The SCIENCE & TECHNOLOGY News Thread

[SaintessHeart]

Quote:

Originally Posted by SummeryDreams

I guess most of the hackers will just do dirty jobs when provoked to do so. Like if they got pissed off of something and they wanted to ruin everything about whoever pisses them off, or something like that. But they're really cool you know, like doing with all the securities of the big companies in the world and still they'd be able to penetrate.

You are so off-tangent with that statement. Go read "The Art of Deception" by Kevin Mitnick.

[Cosmic Eagle]

Quote:

Originally Posted by SaintessHeart

The Chaos Computer Club? Those guys have been around since the 90s.

Looks like they also shifted to hacking mobile technology. Kudos to them and everyone who seek to destroy and exploit security to prevent them from being "premiumised".

Meanwhile, you start cursing them when you get hacked of course

[SaintessHeart]

Quote:

Originally Posted by Cosmic Eagle

Meanwhile, you start cursing them when you get hacked of course

I have been hacked a number of times when I am much younger, and I have "hacked" before (more like a script kiddy exploiting the flaws in the Win XP my school uses).

It is fun; but from the exploiter's perspective, it is more of that we enjoy the ecstasy of overcoming limitations, similar to how a loli wearing cuter than normal clothes would get her candy and cuddles.

[Seitsuki]

...That statement really should send all manner of alarm bells ringing in any other environment. I wonder what that says more about us..

[ganbaru]

Quote:

Originally Posted by Seitsuki

...That statement really should send all manner of alarm bells ringing in any other environment. I wonder what that says more about us..

I feel like there's so many thing than I could say to this and SaintessHeat post but, maybe being silent is best, there's more eloquent user around more suited.

[Dhomochevsky]

You should look into the concept of 'white hats, black hats' and so on, for hacker ideology.

Generally, CCC are the good guys.

They 'hack' things, to expose security flaws, in order to force the manufacturers to fix these now widely known faults.
Or so that we normal consumers at least know of the flaws and can do something to protect us from them.

The CCC are not the ones that put security flaws in there. That was the fault of the manufacturer.
So you should blame the manufacturer for screwing up, not the hacker for exposing the screw up.
A lot of people do not understand this however (see SummeryDreams Post for example).

It is standard ettiquette to give the manufacturer a warning ahead of time, before going public, so that they can prepare a fix.
But of course the manufacturer does not like being exposed in this way. It means more work, bad reputation and so on. So often they will start throwing shit at the hacker in every way possible anyways.

If the flaws stay hidden, at some point they will be discovered by the bad guys. Those guys will however not tell anyone about their findings. They will use it to hurt you.

[SaintessHeart]

Quote:

Originally Posted by Dhomochevsky

You should look into the concept of 'white hats, black hats' and so on, for hacker ideology.

Generally, CCC are the good guys.

They 'hack' things, to expose security flaws, in order to force the manufacturers to fix these now widely known faults.
Or so that we normal consumers at least know of the flaws and can do something to protect us from them.

The CCC are not the ones that put security flaws in there. That was the fault of the manufacturer.
So you should blame the manufacturer for screwing up, not the hacker for exposing the screw up.
A lot of people do not understand this however (see SummeryDreams Post for example).
And of course the manufacturer does not like being exposed in this way either, so they will start throwing shit at the hacker in every way possible.

If the flaws stay hidden, at some point they will be discovered by the bad guys. Those guys will however not tell anyone about their findings. They will use it to hurt you.

The problem is that many new hackers do not understand the scene well enough too. The vulnerabilities are often used to exploit for more money (if anyone used trading software, that is what a number of hackers do......the brokers have lots of difficulties fixing exploits). That adds to the already negative image the scene already has since the 90s.......angry, socially awkward kids hiding in the basement, tying up phone lines, harassing phone operators, meeting strange people, etc.

Neither does society. To them, there are only black hats. And more often than not, these "judges" are the ones who can't be bothered to fix security flaws even if it has been laid out in front of them; i.e update your server OS, install a firewall, use virus/malware/MSRT scan on a regular basis.

The most common question I have heard is "What is the best virus-scan?". My reply is always the same old annoying, "Due diligence". I think any hacker, regardless of skill level, would say that same thing.

This is a good read for anyone looking to understand how "hacking" works :

Quote:

The Hacker Manifesto

by
+++The Mentor+++
Written January 8, 1986

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.

