Im not clear here, unlocking is specifically for joining a new carrier, correct? TFS indicates that fulfilling your contract would allow you to unlock your phone, and if you havent fulfilled your contract Im not seeing how you could have unlocked your phone anyways without breaking contract.
From TFA
Other people just like the freedom of being able to switch carriers as they please.
Which you cant do, nor should be able to on contract-subsidized phones, until the contract term is complete; however you could always
.... pay full-price for a phone, not the discounted price that comes with a two-year service contract, to receive the device unlocked from the get-go.
There could be many motives behind that, and it does not necessarily mean that China is upset about the launch.
There could, for example, be value in privately encouraging an aggressive stance towards the US while publicly declaring a more neutral stance. For one, it doesnt burn all your bridges at once.
Look, its very simple. Intent matters as you mentioned, and there are mitigating factors, but at the end of the day this guy accessed systems in an unauthorized manner which generally falls into "attack" territory. The above can be used as defenses, but youre already in trouble at that point.
The very simple answer is that this guy made a bad decision, though perhaps he did not know better. Now he does, and hopefully will not repeat the mistake. We could discuss all day whether he should be allowed or could be allowed or whether the laws are right, but in the world we live in scanning a company that does not want to be scanned (as in this case) can very easily land you in trouble and pretending otherwise wont change things.
He was not in the least authorized to run vuln scans. IANAL but most experienced network guys you will talk to (including the nmap guys) will tell you, dont do it without explicit approval.
Unless youre a lawyer, probably best not to post things like you did, lest someone take it as actual advice and end up in a whole heap of trouble.
Running penetration tests on random companies' resources without prior authorization is a really bad idea, and perhaps this guy is lucky that expulsion is as far as it went.
"Hackathons" refer to coding sessions, which is a completely different usage than how it is being used here.
From the article: Two days later, Mr. Al-Khabaz decided to run a software program called Acunetix, designed to test for vulnerabilities in websites..... A few minutes later, the phone rang......It was Edouard Taza, the president of Skytech. He said that this was the second time they had seen me in their logs, and what I was doing was a cyber attack.
Yea, see, this is why insecure.org has warnings to not run nmap against resources that you do not own: It is generally considered nefarious, ill-advised, and possibly illegal. Yes, pen-testing other people's stuff will land you in trouble. Should he have been expelled? Maybe not, since he was clearly trying to expose a vulnerability, but he should have known better and hopefully now he does.
Probably also should not have signed that NDA and then gone on to break it, but then Im no lawyer. Probably should have just said "yea, I sign nothing till i have representation".
If you do not have a job / contract with someone to pen-test, act as a "tiger team", check for physical security breaches, etc, DONT.
You know, we blame civil engineers when their buildings collapse,
You dont, however, blame them when someone helpfully demonstrates that by taking out support pillar 3A with TNT that the building suffers catostrophic failure. I mean, yea, maybe you blame them a little, but generally you get pissed at the guy holding the detonator.
Correction: Was assuming a 9-disk RAID 0. I think the actual failure rate for 9-levels of nested RAID0, RAID1'd, would be 99.99999999921383102043346279157%.
If a company says "get a court order or get bent", im not clear what recourse the gov't would have. They can ask nicely, and a company can comply, but that probably wouldnt go over too well with the CA if that ever leaked out (read: would utterly sink the CA).
Google isnt doing anything except saying "most people searching for 'Guy Hingston' also search for 'Guy Hingston bankruptcy'". This is a fact, and not one that google created or oversaw.
As far as I am aware the telling of true facts is constitutionally protected, and regardless its not even a human saying it, just some statistics-bot in the search engine.
Im just not clear where all of these rights keep coming from, it seems like a new one is invented every year. What gives me a right to be forgotten? Why dont others have a "right to remember"?
Google is letting people see what other people searched for. That information is indeed correct. People are then forming invalid conclusions (that if someone searches for X, X must be a fact), but Im not clear why that would be Google's fault.
I can see the concern, but I dont see any basis for pointing a finger at Google.
Its not clear whether the US govt could MITM ssl (at least to me)-- DoD certs arent installed by default and Im not aware of any other gov't controlled root CAs that are generally installed by default.
