Techdirt. Stories filed under "hacker" Easily digestible tech news... http://www.techdirt.com/ en-us Techdirt. Stories filed under "hacker"http://www.techdirt.com/images/td-88x31.gifhttp://www.techdirt.com/ Tue, 29 Jan 2013 09:35:13 PST Is The Line Between 'Hacker' And 'Criminal' Really That Fuzzy? Mike Masnick http://www.techdirt.com/articles/20130128/01291121801/is-line-between-hacker-criminal-really-that-fuzzy.shtml http://www.techdirt.com/articles/20130128/01291121801/is-line-between-hacker-criminal-really-that-fuzzy.shtml series of cases where young computer hackers were either charged or threatened with criminal charges for doing things that don't seem particularly criminal at all. The NY Times now has a blog post on more or less the same subject, but focusing on the "fuzzy and shifting line between hacker and criminal." While it's good that more attention is getting paid to these kinds of questionable cases, I wonder if that framing is really accurate. I don't think there's a "line" -- fuzzy, shifting or not -- between "hacker" and "criminal." The two things are different. Can you be a criminal hacker? Sure. But the problem is that many non-techie folks seem to assume that any kind of hacking must be criminal. And that's the problem. It's not that some imaginary line is moving around, but that some people don't seem to understand that hacking itself is not criminal, and that there are plenty of good reasons to hack -- including to expose security holes.

Permalink | Comments | Email This Story
]]> only-if-you-don't-really-understand-stuff http://www.techdirt.com/comment_rss.php?sid=20130128/01291121801 Fri, 9 Nov 2012 18:35:09 PST Teen Hacker Banned From The Internet For Six Years Mike Masnick http://www.techdirt.com/articles/20121109/16132820999/teen-hacker-banned-internet-six-years.shtml http://www.techdirt.com/articles/20121109/16132820999/teen-hacker-banned-internet-six-years.shtml big site takedowns earlier this year, and who is considered a "social engineering mastermind" has been sentenced to probation. The terms include a ban on internet access until his 21st birthday, six years from now, according to a Wired article by Mat Honan. For many years, we've questioned whether or not it's reasonable (or even practical) to ban people from the internet for computer related crimes. It seems not only stupid and counterproductive, but just plain bizarre. The internet is so integrated into our lives these days that taking the internet out of your life is a lot more complicated than some might imagine.

Can you still use a voice over IP phone system to make a phone call? What about using an internet-connected kiosk at a store to order something? The terms here seem particularly broad and overreaching -- the kind of requirements that people who don't really live on the internet would think are reasonable without realizing what they're doing to him:
However, according to Cosmo, the terms of the plea place him on probation until his 21st birthday. During that time, he cannot use the internet without prior consent from his parole officer. Nor will he be allowed to use the Internet in an unsupervised manner, or for any purposes other than education-related ones. He is required to hand over all of his account logins and passwords. He must disclose in writing any devices that he has access to that have the capability to connect to a network. He is prohibited from having contact with any members or associates of UG Nazi or Anonymous, along with a specified list of other individuals. He had to forfeit all the computers and other items seized in the raid on his home. Also, according to Cosmo, violating any of these terms will result in a three-year prison term.
Since this is a plea bargain, it sounds like he's accepted those terms, but it seems fairly crazy. Honan talks with an attorney who finds the situation ridiculous:
“Ostensibly they could have locked him up for three years straight and then released him on juvenile parole,” Jay Leiderman, a Los Angeles attorney who has represented alleged members of Anonymous and LulzSec, told Wired. “But to keep someone off the Internet for six years — that one term seems unduly harsh. You’re talking about a really bright, gifted kid in terms of all things Internet. And at some point after getting on the right path he could do some really good things. I feel that monitored Internet access for six years is a bit on the hefty side. It could sideline his whole life–his career path, his art, his skills. At some level it’s like taking away Mozart’s piano.”
Furthermore, we've seen numerous such internet bans tossed out for being rights violations. Sure, the guy broke the law, and should be punished for that. But banning him from the internet for six years seems to go way beyond what's reasonable.

Permalink | Comments | Email This Story
]]> that's-extreme http://www.techdirt.com/comment_rss.php?sid=20121109/16132820999 Fri, 20 Jul 2012 05:23:00 PDT Apple Plays Cat And Mouse With In-App Purchase Hacker Zachary Knight http://www.techdirt.com/articles/20120718/19474519753/apple-plays-cat-mouse-with-in-app-purchase-hacker.shtml http://www.techdirt.com/articles/20120718/19474519753/apple-plays-cat-mouse-with-in-app-purchase-hacker.shtml maximizing profits. One of these profit maximizing endeavors, which recently gained traction with game developers, is the use of micro-transactions -- or as they are often called in the mobile world, "in-app purchases." This method of revenue generation was quickly accepted by many game developers, as it provided a way to distribute the game for free to as many people as possible with the prospect that enough of those free users would then buy in-game items with real money.

Because of this model of doing business, mobile phone producers (mainly Apple) have developed APIs that allow game developers to easily tie their in-game stores to Apple's payment processing and authentication services. While this method is not without its issues, it has been accepted as a relatively secure method of monetizing a game. That is, until one hacker named Alexey V. Borodin figured out a relatively simple way to spoof the purchases of in game items. Using this exploit, Alexey claims that as many as 30,000 transactions have been made since instructions went live.

In a follow up article, The Next Web reports that Apple has begun efforts to prevent the spread of this exploit. These efforts include blocking the IP address of the server Alexey was using, requesting the server be taken down by the Russian hosting company which owned it, sending take down notices to Youtube over videos providing instructions, and getting PayPal involved in shutting down the account Alexey was using to generate donations (a whopping $6.78 was raised according to that report). Apple also included the following statement:
The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating.
Even with all these attempts at taking down Alexey's service, it still remains up and running for all willing iPhone users to take advantage of; that is, if those users are willing to risk their privacy and iTunes accounts to use it, something Alexey claims is not an issue.

While this exploit is very troubling on many levels, it really highlights the folly of relying on security through obscurity. Apple had the chance to secure its APIs long before this exploit happened. It has an opportunity to do so now. In fact, Alexy states that he is more than willing to talk about the issue with Apple. Unfortunately, Apple has not contacted him. While I can understand Apple's unwillingness to work directly with someone who openly exploits its services, it would be prudent to use all available options to end this exploit.

One would hope that game developers who feel threatened by this exploit will pressure Apple to fix the security issues in its APIs as well as provide some kind of training in best practices in securing in-app purchases. Of course game developers should also be doing their part to use all available tools to protect the integrity of their games as well -- something all software developers should do from the beginning.

Permalink | Comments | Email This Story
]]> what-if-I-change-this-setting http://www.techdirt.com/comment_rss.php?sid=20120718/19474519753 Fri, 14 Jan 2011 17:00:00 PST DailyDirt: Random Reader Submissions Michael Ho http://www.techdirt.com/articles/20110108/13482812579/dailydirt-random-reader-submissions.shtml http://www.techdirt.com/articles/20110108/13482812579/dailydirt-random-reader-submissions.shtml
  • Here's a 3D plastic printer that can self-replicate. The software is freely available, and there's a growing group of enthusiasts working on it. [url] from modplan.
  • If you're looking for a unique wedding ring, there's one that acts like a vinyl record. The ring has a 20-second recorded message engraved on it. [url] from an Anonymous Coward.
  • Wanna meet up with other hackers in your area? There's a website for that. It's a wiki for hackers to congregate and collaborate. [url] from chris.
  • There could be a remedy for arthritis derived from bee sting venom. The "natural" bee sting therapy of getting stung hundreds of times doesn't sound too appealing, though. [url] from another Anonymous Coward.


    • Permalink | Comments | Email This Story
    ]]>     urls-we-dig-up http://www.techdirt.com/comment_rss.php?sid=20110108/13482812579