[LINK] faux-privacy ? (was: It's Queensland - (sorry to Qlders))

Tom Koltai tomk at unwired.com.au
Fri May 20 14:42:08 AEST 2011



> -----Original Message-----
> From: link-bounces at mailman.anu.edu.au 
> [mailto:link-bounces at mailman.anu.edu.au] On Behalf Of Jan Whitaker
> Sent: Friday, 20 May 2011 1:55 PM
> To: link
> Subject: Re: [LINK] faux-privacy ? (was: It's Queensland - 
> (sorry to Qlders))
> 
> 
> At 01:47 PM 20/05/2011, eric scheid wrote:
> 
> >For starters, is Facebook on shaky ground by saying they're 
> protecting 
> >your privacy but then making all your private stuff so publicly 
> >available? Are they promising something they are failing to 
> deliver on?
> 
> The brute force access on this case reminded me of a similar 
> situation a few years ago (probably discussed on Link at the time) of 
> a person guessing URLs for bank accounts or some other similar type 
> of 'secure' system. Does anyone recall what that was? If the URL is 
> guessable, then it's not really secure, is it? Patterns are 
> guessable. It wouldn't surprise me if that approach wasn't used a lot 
> for just mucking about by bored high school/middle school/uni 
> students.
> 
> Jan
> 


Err Sorry Eric and Jan,

I think the chaps in blue might have one here... (although I'm dead set
against anybody's computer being taken for "forensic fishing purposes
and believe we need some legislation to prevent that in the future").

For example, in 1995, the CTO of a certain internet company left the
root passwd in an ASCII text file for the whole world to see.
However, by doing so, he didn't say, please come and change the home
page url, AND steal all my credit card numbers.

It is akin to leaving your front door key in a faux rock in the garden
and a curious 10 year old finding it... Then using the key to enter your
premises and steal all the brandy...

Your argument would suggest that because the key was in a publicly
accessible obvious location, the burglar, even though he might be a
minor isn't actually guilty of anything.
Sorry. Codswallop! 

On the other hand, is possession of the key unlawful ? (In this
instance, a "carbon copy of".)
I would suggest that knowledgeable possession without intent would be
unusual.

- Err, notwithstanding the above, I'm all for the CA. Senator Corbett's
new legislative motion for anteing up the privacy eula rules on any site
before data is entered.


TomK




More information about the Link mailing list