I suggest to let him exploit one of those stupid and inhumane webgames that are out there in dozens. There is much fun in doing it and he will learn really a bunch of useful things about his system and programming also.
For example:
Take a look at a game like space4k.(com|de)
Show him a bit of java programming, show him how to use a library to web-datamining/testing like httpunit and how to do some simple things with that. Also do some funny stuff with java and sql based on mysql or the like.
Then go and try to build a working bot on that sort of game. Grinding-games like this one do not deserve that humans spoil their time on stupid clicking. But there is a great use for this sort of game: learning. And he will also will find out, that being smart is not always without problems, cause people really *hate* scripters in those kind of games.
He will have fun, he will have a live response to what he is doing (very life, I promise!) and he will have all up and downs that come with such a job.
By the way: programming in java and mining data, responding to web-forms is a really great sort of knowledge for the near and far future. Data is something like gold in our information society and to mine it with a bot is something like mining '49. It's just a game so nothing can happen, nobody is hurt (who counts).
java, sql, httpunit
Basetechnology with fun. And I promise if he even manages the captacha in the game he will be a smartass in programming and will lick blood.
with best regards - most hated "player" of space4k.de
-by the way- i just see a captcha down here in slashdot. It would be fun to crack that one, too...
Re:Hard to admit, but that is quite clever
on
Sober Code Cracked
·
· Score: 1
Hm. Talking of destroying the own environment. Do you remember the first big worm that hit the internet? It was 1988 the morris worm that used a sendmail bug. It was exakt the time I worked in that anti virus/worm project and we, along other people worldwide worked in reverse engineering that worm. More like "understand" it because it was new - even some of us had had theories about this sort of attack we had never really "seen" it before.
This worm stopped over 6000 Computers (I do not recall the exact number now and had to consult wikipedia for this) working and crashed big hunks of edu-net. Why? Just because morris underestimated the selfpropagating rate of his worm. Even without a payload it used all computingpower of all infected machines. And by that killed his own host-network. By reading the sourcecode we found that the worm was obviously not intentionally released. Maybe it was just a testrun that was run out of control.
Such worms are quite often - worms that are miscalculated and consume much more resources then planed. So the shutdown of whole networks is maybe not the intentional goal of a worm but often enough it ends up like this.
Another thing is that may be the net is not down but your computer says good bye in the moment you connect. Last seen with the msblaster worm, that attacked every connected computer two times a minute.
And at last the internet is not not that stable and "nuclear prove" then you may think. 9.11.2001 in the moment the first (or was it the second, no it was the first) twin tower collapsed - the whole nation I think say it life on TV, in exact that moment also the german internet was gone. For how long? Half an hour? Okay. That was just one building (okay, with DNS root servers in) but it was just one building that knocked the internet out.
Some worms have the same effect. On such wormdays the internet becomes feelable slow. Up to date there was -between the morris worm- no big internet crash caused by any worm. But we are far fewer away from that moment then we think. And that may be the day on which all windows pcs have to shut down to restore the net. Up to date the relative slow modem/dsl cables are not able to really shut down the net with traffic. But in the next years glasfibre will be common and that will be the day that personal computers will overload internet connection.
To overload a transcontinental connection is even easier. The bandwith is far smaller than the continental lines. Wasn't that the case when the first cyber-skirmishes between china and usa hackers occured? I'm not shure with this but you know that these things happen even without worm attacks. And in the end there are simple certain messing around's with low-level protocol packets that fill a line with huge amount of cybertrash.
I wish I have your trust in the reliability of the internet. Certainly the internet is highly adaptive, redundant and all this. But as a few examples show - not invincible. And the last big power failure of nearly whole USA I have not mentioned yet. Read what the reason was? Ok, you know it.
No internet is not nuke proof. Its not even storm proof. Or water proof. Or worm proof. Its really a very complex and very vulnerable system and i doupt that will change in the next years - au contraire.
