Thanks for showing the flaw , and oh , you're arrested

vbimport

#1

From 2600.com

Case 1 :

A Texas jury has acquitted a computer security analyst who last year was accused of wrongful access to a county computer network.
In March of 2002, Stefan Puffer discovered that the Harris County district clerk’s wireless computer network was unprotected. Anyone with a wireless network card had the ability to gain access to sensitive computers and files.
Puffer demonstrated the problem to county officials, but rather than receiving any thanks, he was swiftly indicted on two counts of fraud. He faced five years in jail and a $250,000 fine for each offense.
However, after only 15 minutes of deliberation, the jurors in the case found on Thursday that Puffer did not intend to cause any damage to the county’s systems.
“Throughout the trial we proved – at least it was clear – the county had their wireless butt out and they were trying to use Stefan as a scapegoat,” Ed Chernoff, Puffer’s attorney, told the Houston Chronicle.
Chernoff told jurors in his closing argument that Harris County District Clerk Charles Bacarrisse called the authorities on Puffer to cover up the office’s security incompetence. Bacarrisse conceded that he was embarrassed by Puffer’s demonstration.
Commenting on the case, U.S. Attorney Michael Shelby compared Puffer’s actions to an intrusion of someone’s home. A better analogy might have been to a locksmith demonstrating the ease of breaking into a home – right in front of the homeowner, followed by the locksmith being arrested.
Even after the jury rendered its decision, a disappointed Shelby insisted that Puffer had “intentionally invaded a cyberspace.”
The widespread insecurity of 802.11b wireless networks, such as the one accessed by Puffer, has been repeatedly demonstrated by hackers. Most cities are still filled with such networks, many of which allow passers-by to anonymously access networks both public and private.

Case 2 :

A student at Turlock High School in California has been arrested for demonstrating the school’s computer security flaws to a teacher, according to a report by KXTV.
The 17-year-old senior, who has not been named, recently discovered that it was possible to circumvent security measures and access not only grade books, but the personal and financial information of 1,200 school employees as well.
The concerned student brought his discovery to the attention of his computer teacher, who passed the information on to the school’s network administrator. Yet, despite the alleged seriousness of the problem, the young man’s claims were disregarded.
In an attempt to demonstrate the problem to his unreceptive audience, the student proceeded to gather evidence of the school’s insufficient security. He entered a school computer system and downloaded sensitive information, which he decrypted, printed out, and showed to his computer teacher.
“We’re fairly confident that his intent was to try to help the school,” said Sgt. Adam Christianson of the Sacramento Valley Hi-Tech Crime Task Force, which is managing the case. There was no evidence that the student damaged or altered any information.
The school’s response, however, seemed to disregard the ethical manner in which the student investigated and reported his discovery. He was arrested on Thursday afternoon for theft, and his computers were seized by police. He could face jail time if convicted of the felony.


“Look mommy , there’s a secret entrance”
“Shh ! The cops will hear you !”
“But mommy , anyone can enter… we should warn the cops !”
“Shut up ! Do you want to be a good boy ? Then stay silent !”
“But …”

Computers don’t make errors… the government does.


#2

It’s obvious the network administrators in these two cases are complete morons who do not understand anything about computers but what they have been taught.

I’m happy that case 1 turned out the way it did and I hope case 2 does too


#3

It always sad to see such idiots in such positions


#4

what a bunch of wankers. What ever happened to saying thanks


#5

In the business world, the “guilty” persons would have been offered a job, not arrested. Beurocrats are another kind of idiot.


#6

in the business world, actually, the software company that owned the system the accused circumvented, would have the offender arrested under the DMCA.