Wednesday, April 30, 2014
Last Social Engineering task
My last social engineering task was to get two landlines numbers from a couple of our fellow players or a couple of home address. For this task I wanted to use most common resources available online that reverse name or phone number lookup. I have two home addresses and I think I could get more but I need to do verification of the other address. As far as the phone numbers go, I was able to find landlines that might not belong to any of the players but according to my resources thy might belong to someone close to them such parents or relatives. Without even looking for any of the follow information I was able to find: Facebook profiles with pictures of a few players, some YouTube videos, LinkedIn profiles and some other information about the players that would come up by googling their name and connecting dots, example: a scholarship (very nice). I even know what high school he graduated from, etc. I would not call this one a fail, I would call it an incomplete as THERE IS SO MUCH MORE-information that can be found in the internet.
Tuesday, April 29, 2014
Ethics stuff (last one!)
Revise your post. Pay special attention to two things:
-specifics. What do you believe? What are your values? Some of you did this, but not all.
-the ever-present question, "Why?" So, once you take care of the specifics, you've staked your claim on what you think the is right thing to do with your hacking powers--what your moral responsibility is. Now, why is that the case? Why is that the right thing to do?
Submit this by 2:00 PM on Tuesday one week from today--essentially, right before our next (and final) class.
IF YOU WANT, see an earlier post for the extra credit portion for ethics. If you need the Right and Wrong handout (necessary for the extra credit project), email me and ask.
Don't forget! We have a special ethical hacker guest coming next week to do a Q&A with you. Please prepare good questions for him!
-specifics. What do you believe? What are your values? Some of you did this, but not all.
-the ever-present question, "Why?" So, once you take care of the specifics, you've staked your claim on what you think the is right thing to do with your hacking powers--what your moral responsibility is. Now, why is that the case? Why is that the right thing to do?
Submit this by 2:00 PM on Tuesday one week from today--essentially, right before our next (and final) class.
IF YOU WANT, see an earlier post for the extra credit portion for ethics. If you need the Right and Wrong handout (necessary for the extra credit project), email me and ask.
Don't forget! We have a special ethical hacker guest coming next week to do a Q&A with you. Please prepare good questions for him!
Final Social engineering challenge
for my final challenge I came up with a list of names that included interns who were previously or corrently employed at my place of employment. I showed these names including Links to Facebook, Linkedin and other information that a hacker would be able to use. Prof L seen this list and said to make a post to reference it. In order to protect the confidentiality of these individuals whom have their information available I restrained from posting this information publcly.
Final Ethics Post-Power and Skills
What sorts
of moral responsibilities come with the hacking powers you have acquired this
semester? Be specific and precise!
When it
comes to the tools and skills learned in this course, the moral
responsibilities is to the betterment of a community as a whole. In regards to
ethical hacking, one must respect the laws that are in place when paid to
perform a penetration test for a company. Ethical hackers are employed as
penetration testers, network analysts and intrusion analysts. These individuals
have the skills and the knowledge that other have but the difference is they
work for a common good for the betterment of people or society. In contrast,
hackers and criminals work to take advantage of exploits and security issues in
order to cause monetary damage or earn financial gain.
“With great
power there must also come--great responsibility!”
What powers
have you acquired? What responsibilities do you take on with those
powers?
One thing
that reminds me of this quote is something I heard on one of my favorite shows.
While watching Bill Maher he stated that the “only thing that stops bad guys
with nukes is good guys with nukes.” This concept is applicable to someone who
owns a firearm. When you have power that can affect others in a negative or
positive way it takes great responsibility, good morals, practical ethical
standards and a cause for the greater good to sustain that power. Through the
skills taught in this course from the various aspects of ethical dilemmas and
the tools such as DDOS attacks, stealing data without leaving traces, social
engineering games and tasks, SQL and malware injection and other hacking tools;
it takes someone who has great morals and a common cause for the greater good
to harness these skills and put them to good use. Technology exists to make our
life easier and advance our way of living. It is not a means to spy on people
who are innocent, cause malice to others or businesses or other malicious
behavior. One example is my opinion is how Edward Snowden expose the NSA and
the various programs they had in place that were a direct violation of peoples
rights and the constitution. When someone is employed for a specific job they
take pride and passion in performing this duty, if the duty at hand does not
align with their morals then it is their decision to make a call and decide what
to do. I might make statements or reference things that seem extreme is some
cases but there is a reason why I choose to do so. We do not live in a perfect
world and everyone does not desire the same things. You have to expose the
truth no matter how unpopular or harsh it might be. It takes a good guy with a
gun (and balls) to stop a bad guy with a gun. Nine times out of ten, if the bad
guy knows there is a good guy with a gun it would prevent the crime from occurring.
The cause for a greater good should be the responsibility of a penetration
tester. Using the skills learned in this course to help prevent the next DDOS
attack, virus infection, or TJX exploit should be a part of your core
responsibilities.
Monday, April 28, 2014
Power!!!
Throughout
the semester, we have been exposed to an intense training on how to become ethical
hackers. With the support of our two great professors, the training was full of
both theory and practical sessions. What is an ethical hacker? By definition, an
ethical hacker is a computer and network expert who attacks a security system
on behalf of its owners, seeking vulnerabilities that a malicious hacker could
exploit. To test a security system, ethical hackers use the same methods as
their less principled counterparts, but report problems instead of taking
advantage of them. Ethical hacking is also known as penetration testing, intrusion
testing and red teaming. Today, as ethical hackers,
we are asked about the sorts of moral responsibilities that come with the hacking
powers we have acquired this semester. What powers have we acquired?
What responsibilities do we take on with those powers?
First
of all, let’s talk about those powers acquired. In this semester, we got to
understand two main part of the exercise, which are ethics and hacking
(technical). When talking hacking, we developed the skills of doing penetration
testing, brutal force attacks, network sniffing, password cracking, victim
exploitation, sql Injection, social engineering, DDOS Attacks (Distributed
Denial Of Services), etc. With these skills, we have the power of attacking, disabling,
stealing, change or destroying as well as defending information in networks and
systems infrastructures.
