Sunday, September 20, 2015

The Waning Desire to be Anonymous

This post will seem to conflict with a previous post of mine, but there isn’t really any conflict. Over the past few years, specifically the 2002-2012 range, a trend began. More people began to use there real names and real information on websites and not just on their bank’s website, but on social media and forums too. This was likely sparked by social media sites like Friendster, MySpace, and Facebook. This trend even carried over to Youtube, spurred on by the merger between Google and Youtube. In some instances, real names were not just encouraged, they were required! Posting a false name or Internet handle could lead to account termination. But that wasn’t the troubling part. What bothered me was that most people didn’t seem to mind giving away their personal information like their names and such. In fact, most people were all to happy to give away their identities. But why? What happened? Isn’t the Internet for anonymity? Why were people so comfortable with giving away their information?

As already hinted at in the introduction paragraph, modern social media is partly to blame for people using their real information on the net. The modern social media website began with Friendster, a site few people know about today. As of today, the site is down.* Friendster wasn’t the first social network to come into existence, and it wasn’t the first social network to gain serious momentum. Friendster, however, did set the stage for the massive social media networks that later came onto the scene. MySpace, Facebook, Twitter, and even Tumblr all use the same foundation that Friendster made popular. And it was with Friendster that the mass use of real names began, even though earlier sites like Friends United and Classmates.com encouraged real names for obvious reasons.

But why have people become so comfortable with this requirement? My guess is that most people have simply become accustomed to it or they didn’t really use the Internet before the real name requirement. If you think about it, the average person doesn’t use a computer for much more than social media. Since modern social media, like Facebook, requires the use of a real name, the average person probably didn’t think much of it, or the average person simply assumed that it had always been this way. Consider that Internet use exploded with the advent of MySpace and Facebook, and most people hopped on the Internet when these sites became massively popular. The vast majority of Internet users never experienced the era when Internet handles were the norm.

But are there other reasons why people have chosen to disclose their real names on the Internet. You bet!

The Internet has proven itself to be many things, but one of the most recognizable things about the Internet is that it is a money-machine and a fame-machine. Both money and fame are hard to achieve if you are posting under a randomized pseudonym. Leet-h@x0r isn’t as recognizable as Julia Johnson, and it isn’t as easy to tie that username to a bank account. And most fame-seekers don’t see any reason to use an Internet handle. To them, an Internet handle is just a hassle and it could cause confusion among their fans. The famous, or would-be famous, brand their real names because they don’t see any reason to brand a pseudonym.

What about civility? It’s no secret that people are more civil when the words they say online can, one day, be used to bludgeon them over the head. Many websites have taken note of this and, as a result, require people to use their social media accounts in order to post comments on the site. I’m afraid posting anonymously is seriously going out of fashion. The famous, and would-be famous, in particular have everything to lose if they say the wrong thing. Celebrities (barring particularly “controversial” celebrities) have been blacklisted from entire industries because they spoke a little bit too freely. The Average Joe, too, is at great risk of losing his job and becoming a public pariah for speaking his honest opinion. But is this necessarily a bad thing? Should people be forced to use their real names, risking real-world consequence, in order to post online? Requiring real names to post may incline people to act more civilly online, however, it also restricts people into saying only that which is politically correct. Dissent is punished. And, as a result, online discussion becomes safe, popular opinion goes unchallenged, and public discourse becomes far less rich and diverse. In other words, a sterile garden is a dead garden. The Internet isn’t a safe place and it shouldn’t be a safe place. It should be a challenging place. I’m fine with portions of the Internet being designated “safe” zones. If Facebook wants to regulate what its users are allowed to say, that’s on Facebook. However, the entire Internet shouldn’t be a safe zone. There should be zones for people who want to be challenged and say challenging things. And these zones will rightly allow for anonymous content creation.

Anonymous people may say some nasty things, but some of the most thought-provoking and provocative things I have ever read online have been posted under pseudonym. I don’t want this to change. Which is why I allow for anonymous comments on this blog, I’ll approve any comment you good folks think up. So long as the comment is more than just “You’re an asshole” or spam.

That was a fine tangent, wouldn’t you say? I live for little bursts of inspiration like that. But, now that the moment is over, let’s get back on topic.

Fortunately, in recent times, the desire to be anonymous has been freshly renewed. Anonymity is now becoming prized, once again, for the reasons listed in this post and this post. People want the freedom to say what’s on their mind, as controversial as it may be. While anonymous posting has waned a bit (or a lot), I bet it will still be around for a long, long time. Even if it were outlawed, it would still find a way. That’s the funny thing about outlawed things, if there’s a market for it, it will find a way.

*By the time you read this post, the link will likely be dead. The linked webpage was simply an explanation by Friendster’s developers naming their reasons for shutting down the site. Basically, the site wasn’t as popular as they had hoped and this was due to the challenges brought about by the changing gaming industry.

Sunday, September 6, 2015

Hacking: It’s Easier than Ever!

Hacking is easier than ever. Now, that fact can be either reassuring or disturbing depending on what side of the fence you sit on. If you are a hacker, or would-be hacker, then you are likely breathing a sigh of relief right now. If you are a regular person with a bank account, then you are probably quaking in your boots. But before you start feeling relieved or terrified, we should probably examine the truth of that statement. Is hacking easier than ever or am I simply attempting to garner clicks with a clickbait title? Let’s look at some facts. I’ll be viewing this issue from two periods of time, the year 2000 will represent the past while the year 2015 will represent the present. So, is hacking easier than ever, I’m just as curious as you are. Let’s find out!

First, let’s look at the way hacking has become easier over the years. In recent years, there was has been an explosion in the availability of hacking tools and that one tool critical to any hacker’s arsenal, the computer. Computers, once only a luxury, are now the cornerstone of most households. In the early 2000s, the computer was something that most families aspired to own, while most families didn’t own one. And the families who did own a computer owned an average computer, for the time, at that. Back in 2000, it was common to find a computer that had only 128 MB of hard-drive space and only 64 MB of RAM. Quite a difference compared to today where the average desktop computer will have around 1 terabyte of hard-drive space and 8 GB of RAM. Of course, these boosts in processing power make hacking all the easier, but what of the other hacking tools on the market?

Truly, it’s impossible to say just how many “pentesting” tools there are on the market. If I were to guess, I would say there are around 500 officially recognized hacking tools available to the average person, paid or free. Kali, a free GNU/Linux distribution, offers over 300 tools built-in upon install. So it would seem the would-be hacker has plenty to choose from. But what good is a tool if the owner doesn’t know how to use it? Not to worry, though, in the year 2015, hacking tutorials abound without seeming limit. All a person needs to do is Google “How do I use [insert pentesting tool]” and they’ll be taken to at least 100 tutorials, some far better than others. It would seem that, these days, just about anyone with a little patience, time, and effort could become a hacker. Free knowledge is out there for the taking, all a person has to do is reach out a grab it. These days, there are no excuses for ignorance.

And what about the fact that we are surrounded by technology? With all the laptops, desktops, tablets, readers, and phones (don’t get me started on the phones) in common use among the populace, our environment has become the hacker’s playground. Next time you leave your house, take note of how many devices with WIFI capabilities you see. I bet you will be surprised. With all this technology chatting it up on busy radio frequencies, hacking opportunities abound. The Internet of all things is a wonder to behold.

This is all well and good, but let me introduce a counterpoint. How has hacking become more difficult over the years? But, you may say:

How could hacking have become more difficult; didn’t you just flawlessly list and explain the reasons it has become easier than ever?

Yes, it is true, hacking tools, tutorials, and opportunities are more common and accessible than ever, but defenses against hacking are also exceedingly more sophisticated than they were back in 2000. In 2000, tech-security just wasn’t as much of a priority as it is today. Not because the business-folk didn’t care about security, it was just assumed that most people didn’t have either the knowledge or tools required to hack into their systems, which was true. However, those folks who did have the knowledge and tools found it surprisingly easy to break into systems. Compared to today, routers were easy to confuse and overwhelm, databases were full of exploits, programs were often buggy and poorly reviewed, websites didn’t thoroughly parse data, data was often sent over unencrypted channels, buffers overflowed, and the rivers and seas ran with milk and honey. I guess, in this way, hacking was easier back in the day. But it was only easier for a small group of technophiles. The vast majority of would-be hackers were just out of luck.

So, I’ve listed some good arguments as to why hacking is both easier and harder than it was in the past. But has hacking in 2015 become easier overall? Is hacking truly easier than ever? My final argument will prove that, once and for all, hacking is far easier than it was in the past. Are you ready for this?

Hacking is easier than ever for the reason that most people are still as knowledgeable about computers as they were in 2000. In fact, I would venture to guess that most people’s knowledge of computer’s doesn’t extend outside of Facebook, email, and other social media. While security has been seriously amped up since 2000, the average person is still living in the past. In the hacking underground, it is often said that people are the biggest vulnerability to any system. Even with all the training employees receive, they are only marginally more prepared against cyber-attacks than they were 15 years ago. And this isn’t even mentioning the average person on their home computer. Otherwise intelligent people can be completely fooled when the topic of computing is brought up. Especially if the person is older. I’m a young guy with some tech background, and older folk along with most of my younger peers are convinced I’m a technological genius, when I know that that assumption couldn’t be further from the truth.

It seems that security professionals are fighting a losing battle, when the biggest wildcard in that battle is the average person. A security professional who designs and implements security measures must strike a balance between security, accessibility, and ease of use. When the average person isn’t at all technologically inclined, this spells disaster for most security implementations. It’s a completely uphill battle for the security professional. Though, it probably doesn’t hurt his job security.

All in all, abundant and accessible tools and information, coupled with most people’s ignorance about computing, have made hacking easier than ever. Thanks to all of the aforementioned, it truly is a hacker’s paradise. So rejoice or cower. The future is here and it is terrifying. But it doesn’t have to be. The average person can, by following a few simple rules, greatly minimize the chances that his information will be stolen and exploited. All the average person needs to do is proceed with caution. Don’t be reckless on the Internet. Use strong passwords. Don’t give out any more information than is necessary. And don’t download anything shady. By following these simple rules, the average person can greatly reduce the chances of something bad happening.

With that said, I wish you happy browsing or happy hacking. Or, if you swing both ways, happy…doing both.