Scribd Logo
Carica

Benvenuto in Scribd!

  • Scrapbook 1 Article

    Caricato da

    api-273353674
    35 visualizzazioni5 pagine

    Titolo originale

    scrapbook 1 article

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    35 visualizzazioni5 pagine

    Scrapbook 1 Article

    Caricato da

    api-273353674

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    2/1/2015

    Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks

    Thomas
    Fox-Brewster
    (http://www.forbes.com/sites/thomasbrewster/) Forbes Staff

    I cover digital crime, privacy and hacker culture.

    SECURITY
    (/SECURITY)

    1/29/2015 @ 4:19AM

    1,856 views

    Hacker's List: This 'Hire A


    Hacker' Site Must Be A Joke, A
    Scam Or Just Sucks
    Comment
    Now

    Follow
    Comments

    There has been some breathless reporting around a


    hire a hacker site this month called Hackers List.
    It has been billed by the likes of the New York Times
    (http://dealbook.nytimes.com/2015/01/15/need-some-espionage-donehackers-are-for-hire-online/), Slate
    (http://www.slate.com/blogs/future_tense/2015/01/16/hacker_s_list_is_a_website_for_hiring_hackers.html)
    and now Ars Technica (http://arstechnica.com/tech-policy/2015/01/hackerfor-hire-job-board-reveals-hack-requests/) as a genuine service for those who
    want to crack online accounts they dont have the skills to hack into. But even
    a cursory review of the site would tell anyone Hackers List is an amateur
    effort. Its so bad it leaves one wondering whether its some kind of practical
    joke or a bizarre social experiment.
    First, just look at the promises Hackers List makes. It says it offers complete
    privacy and is confidential in every way, from billing to positng [sic]. It also
    guarantees secure and discreet payments. Then theres AES256 bit
    encryption so you can feel safe your data is secure, though it doesnt specify
    what exactly is encrypted. Theres also a dispute process, designed to make
    hiring a professional hacker worrie [sic] free.
    And now see how it totally undoes all those promises. In particular, the claim
    of total privacy is baloney. In its terms and conditions, Hackers List says it
    reserves the right to monitor all interactions between you and other users of
    our service. Another choice line from the T&Cs: Email and chat messages
    sent between you and other users of the Service that are not readily accessible
    to
    (/) the general public may be reviewed by us for compliance with these Terms.

    http://www.forbes.com/sites/thomasbrewster/2015/01/29/hackers-list-is-really-bad/

    1/5

    2/1/2015

    Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks

    Hackers List homepage

    Heres what the site admin told me: Yes we CAN [sic] monitor all activity on
    the site to ensure adherence. However, its [sic] not possible for us to review
    them all. Our review process only kicks in when a project is reported several
    times. Comforting words, huh? Or not. There goes users privacy. Anyone
    using this borderline (or actually) illegal service should expect to have their
    details handed over to law enforcement with little fuss.
    There was some promising news from the admin I spoke to: We are
    integrating msg encryption on the site in the next few days. I see no evidence
    this has been deployed, nor should anyone have confidence in encrypted
    messaging on a site that says admins can read any message.
    The site creators told me over email they wanted to keep paedophiles and porn
    pushers off the service, and so would only investigate messages related to
    content that might be considered illegal, obscene, lewd, lascivious, filthy,
    excessively violent, harassing or otherwise objectionable. Odd diction, no?
    Either way, at the slightest sign of sin, users messages will be read and they
    might get chucked out. Given the list of jobs on the site right now, including
    hacking a website (illegal) for as much as $900 and changing college grades
    (illegal) for up to $2000, the Hackers List admins are going to be expending
    much of their time banning people.
    With zero privacy, at least you can expect totally secure payments, right? Well,
    if you dont want to hand over your credit card details to whoever runs this site
    (the admins remain anonymous as the request of their legal counsel, though
    Forbes has suggested they give up their real names for guarantees over the
    sites legitimacy), theres always the option of Bitcoin, the anonymising
    cryptocurrency. But wait, the service doesnt even work. You have to pay by
    credit card. Great. One of the admins congratulated me on pointing this out
    and said theyd shut down the Bitcoin payment method.
    Credit card data, the site admin said, were not stored by Hackers List
    whatsoever. So where are they stored? The admin wont tell me. There is an
    escrow service, but when I joined the site and attempted to hire a hacker, I was
    asked to deposit funds. The only way to do that was with a credit card. This
    would indicate the Hackers List owners can see my details. I declined to pay,
    so low was my confidence in the site by this point.
    Need I mention a glaring vulnerability
    (https://www.xssposed.org/incidents/53433/) that was sitting on the site
    earlier this month that left users open to account compromise? Its now been

    http://www.forbes.com/sites/thomasbrewster/2015/01/29/hackers-list-is-really-bad/

