MySpace Worm Creator Sentenced 387
Aidan Steele writes "Remember Samy? The creator of the infamous worm was unfortunate enough to be the the target in MySpace's latest litigation. As was said in the earlier story, the script was "written for fun" and caused no damage. The source and technical explanation for the "attack" was not even released until after MySpace had patched the vulnerability. Apparently this was enough to get the 20 year old (19 at the time of writing the worm) three years of probation, three months of community service, pay restitution to MySpace and is also banned from the Internet. Clearly, disclosing security vulnerabilities doesn't pay."
Summary is wrong... (Score:5, Informative)
AFAIK, a civil court (which is where MySpace would have to sue Samy) doesn't ban people from the internets or sentance them to community service. And TFA says he pleaded guilty in LA Superior Court... you don't plead guilty in civil court.
Here's a better article [techspot.com]
Samy Kamkar (aka 'Samy is my Hero') plead guilty yesterday in Los Angeles Superior Court to a violation of Penal Code section 502(c)(8) as a felony and was placed on three years of formal probation, ordered to perform 90 days of community service, pay restitution to MySpace, and had computer restrictions placed on the manner and means he could use a computer - he can only use a computer and access the internet for work related reasons.
Undoubtedly, the prosecutor had MySpace's cooperation, but MySpace certainly didn't "target him" in court.
P.S. of the 3 articles on Google News [google.com] submitter picked the least informative one.
Re:How can anybody be banned from internet? (Score:5, Informative)
He now has a probation officer.
If Samy violates the terms of his probation, he can go to jail.
This is how they enforce the internets banhammer.
If Samy leaves the country, much less leaves the state, he has violated the terms of his probation and probably goes to jail. If Samy downloads movies on his cellphone, for non-work related reasons, he has violated the terms of his probation and could go to jail.
Being banned from the internet is no different than being banned from driving, or from going into [place of business] or going near schools, or from possessing [item X], etc.
Judges have this type of power and use it frequently.
Re:Restitution? (Score:3, Informative)
Best of luck to him!
Re:Restitution? (Score:3, Informative)
Re:Idea (Score:5, Informative)
His explanation of how he overcame a series of lame myspace.com attempts at security (http://fast.info/myspace/) should be mandatory reading for anyone writing a web application.
Re:The moral of this story... (Score:3, Informative)
I was under the impression that it:
added Samy as a friend of anyone hit by it
used computing resources without permission
required human intervention to clean up afterwards (removing the data, not just patching the hole)
Even if you discount the second two points, the first is indisputable - it had a payload. The payload wasn't malicious, but it was still a payload.
It's like trying to rob a bank with an orange water gun.
Depending on the circumstances and how you do it, that could get you shot dead. At the very least, you'll likely be charged with something along the lines of using an imitation firearm to threaten people, attempted robbery, and if it could be demonstrated that you were convincing enough (eg you had the water pistol covered so only the shape was apparent) potentially even with armed robbery.
Don't think you might end up shot? Think again [bbc.co.uk].
Undisclosed amount vs fighting it (Score:4, Informative)
Yes he could have fought this further in court but when my $fighting > $settlement there's only one move to take. Plus if he went to jail then who would I go to Chipotles with?
Re:Idea (Score:5, Informative)
Re:Exactly. He's not exactly blameless. (Score:4, Informative)
I don't like what this guy did, but it was clever and certainly not someone a script kiddie can do. Here's his explanation [namb.la] of his worm and how it worked. Clearly it took a lot of original effort and thought to do it.
D
Re:So (Score:3, Informative)
So the way I read that is that even if he had permission to add stuff to his profile (which clearly he did, since the changes were allowed), if the changes were not intended by the "owner of the information," then he broke this law. Pretty screwy wording, if you ask me. So basically, anytime you "modify" data in a manner not intended by the website owner, you're breaking the law (at least in California). I wonder how long before somebody uses this law to sue the RIAA for putting fake files on P2P networks?