If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(National Journal)   It's the darndest thing, but somehow, after a decade of treating the most innocent hackers as dangerous felons, the US finds itself with a terrible shortage of cybersecurity experts to help it fight off new IT attacks by foreign cyber-criminals   (nationaljournal.com) divider line 103
    More: Obvious  
•       •       •

3643 clicks; posted to Geek » on 25 Feb 2013 at 2:55 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



103 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | 3 | » | Last | Show all
 
2013-02-25 04:34:35 PM
anotherplotdevice.files.wordpress.com
Movies are ruining our kids.
 
2013-02-25 04:37:39 PM

anfrind: Assuming you were to report the vulnerability as soon as you find it, I think a better analogy is that it's like telling your neighbors that they left the key to their front door in the lock. Most people recognize that as being a good neighbor, and don't immediately assume some sort of criminal intent. It shouldn't be any different with reporting computer security flaws.


You have to admit though the stories we tend to hear about is the kid who tells his neighbor about the key but doesn't get compensated to their satisfaction so the next time it happens the neighbor finds the kin lounging in their living room in the owner's bathrobe and sipping on a beer they found in the fridge.
 
2013-02-25 04:42:33 PM
Back in the 80's, I once impressed and slightly freaked out a girl by telling me that I could hack her phone number and then giving it to her a few hours later. My "hacking" was just glancing at her information on a teacher's student list, but she genuinely thought that I'd done something impressive.

These days, she's report me to the school, who would expel me and then report me to the police. If I were lucky, the FBI wouldn't get involved.

/csb
 
2013-02-25 04:48:25 PM

EvilEgg: There is no such thing as an "innocent" hacker.  Hacking is illegal, unless you are doing it for the government.  This is true about many aspects of warfare.


Thank you Mister Definately-Not-Some-CIA-Plant
 
2013-02-25 04:51:20 PM
anfrind:


CSB: when I was in high school (class of 2002), my school purchased a bunch of new computers running Windows 98 and a third-party security program called Fortres, to keep students from doing anything they shouldn't do. It was a terrible security program, not so much because it was easy to disable, but because it made a lot of basic tasks (like accessing a floppy disk or a CD-ROM) nearly impossible.

As a result, when I made a boot floppy that could automatically "patch" any of those computers so that Fortres couldn't run (and thus the computer would work like a standard Windows 98 PC), a lot of teachers were actually quite happy to have it. The school's IT guy wasn't so happy, but he didn't freak out over it.


Also a CSB:

In the late 80's I ran the computer labs at a small college, and shared an office with two hardware techies. During the summer we tended to have a lot of time on our hands, so of course we used it to mess with each other... Stupid stuff like changing one's desktop to a photoshopped picture of the victim having sex with a horse, or writing a program that randomized all the colors on their desktop.

One of the techies decided to install a "fortress" type program to lock us out of his machine, which would have been fine except he still kept messing with ours. That would not stand.

We (quite justifiably) argued that he had to give us access to the terminal software on his machine, since he was the only one with a modem. And then I wrote a little TSR keylogger program, uploaded it to the other tech's BBS, where he renamed it ZMODEM.EXE and we re-downloaded it on to our victim's machine and executed it.

When he came back from a service call and typed in the master password, it was copied to the laser printer by my desk. When he went to lunch we changed his master password to "knobhead" (nod to the BOfH)

We figured we'd let him stew overnight. He genuinely believed that he had forgotten the password, evidently he was changing it daily because he was so paranoid.

The next morning we found out that he had spent all night wiping and rebuilding the machine. Ooops. We never did tell him what happened, but he never did re-install that fortress program.

/ Old CS,B.
 
2013-02-25 04:59:58 PM

EvilEgg: Hacking is illegal, unless you are doing it for the government.


Do you have any idea how morally damning that sentence is, or are you actually that pathetically ironically unselfaware?
 
2013-02-25 05:02:19 PM
The SneakerNet is still the best place to do your hacking.
 
2013-02-25 05:17:10 PM
When I worked IT for a couple government laboratories and departments, there was always this group called the "Red Team". Essentially, they would go around to different government facilities and try to access data/networks anyway they could. They tried three different times while I worked at a renewable energy lab.

1) One of them walked around the campus and dropped thumb-drives around cars and the building. The moment someone plugged it in *BAM* they had system control.

2) On another attempt they sent a phony link around and it did a timestamp of the person clicking the link. We had something like 60% of the office click the link (and about half our techs did).

3) The niftiest one was a guy walking around campus carrying what appeared to be a large gym bag. After an hour or so walking around the campus Security finally stopped him. Evidently he snagged a shiat-ton of information in that time-span.

As far as Cyber Warfare in the United States is concerned, we may not have a big army like the Chinese, but we do have plenty of nukes. Just like in physical warfare, anyone that messes with us is looking at M.A.D.
 
2013-02-25 05:35:21 PM
I'm sitting here surfing Fark at the RSA Security Conference (http://www.rsaconference.com/) with thousands of cyber security experts so I'm really getting a kick...
 
2013-02-25 05:40:50 PM
/drtfa
But when I was seriously considering the FBI for employment around 2003, the starting pay was only $45K and you have to live where ever they send you.

I can understand them needing to re-locate you, but I really hope they are offering more to get the needed talent out of the private sector.
 
2013-02-25 06:00:59 PM
In this day and age, lots of people consider using Greasemonkey to execute Javascript on a website to be "hacking".  And thus, the word "hacker" has been diluted beyond all reasonable recognition of what it once meant.

So now, when someone uses the words hack or hacker, it doesn't even register as anything to me other than it lets me know which websites and ignorant users to avoid.
 
2013-02-25 06:31:27 PM

stonicus: I got busted breaking into a local university system back in 1992.  They thought I was changing grades.  I was just playing games and getting on chat rooms.  Wasn't allowed to even own a computer for 3 years.


Hah. That's funny. I walked into one big school's computer lab just to play MUDS, and finally, a monitor came up to me and asked me what school I was in

Without a blink, I said "Divinity"
 
2013-02-25 06:40:10 PM
There's probably a lot of legitimate, legal career options available for very skilled hackers in the USA.
In China, probably not so much. That, and there's very little chance of the authorities knocking on your door for cracking into some company in the USA.

They're definitely on the right track by identifying potential hackers at an early age. I think the really skilled ones start early and are very dedicated creatures.
 
2013-02-25 06:49:40 PM

HotIgneous Intruder: EvilEgg: Hacking is illegal, unless you are doing it for the government.

Do you have any idea how morally damning that sentence is, or are you actually that pathetically ironically unselfaware?


Your sarcasm meter appears to be malfunctioning.
 
2013-02-25 06:51:30 PM

MrHappyRotter: In this day and age, lots of people consider using Greasemonkey to execute Javascript on a website to be "hacking".  And thus, the word "hacker" has been diluted beyond all reasonable recognition of what it once meant.

So now, when someone uses the words hack or hacker, it doesn't even register as anything to me other than it lets me know which websites and ignorant users to avoid.


Well put.
 
2013-02-25 06:55:12 PM

SteakMan: /drtfa
But when I was seriously considering the FBI for employment around 2003, the starting pay was only $45K and you have to live where ever they send you.

I can understand them needing to re-locate you, but I really hope they are offering more to get the needed talent out of the private sector.


That wasn't bad starting income in 2003.  Well, it isn't so bad considering it is starting salary only and that your alternative is working perhaps 45 years in the private sector.  Consider that as a non-agent, professional staff, you can retire after 20 years if you are 60 or after 30 years after age 50.    So you start at age 25, "retire" at age 55 and start your own security consulting business while collecting your retirement check.  Also, consider that your FBI  IT job might be the one that doesn't get exported to places where there are people just as smart as you willing to work for 1/4 the salary.  The pension may only be 25% of your working salary (there's a formula you can find online), but nobody else gets a pension at all any more.  Not real people anyway.  I wouldn't at all say you personally made the wrong decision, but consider that you would have ten year in already had you went the FBI route.

Who I think really screws up is people (like my bro and others i've known) who enter the military and get out in 4 or 5 years.    If you'renot getting shot at, you only had 15 to go until you retire - WTF!  If you are getting shot at you might have even fewer years to go until you "retire". ..
 
2013-02-25 07:12:20 PM
K011K172^D11Y010010^D00 1X1<1!
 
2013-02-25 07:20:31 PM

KawaiiNot: K011K172^D11Y010010^D00 1X1


Whoa. Fark hates binary I guess?

You know what...I have a skillset perfect for cyber security and used to have a security clearance so probably could get it renewed...but I have a good job and I don't want to move to DC or wherever. Let me work from home Feds and then I'm all yours!
 
2013-02-25 07:21:23 PM
americans are too stoopid to be at the forefront of technology anymore.
only huge corporations with billions of dollars for research and development and highly educated foreign techs can come up with new ideas and products.
the average american sits in front of the boob toob swilling some 'lite' beer and buying ever larger clothes to cover his fat a$$...
and their rotten crotch fruit are doing drugs and spazing out over some new internet fad...
 
2013-02-25 07:22:56 PM

PainInTheASP: ProfessorOhki: itstehpope: torusXL: EvilEgg: There is no such thing as an "innocent" hacker.  Hacking is illegal, unless you are doing it for the government.  This is true about many aspects of warfare.

Can't tell if trolling or pathetic dolt.

I'd go with dolt myself.  Too many people claim to know all about hackers and whatnot but have no idea why I giggle when someone has a voice vlan of 2600...

I know a ton about hackers, man; I even watched that one documentary that had a young Angelina Jolie.

Pfft, go back to defacing your desktop wallpaper, n00b.  Everyone knows that the only true hacker movie is Swordfish.

/Now run home to mommy before I go in over the phone lines, pop the firewall, drop in the hydra and wait for your money to start rolling in.


I disagree.  The only true hacker movie asks the question "Shall.  We.  Play.  A.  Game?"
 
2013-02-25 07:26:04 PM
i like turtles
 
2013-02-25 07:34:43 PM

MrEricSir: [img705.imageshack.us image 193x263]

Go on, subby. Tell us more about this "decade" of the government mistreating hackers.

While you're at it, tell us what it's like being born in the 90's.


I just came here to question subby's "decade".   I was fiddling with things in the mid to late 80s that taught me a lot, but that could have gotten me sent to juvey or federal prison (depending on how late in that decade).  When I read about Mitnik and (especially) others getting the book thrown--- no, getting slammed over the head by The Book, I decided to adopt a (mostly) more traditional approach to my studies.

/still keep a recent release of Backtrack Linux handy
//only for the purposes of Good
 
2013-02-25 07:43:06 PM

KawaiiNot: Whoa. Fark hates binary I guess?


There are 10 kinds of websites in the world...
 
2013-02-25 08:06:09 PM
Wouldn't probing someones system and wandering around in it be akin to checking the all the doors in the neighborhood and walking upstairs to let the sleeping homeowner know it was unlocked?

Let me know how your neighbor and the police handle your concern about unlocked doors........
 
2013-02-25 08:06:16 PM
we appreciate that you've spent the better part of your life working to understand every new system possible, and unlock capabilities that were either overlooked, or intentionally hidden...want to move to VA, DC or MD and spend the rest of your life monitoring 1 system and sending emails to some geriatric type-d when something turns the color red?

all you have to do is pass a polygraph and let us contact anyone who's ever known you
 
2013-02-25 08:10:43 PM

asdfbeau: we appreciate that you've spent the better part of your life working to understand every new system possible, and unlock capabilities that were either overlooked, or intentionally hidden...want to move to VA, DC or MD and spend the rest of your life monitoring 1 system and sending emails to some geriatric type-d when something turns the color red?

all you have to do is pass a polygraph and let us contact anyone who's ever known you



NO! It is sexier than that....black ice and energies of the sixth world and dragons.....
 
2013-02-25 08:23:05 PM

Giltric: Wouldn't probing someones system and wandering around in it be akin to checking the all the doors in the neighborhood and walking upstairs to let the sleeping homeowner know it was unlocked?

Let me know how your neighbor and the police handle your concern about unlocked doors........


No, because you're able to ascertain the door is unlocked without actually going inside.
 
2013-02-25 08:52:26 PM
Black, white or gray? Sometimes, the hat color depends on who's paying for what.

Qualys makes some very legit tools that can make life very interesting depending on a number of things.
 
2013-02-25 08:52:49 PM
We're trying to hire people in this area right now (like i got out of an interview with someone 10 minutes ago kind of right now).

It is EXTREMELY hard to find people.
 
2013-02-25 09:08:01 PM

Magorn: Mitnick 's weak sauce defense of "well I only used SOCIAL engineering to steal passwords and entirch myself, not software." doesn't make him much of martyr, and when he started farking with the e-911 system, what was his "white hat" intent?


And if he did that stuff today he'd get a lot longer prison term, but what good would it do? As it is, these days he's got himself a nice business doing computer security. And anyone who thinks Mitnick was the worst of the worst, well he's just the one that got caught.
 
2013-02-25 09:43:48 PM
It's not surprising it's hard to find good cybersecurity, we protect everything on the interwebz so the average user doesn't have to think about it, and thus never gets an interest. I mean, hell, even Fark will filter your password if you type it in, like mine is ********
 
2013-02-25 09:52:10 PM
Maybe they should stop investigating the white hats they asked to help them too.  *Grumble grumble personal experience rabble rabble*
 
2013-02-25 10:20:44 PM
The guv'ment actually has a program where they're giving CS and CpE students (BS and MS) 1-2 year full scholarships if they concentrate on cyber security and work for a federal agency (or a federally funded lab) for at least the length of their scholarship afterward. It was originally called the Scholarship for Service, but then they changed it to the sounds-more-like-something-out-of-a-Hollywood-hacker-movie title CyberCorps. The program only has a few hundred graduates each year, but they're all going into federal cybersecurity jobs. I'm a bit surprised the article didn't mention this at all; they're putting millions of dollars into the program (I think the budget this year was something absurd like 20 or 40 million for a program that gives them about 300 graduates a year)(but I could be remembering that number wrong).

 

asdfbeau: we appreciate that you've spent the better part of your life working to understand every new system possible, and unlock capabilities that were either overlooked, or intentionally hidden...want to move to VA, DC or MD and spend the rest of your life monitoring 1 system and sending emails to some geriatric type-d when something turns the color red?

all you have to do is pass a polygraph and let us contact anyone who's ever known you


Yep... that pretty much sums it up.
 
2013-02-25 10:26:15 PM

WayToBlue: We're trying to hire people in this area right now (like i got out of an interview with someone 10 minutes ago kind of right now).

It is EXTREMELY hard to find people.


Several of us have sent you our resumes.  Doubt you'll find them, though.  Sorry 'bout that.
 
2013-02-25 10:41:46 PM

e-christ: asdfbeau: we appreciate that you've spent the better part of your life working to understand every new system possible, and unlock capabilities that were either overlooked, or intentionally hidden...want to move to VA, DC or MD and spend the rest of your life monitoring 1 system and sending emails to some geriatric type-d when something turns the color red?


Sounds like the perfect job!  You can even do it from home... FARK on the beach is calling your name.
 
2013-02-25 11:00:07 PM

HotIgneous Intruder: EvilEgg: Hacking is illegal, unless you are doing it for the government.

Do you have any idea how morally damning that sentence is, or are you actually that pathetically ironically unselfaware?


You can't be very self aware if they have you under mind control.
 
2013-02-25 11:04:42 PM

NostroZ: e-christ: asdfbeau: we appreciate that you've spent the better part of your life working to understand every new system possible, and unlock capabilities that were either overlooked, or intentionally hidden...want to move to VA, DC or MD and spend the rest of your life monitoring 1 system and sending emails to some geriatric type-d when something turns the color red?

Sounds like the perfect job!  You can even do it from home... FARK on the beach is calling your name.


Well, it's the government, so that's not an option.  It's more like a constant continuous battle to get something, anything done against the flow of paperwork and sloth, as you work in a highly regulated environment run by officious, nit-picking idiots.

