Calm down. It was a crime committed by juveniles, and they've been found guilty and been punished appropriately for juveniles. You venting youur aggressive feelings is of no use to anyone.
If slashdot was not that smart, then by your argument navigating to your account page would be illegal for me to do.
That's NOT my argument. Once again, weev didn't NAVIGATE to a page with email addresses on. He spoofed a request, pretending to be someone else. Then repeated it 114,000 times. Well actually, he probably did it far more times even than that, but he had 114,000 successes.
no one was spoofed. All he did was request URLs.
These are not contradictory things. His requests were spoofed. Why is that so hard for you to understand?
Actually I think I know. Slashdot is full of geeks. Geeks think hacking is clever. They can imagine themselves doing it. They may actually do it. And they don't want to see it as a crime. Even though in many cases, including this one, it is.
No, you only THINK it would make you happier. There are a hell of a lot of lottery winners who thought a few million would allow them to stop work and be happy. And many are very unhappy stories. The happiest of those lottery winners tend to be those that say they are going to carry on working, or say that its not going to affect their lifestyle. The ones that use a lot of the money for charitable purposes rather than spending it on themselves.
How many people die within a year or two of retirement? That's not just because of lack of exercise. It's also because of lack of purpose.
Doctors are at the top end of skilled workers. Rich people earn their money from capital. There's a vast chasm between the two.
Of course some doctors do transition from highly paid skilled workers into rich capitalists. But they are not rich simply because doctoring is highly paid.
That's something you made up on the spot. It certainly has no standing in law.
Requesting an URL with a specific user ID in the URL isn't "spoofing other people's identity". I'm not spoofing your identity when I visit slashdot.org/~BasilBrush, and weev wasn't spoofing anyones identity either.
slashdot.org/~BasilBrush is intended as a page about me, accessible by you and anyone else. However, my account information page, including my email address, is not accessible to you, unless you manage to spoof being me.
Yes, he absolutely knew he was spoofing someone else, and not simply accessing information he knew was intended for him.
Requesting URLs must be unequivocally legal, or the internet simply doesn't function.
Bullshit. Most people don't go around trying to find holes in security, and taking information they know isn;t meant for them by spoofing other people. This action is not required for the internet to function at all.
Hackers (in the gaining unauthorised access meaning) are needed by the internet to the same extent that shoplifters are needed by retail.
No, it's not what their parents taught them, it's that their parent's paid for an Ivy League education, which gives them access to the people they need.
If they come up with their own idea for a business they'll get the investment, without having to prove themselves first.
If they don't, they'll get their choice of executive positions at their parents business, or other businesses belonging to someone in the set.
And if they just want to live a life of golf courses and yachts, their parents will fund them to do just that.
It's called being born with a silver spoon in your mouth.
In addition to what you say, it also doesn't cover the most important wealth transfer. That of wealthy parents paying for a prestigious education for their offspring. And the advantage that gives in being in the right "set".
Money doesn't appear to bring addional happiness once a level of sufficiency is reached. That level is where the bank account stays in the black without you having to worry about it. Becoming rich enough that you don't have to work anymore, for example, won't make you happier.
The premise of the book seems to be that the ordinary working stiff can have a net worth (including his house) of a million bucks, by the time he retires. If he works hard, operates in a miserly fashion, and invests wisely.
First of all, it shows selection bias by not considering those that thought they were investing wisely, but happened upon a banking crisis for example. The book having been written in a bull market.
Secondly, the premise itself shows that, due to inflation, one million bucks isn't "rich" any more. Truly rich people are well out of the reach of aspirations of employees. Their wealth has been accumulated over generations.
A "millionaire" was being used in the 1920s as a word for a rich person. There's been an awful lot of inflation since then.
That's still sounding rather myth like. An administrative error in an account is an administrative error. It doesn't and to my knowledge never did entitle you to a windfall of actual cash that isn't yours.
There's lots of wishful thinking that it does, I'm sure.
The warehouse door at the back of a store is easily accessible by the dishonest member of the public. That does mean it's a public entrance, just because the store welcomes people in the front door.
The law doesn't concern technical measures of security on behalf of the owner of property. It concerns the actions and intents of those who do dishonest things. There is no doubt that spoofing other people's identities in order to get data you know you shouldn't have access to is dishonest. This case demonstrates it's also illegal.
And the criminal saying "but it wasn't locked" isn't a valid defence.
"Are you just HUNTING for stuff to argue with me about? Could it be that says something about you?"
