×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Investigating iPad E-Mail Leaks

timothy posted more than 3 years ago | from the seeking-cause-of-action dept.

Privacy 209

CWmike writes "The Federal Bureau of Investigation has opened an investigation into the leak of an estimated 114,000 Apple iPad user e-mail addresses. Hackers belonging to a group called Goatse obtained the e-mail addresses after uncovering a web application on AT&T's website that returned an iPad user's e-mail address when it was sent specially written queries. After writing an automated script to repeatedly query the site, they downloaded the addresses, and then handed them over to Gawker.com. Now the FBI is trying to figure out whether this was a crime. US law prohibits the unauthorized accessing of computers, but it is unclear whether the script that the Goatse group used violated the law, said Jennifer Granick, civil liberties director with the Electronic Frontier Foundation. 'The question is, when you do an automated test like this, [are you] getting any type of unauthorized access or not,' she said. If it turns out the data in question was not misused, it is unlikely that federal prosecutors will press charges, she added."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

209 comments

Frosty piss (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#32531332)

for the lulz!

Re:Frosty piss (-1, Offtopic)

logjon (1411219) | more than 3 years ago | (#32531612)

This is not offtopic. 'I did it for the lulz' is always a valid defense.

Lame (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#32531924)

Hope the GNAA doesn't get pwned by the jew-occupied united states government.

Re:Lame (0)

Anonymous Coward | more than 3 years ago | (#32532200)

GNAA, Beloved Slashdot trolls, seems to have passed away (or, well, grown up). TFS mentions goatse and no GNAA troll? No ASCII art goatse? This isn't the Slashdot of my youth.

Actually, /. crapflooders (they weren't really trolls) have all but vanished - what do you think, did /. moderation finally work, or was it the creation of the Chans?

Reegulatiooon Ree gulatiioon of noo retuuurnn (1)

unity100 (970058) | more than 3 years ago | (#32531334)

At&T needs one. else, they will 'regulate' all of us, as they see fit.

No relation (4, Funny)

Anonymous Coward | more than 3 years ago | (#32531342)

"The FBI is aware of these possible computer intrusions and has opened an investigation into addressing the potential cyberthreat," said Lindsay Godwin

Fucking Nazis.

Re:No relation (1)

Ethanol-fueled (1125189) | more than 3 years ago | (#32531382)

Hey, at least the GNAA -- er -- Goatse Security didn't steal 1.5 million [aaronsw.com] dollars worth of free information by "hacking" a public library computer with that malware called Perl that was already installed on it.

Sometimes it's hard to be mad at the FBI, though -- they're just like the bumbling idiots who play them on TV -- except that the ones on TV are at least somewhat lovable. Actually, I'm kinda surprised, because I thought they just trolled Torrents and Limewire all day looking for CP and other i.p.'s to refer to the RIAA's litigation machine. Actually, I'm not at all surprised, because they wouldn't have cared if it weren't their spying buddy ATT.

Re:No relation (2, Interesting)

penix1 (722987) | more than 3 years ago | (#32531886)

US law prohibits the unauthorized accessing of computers, but it is unclear whether the script that the Goatse group used violated the law, said Jennifer Granick, civil liberties director with the Electronic Frontier Foundation. 'The question is, when you do an automated test like this, [are you] getting any type of unauthorized access or not,' she said. If it turns out the data in question was not misused, it is unlikely that federal prosecutors will press charges, she added."

There is a problem with that line of logic. As I see it,IANAL and all, they got them on at least one violation of the law. That violation was the initial intrusion which they can't argue was a script. Also, since when is an intrusion with the intent to obtain information they should know they are not entitled to considered a "test"?

Re:No relation (3, Interesting)

aliquis (678370) | more than 3 years ago | (#32532018)

Uhm..

They aren't arguing that the script may not be unauthorized access because it was automatic and that only the first attempt would be illegal because they did it in person.

They where rather arguing that visiting that page once and get an e-mail address may be something you just happen to do, but writing a script which fetches lots of e-mail address would be abusing the system / doing something you shouldn't do.

Personally I think "they should know they are not entitled to" is very weak juridical term/claim/charge/whatever. I can't see how visiting a web page which return data it's supposed to return (as in not trick it with malign data) could be a crime. If you don't want people to access the web page don't put it up for them to watch.

