, however, you are asked at interview if you have been read your rights.
I used to help run arrest awareness workshops. I made a great bastard copper. I've had people crying without much encouragement. If you are involved in any kind of protest group that is likely to brush with the law, practice at hostile interviews is invaluable. When people are scared their mouths tend to flap. They are conditioned by TV to start explaining *why* they committed the "crime". Cops don't care about truth and justice, they care about arrest rates. They want both parties to admit wrong doing and let the CPS/DA decide who to charge.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
In which case I would assume it is always best to say, "yes." You're not under oath at that point, so they cannot go after you for perjury. If you were read your rights, then you weren't lying. If not, then they just started interviewing you without you knowing your rights.
I don't know how well it would hold up in court if the officer said, "Well ummm... He wasn't actually read his rights. But he said he was!!!"
With "Free Kevin" already on my bumper I'm running out of room... can we just have a "Free Hackerz" or "Free Lamerz" sticker for this one?
The WSJ says as much this morning (paid subscription required): The "Blaster.B" version of the infection, which began spreading Aug. 13, was remarkably similar to the original Blaster worm that struck two days earlier; experts said its author made a few changes, including renaming the infecting-file from "MSBlast" to an anatomical reference.
Yet cars seem to still have so many security faults that are known, document, but unfixed. The biggest one is the highspeed collision. Running a car into another object, espically a car moving the the opposite direction, is highly likely to cause a catastrophic failure that often results in serious injury or death. This is a known flaw, it isn't like it is a mystery what happens when cars crash. It is even something that can be fixed to a degree with more durable, race-car style frames and 5/8 point safety harnessess instead of seatbelts.
Now of course this isn't seen as a reason to sue car makers because it is an unintended way of using your car. You aren't SUPPOSED to crash it, and if you are a good driver you won't unless another bad driver hits you. The things that concern people are when cars fail when they do nothing wrong, ie the Firestone tire thing, or when the kind of failure is out of perportion with the mistake, ie low speed collison leads to gas tank explosion.
Well, see, with computer security vunerabilites you are talking about people making unexpected use of your product. They are sending bad data to it, data it isn't designed to accept or work with. Somethimes this causes an unexpected result.
So as far as I'm concerned, the computer world already has BETTER safety than automobiles. People can do all sorts of nasty, unexpected things to my computer, and it will shrug them off as if it were nothing. Any time some problem IS discovered, I am given an update to fix it. This would be like driving around in a car that had unpickable locks, un breakable glass, would not damage you or itself when you hit a wall, etc. Then if it was discovered that, for example, a certian acid could melt your locks and let someone in, they'd send you new locks that were impervious to that.
Now of course software is virtual and so this can be done whereas it can't with a physical thing liek cars, but I'm not seeing any problems here. All security holes come from assholes trying to do things they shouldn't. I gaurentee if you setup a seperate physical trusted network with only users you know to not be hax0rs you will never find a system comprmised, even if they all remaing unpatched. It is only when you connect to the internet and every asshat is free to try and do all sorts of things they shouldn't are you in any danger.
noticed the location I thought they had arrested the weak ass Microsoft coder that left this hole in the first place. Oh well...
Runied more lines than most murderes? Are you kidding me? Do you know the impact of families when a loved one is killed? This was a freaking computer virus. It was fixed with a simple update. Sure, some people lost a day or productivity, some sites were shut down. You saying that missing a day to go to the DOT to get your damn car tags renewed is more damaging than the loss of a human life in a tragic murder shows how stupid you really are. It's no wonder you posted as AC.
Puh-Leeze .... life sentence for a freekin worm ? gimme a break. He should go to jail alright but life is a bit extreme. Computers are not people. Any _COMPETENT_ system administrator would have had at LEAST a firewall. Poor administration or complete ignorance of the consequences of not securing your machine results in infection. This worm woke a lot of people up.
You are just ticked off cuz you got caugth with your pants down.
DONT TREAD ON ME MOÎΩN ÎABÃ
Reread the article. They didn't bust the original author. They busted the lamewad that renamed msblast.exe to penis32.exe -- all he did was modify the existing virus.
Granted, the dipshit _touched_ the virus code and released a variant (albeit an extremely unoriginal one)
It was probably about as difficult as hex-editing a file. Gee. 5 minutes of dicking around is going to get him a life long prison ass pounding. Way to go, Genius.
And of course the uninformed media is going to paint the dumb bastard to be THE msblast author. Can anyone say "Scapegoat?"
I don't know, from where I have been working it helped force management to actually patch the RPCDCOM hole because the did not believe it was a security risk, until it was proven in the wild.
Though it caused a huge panic within our IT having the hole patched has stopped the single user stealing data through this exploit.
To me this is more important and if the pointy haired boss needs worms like this to understand the scope of a security hole it is better that a harmles (from data security view) worm proves it to them than a cracker stealing data does. The worm is more easily seen than the cracker when a hole like this exists.
I was thinking of the immortal words of Socrates, who said: "I drank what?" - Chris Knight (Val Kilmer)- Real Genius
Advertisers and marketing executives spend billions of dollars each year creating, researching, and disseminating memetic viruses through every conceivable media outlet...
OUTCOME: Profit and stupidity
An 18-year old writes a computer virus that shakes these corporations up a little bit....
OUTCOME: The FBI arrests him
MORAL OF THE STORY: The Matrix has you...
P.S. Wake Up by Rage Against The Machine is a great song
It is clear what has happened. Young passions don't last. San (Sandra? Sanchez? Sanitarytowel?) has finally cracked and dumped her acne-faced geek-boy in the worst possible way...
My Karma: ran over your Dogma
StrawberryFrog
The exploit was publicly available even before the first one came out. Check out astalavista for a 'tutorial' on how to do it. That was there before blaster, so this kid may be one of millions who wrote a 'similar' bug, so what's wrong with that? How many people write exploit for known bugs everyday? I don't think you can prosecute somebody beyond the shadow of a doubt when it comes to 'writing a similar' virus. Now if he was caught with the original worm source or something like that, they may have more of a case.
Speak for yourself.
When I read the piece, my initial reaction was, "They really should arrest Bill Gates". However, on some reflection, I'm not so sure Microsoft is the sole source of all the disruption over these worms.
OK, so the MS software makes worms and virus spreading relatively easy, due to activeX, executable mail attachments and bad security "out of the box" (open ports, exposed services such as RPC etc).
Still, if a motor manufacturer sold a mass market car without locks, windows or an alarm system, would anybody buy it?
The answer is, probably not. There's the issue of personal responsability to obtain a secure car. Same with software. Maybe it's all of those major businesses and misguided "CIOs" who keep buying Microsoft who ought to be arrested. Between them and the Microsoft execs, they've managed to create an environment which makes it easy for these bored young men to create worms.
Poor 18 year old guy. Why should he be arrested? After all, what's a script(kiddie) among friends?
An the article is not kidding about variants of the blast worm. Two weeks ago we saw heavy destination traffic on port 4444 to random boxen on the internet. It turns out one of my client's linux boxen had been cracked into and a dropper that works just like the blaster virus starting hitting hundreds of outside servers. We tested it in a clean lab and it would infect but not install the worm properly. It was nice that he left source code and all. Makes me wonder just how many variants are still out there?
/*/ 2003-July/012000.html .
Here's the some of the source, might look familiar to some of you..... Hope the right person sees this.
**
** 2003/07/27 - DCOM RPC WIN32 remote exploit (Most languages)
**
** FlashSky/Benjurry and, H D Moore's code is very excellent.
** It works well even if change only return address.
** I didn't feel necessity for new make.
**
** Thankful to them.
**
** 2003/07/30 - Update, Added magic return address.
**
** kokanin supplied very excellent information:
** URL: http://lists.netsys.com/pipermail/full-disclosure
**
** * As well as Korean thanks to, a lot of systems can exploit.
**
** --
** Thank you.
**
** P.S: Sorry, for my poor english.
**
** --
** exploit by "you dong-hun"(Xpl017Elz),
** My World: http://x82.i21c.net & http://x82.inetcop.org
*/
#include
#include
#include
#include
#include
#include
u_char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,
0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,
normally i would agree with you...
however since the passing of the DMCA, Patriot Act.. all the other shit in the past 10 years
i think your a fucking ass
WAKE UP AND SMELL THE FUCKING ROSES
"let ye of no sin cast teh first stone
do you have any MP3's? ANY? i mean just 1? cause right now its illegal to have a copyrighted song.. well.. in a few years.. you may be going to jail for that.. YOUR BREAKING THE LAW ASSHOLE!!! do you speed? ever double park? well today thats just a fine and a ticket tomorow you could go to jail as well..
shut the fuck up, show a bit of compassion, show some sympothy, act like a fucking human being for christ sakes!
The More Knowledge you have the Luckier you Get- J.R. Ewing
The MSBlast worm was responsible for one of the worst computer security outbreaks of this year.
Where it should read....
Microsoft was responsible for one of the worst computer security outbreaks of this year.
From the BBC article found here
Personally, the media is more focused on promoting the stereotype of the teenage kid who has go nothing better to do that 'hack' computer systems. The emphasis should be on why it was so easy for an amateur was able to write such a destructive program. Bottom line is that Microsoft writes bad software, and people need to know this. Obviously Microsoft isn't 100% responsible for this, but making a media scapegoat isn't going to solve the underlying problem. I don't feel sorry at all for the Maryland Department of Motor Vehicles. They deserved what happened to them, it was only through their own ignorance that it happened. People in today's society want to use computer, bur rarely take the time to learn and understand even the most basic principles of how they work. And what heppens is after that, they expect techies like us to take their shit.
--
Adobe's anti-counterfeiting softw
The word you guys want is "affect".
Yeah, it's a stupid grammar nitpick.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Again, not in the US. An arrest is the act of reducing someone to custody, by "significantly impairing" his freedom. Merely preventing him from leaving doesn't count.
"you are under arrest, you have the right to remain silent etc."
Again, not here. Only required prior to in-custody interrogation.
What is it called then in the States to be held involuntarily by the police while you wait to be arrested?
Detained, for a period reasonable under the circumstances. Most of the time, the courts will allow up to half an hour before we need to either escalate to an arrest (requiring the greater legal justification) or turn someone loose.
As for de-arresting, there's nothing wrong with the concept. If I hook someone up, lodge him with the sheriff, and subsequently find no basis to hold him (complainant admits to lying, etc.) I can have him kicked loose. (And then charge the complainant with False Reporting, but that's another story.)
What's the attraction of hunt sabotage? Being an animal-rights ass or just fighting some dumbassed class war?
Besides, Bill Gates deserves do get his butt kicked. If he gave me enough money to buy all the tech toys I would be tempted not to hire a ninja to take care of him. (I probably would, anyway, though!) But, since he hasn't, I'm gonna diss him until that time comes, and hope this sort of thing happens again. Use Linux/UNIX, and you will be happy with great happiness. Anyone who wants to arrest a great hacker in the making is obviously stupid. Let's all kick Billy's butt! YEAH!
That is only because you are not a street "administrator". If you were a street cop, may be thwart crime would be your duties? User policies, both in networks and in the street, _are_ policed for, even if we, as network administrators, naturally don't like to talk about the policing we do.
Techno! He was listening to techno and working on a computer, he must have been writing a virus.
"Sic Semper Tyrannosaurus Rex."
..shake...tremble...shake
I'm on my fourth cup today and it made sense!
..shake...tremble...shake
Sig it.
It would seem most of the recent celebrated viruses have been written by semi-skilled script kiddies or worse. Let's face it, VBA makes it simple to write an e-mail virus. My usual response at work or to friends regarding these viruses is: it's probably some bored kid because you do not realize how easy it is to write a virus for Windows...and how stupid your are for using it...then I start one of my Linux rants and they all run away.
Just think what will happen when a skilled programmer writes one of these (if not already).
Funny Stuff...
"Sic Semper Tyrannosaurus Rex."
but who would take the case? Not the government. And any Civil alwsuit would probebly not beable to get the subpeona it needs since no jusge is going to let just any lawyer go on a fishing expedition in MS files.
still would be nice to see Rlaph write a book with the same title as the pinto
I just spent 3 hours removing an ancient virus (backdoor) that showed up on a freinds windows machine. I was astonished it took me that long. THe problem Norton Util would say it found a virus but not saw where the files were, the info on their website was out of date since the virus was using new file names now, and if you did not get the right combination of "restore mode off, safe mode on" before scanning you had to do it over. And this was on a computer that "said" it was up-to-date on patches and virus definitions. grrrr
Some drink at the fountain of knowledge. Others just gargle.
I expect the comments in the first place. It's inevitable among any community that has people the likes of the "Frist p0st" and "go to cnn.com [secret link to goatse.cx]" commenters. But the moderation system is in place so that crap like that can get ignored by the people who don't want to hear it.
If you think it's funny, Obviously I can't/won't stop you from moderating it that way. But think about the real issue behind it before you encourage lighthearted humor about rape.
"The bible in proverbs says not to withhold good from someone when it is in your power to help"
The bible also has a load of other social moralising. Do you go along with it all? If you do them you'll be either a hypocrite or insane since
it contradicts itself numerous times. Man I hate holier than thou bible bashers.
But you are of course obliged to make a good faith efferot test your software and make sure it does not have simple bugs, compiles and runs before you release it. The kid was obviously just releasing his testing his changes prior to releasing the source as he was required to do under the GPL.
all viruses should be GPL. THen bill gates will really be right.
Some drink at the fountain of knowledge. Others just gargle.
A kiddie made changes to Blaster,
trying to make it run faster.
Now we're all making jokes,
'cuz he was bought for some smokes
by George, who he now calls his master.
do not read this line twice.
Yeah, dude. He should be moderating instead of posting.
The price of freedom is eternal litigation.
The Feds only have some kid who was f'ing around with the source code for a variant of Blaster. In other words, they're going to pin all the damage on him, even though he may not have even wrote the original virus or infected machines!!!
The truth of the matter is that they don't know who wrote the virus and they don't even know where to begin to investigate. This sickens me because as of right now it looks like someone made a phonecall and the Feds are ready to blame that person for all the problems that were caused by the virus. Even if the kid had the original source code, thats not justification for prosecution. God knows how easy it is to obtain that stuff.
If you behave in a manner that lands you in prison, you deserve everything that comes along with prison with the exception of the cable tv and other little comforts that the PC crowd has insisted we WELL BEHAVED citizins pay for.
CINCINNATI BELL IS TEH SUCK.
"Infected computers were programmed to automatically launch an attack on a Web site operated by Microsoft, which the software maker easily blunted"
I guess if taking the site offline counts, then this statement would be true.
So anything in jail goes? Torture is fine? Why don't we just bring in some hungry lions. Maybe open a shooting gallery. Fuck the innocents, and the person caught with a bag of pot or the coder violating the DMCA, they knew what they were getting into. I like to pretend that we are more civilized than that, and leave "an eye for an eye" in the old testament where it belongs. How can someone get off on something so cruel? I hope you never end up in a situation like that.
Ha ha, yes, it is quite amusing to be sent to prison for a nonviolent offense (typing on a keyboard, for instance) and subsequently violently raped repeatedly by multiple large black men while the guards stand by and laugh and the prison wardens make no effort to keep it from happening. We will be sure to laugh heartily when you, your brother, father, son, uncle and/or cousins are sentenced to 30 days for some minor offense which they may or may not have committed. We will chuckle about the fact that they have a very good chance of coming home broken and scarred physically and psychologically by their horrifying experiences. Ha ha ha.
Rape is immoral. Rape is inhuman. Rape is cruel and unusual punishment, and we have laws against that. I always find it entertaining how our entire prison establishment feels these laws are unimportant, and our culture thinks that jokes about young, weak, and sometimes innocent people getting forcibly sodomized is a fabulous thing to joke about. Wait, no, I don't find it entertaining. I find it makes me sick to my stomach.
It's also heartening to see every prison rape joke getting a +5, Funny. Thank you, moderators. Great way to get karma. Keep up the good work.
Help Stop Prisoner Rape by not treating it like a joke.
Of course, this means the suspect won't be able to tell us who San is and why she is so deserving of his affections. Shame.
When I am king, you will be first against the wall.
SCO curently owns all hackers intelectual property.. They will discuss what IP in a secret facility filled with FBI agents after you sing a NDA.
Obligatory Billy Madison quote:
What you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone in this room is now dumber for having listened to it. I award you no points, and may God have mercy on your soul.
Johnkoerner.com
No one thinks of the poor girl the worm was dedicated to. The guy will probably forget all about her in prison, and may even write a "LoveBrunoMyCellmate" worm to keep himself occupied.
This tagline is copyrighted material. Please send $10 for an affordable replacement.
Fine. Tea.
Mod point free since 2001
Professor Falken.
The 18 year old is from Seattle, WA and his name is David Lightman!
The Blaster worm's original name was Joshua.
Political correctness is the newest form of slavery.
I love how microsoft said this was too organized to be just anybody, it had to be terrorism and it turns out to be some 18 year old. I figured it was a 12 year old or something, or maybe a monkey. Its wonderful (sarcastic) that thats all it takes to bring the internet to its knees due to sloppy coding from MS.
"Fuck all you hunters, shooters and fishers. I hope you lose your arms in a thresher." Damn the hunters for going out and culling their own food from the land rather than buying it at the store. It's much more humane to eat meat from an animal that has been made to stand in a 4*6 stall in its own shit its entire life up to the point of being nailgunned in the head. It's really inhumane to thin the herd of an overpopulated free range animal which would breed itself into starvation if left unchecked.
A quick snippit of info over at The Register seems to hint that the kid did in fact write Blaster-B, not the patching varient (does anyone remeber CodeGreen after CodeRed??).
Seems that he was 'under surveillance', was caught testing the varient, and is going to be charged with writing the varient.
So what do we do with this stupid kid? In an age when dorking around on your computer can cause millions of dollars in lost revenue (albiet, you probably know if you're about to release a worm), these things are going to happen more and more often.
1) Does this kid need to learn his lession in jail?
No, This kid is young. He's stupid. I'm sure he didn't do this realizing that he'd be headed to jail in a few months (if proven guilty). But what do you do with someone who's broken the law like this? Send him to Microsoft to learn how to fix bugs and become a programmer? Take him to the programmer who was responsible for the bug and tell them that this 18 year old kid made him look like a dumbass? Who knows?
2) Does Microsoft need to fix their insecurities?
This is as much MS's fault as it is anyone elses. I mean, if I bought a car (I hate to bring the whole car analogy thing up again) and someone came along and leaned up on it wrong and it stopped working. I'd be pissed at the manufacturer, not so much the leaner (who is laying on the ground with a bloody nose by now).
Just some thoughts.
T.
Slashdot geeks mature? Perish the thought!
The Houston Chronicle version of the story allows you to vote on who's to blame:
Microsoft, The virus writers, or people who click on attachments.
Come on you anti-MS-types, get clicking!
World's tallest building rises in the desert
right hand, probably.
...and the mods fell for it.
Someone randomly mentions SCO in literally every single article. It's not funny or clever to just say "And in other news, SCO will sue them for using their code!" This exact same joke has been used in every article every day. Why does it keep getting modded up?
"Sufferin' succotash."
There are a lot worse bugs out there.
Stay away from that particular poontang -- you don't know where it's been, and what I have heard scares me.
"Study after study after study have shown this to be the absolute truth."
I agree with point of your post, but ambiguity bugs me.
Do you have 1 specific example? Something along the lines of "Study #1756 at New York University..."
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
That makes about as much sense as putting this 18 year old in jail like the scape goat he's going to be.
Friends don't help friends install M$ junk.
We were talking about responsability, either civil or criminal. Civil responsability is more than enough to get you fired. In my home country there is a gipsy saying (actually a curse or malediction) that goes "tengas pleitos y los ganes" -- "have lawsuits and you win them".
Complete and utter FUD. The vulnerability was patched a whole month before Blaster was let loose, and the government warned people twice to install the patch.
Please, Microsoft didn't write anything. How is that advertisement? It's simple truth. Slashdot had an article just like it that talked about how Microsoft avoided the DOS. Obviously, they're giong to explain what windowsupdate.com is and why it's so important that someone wanted to attack it. It's called being informative.
"Sufferin' succotash."
He's innocent....Alleged writer. Innocent until proven guilty beyond all reasonable doubt.
Close. He is to be presumed innocent until proven guilty; the presumption doesn't change whether or not he is actually innocent, it only affects how he is tried.
For example: all those of you sharing MP3s of Metallica's latest: you are guilty of copyright infringement (as defined by statute); however, if (when?) you are picked up on charges, you will be presumed innocent by the court until proven guilty. That presumption does not change the historical fact that you did, indeed, break the law.
/pedantry
Moderate drunk! It's more fun that way!
eing an animal-rights ass or just fighting some dumbassed class war?
both
We are a place without wilderness.
Access to every square inch is under control.
Freedom is not just freedom of thought.
Without freedom of movement there is no freedom.
We have a saying, "The trouble with country folk is they lost touch with nature."
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Look it up, amigo. If you know about a felony and you don't report it, you are guilty of cover-up and can serve time for your avoidance of doing the right thing.
You have an amazingly rosy view of how the law works in this country. You must be those law-abiding citizens with nothing to fear that I keep hearing about. When we have laws that will revoke habeas corpus for the bizarre and impossible crime of loitering with space aliens (1982, Department of defense appropriations bill) and the hard-hitting "conspiracy of one", you can and will go down for anything if they want you.
Do you think it's an accident that we have the largest prison population, in absolute and relative terms, in the world?
Laws are for people with no friends.
"They'll say, 'You can't joke about rape. Rape's not funny.' I can prove to you that rape is funny. Picture Porky Pig raping Elmer Fudd. See, hey, why do you think they call him Porky?" -- George Carlin
"Sufferin' succotash."
He'll probably work for the NSA, be placed on probation and make a sh!t load of money...
100% Insightful
The logic here is unbelieveable. So if you forget to lock a window in your home, and a burglar comes in and steals your stuff, and the burglar gets caught, YOU should be prosecuted for burglary for leaving the window open?
Yeah, some might say YOU should be more careful for not locking the window... but the REAL criminal still is the burglar that took your stuff! M$ has some serious problems, but that doesn't mean we should lose all of our common sense JUST to attack them some more.
Does M$ software have security issues? Yeah. Should script kiddies be let off easy because they take advantage of these problems? No. They are no better than the burglar that entered your unlocked window!
We need to start making people take responsibility for their own ACTIONS and quit blaming others. It's like blaming a door-lock manufacturer because someone can pick the lock! There will always be people that take UNLAWFUL advantage of real or perceived situations. That doesn't mean they are any less to blame for their actions.
-=-jw-=-
When I'm on the run, between work and university, I sometimes jump onto a computer at a webcafe, and log into/onto slashdot... now as english is my second language, I think i made a good enough attempt. And for the anally retentive... "Anyone whose imagination peaks at naming one of the most significant viruses of out time as 'MS Blaster' deserves to get caught! http://www.digitalive.com.au"
As far as prisoner rape goes, it's a crime of violence, every feminist tells us so. If J.Random Virus Hacker goes to jail and gets raped, he/she reports the crime. The Authorities then have their job to do. . . if they don't do it, I'm sure they'd enjoy a spell in jail themselves.
On the other hand, nobody ever said prison was supposed to be all Tea and Crumpets, either: it's punishment for crimes committed and convicted. . .
IS it really worth ruining a persons life, if he is found guilty, just becuase you as a sys admin had to deal with an inconvience. Windows update didn't go down, maybe some of your time was spent dealing with it, but that is YOUR JOB. And if your network isn't up to date with updates, IMHO, it's your damn fault.
Sadly he'l be the scaegoat while all the network admins, microsoft etc gets to go free. I just don't think that any punishment they give him will fit the crime... Personally i think he just needs to do some community service, what he did was wrong, but nothing truely bad.
"The FBI has identified a teenager...and plans to arrest him early Friday, a U.S. official confirmed Thursday."
"The 18-year-old, whose name and hometown was not immediately available..."
As others here have mentioned, why are they announcing his arrest ahead of time? Could it be that they haven't pinpointed exactly who and where this person is and are hoping that the announcement will flush him out?
"A witness reportedly saw the teen testing the infection and called authorities, the official said."
Because most programmers who are smart enough to code a worm would do it on a public computer or with other people watching over their shoulders? WTF?! This kind of shows how much intelligence the U.S. Attorney's office thinks the American public has. The irony is that 90% of the public won't question these glitches in logic.
"The only normal people are the ones you don't know very well."
No. There's another word for it: lynching.
Precisely right that corporations are not fictitious persons - in civil law, they are persons. If it were a criminal matter, a federal felony conviction of a corporation would preclude the purchase of Microsoft products or support by the federal government and firms working under many federal contracts.
But even Microsoft's inept handling of buggy software isn't criminal, unless it is shown that there was intent to defraud or do harm. Fortunately, in the US, is not a crime, yet, to be stupid.
I might be afraid that this would change if the current administration was not so hell bent on protecting businesses, while not thinking twice about its citizens' liberty.
Just say no to fascism.
Faith is the very antithesis of reason, injudiciousness a critical component of spiritual devotion. Jon Krakauer
The real bag guys in this whole thing are the ones with all the money in Redmond. It's their crap that's broken by design.
What a moronic statement - spoken like a true 14 year old.. If someone is driving a Corvette at 120 mph in downtown NYC and kills a pedestrian, is it Chevy's fault for making a car that goes that fast? Of course not.
Granted MS could do a better job of securing their OS's. But just because you CAN write a virus doesn't mean you SHOULD. There's some personal responsibility that we all need to take.
load "windows7"
Is that due to the lack of good samaratin laws, you can be sued in the US if you (for example) pull someone from a burning wreck that's about to explode, but end up paralyzing the person in the process. If you're going to help a person in the US who you do see being involved in something dangerous to them, just be sure to leave the country when you're done.
US law is scary. I wish the average populace was more informed about it so that it'd be reformed.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Emo says:
"Some people are against capital punishment, because they say that it turns the state into a murderer. I'm against imprisonment, because it turns the state into a gay dungeon-master"
sounds like somebody needs to get laid.
Sigs are awesome huh?
Sooooo... how come noone goes after Microsoft for releasing a defective product? I mean it worked for the tobaco industry.
Microsoft has across the bord failed to deliver the elvel of security needed when you are going to provide a desktop OS to mostly clueless users, and the should have to pay the price. If General Motors left an extra key hole on the door of your car, but made it so any key would work in it - well I just don't think they could get away with that.
It's high time we hold software to the same standards that other consumer products have to live up to!!
"eye for an eye"
"forgive and forget"
Those are the most obvious ones, there are dozens of others which I'm sure you can google for.
Actually, considering the self-deprecating humour on slashdot, I wouldn't read too much into it. How many of us have joked about "slashdot readers being virgins." Mainly because we have a large geeky population, and many (but not all) of said geeky population lack the social skills to properly interface with members of the same gender, let alone the opposite sex.
The virgin isn't really a reference to sexual activity per-se, so much as it is a reference to the fact that somebody with so much a lack of a "life" probably is very likely sitting in front of a PC 24/7 and not meeting women.
Actually, sounds a lot like me in High School. Except that I didn't write viruses (custom backdoors to deal with people in the lab I didn't like, yes, but the teachers knew and found it amusing), and I now do have a social/sex life in addition to geeky pursuits.
Of course... another trademark of my geekdom is that said social life usually falls on the backburner whenever the newest Final Fantasy or RPG comes out... luckily the g/f is into 'em too (though I haven't gotten her on Warcraft/Starcraft or FPS yet).
According to this report, the teen was from Minnesota and will be making a court appearance in St. Paul today.
Ita erat quando hic adveni.
What if I write a virus for my own education. I simply want to know if I can.
What if it accidentally infected my own computer.
It's not illegal to write viruses/worms/trojans and its not illegal to get infected, now what? I suspect one could get arrested for negligence(sp?), but really, what would happen in that situation?
Writing code should never be illegal IMHO. Just like making a hammer or a gun shouldn't be illegal. Using that code/hammer/gun to commit a crime should be illegal. Being clumsy is somewhat illegal already isn't it?
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
You know, looking at the previous weeks in retrospect we can consider ourselves lucky that virus and worm writers haven't latched onto the "open" paradigm....
I think it would be an extremely bad situation if worms had some sort of SDK and documentation in their payload so that anyone, just like this 18-year old, could build on the worms capabilities. By the same token, it would be even worse if the source code to the worm would not be included because that would be a great help for those developing countermeasures against it.
If there's a way to build on a worm's code, people will come up with novel ideas to use the code the original developer of the virus didn't even think of. They could even provide field service to it, fixing/improving the propagation code for example so it hits even more systems.
Finally there's one thing I hope virus writers never consider.. I hope they wont delay execution of their damage code, not even for a couple of hours. If they did that, their worms could penetrate much deeper into intranets before admins detect it and cause so much more damage.
I hate virus writers. They hurt all the corporations dear to my heart, the bank I love and the government we all rely on. I hate this little 18 year old brat whoever he is going to be (obviously the FBI didn't pick which of the million teens with a computer and a modem to go after yet...). I hope they throw the book at him and make him suffer like Mitnick. Scum like that doesn't have "rights" much less a "right" to "due process". They should kick him into the face for breakfast, torture him with cattle-prods for lunch and bullwhip him for dinner 7 days a week.
Who would understand he was actually writing a virus? Well, perhaps a fellow coder, a hacker, a classmate?
But then that brings the question: such individuals are usually fairly close-knit. If you're around the dude long enough to realize his code is a blaster-variant, and he is somewhat of a friend, or good associate, would you turn him in? How many geeks would?
It's a hard decision, especially with a decent chance that with the current upset over said viruses even a script-kiddy variant-writer is going to get lynched after being caught. It'd make him/her a good example for other would-be virus writers, but would you do it to somebody you know?
Of course, many such geeks are vain. It could have been somebody declaring, "you think blaster was bad... wait until you see the badass variant I'm writing. I'm going to 0WZ0R J00"...
sure am glad there has ALWAYS been cops around to keep us little folk from letting our animal instinct take over our senses and getting out of line. Hell, you could just ask Sacco and Vanzetti how fair and impartial our judicial system is and how well they dole out juctice. (except they got the electric chair)
After all, some kid that writes a virus is FAR more dangerous to our way of life then a murderer, rapist, or politician.......
I have karma to burn. So lets dive in...
Email "click on me please" worms should, IMO, be legal. If it requires user action to activate, I argue the "permission" has been granted.
Viruses that exploit holes and spread by themselves should ALSO, IMO, be treated the same.
The fact that the hole exists can be interpreted to mean that permission was given (after all, what other purpose does the hole serve?).
It is the users responsibility to keep on top of things. Including arranging for recourse with vendors in case holes are discovered (just read the typical EULA).
If this is NOT the case, then I would not want to even LOOK for holes. After all, looking for holes may be interpreted as meaning I was after an exploit, and thus JAIL TIME (DMCA).
Of course, users want what is easy and cheap, and vendors don't want responsibility, so all the blame gets shifted to... hackers. The "paladium" thing is supposed to shift the responsibility from the users (who don't seem to want it) to the Vendor. Except that the vendor still doesn't give any guarantees.
With most other endeavours that can greatly affect other people (driving, flying, etc.) society issues licenses to certify that the "user" has a basic level of competency, and won't jepordize others. Not with running a computer on the 'net. No license needed. If we want to keep it that way, then we need to just "suck it up" with worms and viruses, making our systems as immune as possible.
Keep the 'net free and open. If Microsoft users don't want to patch their systems, we should do it for them -- really, whether or not they want it done. The price the MS user who doesn't stay on top of her patches pays. Same for other OSs (cracking or blacklisting open mail relays running Linux whould be an example). Keep hacking legal. For those in the US, down with the DMCA.
Note that with closed source software, the vendor has the responsibility to ensure that holes are closed. The user has the responsibility to choose a vendor that demonstrates good behaviour in that regard. With open source software, the responsibility can be shifted directly to the user, to deal with as she chooses. Or the vendor can keep responsibility (Windows on one side, Solaris in the middle, Linux on the other side).
All of this is probably too much for most people to stomach. Ok, I'll compromise. Make "worms and viruses" illegal, just to discourage the writers. Set a fine of $1000 per ORIGINAL system not owned by the offender affected. No jail time. Just enough to discourage the 18 year olds. No record either.
Ratboy.
Just another "Cubible(sic) Joe" 2 17 3061
You would never hear of people using the term "18 year-old girl, probably still a virgin"
It might be noted that while many indicate that the writer was male, the original article was in fact ambiguous as to the gender of the virus writer. Could be a girl, for all we know.
Oh, and again, part of the whole virgin thing is that if said individual were able to get some, it would probably be much more appealing that writing stupid viruses, correct?
Gee, maybe we should take his message more seriously. Maybe the author of the worm is correct in some aspects. Some say that Microsoft is solely to blame for this. I'd say it is not 100% correct. There is a shared blame for the security problems:
--
No memory available for sig. Please reboot now.
Coderz 4 Life
It seems that everyone here is focused on putting this guy in prison. I really can't justify putting someone who wrote a virus in prison while CEOs who have stole billions roam free.
