×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Lulzsec Member Raynaldo Rivera Pleads Guilty To Sony Pictures Breach

timothy posted about a year and a half ago | from the ok-at-first-I-thought-I-was-innocent dept.

Crime 81

hypnosec writes "Raynaldo Rivera has pleaded guilty at the US District Court for the Central District of California to hacking the Sony Pictures Entertainment website in May 2011. The 20-year-old in his plea agreement revealed that he joined Lulzsec in May of last year in a bid to help the hacking collective carry out cyberattacks on governments and businesses. Rivera, who surrendered to the FBI on August 28 this year, admitted that he was the one who launched an SQL injection attack against sonypictures.com that enabled him to extract confidential information from the website's database."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

81 comments

frist psot (0)

Anonymous Coward | about a year and a half ago | (#41639001)

it makes it sound like he did it single handedly, he didnt.

both anonymous and lulzsec trashed them multiple times

Re:frist psot (1)

kiep (1821612) | about a year and a half ago | (#41640603)

to me it sounds like he was tortured to say what they want him to say or it is just a theater ...it is silly to think that he could crack sony and couldn't crack some wifi somewhere and never to be found ...or he was just a script kiddie that got the script and pressed enter...

Re:frist psot (0)

Anonymous Coward | about a year and a half ago | (#41640693)

to me it sounds like he was tortured to say what they want him to say

To me it sounds like you're a conspiritard.

Of course he did (0)

Anonymous Coward | about a year and a half ago | (#41639025)

he was guilty.

Well, he should plead guilty of wasting my time (2)

olsmeister (1488789) | about a year and a half ago | (#41639033)

After I spent an hour of my life watching him open Al Capone's empty vault.

Re:Well, he should plead guilty of wasting my time (0)

Anonymous Coward | about a year and a half ago | (#41644787)

ROAD MAPS!

Rookie mistake (0)

Anonymous Coward | about a year and a half ago | (#41639045)

He should have covered his tracks better'; DROP TABLE session; --

Re:Rookie mistake (0)

Anonymous Coward | about a year and a half ago | (#41639055)

Phuket Thailand, you're so smart you should be in prison

Re:Rookie mistake (0)

Anonymous Coward | about a year and a half ago | (#41639417)

zingggggggggggg

Re:Rookie mistake (0)

Anonymous Coward | about a year and a half ago | (#41639155)

He should have covered his tracks better'; DROP TABLE session; --

No the rookie mistake is setting up a server incorrectly so that SQL injection attacks are even possible.

I mean for fuck's sake. This isn't some mom&pop startup on a shoestring budget. Sony can afford better expertise than whoever the hell created their site.

This guy Rivera should not be prosecuted. Sony should be fined, for negligence. Oh and they are lucky the average person doesn't really understand this kind of exploit, else even more people would think of them as incompetent.

Re:Rookie mistake (2)

spiffmastercow (1001386) | about a year and a half ago | (#41639587)

How do you set up a server to prevent SQL injection? That's a systematic failure in the web app, not a flaw in the DB configuration.

Re:Rookie mistake (0)

Anonymous Coward | about a year and a half ago | (#41640191)

It's quite clear that by "setting up the server" AC was referring to the web app, not the DB configuration.

I agree that the fact that SQL injection was even possible indicates negligence, but that's something for which Sony might go after their contractors in civil court. It doesn't really excuse Rivera.

Re:Rookie mistake (0, Interesting)

Anonymous Coward | about a year and a half ago | (#41640231)

By not hiring PHP Kiddies out of college, that is how.
PHP deliberately by design makes you write awful SQL-injection vulnerable code. It should be banned.

And don't dare tell me that a good developer knows how to use a language right, having to memorize a trillion exceptions is NOT PROGRAMMING.
PHP is hammering a nail with a sandwich.
Every other language I can think of, EVEN LOLCODE, has a purpose, PHP has none, every other language it tried to copy is already better at the job.
OH BUT ITS OPEN, to hell with open. I'd rather have a competent language than stupid developers who can't even understand what the === operator was supposed to do. That entire thing was embarrassing.
PHP is beyond repair, too many idiots contribute to it now. That is why everyone who helped create it pretty much abandoned all hope.

Re:Rookie mistake (0)

Anonymous Coward | about a year and a half ago | (#41640433)

Every other language I can think of, EVEN LOLCODE, has a purpose, PHP has none

Don't confuse ideology with purpose. Many languages is based on an idea of how you should structure a program or how you should approach problems.
PHP has a very clear purpose, it's specifically made for people to be able to throw together shit quickly, in a way you can say that PHP is the Visal Basic of the web.
If you just need something working quickly and you don't intend to maintain the application and it's nothing too advanced then PHP and VB are viable choices. If you try to do something complex or something that you are going to have running for a couple of years then you are setting yourself up for a major clusterfuck of problems if you use one of those two.
Apart from that the only thing they have going for them is that they are more maintainable than Piet [wikipedia.org] and more readable than Whitespace [wikipedia.org] code.

Re:Rookie mistake (0)

Anonymous Coward | about a year and a half ago | (#41641923)

By not hiring PHP Kiddies out of college, that is how.
PHP deliberately by design makes you write awful SQL-injection vulnerable code. It should be banned.

http://php.net/manual/en/pdo.prepared-statements.php

SONY was breached a bunch of times (3, Informative)

gelfling (6534) | about a year and a half ago | (#41639049)

They clearly learned nothing and refused to learn anything or do anything. Lemme guess, SONY is run by copywrite attorneys and Hollywood 'content' types.

Re:SONY was breached a bunch of times (5, Interesting)

gweihir (88907) | about a year and a half ago | (#41639331)

Actually this problem is typically caused by MBA "beancounters" that do not have any skills or object knowledge with regard to the things they decide. They are also characterized by a hugely inflated ego and self-assessment. What then happens is best described as "save a penny, lose a million". Add to hat that external and independent security reviews are not done or only companies with no ethics are selected ("the customer is always right" is the road to hell in security evaluations) or reports are blatantly ignored. That is how Fuckupshima happened, that is how RSA was compromised (and why are they still in business????), that is why Sony was conceptually unable to even understand what happened to it.

Only solution: Massive corporate liability (They got your account hacked and cannot prove IT Sec due diligence? $1000 per count to the affected customer, unless the customer can prove even higher damage.) coupled with personal liability on the highest level (No external reviews? Glaring security holes not even looked for or ignored? CTO, CIO and CSO go to jail for a few years. If they can prove being blocked by the CEO and cooperate fully in the investigation, 30% sentence reduction, still at the very least 2 years they have to serve, and CEO goes to jail for a long time. All also have their salary and bonuses impounded for the time they did not perform.) Add to that surprise audits from time to time that have much the same impact if glaring security problems are found.

Of course, this will not happen. It would require a honest and competent government to put something like that in place. They do not exist, except occasionally in small countries.

Re:SONY was breached a bunch of times (0)

arnoldo.j.nunez (1300907) | about a year and a half ago | (#41639625)

Let's see start with an ad hominem with a questionable premise (if the person doesn't have any skills or "object knowledge" about the things they decide the competition would eat them up fast). More ad hominem.

The heart of the solution sounds good to me, but the particulars given seem a bit extreme. I would think if a customer wants the kind of security where someone's life is on the line then the customer would have to pay a lot. Salary being tied to performance sounds possible. Surprise audits sounds unreasonable. Why is IT security top priority?

Followed by cynicism and jumping to a conclusion.

Re:SONY was breached a bunch of times (1, Informative)

gweihir (88907) | about a year and a half ago | (#41639685)

No ad hominem here. I am saying MBAs are the problem because of the way they are educated. The arrogance and inflated sense of self-worth is actually part of many MBA programs as the training providers want to inflate the worth of their programs. Ad hominem would be something like "MBAs have poor personal hygiene, hence they are the problem".

IT security is top priority, because if you build on sand, you never create anything of longer-term worth.

Re:SONY was breached a bunch of times (0)

Anonymous Coward | about a year and a half ago | (#41640877)

do you have an MBA or attended business grad school? Which and where?

Re:SONY was breached a bunch of times (1)

gweihir (88907) | about a year and a half ago | (#41653801)

Now that _is_ ad hominem thinly veiled. Idea: "You do not have an MBA, so you are no able to judge."

