nettime's_1337ologist on Tue, 6 Aug 2002 19:11:38 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> hack, hack, hack digest [spornitz, flagan, hwang, pope, assange]


Re: <nettime> hacker culture
     Bill Spornitz <spornitz@mts.net>
Re: <nettime> op-con
     Are Flagan <areflagan@mac.com>
is hacking random?
     Francis Hwang <sera@fhwang.net>
Re: most artists are hackers, whereas hackers are godlike
     "Ivan Pope" <ivan@ivanpope.com>
Re: most artists are hackers, whereas hackers are godlike
     proff@iq.org (Julian Assange)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Date: Fri, 2 Aug 2002 21:07:22 -0500
From: Bill Spornitz <spornitz@mts.net>
Subject: Re: <nettime> hacker culture

Boston Consulting Group Hacker survey as presented at last week's 
Open Source Convention

http://www.osdn.com/bcg/bcg/bcghackersurvey.html

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Date: Sat, 03 Aug 2002 18:33:55 -0400
Subject: Re: <nettime> op-con
From: Are Flagan <areflagan@mac.com>

On 8/3/02 13:18, "nettime's_opinion_contraption" <nettime@bbs.thing.net>
wrote:

> Hackers literally do enter strings
> of code at random in the hopes of cracking somebody's password etc. It's
> like searching for a needle in a haystack much of the time, and it is
> hideously dull and tedious work that bears absolutely no relationship to
> the intensive creativity of an artist's task. If you want an analogy
> that works, compare it to the codebreakers of WWII, only instead of
> fighting the Nazis, hackers (those with a smattering of political
> consciousness, at least) are going after Capital, and often for far less
> noble reasons. I am sorry, but I refuse to see hacking as a pursuit we
> should be putting on the same pedestal (or higher, in one person's view)
> as artistic creation. It just ain't so!

Read up on brute force (which is indirectly what you are talking about) and
move on to flooding etc. Hacking is knowledge of how the bits connect. It
has nothing to do with challenging the trillion to one odds of the lottery.

Also, read up on the history of hacking (for example, Douglas Thomas, Hacker
Culture, University of Minnesota Press, 2002) and you'll see that hackers
have actually ignored capital gain for the sake of network access. (You may
confuse hackers with thieves. By the same generalized analogy, you can fit
artists in just about every auxiliary category, some far less flattering.)

Your pivoting around the pedestal floored me. Good luck with the cracking...

-af

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Date: Sat, 3 Aug 2002 22:39:25 -0400
From: Francis Hwang <sera@fhwang.net>
Subject: is hacking random?

MWP wrote:

>No, I disagree with FH's view entirely. Or at least with the part of it
>that suggests I am describing hacking in completely inaccurate terms.
>And the analogy several people are making to daubing paint at random on
>a canvas etc. is completely absurd. Hackers literally do enter strings
>of code at random in the hopes of cracking somebody's password etc. It's
>like searching for a needle in a haystack much of the time, and it is
>hideously dull and tedious work that bears absolutely no relationship to
>the intensive creativity of an artist's task.

MWP, I don't have any real experience doing password breaks, so my 
understanding may be off. But from my admittedly dilettantish 
interest in computer security -- I'm an avid reader of Bruce 
Schneier, and I have to sysadmin boxes in work situations -- I 
believe that your characterization of password attacks is incorrect.

Most password attacks aren't random. Or, at the least, they use 
educated guesswork to drastically reduce the random search space. 
Many passwords are crackable because they're inferrable from known 
information about the account. If I have an account on a server where 
my username is "francis", maybe I got sloppy and used "francis" as a 
password, or even "fr4nc1s" if I felt like being clever. (Hackers 
I've spoken with at computer security conferences tell me that that's 
the first thing they usually guess.) Or if you know the name of my 
wife, my dog, or my favorite sports team, you could try those things 
too.

After that, I believe a dictionary attack is considered the next 
step. If you have a login protocol that gives you multiple chances to 
guess without negative repercussions, you can try to login with an 
automated tool that guesses based on the most common dictionary 
words. A lot of passwords are actually common words, and although 
some fairly smart password-creation systems do dictionary lookup to 
discourage this, most users don't listen.

A dictionary attack doesn't actually involve taking a dictionary off 
the shelf and manually trying 10,000 logins til you get it right. It 
involves setting up the right script, and letting it run. Only a 
couple of command-line strings.

So, no, I don't believe that hackers spend a lot of time entering 
strings at random.

>I am sorry, but I refuse to see hacking as a pursuit we
>should be putting on the same pedestal (or higher, in one person's view)
>as artistic creation. It just ain't so!

You don't seem to be actually responding to my post here, but I'll 
just clarify for the record: I don't think hacking should be on that 
pedestal. (Though I'm not really a big fan of pedestals in general.) 
Hacking is an activity, like art, in some ways the two are similar 
and in most ways they're not. Just because something isn't art 
doesn't mean that it's useless. They're different. It's a big world, 
and different is okay.

Francis
-- 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

From: "Ivan Pope" <ivan@ivanpope.com>
Subject: Re: most artists are hackers, whereas hackers are godlike
Date: Mon, 5 Aug 2002 17:34:06 +0100

> > noble reasons. I am sorry, but I refuse to see hacking as a pursuit we
> > should be putting on the same pedestal (or higher, in one person's view)
> > as artistic creation. It just ain't so!
>
> You can't ``try'' hacking any more than you can ``try'' theoretical
> physics. ... As for artistic creation, ugh, when I survey the
> non-economic arts it is difficult to see anything but ineffectual
> wankers desperate for poorly concealed self-aggrandizement, pissing
> from the tops of their self-errected pedestals, endlessly turning,
> trying to keep the latest political wind at their backs.
>
> On a good day with a brolly I'm more generous and see them as a
> mostly harmless, if parasitic, marketing arm for the people who
> do the real work.
>
> --
>  Julian Assange

OK, fair enough, good swipe at artists. And nicely done, to get hacking on a
par with theoretical physics.
But remind me, why do hackers hack then?

Surely hackers hack in the world, but from a self justified theoretical
position. Generally they are only acknowledged within the hacker community
itself. If _success_ and reward comes, it tends to come by abandoning to
some degree the initial theoretical position and jumping in bed with a non
hacker community. At which point, this success will be derided by those who
remain _pure_. The craft itself will move endlessly on. There will be heroes
and villains, and new generations of hackers coming along to scale new
heights. And all the time, the outside world just thinks they are a bunch of
self justifying wankers.
Bit like the art world, really.

Cheers,
Ivan

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Subject: Re: most artists are hackers, whereas hackers are godlike
Date: Tue, 6 Aug 2002 04:49:01 +1000 (EST)
From: proff@iq.org (Julian Assange)

> OK, fair enough, good swipe at artists. And nicely done, to get hacking on a
> par with theoretical physics.

Yes, in making this analogy stronger I excluded the middle. But since
I have previously been involved with the computer underground (see
my book http://www.underground-book.com/) and now study mathematical
physics this was a natural analogy for me to use. They they are
both highly technical fields and take many years to realise and this
was my point.

Experienced hackers shun the media and those exposed by it are
treated as dangerous pariahs. Any hacker you see courting the media
is a neophyte, retired or suicidal although its fair to say those
three categories are not lacking subscribers. The most succesful
individuals in the computer underground try extraordinarily hard
to stay off the radar. They are leading peers who command respect
and set modes of desirable behavior. Respect flows from their
longevity and continued supremecy over important information assets.
Neophytes have a media dominated view of the underground because
they have yet to discover it.  While there is a lot of internal
posturing for heirarchy elevation, in the end objective tests
dominate -- machines do not care for wank.

--
 Julian Assange        |If you want to build a ship, don't drum up people
                       |together to collect wood or assign them tasks and
 proff@iq.org          |work, but rather teach them to long for the endless
 proff@gnu.ai.mit.edu  |immensity of the sea. -- Antoine de Saint Exupery

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net