Skip to main content

View Diary: SoapBlox Press Release on Yesterday's Event (168 comments)

Comment Preferences

  •  White hats don't break into other people's... (4+ / 0-)
    Recommended by:
    Odysseus, Los Diablo, petral, MKSinSA

    ... systems.  Period.

    Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

    by JRandomPoster on Thu Jan 08, 2009 at 10:35:09 AM PST

    [ Parent ]

    •  No offense... (2+ / 0-)
      Recommended by:
      Miss Blue, rubine

      ...but I think it's a little difficult to tag a 14 year old teenager who was curious and trying to be helpful as a "black hat". But that's just me.

      Obama's campaign just transformed from "Yes, we can" to "You're fuckin'-A right we did!"

      by Eddie in ME on Thu Jan 08, 2009 at 10:39:20 AM PST

      [ Parent ]

      •  The Computer Fraud and Abuse Act (3+ / 0-)
        Recommended by:
        jayden, MKSinSA, JRandomPoster

        does not see it your way.  Spread the word through the playgrounds.

        •  Doesn't apply here. (2+ / 0-)
          Recommended by:
          Debbie in ME, gooderservice

          I didn't access financial or government institutions, didn't defraud anyone or obtain anything of value (although a good attorney could call the thrill of the experience "something of value", I'm sure), didn't harm anyone's medical treatment, didn't cause $5k in damages, and didn't cause a threat to public safety.

          Not to say I was being a good boy, I certainly wasn't... but I wasn't malicious and I wasn't tearing people's systems apart.

          Obama's campaign just transformed from "Yes, we can" to "You're fuckin'-A right we did!"

          by Eddie in ME on Thu Jan 08, 2009 at 11:19:11 AM PST

          [ Parent ]

          •  Don't be so sure. (3+ / 0-)
            Recommended by:
            bronte17, Seneca Doane, MKSinSA

            If it takes a sysadmin more than a day or two to investigate the compromise, even if there were no hacks preformed or data damaged, odds are that his billable time is approaching that 5K mark.  His salaried time might not be that high, but billable probably is.

            Keep in mind, when a system is compromised at all, the worst must be assumed.  You can't just look at the logs and say, "Oh, gee - I left port XYZ open, and someone got in and read my email."  No, you say, "Aw, ::explicative deleted:: I need to close XYZ down and check every single package, executable and script on the system."

            Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

            by JRandomPoster on Thu Jan 08, 2009 at 11:25:06 AM PST

            [ Parent ]

          •  Where are you getting this list? (0+ / 0-)

            From some summary of the act, or the act itself?

            By the way, you also need to check case law.  These things don't unpack themselves.

      •  It might be difficult... (6+ / 0-)

        ... until you've been the guy who gets paged at 3:00 in the morning because your systems have detected an intrusion, and you know you won't sleep for the next 36 hours.

        I grew up in the age of BBS's.  I've - ah - seen the darkside.  I knew darn well that some of the data I was seeing was not intended for my eyes at the time.  And given the way the world has changed, how prevalent the net has become in everyone's lives, I'd say at this point that the 14 year old wanna-be hacker who does not know what he is doing is wrong is about as rare as a video card driver written in COBOL.

        Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

        by JRandomPoster on Thu Jan 08, 2009 at 11:01:43 AM PST

        [ Parent ]

        •  True enough (4+ / 0-)

          But I was 14 in 1995, and using my 486/33 with Slackware Linux to toy with things. The Internet was not nearly the same beast then as it was now, and the legality of what we were doing was mostly brought into question by that terrible but amusing movie, Hackers.

          I'm not arguing whether or not what I was doing was wrong, because it was. I'm just arguing that you can't call a 14 year old growing up in the AOL days that messed around with stuff a "black hat" for busting in and actually leaving solutions to the problem. There isn't a "grey hat", else I'd say I was wearing that... but I think "black hat" also has to include some malicious intent, which I possessed none.