If Im mistaken, would be interested to know specific root CAs they control.
I mean any basic network now uses switch over hubs now, So traffic is routed more cleanly to the host system with less spots for you packet sniff
Well, except for ARP poisoning, mirror ports, and in-line sniffers, sure.
Who actually reads data packets anyways nowadays?
You might be suprised. What do you suppose DPI is? You might be interested to know that even low-end firewalls like SonicWalls have a module for MITM-ing SSL on a network where you control cert installation. And rogue WiFi APs arent exactly rare.
And as for "who", I might start with "China, a lot of middle-eastern countries, and probably a couple of US 3 letter orgs under certain circumstances". This stuff isnt hypothetical.
I generally agree with your point-- that you cant just slap SSL on it and call it secure-- but you would be suprised how common packet inspection is.
AFAIK, the south had no constitutional basis for secession. You can argue the merits of their cause, but at the end of the day what they did was, from the perspective of the US Gov't, an illegal rebellion.
Might be wrong on this, but if so please provide sources.
Tablets 15 years ago were massively prone to breakage, had awful touch interfaces, had awful touch hardware, and were generally bad at everything they tried to be.
How many people have you seen with iPads and keyboards? What do you suppose those keyboards are for, if not "office-y" stuff? You dont think having the full MS Office available for surface (and built in by default) will have an effect here?
Im not clear here, unlocking is specifically for joining a new carrier, correct? TFS indicates that fulfilling your contract would allow you to unlock your phone, and if you havent fulfilled your contract Im not seeing how you could have unlocked your phone anyways without breaking contract.
From TFA
Other people just like the freedom of being able to switch carriers as they please.
Which you cant do, nor should be able to on contract-subsidized phones, until the contract term is complete; however you could always
.... pay full-price for a phone, not the discounted price that comes with a two-year service contract, to receive the device unlocked from the get-go.
Can someone clarify what the actual issue is?
I have never seen a residential phone / tv / internet subscription which came with any sort of substantial SLA.
And what pray tell are the dire consequences of the vote that they approved? Has it materially affected N Korea's fortunes?
If not, tell me exactly what the significance of China's vote is other than PR?
There could be many motives behind that, and it does not necessarily mean that China is upset about the launch.
There could, for example, be value in privately encouraging an aggressive stance towards the US while publicly declaring a more neutral stance. For one, it doesnt burn all your bridges at once.
Look, its very simple. Intent matters as you mentioned, and there are mitigating factors, but at the end of the day this guy accessed systems in an unauthorized manner which generally falls into "attack" territory. The above can be used as defenses, but youre already in trouble at that point.
The very simple answer is that this guy made a bad decision, though perhaps he did not know better. Now he does, and hopefully will not repeat the mistake. We could discuss all day whether he should be allowed or could be allowed or whether the laws are right, but in the world we live in scanning a company that does not want to be scanned (as in this case) can very easily land you in trouble and pretending otherwise wont change things.
He was not in the least authorized to run vuln scans. IANAL but most experienced network guys you will talk to (including the nmap guys) will tell you, dont do it without explicit approval.
Unless youre a lawyer, probably best not to post things like you did, lest someone take it as actual advice and end up in a whole heap of trouble.
Fuck that. What he did exposed the incompetence of Skytech,
In a way thats generally considered illegal, yes.
Running penetration tests on random companies' resources without prior authorization is a really bad idea, and perhaps this guy is lucky that expulsion is as far as it went.
"Hackathons" refer to coding sessions, which is a completely different usage than how it is being used here.
From the article: ......It was Edouard Taza, the president of Skytech. He said that this was the second time they had seen me in their logs, and what I was doing was a cyber attack.
Two days later, Mr. Al-Khabaz decided to run a software program called Acunetix, designed to test for vulnerabilities in websites.....
A few minutes later, the phone rang
Yea, see, this is why insecure.org has warnings to not run nmap against resources that you do not own: It is generally considered nefarious, ill-advised, and possibly illegal. Yes, pen-testing other people's stuff will land you in trouble. Should he have been expelled? Maybe not, since he was clearly trying to expose a vulnerability, but he should have known better and hopefully now he does.