And yeah, if anything I think AT&T would become the ones in the hot seat for making it possible and leak the information in first place.

Re:No relation (1)

AHuxley (892839) | more than 3 years ago | (#32532072)

Stonewall and do a Google "As we have said before, this was a mistake".
Our lawyers will get back to the FBI some time ..
Equal protection and due process for all :)

sheesh (5, Funny)

Izabael_DaJinn (1231856) | more than 3 years ago | (#32531344)

I've always had problems with my ipads leaking

Re:sheesh (0, Funny)

Anonymous Coward | more than 3 years ago | (#32531736)

I think you have your products mixed up. Easy mistake to make, given what a cunt Steve Jobs is.

Re:sheesh (-1, Troll)

Anonymous Coward | more than 3 years ago | (#32531862)

given what a nigger Barack Hussein Obama is.

FTFY

Ha ha, I love the genius of the hackers' name (5, Funny)

apparently (756613) | more than 3 years ago | (#32531366)

Hackers belonging to a group called Goatse obtained the e-mail addresses after uncovering a web application on AT&T's website that returned an iPad user's e-mail address when it was sent specially written queries

My heart goes out to the poor journalists heading out to the great google in order to get their big scoop on goatse.

Re:Ha ha, I love the genius of the hackers' name (5, Funny)

arkenian (1560563) | more than 3 years ago | (#32531394)

My heart goes out to the poor journalists heading out to the great google in order to get their big scoop on goatse.

I'm just trying to imagine what the first story to try to describe the origin of the name will say...

Re:Ha ha, I love the genius of the hackers' name (5, Funny)

Anonymous Coward | more than 3 years ago | (#32531602)

My heart goes out to the poor journalists heading out to the great google in order to get their big scoop on goatse.

I'm just trying to imagine what the first story to try to describe the origin of the name will say...

Like a giant gaping security flaw...

Re:Ha ha, I love the genius of the hackers' name (-1)

Anonymous Coward | more than 3 years ago | (#32532020)

it will say that i fucked your mother cuz she's a cum guzzling gutter slut, now stfu. her vagina looks like the goatse guy's asshole but its okay i last a good long time fucking her poon. she can suck a basketball thru a garden hose. your mama's a slut.

Re:Ha ha, I love the genius of the hackers' name (0, Troll)

GuruBuckaroo (833982) | more than 3 years ago | (#32532114)

OK, seriously. Why do people post things like this? I'm actually curious. It can't be "for the lulz", 'cause nobody's laughing - they're all thinking "god what an idiot this guy is". What possible purpose could you have for doing this? It's not even like you're getting some kind of notoriety out of it, 'cause you're posting as AC. I honestly can't think of any reason so much of this kind of pap gets posted here, or on any open forum. It baffles me.

Re:Ha ha, I love the genius of the hackers' name (0)

Anonymous Coward | more than 3 years ago | (#32532126)

It can't be "for the lulz"

The receiver of the "lulz" merely has to be the originator. So that blows your theory out of the water.

Also: Your mother's a whore.

Re:Ha ha, I love the genius of the hackers' name (4, Insightful)

DJRumpy (1345787) | more than 3 years ago | (#32531442)

I don't know if I would call them journalists:
Title: Apple's Worst Security Breach
"Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking."

This is squarely AT&T's fault, yet the first paragraph implies it was "Apple Worst Security Breach". I also like how they imply that a spammer getting your e-mail address is the be-all-end-all of hacking. Really? These folks have never seen spam before? How will they venture out onto the internet without feeling exposed and dirty? Oh wait. They get a new e-mail address. *sigh*

Re:Ha ha, I love the genius of the hackers' name (4, Interesting)

Anonymous Coward | more than 3 years ago | (#32531860)

If it was any other company I'd agree with you, however this is Apple, and the fact that they tightly control who sells their product and how, I would expect some kind of oversight. You think if Vodafone got a bunch of iPads and was selling them at $1 on a 5 year plan that apple wouldn't shit itself?
They got themselves into their own self policed walled garden, now they have to deal with it. It was a security breach at a carrier inside the walled garden... deal with it.

