Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forbes Offers a Sympathetic Portrayal of Hackers

Posted by kdawson on from the we're-not-the-enemy-and-they-know-it dept.

selain03 sends us to Forbes for a surprisingly tolerant article on the recent Defcon. The reporter spoke to several of the event organizers and faithfully conveyed their characterization of the community as motivated by curiosity about technology. The article quotes a Department of Defense cybercrime guy: "Run-of-the-mill individual hackers are just noise as we try to focus on the real problem. We have to investigate every threat, but we're often dealing with ankle biters." A refreshing perspective to read in the mainstream media.

97 comments

  1. "Middle America, Meet The Hackers!" by morari · · Score: 1

    Because that doesn't sound like a sitcom or anything...

    --
    "He who can destroy a thing, controls a thing." --Paul Atreides, Dune
    1. Re:"Middle America, Meet The Hackers!" by syousef · · Score: 4, Funny

      Because that doesn't sound like a sitcom or anything...

      You're forgetting pwn-ography never makes it to mainstream tele.

      --
      These posts express my own personal views, not those of my employer
  2. "ankle biters"? by timmarhy · · Score: 5, Insightful

    As shown in the past, it's often the very very simple hacks like finding an unprotected machine and installing sub7 on it that brings down the giants. A high level of technical experience is NOT a prereq. for a serious hack

    --
    If you mod me down, I will become more powerful than you can imagine....
    1. Re:"ankle biters"? by ILuvRamen · · Score: 0, Troll

      whether it's basic hacks or super high level, new ones that seem godly doesn't really matter actually. It's a big convention that basically says all computer systems are insecure by nature and everything is hackable. Well duh! A bunch of guys get together and show off new ways to remind everyone that computers aren't safe. They might as well be holding a fire isn't safe convention and holding conferences at it where they light random things and fire to prove their point. Ooh, look at me, I can light an entire couch on fire in 3 seconds, I'm so cool! It's the exact same thing at hackers conventions. Lots of people get together and talk about stupid and simple and super complicated and hard ways to do something everyone knows is possible and they pretend like they're the coolest, most special person on earth for it.

      --
      Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
    2. Re:"ankle biters"? by Creepy+Crawler · · Score: 4, Insightful

      True that, but is does take a great deal of restraint and expertise to go black hat and not leave a trace.

      Black hats go by a different name: corporate espionage. In that, they are in a profession of spy with computers and data, and not of personal communications.

      --
    3. Re:"ankle biters"? by Anonymous Coward · · Score: 2, Interesting

      I work for a billion dollar privately owned health insurance company, and we recently had an incident where an internal development group connected an internal development machine to the DMZ without adequate password controls, violating several policies (password standards, development system standards, DMZ-house system standards, etc) to do some file transfer testing for an app they'd written. They even had a name setup in our external DNS! Someone ssh'ed in with a service account with the same password as the username and goofed around until it was finally discovered by chance. If it had been configured properly, the compromise would have never happened. If it had proper security measures in place, we'd have seen the attempt in real-time in our SEM. It was a comedy of errors, and sadly, the guilty parties in the company didn't even receive a slap on the wrist.

    4. Re:"ankle biters"? by RealGrouchy · · Score: 1

      A high level of technical experience is NOT a prereq. for a serious hack No, but a high level of technical incompetence on the part of the hack-ee is.

      - RG>
      --
      Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
    5. Re:"ankle biters"? by iamdrscience · · Score: 5, Funny

      I understand your point, but c'mon, can you honestly tell me that if there were a fire convention, you wouldn't go? It sounds pretty awesome to me.

    6. Re:"ankle biters"? by Garridan · · Score: 2, Insightful

      Not really. People with extremely high technical competence still miss the little things once and a while. Only takes one little hole.

    7. Re:"ankle biters"? by Anonymous Coward · · Score: 0

      Such as resisting the urge to be a snarky little troll?

      (It's ok, I am still working on that one, too).

    8. Re:"ankle biters"? by Opportunist · · Score: 4, Interesting

      You make that sound like it's some cool spy movie. It isn't. It's just plain illegal. Well paid, granted, but illegal. It's neither flashy (you can't even brag about your smooth moves!) nor in any way exciting. Neither is being wanted by some three-letter-agencies. Do you happen to know why they ALL have three letters, no matter what country or nation they belong to?

      The only movie related thing that is real for a black hat is the briefing closing line from Mission Impossible: If anything goes wrong, we don't know you anymore and have never known you even existed.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    9. Re:"ankle biters"? by Opportunist · · Score: 3, Interesting

      It is a prerequisite, though, for hacks that aren't executable by clickmonkeys. Granted, pretty much every exploit there is today has been "tooled" to perfection, so that even the most clueless brick on earth can use them to do harm.

      I'm honestly not afraid of hackers. I mean, the old school kind. The "real" ones. The ones that actually know that TCP/IP ain't the Chinese secret service and that a buffer overflow isn't something that requires a plumber to fix. In their growth years, they sooner or later stumbled upon the hacker's creed, and whether they heed it or not, the damage they do is usually minimal. Yes, they may steal your data (which is often enough a severe damage), but they don't destroy data intentionally.

      What I'm afraid of is the scriptkid. The person without a clue, but with a tool. He doesn't know what he does, he doesn't know what he aims for, but he just clicks and hopes, trying to destroy and mess with other people's computers. He's the equivalent of the schoolyard bully. No clue, no skill, no perspective, but the need to once at least "prove" that he's "better" than someone else. If you're looking for wanton data destruction, that's the place to look for it.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    10. Re:"ankle biters"? by Anonymous Coward · · Score: 0

      > Do you happen to know why they ALL have three letters, no matter what country or nation they belong to?

      No. Why??

    11. Re:"ankle biters"? by justinlee37 · · Score: 1

      Because clearly, spies operate entirely within the bounds of the law *rolls eyes*

    12. Re:"ankle biters"? by alx5000 · · Score: 1

      You make that sound like it's some cool spy movie. It is. It's just plain illegal. Well paid, granted, but illegal. It's neither flashy (you can't even brag about your smooth moves!) nor in any way exciting. Neither is being wanted by some three-letter-agencies. Do you happen to know why they ALL have three letters, no matter what country or nation they belong to?
      There, fixed that for ya. Boy, that was easy, keep 'em coming!
      --
      My 0.02 cents
    13. Re:"ankle biters"? by Opportunist · · Score: 1

      Well, ymmv.

      If you have the skills and think it's something you're interested in, there are a few companies that are hiring in that area.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    14. Re:"ankle biters"? by stanleypane · · Score: 1

      I know it's flamebait, but I just gotta put this into perspective. Fire is a huge threat and can take lives in an instant. Though, the industries that deal with those risks are heavily regulated and actual metrics have been established that must be adhered to in order to insure that their products are up to par before making it to market. Think about any company that manufactures products that utilize natural gas. Stoves, furnaces, tanks to store natural gas, pipes to transport, etc. Many metric standards have been established, through rigorous testing, that insure these products don't fail under normal conditions and for good reason. You don't have to blindly trust company X when they claim their products are safe. Now think about the software industry. How many vendors can Slashdot name that constantly parade around claiming to have made there products secure and virtually hackproof? Oh yeah? Where's the metrics to prove that? Where is the regulatory industry that requires specific guidelines and standards be adhered to when dealing with information of a sensitive nature? Conventions like Defcon are needed to remind everyone exactly how fragile and insecure many of these products are.

    15. Re:"ankle biters"? by Cumanes-alpha · · Score: 1

      but with great power, comes great responsability

    16. Re:"ankle biters"? by genner · · Score: 1

      Umm fire convention... yeah it's today.
      www.nefcon07.com

    17. Re:"ankle biters"? by VJ42 · · Score: 1

      Do you happen to know why they ALL have three letters, no matter what country or nation they belong to? They don't, GCHQ is our (the UK) equivalent of the NSA. As you can see, it has four letters.
      /pedant
      --
      If I have nothing to hide, you have no reason to search me
    18. Re:"ankle biters"? by Lord+Ender · · Score: 3, Insightful

      You make that sound like it's some cool spy movie. It isn't. It's just plain illegal. Well paid, granted, but illegal. It's neither flashy (you can't even brag about your smooth moves!) nor in any way exciting.
      Imagine you have some custom malware which is only in use in a few places in the world. There will be no anti-virus signature for it because its custom. Now imagine it looks for certain words or phrases (such as "earnings") in Word or Excel documents and encodes the surrounding text in to some covert, background-noise packet, like NTP or DNS. You have also programmed your bug to only phone home while the computer is in use, so you don't trigger any off-hour activity alarms.

      You now know whether these companies will beat earnings estimates or not. You can sell short or buy on margin with 100% confidence on the days these companies release their earnings reports.

      So, no, you can't brag or tell chicks at bars that you are a spy doing espionage. But you CAN brag that you are a "trader" and are up 600% YTD.

      Most companies barely fund and train their security departments well enough to stop mass worms--the kind that screw up large numbers of computers and suck up noticeable amounts of resources. There is NO WAY they would find a bug that does not replicate and lives on only a single PC in the finance department. Even if they did, they would likely just reformat the thing and be done with it. No reason starting in on forensics! Time is money!

      Also, there is no huge chunk of money missing from any individual person, so who is going to hunt you down? You've only stolen a fraction of a penny per share from thousands of oblivious shareholders.

      When the rewards are so high and the risks are so low, you can bet that there are many less-ethical people out there who are willing to do it, and would enjoy every minute of it. For some people, it wouldn't take much work convincing themselves that they are no more crooks than the people they are stealing from.
      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    19. Re:"ankle biters"? by boa13 · · Score: 1

      Same for the DGSE in France.

    20. Re:"ankle biters"? by Opportunist · · Score: 1

      Maybe the politicians in England and France can remember one letter more when they ponder who they gotta phone today.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    21. Re:"ankle biters"? by russotto · · Score: 1

      With great power, comes great responsibility. With absolute power comes no responsibility at all (cut to mad scientist's face illuminated by lightning bolts. Or Galadriel's test in LOTR).

    22. Re:"ankle biters"? by Opportunist · · Score: 1

      You might be surprised. The case you described is far from fiction.

      Though companies do actually put that PC up for forensics. A PC is cheap. Rip it out, throw it to forensics, put in a new machine for the accountant. What really matters is that this MUST NOT happen again. That would cost a fair lot of money (especially if someone leaks that information). That loss would make the cost of a PC including forensic examination look like pocket change.

      Such things do happen. And yes, they get investigated. In short, don't do it unless you have a very good net of bots running to cover your tracks.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    23. Re:"ankle biters"? by Creepy+Crawler · · Score: 1

      These people really don't understand. They think that hacking is some techno-porn orgy one sees on the "haqr" shows. It sadly is not.

      Good luck trying to find evil-ware when it's custom and yet munged with packers. It'd be better yet if the export was a gpg encrypted to a public key that was packed within. Do you think techies working in IT at a big company have the expertise to properly unpack and dead-list it correctly (assuming that the reverse assembly removes impossible loops)? I think not. Some of the stuff I've seen, Spaf would have a hell of a time with it.

      You know, a colo servers are rather cheap and can store a nice load of data. And one can use TOR or another anonymizer to contact the colo.

      --
    24. Re:"ankle biters"? by Lord+Ender · · Score: 1

      Perhaps some companies pay for the people, tools, and training necessary to detect a custom bug. Fewer yet may even send computers generating suspicious activity off to forensics for in-depth analysis.

      Most say "We have anti-virus and IDS, and we hired a few people at $60k to look over the systems. We have done our due diligence, so our ass is covered if something bad happens." Such places will also have the occasional meeting with the agenda: "How can we cut costs at our security department so senior exec bonuses will be larger?"

      Such companies have about 0% chance of ever finding a custom bug.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    25. Re:"ankle biters"? by Merk · · Score: 1

      CSIS and RCMP in Canada.

    26. Re:"ankle biters"? by JonnyBnDC · · Score: 1

      can you honestly tell me that if there were a fire convention, you wouldn't go?

      It's called Burning Man.

      --
      This wasn't just plain terrible, this was fancy terrible. This was terrible with raisins in it. — Dorothy Parker
    27. Re:"ankle biters"? by Anonymous Coward · · Score: 0

      it must be all o them socialist taxes they stole from honest people payin fer that extree letter

    28. Re:"ankle biters"? by Creepy+Crawler · · Score: 1

      I know how I get information back from a bug.

