What Not To Do and How Not To Do It
December 21, 2006 9:27 AM   Subscribe

My school is Texas Christian University. www.tcu.edu

The holier they claim they are......
posted by elpapacito at 9:34 AM on December 21, 2006

About as smart as hiring a rapist to help you get into the pants of a girl you like.
posted by b1tr0t at 9:37 AM on December 21, 2006 [1 favorite]

too funny
posted by caddis at 9:38 AM on December 21, 2006

Oh man. I was hoping for more. It ends pretty abruptly.
posted by dead_ at 9:40 AM on December 21, 2006

I assure you no one will ever hear about this from me.
I'll take this to my grave. The privacy aspect of this
is critical for me.
posted by caddis at 9:40 AM on December 21, 2006

bonus points for carrier pigeons and rot-26
posted by b1tr0t at 9:43 AM on December 21, 2006

Todd Shriber, meet Laura K. Pahl.
(Best. Thread. Ever.)
posted by Horace Rumpole at 9:45 AM on December 21, 2006

Any help understanding the in-joke hacker jargon would be much appreciated as I figure some of the technical nonsense is hilarious. For example, what is rot-26 a reference to?
posted by spicynuts at 9:46 AM on December 21, 2006

The Pahl thread was classic.
posted by caddis at 9:47 AM on December 21, 2006

"I hope he doesn't die. I can't HANDLE summer school..."
posted by ImJustRick at 9:48 AM on December 21, 2006

rot-26 is a play on rot-13, a crummy but simple encryption method. Rot-13 stands for 'rotate 13.' For each letter in the text you want encrypted, you move it up 13 places in the alphabet (letters past N get wrapped back around to the start of the alphabet). The practical upshot is that (since there are 26 letters) if you apply rot-13 twice you get the original message back.

Rot-26 of course is completely useless because you get the original message back the first time it's applied.
posted by jedicus at 9:49 AM on December 21, 2006 [1 favorite]

Ha, that's fantastic, jedicus.
posted by spicynuts at 9:51 AM on December 21, 2006

The packet pigeon's a classic too ! Here ack pigeon, here !
posted by elpapacito at 9:51 AM on December 21, 2006

Thanks jedicus, I didn't catch that first time through either and its alot funnier now.
posted by fenriq at 9:53 AM on December 21, 2006

spicynuts:

I see ROT26 has been explained, so here's IP over Avian Carriers.
posted by musicinmybrain at 9:55 AM on December 21, 2006

not bad. reminds me somewhat of shutup i hack you
posted by waxboy at 9:59 AM on December 21, 2006 [2 favorites]

That reminds me, my GPA could use some polishing also. Can one of you guys help me out, or should I just post it on Jobs?
posted by Faint of Butt at 10:01 AM on December 21, 2006

So much hilarity! I can't decide on my favorite bit - though picturing "nascar24_08530" running round his home town, trying like hell to capture a squirrel in front of a building on film with a borrowed camera is especially delightful.

I would really love some further news on this caper. Were these fellas just stringing him along for the personal info? Or did they really get busted? What shape is nascar24_08530's credit nowadays? And did he make it into grad school? Has this made the news?
posted by EatTheWeak at 10:11 AM on December 21, 2006

This pretty much sums it up for me:

When the front-end traversals are complete, the back-end injection process should be fairly simple.
posted by dontoine at 10:21 AM on December 21, 2006

The squirrel pic reminds me of this guy. (Story here, for you cave dwellers)

Faint of Butt: This technique has proven success for raising GPA.
posted by LordSludge at 10:27 AM on December 21, 2006

Were these fellas just stringing him along for the personal info? Or did they really get busted?

Uh, it's completely obvious that they were just screwing with him.
posted by sonofsamiam at 10:31 AM on December 21, 2006

EatTheWeak: they were just playing and didn't investigate anything; attrition.org isn't a hire-a-hacker service (frankly I don't think there is such a thing. He was talking about breaking encryption? The whole raison d'etre of using an encryption algorithm is that it's currenly impossible to break.)

