How does taking out a terrorist driving down the road with a bomb in the truck different then sniping them before they hit the switch? They have an illegal weapon and are in transport to activate it.
I agree that those suspected of terrorism have a right to a fair trial, but when it comes down to kill or be killed.. I advocate we be on the right end of the equation.
I think its fair to be able to criticize and praise companies for individual things they are doing or having done to them. SCO suing IBM is bad, but IBM trying to patent existing technology is bad too. What's so hard to see?
The variations I've heard is the person sends the difference back after the cashier's check "clears" but then nobody picks up the boat/motorcycle/car/etc that was originally being sold. So you just walk off with $500 or whatever teh difference was without ever showing your face.
1) What the hell is the state doing in the business of alcohol sales? Isn't that a monopoly on distribution? Government intervention = Big Mess.
2) Do these guys not have backups of the database?
3) I can understand the plight of those who sell the alcohol, since their businesses rely on this, but why is this a major catastrophe for those on the receiving end? Does this state have the highest alcoholics rate or something? Get a f'ing hobby people.
I wonder if this will start a "permanent postal address hosting" service genre like Hotmail did with E-mail.
You mean, like a PO Box? They have been providing that sort of service for a long time. My friend has had the same mailbox rental for 3 years, all the while he's lived in 4 different places.
Looks like the only people losing ground are their customers.
What they failed to mention on this article is that in addition to the $1.50 fee being added, they are also dropping the "Unlimited" plan by $5... Still works out cheaper, and it still works out cheaper than any of the top tier POTS providers.
Of course, all of this will be too much trouble (read expensive) for penny-pinching firms and it'll be 'business as usual' at those place (more 'horror stories' like this one). =/
Except that if you were paying attention, they were sent to someone who was responsible for destroying the data but hadn't. This "horror story" was because some idiot didn't do his job right. Human error was at fault, not penny pinching.
Considering it specifically says he altered data, $25k in "damages" is more than reasonable. They would not have had to hire people to audit their databases and other systems to check against modified/added/deleted records had it not been for this bozo pretending to be a hero.
The fact that he stole LexisNexis accounts and modified internal records just goes to prove that he was not doing this merely to help companies as so many hero worshippers keep repeating here on Slashdot.
It wasn't just breaking a law, it was damaging the credibilility of the NY Times internal records, racked up fees to fix his "graffiti" and cost them money in stolen accounts. I hope this guy goes to jail for a long time so he can think about how stupid he has acted. Stunts like this put real "hackers" in a bad light, and only further feeds the fire for scare tactics by the government to take away more freedoms of the law abiding citizens who work in the security field.
A friend of mine's father works for the railroad here in the US. High level position that oversee's all of the traffic throughout the east.
As I understand it, they use all sorts of radio networks and GPS systems to track where all the trains and cars are. They have advanced enough tracking that they know what locamotives are where, how many cars are hooked up to it, which track its on, and where its going.
While technology isn't going to stop someone from hitting a boulder, it can get information around and see who is near the area and avoid as much damage as possible. It is foolish to think we can protect ourselves from everything, but a step in the right direction is progress none the less.
Now, how the hell am I suppose to know whether or not this is a vulnerable system without running some exploit code on one of these services!? It seems like your understanding of "cracking" is much more academic than mine.
You aren't. It is not your system, not your responsibility. Knowing if it is secure or not is THEIR responsibility. Get the fuck out of other people's business.
Uh, he did that . . . that's how he got caught. Uh, no that's not what he did. He accessed as much information as he could to "verify" what was open. He got caught because he told them what he did. If commit a crime and then tell the cops you did it, it doesn't excuse it!
Yes, and the people believing that laws are protecting them from exploits through the Internet are complete morons. . . I agree with you there. These laws do not protect people from the exploits. A lot of people may falsely believe that they are "safe" because its illegal. But, what they DO say is that "yes its illegal". So when someone commits a crime, and yes what he did was a crime, they are liable for it.
Yeah, like capturing people who openly communicate their intentions is hard, and we can consider it "enforcing laws against crackers"?
Intentions are irrelevant in this case. He knowingly committed a crime. Period. End of story! It doesn't matter how hard or easy it was to catch on to what he was doing.
Like I said, he could have done the EXACT same thing outside the U.S. and been safe or just not informed the company and trashed their systems.
Are you aware that he committed a crime? Right? Remember? It doesn't matter where he did it from, it was still illegal. Just because he might be able to get away with it from outside the US, doesn't justify anything that you have said.
His crime was being in the U.S. and being nice enough to inform people about the vulnerabilities.
Oh you bleeding heart liberals sure do know how to move my heart! Do you really think that if you feed me so much bullshit after a long enough time I will think it tastes good?
After this incident, I doubt we will be hearing cases like this. People will just exclusively crack to destroy and admins won't know what hit them.
I hope that is the case. You'd think people might learn to keep their hands to themselves. Do you honestly think that white hat hackers are suddently going to go black hat because they can't commit crimes without getting away with it? If you think yes, then probably they aren't very white hat then, eh?
If he had been smart, he'd have incorporated and gone around offering security services. Walk in, say "I believe your network is insecure. Let's sign an NDA, and I'll perform a security audit." Vulnerabilities are fixed. He gets paid. Problem solved.
How is someone suppose to find out whether a system is crackable or not without trying to crack into it!?
First and foremost, it wasn't his place to do so. I believe this is the intent of the law and reason for arrest. His motives are irrelevant.
Secondly, and more to the point, he was scanning for vulnerable versions of software to allow access. Once he indentified vulnerable targets, he was not forced to access them. He could have walked away or alerted the responsible parties that they were running vulnerable software and potentially had holes in their system. Just because a system *is* hackable does not give other people permission to hack/crack into a system because they want to see if it is possible.
It is quite obvious that you are either a purely academic type or have never dealt with any sort of management or ownership level of a business. That sort of practice is not acceptable to a company, even if the company network is run by an admin who can't even tie his own shoe.
Look, Adrian Lamo knew exactly what he was doing. He continued to do so even though he knew it was illegal and likely to end in arrest. At best, that's pushing your luck. At worst, that shows intent and disregard for the law.
What I find is funny is that you go on and on about "unenforceable laws", but they ARE enforcing it! That's what you are pissed about!
First of all, what the hell is it with you and the chinese army??!?
I myself am not a drone, and not happy with the current state of US security, but what you seem to be proposing is complete anarchy, not any sort of security.
His motives are not on trial here, his actions are. There are ways to alert folks of problems with security without actively hacking them.
Yeah that is it. He should have moved to China and done his friendly exploits from there. That's the answer! OK!
Seriously, why do you think that because we have less legal course of action against someone on the other side of the globe that we should not enforce laws for people who live here? I do not get this logic, and only see it as a big excuse for people to break the law and feel good about themselves.
No, not all laws and punishments here in the US are just. As I said in the original post, I do hope that he is given some leniency because it does seem like he only had "good" intentions. Good intentions does not totally excuse him, however.
Are you saying that everything one does to break the law is bad and should be punished?
Of course not. I was only speaking about this particular case where he continually abused the practice. He could have just as easily gone in the front door and done the same thing with full consent as a "consultant". He actively searched for vulnerable companies, and accessed data which he should not have.
I equate that as the same as you breaking into my house and going through my belongings in order to replace the batteries in my smoke detector.
The law is an approximation of morality. It's that whole stealing bread to feed your starving children thing. Not wrong, but illegal.
Illegal, and wrong in that you took from the livelyhood of the baker and/or seller of the bread. Does that person not have the right to earn a decent living wage to feed his own family?
I'm not saying that this guy's reasons are as pure as that, but just because it is illegal doesn't mean it is wrong. If I loose my Windows CD but need to re-install my OS, is it wrong to use a pirated copy of the same version? It's illegal, but I'd say that it is most definitely not bad.
That has absolutely nothing to do with what this guy did. What he did was to identify and then exploit vulnerabilities to access private and confidential data. Just because the door was open does not mean he is allowed to walk through it.
If I jaywalk to stop a little kid from running into traffic, should I be fined? Uh, no, and once again you are missing the point.
He was violating the law. He did not have prior authorization when he hacked into these systems. While some companies may have been happy to be warned of the vulnerabilities they had, and were glad to have them fixed, what he did was still illegal. He should deserve to be arrested, but given his motives will hopefully be given some leniency when it comes to sentencing.
Conventional business wisdom might say that, but I tend to disagree. I've downloaded my fair share of MP3's, but I also continue to buy CD's. Being able to check out old favorites or find new ones is the beauty of "previewing" content on the internet. Watching Faulty Towers for free in a less broadcast quality isn't going to stop me from buying the DVD... in fact, it might just make me so excited about the show again that I run out and buy it immediately.
Slashdot Mirror
I thought about that too. If thats the case, it would be quite excellent.
Damn liberals! :)
How does taking out a terrorist driving down the road with a bomb in the truck different then sniping them before they hit the switch? They have an illegal weapon and are in transport to activate it.
I agree that those suspected of terrorism have a right to a fair trial, but when it comes down to kill or be killed.. I advocate we be on the right end of the equation.
