Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT

Is This the Golden Age of Hacking? 213

Barence writes "With a seemingly continuous wave of attacks hitting the public and commercial sectors, there has never been a more prodigious period for hackers, argues PC Pro. What has led to the sudden hacking boom? Ease of access to tools has also led to an explosion in the numbers of people actively looking for companies with weakened defenses, according to security experts. Meanwhile, the recession has left thousands of highly skilled IT staff out of work and desperate for money, while simultaneously crimping companies' IT security budgets. The pressure to get systems up and running as quickly as possible also means that networks aren't locked down as tightly as they should be, which can leave back doors open for hackers."
This discussion has been archived. No new comments can be posted.

Is This the Golden Age of Hacking?

Comments Filter:
  • by amalek ( 615708 ) on Wednesday June 15, 2011 @09:14AM (#36449962)
    Meanwhile, the recession has left thousands of highly skilled IT staff out of work and desperate for money, while simultaneously crimping companies' IT security budgets... ?
    • by Anrego ( 830717 ) * on Wednesday June 15, 2011 @09:21AM (#36450110)

      crimping companies' IT security budgets

      Most were already crippled, which is really what I blame for the problem.

      For a _long_ time "this could get hacked" was a theory. Yes if someone dedicated resources at you and knew where to look they could get in.. but who is going to target _us_.

      The availability of tools that can automagically find these vulnerabilities and exploit them is what I blame. All these little holes no one worried about because "no one will ever bother looking there" are becoming a big deal.

      Hopefully companies getting hacked left right and center will put the fear of the great fire cactus to the suits, and they in-turn will invest in real security.

      • Re: (Score:3, Insightful)

        by JoeTalbott ( 2146840 )
        This reminds me of a plumber I once knew who bumped his head on a brick and a gold coin fell out. Ever since then he's been bumping his head on bricks looking for hidden coins. A sad tale indeed from which I learned that 'security through obscurity' depends largely on the obscure remaining so.
      • I agree, except these "hackers" need to be labeled criminals and called out by our industry as such. Sure the companies could do better (and need to be called out when they are grossly negligent), but that can be like saying a home owner *could* or *should* have put up cameras, steel doors and bars on the windows to help deter the burglar. Sure we could make every house Fort Knox, but that isn't cost effective nor is it always the proper front of the battle. There is a reasonable amount of security that sh

        • I don't think you can draw a comparison between the safetey of a private residence, and the security of a corporations network. Put lightly, If a theif manages to break into your home, it is likely he will only get away with either one arge item (Such as your 40" TV) or maybe pockets full of Jewellry and whatever cash they stumble upon. In comparison, if a hacker can break into the network of a corporation, that means customer data and other valuable information (possibly trade secrets etc.) could be compr
          • by mcgrew ( 92797 ) *

            True, except the real difference is, if my house gets broken into only my stuff gets stolen, If a bank gets broken into, everybody's money gets stolen. The bank needs a whole lot better security than my house does (my house was just broken into a couple of months ago, they opened the back door with a pry bar). A rich man needs good security on his house, a poor man needs none at all. If I have nothing to steal, I have no worries about security.

            Some of these hacks, though, are like your borrowing my car, an

        • by cgenman ( 325138 )

          Most of these houses lock the front door with a twist-tie and leave the windows open. I'm sorry, but if a simple directory traversal will get your web server to serve up your password file, we're not talking about breaking into Fort Knox here. Most of the security these companies had was security theater. Even more "advanced" tactics, like using holes in common software that was patched two years ago, should never happen.

        • In addition to the good points made in other replies, don't forget that many of the hackers are working from outside the U.S. and countries with whom we have extradition agreements. Labelling them a criminal is fine and good, but it may be next to impossible to serve justice without military action.
      • by cgenman ( 325138 ) on Wednesday June 15, 2011 @10:09AM (#36450832) Homepage

        Citi got hacked because you could plug anybody's account numbers into a website once you had logged in, and it would spit out valid information. That's just a complete lack of basic security. That's just bad initial design that wouldn't have cost any extra to secure if it had been developed by anyone with a clue.

        And automated tools have existed for years. I'd say that the big difference is that it used to be very few people knew how to move 200k freshly stolen credit card numbers. Sellers and buyers had to know specific IRC channels or dial-up BBS's to log into. Now, thanks to social networking and the explosion of 0-configuration bulletin boards, anyone with a use for a million credit card numbers can hop onto Google and find a place where sellers hang out. People can make a good living renting out botnets or selling identities in a way that had been very difficult.

      • by AmiMoJo ( 196126 ) on Wednesday June 15, 2011 @10:14AM (#36450916) Homepage Journal

        From the board room's point of view security costs money with no tangible benefit. They find it hard to say to investors "we spent lots of money on securing our systems, it reduced our productivity and increased the size of our IT department but we were saved from all these hacking attempts, honest". On the other hand if they buy some cheap "network grade" anti-virus software they can claim to be both diligent and securing their systems and to be helpless victims of elite cyber criminal masterminds when things do go wrong.

        • by ceoyoyo ( 59147 )

          You could make the same argument for hiring security guards, buying an alarm system, or putting decent locks on the doors.

      • The availability of tools that can automagically find these vulnerabilities and exploit them is what I blame.

        I have no such sympathy. Those tools with find holes are not just as easy for security staff to obtain, but those tools were made FOR the security staff. If someone works in IT Security and don't know how to run Metasploit on their own infrastructure, then they are utterly useless to the point of being the real point of blame. And if companies can't hire those individuals, they are as to blame as banks that don't take security measures to protect tellers from armed bank robbers.

        The same trend to "open en

      • Nah, they'll just lobby to get laws passed to ban hacking tools ...

    • by fermion ( 181285 )
      It is not the recession. 15 years ago, when every skilled person had a job, the script kiddies were hard at work

      What I think it is is that the tools have advanced so much, that one does not even have to rise to the level of script kiddie to call oneself a 'hacker'. Look at the iphone, all one needs to know how to do is run autoinstall and maybe hexedit.

      There has always been ample opportunities for real hacker. Just think of the first time that some hacked a stone into a knife. That must have been re

    • Actually the singularity awoke a few months back and it's cutting its teeth on back networks.

  • by Beautyon ( 214567 ) on Wednesday June 15, 2011 @09:14AM (#36449964) Homepage

    Umm no, its the Lulz age of hacking.

    • by Samantha Wright ( 1324923 ) on Wednesday June 15, 2011 @09:31AM (#36450290) Homepage Journal
      I'd give you a mod point, but instead I'm going to just try and highlight your point more clearly, since you seem to be accruing mod points anyway.

      LulzSecurity is doing a bunch of high-profile, childish, silly things. That's all the weather there is to report. There's nothing else going on. There's no golden age, no silver age, no information age. Just one group being trollish, and otherwise, the attacks we're hearing about aren't that out of the norm. The exponential curve is right on schedule, as usual.

      Hopefully, however, the LulzSec attitude—that you don't have to be important in order to be an interesting target for having your pants pulled down in front of the rest of the class—will drive organizations toward better security policies. TFA is obviously not interested in this aspect of things (and ends in a pessimistic note about people asking for help with test configurations) which is... not that surprising from PCPro.
      • There are a lot of other hacking groups out there doing it for profit, first for stealing, then spamming, then encryption ransom for a bit, now it's botnets for hire. The lulz days of hacking were much earlier in the 80s and 90s when viruses and worms were made for fun and breaking into accounts was a kids' sport. Lulzsec is a throwback.
      • Comment removed based on user account deletion
  • by betterunixthanunix ( 980855 ) on Wednesday June 15, 2011 @09:17AM (#36450008)
    I guess they have forgotten about the 80s?
  • by gman003 ( 1693318 ) on Wednesday June 15, 2011 @09:18AM (#36450052)
    Haven't RTFA'd yet, but I would suspect that hacks aren't any more common now - just more visible and more reported. It's like when the news media has a "summer of the shark" - after a few notable incidents, the media realizes that these stories bring in viewers, and then any further incidents, no matter how insignificant, are publicized when they otherwise wouldn't be. Just look at the recent Bethesda hack - that kind of thing goes on all the time, and I was surprised anyone bothered paying attention to it. Sure, some of them were big - the first Sony attack was significant, and the US Senate hack is noteworthy - but a lot of these recent hacks have been relatively minor.

