[HN Gopher] I got an FBI record at age 11 from dabbling in crypt... ___________________________________________________________________ I got an FBI record at age 11 from dabbling in cryptography (2015) Author : monort Score : 356 points Date : 2022-01-28 18:43 UTC (4 hours ago) (HTM) web link (web.stanford.edu) (TXT) w3m dump (web.stanford.edu) | Scoundreller wrote: | > To me, $8 represented 40 round trips to the beach by streetcar, | or 80 admission fees to the movies. | | I guess we can be impressed that round trip municipal public | transit is now cheaper than a movie admission fee. | errcorrectcode wrote: | I wonder if gifted and talented programs may also be used to | inventory brain capital and feed into algorithmic threat | identification, watchlist(s), and/or clandestine services | recruiting. | waiseristy wrote: | oliv__ wrote: | I agree you should be able to do that without consequences but | there's nothing brave about pulling down an American flag and | stepping on it. | wheybags wrote: | In Afghanistan? Maybe not. In the USA? That could be | something very brave indeed. (Rabid patriots please recall | brave does not mean good nor bad) | waiseristy wrote: | In many time periods in this countries short history, you | would be dead wrong. But, I was more pointing to the bravery | of these FBI agents, investigating this horrendous crime | gs17 wrote: | Assuming the flag wasn't your property (and that you weren't | a four year old like in the story), you probably shouldn't be | allowed to do it, but it should be at most a minor vandalism | case for local police, not the FBI. | goodpoint wrote: | > you probably shouldn't be allowed to do it | | Why, assuming it belongs to you? | gs17 wrote: | I said to assume the opposite of that. The case they were | citing was definitely not the owner of the flag doing it. | [deleted] | vmception wrote: | Reports aren't indictments or any curb of freedom from the | government | | You have to argue in front of a federal judge that the | existence of reports chills your speech, but you also have to | prove you were effected, so its like schrondinger's speech | where the judge cant curb a government behavior if you cant | prove something you didnt do, happened. | [deleted] | dang wrote: | Please don't start nationalistic flamewars on HN. They're | tedious, repetitive, and nasty--just what we don't want here. | | https://news.ycombinator.com/newsguidelines.html | mangokamikaze wrote: | phkahler wrote: | >> My mother told the investigators how glad she was to get the | glasses back, considering that they cost $8. The sourpuss did a | slow burn, then said "Lady, this case has cost the government | thousands of dollars. It has been the top priority in our office | for the last eight weeks. We traced the glasses to your son from | the prescription by examining the files of all optometrists in | the San Diego area." He went on to say that they had been | interviewing our friends and neighbors for several weeks. | | Mom: "And how is that foolishness my problem?" | 14 wrote: | It's sad that people on positions of authority are always | paranoid someone is lying. I was recently pulled over and I was | sure I hadn't done anything and it was on a very busy highway | through town and I was literally at a side road so turned off and | immediately pulled over. It took seconds. The officer as he | approached me put his thumb on the back of my car. From my | reading they do that to leave their fingerprints if something | goes wrong. He approached and said he just wanted to check if I | had my license, something they are not supposed to do since it | fosters racial profiling they are supposed to have a reason. But | he said I noticed you don't have an N on your car(the N indicated | new drivers) and you looked a little young so wanted to check. | Just a bullshit story since I am 40, had 2 teenage kids and a 6 | year old in my car and enough facial hair to say I was way beyond | a 5 o'clock shadow. Then he began to lecture me how when a car | pulls onto a side street it makes him very suspicious. I said | well I don't want anyone getting hit from behind and he replied | That he is not affraid of getting hit. All very well I am glad | you are not but I had 3 kids in the car and have seen enough | videos of officers getting plowed and I didn't want to be part of | that. He let me go and with that I am once again annoyed with the | police. If I've done something ticket me I've never omce fought a | ticket. I pay my dues. But like I say that rule is to stop racial | profiling so I take it seriously. | wildlogic wrote: | FBI file here also for hacking in middle school... later added | onto for messing around making tesla coils and mixing up rocket | fuel. | ajross wrote: | So... the headline invokes an inappropriate image. The author | attracted the attention of the FBI _in 1942, when "cryptography" | meant wartime codebreaking, and his amateur cypher got lost and | then found and turned in by a genuinely concerned citizen_. | | I mean, OK. Sure, it's bad that kids interested in math get | caught up in this. But come on, it was the middle of the biggest | war in history and real spies were indeed doing real work with | codes like that. This says nothing about modern enforcement | regimes, nor should it. | unethical_ban wrote: | As it relates to the man's story, the most offensive part about | it is the demeanor of the agents angry at the kid and being | abrupt with the mother. The FBI rightfully investigated at the | time what seemed to be a coded key, which is very uncommon. The | boy did nothing wrong, and he wasn't punished. | | But if the FBI wants to be pissy for hitting a false positive, | do it at the water cooler, not toward innocent people. They | should have offered the kid a job. | vkou wrote: | This is the important take-away, here. | | If he were dabbling with radios at the age of 11, in 1942, he'd | have ran into the same kinds of problems. | | Hell, simply being of the wrong ethnicity was more than enough | to dump a world of problems on your head in that time period. | 120,000 people were sent to internment camps for doing | literally nothing, and we're wringing hands over a kid getting | a house call from the FBI. | Broken_Hippo wrote: | _Hell, simply being of the wrong ethnicity was more than | enough to dump a world of problems on your head in that time | period. 120,000 people were sent to internment camps for | doing literally nothing, and we 're wringing hands over a kid | getting a house call from the FBI._ | | Actually, wring hands at both things. The camps were | atrocities, even if they didn't match quite the enemies' | atrocities. But they were _also_ doing this sort of thing to | many different sorts of folks. | vkou wrote: | On the scale of hand-wringing, this doesn't even register. | Nothing bad happened to him. The police looked into it, | decided this was probably not an issue, filed it, and moved | on. No laws were broken. No procedures were violated. | Nobody's fundamental human rights were curtailed. The | procedures or laws in place weren't unfair or excessive. | | This isn't the Rosa Parks, or the Rodney King, or the | George Floyd of police abuse. This isn't the springboard | for broad, or even narrow reform. This is the system | _working_. I understand that a tinkerer may feel offended | by the fact that the police even looked into this _in the | middle of a world war_ [1], but if that's the poster child | of your problems with the police, you are in a staggeringly | privileged position, compared to on-going, actual problems, | affecting millions of people every year (outside of the | context of, well, a world war.) | | [1] That was in large part won by intelligence and counter- | intelligence. | tgsovlerkhgsel wrote: | Most importantly, there is something modern enforcement could | learn from the story: _nothing bad (aside from a stressful | meeting) actually happened to the suspected but ultimately | innocent kid_ | herbst wrote: | Isn't it weird for Americans to know that their own secret | service is monitoring their kids? | bityard wrote: | Generally, the secret service doesn't monitor kids unless they | believe that they are somehow a threat to the president. | | If you read the story, you'd know that the FBI wasn't | "monitoring kids", they were investigating an incident that | _could_ have had something to do with international espionage, | colored significantly by wartime paranoia. They were obviously | embarrassed when all of their leads pointed to a kid. | | However, even today, the FBI doesn't monitor kids. Tech giants | and social networks do that for them. | bink wrote: | Well, maybe not anymore, but the Secret Service used to be | charged with investigating computer crimes. I was the victim | of one of their covert raids at the Pentagon City mall way | back in the early 90s. | | They dressed up like mall cops and searched us all. It even | ended up on the front page of the Washington Post. | | https://www.washingtonpost.com/archive/politics/1992/11/12/h. | .. | kmano8 wrote: | Ran a `netsend` once from the school library. Saw it pop all over | everyone's screens, and immediately :homer:'d out of there. | Unfortunately don't remember the text I sent. | isuckatcoding wrote: | What a wonderful and adventurous life! I really enjoyed reading | that. | | Makes me think about what stories I'll have to tell about my life | in 40-50 years. | gtsop wrote: | Please sir | | max-width: 100%; overflow-x: none; | | Edit: sorry completely messed up my css | | <meta name="viewport" content="width=device-width, initial- | scale=1.0"> | pphysch wrote: | Anyone know what unholy magic generated this page's HTML? | Microsoft Word -> "Export to HTML" or something? | wging wrote: | Seems likely - it starts out like this: | <html xmlns:o="urn:schemas-microsoft-com:office:office" | xmlns:w="urn:schemas-microsoft-com:office:word" | xmlns:st1="urn:schemas-microsoft-com:office:smarttags" | xmlns="http://www.w3.org/TR/REC-html40"> <head> | <meta http-equiv=Content-Type content="text/html; | charset=windows-1252"> <meta name=ProgId | content=Word.Document> <meta name=Generator | content="Microsoft Word 10"> <meta name=Originator | content="Microsoft Word 10"> | tgsovlerkhgsel wrote: | Lesson learned: "We traced the glasses to your son from the | prescription by examining the files of all optometrists in the | San Diego area." - if you want your possessions found, you can | either attach a note with your home address or an AirTag... or | simply something _so_ sketchy that an intelligence agency | delivers your stuff together with an awesome story. | 0cVlTeIATBs wrote: | A gangster was in prison, when he received a letter from his | mother. "We miss you very much, and it will be hard for your | father to till the garden without you." "Don't do that, that's | where I buried the guns!" he wrote back. A while later he | received another note: "Some men from the prison completely dug | up our garden looking for those guns, but they didn't find | anything." "I know, mama. It was the least I could do for you." | nickagliano wrote: | Did anyone else look into his Stanford biography page? Pretty | insane stuff. | | https://web.stanford.edu/~learnest/ | | http://web.stanford.edu/~learnest/bucket/ | | In a section headed by an anime girl, he claims to have, "figured | out when and how a bunch of other fantasies got into our DNA and | will shortly post an article on this web site that will explain | how that happened, why it is causing modern humans to make | billions of bad decisions each day, and how we and our | descendants are likely to be wiped out soon unless we begin | dealing with this problem in a rational way." | | Then there's a weird picture of his face, which is how he thinks | he'll look in 2043, when "he plans to croak at age 112". | | On his bucket list page, | | "My choice as a troublemaker will be to get shot in the back | while running away from an jealous husband in May 2043". | | Very weird stuff. | scruple wrote: | Found a couple links [0][1] that appear to be follow-ups to | that section about fantasies. | | [0]: https://web.stanford.edu/~learnest/earth/fantasy.html | | [1]: https://web.stanford.edu/~learnest/earth/fantasies.html | KineticLensman wrote: | Let me die a youngman's death not a clean and inbetween the | sheets holywater death not a famous-last-words peaceful out of | breath death | | When I'm 73 and in constant good tumour may I be mown down at | dawn by a bright red sports car on my way home from an allnight | party | | Or when I'm 91 with silver hair and sitting in a barber's chair | may rival gangsters with hamfisted tommyguns burst in and give | me a short back and insides | | Or when I'm 104 and banned from the Cavern may my mistress | catching me in bed with her daughter and fearing for her son | cut me up into little pieces and throw away every piece but one | | Let me die a youngman's death not a free from sin tiptoe in | candle wax and waning death not a curtains drawn by angels | borne 'what a nice way to go' death | empressplay wrote: | That last bit I think is stolen from Lazarus Long | angst_ridden wrote: | A person I know studied in East Germany in the early 80s via a | very limited exchange program. After the wall came down, she | requested her Stasi file. | | It was fascinating what was in the file - lots of | misunderstandings and misinterpretations. For example, she was | upset when the Challenger exploded, and this mystified the Stasi | informers who had previously identified her as a pacifist (in | their minds, the Shuttle was 100% military). | | Similarly, she was trying to research what happened to a relative | who had remained in Germany in the late 30s, and whether she had | died of natural causes or been sent to the camps. The Stasi file | was filled with speculations on the details of this "sleeper | agent" with whom she was trying to establish contact. | | All this to say that from the mindset of a spy, everything is | spy-craft. Everyone's world-view shapes their interpretation of | events and reality itself. Was the shuttle a military venture? | Partly. Was it also a tool for science? Yup. But the | functionaries who looked at her data in the heat of the cold war | certainly couldn't see those distinctions. | | For what it's worth, she was able to get her Stasi file, but has | never been able to get a copy of her FBI file. | joebob42 wrote: | Hey, my mother was in almost exactly the same situation and has | been talking to people about it. They should get in touch, | although I'm not sure how to do that. | angst_ridden wrote: | Did she study in Rostock in '86? | joebob42 wrote: | Yeah, I'm not certain of the year but yeah. | | Edit: no, she was 88. | | From brown? Afaiu that was the main program. | angst_ridden wrote: | Yup, Brown. I'm sure they know one another! | headcanon wrote: | I wonder how much of that was just regular Stasi bureaucrats | trying to keep their job. If everyone on their watchlist was a | potential spy, then maybe their bosses stay scared enough to | keep them employed? Or maybe that was the metric they used for | promotions, and it inevitably became a target, resulting in a | massive inflation of potential "spies" within the bureaucracy. | nicbou wrote: | This might be a good way to explain my discomfort with online | tracking. | | Machines categorising you based on your behaviour, without your | knowledge nor your consent. It's not so bad when it serves you | ads (unless it sells alcohol to alcoholics), but there's no | telling what similar algorithms would say about you in the | hands of a rogue government. They can find vulnerable people, | people who hate certain people [0], people who talk to certain | people or hold certain ideas. | | What makes it even more terrifying is that machines can | categorise people much faster, based on a much broader set of | information. It's not just informants and paper reports, but | millions of fine data points. | | I'm bringing all my data together[1], and the result is a graph | of every place I've visited, every conversation I've had, | everything I looked up, every book I've read, every transaction | I've made, every video I've watched and everyone I've talked | to. There's even more data about me in the wild, and if you | combined it with other people's data, you could figure out even | more about my every move. | | It's a good thing that the Stasi was a few decades early. | | [0] https://www.propublica.org/article/facebook-enabled- | advertis... | | [1] https://nicolasbouliane.com/projects/timeline | angst_ridden wrote: | One other funny detail is that most of the Stasi file was | handwritten notes in pencil. The vast majority of it was crap. | It seems that a lot of her associates were obligated to report | on her to the Stasi, but either couldn't or didn't want to give | any details that would be harmful to anyone. | | Much of it was along the lines of "[fellow student] says | [subject] was disinclined to denounce rent-control as a | counter-revolutionary ploy during a late-night discussion with | [other student]." or "[room mate] overheard [subject] calling | her family in the US, and did not hear any overt discussion of | politics." | pvg wrote: | _but has never been able to get a copy of her FBI file_ | | This can be confusing because there are various bewildering | options, some of which are slower (or outright ineffective for | personal records) than others but getting FBI records is | comparatively straightforward once you've navigated the maze. I | did it a few years ago and they sent me a CD's worth of stuff, | plus a note of things they had not sent me or had redacted with | instruction on challenging their decisions on these. | angst_ridden wrote: | I'm not positive, but I seem to recall she said that she | requested files, but just got back a folder of redacted | sheets only showing a few dates and her name scattered | throughout. | champagnois wrote: | It makes me wonder -- does everyone end up investigated for their | interest in HTTPS and trying to think up encryption methods? | | It seems even having a passive interest in computer science or | cryptocurrency would inevitably lead to one taking a class or | buying a book on these topics. The business person in me always | brainstorms the various potential business applications