Secondary, the ethics part we acquired
a better understanding of topics with which the ethical hacker interacts.
Talking about property, a thing or things belonging to someone, an entity, or
an organization. Since the ethical hacker doesn’t own a systems or a network infrastructure,
he has no right to attack or still or destroy its information, unless the owner
(organization) asks him to do so. How would the owner ask an ethical hacker to do
a penetration testing or an sql injection, etc? There comes the term “contract”,
a written agreement or commitment, especially one concerning employment, sales,
or tenancy in which parties must sign, and which is intended to be enforceable
by law. So when a scope is defined and agreed upon by a client or an organization
and an ethical hacker, both parties are bound to this agreement or contract by
showing consents. Contracts have boundaries meaning that the hacking is not
supposed to do a task that doesn’t fall under the scope of the work, as well as
the client have towards him.
Finally, we learned about justice, which
means doing something just, or right, or fair. As an ethical hacker, I have the
power to do bad things but morally unless I’m permitted to do so, I wouldn’t do
them to anyone’s property. So my responsibilities are to keep my moral and
cultural values as I live in a society which has rules and regulations. Doing
something which will offence someone would make me feel bad.
N.Y
A Door We Must Choose Ourselves
A power indeed we have learned, for the dark side is as tasty as the light. Although not as epic as the powers Jedis hold, I have learned a great deal from this class. These skills that I have learned have opened many doors for me. These doors, however, are no longer simply labeled as good and bad, dark and light, but rather each of these doors hold a cautionary question: "Is this ethical?"
Throughout the class we learned how to hack. We learned how to search for vulnerabilities within a network, and exploit them. We learned that through old and possibly current systems, we are able to access the internal information not available to the public. In many cases, these actions are deemed illegal outside a virtual or closed environment. And to most, the combination of the words "hacking" and "illegal" induce an almost automatic response to labeling these actions as "bad" or unethical. But early in the class we realized that these lines are not as defined as we thought. We watched a documentary for class on Anonymous and their hacktivism. Through this film and our discussion, the class came to the understanding that laws regarding technology, just like all laws, can come under scrutiny and that its status as a law does not define it as unethical. We also ran through the scenario of being a penetration tester. We assume that since it is our job to test a system, and that we have a certain level of access to their information, that what we do is okay. But does this make it okay to sift through personal information that may be within the bounds of your contract as well? What if you realize that the company you work for runs a shady business in the side, but you are contractually obligated not to divulge any information found in the network. This is where our lines begin to blur, and where we began to paint our own lines. Because without this guideline, the task of determining what is right and what is wrong no longer default to the law, but instead it is determined by our own hands. This is our first responsibility: judging our own actions.
In class we learned how to collect packets that are sent over the network that are not necessarily meant for us. There are some arguments that suggest that these packets are free for the taking since they are in free air, and that the information in public space is public as well. But we can also liken this situation to playing catch, when we throw the ball to our friend, do we loose ownership of the ball? We ran through many similar situations regarding property, but what was apparent to me is that our current view on technological philosophy is ancient. This is our second responsibility, moving forward our philosophical views on technology.
Throughout the class we learned how to hack. We learned how to search for vulnerabilities within a network, and exploit them. We learned that through old and possibly current systems, we are able to access the internal information not available to the public. In many cases, these actions are deemed illegal outside a virtual or closed environment. And to most, the combination of the words "hacking" and "illegal" induce an almost automatic response to labeling these actions as "bad" or unethical. But early in the class we realized that these lines are not as defined as we thought. We watched a documentary for class on Anonymous and their hacktivism. Through this film and our discussion, the class came to the understanding that laws regarding technology, just like all laws, can come under scrutiny and that its status as a law does not define it as unethical. We also ran through the scenario of being a penetration tester. We assume that since it is our job to test a system, and that we have a certain level of access to their information, that what we do is okay. But does this make it okay to sift through personal information that may be within the bounds of your contract as well? What if you realize that the company you work for runs a shady business in the side, but you are contractually obligated not to divulge any information found in the network. This is where our lines begin to blur, and where we began to paint our own lines. Because without this guideline, the task of determining what is right and what is wrong no longer default to the law, but instead it is determined by our own hands. This is our first responsibility: judging our own actions.
In class we learned how to collect packets that are sent over the network that are not necessarily meant for us. There are some arguments that suggest that these packets are free for the taking since they are in free air, and that the information in public space is public as well. But we can also liken this situation to playing catch, when we throw the ball to our friend, do we loose ownership of the ball? We ran through many similar situations regarding property, but what was apparent to me is that our current view on technological philosophy is ancient. This is our second responsibility, moving forward our philosophical views on technology.
Final ethics post
The
power I feel with the hacking powers I’ve learned is to my friends, family, and
loved ones. I feel like I have a responsibility to let them know that these
things, such as SQL attacks and password crackers, and people who do these types
of things and more, are out there and they can cause major problems. I feel the
need to tell my loved ones that they need to be careful with the way they use
computers of any form. I’ve been continuously sharing with friends and family (especially
my parents) throughout this course about various things and how they can
protect themselves. That is my biggest thing. I don’t want people I know and
care about to get ripped off by thieves online. Any of the hacking powers I
have obtained, I have no intention of using, unless it is in a working manner
when I have permission to do so. Any social engineering I would do is just me
being me – being friendly. That’s just the type of person I am. I wouldn’t use
any information I gathered against people, that wouldn’t be right, and quite
frankly it is beneath my character.
New Technical Skills.
I have the moral responsibility to use my new technical skills responsibly. I try at least for the most part of my time being morally righteous as a person to the best of my abilities. Is kind of like being tough to drive a tank and to know that my new knowledge can only be use in a responsible and morally correct manner other ways the new skills can cause me and the people around me unnecessary problems. Is just like discussed before, having the ability to do something and knowing that you can get away with it doesn’t make it right when you do it. I have acquired more knowledge on how to analyze, secure, and pen test a computer network.
