He discovered a security weakness, went to 'the press' to publicize the failure of the company's security for customer information, and he is now being prosecuted for publicizing how to get customer information from someone else's servers?
Wow, that's shocking. Why didn't AT&T offer him a lifetime job with the company?
Oh yeah, because he choose to embarass the company and explain just how to get their customer information. He never tried to alert AT&T to the flaw, he wanted to be famous for finding it. Bad choice, especially when the law is on the side of the corporation, not the hacker that decides to publish a how-to guide to downloading customer info from AT&T servers...
No, he wanted to investigate what was going on inside Fannie Mae, but some people stopped him - and when it was later found out that they were cooking the books to inflate their bonuses, those who defended Fannie Mae acted surprised.
Bush wanted Congress to get rid of Social Security.
Bush opposed Federal regulation of electricity sales in the aftermath of the 2001 California electricity price runup.
Did you ever notice that the 2001 California price runup was limited to the state of California? The 49 other states had no problems - suggesting that California created their own problem, and the imapct of the problem was contained within the borders of California. Typically "national issues" impact more than one state - the need for federal regulation was not proven by California's inability to regulate their electricity/energy markets.
Bush greatly restricted federal funding of embryonic stem cell research.
He limited the creation of federal funding that includeed the creation of new "lines" for study, but left the private sctor free to invest their own money in such efforts - apparently the private sector never saw the huge potential embryonic stem cell research supports claimed was there.
I thought the idea was to get EVERYONE out to vote, fully discuss all ideas, vet all candidates, and then trust the people to make up their minds who should lead them...
Apparently, by keeping this code "closed source" the Democrats are conceeding that they fear they might not have the best ideas or candidates, and instead have to rely on telemarketing-type gimmicks to "get out the vote".
How would a whistle blower law cover this? He was feted for reporting the vulnerability, he was expelled for trying to exploit it two days later ("testing" someone else's security without their permisssion is an attack).
Imagine this defense - A bank robber goes in and tells the manager "a guy could come in here with a gun and rob you." The manager says they'll get right on fixing that. Then, two days later you take a gun, walk into the bank, and try and rob the bank. You plead with the cops, you were "just tesing to seet if they fixed the problem."
He coordinated with no one, he just decided to run a piece of scanner software against someone else's servers and got caught.
When his case was reviewed byhis college, despite no formal charges being brought against him he was expelled by a vote of 14 out 15 professors in his own department (where he was "acing all his classes").
I seriously suspect there is more to this story than is being reported... These professors that knew him voted him out of the school.
They confirmed it was him and called him on the phone within minutes.
He is lucky the software comapny didn't choose the prosecute (as they could have, under Canadian laws)... Then he'd be facing jail time/criminal record - instead he was kicked out of a college and lost (at most) a semester's worth of classes. He is suffering a setback, it could have been much worse.
Of course, making his "exploits" so easily google-able by future employers will have a lasting impact on his future career - I suspect for every employer who chooses to pity him there will be many times more that will never consider him for a job.
Aaron Swartz choose to knowing break many laws (trespass, etc.) to further his political aims. You can agree with his goals, but his crimes were real, he knew it, and he had repeatedly failed in his efforts to outsmart the police:
Aaron: "You can't prove that's my laptop!"
Police: "We found your fingerprints on the HD inside the laptop."
Aaron: "You can't prove I trespassed"
Police: "Here is a video of you inside the wiring closet at MIT"
Aaron: "But the research was funded by tax dollars, it should be free"
Police: "We aren't charging you with copyright violations..."
Also, Ed Tuftee didn't suffer from depression as (reportedly) Aaron did. I also find it hard to believe Ed Tuftee's "childish pranks" put such a massive load on the servers at the school he attended - Aaron's "pranks" imposed a load on the JSTOR servers that was 100x the normal load for the entirety of MIT.
He was expelled by 14 of 15 professors for returning to the website and running an attack against the known vulnerability two days after bringing it to thier attention.
He went from a clever kid that found a weakness and reported it to an apparent hacker who wanted to exploit a known vulnerability in just two days.
If he reported it and never ran the attack again, he'd still be in school - he didn't, and now he isn't.
By not co-ordinating his follow-up testing with anyone (the vendor, the school, etc.) he was caught exploiting a known weakness in the software.
He had no responsibility or right to attack the software a second time, call it "testing" if you like, he choose to attack the software using the exact same exploit he warned them about earlier.
It wasn't his job to "test" their fix.
14 out of 15 professors choose to expel this student - a student who claims to have been "acing all his classes" - there just might be more to the story than this student is sharing with the reporter...
No, you are wrong. He found the flaw, reported it, and was feted.
Two days later, he decided to check up on the progress of the fix - that second attack cost him dearly.
Had he instead called the software company, he may or may not have been told about the progress, instead, acting on his own and without any permission launched a cyber-attack against a now-known exploit. That convinced 14 of his department's professors to expel him.
Had he left well-enough alone, he'd still be in college, acing his exams annd be the clever kid that found a flaw in commercial software - instead he morphed into a student who tried to exploit a known flaw in the school's software.
