Cyberterrorism Article in Jane's is Available 99
James McP writes "Guess what gang, we're published!
The cyberterrorism article we all helped with a while back is now available at
Jane's Intelligence Review. It's targeted for PC laymen but still does a decent job of getting the idea across. To be honest, it sounds like a Slashdot article. :)" If you are quoted, please e-mail me to arrange payment as promised here. It'll only be a token thing, I'm sure, but it's still kind of cool.
Re:factchecking (Score:2)
They should have gone the next step, posting the finished article for proof reading... But, can't expect them to get it right the first time.
Not a bad job (Score:1)
Re:NOTE: Plagiarism from Janes. (Score:2)
Lamp shades... (Score:1)
The moral of this story has to be something
like "dont use lamp shades". Some evil cracka
surely will hide an automatic buffer-overflow-tracker-IR-transmitter in there. But without the shade you are safe. Good point Jane, thankya. This is certainly more important than good backups.
Jane, c'mon give your readers some respect...
a few more boo-boos (Score:2)
there is a code of hacker ethics that precludes any profit from the activity -- the only motive is the activity itself
My understanding of the hacker ethic is that it doesn't preclude any profit from the activity - hackers gotta eat too - but more that it prohibits being malicious. Profiting by hacking may always be secondary to the joy of a good hack, and the determined hacker will hack even if there's no money to be made by it, but it's still okay to turn a profit. Money isn't evil - it's only a tool, and can be used for good or for evil. Like so many other things.
The ethical individual will not use his/her tools (be they money, brute strength, hacking skills, or magic spells) maliciously, but may still make a fair profit from them.
The minimum skill-set needed to be a 'script-kiddy' is simply the ability to read
English and follow directions.
Since when is English required? While I'm sure it helps, I doubt it's necessary. The article had a (tiny little) picture that was supposed to represent hackers in Germany. D'ya suppose they all used only English?
The most truthful line in the whole article is probably "Disinformation is easily spread". Sad to say, it's doing its share. Better luck with the later versions.
2nd worst possible article on this topic, ever (Score:1)
Misquotes, bad graphics, errors, bad info: everything is there. I need perl/java to be a sophisticated hacker? I suppose I can write the buffer overflows without any idea about assembler.
But the thing that bugs me most is the underlined text at the top of the article.. I bet someone still uses a typewriter to write.
my response to Jane's editor (Score:1)
Re:Where's my two dollars? (Score:2)
It makes me think of my handle... some people recognize it as a literary reference, and some think my name is actually Frank.
---
Maybe that's just the price you pay for the chains that you refuse.
The Linux Deathmatch (Score:1)
Not a bad article, from Janes, but definitly needs a grammer/spelling/reality check done on it.
Re:accidental Internet worm? (Score:1)
Just an editorial note... (Score:2)
This reads better if it becomes:
"Indeed, as a teenager Robert Morris Jr. accidentally launched a virus that shut down most of the Unix-based computers in the USA for several days in the 1980s."
The original statement would probably scare most people away from Unix if it was shut down for the 1980s
Re:Where's my two dollars? (Score:2)
If i really wanted to be a hardcore Open Source advocate, i could have GPL'd my original statement, so they could not have quoted me in the article without GPLing the article itself.
---
Maybe that's just the price you pay for the chains that you refuse.
my response to jane's editor (properly formatted) (Score:2)
Hi, I work as a writer/security type for SecurityPortal.com, I do a weekly column, a weekly newsletter, wrote a 200 page guide to Linux security, so I feel somewhat qualified to critique this article.
That article is (I'm trying to think of a gentle word) bad.
---start--- According to hackers, 99% of cracking incidents can be blamed on so-called 'script-kiddies'. These are usually young people who manage to acquire some 'cracking tools' somewhere on the Internet and are keen try them. They choose a 'cool' target (such as NASA, the Pentagon or the White House) and launch the tools. Older, more established ---stop---Pulling statistics out of thin air is a bad idea. I personally would put the percentage lower based on the types of attacks I have seen a lot of (ie bulk scans performed by worm like programs, not something a "script-kiddie" can write).
---start--- Global estimates vary, but a JIR extrapolation based on mid-1990 estimates by Bruce Sterling, author of The Hacker Crackdown: Law and Disorder on the Electronic Frontier, puts the total number of hackers at about 100,000, of which 10,000 are dedicated and obsessed computer enthusiasts. ---stop---Are we talking about hackers (Linux kernel hackers) or crackers here? A mid-1990's estimate is horribly out of date by now, I don't think there is any remotely reliable way to peg it. Also you need to define it first. If a 14 year old decides to go to rootshell, gets an exploit, defaces a major website, gets away with it, but realizes how much trouble he might have gotten into, and never does it again, is he a cracker? Is someone who tries out a few exploits from rootshell on his ISP "for fun" once a cracker?
---start--- However, to launch a sophisticated attack against a hardened target requires three to four years of practice in C, C++, Perl and Java (computer languages), general UNIX and NT systems administration (types of computer platform), LAN/WAN theory,remote access and common security protocols (network skills) and a lot of free time. On top of these technical nuts and bolts, there are certain skills that must be acquired within the cracker community. ---stop---No. Many "hardened" sites are not maintained properly, or even if they are (not hardened enough of course) there will be at least one time when a new exploit comes out and is not fixed for say 6 hours, a large windows of oppurtunity. Classic examples are bugs in Bind (DNS server software used by almost everyone), most DNS servers that are secured are secured quite well, however there have been several bugs that surfaced this year that pretty much nixed anything you could do to secure it (on most systems anyways).
Protecting yourself from your software [securityportal.com]
Securing Bind [securityportal.com]
There are a lot more items in the article I take exception to. As far as social engineering goes you should make the author read Winn Schwartau's "Information Warfare" (actually he should read it in anycase, it's a pretty comprehensive book). You might also check out:
Sunworld article on social engineering [sunworld.com]
Also in general the article is pretty messy, there is a bit on social engineering a few paragraphs before the social engineering section, I would seriously recomend removing it and having someone rewrite it from scratch.
-Kurt Seifried - my sig deleted
Scroll down: they're linked below w/ captions (Score:1)
Ahh, you just need to do a bit of scrolling, my boy, they're there.
I'll offer my own critique later on tonight when I get a chance to read the whole thing.
Excellent article (Score:2)
It has flaws, it lacks a few important points, it makes some not so correct interpretations. But it is a real article and it is almost correct. Frankly I think that even we would make mistakes very near to those that exist over the article. Let us think on Morris. How many people were here when the thing happen. Well I had my dad lost on the tsunami on that day. But even having a so near testimony didn't help to know a lot of very interesting details of that event. Besides I still remember the call I made to my father a few minutes after the wave hit their computers (by pure coincidence, I wanted to know who would catch my brothers from school). He dropped the whole dictionary of low, high and holy slang over the phone and said it was too busy. That someone has made a BIG mistake and the whole net was in shambles... Even a few hours later many people and my father didn't know what was really going on. And even he realized the dimensions and the reasons of the problem some days later. And it seems that he didn't know for everything. Besides in relation to one comment here. Their comps went so bad that they lost information on the disks. I still remember that they had to restore two-three disks that were working at that moment.
So I consider these mistakes something that no one can avoid. They are the result of our limitations of seeing reality. That don't degrade the value of the article. It is a great piece of journalism anyway. Something that we are lacking a lot.
Re:FBI on lookout for NetLamps (Score:2)
Re:Disappointing article (Score:2)
But, a spoof (a hoax) is a trick of any type to substitute something fake for something real. You could spoof packets, or spoof a driver's license, etc.
And, spoofing control signals from a server to the clients would likely be done with a spoofed packet.
But it's just a problem of looking at the application of a term in our context rather than the larger meaning of the term.
Vast improvement (Score:2)
It's written in English, rather than the polysylabic buzzword mumble that had me throwing the printout of the earlier version across the room. It might actually be understood by human beings; this is a good thing. Lots of people read that polysylabic babbling, gain nothing from it, and think they've learned something. Some of them can even remember it, and quote it, but still don't manage to derive any understanding from it.
It still has errors. :(
It will always have errors. This is a newsmagazine, remember, not an O'Reilly & Associates book on the history of hacking and cracking and the consequences thereof.
It covers a much smaller topic than the original paper, but (in my opinion) it actually illuminates a tiny part of that little corner of the world, rather than pointing at the boogeyman that might be hiding there. Before we can convince "them" to "clean up their act", they have to become able to hear us, and the article goes a long way to doing that.
I think Jane's audience (remember, we're not the designed audience) will be well served by this article, and in the long run, we will be too.
We bit troll bait... (Score:3)
Compared to what is being put forth by other media outlets, the article is brilliant. Sure, lotsa goofs, but consider-- these people are spook reporters, not computer reporters. I only hope that it has an impact on its intended readership: Intelligence professionals. Anyone here with a military background, will realize after about one second of reflection, that the people who do IT work in the intelligence field have almost certainly got their bosses completely baffled with BS, inflating their own importance and value, by grossly exaggerating the power of their adversaries, and the dangers they are "holding at bay".
Why is Janet Reno on record with the view that computers are "weapons of mass destruction"? Because that is what her IT employees are telling her, in hopes of bigger better everything-- promotions, offices, toys, etc. I *really* hope that senior FBI management reads Jane's.
Maybe the Jane's/Slashdot atticle will knock a tiny little dent in the problem. I sure hope so. I sweated over my post, and it got used in the "summing up".
31337 h4x0r d00d5 (Score:1)
Doesn't have quite the same ring to it, does it...
Re:FBI on lookout for NetLamps (Score:1)
Annother trick would be to plug a small computer (Heck a NetWinder would work) into a data jack. Then you could have all your nifty cracking and intrusion tools right on the local network, bye bye firewall! This would be great if the jack was hidden behind furnature, or in some other unused area where it wouldn't be noticed. IIRC some NetWinders even have IR ports--see paragraph 1.
I would agree. (Score:1)
And the bottom of all the pages here says "All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster"
Re:NOTE: Plagiarism from Janes. (Score:1)
If they used any of your work, please point it out to them and receive your check, or remain anonymous, your choice.
Tiny Charts (Score:1)
Re:Hyporcisy (Score:1)
"Never underestimate the power of human stupidity." - Lazarus Long"
So which one is it? Are we smart or stupid?
Benno
Re:FBI on lookout for NetLamps (Score:2)
"small computer, itself connected to the main network, into the base of a lamp with an infra-red port (network connection) aimed out the window of an office or linked to a mobile phone."
The lamp is acting as a bridging transceiver. If the LAN was a 'sensitive' network, it would not be eg. wireless ethernet in the office. You would have a segment or twisted-pair, thin-coax, or twinax plugged into this lamp.
On the other hand, if it were a secured LAN there would be no live unallocated cable run. The required splitter would be detected. Not a likely situation all around.
Last Post! (Score:1)
The exploits of the true hacking elite are obviously unknown to you slashdotters and the media. It's the fourth-rate dilletantes like Mitnick that you peons read about. Think about it.
Well, time to examine your credit and medical histories. If I'm in an evil mood, I'll make your toaster explode.
_.......................__
||.....__...._._||_..||-\\..._...._._||_
||......_\\.(/_'..||....||-//.//.\\.(/_'..||
||__((_||_,_/).||_..||....\\_//.,_/).\\_
HAHA! LAST POST! Anything following is redundant.
Re:You're all nitpicking :-) (Score:1)
hi. i don't know if you realize this. jane's is supposed to be not mainstream press but instead one of the leading political, intelligence, defence and economic updates around. it is a bit surprising the mistakes make in the piece, both technical and editorial. it reflects badly on janes.
Re:Who was quoted? (Score:1)
I think so. I got a kind of sense of deja vu reading the text outside quote marks.
jsm
factchecking (Score:2)
Tee hee (Score:2)
Heh! Did we drive that point home or what. :) They then go about for a paragraph on how a cracker and a hacker are different concepts. Too bad they thought Wargames was based on "Kevin Mitnick"'s exploit. That's a great big mistake for Jane.
What th'? (Score:2)
No kidding? Why didn't I hear about this? They even got his name wrong.
FBI on lookout for NetLamps (Score:3)
"A computer could be embedded into the base of a lamp, with an infrared port pointing out the window transmitting information."
Ok... um... If I saw a network cable coming from my *DESKLAMP*, I think I'd suspect something. Especially if the base of the lamp *also* had this little red plastic filter strategically pointed right up close to and out of a window.