Not to mention, there were two components to this problem. People need to stand up and take some responsibility when thier machines get infected. Personal firewalls and anti-virus have become common place, so I don't take that as an excuse.
Yes, the kid should get some probation, possibly some community service managing / repairing systems for underprivelaged folks. But then that would depend on the legal system being motivated by rehabilitation and not retribution.
--WooooHoooo--
I see the same old tired crap "excuse" is alive and present.
Repeat the mantra. If its bad for Microsoft, can be blamed on Microsoft, or through sleight of fact be pinned on Microsoft
IT MUST BE GOOD FOR LINUX!
A crime is a crime. Just because they catch only a few looters during a riot doesn't mean they should go easy on them. Sorry, going easy just because he is not the only guilty party is stupid.
I guess that if you only kill one person its fair to get 7 years, but if you kill many you life (or death)... unless they were really bad people???
Logic like yours is what makes this community look bad.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
http://www.washingtonpost.com/wp-dyn/articles/A642 67-2003Aug29.html
They arrested him. 18 years old - Minnesota.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
I'm not that much older than that kid, and I'm pretty damn aware of the severe problems a worm like this can cause. He created problems for millions of people, didn't it shut down nuclear power plant safety equipment? I mean, they have to have the evidence, but if it can be proved, you teach the kid a lesson.
I think he should be fined heavily and given about a year of jail time.
The "logic" of trolls isn't. When you run across a troll, don't feed it.
20 January 2017: the End of an Error.
Now, Dell shipped this machine to her in August, preinstalled with XP - without this patch.
In my book, that's irresponsible.
They could at least have shipped it with a warning explaining that the first thing to do was visit the Microsoft site to get the patch.
(On another note, the pre-installed norton antivirus was from February (!) 2003... Apparently 9 megs(!) of updates(on a POTS line...yawn!) had to be downloaded...
"Windows are for cheaters" - Bruce Springsteen
Jeffrey Lee Parsons, of Hopkins, Minn. has been identified as the supect.
Pete Carr Owner Chatmag.com
Me: By that logic, the CEO of Honda and about a half other dozen car companies should go to jail for failing to make their cars more difficult to steal. And of course the guy who steals the car is just a scapegoat who we should actually be thanking for forcing car companies to install better locks.
Me: I see. And if someone breaks into your house by smashing a window, then the window manufacturer should be put in prison for failing to make the glass bullet-proof. And if the criminal walks off with your new TV then Sony should be sued because the TV didn't come with a chain and padlock. Well, now that we know what your computer thinks about all of this, have you tried applying some common sense to the issue?
Blame everyone except the criminal. How Juvenile. How Slashdotish.
-- LD
Actually, prison rape is a very racial thing. He was completely right to point out that it would almost certainly be large black men doing the raping. You see, the black gangs, and the Hispanic gangs, do not let anybody (else) touch members of their own race. The whites fail to form such gangs, and are victimized. Often the youngest white males, usually in for some sort of first time drug offence, are in the most danger. Check out the article Hard Time by Jared Taylor.
Right on!!
Confucius say: I hear and I forget. I see and I remember. I do and I understand.
It's just been reported by the AP that the kid is from St. Paul, Minn. This is kind of funny, as I work in IT in Minneapolis, and we've been speculating that the whole mess was written by Indonesian hackers or unemployed techies in California, rather than the locals. It is odd that some of the newspaper reports said that the Seattle FBI office was investigating the virus, rather than the Minneapolis office, which is of course the only FBI office competent enough to catch Al-Qaeda terrorists prior to 9/11.
--hongpong.com
Apart from the obvious "innocent until proven guilty" matter, how about we don't publicly hang some kid for tweaking a virus until we've found the real author and proved his/her guilt.
It's the same here in the states but most folks don't realize it. When you are stopped by the police for say speeding, the whole time of the stop you are under arrest as you are not allowed to leave.
Being held in custody while waiting for paperwork from the DA's office is simply waiting to be "booked" (charges filed).
Most Americans think of being arrested as the whole "go directly to jail", fingerprints, etc. but that is the booking stage. The arrest happens as soon as you are detained by the police.
There's some personal responsibility that we all need to take.
Watch out, ipxoidi, you're going to get yourself in trouble for saying that. Psychobabble says that our 'environment' is responsible for our behavior, not our own hearts. To suggest that virus writers WANT to write them is tantamount to slander, and could set you up for huge lawsuit. (Note: Tongue firmly planted in cheek)
In all seriousness, yes the problem was with Microsoft software, but in reality the patches were available almost full month before the blaster worm was released. As a result, those corporations who had not patched their systems (and blocked the relative ports at the firewalls) should share a LARGE chunk of the blame, but the ultimate blame rests on those who exploited the vulnerabilty, regardless of their motivation. Just because the door is open, doesn't give you the right to come in.
I'm not a coder, so I may be sticking my neck out on a limb here, but how many University programs teach responsible (read: secure) coding? I know many, many tomes have been written on the subject, but is it really TAUGHT at the University level, where the majority of the corporate coders come from? If the mentality were in place, do you think we would have as many vulnerabilities in any software used/sold? I, for one, would like to think that we would not.
An even bigger culprit is the 'point and click' mentality that has developed from overuse of GUI. This is fostered in the workplace by the lack of training given to end users because XYZ Corp only has 4 IT guys to support 10,000 users. Hyperbole, and I know it, but intentional use to point out the simple fact that in most companies, GUI=Easy, hence Dick and Jane don't need to be trained.
I have been a consultant in places where the CEO doesn't use a computer because he doesn't understand them. Instead, his AA prints out relative e-mails, the CEO reads and write responses, which the AA puts back into e-mail. Consequently, the use of computers internally was limited to managers, while the workers used pencil and paper. Can you imagine an entire accounting department using pencil and paper? 30 people? The data was then chunked back into spreadsheets by 5 AA's and those spreadsheets reviewed by a Chief Accountant who put the data into the financial software. CSR's used pencil and paper and actual BOOKS to read the problem response out of. The had a complicated numerical system to refer to problems, the CSR's made checkmarks by the appropriate column, tallied them at the end of the workday, and 4 AA's put this data in a Spreadsheet for the CSR Manager to review.
Sure, their computer costs were reduced--the network only had 25 PC's on it, they were running NetWare 3.22, so it was a very stable network; I only visted them to install Novell updates and fix printers (install toner cartridges mostly) and computers. E-mail was handled via Eudora--they used POP mailboxes hosted at an ISP. Did I also mention this was a Fortune 500 company that spun off of a Fortune 100 Company? Did I also mention that it spiraled downward to bankruptcy, was purchased cheap by some investors who sold the parts for more than they bought it for (like an old Buick)?
My point is this. It is the *perception* that learning computers is hard for the average Dick and Jane that should be fought. Unfortunately, this is a difficult mentality to combat, especially where 'Dick and Jane' are much older and never had computers when they first started working for company X. Granted, using an efficient and effective patch update system on Corporate Networks would be a boon--and to be fair, many companies do this. But, more do not, so we end up with a hodge-podge of patched systems and have problems when a vulnerability is exploited.
Vulnerability exploiters *should* be punished, regardless of whether they are the first, or thirty-first exploiter. I do not believe for a minute in the facts as presented by another poster that 'deterrence' is a distant reason for puni
In America today you can murder land for private profit. You can leave the corpse for all to see, and nobody calls the c
What law is broken when a virus is released? Is there one? Is it illegal to make a self propagating computer program?
The Kruger Dunning explains most post on
From the Minneapolis Star Tribune.
"Two things are infinite: the universe and human stupidity, and I'm not sure about the former." -- Albert Einstein
He deserves everything he gets. That is how prisons are. He knew that prisons were bad before he wrote the virus. I hope they throw the book at him and someone beats the hell out of him behind bars. I hope he has the worst 10 years of his life behind bars. People like him cost everyone else lots of money and time and fustration. If society can eliminate these kinds of drains, then the whole world will be a better place. Lets face it, this kid does not deserve any sympathy.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Stop propagating the MS spin. Just because MS has convinced the mainstream media and the Anti-virus software houses ( whos entire buisness is dependent on MS) to change the name does not mean everyone needs to do the same. The only true name for the virus is MSBlaster.
Prison is supposed to be hell. It is not supposed to be fun or easy. And remember, it is not the jailers who rape, it is the other losers who were convicted of crimes. What do all criminals share in common? The have no concern for others. So you get stuck in a place where nobody cares if you like it or not. I hope they nail the SOB who wrote the virus.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
According to the Washington Post's latest update, it looks like, yeah, he's that dumb.
The person the FBI arrested is responsible for the Blaster.B variant and one of his changes was to have the worm register itself at his personal website so he could keep track of the infected machines. Seems to me that writing a worm that "phones home" directly to your own web site ought to qualify you for some sort of special "Idiot of the Year" award. (I suppose that's less expensive than renting a billboard.)
so ***World crippled by 18 year old*** makes you feel much better about it?
Obviously that kid was at the glue strip of his intellectual envelope.
Pete Carr Owner Chatmag.com
If the implementation was any good it'd not be noticable for the users that they got rooted. The worm wouldn't overload everything and get noticed immediately. It wouldn't postpone the DoS long enough for MS to handle it. It wouldn't attack the wrong website. It wouldn't be unable to upgrade itself anonymously.
So, yes, it was a lousy implementation. I'm just happy that we haven't seen a well-written worm really attempting to create havoc yet.
The next great MMORPG.
My President, I think We finally have evidence of Iraqi possetion of Weapons Of Mass Distruction.......;
'ya know, I have next to no sympathy for the companies that were caught by Blaster and wish that more of these little devastating buggers were written and released. What's the point in pesimizing shitty software if it never gets exploited? Microsoft releases a bad product, then companies should chase after Microsoft for the holes in its software, not the guy who exploited the bug. Sure Microsoft had released a fix, but if the company didn't have firewalls or a way to update their infrastructure... I just have zero sympathy for them.
Until next time the circus starts, --Being Monitored
Heck... call Jay Leno! Finally some intelligent answers may be forthcoming.
Get ready to be "Blaster"ed in the ass... Keep a tight grip on that soap boy...
I highly suggest that ANYONE dealing with Microsoft products go setup SUS right now. (Software Update Services). It's a server that runs on the local network and pushes updates out to all Win2K/XP clients. Microsoft has not been idle and has actively been releasing new tools (Urlscan, Baseline Security Analyzer, SUS, etc)
1. Install SUS on one of your servers. Let it sync its updates, then log in and approve whatever updates you want to go out. Also set it up to automatically grab new updates from Microsoft every night.
2. In Active Directory, create a new group policy applied to the container that has all of your machines in it, or even to the entire enterprise. In this policy, add the Sus client MSI file to the software push (assign it).
3. Download the SUS ADM file, and import it in the group policy editor snapin. You will now see a new item under System Components - Windows Update. Select it, and set your options.... what server to go to, whether to install without user intervention (like every night at 3:00 am), and so on.
There are (free) log analyzers that will scan the log files and stuff the data into a SQL database, then produce a report from it detailing what machines installed what patches, what patches failed, and so on.
