Clarificiation on the IP Address Security in Dropbox Case 152
At issue was the list of IP addresses that had accessed the Dropbox account of Orange County Mayor Teresa Jacobs. A public interest group called Organize Now wanted to know whether the documents in her Dropbox account had been shared with outside parties, such as lobbyists, and filed a public records request to obtain the access logs. The county provided the logs with the IP addresses redacted, claiming that they were withheld for security reasons; Orange County asked a court to declare that there was no legitimate security-related reason for the IP addresses to be blacked out. On Monday, Judge Robert Egan ruled that the county had to release the unredacted version of the logs.
In the judge's ruling, he trivially rejected some arguments that the county had made, determining for example that IP addresses by themselves were not "data processing software" (duh). The trickier question was whether the IP address logs could be considered "information relating to security systems", and whether publishing the IP addresses in the logs could enable a security breach.
Judge Egan correctly wrote that all the IP addresses did was "identify specific computers used to access Dropbox" (actually, of course, computer IP addresses can change, and if the computer is behind a proxy server then it will be the proxy server's IP address that shows up in the log; but that's close enough, let's give it to him). He rejected the county's analogy to another case, in which a judge ruled that the city of Clearwater did not have to turn over the names and addresses of residents who had installed a particular alarm system; Judge Egan said that confidentiality in that case was more obviously justified, because there's no public interest in giving thieves a list of houses to avoid hitting.
However, in declaring that there was no good reason for the IP addresses to be redacted, Judge Egan wrote:
While the County has expressed a legitimate concern that disclosure of IP addresses would constitute an additional security threat because they would identify specific computers used to access Dropbox, which would then become potential targets for hacking, it also acknowledged that it already identifies 20,000-30,000 intrusion attempts daily and it has measures in place to deal with those attempts.
When Judge Egan says "it already identifies 20,000-30,000 intrusion attempts daily", it's not clear whether "it" refers to Dropbox, or the county's own computer system (presumably the latter, since 30,000 seems a bit low for Dropbox). But either way, the argument fails because the "measures in place" only refer to protection for the Dropbox servers and/or the county's own servers. If the mayor ever connects to Dropbox from her home computer, and the logs can be used to identify her home IP address, then the "measures in place" won't do anything to stop an attacker from trying to attack her home computer. And if an attacker can take control of her home computer, and her home computer is set up to log into Dropbox automatically, then the attacker can use her home computer to access the Dropbox files, and those accesses will look indistinguishable from legitimate accesses from the mayor herself.
In this scenario, the biggest obstacle to an attacker is that knowing the mayor's home IP address would normally not be enough information to take over her computer. Even if the attacker had knowledge of a security vulnerability in the operating system being used on the mayor's home machine, it's usually impossible for an outsider to connect directly to a user's machine, because the machines are behind wireless routers which are shared with other computers in the same house. (An attacker could first find a way to hack the security of the router, and re-program it to forward incoming Internet traffic to the mayor's computer, and then find a way to compromise the home computer -- but that's two security systems that have to be hacked independently, and every extra hurdle reduces the chances that you'll be able to clear all of them to pull off an attack.)
A much easier attack would be to try to get the mayor to view a web page from one of her computers -- either her home computer or her office computer, as long as it's one of the computers that she uses to access the Dropbox account -- and then try to infect that computer using code on the web page itself which exploits a security vulnerability in the web browser. (Web browser security vulnerabilities are quite common, compared to the far more rare security holes which allow you to take over a computer by sending traffic to its IP address.) To do that, all you need would be to reach the mayor directly, or talk to someone who would pass information on to her: "I'm a concerned constituent, and here's a web page that I've set up describing my plight and how the county government could help." Wait, scratch that: "I'm a concerned consituent, and here's a web page describing the dirt that I've dug up on your opponent."
And if the mayor does visit your web page, even if you don't succeed in infecting her computer or taking it over, at least now you've got her IP address.
So a better line of reasoning would have gone something like this:
"It's not inconceivable that someone could use the IP addresses in the logs to facilitate an attack, and anyway, the county's 'security measures' wouldn't do anything to prevent an attack against, say, the mayor's home computer. However, it would be much easier for an attacker to attempt an attack by other means (e.g. a browser vulnerability), and in any case it would not be hard for an attacker to find the mayor's IP address indirectly, without even resorting to any security breaches. So the disclosure of IP addresses has only a negligible effect on the odds of a break-in."
