Man Mines Facebook For Security Questions, Nabs Nude Photos From Email

itwbennett writes "George Bronk, 23, has pleaded guilty to charges that he broke into the e-mail accounts of thousands of women, scouring them for nude photos that he then posted to the Internet. How he did it: He searched his victims' Facebook pages for answers to common security questions and then logged in to their e-mail accounts. In one case he persuaded a victim to send him even more explicit photographs by threatening to post the ones he'd stolen if she didn't. Bronk faces 6 years in prison on felony hacking, child pornography and identity theft charges."

Obligatory

Pics or it didn't happen

Re:Obligatory

[ian_from_brisbane]

Pics or it didn't happen

Here you go... http://www.msnbc.msn.com/id/41082627/ns/technology_and_science-security/

Re:Obligatory

[macraig]

Not THAT one! My eyes, my EYES!

Re:Obligatory

Is it an albino nígger?

All I can say is

[drinkypoo]

Torrent?

(ObDisclaimer: No, I don't want to receive child porn.)

Re:All I can say is

This isn't even a little bit offtopic

Think of the children too

Well, I sure hope all of the girls who took pictures of themselves got child pornography charges against them too.

Re:Think of the children too

[gnasher719]

Well, I sure hope all of the girls who took pictures of themselves got child pornography charges against them too.

Why would you hope that? Are you yourself into hacking computers, and hoping that some victims would be afraid to be witnesses against you in a court? I cannot imagine any other reason.

Re:Think of the children too

I cannot imagine any other reason.

Which says more about you than it does about the OP.

Re:Think of the children too

Whoooooooooooooooosh.

Re:Think of the children too

Well, I sure hope all of the girls who took pictures of themselves got child pornography charges against them too.

Why would you hope that? Are you yourself into hacking computers, and hoping that some victims would be afraid to be witnesses against you in a court? I cannot imagine any other reason.

That is what has happened in past. Kids taking photos of themselves and sending them out to other kids of own age were charged with CP. The poster is being sarcastic.

Re:Think of the children too

[crow_t_robot]

No, because producing child pornography and distributing it on the internet is producing child pornography and distributing it on the internet. If a 16 year old girl sends a picture of her tits to your phone you are now in possession of child pornography and in direct danger of having your life destroyed and everyone you know hating you.

This is akin to weaponry. This shit needs to stop.

Re:Think of the children too

Because he doesn't believe in stupid "think of the children" bullshit, perhaps?
These kids are breaking anti child porn laws as much as he was, and should be punished just as equally for them.

I don't give a damn if they are 8, or 16, facts are, they took pictures of themselves in an illegal manor and were distributing them.
If he gets punished, they should get punished.
Ignorance of the law is no excuse, neither is the innocence of childhood an excuse, children are innocent and regularly abuse their position in law. (from reckless endangerment to rape, it happens and it is wrong)

Re:Think of the children too

[CAIMLAS]

You have very little imagination.

Girls have boyfriends. They also have female friends. They are not solely keeping these pictures on their hard drives and cameras for personal use (more than likely).

Funny thing about pictures on the Internet: they're trivially copied. Boyfriend copies the picture to his friends (or just one friend), or posts it to a forum: the picture is out, and will live forever on hundreds of 'porn agregators' (lacking a better term), presuming the girl isn't a skag. Likewise, girls are/can be catty: what's stopping them from spreading the nude pictures in a bitter attempt at becoming more popular themselves (thinking it would ridicule the origin)? We're talking about virally social teens, here, not top secret data on government networks: there's literally a thousand and one ways for such pictures to spread to the Internet At Large.

So, in short: it's entirely possible that hundreds of thousands of men and women have viewed, downloaded, etc. child porn and not even be aware of the fact that it is child porn, simply on the basis of "some women look like children and some girls look like women". I recall a couple girls in high school who looked significantly older than 16-18 - and no, I'm not just talking about curves (though that applies too).

It's just like "honest, I thought she was 18, officer!" scenario, except the evidence never disappears and the so-called 'victim' can never grant consent. I would not be surprised if there is legal child porn floating about the internet right now, on "valid" sites which the US federal law enforcement agencies knows about, but allow to exist -so that they can use it as an added charge for someone down the line, if they ned something to vilify them further/want to make sure the charges stick.

Re:Think of the children too

[Dunbal]

No I think OP was referring to the notion of a fair and balanced justice system that applied the law to everyone instead of the one we have now which consists of "lets throw everything we can dream up at the guy and see what sticks".

After all, it wouldn't be the first time a teenage girl was accused of child pornography for taking pictures of herself and posting them online. Not that I agree with THAT one, either.

Re:Think of the children too

To quote your random TeaBagger ... "Illegal is Illegal"

Re:Think of the children too

Yes. Legalize child porn.

Re:Think of the children too

Pictures of naked people should not be classified as porn simply because of the lack of clothes.

Re:Think of the children too

[Starfleet+Command]

>>>they took pictures of themselves in an illegal manor Perhaps if they had photographed themselves in a chalet, or perhaps even a brownstone walk-up?

Re:Think of the children too

[freedumb2000]

You are kidding, right?

Re:Think of the children too

16 year olds are not children. That is the most insane part of all of this. Naked pictures of 6 year olds on your phone, sure, those are children at least. A 16 year old is most definitely not a child though.

Re:Think of the children too

You keep using the word "children" when talking about 16-18 year olds. I do not think this word means what you think it means.

Re:Think of the children too

If a 16 year old girl sends pictures of her tits to your phone, you should delete them and you should not be charged with any crime for that. The law at fault here is not the one that fails to prosecute teenagers for all that malicious child porn distribution that's always happening and isn't at all a figment of anyone's imagination, it's the law prosecutes someone for possessing child porn, even if they acquired it against their will and deleted it straight away.

Painting men as hapless victims of slutty little girls in cases like this is horrifically misogynistic. Face reality. Men are the guilty party in the vast majority of child sex crimes. This sort of camaraderie is badly misplaced.

Re:Think of the children too

[TFAFalcon]

No, but it might cause enough outrage to get the laws changed. As long as teenagers can be prosecuted for taking pictures of themselves, there is something seriously wrong.

Re:Think of the children too

[the_womble]

Congratulations! You think the right way to be a politician! You must punish people to protect them from themselves!

Re:Think of the children too

[Tanktalus]

Legally speaking, 16 and 17 are children. When talking about the law, we have to use legal definitions. Full stop.

Re:Think of the children too

[martas]

Give up hope now, save yourself a bunch of turmoil. It won't stop, simply because laws on topics like CP tend to be more powerful than the lawmakers themselves. At this point, I doubt anyone has the political arsenal necessary to "stop this shit."

Re:Think of the children too

No, but neither are they an adult. A 16 year old is an adolescent.

Re:Think of the children too

[Pharmboy]

Pictures of naked people should not be classified as porn simply because of the lack of clothes.

If God® wanted you naked, he would have made you born that way.

Re:Think of the children too

[Shikaku]

What happens when you turn 18 that magically makes you an adult?

Re:Think of the children too

[Eightbitgnosis]

Ummm, blackmailing a 15 year old for pictures of her bush is in no way equal to her taking those pictures of her own free will

Re:Think of the children too

RTFA linked to in TFA. If you go a little further, you'll read that authorities found CP on his computer that appears to be unrelated to the hacking.

Re:Think of the children too

[rwa2]

Um, you have to register with the selective service so they can decide to throw your ass in a war? Something like that.

You're innocent until you're old enough to vote and (legally) kill people.

Re:Think of the children too

[Rockoon]

It becomes legal to look at your boobies

Re:Think of the children too

[Grimbleton]

Only if you have a penis.

Re:Think of the children too

[milkmage]

same thing that makes you a responsible drinker at 21

Re:Think of the children too

[Schadrach]

Actually, legalize possession of child porn, and step up the penalties for production (or just for child abuse, since using a child to produce child pornography is itself abuse) and purchase/sale. That removes the "weaponry" portion of child porn (if I send you a CP picture, you have committed a crime is a *bad* thing) and makes those who receive such pictures accidentally (mislabeled P2P files, for example) or against their will (as in the sending a picture to your phone example) more willing to openly provide them to authorities as a way to help the producers get caught, as well as making being involved in the financial promotion of the production of child pornography still a crime.

Re:Think of the children too

[rwa2]

Well, vaginas got to vote in the US with the 19th Amendment in 1920, but yeah, point taken ;)

But they can still join the military at 18 (17 with parental consent... hmm, maybe that's the ticket for "underage" porn as well...)

Anyway, car insurance companies don't trust anyone's decision making abilities until they hit 25, so I wouldn't be surprised if the age of consent keeps rising :P

Re:Think of the children too

[Schadrach]

Interestingly enough, I've actually met a "slutty little girl" as you described it. She was a friend of one of my nieces several years ago. Girl was ~10, and was....precocious and direct. Very, very, direct regarding what men she found attractive and exactly what she wanted from them (or more specifically wanted them to do to her). It was actually really creepy. She moved a couple months after her and my niece started hanging out though, so I don't know what happened to her in the long run, or any real details as to her background.

I'd never found a girl coming on to someone quite so disturbing though, before or since.

Re:Think of the children too

[witherstaff]

They're children unless they're being prosecuted, then they're usually adults. I don't get that double standard.

Re:Think of the children too

[Grimbleton]

I meant this, actually: "Um, you have to register with the selective service so they can decide to throw your ass in a war"

Speaking of car insurance, I turn 25 in April, my fiancee (also on my plan) turns 25 in March, our renewal is next month for the policy, and we just dropped $20/month on our rates. I hope it's a continuous trend.

Re:Think of the children too

If they get charged for production of child pornography for cell phone/mirror naked self shots, they should be charged as adults. That would teach them a lot about our legal system!

Re:Think of the children too

[wumpus188]

in this case, shouldn't 16 year old girl's life be destroyed instead, because it is she who is producing and distributing child pornography on the internet?

Re:Think of the children too

Where there is a market, there's a supplier. The supplier may not be in a place where they can be persecuted by your nation's law enforcement.

Actual children will be hurt and abused if child porn is legalized. Not by those who look for child porn, but by those who produce it.

Re:Think of the children too

[Hopium]

Why dont you you take a seat over here Mr.Schadrach. I'll get ya a towel... ~ C.Hansen

Re:Think of the children too

[Lord+Kano]

Actually, legalize possession of child porn, and step up the penalties for production (or just for child abuse, since using a child to produce child pornography is itself abuse) and purchase/sale. That removes the "weaponry" portion of child porn (if I send you a CP picture, you have committed a crime is a *bad* thing) and makes those who receive such pictures accidentally (mislabeled P2P files, for example) or against their will (as in the sending a picture to your phone example) more willing to openly provide them to authorities as a way to help the producers get caught, as well as making being involved in the financial promotion of the production of child pornography still a crime.

Back in the early 90s, before the explosion of the web, I used to use AOL. I used to trade in pictures of naked women. Some guys used to send out pictures of their wives. I was 18-19 years old and had no interest in 35-40 year old housewives. I asked one guy if he had anything of someone "younger". Apparently that's a keyword for child porn. Next thing I knew I was getting inboxes full of the stuff, this was also back in the days before broadband so I had some people that I used to automatically share anything I got with before I downloaded it myself. On the first inboxing, I forwarded all of the contents to some of my trading partners. And THEN I downloaded the pictures and saw things that no normal person should ever have to see.

I deleted the jpgs and gifs from my computer, deleted the emails from my inbox, and at that time AOL allowed you to unsend an email if it had not been read. I believe that I was able to unsend them all, but if I hadn't been, I shudder to think of the things I could have been charged with. All because I wanted to see naked 18-24 year old girls...

LK

Re:Think of the children too

It's a US thing. Over there:
- You're presumed innocent until proven guilty. Except for terrorism, in which case the rule is "If you were innocent, you wouldn't be a suspect".
- Sexual assault is a horrendous crime. Except if the perpetrator is wearing a TSA uniform.
- The Constitution stops the government from abusing it's authority and power. But only as long as the government agrees.
- Infringing copyright on music steals copyright holders of thousands of dollars. Except for the music industry, they only steal 60 cents per song from artists.
- Child Porn is illegal in order to protect victims of child abuse. Unless if children willingly make and send pictures of themselves, in this case they're not victims but vicious pedophiles. So vicious, they abuse themselves!
- You're too young to drink beer at 21 but you're old enough to die for your country.

Re:Think of the children too

Are you on crack he didn't "Hack" into anything. He properly answered poorly created answers for security questions to common websites. People need to understand the need for more security to the information they put out there on the net. This includes email. Just because you utilize a password doesn't mean you're using a secure password. Not only that if someone had a lawsuit against you and e-mail came into question a warrant could easily be issued for all of your e-mail. Why the hell did they have nude photos of themselves in e-mail or some other online storage location in the first place?

People assume way way too much security when *their* information is placed on a basically public server. These servers could be run by some Russian Mafia group for all they know. People are dumb.

Now...what the guy did could be seen as illegal as he wasn't given specific authority to be allowed access to said information. He basically found the proper answers to the questions to grant him access. Doing so doesn't mean he was authorized to view the information. Buy why on Earth would you choose to answer questions like "Your Mother's Maiden Name" when that information is freely available to the public? Or even the address where you last lived or something along those lines. ALL of that info is freely available and easy to obtain. Choose the more obscure questions that only you and your family know the answers to.

Re:Think of the children too

The reality here is that these are consenting girls taking pictures of themselves, and volunteering them to people, even without being asked. Sexting is getting bigger and bigger in schools, and the perpetrators are more often the girls, who hit puberty earlier than the boys.

Re:Think of the children too

[JWSmythe]

    Depending on the level of detailed dialogue you are describing, she may have been a victim of sexual abuse. They may have rationalized that the sexual abuse has positive results. For example, a bad adult does sexual acts, and then rewards the child. The child may associate the act with the result, and try to initiate the act with others for similar rewards.

    Most 10 year olds can't carry on an unsupported dialogue of sexual matters. For most (and yes, the average have has been growing younger), they simply have no interest. For others, they've had no exposure. Most (but not all) parents keep their children away from what they perceive as dangers for the childs development, which includes movie violence and sexuality. If the dialogue was beyond what you may see in a R or NC17 movie, you should consider that there is something pretty serious going on. Talk to a professional about it. Ask the simple questions, "This happened. Should I notify someone?" If you have school age children, a call to the schools child psychologist may be helpful, or your local child protective services. The child protective services call may start unwanted actions, but if there is something bad going on, they should definitely be involved.

    Most importantly, don't be involved. It's not up to you to investigate such things. Besides tainting evidence, being too involved can be bad for your health (i.e., the bad adult may seek to silence you). Leave investigations up to the experts. For the sake of your safety and mental health, it's better to give the anonymous tip, than to become a witness. If you get too involved, you may become a suspect, rather than just a witness.

Re:Think of the children too

> Legally speaking, 16 and 17 are children. When talking about the law, we have to use legal definitions. Full stop.

No they aren't. Legally speaking, they are "minors."

Re:Think of the children too

[tragedy]

And there's absolutely nothing new about this behavior, it's as old as taboos against nudity. I'll show you mine if you show me yours. The difference now is that it's being done more and more via electronic devices with the bizarre consequence that acts which would otherwise be perfectly legal without the electronic image producing middleman become life-destroying felonies.

Re:Think of the children too

[Pentium100]

Well, even if I leave my car with the keys in the ignition, it's illegal to use it without my permission.

OTOH, if I ever left the keys in and my car got stolen, I would be considered an idiot by almost everyone.

Re:Think of the children too

> If they get charged for production of child pornography for cell phone/mirror naked self shots, they should be charged as adults.

I think the jury's brains would explode.

Re:Think of the children too

[bennomatic]

Of course, sometimes things can be misinterpreted. When I was in college, my girlfriend and I took a day off to help out her mother, who was a kindergarten teacher. We spent the morning reading to and playing with the little ones, and during the art part of the day, one little girl decided to confide in me that she and her father "do a secret dance when mommy goes to work."

As you suggest above, I knew it wasn't my place to investigate, but that sounded pretty serious, so I told my GF's mother, who immediately went to the principal and school counselor, and they took the girl out to question her right away.

In the retelling later, my GFM said that the little girl clammed right up, refused to talk, until finally, out of exasperation, she explained that her mother is a dancer at a club, and doesn't want her little girl to follow her career path, so she forbids her to dance. At all. But she (the little one) loves to dance, so as soon as mommy goes to work in the evenings, she and daddy put on a record and dance all over the house. Clothes on, no touching.

I was soooo relieved to hear that it was nothing.

Re:Think of the children too

[black6host]

"Choose the more obscure questions that only you and your family know the answers to."

Or better yet, use an answer that is totally unrelated to any of the security questions. If one of the security questions is: "what high school did you attend?" a good answer would be aZ333addkwe467. Just need to keep track of it like you do your passwords. These things are usually only used when you forget your password, or as in this case, someone is trying to gain access to your account. Since you rarely would need to know the answer I don't think there would be too much hassle is saving them in a safe place (not on your computer) and should you need the answer you'll have it. Meanwhile everyone else is typing in "James Monroe" because that is what is on your Facebook page. Note: I don't even use Facebook and I don't put personal information like that on websites. My wife, who is much younger, does like Facebook but she knows not to enter personal info such as "hey, going on vacation for two weeks tomorrow" or other personal info like that either. Further, she is not allowed to post anything about me, anywhere. Paranoia? Might have been thought so at one point but I think another article today speaks of Facebook making personal info available to developers. If they can get it, anyone can.

Re:Think of the children too

[JWSmythe]

    There are plenty of misunderstandings with children. Years ago, someone I was dating had a son who was about 5 at the time. He refused to take a bath without help. The "help" was standing there waiting for him to wash up. Lots of "wash your face", "no really, wash your face", "wash your hair ... with shampoo this time". The door was opened the whole time, and mom could hear exactly what was happening. I wasn't entertained by it. I had better things to do, like flirt with mom. :)

    Around the time he was 13, he mentioned that he didn't know why, but I used to give him his bath. Luckily, mom heard him say it, and explained what happened. We laughed about it, but saw how it could be taken completely wrong. Ya, I'd rather not get in trouble for a kid remembering something wrong.

    The previous message, as I understood it, was saying that the 10 year old girl was asking for explicit sex acts. That is out of character for any 10 year old child, unless they were exposed to something very wrong.

Re:Think of the children too

[sumdumass]

Right, and if God wanted us to fly, he would have gave us wings instead of the ability to create them and make flying machines we can fit into.

Re:Think of the children too

[Golddess]

and step up the penalties for production (or just for child abuse, since using a child to produce child pornography is itself abuse) and purchase/sale.

I think you missed that part. GP never said legalize it completely, just decriminalize simple possession of it.

Re:Think of the children too

What you said:

Actually, legalize possession of child porn, and step up the penalties for production (or just for child abuse, since using a child to produce child pornography is itself abuse) and purchase/sale.

