Angelina jolie was involved

The temptation to say watch the documentary movie called Hackers but I can’t I good faith.

Lack of knowledge was the big problem before the internet. Late 80s, early 90s.

Take Phreaking.

Dialup BBSs (1200/75, 2400 or 9600 baud) were the primary source of dodgy files that I knew of. Some would have a secret area with various texts about hacking and quasi-illegal behaviour, including pornography of all flavours and of course the anarchists’ handbook. There were a few hacking and phreaking related stuff (getting free phone calls was huge then, given the cost of online activities - blackboxing, blueboxing, etc) and often required researching the types of PBX being used until you knew more than the people employed to run the things. To get access to this you’d need to suck up to the BBS owner, or prove your worth and “I’m not a law enforcement officer, honest” credits. Vouchsafing friends and others was another way, and there was cross-checking of you by sysops talking to each other.

The security on phone systems was laughable by modern standards, but at the time it was something very strongly guarded and if you found something, you made sure it stayed private. The phone companies helped by constantly denying anything was happening, but stakes were high. Legal consequences were high, but so were the rewards if you could get free calls.

Myself, I never did, but I always wanted to. Not having my monthly phone bills of hundreds of pounds would have been really nice…

When ADSL and always-on connections became available, phreaking stopped overnight.

Back in these days you’d install your distribution and stay there until the next major release. There were no online software repositiories for updates.

And exploits were plentiful. It was an easier time if you were up for mischief.

In 1999+ you could sniff people’s passwords in clear text right out of the air on public WiFi networks. tcpdump port 110 and just watch them roll in.

In the late 90’s you could use a floppy disk to boot nt and dump the password hashes of anybody who had logged in, then run them through a dictionary attack which would take a matter of minutes before learning that your company’s top employees used their favorite football team or cartoon character as their password without even appending some numbers to it. Dude with the football password even had the password emblazoned in his office wall.

One time in the 90’s I got to a password prompt and just held enter, and eventually was just let past the password prompt.

In X windows if you managed to kill the screensaver password entry box you were dropped back to the desktop, and people found ways to crash the screensaver by overrunning the password input buffer by pasting input repeatedly using common keyboard shortcuts. (Pretty sure this same exact bug exited in early Mac osx versions.)

A few things I remember.

Nobody sanitised their inputs.

You could get through logins by making a database query check whether 1 = 1 instead of a password. You could put JavaScript into guest book fields to redirect people to whatever crazy site you wanted.

My university lecturer told me about a well known supermarket that built a shop front. They made it in such a way that you could change the numbers before they were submitted and it wasn’t validated on the back end. So free food.

Money going online really changed the mood.

I recall a conference talk mentioning that the speaker (from a nordic country) told their friend to look at their online banking account, and then transferred them $-10. Either they were spotted or they disclosed it, I forget which, and luckily they were hired instead of jailed.

The connection between Cap’n Crunch, phone system hacking, and Apple is a pretty important part of early hacking history.

Not really hacking, but in the 90s you could usually just connect to a mail server and it would believe what you told it.

If you were careful you could just type an email directly: MAIL FROM, RCPT TO, etc.

I would write scripts at work to send spoof emails sometimes, you could put anything as the FROM address, like “info @ catfacts” or whatever.

Another “not really hacking” example is that when some companies first got an Internet connection, they would just allocate public IP addresses to everyone, no gateway or firewall. So you could browse any non-passworded smb shares just knowing the IP.

[removed my post: someone else already mentioned Captain Crunch]

the phreaks will, they had tons of fun

You could use telnet as example of a “historic vulnerability” in your talk.

It was extremely easy to send a trojan file to a friend and if they would open it and you happen to know its IP you could remote do things like open its CD drive and at the same time have tons of malware in your PC but it was all worth to see them in the next day saying that the PC went abducted by aliens

According to the movies it’s 90 percent just saying “I’m in” then you’re in.

Do you mean programming? Not that much different from a few years ago tbh. Vibe coding may have changed stuff since then. Otherwise, there was less emphasis on online services, so the upgrade cycle was slower and you had to test more before shipping. That was, perhaps, a good thing in terms of software reliability.