Slashdot Mirror


User: jklovanc

jklovanc's activity in the archive.

Stories
0
Comments
5,286
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,286

  1. Re:Inefficient on Aerovelo's Human-Powered Helicopter Wins $250,000 Sikorsky Prize · · Score: 1

    Because the rowing motion is much more efficient in the pull than the push. That would cause the energy input to vary greatly. over a longer period. A cycling mechanism is much higher frequency and, other that dead top and dead bottom, there relatively stable energy input.

  2. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    As I said: "white hat hackers" are one of the primary reasons we have security holes in the first place; their activities create the economic incentives for companies to release software with security holes in the first place.

    I guess you have never written a large system. Things get missed. It is your assumption that white hats create an incentive. You have no evidence toward that what so ever. It is my opinion that the security holes would be there with or without white hats and that white hats help the public by finding them..

    Why should a company bother spend lots of money to make my software secure if it can just release it and pay a fraction of what I would pay for quality control to cheap "white hat hackers",

    If there were too many simple security holes then people would move to other more secure software. Or the negligence lawsuits by companies broken into due bad software. Or the lawsuits by customers who's data is exposed due to security breaches. Maybe you should look into the liability issues surrounding security breaches. In one instance a company gave identity theft protection to everyone whose credit card information was exposed. It cost them hundreds of thousands of dollars.

    and at the same time be shielded from public humiliation by law?

    They would not be shielded if the white hat hackers are not glory hounds like Weev. You continually ignore the point that there would not have been a court case if Weev had stopped at a few hundred email addresses. Perhaps the uncovering a security hole and exploiting a security hole is to subtle for you.

  3. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    Either both "black hat" and "white hat" hackers should go to jail, or neither. The current situation is the worst of both worlds.

    This is your opinion. Again, you see the world as black or white which leads you to the prosecute everyone/prosecute no one extremes.There are actually three three options;
    1. Prosecute Everyone.
    That would lead to fewer security holes be found before being exploited by criminals.
    2. Prosecute no one.
    That would leave the door open for criminals to exploit vulnerabilities with no chance of conviction.
    3. Prosecute obvious black hat hackers.
    In my opinion this is a good compromise between the two other options. It would expose vulnerabilities while keeping consequences for criminal hacking.

  4. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    Selling medicine for a disease that you help spreading in the first place doesn't make you the good guys.

    Finding a disease that had yet to become an epidemic and pointing it out to the people who can cure it does make one a good guy. Finding a disease and infecting 114,000 people with it makes one a bad guy.

    So you're saying anybody who accesses a URL may be prosecuted?

    Read the law. You seem to conveniently ignore the word "unauthorized".

    It was legal and nobody complained about it. But there was a legal risk.

    Saying it was legal is not proof; it is an opinion. You have no proof that what you did was legal; you just didn't get caught.

    And that's why people like you shouldn't be involved in computer security: you have bad judgment.

    In by opinion, you have poor judgement in your opinion that a password is the only indicator of computer trespass. Opinions vary. In my opinion willfully exploiting a mistake to gain access to massive amounts of confidential data and publishing that data should be illegal. The courts have agreed.

  5. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    I think they're both ineffective at improving security, have dubious motives, and have no reputation that could be sullied.

    It seems that many companies disagree with you on this point. companies like Google pay bounties on zero day hacks reported to them. The only way these bounties can be received is to attempt to hack the software. You may see no difference between white hat and black hat hackers but I and many others do.

    Physical trespass is defined in terms of crossing a well-defined (usually marked) physical boundary. You are trying to define electronic trespass in terms of what people "know" instead of well-defined boundaries.

    The boundary you are looking for is the port that services the URL request. Just because it is not a physical boundary does not mean that the same principle does not apply. What people "know" goes towards what in legal terms is mens rea. Weev knew what he was doing was illegal and did it anyway.

    And I don't see why Weev should have known that;

    If he was a legitimate security researcher one would think he would at least read up on the laws surrounding unauthorized computer access and identity fraud. There is also a well known legal axiom that " ignorance of the law is not a defense".

    I and many others have "slammed" servers with hundreds of thousands of requests using sequentially generated numbers, and that has been legal. Harvesting of E-mail addresses from web pages is common and legal as well.