What every politician and journalist in America would hear:

... legalize ... child abuse ...

Sorry, but no penalty is going to be reduced. The only changes that are ever going to happen in the forseeable future will be increased penalties for whichever specific things are involved in the next few child abuse cases to hit the news. (Oh, you possessed child porn that was produced using a smartphone? That means you get an extra fifty years in jail, because clearly that's more of a deterrent than the 490 years you were already going to get.)

We are no more able to have a rational and objective debate about child pornography than McCarthy was about communism, or the citizens of Salem about witchcraft. This is our generation's moral panic and it is not going to die until we do, so you'd better get used to it.

Re:Think of the children too

They are also above the age of consent in most jurisdictions.

How exactly does it make sense for it to be totally legal to get a girl pregnant, but an unforgivable crime to possess a photograph of her nipples?

It would be nice if we could get above the THINK OF THE CHILDREN! for long enough to consider things rationally and make laws that have some discernable connection with logic. If 16 is too young to have a camera pointed at your chest, it should also be too young to have an actual penis ejaculating actual semen into your actual vagina.

Re:Think of the children too

[SwampChicken]

Right, cause if god gave us the ability to create flying machines we can fit into, then the reason why there wasn't a F-14D Tomcat parked in the shade of an apple tree in the garden of eden was because...?

Re:Think of the children too

I once remember back in the early 00's.
I was browsing around the web for some porn and at the time I used to go to those "See-pictures 15 second movie clips" and all the sudden I came across something very odd, The porn page were typical (Pink, flashy, button style sites) but the girls / boys there seemed to be way to young to be within the porn industry which in turn might been illegal.

But what makes the term of "levels of child abuse" is that if you were to date someone who is around 14-16 in some Countries that would seems to be alright but while others that would make you almost go to jail -
Where as in China there are Girls around the age of 11-16 which will act as Geisha's to business men (i.e they wont have any sexual connect or even kisses - but will go on dates, movies and talk) and they said that it was a piece of cake to do and they earn rather a high amount of money due to how far the men goes (they buy them expensive gifts for example and pay for the food, movies).

But there have been cases where people hook up on Social sites and later to be in court for "Child abuse" because the "victim" lied about her age.

Re:Think of the children too

id mod this up. Where are you from?

Re:Think of the children too

[sumdumass]

Most likely because it wasn't invented yet and it wasn't called that yet.

Besides, how do you know there wasn't one parked in the shade of an apple tree? Just because the books didn't talk about it doesn't mean it wasn't so.. Well outside the obvious of when it was invented.

Actually, do you have a point somewhere that I missed?

Re:Think of the children too

[Archangel+Michael]

For the sake of your safety and mental health, it's better to give the anonymous tip, than to become a witness. If you get too involved, you may become a suspect, rather than just a witness.

This is why our society is going to hell in a handbasket. Chickenshit pussies afraid of the boogie man of bad people might do something bad.

If you're a real man, stand up and be counted. Real men will protect the innocent and defenseless with everything they have, including their life. I know I would.

I have no room for child predators (real ones), nor pussies that hide behind self preservation at the expense of taking one off the streets.

Re:Think of the children too

As everybody knows, the God® is a dirty old man.

Re:Think of the children too

No, but neither are they an adult. A 16 year old is an adolescent.

There is not some magical elf which appears out of thin air 17 years 364 days 11 hours 59 minutes and 59 seconds after you are born, which then waves a wand and turns you into an adult.

The age of 16 is well past the adolescent stage for the vast majority of girls, but even if it wasn't the term 'adolescent' is just a fancy way of saying "young adult". It's not a scientific term, it's a political term used to try and justify the gap between full capability to reproduce and the currently accepted age of legal "adulthood".

Re:Think of the children too

[aug24]

There's a superb sketch by Not The Nine O''Clock News showing a boy and a girl sitting in a steamed up car. A cop knock on the window. It's would down, revealing the boy, still dressed, and the girl, still dressed and knitting. Cop says "Excuse me sir, is this young lady 16*?". Boy looks at his watch and replies "Not for another 15 minutes".

Just.

*Age of consent, UK.

Re:Think of the children too

[m50d]

Even if you require "porn" to be more explicitly sexual, the basic problem remains: a 16-year-old girl can still send such a picture to your phone and thus destroy your life.

Re:Think of the children too

Obviously, it was hidden inside an SEP field.

Re:Think of the children too

[LordSnooty]

In my country you can join the hired killers with your parents' consent at 16... but you can't vote against the political party which sends you on an unwinnable war until you are 18...

Re:Think of the children too

Of course, sometimes things can be misinterpreted.

So, you risked destroying somebody's life because you are all-too-willing to see evil in a person and opened your fat mouth? I don't think you appreciate the gravity of even being Accused of something like that. You are tried in the court of public opinion, and there is never a Not Guilty verdict, thanks to paranoid assholes like yourself. 'But, think of the children!' you say, as though it justifies your intrusion into privacy and flirting with disaster.

What if the little girl had been told it was an absolute secret and Daddy will get in trouble if she tells? What if she had never told? How many YEARS would it have taken out of peoples' lives to work out that nothing had happened, nothing was going on. All because you 'misinterpreted' something a child said, laughably, because under normal circumstances nobody takes a single thing a child says seriously because gosh, they are children.

Show a little decorum when treading on peoples' lives, man.

Re:Think of the children too

[DaVince21]

Where can I find this manor?

Just kidding. I'm not a child molester. Honest!

Re:Think of the children too

[Longboy]

The next thing that you know, someone will suggest that pot be legalized! Where will it stop? What has happened to our sense of morality? Of our God-given right - nay, our duty! - to police the acts of other people, precisely those cases in which the person accused has done nothing more than to be in the wrong place at the wrong time? OTOH, if you're the kind of simple fool who responds positively to "How about sending me a picture of you giving head?", then, you're kind of asking for it.

Re:Think of the children too

Actually, legalize possession of child porn

I think you're a little naive. Child rape imagery is not something any mentally healthy person would want to look at, but that's probably not what you were thinking of. But it is true that the law is too black and white and should be reformed. There are fundamental differences between those who upload and download this stuff, and between technical violations of the law like Traci Lords videos at one end of the spectrum verses severe sexual abuse at the other.

and step up the penalties for production

Which wouldn't work very well as it's a well known fact that young people are usually the ones making it now.

Re:Think of the children too

[bkpark]

If God® wanted you naked, he would have made you born that way.

So ... he wants us covered in blood?

Re:Think of the children too

[rdnetto]

This is our generation's moral panic and it is not going to die until we do, so you'd better get used to it.

OK, we've found a solution. Now on to planning...

Re:Think of the children too

[Schadrach]

There's two issues, really, which combined are why I said to legalize simple possession.

One of them is what you noted -- there's a lot of "technical" child porn out there like Traci Lords.

The other is that under current laws, if you can anonymize yourself well enough (or aren't concerned with being arrested alongside your target), you can technically wield child porn as a weapon. Accidental (as in things like mislabeled P2P files) or forced (as in, let me e-mail/send to your phone this picture now you've committed a felony!) possession of CP is still possession.

Are you suggesting that young people horribly rape and victimize themselves, or harping on the "16y/o photographs her own tits" cases? Honestly, I don't know what to do about the latter, maybe set a lower than 18 cutoff for self produced media? Or throw distribution in with production, purchase, and sale?

Or do you have a better solution that still prevents CP from being "weaponized"?

Re:Think of the children too

[bennomatic]

Funny that the AC thinks that it's better to do nothing in this scenario. I fear for your children, sad, lonely little man.

Re:Think of the children too

Only males have to register for selective service.

Security Questions Security Risk

That's why my answer to those security questions is always 30-50 randomly selected characters.

What's your mother's maiden name? - kashiqewnchkdhsflakjshflvkdsvhpexiojnasdjlna

Re:Security Questions Security Risk

[Haedrian]

"What's your mother's maiden name? - kashiqewnchkdhsflakjshflvkdsvhpexiojnasdjlna"

But everyone calls her bob.

Joking aside, I did that once for my steam account. Then I forgot the password, when I came to reset it it demanded my secret answer. Couldn't remember it. :(

Re:Security Questions Security Risk

[peragrin]

So you just have to use the same random name. mines qwertyuiop or was it asdfghjkl

Re:Security Questions Security Risk

[Dunbal]

No asdfghjkl is your dad, idiot.

Re:Security Questions Security Risk

[Winckle]

You can contact valve and scan a couple of CD keys to prove it's your account I think.

Re:Security Questions Security Risk

[Lalakis]

I can't believe that no one blames the online services for requiring and using security questions as a security measure(!). This is such an insecure practice that I'm just baffled from the so much widespread use of it!
  Theoretically, security questions could be used as an ADDED security measure and be marginally effective at that, but in most times you can't know exactly how your answer will be used, so the sane response would be something like kashiqewnchkdhsflakjshflvkdsvhpexiojnasdjlna.

Re:Security Questions Security Risk

[Mathinker]

Why not try using the Linux/Cygwin command line?

  echo "mother's maiden name" | md5sum | sha1sum

If you want to be fancy:

  (echo -n "string1" ; echo "string2" | md5sum) | sha1sum

(P.S. For anyone foolish enough to think otherwise, I personally use a more sophisticated Python script for this, don't waste your time trying to break into my email using this "information".)

Re:Security Questions Security Risk

You know, there is no reason that the answers have to be hard to remember, random strings. They just should not be a valid answer. For example:
1) "What is your favorite color" - doofus
2) "What city were you born in" - doofus
3) "What is your favorite food" - doofus

You see what I did there? I can remember this pretty easily, but good luck for someone else to either "guess" it, or learn it from information available to them from yearbooks, newpapers, going through my trash, etc.

Re:Security Questions Security Risk

[Opportunist]

How do you do that if everything on your steam account is bought through steam?

Re:Security Questions Security Risk

[Winckle]

Well that's just one method I know of, there may be others.

Re:Security Questions Security Risk

[jecblackpepper]

Or you could use a proper unique password for each security question and store it in KeePass against the site (oblig BBC: other password storage tools are available)

Re:Security Questions Security Risk

[TheLink]

The attackers will still succeed in targeting the sheep who will give the obvious answers to such "security" questions.

Worse - some sites have security questions that require a drop-down selection box for the security answers! Yep, only a few limited answers. DailyWTF contenders.

Re:Security Questions Security Risk

[jecblackpepper]

Of course though when you use 'doofus' on site A and on site B as the answer to your favourite colour, a hacker that gets access to the details from site B could guess that you used the same on site A. This becomes particularly an issue when you use the same 'security information' and password over many different sites, you just need one to be compromised and you suddenly leave yourself open to attack on other sites; you know that site that stores the info in plain text - because the developer thought hey it's a pretty simple site and we store no sensitive information that could be compromised right and it's much easier for our customer services department to have direct access to the question's answers to help deal with our customer's enquiries.

Re:Security Questions Security Risk

[Chelloveck]

Theoretically, security questions could be used as an ADDED security measure and be marginally effective at that, but in most times you can't know exactly how your answer will be used, so the sane response would be something like kashiqewnchkdhsflakjshflvkdsvhpexiojnasdjlna.

Hey! How did you know my response?!

Seriously, when I'm required to give an answer to one of these I just use my regular password generator to create another password for the site, then use that. "What was your first pet's name?" "w8ZRjkynm18ZVL9RWVhK" I don't think that's going to be cracked any time soon.

The whole idea is pretty stupid, though.

Re:Security Questions Security Risk

[couchslug]

"What's your mother's maiden name? - kashiqewnchkdhsflakjshflvkdsvhpexiojnasdjlna"

My mother's maiden name IS kashiqewnchkdhsflakjshflvkdsvhpexiojnasdjlna, you insensitive clod!

Re:Security Questions Security Risk

[ildon]

I've actually misspelled my non-crazy secret question before. The first time I needed to use it to verify the account was over the phone, so I didn't even know it was spelled wrong (and apparently, neither did the customer service girl). The second time, it took me like 4 attempt to realize that maybe I'd spelled it wrong (it was a word I knew that I sometimes spelled wrong).

Now I like to pretend I did it on purpose as an added layer of security!

Re:Security Questions Security Risk

[noidentity]

If security questions are used in addition to a password, then it's merely as if you used a longer password. I thought that their purpose was always an alternate means of access, in case you forget your password. The idea is that you know the answers without having to memorize them. Thus, this usage always decreases security, since it provides an additional way to access your account.

Re:Security Questions Security Risk

[mjwx]

(P.S. For anyone foolish enough to think otherwise, I personally use a more sophisticated Python script for this, don't waste your time trying to break into my email using this "information".)

I just use a "secret answer" completely unrelated to the question.

Re:Security Questions Security Risk

[Alsee]

What's your mother's maiden name? - kashiqewnchkdhsflakjshflvkdsvhpexiojnasdjlna

Whoa, freaky! That's the combination on my luggage!

-

Re:Security Questions Security Risk

[jayme0227]

Indeed I used to enter random birthdates on sites that sold my information. Now I've noticed more and more places use birthdate as a security question.

Re:Security Questions Security Risk

[Haedrian]

Probably the silliest security question ever.

My workmates had sent me a birthday card, so I guess that's a bunch of people who can compromise my account.

Re:Security Questions Security Risk

[T.E.D.]

I always answer mine with a *wrong* answer, that is wrong in a way I will remember.

Re:Security Questions Security Risk

Hey, that's my luggage combination!

Now I'll have to change it...

Re:Security Questions Security Risk

[Mathinker]

Better than typing the real answer, but weak because you are reusing the same password (which is probably sent to the website in cleartext, not hashed) between different resources, any one of which might expose it (via an unscrupulous employee, for example).

With my suggestion, one can merely prefix the answer string with the name of the resource before hashing, and voila, every web site has a unique secret answer.

Re:Security Questions Security Risk

[mjwx]

Better than typing the real answer, but weak because you are reusing the same password

To be fair, yes that is true for most users. Password reuse for me is not an issue, you're making an assumption that I do reuse the same password.

But a script that randomly generates a password is no better. Good security with passwords is a balance between password strength and password usability. Obviously your solution is on the extreme end of usable, most people would find that far too onerous. I've got several machines, not all of them are going to have that script available and chances are, when I need that secret answer I wont be anywhere near my main Linux box.

Basically we could keep adding security, but then a product or procedure becomes unusable and people start looking for a less secure alternative, so really what is the point. Efforts would better be spent in educating people about good security habits like password reuse and how to avoid it. Most sites these days use email as a form of password recovery, so even if they have a "secret question" they still send an email to your account to get your password reset. Really we should be discouraging the use of secret questions as a method of password recovery. Gmail has my mobile phone no. and my bank requires me to call them to get my password reset.

Re:Security Questions Security Risk

[Mathinker]

My apologies, I misunderstood your use of "a" in "a secret answer" to mean "always the same one".

To be honest, I also don't always bother to generate strong security question answers, it certainly depends on how important is the resource being protected.

Article in summary redirects

[Grimbleton]

To a blogspot blog.

Re:Article in summary redirects

[mountaineer76]

yeh, I got that too, re-directs immediately to a blog about some insurance company. Here's the printable link which doesn't redirect: http://www.itworld.com/print/133630

Re:Article in summary redirects

spam the stop button while the page is loading... worked for me.

must be some evil javascript on that particular article, because it also happens when you go to the main itworld site and select the article manually.

Re:Article in summary redirects

[CrashandDie]

Indeed. It would appear ITWorld is vulnerable to a simple XSS comment post.

    <div id="comments">
        <div class="header">Comments</div>
        <div class="comment_links">
            <span class="num_comments"><a href="/comments/133630">1 comment</a></span>
            <span class="add_comment"><a href="/comment/reply/133630#comment-form">Add a comment</a></span>
        </div>
        <div class="comment content_item">
            <h3>(No subject)</h3>
            <META http-equiv="refresh" content="2;URL=http://swift-cars-insurance.blogspot.com/">
        </div>
    </div>

Mountaineer76 provides us with a print version of the article which isn't affected, though.

PS: WTF is it with Slashdot's broken support for paste? Trying to recreate the goodness of iOS 1?

Re:Article in summary redirects

[macraig]

Ditto here. The redirect is inside a comment! ITWorld apparently allows too much HTML inside comments, and some comment-spammer figured that out and embedded a meta-refresh tag in a comment. It very effectively hijacks the ITWorld page from inside the comment.

NoScript blocks the redirect if you have itworld.com blacklisted (I didn't initially).

Re:Article in summary redirects

[MrL0G1C]

Hmmm, not the same for me - no-script didn't block the refresh to blogspot, Even with itworld and blogspot blocked.

Re:Article in summary redirects

Maybe someone can figure out how the XSS works and then post another comment containing a meta refresh tag pointing to the URL of the article itself, using a shorter delay (1 sec)...

Re:Article in summary redirects

[Dunbal]

some comment-spammer figured that out

      Anyone who owns a website which allows comments knows that web spammers have "figured this one out" a long time ago. It's bots that do it nowadays. Which is why I don't allow HTML posts.

Re:Article in summary redirects

[drinkypoo]

NoScript blocks the redirect if you have itworld.com blacklisted (I didn't initially).

Not here.

Re:Article in summary redirects

[macraig]

The NoScript extension has an option on the Advanced tab, under Untrusted: Forbid META redirections inside NOSCRIPT elements. Do you have that option enabled? It's probably a key factor to whether NoScript blocks it or not.

Re:Article in summary redirects

[hrieke]

Just report the blog as a violation of TOS.

Re:Article in summary redirects

[macraig]

There's an Advanced NoScript option that apparently dictates whether it happens or not.

Re:Article in summary redirects

[macraig]

I've used a blog CMS called Pivot that allowed limited HTML but was VERY effective - like 100% effective - at stopping comment spam. Why the techniques it used aren't an industry standard might spark a lively discussion somewhere.

Re:Article in summary redirects

[Pharmboy]

Need to mod this up, then change to a better link without the spam redirect. The one time people are trying to actually read the article on slashdot, and they all get redirected instead...irony.

Re:Article in summary redirects

[MrL0G1C]

NoScript extension has an option on the Advanced tab, under Untrusted: Forbid META redirections inside NOSCRIPT elements

Ah, that's the one, Some other nice options I never knew of too - Thanks

Re:Article in summary redirects

[CastrTroy]

They probably don't check for meta tags in your post. Probably just script tags. Personally, I don't think comments should allow posting of any HTML whatsoever (make everything escaped, so tags show up as regular text), simply because there's too many ways to make things happen on a browser, even without javascript enabled. As this example clearly illustrates. Just imagine if it had been and image tag of one of the images from the article. Or if the the redirected page contained the content. We'd all have CP in our browser caches, and be guilty of downloading.

Re:Article in summary redirects

[oDDmON+oUT]

It'll eventually cycle away from the insurance blog to a NY Times Ad, and the Times itself (if you've registered in the past), and in all cases removes Back button functionality. Just and FYI if you're inclined to test NoScript against it (FAIL).