Ethical hacking power (revised)
Throughout the semester I have learned and experienced a lot of things. The labs were super helpful and easy to follow and do. Also the use of backtrack and other programs was a great addition to the learning experience as I now know of what threats I should be concerned with and how to prevent them if I ever think about setting up a private network. The "experience" part was the social engineering tasks. I thought it was an interesting and fun idea that we were given tasks to perform secretly, almost like a mini game. I'll admit some of the tasks put me out of my comfort zone but that was the whole point of it and it really was a unique experience in the end. I may not have acquired any hacking powers but the moral responsibilities we were taught feel more like a privilege than a power. For example, although we have the knowledge of how to use the various exploits in our labs, that does not mean we can use them to our advantage whenever we please. We were given the opportunity to study and figure out how to defend against such exploits and that to me is what's more important. I feel like the moral responsibilities that came with this class is to protect ourselves and others when it comes to network security. Sure we can use what we learned to exploit others, but that's not part of our future goals in life (I hope). We are here mainly to secure and defend.
Going back to the original Spider-man quote "with great power there must also come--great responsibility" there's a lot of truth to this that can relate to our ethical hacking class. For instance, the skills and lectures we have received over the last few months have given us the basic knowledge of how to use certain exploits as well as preventing them. By doing so we now have an opportunity to choose whether to use these skills to defend against exploits or to use it to your advantage. It doesn't matter if we are beginners or pros, we have now been granted a power that can be used for good or evil. I guess my moral values come from being who I am. Being the oldest brother out of my siblings, I was raised to care for them while becoming strong and mature so that I could protect them. So I became a sort of "Mr. Nice Guy." This also made me develop sort of a "white-knight" complex where if I see something wrong happening, I'd go out of my way to help them. So for me, it would feel like a sin not to use the knowledge I've gained from this class, especially knowing that I could be out there preventing viruses or exploits from affecting millions of people. Or even spreading the word so that others can know how to prevent them. I've been dealing with broken/corrupted computers and laptops from friends and family so much that I had to give them detailed instructions on what to do and what not to do in certain situations as well as getting a darn anti-virus. The internet is almost like a completely different world that's constantly changing and always being invaded. A place where even the weakest man can have power over the strong. A place to share anything or everything about your life including others, private or public. With so many holes and exploits popping up all the time, we now have the ability to somehow protect that world. It's not only limited to the internet though. Whether it's your own home network or a company with millions, what we learned from this class was invaluable and I for one am glad I was able to take part in it.
Last Ethics Assignment
What sorts of moral responsibilities come with the hacking powers you
have acquired this semester? Be specific and precise! What powers have
you acquired? What responsibilities do you take on with those powers?
The only powers I have acquired this semester is lying and tricking people into giving me information. To be honest, I don't consider them powers because people do them on a daily basis (unfortunately). Real powers would be powers people everyday wouldn't have like flying themselves up in the air, x-ray vision, super strength, transformation, and etc. Although, there are pros to lying and trickery in ethic hacking. As ethical hackers, we are responsible for knowing different types of tools and techniques to help prevent computer networks from being attacked. We are responsible for upholding contracts for different companies we work for. We should never use what we learn in ethic hacking in vein, only to help others.
The only powers I have acquired this semester is lying and tricking people into giving me information. To be honest, I don't consider them powers because people do them on a daily basis (unfortunately). Real powers would be powers people everyday wouldn't have like flying themselves up in the air, x-ray vision, super strength, transformation, and etc. Although, there are pros to lying and trickery in ethic hacking. As ethical hackers, we are responsible for knowing different types of tools and techniques to help prevent computer networks from being attacked. We are responsible for upholding contracts for different companies we work for. We should never use what we learn in ethic hacking in vein, only to help others.
Cyan on this R!!
·
What sorts of
moral responsibilities come with the hacking powers you have acquired this
semester? Be specific and precise!
·
What powers
have you acquired?
·
What
responsibilities do you take on with those powers?
For
starters, this class has been one of the better CIT classes I’ve taken since
I’ve been attending this college. I have learned quite a lot of very cool and
interesting things, especially the newfound hacking skills I have acquired. I
may not currently be sharp with using these skills, however with practice, I
can easily develop these skills (Something we’ve been doing the entire semester
with the SE skill).
Hacking
powers, these skills are wonderful to have. The power to penetrate high level
security systems and do recon on valuable data, which can use to get what you
want. Now, that brings up the question, is getting what you want using those
skills the right thing to do? Is it moral? Well, my answer to that is, OF
COURSE NOT! You can’t just go about taking stuff that does not belong to you. You
may have the bigger “balls”, but stealing is not considered morally acceptable.
I may know how to crack FTP usernames and passwords using brute force
techniques but I won’t be going around to people’s FTP servers and trying to
break into it to get whatever I want. I wasn’t given the permission to go into
their server, so I have no right and to be in there. Also, I have the knowledge
and skills necessary to socially engineer users into getting crucial
information from them about their company, which can put them at risk of
loosing their job. If I don’t have the job title of “Penetration Tester” for
their company and even if I was, and wasn’t given the authority to do it, then
I have to right to go around and socially engineer people until I know every dark
secret about them and the company: I can get into a lot of trouble if I did and
got caught. With these skills I’ve acquired this semester, I’m going to have to
be careful when, and how I use them and (if I do use them) use them for the
right purpose and not deface anyone’s property.
Although
I have attained a lot of power, I have not completely mastered all of the
hacking techniques I have learned. The only skill that I believe I have
developed a lot is my social engineering skills. At the start of the semester,
I didn’t think I would have survived doing the social engineering tasks but as
I got more into doing it, it became easy and fun.
"With
great power there must also come--great responsibility!"
I
take all responsibilities on these powers. It is my duty to realize that these
powers are for the betterment of me and everyone around me, not to hurt and
destroy. Although, I argued that justice is used by the powerful to control
those that are weak, I will try to be just in my decisions and keep within the
confines of the law.
~Cyan
Power Revised
What sorts of moral responsibilities come with the hacking powers you have acquired this semester? Be specific and precise! What powers have you acquired? What responsibilities do you take on with those powers?
In this semester i have learn a lots of thing , such hacking and social engineering task. The hacking power come with a lot abilities and responsibilities. In this semester we learn about what is ethical hacking is and what is good and bad is. As i learn ability to hack, also come with some responsibility such as when can you used this power and what low allowed to do with power.Hacking is very big deal it can used for bad thing, so we have careful when we used and who to tell. Other Power I have acquired this semester is Social Engineering. Social Engineering is very power full a person can have. This Power we can do lot of thing we take lot of information about company just by calling at company. we can used for good or bad of this abilities. In my opinion leaning this semester is we have to take responsibility.we have to thing if am not crossing the line and what right and wrong. What is moral value. Moral value are principle and standers which determine whether is right or wrong. When we have more power we have responsibility. so it depend on what principle and stander you follow. my moral value depend on religion., so if i tried to hack some one computer , but my religion does't let me.
i always follow the what is good and be honest. In the class we did social engineering task some of the task i couldn't because it was right for me and my principle. I learn a lot of think that doing social engineering that i didn't have power before , I learn how take information from and communicate. taking information it not easy, but good power to have, because you can do anything without hacking. reputability of this power is we us it good way or bad way. my principle is use good way. let other know people what could do just by taking and taking your information.
In this semester i have learn a lots of thing , such hacking and social engineering task. The hacking power come with a lot abilities and responsibilities. In this semester we learn about what is ethical hacking is and what is good and bad is. As i learn ability to hack, also come with some responsibility such as when can you used this power and what low allowed to do with power.Hacking is very big deal it can used for bad thing, so we have careful when we used and who to tell. Other Power I have acquired this semester is Social Engineering. Social Engineering is very power full a person can have. This Power we can do lot of thing we take lot of information about company just by calling at company. we can used for good or bad of this abilities. In my opinion leaning this semester is we have to take responsibility.we have to thing if am not crossing the line and what right and wrong. What is moral value. Moral value are principle and standers which determine whether is right or wrong. When we have more power we have responsibility. so it depend on what principle and stander you follow. my moral value depend on religion., so if i tried to hack some one computer , but my religion does't let me.
i always follow the what is good and be honest. In the class we did social engineering task some of the task i couldn't because it was right for me and my principle. I learn a lot of think that doing social engineering that i didn't have power before , I learn how take information from and communicate. taking information it not easy, but good power to have, because you can do anything without hacking. reputability of this power is we us it good way or bad way. my principle is use good way. let other know people what could do just by taking and taking your information.
Power!?
In my current journey of Ethical Hacking, I have learned many
new skills but the main ones I feel that will further my concentration in I.T
are social engineering, masking malware/keylogger into look alike programs, and
more importantly an understanding of power and control in the field. First
social engineering has brought me to an understanding that not everyone in
life, or the world are who they seem they are. Given that maybe 90%+ of the
population of people we come to interact with may seem harmless but it’s the
little things in life that people don’t pay attention to, which may come back
to haunt them.
When I worked in Fidelity, people were being social engineered
on a daily basis and most of it was harmless, it was noticeable in businesses
that this is becoming a norm. Social engineering such as shoulder surfing,
piggybacking, passwords sharing are extremely common in day to day activities.
What I did not realize was this was a really bad practice and not just that,
but the lack of security enforcement through the I.T team. Nobody honestly
cared other than fulfilling their jobs. There was never an issue with any of the
mentioned activities but I realized that once something does happen, it could
get really ugly, really fast. Jobs could be lost, people could get fired,
managers & supervisors could get written up etc.. Further, I have learned
that it is not hard at all to hide simple keyloggers into everyday programs
such as internet explorer or firefox. There are some keyloggers out in
sourceforge.net that will not show up as malware. Also I have noticed friends
and family around me fail to be aware of phishing emails and the
drive-by malware downloads. They will click on anything and everything that
they get in their e-mails. I can say my I.T awareness are much higher than prior to me engaging in the class.
Last but not least, I don’t know if this is considered a power
or not, but I’ve come to understand and learn the use of power and self-control
in the field. In every job I’ve been at, you are given some type of login and
password, whether admin or not, there are an insane amount of information you
can get with such logins, I knew before I got laid off, I could of easily
disclosed confidential information by being a disgruntled employee and gotten
away with it since 95% of workforce was told be laid off. During my last weeks
of employment, I was given a final task to break down the entire network of
PCs, and was given all types of access physically into secure areas of the
building and remotely to reestablish access to other data center sites located
in other states. I have learned that given such privileges and access comes
with strong desire and will to control it. This was something that was
entrusted to me and not something to be abused with. Obviously being
disgruntled and all, I did what was the right thing to do, finish my job and
understand the limits and boundaries of what I should and shouldn’t do.
Ethics extra credit project
Is doing this extra credit project optional or mandatory? Just wanted to know!!
Power
Hello,
First i would like to answer the spider-man question? How would I do it if i were spider-man? Everyone gets one. If i already saved you and you are in trouble? Too bad, should have thought it out. Everyone gets one.
What powers have I acquired? None really. I could already BS which is the backbone of social engineering. as far as technical hacking powers, I learned the power to Google it and figure it out for myself. What can I do with a database that has access to all information ever known to mankind? i know what you are thinking, cat pictures or pornography. Nope. Wrong answer. Just think about the weight of being able to learn any skill with a click of a mouse or be able to access any piece of knowledge that is protected or otherwise. That in itself is a huge responsibility. Do I use this power to teach myself skills that would compromise the integrity of the internet or society in general? Or do I use it to learn and better myself as a person? Do I focus on personal development and then channel that into efforts that benefit society as a whole? I felt the need to reference this as a power because as most people don't realize or take for granted that it exists. Imagine if some of history's greatest minds had access to this unlimited resource? The sky is the limit. The moral responsibility with this is measurable as well. We should all use this together to expand on our current knowledge and attempt to better society. To not use it as a platform for racism, anarchy, as well as other nefarious deeds. I personally take on the responsibility that now I know there are methods out there to break into computers or commit cyber crimes such as fraud, I must not take part in those crimes. I should with my knowledge try to put a stop to people that are engaging in such behavior. I should use my knowledge to make other people aware that their information may not be safe, and methods they could use to enhance their own personal information security.
Edited 5/2/14
Per our discussion in class you wanted more specificity. The why. I felt I illustrated it some what clearly but I will elaborate. Why is the information on Google or googling in general considered a responsibility? We have access to a shared resource that can answer any question or teach any skill known to mankind. There are unlimited sources for your questions to be answered. That is a huge responsibility. Why? Because I could use that knowledge to build bombs, rob banks, social engineer or scam people, make and/or sell drugs and every other awful thing that my brain could imagine. It is all on there. My imagination is my only limit. Before we didn't have that type of exposure but now anyone can manipulate information for their own personal gain. Why are those things wrong? Because they could potentially cause serious harm to a great number of people? Why is harming people wrong? Because it is. It violates the law and our moral responsibility to not hurt and maim others. So what should we use it for? Good. What is good? The active effort to improve society as a whole through thoughtful and considerate actions. The effort to try and help people and create things or ideas that improve the quality of people's lives whether it be by making them smile or curing cancer. Any degree of effort to improve anything for the greater good is in itself good. Also trying to actively stop people from using it to commit evil acts if it is within your power. In addition my definition of the "right thing" is to do what you consider right when no one is looking. Not to have an agenda to do it for praise or personal gain. The reason power and responsibility are connected is you need to be careful how you use your powers. If you have the ability to commit outrageous acts of sabotage and violence you should not engage in said acts and use your knowledge of this medium to teach others how to stop and prevent those malicious actions from hurting others. Become a beacon of light in the fight against darkness. Use your past transgressions or associations as a vessel of good to pave the way for others. You can be an instrument of change in this otherwise obtuse world. That is your responsibility in regards to your powers. This applies to other things such as your voice, your heart and your will to live and breathe free air. To use those tools to the best of your ability to make the world a better place. I feel this expresses my idea on this subject and to elaborate further would be redundant. Thank you for your time.
Respectfully
Jake
Edited 5/2/14
Per our discussion in class you wanted more specificity. The why. I felt I illustrated it some what clearly but I will elaborate. Why is the information on Google or googling in general considered a responsibility? We have access to a shared resource that can answer any question or teach any skill known to mankind. There are unlimited sources for your questions to be answered. That is a huge responsibility. Why? Because I could use that knowledge to build bombs, rob banks, social engineer or scam people, make and/or sell drugs and every other awful thing that my brain could imagine. It is all on there. My imagination is my only limit. Before we didn't have that type of exposure but now anyone can manipulate information for their own personal gain. Why are those things wrong? Because they could potentially cause serious harm to a great number of people? Why is harming people wrong? Because it is. It violates the law and our moral responsibility to not hurt and maim others. So what should we use it for? Good. What is good? The active effort to improve society as a whole through thoughtful and considerate actions. The effort to try and help people and create things or ideas that improve the quality of people's lives whether it be by making them smile or curing cancer. Any degree of effort to improve anything for the greater good is in itself good. Also trying to actively stop people from using it to commit evil acts if it is within your power. In addition my definition of the "right thing" is to do what you consider right when no one is looking. Not to have an agenda to do it for praise or personal gain. The reason power and responsibility are connected is you need to be careful how you use your powers. If you have the ability to commit outrageous acts of sabotage and violence you should not engage in said acts and use your knowledge of this medium to teach others how to stop and prevent those malicious actions from hurting others. Become a beacon of light in the fight against darkness. Use your past transgressions or associations as a vessel of good to pave the way for others. You can be an instrument of change in this otherwise obtuse world. That is your responsibility in regards to your powers. This applies to other things such as your voice, your heart and your will to live and breathe free air. To use those tools to the best of your ability to make the world a better place. I feel this expresses my idea on this subject and to elaborate further would be redundant. Thank you for your time.
Respectfully
Jake
Your friendly neighborhood Patient Zero Blue
Saturday, April 26, 2014
Friday, April 25, 2014
Final Task
My Tasks were as follows
1. Sneak (or take) a device of high importance from work and bring it to class, don't know exactly what yet.
2. Sneak something very delightful into our next class...
For the first task, I was gonna try ans sneak out something form my supervisors office, however, he only has huge computer towers in his office and I can sneak out with one of those. I thought I was luck when I was give the task of setting up a new MacBook air for the CEO of the company. I would have made up and excuse to bring the computer home with me so I could finish the configuration at home and bring it to school for the next class, however, friday afternoon as I was about to leave, my supervisor tells me that the CEO needs it the next day (Saturday) so I couldn't take it home. So I ended up failing that part.
The second part I think we all somewhat enjoyed it. The pizza was Okay. It took quite alot of planning to get to it being successful. What made it more difficult was that I had a weekly training event that I needed to attend before class, So i had to quickly get the stuff together and luckily it was a hot day, so I left the "stuff" in my car under the heat to keep it warm. I did successfully get it into class. 50/50 is good enough. :)
1. Sneak (or take) a device of high importance from work and bring it to class, don't know exactly what yet.
2. Sneak something very delightful into our next class...
For the first task, I was gonna try ans sneak out something form my supervisors office, however, he only has huge computer towers in his office and I can sneak out with one of those. I thought I was luck when I was give the task of setting up a new MacBook air for the CEO of the company. I would have made up and excuse to bring the computer home with me so I could finish the configuration at home and bring it to school for the next class, however, friday afternoon as I was about to leave, my supervisor tells me that the CEO needs it the next day (Saturday) so I couldn't take it home. So I ended up failing that part.
