Sunday, June 27, 2010

gee it's been a while

I know, right? Basically, right after my last post, I started a new job. I was working on a DoD contract, and even though I didn't really have access to anything all that exciting, I just felt constrained not to talk about anything Infosec related. However, about six weeks ago I was hired by the coolest company on earth, and while I must provide the disclaimer that in this blog I in no way speak for my employer, I do feel that I can talk about my profession once more.

So what the hell, I'll say something controversial. As probably everyone knows by this point, a hacker named Andrew Auernheimer, also known as Weev, was arrested when he and his security group, Goatse security, revealed some flaws in AT&T's website.

Now Goatse is not exactly the most...dignified group of people, which you can tell just from the name, which refers to a widely distributed pornographic image, a stylized version of which is the group's logo. On the other hand, they contend that they informed AT&T of the security flaw back in March, were ignored, and only then did they publish the exploit and the data.

Now Weev has been charged not only with the exploit, but with possession of pretty much all the drugs in the world. And I have to echo BoingBoing in wondering if this is just spite on AT&T's part. It's also possible that the police and AT&T know they can't really make the hacking charge stick -- especially if there's proof that Goatse contacted AT&T about the issue well before publishing -- so they are finding anything they can to nail Weev with. This isn't necessarily spite, but it's definitely dirty pool.

Honestly, AT&T has no excuse for all the negative press, especially security-related negativity, that they are generating lately. Anybody who's been in the Infosec business for any length of time once viewed AT&T as one of the authorities on the subject. Because AT&T is the only service provider for Apple products -- in itself not the best idea in my opinion -- they need to be much more serious about patching exploits in a timely fashion. Given how popular the iPad is and that all the cool kids rushed out to buy one (I'm not a cool kid), it is in fact reprehensible on their part not to patch it.

AT&T has an easy target in Weev: he's a self-proclaimed drug user, and the picture of the old-time "scruffy hacker". He's not an attractive champion in any sense. But at the same time, AT&T has totally lost its own white knight status with their attitude. Weev's in trouble now no matter what with this new drug charge, but here's hoping that AT&T is found more to blame in the case of the exploit than Goatse.

No comments:

Post a Comment