Small SQL injection issue merged with XSS shows that the backend database may be either 768-bit encrypted or a simple 3DES matter, but a little more time should take care of that issue. Once the tables are writable to sa, should be ready to jump in and jump out with no problem. One of their systems caught an early sniff, but was shut down with a smurf.

(Emphasis added.)

Something I find interesting is how liable people are to fall for notions of 'hacking into systems' being a Neuromancer-type process of actually avoiding detection techniques and physically shutting things down like you were sneaking into a building, etc. You just can't 'shut down' most logging systems because they're built into the way the system operates, it's not like shooting up a security camera. Anyone see what I'm getting at?
posted by Firas at 10:31 AM on December 21, 2006

I find myself constantly underestimating the stupidity of people attempting to be criminals. Shriber should consider himself fortunate if all he got was publicly shamed by this. If the people at attrition.org wanted to, they could have easily sent the whole mess to the FBI.

Also Rot-26. Genius.
posted by quin at 10:45 AM on December 21, 2006

Firas - i figured. Another especially wonderful bit was the "picture everything you've seen in the movies, but better"
posted by EatTheWeak at 10:49 AM on December 21, 2006

Something I find interesting is how liable people are to fall for notions of 'hacking into systems' being a Neuromancer-type process of actually avoiding detection techniques and physically shutting things down like you were sneaking into a building, etc.

So wait. In Hackers, when Angelina Jolie hacks the Gibson and finds the garbage file in a tall column of light...that's not how it works?
posted by Terminal Verbosity at 10:50 AM on December 21, 2006

So wait. In Hackers, when Angelina Jolie hacks the Gibson and finds the garbage file in a tall column of light...that's not how it works?

Actually there was one scene in hackers that showed the 'crew' in time laps just sitting at computers for several days.

Here at Iowa State there's a class called Information warfare which is all about hacking. The teacher does something called ISEAGE where people get together, a network is setup and "black hats" try to get into systems setup by "white hats"
posted by delmoi at 10:59 AM on December 21, 2006

*golf clap*
posted by thekilgore at 11:04 AM on December 21, 2006

Back in high school I guess I was what passes for a hacker. My english teacher had a computer in the lab he used for keeping track of our grades and stuff. Well, he decided that using his last name was the bestest password in all of creation so it took me all of one attempt to get into it. Now while I was a teenage jerk, I did have some ethic and didn't think about changing my grades. Though I was tempted to fail out some people I didn't like. No, I took the high road and changed his password to something more secure, I just forgot to notify him about it.

As a postscript, the librarian caught me circumventing the nanny software and changing the system colors to some garrish tones on some of the other computers, and I was conscripted to the position of student lab tech. Nothing like forced responsibility to make a young mind think.
posted by The Power Nap at 11:08 AM on December 21, 2006

Awww, I wanted more! That was great.
posted by Kloryne at 11:17 AM on December 21, 2006

that rot-26 stuff will get you every time ...
posted by pyramid termite at 11:19 AM on December 21, 2006

There's more...
posted by setanor at 11:32 AM on December 21, 2006

This was a great story, and the guy deserved to be screwed with a little bit, but that's just mean.
posted by psmealey at 11:42 AM on December 21, 2006

768-bit encrypted - serious stuff. I didn't realise there were that many.
posted by No Mutant Enemy at 11:44 AM on December 21, 2006

Hmm. Interesting follow-up, but dude seems a little too unconcerned for knowing that the entire correspondence is posted on the web.
posted by chinston at 11:48 AM on December 21, 2006

> rot-26 is a play on rot-13, a crummy but simple encryption method.