Re:SONY was breached a bunch of times (1)

kamapuaa (555446) | about a year and a half ago | (#41639661)

Right, what we need is a government body determining which computer security holes are worth sending people to jail for three years. Of course, even nuclear programs have been hacked successfully, so basically every single person involved with a computer system needs to become liable for something or another, and sent off to jail.

Re:SONY was breached a bunch of times (1)

gweihir (88907) | about a year and a half ago | (#41639741)

The question is not whether you get hacked or not. The question is whether you had reasonable security in place or not. If you do not have reasonable security, you should be liable for any and all damage and punished for endangerment. The way some (many) organizations are handling IT security today is like running a nuclear facility without a fence or security guards. Sure, even these do not keep everybody out, but not having them is inviting a catastrophe and should have dire consequences for the bean-counters that saved money in the wrong place.

The way to do reasonable IT security is simple: Follow best practices, have regular external reviews, implement the recommendations. If you do that, I do not propose you are liable when you get hacked anyways. I just propose you become liable when you think you can get away without spending the money needed for reasonable security.

Re:SONY was breached a bunch of times (0)

Anonymous Coward | about a year and a half ago | (#41640065)

Of course, this will not happen. It would require a honest and competent government to put something like that in place. They do not exist, except occasionally in small countries.

Fortunately, any small country that tries to avoid external debt to international banks and has a leader that sees bowing down to external pressures as unacceptable will sooner or later be declared a country of terrorists or a country run by sociopathic dictator.

Re:SONY was breached a bunch of times (0)

Anonymous Coward | about a year and a half ago | (#41641653)

Actually this problem is typically caused by MBA "beancounters" that do not have any skills or object knowledge with regard to the things they decide. They are also characterized by a hugely inflated ego and self-assessment.

It is ironic that you deliver this assessment of MBA education, while having no skills or object knowledge of said topic yourself. One might even say you have a hugely inflated ego and self-assessment.

MBA skills are useful. They are not the only useful skills in the world, but if you believe MBA knowledge is useless, you are a cretin and frankly, pretty dumb.

To the intelligent slashdot reader I would suggest that augmenting your geek skills with an MBA is an excellent way of increasing your career opportunities, increasing your income and in general increasing the wealth you are able to produce in the world. An MBA will give you an understanding of business that you, dear reader, with your superior geeky intellect, will surely make good use of.

Live long - and prosper.

Re:SONY was breached a bunch of times (0)

Anonymous Coward | about a year and a half ago | (#41647465)

The obvious solution is to switch to test driven development. The client/customer tells the development team all the things the product/program has to do, then you hire 3 code monkeys straight out of high school/college. One writes all the "tests" to make sure them program does everything the client/customer asked for, and the other two write the code.

If the client doesn't ask for each prompt/user input to be able to handle bad input correctly including "; DROP TABLES", then the responsibility is entirely the client/customers fault. If the don't ask to make sure that the response and the time to give the response for invalid, invalid but locked out, and locked out but valid is exactly the same then it is the client/customer fault. If the client/customer doesn't read all the patch and security notes on every part of the hardware/software stack required for their solution and convey the need to make sure every hole is plugged in detail, it is their fault.

One of the many reasons that TDD and most "agile" development techniques are such crap today is because it allows crappy programmers to provide crappy code and try and pass it off as being decent. Until the crap hits the fan, of course.

Re:SONY was breached a bunch of times (0)

Anonymous Coward | about a year and a half ago | (#41639439)

FBI plea bargain so it makes them look good :-)

Re:SONY was breached a bunch of times (1)

tlhIngan (30335) | about a year and a half ago | (#41639595)

I suppose the worst part is well, he's the only one caught.

Remember when Sony shut down PSN? It wasn't because they detected a breach, but because they found a bunch of people getting free DLC. Yes, free DLC. Basically people were turning their retail PS3s into developer PS3s and accessing the developer PSN store, which gives free DLC for testing purposes.

After that, they discovered the breaches. But that was too late - who knew how long the data was accessible. This guy was stupid and bragged. The smart ones don't brag, but quietly make use of the data. Do it well enough and the logs would get wiped out as part of the natural rotation.

At least this guy basically told everyone that Sony was vulnerable.

