the only way to have a truly unhackable system is to have a firewall that at first allows it self to be bypassed then have itself create a patch for that hole over and over again. and then the system have itself encrypt itself with a number of different keys and algorythyms then have it replace those keys the next second or tenth of a second. and don't store it in the ram, but store it into flash memory built into the motherboard of itself thus blocking all 'ram dumping' techniques.

revolution-inc

@falandil: I thought that was the name we used for immigrants that we use for manual labor...

Xavoc

Depends on how one defines "hacked".

If it means "using something in a way that it was not explicitly designed for" instead of "subverting security measures for fun and profit", then nothing is unhackable.

Dunny0, Team T/A

I think, in theory, if you made a system simple enough it would be unhackable. Most vulnerabilities arise from something you didn't/couldn't forsee due to the overall complexity of the system. The problem is, this hypothetical "simple system" wouldn't be useful for much of anything.

So, in the real world, yes. I think just about anything is hackable.

falandil

besides what Joseph just said (like doing a data recovery on a hard drive), just about all security vulnerabilities are created by third party apps (more true on Linux). So, just run a kernel, and the 2 passwords required for administration access, a raid array located in a vault, and wire the whole thing to 20 lb. of C4 set ready to blow at the first mistyped password, and a full perimeter detection system monitoring the explosive, and all pertinent connections, and set to blow in the event of power failure. To be honest, many bombs are "unhackable", and if you apply the same methodology to a computer, it wouldn't be unfathomable to create an absolutely secure system. But your data would be in extreme risk of destruction. The only way proper data encryption can be cracked is by some kind of brute force, which can be easily detected.

jkr2

@Razta: Or perhaps we could add more of the human element in. Make biological computers (not-quite-human slaves!).

Reilaos~

First rule of hacking class. If you have unlimited physical access, anything is hackable.

Joseph

I'm declaring the human mind Unhackable.

Now I call on every 13 year-old with a computer.

Begin.

doobiebros2two

If something can be programmed by someone, then how would it be immpossible to be reprogrammed?

Quadrophenia

Quatum encryption is basically impossible to hack. But as long as hackers take a long time to hack the system like with the PS3, I think the company is happy.

Jitty

@Shub-Niggurath: not true... it's just not hackable from the internet.

Rabid Penguin

The only system that is not hackable, is the one that isn't powered on. At least until you power it on. I would say there is a good chance that you can secure a machine from being hackable as long as you can physically control access to it at all times. Otherwise, you're fscked.

Xavoc

Sure, any system that is not connected to the internet is "unhackable".

Shub-Niggurath

I think I voted for the wrong thing...

Rabid Penguin

@altus: Like your inherent desire to assume everything is hackable. You just got hacked.

SinAmos

Of course everything is hackable!

altus

Many systems are extremely hard to hack today. A large amount of hacking is the result of social engineering, not software flaws. Not to say that it's impossible, but you can't claim to hack a system if you happen across the password.

tumnus

A chaos encrypted system is possible. Think outside the conforms of society.

SinAmos

I VOTE FANTASY

Ariel_Wollinger

Untill we get rid of the human element, every system is hackable.

Razta

Heavenly Father and the aliens will always be able to hack our systems.

mildretard

"is"

SinAmos

No. All you have to do is have a system that continually changes the language it is written in with a key that made from a hard-coded element and then encrypted with a biological agent that is continually in a state of flux. That simple.

SinAmos

I didn't know any actually believed the hype about unhackable systems.

mhlaxp

Anything created by man can be reverse-engineered. The best defense is to pull the power plug.

anothernord

@t3knomanser: Damn, you beat me to it...

OTPs are also unhackable when implemented correctly...which hardly ever happens.

This is of course a lie since Bruce Schneier is still alive.

TJ

@Xavoc: well if you had physical access to it then just have it locked in a room and have guards outside it-similar to the iPhone 3G advert

revolution-inc

Well, the Erisian encryption method is unhackable. Of course, it also destroys the message you're encrypting.

Here's a few rules:
1) Anyone can design a system so clever that he can't break it.
2) There's always someone more clever than you.

t3knomanser

Unplug that ethernet cable.

shinchan

The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his gadgets and all their peripherals are preserved.
--Cordfucious

Cordfucious v 2.0.1

@TendoMentis: As we unravel the genome and clone/modify plants and animals, we're getting closer and closer to hacking God's computer everyday.

GeekyNerdGuy

Saying your new technology is unhackable is like saying your new ship is unsinkable... only ridicule, shame and possible loss of life can result.

knyghtryda

If God invented a computer, humans would not be able to hack it.

If an alien civilization that perceived the universe in a completely disparate way from us invented their version of a computer, I'm positive humans would not be able to hack it.

As long as the "system" is created using human understanding and perception, a human can manipulate it.

TendoMentis

@revolution-inc: Unless you had physical access to the box.

Stop thinking of hacking as a remote-only event.

Xavoc

to create a unhackable system you should make as many hackable systems as possible. just like a how apple saw the problem with pc drivers(there were too many and users were annoyed by this so apple created a kind of super plug-and-play driver to fit everyones needs-thus solving the problem with a very simple solution)

revolution-inc

Xp in Blue Screen of Death mode is unhackable!

pipper

A truely unhackable system would be an unusable system. There are no 2 ways about it, a system so difficult to hack that no-one would EVER do it, even for bragging rights would be something that no-one cared to ever use.

The best one can hope for is that you do like nintendo did with the gamecube, by the time it was hacked, no-one cared.

Dallin

I think we're all looking at this wrong. The problem isn't the system. The problem is the people! All one would have to do to ensure his system's data security is kill everyone in the world except himself! (Suicide would be recommended if the desire to hack one's own system came into play.) Problem solved. I'll take my check in the form of yachts, please!

Griffehpoo

@Xavoc: I agree, it's pretty difficult to think of a situation where the dissemination of a system's contents to unauthorized parties is preferred to the irreversible loss of those contents.

Even with the most secure of systems there still exists the need for a fail safe in case something bad happens.

TJ

@draiko: These days, being close enough to the monitor of the system is enough to access what's being displayed remotely. I know it sounds far-fetched but it is possible to view the output of a system wirelessly using the EM waves being emitted by a monitor.

Did you really believe that not having a 802.x connection was enough be considered secure?

TJ

it's funny seeing all u guys who are like "the only way to make a unhackable system is" cause ur still wrong... anything we make can be hacked. if someone has the will and the knowledge to hack something, they eventually will get through. it doesn't matter wat u do...

Crispus

@anothernord:
That's not true. It's possible to lock yourself out of something and the only way to get back in is by sheer destruction. Plenty of such safes exists and so forth....

The problem is, anything that has CONTROL by man can be hacked. Anything is only as strong as it's weakest link and man itself is the weakest link to any security.

Can absolute security contain reason? NO!

JEmlay

A system is only perfectly secure when it is fully independent of human contact - physical or otherwise. This is only possible if the system is designed with the intention to carry out functions for the entirety of its operation without user input i.e. read-only permissions for all users. It would also need to destroy the data if physical access occurs. Basically, if someone tries to physically access its storage, it blows up, etc.

TJ

want to know how to make any Computer unhackable?

Step 1 - unplug/turn off wireless network adapter or unplug Cat5/6 cable from computer

Step 2 - done, you're safe

draiko

Anything is hackable, it's just a question of how much money/time can be thrown at it.

secretmanofagent

@TendoMentis: Jeff Goldblum would like to have a word with you re: Independence Day.

Griffehpoo

@TJ: Not to mention that pretty much damn near EVERY system has a password recovery/reset scheme built into it for when something happens and that information is lost/corrupted.

Xavoc

@revolution-inc: Unless the guards are the ones who decide they want to hack your machine, or someone social hacks their way past the guards.

Xavoc

@revolution-inc: It's not a matter of the level of a system's security. Rather, it's ability to be hacked. In this case, the chance that the system WILL be cracked (x) is still x > 0% since human behavior (the guard) cannot be defined in a trusted environment.

From a security perspective, a door always has a key and can be opened by someone or in some way. This also raises the chance that the system will be hacked.

TJ

@t3knomanser:
I was going to state something very similar to this, however yours was phrased in a better manner to get the point across. This pretty much sums it up.

