Hacking Rhetoric


Leave a comment

David Finol Summary of a Hack Artist Statement

It’s one thing to read about the latest security exploit, but as I’ve learned in my security classes, it’s another thing entirely to use that exploit in even the simplest of circumstances. It therefore seemed natural to me that the best way to alternatively summarize an exploit is to make a small code project that used that exploit. I therefore wrote a script that would crawl through some of my favorite sites and determine whether or not that site was vulnerable to Heartbleed. With this kind of project, my intention was also to get the personal benefit of being able to reach out the owners of said favorite sites and help them if need be. I was lucky enough to find a command line tool that would handle most of the grunt-work associated with testing out the sites I wanted to see. The results are easily demonstrable:  

Image
Of course, the source code can be found at my github at: https://github.com/davidmfinol/Heartbleed

Advertisements


Leave a comment

How to Study Hard Without Burning Out

Here are some way to study effectively  for finals.

 

1.) Schedule it. . .

Don’t just wait till you have free, time because you’ll never do it. If you plan on actually do it and schedule a set time, you will more than likely do it.

2.) Get in the zone.

Find a study setting that works best for you.

3.) Gather materials.

Make sure you don’t have to gather materials more than once during the study session, otherwise you will mess up your studying mood. You must have minimum interruptions.

4.)Plan small breaks.

You can’t study if you are mentally and physically exhausted. Don’t take a long break, otherwise you will break your focus.

5.) Be an active learner.

Don’t just take notes, discuss and analyze the materials.

6.) Find your study spot.

Pick at spot based on how well you can focus. If you get distracted easily, do not pick a loud place to study.

 

GOOD LUCK WITH FINALS. 🙂


Leave a comment

Enjoy your mornings.

I don’t know about you guys, but for the most part, it’s a struggle to get up in the mornings. I honestly hate the morning!!!! Here is 10 ways for you guys to enjoy your mornings, which is what I found on lifehack.org .

1.) Get a good nights rest.

I know this is very difficult to achieve in college, but we should definitely try our best to finish our work early on so we get enough sleep everyday. It will affect your school performance, your mood, and how you socialize.

2.) Get up early.

This is something I dread the most. If I could, I would much rather wake up in the afternoon. If you get up early enough, it will become habitual and you won’t waste your day away.

3.) Go outside and experience nature.

We should all get a breath of fresh air. Soak up the sun. It is healthy and refreshing.

4.) Meditate

This can be beneficial and relaxing. We stress way too much as college students.

5.) Talk with loved ones

They can comfort you or motivate you like no other!

6.) Workout

Increase your metabolism, feel accomplished, and feel more energized.

7.) EAT BREAKFAST

I don’t know about you guys. . . but I rarely eat breakfast. I often feel hungry and tired after a while which can often distract me.

8.) Take the important stuff done first

You are more energized and creative in the mornings.

9.) Check your emails

There might be important emails. If they aren’t important don’t bother with them till later.

10.) Don’t be late

Being early leaves you less stressed and makes you feel more productive.

 

 

 


Leave a comment

Lag in real life . . .

If you ever gamed online, I’m sure you’ve experience lag. Lag is the most annoying thing ever. Whenever I play COD, I rage whenever I experience lag. . . but what would happen if you experienced lag in real life? I cannot imagine experiencing it in real life, and honestly, I do not ever want to experience it. An internet provider called UME decided to develop an experiment that would allow one to experience lag in real life using Oculus Rift development kit, a Raspberry Pi, noise canceling headphones, and a webcam. During the experiment, the user experiences delays and slow motion to give life that lag effect.

 

Here is the video. Pretty interesting.

 

 

-Cynthia Kay Williamson


Leave a comment >

Hi guys,

I’m sure this is old news to some of you, but my roommate and I just discovered Adobe Crossword. The creator took leaked information consisting of passwords and password hints and made it into a surprisingly fun crossword puzzle for double the hack. Plus, it was based on an xkcd comic published under a Creative Commons license like some of the stuff we talked about a few weeks ago. Enjoy!

-Allyson 


Leave a comment

Last Post: Whitehat Hacker Raided by FBI

About two weeks ago, a David Helkowski, whitehat hacker, was raided by the FBI. Why? Because he had exposed a massive security vulnerability in a university’s system, reported it, saw nothing had been done about it (even after a malicious hacker took advantage of it), and then proceeded to make a point to the university to show how bad the threat was. While details on the story can be found here, I’d like to take this last post discussing my feelings on the whole fiasco.

