Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Rise of Everyday Hackers

Posted by samzenpus on from the hacker-mom dept.

An anonymous reader writes "Research suggests there will be a rise in everyday hackers. A simple Google search for 'SQL injection hack' provides 1.74 million results, including videos with explicit instructions on how to exploit SQL injection vulnerabilities. The ready availability of this information makes it possible for less technically skilled hackers to take advantage of this common flaw. Although SQL injection flaws are easy to identify and fix, Veracode found that 32 percent of web applications are still affected by SQL injection vulnerabilities. As a result, as many as 30 percent of breaches in 2013 will be from SQL injection attacks. The research also concluded that the leading cause of security breaches and data loss for organizations is insecure software. The report found that 70 percent of software failed to comply with enterprise security policies on their first submission for security testing."

83 of 126 comments (clear)

  1. Hacker = Script Kiddie? by Anonymous Coward · · Score: 5, Informative

    Really /. of all the places I'd not expect this particular stupidity.

    1. Re:Hacker = Script Kiddie? by jellomizer · · Score: 4, Funny

      Technically I am more of the old school definition of Hacker. And these criminals are actually crackers, and deserve to be punched in the face.

      Oh all high and mighty Hacker, who broke into a website, made by some guy on a tight deadline, or is probably their first programming job. By using a SQL injection attack. How 7337 are they. By copying and pasting you have shown yourself to be some real computer wiz.

      Sorry. I have no respect for these people. They just make the world a tougher place to live. Imagine how fast computers will be without layers of security to prevent people in breaking into their systems. But there are so many people who idealize these jerks think they are something special.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    2. Re:Hacker = Script Kiddie? by interval1066 · · Score: 1

      Huh? How is this 'stupid', exactly? This is a very informative article. Or are you of the "see no evil" persuasion?

      --
      Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
    3. Re:Hacker = Script Kiddie? by morgauxo · · Score: 3, Funny

      "But there are so many people who idealize these jerks think they are something special."

      Oh, yeah, script kiddies. All the girls want to have them and the guys want to be them.

    4. Re:Hacker = Script Kiddie? by evilmidnightbomber77 · · Score: 1

      Exactly. Us professionals run sqlmap --level 5 --risk 5 -u http://example.com/foo.php instead.

    5. Re:Hacker = Script Kiddie? by Synerg1y · · Score: 3, Insightful

      That's like saying... imagine a world where i leave my front door open... hope i don't get robbed!

      Also, every time somebody argues the definition of hacker, cracker, and script-kiddie you folks are lowering the bar. By definition, neither of these 3 should care less what they're called by the media (real pros define themselves with hats? :P ). In fact, the more obscurity the better.

    6. Re:Hacker = Script Kiddie? by Anonymous Coward · · Score: 1

      The professionals just know that their code does not have any SQL injections and it will be impossible to have an SQL injection anywhere in their code due to sane use of the DB, code review, etc. monitoring of fellow programmers. ;)

    7. Re:Hacker = Script Kiddie? by Anonymous Coward · · Score: 2

      Maybe I misinterpreted the point of TFA, but I took it as meaning there's something in between, where someone isn't what would have been called a "hacker" in the 1980s, but they might not necessarily be blindly running scripts without understanding them, either. That is, SQL injection attacks on websites are so well known, and well explained, that mainstream people are capable of "getting" it. What ESR calls a "larval stage" hacker might indeed write a script (without merely pasting) that automatically attacks sites, attempting injection on every GET parameter that its crawler detects.

      Even if you have no respect for them, writing the scripts is not something a "script kiddie" does. Call 'em juvenile assholes or worthless-piece-of-shit vandals if you like, but not "script kiddies." I think of script kiddies as people who use attack tools without knowing how the tools work or how to create them.

      Where it gets even more blurry, is how the tools have improved. You can be a "programmer" but use the incredibly high-level "batteries included" standard libraries, like what comes with Python. You can crawl a site without knowing how to write a parser. That makes it harder to tell who is a what.

    8. Re:Hacker = Script Kiddie? by Anonymous Coward · · Score: 1

      The art of hacking is mostly lost today, the word is used cheaply. Its really an insult to anyone who is a real hack whether on the good side or the bad

      Agreed. he misuse of the term hacker is akin to the misuse of the term hero these days. Real hackers don't even break into other computer systems. Real hackers see an interesting piece of software in action and think to themselves "How does that work?"...then they implement the functionality themselves to learn hoe it works. This is the approach I took years ago when Lotus 1-2-3 style menus were popular and I was had just finished reading a book about the C language. I implemented a complete screen management library (the popular term is framework these days) using C and implemented Lotus 1-2-3 style menus, drop-down menus, multi-level horizontal and vertical oriented menus, etc. over the course of two weeks. This was during the mid-1980s after I bought a Commodore PC (an IBM PC compatible computer) a few years after exhausting the capabilities of my Commodore VIC-20 computer. I wish I could go back to these exciting times!

    9. Re:Hacker = Script Kiddie? by K.+S.+Kyosuke · · Score: 1

      ...due to sane use of the DB, code review...

      How primitive. Just enforce it with the language, in the type system, or with AOP (which is virtually the same thing from a certain point of view).

      --
      Ezekiel 23:20
    10. Re:Hacker = Script Kiddie? by Anonymous Coward · · Score: 1

      Imagine how fast I could enter and leave my home/car/office if I didn't lock the door!

    11. Re:Hacker = Script Kiddie? by ci13urn · · Score: 2

      It's also stupid because its common sense that Googling something will bring you a how-to. It's also stupid because I read this same article at least twice a month. SQL injection has, and probably for a long time coming, will be the most commonly exploited vulnerability on the web.

    12. Re:Hacker = Script Kiddie? by GigaBurglar · · Score: 1

      "But there are so many people who idealize these jerks think they are something special." But I saw it in a film.. they look so cool.. people will think I'm smart and mysterious.

    13. Re:Hacker = Script Kiddie? by GigaBurglar · · Score: 1

      "The art of hacking is mostly lost today"

      Actually no - they are too busy tinkering with something to post videos on YouTube - and not giving themselves ridiculous name like viRuS or bLaCkD34Th

    14. Re:Hacker = Script Kiddie? by GodfatherofSoul · · Score: 1

      Ridiculous analogy because people aren't leaving their networks open. Some of these exploits take a sophisticated understanding of protocols to figure out even if the exploit itself is a simple piece of code or series of interactions.

      And, this is my problem with the glorifying of hackers we get on Slashdot. Those of us with jobs in the industry have to waste our time dealing with these monkeys, while a certain subset here thinks it's the admin's fault that you found an exploit by trawling torrent sites all night.

      --
      I swear to God...I swear to God! That is NOT how you treat your human!
    15. Re:Hacker = Script Kiddie? by Synerg1y · · Score: 1

      I was mainly responding to...

      Imagine how fast computers will be without layers of security to prevent people in breaking into their systems

      And btw it is beyond a reasonable doubt the admin's fault somebody is browsing torrent sites off the company network at night.

      1. why is VPN access not audited? (why does nobody see somebody getting in at night for non-work reasons)
      2. why are the torrent sites not blocked? Even a simple blacklist can accomplish 99% of this.

      Leave security to human nature and tendencies and in my analogy you might as well not bother with the front door... or frame for that matter.

    16. Re:Hacker = Script Kiddie? by Opportunist · · Score: 1

      Well, considering how programming gets easier, it's just logical that hacking programming gets easier too. When you have people who don't know what they're doing and just following rote and rule creating programs, you can have people who don't know what they're doing exploiting their weaknesses.

      It's the logical conclusion when you forgo basic knowledge and basic computing skills. That's what happens when cargo cult programming and copying/pasting from code snippets and samples becomes the norm. Of course, such people also create programs that have easy to exploit flaws. Not only because they copy/paste the programming errors of others, by stringing such bits of code together they introduce more.

