Announcement

Collapse
No announcement yet.

weev arrested

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • weev arrested

    Kind of old news at this point, but I didn't see a thread on it yet:

    http://news.cnet.com/8301-27080_3-20007827-245.html

    weev was served a warrant, ostensibly for the personal data disclosure vulnerability on AT&T's web site, which more or less involved altering the customer ID in a URL in order to retrieve the personal data of other customers.

    However, at the time the warrant was served, he had, well... lots of drugs.
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: weev arrested

    Sure, it is a story, but where is the value? One of the things I don't want to see become of "Value Added News" forum is a place that people JUST use to paste in news stories on current topics. We can all get that news anywhere, like slashdot, or news.google.com.

    The genuine value to the readers and fellow members of this forum come when we as members add value to a story with thoughtful commentary and what we think about the story focused on the Defcon community, computer security, hacking, or other related topics.

    So, what do you think about this event, and how will it change the way you work or live your life? What do you think the long-term effect of this action might be with respect to groups that might want to attempt the same things that the state alleges this person did? Will this have any long-term consequences outside the life of this person that has been arrested?

    Thanks man!

    Comment


    • #3
      Re: weev arrested

      Originally posted by TheCotMan View Post

      So, what do you think about this event, and how will it change the way you work or live your life? What do you think the long-term effect of this action might be with respect to groups that might want to attempt the same things that the state alleges this person did? Will this have any long-term consequences outside the life of this person that has been arrested?

      Thanks man!
      I was thinking about making a mega post with all the Goatse Security drama cause I'm associated with similar people and it's not really cool.

      Goatse security discovered a flaw in a feature ATT had that lets iPad users sign on to their service quicker. It allowed them, in an almost ridiculously simple way to gain access to sensitive iPad subscriber data. The service in which they obtained this data was unencrypted and open to the web. (http://gawker.com/5559346/apples-wor...owners-exposed)

      There is vague mention as to how ATT found out about it, I think in the Wired article, I read weev talked to some people and the information got there. Once they determined that ATT had closed the hole, they released all the information they had obtained to Gizmodo. Gizmodo censored sensitive information and posted their article (posted above)

      This is an argument of how to properly disclose information. Was Goatse right in what they did? Or were they wrong and illegally posting information?

      The problem is that ATT and Apple are so wound up, that this has now become an legal issue.

      I agree with the way things were done, personally. Like Goatse keeps saying, the hole was ridiculously exposed and easy to exploit and automate. Had someone obtained this data with malicious intent, they could of spearphished iPad customers with the Safari iPad exploit (NSFWhttp://encyclopediadramatica.com/Safari_XPS_Attack) or something like targeted spam

      So do you agree with the way things were done or not?

      My whole issue is that as the drama continued, the FBI got involved, weev was stupid enough to keep all that stuff at his house. It was obvious he was going to get raided, look at what happened to the guy that FOUND and iPhone 4 lying around in a bar. It almost feels like ATT and Apple are using the government as their personal bodyguards, which is another caveat of the whole thing.

      Sorry if this post is written poorly, I'm in a hurry and I wanted to say something.
      "As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."

      Comment


      • #4
        Re: weev arrested

        Sorry CotMan, forgot to provide the value here. Thanks for the friendly reminder :)

        Now, certainly, weev has done a number of things in the past for which he probably deserved to be raided. This was not one of them.

        I do eagerly await the disclosure of the nature of the warrant and what crime he supposedly committed.

        But other than that, how many people here think disclosing the nature of the vulnerability in the AT&T web site deserved a warrant/raid?

        (CotMan, if that's not enough value added, feel free to just toss this into Community Talk)
        Last edited by bascule; June 17, 2010, 15:30.
        45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
        45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
        [ redacted ]

        Comment


        • #5
          Originally posted by g3k_ View Post
          Sorry if this post is written poorly, I'm in a hurry and I wanted to say something.
          It is quite good at adding value to the story. Thanks for contributing. :-)

          Originally posted by bascule View Post
          Sorry CotMan, forgot to provide the value here. Thanks for the friendly reminder :)
          Thanks man! :-)

          Comment


          • #6
            Re: weev arrested

            Originally posted by bascule View Post
            But other than that, how many people here think disclosing the nature of the vulnerability in the AT&T web site deserved a warrant/raid?
            The only thing that may be questionable was Goatse Security apparently released the exploit to 'third parties' before disclosing it to AT&T, according to the Gawker article that g3k_ posted. Other than that, there's no basis for a raid based on what I've read or heard in reference to this. It would seem to be a straight forward script, that involved nothing more that normal web access to AT&T's site.

            Originally posted by The Gawker
            Since a member of the group tells us the script was shared with third-parties prior to AT&T closing the security hole, it's not known exactly whose hands the exploit fell into and what those people did with the names they obtained. A member tells us it's likely many accounts beyond the 114,000 have been compromised.
            Edit: Of course, having the drugs around was just plain stupid.
            Thorn
            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

            Comment


            • #7
              Re: weev arrested

              Moral of the story, don't piss off ATT or Apple, they apparently have more lawyers than secure code writers.
              DaKahuna
              ___________________
              Will Hack for Bandwidth

              Comment

              Working...
              X