If You Hack NBC, You Don't Get to Meet Tom Brokaw 343
subgeek writes "Security Focus Online is carrying this story about the spot that Adrian Lamo almost had on the NBC Nightly News with Tom Brokaw. NBC changed their mind after they realized the possible legal implications of filming someone hack corporate systems. NBC also seemed a bit touchy that Lamo had gotten into their system so handily. According to the article, it took him about five minutes and one guessed password to get inside NBC's intranet from a computer at a Kinko's. Lamo's comment: "It was a very full service system.""
In the immortal words... (Score:5, Funny)
Proof (Score:5, Insightful)
Yeah, it is funny. (Score:5, Insightful)
Re:Yeah, it is funny. (Score:2, Funny)
What happened America? Why are you SO FULL OF SHIT?
Publishing Flaws vs. Demonstrating Flaws (Score:2)
It's ok to publicize flaws in computer networks, you just can't demonstate the flaw if doing so is breaking the law. In this case, it seems like he got permission, so I doubt they could consider this an unauthorized intrusion.
As soon as you mentioned Airport Security I remember the guy who got through with something like a box cutter and announced it. They immediately arrest the guy.
This concludes our lesson on how not to blatently compare apples to oranges.
There's probably a double standard in there somewhere, but you didn't find it.
CBS Filmed Their Illegal Activities in 1989 (Score:2)
On the March 16, 1989 edition of CBS's 48 Hours, reporter David Martin told viewers that he converted a semi-automatic rifle to full-automatic [reason.com] without a license, which is a felony. CBS filmed the conversion work, and broadcast part of it on the program. Unlike David Koresh, who was suspected of doing the same thing, CBS only received a letter of reprimand from the BATF.
Your proving my point? (Score:2)
David Koresh Performed the Conversion - Demonstrated - Got into trouble
Now if they reporter had PERFORMED the conversion, I'd say you're on to something.
Are there double standards? Probably.
Did you demonstrate one? No.
Did you make the same mistake as the original poster? Yes.
Will you learn to distinguish between the two? (Insert Your Answer Here)
Legal Implications? (Score:5, Insightful)
Re:Legal Implications? (Score:2, Insightful)
Re:Legal Implications? (Score:3, Funny)
Sued?
Hell, he'll be lucky if isn't branded a computer terrorist and thrown in jail for life!
This kind of thing happens all the time (Score:4, Interesting)
Reporter and Vidiographer are assigned some fluff or FUD piece, but come back with a story that lands a little too close for the news director's comfort... the piece gets pulled.
Lamo's lucky... with the way lawsuits and "terrorist hacker" charges are flung about nowadays, he should be thankful he's not roomin with some lifer named Bubba right about now.
Forget that.... (Score:2)
In the ENG news business, I have never been called a "Videographer." In the news business all across America a News Photographer is called a "Photog."
I would know this because I am currently a "photog." This person has more than likely never worked in a television newsroom.
Re:Forget that.... (Score:2)
J.Random person: "Oh and what do you do for a living?"
Me: "I'm a News Photog at Channel 22"
same J.Random Person: "Oh, I didn't know they took photographs too"
Me: "No, I use a video camera... a Sony Betacam SP camcorder with a fujinon lens"
other J.Random person who thinks they know about everything: "Oh the Beta format died years ago... too bad it was much better than VHS"
Me:
THAT is why I said videographer instead of Photog... believe me or not, I don't care past making this reply.
Unfortunate Last Name (Score:5, Funny)
Reminds me of the great SNL skit with Nicholas Cage:
"The name is Dumass, Dumass!"
Re:Unfortunate Last Name (Score:4, Informative)
The "Dumass" you're referring to is either the "Thick-Headed" commercial for A&W Root Beer, or from The Shawshank Redemption tring to pronounce Alexandre Dumas.
Not that I'm anal or anything.
Re:Unfortunate Last Name (Score:2, Informative)
"The name is Dumass, Dumass!"
That's a rootbeer commercial.
Nicholas Cage's name was "Asswipe," and the line was "Excuse me, that's pronounced Os-wee-pay!"
Sorry I remembered that skit recently when trying to think up a name for my unborn child.
Re:Unfortunate Last Name (Score:2)
So... what was the password? (Score:5, Interesting)
My only hunch is that the password was something like 'abc123'. It cracks me up how many people have passwords such as that and are supposedly worried about security.
It is also funny to hear what some of my friends think are secure passwords. Among them being obscure Anime characters.
Re:So... what was the password? (Score:2)
Re:So... what was the password? (Score:2)
Re:So... what was the password? (Score:5, Funny)
No, that only happens in the movies. Here are some other notable characteristics of fictional computers:
- They always use fonts that are at least an inch high
- Windows does not exist, nor does Mac, or anything else we've ever seen
- Computer displays are extremely animated. (They're also very noisy...) Fortunately, they have plenty of hard drive space (even in the early nineties) to play back pre-rendered animations.
- Despite the benefits of using a mouse, using a movie computer requires bursts of constant typing. The space bar and backspace keys are never used.
- Movie computers are not capable of multitasking. All you get is the exact interface you need to advance the plot.
The password was probably: 'password'.
Re:So... what was the password? (Score:2)
Re:So... what was the password? (Score:2)
Re:So... what was the password? (Score:2)
uuhhhh I mean when I saw someone else do it.... I swear |:).
Re:So... what was the password? (Score:2)
Th4tz why 7hey d0nt l1ke M1cro$oft. Squiggly lines appear under everything they type!
Re:So... what was the password? (Score:2, Funny)
Re:So... what was the password? (Score:5, Funny)
Obligitory Space Balls Reference (Score:4, Funny)
What's the world coming to when life immitates parodies immitating life?
Re:So... what was the password? (Score:2)
When a security audit came around I was one of the *few* people who didn't get a phone call or an e-mail telling me to change my password. I use the same password on my firewall at home too and so far it hasn't been guessed.
Re:So... what was the password? (Score:2)
Re:So... what was the password? (Score:2)
Re:So... what was the password? (Score:2)
Re:So... what was the password? (Score:2)
Most passwords are crap, and there's nothing you can do about it. Passwords are doomed to be crap. You have two choices - be loose, and hope people use secure passwords (result: a few people will, most people won't), or be strict and force secure passwords (result: average users write down the new password, people who use secure ones normally get pissed off and start using crappy pw's).
I have about a half dozen secure passwords that I rotate around -- none of them have ever been cracked, and you're not going to guess them from social engineering, profiling, or dictionary attacks. I know that some of them are inherently "less secure" because they're used more commonly, and the more places they're used the more likely they'll get snarfed. When you make me exceed my normal password capacity then I'm going to use stupid things like "Abcdef1".
About the only solution is to use something like SecureID - which annoys me since I know my pw's are solid, but at least it takes care of the 90% of people who can't remember a password unless it's their SO's name, their pet's name, or a birthdate of one of the aforementioned.
Oh, and obscure anime characters are fine, as long as you use some non-alphabetic characters at the front, end, or middle. Of course, we're preaching to the choir here. The problem is the average user.
Re:So... what was the password? (Score:5, Funny)
I got a chance to see the video. It was just five asterisks.
Re:So... what was the password? (Score:3, Funny)
***** is the password
Re:So... what was the password? (Score:2)
Re:So... what was the password? (Score:2)
Re:easy (Score:2)
Although, these are all smallish companies with no IT department. I would assume that NBC has its own IT department, right?
Maybe they pulled his interview (Score:4, Funny)
because he found out the great secret of TV anchors...
Re:Maybe they pulled his interview (Score:2, Funny)
Re:Maybe they pulled his interview (Score:2)
Slashdot, the Ultimate DoS (Score:3, Funny)
anyone have the text?
This remind me of similar case in Finland (Score:5, Interesting)
His identity was kept secret in the TV show, but a few days after, the TV station was forced by police to reveal the identity of the guy to get him convicted. The incident got a lot of media coverage, because before that many or most had thought press has the right to protect their "sources" and do not need to reveal details about individuals.
Anyway, maybe in this Lamo case, it is more about "agitating someone to do a crime", the court might see for example that part of the motivation for breaking in some system could be the fact that he would get press coverage and fame because of it - and NBC would be to blame for agitating.... or something totally different :)
Perhaps.. but seriously. (Score:2)
"Sorry, I'm a reporter, I don't have to testify" just doesn't hold up.
legally, if they witness this guy comitting a felony, they are obligated to report him to the police, or be tried as accessories.
Re:Perhaps.. but seriously. (Score:2)
Re:Perhaps.. but seriously. (Score:2)
Re:Perhaps.. but seriously. (Score:2)
That has to be the stupidest thing they've ever done. I thought they wanted to stop future war crimes by prosecuting the murderers. Now we won't even try to stop war crimes cuz there will be no paid reporters telling us what's up.
Re:Perhaps.. but seriously. (Score:2)
Prosecuter: And what was the defendant doing at the time?
Reportner: I don't remember...
Prosectuer: Well, where was the defendant?
Reporter: I'm afraid I just don't remember.
Prosectuer: Well, do you remember anything?
Reporter: Nothing that I can recall....
They can't FORCE you to remember.
Kintanon
Re:Perhaps.. but seriously. (Score:2)
Re:Perhaps.. but seriously. (Score:2)
"That depends on what your definition of is is"
Re:This remind me of similar case in Finland (Score:2)
Re:This remind me of similar case in Finland (Score:2)
that was not supposed to be add an add the missing word, thing, but the missing word is case :)
Re:This remind me of similar case in Finland (Score:2)
> requires more clarification than the post it means to clarify
I know - and it's terrible. I first thought to clarify it, but then I thought that when a clarification of a clarification needs clarification, the methods of clarifying need re-clarification and that requires some real clarification.
Re:This remind me of similar case in Finland (Score:2)
There was a piece on NPR this morning where a reporter from the BBC described testifying at Milosevic's war crimes trial. She dismissed the argument that testifying might bring journalists into danger, "we bear witness".
In the case of journalists interviewing hackers the journalist is often being used for propaganda purposes by the hackers allowing them to propagate myths like they don't try to do harm (most do). It is astonishing (OK no it isn't it is infuriating) how often the hacker's boasts are reported as fact without question. Unfortunately it appears that only the trade press bothers to call up someone like Bruce or myself for a fact check.
What is worse is that by legitimizing hacking these reports may well come back and cause havoc. The RIAA demand to be allowed to carry out vigillante hacking to stop piracy would if implemented cause serious damage to the network. Hacking attacks frequently cause damage far beyond the immediate target.
Lamo is a Script Kiddie (Score:2, Interesting)
Backed out too late? (Score:4, Insightful)
Not in my oppinion (IANAL) (Score:3, Insightful)
Is it different, just because it happens in "cyberspace"?
Re:Not in my oppinion (IANAL) (Score:2)
Yes, of course it's different. That's why you can get it patented, right?
(That was sarcasm, for those of you who didn't pick up on it)
Re:Not in my oppinion (IANAL) (Score:2)
What I'm scoffing at, is the premise (at least in this forum at the time I posted my comment), that he did indeed break the law, when he broke into NBC - that was what I was commenting on. It was also (in my oppinion) the prevailing "message" carried across from the NBC lawyers in the article.
Whatever NBC... (Score:2)
Have these people never heard of TCP Wrappers and IPFW? I suspect not. All confidential information should be BOTH firewalled and TCP Wrappered (DENY) by default to all domains, then added on a IP by IP (or local domain) basis. I get the feeling of admins took the time to do this very basic thing, 90% of all cracks would not occur.
