Hacker Highschool : Lesson 5, System Identification, is out

After some pretty serious downtime while I healed some broken bones, we’ve gotten Hacker Highschool v.2 rolling again with the release of Lesson 5 v.2, System Identification at

We’re releasing lessons out of order as we can squeeze them through the review process, so some of the higher-number lessons are already out. Fact checking, code checking, technical review, and a lot of very painful and painstaking review for anything pasted from somewhere else is tricky. But writing to teens is trickier.

Bob Monroe (Hawaii Bob) is providing Game On sections for all the lessons. Since we’re targeting the 12-18 age group (think about the eons those years spanned in your own life), we’re trying to spread the appeal across several audiences. Game On, the stories of Jace the teen hacker, show hacking in action: the practical application of theory through adolescent eyes.

Also: the VM group helped us formalize onto VirtualBox VMs for our labs, with Fedora Security Spin soon to replace Backtrack as our attack machine, and target machines from the Fedora and Debian branches replacing Metasploitable. The guys who do Puppet configuration tell me we can massage our “victimstations” specifically for our Exercises, which is going to be a very sweet feature going forward.

So the pots are heating up behind the scenes, and a whole lot of things are coming to a boil. There’s plenty more to come.


What does real research say about Hiring a Hacker?

The word hacker is much misused, as anyone who knows me knows I frequently complain.

It carries such negative connotations these days that even the suggestion that one “hire a hacker” to test one’s network makes people’s hackles rise. But is it really true that hackers are criminals, untrustworthy, risky? J. Oquendo at Infiltrated.net took a good hard look:

For the past decade, we have been hearing, and reading those pesky insider, outsider threats coupled with the familiar “thou shall not hire a hacker” themes. In every single instance, the expert behind the statement offers some rationale behind it, some magical number, or the impression that the situation is just so dire….

So what are the statistics behind hacking, recidivism, the insider and outsider threats? No one has taken a hard look at it until now. After not being able to locate any data containing anything of use, I decided to put together the numbers based on publicly available information…

In any event, the numbers are as follows: There were 8 total re-offenses (2.13% recidivism rate), insiders accounted for 15.466% (of this, 38% were law enforcement or government employee insiders). Former employees accounted for 8.26%, third party contractors came in at 4%, and lastly, law enforcement and government abuse totaled 6.4%. The average age of a re-offender was 26.5, the average re-offense time occurred within one year.

Look at that: a 2% reoffense rate! By that measure, a convicted “hacker” might be the safest hire you can make. Former employees are far more dangerous, and law enforcement insiders are particularly dangerous … to law enforcement.

Read the whole article at http://www.infiltrated.net/index.php?option=com_content&view=article&id=57&Itemid=59.


Catalonia rallies for independence from Spain

Aside from Syria, is anyone watching what’s going on in Spain? Catalonia is trying to win independence! I came across this:

“So tomorrow is memorial day in Catalonia and the pro-independence Catalan people will be out again in the millions to build support for freeing their country from the tyranny of Spain. They’re doing a human chain from border to border (400 km!) to show unity and now Spain has made human chains illegal outside of Catalonia (so no other region tries to extend the chain). The politics of a desperate tyrant here is really scary and amazing to see at the same time. But you gotta hand it to the Catalans, after 300 years of oppression they still try to reclaim their liberty every chance they get. Of course they have to wait until Spain is down before they try or else they’ll get bombed into submission like the other 4 times they tried and the current Spanish economic climate makes it perfect to try again as Spain is weak. The worst part is that Spain is so against them in so many ways over the years- burning books in Catalan, imprisoning those who speak Catalan, forcing schools to teach in Spanish so as to “Hispanize the children” (Spanish govt’s words) and so once again the Catalans are pushing for their own nation. And why shouldn’t they- Catalonia rivals the sizes of Belgium and the Netherlands and is the 4th largest economic region in Europe. Catalonia existed as a free nation for 700!years before Spain conquered them in the 1700s and they’ve been for300 years trying to get out of it. So will it be revolution or evolution? We live in interesting times.”