 Success. Okay, we'll just pretend like it goes for two minutes, four minutes or less than that. Okay, so it's at the stage to remind everybody where we were. Right, we're back in, oh man, I forget. 1988, on November 2nd, when the first internet worm was released. Right, and so we eventually learned that it was released by a Cornell grad student that had a mistake in the replication procedure that led to unexpected deliberation. And they had to turn the entire internet off to get the fix out for this because as soon as you turn the computer on there's so many instances of the worm out there and it used several different vulnerabilities that your machine would get infected immediately and then it would continue to happen. So the worm itself is very interesting because it's really the first instance of a worm out there in the wild. So what do we mean by worm? What distinguishes like a worm from a virus, from a trodden horse, from an owl or a malicious piece of software? Yeah, a worm is a piece of software that doesn't require any trigger or something to spread like so it's just a piece of code that might be a bootstrap in the OS like it can spread and it keeps on multiplying in the number so if it affects one of the areas we don't know how much it has spread in the whole network. Yeah, so the big key here is that a worm is self-replicating so that kind of distinguishes it from a lot of other things. You think of it like, warming its way through the computer systems and we won't get into all the different terminology of all the different things and the important thing is here is once it gets into one system it then tries to look for other vulnerable machines around it and if it finds any it replicates itself to those machines and on those machines it scans looking for vulnerable machines and it infects those machines and it spreads in this exponential way throughout the network. So the worm specifically worked on some three systems and back machine computers running VSD Unix and so the worm consisted of two parts. There was a main program, so the actual kind of main functionality and a bootstrap program, that's what was loaded on a new system so on the new system this bootstrap code was sent, executed and that code basically went fetch the main code, compiled it for the system and actually performed all of the propagation techniques. So the first thing that a worm needs to do is to get privileged access remotely and here remember the key thing is that it's spreading throughout the network essentially uncontrolled or without any user interaction. And so it first had to get remote privileged access so it actually used I believe three different ways to get access on the machine. So one was it used a buffer overflow in the finger data so anybody actually use the finger plan though but it did Eric you want to tell us a little bit about it? Because I remember it, if you didn't know who a user was you could use finger and identify them and it would give you any, it was kind of like a profile basically. Yeah so you could, it was a remote service right so on any machine on the network you could connect to a specific port you'd query for a user and it would return back information about that user so it would say you know and they got to think this is way way way back before Facebook or anything like that right so you knew my user account you could finger my server and then it would tell you oh yeah this is how I'm going to pay this is this office, this is phone number or whatever whatever and current logins oh interesting so yeah it's not really used anymore but it used to be pretty important and there was a simple buffer overflow vulnerability in the finger server code and it basically looked exactly like this which we haven't gotten into buffer oversource yet but here we have a buffer allocated that line so line is a character buffer of 256 bytes and it's nullifying the very first entry of this array but the next grade is get so what does gets do? it takes an input and does what? modifies it? places it in the buffer what was that? places the input strings in the buffer yeah so gets will get a string from standard in and for every character just add it to this buffer append it to this buffer until I believe a control D is sent or a zero a null byte I believe is how gets work I can't remember the exact ending but if we could look up the man's page we'll give the exact semantics of gets which we will do at some point so there's no bounding on the amount of input that is going to be received here right it doesn't say hey only get me 512 bytes because that's all the states I've allocated in my buffer so essentially what happens is the attacker could send a bunch of code more code than the 512 bytes that the finger server was expecting and then it would overwrite the return address and be able to execute arbitrary code now this is just kind of like a teaser for the rest of the class because this is the kind of stuff that we're going to get into and this is the kind of stuff that you're going to be able to exploit on your own okay send mail what's the send mail server kind of in the name yeah send to me that's that's meant right it's a SMTV server so you know also a very critical part of the internet infrastructure right if you want to be able to use I mean I guess I can't 100% save for certain but I would believe that email is probably one of the original killer features of the internet right so you could communicate electronically with people at different