Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

He forced a password reset by answering questions about Palin’s birthdate, zip code and where she met her spouse, Wasilla High School.

By this admission, the media needs to drop the word "HACK" right now because that's not hacking. That's social engineering.



Social engineering is people hacking. He didn't hack any people. He subverted a poorly designed password retrieval mechanism.

Just because he didn't use a personally crafted 0-day exploit doesn't mean he wasn't hacking (or cracking, if you're in to semantic debate).


He subverted a poorly designed password retrieval mechanism.

Even better way of putting it, thank you. By all legal definitions this kid should get off scot free but he wont.


I'm pretty sure that "the lock was poorly designed" has never successfully been used as a legal defence by a burglar, and that "but they were so easy to fool" has never successfully been used as a legal defence by a conman, so I'd be surprised if a poorly-designed password retrieval mechanism could be used as a defence in this case.

If nothing else, the kid committed some kind of fraud by telling the system he was Sarah Palin when in fact he wasn't.


If nothing else, the kid committed some kind of fraud by telling the system he was Sarah Palin when in fact he wasn't

I've also never heard of a case where someone told a computer they were someone they weren't and prosecuted on that alone or any sort of 'fraud' in a circumstance like this (though if you want to split hairs, Identity Theft that leads to punitive damages such as credit, or finances is another thing, but still doesn't fit the mold of this particular circumstance)

It's a perfectly fine defense, all things said. He retrieved the information he needed, he used the system the way it was built to be used and the system did what it was supposed to do. There is NOTHING illegal about lying to a computer system in this situation.

The burglar analogy only makes even a bit of sense if the burglar illegally obtained a key, made a copy of it and THEN gained access to the home. For the intents of this discussion, that's all this rubico person did. He obtained a key to the home, used the key to it's intended purpose and gained access.


> he used the system the way it was built to be used and the system did what it was supposed to do.

So, if I go to the mailbox outside your home (assuming the classic unlocked US design) after the mailman leave, pick up your mail, open the envelopes and post what I find on /b/, you're just gonna shrug and blame yourself for using such a badly designed security mechanism?

You know, when I open your letters, the envelope does exactly what it's supposed to do, so I'm not committing a crime, right?


Simply having a key does not give you the right to use it.


Drop it. He could be legitimately prosecuted for everything from identity theft to electoral fraud.


Not even that. Social engineering would be if he tricked Palin into divulging the information.

It's really just being able to use Google.


And of course their intent with the word "hack" isn't even close to the original ("Hacker News") sense of the word.


There is no difference to MSM.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: