Speaker by Various Artists

Read Post

Speaker: Pipes: Understanding Hackers

17 Responses

  • Rich of Observationz,

    That John McAfee seems to be a dodgy character (not to mention mad as a bag of kittens). Does anyone think the early antivirus industry might have involved AV companies funding the virus writers?

    Back in Wellington • Since Nov 2006 • 5550 posts Report Reply

  • Sacha,

    Thanks Amberleigh. As a lego kid, maybe I missed my calling.

    Ak • Since May 2008 • 19745 posts Report Reply

  • Brent Jackson,

    So, is Minecraft the new Lego ?

    Auckland • Since Nov 2006 • 620 posts Report Reply

  • Thomas Beagle,

    Ha, there's a story about a guy in the very early days being paid a piece rate to write virus cleanup software.Unfortunately the supply of viruses dropped off and so did his income... so he took up writing viruses to ensure the money kept flowing.

    New Zealand • Since Nov 2007 • 50 posts Report Reply

  • Richard Aston,

    Wow Rich , excellent paranoia.
    I'd wondered the same thing. What about Kaspersky and rumours he has been hacking/cracking for the Russian military - sorry can't find the link right now.

    Northland • Since Nov 2006 • 510 posts Report Reply

  • Ian Dalziel, in reply to Sacha,

    snap erection...

    As a lego kid, maybe I missed my calling.

    **Meccano** ©, sigh...
    Nuts! I'm screwed!

    Christchurch • Since Dec 2006 • 7953 posts Report Reply

  • Richard Aston,

    Years ago I contracted a coder who had worked on a big bank system who told me a story.
    The bank was notorious for messing around with contractor payments so he planted a wee "bomb" in the code that he could activate if his invoice wasn't paid. It simply flashed abusive messages up on user screens.
    He didn't get paid, the bank got the "message" and paid him fast, he deactivated the "bomb"
    I wonder how much of that happens , used to be called Easter eggs.

    Northland • Since Nov 2006 • 510 posts Report Reply

  • Kumara Republic, in reply to Thomas Beagle,

    Ha, there’s a story about a guy in the very early days being paid a piece rate to write virus cleanup software.Unfortunately the supply of viruses dropped off and so did his income… so he took up writing viruses to ensure the money kept flowing.

    The Broken Window Parable with microprocessors, basically.

    Where do 'grey hats' fit in?

    The southernmost capital … • Since Nov 2006 • 5446 posts Report Reply

  • Ian Dalziel, in reply to Richard Aston,

    flying sources...

    Kaspersky - sorry can’t find the link right now.

    try these on for sighs...-
    Wired
    or
    Vanity Fair

    and I see Stuxnet has now compromised US companies like Chevron...
    Life is Karma...

    ...and if you'd like to read a 'Zero Day' cyber thriller fantasy set amidst the beautifully buff people of cyberscience, try Mark Russinovich's (a Microsoft engineer,) Zero Day

    Christchurch • Since Dec 2006 • 7953 posts Report Reply

  • Paul Campbell,

    I have a neighbour who breaks into stuff for a living - not random other people's stuff mind you - people with new hardware, or in the process of buying someone else's hardware send them to him and he sees how easy it is to break into them - he's quite proud that he's never failed - when he's done he writes a report, explains what to fix and how - rinse, wash repeat.

    "Penetration testing" (aka "pen-testing" because giggle "penetration" giggle) - is a business - it's "white hat hacking" - completely above board - and often misunderstood - I've occasionally helped, pulling ROMs off of boards and imaging them - and yes I worry about how people will look at me doing that.

    On the other side of the coin I help design boxes for people - usually we leave them with minimal security - we don't try hard because as a rule we don't care - you want to trash your box, we'll happily sell you another - but that's a business choice - and we don't make ATMs or firewalls.

    Dunedin • Since Nov 2006 • 2623 posts Report Reply

  • izogi,

    He rings them up and tells them and the next thing the AFP is knocking on his door. He wasn’t asking for money he just told them. It was still taken as him being a bad hacker.

    I hadn't head of this one but it sounds like this guy and Ira both phoned, and probably the message (and Ira's message) was just whispered around until the original report was completely out of context. I don't know exactly what Ira said, but at the time MSD acted, I'd expect they were acting on a report that "some guy hacked our system and he's blackmailing us for details", totally different from "someone's noticed a way to get info they shouldn't have, and wants to know if there's an incentive scheme as part of telling us".

    There's no way to be safe when reporting something like this when powerful people's reputations, future job prospects and budgets hang on discrediting or suppressing what you have to say, but wouldn't there at least be a partial benefit in using writing to communicate this sort of stuff so there's an open written record of how you informed them? I'd think really carefully before reporting a breach just because of the crap that could follow if the wrong people are on the other end, but I don't think I'd ever want to report it in a way where my words were out of my control as soon as I'd hung up the phone.

    Wellington • Since Jan 2007 • 1142 posts Report Reply

  • izogi, in reply to Richard Aston,

    He didn't get paid, the bank got the "message" and paid him fast, he deactivated the "bomb"

    It might be effective but it's not very professional. I can't imagine it'd make others want to hire someone in future if word got around.

    Wellington • Since Jan 2007 • 1142 posts Report Reply

  • Andre Alessi,

    That was a pretty great interview.

    Devonport, New Zealand • Since Nov 2006 • 864 posts Report Reply

  • Amberleigh Jack, in reply to Sacha,

    Haha, maybe. Though I loved lego but never had the patience to make anything good. Perhaps that's the key :)

    Auckland • Since Nov 2012 • 21 posts Report Reply

  • Russell Brown,

    I’ve been made aware of a bit of context – not that big a deal, but just so no one can say we left it out: Pipes formerly worked for the Dimension Data subsidiary that did the 2011 security audit that warned MSD of its problems. But he left soon after DiData acquired the company in 2007, and years before the audit was carried out.

    Auckland • Since Nov 2006 • 22850 posts Report Reply

  • Amy Gale,

    Bless you, Amberleigh, for that reference to your brother. I know that wasn't your main point at all (and the interview is great, I didn't mean the interview wasn't great), but I had been having an extremely frustrating month looking for good material on embedded vulnerabilities and now I've FINALLY tracked some down thanks to you and google. Yay for him and his colleagues.

    (Man there are a lot of people writing a lot of shite in that domain. I've read so much of it I reckon I could start producing it myself.)

    tha Ith • Since May 2007 • 471 posts Report Reply

  • Amberleigh Jack, in reply to Amy Gale,

    Haha - Glad I could (inadvertently) help. Just read between the lines of villain-esque photos and sensationalist catch phrases :)
    I do know what you mean - I've had the pleasure of reading a lot of either badly written or terribly misinformed/innacurate stuff over the years. It gets depressing.
    Hope you finally found what you were looking for.

    Auckland • Since Nov 2012 • 21 posts Report Reply

Post your response…

Please sign in using your Public Address credentials…

Login

You may also create an account or retrieve your password.