SECURITY
Don't call Tom Cervenka a hacker. True, operating under the nom de hack Blue Adept, the 28-year-old Canadian computing consultant spends way too much free time rooting around for security holes on the Web. And, admittedly, when he finds a problem, he posts explicit details on his www.because-we-can.com site.
Still, Cervenka prefers "ethical hacker" - he's a regular guy who just wants to make the Web safer.
"When I find a security hole," Cervenka says, "I don't keep it to myself. An ethical hacker fully discloses any holes he finds, so then the company is forced to fix it."
But Cervenka is jousting with eBay, illustrating why even ethical hackers raise hackles. Cervenka's specialty is creating client-side Trojan horses, programs that run on a user's computer and perform hidden functions. Cervenka has captured user email addresses and passwords on services such as Yahoo! Mail, Eudora Web-Mail, and Excite Mail. He's also the author of the "eBayla" exploit, in which a JavaScript collects users' screen names and passwords when they bid on an item posted on his eBay account.
Because Cervenka posted a step-by-step guide to eBayla - JavaScript and all - the online auctioneer is steamed. Cervenka says he emailed tech support at eBay, and claims the site is still vulnerable to similar attacks: "If I can do it, every 19-year-old script kiddie is out there stealing identities."
Cervenka's security hole has since been plugged by eBay, which he takes as proof that he's succeeding. But he plans to crack eBay again, and he's also cooking up a caper aimed at Microsoft. Meantime, tech companies are pressing legislators to pass tougher laws on hackers - ethical or otherwise.
MUST READ
Schlock Till You Drop
Access Mania
CEOs With Balls
Virtual Book Burning
Tired/Wired
Keeping It Digital
People
Jargon Watch
Edifice Complex
Those Who Can't Launch, Teach
It's a Bitch Being Rich
White Hat Hacker
Capturing Eyeballs
Raw Data