institutions and it would be quick it would be cheap you know it didn't cost a phone call so this had so you know you're building one of these servers you're building this remote email client and it had an option that you could send when you're sending mail called debug seems legitimate right you're a developer you want some way to help administrators debug your server so you allow them to when they connect to the system to send mail they can issue this debug command to execute commands on the system which helps you as an administrator because now you don't have to go into the box and you know have an account there to administer everything you can just do it right from this nice little plan from anywhere and with this commands to execute it literally means any command to execute so whatever you sent it would basically just execute that command so this is bad why? you can step into the stack of the program you can step into the stack of the program I mean execution code yeah yeah so you're basically so it's just like getting a shell a remote shell where you can type in commands like a terminal on this machine remotely do any authorization access control checks no just let anybody do this right so the intended functionality of the server because they were trying to be nice and friendly to admins so anybody could just go to the server and send commands to execute so after one of these two succeeded it then would transmit a bootstrap program which was about 100 lines of C code then they actually compiled and ran that bootstrap version and then with the bootstrap would cause a transfer of the main program from the victim machine to the infected to the host machine to the new victim and then the main program so now you're on the machine right so what do you want to do you're the warm writer you're RTN back in 1988 a little bit before this happened use the send mail to send to run for the compiled C code that's already done yeah so that's what just happened so then the main program gets executed what do you want to do? bootstrap it on to all the next bootstrap those programs to all the machines in the network so you can infect all the machines so you want to infect new hosts but how do you know how to find the hosts? try all the possibilities of the IP address yeah one thing you can enumerate all of the IP address space and you can find the one you want to use what's the problem with that? there's a lot of IP addresses there's 4 billion IP address you can always use the instead and find the ones the ones that are connected so use the netstat and locate the IP addresses that your machine is communicating with and only use the netstat and route right so netstat would tell you what connections your machine currently has to other hosts so netstat tells you the current connection so that's how you can get to the valid host what's in the routing table? the subnets they are connected to yeah so the routing table says hey if you want to send a packet out to any of these other addresses you have to talk to this machine so they can do another machine right there what else? how do I find out about more machines? ETC host will contain like mapscanner or something to get the valid host yeah so you can do like a ping scan to ping maybe so maybe you can use the routing table to understand what's the local network and maybe if you could send out some ping from the local network or you can, from the ipad so netmask you can know how many was there in the network well it could be there right but we don't know the actions so what were you saying about ETC host? it has information of the system that has logged in to that particular device maybe so what's in the ETC host file? yeah so that's manual DNS entry mapping so manual entries between host names and IP addresses but hey that's another place and you know that if you put that entry in there it probably exists legitimately right that's a real host I don't know if I did it but you could query the what range they were allocated sometimes back then they had to I was going to say DHCP yeah I don't know I don't know I would assume it's done a little more ready some people will use SSH so you have a bunch of keys for different hosts or you have maybe the hosts that are listed or even your your known hosts file it has every single machine that you have SSH to and it's private keys so you have valid ID addresses there so they didn't have SSH at this time but they had the equivalent so yeah it's trying to find out it would look at network interfaces it would look it actually did use net stack to look at the open connections then when they got there trying to use RSH so RSH is remote shell so this is the precursor to SSH what's the first SSH stand for? Secure yeah so what's that mean about RSH where it came before not secure yeah so it had no encryption and often times what people would say is hey if I'm a user on this machine and I SSH into that machine just allow it because I trust this thing who wants to type in their password over and over again that's crazy so it would try to leverage the trust between two hosts so it would try to bring in one host and say ah if this is in your you know our hosts equivalent or known hosts they'll try to SSH into it because maybe you've already set up that connection and so it would gather information on the trusted hosts it would look for ETC hosts or ETC hosts equivalents our host file which allows the administrator to specify trusted RSH hosts and also the dot forward file is the dot