Re:Whatever NBC... (Score:2)
That's because no-one uses them as servers. *duck*
Re:Whatever NBC... (Score:2)
And yes
Maybe he's just a Geek (Score:4, Funny)
Lamo: "Uh I haXord their shit in about 5 minutes it was Leet! they left a service password called PASSWORD on this gateway node and once I was there I forged an IP address or two...."
Brokaw: "ZZZZZZZZZZZZZZZZZzzzzzzzzzzzzzzzzzzzz........"
Re:Maybe he's just a Geek (Score:2)
Another Simpsons quote,
They're looking for tv ugly... not ugly ugly.
As an ex-hacker I tend to only trust Mac OS server (Score:2, Troll)
The MacOS running WebStar and other webservers as has never been exploited or defaced, and are are unbreakable based on historical evidence.
In fact in the entire securityfocus (bugtraq) database history there has never been a Mac exploited over the internet remotely.
That is why the US Army gave up on MS IIS and got a Mac for a web server.
I am not talking about FreeBSD derived MacOS X (which already had a more than a couple of exploits) I am talking about current Mac OS 9.x and earlier.
Why is is hack proof? These reasons
1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidians birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not.
4>: Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.
5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with data files. For example file copy utilities preserve launchable file-types, but JPEG MPEG HTML TXT etc oriented tools are physically incapable by designof creating an executable file. The file type is not set to executable for hte hackers needs. In fact its even more secure than that. A mac cannot run a program unless it has TWO files. The second file is an invisible file associated with the data fork file and is called a resource fork. EVERY mac program has a resource fork file containing launch information. It needs to be present. Typically JPEG, HTML, MPEG, TXT, ZIP, C, etc are merely data files and lack resource fork files, and even if the y had them they would lack launch information. but the best part is that mac web programs and server tools do not create files with resource forks usually. TOTAL security.
4> Stack return address positioned in safer location than some intel Osses. Buffer exploits take advantage of loser programmers lack of string length checking and clobber the return address to run thier exploit code instead. The Mac places return address infornt of where the buffer would overrun. Much safer.
7> There are less macs, though there are huge cash prizes for cracking into a MacOS based WebStar server (typically over $10,000 US). Less macs means less hacker interest, but there are millions of macs sold, and some of the most skilled programmers are well versed in systems level mac engineering and know of the cash prizes, so its a moot point, but perhaps macs are never kracked because there appear to be less of them. (many macs pretend they are unix and give false headers to requests to keep up the illusion, ftp http, finger, etc). But some huge high performance sites use load-balancing webstar. Regardless, no mac has ever been rooted.
8> MacOS source not available traditionally, except within apple, similar to Microsoft source only available to its summer interns and engineers, source is rare to MacOS. This makes it hard to look for programming mistakes, but I feel the restricted source access is not the main reasons the MacOS has never been remotely broken into and exploited.
Sure a fool can install freeware and shareware server tools and unsecure 3rd party addon tools for e-commerce, but a mac (MacOS 9) running WebStar is the most secure web server possible and webstar offers many services as is.
One 3rd party tool created the only known exploit backdoor in mac history and that was back in 1995 and is not, nor was, a widely used tool. I do not even know its name. From 1995 to 2002 not one macintosh web server on the internet has been broken into or defaced EVER. Other than that event ages ago in 1995, no mac web server has ever been rooted,defaced,owned,scanned,exploited, etc.
I think its quite amusing that there are over 200 or 300 known vulnerabilities in RedHat over the years and not one MacOS 9.x or older remote exploit hack. There are even vulnerabilities a month ago in OpenBSD.
Not one exploit. And that includes Webstar and other web servers on the Mac.
A rare set of documentation tutorials and exercises on rewriting all buffer LINUX exploits from INTEL to PowerPC was published less than a year ago. The priceless hacker tutorials were by a linux fanatic : Christopher A Shepherd, 3036 Foxhill Circle #102, Apopka, FL 32703 and he wrote the tutorials in a context against BSD-Mach Mac OSX.
but all of his unix methods will find little to exploit on a traditional MacOS server.
