Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cracked Series Complete

Posted by ryuzaki0 on from the a-literal-to-me dept.

Quite a number of people have written in recently with the news that the Cracked Series has come to close with Feature #7. The series has been pretty interesting from a storytelling perspective - check it out on rootprompt.

11 of 131 comments (clear)

  1. The problem with script kiddies by generic-man · · Score: 5

    In my opinion, script kiddies aren't moral or immoral -- they're amoral. Systems are just toys to them. Just like software, music, and movies, they feel "entitled" to take control of any system they like, because hey, it's out there. Even the Wall Street Journal called their generation (Generation "Y") the "entitlement generation."

    The aura of arrogance that these kiddies have is really quite shocking. They have no perception of what it is like to actually run a system and defend it against real hackers/crackers. They just get their kicks by annoying hardworking people, and wasting their time and money.

    And don't argue that the problem is admins leaving their systems unsecured -- if you notice someone left their door unlocked, it's not your duty to go inside, rearrange all the furniture, and leave cryptic notes saying how you "0wn3d" his house.

    --
    For more information, click here.
  2. Re:Cracking by killbill · · Score: 5

    The ethics are even more simple then that. If you are on or attacking a box you have not been invited to, you are acting unethically.

    I helped clean up when a cracker was discovered on static IP Linux box my Sister put up.

    The cracker was only doing "harmless exploration" (running bind scans against lots of other boxes on the local subnet and installing rootkits and trojans).

    This clean up cost me about 20 hours that I would rather have been spending with my wife and two year old son... which is the most precious thing I have.

    After the second crack, I told her to pull the plug. One less Linux server on the internet (she was using it for a bug tracking database for a startup company she was working with, her husband was using it to give free accounts for students at a local community college where he teaches).

    On less corporation Linux had penetrated, 20 fewer students every quarter that can have a free account to learn to create web pages on *nix based systems. Congratulations, cracker boy.

    I am a professional programmer, and in my spare time a humble open source developer (backburner, check freshmeat). Guess how many bugfixes have been released to backburner in the last year... Exactly 0. Why? Because I have had to spend all my time cleaning up cracked boxes and setting up firewalls just to keep my systems from being invaded, destroyed, or used to attack other systems (stealing precious time from others).

    If you want to explore, set up your own network. 486's are a dime a dozen, NIC's can be found for about $15 each.

    The moment you touch a system you have not been invited onto, you are stealing precious time from somebody, period. Somebody had to initially secure the system to keep you out, somebody has to monitor your crack attempts, and somebody has to respond to your actions.

    Next time you are on a system you don't own, think about the fact that you are not just exploring, but taking a VERY high chance that you will force somebody somewhere to respond to your actions, and thereby steal that persons time.

    I am telling you from personal experience, that theft REALLY hurts.
    Bill

    --
    Mathematically impossible requirements are technically not against policy.
  3. My own story... by borzwazie · · Score: 5
    I used to be a student as Penn State. One of the benefits to on-campus residence is an ethernet port and a legit IP.

    Some time after I moved in, I discovered Linux, and Unix. (Mostly from working on SGI's. I wanted to be able to run ANSYS without going down to the labs.)

    VERY soon after I discovered Linux, I discovered what rootkits were. I woke up about 7 in the morning because my cdrom drive (an old noisy Mitsumi) was going nuts. I was certainly no guru at this point, and I had no idea what was going on. I did a ps aux, but I didn't see anything happening, so I just took the cdrom out and went back to bed.

    Two days later I noticed that my ethernet connection wasn't working anymore. I called down to the computer center and was informed that my connection had been shut off and that there were charges pending against me for "cracking" attempts on PSU's servers. It took me 3 months to get my connection back.

    When I asked PSU for help securing my machine, I was told to use a different operating system.

    In addition to my own machine being cracked, my friend who was also running linux for the first time got cracked (probably thru my machine) and had nasty emails sent from his machine to a couple of government agencies. He and I were both in some deep shit for a while, and had done NOTHING.

    So, cracking DOES hurt. I'd like to extend a big FUCK YOU to the kind of people who think that getting others in trouble is funny. Another big F*** You to every little clone virus writer who make life for tech support a living hell. You don't advance knowledge. You aren't doing anyone any favors. You prove nothing except that you are the same as vandals with a can a spraypaint. God help you if I ever find one of you.

    --

    "We apologize for the inconvenience."

  4. Another positive comment for Open Source by stephenbooth · · Score: 4

    I found it very interesting, and useful, that the author specified that the sploit used was fixed in open source versions of statd before the attack but Digital UNIX took another 6 months.

    I am currently involved in major battles with my line manager who seems to have this idea that Open Source = Unsupported. He doesn't realise that a product that is supported by thousands of developers who have a vested interest in solving problems is going to be better supported than one whose only backup is a handful of developers whose managers not only have a vested interest in hiding any flaws found but also want them involved in adding the newest whizz-bang features.