Re:Article in summary redirects

Confirmed. That kills it and tosses up a warning about the malicious site in the redirect. I'm leaving that option on to see what else it affects. Are there likely to be any legitimate situations where it should be turned off?

Re:Article in summary redirects

[The+MAZZTer]

That only works if there is a surrounding <noscript&gtl tag, typically only used when NoScript is blocking JS on a page (otherwise noscript tags are ignored).

Re:Article in summary redirects

Indeed. It would appear ITWorld is vulnerable to a simple XSS comment post.

    <div id="comments">

        <div class="header">Comments</div>

        <div class="comment_links">

            <span class="num_comments"><a href="/comments/133630">1 comment</a></span>

            <span class="add_comment"><a href="/comment/reply/133630#comment-form">Add a comment</a></span>

        </div>

        <div class="comment content_item">

            <h3>(No subject)</h3>

            <META http-equiv="refresh" content="2;URL=http://swift-cars-insurance.blogspot.com/">

        </div>

    </div>

Mountaineer76 provides us with a print version of the article which isn't affected, though.

PS: WTF is it with Slashdot's broken support for paste? Trying to recreate the goodness of iOS 1?

You can file that in with "Preview takes 30 seconds" and "can't post more than 1 AC post in a browsing session at once". In other words, send CmdrTaco an email and he'll say "works for me" because he wants you to register (good for the website's #'s) instead of posting AC.

Re:Article in summary redirects

[Pharmboy]

This is why i setup my browser to ignore javascript, css and html. Better safe than sorry....

Re:Article in summary redirects

[Pastis]

Where if your proof that the author of the blog is the same as or working together with the one of the comments ?

Re:Article in summary redirects

[macraig]

None that I know about....

Re:Article in summary redirects

[macraig]

Using Proxomitron or privoxy, are ya? :-)

Re:Article in summary redirects

[macraig]

(You almost had me until the mention of HTML.)

Re:Article in summary redirects

[Trailwalker]

If you are using Firefox, just install Redirect Remover. Works fine for me.

Re:Article in summary redirects

old cisco gear didn't have copy/paste?

Re:Article in summary redirects

[Idbar]

Someone did it already and it's now pointing to the printed version suggested by the parent! You gotta love /.

Re:Article in summary redirects

[bennomatic]

PS: WTF is it with Slashdot's broken support for paste? Trying to recreate the goodness of iOS 1?

Works fine on my Mac/Safari. And last I checked, iOS has cut/paste. You must be thinking of Windows Phone 7.

Re:Article in summary redirects

Doesn't matter.

Re:Article in summary redirects

[GuruBuckaroo]

OK, WTF is a browser doing parsing meta tags outside of the Header?

Re:Article in summary redirects

[Pharmboy]

Nope, I just telnet direct into the webserver using port 80 and manually GET all the files. The only perfectly safe way to surf the interweb.

Re:Article in summary redirects

[CrashandDie]

I was writing it from Mac/Safari as well. Copying something from another web page or form didn't work. Pasting it to MacVim then copying it again and pasting to slashdot did, most of the time, work.

Newer versions of iOS have copy/paste support. Initial versions, however, did not. Which is why I specified "iOS 1"

Re:Article in summary redirects

[Mr+44]

Or just skip the stupid itworld.com summary and go to the original article:
http://www.pcworld.com/article/209584/cops_hacker_posted_stolen_xrated_pics_on_facebook.html

Re:Article in summary redirects

Because if everybody used them, the spammers would figure out how to get around them.

Well, that will look grand on a resume

[PolygamousRanchKid+]

Hobbies?

• felony hacking
• child pornography
• identity theft

Hell, yeah, you're hired!

Re:Well, that will look grand on a resume

[Haedrian]

I see an executive director job at Facebook on the horizon.

Re:Well, that will look grand on a resume

[Opportunist]

You might jest, but the number of people who can actually break through security (on the 'white hat' side) are rare. Even rarer are the ones that are good and have a clean criminal record.

This guy just failed at part 2 of the requirement.

Re:Well, that will look grand on a resume

It might even land you some nice profits form movie rights.

Imagine what Facebook is able to do if some dude..

[bobsszz]

Imagine what Facebook knows about you if some random dude was able to crack all of their password/secret questions.

Security question

[Gaygirlie]

This is exactly why usually the "security question" in most places is such a poorly-thought idea: usually they only allow you to select from a limited set of questions, and usually all the questions are such that it's easy to either guess the answer, check on the user's facebook/IM/etc, or just try from a list.

It's much better when you can specify the question yourself. And even better: big, bold letters explaining to the user NOT to fucking choose a question/answer pair that is easily guessable or obtainable from their online profiles!

Re:Security question

[neumayr]

Sure, because the big, bold letters explaining to use a secure password had so much effect in the past.

Password based authentication doesn't really work in its current form. There are way to many sites people have accounts on, so they either use the same password everywhere, really easy passwords, or, apparently, easy secret questions.

I blame the system, but as things like OpenID and its many many variants never took off I really have no idea on how to fix the problem.

Re:Security question

[francium+de+neobie]

You can always put non-sensical answers to those security questions. Like, saying your birth place is an Intel 8088.

Re:Security question

[xiox]

Facebook is guilty as well - I have a choice of 4 questions - name of 1st grade teacher - can't remember - city or town mother was born in - too obvious - last 5 characters of driver's license - okay question probably - street you lived on when you were 8 - not appropriate for me. Why can't I choose something better than this?

Re:Security question

[Peeteriz]

The whole concept of 'security questions' is completely flawed for things such as email or facebook, even if you can choose the question and the information isn't posted on the net.

Private questions to which you would know such an answer would also be most likely known by your relatives - for example, your mother definitely knows her maiden name, but that doesn't mean that she should have an easy time reading your email. Funny details about your childhood would be known by your spouse, but if you're undergoing a nasty divorce, she shouldn't be able to post offending stuff from your facebook account.

There are no easy shortcuts - it's either something you know, something you have or something you are. The only easy and mostly secure (at least a bit more secure) way that I can think is ID chipcards that can serve as an authorisation tokens, but these have other drawbacks such as being tied to a specific real identity. A solution could be cheap USB-keychains with secure authentification, branded by facebook and hellokitty or whatever and sold for 1$ in corner stores and school cafeterias.

Re:Security question

[davev2.0]

Your solution is something that can easily be lost, stolen, or destroyed and, once gone, can not be easily, if ever, recovered? Oh, and if it is branded by Facebook, why would it be guaranteed to work with other services, especially those that compete with Facebook?

Or, do you suggest we carry a keyring, with one USB key for each site?

While we are at it, how will this authentication system work? Will a plugin for each browser have to be developed and distributed? What about locked down platforms? What about non-browser applications? What about smartphones?

Re:Security question

[CrimsonAvenger]

Facebook is guilty as well - I have a choice of 4 questions - name of 1st grade teacher - can't remember - city or town mother was born in - too obvious - last 5 characters of driver's license - okay question probably - street you lived on when you were 8 - not appropriate for me. Why can't I choose something better than this?

Why can't you just put something largely arbitrary as the answer to any of those questions that you don't have good answers for? "Who's your first grade teacher? ..."

Re:Security question

[HJED]

you know Facebook doesn't make you set a security question right? Its optional, I however find it ironic how it says a security question makes your account more secure.
more access methods == less security

Re:Security question

[CastrTroy]

Or they could just use a password saving program on their computer, and generate unique, secure passwords for each site they visit, as well as random answers to the "security" questions. They're safe as long as they don't have a virus/keylogger on their computer. In which case they are hosed anyway. I think most people should just run their browser from a virtual machine which resets itself every time they use it, save for a few key files like bookmarks. I wonder if an easy to use product like this exists. It's too much work for most people to setup up VMWare/VirtualBox. Maybe a simple self contained program could be a good option.

Re:Security question

[AgentPhunk]

My favorite: "What is your favorite color?" Answer: "Red, no blue!" (booooinnng! omitted)

Re:Security question

[hitmark]

Don't know about birthplace, but i grew up with a A500.

Re:Security question

[PopeRatzo]

Or, do you suggest we carry a keyring, with one USB key for each site?

Then lock the keyring in a locker secured by a 4-digit PIN. And if you forget the PIN, then you can retrieve it using a secret question.

This security stuff makes my head hurt.

Re:Security question

[Znork]

The whole concept of 'security questions' is completely flawed

The whole concept of answering such questions correctly is flawed. Once you're born in Hobbiton and your mothers maiden name is Goose they become quite a bit harder to guess. Such constructed 'alter egos' make the security questions much less dangerous while still maintaining some recovery capacity.

Re:Security question

Of COURSE it's a poorly-thought out idea. That's why you LIE about the answer. It doesn't help you with the reminder part of it, but pick a decent password equivalent that is memorable to you but that no one will guess or be able to figure out. I just treat it as a "backup password" with the same rules. There's no way I'm actually disclosing background information like "favorite pet name" or anything else to some website, no matter how innocuous the information might be.

Heck, I'm so paranoid about such things that I've lied about my "mother's maiden name" to the bank and credit card company for years, ever since I opened an account. If some hopeful ID thief goes looking in my background to find out what my mother's maiden name actually is, they'll discover to their disappointment that it's "wrong" as far as the bank is concerned. And if they get it right, then I'll know that it's the bank/credit card's fault for leaking the information somehow, because that's the only place that particular name could be sourced.

