La máscara de Darth Vader vista desde adentro

24 06 2009

Para los fans de Star Wars, posiblemente el equivalente al Santo Grial es la máscara más famosa que ha portado cualquier villano en Hollywood, la de Darth Vader.  Sin embargo, ha sido prácticamente imposible verla desde su interior y observar de cerca los componentes que mantienen a Anakin Skywalker con vida.  Veamos esta representación artística:


Podemos distinguir el aparato para respirar, unos circuitos para los ojos y el sistema para reproducir la voz.  Lo demás queda a su imaginación.

Fuente:  Gizmodo

Entrevista de CNET a Mark Abene, “Phiber Optik”

23 06 2009

AbeneMark Abene, comocido como “Phiber Optik“, comenzó a los 9 años a usar computadoras hasta llegar a formar el grupo de hackers y phreakers “Masters of Deception“.  Siendo todavía un menor recibió una sentencia de un año de prisión por un juez que quizó enviar un mensaje claro a otros hackers.  Ahora a los 37 años Abene es considerado un gurú de seguridad.  Elinor Mills de CNET realizó otra excelente entrevista, en esta ocasión a Mark Abene sobre su pasado y presente.  A continuación reproduzco dicha entrevista:

Q: When did you start hacking or phone phreaking?
Abene: When I first got online in the early 1980s I was using an online service called CompuServe. I was initially looking for people with the same computer as I had. I had a very simple computer in those days, an old TRS-80, 32-column screen, no lower case, cassette tape recorder to load and save programs, and you would connect it to a television set as your monitor. I was online at a whopping 300 baud, which was normal at the time. And I was seeking out people to trade programming ideas, possibly software and so on. There wasn’t a huge amount of commercial software for my computer. One thing I had discovered about CompuServe is that there was a programming environment you had access to…that was a lot more powerful than the computer I had at home. It was the first time I had the notion that you could actually use programming languages and the ability to save and load back programs remotely on a computer that wasn’t yours.

The problem was that CompuServe at that time was insanely expensive, as were any of the competing services. They charged by the hour, which is unfathomable to people these days. I was chatting with people on CompuServe CB (Simulator, the first online chat service). I also discovered BBSes (bulletin board systems) many of which existed on Long Island. I grew up in Queens. Behind the scenes there were often private sections restricted to specific users to discuss certain underground topics, not the least of which was trading passwords for online systems and even calling card numbers to circumvent toll charges. Again at the time, phone service was rather expensive. In most major cities it was timed. No free local service, so you could easily run up a very large phone bill. Bearing in mind, too, that we were kids. I was about 12 or 13 years old. The first passwords I got a hold of from these BBSes were actually for minicomputers that were set up as part of an educational program in Long Island at many of the high schools. It was sponsored by DEC (Digital Equipment Corp.). A lot of the passwords I came across on the BBSes originally were guest accounts.

So that was my initial exposure to being somewhere you were not supposed to be, although things were a lot more relaxed in those times. There was no real notion you were doing something illegal. It really wasn’t (illegal). The fact that you were using a guest account on a minicomputer being maintained at a high school … there wasn’t any notion that anyone was doing anything wrong.

At this time I was weaning my way off CompuServe as I met people on BBSes. I had gotten pretty proficient not only at programming, but at understanding the system administration and security models of a lot of these operating systems from DEC. I was really interested in, not necessarily defeating them. But if, for example, you wanted to maintain access to these systems you would have to understand how the security mechanisms worked. Besides being fun it was definitely an intellectual challenge. If you were used to hanging out on one of these systems and if the guest account password was changed or an account you were using got locked out it would be kind of frustrating. So, that was probably my initial motivation in wanting to understand how to defeat the security mechanisms.

In doing so, I met a guy on BBS with an underground section and this guy introduced me to a couple of guys from the Legion of Doom, who were not from New York. This was probably in around 1985 or 1986. A guy I knew from BBSes, Steve, introduced me to a guy from the Legion of Doom who called himself “Marauder,” from Connecticut and another guy in Florida, who called himself “CompuPhreak.” Marauder was skilled with an operating system called RSTS. A lot of the minicomputers in the school program were DEC PDP-11s and they ran an operating system called RSTS…

I was always interested in the phone system from a relatively early age. The phone system was a lot more present then it is now. There’s a certain silence now because it is digital. Behind the scenes it was electro-mechanical; it was done by machines with lots of moving parts. When you called somebody you heard a lot of these rickety machines in the background. You would hear the switching of the call before the phone started ringing and sometimes you would hear tones in the background going over trunk lines connecting you to the person being called. I was always interested in knowing what was going on when that was happening. I learned later on that a fair amount of that process was computerized and I figured there must be some pretty interesting computers doing that. I got to talking with Marauder and CompuPhreak about that.

On a lot of these BBSes it was very common to have sections with text files which were nicknamed G files for general files. A lot of these general files were categorized into a sort of underground knowledgebase in the form of information that was typed up by other kids who had encountered certain systems in their forays into places they probably weren’t supposed to be. They would describe lists of commands. A lot of these systems had online help. It was not uncommon to log into one of these DEC minicomputers and type in “help” and get a list of commands in insane detail with information about how to get around in the system. A lot of times you would find reprints of these help files. You’d also find info about phreaking or exploring the telephone system. Some of it was from a previous generation, from the ’70s, stuff that had been reprinted or re-transcribed. Other stuff was being put out by other people, primarily in the Legion of Doom. Some of it was re-transcriptions of phone company documents they had found in the trash, for example. In other cases it was descriptions of systems that people had gotten into, management systems in the phone company. In these days security was a lot simpler. There are cases where certain rather powerful management systems within the phone company could be accessed simply by dialing in, knowing the phone number, and not even needing a password because the previous user had forgotten to log out and it wouldn’t reset back to the log-in screen. That was a common problem back then. That was the way a lot of hackers got into these phone company management systems.

There was a lot of overlap between hacking and phreaking. Most of the management systems used in the phone company were actually Unix systems. So I started  earning Unix in the 1980s. And my motivation for wanting to program in C stemmed from my wanting to run password crackers. Certainly you couldn’t do anything like that on your home computer. You had to run a password cracker…Another thing that motivated me to learn C was to be able to do modifications to the security infrastructure of a lot of these systems in order to maintain access to them…The log-in program that runs on Unix was written in C. Being able to modify that and insert a backdoor password for easy entry is something you had to be skilled to do. These were systems we never would have had access to otherwise and we wanted to understand their intricacies and how they worked.

So, the motivation wasn’t to make free phone calls?
Abene: There was no motivation to make free phone calls. It was a means to an end. The motivation was so you didn’t get killed with a whopping phone bill for all these dial-up calls…The way a lot of us justified it as kids was it was an acceptable risk, a means to an end.

What were you learning from those systems?
Abene: I was really interested in the telephone network, switching systems and management systems associated with them, as well as large data networks. Prior to the Internet there were packet switched networks that were used for a variety of purposes. Two of them were Telenet and Tymnet. They were private networks and they had a lot of private subnets within them, in a lot of cases gateways to systems and networks overseas. They were the first real international networks young hackers ever saw. A lot of those young hackers reached out to each other on chat systems that were set up. There were some famous chat systems set up in Germany and the only way to get to them was to learn how to navigate through some of these packet networks.

As far as who the customers were on these networks, pretty much everything under the sun, a cross section of big business. I and a couple other guys had gotten access to a lot of the internal maintenance and debugging tools used by the company that ran the Tymnet network and in doing so we were able to pretty much gain access to any system that was connected to the network just by watching people log in as they entered passwords. That was probably one of the earliest cases of, I guess you could call it interception or eavesdropping, but only in the sense of capturing passwords.

So, you weren’t generally sniffing around networks for corporate information?
Abene: We were only interested in technical documents that explained the workings of system X. Anything that had to do with security…Our pursuits were highly technical. We were motivated by wanting to learn more about the systems we were getting into. There was lot more variety of systems out there than there is today.

What got you in trouble with the law?
Abene: When I first got online and started getting access to systems there was a sort of gray area. When you are a young teenager you’re not really thinking about what the law says. And when I first got online there were no clear-cut computer crime laws. It wasn’t really until 1986 or thereabouts that some of the first laws were drafted specifically addressing computer crime. Prior to that, unless they were doing something really out of the ordinary, most people who got in to trouble with the law at that time were usually doing something silly or foolish. It was relatively easy to remain undetected in those times. Unless you were doing something blatant or going somewhere that was extremely sensitive. I let some of my guard down I suppose because of the way things were changing towards the end of the 1980s…

There was a lot more publicity around hacking as more and more people were being arrested and tried and, as you can probably imagine, a lot of the publicity was very negative. In the United States hackers were public enemy No 1. It was high drama on the electronic frontier, with images of FBI agents kicking in doors and waking up kids at gunpoint, which happened to me personally, so that’s no exaggeration. Things like that typically didn’t happen in other places. There was definitely a high degree of paranoia in the U.S. surrounding all this.

Over the course of us doing this things became illegal. For example, I was charged with possessing 15 or more passwords. The laws themselves, if you read them, are just ludicrous to think about in stark comparison to when they didn’t even exist. When you’re a teenage kid and you’re perusing around looking for access to interesting systems you would have hundreds, thousands of passwords and dial ups and so on. You would keep it all in a notebook. That was the information you collected; it was part of who you were and what your skill sets were. It wasn’t anything unusual. Something like that became illegal. Forgetting about intent or whether or not they were used, it was simply possession. Many systems didn’t even have passwords, in the mid-80s, including phone company systems. The administrators never set passwords.

What was your thinking when these activities were outlawed?
Abene: We always conducted our activities according to a certain code of behavior and we always believed that as long as we adhered to that code of behavior we wouldn’t show up on too many people’s radar. This tended to be the case for a long time, even after laws started to pass.

(Around) 1986 a friend of mine who was in the Legion of Doom had gotten in trouble for various things he did having to do with the phone company and getting access to really sensitive systems. It was Dave Buchwald, who was also one of my business partners when I had my consultancy, (CrossBar Security). There was an internal investigation. Back then it was New York Telephone. At the time it was one of the biggest, most blatant upsets to internal phone company security probably than there had ever been. The phone company wanted to keep it rather quiet because frankly they were pretty embarrassed by it. By the time I had gotten into trouble for very similar things some years later, it was not long after some friends of ours in Atlanta, some Legion of Doom guys had gotten in trouble.

That hit close to home because I was in regular contact with those guys and I figured that if they had gotten into trouble we were on somebody’s radar. And we were. That was around 1989. And the paranoia level had gotten so high that when the Secret Service came knocking in January of 1990 at my parents’ house looking for me they were under the impression that I had something to do with crashing the AT&T network, which had gone down completely around Martin Luther King Day about a week before. As you can imagine they were overeager to find somebody to blame for that. If hackers had taken down the nation’s primary long-distance company then something had to be done. That turned out not to be the case. AT&T then went on the record claiming it was their own software update containing an error which took down the network. They were the cause.

I figured that these guys were so far off in what they believed was going on it really didn’t sway me from doing what I was doing. Although in retrospect, I could have been more careful at that point. There was a certain amount of publicity that was associated with it and the fame that went with it, fame within certain circles anyway, which kind of made it cool I guess for a lot of people. It was probably one of the first high-profile cases of that kind. That was 1990. Over the course of the next year we just did everything bigger and badder. We did lots of interviews, all the while we were still hacking. This basically made us enemies of the government and law enforcement everywhere. Federal law enforcement certainly had it in for us at that point. Again, it was largely our interpretation that these guys were so far off the mark from our initial encounter with them in 1990 that led to all of us getting in trouble in 1991. And that was the end of my first-hand dealings with the so-called “underground.”

What were you arrested for?
Abene: In 1991 there was that aspect of phone company switching systems which are considered a very sensitive part of the nation’s infrastructure and we can’t have teenagers playing around in those. There were also a lot of the public and private data networks we had gotten access to. One of the major complainants in my case was British Telecom, which ran Tymnet. Several of the regional bells were not all too happy. I was charged with the least number of charges compared to others in the case, but I got one of stiffest sentences and that was due to the public image I had created.

Abene: I was sentenced to a year in prison in 1993, as a result of being grouped into a major investigation by a joint FBI/Secret Service task force in 1991, when I was already 18. Even though I was scarcely mentioned in the indictment at all, I surprisingly received the harshest sentence because of my public profile. The judge himself said he wanted to “send a message” at my sentencing. I was charged with conspiracy to commit certain specific acts. In the indictment they laid out various overt acts. The other charge was basically computer trespass on a grand scale. I was ultimately sentenced to a year and a day and actually served about 11 months in federal prison. It was not an experience I like thinking about and it is something I put behind me long since. By the time all that happened I was already employed in companies working as a system administrator.

But it hasn’t hindered your career at all, has it?
Abene: Not at all. I’ve worked as a system administrator and network administrator. Even when I was still doing things that could obviously be construed as being illegal I did a fair amount of public speaking. I did several talks at the New School for Social Research in Manhattan, Parsons, and New York University. A lot of these talks were purely technical, such as the history of the technology of the phone system… After working as a system administrator for two of the first public access BBSes with Internet access (MindVox and ECHO) I became a system administrator and security consultant, and was recruited by Ernst & Young to kick-start a new type of security consulting.

I successfully spun off my own consulting firm based on those experiences in the late ’90s, and did information security work on four continents along with my business partners. We ultimately all went into private practice after the dot-com bubble burst in the early 2000s. I’ve been doing independent information security consulting for some rather large clients ever since, until recently forming a new intrusion detection start-up with some colleagues. I was still working at ECHO when I was released from prison. Then I worked for Radical Media, which was a production house, as a system administrator.

If you could do anything differently what would it be and do you have any regrets?
Abene: That’s a pretty loaded question. You can’t go back. I don’t live with any regrets. I took part in something that at least I considered special. There were certainly some negative aspects in it in the trouble I got into. But there was definitely a lot of positive that came out of it. But I consider that to be a very minor phase of my life. My trouble with the law lasted about a year and if you do a Google search it is 99 percent of what you find.

Do you have any advice for young hackers?
Abene: Things are a lot different today. One of our major motivations was that we wanted to get access to computers that were more powerful than the simplistic ones we had at home. Today most kids’ home computers are a lot more powerful. For us it was a great equalizer. We wanted to get access to the high technology we otherwise wouldn’t have access to, understand it, and learn to program it. As far as anybody today doing a New York sort of underground hacking, I’d caution against it even though, naturally, it’s going to happen. It’s a completely different world these days.

What are you doing now?
Abene: I have been doing lots of consulting. After my own consulting firm folded after the dot-com bust in the early 2000s I continued doing independent security consulting for a lot of large companies. A fun job I had recently was writing the encryption routines for the online streaming service for Major League Baseball

Fuente:  CNET “Mark Abene, from Phiber Optik to security guru”, por Elinor Mills, junio 23, 2009

RedSn0w se actualiza a la versión 0.7.2 y UltraSn0w ya disponible

23 06 2009

quickpwn-299x300RedSn0w, la aplicación del Dev Team para hacer al “jailbrake” al iPod Touch y al iPhone 3G con el OS 3.0,  ha sido actualizada a la versión 0.7.2.  Por otra parte, ya superadas ciertas dificultades, UltraSn0w, la aplicación para desbloquear el iPhone con OS 3.0, también del Dev Team,  ya está disponible en Cydia.  Como recordatorio, antes de hacer el desbloqueo del iPhone, éste tiene que estar actualizado al firmware 3.0  y “jailbraked“.  En el caso del iPod Touch, debe estar actualizado al firmware 3.0 previo al “jailbrake“.

Para un tutorial completo y en español de cómo desbloquear tu iPhone 3.0, accede desde aquí a la página de los colegas de iPhone Fanatic.

Descargar RedSn0w 0.7.2 versión Windows

Descargar RedSn0w 0.7.2 versión Mac

Los usuarios de Twitter compran más música

23 06 2009

lens2011086_1232288317TwitterSweet_Music_Social_LensUn estudio realizado por NPD Group arrojó unos resultados que deben ser de interés para la industria de la música, que constantemente se queja de que las descargas ilegales le hacen perder millones de dólares.  Dice el estudio lo siguiente:

  • 33% de usuarios de Twitter compraron un CD en los pasados tres meses.
  • 34% lo hicieron en forma de descargas.
  • Esto contrasta con el 23% y 16% respectivamente de los que no son usuarios de Twitter y compraron o descargaron música.
  • Los usuarios de Twitter  compraron un 77% más de música a través de descargas que aquéllos que no utilizan la red de microblogging.
  • 41% escuchan música en línea, versus un 22% del resto de los usuarios del web.
  • 39% ven videos en línea, mientras los que no usan Twitter y ven videos en línea comprenden un 25%.

