tag:blogger.com,1999:blog-37798047.post3000949273540691277..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: You are committing a crime right now David Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger80125tag:blogger.com,1999:blog-37798047.post-87375137298883250252020-12-30T19:45:12.252-05:002020-12-30T19:45:12.252-05:00This comment has been removed by a blog administrator.Rhodes Jackhttps://www.blogger.com/profile/10886093932880502137noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-80395910986744579642020-11-09T19:38:56.329-05:002020-11-09T19:38:56.329-05:00This comment has been removed by a blog administrator.felisha greenhttps://www.blogger.com/profile/04448582896725355815noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-44211353565426758632013-06-10T18:04:18.114-04:002013-06-10T18:04:18.114-04:00My spouse's company was embroiled in a civil l...My spouse's company was embroiled in a civil lawsuit where a user had entered arbitrary URLs and managed to insert bids into a purchasing system.<br /><br />Of course, he wasn't arrested or charged with hacking - it was a small company. Instead, he was suing to retain the purchases that he did outside of the bidding system!<br /><br />He violated both the letter of the law, the spirit of the law, the letter of the contract to purchase, and the spirit of the contract to purchase, and yet my spouse's company was stuck in the lawsuit for several years.Crissahttps://www.blogger.com/profile/13389565751169783614noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-342047054179707442013-03-21T19:26:48.274-04:002013-03-21T19:26:48.274-04:00So I'm commiting crime. Interesting.So I'm commiting crime. Interesting.Ivanhttp://www.bejzbol.net/noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-6204013148822661852013-03-18T17:13:53.591-04:002013-03-18T17:13:53.591-04:00I expect all laws / legal systems are ambiguous to...I expect all laws / legal systems are ambiguous to some degree. Our legal system, i.e. our courts, judges, prosecutors, jury, etc., in each instance has the latitude of being just or subservient to some corrupt but powerful influence. That is inevitable. <br />I doubt that it is possible for laws to be written so completely unambiguously as to ensure a single consistent interpretation. This implies that we have no option but to trust the system. After all, we (the people) built it. When it does not do what we intend it to do we can and should fix it.<br />I think the real question is: Do we, the majority of the public, trust the government? <br />That is a much harder question to deal with and it brings us into a domain that does not lend itself to computational precision. Too many variables, too many measurements, subjectivity is inevitable. <br />Given that caveat: My sense is that, generally speaking, the public is happy or at least has accepted the government as it is. At least they are unwilling to expend the effort necessary to make any changes they may want. Sure there is a minority (significant perhaps, vocal certainly, better informed –they would have you believe) that is dissenting. But that too is inevitable. There will never be universal agreement on such complex matters. <br />In short, although I personally worry about the possibility of court malfunction because of technical ignorance, or corporate influence, I've recognized this as the will of the majority. The people are the government. They are the courts. After all the government and the courts aren't aliens who have imposed themselves on us. They are us. It’s not ideal. Just the best deal out there. <br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-25041055759890211262013-03-18T16:30:25.405-04:002013-03-18T16:30:25.405-04:00Weev had malicious intent.
Nazis.Weev had malicious intent.<br /><br />Nazis.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-888492215474276942013-03-10T05:37:04.027-04:002013-03-10T05:37:04.027-04:00There's a good law review article on point- Pa...There's a good law review article on point- Paul Ohm's 'The Myth of the Super-User'.<br /><br />the CFAA was written broadly to prevent 'leet computer criminals from finding legal loopholes and escaping prosecution. Unfortunately, that also picks up a lot of of activities that we might not see as malicious. <br /><br />Claiming 'it's on the public internets' or 'your server let me see it' means authorized access is not how the law sees it. It'd be possible to restrict authorized access in a TOS document while permitting actual access, even without a password. <br /><br /><br />And it's possible to be a criminal without any malicious or fraudulent intent- look to 1030(a)(2)-<br /> <br />(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—<br />...<br />(C) information from any protected computer; <br /><br />And 'Protected Computer' is a broad term nowadays- look to 1030(e)(2)-<br /><br />(2) the term “protected computer” means a computer—<br />...<br />(B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; <br /><br />Anything with an IP address fits this definition. <br /><br />The CFAA was written with good intentions, in 1986. <br /><br />P.D. Rocketnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-85093058109663175762013-01-22T19:56:35.636-05:002013-01-22T19:56:35.636-05:00The "law" is whatever a judge or jury sa...The "law" is whatever a judge or jury says it is.