1. Explain how the meaning of the word “hacker” changed between the 1950s and th
ID: 3697345 • Letter: 1
Question
1. Explain how the meaning of the word “hacker” changed between the 1950s and the 1990s
2.Briefly relate the story of the Firesheep extension to the Firefox browser. What capability did Firesheep provide its users? What happened after Firesheep was released? Was Eric Butler wrong to release Firesheep to the public?
3.Explain the similarities and differences between computer viruses and computer worms.
4. What is a cyber attack? Give two examples of politically motivated cyber attacks since 2007.
Explanation / Answer
1. Explain how the meaning of the word “hacker” changed between the 1950s and the 1990s
90s hackers" or "new hackers," as opposed to old hackers, who are hackers (old sense of the term) from the 50s who subscribed to the original Hacker Ethic.
New 90s hackers are not unethical. They are not unaware of the original Hacker Ethic. They have their own ethical system which combines elements of the old 50s Hacker Ethic with some new innovations (the new hacker ethic.) The fact that ethics are important to these hackers is suggested by the fact that they anethematize "crackers" and "dark side" hackers for transgressions which violate the spirit of their ethics.
There are four interesting areas of investigation for looking into the changes between the old and new Hacker Ethic. Measurement of changes in computer technology, social indicators, computer industry practices, and generational demographics might provide variables which covary with, and possibly even explain, the changes in this ideological system.
Some new hackers do repudiate the original Hacker Ethic or the possibility of having an ethic at all. It would be interesting to find out what aspects of their profiles (age, background, experience, gender, social class, etc.) correlate with whether or not they repudiate it and why. There should be some way to predict whether or not a hacker is likely to embrace the ethic, and how much they fidelity to it they will demonstrate.
The (old and new) Hacker Ethic is not totally idiosyncratic. Elements of it are similar to principles advocated by American culture and its "democratic" constitutional and informal ideals; the ethical codes of professional organizations such as academics, doctors, and lawyers; the ethical systems of "underground" and marginalized groups such as addicts, prostitutes, homeless people, etc.; and traditional ethical precepts of philosophy (such as the Golden Rule or Kantian categorical imperative.) Hackers are not alone in wanting privacy, knowledge, or community.
The similarity between the old and new hacker ethics suggest that the new hackers did not emerge out of a distinct "tradition" from the old hackers. Ethical continuity suggests some demographic continuity. The 50s and 90s hackers may not be all that different, despite the fact that the 50s hackers consider the 90s hackers to be less deserving of the mantle of the term "hacker."
2.Briefly relate the story of the Firesheep extension to the Firefox browser. What capability did Firesheep provide its users? What happened after Firesheep was released? Was Eric Butler wrong to release Firesheep to the public?
Firesheep is an extension for the Firefox web browser that uses a packet sniffer to intercept unencrypted cookies from websites such as Facebook and Twitter. As cookies are transmitted over networks, packet sniffing is used to discover identities on a sidebardisplayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on the victim's .
Firesheep is a Mozilla Firefox extension that uses packet sniffing to hijack unsecured Wi-Fi network sessions and capture unencrypted website cookies during network data transmission.
Firesheep was created by software developer Eric Butler and released in 2010 to the security risks associated with a number of popular websites, including Facebook and Twitter. The software served to highlight a major Web browsing security flaw that could expose users to malicious hackers. Of course, its capabilities were also useful to hackers, leading to some public concern about the software.
Most websites require user credentials, such as username and password, for authentication. After verification, website servers respond with unencrypted cookies for subsequent browser requests, which enables easy hijacking - especially in open Wi-Fi hot spot locations.
Firesheep essentially analyzed unencrypted Web traffic between a Wi-Fi router and the computers on the same network. As a Web browser exchanges cookie information with a website, Firesheep is able to snag session cookies, which could provide unrestricted access to a user's email, Facebook or Amazon account.
Although many websites have since switched to SSL connections, public Wi-Fi still presents security risks to users. Best practices should be used.
3.Explain the similarities and differences between computer viruses and computer worms.
A virus is software that attaches itself to other software. It then finds more software to replicate.
Many also use things like email to propagate. In and of them selves they have no propagation methods other then infecting other programs.
A worm is software that usually targets vulnerable systems. Often this is done via web servers. They then infect software, sometimes attach to other software (they are then said to have virus capabilities), and infect the targeted system. Then system then attacks other hosts to continue the cycle.
Both are generally malicious software (many older virii were writing not as attacks, but as things like jokes).
Bother infect systems. But other then this their attack vectors differ greatly.
Virus
Requires user interaction.
Propagates slower than worms, because of the need for human interaction.
Primarily attack workstations, as users must be on the console machine to initiate the virus infection.
Are not the primary mechanism of attack of hackers.
Can be caught via the user of antivirus software.
Do not leverage vulnerabilities; they mostly rely on end users making un-intelligent decisions (like opening an attachment from an unknown person).
Are single parted in nature - meaning they tend to infect using one mechanism and then infect subsequent machines using the same mechanism.
Worm
Do not require any interaction.
Propagate quickly, because there is no need for human interaction.
Can attack any unpatched machine that is on the network - both servers and workstations.
Are a hacker’s best friend.
Cannot be easily detected by antivirus software.
Require the presence of a security vulnerability on the machine to compromise it.
May obtain confidential data from that machine (like usernames and passwords).
4. What is a cyber attack? Give two examples of politically motivated cyber attacks since 2007.
A cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyberattacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.
Cyberattacks on Estonia are a series of cyber attacks that began 27 April 2007 and swamped websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn. Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacementsincluding that of the Estonian Reform Party website also occurred.
Some observers reckoned that the onslaught on Estonia was of a sophistication not seen before. The case is studied intensively by many countries and military planners as, at the time it occurred, it may have been the second-largest instance of state-sponsored cyberwarfare, following Titan Rain.
Estonian Foreign Minister Urmas Paet accused the Kremlin of direct involvement in the cyberattacks. On 6 September 2007 Estonia's defense minister admitted he had no evidence linking cyber attacks to Russian authorities. "Of course, at the moment, I cannot state for certain that the cyber attacks were managed by the Kremlin, or other Russian government agencies," Jaak Aaviksoo said in interview on Estonian's Kanal 2 TV channel. Aaviksoo compared the cyber attacks with the blockade of Estonia's Embassy in Moscow. "Again, it is not possible to say without doubt that orders (for the blockade) came from the Kremlin, or that, indeed, a wish was expressed for such a thing there," said Aaviksoo. Russia called accusations of its involvement "unfounded," and neither NATO nor European Commission experts were able to find any proof of official Russian government participation.
As of January 2008, one ethnic-Russian Estonian national has been charged and convicted.
During a panel discussion on cyber warfare, Sergei Markov of the Russian State Duma has stated his unnamed aide was responsible in orchestrating the cyber attacks. Markov alleged the aide acted on his own while residing in an unrecognised republic of the former Soviet Union, possibly Transnistria. On 10 March 2009 Konstantin Goloskokov, a "commissar" of the Kremlin-backed youth group Nashi, has claimed responsibility for the attack. Experts are critical of these varying claims of responsibility
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.