Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Censorship

Interview With Mike Sklut 113

"AOL wants your children to be safe online," using their Parental Controls. There's just one problem with their censorware. You can see any site you want by appending a "." to the hostname - and this has been true since at least 1997, when Mike Sklut of newriot.com discovered the simple exploit. At the time, he was 11 years old. Despite his having told a few thousand of his closest friends, AOL didn't wise up to the fact until yesterday morning. Mike's out of town at a baseball tournament, but we managed to trade e-mail with him about his early hacking years. Update: 07/17 02:59 PM by J : Other censorware suffers from the same vulnerability. Sheesh.

Slashdot:

What does Parental Controls do?

Mike Sklut:

Parental controls block certain Web sites that AOL lists on their system. When you type in a URL, tokens are sent through your client to the AOL proxy requesting a site. The screen name is verified, and if you are on any three of four settings, the proxy may or may not send you the information.

These settings not only block certain Web sites that AOL lists, but also certain features of AOL. For example: kids only can't access most main features of AOL such as instant messages, and many e-mails are blocked unless the controls are set further.

Also note that if you are not set on 18+ (the very highest setting), then no sockets applications are allowed to connect to anything. It does not give your computer any connection to the Internet except through the AOL client.

Can you describe the hole?

This hole affects all AOL users who are set on mature teen (16-17). This exploit (or trick if you will) is simply done by adding a "." at the end of the second level domain extension. For example: if you're trying to get into 'newriot.com' and it gives you the classic "Web restricted error," just type in 'newriot.com.'

How'd you learn about it?

Just over three years ago (I must have been in fifth grade at the time), a friend and I were trying to get into altavista.com to do research for a project. I was set on young teens at the time, and I believe he was on mature teens. (Note: this trick used to work on young teens as well as mature, but it now seems to only work on mature).

Anyway, we couln't get in, each of us, because altavista was believed by AOL to have adult ads or something, so it was blocked by AOL. We were just messing around with the URL, adding characters here, port numbers there, and all of a sudden I got into it. It happened unknowingly and it took me a minute to figure out how I actually did it.

A small thing, but it proved to be a popular trick for a time with my friends.

Is this useful for anything besides looking at porn?

I knew this question would come along. =] Research projects? Well, seriously, if you needed something that AOL didn't like (other than porn); warez, pages with cussing or swear words on them.

I never used it much at all; soon after that research project, I got into Web design and my parents had to change me to 18+ to use sockets applications for publishing to my site. It worked great for me though; I told all my friends (and more) who tried to take credit for it, and that really made me mad.

If you just needed to do research, why didn't you just talk to your parents about turning the controls off?

They had already gotten mad at me before. I had gone on my dad's screen name and changed my controls (back and forth multiple times) to do other stuff that required an Internet connection that was external from the AOL client. Once or twice he caught me and got mad, and he had refused to change them before because I had done it without his permission; he really didn't care if I had other stuff that I wanted to do (IRC, FTP, and I think that was all I did that required a connection at the time).

How many kids did you tell about this?

In the last three years I would guess I would have told at least 5000 people about it. Since I learned about the trick I have lived in three different states (IL, MA, and MI). I usually told a ton of my friends.

And, you have to add me publicly talking about it on my old Web site (emall2.com, which I am currently battling out with the owners of emall.com over trademark infringments). I posted it on there on a sub site (some AOL tricks thing) just about a month before it was taken down; I got about 500 "THANK YOU SO MUCH" e-mails about it, and my hit counters showed thousands of hits to that one page.

Did you know when you posted it on your site what would happen? (Are you sorry you tipped off the media, or are your friends ticked off at you for revealing the secret?)

I rushed into getting the site up, and I needed pretty quick publicity. The site is not 1/4 done yet, and the our first major staff meeting isn't until next Monday. I had to post about some big news that someone might be interested in and come to the site to look at, and this seemed to be the thing. It was horrible timing, and I wish I would have done this in two weeks from today, when most of the site is up. I got a ton of e-mail telling me about how good the site will be, and wondering where all the content was. I absolutely knew this would happen, and I'm very glad that I did it (but the timing was off, as you can see), and I'm very glad of the results.

I'm very happy I tipped off the media. I hate America Online, as I have for years (various reasons), and this just makes them look bad (bad in some people's eyes, horrible in others).

My friends (about 15 so far) e-mailed me screaming about how happy they were to see me on news.com, yet very mad at me for this is their only source for getting out of AOL's controls. Next week I'll post how to use proxies, so they can get around it once again.

I'm also working on getting a new NPH wrapper (if you can help I'd love it because I can't figure out how to do this) for the server so it can understand some of the commands in my cgi-based proxy app.

Has AOL patched it up yet?

Last night [Thursday, July 13] I called them (as a very concerned parent) asking them if my son (who I said was set on mature teen) was at risk.

The man I spoke with "absolutely assured" me that he was safe and AOLs parental control system was "100% fullproof". I told him about newriot.com and news.com's articles on it, and he tried it out. He was very suprised to see that he could get into a restricted site with the account he had made set on mature teens. He told me this was the first he had seen of this, and that he would tell his supervisor of the incident. He then told me that he was very sorry about the problem and he was sure something would happen fast. I thanked him.

Today [Friday], around 10:38 AM EDT, I tried it, and was suprised to see that it was fixed. I never knew AOL was quick with anything these days.

Your site mentions "several other methods" but doesn't give details yet. Can you give us a hint?

Yea sure. =P

1 - proxies

2 - using staff tools to force certain tokens through the proxy. This gives you access to any Web site (and many staff areas on AOL that aren't on stratus)

3 - once again using staff tools to create hybrid forms that will go through other proxies that can be searched for

Proxies will always work and always be around for the rest of history; AOL won't get a work around these for many years. Even when they do get something to decode pictures and sites through proxies, there will still be encryption. Staff tools will let us get through easily on the 'younger' settings, but the kids that use them would be breaking the law by using the tools themselves (I think), and might not be technical enough to use them.

Your site also says you're going to put up a tutorial on forging e-mail. Do you like poking around computer security, do you think you'll keep doing it?

The tutorial for forging e-mail was already put up on the old design for newriot.com. I recently gave her a facelift, and deleted all the old stuff to put into the new template for the site. I have had it all ready to go for a while, I just can't upload it until I get to my house and out of this baseball tournament.

I've been messing with AOL's security for a while now, and about a year ago I got a little out of AOL and more into the main Internet thing. The first hackers conference I went to was this summer (rubi-con) and I hope to get to go to some others (the problem is my parents and transportion).

Poking around at online security is a blast. It just infuriates me all of the Internet users that think of themselves as "elite" just because they can scam a password from some staff AOL account, or the people that go around causing havok online and think they are the best. These are the idiots that ruin it for the all of us, and I'm also very sorry to see all the newbies looking to them, who will one day become one of them.

Anything you'd like to say to parents who have trusted Parental Controls to keep their teens safe on the Internet?

If your kid is half-way smart and is a quarter computer literate -- he'll get around it. There are plenty of sites that will show you how to use proxies that are very easy to understand.

What's the best (and only) way to make sure your teen (or kid) isn't looking at stuff online you wouldn't want him/her to be looking at? -- Don't have kids. In today's world many kids have external access to the Web; off-home surfing. Their friends have it, their school has it, their public library has it. So much access to this. If any or all of these are using filtering there are always ways around it.

Are your parents going to get mad when they see this interview?

My parents wouldn't ever see it without me telling them about it, and even if they did they wouldn't read it. And even if they read it, they wouldn't get mad. So all in all; no, they'll be fine. Thanks.

This discussion has been archived. No new comments can be posted.

Interview with Mike Sklut

Comments Filter:
  • When did you get started with computers / what computer / OS / Apps did you start with / what do you program in (if you do)?

    How old are you?

    Does AOL suck?

    ...and why did you call it 'emall2.com'? Does that name have some special significance for your site, or did you just want to call it 'emall.com'?

    Tell us the story; we love stories. ;)

    Incidentally, just to be fair, here are *my* answers: I started with BASIC on the Apple ][ and C64's, I'm 22, AOL does suck, and I have no domain names registered (but I do work for a web hosting company now!)...
    ---
    pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
  • I don't think the interesting aspect of this is the exploit. It has to be AOL's general policy! If you are going to have a strict policy to make you look good parents, why then isn't it being enforced to fullest. Not to say that censorship is a good thing, but it still says something when you a defined a policy to address complaints and still don't enforce it well. Especially with such a sensitive topic as what "children" are allowed to view. I think parents in every country are concerned to a certain extent with protecting their children.

    kick some CAD [cadfu.com]
  • by Fawking DSL ( 204668 ) on Saturday July 15, 2000 @07:56AM (#930739)
    Hey slashdot editors! I know you are busy, and maybe that's why you thought interviewing Mike Sklut would be a great idea. This was a very bad idea. So I thought I would try and be productive. Here is a list of people who are of the right caliber to merit an interview (that is to say, try interviewing great folk like this FIRST before wasting your time and ours on Mike Sklut):

    (from the 1999 Free Software Award Nominee page)

    • 1.Tom Adelstein
    • 2.Eric Allman
    • 3.Lennart Augustsson
    • 4.Stig Bakken
    • 5.Donald Becker
    • 6.Brian Behlendorf
    • 7.Tim Berners-Lee -- inventor of the World Wide Web
    • 8.Jim Blandy
    • 9.Craig Burley
    • 10.Thomas Bushnell
    • 11.Shane Caraveo
    • 12.James Clark
    • 13.Alan Cox -- major Linux kernel hacker
    • 14.Miguel de Icaza
    • 15.DJ Delorie -- DJGPP [delorie.com]
    • 16.Theo De Raadt -- founder of the OpenBSD project
    • 17.Matthias Ettrich
    • 18.Paul Eggert
    • 19.Ralf S. Engelschall
    • 20.Fred Fish
    • 21.Olivier Fourdan
    • 22.Fractint Team
    • 23.John Gilmore
    • 24.Andi Gutmans
    • 25.Chuck Hagenbuch
    • 26.Carsten Haitzler
    • 27.Charles Hannum
    • 28.Shawn Hargreaves [demon.co.uk] -- Allegro [demon.co.uk] game programming library
    • 29.Geoff Harrison
    • 30.Mike Heins
    • 31.Joey Hess
    • 32.Earl Hood
    • 33.Jordan K. Hubbard
    • 34.Dan Ingalls
    • 35.Lars Magne Ingebrigtsen
    • 36.Kyle Jones
    • 37.Bill Joy -- Sun, vi editor
    • 38.Alexandre Julliard
    • 39.Mike Karels
    • 40.Jeremy Katz
    • 41.Spencer Kimball
    • 42.Donald E. Knuth -- author of Art of Computer Programming
    • 43.Werner Koch
    • 44.Alfredo Kenji Kojima
    • 45.Jeffrey A. Law
    • 46.Patrick Lenz
    • 47.Marc Lehmann
    • 48.Rasmus Lerdorf
    • 49.Mark Linton
    • 50.Paul Mackerras
    • 51.Peter Mattias
    • 52.Doug McEachern
    • 53.Caolan McNamara
    • 54.Kirk McKusick
    • 55.Bram Moolenaar
    • 56.Tobias Oetiker
    • 57.Tim O'Reilly [oreilly.com] -- O'Reilly [oreilly.com] books
    • 58.John Ousterhout
    • 59.Dave Rand
    • 60.Brian Paul
    • 61.Nicholas Petreley
    • 62.Bernhard Rosenkraenzer
    • 63.Alessandro Rubini
    • 64.Dr Douglas Schmidt
    • 65.Keith Sklower
    • 66.W. Richard Stevens -- Unix Network Programming
    • 67.Darryl Strauss, Zeev Suraski
    • 68.Danny ter Haar
    • 69.Andrew Tridgell
    • 70.Jorrit Tyberghein
    • 71.Bert Tyler
    • 72.Guido van Rossum -- Python [ruby-lang.com] programming language
    • 73.Miquels van Smoorenburg
    • 74.Wietse Venema
    • 75.Paul Vixie -- cron daemon
    • 76.Patrick Volkerding
    • 77.Tim Wegner
    • 78.Jim Winstead
    • 79.Jamie Zawinski [jwz.org]
    • 80.Phil Zimmerman.

    Granted, some of these have been covered already, but maybe a handful at the most. I must confess to maybe knowing who 10% of these people are. I would sure like to know something about the rest of them. Just imagine all the cool stuff each of these people has to offer--why in the world are we looking to interview inflamatory, damaging people like JP?

    Just trying to help :-) I figure 80 some odd suggestions should keep you busy for a while.

  • by jamienk ( 62492 ) on Saturday July 15, 2000 @07:58AM (#930740)
    I think its evidence of bad parenting to trust AOL to plan your child's intellectual diet.
  • Is it just me or does that trick possiblity have random effects on different computers? Back in the Trumpet Winsock days when you looked up "dns.name." with an extra dot, it would append your local domain, am I wrong or does some *nixes/OS'es do this still? It may not work always I believe. Every censorware got a vulnerable spot :P (and that one is just called dumb coding)
  • How old are you?
    I shall use my amazing psychic powers and attempt to answer this for him.
    14?
    The reasoning being he discovered it when he was eleven and it was three years ago... so it's around 14.
    -J
  • by GigsVT ( 208848 ) on Saturday July 15, 2000 @08:12AM (#930743) Journal
    Knuth? :) It may be interesting what a real Old Fart has to say about the Open Source Vs. Old Fartism debate.

    Now Phil Zimmerman, that is something I would love to read.
    -----------------------------
  • that should be the opposite. appending a . to the end of a domain should force it NOT to append any of your DNS suffixes.
  • It isn't protect your children.

    It's teach your children.

    Teach your children, don't censor your children.

    If you can't teach them, they'll get in trouble all by themselves. But if you censor them, they just won't talk to you about it (i.e. they will censor you).

    Sure, there's a lot of nasty stuff on the web. There's a lot of nasty stuff in the world. But most children won't ever find it, and if they do, they probably won't know what it is, won't be interested, and would much rather go back to the local Yahoo Kids Center, or Gameboy Tips & Tricks page or whatever. As a parent, you can encourage this, instead of stifling their desire to explore.
    ---
    pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
  • by Anonymous Coward
    We interview a random hax0r script kiddie from IRC.
  • by session ( 139321 ) on Saturday July 15, 2000 @08:17AM (#930747)
    I'm all for freedom of information, and I'll fight government censorship of something every day of the week. AOL, however, is not the government. Why do people act like they're a horrible company just because they have censorware built into their product? After all, it is a commercial product and you don't have to use the censorship controls. They're only there to help parents "protect" their kids (if the parents feel they need to, which I would disagree with, but whatever).

    This isn't a case of forced government removal of information, this is simply a product that you choose to use or you don't. What's the problem with that? So it has a hole in it... big deal, so do a lot of things.

    Maybe I'm just missing the point, but I don't think it's "bad parenting" to have AOL assist you in guarding the information your kids can see. Personally, I would never censor anything from my kids, but if a parent wants to, why should they have to go out and find all "bad" sites on the internet and limit them from their kids? What a waste of time.

    Please, I'd love to hear other people's arguments on this -- I really want to know why you think it's such an evil thing. Simply being against it because it's censorship doesn't exactly seem right to me.

  • by Anonymous Coward
    Wht I admire is not that he is a kid who broke AOL stupid "security" filter, but what he thinks of the subject in general.:

    "It just infuriates me all of the internet users that think of themselves as "elite" just because they can scam a password from some staff AOL account, or the people that go around causing havok online and think they are the best. These are the idiots that ruin it for the all of us, and I'm also very sorry to see all the newbies looking to them, who will one day become one of them."

  • by Anonymous Coward
    This is truly the dumbest thing I've ever seen on slashdot. Were there no posts in the submission queue of any interest at all?

    Interviewing some 14 year old wannabe skr1pt k1dd13 and telling him he is so cool for adding a dot after a domain name while in the midst of typing other gibberish is just stupid. If you wanted to show us smart hacker teens how about interviewing kids like the ones mentioned here [yahoo.com] instead of some kid who managed to find a hole by typing random gibberish.
  • Where does it say he was eleven? I missed that part.

    I caught the 'in 5th grade' bit, but that doesn't mean as much as you'd think sometimes.

    However, as a ballpark figure, I'll use my amazing psychic powers to estimate that you're probably within a year. :)

    Now, a better question might have been "How smart are you", but that's even more rude and obtrusive than "How old are you", and much tougher to answer.

    (although I've learned that you can 'estimate' a person's I.Q. by assuming that they have learned in a Western culture, deluding yourself into thinking that tests are a fair and accurate measure of education, and dividing their SAT Combined Score by 10. Of course, I.Q. tests have problems too, but at least you can do statistical correlations between the two tests. However, I'm not going to ask this question, or attempt to answer it for myself. :)
    ---
    pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
  • by GigsVT ( 208848 ) on Saturday July 15, 2000 @08:21AM (#930751) Journal
    When are parents going to learn that if they want to control what their kids see, they are going to ahve to watch them 24 hours a day?

    No software will ever be able to replace parents. I have a son, and the way I look at it is that information cannot hurt someone who is intelligent. Misinformation is the real risk, and kids might believe it if they aren't prepared to always look for both sides of an issue.

    Of course, a lot of parents don't want their kids to see both sides of an issue, and this is the big thing. It is going to be very interesting to see what a generation that grew up with the greater availability of information from all sides of the spectrum are going to turn out like. I think it will make these politician's job of lying to the people a lot harder at least.
    -----------------------------
  • I didn't want to sound mean, but yes, I hurt. Sorry.
  • what should I do?!
    What's the best (and only) way to make sure your teen (or kid) isn't looking at stuff online you wouldn't want him/her to be looking at? -- Don't have kids. In today's world many kids have external access to the web; off-home surfing. Their friends have it, their school has it, their public library has it. So much access to this. If any or all of these are using filtering there are always ways around it.

    By this logic, we probably shouldn't have children because they could also quite possibly become psychotic serial killers. The more rational solution: Educate and/or supervise your kids. Be involved.

    *gel

  • by tilly ( 7530 ) on Saturday July 15, 2000 @08:32AM (#930754)
    Step 1: Put up an internal firewall.

    Step 2: Set up proxies.

    Step 3: Monitor the webtraffic from the proxies. Have your monitoring be smart enough that you can label things as, "I know this is OK, don't mention it any more."

    Step 4: Sit down and have some heart to heart conversations about anything that really bothers you.

    By default don't get in the way. Have the rules match exactly what you are concerned about. And realistically, if step 4 fails, then you have real problems. You cannot block what your kid does at a friend's house, pretending that you can protect them by controlling what they do at yours is just stupid.

    Cheers,
    Ben
  • by drix ( 4602 ) on Saturday July 15, 2000 @08:32AM (#930755) Homepage
    Hey editors! When I was _9_ I crax0red the popular SurfWatch internet filtering program into oblivion by exploiting a race condition! Where's my interview?

    Seriously, I'm sure this guy is a charming young man - and probably a decent second baseman too - but there are just so many other people you should spend your time interviewing. As a general rule, I'd like to suggest you refrain from posting lengthy discourse with people who place on or more of the following phrases on their homepage:
    • "AOL Sucks"

    • "Visual Basic"
    etc...

    --
  • Of course, none of the people you listed would really be related to the story of AOL only now patching up a very obvious and very rediculous flaw, would they?
    ---
    seumas.com
  • sorry to sound all supportive and everything, but JP comes across as a pretty together person - certainly more sane than most of the script kiddies out there. more power to him.

    the only way to protect your children in this sort of arena is to either keep them out of it (when young enough) or to bring them up to be sufficiently responsible (when they get smart enough - and they will in spades).

    oh, and AFAIKS this article is bang in the middle of slashdot's charter. moral responsibility - after a bare minimum - is not /.'s job. interesting tech articles are. this is one.

    cheers

    pete23, reality on demand
  • by p0six ( 23324 ) on Saturday July 15, 2000 @08:34AM (#930758)
    Uhm. no.

    1. It's not illegal to look at sites about warez. It's illegal to DOWNLOAD or provide warez. AOL or your local ISP may decide to block these sites (it's their perogrative), but there is nothing illegal about these sites that just provide info on them.

    2. It's been shown again and again that filtering software of all types are at best grossly inefficient, many times blocking perfectly legitimate sites. This "workaround" would allow you to access these sites. This sounds pretty reasonable, no?

    3. It is not /.'s or your ISP's job to look after your kids. It is not the government's job to look after your kids. It is NO ONE'S JOB BUT YOUR JOB. Filtering software may be a helpful aid (issues of effectiveness aside), but do not blame us if your kid looks at porn.

    4. As far as I know, the ethics of news reporting require you to report the news. Not just the Happy News. or the Poltically Correct News. Sure, there are times when news should be withheld (for the sake of security or whatnot), but this is hardly of that caliber. There have been news pieces on how bomb making instructions are easy to find on the Internet. Is the media irresponsible for pointing out that this information is available?

    I'm going to stop now, before I get really pissed.
  • Since when is adding a period to the end of a TLD a crime? If anyone should be prosecuted, it should be the service provider who failed to provide proper restrictions to content, despite advertising to parents and consumers the extreme safety of their censorship controls.

    Duh.
    ---
    seumas.com

  • I disagree [slashdot.org]; I think it's bad parenting.

    I'm not the only one [slashdot.org], either.

    However, continuing on, here are a few questions about parents censoring their children:

    What gives you the right? No, really. Father knows best?

    Would you let your children censor you?

    Do you think you'd like having someone else censor you?

    Do you want your children to like you or be able to trust you?

    Do you think that if you hold up your part of the bargain to do your best to teach your children, then they can use their own judgement, and perhaps you can learn from each other?

    ...or are you so arrogant to think that you can judge that for them?

    ...or so shortsighted to think that you can get away with this, and that they won't find a way to circumvent it, or end up hating you for not trusting your own children?
    ---
    pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
  • O'Reilly [oreilly.com]

    See, Visual Basic on the front page. They even have a whole domain [oreilly.com] devoted to the evil stuff!

    The moral of the story? Be careful with hard and fast rules...

    :-)

    Cheers,
    Ben

  • [First Voice] Napster is just a facilitation for crime.

    [Second Voice] True, true. Microsoft is just a facilitation for innovation.

    [Third Voice] Waaaazzzzzzzaaaaaaaaappppp?

    "I will gladly pay you today, sir, and eat up


  • Really? How many AOL children do you suppose are readers of Slashdot?

    Yes, I accept that there may be some (read: a rare few) but it seems readily apparent to me that those who are, no doubt are likely to be fairly advanced users already. They not doubt use AOL only because that is what is provided by their 'NOT' so aware parents. Reading of an AOL exploit here is probably 'old' news... conveyed by their equally astute net associates who turned them on to slashdot in the first place.

    Frankly, Slashdot, whose membership consists of LOTS of parents, by publishing this info is doing exacly what I expect of them...making it's readership aware of tech exploits. You appreciate this when it is DECSS or the like.

    Seems to me that just because the subject matter does not impress YOU, that is hardly reason to badmouth Slashdot for passing along info that may indeed, interest others regardless of your opinion of their level of expertise.

    Just my opinion on a Sat. morning.....

  • by Gurlia ( 110988 ) on Saturday July 15, 2000 @08:57AM (#930764)

    There is no replacement for proper, responsible parenting. The problem with these "parental controls" tools is that they are induced by a market of people who don't want to spend the effort to raise their kids properly, and depended on by people who don't understand what proper parenting is.

    After all, it's your kid. You are the one who should supervise them and educate them in the proper way. That responsibility is on you not on AOL or any other corporation or person. The proper way to be a parent is to nourish a healthy relationship with your kid -- and that means spending lots of time and effort to educate him/her properly, and to maintain a good relationship. If you're not willing to spend the time or expend the effort, you're an absolute fool to think that so-called Parental Controls software or whatever other garbage they have out there will do your kid any good. And don't be surprised if your kid grows up to despise you. Kids know when you really love and care about them, versus when you're doing it grudgingly just because you know you have to.

    Kids aren't Tamagotchi's. Parenting is not merely about changing diapers, stuffing them with food, cuddling them when you feel like it, and sitting them in front of the TV or computer just so you don't have to spend the time/effort to be with them as a person. Parents who think that they can have both the "advantage" of distracting their kid with TV/computer and also "safe-guarding" them with "Parental control" garbage are greatly deceived.


    ---
  • I'm English, and I've had net access since I was 11. Proper TCPIP stack, no AOL crap. I did pay for it myself, but most of my friends also had net access and I never heard of any of them having access censored or restircted by their parents. What is it about American parents that makes them want to hurt their children so?

    Abashed the Devil stood,
    And felt how awful goodness is
  • by Plasmic ( 26063 ) on Saturday July 15, 2000 @09:06AM (#930766)
    Why are we interviewing some kid who found a really lame hole in security software? That'd be like interviewing every individual that posts to BUGTRAQ with mind-numbing questions like, "Oh, so how'd you find the bug?" and "How many people did you tell?" .. this is really contentless. Is this Slashdot editor new?
  • > Do you want children to be able to cirvumvent the controls put in place to protect them?

    "Protect" means different things to different people -- just look at this article [slashdot.org] from a few months back. Peacefire [peacefire.org] and censorware.org [censorware.org] also have a great deal of discussion about the issues associated with web-filtering.

  • I have a son, and the way I look at it is that information cannot hurt someone who is intelligent.

    The only problem is that kids are not just miniature adults. Their brain's are not fully developed.

    Let's put it another way. Do you think that a child growing up in the getto with gunfire and violency all around them is going to influence how their personalities develop? Of course it will. Now, do you think if your boy grew up seeing images of woman in bondage his entire life, that might influence how he sees women?

    I think you need to wake up and realize that part of responsible parenting is setting limits on what your child is exposed to and when they are exposed to it.


    --

  • I absolutely agree. It's not a matter of blocking things from your kid. It's a matter of giving them the proper education and developing a healthy relationship with them. (See my other post on this [slashdot.org].)

    IMHO there's nothing wrong with Parental Controls software and the like. What is wrong is the parent thinking that it can replace proper upbringing and education. (I.e., trusting the software or system or whatever to block out "bad stuff" instead of educating your kids' sense of judgment.)


    ---
  • It isn't gov't censorship as such, but a lot of people (including me) think it's odious for the same reasons. Well-meaning parents who wind up restricting their kids' access to liberal party web sites and gov't-mandated censorware in libraries getting in the way of legitimate research are two bad things censorware can do. It also offers a false sense of security (witness this story), meaning that parents legitimately seeking to restrict their kids' access to porno on the net won't realize that it's impossible and take appropriate measures (unplugging their computers, for one). On a more nebulous level, censorware companies often make decisions about what to censor based on factors other than content -- witness the study, which I can't find now, where some good people copied gay-bashing quotes off of mainstream right-wing & religious web sites, posted them on Geocities, & submitted them to be censored. The censorware people agreed that this stuff was bad news. When asked to ban the original mainstream sites the quotes came from, they refused. This kind of thing can't be good for anybody, any more than censorware that restricts sites talking bad about the censorware-producing company.

    These are some of the more concrete reasons I don't like censorware; the false sense of security is the worst flaw IMHO. AOL and other censorware providers have an interest in keeping people misinformed about the theoretical impossibility of what they claim to do; this leads to nasty stuff like the cphack fiasco, which also isn't good for anybody.