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-67607580124856702122013-01-07T05:25:07.383-05:002013-01-07T05:25:07.383-05:00Interesting story. So I should prepare myself for ...Interesting story. So I should prepare myself for a jail.:)Ivanhttp://najnovijesportskevesti.comnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-84881441918476575942012-12-03T02:42:04.014-05:002012-12-03T02:42:04.014-05:00weev and pals on irc were logged discussing how be...weev and pals on irc were logged discussing how best to use this flaw to promote themselves, and how best to use it to damage AT&T. This shows intent. A different intent to that implied in the article.<br /><br />He wasn't trying to help anyone. He willingly caused damage. The nature of the flaw he used to access the data is hardly relevant. I know it sucks to be busted for the crime of incrementing a digit in a URL, but that's not all he did... to make that argument is disingenuous. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-9481839714420996842012-11-27T22:35:27.193-05:002012-11-27T22:35:27.193-05:00...followed J4vv4D over here from: http://www.yout......followed J4vv4D over here from: http://www.youtube.com/watch?v=SqkqpW6EvnM<br /><br />Excellent article, especially the point about the chilling effect on security researchers. What's more interesting is to see how it translates into chilling peer pressure in some of the comments.<br /><br />Also, those complaining about the wrong resolution... wrong answer. What it should read is "XXX" because you haven't approved the Java script to run in the first place! ;)PlagueHushnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-23390475714526358682012-11-27T17:51:11.025-05:002012-11-27T17:51:11.025-05:00I'm planning on hiring a security company from...I'm planning on hiring a <a href="http://www.unitedprotection.com/" rel="nofollow">security company from Calgary</a> to install some new monitors in my mothers house. She really needs medical watch.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-88718952049051954422012-11-26T18:40:22.215-05:002012-11-26T18:40:22.215-05:00You're wrong. The FBI doesn't just pursue...You're wrong. The FBI doesn't just pursue things on behalf of <i>just</i> the Fortune 500. They pursue things on behalf of pretty much any "legitimate" U.S. based business. But if you are a U.S. <i>individual</i> or a multi-national with headquarters elsewhere, as far as the FBI is concerned, you can go pound sand.<br /><br />P.S. I have a little trouble understanding why, at this late date, so many people are shocked (Shocked!) to learn that we live in a corporatocracy. I guess that most of you young wipper snappers were not alive to see the theatrical release of the movie "Network" way back in 1976. (Free hint: Things have not gotten better since then. Quite the opposite in fact.)<br /><br />P.P.S. Somebody please tell me if the guy who thinks that the law in these United States is "almost formal language" is a troll or just an imbecile. I have trouble telling the difference.rfgnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-87901739798642311922012-11-26T18:16:33.531-05:002012-11-26T18:16:33.531-05:00hahaha this is very interesting
guess i lost this ...hahaha this is very interesting<br />guess i lost this round xDKevii D. Veehttp://cashleap.net/noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-49974876376046898532012-11-25T22:59:03.698-05:002012-11-25T22:59:03.698-05:00"Everyone isn’t treated equally under law, so..."Everyone isn’t treated equally under law, some are treated more equally than others."<br />You can say that again ... <br />The ugly reality for consumers dealing with the eBafia/PreyPal complex ... <br />“Shill Bidding Fraud on eBay: Case Study #5” ... <br />http://bit.ly/N1nTlcPhilipCohenhttps://www.blogger.com/profile/15381456766288187978noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-79463735191712045832012-11-25T14:49:57.411-05:002012-11-25T14:49:57.411-05:00Thanks Ben.
My point is that under the original m...Thanks Ben.<br /><br />My point is that under the original meaning of the CFAA when "authorization" was always explicit, people intentionally clicked on links knowing they were authorized. So under the original 1986 reading of the law, we are all criminals.<br /><br />Of course, it doesn't work that way today, and we've got "implicit" authorization, so you aren't committing a crime according to the 2012 interpretation of "authorization".<br /><br />But "implicit" authorization is impossible to define. You say "defer to a lawyer" about articleId=31338, but here's the thing: your lawyer doesn't know either. Nobody does. Moreover, editing a URL isn't a rare occurrence that nobody does, it's a common thing that people do every day. It's lead to the state where it's impossible to know when you are breaking the law.<br />Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-75013473370209063292012-11-25T09:59:49.711-05:002012-11-25T09:59:49.711-05:00Riemann lover said...
I cannot agree on this point...Riemann lover said...<br />I cannot agree on this point of view. As grey hacker I no I have no authorization to enter, however I might just check if the door is open. Mr. Auernheimer went way to far, exposing sensitive data of users and putting a company in risk. Im sorry but tehre is no excuse and innocence on thatAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-80137607010545534552012-11-23T09:44:41.279-05:002012-11-23T09:44:41.279-05:00@ Marc Kushin
Thanks for that, paints a pretty awf...@ Marc Kushin<br />Thanks for that, paints a pretty awful picture.... Jesus I wonder why he wanted to get on the stand, probably his ego biting him again. I think a big thing people are missing here is while the crime itself is debate able, weev has been cruising for a brusing for years. Besides threatening synagogues, the collection of drugs and his smarter, better AND holier than thou attitude(cf his ipope venture) he just isn't easy to like, and honestly easy to despise. <br /><br />I still think what he did, what he actually dis not what he thought of doing or said should be legal, but its clearly not and its clear from his testimony and the chat logs he knew it was illegal.<br /><br />He litter ally refers to he retrieval of the data as "theft"<br /><br />Jesus christ way to nail yourself to the cross weev.ttjnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-37987530116116620852012-11-23T01:56:00.772-05:002012-11-23T01:56:00.772-05:00Cyber laws esspecially those concerning ip and sec...Cyber laws esspecially those concerning ip and security tend to be poorly written by people that don't fully understand techical aspects of the laws they put on the books. Its a shame but there really isn't much we can expect.Daniel Wozniakhttp://danielwozniak.orgnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-27762183919618654212012-11-22T21:43:13.522-05:002012-11-22T21:43:13.522-05:00THE MULTI-MILLIONAIRE is Kim Dotcom of Megaupload....THE MULTI-MILLIONAIRE is Kim Dotcom of Megaupload. YOU HAVE COMMITTED A CRIME and your IP address is logged. Expect a summons.<br />Read, the book THREE THOUSAND FELONIES A DAY.... wrong! - Three Felonies a Day.<br />THE LAW IS SET UP TO BE VAGUE, so that political insiders can prosecute anyone they want. FBI HOOVER is NOT gay and NOT allegedly strange and did NOT commit blackmail against political leaders. repeat NOT.<br />HERE ARE THE RULES: 1.)KILL THE MESSENGER. 2.)when in doubt, KILL THE MESSENGER's FAMILY and even those in the same software company.<br />3.)the EMPEROR HAS NO CLOTHES. THE INTERNET IS COMPLETELY SECURE. remember, "IGNORANCE is STRENGTH." 1984 is too old and nobody in USA remembers history. What in the heck is history???<br />4.)those who do not remember history - WILL REMAIN HAPPY - maybe condemned to repeat it.<br />5.)MANY USA POLITICIANS are GREAT ACTORS. For example, President Reagan. Some say he only a B grade. I think he is an A PLUS PLUS PLUS.<br />It appears he is a COMPLETE GENIUS IN PHYSICS, MATH AND COMPUTER SCIENCE. NOT JUST A GENIUS BUT A COMPLETE one for there is 1.)no such thing as global warning 2.)DUST BOWL, ecological disaster and the BP Oil spill in the gulf of mexico never caused any MAJOR CROP FAILURE in the food system.<br />3.)the USA infrastructure uses only a few computers and WINDOWS is very STRONG in security. That includes NUCLEAR POWER PLANTS near you, made by the same company that made the FUKUSHIMA Japan nuclear power plant.<br />4.)Telling the BIG BANKSTERS how to improve their operations is generally a somewhat allegedly questionable idea; just like talking friendly with the STATE POLICE TROOPER WHO IS LOOKING FOR DRUGS can sometimes lead to trouble.<br />So, you have long hair and look like a hippie? You got nothing to hide, right? Let me sniff around. Oh, so very sorry. We have to dismantle your car, but don't worry, you get it back in pieces. We KNOW YOU ALWAYS WANT TO COOPERATE, YOU CRIMINAL according to the law.<br />reddit.com/politicsAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-33150892345206232392012-11-22T11:16:03.433-05:002012-11-22T11:16:03.433-05:00Whatever happened to the idea of scienter?
If a c...Whatever happened to <a href="http://legal-dictionary.thefreedictionary.com/scienter" rel="nofollow">the idea of scienter</a>?<br /><br />If a company posts it, but doesn't want it known, isn't that the cyber equivalent of an attractive nuisance? Not the kid's fault he fell into the pool . . .Ed Darrellhttps://www.blogger.com/profile/10056539160596825210noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-48621873987031242482012-11-22T11:11:11.220-05:002012-11-22T11:11:11.220-05:00Good post. I only wanted to add, those vague laws ...Good post. I only wanted to add, those vague laws that have been passed where it was said "we will never use this law in a wrong or immoral way" have ALWAYS without fail been used that way. The patriot act is one of the most recent that has been abused in this fashion. It was stated that it will never be used against a citizen of the US but has never been used for anything but suppressing citizens. There are infinite examples of laws that have been written just vague enough so that some entity with a team of lawyers can use it against those without the resources to defend themselves.stillchiphttps://www.blogger.com/profile/01096424765296495128noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-83857895029186485602012-11-22T10:19:17.238-05:002012-11-22T10:19:17.238-05:00I only want to say... great post. I only want to say... great post. newloghttp://www.overflowedminds.netnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-26188079033664759902012-11-22T09:50:47.985-05:002012-11-22T09:50:47.985-05:00so many comments, so little wisdom.so many comments, so little wisdom.Russ Nelsonhttps://www.blogger.com/profile/17586083637805291834noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-24408806478156127742012-11-22T08:54:17.398-05:002012-11-22T08:54:17.398-05:00sehr guter Beitragsehr guter Beitraggutscheine zum ausdruckenhttp://gutscheinezumausdrucken.org/noreply@blogger.com