La conclusión es que los que utilizan Twitter tienen mayor potencial de descubrir música nueva, así como aquéllos que conocen de tecnología, que es una caracterítica de muchos de los usuarios de la red de microblogging.   Bien usado, Twitter tiene el poder de entretener y de motivar a los amantes de la música  a comprar más mercancía, descargar música y adquirir boletos para conciertos.  NPD utilizó una muestra de 4,000 personas mayores de 13 años para su estudio.

Fuente:  Appscout

Humor de navegadores

22 06 2009

Directamente del “Departamento de Nadie Me Quiere”:


Fuente:  The Windows Club

Entrevista de CNET a Kevin Mitnick, de hacker a consultor de seguridad

22 06 2009

mitnickCNET News publicó una interesante entrevista con Kevin Mitnick, el “cóndor“, posiblemente el hacker más famoso y quien ostenta la “distinción”de haber sido el primer hacker en aparecer en un anuncio de “Se Busca” del gobierno federal.  Arrestado en 1995, se declaró culpable de fraude electrónico y fue liberado en el 2002; aprovechando su notoriedad, se dedica a dar conferencias y fundó una compañía de consultoría en seguridad.  A continución reproduzco la entrevista tal y como aparece en la página de CNET:

Q: When did you start hacking?
Mitnick: When I was 16 or 17 years old, when I was in high school–1979 time frame; before it was even illegal.

How did you get into it?
I became very interested in phones. I was a ham operator, an amateur radio operator, for about three years and in high school I met this other student whose dad was a ham radio operator and this other student had a hobby of phone freaking and he introduced me to this. He was able to do amazing things with the telephone system. He was able to get unlisted numbers. If he had my number he could get the name and address…He could do all these magic tricks with the phone system. I also had an interest in telephony over ham radio. He introduced me to phone phreaking and when the phone companies started converting over to electronic systems from electromechanical systems they used front-end computers to control it. So the phone company was in the process of automating their processes. To further my phone phreaking I needed to become familiar with the phone systems’ computers. So that was my foray into hacking.

So you went from phone phreaking into hacking?
Yes. The phone company had this computer system called COSMO, which stood for Computer System for Mainframe Operations. Well, my first hacking occurred as a student at Monroe High School in Sepulveda, Calif., in the San Fernando Valley. I met another student who was very heavy into computers and at this time it was the Commodore VIC-20. They offered a computer training course for seniors but I wasn’t a senior so he introduced me to the professor. He wasn’t going to let me into the class. So I did all these electronic tricks with the phone system and the teacher was amazed and he waived the prerequisites and let me in the class. I think he regrets that decision today.

What could you do with the phones then?
I think I demonstrated calling into comp systems. You could interact with them with your voice and control them by touch-tone. He gave me his name and the city he lived in and I was able to get his telephone number. I was able to interface my ham radio with the telephone system and dial into computers and access them through the touch-tone pad. At that time it was pretty advanced because you didn’t have voice response systems then like you do today.

What’s the hacking activity you are most proud of?
Ethical or unethical (laughing)? You probably want to hear about when I was a hacker. I guess my intrusion into Motorola. I was able to call an employee at Motorola and convince her to send me the code for the MicroTAC Ultra Lite cell phone…Motorola had their whole campus protected by SecurID and I was able to use an elaborate social-engineering scheme by also manipulating the telephone network and set up call-back numbers within Motorola’s campus. So I convinced a manager in operations to tell one of the employees to read off his RSA SecurID code any time I needed it so I could access the network remotely. That’s how I was able to access their internal network and then I was able to use technical means to hack into their development servers for cell phones…I was able to find the source code to all the different cell phones.

I was interested in the MicroTAC series because it looked like a Star Trek communicator. I wanted to understand how these phones worked, how the codes controlled the processor. I wasn’t interested in selling the source code or doing anything with it. It was more about the challenge of getting it. I had to breach like four layers of security to get in. I’m not really proud of it because it was obviously wrong…I made a stupid and regrettable decision and decided to go after the source code.

