Slashdot Mirror
UK Student Jailed For Facebook Hack Despite 'Ethical Hacking' Defense
Diamonddavej writes "The BBC reports that software development student Glenn Mangham, a 26-year-old from the UK, was jailed 17 February 2012 for eight months for computer misuse, after he discovered serious Facebook security vulnerabilities. Hacking from his bedroom, Mangham gained access to three of Facebook's servers and was able to download to an external hard drive the social network's 'invaluable' intellectual property (source code). Mangham's defense lawyer, Mr. Ventham, pointed out that Mangham is an 'ethical hacker' and runs a tax registered security company. The court heard Mangham previously breached Yahoo's security, compiled a vulnerability report and passed on to Yahoo. He was paid '$7000 for this achievement,' and claims he was merely trying to repeat the same routine with Facebook. But in passing sentence, Judge Alistair McCreath said despite the fact he did not intend to pass on the information gathered, his actions were not harmless and had 'real consequences and very serious potential consequences' for Facebook. The case's prosecutor, Mr. Patel, said Facebook spent '$200,000 (£126,400) dealing with Mangham's crime.'"
This guy had no business doing what he did. AFAIK you need a signed agreement with the company in question to perform penetration testing, otherwise it's illegal, no matter what your motivations are.
So Zuckerberg had to go to his wallet instead of pulling change from his pants pocket, maybe the hacker should have been less ethical and just sold the code.
"If any question why we died, Tell them because our fathers lied."
It is inexcusable to let people pass judgement in matters they don't comprehend.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
The case's prosecutor, Mr. Patel, said Facebook spent '$200,000 (£126,400) dealing with Mangham's crime.'"
So, they spent money securing unsecured servers?
Can we use the cost of having to install locks and security systems in homes to deal with theft to increase the punishment of the thieves?
He broke in through the window, now my house needs $xxx for a security system which protects windows as well, and its all his fault
If that's all they spent, then they are either some serious cheapskates or someone was a complete idiot.
Sounds like Facebook spent $200,000 fixing their security holes that he found. Security through obscurity is not security. In light of his 'tax-registered security company' status, and past efforts with Yahoo, I think the judge in this case made the wrong decision.
White hat ethical hacking is only ethical when you have permission.
In the case of companies like Yahoo, you can do this. But in the case of Facebook, it's better to sell any uncovered flaws to interested parties other than Facebook or to simply release the information anonymously to the public.
These "damages" are the lawyer's fees associated with making claims against the "criminal" and the programmers needed to correct the vulnerability... (which are probably the same programmers whose code was vulnerable in the first place.)
Facebook, you just set the tone for how security researchers will reveal your vulnerabilities in the future. You just made a very uncomfortable bed for yourself to lie in.
He also did not cause any real harm. I guess how far to the left or right one leans determines whether or not the line should be drawn at "causing harm" or "had no business doing it."
Palm trees and 8
...but a breach into any company is a break-in-and-entering if you haven't been assigned to do so for testing the security vulnerabilities by the company itself.
It's kind of like catching a thief without any goods, but inside of your home. Uhm...I'm just testing your security system, now you know you have a weak system, thank you - I'll mail you the bill.
What this world is coming to - is for you and me to decide.
Lesson learned, next time: hack; post details on 4chan; ???; profit!
I call bullshit. He "runs a tax registered security company," which means his motivation was largely if not entirely monetary. Hardly ethical.
ooo, that's got to hurt.
That is, doing a security audit, implementing tests and fixing bugs? If you have poorly tested code, and you notice it because someone is trying to get in through the back door, you should not try to charge them for your own faults.
Hopefully, you would have spent that money anyway.
If you hadn't, then good thing someone came in before you had also to face more serious consequences (as in a public exploit or distributed attack).
42.
Claiming he caused $200,000 in damages is absurd, what is the actual damage? Fixing vulnerabilities that were there in the first place?
I always think it's funny that when hackers get busted and the company has to spend a ton of cash on securing their servers/software they claim it's somehow the hacker that caused the damages. They had to be secure in the first place.
