Archive for the ‘Hacking’ Category

More haste, less speed.

March 25, 2012

Maccman says:

We should treat server-side software the same as client side software, and do incremental updates of our frameworks and languages – never more than one version behind. We should dedicate 20% of our time to upgrading and refactoring. Sure, they’ll be pain involved, but innovation stagnation due to old and tired software is far more detrimental than the short-term pain of upgrading.

Too true. We always stay close to the latest versions of underlying software (Ruby, Rails and a host of other plug-ins on our front-ends; Python, and a bunch of maths and language tools on our back-ends). Never more than one version behind

Advertisements

How you can hack SpyMaster now!

June 7, 2009

I just read absolutely fabulous story on how the new Twitter game SpyMaster was hacked. I discovered this by googling ‘spymaster greasemonkey script’. Then, as my newly installed script started automatically doing tasks to earn my persona money, I started browsing for new approaches. I did not expect to find such riches.

The essence of the story is that our hero did not actually attack SpyMaster servers and take out their security. Instead, he built a few scripts and found out about a couple of bugs in the system. The key bug, which SpyMaster cleverly renamed an ‘exploit’, was that you could send money to different bank accounts including your own, and they money would never leave your account, but simply accumulate. Automating this with a script proved to be the key to great wealth in a few short hours: nothing short of inventing a bank note printing press.

“I earned 73.59 Trillion British Pounds in under 15 minutes. I bought every single safe-house and 100,000 of everything in the black market.”

Our hero, not satisfied with a personal fortune, then went one crucial step further and spread the wealth to thousands of others. In doing so, he covered his tracks.

SpyMaster was not happy to discover that some people had suddenly got not just hundreds or thousands or millions .. or billions .. or trillions in a few weeks of play. In a somewhat draconian move, they arbitrarily and without any warning shut down their accounts, renaming the bug an ‘exploit’. Unfortunately, they shut down thousands of accounts from people who were merely the beneficiaries of the new banking scheme.

Check out a YouTube video on how the bank account bug worked.