Run that through your standard judicial IWentToHarvard-izer, replacing a couple of random words with their longest equivalent in the thesaurus, and you've got a pretty solid legal opinion.
Then again, maybe some other Florida public servants are in more urgent need of training in how IP addresses work. After the judge's ruling, Rafael Mena, the mayor's Chief of Information Systems & Services, said in a statement:
"We don't agree with the decision. We are responsible for protecting crucial public health and safety infrastructure, including our 911 systems, our jail facilities, and providing clean drinking water to more than a half million residents. Internet Protocol (IP) addresses control everything from the cameras at the courthouse to the locks on the jail cells. We're also concerned about the security of the health records and financial information of thousands of citizens. Releasing IP addresses leaves organizations vulnerable to the type of security breaches that the public sees every day on the news."
Drinking water. OK, forget press releases for a second: If you were the head of security, and you asked your assistant head of security to evaluate the impact of releasing the IP addresses that had accessed the mayor's Dropbox account, and your assistant gave you a reply like the one above, what would you think? Would you put up with that nonsense from someone who worked for you?
Well, government security officials do work for us. The people of Orange County should tell Mr. Mena: If you want to try and bamboozle people with irrelevant factoids and scare them with veiled references to terrorist threats, go get a lucrative job in the private sector! As soon as you finish stocking up on botted water.
"Keep reading to see what Bennett has to say" (Score:5, Insightful)
Uh... no.
Re: (Score:3)
Don't you wanna read about "clarificiations"?
Re:"Keep reading to see what Bennett has to say" (Score:4, Informative)
Use this greasemonkey script to hide Bennett's shit from the main (and "older") pages. http://pastebin.com/RWCxT0jJ [pastebin.com]
(I disable it once in a while to check for his shit so I can tell people about the script.)
Re: (Score:2)
Use this greasemonkey script to hide Bennett's shit from the main (and "older") pages. http://pastebin.com/RWCxT0jJ [pastebin.com]
(I disable it once in a while to check for his shit so I can tell people about the script.)
If we ever meet IRL I owe you at least one beer for this!!
Re: (Score:2)
Hey, Bennett, or samzenpus, or whoever did it:
You do NOT put your own hypotheticals in quotes. Got it? Quotes are used for QUOTING OTHER PEOPLE. That's their purpose. Learn it. Use it. And it's usually best if readers can tell who is being quoted, even if only via context.
Thank you very much.
Re: (Score:2)
Oh dear oh dear. Yes, quotation marks can be used to show quoted content, but they can also be used to highlight euphemisms, slang, sarcasm etc. They can also be used to highlight the using of a reference (to a work).
Your pet peeve is not founded in reality, much like the majority of the drivel you see fit to repeatedly spew forth in the midst of otherwise decent discussions.
Get a grip - you really need some help.
Re: (Score:2)
Use this greasemonkey script to hide Bennett's shit from the main (and "older") pages. http://pastebin.com/RWCxT0jJ [pastebin.com] (I disable it once in a while to check for his shit so I can tell people about the script.)
Give Haselton a break. He has done us all not just one but many public services.
Having said that... let's be honest: sometimes Haselton expounds on things that are very clearly not in his area of expertise, and certain Slashdot editors (for that is exactly what they are) probably give him too much "air time" on Slashdot. Especially, it seems, when he is expounding on something that is not in his area of expertise.
But while this one is rather long-winded, it IS an issue everyone here should pay attenti
Re: (Score:2)
You're not too bad at understatement.
Re: (Score:2)
Re: (Score:2)
Noticed that too. Hilarious.
Re: (Score:2)
Don't you wanna read about "clarificiations"?
Indeed. Now, most of you are out in the world seeking clarity. But, as long-time contributor Bennett Haselton writes, much more important than that is 'clarifice', the ability to explain truthiness without resorting to expertise or insight. Keep reading to see Bennett's clarification of how over two hundred years or jurisprudence can be usefully transposed onto decades-old technology....
Re: (Score:2)
ARRRGGGHHHHH.... CLARIFIC-I-ATION. I can't even spell it wrong when I WANT to!
Re: (Score:2)
I had to be doubly-extra.careful when typing the twisted word myself, I feel your pain bro.
Re: (Score:1, Insightful)
If I had mod points, I'd mod up all 11 first posts telling Bennett to go fuck himself. I think this must be some kind of record.
Slashdot readers, I want to thank you for your kind and enduring service to your community. You are all great citizens. Thank you very much. May your karma scores remain Excellent, may your trolls be well-received, and may your neckbeards grow long and silky. Thank you.
CAPTCHA: decency (something BH lacks)
Re: (Score:2, Insightful)
Tagging these stories as "nothanks"
Good call. (Score:5, Insightful)
Bennett Haselton spends 1341 words on what should be a 3 sentence summary.
If you want to know whether X accessed the mayor's dropbox (why is the mayor using dropbox in the first place) then you need to
a. get the IP addresses & times that they were used to access it
b. match the IP addresses to ISP user accounts at those times
Now, if the judge does not support you, personally, having access to the IP addresses then the judge can appoint a disinterested 3rd party do handle it. You are only interested in the ISP user accounts and whether those belong to lobbyists.
There! Done! And no need for Bennett Haselton's weird tangent on cracking via web browsers.
Re: "Keep reading to see what Bennett has to say" (Score:1)
I'm confused. Is this the frequent contributor or another person of the same name? I need to know so I know who to trust and where to form my opinion on this issue
Re: (Score:2)
Too bad, you missed this.
Fuck a bag of shit in the morning. That's not how the legal system works. It was priceless. Ignorance in little parts pisses me right the feck off. But grand-scale ignorance, the kind that could gag a gigantosaurus, is fricken hilarious.
I could stab a guy with a dictionary, watch him bleed out
Re: (Score:1)
Technically correct?? (Score:1)
That's the best kind of correct!
Re: (Score:2)
I think the issue here is not with security but with privacy. for many people the ip address is PII (personally identifiable information). My hope ip is static and only used by me. so any records showing my ip address are equivalent to showing my home address. If we're going to protect people's PII we should be protecting IP addresses too.
Re: (Score:3)
I thought we argued on all the downloading stories that an IP is not an identifier?
Re: (Score:3)
For home users, it is not a useful identifier because it usually changes regularly. For government users and business users, it is a fairly robust identifier, because most of those folks have static IPs (or at least fixed IPs assigned by a DHCP server).
Of course, there's not a 1:1 mapping between user and IP. So it would be more accurate to describe it as familially identifying information.
Re: (Score:2)
Of course, there's not a 1:1 mapping between user and IP. So it would be more accurate to describe it as familially identifying information.
Your mom's IP is so big, she needs two routing tables.
Re: (Score:2)
And, if the mayor had been holding private meetings with a sign-in ledger, and a public action group wanted a copy of that to see if the mayor was meeting with known lobbyists, a judge would have turned over the "personally identifiable information" of a list of names. The mayor thought they could outsmart the system by having the meeting online, and claiming "security" or something to cover what is supposed to be public information to begin with.
TL;DR: if you meet with a government official, your name (may
Presumption of innocence vs privacy issues (Score:2)
IP is not an ACCURATE ENOUGH identifier to send you to jail.
Sorta the way your car's lenience plates alone would not be good enough for such a purpose.
It must be proven beyond doubt that YOU were the one driving the car that ran over Justin Bieber.
But it is accurate enough for someone to come to the physical address associated with IP at that time and toss a Molotov cocktail through the window to send you a message that they don't like your comments on the "Beliebers" forum.
Hence, privacy issues.
Re: (Score:1)
Not sufficient for prosecution. (Score:2)
It is not sufficient for prosecution.
First off, an IP address can be re-assigned. So you'd need an IP address and date/time to be able to link it to a specific ISP account.
Each account can have multiple machines behind it that may or may not belong to that account (depending upon the security of their wireless network for example or whether any have been cracked already).