Probably also should not have signed that NDA and then gone on to break it, but then Im no lawyer. Probably should have just said "yea, I sign nothing till i have representation".
If you do not have a job / contract with someone to pen-test, act as a "tiger team", check for physical security breaches, etc, DONT.
You know, we blame civil engineers when their buildings collapse,
You dont, however, blame them when someone helpfully demonstrates that by taking out support pillar 3A with TNT that the building suffers catostrophic failure. I mean, yea, maybe you blame them a little, but generally you get pissed at the guy holding the detonator.
Correction: Was assuming a 9-disk RAID 0. I think the actual failure rate for 9-levels of nested RAID0, RAID1'd, would be
99.99999999921383102043346279157%.
Something tells me you dont understand how RAID levels are designated.
Hint: Noone in their right mind would run something named "RAID 1000000000", unless they didnt care in the least whether their data was retrievable.
Hint 2: It has an array failure rate of ~14% over 3 years, assuming standard drive failure rate of 5% over 3 years. ( 1 - ( 0.95 ) ^ 9 ) ^ 2
I think a hard drive would fare at least as bad in that scenario.
If a company says "get a court order or get bent", im not clear what recourse the gov't would have. They can ask nicely, and a company can comply, but that probably wouldnt go over too well with the CA if that ever leaked out (read: would utterly sink the CA).
Its a problem, but its not Google's problem. Take it up with the bankrupt Guy Hingston, not with public records or their keepers.
Your complaint is that potential employers make bad assumptions and leap to conclusions based on what other people searched for on google.
Explain to me again why this is google's fault or problem?
Google isnt doing anything except saying "most people searching for 'Guy Hingston' also search for 'Guy Hingston bankruptcy'". This is a fact, and not one that google created or oversaw.
As far as I am aware the telling of true facts is constitutionally protected, and regardless its not even a human saying it, just some statistics-bot in the search engine.
Also, a manned e-mail address for general complaints and/or suggestions would help too. Currently, google is very hard to reach.
You know what the classic solution to "Company X has poor customer service" is?
Stop using their products.
Im just not clear where all of these rights keep coming from, it seems like a new one is invented every year. What gives me a right to be forgotten? Why dont others have a "right to remember"?
Google is letting people see what other people searched for. That information is indeed correct. People are then forming invalid conclusions (that if someone searches for X, X must be a fact), but Im not clear why that would be Google's fault.
I can see the concern, but I dont see any basis for pointing a finger at Google.
To be clear, the webserver is serving web pages just fine; its your browser / JS engine that is failing to interpret them properly.
Its not clear whether the US govt could MITM ssl (at least to me)-- DoD certs arent installed by default and Im not aware of any other gov't controlled root CAs that are generally installed by default.
If Im mistaken, would be interested to know specific root CAs they control.
I mean any basic network now uses switch over hubs now, So traffic is routed more cleanly to the host system with less spots for you packet sniff
Well, except for ARP poisoning, mirror ports, and in-line sniffers, sure.
Who actually reads data packets anyways nowadays?
You might be suprised. What do you suppose DPI is? You might be interested to know that even low-end firewalls like SonicWalls have a module for MITM-ing SSL on a network where you control cert installation. And rogue WiFi APs arent exactly rare.
And as for "who", I might start with "China, a lot of middle-eastern countries, and probably a couple of US 3 letter orgs under certain circumstances". This stuff isnt hypothetical.
I generally agree with your point-- that you cant just slap SSL on it and call it secure-- but you would be suprised how common packet inspection is.
AFAIK, the south had no constitutional basis for secession. You can argue the merits of their cause, but at the end of the day what they did was, from the perspective of the US Gov't, an illegal rebellion.
Might be wrong on this, but if so please provide sources.
Tablets 15 years ago were massively prone to breakage, had awful touch interfaces, had awful touch hardware, and were generally bad at everything they tried to be.
How many people have you seen with iPads and keyboards? What do you suppose those keyboards are for, if not "office-y" stuff? You dont think having the full MS Office available for surface (and built in by default) will have an effect here?