Savvy JS Hacker Knobbles MySpace

23 comments
Story Text:

It's a coin toss as to whether you admire or despise hackers, personally, as long as no one gets fleeced, and no small children or animals are hurt i can't help but to admire - particularly stuff like this. It's just cool...

Comments

Reminds me of the "karma" hack for...

...some popular forum software.

Get all those viewing your posts to give you positive karma (kudos, whatever you want to call it) to raise your status on the forum.

That stuff is always fun. Recently hacked an Alexa rank inflator site as well.

SB

oh man

what a great read !

Good lad.

Clearly very employable.

Great, lets encourage them.

It's not hard to find what he did amusing, but it's alot less amusing to those of us who have actually been attacked. I'm sure this did not cost myspace very much time or effort to fix but I'm sure it was a headache none the less. At what point, or size, does a company need to get before people actually applaud hackers' dirty work. If someone had done something (even with the purest of intentions) to threadwatch or seobook.com I doubt any of us would find it amusing at all.

Whats worse, and what bothers me the most is that these sort of incidents only help to fuel other hackers. The popularity of doing something like this is what most of these guys are looking for. The evil ones thrive on recognition even more then guys like samy.

I hate being the serious one. "I love you" Samy, your my hero..

Jarrod

reasons why I feel the way I do:
- It didn't happen to me.
- Its funny, the guy did something very clever and funny.
- I despise myspace.
- And of course the guy should get punished for it no is saying otherwise, at least here.

His blog is slim on entries but hilarious...

"I won't be able to masturbate for a few days, but hey, I can go for at least 40."

my 2c

I think it was reckless of him to release something like this without a shutdown mechanism (automatic or manual, doesn't matter) to shut the thing down when things got out of hand

other than that, I admire his creativity, because he overcame a LOT of barriers without braking anything else first... anyone with some JS skillz and a slightly higher than average IQ could've done it, so the error is with myspace... any system can be brute-forced to allow similar stuff, but they had only a basic word filter, which Samy went around with stuff like 'java'+'script'... which is, like, JS101

a lot of work went into this and I think his website is an EXTREMELY good article on 'how not to secure a web service'... I'm primarily a web dev and I found the article VERY enlightening...

It's Ok then

Oh, so I see, it's ok to break and vandalize other peoples property as long as its "easy". And its ok as long as you post the details on a website afterwords. And it Ok as long as someone learns something about what you did?

And its ok to do it, and applaud it, as long as its happening to someone else's property or if you dont like the people that its being done too.

A lot of people hate Microsoft too but I dont see too many people clapping when some script kiddy downloads some tool that allows him to push a button and break into someones computer or website. Nothing could be more easy then that, and every one hates Microsoft.

At what dollar amount, or damage level, does hacking become ok?

Myspace may be evil because they "sold out" and did what just about anyone of us would have done if Fox approached us with 500 million, but, with all envy aside, the last thing you'll find me doing is supporting people like Samy. Just my luck, some Samy copycat, with less morals, is going to think its fun to try and deface my database next. But hey, I'm sure I have at least one enemy that would applaud his efforts, which makes it ok right?

Hackers have little regard for other peoples property. There are some of them that could care less about "who" it is that they are attacking. These kinds of disturbed individuals are empowered by the news that people like Samy get. Samy may not be evil, but he is glorifying a whole industry that most of us would be better without.

Perhaps, my point would be heard better if everyone reading this blog was to have woke up one morning a few years back to find that their main database, and all its backups, had been maliciously deleted. Making the next 2 weeks of their life about as miserable as they could possibly be.

It's easy to laugh at Samy's misdoings, but it hits a little to close to home for me. I guarantee you, that out of the thousands of people that have read about what he did, there are at least a couple that thought "wow, I want to become a hacker".

Jarrod Hunt

right or wrong, there's a

right or wrong, there's a glamour element to hacking which is going to make it popular, and going to give it a unique reputation effect whereby you can enhance your reputation within certain communities by publicizing your mischievous hacks. i'm not disputing the appropriateness of this, but realistically speaking, it does exist and is fuel to incentivize hackers.

so my question: what is the solution? economists might argue that the nature of the risk of being hacked (low probability, high cost) makes it conducive towards insurance-type goods/services, although insurance fraud would probably be too easy for savvy web developers....no?

someone who can find a simple but effective solution for this problem and market it effectively could probably cash in big time.

There is no easy solution, only easy fixes.

Unfortunatly the problem is with Society, which is a very hard thing to fix.

Websites will never be 100% hacker proof, but there would be no need for hack-proof websites if there were no hackers, and as long as Society glorifies hacking, there will always be someone who will want a piece of that glory. Sure we could buy insurance, or hire security experts, or read forums where people discuss exploits, but thats only a temporary fix, not a solution. .

There are some web developers that love to hear about what Samy did because it helps them to understand how to better secure their own websites. Now thats all fine and dandy except the fact that Samy's stunt also worked towards empowering hackers, which means that webmasters are going to have to do even more to secure their websites over time.

You may have a low probability of being hacked today, but with more and more hackers, the chances are getting higher everyday. In actuality though I dont think the probability is low at all, I just dont think corporations announce when they get attacked. The small guys may only have to deal with forum hacks etc, but corporations and large websites deal with it all the time.

As long as people glorify hacking, there will continue to be a growing base of hackers. As long as there are more and more hackers, there will always be more and more ways of hacking.

This can be looked at in a much broader scale, to include crime in general. Is it better to continue glorifying crime and to hire more Police and Judges, and buy more guns for "home protection" or is it better to attack the issue at a social level and try and change peoples thinking about how they glorify violence. Granted, glorification of violence isnt the only reason that violence exists, but it is one the ways that we as individuals have direct control of.

I cant help but think of the HBO show "The Sopranos". I'm as guilty as everyone else for watching a show that glorifies violence. "The Sopranos" makes killing people and creating crime look "almost fun". Mobs thrive on public support. There are millions of kids that live in poor areas that look up to the mob lifestyle, and we wonder why there is so much crime.

I doubt there are very few people who have been a victim to Mob crime who will watch "the Sopranos" and think its entertaining. Hackers are the Mob of the internet. How long is it before we start having to pay Hackers directly for "Protection"? Oh wait, thats already happening..

My point being to all of this is that as long as these social issues exist we are never going to be free of crime. As long as we continue to watch, and applaud, violent movies, and applaud even the smallest of crimes, we are as much the problem as the criminals. I am as guilty as everyone when it comes to watching violent movies, but you will not see me publicly supporting any form of violence or crime, even as seamingly innocent as what Samy did.

Jarrod Hunt

Unfortunatly the problem is

Unfortunatly the problem is with Society, which is a very hard thing to fix.

Agree 100%. what i'm trying to think of is a way to (1) find risk diversification tools to help webmasters reduce the hacker risk they are exposed to and (2) find a way to give hackers an incentive to not hack or punitive measures if they do hack. in an offline world, criminal punishment and the lack of glory associated with most crimes are compelling deterrents, and things like homeowners insurance protect physical homes and storage facilities. we pretty much lose these tools in an online world, so we need to find new ones. that's what i think is important, and what can reduce the significance of hackers (if they can be found, that is).

kid should be prosecuted

Yes he should be prosecuted. What he did was wrong.

It also was clever. I appreciate both aspects equally.

I agree, The Online world is

I agree,

The Online world is like the wild west. Criminal punishment is pretty much non existent. Programming languages are getting more secure over time, but hackers are also getting smarter.

I would love to see growing support for some of the things you are asking. Unfortunatly, I dont think governments are really going to do what it takes to combat these problems until there is a public outcry. I really do think the best thing that we can all do right now is to become very vocal and against any sort of hacking, even the smallest of hacks. What we need is for people to realize that this is a huge problem.

Watching the support for Samy has really made me realize how few people have ever even thought twice about how serious of a problem this is. Whats worse is I see webmasters supporting what he did. The very people who are going to be the victims are the ones helping to support the crime.

I would love to see this conversation evolve to something where we discuss things that can be done to curb Hacking, other then spending tons of money to secure websites, or to hire an enourmous amount of law enforcement. I really do think, that at this point, it is in our hands to do something about it. If instead of a bunch of "Your my hero" comments on Samy's board, there were a bunch of "You should be put in jail" comments, we could have sent a real strong message to hackers that no form of public hacking is acceptable.

in my opinion the moral

in my opinion the moral argument -- "hacking is wrong, dont do it" -- is never going to work. there is a problem, and many if not most webmasters would be interested in solving the problem. so it's a problem with a high demand for a solution. and right now, there's no supply of a solution.

in my mind this represents an enormous commercial opportunity for someone to solve. high demand + low supply = enormous profit margin. that's what i think is worth focusing on, as it is the only thing that can bring about real change IMHO.

Webprofessor, Yes it was

Webprofessor,

Yes it was clever, and he has a way with words. It's easy to find him so charming.

I look back in history at all of the other clever people who shaped our world.

I can see the history books now "If nothing else, Hitler was clever". I wonder if Hitler had any mentors? Was it the kid down the street that played a "harmless prank" on the jewish kid? It's too bad his mentor wasnt someone who valued other peoples rights to live without crime.

Hi Kidmercury, I respect

Hi Kidmercury,

I respect your opinion and appreciate the debate.

The one thing that comes to mind though is how many corporations have profited from the suffering of others and the people that run those corporations. What really bothers me is that the same Hackers that are causing the problem are the ones that are starting Corporations to fix it. I.E. Security companies.

So in other words, the way the formula works is. The more hackers we have the more hackers we need to combat them.

I also disagree that people speaking up will do little to curb hackers. I have known a few hackers in my day, and I have also seen how they react when things get "too real". Most hackers dont even think about the consequences of getting caught. I have seen how hackers react when they finally realize that they could go to jail, or get their asses kicked, for something that they are doing. It's amazing how quickly they change their tune.

Context

Think you're going over the top a bit, Jarrod - the point here is one of intention, with no malice or intent to harm communicated.

Also, Microsoft - a billion-dollar corp which buys security teams for fun and profit - is hardly the vulnerable old lady no one should play jokes on.

You seem to be following the sort of argument that says that a cream pie in the face isn't humour or stupid, but instead violent assault.

We're not talking about Hitler, so maybe let's put some the story in context for what it is, not what it can be imagined to be.

2c.

"Hacking is wrong, if you do

"Hacking is wrong, if you do it your going to go to jail, or someone is going to kick your ass"

Is quite a bit different then saying "Hacking is wrong, dont do it"

When I went through my hacking experience, and I found out who did it, and then found out it was going to be very tough to prosecute, I was very resolute on doing something about it myself. If it wasnt for common sense finally kicking in there could have been a good chance that my buddy Guido was going to make a visit to my hacking friend. I dont condone violence against violence, but I can guarantee you that when people actually believe that the crimes they commit are going to push someone to the limit of wanting to take "law into their own hands", they think twice about doing it.

Thats the problem with the web. People arent dealing with each other face to face. It's amazing how brave and stupid people get when they dont have the face you.

This is just from my personal experience though.

Brian

Yes,

I realize that my comments are over the top.

Samy is nothing like hitler. But crime begets crime, and until people realize that, they will continue to support people like "Samy"

Brian, I think if you read all of the crazy comments people have made about what Samy did, you will see that there are some real losers out there that will use this stunt to justify their own doings.

Sure, Samy may not have intended on hurting people, but its not him that I'm worried about. Its the people that look at what he did and are inspired to "one up" him that worry me.

Agreed

I agree with your underlying point.

yeah

I can agree with that as well.

StephenBauer

Wow, what a discussion.

I didn't read the whole story but I saw in the comments above, the word "deface" was used. Did he deface the site? I read the part about "making" others list you as a friend and increasing popularity. Is that really defacing? Or did he do additional "hacking" that actually defaced mySpace or others' pages? Sorry, not alot of time lately so I have to skim...

I read the part about

I read the part about "making" others list you as a friend and increasing popularity. Is that really defacing?

i consider it defacing. if in the physical world you said hi to me, and then i spray painted on your front door "Stephen Bauer said hi to kid mercury" we'd probably call that defacing. i think it's analogous to what was done with this hack.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.