Slashdot Mirror
Wired on Kipling
The Dodger writes
"The Kipling 'Hacker' luggage debacle gets coverage in
Wired, along
with slightly derogatory references to the Slashdotters'
ability (or rather lack of it) to 'crack the site'... "
Strange. Someone sent me the winning login & password (way
to go MoobY!).
I vow to never pay for this kipling crap though. Terrible
article though: its one thing to confuse hacker &
cracker, its completely different to be cocky about your
misuse. It seems quite apparent that we aren't the
target audience. What I would like to know, is who is?
We're trendy now guys. We still don't get to marry supermodels
tho...
so we would have something in common
The thing is relatively trivial to crack. Assuming
someone want to do it, it should be simple. The
program takes the value of PI, adds it to 2 static
predefined keys and sums it with the username+pass
entered. The first few characters are http://, so
its simple to guess the rest. Someone whack it up here so we can get 600,000 bags mailed to us
and put kipling out of business.
in many parts of the country, is also used as a term of general contempt for people who happen to be merely "white", without regard to scot/english/irish appalachian background.
You are quite correct. Those who still speak elizabethean english are regarded as profoundly ignorant. Say what you want about the interstate highway system; it has been a tremendous blessing in many respects to appalachia.
they only offer you a chance to win one of 100
bags.
I wouldn't trade my gal for 10 supermodels, She plays a mean game of Quake and can swap a motherboard in 10 minutes, what else could a guy want.
I would classify myself as a serious geek, both from a physical standpoint (tall, skinny, heart problems, asthma) and gearpoint (17 routers, 12 computers, VSAT in my backyard, 12 xver radios HF to microwave, pro video gear, and more toys than I can think of).
:-)
I have also twice lived with models. Not in the supermodel class, but they both once made a living off of it. I also met and had sex with a girl who could be classed as a supermodel, since she had made more than US$1million modelling between the ages of 14 and 22. I've got copies of some of the magazines she was in, and I occasionally see her pix on the internet.
Of all the women I have known, I would rate the supermodel as one of the worst fucks of my life (not THE worst, but bad). Her entire sexlife had been one steady stream of rich or hunky men that were only counting coup. So she only knew how to lie there and let the guy do all the work. My other two g'friends both started off slightly cold, but turned out great. But my current opinion is that meaty women are the best, and redheads are the best of the best.
I freely give out hints of what I think did it for me...
Keep'em laughing. I learned that from social engineering various phreak scams years ago.
Cooking skills. Take classes, buy books, cook for yourself for several years.
Massage skills. Same thing, classes, study, practice. Practice on anyone who will let you, and there are many willing volunteers.
Kill your TV! Got to get out of the house on a regular basis to meet people, same concept that you can't win the lottery without buying a ticket from time to time. TVs are an intellegence black hole.
I met the first model while trying to social engineer some info about a system a group of us were trying to crack. One thing led to another, and suddenly we were dating. I had to live that slight lie for 14 months until she moved out, but after that I was in the right social group to meet others.
So don't lump all hackers/crackers/geeks in the same boat. Some of us dedicate ourselves to shagging beautiful women with the same energy we devote to writing new networking code for linux (slackware, if you have to know!
Less than a year after they started, Wire shifted from being for/about the people who create technology to being about/for the people who use it. A far lower subspecies, if you ask me.
You think real geeks go to "Burning Man"?
Yes. I know plenty of hacker types who go to Burning Man.
god that site sucks, the whole "hacker dress code" and "hacker education" section is so fucking pathetic i am sorry i even regesitered a hit for those bastards.
Anybody remember her :-)
Anyway, I things looks shouldn't matter... whahaa.. stupid me.
And "personkind." And they're sanitation engineers -- do they throw trash on your lawn? no. And "gambling" means no personal skill is involved (like betting at the track, which is really a "course") -- blackjack and poker are GAMING! I mean, duh! Do they think we're stupid?
> Pfffft! That's for Thursday night. Friday nights are for reading RFC's.
After upgrading some libaries of course...
Aside from what ESR might want you to think, I believe that hacker isn't just a wizard programmer.
Hacker has and does mean many things. A hacker is usually a coder, but it could mean a bad coder. "A bad hack" is just what it says. "Hacking code" could mean just programming it or turning it into spagetti.
I also think that a hacker can be a criminal. Why not? The word is quite broad.
Aside from that, what is a cracker? *JUST* a computer criminal? I don't think so, many people who "crack" software call themselves crackers, and they think to use the term any other way is foolishness.
Please note: I am not a computer criminal, or involved with warez in any way. I'm a coder.
There are stores in Leuven and the Woluwe shopping center, and I've looked for any clues to the uname/pw in the stores. Went into the Woluwe store at lunch today just for the hell of it. The clerks there are cute but clueless.
:-)
:-)
Supposedly there are clues sprinkled around on their website. I haven't the time to go look at their marketing bullshit over and over again, but I would spend the time on a cryptanalysis attack.
The backpacks look just like any other packs, just with computer names. As I said before, I didn't see anything there which would help me write networking code, or to be a better hacker, or to draguee a supermodel. Now, if the stores had a selection of O'Reilly books, then it would be worth going back
This site used to be housed in a web center in Leuven, next door to the Katholieke Universiteit. But traceroute now points to Antwerp, or somewhere on the planetinternet.be net.
tot ziens
I mean, how does being blonde, bronzed, stick-thin and mammarily enhanced automatically make a woman a better lover?
You ARE a guy, right? If so, you're one of those "spike heels make a woman's legs look funny" guys, aren't you?
Unfortunately, thanks to the (continuing, heh) British example, homosexual Americans can't get security clearances (unless they go up the horsepipe and get a service academy class ring as well, double heh).
the APPROXIMATION of which might vary from machine to machine.
Larry Lein obviously has no idea who the other 'Crackers' are!!!
In Florida, the term 'Cracker' applies to those whose families have lived in Florida for generations, usually from before the Civil War. Such people held your regular jobs of ranching and farming. The term apparenly comes from the wipes used to drive cattle.
I'm a Florida Cracker, and I don't know of anyone in my family who lives in a trailer park!
It looks like they are just trying to insult everyone they can to generate some marketing numbers. The Executive Vice-President of Kipling USA thinks a cracker is someone who lives in a trailer park down South? I lived in a trailer park "down South" for awhile in college and my sister lives in one now because they are *cheap*.
I guess I could get offended, but really, they aren't worth the effort.
BTW, Jansport back packs rule. I'll never buy a Kipling.
I have read that it's derogatory term for poor white Georgians. They're not too likely to be on the handle end of a whip.
I dunno, I've only read one reference, and the last thing you trust history to is historians...
John Waalkes
jwaalkes@edge.net
i thought hackers spent all day smoking DMT and
watching "the rosie o'donnel show". ewps.
Shouldn't you be using a Palm Pilot or something :)
I mean, if we're going to practice what we preach...
Otherwise, how are things at PDABuzz?
Still waiting for something to come along to make me forget all about Newtons. Sigh...
John Waalkes
jwaalkes@edge.net
Um, Ok so slashdot is going to turn into the "Slashdot Forum" where people tell their stories err fantasies.
Well, let me add one..
Your never going to believe this but I was at home programming when two Swedish twins came to my door. It seems their car stereo stopped working and they heard I was the smartest person in neighborhood and wondered if I could fix it.....
Well, one things led to another........
Thanks to Larry Lein, I finally understand why it's so difficult to get people to adopt "cracker" when referring to virtual-trespassers: it's also a racist term
You're right about it being a racial epithet. But it's not a very prominent one. The Kipling exec's use of it is more sign of short sightedness. Who knows, perhaps next he'll be announcing new product lines like The Nappysack for our Afro-origin population; or maybe even The Wet-Backpack for their south of the (US) border market. The real irony of his use of the term Cracker comes when you realize that exec is most likely white.
If you had bothered to go to their site, you would see that they had challenged people to "crack" their site. (It's really just some fancy javascript)
Furthermore, since you obviously didn't take your own advice, I give you the dictionary definition of 'irony'
1. a pretense of ignorance and of willingness to learn from another assumed in order to make the other's false conceptions conspicuous by adroit questioning.
2(a). The use of WORDS (not actions) to express other than and especially the opposite of literal meaning. (b). A usually humorous or sardonic LITERARY style or form characterized by irony.
3(a). Incongruity between the actual results of a sequence of events and the normal or expected results. (b) Incongruity between a situation developed in a DRAMA and the accompanying words or actions that is understood by the audience but not by the characters in the PLAY. 4. An attitude of detached awareness of incongruity.
In other words, irony is a clever use of words , or dramatized events, and in real life terms, does not apply to real actions before the end result is known.
Yeah, I'm an anonymous coward, but only because I don't have an e-mail address
Satanists are atheist who use satan merely as a symbolic gesture. Satan worshippers believe in Satan and God and choose to worship the bad guy.
Actually many of Satanists beliefs overlap with many religious right's ideals.
since when is it ok to call someone a 'cracker'
and invoke stereptypes of poor southern people?
Everybody knows real crackers are from Georgia!
We're the ones who had baseball teams named the "Atlanta Crackers" and the ironically named "Atlanta Black Crackers".
Didn't you know that whites are the only racists, so its ok. You need to go watch some more hollywood films.
And the giant hollywood myth that all skinheads are racist. Hmmmm, guess they never bothered to research most are not since some of the original skinheads were Jamaican.
Hi,
I looked a little bit at kipling algoritm.
As it is righ now the final http string is:
http://www.kipling.com/hacker/game/login.html
This is the first 45 characters out of 64,
but a next one should be " " in order to make
working address. This http string was created by XOR of haevily permutated lpd_code_1 (or lpd_code_2) and a lpd_key. If you look at lpd_code_1 array it has only 48 uniq values, which gives you 48 possible values for lpd_key at each position.
Looks first like 48^46 = 6*2^138, but it is much closer to 46!, I belive. Instead of idiotic testing of each 48 values at each positions, it is possible to search a graph, strating from first h,
test first option, swap lpd_code_1 value to position indicated by lpd_key and go to next position (letter t). That will restrict the number of options in the consecutive steps, leading hopefuly to at least partial lpd_key.
Got the idea? I have to have some sleep:-)
Anyone eager to code that?
Good luck, and post the code...
darek
darked@my-dejanews.com
PI was hardcoded for windows machines and if you notice the code was producing the same code under windows as the javascript.
Lando (still haven't looked up my password)
//But she was a PAGAN/SATAN worshipper so that sucked ! //
;)
errr, no, you're abysmally wrong on that one.
'Pagan' religions are generally those where the practitioners have some affinity with the earth of some kind, weather it be in the form of respecting the earth itself, or merely holding 'earth' gods in high regard. They get the name and lot of the customs/practices from religions of old that were labelled 'Pagan' at the time. Of course this isn't fact, just my ideas on the subject.
Satanism differs in that the more 'common' Satanists (Laveyian or COS) use Satan as an focal point for their actions and energies, as well as the invocation/focusing on/ of other Deamons. (Laveyian) Satanism and (many) Pagan traditions hold vastly different values on some matters, and courses of action.
Christainity just bastardises whatever suits it for propaganda purposes.
Later
kveldulv
Nyah...
They use Java's Math.PI.
and that doesn't vary from machine to machine.
Java has standardized their floating point
operations to be platform independent.
so the addition and multiplications are
safe, too...
Javascript uses an underlying JVM, I think.
else why not post it here
If Crackers are only from Georgia, please explain why several recent books on Crackers are all about Florida Crackers:
"Classic Cracker: Florida's Wood-Frame Vernacular Architecture"
"Cracker: Florida's Enduring Cowboys"
"Cracker: Cracker Culture in Florida History"
The term 'Cracker' applies to people in both Florida and Georgia.
The term 'Cracker' applies to people from Florida AND Georgia. It mainly applies to those people whose families have lived in the south for generations (prior to the civil war) and who were your basic farmer/rancher/cowboy type. Crackers are not rednecks. And 'Cracker', atleast in Florida, is not a deragotory term. It does not mean 'poor white folk'.
In Florida, the term 'Cracker' was applied to these people because of the whips they used to drive cattle, NOT from whipping slaves.
There have been several books written about Florida Crackers.
Yes, I am a Florida Cracker (and a Conch, too), and there is nothing wrong with it. And no one in my family lives in a trailer park, and many of us have got to college, etc. etc.
Yeah, sure. You've been hacked (cracked) -- by whatever web-design house did that lame index page for your sorry site. If you think anyone would waste time trying to crack you, you're enjoying a little corporate marketing masturbation.
Idea -- why don't you go buy AOL keyword "hacker" and link it to your page? Then you can get your real target demographic group.
I have no tolerance for these psuedo-techno-hip marketing ploys. Are your products Y2K compliant too? *gag*
> Javascript uses an underlying JVM, I think.
Javascript has no relation to Java. It was a marketing ploy to name them similarly.
Posted by JoeyRamone:
You tell 'm brother
Posted by JoeyRamone:
:).....
It's pretty nice though to be popular, even if it is with a stupid bag-manufacturer.
Why not unleash a slashdot-efect at ten times the strength on that server. That should at least knock 'm out of buisiness
Bye all
Posted by Cassull:
/.'ed to death...
Gee, I can't be a cool hacker without one of these steenkin' bags... Let me get my supermodel girlfriend to buy me one so I look cool to all my hacker buddies when I pull up in my Mercedes at the tennis court... Yeah. Like anybody who's a true hacker (and believe me, I sure as hell ain't got the skills to be one) would ever be dumb enough to advertise themselves with one of these bags... Then again, it would be funnier than hell if they got their site
Posted by white[noise]:
Well thats a refreshing viewpoint. Wish it were the norm.
And before you ask, no, I'm not either one. I'm just an outside observer to the whole religion thing (agnostic/atheist) and find the mislabelling rather disgusting, like mislabelling hackers.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
Okay, let's see. Someone misuses the work hacker to mean cracker and we want to show them that they are wrong and hackers are not typically crackers. Then we decide to get revenge by attempting to crack their site. Helloooo, McFly!! Look up "irony" in the dictionary.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
I'm at work, using Linux on the server and on my desktop. So tone it down, ok? Not everyone has to be a pushover to get a job.
Remember that what's inside of you doesn't matter because nobody can see it.
In the past, I would promote the jargon-file-approved meaning of the word "hacker", but I've grown to tolerate the mainstream useage. Thanks to Larry Lein, I finally understand why it's so difficult to get people to adopt "cracker" when referring to virtual-trespassers: it's also a racist term. I never would have thought of that one. I've thought of saltines, but never socio-economically-disadvantaged people of european descent: the meaning that is the means by which people can be mean. Death to the One True(tm) semantic-binding meme.
The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...
The problem with supermodels is that, for the most part, they're bimbos. People marry them just so they can sex them up. It's much nicer, IMO, to marry someone that may not be a drop-dead beauty, but is still cute, and loves you for who you are, not because of something material or sex-related.
-lee...I was dreamin' when I wrote this...
What I found amusing was that they seemed to have taken things posted in this comments section and used them as their own "sound bytes".
... *NO PART OF THESE COMMENTS MAY BE REPRODUCED IN ANY FORM FOR ANY PURPOSE*.
Here's what I'm talking about:
"I'm sorry to say that so far no one has been able to beat the login," said Slashdot contributor Greg Boyce, who offered to buy a Slashdot hat for the first person to crack it. "Turns out it was a bit more complicated than I thought it would be."
I wonder if Greg knows he's being quoted as such.
Time for a new disclaimer
If you can read this message, your threshold is too low.
Glad to hear you were contacted and your words were not simply ripped from these pages.
If you can read this message, your threshold is too low.
I reported based on the numbers that are available without having "outside circumstances" effect the numbers. I am well aware that many of us (myself included) are bound by whatever our employer decides to put on our desk, but that does not discount the factual aspect of the statistics.
... you ARE using Windows.
... or maybe I'm just poking fun at the stats ... or maybe I'm just an ass. *grin*.
Whether you LIKE it or not
Maybe my sig is a commentary on MS's monopolistic power even over those who would worship another OS
Either way, the stats are correct.
If you can read this message, your threshold is too low.
No I'm not.
And was I replying to YOU? No I was not, I was replying to the person who said my stats were "off" yet they had to use Windows at work.
If you can read this message, your threshold is too low.
Not everyone has to be a pushover to get a job.
/. readers that are not using *nix are push overs? Talk about toning it down a bit ... you may wish to practice what you preach.
So the 72% of
If you can read this message, your threshold is too low.
I dunno . . I've met/dated/slept with some SUPERMODEL type women . . .and I gotta tell ya . .
.the theory doesn't work.
You'd be surprised how the MOST BEAUTIFUL women are also the MOST LONELIEST . . .
All beautiful people are not dumb, and not all smart people are ugly . .
I met a gorgeous, beautiful FREAKING INTELLIGENT woman one time and we got along sooo great I was falling for her but still in the back of my mind i was thinking (uh, she's gorgeous = Bimbo) and she wasn't . . . she was very smart . . .
But she was a PAGAN/SATAN worshipper so that sucked !
heheh . . . anyways . . don't be to early to judge
les thy be judged.
or something like that . . .
Kick back . .have a drink . . .
.*Huh*
chill . . .
*Singing*
"WAR ! . . *HUH* . .
What it is it good for,
absoluetly nothing say it again . . War .
(repeat)
"Hacker is the term in common parlance,"
countered Larry Lein, executive vice
president of Kipling USA. "If you asked me
what a cracker was, I'd say someone who
lived in a trailer park down South."
What a mrketing wizzard. He might have better luck selling burlap bags to the trailer park set.
A lot of us are stuck at work..... in the windows world.... =(
that's why I think the stats are off
ChiefArcher
Well, considering the form is unencrypted, I suppose you could just wait until someone else figures it out...
-- perl -e'print pack"H*","6e656d6f406d38792e6f7267"'
Excercise and sunshine on a friday night?
Not to go completely off topic, but how do you get a 'K' out of a '4'?
He actually contacted me via e-mail last week about this.
:)
He also e-mailed me with the final quote.
So yes, i knew i was being quotes as such
SOme people actually managed to get to the winning screen (which then requires you to reenter the password they didn't have). You're basically entered in a chance drawing of 20 people who will get the bags.
Oops my mistake. It's 100 bags
Here's the URL:
http://www.kipling.com/hacker/game/login.html
Aren't you making the assumption that supermodels are somehow naturally more sexually enjoyable than non-supermodels? I mean, how does being blonde, bronzed, stick-thin and mammarily enhanced automatically make a woman a better lover?
If there's one thing supermodel partners are qualified for. it is as status symbols. Ultra-wealthy men don't have young model-grade trophy wives because they are better lovers or better domestic partners; they have them as status symbols, to parade around and demonstrate their worth. It's like buying a pedigree cat for $1000; other than status you don't get much in the way of features.
You misunderstand. All those attributes are superficial. They do not correlate with sexual prowess, personality, or how much you can enjoy being with said supermodel for prolonged periods of time (unless you want your women primarily as walking eye-candy, and actually interacting with them is unimportant).
Besides, if she's a stick-thin, sickly anorexic, chances are she's not going to be much of a performer in bed...
I visited the site and looked around. I found the technical information on it to be pretty accurate, considering it was part of a marketting campaign for a luggage company. I saw the term "cracker" used correctly in one place .
Furthermoe, this VP is correct: "hacker" is in common use when "cracker" is the correct term. Words often change their meaning over time as they are used in varying ways. I guess a community of people who rarely have face-to-face conversations might find this feature of language surprising.
I thought the campaign was a bit patronizing and aimed at wannabees and newbies. Of course, "hacker" lost any meaning for me the first time I heard someone claim to be a hacker when they'd never programmed in assembler. As if.
If you're really offended by Kippling's campaign, maybe you should go out and stage a protest. Oops, I suggested going out. Never mind. Go back to arguing over emacs and vi in IRC.
Drugs.
Just a hunch. They talk about visiting the store and all that. 16 chars.
pword must "cock" or "crap" or "fist" or something...
; )
**>>BELCH
Made my contribution to the /. Effect, and noticed that Kipling's Hacker front page has changed.
"A hacker is a malicious computerexpert who breaks the security of computersystems not to steal or destroy sensitive information but mostly just for the kick."
Note the contrast between "not to steal or destroy" and "malicious". And what's up with the "computerexpert" double-speak? Double plus ungood.
Keith Russell
This sig intentionally left blank.
Whadja expect from the little Conde Nast rag Wired has become? They're probably angling for an ad placement from Kipling in their travel mags. Remember that this is the cesspool that spawned Katz.
In case the previous posts hadn't made that clear. :-)
The complete URL is http://www.kipling.com/hacker/game/login.html
of course, you brits quit building computers when you couldn't figure out how to make them leak oil.
shutup or I'll kick your @ss
1) How is it known that lpd_value_1 will be
"http://www.kipling.com/hacker/game/login.html" after the decryption ?
2) Does anybody know what will be the value of lpd_value_2 after the decryption ?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
it represents the real world, were windows is still the most used os on pc's (i'm part of the 28% though :))
On a long enough timeline, the survival rate for everyone drops to zero.
i think that it might be...
someone should look into that.
I think that the site may have been slashdoted, hehe.
someone post the username and password here so we can all get free crappy bags, and put them out of buisness.
The
Spam bag...
It's just so damn goofy! Can you imagine walking into Systems of a Fortune 400 with Hacker on your bag? In NewsTrolls I said I was frustrated and came close to buying the cyberpunk bag b/c it was a flat backpack that could hold a laptop...AND opera scores...however, this weekend I found a great laptop/scores bag with dual zippers at the mens' Banana Republic....well that's pretty yuppie too, but at least it doesn't have any goofy names on it...just simple black nylon and exceptionally good padding for the shoulders. 'Course I put a NewsTrolls sticker on it...
diva Pasty Drone NewsTrolls, Inc.
Florida doesn't have a lock on the handle of "cracker". I read somewhere where cracker refers to the guy holding the whip, and there weren't too many of those in Florida because cotton doesn't grow very well there. Of course, this could be complete bullshit. Lawton Chiles was a cracker? A cracker would rather go off on a tear than take mood-altering drugs.
And if you continue to spend your Friday nights obsessing over the openness of the Qt license, that situation probably won't change anytime soon.
Try getting some exercise and sunshine now and then.
Regardless of all the upheaval about the marketing for the bags, they're actually pretty nice.. tough, comfortable, etc. I picked one up a few weeks back, amused at the "hacker" labelling, but buying it because it was a lot better than 90% of the nasty laptop bags/backpacks out there.
:)
It's a hell of a lot better than a Targus bag, anyway
-s
---- noi non potemo aver perfetta vita senza amici -- Dante
OK, I don't know MoobY, and I can't comment on his cryptographic skills. So I don't know how he obtained the password. However, there's things the article misses:
The "traditional hacker" manner for breaking such a site has nothing to do with decyphering the mathematical algorythm. It would be to attack the web server, gain root, and read the internal database. Not that difficult for a good chunk of script-kiddies (or some of us old fogies, too. (bad! Erik. Don't do that anymore!) (Really.)) However, this isn't even remotely intellectually challenging. So, if all we were interested in was Kipling crap (which we obviously weren't), there would have been as mass attack against the site. There wasn't. (Unless you count the /. effect. :-)
Instead, there was alot of debate about the mathematical underpinnings of the code. I think this is the best illustrated distinction between cracker/hacker that has come out recently: what the obvious goal was the glory for the intellectual accomplishment of cryptoanalyzing the cypher NOT just getting the answer.
Of course, I wasn't surprised that no-one here seems to have broken the code. Cryptoanalyzing stuff is very hard, and requires very specialized education. I've had alot of it, and would consider myself (at best) a poor amateur. I'm going to hazzard a guess and say that less than 10% of /. readers have sufficient crypto education and experience to do a good job of even analyzing the algorythm. And how many of us can honestly say we understand more than half of the math in Applied Cryptography. I can't.
Anyway, until someone posts a good analysis of the code, here's what about 14 hours of frustration have produced about it:
The main "crypto" routine is simple XOR, which is easily reducable (and cryptoanalyzable). The problem is in key generation/setup. The key generation appears to be a trap-door one-way function used as a hash. I've tried most of the ones I can find (ie, all from App Crypto, some from sci.crypt.moderated archives, and some from elsewhere), and can't find any match. The hashing function exhibits a good avalanche effect, but apparently has collision problems. The length of the keyspace is less than the obvious, but still large enough to resist brute-force search. Also, the use of JavaScript is problematic, since it's slow and not really easily portable to C without some substantial effort (anyone have a % operator for floats that mimic's JavaScript's ?)
I wrote a recursive intelligent brute-force search, but it still requires way to much resources and time to run (it's far from memory efficient). Basically, what you do is this:
Given that you know the "cyphertext" characters (http:// ... ), you can work backwards to determine that the first possible character of the login is about 4 choices. So, for each of them, you make a tree. It turns out that at each node, there are about 4-6 possible leafs that continue to give the correct URL. Eventually, each leaf runs into a problem where no possible characters result in the correct cyphertext - thus, you trim that branch. (or you've managed to find a solution.) Rather than about 73^20 (about 2^123) possibilities, the algorithm above runs about 2^40 possibilities. However, it has exponential memory requirements. Even I don't have that kind of memory on this box. :-)
Hopefully, someone will point out mistakes in my analysis, and we might eventually get a full disection of the algorithm. I'm not interested in the login/password, I want to know what the trapdoor is...
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
Has it occured to you that the geeks/hackers/programmers/etc. of yesterday are the Silicon Valley entrepreneurs of today?
;)
Three years ago, I was a hacker-DJ, living an almost completely nocturnal lifestyle, DJ'ing in nightclubs and spending most of the remainder of my waking hours sat in front of a computer.
These days, I do scary things like wearing suits and legitimately logging in as root on computers which cost more than a four-bedroomed house in a posh are of north London.
Quite a few of my former partners in crime are doing a similar sort of thing. some of us have even come close to setting up our own security consultancy.
"Information wants to be Free" - the cry of the new Cyber Socialists!
Dodger
So you think that America is the source of all encryption software?
The Brits were breaking encryption before the Yanks knew what a computer was!
D.
Hey! Come on now! If it doesn't leak oil (or liquid mitrogen), it's not worth tinkering with! :)
And please don't refer to me as a Brit.
D.
That's right! You can't call me a Brit.
Wanna know why?
Because I'm not British!
So, if YOU don't want to be counting the fingers you haven't GOT, I suggest you stop calling me a Brit!
Why does an Irishman wear two condoms?
2BSure, 2BSure...
D.
Their target is not the "hacker/free/opensource culture," or even the "cracker/2600/warez culture," as much as it is the clueless clueful wannabes of both subcultures. Since there appears to be an endless supply of clueless clueful wannabes of every genre, it is probably a pretty good market to be appealing to. If Kipling is successful, it will be amusing to see how quickly said bag becomes associated with such clueless folks, until being seen toting such a bag around results in one becoming labelled as such almost immediately. :-) One wonders how long it will be before owning such a bag becomes an emberrassment ...
The Future of Human Evolution: Autonomy
How about "System-Breaker"? That nicely describes what these people are, is probably catchy enough for the media, and doesn't step on the toes of old-guard hackers or sound silly.
Just my 2 cents / 1.3 cents US.
OTOH, I can see three problems with trying to revive "worm" in this sense. It already has an established meaning in computing jargon, so adding another could lead to confusion. It didn't stick the first time. And it sounds perhaps a bit too perjorative for use except specifically as an insult.
IMO, this probably wouldn't stick this time either, partly because it is perjorative. The trick is finding a name that these people wouldn't mind calling _themselves_, which IMO is one of the reasons that "hacker" caught on. "System-breaker" has a chance, though that would probably be abbreviated and mutated among the WaReZ d00dz crowd that it's aimed at. Other labels that have a chance undoubtedly also exist.
And how about "maggot" as the emphatic form?
IMO not a good idea, as it's too close to "faggot" (a perjorative term for homosexuals, for readers who aren't in North America).
Other suggestions from our copious lurkers?
I'm thinking that if everyone who cracks their uname/passwd get a free bag, it might be a good idea for slashdot to show them what it's like to be slashdotified... if someone were to post the uname/passwd we could all join in on getting free bags to carry all of our palm pilots...
I dislike the names they gave the bags, but a free piece of luggage is a free piece of luggage, how can i turn that down?
"The Kipling 'Hacker' luggage debacle gets coverage in Wired, along with slightly derogatory references to the Slashdotters' ability (or rather lack of it) to 'crack the site'..."
Well, just how 'secure' is wired??
Now that they cater to MBA wannabe twerps, instead of people who understand (or at least want to) the technology..
I, for one, would LOVE to see the WIRED site on the 2600 'recently hacked' milk carton.
-- What you do today will cost you a day of your life.
Oh my god... that is dumb... ... to crack the password?? /.
Pirates
pirates are warez kiddies.. they don't
hold a stick to HACKERS or CRACKERS
and much less good / experienced
ones... *SIGH* these corporations
are not gonna sell anyone on
a bag called DOWNLOAD or SPAM...
<CITE>ARE THEY?</CITE>
linuxnewbie.com
Well I tok a look at the code.. lkp_tmp = Math.PI .. is that not getting the value of PI.. doesn't PI differ from machine to machine.. th ekey maybe that the machine that has to access the site has to be the same machine that the key was made for or similar machine... (SAME OS same architecture)??? They are performing a lot of math functions there in the code.. this woudl be trickey to crack.... good luck
Only 'flamers' flame!
It is machine dependant.. for PI on my machine I got 3.141592653589793 all Javascript math is machine dependant... there fore it is hightly unlikely that you will crack it unless you are on the machine that it was programmed for
Only 'flamers' flame!
Sounds like revisionism to me. At the time, there were plenty of posters telling us how easy it would be for mighty Slashdotters to crack the code, but now after failing to do that, we hear "Aww shucks, nobody was really tryin'."
Puh-leeease. Damn fools talkin' the talk but they can't walk the walk. Oh yeah, and there's nothing at all wrong with the way that they're using the word "hacker." Give it up already.
Cheers,
ZicoKnows
That, combined with a lot of clueless people around here learning what "context" means. It's really not that hard, folks, and you'll find yourselves much less stressed out.
Cheers,
ZicoKnows@hotmail.com
How much you guys want to bet that a whole bunch of people who live in trailer parks file a class-action suit against Kipling for that comment?
How much you want to bet that the judge doesn't laugh them out of the courtroom?
Just curious how many supermodels you've met and conversed with that you feel you can say that they are bimbos? I notice from your homepage that you have lived most of your life in Virginia. Last time I checked that wasn't really a mecca for supermodels.
In my personal experience, the one whole supermodel that I met in real life was nice enough and didn't come across as a bimbo. How many have you met? Or are you just being a prejudiced bigot who stereotypes people they've never met? Mmm...watch our for those sour grapes.
I just wandered over to the site and there's a big image up on the front page that says: Site under construction, Sorry, we've been hacked :(
/. effect and think they're under some kind of hacker attack!
I'm guessing a bunch of people got the correct username and password and claimed all bags, so Kipling is redoing their site to reflect this. Or maybe they're experiencing the
Now I'm sad. I wanted to get a sup3r-k3wl newbie bag.
-sk
..as for leaking oil - I seem to remember a quote from Mr Cray [he of supercomputer fame] saying he was just a good plumber...
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
...was never people who created technology. It was always for people who used technology, usually those interested most in looking good while using technology. Wired was a more corporate-friendly version of Mondo2000, which has become a fashion mag for people who want to look good while talking about new media and the current paradigm. As for geeks going to Burning Man, I went. But then, maybe I'm not geek enough....
CIA Industries - Running the world for fun and profit
I think it's bloody obvious by now that there is _no_ name/password combination. This is another evil Republican conspiracy to publicly trash us. When the contest ends, Kipling will just make some random combination up and claim that it was there all along... and no one will be able to prove otherwise. So there.
Peace,
--
Kaufmann
To the editors: your English is as bad as your Perl. Please go back to grade school.