/Seriously, if I took a 40% pay cut just to avoid corporate bureaucracy  imagine how much of one I'd take to avoid government.
//Being able to wear a hoodie and jeans to work is totally worth it.
 
2013-02-25 11:31:25 PM

Big_Fat_Liar: SteakMan: /drtfa
But when I was seriously considering the FBI for employment around 2003, the starting pay was only $45K and you have to live where ever they send you.

I can understand them needing to re-locate you, but I really hope they are offering more to get the needed talent out of the private sector.

That wasn't bad starting income in 2003.  Well, it isn't so bad considering it is starting salary only and that your alternative is working perhaps 45 years in the private sector.  Consider that as a non-agent, professional staff, you can retire after 20 years if you are 60 or after 30 years after age 50.    So you start at age 25, "retire" at age 55 and start your own security consulting business while collecting your retirement check.  Also, consider that your FBI  IT job might be the one that doesn't get exported to places where there are people just as smart as you willing to work for 1/4 the salary.  The pension may only be 25% of your working salary (there's a formula you can find online), but nobody else gets a pension at all any more.  Not real people anyway.  I wouldn't at all say you personally made the wrong decision, but consider that you would have ten year in already had you went the FBI route.


Absolutely. I might have pursued it if it was just me, but wife+kid+mortgage couldn't have handled the pay cut.
 
2013-02-25 11:52:37 PM

EvilEgg: There is no such thing as an "innocent" hacker.  Hacking is illegal, unless you are doing it for the government.  This is true about many aspects of warfare.


Your homeworld is a simple place, isn't it?

/Are you getting enough oxygen?
 
2013-02-26 03:08:16 AM

EvilEgg: There is no such thing as an "innocent" hacker.  Hacking is illegal, unless you are doing it for the government.  This is true about many aspects of warfare.


The word you're looking for is "cracking". This is short for "criminal hacking", and there is a reason why that is not a tautology.
 
2013-02-26 06:00:20 AM

itstehpope: torusXL: EvilEgg: There is no such thing as an "innocent" hacker.  Hacking is illegal, unless you are doing it for the government.  This is true about many aspects of warfare.

Can't tell if trolling or pathetic dolt.

I'd go with dolt myself.  Too many people claim to know all about hackers and whatnot but have no idea why I giggle when someone has a voice vlan of 2600...


2604, actually. :)

CSB: I used to know a guy (at TelCo) who worked the late shift on the longlines testboard. He could whistle perfect SF and would walk down the aisle doing so, dropping other techs' calls as he went, when hfe came on shift. Finally they installed audio bandstop filters and spoiled his fun. Good times.
 
2013-02-26 07:08:26 AM

Nonrepeating Rotating Binary: If only there were some Men dressed in black suits from the NSA who could say "Son, we can make all this unpleasantness go away if you just do a little work for us."

I'd do it, but I'd just look like some aging Blues Brother in that black suit.


they use Navy blue now and of course Friday is Hawaiian shirt day.
 
2013-02-26 08:01:23 AM

HotIgneous Intruder: This is because most intelligent creative people don't want to work in the imperial security apparatus and those who do can't pass a security clearance investigation and the rest are just half smart authoritarian followers.


Actually it's because most people simply can't do compsci. Their brains just aren't wired that way.
 
2013-02-26 08:02:05 AM

ZeroCorpse: Movies are ruining our kids.


Look how young Sherlock was!
 
2013-02-26 08:03:38 AM

RatOmeter: MrEricSir: [img705.imageshack.us image 193x263]

Go on, subby. Tell us more about this "decade" of the government mistreating hackers.

While you're at it, tell us what it's like being born in the 90's.

I just came here to question subby's "decade".   I was fiddling with things in the mid to late 80s that taught me a lot, but that could have gotten me sent to juvey or federal prison (depending on how late in that decade).  When I read about Mitnik and (especially) others getting the book thrown--- no, getting slammed over the head by The Book, I decided to adopt a (mostly) more traditional approach to my studies.

/still keep a recent release of Backtrack Linux handy
//only for the purposes of Good


Backtrack is very useful for ensuring your own company is PCI DSS compliant.
 
