Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Privacy Your Rights Online

Man Reportedly Jailed for Using Lynx 912

wezzul writes "A Londoner made a tsunami-relief donation using Lynx on Sun's Solaris operating system. The site operator decided that this 'unusual' event in the system log indicated a hack attempt, and the police broke down the donor's door and arrested him." Honestly, though, aside from a BBC article about a tsunami fund hacking probe that doesn't mention user agents there's little to corroborate this. Hopefully Lynx users need not worry too much yet.
This discussion has been archived. No new comments can be posted.

Man Reportedly Jailed for Using Lynx

Comments Filter:
  • by Anonymous Coward on Friday January 28, 2005 @02:56AM (#11501147)
    Thats right; He shoulda been using "links" anyhow!
  • by PreDefined ( 787636 ) on Friday January 28, 2005 @02:58AM (#11501153)
    What's next? Sometime in the near future: Man tries to buy chocolate bar with paper money! Shock! Horror! Maybe this is just a little too random but that's where my mind travelled to.
    • by ActionJesus ( 803475 ) on Friday January 28, 2005 @03:13AM (#11501218)
      Up here in Scotland, we have our own paper money. Although its legal throughout the UK, a lot of english shopkeeps will give you funny looks if you give them a scottish fiver.

      However, wheres fivers and the like merely look different, apparently the english dont have a paper £1 note (and we do, although they're much rarer these days).

      How long until we get arrested for paying for something with "funny money"? Remember, every time you use a non-standard currency, your funding terrorists!
    • What's next? Sometime in the near future: Man tries to buy chocolate bar with paper money! Shock! Horror! Maybe this is just a little too random but that's where my mind travelled to.

      We are already at the point where making a large purchase with paper money is unusual.

      About two years ago, I decided I wanted a dishwasher. I went down to my bank, took out some money, checked a few places, and finally paid for a small dishwasher in cash.

      Had some extremely strange looks from the salesperson.

      • In the UK (and probably accross the EU) large cash transactions are unusual partly because they already come under the money-laundering regulations.

        See quote below (from here [bbc.co.uk]).

        Generally, dealers must make a "suspicious activity report" to NCIS on any cash transaction of more than 15,000 euros (about £10,000) - although smaller transactions must also be reported if they arouse any suspicions.

      • by Molt ( 116343 ) on Friday January 28, 2005 @05:59AM (#11501797)

        I must have been lucky when I bought my laptop then, the discussion over payment went pretty much like this:

        "And how would you like to pay for this?"

        "Do you accept anonymous white envelopes stuffed with cash?"

        "That'll do nicely, Sir"

        This was in one of the more reputable shops on London's Tottenham Court Road (Micro Anvika). Was impressed that not only did he not bat an eyelid, but he was actually able to make the funny.

  • WHY! (Score:5, Funny)

    by Anonymous Coward on Friday January 28, 2005 @02:58AM (#11501154)
    Why oh why wasnt it "Man Reportedly Jailed for Using IE"
  • by Homology ( 639438 ) on Friday January 28, 2005 @02:59AM (#11501158)
    actually reading logs, now, if only they could understand them.
    • by Stephen Samuel ( 106962 ) <samuel AT bcgreen DOT com> on Friday January 28, 2005 @03:55AM (#11501366) Homepage Journal
      Sometimes they have complete idiots reading the logs.

      Back when the nimda worm was running around, I wrote a home-grown IDS to watch web hits, identify nimda-type probes and, if I could find a reporting address for the offending IP email a complaint off to the responsible ISP.

      We were being serviced by Shaw Cable [www.shaw.ca] at the time, and every once in a while, they'd misread my complaints, and figure that my box was the source of the attack, and they'd send a nasty email to my roommate (who the connection was registered to) threatening to cut off our internet if we didn't delete the viruses install a firewall, etc. (we each had our own BSD firewall).

      I got to know one of the supervisors there reasonably well, modified the letter I sent out to make it all but impossible for the people who read the email to confuse the attacking box with the defender, and he even added a note to the file for our connection, which resulted in a period of quiet after which we got yet another threatening letter.

      I responded with this letter [bcgreen.com]. My roommate (who took this very seriously because he was paying business rates to be allowed to run servers on the line) thought that I was being a bit flippant about something so important (flippant?! It took me an hour to write the damn thing!), but the supervisor at shaw said that he got a bit of a chuckle out of it when he phoned me to apologize for the error and promise a fix. His explanation was that shaw had installed a new abuse reporting system and that the note about our account had been lost in the transition (but would be added back in).

      If you read my letter, (which includes the original autocomplaint) then you'll understand just how far people are willing to go to misread log files.

      • by skahshah ( 603640 ) on Friday January 28, 2005 @08:15AM (#11502347)

        I think they have complete idiots reading not only the logs, but the mail too. Or maybe idiots who don't read at all :

        One day I couldn't access to many sites I'm used to visit, I did some traceroute and found 2 nodes down, 1 in NY, another in South California. I wrote to the companies. The first one answered within an hour, saying they hadn't found any problem (it was working again), the second never answered, but the server was up within an hour too.

        I had sent a third mail to my ISP, before anything had been fixed, explaining the problem, with the same traceroute attached, saying that I knew they hadn't anything to do with it, but that it could be useful to know, with the precision that I was running Mozilla on FreeBSD, and personnally hadn't any problem.

        Two days later I received a mail explaining that I had a bad configuration and had to check some option (forgot what it was) in Internet Explorer !

      • I don't know what Shaw is like, but Comcast seems to be similar.

        I really like Comcast. They don't block any ports and none of the pushing from the big companies has forced them to do so. You pay for Internet service and you get it, full service with no restrictions.

        When Nimda was around, they'd run automatic probes to check if someone was vulnerable. If their script came back as yes, they'd shut off your connection, and you could make a quick phone call and have it turned back on after speaking with
  • by orangeguru ( 411012 ) on Friday January 28, 2005 @03:00AM (#11501160) Homepage
    Lynx - the adventure browser ...
  • by Essef ( 12025 ) on Friday January 28, 2005 @03:00AM (#11501162)
    Just because he was using lynx does not mean he was not trying to break into the site.

    • Insightful??? (Score:5, Insightful)

      by Anonymous Coward on Friday January 28, 2005 @03:13AM (#11501224)
      "Just because he eats apples doesn't mean he is not a child molester"

      Where is the connection of the two? Parent puts some claim in the room, based on a connection which doesn't exist, and is modded up?
      • Re:Insightful??? (Score:5, Insightful)

        by LarsWestergren ( 9033 ) on Friday January 28, 2005 @03:31AM (#11501287) Homepage Journal
        I actually thought it was pretty insightful, but I'll post instead of mod.

        So far, all comments are supporting one of two hypotheses:
        a) The story is a hoax, no one was arrested.
        b) The story is true, OMG they are after us just for using Lynx!

        Grandparent pointed out a possible third alternative:
        The person was using Lynx, the bastard really tried to hack the tsunami relief site, and that's why he was arrested.
    • https? (Score:3, Interesting)

      by beuges ( 613130 )
      Last i used lynx (which admittedly was years ago), it didnt appear to support https connections. Is this still the case? I'd be more concerned about a "tsunami relief website" that accepted donations over a non-secure protocol.
  • by SpikyTux ( 524666 ) on Friday January 28, 2005 @03:01AM (#11501164)
    In an unrelated news, A Londoner made a tsunami-relief donation using Internet Explorer on Microsoft Windows operating system. The site operator decided that this usual event in the system log indicated the user has zero clue on how insecure Internet Explorer is, and the police broke down the donor's door and arrested him.
  • by account_deleted ( 4530225 ) on Friday January 28, 2005 @03:01AM (#11501165)
    Comment removed based on user account deletion
  • by Anonymous Coward on Friday January 28, 2005 @03:01AM (#11501167)
    for false imprisonment, and sued for slander, liable, an anything else he can think of.

  • by ctime ( 755868 ) on Friday January 28, 2005 @03:01AM (#11501168)
    While not fair by any means, to me this is clearly an example of one faction of the governments: Setting examples.
    I would speculate that the browser inadvertently sent some malformed HTTP POSTS or otherwise made some "usual" as in "unusual garbage posts to credit card processing engine" and spooked the sysadmin who had far to much time on his hand and the local police number on speed dial.

    poor bastard..I bet if he was using linux this wouldn't have happend ;]
  • by cliffiecee ( 136220 ) on Friday January 28, 2005 @03:03AM (#11501176) Homepage Journal
    We *so* need to name a 'Lynx' day in protest. Hit all your favorite sites with a text-based browser in a non-windows OS for one day.