    Did those server you slammed belong to someone else? Did you have authorization to slam those computers? If the answers are no the count you lucky stars that you have not been prosecuted. Care to cite anything that states attempting slamming a server with " hundreds of thousands of requests using sequentially generated numbers" is legal? It could very well be seen as an attempt circumvent security.

    No, I merely want laws that are reasonably well-defined, as opposed to laws that are so vague that almost everybody is a criminal and enforcement becomes arbitrary.

    The phrase "reasonably well defined" is a subjective term; it means different things to different people. To me "reasonably well defined" means prosecuting someone who served up several million requests to gain access to 114,000 pieces of confidential information. What does it mean to you? If you can not define what it means to you the you have a weak argument.

    Enforcement of all laws is arbitrary. Do you think someone who breaks into a house to find medical supplies to treat an accident victim should be prosecuted for burglary? By the law they did break in and remove items without authorization. Where the judgement comes in is intent and mens rea. Weev intended to break the law for publicity. He got the publicity he wanted and a prison sentence he deserved.

  6. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    you both are apparently either too dumb or too unimaginative to do anything more interesting with computers than look for the PHP coding mistakes of retrained barristas.

    You just lost the argument when you resorted to an ad hominem attack. You have shown that your argument is weak and switched to attacking the person.

    I simply want clear, unambiguous lines for what constitutes criminal behavior, and that line should be drawn at the circumvention of access protections.

    Is entering a building through a door that someone forgot to lock, photocopying a bunch of confidential information and publishing it legal? No. The fact that the URL was not password protected is beside the point. Weev knew that obtaining the data the way he did was illegal.

    Accessing a public URL without a password should never be illegal, under any circumstances

    I agree to a point. Slamming a server with millions of requests over a number of days, collecting 114,000 email addresses and publishing them should be illegal. It seems that you want to world to be black and white. Sorry but it isn't that simple. Somewhere between inadvertently accessing a URL and trying millions of time is the line between legal and illegal. It is up to the courts to decide where that line is and in this case they decided that Weev's actions were illegal side of that line.

  7. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    What he "knew" shouldn't be relevant. What should be relevant is whether he had a contractual obligation to keep the data private or confidential.

    Weev had a legal obligation to keep the data provate of confidential. If Weev is a security researcher as he claims then he would know the laws surrounding computer intrusion and confidential information. He knew that obtaining, copying and publishing the information was illegal. He can't even try to hide behind "ignorance of the law". What is knew is very relevant. He knew the law, he knew what he was doing was against the law and he did it anyway. In legal terms it falls under intent. Weev indented to break the law and should have to deal with the legal consequences.

    There won't be when people like you are done.

    Legitimate researchers collect a sample just large enough to prove an issue. What Weev did was collect 1000 times the necessary sample and therefore went way over the line. If you can not see the difference then you have a big problem.

    That kind of reasoning, too, ends up with licensing requirements and restrictions on professions that should have none of that.

    I would consider the restrictions of not downloading 1000 time the data needed to prove an issue and not sending massive amounts of confidential information to news agencies as very reasonable; and it is the law so no licensing is required. Most legitimate security researches give the company a chance to fix an issue before going public. Weev didn't even do that.

    Weev seems to have been a jerk, but he isn't the problem; people like you are: people who are trying to protect the people who are responsible for exposing this kind of data in the first place.

    Is there anywhere I have said that AT&T should not be held accountable for the breach? I think there should be class action suit by all the people whose data was breached. That does not mean that what Weev did was OK? No. As the old saying goes "Two wrongs do not make a right".

    Weev is a glory hound who broke the law. It is people like you who try to protect black hat hackers that sully the name of true white hat hackers. Weev was not trying to be helpful; He was just trying to get his name in the press.

  8. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    If we adopted that, everybody constantly would have to second guess whether some piece of information might be confidential or not.

    The crux of the matter is the fact that Weev knew the information was confidential but published it anyway. It is not a grey area whether or not the information was confidential. There is a big difference between finding something on a sidewalk and brute forcing millions of ID possibilities at a server. Weev knew what he was doing was illegal and is not trying to hide behind legitimate security researchers. He could have done it the right way but he decided he wanted the publicity and did it the wrong way.

  9. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 2

    The URL contained the identifier for the phone. Weev fraudulently identified himself as the owner of a phone that was not actually his. He continued to extract information he knew he should not have and then published it. He did not have an obligation to notify the company but he did have an obligation to not send out copies of confidential information that he knew he shouldn't have in the first place. A white hat would notify the company. A black hat would publish the information. Weev did the latter and is therefore a black hat.

  10. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    Weev didn't even report the vulnerability to the company before going to the press. Weev also knows of many tech savvy journalists to report it His motivation was to do the most damage possible and get his name in the news. Fixing the issue was not even on his radar.

  11. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 2

    Untrue. All he had to do was show the URLs he used to get each address and how the URLs could be changed to get more data. The company would have been able to hit those URLs and confirm that is where the data came from. That would have made it clear that there was a big issue.

    He may have been able to get the email addresses from somewhere else but the evidence of the URLs is overwhelming.

  12. Re:Sorry on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    Actually the precedent is unclear as the judge stated that had Weev stopped at a few hundred email address he would not have been convicted. In fact it may be a precedent in the other direction as the data breach was very large in this case and, with the judge's comment, small data breaches may be protected as testing.

  13. Re:Authoritarian governments on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    Testing would be getting a few hundred addresses and informing the company of the issue. Weev did much more than that. He got over 114,000 email address over a number of days and sent copies to people he knew were not authorized to have that data. He crossed the line between white hat and black hat. Even the judge stated that had he stopped at a few hundred he would not have been convicted.

  14. Re:Sorry on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    Even if he was charged the judge said he would have benn found not guilty if he had stopped at a few hundred successes instead of 114,000 and publishing the results.

  15. Re:Sorry on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    Why do people stop at the initial act when describing what Weev did. Yes, he found a security hole. That is a laudable thing. He then repeated the attempt several hundred thousand time; succeeding over 114,000 times. He then sent the list to several insecure people and organizations. As the judge stated, had he stopped at a few hundred he would never have been convicted. He started out white hat but went far over the line into black hat when he attempted so many times and published the results.

  16. Re:LOL on Security Researchers Submit Brief For Andrew "Weev" Auernheimer · · Score: 1

    If Weev loses the appeal, the traffic on full-disclosure mailing list will drop a lot. If I discover a bug on Paypal website that allows anyone to access a third party's account, and I inform Paypal, I would be guilty.

    If I discover a bug on Paypal website that allows anyone to access a third party's account, succeeded over 114,000 times over a number of days, made the information public, and I inform Paypal,

    FTFY. The issue is not what he did but how many times he did it. The judge in the case even said that he would not have been convicted if he had stopped at a few hundred examples to prove the vulnerability. The volume of what he did crossed the line between white hat and black hat hacking.

  17. Re:I am still impressed on Solar Powered Plane Completes Cross-Country Flight · · Score: 1

    could not rely on ridge lift for most sections of the flight.

    Thermal work quite well too. Just find a dark patch of ground in the sun.

    The other issue is that they do not say whether or not the batteries are recharged by solar alone. Even if they did use the solar panels to recharge, waiting for that recharge is not very efficient.

    However, it is not, in fact, designed to be a sailplane

    It has all the hallmarks of a sailplane;
    long, high aspect ration wings,
    slim fuselage,
    minimal carrying capacity

    It is still a toy for rich kids.

  18. Re:Toy on Solar Powered Plane Completes Cross-Country Flight · · Score: 1

    Some call it pessimism some call it realism.

  19. Re:Over Night Flight on Solar Powered Plane Completes Cross-Country Flight · · Score: 1

    A person on a bicycle can hop across continental U.S. Just because someone spent the millions of dollars to do it does not make the feat special. The distance record for a glider is 2256.9km in one hop.

  20. Re:Toy on Solar Powered Plane Completes Cross-Country Flight · · Score: 1

    The contribution to this scam could be going toward valuable research that might actually change something. Wasting millions on a toy is still waste.

  21. Re:Toy on Solar Powered Plane Completes Cross-Country Flight · · Score: 1

    The point is that I can take a power glider around the world today. I find it difficult to call something that can already be done with old technology exploration. To me exploration is finding and doing new things. This is just expensive toys funded under the falsehood that it could never be done before. False advertising is still wrong.