And yes, email addresses are valuable information. Sure, not as bad as SSNs, but would you post your email address on a billboard? Why do you think websites, companies etc keep their customer emails under lock and key? because it's a valuable information

Re:Ha ha, I love the genius of the hackers' name (2, Insightful)

SoupIsGoodFood_42 (521389) | more than 3 years ago | (#32532074)

You think if Vodafone got a bunch of iPads and was selling them at $1 on a 5 year plan that apple wouldn't shit itself?

As long as Vodafone paid Apple what they agreed upon, I doubt Apple would care. Why would they?

The security breach was with AT&T, because it was on their servers and only affected their customers.

Re:Ha ha, I love the genius of the hackers' name (0, Flamebait)

PBoyUK (1591865) | more than 3 years ago | (#32532176)

Because it cuts into two of Apple's core user segments:

1.) People who like to pay far more than something is actually worth.
2.) Exclusivity. To their userbase, an Apple product is a statement of who you are. IE, someone with more money than sense and probably homosexual (*). If everyone started picking up $1 iPads, they wouldn't be so special anymore.

* A funny aside, when the iPhone was new, Stephen Fry was doing an interview on Top Gear, espousing its virtues, and in particular talking about gaydar app that he found very useful. I fear though that this particular app may have fallen foul of App Store policy, as it would no doubt be duplicating functionality already present - in the hardware, no less.

Re:Ha ha, I love the genius of the hackers' name (1, Troll)

WoRLoKKeD (1142351) | more than 3 years ago | (#32531468)

I for one hope this is taken further, then someone releases the fact that these Goatse guys are the good guys.

How often do you see an opportunity for a headline to read "GOATSE INCIDENT BLOWN WIDE OPEN!"?

Follow up Report (0)

Anonymous Coward | more than 3 years ago | (#32531678)

Apple Plugging the Gap Exposed by GOATSE!

Steve Jobs says he is using a hands on approach!

The jokes just write themselves!

Re:Follow up Report (1)

oldspewey (1303305) | more than 3 years ago | (#32531940)

The jokes just write themselves!

"Some people say our app store rules are dark and impenetrable, so we're opening things up in order to give everyone a better look at the internal workings."

Re:Ha ha, I love the genius of the hackers' name (0)

Anonymous Coward | more than 3 years ago | (#32531516)

Oh come on... the background images weren't THAT bad.

Re:Ha ha, I love the genius of the hackers' name (1)

Kitkoan (1719118) | more than 3 years ago | (#32531592)

Hackers belonging to a group called Goatse obtained the e-mail addresses after uncovering a web application on AT&T's website that returned an iPad user's e-mail address when it was sent specially written queries

My heart goes out to the poor journalists heading out to the great google in order to get their big scoop on goatse.

Well, according the the story about the leak yesterday, the official description is 'the group is steeped in off-the-wall, 4chan-style internet culture—its name is a reference to a famous gross-out Web picture' [gawker.com] I don't see many people looking it on Google... unless your only reading /.'s summery.... I personally preferred the one description of 'a picture of a man stretching his anus to 'olympic' proportions'. Just calling it 'olympic' proportions is a bad mental image enough.

Re:Ha ha, I love the genius of the hackers' name (1)

noidentity (188756) | more than 3 years ago | (#32531636)

I don't think it's so funny. These hackers are diminishing goatse's good reputation.

Re:Ha ha, I love the genius of the hackers' name (1)

aliquis (678370) | more than 3 years ago | (#32532062)

Just as long as they don't take it too far and go after GNAA, that would be racism!

Re:Ha ha, I love the genius of the hackers' name (0)

Anonymous Coward | more than 3 years ago | (#32532136)

No worries, from their site http://security.goatse.fr/ [goatse.fr]:

Goatse Security is a wholly owned subsidiary of the GNAA.

I'm just hoping we capture the event ... (1)

Krishnoid (984597) | more than 3 years ago | (#32531660)

They are journalists, after all. I hope people are ready with their cameras to contribute to the wonderful collection of humanity that is first goatse [flickr.com] before the surprise value is lost from reading about it in the press.

Stay classy, Reuters (5, Funny)

l00sr (266426) | more than 3 years ago | (#32531804)

Dare I say Reuters has figured it out, with this story image [reuters.com].

Re:Stay classy, Reuters (0)

Anonymous Coward | more than 3 years ago | (#32531948)

"probing" lol

I applaud this hacker group (5, Funny)

Nicky G (859089) | more than 3 years ago | (#32531384)

No, not for revealing a potentially dangerous flaw in AT&T security. What-evs.

I heard and read the word Goatse more today in the mainstream media than all points of my life added together, and I can only imagine how many lives were ruined by the ensuring Google searches! Hahahahahah!!!!!!!

Re:I applaud this hacker group (5, Funny)

inode_buddha (576844) | more than 3 years ago | (#32531784)

I've long fantasized about renting a billboard along the I-90 and putting www.goatse.cx on it. No image or anything, just the URL.

Gaping hole in their security (0)

Anonymous Coward | more than 3 years ago | (#32531386)

They might as well have bent right over for this one.

I'm still married to my iPad though. I'm keeping the wedding ring on, if you know what I mean.

Not you too, Slashdot (4, Informative)

Kashell (896893) | more than 3 years ago | (#32531390)

These guys aren't hackers. They are security advisors. They are the good guys. I suppose the editors didn't bother, you know, clicking a few links?

Here, I've done your homework. Was it that hard?

http://security.goatse.fr/blog/

>>
"Anyways, there was no illegal activity or unauthorized access, this was not a shady backroom hookers and blow deal with Nick Denton as revenge for the iPhone raid (though that would be totally sweet), we did not sell your data to spammers (on the contrary, we destroyed it after Ryan used it; it had served its purpose to us) and we did not try to hack your iPads. Your iPads are safer now because of us."
>>

Re:Not you too, Slashdot (5, Insightful)

arkenian (1560563) | more than 3 years ago | (#32531422)

These guys aren't hackers. They are security advisors. They are the good guys. I suppose the editors didn't bother, you know, clicking a few links? Here, I've done your homework. Was it that hard?

I'm sorry, but googling 'goatse' was not on the list of activities I had planned for the night. I mean, seriously? This said, you have my admiration for your fortitude and thanks for the sacrifices for the cause.

Also, really, with a name like 'goatse' most people aren't going to automatically leap to the idea of it being a white-hat group.

Re:Not you too, Slashdot (0)

Anonymous Coward | more than 3 years ago | (#32531434)

Note to technology backwards prosecutors, if you were not asked for a password then it wasn't unauthorized.

Re:Not you too, Slashdot (4, Insightful)

rolfwind (528248) | more than 3 years ago | (#32531456)

Hacker is not a term that means you are the bad guy although it conjures the fear in the ignorant (i.e. the general public). It just meant someone who hacks.

This was a hack.

http://en.wikipedia.org/wiki/Hack_(technology) [wikipedia.org]

Re:Not you too, Slashdot (3, Informative)

blackraven14250 (902843) | more than 3 years ago | (#32531478)

It wasn't reconfigured or reprogrammed to change the function of the script on AT&T's website. The system was doing exactly what it was intended to do, give the iPad information as a number was given to the script. It gave the information to the wrong people, because the script was public, but that doesn't qualify. These guys didn't change anything on AT&T's side, just utilized tools that were already there.

Re:Not you too, Slashdot (2, Insightful)

Wuhao (471511) | more than 3 years ago | (#32531462)

I have to admit, I had to ignore years of experience with Internet forums to follow a link to "goatse.fr."

Re:Not you too, Slashdot (2, Informative)

DJRumpy (1345787) | more than 3 years ago | (#32531488)

They may have discovered it, but they didn't report it to AT&T. From TFA:

"The person or group who discovered this gap did not contact AT&T."

Not that 'good' in my opinion.

Someone is lying, who do you think it is? (4, Interesting)

KingSkippus (799657) | more than 3 years ago | (#32531780)

They may have discovered it, but they didn't report it to AT&T.

...According to AT&T. Someone is lying. From TFA [gawker.com]:

Goatse Security notified AT&T of the breach and the security hole was closed.

Then later in the article:

AT&T sent us a statement...: "The person or group who discovered this gap did not contact AT&T."

Personally, I think that AT&T is a sack of douchebags that doesn't know their ass from a hole in the ground, and when choosing who to believe between AT&T and just about anyone else, I'm inclined to believe anyone else. I'd bet dollars to doughnuts that someone did indeed notify AT&T, but now they're trying to cover their ass and make it sound like they somehow proactively found the hole themselves.

Re:Someone is lying, who do you think it is? (1)

oddTodd123 (1806894) | more than 3 years ago | (#32532084)

This is how it all started:

AT&T is a sack of douchebags that doesn't know their ass from a hole in the ground

They heard "goatse" could help them with their problem...

now they're trying to cover their ass

After news of this broke, they are now claiming...

they somehow proactively found the hole themselves.

Re:Someone is lying, who do you think it is? (5, Informative)

OverlordQ (264228) | more than 3 years ago | (#32532116)

From their 'goatse security' homepage (before they edited it)

g0udatron[gapp]: Perl/PHP/js/c/objc/c++ pirate. m68k/z80/mips/x86 asm. series 7, series 66, series 62, series 42 licensed Texas broker. Bane of EFnet #anxiety and co-founder of the CUSSE certification track.

Hurm, what's this CUSSE?

Certified Unethical Security Systems Expert

Huuuuurm?

CUSSE Principles
        * Keeping 0-Days Private
        * IRC
        * Taking down Whitehats
        * Poor Netiquitte
        * Hacking the Planet
        * Ruin
        * No Disclosure
        * Mayhem
        * Nobody is Safe
        * Info is Money
        * Destruction
        * Only Death Saves You
        * Conf

Yup, they sound perfectly professional and believable.

Re:Someone is lying, who do you think it is? (2, Informative)

Krusty_Klown (533651) | more than 3 years ago | (#32532218)

The guy admitted in a cnet interview that he did NOT tell AT&T for fear of them coming after him. link [cnet.com]

Re:Not you too, Slashdot (1)

TubeSteak (669689) | more than 3 years ago | (#32532042)

They may have discovered it, but they didn't report it to AT&T. From TFA:

"The person or group who discovered this gap did not contact AT&T."

Not that 'good' in my opinion.

"Good" is a relative thing.
Companies would rather have you never disclose their flaws to the public.
OTOH, the public is at least as well served by publicly embarrassing them.

There merits of full vs responsible/non- disclosure have been debated since the 1800s
and if the totality of your contribution is "Not that 'good' in my opinion,"
then you really haven't added much to the discussion.

Think of the iPad e-mail leak as an oil spill.
It's 'big', it's public, and it'll definitely cause changes in security to be made.

Re:Not you too, Slashdot (3, Insightful)

Fartypants (120104) | more than 3 years ago | (#32531504)

These guys aren't hackers. They are security advisors. They are the good guys.

So, if you were one of the people who had their personal email leaked, would you be thanking the good guys right now for doing it? It's sort of like if a security consultant pushed somebody through a broken railing to "demonstrate" the flaw in security. Couldn't they have just called AT&T and pointed it out? Or would that not have been rad enough?

Re:Not you too, Slashdot (0)

Anonymous Coward | more than 3 years ago | (#32531526)

Contacting ATT...

- not rad enough? ... maybe

- not getting this fixed? ... for sure (out of sight, out of mind)

Re:Not you too, Slashdot (0)

Anonymous Coward | more than 3 years ago | (#32531562)

One reason for playing sentimental about the "emails" is because your the software engineer who wrote such bad stuff.. A good lawyer views a contract and leverages off its features.. so do good software engineers

Re:Not you too, Slashdot (0)

Anonymous Coward | more than 3 years ago | (#32532164)

So, if you were one of the people who had their personal email leaked, would you be thanking the good guys right now for doing it?

Yes I would.

In this case I would argue the people involved deserved it (given the track record and my personal opinion of the company they were dealing with). Not so much that they deserved ill on them... but that they pretty much had it coming.

And yes: I've never had my personal email leaked.... but I have had my SSN, name, and address leaked along with employer info... So if you think I'm a hypocrite... well I'm not.

These were just email addresses, idiots. Get over yourself, fucktards.

Re:Not you too, Slashdot (1, Troll)

aliquis (678370) | more than 3 years ago | (#32532188)

So, if you were one of the people who had their personal email leaked, would you be thanking the good guys right now for doing it?

