Re: [newtech-1] Andrew Aurenheimer facing jail time

From: Ross S.
Sent on: Monday, March 18, 2013 8:50 PM
That argument is like saying women deserve sexual assault because they're not physically stronger than a rapist.

A victim has civil recourse against a company for not protecting their information if it stolen by a criminal act, but the crime is the theft, not the vulnerability.

Perhaps there is a problem with the sentencing in this case, but in my eye there was clear malicious intent in writing an exploit to a programmers mistake.

Bottom line is that the hacker has first mover advantage and you can only make a case for negligence on the part of AT&T if they were informed of the vulnerability and chose not to fix it.

The crime here was the collection and dissemination of privileged information. Andrew made an active choice to rape a system whose code proved weaker than his, presumably to make an example of AT&T, so the irony of the judges decision to make one of him rings particularly humorous to me.

As business owners in the information space I'm pretty surprised that any members of this list would side with the violator in this case. Especially in such a public forum. It does not bode well for the protection of your users' information.

If a judge were to evaluate the ease of the violation as a right for this guy to systematically extract privileged information, a precedent would be set that would make it possible for hackers to blame exploits of any kind on their mischief.

Because taking advantage of weakness is easy. 



Ross P. Sclafani
Design | Technology | Creative
347.204.5714

On Mar 18, 2013, at 8:24 PM, rburton <[address removed]> wrote:

The real question I believe is, what laws should there be around what code can do?

If I were to say, define a web-service that isn't secure and upon calling it, would return social security numbers. Could I then press charges to anyone who calls that service?

It's only a vulnerability because the company did something very stupid and people are using it. I say that company should be held accountable.



On Mon, Mar 18, 2013 at 5:14 PM, Ross Sclafani <[address removed]> wrote:
Okay, you discover a vulnerability, why write an exploit script? I can understand not wanting to bother telling AT&T but his actions were to what end other than hacking a vulnerable system?

Ross P. Sclafani
Design | Technology | Creative
[masked]

On Mar 18, 2013, at 8:03 PM, rburton <[address removed]> wrote:

I'm with Dean on this.

There's a major problem with politicians and lawyers when it comes to technology. When they hear "Script", they hear "Hacking". Since they lack actual understanding of technology, their definitions are very misconstrued.

Apparently, you're better off murdering or raping someone than you are using technology. At least the courts are well versed in these cases.


On Mon, Mar 18, 2013 at 1:25 PM, Dean Collins <[address removed]> wrote:

Uhm are you kidding me, you’re saying because he wrote a “script” rather than using a browser (and I guess a pen and paper to write down the email address provided by the at&t server) this means in your mind he should go to “jail” for 10 years for “Hacking”.

 

How about we also arrest the coder who released such shoddy code for “Fraud” for cashing his paychecks while “Impersonating a programmer”.

 


Cheers,

Dean

 

From: [address removed] [mailto:[address removed]] On Behalf Of david wang
Sent: Monday, March 18,[masked]:15 PM
To: [address removed]
Subject: Re: [newtech-1] Andrew Aurenheimer facing jail time

 

After reading the article, it looks like this guy is in the wrong.  He wrote a script to find the emails, then emailed gawker instead of AT&T.  I'm sure if he emailed AT&T about it first, he wouldn't be in jail right now.

 

 

-d

 

On Mar 18, 2013, at 11:02 AM, Dean Collins <[address removed]> wrote:



How about sending the shitty coder who allowed this to happen to jail for a year and force AT&T to improve their standard so my data isnt at risk!!

 

 

<image001.png>

 

 


Cheers,

Dean


 





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Dean Collins ([address removed]) from NY Tech Meetup.
To learn more about Dean Collins, visit his/her member profile
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]

 





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by david wang ([address removed]) from NY Tech Meetup.
To learn more about david wang, visit his/her member profile
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Dean Collins ([address removed]) from NY Tech Meetup.
To learn more about Dean Collins, visit his/her member profile
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]



--
-Richard L. Burton III




--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by rburton ([address removed]) from NY Tech Meetup.
To learn more about rburton, visit his/her member profile
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]




--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Ross Sclafani ([address removed]) from NY Tech Meetup.
To learn more about Ross Sclafani, visit his/her member profile
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]



--
-Richard L. Burton III




--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by rburton ([address removed]) from NY Tech Meetup.
To learn more about rburton, visit his/her member profile
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy