Full Version: More Software Under Attack
Just read an article at cnn.com (here) about new attacks by hackers on software other than Micro$oft. Some people have no life I guess.
This may or not be related to that article. But I just don't get what the thrill is of these hackers. It's like a contest to them. Their knowledge seems to me could be spent on creating instead of destroying. As a side note Xoops just got hacked yesterday morning.
Greg
Greg
I agree with you Greg. Such talent going to waste.
Guys, keep in mind the difference between a hacker and a cracker.
A hacker is someone who modifies something to make it work in a different way than originally intended. When you flash your iPod firmware to make it do something cool you're hacking it. When you put a new piece in your car to make it run faster, you're hacking your car.
We can say that a cracker does the same as the hacker but does it so that he/she can make a system (computer or not) behave in a way that will bypass a security check or provide the cracker with unauthorized access to the system.
So the big difference is that a hacker does what he does without mallicious intentions, while a cracker has something usually-illegal in mind.
As for the wasted time, also keep in mind that many of these guys who discover security vulnerabilities, audit computer systems for a living. Others discover those vulnerabilities by chance - for example, some time ago I was messing around with some PHP code of a not-so-well-known forum software to make ir work in a different way than it originally did (I was hacking it
) and I found a security vulnerability. But I did not use that vulnerability to gain access to sites that used it (I did not crack into those sites).
Either way, they're doing an important work, because if it wasn't for them, those vulnerabilities could remain unknown and sooner or later, someone else would find them. If that person wanted, he/she could keep the knowledge of the vulnerability to himself and exploit it to gain access to computer systems that used the affected software.
A hacker is someone who modifies something to make it work in a different way than originally intended. When you flash your iPod firmware to make it do something cool you're hacking it. When you put a new piece in your car to make it run faster, you're hacking your car.
We can say that a cracker does the same as the hacker but does it so that he/she can make a system (computer or not) behave in a way that will bypass a security check or provide the cracker with unauthorized access to the system.
So the big difference is that a hacker does what he does without mallicious intentions, while a cracker has something usually-illegal in mind.
As for the wasted time, also keep in mind that many of these guys who discover security vulnerabilities, audit computer systems for a living. Others discover those vulnerabilities by chance - for example, some time ago I was messing around with some PHP code of a not-so-well-known forum software to make ir work in a different way than it originally did (I was hacking it
) and I found a security vulnerability. But I did not use that vulnerability to gain access to sites that used it (I did not crack into those sites).Either way, they're doing an important work, because if it wasn't for them, those vulnerabilities could remain unknown and sooner or later, someone else would find them. If that person wanted, he/she could keep the knowledge of the vulnerability to himself and exploit it to gain access to computer systems that used the affected software.
I have to agree with borfast here.
Most of the people with "no lives" are the script kiddies and losers who live in their mother's basements, hacking into online accounts and websites in order to deface them with "kewl" things, act out a grudge, or look cool in front of their other dorky friends.
I've known a few people in my life who have either stumbled across exploits or actively searched for them, and informed the relevant people of it. Some people just like doing it, and are good at it.
I don't necessarily think that they should be dumped on because of the stigma that the kids and losers give off.
Most of the people with "no lives" are the script kiddies and losers who live in their mother's basements, hacking into online accounts and websites in order to deface them with "kewl" things, act out a grudge, or look cool in front of their other dorky friends.
I've known a few people in my life who have either stumbled across exploits or actively searched for them, and informed the relevant people of it. Some people just like doing it, and are good at it.
I don't necessarily think that they should be dumped on because of the stigma that the kids and losers give off.
QUOTE(borfast @ Jul 26 2005, 05:25 PM)
Either way, they're doing an important work, because if it wasn't for them, those vulnerabilities could remain unknown and sooner or later, someone else would find them. If that person wanted, he/she could keep the knowledge of the vulnerability to himself and exploit it to gain access to computer systems that used the affected software.
Instead of taking down a site, whatever you may want to call them. Why not an email to the sites admin, and let them know we found this problem To say they're doing important work ????? In the case of Xoops. At any one time there are at least 100 folks online at their site. Now for the next few days we can't get into the forums or whatever part of the site we wish to. So again if they're truly such good folks, why not an email to the webmaster and let them know, instead of taking down a site. (unless I'm missing something)
Crackers hackers or whatever you may what to call them.
