Appeals court rules that you don't have to "hack" a computer to be convicted under hacker statutes

In a 2-1 ruling, an appellate court ruled "Employees may be prosecuted under a federal antihacking statute for taking computer files that they were authorized to access and using them in a manner prohibited by the company, a federal appeals court has ruled."

At issue is whether or not the employer has specific rules about computer access, and if the "employee has knowledge of the employer’s limitations on that authorization, the employee ‘exceeds authorized access’ when the employee violates those limitations" said employee is deep in the fecal matter.

Apparently the same circuit court ruled the opposite last year on the same law when the employer did not have specific data access rules in place. "Exceeding authorized access" is the issue at hand.

The dissenting judge wrote that "under the majority’s ruling, “any person who obtains information from any computer connected to the internet, in violation of her employer’s computer-use restrictions, is guilty of a federal crime.”"

There are some nasty ramifications to this, and basically if an employer asked me to do some work on my home system in my own time, I would definitely get it in writing and file that sucker away some place safe in case the law comes a-knockin'.

http://www.wired.com/threatlevel/2011/04/no-hacking-required/

Doonesbury Say What?

"A similar death and a similar taking away...The question comes down to this: what will you say to that next generation about what you did to make sure that wouldn't be their fate?"
— Michele Bachmann on taxes and the Holocaust

Wow, need perspective much? To the best of my knowledge, people are not being rounded up and sent to death camps. I must have missed a news update.

Have you rented/bought a computer from Aaron's? It probably has spyware on it.

It's basically the same sort of stuff that the Pennsylvania school district was doing with it's MacBooks last year, except there may be a hardware component that has to be deactivated with a wand.

In this particular story, a couple was visited by an Aaron's store manager who claimed they had not paid for their computer and he was going to repo it. He showed them a picture of the husband working on the laptop taken with the built-in web cam. The couple freaked and called the police. They picked up the computer for the wife to use in college, made two payments, then decided to pay for the whole thing. Turns out a clerk at Aaron's was arrested for stealing money from the store, which could account for why their records showed the agreement was in default. Presumably the couple had the receipt showing final payment.

The couple is suing Aaron's and seeking class action status. There's some wonderful quotes in the story that the wife will frequently check email before/after showering, and that their 5 year old boy sometimes runs around naked as such kids are sometimes wont to do. So now Aaron's could be in possession of kiddie porn.

http://news.yahoo.com/s/ap/20110503/ap_on_re_us/us_rental_computer_spyware

http://yro.slashdot.org/story/11/05/04/0111229/Aaron-Computer-Rental-Firm-Spies-On-Users

Firewall for the Droid prevents location tracking

Sounds a lot like Zone Alarm Pro, the only software firewall that I have a lot of experience with (and quite liked).

http://yro.slashdot.org/story/11/05/04/0428224/Marlinspikes-Droid-Firewall-Kills-Tracking


In other news, Apple released an iOS patch today to fix their location tracking kerfuffle.

Sony claims SOE and PSN hacks were the work of Anonymous

Yeah. Apparently the intruders left behind a file named Anonymous containing the phrase "We are legion.", the Anonymous calling card phrase.

It's so utterly inconceivable that a group of criminals wouldn't leave behind a red herring to distract management that is incapable of rational thought. [/sarcasm]

It isn't remotely like previous operations/pranks/hacks done by Anonymous, they've never done a hack just for money as far as I know, and they've always been quite public about what they do which is part of their signature. Nope, gotta look a little further afield, Sony.

http://www.wired.com/gamelife/2011/05/sony-playstation-network-anonymous/

http://www.reuters.com/article/2011/05/04/sony-idUSN0422224820110504

http://it.slashdot.org/story/11/05/04/1749215/Sony-Officially-Blames-Anonymous-For-PSN-Hack


In other news, Sony had been informed that they were running older software versions with known vulnerabilities.

http://consumerist.com/2011/05/security-expert-sony-knew-its-software-was-obsolete-months-before-psn-breach.html

Facebook buying Skype?

I hope it doesn't happen, as do lots of Europeans because of FB's horrible track record on privacy, most of which would probably be against EU regulations. It's a pretty nebulous rumor, they could simply talk about integration so that FB users could easily produce voice/video chats. Google is also rumored to be interested in buying Skype.

http://www.zdnet.com/blog/facebook/rumor-facebook-wants-to-buy-skype/1354

http://news.slashdot.org/story/11/05/05/122218/Facebook-Wants-To-Buy-Skype

The latest in airport security methodologies

A Mac OS-X crimeware kit is now available to griefers

They've been available for Windows platforms for several years now, so it was kind of inevitable that one would eventually be made for OS-X. It basically makes it easy for griefers to make trojans, presumably for botnet and similar things. It runs on Windows but has the option of generating binaries for OS-X. And here's some more joy: ""The kit is being sold under the name Weyland-Yutani BOT and it is the first of its kind to hit the Mac OS platform. Basically it's a GUI point & click interface to create payloads that are script kiddie friendly.

Apparently, a dedicated iPad and Linux release are under preparation as well. The Weyland-Yutani BOT supports web injects and form grabbing in Firefox; however both Chrome and Safari will soon follow. The webinjects templates are identical to the ones used in Zeus and Spyeye.""

https://threatpost.com/en_us/blogs/crimeware-kit-emerges-mac-os-x-050211

There's also some fake Mac antivirus stuff going around: http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antivirus/

http://apple.slashdot.org/story/11/05/02/2120203/OS-X-Crimeware-Kit-Emerges

At this point, the danger is if you open and run the payload, so once again, smarts is what will mostly keep you safe.