BTW this is NOT an add for webstar.. the recent versions of webstar sold for over the last year are insecure and cannot run on Mac OS 9.x or 8.x, and only run on the repeatedly exploited MacOS X.
--- too bad the linux community is so stubborn that they refuse to understand that the Mac has always been the most secure OS for servers.
BugTraq concurs! As does the WWW consortium.
As an ex-genius, I can tell you are a troll (Score:2)
Re:As an ex-genius, I can tell you (all facts) (Score:4, Informative)
The entire premise of "secure Mac OS" web servers is based on two factors:
It would thus be accurate to say "The Mac OS web server may be a good choice if you are clueless, do not know how to administer secure servers, and want to run an OS that is now officially obsolete."
Re:As an ex-genius, I can tell you (all facts) (Score:2)
What functionality do you want.
Hmm, let's see... How about, say, multithreading? The ability to play DVDs without skipping if you so much as move the mouse?
Look, the old Mac OS had a cutting edge GUI when it came out, in 19-frickin-80-something. It had various usability innovations. But on the technical capabilities of the OS, it hasn't cut it for a long, long time.
Re:As an ex-hacker I tend to only trust Mac OS ser (Score:2, Informative)
This is a verbatim repost of an old troll--which, I might add, was shot down point for point for point.
"No root user" is NOT the same thing as "always running as root".
Re:As an ex-hacker I tend to only trust Mac OS ser (Score:3, Funny)
Re:As an ex-hacker I tend to only trust Mac OS ser (Score:2, Informative)
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidians birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.
Perhaps this is a philosophical nitpick on my part, but by extension shouldn't this mean that the vast majority of Windows programs should be incredibly secure? Prior to NT, all Windows developers were guaranteed that their code would be running as 'root'. That's a lot of developer-time spent in a world where everything is root. And yet, somehow, Windows still seems to have its share of security problems.
I'm not saying that Macs are as insecure as Windows boxes, just that I'm having trouble following the idea that "always being root" somehow makes programmers more security-conscious.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not.
A buffer overflow is a buffer overflow is a buffer overflow.
If you don't check that your destination buffer is big enough to hold the contents of your source buffer, then your code becomes a bug in search of an exploit. Doesn't matter if the length is stored at the beginning, doesn't matter if you count until you find a NUL. If you copy from A to B and sizeof(B) < sizeof(A), you're just looking for trouble.
Yes, ladies and gents, sometimes size does matter...
Re:As an ex-hacker I tend to only trust Mac OS ser (Score:2)
True...how many Windows 95-based web servers are there?
Re:As an ex-hacker I tend to only trust Mac OS ser (Score:2)
IIRC, the (admittedly cheesy) Microsoft Personal Web Server was shipped with Win95. (Don't have any 95 boxes anymore, so won't swear to it. Win 98 definitely comes with PWS.)
Apache. (They're very open-minded. :-)
Quick check on TuCows shows 9 more web servers supporting 9x.
CNet's download.com has a whopping 192 entries in their Windows/Web Authoring/Servers area if you filter it down to Win95. But take CNet's count with a grain of salt...they don't seem to differentiate between server-support/test apps and actual servers. But I'm not gonna hunt through a list that size to get a better count.
Anyways, I think it's safe to say that, strange as it may sound, there actually are Win 9x-based servers available.
Okay, but we're starting to wander from the original "Macs are secure because they have no security" topic, which was already wandering pretty far from the "hacker denied 15 seconds of fame" topic.
I'd ask someone to mod me down, but saying "yeah, go ahead, mod this down" always seems to end up with people modding it up to +5 Insightful because it's got that ever-popular angst-driven sound first popularized by Eeyore. (Donkey. 100 Aker Woods. Cristopher Robin. Ah, never mind....)