The second part I think we all somewhat enjoyed it. The pizza was Okay. It took quite alot of planning to get to it being successful. What made it more difficult was that I had a weekly training event that I needed to attend before class, So i had to quickly get the stuff together and luckily it was a hot day, so I left the "stuff" in my car under the heat to keep it warm. I did successfully get it into class. 50/50 is good enough. :)
Hacking Powers...tatatatatatat poder canino!!!!!!!!!!!!!!!!!
What sorts of moral responsibilities come with the hacking powers you
have acquired this semester? Be specific and precise! What powers have
you acquired? What responsibilities do you take on with those powers?
What do you believe? What are your values? Some of you did this, but not all.
-the ever-present question, "Why?" So, once you take care of the specifics, you've staked your claim on what you think the is right thing to do with your hacking powers--what your moral responsibility is. Now, why is that the case? Why is that the right thing to do?
among this semester; we have gather/acquired some special powers. Hacking and Social Engineering being the most common and most powerful ones. HACKING: with this power of hacking, comes many special abilities, upload a file, fishing, this power of hacking is a great one, that we need to protect and take care of it.
With this power of hacking, comes a great responsibility of to know when to use it. Among this semester we have learned ethics, and they have thought us what is good, bad, precise and unpresise.
is in our conciense, to determine as to where to use and how to protect; we cannot go around telling everyone that we have these abilities, they are for people with the right "level of access" only. Hacking can do a great deal of harm to any person, therefore we need to protect this abilities and only used them whenever necessary, whenever we have a job, or whenever we believe that is necessary, and also whenever the law allow us, it will be better.
my moral values of no doing wrong to none, be honest, this values among with my religious belief wouldn't allow me to hack someone or do harm in that manner to a person; my ethics of always ebing honest, loyal, careful, dedicated, all of those are things that wouldn't allow me to attack someone that is in a clearly disadvantage or just hack for the fun of it...
SOCIAL ENGINEERING; the most brutal, and dangerous way of attacking a company or a person. Through Social engineering, we can hack, impersonate a person, do recon, we can gather as much information as possible, and when we have accomplished our mission. PUFF!!disappear.
it depends on how we use this ability. At least for me there are certain things taht shouldn't cross the line, certains things that shouldn't be done, so My Social Engineering abilities,we can say are somewhat limmited by my moral values, do that they are the ones who help me to live with a clear conscience. this also has somet ethics values to it, like certain task that i believe are right and some are wrong. for me i wouldn't be able to lie to someone for a very long time, or to get somebody to do something wrong from me, although i admit it would be cool. but if i do that, what have i accomplished? in order for me to feel proud of what i am doing, or about to do i need to do it myself or at least that the person who does know she/he is doing it for me, and don't lie to her.
the everquestion as "WHY" my moral responsabilitiy is to have a great responsability with my powers. i may live in a different world that most of the people were this world is balanced, and at the same time is rule by God. is my faith, ethics, and moral values that throughout the years it ahd help me to build up my character. the right thing to do is what i beleive is right, and what my concience, moral values, ethics, tell me to is right. i can no live in a life, where i have the oportunity to do the right thing, and don't do it. i know and am clearly aware of the world we live in, but that doesn't i have to be part of this twisted world.
i always remember a quote said by Shakespeare " Love all, trust a few, and do wrong to none"
So as For me go, i take take full responsibility as to what, and where use this abilities, and even so if i feel somewhat weird, then i should simply try another skill, or ability that i have learn.
because Remember THE POWER IS SOCIAL ENGINEERING, THIS POWER HAS A LOT OF "ABILITIES";)..
What do you believe? What are your values? Some of you did this, but not all.
-the ever-present question, "Why?" So, once you take care of the specifics, you've staked your claim on what you think the is right thing to do with your hacking powers--what your moral responsibility is. Now, why is that the case? Why is that the right thing to do?
among this semester; we have gather/acquired some special powers. Hacking and Social Engineering being the most common and most powerful ones. HACKING: with this power of hacking, comes many special abilities, upload a file, fishing, this power of hacking is a great one, that we need to protect and take care of it.
With this power of hacking, comes a great responsibility of to know when to use it. Among this semester we have learned ethics, and they have thought us what is good, bad, precise and unpresise.
is in our conciense, to determine as to where to use and how to protect; we cannot go around telling everyone that we have these abilities, they are for people with the right "level of access" only. Hacking can do a great deal of harm to any person, therefore we need to protect this abilities and only used them whenever necessary, whenever we have a job, or whenever we believe that is necessary, and also whenever the law allow us, it will be better.
my moral values of no doing wrong to none, be honest, this values among with my religious belief wouldn't allow me to hack someone or do harm in that manner to a person; my ethics of always ebing honest, loyal, careful, dedicated, all of those are things that wouldn't allow me to attack someone that is in a clearly disadvantage or just hack for the fun of it...
SOCIAL ENGINEERING; the most brutal, and dangerous way of attacking a company or a person. Through Social engineering, we can hack, impersonate a person, do recon, we can gather as much information as possible, and when we have accomplished our mission. PUFF!!disappear.
it depends on how we use this ability. At least for me there are certain things taht shouldn't cross the line, certains things that shouldn't be done, so My Social Engineering abilities,we can say are somewhat limmited by my moral values, do that they are the ones who help me to live with a clear conscience. this also has somet ethics values to it, like certain task that i believe are right and some are wrong. for me i wouldn't be able to lie to someone for a very long time, or to get somebody to do something wrong from me, although i admit it would be cool. but if i do that, what have i accomplished? in order for me to feel proud of what i am doing, or about to do i need to do it myself or at least that the person who does know she/he is doing it for me, and don't lie to her.
the everquestion as "WHY" my moral responsabilitiy is to have a great responsability with my powers. i may live in a different world that most of the people were this world is balanced, and at the same time is rule by God. is my faith, ethics, and moral values that throughout the years it ahd help me to build up my character. the right thing to do is what i beleive is right, and what my concience, moral values, ethics, tell me to is right. i can no live in a life, where i have the oportunity to do the right thing, and don't do it. i know and am clearly aware of the world we live in, but that doesn't i have to be part of this twisted world.
i always remember a quote said by Shakespeare " Love all, trust a few, and do wrong to none"
So as For me go, i take take full responsibility as to what, and where use this abilities, and even so if i feel somewhat weird, then i should simply try another skill, or ability that i have learn.
because Remember THE POWER IS SOCIAL ENGINEERING, THIS POWER HAS A LOT OF "ABILITIES";)..