There really is no excuse. Once you do this, the ONLY thing you need to do is login to SusAdmin and approve updates from time to time (or use the hack to make it approve updates automatically every time they arrive.) This makes it a painless, easy, and foolproof process to patch all the Win2K/XP machines on your network.
Natural != (nontoxic || beneficial)
It's not supposed to be pleasant. But it's not supposed to be torture either.
When we put someone in prison, it's to take away their freedom to do more damage. IT's not supposed to be FUN.. it's supposed to be a simple existence. You eat, shit, and breathe.
However, knowing that in the federal pen you will be sodomized, beaten, tattood, and basically have a really shitty inhumane existance... sentencing someone to federal prison is the same thing as sentencing them to rape, beatings, and torture, both physically and mentally.
The Minneapolis Star Tribune is reporting (registration free but required) that the FBI has arrested a "teenager" from suburban Minneapolis, Minnesota (Hopkins, MN).
I have some problems with various parts of your post, but I'll just focus on the last part here:
I often tend to think of prision as punishment as well, but even this (supposedly simple) point is not without contention. I ask you: Is the purpose of a prision to rehabilite people or is it to punish them? You'll probably say, "both" but does that really make sense?
If the purpose is really just to punish then why do we even bother? Punishment is not all that effective a deterrent. Why not just kill every one that ever gets sent to prision? (I'm not being serious here.)
No answers here, just a bunch of discussion questions.
Furry cows moo and decompress.
Seattle Times
U.S. cyber investigators arrested a Minnesota teenager today who the FBI said has admitted unleashing one version of a damaging virus-like infection weeks ago on the Internet.
A court official identified the teenager as Jeffrey Lee Parson, 18, of Hopkins, Minn., known online as "teekid." A U.S. official in Washington also confirmed an arrest was made early today.
I think what he did was more like arson not terrorism. He should get a sentence similar to the kind that an 18 yr old arsonist would get.
Furry cows moo and decompress.
/MTV Matrix Spoof, somehow seeming appropriate.
_______________________
Sigs are insiginificant.
"Well, uh, I saw this computer thing that this kid was working on and I didn't understand what he was looking at because there were no pictures so I thought "OMFG HAX0RZ" and called the FBI."
We're going waaayy off topic here, but hey, it's fun :-)
"It's really inhumane to thin the herd of an overpopulated free range animal which would breed itself into starvation if left unchecked."
You've not been to the UK have you?
When the poster was refering to hunting it was because they (hunters) hunt foxes most of the time. A "sab" is a hunt saboteur. A hunt is usually a big pack of dogs, some people on horses and a bunch of people on foot. It's not a "survival" weekend.
The fox will usually have been located beforehand and there has been stories in the press of foxes with cubs having had food left for them to encourage them to breed.
In short, no one's going to eat the fox, it will get chased to exhaustion and then pulled apart by the dogs. (or it might escape of course)
If you wanted to keep the natural population of foxes to a lower level, it would seem to be both more humane and less costly to simply shoot them.
However, the people on the horses are usually extremely rich, and it's them the hunts are organised for.
The only situation close to what you're thinking of is up north where the deer populations have to be culled, usually on Forestry commision land and usually by professional marksmen (or "shooters" depending on your viewpoint). There's a handbook on how the deer should be culled in order to follow the best currently believed practice.
There's also an invasive grey squirrel problem, which are somtimes culled but not exactly "hunted". Usually a bloke with an airrifle employed by the local nature reserve in order to give the native red squirels a chance.
Not sure why the parent poster was bashing fishermen. Maybe the outdoors scares him/her.
The "young man" is from Hopkins, MN. A local TV station, WCCO, just reported that the kid renamed the .exe to his online name, and altered a web URL to point to his personal web site.
Enough said.
You're wasting your figurative breath. America's war machine will not relent until the Ten Commandments monument is removed from the Baghdad courthouse.
The logic here is unbelieveable. So if you forget to lock a window in your home, and a burglar comes in and steals your stuff, and the burglar gets caught, YOU should be prosecuted for burglary for leaving the window open?
No, but if the guy who built my house put little windows all over it that only burglars know about, and made sure the ones I do know about are broken such that they are difficult/impossible to keep closed, I would be pretty upset with him, wouldn't you?
We need to start making people take responsibility for their own ACTIONS and quit blaming others. It's like blaming a door-lock manufacturer because someone can pick the lock! There will always be people that take UNLAWFUL advantage of real or perceived situations. That doesn't mean they are any less to blame for their actions.
This door lock manufacturer has designed his door locks specifically to be easily picked on purpose. That is the difference here. Virus writers are wrong, but Microsoft wants a caning as well.
Check the Yahoo story here
If everyone in town parks a Mercedes in front of their house with the doors open, the keys in the ignition and a welcome mat thrown down, does anybody in town have a right to complain when their cars are gone in the morning?
In the same way, people are running an OS platform with a truly horrible security record. It's their own fault.
The U.S. District Attorney's Office requests that people stop having ClueBats delivered...
In all seriousness, yes the problem was with Microsoft software, but in reality the patches were available almost full month before the blaster worm was released. As a result, those corporations who had not patched their systems (and blocked the relative ports at the firewalls) should share a LARGE chunk of the blame, but the ultimate blame rests on those who exploited the vulnerabilty, regardless of their motivation. Just because the door is open, doesn't give you the right to come in.
People keep saying that, but the fact of the matter is that the patches that were available a month before did not protect people from some of the worm variants. Microsoft has been patching RPC all year and has still not gotten it right. In the heat the worm infestations (about a week's time) they released four or more patches for these vulnerabilities. Clearly the worm writers kept finding bugs in Microsoft's cruft.
It does not make sense to me that Windows needs an RPC service and won't let you turn it off, anyway. It is ridiculous and an inherent security flaw from the beginning. Likewise their "encryption" that is crackable in 13 seconds for passwords. This of course was supposed to be better than their previous model of sending passwords over the net for no good reason in plaintext. Great.
It does no good to lambast admins by saying "patches were out months ago" when the patches either broke things, did not protect from the $famous_worm_du_jour, or both for good measure, which has been the case with every worm lately.
Jeffrey Lee Parson, 18, of Hopkins, Minn., known online as "teekid."
:) possibly in asm or c , like evilbot would be good , thats what im using now , but if you have more than 100 or so in 1 chan a bunch ping out , and it has some un-needed features (the icmp is shit) :)"
Could this be our little perp?
(from the TrojanForge.NET archive:
"Teekid
im looking for a verfy tiny irc bot that all it does is have a web download , and a very stable udp feature , thats it
possibly open source would be good too
and
[from the Google cache of t33kid.com]
"my little p2p worm spreads via kazaa and imesh, downloads a file from web. No biggie."
The actual page has ben.....taken down, shall we say.
While I initially found the article linked to be interesting (and appalling), I grew uncomfortable with what appeared to be a racist bent to the editorializing in the article.
A Google search turns up the fact that Jared Taylor is considered "America's most dangerous racist." The rest of the American Renaissance site is full of erudite but clearly racist commentary.
Yes, prison rape is appalling, but a better link for reference on the topic is this one for the original book on the subject, rather than a racist's view of the material.
The logic here is unbelieveable. So if you forget to lock a window in your home, and a burglar comes in and steals your stuff, and the burglar gets caught, YOU should be prosecuted for burglary for leaving the window open?
Nope, but if he cuts his fingers on the window in the process you could get prosecuted. Isn't the law great?
Your $35/hour salary is (hopefully!) not in a computer field. Otherwise, you would be asking $17.50 for fixing your friend's computer and $0 for your own, because you installed a firewall and kept up to date with Windows Update.
Sure, virus writters should be punished in some way, like a fine that is significant but not insane for their income. Your $245 is just because of how you chose to deal with the problem, and shouldn't be recognized as a reasonable expense by law.
So if you forget to lock a window in your home, and a burglar comes in and steals your stuff, and the burglar gets caught, YOU should be prosecuted for burglary for leaving the window open? Yes. If YOU forget to lock windows in YOUR house, YOU will be guilty.
That's why you're locking your windows in the first place, right?
I'm all for the appropriate prosecution of individuals who exploit social and technical flaws for their personal gain. However I'm curious about the accountability of the manufacturers of the software whose flaws are exploited.
Should not microsoft be at all responsible for releasing insecure products? I'm aware that 100% security is all but inconcievable. But short of saving face, what motivation do microsoft and similar companies have to produce secure products?
If I build a building that is not up to fire code, and an arsonist sets my building on fire, and people get hurt, yes the arsonist gets arrested, but then I get sued and fined for not taking the appropriate measures to protect the inhabitants for such a calamity.
Of course there are no fire codes for software, but does this mean that the publishers are without responsibility when their users get burned?
120 character sigs suck. Make it 250.
On tonight's TV news and in tomorrows newspapers we will see and hear headlines that tell us that the blaster author has been caught and that he faces a lengthy prison sentence. This is what most people will hear and understand. The few who dig deeper will learn that this kid took the worm and created a variant of it.
What the kid allegidly did is wrong, if he did it, he deserves to be arrested, arraigned and go through the process and ultimately be punnished.
I smell a smoke screen here. It seems to me like the FBI is making this arrest and getting the publicity here for their own purposes. By making an arrest and getting publicity, they are doing something for themselves. People will think the FBI actually caught the guy that did it. That isn't true. They caught a stupid individual who took the code, changed it, and re-released it.
Now that the pressure is off, I doubt that the FBI will be able to afford many resources to keep hunting down the original author. They will keep some people on the case but the reality is that they will task most of the agents to other higher priority things now that this is going to the back burner.
To me, the FBI has achieved their goal - to divert publicity away from themselves but, they have not achieved justice which is what I would expect of them.
Hacker Suspect Bragged of Exploits
Jason Lee Parson, the 18-year-old Minnesotan who was arrested Friday in connection with the Blaster worm, bragged of his exploits on his own Web site.
Parson, who was known online as "teekid," is suspected of creating and releasing a third version of the Blaster worm, a malicious program that spread itself around the Internet using a viral engine bearing his online moniker, "teekids.exe."
The Web site registered under his own name and Minnesota address -- www.t33kids.com -- is no longer up. But a cached version of his site on Google offers insight into the mind of a young hacker who was apparently proud of his work.
While nothing on his site specifically references Blaster, Parson bragged about several of his recent creations, including a worm called "p2p.teekid.c" that spread over file-sharing networks like Kazaa and iMesh. The site also offered links allowing people to download and potentially tweak his malicious programs.
"My little p2p worm spreads via Kazza and imesh, downloads a file from web. No biggee."
Parson also apparently broke into the Web site of the Minnesota Governor's office, leaving the message "site hacked by Teekid."
In an online forum, Teekid described himself as a "junior Trojaner." A Trojan horse is a malicious program that, when installed on a victim's computer, allows attackers to take complete control over the infected computer. One of the main alterations Parson allegedly made to the Blaster worm was the inclusion of a backdoor Trojan.
reference
Something that I've been wondering recently - embedded in the worm was the message "bill gates how do you let this happen? stop making money and fix this!" and that it was setting up a DDOS attack on windowsupdate.com.
Now, I haven't looked at the code to this worm, but is it possible that the "DDOS attack" that the worm was supposed to do was merely making sure every computer that was infected would load up windowsupdate.com and patch itself properly?
From one perspective, this would be a DDOS, but on the other hand, it could be seen as a mass innoculation.
How would journalists report the difference?
There once was a young college slacker, Who thought he'd become a 133T hacker. The Feds thought him lame- caught him at his game. His new roommate is now the ass-cracker.
If you are going try to use factual information, don't use some racist's version of it. I just read that piece (Hard Time) and found many stereotypes and misleading racial statements.
Jared Taylor is a new and dangerous type of American racist. Instead of using his fists and inciting violence, he uses spin and intellectual logic to make a case for racism.
"If you're not confused by quantum mechanics, you really don't understand it." - Niels Bohr
Ok, he shouldn't have done that but the truth is that vulnerability HAD TO BE PATCHED. It was people's ignorance that caused the worm to be a worm in the first place.
Would you have preferred that companies and government agencies which keep your confidential data or your own computer are completely open to anyone with knowledge of the exploit at their liking?
Stop bitching and keep your system up to date.
You would think Symantec should send him a check. For services rendered.
OH THE SHAME I fell off the wagon and use sigs again!
Too bad there's not more geeks in jail, so this guy can really get what's coming to him (an ass kicking [or ramming]). There's probably nobody in jail who will have any comprehension of what he did.
It's not that they wouldn't do anything else... it's just that if a person had a significant other (and a relationship decent enough to get lucky), then said person would hopefully have something better to do than do dipshit things like creating viruses.
Getting laid certainly hasn't distracted me from coding, or games, it's part of who I am and what I do... but as per stupid things such as virus writing... well a g/f is a much better thing. Virus writing for many is a cheap thrill... generally representing a lack of other forms of entertainment
All these comments posted claiming this kid is innocent obviously haven't run a google search yet for "teekid"... Quite a few of his antics, including defacing the Minnesota Government Finance Officers Association page are still in the google cache.
I think the FBI deserves props for catching this guy, even if he's not the original author, he was still up to no good and one less script kiddie is one less script kiddie.
Can you please name one U.S. judge who has ever sentenced a criminal to the punishment of rape?
The Minneapolis Star Tribune has a story on this as well. They were also able to nab a picture of the dude from the local yearbook.
Personally, I still don't understand why you would ever include a bit in the virus that links to your own personal webpage. Talk about an easy way to get caught!!
marcIt amazes me that so many people would call this kid stupid. You can't be that dumb to write and spread something this bad this effectively.
/.ers here would dream of.
The kid lacks some serious ethics... but damn don't call him stupid. He's doing things to windows many
>>The real bag guys in this whole thing are the ones with all the money in Redmond. It's their crap that's broken by design.
... as well. All of them are the bottom of the engineering barrel.
This is like saying, to use the red-light example, that because barriers are not thrown up when there is a red light, that red-light-runners should not be liable for running the red lights.
Is it bad that MS stuff is "broken by design?" Sure, that's a bad thing. But is it then necessary that virus writers exploit the shortcomings to inconvenience every user of said software? No, it absolutely is not. It would be better for those writers to devote their talents (I use the word with some reticence) to coming up with solutions or protections, not exploits.
If this person is responsible for the original virus or any iteration thereof, he should have been willing accept the consequences of unleashing it (and every virus writer knows that what he is doing is illegal and prosecutable). Perhaps by catching this guy, they can get closer to the original authors, and arrest them as well. Not instead of
The GPL really is a viral license.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
thanx.. you just made my point
you speed.. you have broken the law, you didnt go to "pound-me-in-the-ass-prision" this time.. but keep it up and you will.
even though you will serving time as punishment for something you did because you knew the consequences of breaking thoes laws regardless that most ppl in this world break thoes law you decided to break the law, i will still show compassion and sympathy for your plight.
why? because im a human, not a heartless prick.
The More Knowledge you have the Luckier you Get- J.R. Ewing
Let's put it in perspective, Ralph Nader wrote "Unsafe at any Speed" about the Chevrolet Corvair's swing axle suspension. Of course, by the time he wrote it, the Corvair was no longer using that suspension but Ralph took the credit for "changing the auto industry". You bought into it enough to give him credit for fixing the Pinto which was shipped broken by your "up to safety standards" auto industry almost 20 years after Ralph "fixed it".
Oh, and to use your auto analogy, the equivalent for Microsoft's actions with Blaster would be:
A defect is found in a few Fords
Ford issues a fix before anybody has the fault show up
Ford goes door to door to every owner's house and every business' garage and offers to fix the defect for free
Some of the owners refuse to let the defect get fixed despite the Ford repair crew waiting in their front yard 24/7 for a couple of months
After months of the owners' refusal in fixing the defect, it breaks
The owners who repeatedly refused the free repair then yell at Ford
Yes, I should have pointed that out. Jared Taylor is a racist, but I would add certain qualifications to that term. He is no Nazi or KKK member or even anti-Semitic -- that is what earns him the title of "most dangerous," or so I heard when NPR interviewed him a while back. The argument is that by not advocating violence or legal discrimination, he makes racism more respectable. I certainly disagree with a number of things that he says, but he says nothing that would be considered racist were he Black, American Indian, or Hispanic. At least so far as I have read in his work. The worst thing I could say about him is that he is a separatist -- in that he believes in the failure of people in multicultural societies to get along together peacefully. I have read some of the American Renaissance articles on the site. Some I disagree with vehemently, but others I couldn't recommend more. He talks about race honestly. He believes in racial differences. And he believes that he should act to support his own race. I am not prepared to condemn him so long as he sticks to that particular stance.
I pointed out his article because the black-white dimension of prison rape is real and ignored. If I knew someone other than Taylor who wrote about it, I would have pointed that out instead. In fact that is the best argument I can make for at least considering his viewpoints. Taylor often writes about extremely important subjects that are otherwise ignored because of our ideology.
So if you forget to lock a window in your home, and a burglar comes in and steals your stuff, and the burglar gets caught, YOU should be prosecuted for burglary for leaving the window open?
I don't see how that relates in any way to what the parent post said, but as long as you're making stupid analogies:
In the real world, negligence is frequently the cause of legal action. If you leave your windows unlocked and a burglar comes into your home and finds a loaded gun which he then uses to kill others, you might be liable. Your property/equipment was used without your permission to attack others, just as in a worm exploiting your computer and using its resources to spread further.
Who's guilty of negligence? You are, for one. You didn't use any firewall. You didn't keep your patches up. You didn't lock your doors and windows. Microsoft is too, I'd imagine. They did not take sufficient measures to insure that their customers knew how to lock their windows and doors, or even that they should. Unfortunately, at this point, Microsoft is fucked. Their customers hate and mistrust them so much that most of them aren't willing to communicate with Microsoft enough to actually get the advisories and instructions.
A lot of cultural changes are needed to fix this situation, which I think gets overlooked when people talk about the technological changes needed to fix these problems.
Connect to the internet at your own risk! A virus is simple a service provided you choose to accept. Sure there's no fancy dialog that ask you if you want to get infected but just by connecting to the internet and knownly running insecure software you are agreeing to anything that can happen to you. The internet is free ground, you can't govern it and no laws apply, i'm sorry to break it to you but you can't whine about what has happened here, it's your fault for connecting to the internet and knownly using insecure software. If you don't want a virus, shutdown, seriously. So stop blaming the author. He/She can only be liable for infections that he/she directly physically applied, all the rest is the fault of those that chose to accept it.
if you don't understand how the author isn't liable, it works like this.
The internet is Free ground, no laws, no government, anything goes. The virus author infects a computer, then the computer sends it out to the internet. Right there is where the liablity ends for the author. Because now it's up to an other computer to accept whats coming. Unless the author physically puts the virus in the computer through none 'internet' means then they can't be liable. It was the computer's choice to accpect what was coming from the internet, and so it's liable, but since a computer can't be liable and you are liable for your own computer then you are liable for getting infected, and infecting other computers that are connected through any law governed medium, anything except the internet. Again, your now infected computer sends the infection out through the internet, there now your liablity ends, you aren't liable for those infections. And it keeps going on. So it boils down to that everyone that got infected is equally liable as the author or more, because once that virus goes through the internet all liablity for it is dropped because no laws can apply to it. Think about it. It's comparible to open waters, or something that happens out in space or on another planet.
Forget fines.
Forget jail time.
Forget community service.
Just turn em over to a mob of sysadmins who had to deal with the dammned thing.
I'm suite sure they could come up with something do do with them. (Like seeing how many transitors they could shove up his ass...)
Okay, you have a point, but I still don't fully agree with it. I speed. A relationship doesn't stop this. Speeding is a dipshit thing to do, but hell, I enjoy it, and it's my vice.
I have often looked at virus creation. Although I have never bothered to actually 'get into it', I think the theories behind virus coding present an interesting challenge.
That said, clearly virus writers break into two groups, a) the group with low self esteem, who write viruses to feel like they made a 'difference' in the world, and who desperately seek attention.. and b) people who find the whole concept of viruses interesting from a computer science (or even biological) aspect.
So, and this is perhaps where I'll agree with you, maybe these 'low self esteem' virus writers, if they had a girlfriend, wouldn't have low self esteem anymore, and wouldn't write viruses?
mogorific carpentry experiments
Yeah, well, that part's been superseded by the "render unto Ceaser" bit. Deal with it.
teekid is ambient@onesevennine.tcp * xr m @#all_the_dumbass's_come_from_MN /WHOIS list.
teekid on @#I'm_famous_for_writing_the_most_poorly_coded_wo
teekid using irc.du.se Dalarnas University, Borlange/Sweden.
teekid End of
Fat luser from way back.
As you can see I don't care about my karma.
...we need more heroes like this. What a topsy-turvy world we live in when the little boy is thrown in the jail for exposing the emperor's nudity.
tcboo
Prison rape will start showing up in other, unrelated threads. If you don't knock it off, "prison rape" will become the next annoyance in the long chain of "In Soviet Russia...", "1) foo 2) ??? 3) profit!", "Can you imagine a Beowulf cluster of..." SCO, Hot Grits, First Post, Natalie Portman, goatse.cx, etc.
I personally don't want this to happen because of the unfortunate combinations that can be formed by crossing the "prison rape" meme with the "beowulf cluster" meme.
I'm here at work, at the Science Library at UCSC. I just tried to read the article, but immediately upon openning the page, I got a BSOD. I tried to do it with another computer at the desk here, and got the same thing. Perhaps there's a new worm out that crashes your computer whenever you go to a page with the word "MSBlaster" in it so you can never find the information on patching it? ;)
Look it up, amigo. If you know about a felony and you don't report it, you are guilty of cover-up and can serve time for your avoidance of doing the right thing.
And while we're at it, YOU should look it up in the US legal code.
You won't find it.
That's because it's one of the BIG differences between law in the US and, say England.
The US does NOT require you to turn in your neighbors, your family members, or the local gangsters, if you happen to see them commit what you believe is a crime, and thus become a target of reprisals, defamation suits, and divorce papers. You do NOT need to be a hero, a snitch, or an unpaid government agent.
