Main Area and Open Discussion > Living Room

Everything Is Broken

(1/6) > >>

app103:
Once upon a time, a friend of mine accidentally took over thousands of computers. He had found a vulnerability in a piece of software and started playing with it. In the process, he figured out how to get total administration access over a network. He put it in a script, and ran it to see what would happen, then went to bed for about four hours. Next morning on the way to work he checked on it, and discovered he was now lord and master of about 50,000 computers. After nearly vomiting in fear he killed the whole thing and deleted all the files associated with it. In the end he said he threw the hard drive into a bonfire. I can’t tell you who he is because he doesn’t want to go to Federal prison, which is what could have happened if he’d told anyone that could do anything about the bug he’d found. Did that bug get fixed? Probably eventually, but not by my friend. This story isn’t extraordinary at all. Spend much time in the hacker and security scene, you’ll hear stories like this and worse.

It’s hard to explain to regular people how much technology barely works, how much the infrastructure of our lives is held together by the IT equivalent of baling wire.

Computers, and computing, are broken.

--- End quote ---


https://medium.com/message/81e5f33a24e1





from Versioning

Edvard:
Reminds me of a story I heard once where a girl working on some database stuff for a rather large company came across a vulnerability.  She dutifully reported it to her superiors, and after the money people figured out how much it would cost them to fix it, the management said (in a nutshell) "We're not going to fix it, and the bug is obscure enough that if our stuff gets hacked we know who to come looking for".

Also, this:
The IC [Intelligence Community] are some of the most surveilled humans in history. They know everything they do is gone over with a fine-toothed comb — by their peers, their bosses, their lawyers, other agencies, the president, and sometimes Congress. They live watched, and they don’t complain about it.

In all the calls for increased oversight, the basics of human nature gets neglected. You’re not going to teach the spooks this is wrong by doing it to them more.
--- End quote ---

Touché.  :(

Stoic Joker:
Also, this:
The IC [Intelligence Community] are some of the most surveilled humans in history. They know everything they do is gone over with a fine-toothed comb — by their peers, their bosses, their lawyers, other agencies, the president, and sometimes Congress. They live watched, and they don’t complain about it.

In all the calls for increased oversight, the basics of human nature gets neglected. You’re not going to teach the spooks this is wrong by doing it to them more.
--- End quote ---

Touché.  :(
-Edvard (May 22, 2014, 10:16 PM)
--- End quote ---

Perhaps, but if the clowns in congress start getting fried by restaurant heat lamp level spotlights for some of their "perfectly innocent", "private" conversations ... The funding for the spook programs should start drying up rather quickly.

Internal oversight for the IC is less about toeing the line and more about pushing the envelop to see who find or create the stretchiest loophole without getting hung by it. It's nothing more than an orgy level CYA gangbang. Whose the pivot for this free-for-all..? We are!

We really just need a don't be that guy poster child to rally a grass roots movement behind to push these vermin out of their holes and into the sunlight where they can bloody well fry to death for all I care.

wraith808:
We really just need a don't be that guy poster child to rally a grass roots movement behind to push these vermin out of their holes and into the sunlight where they can bloody well fry to death for all I care.
-Stoic Joker (May 22, 2014, 11:21 PM)
--- End quote ---

We've had them, to one extent or another.  They've gotten fried.  And people have just gotten more careful.

Everything is Broken?  Well yes... including the people.

40hz:
Dunno...That particular tale sounds just a little too neat and "made to order" to my ears.

There are a lot of these "I once knew a guy, who knew a guy, who knew a guy who hacked {insert details}" tales out there. And people in the IT and IT security communities are just as capable of spinning a "good story" as the next person. Especially if it'll get them a raise or an interview segment on PBS's Tell Me More.

But I suppose (ok I know) it's possible, so I'll give Quinn the benefit of the doubt about her article while I wonder how somebody could possibly compromise over 50,000 remote PCs so easily, and in such a short period of time, without creating so much as a ripple in the IT pond.

That guy must have been good. As in very good.  8)

Navigation

[0] Message Index

[#] Next page