Stories
Slash Boxes
Comments

Slashdot

News for nerds, stuff that matters

Create Account | Retrieve Password

Slashdot

Site Info

Stories

Slashdot Log In

[ Create a new account ]

Wired Reports On Korea's First Hacker Con

Posted by Zonk on Fri Nov 17, 2006 03:15 PM
from the so-happy-together dept.

evanwired writes "Quinn Norton offers a great first-hand account of the first South Korean Hacker con. Marked by conservative dress and polite conversation, the group was nevertheless still very much concerned with the shortcomings of computer security." From the article: "A police crackdown three years ago left South Korea's hacking community broken and fragmented. One of the conference's more animated speakers, 'Xpl017Elz,' complained that many of Korea's best and brightest hackers wound up emigrating to more receptive environments with better pay for security researchers. But he also demonstrated a large and difficult divide between how the hacker communities behave in Korea and the United States. Xpl017Elz's presentation focused on four (of a reported seven) attacks he developed against Red Hat's Fedora Core using ExecShield. He demonstrated privilege escalation, where a logged-in user can become root and take over the machine, and remote code execution, wherein an external attacker can gain root without a login."

[+] southkorea, security (tagging beta)

This discussion has been archived. No new comments can be posted.

Wired Reports On Korea's First Hacker Con | Log In/Create an Account | Top | 40 comments | Search Discussion

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

About time... (Score:2)

by creimer (824291) on Friday November 17 2006, @03:20PM (#16889470)
(http://www.creimer.ws/ | Last Journal: Friday January 26 2007, @12:40PM)

The police are going after all those Starcraft/WoW hackers. They need do something more productive with their lives. Maybe hacking Minesweeper on Windows Vista?
- Hacking Solitaire by c0d3r (Score:1) Friday November 17 2006, @05:49PM
- 1 reply beneath your current threshold.
conspiracy theory (Score:2)

by everphilski (877346) on Friday November 17 2006, @03:20PM (#16889474)
(Last Journal: Tuesday June 06 2006, @01:50PM)

Anyone else notice the only picture thumbnail that worked in the article was the one with RMS?
- Re:conspiracy theory by winkydink (Score:3) Friday November 17 2006, @03:25PM
  - Re:conspiracy theory by everphilski (Score:2) Friday November 17 2006, @03:31PM
His name is Xpl017Elz? (Score:4, Funny)

by glen (19095) on Friday November 17 2006, @03:24PM (#16889536)

Did he get confused when someone explained to him what a secure password is and you shouldn't use your name?
- Re:His name is Xpl017Elz? by jovius (Score:2) Friday November 17 2006, @03:37PM
- Re:His name is Xpl017Elz? by hclyff (Score:2) Friday November 17 2006, @03:58PM
- Re:His name is Xpl017Elz? by BurningBridges (Score:1) Friday November 17 2006, @06:58PM
  - Re:His name is Xpl017Elz? by ediron2 (Score:2) Saturday November 18 2006, @08:23AM
  - 1 reply beneath your current threshold.
- 2 replies beneath your current threshold.
What?! (Score:1)

by hxftw (996114) on Friday November 17 2006, @03:26PM (#16889562)
(http://www.flickr.com/photos/zackxf)

"It's not democracy." I'm from the US, what is this 'democracy' you speak of?
- 1 reply beneath your current threshold.
Wow, shitty submission, shitty editor. (Score:2)

by Harik (4023) <Harik@chaos.ao.net> on Friday November 17 2006, @03:37PM (#16889738)

"Hi, we're going to just cut-paste from the article like we always do except we have the reading comprehension of an american highschool football player and can't even pick paragraphs that make sense."

Every day I'm reminded why I adblock and don't subscribe here. I can get URL Cut & Paste on IRC. And it's realtime.
- 1 reply beneath your current threshold.
Is Fedora Core (Score:1)

by traveller604 (961720) on Friday November 17 2006, @04:06PM (#16890118)

That insecure? What the hell?
Not the first... (Score:2)

by Duncan3 (10537) on Friday November 17 2006, @04:26PM (#16890360)
(http://www.mithral.com/~beberg/)

Not the first... Not even the first publicized one.

Not really a dupe article, hrm... maybe Wired writers can't read Korean ;)
Oblig (Score:1)

by $RANDOMLUSER (804576) on Friday November 17 2006, @04:28PM (#16890406)

"In Korea, only old people go to Cons."
First Korean conference? More than Six years ago! (Score:3, Informative)

by gessel (310103) * on Friday November 17 2006, @04:45PM (#16890612)
(http://www.dis.org/gessel)

Trust Wired to get it wrong. The magic of subjective journalism. It is ironic that another /. article describes how the blogosphere is becoming recognized as unreliable.

I was a speaker there in August 2000 at the First WorldWide Top Hackers Conference 'IS2K' [blackrosetech.com] in Seoul Korea at the Millennium Hotel [hilton.com]. We spoke for several days and even got to meet Kim Hyong-O [blackrosetech.com], the Member of the National Assembly.
And in the room next door... (Score:1)

by IcyNeko (891749) on Friday November 17 2006, @05:17PM (#16890974)

Ragnarok Online-Con, where execs talk about how they got their user/ Credit card database hacked.
ExecShield ? (Score:2)

by smoker2 (750216) on Friday November 17 2006, @05:29PM (#16891108)
(http://www.dvstocklocker.com/ | Last Journal: Wednesday October 20 2004, @06:21PM)

Xpl017Elz's presentation focused on four (of a reported seven) attacks he developed against Red Hat's Fedora Core using ExecShield.
So, does this attack actually use ExecShield to gain elevated privileges, or do the attacks succeed despite ExecShield ?

According to Redhat:
It is important to note that ExecShield can only reduce the risk and impact of buffer overflow type security issues. The presence of these technologies should never be seen as a substitute for applying security updates provided by the operating system vendors.
and
ExecShield does not offer protection for kernel security holes.

But it seems badly spelled hacker isn't interested in telling Redhat about the supposed flaws in their software (if that is where the exploits are targeted).
- 1 reply beneath your current threshold.
Re:Security researchers? (Score:1)

by diersing (679767) <gdiersing@@@gmail...com> on Friday November 17 2006, @03:41PM (#16889790)

I think the context was more that Security Researchers refer to themselves as hackers. Hence relocating for better pay, if you're an internet-based criminal, you can do that pretty much anywhere.

[ Parent ]
- 1 reply beneath your current threshold.
Re:hackers suck (Score:2, Insightful)

by brunascle (994197) on Friday November 17 2006, @03:51PM (#16889926)

Why don't these freaking hackers channel their obvious intelligence into something constructive rather than hacking our stuff?
you mean, like, finding the holes in your stuff?

[ Parent ]
Re:Security researchers? (Score:4, Insightful)

by Vellmont (569020) on Friday November 17 2006, @03:58PM (#16890010)

Hacking into someone's network uninvited and posting some silly "hacked by" page is not security research.

I missed the part of the article where this is discussed. Can you please point me to it?

The article I read talks about someone who's created exploit code to get around a security measure developed by RedHat. I'm no expert at "ExecShield", but independently developing exploits to security measures sure sounds like Security Research to me.

What you're describing sounds more like script kiddies. It'd be nice if you actually presented some evidence that these guys are actually just script kiddies and not just assuming it because of what I can only assume is personal bias.

[ Parent ]
7 replies beneath your current threshold.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.