Welcome to the AbsoluteWrite Water Cooler! Please read The Newbie Guide To Absolute Write

Page 2 of 2 FirstFirst 12
Results 26 to 32 of 32

Thread: Canadian student hacker expelled

  1. #26
    "Assume Good Intentions" SuperModerator Williebee's Avatar
    Join Date
    May 2007
    Location
    youtu.be/QRruBVFXjnY
    Posts
    19,175
    *nods* Like I said upthread, bring him in. Make him part of the solution.

    "There's a Voodoo Game on in the Crescent City. Pray for the Pawns."

    "Murder at the Beach" -- Anthony Award Nominated Anthology!

    Available now where all kinds of cool books are sold.
    Kobo Kindle Nook iBook
    More stories by Eldon Hughes -- "I Found A Knife"

    Read the Newbie Guide.

    "We are writers; we own our words. Please choose yours to add light and not just heat."

  2. #27
    figuring it all out merry_and_silver's Avatar
    Join Date
    Aug 2009
    Location
    Conocoto, Ecuador
    Posts
    94
    I guess what I don't understand about this story is that I thought the entire purpose of a network was to share information between computers. In other words, if you're in your lab working somewhere, and want to transfer information to another computer, in your advisor's office, or maybe to a professor that you had a conversation with earlier in the day, then you should be able to do it. Otherwise, why have a network? Everyone should just have their own separate I.P. address. Much safer.

    If you accept that the purpose of the network is to share information, and that this student was allowed to be on the network (I don't know; I'm assuming), then how was he supposed to find out where he could and couldn't go? A scan is the only way I know. I don't see how a scan in and of itself can be considered malicious. Again, I'm assuming. Maybe there are rules that say you can't do it. But even clicking on a publicly shared folder triggers a scan, doesn't it?

    OK, granted, many people won't know that they have left things open on the network. Yes, that's a big problem.

    But would the people who are prosecuting (or persecuting) this student, have qualms about harvesting unprotected information from student computers on the same network, even if it were clear (or probable) that the folders were left open unintentionally?
    "Oho!" said the fly on the chariot wheel. "What a dust we do raise!"

  3. #28
    "Assume Good Intentions" SuperModerator Williebee's Avatar
    Join Date
    May 2007
    Location
    youtu.be/QRruBVFXjnY
    Posts
    19,175
    But would the people who are prosecuting (or persecuting) this student, have qualms about harvesting unprotected information from student computers on the same network, even if it were clear (or probable) that the folders were left open unintentionally?
    I'd certainly hope so, but that would be subject to the school's AUP (Acceptable Usage Policy.)

    "There's a Voodoo Game on in the Crescent City. Pray for the Pawns."

    "Murder at the Beach" -- Anthony Award Nominated Anthology!

    Available now where all kinds of cool books are sold.
    Kobo Kindle Nook iBook
    More stories by Eldon Hughes -- "I Found A Knife"

    Read the Newbie Guide.

    "We are writers; we own our words. Please choose yours to add light and not just heat."

  4. #29
    Formerly Phantom of Krankor. AW Moderator Torgo's Avatar
    Join Date
    Apr 2005
    Location
    London, UK
    Posts
    7,634
    Quote Originally Posted by merry_and_silver View Post
    If you accept that the purpose of the network is to share information, and that this student was allowed to be on the network (I don't know; I'm assuming), then how was he supposed to find out where he could and couldn't go?
    That wasn't the situation, as far as I can see. This was an online service for viewing and managing your own personal student-related stuff. You're not supposed to be able to access records of other students etc. - the security hole the hacker pointed out allowed him to, in theory, get everyone's Social Security numbers. The system was supposed to be protected, but it had flaws.

    I don't see how a scan in and of itself can be considered malicious.
    The scanning tool he used was designed to be used on offline, archived copies of websites, not live ones, and apparently could have damaged the system.

  5. #30
    Formerly Phantom of Krankor. AW Moderator Torgo's Avatar
    Join Date
    Apr 2005
    Location
    London, UK
    Posts
    7,634
    So this morning, I read this, and am boiling mad about it.

    Behind that link you will find a 'statement of responsibility', penned by Andrew Auernheimer, otherwise known as 'weev'. Auernheimer was recently convicted of identity theft and cracking, and is awaiting sentencing. The letter is his court-mandated admission of culpability (but it probably isn't what the prosecutors would have expected him to write.)

    Briefly, weev discovered that AT&T had published the email addresses of everyone who had a 3G iPad with them. He took this information to a reporter at Gawker, including a sample of the addresses. When Gawker published an article on the vulnerability, including some redacted addresses, the FBI jumped all over weev with hob-nailed boots.

    The case bears some striking similarities with that of the late lamented Aaron Swartz. The information weev was convicted of illegally accessing was publicly accessible via AT&T's own API, just as Swartz's JSTOR dump was something he had free access to as a Harvard faculty member. In both cases prosecutors acted, in my opinion, out of all proportion to the offences. It is no exaggeration to say that Swartz was hounded to his death, and it looks like weev is being targeted in much the same way.

    (It's worth remembering the number of HSBC bankers who have been sent to jail for billions of dollars of money laundering on behalf of murderous drug cartels (0) or the number of CIA agents who have been sent to jail over government-sanctioned torture (1 - the guy who blew the whistle.))

    I bring this up here because we can debate whether these guys were naughty or not - weev went to the press, Swartz wanted to liberate the JSTOR data, Al-Khabaz acted pretty unwisely - but I don't think there's any debate about the completely disproportionate response in each case. No harm was done, but the reaction of the establishment to a clever young person pointing out what's wrong with their systems is nevertheless to try to crush them like an insect.

    These are the people who are going to build the next Google or Apple or Twitter, or they might be the people who find ways to engineer a better and safer society. If we don't manage to kill them or jail them first.

  6. #31
    It's a doggy dog world benbradley's Avatar
    Join Date
    Dec 2006
    Location
    Transcending Canines
    Posts
    20,329
    Quote Originally Posted by Torgo View Post
    So this morning, I read this, and am boiling mad about it.
    I wonder how much AT&T paid the FBI...
    Ello.
    NaNoWriMo 2014: Unknown.
    Tweets daily or so.

  7. #32
    Formerly Phantom of Krankor. AW Moderator Torgo's Avatar
    Join Date
    Apr 2005
    Location
    London, UK
    Posts
    7,634
    Quote Originally Posted by benbradley View Post
    I wonder how much AT&T paid the FBI...
    AT&T has a fairly inglorious recent history of colluding with the government in warrantless wiretapping, so the back-scratching probably goes both ways.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Custom Search