A few individual states try to impose such requirements, but always in connection with providing statutory immunity if you happen to be wrong, with "Good Samaritan" laws. (Originally these were laws requiring doctors to render aid at accident scenes and immunizing them against malpractice suits, but a couple states tried to extend them to reporting crimes.)
WHY is it different? Think about it: The constitution was written by people who JUST REVOLTED AGAINST THEIR LEGAL GOVERNMENT - and thought their descendants should have the same option if the government THEY set up went bad. How would a requirement to fink out anyone committing a "crime" - even if the crime is something you don't believe should be a crime (like opposing the rotten regime) - POSSIBLY be allowed among the web of restraints they built to keep the new government in check?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
... a nice shiny new Darwin award trophy goes to one Jeff Parson of Hopkins, Minn. for multiple major failures of intelligence, including but not limited to: 1) modifying someone else's virus instead of having the creativity to come up with his own, and further 2) modifying said virus to connect to a web site in order to possibly, if desired, gain access to infected computers in the future, and lastly 3) using a web site (t33kid.com) for beforementioned purpose that he personally owned, and which was officially registered to him at his home address! I quote Robert Mueller from the FBI: "We employ the latest technology and code analysis to direct us to potential sources, and I am confident that we will find the culprits," Mr. Mueller said Tuesday." and further: "Investigators say they were able to track him down after interviewing the person who hosted Parson's site t33kid.com. " what a lot of hooey!!! my grandmother could have found this kid... go do a WHOIS on t33kid.com ridiculous.... d.
I looked into this and skimmed the documentation. It didn't appear to have a way for me to make sure that the management-folks who bring in laptops every morning get updated. It seemed to be more oriented to updating desktops in the middle of the night (or in the middle of the day but that'd be a tad disruptive around here anyway.)
Is there something that lets me insure when the laptop users plugin to our network, they are asked/forced, first thing, to get the new updates? Maybe I missed it?
--LP
Oops. Accidentally hit Submit rather than Preview before finishing.
The US does NOT require you to turn in your neighbors, your family members, or the local gangsters, if you happen to see them commit what you believe is a crime, and thus become a target of reprisals, defamation suits, and divorce papers. You do NOT need to be a hero, a snitch, or an unpaid government agent.
What IS required is that you not lie, destroy evidence, or otherwise act to conceal or assist a crime. (Serve as an "accessory" - before or after "the fact".)
If the cops come and ask you about it you can refuse to tell them about it. But lying about it IS a crime. If called to testify in court you CAN be compelled to testify - but only in conjunction with a grant of immunity for yourself (because you can't be compelled to testify against yourself - a mechanism to prevent torturing confessions out of those accused of crimes.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Here is a picture of the script kiddie to photoshop. Enjoy :)
From cnn:"Parson also admitted that he renamed the original "MSBlast.exe" executable "teekids.exe," after his online name 'teekid,'" according to FBI documents.
Note to self: If creating a virus, do not use your alias as the name of the executable.
In the latest releases his name and location are now out. He named the file using his on-line handle. He pointed the virus to his personal page. And he added a backdoor. Basically he was an idiot. The FBI found him in chat rooms talking about his little virus hack and tracked down where he was living from his domain registration info.
The "testing" was probably people on chat rooms reading as he used his backdoor and reported what he was able to do. He released it on the 14th and on the 19th he was pinpointed. 10 days later they released his info as he was officially in court for his first hearing.
And he admitted to all of it. The question is no longer his guilt, but simply what punishment he should recieve. As he's 18, he's an adult and with 7000 infected computers to his credit he's pretty much screwed.
And I don't think Angelina Jolie will be waiting for him to get out.
Ben
Work Safe Porn
Any virus writer?
Just haul the whole of microsoft off to jail in that case. Rembemer, IDIOT!, it's not "malicious code" it's a exploitation of STUPID code produced by the authors of windows. Microsoft still isn't half as serious as they need to be, they never get out security fixes before someone causes havoc, or could cause havoc, and they never NEVER EVER fix their STUPID code base.
What did he actually do wrong, anyway, try to sum it up in a few words. Remember, this virus is just another program, it just runs different, and I don't think there is any crime involved, other than "malicious code" Who is supposed to define "malicious code" anyway? M$? Lets hope not!
Do I feel your pain, sure, I got hit with msblast on win2k, it stinks, but I'm not going to point my finger at a amature virus writer, whom I have no business with, and who didn't form an illegal monopoly, and mess up the computer industry, just look at the XBOX, and then tell me that M$ didn't intentionally make win2k and winxp suck.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
This, of course, is not the last time we will see someone who attacks and undermines the infrastructure, but who is not a terrorist, etc. The only really appropriate response is to recognize that these people have shown that they are too irresponsible to live in a world undergoing a high rate of technical evolution. The simplest solution is to set aside regions of the country as non-technical zones. We can hire the Amish to run them and gaurantee a 19th-century level of technology. The only advanced item would be the 'ankle-bracelets' on the offenders giving their GPS coordinates, so they do not get to leave. Essentially, I suggest sending these folks back to the 19th century for a time, possibly the rest of their lives (19th century medicine was pretty poor) while those who are capable of dealing with this world move on into the future.
Well, now in prison he will understand the real meaning of backdoor intrusion... ;)
Yahh, hiii haaaaa! -Major Kong, from Dr. Strangelove
Let's view the original virus writer as the bank robber who masterminded a great vault robbery that entailed tunneling under the streets of Paris over the course of several weeks, and got away scot-free.
Let's then view the person they caught as someone who stumbled across the tunnels after the original bank robber got away, and used the tunnels to get into the vault and grab a few pieces the original bank robber left behind.
At this point, we can easily drum up sympathy for the second bank robber because his was a crime of opportunity -- he would never have gotten into the vault/released the virus if someone else hadn't already broken into the vault/written the virus first. We can also easily feel that his prosecution is unjust, as the "real" bank robber (who did far more harm) got away. So all of you who might feel that way, your feelings are reasonable and understandable. I had them at first, too.
They're also misguided, because his actions DID cause harm, and he did make a conscious decision to take the opportunity that presented itself. Your feelings would be better spent on someone who did no actual harm, and was instead being framed for a crime they did not commit.
Now, if the prosecutors in this case try and convict this person for writing the ORIGINAL virus, THEN it might be reasonable to have those feelings again. It would be akin to the second bank robber being blamed not for picking up scraps, but for the tunnels and major robbery that he didn't commit. In a way, he's being framed for a LARGER crime than he committed.
Then again, how do we know he didn't commit the larger crime? He could always just be claiming to be someone who found the tunnels afterward/renamed someone else's virus and sent it out. We can't be sure, and until someone else comes along as a suspect, most people would probably assume he was responsible for the whole thing.
Whew. Long post.
The lesson is this: don't be foolish enough to commit a crime of opportunity, lest you be charged with an enormity of crimes perpetrated by others who had the same opportunity -- or made the opportunity in the first place.
If I am walking down the street and see some guy about to kill another guy with a hammer to the head I am under no legal obligation to attempt to dissuade or stop the would be killer.
It depends who "I" am. If I am a police officer, then I have sworn to protect the public, and I can be fired and held responsible for not "doing my duty" even when off-duty and out of uniform.
There was a big story about this situation a few years ago. There was an armed robbery. The officer was off-duty. The officer ducked and someone else died. The officer was charged with something, but I do not remember the outcome of his trial.
The same principle applies throughout all of American style-law, and I can't think of any exceptions where a person has an affirmative duty to thwart crime or criminals.
You can be charged with "Being an accomplice" if you knew a crime was about to happen and you did not attempt to prevent it. No need to be a hero, just alert the authorities. Also "Accessory after the fact" applies to knowing a crime was committed and not reporting it. Of course, if the criminal is never caught, your knowing is not likely to get you in trouble. And if nobody knows you know, then you cannot be charged. The laws are there to provide the public with a reason to help the police.
Disclaimer: I am not and have never been a lawyer, police officer, or criminal.
---
I do not know how any of this would apply to the IT world. Much of our work is done solo. I am certain anybody doing anything illegal would prefer to work unobserved.
There was a Slashdot article about SC requiring IT workers to report any child porn found. As a trusted and responsible admin, I never look at anybody's data unless I must, and I doubt someone would ask me to help with an illegal picture. Anybody reporting someone under this law would be admitting to snooping, and would never work again.
I spend my life entertaining my brain.
Oh really? This has nothing to do with the Good Sam laws. Those are intended to prevent lawsuits from helping injured people. Misprison is about the Feds getting everyone related to a federal investigation. Don't get mad at me because it doesn't make sense. I didn't write the law. Here you go: Misprison of a felony
Laws are for people with no friends.
This kid is a true genius. He modifies the worm and renames it teekids.exe and sends it out. He hacks a site or two and puts his signature "Teekid hacked this site". He posts regularly to trojan and virus sites broadcasting his intentions. He then **get this** registers t33kid.com to his own name and address. Did he want to get caught????? This guy is a regular Forrest Gump.
LEPP
Here is a google cache of the perp's siteD R3mcJ: t33kid.com/+&hl=en&ie=UTF-8
o e=UTF-8&safe=off&q=teekid&sa=N&tab=iw"
http://216.239.41.104/search?q=cache:FEZleH
The current site "http://www.t33kid.com/" has been removed.
A google search on 'teekid' brings up quite a bit. "http://www.google.com/search?hl=en&lr=&ie=UTF-8&
Cave, wreck, and deep diver.
Assuming you are who you claim to be (which I doubt)...
"This is completely wrong. All I did was examine the Blaster worm and make a few changes."
Oh no! Somebody's being held accountable for their own actions or lack thereof! The humanity!
Don't worry, son. I'm sure your lawyer will just trot out the ol' "EverQuest made me do it!" defense. No jury in the world would convict after that.
I just checked my logs. Port 135 is popular again toady. Fuck loosers.
As you can see I don't care about my karma.
I think your absolutism regarding graffiti should be tempered by the circumstances. Michael Fay spray-painted a lot of people's cars - I agree that he deserved what he got. But someone who spraypaints the side of a warehouse shouldn't be seen in the same light. Although it's technically "private" property, it doesn't have the same direct path to the owner's heart and blood pressure. In fact, it's probably owned by a corporation.
Sorry for pointing out the racial reference. But com'on folks.
You can bet that Microsoft probably wishes different choices were made. And I'm sure that thousands of Microsoft employees curses the choices that were made daily. Choices that were made against the constraints of the time they were made in.
And the "encryption" you're talking about is either the reversible encryption, or the old "home" computer versions deployed in small workgroups. In which case let me say, "I've also noticed the unsuitability of screw drivers for pounding nails."
But the difference here is that Windows is designed to be insecure. No matter how hard you try, any system will have bugs, because it is designed by humans. But Microsoft has deliberately added "features" to their operating system and made design decisions whihc make it insecure and unstable. They aren't even trying, either because they don't feel that they have to compete, or because they do not care.
The encryption I am talking about is the password encryption for NT and Windows 2000. Firstly, it is weak and recently has proven trivial to crack. Secondly there is the matter of NT sending passwords over the wire to connect to smb file shares, which initially were plaintext, and later were encrypted using this sad encryption in SP4 or so (even then it was possible to turn the encryption off and many did).
