buyaclue
@comcast.net
 from:
TKJunkMail 
| The only good hacker is a dead hacker !
Obviously the hacker's intent was not good by publicly exposing a vulnerability. If his intentions were good all he had to do was confidentially contact the ISP and advise them that he illegally hacked their system... instead of telling folks how to hack the system. |
|
RayW
Premium
join:2001-09-01
Layton, UT
clubs:
 ·XMission
| Wiggle
"According to our investigation, the modem vulnerability did not exist prior to his accessing without permission and then publishing certain confidential passwords which were not otherwise available to Be* members," says BeThere Managing Director Dana Pressman.
I wonder if the password is the same on all units? If so, then I suspect that there is grounds for a lawsuit since anyone with that router can gain that information. If it is unique to each Router, then he does not have a leg to stand on. Granted backdoors are bad, but if it is a unique password then it falls under the AUP
--
I am not lost, I find myself every time. |
|
cableties
Premium
join:2005-01-27
 ·Verizon FIOS
| 21-year-old college student violated ...
That sums it up quite well.
[IMHO]
What do they teach in college nowadays? Not logic and responsibility.
A 15yr old I could see doing this...but come on. Serious lack of common sense...yes?  |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
 ·Comcast
| said by cableties :That sums it up quite well. [IMHO] What do they teach in college nowadays? Not logic and responsibility. A 15yr old I could see doing this...but come on. Serious lack of common sense...yes? And so-called security researchers are often nothing but publicity seeking hackers or workers for companies looking to sell their security services by advertising the holes they promise to plug.
--
--
My BLOG
My Web Page |
|
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs:
| Sue for weak security
I think if a system can be demonstrated to be hackable, then the people who designed the system need to recognise their fallibility and go back to the drawing board. Demonstrating a weakness in security should not, within itself, be a crime.
If someone points out the locks on my door can be picked, or a window on my house can be easily opened, but he doesn't actually break in, should (s)he go to jail for showing the weakness in my home security?
--
"Padre, nobody said war was fun now bowl!" - Sherman T Potter
»www.cafepress.com/maxolasersquad
»maxolasersquad.com/
»maxolasersquad.com/network/ My DSL Network Guide
»myspace.com/mlsquad |
|
BosstonesOwn
join:2002-12-15
Everett, MA
clubs: | reply to buyaclue
Re: The only good hacker is a dead hacker !
Taylor troll ! Ohh how we missed you.... |
|
BosstonesOwn
join:2002-12-15
Everett, MA
clubs: | reply to Maxo
Re: Sue for weak security
No! But with these people now a days prosecuting and reinterpreting laws who the hell knows what is and is not illegal.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" |
|
ROCINANTE 2112
Original Member 007
join:1999-06-29
Hartsdale, NY
clubs:
| reply to Maxo
More invalid analogies, but we should switch the focus to anyone's house rather than just your house. He could be charged with at least trespassing if he was not granted permission to attempt to pick the locks. This can escalate to criminal mischief if he damages your locks or window and that would lead to attempted burglary. He does not have to break in to be arrested. It would be difficult for him to prove his intentions since he did not ask for permission in the first place.
--
CRUNCH THIS! |
|
maartena
Stacked.
Premium
join:2002-05-10
Orange, CA
·RoadRunner Cable
| He already committed the crime...
This is the same as stealing something from a store, and then bringing it back 2 days later pointing out the security flaws of anti-theft system the shop has in place.
At that point he already committed the crime.
--
"Any society that would give up a little liberty to gain a little security will deserve neither and lose both" -
Benjamin Franklin, Founding Father. |
|
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs:
| reply to ROCINANTE 2112
Re: Sue for weak security
Considering the modem was at his house. If he damaged the modem I could see him being charged for the cost of modem, just like anyone else who damages the ISPs equipment.
I think my analogy stands. Like the guy who was arrested because he discovered the black marker on the CD would bypass the DRM, or holding down the shift key or turning off autorun. This is bypassing weak security but being charged like a criminal just because it was so damn easy.
--
"Padre, nobody said war was fun now bowl!" - Sherman T Potter
»www.cafepress.com/maxolasersquad
»maxolasersquad.com/
»maxolasersquad.com/network/ My DSL Network Guide
»myspace.com/mlsquad |
|
karlmarx
join:2006-09-18
iraq
·Fairpoint Communic..
| He committed no crime
The fact that the ISP used a single password for all their routers isn't his fault, he has EVERY right to publish it. Look at it this way, if only HIS router used the password, and he published it, do you think the ISP would care? Certainly not.