    Based on articles I've read it looks like the equation is really Open Source = Secure and Supported.

    --
    "Don't write down to your readers, the only people less intelligent than you can't read" - Sign on Newspaper Office Wall
  5. Re:Cracking by cowscows · · Score: 5

    That's all fairly relative, take for example the recent story of that company pinging every computer that they find. The pings themselves aren't a threat to any networks, they aren't using them enmass to DoS, but admins everywhere are pissed off because it's setting off their alarms. Are the admins being a little paranoid? Sure, but it's their job to be. They've got computers that they need to defend, and they have every right to be suspicious even of an 'act of curiosity.'

    --

    One time I threw a brick at a duck.

  6. Their only mistake... by dmuth · · Score: 4
    ...was that of actually talking with cracker via IRC. From what I read in the series, about the only thing it did was to give the cracker a power trip and stressed out the poor sysadmins who had to deal with him.

    It's just like I tell people who are being stalked online, NEVER talk to the person, just ignore them. If you ignore them, they don't know what effect their actions are having on you, and whether they are succeeding in pushing your buttons or not.

    This isn't a substitute for securing your own systems, of course.

  7. Re:Cracking by darkith · · Score: 5
    I dunno, I'd sure as hell get mad if somebody jiggle the locks on my house until he found a weak one, and then walked in and started poking "harmlessly" through my stuff just to see "if he could".

    Invasion is invasion. Perhaps he could have worked a little more proactively at security (no numbers, so I don't think anybody should make presumptions), but even if he didn't, that doesn't give anybody the right or excuse to crack the system.

    "If you don't know how, then what business do you have putting systems on the Internet anyway?"
    This is disturbing, I consider it akin to stating to a rape victim "You were wearing sexy clothes, so you were asking for it."
    Yes, people should take adequate precautions when exposing a system to any sort of connectivity, but hacking/cracking is still an unwanted invasion.

    There still seems to be an underlying acceptance of hacking for curiosity with the geek community. I think this is partly the problem with the lack of success in tracking and prosecuting hackers/crackers. Until it is truly accepted that any attempted breakin should be punished, the situation will likely not improve. As an analogy, most of the locks on doors and windows in my last few apartments have been shit. Fortunatly, I have not had to install the latest and greatest dead-bolts, because B&E is actually recognized as a crime by all parties. Nobody blames the victim of a B&E and says "Well, if you don't know how to install a 6" Deadbolt, you have no business living in an apartment..."

  8. Trivial Hardware solution. by Anonymous Coward · · Score: 5

    Hugh Daniel showed me once exactly how to limit the damage a script kiddie can do, once he's cracked your host and gotten a root shell.

    Hugh's systems are all built with at least two drives. The boot volume is read-only. (I don't mean it's mounted read-only, I mean it's READ ONLY. After installing the OS, he pulls the write-protect jumper.)

    Right now, the machines that the FreeS/WAN project are hosted on are configured with a very clever device: it's a toggle switch. In one position, the boot volume is R/W. In the *other* position, the ethernet connection is live.

    A big part of the problem in trying to secure UNIX is that we keep trying to solve issues in the wrong domain.

    -jcr

  9. Re:Number are not letters! by Jon+Erikson · · Score: 4

    They're obviously demonstrating the amount of redundancy in our alphabet and numeric system by showing just how few characters you can use whilst still remaining intelligible (just!). Rather than being "childish" they are in fact demonstrating a deep and intuitive understanding of information theory and entropy, one which we, as foward thinking people, should admire and indeed emulate!

    Or maybe not :)



    ---
    Jon E. Erikson
    --

    Jon Erikson, IT guru

  10. Re:wrong message by generic-man · · Score: 5

    Oh, come now. When DDOS attacks were hitting major web sites, they took down sites regardless of OS. And if you read Slashdot frequently, you'll notice many news stories about vulnerabilities, exploits, and security holes in Windows NT.

    The main reason why UNIX-like systems are featured in stories like this is because there's an element of suspense as the cracker types many commands, and the superuser can look at every move he makes. Even NT's Event Logger doesn't catch every damaging command, and from the exploits I've seen it's possible to take down a poorly safeguarded NT box without even logging into it.

    The scene of watching and dealing with a cracker is good drama, at least to Slashdot-reading geeks like myself.

    --
    For more information, click here.
  11. '1337 5P34K by TuRRIcaNEd · · Score: 5

    IIRC it started as a way of getting around swear-filters on chat systems(while 'fuck' would not appear, 'phuX0R' would), and sort of permeated the BBS community, and then IRC. I'm not sure why it still exists. It seems to be used as more of a parody than anything else these days. Even the guy on 'Cracked' only seems to use it once, and he's using it to prove his advanced humour 'look everyone, I can do self-parody!). Most of the coders I know (around London) seem to use it sarcastically these days. 'Man, u r so '1337' tends to mean that what they've done is obvious, or a horrendous kludge.

    --
    - "How do we do it? Volume!" - The Bursar of Unseen University.