      Like not all programmers are rote programmers, not all hackers are script kids. All this said is that the fact that code is written by more and more inferior programmers, more and more inferior hackers can overcome the security of that code.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    17. Re:Hacker = Script Kiddie? by Opportunist · · Score: 1

      Idealizing the attacker? No. But likewise, not absolving the idiot who built the insecure webpage in the first place. A "tight schedule" is NO excuse for the crap that doubles today as security layer. Most of the things I find in webpages these days can easily be avoided without additional programming effort, all it takes is KNOWING something about SQL instead of copying/pasting the crap off the net.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    18. Re:Hacker = Script Kiddie? by Opportunist · · Score: 2

      Those "sophisticated attacks" are the tiny minority. I spend my time auditing the security of systems, and the systems where I have to dig deep and bring out the big guns are few and far between, usually found in healthcare or finance (i.e. places where they bother to hire more expensive and knowledgeable people because that's cheaper than the stiff penalties which may include shutting your act down).

      Most systems already break down under an automated attack. Which sadly also means that in security auditing, a lot of snakeoil peddlers are traveling around and showing off cheap tricks that befuddle those that know even less than them about security, but ... well, as long as there are idiots posing as programmers, there will be idiots posing as hackers and of course you'll also find a lot of idiots posing as security experts. Just the natural order of things.

      And yes, I agree, I'd wish I didn't have to waste my time dealing with these monkeys.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    19. Re:Hacker = Script Kiddie? by Anonymous Coward · · Score: 1

      Cracker as a perjorative term to describe Black Hats is just not going to catch on as a term used by professional media. It's been a derogetory term refering rural white US Southerners for over 150 years and became a wide spread racial epithet towards white people in general over 50 years ago.

    20. Re:Hacker = Script Kiddie? by russotto · · Score: 1

      Real hackers don't even break into other computer systems.

      Bah. The old time hackers bypassed security and broke into computer systems all the time. You know the story of the Fortran version of Zork? One DEC hacker broke the security on the source directory, then brute-force decrypted the source code, and another DEC hacker translated the source into Fortran.

    21. Re:Hacker = Script Kiddie? by darkfeline · · Score: 1

      I see high-level "batteries included" as the next step in programming evolution. There was a time not long ago where compilers and hell, even assemblers were state-of-the-art, highest level programming. But the basic thought processes a "programmer"/"hacker" has will never change.

    22. Re:Hacker = Script Kiddie? by chrismcb · · Score: 1

      Oh all high and mighty Hacker, who broke into a website, made by some guy on a tight deadline, or is probably their first programming job.

      Neither of which is an excuse for leaving an SQL open to be injected. I'm shocked that in this day and age 1/3 of the applications have this vulnerability.

    23. Re:Hacker = Script Kiddie? by Big+Hairy+Ian · · Score: 1

      Depends on the colour of your hat :) but script kiddies are lower than phone freaks any way you look at it.

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    24. Re:Hacker = Script Kiddie? by morgauxo · · Score: 1

      You just didn't want to slow down your own supply of bitcoin! :-)

  2. Please ./ by Anonymous Coward · · Score: 1

    remove this article

  3. Re:The word is cracker, not hacker by Anonymous Coward · · Score: 1, Interesting

    No it isn't. The word is Hacker. Cracker is someone who removes DRM protection from games and other software.

  4. The rise of everyday... fuck, everything really. by rodrigoandrade · · Score: 5, Insightful

    If this is what passes for research nowadays, I got some more data. Check out these Google queries and the results... (something, something, think of the children, something).

    "make a bomb" 557,000,000 results
    "rape sister" 99,000,000 results
    "kill mother" 274,000,000 results (funny how "kill mother in law" turns up on Google's autocomplete thingy)
    "cheat taxes" 59,700,000 results

  5. Everyday? by Beorytis · · Score: 1

    I guess I'm wondering what the definition of "everyday hacker" is. Just less technically sophisticated?

    1. Re:Everyday? by TWiTfan · · Score: 1

      It's a script kiddie.

      --
      The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
    2. Re:Everyday? by Anonymous Coward · · Score: 1

      What I am concerned about is even though SQL injections are a common attack, which doesn't take a lot of skill to take advantage of, it can result in one unexpected consequence.

