SoylentNews is people
SoylentNews
Forbes reports that a security researcher in California registered the vanity plate "NULL," partly for fun and partly in the hope that this spoofed the system into returning errors whenever his plate was seen.
Instead he received more than $12,000 in fines, as his plate became a dumping ground for erroneous data records.
Every single speeding ticket for which no valid license plate could be found was assigned to his car. The Los Angeles police department eventually scrapped the tickets but advised the man to change his plates, or the same problem would continue to occur. In response, the man has apparently said: "No, I didn't do anything wrong," insisting to his Def Con audience that, whatever happens, "I won't pay those tickets."
Also covered in the Guardian.
(Score: 2, Insightful) by khallow on Saturday August 17 2019, @04:32AM (2 children)
IF.
Or they could fix their system. It's insane that this is even a thing.
(Score: 2) by edIII on Saturday August 17 2019, @10:22PM
Even with intent, the guilty party for the actual obstruction are the software vendors. He was doing this in the hope that a software vendor wasn't sanitizing, or properly handling their inputs. When the user (most likely an officer) attempts to run the plate, they would be met with an input error, or some other kind of system error. This is still not the plate owner causing anything, and their possession of an approved license plate NULL is within their rights. If an officer is unable to use software because the software vendor couldn't adequately handle license plates, that's on the government and software vendor entirely.
If the government isn't restricting a set of bare keywords from usage as a license plate, then they need to ensure they can support that data type. It's insane that they couldn't too. This would've had to be stored as a CHAR field, or VARCHAR at worst, and any proper input validation would've allowed the license plate field to be searchable for the string 'NULL'. The only thing crazier about this situation is that the record holding 'NULL' in the license plate field is found when using license_plate = NULL. That's what happened if unknown license plates are collecting against his "Null record". Implemented properly his license plate record couldn't possibly be associated with null inputs.
This was somebody being cheeky that didn't realize they were severely underestimating the stupidity of government, or that government doesn't often react well to showing them their systems are faulty. They tend to punish the messenger.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by All Your Lawn Are Belong To Us on Monday August 19 2019, @02:39PM
From the Wired article [wired.com]
that Legont found below:
A safe way to interpret that was he was telling the truth the first time and now trying to walk that back. Yes, he could just be correcting a mistaken impression, but let's look at what he specifically said...
From the Mashable article that Wired quotes, which is a little more equivocating and yet damning at the same time
If he did it with the intent to conceal his identity from the system in order to not get tickets that's intentionally trying to impede justice, "off chance" or not. His statement in the above quote may be a joke, about on par with joking that one has a bomb in one's luggage at the airport. It can be read seriously. And if nobody asked him to test the system in this way and he wasn't invited to then it's equivalent to when someone tries penetration testing on a system they haven't been invited to, one may assume it's got bad intent and think nothing more of it. Is it clever? Yes. Is it right? Slightly less right than trying to walk into a Wal-Mart with a rifle a week after a mass shooting at a Wal-Mart. In fact, the cases might be parallel in that if it was something done to "test the system" it occurred in a stupid way where the penalty is pretty understandable.
I still think this is poetic justice. He screwed with the system, he got hassled, and if he's smart he'll figure out what he can do on his own to not be hassled instead of trying to play the victim.
Should the system be fixed? Yes. Should the guy be held responsible for the fines that aren't his? No. Should he change his plate, even if the system is fixed? Yes. Does this person deserve a medal for finding it? Not the way Snowden should, no.
This sig for rent.