Forgot your password?
typodupeerror

Comment: Re:Useful Idiot (Score 1) 384

Snowden has been careful to release only the things he feels violated the oath he and others took to the U.S. Constitution

Please point out the part of the US Constitution that says the Federal Government can't spy on foreign countries, then justify Snowden's leaking of intelligence methods and sources that had nothing whatsoever to do with American domestic civil liberties.

Comment: Re:Useful Idiot (Score 0) 384

What the fuck do you milquetoast standard-bearers of pusillanimity expect him to do?

Put his actions before a jury of his peers, like the numerous whistle-blowers who came before him, none of whom fled to hostile countries? Restrict his leaks to pertinent information, rather than dumping EVERYTHING? Attempt to work within the system before trying to blow it up? Leak the information without outing yourself, remaining anonymous like Deep Throat did?

Anyway, I'm all for the balance of power. The best antidote to an abusive US empire is an abusive Sov^WRussian empire.

You'd probably have a different perspective on that if you lived in the Baltic States, Ukraine, Romania, Moldova, Finland, Georgia, or any of the Central Asian Republics.

Comment: Re:Useful Idiot (Score 0) 384

Yep -- if the US wanted to not give Putin a propaganda tool, they could have welcomed him back home with a guarantee of safety.

It'd make more sense to play the realpolitik game: "Put Mr. Snowden on a flight to New York and we'll quietly acquiesce to your annexation of Crimea."

Unfortunately realpolitik is not something the current administration is very good at. They're very good at making promises they can't keep, and threats they won't follow up on, but making cold calculations to further American interests in a dangerous world? Not so much.

Comment: Re:So other than those ten (Score 2) 33

by Shakrai (#46775791) Attached to: FBI Drone Deployment Timeline

How many times do they do it a week without all that official authorization stuff?

If they use them in criminal investigations the usage eventually becomes part of the public record when entered into evidence. Using them for search and rescue ought to be non-controversial enough. "National Security" is of course the grey area, though there's a fair amount of overlap between National Security and criminal prosecutions, for offenses like espionage or terrorism, so a lot of that use would eventually make it into the public record as well.

Comment: Re:Not even much money (Score 2) 415

by Shakrai (#46759595) Attached to: Intuit, Maker of Turbotax, Lobbies Against Simplified Tax Filings

If you are a die-hard, you can download [irs.gov] the forms and send them in for the price of a stamp or two (my state forms, seven pages of paper, cost $0.70 to mail.)

You don't even have to do that. There's Free Fillable Forms, which are exactly what the title suggests. Electronic copies of all the relevant paper forms that you fill out online and E-File. It doesn't have the logic of Turbotax but it performs basic math checks and saves you the hassle of printing and mailing the forms.

I can't understand why anyone would pay a third party to do their taxes. The logic flow isn't that complicated, even when you throw capital gains and itemized deductions into the mix. I've filed the long form 1040 by hand in years when I had to deal with capital gains and losses and was able to complete it in under two hours. Who are the people who pay Intuit or H&R Block to do their 1040ez filings?

Comment: Re:also (Score 1) 171

by Shakrai (#46756621) Attached to: First Phase of TrueCrypt Audit Turns Up No Backdoors

The metadata argument wears thin on me. If my phone number is two or three levels removed from a terrorist I really don't see why it's objectionable that the Government take a precursory look at my call logs. They'll quickly find that I'm a rather boring sort, whose connection with the terrorist was likely limited to ordering the same take out, and my privacy isn't significantly impacted by having someone review my call logs after obtaining a court order.

Traditional police investigative techniques would be at least as invasive, if not more so. Ever been interviewed by the police because you're one or two levels removed from a criminal suspect they're attempting to establish a case against?

Comment: Re:also (Score 5, Insightful) 171

by Shakrai (#46751971) Attached to: First Phase of TrueCrypt Audit Turns Up No Backdoors

Since Snowden's revelation about the NSA's clandestine $10 million contract with RSA,

If you're on NSA's radar you've got bigger problems than TrueCrypt's trustworthiness or lack thereof. The NSA doesn't have to have a back door into AES (or the other algorithms) when they have an arsenal of zero day exploits, side channel attacks, social engineering, and TEMPEST techniques at their disposal. The average user should be far more concerned about these attack vectors (from any source, not just NSA) than the security of the underlying encryption algorithm.

The Diceware FAQ sums up the problem rather succinctly: "Of course, if you are worried about an organization that can break a seven word passphrase in order to read your e-mail, there are a number of other issues you should be concerned with -- such as how well you pay the team of armed guards that are protecting your computer 24 hours a day."

