Slashdot Mirror
Hacker Tinkering With Yahoo Stories
Lifter writes "A hacker named Adrian Lamo had access for three weeks to the web-based content control system for Yahoo!'s news section, according to a story at SecurityFocus. He tinkered with a couple of stories without anyone noticing, then edited an August Reuters story about Dmitry Sklyarov, so that it said that Dmitry's program raised "the haunting specter of inner-city minorities with unrestricted access to literature, and through literature, hope." He also added a quote by John Ashcroft,"They shall not overcome. Whoever told them that the truth shall set them free was obviously and grossly unfamiliar with federal law." Funny stuff in itself, but the SecurityFocus story explores the harm that could come from a trusted news site being easily hacked in these times."
- They are shy or antisocial;
- They spend a large percentage of their free time on a computer;
- They are quick to criticize the government or corporations, often
complaining about their "rights online";
- They are obsessed with privacy;
- They have a tendency to play violent computer games;
- They frequently illegally copy music, movies, or software;
- They listen to aggressive, "alternative" music;
- They have an aversion to going outside;
- They like to reverse-engineer, or "hack", anything they can
for no substantive reason;
- They use software such as Linux, which is designed by and for
hackers.
For the sake of national security, please report all potential terrorists to the NSA.How do we know the Security Focus story wasn't actually the hacker-planted story, and that anything happened over at Yahoo at all?
I do not have a signature
The problem with security today is the lack of it. Generally security on the Internet today is the same as how secure businesses are physically. Many businesses leave filing cabinet doors unlocked, rooms open, and papers unshredded.
Now in the company where you work, how hard would it be for a person in the general public to walk-in and act like a new client or staff member and gain access to sensitive information?
The problem with computing security in general is that it is more often exploited than flaws in physical security. IT departments don't know how to read www.microsoft.com/security and RedHat's update/errata page. They find security too difficult and do not place it high on their priority lists.
- x-empt
Ever need an online dictionary?
Is there any reason that the major news organizations don't PGP or MD5 sign their stories as posted on the web, to verify they are posted and mirrored correctly? It could easily be ascertained that the site was being changed if Yahoo News were to include a signature at the bottom to check the veracity of the article. Obviously this guy was making minor changes to the stories early on, just to see if he could get away with it. A simple spider/crawler that checks the signature could be run by Yahoo against any and all of their posted stories, and if they don't match the copy editor's , then a flag can be raised! The AP could do this as well for any stories that go across the newswire, and are posted across the Internet.
He tinkered with a couple of stories without anyone noticing, then edited an August Reuters story about Dmitry Sklyarov, so that it said that Dmitry's program raised "the haunting specter of inner-city minorities with unrestricted access to literature, and through literature, hope."
;-)
My jaw is left gaping.... Oh, I wish all crackers were this smart! Thank you for restoring my faith in human sarcasm
Don't forget about parachutes. Once you exit the aircraft you have the rest of your life to open it.
Heh, the only thing unusual about this story is that a *hacker* changed the meaning of a story to suit an agenda. It's not as if the news wasn't biased already!
One of the things that worries me greatly when I am brave enough to think about it at length, is how fantastically biased and non-independent our (USA) official news sources are. Almost every traditional media segment (TV, newspapers, radio) are as we speak undergoing a tremendous reorganization, where the vast majority of the markets are controlled by a few private companies whose major line of business isn't journalism.
For an shock for those who haven't done it already, find an international issue and compare how it is covered in the US with how it is covered by far-foreign or minority news sources. You may find the experience similar to discovering Slashdot and Kuroshin after years of Ziff Davis, especially if you read coverage that goes on for a few pages instead of paragraphs. You might not discover the truth but you'll have much better questions.
The bias is subtle to detect without a comparison, because the bias is often in what is *not* reported, or arguments that are *not* published. If you don't mind being being stoned by a flag-waving mob you can even try this experiment with last week's horrible tragedy.
So, as much as I support punishing this hacker for his illegal actions, a part of me also commends him for increasing the average distrust of mainstream news.
You can learn more about some of his other hacks here: http://www.terrorists.net/
:)
Hes an amazingly brilliant guy. I have spent a few 2600 meetings in SF with him. I hope that nothing comes of this type of "cracking" satire. However I would like to say that Adrian is a true hacker. One conversation with him and you will come to this understanding. True hacking can transend computers and into social aspects like Adrian has aparently done.
Hes cute too
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
This is hilarious!
The whole problem is that people DO in fact trust the web as a source of accurate news. Dumb. The web is by it's very nature unreliable. Period. Anybody who gets upset about a little news hacking is a whiner.
