Don’t miss to check out the following news post with the top 12 submissions of our yearly Sandra and Woo and Gaia artwork contest!
- The Devil: Here goes, Karl, hack into the system!
- Karl Koch: Will do!
- Karl Koch: Hmm, maybe…
- Karl Koch: … Nope.
- The Devil: Get on with it, Karl! The readers are becoming impatient.
- Karl Koch: Welcome to hacking in real life.
|
First! Also yep that looks like my life at work.
Hacking in real life takes its time, yes, but usually the screen contents change in the process…
* didn’t even start yet, still checking Facebook *
– Yep, hacking in real life.
Seriously… hacking is not even remotely similar to what’s portrayed in movies and such. And it covers such a wide range of things that it’s hard to even say what “hacking” really is.
I’m not a hacker but basically any job is poorly portrayed in movies. I’ve worked a lot of different jobs and I don’t think they got any of them right. It’s almost like the people who direct those scenes never had a real job. 😉
I’m just going to leave this little link here: http://www.dailyfailcentral.com/410255
anon wrote:
Well, I think he hasn’t really started typing yet. He’s still thinking about which options might have the best chance of success.
anon wrote:
The contents did change!
…12345678… nope. …password… nope. pa$$w0rd… nope…
Looks under keyboard, finds paper with passwords on it…
Success!
P.S. Technically, this strip would be ‘cracking’…
@ TvTropesgotmehooked:
Would it be cracking? This is, after all, their own system…
The way I explain it to people:
– Movie hackers are like wizards with a magical power to make machines obey them no matter what the machines are programmed to do.
– Real hackers are like a kid walking through a parking lot looking for an unlocked car door.
You forgot the portion where he starts a script, says it will take 48 hours to run for a possible breach, and asks if anyone wants to go to Starbucks.
Foro some people hacking looks like a piece of cake, sometimes at work I just go to this page http://hackertyper.net and tell anybody who’s passing by that our system is being attacked as I mash buttons randomly, try it by yourselves, friends…
“You sold your soul for the ability to hack like they do in movies! Where’s that right now?!”
anon wrote:
They did, in panels 1-4 he is thinking, then in panel 5 he tries something and adds one or two lines, but it ends up not working.
If he’s doing a remote hack, he should be running a scanning program for known exploits on their server, which means we should at least be seeing a browser or something. Not a text screen.
If he’s doing local software cracking, or reverse engineering, we should be seeing a hex dump, maybe disassembly. Again, not that text screen.
Or he can do some real life hacking, and just mail the angels a worm in a mail titled “Your password is about to expire, click here to renew it”.
Really, the first thing they get wrong about hacking in movies, much as they do with image manipulation, is the typing. That only comes when you’re practically in. Like most modern actions with a computer, it starts with a bunch of clicks.
dat 4th wall tho…
@ SlugFiller:
He pressed only one button…
He might still figure out how to get the ip address of the server he wants to hack to type it into his premade hacking tool.
@ SlugFiller:
It is going to depend on the type of hacking. I’ve done local system privilege escalation before, didn’t use the GUI at all, just a fullscreen shell much like what you see here.
And definitely, the link shared earlier is exactly this comic.
*tries something, stares at screen for 5 minutes, pokes somewhere else, stares for 5 more minutes*
The curious part of me wants to know if he’s hacking windows or linux, but i’d guess linux.
Also, for people who might be interested in learning a little bit of hacking, https://picoctf.com/ is a site that teaches a lot of the things you can do. It is a little dated, and some of the puzzles are broken now, but most of them do work.
@ TvTropesgotmehooked:
This is why a seemingly good password policy creates very bad behavior.
“Security logic from non-security minded people”
“Lets see, so the reason passwords should be changed is because sooner or later they get stolen. So a password becomes more secure the more often it is changed. I know, I’ll set the passwords to require updating every 30 days so that things are really really secure” (Not making this up, my last job had this policy for this reason).
End result, nobody ever learns a password before it needs to be changed, so about everyone had that sticky note under the keyboard. So instead of having maybe 1-2 people at risk in a year, 90% of the people were at risk all the time.
this strip is already better than 90% of all movies with tech references
@ Pierre Monteux:
Better passwords for everyone…
https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
@ Eydel:
That made my day. (And my bookmarks.)
@ Eydel:
I’ll try that later; it doesn’t work on my phone. (Touchscreen keyboard, unexpected HID.)
@ Gamesman:
of course not, what did George Bernard Shaw “those that can, do; those that can’t, direct” or something like that
Gotta love this one!
While i know nothing about hacking its indeed not something u do in a few minutes(or less) so cudo’s for showing this way 🙂
TvTropesgotmehooked wrote:
Then you just make longer dictionary attacks.
The most realistic displaying of hacking I have seen in Movies so far has to be the ending of Elysium.
A humongous programm hand written to the weaknesses of the system, that has to be delivered way into the DMZ (the control room), whose payload is a single line of SQL-Doom?
That is how it actually could work in real life. And turning a single line update into a bluk update that basically alters all everyones Citizen state does showcase nicely how Update can be alot worse then Delete.
@ Gamesman:
Makes me wonder if directing is portrayed accurately in movies.
@ AndiJN:
He should’ve brought some tools – I mean, prepared programs.