      It wouldn't be hard for a LEO to make honeypots. Then when some junior level people run the scripts, their info is saved aside, and then at a later date after a DA has plenty of time to make a firm case, mass arrests, Operation Sun Devil style are made, and multiple times.

      Yes, attempting to break into something is a crime, but what constant mass arrests would do is result in is another generation of children [1] too afraid to test limits, or if they know what they are doing, they would never work for anything government related for fear of being tossed to the wolves, come some witch hunt (say WarGames 2 gets released, and the fear of "cyber-terrorism" hit a peak again.)

      In the '90s, we completely lost a generation of people who would do white-hat work for computer security due to Operation Sun Devil and Steve Jackson Games.

      My concern is that leaving easy bait out for people curious about stuff, then mass arrests after that will not just pull computer-savvy people out of the workforce, but scare anyone off who is interested in computer security. Already, I've spoken with high school conselors who tell any STEM major to go law because the floodgates for H-1B workers is about to triple, and that means there is no real way to obtain a viable career in that field.

      [1]: More like another generation of lusers.

    3. Re:Everyday? by SuricouRaven · · Score: 2

      "result in is another generation of children [1] too afraid to test limits,"

      That may be the intended result.

      In the early days of the internet, there was a very casual attitude to hackers. It was fully expected that most aspiring technical types would go through a 'phase' of aggressive exploration and pranking, and so long as they didn't do any serious damage it was regarded as a standard part of the learning process and something they would eventually mature out of once they no longer felt they had to prove their skills by such a game. If someone broke your system, you'd fix the hole and silently congratulate someone who'd shown skill, initiative and enthusiasm for the field. Things are very different now. With computers much more involved in high-value commercial and governmental usage, their is much less room to tolerate hacking attempts - that playful, still-learning script kiddie could get lucky and cost the company millions. So attacks that once would have been shrugged off now result in calling in the police and the lawyers.

      Also, Wargames 2 exists: It was a direct-to-DVD sequel generally regarded as an insult to the original.

  6. Its called the internet by ci13urn · · Score: 5, Insightful

    My research suggests there will be a rise of everyday cooks. A simple Google search for "How to Cook" returns over 1 Billion links and videos describing how to cook! This is original news...

  7. what is this shit by Synerg1y · · Score: 2

    As a result, as many as 30 percent of breaches in 2013 will be from SQL injection attacks. The research also concluded that the leading cause of security breaches and data loss for organizations is insecure software. The report found that 70 percent of software failed to comply with enterprise security policies on their first submission for security testing.

    No!

    Email Spear phishing is the leading cause of security breaches, you can patch software all you want, but patching an idiotic user? Good luck on that!

    And 70% sounds a little low, on an intense enough audit (there's many levels), it would look more like 95%.

    1. Re:what is this shit by c0lo · · Score: 1

      but patching an idiotic user? Good luck on that!

      Well, patching them is not the major problem... it's the necessary reboot after the patch: most of them never come back after that.

      --
      Questions raise, answers kill. Raise questions to stay alive.
  8. Re:The rise of everyday... fuck, everything really by geminidomino · · Score: 5, Funny

    After setting off every TLA alert system to make a point on slashdot, user "rodrigoandrade" received a midnight visit and was never heard of again.

  9. A Bit Late by g0bshiTe · · Score: 1

    Wow, a recent google search revealed a search for sql injection netted over 7 million hits and even shows how to do this. This has been well known for at least the last 6 years, next you'll be telling me to beware of Belarc because it will post my serial keys in some hidden page.

    --
    I am Bennett Haselton! I am Bennett Haselton!
  10. Who is Veracode and what are they trying to sell? by glwtta · · Score: 2

    Leaping to faulty conclusions from spotty data is basically my day job, but it seems these people take it to a new level.

    30% of breaches will be from SQL injections, because that's the percent they found to be vulnerable?

    A certain type of attack will increase because they googled some shit?

    What the actual fuck is this?

