Title text: The dump also contains a list of millions of prime factors, a 0-day Tamagotchi exploit, and a technique for getting gcc and bash to execute arbitrary code.
This comic is referencing an incident on the day before this comic was released, March 7, 2017, in which WikiLeaks exposed thousands of hacking exploits (thus the title) and programs from the CIA (see for instance this article: WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets). Many of the tools that were in the leak were similar to publicly available tools, or not entirely unexpected, with several coming from sites such as StackOverflow and Reddit.
The main joke in this comic refers to the common practice of adding spaces between parts of an email address when publishing them on websites. For example, "[email protected]" may be written as "john dot doe at example dot org". The purported goal of doing this is to thwart page scraping bots from harvesting the correct email addresses and prevent them from becoming the target of spam or being sold as address lists for email marketers.
In this comic, Ponytail tells Cueball that the CIA has a tool which can delete such spaces. Such a tool can fix the space and most likely convert the words "dot" and "at" into their respective symbols. This will overcome the problems faced by harvesting tools, and make these email addresses more prone to receive spam.
Cueball appears shocked to hear this news, but given the caption below, stating that this was one of the less dramatic revelations from the CIA hacking dump, this is likely sarcasm by Cueball (and Randall). In fact, it is quite simple to devise a program which detects and converts/removes such spaces; it's naive to believe that one can prevent e-mail addresses from being harvested just by writing the addresses with space or omitting @ etc. Some people might not realize that he's being sarcastic, though, and that misunderstanding might be part of the joke.
The title text lists three other undramatic (fictitious) hacking exploits which sound more interesting, but are still more or less useless, and certainly not dramatic news. They are:
- Millions of prime factors: The security of the RSA cipher relies on the difficulty of finding prime factors for a large number. But just having those numbers without any other context means only you have millions of prime numbers. This is useless like having a list of millions of passwords without any further information.
- A 0-day exploit for Tamagotchi: A 0-day exploit is an exploit of which the manufacturer is not (yet) aware. 0-days are very valuable to hackers since defenses against them have not yet been developed. However, an exploit for a Tamagotchi is likely useless because they are very low-end entertainment devices that do not contain microphones or cameras, and usually don't have access to any networks. This may also be a play on words, as Tamagotchi are notoriously difficult to keep alive for more than zero days.
- A way to get gcc and bash to execute arbitrary code: Unintentional execution of arbitrary code is serious vulnerability that allows attackers to do whatever they choose on a victim's computer. However the examples given here merely describe the intended purpose of the tools: gcc is a compiler, so preparing arbitrary code is its main purpose, and bash is a Unix shell, so executing arbitrary code is also one of its primary functions.
- [Ponytail is writing on her laptop at her desk while Cueball looks over her shoulder.]
- Ponytail: You know how sometimes people put a space in their email address to make it harder to harvest?
- Cueball: Yeah?
- Ponytail: They have a tool that can delete the space!
- Cueball: Oh my god.
- [Caption below the panel:]
- Less-dramatic revelations from the CIA hacking dump
- This is the second comic in a row (after 1807: Listening) about how computers can be misused and also the second in a row where Cueball is with Ponytail rather than Megan.
add a comment! ⋅ add a topic (use sparingly)! ⋅ refresh comments!