forward file close yes it's forwarding I believe mail so it's for so when the mail server gets an email you can say hey actually all email for this user forward it to this other system which means there's probably another trust relationship there and so the system the warm would try to spread throughout there so first we try to RSH to the reference host right so it's just trying to say hey can I get there right because they're already set up a connection there then it would try a password cracking attack so it would look at the ETC password file where all the Unix the Unix stores the users and the hashes of their passwords and then we try to crack it with the dictionary and all this stuff so it would try to perform a dictionary cracking attack to be able to then go to that user to try to find out more information about the hosts and transfer to machines and so then when it broke into the other machine right this process was repeated so then the bootstrap of transfer that's being probably on execute so it tries to go and get down to more information in fact to more hosts and so just by doing this it brought down the entire machine like a day so let's say you write this right and you let's say you don't want to release it you want to release it whatever we'll assume you're a bad guy you want to release it where would you release it at or be your infection site in the public workstation a public workstation where here it is you open networks yeah I don't know what I'm going to do in Tepe I drive down to U of A and you would release it there or you'd ask your friend to do it maybe at some other university across the country same thing happened here so the initial infection started from a server at MIT so they think it was a little bit of trying to throw them off the trail and get them to be looking at MIT students when they was really at a different place so now we get to watch this awesome so this is the CNN coverage of the attack on your head it's too big okay we're going to have to deal with a very tiny, tiny view screen so let's refresh this I've seen this video it works and this is hilarious this is a broadcast on the day this happened life in the modern world has a new anxiety these days just as we've become totally dependent on our computers they're being stopped by satuers satuers who create computer viruses the defense department, universities and research centers are still recovering tonight from a computer virus that brought a nationwide network to a standstill one of the institution's hardest hit was MIT David Boyer reports it was first spotted at NASA Ames at Grand it came from California maybe traveled by a electronic mail it spread across America how insidious was this virus it spread very quickly there are reports in newspapers today that it has made its way to Europe and to Australia it arrived at MIT in the middle of the night the students were safe their computers weren't it just ran it would do its thing it would go to other machines at MIT 200 computers were infected a country that told might be 6,000 we believe it was intended to spread more slowly than it did so that it wouldn't be noticed as quickly which would actually have been more insidious if it's spread out to a large number of machines and say held a surprise and did something Mark Eikin students in a part-time virus once we had it stopped we were able to take it apart sort of like dissect it and tear it apart piece by piece at least three processes right here these three programs the SH with the primes are in fact copies of the virus that are running there it's not really a virus it's a code a set of instructions an act of sabotage that started on a floppy disk this virus spreads by disk and by telephone it's just a call away and like a virus it replicates like crazy look at this and look at this and look at this and as it replicates the code the so-called virus it wipes out stored data or cripples the hardware but this virus clogged the system many thousands of computers but it did no damage but it's benign it's not malicious and it has to do no damage besides propagating itself and that's why I think it's a warning the suspect somewhere a dark genius I suspect it's an A student a good A student so lost computer time but it's real for the virus and a warning my personal speculation is that this is somebody who is trying to to warn people to say it can happen to you we know you've been able to isolate the cause someone called it is everywhere and there's no one that's a good enough news I'm David Boyer what do you think seems like a millennium that seems crazy 6,000 computers were affected oh my gosh that sounds crazy think about it something like that happened now and was able to spread to all the machine the numbers would be in the millions maybe billions depending on how much you get to spread if you get to spread on all of your mobile devices your tablets the computer that's inside this thing on the front of the screen here that's crazy to think about that's crazy to think about to think about how terrible a broadcast that was they just took clips from a movie that's not relevant to add some dramatic effect or something and just noticing it's self-contradictory they say in the middle that crashing hard drives or something and then towards the end it's like no damage happened to any of you I think they just got confused because nobody could access their files in some sense they were gone but they were still there when they fixed everything any other comments on the