So you're walking through the business district of a city and just jiggling door knobs to see if anyone left anything unlocked.
Why? Because you're a "white hat".
That's the FIRST issue that you have to get through to the judge.
Once you find an open door, you go inside and take some important stuff out. So that you can prove to the company that you were inside.
That's the SECOND issue you have to get through to the judge.
Then, you call the company and tell them that door X is unlocked and you can prove it because you have property Y.
The company (being unenlightened and still thinking in physical world terms) calls the cops and you are arrested. Even though you intended to give property Y back to the company.
It makes sense that way.
So, do NOT freelance. If you do NOT have a signed contract with the company you CAN be prosecuted. You have to put in the EXTRA EFFORT to distinguish your actions from the actions of the bad guys. A signed contract does that.
he found out that the admin password was "dieZuckers".
Because their actions are actually the real cause of 'real consequences and very serious potential consequences' for Facebook. Why should Glenn Mangham pay for mistakes made by facebook employees?
You don't hack a bank across state lines from your house, you'll get nailed by the FBI.
But in all seriousness, really? Has this guy not read the news ever? Throwing out common sense, ahh nevermind.
The case's prosecutor, Mr. Patel, said Facebook spent '$200,000 (£126,400) dealing with Mangham's crime.'
Mr. Patel? Is that Mr. Synthesizer Patel? I guess he discovered music wasn't paying the bills.
#DeleteChrome
Hacking from his bedroom, Mangham gained access to three of Facebook's servers and was able to download to an external hardrive the social network's 'invaluable' intellectual intellectual property (source code).
That sounds mighty intellectual...
Shouldn't we be jailing the Facebook people for not securing our data properly ??????
Considering that most of the judge from the 21st century are, at most, 12, and not even lawyers, let alone judges, yet kinda makes this tough.
I salute you sir; nicely done. Although the disturbing thought did occur to me that perhaps the GP was in fact calling for the reinstatement of nineteenth century judges to adjudicate these newfangled matters.
Key kids, here's the take-home message: Did you discover a serious security vulnerability in a corporate or government agency? DO NOT TELL THEM. You will be fucked in the ass. If you think you can get away with it, sell the info. Otherwise publish it anonymously.
In the Netherlands, damages are only that what you have to spend to put the original situation back. If that means reinstalling 3 servers from scratch, I doubt you'd be looking at 200K. However, if you need to do forensics to actually establish that it was just the 3 servers and you need an external company to do that because privacy regulations from the government mandate that, 200K sounds plausible.
If you were never planning on releasing or selling any of the vulnerabilities you found. If you were willing to give them to the person/business you hacked in to, without any compensation, you'd be called an ethical hacker. Mind you, that doesn't make it less illegal to do the hacking. You just won't be guilty of other crimes.
As a business, it makes no sense to have an ethical hacker prosecuted, since they are providing a service for you that would normally cost you a very substantial amount of money. However, not paying people will not help getting people to be "ethical" with you. Getting them prosecuted will not help either, they will just hide their tracks better and simply sell anything they find to the highest bidder, or put it out in the open for anyone to abuse. Groups of people with "poor impulse control" might take offense from a judgement like this and take their frustration out on the company that decided to get the hacker prosecuted.
I was promised a flying car. Where is my flying car?
This guy had no business doing what he did. AFAIK you need a signed agreement with the company in question to perform penetration testing, otherwise it's illegal, no matter what your motivations are.
While that may be true, that doesn't appear to be the judge's rational for convicting the kid.
It sure sounds like the judge is rationalizing the ostrich strategy when he says that the kid's actions had 'real consequences and very serious potential consequences' for Facebook. Those consequences existed not because of the kid's actions but because of facebook's security failings. Even if the kid had done nothing, those vulnerabilities would still be there and facebook (and more importantly facebook's users) would have faced just as much, if not more, risk than they did if the kid had done nothing.
