One day I was asked by the
interviewer: "Suppose I take you to a PC machine running Unix, and I shut it down. How long will it take
you to get into that system without a logon and password?" That gentleman was very nice,
and he considered I
was a Guru in programming. He was expecting an answer specifying a relatively short period of time,
and he
was just ready to take me to a trial. I guess my answer was rather blunt; I said, "Without a logon and a
password I cannot get into a Unix system, Sir."
My interviewer was disappointed, and I remember I thought at that moment the man had seen too many movies, and he
knew too little about programming. However, that person was Manager in a hardware, firmware, and software
development company, same as--I suspect--thousands and thousands others. People know
so little about programming, and
most of them believe what they see in movies. For example, I am referring here to a movie with John Travolta
having a strange name, "Swordfish" or something--I never remember the names of trivial
things. Anyway, the scene of particular interest was, John Travolta was a bad guy, and he grabbed a
computer hacker, then he asked him to break an encryption code of 256 bits or
something in one or two minutes. It came out the hacker did it, and in very "harsh"
conditions!
That scene was incredibly vulgar, illogic, and it revealed in fact gross stupidity. The
"encryption code" proved to be just a lousy password: one that only a person with maximum grade 7 of
education was capable of setting. As for the 256 bits encryption, the
script-writer had no idea what he was
writing about. Unfortunately, very many people also have no idea what encryption means, and I am certain they
found that scene as being "incredibly intelligent" and "something"! |
|
|
Let's take this case of breaking into a Unix system without a logon and password. If we lived 1000 years, we could
get into a UNIX (or PC) system, after working continuously, night and day, and being helped by a lot of luck--we,
or anybody else. If we write a program to do the work for us, in case of a good logon and password, it would
take that application few tens of years of continuous work. Please note: this refers only to a logon and password.
We know little Unix Shells Scripting, and one of the first Scripts a programmer implements is to allow for maximum
3 failed logins. Next, the attempting hacker is kicked out of the system, and he has to waste a lot of time
reentering.
Any hacker knows it is impossible to break a decent login and password; therefore, the only methods they implement
for "breaking in" are the old, simple, fooling tricks--those used by thieves for thousands of
years. Those methods are based on stimulating strong emotions in order to hide/dissimulate their actions; others
deal with the "substitution" techniques. What they do is, they send you a fake email saying, something
bad happened to your account at, for example, CityBankX. Next, they insert a link leading to a page looking
exactly like the real CityBankX one. You could be fool enough to enter there your CityBankX login and password,
and that is how they get it. In conclusion, never follow links in emails; close them, and then navigate to the
mentioned site by yourself, and see if there is anything wrong with your account or not.
The above example is just one particular case, but there are thousands other possible scenarios. There is a lot of
documentation on the Internet about hacking techniques, and we do encourage all visitors to study them because a
lot of people became victims following simple and stupid techniques as the one described above. Fact is, the
Internet is a
free-for-all jungle; regardless of how many firewalls, antispyware, and virus-checks you
have, there are always all sort of "routines" capable of tracing your moves. The only reliable weapons
you have are your login and, mostly, your password. Be very careful with them, and rest assured that no decent
company will ever ask you to "change", to "update", or even to
"identify" yourself using your
password, excepting for the true login pages.
 Now, to come back to encryptions, they started exciting people's imagination since the Second World War, more
precise since the Enigma story, the German encryption machine. It happened the Polish Intelligence
managed to break the Enigma encryption code since 1939 (or close), but the US and British Intelligence were so
intelligent that they did not believe them. In consequence, the US and British Intelligence worked
very, very hard together, for few years, on
designing "intelligently" a plot to capture an Enigma machine from the Germans. Well, true intelligence
wasn't much appreciated in those days either. Anyway, they did manage to capture that electro-mechanical machine
in 1943, or something, and the result was thousands of lives saved--a little bit late but "good intelligence
job", nevertheless.
Enigma used a primitive encryption code equivalent to--just an estimation--a 16 bits encryption code, yet it
proved to be almost unbreakable at that time. The point to note is, the 64 bits encryption code we use today is
practically unbreakable; a 125 bits it is totally out of discussion; as for a 256 bits encryption code, you have
to be almost brain-dead to consider a human person could break it in less than few good tens of thousand years.
Now, if you do have clues, that is possible regardless of the level of encryption used; sometimes those clues do
exist.
The "true hackers" are never known, officially. They are your
PC/MAC/LINUX OS developers, plus few governmental agencies, plus few
private [secret investigations] companies. Each PC machine ever produced
has a unique ID code, and that code is inserted in all files that PC
machine produces/opens. While you navigate on the Internet, your unique
ID code is recorded on each router/server/gateway. Practically, there is
no way you could hide using today's technology, because it was
specifically designed that way. The fact that we do have (ordinary)
hackers, email spam, pornography, copyright infringements, and the rest
of miseries is only due to the fact the "legislators" allow that to
exist.
The "encryption codes" used on our PCs do not matter [they do not exist]
for those "true hackers" because your own PC decrypts the messages
automatically for them. There is absolutely no way to prevent, say,
certain Microchip professionals to decrypt/read/download your entire
hard drive if they want to. The only way you could have a good
encryption system is if you build it yourself. Note that our book
Learn Hardware Firmware and Software Design
teaches you the very first steps--the most important ones!
By the way; it is common the idea that wireless phone (or Internet)
conversations cannot be tracked/tapped. Ha! You wish. There is
absolutely no such thing as "privacy" using any of the available
technology on the market. The only way you could achieve some privacy is
if you design/build encryption systems/codes yourself in meaning/message.
|
|
MERCY is a nice, decent, instructive book, and we are certain it will incite your imagination towards
intelligent, constructive developments. In our World today, full with bestial pornography, senseless violence,
absurd lies, endless greed, hate, and stupidity, MERCY is just a drop of clean, pure water in the desert ...
***
First published on November 17, 2005
© Corollary Theorems Ltd. All rights reserved.
|
