Kaydol

Flood göndermek, insanların floodlarını okumak ve diğer insanlarla bağlantı kurmak için sosyal Floodlar ve Flood Yanıtları Motorumuza kaydolun.

Oturum aç

Flood göndermek, insanların floodlarını okumak ve diğer insanlarla bağlantı kurmak için sosyal Floodlar ve Flood Yanıtları Motorumuza giriş yapın.

Şifremi hatırlamıyorum

Şifreni mi unuttun? Lütfen e-mail adresinizi giriniz. Bir bağlantı alacaksınız ve e-posta yoluyla yeni bir şifre oluşturacaksınız.

3 ve kadim dostu 1 olan sj'yi rakamla giriniz. ( 31 )

Üzgünüz, Flood yazma yetkiniz yok, Flood girmek için giriş yapmalısınız.

Lütfen bu Floodun neden bildirilmesi gerektiğini düşündüğünüzü kısaca açıklayın.

Lütfen bu cevabın neden bildirilmesi gerektiğini kısaca açıklayın.

Please briefly explain why you feel this user should be reported.

19-yo Archiver charged for scraping public open gov documents

19-yo Archiver charged for scraping public open gov documents

Benzer Yazılar

Yorum eklemek için giriş yapmalısınız.

34 Yorumları

  1. How incompetent can people be, seriously they weren’t even so much as password protected

  2. So the govt. blames a citizen for their own lack of security. Where have I heard that one before? I really hope heads roll.

  3. This is the best tl;dr I could make, [original](http://www.cbc.ca/news/canada/nova-scotia/freedom-of-information-request-privacy-breach-teen-speaks-out-1.4621970) reduced by 93%. (I’m a bot)
    *****
    > The teen has been charged with "Unauthorized use of a computer," which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases.

    > On Friday, Nova Scotia Premier Stephen McNeil said the person who downloaded the documents 'stole' the information.

    > In an interview with CBC News, the 19-year-old says he thought he was downloading an archive of public information that was supposed to be freely available on the internet.

    *****
    [**Extended Summary**](http://np.reddit.com/r/autotldr/comments/8d4k42/teen_charged_in_nova_scotia_government_breach_of/) | [FAQ](http://np.reddit.com/r/autotldr/comments/31b9fm/faq_autotldr_bot/ “Version 2.00, ~312262 tl;drs so far.”) | [Feedback](http://np.reddit.com/message/compose?to=%23autotldr “PM’s and comments are monitored, constructive feedback is welcome.”) | *Top* *keywords*: **computer**^#1 **download**^#2 **information**^#3 **public**^#4 **freedom-of-information**^#5

  4. ITT: people stealing stuff from someone’s house because the owner left the door unlocked by accident

  5. This as insane as that 14-year-old girl in Minnesota that got charged with child pornography distribution for sexting. It may be even more insane, because in that situation, they could at least claim some kind of *technical* argument that she had committed the crime as described in legislation. In this case, they have nothing. He was accessing publicly published files and accidentally got something they weren’t supposed to publish.

  6. The Government really failed here.
    If you think about it, who’s really at fault? Compare the two.

    Government:

    1. Not having a properly secured server, port forwarded to be accessed via the internet.

    2. Uploading unsecured documents to a unsecured server, including the server directory which is also not secured.

    3. Not utilizing a login page for said directory, in which the server will automatically accept access requests to directory.

    4. Not integrating Active Directory to be used for logging in to said server.

    5. Providing access to directory to the World Wide Web, instead of a VPN to tunnel the connection to the server in which the user would have to provide credentials.

    6. Once again, having a Fully Qualified Domain Name in which the user can access via the network that is not linked to the government.

    7. Not properly setting up permissions on server.

    End User:

    1. Accessing publicly available documents on a server in which is port forwarded to be accessed via the internet

    2. Downloading documents in which is not encrypted or password protected. Along with being able to access a server page in which is NOT protected in allowed end users to connect without credentials.

  7. this is all kinds of fucked up. even if they weren’t supposed to be available, presumably they were just sitting there for anyone to see. I shouldn’t be surprised that a gov’t would charge someone for their own fuckup, but *damn!*

  8. Soooo start by collecting to an offshore host using a VPS, THEN download onto a physical medium. Got it.

  9. Those who read 1984 will understand why today’s governments don’t want spurious copies of their data roaming around in the wild. It makes the Ministry of Truth’s job much more difficult.

  10. The salient point here seems to be whether or not a reasonable person would expect these documents were meant to be publicly available. Whether or not it’s good security practice to use easily guessable URLs for documents is a separate issue (it’s not good practice, BTW).

    For example, if there is a link to a document from the front page of a Web site, a reasonable person would conclude the document is public. In contrast, if attempting to navigate to a Web page prompted the user to enter a password, a reasonable person would conclude the document is *not* public (even if the password was easy to guess because of poor security).

    In this case, would a reasonable person conclude that a document is public if that document can only be accessed by manipulating a URL in a way that’s not documented anywhere on the Website? I don’t believe so. Yes, it’s terrible information security. No, terrible information security does not constitute justification to download documents that are not public.

  11. We should all go download the same files if they’re still publicly accessable by the same means to show soldiarity and give them the finger.

  12. Maybe we could start a gofundme to to support one of our own.

  13. Idiots. If you have such shit security than anyone can scrape data off your site the your data was public to begin with. Instead if bullying and trying to destroy this 19 year olds life, maybe spend some money and hire people who know wtf they are doing.

  14. > police found him sleeping when 15 officers raided the family home last Wednesday morning.

    Clearly a very appropriate response to someone downloading stuff over the internet. /s

  15. I don’t quite understand how he can be arrested for saving publicly available information. Is it because it was automated? Would he be in the same situation had he downloaded everything by hand? And would he be found guilty in court?

  16. It doesn’t matter if you did nothing wrong. The police and legal system exist to fill prisons. Overpaid police have nothing better to do than aid someone’s home and destroy their life for doing absolutely nothing wrong.

    Notice how they try to frame the whole thing by using the words ‘stealing’ and the press has absolutely no problem repeating any of these lies.

    Presumed guilty until proven innocent.

  17. It sounds like they had accidentally made all documents available, but “a single line of code” suggests either a predictable naming scheme or he found an open directory listing. There is no indication of any actual breach of security (no guessed password or anything).
    Either way, I will never understand how it can be called unauthorized access when they obviously returned “200 OK” and not 401 or 403. He literally had to ask for each document, and their server made the decision to provide the data. If it wasn’t behind a password, then it was public regardless of their intent. No different then leaving them out in the lobby among a bunch of free flyers. Unfortunately, courts rarely seem to understand these things properly.

  18. Does anyone know if the EFF operates in Canada? I’m sure they’d have this guys back if he was in the states.

  19. This scares me because I always thought it was safe to do and now something I never thought would be illegal can result in the raid of my house just like they would raid a murders house.

  20. The irony, is that he was downloading *FREEDOM OF INFORMATION* files

  21. One of the reasons I use Tor when I archive a website.

  22. [here is more context](https://globalnews.ca/news/4137619/nova-scotia-foi-breach/) we all do this sort of thing without blinking an eye.

    Imagine being woken up to 15 police raiding your house cause you scraped some website. This is really hitting close to home due to its similarities to my hobbies.