Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MI5 Website Breached By Hacker

CmdrTaco posted more than 5 years ago | from the because-they-can dept.

Security 71

Jack Spine writes "UK intelligence agency MI5 has admitted that its website security was breached by hacker group Team Elite. A member of the hacker forum posted details of the hack last week, which took advantage of a cross-site scripting vulnerability in the site's Google embedded search. MI5 admitted the breach on Wednesday, but said that the flaw had not been exploited maliciously."

Sorry! There are no comments related to the filter you selected.

Is This Good, or Bad for Mike Corley? (2, Funny)

Fleetie (603229) | more than 5 years ago | (#28880527)

No doubt we'll find out on uk.misc later.

Better headline (2, Informative)

BadAnalogyGuy (945258) | more than 5 years ago | (#28880545)

MI5 allows websurfing on critical computers.

Seriously. How else would you get hit by CSS?

Re:Better headline (5, Funny)

magsol (1406749) | more than 5 years ago | (#28880631)

<link rel="stylesheet" type="text/css" href="..." />

BOOM! Hit by CSS.

Re:Better headline (4, Funny)

TaggartAleslayer (840739) | more than 5 years ago | (#28881533)

I like how you were modded interesting instead of Funny. Some poor bastard out there is now furiously trying to hack the pentagon with tips from Zen Garden.

meh (5, Informative)

Anonymous Coward | more than 5 years ago | (#28880587)

It's a sort of script-injection vulnerability where you'd have to click on someone else's link to the MI5 site. I suppose it could steal cookies from someone stupid enough to click on a long link from an unknown person, but it's not like the site itself was hacked or anything, which is what "website breached by hacker" strongly implies.

Re:meh (3, Informative)

morgan_greywolf (835522) | more than 5 years ago | (#28880749)

The exploit is that people, especially in the U.K., will tend to trust results of a search that appear to be emanating from the MI5 website [imageshack.us] , and hence, with a well-formed set of "search results," a site could be setup that mimicks MI5's, thus tricking people into revealing passwords, credit card numbers, etc.

Yeah, it's the work 4m4t3ure p0s3rz, but hey, what did you do last week?

Re:meh (0)

Anonymous Coward | more than 5 years ago | (#28883219)

Last night, not last week! get your citing right, right?

Mick: What did you do last night?
Punk: We didn't do nothing.
Mick: That's what you call cool, is it? Well, tomorrow, if someone asks you the same question, you can say: "We didn't do nothing,"... or you can say: "We went out to Long Island to help this lunatic storm a fortress!" Least you can do is come and see me get my head blown off...

Re:meh (4, Funny)

sys.stdout.write (1551563) | more than 5 years ago | (#28880949)

Man.. James Bond villains are getting a lot nerdier.

Oblig. (3, Funny)

svtdragon (917476) | more than 5 years ago | (#28881785)

Man.. James Bond villains are getting a lot nerdier.

Somebody beat you to this conclusion. [xkcd.com]

Re:Oblig. (2, Funny)

sys.stdout.write (1551563) | more than 5 years ago | (#28882151)

Did you ever see that South Park episode where everything Butters suggests is rebutted with "Simpsons did it!"

I feel like Randall Munroe my Simpsons; the thorn in my back; the down-mod for offtopic.

Re:Oblig. (1)

svtdragon (917476) | more than 5 years ago | (#28882267)

I feel like Randall Munroe [is] my Simpsons; the thorn in my back; the down-mod for offtopic.

But this is /. Randall Munroe is never off-topic... he's like a Soviet Russia joke, or an all your base joke. It's just sort of... expected.

Re:meh (1)

mcneely.mike (927221) | more than 5 years ago | (#28884031)

Her name is Drive... Miss HARD DRIVE?
Her name is K. Board... you can put your fingers all over her?
Her name is Floppy B. Hard? Teri Bite?

Just askin'!

simple test (3, Funny)

martin-boundary (547041) | more than 5 years ago | (#28880597)

MI5 admitted the breach on Wednesday, but said that the flaw had not been exploited maliciously.

If a whole bunch of fake Iraq WMD reports start showing up on the net in the next few days, then we'll know if they were really exploited or not...

Re:simple test (0)

Anonymous Coward | more than 5 years ago | (#28880651)

By that logic they must have been compromised prior to the invasion of Iraq. I can see that Bush/Blair defense at their respective war crime tribunals now...

"It was hackers what done it, I deserve a nobel peace prize!"

Re:simple test (1)

Shakrai (717556) | more than 5 years ago | (#28881633)

I can see that Bush/Blair defense at their respective war crime tribunals now...

Yeah, that's likely to happen......

Re:simple test (0)

Anonymous Coward | more than 5 years ago | (#28882121)

"It was hackers what done it, I deserve a nobel peace prize!"

Al Gore got a Nobel Peace Prize. They may as well just stick Nobel Peace Prizes in Cracker-Jack boxes now since they no longer mean much of anything.

Re:simple test (1)

maxwell demon (590494) | more than 5 years ago | (#28883839)

Oh come on. Al Gore made a movie and a big PR tour instead of just bombing all those evil petrol-burners. The world is much more peaceful without bombing. Doesn't that deserve a Nobel Prize?

Coward me (0)

Anonymous Coward | more than 5 years ago | (#28880657)

How many time will MI5 take to kill the guy that made this? ihih

Re:Coward me (1, Funny)

Anonymous Coward | more than 5 years ago | (#28880771)

You should be hearing black helicopters any moment. Stay in the basement - it's safer.

Sent from my iPhone

Re:Coward me (1)

Ukab the Great (87152) | more than 5 years ago | (#28881005)

If they were smart, they'd start with the guy who thought it was a good idea to allow browsers to run javascript outside the <HEAD> section.

Then they'd go after all the cowboy coders who'd be screaming "but it's soooo convenient".

Re:Coward me (1)

clone53421 (1310749) | more than 5 years ago | (#28885649)

You mean, like, in the onClick attribute?

Competence (2, Funny)

Wowsers (1151731) | more than 5 years ago | (#28880663)

I propose the MI5 website team should be known as the "Mostly Incompetent 5" team !?

Re:Competence (3, Funny)

Iyonesco (1482555) | more than 5 years ago | (#28880859)

It's hardly surprising since the pay at MI5 is abysmal. I requested an information pack during my last year of university but lost interest when I found MI5 was about the worst paying graduate recruiter and especially bad for central London. Given the pay I would imagine that anyone with competence would take a job in the private sector leaving them to scrape up the dregs.

Still, it was worth requesting the information pack for the entertainment alone because in every one of the pictures all the people were turned away from the camera. It looked thoroughly ridiculous and I couldn't help think that they would have been better not using pictures at all.

Re:Competence (2, Funny)

SGDarkKnight (253157) | more than 5 years ago | (#28881167)

Yes yes, but your forgetting one important detail, the information pack you requested is the one they show to the public, they dont want everyone to know about the "real" pay options you get that dont have any type of paper trails, just un-sequenced stacked bills handed to you in a brown paper bag that reads "lunch - extra lettuce".

As for not looking at the camera, i guess thats just habit to them now... knowing when their picture is being taken and all :-)

Re:Competence (4, Informative)

Shakrai (717556) | more than 5 years ago | (#28881663)

It's hardly surprising since the pay at MI5 is abysmal. I requested an information pack during my last year of university but lost interest when I found MI5 was about the worst paying graduate recruiter and especially bad for central London

That's not really that unusual for Governmental agencies. I would imagine that most people who go to work for MI5/CIA/Mossad/etc are not doing it for the money.

Re:Competence (1)

laddiebuck (868690) | more than 5 years ago | (#28885519)

MI5 is internal security, MI6 is the one most like the CIA/Deuxieme Bureau/KGB.

Having said that, there was an interesting article recently on the BBC quoting ex MI6 chiefs who mentioned the remarkable amount of help they received for symbolic or no compensation by ordinary people, Britons and foreigners alike, who carried out all sorts of difficult and sometimes dangerous activities voluntarily, sometimes for no more than "a bottle of wine at Christmas". It seems their main motivation was patriotism and/or sheer inspiration by glamourous (though obviously inaccurate) portrayals of spying by the likes of Ian Fleming or Len Deighton or others, added to which a liking of Western values in the case of foreigners.

Re:Competence (1)

ahabswhale (1189519) | more than 5 years ago | (#28887925)

What makes you think that the incompetence is due to it being a government agency? I've worked at many companies that are so incompetent that I can't figure out how they stay in business. Bureaucracies have their own innate incompetence, whether it's government or not is pretty much irrelevant.

Re:Competence (1)

Shakrai (717556) | more than 4 years ago | (#28896493)

Where did I use the word 'incompetence'? I was referring to the disparity in pay that was noted by the GP. I didn't imply or suggest that they were incompetent.

A bit misleading ... (5, Informative)

crowemojo (841007) | more than 5 years ago | (#28880709)

I see this and think the word "Hacked" gets thrown around a bit too easily. This is an example of non-persistent (also referred to as reflected) cross site scripting. This means that in order to take advantage of it, they have to convince a target to visit their specially crafted link. To me, "Hacked" sort of implies "They got in!" or "Data was breached!" or other such bad things and that simply isn't the case here.

So what does this type of XSS do? Mostly embarass people because defacement examples are posted to "look what I can do" forums (which is basically what happened). Think about the attack vector here, they have to get a victim to visit their specific url that includes their attack. How is that done? Malicious email, posting the link to some website or forum and hoping they find it and visit, embedding the link in other sites that have been hacked or something like a banner ad, or whatever. All of these involve the target going out of their way to visit this maliciously crafted url. When you consider that they could still do all these things without XSS and simply host malicious code themselves, all this reflected XSS is doing is making it a bit harder for an end user to spot that this is something non-standard and dangerous.

Think of it this way, "With reflected XSS, I can send them a link, and if they visit it, I can do bad things to their computer!" but then again, you can do that without XSS too, it just isn't quite as effective. How many users are taking the time to carefully look at a link before clicking on it, checking to make sure it contains the domain name they expect and not just an IP address, or a domain name that is similar, but not quite right, etc. A user who is doing this sort of thing will more likely fall victim to this XSS attack, but most users, who don't scrutinize things at that level, were just as susceptible to a classic phishing/malicious linking attack anyways.

Re:A bit misleading ... (1)

nurb432 (527695) | more than 5 years ago | (#28880889)

I see this and think the word "Hacked" gets thrown around a bit too easily. .

shhhh they need the ratings.

Re:A bit misleading ... (0)

Anonymous Coward | more than 5 years ago | (#28880907)

If you can inject javascript on a remote page like this, then you can steal their session data and login as them. That sounds pretty serious to me.

Re:A bit misleading ... (3, Insightful)

Anonymous Coward | more than 5 years ago | (#28880977)

If you can inject javascript on a remote page like this, then you can steal their session data and login as them. That sounds pretty serious to me.

more so when you consider the fact that there is no login form on their entire website. if these hackers can exploit something that doesn't exist, they're truly the cream of the crop. what's next? sql injection on static html?

Re:A bit misleading ... (0)

Anonymous Coward | more than 5 years ago | (#28881113)

If you can inject javascript on a remote page like this, then you can steal their session data and login as them. That sounds pretty serious to me.

You missed the point of the original poster, it doesn't matter what scary things you can do with javascript, you still have to convince someone to visit your special attack link. You can't inject javascript "on a remote page" like this. It would be more accurate to say you can bounce javascript off the page.