    --
    sic transit gloria mundi
  11. Amazing... by ewenix · · Score: 1

    This is what passes as news on slashdot now? Let's see what's that brady bunch phrase?? oh yeah..... jumped the shark.

    1. Re:Amazing... by Bing+Tsher+E · · Score: 1

      But "Little House on the Prairie" almost sounds like something the bronies would go for. So let's just keep quiet about it.

  12. LOL ... by gstoddart · · Score: 1

    This reminds me of JK Rowling's "A Casual Vacancy" since this kind of casual hack figures into the plot.

    --
    Lost at C:>. Found at C.
  13. Re:The word is cracker, not hacker by wonkey_monkey · · Score: 1

    Sorry, but in English words are defined by how they are used, not how some wish they were used.

    --
    systemd is Roko's Basilisk.
  14. Re:The word is cracker, not hacker by fustakrakich · · Score: 2, Interesting

    No, a cracker is a thin, crisp wafer often eaten with cheese or other savory toppings.

    --
    “He’s not deformed, he’s just drunk!”
  15. Students by nightfury · · Score: 2

    "'Little Bobby Tables', we call him..."

  16. Pure FUD by a security web site... by David_Hart · · Score: 5, Insightful

    I think that most comments are missing the fact that this is an article on a security web site which will be used to sell CEOs on the latest in security platforms. It's pure marketing, which means that it doesn't have to be logical or adhere to real world facts.

    I agree that it should have never made it to Slashdot. However, it is interesting to read silly articles like this from time to time to remind ourselves where management gets their ideas about security.

  17. Re:The rise of everyday... fuck, everything really by mjr167 · · Score: 1

    I think the solution is to ban Google! Google is clearly facilitating terrorists!

  18. Re:The word is cracker, not hacker by dkleinsc · · Score: 5, Funny

    No, "cracker" is a synonym for "honky", although it's arguably correctly spelled "cracka".

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  19. Re:The rise of everyday... fuck, everything really by Anonymous Coward · · Score: 1

    half of those are blogs with no content and linkspam. another chunk is what im guessing are wordfiles for cracking passwords. another chunk will not have the search term anywhere on the page for some reason. even tho it showed it in the summary.

    much better.

  20. Report finds that by biodata · · Score: 2

    Insecure software is insecure

    --
    Korma: Good
  21. Lies, damn lies, and statistics by Loosifur · · Score: 3, Insightful

    "A simple Google search for 'SQL injection hack' provides 1.74 million results, including videos with explicit instructions on how to exploit SQL injection vulnerabilities."

    Which means that people could be searching to learn what that means because they read or heard it somewhere, or because they want to prevent SQL injection hacks on their site. There are two alternative explanations that don't involve cracking, and I'm sure you can come up with more.

    "Although SQL injection flaws are easy to identify and fix, Veracode found that 32 percent of web applications are still affected by SQL injection vulnerabilities. As a result, as many as 30 percent of breaches in 2013 will be from SQL injection attacks."

    The quoted statistic does not prove the subsequent claim. This violates basic principles of logic, and anyone who's taken a statistics course (as all reporters should) would see the problem here. Just because 1/3 of web apps are vulnerable to a given attack does not mean that 1/3 of web apps will subsequently fall victim to said attack. The less horrible way to phrase this would be to say that there's a 1 in 3 probability that future attacks will involve SQL injection, and even that's not born out by the statistic.

    Here's an analogy (non-automotive): 15% of college basketball players are talented enough to be drafted into the NBA, let's say. This does not mean that 15% of college basketball players WILL be drafted into the NBA, nor does it mean, and this is the kicker, that 85% of new NBA players will be talented players coming from somewhere other than college teams. Or, 1/4 of all homes being vulnerable to electrical fires does not mean that 1/4 of all home fires will be electrical.

    --
    This unbiased moderation brought to you by the Porcine Aviation Group!
    1. Re:Lies, damn lies, and statistics by postbigbang · · Score: 1

      What? Causation != Correlation?

      I find it embarrassing that there are so many SQL injection links out there. Why? It means that those pages aren't filled with kitty pictures!

      After all, it seems that about half of social media posts involve kitties, and if we could just post kitties instead of SQL injection attack links, the world would be so much nicer!

      --
      ---- Teach Peace. It's Cheaper Than War.
    2. Re:Lies, damn lies, and statistics by chaos_technique · · Score: 1
      and we should really stop talking about this, since it obviously makes the world even more insecure: I just googled for "SQL injection" and lo and behold,

      About 6,790,000 results (0.16 seconds)

      I guess this post makes it +1, I'm really anxious now.

      --
      Singe capitulard mangeur de fromage
  22. Hmmmm by inkcogito · · Score: 1

    Is there a database of SQL injection hacks?

    1. Re:Hmmmm by amiga3D · · Score: 1

      talk about recursive

    2. Re:Hmmmm by JWW · · Score: 2

      There used to be...

  23. Re:The rise of everyday... fuck, everything really by Idbar · · Score: 1

    And my take on that is the news and Internet itself.

    With news indicating "how easy is to find how to make a bomb online" or even running an article explaining it , and on the other hand, geeks making references to little Bobby tables, what do you expect, but people going around and confirm by themselves?

  24. Re:The rise of everyday... fuck, everything really by Idbar · · Score: 1

    Then again, as you said, there's plenty of documentation online. Now, how is being used? Despite of just satisfying curiosity, is how Google or Wikipedia searches make no sense as metric or indication of anything.

  25. What? by dragon-file · · Score: 1

    Since when have script kiddies been elevated to everyday hackers?

    --
    Whenever a player quits EVE to go play WoW, the Average IQ of both games increase.
    1. Re:What? by Opportunist · · Score: 1

      You don't follow the news on TV, do you?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  26. Re:The rise of everyday... fuck, everything really by amiga3D · · Score: 1

    no, just censor it. Wait for it, it's coming.

  27. Re:The word is cracker, not hacker by SuricouRaven · · Score: 1

    The jargon file is more how they were used. Language changes, especially in tech circles.

  28. Re:The rise of everyday... fuck, everything really by SuricouRaven · · Score: 3, Insightful

    Attitudes towards potentially dangerous material are often contradictory. For example, in an episode of Mythbusters the team required thermite for an experiment. They made this themselves, in a procedure not shown. The ingredients bottles were blurred out to hide the labels. Jamie sarcastically warned viewers never to mix 'blur' and 'blur.' So clearly, someone at the studio considered this information to be too dangerous to reveal to the audience - either because it could be used to create a weapon, or because of the risk someone would experiment with it and then sue the studio after they burned their hand off. And yet, this material that so scared the studio is widely known. Not only can it be looked up with ease on the internet, but it's the textbook example of a redox reaction - quite literally the textbook example. When I studied chemistry in a perfectly ordinary public school it was the example in the textbooks, including not just the ingredients but instruction in how to calculate the correct ratio and, thanks to a practical demonstration given by the teacher, instruction in the importance of particle size, correct safe preperation method and means of ignition. Does that mean the school chemistry text is a terrorism handbook?

    You probably could use thermite for terrorism too. If it's used to weld rails, it can be used to sever them too. Sever a rail, derail a train. Could kill hundreds of people if you time it right.

  29. Actually 138K hits, not 1.74m hits by bederson3610 · · Score: 1

    Using Google to search for "SQL injection hack" WITH QUOTES results in 138,000 hits. If you search for SQL injection hack without quotes (meaning Google will count pages that have those words anywhere on the page), then you get the 1.74m hits reported.

  30. The devil is in the details. by houbou · · Score: 1

    That's the only way to be truly secure. Pay attention to every aspect of your setup.

  31. Re:The word is cracker, not hacker by TsuruchiBrian · · Score: 1

    It's not that you are wrong. You are right about how these words are used today. That you seem completely unaware that these words used to mean (i.e. hacker (before) = tinkerer (today), cracker (before) = hacker (today)), betrays your ignorance.