    Hope this answers your questions. Note that I'm not trying to bash AOL's controls on young children; as I understand it, these either use a whitelist or deny web access altogether and are, I agree, a useful tool for parents. Almost all other censorware, though, commits the cardinal sin for software: It doesn't work.

  • (Assuming JP of AntiOnline)

    I really don't like being off-topic, but I just have to say, that after dealing with JP, I 100% distrust and dislike the guy. He exploits his supposed position, and whines when he doesn't get his way. To top it off he uses people and waves around law suit threats like they were weapons. If you want more info on my personal incidents just let me know, I'm more than happy to share.
  • Let's put it another way. Do you think that a child growing up in the getto with gunfire and violency all around them is going to influence how their personalities develop? Of course it will. Now, do you think if your boy grew up seeing images of woman in bondage his entire life, that might influence how he sees women? I think you need to wake up and realize that part of responsible parenting is setting limits on what your child is exposed to and when they are exposed to it.

    Of course I set limits.

    The thing is that most bondage porn is misinformation. It is misinformation that most women like to be tied up and beaten. I already added the caveat about misinformation in my original post. I think that that is one of the few things that should be kept from children, if they are likely to believe it.

    Right now my son is too young to use the Internet. When he is old enough to use it, he will pretty much have the run of the place. This will have limits, of course, but my goal is to make him educated well enough that I don't have to worry about what he looks at, because I know that he will do the right thing. If that doesn't work, then something else may be necessary, but not censorware. I would rather use monitoring software that records what is viewed rather than arbitrarily block whole groups of sites. If I see that he is viewing things that could be damaging, then I could address the issue.

    To borrow from an anti-drug commercial of the 80s: Parents who oppress raise children that won't mind being oppressed by a government out of control.
    -----------------------------
  • ...when you grow up.

    Society accepts that parents have the right to treat their children in ways that no adult can be treated by another adult. For instance there is nothing unusual in having a parent ground a 10 year-old. Can a cop do that to an adult? Of course not!

    I don't think that the police have the right to spy on an entire country. Yet I do believe that there is nothing wrong with a parent monitoring a minor. In fact I think that my wife's parents had exactly the right idea. They let their kids make their home the neighbourhood hangout. Why? So that they didn't have to worry about where their kids were and what they were up to.

    Is that spying? In a literal sense it is. But the parents didn't sermonize, they didn't lay down a ton of rules. they didn't keep detailed logs. They just heard the kids talking with friends and didn't feel worried.

    Likewise with the web let you kids go where they will. Check in on them in the same way you check out what they are watching on TV. Don't make it a secret or a big deal. But keep your eyes open.

    The fact is that if we had a few more involved parents we would have a lot fewer script kiddies. And that would be a good thing.

    Regards,
    Ben
  • So, AOL comments that their software is 'foolproof.' How about making it kid-with-half-a-brain-proof, guys? :-)
  • No, the editor (Jamie) is not new. I do agree however, that I think they completely missed the needed focus of this issue. Who located it and how they located it is irrelavent and not even minimally interesting. What is interesting and what should have been the entire focus of this is how such a weak exploit could have been left laying around for almost four years. It seems this has been similar to saying the Titanic is unsinkable, well, except if you are captaining the ship in water...
    ---
    seumas.com
  • Not every article on Slashdot has to be some enlightening techno/social commentary does it? I mean, most of us agree AOL sucks worse than a pile of rancid chicken livers served up in a dirty 3rd world toilet bowl. And this kid is obviously not some type of guru (unless AOL Parental Control Workarounds is enough of a subcategory to qualify). But hey it was a bit reassuring if you ask me. I mean he was obviously weened on AOL but it looks as if he will be able to overcome his handicap. Thats gotta be worth something. If nothing else it was amusing.

    - What do mean my left eye is swollen?
  • Hope about spending some time with your kid and surfing the Web with them?
  • I live in Canada...
    My father is a teacher in this small town, so we had free unrestricted net access since about 1993, when I was 9. My parents never censored my brother and I, and instead encouraged us to become familiar with computers. Now, I have a part-time job as a technician, and my brother is a network engineer. My parents simply provided the tools to learn, and encouraged learning.

    Eso

    I'd rather be pepper-sprayed by a mountie,

  • I already added the caveat about misinformation in my original post. I think that that is one of the few things that should be kept from children, if they are likely to believe it.

    First of all, you're wrong -- some woman do like bondage, so that's not misinformation, it's a lifestyle choice. Granted, it's chosen by woman who are psychologically messed up, but it doesn't fall into "misinformation". Second, the key is "misinformation". You can put anything under that category (religion? evolution?), so you haven't really said anything.

    When he is old enough to use it, he will pretty much have the run of the place. This will have limits, of course, but my goal is to make him educated well enough that I don't have to worry about what he looks at, because I know that he will do the right thing.

    You're hopping back and forth across the fence. Which is it? "The run of the place" or "limits"? Beyond that, it's insane to assume a child will just "do the right thing" without supervision because 1) you can never know what he's really learned from your "education", and more importantly, 2) it's not about intelligence, it's about judgment. You only get judgment through time and experience. In other words, just because you tell a child the stove is hot, and he intellectually understands "hot", you still have to watch him to make sure he doesn't impetuously put his hands on it.

    If that doesn't work, then something else may be necessary, but not censorware. I would rather use monitoring software that records what is viewed rather than arbitrarily block whole groups of sites.

    Censorware is a tool, like any other. Apparently, you are in favor of restricting access to certain sites. Well, censorware allows you to override a site if you think your child is ready to access it. You seem to have bought into the propaganda regarding censorware, but it's just a different face on monitoring.

    Parents who oppress raise children that won't mind being oppressed by a government out of control.

    Oh come on! That sounds like warmed-over Dr. Spock. Discipline and setting limits is not "oppression". When you have children without limits, you get Columbine. Children need limits in order to develop properly.


    --

  • I was able to spend a shitload of my parents money on Q-Link! Does that get me an interview? I seem to remember programming in BASIC on my Dad's TI-94A. I was able to download all kinds of warez on my Commodore 128! Hey, why don't you interview me?

    Sorry folks, this is flamebait, but I figure having lots of karma is exactly what stories like this are for. This really sucks Taco. Don't let Jamie post crap like this any more.

    Mike, no offense, but being a good coder, or even a smart kid in general, does not make you a good subject for a /. interview. I'm accustomed to seeing Nobel laureates and FSF gurus being interviewed here, and I have yet to meet a 14 year old that has enough life experience to make an interesting /. story. Come back in a decade, and we'll see what you have to say.

  • "Why are we interviewing some kid who found a really lame hole in security software?"

    Because the really lame hole (1) allowed kids to get around attempted parental censorship, and (2) was in place for three years before anyone in an authority position knew about it.

    Parents think technological solutions will keep their kids "safe" (for varying definitions of "safe") on the internet. Reality is otherwise, and they need to learn so. Maybe getting the perspective of someone who added an extra dot when he was 11 will help.

    This isn't a story about a 1337 hax0r crack, it's a story about censorware and its failed promises.

    Jamie McCarthy

  • Moderators... informative? Hello? I thought the interview was a little interesting, and the exploit even moreso. I would've had no idea if this hadn't been posted (not that I use AOL anyways, but it is a pretty major flaw.)
  • Many of the above would indeed be interesting "interviews."

    Sadly, the late W. Richard Stevens is not on that list; he would not be an interesting interview unless Slashdot has some supernatural interviewers.

    Some interesting adds I'd suggest:

    • Richard Gabriel

      Of fame for the "worse is better" thesis

    • David Moon

      One of the designers, at Apple, of the Dylan language, previously involved in designing Common Lisp, and Symbolics machines.

    • Kent Pitman
      Short languages make long programs, I claim. Long languages make short programs.
    • Guy Steele

      Noted for involvement with famous books on C, Scheme, Lisp, and Java.

  • Apparently you aren't even trying to read and understand my message before posting your flame bait replies. I am done with this conversation.
    -----------------------------
  • Rules don't get you very far if you don't have a good relationship. But no parent can be with their kids 24 hours a day. (Parents really do try harder than most kids realize...)

    Cheers,
    Ben
  • How do you support a censorware company after this sort of fallout? X-Stop [xstop.com] knows how.
    Don't target educational institutions. They have an excuse for showing meaningful content.
    Target corporations. Hey, pretty much 95% of the Internet is non-productive, right? So it's actually a benefit to these corporations to decimate their Internet access.
    Check out these statistics.
    http://www.xstop.com/statistics/index.ht ml [xstop.com]
    Businesses are more vulnerable to FUD than anything else, since most of them depend upon abstraction and statistics to exist.

    --Perianwyr Stormcrow
  • >Where does it say he was eleven? I missed that part.

    Fourth sentence: "At the time, he was 11 years old." :-p
    --
  • The moral of the story? Be careful with hard and fast rules...

    Rules like... everyone must love O'Reilly? Cause I think most of their new books suck. Programming Perl is an absolute masterpiece, but I haven't found anything that really wowed me over recently.

    --
  • Well, censorware allows you to override a site if you think your child is ready to access it.

    Censorware have closed lists of sites which normally can't be edited. It allows you some settings, but does not give the parent complete control and certainly not accurate information about what it does.

  • by Freon ( 26749 )

    OOG quoting William Conrad and Samuel Coleridge... Now I've seen everything.
  • Why do people act like they're a horrible company just because they have censorware built into their product?

    Well at first i thought you were refeering to people considering AOL's censorship bit, but you made several comments regarding to the fact that people thing AOL is evil in general.

    People think that AOL is evil for more than a couple reasons. To name the big three, one being busy access numbers (which has been fixed for the most part), two being AOL randomly will sign you off and/or ask you if you "wish to stay online", and three, AOL is ungodly slow, and only allows you to dial up to their service through their software (I for one sitll use aol, and only use it to connect to the net, I minimize it the rest of the time, and even use a seperate POP3 email program, outlook express.). Aol has always had inferior service, inferior products, and for the most part, buggy software.

  • Through their half hearted attempt at censorship AOL seem to have actually caused a few kids out there to go and learn a little about how tcp/ip works and what AOL are doing... No parent in their right mind should believe that a service provider can accurately censor an internet that is growing at the rate of thousands of pages an hour.

    Quite honestly the best policy is to trust your kids with the internet and explain what is and isn't right.

    Can you imagine what it would be like if AOL sold a plastic suit that ur kids could wear so that they wouldn't be able to access drugs or cigarettes at schooL!?

    The whole internet censorship thing isn't really any different in my mind and it's up to the parents to teach their children responsibility, or to supervise their internet usage.

    Quite honestly are a few pictures of girls with their kit off really going to corrupt a 16 year olds mind that much?
  • As a father and a programmer I have to say that it makes me very upset to see all these other parents who are trusting their software to 'protect' their children!

    The internet is just like television (full of both good stuff and pure trash) and as parents if we are concerned about what our children are going to expose themselves to then the only solution is to educate them first. Educate them about the morals and ethics that your family believes in in order to help your child develop good character and avoid the trash that the morals that you have taught them would find 'offensive'. But most importantly, if you do in fact want to censor what your children accesses on the internet then YOU must monitor what your child is accessing YOURSELF!

    Of course your child is going to experiment and access material online that you would not approve of. However, your child will also do the same with television, drugs, smoking, sex etc. and in the end it will be you who will have had the most influence on the overall outcome of your child's life.

    When I was a teenager I experimented a lot with drugs but I grew out of it and wouldn't touch a single illegal drug now. I expect my daughter to do the same (although I definitely wish that she wouldn't). And I believe that they way that I raise her will lead her to be a very good, clean person. I don't believe that looking at offensive material on the internet is going to hurt her unless she remains uneducated about it. And that would be my fault.

    Just my $0.02
    Garett

  • Bugtra^H^H^HSecurityfocus, did anyone catch the story about the buffer overflow in wordpad.exe? I mean come on, how lame do you have to be to sit there and run every .exe file with a 300 letter string?
  • A huge portion of America views AOL as 'the internet'. They think everything else but aol is just a vehicle for porn and illegal activity. AOL has these people brainwashed. Then AOL puts forward filters, and parents think, 'oh, this is great now we can *control* what our children see'. Perhaps we should burn books too. I've met Parents who think they are irresponsible if they didn't implement AOL parental controls.

  • Aol has always had inferior service, inferior products, and for the most part, buggy software.

    Then switch to something else or shut up. You must have other choices, and if you don't, then start your own ISP, or be glad you have anything at all.

    -cwk.

  • by Anonymous Coward

    AOL is hardly the only censorware with a flat-out exploitable bug in it. Some X-Stop [xstop.com] boxes do also. These are proxy boxes intended to be used at the ISP level by schools and businesses. The one this exploit is known to work on is one of the BSD-based (I think) ones.

    Do an nslookup on playboy.com. Get an IP address, say 206.251.29.10. Now, using your favorite calculator (bc in this case), calculate 206 * 256^3 + 251 * 256^2 + 29 * 256 + 10 (watch your order of operations if you have to use a regular calculator or pencil and paper) and come out with the answer 3472563466.

    Now, go to http://3472563466/ [3472563466]. Since playboy.com is nice enough to use relative links for most of their content, guess what?

    And a tweak to junkbuster [junkbuster.com] to do this automatically as a proxy would take... How long?

    This was reported to X-Stop last year. Their response was that it wasn't important enough to fix.

  • There is nothing wrong with Americans. I am American and my parents didn't place any absurd restrictions on me or my sister growing up.

    Some parents do this - sure. And everywhere in the world some people do foolish things. Why do Europeans like to gereralize Americans so much - we're a pretty diverse bunch you know.

    Please note: I am purposely being hypocritical here to prove a point.

  • Back in the Trumpet Winsock days when you looked up "dns.name." with an extra dot, it would append your local domain, am I wrong or does some *nixes/OS'es do this still?

    If some OSes do that, then they need to be fixed, since that is buggy behavior. The whole point of the trailing dot is that it makes it an absolute name (i.e. explicitly relative to the DNS root).


    ---
  • by Anonymous Coward
    man, if you parents can't parent properly as the parent post said, then you probably won't parent a parent as what you parented won't make it to be a parent, at least not a better parent than the poor parenting excuse of a parent that you are. Man this is one long sentence, I wonder why I replied to its parent?
  • This is ridiculous. Slashdot is wasting our time and their time interviewing some lame kid who happened to find a security hole in AOL, who cares? Who even cares about AOL, 90% of Slashdot readers don't even use AOL! I can't stand them. Also, this kid has obviously too much time on his hands and his parents are negligent as far as I'm concerned. Heck, when I was a kid my Dad had me out weeding the garden, etc... do you think I had the time to waste on frivoluous exploits. Parents get a clue... the best way to control your kids is keep them BUSY. Get them involved in different clubs, sports, and extracurricular activities. Trust me it is much more healthy for a kid to be involved in these sorts of social activities than to be cooped up in front of a computer all day. Granted some of us like to sit in front of a computer all day, but parents should be smart enough to force their kids to get involved in other things at least until the kid is of age and can make decisions for themselves. What is our society coming to anymore...


    Nathaniel P. Wilkerson
    NPS Internet Solutions, LLC
    www.npsis.com [npsis.com]
  • by Anonymous Coward
    Evidently you didn't read the leadin or the interview. This kid is currently on a baseball trip - so he is doing something besides sitting in front of a computer all day. What are you doing, sitting in front of a computer?

    Who the hell are you to pass judgement on how this kid spends his time anyway? You go far beyond what censorware does. He is not accountable for every aspect of his life to you. It is obvious from the interview that this kid's parents give him a lot of leeway to lead his own life and that he had done something creative with it. He has created web sites with helpful tutorials for beginners on web-related topics, and his sites have been popular. He has stood up to intimidatation by fighting efforts to make him take down a site because of "trademark" claims. How many experieneced webmasters just surrender all their rights without a second thought?

    You should be ashamed to post your real name here at slashdot. If reflects poorly on your life.

    Regarding AOL subscribers visiting Slashdot, the fact is that the overwhelming majority of Slashdot readers use IE 4 or 5 and are running Windows. They are NOT using Linux or another unix or Beos or Mac. A high percentage of IE 4 and 5 users are doing so via the AOL client. Who are you to say that stories about AOL are of no relevance here?

    This kid is somebody. He has character. Who are you? You can be somebody too! Quit wasting your life in negativity!

    "You are somebody" -- Jesse Jackson

  • I thought that was ironic, and find it hard to believe that he meant it. Because that's exactly what's going on here IMO: Slashdot and others are treating him like he's l33t, so he thinks he is, when he did less than what I would expect it to take to "scam a password."

    Also, does he not think he's going to "ruin it for the all of us?" By making such big noise out of this he's begging AOL to fix it, even though he acts like he's interested in keeping info free. It's not like putting up a website with instructions of how to bypass website blocking software really makes any sense anyway - don't you think AOL will just block newriot.com?

    Glad not to be an AOL'er...
  • There are many more ways to deafeat useless censorware programs and sex.com. can be viewed on any logs, what you need is a secure webbased proxy server with cookie authentication and encrytion of the urls.
    I when i am at school am stuck behind one of the most restrive proxies in the world, it basically denys anything with any word it considers 'rude', it doesn't even let me view http://slashdot.org/ yet alone the comments.
    The solution? use a https proxy, as https is encrytied on the client all the way to the server it works fine, add a cgi proxy server with cookies for authentication and slight encrytion of the url and the clueless admin can't see what your doing or even what sites you are viewing.... works a treat
  • This interview is pretty lame I admit, but if you were going to interview someone about "hacking AOL" you could at least get someone who did something other than happen to type a period at the end of an url. At one point there were some people who really did some cool stuff on AOL...

    Starting 7 years ago up until about 4 or 5 years ago I spent a lot of my time on AOL. I was rather young at the time, and didn't really know too much about computers except that I thought hackers were cool. Somehow I ended up in private room hack, I don't know how or why, but there was a whole culture of people in there. Keep in mind this was a long time ago, this was when compuserv and prodigy were viable alternatives, when AOL sucked because of the "me too"s first and foremost. When AOL didn't have a web browser.