Re:Security question

[Carewolf]

The problem with most non-sensical answers as they are still vulnerable to dictionary attacks. In fact almost any security question has this critical flaw. There is just no way of making it safe, except by instructing users to never answer the asked question and instead insert a secondary strong password.

Re:Security question

[Peeteriz]

In that case, why not call it what it is, forget about the whole concept of security questions, and call it 'backup password', 'secondary password' or something like that?

Re:Security question

[0100010001010011]

Nothing requires the "real" answer.

Use an MD5 or SHA1. If you're afraid a hacker is going to do that, salt it with your favorite food.

$ echo -n Pasta Kennedy | md5sum
d579c75318c3f0635c5b897a86eedad4 -

Use that as your mother's maiden name.

Re:Security question

[TheGratefulNet]

intel 8088?

wow.

was that union or confederacy?

Re:Security question

[mehrotra.akash]

For facebook, account security == not losing access to your account.
Thats why it asks me to add multiple cell phone numbers,etc.. so that I can recover my password.
They would prefer that someone gets access to my account, and then I am able to recover my access to it, rather than I forget my password, and my FB account goes inactive/disabled

Re:Security question

You can always put non-sensical answers to those security questions. Like, saying your birth place is an Intel 8088.

You can, but who the hell remembers the nonsensical answer you gave 18 months ago?

The whole point of these questions is they're questions nobody forgets.

Re:Security question

[Patch86]

That assumes you remember it 5 years down the line when you're trying to access a long-abandoned account. You COULD just make it a secondary strong password- but the chances of you not remembering your first strong password while remembering your second seems far-fetched.

Re:Security question

[fishbowl]

>last 5 characters of driver's license - okay question probably

Horrible question. For many people that is one more digit than the "last 4" of their social security number, which has become one of the keys to the store for banking.

>street you lived on when you were 8

Another one where I have honestly no idea and not even a good way to find out. Someone who lived in one single place might know this answer, but if you moved around a lot, or are old enough to have forgotten, this is just awful.

Re:Security question

[francium+de+neobie]

But is losing the account really so important for you that you have to sacrifice your security?

If the account is really so important, and you really can't remember that password or write it down in a TrueCrypt encrypted volume.. ok, then you can just remember a few non-sensical answers for these questions. It's not perfect, but it's better than answering anything that your friends know.

If the account is not that important, then it's totally ok to NOT use that feature at all. Just write random gibberish as the answer and forget about it.

Re:Security question

The Adam A500 can be a valid birthplace if your parents are rich or it is used as amedical transport for your mother to bring her to the hospital for your birth.

Re:Security question

[ildon]

If it's an option, I usually put my first pet. Let's say you had a hamster named Fluffy when you were 6 (and before stupid people made facebook pages for their fucking pets). How the hell is anyone other than perhaps your childhood friends going to know it existed? It likely died/ran away 15+ years ago, and unless you're a crazy person you didn't go around telling everyone about it, writing books about it, etc.

Of course, it'd have to be a pet that didn't have a ridiculously obvious name like "Fluffy" because someone might just guess that randomly.

Re:Security question

[syousef]

The whole concept of 'security questions' is completely flawed

The whole concept of answering such questions correctly is flawed. Once you're born in Hobbiton and your mothers maiden name is Goose they become quite a bit harder to guess. Such constructed 'alter egos' make the security questions much less dangerous while still maintaining some recovery capacity.

Since when is a set of secondary passwords that you NEVER change and probably share between accounts safe?

Re:Security question

It's "Green... No blue! Aaaaaah!" you dumb-ass.

Re:Security question

[metacell]

Making up facts makes the security questions pointless, since you have to remember your made-up facts. The "security questions" become merely a second, alternate password which has to be remembered.

So the security questions are either horribly insecure (if we answer them truthfully), or completely pointless (if we answer them with made-up facts). I'd call that a flawed concept.

Re:Security question

This can also cause problems when you forget which services you put what answer for. I used to use the same answer "42" for all questions, and then I had sites tell me I couldn't use numbers. Then I used "forty-two" for thos sites, but some sites told me I could not use hyphens (! what about people who's mother's maiden name is hypenated?? ). So I swotched to "forty two" for those sites... then I ran into sites that told me you can't have the same answer for more than one question. WELL WTF CAN I DO NOW?

The secnondary security questions are total BS. They don't help the user at all. they are only meant to make the user less likely to sue the host when their account gets broken into.

Re:Security question

[societyofrobots]

Just as an example, Hotmail for years used 'What is your favorite color' as a security question.

Re:Security question

[HJED]

but what's wrong with an email address?
I get requesting a mobile number as an alternate method, but they don't need a security question as well.

Re:Security question

[m50d]

You don't think that's something anyone who's seen your facebook profile could guess?

Re:Security question

Unless it's one of the sites where you can write your OWN question and answer it.

I'd like to see anyone guess what my brother's second pet cat's brother's name was.

Re:Security question

[twebb72]

Hot Singles From Intel 8088 Are Waiting For You!!!

Re:Imagine what Facebook is able to do if some dud

Who says that the files are encrypted on their drives?

Blackmail is blackmail

[fantomas]

Blackmail is blackmail, its an offense offline or online. The issue here is helping educate people to be more secure in their online transactions.

Re:Blackmail is blackmail

I'm pretty sure all those victims would have said "more secure? Why? I have nothing to hide!"

Re:Blackmail is blackmail

[betterunixthanunix]

The issue here is helping educate people to be more secure in their online transactions.

Doubtful; if that were the case, people would be talking about PGP and S/MIME. If the victims in this case had encrypted the messages with the pictures, there would have never been any problem.

Of course, that would be slightly less convenient, so it will never happen.

random value

If custom secret questions are allowed, I always choose a long, random value, encrypt it with my PGP key, and use the encrypted value as the question. The answer is of course the original random value. That way I can always restore access without the account being easy to crack.

Not that I often have to restore access, though. It only happens if I accidentally paste the wrong text when changing my passwords.

"Friends"

[davev2.0]

This is why one should not "friend" random people Facebook, etc. It is called "friending" someone for a reason, and a total stranger you have never heard of, have never met, and who lives in another state is not your friend.

Re:"Friends"

[Opportunist]

But ... but ... but he said he'd be my friend! He even made me his friend first!

Mommy, I wanna have friends too! Pleeeeeeease!

Re:"Friends"

[rwa2]

So do the women involved lose their "internet license"?

Or does Facebook become the de-facto standard for issuing internet licenses? :P

I won't believe any of it

[swb]

....until I see the pictures.

Re:Imagine what Facebook is able to do if some dud

[Suki+I]

Imagine what Facebook knows about you if some random dude was able to crack all of their password/secret questions.

Nothing that I didn't put up there myself, right? Wait, I had to use cell number to do the verified account thing. Facebook I hate you!

Sanitize Comments

[pgn674]

IT World needs to sanitize their comments. The only comment on the page currently refreshes the page to http://swift-cars-insurance.blogspot.com/. It looks like it's a harmless enough advertizement, though I'm on Google Chrome on Linux, so I'm not sure if it's hosting malware. The comment section source code on IT World is as such:

<div class="comment content_item">
<h3>(No subject)</h3>
<META http-equiv="refresh" content="2;URL=http://swift-cars-insurance.blogspot.com/">
<div class="content_item_info">
<span class="byline">
by Anonymous (not verified) on 1/16/11 at 7:13 am </span>
<span class="separator">|</span>
<a href="/comment/reply/133630/76642">reply</a> <span class="separator">|</span> <a href="/forward/133630">Email this page</a> <span class="separator">|</span> <a href="/print/133630">Printer-friendly version</a>
</div>
</div>

I might try reporting the comment to It World and the blog to Blogspot.

Re:Sanitize Comments

[davev2.0]

Surely a bastion of high quality, unbiased technology information such as IT World doesn't need YOU to tell them they are vulnerable to such an old attack. Why, they would have to be unprofessional and ignorant to fall victim to an attack that has been around for years.

Re:Imagine what Facebook is able to do if some dud

[Yvanhoe]

Imagine what Facebook knows about random people instead.
I don't post anything that is not public on my facebook account

Hide your kids, hide your wife

You don't have to come and confess, we're looking for you

Pics

or it didn't happen.

Re:Pics

[davev2.0]

Hi, my name is Chris Hansen. Why don't you have a seat right over there between the two law enforcement officers?

Now, why do you want to see the pictures that got this person arrested for child pornography? Do you enjoy looking at child pornography? You do know that child pornography is against the law, don't you?

Re:Pics

Depends where you live...

Legal punishment calibration

[dpilot]

Evidently child pornography, blackmail, and breaking into thousands of women's email accounts merits punishment 6 times more severe than breaking into 1 woman's (Sarah Palin's) email account.

Re:Legal punishment calibration

[davev2.0]

It is called a plea deal.

Bronk, who lives in the Sacramento suburb of Citrus Heights, pleaded guilty Thursday to seven felonies in Sacramento County Superior Court, including computer intrusion, false impersonation and possession of child pornography. Prosecutors are seeking a six-year prison term when Bronk returns for a sentencing evaluation March 10.

Apparently, the defense agreed to plead guilty to seven of the charges in return for the prosecution asking only for six years. Happens all the time.

Kernell decided to fight the charges and lost so he got whatever the judge felt like giving him. Who knows what, if any, deal he may have been offered, but if he was offered one, he turned it down.

Re:Legal punishment calibration

I would surely vote for her if she posts a naked picture of herself.

Re:Legal punishment calibration

Evidently child pornography, blackmail, and breaking into thousands of women's email accounts merits punishment 6 times more severe than breaking into 1 woman's (Sarah Palin's) email account.

that guy did the world a favor by not posting nude pics.. so he got time off for good behaviour i guess...

