A Hacker's Audacious Plan To Rule the Underground

My Ambition by Anthony_Cargile · 2009-01-05 09:49 · Score: 4, Funny

Yeah, many years ago (in my teens) I had the ambition to be "the next bill gates", and now as I write small to medium websites and private applications from my couch, covered in empty red bull cans and small food bags, I think I managed pretty well!

</humor>

Re:My Ambition by multisync · 2009-01-05 10:25 · Score: 2, Informative

I've noticed a few of these "What's up with teh red stories on teh front page" comments lately. Are the posters truly unaware of the significance of the red border, or are these posts a variation on the Obama turd trolls or something? I've seen similar comments posted in other threads. Some - like this one - even go so far as to post a link to a screen shot, to "prove" that they really saw a story in red!!!
Mind you, I had the same "am I losing my mind?" reaction when the user page was changed without warning or explanation a month or so ago. My troll radar just goes a little crazy when someone questions something only a logged-in subscriber would see but posts a question about it anonymously.
Assuming you're not trolling, subscribers get to preview summaries before they are posted to the front page. The previews are bordered in red, so you know they have not yet gone live.

--
I don't care why you're posting AC
Re:My Ambition by Anthony_Cargile · 2009-01-05 10:31 · Score: 2, Funny

Bill gates makes money off of his virus. I guess I could have done the same with a little marketing and a commercial with an ape convincing you to buy it.
Re:My Ambition by atraintocry · 2009-01-05 11:26 · Score: 2, Informative

AFAIK that was an internal thing they did as a joke. Still great though.
Re:My Ambition by idontgno · 2009-01-05 11:35 · Score: 3, Funny

buggy slashcode
+1 Redundant

--
Welcome to the Panopticon. Used to be a prison, now it's your home.
Re:My Ambition by Anthony_Cargile · 2009-01-05 14:25 · Score: 4, Interesting

I get sick of explaining this, but the sig (which could not completely fit because of /.) is supposed to infinitely loop like that. I'm fully aware that getch() is only found in DOS's conio.h (and the ncurses lib), but even The C Programming Language references it, without providing the code for it (or even a header inclusion, for that matter). The full code snippet (forgive me, mods) is this:

void PAUSE(){ printf("\nPress any key to continue. . ."); while(1) getch(); } // enforce the 'any' key
And this was used in an old app I wrote (a long time ago) - a fake COMMAND.COM/cmd.exe used to prank anyone who used it religiously, mainly a teacher I had that pinged something every about five minutes.

Now can we move on? (And if thats you, peter, then you obviously are new here).
Re:My Ambition by Plutonite · 2009-01-05 14:35 · Score: 2, Funny

That must be because you're The One, and you are here to save us. Talk you the Oracle in the park - she might tell you what you need to know.
Re:My Ambition by multisync · 2009-01-05 15:13 · Score: 2, Informative

Here's a thread from yesterday that has a lot of posts about it. Logged in non-subscribers and ACs report seeing stories with red borders, so either everyone has been granted access to stories from the mysterious future or something's broken (borken???). Taco's journal may yield some clues, but I'm cooking dinner right now.

--
I don't care why you're posting AC
Re:My Ambition by halcyon1234 · 2009-01-06 02:17 · Score: 3, Informative

I get sick of explaining this, but the sig (which could not completely fit because of /.) ... void PAUSE(){ printf("\nPress any key to continue. . ."); while(1) getch(); } // enforce the 'any' key
Just a note: The sig char limit seems to have been increased to 120. I don't know when that happened, but if you go to Help & Preferences, General, scroll down to Sig and click the [?], it says 120.
An upgrade like that, I don't mind. As for the userpage, it's still ruined one of my favorite parts of Slashdot, and I'm fucking bitter about it

--
UTF-8: There and Back Again
Re:My Ambition by Kaz+Kylheku · 2009-01-06 07:13 · Score: 2, Insightful

