dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8
share rss forum feed

MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
kudos:5

1 edit
reply to Karl Bode

Re: Who Lives in a Web Site?

said by Karl Bode:

quote:
Your entire argument is flawed, even using your own analogy. As posted above, this isn't like Howard Forums took the stuff from the unlocked house. They simply let a user posted comment that "so and so left all of their stuff in the front yard" stand. Howard Forums has provided nothing but information, about a completely non-secured PUBLIC website. It's no different than me telling a friend that I observed a guy in a green shirt walking down the street.
We have a winner.
Maybe on Planet Karl. On Earth, you're ignoring the fact that the steps involve:

1) figuring out a deep URL to a file
2) downloading and looking at that file (which is not obviously a text file)
3) pulling more deep URLs out of that file
4) firing those URLs at the web site

To say this is like you just happened to notice something on the Internet (like you just happened to notice someone walking in a green shirt) is deeply disingenuous. Someone deliberately walked down this path to find something that was non-obvious before they found it. And that someone knew, for sure, that they were bypassing (admittedly poorly secured) authentication/authorization steps that the website owners had in place.

Once it was found, it is now obvious, to those that are even moderately skilled at computers and the Internet. It's also obvious that their security is just a tad less than bulletproof. That doesn't change the fact that you can't blame the victim because they didn't resist the attack very well.


Camelot One
Premium,MVM
join:2001-11-21
Greenwood, IN
kudos:2
said by MyDogHsFleas:

said by Karl Bode:

quote:
Your entire argument is flawed, even using your own analogy. As posted above, this isn't like Howard Forums took the stuff from the unlocked house. They simply let a user posted comment that "so and so left all of their stuff in the front yard" stand. Howard Forums has provided nothing but information, about a completely non-secured PUBLIC website. It's no different than me telling a friend that I observed a guy in a green shirt walking down the street.
We have a winner.
Maybe on Planet Karl. On Earth, you're ignoring the fact that the steps involve:

1) figuring out a deep URL to a file
2) downloading and looking at that file (which is not obviously a text file)
3) pulling more deep URLs out of that file
4) firing those URLs at the web site

To say this is like you just happened to notice something on the Internet (like you just happened to notice someone walking in a green shirt) is deeply disingenuous. Someone deliberately walked down this path to find something that was non-obvious before they found it. And that someone knew, for sure, that they were bypassing (admittedly poorly secured) authentication/authorization steps that the website owners had in place.

Once it was found, it is now obvious, to those that are even moderately skilled at computers and the Internet. It's also obvious that their security is just a tad less than bulletproof. That doesn't change the fact that you can't blame the victim because they didn't resist the attack very well.
I'm not arguing that they don't have a case against the person who posted it - which is what your arument is for. But the fact is, Howard Forums is being threatened under the DMCA for allowing a URL to a publicly available webpage. (yes, it's txt but still) Nothing more.

So to take my counter analogy to the proper level, it's like me saying "so and so left their stuff out in the PUBLIC street" There is absolutely no expectation of privacy when you publish something publicly to the web. The file isn't even in a password protected directory.
--
Intel Quad Core QX6700 @3500Mhz/Asus P5N32-E SLI/4x 1024Mb Corsair/Seagate 750.10/PNY 7800GTs SLI/Silverstone 850W/Custom water cooler

MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
kudos:5
said by Camelot One:

I'm not arguing that they don't have a case against the person who posted it - which is what your arument is for. But the fact is, Howard Forums is being threatened under the DMCA for allowing a URL to a publicly available webpage. (yes, it's txt but still) Nothing more.
Yeah, that is the fact. And the fact is, it's a valid threat, and Howard Forums is going to be forced to take it down. It's the way of the DMCA.

So to take my counter analogy to the proper level, it's like me saying "so and so left their stuff out in the PUBLIC street" There is absolutely no expectation of privacy when you publish something publicly to the web. The file isn't even in a password protected directory.
Forgetting who's got the right analogy... it's certainly true that anyone who knows anything about Web security would not have considered this site secure. But, read the DMCA and the cases that have been litigated under it. Easy-to-crack technical protection means is not a defense.


james1

join:2001-02-26
reply to MyDogHsFleas
said by MyDogHsFleas:

[...blah blah blah...][random analogy about stealing property][...blah blah blah...]
No, do you know what this is ACTUALLY like? This is ACTUALLY like some idiot who made a website with video streams on it that were accesible to the public, but they didn't mean to. And then they tried to shut down any website that pointed it out. That's what this is like.


Karl Bode
News Guy
join:2000-03-02
kudos:39

2 recommendations

reply to MyDogHsFleas
quote:
Maybe on Planet Karl.
Is that an insult? Here on "Planet Karl" we don't much like lame analogies used as a justification to stifle reasonable Internet discussion. Because even if the actual act being discussed is Illegal, discussing it is not.

I know. We're crazy. We also drink Drain-O and smoke big cigars.

rahvin112

join:2002-05-24
Sandy, UT
reply to MyDogHsFleas
This must me alternate earth/USA because here on the real Earth and in the real USA we have laws that protect journalists and more importantly speech. We also have safe harbor provisions that say that Howardforums is not responsible for content posted on their site by others. And the other important thing is it doesn't matter if they discovered a URL using a spider, or found it in config files. How the URL came to be known is irrelevant because it's freedom of speech to discuss URL's, even illegal access to them (otherwise things like the anarchists cookbook would be illegal). Just as it's not illegal to talk about killing someone or committing other crimes. Talking about anything is NOT illegal, only actions are illegal. Now maybe in your alternate reality speech and thoughts are illegal, but here in the real USA they AREN'T.

Now even if the Judge errored badly and assumed that talking about a lack of security is a breach of the digital security provisions of the DCMA (it's NOT) the Judge is required to pursue the path to the least effect on speech, and that means he would be obligated to tell the plaintiff that they need to implement access control on the URL like every one else.

But beyond even that, the owner of Howardforums isn't in the US. Jurisdictional issues are complex, just like the wikileaks case where the Judge was completely wrong to take the case this one brings up issues on whether the court even has the jurisdiction to hear the case.

Just remember, speech and thoughts aren't illegal, no mater how illegal the topic is, at least no in the US.

MyDogHsFleas
Premium
join:2007-08-15
Austin, TX
kudos:5
reply to Karl Bode
said by Karl Bode:

quote:
Maybe on Planet Karl.
Is that an insult? Here on "Planet Karl" we don't much like lame analogies used as a justification to stifle reasonable Internet discussion. Because even if the actual act being discussed is Illegal, discussing it is not.

I know. We're crazy. We also drink Drain-O and smoke big cigars.
Sorry if you took it as an insult, it was just my way of trying to say that I thought you were wrong and I thought that in reality I was right and that I would be proven so here on Earth. I guess we'll see.

The last thing I am trying to do is "stifle discussion". I have no idea where you got that from. This discussion is very active and no one seems the least shy about chiming in.

On the other hand, this is your site, not mine, and if you want to whack me with a ban stick, that's your right. I'll find somewhere else to interact.

This site's actually pretty good at not descending into flame wars or mindless me-too posts. People actually think about what they write. That's why I participate here. I often learn from these discussions even when it feels like I'm one against many. I appreciate that.

Plus your technical content is excellent. That's why I came here in the first place. I think I paid some actual $ too, to become a "premium member".

And, yeah, all analogies are lame, aren't they?