FSTDT Forums

Community => Science and Technology => Topic started by: The Illusive Man on November 26, 2012, 11:21:19 am

Title: Andrew Auernheimer convicted, free weev!
Post by: The Illusive Man on November 26, 2012, 11:21:19 am

Quote

Andrew Auernheimer, 27, was convicted by a Newark, New Jersey, jury of one count of conspiracy to access the servers without permission, as well as one count of identity theft, said U.S. Attorney Paul Fishman. (http://uk.reuters.com/article/2012/11/21/us-att-hacker-idUKBRE8AK04A20121121)

Actual pic of Andrew Auernheimer.
(http://www.neurope.eu/sites/default/files/imagecache/400xY/Andrew%20Auernheimer.jpg)

Quote

The defendant faces a maximum five years in prison and $250,000 fine on each count. A co-defendant, Daniel Spitler, pleaded guilty to the same charges in June 2011 and is awaiting sentencing.
Prosecutors said Auernheimer and Spitler were affiliated with Goatse Security, a group of Internet "trolls" that tries to disrupt online content and services. (http://uk.reuters.com/article/2012/11/21/us-att-hacker-idUKBRE8AK04A20121121)

Actual logo:
(http://upload.wikimedia.org/wikipedia/commons/0/05/Goatse_Security_Logo.png)

It is ironic that a member of Goatse Security will probably be (NWS)goatsed(NWS) in prison by big gay Bubba and/or Ben Dover.

For those who did not know, Goatse Security (http://security.goatse.fr/) was a troll famous hacking group. They disclosed a few lulzy vulnerabilities such as the Firefox and Safari XPS attacks.

The conviction in question pertains to how an AT&T server was “hacked”, and by “hacked” I mean publicly available data. All Goatse had to do was provide: an ICC-ID (many of which were posted online by Apple users) and a user agent header from an Ipad to AT&T’s server. The server then responded with an email address if the ICC-ID was valid. They wrote a PHP script to literally brute force possible ICC-IDs until a list of 114,000 confirmed addresses was compiled. AT&T and other third parties were notified and given a copy of the script. (http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed)

Normally anyone with an ounce of competence would have made a policy to blacklist an IP address based upon a large number of failed login attempts or even based upon traffic. But competent is not a word I would use to describe AT&T.

Title: Re: Andrew Auernheimer convicted, free weev!
Post by: Distind on November 27, 2012, 06:30:08 am

Uh, hell no on the goatse link. I've removed it, don't do it again.