      Only have a bug report when traffic to internet is high. Then post a few hundred bytes to a popular blog (slashdot) and have it xored to a known key.

      Retrieval is easy. Hit target dump-site (the blog) on a wifi network, probably with proxies to even mask that.

      Congrats. You just smuggled data out.

      --
    29. Re:"ankle biters"? by Lord+Ender · · Score: 1

      One communication channel which I think is interesting is Wikipedia. Even if your bug's stego is edited out, you can view it via the article's history.

      If the target in question actually uses Wikipedia, this would be about as undetectable as it gets.

      And yes, for retrieval, you use a power-boosted antenna to public wifi, bounce through a few countries, hit tor and check the wiki page. Though, if your bug uses good stego on a high-traffic page, such secrecy may not be needed.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    30. Re:"ankle biters"? by alienmole · · Score: 1

      So, no, you can't brag or tell chicks at bars that you are a spy doing espionage.
      Why not? It's always worked for me...
  3. I can see it... by thatskinnyguy · · Score: 5, Insightful

    Who better to design safes than professional thieves?

    --
    The game.
    1. Re:I can see it... by poopdeville · · Score: 4, Insightful

      Mechanical Engineers.

      --
      After all, I am strangely colored.
    2. Re:I can see it... by thatskinnyguy · · Score: 1

      Even engineers have been known to screw-up.

      --
      The game.
    3. Re:I can see it... by smookumy · · Score: 2, Insightful

      Yes, exactly. After all, they're taught by the finest thieves: universities.

    4. Re:I can see it... by Anonymous Coward · · Score: 0

      Me. I don't really have anything particularly insightful to add although I'm the person to add it. You were of course using it as a analogy, so an in depth walkthrough of why I'm more qualified than a professional theif would be over the top, but the reality is, I'm a better thief than a professional thief, and thievery of concentrated physical assets is beyond antiquated as digital assets are much less protected. Why would you go fishing in a puddle with the game warden breathing down your neck when there's a breeding ground right next door?

      The reality is, the money in 0 days sploits for physical security is in salesmenship. The demand comes from having a product to sell. Not a pot of gold to steal. So who better to design a safe than a person who makes and sells safes is the reality. But that sounds stupid.

    5. Re:I can see it... by thatskinnyguy · · Score: 1

      Amen brother! *Dances in the aisle, loan papers in hand*

      --
      The game.
    6. Re:I can see it... by Gr8Apes · · Score: 1

      The only people that do not screw-up are those that do nothing.

      OK, time for some coffee, that was far too Confuscious-like...

      --
      The cesspool just got a check and balance.
    7. Re:I can see it... by westlake · · Score: 1
      Who better to design safes than professional thieves?
      Mechanical Engineers.

      That feels right.

      The "burglar proof" safe isn't necessarily the "fire proof" safe. The engineer has to find a workable solution for the problem as a whole.

  4. The truth behind this article... by Anonymous Coward · · Score: 5, Funny

    Some of the Defcon guys thought it would be hilarious to hack a major media outlet and place a sympathetic story about themselves on it. Mission accomplished!

  5. Not Daniel Lyrons by Jah-Wren+Ryel · · Score: 5, Funny

    A Forbes article that isn't hyper-sensationalist and pro-status-quo?
    What, was Daniel Lyons too busy impersonating Steve Jobs to do the piece?

    --
    When information is power, privacy is freedom.
  6. Ofer? by duck0 · · Score: 1

    Maybe I'm just being foreign, but what' the heck is an Ofer?

    1. Re:Ofer? by DataBroker · · Score: 1

      Maybe I'm just being foreign, but what' the heck is an Ofer?


      http://en.wikipedia.org/wiki/Ofer
      Ofer (Hebrew: ) is a moshav located south of Haifa, Israel in the Carmel Mountains and is a part of the Hof HaCarmel Regional Council. The moshav was founded in 1950 by immigrants from India. Agricultural income is derived from raising cattle, sheep and chickens growing vegetables and flowers, and tourism.
    2. Re:Ofer? by matts-reign · · Score: 1

      Look at the title and then look at the word "ofers" again. Notice any similar ones?