Any-key-humor was slightly funny twenty years ago when Homer Simpson couldn't find the Any key.
``Press any key'' unambiguously means that any keyboard input is acceptable.
The real point of the humor is that users (who are native English speakers) get so acustomed to grammatically-gutted error messages which lack proper capitalization, punctuation and the use of articles like "a" and "the", that they no longer parse ``press any key'' in the obvious way. It's a computer message so there must be article missing, right? The user has come to believe that the computer is a Russian immigrant.
The lesson from Any Key humor is that text presented to the user should be recognized as grammatic by a native speaker of the user interface language in which it is written, and it should follow the proper orthographic conventions used in the written version of that language.
A prank program that doesn't allow the user to continue because he hasn't pressed the nonexistent Any key is not funny. The victim won't get the joke; it just looks like something has frozen, which is indistinguishable from routine behavior of a computer running DOS and Windows.
This may be slightly better:
unsigned int i = 0;
for (;;i++) {
getch(); /* nonportable character-at-a-time input */
switch (i) {
case 5:
printf("please, i asking, to press any key!\n");
break;
case 8:
printf("!!?? it is still not any key, what now you did!\n");
break;
case 10:
printf("No no no! user to find ... any ... key ... and just to press!\n");
break;
case 15:
printf("it is in afghanistan keypad on standard soviet keyboard.\n");
break;
case 20:
printf("will not continue until any key. understand? discussion end.\n");
break;
}
}

"Former white hat"? by EmbeddedJanitor · 2009-01-05 09:51 · Score: 5, Interesting

Sounds like he was always a black hat but just didn't cause enough problems while he still had his training wheels on.

--
Engineering is the art of compromise.

The article leaves out a key piece by Anonymous Coward · 2009-01-05 09:53 · Score: 5, Funny

Posting anonymously for obvious reasons.

I went to school with Max Butler. He's driven by constant challenges. I knew Max as a friend and as such witnessed the same vitriol and hatred he put up with from others who did not understand him. Teachers often openly mocked him, especially in computer science courses.

His escape from it all came from hacking. He noticed he had a particular knack for it. He'd get really engrossed, and it became sort of a downward spiral from there. If you know anyone like him, please do not ostracize him in his forming years. Imagine if he had been a solid, contributing member of society like timecop, or the millions of other good natured people that run trolling organizations that specialize in making fools out of idiots like yourself.

Re:The article leaves out a key piece by Burning1 · 2009-01-05 12:33 · Score: 5, Insightful

There's a huge difference between criticism and ridicule. To be frank, most of us went through that kind of stuff growing up. Very few of us turned out anti-social.
Re:The article leaves out a key piece by digitalhermit · 2009-01-05 13:28 · Score: 5, Funny

I went to school with Anonymous Coward. He's driven by shame. I knew AC as a friend and witnessed the same vitriol and hatred he put up with from others who did not understand him. Users often openly mocked him, especially after he posted comments about Apple Computer.
His escape came from posting. He noticed he had a particular knack for it. He'd sometimes post a thousand times a day to Slashdot (just check the logs and you can verify this for yourself). If you know others like him (such as Anonymous Howard, Eponymous Dotard, Androgynous Blowhard), please do not euthanize him in his cromulent fears.

Article? by Anonymous Coward · 2009-01-05 09:55 · Score: 5, Insightful

"Once inside, he sucked out their content, including the logins, passwords, and email addresses of everyone who bought and sold through the sites. And then he decimated them, wiping out the databases with the ease of an arsonist flicking a match."

This seems to be written more like a work of fiction than an account of the hack. The description echo'ed the language used in Jeffery Deaver's "The Blue Nowhere".

Re:Article? by momerath2003 · 2009-01-05 10:20 · Score: 5, Funny

Wouldn't decimating them mean having to leave 90% of the logins?

--
I had but a simple dream, to destroy all humans.
Re:Article? by zappepcs · 2009-01-05 10:24 · Score: 2, Insightful

Well, no readership otherwise. For all my SO knows, I could be hacking the great Chinese firewall. She would not know otherwise and would not care. Trying to get Adobe flashplayer 10 64bit alphaOMGpre-release to work on Ubuntu looks exactly the same as hacking the Chinese Embassy's coke machine server to her if there is no narrative to let her know what is exactly happening.

