Announcement

Collapse
No announcement yet.

Max Vision: White hat went to the "Darkside".

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Max Vision: White hat went to the "Darkside".

    Today I read this article from Wired.com, It's an Excerpt from Kevin Poulsen's book "Kingpin: How One Hacker Took Over the Billion Dollar Cyber Crime Underground" . A book about Max Vision, a hacker who stole 1.8 Million Credit Cards and sold the "Dumps" on the black market. I once ask "How do you "hack" XYZ program?" in another forum long ago.

    Someone once told me "Go online get tools (e.g Port Scanner), Scan targets, see what ports are open and find Exploits for that certain program and apply the exploit." I know better now that this would make me a "Script kiddie" and not learn much.
    Would you say this would apply here? I searched online and news got out about the vulnerability and that's how Max vision found out about it.

    In June 2006, a stroke of good luck gave him a chance to expand. A serious security hole emerged in the software RealVNC, for virtual network console — a remote-control program used to administer Windows machines over the internet."
    Also I did a search and It's being share online on youtube on how it's being done.

    Here's some questions.

    What do you think about this article?

    Would you read this book (Kingpin)?

    How can I AVOID being a "script kiddie"?

    Do you think this was a situation where opportunity (Massive Exploit discovered) meets a person willing to break the law for money?

    Your thought, thanks.

    -Cipher
    Last edited by Cipher; February 24, 2011, 04:17. Reason: Evo4G Typo - "Stupid Phone".

  • #2
    Re: Max Vision: White hat went to the "Darkside".

    From that article i gathered he was breaking the law before the said VNC exploit came out. He just stepped up the ante. But just because a massive exploit comes out it takes a very particular person to use it for malicious uses as opposed to helping people patch.

    if your worried your a script kiddie i guess that's a problem, but i guess my definition of a script kiddie is someone that uses tools that other people make and really doesn't have an understanding of what they are doing. But using something like a port scanner or network analyzers does not make you a script kiddie on their own. If you are say using prepackage toolkit's and all you know is that it just works and have no clue whats going on i guess that would make you a script kiddie, or people that watch a video showing them how to crack wifi and they have no clue what they are doing or whats going on i would classify that way.

    I think you mean would i read the book, i got the book for a read i enjoy reading various crime books, so far i haven't seen it as anything spectacular, I'm kinda waiting for the new kevin mitnick book coming out august as his previous 2 i thought were well written.

    Comment


    • #3
      Re: Max Vision: White hat went to the "Darkside".

      Originally posted by Cipher View Post
      How can I AVOID being a "script kiddie"?
      I'm solely going to address your third question, it being something I think about a lot.

      My guide early on was this guide written by ESR - http://www.catb.org/~esr/faqs/hacker-howto.html

      I'm cautious about referencing that guide here, I couldn't find reference to it anywhere on the site, which was suprising to me.

      I'm also going to point you toward a Richard Stallman Essay - something I am also referencing with great caution - http://stallman.org/articles/on-hacking.html

      Reading those two essays, hacking to me is about building something, and not just doing it creatively, uniquely, or insert positive non-conformist adjective here. But building something and working with it with a real and true understand of how it operates. This applies to me not only in the field of computing, but any field, I believe computer culture seems to have more hackers because the impact of hackers is more easily seen and spread on this particular platform.

      Now how does that flip over to the security sense? To be effective, you have to have a deep understanding of how what ever your focus is works, a deep understanding. Then you have to construct something that breaks a system, but breaks it just enough. Considering many things about the system, some based on hard analysis but also based on your experience building. I think you can apply what I previously stated to systems other than computers.

      Script Kiddes use, use and use blindly. They don't have a full understanding of what they are doing usually, and did not build what they are using.

      Now how to actually become one? I myself am still working on that. How to know when you are one? I look foward to the responses to this thread. As well as any feedback I as to whether what I'm saying has any merit.

      Comment

      Working...
      X