When you say it was about the challenge of getting it, can you elaborate?
At the time I was actually a fugitive in Denver, Colo., and one of my colleagues handed me a brochure of this phone and I thought it was ultra cool, like the iPhone of today. I really wanted to understand what are the protocols used, how does the phone talk to the communications network, how does the whole thing operate? And I thought maybe I could modify the firmware for the code in my phone and make it more difficult for the government to track me. For example, there are certain methodologies the government uses, like any time your phone is on, it is communicating with the mobile telephone company. I wanted to be able to toggle that off and on, so basically take my phone offline and do extra things to it. At the time I had that idea, but I never went through with it because I was so busy hacking…It was pretty much the trophy. Once I got the source code, that Motorola phone intrigued me. I looked at it, read through it, and tried to understand what I could understand.

After that I went after other different cell phone companies and it really was about the trophy. It was the challenge of getting in and getting the code, storing it at USC in Los Angeles, and moving onto the next one. That’s how I got caught. The USC administrators noticed that a lot of their disk space was being used and that their systems were breached and they called the FBI. The companies themselves didn’t realize they were hacked. It was USC that discovered it…I didn’t spend any time trying to hide it (source code). That was my downfall.

Did know what you were doing was illegal?
I started hacking back in the ’70s and there were basically no laws against it, against phreaking or hacking. In school, my parents and other people actually encouraged it. There were no ethics taught. If you could hack into the school’s computer you were considered a whiz kid. Today if you do it you get expelled or they call the cops. It was like a reward of intellect back when I got started. Then they criminalized it later. I was so hooked into the adventure of the hacking game, doing it for a number of years even though it became illegal. It was thrilling, adventurous. It was all about solving the puzzle, using intellect to get around obstacles. It was like a huge game.

What would you do differently if you could go back in time?
In hindsight, I wouldn’t do what I did because now I’m much smarter and wiser, and I caused a lot of network and systems administrators a lot of headaches undeservedly. It was the wrong thing to do. But at the time there was no such thing as penetration testing and no school curriculum on security. You had to be self-taught. That’s how I learned about security and systems–through hacking. I took the wrong road in doing it. I wouldn’t repeat it. Today there are degrees, pen testing, books on the subject. At the time, a lot of companies and universities didn’t give much thought to security.

When I was 17 years old, the phone company was so livid with me for hacking their systems–and not hacking through a computer but through social engineering and calling and controlling touch phones or calling employees. There were no laws against it. They actually yanked out the phones in our house, and I was living with my mom at the time. I was in high school. They wouldn’t let us have a phone and cited California Public Utilities Commission rules that if there’s fraud or abuse the phone company can yank the phone.

Rather than stop my activities I figured I would one-up them. We were living in a condo. The condo had unit numbers and we were unit 13. I went to the hardware store and got the numbers 1, 2, and a B for unit 12B. I called the phone company and told them the builder had built another unit in the condo complex. Then the phone company came out and installed a phone for a new subscriber in 12B under my name or my mother’s. Then we had a phone for two weeks and one day it just went dead. The phone company was livid because I had done this elaborate thing to trick them. After about six months we got the phone service back but we could only make outgoing calls.

Let me ask about your time in jail. How much time did you serve and what was that like?
I served five years, and I ended up in solitary confinement for a year because a federal prosecutor told the judge that if I got to a phone I could connect to NORAD (North American Aerospace Command) and somehow launch an ICBM (Intercontinental Ballistic Missile). So the judge, reflecting on the movie War Games, put me in solitary confinement. I think it was a strategy they used to get me to plead out or cooperate. I was held for four and a half years without a trial. I spent a lot of time focused on the defense and reading cases and serving as assistant to my attorney. At the end of the day I realized justice is economic; unless you have enough money to properly mount an effective defense you always lose.

I wanted to admit that I was hacking, but the intention and the purpose of it wasn’t fraud because to commit a fraud you have to convert property to your own use and benefit, to profit. In my case that was lacking. I was doing it for the trophy. I was cloning my cell phone to random subscribers and dialing into computers from the cell phone. The purpose wasn’t to make free calls; it was to make it more difficult for the government to track me. They claimed all my hacking into those companies was a huge elaborate fraud and that I caused $300 million of damage. They said the value of property I copied, the R&D development cost, was $300 million. The government tried to use the old (definition of) loss for tangible property. If I copied that code and they no longer had use of it, it would be a $300 million loss or whatever.

They told my attorney that if I didn’t cooperate and plead out, not only would they take me to trial in Los Angeles, but they would put me in a revolving door of trials and put me on a bus and take me from federal jurisdiction to federal jurisdiction. So I signed the deal and admitted causing between a $5 million and $10 million loss. I signed it not believing it. I signed it to get out. I really don’t believe to this day that my actions caused that amount of loss, because none of the victim companies lost use of their code, they never claimed any losses due to my activities. Sure there were losses, maybe in the thousands of dollars, for their time to investigate who hacked into their systems and to secure them. Those are the real losses. But I was the example for the federal government, so they needed to put me away for a long time. That’s why I was very angry and bitter against the government at the time, because I wasn’t being punished for what I did. I was being punished for what I represented at the time. I have no qualms about being punished for what I did. The punishment should fit the crime.

So, if someone were to ask you what lessons you’ve learned, what would you say?
Don’t break the law. Don’t intrude on other peoples’ property. It’s just the wrong thing to do. It’s unethical and immoral. And now of course it’s illegal. It’s trespassing. You’re violating somebody’s property rights. And they have the right to control and keep their property confidential. What I attribute my change of heart to is growing up. Back then I was young and immature, and never damaged anything intentionally.

Do you feel that your hacking has led to positive change in some way?
Yes. It led to my career. Today I speak around world, I do pen testing all the time–and deep penetration testing, where I go after the most sensitive credentials at a company to see if I can get to the crown jewels. I see what I can do as an ethical hacker. I really enjoy this work because when is it that you can take a criminal activity, legitimize it, and get paid for it? Ethical hacking. It’s not like you can be a drug dealer and go work for Walgreens…A lot of pen testers today have done unethical things in their past during their learning process, especially the older ones because there was no opportunity to learn about security. Back in the ’70s and ’80s, it was all self-taught. So a lot of the old-school hackers really learned on other people’s systems. And at the time, I couldn’t even afford my own computer. A dumb terminal was like $2,000. A 1,200-baud modem was like $1,200. The cost of this technology was out of my range as a high school student so I used to go to local universities and use their system, albeit without their knowledge, to learn.

Any advice for young hackers?
Yeah, don’t follow in my footsteps. There are definitely other roads or other opportunities and ways that people can learn and educate themselves about hacking, security, and pen testing. Today it’s a huge market. It’s become a huge issue within the federal government with critical infrastructure.

Some people say companies shouldn’t hire former black hat hackers. What are your thoughts on that?
I’m hired all the time. So far it has not really been an impediment. You have to evaluate the person’s skill set, their maturity, and what they did before as a hacker. Were they getting credit card numbers and buying merchandise on the Internet? Or were they hacking systems for their own intellectual curiosity? You can’t just lump black hat hackers into one category. You have to look at what they did in the past, what they’ve done since then, and what credentials they have to get the job done. People who have operated on the other side of the law, like Frank Abagnale, he is a prime example. He reformed himself and now is the leading authority on counterfeit money and checks. Look at Steve Wozniak. He even started out as a phone phreak (and sold blue boxes on UC Berkeley campus). But he took a whole different direction. He’s done a lot of good for the community. That’s another factor–what good has that person done for the community and industry since the transgression?

What are you doing now?
Consulting, author, public speaker. I go around the world speaking. That’s my primary activity–ethical hacking, pen testing, system hardening, training, education. And I’m working on my autobiography. It’s due out in spring 2010.

Fuente:  CNET, por Elinor Mills, junio 22, 2009

Ya está disponible el RedSn0w 0.7

20 06 2009

RedSn0w 0.7, la herramienta para hacer el “jailbrake” al iPod Touch 2G con 3.0 ha sido liberada por el Dev Team en versiones para Mac y Windows.  Recientemente se corrigieron unos bugs, así como el problema con la aplicación de YouTube.  Notas importantes:

  • Este Jailbreak no funciona el con nuevo iPhone 3Gs
  • Si tienes un iPhone 3G el cual utilizas exclusivamente en otra compañía no actualices a la versión del firmware 3.0 ya que este Jailbreak aun no tiene la versión de UltraSnow y no podras liberarlo por ahora, la liberación de UltraSnow se hará a través de Cydia/Icy como se ha realizado anteriormente.
  • El jailbreak de la versión anterior se perderá
  • No se perderá ningún dato, Redsnow solo modifica el firmware y deja la información intacta
  • Descarga del RedSn0w
  • Videotutorial disponible aquí
  • Nota:  Es importante que tu iPhone/iPod Touch ya esté actualizado al 3.0 antes de realizar el “jailbrake“.  Para realizar dicha actualización necesitas tener iTunes 8.2, si no al momento de actualizar al 3.0 te lo indicará.  También necesitas tener en tu PC una copia del ipsw que corresponda a tu dispositivo.  Puedes buscarla aquí.
  • Actualización:  Ya realicé el “jailbrake” a mi iPod Touch con éxito y sin problemas.  Mis datos, música y videos están intactos y el proceso tomó menos de 5 minutos.

Disponible Pwnage Tool

19 06 2009

El Dev Team ha liberado el Pwnage Tool para hacerle el “jailbrake” a los siguientes productos con el OS 3.0:

  • iPhone 2G
  • iPhone 3G
  • iPod Touch 1G

Esta versión no incluye el UltraSn0w, así que no se puede desbloquear todavía; se espera que UltraSn0w esté disponible más adelante a través de Cydia/Icy.  De nuevo, Pwnage Tool no funciona con el iPod Touch 2G y se puede usar solamente en Mac’s.    QuickPwn, para los usuarios de Windows, debe estar disponible de un momento a otro. En resumen, estos son los pasos que debes seguir para usar Pwnage Tool:

  • Bajar el firmware correspondiente
  • Bajar e instalar PwnageTool
  • Ejecutarlo y conectar el iPhone / iPod Touch 1G
  • Seleccionar el dispositivo correspondiente y seguir los pasos (se recomienda el modo experto, en el tutorial detallado estará mejor explicado)
  • Crear el firmware y poner el dispositivo en modo DFU (el programa ayuda mostrando los pasos)
  • Restaurar con el firmware creado desde iTunes utilizando Alt + Restaurar


Descargar Pwnage Tool 3.0

Fuente:  iPhone Apps

Cuando el Internet falla

19 06 2009

internet11Desde ayer al mediodía tengo problemas con mi conexión al Internet.  Soy suscriptor de Choice Cable TV desde hace varios años y reconozco que es la primera vez que tengo problemas serios de interrupciones en mi acceso al internet.  Ha sido frustrante la experiencia de las múltiples llamadas a servicio al cliente sin obtener una razón concreta del por qué del problema ni mucho menos una solución.  Las personas que me han atendido han sido muy amables y sé que han realizado un esfuerzo genuino por ayudar, pero la realidad es que a veces me cuestiono hasta qué punto llega el conocimiento técnico de algunas de esta personas.  Como profesional y educador en el área de computación, se me hace relativamente fácil saber cuando alguien sabe o no de lo que está hablando o si no nos estamos comunicando en el mismo idioma.  Pero aparte de esto, hay un detalle que no se puede pasar por alto:  La dependencia que creamos del internet.  Nuestras comunicaciones, nuestro trabajo y hasta nuestros entretenimientos se han ligado al web de tal forma que cuando no lo tenemos, nos sentimos desorientados.  Esto puede ser normal de acuerdo a cómo nuestras actividades se han tornado con mayor frecuencia dependientes de la red, sin embargo, también nos crea un problema al momento en que no estamos conectados.  Incluso,a  algunas personas les puede producir ansiedad y tensión, como si se tratara de alguna adicción y esa es la parte que debemos vigilar.  El internet es bueno, nos resuelve mucho en nuestro diario vivir, pero no debemos crear una dependencia del  mismo, como si nuestra vida dependiera del web.  Mi experiencia me ha servido para evaluar hasta qué punto mis actividades dependen de estar conectado y hacer los ajustes de contingencia pertinentes.

PSNPR, noticias del Playstation Network por puertorriqueños

18 06 2009

Un grupo de gamers puertorriqueños se ha dado a la tarea de publicar un blog dedicado al Playstation Network y a los juegos de PS en general.  La idea es comunicar las noticias con un toque criollo y dar a conocer qué está pasando en el ambiente local de los videojuegos, una iniciativa muy encomiable y a la que exhorto apoyemos.


Acceder a PSNPR