    There's also the possibility that all this attention is actually causing more hacks - after the initial Sony hack, hackers realized that Sony was a big, vulnerable target. By extension, they realized that big companies actually aren't bulletproof - in fact, many of them have terrible security. I'm sure such knowledge was widespread in the black-hat world, but now the secret is public knowledge.
    • This. The idea that there is some outbreak of intrusions is all because of the Anonymous "hacktivism" which opened the floodgates for attacks on Sony's poorly secured systems and the spinoff of LulzSec's random attacks which were both intentionally publicized.

    • Frankly, I would think that there is less cracking activity these days than there was 20 years ago. The phone system is a lot more secure, which certainly killed off a lot of hacking. People have access to very powerful computers in their own homes, so there is less incentive to try to gain access to corporate or research computing systems. We have the Internet, which lets us communicate over unspecified distances at a fixed rate (say what you will about the behavior of ISPs, we are still better off than
    • by ceoyoyo ( 59147 )

      Close. I think it's because several groups are, at the moment, hacking FOR publicity.

      Anonymous, LulzSec and some of the others are hacking specifically to generate publicity for themselves, their cause, or against a particular organization (like Sony). The regular background of criminal hacking doesn't get reported much because both sides don't want publicity.

  • by FyRE666 ( 263011 ) * on Wednesday June 15, 2011 @09:22AM (#36450118) Homepage

    The problem most websites have is one of users choosing insecure login details, either through ignorance, laziness or disinterest. Although this is not a huge problem if it's front-end users, the same problem exists with admins, and those with elevated privileges. The most secure fortress is little protection if the passcode to open the front door is "1234".

    I don't think this problem can be fixed by "forcing" users to choose long passwords, or to have a different password on every site they use. As we've seen, they simply won't do it, and why should they? It's different if you have a technical, or security-related background, and understand the risks - the average Joe isn't interested in spending the effort to maintain and organise a secure list of passwords in an offline location.

    i think the only way this can be fixed is by using SecureID style authentication - either with stand-alone units, mobile apps, or units built into laptops or keyboards (separate from the other components). Obviously it would need to be physically separated from the machine being used to login (or at least sandboxed, in the case of a mobile app). We just need a good cross-platform authentication API that's easy for developers to implement, and cheap hardware/free software for the client.

    • The way to fix the problem of bad passwords is to do away with passwords entirely, and start using cryptographic authentication methods. It may require us to issue a special dongle to users, but at the end of the day people should be able to use their public key to log in to online systems. Naturally, there would be some issues -- users would need to have a way to revoke keys, increase their key sizes to compensate for new algorithms and faster computers, etc., but it would still be an improvement over wh
      • Aaah, yes. TPM and Palladium to the rescue!

    • If you are authenticating a user, the user will be involved. That's the reality of it.

      Any of the pure hardware solutions you describe suffer from the fatal flaw that they aren't authenticating that the user is who they say they are, they're authenticating that the user has access to a particular piece of hardware. If, for instance, it's built into Alice's cell phone, and Mallory steals Alice's cell phone, then as far as Bob knows he's talking to Alice rather than Mallory, and if Alice tries to talk to Bob t

      • by Anrego ( 830717 ) *

        I've never seen a pure hardware solution. Enter multi-factor authentication, which while not a silver bullet, is a lot better than a password.

