http://edition.cnn.com/2011/WORLD/americas/02/17/canada.cyber.attack/index.html

Ottawa, Canada (CNN) -- The Canadian government confirmed Thursday that its computer systems fell victim to a concerted and sophisticated cyber attack in recent months but stressed that the attack was thwarted before classified information could be stolen.


But he added that the attack took direct aim at sensitive financial data prompting Canada to launch an unprecedented investigation into how and why its systems were compromised.


also, from a few days ago:
http://www.securityweek.com/hackers-penetrate-nasdaq-networks
In the past year, hackers have reportedly managed to penetrate computer networks that power the NASDAQ stock market, according to a report from the Wall Street Journal.


just a hunch, I have a feeling that its the same guy



Also, slightly unrelated, the Chinese government arrested the guy who ran china's biggest hacking site(Hackbase.cn)
Chinese law states that developing hacking technology (ex. writing viruses) is 100% illegal (even for educational reasons), and duel use technology(ex vulnerability scanner) can only be developed by crown corporations

I believe that western governments should do something similar. for example banning most low level hacking forums since they are full of people with malicious intent (ex. hackforums.net).

In Canada i believe its getting ridiculous, I can go into my local book store and pick up a certified ethical hacker guide without a background check. While in china these book are completely illegal

interestingly enough, in China the only hacking organization left is the china honker army (commie hackers).



Anyways, all my money is under my mattress, try your best hackers, but you won't be able to hack that!:O:

Anyways, all my money is under my mattress, try your best hackers, but you won't be able to hack that!:O:Hah. Keep on dreaming. I already got the password to your room. It's something along the lines of "\0", ain't I right?:D

http://edition.cnn.com/2011/WORLD/americas/02/17/canada.cyber.attack/index.html


:yawn: attack attempt != hack
happens any day of the year.



Chinese law states that developing hacking technology (ex. writing viruses) is 100% illegal (even for educational reasons), and duel use technology(ex vulnerability scanner) can only be developed by crown corporations

I believe that western governments should do something similar. for example banning most low level hacking forums since they are full of people with malicious intent (ex. hackforums.net).

In Canada i believe its getting ridiculous, I can go into my local book store and pick up a certified ethical hacker guide without a background check. While in china these book are completely illegal


I can't believe what I read here. Demanding internet censorship and advocating background checks for a book. :damn:
So how did you get your education to be the l33t hack0r you claim to be? I got my security certificate because our ****ing western governments do allow my university to use all kinds of internet security related literature, without pre-check or censorship. You cannot become proficient in security issues if you don't know how the other side operates.
Malicious intent my ass, get a copy of 1984 and read what a thoughtcrime is!

And how did you get your porn, oh wait, I forgot, it's illegal for minors to get pron in Canada. Maybe the canadian government should ban you from accessing the internet at all to solve this problem...

If you really believe bullcrap like this, you don't deserve to live in western societies if you cannot cope with the freedom we have here.

I can't believe this hasn't been mentioned...

OMFG HAX!!!!!!!!!!!1111oneoneone

I'm a valuable member of this community I am :smug:

:yawn: attack attempt != hack
happens any day of the year.




I can't believe what I read here. Demanding internet censorship and advocating background checks for a book. :damn:
So how did you get your education to be the l33t hack0r you claim to be? I got my security certificate because our ****ing western governments do allow my university to use all kinds of internet security related literature, without pre-check or censorship. You cannot become proficient in security issues if you don't know how the other side operates.
Malicious intent my ass, get a copy of 1984 and read what a thoughtcrime is!

And how did you get your porn, oh wait, I forgot, it's illegal for minors to get pron in Canada. Maybe the canadian government should ban you from accessing the internet at all to solve this problem...

If you really believe bullcrap like this, you don't deserve to live in western societies if you cannot cope with the freedom we have here.


Look for yourself:
5. Isn't this knowledge harmful? Why do you make it available so easily to the public?

EC-Council fulfills its social responsibility by ensuring that only persons with a minimum of two years of security related experience are eligible for the course. In addition all candidates are required to sign an agreement where they agree to respect the knowledge acquired and not misuse it in any way. The candidate also agrees to abide by all legal laws of the land in the use of thus acquired knowledge. Besides the CEH exam is a tough one to pass as students must have in-depth knowledge.

I can't sign up for the exam, thats all.
Thing is, i can't sign up for the official e-course, but my local book store has the DVD box set of the course for sale.

Also, have you ever wondered why you aren't afraid to check your mail? Or why you aren't going to x-ray every package you receive from Fed-ex?
Yet you are going to run a virus scan on every file in your computer regularly?