Re:SONY was breached a bunch of times (1)

Joce640k (829181) | about a year and a half ago | (#41644411)

SONY is run by copywrite attorneys

Attorneys are working as copywriters now...?

These lulzsec guys are pathetic. (2, Informative)

Anonymous Coward | about a year and a half ago | (#41639065)

If they hadn't gloated so much and took the proper precautions, they wouldn't have been found. Don't tell anyone, not even anyone on your team, who you are.

Re:These lulzsec guys are pathetic. (0)

Anonymous Coward | about a year and a half ago | (#41639333)

Maybe he wanted to get caught for the lulz!

I'm sure lulzing at that vandal right now. If he threw some rocks at a SONY store or something stupid like that, he would get a slap on the wrist. But with their escapades, he'll probably spend the next 20+ years in pound-him-in-the-ass prison.

Re:These lulzsec guys are pathetic. (1)

westlake (615356) | about a year and a half ago | (#41641999)

If they hadn't gloated so much and took the proper precautions, they wouldn't have been found. Don't tell anyone, not even anyone on your team, who you are.

The ego the size of the planet.

If you are in it for the laughs you talk, you gloat.

Sony Should Go To Jail (5, Insightful)

andrew3 (2250992) | about a year and a half ago | (#41639099)

When does Sony go to jail, for developing rookits [wikipedia.org]? I bet that affected people on a much larger scale. What about the false advertising regarding the OtherOS feature, which was removed via an updater/backdoor?

Sony screws its customers with DRM and anti-features and attacks software developers. I find it hard to feel sorry for them.

Re:Sony Should Go To Jail (0)

Anonymous Coward | about a year and a half ago | (#41639171)

he who has the money has the power

we serfs will never be able to get justice against those with better means than us

Re:Sony Should Go To Jail (1)

Anonymous Coward | about a year and a half ago | (#41639217)

he who has the money has the power

we serfs will never be able to get justice against those with better means than us

You obviously have never read the history of the French Revolution.

There are plenty of other examples in history as well.

So you need to come up with other excuses for your miserable servile
existence, because the ones you claim above are invalid.

Re:Sony Should Go To Jail (0)

Anonymous Coward | about a year and a half ago | (#41639343)

Maybe it's just that deep down we all know that an armed revolution over whether or not you can download the latest Lady Gaga song is absurd?

Re:Sony Should Go To Jail (1)

fredprado (2569351) | about a year and a half ago | (#41639473)

The problem is that it was never about if you can download the latest song, it is about who controls information.in a much general sense than you give credit to it.

Re:Sony Should Go To Jail (1)

JockTroll (996521) | about a year and a half ago | (#41639867)

No, it's just that deep down many people who blather about "revolution" couldn't bring themselves to shove a screwdriver into somebody's eye because he's an "enemy". Contrary to religiously held slashlosers' beliefs, you cannot fight a revolution safe behind your computer: you need to get your hands dirty, stab and shoot people (who mostly have never directly harmed you) and run the risk of being hurt and killed. The thought of physical confrontation horribly scares loserboy nerds, who have spent their lives - and rightly so - at the bad end of other people's - fully justified - violence. The moment they meet the stern gaze of an overweight mall cop they pap their pants and go crying to mommy.

Re:Sony Should Go To Jail (0)

Anonymous Coward | about a year and a half ago | (#41640219)

You may be trying to troll, but you're basically right. What's worse is that many Americans are also the same way - they talk big about Freedom and fighting tyranny, and then they go home, shove food in the mouth, slug a beer down, and drift off to sleep feeling safe.

Re:Sony Should Go To Jail (1)

MightyMartian (840721) | about a year and a half ago | (#41639361)

And look what the French Revolution produces; the Jacobins, Robespierre, the Reign of Terror, the Directory, and ultimately Napoleon. Yes, poor silly well-meaning ill-advised Louis XVI lost his head, along with a bunch of equally silly foppish aristocrats, but the average Frenchman's lot really didn't improve until the Bourbon Restoration and the rise of Napoleon III.

Re:Sony Should Go To Jail (0)

Anonymous Coward | about a year and a half ago | (#41639413)

What we got is an amazing idea that kings have no inherent right to rule and we are born equal. This changed everything.

Another french revolution is excactly what US needs. Anything else will be just superficial makeover.
And If you think any meaningful change can be peaceful and bloodless you are dreaming.

 

Re:Sony Should Go To Jail (1)

MightyMartian (840721) | about a year and a half ago | (#41639463)

England had dispensed with the idea of Absolutism over a century before. The Glorious Revolution was as far reaching as the French Revolution, and considerably less bloody.

Re:Sony Should Go To Jail (1)

Grumbleduke (789126) | about a year and a half ago | (#41650625)

In France's defence, the UK got the bloody parts of its revolution done during the Wars of the Three Kingdoms (1630-50s), which killed off something like 4%, 6% and 40% of the English, Scottish and Irish populations [wikipedia.org] respectively, or around 800,000 people (including Charles I; you can't get a much clearer rejection of the notion of an absolute monarch than Parliament finding one guilty of treason and executing him).

Re:Sony Should Go To Jail (1)

fredprado (2569351) | about a year and a half ago | (#41639477)

Unfortunately, seeing our current "democracies" I am not very sure if we progressed a lot since then...

Re:Sony Should Go To Jail (0)

Anonymous Coward | about a year and a half ago | (#41639747)

mod parent up

timothy (0)

Anonymous Coward | about a year and a half ago | (#41639109)

are you an editor?-----third line , start of sentence.....
sorry .

SQL injection? (0)

Anonymous Coward | about a year and a half ago | (#41639197)

SQL injection? www.sony.com/drop tables;?
Its not so much a matter of "breaking locks and prying the door" and "accidentally stepping through the spider web between the two widely separated rocks they use for security. "Hey, you made it past our rocks: you must be a super cyber thief or something".

Just as pathetic a vermin as I suspeced (1)

gweihir (88907) | about a year and a half ago | (#41639349)

When they bragged to the world, I was convinced that

1. They would be found (law enforcement is pretty incompetent, but they do get the idiots and only idiots brag like that)
2. They would turn on each other as they have no personal honor
3. They would be utterly pathetic

Seems to have been spot-on. Incompetence combined with arrogance and self-aggrandizement. A pity that other fine examples of this personality profile can continue unhindered, e.g. in lots of government, administration, corporations, banks and academia.

Re:Just as pathetic a vermin as I suspeced (1)

steveaustin1971 (1094329) | about a year and a half ago | (#41639443)

I'm not sure who you are referring to as "they". If you are referring to anonymous in general, well you just don't understand that movement. If you are referring to this particular hack, lulzsec is more than this guy and they only really grabbed a few of them, the rest blended back into the fold. There are a number of folk that are part of various "sec's" that are really only useful at this point as bait for the feds anyways and now as martyrs they serve the purpose of attracting more numbers and more cannon fodder. Anon will not stop because of some arrests. Anon is not like anything the world has seen before. What you see now is still just the tip.

Re:Just as pathetic a vermin as I suspeced (1)

gweihir (88907) | about a year and a half ago | (#41639623)

I am very specifically referring to Lulzsec. As should be obvious as the story is about Lulzsec, not Anonymous. I do not even remember bragging from anonymous, but Lulzsec was probably the worst offender ever in that category.

I do however not buy into these myths about Anonymous either. It is very much like other things the world has seen before. Quite a few terrorist/freedom fighter (not making a judgment here either way) organizations qualify for example and many of them have never been gotten under control by the authorities. Anonymous is not that large, the tip is basically all there is (plus, say 2-3 times reserves), and while the supporters are nice, they are not Anonymous proper. Anonymous will stop if a significant number of people have been arrested (which I doubt will happen). They are not nearly as good with regard to hacking as they want to make people believe, there is plenty of low-hanging fruit (think how pathetic even RSA Lab security was) and there are plenty of informers.

I also highly doubt anybody of any significance in Lulzsec got away. Some may still be useful as informers and are now run that way. Others may be (temporarily) shielded by legal issues with different countries. Some may be kept in reserve to generate more publicity when the current idiot has been dispatched and the authorities feel they want more press exposure.

