SoylentNews is people
SoylentNews
Forbes reports that a security researcher in California registered the vanity plate "NULL," partly for fun and partly in the hope that this spoofed the system into returning errors whenever his plate was seen.
Instead he received more than $12,000 in fines, as his plate became a dumping ground for erroneous data records.
Every single speeding ticket for which no valid license plate could be found was assigned to his car. The Los Angeles police department eventually scrapped the tickets but advised the man to change his plates, or the same problem would continue to occur. In response, the man has apparently said: "No, I didn't do anything wrong," insisting to his Def Con audience that, whatever happens, "I won't pay those tickets."
Also covered in the Guardian.
(Score: 2) by edIII on Saturday August 17 2019, @10:22PM
Even with intent, the guilty party for the actual obstruction are the software vendors. He was doing this in the hope that a software vendor wasn't sanitizing, or properly handling their inputs. When the user (most likely an officer) attempts to run the plate, they would be met with an input error, or some other kind of system error. This is still not the plate owner causing anything, and their possession of an approved license plate NULL is within their rights. If an officer is unable to use software because the software vendor couldn't adequately handle license plates, that's on the government and software vendor entirely.
If the government isn't restricting a set of bare keywords from usage as a license plate, then they need to ensure they can support that data type. It's insane that they couldn't too. This would've had to be stored as a CHAR field, or VARCHAR at worst, and any proper input validation would've allowed the license plate field to be searchable for the string 'NULL'. The only thing crazier about this situation is that the record holding 'NULL' in the license plate field is found when using license_plate = NULL. That's what happened if unknown license plates are collecting against his "Null record". Implemented properly his license plate record couldn't possibly be associated with null inputs.
This was somebody being cheeky that didn't realize they were severely underestimating the stupidity of government, or that government doesn't often react well to showing them their systems are faulty. They tend to punish the messenger.
Technically, lunchtime is at any moment. It's just a wave function.