"I spent an hour walking around your house and found that you had the following unlocked doors... Please pay me $50 for one hour's work.
is a bill for professional services rendered."
A bill that the 'customer', in this case has no obligation to pay; no contract or sales agreement, you see. A respectable human / company would pay it anyway, despite the lack of obligation.
Yes, sorry. I thought it might be NZ, but I missed that part of the article. I know how sensitive kiwis are about being grouped in with those nasty aussies.
In TFA, he states that he wasn't aware it was illegal. Hey, funny that; he didn't intentionally commit a crime!
So, yeah. He intentionally probed a vulnerability, and reported his results, then asked for compensation. Stupid, businesswise, but a very reasonable way to go about things. It happens all the time in the software world, and there's a lot less money to protect there. You'd think a bank would welcome the info, and the suggestions on how to repair the issue.
You don't 'unintentionally' wash someone's windshield, either. But guess what: indications of a vulnerable system are about as easy to see as a dirty windscreen, if you're looking. No invasion necessary.
Now, quick question, when did I use the word 'unintentionally' in my post, as you seem to be implying?
"I would not have to pay him, but if my lawn needed it, and he asked a reasonable fee, I'd have paid him."
See, that's the difference between you and this bank. You, apparently, have respect for other people.
If I were an Australian, I would not use that bank; the proper course of action would be not to pay him, but to hire him. Good security auditors are hard to find (though, awful, by-the-book ones abound).
Pay attention. The term "Security Researcher" means "Hacker with authorization".
Meanwhile, he gave the info, THEN asked for money. That's not extortion. It's a stupid request, in that he's got no pull after he gives the info to the bank, but it's not extortion.
If I were the bank, I'd have either told him to shove it, or added him to my security auditing team. He in no way deserves to be paid for work he did without request, but he has proven skill, knowledge, experience and maturity in the way he went about it (aside from the asking for money bit - he should have known he wouldn't get a dime AFTER he gave them the info).
Backwards. The above is blackmail. This guy presented the info first, then asked to be paid. The bank went a little far prosecuting. I'd have just ignored his request for payment, and maybe offered a job in security auditing instead.
He committed no intentional crime. He was identified a security flaw, and provided this info to the bank before asking for money. Sure, it's a little like the guy who washes your windshield at a sopt light asking for money, but it's far from dishonest.
If the bank were a computer company with the present mindset, the bank would get to work on fixing the problem, and he'd have been ignored when he asked for cash, rather than prosecuted.
A lot of people feel this is an argument for anarchy, but I disagree.
Bad people never act in a socially responsible manner, so laws are irrelevant so far as they are concerned.
Good people, meanwhile, don't always act in a socially responsible manner. Sometimes convenience is paramount. Sometimes you have a bad day. Laws (should) exist as a way of disincentivizing socially irresponsible behavior. Hence the punishment fitting the crime.
The real horror is realizing that the good people ARE the bad people, when taken in different situations. This artificial divide between good people and bad is a construct that a sensible person will use to bring a gray system into sharp contrast, in order to bring about action. Hence, politics.
Meanwhile, the present legal state of affairs completely fails to achieve the disincentivizing effects on many fronts, particularly on the corporate level.
Feh. Doesn't stop non-corporate machines from breaking the DRM. It's a hardware module, so it has to communicate with software via DMA. Just write a shim driver to copy the decrypted stream. It's more vulnerable, if you can believe it, than doing it in software.
The only way to lock it down totally would be to make both the monitor's overlay and the sound card's output a black boxed system.
Meanwhile, if you've got an LCD out on your system, and an SPDIF connector, you can still pull a digital copy off the lines.
Best quote: 'Analysts say that "Viodentia" hasn't proved that Microsoft's DRM tools are fundamentally flawed... Any DRM out there is going to be cracked'
Sounds like it's not Microsoft's DRM tools that are flawed, but DRM itself.
