|
In response, AT&T issued a statement todaytelling customers that because of the arrest, all AT&T consumers will be billed $5 more per month for future security.
"Consumers win when they pay more," says Dan Douchebag, AT&T rep. "We feel that consumers enjoy paying more to us knowing that we are thus upgrading their networks making it super-duper!" | |
|
| |
Augustus IIIIf Only Rome Could See Us Now.... join:2001-01-25 Gainesville, GA |
goatsesecurity. never gets old. goatse
after that is out of their way, these 2 are destined for a lifetime of job security. | |
|
| |
Minimoh
Anon
2011-Jan-18 12:38 pm
Re: goatseWhen these 2 go to prison, they will learn the true meaning of infiltration | |
|
| | Lazlow join:2006-08-07 Saint Louis, MO |
Lazlow
Member
2011-Jan-18 1:11 pm
Re: goatseHopefully these two will see minimal time(if any) in a minimal security facility. | |
|
| | | gigante Premium Member join:2000-06-30 Anchorage, AK |
gigante
Premium Member
2011-Jan-18 6:22 pm
Re: goatseMaybe in a federal pound-me-in-the-goatse prison. | |
|
| | | fiberguy2My views are my own. Premium Member join:2005-05-20 |
to Lazlow
said by Lazlow:Hopefully these two will see minimal time(if any) in a minimal security facility. I'd normally agree with you. These guys COULD have been doing the public a favor by exposing the "gaping hole" in at&t's system - and they did. However, where they went too far is by then contemplating on what to do with the data they stole.. ie: sell it for spam, etc. Now, the big question I have is, how much is at&t going to have to pay for THEIR negligence? Answer - nothing. This is a total shame. I'm not an "evil corporation" person one bit, however, at&t knew about this and chose to do nothing about it. | |
|
| | | | |
Re: goatseI'd say the pair went too far by stealing the data to begin with, rather than the contemplation... | |
|
|
Corrahn
Member
2011-Jan-18 11:51 am
NOUDamn the man. | |
|
FFH5 Premium Member join:2002-03-03 Tavistock NJ |
FFH5
Premium Member
2011-Jan-18 11:53 am
Hackers? White hat; black hat; others?Those who break in to computer systems tread on thin ice legally. Claiming good intentions(like the Goatse crew) doesn't carry much weight with those being violated.
Only White Hat hackers hired by the target companies to test security are on firm legal ground.
Those who do it on spec and look for rewards from the targets AFTER the attack, to me sounds more like shakedown artists than a legitimate company. And there are too many of these so-called security groups on the internet.
And, of course, the black hat hackers who are either rogue anarchists themselves or working for criminal organizations are the worst of the lot.
In any case, the Goatse hackers will get to try and prove they are really just rogue good guys with wonderful intentions in court. | |
|
| HarddriveProud American and Infidel since 1968. Premium Member join:2000-09-20 Fort Worth, TX
1 recommendation |
Harddrive
Premium Member
2011-Jan-18 12:22 pm
Re: Hackers? White hat; black hat; others?isn't that just stupid of them? kinda like this...
i got onto a secure Military base. went straight to the military police building and told them how bad their security is. why am i being arrested? i dialed into a health organization server maintenance line and telnet'ed over to some patients' information servers. i called them up and told them of the security flaw. why is the FBI knocking on my door?
