So I was going to do a "Top Ten Computer-related Pet Peeves In TSN Fandom" post, but then I realized that all I wanted to do was bitch about hacking
( Read more... )
There are some ways Facebook would make it a whole lot easier to "hack" into someone's account - for example, there's a story about RL Zuck checking people's failed FB log-in attempts and using those passwords to get access to their email accounts. Considering how many people re-use the same password and user name for every website they visit, he could probably access a bunch of accounts of like a third of FB's user base fairly easily. But that's not really what most people mean when they talk about hacking, I guess.
Uh, that is - do the FB people have access to people's passwords? I know passwords aren't stored in plaintext, but I was assuming that if you know what your own system uses to salt and hash PWs you would have an easier time figuring out what they are than a hacker who gets access to the hashed tables some other way.
I'm pretty sure they have access to the hashes and salt, though there are probably protections on what people and processes can access those hashes.
I do web development, and while I do have read access on the production database, they don't let us have access to the hashed passwords. I imagine at Facebook it's even more locked down.
I don't have read access to my prod DB (the business analysts and data services do, devs don't), and it's not even the one that holds the passwords. We use an "authentication solution"/single sign-on created by a third-party security company, which is a PITA to set up, but otherwise works great except for the occasions when it throws a tantrum and refuses to let anyone log on. Happily it mostly confines itself to non-prod. LDAP also comes into the mix somewhere, which is a frequent source of pain in dev as the lookup randomly spikes up to >60 seconds and we can't work out why.
Oh god, third-party software. *shudder* I mean, I get the problem with not-invented-here syndrome, but like, at least then you can usually just call up the person and yell at them until they fix it.
Happily it's administered by people inside the organisation, so we email them and get them to turn it off and on again :-D
The 60-second lookup is a hand-cranked job. I suspect it of being some obscure hardware or config issue, as it works perfectly in QA and all the other environments up to prod.
Oh, I agree! There are ways he could get access to someone's account that are mostly social engineering. Facebook could be used as a giant phishing site. (And he could do things like sniff public wireless networks for people's cookies and basically steal their credentials pretty easily.)
But really, I'm complaining about people who think he can break into government databases easily and/or who write about Mark getting access to people's e-mail accounts pre-Facebook.
Yeah. :/ Hacking is sadly hard to research, too, because a lot of the info on it might as well be written in another language. Hashing, salting, sanitizing inputs, buffer overflow - it's like a giant game of trying to guess the meaning from the underlying metaphor. I only know what three of those words mean, and I read a lot of programming blogs for a non-CS-person.
Not that a lot of fic in this fandom reads like people even attempted to do any research. And I feel you on the pain of people getting something related to your profession totally wrong. I just watched a show where a character panicked about a patient going into arrhythmia while you could hear the heart monitor bleeping steadily and rhythmically in the background, and it pretty much hurt me in my soul. /o\
For me, it's not as much the research issue so much as the casual way it's used.
"Oh, someone hurt your feelings? We can totally hack into the Department of Homeland Security and put him on the no fly list!"
Which, yeah, Mark Zuckerberg could doctor someone's Facebook page with questionable material and then let the authorities know about it, and get them put on the list that way. But hacking into the database and putting them there? Really? Yeah, they're assholes, but they know how much shit they'd be in if they were ever caught.
And oh man, I'm sure most doctor stuff on TV is even worse than, I don't know, writing a GUI in Visual Basic to track an IP address.
Reply
Reply
I do web development, and while I do have read access on the production database, they don't let us have access to the hashed passwords. I imagine at Facebook it's even more locked down.
Reply
Reply
Reply
The 60-second lookup is a hand-cranked job. I suspect it of being some obscure hardware or config issue, as it works perfectly in QA and all the other environments up to prod.
Reply
But really, I'm complaining about people who think he can break into government databases easily and/or who write about Mark getting access to people's e-mail accounts pre-Facebook.
Reply
Not that a lot of fic in this fandom reads like people even attempted to do any research. And I feel you on the pain of people getting something related to your profession totally wrong. I just watched a show where a character panicked about a patient going into arrhythmia while you could hear the heart monitor bleeping steadily and rhythmically in the background, and it pretty much hurt me in my soul. /o\
Reply
"Oh, someone hurt your feelings? We can totally hack into the Department of Homeland Security and put him on the no fly list!"
Which, yeah, Mark Zuckerberg could doctor someone's Facebook page with questionable material and then let the authorities know about it, and get them put on the list that way. But hacking into the database and putting them there? Really? Yeah, they're assholes, but they know how much shit they'd be in if they were ever caught.
And oh man, I'm sure most doctor stuff on TV is even worse than, I don't know, writing a GUI in Visual Basic to track an IP address.
Reply
That one made even me a bit skeptical.
writing a GUI in Visual Basic to track an IP address.
Oh man, I read that Cracked article at work and ended up trying so hard not to laugh a few people thought I was crying.
Reply
Leave a comment