Slashdot Mirror

← Back to Stories (view on slashdot.org)

If You Hack NBC, You Don't Get to Meet Tom Brokaw

Posted by CmdrTaco on from the thats-pretty-funny dept.

subgeek writes "Security Focus Online is carrying this story about the spot that Adrian Lamo almost had on the NBC Nightly News with Tom Brokaw. NBC changed their mind after they realized the possible legal implications of filming someone hack corporate systems. NBC also seemed a bit touchy that Lamo had gotten into their system so handily. According to the article, it took him about five minutes and one guessed password to get inside NBC's intranet from a computer at a Kinko's. Lamo's comment: "It was a very full service system.""

6 of 319 comments (clear)

  1. Re:Unfortunate Last Name by Wind_Walker · · Score: 4, Informative
    Actually, the SNL skit you're referring to had the punchline of "Azwipe".

    The "Dumass" you're referring to is either the "Thick-Headed" commercial for A&W Root Beer, or from The Shawshank Redemption tring to pronounce Alexandre Dumas.

    Not that I'm anal or anything.

  2. Re:As an ex-hacker I tend to only trust Mac OS ser by ruhk · · Score: 2, Informative

    Interesting? Please.

    This is a verbatim repost of an old troll--which, I might add, was shot down point for point for point.

    "No root user" is NOT the same thing as "always running as root".

    --



    404 Error: .sig not found.
  3. Re:As an ex-genius, I can tell you (all facts) by alienmole · · Score: 4, Informative
    Easy:

    The entire premise of "secure Mac OS" web servers is based on two factors:

    1. Reduced functionality tends to improve security. Mac OS web servers have extremely limited functionality, therefore are more secure by default.
    2. Mac OS web servers are not widely used (a serious understatement, hardly anyone uses them), and are thus not targets for attacks. There was a time when it was quite safe to put an unprotected Windows web server on the Internet, for the same reasons, and we all know how secure they turned out to be.

    It would thus be accurate to say "The Mac OS web server may be a good choice if you are clueless, do not know how to administer secure servers, and want to run an OS that is now officially obsolete."

  4. Re:As an ex-hacker I tend to only trust Mac OS ser by foobar104 · · Score: 3, Informative

    If MacOS is so great, why does Apple use Solaris?

    Akamai. Apple's web site is distributed. When you connect to apple.com, you're actually getting www.apple.com.akadns.net, which runs on Solaris.

  5. Re:As an ex-hacker I tend to only trust Mac OS ser by Odin's+Raven · · Score: 2, Informative
    I have nothing against most of your points, but I have a few little nits to pick:

    2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidians birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.

    Perhaps this is a philosophical nitpick on my part, but by extension shouldn't this mean that the vast majority of Windows programs should be incredibly secure? Prior to NT, all Windows developers were guaranteed that their code would be running as 'root'. That's a lot of developer-time spent in a world where everything is root. And yet, somehow, Windows still seems to have its share of security problems.

    I'm not saying that Macs are as insecure as Windows boxes, just that I'm having trouble following the idea that "always being root" somehow makes programmers more security-conscious.

    3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not.

    A buffer overflow is a buffer overflow is a buffer overflow.

    If you don't check that your destination buffer is big enough to hold the contents of your source buffer, then your code becomes a bug in search of an exploit. Doesn't matter if the length is stored at the beginning, doesn't matter if you count until you find a NUL. If you copy from A to B and sizeof(B) < sizeof(A), you're just looking for trouble.

    Yes, ladies and gents, sometimes size does matter...

    --
    A marriage is always made up of two people who are prepared to swear that only the other one snores.
  6. Re:Unfortunate Last Name by (H)olyGeekboy · · Score: 2, Informative

    Reminds me of the great SNL skit with Nicholas Cage:
    "The name is Dumass, Dumass!"

    That's a rootbeer commercial.

    Nicholas Cage's name was "Asswipe," and the line was "Excuse me, that's pronounced Os-wee-pay!"

    Sorry I remembered that skit recently when trying to think up a name for my unborn child. :) (Cage made every name that his wife suggested into a tease or a taunt to see if it would be appropriate.)