"Heard the one about the plane which flies into the side of a building..."
I did. That one was hilarious ^_^
Honestly, if you can't laugh about it, you're doomed to whine about it for the rest of your life. Even jewish comedians make holocaust jokes, after all.
"Admittedly if I was into multimedia it may not be the greatest machine"
I had a 500MHz dell for a long while. It was great for watching BT-downloaded TV and listening to music.
For ref, right now I have a retrofitted DVD player with a 1GHz mini-itx and all slim components doing much the same job (Running a modified geexbox) - except I wrote a script to autolocate the most recent episode of the shows I like to watch (via bittorrent), and deletes them after 7 days from the last watching.
Not exactly a DVR, but not bad for someone who doesn't want to pay for some 84000 hours (24hr/dy * 7 dy/wk * 500 channels for digital cable or dish) of TV I won't be watching per week. I prefer to stick to the five or so I'm guaranteed to watch, and get the rest of my entertainment outside.
I dunno. Slax does pretty well in 200M of space. And its KDE isn't even stripped (aside from the obligatory 'strip' command. I believe a lot of it is also UPX compressed, many config and static files are run through zlib, etc.)
Slashdot Mirror
"I spent an hour walking around your house and found that you had the following unlocked doors... Please pay me $50 for one hour's work.
is a bill for professional services rendered."
A bill that the 'customer', in this case has no obligation to pay; no contract or sales agreement, you see. A respectable human / company would pay it anyway, despite the lack of obligation.
Yes, sorry. I thought it might be NZ, but I missed that part of the article. I know how sensitive kiwis are about being grouped in with those nasty aussies.
Never mind, found it.
In TFA, he states that he wasn't aware it was illegal. Hey, funny that; he didn't intentionally commit a crime!
So, yeah. He intentionally probed a vulnerability, and reported his results, then asked for compensation. Stupid, businesswise, but a very reasonable way to go about things. It happens all the time in the software world, and there's a lot less money to protect there. You'd think a bank would welcome the info, and the suggestions on how to repair the issue.
You don't 'unintentionally' wash someone's windshield, either. But guess what: indications of a vulnerable system are about as easy to see as a dirty windscreen, if you're looking. No invasion necessary.
Now, quick question, when did I use the word 'unintentionally' in my post, as you seem to be implying?
"I would not have to pay him, but if my lawn needed it, and he asked a reasonable fee, I'd have paid him."
See, that's the difference between you and this bank. You, apparently, have respect for other people.
If I were an Australian, I would not use that bank; the proper course of action would be not to pay him, but to hire him. Good security auditors are hard to find (though, awful, by-the-book ones abound).
"His background with fraud (though 10 years prior) sullies his reputation even further."
I dunno. Some of the best security experts are post-black-hat hackers.
Pay attention. The term "Security Researcher" means "Hacker with authorization".
Meanwhile, he gave the info, THEN asked for money. That's not extortion. It's a stupid request, in that he's got no pull after he gives the info to the bank, but it's not extortion.
If I were the bank, I'd have either told him to shove it, or added him to my security auditing team. He in no way deserves to be paid for work he did without request, but he has proven skill, knowledge, experience and maturity in the way he went about it (aside from the asking for money bit - he should have known he wouldn't get a dime AFTER he gave them the info).
Backwards. The above is blackmail. This guy presented the info first, then asked to be paid. The bank went a little far prosecuting. I'd have just ignored his request for payment, and maybe offered a job in security auditing instead.
He committed no intentional crime. He was identified a security flaw, and provided this info to the bank before asking for money. Sure, it's a little like the guy who washes your windshield at a sopt light asking for money, but it's far from dishonest.
If the bank were a computer company with the present mindset, the bank would get to work on fixing the problem, and he'd have been ignored when he asked for cash, rather than prosecuted.
Really?
Try http://www.windizupdate.com
Not exactly a competitor, but close.
