Introduction

This article takes a brief look at hacking by coincidence, with an emphasis on how it relates to our community. There are individuals in our community that hack by coincidence and do not know it. I know that I have done it on occasions in the past, and it always got me into trouble in the future. Hacking by coincidence in the present gets you into trouble in the future! Don’t quote me, read the warning in the sumary. I know that I am not the first person to make that statement. The definition of coincidence that I am talking about in this article is an event that might have been arranged, although it was accidental. There is good coincidence like if you type echo “Drink Milk” >> c:\inetpub\wwwroot\index.htm. It would be a coincidence if this was really the path to index.htm (security hint), but I also had a basic understanding on the installation of M$ IIS. If I type echo “Save the Whales” >> c:\index.htm maybe it worked for me in other attempts to echo this statement to the index.htm file, but now all of a sudden it did not and I’m stumped. In the world of hacking, we will always be dealing with some degrees of coincidence depending on our objectives, but we would like to limit coincidence.

Identify Coincidence

There are different definitions of coincidence, but our definition is the event might have been arranged, seemed to be arranged, although it was accidental. I think it is safe to say that like sinning we are all guilty of coincidence. Identifying coincidence is very easy. If you do not fully understand why you are doing something then you are introducing coincidence. For example, we have two separate systems. System A needs a data file from System B, daily. System B at a certain time of the day places the data file in a directory that System A can access. System A accesses the directory and processes the data file. The data file always contains ten records. Each record updates a security on System A. This process works well since it was put into production. Now sixteen new records are added to the data file and these sixteen new records will update securities on System A. The sixteen new records are added to the file. System A processes the data file, but three of the records do not update the data on System A. Yet everything is the same, nothing has changed. Of course, this is a simple example of coincidence but it occurs all the time. An assumption was made, if sixteen new records are appended to the data file, the process will work the same way. Wrong! Now the users start to dig into System A changing parameters and re-running the process. All of a sudden, the three records update. Phew! Now everything is working well. Wrong! This is the classic scenario of coincidence out of control. The same holds true for programming languages, setting up system security, networks, etc. Avoid coincidence. Gee... I think that we secured the network I did not understand everything that I did but it worked because there were no errors... everything took.

Identifying coincidence, you must also understands that certain things (networks, systems, and applications) do things repetitively the same enabling users of coincidence to succeed more frequently. Gee... let us see they are using IIS as their web server I wonder if index.htm is in the c:\inetpub\wwwroot directory? Bingo there it is... let us change it. Wow... this place is using Apache... let us see if we can change this parameter. I guess the moral of this is do not use the defaults, but I am first checking for coincidence. On the other hand, I do not have to use defaults during setup. I can change the defaults. Down the road, it might make things a little more confusing, but it will save my ass. In one case, we are using coincidence, and in the other, we are avoiding coincidence. Powerful tools dude. It requires thinking.

If you are identify the best drugs then the simpler the molecule the better the drug in my opinion as well as others. Nitrous has two atoms then followed by ethanol. Identifying coincidence is even easier. When you start guessing or do not fully understand something you are introducing coincidence. Coincidence is very dangerous because it will fool you into thinking that everything is working well.

Avoiding Coincidence

When you start guessing or do not understand something do not proceed until you understand what you are doing. I know you are going to say that in order to fully understand something could take hours, days, weeks, months, and years. Remember it is your call. Avoid coincidence. Question why you are doing something and what happens if you do something a different way that accomplishes the same thing.

Conclusion

If you do not know why you are doing something then you are introducing coincidences, coincidental thinking? Avoid coincidence! Coincidence is a Black Hatter’s dream comes true. Dealing with networks, systems, applications, coincidence screams there are some security holes over here come take advantage of them Mr. Black Hat. As an evil nomad, you can use coincidence to invade and setup some nice summer homes around the Internet. Wow, my summer home in France has eight processors, tons of memory, and acres of hard drive space, not to mention all the financial information about the company... hello E*Trade I want to place an order to purchase 1000 puts at a strike price of $30.

What was this article all about? Well, it was about coincidence. Coincidence is very good for individuals looking to cause trouble like invade networks and systems, deface web pages, and spread weeds, summer homes, viruses and Trojan horses. Coincidence is bad for everyone else. When the evil CaptainTerror invades a system, he will not fortify the system based on coincidence... no way. He is going to fortify the system so his little nest is safe and secure otherwise he will be detected and chased away. Then he has no more summer home in France in order to conduct raids and his brokerage accounts will start to suffer.

The Internet is a very scary place. Corporations need to use the Internet to compete and succeed against their competition. They need it. This article should scare the hell out of you, but it also should show you how free it is to wander the Internet. Whether your intentions are good or bad make sure you avoid coincidence.

oubug