2600 Magazine_ The Hacker Quarterly - Digital Edition - Summer 2011 - 2600 Magazine [42]
This is a clear anecdote, but moreover, it points to the "hackable" space in any business: a single point of failure precipitated by understaffing, or simply the plan not coping well with the reality of working the registers.
McDonalds, then, pre-hacks itself despite having a system in place. Just because they have a safe doesn't mean they know how to include it in the overall workflow, or that workflow doesn't have a kink that leads to the kind of situation I saw.
Nobody should break the law using this information: However, everyone should take a look at what the reality of their system is, and not just what the "plan" is, because they don't always match. Exploiting an open safe is not hackers’ work. Hackers don't steal. Hackers delight, however, in pointing out the weakness of a system.
Note that I haven't, and am not, calling McDonald's. Can you imagine what a nightmare it would be to try to report an ill-used safe to the appropriate person in the corporation?
e-Z-e-kiel
We’re not really sure that an unlocked safe in clear sight is anything more than McDonald’s-style stupidity. It’s an interesting observation and it might result in some corporate memos, a change in policy, or a few attempted robberies. But, as far as hacking goes, this isn’t really on the radar any more than pointing out that some people leave their car doors unlocked, which could result in other people opening their doors. It’s just not getting us excited.
Worries
Dear 2600:
Umm, this is a bit of a concern. You say “If we decide to use it in a future issue, we will contact you at the address you've given us.” Normally, magazines and journals will send an acceptance or rejection letter/email to any submission. I cannot simply sit on this hoping that someday you will respond.
If it is not your policy to make a decision and notify an author in a reasonable amount of time, then I will be forced to withdraw my submission and send it elsewhere.
Chuck
First off, we don’t do things the same way as most magazines. Second, as stated in the part of the automated message to articles@2600.com that you didn’t quote, we will let you know within two issues (usually much sooner) if we’ll be able to run your submission. You only gave us two days before getting impatient. Finally, unlike lots of other publications, we don’t assume ownership of your piece. You’re welcome to resubmit it to other places, but we do ask that it be unpublished at the time of our printing.
Dear 2600:
Since you don't even respond to submissions, I am going to have to withdraw my article and send it elsewhere. Thank you.
Chuck
It’s probably for the best as you apparently expected a response to the previous letter within minutes. We don’t think that even the slickest publication on Earth would have been able to move fast enough for you. We look forward to seeing who you settle on, although we’re sure you’ve moved on to a book deal by now.
Experiences
Dear 2600:
I'm currently deployed and, while reading your current issue, was reminded of an amusing incident involving one of your previous issues. I was on shore duty, and I worked with an organization tasked with conducting connected virtual online training with military assets around the Pacific Rim. Think MMOGs with horrible graphics. We were heavy into VoIP, networking, and tying together 18 different systems developed by 20 different manufacturers. Anyway, one day we were due for a site inspection by DISA (the Defense Information Systems Agency), yet another amusing acronym full of stuffed-shirts intent upon blasting our networks back a decade in terms of effectiveness. In preparation, I left a copy of 2600 on my desk. When the inspector came through the office to check that there were no