Category Archives: Security

The Hacker Manifesto

I was looking at the hard drive of an old computer and found some interesting text files, including this – the Hacker Manifesto.  It was written by Loyd Blankenship, AKA “The Mentor” back in 1986 – just after he got arrested by the FBI.

I expect a lot of people will have read this before, but I think it’s a great document, and it is still relevant today, 25 years on.
Another one got caught today, it’s all over the papers. “Teenager
Arrested in Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”…
Damn kids. They’re all alike.

But did you, in your three-piece psychology and 1950’s technobrain,
ever take a look behind the eyes of the hacker? Did you ever wonder what
made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world…
Mine is a world that begins with school… I’m smarter than most of
the other kids, this crap they teach us bores me…
Damn underachiever. They’re all alike.

I’m in junior high or high school. I’ve listened to teachers explain
for the fifteenth time how to reduce a fraction. I understand it. “No, Ms.
Smith, I didn’t show my work. I did it in my head…”
Damn kid. Probably copied it. They’re all alike.

I made a discovery today. I found a computer. Wait a second, this is
cool. It does what I want it to. If it makes a mistake, it’s because I
screwed it up. Not because it doesn’t like me…
Or feels threatened by me…
Or thinks I’m a smart ass…
Or doesn’t like teaching and shouldn’t be here…
Damn kid. All he does is play games. They’re all alike.

And then it happened… a door opened to a world… rushing through
the phone line like heroin through an addict’s veins, an electronic pulse is
sent out, a refuge from the day-to-day incompetencies is sought… a board is
found.
“This is it… this is where I belong…”
I know everyone here… even if I’ve never met them, never talked to
them, may never hear from them again… I know you all…
Damn kid. Tying up the phone line again. They’re all alike…

You bet your ass we’re all alike… we’ve been spoon-fed baby food at
school when we hungered for steak… the bits of meat that you did let slip
through were pre-chewed and tasteless. We’ve been dominated by sadists, or
ignored by the apathetic. The few that had something to teach found us will-
ing pupils, but those few are like drops of water in the desert.

This is our world now… the world of the electron and the switch, the
beauty of the baud. We make use of a service already existing without paying
for what could be dirt-cheap if it wasn’t run by profiteering gluttons, and
you call us criminals. We explore… and you call us criminals. We seek
after knowledge… and you call us criminals. We exist without skin color,
without nationality, without religious bias… and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us
and try to make us believe it’s for our own good, yet we’re the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me
for.

I am a hacker, and this is my manifesto. You may stop this individual,
but you can’t stop us all… after all, we’re all alike.

+++The Mentor+++

Advertisements

So, Google OS means you won’t have to deal with malware?

The ‘big news’ of today has been Google’s new OS – which will be aimed at netbooks and desktop PCs.  The OS will be essentially use Google Chrome with a new front end, built on top of a Linux kernel.

Will it take off?  Personally, I highly doubt that it will get that much adoption outside of the community of people who already use an ‘alternative’ operating system.  I have no doubt that a lot of people will buy netbooks or pre-built PCs with it already installed, but, just like with the Linpus Linux powered netbooks, as soon as Joe User realizes it won’t easily run their favourite windows applications, he’ll be taking it straight back to the shop.

The reason I’m posting about this, is because of a statement made on Google’s blog: “the operating systems that browsers run on were designed in an era when there was no web […] we are going back to the basics and completely redesigning the underlying security architecture of the OS to ensure that users don’t have to deal with viruses, malware and security updates”.

The security argument really annoys me.  Malicious code can run on Linux too – spend enough time on a Linux user’s forum and you’re bound to encounter somebody telling you to wget something dangerous, or suggesting you forkbomb / rm -f yourself.  It may be easier to attack a Windows PC, but if there were enough targets running Linux, script kiddies would turn to that instead.  Also, if somehow a Linux variant became the most popular OS, I’m willing to bet that the majority of users would make some silly configuration choices – the root user may not be the default user on most distros, but I know plenty of so-called geeks who run as root because they can’t be bothered to type sudo.

Even assuming Google’s OS is so locked down that it’s somehow impervious to traditional malware and virus attacks, what does that really mean?  Advertising the OS as ‘secure’ will just give users a false sense of confidence. The attackers will just continue doing what they always have done – learning new skills and picking new targets.  Instead of targeting the desktop, they’ll target the web application.  They’ve already done that with malicious Facebook applications and Twitter worms.  It doesn’t matter what platform you’re accessing a site from if the site itself is vulnerable.

I don’t mean to defend Windows here, and I’m sure that Google didn’t mean their no ‘viruses, malware, and security updates’ statement in quite the way I’ve seen some people interpreting it on various forums around the web.  I just fear that some people see using Linux as meaning “I am 100% Secure!”, without thinking about how when you’re using the Internet, a huge amount of the time your private data is being handled by computers elsewhere in the world, that you don’t own.