That said, I do sympathize with Anonymous in general as "freedom fighter" types. Lulzsec, on the other hand, are nihilistic vandals (they never managed to get to "terrorist" levels, although no doubt they would have enjoyed that) of negative worth for any and all reasonable purposes and with no redeeming qualities whatsoever. And no, I do not see them as part of Anonymous, just as free-riders.

Re:Just as pathetic a vermin as I suspeced (1)

steveaustin1971 (1094329) | about a year and a half ago | (#41639629)

None of the important folk are behind bars... and anon is millions. Underestimate if you like, but legion they are.

Re:Just as pathetic a vermin as I suspeced (1)

gweihir (88907) | about a year and a half ago | (#41639691)

None of the important Lulzsec members are behind bars? Anonymous is millions? What are you smoking?

Re:Just as pathetic a vermin as I suspeced (1)

steveaustin1971 (1094329) | about a year and a half ago | (#41639721)

Truth.

Re:Just as pathetic a vermin as I suspeced (0)

Anonymous Coward | about a year and a half ago | (#41639725)

I have revealed the Truth Behind Things! I have revealed the Truth Behind Things right now!

Re:Just as pathetic a vermin as I suspeced (1)

gweihir (88907) | about a year and a half ago | (#41639753)

Truth.

You bought the counterfeit variant. (Possibly made in China.) You should stop using it. It is unhealthy and leads to massive delusions.

Re:Just as pathetic a vermin as I suspeced (0)

Anonymous Coward | about a year and a half ago | (#41643259)

Truth.

ROFLMAO.

You pathetic, basement-dwelling, ignorant twerp.

LOL.

Re:Just as pathetic a vermin as I suspeced (1)

steveaustin1971 (1094329) | about a year and a half ago | (#41644195)

I'm ignorant? I own FOUR homes and don't happen to live in the basement of any of them and I have probably been in my field longer than you have been alive. If you feel the need to log in just to hurl insults, I would suggest your life cannot be that fulfilling.

Re:Just as pathetic a vermin as I suspeced (0)

Anonymous Coward | about a year and a half ago | (#41647951)

And any drooling idiot teenager in mommy's basement could easily type that too...

here, let me prove it:

I have twice as many homes, cars and planes as you do... and ahhh, yeah....a Cray Supercomputer too... yeah, that's the ticket! ... and I also have my own nuclear-powered spy submarine too... trust me... I don't just know HOW the intertubes work, why I INVENTED the intertubes! Yeah, that's it, I only used Al Gore do distract attention... (need I go on?)

The real truth is that the morons of Lulsec and anonymous have no clue about how easily they can be located... it's not that the US Government cannot get to them, it's just that they are not that important. Nobody is going to waste the time and the proper resources to nail them as long as the Chinese, the Iranians, the Russians, the North Koreans, etc are doing far more dangerous things. This situation will continue with these "anonymous" internet groups being an occasional irritant until they do something that becomes a bigger problem than the things that are currently getting all the official attention. On the day either of these groups does something that is big enough to warrant the full attention of the proper people... they'll be rolled-up and talking to their public defenders within days. Anybody who joins one of these things thinking he can get away with it really has no clue about the technological capabilities that could be brought to bear on him, and while I know this for a fact I will not say "trust me" and claim to have certain experience or former employment (I too could be a kid in a basement) instead, I'll just say "watch and see..."

The truly funny part about all this is that the people who setup organizations like this never seem to run out of useful idiots... people who think it's "cool" to "join" them and who then do their bidding. When the useful idiot gets caught, the group he "joined" just lets him go off to jail to lose a few years of his life and lose some of his rights for the rest of his life, ha, ha, ha.... sort of like the leaders who recruit and dispatch suicide bombers, really... they send useful idiots to do their dirty work and pay with their useful idiot lives while paying no price themselves for the mayhem... until they finally draw the ire of a superpower...

Re:Just as pathetic a vermin as I suspeced (0)

Anonymous Coward | about a year and a half ago | (#41639447)

Once you bragged on Slashdot, I was conviced that

0. You would start counting at One, like a noob.
1. You had no proof of your claimed prior beliefs.
2. You would contradict yourself like a pathetic fool.

