Man Reportedly Jailed for Using Lynx

wezzul writes "A Londoner made a tsunami-relief donation using Lynx on Sun's Solaris operating system. The site operator decided that this 'unusual' event in the system log indicated a hack attempt, and the police broke down the donor's door and arrested him." Honestly, though, aside from a BBC article about a tsunami fund hacking probe that doesn't mention user agents there's little to corroborate this. Hopefully Lynx users need not worry too much yet.

And for good reason!

Thats right; He shoulda been using "links" anyhow!

Re:Stupidest mod ever

i hereby complain that this post [slashdot.org] that i made yesterday was modded up incorrectly. it is in no way interesting. hopefully i will be modded offtopic for bringing this up here, to balance it out.

Re:And for good reason!

I think you mean elinks [elinks.or.cz]. It has every thing Lynx and Links has plus a lot more. including Frames, tabs, basic javascript, some CSS support, etc. They are even in the process of adding bittorent support right into the browser. Best text-only browser going!

Re:And for good reason!

CSS support could work on a text browser by doing things like left and right alignment of text and justifying text. Making things bold or not. Possibly also setting the text colour if the terminal supports it.

Where's the buggy-eyed smily when you need it?

What's next? Sometime in the near future: Man tries to buy chocolate bar with paper money! Shock! Horror! Maybe this is just a little too random but that's where my mind travelled to.

Re:Where's the buggy-eyed smily when you need it?

Up here in Scotland, we have our own paper money. Although its legal throughout the UK, a lot of english shopkeeps will give you funny looks if you give them a scottish fiver.

However, wheres fivers and the like merely look different, apparently the english dont have a paper £1 note (and we do, although they're much rarer these days).

How long until we get arrested for paying for something with "funny money"? Remember, every time you use a non-standard currency, your funding terrorists!

Re:Where's the buggy-eyed smily when you need it?

Anyway the euro notes all look incredibly bland and boring.

You know, people like to get money even if it looks boring. There's no need to make money look interesting in order to get people interested in it. :-)

Re:Where's the buggy-eyed smily when you need it?

You know, I have the same complaint about the gears in standard automobiles, whether they are automatic or manual transmission. They don't feel any different from one another at all... how does any blind person manage to drive?

Re:Where's the buggy-eyed smily when you need it?

The problem with US$2 bills is that people are hording them. The banks and federal reserver have plenty. But people won't use them.

Woz and the "$2 Bill Incindent"

Shameless Karma Whoring [woz.org]

Re:Where's the buggy-eyed smily when you need it?

There was a story late last year about an elderly couple who tried to use a Scottish £20 note in woolworths. Not only did they not accept it, they called the police and held them there.

I have recently moved to Scotland, and think that the scottish money is awesome. I particularly like the latin motto on the pound coin, "NEMO ME IMPUNE LACESSIT", translates to "no-one provokes me with impunity". That is just so Scottish.

Re:Where's the buggy-eyed smily when you need it?

Some eagle-eyed cashier is a local newsagent rejected a 20 pence piece I tried to pay with, and I had no idea why.

Turned out it was a Gibraltan coin. Basically identical to regular 20p. However, there's an image of (who I presume to be) the enthroned Queen, staff in hand, on the reverse. The text around the picture reads "Our Lady Europa - Gibraltar".

A really, really beautiful coin. Glad it got turned down so I could keep it I suppose!

It's geeky, but sometimes the artistry in currency design is pretty amazing. Some of the British banknotes are really fantastic. I'm not particularly opposed to the Euro, but it's a shame that the banknotes are a unified design (bridges & windows... the modernity of which increases as the value of the note increases). On the other hand, some of the national designs on the reverse of the coins are interesting.

Kinda weird to think how long these things stay in circulation... I've got a penny piece from 1978 in my pocket.

Re:Where's the buggy-eyed smily when you need it?

Although its legal throughout the UK

Um, not exactly. According to this Wikipedia article [wikipedia.org] Scottish banknotes aren't even legal tender in Scotland!

"Legal tender" is a bit of misleading concept though in that it only really applies to the settlement of debts - i.e if you owe somebody and pay them in legal tender they have to accept that payment, but they don't have to accept payment by other means. It's worth noting that buying something in a shop does not constitute settling a debt as you pay before you receive legal title to the goods, so "legal tender" does not apply.

Ultimately you can pay for anything with anything if the other party agrees. Shops in Scotland will of course accept Scottish banknotes because they're familiar with them and trust the Scottish banks to back them. Many shops in England will similarly accept Scottish banknotes for the same reasons. Some shops in England and Scotland will take Euro notes, and a few at airports US dollars and other currencies. You're unlikely to find a shop that will accept Bhutanese Ngultrum, say, though I suppose it's possible if the shopkeeper happens to be about to go on holiday to Bhutan and can't find a bureau de change that carries Ngultrum...

Re:Where's the buggy-eyed smily when you need it?

I must have been lucky when I bought my laptop then, the discussion over payment went pretty much like this:

"And how would you like to pay for this?"

"Do you accept anonymous white envelopes stuffed with cash?"

"That'll do nicely, Sir"

This was in one of the more reputable shops on London's Tottenham Court Road (Micro Anvika). Was impressed that not only did he not bat an eyelid, but he was actually able to make the funny.

WHY!

Why oh why wasnt it "Man Reportedly Jailed for Using IE"

Re:WHY!

what about "Man Reportedly Jailed for Creating IE"

Thank God for people....

actually reading logs, now, if only they could understand them.

Re:Thank God for people....

Sometimes they have complete idiots reading the logs.

Back when the nimda worm was running around, I wrote a home-grown IDS to watch web hits, identify nimda-type probes and, if I could find a reporting address for the offending IP email a complaint off to the responsible ISP.

We were being serviced by Shaw Cable [www.shaw.ca] at the time, and every once in a while, they'd misread my complaints, and figure that my box was the source of the attack, and they'd send a nasty email to my roommate (who the connection was registered to) threatening to cut off our internet if we didn't delete the viruses install a firewall, etc. (we each had our own BSD firewall).

I got to know one of the supervisors there reasonably well, modified the letter I sent out to make it all but impossible for the people who read the email to confuse the attacking box with the defender, and he even added a note to the file for our connection, which resulted in a period of quiet after which we got yet another threatening letter.

I responded with this letter [bcgreen.com]. My roommate (who took this very seriously because he was paying business rates to be allowed to run servers on the line) thought that I was being a bit flippant about something so important (flippant?! It took me an hour to write the damn thing!), but the supervisor at shaw said that he got a bit of a chuckle out of it when he phoned me to apologize for the error and promise a fix. His explanation was that shaw had installed a new abuse reporting system and that the note about our account had been lost in the transition (but would be added back in).

If you read my letter, (which includes the original autocomplaint) then you'll understand just how far people are willing to go to misread log files.

Re:Thank God for people....

I think they have complete idiots reading not only the logs, but the mail too. Or maybe idiots who don't read at all :

One day I couldn't access to many sites I'm used to visit, I did some traceroute and found 2 nodes down, 1 in NY, another in South California. I wrote to the companies. The first one answered within an hour, saying they hadn't found any problem (it was working again), the second never answered, but the server was up within an hour too.

I had sent a third mail to my ISP, before anything had been fixed, explaining the problem, with the same traceroute attached, saying that I knew they hadn't anything to do with it, but that it could be useful to know, with the precision that I was running Mozilla on FreeBSD, and personnally hadn't any problem.

Two days later I received a mail explaining that I had a bad configuration and had to check some option (forgot what it was) in Internet Explorer !

Bonus Browser

Lynx - the adventure browser ...

He could still have tried to break in...

Just because he was using lynx does not mean he was not trying to break into the site.

Insightful???

"Just because he eats apples doesn't mean he is not a child molester"

Where is the connection of the two? Parent puts some claim in the room, based on a connection which doesn't exist, and is modded up?

