Sorry, No ads on this site.

H a c k e r N e w s N e t w o r k

Defaced Pages Archive

HNN Affiliates

Affiliate Resources

I Want My HNN

Write For HNN

HNN Privacy Statement

Who Is HNN?











        





























1999 Year In Review


HNN T-Shirts


T-Shirt Picture Gallery


HNN News Archive






















Freedom of the press is limited to those who own one.

   - A.J. Liebling



 











	

 
	
	







The State of the Net...



If hackers were smart...


        You sit down at your work computer, ready for another
day of work and Internet. Logging into your secure Windows NT
machine, you check the  daily mail and see that everything is
smooth. No users forgot their  password, no security alarms
were tripped. You fire off mail to your boss  ensuring him that
sending the financial plans via email for next year is safe.
No one but you and the other CEO can see it. Opening a 'telnet' 
session, you log into a partner companies  server to check
things out. Thanks to the time tested security of the TCP/IP
protocol and no snooping eyes, your work day is assured to be
stress free. 
        Now you are ready for another day of browsing the web.
Logging into Hotmail you want to see if your buddy mailed you.
Your password of "blinky"  is yours and yours alone. No mail
from Frank, just your monthly bank statement. Netscape takes
you to another auction site where you safely type in your
credit  card number and address over secure 40 bit encryption
layer. Sheesh, who needs a full *40* bits!

        If hackers were smart, this might be a real scenario.

        Hackers? Crackers? There would be no distinction. No
articles in main stream press like CNN, Forbes, Wired or NBC.
No hacker specials on 20/20 or MTV interviewing shadowy figures
with muffled voices. No security books written by 'anonymous'
claiming to be the end all reference on security. No hysterical
rantings from law enforcement claiming hackers will shut off
phones, down power grids, and turn off airplane flight towers.
If hackers were smart...
        The dozen or so defaced pages in 1995 that are so well
known (Nation of Islam's home page, MGM's "hackers" prank), to
the over 600 hacked web pages in the first half of 1999 would
be mostly unheard of. Since defacing a web page leads to
hackers losing system access, that would serve a counter
purpose to the smart hacker. 
Occasionally you might see defaced pages on child pornography
servers, political messages with no signature left on other
high profile servers,  but it would be infrequent at best. If
hackers were smart...
        Bugs in Cold Fusion (1), count.cgi
(2), Novell Netware (3), Internet Explorer (4), Solaris (5),
Irix (6), Sco (7),
several IDS products (8) and more, would all
stay mostly undiscovered. Consumers would go on using products
with the illusion of security. Highly vulnerable Operating
Systems would litter every corporation and every desktop, all
presumably secure. The amount of advisories released from
security companies would be cut in half if not more. A good
half of all reported bugs would never be talked about, or filed
away in corporate security databases. If hackers were smart...
        Almost any software could not truly be trusted. Well
known public archives like Tucows would not have been defaced.
Instead, smart hackers would have backdoored hundreds of
popular downloads ranging from Netscape to ICQ to shareware
games. Commercial operating systems like 
Sun Microsystems (Solaris), Cisco (IOS), or FreeBSD 
would most certainly contain hacker spawned backdoors. These
would allow full control over your machine, and you would never
know. Every key you press would be read by these smart hackers.
        Machines on just about every subnet would be
compromised. Each would contain subtle and difficult to remove
backdoors. Hackers could move around on the machine and never
be discovered because of the depth of their penetration. Large
servers, routers, dedicated home machines would all be under
the control of someone else. Every unencrypted keystroke would
be silently logged elsewhere, ready to be used later by these
silent intruders. The backbone routers that control some 90% of
Internet traffic would become monitor points for your activity.
If hackers were smart...
        If one hacker wanted onto any of these machines, it
would be a matter of one polite request. The flow of
information about servers, logins and passwords, tools, tips
and methods would all be openly shared. New vulnerabilities
would circulate quickly so that the network of hackers could
compromise a few of the servers left on the "we don't own"
list. Each hacker would control so many systems, giving up a
dozen here or there would make no difference.
        Machines would have a lot less downtime, and a lot
less problems in general. Most hackers are quite familiar with
systems and know how to run them. Systems with problems tend to
be noticed by the legitimate administrators. In an effort to
keep prying admin eyes away from these machines, the hackers
would take care of administrative problems and keep the servers
running quickly and quietly. The legitimate admins would enjoy
stress free lives and enjoy that myth called "free time".
If hackers were smart...
        Each and every machine that has been compromised would
be rigged for high end remote distributed computing
applications. Challenges like the RC5 Cracking would find 
itself with over ten times the computing power it currently
enjoys. Imagine over half the Internet all working toward a
handful of computing goals and the power behind it. If hackers
were smart...

        I think it is fair to say that the state of the net
doesn't quite match the description above. There are a handful
of talented hackers out there capable of everything I
described. These individuals bring new meaning to "one with
technology". But, for the most part, the hacker scene is a
cesspool of little ignorant kids, hiding behind a legendary veil 
called 'hacker'. They have problems compiling exploits written
by other people. Sheer luck allows them to break into domains
you never knew existed. They run around defacing no name web
sites with poorly written flames against other hacker groups
you've never heard of. Their HTML is full of errors causing the
page not to load sometimes.
        Or maybe these supposed "kiddie" web defacement groups
out there right now are only there to distract you from the
real hackers.. the smart hackers. They are out there, silently
doing everything I described above and more.


by whoever@attrition.org
99.05.15




Reference


1. 
Cold Fusion Bug

2. 
count.cgi Bug

3. 
Novell Netware Bug

4. 
Internet Explorer Bug

5. 
Solaris Bug

6. 
Irix Bug

7. 
SCO Bug

8. 
IDS Vulnerabilities

-EOF










			



	
	
	







buffer overflow







HNN Store








c o n s

a b o u t

p r e s s

s u b m i t

s e a r c h

c o n t a c t





















	
Today
Yesterday
08/16/00
08/15/00
08/14/00
08/13/00
08/12/00
08/11/00
	
			


 






 

	

 





          




        
	
 
	

         












These pages are Copyright © 2000
Hacker News Network All Rights Reserved.