It is YOUR RESPONSIBILITY to double, triple and quadruple check and cross reference any information you find on-line. That's the power of the web; for the first time in history, it is actually possible to get something approaching the whole story. But you can't be lazy. I think hackers who send chills of 'insecure feelings' down the spines of the Norms in Suburbia are doing humanity a service by repeatedly demonstrating just how unreliable the web is. By showing that you CANNOT rely on single sources of information. Such repeated hacks might even raise the awareness of people to the point where they take some personal responsibility for the information which they allow into their heads.
But what is the response? (What will be the response?)
An almost unified cry of "Kill the Hackers".
Last week, 95% of the people on this very site were pissed off when Mafia Boy, (a junior highschool kid. i.e., a CHILD!), got a wrist slap rather than capital punishment.
Shocking! -Especially since most Slashdotters fit the hacker profile to a 'T'. It is utterly dumbfounding that people were so embittered towards a 15 year old who didn't do anything more than perpetrate but a little DOD attack and make life interesting for a bunch of tech support monkeys who get paid hourly anyway.
I was even modded down for the mere suggestion that a crime which doesn't hurt anybody, hasn't damaged or removed any property, and hasn't infringed on anybody's civil rights, should rightly be considered a mis-demeanor on the same level as graffiti or vandalism. But people want blood these days.
All I have to say is, "Be careful what you wish for."
-Fantastic Lad
No, the Comet jetliners did NOT explode due to explosive decompression. That doesn't even make sense; it is sort of like saying a match burns because it combusts.
What happened with the Comet was a result of crack propagation and stress concentration.
Stress concentration (for those who don't already know) is a phenomenon that occurs when you have a discontinuity in a load bearing structure. Imagine a plate with a hole in it which is under load. The area of the plate away from the hole has a fairly constant stress that can be calculated with your "ideal" equations. As you get near the hole, however, the stress in the material increases; it is as if the hole literally concentrates the stress into that area, hence the name "stress concentration." The smaller the radius of the hole, the greater the stress concentration. In order to keep the stress in the material low, engineers will design things so that they have as large a radius as possible anywhere the geometry changes. Square corners are avoided, because at a perfectly sharp corner you have an infinitely small radius and therefore an infinite stress concentration. Take a look at the rounded corners and stress reliefs on some items around your home or office. The material around a sharp corner will fail under almost any load. At the point of cracks or tears you also have one of these "near infinite" stress concentrations. That is how the little sharp cut at the "tear here" location of potato chip bags and ketchup packets works.
Well, the engineers who made the Comet put in square windows, with those wonderful stress concentrators in the corners. As the aircraft was pressurized and depressurized it stressed the material and in the area around the corners of the window the stress was highly concentrated and the material failed... it cracked. And the crack is also as stress concentrator, so the crack grew with every cycle of pressurization and depressurization until the structural integrity of the airplane was compromised and the force caused by the pressure difference between the inside and outside of the aircraft "unzipped" it like someone opening a bag of chips. Cracks in aircraft structures still cause problems, but it doesn't cause the airplane to "explode" like something out of the movies. One or two sections of the skin may be peeled off, and the airplane decompresses "suddenly" (which is why it is called explosive) but the airplane doesn't just detonate. Some of you may remember back in the 1980s this happened at the intersection of a structural support and skin to a 737 headed to Hawaii and it lost 18 ft. of skin (and a flight attendant).
Could a bullet hole cause similar rapid crack propagation and sudden decompression? Not a clean one, the radius is too big. I suppose little star cracks could exist around the hole that could propagate, in theory; but I doubt the damage would ever be worse than that experienced by the aforementioned 737. I am familiar with aircraft conceptual design, but am not an expert on aircraft survivability so IANAEOAS, however I have never heard of any survivability enhancement programs that focus on preventing structural failure from projectile or fragmentation damage to the skin of pressurized aircraft. Structural failure is one of the rarest causes of military aircraft loss(fuel and propulsion systems are the big problems), and is not usually a high priority on increasing aircraft damage tolerance. Civilian aircraft structures are not sufficiently different to negate the usefulness of this historical data. Of the 34 modern airliners that were subjected to in-flight bombings, 56% survived; of those only 10 crashed because of structural failure. If anyone is interested in the effects of aircraft pressurization on enhancing damage can take a look at http://www.dtic.mil/ndia/aircraft/21.pdf. It is significant, but not what I suspect most people would imagine. My best guess, is that any shot which punctures the skin will cause pressure loss. It would take a lucky shot in an older aircraft to unzip a portion of the skin, even then aircraft would likely not be lost. A modern airliner with multiple load paths would be even harder to "unzip," maybe impossible without multiple penetrations. As I said, though IANAEOAS, so if anyone does have specialized knowledge to the contrary I'd certainly like to see it. If no one does have any data or specilized knowledge in this area that contradicts this, then lets please stop rehashing this "bullets vs. aircraft" debate. Of course the smart thing would just be to use frangible bullets that won't penetrate.