Speaker: Pipes: Understanding Hackers
17 Responses
-
That John McAfee seems to be a dodgy character (not to mention mad as a bag of kittens). Does anyone think the early antivirus industry might have involved AV companies funding the virus writers?
-
Thanks Amberleigh. As a lego kid, maybe I missed my calling.
-
So, is Minecraft the new Lego ?
-
Ha, there's a story about a guy in the very early days being paid a piece rate to write virus cleanup software.Unfortunately the supply of viruses dropped off and so did his income... so he took up writing viruses to ensure the money kept flowing.
-
Wow Rich , excellent paranoia.
I'd wondered the same thing. What about Kaspersky and rumours he has been hacking/cracking for the Russian military - sorry can't find the link right now. -
Ian Dalziel, in reply to
-
Years ago I contracted a coder who had worked on a big bank system who told me a story.
The bank was notorious for messing around with contractor payments so he planted a wee "bomb" in the code that he could activate if his invoice wasn't paid. It simply flashed abusive messages up on user screens.
He didn't get paid, the bank got the "message" and paid him fast, he deactivated the "bomb"
I wonder how much of that happens , used to be called Easter eggs. -
Kumara Republic, in reply to
Ha, there’s a story about a guy in the very early days being paid a piece rate to write virus cleanup software.Unfortunately the supply of viruses dropped off and so did his income… so he took up writing viruses to ensure the money kept flowing.
The Broken Window Parable with microprocessors, basically.
Where do 'grey hats' fit in?
-
Ian Dalziel, in reply to
flying sources...
Kaspersky - sorry can’t find the link right now.
try these on for sighs...-
Wired
or
Vanity Fairand I see Stuxnet has now compromised US companies like Chevron...
Life is Karma......and if you'd like to read a 'Zero Day' cyber thriller fantasy set amidst the beautifully buff people of cyberscience, try Mark Russinovich's (a Microsoft engineer,) Zero Day
-
I have a neighbour who breaks into stuff for a living - not random other people's stuff mind you - people with new hardware, or in the process of buying someone else's hardware send them to him and he sees how easy it is to break into them - he's quite proud that he's never failed - when he's done he writes a report, explains what to fix and how - rinse, wash repeat.
"Penetration testing" (aka "pen-testing" because giggle "penetration" giggle) - is a business - it's "white hat hacking" - completely above board - and often misunderstood - I've occasionally helped, pulling ROMs off of boards and imaging them - and yes I worry about how people will look at me doing that.
On the other side of the coin I help design boxes for people - usually we leave them with minimal security - we don't try hard because as a rule we don't care - you want to trash your box, we'll happily sell you another - but that's a business choice - and we don't make ATMs or firewalls.
-
He rings them up and tells them and the next thing the AFP is knocking on his door. He wasn’t asking for money he just told them. It was still taken as him being a bad hacker.
I hadn't head of this one but it sounds like this guy and Ira both phoned, and probably the message (and Ira's message) was just whispered around until the original report was completely out of context. I don't know exactly what Ira said, but at the time MSD acted, I'd expect they were acting on a report that "some guy hacked our system and he's blackmailing us for details", totally different from "someone's noticed a way to get info they shouldn't have, and wants to know if there's an incentive scheme as part of telling us".
There's no way to be safe when reporting something like this when powerful people's reputations, future job prospects and budgets hang on discrediting or suppressing what you have to say, but wouldn't there at least be a partial benefit in using writing to communicate this sort of stuff so there's an open written record of how you informed them? I'd think really carefully before reporting a breach just because of the crap that could follow if the wrong people are on the other end, but I don't think I'd ever want to report it in a way where my words were out of my control as soon as I'd hung up the phone.
-
izogi, in reply to
He didn't get paid, the bank got the "message" and paid him fast, he deactivated the "bomb"
It might be effective but it's not very professional. I can't imagine it'd make others want to hire someone in future if word got around.
-
That was a pretty great interview.
-
Amberleigh Jack, in reply to
Haha, maybe. Though I loved lego but never had the patience to make anything good. Perhaps that's the key :)
-
I’ve been made aware of a bit of context – not that big a deal, but just so no one can say we left it out: Pipes formerly worked for the Dimension Data subsidiary that did the 2011 security audit that warned MSD of its problems. But he left soon after DiData acquired the company in 2007, and years before the audit was carried out.
-
Bless you, Amberleigh, for that reference to your brother. I know that wasn't your main point at all (and the interview is great, I didn't mean the interview wasn't great), but I had been having an extremely frustrating month looking for good material on embedded vulnerabilities and now I've FINALLY tracked some down thanks to you and google. Yay for him and his colleagues.
(Man there are a lot of people writing a lot of shite in that domain. I've read so much of it I reckon I could start producing it myself.)
-
Amberleigh Jack, in reply to
Haha - Glad I could (inadvertently) help. Just read between the lines of villain-esque photos and sensationalist catch phrases :)
I do know what you mean - I've had the pleasure of reading a lot of either badly written or terribly misinformed/innacurate stuff over the years. It gets depressing.
Hope you finally found what you were looking for.
Post your response…
This topic is closed.