Am I the only one who does this w/security q's?

[syntap]

I have a single word that I always use for security question answers. It has nothing to do with any of the questions, so in that respect should be more secure because even someone who knows me well couldn't guess answers and gain access. I don't have to surrender additional personal info on myself or others (mother's maiden name, father's birth year, etc). And I always know the answer, no forgetting.

And someone like the guy from TFA couldn't get any nude pics of me, not that he wouldn't stop at the first.

Re:Am I the only one who does this w/security q's?

While you are acheve some security through obscurity, and we know what the professionals say about that. You are increasing your trust of all sites to all sites. This massive increase in trust actually lowers, your overall security, probably below that for which you are increasing through obscurity.

Re:Am I the only one who does this w/security q's?

[tooslickvan]

One problem is that many sites have multiple security questions and require different answers to each one. You're better off answering the questions truthfully and adding a common salt to the end (or beginning) of each answer.

Re:Am I the only one who does this w/security q's?

[el3mentary]

I have a single word that I always use for security question answers.

Shibboleth?

Re:Am I the only one who does this w/security q's?

[syntap]

For a regular password that is true for obvious reasons, but I don't believe so for security questions. Making the answer to a security question not even guessable is more secure. Those like the guy in TFA know the great majority of people answer those questions truthfully, probably based on some expectation that the info would have to survive some kind of verification. That is the most likely attack vector, read the article and that is what it says because he looked for common answers to those questions and it worked.

To the replier that said many sites won't take the same answer to more than one question, I have found that to be extremely rare. Most sites, even large bank sites, will even take a textual answer to one that asks for a number like a birth year of a parent, or a number for a favorite vacation spot.

Just a month ago I had to speak to a person in a bank security office and they took me through my security questions. The security office rep laughed when she realized what I had done, said she had never seen that done, and complimented me on my awesomeness for making their security question method many times more secure in my case.

Re:Am I the only one who does this w/security q's?

I have a single word that I always use for security question answers. It has nothing to do with any of the questions, so in that respect should be more secure because even someone who knows me well couldn't guess answers and gain access. I don't have to surrender additional personal info on myself or others (mother's maiden name, father's birth year, etc). And I always know the answer, no forgetting.

And someone like the guy from TFA couldn't get any nude pics of me, not that he wouldn't stop at the first.

That's good. Is it a dictionary word? Because then I would pick the web site that has the weakest security to try and brute force it on. Also, even though these web sites probably store a hash of your password, they most likely store the answer to the security question in plain text. So, once an attacker has compromised any one web site that you are on, he can now go reset your password on all of the other sites.

Re:Am I the only one who does this w/security q's?

[mrxak]

Shibboleet.

Stupid criminals

Why are criminals so stupid?

If you are going to do be doing illegal stuff like this at least do it from an internet connection you cant be traced to like starbucks or pannera. Perhaps then use a internet anonymizer on-top of that.

Re:Stupid criminals

what makes you so sure they won't trace you from starbucks and the like. I can bet the routers in SB atleast keep a copy of the mac address, and the html header that were sent from your web browser. Who know maybe they even keep records of the web-pages you visit. And that info is all stored off-site on some server permanently JIC.

Re:Imagine what Facebook is able to do if some dud

[PopeRatzo]

It's more secure to just not use Facebook.

I'm confused -- I thought they were for PW reset

[michaelmalak]

I'm confused as to how this works. On most sites, answering the secret questions correctly allows you to reset the password, which is then mailed to the e-mail address on file. How does this help in obtaining the password to an e-mail system? Is there an e-mail system out there that is so brain-dead that it allows you to re-specify a password as a reward for merely answering the secret questions correctly? If so, which e-mail system?

It doesn't look like this guy destroyed evidence

[Quila]

Obstruction of justice is what got the Palin guy jail time.

He'd have skated with probation if he had just admitted it.

Reminds me...

[RichiH]

...of this guy, living in the USA of course, who is a convicted felon for underage sex with a 16(?) year old girl. Her dad objected and went to the police.
They have been married for about a decade now, with three kids. And his status makes sure that he can not get proper jobs to support the woman who was "protected" by all this.

Re:Reminds me...

[TheLink]

If it was consensual but statutory rape, maybe they should just jail the "rapist" till the "child" reaches legal age. Then if the now adult "victim" still thinks it's consensual and not rape, the "rapist" gets that charge wiped totally clean.

If the victim changes her/his mind and thinks it's rape or the "victim" is threatened the "rapist" gets the full rapist sentence.

Re:Reminds me...

[RichiH]

That would open up the child to massive repression by any and all rapists. It's not an easy-to-fix problem.

Re:Reminds me...

[JWSmythe]

There are way too many problems with that.

    Lets use the example of a 30 year old man with a 16 year old girl. He ends up in jail for 2 years, while the girl reaches age of consent. She says "Nope, no problem.", and now his conviction is overturned. Why did he spend two years in jail? Because of a technicality? On findings such as that, the state frequently must pay a settlement because they made a mistake.

    In the intervening two years, she could have met another boy (man, woman, whatever), and now be totally "in love" with him. I've, unfortunately, been around teenage girls (girlfriend's children, or friends of their children). Besides the massive headaches and financial burden, one of the things I've learned is that they fall in and out of love every few minutes. In two years, she'll be "in love" with someone new, and care less about the guy she was "in love" with two years ago. If you want to gamble your freedom on the fact that when a girl turns 18, she'll say "I still say it was consentual", I'd give you about a 10% chance that you'll see the freedom on that day. More than likely, she'll look back at it as a huge mistake, and how that the older guy took advantage of her.

    The biggest problem is, it is still against the law. To fix that, petition your government to change the law. You'll look like a real pillar of society if you say "Lets change the age of consent to 15". Laws like this are to protect the children. No, my 15 year old daughter shouldn't be sleeping with a 30 year old man. I heard a great formula for calculating age difference. (older_age * 0.5) + 7 . For a 30 year old person, the youngest he should be with is 22. For the younger to be 15, the older should be 16. My state has outlined the age of consent responsibly, to protect from jailing young adults. There's a floating age gap from 15 to 18. If he's 18, she can be 16. Without that in place, you could have kids in high school finding themselves in jail for dating at an age appropriate level.

    The best solution, should a 15 year old really be "in love" with a 30 year old, would be to NOT SLEEP WITH THEM. Sex is great, and most people will agree with that (or else you're doing it wrong). If you really like someone, and you really have as much in common as you think you do, you can wait a few years to have sex. If there's nothing there, then whatever you thought you had of a relationship will dissolve before you get a chance.

    The example you provided was an edge case, not the norm. If he had thought with the head on his shoulders, rather than the one in his pants, he would have waited, and now he would be happily married with 3 kids, and no conviction behind him.

Re:Reminds me...

[tragedy]

Also, it would open up anyone fully consenting to massive repression by family. If they insist that it was consensual, in many cases, they'll receive counseling tantamount to brainwashing for years. There will be guilt trips and threats of excommunication from the family. She will be made to feel that, if she affirms her consent, she'll be releasing a monstrous sexual predator who will rape someone not so willing next time and she'll be to blame for that girls suffering, etc.

I'm sure everyone here is familiar with the concept of "honor killings". It's not a phenomenon unique to Muslims as many people seem to think. It's a cross-cultural set of attitudes about the importance of a girls "virtue" and reputation and her obligation to her family and society in regards to it. In some places and among some people it's still taken to the extreme of murder for transgressions, but the exact same behavior, just to a lesser degree exists just about everywhere. I've met plenty of fathers of daughters of various ages in the US who are almost psychotically overprotective and who insist, in all seriousness, that their daughters have no sexual relations whatsoever and sometimes that they not date, etc. The behavior is always hypocritical with regards to their own behavior when they were younger and frequently their behavior as adults (with regards to enjoying pornography of young women, etc.). But they seem to view it as an obligation. Feeling protective of your child is, of course, not a shameful thing, but far too many tie such behavior to possessiveness and a form of objectification that denies their children their humanity.

Society in general seems to at least subconsciously share these values. A young woman, whether above or below the various ages of consent/adulthood/etc. who expresses her sexuality in some way, especially publicly, has to be either a victim, or a slut. Generally there is no middle ground, and when there is, it's often given by people who think that she's both a victim _and_ a slut.

So, an underage girl who chooses to have sex before her society says she's ready, whose older partner is arrested and who has a few years to decide whether to re-affirm consent or not, is going to have to spend that time under a lot of pressure. She will, essentially, have to decide whether to call herself a victim or a slut. Whether to be the dedicated family member protected from the outsider, or the prodigal child who shunned her families protection.

Re:Reminds me...

[TheLink]

She says "Nope, no problem.", and now his conviction is overturned. Why did he spend two years in jail? Because of a technicality?

In two years, she'll be "in love" with someone new, and care less about the guy she was "in love" with two years ago. If you want to gamble your freedom on the fact that when a girl turns 18, she'll say "I still say it was consentual", I'd give you about a 10% chance that you'll see the freedom on that day. More than likely, she'll look back at it as a huge
mistake, and how that the older guy took advantage of her.

Uh those are features not bugs. It's not supposed to encourage guys to go around fucking young girls. It's to still discourage them, and cater for the real world cases when "stuff happens".

You do it, you still have to go to jail for having sex with a minor. If a few years later she still thinks it wasn't rape despite pressure from the family, friends, having a new boyfriend etc then it's fair to say you didn't rape her. So why should you be punished for rape?