--
Support NYCountryLawyer RIAA vs People
Re:Article? by multisync · 2009-01-05 10:31 · Score: 4, Funny

"Once inside, he sucked out their content, including the logins, passwords, and email addresses of everyone who bought and sold through the sites. And then he decimated them, wiping out the databases with the ease of an arsonist flicking a match."
This seems to be written more like a work of fiction than an account of the hack.
True, but I'll bet there were lots of cool graphics swirling around his head while he was doing it!

--
I don't care why you're posting AC
Re:Article? by TheoMurpse · 2009-01-05 11:13 · Score: 5, Informative

Yes, just as "homophobe" only means "afraid of that which is the same as them," "you" is only the polite form of indicating the addressee ("ye" being the casual form), "villa" only means "farm," "awful" only means "deserving of awe," and "girl" only means "young child of either sex,".
Here's a tip: words change meaning.
Re:Article? by dave562 · 2009-01-05 11:33 · Score: 3, Interesting

The article is a work of fiction because the actual details weren't available. The author states at the beginning that the details were recreated from court documents. Given that Poulsen himself is a hacker, it is pretty safe to assume that he guessed pretty closely on the details. There are only so many ways to bust into a web server, and SQL injection along with compromised passwords seems likely enough. As for what he did after he had access, what is so fictional about that? He dumped the data and dropped all of the tables. Ooooo, big stretch of imagination there. We're talking about a serious blend of fantasy and sci-fi right there.
Re:Article? by momerath2003 · 2009-01-05 16:45 · Score: 2, Funny

The internet is serious business.
Also,
http://qwantz.com/archive/001377.html

--
I had but a simple dream, to destroy all humans.
Re:Article? by oasisbob · 2009-01-05 20:32 · Score: 3, Interesting

Forget Doctors, even designers and typographers care about inaccuracies in popular media.
Check out this article about anachronistic fonts in movies.
People are weird: we seem to care about just about everything.
Re:Article? by FishAdmin · 2009-01-06 03:05 · Score: 2, Interesting

I was with you right up to this point:

"awful" only means "deserving of awe,"
Now I have to be an etymology Nazi, and point some things out: When awful first came into our language (approx. 885AD, attributed to Alfred the Great), awe was an Anglo-Saxon word meaning "fear, dread, terror" (Oxford English Dictionary). At that point, awful DID mean "full of awe", but in the sense of "full of fear; full of dread".
It was much later (16th Century) that the word awesome came into being, and the word awe had changed to mean "dread mingled with veneration; reverential or respectful fear", mostly due to it's association with the God of the Bible.
So, you were correct in words changing meaning, but it was the word awe that had evolved, not the actual word awful.
/Nazi

--
Last night I played a blank tape at full volume. The mime next door went nuts.

Honest money by Anonymous Coward · 2009-01-05 10:00 · Score: 4, Insightful

The way I figure it all the effort that goes into making big money doing crime would be better used in the 'real' world.

I live in the ghetto and the skills required to sell drugs/weapons can be easily transferred to the business world rather easily and the income is higher.

Honest money allows me to sleep at night and at the end of this train ride, the books will be balanced and that man in the sky will do the accounting and even it all out.

Re:Honest money by Weaselmancer · 2009-01-05 12:00 · Score: 2, Interesting

Two things, AC.
1) You can't prove you're right any more than he can.
2) Regardless of who is right, his final thoughts as he leaves this world will be more pleasant than yours.

--
Weaselmancer
rediculous.
Re:Honest money by Weaselmancer · 2009-01-05 15:06 · Score: 3, Insightful

The onus is on the believers, fool
True enough, but you've missed something. Both sides in this argument believe something. Something unprovable.
I would reserve the 'fool' for someone who missed that point. Perhaps you could benefit from a logic refresher yourself, AC.

