Not to blame the victim, but Mr. Shafer’s first mistake was in looking too closely at a server
What he did wasn’t unusual in the industry. Too many companies use FTP for uploading files to their technical support teams and fail to chroot or otherwise protect privacy between customers, leaving hundreds of customers’ records in a folder called “uploads”.
It’s a major HIPAA lapse, but it’s also not Eaglesoft’s biggest problem by a longshot.
I play around with IoT devices on my own time, and sometimes reverse engineer a network protocol used by a device I own personally; I haven’t published any of this since the laws changed.
Correct; If we find something during a work for hire project, we notify the client. If it’s a critical flaw in a vendor-supplied application or protocol, we’ll encourage the client to notify the vendor, but ultimately it is their call.
so Eaglesoft is punishing Shafer via the Computer Fraud and Abuse Act and the FBI?
[quote=“ACE, post:22, topic:78750”]
I play around with IoT devices on my own time, and sometimes reverse engineer a network protocol used by a device I own personally; I haven’t published any of this since the laws changed.[/quote]
I take this as a sign that from now on critical security disclosures will happen spontaneously, and be revealed explosively by a group whose name rhymes with “Shmanonymous.”
I mean, this is the world we’re slowly building, right?
You can’t exceed authorization when there’s no authorization required whatsoever in the first place.
Send whatever judge who signed off on this to the gulag.
Sounds like corporate swatting to me. Same amount of evidence for the crime, i.e. the say-so of some asshole, right?
Reactionary?
I thought you were supposed to be the spooky ones?
Fail, imo.
I’m too much of a loudmouth, although I’ve not been in a situation where calling something out might impact the bottom line solely in a profit-driven corporate sense. I have a relatively boring occupation now, but time used to be that my word was the go/no go point for a military aircraft and usually one carrying pax/cargo/both and almost always myself–but I had the force of, ‘if you don’t stop and fix this we will collectively fall from the sky and perish in a conflagration of JP-8 and dirty socks’. Whereas researchers don’t have any such protections. I would hope some protection is available via groups like EFF, if even only a fart in the federal wind.
It seems Eaglesoft has exceeded authorized access to the national law enforcement agency. What’s going to happen to them?
Brought to you by late stage capitalism.
Found footage of the CEO of Patterson Dental:
Not to condone the FBI’s behavior, but if the gun was a green assault rifle or shotgun, the FBI was, looking out for his family’s well-being. Green or yellow guns, typically, denote LTL (less than lethal) rounds are loaded into the weapon.
I try to keep an open mind about the agents themselves. They are just acting as they are ordered. That doesn’t mean that they don’t understand who he is or what he does as a job. They may not even agree with their orders (do you agree with everything your bosses ask of you?).
He will get his day in court, the same as the dental software company. If the company did use the FBI for a corporate version of swatting, I hope the judge will see through it and hand them their ass!
We are slowly building (or rather, it seems we have already built) a world designed to enable data breaches and identity theft, and to allow companies to generate profits from aggregating sensitive personal information while forcing the people whose data was collected to bear the cost of the companies’ failure to protect the information.
THIS is why we can’t have nice things 
A variation of:
If a server replies to a get command with the requested data, the server (and by extension its owner) has given authorization.
So after I read this I decided to search through all my old passports because I was sure that in some one of my travels I had either re-entered into an old Soviet block country or worse I had time-surfed back into a 1930’s Germany. The horrible truth seems to be that I really am in the USA. It just doesn’t make any sense though…People who try to help the public apparently are our enemies and even more bizarre an orange clown seems to have a chance of becoming the next president. I could deal with a time warp so much better than the reality that the country I thought I knew has become the vicious farce that claims its respect for people while quietly slitting our guts when we exercise our long gone rights
Patterson needs a good kick in the teeth.
: golden-like:
Why doesn’t the FIB raid Zuckbook. Oh yeah that’s where they’re getting their data from.