2013-02-26 09:15:12 AM

anfrind: CSB: when I was in high school (class of 2002), my school purchased a bunch of new computers running Windows 98 and a third-party security program called Fortres, to keep students from doing anything they shouldn't do.  It was a terrible security program, not so much because it was easy to disable, but because it made a lot of basic tasks (like accessing a floppy disk or a CD-ROM) nearly impossible.

As a result, when I made a boot floppy that could automatically "patch" any of those computers so that Fortres couldn't run (and thus the computer would work like a standard Windows 98 PC), a lot of teachers were actually quite happy to have it.  The school's IT guy wasn't so happy, but he didn't freak out over it.


I remember Fortres! All we had to do to disable it was login, and as soon as the login screen disappeared, you would unplug the LAN cable and wait for bootup, then plug it back in. Then you could do anything.
 
2013-02-26 12:55:48 PM

HindiDiscoMonster: Nonrepeating Rotating Binary: If only there were some Men dressed in black suits from the NSA who could say "Son, we can make all this unpleasantness go away if you just do a little work for us."

I'd do it, but I'd just look like some aging Blues Brother in that black suit.

they use Navy blue now and of course Friday is Hawaiian shirt day.


Did you get the memo?
 
2013-02-26 01:30:53 PM
RatOmeter
WayToBlue: We're trying to hire people in this area right now (like i got out of an interview with someone 10 minutes ago kind of right now).

It is EXTREMELY hard to find people.

Several of us have sent you our resumes. Doubt you'll find them, though. Sorry 'bout that.


I found them, they were lacking.

/didn't find them.
 
2013-02-26 02:24:25 PM

jonohull: anfrind: CSB: when I was in high school (class of 2002), my school purchased a bunch of new computers running Windows 98 and a third-party security program called Fortres, to keep students from doing anything they shouldn't do.  It was a terrible security program, not so much because it was easy to disable, but because it made a lot of basic tasks (like accessing a floppy disk or a CD-ROM) nearly impossible.

As a result, when I made a boot floppy that could automatically "patch" any of those computers so that Fortres couldn't run (and thus the computer would work like a standard Windows 98 PC), a lot of teachers were actually quite happy to have it.  The school's IT guy wasn't so happy, but he didn't freak out over it.

I remember Fortres! All we had to do to disable it was login, and as soon as the login screen disappeared, you would unplug the LAN cable and wait for bootup, then plug it back in. Then you could do anything.


My solution was even simpler.  I discovered that it was loading a DOS driver in CONFIG.SYS and a TSR application in AUTOEXEC.BAT, and if I deleted or commented out those lines, Fortres wouldn't load.  It wouldn't even display an error message.

The aforementioned boot floppy used the same DOS-like OS that Windows 98 used for rescue disks, and would simply copy the patched CONFIG.SYS and AUTOEXEC.BAT files over the existing files on the C: drive.  Kind of crude, but since all of the computers were set up identically, it worked every time.
 
2013-02-26 04:23:52 PM

meyerkev: NostroZ: e-christ: asdfbeau: we appreciate that you've spent the better part of your life working to understand every new system possible, and unlock capabilities that were either overlooked, or intentionally hidden...want to move to VA, DC or MD and spend the rest of your life monitoring 1 system and sending emails to some geriatric type-d when something turns the color red?

Sounds like the perfect job!  You can even do it from home... FARK on the beach is calling your name.

Well, it's the government, so that's not an option.  It's more like a constant continuous battle to get something, anything done against the flow of paperwork and sloth, as you work in a highly regulated environment run by officious, nit-picking idiots.

/Seriously, if I took a 40% pay cut just to avoid corporate bureaucracy  imagine how much of one I'd take to avoid government.
//Being able to wear a hoodie and jeans to work is totally worth it.


The fed gov has one of the most robust telecommuting policies in the world.  Allowing workers to work from home where practicable is now mandatory and agencies are measured on thier progress towards to goal of having at least 1/3 of thier work force work remotely, hell GSA is now building new offices on the "hotelling model" with no asigned desks and significantly fewer desks than permanent employees to force the issue.
 
Displayed 50 of 103 comments

First | « | 1 | 2 | 3 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report