Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Wednesday June 24 2015, @07:08PM   Printer-friendly
from the insecurity dept.

The seven young men sitting before some of Capitol Hill's most powerful lawmakers weren't graduate students or junior analysts from some think tank. No, Space Rogue, Kingpin, Mudge and the others were hackers who had come from the mysterious environs of cyberspace to deliver a terrifying warning to the world.

Your computers, they told the panel of senators [YouTube] in May 1998, are not safe — not the software, not the hardware, not the networks that link them together. The companies that build these things don't care, the hackers continued, and they have no reason to care because failure costs them nothing. And the federal government has neither the skill nor the will to do anything about it.

"If you're looking for computer security, then the Internet is not the place to be," said Mudge, then 27 and looking like a biblical prophet with long brown hair flowing past his shoulders. The Internet itself, he added, could be taken down "by any of the seven individuals seated before you" with 30 minutes of well-choreographed keystrokes.

The senators — a bipartisan group including John Glenn, Joseph I. Lieberman and Fred D. Thompson — nodded gravely, making clear that they understood the gravity of the situation. "We're going to have to do something about it," Thompson said.

What happened instead was a tragedy of missed opportunity, and 17 years later the world is still paying the price in rampant insecurity.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by VortexCortex on Wednesday June 24 2015, @10:13PM

    by VortexCortex (4067) on Wednesday June 24 2015, @10:13PM (#200636)

    Oh, fuck it, I wasn't going to put this one out there, but then TFA popped up and made it relevant.
    Let's demonstrate TFA via a script injection exploit I discovered in less than 30 minutes while playing with the "malicious URL detector" here. [soylentnews.org]

    Copy and paste this into your post, then "Preview". I don't condone hitting "Submit".

    <a href="https://%73%73/%22%3E%3Cscript%3Ealert%28%22xss%20vulnerability%22%29%3C%2Fscript%3E%3Ca%20h=%22">Cross site scripting is enabled.</a>

    I have a whole encrypted folder full of zero day exploits for every known OS and Internet infrastructure that the feds have been trying to get via blackmailing me, spreading rumors amongst my friends and family, attacking me with Stingrays, Jammers, and Non Lethal Energy Weapons (that still fuck things up). I refuse to retaliate, because that's exactly what they want me to do. My servers are under constant attack from state level hackers, so I just let them run amok on certain machines and rest assured they can't find or access the secure machines upon which I run my own custom OS (a full OS+language, not just a damn kernel [like Linus made], is not really hard to make. People do it all the time [osdev.org]).

    Any hacker worth their salt can bring down the whole Internet in less than 30 minutes if they wanted to. This is a testament to the ethics of hackers, not the security of the web. Any hacker who plays around with things like OS syscalls, the DNS system, this website's parsing code, or any other system will soon discover ways to make the system attack itself. The systems are more complex than ever thus there are more vulnerabilities than ever. What good is DNSSEC if all the machines it runs via are so easily hacked?

    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Funny=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by VortexCortex on Thursday June 25 2015, @06:41AM

    by VortexCortex (4067) on Thursday June 25 2015, @06:41AM (#200824)
    • (Score: 2) by VortexCortex on Thursday June 25 2015, @06:58AM

      by VortexCortex (4067) on Thursday June 25 2015, @06:58AM (#200827)

      Whoops, I submitted that to the wrong tab instead of my testing server. Don't worry, there's no .js file to pull in at that URL, and your browser won't pull it in anyway as it's a HTTP not a HTTPS asset. This page is HTTPS which doesn't allow for mixed security active content. My test server is HTTP though, and it can see a different intranet server via that domain, so the same comment submitted to it allows me to play a tetris clone which appears at the top of the page when the script is loaded.

      If you view the appropriate source, however, you'll see a valid <script> tag is present.

  • (Score: 2) by The Mighty Buzzard on Thursday June 25 2015, @03:15PM

    Fix, non-retroactive, incoming.

    --
    My rights don't end where your fear begins.