And last to come to the education level of worm writers. Yes, there may be people out there at my education level that do it - but if, than we would suffer more badly from worms I guess. You dont have to be a genius to write a thing like a worm or a virus. Its not right easy but its no diffult task. Mostly you communicate over ports, copy data, start programs and things like that. That are easy tasks. If you want it a bit more sophisticated you build in something like a "random" generator. Man, I write this shit with a bottle of johnny walker down in five minutes like any other programmer that even halve understands what he's doing. Its a bit of work, yes. You'll need some day, maybe some weeks. But its not difficult. If you cant
Re:Hard to admit, but that is quite clever
on
Sober Code Cracked
·
· Score: 1
Yes, interesting. In trusting networks there is no problem to propagate a worm. As you I build one at university that checked the load of every machine in my subnet and started the c-compiler for to compile my project on every lazy or very powerful an not fully used computer. I never called it a "worm" because if I would have named it like it was, they would have thrown me out. But with that fine little script I compiled my project not in an hour but in few minutes. Nobody was harmed everything went all right and I think it was right to do it. It spared my university much time and money (that I would have earned, gash).
Yes. But there are self propagating worms. On my homepage -a little while ago- I did some homework about security of passwords and -really good- attacks over the net. More statistical rules of thumb then real math but I think I'll work. And that says ordinary ssh ports can be penetrated quite efficently - through the front door. The mass of systems out there and the mass of users is the problem. You can easily crash that. And even its much more interesting to get control of one true router then of thousand dumb zombie pcs. I recall now that Bruce Schneier told on his blog about the possibility of ssh worms. And I simply worked that idea a bit out.
But interesting is it when it comes to cross-plattform attacks. I think we will see the next big attacks as java worms. Did you catch the last known bug of java 1.4.2_08 und below? And all 5.0 Versions of that date below? First catastrophic break of the sandbox that I know of. And where there is one there is always one more.
And java code is damn small and damn fast (on JIT), flexible and everything a worm/viruswriter wants.
How to build multiplatform java networks on "trusted" computers is quite easy - the code can even be downloaded ready for use from the net. But when somebody begins to combine this an some other features I know of, then -hm- you better look for a helping god, because thats everything that will help.
And even the self-referencing capabilities of java are perfect prey for worm-writers. You can easily recompile the whole construct even trough the net itself. You can import complex codes and so on. But I dont like it to bring people on bad ideas. I like java. And its misusing is not often. I think this is because only very few java programmers are schoolkids.
Maybe there are easier ways to do this stuff. But for me its looking dangerously easy enough.
I ask myself, by the way, isn't it always the same old story how programms are attacked by heap overflows? What would happen if a mutating worm is not attacking only one specific port but ports at random and tries so long for working code (working length of codesequences) up to somewhere a program crashes, starts the code and propagates working childs that themself slowly mutate? Would this sort of worm ever stop?
So much about interesting ideas...
Re:Hard to admit, but that is quite clever
on
Sober Code Cracked
·
· Score: 1
Thank you for your compliment for my english. But really, I know I suck. It's nice that you accept my language then. Tja, sorry that you are not satisfied with my little article. If it interests you, I tell some rows more.
But yes, you are right. There was a internet. But not that what today everyone is calling the "internet". I know it, you know it. But most of the users of the today internet have no memory in the pre-webage. In the early time we had even no AOL or CompuServ. We -in germany- had datex-p. The datex service from former "Die Deutsche Post" (mail and telephone agency) brought our self-build 300 baud acoustic copplers into the world-wide datanet. That was another time. There was no personal internet like today and to call it one -hm- seems a bit strange if we see what we have today.
And really nobody expected us to be there. Every system was quite open to everyone. And shure there were people doing things that were illegal - but not here in germany. Because there were no laws against hacking into forein computersystems or to use satelite connections to USA forging account data. And even in forein countrys we were free to do what we liked to. No laws means no legal/illegal means no police no judge could harm us for what we did. But I do not recall any destructive crimes that were commited in that time - by us.
It worked. We used new york outdial to telephone to BBS systems or corporation all over the country. T'was quite cool for a teenager to do such things.
Up to that thing with the NASA hack. After that there were cyberlaws in germany. It changed everything. Hacking was illegal now. But most of us of the early days knew what we wanted. The net was there - it was only waiting for us. We build an own net of linked private BBS systems - the z-netz or zerberus-system, communicated and waited for the first systems to connect really online. Internet? No man. Not in those days, not in germany if you were not working for big company or university. Computer science at university? Was not invented yet.
Internet as a teenager? If you were a hacker, yes. Other ways? No. Not here. Not in that time. The "Deutsche Post" even forbid to use a modem. But they couldnt control us, stop our curiousity. We really drove to telephone-cells to dial in anonymous. And the computer hardware of that time was really crap. C64 and such stuff -40 columns- we had to write our own terminal programs and dial-in software and the lot. But it shows better what a computer is and can and can not than our much more sophisticated systems today. And the people today dont get it anymore - the cyber frontier. The point of what you can do and what you cant. Of what you should do and what not.
And we were "legal" everywhere. Nobody could harm us. So I once stepped in a little (or big) company in new york (I think) around just for to find out, where I was. It was a damn bank system, yes. I really don't know how I got there that was some software failure of my own programs I guess. After a while I simply asked a system admin where I was. Silly? No. It was our right to be there. It was not easy to communicate with him because I had no 80 column "talk". But I got it. Was funny. He couldnt understand where I came from. How I got there from damn *germany* - with a *what* computer?! But-but-but that's a multimilliondollarcomputer and you have just a few hundred Deutschmark Homecomputer! Where the fuck is germany anyway? Octoberfest? Autobahn? Really funny. But after a while chatting and playing games with the admin I logged off. Daring? Hm. Fun I think. Today you would land in jail if you do that trick. But we knew we wouldn't.
That was the time. And I say there was no internet. Not what it is today, not nearly. How many were we? A hundert? Two hundred? Nah. No we didnt know each other but we heard of.
Then NASA hack came, doors were smashed in here in germany and every hacker was shocked. Shure. Everyone was released because there was no law against this (and there was no evidence at all, because com
Re:Hard to admit, but that is quite clever
on
Sober Code Cracked
·
· Score: 3, Insightful
Dude. There are other languages than english and other coutrys than the u.s.a. around the world. So sorry that I do talk native german. Maybe you have a better grammar and spelling if we talk in german?
So if not, please stop that. I do my best to be understandable, if you dont like to read my commentary then skip it. Gna. That shit makes me angry. I never ever criticised anyone who talks german with a foreign accent. I never tried to bawl somebody out because he was not a native speaker. This is really bullshit, lets stop it before it begins. I try my best, is that okay for you? Skip it please. Its loss of bandwidth.
To your questions.
I did a lot of research for computer security issues. Including worms, virus and trojan horses, but Im no specialist that has completely focused on that thing. I never stopped to be interested, I specialised on university for a while on that theme and I grew up in the 80s where there was no "cybercrime" at all. Not here. Not in germany. We had no laws. So we did what was possible. But in that time nobody was destructive. Everyone was just damn curious. When the damn NASA hack was hitting the news at '86 (I think) I was damn near that. From the scene just an inch away.
In that time nobody thought a computer system was really vulnerable - but us - the hackers. So I grew up not in the mind of destruction but in a mind of conciousness that security is only in the hand of those who care for it. And who test it. And who spend time and energy in it.
Yes, I was a hacker and Im proud to say I am today. I dont hack into systems. Im not destructive. I write code, I test security, I play with system. Playing, yes that would be the right word for ist. Just for fun. And I did it in the 80s and I still do it. And, yes, I think its a good way to live with computers. I have fun at work.
In the early 90s I first and last put a thing you'll call a trojan horse into the "wild". There was no "internet" in that time. It was no big deal, but that progamm managed to trick a database and send me usernames and passwords. (Certainly never used the data, I have no interest in that sort of thing.) I just wanted to show my friend a big security hole in his system, but he instead of fixing it ran almost amok.
Stupid.
After a month he spoke to me again and with my help we fixed that thing. A whole month his system was unfixed and vunerable. "But it was only such a harmless feature", he declared. It was not. There is no such thing like a harmless new feature.
Please search google for "pilot script language" for more info about how harmless the feature really was and that even such a dumb little scripting language can be used to trick systems or users. It was a cool hack. No big one, shure. I have done better things after that but that one is a good lesson. New features mean new security holes. Thats it.
At that time I reverse engeneered viruscode and the first wormcodes on the new rising internet. Most of the code is really poor, poor, poor. Its bad tested, poorly written and only one of 20, 30 or even 100 virus/worms are what I call "interesting". Yes, I really was not keen on sacrificing my whole life in reverse engeneering shitty code. That is very, very boresome to reverse engeneer the tenth shitty little script-kiddie worm that was only altered enough that the antivirus software does not recognize it. Even the bugs are in it.
