What's a hacker?

Re: What's a hacker?

I think you missed one. The guy/gal who has worked at Radio Shack all their lives, has a ham license, has taken some CIS classes (or has a degree or two and now manages Tandy), had one of the first Tandy color computers/or other, and has had to figure out how to do it all despite a frustrated client base. He/she usually (like me) took things apart as a child to see how they worked even if they could not reassemble them correctly. ~That in my mind more closely resembles a hacker.

Re: What's a hacker?

Awe crap, I already voted for:

Someone who modifies hardware/software to do things other than the intended use

Can I have a do over plz? ;~)

Re: What's a hacker?

Something I'm curious about: While I'm familiar with the idea of using hardware for things other than its intended use, the same concept with software is thrown around regarding hacking, and I'm a bit curious as to its validity.

Are there good/well known examples of using a specific piece of software for something cool/innovative that it wasn't originally intended for? It seems like in most cases when someone wants to do a cool thing with software, they just write it new.

I think the definition of hacking (in the positive connotation) definitely covers modifications, and using things in cool unexpected ways, I just can't think of examples where this is done with software.

Re: What's a hacker?

There are many cases. Consider all cases in history, where software designed to prevent people from doing something. The software was *designed* to deny users access. When that design is found to be flawed (protocol failure) or the implementation is found to be flawed (software) and someone defies the design specification to make it do something that was not intended by the original designers, then you have an example of software being modified to do something it wasn't intended to do. (A specific example for the purist that claims that breaking code isn't modifying code, consider the special case of the buffer overrun with mal-code injected into a stack, and then executed. This is *actual* modification of code being executed by the computer. Another example? Applications that do not properly sanitized and check user-submitted data for validity, which are abused, such as args which end up being passed to an EXEC, as an application-layer attack and modification of code, causing the program to do something it was not intended to do.)

As for,"cool," that would be a subjective review of the results. A person that just found a way to defeat the WEP protocol, or find ways to break DRM enforcement, or CSS/Region enforcement on DVD might be cool to many people, but very un-cool to the vendors or maybe law enforcement officials, depending on the laws of where you live.

Would it be, "cool," to find a spammer DB of email addresses online with a unsubscription form, which was at risk to SQL injection, and then abuse that implementation defect to delete all email addresses in the database? I guess that depends on your point of view.

What about combining known vectors of attack into something new that none of the original coders of either exploit considered, to make something that bypasses security systems that would actually catch either one if launched individually?

What about bypassing mal-ware scanners? They are designed to defend against malware, but if you find a way to cause the malware scanner to do something that it was not intended to do (pass bad instructions as good) isn't that also an example of this? Again, "coolness," depends on your point of view.

There are many, many examples of the above general class of exploits.

Use of the word, "innovative," is meant to distinguish the creator of the example or exploit from the "script kiddies" that just use the example or exploit. The first person to build a polymorphic virus created something innovative. The first person to find out that purposefully mal-forming TCP packets could bring down an entire OS created something innovative. Of course, innovative is also subjective. The definition proposed before includes multiple reference words that are subjective, on purpose; exactly what hacking is, is subjective. :-)

Re: What's a hacker?

I don't take those lightly.

Re: What's a hacker?

hmm. From a technical standpoint, there are some really elegantly beautiful attacks. Buffer overflows and printf exploits come to mind. But, from my subjective viewpoint, 'just breaking' security isn't necessarily cool or innovative.
Getting around a login system isn't what the system was designed for, but it's in the exact same category. In a sense, gaining access to a system is an intended use of a login system.
On the other hand, things like using telephones to control a model railroad, that's really unexpected and new. I know people break software, and circumvent it, but does anyone really use it for something that no one had previously envisioned/intended that software to be used for (or directly against?)

I would disagree. In the context of hacking, it's my opinion that the methods are often what's much more interesting than the results.

To contradict myself a bit, here, I am reminded of the 'Hacking wireless billboards' talk in DC17. The methods are fairly standard, but the results are definitely not what the billboard creators had in mind. ;)
Then again, the software itself is still doing exactly what it was meant to do. :-/

Re: What's a hacker?

But the intended use of the login system is to allow an admin to grant access to resources to some users, and deny it to other users. When the program controlling logins fails to perform this function, and its purpose is bypassed by exploit, then its intended use is not being met.

Now you enter into the realm of semantics.

Some might say, "there is nothing new under the sun," and argue that everything we see is just a refabrication of old ideas, presented in a new light. Grouping ideas and items in large enough groups shows this would be true.

Condensing things down to Force, Matter, Energy, really, nothing much has changed.

Splitting these, and refining them into separate groups can happen when joining different specific entities from each them in different ways, fabricates something new, even if the fundamental building blocks still claim their own common parent.

In code, we have various languages, but basic programmatic routines seem to be shared among them. Input, Output, Conditionals, Loops, Data Storage, etc. If we consider the above to be the base of programs, then we can group all programs to really be just a variation on how these are mixed, and again, ignoring how permutation, and combination of the above could create something new or different (innovation.)

On the other hand, we could do the same thing with hardware. There are basic components in hardware like the resistor, capacitor, transistor, diode, etc. If we consider the above to be the base of piece of any hardware, then we can group all hardware to really be just a variation on how these are mixed, and again, ignoring how permutation, and combination of the above could create something new or different (innovation.)

Notice any parallels?

Now, consider why software (modern sense of the word) came into being. Hardware designers didn't want to build and rebuild custom machines for each and every dedicated purpose. The concept of a "general purpose computer" which could be "programmed" to be taught to complete different, unique procedures without building new hardware for each unique procedure. In this way, software can be viewed as virtualized hardware. If there cannot be innovation, or "cool" changes to virtualized circuits, then you make the case for the same idea being applied to hardware.

Which part? "Cool," being subjective?
What might be, "cool," to some people?
Logically, both are true, and objective in nature.

This is the part that you disagree with, but this part stated was not contradicted in the section you quoted. In this case, you disagree about something that appears to not have been quoted.

Illustration:
"I like cheese."
"I disagree; fudge tastes really good."

Again, here is a case of grouping vs. splitting. The reference to "software" in the above is an attempt at a duplicitous meaning. It appears to be an attempt to claim the whole system of all software in the sign working as it should while also claiming that just the specific software that displays the content is the software. Choose one realm for this use of the word.

If the word is just the segments of code that display content, then there is no altered code, only altered data.

If the word is the whole system, including the authentication and access restriction code, then that code would need to be examined as would the exploit. If the system is open, then there is no real exploit, and when the only modification is data, then you have something that resembles graffiti or vandalism (when done to other people's property) instead of hacking. If however, the attack allows for a flashing of the systems software to replace it with something made by the "attacker" then we have a code modification.

Consider wireless access points that have had their firmware altered to run a custom "operating system" and allow users to use software changes to make hardware do something it wasn't originally designed (by the creator and vendor) to do. This is another example of software hacking, which bypasses the vendors intended purpose for unit as it was sold.

Re: What's a hacker?

I'm not sure how well this fits your definitions as these might be considered hardware hacks, but:

• My iPhone is hacked to let me run arbitrary apps, SSH into the thing, and also to have a terminal
• My XBox is hacked to play movies through XBMC, run a number of emulators, and pirated games
• I have an iOpener, which at the time was a pretty nifty $100 "appliance" that could be hacked to run Linux. It was a self-contained Pentium computer with an LCD