Perhaps worth pointing out: the main reason for rot13's existence is to make particular text not instantly readable, in case some people don't want to read it by accident. For instance, posting spoilers on usenet in rot13 form was a common courtesy, for those who might not want to find out about the ew-ew-ew guerrfbzr vaibyivat Urezvbar, Evgn Fxrrgre, naq Fvevhf nf n qbt on some dorky message board before they see the movie.
posted by jfuller at 11:49 AM on December 21, 2006

Very funny, but I see a future for this little exchange beyond just amusing people on the internet.

Here's my idea, for all you aspiring "How to Pick Up The Opposite Sex Even Though You Have a Major in CS for Dummies" writers: after all the more generally applicable but somewhat negative chapters about hygiene and presentation (who wants to hear that they have to change?), you give them an unstoppable weapon that makes (ab)use of their chosen craft: making shit like this up to romanticize a life of digging through compiler errors at 4 am fueled only by Bawls and an impotent self-hatred.

After all, who couldn't resist being told on a date the story about the time you dropped in the DoD's backend and a perimeter scan showed multiple traceroutes closing in fast until you shut them down with a smurf? I think it's a technique that's liable to get you ravaged right there in the restaurant or movie theater, whether you're a man or a woman. Of course, it only works on people who, by virtue of having chosen a life less masochistic, have absolutely no idea what you're talking about.

I'm not bitter, I promise.
posted by invitapriore at 11:55 AM on December 21, 2006

jfuller, is there an easy to translate it?

The follow up is a bit over the top but thanks for adding it, setanor.
posted by fenriq at 11:56 AM on December 21, 2006 [1 favorite]

fenriq, this is probably the easiest rot13 decryption method around.
posted by Faint of Butt at 11:58 AM on December 21, 2006

Oh, and Qnegu Inqre vf Yhxr'f sngure!
posted by Faint of Butt at 11:59 AM on December 21, 2006

http://www.rot13.com/
posted by DakotaPaul at 12:05 PM on December 21, 2006

d'oh!
posted by DakotaPaul at 12:05 PM on December 21, 2006

invitapriore: no, I understand. An unforseen consequence of career choice is that I have absolutely no good stories from work.
posted by sonofsamiam at 12:14 PM on December 21, 2006

Plunging further into derail: rot13 (and others) extension for Firefox.
posted by fleetmouse at 12:14 PM on December 21, 2006

Interesting follow-up, but dude seems a little too unconcerned for knowing that the entire correspondence is posted on the web.

I can only assume that he thinks that only he can see it.
posted by psmealey at 12:15 PM on December 21, 2006

Hm, same Todd Shriber?
posted by psmealey at 12:26 PM on December 21, 2006

Maybe someone can i.d. the squirrel in the photograph. Or the trees. Squirrelus washingtoniensis suburbus? Doesn't look what I'd imagine Montana to look like, but what do I know.
posted by chinston at 1:06 PM on December 21, 2006

Having checked the Congressional Yellow Book, I can confirm that the Todd Shriber who is Congressman Rehberg's spokesman did graduate from TCU in 2000 with a BS (of course!). Obviously, that is not proof that the emailer really is who he claims to be. But it is intriguing nonetheless.
posted by Horace Rumpole at 1:33 PM on December 21, 2006

According to TCU's site, he was also a staff reporter for their paper, and a Sig Ep. But is this the same guy? There's only one way to find out for sure, let's give him a call:
Todd Shriber (Rehberg) - 202-226-9973 / todd.shriber@mail.house.gov via http://burns.senate.gov
posted by trueluk at 1:52 PM on December 21, 2006 [1 favorite]

Horace Rumpole writes "Obviously, that is not proof that the emailer really is who he claims to be."

To confirm the ID, maybe the folks at Attrition can do a reverse TCP IMAP lookup trace.

Republicans: unethical and stupid.
posted by mr_roboto at 1:53 PM on December 21, 2006

You just can't 'shut down' most logging systems because they're built into the way the system operates, it's not like shooting up a security camera. Anyone see what I'm getting at?

Everything I learned about computer hacking I learned from the two System Shock games.

You're saying it's nothing like that?
posted by sparkletone at 1:56 PM on December 21, 2006

mr_roboto: To confirm the ID, maybe the folks at Attrition can do a reverse TCP IMAP lookup trace.

An easier way would be to just call Todd and ask him to send a picture of a squirrel on Capitol Hill.
posted by AsYouKnow Bob at 4:33 PM on December 21, 2006 [1 favorite]

He has admitted he tried to hire hackers
posted by mulligan at 7:46 PM on December 21, 2006

what a dumb fuck
posted by caddis at 8:56 PM on December 21, 2006

summa cum laughing
posted by bruce at 10:20 PM on December 21, 2006

After reading mulligan's very informative link, I can see only two courses of action for the criminal wannabe that is Shriber. Either living off the grid, attempting to not draw attention to his manifest stupidity, or running for public office.

I mean, with this guys gall, he could one day be our President.

And wouldn't that be fun?
posted by quin at 11:16 PM on December 21, 2006

At least this one actually had a degree. Unlike so many other GOP staffers who obtained positions solely on their ability to work campaigns and stuff resumes.
posted by nofundy at 6:27 AM on December 22, 2006

Holy smokes, mulligen.. Best punchline evar!
posted by LordSludge at 6:45 AM on December 22, 2006

Wow. Nice followthrough.
posted by cortex at 11:00 AM on December 22, 2006

Computer security is an odd field, full of folks that many people think have a low sense of ethics but actually have a highly developed personal sense of right & wrong that prohibits them from doing many "bad" things they could very easily get away with. If I wanted to go truly blackhat I could use my skills to make lots of money illegally or acquire significant amounts of power. I think the more I understand how fragile & vulnerable the systems we use are, the more I want to protect them & not abuse them. Jericho's an old friend of mine & I think he sees it the same way. Too many people think "hacker" & go for the stereotype of a base criminal driven by greed or ego.
posted by scalefree at 11:09 AM on December 22, 2006

Hahaha, this guy was a congresssional staffer.
posted by delmoi at 12:06 PM on December 22, 2006

time laps

yes. yes, it does.
posted by quonsar at 12:22 PM on December 22, 2006

Emphasis on the was.
posted by beowulf573 at 12:25 PM on December 22, 2006

Horace Rumpole writes "Todd Shriber, meet Laura K. Pahl.
"(Best. Thread. Ever.)"

Why thank you.
posted by dirtynumbangelboy at 5:46 PM on December 22, 2006

dirtynumbangelboy, that was one of the very best, and perhaps the very, very best, ever thread on MeFi! Thank your for that.
posted by caddis at 5:52 PM on December 22, 2006

"you", not "your.'
posted by caddis at 6:33 PM on December 22, 2006

As first seen on Reddit.

http://reddit.com/info/vm6p/comments


When swiping content without attribution, at least change the title.
posted by Ayn Marx at 9:44 PM on December 22, 2006

Ayn, your concerns will be acknowledged when you start posting some content. Frankly, no one credits Reddit, or Digg. Presurfer or Neatorama or some other site built with love, they get credit, Fark, Reddit and Digg just don't.
posted by caddis at 1:14 AM on December 23, 2006

Ayn, your concerns will be acknowledged when you start posting some content.

Wow, it's all up to me? How much content do I have to post? More than I have already, I gather. Scary to think I'm responsible for other's scruples.

Frankly, no one credits Reddit, or Digg. Presurfer or Neatorama or some other site built with love, they get credit, Fark, Reddit and Digg just don't.

Nice attitude. Now I don't feel so bad that I post all my content to Reddit. Plus, I can freely glom from MeFI with a clear conscience.

Merry Christmas!
posted by Ayn Marx at 4:32 PM on December 24, 2006

When swiping content without attribution, at least change the title.

a link is not content

welcome to the internet ... please learn how it works
posted by pyramid termite at 8:03 PM on December 24, 2006

> welcome to the internet ... please learn how it works

Too funny!
posted by Ayn Marx at 1:35 PM on January 11, 2007