      --
      Waffles rock.
    3. Re:Ofer? by Anonymous Coward · · Score: 0

      > sheep and chickens growing vegetables and flowers

      They must do a nice job training the sheep and chickens.

  7. The world is not fair... by Tatisimo · · Score: 4, Insightful

    Why didn't the more interesting story about the evil undercover reporter who got pwned made it to the mainstream media? There's no justice in this world for hackers... Won't somebody think of the hackers? ;_;

    --
    Give Kashyyyk back to the Wookies
    1. Re:The world is not fair... by Anonymous Coward · · Score: 0

      Well, if you read TFA you'd know that was the first thing mentioned.

    2. Re:The world is not fair... by oheso · · Score: 1

      Hmm. I read it on Slashdot and BoingBoing -- how mainstream do you want?

    3. Re:The world is not fair... by Anonymous Coward · · Score: 0

      Well, if its any consolation, at least hackers get portrayed as digital gods who can do anything by typing rapidly for about 15 seconds in the movies (see Hackers, Swordfish) Some even go so far as to say hackers can dodge bullets.

    4. Re:The world is not fair... by Verence · · Score: 1

      That was one of the first things mentioned in the article.

      --

      ... that's all i wrote...
    5. Re:The world is not fair... by LordLucless · · Score: 3, Informative

      Sydney Morning Herald, one of Australia's largest newspapers, had a fairly pro-Def Con article about it too. http://www.smh.com.au/articles/2007/08/04/11856481 97448.html

      --
      Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
    6. Re:The world is not fair... by glindsey · · Score: 1

      Considering she was a reporter for NBC's Dateline, I really expected the story to end up on CBS or ABC's evening news. Or possibly on Fox or CNN. I can't believe their competitors wouldn't jump at the chance to expose a sleazy shock tactic being used by an NBC employee... unless, of course, they feel it would expose their own sleazy shock tactics.

  8. Still blaming "Eastern Europe or Asia" by Anonymous Coward · · Score: 0

    So much easier -- and apparently more villainous -- than "a bazillion Americans too stupid to run antivirus software".

  9. Self preservation? by proudfoot · · Score: 1

    Maybe they saw what happened to the other reporter. *shudders*

  10. Why forbes.com? by Dr.+Cody · · Score: 4, Funny

    But, of all the places, why Forbes? Couldn't they have picked some respectable outlet?

    Maybe Forbes was the only site they had any luck with, since, having alienated techies so thoroughly, they couldn't hire a competent webadmin.

    1. Re:Why forbes.com? by Propagandhi · · Score: 4, Funny

      Nah, Forbes is just so single minded it's super easy to guess their passwords (it's money, by the by... always money).

    2. Re:Why forbes.com? by Anonymous Coward · · Score: 0

      Badass nick, btw. Today's Empires, Tomorrow's Ashes is a fucking masterpiece.

  11. Sympathetic by Tablizer · · Score: 1

    "They're so cute when they launch missles."

    --
    Table-ized A.I.
  12. Hackers and Crackers by lukesky321 · · Score: 0

    When I mention a Cracker images of white men or literal crackers may be appearing in your head.
    Now I am going to explain the difference between a hacker and a cracker.
    A hacker is a person with no criminal intent breaking into a computer and just wants to do it to satisfy his curiosity, this however is not generally acceptable in our society. A Cracker is someone who does have criminal intent when breaking into a computer and does it for ulterior motives other then the attaining of knowledge. I believe the former should be allowed while the latter should be strictly discouraged.

    1. Re:Hackers and Crackers by poopdeville · · Score: 1

      This falls flat. Just wanting to break in without permission is criminal intent.

      --
      After all, I am strangely colored.
    2. Re:Hackers and Crackers by someone1234 · · Score: 3, Informative

      Hacker originally meant anyone who dabbles with ANY code. Not necessarily bypassing security, and not necessarily on someone elses computer, and not necessarily without consent.

      --
      Patents Drive Free Software as Hurricanes Drive Construction Industry
    3. Re:Hackers and Crackers by sssssss27 · · Score: 1

      I think the word you are looking for is malicious intent not criminal intent.