In the mid 90s I quit that after years of studing. So, no, I have not reverse engeneered bloody sober. Its really not worth it. It should just be destroyed. It has no really new features in it, it is not even on the same level of that worms of the mid 90s. Its just actual and uses some nice features that are not new, are not well programmed, are not innovative and is short to say boring.
Its not easy to write a worm like that. Really. This is not that what I say. But its no big deal. There are tools out there, there are people with code who invented ways for intrusion, this thing is just a rughly hammered toget
Re:Hard to admit, but that is quite clever
on
Sober Code Cracked
·
· Score: 0
Yes. Newbies like me are used plaintext ascii based boards like on usenet or modem based bbs boards in the 80s. I know, that kind of communication style is a bit out of date, shure, shure. But if I enter a forum today I really expect plaintext as the default, not that I'll be shocked by the existance of
*p* *p style="text-align:justify"*
and shit like that. I shure think thats quite useful - on a website. But in a forum everything but plaintext normally hits me by surprise. What does not hit me by surprise is the style of certain answers. They are always kind of the same.
But I wonder if we can avoid the with mathematical precision upcoming SUPERGAU of virus and worm attacks, if we arent able to change our attitudes.
Best example HTML-Code in a forum - okay, okay. Im shure a newbie here and I don't want to change anything. But just consider this: there is no way to insert any harming code through plain ascii, but I'm damn shure, that even these few allowed html-codes in this forum have the potential to insert harmful code sequences in the average windows-pc. Or maybe the webserver itself. Just look at this wonderful things you can do with css. Yeah right. Complexability, I sniff the smell of it when my face is pushed in that kind. I just wrote a trojan horse back in the mid-90s in a very simple script-language called pilot. And that one worked so good as a proof-of-concept, that the sysadmin (a friend of mine) banned me for a month. And this here is very much more complex than pilot.
But we still like this gamepad-style communications. And thats why worms and viruswriters have so easy time.
Re:Hard to admit, but that is quite clever
on
Sober Code Cracked
·
· Score: 1
Thanks.
Hope its better now.
Re:Hard to admit, but that is quite clever
on
Sober Code Cracked
·
· Score: 1
Yeah. I did. But strangely slashdot nihilated all. Sorry for that, but it was not that big block text-heap when I posted.;-)
Eh, my return key works well... Shift seems okay... no. Don't know what happend, sorry.
Re:Hard to admit, but that is quite clever
on
Sober Code Cracked
·
· Score: 3, Interesting
I disagree that writing worms and virus is clever. Not only from moral point of view even from a technical point of view its not that hard. Its really for kids "my first program", something like that before they learn real programming. There had been a teacher (I do not recall the link now) that proved with his computer science class that writing an exploit/worm needs less than 30 days for computer newbies. Fact.
In the early 90's I did some virus programming, too. And I should therefor know what I say. Before anyone stands up now to get the morality firehose, I did it at university in a special labratory under supervision by our prof for computer security. And every line from that code lies since that time cool and quiet locked up deep in a safe.
It was a result from a roleplay "virus/worm attacker vs defending programs". I was in the attacker party and we did not only win that battle, we smashed them, we nihilated them. Why? I's sooo easy to write this sort of code and defending is practical impossible. Today antivirus software is really crap, even if they have no chance when it comes to high noon between good and evil. And I think not one of the actual worms or virus is nearly as sophisticated as our "gaming" ones were in that time. There are certain very dangerous vectors of attack actual antivirus software has never had to deal with, I promise. And every of that yet unused vectors are still deadly.
And if any of those newbie junkprogrammers out there that has no better to do than to destroy the medium they live in really become smart, than the internet will stop in its actual existance. Thats fact as I see. So I hope the smart programmers will do in real software and in security and the kids and unscrupulous criminals will play with something different in future.
Its really enough that people are so dumb to answer letters from nigeria. I think we cant hope that we can finally fight that state of mind. (In german words: "Gegen Dummheit kämpfen Götter selbst vergebens" which means that even gods cant fight foolery) But in the war of machines there is only one hope for us: that the bad guys stay that dumb and bone-lazy as they are and that they stay playing games or taking drugs in there sparetime instead doing their homework. Or else we all would be doomed. The fight is not to win against a serious attacker. Not with our current computer architecture, not with programs that are thrown on market the first second its possible, because a competitior might be faster or because it maximizes the corp profit to shorten the developers time of work for security.
And the real dangers are yet undiscoverd or I should better say "too heavy for kids". Good luck everyone. But never *never* tell me again that a virus programmer is "quite smart". He's not. Not in any sense. I have seen smart virus code. And I'm glad its locked up. Still...
Slashdot Mirror
I suggest to let him exploit one of those stupid and inhumane webgames that are out there in dozens. There is much fun in doing it and he will learn really a bunch of useful things about his system and programming also.
For example:
Take a look at a game like space4k.(com|de)
Show him a bit of java programming, show him how to use a library to web-datamining/testing like httpunit and how to do some simple things with that. Also do some funny stuff with java and sql based on mysql or the like.
Then go and try to build a working bot on that sort of game. Grinding-games like this one do not deserve that humans spoil their time on stupid clicking. But there is a great use for this sort of game: learning. And he will also will find out, that being smart is not always without problems, cause people really *hate* scripters in those kind of games.
He will have fun, he will have a live response to what he is doing (very life, I promise!) and he will have all up and downs that come with such a job.
By the way: programming in java and mining data, responding to web-forms is a really great sort of knowledge for the near and far future. Data is something like gold in our information society and to mine it with a bot is something like mining '49. It's just a game so nothing can happen, nobody is hurt (who counts).
java, sql, httpunit
Basetechnology with fun. And I promise if he even manages the captacha in the game he will be a smartass in programming and will lick blood.
with best regards -
most hated "player" of space4k.de
-by the way- i just see a captcha down here in slashdot. It would be fun to crack that one, too...
Hm. Talking of destroying the own environment. Do you remember the first big worm that hit the internet? It was 1988 the morris worm that used a sendmail bug. It was exakt the time I worked in that anti virus/worm project and we, along other people worldwide worked in reverse engineering that worm. More like "understand" it because it was new - even some of us had had theories about this sort of attack we had never really "seen" it before.
This worm stopped over 6000 Computers (I do not recall the exact number now and had to consult wikipedia for this) working and crashed big hunks of edu-net. Why? Just because morris underestimated the selfpropagating rate of his worm. Even without a payload it used all computingpower of all infected machines. And by that killed his own host-network. By reading the sourcecode we found that the worm was obviously not intentionally released. Maybe it was just a testrun that was run out of control.
Such worms are quite often - worms that are miscalculated and consume much more resources then planed. So the shutdown of whole networks is maybe not the intentional goal of a worm but often enough it ends up like this.
Another thing is that may be the net is not down but your computer says good bye in the moment you connect. Last seen with the msblaster worm, that attacked every connected computer two times a minute.
And at last the internet is not not that stable and "nuclear prove" then you may think. 9.11.2001 in the moment the first (or was it the second, no it was the first) twin tower collapsed - the whole nation I think say it life on TV, in exact that moment also the german internet was gone. For how long? Half an hour? Okay. That was just one building (okay, with DNS root servers in) but it was just one building that knocked the internet out.
Some worms have the same effect. On such wormdays the internet becomes feelable slow. Up to date there was -between the morris worm- no big internet crash caused by any worm. But we are far fewer away from that moment then we think. And that may be the day on which all windows pcs have to shut down to restore the net. Up to date the relative slow modem/dsl cables are not able to really shut down the net with traffic. But in the next years glasfibre will be common and that will be the day that personal computers will overload internet connection.
To overload a transcontinental connection is even easier. The bandwith is far smaller than the continental lines. Wasn't that the case when the first cyber-skirmishes between china and usa hackers occured? I'm not shure with this but you know that these things happen even without worm attacks. And in the end there are simple certain messing around's with low-level protocol packets that fill a line with huge amount of cybertrash.
I wish I have your trust in the reliability of the internet. Certainly the internet is highly adaptive, redundant and all this. But as a few examples show - not invincible. And the last big power failure of nearly whole USA I have not mentioned yet. Read what the reason was? Ok, you know it.
No internet is not nuke proof. Its not even storm proof. Or water proof. Or worm proof. Its really a very complex and very vulnerable system and i doupt that will change in the next years - au contraire.
And last to come to the education level of worm writers. Yes, there may be people out there at my education level that do it - but if, than we would suffer more badly from worms I guess. You dont have to be a genius to write a thing like a worm or a virus. Its not right easy but its no diffult task. Mostly you communicate over ports, copy data, start programs and things like that. That are easy tasks. If you want it a bit more sophisticated you build in something like a "random" generator. Man, I write this shit with a bottle of johnny walker down in five minutes like any other programmer that even halve understands what he's doing. Its a bit of work, yes. You'll need some day, maybe some weeks. But its not difficult. If you cant
Yes, interesting. In trusting networks there is no problem to propagate a worm. As you I build one at university that checked the load of every machine in my subnet and started the c-compiler for to compile my project on every lazy or very powerful an not fully used computer. I never called it a "worm" because if I would have named it like it was, they would have thrown me out. But with that fine little script I compiled my project not in an hour but in few minutes. Nobody was harmed everything went all right and I think it was right to do it. It spared my university much time and money (that I would have earned, gash).
Yes. But there are self propagating worms. On my homepage -a little while ago- I did some homework about security of passwords and -really good- attacks over the net. More statistical rules of thumb then real math but I think I'll work. And that says ordinary ssh ports can be penetrated quite efficently - through the front door. The mass of systems out there and the mass of users is the problem. You can easily crash that. And even its much more interesting to get control of one true router then of thousand dumb zombie pcs. I recall now that Bruce Schneier told on his blog about the possibility of ssh worms. And I simply worked that idea a bit out.
But interesting is it when it comes to cross-plattform attacks. I think we will see the next big attacks as java worms. Did you catch the last known bug of java 1.4.2_08 und below? And all 5.0 Versions of that date below? First catastrophic break of the sandbox that I know of. And where there is one there is always one more.
And java code is damn small and damn fast (on JIT), flexible and everything a worm/viruswriter wants.
How to build multiplatform java networks on "trusted" computers is quite easy - the code can even be downloaded ready for use from the net. But when somebody begins to combine this an some other features I know of, then -hm- you better look for a helping god, because thats everything that will help.
And even the self-referencing capabilities of java are perfect prey for worm-writers. You can easily recompile the whole construct even trough the net itself. You can import complex codes and so on. But I dont like it to bring people on bad ideas. I like java. And its misusing is not often. I think this is because only very few java programmers are schoolkids.
Maybe there are easier ways to do this stuff. But for me its looking dangerously easy enough.
I ask myself, by the way, isn't it always the same old story how programms are attacked by heap overflows? What would happen if a mutating worm is not attacking only one specific port but ports at random and tries so long for working code (working length of codesequences) up to somewhere a program crashes, starts the code and propagates working childs that themself slowly mutate? Would this sort of worm ever stop?
So much about interesting ideas...
Thank you for your compliment for my english. But really, I know I suck. It's nice that you accept my language then.
Tja, sorry that you are not satisfied with my little article. If it interests you, I tell some rows more.
But yes, you are right. There was a internet. But not that what today everyone is calling the "internet". I know it, you know it. But most of the users of the today internet have no memory in the pre-webage. In the early time we had even no AOL or CompuServ. We -in germany- had datex-p. The datex service from former "Die Deutsche Post" (mail and telephone agency) brought our self-build 300 baud acoustic copplers into the world-wide datanet. That was another time. There was no personal internet like today and to call it one -hm- seems a bit strange if we see what we have today.
And really nobody expected us to be there. Every system was quite open to everyone. And shure there were people doing things that were illegal - but not here in germany. Because there were no laws against hacking into forein computersystems or to use satelite connections to USA forging account data. And even in forein countrys we were free to do what we liked to. No laws means no legal/illegal means no police no judge could harm us for what we did. But I do not recall any destructive crimes that were commited in that time - by us.
It worked. We used new york outdial to telephone to BBS systems or corporation all over the country. T'was quite cool for a teenager to do such things.
Up to that thing with the NASA hack. After that there were cyberlaws in germany. It changed everything. Hacking was illegal now. But most of us of the early days knew what we wanted. The net was there - it was only waiting for us. We build an own net of linked private BBS systems - the z-netz or zerberus-system, communicated and waited for the first systems to connect really online. Internet? No man. Not in those days, not in germany if you were not working for big company or university. Computer science at university? Was not invented yet.
Internet as a teenager? If you were a hacker, yes. Other ways? No. Not here. Not in that time. The "Deutsche Post" even forbid to use a modem. But they couldnt control us, stop our curiousity. We really drove to telephone-cells to dial in anonymous. And the computer hardware of that time was really crap. C64 and such stuff -40 columns- we had to write our own terminal programs and dial-in software and the lot. But it shows better what a computer is and can and can not than our much more sophisticated systems today. And the people today dont get it anymore - the cyber frontier. The point of what you can do and what you cant. Of what you should do and what not.
And we were "legal" everywhere. Nobody could harm us. So I once stepped in a little (or big) company in new york (I think) around just for to find out, where I was. It was a damn bank system, yes. I really don't know how I got there that was some software failure of my own programs I guess. After a while I simply asked a system admin where I was. Silly? No. It was our right to be there. It was not easy to communicate with him because I had no 80 column "talk". But I got it. Was funny. He couldnt understand where I came from. How I got there from damn *germany* - with a *what* computer?! But-but-but that's a multimilliondollarcomputer and you have just a few hundred Deutschmark Homecomputer! Where the fuck is germany anyway? Octoberfest? Autobahn? Really funny. But after a while chatting and playing games with the admin I logged off. Daring? Hm. Fun I think. Today you would land in jail if you do that trick. But we knew we wouldn't.
That was the time. And I say there was no internet. Not what it is today, not nearly. How many were we? A hundert? Two hundred? Nah. No we didnt know each other but we heard of.
Then NASA hack came, doors were smashed in here in germany and every hacker was shocked. Shure. Everyone was released because there was no law against this (and there was no evidence at all, because com
Dude. There are other languages than english and other coutrys than the u.s.a. around the world. So sorry that I do talk native german. Maybe you have a better grammar and spelling if we talk in german?
So if not, please stop that. I do my best to be understandable, if you dont like to read my commentary then skip it. Gna. That shit makes me angry. I never ever criticised anyone who talks german with a foreign accent. I never tried to bawl somebody out because he was not a native speaker. This is really bullshit, lets stop it before it begins. I try my best, is that okay for you? Skip it please. Its loss of bandwidth.
To your questions.
I did a lot of research for computer security issues. Including worms, virus and trojan horses, but Im no specialist that has completely focused on that thing. I never stopped to be interested, I specialised on university for a while on that theme and I grew up in the 80s where there was no "cybercrime" at all. Not here. Not in germany. We had no laws. So we did what was possible. But in that time nobody was destructive. Everyone was just damn curious. When the damn NASA hack was hitting the news at '86 (I think) I was damn near that. From the scene just an inch away.
In that time nobody thought a computer system was really vulnerable - but us - the hackers. So I grew up not in the mind of destruction but in a mind of conciousness that security is only in the hand of those who care for it. And who test it. And who spend time and energy in it.
Yes, I was a hacker and Im proud to say I am today. I dont hack into systems. Im not destructive. I write code, I test security, I play with system. Playing, yes that would be the right word for ist. Just for fun. And I did it in the 80s and I still do it. And, yes, I think its a good way to live with computers. I have fun at work.
In the early 90s I first and last put a thing you'll call a trojan horse into the "wild". There was no "internet" in that time. It was no big deal, but that progamm managed to trick a database and send me usernames and passwords. (Certainly never used the data, I have no interest in that sort of thing.) I just wanted to show my friend a big security hole in his system, but he instead of fixing it ran almost amok.
Stupid.
After a month he spoke to me again and with my help we fixed that thing. A whole month his system was unfixed and vunerable. "But it was only such a harmless feature", he declared. It was not. There is no such thing like a harmless new feature.
Please search google for "pilot script language" for more info about how harmless the feature really was and that even such a dumb little scripting language can be used to trick systems or users. It was a cool hack. No big one, shure. I have done better things after that but that one is a good lesson. New features mean new security holes. Thats it.
At that time I reverse engeneered viruscode and the first wormcodes on the new rising internet. Most of the code is really poor, poor, poor. Its bad tested, poorly written and only one of 20, 30 or even 100 virus/worms are what I call "interesting". Yes, I really was not keen on sacrificing my whole life in reverse engeneering shitty code. That is very, very boresome to reverse engeneer the tenth shitty little script-kiddie worm that was only altered enough that the antivirus software does not recognize it. Even the bugs are in it.
In the mid 90s I quit that after years of studing. So, no, I have not reverse engeneered bloody sober. Its really not worth it. It should just be destroyed. It has no really new features in it, it is not even on the same level of that worms of the mid 90s. Its just actual and uses some nice features that are not new, are not well programmed, are not innovative and is short to say boring.
Its not easy to write a worm like that. Really. This is not that what I say. But its no big deal. There are tools out there, there are people with code who invented ways for intrusion, this thing is just a rughly hammered toget
But I wonder if we can avoid the with mathematical precision upcoming SUPERGAU of virus and worm attacks, if we arent able to change our attitudes.
Best example HTML-Code in a forum - okay, okay. Im shure a newbie here and I don't want to change anything. But just consider this: there is no way to insert any harming code through plain ascii, but I'm damn shure, that even these few allowed html-codes in this forum have the potential to insert harmful code sequences in the average windows-pc. Or maybe the webserver itself. Just look at this wonderful things you can do with css. Yeah right. Complexability, I sniff the smell of it when my face is pushed in that kind. I just wrote a trojan horse back in the mid-90s in a very simple script-language called pilot. And that one worked so good as a proof-of-concept, that the sysadmin (a friend of mine) banned me for a month. And this here is very much more complex than pilot.
But we still like this gamepad-style communications. And thats why worms and viruswriters have so easy time.
Thanks.
Hope its better now.
Yeah. I did. But strangely slashdot nihilated all. Sorry for that, but it was not that big block text-heap when I posted. ;-)
Eh, my return key works well... Shift seems okay... no. Don't know what happend, sorry.
I disagree that writing worms and virus is clever. Not only from moral point of view even from a technical point of view its not that hard. Its really for kids "my first program", something like that before they learn real programming. There had been a teacher (I do not recall the link now) that proved with his computer science class that writing an exploit/worm needs less than 30 days for computer newbies. Fact. In the early 90's I did some virus programming, too. And I should therefor know what I say. Before anyone stands up now to get the morality firehose, I did it at university in a special labratory under supervision by our prof for computer security. And every line from that code lies since that time cool and quiet locked up deep in a safe. It was a result from a roleplay "virus/worm attacker vs defending programs". I was in the attacker party and we did not only win that battle, we smashed them, we nihilated them. Why? I's sooo easy to write this sort of code and defending is practical impossible. Today antivirus software is really crap, even if they have no chance when it comes to high noon between good and evil. And I think not one of the actual worms or virus is nearly as sophisticated as our "gaming" ones were in that time. There are certain very dangerous vectors of attack actual antivirus software has never had to deal with, I promise. And every of that yet unused vectors are still deadly. And if any of those newbie junkprogrammers out there that has no better to do than to destroy the medium they live in really become smart, than the internet will stop in its actual existance. Thats fact as I see. So I hope the smart programmers will do in real software and in security and the kids and unscrupulous criminals will play with something different in future. Its really enough that people are so dumb to answer letters from nigeria. I think we cant hope that we can finally fight that state of mind. (In german words: "Gegen Dummheit kämpfen Götter selbst vergebens" which means that even gods cant fight foolery) But in the war of machines there is only one hope for us: that the bad guys stay that dumb and bone-lazy as they are and that they stay playing games or taking drugs in there sparetime instead doing their homework. Or else we all would be doomed. The fight is not to win against a serious attacker. Not with our current computer architecture, not with programs that are thrown on market the first second its possible, because a competitior might be faster or because it maximizes the corp profit to shorten the developers time of work for security. And the real dangers are yet undiscoverd or I should better say "too heavy for kids". Good luck everyone. But never *never* tell me again that a virus programmer is "quite smart". He's not. Not in any sense. I have seen smart virus code. And I'm glad its locked up. Still...