Is this guy SERIOUS about this article? He doesn't give *any* background to anything, (except a *little* about the hack/crack debate), and expects GOVERNMENT SECURITY PROFESSIONALS to relate to this???
Wow.
Makes me worry a *LOT* less about Eschelon... It's probably a bunch of radio shack scanners connected to old Ampex reel tape recorders!!!
mindslip
Laymen needed (Score:1)
-- The Wages of Sin are unreported.
Cut and paste journalism (Score:1)
I didn't even bother to read it all.
a little known fact... (Score:3)
if you guys watched more tv you'd know that.
Who was quoted? (Score:2)
Wargames based on Mitnick? (Score:2)
Re:Cut and paste journalism (Score:2)
Bar graph? (Score:1)
Am I the only one here who wonders what this bar graph is about? It's not labeled, nor is it a thumbnail for a clearer, normal-sized one. (along with the others)
Well, looks like the purple team beat out the others that last year, huh? =)
Pablo Nevares, "the freshmaker".
Just like Slashdot (Score:1)
Nicely written article that didn't dwell on fearmongering, and just stated the facts as they were. It identified rumors as such, and while it laid out some potential catastophic circumstances, it also identified the fact that these events are unlikely.
The flow, however, was a little erratic. Seems that some of the topics were thrown together in no particular order. Otherwise, decent article.
-Restil
Disappointing article (Score:3)
Definitions are suspect and inconsistently used. For example, their use of the term "spoofing" does not match my understanding of the word. Doesn't it usually refer to forging packets? But I might be wrong.
Some of the arguments seem incoherent, and many statements are unsubstantiated.
For example, in the "Beyond the hype" section, an argument is made that terrorist attacks on the infrastructure might not be effective because the infrastructure fails often anyway. This ignores the significant difference between normal failure modes and a planned terrorist attack. They could have done better - I wrote some comments on physical infrastructure attacks in the original Slashdot article, and other comments from people with more knowlege than I did as well.
The statement "Any system put together in the last few years will have been implemented with security in mind" is simply false, with many counterexamples available.
Really, the commentary on the original Slashdot article asking for input was more interesting and informative. I expected Janes to go beyond that with some really interesting research.
Disappointing.
Torrey (Azog) Hoffman
Final version? buggy. (Score:2)
1) War games was 10 years before Kevin, and they misspelled his name.
2) The Morris worm didn't erase anything, just propogate itself too quickly thus creating a Denial of Service attack.
3) The social engineering phone conversation is duplicated.
4) Dividing attacks into DoS/Erasing/Spoofing seemed pretty arbitrary. It would probably be more appropriate to discuss attacks in security terms (accessibility, correctness, privacy), for example see the duckling protocol paper [slashdot.org].
There were many other minor glitches as well, such that if you were to print it out and proofread it it would be fairly marked up.
Cut up on Microsoft! (Score:1)
Hmmmm...
I wonder what operating system(s) most employees use?
Re:FBI on lookout for NetLamps (Score:2)
If a PC was tampered with to make it listen for a network connection on the IR port, then you could do anything on the larger network that the PC could. And the 'lamp' could rebroadcast the weak signal with enough power to reach a station across the street, or in some other unsecured area, where the attacker could setup a more robust phone or cellular connection to the actual hacking base station.
And, a lamp would be a good thing to stick an IR rebroadcaster in for a number of reasons. Lamps are fairly electrically noisy, a sweep of the room with an inductive amplifier wouldn't pick up the rebroadcaster because of the 'noise' of the lamp. Lamps are also a fairly common, and come in endless styles. A lamp suitable for an IR rebroadcaster (one with IR transparent plastic on the base) could be easily found and wouldn't look too out of place.
As someone else said, this attack doesn't need to be made on the server, or in the server room. All you need is some non-techy who has access via the network to the information you want. Or, has access to something that will through hacking, allow you to gain further access.
Lamps are great because they're the least technical, and thus the most likely to function properly, electronic device present on most desks.
I think the idea is a little far fetched, but that's probably because most of the security I deal with is for my company and at most, our data is orders of magnitude less important (financially) than fund transfers, making an attempt with a high initial cost and moderate risk (physical intrusion), very unlikely.
Curious quote? (Score:2)
This is an odd bit from the article. The only reason that one would use those square brackets is to indicate an addition to a quote, but the sentence is not quoted. Did Jane's perhaps forget to quote and attribute some things that should be?
Greg
Re:FBI on lookout for NetLamps (Score:2)
From the description given, I'm envisaging a lamp, containing said computer, and a one-way IR link to a second computer, located outside the building and in direct line-of-sight.
Personally, I'd cut out the IR link and go radio. Fewer problems, WRT obstructions, and harder to detect by eye. Radio -does- have the disadvantage that sniffers can detect the system, but that's assuming that who/whatever's being monitored would suspect that possibility.
The computer would obviously not be directly connected to a LAN - it's in "hostile territory"! The computer it's linked to, by radio or IR, is much more likely to have a physical link, but even there, that's still not probable. It's likely to retransmit, via cell-phone or whatever, to a base station. That base station would then be connected to the secure LAN.
Each computer would obviously need strong authentication, to prevent man-in-the-middle attacks, but you can achieve that with simple strong encryption.
Frankensteins Monster (Score:1)
Ultimately the article is functional, one would be more clued by reading it than say watching TV, "Y2K: The Movie" anyone? I noticed that it is loacated under the
Oh, and claim your quotes that were purchased by Jane's, it's payday!
blame me for this one (Score:2)
I think I'm going to have to take my lumps on this one. I was using a generalised concept of spoofing as meaning any attempt to create false messages to a system, and it got lifted without noting that it wasn't the generally used sense of the word.
Oh well.
jsm
complexity as defense? (Score:1)
backups (Score:1)
Re:FBI on lookout for NetLamps (Score:1)
It would be a little more tricky, but if you happen to be night cleaning staff there is more time to play around with it.
Besides, this is assuming most offices and IT don't have lighting by fluorescent celing lights. It would be stupid putting a normal lamp in that enivironment. Might as well plant a pine tree in the desert and try to get people to ignore it.
Re:FBI on lookout for NetLamps (Score:2)
Hmm. I can think of at least one theoretical route for this; if you "dummied" a network card to leak it's information to the power wire, encrypted to look like "noise", you could open communications to a comms repeater built into a lamp, along the power wire the lamp needs to work.... and I can't imagine many people finding it strange you need to plug a lamp into a wall socket.
That said, you would need a LOT of unsupervised access to a Real PC on the lan before you could swap out a network board - however, if you could gain access to a wiring closet that has data runs, you might be able to imbed a splitter/transmitter unit into a plastered-in run, or into a hub or two...
--
A better article. (Score:2)
Remember that the target audience of this publication are not up on highly technical aspects of this genre. This article will make them think and hopefully move them to realising exactly what the future holds.
If it makes life easier for systems admins to get the backing to secure systems properly, this can only be a good thing.
Re:Hyporcisy (Score:2)
"Never underestimate the power of human stupidity." - Lazarus Long"
So which one is it? Are we smart or stupid?
Both. Such is the paradox of existence.
---
Which is it? Both. (Score:1)
Also, it is much easier to complicate than to simplify.
forgetting... (Score:1)
public. It is not meant for people who are
in the know.
This is an ambitious article. It is trying
to explain to John Q. Point'n'Drool why the
idea of cyberterroism is real, and why its not
AS bad as the Legions of Gloom and Doom are
telling them.
It is an attempt to explain the state of things,
who is doing malicious hacking now, how it could
be used, and whats stopping it.
I find the power grid idea partularly amusing...
since just yesterday I found out that all the
pole distribution transformers here in my area
of the country are radio controlled on/off.
Of course while these types of attacks could be
used for terrorism, they need not be. Terrorism
implies attacks designed to strike fear into the
general populous. In reality this is just another
tool. It can be used during a military campagin,
for terrorism, or just to make money.
Just terming it a "terrorism" is itself a device
to scare people. To that end I think "The Seige"
is one of the best movies on the subject
The terrorists in that movie succeded. They
brought about martial law and effectively brought
life to a halt.
So basically, while the article was dumbed down
a bit (for the sake of explaining to idiots) I
have to say that I agree with its conclusions.
The current impact of "Cyberterrorism" is almost
non-existant, but it could easily be used as a
tool to make other attacks more devstating.
double edged sword (Score:1)
I mean if I read an article about a CGI/perl bug that allows cracking of websites, next thing I do is go over my scripts to make sure I'm not cracked by the 50,000 kids that will read it next.
Physical Attacks (Score:1)
In theory, cyberterrorism is very plausible, yet in reality it is difficult to conduct anything beyond simple 'script-kiddy' DoS attacks. Terrorists attempting to sway a populace by fear would therefore be less interested in such an attack unless they could carry out an extremely damaging one on a repeatable basis or unless they used it to augment the effects of a physical attack.
This is all well and good to say "There isn't a real problem, unless 'they' dedicate men and material for an attack at the same time", yet earlier it was stated:
Whilst alarmist, precedents do exist, as evidenced by Gail Thackaray, recognised as one of the premier cracker-catchers in the business: "One hacker shut down a Massachusetts airport, 911 emergency service and the air traffic control system while playing with the municipal phone network, and another hacker in Phoenix invaded the computer systems of one of the public energy utilities, attaining 'root' level privileges on the system controlling the gates to all the water canals from the Grand Canyon south.".
Doesn't the ability to open all the water canals from the Grand Canyon south, thereby flooding out a lot of land (potentially residential areas as well), constitute a physical attack achieved via cracking? And doesn't the fact that "These examples involved individuals rather than organised groups" show just how vulnerable the systems are to a terrorist organization intent on creating damage and loss of life?
What about an attack on a nuclear reactor or a directed assault on air traffic computers?
The potential for physical attacks via a computer is very real.
Oh, and the editor for this article should be covered in walnuts, chained to a tree, then eaten to death by a group of rabid squirrels.
Just my $0.02.
-NYFreddie
... and questionable editting too. (Score:2)
--
Advertisers: If you attach cookies to your banner ads,
accidental Internet worm? (Score:1)
Robert Morris Jr. could hardly have designed a multiple-vulnerability exploit by accident. Sorry to nitpick :-)
SEAL
Open Source Re:Tee hee (Score:1)
Well, while he got [cr|h]acker right, the open source concept he cannot grasp.
NOTE: Plagiarism from Janes. (Score:5)
As pointed out by Clifford Stoll in The Cuckoo's Egg, automated 'data mining' techniques can be used to search for useful patterns in vast stores of insecure and seemingly unrelated data. A bank may assume its electronic fund transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data, as the pure information is often much more valuable than simply destroying random records. Reconnaissance attacks such as these are difficult to stop but extremely damaging. In the long-term banking scenario, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why destroy a valuable point of information gathering by doing something short-term like disrupting operations?
Here is a quote from the original thread with my (long) post [slashdot.org]:
"For instance, a bank may assume their electronic funds transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data (which is what most people think is the end goal but isn't always), rather the pure information which is often much more valuable than simply destroying random records. Reconnaissance attacks like these are difficult to stop but extremely damaging. In the case of the bank, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why completely destroy a valuable point of information gathering by doing something silly like disrupting operations? It's rare that a single offensive has any lasting effect, you must attack from different levels and leverage all available resources for maximum impact. Only dispose of resources that you need to. "
I assume it is a case of inappropriate referencing. However, they didn't even bother to put quotes around the paragraph indicating it as a direct quote. Instead they just did a cut and paste. I don't want to be rude, but this is not very professional. I can only hope it was a mistake on the author's part. I would hope they would at least offer a retraction/correction for this.
Comments on this article... (Score:2)
suntzu.pdf [terrorism.com]
We are thinking about updating it and would welcome any feedback.
Matt
Re:FBI on lookout for NetLamps (Score:2)
I'm assuming that the guy is referring to lamps that already have a view of the window, so that solves any problems, WRT getting a clear view. And, if the lamp posessed any sensors, it would be possible to detect if a clear view existed. If not, the information could be buffered until the path was clear. Very trivial stuff.
Looks unfinished (Score:3)
Several sentences were repeated (whole paragraphs even). Some factual information was incorrect (wargames/Mitnick? hahahahha!). There weren't many quotes, although I saw some paraphrasing.
Frankly, I could write a better article.
Still, it gets the gist of the idea right. Thank god Jane's noticed the hacker/cracker difference. I wish they point out the importance of that more.
Although it has some stupid examples (IR in a lamp? WTF?), they're mainly used to make a point. The point being that a good hacker thinks outside the lines, to some extent. I don't normally check my lamps for hidden transmitters, do you?
