Hacker News new | past | comments | ask | show | jobs | submit login

I tend not to click on links advertising pages that are hacked. You know, not that many zero days on Chrome, but still seems like a risky click, as they say.



  $ curl www.openssl.org
  TurkGuvenligiTurkSec Was Here @turkguvenligi + we love openssl _


but what if they set-up the server side so that the server returns different results depending on the browser/OS?


    $ curl -A "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" www.openssl.org


But what if they return a joke, so funny, that it kills whoever reads it?


https://en.wikipedia.org/wiki/Death_from_laughter


Then they should split on spaces and only read one word at a time


This is a proven method, but care must be taken to make sure no individual gets more than on word to translate at a time.

https://en.m.wikipedia.org/wiki/The_funniest_joke_in_the_wor...


They might be looking for client addresses of specific targets. Then again, if they were trying for a "bank shot" attack on some particular target, they almost certainly wouldn't be trashing the front page to let the world know that the whole site is compromised.


Oh those turk hackers. Remember the mid-2000s, when searching google dork on a certain public exploit, one would most certainly find lots of already defaced websites? Even on some forsaken lice breeding forum with 2 users, there would always be mad photoshop collage with star and crescent on dark background, and a message to those few poor visitors, who probably would not even comprehend what is going on. Anyway, what's up with Turkey and hacking?


Ever seen a graffiti of someones name you can't even decipher on the back of a trash can at the far off bus stop near the forest? It's kind of like that.


Well, that makes sense. But why announce that you're Turkish? For example, there are lots of Russian hackers and skiddies, but I have never seen a cr3w called RussiaStrongSec.


Sometimes they are spreading a political message (I've seen more Syrian hackers than Turkish on defaced websites recently, incidentally) so they want to spread their identity. Just like hacking groups that are in it for infamy spread their identity.

Of course in some cases they may be false flag operations, always a possibility worth keeping in mind.


You can always run browser in a vitrual machine. Or open it with a text browser like Lynx or Links. Or use wget to download the file and read in text editor.


But what if the page uses HTML5 audio to "jump the gap" and reprogram all nearby electronic devices to attack you on 1/1/2014!?


Obviously, VM should have no access to audio outputs, display driver should be rewritten to scramble output to be only viewable using a Lenslok-like device and the whole setup should run on a isolated computer staying in a clean room with a dead-man switch installed that - in case of unforeseen consequences - would quickly power a whole apartment down and call for emergency.


I think you're neglecting to consider the possibility of seismic communication by doing a lot of client-side computation to make the CPU fan kick on and off.


Dust of your trusty C64, then you have plenty of time to get yourself some coffee and pull the plug, before the audio starts to play.


That's professional paranoia right there. Someone give this man a job and a hard hat.


A tin-foil hat would probably be better off for his situation.

It prevents mind reading.


Im surprised so many have taken this comment seriously.

not positively surprisrd, more like dissapoined.


I clicked and then I realized that I shouldn't have.

Luckily it seemed to have cleared.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: