SoylentNews is people
SoylentNews
from the shades-of-"Weev"-and-Aaron-Swartz dept.
Thanks in part to America’s ill-defined hacking laws, prosecutors have enormous discretion to determine a hacker defendant’s fate. But in one young Texan’s case in particular, the Department of Justice stretched prosecutorial overreach to a new extreme: about 440 years too far.
Last week, prosecutors in the Southern District of Texas reached a plea agreement with 28-year-old Fidel Salinas, in which the young hacker with alleged ties to members of Anonymous consented to plead guilty to a misdemeanor count of computer fraud and abuse and pay $10,000 in restitution. The U.S. attorney’s office omitted one fact from its press release about that plea ( http://www.justice.gov/usao/txs/1News/Releases/2014%20November/141120%20-%20Salinas.html ), however: Just months ago, Salinas had been charged with not one, but 44 felony counts of computer fraud and cyberstalking—crimes that each carry a 10-year maximum sentence; adding up to an absurd total of nearly a half a millennium of prison time.
(Score: 0) by Anonymous Coward on Sunday November 30 2014, @08:55AM
They brought millions of clueless people to computers and they proved you can make absolutely shitty software with zero security. Now some 30 years later most software is very bad from the security viewpoint and thus very inviting for people to snoop around. Almost every single day we read how so and so many millions of records got snatched by criminals. This leads to prosecutors scared shitless and having the shoot first ask later mentality towards "hackers" (should be crackers). And the clueless prosecutors make no distinction between white, gray or blackhats...
(Score: 1) by anubi on Sunday November 30 2014, @10:45AM
I'd love to blame Microsoft for this mess, I guess because they are big and have made lots of money being everything for everybody, but the biggest thing I see is the Rube Goldberg concoction of code that evolved into trying to keep secrets.
I just got through evicting another rootkit from my machine ( Thanks, Malwarebytes, for finding it and getting rid of it! ). [malwarebytes.org] Hidden process. Would not show up in Task Manager. I was wondering what got into my machine when it got sluggish as hell last week.
Now, I would not be running Task Manager unless I had a problem... now why the hell have hidden processes? That's akin to me making myself invisible so I can do bad things to other people and get away with it scot-free.
Its things like that, where Microsoft puts special hickeys in the operating system for their special friends that make the likes of me distrust them. First, its Sony abusing the CD Autorun privilege, we think that has been fixed, then someone plugs is something as innocuous as a USB E-Cig charger and gets hit with code intrusions? C'mon now, just how finicky should we design this stuff? Then I find out something as simple as a FTDI interface chip can be bricked with some code. If FTDI can do it, then anyone who knows the secret handshake can do it too. How in the hell are we supposed to build anything on top of this kind of framework? Its like trying to build a bridge with bad cement.
I think this is more a problem of our damned law. With the passing of the DMCA, people who wanted law to protect their IP should be required to either reveal exactly how it works, or if they want, keep it secret and assume full liability for it malfunctioning. Discovering and fixing bad code should not be a violation of any kind of law.
Neither should it be illegal to do whatever one has to do to find out why his machine is behaving incorrectly.
There was once a day I could pull out a debugger to fix bad code, however I have not kept up with all the ways of finding bugs in code that now runs in the megabyte range.
This seems to be a result of what happens when special interests buy Congressmen to get special law passed just for them.
There has just GOT to be a far more elegant way of implementing a standard computational infrastructure than what we have now. If I was to compare computers to astronomy, I would say we are at the Ptomelaic level. We need a Copernicus to see the big picture and establish a workable framework.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Hairyfeet on Sunday November 30 2014, @01:02PM
Oh Lord where do I even begin, with so much dumb shit piled into a single post?
First of all MSFT has hidden processes to keep dumbasses from going "Herpa de derp, I didn't install no "arrr pee cee, that must be one of them thar bugs!" and fucking up their shit. Second MSFT didn't "allow" Sony to do squat, the Sony rootkit used the same procedure to install their rootkit that OEMs use to install graphics driver and it said plainly what it was doing in the EULA. Its not MSFT's fault if you can't read or even ask WTF when a fricking CD wants to install shit just to play. This the USB thing ain't got shit to do with MSFT, that is how the USB consortium designed the USB spec and what is more they did so for good intentions, it was to keep scumbum hardware resellers from rigging the firmware on USB devices to report info like what we are seeing now with all the fake Nvidia cards. Sadly in a perfect example of why we can't have nice things scumbums eventually figured out how to go around it to make money not only on malware but by selling 4-8GB flash sticks as 128-256GB, been seeing more and more of that shit showing up in online auctions and flea markets. Finally WTF could they have done more about FDTI, a vendor that had in the past provided perfectly fine drivers that decided one day to use their drivers as a weapon? MSFT did what any vendor would do and yanked that shit but since WHQL is about testing drivers for use on the CORRECT hardware, not trying to run drivers to see if third party hacked hardware that uses an incorrect ID likes it or not? Really can't see what else they would have been able to do on that one.