If the second last line resounds in volumes in those who have read it, perhaps Sigmund Freud is right after all.

[Zakoo]

I don't understand a piece of crap about what that man is saying, he is simply trying to justify himself and he pitifully shows that in the end, he is no different than any other wrong doers.

To begin with school isn't only made to teach you fraction, grammar, or biology. It is above all a place to make children understand how society works that's why family teaching is always unadvised. Ponctuality, respect and above all respect of rules, a society can not possibily works if everybody does what he wants on his sides.
That was for the societal part, I will skip the educational part, probably the man who wrote this manifesto didn't understand why history was taught in school.

Thus he is simply trying to persuade us ( and not convince us, there's a huge difference as the whole thing doesn't have a single sane argument, I need to say it) that hackers are different than common people.

No they aren't, they have to follow the same rules and probably because that boy never listened to classes, he can't understand it.

Everybody have the skill to enter in the house of somebody, yet only criminals do so. I'm truly sorry, but I see no reason to "thank" them for the job they are doing, it's like saying thanks to your car constructor because he put a security on your thousands dollars engine.

[SummeryDreams]

Quote:

Originally Posted by Dhomochevsky

You should look into the concept of 'white hats, black hats' and so on, for hacker ideology.

Generally, CCC are the good guys.

They 'hack' things, to expose security flaws, in order to force the manufacturers to fix these now widely known faults.
Or so that we normal consumers at least know of the flaws and can do something to protect us from them.

The CCC are not the ones that put security flaws in there. That was the fault of the manufacturer.
So you should blame the manufacturer for screwing up, not the hacker for exposing the screw up.
A lot of people do not understand this however (see SummeryDreams Post for example).

It is standard ettiquette to give the manufacturer a warning ahead of time, before going public, so that they can prepare a fix.
But of course the manufacturer does not like being exposed in this way. It means more work, bad reputation and so on. So often they will start throwing shit at the hacker in every way possible anyways.

If the flaws stay hidden, at some point they will be discovered by the bad guys. Those guys will however not tell anyone about their findings. They will use it to hurt you.

I guess you're right on this one. I've read some article that Facebook promised a price of 10k USD to anyone who will be able to find flaws on this site, then one hacker had found one; Facebook refuses to pay and this results to many hackers do some hacking jobs to do a fund raising of 10k USD for this poor hacker who find flaws on Facebook. For some reasons, this poor hacker (according to the article, this hacker can't even buy a new laptop and is been using a really old one) anyway hacked the Fb account of the FB's CEO itself and make a status update using the CEO's account of something like this, "I told you there's a flaw on this site, but you refused to listen". FB then fixed this flaw but still refuses to pay the hacker. Oh well, he got some from other hackers anyway.

I guess I've read this from the previous article on this thread, or maybe from some. I guess it's really a pain in their pride if some pips had able to infiltrate their security systems. lol

[Dhomochevsky]

Quote:

Originally Posted by Zakoo

I don't understand a piece of crap about what that man is saying, he is simply trying to justify himself and he pitifully shows that in the end, he is no different than any other wrong doers.

To begin with school isn't only made to teach you fraction, grammar, or biology. It is above all a place to make children understand how society works that's why family teaching is always unadvised. Ponctuality, respect and above all respect of rules, a society can not possibily works if everybody does what he wants on his sides.
That was for the societal part, I will skip the educational part, probably the man who wrote this manifesto didn't understand why history was taught in school.

Thus he is simply trying to persuade us ( and not convince us, there's a huge difference as the whole thing doesn't have a single sane argument, I need to say it) that hackers are different than common people.

No they aren't, they have to follow the same rules and probably because that boy never listened to classes, he can't understand it.

Everybody have the skill to enter in the house of somebody, yet only criminals do so. I'm truly sorry, but I see no reason to "thank" them for the job they are doing, it's like saying thanks to your car constructor because he put a security on your thousands dollars engine.

I agree about the manifesto-text. That one always came off quite childish to me.
But it's a description of this one guys experience and how he got into hacking.
It does not say much about hacking itself whatsoever, so the name is a bit misleading.

On the other hand, your example about the house is wrong and a typical case I hinted at above, how people don't get it.

A hacker of the CCC kind is more like someone coming up to you saying "Hello there, I noticed your house has a cardboard frontdoor. Did you know that cardboard doors are easily broken through with a sharp knife?"

