Researcher Compensation
Doesn't four free games with a year long subscription to X-Box Live constitute a developer's account?
A five-year-old boy has found and exploited a password flaw in his Xbox to hack into his father's Xbox Live account. Still of Kristoffer playing on the Xbox Look out, Mitnick ... Kristoffer Von Hassel on his Xbox (Credit: ABC 10 / KGTV) The parents of Kristoffer Von Hassel, from Ocean Beach in San Diego, California, …
He'll have to be quick to beat the FBI agents who will turn him over to the US Attorney for prosecution... let's see 1 count of hacking is a minor offence... so would only require 20 years in the slammer with a plea bargain.
On a serious note, if his dad is telling the truth about Kristoffer's "inquisitiveness" and natural tendency towards this type of thing... well he should really get used to the idea of visiting his son behind bars from age 16 and beyond. The government does not reward the creativity of those who tinker and probe.
>Hacking the security is much more fun.
I see you have been around children this age. My not quite 2.5 year old nephew knows all the alphanumeric characters and is trying to type in passwords. Calculators, microwaves, and washing machines face the same barrage of button mashing (as characters are loudly announced). It's like an elegant form of a million monkeys on a million typewriters in a natural pseudorandom sort of way to go about brute forcing quality tests, but there you have it.
... I wonder if he was quite so “'yea!'” after working out what he got as a reward. Still, at that age being given anything in recognition is nice, and his dad's clearly pleased for him.
Spoken like a true Californ-aye-ayyyyyyy beach boy, both of them. Just missing the response containing "stoked", "bummed off", "gnarly", etc., starting every sentence with "So..." ;-)
"starting every sentence with "So..." ;-)"
So, get your Old Grey Whistle Test tapes out. Not for the music, but for the presenter. So, specifically, surely Whispering Bob Harris pioneered the "So, <whatever>" concept, many decades ago?
Oh no hang on, it may have been "'cos, <whatever>"?
So sorry. Much wrongness.
Nice list.
Rule 50: My main computers will have their own special operating system that will be completely incompatible with standard IBM and Macintosh powerbooks.
is easy to fulfil: just use an old CDC 7600 with its 6 bit bytes and ten byte words, and an OS that is not so much "not user friendly" as "user hostile." The only downside is that it is slower than your average smartphone.
As an alternative, you could up the voltage on all the i/o ports to fry any PC or macbook attached to it without authorization, inspired by the idea of the etherkiller
I had Win3.11 on PC that the kids would use on occasion for playing games. I thought they were playing too many games, so I enabled the login in stuff and added a password.
The next day I saw the kids playing without me having logged them in and was both annoyed as well as impressed by how a 5 year old could have cracked the security.
It turns out all you needed to do was hit the escape key....
It might be surprising, but not entirely without precedent.
Remember everyone used to make jokes about programming VCRs? "Just get a 5 year old to do it".
Children are persistant, and try things that may not be intuitive to adults - especially the adults who wrote the firmware/software.
Remember the guy who single-handedly crashed an airline entertainment system by fiddling? He did so by trying things that would not make sense in that context. OK, that was an adult, but children are especially good at trying things that would never occur to adults - again, particularly some adults that write security context code.
Children are persistant, and try things that may not be intuitive to adults - especially the adults who wrote the firmware/software.
That's partially because kids learn different: they EXPECT to fail a number of times, and that doesn't discourage them - they keep trying. A large proportion of people lose that ability to consider failure as a stepping stone to success when they grow up.
Personally, I think EVERY bit of tech needs to be kid tested by 3, 5 and 12 year olds. If it survives that you can consider it military grade :)
"Children are persistant, and try things that may not be intuitive to adults - especially the adults who wrote the firmware/software."
I started work on some Palo Alto firewalls recently - with no training and no time to reference the manuals.
I was asked to set up some NAT, sounds simple but these things are seriously weird in the brain-wiring department.
I only got it working by trying every permutation of zone between the rule and the NAT statement. Once it started working I looked at the zone 'logic' of what was happening and have just decided to commit the scenario to memory - because it still doesn't make sense.
Sometimes you have to behave like a child and pretend you don't know anything in order to learn something. My first tech job I fixed a Lotus Notes Post office (or whatever the hell the thing was called) by re-building it using every different possible option until it worked. Saved the company about £3k in call out fees.
I wasn't much older than that (8) when I first started finding holes in the password system on my dad's DOS based menu program. He gave up on keeping me out of the games with passwords and started hiding the power cord by the time I was 9. Mind you that menu program was pretty primitive and my dad's not exactly an expert at computer security (plus I was way ahead of the rest of my age group as far as computers). I'd expect better from a modern system.
since Xbox will be used by KIDS, shouldn't Microsoft have rented a kindergarten class for a day, given them a dozen machines and instructions to "have fun", and taken notes on what the sprogs discovered? As was noted above, kids are pretty darned creative (before it gets beaten out of them) which makes them both a joy and a nuisance (da widdle debbils). :)
TIFKAM - I had completely forgotten that acronym and hoped that there was an unexpected release of a new version of the PIHKAL / TIHKAL books or something. Also useful resources for those with daring and experimental minds but definitely not for children ;)
has not really to do with computers but about 20-25 years ago we had to develop some cases/boxes that would carry car/battery-inverters or mobile radios that would be used under extreme conditions like:
vibrations water heat cold etc
what we could not damage, kids could break in days
they were not allowed to use hammers and that kind of tools
so the smart ones took a rope and tied the casing/box behind their bicycles riding over shitty streets with pools of water, the result was awfull
it took some time to make the product kiddy-proof before we could deliver the final product that was happily accepted by the client
Ian, you are absolutely right, plus in the states they can't drink alchohol before they are 21 but can be sent to a foreign land to kill or be killed (is dying sober a good thing?)
Not quite hacking but on the estate where I grew up all the kids knew that any internal key would open any door in our houses but non of the parents seemed to know that.
I'm glad you raised this point - as a confirmed pedant of 80 years, I can really go to town on it.
The word 'infant' is strictly a legal term from the Latin 'infans' = 'not speaking', meaning one who was unable to 'speak' in a court, or unable to make a contract. Until fairly recently, the term 'infant' applied up to the age of 21, later reduced to 18 - when I was a National Serviceman, liable to be sent to fight in the Korean War, I was unable to vote.
Kindergarten, primary, secondary and in some cases even in university (I had uni entrance at 16) we were all infants.
No Internet connection, no ping, no account logins, no DLCs, no chatting with someone whom you've never met when playing the game.
Those were the days and we still had plenty of fun, and the graphics might not have been the best, but we still had lots of fun, hadn't we? Sega 16-bit, NES, SNES, PC Engine etc.
Why the cynicism? At a time when I was working with local authorities, including education, my kid decided that hacking his school's admin network was more entertaining than his school's IT curriculum. Granted he was 11 yrs old at the time but, within a few weeks, he'd graduated to hacking a national curriculum online student testing facility. I had anticipated using his 'work' to provide me with some traction in discussing security infrastructure but the reaction (without blobbing him in) was indifference. Too much potential for embarrassment?
David Gale
SITFO.org
I wouldn't call it unsupervised, more like lightly supervised. It's not like he realized it because he got a credit card bill for stuff he didn't buy. He saw what the kid was doing one of the times he was using it. So maybe it will call for a bit more supervision in the future, but he wasn't completely AWOL.