Hacking pioneer John Draper faces sex misconduct claims

John DraperImage copyright Peter Fuller/Getty Images Image caption Mr Draper became famous after finding a way to make free phone calls in the US

A lauded hacker and privacy campaigner has been accused of historic cases of sexual misconduct and harassment.

John Draper - who uses the nickname Captain Crunch - is famous in part for having helped Apple's co-founders get started.

The allegations include claims of unwanted sexual contact[1] with male teenagers at tech events between 1999 and 2007.

Mr Draper has not commented directly on the reports.

However, he published a brief message on Twitter[2] saying he had faced a "lifelong struggle on [the] autism spectrum".

Follow-up statements by the publishers of his autobiography said that his condition had caused him to exhibit[3] "some immature behaviours", and acknowledged that an "exercise programme" he had offered others had caused offence.

"We have only sympathy and compassion for those who have experienced John in a negative way and feel victimised by this programme in any way," the publishers wrote.

The news site Buzzfeed[4], which was first to report the claims, and Ars Technica have[5] said that Mr Draper has been barred from Las Vegas's high-profile Def Con hacking conference as a consequence.

The founder of the Houston Security Conference confirmed to the BBC that it had also disinvited Mr Draper from its event.

"We have not been contacted by anyone as of this moment, so we cannot confirm any bans," the biography's publishers told the BBC in response.

Teenage 'target'

Mr Draper's named accusers include the Los Angeles bureau chief of the Wall Street Journal, Ethan Smith, who said he was molested[6] during an attempt to interview the hacker in his hotel room at a conference in 2000.

Another, the University of Pennsylvania's Prof Matt Blaze, said he was stalked by Mr Draper[7] while he was a high school student aged 14 or 15.

"While I've tried over the years to quietly warn young hackers in his orbit to be careful, I regret that I've not been more public in doing so," tweeted Prof Blaze after Buzzfeed published its report.[8]

End of Twitter post by @mattblaze

Others, however, had publicly flagged concerns about the "energy massages" Mr Draper had offered in comments posted to Reddit, Slashdot and other news websites over the years.

Refused gift

Las Vegas-based Mr Draper, who is now 74 years old, rose to fame in the 1970s after he discovered that a toy whistle given away with Captain Crunch cereal generated a tone that could be used to control some functions of AT&T's phone network.

He went on to create a "blue box" that generated other tones, which when played down telephone lines could be used to make free calls.

After he taught Apple's co-founders Steve Jobs and Steve Wozniak the "phone phreaking" trick, they produced and sold the hardware to college students, and used the funds generated to launch their computer company.

Mr Draper later wrote software for Apple's early computers, helping connect them to phones as well as creating a word processing program.

He subsequently worked elsewhere in Silicon Valley, including a stint at software company Autodesk, as well as advising start-ups and giving conference speeches.

Image copyright Getty Images Image caption Steve Wozniak has said he has no first-hand experience of misconduct by Mr Draper's

Mr Wozniak wrote the foreword to Mr Draper's forthcoming autobiography.

Buzzfeed said the Apple co-founder acknowledged having heard rumours of inappropriate behaviour by his ex-work colleague but added he had not seen it first-hand.

The publishers of Mr Draper's book said they planned to make a donation[11] to two autism charities.

But one of the recipients - UK-based Action for Aspergers - has rejected the offer.

"Consultation by said person before he declared an interest in our charity would have been preferable, as well as courteous...alas this did not happen," its chief executive Elaine Nicholson told the BBC.

"We do not know this man, and certainly will not and cannot accept any donations from him if his character is truly tarnished and lives have been injured as a result." ...


  1. ^ include claims of unwanted sexual contact (www.buzzfeed.com)
  2. ^ he published a brief message on Twitter (twitter.com)
  3. ^ had caused him to exhibit (beyondthelittlebluebox.com)
  4. ^ news site Buzzfeed (www.buzzfeed.com)
  5. ^ Ars Technica have (arstechnica.com)
  6. ^ who said he was molested (twitter.com)
  7. ^ said he was stalked by Mr Draper (twitter.com)
  8. ^ tweeted Prof Blaze after Buzzfeed published its report. (twitter.com)
  9. ^ Skip Twitter post by @mattblaze (www.bbc.co.uk)
  10. ^ November 18, 2017 (twitter.com)
  11. ^ said they planned to make a donation (beyondthelittlebluebox.com)

Read more

Drone maker DJI in cyber-security row over bug bounty

DJI drone in flightImage copyright Getty Images

Drone maker DJI has accused a cyber-security researcher of hacking its servers.

Kevin Finisterre claims that he accessed confidential customer data after finding a private key publicly posted on code-sharing site Github.

He approached the firm, which offers a "bug bounty" reward of up to $30,000 (£23,000) for security weaknesses discovered in its systems.

DJI said the server access was "unauthorised".

The data Mr Finisterre was able to see included "unencrypted flight logs, passports, drivers licences and identification cards", he said.

Despite initially offering him the money, in a statement DJI has now accused Mr Finisterre of refusing to agree to the terms of its bug bounty programme "which are designed to protect confidential data and allow time for analysis and resolution of a vulnerability before it is publicly disclosed".

It added:"DJI takes data security extremely seriously, and will continue to improve its products thanks to researchers who responsibly discover and disclose issues that may affect the security of DJI user data and DJI's products."

It added that it would continue to pay bug bounties in exchange for reports.

Mr Finisterre, an independent security researcher, said DJI tried to make him sign a non-disclosure agreement.

He also published an email from DJI telling him that security issues with servers were included in the bug bounty programme.

'Freedom of speech'

He said it was almost a month after he sent his report before the full terms were shared with him, and that he believed they "posed a direct conflict of interest to many things including my freedom of speech".

One of the clauses stated that he could not publicly disclose his research without written consent from DJI, according to emails from the firm he has published in his report.[3]

Typically, security researchers will share their findings with a company, give the firm a time frame in which to fix identified bugs, and then publish their work.

The bug bounty scheme is offered by many large tech firms as an incentive for people to share security weaknesses rather than exploit them.

Cyber-security expert Prof Alan Woodward from Surrey University said DJI's actions were "outrageous".

"Cyber-security is one of those areas where there is no government organisation or central body or standards agency holding these people to account.It's ethical hackers and security researchers," he said.

"The public has a right to know when there's a security problem." ...


  1. ^ How to make money hunting cyber-bugs (www.bbc.co.uk)
  2. ^ Drone maker boosts privacy after army ban (www.bbc.co.uk)
  3. ^ he has published in his report. (www.digitalmunition.com)

Read more

Apple delays launch of smart speaker

Apple HomePodImage copyright Getty Images Image caption Apple first unveiled its HomePod smart speaker in June

Apple is delaying the release of its HomePod smart speaker until 2018.

The electronics giant said the device, which was due to be released in December this year, still needed development work.

It said the HomePod would be ready to go on shop shelves in the US, UK and Australia "early in 2018".

The news is a blow to its plans to take on rivals Amazon and Google in the growing market for home devices that use AI to help consumers.

'Not surprising'

In a statement sent to news organisations, Apple said the wireless speaker needed "a little more time before it's ready for our customers".

The delay will mean Apple misses the lucrative holiday season during which many consumers buy gadgets as gifts.

The gadget was first unveiled in June this year when Apple said it would go on sale in the US for $349 (£265).In the UK it was expected to cost £350.

It was designed to be a competitor to other smart speakers - such as Amazon's Echo and Google's Assistant.Sonos, Microsoft and others also make similar gadgets.

Like them it was designed to play music and act as a hands-free helper letting owners set timers, maintain shopping lists and get reports about the news, weather and other subjects.

Since Apple unveiled the HomePod both Google and Amazon have added new models to their ranges of smart speakers, intensifying the competition with Apple.

Writing in Engadget, associate editor Jon Fingle said the delay was "not surprising"[1] given that the HomePod was Apple's first try at a smart speaker.

"The HomePod isn't necessarily in trouble," he said."but it may face a tougher battle than it did beforehand."...

Read more

Net filters help avoid dodgy domains

Spam attackImage copyright Getty Images Image caption It can be hard for consumers to work out if sites they are visiting are legitimate

A free service that helps stop consumers visiting websites known to be malicious has been set up by IBM and two other industry bodies.

The Quad 9 service requires people to change the settings on their home router so web addresses can be checked.

It uses 19 separate lists of web-based threats to spot those used by phishing gangs or other cyber-thieves.

One security expert said it could be a "challenge" getting people to adopt the filtering system.

Address books

The Quad 9 service is backed by IBM and two other partners - the Packet Clearing House and the Global Cyber Alliance.The GCA was founded by security research groups and law enforcement and aims to start initiatives that educate people about web threats and help make it safer to use.

"Consumers have considerable problems with phishing," said Phil Reitinger, head of the GCA."A majority of them cannot tell if a website is real or not."

Mr Reitinger said the service would help solve this problem by blocking any attempt to visit a known bad site preventing people from falling victim to those that pose as reputable financial organisations.Many spam and phishing emails include links to sites that look like the real thing but only want to steal data.

Consumers turn on the service by changing the settings on their home router that determine which servers their computer consults when they want to look up the location of a website.Domain name servers (DNS) hold this information and act like address books for websites.

By changing the router's DNS settings to people can check that the sites they are visiting are safe.Videos and documentation guiding people through the changes needed have been prepared by the project partners.

Independent security expert Graham Cluley said relatively few people fiddled with the settings on their routers to change the way they found web addresses.

Getting across the benefits of switching would be a " big challenge", he said, given how reluctant people were to adopt other useful security technologies.

"We haven't managed to convince most users to deploy VPNs and password managers," he said."I think it's going to be similarly challenging convincing them of the merits of a different DNS service."...

Read more

News-Telegraph is a full functional magazine news for Entertainment, Sports, Food website. Here you can get the latest news from the whole world quickly.

Popular Item

Recent News