Expose A Blatant Security Hole In AT&T's Servers, Get 3.5 Years In Jailby Mike Masnick
Mar. 19, 2013
1.Trump is Right: GOP Debate Audience is Packed Full of Republican Donors
2.Government Agents Hunt Woman Down After Seeing Facebook Picture Of Her Rehabilitating Baby Squirrels
3.Report: Hillary Clinton Was "Glowing" About Goldman Sachs During Paid Speech
4.Julian Assange Warns "A Vote For Hillary Is A Vote For Endless, Stupid War"
5.New 'Traffic Violations Agency' Brings Buffalo Extortion Racket to All Time High
6.Florida Cops Unload On Man Holding Gun Fearing Home Invasion After Knock On Door At 1AM, Had Wrong House
7.Illinois: Cops Lose Case After Hiding Video Evidence
8.Saudi Arabia's 'Religious Police' Arrest Doll Mascot For Breaching Sharia Law
We've written a few times about the case of Andrew Auernheimer, perhaps better known as weev. While he has a bit of a reputation as an online troll, and self-admitted jerk, his case is yet another example of how ridiculously broken the CFAA (Computer Fraud and Abuse Act) remains. In this case, what he did was expose a pretty blatant security hole in AT&T's servers, that allowed anyone to go in and find the emails of any AT&T iPad owner, merely by incrementing the user ID. This isn't a malicious "hack." It's barely a "hack" at all. This isn't "breaking in." This is just exploring a totally broken system. To call attention to this, weev collected information on a bunch of famous folks who had iPads and alerted the press. This is what security folks do all the time. And for his troubles in helping AT&T discover and close a pretty bad security hole, he's been sentenced to 41 months in prison plus he has to pay $73,000 to AT&T. One hopes AT&T will use it to hire half a decent security person or something.