
I hacked my best friend - exogan
http://exogan.com/i-hacked-my-best-friend/
======
guylhem
> He briefly removed his subdomain and rethought his security systems. It was
> a really fun week.

Sorry, it is not fun for your friend unless he had an absolute trust in you,
and knew you'd help him remove every backdoor/keylogger/etc.

He may have spent a lot of time securing his machine, time he'd rather have
invested in different things.

Seriously, don't do that. Just tell him about the obvious weakness - send a
proof of concept if needed.

But a friend is more precious that some cracker creds.

~~~
exogan
I did help him remove the keylogger and explained him what I did. We've known
each other since kindergarden. Plus, it was a mutual challenge, a capture the
flag situation.

~~~
akerl_
Nowhere in the article do you ever talk about any kind of agreed-upon
challenge where anybody gave you permission to try this kind of exploitation.

------
akerl_
"I needed to stand out, and what better way than hacking into his network?"

The fact that this crosses peoples minds really concerns me. Have we so
degraded our respect for things that belong to other people that we're willing
to do this as part of a publicity stunt?

------
Mandatum
To those calling him out for hacking his friend without permission, keep in
mind he was a teenager (15) at the time. His friend was of similar age.
Teenagers do stupid things, I was of similar age at one point and also did
very stupid things.

It's part of growing up.

Saying that, the author needs to give better context.

~~~
akerl_
Yes, but he didn't write it as a cautionary tale or even attempt to portray it
as a stupid thing done out of youth. The delivery very strongly portrays it as
a good thing that was a good idea, and a rational step towards advancing
yourself in the world.

~~~
Mandatum
A mechanic reading a tale of someone pouring metal filings in with the engine
oil, I doubt they're going to think it's a good idea to go out and ruin their
engine.

Is an author always required to include a disclaimer? Stupid is as stupid
does.

~~~
akerl_
The mechanic's disclaimer is going to be inherent in the text: "I once poured
metal filings into an engine, and then everything went to hell". This isn't
like that at all, it's a tale of how hacking somebody's systems without
consent was a fun and rewarding idea.

------
tlrobinson
Cached:
[http://webcache.googleusercontent.com/search?q=cache:2zAAkXU...](http://webcache.googleusercontent.com/search?q=cache:2zAAkXUtZnMJ:exogan.com/i-hacked-
my-best-friend/+&cd=1&hl=en&ct=clnk&gl=us)

------
krapp
>Thanks to Google, I didn't even need to crack that hash, I just searched the
hash string and found the password already cracked.

Im gonna guess unsalted md5?

------
jdawg77
Wow, that's seriously messed up if (which I didn't grok in the article) the
person did not know that you were trying to help them with their security. The
verbiage seems incredibly antagonistic (started to get nasty, etc)...implying
a poor friendship at best.

Agreed with the first comment - no fun at all for your friend indeed. The
links are good at the end, I've read about a few of those tools even being
relatively non-technical. I think more people should have a basic
understanding of how to maintain security, but, this doesn't strike me as the
best way to teach folks.