I happen to live near Antwerp... What if I just went to the store, looked for the password and then post it here ?
But then again, where's the sport in that ?
Aside from that, I have owned and used a Kipling bag for years now, and I'm very satisfied with it. Regardless of their clueless marketing, I think they make good bags (although I had to remove the little monkey doll that was attached to the bag as a marketing stunt when I bought it).
superblog.org: all your favourite blogs on o
As far as I know, there are no laws banning the export of cryptography products/algorithms/... here in Belgium. The U.S.A., on the other hand, do have such laws, I believe. But I don't know if importing such things to the U.S.A. is also illegal or not.
superblog.org: all your favourite blogs on o
Hehe...
;-)
By an amazing coincidence I also happened to work at planetinternet.be not long ago. I'll see if some of my old buddies there know anything
superblog.org: all your favourite blogs on o
Plenty of countries have their own home grown developed encryption products.
I think you mean 64 bytes, dude. And no, whoever said the first part of the id and pword were http:// is wrong. That's just what the uid and pword turn into after being screwed with mathe-magically.
-Shrub
Someone should also tell him that crackers and hackers are emphatically not the same.
Mike
--
Mike
--
"Wi nøt trei a høliday in Sweden this yër?"
Mike
--
Mike
--
"Wi nøt trei a høliday in Sweden this yër?"
Yeah, marrying someone just for sex doesn't really sound like the best idea.
But to be perfectly honest, I can think of worse things than having to come home to a supermodel every night. Then proceeding to have sex with them would make the whole deal even better.
All in all, I think it might be worth it. =)
Not drinking, chasing women, or doing drugs won't make you live longer--it just seems that way.
The accuracy of the seed doesn't have to be terribly high. From looking at the code, i'm guessing that 3.14 is sufficient. The next iteration is a UCHAR for gods sake (i.e. mod 256).
Uhh, heard somebody had the name/pass? ..since they promise to provide everyone a bag..
Quis custodiet ipsos custodes? - Juvenal, Satires, VI, 347
Do you think that, now that I'm the famous "Beef from Slashdot and Segfault," they'll make an action figure out of me?
--
Beef
"Raging Moderate" of the
I vote we FRAG this commander.
--
Beef
"Raging Moderate" of the
because if there were, we'd ALL have one. :P
der dee der.
this is true. paganism is NOT satanism. pagans tend to be in touch with nature and 'one with the universe'. they revel life and the world around them.
i don't know what satanists do, per se, but they are NOT on the same plane of existance that the rest of us are.
der dee der.
I can see it now: "We're not crackers, we're trailer trash!"
Actually, tho, "cracker" has always meant, to me, something like a really stupid klan member.
They're jumping on the bandwagon and trying to perpetuate the image of a roguish geek-version of James Bond, and by linking their bags to this image they hope that people will think that if they buy the bags they'll be a part of some mythical cultural elite.
It's a load of bollocks designed to sway some percentage of the brainless masses to make a buck -- I don't see why people are so worked up about this. If Kipling made better bags I might even get one but their designs are lame Kiplinged versions (dumbass visible zippers, poor worksmanship, cheap materials and a stupid logo) of bags designed by other companies. Their version of Manhattan Portage's J-Pack is the worst -- I beleive they call it the "firewall". I wonder if I jacked in through it if it would keep the bad people out. I think the best part is the giant rubber block-print "HACKER" label stitched to each bag.
See it as another failed attempt at success from a company with no sense of style and pity them.
kmj
kmj
The only reason I keep my ms-dos partition is so I can mount it like the b*tch it is.
So, what with www.kipling.com/ being exactly 16 letters, why not use that as a starting base? Now, someone go find the password. I for one wouldn't mind if they have to fork out for a bag for each slashdotter. Even if they are shyte. --Seb.
Apparently the VP of Kipling LIKES showing himself as an uninformed person. Thats bound to sell bags.
if only i had one of those bags, then i could truly consider myself a hacker.
you want to (successfully) date them.
But really, Wired's target audience noticeably changed from 2-3 years ago. It used to be geeks/hackers/programmers/etc. Now they are heavily oriented towards the Silicon Valley start-up crowd. The key terms now are stock options, media attention, buzz and fluff.
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
But supermodels are highly decorative, not necessarily functional. Sex is good, but making rounds with a supermodel on your arm has its own intrinsic merits.
Yes, I know that geeks of yesteryear are enterpreneurs of today. But not all of them made the switch, plus there is a new generation growing up. I understand why Wired's target audience is changing, but I don't have to like it.
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
umm.. i dunno, they publish the code to do the pw/key decrypt as javascript in the page. i looked at it with the idea that it probably wouldn't be that hard to crack. umm.. there are 2 64bit key spheres, i may not be great at encryption, but i thought this was illegal to export?
comments?
Sorry, but if I see a kid wearing a backpack called 'Browser' or 'Download', I'm gonna have this irresitible compulsion ot kick his sorry butt.
I don't wanna be trendy! Remember when being a 'hacker' meant something about knowledge, too?
OTOH, I can see three problems with trying to revive "worm" in this sense. It already has an established meaning in computing jargon, so adding another could lead to confusion. It didn't stick the first time. And it sounds perhaps a bit too perjorative for use except specifically as an insult. But even if "worm" doesn't take the place of "cracker" or stop the misuse of "hacker", I reckon it could complement them nicely.
And how about "maggot" as the emphatic form?
