Tell me more x
, there is a new speed test available. Give it a try, leave feedback!
dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer

Search Topic:
uniqs
14
share rss forum feed
« Really?
This is a sub-selection from Read and Inciteful Comment on Story


MooJohn

join:2005-12-18
Milledgeville, GA
kudos:1
Reviews:
·Windstream
reply to Wilsdom

He didn't *hack* anything

I agree -- he simply figured out that he could enter numbers and get the user that corresponded to it. At no time did he access any portion of the website not normally available to the public. He didn't use SQL injection or probe the site for existing vulnerabilities. He simply put some numbers into a box and hit SUBMIT! What mad l33t skillz!

The law about "unauthorized access" is too vague. The worst he did was violate their TOS and embarrass them for having made such a stupidly poor site. Oh, and don't forget he went to IRC to brag about it -- that's the double death!
--
John M - Cranky network guy

jc10098

join:2002-04-10

1 edit
I'm not denying there's a gray area here, but the actions following his exploit were what made them criminal. Instead of going to ATT, he bragged to friends and seemed intent on possibly harming ATT. None the less, he might win on appeal due to the vagueness of the law.

None the less, his actions were borderline criminal if not criminal. It doesn't matter if he used SQL ijection or script kiddy code. The end result was the same. Att had a flaw, with said individual exploiting the flaw.

Your argument is like a person leaving a possession on their front porch and then justifying the stealing of the item. Even if I leave money sitting out in plain site, it's still theft if you take it off my property. It doesn't matter if you are a career criminal or opportunistic. You've committed the same act of theft.


MooJohn

join:2005-12-18
Milledgeville, GA
kudos:1
Reviews:
·Windstream

He didn't *steal* anything either

No one was deprived of anything. He obtained a list of owners' email addresses -- oh the humanity!

If he tried to extort them or cause financial harm, charge him with that. To say his access was criminal simply because he typed things into the box that they didn't expect and it spit out information is ludicrous.

»imgs.xkcd.com/comics/exploits_of ··· _mom.png
--
John M - Cranky network guy

jc10098

join:2002-04-10
You literacy skills need a bit of fine tuning. HE DID talk about exploiting the email addresses. That's where the FBI came in.