Comment: Re:To the point... (Score 1) 147

by Shakrai (#46730875) Attached to: 'weev' Conviction Vacated

No, he sent a query to the webserver, and the webserver did what it was designed to do and answered it.

You're overlooking the part about purposefully manipulating the query in such a fashion as to trick the webserver into thinking you're someone else.

AT&T was the one making the mistake by assuming that all trivially-correctly-formatted requests were from AT&T customers as opposed to actually checking whether the requester was - in fact - a customer (something they could've easily done!)

AT&T's mistakes do not excuse the actions of the accused.

It's about precedent, and "some queries shouldn't be sent to a webserver, but you don't know what those are until we nail your ass" is a pretty damn bad precedent.

There's no overly broad precedent here, unless you're trying to claim that prosecuting people for impersonation is a scary precedent.

Comment: Re:sad day for those who don't like 4chan trolls (Score 1) 147

by Shakrai (#46730721) Attached to: 'weev' Conviction Vacated

How is the law being abused here? Go read the evidence in this case. AT&T set up a system that was designed to automatically populate an e-mail field for the convenience of their customers. They did this by matching two different variables, the user-agent of the iPad web browser and the ICC-ID number from the SIM card contained therein. Two people then discovered that they could fake both of those variables to obtain the personally identifiable information (PII) of AT&T customers. They did this in a deliberate manner while discussing ways of using the obtained information for profit, with ideas ranging from spamming (direct marketing ofiPad accessories to people who obviously owned iPads) to securities fraud (they floated the idea of shorting AT&T's stock when news of the security breech broke) to the enhancement of their own reputation (look how awesome of a security guy I am, I broke into AT&T, buy my consulting services!)

AT&T's failings are not really relevant here. The process of obtaining the PII was sufficiently complicated as to make it readily apparent that the information obtained was not for public consumption. No reasonable person would conclude that they were entitled to access the PII of AT&T's customers. No reasonable person would discover this security flaw then write a script to automate the collection process while exploring methods of using the obtained information for personal financial gain.

Your whole argument can be distilled to three words: Blame the victim.

Comment: Re:To the point... (Score 1) 147

by Shakrai (#46729077) Attached to: 'weev' Conviction Vacated

If that's not a 'not guilty' by a court that's not passing actual judgement, I don't know what is.

That's some selective quoting right there, chopping it off at "or any overt act in furtherance of the conspiracy in New Jersey". They didn't conclude that he didn't commit the crime, they concluded that no actions taken in furtherance of the offense were performed in New Jersey.

Again, there was no authorization process in AT&T's system

It was keyed to only populate the e-mail field when both of the following were present: The user-agent of an iPad's web browser and a valid ICC-ID code belonging to an AT&T customer. They used these two items of information to impersonate AT&T customers and steal their personally identifiable information. Of course, your point is irrelevant either way, because the law doesn't care about "authorization process", it only cares that you accessed information you were not authorized to access. No reasonable person would conclude that they were authorized to access PII under these circumstances, wherein they had to trick AT&T's server into thinking they were somewhere else to obtain the information.

If this goes to trial again he will be convicted. If he has half a brain he'll cut a plea deal with the US Attorney, save everybody the hassle of another trial, and likely walk away with time already served. Frankly I doubt he'll do that, because he strikes me as exceedingly arrogant, but perhaps he's humbled after some time behind bars.

Comment: Re:To the point... (Score 2) 147

by Shakrai (#46728389) Attached to: 'weev' Conviction Vacated

The meat-space equivalent is something like reporter (who is not Bob's wife) calling a bar and saying, "I'm Bob's wife, is Bob there?"

A better analogy would be calling AT&T and saying "I'm Bob, can you tell me when my bill is due?" You've impersonated Bob and used it to obtain access to personally identifiable information, you'd be guilty of a number of different crimes in such a circumstance.

Comment: Re:What happens now? (Score 1) 147

by Shakrai (#46728179) Attached to: 'weev' Conviction Vacated

My understanding is it wound up New Jersey simply because the Federal authorities there have more experience with these types of cases. However it happened, I'd concur that it was improper venue. The Feds should have charged him in his own Federal District at the very least, though I'd go further than that and argue that the body of evidence should have been turned over to the authorities in Arkansas for a state level prosecution. Either way, he was entitled to be tried in the jurisdiction where the law was broken, not trucked halfway across the country for the convenience of Uncle Sam.

Hacking's just another word for nothing left to kludge.

Working...