From http://security.goatse.fr/blog/ [goatse.fr]:

We did not contact AT&T directly, but we made sure that someone else tipped them off and waited for them to patch until we gave anything to Gawker. This is as “nice guy” as it gets. We had no interest in direct dialogue with AT&T, but we waited nicely for them to get their house in order and get their hole plugged tight before exposing it.

So they didn't contact AT&T directly, probably to stay anonymous from any kind of investigations or such, but they still tipped of AT&T indirectly before the article and most likely did not spread the information further. Gawker got it for their article, AT&T got to close the leak and that's it.

So yeah, definitely good guy approach to me.

ole (4, Funny)

britneys 9th husband (741556) | more than 3 years ago | (#32531398)

AT&T needs to fix this wide, gaping hole that has been stretched open on their website before more iPad email addresses are exposed.

Re:ole (0)

Anonymous Coward | more than 3 years ago | (#32531724)

Well thank goodness they have the Federal Bureau of Investigation running this investigation. How appropriate. For a moment there I was worried they might hire BP for the job, and we all know how bad THEY are with leaks.

assholes (5, Insightful)

xaoslaad (590527) | more than 3 years ago | (#32531426)

This country is so egregiously fucked up it isn't funny. AT&T puts 114,000+ users info on the internet and that's OK. No investigation. Someone pulls it from their site and they get hunted down like a witch.

FUCKED! UP!

Re:assholes (2, Interesting)

$RANDOMLUSER (804576) | more than 3 years ago | (#32531494)

I think "embarrassing the FBI's (corporate) domestic surveillance wing" is the crime being investigated here.

Re:assholes (0)

Anonymous Coward | more than 3 years ago | (#32531600)

AT&T puts 114,000+ users info on the internet and that's OK. No investigation. Someone pulls it from their site and they get hunted down like a witch.

Parent has a point. From what I understand, the emails were obtained through simple URL rewriting. The information was already public. If this is criminal, so is anybody who edits the URL bar to go somewhere that the site owner did not explicitly link to.

Re:assholes (1)

Ethanol-fueled (1125189) | more than 3 years ago | (#32531718)

If this is criminal, so is anybody who edits the URL bar to go somewhere that the site owner did not explicitly link to.

inb4 404

Re:assholes (2, Insightful)

Simmeh (1320813) | more than 3 years ago | (#32531746)

Agreed, if this happened in Europe there could have been an investigation into the failure to protect the users data. Instead, a group who made the flaw public is being investigated. Fact is, they might not of been the first to harvest this data, not that AT&T will ever admit otherwise.

Re:assholes (1)

vlueboy (1799360) | more than 3 years ago | (#32531870)

Parent has a point. From what I understand, the emails were obtained through simple URL rewriting. The information was already public. If this is criminal, so is anybody who edits the URL bar to go somewhere that the site owner did not explicitly link to.

Just a day ago someone posted about a UK conviction of a man for appending this to a URL:

../../

So, yes. The world can deem you a criminal for using features of technology that are supposed to be obscure; it doesn't make it any less of an attack for doing so. Getting caught with your hand in a cookie jar just is bad, but not necessarily for morally righteous reasons.

Knowledge of science doesn't mean the whole world is your playground (paraphrased from Fringe)

Re:assholes (1)

MichaelSmith (789609) | more than 3 years ago | (#32531960)

I think the interpretation of the law is wrong in that case because there are many situations where it is appropriate to append ../../ to a URL. How is the person browsing the site expected to know the difference?

Re:assholes (1)

vlueboy (1799360) | more than 3 years ago | (#32532086)

I think the interpretation of the law is wrong in that case because there are many situations where it is appropriate to append ../../ to a URL. How is the person browsing the site expected to know the difference?

This is a very specific case, but your question's answer is: The GUI does not prevent them from entering the special string. However, the GUI discourages this by providing a perfectly usable Home/Forward/Back button [even "Up" in Konqueror]. For most non-savvy John Doe users like the convicted "criminal," pages have their own hyperlinks and pictures to navigate the site.

In dumbing down interfaces and savvy expectations, the UK and anyone else can criminalize and label as misuse what is technologically allowed by the system. Example? AT&T plus "illegal" iPhone tethering.

