Social Engineering and Hacking
Moderator: General Moderators
- mrvanjohnson
- Forum Contributor
- Posts: 137
- Joined: Wed May 28, 2003 11:38 am
- Location: San Diego, CA
Social Engineering and Hacking
I had been seeing a lot of the people using WhatPulse. Seemed like a fun enough thing to do. See who types more in a given day, form teams, have competition. So I sign up for a free account, downloaded a small program and install it. I fire up my little Pulse monitor and after awhile, my personal firewall alerts me that the application is trying to access the internet. Well duh, it had to update my account, so I let it go. I use the application for a couple of hours while i go about my daily business. Being a systems administrator I am logging on and off boxes all over the place.
After a few hours I check my account, cool it's been updating. Maybe I'll join the Evilwalrus team. Then my paranoid systems admin gears start to turn and my heart drops. I realize I have been hitting a bunch of system critical machines all the time allowing this Pulse application to upload information to the Internet. Well, what if it was doing more than counting my keystrokes but actually doing Key Stroke Logging. All man I am screwed.
Needless to say I uninstalled the application and as tempting as it's been to use it I have not. Now, I am not saying I have found any evidence that using WhatPulse does this, but I though to myself, "What a perfect socially engineered hack. Create an online game out of logging peoples keystrokes." Tons of important information flowing right to your fingertips and all you have to do and put their name at the top of a list. The more people play the more information you collect.
I've always had similar fears about any software, especially Freeware. I find myself constantly weighing cost with potential threat.
So my question is this, what is the cleverest hack you have ever heard of being accomplished. Whether it be destructive or just funny. Computer related or life related. Captain Crunch - John Draper’s infamous cereal box toy whistle or Mitnick's various social engineering tactics. Let us know.
After a few hours I check my account, cool it's been updating. Maybe I'll join the Evilwalrus team. Then my paranoid systems admin gears start to turn and my heart drops. I realize I have been hitting a bunch of system critical machines all the time allowing this Pulse application to upload information to the Internet. Well, what if it was doing more than counting my keystrokes but actually doing Key Stroke Logging. All man I am screwed.
Needless to say I uninstalled the application and as tempting as it's been to use it I have not. Now, I am not saying I have found any evidence that using WhatPulse does this, but I though to myself, "What a perfect socially engineered hack. Create an online game out of logging peoples keystrokes." Tons of important information flowing right to your fingertips and all you have to do and put their name at the top of a list. The more people play the more information you collect.
I've always had similar fears about any software, especially Freeware. I find myself constantly weighing cost with potential threat.
So my question is this, what is the cleverest hack you have ever heard of being accomplished. Whether it be destructive or just funny. Computer related or life related. Captain Crunch - John Draper’s infamous cereal box toy whistle or Mitnick's various social engineering tactics. Let us know.
-
fractalvibes
- Forum Contributor
- Posts: 335
- Joined: Thu Sep 26, 2002 6:14 pm
- Location: Waco, Texas
- mrvanjohnson
- Forum Contributor
- Posts: 137
- Joined: Wed May 28, 2003 11:38 am
- Location: San Diego, CA
Careful how broadly you incriminate that word hacker. I don’t want to turn this into a “what is a hacker string” but in my opinion, if you are a coder you would have to be by definition a hacker. I definitely see a line between hacking and criminal hacking (cracking), virus writers and script kiddies. Again being a Systems Admin I loath the evil side of hacking. But never the less the greatest minds in the world were that way because they were hackers. If people didn't mess around with things we would still be sitting in a cave with no electricity, indoor plumbing, or vehicle.
-
fractalvibes
- Forum Contributor
- Posts: 335
- Joined: Thu Sep 26, 2002 6:14 pm
- Location: Waco, Texas
Well said! You sound as if you've read some Ayn Rand.mrvanjohnson wrote:Careful how broadly you incriminate that word hacker. I don’t want to turn this into a “what is a hacker string” but in my opinion, if you are a coder you would have to be by definition a hacker. I definitely see a line between hacking and criminal hacking (cracking), virus writers and script kiddies. Again being a Systems Admin I loath the evil side of hacking. But never the less the greatest minds in the world were that way because they were hackers. If people didn't mess around with things we would still be sitting in a cave with no electricity, indoor plumbing, or vehicle.
