Hacking
I've read the origin of the term 'hacking' refers to using an axe to chop wood to make something, like a piece of rough furniture. Whether or not that is true, it's a good image for how internet hacking words - at least in my mind. The origins of hacking together computers with telephone calls that morphed into the online community was not a brilliant creation - it was a hack job. The development of internet protocols has not been uniform and the lag in standardizations leaves behind a series of margins that hackers can exploit. I do not fully understand how they accomplish these feats but I do see how the room for such exploits exists.
It still amazes me that http://website.com, http://www.website.com, and https://website.com each can yield different results. There are valid reasons for the development of URL codes but in 2010 the lingering specters of these needs probably does not remain. This is a less troublesome specter but it demonstrates the fact that the development of this technology focused more on improvements and adaptations than refining the core functionality. It's easier to make an add-on but much harder to upgrade an entire network once something gets deployed so the integration of changes across the entire internet is not easily accomplished. Thus, the redirection of a user from page A to page B remains available on the server hosting page A as a redirected file in its directory, server-side code written on page A's website (like PHP), user-side code written on page A's website (like Javascript), or code to call page A that calls up page B in a window that completely overlays page A (like iframes). Each of these methods are very commonly used.
There are a lot of different coding languages used online, but that makes sense to me. Someone can have a proprietary need or specialized application for which a unique language is appropriate - a reduced set of language codes should make those things run better. Different servers produced by different manufacturers will likely have needs for different languages as the manufacturers may not agree on standards. Likewise for internet browsers, but since the code of a website reaches across potentially the entire internet a website should be able to be interpreted by any browser. W3C has exhaustive web standards that are adhered to in varying degress and result in the slight differences between various viewing platforms. These differences help create room for hackers to manipulate the code and gain access to regions of the site not meant for public access. W3C is great at making ways for code to be more practical but the text to describe it is almost all illegible, which creates a barrier for most and grants super-intelligent hackers a leg up on many coders.
As of 2008 there was no standard html code for embedding a video in a website despite the abundance of videos spawned by broadband. html5, the new standards for websites, addressed this flaw with a very simple code. Unfortunately html5, despite free availability and widespread knowledge, remains unsupported on any browsers. As a person that has a website it is a little discouraging to know that the easy fix to an annoying problem exists but the browsers will not support it until 2012 at the earliest and perhaps not as soon as 2022. In scenarios like this the coder has the option to move forward with bits of the site written to check for certain browsers and stay abreast of the adaptation of coding standards by the browsers, or to omit the better coding in favor of older coding to forgo browser compatibility issues. The former creates room for hackers whenever code addressing browser functionality does not match that browser's capabilities. The latter creates room for hackers due to known security flaws that created the need for upgraded browsers and codes.
Of course, the most frequent route for hackers to gain access is simply poorly written code. It is possible that coders can be lazy in checking their work, but I hope I have outlined the larger reason is that the numerous incongruous ways code operates causes numerous checks for a coder to perform - and for coders to remain vigilant of changes to code functionality. This is not a unique situation; the evolution of the automobile still uses the combustion engine. Car makers have made numerous innovations but the long-sought car that runs on water (or anything but gas) requires rethinking the entire engine itself. Likewise the internet brought a whole suite of moving text, moving images, audio, and video, real-time applications, etc., yet the core functionality built on hacked together parts remains in place.
It still amazes me that http://website.com, http://www.website.com, and https://website.com each can yield different results. There are valid reasons for the development of URL codes but in 2010 the lingering specters of these needs probably does not remain. This is a less troublesome specter but it demonstrates the fact that the development of this technology focused more on improvements and adaptations than refining the core functionality. It's easier to make an add-on but much harder to upgrade an entire network once something gets deployed so the integration of changes across the entire internet is not easily accomplished. Thus, the redirection of a user from page A to page B remains available on the server hosting page A as a redirected file in its directory, server-side code written on page A's website (like PHP), user-side code written on page A's website (like Javascript), or code to call page A that calls up page B in a window that completely overlays page A (like iframes). Each of these methods are very commonly used.
There are a lot of different coding languages used online, but that makes sense to me. Someone can have a proprietary need or specialized application for which a unique language is appropriate - a reduced set of language codes should make those things run better. Different servers produced by different manufacturers will likely have needs for different languages as the manufacturers may not agree on standards. Likewise for internet browsers, but since the code of a website reaches across potentially the entire internet a website should be able to be interpreted by any browser. W3C has exhaustive web standards that are adhered to in varying degress and result in the slight differences between various viewing platforms. These differences help create room for hackers to manipulate the code and gain access to regions of the site not meant for public access. W3C is great at making ways for code to be more practical but the text to describe it is almost all illegible, which creates a barrier for most and grants super-intelligent hackers a leg up on many coders.
As of 2008 there was no standard html code for embedding a video in a website despite the abundance of videos spawned by broadband. html5, the new standards for websites, addressed this flaw with a very simple code. Unfortunately html5, despite free availability and widespread knowledge, remains unsupported on any browsers. As a person that has a website it is a little discouraging to know that the easy fix to an annoying problem exists but the browsers will not support it until 2012 at the earliest and perhaps not as soon as 2022. In scenarios like this the coder has the option to move forward with bits of the site written to check for certain browsers and stay abreast of the adaptation of coding standards by the browsers, or to omit the better coding in favor of older coding to forgo browser compatibility issues. The former creates room for hackers whenever code addressing browser functionality does not match that browser's capabilities. The latter creates room for hackers due to known security flaws that created the need for upgraded browsers and codes.
Of course, the most frequent route for hackers to gain access is simply poorly written code. It is possible that coders can be lazy in checking their work, but I hope I have outlined the larger reason is that the numerous incongruous ways code operates causes numerous checks for a coder to perform - and for coders to remain vigilant of changes to code functionality. This is not a unique situation; the evolution of the automobile still uses the combustion engine. Car makers have made numerous innovations but the long-sought car that runs on water (or anything but gas) requires rethinking the entire engine itself. Likewise the internet brought a whole suite of moving text, moving images, audio, and video, real-time applications, etc., yet the core functionality built on hacked together parts remains in place.
respond or e-mail this post:
0 Comments:
Post a Comment
<< Home