video things you liked for hair at the beginning so then we turned our attention a little bit more forward in time to Kevin Mitnick who's one of the most well-known hackers I would say who would you guys say best known hacker I mean you take a hacker and a real person who you take a electron the guy who goes with the name electron I don't know what does he do he was an Australian hacker he had a bunch of like news networks and stuff interesting anonymous anonymous it's hard to give a nice story about them so much about them too much Jeremy Hammond who's he, what's he done use the hack this side a lot of deep and you go to NSA and send it for 13 or 14 years so Kevin Mitnick he's in my mind one of the most well known hackers maybe it's from in the 90s but he's still around today in his history is a very checkered past so in 1981 he had a one year probation for breaking into a lot of Pacific Bell's offices and what he was trying to do was he and his little crew they broke it into the office and they weren't even messing with the computer system what they wanted was a free access a free way into the networks so what they did is they put their card in the VoloDex of like allowed people in their office but that way what they called them and like this is Kevin Mitnick I want access to your systems like I'm a technician I have to you know do it now and they say I've never heard of you well look in here boss put the thing in the file and they look in the file and they're cool like I'll give them whatever he wants so that's why they broke in there but eventually they found it then he he then enrolled at USC and uses some campus machines and he leaves the activities where he was sentenced to six months in juby and you'll notice like a trend here he keeps getting caught and like not not doing bad stuff so he breaks then breaks into the San Diego this I don't know SCO which was a company I think he was trying to get software I believe and so he was they found him they caught him he was sentenced to three years probation he gets expelled from another institution after he gets caught he breaks into the DEC so he was caught by an FBI he got sentenced to one year's sentence what was three years probation for? stealing software I think that's no but he hacks again in 1980 oh yeah full probation just means you have a probation officer that watches you like you're not in jail you're out of jail you have to like but it's not like a fun process you have to like check in with an officer and all this stuff and if you violate your probation then you go back in the jail at least that's my understanding of it if somebody knows better he got like a personal experience you want to share that that's fun too so then oh yeah so in 1992 he violates his probation and he goes into hiding so Kevin Mitnick's his skills so he's a very sophisticated hacker as we'll see in a second one of his really big skills is social engineering so he was able to break into systems without even really breaking into them just by tricking the human on the end of the phone to let him in so 1994 the California DMV issues a one million dollar warrant for his arrest which is pretty crazy right that's kind of you know one of your other hackers stuff and he's in hiding he's accused of invading the San Diego supercomputer center it's actually a really cool attack that we're going to look at so this attack so he is trying to break into the supercomputer center he wants I don't know if he's doing it for the fame or the talking about money really at this point he's on the run and so this is actually a very sophisticated TCP spoofing attack so what's one of the what's one of the basic differences between TCP and UDP it's connected let me go on UDP UDP is unreliable and connected right so UDP you can just send a packet it has no concept of a connection TCP you have to do a three-way handshake right so we have to I send you a packet you send me an act and then an act and then we're good to go when we start talking right so there's a three-way there's a three-step handshake for us to be able to communicate with each other what he was able to do is exploit the trust between two hosts in the San Diego Supercomputer Network so there was an external machine that was a spark station it was running so large one it didn't have any disks whatever the details aren't super important there was a server so there's a host that provided boot images to this X terminal and the X terminal allowed unauthenticated logins and commands coming from the server right so if you were coming from the IP address of the server into the X terminal right you could execute any commands that you want it makes sense it makes sense as a security measure because you have to establish this three-way handshake if you don't complete that third step of that handshake then you're not going to establish a connection so yes you can spoon one TCP packet but in order to communicate you have to do that whole handshake okay what he found out was that it was actually not easy but pretty easy to do this so he first took down the server so he did a denial of service and a bunch of packets to the server so that the server wouldn't respond to any packets then he impersonated the server well if that happens again we're going to have to leave maybe they heard me okay so you take down the server this goal is to impersonate that server and to get it to execute arbitrary commands on this X terminal so he denial of service attacks the terminal and then is able to guess because there was bad TCP sequence numbers here he was able to guess the TCP sequence number and able to inject a packet into that connection in order to do the handshake and execute the arbitrary commands so he ran basically this command to allow any unauthenticated access from any host in our host file and there's actually a great read down here that describes exactly the steps that was taken and shows some cool TCP dumps some like the actual traces that happened here so I encourage you to read that and I'm going over this just like the buffer overflows at a very high level because probably beginning of next week we'll start looking more at how these types of attacks actually happen okay so in 94 he's still on the run from the law in 1975 they arrest him in North Carolina he's sentenced to 46 months in prison yeah this is kind of cool so his wanted poster that one I'm probably going to keep it in 2000 he was released from prison after 5 years and as part of his probation with his history he just said no internet no computers, no email for you and so it wasn't until 2003 that he could actually surf the internet and use the web do you think that's fair? is that right? what would you do if you couldn't use a computer for 3 years? so do you think that's a legitimate thing that we should do to notorious hackers? no it's a basic right to use a computer what have you demonstrated in history like this of using criminal activity? you need to improve the security you need to do research on that I could if I have a house and I don't lock my door when I get into my house that's still that right? just because it wasn't locked you know you can't come into my house I'm not saying it's not wrong but putting the onus on him is ridiculous let's say there are thousands of Kevin Mitnick are you going to arrest all of them and how are you going to monitor all of them you have to secure your systems is it the same problem or different problems though? are they different issues? what do you think? walking away hired as a security expert help mitigate hold that thought we're going to talk about that in a bit let's be thinking about that later on Albert Gonzalez he's one of not my favorite I would say but he's a high profile person in cyber crime this is him he ran a crew he ran a crew of hackers that used sequel injection vulnerabilities to steal credit cards I remember hearing about TJ Maxx, Barnes & Noble some of the other ones heartland payment systems I think they decided to like not go for the small fry why would I bring into one company I'm going to bring into a credit card payment processor and then steal credit cards from there so that was the pay land heartland payment systems in total they're responsible for 170 million credit cards that were stolen it's a crazy number so they're responsible for David Buster's and and TJ Maxx and what they would do they would do what's called board driving so they drive by these businesses see if they had open wifi access more of a wifi that they could break they break into the wifi and get into the network on the store they would have the ability in that system to get on the point of sale terminal or to get in the back end system so to use that one store to go to multiple stores and then they would steal all the credit cards they could from these stores so he was he was sentenced to 20 years in federal prison now this is when hacking becomes less about the fame and the the moles and much more about the money and so you can see the result I think maybe the the sentencing changes that and reflects that 20 years and I also really like his story so there's a great Rolling Stone article about him and his hacking crew it's all the fast times and hard fall of green hack gang so apparently they just did a bunch of drugs and parties and stuff and it's crazy like rock and roll lifestyle even though they were like huge nerds clearly so like the guy in the bottom of the super long hair kind of looks like my advisor from Santa Barbara he he was like the genius hacker and there's a story about him being super high like them bringing code to him and Grant wrote the sequel injection vulnerability that exploited while he was like out of his mind so yeah very interesting story also interesting that they got caught which is good really interesting story so this is what I really like so in Australia an admin from their systems attacked their sewage system and what he did was so he worked for this the I don't know how to pronounce that word I'm not his name but Australian no 130 people so what he did was he attacked or broke in or you know we'll see how into their sewage control system and caused raw sewage overflows to leak out all onto the Australians coast and he had the hundreds cost hundreds of thousands of litres of raw sewage went onto like you know hotels and all this stuff where tourists were were staying marine life died like it was a huge ecological problem so he was sentenced to two years and he was convicted he was sentenced actually only two years in prison maybe they have different laws so you don't know how he did this so this wasn't a sophisticated TCP spoofing guessing attack this wasn't a crazy complex it was a complicated sequel injection spread throughout time and getting into payment processing centers this guy was an admin at this place and he was fired he was pissed he was pissed he got fired he said well it's pretty easy I'm going to mess with all the sewage systems what does this tell us malicious insider malicious insider so I don't even think this person was technically sophisticated but they just didn't remote his access he got home after he got fired found out he still got access went to town I also like this because it shows that not only do these security problems in the worst case take down systems so you can't use them like those poor 600 machines or 6000 machines and all those poor students will be their home market because this dang virus or it's not just credit card theft which is definitely a problem and a lot of people's credit cards though they're protected so it's really the payment companies that it's like impacting the environment this has like physical consequences on the world as a result of a hack or an exploit or an insecure system and there's plenty of other stories if you look you can find it there's plenty of examples throughout the years of web defasement this used to be the way you prove you were leaked as you would break into somebody's web server change their home page to be something worms, there's been plenty of worms but recently they've been dying down which is a good thing mainly because people want money it's hard to make money off of a worm that spreads actually throughout a network plus finding these remotely exploitable vulnerabilities you could, if you find one let's say Windows 10 you'd probably sell it for at least $50,000 ethically, probably more 10 times that on ethically probably not that much but probably about 100,000 if you want, we're not scrupulous about who you want to sell it to why write a worm and burn all that money if you can sell it to somebody and if you remember some of these worms go red, slammer, blaster they like really rippled the int today this was in the 2000s when they had actually exploded and computers were everywhere they took down business it turns out Blaster's author was 18 years old when he wrote that work it's a long history, yeah I'm actually curious what's your thoughts on Stuxnet where they actually don't know who created the worm yeah, so that moves up into the nation state level Stuxnet for those that don't know was a I should say it was kind of a worm it did spread throughout the system but it was a controlled worm its goal was to disrupt the nuclear enrichment facilities of an Iranian facility so what it would do is it would spread onto USB drives and then it would spread onto computers that it was plugged into and then it would get loaded there let's see the way it so it was very sophisticated I think it used three or four different zero-day or previously unknown vulnerabilities in its code and then when it got onto the machines that it wanted to it looked for a very specific configuration of this uranium enrichment and then when it found that it would lie to the user interface and say, yeah, everything's totally cool uranium is being enriched when really it would be shaking it at a frequency that would disrupt or actually break the machine over time and these machines were air gapped so they were not connected to any networks the internet or anything but all it takes is the USB drive and these actually went in through the planning files for that machine there's a program that controls these machines and they have files so that's what they use to eventually get in there so yeah, it's crazy so we don't actually know who's responsible we believe it's probably pretty clear the Israeli government but yeah, I don't know I don't think we'll ever know for certain maybe until like 50 years later but yeah, it's you know, it's interesting it definitely raises the level of sophistication from an 18 year old kid when they could be back in 2000 versus what a giant nation state can do at that level but yeah, it definitely changes the cyber it changes the landscape a little bit it makes it interesting from what I know about that it wasn't that it was particularly sophisticated it wasn't like stuff like this oh my gosh, you could understand this it used kind of pretty well known techniques it was just much more like the engineering on it was a lot better so it actually was like a better all-wear basically and it had some unknown vulnerabilities which you have to pay a lot of money for or find them yourself so it was sophisticated in that sense before we go any further to actual stuff we got to talk about ethics the common theme from all of the examples we looked at was I'm asking you if it's not adorable it was they're not making the right choices don't act systems, you don't don't act systems, you don't know keep quiet now they got caught, right? and for example, they got caught most of them went to jail, some of them did not so, ethics A, doing the right thing and B, not going to jail so those are very related concepts but I want you to do the right thing and you will not end up in jail so it's actually very easy so it's actually pretty easy don't do anything illegal okay that's in general I guess but don't get caught but I don't want to talk about that so what does this mean what does this mean in a hacking contest to not do anything illegal I guess I should premise this with I'm not a lawyer so, you know, don't take this as legal advice but take this as an ethical consideration of what things you should or should not do with knowledge you've learned from this class what does this mean to not do anything illegal in a hacking contest I think malicious I think malicious, what do you mean by malicious it could harm the computer or steal something which harms a computer or steals something that's part of it I mean, if we do discover something that is a vulnerability in the system we should report it to the authorities who can fix it finding vulnerabilities you should report it yeah, we'll talk about that in a second it's a great component I mean, not use it for our benefits or retrieving some information yes, definitely not you're not going to use it for benefit you're not going to use it for benefit why not do it figuratively yeah, definitely don't harm the environment that's really, really bad all those poor parts like birds and fish but I don't know about that so I mean, so part of the reason what you're learning in this class is I mean, showing how knowledge of a system can give you control over that so that way I would say doing these things or writing a nice way definitely can be educational if you're learning about the system there's a big disconnect here between the theory behind something and how to actually do it on a real system right, so those things are important and we're going to do that specifically because I don't want there to be this gap in your mind of oh yeah, definitely, I know how I know how a buffer road works but it's like, yeah, we'll here do it it's like, it's more difficult when you're doing it can you design your machine? could you break it and hack into it? I mean, ethically maybe by guessing the password yeah, guessing the password or let's say you found a vulnerability window could you explain that on your own copy, on your own machine maybe, but I would like to if I find something that may I don't look into it what about he finds more than your windows but he explains that on to your machine it's possible, I mean it's something that you can do in the class system it's possible, but it should be what should you do no, because it's not his unless you explicitly give permission to touch or access to your machine yeah, but you on your own machine you're totally free to do whatever you want in your own environment on the system that you control and you have the authority to decide what happens or doesn't happen so this is the big thing to keep in mind in my mind don't hide in the system that you don't own or have permission this is kind of the golden rule so if you follow this rule everything will be fine and you know we're here to learn, we're here for educational purposes so I want you to explore things so you're showing me explore things that you don't want to listen to but trying to hack into the let's say you find out that the second floor lab has a known vulnerability in their version of red athletics and you want to go in there and play around not a good idea because you don't have permission to that system they find you, they say you've broken the acceptable use policy for ASU systems and in addition people have grades on there, another homework so now we have to you could have compromised all of that data and all that stuff so we have to verify all those things so now you're in big trouble, you can get expelled suspended, whatever but really, you know exactly which version of red athletics it is you know their environment you can set that up in a virtual machine on your own computer you can go to town, you can do whatever you want to do so okay, hacking breaking into, it'd be like kind of like a house, right? you don't walk into other people's houses or but what about so this is let's say hacking in or breaking in or getting access to some of these systems when you're reasonably certain that it's going to succeed what about finding vulnerabilities could you, is that applicable can you attempt to find vulnerabilities or should you attempt to find vulnerabilities on the lab computers or the library computers or your friend's laptops yes, though, why? we are exporting those vulnerabilities and we are able to find some vulnerability and we are like, can make it through the all the... but it's not your system now so what if you're trying to do it on somebody else's system what if you, let's say you're trying a SQL injection on a website let's say you crash that website it's down, it's no longer available to anyone, right? you didn't actually even successfully exploit it are you responsible for that? I think so, right? you have to act responsibly you have to think through what are the possible consequences of my actions, right? if I try to find this vulnerability on a system I don't own hey, I don't have permission to do that so I definitely shouldn't do it and B, if I was successful maybe I get access to that I shouldn't be seeing I could really only do it on systems that I control I can't think of it like a house thing, right? can you go up to people's houses and fill with their doorknobs to see if they lock their house or not? if somebody did that to your house would you be happy? right but then you come outside and you're like what are you doing? and they're like oh, I'm just checking to make sure you lock yourself I'm providing a service I'm securing the neighborhood I'm going to come up here and mess with your doorknob and try to get in so, the corollary to this do not attempt to find vulnerabilities in a system that you don't own or have permission I think this is the other key it's very tempting you're going to have the skills and the knowledge to be able to think like oh, yeah I'll just try this one thing out on this one website when we're on the system we don't have permission to do that so, we come back with that in mind we're going to talk about how to practice without going to jail