January 2, 2010 at 22:14Hacking "for the article"
Hi, 
!
In this article I want to speculate on the topic of hacking computer systems for the purpose of training / writing an article (we are talking about the text, not about the Criminal Code). Not only express your thoughts on this topic, but also find out your thoughts on this subject, since the question is very common. As a separate point, I would like to note that I really want to know the opinion of the editors of Xakep magazines and the like .
Remembering the old adage “There are two sides to the coin,” I draw a line of analogy with hacking: the cracker receives the necessary data and satisfaction (we will restrict ourselves to this option, each has its own goals), and the owner of the attacked resource (be it a web server, standalone-software, or a stand-alone computer) learns about the existing (and most importantly, active) vulnerability in its product. But hacking has several scenarios ...
The cracker performs magic manipulations with software and hardware in order to obtain material benefits (a little less often - moral satisfaction). This includes the theft of information for the purpose of sale / use for personal purposes, and cracking software in order to save on its purchase, and the deface of the site in order to take revenge on the person / company. What do the parties to the conflict get:
- cracker: everything
- owner of the resource: nothing It
turns out ugly, isn't it?
I wrote a headline and thought to myself: “But 95% of hacking descriptions begin like this ” :-) An
attacker accidentally detects a vulnerability in an attacked resource and producesan attack defecation act . After revealing everything that is uncovered and merging everything that merges (if we are talking about a web server), the attacker usually tells the owner of the resource about the vulnerability and sometimes even gives advice on closing the hole. Be sure to be accompanied by screams wherever possible, saying "I hacked the site% horn_and_http%", etc. Often a short description of the hacking process is written. What do the parties to the conflict get:
- cracker: everything (as a rule, consists in a huge increase in the FWH )
- the owner of the resource: nothing (if the cracker indicates the vulnerability to the owner, the latter receives a good lesson, an excuse to uplift programmers and a message about the presence of a security hole)
It’s better, but the attacked side is still unpleasant (more damage from breaking than compensation in the form of an indication of the presence of vulnerability).
Of the three types of hacks that I have identified, this is the most humane for the owner of the resource. Hacks of this type are carried out with the aim of writing an article on the appropriate resource. The attacker, as a rule, accidentally stumbles upon a potential vulnerability, but there are cases of intentional search for them. The attack is made with total logging of all actions, so that there would be something to write in the note later. Often, hacking “for learning” can be attributed to this scenario — to better understand the intricacies of various kinds of software. A special feature of this scenario is the fact that the “attacker” (it is in quotation marks, since the attacker is not guided by selfish goals) without fail informs the owner of the vulnerability in all details, and not just “you have a hole in the authorization”. An attacker, as a rule, does not merge information that falls under the scope of the criminal code.
- cracker: everything
- the owner of the resource: a message about the existence of a vulnerability, an extra mention of his resource in the press (though not from the best side, but still. If the owner does not remove the vulnerability before the article is published, he will be worse), a lesson and occasion to uplift programmers.
As for me, this is exactly the scenario that I personally approve and strongly support. Both sides, as a result, got what they wanted. The owner, however, didn’t really want to ... :-)
This is all I need: hacking is not always bad and negative. And now the question that prompted me to write this opus: should the owner of the resource have enough conscience to sue the cracker, because he discovered and picks up the vulnerability, and most importantly - pointed it out to the owner.
Thanks for your time!
! In this article I want to speculate on the topic of hacking computer systems for the purpose of training / writing an article (we are talking about the text, not about the Criminal Code). Not only express your thoughts on this topic, but also find out your thoughts on this subject, since the question is very common. As a separate point, I would like to note that I really want to know the opinion of the editors of Xakep magazines and the like .
but on the other hand
Remembering the old adage “There are two sides to the coin,” I draw a line of analogy with hacking: the cracker receives the necessary data and satisfaction (we will restrict ourselves to this option, each has its own goals), and the owner of the attacked resource (be it a web server, standalone-software, or a stand-alone computer) learns about the existing (and most importantly, active) vulnerability in its product. But hacking has several scenarios ...
Scenario “Angry”
The cracker performs magic manipulations with software and hardware in order to obtain material benefits (a little less often - moral satisfaction). This includes the theft of information for the purpose of sale / use for personal purposes, and cracking software in order to save on its purchase, and the deface of the site in order to take revenge on the person / company. What do the parties to the conflict get:
- cracker: everything
- owner of the resource: nothing It
turns out ugly, isn't it?
Scenario “It was evening, there was nothing to do”
I wrote a headline and thought to myself: “But 95% of hacking descriptions begin like this ” :-) An
attacker accidentally detects a vulnerability in an attacked resource and produces
- cracker: everything (as a rule, consists in a huge increase in the FWH )
- the owner of the resource: nothing (if the cracker indicates the vulnerability to the owner, the latter receives a good lesson, an excuse to uplift programmers and a message about the presence of a security hole)
It’s better, but the attacked side is still unpleasant (more damage from breaking than compensation in the form of an indication of the presence of vulnerability).
Script "For the article"
Of the three types of hacks that I have identified, this is the most humane for the owner of the resource. Hacks of this type are carried out with the aim of writing an article on the appropriate resource. The attacker, as a rule, accidentally stumbles upon a potential vulnerability, but there are cases of intentional search for them. The attack is made with total logging of all actions, so that there would be something to write in the note later. Often, hacking “for learning” can be attributed to this scenario — to better understand the intricacies of various kinds of software. A special feature of this scenario is the fact that the “attacker” (it is in quotation marks, since the attacker is not guided by selfish goals) without fail informs the owner of the vulnerability in all details, and not just “you have a hole in the authorization”. An attacker, as a rule, does not merge information that falls under the scope of the criminal code.
- cracker: everything
- the owner of the resource: a message about the existence of a vulnerability, an extra mention of his resource in the press (though not from the best side, but still. If the owner does not remove the vulnerability before the article is published, he will be worse), a lesson and occasion to uplift programmers.
As for me, this is exactly the scenario that I personally approve and strongly support. Both sides, as a result, got what they wanted. The owner, however, didn’t really want to ... :-)
Hacking is the engine of progress
This is all I need: hacking is not always bad and negative. And now the question that prompted me to write this opus: should the owner of the resource have enough conscience to sue the cracker, because he discovered and picks up the vulnerability, and most importantly - pointed it out to the owner.
Thanks for your time!