Re:assholes (1)

phantomfive (622387) | more than 3 years ago | (#32531750)

It's more than that. If AT&T had wanted to, they could have put up a public API with the same info and let people use it for a fee, if they'd wanted to. Not only is what they did not illegal, but it is a legal way to make profit if they'd wanted to.

Re:assholes (0)

Anonymous Coward | more than 3 years ago | (#32532174)

How private are email addresses really? Not like we are talking SSNs and CC numbers.

"Not misused"? (1, Insightful)

Anonymous Coward | more than 3 years ago | (#32531534)

How is handing email addresses over to Gawker (i.e. a third party) anything other than misusing them?

Re:"Not misused"? (1)

Dr Herbert West (1357769) | more than 3 years ago | (#32531684)

Mod parent up. I find the whole "front door unlocked" aspect of the iPad to be a legit, hilarious target of asshole hacker spam and kind of a dealbreaker functionality wise (gee, I guess maybe now I won't buy one)... but you can't say you're one of the good guys if you pass data on to the internet equivalent of the Nat. Enquirer.

If I find a wallet on the floor, and I don't immediately look around and yell "whose wallet is this?" or give it to the nearest cop (however, the last time I did that, the cop told me to take the money out and drop the rest in a mailbox or else someone at the post office would "steal" it, ) it's reasonable to assume I have planned to keep it.

Re:"Not misused"? (0)

Anonymous Coward | more than 3 years ago | (#32531900)

+1 informative
+2 sad

Thanks, man. At least that way the wallet's owner has some chance of recovering his cash by retracing their steps.
I guess inaction is the best.

Re:"Not misused"? (1)

exomondo (1725132) | more than 3 years ago | (#32531758)

What resulting damage occurred to anyone who's data was leaked by AT&T? How did they abuse the data they collected? Seems to me that it wasn't misused at all.

AT&T - not Apple (0, Redundant)

bokmann (323771) | more than 3 years ago | (#32531690)

I realize saying AT&T made the headline more sensational, but really - RTFA and you'll see this is AT&T's data breach, NOT Apple's. If AT&T had lax security on some other database, would this have been classified a data breach by RIM or Motorola?

No, because that wouldn't have been very interesting.

Re:AT&T - not Apple (1, Informative)

Anonymous Coward | more than 3 years ago | (#32531814)

I realize saying AT&T made the headline more sensational, but really - RTFA and you'll see this is AT&T's data breach, NOT Apple's

Please explain the logic underlying this sentence.

Why is this "news"? (2, Insightful)

manicbutt (162342) | more than 3 years ago | (#32531692)

It's not a hack, it's only indirectly related to Apple (despite Gawker's attempts to paint it otherwise), and the government email addresses that were "exposed" are public anyway. It's not difficult for me to send email to Rahm Emanuel. Goatse's brute force script isn't that interesting (see http://praetorianprefect.com/archives/2010/06/114000-ipad-owners-the-script-that-harvested-their-e-mail-addresses/ [praetorianprefect.com]) so why are we wasting so much time on this non-story?

Re:Why is this "news"? (1)

AHuxley (892839) | more than 3 years ago | (#32532144)

"force script isn't that interesting" - Goggle is learning that too, so is MS and the US mil.
How complex, encrypted and expensive does a backend have to be before the FBI and US law spins up?
From Google to a UFO hunter to a telco database, it seems the US wants very flexible laws.
Enter a mil MS network with a script its a hack, collect packets from wifi networks without permission, its a mistake, run a brute force script on a telco and its a .... ????
Most parts of the world sorted their cyber crime laws out a long time ago.
Not your network, your in trouble.

Downloading 114k users != white hat (3, Insightful)

Anonymous Coward | more than 3 years ago | (#32531720)

A white hat would see the hole, download a few to verify, write a script as a proof of concept and verify that the script worked, and then report the hole to AT&T. Downloading over 100,000 email addresses and sending them to the press is NOT what responsible security researchers do.

Leaky iPads? (-1, Redundant)

RevWaldo (1186281) | more than 3 years ago | (#32531950)

People oughta be gettin' them iPads with the iWings instead, amiright? Hi-five!....

...c'mon yer leavin' me hangin'...

.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...