Slashdot Mirror
Man Reportedly Jailed for Using Lynx
wezzul writes "A Londoner made a tsunami-relief donation using Lynx on Sun's Solaris operating system. The site operator decided that this 'unusual' event in the system log indicated a hack attempt, and the police broke down the donor's door and arrested him." Honestly, though, aside from a BBC article about a tsunami fund hacking probe that doesn't mention user agents there's little to corroborate this. Hopefully Lynx users need not worry too much yet.
Thats right; He shoulda been using "links" anyhow!
What's next? Sometime in the near future: Man tries to buy chocolate bar with paper money! Shock! Horror! Maybe this is just a little too random but that's where my mind travelled to.
Why oh why wasnt it "Man Reportedly Jailed for Using IE"
actually reading logs, now, if only they could understand them.
Lynx - the adventure browser ...
Just because he was using lynx does not mean he was not trying to break into the site.
In an unrelated news, A Londoner made a tsunami-relief donation using Internet Explorer on Microsoft Windows operating system. The site operator decided that this usual event in the system log indicated the user has zero clue on how insecure Internet Explorer is, and the police broke down the donor's door and arrested him.
READY.
PRINT ""+-0
While not fair by any means, to me this is clearly an example of one faction of the governments: Setting examples.
;]
I would speculate that the browser inadvertently sent some malformed HTTP POSTS or otherwise made some "usual" as in "unusual garbage posts to credit card processing engine" and spooked the sysadmin who had far to much time on his hand and the local police number on speed dial.
poor bastard..I bet if he was using linux this wouldn't have happend
We *so* need to name a 'Lynx' day in protest. Hit all your favorite sites with a text-based browser in a non-windows OS for one day.
Of course, with all the embedded Flash around, some sites will be totally inaccessible... which would maybe teach them a lesson about accessibility.
That hackers would never think to forge a browser agent tag.
BUG 6397: "Save As..." dialog doesn't work properly under certa...
BUG 6398: Lynx unexpectedly quits when Japanese text is...
BUG 6399: When browsing tsunami relief site, users are arrested by the police...
BUG 6400: Choosing "cyan" for visited links causes all links to show up as cyan...
Hopefully Lynx users need not worry too much yet.
You mean the three of them ?
That idiot doesn't know that besides Lynx, there is also Links.
Parent is not offtopic !
Trolling using another account since 2005.
I'm sure it wasn't the fact that he used Lynx, but all the ascii child pr0n they found on his hard drive that prompted his arrest.
"Just because he eats apples doesn't mean he is not a child molester"
Where is the connection of the two? Parent puts some claim in the room, based on a connection which doesn't exist, and is modded up?
Serves him right for not using a digitally signed and approved Internet! How could he trust Lynx?
Using Lynx is just plain wrong!!!
No, using Lynx is just plain text.
Whats the chances of his door being broken down if he was using Windows XP with IE instead of using lynx?
:)
This just goes to show that in the long-run, the TCO for M$ products are a lot lower then using other alternatives.
Havin' it large, livin' the life, Welcome to the land of the rising sun.
You are right, (e)links is much better! :-)
(Also support mouse control through SSH with PuTTY)
Life is just nature's way of keeping meat fresh.
BT, astonished by having seen the first correctly formatted HTTP request ever in their logs, reported the incident to police.
"Nobody follows RFCs these days -- microsoft has firmly established that standards are there to be ignored. Anyone following the HTTP RFCs as strictly and to the exact letter as this individual did is obviously up to no good, so we reported the incident to police as an obvious terrorist act.".
I am so paranoid that I use lynx.
/dev/null dummy233 192.168.2.233 "/usr/local/bin/lynx -disable_cookies -ssl-only -referrer='http://www.google.ca' -nocolor https://www.dec.org.uk/"'
I am even more paranoid that I use BSD. (Security is more important than speed, new developments, a friendly environment, etc.)
The paranoia continues because I use BSD's jail to secure lynx.