Tell me, how you side against those mischief makers that were bringing to attention to examples of incompetence in government, corporations, banks, etc, yet call for examples to be made of them in the very next sentence? Did you major in bullshit at Uni?

sentencing (3)

planckscale (579258) | about a year and a half ago | (#41639633)

Possibly 5 years in Jail and $605k in fines is the guilty plea bargain. Sound like a deal to me, go ahead and reciprocate by doing the same time and paying each user who was hacked by Sony and their drm rootkit.

Re:sentencing (0)

Anonymous Coward | about a year and a half ago | (#41640495)

Too bad he didn't take down *millions* of core servers worldwide. Then he could become a professor at MIT doing utterly pointless, but well-funded, research into technological dead ends.

              http://en.wikipedia.org/wiki/Robert_Tappan_Morris

Oh, wait, I forgot ou have to be the son of the head of the NSA for that. Maybe he could get adopted?

Isn't this all backwards? (0)

denmarkw00t (892627) | about a year and a half ago | (#41639771)

I mean, really. So, we're punishing the people who find the holes in the software, while the companies who deploy insecure websites get money because they did something insecurely? I mean, I'm thing of a car analogy and it's odd - the person reaching in (because you left the window down) is at fault, but at the same time why the hell would you leave a window open and expect no one to take your iPad? And you could get compensated (even though he was caught and you lost nothing of value)?

I feel like it's silly that people get arrested for stuff like SQL injection attacks - "OH hey guys, we didn't sanitize user input and someone used that against us. Derp. Let's take those people to court!"

See also: banks that don't use silent alarms and totally don't use safes. At all. You know, if a security threat is obvious, it should probably be the company's responsibility to deal with it instead of "hoping" that some cracker comes along so that they can cash out in a lawsuit and not have to actually invest in security.

Re:Isn't this all backwards? (0)

Anonymous Coward | about a year and a half ago | (#41639917)

The Law exists to serve those who make the laws. Crackers are commoners, hence they pay for their mistakes. Sony is part of the ruling class, hence others pay for its mistakes. Otherwise, how could Sony's rootkit land nobody in jail?

Re:Isn't this all backwards? (0)

Anonymous Coward | about a year and a half ago | (#41640115)

So, we're punishing the people who find the holes in the software,

I thought he was being punished for exploiting the hole, not for finding it. I can't remember ever being punished for reporting a bug. Ignored sometimes, but never punished.

Re:Isn't this all backwards? (0)

Anonymous Coward | about a year and a half ago | (#41640443)

I thought he was being punished for exploiting the hole, not for finding it. I can't remember ever being punished for reporting a bug. Ignored sometimes, but never punished.

There are cases where that has happened. If you report the security flaw to the public after it has been ignored then you could be punished.

Re:Isn't this all backwards? (1)

vakuona (788200) | about a year and a half ago | (#41640747)

No. There is nothing backwards about punishing low life scumbags like Raynaldo who are the reason companies need to secure their websites in the first place.

What sort of morality is it to suggest that a site being inadequately secured is an invitation to steal? Do you also subscribe to the view that a woman being drunk or dressing provocatively is an invitation for you to rape her?

Re:Isn't this all backwards? (0)

Anonymous Coward | about a year and a half ago | (#41643069)

I think that 'reaching into a car' isn't the best analogy here, especially with concerns to SQL injection vulnerabilities. Here's a better one:

In order to promote sales, Company A decides to mailing out personalized coupons for all of their products. Customers mail in a request form, the form is processed and they receive a bunch of coupons by mail. Since Company A does not have the infrastructure to handle the mail processing, they decide to contract to another company to do it for them, Company B.

A bored, and perhaps inquisitive customer named 'Bob' tries to mess around with the form; he appends a few 0's here and there, and mails the form, just to see what happens. When Bob gets his coupons back in the mail he notices that he's received 95% discounts on some of Company A's products; obviously one of the mail processors at Company B didn't bother to properly validate the form he sent in. Feeling mischievous, Bob decides to take it a step further; in the 'Additional Comments' section at the bottom of the form, he overtly asks for 100% discount coupons on ALL of Company A's products. For whatever reason, an employee at Company B actually fills out the request, and Bob receives all of the coupons by mail. Bob takes the coupons, gives a bunch to his friends, and then goes on a crazy shopping spree. Eventually Company A catches wind of what has happened, but by then it's too late; they've already suffered substantial losses from giving away 'free' products.