He was feted for his first attack and the reveal - his re-attack of the software two days later is what sunk him. He decided to "track their progress" and when caught apologized profusely, indicating he knew/came to understand he did soemthign wrong. The company didn't press charges, fourteen of the fifteen professors in his department (where he "was acing all his classes") voted to expel him.
Did you actually read the article?
Of course not, the poor choice of headline was all you needed to bring up an anti-administration bias...
How "common" is this? How common is it for college students to find security flaws in the code that schools run, and to be expelled for uncovering it? That isn't even what happened here:
He was expelled for his "testing" of the breach after he told the administration and the software company about the security flaw.
Two days later, Mr. Al-Khabaz decided to run a software program called Acunetix, designed to test for vulnerabilities in websites, to ensure that the issues he and Mija had identified had been corrected. A few minutes later, the phone rang in the home he shares with his parents.
“It was Edouard Taza, the president of Skytech. He said that this was the second time they had seen me in their logs, and what I was doing was a cyber attack. I apologized, repeatedly, and explained that I was one of the people who discovered the vulnerability earlier that week and was just testing to make sure it was fixed. He told me that I could go to jail for six to twelve months for what I had just done and if I didn’t agree to meet with him and sign a non-disclosure agreement he was going to call the RCMP and have me arrested. So I signed the agreement.”
He was not expelled for finding the security flaw, he was expelled for running what was a well-intentioned "attack" on the software he identified the flaw in. If he had co-ordinated with the software vendor there would have been no issue. Of course, the only way you'd know that is by reading the linked-to article - I wonder why the headline author didn't do that?
You dont see scientists flying planes into building, commiting suicide bombings, mutilating women, bashing gay people
You may want to investigate what the 9/11 terrorists studied in school before they hijacked those planes.
"We examined the educational backgrounds of 75 terrorists behind some of the most significant recent terrorist attacks against Westerners. We found that a majority of them are college-educated, often in technical subjects like engineering."
You are, I assume, referring to the infamous Bush position that federal money would not be used for stem cell research? Bush simply witheld federal dollars for stem cell recearch on new stem cells, he did not limit study on pre-exisiting stem cells, nor did he prevent any private funding of stem cell research.
"Scientists' voices are crucial in the debates over the global challenges of climate change, nuclear proliferation and the potential creation of new and deadly pathogens. But unlike in the past, their voices aren't being heard.'"
Four years ago a candidate for President promised to "restore science to it's rightful place" - why hasn't it happened? He got elected (and re-elected) to office on that pormise (among others)?
He discovered a security weakness, went to 'the press' to publicize the failure of the company's security for customer information, and he is now being prosecuted for publicizing how to get customer information from someone else's servers?
Wow, that's shocking. Why didn't AT&T offer him a lifetime job with the company?
Oh yeah, because he choose to embarass the company and explain just how to get their customer information. He never tried to alert AT&T to the flaw, he wanted to be famous for finding it. Bad choice, especially when the law is on the side of the corporation, not the hacker that decides to publish a how-to guide to downloading customer info from AT&T servers...
No, he wanted to investigate what was going on inside Fannie Mae, but some people stopped him - and when it was later found out that they were cooking the books to inflate their bonuses, those who defended Fannie Mae acted surprised.
No, he wanted to offer people the choice to invest some of their Social Security payments in the stock market or other, more conventional investment vehicles (other than US Treasury debt)
Did you ever notice that the 2001 California price runup was limited to the state of California? The 49 other states had no problems - suggesting that California created their own problem, and the imapct of the problem was contained within the borders of California. Typically "national issues" impact more than one state - the need for federal regulation was not proven by California's inability to regulate their electricity/energy markets.
He limited the creation of federal funding that includeed the creation of new "lines" for study, but left the private sctor free to invest their own money in such efforts - apparently the private sector never saw the huge potential embryonic stem cell research supports claimed was there.
Yeah, 'cause they only got 48% of the vote... hardly anybody voted for them.
Uh, yeah - they would be completely baffled, unable to find a way to run anything other than Windows...
They would have no idea how to set up a *nix-based web server.
Darn! Foiled again by their choice of desktop platform!
2016 has already heated up - several MSM outlets were working on their 2016 shortlists after the 2012 elections.
I thought the idea was to get EVERYONE out to vote, fully discuss all ideas, vet all candidates, and then trust the people to make up their minds who should lead them...
Apparently, by keeping this code "closed source" the Democrats are conceeding that they fear they might not have the best ideas or candidates, and instead have to rely on telemarketing-type gimmicks to "get out the vote".
Maybe it would take them more than 48 hours to correct it, Why did it fal on him to follow-up on their fixing of the vulnerability?
How would a whistle blower law cover this? He was feted for reporting the vulnerability, he was expelled for trying to exploit it two days later ("testing" someone else's security without their permisssion is an attack).
Imagine this defense - A bank robber goes in and tells the manager "a guy could come in here with a gun and rob you." The manager says they'll get right on fixing that. Then, two days later you take a gun, walk into the bank, and try and rob the bank. You plead with the cops, you were "just tesing to seet if they fixed the problem."
Would whistle-blower laws cover that situation?
