Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Congratulations Andrew
From: Christian Sciberras <uuf6429 () gmail com>
Date: Wed, 16 Jun 2010 22:24:29 +0200

So you're telling us we should all be getting our cupboards filled with
drugs so the next time we deface Whitehouse we get away with *just* drug
trafficking?

I'm not arguing that they were right or not, I'm just saying that a felony
is to be tried, regardless of conditions (it's how democracy should work
anyway).

That said, I also agree, no one should be stupid enough to mess up with
corporate servers and drugs at the same time, especially if s/he knows
they're after him.





On Wed, Jun 16, 2010 at 10:17 PM, T Biehn <tbiehn () gmail com> wrote:

Lets just call a spade a spade here:
AT&T got butthurt at the media ruin and forced the man to come down hard on
someone.
A perfect someone to restore public faith in the order of the world was
Weev.

So AT&Ts lawyers drafted some bum legal pretense under which to raid weev
looking for some related incriminating content and handed it off to the
cops. Of course they were going to find something illegal on his premises,
have you seen half the shit he writes online?

This is another instance of Corporate Policy leading to unjustified
Policing action; it is the second such occurrence in the past few months.
Maybe AT&T schooled Apple in mobile networking and in turn Apple schooled
AT&T in corporate control of public police forces.

-Travis


On Wed, Jun 16, 2010 at 4:12 PM, T Biehn <tbiehn () gmail com> wrote:

Furthermore if I access an online resource and I notice that the
information ends and the URL has a &page=1 on the end and no link exists on
that page to say... &page=2 is that illegal?
On the same note, if I notice something that looks like a SELECT statement
in a URL (due to excellent coding) is it illegal for me to modify that
SELECT statement to return other information?
Is the legality of access to the resource something that must be
explicitly granted to me or is it some abstract property depending on the
content I've accessed? Is it legal to randomly fuzz web service arguments
without knowing the data that it will return?

Usually systems of this nature will have an EXPLICIT notice that you
cannot access data on it unless you're authorized OR will require (as it
does now) authentication.

Did the ICCID count as authentication if it is not explicitly labeled by
AT&T as such? A field like:
&password would clearly be illegal to brute force.

An analogy to a case with CLEARLY AND EXPLICITLY defined law regarding
private property doesn't really seem to fit.

-Travis



On Wed, Jun 16, 2010 at 3:58 PM, T Biehn <tbiehn () gmail com> wrote:

So what grants you legal access to aol.com (HTTP port 80 get / )?
I'm confused? Does search engine indexing grant legal access to online
resources?

-Travis


On Wed, Jun 16, 2010 at 3:34 PM, Thor (Hammer of God) <
Thor () hammerofgod com> wrote:

By the same logic, then yes you would.  Which is why the statement “if a
system has no password, then you have a legal right to whatever data is on
it” is complete horse hockey.



Don’t take technical advice from your lawyer, and don’t take legal
advice from people on security lists.



t



*From:* full-disclosure-bounces () lists grok org uk [mailto:
full-disclosure-bounces () lists grok org uk] *On Behalf Of *wilder_jeff
Wilder
*Sent:* Wednesday, June 16, 2010 11:56 AM
*To:* full-disclosure () lists grok org uk

*Subject:* Re: [Full-disclosure] Congratulations Andrew




By that same standard.. if you leave your house unlocked.... does that
give someone the right to enter it?

just my thoughts
------------------------------

Date: Wed, 16 Jun 2010 19:58:27 +0200
From: uuf6429 () gmail com
To: tbiehn () gmail com
CC: full-disclosure () lists grok org uk; Valdis.Kletnieks () vt edu
Subject: Re: [Full-disclosure] Congratulations Andrew

Reminds be of Al Capone and tax evasion ;-)

Good ol' America.



On Wed, Jun 16, 2010 at 7:49 PM, T Biehn <tbiehn () gmail com> wrote:

Yes.
The FBI was investigating the AT&T incident, presumably the AT&T
incident was what the fed were serving against.
What possible valid search warrant could be executed? There was no hack,
breach, illegal access of data, or anything else for that matter.

If you leave a system online with no password which allows you to scrape
content you have a legal right to scrape that content.

-Travis



On Wed, Jun 16, 2010 at 11:10 AM, <Valdis.Kletnieks () vt edu> wrote:

On Wed, 16 Jun 2010 10:09:22 EDT, T Biehn said:

I doubt the search warrant will hold up in court.

Do you have any actual basis for saying that?  Sure, the warrant might
be
bullshit, it might be solid - the article doesn't give us enough info
either
way to tell.

"Auernheimer was also arrested in March for giving a false name to law
enforcement officers responding to a parking complaint."

Sad.  The dude may have the intelligence to pull the hack, but not have
the
wisdom to not dig a hole deeper. Just man up and take the frikking
parking
ticket. ;)



--
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C

http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


------------------------------

The New Busy is not the old busy. Search, chat and e-mail from your
inbox. Get 
started.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da




--
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da




--
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]