Man Reportedly Jailed for Using Lynx

wezzul writes "A Londoner made a tsunami-relief donation using Lynx on Sun's Solaris operating system. The site operator decided that this 'unusual' event in the system log indicated a hack attempt, and the police broke down the donor's door and arrested him." Honestly, though, aside from a BBC article about a tsunami fund hacking probe that doesn't mention user agents there's little to corroborate this. Hopefully Lynx users need not worry too much yet.

And for good reason!

Thats right; He shoulda been using "links" anyhow!

Where's the buggy-eyed smily when you need it?

[PreDefined]

What's next? Sometime in the near future: Man tries to buy chocolate bar with paper money! Shock! Horror! Maybe this is just a little too random but that's where my mind travelled to.

Re:Where's the buggy-eyed smily when you need it?

[ActionJesus]

Up here in Scotland, we have our own paper money. Although its legal throughout the UK, a lot of english shopkeeps will give you funny looks if you give them a scottish fiver.

However, wheres fivers and the like merely look different, apparently the english dont have a paper £1 note (and we do, although they're much rarer these days).

How long until we get arrested for paying for something with "funny money"? Remember, every time you use a non-standard currency, your funding terrorists!

Re:Where's the buggy-eyed smily when you need it?

[andynz]

There was a story late last year about an elderly couple who tried to use a Scottish £20 note in woolworths. Not only did they not accept it, they called the police and held them there.

I have recently moved to Scotland, and think that the scottish money is awesome. I particularly like the latin motto on the pound coin, "NEMO ME IMPUNE LACESSIT", translates to "no-one provokes me with impunity". That is just so Scottish.

Re:Where's the buggy-eyed smily when you need it?

[rpjs]

Although its legal throughout the UK

Um, not exactly. According to this Wikipedia article Scottish banknotes aren't even legal tender in Scotland!

"Legal tender" is a bit of misleading concept though in that it only really applies to the settlement of debts - i.e if you owe somebody and pay them in legal tender they have to accept that payment, but they don't have to accept payment by other means. It's worth noting that buying something in a shop does not constitute settling a debt as you pay before you receive legal title to the goods, so "legal tender" does not apply.

Ultimately you can pay for anything with anything if the other party agrees. Shops in Scotland will of course accept Scottish banknotes because they're familiar with them and trust the Scottish banks to back them. Many shops in England will similarly accept Scottish banknotes for the same reasons. Some shops in England and Scotland will take Euro notes, and a few at airports US dollars and other currencies. You're unlikely to find a shop that will accept Bhutanese Ngultrum, say, though I suppose it's possible if the shopkeeper happens to be about to go on holiday to Bhutan and can't find a bureau de change that carries Ngultrum...

WHY!

Why oh why wasnt it "Man Reportedly Jailed for Using IE"

Re:WHY!

[Hoagy]

what about "Man Reportedly Jailed for Creating IE"

Thank God for people....

[Homology]

actually reading logs, now, if only they could understand them.

Re:Thank God for people....

[Stephen+Samuel]

Sometimes they have complete idiots reading the logs.

Back when the nimda worm was running around, I wrote a home-grown IDS to watch web hits, identify nimda-type probes and, if I could find a reporting address for the offending IP email a complaint off to the responsible ISP.

We were being serviced by Shaw Cable at the time, and every once in a while, they'd misread my complaints, and figure that my box was the source of the attack, and they'd send a nasty email to my roommate (who the connection was registered to) threatening to cut off our internet if we didn't delete the viruses install a firewall, etc. (we each had our own BSD firewall).

I got to know one of the supervisors there reasonably well, modified the letter I sent out to make it all but impossible for the people who read the email to confuse the attacking box with the defender, and he even added a note to the file for our connection, which resulted in a period of quiet after which we got yet another threatening letter.

I responded with this letter. My roommate (who took this very seriously because he was paying business rates to be allowed to run servers on the line) thought that I was being a bit flippant about something so important (flippant?! It took me an hour to write the damn thing!), but the supervisor at shaw said that he got a bit of a chuckle out of it when he phoned me to apologize for the error and promise a fix. His explanation was that shaw had installed a new abuse reporting system and that the note about our account had been lost in the transition (but would be added back in).

If you read my letter, (which includes the original autocomplaint) then you'll understand just how far people are willing to go to misread log files.

Re:Thank God for people....

[skahshah]

I think they have complete idiots reading not only the logs, but the mail too. Or maybe idiots who don't read at all :

One day I couldn't access to many sites I'm used to visit, I did some traceroute and found 2 nodes down, 1 in NY, another in South California. I wrote to the companies. The first one answered within an hour, saying they hadn't found any problem (it was working again), the second never answered, but the server was up within an hour too.

I had sent a third mail to my ISP, before anything had been fixed, explaining the problem, with the same traceroute attached, saying that I knew they hadn't anything to do with it, but that it could be useful to know, with the precision that I was running Mozilla on FreeBSD, and personnally hadn't any problem.

Two days later I received a mail explaining that I had a bad configuration and had to check some option (forgot what it was) in Internet Explorer !

Bonus Browser

[orangeguru]

Lynx - the adventure browser ...

Man Reportedly Jailed for Using IE

[SpikyTux]

In an unrelated news, A Londoner made a tsunami-relief donation using Internet Explorer on Microsoft Windows operating system. The site operator decided that this usual event in the system log indicated the user has zero clue on how insecure Internet Explorer is, and the police broke down the donor's door and arrested him.

Because everyone knows

[L.Bob.Rife]

That hackers would never think to forge a browser agent tag.

Re:governments are funny.

[L.Bob.Rife]

But the real question is, did this request go through a judge to get a warrant, or was it simply some sysadmin making a claim (which could be easily refuted by an expert) and the police arresting somebody on one mans word.

Will police arrest somebody if I claim they killed somebody, or do they still need evidence?

Did he file a bug report?

[node+3]

BUG 6397: "Save As..." dialog doesn't work properly under certa...
BUG 6398: Lynx unexpectedly quits when Japanese text is...
BUG 6399: When browsing tsunami relief site, users are arrested by the police...
BUG 6400: Choosing "cyan" for visited links causes all links to show up as cyan...

Re:Did he file a bug report?

[js7a]

Ha! "Works for me, can you attach a scan of your police report?"

What's that ?

[Liquid+Len]

Hopefully Lynx users need not worry too much yet.
You mean the three of them ?

Insightful???

"Just because he eats apples doesn't mean he is not a child molester"

Where is the connection of the two? Parent puts some claim in the room, based on a connection which doesn't exist, and is modded up?

Re:Insightful???

[LarsWestergren]

I actually thought it was pretty insightful, but I'll post instead of mod.

So far, all comments are supporting one of two hypotheses:
a) The story is a hoax, no one was arrested.
b) The story is true, OMG they are after us just for using Lynx!

Grandparent pointed out a possible third alternative:
The person was using Lynx, the bastard really tried to hack the tsunami relief site, and that's why he was arrested.

Re:I had to use Lynx once

Using Lynx is just plain wrong!!!

No, using Lynx is just plain text.

The real headline...

[bani]

BT, astonished by having seen the first correctly formatted HTTP request ever in their logs, reported the incident to police.

"Nobody follows RFCs these days -- microsoft has firmly established that standards are there to be ignored. Anyone following the HTTP RFCs as strictly and to the exact letter as this individual did is obviously up to no good, so we reported the incident to police as an obvious terrorist act.".

I am so paranoid

[tearmeapart]

I am so paranoid that I use lynx.
I am even more paranoid that I use BSD. (Security is more important than speed, new developments, a friendly environment, etc.)
The paranoia continues because I use BSD's jail to secure lynx.

My command to open lynx:
'/usr/sbin/jail -U poor_england_guy /dev/null dummy233 192.168.2.233 "/usr/local/bin/lynx -disable_cookies -ssl-only -referrer='http://www.google.ca' -nocolor https://www.dec.org.uk/"'

So lets see:
1. You cannot save data about me because I disabled cookies.
2. You cannot see data that I receive or send because I use ssl.
3. You cannot use somekind of frame trick to send me to a site where I do not want to go.
4. You cannot use popups on me. Lynx does not exactly have any windows.
5. No frame tricks either. Lynx does not support frames.
6. If some hole is found in lynx, my automatic secure update (/usr/ports with freebsd) with fix it. It's secure and uses ssh2-like things, so it will take a few thousand/million years to get past that security.
7. Even a virus gets on the machine:
a. I can just restart lynx.
b. I boot off a CD. The filesystem is read-only. Really read-only.
c. Virii are unheard of on bsd.
d. I can switch to links or wget.

Conclusions:
1. I find it a good probability that this system admin saw the person's lynx setup (comparable to mine) and was extremely jealous. After a few minutes of being stuck on "hostname#", the system administrator just gave up and decided to sue this guy.
This jealousy is similar to SCO's jealous of Linux.

2. Everyone should switch to a similar setup. I am sure everyone would enjoy the interface, and some would especially enjoy the ASCII pr0n.

Re:Well I think JWZ put it best for Lynx users.

[Ober]

Lynx users might remember this from www.jwz.org

#
Greetings, Lynx users. There is a reason this page doesn't use ALT tags
on the images. The reason is that the bozos responsible for both MSIE
and Netscape Confusicator 4.0 decided that they would display the ALT
tags of images every time you move the mouse over them -- even if the
images are loaded, and even if they are not links. The ALT attribute
to the IMG tag is supposed to be used *instead of* the image, not *in
addition to* the image.

This looks absolutely terrible, so I don't use ALT tags any more in
self-defense.

If they wanted to implemented tooltips, they should have used the TITLE
attribute to the A tag. That's in the HTML 1.2 spec and everything.

I had to decide between making this page look good for the vast majority
of viewers, or making it be readable by the miniscule minority of you
stuck in the 70s. Those of you in the retro contingent lost. Sorry.
#

reference:

http://web.archive.org/web/20000303115840/http:/ /w ww.jwz.org/

Re:First Post - CowboyNeal called the cops

[Anonymous+Cowherd+X]

First post with Lynx!

And your last post here, you hax0r, you!

Re:I don't believe it

[koi88]

Police would never arrest someone just because of the browser he was using.

I hope you're right. The link provided in the article doesn't provide much information about the nature of the attack.

Searching on BBC for "lynx" shows that this browser is very popular in Britain, they even named a real animal after it.

Just tried it out...

[ArsenneLupin]

Just made a small donation to the DEC site, using lynx.

Now let's wait and see what will happen next...

If lots of people do the same:

• BT will get the message that there are still lots of people who use lynx
• more money for the tsunami victims :-)

comon everyone, use lynx to go to bt.com

[cheekyboy]

I just tried lynx to go to their donation form

https://www.donate.bt.com/bt_form.htm

via http://www.bt.com/index.jsp

So I hope everyone does it and makes BT see 100000x increase in LYNX usage

So this is what you get when you hire A+ grads from 'prestigeous' institutions.

So everyone, fire up lynx, lets make em look even dumber.

Re:I don't believe it

[dbIII]

I wouldn't put it past the police/judges in any country of being largely ignorant of what a browser agent really means

I see it as being "the expert says this guy is a hacker, so we arrest him" - while the reality is that the "expert" isn't an expert and is not under adult supervision.

I think we'll see a lot more of this sort of thing. Hopefully we'll get more info so the words "you got a customer arrested because you were too ignorant to do your job properly?" follow this guy around for his entire career - if justified.

I use lynx regularly, as do many others, any sysadmin who has never heard of it is inexperienced. If someone in a workplace is browsing pr0n for eight hours a day, the only safe way (grannies doing what?) to confirm that the URLs have dodgy content is lynx or similar things, or it's the simplest way to see if your web server is up or not from a console in the cold depths of a server room.

Re:Have Your Say via UA String Extension Mozilla

[SeaFox]

How about
'Mozilla/5.0 (Not Lynx/Do not arrest user) Gecko/20041107 Harmless/1.7.3'

Purple Monkey Dishwasher

[astrosmash]

Dev Lead: "Hey! Monkey! What's this Lynx thing about?"
Web Monkey: "It's a web browser that old-school Unix hackers used to use."

-- later ---

Middle Manager: "Sir! An old hacker has comprimised our system!"
CTO: "Release the monkeys."

Re:Wait a sec

[t_allardyce]

It occurs to me that they would have had his name and address from the donation, a break-down of communication would have gone something like this:

Log: Lynx - - 195.245.14.212
Windowz Admin: OMG WTF!?
Log: Lynx: Error 255 Is_not_IE
Windowz Admin: OMG WTF!? 0w3n3d? h4x0rd?
PHB: Whats all this then?
Windowz Admin: Hackers
Phone: Ring Ring, Ring Ring
Police: Metropolitan Police?
PHB: Hackers, Tsunami, Help!?
Police: Yes sir, the address?
PHB: The address?
Windowz Admin: [tap tap] 34 Solaris Road

Police: POLICE!
Lynx User: Okay?
Police: Down on the ground! down on the fucking ground!
Lynx User: Ahh? WTF? 0w3nd?
Police: 0w3nd h4x0r mother fucker.
Lynx User: Lawyer!
Lawyer: WTF?
Lynx User: Yes, WTF?
Judge: WTF is Lynx?
Lawyer: WTF is Solaris?
Expert: Shut up n00bs
Bail: Money
Lynx User: Poor
The Sun(tm): Hacker, lynch mob, page 3, Sun readers are tards.

BB: WTF?
Slashdot: WTF OMG?