Ahem... Okay people, listen up! My post is not insightful. It's offtopic! "Offtopic" might look a lot like "Insightful" in the moderator pulldown, but if you look really closely, you'll notice that they're spelled slightly differently. Yes, I know it's subtle...they both start with a big letter and have smaller letters afterwards. Just hang in their, kids...hopefully the next SlashCode release will have a picture-based moderation system.
"Based on historical evidence..." (Score:5, Funny)
The MacOS running WebStar and other webservers as has never been exploited or defaced, and are are unbreakable based on historical evidence.
Based on historical evidence, my backyard shed is burglar-proof.
Re:As an ex-hacker I tend to only trust Mac OS ser (Score:2)
Re:As an ex-hacker I tend to only trust Mac OS ser (Score:2)
Re:As an ex-hacker I tend to only trust Mac OS ser (Score:2)
http://attrition.org/mirror/attrition/os.html#A
Sure, the MacOS/MacOSX defacements only represent 0.8% of total defacements, but they're still there
-gleam
Re:As an ex-hacker I tend to only trust Mac OS ser (Score:3, Informative)
Akamai. Apple's web site is distributed. When you connect to apple.com, you're actually getting www.apple.com.akadns.net, which runs on Solaris.
Re: The Crack-a-Mac contest (Score:2)
So MacOS/WebStar-based web servers have been hacked, but there is only one famous case. And never forget that any system is vulnerable to "social engineering" and shoddy passwords.
Priceless (Score:2, Funny)
Six pack of Rockstar "Energy Drink" - $6
Network time at the local Kinko's - $2.50/hour
Getting booted from NBC Nightly News after hacking their intranet - 5 minutes effort
Scoring with the hot NBC Nightly News Producer because she's impressed with your k-r4d sk|llz - priceless
Stupid people. (Score:3, Interesting)
And this is how (Score:2)
For his part, Lamo, who's not known for shrinking from controversy , charges the network with a failure of courage. "I can understand where they're coming from," says Lamo, in a telephone interview from somewhere on the East Coast. "But I like to think that in their place I'd take more of a risk.
Somewhere, disguised, with computer parts laying around... It seems like Lamo didn't want to give his location, yet, there were hundreds of ways to finding out.
Why speak of "hackers" like this? Are they still a sub-culture, marginalized?
I'm actually surprised. (Score:3, Interesting)
Lamo is my hero (Score:5, Interesting)
Hmm.. Deep, dark left-wing conspiracy? Or.. (Score:2, Interesting)
I mean if he pulled off some kind of crazy technical exploit that would expose a gaping security hole in the OS that left all our sensitive data exposed, and would shock and more importantly entertain the viewing audience, maybe.
He just got lucky and guessed a password.
Boring.
Its not even exciting to
Behind the scenes (Score:5, Funny)
Brokaw: Wardrobe!....dammit, get this kid a large sleek trenchcoat, combat boots, and a pair of those $300 designer sunglasses. They're expecting neo, not urkel. Audio!...cue that "techno" music they listen to. (to "hacker")Okay, kid, your motivation is to disrupt The System, bring down The Corporate Machine that runs the government, and then make it with Carrie Ann Moss in a hovercraft.
Teenage intruder: But I just thought I would show you how I learned about this network vulnerability in my quest for knowl....
Brokaw: (to cameraman) Start rolling in five, four, three, two...
Who's Tom Brokaw? (Score:2)
teleprompter (Score:5, Funny)
I bet he'd say it.
Re:teleprompter (Score:2)
Re:teleprompter (Score:2)
I don't know who the damn
Hacking Teleprompters (Score:2)
In general, broadcast station teleprompter hardware itself is very old technology, with a simple serial cable to load the script (a text file with some very simple markup sequences to adjust speed, fonts, etc)
Among the cheapest "professional" teleprompters are Stewert, starting around $1K. You can throw together your own home-brew solution for a few bucks, but "real" TV stations are sticking with the old, expensive, pre-MS-Windows solutions.