        Mallory can guess Alice's password. He can also steal her cell phone. Doing both however is considerably more difficuly. He needs the phone to even start guessing passwords, and once the phone is stolen there is only a short window for the guessing.

        You can even throw in a biometric method, though personally I don't see much future for them. Most can be copied, and you

    • I don't think this problem can be fixed by "forcing" users to choose long passwords

      It can be fixed by forcing users to use long passwords: "Your new password is 'lately watching Seinfeld, I drink Pepsi'. Write it down, repeat it a hundred times, whatever. You can request a change, but you can't choose a password because we don't trust you." Bonus is that you can maybe get some ad money from Seinfeld or Pepsi for making people memorize the password.

    • by ceoyoyo ( 59147 )

      "using SecureID style authentication"

      Um, you know SecureID was hacked, right? It's easy to blame users, but the really big problem seems to be incompetence on the server side. Not hashing passwords, doing stupid things that allow different account numbers in the URL to access other accounts, etc.

      If you're an idiot and use an easy password your account might get hacked. If you're an admin and use an easy password it COULD be bad. But the big scores, taking down millions of accounts, have almost all been

    • We already have some of that. It's far from perfect, and it authenticates the browser session not the user.

      The key ingredient is called "OpenID" - There's been a lot of things said about it, some being nonsense, and some being true. However, it has some very good points:

      1. It's secure. I don't know of any successful attacks against openid directly.

      2. It allows a web page to check if the user really is that user without actually asking the user.

      3. Since it's SSO and only one place to authenticate the user, i

  • What has led to the sudden hacking boom? Ease of access to tools has also led to an explosion in the numbers of people actively looking for companies with weakened defenses, according to security experts. Meanwhile, the recession has left thousands of highly skilled IT staff out of work and desperate for money, while simultaneously crimping companies' IT security budgets. The pressure to get systems up and running as quickly as possible also means that networks aren't locked down as tightly as they should be, which can leave back doors open for hackers.

    But by that logic, we could have seen similar things when the dotcom bubble burst, right?

    My view of this comes from a completely different place. I see an exceptionally large amount of users' rights being debated and discussed and we're seeing communities popping up devoted to this. Frankly, it seems like the users are just getting shit on. And, like any struggle for rights, there are negative things that happen. There are always going to be people that take it to an extreme level and there are going to be innocent bystanders turned into victims. While I still see this as a bad thing, some of these actions remind me of a sort of John Brown at Harpers Ferry incident. Similarly, there's the mindless looting during rights demonstrations and protest crowds at the G8 summit but it's not the overall message that's doing that. The opportunists come out of the woodwork.

    Similarly the public and citizens of the internet are demanding more rights. While this fight is going on with Facebook, Sony, world governments, etc, the communities are going to pop up that take it to an extreme offensive. They will do bad things and I'm not going to be one condoning it but I see it as part of the growing pains of companies respecting peoples' rights.

    It's a sort of vigilante justice that I don't agree with nor condone but I can somewhat sympathize when I feel like I've been unjustly wronged by some of the targets and have had no sense of justice in the matter. People who feel strongly about this and have that negative spark in them would have a motive to become a part of these new communities. And in my opinion that's a more plausible explanation as to why you're seeing an explosion -- not the recession or turnover in network employees.

    • by dintech ( 998802 )

      It's a sort of vigilante justice that I don't agree with nor condone but I can somewhat sympathize when I feel like I've been unjustly wronged by some of the targets and have had no sense of justice in the matter.

      that's a more plausible explanation as to why you're seeing an explosion

      Can anyone name the other fans of explosions that think this way?

      • Can anyone name the other fans of explosions that think this way?

        The half a million people sitting in US jails because they dared to temporarily alter their own state of conciseness with something other than alcohol.

