Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
The Internet

CNN on "hackers" 93

phil reed writes "CNN is running a special section on "hacking" called Insurgency on the Internet. I read part of it and winced, but other parts aren't bad. They have a dualing interview, featering Emmanuel Goldstein (Editor of 2600 Magazine) on the 'pro' side, and he gives a pretty good accounting of himself. On the other hand, there is some pretty lame stuff. "
This discussion has been archived. No new comments can be posted.

CNN on "hackers"

Comments Filter:
  • by Anonymous Coward
    "maybe some financial loss"

    Say you're running a system that hundreds of high paid people rely on...if it goes down, every second can cost you thousands of dollars. In the case of critical systems it can mean people dying.

    The analogy may not be perfect but it's an effort to get people to be wary of idiots that think that damaging other people's property or violating other people's rights is ok as long as it's done through a computer.
  • by Anonymous Coward
    > Some of the "joyriders" ... think it's harmless since they usually don't "do" anything
    > besides go in and look around. But if a stranger came into your house, ... would you consider that harmless?

    I've always hated that analogy. Here's why:

    If you break into my system, I'll bitch and gripe while reloading the OS, restoring data from backups, and patching the hole(s) I obviously
    missed. Sure there's an inconvenience factor & maybe some financial loss, but that's about it.

    If I find you in my house uninvited, I'll do my best to blow your fucking brains out the back of your skull.

    The net != the real world.

    turbochrist the forgetful (can't remember my password, sorry)
  • I was reading the interview with IBM's Charles Palmer. He was talking about "joyriders"--hackers who break into a system just to look around. He makes an analogy to breaking and entering:

    Some of the "joyriders" -- hackers who access systems just for the challenge -- think it's harmless since they usually don't "do" anything besides go in and look around. But if a stranger came into your house, looked through everything, touched several items, and left (after building a small, out of the way door to be sure he could easily enter again), would you consider that harmless?

    He's right in some respects. But would anyone mind if someone broke into your house, didn't touch anything, and left a note telling you when he broke in, how he broke in, and how to prevent any future break-ins?
  • Then you'd see even more decisions being made by people who don't know what they're doing. I mean, imagine a world where everything was written in VB... [shudder]


  • C'mon, you sound like an old man.

    Who, as a teen anyway, has never been tempted to bust into a system just to see if they can? It's part of being a tech-savvy teen, just like driving recklessly or having awkward sex in some corn field.

    Knowing you can and actually doing are less a line in morality and more in maturity. Remember, most teens get absolutely no time of day from people, even when the teen is just trying to help (how many stories have you heard of the school library that gets a bunch of new computers, and who decline offers of assistance from students in leiu of bringing in a bunch of knuckleheads who do a half-ass job for $100/hour?).

    It's easier for you or me -- we rate (I hope) jobs where people listen to us. We don't need to prove anything to anybody; when I look at a system and know I could root it if I wanted, that's good enough. That's no reason to start thinking that we're better than the up-and-comings.


  • alt.hackers used to do something like this...
  • I am well aware of the Jargon File entry. I also happen to disagree with it, as using the term "cracker" instead of "hax0r" or "script kiddie" pollutes yet another perfectly good word, and does nothing to save the word "hacker" from misuse, since it's already irreparably lost.
  • No, the word "cracker" refers to the talented assembly language programmers who crack copy protection on software. There's no need to pollute their word in addition to the word "hacker" - that doesn't solve anything.
  • A cracker is a talented assembly language programmer who reverse engineers software to crack copy protection schemes. Don't pollute their word in addition to the word "hacker," all it's going to end up doing is have two words polluted rather than one - you're not going to get the word "hacker" back, so no point in ruining another perfectly good word in the process.
  • Good reading, esp. for the unclued.

  • At least, not if you're an elite.

    Seriously, though... doctors have exclusive professional organizations they use to communicate; Why not (skilled) hackers?
  • Posted by Mike@ABC:

    As someone who has written about hackers and lived to tell the tale (i.e: the site has remained unhacked), I have to tell ya that this definition debate is secondary at best. If I start tossing around hacker vs. cracker debates, I lose readers who might otherwise stay and get educated.

    Look at it this way -- if I can get it across to my readers that not all hackers are evil -- that there are people who call themselves hackers and do productive, good, brilliant things -- then I've won. They'll know that not all hackers are bad. And they won't have to care about the damn labels unless they really want to learn more.

    In other words, before you can introduce the label of "cracker," you have to remove the stigma from the word "hacker." One step at a time.

  • Posted by Lord Kano-The Gangster Of Love:

    The vast majority of people think that this is the last year in the millennium, that doesn't make it so.

    The vast majority of people that the the "motor car" was a passing fad.

    ...That the titanic was unsinkable.

    ...That the US would be "in and out" of Vietnam quickly.

    IT'S NOT THEIR FUCKING PLACE TO LABEL US! We are what we are, we do what we do, "Hacker" is our word, it's for us, by us and about us. They can go to hell if they don't get it. You can go along for the ride as well.

  • We could call it "Internet Clue" because that sorta rhymes with "Internet II"
  • used in the Jargon File each time a clueless journalist uses the terms incorrectly? I just checked the definitions, and there is a distinct difference (as we all know). It's subtle, and gawd knows journalism can't be that, but it's worth pointing out, IMHO.
  • Gee I guess you ARE a hacker!
  • Sounds like the scene from 'Idoru'
  • you don't have to be very old in the computer world to be a hacker. my first computer was a Commodore 16, and then was a big black void until I got myself a 486/33, and I only got online like three years ago. I would definitely not call myself a hacker, but I'm learning, and I love the hacker mentality, the culture. being a hacker is not in calling yourself a hacker but in being called a hacker by other hackers, and I hope to reach that some time.

    I see two kinds of mentalities. there's the immature mentality. those people get a kick out of breaking into other systems or spreading virii and love playing God and destroying things. often these people are spoiled teenagers who play with action figures and guns. if they're teenagers I understand them, every teenager goes through such a period, I did it too. but then they grow up and the kick of power wanes away, and they become people who break into systems to expose security leaks and fix them, people who build virii to keep virus protection programs up to date and pre-empt malicious virus makers. as I said, MOST people grow up. unfortunately some don't...

    I won't deny that I've toyed around with things like BO and Netbus, but only to see what it could do. once in a while I scan the network to see if anybody is running BO or Netbus and warn them before somebody takes advantage of it. it's a real shame BO and Netbus got abused like they were because they could have been magnificent remote administration tools, but that's a whole nother can of worms.

    anyway, there'll always be evil hackers; either teenagers or people who forgot to grow up.

    the Gods have a sense of humor,
  • A cracker is what you're thinking of, and the word is in pretty common usage among most clues. A cracker breaks into systems, a hacker is someone who excels at computing, so to speak. Search /.'s archives for the word "Cracker" and you'll find that it. Or better yet, because "3y3 h4v3 m4d 3133t H7M1 s/ cker
  • tml
  • I too am sick and tired of this common stereotype of crackers and lamers using our good name. I am in the age range (17) of these losers, however, I just enjoy using computers and learning with them. I currently run a Linux box in my room, and I am what is called a Technology Assistant at school. When I tell people that I am a hacker, without fail the first thing they ask is if I can get in and change their grades. These children need to realize that I do not do that sort of thing, and if I DO crack into the network, it will be simply to learn and I will then tell admin what I did so the problem can get documented and rectified at the earliest opportunity.
  • I always thought the difference between hackers and crackers is that a cracker does physical damage to the system while a hacker tries to gain illegal/inappropriate access to the system. Privacy is a big thing for me-I'd be pissed if someone erased my hard drive but I'd also be pretty upset if someone read my emails or followed my web surfing Now people who try to port linux to my commodore 64 are not hackers. They are nerds. :)
  • - People who broke into other computers were sometimes called hackers, but they did it using pure wits and skill. Hardly ever did they damage a system, they just wanted free computer time, or to be able to connect to another computer without paying for a LD call. Few 'hackers' broke into machines or networks, but those that did were almost always just having fun. True, I don't want anyone to have fun on my machine, but they were at most trespassers.. annoyances. - It's still illegal and an invasion of privacy. Let them burn-I don't care. Would you tolerate it if someone looked into your emails or browser cache to see what you were up to?
  • Maybe I should make myself clearer then. *I* am one of the people who goes to the meetings in Nashville, and I am pretty sure that none of the regulars from either group were particularly traumatized by either of those films, dig?

    If you'd like a good, solid definition of "lame" maing unfounded defamatory accusations about a group of people you don't know anything first-hand about definitely qualifies for one.
  • I hate to burst your self-righteous little bubble, but the Atlanta and Nashville groups were both meeting long before "Hackers" hit the theaters.
  • > What if hackers finally had enough of this crap and they all went on strike?

    Umm.. they have. They're running linux now. >:)

    Down with the evil empire!

  • I have to agree here, while Goldstein had some very interesting points to make, I think having the two of them work from the same dictionary would have been more productive.

    Personally, I would love to have seen a face-to-face discussion between them. I think then we would have seen a more balanced article, assuming they debated the meaning of hacker off the record, that one would probably go on for days :)
  • A cracker is a white person in the southern united states.
  • im thinking that will follow the trend of other news sites that talk about hackers... only this will be thier 2nd time getting defaced...

    let me take a crack at the tagline now..."free kevin?"
  • That's honestly a great internet not vulnerable to regulation or cluelessness. I'd wondered how to do that before, but it mostly involved running wires all over the place illegally or starting a telco. :)

  • Don't fool yourself. You're not John Galt. And none of those kids at the food court in Lenox Mall are John Galt either. If all the hackers went on strike, then programmers with mortgages and families would just make more money. (Supply and demand).

    Script kiddies do not rool the world.
  • The only time I've been tempted to destroy a system was during the height of the output of pornspam from AGIS/CyperPr*omo. After the fiftieth email from `Lucy' had been downloaded over my Bell 212A modem, I was ready to hurt something. Of course, I didn't, but I sure wanted to. That's the only time of which I can recall.

    Just because I *can* do something doesn't mean I *do*. Many modern `safety' advocates completely miss this, thinking they need to regular the life out of everything to prevent accidents. I could run a vacuum cleaner across the nature strip[1 by my house, but I don't do that. Does that mean we need to keep teens away from nature strip and should control vacuum cleaners so that minors won't get them? This is what this is in effect saying: teens and computers are dangerous if the teen does anything more than use AOL email and WordPad.

    [1] They seem to call these `tree lawns' in America, which is dumb, because there are usually not trees on them.

  • Well, another journalist has concocted an article on how evil hackers are without really researching it. And I quote from the article, "That's where 'crackers' hackers who break software security -- come in."

    Maybe sometime the media will get it through their thick skulls that a cracker is somebody who uses hacker skills to break into other people's systems, etc. Hackers are merely those with a desire to push the limits of their own knowledge and the technology around them.


  • I thought I'd share the preceeding quote from one of the members of the "hacker" club portrayed in the CNN article, in order to expand everybody's cultural horizons. You see, during my few years of exposure to the Internet at large, and BBSing culture before this, I have managed to pick up enough "3L33T"-speak to be able to translate it into normal, well-thought out speech. Allow me a few examples.

    (begin Masterpiece Theatre music)
    (all translations should be rendered in a resoundingly deep, officious-sounding voice, preferably with a sharp British accent)

    "H@Y D00DZ!!!!!!111!!11!!"
    translation - "Greetings and salutations, my fellow computing denziens."

    "1 G0TZ L0TZ@ K3WL W@R3Z @ND P@$$W0RDZ!!!!!!!!!11!!!111!1"
    translation - "Submitted for your approval; I have painstakingly managed to locate and offer for your consumption, a number of unlawful electronic copies of copyrighted software, as well and the encryption keys for other similarly protected products."

    "K3WL D00D!!111!!!!!#*%^#&^@&^*@!!!1!!!!!!111!!!!!!1"

    translation - "I am thoroughly and indubitably impressed by this development, my good man."