To me calling consensual sex rape, cheapens the meaning of rape. Maybe I'm wrong and we should ask some victims of "real rape", what do you think?

As for telling those guys to "just not sleep with them", there are still severe sentences for "child molestation" in most places.

Re:Reminds me...

I heard a great formula for calculating age difference. (older_age * 0.5) + 7 . For a 30 year old person, the youngest he should be with is 22.

"Great"? Seriously, you think 40 year old person isn't mature enough to decide they want to sleep with someone who's 70?

Re:Reminds me...

[badkarmadayaccount]

Wait? You've forgotten your own years of maturation, apparently - seen as they are a lot fresher for me let me remind you. Testosterone isn't about patience, neither is oxytocin. I don't know about your musical tastes, but I believe Kid Rocks song "When You Love Someone" got it right. Denying voluntary sex, especially when the consent is two-way, is simply traumatic for ones psyche.

Do we need more proof "Security questions" aren't.

[Opportunist]

Every time I come across a page that requires me to use a passphrase that's at least 8 characters long, contains numbers, special characters and preferably something that could only be typed on some obscure keyboard layout 10 people on this planet use, I feel kinda good.

That feeling instantly vanishes as soon as they also want some "security verification" in case I forget my password. And then you get to read things like:

Mom's maiden name
Your first address
Brand of your first car
Pet's name

And so on, all things that people can FAR more easily guess or find out than a password that most people would probably have to note down so they can remember it.

Now, there's a way around it, of course, my Mom's maiden name was e56fdwO$ (or something like that) and my pet's name can be looked up at XKCD, just to see if their database is secure or not.

Most people WILL actually use real info there, as can be seen in this case. And that constantly keeps me puzzled why the admins often require insanely complicated passphrases from their users when they toss any semblance of security by allowing easy "recovery" of the password.

Re:Imagine what Facebook is able to do if some dud

[betterunixthanunix]

That was, in fact, the first thing Mark Zuckerberg used Facebook to do: gain access to others' email.

http://www.businessinsider.com/how-mark-zuckerberg-hacked-into-the-harvard-crimson-2010-3

It would seem...

[betterunixthanunix]

So, it would seem that people do have an expectation of privacy when it comes to their email. Well, glad to know there won't be any warrantless surveillance now.

Think of the children laws.

[0100010001010011]

In some states, the age of consent and child porn statutes have the same age limits.

For instance, a quick read of NV law shows the AOC to be 16. Child porn is defined as sexually explicit blah blah blah involving a person under 16. Federal law makes it a crime with a person under 18, but there may be some state line/interstate commerce nexus that needs to be fulfilled.

I didn't feel like looking at too many states, but found this same AOC/CP thing with NH-16/16.

Many states forbid distributing/exhibiting obscenity to people under 18, regardless of their AOC/CP statutes.

So, excluding the feds, it's not a crime to have sex with a 16 year old or film it. But, she can't watch the tape afterwards. It's a crime to allow her 16 year old friend to watch the act as it occurs, but not a crime to have her join. Neither of them can smoke a cigarette or have a beer afterwards. If either one were to rob,beat,kill one of their fellow particpants, they would be tried as an adult in every state in the country.

Re:Think of the children laws.

The fact that it's sent over a computer network (internet) or over a telecommunications network (cellular) is enough to get the feds involved. The statutes are purposefully broad. My Brother The Lawyer is fond of saying that if you've ever been within 10 feet of a mailbox or telephone in your life, you're probably guilty of mail or wire fraud. You just have to hope that your case isn't sensational enough that The Powers That Be think you'd make a good example to the other perverts.

Re:Think of the children laws.

[BigFlirt]

What happens in the case that mirrors are present? Is she not allowed to watch herself having sex _while_ having sex?

Re:Think of the children laws.

If either one were to rob,beat,kill one of their fellow particpants, they would be tried as an adult in every state in the country.

Only if they're black!

Re:Think of the children laws.

It's a crime to allow her 16 year old friend to watch the act as it occurs, but not a crime to have her join.

How many people will now use this excuse to try and get a threesome.

Not news...

This is lifted from a PCWorld article dated Nov. 2nd.

http://www.pcworld.com/article/209584/cops_hacker_posted_stolen_xrated_pics_on_facebook.html

Dumbass

[flyingfsck]

Why go to all that trouble to find nude pics when you can get all the nude pics and live webcams you want on the net without any hacking required?

Re:Dumbass

[Gripp]

good point!

Re:Dumbass

Why go to all that trouble to find nude pics when you can get all the nude pics and live webcams you want on the net without any hacking required?

Whoa! On the internet? When did this start? I've been missing out.

Re:Dumbass

[edawstwin]

We've seen all of those. We want new pics!

Re:Dumbass

Because those pictures were not meant to be distributed, making them all the more interesting to look at.

How's that Cloudy Data Security Thingy...

[couchslug]

...working out for ya? (runs)

Re:I'm confused -- I thought they were for PW rese

[sangreal66]

I don't know if they still do this, but Yahoo mail used to work this way. It is how Sarah Palin's e-mail account was accessed. They can't e-mail you the new password unless they have a secondary e-mail account on file

Security questions weak by default?

[Drakkenmensch]

It's all too easy to find your mother's maiden name or your city of birth... unless you sign them up as some impossible answer like "Kim Plausible" and "The Kingdom of Nor-Kadrel". Good luck data mining my profiles for THOSE!

Simple fix

[IGnatius+T+Foobar]

It wouldn't be difficult for Facebook to automatically reject (or at least warn you about) status updates that contain strings which match either your password or the answers to any of your security questions. At least force the user to think about it.

Re:Simple fix

[Gripp]

i think that verifying via SMS (for those with phone #'s associated with the account) would be a good feature. its gotten a lot harder to spoof ANI at the carrier level, and would at least provide that much more pain for those who are trying to get into your account.

Re:Simple fix

[pipedwho]

i think that verifying via SMS (for those with phone #'s associated with the account) would be a good feature. its gotten a lot harder to spoof ANI at the carrier level, and would at least provide that much more pain for those who are trying to get into your account.

And as a secondary bonus for FB, this also encourages the user to enter a real phone number which can later be sold to the highest bidder.

Re:Simple fix

Sure it would - at least for the password.

Facebook doesn't know your password and other details - they know a salted hash for your password. To check every message/update/etc for that means salting and hashing (at a minimum) every space separated word in an update and testing that against the password hash. Then checking odd spaces for separators (in case your password contains a space, for example), and so on.

Basically, you'd be increasing their back end CPU load thousands of times over, which in turn would mean either the service implodes, or the overheads become to expensive to maintain - the cost of *not* making that comparison, even if they get sued for it, is going to be peanuts against the cost of making it.

Re:Simple fix

[Gripp]

lol, yeah i posted that and not but 30 minutes later i saw a story about FB selling home addresses and phone numbers....

Re:Imagine what Facebook is able to do if some dud

Friends don't let friends use Facebook.

Great Legal System!

[kyrio]

>hacking, identity theft, child pornography >did not hack, did not steal any identities, did not create any child pornography.

anyone with an email account?

[gcalvin]

"This case highlights the fact that anyone with an email account is vulnerable to identity theft,"California Attorney General Kamala Harris said in a statement.

And this quote highlights the fact that California has elected an idiot to the office of Attorney General.

Cool

Now, exactly how did he do it ? ;-)

Anonymous "tips" about suspects is bad.

I've been on Slashdot for roughly 2 hours and I have no intention to register since reading your post. Anonymity is not a legal standing from interest to procure an action at law: It is lack of evidence, not even a suggestion, and counterfeits the liability clauses proscribed into law.

If you are going to Commit someone else to receive the corrections and damages of Corrections under a Court that professes to dispence such, then you either man-up to become that Court by doing the job yourself in drawing that offender to you and correcting them in all sincerity, or you shut the fuck up and join the cowards of government-paid thugs that ruin someone's life in maintaining the dispute.

I have more respect for non-licensed pharmacists, people that steal because they hunger for food, and murderers that are DIRECTLY protecting themselves and others that appealed to them for the immediate last-resort murder they caused.

You however, /b/ is that'a'way...

Re:Anonymous "tips" about suspects is bad.

[eleuthero]

You apparently do not have much experience with children who have been abused. In working for a public school I was the first to hear of one situation (which made me legally required to fill out a form for the state) and a second to hear on several occasions (one where the mom murdered dad and then after the mom's boyfriend moved in (prior to conviction), the student started sleeping with him after he made advances... messed up). After the initial information given to CPS, the first to hear is not always in the loop unless needed for a potential court case.

Re:Anonymous "tips" about suspects is bad.

[JWSmythe]

    If, in the hypothetical situation, I were to come to you and ask for your advice on how to proceed, if it's something that you'd need to report, you would likely advise me to report it too. If it's nothing, you'd advise so, and there wouldn't be anything to report. Say in another situation someone came to you and said "this kid is acting out", and you saw it as perfectly normal childhood behavior, would you report it to CPS?

    Wouldn't you agree, doing something is much better than doing nothing and then mentioning it as weird on Slashdot at some point in the future?

Re:Anonymous "tips" about suspects is bad.

[eleuthero]

I would definitely agree that reporting events should come after careful consideration of the individual situation. In the case where I was the "outcry" witness, I did go and speak with the school's counselor first in order to make sure I had a proper perspective on things. When we fail to interact with others, bad decisions quickly result.

Kernell could have gotten off with little

[Quila]

A slap on the wrist at most, probably community service and probation. What got him jail time was the felony count of "anticipatory obstruction of justice by destruction of records." Courts don't like it when you obstruct justice.