Saturday, February 03, 2007

Samy Sued and Sentanced

Well, today we've found out that the creater of the MySpace Samy worm has been sued by MySpace and sentanced: http://www.scmagazine.com.au/news/45262,myspace-superworm-creator-sentenced-to-probation-community-service.aspx

I'm honestly lost for words, that comes as quite a shock to me.

Now clearly he has done something wrong (and now it seems - illegal), but I don't think anyone expected this. Especially considering that while it did spread, it was completely non-malicious.

For the moment I'm safe since I've never attacked MySpace, but frankly, I'm just worried that they're going to come after people who have disclosed vulnerabilities in MySpace next.

3 comments:

Anonymous said...

That's a sad story.. really. It should have been a wake-up call for MySpace. But it seems it always goes like this, a pity.

-Jungsonn

Anonymous said...

I am suprised and not suprised. Samy did not do any serious damage to MySpace but MySpace gave him a harsh sentence. MySpace deceived and abused the legal system by having very selfish lawyers. Large companies have good lawyers. If he put a similar "virus" on other smaller websites, he would probably not get into trouble.

Many people are ignorant about Samy's virus since they think that Samy caused serious damage, but he actually did not. Yes, the government is also very ignorant about it and other technical stuff. These kind of things happen all the time from the igorance of the judical system.

Why should Samy waste his time finding and reporting that bug? Does MySpace reward people for reporting its bugs? He is not a application vulnerability researcher working for MySpace. He would have not reported that bug in the first place if knew it would cause serious damage.

I cannot see the point for coding "secure" web applications when the website can punish the people for hacking. We all cannot make un-secure web applications and punish people like MySpace does. Only rich companies can make insecure web sites.

kuza55 said...

I like to bitch about MySpace as much as the next guy, but its not always the corporation being evil.

The reason I say this is because of this post: http://ha.ckers.org/blog/20070310/my-lunch-with-samy/

Where if you scroll (or read) down to the seventh paragraph you'll see this quote:

"This, however, is when things started going bad for Samy. After over one million infections MySpace was taken off-line. The DA’s office got involved. Although MySpace was only tangentially interested in nailing Samy (for publicity’s sake from what he can tell) the DA’s office was far more interested (for their own publicity). At some point they actually began to follow him - for what they told him was about a two week period of time - before finally serving a warrant."

Now, as much as we want to bitch about lawyers, especially those working for corporations - what would you do if someone _illegally_ attacked your site, and wrote a worm to infect it?