      • the freedom fighter ;)

    • You mention Harper's Ferry. Are you an American citizen? If yes, will you go back to Britain, change your citizenship, and swear allegiance to the crown? Because the American Revolution was illegal. The rebels committed thousands of illegal acts. If you won't disown your American citizenship, then I guess you condone acts such as the Boston Tea Party, the meeting of the First Continental Congress to plead for royal intervention, which the king declared treasonous after it had happened, and finally the

  • by rossdee ( 243626 ) on Wednesday June 15, 2011 @09:29AM (#36450226)

    "Is This the Golden Age of Hacking?"

    This what?

    This century?
    This decade?

    How long is an 'Age'

    • by artor3 ( 1344997 )

      Since I'm pretty sure they're talking about the PSN hack, it looks like an age is about two months.

      These things just don't take the time they used to.

  • Weak Security (Score:4, Insightful)

    by wintercolby ( 1117427 ) <winter.colby@g[ ]l.com ['mai' in gap]> on Wednesday June 15, 2011 @09:36AM (#36450342)
    What do you expect to happen when you hire Systems Administrators for 6 month contracts to build your systems, and then let the contract expire after the servers are built? Servers don't usually patch themselves, nor do they remain compliant with your security standards once you give developers and DBA's root access.
    • I wish I could mod you up significantly.
    • What do you expect to happen when you hire Systems Administrators for 6 month contracts to build your systems, and then let the contract expire after the servers are built? Servers don't usually patch themselves, nor do they remain compliant with your security standards once you give developers and DBA's root access.

      I was going to say something about cost. As the hacking becomes more widespread, companies will notice it is a problem and start to DO something about it. Systems are more vulnerable now becaus

      • by McNihil ( 612243 )

        Not really. In a capitalistic environment only the ones that have enough money to have proper security will flourish. So its good with these security breaches because it will cull the cruft. I wouldn't be surprised if lulzsec already has complete ownage of everything relevant on the net. And with that I hope they'll ramp up the disclosure so the rest of us know how bad it really is. My estimate so far is that it is worse than we can imagine.

    • by xero314 ( 722674 )

      ...nor do they remain compliant with your security standards once you give developers...root access.

      Restricting access to those that write the software that runs your mission critical systems, is not going to increase security. I will tell you from experience that it will decrease your security. When a developer does not have the access they need to complete their job, and have to spend unnecessary time contacting system administrators to handle small changes, you will end up with developers creating workarounds. These workarounds are usually written out of desperation and frustration, which is not a

      • I've worked with one too many developer that thought everything under the / filesystem needed to be mode 777. Devs should have root on Dev and maybe test systems. They should only be given temporary root access on production systems after they've proven their changes in dev and test environments.
  • by DaMattster ( 977781 ) on Wednesday June 15, 2011 @09:44AM (#36450442)
    I think it is more bugs in software than the network infrastructure! Everyone is so quick to blame the infrastructure engineers when I have seen more poorly written applications with memory leaks and ones that run with root privileges than poor network designs.
  • It takes a special kind of person, who, when presented with lots of free time and the tools to do amazing things, says: "I think I'm going to horribly violate the entire online world today."

    Perhaps I should be thankful that I'm turning my talents to more productive ends. But I doubt I'll be hired before these assclowns find work.

    If you want to blame someone, we could blame Obama, whose administration has practically continued the war on hackers and then wondered "why are we so short on competent program
  • by mlts ( 1038732 ) * on Wednesday June 15, 2011 @09:51AM (#36450552)

    There are a lot of reasons for this to be an age of intrusions galore:

    1: Corporate philosophy. I mention this often, but it is very true -- security is a cost center, so in a lot of firms, it gets hind teat in the budget.

    2: Ease of getting away with intrusions. Got a botnet? Just create some PPTP/L2TP connections and you can manually try breaking into machines and one can either not be traced, or have the blame shifted to another party. Especially if the intrusions come from a country that is disliked.