of any | technology -- and that inevitably leads to a lot of discussion. | | Any system of policing that results in entire professions and | swathes of hobbyists being considered and treated as enemies of | the state is essentially the same level of injustice as the witch | trials of old and shows our species has not improved all that | much. | mmh0000 wrote: | May I suggest, a brief reading of the Wikipedia article on | Crypto Wars[0]: | | The Crypto Wars is an unofficial name for the attempts of the | United States (US) and allied governments to limit the public's | and foreign nations' access to cryptography strong enough to | thwart decryption by national intelligence agencies, especially | the National Security Agency (NSA). | | [0] https://en.wikipedia.org/wiki/Crypto_Wars | not2b wrote: | Not any more, but back in the 1970s and before cryptography was | considered the province of the military and spies, not for | civilians to mess with, in the US and the UK. State-of-the-art | crypto was treated much like tech for nuclear weapons. The | pioneers of public key cryptography had to fight for their | right to publish. | champagnois wrote: | I cannot imagine an entry level class in Web Development (or | even a coding bootcamp) not dedicating some time to crypto | and SSL / SSH. | | Anyone doing a deepdive on these topics would seemingly be | put on a list. It is absurd. | not2b wrote: | Netscape was required to severely cripple SSL to be allowed | to export it in the early 1990s. Since "export" included | putting software on an FTP server, this meant no open | source crypto software could be on US servers. GNU | addressed that problem by hosting some software in Europe. | | See https://en.wikipedia.org/wiki/Export_of_cryptography_fr | om_th... | localhost wrote: | I liked the old-school vibe of this page, so I decided to view | source it. This was written using ... Microsoft Word(!) | dekhn wrote: | in case you're not aware, the author of this is a known (but not | well-known) AI researchers from way, way back. | | He invented the "finger" protocol. I chose the university I went | to based on the qualitty of the plan files so in some sense, he's | the reason I ended up at UCSC. | kragen wrote: | Finger protocol, port 79: >dekhn[CRLF] | <[dekhn's login status, .plan, etc.] <[EOF] | | HTTP/0.9 protocol, port 80: >GET | /~dekhn/[CRLF] <[dekhn's home page, etc.] | <[EOF] | | HTTP was a slightly enhanced finger, so in some sense he's the | reason for the web. | jacquesm wrote: | I never made that connection before, thank you! | dekhn wrote: | I'm not sure if there is any historical evidence backing | that up (IE, Tim Berners-Lee used Finger protocol as an | inspiration. A lot of the UNIX protocols of the time were | like that (NNTP in particular), simple call/response with | textual commands and arguments. | bink wrote: | Almost any protocol from back then looked similar. Check | out IRC: http://books.gigatux.nl/mirror/irchacks/05960068 | 7X/irchks-CH... | jacquesm wrote: | Let's ask. Also 79 -> 80... that's a bit of a hint. | | Edit: asked. | kragen wrote: | I look forward to hearing what TimBL says! | | I think Finger itself was a copy of the Whois protocol, | which runs on port 43. I'm pretty sure sri-nic.arpa | supported that. | | Things like NNTP, SMTP, IRC, and FTP were pretty | different. They're textual, yes, but they're highly | stateful protocols with lots of back-and-forth to get | anything done. DNS, NFS, and SNMP (or was that later?) | were stateless, but used optimized binary structures over | UDP. | | Later, numerical status codes and long-lived connections | got added back in to HTTP, but they weren't there in | HTTP/0.9. Designed at the same time, Gopher (port 70) was | also a finger-style (or whois-style) protocol, and I | don't think it has status codes either. | dekhn wrote: | I think that's because Dr. Lee picked the lowest unused | port at that time. | | But let us know. | jacquesm wrote: | If he answers, for sure. | partiallypro wrote: | How does one find out that you have an FBI record? | easrng wrote: | I assume the easiest way is to do something that would cause | you to get one. | Broken_Hippo wrote: | You probably don't find out unless you've been visited by the | FBI. Once you are visited, though, you can be pretty certain | that you do. | dylan604 wrote: | You can have an FBI file and never meet anyone working for | the FBI. Similar to how you can have a FB profile while never | joining FB. | tyingq wrote: | There's this: https://www.fbi.gov/services/cjis/identity- | history-summary-c... | | An FOIA request would probably be more comprehensive, though | also more work. | Bootvis wrote: | Fun story but the fact that he totally lost touch with his | childhood friend over something so silly makes me sad. | Broken_Hippo wrote: | It makes me even more sad that we haven't remedied that sort of | thing everywhere by giving children rights, including free | association with others. In other words, parents cannot govern | friends and romantic partners. | rPlayer6554 wrote: | So would you be alright with your son/daughter choosing their | romantic partner as a 50 yr old pedophile, drug dealer, | and/or avid supporter of whichever religion or cause you find | the most perverse and destructive to humanity? | amatecha wrote: | There's definitely a balance to be had... Kids don't | generally have those rights because they have far too little | life experience to judge the effects of associating with | people. Adults have seen the life paths of those around them | and observed where certain directions can lead. So, parents | look out for their kids. Sometimes the parents just have poor | judgement, heh | nostrademons wrote: | Runs into the same problem the majority of people have in | capitalist democracies: rights are tied to economic ability. | Kids are usually economically tied to their parents, so if a | parent decides "Wups, gotta take a new job across the | country" or even "I'm sorry, I don't have time to drive you | there." | | (As a side note - dumb parents tell their kids "No, you can't | be friends with ...." Smart parents ensure their kids will | never meet ... before their kids are even born, through | zoning laws and buying a home in a good neighborhood. I | wonder if housing policy advocates realize how much of | housing policy is driven by ensuring that your kids associate | with "the right" sort of people.) | bityard wrote: | Are you a parent? | dang wrote: | One past thread: | | _How I got an FBI record at age 11 from dabbling in cryptography | (2015)_ - https://news.ycombinator.com/item?id=14229412 - April | 2017 (133 comments) | vmception wrote: | Protip: an FBI record means nothing and you can check if you have | one too! | | There is a gov site somewhere maybe someone else knows the url | herbst wrote: | Is there something like that for foreigners from the NSA CIA | WhateverA too? | Someone1234 wrote: | I assume this one: | | https://www.fbi.gov/services/cjis/identity-history-summary-c... | | But it isn't clear to me if this would provide the kind of | information presented in the article (e.g. if you've been | simply investigated for a suspected crime). | | > listing certain information taken from fingerprint | submissions kept by the FBI and related to arrests and, in some | instances, federal employment, naturalization, or military | service. | bravetraveler wrote: | I've wondered if they've kept tabs on me since I was | young/dumb... | | Back before SSL/TLS became a thing, ARP poisoning was all you | really needed to find out some _fun_ details. It was basically | pretending you 're both the network gateway and a client. | | This and some poor decisions on my part ended up with an | expulsion my senior year, never had a phone call like this - just | angry people from the state. | spullara wrote: | A friend of mine in 1997 got arrested for poking around in air | force computer systems. He was charged with a felony not because | he did any damage but because it cost $40k to track him down. He | also had to pay that back. | | https://attrition.org/~jericho/works/security/crime_punishme... | | "Once again, when computer crime enters the equation, | circumstances seem to change. In May of 1997, Wendell Dingus was | sentenced by a federal court to six months of home monitoring for | computer crime activity. Among the systems he admitted to | attacking were the U.S. Air Force, NASA and Vanderbilt | University. What is different about this case is the court's | order for Dingus to repay $40,000 in restitution to the Air Force | Information Warfare Center (AFIWC) for their time and effort in | helping to track him.Once again, when computer crime enters the | equation, circumstances seem to change. In May of 1997, Wendell | Dingus was sentenced by a federal court to six months of home | monitoring for computer crime activity. Among the systems he | admitted to attacking were the U.S. Air Force, NASA and | Vanderbilt University. What is different about this case is the | court's order for Dingus to repay $40,000 in restitution to the | Air Force Information Warfare Center (AFIWC) for their time and | effort in helping to track him." | anonymousiam wrote: | This story contains a link to another of his stories (also | published in Communications of the ACM, February 1989). | | Old as it is, it seems quite relevant in our current race- | obsessed culture: | https://web.stanford.edu/~learnest/les/mongrel.htm | BizarroLand wrote: | Yeah, I read that. I wonder if in another 75 years we'll have | become as much more enlightened about race as we did from the | 1950's to now and look back on some of our present policies and | practices with horror and disgust. | | Seems unlikely, the first 80% of improvement is the easiest and | we've got to be somewhere close to that now, but I could be | wrong. | Hackergamer123 wrote: | m4tthumphrey wrote: | Off topic: I'm watching Hackers[0] for the first time tonight and | this is on Hacker News. | | [0] https://www.youtube.com/watch?v=peBuMWtkw8s | sudosysgen wrote: | I got a CSIS record at the age of 12 for the same reason. It | turned out after someone did a FOIA request that the IRC chatroom | I was having some crypto fun in had a CSIS record. | | Sadly after that a lot of people got spooked and I lost touch | with many there. Never got to meet my friend despite living in | the same city :( | belval wrote: | This story (assuming it's true) should serve as an excellent | example of why you need privacy even if you think that you don't. | In peace time the NSA is only looking for "terrorist" and leaves | everyone alone, but in case of war they would start creating | lists for any and everything. All it takes is one "tough" agent | trusting their gut feeling/algorithm based on your browsing | history and shopping habits to put a target on your back and you | are done. | | EDIT: Replacing "if there's any truth to it" by "assuming it's | true". I did not mean to imply that the author made up the whole | story and thought both expressions were equivalent. | not2b wrote: | The "if there is any truth to it" remark was unnecessary. The | author was very well known on the net when it was a much | smaller place (the old Usenet days), and implying that he made | it up is, to say the least, impolite. | | His Wikipedia page: https://en.wikipedia.org/wiki/Les_Earnest | belval wrote: | You may know him but I did not, so I erred on the safe side | and added the "if there is any truth to it" as it's a much | safer default to assume that everything I read on the | Internet is possibly made up. | SamBam wrote: | I'd say it still sounds a bit hostile. I'd suggest | "assuming it's true" as a nicer way of saying it. | belval wrote: | Seeing the reply I'm getting, I think this is just the | "English is my second language" showing on my side. I | always assumed both expression were somewhat equivalent | but clearly they aren't. | fuzzybear3965 wrote: | As a native speaker it appears to me that your audience | is being a little uncharitable (they being, ironically, | intellectually ungenerous toward you). | HeyLaughingBoy wrote: | I think what /u/not2b was getting at in the bigger picture, | is that we can decide for ourselves if something is not | likely to be the truth. | | But if you explicitly add "if there is any truth to it" to | your post, then it suggests to the reader that the story is | probably false and that's not a very useful premise to | start from. | loup-vaillant wrote: | > _I erred on the safe side_ | | The safe side is giving them the benefit of the doubt. | Possibly made up, sure, but your "if there's any truth to | it" gave a _most probably_ made up vibe. Not only is that | uncalled for, it's pretty inaccurate. | wyre wrote: | I don't think assuming stories as untruthful is using good | faith. I think this line of thinking heavily contributes to | this post-truth society we live in; if everything online is | a lie that leaves the individual to create their own truth | from the lies leading to this idea of post-truth. Obviously | there is more nuance than this because websites need views | for ad revenue and people like lying online for imaginary | internet points or attention, but I see little reason to | lie on HN unless it's for a company's PR. | dylan604 wrote: | Not believing everything you read that causes searching | for additional credible sources for corroboration should | be the healthy approach. It's quite disengenious to | assume the original poster immediately jumped to any | conclusion without additional research and landing that | it was fake. | grej wrote: | relevant, and worth rereading: https://jacquesmattheij.com/if- | you-have-nothing-to-hide/ | jacquesm wrote: | I was wondering where all that traffic suddenly came from. As | for those neighborhoods that were raided: the 'new' City Hall | of Amsterdam is built right on top of one of the largest of | them. Not a house left standing of those blocks. | tgsovlerkhgsel wrote: | "and you are done" While I agree about the need for privacy, I | don't think this story is a good argument for it. One of the | interesting aspects of this story is that the main actual | consequence of this privacy invasion was that he got his | glasses back. | goodpoint wrote: | Only because he was white and born in US. Had he been the son | of a middle-eastern immigrant in 2011, daddy would have | disappeared. | belval wrote: | But that's probably because he was a child, not of Japanese | descent, and one of the two agent actually believed the | story. | | If he had been a 30 years old Japanese weirdo that likes to | keep "codes" in his wallet I am pretty sure the story would | be very different. | nickysielicki wrote: | > In peace time the NSA is only looking for "terrorist" and | leaves everyone alone | | If you say so. | drfuchs wrote: | Yeah, he's for real, and I heard him tell this story (and a | number of others) about 40 years ago, for what that's worth. In | addition to his other info on the web mentioned elsewhere here, | there are also quite a selection of his files from the Stanford | AI Lab (SAIL) system, that have been pulled off of old backup | tapes, and with permission appear at | https://www.saildart.org/LES (note the 3-letter account name, | and 3-letter, single-level subdirectory names that you can | click down into). | sam0x17 wrote: | Combined with a continual state of "war on terror" and a post- | conventional-warfare world, this time is basically all the time | anyway. | toshk wrote: | meowface wrote: | Very good point. Everything is framed under the status quo. If | shit hits the fan, all those assumptions immediately fly out | the window. If the writ of habeas corpus is suspended, NSA | instantly transforms from shady to Stasi. | _moof wrote: | _> In peace time_ | | And honestly, when was the last time of any significant | duration when the US was not involved in a military conflict? | BizarroLand wrote: | Seems like the safest bet would be to fully inventory every | human, know everything about them as well or better than they | do, and then, once you're highly assured of their safety to the | commonwealth of the country monitor them for even the slightest | changes in their disposition or regular pattern of activity. | | Of course, you would have to completely disregard any concept | that people would have a freedom to privacy to do that, and you | would also have to account for natural changes over time. | | People make new friends, get exposed to new ideas, and | gradually change no matter how hard you try to lock them in a | box. The data storage and processing requirements to monitor | America's 350 million people would be understated as | staggering, the man hours for perfect enforcement incalculable, | and even if you reached Pareto parity (monitoring 80% of the | highest-risk individuals 100% of the time) you're still going | to have people slip through the cracks. | | I would place a $100 bet on this already being the practice of | the 3 letter agencies and if they haven't fully rolled it out I | would hazard an extra tenner on that they're within 5 years of | completing it as long as their funding isn't disrupted. | | The only defense most of us have against it is that we're not | individually interesting so we probably never register as more | than a blip on a hard drive somewhere under most circumstances, | human eyes never prying into the worlds we make for ourselves. | kromem wrote: | Where this apparatus gets really interesting is the addition | of AI. | | Suddenly cross-referencing pockets of activity in the giant | trove of permanently stored data can be done for every | citizen, not just ones of interest. | | You can start modeling and simulating behavior off that data | to predict future actions like in Minority Report. | | But if you look far enough into the future on that trend and | link it into Microsoft's recent patent on resurrecting dead | people as AI chatbots from social media data, the treasure | trove of all online activity for every citizen becomes a | curious anthropological artifact as the people in it die off. | | Did you have a nuclear scientist on the verge of a fusion | breakthrough die before they could finish their paper? Just | feed the entirety of their digital life into the system and | extrapolate the non-digital using generalized "human | experience" models built off everyone else to resurrect a | copy of them (or many copies) in a simulated continuation of | their day to day thinking and working. | | Very few people fully understand the extent of the digital | footprints we are leaving behind in the context of trends in | big data. | | The data we are leaving behind in mass collection will | eventually take on (literally) new life. | tgflynn wrote: | This title needs to be qualified with "during World War II" or | (1942). | snvzz wrote: | Wait until they learn about people using perfect cryptography | (one-time pad). | [deleted] | relaunched wrote: | I love the post. I smiled quite a lot, not only because of the | stories themselves, but because of my own childhood tomfoolery, | oftentimes including my childhood best friend. | jolmg wrote: | > At some point the Jack Armstrong program invited listeners to | mail in a Wheaties box top to get a decoder ring that could be | used to decipher secret messages that would be given near the end | of certain broadcasts. | | I remember seeing that in "A Christmas Story": | | https://www.youtube.com/watch?v=6_XSShVAnkY | aeturnum wrote: | > _The friendlier one eventually described how much it had cost | to investigate another recent case where a person was reported to | have pulled down an American flag and stepped on it. Only after | the investigation was well under way did they learn that the | perpetrator of this nefarious act was only four years old._ | | I never cease to be amused and amazed by the incredible lack of | imagination discernment law enforcement personnel display at all | levels. I'm sure some smart people work at the three letter | agencies, but there sure is a range! | | To me, I take it as a lesson about the dangers of dogmatic | following of rules and how such a system will inevitably provoke | people into work that have less than zero desired value. | Obviously, as 1984 and many other works remind us, the value is | in reinforcing the power of the system - but the official line of | the system is to say that's not the case. | | The reason government agencies are so fond of crushing people who | have the bad luck to become centered in their gaze is that they | know or suspect they are not clever enough to match wits with a | below-average four year old and they would never want that | possible fact to become public knowledge. | sunjester wrote: | I have 2 such FBI records and every time I do a background check | for a job they don't know what it's for and neither do I. I wish | there was a way I could find out if it was computer related or | not. | Hackergamer123 wrote: | causi wrote: | I had to have a sit-down with the school admins because I used | the "netsend" command to send the letter q, one time, to every PC | in the school. I thought it was just going to go to the computers | in the computer lab. | chheplo wrote: | He was able to tinker with a radio at age of 10, in 1940. I had | my first electronic at 19, in 2003, growing up in India. Today, | almost anyone in the world can have access to the latest tech | easily. Great minds were there and are everywhere in the world, | they just didn't have access to resources. Think how fast the | research monopoly of US is going to shrink. | HeyLaughingBoy wrote: | Growing up in a Third-World country, I was tinkering with | electronics at age 10 and built my first crystal radio at age | 11 from junk parts. Dumpster-diving isn't hard as long as you | don't mind the occasional dead dog. | jacquesm wrote: | Apart from the dead dogs my experience in a first world | country was quite similar. But for some reason I'm more | impressed with you, probably because here in NL electronics | were relatively easy to come by because people were throwing | away older generating electronics with great regularity to | buy something newer. | | Whereas I would expect that in the 3rd world by the time you | got your fingers on it it must have been technically beyond | salvage. | | Crystal radios are neat! | HeyLaughingBoy wrote: | Thank you. I found the same to be true, though. Most people | don't know how to repair radios, or don't know anyone who | can do it, so if it's anything more complex than a broken | wire, it ended up in the trash. At least the cheap, | handheld transistor radios did. Happily, everything was | through-hole in the 70's so parts were easy to remove :-) | jacquesm wrote: | Yes, thank god for through hole parts, otherwise I don't | think I ever would have made it this far. VLSI is killing | poor kids' ability to get started with electronics. | | What did you do your soldering with? | | My first soldering iron(s) were simply screwdrivers in | the stove :) | | I even recycled the solder but it took a while to | understand that you need flux as well as solder to make a | good joint. | HeyLaughingBoy wrote: | I don't think heating up a screwdriver ever occurred to | me! | | My first soldering iron was huge! I don't remember who | gave it to me, but it was clearly not for electronics. It | had a small wooden handle and a tip that looked like a | large, bent flathead screwdriver. It could remove parts, | but not much else. Ha! gotta love google. It looked | something like this: https://www.amazon.com/Soldering- | Handle-Chisel-Point-Copper/... | | Thinking back, my grandfather was a carpenter and left a | shop full of tools when he died, so it's possible that it | used to be his. | | I remember asking for a real soldering iron as a | Christmas or birthday present and getting a low-wattage | one since they didn't cost that much. Until then, | everything was held together by wrapping wire onto leads. | | The strange thing is that I remember having a small | soldering iron, but I don't remember ever having actual | solder. | jacquesm wrote: | Interesting thread this. You made me re-live a whole | bunch of my past and I noticed something funny (or at | least, I think it is funny): to this day I can't help | myself, when I walk by a dumpster or the garbage before | it is picked up I am _still_ scanning for TVs, tape | recorders etc. It 's so automatic that if not for this | thread I would not have caught on to what that was all | about, it's simply a habit. | | And I still can't stand waste. | | One day we will look back to this age and wonder: how on | earth could we have been so wasteful that perfectly good | stuff ended up in a landfill. | | That soldering iron of yours looks like the perfect tool | for some SMD work. | | I recall those in the hands of stained glass workers, | either that or gas heated ones. | | My first upgrade from a screwdriver looked like this: | | https://i.ebayimg.com/images/g/pEUAAOSw621hLQqd/s-l1600.j | pg | | Which actually worked well enough for tube based | electronics, (not even hole through, just built up in the | air on metal frames). And it held the heat a lot longer | than the screwdrivers, which tended to carbonize after a | while. | dhosek wrote: | A lot of functional electronics end up in third world | countries as "e-waste." Never underestimate the | wastefulness of American consumers. | amatecha wrote: | I've found entire, functional computers thrown out. My first | web server was a 386 built from dumpster-dived parts, quickly | upgraded to a 486 as I found new stuff. I still have those | computers, too. It's amazing how wasteful people are with | tech. People, please don't throw out working computers if you | can avoid it. Take them to a thrift shop or a specialized | place that will fix them up and sell them, like Free Geek. | Post an ad on Craigslist "free" section. | bitwize wrote: | A year and a half ago, I found an entire HP Elite 8300 | standing by the dumpster in the rain. It was only missing a | hard disk (likely removed to be shredded). | | I brought it in, checked it for rust or damage, let it dry | for several days, and ordered a hard drive for it. It runs | fine, and I use it as a repo/build server. | HeyLaughingBoy wrote: | Nice. I have an SGI Indigo that I will probably never be | able to use again because I forgot its login credentials | years ago. And I think the monitor was proprietary to SGI | and I tossed because it took up too much room. | | Then again, I could probably find a downloadable OS for | it somewhere online. | daveslash wrote: | Previous Discussion: | https://news.ycombinator.com/item?id=14229412 | torpid wrote: | My FBI file was for hacking into my school district's AS/400 that | handled my school's attendance and grading system. Somehow using | a public IP address with no access restrictions allowed a clear | telnet path in from home. Compounding username and passwords that | were all the same for every employee. I didn't change a thing, | just LOLed and told someone. Bad mistake. This was the late 90s. | | Oh well, 2 week suspension and kicked off the computers for less | than a year. A nice conference with FBI, police, my parents, IT | and school administration. Fun times. | | I learned my lesson to not talk about such things because their | egoes were too fragile. | | When they decided to give students in their website design class | ftp accounts on the district wide web/email server running an | ancient version of Debian, they didn't disable the shell, just | added a login script to a menu for pine, etc. for people who | telnetted in, which I'm sure the sysadmin was proud of. However, | a few fast CTRL-C's broke out of his script menu loop and got me | a shell, and they didn't shadow protect their password files. Ran | it through john the ripper and had half the district's e-mail | passwords in a default dictionary file including the root pw in a | few minutes. LOLed and never told anyone about that. | | Good times, the 90s.... | technothrasher wrote: | > I learned my lesson to not talk about such things because | their egoes were too fragile. | | At my university in the early 90s I went the white hat route | and had tons of fun. I managed to convince the computing center | folks to give me a student job in the Unix group, and _then_ | spent the next three years hacking their systems and getting a | pat on the back when I did it. | namrog84 wrote: | > I learned my lesson to not talk about such things | | I like how you shared how you learned lesson to not share | mischievous activities with people in the same post you then go | and share more things you haven't been caught for. | | This is going on your permanent school record! /s | | That's great. I know even as of recent of 2021 I've seen some | places that had 0 security on things. | dylan604 wrote: | another thing probably learned is statute of limitations! | JumpCrisscross wrote: | > _I like how you shared how you learned lesson to not share | mischievous activities with people in the same post you then | go and share more things you haven 't been caught for_ | | American public schools are quite adept at teaching distrust | in authority, particularly in bureaucrats. That doesn't mean | distrust in everybody. | Tr3nton wrote: | HelloFellowDevs wrote: | I think the example is in the great grand parent comment | | > Oh well, 2 week suspension and kicked off the computers | for less than a year. A nice conference with FBI, police, | my parents, IT and school administration. Fun times. | | Something that most would believe as non-malicious and | just for the lolz received a (what I personally think is) | heavy punishment. So as a kid you learn to just keep that | to yourself because you don't know if you'll get a "oh | thanks for telling us" or a "you're expelled". Its not | explicitly said to distrust but you learn from | experience. | anikan_vader wrote: | > American public schools are quite adept at teaching | distrust in authority, particularly in bureaucrats. | | It's an important lesson to teach kids while they're young! | Strange, though, how you never see it on the formal | curriculum. | pixiemaster wrote: | it's a hidden lesson, only for privileged kids. | 908B64B197 wrote: | How is that a lesson for privileged kids only? | [deleted] | _-david-_ wrote: | The American public school system likes to teach that they | are an authority that should be trusted. | littlestymaar wrote: | That must be reverse psychology. /s | bitwize wrote: | cgriswald wrote: | I think this is especially prevalent in schools. You'll see | things like this even for things that aren't related to | computers. When I was a kid, drugs in your locker were your | drugs, even though breaking into the lockers was trivial and | stashing drugs in other people's lockers was the way business | was done. | | I wouldn't have told the school of a theft I witnessed even | if I knew there were cameras recording the entire thing. | You're guilty unless you can prove someone else was more | guilty and they're not really concerned about the truth of | the matter so they're not trying to help you. | dheera wrote: | > I didn't change a thing, just LOLed and told someone | | > Oh well, 2 week suspension | | God damn, these idiot school people have no fucking clue that | someone who points out a security flaw to you _without_ | inflicting any harm is actually doing something good, and that | behavior should be _encouraged_ and _rewarded_. | gojomo wrote: | BRB, preparing my YC S22 application: "BugBakeSale" | | "We're bug bounties for America's school districts: HackerOne | for the K12 market. The product is free if you let our | corporate partners, who also fund the bounties, recruit the | winners." | loup-vaillant wrote: | Seriously, they would have deserved that the school | mysteriously becomes littered with printed (or typed) sheets of | paper explaining how to access the system and change everyone's | grade. | | If it were me, for the second time I would have considered | adding a file to everyone's FTP account (including the admins & | professors themselves) explaining how they too can escalate to | root. | BLKNSLVR wrote: | > because their egoes were too fragile | | If anyone else reading can learn vicariously, this line is | almost universally true and manifests itself in a multitude of | ways. | andai wrote: | When I was 11 or 12 we had a bunch of old Windows (2000?) boxes | with a shared network folder -- all the students' files were in | the same folder. I had just learned about basic batch file | "programming" so I made one called Change Your Grades Click | Here!!.bat which asked for your username and password (we had | individual accounts on the Mac computers) and saved them to a | hidden text file in the same folder. Most people didn't fall | for it, but I got one girl's login that actually worked, which | scared the shit out of me, and I deleted the program. (I really | wanted to tell her that "emma" is not a good password, but I | thought it wouldn't turn out well for me.) | | A few years later, I cracked the admin password (with a | Ophcrack live USB) for a silly reason: they had the machines | mostly locked down, and I wanted to change the desktop | background hahah. I remember being quite disappointed in the | sysadmins that the admin password for all the machines in | school was a common dictionary word, cracked in 30 seconds. | | Oh, once I met a guy who identified as a "hacker" (in the sense | of breaking into systems illegally) and he told me (then a | young teen) to "have my fun" before I turned 18 and then to | stop, which in retrospect was very good advice. | vagrantJin wrote: | > I got one girl's login that actually worked, which scared | the shit out of me, and I deleted the program. (I really | wanted to tell her that "emma" is not a good password, but I | thought it wouldn't turn out well for me. | | With all due respect for HN policy of nuanced, Intelligent | debate. | | "Wimp" | rootsudo wrote: | Ah yes, grabbing the SAM file. That's still a valid attack | vector if local admin password rotation isn't in play. | lokimedes wrote: | I had sysadmin rights on my school's Windows servers after some | very simple social engineering (for a 10 year old). The real | irony was that I was called to the principal's office on | multiple occasions because I seemed to be able to fix things on | the network that the local "admin" (e.g. music teacher) | couldn't. Fun times indeed. | | It completely ruined my respect for authority figures. Which in | retrospect has been the most valuable outcome from being the | local "that kid from Wargames" | jpmoral wrote: | >It completely ruined my respect for authority figures. | | It looks like they realised they were out of their depth and | found someone who could help. Were they wrong to trust you? | RotaryTelephone wrote: | Had a similar problem with feeling betrayed by authority | figures when I was called in to be questioned about a hacking | incident while in middle school just because I was good at VB | in programming glass. Can really ruin a kid's confidence for | years to come in case anyone in such position is reading this | now. | 908B64B197 wrote: | > It completely ruined my respect for authority figures. | | It sounds like they were right to trust you? Doesn't sound | like you ever did anything bad with admin credentials. And | you even used it to fix stuff. | Teknoman117 wrote: | I was in high school from 2007 to 2011. Half of it in rural | Alabama, the other half in the Bay. | | Even being in the tech capital of the world, the school | administration's views on technology and information access | were so backwards. Our school basically didn't allow | accessing any websites that weren't on some allowlist. | Teachers had accounts to bypass the content filter. | | We had a game design class that happened after school. | Usually that period was reserved for making up classes you | failed, but ROP courses that didn't align with the district's | curriculum goals were taught as well. | | Needless to say, pretty much every resource we needed was | blocked. So the teacher would give out his content filter | bypass credentials, because the school wouldn't entertain any | exceptions to students not being allowed to have them even | though they knew there were classes on campus that would have | tremendous difficulty. A couple of times a student would leak | the credentials to others on campus and it'd take all of 5 | minutes to get to everyone on campus via social media. | | They'd always treat everyone who knew the bypass accounts as | "guilty unless proven otherwise". I ended up in detention a | few times for even knowing it. Parents complained to the | school a bunch, school just always blanket said "bypassing | the content filter as a student is against policy for any | reason. No exceptions." | | Makes me think back to 1st grade in 1999 when I was first | given internet access and being told not to use Google | because "it wasn't safe". Couldn't have been that bad because | it took another half decade for me to inadvertently end up on | the "adult" part of the internet. | rootsudo wrote: | Public network shares, cain&abel, learning about NTLM | downgrading and well, these were the days when Wifi was "new" | and wireless B and G was considered wow, 54mbps. | | Back then, everything really felt like magic. | | Old netsend trick, pre windows xp SP2. | | There were enough stories at this time online that I knew it | was best to say nothing. Did nothing bad, just explored, | learned quite a few things and well was surprised how really | easy it was to do things. | | Nowadays, I feel kids won't/don't get that chance to explore | - which is sad. Internet is curated through apps and | "enagement" user experience and cloud services/SAAS. | | Maybe they can spot a lifetime link to a google sheets master | password document. ;) | partiallypro wrote: | I had two friends that did similar in the early 2000s, except | that while the school knew there was a breach, they never | caught who did it. Had all student social security numbers, | grades, attendance, etc pulled into a thumb drive on the school | network. I imagine this happened a lot around various school | districts, especially in that time when school networks were | less secure. | twox2 wrote: | Good times indeed. I got into similar mischief, but my school | didn't really mind. I got a slap on the wrist, because they | were to prestigious to court negative attention. Then I got | into similar shit in college. I reported it and got lucky | again. The guy in charge of their cybersecurity program invited | me to take his class which was all master's students and phd | candidates as a freshman. I would have bombed as it was all | over my head cryptography/math, but at the time I did some | extracurricular research that got me a passing grade. | empressplay wrote: | Late 80s and my junior high school computerized attendance | reporting (and some grades) through shared documents on a | 'teacher' Appletalk share I had access to (because I set it | up!) Well now... ;) Honestly though I never did any of that | sort of thing for profit, I managed to satisfy my needs selling | disks with games on them and then turning a blind eye when | people were playing them during class hours (I was basically | used as a free labour resource by the school so I don't feel | bad about that in the slightest.) Ah, the things we did when we | were teenagers... | avgDev wrote: | This reminds of a Costco bug I discovered, it appears that they | fixed it lol. | | So, Costco runs AS/400 in stores, and their online store is in | .Net MVC. I worked with both technologies and often have to | communicate with AS/400 devs and they are close to their | retirement so little fucks are given. Plus, working with DB2 is | annoying in general, the .NET data provider from IBM is | expensive and sucks. | | Now onto the bug, when you purchased items online at a | discount, you were able to return to store at a full price as | their systems were not communicating that a discount was | applied. I returned several items, but did not realize until I | bought a laptop that was $400 off and tried returning it. I | ended up calling Costco and letting them know. Unfortunately, | they didn't give me any lifetime membership or a good citizen | award. | | If any Costco devs read this and know about this send me some | love. | windexh8er wrote: | Costco still has issues of resolving discounts on a return. I | won't state the bug explicitly but I had a conversation with | them about how they refunded me a significant amount I never | paid on a large purchase and showed them the delta via | receipts. Local management was appreciative but didn't seem | to have an idea of how to proceed to make things right. | Ultimately they said my account would be flagged as owing the | difference so the next time I shopped I would be charged for | the incorrect refund. The problem is that that didn't work | either and I don't shop there often. I tried to do the right | thing but ultimately it ends up being their responsibility to | handle it when the customer is standing right in front of | them showing their loss of revenue. | giantg2 wrote: | "I tried to do the right thing but ultimately it ends up | being their responsibility to handle it when the customer | is standing right in front of them showing their loss of | revenue." | | I bought some lions mane mushrooms from a grocery store, | which cost $10-12 per lbs. The cashier rang them up as | "regular" (button) mushrooms at $2 per lbs. I pointed out | the mistake and she tried to correct it but chose the | button mushroom again. I brought it up a second time and | she selected a different incorrect mushroom at a slight | increase ($4/lb?). At that point, I gave up. She's the one | ringing it up. I tried. | mleonhard wrote: | I met someone many years ago who bragged that they did this | with sales tax. They purchased expensive items at Costco in | Oregon, paying 0% sales tax, and then returned those items in | Washington and received a full refund plus 10% sales tax. | This was the first time I met a person who appeared normal | but lacked social mores against fraud. | beepbooptheory wrote: | Honestly that person sounds cool and if they aren't normal | then I haven't met a normal person in my whole life. | Zenst wrote: | > I learned my lesson to not talk about such things because | their egoes were too fragile. | | Yip, ego's and people talk are the downfall of many an innocent | `self-education` in the area of IT security. | | Post 80's and laws started to change, prior, in the UK it was | theft of electricity being the only way to nail some people. | Crazy fun times. | | Though I do miss the old phone system per-say, outdials, | wardialing, things like that, was common with many and just | seemed more mysterious as you could only learn thru word of | mouth or self-education as no books or internets and BBS's were | not as cheap in the UK or common as we never had the official | free local calls aspect as you fine folks had in the US. | | Do recall a chap getting kicked out of college for doing | something I'd done previously, just that he had a bigger ego | and not as delicate with the power to steal the admin password. | Which involved an ICL George 3 OS mainframe in the times of | very large disc platters and admin console journaling that had | no encryption. so they rotated discs without adding extra wear | of zeroing the previous content, only the file table so you | could end up with a user disc platter that had formally been | used as a admin console jounal reposatory and could create | files without zeroing and dump the previous contents of the | disc of that way...which eventually got you the admin password. | | Do recall few instances of work related cases in which I needed | to do things so, kinda hacked what I needed (resourcefulness) | like upon a DPS7 Honeywell mini computer in which needed the | admin password to do something and nobody had it at hand at | that time of night and the passowrds were kept in a file that | was encrypted so I worked out the encryption key by looking at | the file as was poor encryption and text files have lots of | spaces so saw a pattern with the word OPERA in and tried and | tada, got what I needed. The spooked admin next day wondered | how I did it so I told him fully, he then went and redid the | encryption and challenged me to see if that was secure, I | looked at the encrypted file and kinda worked out by the | patterning that it had been encrypted twice....yes with the | same password OPERA only encrypted with that and then encrypted | again with the same. Educational for all back then. Today, not | as easy to do that, but still a great story of times of old. | | My ego prevents anything else and was an ethical hacker and the | 90's was an era in which, we white hats would and was the | internet security, bringing down pedo's and bad actors like | that that frequented some platforms with ease (looking at you | AOL). So whilst illegal per-say, was case of no real official | policing of such things as we do today. | | But darn, some things learned and worked out, well zero day | exploits back then were not as financially economical as they | are today and heck, and some never really appreciated how long | they would stay obscured from the wild. | | I also liked hardware back then, was also fun and many a hidden | switch to get a feature you would normally pay silly money for | some engineer to `install` though was just some hidden switch | was not that uncommon. Heck even today you get kit that is same | inside with a model up just adding some small thing and example | would be some Fluke multimeters that you effectively pay | hundred for a small capacitor and