A rape is just one person getting violated. This guy electronically violated the info of 114,000 people.
And just because some rapists might get off light, that doesn't mean that this guy's sentence was too harsh. I support the death penalty for rape, and I don't believe that this guy's sentence was too harsh.
Really.
You know, applying your own rules to yourself could help the planet.
He didn't pretend to be 114K people. He pretended to be 114K iPads. Not seeing how iPads have identities to be legally stollen as they are not people. As I said the moron at AT&T should be who gets the jail time. They exposed this information in the name of ease of use so customers wouldn't have to enter their email addresses.
Yes, I agree with that part. The "hacker" gets a massive sentence (that's life destroying, quite obviously), and AT&T, a big company making billions, gets off the hook even though THEY failed to protect their users?
That guy found a leak and publicized it, after warning the company and giving them time to solve it. Read the computer security certifications, and you'll find this is the correct behavior (along with numerous warnings that US law is dangerous and ends up favoring evil crackers, as it can put a white hat in prison). The consequence of that behavior, is that bad guys can operate for decades, because white hats are not going to publicize anything, and big companies can keep putting individuals at risk without the fear that their behavior is exposed by a white hat.
The reason why this guy is punished that hard is not because he "hacked people's info". It's because he threatened AT&T's brand name.
"I once read the internet speed is slowed down by ~30% because there is so much anti-virus, anti-spyware, etc., needed to protect us from goofballs like this. See you in 4 years....dude...." - Christopher126
This guy just released the public URL for an ATT page that had a list of all iPad cellular users email addresses to the media. That was his "crime." Google did the exact same crime by indexing the page. AT&T was being a dipshit by leaving that info public, and they eventually fixed it. He didn't do any harm to anyone.
I think that the people who're so happy sending that poor sod to prison would benefit from a few years behind bar themselves. Of course they'll deny it, but applying their rules to themselves, the FBI can ALWAYS find enough reason to put you behind bars... Nobody's perfect enough to live free
He didn't pretend to be 114K people. He pretended to be 114K iPads. Not seeing how iPads have identities to be legally stollen as they are not people. As I said the moron at AT
Yes, I agree with that part. The "hacker" gets a massive sentence (that's life destroying, quite obviously), and AT&T, a big company making billions, gets off the hook even though THEY failed to protect their users?
That guy found a leak and publicized it, after warning the company and giving them time to solve it. Read the computer security certifications, and you'll find this is the correct behavior (along with numerous warnings that US law is dangerous and ends up favoring evil crackers, as it can put a white hat in prison). The consequence of that behavior, is that bad guys can operate for decades, because white hats are not going to publicize anything, and big companies can keep putting individuals at risk without the fear that their behavior is exposed by a white hat.
The reason why this guy is punished that hard is not because he "hacked people's info". It's because he threatened AT&T's brand name.
So true about the laws and who they truly favor. This poor sap seems to have subpar intelligence with all of the loose cannon remarks he made. That certainly didn't help his cause. What pisses me off more than anything is that they nailed him for unauthorized access to AT&T's system. How in the hell do you get unauthorized access to a login screen? He sent the ICC-ID and got the email address back, but that was part of AT&T's scheme to pre-enter the users email address to make login easier. So he got nailed for unauthorized access to a login screen. Impersonating users (but wait, he impersonated iPads). Sigh... Shouldn't you have to actually get past the login screen in some manner to truly get unauthorized access? Perhaps even access to data that is not purposefully made available outside of access controls? It is certainly hard to come up with some sort of good definition on where the line should be drawn, but it should not include accessing data purposefully made available to anyone. The next generation Rick-Roll is going to be a link to exploit hole in someone's system and you will go to jail as your reward for clicking a link.
He didn't pretend to be 114K people. He pretended to be 114K iPads. Not seeing how iPads have identities to be legally stollen as they are not people. As I said the moron at AT&T should be who gets the jail time. They exposed this information in the name of ease of use so customers wouldn't have to enter their email addresses.
Your social security number is just a number on a paper card not a person. But if someone other than you use it it will be considered identity theft. The same thing here. The iPad ICC-ID is associated with iPads user.
Your social security number is just a number on a paper card not a person. But if someone other than you use it it will be considered identity theft. The same thing here. The iPad ICC-ID is associated with iPads user.
So is Harold Finch in trouble since he's given the SSNs?
He didn't pretend to be 114K people. He pretended to be 114K iPads. Not seeing how iPads have identities to be legally stollen as they are not people. As I said the moron at AT&T should be who gets the jail time. They exposed this information in the name of ease of use so customers wouldn't have to enter their email addresses.
Your social security number is just a number on a paper card not a person. But if someone other than you use it it will be considered identity theft. The same thing here. The iPad ICC-ID is associated with iPads user.
Your SSN is your account number issued to you by the United States Government. FWIW it is not supposed to be use as identification (I know, tell that to everyone that does). The ICC-ID is randomly selected by chance and does not directly identify a user. It was collected as associated with users when they signed up for wireless services for their iPads. At the time there were also quite a few ICC-IDs that AT&T (or anyone for that matter) did not know who owned them. Either way, providing the ICC-ID only got you a login screen with a pre-populated email address. That is right, a login screen that you actually still needed to enter a password for. The bar for criminal activity is a little too low IMHO if requesting a login screen gets you 41 months. It would be one thing if he was trying to hack the site and actually login as these people.
Basically what he did was like looking at AppleInsider users. You see your unique user ID and increment and see who is next. I'm glad that this isn't a login screen and is a public profile so that I won't go to jail for looking at publicly accessible information.
He discovered an open url that divulged customer information without any authentication. He collected proof. He told AT&T, the alleged victim, and gave them time to fix the problem before he told Gawker.
An actual criminal would not tell AT&T at all. A criminal would shed no light on the problem. Nor would a criminal pressure a company to start protecting your data.
It seems whistle blowing to me. He was convicted for unauthorized access to a computer, but there are millions of web servers you can access with the same lack of authorization. You probably did so today.
Your social security number is just a number on a paper card not a person. But if someone other than you use it it will be considered identity theft. The same thing here. The iPad ICC-ID is associated with iPads user.
"Uses". Listing it after a company fails to adequately protect it is already a very different ballgame. Worse, the big issue is that the "hacker" did NOT publish the list of users. AT&T did. He just repeated it under a different form.
I cannot understand why his lawyer did not get him off.
Comments
Quote:
Originally Posted by Apple ][
A rape is just one person getting violated. This guy electronically violated the info of 114,000 people.
And just because some rapists might get off light, that doesn't mean that this guy's sentence was too harsh. I support the death penalty for rape, and I don't believe that this guy's sentence was too harsh.
Really.
You know, applying your own rules to yourself could help the planet.
Quote:
Originally Posted by Phone-UI-Guy
He didn't pretend to be 114K people. He pretended to be 114K iPads. Not seeing how iPads have identities to be legally stollen as they are not people. As I said the moron at AT&T should be who gets the jail time. They exposed this information in the name of ease of use so customers wouldn't have to enter their email addresses.
Yes, I agree with that part. The "hacker" gets a massive sentence (that's life destroying, quite obviously), and AT&T, a big company making billions, gets off the hook even though THEY failed to protect their users?
That guy found a leak and publicized it, after warning the company and giving them time to solve it. Read the computer security certifications, and you'll find this is the correct behavior (along with numerous warnings that US law is dangerous and ends up favoring evil crackers, as it can put a white hat in prison). The consequence of that behavior, is that bad guys can operate for decades, because white hats are not going to publicize anything, and big companies can keep putting individuals at risk without the fear that their behavior is exposed by a white hat.
The reason why this guy is punished that hard is not because he "hacked people's info". It's because he threatened AT&T's brand name.
Quote:
Originally Posted by orbitly
"I once read the internet speed is slowed down by ~30% because there is so much anti-virus, anti-spyware, etc., needed to protect us from goofballs like this. See you in 4 years....dude...." - Christopher126
This guy just released the public URL for an ATT page that had a list of all iPad cellular users email addresses to the media. That was his "crime." Google did the exact same crime by indexing the page. AT&T was being a dipshit by leaving that info public, and they eventually fixed it. He didn't do any harm to anyone.
I think that the people who're so happy sending that poor sod to prison would benefit from a few years behind bar themselves. Of course they'll deny it, but applying their rules to themselves, the FBI can ALWAYS find enough reason to put you behind bars... Nobody's perfect enough to live free
So true about the laws and who they truly favor. This poor sap seems to have subpar intelligence with all of the loose cannon remarks he made. That certainly didn't help his cause. What pisses me off more than anything is that they nailed him for unauthorized access to AT&T's system. How in the hell do you get unauthorized access to a login screen? He sent the ICC-ID and got the email address back, but that was part of AT&T's scheme to pre-enter the users email address to make login easier. So he got nailed for unauthorized access to a login screen. Impersonating users (but wait, he impersonated iPads). Sigh... Shouldn't you have to actually get past the login screen in some manner to truly get unauthorized access? Perhaps even access to data that is not purposefully made available outside of access controls? It is certainly hard to come up with some sort of good definition on where the line should be drawn, but it should not include accessing data purposefully made available to anyone. The next generation Rick-Roll is going to be a link to exploit hole in someone's system and you will go to jail as your reward for clicking a link.
Your social security number is just a number on a paper card not a person. But if someone other than you use it it will be considered identity theft. The same thing here. The iPad ICC-ID is associated with iPads user.
So is Harold Finch in trouble since he's given the SSNs?
Quote:
Originally Posted by NasserAE
Quote:
Originally Posted by Phone-UI-Guy
He didn't pretend to be 114K people. He pretended to be 114K iPads. Not seeing how iPads have identities to be legally stollen as they are not people. As I said the moron at AT&T should be who gets the jail time. They exposed this information in the name of ease of use so customers wouldn't have to enter their email addresses.
Your social security number is just a number on a paper card not a person. But if someone other than you use it it will be considered identity theft. The same thing here. The iPad ICC-ID is associated with iPads user.
Your SSN is your account number issued to you by the United States Government. FWIW it is not supposed to be use as identification (I know, tell that to everyone that does). The ICC-ID is randomly selected by chance and does not directly identify a user. It was collected as associated with users when they signed up for wireless services for their iPads. At the time there were also quite a few ICC-IDs that AT&T (or anyone for that matter) did not know who owned them. Either way, providing the ICC-ID only got you a login screen with a pre-populated email address. That is right, a login screen that you actually still needed to enter a password for. The bar for criminal activity is a little too low IMHO if requesting a login screen gets you 41 months. It would be one thing if he was trying to hack the site and actually login as these people.
Basically what he did was like looking at AppleInsider users. You see your unique user ID and increment and see who is next. I'm glad that this isn't a login screen and is a public profile so that I won't go to jail for looking at publicly accessible information.
http://forums.appleinsider.com/u/28346/ is Phone-UI-Guy
http://forums.appleinsider.com/u/28347/ is wolumila765
It looks like this guy hacked AT&T and dumped their database. He simply asked them for the login screen for 114K devices, and never logged in.
An actual criminal would not tell AT&T at all. A criminal would shed no light on the problem. Nor would a criminal pressure a company to start protecting your data.
It seems whistle blowing to me. He was convicted for unauthorized access to a computer, but there are millions of web servers you can access with the same lack of authorization. You probably did so today.
Quote:
Originally Posted by Apple ][
Except for the fact that this is 2013, not 1975.
Your statement makes no sense. Don't get all butt hurt because e_veritas made a valid point.
Anyone else reminded of the movie "Hackers"? No? Just me?
Quote:
Originally Posted by NasserAE
Your social security number is just a number on a paper card not a person. But if someone other than you use it it will be considered identity theft. The same thing here. The iPad ICC-ID is associated with iPads user.
"Uses". Listing it after a company fails to adequately protect it is already a very different ballgame. Worse, the big issue is that the "hacker" did NOT publish the list of users. AT&T did. He just repeated it under a different form.
I cannot understand why his lawyer did not get him off.