Heck, let your hair down. What kind of seriousness do you expect to find in the lower reaches of a Slashdot thread? Here be dragons. :)
*sigh* True: "worm" is too strong to substitute for "cracker" or "hacker". As an insult, though, I reckon it deserves to go far. (In all modesty. :) ) Unfortunately, "System-breaker" sounds, I think, too plodding and too explanatory to catch on either (as well as not being precise enough: "cracker" usually implies a certain type of system-breaker, no?).
The other, loathsome, word is well known across the pond too. I hadn't noticed the similarity when I posted, but I'd still stand by my suggestion. It's certainly right to take pains to avoid giving unintentional offence, but I tend to draw the line at pandering to the type of person who can't or won't distinguish one common word of English from another.
One purpose of "cracker" and any alternatives is to help the press and their readers, not Slashdotters and suchlike, to make the distinction. Many in the general public aren't even aware of the difference, let alone able to detect it with their Context Wands.
And if you continue to spend your Friday nights obsessing over the openness of the Qt license, that situation probably won't change anytime soon.
Pfffft! That's for Thursday night. Friday nights are for reading RFC's.
I'm sure "SlashdotMedia" will improve on all the wonders that Dice Holdings blessed us all with
As for the people at Kipling:
Aside from being inaccurate since there's really no need to break their security at all to win the contest, they now confuse the definition of the term "pirate" too. "Pirate" is a term coined by the computer industry to demonize people who copy their software without permission. It's something completely different from either a hacker or a cracker. Sure, it's actually a better analogy for breaking security than it is for copying software, but to paraphrase Larry Lein, executive vice president of Kipling, USA "[pirate] is the term in common parlance".
Of course, Kiplings indifference to how real hackers define the term demonstrates who their real market is. They're not selling to real hackers, they're selling to B1FF, the kewl D00d or whatever. Their market is people who've seen movies like "the net" or "hackers" and think that that's what a hacker is.
So what? You can call us Yanks, but we can't call you Brits? Yeah... right... =)
Oh, btw, leaking liquid nitrogen is fun, but leaking liquid hydrogen is more exciting!
Grandpa Spaz
Oh... so am I to take it you are Irish?
G
javascript doesn't have a uchar, and
the %256 is actually a floating-point modulus
operation in Javascript...
like fmod(x,256)... It's a bitch,
but that's how it is....
so every last bit of that PI value MUST be perfect.
-- The Funk, The Whole Funk, And Nothing But The Funk
actually, we WOULD be able to tell.. only the winning combination would transform the 2 cyphertexts in the HTML into the plaintext, which is the url http://www.kipling.com/hacker/game/login.html or some such thing...
-- The Funk, The Whole Funk, And Nothing But The Funk
yeah, good thinking... of course, you'll then have to extract the username and password from the key, but that's probably not so bad... Getting the winning key would be a real step toward getting the user/pass..
-- The Funk, The Whole Funk, And Nothing But The Funk
The lpd_code is XORred with the key
during the swap. If there are 48 uniq values
before the first swap, there may be 49 uniq values
after the second.
The lpd_code is modified by every swap...
So the number of possibilities is much higher.
-- The Funk, The Whole Funk, And Nothing But The Funk
actually, we don't really know either of those. all we know is that at least one of them begins with http:// and that the winning value is a URL to a winner's page of some kind, of which http://www.kipling.com/hacker/game/login.html fits the description.
-- The Funk, The Whole Funk, And Nothing But The Funk
I don't believe that Mooby really did it. I'd think that the page at nerdhero.org would have been updated if that were true.. This guy with the 2600.com (yeah right) address is pulling a fast one... He may not even know mooby...
-- The Funk, The Whole Funk, And Nothing But The Funk
I think someone really got to them.
They pissed everyone off with that Wired
interview... they were asking for it...
-- The Funk, The Whole Funk, And Nothing But The Funk
NICE
pesky bloody computers
It seems doubtful that the site was actually cracked, since everything else on the site except for the front page seems completely intact.
Besides, why would a site that was really broken into have that fancy "We've been hacked!" graphic anyway? Did they hire a guy to do that in Photoshop just for the occasion?
Help! We've been hacked! Quick -- call a graphic design artist!
My guess is that it's just another marketing ploy designed to promote those ridiculous bags, which are obviously marketed toward 15-year-old AOL newbies who've rented "The Net" just a few times too many.
In case anyone wants to see the "hacked" front page before Kipling changes it, I've put it on my website for the amusement of all y'all slashdotters.
- I
Power corrupts. PowerPoint corrupts absolutely.
They even think they invented to Turing Machine.
As far as CP/M goes, they can have it! OOps! We've got it...MSDOS, WINDOWS.... et al.
...preferably on-line.
-
BlackNova Traders
There's the code for the Kipling bags :
:)
9840112000309001
host
Credits go 2 MoobY
Send me a postcard if u get a backpack
--- Sigmentation Fault - Comments Dumped
HAHAHAHAHAHAHAHAHAHAHAHAHAAAAAAAAAAAAAAAAAA
yummi
why shouldn't i?
MoobY
--- Sigmentation Fault - Comments Dumped
It's been hacked...
MoobY knows
(24 hrs left before total world domination)
--- Sigmentation Fault - Comments Dumped
It's been hacked...
MoobY knows
--- 24 hrs left before total world domination
--- Sigmentation Fault - Comments Dumped
You got that right about WIRED...now its all beamers,benzz and volvos....and where theres money,theres supermodels modeling the latest neato warez...right next Mr.startup who know shit about computersa but,ha cash to spend...
RideX