Schwartz was clearly stealing, he was caught stealing, he tried to hide his stealing, and he caused actual damage to JSTOR services by overwhelming servers and to MIT staff and students by overwhelming the connection, then costing them the JSTOR services.
Everything he copied (FFS!) had already been paid for by your taxpayers. The only thing "stolen" was connectivity to get at it.
I think it was a brilliant hack. You think it was a travesty. I think $deity would be on Aaron's side, not yours.
In June of 2010 there was an AT&T webserver on the open Internet. There was an API on this server, a URL with a number at the end.
If I leave my house door unlocked and you enter my house and steal some of my stuff, is still considered burglary, despite me not having locked the door?
No. A web server hanging out there on the Internet is not like your unlocked front door. It's job is to serve all comers. If you didn't bother to tell it what and how to serve it, that's on you, not on the stumbling drunk who thought your front door was his home.
Being stupid, ignorant, or incompetent shouldn't get you a pass. Our job is not to consider you first. Your job is to take care of yourself first. Don't blame the unfortunate stumbling drunks for not following your rules. You should have made it impossible for him to succeed. You failed.
So what was the reason this guy who went to a reporter (not just published the list or sold it) prosecuted?
Egregious misconduct (in the eyes of the prosecutors)? "You can't make my Patron look like an incompetent fool and get away with it scot-free! I'll sue!"
... is the US really that different?
The US really is that different. Self-absorbed, ignorant, full of itself, blinkered, convinced of its inherent infallibility (because of "The Constitution!"), and screw you if you don't like it; "We'll sic Seal Team Six on you any time we damned well please, and you'll welcome the result!"
Can't someone bring a case against AT&T?
You'd think, but that's where the US really is different. Do you have the cash to buy enough lawyering to go up against AT&T and the US gov't?
Grabbing 114,000 bits of personally-identifying information...
There are people out there who think their email address is intimate personal information. What information did he actually grab?
Yeah, 114,000 is 113,999 more than he needed to make his case.
Randall [Schwartz] is a much [better?] example of that...
This is becoming a recurring theme. There's massive loose cannons rolling around on the decks out there, and if you're not watchful, they may squash you like a bug. If we geeks are falling prey to this !@#$, what's the mere mortals out there to do? Just stand there like deer in the headlights and take the hit?
Noticing what you can do with a misconfigured web server/URL is one thing. Apparently, they're annoyed that he looped it 114k times. I don't really see the point. That it can be done at all was the real problem. Then doing it another 113,999 times; so what? It just proves the point more times than was needed. Big deal.
Easiness of access doesn't mean that access is allowed.
Imagine you're a geek surfing the web. You stumble on this URL (maybe your Mom sent it to you), you look at the address bar, and something doesn't look right. You type something in to see what it would do. "Holy crap! That's *really* wrong!"
Now you're a criminal. That's insane. In what Universe does that scenario make even a lick of sense?
Oh and these sleazy DAs count each URL issued as a separate count of the 'crime' with a penalty of 5 years and $300,000 possible on each count of 'unauthorized access'.
Yeah. Imagine walking into a bank with a sticky note saying, "I have a weapon. Hand over the cash." They hand over three grand.
Is that three thousand counts of theft under $1500?
If you take a deal, you are admitting you are guilty (of a lesser offence) and thus you are not innocent. Therefore, 100% of people taking deals are guilty, by definition.
Ridiculous. If you take a deal, you want to avoid doing the time. That's all, and it's true for both guilty and falsely accused innocents. Plead guilty and get six months, or do the 35 years for the right to insist you're innocent? It's not a difficult choice.
Yes, most of us (excepting most Africans and Chinese) have Neanderthal genes in us.
Neither do Native Americans.
Guess what you white foks ARE! Neanderthals!
News for you: my family has a dirty little secret: we have NorthAm Aboriginal blood in us from sometime back. I'm proud to have it. My parents and grandparents, not so much so.
You dissing Neanderthals makes you look stupid, btw.
Informed consumers and competition can do that much better at a fraction of the cost.
Problem is "informed consumers" doesn't exist.
BS. We may be a minority, but not everyone's comfortable shopping at Walmart. There's a lot of dross in Earth's current human population nowadays, but that's all they are; they take up space which, happily, is space that I don't care about. They don't mean anything to me.
Even Google had to wait until there was a technological edge to join the internet provider market, because, quite simply, the natural monopoly...
Technological edge?!? No, they just understood that $the_other_guys weren't getting it done, producing an opportunity! The tech has been there for a long time now; practically ages in computing terms.
Google's not magic. They're just smart. "You drop the ball? Then I'll pick it up and run with it."
Google's not a supertanker. They run rings around cigarette boats. Your lips are moving, but you're not saying anything.