          Obama's campaign just transformed from "Yes, we can" to "You're fuckin'-A right we did!"

          by Eddie in ME on Thu Jan 08, 2009 at 11:15:05 AM PST

          [ Parent ]

          •  People Who See The World In Terms of Black.... (13+ / 0-)

            ....and white are missing out on what makes being human worth while.

            We are more than simple binary devices.

            Reality is complex and hazardous; that's what makes it interesting and meaningful.

            •  Well said. n/t (2+ / 0-)
              Recommended by:
              Debbie in ME, Vacationland

              Obama's campaign just transformed from "Yes, we can" to "You're fuckin'-A right we did!"

              by Eddie in ME on Thu Jan 08, 2009 at 11:36:07 AM PST

              [ Parent ]

            •  Wait till your identity is compromised... (1+ / 0-)
              Recommended by:
              susans

              ... because some 'noble' script kiddie discovered an exploit in some system somewhere that was then used by a real hacker.  Then tell me about white and black in this domain.

              Or work in a pager carrying role for an on-line retailer or an ISP for a few weeks.  And then tell me that such naive intrusions do not cause harm, at a minimum in the form of massive work for the maintainers of the system, which takes away their family time and sleep, destroys eating habits and can lead to insanely high and persistent stress levels.

              I hardly see the world in terms of white and black.  But there are lines that should not be crossed.  Some are more obvious than others - murder and rape are so dark gray that they might as well be black.  Hacking for curiosity's sake is a lot darker than you may think.

              Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

              by JRandomPoster on Thu Jan 08, 2009 at 11:57:50 AM PST

              [ Parent ]

              •  My Bank account (0+ / 0-)

                and all of my personal information including social security number may be in the hands of identity thieves right now.  The box of backup tapes from the bank fell off the truck somehow.  Hackers are far less likely scenario then some idiot losing tapes or taking home data on a laptop that gets subsequently stolen.

                Hackers do serve a purpose.  Would you rather trust the word of Microsoft that something is secure or have people poke at it and discover weaknesses and inform the company of those weaknesses?  A cracker will find an exploit and use it and I would rather somebody find it and patch it before that can happen.

                •  I understand what you are saying... (4+ / 0-)
                  Recommended by:
                  susans, bablhous, pgm 01, skohayes

                  ... but I disagree completely about hackers serving a purpose.  Yes, something can be learned from their acts, but there are other ways.  Saying that hackers serve a purpose in a positive way is like saying that burglars serve a purpose.  After all, when a burglar smashes your window and robs your house, you learn that you should install an alarm system, right?

                  I've had a pretty broad career, that includes sysadmin work and also software development for fraud detection for a major on-line retailer.  I can tell you that almost every exploit out there is posted on various developer forums; a good sysadmin or dev does not wait to be attacked to fix a problem, but is always checking to see if there might be a problem and testing their own systems for faults.  There are companies that do nothing but security testing; there also exists a huge developer community that shares information.  And if someone has such information, it is far better to email the sysop or post on such a forum than go and destructively prove that such a weakness exists on a given system.  Such hackers are arrogant and destructive; they shield themselves in a false morality that they are fighting the good fight, when in reality, they are just making things worse.

                  I will concede that Microsoft is not always as forthcoming with security fixes and announcements as might be desired.  They sometimes go for the security through obscurity approach - that is, if no one knows it isn't secure, then no one can break in.  By way of contrast, however, the Linux community is the exact opposite.  And there are far more industrial grade systems running Linux out there than you might think.

                  Finally, a not on identity theft.  The percentage of identity theft through direct hacks of servers is actually low, though, it does happen, and is one of the greatest fears of those who manage systems that keep people's personal data.  However, far more identity theft occurs because people don't use a secure browser, don't run spyware and virus scanner programs, and don't patch their operating systems regularly.  Add to this the frequency of intercepted snail mail and people in credit card call centers stealing information (it happens - a lot) - and you have a blooming identity theft market.