    I could go on and on.

    --John Riney III
  • Agreed, 100%.

    --John Riney III
  • im sorry, i have to give kudos to the retards who wrote those stories.

    their stupid points have increased +90.
  • Just because 98% of the people believe something doesn't necessarily make it true.
  • What if hackers finally had enough of this crap and they all went on strike?
  • "TV said that?" -- Homer Simpson
  • I say screw it!!!
    who cares about the name hackers???
    a rose by any other name would be just as sweet

    how bout people start calling real computer geeks "the mighty duck"?
  • Ahh, I couldn't read past page 1 of the first article. The author mentions in his argument the hack of the british satellite that was later retracted. Sorry, but made me loose all credibility. That and the colour of green that he used. Ahh, horrible.

  • Because if the "big grey drooling mass" start to arrest so called hackers, then we are i trouble.
  • A few ideas:

    Let's not restrict the client OS, like a "Linux only Internet", but on the other end the user must be clueful to get on. The client would connect to one of several servers using an encrypted mean of connection, and then could send messages, download files, etc.. and those servers would communicate with other servers with encrypted means, and would have an encrypted fs. Kind of like a distributed BBS for clue people. CI/SSH (Clue Internet over SSH) or something ;)
  • hacker = "Someone who seeks technical knowledge and who likes to perform challenging tasks. A hacker tries not to do anything illegal. A hacker is usualy someone with advanced computer knowledge, often a PhD or a computer specialist."

    cracker = "Someone who tries to break into systems, usualy to prove to others how leet he is, or to fetch information for malicious purposes. A cracker always uses criminal ways. A cracker is often a teenager, or someone who likes to use known exploits in software programs."
  • But would anyone mind if someone broke into your house, didn't touch anything, and left a note telling you when he broke in, how he broke in, and how to prevent any future break-ins?

    Ah yes, this (or more precisely the comment made in an oddly misplaced reply [] about shooting said intruder) is what I like to call the Santa Claus fallacy.

    Following that logic to its conclusion, these people would arrest Ol' St. Nick for breaking and entering[1] - after all, how could you know he wasn't going to stash your stereos in that sack - possibly along with several other offenses ranging from smuggling to violating flight regulations.

    The underlying circular legalism (breaking the law is wrong <-> things are illegal because they are wrong) makes this IMO false, but what really turns it into a fallacy is the fact that the very same people who hold the belief that laws should be followed without exception are usually quite willing to make an exception whenever confronted with a specific case not obsured by generalizations and prejudices.

    In particular, before any of you jump to reply that Santa doesn't really exist, ask yourself: If I (and perhaps a whole movement of other altruists) were to get a red suit, beard and a sackful of toys and go sneaking into your house on christmas eve, what would you do?

    If you say that the very act of entering your house without consent is illegal, and that regardless of my intentions I still would have the opportunity to replace the toys in the sack with your property[2], fine. I'm not necessarily disagreeing. But why are you then not telling your kids that Santa Claus is a notorious criminal? Why are you teaching them that it is right for a stranger to break into your house in the middle of the night, as long as he only intends to give presents?

    1. or whatever offense would be applicable in your jurisdiction for someone climbing down your chimney
    2. an argument commonly used in "hacker" trials
  • Let us quote from the Jargon File (v4.0.0), a well respected authority on the correct definitions of these pesky words...

    :cracker: /n./ One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of {hacker} (q.v., sense 8).

    :hacker: /n./ [originally, someone who makes furniture with an axe] 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating {hack value}. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is {cracker}.

    There now, you see? The poor chap above was right. No need to berate him. Let's try to keep everything civil from now on.
  • it matters in the same why that skinheads arent racists....but in the media they are.

    so now anyone who is a skinhead is assumed to be a bigot and a mindlessly violent a$$hole.

    of course, you have to be wary of the "almost have a clue" reporters view reports where the reporter acknowledges non-racist skins, you would get the impression that it's a new phenomenon.

    skins are all nazis,
    hackers are all criminals,
    encryption needs a backdoor for your protection,
    hiv infected needles are hidden in the seats of all major movie theatres....
    i read it in a newspaper so it must be true.

  • do you really think that sysadmins for major corps want to give the public okay for every script kiddy to try to break into their site? "your honor, they said it was okay..."
  • Let the AOL-terrorists call themselves hackers, instead, you could be something else, like a slashdotter.
  • Bracing for Cyberwar contains two somewhat contradictory statements:
    During the Gulf War, Dutch hackers stole information about U.S. troop movements from U.S. Defense Department computers and tried to sell it to the Iraqis, who thought it was a hoax and turned it down.
    And then later:
    The government says no top secret material has ever been accessed by these intruders, and that its most important information is not online.
    Am I missing something here? Is the government claiming that troop movements during wartime is not considered important information or top secret?
  • Errr.... no. I haven't seen *any*.
    I've seen several posts on the meaning of hacker. I do claim to know something of what a hacker is. This is not enough to make me one. Keypunching raw a EBCDIC IPL loader probably qualifies me as a "Real Programmer". It does not qualify me as a hacker. If I did it without access to a green card or the "Principals of Operation" manual, I would consider myself a hacker.
  • Does keypunching (multi-punch) raw EBCDIC IPL loader count? After that, hex is easy.
  • I think the media are clueless about both terms.
    I think we should regain control of them both.

    >:cracker: /n./ One who breaks security on a system.

    >:hacker: /n./ [originally, someone who makes furniture with an axe]

    Think of cracker as in cracking a code, a cypher. This takes skill or patience or both.

    Making furniture with an axe takes skill. Lots of skill. The key is that the results are out of proportion to the tools. A hacker is opposite to the poor workman who blames his tools.

    A handmade chair, made with axe is a hack. Chippendale is not.
    C is a hack. Algol68 is not. Dunno about B.
    UNIX is a hack, at least the original. Multics is not.
    Mountain man is a hack. Flatlander is not.
    Climbing Everest without supplemental oxygen is a hack. Riding to the top in a helicopter is not.

    Microsoft windows is not a hack. The tools were there. The results are poor considering the tools. Fails both counts.

    Hackers build rather than tear down. Do not use the term for wanabes.

    Hackers cannot be controlled. I think this is really why the suits, media, corporate etc. get scared.

    We need to regain control of the terms, not for the benefit of hackers, but for the washed mass of J Random (L)Users out there.
  • Hackers, crackers, whatever Commercial News Network decides to call them, it's a bloody farce. Those "hackers" sounded to me more like all those goth people who run around saying "I'm a vampire" when Interview w/ a Vampire came out and it was all trendy.. now Hackers (the movie) comes out and a few other flicks and suddenly being a hacker's the in thing :-P Hopefully some new fad comes out soon so they go away, quit giving all us real hackers a bad name.

  • You see people who write like this all the time on irc/www now,and to think they take themselves seriously is kinda odd, but who's to say what's right and wrong ? People get up on their soapbox (kinda like me right now really, hehe) and rant on about how others do things some way that is inherently wrong and is going to cause all kinds of trouble, but does it really matter ? So they do something that pisses you off, does this make them some kind of lamer ? if it does then you're obviously a lot more knowledgable and have little to worry about in terms of security, or is this just something that irks you on the principle of the thing? Sorry for being disjointed and off-topic, but I felt like ;)

    Just for the record, I think text like that's a pain in the ass to read and typing it properly takes 1/3 of the time.

    *looks perplexed and hits submit*
  • Gee-whiz. I've never seen so many chest-thumping, "I'm a REAL hacker!" posts on a single topic before. :)
  • The definition of 'hacker' has changed forever and the old grand idea of what a hacker is has gone. There's no way to get it back, so accept it or find a new word to describe what you do and spread that.
  • I love it!

    Make it so you can't log on except with a command line terminal too.

    Keep the AOLers out!

    "Responsibility for my career? I'm just a freakin' phone monkey!"
  • Thank you , Rift!

    This is what I was saying in my post, just not as eloquently.
    There is a true difference between the hackers and.. what do we call them? Shrink wrap hackers? Some Assemble required Hackers? Download/Upload Hackers?

    Anyway, the difference is the old school hackers were/are on a voyage of discovery, and the new ones are there to destroy and terrorize.
    "Responsibility for my career? I'm just a freakin' phone monkey!"
  • I agree with you and what I was saying is that hackers - people who created I-net, TCP/IP, Linux, X etc - are not "speaking" the way you have described. People who are too lasy or stupid to read man pages but want be be considered "hackers" have nothing else to do but to "be cool". But they only cool for the people who are the same as they. They are aknowleged by the group they hang out with not but the bright solution to the recent bug in the kernel's security but by the "W@Y T#@Y" talk or type. Maybe they growup sometimes....

  • I'd call anyone who "speaks" like this a kiddie. Because anything else other than "cool" talk is far beyong his brain power.

    P.S. I'm not trying to offend the poster of the previous comment
  • by Anonymous Coward
    Frankly, I don't think this point-counterpoint was a very good debate simply because the 2 gentlement were working off COMPLETELY different definitions of 'hacker'. Goldstein was using the classical definition of someone who wants to learn for the sake of learning while the IBM guy characterized hackers as the script kiddies and cyberterrorists who want to destroy the internet for their own amusement or political gains.

    This was nothing but comparing apples and oranges.
  • Next thing you know, the US will begin bombing countries where they have mp3 servers. "Clear and Present" and all that.

    So here's my idea: VPI (virtual private internet). Protect the entire thing with strong encryption, the keys for which will only be given to people who show some basic degree of understanding of technology. So, we just let all the jonnie-come-latelies have the internet, and we have our own little niche.

    For example, if you can't get the VPI software to work and your first urge is to call tech support rather than RTFM, you can't get on. Or, if you don't understand why your computer that you bought six years ago can't run the latest and greatest 3D game at a reasonable speed, you can't get on.

    As a side bonus, this should do away with first posters and other people who ruin the AC thing for those who use it responsibly.


  • No, the people described in this article are, for the most part, neither hackers nor crackers. Hackers are those skilled in programming or some other aspect of computers, and some of the people who break into systems may indeed be hackers. Crackers are the talented assembly language programmers who remove copy protection from programs - I doubt that's what they're describing in this article.

    In short, I can see why hackers are upset at the commandeering of the term "hacker" to be a general description of any computer intrusion, but the answer is not to describe them as crackers instead. "Crackers" is a term that is already taken by a group that does not be deserved to be lumped together with script kiddies any more than hackers do. Polluting one word as retaliation for the pollution of another word accomplishes nothing - the word "hacker" will still be polluted, and all that will have changed is that you'll have succeeded in polluting yet another word.
  • Anyone else here remember Tymnet? When with a good understanding of a system, you could make it do what you wantedin clever and obscure ways? When computer time was billed? Hackers were, at that time, great programmers, or incredible system admins, or both.

    People who broke into other computers were sometimes called hackers, but they did it using pure wits and skill. Hardly ever did they damage a system, they just wanted free computer time, or to be able to connect to another computer without paying for a LD call. Few 'hackers' broke into machines or networks, but those that did were almost always just having fun. True, I don't want anyone to have fun on my machine, but they were at most trespassers.. annoyances.

    Now, enter the 1990s. Kids with 'virus creation kits' and 'syn bombers' that are already built for them do damage because then they can be '3133t', or have some other title that involves looking like a moron. They do thier best to install backOrifice on some poor housewives web-surfing machine and terrorize her. Then they get together and try to out-posture each other. How many of these 'hackers' have simply found a person who shared the C drive of thier machine and have a cable modem, then installed backOrifice or Netbus and called themselves a hacker 'D00D'? Do these people understand what they did or how they did it? No, but at least they can read the easy steps to do it... I can put a book on a photocopier, but does that make me a novelist?

    Hacker has become a label for the latter group, and given the former a bad name. So let's call these 'new hackers' by a different, appropriate name. 'Morons' or 'Juvenile Losers' comes to mind.