26 isn't really a "kid", is it. But true, they should have granted him more benefit of the doubt of what his intentions were. But still, one can not simply go hacking stuff and say you're "pen testing". Penetration testing has procedures that need to be followed to avoid getting into shit like this guy.
is it something like 'real consequences and very serious potential consequences' for facebook -> 'dude, you're fucking up our IPO' -> massive lawyer attack?
After reading those post I have several questions/remarks:
1. Is it better for some vulnerability to be found by a guy that will report it, or by someone who will exploit it? With this jail sentence, those that will report it will be discouraged to do so.
2. Even if this sentence prevents someone from hacking facebook, it won't discourage bad guys from some obscure, or less obscure, countries. When vulnerability is there, it will be exploited, sooner or later. Facebook is very attractive target.
3. If I had a security company and I wanted to check if there are any vulnerabilities present in Facebook server and/or code it follows that I have to seek a permission from Facebook. How many people do regularly try to hack Facebook? How many actually find something? What if all of them would ask FB a permission? Isn't that apsurd when you think a bit about that?
4. Facebook says that damages are $200,000. Well, I just wonder how high damages would be if Anonymous, LulSec or similar had found the vulnerability. I believe that in that case FB would immediately agree on aforementioned $200,000 for damages.
Hes a Brit you twit.
Good-bye
I wonder if their definition of "computer misuse" differs from mine.
I'm envisioning people spending eight months in jail for using their CD drive tray as a cup holder, logging into AOL or installing Windows XP.
Saying "I'm an ethical hacker" when you get caught, doesn't mean you don't do time.
It means you are an idiot.
Alex
In 2005, Chris Putnam had created a Facebook worm, eventually the worm got traced back to him and Facebook hired him.
Facebook has also previously hired Geohot, of the iphone/sony hack fame.
... if they discover what they believe might be a vulnerability in somebody else's software, perhaps not deliberately trying to do so, what do they do? I mean, the only thing that would actually qualify as proof of a real vulnerability is if they downloaded something they weren't supposed to, which might require actually trying to do, but at the same time it would be illegal to attempt to do so. What is a person really supposed to do?
File under 'M' for 'Manic ranting'
doesnt facebook actually encourage the testing of their networks as long as responsible disclosure is followed
http://www.facebook.com/security#!/security?sk=app_6009294086
they even have a special section for white hats to report bugs and security issues.
So it's okay to hack a small business but not a large international one? The legality of an offence depends on the amount of capital the plaintiff has? The rich now have more rights than the poor?
So yeah, downloading an external-drives worth of information did not seem suspicious at all. For me, I am all for find vulnerabilities and letting the company know. But when you end up downloading all that information, it just seems a bit odd. Than again, I am not a super class SSS hacker so my feeble mind probably cannot comprehend the reasoning behind doing so,
WTF is a hardrive?
Mangham's defense lawyer, Mr. Ventham, pointed out that Mangham is an 'ethical hacker' and runs a tax registered security company.
Doesn't sound so ethical to me.
He's running a business. That means he ought to abide by the rules we expect to apply to businesses. In this case, obtain prior consent, agree on charges/fees/rewards up-front, and do not copy what isn't yours to copy.
(A lot of businesses don't abide by these rules, but that's why we get all pissed at them for being unethical.)
It doesn't look like this "student/business owner" bothered with any of that, and got in trouble for it. Not really much of a story there.
Why Facebook isn't being lambasted for their shoddy system is another matter. Their breach of ethics for failing to design a reasonably secure system is arguably more significant than this unethical 'ethical hacker'.
We don't let banks get away with designing bank vaults made of 3/8" drywall over 2x2 studs. We expect banks to put forth a level of effort securing the valuables in their care proportional to the value of what's being protected. If they do a shoddy job and fake it, and get robbed, we'll punish the robbers, sure... and then ensure that heads roll at the bank.
Pick One: http://www-rohan.sdsu.edu/~stremler/sigs/sigs.html (Note - disable Javascript first!)
And yet, even if I accepted this as true, burglars -- even serial burglars -- are not sentenced based on potential deaths
And neither was this guy. He was sentenced for what he did, the judge was just giving him the traditional 'your lucky you didn't kill someone' lecture when passing sentence.
