The Motivations Behind Computer Hacking

Pablos Holman is a futurist, IT security expert, and notorious hacker with a unique view into both breaking and building new technologies. In the following presentation, he explains what drives computer hackers to do what they do best: break into gadgets, networks, and systems.

Advertisement





8 Responses to The Motivations Behind Computer Hacking

    • We hack because it’s fun, not to show off. Taking things apart, putting them back together, putting them back together so they’re better than when we started–that’s what hackers do as children. So we grow up and get computers, what happens? We start tearing into them too. How does this system work? What makes it go? What can I change to make it do something different? How can I improve the system?

      It’s all about finding the weaknesses in the system and fixing them. Yes, there might be exploiting involved, but don’t you see why? If you can’t prove that a vulnerability is exploitable (proof of concept code), the vendors won’t take you seriously. They won’t bother to patch their code, fix the system, make it actually secure. They’ll ignore you and keep saying it’s (big air-quotes)”secure,” and that’s no good for consumers.

      And let me explain what I mean by exploits. There are 2 ways of disclosing vulnerabilities. The first is responsible disclosure. You do this when no exploit currently exists. Tell the vendor what’s wrong. Tell them how to fix it. Work with them. If they’re not listening, show them some Proof of Concept code. Give them a few months to work on (hopefully, fix) the problem before disclosing the vulnerability. Disclose it even if they don’t fix it after the 90 days (or however long) you’ve given them though. Often “I’m disclosing next week” is enough of a kick in the nuts to get them to do something. The other way is immediate disclosure. You do this when there is an exploit already in the wild taking advantage of the vulnerability. You make it public so consumers know what to look for and can thus protect themselves. It also gives the vendor the aforementioned kick in the nuts to force their hand on fixing it.

      I don’t know that it’s fair for me to say “we” when I’m not a security professional (yet), but I’m part of the hacker community.

      I can’t view the video due to open source Flash being unhappy with that .swf (.flv are very very nice though, Kiltak), so no idea if I’m repeating.

    • We hack because it's fun, not to show off. Taking things apart, putting them back together, putting them back together so they're better than when we started–that's what hackers do as children. So we grow up and get computers, what happens? We start tearing into them too. How does this system work? What makes it go? What can I change to make it do something different? How can I improve the system?

      It's all about finding the weaknesses in the system and fixing them. Yes, there might be exploiting involved, but don't you see why? If you can't prove that a vulnerability is exploitable (proof of concept code), the vendors won't take you seriously. They won't bother to patch their code, fix the system, make it actually secure. They'll ignore you and keep saying it's (big air-quotes)"secure," and that's no good for consumers.

      And let me explain what I mean by exploits. There are 2 ways of disclosing vulnerabilities. The first is responsible disclosure. You do this when no exploit currently exists. Tell the vendor what's wrong. Tell them how to fix it. Work with them. If they're not listening, show them some Proof of Concept code. Give them a few months to work on (hopefully, fix) the problem before disclosing the vulnerability. Disclose it even if they don't fix it after the 90 days (or however long) you've given them though. Often "I'm disclosing next week" is enough of a kick in the nuts to get them to do something. The other way is immediate disclosure. You do this when there is an exploit already in the wild taking advantage of the vulnerability. You make it public so consumers know what to look for and can thus protect themselves. It also gives the vendor the aforementioned kick in the nuts to force their hand on fixing it.

      I don't know that it's fair for me to say "we" when I'm not a security professional (yet), but I'm part of the hacker community.

      I can't view the video due to open source Flash being unhappy with that .swf (.flv are very very nice though, Kiltak), so no idea if I'm repeating.

  1. In some ways I believe that hackers are intelligent. Besides, they wouldn’t called hackers if they don’t know how the system works. However, if they are doing it for a wrong purpose, that is where the problem may arise.

  2. In some ways I believe that hackers are intelligent. Besides, they wouldn't called hackers if they don't know how the system works. However, if they are doing it for a wrong purpose, that is where the problem may arise.