Usually the producer and on-air talent will run through the script at a high speed (just barely readable without practice) shortly before going on air, so your timing would have to be just right if you want to add any extra little "suprises" with any chance of success.
It's an interesting idea, but even for a live news broadcast, it's not likely that you would slip anything through.
His website (Score:2, Interesting)
Okay... (Score:5, Funny)
But I'll bet that ABC would be happy do do a report on cracking NBC's networks...
Where are you, Mr. Jennings...
Breaking into NBC's Intranet (Score:3, Funny)
Ohh, Adrian. You should change your name from Lamo to Lmao with those witty one liners!
New DoS attack (Score:2)
HA! (Score:2)
I bet the hacker noticed that there's an IV going into him from under the desk, and electrodes attached to his nuts if he decides to do anything stupid.
I did it too... (Score:2)
Basically, I got a call from a Producer (David Something-I-Can't-Pronounce) wondering if I'd be interested in coming down to their studio (I was in college in NYC at the time, and they're on 9th and 50-somethingth) and trying my hand at their system. I tried to borrow a friend of mines laptop so I could bring a sniffer, but I couldn't find him in time.
Instead, I went down there, "borrowed" a laptop from them, and quickly installed linux. Explaining that this is what I'd use myself, I plugged into a convenient network jack and started working.
Long story short, I chose as my victim the reporter (not the producer) who would be interviewing me later), her name was Anna Padrao Something-Begining-With-A-P. Well, her password was app426, where 4/26 was her b-day. *yawn* The only major problem was that once I was in to their BBS-like system, it was in Portugese, which I don't speak! Of course, that also let me into her email account, and she even had a shell account on their email server-- though I know she didn't even know it.
I was going to go after root next, but we had to film, so we stopped there. We filmed the whole segment, but then some higher-up though it'd embarass the network too much, so it was pulled. I still have a copy-- kinda cool to see your own voice subtitled in Portugese
Re:Yesterday's Register story.... (Score:2, Interesting)
TheRegisterStoryPostedYesterdayAM [theregus.com]
Re:if a crime, is it wrong? (Score:2)
Is cyberspace inside or outside space for these purposes? I'd say most likely inside. Whenever you enter someone else's system in 'cyberspace', (ignoring the misleading qualities of the word, for the moment) you're 'inside' someone's server.
Treating these systems as storefronts doesn't quite work. For one thing, you can enter because the store owner -wants- people in his store. If you go causing problems, they have the legal right to kick you out. If you try to enter the 'employees-only' storage area, you could find yourself in trouble. If you enter after business hours, when the doors are locked, you're guilty of breaking and entering.
And not all places of business are storefronts. If you go walking in the front door of a factory, or many a suit-and-tie 9-to-5 office, you may find yourself stopped at the front desk unless you've been invited in. And if you use the delivery door in back to get to the Top Boss's office uninvited, again, you're asking for trouble.
Now, as I understand it, he was invited to try and find an insecure entrance. He was an invited guest, and the responsibility falls on the person who invited him. In every businessplace I've worked, all non-employees have had to be accompanied while visiting, for security reasons.
For his sake, I hope he had that invitation in writing. For the sake of the NBC employee that invited him, I hope that invitation was pre-approved by the employee's boss. And NBC's legal department. If the reporter gave an invitation which he didn't have the authority to give, that reporter is the one who could end up in the most trouble.
I'll save the cyberspace/real-space analogy rant for another time.
Re:if a crime, is it wrong? (Score:2)
The internet is a public network. It's not a bunch of private, gated, security-guarded enclaves.
Public street and sidewalk. Fence with a gate (keeps children and small pets from wandering too far too fast). Screened-in front porch with screen door. Screen door to house. Main door to house. Stranger knocks on main door.
Or maybe I'm wrong and modern society has already victimized itself.