
Hacking the Dropbox Space Race - pshken
http://blog.burtonthird.com/?p=81
======
hardik988
Attaching the MIT brand name to cheating doesn't make it hacking. Most, if not
all of the techniques described in the post are pretty well known.

Dropbox initiated the Space Race as a gesture of goodwill to students, and
it's hard to fathom how or why people won't receive it in the same vein.

~~~
ishaanc90
it is amazing you think of it as cheating. if these guys really wanted to
cheat we would just max out the extra 25 gigs and get it. We had already
gotten 15 gigs legitimately. We aren't insulting the goodwill of Dropbox, we
just think its fun to be atop the list despite having a student body of a 5th
of what the other universities have. It is also classic tongue in cheek that
Ben Bitdiddle and Alyssa Hacker were atop the list. This was a benign prank
and was done mostly to amuse. More than the hack itself it was just the timing
that makes this hack memorable. It was hardly a non-trivial hack. MIT was
leading the space race a few days ago, and then we exhausted our student body
and i find it more amusing than desperate to come back in the lead like this.
And you know what, somewhere in the offices of dropbox drew and arash are
probably smiling profusely and proud of their alma mater.

~~~
dhouston
yes we are :)

~~~
hardik988
Well then- no harm no foul. Guess I took the post too seriously..

------
ntumlin
I'm a bit confused, someone was suspended or banned from using the MIT network
for doing this?

~~~
colinsidoti
Well, the private aspects of the network. Can't SSH in and certs no longer
work. We're not sure if it was an automated response (the Moira system was
being taxed pretty hard) or if an individual actually revoked it. It's
possible we were bogging down some aspect of the network and this was the
easiest way to stop it.

We're hoping for the best. Nobody intended to be destructive, it was just a
fun project.

~~~
rogerbraun
You faked thousands of dropbox accounts, created thousands of fake mailing
lists and it seems you bogged down parts of the network. This may not be
terribly destructive, but it is reckless and borderline malicious. Someone at
MIT and Dropbox will now have to spend their time checking their systems for
your manipulations. It may have been fun, but I don't think it was worth it.

~~~
richardv
> "it seems you bogged down parts of the network"

It's MIT and Dropbox... I'm sure internally MIT can handle a one thousand new
mailing lists at any given occasion (until they are deleted), and I'm 100%
sure Dropbox didn't even notice a blip on their network as a result.

And also MIT don't have to check for anything. They deleted everything when
they were done.

I don't know why it was such a big deal for some MIT students to feel like
they have to win the Spacerace either, but I did actually enjoy the article,
although I'm not sure why the effort was made in the first place either.

------
mukyu
The most interesting part is that MIT uses client side X.509 certs which
basically no one ever uses.

~~~
mileswu
Scientific cluster computing (such as for the LHC or Open Science Grid) uses
them all the time for authentication, both in CLI tools and on web pages.

------
nthitz
Talk about sore losers.

------
kmax12
another posting of this that seems to be getting pushed down for some reason
<http://news.ycombinator.com/item?id=4679965>

------
rheide
I find this arrogant and stupid, and by no means worthy of the word 'hacker'.
It's cheating, plain and simple.

------
jianxioy
As a student from CMU, I must say, well played, MIT. :) We would have
conceived of a hack as well but unfortunately we were in the midst of midterm
week. Next time, perhaps. ;)

------
pella
stat: <https://www.dropbox.com/spacerace/top>

