Brit founder of Windows leaks website BuildFeed, infosec bod spared jail over Microsoft hack The Brit who ran the BuildFeed website of Windows leaks has been handed a suspended prison sentence – along with a former Malwarebytes bod who hacked into Microsoft's internal OS development networks. Thomas Hounsell, 26, of Station Road, Sleaford, Lincolnshire, and former Malwarebytes researcher Zammis Clark, 24, of Agar …
When Monty Python joked about "society" being a victim, they weren't.
English common law views "society" as a person - so it can be a victim.
Personally I think that's a load of cobblers as it's just a fig leaf for fascism and a gateway for arbitrary laws - which the UK has plenty of anyway.
"The two should be serving 15 to 20 in hard time prison."
Why??? There is no particular harm done. Are you another one of those people who think that simply breaking a law should bring down the maximum sentence? If so, you are wrong - context matters.
"Pandering to the feral never turns out well. Just ask France."
Is that some thinly veiled reference to it being unwise to give Muslims human rights? If so, you know that you are not a nice person, don't you?
Fortunately, this isn't the United States of America where I am sure such a heinous act would have merited 20 years hard labour. Do not forget that for 5 years neither of these 2 will be able to work in many IT companies as they now have a Disclosure Scotland entry - that will be plenty enough of a penalty.
They have a good enough coding and reasoning skills to find malware, but not enough to understand how VPN applications are coded.
Obviously Microsoft uses VPN software (web based or client app) allowing employees to connect remotely.
VPN software pretty much searches to ensure your computer is safe, has AV software, etc. Gathers IP address history, among other basic info from registry.
If you're unwilling to install the VPN application, along with any other required applications then you're not allowed to connect.
Then if a connecting computer is suspect, it isn't difficult for the company and/or law enforcement to add other code/apps to get nearly anything from an intruder's computer--particularly if this person is using an account with elevated privileges--which most likely they will be.
A good thing to know; if you're going to work remotely--use a company laptop instead of your personal home computer.
VPN software pretty much searches to ensure your computer is safe, has AV software, etc. Gathers IP address history, among other basic info from registry.
No.
If you're unwilling to install the VPN application, along with any other required applications then you're not allowed to connect.
Nope.
Then if a connecting computer is suspect, it isn't difficult for the company and/or law enforcement to add other code/apps to get nearly anything from an intruder's computer--particularly if this person is using an account with elevated privileges--which most likely they will be.
Nuh-uh.
I don't think you've ever used a VPN in your life, mate. The name gives it away: Virtual Private Networks only allow you to tunnel your connection through a secure channel to appear like you're part of another LAN (Local Area Network, i.e. sharing a subnet behind a local device like a router). If you've ever used Hamachi to play local LAN multiplayer it's the same concept: it tunnels a client WAN (Wide Area Network) IP to make it appear to the host system that the IP is part of a local network, allowing for LAN-only games/applications to see and use the connection. It can also be used to get past firewalls that would prevent plaing Internet-connected games with others, which is one of the primary reasons so many kids use it.
VPN software in no way is required to do any of what you mentioned; basic VPN software only facilitates IP tunneling. Some corporate applications like Cisco AnyConnect may support the functionality to allow the host server to enforce specific policies—eg., to deny connections to systems not joined to an Active Directory domain, or to run shell commands on the client—but it is not required to set it up like that. You will find most VPN software either does not have such functionality, or allows the user to disable it, see: OpenVPN. Anyway, even if these requirements were necessary in this specific instance to allow the dude to connect to Microsoft servers, it is more likely he simply logged into a web-based interface and scraped data from the site. Even if he did have to use some kind of aggressive, system-controlling VPN to connect, there are trivial ways to avoid the reprocussions, like running it in a virtual machine or sandbox. Or just not allowing any system changes and faking out the host server to think you're compliant when you really aren't, but that's a little harder to pull off.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
