Slashdot Mirror


MySpace Worm Creator Sentenced

Aidan Steele writes "Remember Samy? The creator of the infamous worm was unfortunate enough to be the the target in MySpace's latest litigation. As was said in the earlier story, the script was "written for fun" and caused no damage. The source and technical explanation for the "attack" was not even released until after MySpace had patched the vulnerability. Apparently this was enough to get the 20 year old (19 at the time of writing the worm) three years of probation, three months of community service, pay restitution to MySpace and is also banned from the Internet. Clearly, disclosing security vulnerabilities doesn't pay."

3 of 387 comments (clear)

  1. Summary biased? by anakin876 · · Score: 5, Interesting

    Wow - what a horribly biased summary. Was it written as a deliberate troll? It reads like a deliberate troll! Disclosing a security problem does not usually entail creating a virus that uses it. I realize that his virus did not "hurt" anybody - other than, apparently, him - but he did not just disclose the security hole. It sure would be nice if Commander Taco would read this stuff before approving the submission.

  2. Re:Restitution? by BasharTeg · · Score: 4, Interesting

    Being part of a group of Samy's RL friends, we're not sure what his restitution is, but he is very likely not allowed to disclose it. We're just glad he's staying out of prison. Everything else is a secondary concern.

  3. Re:disclosing arrogance doesn't pay by Teun · · Score: 5, Interesting

    A nice example of how to deal with friendly hacker/crackers in an adult way is in the Terms and Conditions of Dutch ISP xs4all:
    http://www.xs4all.nl/uk/overxs4all/voorwaarden/ind ex.php?taal=en

    4.4 Without prejudice to article 4.3, customers are permitted to hack the XS4ALL system.

    The first customer who succeeds in attaining a position equivalent to that of the XS4ALL system administrator will be offered six months' free use of the system, provided that the said customer explains how he or she succeeded in hacking the system, has not damaged the system or other customers and has respected the privacy of other customers. Each customer hereby gives consent for other customers to attempt to hack the system under the aforementioned conditions.


    Would more companies have a similar and well published policy guys like Samy might not have to go through all this legal grief.
    And the companies would gain a lot of security.

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."