Re: New "Hacker" Movies (to be released, or new this year)

They never actually showed the details on the voting machine hack over network television. Saying there was buggy executable instructions on the removable PCMCIA FLASH card is kinda broad. They did show the analyst running his exploit via a CLI though.

They also said there was 13 code bugs, and one potential backdoor. I'm sure if there was any crypto there was a escrow key, or sequence in it too; I think it was Triple DES. That was in one of the supposed vendor patch notes(same crypto as ATM manufacturers use ironically.)

Anyone who does serious IT work for a living, or for proactive means knows you could probably find a fleet of executable bugs in anything from a hardened install of openbsd 3.9 on a pegasus platform to the firmware on a F22 Raptor. Until someone cuts the 'red tape' of commercial engineering practices we're stuck with low level impurity's, and being creative with false assurance towards employers.


Around this time I'd usally give a credible link backing my theory(?) In this case though I lost the link. There use to be a superb software engineer/analyst that could write beholding C code, and post snippets on the net(I think I discovered him via David Wheelers secure coding page.) In any case he showed something most of the IT industry are ignorant to, and distracted from by other peoples short comings. His code barely used anything besides core code, and compiler optimizations. It taught me that a software developer can't prevent software bugs via secure coding if the underlying architecture is still flawed, but he can write dynamic instructions that adapt to 3rd party flaws on a inline lower level.

Even on modern hardened Linux systems secure code is a contradiction in terms.

I'll also refer to at this point my last post where I clearly state I post inaccurate information. It is possible to write fully functional secure software , and compile, and execute it on software that runs on top of modern hardware architecture. This is the truth, and the academic community also believes that because we can manufacture things like cell phones, and big high spec optics that we have a good idea of how the universe was created, and now works.

Even suggesting that you could implement a secure system on top of any processor architecture you care to mention would be the equivalent to me saying I could calculate the physics of dark matter around the furthest planet in the current systems with the biological mathematics behind the formula for Macdonald's special sauce.

Remember I have no idea what I'm talking about, but imagine I do long enough to take this post in to consideration.

Re: New "Hacker" Movies (to be released, or new this year)

This post (non-coincidentally) resembles Feynman's appendix to the Challenger report, in which he criticizes managers and engineers for the failure to communicate between their respective disciplines. Managers tend to take best-case numbers from engineers, omit the qualifications given those numbers, and take them as gospel; leading to the original estimated catastrophic failure rate for STS missions, of 1 in 100,000, as opposed to the observed failure rate of 2 in 116.

Ironically, the portion of the shuttle's development Feynman spoke most highly of was the software, the developers of which actively resisted management concerns to test less. ("Since they always passed the tests, why do they even have them?" was management's reasoning.)

Re: New "Hacker" Movies (to be released, or new this year)

One thing I've learned from actually working in the IT, and scientific career path's is you can have a PhD in Mathematics from M.I.T., or any other major academic institution, and you still have 0 credibility within the ranks of the company, or organization even after you've been there for year's. I of course don't have anything like that. I was born in 2004(<- spiteful internet related humor.)

NASA goes with the whole security threw obscurity model. They just use some generic interpreted python, and wrap all the code around obscure factoring code that even a seasoned cryptanalysist couldn't understand.

To keep on topic here is a true funny IT story. One year ago from today my old roommate was working through a crappy temp company here in NC. This temp company almost never got anything besides burnout work in construction, and heavy production. He signed up, and his first day working through there he was sent to run wiring at some building.

My friend goes to this address, and it's a brand new state of the art GM/Jaguar parts manufacturing plant with a fully automated robotic assembly line driven by a great big windows XP cluster. My friend was a community college dropout/slacker, and little did he know he was going to be literally wiring the security system for the door sensors, fire alarms, motorized security camera's etc..

Supposedly the company who I will not disclose was one of the biggest security contractors on the eastern coast of America. Chances are at least one of there employees is a member here, and may know exactly what I'm talking about.

