Graphics Programs Reference
In-Depth Information
don't have malicious intent; instead, they help vendors fix their vulnerable
software. Without hackers, the vulnerabilities and holes in software would
remain undiscovered. Unfortunately, the legal system is slow and mostly
ignorant with regard to technology. Often, draconian laws are passed and
excessive sentences are given to try to scare people away from looking
closely. This is childish logic—discouraging hackers from exploring and
looking for vulnerabilities doesn't solve anything. Convincing everyone the
emperor is wearing fancy new clothes doesn't change the reality that he's
naked. Undiscovered vulnerabilities just lie in wait for someone much more
malicious than an average hacker to discover them. The danger of software
vulnerabilities is that the payload could be anything. Replicating Internet
worms are relatively benign when compared to the nightmare terrorism
scenarios these laws are so afraid of. Restricting hackers with laws can
make the worst-case scenarios more likely, since it leaves more undiscovered
vulnerabilities to be exploited by those who aren't bound by the law and
want to do real damage.
Some could argue that if there weren't hackers, there would be no
reason to fix these undiscovered vulnerabilities. That is one perspective, but
personally I prefer progress over stagnation. Hackers play a very important
role in the co-evolution of technology. Without hackers, there would be little
reason for computer security to improve. Besides, as long as the questions
“Why?” and “What if?” are asked, hackers will always exist. A world without
hackers would be a world without curiosity and innovation.
Hopefully, this topic has explained some basic techniques of hacking and
perhaps even the spirit of it. Technology is always changing and expanding,
so there will always be new hacks. There will always be new vulnerabilities in
software, ambiguities in protocol specifications, and a myriad of other over-
sights. The knowledge gained from this topic is just a starting point. It's up to
you to expand upon it by continually figuring out how things work, wondering
about the possibilities, and thinking of the things that the developers didn't
think of. It's up to you to make the best of these discoveries and apply this
knowledge however you see fit. Information itself isn't a crime.
0x810
References
Aleph1. “Smashing the Stack for Fun and Profit.”
Phrack
, no. 49, online pub-
lication at http://www.phrack.org/issues.html?issue=49&id=14#article
Bennett, C., F. Bessette, and G. Brassard. “Experimental Quantum
Cryptography.”
Journal of Cryptology
, vol. 5, no. 1 (1992), 3-28.
Borisov, N., I. Goldberg, and D. Wagner. “Security of the WEP Algorithm.”
Online publication at http://www.isaac.cs.berkeley.edu/isaac/
wep-faq.html
Brassard, G. and P. Bratley.
Fundamentals of Algorithmics
. Englewood Cliffs, NJ:
Prentice Hall, 1995.