I can't find a book at my local book store on how to hide a bomb in a parcel, nor am I ever going to find book on how to break and enter someone's house.
Yet I can buy a book that teaches me how to embed viruses in files, and how to exploit vulnerabilities on other people's computers.

quoting from my Comptia security+ textbook
At the top end of the spectrum are those highly technical individuals, often referred to as elite hackers..... This group is the smallest of the lot, however, and is responsible for, at most, only 1 to 2 percent of intrusive activity.
(pg 8,Principles of computer security comptia security+ and beyond)

Why is it that I can't easily find a forum discussing how to easily break into breaking into homes, yet I can easily find forums teaching discussing hacking techniques?

As for internet censorship, check this out:
http://en.wikipedia.org/wiki/File:Internet_blackholes.svg
almost everywhere has censorship anyways


As for learning hacking techniques to make systems safer, its just like learning break in techniques to make homes safer. I'm pretty certain lock companies have people picking their locks to test them.Hacking, just like lock-picking, should be reserved for experts only, the techniques should not be publicly available at your local bookstore.

Also, i need a licence and a background check to buy a gun and to go to my local shooting range. Why don't I need a license to download a penetration testing tool?

Look for yourself:


I can't sign up for the exam, thats all.
Thing is, i can't sign up for the official e-course, but my local book store has the DVD box set of the course for sale.


So? They are a private organization, they can set the standards to participate in a test however they like. I cannot sign up for a test in med school, yet I can read all the academic books about medicine.


Also, have you ever wondered why you aren't afraid to check your mail? Or why you aren't going to x-ray every package you receive from Fed-ex?
Yet you are going to run a virus scan on every file in your computer regularly?


Last time I checked, packages get controlled by customs/mail carriers, just like some admin guy at your school checks the network security, so the pupils don't have to do it by themselves.
Btw, the mail in my company receives also an extra check because of security issues and threads we receive(d).


I can't find a book at my local book store on how to hide a bomb in a parcel, nor am I ever going to find book on how to break and enter someone's house.
Yet I can buy a book that teaches me how to embed viruses in files, and how to exploit vulnerabilities on other people's computers.


You can buy books about security and how to detect a bomb in a parcel. You can also find tons of literature about home security issues. Especially the latter knowledge can also be used to b&e a house.
Just like in comp security: you know about weaknesses, you can use it to protect stuff, you can also exploit this knowledge.


quoting from my Comptia security+ textbook
[random quote about elite hackers]
(pg 8,Principles of computer security comptia security+ and beyond)


what does this have to do with anything?


Why is it that I can't easily find a forum discussing how to easily break into breaking into homes, yet I can easily find forums teaching discussing hacking techniques?


just because you cannot find it, doesn't mean that these issues are not discussed somewhere in the net. Mostly on forums for home owners however ;)
Plus: there is also this little, analogue world outside. I heard they discuss things there, too.


As for internet censorship, check this out:
http://en.wikipedia.org/wiki/File:Internet_blackholes.svg
almost everywhere has censorship anyways


And just because many people have cancer it's ok to get it?
You may want to check out the link to the organization which made this map: Reporters Without Borders (http://en.rsf.org/). They are a organization which fights against censorship and for freedom of information.


As for learning hacking techniques to make systems safer, its just like learning break in techniques to make homes safer. I'm pretty certain lock companies have people picking their locks to test them.Hacking, just like lock-picking, should be reserved for experts only, the techniques should not be publicly available at your local bookstore.


And how do you become an expert? By learning and through experience. Anybody starts as a novice.
I am no certified expert in lock-picking, but my knowledge helped others and also myself to save quite an amount of money, when we were locked out from cars/home. See, this can also be usefull!


Also, i need a licence and a background check to buy a gun and to go to my local shooting range. Why don't I need a license to download a penetration testing tool?

apples and oranges, a pen-test tool is a valueable to harden a system.

I stay with my statement: you show an alarming sympathy towards autocratic laws and practices. If you don't like the laws of your country, go into politics and fight for censorship in your country, don't demand this for all western nations.
Freedom of information is not a privilege, granted by an authority, it's a basic right - just as many other freedoms.

