Don't be alarmed if you hear what sounds like Jack Bauer screaming "TELL ME WHAT I NEED TO KNOW!!"from within the bowels of AT&T headquarters.
Or maybe you SHOULD be alarmed. After all, it was AT&T who admitted yesterday that a flaw in its website exposed iPad email addresses to anyone who wanted to look at them. The security flaw — which pre-populated an email address field in a registration page — was first revealed by Goatse Security, who claimed to uncover 114,000 email addresses by guessing numbers that identified iPads connected to AT&T's mobile
network. Goatse waited until AT&T had patched the flaw before revealing it to the public.
The issue in the FBI's eyes is whether Goatse's action violated the Computer Fraud and Abuse Act, which generally prohibits unauthorized access to
computers. Goatse (and the Electronic Frontier Foundation) argue that typing information into a public website doesn't qualify as "unauthorized," and that they merely figured out how to view information that the Death Star had already (if unwittingly) made public.
[Via the Wall Street Journal]