Thursday, January 31, 2013

Habit 1

I gave a presentation at a conference last year, and someone commented that if I have a blog called "the 7 habits of highly effective hackers", I should probably have a list of 7 actual habits on said blog. I guess that's fair.

So here we go starting with habit 1, which I promise will be the only non-technical habit of the 7.

Habit 1: Effective hackers know that the game they play IS the real world.
In a sentence; Effective Hackers understand the repercussions of their actions.
There's something about computer systems that causes many people to act in a way that they never would in real life. Some of us would never read a stranger's physical mail, yet would feel no guilt whatsoever about reading their email. We make silly excuses to justify why our online world is different than our real world. That person should have changed the default password on their router; they're stupid and deserve it. That company knows their environment/product is insecure, if they wanted to keep me out they'd have fixed it.

Think this one over. Although there's no CVE number for it yet, it is now being reported that human beings are vulnerable to having bricks thrown at their heads. All versions are affected, and easy methods for exploiting this weakness have reportedly been in the wild for some time now....Would anyone think that the public disclosure of this knowledge, would in any way justify them throwing bricks, and hurting others? Are we more justified because they should have known better?

This probably all sounds really preachy. I'm actually not trying to tell you that you should feel guilt for hurting others (that's between you and your own conscience). I AM trying to say you should understand the repercussions of your actions. If you post someone's PII on pastebin, someone, A REAL PERSON, will experience real grief over it. When you gain access to someone's network, it could mean real impact for that organization. Real people could lose their jobs over it. I'm not telling you to care, I'm telling you that you MUST understand.
You must do whatever you do with your eyes wide open. Know and accept all possible impacts of every scan, every exploit, every move.

Okay, gotta go. My shirt just got out of the dryer. I'm sure we're all familiar with MITM (Mythbuster In The Middle).




3 comments:

  1. Collections from the design labels such as pas cher trx and other beauty are released after every six months.
    With every new launch, a new penny skateboards cheap online technology is developed.
    This had led to making TRX For Sale remain competitive in the International market.
    The entire pas cher trx packaging process is paid into detail to enhance the collections quality and appearance.
    Now everyone can own high-end designer trx france.
    TRX Suspension Training Sale being one of the largest and most prominent fashion company in the world, it has an obligation of beating the standards set by others.
    The fashion world, with a higher concentration on Discount TRX Sale, needs to provide the best packaging services that the modern world has ever seen.
    TRX Suspension Training On Sale plays a major role in creating a brand name that fashion lovers want to identify with.

    ReplyDelete
  2. By this presentation reading response template can be taken as granted. This can be a positive step towards success.

    ReplyDelete
  3. great post on habits of hacker.I made my concept here about what hackers do and how they do.I would like to share reading response template.Surely it wil be helpful for you :) .

    ReplyDelete