Then you, being the typical consumer guy answer "I don't care, why would anyone want to break into my house? There is only my private stuff in there."

So then the hacker goes to Cardboarddoors Company and tells them of the security issue in hope they do something about it. Cardboard Company denies any such possibility and kicks the hacker out.
So the hacker quickly cuts a hole into their coorporate headquater's front door with his pocket knife, places a notice on the front desk and sends a video of this all to news reporter guy.
Cardboad Company learns of this and gets the hacker arrested for sabotage, terrorism, slander, corporate espionage and possession of deadly knify weapons.

Meanwhile some other guy, who's not a hacker at all, but a criminal who knows how to handle a knife, has robbed your house of all it's values.
You are totally surprised and can not understand how that could have happened.

Later you learn of the knife trick on the news from news reporter guy and how a hacker had discovered it first. You blame the hacker for the sad state of your empty house.

[Zakoo]

We do not possess the same meaning in the word hacker, and that's 100% my fault, for you a hacker is somebody that possessed the skill and knowledge to meddle with informatics, that's the original definition.

For me a hacker is somebody who has the aforementioned skills and use them in a wong way, if he uses it in a good way he doesn't enter in the hacker category anymore, it becomes his job, as such I generally call them ... informatical system protector, or who cares how I call them.

If it isn't his job, then he is an outlaw, laws may be wrong, unfair, but they are laws, and as such I do not accept people who can bypass it and above all who tries to justify why they bypass it.

As for your story, which is certainly true, or must have derived stories more or less true, I will agree that such facts happened in the past, and continue to happen now in a reduced way, now most societies understood the importance of informatical security and do everything in order to remediate about it. If they do not, they are outlaws (in my country at least) and in case of incident they are the one at fault.

I would have been born 25 years ago, where informatical security wasn't as serious as now, I would have certainly agree with you, or any people justifying the actions or "hackers". But not now anymore.

[GDB]

Quote:

Originally Posted by Zakoo

For me a hacker is somebody who has the aforementioned skills and use them in a wong way

That's a cracker, a criminal hacker.

[Anh_Minh]

Quote:

Originally Posted by Zakoo

I would have been born 25 years ago, where informatical security wasn't as serious as now, I would have certainly agree with you, or any people justifying the actions or "hackers". But not now anymore.

Ah, yes. You're probably too young to remember that time a security firm got hacked rather publicly. I mean, it was in 2011. Were you even born then?

Or hey, how about that time a US private first class stole GBs of government data. That was in 2010.

Or, something smaller in scope, like that journalist who got his gmail, twitter, itunes and so on hacked with ridiculous ease. In 2012.

But I'm sure now it's all totally secure. Couldn't happen again.

[Dextro]

Quote:

Originally Posted by Zakoo

We do not possess the same meaning in the word hacker, and that's 100% my fault, for you a hacker is somebody that possessed the skill and knowledge to meddle with informatics, that's the original definition.

For me a hacker is somebody who has the aforementioned skills and use them in a wong way, if he uses it in a good way he doesn't enter in the hacker category anymore, it becomes his job, as such I generally call them ... informatical system protector, or who cares how I call them.

If it isn't his job, then he is an outlaw, laws may be wrong, unfair, but they are laws, and as such I do not accept people who can bypass it and above all who tries to justify why they bypass it.

As for your story, which is certainly true, or must have derived stories more or less true, I will agree that such facts happened in the past, and continue to happen now in a reduced way, now most societies understood the importance of informatical security and do everything in order to remediate about it. If they do not, they are outlaws (in my country at least) and in case of incident they are the one at fault.

I would have been born 25 years ago, where informatical security wasn't as serious as now, I would have certainly agree with you, or any people justifying the actions or "hackers". But not now anymore.

A Hacker, in the true sense of the word, is just someone who hacks stuff for fun. hacking btw isn't destroying or cracking something, it's just building stuff. I know a lot of software and hardware hackers, folks who have fun writing device drivers or building a 3D printer out of stuff found on your local Home Depot (or equivalent). Those are hackers and the folks at the CCC are spot on in this group. They do find a lot of exploits and holes on other people's code simply because they like to explore the same way a kid might dismantle a clock just to figure out why it ticks. Maybe they can't get the clock back together but at least they learn something and on the next try maybe no one will even know they tore one apart and put it back together again.

The hacker ethos, the will to figure out how stuff works and build new stuff is a very important part of the engineering community and I'll be first in line to defend the white hats.