Re:Insightful???

I actually thought it was pretty insightful, but I'll post instead of mod.

So far, all comments are supporting one of two hypotheses:
a) The story is a hoax, no one was arrested.
b) The story is true, OMG they are after us just for using Lynx!

Grandparent pointed out a possible third alternative:
The person was using Lynx, the bastard really tried to hack the tsunami relief site, and that's why he was arrested.

Re:https?

Lynx has (optionally) supported https for many years now - I used to use it for my online banking (one of the reasons I'm impressed by my bank's service - it uses javascript and stuff, but works fine without it) before I caught this nasty GUI bug...

Man Reportedly Jailed for Using IE

In an unrelated news, A Londoner made a tsunami-relief donation using Internet Explorer on Microsoft Windows operating system. The site operator decided that this usual event in the system log indicated the user has zero clue on how insecure Internet Explorer is, and the police broke down the donor's door and arrested him.

Technical in-joke

So the police saw "Lynx" and busted him? Just as well he didn't script a PERL WWW-lib useragent:-

#!/usr/bin/perl

use LWP::UserAgent;
$ua=LWP::UserAgent->new;
$ua->ag ent("I p0wnz j00 d00dz hax0r/v.10 rev. fuq2 ");

Hope he gets the sysadmin locked up

for false imprisonment, and sued for slander, liable, an anything else he can think of.

governments are funny.

While not fair by any means, to me this is clearly an example of one faction of the governments: Setting examples.
I would speculate that the browser inadvertently sent some malformed HTTP POSTS or otherwise made some "usual" as in "unusual garbage posts to credit card processing engine" and spooked the sysadmin who had far to much time on his hand and the local police number on speed dial.

poor bastard..I bet if he was using linux this wouldn't have happend ;]

Re:governments are funny.

But the real question is, did this request go through a judge to get a warrant, or was it simply some sysadmin making a claim (which could be easily refuted by an expert) and the police arresting somebody on one mans word.

Will police arrest somebody if I claim they killed somebody, or do they still need evidence?

comon everyone, use lynx to go to bt.com

I just tried lynx to go to their donation form

https://www.donate.bt.com/bt_form.htm

via http://www.bt.com/index.jsp

So I hope everyone does it and makes BT see 100000x increase in LYNX usage

So this is what you get when you hire A+ grads from 'prestigeous' institutions.

So everyone, fire up lynx, lets make em look even dumber.

Perhaps...

..this is just a clever way of getting all the geeks to donate

</tinfoil>

Re:I had to use Lynx once

Using Lynx is just plain wrong!!!

No, using Lynx is just plain text.

Re:I had to use Lynx once

You are right, (e)links is much better! :-) (Also support mouse control through SSH with PuTTY)

No, *I* am Spartacus!

We *so* need to name a 'Lynx' day in protest. Hit all your favorite sites with a text-based browser in a non-windows OS for one day.

Of course, with all the embedded Flash around, some sites will be totally inaccessible... which would maybe teach them a lesson about accessibility.

Re:No, *I* am Spartacus!

"When was the last time you purchased taylor made shoes? "

Who's this Taylor guy?

Because everyone knows

That hackers would never think to forge a browser agent tag.

Re:I don't believe it

I'm sure there could be more to the story, like perhaps there were repeated log entries as if he had lynx in a script loop to do something as innocent as collect donation totals or something evil like password guessing. I wouldn't put it past the police/judges in any country of being largely ignorant of what a browser agent really means. It wouldn't take them much convincing to go busting down doors. The suspicious part of the story is the sysadmin thinking something odd with the user agent of just that one person and calling the authorities. Looking at the logs from fairly small web sites you are lible to see all sorts of odd user agents. If something did stick out, I would think a sysadmin's first step would be to do a google search.

Re:I don't believe it

I wouldn't put it past the police/judges in any country of being largely ignorant of what a browser agent really means

I see it as being "the expert says this guy is a hacker, so we arrest him" - while the reality is that the "expert" isn't an expert and is not under adult supervision.

