 So this question is, have you ever hacked someone, something or someone, example someone's Facebook or someone's website, if yes, how? Kind of an inappropriate question, I think, in some ways. First off, you give examples afterwards, which was good because the term hack has a lot of meanings to a lot of different people. Now traditionally, a computer hacker is anyone who's a programmer. If you're a programmer, you're a computer hacker. A lot of people recognize that. Some people may be offended by that. Well, if you're offended by that, I question how good you are with computers. But obviously here, you're talking about gaining access to a machine that you shouldn't have access to, possibly. And let me get back to the definition of a hacker. Like I said, there's a lot of people with different definitions. I have my own definition, which I think encompasses all of them basically. Anything that is a hack is taking a piece of technology and making it do something it wasn't intended to do or able to do beforehand. So once again, if you're a programmer, you write a program that program didn't exist before. What does? And that computer can now run that function. So that is my view of a hacker. Now this could fall into the category of illegal criminal hacking where you shouldn't be able to get into this account and you did something to gain access. And I'm going to tell you right off the bat, if you were any good with computers, you have. And it doesn't necessarily mean in a malicious way. Any website I use or any software I use, I'm going to check it for vulnerabilities. That's just common sense. You wouldn't want to be putting your information to a site that is not safe. And although Facebook is probably pretty secure for most people, there's a lot of small businesses out there that have websites that I may have to utilize and I have just, without even trying sometimes, come across obvious security errors just because the person who made that site didn't know any better. And I have gained access to stuff that I probably shouldn't have had access to, not with a malicious intent, and I usually end up contacting the developer of that site and letting them know. It aggravates me when weeks later they still haven't fixed it. But obviously you're looking for a specific story. So here is a story, I think a pretty good example. Once again I work for the fire department and I've been trying to get them to switch to open source for a long time. I've made little headway here and there. I've written little applications for them, but it's been an uphill battle. They much rather spend money on software that really doesn't work and everyone complains about, rather than just letting me do it, I even offered to do it on my free time. Anyway, a few years back they did hire some guy out of state who owned a little company that wrote a website that was for tracking our training hours and had a training calendar on it. So we can track, because we have to get a certain number of hours of training each year. The guy was a retired firefighter, so I could be there someday. And right away I went to a site and it wasn't working right. And the reason it wasn't working right was because at the time I was in Firefox and he wrote a site almost completely using visual basic script. Some of you may or may not know what visual basic script is. It's a scripting language made by Microsoft. It can be run locally on a machine, but also is used. It's kind of like their version of JavaScript. The only problem is, as far as I know, it only runs in Internet Explorer. No good programmer, no good web designer would design a website using visual basic script because you're not going to design a website that only works in one browser. So right off the bat, you can see that this guy doesn't know what he's doing. And I've been to other sites where right away it pops up, oh, your browser is not compatible with this site. Lots of times they are if you just change your user agent. But the fact, sorry about that, ran out of space on my camera's memory. So anyway, as I was saying, anytime you go to a website and that website is not compatible with any major browser shows that that designer does not know what they're doing which right away tells you there are probably security flaws in this site which turned out to be the case in this site that we were using for work for our training hours. And those training hours sites did have some private information from the users in there. And so without even trying, I ended up getting access to this site in ways that I shouldn't because the first thing I did, obviously, I'm not going to go using Internet Explorer. So I started using Firefox's web developer plug-in to modify the HTML, the JavaScript. I converted the visual basic script to my own version of it for JavaScript. Well, right away it's like when submitting the form to log in, it did checks with the visual basic script. So I was changing that to JavaScript and I'm like, well, I don't need to run these checks, I just need to submit the form. Well, it turns out that the checks for security were done within the JavaScript. So I quickly found out that if I removed his visual basic script, left the user name and password blank and submitted the form to log into the site, it would log me in as a default user of a guy named Ben who I worked with but it wasn't really his account, it was like an imaginary account that just happened to have his name on it. So I gained access to this kind of non-existent account. So right away I'm in there. I think his user account, this once again was years ago, was very limited. I couldn't really do much, but it did give me access to a user of some sort. Now another thing, once I've logged in as my regular user, there was a section where I'm trying to remember exactly how all this worked. It was years ago, once again, where you could request information about your account. Well, I noticed that on the submission for that form was a user ID which was just a number like, let's say mine was 53. Well, I modified the HTML to be 52 and it brought up someone else's information. So now I realize I can have access to anyone's information just by changing that user ID in the form because there was no other security check, it was right there. So once again, obviously you never do security on the client's side because the client has full say on what happens on the client's side and this guy was doing everything on the client's side. Once I realized that I could view and modify other people's stuff by changing that user ID I went to the section where we had our personal information and right by default I saw my personal information but I found that there was a user ID for modifying that. So what I could do was I could change my email address so basically what I ended up doing was this and this was just testing to see if it would work and I was informing this developer of all this stuff as I was figuring it out. I went to the section where I could change my information. I went to the section where I could change my email address but I changed the user ID and then submitted a new email address. So I could figure out whose user was what ID just by requesting information using their ID. So now I know, oh, this person is a captain or a chief that I work with. I figure out what their user ID is. I went into the email section. I changed my email address to my actual email address but then changed the user ID to theirs. So now their user ID, now their email address was set to my email address. I would then log out of the website and go to I forgot my password. This guy was obviously storing our passwords unencrypted on their website. There was also no HTTPS on this site so everything was being transmitted unencrypted but I could now request someone else's password and it would send it to my email account. So now I have their password and I can actually log in as them, change their email address back to their email so they're none the wiser. And when I brought this up to co-workers a lot of them are like, oh, who really cares if they have access to that? There's nothing really too private on there. And I pointed out, I said, well, doing that I find out what your email address is and now I know what your password is. Do you use the same password for your email that you do for this account? And most of them did because that's what people do. So in summary, anyone who cleared out the visual basic script on the login page left the username and password blank could gain access to the site as a regular user but then easily was able to figure out what other people's user IDs was and then retrieve their passwords using the technique. Now the chances of someone coming across and doing that on a little website like that, most people wouldn't be interested in that site. But that's my story of one example of where I gained access to a website or at least sections of a website that I shouldn't have been able to and really anybody could have. So yes, I have. That's an example. Once again, I informed my superiors at work. I informed the developer. It took a while. He did eventually rewrite most of the site with JavaScript. We stopped using that site. I don't know if he actually fixed the security flaws, but at least he replaced the visual basic script with JavaScript because there were some other issues with that site that I did find where you could actually modify the site and redirect people. So once again, if you ever go to a site and it says it's not compatible with your browser and you're running a current browser, good chance that site is poorly designed and has security flaws. Any site you use where you're entering information, you should check for stuff like this because you need to know whether your information is secure or not. Once again, it wasn't a malicious behavior. I let the developer know. It did take a while for things to get changed, but he was, in that case, susceptible. I have had other issues where developers either ignore me or get upset with me where I'm just informing them. So there you go. That's the example of that. And that's how it happened. I thank you for your question and I hope you like the answer. I hope that you have a great day. Please visit FilmsByChris.com. That's Chris at the K. Check out the link in the description. Have a great day.