As for the black hats, the folks who did stuff like the FLAME virus... Now those are the ones I would be wary off and even more so when they are being employed by western countries information agencies (and most likely all sorts of high level criminal organizations as well).

[Zakoo]

Quote:

Originally Posted by Anh_Minh

Ah, yes. You're probably too young to remember that time a security firm got hacked rather publicly. I mean, it was in 2011. Were you even born then?

Or hey, how about that time a US private first class stole GBs of government data. That was in 2010.

Or, something smaller in scope, like that journalist who got his gmail, twitter, itunes and so on hacked with ridiculous ease. In 2012.

But I'm sure now it's all totally secure. Couldn't happen again.

I'm sure you went to school and they taught you how to read english.
As you noticed, my answer too, can be brash.

If in the case you -who knows- do not understand what my first line mean I will quote myself even if I don't like to do so :

Quote:

I will agree that such facts happened in the past, and continue to happen now in a reduced way

I will also add that the responsability of the societies in question was put on the table, while in the case of Dhomochevsky's story, he didn't mention if the society in question had trouble or no.

The debate is too reduced, it goes as white hats = good people, black hats = bad people while it's absolutely untrue, some of them consider themselves as white hats even though they transgress laws. Thus I will say once again my view : all hackers are outlaws the moment they act without the approbation of the "victim" otherwise it becomes their job.
I didn't mean they were all wrong doers., simply they do not follow the laws, and I specified that laws can be unfair, and sometimes bad, but there are ways to show your disagreement towards laws. I do not want to see dozens of ninja popping into my garden to check whether my alarms work or not, but I do agree somebody entering my residence if he is properly sent by the society I contracted with.

And to make sure Saintess doesn't put a weird picture, I do not accept loli ninja either.

[Anh_Minh]

Quote:

Originally Posted by Zakoo

I'm sure you went to school and they taught you how to read english.

How good is either of our commands of the English language? I don't think you want to go there.

Quote:

As you noticed, my answer too, can be brash.

If in the case you -who knows- do not understand what my first line mean I will quote myself even if I don't like to do so :

Three cases in three years, that I remembered off the top of my head. And you still think we're safer now than in the late 80s?

The truth of the matter is that computers today involve a lot more money and data, and a lot more people than it used to. That means a larger talent pool of crooks, more motivated, for they share a much larger pie. That means that information systems have to be idiotproofed for a larger quantity of idiots, who think "password" is a perfectly adequate password.

Quote:

I will also add that the responsability of the societies in question was put on the table, while in the case of Dhomochevsky's story, he didn't mention if the society in question had trouble or no.

You've got a cardboard door and get burglarized as a result. Does it even matter if whoever installed your door gets a slap on the wrist or not? (And no, legally speaking, it never goes farther, and quite often not as far as that. The bad publicity is worse, but it only pushes customers into the waiting arms of competitors who are just as sloppy.)

Quote:

The debate is too reduced, it goes as white hats = good people, black hats = bad people

You're the one who chooses to simplify it like that.

Quote:

while it's absolutely untrue, some of them consider themselves as white hats even though they transgress laws. Thus I will say once again my view : all hackers are outlaws the moment they act without the approbation of the "victim" otherwise it becomes their job.
I didn't mean they were all wrong doers., simply they do not follow the laws, and I specified that laws can be unfair, and sometimes bad, but there are ways to show your disagreement towards laws. I do not want to see dozens of ninja popping into my garden to check whether my alarms work or not, but I do agree somebody entering my residence if he is properly sent by the society I contracted with.

And to make sure Saintess doesn't put a weird picture, I do not accept loli ninja either.

Make up your mind. Is law breaking something you absolutely don't want (funny, considering the site we're arguing on), or do you acknowledge it has its uses?

[Zakoo]

Quote:

Originally Posted by Anh_Minh

Make up your mind. Is law breaking something you absolutely don't want (funny, considering the site we're arguing on), or do you acknowledge it has its uses?

Where is the part I said it has its uses?

Actually since I'm tired, I will anticipate your answer and hope I understood well : just where did I say the person sent by the society was breaking the law? If he is under a regulated contract, he isn't breaking it, first off because he has the permission of the society to mess with the alarm, second because the society contacted me to allow them to send somebody to check. I do hope that in the place you live, when they come check the water or electricity, they tell you beforehand and don't make an unforgettable surprise birthday.

Quote:

How good is either of our commands of the English language? I don't think you want to go there.

There's no need, it's not a matter of english proficiency but how good is one people at understanding, analyzing, thinking rationally. You are right, I don't want to go there.

And I will stop there, I don't want to be late tomorrow morning because I needed to spend 20 minutes to write something.

[Anh_Minh]

Quote:

Originally Posted by Zakoo

Where is the part I said it has its uses?

Actually since I'm tired, I will anticipate your answer and hope I understood well : just where did I say the person sent by the society was breaking the law? If he is under a regulated contract, he isn't breaking it, first off because he has the permission of the society to mess with the alarm, second because the society contacted me to allow them to send somebody to check. I do hope that in the place you live, when they come check the water or electricity, they tell you beforehand and don't make an unforgettable surprise birthday.

I see, you still don't get it. "The society" won't send anyone to check the solidity of your cardboard door. It isn't in its interests to do so. It's expensive and nothing good can come of it.

Now, maybe you will hire someone to check, because it is in your interests to know if your door's solid... but realistically speaking, you won't. Because, again, it's expensive. You already spent good money on a premium quality cardboard door, and the fellows who sold it to you looked honest and competent. Professional. Plus, you wouldn't know who to hire. Chances are, you'd just get a guy looking to sell you a paper lock.

So the choice is a either a good Samaritan, who may or may not come, announcing to the world the flimsiness of cardboard, and proving it because no one will believe him otherwise, or no one. And by "no one", I mean you'll one day go home to a door with a big hole cut in it.

[Jinto]

Quote:

Originally Posted by Zakoo

...
The debate is too reduced, it goes as white hats = good people, black hats = bad people while it's absolutely untrue, some of them consider themselves as white hats even though they transgress laws. Thus I will say once again my view : all hackers are outlaws the moment they act without the approbation of the "victim" otherwise it becomes their job...

Philosophically and historically speaking. The opposition to a people oppressing regime is typically outlawed as well. That does not automatically render the opposition bad people. It simply makes them bad people in the eyes of some people with certain interests.

A hacker can harm a company by simply demonstrating, that their high priced security gimmick x is rather useless. Blaming the hacker for making such exploits public, without harming anyone themselves except debunking the companies false claims of security can still inflict lots of damage, when the knowledge gets into wrong hands.

This is why many hackers use CERT or similar authorities to make their findings known.

Sometimes however, as in the case of biometrical data as security feature, there are conflicting interests. If country A requires its citizens to have their fingerprints on their identification cards (for whatever reason), the chances are high that it will defend security devices based on the same biometrical data.

A CCC spokesperson said:

Quote:

"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson of the CCC. "The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access." Fingerprint biometrics in passports has been introduced in many countries despite the fact that by this global roll-out no security gain can be shown.

iPhone users should avoid protecting sensitive data with their precious biometric fingerprint not only because it can be easily faked, as demonstrated by the CCC team. Also, you can easily be forced to unlock your phone against your will when being arrested. Forcing you to give up your (hopefully long) passcode is much harder under most jurisdictions than just casually swiping your phone over your handcuffed hands.

Quote:

Originally Posted by Zakoo

...
I didn't mean they were all wrong doers., simply they do not follow the laws, and I specified that laws can be unfair, and sometimes bad, but there are ways to show your disagreement towards laws. I do not want to see dozens of ninja popping into my garden to check whether my alarms work or not, but I do agree somebody entering my residence if he is properly sent by the society I contracted with.

And to make sure Saintess doesn't put a weird picture, I do not accept loli ninja either.

The CCC members would not act like that. They are more idealistic researchers than anything else.

However, generally speaking, some hackers will use drastic means to gain questionable fame. Some will sell their findings on the black market (zero day vulnerablities can cost 50,000$ and more) only to be misused by people that may or may not be hackers themselves.

Whatever the reason, finding weaknesses in software (and exploiting them), can be done in many different ways, by people who have different motives.

It is really not possible to generalize them. But I am pretty sure the CCC is more beneficial to a democracy than it is a danger.

[GDB]

Quote:

Originally Posted by Zakoo

I do hope that in the place you live, when they come check the water or electricity, they tell you beforehand and don't make an unforgettable surprise birthday.

Both water and electric meters are on the outside of buildings. They do not provide notice that they are checking them. If you mean electricians and the like rather than meter checkers, then you schedule the appointments, they do not make them with you.