My command to open lynx:
'/usr/sbin/jail -U poor_england_guy
So lets see:
1. You cannot save data about me because I disabled cookies.
2. You cannot see data that I receive or send because I use ssl.
3. You cannot use somekind of frame trick to send me to a site where I do not want to go.
4. You cannot use popups on me. Lynx does not exactly have any windows.
5. No frame tricks either. Lynx does not support frames.
6. If some hole is found in lynx, my automatic secure update (/usr/ports with freebsd) with fix it. It's secure and uses ssh2-like things, so it will take a few thousand/million years to get past that security.
7. Even a virus gets on the machine:
a. I can just restart lynx.
b. I boot off a CD. The filesystem is read-only. Really read-only.
c. Virii are unheard of on bsd.
d. I can switch to links or wget.
Conclusions:
1. I find it a good probability that this system admin saw the person's lynx setup (comparable to mine) and was extremely jealous. After a few minutes of being stuck on "hostname#", the system administrator just gave up and decided to sue this guy.
This jealousy is similar to SCO's jealous of Linux.
2. Everyone should switch to a similar setup. I am sure everyone would enjoy the interface, and some would especially enjoy the ASCII pr0n.
Lynx users might remember this from www.jwz.org
/ /w ww.jwz.org/
#
Greetings, Lynx users. There is a reason this page doesn't use ALT tags
on the images. The reason is that the bozos responsible for both MSIE
and Netscape Confusicator 4.0 decided that they would display the ALT
tags of images every time you move the mouse over them -- even if the
images are loaded, and even if they are not links. The ALT attribute
to the IMG tag is supposed to be used *instead of* the image, not *in
addition to* the image.
This looks absolutely terrible, so I don't use ALT tags any more in
self-defense.
If they wanted to implemented tooltips, they should have used the TITLE
attribute to the A tag. That's in the HTML 1.2 spec and everything.
I had to decide between making this page look good for the vast majority
of viewers, or making it be readable by the miniscule minority of you
stuck in the 70s. Those of you in the retro contingent lost. Sorry.
#
reference:
http://web.archive.org/web/20000303115840/http:
So far there is a single, mostly unknown, source for the portions of the story pertaining to Lynx. This is notable more for how opposite the Blogsphere and mainstream media positions are on the story. Currently, only the man arrested knows the real story and I have even seen a quote from him yet. We certainly haven't been exposed to any decent journalism yet.
. . .
:-)
Now, I am trying to think up something appropriately insulting of their intellect to write to their logs with the UA spoofer extensions in Mozilla.
Any suggestions?
. . .
First post with Lynx!
And your last post here, you hax0r, you!
I'm sure there could be more to the story, like perhaps there were repeated log entries as if he had lynx in a script loop to do something as innocent as collect donation totals or something evil like password guessing. I wouldn't put it past the police/judges in any country of being largely ignorant of what a browser agent really means. It wouldn't take them much convincing to go busting down doors. The suspicious part of the story is the sysadmin thinking something odd with the user agent of just that one person and calling the authorities. Looking at the logs from fairly small web sites you are lible to see all sorts of odd user agents. If something did stick out, I would think a sysadmin's first step would be to do a google search.
Lynx has (optionally) supported https for many years now - I used to use it for my online banking (one of the reasons I'm impressed by my bank's service - it uses javascript and stuff, but works fine without it) before I caught this nasty GUI bug...
Paranoia isn't an infectious condition, it's a way of life
Police would never arrest someone just because of the browser he was using.
I hope you're right. The link provided in the article doesn't provide much information about the nature of the attack.
Searching on BBC for "lynx" shows that this browser is very popular in Britain, they even named a real animal after it.
I don't need a signature.
Now let's wait and see what will happen next...
If lots of people do the same:
imagine how many non-standard user agents will be showing up in bt's logs tomorrow.
I bet there's a ton of LWP requests hitting BT as we speak.
It seems the good thing is we're now getting uncorroborated news stories from sites called "Boing Boing: A Directory of Wonderful Things". The BBC article makes no mention of lynx user-agent lines as the culprit.
Can we up the bar a LITTLE?
I just tried lynx to go to their donation form
https://www.donate.bt.com/bt_form.htm
via http://www.bt.com/index.jsp
So I hope everyone does it and makes BT see 100000x increase in LYNX usage
So this is what you get when you hire A+ grads from 'prestigeous' institutions.
So everyone, fire up lynx, lets make em look even dumber.
Liberty freedom are no1, not dicks in suits.
cat /var/log/httpd/access.log | grep lynx > /dev/authorities
I think we'll see a lot more of this sort of thing. Hopefully we'll get more info so the words "you got a customer arrested because you were too ignorant to do your job properly?" follow this guy around for his entire career - if justified.
I use lynx regularly, as do many others, any sysadmin who has never heard of it is inexperienced. If someone in a workplace is browsing pr0n for eight hours a day, the only safe way (grannies doing what?) to confirm that the URLs have dodgy content is lynx or similar things, or it's the simplest way to see if your web server is up or not from a console in the cold depths of a server room.
BWAAAHAAAAAHHAAAAA!!! No wait, this is not even funny.
1) The police arrested him because they thought he was hacking stuff, not because he was using Lynx.
2) The police arrest people for insane reasons all the time in 99% of all countries. While I firmly believe there was no evil intent from enyones side in this particular case, you really need to wake up: The police are only human and most of them do whatever the people who pay their bills tell them to (that means the government, not the taxpayer).
3)The fact that the guy was released in a few days shows us that the system is limping along OK. The "sysadmin" making the hacking claim OTOH, should now be arrested for criminal negligence/incompetence or something
Dev Lead: "Hey! Monkey! What's this Lynx thing about?"
Web Monkey: "It's a web browser that old-school Unix hackers used to use."
-- later ---
Middle Manager: "Sir! An old hacker has comprimised our system!"
CTO: "Release the monkeys."
ENDUT! HOCH HECH!
Lynx has supported https for years.
Slashdot: Where nerds gather to pool their ignorance
Avant is the equivalent of the scented beaks doctors were using during outbreaks of the Black Death in the middle ages ... sure, you might be lucky and not get the plague, but it had nothing to do with your fancy accessories.
From the article, he was arrested and released i.e. bailed - not "jailed".
If he hadn't been released, he would have been remanded in custody - still not "jailed".
If he was point on trial and convicted, he would have been gaoled - did I mention not "jailed"?
It must have been a windows sysadmin, then. But yeah, that probably is equivalent to "inexperienced", anyway.
quidquid latine dictum sit altum videtur.
</tinfoil>
Escher was the first MC and Giger invented the HR department.
It occurs to me that they would have had his name and address from the donation, a break-down of communication would have gone something like this:
Log: Lynx - - 195.245.14.212
Windowz Admin: OMG WTF!?
Log: Lynx: Error 255 Is_not_IE
Windowz Admin: OMG WTF!? 0w3n3d? h4x0rd?
PHB: Whats all this then?
Windowz Admin: Hackers
Phone: Ring Ring, Ring Ring
Police: Metropolitan Police?
PHB: Hackers, Tsunami, Help!?
Police: Yes sir, the address?
PHB: The address?
Windowz Admin: [tap tap] 34 Solaris Road
Police: POLICE!
Lynx User: Okay?
Police: Down on the ground! down on the fucking ground!
Lynx User: Ahh? WTF? 0w3nd?
Police: 0w3nd h4x0r mother fucker.
Lynx User: Lawyer!
Lawyer: WTF?
Lynx User: Yes, WTF?
Judge: WTF is Lynx?
Lawyer: WTF is Solaris?
Expert: Shut up n00bs
Bail: Money
Lynx User: Poor
The Sun(tm): Hacker, lynch mob, page 3, Sun readers are tards.
BB: WTF?
Slashdot: WTF OMG?
This comment does not represent the views or opinions of the user.
Completely off topic I know, but a couple of years ago my 11 year old son was banned for a week from the school computer lab after being found using DOS.
Apparently the school authorities had decided that any type of command line smelt of hacking and subversive tendencies.
Cory Doctorow isn't exactly a random luser, he's a well-known commentator and online journalist.
Shameless Karma Whoring
Facts do not cease to exist because they are ignored. - Aldous Huxley
Jailed for IE? Why not?
It's insecure (your computer could be hijacked and used for malicious purposes)... national security risk.