So who's at fault here? Should Company A seek legal action against Company B, or Bob, or both? Bob's actions might have been morally dubious, but are they criminal? Is there not a reasonable expectation that someone should have caught the mistakes on his form, especially the second time around?

Re:Isn't this all backwards? (0)

Anonymous Coward | about a year and a half ago | (#41644115)

it is, and if you get yourself drunk your liable to get raped dipshit

always stay sober and pack a loaded and ready .45 and use it if you feel the slight bit threatend, wild west is were its at on them frontiers

your judging amoral people for taking advantage of amoral people your not promoting morality. so yeah get it right. and dont call it a moral issue.

Its ethical to punish the criminal, but amoral to not place any blame on the victims. You obviously feel like an over authoratarian dictatorship is the right way to raise people and no one should have the choice, responsability or right to defend themselves. Sometimes you need to get burned in order to learn your lesson its much better if its not rape.

But this is more like righting down someones liscence plate and advertising it online to the world level of crime. Its not even clear cut that anything criminal was done with the information. Just that the systems were comprimised.

Re:Isn't this all backwards? (0)

Anonymous Coward | about a year and a half ago | (#41642707)

I don't get it. So you think that if you leave a window unlocked and someone uses it to rob your house that they shouldn't be punished?

and what makes you think (0)

Anonymous Coward | about a year and a half ago | (#41640091)

and what makes you think, SONY hasn't been breached since .....
just cause whom ever isnt bragging about it like they are....

If I may be the first to say this.. (-1)

Anonymous Coward | about a year and a half ago | (#41640203)

Fuck Sony. Seriously, fuck Sony with a rusty spoon.

Also, this might get me downvoted, but Fukashima and Sony are all symptoms of an aging, unresponsible workforce.

But don't feel so proud, fellow Americans -- we too are headed over the same cliff. We suffer from exactly the same malaise: aging, selfcentered, selfish, powermad baby boomers who would rather lie to stay in power, than help society and take one for the team; and a workforce matriarchy created by a dominance of amoral, immoral, affirmative-action (*spit*) women who have zero qualifications or relevance to any job. Selfish, unimaginative, unskilled and immoral is Japan's workforce mixture of old workers and young women -- and we too in America are coming to the same place.

Fuck Sony, fuck Japan, and fuck thst shit from feminists. Any college which has more women than men should immediately lose accreditation, and federal funds.

Any company which employs more women than men, should be shut down.

We need a boycott against women and old people, because they are destroying our world. If you see that a company has an old or woman president, don't buy from it. This is a very sad thing to say, because equality was a nice dream. However, it's gone past equality. It's gender genocide. The war is over, and us men lost everything, and women won.

Muslims are pretty fucked up morons, however, their treatment of women, while totally unjustified in their societies, might be appropriate in our society, to teach women to never again try to surpass and extinguish life for men. Feminist supremacists must be stopped. If they are not, our society is dead. And it will be literally dead, with every american dead, because one of the first things feminism does, is stamp out breeding. Before everyone dies though, prepare for major acts of destructive selfishness and idiocy.

Reynaldo was not part of lulsec (0)

Anonymous Coward | about a year and a half ago | (#41641173)

Just to clarify, I don't know this Reynaldo guy to be part of lulzsec and this may be just as well a security theatre designed to scare actual members away.

Re:Reynaldo was not part of lulsec (0)

Anonymous Coward | about a year and a half ago | (#41647981)

Ha Ha Ha

The idiots who think they are running groups like lulsec have no way of knowing if any of the "leaders" is actually working for the government and using the groups as honeypots to lure-in and keep tabs on the sort of people who should be monitored... [BIG smile]

In case you have not noticed, the best way to stop a bad guy before he does something really bad is to run the group he joins... and keep him busy on stupid stuff until he gets twitchy... then you give him a "real" assignment and arrest/kill him

simple

The beauty of this (from the point of the authorities) is that the stupid people are self-sorting and self-selecting... they come to you [SMILE].

20 year old guy injects some code into sony by sql (1)

KingBenny (1301797) | about a year and a half ago | (#41659825)

abuse, why , tell me someone, why is sony not hiring this guy ?
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...