    4. Re:Hackers and Crackers by Anonymous Coward · · Score: 3, Informative

      Umm, no. Being a hacker has absolutely nothing to do with wanting to break into somebody's computer, be it for fun, profit, or whatever else.

      Being a hacker has everything to do with having talent at and taking delight in learning how large, complicated but internally consistent systems work and then using that knowledge to solve problems, overcome limitations and make improvements. A hacker is somebody who instinctively wants to take things - most often computer systems/programs - apart, tinker with them, put them back together again and in doing so learn something, so that they can do really clever things with that knowledge later: and who gets off on doing all of this.

      Hackers existed before most computers were connected to any other computers to break into.

    5. Re:Hackers and Crackers by woksta · · Score: 0

      Yes, we need to go into detail about the difference between hackers and crackers. This has neever been discussed before.

      --
      teh omg kekekekkekekekekeke!!!!11shift!!!1one11eleven
    6. Re:Hackers and Crackers by kaizokuace · · Score: 1

      so what if it's bad, or considered wrong. Wanting innocent hacking to not be seen as illegal is boring. Part of getting access to a system is the risk of getting caught! Risk is fun. If it wasn't we would only be content hacking sandboxes of our own creation. uhh, haven't heard this for a while... Hack the planet!

      --
      Balderdash!
    7. Re:Hackers and Crackers by db32 · · Score: 1

      Be sure to remember that when that hacker breaking in without criminal intent gets you injured or killed because of any number of the following. The computer they broke into and subsequently crashed or fiddled with operates complex medical equipment, from MR machines to CT scanners to any of the new latest and greatest wizbang remote surgery technologies. How are you going to feel when the specialist cutting on you from thousands of miles away can't complete the surgery because some "innocent" "non criminal" hacker satisfied his curiosity on a critical piece of equipment. We can also talk about industry jobs...where the innocent hacker causes problems with a mfg machine controlled by the computer they are in. I had the pleasure of watching a laser cutter start to cut through itself due to an accidental oversight in simple software settings, the guy running it caught it really quick, but it still left a nice small cut in the frame.

      Hackers can play with their own shit all they want, they can set up VMs and any number of other setups to play and tinker and test. I'm sure you will have a wonderful time explaining to the cops that you didn't want to steal anything when you get caught bumping locks that don't belong to you "out of curiousity".

      --
      The only change I can believe in is what I find in my couch cushions.
    8. Re:Hackers and Crackers by westlake · · Score: 1
      Now I am going to explain the difference between a hacker and a cracker.
      A hacker is a person with no criminal intent breaking into a computer and just wants to do it to satisfy his curiosity, this however is not generally acceptable in our society. A Cracker is someone who does have criminal intent when breaking into a computer and does it for ulterior motives other then the attaining of knowledge. I believe the former should be allowed while the latter should be strictly discouraged.

      I think this is - looked at coldly and realistically - simply too fine a distinction for the public to make.

      Part of the thrill of voyeurism may lie in almost being caught. For some, the closer the voyeur is to being discovered, the larger the thrill. Voyeurism

      That strikes a little too close to home if "curiosity" is your motive - and technical proficiency your means.

      Nor is the "hack-ee" required to take you at your word. It's a bit like planting a camera in the girl's dorm room and claiming later that you never meant to view - or distribute - the video.

      The only proof that your "hack" succeeded.

  13. About Forbes by prakslash · · Score: 3, Insightful
    May be it is just me but I find Forbes to be like women's "Cosmo" magazine for dumb guys and wannabes.

    All it has is 3 things: (1) Articles that state the obvious (2) Shit load of Rolex and Lexus ads (3) Those top 10 lists like 'top 10 affordable vacation getaways' where their definition of affordable vacation is something that costs between $30k and $100k.

    Sometimes it is almost like they are taunting the reader, saying "look, drool and weep".

    Even in this article, their 'discovery' is that serious hackers are curious about technology, script-kiddies are just a nuisance.

    Color me surpised...

    1. Re:About Forbes by Animats · · Score: 5, Informative

      May be it is just me but I find Forbes to be like women's "Cosmo" magazine for dumb guys and wannabes.

