Wei Bin Wang 2 months ago
"To explain the 'hack' that he did:
On the Apple site, they gave a number to any registered user who uses the site in its URL, and that was what save them the page with their saved email address. What weev did was just add 1 to it, press enter, and it spat out another person's email address. Do the same thing several more times and you'll eventually end up with everyone's email addresses. Hence why he said he was "going to prison for arithmetic."
On how he used it, he didn't use it for anything malicious, he just gave his discovery to a journalist. The safest move was to report the exploit to Apple and get a free job or recommendation on his future career, but it's not in his character to do that. The real fault lies in the incompetent design of such a site that made this "gaping hole" in their security. If weev wasn't there, it was only a matter of time before someone else decided to be curious and add 1 to the number of the URL on that site and discover the exploit themselves.
The way both the media blasted this out of proportions and the way the judicial system handled it is in some ways surprising, and in other ways very disappointing. The guy just added 1 to a number on a website URL a few times and he gets a trip to prison...for arithmetic! Even to this day, I can't believe he got sentenced to jail for that."
No comments:
Post a Comment