                  Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

                  by JRandomPoster on Thu Jan 08, 2009 at 01:27:03 PM PST

                  [ Parent ]

          •  Again... (9+ / 0-)

            ... busting in is a problem.  Leaving solutions may sound noble, but believe me, the sysadmin who finds said solutions is going to figure that the attacker is just mocking him.

            You say I can't accuse a 14 year old in the AOL days of being a black hat.  Well, yes, I can.  With this said, I was 14 in the early 80's - our toys were Amigas and 286's and university mainframe terminals that we could get access to.  Like many, I did no intentional damage as I snooped about, but I know that I had caused problems and angst for the folks who ran those systems.  And given that I had to get past protections to see various bits of datum, it was obvious that I was not supposed to be there.

            I'll admit that a 14 year old's moral compass may not be well developed yet.  But still, they know.  I did, and I'm betting deep down you also knew that what you were doing was illicit.  And as I've stated before, as time goes on, and the ambient level of knowledge about the net and computers increases, it will be harder and harder for anyone to claim that they were just "trying to help".

            Or, to put the whole thing another way, if a 14 year old was walking along the street, checking every door knob to see if folks had locked their front doors, and upon finding an unlocked door, was entering the house, reading all the personal papers, then leaving a note reminding the home owner to keep their door locked, you'd probably call that wrong, and say that the 14 year old should have known better.  In my mind, there is no ethical difference between the intrusion into said home owner's house and intrusion into someone's systems.

            Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

            by JRandomPoster on Thu Jan 08, 2009 at 11:39:40 AM PST

            [ Parent ]

        •  I would tend to argue that the hacker did you a (0+ / 0-)

          favor by intruding - those 36 hours either should have been done ahead of time to prevent the intrusion in the first place or at the very least should be done now to prevent future attacks.  In the end, stronger security - better for everyone.

          •  Calling malarkey on that. (4+ / 0-)
            Recommended by:
            Phoenix Rising, susans, boadicea, skohayes

            The bottom line is that even the best of the best cannot know every single possible exploit - new ones are discovered every day.  Even with constant vigilance, there will always at least be partially successful attacks.  And with the noise generated by all the script kiddies, it can obfuscate the real attacks.  Of course, as noted elsewhere in thread, those script kiddie attacks also often have mechanisms that report back to the author of the script - and furthermore, even a script kiddie attack must be treated as a legitimate attack.

            Or to put it another way, consider this scenario.  Some kid discovers your front door is unlocked.  He goes in, reads all your personal papers (you don't know if he took your credit card numbers and social security information), raids your refrigerator, and takes a dump on the carpet.  But he leaves a note telling you that you really should lock your door.  Done you a favor, has he?  Yeah, right.

            I find it ironic that you sit here, safely blogging about how much of a favor these asshats are doing sysadmins while right now, somewhere on some system that you probably use, someone is miserable because he is having to clean up some hacker's mess so that your credit is safe, your identity is safe, your connection is secure.

            Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

            by JRandomPoster on Thu Jan 08, 2009 at 12:49:06 PM PST

            [ Parent ]

        •  Cobol? (2+ / 0-)
          Recommended by:
          Mercuriousss, JRandomPoster

          How to shoot yourself in the foot with COBOL:

          COBOL
             USEing a COLT 45 HANDGUN, AIM gun at LEG.FOOT, THEN place ARM.HAND.FINGER on HANDGUN.TRIGGER and SQUEEZE. THEN return HANDGUN to HOLSTER. CHECK whether shoelace needs to be retied.

          more programming "foot" jokes here...

          "red hair and black leather, my favorite colour scheme" - Richard Thompson

          by blindcynic on Thu Jan 08, 2009 at 04:11:59 PM PST

          [ Parent ]

          •  Arrrrrgh! (0+ / 0-)

            I very rarely use donuts... must not donut just for COBOL code... against FAQ.... have nothing against poster... but is COBOL... what to do...

            /snark

            Thanks for the laugh :)

            Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

            by JRandomPoster on Fri Jan 09, 2009 at 02:09:35 PM PST

            [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site