    3: Lack of international cooperation. All it takes is one proxy to be in a country that doesn't like another, and there is no way an intrusion can be traced, much less prosecuted.

    4: Lack of meaningful security tools. A lot of the tools used in businesses are all sizzle, and not much steak. Take AV programs. They are great at catching last week's stuff. However, most attacks are polymorphic 0-days that just zing past AV program detections.

    5: Ease of infecting via ad rotation services. Ad rotation services can sling malware without ever getting caught because people will blame the website, not the servers slapping the ads on it. The same ad servers that can target by demographic can target a company and just that company for malware.

    6: Using the Internet for all traffic. In the past, there were backbones that were not accessible to anyone that transactions ran across. Now the same wire that gets pr0n to Joe Sixpack also carries bank data and transactions.

    7: Failure to use basic security protocols in password storage. Hell, crypt(3) is better than most ways passwords are stored. The best thing is to look at known secure utilities like TrueCrypt and follow their example.

    8: SQL injections and parametrized queries. Simple stuff, but because a lot of dev projects just want a code base regardless of bugs, this stuff gets ignored until the breaches start.

    9: No real network security. A firewall doesn't cut it anymore. Instead, companies have to use VLANs and keep departments separated. This way, a compromise in receiving doesn't mean finance or HR is pwned too.

    10: Legacy protocols. FTP (other than anonymous FTP), telnet (except for use for debugging), and other insecure protocols need to either be limited via packet filtering mechanisms and router ports, or eliminated altogether. Instead, if two machines need to share data, have them use a LUN presented to them and a filesystem that allows for this.

    11: Lack of internal policies and procedures. Security isn't just clicking "secure mode" on an appliance and walking off. There needs to be a process if someone calls in from an internal line demanding info, or someone physically is picking a lock.

    12: Separation of duties and data. This is expensive relatively, so it tends not to be done, and the same server with the source code build may have the HR payroll data. This makes for a field day for an attacker.

    13: Chain of custody of data. Either the machine it sits on is properly secured, or the data is stored encrypted with proper key management. For example, some enterprise level backup programs have data encrypted at the client end, and only that end has the key. This way, if the enterprise backup server gets compromised, the data can be destroyed, not accessed or modified.

    14: Morale. Morale is so easily forgotten, especially with companies that do the low bidding among the last 3-5 candidates. High morale means people are proactive on security. Low morale means people will ignore breaches assuming they won't be thrown under the bus.

    15: Cloud computing. There is no benefit for a cloud provider to give anything but token gestures for security financially, so one is begging to be compromised unless there is solid encryption with good key management done before the data leaves the client. Even then, blackhats can have free and unfettered access to the encrypted data and can detect patterns over time. SLAs are meaningless; a cloud provider can change hands or go bankrupt and all the privately stored data can be made into a torrent or sold to anyone with cash.

    Because most businesses pay lip service at best to security, it is no wonder why blackhats are having a field day.

  • No it's not (Score:4, Insightful)

    by blahbooboo ( 839709 ) on Wednesday June 15, 2011 @09:52AM (#36450566)
    The golden age of hacking was the late 1970s and 1980s. Things they pulled off back then were far more impressive and interesting to watch.
    • Interesting, maybe, but I don't know that I've seen anything more impressive than heap spraying [blackhat.com]. That's a hard technique to pull off.
      • Just thinking back then there were modems to dialin, there wasn't this huge network of computers all connected. Pretty impressive (and ballsy) to figure out ways to dialin and hack into a system --- for example, finding the telephone number to even call
  • I did agree, more people are hacking now than ever before, Magazines like Make and Makerfaire as well as the rise of the Hackerspace has significantly made inroads on bringing hacking back to the masses...

    But the article is written by a illiterate journalist that seems to not realize that the term "Hacker" has been retaken and what he is talking about is simply a cyber-criminal or cracker.

