Comments on: great lawyers

By: chris

chris — Mon, 20 Oct 2003 11:17:37 +0000

Lessig,
I love your writings, and I think your a vital piece of a new movement of informed Gex X'ers... however being "proud and moved" may be the wrong term for a man who served 16 months in prison...

By: No one

No one — Sun, 19 Oct 2003 07:24:59 +0000

In response to cypherpunk...

McDanel did contact managment on several occasions prior to sending the emails out. There were weblogs on his system from Tornado staff visiting his page prior to him informing anyone about the problem.

McDanel included a solution to this problem, to not click on links in email, but instead cut and paste the url into a new browser. The problem had to do with HTTP_REFERER information, Tornado claimed that the *name* of a CGI variable that appeared on the location bar as part of the url was a *trade secret* at one point!!! I have a hard time seeing how anything in the url that you can see is in any way secret or confidential.

McDanel sent emails at a rate of 10 wait 1.5 seconds then 10 more.. This works out to about 6.67/second. The system logs prove that the system had no cpu problems until after admins logged in and shut sendmail (as well as pop3, and httpd) down. As soon as they shut sendmail down no amount of sending mail will cause any cpu load. They did this to delete the already delivered emails (in violation of 18 USC 2701). He did not crash the email server, there was even testimony that people read the email first, then made the decision to take the system down to delete the email.

By: Toxey

Toxey — Sun, 19 Oct 2003 07:02:07 +0000

I find this story shocking. Not that he was released... it was inevitable that somewhere in the appeals process this insane sentence would have to be amended. I'm shocked that it ever got this far in the first place! I understand the company's need to protect it's interests, but I can't imagine how this was not classified as a CIVIL matter. The fact that this continued through the entire criminal trial process, and no one said "Hey! Doesn't this seem entirely wrong?" is amazing! Apology Shmology! This poor sod needs to take somebody "to the cleaners" for stealing 16 months of his life. Sheesh!

By: adamsj

adamsj — Sat, 18 Oct 2003 14:29:26 +0000

But also as a practical matter, how much credibility is gained by signing your own, real, honest-to-god-and-in-the-tradition-of-civil-disobedience-I-am-willing-to-be-held-accountable-for-my-actions name?

By: Cypherpunk

Cypherpunk — Sat, 18 Oct 2003 02:58:12 +0000

It's actuallly a pretty interesting case.

McDanel did a couple of things that were really dumb. The first was crashing his former employer Tornado's email system by flooding it. This is malicious and he was just lucky that the company didn't manage to put together a case that by themselves his three flood attacks caused the requisite $5000 in damage.

Second, he wanted to inform the customers about a vulnerability in the Tornado software that might put the customer's confidential data at risk, a laudable goal. But by its nature, there is no way to distribute that kind of information without also informing the bad guys of the possible exploit. This is a current hot topic in the vulnerability community. The emerging consensus is that the right thing to do is to inform the company that you are going public with the information and give them a reasonable advance notice, of perhaps two to a few weeks. McDanel did not do so, apparently, and although he had tried to get the company to fix its problems while an employee, they had no way to know that once he left he would go public with the data.

Going beyond what is right and wrong here, as a practical matter it was foolish for McDanel to associate his name with his actions by including in his warning email links to a web site he controlled. I would suggest that he should have posted the information anonymously, if he decided it needed to be propagated. This accomplishes his goals and would have protected him against his 16 months in prison.

I should add BTW that based upon personal experience I agree that Jennifer Granick is worth her weight in gold!

By: Morgaine Swann

Morgaine Swann — Fri, 17 Oct 2003 23:58:53 +0000

You do realize that a significant chunk ot the $87 B is going to benefit Halliburton, Right? And that Cheney still has stock options with them? And that Halliburton just billed the US Gov't $300 Million for gasoline in Iraq - that's 1.65 per gallon in a country where gasoline costs between 4 and 15 CENTS per Gallon?

By: Anonymous

Anonymous — Fri, 17 Oct 2003 22:18:23 +0000

as soon as i rack up enough points i am so moving to canada.

By: harold

harold — Fri, 17 Oct 2003 15:48:56 +0000

Though off topic a bit, I am totally with you on the 87 billion deal. I am certainly not huge political guy but this iraq reconstruction makes me incredibly nervous. I don't know too much about Edwards but if he is against this enormous and,it seems not planned out, package, then he has his head on his shoulders and is thinking right about not supporting it.

By: dilly77

dilly77 — Fri, 17 Oct 2003 15:46:21 +0000

Speaking of great lawyers, shout out to Prof. Lessig for blogging the Edwards blog earlier this month. Edwards might have been a little late to the blog game, but he's getting a pretty lively discussion going over there now. Thanks for helping make people aware.

By: Anonymous

Anonymous — Fri, 17 Oct 2003 15:28:59 +0000

I greatly enjoyed Prof. Lessig's article on blogs in Wired. It is amazing how blogs have become so much of a force in the presidential campaigns. I really enjoy Edwards new blog - Blog.JohnEdwards2004.com - and the postings from Mrs. Edwards. I was on there earlier and was pleased to see that Sen. Edwards does not support the blank, $87B check to Pres Bush.