Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Pop-Up Predicament

Amero's new trial is a victory for parents and kids who end up on the wrong screen

I've been trying to teach my six-year-old daughter about computers lately, and let me tell you, it's a minefield out there. I pull up my supposedly spam-filtered email, and I have to delete two or three spam messages that advertise lurid photos. I show her Google, but I click the wrong button -- and I end up on a page that's about as far from Disney as you can get without being arrested.

It happens to all parents, I guess. And it's also what happened to Julie Amero, a substitute teacher in Norwich, Conn., who inadvertently showed her seventh-grade class a whole series of pornographic pop-up pages back in 2004. And earlier today, Amero finally got a new trial -- and a measure of justice.

Amero was convicted earlier this year of exposing her students to pornography, drawing a sentence of up to 40 years in jail -- and the sympathy of anyone who has ever seen spyware in action. While the prosecution contended that Amero's "display" could not have been a mistake -- she showed page after page of lurid content -- computer forensics experts leaped to show the courts how such a display could be caused by a single error.

Thanks to those sympathetic forensics experts, earlier today, a Connecticut judge set aside the Amero verdict and granted her a new trial. Prosecutors conceded that their own "computer experts" gave erroneous testimony at the first trial, and the state took no position on pursuing a new trial, which means that there probably won't be one.

So justice was done, and kudos go out to those that helped Amero make her case, especially after the verdict was handed down.

But I can't help thinking that none of this has done much to prevent this sort of thing from happening again the next time I go online with my daughter. Every time the makers of spam filters and pop-up blockers think they have their problems under control, someone invents a new way to circumvent them.

So today, I'm happy for Julie Amero, who finally got to go free. But I'm wondering when the technologies that caused her plight might be fixed -- or outlawed -- so that it doesn't happen quite so often.

— Tim Wilson, Site Editor, Dark Reading

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
Kelly Sheridan, Staff Editor, Dark Reading,  1/10/2020
Will This Be the Year of the Branded Cybercriminal?
Raveed Laeb, Product Manager at KELA,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-17
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and...
PUBLISHED: 2020-01-17
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
PUBLISHED: 2020-01-17
In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
PUBLISHED: 2020-01-17
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.
PUBLISHED: 2020-01-17
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases.