Watch how fast the defensive shields go up:
Moderator: General Moderators
Another point that I bring to the table is that 'hackers' are quite advanced and knowledgable programmers. When was the last time you saw a 12 year old playing around with html hack a website. Hackers are great programmers with ill-guided morals. Take a feyd, multiple that by evil, and bam: expert hacker. If we look up to feyd for advice and training, why not look up to hackers. If there is anyone who knows the language, or the system, its the hacker who exploits it.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
We can for sure collate some common vulnerabilities such as sniffing, email injection, SQL injection, global injection etc etc but I get the impression you're referring more to a HOW-TO on cracking?
We have a security forum and it's there for the obvious reasons. If we were to start doing step-by-step tutorials on cracking systems it doesn't exactly make us look good when people start abusing it now does it?
Asking somebody to "hack" into a system over the internet, even if the system is owned by you is actually illegal too for those who don't know.
I'm all for having a collection of articles on vulnerabilities and common exploits and how to secure against them. But not for having a set of HOW-TO's on breaking into systems.
We have a security forum and it's there for the obvious reasons. If we were to start doing step-by-step tutorials on cracking systems it doesn't exactly make us look good when people start abusing it now does it?
Asking somebody to "hack" into a system over the internet, even if the system is owned by you is actually illegal too for those who don't know.
I'm all for having a collection of articles on vulnerabilities and common exploits and how to secure against them. But not for having a set of HOW-TO's on breaking into systems.
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
Discussing a disclosed exploit I assumed was allowable under the rules... The flip side is that discussion or mention of a non-disclosed vulnerability should be banned completely. It's impolite, and possibly grounds for a civil suit. Maybe the rule could be clarified, but it seems pretty straight forward what's allowable and not. If you want to discover and research exploits of past application versions there are dozens of public security reporting lists which list, categorise, and explain them with proof-of-concepts...
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
When it comes to security, at least in these forums, I would feel more comfortable with:
as opposed to:'When you develop, you should do this to prevent that'
Again, I don't ever want to put this community (or the members of it) in a position to be named if/when someones site goes down as a result of something posted here, especially if it something that goes straight to the taking down of a site. But I have no problem with someone teaching others against known, published exploits.'That causes this, which you should code to prevent'.
- Buddha443556
- Forum Regular
- Posts: 873
- Joined: Fri Mar 19, 2004 1:51 pm
You might look into the Computer Security Institute (CSI), International Information Systems Security Certification Consortium (ISC2) and Information Systems Audit and Control Association (ISACA) for professional training. Those are just a few from my junk mail bin. Here's a good list of other professional orginizations not all strictly computer security though:I would like to learn about this dark art for the mere knowledge of how to prevent it.
http://csrc.nist.gov/ATE/prof_development.html
I don't understand what all this fuss is about. We've discussed PHP security in the past (here's another example).
If there are security concerns you have regarding a script you wrote or that is sitting on your server: post the script and ask for advice.
If a new, critical security hole in any of the technologies we are discussing on this board is found, we'll post it here.
I don't know what more you want that you believe will make your script safer nor why.
If there are security concerns you have regarding a script you wrote or that is sitting on your server: post the script and ask for advice.
If a new, critical security hole in any of the technologies we are discussing on this board is found, we'll post it here.
I don't know what more you want that you believe will make your script safer nor why.
- gkwhitworth
- Forum Commoner
- Posts: 85
- Joined: Tue Sep 05, 2006 8:28 pm
- Location: Wasilla, Alaska
I completely agree...I am all for figuring out why someone was able to get into someone's server by viewing their code, but not by saying:Again, I don't ever want to put this community (or the members of it) in a position to be named if/when someones site goes down as a result of something posted here, especially if it something that goes straight to the taking down of a site. But I have no problem with someone teaching others against known, published exploits.
"You can get into someone's server by doing this, this, and this. Make sure to do this, to secure yourself from it."
Nice though everah.
--
Greg
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
I agree. Professional programming takes discipline, Project completion is a *very* difficult task.volka wrote:I disagree on this one. Developing and hacking (/analyzing) are two different skills. They intersect but one does not cause the other.
Professional programming requires years of study & practice and experience.
A Hacker (herein called a cracker) is someone who studies and understands systems, usually experts at finding holes or discovering undocumented functionality.
Reverse engineering and re-engineering are very different skillsets.
Hacking doesn't require discipline it requires dedication and patience. Cracking requires the former, but intent on casuing harm.
Hacking and cracking are very different subjects IMHO.
Crackers use tools like brute force password gtenerators to discover weak passwords, hackers try to discover new methods of entering a system.
crackers steal passwords using tools provided to them...hackers capture your network traffic and notify you of your vulnerability...
There are big differences in being a professional hacker, cracker and software developer. You don't need to be a programmer to be a hacker or a cracker, but it helps.
Cheers
I always had the thought that a Hacker was merely someone who takes a proprietry piece of software and modifies it for their, or their employers/clients specific needs (legitimately) where as a Cracker is what the media refer to as a Hacker.
Hacker.. someone who hacks an app to pieces and rebuilds them to suit their requirements.
Cracker.. somone who makes their way "into" a system, either by finding existing cracks in the walls, or by making their own.
[/offtopic]
I too don't see the problem. And even though Todd_Z has stated he only has good intentions, this does come across as a "I wanna know how to hack" type post..
As patrikG pointed out - you can already post questions about any security flaw, existing or hypothetical .. so I don't see a need for this, or perhaps maybe a list of common flaws such as injection, xss, url corruption and so forth is what you seek?
Hacker.. someone who hacks an app to pieces and rebuilds them to suit their requirements.
Cracker.. somone who makes their way "into" a system, either by finding existing cracks in the walls, or by making their own.
[/offtopic]
I too don't see the problem. And even though Todd_Z has stated he only has good intentions, this does come across as a "I wanna know how to hack" type post..
As patrikG pointed out - you can already post questions about any security flaw, existing or hypothetical .. so I don't see a need for this, or perhaps maybe a list of common flaws such as injection, xss, url corruption and so forth is what you seek?
- ambivalent
- Forum Contributor
- Posts: 173
- Joined: Thu Apr 14, 2005 8:58 pm
- Location: Toronto, ON
http://www.catb.org/~esr/faqs/hacker-howto.html#what_isJenk wrote:I always had the thought that a Hacker was merely someone who takes a proprietry piece of software and modifies it for their, or their employers/clients specific needs (legitimately) where as a Cracker is what the media refer to as a Hacker.
I think that's more or less the classic definition.