--
Weaselmancer
rediculous.
Re:Honest money by Locklin · 2009-01-06 03:38 · Score: 3, Insightful

To require proof (or evidence) of a thing in order to believe it exists is not a belief, but simply rational scepticism.
If I tell you that sea water is made of supernatural jello, you are perfectly capable of asking me for some proof without forming a new "belief" that seawater is *not* made out of supernatural jello. Perhaps, you could argue that valuing scepticism is a belief, but then the onus is not on the GP to disprove God but simply to prove scepticism in general has value (easy).

--
"Knowledge is the only instrument of production that is not subject to diminishing returns" -Journal of Political Econom

Re:Doofus Maximus by GOMF · 2009-01-05 10:03 · Score: 2, Funny

they showed him the real definition of a "Back door" entry method !!!!!! -_~

White hat? by Anonymous Coward · 2009-01-05 10:10 · Score: 2, Funny

Just showing my ignorance here, but can someone give me a definition of what 'hat colors' mean? Red Hat I know (I guess), but White Hat? Black Hat? Blue Hat?

Someone throw me a bone, here.

Re:White hat? by Anonymous Coward · 2009-01-05 10:18 · Score: 4, Informative

It comes from old Western movies. The "good guy" cowboys all wore white hats, and the "bad guys" wore black hats.
Re:White hat? by karstdiver · 2009-01-05 10:18 · Score: 2, Informative

I think the reference was simply: white hat==good guy black hat==bad guy. See also the "Six Hats" method for thinking (but I'm not sure it applies in this case): http://members.optusnet.com.au/~charles57/Creative/Techniques/sixhats.htm
Re:White hat? by Xtifr · 2009-01-05 10:57 · Score: 2, Informative

It's a grey area, which is why those who hack purely for the personal satisfaction, rather than for "good" or "bad" motives are called grey hats. :)
Re:White hat? by TheoMurpse · 2009-01-05 11:22 · Score: 5, Funny

Don't forget "green hat." Those are hackers who shut down computers across the globe in order to reduce the world's carbon footprint.
Re:White hat? by Anonymous Coward · 2009-01-05 11:48 · Score: 3, Informative

White hats don't hack networks without permission, even if they plan to alert the network owner later. That is pure gray hat territory.
White hat hackers do pen tests, but only when given permission (or, more often, are hired to do so).

Ah. It all becomes clear by girlintraining · 2009-01-05 10:12 · Score: 5, Insightful

It wasn't that this guy was whacking other underground sites, it's that he also nailed the FBI's "sting" website. The FBI and him engaged in a turf war, because if there's one thing the government hates, it's stealing. It hates competition.

--
#fuckbeta #iamslashdot #dicemustdie

Re:Catching Max Butler by Emb3rz · 2009-01-05 10:19 · Score: 3, Insightful

I must be new here, because it's difficult for me to believe that you didn't RTFA!

He's in a prison in Pennsylvania playing D&D while awaiting his trial.

Re:Fiction worthy of Stephen Glass! by earlymon · 2009-01-05 10:20 · Score: 2, Informative

HTH - http://en.wikipedia.org/wiki/Tenderloin,_San_Francisco,_California

--
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.

Re:He was used by Amazing+Quantum+Man · 2009-01-05 10:22 · Score: 4, Funny

Isn't hackorX really Max's long-lost brother Rex Hackor, in disguise?

--
Fascism starts when the efficiency of the government becomes more important than the rights of the people.

CHECK MATE by synthesizerpatel · 2009-01-05 10:25 · Score: 2, Informative

If you're going by the Roman definition, modern definition such as 'decimation in time' can mean any size reduction of a set, although I don't think down to zero.

Although, Lindsay Nagel would disagree, since zero is a percent.

Re:CHECK MATE by rk · 2009-01-05 11:10 · Score: 4, Funny

since zero is a percent.
Please, let's leave the value of my 401k out of this.

Rather interesting line at end of article... by GPLDAN · 2009-01-05 10:25 · Score: 5, Interesting

Months later, Aragon's lawyer gave him some bad news. The Secret Service had cracked Butler's crypto and knew more about the hacker than Aragon didâ"which meant Aragon would probably never be offered a deal, even if he wanted one.

The USS cracked the Whole Disk Encryption of Max Butler.

Now reading about this guy, does Max Butler seem like the kind of guy who is going to keep his WDE password on his PDA?

No, I didn't think so either.

So, what kind would he be likely to use? dm-crypt under Linux? Commercial PGP? Scramdisk? TrueCrypt?

I think more WDE is backdoored than any of us suspect, and my takeaway from that line is that the commercial products aren't to be trusted.

Re:Rather interesting line at end of article... by Schemat1c · 2009-01-05 10:31 · Score: 5, Funny

The USS cracked
Sounds like the worst name ever for a ship.

--

"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better." - Unknown
Re:Rather interesting line at end of article... by snowraver1 · 2009-01-05 10:41 · Score: 2, Insightful

It could also be that the gov't has farms built for the purpose of cracking encryption. This guy was clealy high on their list, so it was worth the CPU time to crack. Just a guess.

--
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
Re:Rather interesting line at end of article... by jjohnson · 2009-01-05 10:51 · Score: 3, Informative

AES does not come from the NSA. "AES" stands for "Advanced Encryption Standard", and the algorithm selected, Rijndael, comes from two Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted it to the AES selection process. All algorithms that took part were publicly evaluated for five years by the cryptography community at large, and Rijndael was selected pretty much by public acclaim.

--
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
Re:Rather interesting line at end of article... by Cyberax · 2009-01-05 10:57 · Score: 2, Insightful

The main problem with encryption now is that you can't remember good enough keys anymore.
It's quite possible to brute-force ten-letter alphanumeric passwords. With some assumptions it should be possible to brute-force even larger passwords.
Re:Rather interesting line at end of article... by Raenex · 2009-01-05 11:01 · Score: 4, Insightful

If the encryption isn't government-farm proof then it's kind of worthless as encryption.
Re:Rather interesting line at end of article... by Anonymous Coward · 2009-01-05 11:12 · Score: 5, Interesting

The thing is: people keep saying that good crypto, while breakable, isn't realistically breakable, by which they mean using the entire computational resources of the planet running continuously for thousands of years. No matter how big any government's encryption-cracking farm, it should be a problem orders of magnitude too large. Twofish, for instance, is estimated to take 32 Petabytes of text before any significant progress could be made on decrypting it, while Blowfish has "no known way to break".
So the question becomes: does the government have quantum computers, and hasn't let on (and if so, why use them on something like this and let the secret out) or are there vulnerabilities in what we're all calling 'good crypto'.
Or, much more likely, did he actually use good cryptography programs, or did he do something stupid? (Or did the government install keyloggers on his equipment or any of a multitude of other ways of attacking the problem that doesn't involve brute-forcing TrueCrypt, for instance.)
Re:Rather interesting line at end of article... by StikyPad · 2009-01-05 12:04 · Score: 3, Interesting

That's why you use pass phrases. "Peter Piper Picked A Pickled Pepper!" is a far better password than #$q%{:}, and it's easier to remember. As a bonus, using natural language won't "wear down the keys" any differently, as a sibling poster suggested (although it's a ridiculous idea to begin with and sounds like something out of a movie).

--
https://www.eff.org/https-everywhere
Re:Rather interesting line at end of article... by Cyberax · 2009-01-05 12:09 · Score: 2, Interesting

Nope, it's not. It's actually a horrible passphrase, since it contains only dictionary words.
Re:Rather interesting line at end of article... by CodeBuster · 2009-01-05 12:31 · Score: 3, Insightful

