Saturday, January 17, 2015

Three good hackers and one bad hacker

Nothing in our universe is completely white or black, but sometimes it seems. Even in  computer security planet, where it's so easy to say: "He's bad". Actually, gray's the dominant color among hackers and non-hackers: sometimes we do things right, sometimes we're wrong and everything is relative, what's good for you can be bad for me. It goes without saying that, given the title of this post, we'll relate some stories that would seem positive or negative to us, but should not seem the same to everybody, nor 100%.

Researcher Eduardo Novella has discovered a hole in routers that Telefonica Movistar company provides to its customers. The ruling is important because it allows an attacker to take device's remote control and use it, for example, as a bomber in Distributed Denial of Service Attacks. As a good hacker, when Novella discovered the hole reported it to the manufacturer and Movistar... in 2013! No answer in two years, so he has decided to publish it on his own.
Microsoft also took a long time to patch holes in its software or, worse, never did... until Google has cut the company down to size. Google Project Zero, an initiative to find security flaws in all kinds of software, advises manufacturers and gives them 90 days to fix the hole. After that time, Google discloses it, although there's no patch. And that has made with Microsoft 3 times! In a month. Microsoft's very very angry.

Others who don't mess around in computer security awareness are Swedish Pirate Party people. At a security conference with a big number of politicians, Swedish pirates created a false wifi network called "Guest's network". One hundred politicians fell into the trap. All their communications through that wifi were spied... and made public by Pirate Party.

These actions we've related may bother somebody but they're adressed to the common good, to improve security. Insted, we don't see positive side on things like impersonation of two media Twitter accounts, "New York Post" and United Press International (UPI) agency, to publish false information in them. It's not the first time somebody impersonates a Twitter account, nothing new. Why attackers did it? To distract from a more important hacking? Just propaganda?

We'll never know, possibly. And this is one of the things that differentiate good hackers from bad: their transparency and commitment to common good. We hope our readers are also good hackers. And they have a good Saturday.


Post a Comment