[Noisebridge-discuss] win scratch-off lotteries: an easier, more reliable way

Thu Feb 3 03:09:24 UTC 2011

I think Patrick is using a broader, and thought-provoking, definition of
hacking.

You could define the system being hacked as the system for randomly
generating reward-bearing scratchcards, and see if there is a systematic
flaw in them.

Or - like Patrick - you could define the system being hacked as the system
of selling scratchcards, which sometimes pay rewards but often don't, and
generate profits. This system, to some extent, relies on not all rewards
being claimed. There is a weakness in this system: if someone highly
motivated to find and claim all rewards has access to a supply of
scratchcards discarded by those less intelligent or less motivated, then
they can "hack" this weakness and make a lot of money.

I find this approach interesting and thought-provoking because by broadening
the scope of the system you are trying to hack, you also increase the number
of possible hacks. There are plenty of classic examples of this... You can
try breaking into a system by technical means, or you can call an employee
pretending to be a tech support person, and get them to tell you their
password. You can spend a bunch of time picking a lock, or realize that the
pane of glass next to it is loose.

On Wed, Feb 2, 2011 at 11:41 AM, Sai <noisebridge at saizai.com> wrote:

> On Wed, Feb 2, 2011 at 06:07, Patrick Keys <citizenkeys at gmail.com> wrote:
> > Dumpster-diving is a very well-recognized form of hacking.
>
> I disagree. It's a recognized form of information gathering, which in
> turn might be part of a hack (like this one).
>
> Diving just to find stuff you can sell? That's being a resourceful
> homeless person, sure. It's not hacking, though, any more than
> dumpster-diving for food is.
>
> > Also, any form of gaming a system for personal benefit, whether its
> finding
> > the algorithm for lottery tickets or where to score free winning tickets,
> > generally seems to qualify as hacking.
>
> Um, actually, no. We're not trying to do it for personal benefit, and
> in fact I would strongly object to that.
>
> The hacking part is trying to figure out how/if the system is broken,
> period, neutral to outcomes.
>
> What one does with that knowledge is a moral decision. I'm only
> willing to participate in this with people who agree that the correct
> course of action if a flaw is discovered is responsible disclosure -
> test to be sure it's a real flaw, tell the affected vendors/gov'ts,
> give them 30 days to fix, tell the world.
>
> You seem to have an odd conception of what "hacking" is, from my POV.
>
> However, Griffin has a good point in that diving may be useful for
> finding lots of empties,, which are in turn data that could be fed in
> for analysis.
>
> FWIW I also am inclined to guess that he's right that any partial
> information exposure to make a better "hook" is quite probably done in
> a way that leaks entropy. It's hard to do that kind of working within
> constraints well - hard enough that it's pretty much the foundation of
> an entire genre of puzzles (a popular one: sudoku).
>
> - Sai
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20110202/a9193fe7/attachment-0003.html>