The supervisors, and engineers already had the server room setup. They had some software engineers who looked like they where in there mid 20's according to my friend flown in from Asia, and Germany who from the description I was told where doing software driver testing on a pretty sophisticated robotic arm..

My friend though who had -NO- experience in any field that would qualify him for this job had physical access to the entire server room where in fact most of the wiring he was running came to for monitoring.

He had in his hand's on many occasions professionally rendered blue print's of the building structure, wiring, and ventilation system. He finished the job a month later, and the security company said the only people allowed in the building from there on needed security clearance. We both had the mental thought 'It's a little late for that.'

It's a good thing no criminals where working through that temp company at that time cause according to my friend they never even did a record check. He started working not 24 hours after filling out an application. He probably remembers there entire security system other than the VPN specs cause he did everything, but hook the wires to the monitoring devices which for some reason required security clearance.

I remember him quoting a big cheese in saying to an architect "9 million is just a fraction of the build cost."

I've actually seen this building. It looks nothing like a manufacturing plant from the front. You'd think it was a corporate office for a design studio, or something sitting out in the middle of no where with a funny looking security guard.

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

The easiest hack is to walk into a corporation and say "I am here to fix the computer." People are sheep.

And go easy on the apostrophes. The - 's - is for possessive only, for pluralities just add the letter s at the end of a word.

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

More examples:

Media coverage of L0pht Heavy Industries and their early incarnation of "L0phtCrack" was almost nothing. They saw a CLI, with text, asked a few questions but the media was not interested. They added a GUI to it, and suddenly, the media was interested, and it was "news worthy" showing up in the news with demonstrations.

Local news throughout the US have had stories about "WarDriving" (especially a few years ago) where some camera crews sat in a car and video taped an active scan with [choose a sample piece of software here such as: NetStumbler, or Kismet, or *] and active scanning for [E]SSID which would appear on the screen. Later, this footage of the active scans would appear in some news stories.

One of these cable-network shows like G4-TV (?) or maybe TechTV or maybe both had demos of people "war walking." On one rare occasion, our local cable company was carrying this channel for the day, and they were showing off some guy doing this in Hollywood, and then letting the owners of the AccessPoints know they had security issues.

Again, coming back to MythBusters, they had an episodes where they tested various myths on defeating alarm control systems. Some of their techniqes against these systems were successful, and were broadcasted.

I'm not so sure there is a law that requires censorship of live eploits against systems (computerized or not.) There have been enough examples of "live exploits" in the news, to suggest no such law exists.

What is more likely, is exploits "in action" are boring and would not keep the masses as entertained as FIRE! or DEATH! or CATASTROPHE!

People in the news are willing to pass information that actually threatens life; consider U.S. war in Iraq part 2, with Geraldo Rivera giving his field location information away, puting his own life, and those around him at risk. Some would view such reporting as the activity of a bleeding-edge-journalist, or maybe a traitor, spy, arrogant-recalcitrant-egotysitcal-self-serving-opportunist, or just "stupid." However, the news agency can get more viewers, and more viewers means more profit during commercials.

The number one goal of most large news agencies is profit. Lawsuits can threaten profits, which gives your thought on lawsuits merit.

I seem to recall a PBS or maybe Discovery Channel, or History channel reviews of the WWII-era Enigma encoding devices and how various ciphers were broken. Examples crib sheets were put on display, and frequency distribution (character and character groups) was described, too.

If you can't remember the law about this from 1984, perhaps you can provide some keywords that come to mind from your memory on such a laws, so I can seach for it. Was it only a Bill that was never signed into law? Do you know who sponsored the bill? HR? SB? Even the name of the news agency that gave your the story might help to track down such a law. Maybe agencies that supported it could help too... Secret Service? State Agencies? FBI? Nearly anything related to this laws would help with researching.

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

I just keep wondering... when is Terry Gilliam is going to make Snow Crash into a movie?

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

@TheCotMan: Usually when someone agrees with you there is no need to further passively defend your theory.

