Recently, I was watching a random Youtube video and I stumbled across a video which showed a scene from the movie ‘The Social Network’. This is a conversation between Mark Zuckerberg and Eduardo Saverin. In this scene, Zuck is interviewing candidates for the internship job in California for his company. It goes something like this:
Eduardo Saverin: What’s going on?
Mark Zuckerberg: They have ten minutes to get root access to a Python web server, expose it’s SSL encryption and then intercept all traffic over it’s secure port.
Eduardo Saverin: They’re hacking.
Mark Zuckerberg: Yes, all behind a Pix Firewall Emulator. But here’s the beauty.
Eduardo Saverin: You know I didn’t understand anything you just said, right?
Mark Zuckerberg: I do know that.
Eduardo Saverin: So, what’s the beauty?
Mark Zuckerberg: Every tenth line of code written, they have to drink a shot. And hacking supposed to be stealth, so every time the server detects an intrusion, the candidate responsible has to drink a shot. I also have a program running that has a pop-up window appear simultaneously on all five computers. The last candidate to hit the window has to drink a shot. Plus every three minutes they all have to drink a shot.
Sounds pretty cool right! The clever use of hacker lingo coupled with Jesse Eisenberg’s fast tempo (Jesse is the guy who played Zuck) gives you the impression that something really cool is going on here. To the common man, this sounded something like “blah blah encryption … blah blah hacking … blah blah code … blah blah drink a shot“. I just thought I should deconstruct it to see what’s actually going on inside.
Root access to a Python web server: Root access refers an administrator level log on to a server. Having root access to a server gives you the ability to take full control of the server. Only the people who own the server are supposed to have full control over the server. A ‘Python web server’ is just a server on the web written in Python. When a user enters a web site, their browser makes a connection to the site’s web server (this is called the request). The server looks up the file in the file system and sends it back to the user’s browser, which displays it (this is the response). A web server can be written in any language, but Python is being used more and more because it’s simple, powerful and flexible. Infact if you have Python installed, you can start you own local web server with a simple one line code. Open the terminal, go to the directory you want to serve HTML files from and type the following:
$ python -m SimpleHTTPServer
This will start a web server on port 8000. You can access it by typing “localhost:8000” in the address bar on your web browser. It’s as simple as that! So after deconstructing it, it means that the candidates have to get full access to a web server running on Python.
Expose it’s SSL encryption: SSL is basically a protocol for security over the Internet. When someone visits a website, this protocol is supposed to validate everything before letting any exchange happen between the server and the user. SSL does a good job of securing web site traffic but a determined hacker will be able to get past it. I will discuss the drawbacks of SSL in detail in my next blog post. But for now, I’ll keep it short and say that it doesn’t do a very good job of authenticating the users or the data.
So after deconstructing it, it means that Zuck wants the candidates to be aware of these loopholes, take advantage of them and hack into the server without getting caught.
Pix Firewall Emulator: PIX stands for Private Internet eXchange. It’s a popular IP firewall and network address translation appliance by Cisco. A firewall is a software or a hardware that’s used to keep the network secure. It monitors all the incoming and outgoing traffic and stops malicious activities. An emulator duplicates the function of a computer system into a different computer system so that the emulated behavior closely resembles the behavior of the original system. Cisco actually stopped making Pix appliances a couple of years ago and replaced it with more advanced Adaptive Security Appliance. This movie was set in 2004, which is the reason they were still using this firewall. So after deconstructing it, it means that Zuck has set up a system which simulates the conditions of a Pix firewall, making it difficult for the candidates to gain access to the server.
Hacking is supposed to be stealth and Python is a very powerful language. So I guess the conditions about drinking the shots set by Zuck sound about right. As far as the three minute rule and the pop up windows are concerned, he’s just messing with them!