Everyone else (in North America) is stuck with whoever is there right now
Because... Government let them get away with cutting up the pie into fiefdoms. You still don't get how that works?!? Regulatory Capture?
[btw, I don't use Google in any way (I prefer IxQuick), so I have no sticks in this fire. HAND.:-)]
Keep in mind some companies, especially telecom companies are *huge*. They aren't cigarette boats, they are aircraft carriers.
The bigger they are, the harder they fall, yes? Kodak. Buggy-whip mfgrs,...
On the other hand, there's little means to fight against big corporations other than government regulation and public shaming. Ultimately, you need an involved populace to keep the balance, and fight corruption.
I disagree with the former (little means to fight), but wholly agree with the latter (involved populace).
You mentioned food safety. Go read about the Jungle...
Er, okay, if you'll now go read about the Canadian Wheat Board and its detractors.:-|
now you want another primitive vestige floating around the 21st Century neotek cultural lake? Why ? That hard-up for amuzement when Bantu pants-to-da-neez are always in plain view?
I'm sorry to see your genes make it into the 21st Century.
Slashdot Mirror
Is there any US-loving country besides UK?
Saudi Arabia, and Canada. And Israel, New Zealand, Australia, Indonesia, Russia, China, Japan, ...
In other words, yes.
"Shootin' Ourselves In The Foot (TM) USA."
You know what they say ("I wish I had mod points").
He published a how-to on downloading customer info from AT&T, rather than alert AT&T to the vulnerability.
So? "I am not my brother's keeper." Yes?
Shouldn't a megacorp like AT&T know what it's doing? If not, why not? They cheaped out on tech hiring, at the very least.
Schwartz was clearly stealing, he was caught stealing, he tried to hide his stealing, and he caused actual damage to JSTOR services by overwhelming servers and to MIT staff and students by overwhelming the connection, then costing them the JSTOR services.
Everything he copied (FFS!) had already been paid for by your taxpayers. The only thing "stolen" was connectivity to get at it.
I think it was a brilliant hack. You think it was a travesty. I think $deity would be on Aaron's side, not yours.
Precisely. And somewhere in there is the act that he should be prosecuted for.
Shouldn't we be going after imbeciles who put malconfigured web-servers online instead?
In June of 2010 there was an AT&T webserver on the open Internet. There was an API on this server, a URL with a number at the end.
If I leave my house door unlocked and you enter my house and steal some of my stuff, is still considered burglary, despite me not having locked the door?
No. A web server hanging out there on the Internet is not like your unlocked front door. It's job is to serve all comers. If you didn't bother to tell it what and how to serve it, that's on you, not on the stumbling drunk who thought your front door was his home.
Being stupid, ignorant, or incompetent shouldn't get you a pass. Our job is not to consider you first. Your job is to take care of yourself first. Don't blame the unfortunate stumbling drunks for not following your rules. You should have made it impossible for him to succeed. You failed.
So what was the reason this guy who went to a reporter (not just published the list or sold it) prosecuted?
Egregious misconduct (in the eyes of the prosecutors)? "You can't make my Patron look like an incompetent fool and get away with it scot-free! I'll sue!"
... is the US really that different?
The US really is that different. Self-absorbed, ignorant, full of itself, blinkered, convinced of its inherent infallibility (because of "The Constitution!"), and screw you if you don't like it; "We'll sic Seal Team Six on you any time we damned well please, and you'll welcome the result!"
Can't someone bring a case against AT&T?
You'd think, but that's where the US really is different. Do you have the cash to buy enough lawyering to go up against AT&T and the US gov't?
What is missing from this story?
You merely failed to follow the money.
Grabbing 114,000 bits of personally-identifying information ...
There are people out there who think their email address is intimate personal information. What information did he actually grab?
Yeah, 114,000 is 113,999 more than he needed to make his case.
Randall [Schwartz] is a much [better?] example of that ...
This is becoming a recurring theme. There's massive loose cannons rolling around on the decks out there, and if you're not watchful, they may squash you like a bug. If we geeks are falling prey to this !@#$, what's the mere mortals out there to do? Just stand there like deer in the headlights and take the hit?
In what way was his access malicious?
Noticing what you can do with a misconfigured web server/URL is one thing. Apparently, they're annoyed that he looped it 114k times. I don't really see the point. That it can be done at all was the real problem. Then doing it another 113,999 times; so what? It just proves the point more times than was needed. Big deal.
Easiness of access doesn't mean that access is allowed.
Imagine you're a geek surfing the web. You stumble on this URL (maybe your Mom sent it to you), you look at the address bar, and something doesn't look right. You type something in to see what it would do. "Holy crap! That's *really* wrong!"