I'm surprised they don't say anything on the news about it, with all the Elk Bear attacks during sporting events going on.
I think its fair to be able to criticize and praise companies for individual things they are doing or having done to them. SCO suing IBM is bad, but IBM trying to patent existing technology is bad too. What's so hard to see?
Well, with the shortage of work for lumberjacks and dog sled teams they've fallen on desperate times.
The variations I've heard is the person sends the difference back after the cashier's check "clears" but then nobody picks up the boat/motorcycle/car/etc that was originally being sold. So you just walk off with $500 or whatever teh difference was without ever showing your face.
1) What the hell is the state doing in the business of alcohol sales? Isn't that a monopoly on distribution? Government intervention = Big Mess.
2) Do these guys not have backups of the database?
3) I can understand the plight of those who sell the alcohol, since their businesses rely on this, but why is this a major catastrophe for those on the receiving end? Does this state have the highest alcoholics rate or something? Get a f'ing hobby people.
Nope, not a SAN...
Not RAID either..
it's SAID!
the standard blue papermate pens have been my all time favorite pens to write with, assuming you are using general quality paper.
Just because you apparently have no use for the service, doesn't explain anything.
I wonder if this will start a "permanent postal address hosting" service genre like Hotmail did with E-mail.
You mean, like a PO Box? They have been providing that sort of service for a long time. My friend has had the same mailbox rental for 3 years, all the while he's lived in 4 different places.
Looks like the only people losing ground are their customers.
What they failed to mention on this article is that in addition to the $1.50 fee being added, they are also dropping the "Unlimited" plan by $5... Still works out cheaper, and it still works out cheaper than any of the top tier POTS providers.
Of course, all of this will be too much trouble (read expensive) for penny-pinching firms and it'll be 'business as usual' at those place (more 'horror stories' like this one). =/
Except that if you were paying attention, they were sent to someone who was responsible for destroying the data but hadn't. This "horror story" was because some idiot didn't do his job right. Human error was at fault, not penny pinching.
Considering it specifically says he altered data, $25k in "damages" is more than reasonable. They would not have had to hire people to audit their databases and other systems to check against modified/added/deleted records had it not been for this bozo pretending to be a hero.
The fact that he stole LexisNexis accounts and modified internal records just goes to prove that he was not doing this merely to help companies as so many hero worshippers keep repeating here on Slashdot.
It wasn't just breaking a law, it was damaging the credibilility of the NY Times internal records, racked up fees to fix his "graffiti" and cost them money in stolen accounts. I hope this guy goes to jail for a long time so he can think about how stupid he has acted. Stunts like this put real "hackers" in a bad light, and only further feeds the fire for scare tactics by the government to take away more freedoms of the law abiding citizens who work in the security field.
I have to agree with you there... I don't see background checks and employment screenings as offensive considering the nature of their products.
A friend of mine's father works for the railroad here in the US. High level position that oversee's all of the traffic throughout the east.
As I understand it, they use all sorts of radio networks and GPS systems to track where all the trains and cars are. They have advanced enough tracking that they know what locamotives are where, how many cars are hooked up to it, which track its on, and where its going.
While technology isn't going to stop someone from hitting a boulder, it can get information around and see who is near the area and avoid as much damage as possible. It is foolish to think we can protect ourselves from everything, but a step in the right direction is progress none the less.
Now, how the hell am I suppose to know whether or not this is a vulnerable system without running some exploit code on one of these services!? It seems like your understanding of "cracking" is much more academic than mine.
You aren't. It is not your system, not your responsibility. Knowing if it is secure or not is THEIR responsibility. Get the fuck out of other people's business.
Uh, he did that . . . that's how he got caught.
Uh, no that's not what he did. He accessed as much information as he could to "verify" what was open. He got caught because he told them what he did. If commit a crime and then tell the cops you did it, it doesn't excuse it!
Yes, and the people believing that laws are protecting them from exploits through the Internet are complete morons. . .
I agree with you there. These laws do not protect people from the exploits. A lot of people may falsely believe that they are "safe" because its illegal. But, what they DO say is that "yes its illegal". So when someone commits a crime, and yes what he did was a crime, they are liable for it.
Yeah, like capturing people who openly communicate their intentions is hard, and we can consider it "enforcing laws against crackers"?
Intentions are irrelevant in this case. He knowingly committed a crime. Period. End of story! It doesn't matter how hard or easy it was to catch on to what he was doing.
Like I said, he could have done the EXACT same thing outside the U.S. and been safe or just not informed the company and trashed their systems.
Are you aware that he committed a crime? Right? Remember? It doesn't matter where he did it from, it was still illegal. Just because he might be able to get away with it from outside the US, doesn't justify anything that you have said.
His crime was being in the U.S. and being nice enough to inform people about the vulnerabilities.
Oh you bleeding heart liberals sure do know how to move my heart! Do you really think that if you feed me so much bullshit after a long enough time I will think it tastes good?
After this incident, I doubt we will be hearing cases like this. People will just exclusively crack to destroy and admins won't know what hit them.
I hope that is the case. You'd think people might learn to keep their hands to themselves. Do you honestly think that white hat hackers are suddently going to go black hat because they can't commit crimes without getting away with it? If you think yes, then probably they aren't very white hat then, eh?
If he had been smart, he'd have incorporated and gone around offering security services. Walk in, say "I believe your network is insecure. Let's sign an NDA, and I'll perform a security audit." Vulnerabilities are fixed. He gets paid. Problem solved.
How is someone suppose to find out whether a system is crackable or not without trying to crack into it!?
First and foremost, it wasn't his place to do so. I believe this is the intent of the law and reason for arrest. His motives are irrelevant.
Secondly, and more to the point, he was scanning for vulnerable versions of software to allow access. Once he indentified vulnerable targets, he was not forced to access them. He could have walked away or alerted the responsible parties that they were running vulnerable software and potentially had holes in their system. Just because a system *is* hackable does not give other people permission to hack/crack into a system because they want to see if it is possible.
It is quite obvious that you are either a purely academic type or have never dealt with any sort of management or ownership level of a business. That sort of practice is not acceptable to a company, even if the company network is run by an admin who can't even tie his own shoe.
Look, Adrian Lamo knew exactly what he was doing. He continued to do so even though he knew it was illegal and likely to end in arrest. At best, that's pushing your luck. At worst, that shows intent and disregard for the law.
What I find is funny is that you go on and on about "unenforceable laws", but they ARE enforcing it! That's what you are pissed about!
First of all, what the hell is it with you and the chinese army??!?
I myself am not a drone, and not happy with the current state of US security, but what you seem to be proposing is complete anarchy, not any sort of security.
His motives are not on trial here, his actions are. There are ways to alert folks of problems with security without actively hacking them.
So, I guess his crime was being in the U.S. . . .
Yeah that is it. He should have moved to China and done his friendly exploits from there. That's the answer! OK!
Seriously, why do you think that because we have less legal course of action against someone on the other side of the globe that we should not enforce laws for people who live here? I do not get this logic, and only see it as a big excuse for people to break the law and feel good about themselves.
No, not all laws and punishments here in the US are just. As I said in the original post, I do hope that he is given some leniency because it does seem like he only had "good" intentions. Good intentions does not totally excuse him, however.
Are you saying that everything one does to break the law is bad and should be punished?
Of course not. I was only speaking about this particular case where he continually abused the practice. He could have just as easily gone in the front door and done the same thing with full consent as a "consultant". He actively searched for vulnerable companies, and accessed data which he should not have.
I equate that as the same as you breaking into my house and going through my belongings in order to replace the batteries in my smoke detector.
The law is an approximation of morality. It's that whole stealing bread to feed your starving children thing. Not wrong, but illegal.
Illegal, and wrong in that you took from the livelyhood of the baker and/or seller of the bread. Does that person not have the right to earn a decent living wage to feed his own family?
I'm not saying that this guy's reasons are as pure as that, but just because it is illegal doesn't mean it is wrong. If I loose my Windows CD but need to re-install my OS, is it wrong to use a pirated copy of the same version? It's illegal, but I'd say that it is most definitely not bad.
That has absolutely nothing to do with what this guy did. What he did was to identify and then exploit vulnerabilities to access private and confidential data. Just because the door was open does not mean he is allowed to walk through it.
If I jaywalk to stop a little kid from running into traffic, should I be fined?
Uh, no, and once again you are missing the point.
He was violating the law. He did not have prior authorization when he hacked into these systems. While some companies may have been happy to be warned of the vulnerabilities they had, and were glad to have them fixed, what he did was still illegal. He should deserve to be arrested, but given his motives will hopefully be given some leniency when it comes to sentencing.
Conventional business wisdom might say that, but I tend to disagree. I've downloaded my fair share of MP3's, but I also continue to buy CD's. Being able to check out old favorites or find new ones is the beauty of "previewing" content on the internet. Watching Faulty Towers for free in a less broadcast quality isn't going to stop me from buying the DVD... in fact, it might just make me so excited about the show again that I run out and buy it immediately.
Now, I'm no scientist, but I thought all monkeys were DNA powered? Aren't we all?