    So to skip all the boring shit I found myself going to the "elite" room with various other kids who had somehow proved their eliteness. Anyway, these were the people who really fscked around with AOL, not this parental control bs. This was before parental controls even existed. These were the people who figured out how to upload and download and chat at the same time (back when you couldn't do that). Figured out how to download in a free area (back when you had 5 hours a month on a 2400bps modem), and other usefull things. And no they weren't all harmless, we got overhead accounts (sort of below a guide and above a regular user) that could go to guide areas and had other special features. Some people knew guides that could TOS or delete someones account, etc etc. We also figured out how to kick people offline, intercept instant messages(!), and other cool but usually malicious things. Of course this usually involved pirating software and even credit card theft and all that bad stuff that seems to follow behind, but at the very center of it all there was really just a bunch of people exploring AOL.

    At some point Visual Basic got thrown into the mix (probably as a result of the widespread software priacy), and AOHell was made - which automated a lot of these tasks we did manually. Then came the huge amounts of "AOHacks" or "AOProggies" or whatever people would call them. This led to drones of people being able to do the tricks that were previously restricted to only the people who were cool enough to be told. Some of the folks who thought themselves better than this created "AOTurkey" around thanksgiving one year as a sort of joke, making fun of AOL's version of script kiddies. Even though we may have thought ourselves superior, we didn't nothing to stop the flame. I myself spent a decent chunk of time writing a still incomplete VB 3.0 program (and I still have the source code in case I ever come back to it :) ) that could do all sorts of stupid shit like make accounts with fake credit card numbers, automatically send messages to people asking them for hteir credit card numbers, and other random crap. A few decent programmers did some pretty incredible things with Visual Basic back then. No one had really done this stuff before - that is trying to interface directly with AOLs client. If you could write a program that would "get the chatroom text" (ie - being able to detect when someone says a trigger that would add them to a mailing list (of pirated softare)) you were elite. Of course the original people started to grow up and realize they really weren't as hot shit as they thought they were, and that some of the more illegal stuff they were doing was really not worth the risk at the least. I left and never went back, though I still keep in touch with a few of those people through EFNet and emails etc etc. I was actually a bit surprised when I didn't see a comment like this one already posted, since the people who lead the way always think they kick ass :).

    So I guess what I'm saying is hacking AOL isn't neccisarily something to immediatly scoff at, I just wouldn't have picked Mr. Sklut to be the representative...

  • I agree with everything you said about the story and its implications. The interview was still lame.
  • by Anonymous Coward
    Timmy: Dad, what is "fisting"?

    Answer #1: Tim, "fisting" is where someone tries to put their fist into someone's else butt. No, I'm not kidding! Yeah, pretty gross, huh?

    Answer #2: Oh my god, Timmy! Where'd you even hear of such a thing as that? Naughty, dirty, filthy bad boy! I'm not telling you and I don't want you ever to even THINK of such a thing again! You are not allowed to think about it or EVER look on the internet for it. I'm installing some software to make sure you don't try it either.

    Your call.

  • Argh. Maybe someone's posted something to this effect already, but they hadn't when I read the comments an hour ago. Now, supposing Slashdot had posted a story about the hole being fixed after 3 years. Would people have complained? Maybe, but I would guess not. However, they went one step further, got some information from the person that made the news about it or whatever, and you chose to read it. you know who he was about halfway through the interview, or less. So they provided something relevant, went further (doing an interview that is perhaps "iffy" but it was about censorship, which is what Jamie normally posts about (or posts a lot about)). I don't see where the complaint is.
  • Hear, hear.

    This fella sounds okay. Did he omit anything that some of the wonkier suggestions farther up the page might have put in? Okay, here ya go: "Open source GOOD! Censorware BAD!"

    What's the matter with this interview? I think it's great that we get a story about a kid who's into a bit of hacking and is acting responsibly. Especially since it wasn't Katz who wrote it!
  • i would never ask my parents that to begin with
  • We have 31 flavors if ice cream. That's got to count for something.
  • While I don't necessarily disagree with your post, I have to wonder if there is really anything wrong with his method.

    My parents gave me free reign over what I did with the computer. In fact, when we got our first real computer, it was _mine_, not the family's. The freedom afforded to me by having complete, unmonitored access to a computer has been one of the most beneficial things that has ever happened to me. Because of this I expanded my horizons by joining political discussions, discussing literature, and seeing the world from the eyes of many other, older people.

    I'm now almost 22 and have been using computers without supervision since I was 11 years old. I am about to finish my CS degree, and I'm already employed writing software for Iomega. ( note that this is NOT iomega ware :P)I have gotten this far purely on my ability with technology, but my ability to communicate with others and make rational decisions.

    Why? Because I was free to do whatever in the hell I wanted to do with the computer, whenever I wanted to do it. I never had to ask permission to get online (BBSes at the time) nor did I have to worry about my parents not understanding what I was doing and freaking out about it. My explorations of the systems out there, and my own system were not held to the superficial.

    The only understanding we had was that they thought I was intelligent enought understand the repercussions of the things I did. Something that _all_ humans, regardless of age are supposed to understand. Spending time with your child is a great thing, and if you are a parent it should be your single largest priority. I have to wonder though, when you monitor a child as you are seeming to advocate, are you not really just making all their decisions for them? How does this make them more able to make correct decisions on their own, when you are _not_ around?

  • ... because you Americans like to generalise the Europeans so much!
  • In fact, the kid adds no value to the story.
    He accidently added a dot to a URL when he was looking for porn. Big Fucking Deal!

    And you're right, the interview questions suck.
  • For one, I said MOST women don't enjoy bondage. That implies what he rebutted with, that "some do".

    As far as defining "misinformation": I define it as something that is written with little basis in fact, as determined by evidence.

    That should settle your question re: evolution v. creationism.

    In that case, one can examine both sides of it and make an informed choice as to what to believe, based on evidence. Misinformation is only dangerous if it is something that is self qualifying. Since kids generally don't have the critical thinking skills of adults, we still must interpret a lot of the things out there for our kids. THat doesn't mean that they should be shielded from the side that we don't believe or agree with. We should just make sure to explain to them the logic behind our choices. That is why I said that monitoring software is a LOT better than blocking software. That way if you see a problem, i.e. something that may be misunderstood by a kid, you can address it. There is no need to censor it.

    There are obvious exceptions, such as things that could place a kid in danger, such as chat with people that might be dangerous. I am speaking mostly of reading static content on the web, once you move into the interpersonal aspects of the Internet, the rules change a lot.

    Yes, censorware is a tool, and I don't think it should be banned or anything like that. I just don't think that it is good to use it. Like I said, monitor, and then discuss.

    Yes, children need limits, but the main thing is to teach them that it is wrong to hurt others. Things that they do that don't hurt others (or limit others rights or freedoms) are usually ok. That is the difference between what I am saying and Columbine.
    -----------------------------
  • How come a kid with that kind of hacking expertise has been using *AOL* *long-term*?
  • Actually, his post made a lot of sense. I can see why you would stop arguing, since he pointed out a lot of fallacies in your reasoning. Don't want to be called a troll under your real name RealityMaster? It's only karma man. :) You guys act like it is life blood or something.
    -----------------------------
  • "Just over three years ago (I must have been in fifth grade at the time).."

    So now he's in the eighth or ninth grade (or just out of it: it's summer!) and he's probably 14-15 years old and he probably lives at home.

    Not everybody is a 3l337 adult...

    t_t_b
    --
    I think not; therefore I ain't®

  • I think you're confusing Phil Zimmerman of PGP fame with this guy [pkware.com] of PKZip fame.
  • by dunno99 ( 211673 )
    Do I sense a disdained smell of jealousy in the air or is it just...my computer frying? Just because you were born into the world with a TI-94A on one hand, an 8088 on the other and a keyboard up your arse doesn't exactly make you the God of computers and therefore deserve to be interviewed (dayhem, I don't even know when the hell those things appeared on the market).

    Come on, don't tell me that it took you more than 5 hours just to read up to the line of "I am 15." (If you did, I'm sorry to say that Slashdot just isn't the right place for you...) If you don't like the article/post/interview/whatever just because it's interviewing a 15 years old netizen, then don't read it. No one is force-feeding it to you.

    For some of you who think that he hax0r3d AOL please read the article more carefully. He said that he stumbled across it. That's not exactly what I had in mind of the next great AOL hacker and his feat (hey, more oxymoron never hurt =). So please don't label him as an AOL-hacker-wannabe (at least in the scope of this interview).

    For those of you who are complaining why Slashdot is "wasting" their time on this particular interview, let me just say one thing: You're certainly not paying Slashdot (at least not directly) to do an interview. Simply put, you don't have a say in what goes on in Slashdot. So shut up and sit down.

    For all of you saying, "who cares about this kid," one comment - just look at yourself. Why are you taking the *precious* minutes of your life typing out that response if it was of no importance to you? Seriously, it probably took more time to type your response than to read the article.

    For the rest of you who think that there are "better" people to interview...well, who are you to judge? Hell, if you can judge, I bet that the Slashdot interviewers are able to judge too.

    For everyone who is a conjunction of the aforementioned sets (if people are in at least two of the domains, it's a conjunction...and if it's a disjunction, then there won't be anyone in the first place, which of course the statement would taken out before it's evaluated...classical logic here, not intuitionistic, or pretending to be =), you're just a conceded person who should've contributed to the Darwin Awards a long time ago...well, maybe that's not right, since stupidity is more important there, so you'd probably over qualify with that blindfold over your eyes.

    And for everyone else, thank you for realizing (I always wonder why everyone uses an 's' instead of a 'z'...maybe because that's the right way to spell the word? =P) the integrity of our fellow netizen, and thank you for spreading your thoughts about proper parenting.
  • "Slashdot is wasting our time and their time interviewing some lame kid who happened to find a security hole in AOL, who cares?"

    Christ! Give the kid a break!

    And give /. a break while you're at it!

    If your time is so GD important, don't read the bloody article!

    You should be able to scan a post here in seconds and decide if it's worth your valuable time.

    Of course, posting to /. does let you display your self-promoting .sig...

    ...and it's interesting to note that a quick check of your site [npsis.com] reveals the interesting fact that 45% of your links have either "My" or "Nathan" in them.

    So I guess you do think you're pretty important...

    And finally (not to pick ;-) I'd turn down the refresh=7 on your web cam page a little. Something more like 15 or even 30 works well: at least then the entire image would have a chance to load before the refresh timer goes off and starts all over again...

    Just a thought..

    t_t_b
    --
    I think not; therefore I ain't®

  • Umm. I thought we , the Slashdot users, got to ask the questions.
  • Perhaps they are called Parental Control sbecause they control the parents... by lulling them into a false sense of security... or something.
    -J
  • My biggest problem with these systems is the whole idea of a site being appropriate for one age group but not for another. Like, I think that a page using foul language is appropriate for almost anyone, but if I had kids, I'd probably block all religious sites until they were in their teens. I'd also block almost all retail sites, until they were out of the "screaming their heads off about stupid cartoon characters" phase.

    The only workable solution is a system like reputation managers, where everyone ranks pages as to what degree they agree with the statement "this page is suitable for my children"? Rank it one to five, and have your ranking sent to the central server. The central server uses your rankings to match you to others who agree with your rankings. Then sites you haven't ranked are based on what the people you match think they should be rated. Adding categories (rank wrt sex, language, politics, religion) would allow the system to function more accurately with less users.

    Then you could set on your own computer what level to allow the kids to surf. Maybe it's set at 2 for when you're home and you bump it up to 4 for when you leave the kids with a babysitter for a weekend. It works even if some people are overprotective, so that a parent of a 7 year old in Berkeley, a parent of a 10 year old in Los Angeles and a parent of a 16 year old in Salt Lake City might actually be using each others rankings (unknown to each other) because they match.

    It's fairly robust against people trying to supress or promote an agenda, because if your agendas don't match, then you aren't going to use their rankings.

    Sure, "what your kids while they're on the internet" is a great idea for now, but I'm thinking that by the time I have kids old enough to type, people won't get what "while they're on the internet" means, because well, what, you lost the signal? In some weird anti-technology retreat? Every terminal you own suddenly broke down? And your phone too? Think of how much more wired we are now than ten years ago. Is this somehow going to slow down?
  • Did you read my whole comment? My "generalizing of Europeans" was sarcasm - to show how ridiculous it is to group people by location. Maybe you were joking too :)
  • ...or is Slashdot getting more and more irrelevant these days ?
  • "Newby, an information and library science professor at the University"

    A meeting for hackers (sic) and the moderator is named "Newby". Not the right spelling, but it sounds the same.

    Pretty funny, but then again, I don't get out much.

  • This was a very bad idea.

    No, this was a good idea, because AOL is becoming very net-security paranoid with it's user base. It also details many of the internal problems AOL has.

    Right now, AOL's filtering all e-mail traffic through their servers to determine if it's spam or not. This is a boon for anti-spammers: People who use the socket interface to AOL will be promptly identified in the headers if it went through the proxies. Does such a thing violate privacy? What's to stop my mail server admin from reading my mail, she/he has root access?!?!?



    ---
    Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack

  • I do not. But it's obvious that it is a lot of responsibility and work. It's unimaginable for parents to be able to look after their kids every second of the day, and it should not be required of them, nor is it only their fault when the kid does "evil" things while not under their supervision. Under the assumption that internet is a good place for kids to play/learn (which isn't settled in my mind), Parental control ideally permits at least some control when you're absent.

    You know that cookie-jar in the top shelf, placed "out of reach" of most children? Yes, that restriction is circumventable, so why have it?

    By placing something out of immediate reach a person - here kids - need to consciously decide to break that barrier. It's a way to train kids to be aware of the rules.

    There's got to be some amount of trust, indeed, I don't want to imagine a family without it.
  • I would hate to see a prosecutor after my lawyer got thru with him, for charges of downloading warez. Users of warez are exploiting a hole in the general system of computer sales. This is not criminal, and it is falsely being made to look criminal. The current computer software market ecconomy replaces traditional physical market ecconomy with a virtual ecconomy. Buy and sell information, in the form of programs. Do not attempt to get free software, even if you are not breaking the law of supply and demand. You see with software, there is INFINATE SUPPLY, and, if you're lucky, enough demand. The problem with this, is that ecconomy functions on a supply and demand principle that is archaic. This principle needs to adapt now, and that is the only reason ecconomy suffers. Not because some pimple faced geek decides to 'steal' software. The act of stealing has always been 'to transfer illegally', and it has never meant 'to duplicate'. I believe replication can save the world. Why stop at software? Keep learning, keep striving and move forward. Progress is to replicate!!! The industry must adapt and stop putting our children in jail for harmlessly downloading information and programs that may have been hacked by evil doers. Just because my son can get free software, certainly does not mean he is bad. He has to get that software and learn it to compete with other members in his peer group, and if they are getting warez, he must as well, in order to keep a fair playing field. Stop the guys doing the hacks, if you can. Our children are not to blame. The industry needs to adapt to overcome this problem, by changing their ways. Maybe devoting a billion in policing the internet is NOT the answer! Maybe we just need to come up with a sollution that makes EVERYONE happy. What about open source?!?! What about free software for personal use, provided it's main functions are business, and not entertainment?!?! Photoshop should be FREE for students because they require the software to learn how to make graphics for industry. Make up losses by billing heavier on the companies who demand students know the software. Give our children a chance to make a difference. Give us all a chance to make a difference. Let's say I have a device that lets me copy food. Let's call this item a REPLICATOR. Not like Star Trek (but close)... this one is hand held. Let's say I walk into a grocery store and COPY everything in sight. Then I leave. Would you arrest me? Probably. Would I feel guilty? Piss on that! I did NOT HARM ANYONE. I just made a replica of something. No one lost anything, but my sale. Except they say that "oh we lost your sale because you WOULD have bought our product but you STOLE it." SHeah!!! Like I would ever buy Photoshop! Feck that. It's too expensive, and it only applies if I am using it for work, in which case my work bought it and paid to licence it, and it's out of my hands. You know, we should make companies pay for everything and every human should live FREE. Replicaiton should not be made to be an evil because it is the one last technology that can save the human RACE!@!!!!! Just think of how no one would have to starve! Now ask yourself how the industry can adapt to overcome the suddent thrust we are already feeling because of 'illegal' (I still say it's not criminal) replication of software and imagine how you can make it better... how can you change the way things are so that replication is the norm, and nobody suffers because of it. And if you ask me, I'd rather see a suit suffer than some poor Cambodian children... what, because they are not allowed to break a MORALITY and REPLICATE food?!?!?! Pffft. Give me a beer. /d
  • I discovered years ago that adding a terminal "."
    to the hostname will make the resolver go faster
    (tested on GNU/Linux and Windows), presumably
    because the . tells it you've fully qualified
    the domain, so it doesn't have to check local
    domains first. I recommned the practice for
    general use, with the caveat that it doesn't
    mix well with poorly-configured virtual web
    servers.
  • rod blaze lifted his sharpened dagger claws to his forehead and sighed in exasperation. when would the love of his life ever return to him? he had lost his memories during the experimentations on his rock hard body and even his regenerative sk11lz could not return them to him. his thoughts drifted back to his last known date with that beauty, only known as sol.

    sol: oooooooooh rod blaze! penetrate me again with that virginator! uhhhh do me once more babee!

    she had been clinging to his chest hair with dear life as rod blaze had pounded in to her with all the passion of a wolverine in heat even though a newage material seperated their bodies from immediate contact, contact that could prove fatal for rod blaze.

    sol: AIIIIIIIIIIIIIIIIIIIIE!

    the scream echoed in rod blaze's mind over and over as he dug his sharpened razor like claws into his own flesh and let his blood seep out into the snow that lay around his battered body. he had tortured his body even as his own mind replayed the morose events of that past affair. in an orgasmic eruption he had ripped out an unfathomably large piece of sol's right side. the red fluid had poured onto his face until he awoke from his trance like state and had ripped off the newage material that had seperated their bodies. as rod blaze's body tore on its own accord, sol had regained some vitality. shortly afterwards rod blaze had left for canada to search out his own identity. lying in the snow, he searched his soul.

    rod blaze: on this trip of identification, that which i seek to regain, have i thus lost what was right - this teen of body and mind yet ladylike and graceful - whom i have torn of flesh and tortured of mind? my sol, whose teenness so close to np - alas she is not mine to adore - i have found her irresistible - yet in my passion, i may have destroyed her.

    sol had recovered, rod blaze had been the worse after his regenerative powers had been passed on to her, but he could not shake the undeniable truth - he had come a hair's width away from ripping the soul away from sol's body.

    sol: rod blaze is that you? i have followed you from RMS's school for gifted and cute teens to find you, as i do love you and your wicked delights.

    rod blaze: oh sol! how i have should have completed my transgressions against my own body of nature, you whom i have only shamefully admitted to love - shamefully yes - for our ages might very well be in difference - and you are a teen of body and mind, ladylike yes, but pouting teen of breast and pouting teen of lips - that which i do pursue.

    sol: oh rod blaze how you should be with me, hold me in your strong arms!

    rod blaze: YEARRGGGHHHHHHHHHhh! you have stabbed me my love!? WHhhhyyy? better still, for I am better dead

    rod blaze crumples to the ground as hemos morphs from his sol exterior and wipes his blade on the snow.

    hemos: MUHHAHAHA foolish rod blaze! i have known you would have taken my sol-bait, but i did not realize how easily. foolish man! i have stollen your sol, and OSM's natalie portman - both pouting teen of breast, and pouting teen of lips, from your secret hideout - RMS's dirty old cave aka RMS's School for the Gifted and Cute Teens!

    no one really knew why hemos - a manchild - kept his base form of a leathery skinned blue women with golden eyes. perhaps it was because of the demands of having a relationship with ESR - the dirty old pedo who could create magnetic fields at will.

    hemos runs down the snowy hill, even as the sun begins to set over rod blaze's motionless body. he meets a couple getting into their skidoo, and slays them both with his wickedly curved dagger. he takes off in their skidoo - obviously headed for ESR's secret hideout for an entertaining evening filled with sexual dominance and submission.

    a few hours later, twilight. rod blaze awakens from his regenerative sleep and utters a curse.

    rod blaze:foul demonness hemos! my misfortune has thus been your fortune, and has transformed my wholesome love for sol into a mockery by your treacherous and lecherous ways!

    rod blaze, now recovered, jumps onto OSM's motorcycle - stolen - which had been hidden in the tundra - and launches himself down the road like a missile. he arrives at the school by daybreak. he parks his bike, and lights up a cuban cigar.

    rod blaze: Aahhhaha the school! now where is my sol whom i have forsaken for too long - and open source man and his natalie portman?

    teen iceman: hey rod blaze - looking for your sweet heart sol? well i really turned her on with my ice rose - i bet she creamed her shorts - but you won't find her here - she and natalie portman have been kidnapped by esr and his goons: roblimo the canadian experiment gone wrong and hemos the transvestite shapechanger!

    rod blaze: you stupid little fuck, tell me where sol and natalie really are now, or i'll shove a blade into your tight little anus!

    rod blaze extricates one long wicked blade from the middle of his right hand as open source man strides onto the scene, wearing his cool oakley rubicon coated lenses and a pair of tight leather pants.

    open source man: jeez rod blaze - forget this little teen fuck - we've got two pouting of teen lips and pouting of teen breasts teens to rescue! and give me my fucking bike you cunt.

    rod blaze: you're a dick. let's go.

    open source man jumps onto the back of his bike that rod blaze is so deftly piloting. their speed increases to mach 5 - on the razors edge - they flit past the scenes in a rush of adrenaline and exhaust.

    rod blaze: where the fuck are we going anyhow?

    open source man: RMS, that old fart, i convinced him to take some time out of indoctrinating the masses with his gpl madness and use his mental fraternizing to good use - to locate my sweet natalie and your sensual sol! they're imprisoned in ESR's hideout - off the I-95, the next exit, underneath the new hampshire town hall - yeah the one that looks like a miniature white house.

    rod blaze pulls into the miniature white house drive. five officers are guarding the entrance to new hampshire town hall.

    officers: Muuuuuuuuutation! Muuuuuuuuutation! Kill 'em all boys!

    open source man flips the knob on his rubicon visor and explosively clears a path to the underground lair of ESR and his flunkies. rod blaze smokes his cigar and sits astride his motorcycle nonchalantly. the pigs run, hide, and try to stay calm by munching on some diabetic chocolate.

    rod blaze: good job. natalie doesn't just keep you around for your sweet ass, does she?

    open source man: stay away from my girlfriend.

    open source man clears a smooth way down to ESR's hideout by using his haX0ring sk1llz, aka, his mutant power. rod blaze revs the engine and he and open source man ride down into the darkness. the air below smells like the sickly sweet stench of a night of lust and penetration. the darkness triggers an uneasiness in rod blaze as he experiences a flashback to horror filled days of the grafting of adamantite to his skeleton.

    open source man and rod blaze disembark from their vehicle and are faced with an iron bridge over a river of sewage. ESR, mutant of immense power, controller of magnetic fields and open source advocate stands at the other end of the bridge.

    ESR: (in a booming voice) i am the greatest pedo of the east and west, and i shall penetrate your loves tonight! prepare to face my wrath, X-MEN!

    rod blaze: have you ever danced with the devil in the pale moonlight?

    open source man: what?!?

    rod blaze extends his blades in a fury of taut muscle, blazing fast energy and runs across the bridge with the speed of an antelope and the wisdom of a rock. open source man takes aim at ESR with his visor. suddenly, out of the darkness does appear two teen beauties, one on each side of ESR. it is sol and natalie portman, both dressed in bronze bikinis and collared, and reminiscent of leia, jabba's slave.

    rod blaze: Noooooooooooooo!

    open source man: huh?

    ESR: ah ha my children, children of mutation, children of open source. i am unsatisfied with my millions, i require tight bodies as well, and now, as you can very well see, i have them at my delectable disposal, even though i am somewhat dirty and disgusting of thought.

    ESR raises his hands high into the sky as he screams with a lecherous abandon:

    ESR: feel my power my pretties! dance and writhe in your orgasmic pleasure that I have so bestowed upon yous!

    grammar nazi: you fscking idiot - yous ain't a word.

    suddenly sol and natalie portman are lifted into the air, approximately 10 feet into the sky as rod blaze is frozen in place and open source man's visor is torn from his face and cast to the ground. it skitters across the damp earth. he closes his eyes with all his might so as not to blast his poor, beloved, pouting of teen breast and pouting of teen lips, natalie portman. natalie portman's thong is ripped from her thighs as sol's is also. two immense metallic dildos are immediately thrust between their legs and commence their assault at a frantic pace. natalie and sol are in a state of heighted pleasure as their awareness slips only to their love muffins.

    open source man cries: natalie, i have loved and longed for you since the day creation began, and it shall endure, until creation doth bestow me unto the earth!

    rod blaze: sol, think to my hairy chest and to my mutant member!

    sol: ooooOOOOOOOOOOhhhhhhh rod blaze i yearn for the viciousness of your member and your jaws upon my teen nipples!

    natalie portman: oh open source man, i have loved you always, you are my soul mate and my one desire upon this earth. i shall be in your strong open sourced arms once more my love!

    natalie and sol look to each other and their eyes meet even as they reach new plateaus of orgasmic pleasure. natalie seems to concentrate for an instant, she stops humping the dildo.

    ESR: ahh Uh ahhh yes, i shall.

    ESR bends over and flips up his cape. natalie and sol are lowered to ground, very gently. natalie has her hands on her temples and is concentrating fervously. a bead of sweat starts to form across her forehead. ESR looks like he is in a trance. he pulls his stockings off and spreads his bum cheeks. sol walks over to ESR and places her hand on his hand. ESR starts to shake and wail like a little boy. sol waves her hand and the dildos, like two heat seeking missiles, head straight for esr's anus and grind into it with a furious resolve.

    rod blaze: sol! you have his power - natalie, did you control him to bend over and release us?

    natalie portman: yes yes yes!

    sol: yes my love, yes!

    open source man's visor jumps to his face and reattaches itself to his head. he then locates hemos and roblimo - cowering in a pile of cookies in the far side of the cavern. without a word rod blaze and open source man run to their location, and after an incredible battle, claim victory to be theirs!

    sol and natalie portman run to their gpl'ed heroes and embrace them and shower them with kisses. their pubic areas are wet and yummy, so rod blaze and open source man engage in fellatio with utmost fervour. after a while they walk off, natalie portman safe in the arms of her hero, open source man, and sol, in the arms of her hero, rod blaze.

    love and happiness reign supreme.

    EPILOGUE

    somewhere in another plastic dungeon RMS continues ESR's mental ass pounding.

    ESR: old friend, do you really think you can ever beat the open source movement?

    RMS: where ever you bring your open source 'movement', i shall be there, with my GPL and my freedom.

  • to explain that this is a bogus article. There may well have been a 13 year old kid who got some pr0n on AOL, but slashdot didn't interview him, or if they did they didn't post his reply.

    The only thing that rang true at all about this fake interview is the obvious coverup about altavista being the site he was trying to visit. It was not written by a thirteen year old.

  • I went to his site newriot.com [newriot.com] and tried checking out some of his stuff.

    He has like 40 links on the left but only the first 5 or so work? WTF ??? Did he just add in a massive "coming soon" section of all the stuff he plans on adding to the site at some future date?

  • That and the fact that the security hole was found by an 11-year-old kid. But three years is a long time for that simple a hole to stick around.

To be is to program.

Working...