Plato's quote there is quite correct.
A lot of people feel this is an argument for anarchy, but I disagree.
Bad people never act in a socially responsible manner, so laws are irrelevant so far as they are concerned.
Good people, meanwhile, don't always act in a socially responsible manner. Sometimes convenience is paramount. Sometimes you have a bad day. Laws (should) exist as a way of disincentivizing socially irresponsible behavior. Hence the punishment fitting the crime.
The real horror is realizing that the good people ARE the bad people, when taken in different situations. This artificial divide between good people and bad is a construct that a sensible person will use to bring a gray system into sharp contrast, in order to bring about action. Hence, politics.
Meanwhile, the present legal state of affairs completely fails to achieve the disincentivizing effects on many fronts, particularly on the corporate level.
It's a shame, really.
Feh. Doesn't stop non-corporate machines from breaking the DRM. It's a hardware module, so it has to communicate with software via DMA. Just write a shim driver to copy the decrypted stream. It's more vulnerable, if you can believe it, than doing it in software.
The only way to lock it down totally would be to make both the monitor's overlay and the sound card's output a black boxed system.
Meanwhile, if you've got an LCD out on your system, and an SPDIF connector, you can still pull a digital copy off the lines.
Best quote: ... Any DRM out there is going to be cracked'
'Analysts say that "Viodentia" hasn't proved that Microsoft's DRM tools are fundamentally flawed
Sounds like it's not Microsoft's DRM tools that are flawed, but DRM itself.
Well, duh, guys.
In other news, the US used the Izzard approach to diplomacy:
"Hey, guys, look. We've done the killing before, and I gotta say just chil-Chill out, all right?"
Its the pillars and the brickwork. Way too gaudy. The gargoyles are pretty bad, too.
I ask you to cease and desist use of the letter 'A', as I have had that trademark for over two years!
Gimme a fucking break.
We do.
"Heard the one about the plane which flies into the side of a building ..."
I did. That one was hilarious ^_^
Honestly, if you can't laugh about it, you're doomed to whine about it for the rest of your life. Even jewish comedians make holocaust jokes, after all.
Yeah, like the fat american stereotype.
Lemme give you a hint: everyone makes fun the the US. They rarely bitch. Why? They make fun of themselves.
Learn it.
"Admittedly if I was into multimedia it may not be the greatest machine"
I had a 500MHz dell for a long while. It was great for watching BT-downloaded TV and listening to music.
For ref, right now I have a retrofitted DVD player with a 1GHz mini-itx and all slim components doing much the same job (Running a modified geexbox) - except I wrote a script to autolocate the most recent episode of the shows I like to watch (via bittorrent), and deletes them after 7 days from the last watching.
Not exactly a DVR, but not bad for someone who doesn't want to pay for some 84000 hours (24hr/dy * 7 dy/wk * 500 channels for digital cable or dish) of TV I won't be watching per week. I prefer to stick to the five or so I'm guaranteed to watch, and get the rest of my entertainment outside.
I dunno. Slax does pretty well in 200M of space. And its KDE isn't even stripped (aside from the obligatory 'strip' command. I believe a lot of it is also UPX compressed, many config and static files are run through zlib, etc.)
"If you're wondering why some electrical items ... have ... 'WEEE' stamped on them, well, now you know."
Gee, and I just thought the engineers were having fun.
Nawww, really?
Besides, you'd be hard pressed to get PS working acceptably under linux anyway. But I'll bet the Gimp works.
And no, it won't run counterstrike. I'm sorry, but I'm afraid not everyone's a gamer, and those who are, aren't necessarily into multiplayer.
Finally, something other than a bad french joke. I mean, I'm not one to get bent out of shape about jokes, but it's nice to see a serious comment.
Mod parent up. Informative, if I'm not mistaken.
Do you even know how to take an obviously rediculous joke in good nature?
No. Apparently not. Par for the course on this new fangled intarweb.