I think we'll see a lot more of this sort of thing. Hopefully we'll get more info so the words "you got a customer arrested because you were too ignorant to do your job properly?" follow this guy around for his entire career - if justified.

I use lynx regularly, as do many others, any sysadmin who has never heard of it is inexperienced. If someone in a workplace is browsing pr0n for eight hours a day, the only safe way (grannies doing what?) to confirm that the URLs have dodgy content is lynx or similar things, or it's the simplest way to see if your web server is up or not from a console in the cold depths of a server room.

Re:I don't believe it

I use lynx regularly, as do many others, any sysadmin who has never heard of it is inexperienced.

It must have been a windows sysadmin, then. But yeah, that probably is equivalent to "inexperienced", anyway.

Re:I don't believe it

Police would never arrest someone just because of the browser he was using.

I hope you're right. The link provided in the article [bbc.co.uk] doesn't provide much information about the nature of the attack.

Searching on BBC for "lynx" shows that this browser is very popular in Britain, they even named a real animal [bbc.co.uk] after it.

Re:I don't believe it

Police would never arrest someone just because of the browser he was using.

BWAAAHAAAAAHHAAAAA!!! No wait, this is not even funny.

1) The police arrested him because they thought he was hacking stuff, not because he was using Lynx.

2) The police arrest people for insane reasons all the time in 99% of all countries. While I firmly believe there was no evil intent from enyones side in this particular case, you really need to wake up: The police are only human and most of them do whatever the people who pay their bills tell them to (that means the government, not the taxpayer).

3)The fact that the guy was released in a few days shows us that the system is limping along OK. The "sysadmin" making the hacking claim OTOH, should now be arrested for criminal negligence/incompetence or something

Did he file a bug report?

BUG 6397: "Save As..." dialog doesn't work properly under certa...
BUG 6398: Lynx unexpectedly quits when Japanese text is...
BUG 6399: When browsing tsunami relief site, users are arrested by the police...
BUG 6400: Choosing "cyan" for visited links causes all links to show up as cyan...

Re:Did he file a bug report?

Ha! "Works for me, can you attach a scan of your police report?"

What's that ?

Hopefully Lynx users need not worry too much yet.
You mean the three of them ?

Re:What's that ?

You mean the three of them ?

Two of them now ;)

call an @ an @

I'm sure it wasn't the fact that he used Lynx, but all the ascii child pr0n they found on his hard drive that prompted his arrest.

Inexperienced techies shouldn't run big sites

Apart from the obvious hole BT have dug themselves in to, this goes to show that perhaps BT should employ more experienced staff to look after their high-profile websites. If the techie concerned thought Lynx was dodgy then clearly he hasn't been using the internet all that long.

Probably a fake story but if it were true...

Serves him right for not using a digitally signed [slashdot.org] and approved Internet! How could he trust Lynx?

Another conspiracy by M$?

Whats the chances of his door being broken down if he was using Windows XP with IE instead of using lynx?

This just goes to show that in the long-run, the TCO for M$ products are a lot lower then using other alternatives. :)

That's a bit scary

I'm not a user of Lynx, but I use links quite often. The thought of being jailed due to my using of a text browser that makes the world of popups and the loading of images a world in another universe makes me laugh and slightly worried. I hope I don't decide to make a website about something relatively useful and get canned for it. Thinking that this is jail-able is an idea so exotic I'd never think of it.

The real headline...

BT, astonished by having seen the first correctly formatted HTTP request ever in their logs, reported the incident to police.

"Nobody follows RFCs these days -- microsoft has firmly established that standards are there to be ignored. Anyone following the HTTP RFCs as strictly and to the exact letter as this individual did is obviously up to no good, so we reported the incident to police as an obvious terrorist act.".

I am so paranoid

I am so paranoid that I use lynx.
I am even more paranoid that I use BSD. (Security is more important than speed, new developments, a friendly environment, etc.)
The paranoia continues because I use BSD's jail to secure lynx.

My command to open lynx:
'/usr/sbin/jail -U poor_england_guy /dev/null dummy233 192.168.2.233 "/usr/local/bin/lynx -disable_cookies -ssl-only -referrer='http://www.google.ca' -nocolor https://www.dec.org.uk/"'

So lets see:
1. You cannot save data about me because I disabled cookies.
2. You cannot see data that I receive or send because I use ssl.
3. You cannot use somekind of frame trick to send me to a site where I do not want to go.
4. You cannot use popups on me. Lynx does not exactly have any windows.
5. No frame tricks either. Lynx does not support frames.
6. If some hole is found in lynx, my automatic secure update (/usr/ports with freebsd) with fix it. It's secure and uses ssh2-like things, so it will take a few thousand/million years to get past that security.
7. Even a virus gets on the machine:
a. I can just restart lynx.
b. I boot off a CD. The filesystem is read-only. Really read-only.
c. Virii are unheard of on bsd.
d. I can switch to links or wget.

Conclusions:
1. I find it a good probability that this system admin saw the person's lynx setup (comparable to mine) and was extremely jealous. After a few minutes of being stuck on "hostname#", the system administrator just gave up and decided to sue this guy.
This jealousy is similar to SCO's jealous of Linux.

2. Everyone should switch to a similar setup. I am sure everyone would enjoy the interface, and some would especially enjoy the ASCII pr0n.

We have no confimation of the Lynx bit

So far there is a single, mostly unknown, source for the portions of the story pertaining to Lynx. This is notable more for how opposite the Blogsphere and mainstream media positions are on the story. Currently, only the man arrested knows the real story and I have even seen a quote from him yet. We certainly haven't been exposed to any decent journalism yet.

Have Your Say via UA String Extension Mozilla

. . .

Now, I am trying to think up something appropriately insulting of their intellect to write to their logs with the UA spoofer extensions in Mozilla.

Any suggestions? :-)

. . .

Re:Have Your Say via UA String Extension Mozilla

How about
'Mozilla/5.0 (Not Lynx/Do not arrest user) Gecko/20041107 Harmless/1.7.3'

Just tried it out...

Just made a small donation to the DEC site [bt.com], using lynx.

Now let's wait and see what will happen next...

If lots of people do the same:

• BT will get the message that there are still lots of people who use lynx
• more money for the tsunami victims :-)

Re:Just tried it out...

# BT will get the message that there are still lots of people who use lynx
# more money for the tsunami victims :-)

You forgot one:
Police get lots of free hardware

imagine how many non-standard

imagine how many non-standard user agents will be showing up in bt's logs tomorrow.

I bet there's a ton of LWP requests hitting BT as we speak.

mandatory script

cat /var/log/httpd/access.log | grep lynx > /dev/authorities

Purple Monkey Dishwasher

Dev Lead: "Hey! Monkey! What's this Lynx thing about?"
Web Monkey: "It's a web browser that old-school Unix hackers used to use."

-- later ---

Middle Manager: "Sir! An old hacker has comprimised our system!"
CTO: "Release the monkeys."

*phew* that story scared me

thank god i use gopher

Corrections

From the article, he was arrested and released i.e. bailed - not "jailed".

If he hadn't been released, he would have been remanded in custody - still not "jailed".

If he was point on trial and convicted, he would have been gaoled - did I mention not "jailed"?