Re:A bit misleading ... (1)

Big Hairy Ian (1155547) | more than 5 years ago | (#28881019)

Agreed although a DNS hack could implement the XSS without anyone being any the wiser. However if you can hack DNS who's going to waste their time on XSS anyway?

Re:A bit misleading ... (0, Redundant)

TechnoChatter69420 (1605189) | more than 5 years ago | (#28881243)

The word "Hacking" has been quite bastardized as well - Hacking used to mean one could write good code effortlessly.

Re:A bit misleading ... (1)

trifish (826353) | more than 5 years ago | (#28882025)

When you consider that they could still do all these things without XSS and simply host malicious code themselves

Sure but people are still more likely to click on URL containing a domain name that ends with ".gov.uk".

Re:A bit misleading ... (2, Informative)

maxwell demon (590494) | more than 5 years ago | (#28884123)

You mean links like this? http://www.mi5.gov.uk/ [slashdot.org]

Re:A bit misleading ... (1)

metaforest (685350) | more than 5 years ago | (#28893145)

You mean links like this? http://www.mi5.gov.uk/ [mi5.gov.uk]

Good thing I am on OSX running Safari.... Hovering the mouse over the rendered text of the link shows me the actual domain I'm going to be vectored to... Gosh wouldn't want to go there.... might be dangerous!

Re:A bit misleading ... (1)

maxwell demon (590494) | more than 5 years ago | (#28893281)

Do you mean the tooltip? Slashdot adds a title attribute containing the domain. The title tag exists exactly for the purpose of showing something when you hover. I'd expect any current browser to show the target domain on Slashdot when hovering the link.

BTW, even if Safari normally shows the link target as tooltip, what does Safari show when you hover over a link with a title tag? The content of the title tag, or the actual linked domain? I can't give such a link, because Slashdot replaces the title tag with its own (and rightly so).

Or do you mean that Safari shows the link target in the status bar (like Mozilla-based browsers do)? But how many people do you think look there before following a link? And BTW, how many people wait for a tooltip to appear for a link before clicking it?

Re:A bit misleading ... (1)

metaforest (685350) | more than 4 years ago | (#28893525)

It shows it as a tooltip. So does the Mac OS Mail program. This works for all linked passive content displayed by WebKit.

It shows more than the domain. It shows the actual domain and path that clicking on the hot-text will request. WebKit has done this since at least Mac OS X 1.2.X

One place I's like to see it expanded in active content.... I have to watch my cursor very carefully on ad-rich pages to avoid getting whacked by active content. Not that it does anything worse than crash Safari browser or lock it up.... for now :/

BTW if you'll notice, when I copied the rendered URL into my posting. Only the rendered text was copied, by Safari, not the underlying URL.... I consider that a feature, not a bug.

I cannot blindly copy a deceptive URL without extra effort, and more than likely I would discover the underlying deception in the process of duplicating the URL in it's original form.

Safari's design and UI did a damn good job of making me paranoid about links embedded in a page without throwing a bunch of modal dialogs in my face. go figure.

Re:A bit misleading ... (0)

Anonymous Coward | more than 5 years ago | (#28907255)

Instead of posting lame crap (irony is that it ends with [slashdot.org]), you should accept a solid argument. Or just be an asshole, it's your choice.

this XSS is overrated (1, Insightful)

Anonymous Coward | more than 5 years ago | (#28880737)

I'm not sure I'd call exploiting an XSS vulnerability penetrating. Sure, it can be used with a hybridized CSRF attack to penetrate into otherwise restricted areas of a website (although I don't know of such areas on MI5's website), but XSS, in and of itself, is more akin to graffiti than anything else.

And, btw, I don't consider the social engineering element of XSS to be a particularly bonafide threat. If someone's going to provide all their personal info because the MI5 website, through XSS, asked for it, what's to stop them from doing it for some MI5 look-alike domain? <sarcasm>mi5verify.co.uk is asking for my info? Only MI5 could have MI5 in their domain!!!