Tuesday, April 22, 2014
Following our discussion of the relationship of strength to justice--if
you can, should you?--helped along by the character of Thrasymachus in
Plato's Republic last week, we're turning to a related but different question this week.
To do this, we are considering the point of view most memorably stated in the original Spider-man as "with great power there must also come--great responsibility!"
Over the course of this semester, you have acquired a special "superpower"--hacking skills. You've learned computer hacking and social engineering skills, and practiced applying them in varied environments. At the same time, we've zoomed in on some big ideas in moral philosophy (ethics)--ideas about privacy and property and contracts and virtue and integrity and other things. From time to time we've explored the points of connection between specific problems in the ethics of hacking (including penetration testing, hacktivism, jailbreaking, etc.) and big ideas in moral philosophy.
Now, in our very last ethics assignment, it's time for you to put the thinking skills you've learned into practice.
For this week, by Monday at 9:00 PM, please make a new post to the blog responding to this prompt. What sorts of moral responsibilities come with the hacking powers you have acquired this semester? Be specific and precise! What powers have you acquired? What responsibilities do you take on with those powers?
Email me if you have any questions about this assignment!
Can(not) do It
Initial Prompt:
Thrasymachus said that justice "is nothing other than the advantage of the stronger." Do you agree? Why or why not?
Does having the ability to do something make it morally acceptable to do that thing? Put differently--if you can, may you? Why or why not?
The assumption that justice can only be boiled down to the concept of the advantage of the stronger is wrong, and at the very least shallow. In the case of Thrasymachus, he is referring to justice as just. He sets an example of different rulers providing laws under their type of rule, he states that to follow these rules is justice, whether or not it is correct or incorrect as he points out that rulers makes mistakes. In my own opinion, justice is not defined by the laws created, but rather, the laws are (hopefully) created by the guidelines of justice. His situation puts forth the possibility of incorrect rulers, and that a rule made by the ruler might be incorrect, so instead of the rule being based on what is right, it is based on the power the ruler has. My disagreement runs with the assumption that the law is just already. If anything laws put down are not justice but determined later as justice once its effects are evaluated.
I think the argument of ability meaning morally acceptable is also a shallow argument. In the terms of can and may, may indicates allowance. Can on the other hand, indicates ability, but what is this ability? If you are able to do something, you are also able to not do it. So the ability to dictate actions based on ability is moot as there is ambiguity whether the action is doing it, or not doing. Therefore you cannot make a moral decision on this ambiguous rule.
Me and My Coffee - Final Task Update
So review, my final task was to get a store employee to leave their position while I was still there.
I thought of doing this at a smaller local store where there was not necessarily a policy on how to treat the front desk/register, but I decided that was too easy. I decided to try this at a chain store where I know there are many policies that are told to their employees about manning the register. For the sake of keeping the employee's identity a secret I won't be saying the store's location, but I will mention that it was a Dunkin' Donuts.
At this Dunkin' Donuts location, I was unfortunate to find that there were several people working the register. But thankfully, the store was both empty, and the other employee went out for a break, lunch, or something. I ordered my usual drink at Dunkin' Donuts and chatted with the employee taking my order. I mentioned the busy crowd outside and the various parked cars, but was not too specific as to make a point of the surroundings. Through this action, I was able to establish my identity as someone who was at the very least friendly, as well as establishing a certain naivete about myself. I left the store after finishing my conversation and walked out and turned the corner, counted to ten, and turned back and entered the store. I made sure to have a confused and somewhat concerned look in my eye, and went up to the register again with drink in hand. Thankfully, it was still only the same employee. He asked what happened, and I mentioned that a delivery guy next to his truck was around the corner with a package, that he saw my drink and asked me to come in and ask for someone to sign and pick up something. I mentioned that he looked impatient, and the employee looked a bit panicked. He went outback to look for his co-worker and I guess this is a success for me already since he left me at the register alone. But I decided to keep going. Luckily for me, he could not find his co-worker and asked why he needed to go out there. I stated that it was weird as well for the delivery guy for not bringing it in, but I mentioned that it might be a big package, maybe a shipment. He asked if I was sure so I left the store again, turned the same corner, counted to 20 and came back. I confirmed, stating that the driver looked really impatient. So when I said this, the employee left the store, and the register, with only me and the cameras. He came back in a minute or two, and I just waited there, he said he didn't find the delivery truck nor the guy and I just looked baffled at him. I said I don't know and that he was around the corner, but I mentioned again, that maybe he just got impatient and left.
The idea of this social hack is expose a key security flaw of unmanned registers or front desk computers. Within both times of the employee gone I could have tampered with the store machinery or register and maybe plant a bug or so, if it was a front desk computer, I would have had access to a machine on the network. I didn't do either but instead just waited and looked confused. There is that issue of the cameras, but I am just exposing a single flaw in a security system which will always be people.
Misty
I thought of doing this at a smaller local store where there was not necessarily a policy on how to treat the front desk/register, but I decided that was too easy. I decided to try this at a chain store where I know there are many policies that are told to their employees about manning the register. For the sake of keeping the employee's identity a secret I won't be saying the store's location, but I will mention that it was a Dunkin' Donuts.
