Two Men Charged in iPad/AT&T Hacking Case

Status
Not open for further replies.

jkflipflop98

Distinguished
Feb 3, 2006
207
0
18,830
both men are members of Goatse Security, which describes itself as a group of "self-professed Internet 'trolls'" who try to disrupt online content and services.


I say execute them both. I can agree with you if you at least have a point, you're out to prove something needs changed for the better. These jackasses get their "LULZ" by simply screwing with other people?

Kill them as an example.
 
G

Guest

Guest
So, what PO'd me the most about this is that some media sources are reporting that AT&T pressured to have these fools charged because AT&T "lost credibility" in customer's eyes. HellYes they lost credibility... Lets review: AT&T architected an Internet-facing solution without adhering to their own internal IT security guidelines and best practices; therefore, AT&T created this mess and now needs someone to blame! If anyone needs Chinese justice, go after the AT&T senior management and raise the IQ of the world. On second thought, just make AT&T pay for this entire litigation which will eventually cost U.S. taxpayers millions.
 

Camikazi

Distinguished
Jul 20, 2008
745
0
18,930
[citation][nom]jojesa[/nom]I don't have any sympathy them.People who gain access to systems to steal people info deserves that and more.[/citation]
Actually they originally found the flaw and reported it to AT&T, when AT&T ignored them and didn't fix the vulnerability they stepped it up to force them to fix it. Don't think they did it to steal info, cause telling AT&T about it at all would kind of end their information stealing. Not the smartest way to go about it but when the company won't listen and fix their own glaring error you gotta do something to get their attention.
 

Parrdacc

Distinguished
Jun 30, 2008
391
0
18,930
"AT&T was apparently warned of the security hole, but only closed it after Goatse had written a PHP script to harvest the data and shared the vulnerability with third-parties."

So AT&T waited til these guys from Goatse did something with the hole? Okay. Who is the real problem here? Goatse who used the hole? Yes this is bad, but what about AT&T? After all they "apparently" knew about this but did not do anything until it was exploited. Sounds to me like the typical AT&T approach of: we know we have security hole, but we won't fix it till the data of customers is taken, then we take action. Well I would not want to deal with a company who knowingly waits around for someone or someones to exploit and steal using a security hole they already know about.
 

g00fysmiley

Distinguished
Apr 30, 2010
476
0
18,930
depnds on if they actually used the script that exploited, if they only published it to force at&t to fix thier issue after they had reported it then no they didn't do anything wrong... now if they did in fact harvest data for any purpose beyond proof it cna be exploited and showign it needed to be fixed then yes they should face charges for using the data with ill intent... i bet they get off due to not being able to prove ill will ... at least if they ahve a good lawyer
 

jojesa

Distinguished
[citation][nom]Parrdacc[/nom]"AT&T was apparently warned of the security hole, but only closed it after Goatse had written a PHP script to harvest the data and shared the vulnerability with third-parties."So AT&T waited til these guys from Goatse did something with the hole? Okay. Who is the real problem here? Goatse who used the hole? Yes this is bad, but what about AT&T? After all they "apparently" knew about this but did not do anything until it was exploited. Sounds to me like the typical AT&T approach of: we know we have security hole, but we won't fix it till the data of customers is taken, then we take action. Well I would not want to deal with a company who knowingly waits around for someone or someones to exploit and steal using a security hole they already know about.[/citation]

Let me see if I understand your analogy.
You have a window that does not close properly on your house and your neighbor informs you about it.
You chose to ignore the neighbor (or you could have schedule a repair for a convenient date) and he comes to your house, thru that window you did not fix when he told you to, he takes some of your belongings and leave them in the sidewalk for anyone to take.
So you will be ok with that, since you did not fix that window in a timely manner.


 

f-14

Distinguished
Apr 2, 2010
774
0
18,940
[citation][nom]jojesa[/nom]Let me see if I understand your analogy.You have a window that does not close properly on your house and your neighbor informs you about it.You chose to ignore the neighbor (or you could have schedule a repair for a convenient date) and he comes to your house, thru that window you did not fix when he told you to, he takes some of your belongings and leave them in the sidewalk for anyone to take.So you will be ok with that, since you did not fix that window in a timely manner.[/citation]
close but inaccurate.
would be more along the lines of he sent in a robot with a camera (account slurper)& took pictures of items (emails) and then posted about the broken window on the internet to others (3rd parties)
 

Parrdacc

Distinguished
Jun 30, 2008
391
0
18,930
[citation][nom]jojesa[/nom]Let me see if I understand your analogy.You have a window that does not close properly on your house and your neighbor informs you about it.You chose to ignore the neighbor (or you could have schedule a repair for a convenient date) and he comes to your house, thru that window you did not fix when he told you to, he takes some of your belongings and leave them in the sidewalk for anyone to take.So you will be ok with that, since you did not fix that window in a timely manner.[/citation]

No you have it all wrong. Perhaps this is better. It is not really a matter of who is worse both parties are guilty as far as I am concerned, but it seems only the Goatse face any real problems here. Yet AT&T knew of the problem and did nothing until the hole was used. Should they not be held responsiable for knowing of a potential security risk which they did nothing about until it was to late? The key word being "knowing", if they did not know of the hole before Goatse did anything then AT&T would be blameless imo, but they knew and did nothing so they too are to blame.

As for the whole windows on my house thing, that is my house and effects only me and those that live there where as AT&T has millions of customers. Not only did Goatse take records, but AT&T apparently continued to put at risk, not just one or two, but potentially thousands of customers data at risk by knowing of the problem and doing nothing about it.

Hope that clears it up.
 

jojesa

Distinguished
[citation][nom]Parrdacc[/nom] It is not really a matter of who is worse both parties are guilty as far as I am concerned, but it seems only the Goatse face any real problems here.. .[/citation]
I am not defending AT&T, I don't even like the company but two wrong don’t make a right.
AT&T did not hack into some ones system to expose customer’s data.
By the way pretty much any system out there has bugs and holes.
Who made these two morons the entity to policy others.
They could have called a newspaper like Routers or the NY Times and expose AT&T, but they chose to break the law.
 

rhino13

Distinguished
Apr 17, 2009
256
0
18,930
This sounds very questionable.
Microsoft has decent security due to all the holes people have hacked into the OS over the years.
If Apple has hackers thrown in jail for doing so who's going to be there to fix Apple's shotty security?
 

millerm84

Distinguished
Jan 5, 2009
86
0
18,580
[citation][nom]jojesa[/nom]Let me see if I understand your analogy.You have a window that does not close properly on your house and your neighbor informs you about it.You chose to ignore the neighbor (or you could have schedule a repair for a convenient date) and he comes to your house, thru that window you did not fix when he told you to, he takes some of your belongings and leave them in the sidewalk for anyone to take.So you will be ok with that, since you did not fix that window in a timely manner.[/citation]

You're absolutely correct these guys had no business invading the AT&T system, but AT&T should still be held accountable in some way for neglecting to fix a known security hole. And the argument can be made that it is not unauthorized access if AT&T did nothing to fix it.
 

pozaks

Distinguished
May 12, 2010
61
0
18,580
This "house" building analogy keeps coming up for some reason.

If AT&T is a building, it isn't a "house", it's more like a "bank" since many individuals' information and privacy are kept there. If a bank leaves its doors wide open overnight and someone walks in and takes your money, the bank is most definitely in trouble.

Of course, so are the jackasses who broke in.
 

borisof007

Distinguished
Mar 16, 2010
186
0
18,630
People are blowing this out of proportion by a large factor. They distributed EMAIL ADDRESSES. Jesus christ, more e-mail addresses are illegally bought from s#!77y 3rd party marketing companies than what these two did.

They didn't need to get v&'d. Companies just need to listen to the public when the public informs them of a security hole and gives them ample time to fix it. Too bad/So sad for AT&T/Apple.

It's not like they couldn't create a new e-mail address for free or anything...
 

bv90andy

Distinguished
Apr 2, 2009
391
0
18,930
The two hackers should have just informed AT&T and the public about the problem without posting all those e-mails everywhere and they would now be heroes.

It's their fault.
 
Status
Not open for further replies.