July 22, 2008 at 02:11Professional ethics and kulkhackers
I am writing a post “to the wickedness of the day” - because yesterday a craftsman found a hole in the berspersons.ru aggregator. Found - and behaved extremely ugly. Not only did he arrange buchu on a hub, he also spammed user accounts through a hole (even if it was not he who did it, but his followers - he had to think before posting it in the public domain). As a user of the service, I also came under the distribution, yes - I’ve already cleared all the “viral” messages from blogs, I’m changing my passwords everywhere right now ... and, as they say, I think a lot.
When he was an administrator-programmer of the "youth portal" (read - kindergarten) http://zontik.ruwith such characters had to deal with constantly. Because the code on the site is extremely leaky (and written, for the most part, not by me) - it's no secret that SQL injection and XSS were there like holes in a colander, and now, for sure, a lot remains . And, considering that the main contingent of this site was teenagers with all their inherent set of teenage problems like a restrained ego - all these bugs were only used by them for the purpose of self-assertion and settling accounts with enemies. In general, I had occasion to see video tutorials “how to break an Umbrella” and “just like that” of banned users, messages from someone else’s name, and even my own brute-force password (that's how I learned to set passwords of 25 or more characters) . And for every such find, Issessa blushed before the authorities, and even pulled out a lyuley. And if I myself made all these mistakes, it would be at least not so offensive. I would even know that I deserved it ...
In general, why am I writing this? I don’t understand the hysteria, the general hooting-hooting and the desire to "lower" the service with all our might, such as "oh, what they are all suckers, they need it, he left and I wish everyone good luck." If this is an expression of the opinion of the habrapublic, then its level, alas, has fallen dramatically. As correctly written in the comments, only the encoder that writes nothing is not mistaken. Well, or writes something like Hello World on BASIC (s) I. And all are so straight correct that it’s just a star. Of course, to talk smartly about the prospects of transnational IT corporations (like “will Microsoft Yahoo buy this”) or about the great and terrible Freelance (is it because they just don’t take a permanent job?) Is a pleasant pastime. And when someone really does something,
Do you know how a normal black hat differs from a kulhacker? Anything motivates the Black hat — the desire to earn extra money, the slogan “information must be free”, just a sporting interest - but it is unlikely that it will be a desire to show off, assert oneself at the expense of others and yell about oneself throughout the Network. If only because with a good scale of hacking (and not just “spamming someone else’s blozik”), it’s simply not safe to glow once again. And the kulhacker (most often a minor) is exactly what “you are all suckers, and I'm a cool coder” trying to show. Perhaps I am overly emotional - but I myself have always been struck by this. Found a hole, received a bonus with it - either use it yourself, or report to the administrator. And put it in public, and even with similar comments - I think this is exactly what is a manifestation of bloated FGP. I wouldn’t have given my hand to such people — I would have spat at a face when I met in person. For I prefer to communicate with professionals, and not with banderlogs.
PS Well, and in support of the service (no, they don’t pay me for this) -
When he was an administrator-programmer of the "youth portal" (read - kindergarten) http://zontik.ruwith such characters had to deal with constantly. Because the code on the site is extremely leaky (and written, for the most part, not by me) - it's no secret that SQL injection and XSS were there like holes in a colander, and now, for sure, a lot remains . And, considering that the main contingent of this site was teenagers with all their inherent set of teenage problems like a restrained ego - all these bugs were only used by them for the purpose of self-assertion and settling accounts with enemies. In general, I had occasion to see video tutorials “how to break an Umbrella” and “just like that” of banned users, messages from someone else’s name, and even my own brute-force password (that's how I learned to set passwords of 25 or more characters) . And for every such find, Issessa blushed before the authorities, and even pulled out a lyuley. And if I myself made all these mistakes, it would be at least not so offensive. I would even know that I deserved it ...
In general, why am I writing this? I don’t understand the hysteria, the general hooting-hooting and the desire to "lower" the service with all our might, such as "oh, what they are all suckers, they need it, he left and I wish everyone good luck." If this is an expression of the opinion of the habrapublic, then its level, alas, has fallen dramatically. As correctly written in the comments, only the encoder that writes nothing is not mistaken. Well, or writes something like Hello World on BASIC (s) I. And all are so straight correct that it’s just a star. Of course, to talk smartly about the prospects of transnational IT corporations (like “will Microsoft Yahoo buy this”) or about the great and terrible Freelance (is it because they just don’t take a permanent job?) Is a pleasant pastime. And when someone really does something,
Do you know how a normal black hat differs from a kulhacker? Anything motivates the Black hat — the desire to earn extra money, the slogan “information must be free”, just a sporting interest - but it is unlikely that it will be a desire to show off, assert oneself at the expense of others and yell about oneself throughout the Network. If only because with a good scale of hacking (and not just “spamming someone else’s blozik”), it’s simply not safe to glow once again. And the kulhacker (most often a minor) is exactly what “you are all suckers, and I'm a cool coder” trying to show. Perhaps I am overly emotional - but I myself have always been struck by this. Found a hole, received a bonus with it - either use it yourself, or report to the administrator. And put it in public, and even with similar comments - I think this is exactly what is a manifestation of bloated FGP. I wouldn’t have given my hand to such people — I would have spat at a face when I met in person. For I prefer to communicate with professionals, and not with banderlogs.
PS Well, and in support of the service (no, they don’t pay me for this) -