Reputation

[azurelunatic]

When I mouthed off about yet another customer misconception the other day -- an understandable misconception, but technically naive -- my entire department and I would like to know how in Sam Hill an SSL Certificate can protect you from a DDoS attack -- the Cranky Old Geek got a kind of light in his eye and asked me if I was a hacker.

I stopped talking, puzzled.

"Oh, come on, you're totally a hacker," the Cranky Old Geek said enthusiastically. "You can tell us. What have you hacked?"

I was torn between feeling flattered and lecturing on the differences between hacking and cracking. I settled for relating the tale of how I figured out how to duplicate a stealth bastard freaky in the domain registration cleaning process. That settled things, and the day continued.


Hacker. Hacker?!

Comments

[azurelunatic]

I don't really think I'm quite either one. A hacker makes things; a cracker breaks them, but I only break in a testing context.

[torrilin.livejournal.com]

You're a *beta tester*. (um duh?)

[azurelunatic]

I also break things that are out of beta and someone else has already gotten the error but doesn't know how.

[torrilin.livejournal.com]

I use beta tester in the "finder of bugs" sense. Lots of released software gets released with known bad bugs... In an in-house test enviroment, it can be really hard to track and replicate stuff. Out in the wild, it can get much easier.

[onyxrising.livejournal.com]

That reminds me. Have you met Kandace? She's a coworker, also on LJ.
Yesterday she had a lady who reported that her creepy psycho ex-husband had been reading emails she sent to third parties to her, word for word. Kandace got into her computer and found substantially more than just a keystroke logger.
Tech support calls seem to come in waves. Everyone I know is getting an abnormal number of calls with security related questions right now.

[azurelunatic]

I don't think I've had the pleasure, no. Ick, keyloggers etc. are bad news.

[azurelunatic]

Last night LJ support was throwing an IRC party because someone managed to duplicate a persistent and pesky problem involving divs in the rich text editor.

[wibbble]

I'm not sure I'd agree with those definitions. I think a hacker is just someone who plays with something and solves puzzles. That might involve making things, or figuring out how to take them apart.

A 'cracker' is either just a hacker breaking the accepted moral guidelines or a non-hacker using automated tools for malicious ends.

The difference between 'hacker' and 'cracker' can just be intent, IMO. Of course, the law has a different opinion.

Then there's the idea of the hackish mindset applied to other fields - there's definitely psychology and linguistics hackers out there, and if people like Derren Brown used their powers for evil, you could consider them psychological 'crackers', in a way.

Of course, any pwn'd box you come across is 99% likely to be a script kiddie working for organised crime these days. Spent half my day today repairing and locking down a Windows VM which had been pwn'd due to a combination of client and colleague stupidity. That was an annoying one.

[onyxrising.livejournal.com]

It was the first time we can recall a customer calling in thinking that someone was stalking them through their computer wherein the customer has been right!
Ask us sometime about Machine Gun Mary, btw. We are very glad to no longer have customers able to call our extensions and reach a specific agent.

[azurelunatic]

*nod*

A hacker will only break security on their own boxen, or boxen they've been invited to mess with.

[wibbble]

Not necessarily. Tip-toeing through someone else's box is a good way to learn about security. If you look but don't touch, is that ethically unsound?

Of course, what's the difference between that and, say, Gary McKinnon who is being extradited to the US after he broke into some trivially secured NASA and DoD systems looking for evidence of aliens? I'm not sure what he did was ethically unsound, although it was certainly illegal.

[azurelunatic]

The moral guidance that I got in my Nasal Stage suggests that if it's a system where the owner does not know that you are planning to look at it, and would tell you no if you asked, then you ethically should not be examining it.

[wibbble]

That's probably more conservative than I would be.

If you apply that to the real world, it would prevent 'urban exploration' of derelict and abandoned buildings, which is another thing that's illegal but which I don't see as immoral.

As long as you're not doing actual damage to the system (which includes by accident, so a certain degree of competence is required), or violating anyone's privacy, I don't necessarily see it as immoral to go where you're not supposed to.

In both the virtual and physical senses it's something of a moot point for me: I'm not equipped to be clambering about derelict buildings, and I'm not equipped to be poking around interesting systems.