Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday April 12 2014, @08:21PM   Printer-friendly
from the lets-see-what-happens-now dept.

Andrew Auernheimer, aka Weev the grayhat security researcher and Internet antiblog troll was convicted for exposing a flaw in AT&T security which allowed the e-mail addresses of iPad users to be revealed.

The conviction was vacated Friday (2014/04/11) on the grounds of improper choice of venue, but the court commented anyway that "no evidence was advanced at trial" that "any password gate or other code-based barrier" was breached.

The defendant's attorney, Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation, said in an e-mail that a "retrial is barred by double jeopardy." If the authorities do seek a second trial, he said, "we will raise precisely that."

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by zim on Saturday April 12 2014, @09:30PM

    by zim (1251) on Saturday April 12 2014, @09:30PM (#30610)
    If you find a giant wide open security problem..

    DON'T TELL ANYONE!

    Maybe try to sell it. Cash in and then forget all about it.

    Or maybe wait until someone else exploits it and it's big news of the day.. Come out and say 'yeah i found that 5 years ago and didn't tell anyone because jail sucks'.

    That might get you 15 minutes of fame.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 1) by unauthorized on Saturday April 12 2014, @10:15PM

    by unauthorized (3776) on Saturday April 12 2014, @10:15PM (#30615)

    The problem is that weev didn't just find the exploit. He brute-forced his way through the entire set of IDs in order to download all the user data. If he had only downloaded a few entries as a proof-of-concept, I would have been far more sympathetic to his circumstances.

    The lesson here is "don't exploit security more than it's necessary to prove that there is a problem" if you plan on telling everyone about it. Or at least have the common sense not to link the attack to your real identity.

  • (Score: 1) by opinionated_science on Saturday April 12 2014, @10:15PM

    by opinionated_science (4031) on Saturday April 12 2014, @10:15PM (#30616)

    any lawers out there know if it is legal to sell discovered security flaws to a private buyer?

    Those "black market" websites do it for illegally obtained information (e.g. credit cards), but of course they are illicit to start with.

    I only mentioned it because you mention

    DON'T TELL ANYONE!

    Maybe try to sell it. Cash in and then forget all about it.

    , and I had a vision of the Monty Python style "blackmail" game show!!!!

    • (Score: 1) by Horse With Stripes on Saturday April 12 2014, @10:55PM

      by Horse With Stripes (577) on Saturday April 12 2014, @10:55PM (#30622)

      Considering the government claims Weev broke the law when he "discovered" this security flaw, selling the information about the flaw would have been used as evidence against him as proof of his true intentions ("nothing 'accidental' about that, now is there, ladies and gentlemen of the jury?"). And motive is an element of the crime.

      Also, it's not inconceivable that a prosecutor would claim "any reasonable person can infer that the only way he could have proven the exploit worked to the buyer was by handing over some of the illegally acquired data". And thus he was not only profiting from his crimes by selling the exploits, but also selling personally identifiable data (or however the feds would label it).

      IANAL, and I don't watch the Law & Order reruns, but I'm pretty sure the prosecutors would try to show that selling the exploit was an overt act in furtherance of a criminal conspiracy. They would equate it to someone selling the plans to a bank, or the schedule of an armored car, to someone who was going to use that information to commit a robbery ("because there is no other reason for someone to purchase this type of information unless they were intending to use it to commit a crime").

      • (Score: 1) by opinionated_science on Saturday April 12 2014, @11:19PM

        by opinionated_science (4031) on Saturday April 12 2014, @11:19PM (#30628)

        google monty python blackmail, it is inspired farce for the modern age....!

        • (Score: 1) by Horse With Stripes on Saturday April 12 2014, @11:46PM

          by Horse With Stripes (577) on Saturday April 12 2014, @11:46PM (#30633)

          I can see the similarities ... and the potential for prosecutorial abuse ... all with lights, camera and a nude organist. Combine this with the "someone can sing about dancing talent" call in voting shows and I think we've got a winner. Add a cage match between Judge Judy & Nancy Grace, and they won't even need Ryan Seacrest.

          BTW, I found two different versions of the skit on YouTube. They used the same script (except for the identity of the caller at the end), but were shot on different stages, used some different actors, and had different pictures & film footage. Both needed to burn the organist's bench.

      • (Score: 2) by Angry Jesus on Sunday April 13 2014, @03:36AM

        by Angry Jesus (182) on Sunday April 13 2014, @03:36AM (#30676)

        > selling the information about the flaw would have been used as evidence against him as proof of his true intentions

        The only reason they even knew to persecute him was because he went public with the info. If he had just sold it, they would have never known to come after him. Even if the buyer exploited the information, unless someone else went public in a big way (e.g. talked to journalists rather than just used the info for criminal purposes), they would probably have just swept it all under the rug.

      • (Score: 2) by hemocyanin on Sunday April 13 2014, @06:08PM

        by hemocyanin (186) on Sunday April 13 2014, @06:08PM (#30816) Journal

        Depends on the buyer. If he sold it to the NSA, he'd get money, immunity, and a medal.

  • (Score: 1) by redneckmother on Sunday April 13 2014, @03:00AM

    by redneckmother (3597) on Sunday April 13 2014, @03:00AM (#30666)

    "Maybe try to sell it."

    Yeah, to the NSA. Yeah, that's it!

    Perhaps you've met my wife - uhhh, Morgan Fairchild! Yeah, that's the ticket!

    --
    Mas cerveza por favor.
    • (Score: 0) by Anonymous Coward on Sunday April 13 2014, @04:12AM

      by Anonymous Coward on Sunday April 13 2014, @04:12AM (#30686)
      The young Morgan Fairchild...