The fact that the ISP is too dumb to secure their own equipment isn't the users fault. At least in the US, he has EVERY RIGHT to publish an expose on the ISP's failure. And I would applaud him for doing so. This 'hack' forces the ISP to provide REAL security, instead of relying on a simple, clear text telnet password.
--
Stick it to the MAN. Support your local torrent sites. Proudly providing 100mb of upstream for all your TV, Movie, and MP3 needs. |
|
battleop
join:2005-09-28
00000
| But when the ISP spends the money to upgrade the routers who is going to be the first to bitch about any rate increases to cover these expenses? Not every ISP has the mega huge deep pockets that AT&T and Comcast enjoy. The guy was in the wrong.
If you want cheap free routers included with your service then you need to expect that the ISP is going to buy the cheapest router they can. |
|
jester121
Premium
join:2003-08-09
Lake Zurich, IL | reply to Maxo
Re: Sue for weak security
Wow, what a leap of logic....
(Except that we're not talking about criminal prosecution here, -- HE JUST GOT HIS INTERNET SERVICE SHUT OFF!!!) |
|
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs:
| said by jester121 :HE JUST GOT HIS INTERNET SERVICE SHUT OFF On that note, I do stand corrected. There was not any criminal prosecution. |
|
AJICQ499087
join:2001-12-01
Louisville, KY | reply to battleop
Re: He committed no crime
Hey, the kid has talent. The ISP should consider hiring the kid! 
--
low cost and fast speed is what customers want in broadband |
|
dwhayden
join:2000-12-23
Greenwood, IN
| Idiot Hacker
Many years ago I discovered a security backdoor to my ISPs remote access server where I had gained full rights over the system. I made the decision to call the ISP instead of telling everyone else how to hack it. They hooked me up with the head engineer, and we worked together to plug the hole. The ISP was very grateful for the information, and gave me a year free access.
This stupid hacker took a security vulnerability, and made it much worse by publishing the how-to with passwords. The ISP was well within its rights to terminate this idiot's service. Hopefully charges will be filed against him for hacking since it's so obvious his motivation was not to protect the ISP and its subs, but to gain recognition. |
|
RadioDoc
58ef2c0
Premium,ExMod 2000-03
join:2000-05-11 | reply to TKJunkMail
Re: 21-year-old college student violated ...
Well said. |
|
bigunk
Gort, Klattu Birada Nikto
join:2001-02-10
Santa Clarita, CA
·AT&T Yahoo
| reply to RayW
Re: Wiggle
said by RayW :"According to our investigation, the modem vulnerability did not exist prior to his accessing without permission and then publishing certain confidential passwords which were not otherwise available to Be* members," says BeThere Managing Director Dana Pressman. The vulnerability did not exist prior to....? Makes no sense. Pardon me if you think I am parsing words, but saying something didn't exist prior to it being accessed is a real head-in-the-sand approach to all this. In a warped kind way, he might have done them a favor. For all we know, he might have found the problem and told them but was dismissed by the almighty ISP techs. So he went public with the info to show there was indeed something that needed attention.
We have seen multiple instances of this behavior. If you will recall, there was that guy, Mike Lynn I think, who did that to Cisco. Cisco screamed bloody murder and subverted the legal process to get what they wanted.
What I am getting at is there are people with both good and bad intentions out there, and both should be listened to.
--
There is not a man in the country that can't make a living for himself and family. But he can't make a living for them AND his government, the way his government is living. What the government has got to do is live as cheap as the people.
- Will Rogers |
|
openbox9
join:2004-01-26
Alexandria, VA
·AT&T Southeast
| reply to dwhayden
Re: Idiot Hacker
said by dwhayden :I made the decision to call the ISP instead of telling everyone else how to hack it. This is generally the "socially accepted" avenue to taken by white hats and in general, better for the overall community than telling the whole world about the vulnerabilities. What this guy did is more black hat and he does deserve the consequences. Now if you had received little or no response from your ISP regarding the situation, the area becomes a little more grey, and usually you'll see the vulnerabilities published in an attempt to 'force' a response. |
|
gworkman7
join:2005-10-18
Vail, AZ | User: Admin
Pass: 1234
Not very secure, but that was how my ISP was shipping their modems a couple of years back. They were counting on self-installers to change the password when they got the modems. |
|