AllThingsWireless

By the way, did anyone catch last night's disastrous second life episode CSI New York, in which someone gives the department a virus via a "second life calling card", and the response is Gary Sinise yelling "throw up a FIREWALL!".

Priceless.

Pope John Peeps II

Isn't quantum cryptography the holy grail of DARPA research these days? It's probably getting reasonably close, too. Another 10 years maybe?

Also, I have to point out that a computer networked to nothing at all is pretty unhackable.

Pope John Peeps II

PS3 seems locked pretty tight…

but maybe nobody cares

Accordion

@Griffehpoo: (Suicide would be recommended if the desire to hack one's own system came into play.)

Better yet, self-destruction should be in the system's design if that were ever to be the case. If the designer really wanted it to be secure no matter what he shouldn't have left the human concept of suicide open.

//In the event that everyone except me is dead and an input cannot be validated on the first attempt, self-destruct immediately.

TJ

@Griffehpoo: Don't even get me started on that movie.

TendoMentis

Truly unhackable systems are possible.

Problem is, they are also probably useless.

Don't want your computer hacked? Lock it in a safe and don't use the Internet.

There are several ways of preventing hacks... but most of them renders the system useless.

But the truth is: most games and softwares CAN be more efficient against hacking/cracking.

The question is: Do they want to? Is it worth it?

Bokusatsu_Tenshi

@Impetuous_Vigor: Bender Bending Rodruigez could find a way...

He's 40% Dolomite!

Griffehpoo

I don't know much about any of this "make a system with bio flux magic elf" bullshit but if anything was to be un-hackable then it would be perfect, correct? that means theres no way to go up further and, well that would be boring.

captainmajestic

@Impetuous_Vigor: Bruce Schneier would find a way...

TJ

Easy way to most systems "unhackable":
Take system, submerge in lava pit, system can't be hacked.
(Disclaimer: may not work on lava-proof systems)

Impetuous_Vigor

@Pope John Peeps II: Even more disastrous...Live Free or Die Hard.

TJ

@draiko: Safe from nearly anybody and anything. Completely safe? No. Somebody can still gain physical access to the computer and get into it. Also, as other people have stated above, there are ways to know what is being displayed on the monitor and what it being typed without actually being on in sight of any part of the computer.

Do I think any modern system will be hackable? Absolutely. Can something be made unhackable? Probably, but it wouldn't be practical at all.

geowrian

As long as there is even the slightest possibility of a system ever being hacked, someone could just use their infinite improbability generator to hack it. Its that simple.

KGshark

Quantum encryption >.>

MastaFalse

@doobiebros2two:

What's two and two?
...or will I have to use the rats?

spxmgb

The problem is, most people who claim to have "unhackable" systems are morons gullible enough to believe the incompetent morons they hired to make their unhackable systems succeeded.
On the other hand, there is an infinite number of very competent hackers trying to get past them.
If someone wants to make a system difficult to hack, he (a) knows what he's doing, (b) hires competent people and check what they're doing and (c) -this sis the most important- tries not to draw too much attention to his sytem.

Franssu

There are a couple of factors out there that are not even addressed. What if you have a secret language programing code and a system that isn't even accessible on the internet. can the hacker go and physically touch the system? there are so many different ways to hack

Ryanraven

I thought quantum encryption was already available and only the economics when compared to existing techniques was keeping it out of the loop. I seriously doubt it makes for unhackable systems though, at least theoretically some attacks already exist.

hedges1968

I work for a company that builds POS machines (those little credit card readers), and they are made to be as unhackable as possible.
The first think that they have, is a set of sensors that when you try to open the device, the software is complete erased and it becomes useless.
The communication with the server is encrypted at all times and the encryption keys have two parts that are never supposed to be at the same place at the same time, and they are recorded into the device in a secure room where only a handful of people are allowed to access.
So, maybe the system is still hackable, but it's so difficult that we have never had a single reported case.

wenderson

@wenderson:
Are you kidding? Do you mean the debit / credit card readers at the local gas stations? Because if you are, then they get hacked all the time, and have been for years.
------------------------
Second, people really should read all the posts before posting. I read the same stupid "just unplug it from the internet" answer multiple times after it was already shot down.
------------------------
Third, I agree that all systems can be hacked in some way. And I also agree that the more "unhackable" a system is the more useless it is. There will always be a trade off between security and usability.

--Deamion

Deamion

@spxmgb: Oh.

Oh no.

doobiebros2two

[techbuddha.wordpress.com]

Took all of 1 google search. Even if you make a black box in your pos and no one can get in, that is not unhackable, just unseeable. Since when do you need to see the truth of something in order to regonize changes in output based on input. Its encrypted? No problem. Let the system encrypt known data and after enough samples you can reverse it. The encryption you described seems to be similar to cryptokey passwords. Sure its tough to guess, but NOTHING is unhackable.

There is always a crack, thats how the light gets in. If the system is usable in any way, it can be made to be used in an alternate way. This is life.

foebea

I think it is important to define hackable.
If you hack a system within 24h: good for you, you are probably a computer genius. But most of these people get caught. Therefore, the systems, for me, are not really hackable because that would mean that you can get in, do what you want, and get out without being seen or found. Hence, most systems are fairly secure to me because of that fact.
There are some pretty darn impressive systems in banks or financial institutions where on top of the IT, there is a true training of employees in not falling for certain things which allow hacks. These systems are hard to penetrate !

FTP_Palace

@FTP_Palace: I think you hit the nail on the head. I've thought a bunch about this question over the years, and it seems to me that protection is based on an economic firewall: intrusion either costs to much or takes too much time. A Caesar cipher was sufficient when few people could read, the Enigma was sufficient until electromechanical computers came along, DES was OK until the EFF built specialized hardware, and so forth. Whether we are talking about a encryption or kernel protection, the same economic firewall applies. Eventually AES will be broken as will any kernel, no matter how secure. Maybe, as technology advances, some future economic firewall will be so prohibitive as to be unbreakable for all practical purposes.. i.e. cost or time -> infinite even with the best available technology. That being said, I believe that the best security measures (perhaps as others have mentioned) are physical security and unpredictability. I think the weakest aspect of modern kernel security measures is that they provide predictable responses to stimuli. If responses were randomized between attacks on a particular kernel, a particular piece of hardware, different h/w and s/w versions, etc. it would minimize accumulating and sharing information on vulnerabilities and make breaking the systems a lot tougher. Anyway, that's my 2 cents....

craighyatt

the only fool-proof way to have a non-hackable system is to destroy every 'command prompt/terminal' and any program that can be used to write scripts or programs. downsides-this kills the open-source world

revolution-inc

I'm pretty sure anything is hackable, but declaring something unhackable is the best way to get it hacked in a hurry.

The only thing truely unhackable is Gizmodo's website and I challenge anyone to show otherwise :)

Navin R Johnson

@FTP_Palace:Waiting for the damage to be done and then reacting isn't something I'd want to call unhackable. For instance, if the Chinese military got into the U.S. military's systems. Yes, they can probably be tracked, but what good will it do? The national secrets are already stolen. Would that be considered unhackable since they knew who did it? Extend that to a Chinese citizen and a US bank. We may know the person that stole the money, but what good is it if we can't arrest him?

@revolution-inc: Not to mention the entire real world.

geowrian

If you make a system that has no security, and state that it can be used by anyone for anything. Technically there is nothing a person could do with/to that system that would be considered 'hacking.'

*this is not applicable in the real world but i'm still right :)

andrethejesus

Its just like your home. It doesn't matter what kind, or how many locks, charlie bars, security systems, etc. that you have... If someone wants to get in, they WILL get in.

It is sad to say, but most of the time people hacking the system are smarter than the people designing the system.

DocBME

Oh dear... does it really matter? the issue is can we ever really protect the data not the computer or the program... better to ask can we ever really get identity management - you know, properly understanding the question of "who" and link that to "rights" (awkward pause as i realise i might be talkin about the dreaded DRM), then we can secure data to user then who cares about cracking the system.

binkyje

anything can be hacked

except linux

the.schimmi

The only reason hackers exist is because there are things to hack. If nothing had any security on them, where's the fun in hacking?

Oh and there is such a thing as an unhackable system. It's every system that's not connected to a network, including the largest network, the internet.

But what's the point in that?

nintendude

@nintendude: You can still hack systems that aren't on a network. You just need physical access.

geowrian