I hacked my best friend
exogan.com> He briefly removed his subdomain and rethought his security systems. It was a really fun week.
Sorry, it is not fun for your friend unless he had an absolute trust in you, and knew you'd help him remove every backdoor/keylogger/etc.
He may have spent a lot of time securing his machine, time he'd rather have invested in different things.
Seriously, don't do that. Just tell him about the obvious weakness - send a proof of concept if needed.
But a friend is more precious that some cracker creds.
I did help him remove the keylogger and explained him what I did. We've known each other since kindergarden. Plus, it was a mutual challenge, a capture the flag situation.
Nowhere in the article do you ever talk about any kind of agreed-upon challenge where anybody gave you permission to try this kind of exploitation.
"I needed to stand out, and what better way than hacking into his network?"
The fact that this crosses peoples minds really concerns me. Have we so degraded our respect for things that belong to other people that we're willing to do this as part of a publicity stunt?
To those calling him out for hacking his friend without permission, keep in mind he was a teenager (15) at the time. His friend was of similar age. Teenagers do stupid things, I was of similar age at one point and also did very stupid things.
It's part of growing up.
Saying that, the author needs to give better context.
Yes, but he didn't write it as a cautionary tale or even attempt to portray it as a stupid thing done out of youth. The delivery very strongly portrays it as a good thing that was a good idea, and a rational step towards advancing yourself in the world.
A mechanic reading a tale of someone pouring metal filings in with the engine oil, I doubt they're going to think it's a good idea to go out and ruin their engine.
Is an author always required to include a disclaimer? Stupid is as stupid does.
The mechanic's disclaimer is going to be inherent in the text: "I once poured metal filings into an engine, and then everything went to hell". This isn't like that at all, it's a tale of how hacking somebody's systems without consent was a fun and rewarding idea.
>Thanks to Google, I didn't even need to crack that hash, I just searched the hash string and found the password already cracked.
Im gonna guess unsalted md5?
Wow, that's seriously messed up if (which I didn't grok in the article) the person did not know that you were trying to help them with their security. The verbiage seems incredibly antagonistic (started to get nasty, etc)...implying a poor friendship at best.
Agreed with the first comment - no fun at all for your friend indeed. The links are good at the end, I've read about a few of those tools even being relatively non-technical. I think more people should have a basic understanding of how to maintain security, but, this doesn't strike me as the best way to teach folks.