You are right about screws being unsuitable for use as nails nails, but then Microsoft products are likewise unsuitable for use in enterprise environments or anywhere that security is even vaguely important.
Here's a http://us.news1.yimg.com/us.yimg.com/p/rids/200308 29/t/1062184970.2617294885.jpg link to a photo of this winner.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
You might want to do float y = 1.0/2.0 * x if you want the answer to be correct. Your example of bad 'c arithmetic' is completely user error.
Coming soon - pyrogyra
Viruses you dumb fuck. Virii - pftftftfttfft
He deserves a punishment fitting the crime
It is interesting that Slashdot crowd is usually quite willing to give harsh punishments to spammers. They say that since spammers take away millions of hours of people's time, it is comparable to murder, and life sentence is quite appropriate. Well, the exact same argument applies here, this guy is no better than the worst spammers and I don't see why he should get any more sympathy.
When men used to be men
Um, no. What crime would I be guilty of, exactly?
Theft? No
Negligence? No.
Then what crime?
If all you have is a hammer, everything looks like a nail.
"It simply shouldn't be POSSIBLE for an 18-year old to cause havoc like this."
Really not plausible. 18-year-olds drive. They work in restaurants. They work in crowded movie theaters and ballparks. Lots have access to the internet. Some of them may have access to chemicals. Others may have access to water supplys or power plants.
So do you recomend that everyone under, say, 21 be placed under house arrest?
If all you have is a hammer, everything looks like a nail.
No, no, no. I can leave my front door wide open, and because the law says that my property is private you'd be guilty of tresspassing at the very least. Anything you do on my private property without my express permission is YOUR fault, unless I have an 'attractive nuisance' like a swimming pool.
How is a server not private property?
And I dare you to prove that a gun or unpatched server is an attractive nuisance.
If all you have is a hammer, everything looks like a nail.
This chubbasaurus is an 18 year old adult (not a child; he can go to big boy's prison now, not kiddie kamp jail) I say send a message to all the script kiddies out there. Taking down large networks and causing X number of dollars in damages, lost productivity, etc. is a serious crime. If this POS gets the maximum penalty, maybe it'll make others (at least in countries that will do something about it) think twice.
Yes, Fatbastard did just tinker with the virus that he obviously didn't create himself. However, it's not his first crime his aliases point to according to what news is out there and his site hacking adventures.
Sadly, I would be willing to bet the author of the parent worm is probably not from the USA and from some country that has no cybercrime laws nor any extradition policy with the USA and will probably not be caught.
Get out a hanging judge, a short rope, and a long prison sentence.
Maybe Chubbs can pump some iron in prison and drop 200 lbs off his frame and come out a new man.
I think you're being mislead by the article you reference.
"To sustain a conviction of misprision of a felony, the government must prove beyond a reasonable doubt:
that the principal had committed and completed the felony alleged;
that the defendant had full knowledge of that fact;
that the defendant failed to notify authorities; and
that the defendant took affirmative steps to conceal the crime of the principal."
So not only does the original person have to be found guilty, but you have to be proven to have witnessed the crime, have been proven to have not reported it, and have been proven to have taken measures to conceal the crime that the first guy was convicted of.
Also:
"Examples of acts to conceal fraud include:
changing, hiding or destroying official records in order to conceal the fraudulent act;
suppression of evidence regarding the fraudulent act;
directlry or indirectly causing others to withold or surpress information pertaining to the fraudulent act;
making false statements to investigators regarding the fraudulent act;
or any other affirmative action designed to conceal the fraudulent act from authorities."
If all you have is a hammer, everything looks like a nail.
No, a better analogy is that you're renting (licensing) an apartment (operating system). You've noticed that whenever you open a window it creaks open again (security hole) and reported it to your landlord (Microsoft). He says he'll fix it, but in the meantime everyone in the neighborhood is talking about how your windows won't shut. You nail boards over some (firewalls) but you can't live in the apartment without some windows (services). Someone breaks in and steals your CDs.
While the burglar obviously committed a crime, it was enabled your landlord. He's guilty of negligence, which is prosecutable. It probably depends on the city, but I'm sure that in many places the landlord would be partly financially responsible. Why not Microsoft?
(Mind you, I'm not saying that any of this excuses the burglar.)
I'll stand corrected on one item: The US DOES have a crime CALLED "Misprison of Felony".
But I won't stand corrected on the primary point: In the US it is NOT a crime JUST to fail to turn 'em in (as "Misprison of Felony" means in other places, and as the discussion implied we were talking about here).
In the US you MUST ALSO do something EXTRA to try to HIDE them (such as destroying evidence, helping them out, lying to the cops, etc.)
From your own citation:
The elements of misprision of a feloney, both of which must be proved to support conviction, are:
concealment of something, such as suppression of evidence or some other positive act; and
failure to disclose.
Failure to disclose, without active concealment, is not a felony.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
If he is indeed victimized in prison, the person committing the act will have done something horribly wrong - but he himself, having already victimized others, will have little moral grounds on which to erect a legitimate complaint.
...] a crime against property is on the same level as a crime against an individual's life or liberty/freedom.
Uh, nope. Clobbering your server for a week does not rob him of any moral grounds to complain about being raped. To say otherwise is to render the whole concept of "moral grounds" meaningless.
Libertarians [believe
Not the ones who want to be taken seriously. Though I can just see the RIAA incorporating this idea into a new anthem for their anti-P2P ads (apologies to Morrissey...)
The songs that you rip with a smile
Are not portable, burnable files
They're stolen IP, and stolen IP is MURDER
(Do you know how Hilary cries?)
Hoare, C. Anthony R. "The Emperor's Old Clothes." Communications of the ACM, Vol. 24, No. 2, February 1981, pp. 75-83.
His award from the ACM was for his fundamental contributions to the definition and design of programming languages.
Sir Tony Hoare has worked for Microsoft since 1999.
I hate call waitin`~+~~~
NO CARRIER
Ok bad War Games reference... bah
-cp-
They're talking 10 years hard time. That's not enough. This man needs to made an example out of. Note I'm not using the word kid. A 5 year old is a kid. This guy an 18 year old adult man who altered the virus to make it more destructive and caused close to a billion dollars in losses. And MS haters, yeah, I'm sure you're going to argue that Microsoft's software was insecure. I say bullshit. If your house is broken into and burgularized you can try to blame the builder of your home for not making a stronger door, or the lock maker for not making a better lock...blah,blah. At some point you need to hold the burgular morally accountable. Now this man's life is ruined, I'd like to ask him: was it worth it? Will the long prison term and the backruptcy of your parents defending you and paying restitution be worth it? Having to carry the label of being a felon and having to check the "Yes" box whenever your fill out an employment application that asks if you have a felony convinction? Was it worth it? The background check that most employers require which will reveal a felony convinction. Was it worth it? The punishment needs to be harsh to show that THIS IS NOT A FUCKING GAME. For capitalism-hating, tin-foil hat wearing goobers, he'll probably rise to cult hero status, like Mitnick. For the rest of society he'll be just another spoiled punk with time on his hands that thinks money falls from trees. Oh well.
Upon closer examination the teen turned out to be a childish 40+ CEO of a large software company who created some serious holes in his operating system software.
Despite the fact that I meet every requirement for getting this new blaster virus I still did not get infected. I have windows xp with no firewall on a broadband connection. The day I heard about everyone else getting it I quickly downloaded all the patches and fixes but I am still confused... P.S. check out friends site
do unto others as you would have them do unto you
I find it ironic that so many geeks can't get laid. While my schedule is what primarily prevents social interaction (I'm having lunch right now with another four hours to go on a 10 hour graveyard shift), this wasn't always the case. However, I wasn't particularly well adjusted in high school and I still managed to make it in the sack at 17.
Help us build a better map!
..but also disturbing. It would be so easy to plant such evidence on somebody's computer.
A witty saying proves you are wittier than the next guy.
PS - I bet the jackass who posted the above message considers himself a moral christian, they all do.
No, I don't associate myself with hypocrites and scumbags.
Hey buddy, I know you are trying to be devout and all, but you need to study your Bible some more before you spout off. Your points and their connection have little to do with fact and history and less to do with theology. Not trying to flame here, just trying to say that from a theological point of view you don't make any sense at all.
Joshua was receiving information form God about how to run his country. God told him to look out for certain things and to avoid certain things, specifically, the tenets and the theology of the phallic cult. The pagan gods named El, Baal, Ashtarte are foremost among the gods that the passage refers to, but specifically the practices involved in the phallic cult which were epidemic in the ancient world.
God also stated protocol for handling the judicial system in that time because the Jews were not just a spiritual group of people, but were a NATION. Therefore they needed a system of jurisprudence, law, and government hierarchy.
Furthermore, your references to the ideas of justice and liberty as Greek/Roman gods are misplaced as well. They may have been depicted in some related ways in stone or mural, but the depiction and the actual ideas are quite separate.
Even worse, the term justice is used in the Bible to describe God himself. Saying that justice is a Greek god and that you won't be subject to it is bordering on blasphemy.
Then to top it all off you don't even go into the proper translation of the passages form the original languages. If I were you I would take a class in systematic theology at some seminary near you. It might help with your historical viewpoint and fill in the gaps in your understanding of the character and integrity of the God that is described in the Bible.
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
Psychobabble again. Plenty of individuals overcome what their environment should make them become.
As the Eagles song says:
You're mamma's too thin and your daddy's too fat. Get Over It. All this whinin', cryin', pitchin' a bitch, Get Over It...
In America today you can murder land for private profit. You can leave the corpse for all to see, and nobody calls the c
There are a few virus toolkits. I seem to remember one circulating usenet called VCL (Virus Creation Lab) or something like that.
Well I've wrestled with reality for thirty five years doctor, and I'm happy to say I finally won out over it.
but one can argue that Microsoft leaves part of Windows open so that the government can break into a system of a criminal to see what data they have. Windows may be flawed by design so that our government can spy on us. Maybe that is why they were so light on the DOJ case on Microsoft, because they had an agreement to make Microsoft a monoploy so that a majority of the population could use a flawed product that security can easily be broken into in case of an investigation. Ever heard of Magic Latern? The Government's Worm that can capture keystrokes, and allow access to virtually any system that gets infected. I believe that this is not a coincidence.
The problem happens is that non-criminals get invaded too, by Spyware and Adware and Worms and Viruses. Microsoft doesn't seem to be too interested in fixing this stuff. I remember when MS-DOS 6.X came with an Anti-Virus program, but they quickly dropped it when Windows 95 came out.
Running an OS like Linux or FreeBSD will not be infected by Windows viruses and worms, but you will get email from Windows users that got infected and somehow got your email address in their Outlook program or the worm scanned it from the Internet.
Face facts, if you run Windows, you are at risk of bad security. Run a Virus scanner that gets updated every week or sooner, and run a Firewall software to keep out port attacks. If you aren't doing this, you are even more at risk! I pity those who don't even run an updated Virus Scanner.
One day maybe the world will wake up and notice that Microsoft does not care about security, and abandon them and switch to something else. But much like the abused Girlfriend, they keep going back to the abuser again and again. It is a abusive relationship with Microsoft that most companies and individuals will have to break off eventually.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.