doing something wrong to point out someones flaws will only get you in trouble. | |
|
| | Lazlow join:2006-08-07 Saint Louis, MO |
Lazlow
Member
2011-Jan-18 12:30 pm
Re: Hackers? White hat; black hat; others?The problem is that most organizations will not fix their security until they are embarrassed into doing so. ATT knew for months about this issue and choose to leave their customers exposed. Unfortunately this is the norm for most companies rather than an oddity. While I would not do what people like this do, I do see how it is in the public interest that someone does do it. Edit: The hackers response from back in June: » security.goatse.fr/a-res ··· s-letter | |
|
| | | HarddriveProud American and Infidel since 1968. Premium Member join:2000-09-20 Fort Worth, TX
1 recommendation |
Harddrive
Premium Member
2011-Jan-18 12:36 pm
Re: Hackers? White hat; black hat; others?maybe there should be some Government-based agency that these types of folks can go blow the whistle on corporate entities that fail to secure their networks. | |
|
| | | Lazlow join:2006-08-07 Saint Louis, MO |
Lazlow
Member
2011-Jan-18 1:14 pm
Since no one seems to want to bother to check the link:
"When we disclosed this, we did it as a service to our nation. We love America and the idea of the Russians or Chinese being able to subvert American infrastructure is a nightmare. We understand that good deeds many times go punished, and AT&T is trying to crucify us over this. The fact remains that there was not a hint of maliciousness in our disclosure. We disclosed only to a single journalist and destroyed the data afterward. We did the right thing, and I will stand by the actions of my team and protect the finder of this bug no matter what the cost." | |
|
| | | | FFH5 Premium Member join:2002-03-03 Tavistock NJ |
FFH5
Premium Member
2011-Jan-18 1:16 pm
Re: Hackers? White hat; black hat; others?said by Lazlow:Since no one seems to want to bother to check the link:
"When we disclosed this, we did it as a service to our nation. We love America and the idea of the Russians or Chinese being able to subvert American infrastructure is a nightmare. We understand that good deeds many times go punished, and AT&T is trying to crucify us over this. The fact remains that there was not a hint of maliciousness in our disclosure. We disclosed only to a single journalist and destroyed the data afterward. We did the right thing, and I will stand by the actions of my team and protect the finder of this bug no matter what the cost." And you take everything posted by a hacker at face value? Forgive me for my skepticism about their intentions. I guess a jury will get to determine the value of those claims. | |
|
| | | | | Lazlow join:2006-08-07 Saint Louis, MO |
Lazlow
Member
2011-Jan-18 1:56 pm
Re: Hackers? White hat; black hat; others?If they had bad intentions they would have done it in March. But instead they informed Apple and ATT. Apple fixed their end almost immediately. A couple of months later ATT had still done nothing. To prove how easily it could be done, they did it and showed it to a reporter. Now if they had wanted to do something bad would they have informed Apple and ATT in the first place or bothered to tell a reporter? No they would have just taken advantage of the information and kept their mouth shut. | |
|
| | | | | | dib22 join:2002-01-27 Kansas City, MO |
dib22
Member
2011-Jan-18 7:55 pm
Re: Hackers? White hat; black hat; others?said by Lazlow:A couple of months later ATT had still done nothing. How could they monetize it... that is the only way to get ATT to react to anything quickly. | |
|
| | | | | packetscan Premium Member join:2004-10-19 Bridgeport, CT |
to FFH5
said by FFH5:said by Lazlow:Since no one seems to want to bother to check the link:
"When we disclosed this, we did it as a service to our nation. We love America and the idea of the Russians or Chinese being able to subvert American infrastructure is a nightmare. We understand that good deeds many times go punished, and AT&T is trying to crucify us over this. The fact remains that there was not a hint of maliciousness in our disclosure. We disclosed only to a single journalist and destroyed the data afterward. We did the right thing, and I will stand by the actions of my team and protect the finder of this bug no matter what the cost." And you take everything posted by a hacker at face value? Forgive me for my skepticism about their intentions. I guess a jury will get to determine the value of those claims. "U.S. Attorney Paul Fishman said there was no evidence the two men used the information they acquired for criminal purposes." » online.wsj.com/article/S ··· 456.html | |
|
| | | | |
to Lazlow
Sure glad you accept the word of someone who violates the law and breaks into other people's, or company's property. A maximum sentence would be nice. | |
|
| | |
JasonOD to Harddrive
Anon
2011-Jan-18 12:43 pm
to Harddrive
There is a precedent for security researchers to publish flaws after notification and a waiting period and not being arrested, but breaking into or inadvertently crossing into restricted areas is always against the law. | |
|
| | | |
Re: Hackers? White hat; black hat; others?Hopefully, those two will get a vacation at a federal institution and develop a relation with a big guy named Bubba. | |
|
| | | | HarddriveProud American and Infidel since 1968. Premium Member join:2000-09-20 Fort Worth, TX |
Harddrive
Premium Member
2011-Jan-18 12:58 pm
Re: Hackers? White hat; black hat; others?lol. i'd love to see that happen.
Corrections Officer: 'so, why are you here?' Inmate 1: 'i slaughtered a family of five and then stole their BMW for 3 days.' Inmate 2: 'well i raped 10 women and was working on number 11 when they caught me.' Inmate 3: 'i was building a bomb to blow up my former employer's home.'
