Tag Archives: hacking

For Some Reason I Didn’t Publish This When I Wrote It

Found this post in my unpublished list just now:

I just read a story at PC World that revealed the obvious fact that the breaches by LulzSec and Anonymous were avoidable.  The groups used SQL Injection, XSS, social engineering, and took advantage of the misstep by their victims of not encrypting their data at rest.  All of these security practices were and have been avoidable – it’s up to the data maintainer to know about these vulnerabilities before and to keep up with the latest security threats.

Anonymous also used a really old, published exploit (for which a patch was available but never applied) in a Linux system at HB Gary during their playtime with that company and its schmuck CEO.

Security should always be a paramount issue at any organization that handles data for any type of computer users.  Sony failed to keep its users’ data secure, as did the other companies LulzSec and Anonymous has hammered in the past months.  And while releasing all the usernames, e-mails, and passswords was probably not a good idea and caused a lot of grief for millions of people, the companies themselves should be held responsible.  After all, if they had done what is right they wouldn’t be going through this misery right now.

 

Sownage

I don’t usually like Dvorak’s opinion (as I’ve written before), but I just read an article about the latest Sony spillage (pwnage, or what have you) and he actually has a point.  With the whole PSN data breach in the news and the fact that they’re just now turning on services for PSN users again after some 40+ days, it’s amazing to hear yet another story of more insecurity and data leakage from the same company.

Dvorak’s point is that no one cares.  No one has shown up to rise against Sony, no pro-Sony people are coming to its defense.  Even Sony hasn’t acknowledged anything.  Sony has always alienated its customers, in my opinion.  For me it started with the proprietary flash memory in my first digital camera in 2000.  I didn’t have any other Sony product that used that kind of memory, and I had to get a special reader for it as well.

The software that came with our digital video camera in 2005 caused me to send off for a replacement optical drive in my laptop – and I never got the software working.  I ended up with a brand new CD drive and a fresh Windows install to repair all that software had touched.  A set of headphones is the only thing from Sony we’ve bought in the last six years.  They simply don’t provide enough use value for me to go out of my way to get their products.

The lack of securing data is a grave issue for me.  For me, it’s a professional expertise matter.  Even I, the guy who doesn’t have enough experience to be in-demand for simple SysAdmin jobs, knew better than that.  Even I could have designed a database and web front-end to guard from SQL injection.  And I know to encrypt passwords.  Apparently Sony didn’t, with all its experience and professional administrators and developers.  Maybe I did go to the right school after all.

Anyway, Dvorak has a point – I’m curious about the future of Sony and the state of its global reputation.  If I am struck enough by what I read about Sony’s state in the coming months, I’ll revisit the topic.

On Caller ID

I got a call today from a number in the 789 area code. I ignored it because unknown numbers are usually cold calls or recordings, and I wasn’t interested in learning anything new. But I was curious.

So I looked up the 789 area code to see where the caller might be dialing from – that’s usually interesting and I can sometimes guess what comany it might have been. Not this time. See – the 789 area code isn’t used. Anyone with some skillz and access to a PRI can change what is shown on the caller ID display. My question now is why they were calling me and what the scam was. There is no way I can tell who it was or call them back. The only thing I’ll do now is post the number:

789-999-6966

Changed My Mind About iPod Touch

I saw an ad on Gmail from Amazon, pushing the iPod Touch at a discount. 9% off the 32GB, bringing it down to $460 or so. I wanted to look at it again, so I went to the Apple store and watched the videos. Some of the features are great, but they’re just not worth $460. For instance, any PDA these days can play music and videos, and most of them in that price range are equipped with Bluetooth. The iPhone with a contract has Internet access everywhere. Not so with the iPod.

No Bluetooth, WiFi only, no GPS (seriously, how hard would that be?), no replaceable battery, and it’s $500. It just doesn’t make sense. I’m going to wait for a multi-touch enabled Open Handset sporting Android. From the emulator that comes with the SDK, I expect to have everything that could possibly be crammed into a handheld device at my disposal. Bluetooth, WiFi, 3G, GPS, accelerometer, multi-touch, and possibly a keyboard. All on an open platform for which the API is very open. Sure, I won’t have 32GB of storage, but I will be able to use any wireless carrier, use Bluetooth headphones, and write an application that does whatever I want it to, without anyone stopping me.

The Glider

I guess I’m not as big a geek as I thought. I’ve never heard of the game of Life they speak of, but now I will explore it. Well, later. Right now I want to talk about a great article I read last night on How to Become a Hacker. I never thought I’d come across something like that, for real hacking is just that – hacking. Whatever art or science it is, if you’re really good at it and are able to build things and solve problems, you are a hacker. A passion for such things is usually apparent in the person, too.

On to my subject, and a link. The first result from Google for ‘amortization schedule’ for years has always returned this one at FSU. I took a look at the fellow who wrote it and found thishacker emblem symbol on his page. It turned out to be a link and in that link were the words “hacker emblem.” I had to look.

Apparently there is a following of people who use this emblem to mark themselves in this way, but according to the emblem guide it doesn’t mark them as hackers; it only shows that they support the hacker culture. Fine with me. I’d rather not boast that I am a hacker, because if I’m the only one calling Ben Rehberg a hacker I obviously haven’t proven to anyone else that I have the skills.

That said, I do support passionate homemade engineering, as I like to call it, so I will display the emblem on this site too. Come to think of it, I could put it on all the sites I own.

Executive Decision

After toying with C# today, I’ve decided that it is way to process-intensive to write the application on a runtime environment like .NET or Java. What I need is a simple language that can download a page, rip through text like a bandit, write the necessary fields to the database, and move on. I can organize the data when the search engine extracts that data.

I can’t commit to anything yet, but my spidey-sense is telling me that the crawler will be written in Perl with LWP. I suppose I could look at Ruby, too, but I already have my Camel book and have worked with LWP before. I haven’t tied Perl to a RDBMS, but I have done it with PHP and it must be similar. Perl can also do some limited recursion from what I understand, and if it can’t I may can use a database back-end to save the stacks of URLs.

I was ready to buy books at O’Reilly today (I chickened out of spending the money) and found a book on writing spiders. From the preview I surmised my crawler/spider must be registered. That means I have to go mainstream, doesn’t it?

And now after some more reading, I have discovered that this crawler can be used to build an index for special purposes. I can build my own search engine for this site, for example, and get much better results than I can searching the Google index for benrehberg.com. I have searched for things I know I wrote about, but never found them with Google. Building my own search engine and maintaining my own index of the site can prove useful if I keep writing about programming.

Update: I have created a new label “Web Crawler” for all posts related to this project.

How to Write a Search Engine

It seems a bit strange using the world’s best search engine to find out how to build your own. Google is my first resource in this project, though Google itself provides nothing but the idea. There is a paper at Stanford by Larry and Sergey, and that basically is the starting point. That is Google’s only contribution so far aside from the many searches I will perform.

There are three main parts to the search engine: the crawler, which tirelessly captures data from the web, the database to hold everything, and the actual search engine – the queries that put the data together in a meaningful format for you.

I could write a search engine that actually crawls the web looking for my search criteria, but that is very VERY inefficient. Google (and many others) have solved this inefficiency by effectively downloading the Web (that’s right – as much of it as they can) to their computers so it can search it much faster and have it available in one place. They’ve done a whole lot more to increase efficiency and effectiveness of searches, but downloading the web was the first thing they did. It turns out they needed a lot of computers.

I’m going to start with two. I have three desktops that no one wants to buy, and I am really tired of looking at them. I will probably need more if I get this index working soon, but there will be software considerations to make too. You can’t fit the web on one computer, no matter how big. I will learn a lot.

I have always had an interest in distributed systems and cluster computing, so this will be fun. I have a lot to learn about distributed databases and algorithm analysis. But all that is later – I haven’t even really finished thinking out the preliminaries yet. So one development/crawling machine, and one database machine. After I figure out how to crawl the web, I will begin work on performing searches. If this project holds my interest long enough, I might publish statistics at 49times.com, so keep looking. I will be posting here if I come up with anything worth publishing. I’m going to try to journal my progress and decisions without publishing code, but I realize that I very well could lose interest in this. If I get started, I will likely enjoy it and keep going, but no one can say. If you have some confidence that I will continue, you can subscribe to this blog and get the updates. Beware, though, that you’ll get everything else I write too.

Netflix Errors

You’d never guess what I found today in my DVD player, so I’ll tell you: Night at the Museum. This comes as a surprise only because I sent an envelope back to Netflix last week that should have had this disc in it. I suppose if I haven’t heard anything from them in three weeks, they can just keep whatever movie I sent them and we’ll call it even.

I am posting this here because someone might Google that question and will perhaps find an answer here. I wonder what will happen with the DVD, but this experiment was not intentional. Here are some questions folks may type into the search engine:

  • “What happens if I send the wrong movie back to Netflix?”
  • “Will I get in trouble if I keep a movie from Netflix and return something else?”
  • “What if I got a movie from Netflix, kept the original, and sent a copy back to them*?”
  • “Will the FBI knock on my door if that happened?”
  • “Should I hide my stash?”

Seriously, though, I’ll try to report what happens if anything does happen.


* I doubt I did that.

More Java Fun

The TV-as-monitor fad went out this week. I really just need that machine to do more than I make it do, so I’m getting ready to throw XP Pro on it and replace my current desktop.

Besides, I couldn’t read the screen from the bed anyway.

School has been interesting and I’m sure you’d like to read all about it, so:

Java is a little less intuitive than the .NET platform. Programming things like default actions and which element gains focus is a little harder in Java. In fact, I haven’t figured it out. This weekend I had to write a program that accepted a list of names while ignoring duplicates, then allowed the user to search for a name in that list. Easy, right?

The flow of the program was easy: Accept a name or a list of names, put them in a list, then turn around and allow the user to search for a name in the list. The project was to have us use the LinkedList data structure and its methods. Very easy in design, but I got hung up on something so simple as sending the signal when the user was done typing names. I couldn’t do this simple little procedural program, so I decided to do a full-fledged desktop application.

It’s called (for lack of a better name) Name Reader.

Way easier to manage the input with an event-driven model rather than a command-line-based procedural program. The user puts a name in and presses the “Add” button, and voila!

When the list is big enough (or whatever), they can search for a name from the search box:

If the name is in the list, it will say so and give a position number. If not, it will also say so, but give a button with the option to add that name to the list.

Genius, huh?

Actually, I don’ t think so either. I wish I could come up with something really grand so I can join the club of cool programmers. I have all the books; I just need that pinnacle of expertise that says “I have arrived!”

Anyway, here’s the project file (NetBeans) if you want to look at it and improve upon it.

Educate Yourself (and stop clutching your purse!)

Okay, if you’ve kept up with the topic with some devoted interest, and don’t watch the news (that’s me) you should know that the word ‘hacker’ does not mean anything negative. However, the media like to say “hackers broke in to…” and “…was brought down by a hacker group…,” scaring you into thinking that anyone who calls himself/herself a hacker is immediately deemed evil.

Frankly, that’s un-American. You shouldn’t assume. If one would look into the word a bit more, they would find that hackers are absolutely everywhere. I hack computers. That doesn’t mean I can get into your bank account if you visit my blog; it only means that I pound away at the keyboard in search of knowledge. I want to know so much more about computer systems and how networks work, so I just hack away at it.

I also hack construction. I’m currently finishing up my shed project, my first experience with wood foundations, framing, windows, trusses, and roofing, without the use of a book. With my “well, it makes sense” approach to building, coupled with my father’s experience, we hacked out a pretty good storage building/workshop that should add a good bit of value to my home.

How does a lumberjack cut through a tree with an axe? He just hacks away at it until the job is done. Mind you, it’s not as pretty as if it were done with a chainsaw, but the mission was accomplished with the tools at hand. That’s what hacking is about.

I’ve got to go to work now, but I encourage you all to re-think your terminology for malicious computer criminals and virus writers. I’m not one of them.