2600, Spring 2010

  • View
    207

  • Download
    3

Embed Size (px)

Text of 2600, Spring 2010

II

3

Cloudy Skies

Pla ns

]!251521140505 04011209060b'

4

Insecurities in Emergency Res< AJAX Hacking for the Discerning Pro Wrestling FanaticIttM f&ar i ! I I

689it

Big Pond The Grey Hat Manifesto TELECOM I N F O R M E R No Sale for You! rity Through Obscurity BartPE: A P rtable-iiicrosoftj Windows Influential |\ngles HACKER PERSPECTIVE: Bill from R N O C The Hacker Enigma: Positives, Negatives and W h o Knows? An Introduction to CSRF Attacks The Voyager Library Information System I'

13 15

1619 21

2629 30 32 33 "Print Me?" Why, Thank 34 46 47 50 51 52 54 59 61 62

.

My First Hack

LETTERt

0

Dr. Jekyll and Mr. Pay Pass

I

] Writing FSrnall Port Checker in C in 40 Lines (or Less) Procurve Switch Hacking Bluetooth Hacking Primer HACKER H A P P E N I N G S MARKETPLACE MEETINGS TRANSMISSIONS Simple How-to on Wireless and Windows Cracking, Part

66

c o m p l i m e n t . It means they're not particularly

in the clouds," it's generally not seen as a

W h e n w e say s o m e o n e has their " h e a d

equipment, a n d learning a great deal in the process. Obviously, not all of us had the time or

serious about what's going o n around them, bit "scatterbrained." a

they have no sense of reality, they're e v e n a N o w let's e x a m i n e the c o n c e p t of " c l o u d frequency phrase we as our will hear connected with

technology n e e d e d to e v o l v e to the degree where just about anybody could get the

inclination for this. So it w a s inevitable that

computing," continuing planet

to set them up or k n o w precisely h o w they your h o m e or office, using the services of a ical. Rather than managing your o w n email,

services they w a n t e d without actually having worked. Instead of running a server out of

c l o u d is w h a t the Internet has b e c o m e , a huge of the hardware, software, a n d responsibility network of shared resources that moves m u c h

continues to evolve.

Basically,

the

data center w a s more stable a n d economusing a centralized third party b e c a m e more

a w a y from the individual users. This results in capacity, and decreased costs. These

m o r e reliability, ease of use, greater storage are

c o m m o n . W e b s i t e s c o u l d b e run remotely virtual hosting. Social networking

without e v e n investing in a m a c h i n e through

obviously all positive developments. But in

order to a v o i d losing our heads in this cloud, attached to it.

w e need to look at a n d prepare for the risks In the early days of the net, there w a s a up connectivity. Anyone from

w h i c h obviously m a d e them more effective.

brought people to central points of contact, Initially, these t w o worlds existed side by

also

age of 11 to 85 c o u l d b e expected to get a

setting

lot of do-it-yourself activity with regards to

there w e r e the masses. Naturally, a degree of

side. There w e r e the do-it-yourselfers a n d then derision w a s reserved for those w h o emailed

the

or c o n n e c t e d to an I R C server through a mass appeal host like A O L . People w h o communicated Hotmail w e r e generally not seen as the most solely through a service such as

a c o n n e c t i o n of s o m e sort, a n d install various to do. S o m e w o u l d set up their o w n services based o n w h a t exactly they w a n t e d UNIX

machine, set up a n operating system, obtain

technically adept, e v e n though this may have first place. been the only w a y they c o u l d connect in the

shells that others c o u l d login to, s o m e might

w o u l d run Usenet n e w s feeds, Internet Relay

run websites out of their homes, still others

C h a t servers, the list w e n t o n a n d on. S p e e d faster service to your location, y o u m o v e d up

formation as capacity, speed, a n d functionality of c l o u d c o m p u t i n g have all improved dramatically. house a n d h a v e to deal w i t h h a v e it always Why keep a server connectivity at your