Greg
Greg, I think you're missing the important point: not all the people who find bugs are stupid script kiddies or crackers.
Some of those people are people who like to do that (hunting bugs) or simply people who know a lot about it and do it for a living. Those folks usually warn the relevant system administrator or software company before coming to public with the vulnerability.
Others will simply disclose the vulnerability without even trying to contact the relevant people.
Others will not even tell anyone, keep the knowledge to themselves and use it to gain unauthorized access to other vulnerable systems.
It's just like everything else in this life: there's no absolute truth, each person is a different case
Some of those people are people who like to do that (hunting bugs) or simply people who know a lot about it and do it for a living. Those folks usually warn the relevant system administrator or software company before coming to public with the vulnerability.
Others will simply disclose the vulnerability without even trying to contact the relevant people.
Others will not even tell anyone, keep the knowledge to themselves and use it to gain unauthorized access to other vulnerable systems.
It's just like everything else in this life: there's no absolute truth, each person is a different case
I feel that most of the hackers/crackers fall into the later catagory. Raul, please correct me if my assumption is wrong. These are the people I was referring to.
Well, if you look at it from a general point of view, then yes, most crackers (not hackers ) fall into that category. But I wouldn't call most of them crackers in the usual sense of the word.
When we talk about computer crackers, we (or I, at least) usually think of someone with vast knowledge about computer security and computer systems.
As Marie B. said, most of those guys are just "script kiddies" who know nothing more than to look for pre-made exploit scripts that give them access to websites, which they promptly deface, leaving messages that proclaim their "l33t sk1llz"... elite skills that they really don't have, because they have absolutely no idea of what happened when they cracked into the website, they only know how to execute that script and mess up the website.
If someone asked them what was going on in the background, what exactly that script was doing and if they could recreate what the script does, using other tools, etc... they wouldn't even have a clue about how to make up an excuse for not knowing anything about that.
For their lack of knowledge and misuse/abuse of tools created by others (exploit scripts are usually created by security experts for the purpose of testing their systems for vulnerabilities and they usually share those tools with the community) for a maliciouse purpose, I don't grant them the title of crackers.
They're not even hackers, because not only they don't know anything about computer security, they didn't even modify/hack anything to make it work in a way they wanted - they simply used tools created by someone else.
Hence the term "script kiddies"
In the end, yes, there are also those who do know their share of computer security and still use it for stupid/malicious purposes. But I wouldn't say those are the majority. I think the majority are those script kiddies mentioned above.
PS - it's good to have some time to come to the forums again, now that college exams are over!
) fall into that category. But I wouldn't call most of them crackers in the usual sense of the word.When we talk about computer crackers, we (or I, at least) usually think of someone with vast knowledge about computer security and computer systems.
As Marie B. said, most of those guys are just "script kiddies" who know nothing more than to look for pre-made exploit scripts that give them access to websites, which they promptly deface, leaving messages that proclaim their "l33t sk1llz"... elite skills that they really don't have, because they have absolutely no idea of what happened when they cracked into the website, they only know how to execute that script and mess up the website.
If someone asked them what was going on in the background, what exactly that script was doing and if they could recreate what the script does, using other tools, etc... they wouldn't even have a clue about how to make up an excuse for not knowing anything about that.
For their lack of knowledge and misuse/abuse of tools created by others (exploit scripts are usually created by security experts for the purpose of testing their systems for vulnerabilities and they usually share those tools with the community) for a maliciouse purpose, I don't grant them the title of crackers.
They're not even hackers, because not only they don't know anything about computer security, they didn't even modify/hack anything to make it work in a way they wanted - they simply used tools created by someone else.
Hence the term "script kiddies"
In the end, yes, there are also those who do know their share of computer security and still use it for stupid/malicious purposes. But I wouldn't say those are the majority. I think the majority are those script kiddies mentioned above.
PS - it's good to have some time to come to the forums again, now that college exams are over!
I guess if they all went by the name Jack, that would make them "Cracker Jacks" 
(sorry couldn't resist)
Greg
(sorry couldn't resist)
Greg
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.