Editing 1808: Hacking

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 8: Line 8:
  
 
==Explanation==
 
==Explanation==
 +
{{incomplete|The main joke from the caption, that this is not dramatic revelation, like Cueball seems to think (sarcasm?) is not mentioned yet.}}
 +
While publishing email addresses on websites, people often add space between parts of the email. For example, [email protected] may be written as john dot doe at example dot org.  This is to prevent the page scraping bots from harvesting email addresses, which may in turn be sold as address lists for email marketers.
  
This comic is referencing an incident on the day before this comic was released, March 7, 2017, in which {{w|WikiLeaks}} exposed thousands of hacking exploits (thus the title) and programs from the {{w|CIA}} (see for instance this article: [https://www.wired.com/2017/03/wikileaks-cia-hacks-dump/ WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets]). Many of the tools that were in the leak were similar to publicly available tools, or not entirely unexpected, with several coming from sites such as {{w|StackOverflow}} and {{w|Reddit}}.
+
In this comic, [[Ponytail]] tells [[Cueball]] that there is a tool which can delete such spaces. Such a tool can fix the space and most likely convert the words "dot" and "at" into their respective symbols. This will overcome the problems faced by such harvesting tools, and make these email addresses more prone to receive spam. Cueball appears shocked to hear this news, but given the caption below this may be sarcasm. A program written to remove a space is of course not very complicated, and believing you e-mail to be safe from harvesting by writing a space in to the address is very naive.
  
The main joke in this comic refers to the common practice of adding spaces between parts of an email address when publishing them on websites.  For example, "[email protected]" may be written as "john dot doe at example dot org".  The purported goal of doing this is to thwart page scraping bots from {{w|Email address harvesting|harvesting the correct email addresses}} and prevent them from becoming the target of spam or being sold as address lists for email marketers.
+
This comic is referencing a leak by {{w|WikiLeaks}} that compromises thousands of hacking exploits (thus the title) and programs from the CIA on the day before this comic was released, March 7 2017. (See for instance this article: [https://www.wired.com/2017/03/wikileaks-cia-hacks-dump/ WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets]). Many of the tools that were in the leak were similar to publicly available tools, or not entirely unexpected, with several coming from sites such as StackOverflow and reddit.
  
In this comic, [[Ponytail]] tells [[Cueball]] that the CIA has a tool which can delete such spaces. Such a tool can fix the space and most likely convert the words "dot" and "at" into their respective symbols. This will overcome the problems faced by harvesting tools, and make these email addresses more prone to receive spam.
+
The title text references more interesting-sounding, but useless, parts of the dump:
 
+
* Millions of prime factors: {{w|Prime factorization}} can be used to break a {{w|RSA (cryptosystem)|RSA cipher}} by turning a large number into prime factors: this is a very hard problem, which is what makes the cipher secure. A list with many prime factors, however, is easy to generate, however, the chance of one of the numbers on the list being a prime factor for the number used in the RSA cipher is very slim. That said, some key generation systems have been shown to re-use prime factors with catastrophic impacts [https://eprint.iacr.org/2012/064.pdf 1] [https://eprint.iacr.org/2016/961.pdf 2] so this could be a reference to a list of known shared primes.
Cueball appears shocked to hear this news, but given the caption below, stating that this was one of the ''less dramatic revelations'' from the CIA hacking dump, this is likely sarcasm by Cueball (and [[Randall]]). In fact, it is quite simple to devise a program which detects and converts/removes such spaces; it's naive to believe that one can prevent e-mail addresses from being harvested just by writing the addresses with space or omitting @ etc. Some people might not realize that he's being sarcastic, though, and that misunderstanding might be part of the joke.
+
* A 0-day exploit for {{w|Tamagotchi}}: a 0-day exploit is an exploit of which the manufacturer is not (yet) aware. While modern Tamagotchi do have some network functionality, this is likely useless because Tamagotchi are very low-end devices that do not contain microphones or cameras. (There is some truly excellent work on this at [http://natashenka.ca/  Natalie's page] which is a must-read, and as this comic was published on International Women's day, today is a fine day to start if you have not already).
 
+
* A way to get {{w|GNU_Compiler_Collection|gcc}} and {{w|Bash_(Unix_shell)|bash}} to execute arbitrary code: gcc is a {{w|compiler}}, so preparing arbitrary code is its main purpose, and bash is a Unix shell, so executing {{w|Shell script|arbitrary code}} is one of its functions.  Then again, this could be a reference to {{w|Shellshock_(software_bug)|ShellShock}}, a major vulnerability which allowed the unintentional execution of arbitrary attacker code. Likewise, it could be referring to a [http://wiki.c2.com/?TheKenThompsonHack compiler injection attack] which allows a compiler to inject backdoors via the binary executables in a toolchain and without leaving a trace in the source code being compiled or the compiler itself.
The title text lists three other undramatic (fictitious) hacking exploits which sound more interesting, but are still more or less useless, and certainly not dramatic news. They are:
 
#Millions of {{w|prime factors}}: The security of the {{w|RSA (cryptosystem)|RSA cipher}} relies on the difficulty of finding prime factors for a large number. But just having those numbers without any other context means you only have millions of {{w|Prime number|prime numbers}}. This is as useless as having a list of millions of passwords without any further information.  
 
#A {{w|0-day exploit}} for {{w|Tamagotchi}}: A 0-day exploit is an exploit of which the manufacturer is not (yet) aware. 0-days are very valuable to hackers since defenses against them have not yet been developed. However, an exploit for a Tamagotchi is likely useless because they are very low-end entertainment devices that do not contain microphones or cameras, and usually don't have access to any networks. This may also be a play on words, as Tamagotchi are notoriously difficult to keep alive for more than zero days.
 
#A way to get {{w|GNU_Compiler_Collection|gcc}} and {{w|Bash_(Unix_shell)|bash}} to execute arbitrary code: ''Unintentional'' execution of arbitrary code is serious vulnerability that allows attackers to do whatever they choose on a victim's computer. However the examples given here merely describe the ''intended'' purpose of the tools: gcc is a {{w|compiler}}, so preparing arbitrary code is its main purpose, and bash is a {{w|Shell script|Unix shell}}, so executing arbitrary code is also one of its primary functions.
 
  
 
==Transcript==
 
==Transcript==
Line 33: Line 31:
  
 
==Trivia==
 
==Trivia==
*This is the second comic in a row (after [[1807: Listening]]) about how computers can be misused and also the second in a row where Cueball is with Ponytail rather than [[Megan]].  
+
*This is the second comic in a row about how computers can be misused and also the second in a row where Cueball is with Ponytail rather than [[Megan]].
 +
**This setup with Ponytail at the computer and Cueball behind has been used several times for instance in [[1513: Code Quality]], part of the [[:Category:Code Quality|Code Quality]] series.
  
 
{{comic discussion}}
 
{{comic discussion}}

Please note that all contributions to explain xkcd may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see explain xkcd:Copyrights for details). Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel | Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.explainxkcd.com/wiki/index.php/1808:_Hacking"