In recent years, w e ' v e seen a real trans-

w a s a sign of status. If y o u w e r e a b l e to get a f e w pegs in the eyes of your peers. In a way, in building a n d upgrading their o w n cars,

it w a s equivalent to e v e r y o n e being involved repairs, getting their own

issues w h e n you c o u l d park it remotely and b e reachable? W h y

d o i n g their o w n

your o w n mail server w h e n C m a i l c a n do it more efficiently and with great amounts of

operate

Page 4

2600 Magazine

'

when everyone

free storage? W h y run your o w n chat system is on Facebook a n d Twitter? slowly

seen those people w h o w e r e doing their o w n

To continue the car analogy, w e ' v e

more professional. So what are the risks in this? Mostly, it's a lack of control. H e r e are some examples: W h i l e G m a i l certainly does a better j o b of sending a n d receiving mail than most of us setting up a Linux box over a copper connection, the fact is that they have legal possession of your email o n their servers. In fact, the words in your email are scanned so that you c a n receive advertising that may be relevant to your interests. W h e n you have your website in s o m e o n e else's colocation facility, you w o n ' t b e the first to k n o w w h e n some entity serves notice to shut it d o w n for o n e reason or another. You may just find yourself cut off. In more serious cases, the authorities c a n grab your stuff with a mere subpoena to the company, rather than having to get a search warrant a n d c o m e visit your house. If something bad happens to o n e of these companies that y o u ' v e entrusted with your online presence (bankruptcies, fires, legal problems), y o u c a n find yourself adversely affected by someone else's drama. Remember, y o u can't really control what's not in your possession. The c l o u d makes it easier for people to collaborate on projects by sharing documents online. But such web-based applications also make it easier for outsiders to gain full access to these projects, since o n e person's poor security habits c a n put everyone at risk. M a n y times, this simply isn't thought through and all kinds of embarrassing things w i n d up happening as a result. Apart from the control a n d security issues, cloud computing makes s o m e o n e more of a consumer than a developer by default. It's likely you are n o w forced to use hardware that technically doesn't belong to y o u (such as a c a b l e m o d e m ) and w h i c h y o u can't fully access even though you have possession of it. Running your o w n website is forbidden on most c a b l e m o d e m connections and n e w e r FIOS setups routinely block port 80. W h i l e it's a trivial issue to get around many of these restrictions for those w h o are so motivated and w h o have the skills, most people w i l l wind up paying o n e of the giant providers, playing by their rules, a n d giving up control. Even after yielding this much, w e may

cars to the dealer instead. Easier, quicker, a n d

repairs and maintenance start taking their

find ourselves increasingly at the w h i m of giant companies, more so than ever before. Emerging smart phones c a n be forbidden from running software that either the manufacturer or p h o n e c o m p a n y doesn't a p p r o v e of. Their reasoning may m a k e sense (security issues), it may b e n o n e of their d a m n business (forbidding " i m m o r a l " v i d e o games), or it may b e for completely selfish reasons ( A p p l e not a l l o w i n g a G o o g l e V o i c e a p p to b e installed o n their iPhones). O r something y o u bought electronically c a n b e "taken b a c k " without e v e n letting y o u know. Last year, A m a z o n did just this to customers w h o had purchased electronic books o n its Kindle service w h e n they ran into a legal issue w i t h the books' distribution. In a n almost too perfect irony, the titles in question w e r e G e o r g e O r w e l l ' s Animal Farm a n d 1984. There are numerous other such examples that all point to the same conclusion: consumers run the risk of b e c o m i n g almost irrelevant if they simply coast along a n d accept it all w i t h o u t question. W e need to b e clear. It's still possible a n d easy to use the net as individuals. W e c a n b e creative a n d reach the entire w o r l d . W h a t ' s disappearing is the ease w i t h w h i c h w e c a n d o this w h i l e not being s o m e h o w under a m u c h larger entity's w i n g . If y o u c a n run your o w n network internally, keep your email off of any m a c h i n e y o u don't have physical access to, and not be forced to have a monopolistic p h o n e or c a b l e c o m p a n y as your provider, then y o u h a v e a degree of autonomy that seems to be vanishing for many of us, oftentimes without an argument because of the c o n v e n i e n c e factor. But e v e n if y o u don't have the need to b e completely independent of the c l o u d and the prospect of your data residing under s o m e o n e else's roof doesn't disturb you, it's vitally important that y o u at least b e prepared in the event of s o m e sort of a disruption or failure. Just as w e w o u l d advise p e o p l e to a l w a y s m a k e backups of any data they possess, w e must stress the importance of d o i n g the same thing w i t h data entrusted to outside companies. Just b e c a u s e they are big a n d professional, there's no reason to believe that they w