Some food for thought: You may want to take a look what renowned organizations like the german CCC or the american EFF write about ethics, censorship and freedom of information. I hope this brings you a little to think about your ridiculous demands.

you see, this is a new problem that laws are lacking behind
Canada has really strict laws (compared to american laws) regarding restricted objects
many thing like guns and tear gas are banned in Canada

think about it like this, tools used for illegal activity are banned
however hacking is mainly based on knowledge and information

thats the problem, you see, hacking uses no physical tools
instead, its all in the hacker's brain and strings of 0s and 1s on his/her hard drive

My idea is, ban the tools and knowledge to the general public
and the background check should be before somebody applies to become a penetration tester, not after.

as you can see from what I quoted, only small amounts of attacks are actually done by the top few percent using methods they created themselves. Most of the attacks are done by people using publicly available knowledge.

now if the sources of the knowledge can be limited so only few people(who are licensed and regulated) can access it, the amount of internet crime will drop dramatically.

As for the security industry, this will barely affect them. Because doing the background check before allowing someone to come in contact with the knowledge and training is no different that doing the background check before the test.

a tool is a tool, nothing else
You government thinks that some tools like weapons or mace can do harm in the wrong hands, so they restrict them, that's their choice. Still, trying to buy a hammer or a screwdriver isn't restricted. I was in a strore in Canada once, that was robbed shortly before by someone with a screwdriver. So in your world they would be banned too - or maybe a background cgheck before the buy? ;)
Many people on this site know how to kill someone, still most don't use their knowledge, unless they have to.

I think you don't get the concept of personal freedom. A fundamental concept on which many societies are based on.
People get punished if they do wrong, not before, not pre-emptive.
Limiting knowledge is something dictatorships try to do, but luckily fail often in doing so. The free flow of information is one of the key tasks in the 21st century.

Btw: when you have a drivers license and be on the road you will see that it doesn't prevent people from driving like idiots :DL

I can't believe this hasn't been mentioned...

OMFG HAX!!!!!!!!!!!1111oneoneone

I'm a valuable member of this community I am :smug:


http://blogs.cosmicthings.com/gaming/files/2009/12/hax12.jpg

http://blogs.cosmicthings.com/gaming/files/2009/12/hax12.jpg

HAX indeed...:yep:

a tool is a tool, nothing else
You government thinks that some tools like weapons or mace can do harm in the wrong hands, so they restrict them, that's their choice. Still, trying to buy a hammer or a screwdriver isn't restricted. I was in a strore in Canada once, that was robbed shortly before by someone with a screwdriver. So in your world they would be banned too - or maybe a background cgheck before the buy? ;)
Many people on this site know how to kill someone, still most don't use their knowledge, unless they have to.

I think you don't get the concept of personal freedom. A fundamental concept on which many societies are based on.
People get punished if they do wrong, not before, not pre-emptive.
Limiting knowledge is something dictatorships try to do, but luckily fail often in doing so. The free flow of information is one of the key tasks in the 21st century.

Btw: when you have a drivers license and be on the road you will see that it doesn't prevent people from driving like idiots :DL

well we'll leave the topic for now
you do have a point.

BTW, you no longer ignore me?:03:

a tool is a tool, nothing else
You government thinks that some tools like weapons or mace can do harm in the wrong hands, so they restrict them, that's their choice. Still, trying to buy a hammer or a screwdriver isn't restricted.

That's because of a utilitarian, cost-benefit analysis. Hammers and screwdrivers have uses that are beyond using it as a weapon (or using them to defend against one) and the benefit is massively greater than the cost.

Limiting knowledge is something dictatorships try to do, but luckily fail often in doing so. The free flow of information is one of the key tasks in the 21st century.One has to remember, in our imperfect world, free flow of information cannot be perfected. It can be only be maximized and the question becomes whether allowing hacking knowledge to run around so freely actually maximizes freedom.

The threat of hackers reduces security, and this lack of security actually creates its own crimp on freedom, not legally based but just as effective.

Last time I checked, packages get controlled by customs/mail carriers, just like some admin guy at your school checks the network security, so the pupils don't have to do it by themselves.

Note the distinction, Penguin, even as you try to rebutt. While your company and some others may have special security needs and do a double-check on your own mail, as a whole mail and parcels passage is regulated and thus most people feel safe enough to not need a double check.

In the meantime, even the layman Net-user installs antivirus software, feels anxiety when seeing mysterious mail for fear of a virus, blocks off functionality to avoid exploits ... etc. In organizations they have to hire special people just do handle "point-defence" for their organization on a regular basis.

I can't find a book at my local book store on how to hide a bomb in a parcel, nor am I ever going to find book on how to break and enter someone's house.
Really? A friend of mine owns a copy of this.
http://en.wikipedia.org/wiki/The_Anarchist_Cookbook

[edit] Just checked. You can get them on Amazon.com, along with a lot of similar items. I'll bet your local bookstore can get them for you as well.
http://www.amazon.com/Anarchist-Cookbook-William-Powell/dp/0962303208