Car analogy; It's the same as a judge lecturing a drunk driver and telling him that he's lucky he's not on manslaughter charges. The drunk isn't being convicted or sentenced for potential manslaughter, he's being convicted and sentenced for DUI.
I've been in my fair share of court rooms and there's one thing Judges and Magistrates all seem to enjoy doing most, asserting their dominance over the courtroom by lecturing people like small children. This feels great when they are attacking the other guy's lawyer, not so much if they attack you.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
On the one hand, Mangham definitely didn't have prior authorization. His actions were illegal, regardless of his intentions.
On the other hand, Facebook's long-term security has been dramatically weakened. Now, anybody who finds a vuln in Facebook isn't going to report it for fear of doing jail time.
Sounds like a fuck-up for everyone involved.
"Alison Saunders, from the Crown Prosecution Service, described the case as "the most extensive and flagrant incidence of social media hacking to be brought before British courts"."
So News Corps phone hacking scandal paled in comparison? Oh I know what you're going to say News Corp isn't a social media site, then my answer is "It isn't news either"
I think the real issue here isn't the hack, I think it's that Goldman Sachs has plans for Facebooks IPO and wants to set an example for the shareholders to see.
The hackers real crime was his terrible timing.
"If any question why we died, Tell them because our fathers lied."
If only Harvard had prosecuted Zuckerberg when he hacked Kirkland House's online mailing lists to spam users with links to his Facemash service, Facebook might have never existed and this may have never happened at all.
Exactly what are those costs for? Shoring up holes they should have shored up anyway? How is that the students fault at all? How is that a consequence of the students actions? If anything FB should be fucking thankful to him, and apologetic to its users for having that hole in the first place.
If you discover a problem, you stop what you are doing and contact the party and offer what ever information you discover to the involved party. You explain the situation how you got where you got and hope that the full disclosure and assistance will be enough to keep you out of trouble. Finding the problem and not disclosing it can eventually be worst ... since any evidence you leave behind may end up pointing the finger at you if some other party decided to do "the wrong thing".
Once you know you found a "broken lock", using the "door" to gain access to other door is a deliberate violation of the law. If you are really an "ethical" person, then all you do is notify the affected party ... without walking thru the "insecure" door.
In this case, the guy didn't find a broken door. From what has being published, the guy used social engineering to illegal gain access to the account of an employee while the person was on vacation. Then he use that account to open other accounts and steal source code from a server. There was nothing casual about what the guy did. Everything was very deliberate and calculated. You have to be a complete idiot to believe his cheap "ethical hacker" excuse.
How many of us remember the lessons Randall Schwartz taught us (the hard way)?
Here's the home page for the "Friends of Randall Schwartz", who supported him when he and Intel disagreed on the propriety of a SA running Crack: http://www.lightlink.com/spacenka/fors/
Sentencing Mangham, Judge Alistair McCreath said his actions could have been "utterly disastrous" for Facebook ... and had "real consequences and very serious potential consequences"...
I wonder if the judge is aware that his assessment of Mangham's actions, as quoted, is also an accurate assessment of the security flaw that Mangham exploited, that existed before he even touched a Facebook server. I see no mention of the potential loss to Facebook had the security flaw been exploited to do real harm. There is no question that this would have made $200,000 look like a small amount.
It is my opinion that the court completely failed to see Mangham's actions in perspective. Theft of IP is a serious matter. However, the judge
acknowledged that Mangham had never intended to pass on any of the information he had gathered, nor did he intend to make any money from it
Furthermore, no actual damage was done. The sentence was all about risk. The judge said:
"The creation of that risk, the extent of that risk and the cost of putting it right mean at the end of it all I'm afraid a prison sentence is inevitable."
But if the sentence was all about risk, why did the judge not consider the enormous reduction in risk that resulted from Mangham's actions? Was the "creation of that risk" was all a small price to pay for closing what is obviously a colossal security hole - a much bigger risk?
The bewilderingly long prison sentence leaves me wondering if there is more to this than we can see. For example, we all know that social media is a key tool used by intelligence gathering agencies. What, or should I say whose, intellectual property did Mangham really see? Also, if people become concerned about the security of social media, they may stop using it. The more evil and clever Mangham is made to look, the less disturbing the Facebook security flaw appears.
Fuck the corporations if you find a vulnerability, hide your track and just let it out into the wild.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
In 2005, Chris Putnam had created a Facebook worm, eventually the worm got traced back to him and Facebook hired him.
Facebook has also previously hired Geohot, of the iphone/sony hack fame.
You cannot prove that Facebook hired Chris Putnam because he created the worm and broke the law. You cannot prove that Facebook hired Geohot and Geohot didn't actually break the law.
The situation with Geohot was political so it's very likely he got hired for political reasons not because of what exploits he did. Facebook probably only hired him to look good and look friendly towards the hacker community.
Breaking the law isn't how you get hired and if you think so then you're a sucker. Breaking the law is how you get turned into a Adrian Lamo and no one wants to be him.
If I walk into a bank and tell the manager, all the flaws in their security , he might get anoyed but you havent broken any 'known laws' (who reads all 13000 pages)
I bet $199,000 of that loss to facebook was hiring a lawyer.
Liberty freedom are no1, not dicks in suits.
He could have reported it but he didn't just report it he exploited it. He could have just written a technical paper.
Post the source.
He's got 8 months to learn all about a different kind of back door probing!
Just because it CAN be done, doesn't mean it should!
The bewilderingly long prison sentence leaves me wondering if there is more to this than we can see
Not to mention that for most hackers, even 8 HOURS would very likely lead to being brutally victimized.
At least if Mr. Megaupload.com gets convicted and sentenced, he should be safe (300+ lbs, a lot of muscle!).
Just because it CAN be done, doesn't mean it should!
Why was he trying to crack Facebook's security? Was he contracted through another party to do so, was he invited to do so? Or was this just some random "I'm a good person who like to find security issues on someone's website and tell them" thing? Why Facebook?
I am John Hurt.
... the JUDGE says the defendant COULD Have hurt FaceBook -- so he passes sentence and punishes him.
Judge Alistair McCreath said despite the fact he did not intend to pass on the information gathered, his actions were not harmless and had 'real consequences and very serious potential consequences' for Facebook.
Just scratch that bit about "real consequences" -- Facebook in no way had ANY real consequences other than perhaps a bad news day for their security -- nothing new there. Nowhere in our judicial system are we SUPPOSED TO be convicting people of potential crimes -- only for actual crimes and damages. Not even "seriously extreme" potential crimes.
In fact, if this White Hat "hacker" had wanted to, he could have made far more money peddling the proprietary information to MySpace or some competitor.
>> The result of cases like this is fewer White Hats helping with security, and companies blindly assuming everything is perfectly secure because nobody has told them otherwise. Meanwhile, many of their customers experience identity theft and people scratch their heads and wonder why the world is so dangerous and unpredictable.
He should be rewarded, or maybe even offered a job at the NSA or the FBI
Sorry but whatever his intentions he must have been living under a rock to think he could do this repeatedly and not run across someone that would press charges regardless of his good intentions (real or not). And how could he not know that a court would rule against him? It's not like he is the first to try this. But..
Does anybody else think that when anything is connected to the internet it should be entirely the problem of the person who connected it if something happens? Ok, let me explain what I mean. You have a computer. You write code that tells it to respond to sequences of 1s and 0s (high and low voltages) in various ways. Or.. you pay someone else for the code. Either way you put this thing there. You put the code in that makes it respond to someone else's 1s and 0s. Then you plug it in to this really big public network. You connected it to a huge mess of wires, fiber optic cables and radio links which you do not own. You do not control it. And you know that billions of other people can send their own sequences of 1s and 0s to your computer across this network using the connection that you put in place.