Well, at least the terminology is right... (1, Redundant)

Knoeki (1149769) | more than 5 years ago | (#28880815)

People tend to confuse hacking with cracking quite often, thanks to the mass media.

Re:Well, at least the terminology is right... (1)

socsoc (1116769) | more than 5 years ago | (#28880967)

Yet exploiting an XSS vuln is neither.

Shit it's Neo (0)

Anonymous Coward | more than 5 years ago | (#28880847)

HOLY SHIT Neo finally got his ass off the matrix-plug and joined Team Elite to "hack" websites by adding scripts to the URL!

Seriously, I would NEVER call anything XSS unless the script was actually inserted into the page so others don't have to follow maliciously crafted gay links. How could they ever abuse this "hack" anyway? "Hey man check the MI5 website by following my link here, it's a really cool governmental agency really. Please click!"

Also congrats to them for learning HTML 3 for building the Team Elite forum.

Re:Shit it's Neo (3, Informative)

Chrisq (894406) | more than 5 years ago | (#28880981)

How could they ever abuse this "hack" anyway? "Hey man check the MI5 website by following my link here, it's a really cool governmental agency really. Please click!"

Hey, did you know that someone on the MI5 site with your name is listed as a terrorist. He lives in the (your city) region as well. I'd watch out if I were you, someone might get the wrong idea. Here's a link [mi5.gov.uk] so you can check it out yourself.

Re:Shit it's Neo (0)

Anonymous Coward | more than 5 years ago | (#28884197)

Ha! You are so wrong. My real name might be Good Friday but I don't live in Ireland any more.

Re:Shit it's Neo (0)

Anonymous Coward | more than 5 years ago | (#28887049)

How could they ever abuse this "hack" anyway? "Hey man check the MI5 website by following my link here, it's a really cool governmental agency really. Please click!"

Hey, did you know that someone on the MI5 site with your name is listed as a terrorist. He lives in the (your city) region as well. I'd watch out if I were you, someone might get the wrong idea. Here's a link [mi5.gov.uk] so you can check it out yourself.

Actually, it would read more like:

"Grettings from to the you grand MI-5 list! Confirming to the identity of Terrorist activity for yourself, by clicking the link. We know that in your Duchy of the USA things can go badly, be kindly sure to remove at once!"

MI5 "frustrate" vs CIA's "combat" terrorism (0)

Anonymous Coward | more than 5 years ago | (#28905445)

What is the difference between MI5 "frustrate" and CIA "combat" ?

Please forgive me if I've misinterpreted these statements. But the "About us" section of MI5 states the main "corporate aim" is to

"frustrate terrorism..."

http://www.mi5.gov.uk/output/about-us.html

Yes I understand counterintelligence is primarily based in "frustrating" your enemy. Anyone could succeed with that directive. And it also comes across has a bit shallow. Shouldn't they have a legal and protective goal of stopping terrorism?

this is just an off the cuff remark and I might not understand the significance of such a MI5 goal. please enlighten me. Im not an expert on intelligence work. But these kind of goals drive the whole organization, and what the organization is expected to achieve.

Since I'm curious kind of person I looked for a similar USA goal to compare. (I'm American so I quickly searched to see what the CIA "aims" are.)

The CIA website had this answer:

" 8. What is the CIA's role in combating international terrorism?

        The CIA supports the overall US government effort to combat international terrorism by collecting, analyzing, and disseminating intelligence on foreign terrorist groups and individuals. The CIA also works with friendly foreign governments and shares pertinent information with them. "

"...combat ... terrorism..." seems like a substantial goal with depth. Obviously there is a strong meaning for combat. - actively fight against - and that leads us into preemptive attacks.

Some social thinkers would say we need to work with terrorism elements by injecting love to replace the hate.(I agree) But there are times we must combat terrorism as they steadfastly reject love. That seems like the appropriate time for preemptive action, as they have already killed and we must defend ourselves.

Of course we are not perfect, and some will take advantage of the logical conclusions mentioned above to justify other evil interests and agendas to preemptively attack those that stand in the way of USA goals. Thats why we need good men and women in government to stop greedy interest and support justice and liberty for all.

True Christians have the perfect foundation of grace, mercy, justice and liberty for all to help that lofty goal of being a good neighbor. That is the kind of heart needed to stop unwarranted preemptive attacks. I do believe defense includes elements of preemptive attacks. But this must must not be our ideological goal for success.

I'm a Christian and hope the Christian foundations of the United States of America is honored for the contribution of integrity and love that helps the world embrace truth fighting for liberty of all faiths. Many argue whether the USA really has liberty. Compare the liberty many world societies have produced. Then compare the real life liberty the UK and USA have achieved.

Why is it we forget fascist, nazi, communist etc societies filled with cruel bondage and lies. (not to mention hate filled terrorism based societies that have little freedom) Because we don't understand history, or we haven't had the opportunity to learn history.

another interesting word study. Twenty five years ago they changed many Jr. High school "History" classes into "Social studies". Lessening the focus on teaching history.

There was (and still is) a diminished focus on historical teachings in U.S. education systems. Is it a surprise new adults of this generation have little understanding of the past.

Gabriel

MI5 is hacked? Jamie is gonna get mad! (0)

Anonymous Coward | more than 5 years ago | (#28880883)

The Mythbusters crew know Jamie hates getting hacked more than he hates people leaving the lights on.

NSA anyone ? (2, Interesting)

C0vardeAn0nim0 (232451) | more than 5 years ago | (#28880941)

any "l33t hax0r" in the house brave enought to try this shit on the NSA ?

considering that i never heard of any snafu from those guys, either their pretty good at sevuring their stuff, or incredibly efficient at snuffing anyone who tries it before news get to public.

sincerely, i don't know which one is the scariest scenario.

Re:NSA anyone ? (2, Informative)

gad_zuki! (70830) | more than 5 years ago | (#28881373)

I doubt the NSA cares. Their public websites arent hosted or even maintained by the people who do their cracking. The probably have a hosting service and if the site gets defaced or goes down, its no big deal. Its not exactly sitting on some high security LAN.

Websites are the low hanging fruit in the hacker community. Its like spray painting my garage. You can be a jerk if you want to, its just not worth it to obsess over protecting said garage.

Re:NSA anyone ? (1)

Memroid (898199) | more than 5 years ago | (#28884147)

any "l33t hax0r" in the house brave enought to try this shit on the NSA ?

Like 6ish years ago I sent the NSA an example of a similar cross-site bug like this, when they were using ColdFusion for their web server. I could pretty much display anything on their site to a user, given a long link, which is what others are describing this as.

Unfortunately, now we have things like TinyURL and bit.ly which everyone uses for twitter, which could make them unknowingly spread fake information, or run scripts, which appear to be from trusted domains.

Re:NSA anyone ? (0)

Anonymous Coward | more than 5 years ago | (#28886177)

Gary McKinnon was quoted "Fuck off, this is definately nothing to do with me"

Complex Web Sites should expect to be hacked (0)

Anonymous Coward | more than 5 years ago | (#28880945)

If you run anything but a trivial, static page web site, you need to expect to be hacked and have measures in-place to quickly recover the site and any data on it. A complex web site may appear to be secure for today or for years, but eventually, a backdoor/crack WILL be found. The board of directors at our company has been briefed that this is expected and planned for as part of our security.

My company runs a Joomla web site. We expect to be hacked in the future. We perform JFS snapshots every 15 minutes and currently maintain nightly off-site backups for the last 90 days. These are not JFS-send replication backups. WHEN we are hacked - and it is WHEN - we'll be able to recover anywhere very quickly with just a redirected DNS (24 hour updates).

Are your company external sites protected to that level? Is there an expectation in your C-Suites that this will be the recovery plan and being down for 24 hours is expected?

BTW, it doesn't matter if you run Solaris, Windows, Linux, NetBSD, FreeBSD, or some embedded OS - you will be hacked. If you run a web server on a Mac - well, you've already been hacked and lost all your data like these geniuses http://tech.slashdot.org/article.pl?sid=09/02/20/1543208 [slashdot.org]

Send the new Bond after them! (1)

hesaigo999ca (786966) | more than 5 years ago | (#28881069)

Send in the new Bond after them, hackers might think twice after seeing these guys get a few bullets in the back of their heads!

Re:Send the new Bond after them! (1)

Trouvist (958280) | more than 5 years ago | (#28883193)

I find it difficult to think they will think once, let alone twice, after they each get a few bullets in the back of the head.

Re:Send the new Bond after them! (1)

Sulphur (1548251) | more than 5 years ago | (#28883435)

In Soviet Russia, it only takes one bullet.

Re:Send the new Bond after them! (0)

Anonymous Coward | more than 5 years ago | (#28885429)

No, no, no.

"In Soviet Russia, bullet gets you in back of head."

That's how it's done.

Re:Send the new Bond after them! (1)

hesaigo999ca (786966) | more than 4 years ago | (#28894913)

If you read my post carefully you would have seen that I thought of that and wrote
to make sure I was not referring to the original hackers, but others looking unto these ones.

Someone is missing the point (2, Insightful)

meist3r (1061628) | more than 5 years ago | (#28881133)

Fort Knox announced today that someone broke in and took a dump on the Gold ... nothing was stolen though.

Re:Someone is missing the point (0)

Anonymous Coward | more than 5 years ago | (#28891523)

y3wwwzs will be mad dude, be sure to bring some hookers, mdma and new born gollims.

Why is this interesting? (1)

cyberfringe (641163) | more than 5 years ago | (#28881361)

News of hacked public websites of powerful public agencies is titillating but technically insignificant. These sites are usually maintained by the lowest bidder on the cheapest servers with the most scant security. And they generally have no useful information. Boring! On the other hand, cyber warfare is constant and both government and industry networks with valuable information assets are under constant attack. I know this first hand from having had oversight of network security in a major scientific lab several years ago. Little or nothing is reported either in the way of successful penetrations and damage or attacks thwarted. That is the frontier people, where there is not only action with major consequences but hard computer and network science happening every day.

007's online counterpart will get them. (1)

Cur8or (1220818) | more than 5 years ago | (#28881627)

I believe his number is 1337.

Consequences (0)

Anonymous Coward | more than 5 years ago | (#28882909)

And this is why, as a comic once said, "you can't fix stupid". Do people honestly believe honeypots don't exist anymore, that there are no consequences. Nothing is anonymous. Most of the slashdotters out there are too young to understand that just because authorities don't arrest you an the first sign of cracking doesn't mean they aren't watching you. You see that how they build a case. Do you honestly believe it's only traffic cops sitting behind a computer? Understand this, once you are legally labeled a terrorist you have no rights.

Re:Consequences (1)

maxwell demon (590494) | more than 5 years ago | (#28884001)

Nothing is anonymous.

What about wardriving?

In other news... (2, Funny)

tjstork (137384) | more than 5 years ago | (#28882917)

A hacker's apartment in London was invaded by a gang of unknowns. Nothing was stolen, but his computer was smashed, his books urinated on, and the victim suffered a broken leg, torn elbow tendon, and a few cracked ribs after reportedly being waterboarded in his own kitchen.

Lame (0)

Anonymous Coward | more than 5 years ago | (#28885557)

This is not a hack. TE is soft yo!

Re:Lame (1)

metaforest (685350) | more than 5 years ago | (#28893185)

And yet you still feel the need to hide behind AC?

Your method of communication exposes your stink of fear....

I'll spare you the shame and follow up....

TE is a bunch of pu#$^#$%^$%^ ---NO CARRIER

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?