    For the few that DO know what they are doing, but still damage systems, let's call them 'assholes' (pardon my french). For if you really understand computers, and use that to hurt others, that's like knowing kung fu, and running around town beating people up.

    I submit these new labels to the net community, hoping that I can once again call myself a 'hacker' and not have people either hate me, or ask me to crash thier boss' system.
  • The IBM suit, like all good suits, was there to sell his company, specifically his "ethical hacker" unit. He suggests that his (relatively small) group of "ethical hackers" could find potential security holes in your system - for a fee. It occurs to me that one could accomplish essentially the same goal by offering $1000 to anybody for each new security hole discovered (offer is null and void if said hole is used at any time to damage data etc). Given enough crackers, all security holes are obvious. I can feel the paranoid sysadmins recoiling in horror at this point, but a well-known site is going to be a target anyway; you may as well pay people for helping to find security holes.
  • How about comparing Hacking to breaking into a mall after dark. Malls have locked doors and security and there is a thrill in getting it. Looking around and then leaving without people noticing. If you are caught the guard probably just tosses you out (after you explain you were looking for a washroom).

    A cracker on the other hand would break into the mall to loot a store while it was closed.

    The problem with networks is that they are public by definition. The house analogy is bad because you don't go to other peoples houses from your own house. It is not an access route to another house. On the other hand, if you had a really nice car, would you mind if someone was admiring it in the parking lot? Its a compliment, the same with a hacker that just probes a system without doing any harm. If that person were to then get in the car, that would be considered rude and could be equated with hacking a site and then putting up a new web page that says "I OWN THIS SITE D00DZ".

    In conclusion :), I hate when people try to compare situations with computers to situations in physical life, because they tend to pick situations that cause the most FUD that they can use.
  • Anyone sit down and give both these articles a serious read? Did any of you who did, really sit down and think about them?

    The *single* biggest proof to anything Goldstein said was Palmer's entire interview.

    Goldstein's entire interview: The individual exists today in the form of the hacker. The corporation seeks to destroy the individual to further its own ends.

    Palmer's entire interview: There is a threat to business which must be stopped, this threat is the hacker.

    Hrmm... seems like one confirmed the other, the question we must each ask ourselves is, "Am I an individual, or a corporation?"
  • The vast majority of people use the terms "weight" and "mass" interchangeably. Despite this, their technical meaning is still recognised and everyone that needs to know the difference between the two does.

    In much the same way, does it really matter if the popular definition of hacker is something other than what we take it to mean? The people that it matters to know the difference. It may well grate to hear the term being abused, but I also get irrationally annoyed with TV car safety adverts talking about the "force of an elephant". We're not going to be able to change the popular meaning, so why worry about it?
  • I'm 15 years old, I consider myself a hacker because I am a computer enthusiast. I never built an Altair, or owned an Osbourne, my first PC ran MS-DOS, my dad bought it for me and my sister. It was a piece of crap compared to my current PC, but i spent hours using it, and writing BASIC programs.

    The only time i have ever done anything Malicious is once during a computer class, I logged onto a Mac server as my teacher, because i wanted to see if i could guess her password (it was very obvious).

    IMO, your view that all teenage hackers are destructive and evil is wrong. From my experience the teens that REALLY qualify as hackers, respect their computers as well as everyone else's. The "destructive" hackers you talk about, tend to reside on AOL, are idiots, and they don't respect their PC's. Now ofcourse their are exceptions, but those people can't even be called hackers. Would a Car enthusiast break the windshield of someone else's car for fun? No, and a REAL computer enthusiast (a hacker) wouldn't destroy someone else's computer.
  • by PhoneMonkey ( 32729 ) on Monday April 05, 1999 @12:07PM (#1948700) Homepage
    When will people take the time to understand the hackers and their worldview?

    I know many of us here on /. would be considered hackers. I guess I would be too.

    But I don't start viruses, crack programs, or delete files incomputers.

    There are two types of hackers which are (to borrow from rap) Ols School and New School.

