Wrong! Hackers are good guys for the most part, the site was compromised or in more common terms, cracked, _not_ hacked.
I know a fair few hackers.. infact, IIRC, I found LFS from someone's .sig in the alt.hacker usenet group that I used to frequent. There's some infinitely smart people there, _real_ hackers... would they break into a site for fun? give you a serial for app x? not likely... would they help you find / fix a security hole if they could, most definitely!
Please learn the correct terms before slinging mud at the wrong people... Scawen's a hacker, I'm a hacker.. as are most who post in the Programming forum here.. do any of us feel the need to compromise someone's site? very unlikely... I'm very much the opposite and will try and help someone defend their servers if I can with any info that might be of use.. so have a think and forget what the media tell you
Not to argue your bigger point, other than you seem to be saying a real hacker would not hack 'for fun', which makes this person what, exactly ?
Note the quotes below - he agrees another approach could have been taken, however, it would have taken the FUN out of it.
I guess the whole "i only did it to prove a point, help the devs, etc etc' angle would appear a lot more reasonable IF the 'announcement post' had stated "Hi, just proving a point, I wanted to show this, now I have, that's all"
But it didn't, the whole notion of noble motivation did not come up until someone else said something about, at which time this person said 'yea, I'm just doing that" (paraphrased).
Quote from earlier in this thread by Phlos:
1. To show Victor (and devs) that he (they) should hire someone to fix security holes before a bad hacker ruin his (their) work by deleting everything or whatever.
2. For fun.
Quote:
Originally Posted by The Widget
Widget: Phlos - wouldn't an email have done?
Phlos: Not for the 2nd point, the fun part
Or if it is as ian states, and he simply copied/pasted some command/code he got from some forum/website..
Either way, be glad it Was phlos. It could've been a REAL malicious "hacker" and he COULD have removed everything. Phlos didnt, he just banned the mods, which i personally found rather funny, but anyway, it could've been worse had it been someone with real malicious intent.
edit - I could've sworn i posted a "Lawl " in this thread earlier, guess someone removed it..
I know people just don't want to hear about Phlos anymore, and I know he's not welcomed here for good reasons, however, from what I know (which is what he said himself), he didn't hack the forums for no reason, but to help point out that there are some holes somewhere. Well, since i'm pretty much clueless about all that, a few questions arise to me:
1. Was he talking about holes in this forum only or in LFS itself (in which we can suppose there are holes since he did crack it after all).
2. I know that this can seem pretty much stupid, but Phlos seems to know a bunch about computers, he did some stuff that most people are incapable of. Because of this, and because he claims that he wants to "help" the community and LFS, shouldn't we sometimes actually listen to him? As Vykos was saying to him in that chat he pasted on the other topic, Phlos must have found quite alot cracking and hacking it himself, so just fixing these holes (if they have not been fixed already) would be a good start (?).
Also (and I know there's a contradiction here), the hacking concept is somehow useful :/ It proves that there are holes in something, so isn't it better to work with people that can achieve it than ban them everywhere and not listen to them? And it's like that because hackers usually follow a pattern:
1. They will hack what is hard to hack (in a way that it's not called vadalism anymore)
2. They will hack what nobody has hacked before
3. They will hack what is said unhackable
Point one and two basically say that you're best to work with them and point three says that you should work with the best...
Anyway, i'm not totally sure I make sense... What you guys think? Imo, there's certainly something to learn or do here...
edit: oh and please don't turn this in a "he's stupid" post, it's more of a constructive threads about what should be done about hacking.
In this case, a script kiddie.. only script kiddies compromise web sites like that and do it for one reason and one reason only, to get attention they so desperately crave normally because they're lonely or an outcast in the real world.
Hackers may well test security of their own servers (or clients if in the business).. but this is to provide fixes (not an excuse for doing it as Phlos gave), not to compromise the general public.. same as I run viruses etc within a vmware install to see the effects, not because I want to spread them around the world, but because I want to know how to implement preventative measures or simply gain more information about a particular behaviour.