Corrections Officer: 'hey you.. Mr. Quiet, why are you here?' Inmate 4: 'i stole iPad email addresses from AT&T.'
after a considerable amount of silence... Corrections Officer: 'Well i guess it's time to assign cell mates.' Inmates 1, 2, & 3 all say at the same time, 'Do we get to pick?' | |
|
| | | | | |
Re: Hackers? White hat; black hat; others?said by Harddrive:lol. i'd love to see that happen.
Corrections Officer: 'hey you.. Mr. Quiet, why are you here?' Inmate 4: 'i stole iPad email addresses from AT&T.'
after a considerable amount of silence... Corrections Officer: 'Well i guess it's time to assign cell mates.' Inmates 1, 2, & 3 all say at the same time, 'Do we get to pick?' Corrections Officer: hey you, another there, why are you here? inmate 5: "I hacked into my cheating wife's email" » www.nydailynews.com/news ··· far.html | |
|
| | | | | | mikepdDiscovery Premium Member join:2000-10-26 New Port Richey, FL |
mikepd
Premium Member
2011-Jan-18 4:07 pm
Re: Hackers? White hat; black hat; others?[BQUOTE26_michigan_man_jailed_for_hacking_into_wifes_email_says_he_was_doing_it_for_welfar.html Reading other peoples mail is against federal law regardless if the lsw is actually enforced. The fact that a prosecutor decides to go after someone is their bad break.
»wiki.answers.com/Q/Is_op ··· _a_crime | |
|
| | | | | | | dib22 join:2002-01-27 Kansas City, MO |
dib22
Member
2011-Jan-19 5:55 am
Re: Hackers? White hat; black hat; others?They didn't read it... they discovered a seriously bad security model that att was using on a server to tie peoples email addresses with their ipad sim card (if i remember the original information about this correctly).
The news keeps saying they 'hacked their email' when in fact I am not sure they even 'hacked' anything...they sent a request to an att server, that is on the internet, and it gave them an address back. | |
|
| | | Lazlow join:2006-08-07 Saint Louis, MO |
to JasonOD
Which if you had read the posted link, you would know had already been done. While I agree it was against the law, I think what they did was in the public interest.
As far as I have seen all they asked of ATT was for them to fix the flaw(in reference to the blackmail statement elsewhere). | |
|
| | SimbaSevenI Void Warranties join:2003-03-24 Billings, MT ·StarLink
|
to Harddrive
said by Harddrive:i got onto a secure Military base. went straight to the military police building and told them how bad their security is. why am i being arrested? i dialed into a health organization server maintenance line and telnet'ed over to some patients' information servers. i called them up and told them of the security flaw. why is the FBI knocking on my door?
doing something wrong to point out someones flaws will only get you in trouble. Not really. Sure, he'll be questioned and probably released. The person who is suppose to be a "watch" will probably get his CO's ass chewed out by the base CO and we all know how sh*t rolls downhill. Now, if it was that easy for him to get on base in the first place.. Imagine how easy it would be for a terrorist to plant a bomb anywhere on the base and set it off without being detected. | |
|
| | i1me2ao Premium Member join:2001-03-03 TEXAS |
to Harddrive
it is all about image not substance.. | |
|
| | KrKHeavy Artillery For The Little Guy Premium Member join:2000-01-17 Tulsa, OK Netgear WNDR3700v2 Zoom 5341J
1 recommendation |
to Harddrive
said by Harddrive:doing something wrong to point out someones flaws will only get you in trouble. Hmmm. Doesn't seem to apply to politicians or campaigns, however. There it gets you richly rewarded and re-elected into office. | |
|
| | Augustus IIIIf Only Rome Could See Us Now.... join:2001-01-25 Gainesville, GA
1 recommendation |
to Harddrive
said by Harddrive:isn't that just stupid of them? kinda like this...
i got onto a secure Military base. went straight to the military police building and told them how bad their security is. why am i being arrested? i dialed into a health organization server maintenance line and telnet'ed over to some patients' information servers. i called them up and told them of the security flaw. why is the FBI knocking on my door?
doing something wrong to point out someones flaws will only get you in trouble. correct. the trick is to capitalize on the situation and buy yourself a nice yacht. that's what the smart ones do. after all, you will be called a criminal in both cases | |
|
| |
to FFH5
what they were doing was just not breaking the law on computer security but sorta scaring/blackmailing att. | |
|
| | ••• |
| packetscan Premium Member join:2004-10-19 Bridgeport, CT |
to FFH5
said by FFH5:Those who break in to computer systems tread on thin ice legally. Claiming good intentions(like the Goatse crew) doesn't carry much weight with those being violated.