    2/5

    2/1/2015

    Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks

    removed, according to the site co-owner, but again, Id have little confidence if
    I were to use this service.
    Its not like hackers are flocking to Hackers List anyway. From the long list of
    providers on the site, it seems little more than $1,000 has changed hands.
    There may be hidden payments being made, of course. And the New York
    Times said its front page article on the service led to an uptick in users
    (http://dealbook.nytimes.com/2015/01/16/hackers-list-struggles-to-keep-upwith-its-new-found-fame/).
    But with all this in mind, one question remains: why did a slew of reputable
    publications give Hackers List, which isnt even unique in what it does, so
    much air time with limited scrutiny?
    Comment
    Now

    Follow
    Comments

    Promoted Stories
    by Gravity

    Jay
    McGregor
    (http://www.forbes.com/sites/jaymcgregor/) Contributor

    I cover all aspects of technology and enterprise.


    Opinions expressed by Forbes Contributors are their own.

    TECH
    (/TECHNOLOGY)

    6/23/2014 @ 11:34AM

    4,983 views

    'Yo Is A Simple App - Your


    Privacy Isn't.' Yo Founder
    Apologizes For Hack And Hires
    Hacker
    Comment
    Now

    http://www.forbes.com/sites/thomasbrewster/2015/01/29/hackers-list-is-really-bad/

    3/5

    2/1/2015

    Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks

    A lot has been said about an app that cant say much more than Yo. The
    plucky young startup creation has received endless column inches cherishing
    it, deriding it and speculating whether or not it represents the end of a tech
    bubble (http://www.forbes.com/sites/jaymcgregor/2014/06/19/app-raises1m-in-funding-for-simply-sending-the-message-yo-back-and-forth/).
    But those column inches turned sour when it was revealed last week that the
    Yo app had been hacked by a group of students from Georgia Tech
    (http://www.forbes.com/technology/) University.
    The students had managed to push Yo alerts to random users phones and
    read personal data from the companys database. They let Arbel know by
    sending him an alert that said YoBeenHacked. Arbel quickly took the app
    down and fixed the holes.
    On Saturday, Arbel explained in a blog post
    (https://medium.com/@YoAppStatus/we-were-lucky-enough-to-get-hackedc3161b61dc7f) what had happened and tried to put a positive spin on it: We
    were lucky enough to get hacked at an early stage and the issue has been
    fixed.

    Arbel went on to clarify Yos privacy policy: The object of the app is to be
    simple. When you join it doesnt ask you for your email, full name, Facebook
    (http://www.forbes.com/facebook-ipo/) account, or any other piece of
    personal information.
    The only identity within the Yo app is your username. We dont want or need
    any other personal information. We want you to be able to give out your Yo
    username to anyone or any service without being afraid of suddenly getting a

    http://www.forbes.com/sites/thomasbrewster/2015/01/29/hackers-list-is-really-bad/

    4/5

    2/1/2015

    Hacker's List: This 'Hire A Hacker' Site Must Be A Joke, A Scam Or Just Sucks

    spammy email or a text message.


    Arbel explained that upon realising the hack, he and a team of engineers
    closed the holes that led to the attack. He even spoke to the hackers behind it,
    who he claimed gave him details of exactly how they found the exploit.
    In typical Silicon Valley style, one of the hackers even landed a job at Yo
    headquarters: Once the issue was resolved, we contacted the hackers and
    verified that the problems had been fixed. One of them is actually now working
    with us on improving Yo experience in other aspects as well.

    Comment
    Now

    Promoted Stories
    by Gravity

    http://www.forbes.com/sites/thomasbrewster/2015/01/29/hackers-list-is-really-bad/

    5/5

    Potrebbero piacerti anche