He waited two days.
He coordinated with no one, he just decided to run a piece of scanner software against someone else's servers and got caught.
When his case was reviewed byhis college, despite no formal charges being brought against him he was expelled by a vote of 14 out 15 professors in his own department (where he was "acing all his classes").
I seriously suspect there is more to this story than is being reported... These professors that knew him voted him out of the school.
They confirmed it was him and called him on the phone within minutes.
He is lucky the software comapny didn't choose the prosecute (as they could have, under Canadian laws)... Then he'd be facing jail time/criminal record - instead he was kicked out of a college and lost (at most) a semester's worth of classes. He is suffering a setback, it could have been much worse.
Of course, making his "exploits" so easily google-able by future employers will have a lasting impact on his future career - I suspect for every employer who chooses to pity him there will be many times more that will never consider him for a job.
Aaron Swartz choose to knowing break many laws (trespass, etc.) to further his political aims. You can agree with his goals, but his crimes were real, he knew it, and he had repeatedly failed in his efforts to outsmart the police:
Aaron: "You can't prove that's my laptop!"
Police: "We found your fingerprints on the HD inside the laptop."
Aaron: "You can't prove I trespassed"
Police: "Here is a video of you inside the wiring closet at MIT"
Aaron: "But the research was funded by tax dollars, it should be free"
Police: "We aren't charging you with copyright violations..."
Also, Ed Tuftee didn't suffer from depression as (reportedly) Aaron did. I also find it hard to believe Ed Tuftee's "childish pranks" put such a massive load on the servers at the school he attended - Aaron's "pranks" imposed a load on the JSTOR servers that was 100x the normal load for the entirety of MIT.
He was expelled by 14 of the 15 professors in his department where he was (we are lead to believe) "acing all his courses".
I stongly suspect there is more to this story than the student is himself revealing...
He was expelled by 14 of 15 professors for returning to the website and running an attack against the known vulnerability two days after bringing it to thier attention.
He went from a clever kid that found a weakness and reported it to an apparent hacker who wanted to exploit a known vulnerability in just two days.
If he reported it and never ran the attack again, he'd still be in school - he didn't, and now he isn't.
Exactly.
He erased all the considerable goodwill he earned by going back and re-attacking the reported weakness in their software...
By not co-ordinating his follow-up testing with anyone (the vendor, the school, etc.) he was caught exploiting a known weakness in the software.
He had no responsibility or right to attack the software a second time, call it "testing" if you like, he choose to attack the software using the exact same exploit he warned them about earlier.
It wasn't his job to "test" their fix.
14 out of 15 professors choose to expel this student - a student who claims to have been "acing all his classes" - there just might be more to the story than this student is sharing with the reporter...
No, you are wrong. He found the flaw, reported it, and was feted.
Two days later, he decided to check up on the progress of the fix - that second attack cost him dearly.
Had he instead called the software company, he may or may not have been told about the progress, instead, acting on his own and without any permission launched a cyber-attack against a now-known exploit. That convinced 14 of his department's professors to expel him.
Had he left well-enough alone, he'd still be in college, acing his exams annd be the clever kid that found a flaw in commercial software - instead he morphed into a student who tried to exploit a known flaw in the school's software.
Yeah, because being involved in a subsequent cyber attack will cause the school to realize the error of expelling him after his second cyber-attack.
He was feted for his first attack and the reveal - his re-attack of the software two days later is what sunk him. He decided to "track their progress" and when caught apologized profusely, indicating he knew/came to understand he did soemthign wrong. The company didn't press charges, fourteen of the fifteen professors in his department (where he "was acing all his classes") voted to expel him.
Did you actually read the article?
Of course not, the poor choice of headline was all you needed to bring up an anti-administration bias...
How "common" is this? How common is it for college students to find security flaws in the code that schools run, and to be expelled for uncovering it? That isn't even what happened here:
He was expelled for his "testing" of the breach after he told the administration and the software company about the security flaw.
He was not expelled for finding the security flaw, he was expelled for running what was a well-intentioned "attack" on the software he identified the flaw in. If he had co-ordinated with the software vendor there would have been no issue. Of course, the only way you'd know that is by reading the linked-to article - I wonder why the headline author didn't do that?
Poor people can succeed, rich people can fail academically - money alone doesn't "fix" anything in education, it just makes it look nicer.
You might want to go back and re-read the parent post:
Here in America teachers simply "correct" the answer forms to make sure their failure to educate the students goes unnoticed.
So if we factor out the poorer-performing students, America scores better?
That is amazing!
You may want to investigate what the 9/11 terrorists studied in school before they hijacked those planes.
Source: New York Times, The Madrassa Myth
You are, I assume, referring to the infamous Bush position that federal money would not be used for stem cell research? Bush simply witheld federal dollars for stem cell recearch on new stem cells, he did not limit study on pre-exisiting stem cells, nor did he prevent any private funding of stem cell research.
In fact, George W. Bush was the first President to provide ANY federal funding for stem cell research.
Four years ago a candidate for President promised to "restore science to it's rightful place" - why hasn't it happened? He got elected (and re-elected) to office on that pormise (among others)?