So an IP address is not sufficient for prosecution BUT
Re: (Score:1)
If they are logged and stored, they are impossible to protect without destroying the records. The best defense of privacy comes from spoofing. Unfortunate, but that's the way they want to play it.
Re: (Score:2)
what are you talking about? just redact the records. Records are often redacted to protect sensitive information for FOIA requests.
Re: (Score:1)
Please, forget that I even exist.... Excuse me for bumping into you. I'm playing a different game that doesn't seem to apply here.. Maybe tomorrow, when I'm sober...
Re: (Score:2)
IMO, IP Addresses of visitors to the Drop Box account of the Mayor, should be no more protected than the Mayor's appointment book.
It is a list of visitors. That is all it is. And if we think the Mayor is being lobbied improperly, we should be able to have that information.
Re: (Score:2)
I think the issue here is not with security but with privacy. for many people the ip address is PII (personally identifiable information). My hope ip is static and only used by me. so any records showing my ip address are equivalent to showing my home address. If we're going to protect people's PII we should be protecting IP addresses too.
But that was the idea. The intent was to find out who accessed a dropbox account. That information wasn't available directly, but apparently the IP addresses were available. If someone has a legitimate reason to want to find the person, then there is no reason not to hand over IP addresses.
Re: (Score:2)
that's fine perhaps, my point is that ip addresses need to be treated with the same sensitivity as names and mailing addresses. To balance privacy against disclosure, there are rules for when names and addresses are withheld and when they are released. These rules should also apply to IP addresses.
Re: (Score:2)
Re: (Score:2)
Closest thing to useful info associated with one of Bennett's posts. Spock's Beard [spocksbeard.com] is an awesome band.
Fuck This Shit (Score:5, Insightful)
Please stop using the front page as your personal blog. May you <insert-untimely-thing-here> in a <insert-energetic-thing-here>.
Re: (Score:2)
/. has always been a personal blog, it just happens to have a lot of links to other people's articles.
Did you forget [slashdot.org], or do I need to engage on a UID pissing match?
Re: (Score:1)
fuck off bennett (Score:2, Insightful)
i started reading, looked interesting, spotted the name - goddam trolled again. fuck you bennett, why the fuck are you blogging here you wet blanket soppy mug squidgy brained muthafucker
First.... um... (Score:4)
Re: (Score:1)
I wish i had mod points so that i could mod this up!
BTW, Benny needs to go find a nice quiet field where he can ponder all of his BS he wants to "submit" to Dice... er.... /. and then take a hammer and hit himself in the face. A lot.
(NOT posted as AC)
Need a logo (Score:1)
We need a logo for posts that are just about swearing at Bennett. Dunce cap?
Re: (Score:3)
We need a logo for posts that are just about swearing at Bennett. Dunce cap?
AC, that's a capital idea! I like dunce cap, but allow me to propose some alternative icons for Bennett articles:
- A hot air balloon
- A whoopie cushion
- The smiling poop emoticon
- Rageface
- That truck window sticker of Calvin peeing, but he's peeing on TFS
That's just a few off the top of my head. Feel free to add suggestions!
Re: (Score:2)
Re: (Score:2)
No. Go away, babblemouth (Score:3)
Judge Egan correctly wrote that all the IP addresses did was "identify specific computers used to access Dropbox" (actually, of course, computer IP addresses can change, and if the computer is behind a proxy server then it will be the proxy server's IP address that shows up in the log; but that's close enough, let's give it to him).
No, moron, let's not "give it to him", unless "it" refers to "a firm tongue lashing for getting it wrong wrong wrong." He's just created exactly the precedent that you don't want created: "the IP address identifies specific computers". It's not "close enough" when **AA claims it in court, it's not "close enough" when a judge says it regarding a FOIA case.
Relevance? (Score:5, Insightful)
Someone, who has no apparent power, wants to correct a judge. Just because they think they're right and the judge had inaccurate reasoning, despite coming to the same conclusion. (There's a good XKCD comic on the subject of correcting people in the Internet.) The critic's opinion will carry no legal weight. The same critic has a history of proposing long-winded, half-baked ideas to correct issues he sees with various societal inefficiencies that have gone no-where. I'm not going to waste my time.
Would someone be so kind as to please remind me how we can block posts from a given author?