  32. Obligatory XKCD by OhSoLaMeow · · Score: 2

    XKCD

    --
    They can take my LifeAlert pendant when they pry it from my cold dead fingers.
  33. Re:The word is cracker, not hacker by GigaBurglar · · Score: 1

    I usually define cracker as someone who 'cracked' a problem; to crack a code or puzzle (to use it generically).
    A hacker is someone who modifies the function / flow of code / hardware - to re-purpose something into something else for their own benefit.

    To create code that will modify the stack of a program; to alter the hex of a binary is really the domain of a hacker.
    To crack something is to really use code to solve a problem - crack a code; perform brute forcing.
    There is an overlap when one breaks license protection of software; or designs software to modify a program's stack - to do that you need to both hack and crack.

    Most 'hackers' these days will just use code that was written by a real hacker - without hacking anything they essentially crack problems; crack their way into a system without ever modifying code on their own.

  34. Re:The word is cracker, not hacker by hackula · · Score: 1

    ...but probably true, more often than not.

  35. Re:The word is cracker, not hacker by GigaBurglar · · Score: 1

    Let me axe u a question den. Have u evr used a dictionary? Den u wud kno that words hav clear definitions.

  36. Re:The rise of everyday... fuck, everything really by GigaBurglar · · Score: 1

    *Knock knock*

    "Who's There?"

    "The FBI"



    Congratulations - I hope you don't plan on leaving the country any time soon. :)

  37. Re:The word is cracker, not hacker by BitZtream · · Score: 1

    No.

    A cracker is a cowboy in Florida with a whip that he 'cracks' to encourage his cattle to move on demand.

    A honkey is a racial slur for white people.

    You probably also think Redneck is a racial slur. Neither Cracker or Redneck are racial slurs, they define a working class of people, race/color is irrelevant.

    If you're going to be a bigot, at least get your fucking racism and prejudice right.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  38. Re:The word is cracker, not hacker by Lazere · · Score: 1

    And yet, I understood every word of that. Clear definitions are only useful if everybody agrees on them.

  39. Re:The word is cracker, not hacker by dkleinsc · · Score: 1

    For the record, I'm using slurs that could be and have been said targeting me. It's like Chris Rock saying the n-word.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  40. Re:The rise of everyday... fuck, everything really by JazzLad · · Score: 1

    Coming?

    --
    "If you have nothing to hide, you have nothing to fear." - Every fascist, ever
  41. Re:The word is cracker, not hacker by Opportunist · · Score: 1

    I never really got that fight. Hacker, cracker, ... do I need a label?

    War hero, murderer, same shit. I know it's easier and faster to just read the label instead of looking at the whole story and make up your mind accordingly... oh look what I'm saying, people supposed to make up their own mind. Do they still do that? I think it went out of fashion. Today we prefer to just read the label on a person. It's easier.

    But I guess I finally get the PC craze. If it is so important what label is attached to us, and if we don't bother to look at the person behind the label anymore, it matters that the label has some good connotation. Whether the person has, who cares?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  42. Re:The rise of everyday... fuck, everything really by Opportunist · · Score: 1

    "I gave at the office"

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  43. Re:The word is cracker, not hacker by PhamNguyen · · Score: 1

    It makes no difference. According to the fanatic who replied to you, you are a racist because you believe that "cracker" is a racial slur.

    It makes no difference to him or her that "cracker" is currently used as a racial slur. He/she pretends that "cracker" still retains its original meaning (assuming that "Cracker" really did orginate as Floridan term for a cowboy). Even if you were wrong about "cracker" being a racial slur, I can't see how that would make you a bigot anyway. But that's the thing, many so called "anti-racists" are just fanatics who love to scream "bigot" at every opportunity.

  44. Re:.. are easy to identify, fix, AND AVOID complet by Opportunist · · Score: 1

    It's actually simple, and it's amazing that so many people don't bothers to follow it: Every input must be sanitized. User input as well as data input from a source outside your system. A good example for the latter may be the original animated cursor exploit where MS was stupid enough to actually trust the file's claim how big its data area is going to be (and store it on the stack... don't ask, it boggles the mind). ANY Input you allow into your system may include some kind of attack. And the easiest way out is to simply put every input through a filter that only lets "sane" values pass.