A bit stupid all in all. C'mon Janes, go for the gusto. Get a bit technical. Don't be afraid of having to write for a layman. The layman is smarter than you give him credit for. Use analogies (sp?). Make it interesting for crying out loud.
ah well...
---
Re:FBI on lookout for NetLamps (Score:1)
Actually, /.er is not necessarily the person that would be chosen as the reciever for a scam like this. I admit it is quite far-fetched, but for every major system, there are administrators and there are USERS.
that might work. Keep in mind that the average
Actual users of secure systems need not be technical individuals. My boss won't even consider our little IT sub-team for anything that sounds like data entry. A lower paid contractor does that. If you knew enough to get it the building (keycard access), and hook the "lamp" up to a desk on the system you wanted, you would know enough to pick the contractor who is not a "tech", but uses the system. It provides an opening for you to start.
Once you have felt out the system using this device, you would know enough to continue. Keep in mind that a true security professional has to be the most paranoid SOB on the planet to stop somebody REALLY good. (Of course, the really good wouldn't try something quite this dumb.)
As far as the article as a whole goes, I hope the target audience is people not THAT familiar with security and hacking / cracking.
B. Elgin
Re:Tee hee (Score:1)
Hey, at least it's nice to know Slashdot is making some "serious impact" in non-tech circles :-)
Mind you, when the time comes when people "catch up" to technology, Slashdot is going to be like... the center of all the media... WoW! Well, regardless, I think it's a nice feeling to have that we tech-people are actually getting noticed in this way.
(Disclaimer: this is just a dream. I've got who knows how many hours straight of CRT radiation in my face that my brain is probably too toasted to think... oh wait, I'm not using MS Toasters I'm using Linux! Sheesh, time for me to wake up.
Good piece (Score:2)
Re:What th'? - There is a movie, it's just not out (Score:1)
Re: They got Hacker/Cracker issue right (Score:1)
Re:Where's my two dollars? (Score:1)
lone gunman - sm711471440357 (Score:1)
yes agreed, but I bawked a bit at the following couple of lines....(the bold emphasis is mine)
what urks me is that it appears to reinforce stereo-typical profile of the lone social misfit with low self esteem, male who deviates from the norm. In fact the this form of electronic warfare is more likely to be done with assorted teams of white collar specialists for the regular work and the lone character stereotype portrayed in the article for those *irregular* assignments.
This is the only flaw I can find (sans errors, but this is an old article.) in an otherwise excellent article. It's the kind of quality you would expect from Janes/JIR [janes.com].
Re:NOTE: Plagiarism from Janes. (Score:2)
This was sort of the point. The article is simply a cut n paste job of what was posted in that thread. If they simply wanted to quote you, they wouldn't have offered to pay you for it.
A more interesting question would be if they now claim the copyright for your words, so that you were effectively breaking the law by repeating your own words here...
-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
Perl Habor, 2001 (Score:1)
Also, Jane missed the other movie inspired by kevins activities, 2001. It is wildly known in the roght circles that the NASA secret mission to Jupiter was aborted under undisclosed circunstancies, after he managed to invade the in-ship mission control AI. Kubrik and Clark just left the most secret parts out of the script.
Re:accidental Internet worm? (Score:2)
Nice article (Score:5)
Secondly, again, no matter what anyone else's critisism may be, I felt that the article gave a good, solid introduction to the CONCEPTS involved. The "facts" used are not, IMHO, all that important, as it's not aimed at security specialists, but people outside the field.
Lastly, I felt that it was a great first step, in the CO-OPERATION between journals and specialists, in which neither was trying to feed off the other, but rather co-exist in a mutually supportive way.
Personally, I'd say ignore any glitches and look at what's been gained, by all sides.
You're all nitpicking :-) (Score:5)
When it comes down to it, small things like the fact that Wargames wasn't, in fact, based on what Kevin Mitnick did is not important. The important thing is that they seem to have got most of their facts right.
I would say Slashdot's input has managed to create the most sensible and accurate piece of journalism on crackers and their activities written by a mainstream journalist that I have ever read.
Gerv
Where's my two dollars? (Score:3)
This is cool, but not nearly as cool as a $2.56 check from Donald Knuth would be.
---
Maybe that's just the price you pay for the chains that you refuse.