Not at all. The final value of this carders hoard of unused dumps was estimated to be in the range of 500 million dollars (at least according to the article) and the USSS was involved along with the FBI in an attempt to shut down the largest consolidated carder site ever assembled by one person. As other posters have pointed out, analysis of keyboard wear (assuming that Mr. Butler didn't have the foresight to regularly change his physical keyboard) might have assisted the effort greatly (yielding a success before all or even most of the possible key space had been exhausted). The point of encryption is not to provide absolute protection for all time against all efforts but rather to provide protection for a limited amount of time as a function of the resources of your adversary. The United States, as one of the reigning superpowers of the world, has a vast amount of money and resources at it's disposal (we spend more then 500 million dollars in Iraq every week). Even the best encryption will eventually fall to a determined enough adversary with enough resources to throw at the problem. The article mentions a time frame of serveral months to years (and the trial probably went on for a couple of years) which sounds reasonable if government super computers were being enlisted in a distributed brute force search of the keyspace. Fortunately, for most of us, our data is not worth 500 million dollars and so no great effort will made to brute force our FDE keys in the event that our laptops are lost or stolen. Even the resources of the largest governments are finite after all and no protection, even the strongest encryption, is infinite, but that doesn't make FDE useless.
Re:Rather interesting line at end of article... by Bender0x7D1 · 2009-01-05 12:46 · Score: 3, Interesting

I personally find it very telling that the US government turned down Blowfish despite larger keysize, longer keyspace initialization, non-fixed S-boxes, and better performance, compared to AES.
You can turn off your conspiracy detector. First, Blowfish wasn't allowed to be used in AES since the call for algorithms required it to handle a block size of 128 bits.
Twofish was submitted but Rijndael was selected because of it's performance in the different types of hardware that they tried. There is a Report on the Development of the Advanced Encryption Standard [PDF warning], that provides a performance comparison, (by rating it I, II or III), of the various algorithms submitted for AES using a variety of hardware and environments, like 8-bit C and Assembler. (Figures 2, 3 and 4 in the paper.)
Also, the NSA approved AES for use on U.S. Top Secret information. They would hardly do that if there was a known method of cracking it.

--
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
Re:Rather interesting line at end of article... by theLOUDroom · 2009-01-05 13:33 · Score: 5, Insightful

What a load of hogwash!

analysis of keyboard wear [...] might have assisted the effort greatly

No. It would not. It's pretty simple. How many times do you type your password vs. how many times do you type some other word? Try doing some computer simulations if you don't believe me. The data will be lost in noise.

The point of encryption is not to provide absolute protection for all time against all efforts but rather to provide protection for a limited amount of time as a function of the resources of your adversary.

No. The point is to take advantage of math problems that are asymmetrically hard to solve.
The goal is to create the largest force multiplier you can. This is how crypto differs from regular security.
The perfect cipher would be simple enough for a human to compute readily on a single piece of paper while resisting the brute forcing efforts of a computer built using every atom on earth, clocked at one terahertz and running since the beginning of the universe. It's a issue of scale. The "force multiplier" effect avaible from crypto is greater than anything in the physical security world. Imagine instead that instead of working with of E = MC^2, you were working with E = C*2^M. See how it's different? The work required to brute force a key baloons very quickly.

Even the best encryption will eventually fall to a determined enough adversary with enough resources to throw at the problem.

No, actually that's not a certainty.
In order for what you said to be true there would have to be fundamental weaknesses in ever cryptographical scheme ever conceived, now or in the future.
If we find even one decent algorithm, free of shortcuts, then by using a large enough key it is possible to ensure that your data is not decoded before the death of the sun.

which sounds reasonable if government super computers were being enlisted in a distributed brute force search of the keyspace.

BASED ON WHAT? Why is months any more reasonable of a timeline to crack an unknown encryption scheme with unknown resources? Why not milliseconds? Why not millenia?

You have NO IDEA, what a reasonable time scale would be and you're just talking out your ass here.

I suppose some my consider me rude for point that out, but there are those of us who find people randomly making things up to support their argument to be rude.

--
Life is too short to proofread.
Re:Rather interesting line at end of article... by betterunixthanunix · 2009-01-05 15:20 · Score: 2, Insightful

"We did give Saddam Hussein the key to the city of Detroit."

He was once an ally, but that is irrelevant because it was not done by the NSA.

"How'd that Vietnam war ever turn out?"

From a military perspective, we were winning prior to the pull-out. We left because of eroded support for the war among the American public.

"How are things in Iran these days?"

You are 1 for 3, things are bad in Iran. But, as with the key to Detroit, this was not an NSA action.

