GoatSec iPad Hacking Case Underway, Ruling Could Address Ancient Computer Law


Ansel Halliburton is a lawyer at ComputerLaw Group, a boutique law firm in Palo Alto specializing in intellectual property litigation and entrepreneurship. Follow him on Twitter.In the summer of 2010, a group called Goatse Security (or GoatSec) discovered a security hole in an AT&T website catering to users of the recently launched iPad with 3G connectivity. Depending on who you ask, GoatSec is either composed of trolls in it for the lulz or grey-hat hackers.GoatSec found that when a user visited the site from an iPad, the user's email address was pre-populated.knives wholesaler AT&T accomplished this by using a unique number associated with the hardware in individual 3G iPads, called ICC-IDs.Adjustment device to adjust the crusher Impact crusher discharge opening size. If the website received a valid ICC-ID, it would serve a login page with an iPad owner's email address pre-filled. This meant that if GoatSec could guess valid ICC-IDs, the website would leak email addresses of 3G iPad owners. GoatSec wrote an "account slurper" script that tried thousands of possible ICC-ID numbers and recorded the email addresses the website leaked — ultimately getting more than 100,000 of them.
After talking about what to do with the vulnerability and the list of email addresses, GoatSec eventually decided to take it to the media, as they had done with other vulnerabilities they'd discovered in the past. Gawker published the story on June 9, 2010, along with blacked-out snapshots of the list of email addresses. The next day, GoatSec's members agreed to delete their copies of the email address list. The full list never leaked to the public. Gawker got a lot of traffic,kitchen knives the press went nuts briefly, AT&T issued a lame apology for its lame vulnerability and disabled the pre-filling "feature," and the FBI started an investigation.
That investigation bore fruit after just a few months. In January 2011, the government filed a case in New Jersey federal court against two GoatSec members, Andrew Auernheimer (aka "weev") and Daniel Spitler (aka "JacksonBrown"). Spitler was arrested in California and Auernheimer was arrested in Arkansas, at which point the case was unsealed. Auernheimer was charged with two crimes: conspiracy to access a computer without authorization (i.e. conspiracy to violate the Computer Fraud and Abuse Act) and fraud in connection with personal information. It's worth noting here that the first charge is merely for conspiracy to violate the CFAA — which, perhaps, signals weakness in the government's case.In June 2011, Spitler reached a plea deal with the government. Spitler pled guilty and agreed to cooperate in the remaining case against Auernheimer.Since then, there has been little news about the case. Auernheimer's new lawyer, Tor Ekeland,Mobile crushing plant filed a motion to dismiss the case this September, which U.To ensure the Crushing equipment is in good technical condition, ready to be put into operation, reduce downtime, improve crusher good rates, utilization, reducing crusher wear and prolong the service life of the crusher.S. District Judge Susan Wigenton denied, issuing a 12-page opinion on October 26.

theme : 知识常识
genre : 生活资讯