The whitehat hacker is obviously not a bad guy. He worked for a security firm that specialized in helping organizations find vulnerabilities in their computer systems. He was simply frustrated seeing that the vulnerability he had found was used maliciously by hackers. So he decides to make a point to the powers that be, all in the hope that they do the right thing and fix the vulnerability. The information he hacked out of the university to make his point wasn’t even a large amount of data, and he even told the people whose information it was that he did it right away. And when the FBI/Secret Service raided his home, he even freely cooperated with them, giving them access to all of his computers and files (though such a thing might come back and bite him in the butt later on).

I really do hope that Mr. Helkowski doesn’t face any legal repercussions over his actions. I think his actions really show that he’s just been trying to do what’s right.


Leave a comment

When keeping it real goes wrong.

David Helkowski  was a white hat hacker working for the Canton Group.  He was tasked with finding security flaws in the University of Maryland computer network.  He found such a flaw that would allow a hacker to gain access to the university’s servers.  He reported the flaw to UMD and they did nothing.  Then a hacker breached the system and exposed 300,000 current and former students’ personal information.  Helkowski felt the need to recreate the hack and post the relevant data to Pastebin.  A day later the FBI raided his house.  Helkowski found a flaw and reported it, after that there was nothing he could really do to force action.  He decided to keep it real and expose the flaw in a public manner.  This turned out to maybe not be the best course of action.  Regardless of Helkowski being in the right to bring this flaw into the light, he committed a crime.  Now my question is what should we do about this type of behavior?  On one side Helkowski acted on behalf of the greater good.  On the other side he committed a computer related crime.  Granted no sensitive information was leaked as a result of his crime, but a crime was still committed.  This seems like a spirit of the law versus letter of the law type of thing.  The problem is who decides what actions conform to the spirit of the law.

original story

-Sphinx


1 Comment

Heartbleed Bug

Hello everybody,

Instead of talking about something recent in the class, I decided to try to talk about the Heartbleed Bug. The Heartbleed Bug, in tech speak, is a cryptographic vulnerability in the OpenSSL  library that allows stealing of information over SSL protocol, more specifically it allows attackers to read memory of clients and servers, and through that could obtain secret keys to decrypt messages. In other words, this attack allows hackers to gain the “password” which protects your data on the internet. For example, if you go to Wells Fargo’s website to do some banking, you’ll notice that the address becomes https. This indicates you are using SSL. However, now someone on your network could exploit this bug, and grab the “password” that your computer and Wells Fargo are using to encrypt your messages. Now your message goes from “iauhgiu1038y5-hafu1g3uripa” to “Username: Jon, Password; Doe”. From here it is hopefully obvious why this bug is so bad. For more information, here is a useful website to check out:

http://heartbleed.com/


Leave a comment

5-year-old boy hacks into Xbox Live

When I read this story, that has been trending on various sites, I thought it was hacking at its finest. The word “hacker” has such a negative connotation, and while this story does not make it any more positive, it does make you rethink your traditional vision of a hacker.  The article is about a 5-year-old boy, named Kristoffer Wilhelm von Hassel, who hacked into his father’s Xbox Live account. Essentially, the young boy learned that by mistyping his father’s password, he would be redirected to a password verification screen. Once on this screen, he would just type a bunch of spaces, hit enter, and he would be logged into his father’s Xbox Live account. Apparently, this is not the first time Kristoffer has undermined security. According to his father, Kristoffer has discovered a few other hacks involving smart phones.

Many people would not classify a 5 year old as a hacker, but technically, by undermining the security implemented by Microsoft and others, he kind of is. Microsoft has even recognized him on their online lists of security researchers, who have helped make their online products safer. According to CNN, Kristoffer will also “receive four games, $50 and a year’s subscription to Xbox Live from Microsoft.”

Gross, Doug. “5-year-old Boy Hacks Dad’s Xbox Account.” CNN. Cable News Network, 04 Apr. 2014. Web. 06 Apr. 2014.


Leave a comment

Hack on Campus

During this past week, the printers in the PCL were hacked to display “Vote for Todd.” As an argument this was completely ineffective, since my next thought was “vote Todd for what?” However, it’s interesting that it happened on campus, since we usually talk about hacks a little farther from home. And the idea my coworkers had for a better hack was much more fun: make all the printers say “insert coin” and watch people try to find the non-existent coin slot.