      Forbes went downhill after Malcom Forbes Sr. died. Forbes Magazine used to do some hard-hitting investigative reporting. Malcom Forbes Sr's attitude was "Go ahead, sue me for libel. I'm a billionare". They've gone soft since the son took over.

      Business Week, which used to be the cheering section for big business, has improved a bit.

      It's not clear what will happen to the Wall Street Journal under Murdoch's ownership, but it's not looking good. The WSJ has gone downhill in the last few years, anyway. The fundamental problem is that its classic functions, stock charts and major stock-related events, are all on line now. Nobody on Wall Street needs to read the Wall Street Journal; anything that affects trading was on their Bloomberg long before.

    2. Re:About Forbes by Anonymous Coward · · Score: 0

      They've gone soft since the son took over.

      That's what she said.

    3. Re:About Forbes by avatar4d · · Score: 1

      May be it is just me but I find Forbes to be like women's "Cosmo" magazine for dumb guys and wannabes.

      All it has is 3 things: (1) Articles that state the obvious (2) Shit load of Rolex and Lexus ads (3) Those top 10 lists like 'top 10 affordable vacation getaways' where their definition of affordable vacation is something that costs between $30k and $100k.

      Sometimes it is almost like they are taunting the reader, saying "look, drool and weep".


      All it has is 3 things and Point 1 are baseless. All opinion and no fact or supporting evidence. Point 2 and 3 may make you drool and weep, but the magazine is not directed at you. Their demographic is people who can afford those things. This is why there are Rolex and Leer advertisements. Generally business owners and investors read the publication. Now while you may feel business owners are "dumb;" does it really matter? They can do what they want, when they want, buy anything they want, and they just seem a lot smarter than those who can't because of it.
      --
      Confucius say: "Man who associates with smarter men than himself is smarter than the men he associates with."
    4. Re:About Forbes by sgt_doom · · Score: 1

      Nah...prakslash, it's not just you....why would anyone who has ever done ANY serious hax give a flying f**k what Forbes thinks????

  14. same passwords by Dr.+Cody · · Score: 1

    Nah, Forbes is just so single minded it's super easy to guess their passwords (it's money, by the by... always money).

    So, kind of like a flat tax?

  15. Pervert vs concerned citizen by EmbeddedJanitor · · Score: 1
    Now I'm going to explain the difference between a pervert and an interested citizen.

    Both peep into locker rooms and watch 12 year-olds undressing, but there's a big difference! The pervert is doing it because he is a criminal and the concerned citizen is just doing it to see how it is done so that they can know how perverts do it.

    Please folks... just proving you can break into someone elses computer or their car or spy on their daughters is wrong. If you really want to do something for experimental reasons then set up your own car, computer or whatever.

    All cracking/hacking someone elses equipment is back hat.

    --
    Engineering is the art of compromise.
    1. Re:Pervert vs concerned citizen by oheso · · Score: 1

      When you're doing it for Homeland Security, you get the taxpayers to cover the cost of tissues!

    2. Re:Pervert vs concerned citizen by aguenter · · Score: 1

      Now I'm going to explain the difference between a pervert and an interested citizen.

      Both peep into locker rooms and watch 12 year-olds undressing, but there's a big difference! The pervert is doing it because he is a criminal and the concerned citizen is just doing it to see how it is done so that they can know how perverts do it.


      Is this some sort of fabricated justification you've made for yourself to better sleep at night?

      Just a thought, 'cause that's a really bad analogy that wouldn't have passed most peoples "WTF?" filter.

      I'm hoping Freudian slip.
    3. Re:Pervert vs concerned citizen by Opportunist · · Score: 1

      ...and spy on your own daughter?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Pervert vs concerned citizen by razorh · · Score: 1

      All cracking/hacking someone elses equipment is back hat.

      back hat bad,
      front hat good!

  16. Ankle biters by jsse · · Score: 1

    Run-of-the-mill individual hackers are just noise as we try to focus on the real problem. We have to investigate every threat, but we're often dealing with ankle biters. Wait 'til Tiffany drives a bike into your premises, blowups everything in her path and then turns down your entire power grid with a ssh hack.