At this Dunkin' Donuts location, I was unfortunate to find that there were several people working the register. But thankfully, the store was both empty, and the other employee went out for a break, lunch, or something. I ordered my usual drink at Dunkin' Donuts and chatted with the employee taking my order. I mentioned the busy crowd outside and the various parked cars, but was not too specific as to make a point of the surroundings. Through this action, I was able to establish my identity as someone who was at the very least friendly, as well as establishing a certain naivete about myself. I left the store after finishing my conversation and walked out and turned the corner, counted to ten, and turned back and entered the store. I made sure to have a confused and somewhat concerned look in my eye, and went up to the register again with drink in hand. Thankfully, it was still only the same employee. He asked what happened, and I mentioned that a delivery guy next to his truck was around the corner with a package, that he saw my drink and asked me to come in and ask for someone to sign and pick up something. I mentioned that he looked impatient, and the employee looked a bit panicked. He went outback to look for his co-worker and I guess this is a success for me already since he left me at the register alone. But I decided to keep going. Luckily for me, he could not find his co-worker and asked why he needed to go out there. I stated that it was weird as well for the delivery guy for not bringing it in, but I mentioned that it might be a big package, maybe a shipment. He asked if I was sure so I left the store again, turned the same corner, counted to 20 and came back. I confirmed, stating that the driver looked really impatient. So when I said this, the employee left the store, and the register, with only me and the cameras. He came back in a minute or two, and I just waited there, he said he didn't find the delivery truck nor the guy and I just looked baffled at him. I said I don't know and that he was around the corner, but I mentioned again, that maybe he just got impatient and left.
The idea of this social hack is expose a key security flaw of unmanned registers or front desk computers. Within both times of the employee gone I could have tampered with the store machinery or register and maybe plant a bug or so, if it was a front desk computer, I would have had access to a machine on the network. I didn't do either but instead just waited and looked confused. There is that issue of the cameras, but I am just exposing a single flaw in a security system which will always be people.
Misty
Final Task
I'm going to attempt to get a co-worker's cell phone and find out how
many contacts (names and numbers) they have on their phone.
UPDATE
I was at shop and stop working the late shift, it was pretty busy that day. I found a fellow co-worker from the produce department and asked him if I could use his cellphone because I left forgot mine at home (It was in my jean pocket). Once I had the phone, I managed to find five contacts on his phone (He only had 5 contacts on his phone!!!) and wrote them down on a piece of paper.
UPDATE
I was at shop and stop working the late shift, it was pretty busy that day. I found a fellow co-worker from the produce department and asked him if I could use his cellphone because I left forgot mine at home (It was in my jean pocket). Once I had the phone, I managed to find five contacts on his phone (He only had 5 contacts on his phone!!!) and wrote them down on a piece of paper.
Ethics Assignment (Sorry for posting late)
Thrasymachus said that
justice "is nothing other than the advantage of the stronger."
Do you agree? Why or why not?
Does having the ability to do something make it morally
acceptable to do that thing? Put differently--if you can, may you?
Why or why not?
I agree with Thrasymachus and his statement about justice
being “nothing other than the advantage of the stronger”; my reason for
agreeing with this statement is because we live in a society full of laws and
rules in which we are supposed to follow. There are certain laws that exist
because certain people of wealth created these laws. For instance when I think
about “the war on drugs” I view it as an unconstitutional war against the
American people since we are the number one drug consumer. People should have a
right to determine what they want to put in their body and things they do not
want to put in their body. Another thing I can also relate to the topic of
justice would be the Monsanto issue some people are not aware about. This
specific issue is in regards to farming and does not permit the federal
government to halt the sale or planting of genetically modified (or genetically
engineered) organisms. The Monsanto protection act basically allows a farmer to
plant seeds even if they are found to be hazardous to human health. Again this
is a situation in which “justice” cannot be done because there are laws and
provisions in place to prevent the procedure of justice. When money is the
motive it can corrupt people and harm those who are not wealthy. Since money is
equal to power than it can enable the stronger to determine what justice is or
have certain things in place in order to prevent justice being pursued. “Just
as no action of a man can be interpreted without hearing what he says about it
himself, no speech can be accepted on its face value without comparing it to
the actions of its author. The understanding of a man and his speeches is a
result of a combination of the two perspectives.” It is not often that
in politics what they say and what they do coincide with one another. Going
back to the idea of people having free will over their body and having the
right to decide what they can or what they do not wish to put in their body should
be up to that person. I do not agree nor think that just because someone has
the ability to do something than it is morally acceptable. For instance, if a
farmer has a GMO crop of corn that has been linked to cause a certain cancer or
cause other dormant diseases to activate within certain people it is not
morally acceptable for them to continue to plant and harvest that crop since it
causes harm to the consumer. Now if the consumer is aware of the harm, such as
the harm caused by smoking or doing other drugs than it is their choice but if
the consumer does not have any knowledge than it is not morally acceptable. I
believe that if you wish to put something in your body than that is up to you
if you are well aware of the impact it may have. If you are ignorant towards
what you are eating then it is not your fault. Just because someone has the
ability to do a certain thing does not justify that thing as being morally
acceptable. Knowing right from wrong and having respect for other people and
their rights to live a healthy life knowing what they are consuming and how it may
have an impact on them. I believe as long as your actions or words do not cause
harm or detriment to other than the phrase of “if you can may you” is
acceptable. So to restate my point since i might seem like I am rambling, I do
agree that Justice is “nothing other than the advantage of the stronger” and
not by means of being physically stronger but financially or politically “stronger”
per say. If a certain “thing” does not harm other humans, mother-nature or its
creatures then that “thing” is morally acceptable.
Just because I agree with Thrasymachus view of justice does not mean I think it is right, thought that was something that needed to be said. If anyone has ever seen twelve years a slave than they would know that justice is only built for certain people. Just like there was never any justice done when the economy crashed back in 2008, nobody ever did any time behind AIG or any other large corporate fraud. Justice is a private sector that is built for profit. Much like the US is the worlds largest drug consumer we incarcerate the most people as well. OK I think I am done trying to make a point.
Subscribe to:
Posts (Atom)