HackerTrans
TopNewTrendsCommentsPastAskShowJobs

secalex

no profile record

comments

secalex
·4 เดือนที่ผ่านมา·discuss
Phew, that's a relief. Guess that's a reasonable compromise for a $550 product for which there are no other quality competitors.
secalex
·6 เดือนที่ผ่านมา·discuss
My friend/colleague had her phone stolen while she was napping in the hospital room of her terminally ill husband. Fortunately it had MDM. Called Palo Alto PD, I sat with them and tracked it from the hotel and it was already in San Jose. They worked with SJPD live and walked them into the guy who happened to be in a parking garage peering into cars. Caught him with a backpack full of stolen phones.

The stereotype of US cops not caring isn't always true.

Unfortunate fact for the perp was the ill husband was a US Attorney and stealing his phone made it a big boy federal felony that was not looked kindly upon by the colleagues of a dying AUSA in the Northern District. I wonder if he's still in FCI Lompoc.
secalex
·8 เดือนที่ผ่านมา·discuss
Gmail is an Electronic Communication Service as defined in 18 U.S.C § 2510, meaning its contents are protected under the Stored Communications Act (18 U.S.C. Chapter 121 §§ 2701–2713).

Communications with an AI system do not involve a human so are not protected by ECPA or the SCA and get less protection. This is controversial and some people have called on ECPA/SCA to be extended to cover AI services. That means a warrant would be necessary to get your OpenAI history, not just a subpoena.
secalex
·10 เดือนที่ผ่านมา·discuss
Um, Windows 11 still hasn’t moved all the necessary utilities and administrative panels over to the windowing toolkit Microsoft introduced in 2012, and MacOS 26(??) is… hideous.
secalex
·ปีที่แล้ว·discuss
Thomas is one of the pickier, crankier, least faddish technologists I've ever met. If he has gone fanboy that holds a lot of weight with me.
secalex
·ปีที่แล้ว·discuss
Depending on what he actually did to enumerate that database and whether he downloaded all that PII I think changes the risk profile.
secalex
·ปีที่แล้ว·discuss
IANAL and this is not legal advice, but you probably fine reverse engineering a mobile app and intercepting your own network traffic. He was doing ok until he started enumerating IDs in their database, at which point he started venturing into the territory that got weev 3.5 yrs.

https://www.wired.com/2013/03/att-hacker-gets-3-years/

I am not endorsing this interpretation of the CFAA, but this kid needs a lawyer.
secalex
·ปีที่แล้ว·discuss
Agreed. I've been doing this for 25+ years and personally know a dozen people who have been threatened and several who have been sued or faced potential prosecution for legitimate security research. I've experienced both situations!

That doesn't make it right, and the treatment of the researcher here was completely inappropriate, but telling young researchers to just go full disclosure without being careful about documentation, legal advice and staying within the various legal lines is itself irresponsible.