And WTF kinda sites you going to that you are getting rootkits Bubba? I work on PCs at the shop 6 days a week and I see MAYBE 3 rootkits a year and they are all from either pirate sites or seriously dodgy porn sites. If you are watching pirated videos might I suggest that you run a VM or at the very least use something like Comodo Internet Security or Sandbox IE to sandbox your browser? The same goes for porn but I'd suggest just signing up to MyFreePaysite, they have several thousand DVDs worth of movies you can watch for free with no bugs. Glad you managed to remove the bug but if you are running Vista or newer frankly you shouldn't be getting them in the first place! Just run a decent free AV like Avast or Comodo Internet Security, avoid Firefox (because it runs in the same rights as the user) and instead use anything based on Chromium (Comodo Dragon and Secure Chromium, SWIron, Chromium, plenty to choose from) so that your browser runs in low rights mode and for the love of FSM if you are going to dodgy sites run your browser in a sandbox!
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by Whoever on Sunday November 30 2014, @05:17PM
I have no idea why you got insightful mods.
In that era (XP) most systems had autorun enabled. Combined with this: [wikipedia.org]
Summary: insert the CD and the software installs, irrespective of how the user responds. And that's somehow not Microsoft's problem?
(Score: 2) by sjames on Sunday November 30 2014, @06:50PM
The CD and USB things are ion MS. Nobody made them implement the obviously harmful autorun feature.
The whole email and document virus thing is on them as well. I remember well at the time they were busily making documents and emails into executable code they were warned that no good would come of it. Until then, email viruses were somewhere between urban legend and a mildly funny joke (the honor system virus for example).
Arguably, since you'd be insane to even read email or browse the web without a 3rd party AV installed, Windows is in itself incomplete.
(Score: 2) by Hairyfeet on Monday December 01 2014, @08:10AM
Oh please, you are STILL bitching about fucking Windows XP? You wanna bitch about how you could bypass login on Windows 98 by hitting cancel while you are at it? You DO know that Windows XP was FOUR, soon to be FIVE releases ago, yes? And that autorun was disabled in SP 2 IIRC which was in 2003?
Oh and just FYI the whole autorun thing was REQUESTED by the OEMs who got fucking tired of having support calls that said "I put teh CD in and it did nuffin!" because they were too damned dense to open Computer. Also FYI but that is now why you get a dialog box when you stick in a CD with the option of running it, because they just removed autorun with SP2 and the users fucking HOWLED in rage at the thought of having to open Computer!
I personally find it hilarious that MSFT gets shit if they do what the users ask of them, then get shit if they DON'T do what the users ask of them, is it any wonder that Balmer got fed up and tried to turn Windows into an oversized cellphone just to shut them up?
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by sjames on Monday December 01 2014, @04:07PM
You still seem pretty hot about it yourself. They could have done what Gnome does. Just open a file window showing the contents of the CD. If the user doesn't know about click the little picture to make things happen, they're simply incapable of using Windows at all.
But as for current issues, have they yet made their interface show the user the difference between opening data and running a program? That confusion is certainly a big part of the problem with Windows machines getting trashed.
(Score: 1) by anubi on Monday December 01 2014, @03:40AM
Hairyfeet:
The business owner and the glazier are apt to have two completely different perceptions of the kids running around breaking windows.
I have been messing with these things since they first came out. Even built and programmed my IMSAI 8080 from a box of discrete parts.
Yes, I probably picked up that rootkit while trying to find out the nasty little secrets others know that I am ignorant of. One does not find that kind of info, unless its some sort of computer security classes taught to government investigators or industry insiders paying for the "first call". I scrounge all over the net trying to find it, so at least I can get some idea of what I am up against instead of calling someone else in to charge me to reload Windows. I have had it with what passes as "computer repair".
My system seems so Rube Goldbergian and of the likes of Ptolemy, who had conceived of immensely complex planes of spheres rotating within spheres to describe the motions of the planets. I see all sorts of stuff done in software that should be done in hardware, and vice versa, but is not done that way in the name of legacy or implementation of proprietary business models.
I believe the Commodore64 paradigm was the way to go. All the basic stuff was in ROM. Yes, one could still have rogueware, but it would really be a trick to make it persistent. One could cycle power to the machine, reboot and go directly to a debugging program, which would scan your work disk for any known malware without the malware on the work disk being able to grab control and hide.
I believe this stuff we have today is way too fragile knowing the threats of determined people out there deliberately crafting code to cause destruction.
A business may have several thousand POS machines rendered useless by just one determined hacker that is onto the secret handshake that bricks the interface chip that opens the cash drawer or reads the credit card.
You may make your living fixing these problems... therefore experiences like mine is income to you.
For me, these problems are a big pain in the ass. And I believe most of them are the result of bad workmanship resulting from trying to be everything to everybody.
I know our computing infrastructure can be made way more elegant than what it is. Just as Copernicus knew Ptolemy was barking up the wrong tree. Things fell so neatly into place when we realized we weren't the center of the universe.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by urza9814 on Tuesday December 02 2014, @02:31PM
Right...so instead this clueless user will just do that to svchost.exe and explorer.exe and such? If that was the point, MS would hide system processes. If that was the point, they'd have a setting for advanced users to show them. Since they have done neither of those things, that is clearly not the point. Or they're massively incompetent. Take your pick.