It says that we have at least some overlap in the stories that interest us. If you look at both this and Saturday's North Korea story, you'll find that I made several messages to different people on each, and didn't start with responding to you.
It says something about you though. It says that you're a little susceptible to paranoia.
He went up to the reception desk and said "can I have the name and address of client 1000000000 please?" which they then gave him. He then said "and for client 1000000001 please?" which then then gave him. Etc.....
Almost. Actually, rather than the reception desk, he went behind the counter, and into one of the back offices and then...
There was no public display. Despite what lots of clueless people here are saying, this was a hacking exploit, that involved spoofing someone else's identity, using a non-published web-service. That's not public display.
No he spoofed other people's identities. So if you're using a bank giving out money as the analogy, then his part of it was forging bank cards or cheques.
I'd be happy with that analogy if the email addresses were listed in a web page that it was possible to navigate to. However, this involved spoofing the identity of each of the email addresses owners. That's not a simple looking to see what's there. That's an active fraud.
A better analogy: A bank has a web server that takes person's name and returns that person's SSN. A "hacker" sends your username and gets your SSN. He does that for several people from the phone directory.
Where several = 114,000.
Hacker goes to prison for the BANK'S FAULT of exposing SSNs.
Hacker goes to prison for his own crime. The bank may or may not have committed a crime in it's negligence. But it doesn't take away from the "hacker" crime.
I don't see a huge effort by Andrew to contact AT&T and say "uh, guys, you have a huge problem here".
Well he wouldn't, would he. He's a member of a bunch of internet trolls what used to plague this very site. They call themselves "Goatse Security", and were behind the persistently obnoxious "Gay Niggers of America Association". He had absolutely no intention of doing anything good here. His intention was clearly to create as much unpleasantness for as many other people as possible. That's their standard MO.
Well this time, the idiot fought the law, and the law won. Great result.
Calm down. It was a crime committed by juveniles, and they've been found guilty and been punished appropriately for juveniles. You venting youur aggressive feelings is of no use to anyone.
If slashdot was not that smart, then by your argument navigating to your account page would be illegal for me to do.
That's NOT my argument. Once again, weev didn't NAVIGATE to a page with email addresses on. He spoofed a request, pretending to be someone else. Then repeated it 114,000 times. Well actually, he probably did it far more times even than that, but he had 114,000 successes.
no one was spoofed. All he did was request URLs.
These are not contradictory things. His requests were spoofed. Why is that so hard for you to understand?
Actually I think I know. Slashdot is full of geeks. Geeks think hacking is clever. They can imagine themselves doing it. They may actually do it. And they don't want to see it as a crime. Even though in many cases, including this one, it is.
No, you only THINK it would make you happier. There are a hell of a lot of lottery winners who thought a few million would allow them to stop work and be happy. And many are very unhappy stories. The happiest of those lottery winners tend to be those that say they are going to carry on working, or say that its not going to affect their lifestyle. The ones that use a lot of the money for charitable purposes rather than spending it on themselves.
How many people die within a year or two of retirement? That's not just because of lack of exercise. It's also because of lack of purpose.
http://www.youtube.com/watch?v=LDbNEva9ZsM
Doctors are at the top end of skilled workers. Rich people earn their money from capital. There's a vast chasm between the two.
Of course some doctors do transition from highly paid skilled workers into rich capitalists. But they are not rich simply because doctoring is highly paid.
The internet works on default allow policy.
That's something you made up on the spot. It certainly has no standing in law.
Requesting an URL with a specific user ID in the URL isn't "spoofing other people's identity". I'm not spoofing your identity when I visit slashdot.org/~BasilBrush, and weev wasn't spoofing anyones identity either.
slashdot.org/~BasilBrush is intended as a page about me, accessible by you and anyone else. However, my account information page, including my email address, is not accessible to you, unless you manage to spoof being me.
Yes, he absolutely knew he was spoofing someone else, and not simply accessing information he knew was intended for him.
Requesting URLs must be unequivocally legal, or the internet simply doesn't function.
Bullshit. Most people don't go around trying to find holes in security, and taking information they know isn;t meant for them by spoofing other people. This action is not required for the internet to function at all.
Hackers (in the gaining unauthorised access meaning) are needed by the internet to the same extent that shoplifters are needed by retail.
Then what are you doing reading and responding to comments on Slashdot? You could be working!
No, it's not what their parents taught them, it's that their parent's paid for an Ivy League education, which gives them access to the people they need.
If they come up with their own idea for a business they'll get the investment, without having to prove themselves first.
If they don't, they'll get their choice of executive positions at their parents business, or other businesses belonging to someone in the set.
And if they just want to live a life of golf courses and yachts, their parents will fund them to do just that.
It's called being born with a silver spoon in your mouth.
Which is a bit alarming when you consider that most wealth is in the unearned, passed down category.
In addition to what you say, it also doesn't cover the most important wealth transfer. That of wealthy parents paying for a prestigious education for their offspring. And the advantage that gives in being in the right "set".
It's not false. The strongest predictor of wealth, is that the person's parents were wealthy.
The reason most people don't recognise this truth, though it's staring them in the face, is that it shows the "American dream" for the sham it is.
Money doesn't appear to bring addional happiness once a level of sufficiency is reached. That level is where the bank account stays in the black without you having to worry about it. Becoming rich enough that you don't have to work anymore, for example, won't make you happier.
But poverty can certainly make you unhappy.
The premise of the book seems to be that the ordinary working stiff can have a net worth (including his house) of a million bucks, by the time he retires. If he works hard, operates in a miserly fashion, and invests wisely.
First of all, it shows selection bias by not considering those that thought they were investing wisely, but happened upon a banking crisis for example. The book having been written in a bull market.
Secondly, the premise itself shows that, due to inflation, one million bucks isn't "rich" any more. Truly rich people are well out of the reach of aspirations of employees. Their wealth has been accumulated over generations.
A "millionaire" was being used in the 1920s as a word for a rich person. There's been an awful lot of inflation since then.
That's still sounding rather myth like. An administrative error in an account is an administrative error. It doesn't and to my knowledge never did entitle you to a windfall of actual cash that isn't yours.
There's lots of wishful thinking that it does, I'm sure.
The warehouse door at the back of a store is easily accessible by the dishonest member of the public. That does mean it's a public entrance, just because the store welcomes people in the front door.
The law doesn't concern technical measures of security on behalf of the owner of property. It concerns the actions and intents of those who do dishonest things. There is no doubt that spoofing other people's identities in order to get data you know you shouldn't have access to is dishonest. This case demonstrates it's also illegal.
And the criminal saying "but it wasn't locked" isn't a valid defence.
But it's the staff only door round the back that leads to the office where the filing cabinets are.
"Are you just HUNTING for stuff to argue with me about? Could it be that says something about you?"
It says that we have at least some overlap in the stories that interest us. If you look at both this and Saturday's North Korea story, you'll find that I made several messages to different people on each, and didn't start with responding to you.
It says something about you though. It says that you're a little susceptible to paranoia.
Sounds like a myth.
He went up to the reception desk and said "can I have the name and address of client 1000000000 please?" which they then gave him. He then said "and for client 1000000001 please?" which then then gave him. Etc.....
Almost. Actually, rather than the reception desk, he went behind the counter, and into one of the back offices and then...
There was no public display. Despite what lots of clueless people here are saying, this was a hacking exploit, that involved spoofing someone else's identity, using a non-published web-service. That's not public display.
While the activity is dubious and the perpetrator is obviously a Bad Man (TM), there is nothing illegal about calling and asking for information.
Unless you're a more qualified lawyer than those involved in this case, I'd say the evidence of his conviction is that it IS illegal.
No he spoofed other people's identities. So if you're using a bank giving out money as the analogy, then his part of it was forging bank cards or cheques.
I'd be happy with that analogy if the email addresses were listed in a web page that it was possible to navigate to. However, this involved spoofing the identity of each of the email addresses owners. That's not a simple looking to see what's there. That's an active fraud.
A better analogy: A bank has a web server that takes person's name and returns that person's SSN. A "hacker" sends your username and gets your SSN. He does that for several people from the phone directory.
Where several = 114,000.
Hacker goes to prison for the BANK'S FAULT of exposing SSNs.
Hacker goes to prison for his own crime. The bank may or may not have committed a crime in it's negligence. But it doesn't take away from the "hacker" crime.
I don't see a huge effort by Andrew to contact AT&T and say "uh, guys, you have a huge problem here".
Well he wouldn't, would he. He's a member of a bunch of internet trolls what used to plague this very site. They call themselves "Goatse Security", and were behind the persistently obnoxious "Gay Niggers of America Association". He had absolutely no intention of doing anything good here. His intention was clearly to create as much unpleasantness for as many other people as possible. That's their standard MO.
Well this time, the idiot fought the law, and the law won. Great result.
There was no mistaken entry here. He specifically spoofed GET requests to make it look like they were coming from the owner of the email address.
And he did it 114,000 times.