    That also means that "one size fits all" blanket sanitation is in most circumstances a bit weak. Why let alphanumeric input pass on to the routine if only numbers should be entered? Have the filter toss out EVERYTHING that is not part of the possible result set. If you are expecting a "price", filter everything but decimal numbers with up to two decimal places. No letters, no "special characters", nothing but UTF-8 (or no Unicode (a) that satisfies a&&0xFF80), no hexadecimal numbers, everything but the "expected" input must die there. Why? Because no "normal" human would enter it that way. Anything that comes along in such a fashion is most likely an attack.

    Such sanitation must happen before the data has even the remotest possibility to touch a database, of course. It's not like contemporary systems have a big problem with computing power, the sanitation overhead is usually minimal compared to the time wasted with barely optimized database accesses and bad database organization.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  45. Lets Define these things then by EnempE · · Score: 1

    I think that everyone on /. more or less has a good understanding of the terms, it is the media that simplifies the environment to write shorter headlines.
    To clarify:
    Hackers are those that delight in taking something apart and putting it back together again, either in its original form or with some modification to improve the thing in their point of view. Hackers was at one stage those who enjoyed pranks between universities, so there is an implied cheekiness in the execution of this experimental interaction with things. In the information realm, taking something apart to see how it works often involves finding out how to do that. Exploiting a flaw is analogous to taking the screws out of something to get the cover plate off. If a hacker broke into your house it would design a tool for doing so, disassemble your lock and put it back together again or find a weakness in the design of the lock that allows it to be opened without the key.

    Script kiddies are those who are interested in getting into things, but either aren't interested in or able to take things apart themselves. The find tools that will work and need only enough understanding to roughly match a tool to a thing. There is a level of juvenile immaturity in this, like a child disassembling a radio with a hammer to find what is inside, with no thought as to how it might be reassemble or if this tool might cause permanent damage. If a script kiddie broke into your house they would break your lock with a Jimmie bar and probably spray paint a tag on your wall.

    More recently we have criminals who will find / buy the tools to get into something for selfish gain. They may buy the understanding from a hacker, a duplicated key, or use a script kiddie type tool and find some way to monetize it


    Neither of the first two implies malicious intent, however they may break the law in their pursuit of either learning something or showing their ability to affect their environment.

    Would anyone modify these definitions in anyway ?

  46. Not hacker; not cracker, JACKER by DoctorBonzo · · Score: 1

    I'm tired of this terminology and on a half-hearted campaign to change it.

    I'm in the old-school camp where "hacker"s are clever and not necessarily malicious.

    "cracker" has the much-noted redneck connotation.

    "jacker", partially from hijacker, is preferable. I guess I'd be satisfied with "cracker-jacker", too.

  47. Slashvertisement by andymadigan · · Score: 1

    Does it surprise anyone TFA is covered in ads for various security "solutions"? Script kiddies have been around forever, this article is just crap content intended to male the site go 'viral'. Why would /. Post this crap?

    --
    The right to protest the State is more sacred than the State.
  48. Re:The word is cracker, not hacker by GigaBurglar · · Score: 1

    I must point out that "dumbfuck" isn't an actual word - it's slang.

    Dumb:
    Adjective
    (of a person) Unable to speak, most typically because of congenital deafness. (Irony - look it up)
    Verb
    Simplify or reduce the intellectual content of something so as to make it accessible to a larger number of people.

    Fuck:
    Verb
    vulgar. Have sexual intercourse with (someone).
    Noun
    vulgar. An act of sexual intercourse.
    Exclamation
    vulgar. Used alone or as a noun the fuck or a verb in various phrases to express anger, annoyance, contempt, impatience, or...

    I could just call you a sponge cake but the definition would denote that it would be used out of context.

    Du u c now how werds has cleer defintionz?

  49. Re:The rise of everyday... fuck, everything really by TripleE78 · · Score: 1

    Rape Sister is so the name of my next band.