The XKCD in question (Score:3)
It's "Duty Calls". http://xkcd.com/386 [xkcd.com].
Re: (Score:2)
"Would someone be so kind as to please remind me how we can block posts from a given author?"
Bennett's name is specifically not a link, so that you cannot author block him.
I don't get it... (Score:5, Insightful)
Re: (Score:2)
2) They know when they put up some dubious Bennett novella, we'll all swoop in and post "What the fuck?!"
3) ???
4) Profit?
Re: (Score:1)
In following proper /. tradition, I skip right over these "articles" and go straight to the comments. And I must say that the Bennett bashing is usually pretty funny.
As much as I would like to see him gone, part of me would miss reading the responses to his "articles."
Re: (Score:1)
fuck off. (Score:2)
Filter error: You can type more than that for your comment.
Question (Score:1)
Sorry to interrupt the usual "hate on Bennett" fest, but I read the article and have a question.
In the judge's ruling, he trivially rejected some arguments that the county had made, determining for example that IP addresses by themselves were not "data processing software" (duh).
And if the mayor does visit your web page, even if you don't succeed in infecting her computer or taking it over, at least now you've got her IP address.
Alright, so with that in mind, lets say your at home, laying in bed, kinda half asleep. It's dark, but you glance over and see something shimmering near the trash can you keep across the room. You kinda wake up enough to look closely at it and notice movement. Paniced you flip on your bedside lamp and are horrified to see spiders, lots of spiders, just pouring out of the trashcan. I'm not talking like one of thos
Re: (Score:1)
Chief of Information Systems & Services knows (Score:3)
Rafael Mena, the mayor's Chief of Information Systems & Services, said in a statement:
Because what this Chief dipshit saw was totally wrong. And even our favourite blogger noticed it.
Judge Bennett issues a Concurring Opinion (Score:2)
Re: (Score:1)
You can do your part by tagging Bennet submissions as "nothanks" and downmodding any posts of his you might encounter.
Thank you for your service, loyal Slashdot newbie.
A plan for Bennett (Score:4, Interesting)
If Bennett is so completely unwanted on this blog, why don't we do something about it?
In the manner of the fine people at 4chan, suppose we referred to Bennett in the past tense - as if he had passed away. Make all of our responses polite and sincere, but with the assumption that he is no longer with us.
Here's the kicker: the internet works by consensus. If there's an abundance of commentary referring to him in the past tense, it'll get picked up and echoed everywhere, possibly by Wikipedia. I don't know what the full ramifications would be, but hopefully it will play hob with his attempts to get traction on the net. Anyone who googles for him by name or things he has said will get the impression that he's unavailable for comment, interviews, and possibly employment.
Of course, we need to give Bennett fair warning, so I propose the following:
Starting with the next Bennett Haselton article on Slashdot that's more than 2 short paragraphs, we start referring to Bennett in the past tense - as if he had passed away. We're going to start a new internet meme.
Pleading, complaining, and asking has had no effect and we've certainly done due diligence.
It's time to take action.
Re: (Score:3)
If Bennett is so completely unwanted on this blog, why don't we do something about it?
Load this user script into greasemonkey - http://pastebin.com/RWCxT0jJ [pastebin.com] .
Never see Bennett's shit on the main page (or "older") pages again.
(I disable it once in a while to look for his shit so I can tell people about this simple script.)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
I've tried... (Score:2)
But I... can... no longer... resist... the tide.
Very well. This article sucks. Most of Bennett's articles mostly suck.
Where do I pick up my bucket of tar and feathers?
Bennett go home (Score:2)
Bennett Haselton needs to go away.
I love reading the comments on Bennett's posts, though. Makes me miss the old Microsoft-hate and vi-vs-emacs comments. Now everything is all level-headed +1 Informative. Bah.
Bennett is giving legal opinions now?? (Score:2)
Did Bennett suddenly earn his JD and take his oath? If not, then he can kindly shut the fuck up.
The Slashdot blogging platform (Score:3)
Why I read this article (Score:4, Interesting)
Let's talk (Score:2)
Who do you dislike the most:
1) Bennett
2) systemd
3) The switch rape girl