    Of course, with all the embedded Flash around, some sites will be totally inaccessible... which would maybe teach them a lesson about accessibility.
  • by L.Bob.Rife ( 844620 ) on Friday January 28, 2005 @03:03AM (#11501178)
    That hackers would never think to forge a browser agent tag.
  • by node 3 ( 115640 ) on Friday January 28, 2005 @03:08AM (#11501199)
    BUG 6397: "Save As..." dialog doesn't work properly under certa...
    BUG 6398: Lynx unexpectedly quits when Japanese text is...
    BUG 6399: When browsing tsunami relief site, users are arrested by the police...
    BUG 6400: Choosing "cyan" for visited links causes all links to show up as cyan...
  • by Liquid Len ( 739188 ) on Friday January 28, 2005 @03:10AM (#11501207)
    Hopefully Lynx users need not worry too much yet.
    You mean the three of them ?
  • by MorboNixon ( 130386 ) * on Friday January 28, 2005 @03:13AM (#11501222)
    I'm sure it wasn't the fact that he used Lynx, but all the ascii child pr0n they found on his hard drive that prompted his arrest.
  • by grundie ( 220908 ) on Friday January 28, 2005 @03:17AM (#11501232)
    Apart from the obvious hole BT have dug themselves in to, this goes to show that perhaps BT should employ more experienced staff to look after their high-profile websites. If the techie concerned thought Lynx was dodgy then clearly he hasn't been using the internet all that long.
  • by Slashdot Insider ( 623670 ) on Friday January 28, 2005 @03:17AM (#11501233)
    Serves him right for not using a digitally signed [slashdot.org] and approved Internet! How could he trust Lynx?
  • by Hido ( 655301 ) on Friday January 28, 2005 @03:19AM (#11501239) Journal
    Whats the chances of his door being broken down if he was using Windows XP with IE instead of using lynx?

    This just goes to show that in the long-run, the TCO for M$ products are a lot lower then using other alternatives. :)
  • I'm not a user of Lynx, but I use links quite often. The thought of being jailed due to my using of a text browser that makes the world of popups and the loading of images a world in another universe makes me laugh and slightly worried. I hope I don't decide to make a website about something relatively useful and get canned for it. Thinking that this is jail-able is an idea so exotic I'd never think of it.
  • by bani ( 467531 ) on Friday January 28, 2005 @03:26AM (#11501264)
    BT, astonished by having seen the first correctly formatted HTTP request ever in their logs, reported the incident to police.

    "Nobody follows RFCs these days -- microsoft has firmly established that standards are there to be ignored. Anyone following the HTTP RFCs as strictly and to the exact letter as this individual did is obviously up to no good, so we reported the incident to police as an obvious terrorist act.".
  • by tearmeapart ( 674637 ) on Friday January 28, 2005 @03:29AM (#11501279) Homepage Journal
    I am so paranoid that I use lynx.
    I am even more paranoid that I use BSD. (Security is more important than speed, new developments, a friendly environment, etc.)
    The paranoia continues because I use BSD's jail to secure lynx.

    My command to open lynx:
    '/usr/sbin/jail -U poor_england_guy /dev/null dummy233 192.168.2.233 "/usr/local/bin/lynx -disable_cookies -ssl-only -referrer='http://www.google.ca' -nocolor https://www.dec.org.uk/"'

    So lets see:
    1. You cannot save data about me because I disabled cookies.
    2. You cannot see data that I receive or send because I use ssl.
    3. You cannot use somekind of frame trick to send me to a site where I do not want to go.
    4. You cannot use popups on me. Lynx does not exactly have any windows.
    5. No frame tricks either. Lynx does not support frames.
    6. If some hole is found in lynx, my automatic secure update (/usr/ports with freebsd) with fix it. It's secure and uses ssh2-like things, so it will take a few thousand/million years to get past that security.
    7. Even a virus gets on the machine:
    a. I can just restart lynx.
    b. I boot off a CD. The filesystem is read-only. Really read-only.
    c. Virii are unheard of on bsd.
    d. I can switch to links or wget.

    Conclusions:
    1. I find it a good probability that this system admin saw the person's lynx setup (comparable to mine) and was extremely jealous. After a few minutes of being stuck on "hostname#", the system administrator just gave up and decided to sue this guy.
    This jealousy is similar to SCO's jealous of Linux.

    2. Everyone should switch to a similar setup. I am sure everyone would enjoy the interface, and some would especially enjoy the ASCII pr0n.
    • Re:I am so paranoid (Score:3, Interesting)

      by MyHair ( 589485 )
      Amazing. Now please explain how you posted using a Slashdot account with no cookies and mandatory SSL. :-)

      By the way, gotcha:

      This virus works on the honor system:

      If you're running a variant of unix or linux, please forward
      this message to everyone you know and delete a bunch of your
      files at random.
  • by Kris_J ( 10111 ) * on Friday January 28, 2005 @03:33AM (#11501297) Homepage Journal
    So far there is a single, mostly unknown, source for the portions of the story pertaining to Lynx. This is notable more for how opposite the Blogsphere and mainstream media positions are on the story. Currently, only the man arrested knows the real story and I have even seen a quote from him yet. We certainly haven't been exposed to any decent journalism yet.
  • by new500 ( 128819 ) on Friday January 28, 2005 @03:34AM (#11501298) Journal
    . . .

    Now, I am trying to think up something appropriately insulting of their intellect to write to their logs with the UA spoofer extensions in Mozilla.

    Any suggestions? :-)

    . . .
  • Just tried it out... (Score:5, Interesting)

    by ArsenneLupin ( 766289 ) on Friday January 28, 2005 @03:42AM (#11501320)
    Just made a small donation to the DEC site [bt.com], using lynx.

    Now let's wait and see what will happen next...

    If lots of people do the same:

    • BT will get the message that there are still lots of people who use lynx
    • more money for the tsunami victims :-)
  • by Evets ( 629327 ) on Friday January 28, 2005 @03:42AM (#11501323) Homepage Journal
    imagine how many non-standard user agents will be showing up in bt's logs tomorrow.

    I bet there's a ton of LWP requests hitting BT as we speak.
  • by wooby ( 786765 ) on Friday January 28, 2005 @03:56AM (#11501370) Journal
    cat /var/log/httpd/access.log | grep lynx > /dev/authorities
  • by astrosmash ( 3561 ) on Friday January 28, 2005 @04:27AM (#11501460) Journal
    Dev Lead: "Hey! Monkey! What's this Lynx thing about?"
    Web Monkey: "It's a web browser that old-school Unix hackers used to use."

    -- later ---

    Middle Manager: "Sir! An old hacker has comprimised our system!"
    CTO: "Release the monkeys."
  • thank god i use gopher
  • Corrections (Score:3, Informative)

    by ozbird ( 127571 ) on Friday January 28, 2005 @04:57AM (#11501561)
    From the article, he was arrested and released i.e. bailed - not "jailed".

    If he hadn't been released, he would have been remanded in custody - still not "jailed".

    If he was point on trial and convicted, he would have been gaoled - did I mention not "jailed"?
  • Banned for using DOS (Score:5, Interesting)

    by Aliks ( 530618 ) on Friday January 28, 2005 @08:32AM (#11502441)
    Completely off topic I know, but a couple of years ago my 11 year old son was banned for a week from the school computer lab after being found using DOS.

    Apparently the school authorities had decided that any type of command line smelt of hacking and subversive tendencies.
    • Please yell at the school!

      At my elementary school we used to have an IBM network system (token ring--those were the days!) with a menu system in it. It was unfortunate, since a friend of mine and I liked to program in QBASIC, and all the menu allowed was Logo and Microsoft Works. However, Microsoft Works had a convenient "Launch Program" option on the File menu, whose first choice was a command prompt. That led to tons of fun in QBASIC. Fortunately my teachers weren't idiots, and didn't really care.

      I

  • by digitalgimpus ( 468277 ) on Friday January 28, 2005 @10:07AM (#11503412) Homepage
    Jailed for IE? Why not?

    It's insecure (your computer could be hijacked and used for malicious purposes)... national security risk.

"Poor man... he was like an employee to me." -- The police commisioner on "Sledge Hammer" laments the death of his bodyguard

Working...