Hackers code, deal with security, fix things in short amounts of time.. and can be applied outside of the IT industry too.
My use of the phrase 'for fun' was just a phrase.. fun, serious, whatever.. it's just not something hackers do.
Hackers are the sort of people you now contact to discuss how they got in and how to prevent it happening again... not how you can achieve it too.. ala Security Consultants.
Hackers are coders, often people who can write fixes etc very quickly for a specific / immediate problem or appear to be able to achieve the relatively impossible.
Hackers are people who can shoehorn 2 VR6 engines into a single Mk1 VW Golf to create their own idea of 4WD (yes, it's nuts but have seen it done).
Hacking is the quest for deeper knowledge than the general (l)user will ever want to know. Not satisfied with something just working but having to know _exactly_ how and why it works too.
On the flipside, blackhat hackers are the likes of virus coders, people who find exploits and write PoC code to prove them.. not who actually take this info and break into the next 10 sites they find that are vulnerable.
Crackers are people who generally break things.. be it web sites, software or bank safes.
Script kiddies are wanabees who can only cut / paste from hacker's code and have absolutely no idea what it all does or means, but just think it's "k00l" to deface things and the likes.
Phlos may well be a hacker due to his coding antics.. his compromising of this site however, was nothing more than an act of a retarded script kiddie.
I have nothing to say about Phlos or his actions, but let me state two things.
1) No software is unhackable. Some programs are pretty hard to hack/crack, others are stupidly easy, but none of them are 100% secure, period.
2) If there is any software that is relatively easy to hack, even by persons who don't know anything about hacking, then it's forums software. Just find an exploit site, find a forum which has a lower version number than listed (or any forum of the target type if it's a new hack) and follow the often supplied step by step guide.
Yeah, took some time off from LFS.. all became a bit stale for me in the end and I wanted to see what the modding game was all about.. but after being crapped on from a great height by ISI for 18 months, you start to realise that what you had previously maybe isn't as bad as you thought.. so I'm back into my XRT and appreciating the further development of LFS now that I've had a break
I read these forums from time to time even during my time away to see how things were going but as always, if I have something to say, I normally say it, heh.. so here I am again, all loud and vocal as ever
Regards,
Ian
-
(felplacerad)
DELETED
by Bob Smith : no longer relevant - threads merged
If you were to prove to someone that the locks of his doors are unsafe, would you open them without consent just to prove your point?
I wouldn't, at least here in Italy, because I know what I risk. That's why, where I work, I require an explicit written consent before doing intrusive security checks on a customer's system. I just don't want to be jailed.
I guess intrusions in computer systems are illegal in the UK and in France, just like it is here, so there's no discussing about ethical hacking or defending from script kiddies (like in this case). Whoever it was, it wasn't a smart move.
Boosterfire - the thread title may not be a greatly informative about the nature of the discussion inside but this existing thread is fine for this discussion, we don't need another.
I'm glad to see the situation is under control, obviously Phlos could have done more damage if he really wanted but like everyone has said he was just trying to prove a point. Even if he meant well, it was the wrong way to go about it and he could of got himself into some serious trouble.
I have a feeling that if he didn't keep doing this stuff then the Devs may well have welcomed his help, but you don't want to let someone who clearly can't be trusted have access to important information.
Yea that was because the first citydriving server was set up by him, and a couple of guys( including me) got access to it, and we keep the same admin pw on all servers so he can go in the cfg file and just read it.
All fixed now though
Any chance this year you'll actually grow up and quit with this pointlessness? :rolleyes:
Where's that friggin ignore feature.. something I've only ever looked for previously in a usenet killfile.. never on a forum, but damn, you're an idiot not worthy of seeing!
yup, not quite as good as an old fashioned killfile, but will do.. seeing the pretentious nickname is tolerable, seeing the (lack of) content of its posts isn't, so this will suffice