@Atcell: I didn't mean to offend anyone with that "I was born in 2004" joke. I'm assuming that's the reason for that reply. I kinda figured some of the social authority figures here would get that one cause they where kind of what inspired it.

On a side note though in my own defense it's worth mentioning you're unlikely to find a grammatically correct post on these forums that is at least one paragraph. You can go read white papers by the A.I. department at M.I.T. and they have a abundance of incorrectness/typo's. It should be safe to assume that anyone with a 5th grade education can interprete writing a lot worse than anything I've posted thus far.

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

But I have another example: "exploding gas tank" and "pinto" and "Unsafe at any Speed" (Heh-heh. -- sorry, I couldn't resist.)

Seriously though, I am interested in information about the law from 1984.

It is entirely possible that such a law was actively discussed in congress in 1984, but never passed. It may have been passed, but found unconstitutional or defined by a court to be inert.

There have been suggestions from the FCC, or to the FCC about how dial-up/Internet access should be treated differently from using a phone with voice. Proposition of new laws/regulations have appeared a few times in the past, to add new taxes or charges to Internet access and use over phone. Some of these have lead to chain-letters urging people to, "write their congressman," to stop such taxation/classification. However, most of these chain letters, "surged," in cycles long after the discussion in congress was closed/vetoed/dismissed.

My interest in information about the law is genuine. It is not some sort of, "nyah-nyah," or sarcasm; if this came up for discussion in 1984, it will come up again, and I'd like to know what arguments were used on both sides. My interest in such a law that might limit the passing of information about product defects, is to see who was backing it, and try to understand why.

Lists like BUGTRAQ have come under fire for letting people post, "full disclosure," of vulnerabilities, and there have been calls for laws to be added, that would restrict or limit such discussions.

Here are examples of phrases where, 's appears:

"That" + "is" as a contraction? Yes: "that's"
"It" + "is" as a contraction? Yes: "it's"
"Typo" + "is" ? Nope. Something owned by a typo? Nope.
"Path" + "is" ? Nope. Something owned by Path? Nope.

(Perform a search for "'s" in this thread to find more.)

I'm not picking on you. I'm only showing you what astcell was describing.

I could visit many of my own posts and find something wrong with my own grammar or spelling in each post. Between actual mistakes with spelling, and fat-finger keystrokes, or transposed characters, I make quite a few mistakes here.

However, when I see I've made a mistake, I tend to go back and edit the post to fix the mistake.

I know I have problems with long or run-on sentences, occasional shifts in tense, occasional spelling problems, tons of typos. I've even started sentences with conjunctions, which is frowned upon by some people.

There are some rules that I violate on purpose, such as the inclusion of punctuation within a quoted statement-- especially when the item quoted is an instruction, such as a command, or part of sample code. [I've also broken some rules of language to better convey an intended meaning, or pass a message to a forum member.]

I know that I do not follow the APA, MLA, Turabian, or Chicago or any semblence of these when citing resources in my posts. Proper use of italics, underscore, and bold for citations to books, movies, plays, or even URL-- all seem to get the '"' (double quotes.) Using proper citation would likely confuse people, and is not needed in a post here, as much as a URL.

When do I make a comment about spelling or grammar? When there is a recurring pattern, or the spelling is just awful. In this case, astcell noticed a pattern, and made a comment.

Mistakes happen. It's our capacity to learn and improve ourselves, which separates us from people like poolgirl/poolboy, or tubgirl. ]:>

[Here is another mistake in punctuation: :-)
However, it does have meaning in the context of an online forum.]

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

This film will have rounded corners and appear to sit on a shiny table.

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

Is there really a need to point out my incorrect usage of possessiveness repeatedly? Do I really need to point out the hypocrisy here?

I see grammar, and potential vocabulary errors in the first sentences of you guy's posts. If the moderators will allow it I'd like to play along with the trolling, and pretend to be aggravated by it all while using those two responses as material in a small lecture on hypocrisy in action.