another digit on the outer | shell, is a good example current today. | | Fun times indeed, but darn, goalposts always moving. | fnord77 wrote: | just curious - has this ever shown up on employer background | checks? | 0xbadcafebee wrote: | I was punished three times for computer curiosity before I | learned my lesson. No good deed goes unpunished, especially | when it makes somebody powerful look bad. | stank345 wrote: | > they didn't shadow protect their password files | | Could you please explain what this means? Googling didn't | reveal much. | pmw wrote: | https://en.wikipedia.org/wiki/Passwd#Shadow_file | jll29 wrote: | The UNIX family of operating system (Unices) historically | stored passwords in /etc/passwd, which was readable (but | passwords were soon hashed, i.e. passed through a one-way | function to obfuscate them). | | Eventually, shadow passwords were introduced to have the | passwords themselves stored in another place with stricter | access rights (readable only by the sysadmin or their group), | so even the hashed versions were inaccessible to normal | souls, whereas other information traditionally kept in | /etc/passwd - e.g. the user's full name - could and can still | be retrieved from that file by making it widely readable - | just without the passwords, which were moved to the | "shadows". | | See also https://en.wikipedia.org/wiki/Passwd, section | "Shadow file" for more details. | lr1970 wrote: | > Could you please explain what this means? Googling didn't | reveal much. | | An classic UNIX /etc/passwd file is readable by all local | users and in the past used to contain the password hashes. | One can download these hashes and crack the passwords | offline. At some point the problem was recognized and | password hashes were moved to special /etc/shadow file which | is accessible only to root and members of shadow group making | /etc/passwd useless for extracting passwords. | hermitdev wrote: | I was in junior high early 90s when I got into trouble with my | school's networks. Setup was Novell Netware, DOS 6.x. I was | never a Netware expert by any means, but by that time I'd been | using DOS at home for quite a number of years and knew my way | around pretty well. Anyways, the network crashed. I got accused | of causing the crash because a teacher had seen me with "a | black screen open", aka a DOS prompt. Our Netware setup didn't | allow for direct DOS access; we had a limited set of DOS apps | from a menu we could run. Well, among those apps was | WordPerfect for DOS. There was some function key combo that'd | suspend WordPerfect and dump you at a DOS command prompt (I | forget the key combo, but we all had those keyboard templates | at the time that listed out the various commands helpfully, | right in front of you, at school, even!). | | Well, being at a DOS prompt was enough circumstantial evidence | for me to get suspended for a week (no FBI record, AFAIK). My | parents, despite being strict, were also fair and asked me | point blank, "Did you have anything to do with what you're | being accused of?". Told them no, I was just at a DOS prompt | (probably to play either nibbles or gorillas - those classic | BASIC games). To their credit, their opinion was if I was going | to serve the time, I might as well know how to do the crime | (know, not actually _do_ ). I had already been tagging along to | continuing education computer classes my mom was attending, but | my parents started buying me more and more computer books. It | got me started down the programming path. I'd already been | pretty friendly with our sysadmin at school and he knew I had | nothing to do with what happened and hadn't accused me, but the | school needed a scape goat, and I was it. He felt bad for me | and choose to help me out with my learning, too, instead of | continuing the punishment. He gave me a copy of the software he | used for after hours remote access over direct dialup. Think it | was called Carbon Copy? It was basically just telnet over | dialup that allowed me direct access to _his_ PC on the network | after hours before I even knew what telnet was. So, I 'd | connect after dinner and play around for hours as network | admin. It wasn't multiprocessed, so I had to be patient. | Typically when I'd log in, he was running a nightly backup | manually that he'd kick off before he left for the night. I | just had to wait for it to complete, then I could do whatever I | wanted. I had full access to the grading/attendance system. I | could message teachers as other teachers, etc. I could have | granted admin access to anyone, but I was smart enough to never | touch my own account, instead, created fake admin users and | used those, instead. I'd hide files in plain sight using the | ALT+255 trick to embed a nonprintable character in | file/directory names. You could see them, you just couldn't | directly access them without renaming them for most programs. | Fun times. I never did anything destructive, though I could | have easily. | | Security in the 90s was a joke. They were good times, indeed :) | | I continued my shenanigans into college. College was my first | encounter with Windows NT networks & l0phtcrack. I remember one | night, walking into my dorm room with the SAM file from a lab | PC on a floppy. I popped it into my own PC, started cracking | the passwords, expecting it to run all night. As I got up from | my PC to head down for dinner, I was surprised to see that I'd | already cracked the administrator password. It was just a 5 | character password that was the building code & room number for | campus IT. I already knew better than to do anything from my | own PC, only ever worked from different lab PCs in different | buildings and under assumed accounts. Never reported anything, | either, for fear of reprisal. | [deleted] | ada1981 wrote: | Anyone else hear Dick Tracey's voice for the "They are your son's | alright" part? | tester756 wrote: | >After we left the form by her front door her parents somehow | figured out who had done that and, when Bobby's and my parents | learned of this stunt they decreed that we would no longer play | together. We followed that guidance for over 40 years. | | oh | errcorrectcode wrote: | So my database course used a proprietary database hosted on- | campus with IP ACLs. I setup a proxy on the campus cluster and | mirrored 90% of it before the lecturer turned it off. I don't | understand why they would even look, much less care, about | policing closed-source documentation like the Stasi. If it | happened these days, it would've been an Aaron Swartz situation. | xtracto wrote: | > This was just after local citizens of Japanese descent had been | rounded up and taken away to concentration camps, though I was | not aware of that at the time. | | Now that was a piece of history I had never herd about: | | https://www.britannica.com/event/Japanese-American-internmen... | | Apparently Mexican concentration camps were not the US first | throw at it. | phendrenad2 wrote: | I'm sure more than half of HN has an FBI profile. I know that | from an early age I would do internet searches for everything and | anything I found fascinating, including hacking, piracy, | anonymous proxies, nuclear energy, wilderness survival, firearms, | communism, cults, wikileaks, snowden, assange, and a multitude of | conspiracy theories. | | I grew up fine and have never broken the law. But I sometimes | wonder if some computer system or agency sees me differently, | just based on keywords. | buserror wrote: | I had the french secret service come and interrogate me in ~88 | (bad cop/good cop) because I had doctored a RS232 cable to be | NULL modem, to be able to connect to the X25 "transpac" network | using a terminal. I was 'drafted' in the army back then, | basically unpaid slave labour, and I was risking 40+ days in | prison for sabotage. I 'escaped' due to a coupe of forward | thinking officers who didn't think that was a way to handle a | smart 18yo kid. | AlexanderTheGr8 wrote: | Can you imagine what will happen when measuring pupil dilation | goes mainstream? Any authoritarian govt will be able to measure | your _true_ intentions. There is no way to hide your pupil | dilation. | | For example, if you are browsing twitter and see a post of your | country "liberating" its enemies. If your pupils and pulse | indicate that you don't approve of your country's actions, | suddenly you will lose some rights as a citizen. Maybe your house | gets raided for "suspicion of terrorism" | | With AR/VR devices about to go mainstream, this is very possible. | | Any thoughts? | bcopa wrote: | King | c0nsumer wrote: | Be sure to read the follow-up | (https://web.stanford.edu/~learnest/cyclops/bash1.htm) about the | challenges the author faced in trying to help move forward a | reasonably safe standard for bicycle helmets. | dahart wrote: | Yeah, came to say the same. The multi-part saga of helmet | safety is fascinating history, and enlightening to hear the | story of the people who were fighting this fight for so long. | I'm bookmarking this! ___________________________________________________________________ (page generated 2022-01-28 23:00 UTC)