First to notice that karl koch was a real hacker?
https://en.wikipedia.org/wiki/Karl_Koch_(hacker)
Blinkin, Listen! They’ve taken the 4th wall!
Andre wrote:
Already looked it up. Also, my guess is, the hacker who’s working for god is Boris Floricic.
hkmaly wrote:
Oh, I see. He’s probably using a text based tool that produces very similar output every time, but with different data. That explains why it looks the same in every panel, the font is too small to see the differences. Maybe it’s a port scanning tool or something like that, I don’t know that much about hacking.
To reference a previous post, multiple-whole-word passwords are basically four-letter passwords. Anyone with access to a dictionary list, knowledge of the user’s preferred language, and time can break that code in seconds, at most. What you need to do is to misspell the words in memorable ways so that simple attacks cannot guess the word easily. Even one letter substitution randomly within the words would make it hard to crack. But these are practices that lay-people have to learn. And we all know people, in general, hate learning.
You have malware ads! I was automatically redirected to:
“https://podaimt2.net/7741663106418/0ac735fa6a731b4c7368bbb56af8ade7.html”
Which is pretty clearly a scam, urgent Firefox update my a**. I didn’t get to see the original ads due to the automatic redirect and I suspect they refresh when the page is reopened, but the current ads are:
Top: VSP Direct
Left sidebar: Kleenex: Captain America Civil War
Woo’s pointer: Roy Cooper Failed to do his Job as Attorney General
@ Gamesman:
Movies are entertainment for people with short attention spans and little to no idea of how things really work. What do you expect? Most of the plot devices are so unrealistic they need a massive amount of suspension of disbelief to sit through them.
For a more thorough dissection of these inconsistencies and implausibilities, visit the Cinema Sins channel on Youtube.
STOP CENSORING COMMENTS THAT OFFER THE SLIGHTEST CRITIQUE!
@ Pierre Monteux:
“End result, nobody ever learns a password before it needs to be changed, so about everyone had that sticky note under the keyboard. So instead of having maybe 1-2 people at risk in a year, 90% of the people were at risk all the time.”
Exactly the system we have, I dont have it in the back of my keyboard, i have it slid behind my id card, well, at least the cleaners dont get to read it 😛
@ HardWearJunkie:
Well, I do replace a with @ s with $…
Way better than ATM PINs that are only 4 digits.
And I don’t think anyone should trust a fingerprint for real security.
Unmaker wrote:
Some ads run script that messes with links minutes later; it might not have originated from SandW.
Also, you may have a browser hijacker. But you probably already scanned for that.
I still get malware ads on professional online newspapers. 🙁
@ thatoneguy:
I laugh at your oppression. 😛
@ anon:
It changes from panel 5 to panel 6
@ alanaktion:
Sadly movies don’t have the time it takes for a character to take to hack things. I think this page sums up both the reason why hacking in the movies is silly vs the need to have that silliness in the first place with the Devil saying the readers are becoming impatient
HardWearJunkie wrote:
If they can break that code in seconds they don’t need time – but, as mentioned in the discussion on explainxkcd it actually took one and a half hours, knowing the word list.
But considering them as four-letter password is wrong – they are four-symbol passwords with thousands of symbols to choose from.
English has over half a million different words, even dropping the very common and very rare words, there will be over 100,000 choices pers symbol.
HardWearJunkie wrote:
It’s statements like this that the guy behind xkcd made the passwords strip, and mentioned facepalming every time he has to explain this to people:
There are 26 letters in the English alphabet. There are over 3000(!) words that are commonly used in English (I’m going to skim on defining what “commonly used” means here. The general idea should be clear).
Even if you take uppercase, lowercase, numbers, and symbols, you end up with less than 100 possible letters. A single, correctly spelled, commonly used word has 30 times more options than that. Two such words would be roughly equivalent to 3 such characters.
As such, a 4 word password, with perfectly spelled words has the same level of security as a 12 character password made from completely random characters, including lower case letters, upper case letters, numbers, and symbols. That’s WITH a dictionary attack.
While “adding misspelling” could increase the number of possibilities (Not by much, if you limit it to misspellings that are “easy to remember”), it equally makes the password that much harder to remember (“Did I misspell it this way, or that way?”). Adding one or two extra words would get you the same, or better, without having to sacrifice the ability to keep the password in your head.
Old Brit and SlugFiller, thanks. I didn’t feel like arguing with those who obviously didn’t examine the whole linked page. 🙂
This would have been funnier for me with just the first four panels. But maybe not enough readers would get the joke then?
It would have appeared I stumbled upon a perplexing webcomic . . . and have gotten myself hooked.
Curses. At least they have a carnivorous squirrel.
@ SlugFiller:
Actually, that depends. Some cracking tools are command line tools (and many more can use the command line), and, if you are more used to it, you might use the command line to crack a target rather than the GUI that some tools offer. It all depends on what the guy is used to and which tools he uses.
“Yes, YES! You’re on FIRE!”
“…”
“Sorry. Just slipped out.”
@ Lopsy:
Agree – but can I make the call here that we see essentially the same strip for the next 2 weeks!
lol there’s no battle programmer shirase in real life XD
@ foducool:
Though he would fit right into the comic as well.
There’s a coloring error on Karl’s sleeve in the seventh panel.