If you're going to ridicule other people's writing at least be sure the writing you're doing it with is at least 50% compliant.

Anyone have a story to put this thread back on track? I think it's derailing...

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

Point out my mistakes, and I'll fix them. You'll see that I acknowledged having made mistakes.

As for my comments, you'll see that two of the cited examples included use of "'s" without possesiveness included, but are generally accepted.

[More example of where " 's " is allowed without being possessive: contractions of words with "is".]

When you correct me, I gain an advantage.

50% compliance? Hey! I am improving.

Sure. I saw, "The Net 2.0," and it sucked. It is out on DVD. I don't remember seeing it advertised for the theater.

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

"When you correct me, I gain an advantage."

As do I. Unfortunately though this isn't a good atmosphere to be a social minority, so I'll just fade out the negativity, and I'll just mascaraed in my fake happy face for a while.

The Net 2.0 sucked just as much as The Mind Hunters with zero cool/johnny lee miller in it. Both had shallow plots, and dead people started floating when it rained heavy. Johnny Miller probably misses the days when he starred in movies that make millions for over a decade because billions of people buy the hard copy, and watch it once a month then go online and give it bad reviews because of some form of personality retardation.

I'd be willing to bet WarGames 2 features a lot of plot time on copyright infringement. Maybe the main character will download some weird Asian porn, and get a threatening DCMA letter from Toyota Yamaha's cheap smut inc.

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

There are handfuls of people that come to this site who do not speak English as their first language. I think it is important for those of us that *do* speak English as a first language do our best to present our ideas in the clearest and most coherent way possible. Bad grammar is one thing, we all do it. Spelling mistakes are pretty much inexcusable especially with browsers like FF2.0 have built-in spell checkers. And yes, I use it. I spell-check my posts. I'm not accusing you of making these mistakes, only trying to explain that each user making a concerted attempt to use correct grammar and spelling helps everyone understand your point a little better.

AOL-speak is just an extension of this and belongs in instant messages and chat rooms, not forums.

I admit that I absolutely suck at writing, and my grammar is horrible. However, that doesn't stop me from trying to improve. Frankly, one's writing also reflects (right or wrong) on one's credibility.

I didn't even know there was a Net 2.0 movie. Then again, I've been out of the country for 6+ months.

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

now there is a man with wisdom... and none too many extra s's (or would that just be 's'? because I am pretty sure that just ss is frowned upon since that whole Nazi thing...)

Re: New &quot;Hacker&quot; Movies (to be released, or new this year)

I think you all need to relax just a little bit. Spelling and grammatical corrections taken with such intensity compels me to call people "spelling-Nazis" a word I have been using to describe a few of my close friends who feel the need to get on a high horse, taking personal offense and feel challenged over any simple English writing foul I or others make.

This guy makes a good point on the subject, explaining why commonly "techies" tend to have this aforementioned disorder, it's sweet and simple and I just now ran across it.

http://blogs.salon.com/0000014/2003/09/15.html

This is another way of saying "well, you got my post didn't you! " :
Aoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe.

If you say IMO, Then I feel free to advise you at anytime that I am LOL at you or the given situation, so there.

So on to the topic, I am excited to see the new Die Hard as i hear it will be cool :-) I have actually started encoding some footage from Black Hat USA 2004 from spoonm and HD Moore, Metasploit: Hacking Like in the Movies. I thought it would be cool as a look back and go oh hey. http://www.blackhat.com/html/bh-usa-...rs.html#spoonm

Also, Johnny Longs USA 2006, Secrets of the Hollywood Hacker talk and USA 2006, The MetaSploit Reloaded Talk should be going up soon same time as the DC14 videos. We plan to have it up on the RSS soon, (that translates to i don't know when) .
Other hacker-ish movies I'm excited about is Deja Vu- but reminds me about the matrix so i dunno.
Scanner darkly I want to see this, it looks amazing.
and Im still waiting on that mythical Enders Game the movie . hehe.

Boy I sure am chatty lately.