| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 33.1 | | XENON::MUNYAN | | Sat Jul 21 1984 00:05 | 19 |
|
I agree... when I was in college I caused many a system crash without
really trying... one time I crashed the system by entering and executing
an example that was actually in the back of one of DEC's manuals... I
tried to explain that to the system manager but he didn't beleive me...
I can also talk from the other side of the fence... When I worked for an
OEM I managed a large number of systems and had to listen to hackers (like
me) explain why their process came up in the security logs when they didn't
do anything except try to learn how the system works... (My name still does
show up in the XENON log occasionally - there's a lot to learn about VMS
and occassionally the only way to figure out how something works is to try
it even if your not sure what will happen)
Hopefully all you people are at least polite enough to do your big hacks
after hours when no large batch jobs are running.
Steve: TSTB -(PC)
.End Start
|
| 33.2 | | PSYCHE::MCVAY | | Sat Jul 21 1984 13:54 | 26 |
| The problem, as I see it, is not legitimate attempts at exploration,
but genuine illegal acts. I attempt to crack system security one some
machine at least once a month, but this is an effort to find a hole,
bug, or problem. On occasion I have had my wrist slapped, but in
general everyone concerned appreciates the difference between a test
and an attack.
If you are in my age bracket (ancient, as programmers go), you
remember when programmers/coders were a small and resourceful
community, with incredibly high ethical standards. Everyone knew
almost everyone else, and programmers in general were not interested
in (a) money, (b) prestige, (c) food, or (d) sleep--probably in that
order. Security was a non-issue, because programmers were, by
definition, incorruptible.
The situation has changed, obviously. With literally millions of
computer-literate people, the makeup of the programming population
begins to resemble the general population more closely: meaning that
there is a certain percentage of inethical, or criminal, users. This
group not only tends to give "hackers" a bad name, but also generates
a lot of publicity.
Quote from the leader of a security seminar (can't remember his name):
"Five percent of the population will steal no matter what the
obstacles are; five percent will not steal no matter what the
opportunities are; and the rest of us are opportunists."
|
| 33.3 | | VIKING::WATERS | | Sat Jul 21 1984 22:27 | 12 |
|
t�There are Hackers, and then there are Hackers...
I admit to hacking at systems on occasion, but I think the
biggest difference between 'Hackers' and 'Hackers' is that
one group is malicious in nature. They hack for the sake of
destruction. Those others (including myself) hack for the sake
of learning./� �.. As Steve Munyan suggested, some such hacking should be
reserved for the wee hours of the morning (no problem for
a bona-fide hacker!?!).
Much of�������� - Lester
`�
|
| 33.4 | | ANNECY::DEIGHTON | | Fri Aug 03 1984 13:14 | 21 |
| Unless I'm mistaken a definition of 'hacker' appears in a book called
'Computer Power and Human Reason' (by J. Weisenbaum??), a rather old publication
in this day an age. The gist of the definition is the programmer whose spent
the last 36 hours non-stop trying to debug a program and at 4 a.m. (say
4 hours before the delivery deadline) in desperation HACKS large chunks of
the miscreant program out, re-writes them, shoves them back in and hopes
that he's cured the remaining bug......leading to a well known support
problem. The guys who suck it and see may be tolerated in a development
enivironment (try explaining to 30 development engineers why yesterdays
work needs replacing!!!) but in a commercial environment they can only
be considered a menace ( explain to 10,000 workers why their pay cheques
hit the bank after their mortgage company wanted paying).
As far as those who enjoy/attempt to penetrate systems as total or partial
outsiders......I suspect that apart from the 5% who do it for gain ....most
people do it for the cudos, often using the "I was testing your security
and here are the faults I've found" approach to ensure everyone knows
they did it. The aforementioned book has some interesting psychological
insights into the "computer programmer".
N. Deighton
|
| 33.5 | | VAXUUM::DYER | | Fri Aug 03 1984 15:22 | 3 |
| Unfortunately, Weizenbaum has been taken as intellectual justifi-
cation for the oppression of programmers who don't do it top-down.
<_Jym_>
|
| 33.6 | | LATOUR::AMARTIN | | Mon Aug 13 1984 10:03 | 14 |
| Re .4:
I know plenty of people who have penetrated systems at one time or another.
I don't recall any of them making any money off of it, but I also don't
recall any of them going to talk to the system administration about how they
broke in either. By far the majority of break in's I know about have merely
been a pain in the ass, and only stopped after the hole was plugged, or the
perpetrators were caught. Usually the former.
These were always in environments where the rule was not "do it once, then
tell us how", it was "don't do it at all". Makes you wonder what passing
laws will do. I wonder if the majority of the laws talk about how to collect
for lost time and effort, or if they are just bent on punishment?
/AHM
|
| 33.7 | Off the subject, but while I'm thinking of it.. | MDVAX3::COAR | And your little dog, 2! | Wed Oct 07 1987 17:15 | 21 |
| Inappropriate response location warning!
Shortly after I became a `white hat' (that is, joined the
Establishment), we had a professor's son who was a would-be hacker.
He roamed the (VMS 2.n) system looking for interesting things.
The first we really noticed of him was when he tried running
SYS$SYSTEM:JOBCTL to see what it did - the console went wild, feeping
about how JOB_CONTROL, username <kid>, didn't have sufficient
privileges.
He eventually got really annoying, so we wired up a program that
deleted all logical names (including SYS$INPUT, SYS$COMMAND, and
SYS$OUTPUT), symbols, and $DASSGNed all his channels. We named
it GOD.EXE, put it in one of my directories ([SYSPROG.GOODIES],
I think), and hid the sources. His dad caught on when their terminal
at home was irrevocably hung, and the kid assumed a lower profile
thereafter, even to the point of asking us for help and teaching.
I think we caught him at just the right time, career-wise.
#ken "The Merciful (heh-heh!)" Coar :-)}
|
| 33.8 | I'll bare my soul, also | CSC32::HAGERTY | Dave Hagerty, TSC, Colorado Springs | Sat Oct 10 1987 00:12 | 17 |
| If Ken can do it, so can I... :-).
One of my favorite hacks was under v3 of VMS, before terminals were
shareable devices. I wrote a piece of privileged code that went
into the UCB for a device and set the shareable bit. When I then
tried to allocate the terminal, several things went ballistic:
1) the other process
2) my process
3) the system manager.
Oddly enough, the other process worked fine for a while (if I did
not allocate his terminal), then would go into a black hole. No
input, no output.
Dave()
|