Now you're a criminal. That's insane. In what Universe does that scenario make even a lick of sense?
Oh and these sleazy DAs count each URL issued as a separate count of the 'crime' with a penalty of 5 years and $300,000 possible on each count of 'unauthorized access'.
Yeah. Imagine walking into a bank with a sticky note saying, "I have a weapon. Hand over the cash." They hand over three grand.
Is that three thousand counts of theft under $1500?
If you take a deal, you are admitting you are guilty (of a lesser offence) and thus you are not innocent. Therefore, 100% of people taking deals are guilty, by definition.
Ridiculous. If you take a deal, you want to avoid doing the time. That's all, and it's true for both guilty and falsely accused innocents. Plead guilty and get six months, or do the 35 years for the right to insist you're innocent? It's not a difficult choice.
Depart not from the path which fate has assigned you.
/., wtf?!? There is so much stupid in that, I can't even begin to say where to start on it. It's Tuesday already. Don't do this to me on a Tuesday!
Jeebus.
None of these hacks will help impress anyone with your technical prowess; I'm just putting them here because they made my life easier.
I take it it's "Slow News Day."
I'm going back to bed. Zzzzzz ...
Nobody else watched "Decoding Neanderthals" on Nova?
That's what I was talking about. Great show. I wish more of you supported PBS.
I miss McNeill/Lehrer. :-|
Yes, most of us (excepting most Africans and Chinese) have Neanderthal genes in us.
Neither do Native Americans.
Guess what you white foks ARE! Neanderthals!
News for you: my family has a dirty little secret: we have NorthAm Aboriginal blood in us from sometime back. I'm proud to have it. My parents and grandparents, not so much so.
You dissing Neanderthals makes you look stupid, btw.
Informed consumers and competition can do that much better at a fraction of the cost.
Problem is "informed consumers" doesn't exist.
BS. We may be a minority, but not everyone's comfortable shopping at Walmart. There's a lot of dross in Earth's current human population nowadays, but that's all they are; they take up space which, happily, is space that I don't care about. They don't mean anything to me.
Even Google had to wait until there was a technological edge to join the internet provider market, because, quite simply, the natural monopoly ...
Technological edge?!? No, they just understood that $the_other_guys weren't getting it done, producing an opportunity! The tech has been there for a long time now; practically ages in computing terms.
Google's not magic. They're just smart. "You drop the ball? Then I'll pick it up and run with it."
Google's not a supertanker. They run rings around cigarette boats. Your lips are moving, but you're not saying anything.
Everyone else (in North America) is stuck with whoever is there right now
Because ... Government let them get away with cutting up the pie into fiefdoms. You still don't get how that works?!? Regulatory Capture?
[btw, I don't use Google in any way (I prefer IxQuick), so I have no sticks in this fire. HAND. :-)]
If I can $blah I can start a $yada!
Got an idea? Sell it to those who do have cash. Too tough for you? GET A JOB! BE AN EMPLOYEE! TRUST YOUR EMPLOYER TO BE A BENEVOLENT DICTATOR.
Really, this is reality. Pick your poison. It doesn't get better in this life.
However, there's also solid evidence that we ate them. So we fucked them and ate them, ...
And that distresses you?!? Go read about the Aztecs. We humans excel in debauchery as a species.
Huh? How do infer distress from my post? Actually, I find it funny!
Ah. You think rape and cannibalism funny. Interesting. :-|
Keep in mind some companies, especially telecom companies are *huge*. They aren't cigarette boats, they are aircraft carriers.
The bigger they are, the harder they fall, yes? Kodak. Buggy-whip mfgrs, ...
On the other hand, there's little means to fight against big corporations other than government regulation and public shaming. Ultimately, you need an involved populace to keep the balance, and fight corruption.
I disagree with the former (little means to fight), but wholly agree with the latter (involved populace).
You mentioned food safety. Go read about the Jungle ...
Er, okay, if you'll now go read about the Canadian Wheat Board and its detractors. :-|
You talk, yet you say nothing.
now you want another primitive vestige floating around the 21st Century neotek cultural lake? Why ? That hard-up for amuzement when Bantu pants-to-da-neez are always in plain view?
I'm sorry to see your genes make it into the 21st Century.
However, there's also solid evidence that we ate them. So we fucked them and ate them, ...
And that distresses you?!? Go read about the Aztecs. We humans excel in debauchery as a species.
Interbreeding and genocide aren't mutually exclusive.
Good point. Sadly.
It probably took centuries, if not millennia, to drive the Neanderthals to extinction.
I question the word "drive". They may have been going that way on their own regardless of us.
I welcome my Neanderthal genes. Hey, maybe they left with the porpoises when the hyperspace bypass came through? :-) fscking Vogons!