  22. Re:Toy on Solar Powered Plane Completes Cross-Country Flight · · Score: 1

    It is over hyped as it is a relatively minor accomplishment already possible with thirty year old technology.
    When they make statement like the following they are lying;

    Theirs is the high-flying equivalent of the Tesla electric sports car.

    The Tesla electric sports car is a viable product usable by the average person that does something useful. Solar Impulse is none of those things and is therefore over hyped.

  23. Over Night Flight on Solar Powered Plane Completes Cross-Country Flight · · Score: 4, Interesting

    This article is about a night flight dine by Solar Impulse. Though they do not say it, I bet they started with 100% battery power. Here are a few interesting excerpts from the article.

    . He remained at this altitude until about noon, flying backwards and forwards along the Jura mountain chain.

    I am a glider pilot and this indicates that he is using ridge lift or mountain wave to stay alloft and/or gain altitude. Both are standard sailplane tactics.

    After 14 ½ hours of flying, at 9:30pm, André Borschberg switched off the solar generator

    Around midnight, the aircraft was at 4’500 feet, slightly less than 1’500 m, the altitude it needed to maintain until sunrise.

    At 5:46am, on July 8, HB-SIA became the first solar-powered airplane to successfully complete a night flight.

    By validating the fact that the HB-SIA had returned with a 54% charge level in its batteries,

    So the aircraft consumed 46% of it's charge in about 5 hours and 46 minutes. Night was about 8 hours long. So they have proven that under controlled conditions with a very long day and a very short night the aircraft can fly overnight. Considering the sailplane record is 56 hours 15 Minutes, I am not impressed. It is still a toy with no practical application.

  24. Toy on Solar Powered Plane Completes Cross-Country Flight · · Score: 5, Interesting

    It left Phoenix Arizona May 22, 2013 and arrived at JFK 46 days later with a straight line distance of 2200 miles . That would be 47 miles per day. Sure there were a few stopovers but that is a very low daily mileage. Even if they flew one day in ten that is still only 470 miles per day.
    I have a few questions for the makers of Solar Impulse;
    1. How long does it stay on the ground charging the solar cells?
    2. How often do they actually use the electric motor?
    3. What percentage of time are they utilizing natural lift such as thermals and ridge lift?

    I looked at their

    web site

    . It is a great PR site that give little or no technical information of the flight and how they are actually done. I would like to see the following;
    1. Altitude logs for the flights,
    2. Electric motor usage charts.
    3. Battery charge level charts,
    4. Exact track plots of the flights.
    I bet we would have a very different picture of Solar Impulse if they let this information was let out.

    It is my contention that Solar Impulse is a sailplane with enough electrical power to get to altitude and move between natural sources of lift. Conventional sailplanes can do almost everything that Solar Impulse does. The exception being taking off though there are some powered sailplanes that do that too.

    Lets do a speed test to find the limits of the technology rather than a leisurely promotion trip. I am not impressed.

  25. Re:Faraday cage on The Average Movie Theater Has Hundreds of Screens · · Score: 1

    There is no fundamental difference between the two.

    There is no fundamental difference as you see it. Whether or not there is a difference is an opinion and not a fact. Your opinion is different than mine and my opinion is just as valid as yours.

    Every single one thinks that what they do is OK and justified, but there are some OTHER people that do something that is unacceptable.

    That is demonstrably false as many people are embarrassed when caught doing something they know is unacceptable.

    The on-call thing is a red herring.

    My daughter worked shifts at a pharmacy. If someone called in sick she would get a call. If she didn't answer, they went to the next one. I was an on call ambulance driver. I would carry the pager for 4 days at a time. Should I not be able to go to a movie during those four days? You don't understand emergency services and how the callout systems work. On a simpler scenario, say someone leaves a child with a babysitter to go to a movie and there is a medical emergency. Should the parents be out of communication during the three hour movie?

    You are behaving exactly as the typical yob in a cinema. You won't accept your fault, and you'll just keep on justifying yourself. You confuse having the last word with being right.

    You are behaving exactly like the entitled youth of today who must have things their own way. You will not accept that other people have differing opinions and keep insisting on your desires. You are confusing being opinion with fact.

    The world is not as black and white as you seem to see it. Different people have different wants and needs and the best thing to do is compromise.