    The old school hackers built Altairs, bootstrapped OS's onto their boxes, owned an Osbourne, were telnetting before anyone knew what telnetting was, had HTML 1.0 websites up, and basically flexed their love and knowledge of computers in any way they could. While some hackers were definately malicious, most of us weren't.

    Come on, let's see hands. How many of us hacked into a site to see if we could, and then left after looking around?

    But enter the new school.
    These "new wave" live to destroy. No, I'm not talking to you, these guys are still in junior high and high-school, not online right now.
    Yes, they are smart, but as one 14 year old I know says, "I like to blow a system, I like the control I have".

    I guess this is their worldview, and while I don't agree with it, they can have it.

    But the consequences to that worldview is unfortunate. They make it so those of us who do not do malicious actions (and in fact guard against them now) are grouped together with them.

    So the question is, how do we get the mainstream to make the distinction?

    "Responsibility for my career? I'm just a freakin' phone monkey!"
  • by Frater 219 ( 1455 ) on Monday April 05, 1999 @01:18PM (#1948701) Journal
    If we look at the history of responses to security threats, we see a trend towards greater preparedness and automation in response to threats. Ideally, this would make it easier for people to secure their (Unixoid) systems. However, for various reasons, this isn't exactly happening.

    Originally, it was considered acceptable to have a relatively open system and to tighten security only when that system was actively abused or harmed. This was partly due to simple trust, but also partly due to the fact that the consequences of security threats on Net systems weren't nearly as bad as they are today. There were very few malicious crackers, and because of the small size of the Net it was easy to track them down. Most security-hole exploitation was done in fun, and without doing damage.

    Later, after the RTM Internet Worm, it became expected that security holes would be reported as bugs, and that system maintainers would upgrade their systems to patch known holes. This is what we have CERT bulletins for --- to warn us of holes which have been discovered, so that we can secure our systems before they are exploited. In addition, we have systems such as SATAN that can diagnose existing, known security holes so that we can patch them. However, none of these measures are effective against a newly-discovered exploit which only the crackers know about.

    Now, however, the increasing dependence of both the global economy and global culture on the Net has made it essential that we keep ahead of the crackers. So we now keep copious logs of all network activity, and we have security packages that alert us to activities which might be a prelude to an attack --- such as portscans. Even if we don't know of a security hole in our systems, we can at least notice when someone else is looking for one. Some of these packages simply alert the sysadmin to suspicious activity; others actively firewall out a site from which they detect a portscan.

    Some free-software operating systems have kept up marvelously with this trend. OpenBSD, for instance, takes pride in being "proactively" secure, and sends regular security bulletins to the system administrator. Debian GNU/Linux also stands tall in security, making many logging and threat-detection packages easily available, as well as having reasonably paranoid security defaults. Debian's apt system also makes it trivially easy for system maintainers to keep up to date on security patches.

    However, despite these advances in security, it's still true that far too many "Joe Redhat" users get rooted every day. Some systems aren't keeping up --- and in a sense, because Unixoid systems run more network services and in fact are designed for network operation, a poorly-secured Linux-based system may be worse, security-wise, than Windows.

    Some would say "If a user doesn't know enough to secure his/her system, s/he deserves to get rooted." As a network systems administrator for a small college, I cannot accept that as a responsible answer. We encourage technically-minded students to put up Linux- and BSD-based hosts on our campus network --- not only for fun, but to encourage them to learn about these systems. However, if one of these students gets rooted, that exposes the rest of our network to greater hazard: something that I don't want to happen. Hence, I have a vested interest in ensuring that these students have good security on their personal systems, even though I can't go around auditing them.

    An inexperienced user needs more help making his/her system secure than does a seasoned sysadmin. We cannot afford to think of security as something that can be traded off for ease of configuration, system simplicity, or ease of use. Unless those who intend to deliver "free software for the masses" --- Red Hat Inc. and its ilk --- make their systems more "proactively secure", free software will not live up to its security potential. If this goes on, "Joe RedHat" will keep getting rooted, and Linux-on-the-Desktop will be a security disaster.

God helps them that themselves. -- Benjamin Franklin, "Poor Richard's Almanac"