Facebook Helps Give Hacking a Good Name Again

Hugh Pickens writes "Ira Winkler says whenever he sees another 'cyberchallenge' getting play in the press, he think our priorities are screwed up. 'People seem to think that organizing teams of people to hack into systems is a way to bring together the best computer talent to square off against each other,' writes Winkler. 'I look at it as a waste of that talent.' That's why Winkler supports Facebook's latest Hacker Cup, which has become one of the few tests of creative computer talent. Facebook is using the original definition of 'hacker,' referring not to someone who breaks into computer systems, but rather to an individual who 'enjoys exploring the details of programmable systems and how to stretch their capabilities.' Facebook's contest consists of successive sets of increasingly difficult algorithmic problems. Scoring will be based on how accurately and quickly the programmers complete the puzzles. 'Meanwhile, the media effectively lionize groups like Anonymous by breathlessly reporting on their latest hacks,' writes Winkler. 'What we really should be doing is not to reward a handful of students to find problems, but to train all students, and inevitably the profession, to integrate security into their efforts from the start.'"

HBGary?

[jginspace]

Meanwhile, the media effectively lionize groups like Anonymous by breathlessly reporting on their latest hacks,' writes Winkler.

Well you've got to admit the HBGary hack, as reported by arstechnica, was pretty damn cool.

Bad Timing

[Robadob]

This seems like bad timing for me/other uk students. Most of us are going to be having exams during the period which it is set, e.g. the qualification round is 20th-23rd of January, and then i have 2 exams on the 24th and 26th of January so it looks like i won't be signing up for this.

Re:Question...

If you are signed in and seeing it before it posts to the front page for every else that doesn't have an account or signed in, you will see it in red. It will also say as a time "Mysteriously in the future".

Nathan

HBGary = pack of troll assholes

They're no better than the "Chinese Water Army" shitheads, & are there to mislead/misinform others and to attack those who do not "play their game/are with THEIR program".

Don't believe it? Read this:

http://www.dailykos.com/story/2011/02/16/945768/-UPDATED:-The-HB-Gary-Email-That-Should-Concern-Us-All

PERTINENT QUOTES/EXCERPTS:

"According to an embedded MS Word document found in one of the HBGary emails, it involves creating an army of sockpuppets, with sophisticated "persona management" software that allows a small team of only a few people to appear to be many, while keeping the personas from accidentally cross-contaminating each other. Then, to top it off, the team can actually automate some functions so one persona can appear to be an entire Brooks Brothers riot online... And all of this is for the purposes of infiltration, data mining, and (here's the one that really worries me) ganging up on bloggers, commenters and otherwise "real" people to smear enemies and distort the truth... "

and

"They are talking about creating the illusion of consensus. And consensus is a powerful persuader... And another thing, this is just one little company of assholes. I can't believe there aren't others doing this already. From oil companies, political campaigns, PR firms, you name it. Public opinion means big bucks. And let's face it, what these guys are talking about is easy."

and

"To the extent that the propaganda technique known as "Bandwagon" is an effective form of persuasion, which it definitely is, the ability for a few people to infiltrate a blog or social media site and appear to be many people, all taking one position in a debate, all agreeing, for example, that so and so is not credible, or a crook, is an incredibly powerful weapon."

---

* They're out & out PIECES OF DECEIVING SHIT!

APK

P.S.=> They represent EXACTLY the type of people in this life I utterly FUCKING hate (& I am not "pulling any punches" on this one) - I call that "type" online "the NOT-men" (because they act more like WOMEN, than men, or @ least decent honorable men)...

... apk

We've done this before.

[lightknight]

We've done this before -> the best h@x0r$ aren't the people beating their chests, sporting security credentials, hanging out at DefCom, taking down websites, or playing '5 minutes in heaven' with the 3-letter agency people. And they typically aren't the people who have an entire bookshelf devoted to books that actually mention hacking / cracking in the title. The dangerous people are the ones who have the dog-eared copy of Fundamentals of UNIX Programming sitting on their desk; they aren't using the hack of the week, or someone else's 0-day to compromise a system -> they know how the system actually works, all of its strengths and weaknesses. It's like the difference between some poor slob who bought a gun and keeps it in the front part of his jeans, and a trained Marine with his trusty hunting rifle.