Only White Hat hackers hired by the target companies to test security are on firm legal ground. People are saying "break into" as if they did something. However if we go back to the original story when it was happening, AT&T had made a mistake and left a hole in their site so large you could drive a train through. Had they not reported this problem who would have? Maybe we would have found out about it after our government systems were comprised by foreign governments. Companies for the most part do no take security seriously and in the end stupid shit like this happens, an AT&T engineer or engineering team made a series of bad choices and now these researchers are Possibly facing jail time. | |
|
| FFH5 Premium Member join:2002-03-03 Tavistock NJ |
FFH5
Premium Member
2011-Jan-19 5:51 pm
Goatse hackers outed by mole in their group: » arstechnica.com/apple/ne ··· hack.ars50 pages of IRC chat logs between Auernheimer, Spitler, and other members of a self-professed "troll" group known as Goatse Security. Those chat logs, turned over to the FBI by an unnamed confidential source, reveal that the group (Auernheimer in particular) wanted to "embarrass" AT&T publicly over the security flaw they discovered and make the stock price go down in order to troll the company. Auernheimer also attempted to spin the story in the press and attempt to paint Goatse Security as a legitimate data security company, and later attempted to destroy evidence after it was announced that the FBI planned to investigate the matter.
In early June, Spitler discussed with the group how they might use the information. "I don't see the point unless we phish for passes even then that's boring," he wrote. Other members of the group suggested mining the e-mail addresses to sell to spammers "for thousands," or leaking the addresses to the press to "tarnish AT&T."
Auernheimer then helped Spitler refine his script to harvest a large number of valid e-mail addresses of iPad 3G users, suggesting that a huge data set would be needed to "direct market iPad accessories" or start a "future massive phishing operation," noting that the data breach would be "huge media news."
"[A]t this point we won. we dropepd [sic] the stock price," Auernheimer wrote. "[L]et's not like do anything else we f**king win and i get to like spin us as a legitimate security organization." I guess they are black hat hackers after all - condemned out of their own mouths. | |
|
| | dib22 join:2002-01-27 Kansas City, MO |
dib22
Member
2011-Jan-20 3:11 am
Re: Hackers? White hat; black hat; others?said by FFH5:I guess they are black hat hackers after all - condemned out of their own mouths. Maybe... I mean if you used casual bar talk, for example, you could most likely bring charges against a large number of people... but bragging and talking smack in a bar doesn't mean you really intend to do such things. At least in a bar there would be witnesses... IRC chat logs are not very easy to authenticate. | |
|
KrKHeavy Artillery For The Little Guy Premium Member join:2000-01-17 Tulsa, OK |
KrK
Premium Member
2011-Jan-18 5:27 pm
I thought it was about AT&T and Apple exec's going to jail.....but it's about the third party thieves.... not the first party ones. | |
|
|
AnonoCoward
Anon
2011-Jan-18 9:07 pm
Seem Familiar?This seems like a classic example of the Streisand Effect, or to the Canadian audience, the Bubble Effect. If AT&T/Apple (AppleT&T) would have responded to the vulnerability and worked with goatse to patch it quickly and effectively, very few people would know about it. Instead, they LET it happen, decry how much harm these evil hackers do, then raise rates / demand more US government money.
Without a doubt they will take a tax deduction for "increasing security measures". AppleT&T looks tough on hackers, the "bad guys" are put away, and all is safe once more in La-La land. | |
|
| ••••• |
wierdo join:2001-02-16 Miami, FL |
wierdo
Member
2011-Jan-20 1:09 pm
excuse me?It disturbs me greatly that merely accessing a URL can now be a criminal offense.
Does this mean it's a crime to access a webcam you don't know to be listed in a directory somewhere? Or what if I get a directory index out of apache and access a file sitting on a webserver that's not linked from any HTML page?
What exactly is the crime here? | |
|
|
|