"No the US would never shortsightedly adopt a policy against its own interests, especially with regard to cryptography." The laws surround cryptography are not passed by the NSA, they are passed by congressmen with little to no understanding of the field or how it works. Export restrictions on cryptography have nothing to do with the NSA, in fact, the NSA operates under the assumption that regardless of export law, publicly available cryptography systems will escape US borders. The idea that a cipher itself must be kept secret is beyond outdated; in fact, it is an idea that was dropped centuries ago, when the Kama Sutra cipher was published. While the NSA has, in the past, kept the nature of the ciphers used for SECRET and TOP SECRET level documents classified, this is no longer the case; AES represents a departure from that position.

AES is a mandatory standard for SECRET and TOP SECRET communications. This goes beyond the NSA, to every branch of the government. If the NSA had deliberately inserted a back door into AES, it would open the possibility of a foreign power deciphering high security communication within the US government. If you do not trust the NSA -- which hires expert cryptographers and security researchers -- to make good decisions about the security of the USA, then you might as well leave now for your own protection.

Of course, you do trust the NSA, and I notice that you never questioned my assertion about the DES S-boxes or anything relevant to actual cryptography. Another example would be the revision of SHA-0 to SHA-1 by the NSA; SHA-1 is more resistant to collision attacks than SHA-0. You do not seem to be interested in questioning whether or not the NSA introduced a weakness of some kind into SHA-1 or SHA-2. I agree that congress has a habit of passing stupid laws when it comes to cryptography, but to claim that this implies that the NSA has been trying to sabotage national security just screams of tin foil.

--
Palm trees and 8

Re:mod parent troll by be+new+here · 2009-01-05 10:56 · Score: 5, Funny

you all must be new here.

Please stop bringing me into this!

--
I got some bad grammar

Not exactly by Chmcginn · 2009-01-05 11:01 · Score: 4, Interesting

Now operation DarkMarket turns out to be a Fed-run honeypot.

Not exactly true. One of the admins was compromised after an arrest, and rather than shutting it down, they kept it running for a bit longer, planning on setting up big buyers for eventual busts.

--
Have you been touched by his noodly appendage?

Re:Why didn't the FBI do the disruption? by iluvcapra · 2009-01-05 11:02 · Score: 2, Insightful

>

The obvious question: why didn't the FBI do this rather than set-up a honeypot site?

Police and prosecutors are rewarded based on the number of arrests and convictions, and not necessarily on reduction in crime?

--
Don't blame me, I voted for Baltar.

Re:Why didn't the FBI do the disruption? by wjh31 · 2009-01-05 11:04 · Score: 2, Informative

would you like to give them the legal right to disrupt any website they felt fit before they had enough evidence to proove wrong doing. If there is wrong doing then gather evidence and prosecute and shut down for good, if there isnt wrong doing, leave it, dont cause disruption just because someone has a hunch, or whatever other motives any paranoids/conspiricists/etc would like to add

Fun with exponents by Chmcginn · 2009-01-05 11:11 · Score: 4, Interesting

It's quite possible to brute-force ten-letter alphanumeric passwords. With some assumptions it should be possible to brute-force even larger passwords.

If cracking a full-disk encryption with a ten-character password takes only five seconds, an eleven-character (assuming that it's case sensitive) password is going to take five minutes. A twelve-character will take about five hours. A thirteen-character, almost two weeks. Fourteen, two years.

--
Have you been touched by his noodly appendage?

Re:Fun with exponents by ld+a,b · 2009-01-05 12:59 · Score: 2, Funny

6. Asking you nicely in a closed room with no cameras laced with references to a one way trip to Cuba.

--
10 little-endian boys went out to dine, a big-endian carp ate one, and then there were -246.

Obsession by BountyX · 2009-01-05 11:16 · Score: 4, Insightful

Hacking is an obsession and an addiction. It can easily take over your life, especially if you are good at it. Finding your next target is like getting in your next fix. It offers the ultimate escape, diversion and self-esteem. In a sense, it is a power trip. The kind of rush you expirience when your skills pay off is incredible. For some, it is a rush better than sex and drugs combined. It adds a new dimension to an otherwise mundane and seemingly predictable reality. Some perspective ;)

--
Trying to install linux on my microwave, but keep getting a kernel panic...