Programmers themselves can be scored in several different categories, and it often takes a weird grouping off them to pull off anything outstanding. Knowledge of computing, theory of computing, theory of application, pragmatic programming, knowledge of the programming language / linguistics, mathematics, advanced problem solving, advanced research, imaginary problem solving, and lore of computing. I may have missed a few. Good luck getting all 10s in every category.

Security, by the way, is taught; it's simply not emphasized to the exclusion of other subjects. Most CS students know where the security holes, the major ones, can occur when it comes to programming. However, it's simply not cost-effective to chase down every last security issue (it could take years to release a product).

Re:We've done this before.

I call BS. Most CS students DO NOT know where the "major ones" are. It is thought processes like this that lead to compromised systems in the first place.

As for the "cost-effective" argument, tell that to HBGary, or Sony, or any one of the hundreds of businesses that no longer exist. Tell that to the businesses that won't exist 2 years from now, and will never even know why. The really good compromises aren't detected, or if they are, are interpreted as minor ones.

Re:We've done this before.

[lightknight]

Yes, they typically do. It usually starts and ends with, "You know what, I think I will program this next application, I think I'll use C / C++ / PHP / MySQL." ;-)
They learn about buffer overflows the first time they make getline / cin / (it's been a while) choke or die on some input, they learn all about SQL injection attacks when one of their webpages forgets to escape hyphens before running a query, and they learn the value of username / password security the first time they accidentally leave their username / password embedded in some code they're editing in a terminal / SSH session on their laptop, in a public place, when they run to use the bathroom. That plus many of the things that make the compiler throw warnings / errors covers 50% of the security concerns a programmer will run into.

As for security, I said it's not cost-effective to chase down "every last security issue"; it's not, as no matter which OS you might be using, there is a library it's linking to that somewhere will cause a bug which will cause your program to collapse / grant elevated security privileges. If you believe you are running an OS that cannot be cracked / that is secure, feel free to post your IP address to some of the more interesting forums on the internet; with a minimal install, it might take them a week or so to crack; with a full install, and a fair number of normal services running, it might take several minutes.

Sony, in this case, didn't just "not track down every last issue." It didn't track down / patch any of them, preferring security through obscurity (and firing their security team a week before everything collapsed, for good measure). And they are still in business...

Old folks definitions

[sgt+scrub]

Hacking: Using your capabilities to gain access and explore an unknown programmable system.

Cracking: Using knowledge of existing tools and systems to gain access and exploit a known programmable system.

Re:Old folks definitions

[_0x783czar]

I'd say that's a fair way to define it. It seems that our culture is beginning to label anything a hack these days, even accessing someone's Facebook when they're not looking.

Old School Hacks FTW

[_0x783czar]

I'm glad to see Facebook promoting creative computer exploration. I think that the true spirit of hacking is being lost in the new definitions of our modern society. Anonymous and LulzSec make headlines for DDOS attacks which don't really count as hacking. The great hacks these days are often made without fanfare when a Hacker exploits a system or piece of code with his natural creativity, and it is often for positive rather than negative ends.

Re:original meaning

[elrous0]

I always thought crackers was a derogatory term for white people.

Re:original meaning

[sycodon]

Since I started in computing in 1980, I can't remember when the term Hacker meant anything other than someone taking something and "hacking" or, making changes, to something so that it performed its original function differently or performed an entirely new function. Almost always these were done with illicit intentions.

Ask any non-computer person who writes the stuff that breaks their computer, steals their data and/or money and they'll say "Hacker".

I'm afraid Hacker will always be associated with people that most folks would like to see in jail or simply shot in the face.

They need to find a new name.