Or a hacker. Or a criminal. Or someone learning HTML.
I prefer to think of this as an awesome tool for the last but perhaps a discussion point for the others.
I played around with a tool from Mozilla called X-Ray Goggles. It’s simple to use. There’s a pile of potential in there for those of you teaching HTML and ethics.
Visit the link above and do the “first hack” that they recommend. Got it?
Follow the instructions and drag the bookmark to your bookmark bar for later use. I decided to see what I could do to deface/hack my blog.
Yesterday, I shared the announcement of the CSTA Conference. Part of it looks like this…
This is a dynamite conference and I’m looking forward to being on the conference committee again this year. But, I’m not fussy about it being in Quincy in July. I think it would be much better if we changed the details to Boston in August. Could X-Ray Goggles do it for me? Yep. And, I can learn a great deal about the page the current information is on in the process.
So, I go ahead and load the webpage. Next, I click the X-Ray Googles button from my Bookmarks and cursor over the page and voila. I get to see the HTML behind the scenes that makes this blog post so nicely formatted.
In the left part of the X-Ray Goggles workspace, you can see the existing content including all the HTML tags. In the right part, you’ll get a chance to see what it looks like if you decide to apply the changes. Done. I notice that in the paragraph descriptor, there are a few things to be changed as well. Done, and Done.
The hacked announcement now looks like this.
And it’s as simple as that.
Now, I don’t have the permissions (presumably) to save it back to the original site which is a very good thing. But, X-Ray Goggles does offer a couple of alternatives when I click on or press P to publish. I could post to their hosted site. In that case, I did and the changes are here. The second option is a little more nefarious. I could download the HTML source and post it to a site of my choosing.
Immediately, I see all kinds of use for this. In the classroom learning some website coding, you could have students work on a sample provided by the teacher to learn the concepts. i.e. you give one layout and functionality and the students learn how to hack/code/change it into a prescribed output.
Beyond that, I would use this as a great opportunity to have students know exactly where they are when they’re online. If we could change dates that easily, what else could we change? What information could we actually collect from someone who went to “our” crafted page as opposed to the original? Now, using the self-publish feature, we immediately know if we’re in the wrong spot if we look at the URL – http://p.webremixes.org/urekcvyp. But, suppose we chose the second option and rushed out to register dougpet.wordpress.com and posted our page there? Would we be smart enough users to know just where in the internet we are?
This is a very slick and powerful hack. Give it a try to see what you think.
Finally – please – the conference is in July in Quincy. Don’t be fooled by competitors!
- Hacker defaces over 437 Chinese government sites (zerosecurity.org)
- Official Kaspersky Anti-Hacker Page Defaced By Hacker (techfleece.com)
- Anonymous Pakistan Defaces 319 Websites (news.softpedia.com)
- 2013 CSTA Conference (dougpete.wordpress.com)
Please share your thoughts here. I’d enjoy reading them.