Samy Prosecuted
Aidan Steele sent me this link today to an article describing how Samy has been prosecuted. He only served a few years probation and 3 months of community service. Of course Samy won’t be authorized to use a computer for a while, but that’s no surprise giving the malicious mischief involved.
But that’s the first successful XSS prosecution that I’m aware of. Of course in his case it was a worm, and not simply him XSSing himself, but it’s still the first time I’ve heard of it. Although funny, and innocent for the most part, let that be a warning to anyone thinking of following in his footsteps, lest you will be picking up trash for three months. *shudder*
February 3rd, 2007 at 7:00 pm
Oh my. See you in three months!
February 3rd, 2007 at 9:52 pm
Yeah. the best part about the article is how it describes myspace’s javascript filters as “strong”. There is a part of me that sympathises with him. I’m still not sure where the line is between legitimate security research and violating laws. I think he went a little bit over the line by making an actual factual propigating worm, but it did drive home the point that xss worms can be a real threat. So for now, I’ll error on the side of caution or at least until some one refers to me as a security researcher.
February 4th, 2007 at 2:43 pm
I feel for the guy! Criminal record and for what… bleh…
February 8th, 2007 at 7:25 am
Yall stfu. Samy is innocent. I XSS sites daily. Especially Government sites including the military and senate. The only crime samy has commited was wanting to have fun. His intentions was never to crash the system. If anyone here actually took the time to look at his worm, you would see that.
February 8th, 2007 at 9:59 am
@AcidRain - I don’t think anyone here was making a moral judgement against Samy. It’s more just interesting than anything. But fun or not it’s against the law - as is hitting mailboxes with baseball bats. So technically innocent? No. Should he be punished? That’s the only thing debatable.