Cheers,
BDKR
I know you didn't what this to be a debate on "what is a hacker", but I have to take a little issue with "if you are a coder you would have to be by defination a hacker."
To me a hacker is much more than a coder. Anyone can be a coder. It has no extra connotations, in my mind. Hacker does; Hackers have a power drive to understand the how and whys of things. Hackers play with their code. Hackers have a mindset unique to themselves that sets them apart from coders. Hackers program for the fun of it (even if they get paid, they're coding because they love it) and they enjoy sharing the excitement with others, but don't tolerate laziness in thought or deed.
To me a hacker is much more than a coder. Anyone can be a coder. It has no extra connotations, in my mind. Hacker does; Hackers have a power drive to understand the how and whys of things. Hackers play with their code. Hackers have a mindset unique to themselves that sets them apart from coders. Hackers program for the fun of it (even if they get paid, they're coding because they love it) and they enjoy sharing the excitement with others, but don't tolerate laziness in thought or deed.
- mrvanjohnson
- Forum Contributor
- Posts: 137
- Joined: Wed May 28, 2003 11:38 am
- Location: San Diego, CA
http://www.webopedia.com/
I often dont even consider myself a programmer as I still look at the helpfiles on 'easy things'.
Hacker - A slang term for a computer enthusiast, i.e., a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s). Among professional programmers, depending on how it used, the term can be either complimentary or derogatory, although it is developing an increasingly derogatory connotation. The pejorative sense of hacker is becoming more prominent largely because the popular press has coopted the term to refer to individuals who gain unauthorized access to computer systems for the purpose of stealing and corrupting data. Hackers, themselves, maintain that the proper term for such individuals is cracker.
Sounds good enough for me. About the dinner/chef issue, also true. Being able to and mastering something is widely different.Cracker - (1) To break into a computer system. The term was coined in the mid-80s by hackers who wanted to differentiate themselves from individuals whose sole purpose is to sneak through security systems. Whereas crackers sole aim is to break into secure systems, hackers are more interested in gaining knowledge about computer systems and possibly using this knowledge for playful pranks. Although hackers still argue that there's a big difference between what they do and what crackers do, the mass media has failed to understand the distinction, so the two terms -- hack and crack -- are often used interchangeably.
(2) To copy commercial software illegally by breaking (cracking) the various copy-protection and registration techniques being used.
I often dont even consider myself a programmer as I still look at the helpfiles on 'easy things'.
-
fractalvibes
- Forum Contributor
- Posts: 335
- Joined: Thu Sep 26, 2002 6:14 pm
- Location: Waco, Texas
The interesting thing is that while the term craker is rather new and is meant to shoulder the weight of those negative connotations, the term hacker goes back to a time even before the internet and refers to people that used to hack the phone systems to avoid paying long distance phone charges among other things.fractalvibes wrote:Perhaps, perhaps.....hire the burglar to look over the security system... The terms hacker and cracker do not create warm and fuzzy feelings of trust and integrity for me....and certainly neither have
positive connotations in general usage.
fv
The term 'hacker' by itself really shouldn't deserve the negative connotation. In it's purest sense, it's come to be a reference to individuals who by nature will fight and fight and grapple and fight with a problem or challenge until they find or create a solution. Many of these types of people are the reason we have a number of cool things. I think PHP and Linux are prime examples of this. Individuals tucked away someplace like an attic or basement office hacking away at lines of code or whatever it may be that stumble across something cool.
In a sense, the 'nutty professor' type is a perfect exmaple of this. I've heard some funny of stories of just how quirky many scientists and inventors can be. Is that not true for many in the computing field? But whatever thier quirks are, they tend to put serious work and time into whatever it is they are endeavouring to understand or create.
Just like a hacker!
In the most politically correct sense, I'm an IT professional, but I'd rather be associated with the term hacker in reference to people that try, screw around with, break, fix, tweak, hack, and create things.
Cheers,
BDKR
-
fractalvibes
- Forum Contributor
- Posts: 335
- Joined: Thu Sep 26, 2002 6:14 pm
- Location: Waco, Texas
Very good thoughts, BDKR. I would still be carefull with the term, as John Q. Public and Jane Doe associate the term with someone who has malicious intent. But as you describe it, yes that `hacking` very much is an apt description of the "...By God I am going to make this work...." attitude needed.
fv
fv