Now somehow when someone sends a sequence of 1s and 0s that you don't like they are legally culpable? Somehow this is equivalent to vandalism or trespassing, etc...? Even when done by someone that has never been within 1000s of miles of your actual physical property? Somehow when they receive the 1s and 0s that your computer sends them it's theft?
Am I the only person to think the world has gone bat shit insane?
And yet in this country you can get a community or suspended sentence for violent assault :(
Compare 200k$ to the 100 Billion $ evaluation of Facebook.
If you consider the guy living a 100 years, he should be jailed for 1.75 hours.... not 8 months.
On another note, Facebook should pay a fine for having security issues, who says my data wasn't already stolen and sold by some non-ethical hacker.
MM
Why do we kill the messenger? This is crazy. This guy deserves a thank you, a medal and a high paying job offer. To be guilty of a criminal act, there must be two elements present, the Actus reus and the Mens rea (see http://en.wikipedia.org/wiki/Mens_rea). 'actus non facit reum nisi mens sit rea, which means "the act does not make a person guilty unless the mind is also guilty".' Sorry, this guy definitely did not have the mens rea. Why do we kill the messenger? What is wrong with us? Before you choose a side to fight, forget about who's wrong or right If you like your neck, you best as heck start rooting for the winner This brave new world is knocking at your door, and you better let it in The constitution's evolution never made a contribution to the revolutionary man And it's a crime To speak your mind And it's a crime... Don't say a word, cuz if you're heard That blade is gonna fall Wrong Side of the Revolution - Josh Woodward http://www.joshwoodward.com/song/WrongSideoftheRevolution
It is not even a question of the lock being broken. It is that the window was left unlocked and this idiot-child climbed in. The 200K in damages is bogus (paying to have someone go around and lock the windows), but the idiot child still climbed into a place where he was not invited.
This geek has done facebook a favor but exposing the loopholes in their system, now facebook has an opportunity of making their system more secure, and that is how communities of developers can help make the internet more secure. Facebook's/Courts chest thumping isn't good for anyone because next time someone comes across a hole, facebook will have to eat it's pride
When it is illegal to hack systems then make it illegal to fail to protect your systems in a good manner..
Company X keeps credit-card records on it's server and have not installed a single patch in a few years......
- Blackhat comes along and steals the stuff, all while maintaining anonymity.. Company reports that it had an intrusion....... Nothing happens...
- Whitehat comes along and sees that he can get the stuff, reports it back to the company. Company sues the person... Whitehat hacker goes to jail...
In neither case there where any prosecution of the actual company that should PROTECT sensitive information in a good manner...
As a reference... have a look at all the hacks against Sony's PSN... basically all the time it has been due to a unmaintained server or bugs like sql-injections that would have been found if some penetration-testing had been done..
Now since it's illegal to hack we should make it illegal to keep unmaintained/untested servers with sensitive information.
Isn't it the exact thing Mark Zuckerberg did at Harvard when he was drunk and said that they owed him a favor cause he found vulnerabilities, I dunno if it was a real fact, bu at least that what the movie depicts.
White hat people (and gray hat like this one looks like) go around Facebook in wide circle.
Facebook is left to its obviously non-competent, happylawyery self and, of course, to black hats.
Good thing I never put anything remotely important on their servers.
Also possible - Facebook pleads for this guy, now when he is sentenced, to get maximum positive press.
http://opencm3.net, http://www.nongnu.org/gm2/
Welcome to the Corporate States of America! Our jurisdiction is worldwide and we have storm troopers and psychophants all over the universe! Property rights, "intellectual" or not, trump human rights by miles.
In general, the answer to that question is as close as the technologically illiterate fuckhead any given judge will see in his or her bathroom mirror.
Tech Public Policy stuff
Typical politically correct over interpretation of the crime by a technology illiterate judge with no regard to the victims (none) or the act (passive). It's getting close to the time when we have to stop calling our society democratic and come up with a new name for the elected totalitarianism we've created for ourselves.
I find it funny that people can even consider this an offense that requires pineal action. Issues of intelectual property notwithstanding (i disregard the notion of IP as a justifiably stable reference point for the issues at hand) this shows that vulnerabilities exist. This shows that an unauthorized third party can and did gain access to data that was supposively secure. Claiming that the man somehow cost the company money is a stupid argument, those holes existed, if you as a company want to retain trust or secrets you were going to plug them anyway, once brought to your attention. You, as a company decided to hook into an open and untrusted network, and allows communication to your information systems from that open and untrusted networks. These things are going to happen, no mater how much you prosecute offenders of archaic spacial relation laws. As a company that exists beyond a strict spacial plane, you must be savvy as to these underlying facts. If there is a hole, it will be exploited, and as the number of internet connected devices increases, so do the chances of those holes being exploited and the likelihood of a successful breach. You can't stop the curiosity of the human mind nor its ingenuity, and you should not seek to. It is simply not logistically possible to have the number of security professionals needed to have a 100% breach proof system. It is, however, possible to cultivate the huge amount of raw tallent ever steadily accumulating with those connected devices. It is not, however, possible to retain the benefit of benevolent pro-bono 'security consultants' if you demand all of them pay you money while you demonize them. You will never be able to keep your security up to snuff if your knee-jerk response is to punish curiosity. You need to be flexible. You need to be creative. You need to be curious. You need to want to improve your system in ways nor previously explored. In short, to survive, Facebook needs to learn that in being the largest information 'thief' on the internet means that it is necessary to take input form the benevolent 'thieves' pounding on their security 24/7. .... IMHO, of course.
Psychopaths function under the delusion that they are perfect at all times.
If you come along and point out where they can improve, they will blow up at you for illustrating that they are not already perfect.
Industry is riddled with psychopathic thinking.
People in power need to be tested for pyschopathic traits, and if they fail, they need to be removed.
And don't let your casual viewing of stupid TV shows inspire the belief that psychopaths can be trained, (Dexter) or that they 'wish they had a soul' (Sherlock) sway your thinking. That's just more (and apparently very effective) manipulation. TV is not information. It's deception.
Because, surprise, surprise; the TV industry is riddled with psychopathic thinking. And idiots.
To hell with Moffat, btw.
Fixing the huge gaping security loophole they created in the first place, which put everyone's privacy and data at risk ?
FB should have intervened on this guys behalf, he did them a HUGE favor.
But its really his poor judgement concerning the type of company and personalities involved in FB that got him into trouble. You can't expect ethical outcomes when dealing with people who's entire business model is based on unethical attitudes about the public using it's services.
there has been a constant decline in "good" hacking atempts aka penetration testers/ethical hackers. Who merely do it for free, not asking for any premium $$ and infact they do it on any random day. Thereby testing the security of our servers, applications. And this is a good thing (IMO). :)
But cases like this one.. (FB :/ ) this would only irritate the good hacking community! :( Facebook on the other hand not realizing the potential, the helpful nature of the later is just putting a blanket over it and instead of thanking him is suing the fella :( Oh c'mon.. :/ :/
FB suks
It's none of our business, and certainly doesn't justify unapproved penetration testing.
To have a right to do a thing is not at all the same as to be right in doing it
When you plead guilty to a crime in the UK, what you are actually doing is acknowledging all of the prosecutions evidence to be true even though parts may not be factual. Sadly this is the way the British legal system works and one is encouraged to "Plead Guilty" for a third off the sentence in order to save court time.
This has a negative impact whereby some people pleading not guilty, go through a trial and then get slammed unfairly. I do not want to rant on about miscarriages of justice but even the Attorneys General Office turn a blind eye of what is deemed "within the public's best interest"
This young man was lucky with 8 months, he will be out of prison on an electronic tag after serving around 3 months. It is a great career move though as he will be hired... Lets just hope not by bankers!
All cows eat grass!
He's 26, not 16. Believe it or not, there is a big difference. Einstein dreamed of traveling at the speed of light when he was 15. When Einstein was 26 he wrote the Special Theory of Relativity.
funny
I bet that judge is an IE7 WinXP SP1 user who insists on staying on Office 2003.