Re:Wait a sec

It occurs to me that they would have had his name and address from the donation, a break-down of communication would have gone something like this:

Log: Lynx - - 195.245.14.212
Windowz Admin: OMG WTF!?
Log: Lynx: Error 255 Is_not_IE
Windowz Admin: OMG WTF!? 0w3n3d? h4x0rd?
PHB: Whats all this then?
Windowz Admin: Hackers
Phone: Ring Ring, Ring Ring
Police: Metropolitan Police?
PHB: Hackers, Tsunami, Help!?
Police: Yes sir, the address?
PHB: The address?
Windowz Admin: [tap tap] 34 Solaris Road

Police: POLICE!
Lynx User: Okay?
Police: Down on the ground! down on the fucking ground!
Lynx User: Ahh? WTF? 0w3nd?
Police: 0w3nd h4x0r mother fucker.
Lynx User: Lawyer!
Lawyer: WTF?
Lynx User: Yes, WTF?
Judge: WTF is Lynx?
Lawyer: WTF is Solaris?
Expert: Shut up n00bs
Bail: Money
Lynx User: Poor
The Sun(tm): Hacker, lynch mob, page 3, Sun readers are tards.

BB: WTF?
Slashdot: WTF OMG?

Banned for using DOS

Completely off topic I know, but a couple of years ago my 11 year old son was banned for a week from the school computer lab after being found using DOS.

Apparently the school authorities had decided that any type of command line smelt of hacking and subversive tendencies.

Jailed for IE?

Jailed for IE? Why not?

It's insecure (your computer could be hijacked and used for malicious purposes)... national security risk.

Re:First Post - CowboyNeal called the cops

First post with Lynx!

And your last post here, you hax0r, you!

Re:Well I think JWZ put it best for Lynx users.

Lynx users might remember this from www.jwz.org

#
Greetings, Lynx users. There is a reason this page doesn't use ALT tags
on the images. The reason is that the bozos responsible for both MSIE
and Netscape Confusicator 4.0 decided that they would display the ALT
tags of images every time you move the mouse over them -- even if the
images are loaded, and even if they are not links. The ALT attribute
to the IMG tag is supposed to be used *instead of* the image, not *in
addition to* the image.

This looks absolutely terrible, so I don't use ALT tags any more in
self-defense.

If they wanted to implemented tooltips, they should have used the TITLE
attribute to the A tag. That's in the HTML 1.2 spec and everything.

I had to decide between making this page look good for the vast majority
of viewers, or making it be readable by the miniscule minority of you
stuck in the 70s. Those of you in the retro contingent lost. Sorry.
#

reference:

http://web.archive.org/web/20000303115840/http:/ /w ww.jwz.org/

Re:well

It seems the good thing is we're now getting uncorroborated news stories from sites called "Boing Boing: A Directory of Wonderful Things". The BBC article makes no mention of lynx user-agent lines as the culprit.

Can we up the bar a LITTLE?

Um, it's Cory Doctorow

Cory Doctorow isn't exactly a random luser, he's a well-known commentator and online journalist.

Re:G. Orwell would be proud

since when dose a "hack atempt" constitute hauling someone off to jail?

...1984 is today aparently

Ob Simpsons quote:

"ATTEMPTED murder, what is that!? Do they give a Nobel Prize for ATTEMPTED chemistry? Well, do they?!" -Sideshow Bob

Re:Lynx & https

Lynx has supported https for years. [adavid@adavid work]$ lynx --version Lynx Version 2.8.4rel.1 (17 Jul 2001) libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.6 Built on linux-gnu Mar 19 2003 15:33:59 Copyrights held by the University of Kansas, CERN, and other contributors. Distributed under the GNU General Public License. See http://lynx.browser.org/ and the online help for more information. See http://www.moxienet.com/lynx/ for information about SSL for Lynx. See http://www.openssl.org/ for information about OpenSSL.

Re:Lynx & https

Darn - where did that preview button go? :(

Lynx has supported https for years.

[adavid@adavid work]$ lynx --version
Lynx Version 2.8.4rel.1 (17 Jul 2001)
libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.6
Built on linux-gnu Mar 19 2003 15:33:59

Copyrights held by the University of Kansas, CERN, and other contributors.
Distributed under the GNU General Public License.
See http://lynx.browser.org/ and the online help for more information.

See http://www.moxienet.com/lynx/ for information about SSL for Lynx.
See http://www.openssl.org/ for information about OpenSSL.