Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Crime Privacy The Courts Apple

iPad Account Hacker Pleads Guilty 86

WrongSizeGlass writes "Daniel Spitler, a member of Goatse Security, pleaded guilty today to writing the code used to steal email addresses and personal information belonging to 120,000 Apple iPad subscribers from AT&T computer servers. Spitler, who surrendered to the authorities in January, pleaded guilty to one count of conspiracy to gain unauthorized access to computers connected to the Internet and one count of identity theft. Each charge carries a maximum sentence of five years in prison."
This discussion has been archived. No new comments can be posted.

iPad Account Hacker Pleads Guilty

Comments Filter:
  • by Rene S. Hollan ( 1943 ) on Thursday June 23, 2011 @06:14PM (#36548676)

    You've got to be shitting me.

  • by iluvcapra ( 782887 ) on Thursday June 23, 2011 @06:29PM (#36548878)

    Be careful what GET requests you make, because apparently if they're "unauthorized," despite not being protected by any authentication or session and bring happily returned by the server, you may still be a criminal.

    • Re: (Score:3, Insightful)

      by jo_ham ( 604554 )

      Also be careful when trying people's door handles on their home. Despite some of them possibly being unprotected by any locking mechanism, for example, if the owner is inside, if the door opens be careful what you take from the building since you may still be a criminal.

      • I'd consider data on the Internet with no authorisation mechanism to be 'published'. A private residence is still personal property, though.

      • You're right but it's an interesting distinction. If you leave flyers with your clients email addresses hanging throughout town, and someone reads them...

        I would say a GET request is fundamentally different in quality than the front door of a home and the same standard wouldn't apply, but the real question is, which car analogy is appropriate here...

        • by maxume ( 22995 )

          When some jumpy person accidentally gets in a ride share pickup line and then freaks out when someone goes ahead and gets in their car.

        • by jo_ham ( 604554 )

          I think it holds if the door is closed but unlocked. You have to actually go up to a house that is not your own and try the handle. That is analogous I think, so you don't know ahead of time if the door is unlocked but you know damn sure it's not your house and you have no reason to be doing that, unless you're chancing lax security.

      • That's not the same. With a GET, I'm actually asking a server for something, and the server gives it to me, tells me no, or ignores me. This is akin to knocking on the door and asking for a cup of sugar. They say the internet is like a giant corkboard on your front door for a reason - and that we should be careful in what we should put online. So should corporations with other people's data.
        • by jo_ham ( 604554 )

          By the nature of the way the internet works, you handshake with the server to initiate any transaction. You are trying to cloud the issue by saying "well the server shouldn't have responded, or said no, that makes it ok!" when my analogy is perfectly valid - the GET request is the same as you trying the door handle. It either responds by ignoring you (it just jiggles and does nothing), by being locked (it does not move) or it replies to you (the door opens). Of course the server should have said "no", and t

      • Also be sure not to look at the door handle if it's in plain view; unauthorized viewing without changing its state in any way may still be illegal because our lawmakers don't understand doorknobs.

        • Also be sure not to look at the door handle if it's in plain view; unauthorized viewing without changing its state in any way may still be illegal because our lawmakers don't understand doorknobs.

          Simply viewing the door handle *will* change its state!

      • by jd2112 ( 1535857 )

        Also be careful when trying people's door handles on their home. Despite some of them possibly being unprotected by any locking mechanism, for example, if the owner is inside, if the door opens be careful what you take from the building since you may still be a criminal.

        s/criminal/target/

    • by node 3 ( 115640 )

      Be careful what GET requests you make, because apparently if they're "unauthorized," despite not being protected by any authentication or session and bring happily returned by the server, you may still be a criminal.

      It's not like this was some accidental GET request. It was a deliberate attempt to get at information that the "hackers" were well aware was not meant to be accessed.

  • If you hire an asshole to handle your security you will end up with your taste buds in the loop.

  • To never forget the Goatse itself may be a shitter of an organization but the people it targets may be even bigger shits.
  • I've been on slashdot long enough to be very afraid of clicking on any links in this post. I could live with Rick Roll security, but not this...
  • The security vulnerability was literally as simple as changing one number in a url to a different one, at random. From user 2340823 to User 2347923 or whatever. When the door is wide open, you can't complain if people don't knock. It's not like he actually got into anyone's account; it's more like he just said "Hi, I'm user 2342323" and the computer said "Oh hi, John@fakeemail.com, what's your password?" and then he said "Nevermind." Nobody's account was logged in to, and nobody's personal information

    • So if your key works in my lock it's okay for you to come into my house? If it is not by accident it is criminal.
  • 5 years in prison? Fuck those judges.
    • by SeaFox ( 739806 )

      10 years. 5 x 2 = 10 last time I checked.

      • No, man. I meant that he could've simply give some community service instead of losing his age, or even just work for them in order to improve "their" own security.
        That's why I said "Fuck those judges"

  • Comment removed based on user account deletion

No spitting on the Bus! Thank you, The Mgt.

Working...