    • by elrous0 ( 869638 ) *

      Denial isn't just a river in Egypt. "Hacker" was decided back in the 80's. You can keep pretending if you like, though. Myself, I still like to delude myself that there's a chance "Firefly" may come back.

  • Are they talking about hacking or cracking?

    For hacking, this could be a silver age. The days of HomeBrew and phone phreaks were the golden age.

    For cracking, as others have noted, it's the lulz age.

  • I'm not longer writing code myself, but I'm constantly amazed at how utterly horrible the code being written by my successors appears and works. Where is the craftsmanship and pride in writing clean, fast code today?
  • Now, I do not condone Lulz Security or Anonymous, but the fact of the matter is they're not just 'script-kiddies'. Every tech-savvy webpage I've gone the ones that are user-submitted have belittled the efforts of both hacking groups as if they could do the same things so easily. I'm not sure why there is such a pretentious atmosphere of 'pro' coders here... but to be real honest with everyone, they have spent a lot of time researching web security vulnerabilities, and the biggest joke of all is that a good
  • Can we make another movie with Angelina and just throw in Brad Pitt so we can get the 2x the eye candy in a techy movie? Keep Megan Fox out she's way too dumb for a hacker-esque movie...
  • Nowadays its easier than 10 year ago to explain why you dont want an openly writable share on a network drive. Nowadays its easier to explain to people why they should choose their passwords well.

    While i think anonymous-es script kiddies are stupid a-holes who should go to a therapy, i have to say all these things have made the job of the security admin much easier, since you will get more attention than 10 years ago when "but the my network is still working" was a usual response to a "hey, i think this is

  • by AxemRed ( 755470 )
    This is the golden age of hacking-for-publicity. I have seen a few people comment that the 80's were the golden age of hacking. I wasn't old enough then to agree or disagree, but I do think that hacking was just as big in the early to mid 90's, when I first came on the scene, as it is now. The only difference is that hackers get a lot more publicity now, and that has cause some to seek publicity.
  • Earlier today Obama talked about a lack of engineers in the US. The same goes for IT professionals. The problem is that those professions are often underappreciated and underpaid, so smart ambitious people go into business and law not tech.

    I work for a Fortune 500 company whose IT department just sent down a command to uninstall Firefox 4 and replace it with 3.6. So they went out of their way to decrease the security of someone's workstation. Hacking is so prevalent because the best and brightest go int

  • That would have been when all services were exposed to the Internet, plaintext protocols were the norm, exploits were of the single-packet variety, etc.

  • * Subsistence ("There are some lovely berries here")
    * Gift ("This deer is too big to eat before it spoils, so let's share it, and others will share next time")
    * Exchange ("You give me some meat, and I will give you fruit").
    * Planned ("You over there will hunt the meat and you over there will gather the fruit and we will divide it up")
    * Theft ("Give me your fruit and meat because I'm stronger or cleverer than you")

    The balance shifts with technological and cultural changes.

    Theft is, sadly, a form of self-empl

  • 1) Never before has there been so many things one could hack and in so many different ways. There is more online presence today than ever, thus more opportunity.
    2) Many of those online, do not take security seriously, just look are large recent examples. This culture will change eventually, however for now it's the wild west.

    Take those two, add the fact that there are more people online with more computer knowlege than ever before (perhaps not as a ratio of the whole, but in shear numbers yes), and all one

  • The predecessor to the golden age of hacking revolved mostly around Bell and phreaking. Some of the phreaks were blind. Abbie Hoffman was involved with a magazine called YIPL (Youth International Party Line) which later became TAP. TAP had meetings in New York City. Phreaks from around the country used to call each other, and have conference calls and the like. In the Bay Area were people like Captain Crunch, and even Steve Jobs and Steve Wozniak built blue boxes (they even credit doing this with helpi

Fast, cheap, good: pick two.

Working...