    Don't underestimate the power of a desperate hacker in shiny leathers.
  17. Alternate definitions by Almahtar · · Score: 2, Interesting

    I've often heard what you call a 'hacker' called a 'white hat hacker' and what you call a 'cracker' called a 'black hat hacker'.

    When I was just starting learning security stuff circa '95-'97 the term 'cracker' referred (in most stuff I read and by people I talked to at the time) to people who modified binaries on their own system to do things they weren't supposed to (such as a no cd crack or adding new features to a binary - it didn't have to be illegal), while hacking usually referred to gaining unauthorized access to anything, be it local or over network.

    It all depends on what crowd you gained your definitions of hacking and cracking from. I prefer these definitions because they seem to have more precision. You can hack for multiple reasons (good or bad, white or black hat), you can crack for multiple reasons (good or bad, white or black hat).

    A company I worked for had a lot of cracked copies of their software circulating the Internet and I spent some of my time for them reverse engineering and preventing one of their more mysterious and unsolved cracks - I'd call that white hat cracking.

  18. Own the Box by eric76 · · Score: 0, Troll

    I've been curious about the results of the Own The Box competition.

    Did any boxes not get owned? How many?

    How did the various OS's on the box fare?

    Does anyone have any link to the results?

    1. Re:Own the Box by neurovish · · Score: 1

      According to the awards ceremony, nobody fessed up to owning any of them. DT hypothesized that it was because once somebody got into the box, they saw that it was a PIII and felt it wasn't worth their time. He didn't give any more details though.

    2. Re:Own the Box by eric76 · · Score: 1

      Thanks. I've been curious about the results since I saw several requests for systems for the contest.

  19. Re:"ankle biters"? You mean Ankle Biting Zombies! by Gary+W.+Longsine · · Score: 1

    OMG! WTF! Ruuuuuuu-un!

    --
    If you mod me down, I shall become more powerful than you could possibly imagine.
  20. "noise" by Anonymous Coward · · Score: 0

    The feds are absolutely right on this one. The threat from some pony-tailed, bespectacled nerd poking around where he shouldn't(the stereotypical Defcon attendee) pales utterly in comparison to serious cyber-criminals and/or state sponsored infrastructure attacks.

    If the feds and the geeks can learn something from each other that may help protect us all, it can be nothing but a Good Thing(tm).

  21. Who creates the scripts? by Crito123 · · Score: 0

    You people think the "security professionals" at the NSA/FBI/DoD write these "scripts"? The script kiddies themselves have created the vast majority of hacking tools. The reason white hats refer to them as script kiddies is because the average 14 year old hacker can program circles around the average security professional. What script kiddies aren't really good at is the "social engineering" part, which is essentially the spy craft. That's why they frequently get caught and the crimes the NSA/FBI/DoD commit go relatively unnoticed.

    1. Re:Who creates the scripts? by Crito123 · · Score: 1

      And what's really ironic is it's much easier to learn social engineering by reading from a script than it is to program. Programming requires long nights of trial and error, banging you head against the wall. Any telemarketer could perform basic social engineering.

    2. Re:Who creates the scripts? by AgentSmith · · Score: 2

      Uh no.

      Way back in the day, Hackers were and still are the folks creating the scripts.
      "script kiddies" were little wanker wannabes that logged into an IRC chat or usenet session
      and eavesdropped, glommed, or begged scripts out of real programmers. They then ran these
      scripts thinking they were so 133t! This may have changed, but if you're actually writing or modifying
      code call yourself anything other than a script kiddie.

      Most of these so called script kiddies I've met couldn't code themselves out of a paper bag.
      But they were so awesome when they stole someone else's script, broke into the local phone system, got caught and went to juvie.

      It's not breaking into things, it's figuring how things work.

      Mod me redundant, because this should be repeated 10 times down the list by the time I post.

  22. American Heritage by westlake · · Score: 1
    Forbes went downhill after Malcom Forbes Sr. died. Forbes Magazine used to do some hard-hitting investigative reporting.

    I'd like to take a moment here to mourn American Heritage and its sister publication I & T, or as it was once known, The American Heritage [of] Invention and Technology. Literate, distinguished, gorgeously illustrated.