Re:Obsession by mkiwi · 2009-01-05 11:49 · Score: 3, Insightful

So you mean it's like World of Warcraft? :-)

Here's the FBI's own press release... by Klootzak · 2009-01-05 11:57 · Score: 2, Informative

Because I don't trust wired.com much... I did a quick search for data on Max Butler from the source: The Department of Justice's own press release on this is dated 9/11/2007.

--
A Man's ethical behavior should be based effectually on sympathy, education, and social ties -- Albert Einstein

New Technology--Same Old Story by MarkvW · 2009-01-05 12:14 · Score: 2, Insightful

The criminal's accomplices shopped him. That, plus evidence of the public market that he created, was more than enough for a search warrant.

Once again . . . there is no honor among thieves. We should all be grateful for that.

I hope that the Feds launch that guy into the stratosphere.

Re:Very unfair image by Frosty+Piss · 2009-01-05 13:07 · Score: 5, Insightful

Max is/was/will always be a guy who stole identities and money other people, in many cases making their lives living Hell. You can toot all you want about the evil FBI, but fact of the matter is that Max is a thief who took things that didn't belong to him.

--
If you want news from today, you have to come back tomorrow.

not really... by darjen · 2009-01-05 13:10 · Score: 4, Insightful

the largest crime forum in the world

I think this dubious honor belongs to the US government.

Sigh. by Anonymous Coward · 2009-01-05 18:11 · Score: 4, Interesting

I have been one of Max's friends since HS. It's been most sad watching all this happen. He's such a good guy. He's made some bad choices, but he also has had his life severely constrained because of what happened with his gf in HS.

What the article doesn't really say is that his friends don't actually believe he assaulted her. He was impulsive and kinda wacky, but never hurt anybody, nor ever wanted to. Just think of him, a big kid with long hair standing in front of a box full of old, conservative, Idaho jurors. He's scary lookin'! Convict!!

Anyways, He was in prison while the rest of us went to college and got jobs. He got out and tried to play catch-up, but it was hard with a felony record. So for the rest of his life, he's been an outsider struggling to get in with the rest of us.

He's tried SO hard to do the right thing. But again, his record made it hard to get jobs, and he is so good at security stuff... It's so easy to slip. Again, bad decisions, but he had so few choices! I just wish he'd come to me to borrow money when he needed it rather than accepting these guys' offer. He was always close-mouthed about what he was doing after that. He said many times to me that he wished he could be doing good things too when I'd tell him about what was going on in my work. He had such huge collections of malware and 0day stuff that he kept meaning to organize and distribute to security researchers. He tried to help out with the honeynet project. etc.

My biggest fantasy is that the government would spring him out after a few years, put him in a room with a really smart handler, and let him rip at trying to figure out who spammers are or pentest government facilities for them or something. He could and would do SO much good. But of course, that only happens in the movies. Sigh.

From what he's said to me, there's a lot more stuff that he wants to say, but he can't talk about it until the trial is over. That said, I think that even he is pretty sure that he deserves some punishment for all this. I do too. But I temper this with the belief that he really would be a positive force for good if he were just given a chance. Please consider that before you vilify him.

Have fun!

Re:Recurring theme by neomunk · 2009-01-06 04:42 · Score: 2, Insightful

I think, by declaring liberals as extremists, you pretty well defined hypocrisy with your post.

You use your first 2 sentences to denounce up a type of behavior, and then engage in that very behavior in the very next sentence, you didn't even break for paragraph. Thank you for your demonstration, it may even cover cognitive dissonance as well as hypocrisy.

You know damn well that not all (not even most, and you KNOW it) liberals are extremists like that. On top of that you know (you KNOW) that there are conservatives just as extreme. Stop pretending to be on the only rational side. You'll find idiots and assholes wherever you look, especially if you go hunting for idiots and assholes.

Slashdot Mirror

A Hacker's Audacious Plan To Rule the Underground

67 of 313 comments (clear)