"Fear and Flooding in Las Vegas" 93
Thanks to Brett Glass for pointing out his recent piece in Boardwatch. Very well written coverage about DEFCON 7, as well as the ethical side of hacking.
This discussion has been archived.
No new comments can be posted.
"Fear and Flooding in Las Vegas"
Related Links Top of the: day, week, month.
"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell
Re:I asked tough questions, it's true. (Score:1)
No. I like difficult technical questions just fine. The problem was that you asked the SAME question TIME and TIME AGAIN, and not only THAT, but it's a question which has no answer... when you asked me 4 or 5 times if there was a backdoor in the source for bo2k, did you expect me to say anything other than "no there isn't. Read the source and see for yourself"? What other answer could I have given to that question "Yes, we backdoored it! You got me, you sneaky, technically aware amateur reporter" There were 40 or so people in that room. If I was irritated, it's because I had to answer the same stupid question over and over again when others clearly had questions that hadn't already been asked
As for my use of the word "infected"... well, that's cool, you think what you want. But generally real reporters base their coverage on facts, not half-baked pop psychiatry readings of people's answers to questions. You could probably make a pretty ok case that our intent was malicious without reverting to paranoid interpretations of slips of the tongue. It still wouldn't be even remotely true, but it would surely be more convincing that your attempt.
About CIH: I, PERSONALLY, as well as every other member of cDc, know EXACTLY what happened with those CDs that CIH ended up on them, and EXACTLY who was involved. ALL of the people involved are people I've known for years - in real life and online - and I'm perfectly comfortable with their version of what happened. You are completely welcome to go on believing we have a traitor in our midst, but understand that you are spreading verifiably false, undocumented rumor in the guise of news. If you have any intention of ever being taken seriously in your reporting, that might not be the swiftest idea.
As far as your theories on ethics: If somebody tells you their (presumably real) name, and gives you a piece of open source software with a nice, non-offensive name, you can be confident that it has NO backdoors in it? What if we changed our name to the University of Michigan and called our software wu-ftpd... OH WAIT, THAT WAS BACKDOORED. The whole argument that you can't trust us because we have a stupid sense of humor is anathema to a logical, real world method of establishing trust relationships.
As far as taking responsibility for backdoors and security issues that might arise in our software... YOU GOT IT. If you, after downloading the source from www.bo2k.com, can find a verifiable and repeatable security flaw or backdoor in our software, we will fix it inside of a week, even though we all have day jobs and don't make millions of dollars off of bo2k the way - for instance - Microsoft does off of their software.
I'm curious about your theory that Microsoft takes FULL PERSONAL RESPONSIBILITY for any security flaws in their software. Last I checked they do not, in fact, release the names of the programmers responsible for security holes, which means the "personal" part is pretty much out. As far as "full", I would say that we've been a lot more responsive to issues with our software than Microsoft has. Except, of course, when they're imaginary issues like the ones you discuss.
-tf
Beware: Brett Glass is an anti-GPL fanatic. (Score:3)
Eventually I publically aired the suggestion that we ask the administrator to remove him from the list; he was removed a couple of weeks later, and the list returned to usefulness.
It's a pity, because he's clearly an intelligent and insightful thinker, but his crusade against the GPL is simply beyond all reason.
--
Re:I asked tough questions, it's true. (Score:1)
Re: Defcon 7 - FreeBSD shirts (Score:1)
Re:Technical questions aren't the tough ones! (Score:1)
Martha Stuart with a beard!!! (Score:2)
IMHO, the stupidist line wasn't the 3 paragraph rant on smoke, or the admittion of taping a conversation w/out concent, but this:
" cDc may claim its beef is with Microsoft; however, users -- not Microsoft -- will be hurt as a result of Back Orifice."
If I was a CIO, and the techies came to me with 2 server choices (linux, NT) and I knew that BO2K was out there, I'd definatly stay away from NT! Or if I *had* any NT boxes ( I don't, but that's not the point), I would have them removed because of this. Thus hurting MS monitarily (no outrageous "upgrade" costs)
Also, wasn't the "ExplorZip" virus outbrake over 2 months ago?
-------------------------------------------------
Re:Non convincing (Score:1)
Let the man do what he wants with his hair, but come on...!
Ah, I've found the URL (Score:2)
--
That's the end of the line for me... (Score:1)
I'm morally opposed to unnecessary uses of the word "zeitgeist." I stopped reading after that sentence.
--
Re:Uh comment on abortion way off. (Score:1)
Just take that comment for what it was, for what the entire article was, a cheap attempt at emotionalism to sway public opinion. Hackers are like anti-abortionists who kill doctors... Hackers are evil because they smoked and it hurt me... Hackers are evil because... blah blah blah...
Do you think it's a coincidence that he made the comparison of hackers to two groups of people that the media have demonized (terrorists and smokers). I think, perhaps, it was an article written for another website (which shall remain nameless, because I don't want any lawyers to be sent after me, but if you know about Defcon, then you know who I'm referring to), because the readers of
The theme of the conference, however illusive, was this: There are wizards in our midst -- some masters; some journeymen; some merely would-be apprentices. Many of these wizards, through their knowledge, can endanger or damage the rest of us. But there is no common ethical code among them; each makes up his own, or simply has none. It is unclear that any one of them is well-intentioned or even fully cognizant of the consequences of his actions.
Okay, I forgot the obvious comparison to wizards. Masters of arcane and dark arts. Makes deals with demons. Heck, I'm surprised that he was so gentle on this point. He could have just as easily said: All computer hackers worship Satan. Anyone who worships Satan will go to Hell. You don't want your children to go to hell, do you? (See also the political ad in the Gnomes episode of South Park).
But, worse that the attempt to slant public opinion, is the call for the end of individuality. We need a common ethic. One World, One Nation, One People (One Orgasm - the i-brator [geocities.com]). Unfortunately, it's the quest for personal freedom which leads to people joining this sort of sub culture. Do what you want for no reason other than because you can, because in the physical world, some guy with a club and a gun, wearing a uniform, can walk up to you on the street, beat the crap out of you, and then lock you up in a prison, just as soon as look at you.
Some break in merely for the challenge; some target people or organizations they don't like; others trash systems at random just to prove they can. The public, which doesn't really understand how computer security works, mostly sticks its head in the sand and ignores the issue unless an intruder does serious damage.
Heh, corporate america sticks it's head in the sand instead of dealing with computer security... True. But, lets face it, they also stick their head in the sand for everything else (the machine's about to crash.... -Oh, is that a bad thing? the software that you have a month to turn out won't work and will destroy your credibility.... - Yes, we know. Mine is better.... - It doesn't matter)
Other than that, I thought the rest of the article was pretty pedestrain... Actually, the title was kind of witty (would have been wittier if it were: "Phear and L0phting in Las Vegas" or maybe "Ph3ar and (ip)Flooding in Las Vegas")
Re:THE TRUE MESSAGE OF DEF CON (Score:1)
Check out the Sept 1999 and Oct 1999 archives over at the lynx-dev Mailing list archives (http://www.flora.org/lynx-dev/html/) for messages with subject headers of "Re: lynx-dev Re: Licensing Lynx" and "Re: lynx-dev More on lynx copyright". Brett's been a busy little troll. Basically he and a bunch of his pals wants the lynx-dev group to "to allow them to use the code of Lynx in proprietary software packages, saying that this will help your "colleagues" compete with Microsoft." Yeah right. It's basically Brett's ranting about how the GPL won't let him and his cronies steal the work of other people again.
Questions for Brett Glass (Score:1)
Back doors in open source (Score:1)
But think of the challenge of trying to hide a potential exploit in plain sight! This is exactly the sort of challenge (and glory) that "eleet" hackers -- particularly the type who like to grandstand -- crave.
Also, what better way to get people to trust your backdoored code? You can say, "See? I'm not hiding anything; it's open source!" And many naive folks, who thought they were sooo clever not to use the closed source version, will believe, and will be suckered into using the program. I hope you can see how utterly delicious such a notion would be to certain hackers.
As for the CIH incident: While I'd like to think it was an accident, it would be (again!) an incredibly tempting prank for those bent on mischief.
--Brett
Re:Use of quotes (Score:1)
P.S. And MLA format specifically addresses the use of quotes to indicate skepticism as being incorrect. If I carried my book (Reasoning why college is bad for programmers.. they teach them english) I would point out the exact verbage. xerithane.karma--; xerithane.gratification++;
-= Making the world a better place =-
Check your speling. ;-) (Score:1)
As for the movie title: it was in italics in my original text. But copy editors often change things; in this case, it was mapped to quotes. Not strictly correct, but perfectly clear.
--Brett
Re:If you goto Defcon you are a loser (Score:1)
Or if you do you don't deserve any respect. Haven't people got over the vain, shallow boasting stage yet? That's so juvenile!
Instead if you want to be appreciated and considered a doberman, hack unix code for a few years, then you will realize that going to a stupid-ass convention won't make you anyone. Hacking has nothing to do with how you look, act, talk, or who you hang out with.
Seems reasonable. But consider, some people don't go to these events because they think that it will make them "real" hackers. Some people (gasp!) attend because it's a fun party. So it doesn't make them hackers. Neither does it make them losers.
Flawed logic follows:
Some losers attended DEFCON.
(insert name) attended DEFCON.
Therefore, (insert name) is a loser.
Re:Back doors in open source (Score:1)
Sorry about the formatting. (Score:1)
The future of cracking (Score:4)
So, to begin, where is the future of cracking (hacking/whatever it is GC (geek chic) to call attempts to trespass into electronic information spaces and either gather or disrupt data) heading in the next century? The fact of the matter is that it is heading away from the majority of us. Computer security systems (real computer security systems) are becoming harder than even to break.
While movies like War Games inspired us all to crack to the launch mechanisms of the U.S. nuclear missile defense, those days are gone. Truly secure systems are only available for acces locally, while important national systems are better protected than ever by the crackers of yesteryear.
What this all leads up to is that the only people left will truly be able to wreak havoc are the government and big corporations. Only they have the computing power and the money to be able to work past strong defense systems.
And at the same time, I see this electronic power becoming more and more important. So what kind of future do we have to look forward to? Well, I believe that electronic terrorism (or government/corporate action, when it comes down to it, there is really little difference beyod perspective) will bring the world to a standstill. My question, is will that bring about a world like that seen in Rollerball (great movie) with Corporations splitting up the world between them, or a 1984 scenario with Big Brother becoming all powerful because all of our lives can be catalogued electronically.
When I think of conferences like DEF CON, I wonder if there purpose should not be to prevent futures like this. So while I am not in support a violently breaking the law, or causing others intentional hurt, I so long live the hackers and even the crackers, for they may be the only hope for a medium between two horrible futures.
Non convincing (Score:2)
Ok, now that I feel better about that I can say what I think about him and the article. Most of his points were fairly
-= Making the world a better place =-
Re:Some things: (Score:1)
So, I posted my original message, and re-listed the comments page. And there it was, plain as day, the followup to a critical comment, made by B.G. posting as an A.C. !
8) B.G. can't let a good flame go. He'll have to followup to each and every one of them, making this topic a 500+ followup by Monday noon.
Re:The future of cracking (Score:1)
Re:Some things: (Score:1)
Being a 12yr/o I'd say that comment was... (Score:1)
Motive (Score:1)
This in fact is a question I have grappled with (don't read that as overly dramatic) when recently reading Tad Williams Outland series. Albeit, I'm only half way through the third book, but I don't understand how the Grail Brotherhood hopes to live in VR in perfect safety as Gods. Regardless of whatever they create, they will still be vulnerable to attacks on there bodies in the real world.
However, to come back to my point, what I was trying to look at in my comment was a plausible future. While there may be groups that destroy various phonelines/datalines for whatever reason (anti-tech, anti-phone, wireodestroyomaniacs) but they will not have the same motive of power and control that I see governments and corp.s having.
But then again, that might just be another tool they use. In general, however, it all comes down to the stunning conclusionary theme in War Games. In a nuclear war, no one can win. If the war becomes the destruction of the hardware supporting the internet, then in the end, we just destory what we have created without gaining anything in the process.
But again, these are governments and corporations we are referring to. For them, too often it seems that a mutual loss is an acceptable goal.
THE TRUE MESSAGE OF DEF CON (Score:1)
Our hackers ??
As in the people we/I own or control ??
what a kook!
Sorry but I had to say it......
End_Vent=true
another writeup! (Score:1)
my writeup isnt nearly as uhm... formatted as his is. i didnt use proper anything.
the write up is at
http://pluto.spaceports.com/~disc0re/defcon.txt [spaceports.com]
i also got some pictures up here [spaceports.com]
it was a great conferance and i highly suggest going next year if you can make it!
tyler
Re:Some things: (Score:1)
Point 4 is kinda correct actually, RedHat builds a distribution, and they distribute it.
I don't believe that they charge for any of the actual contents of the CD. I'm sure I could be wrong, but that seems to be how they would get around licensing issues. I need to re-read all the licenses again, I should know better what I'm talking about.
He's also sorta right about point 6, I'm sure that you *could* hide stuff in source, but its so pointless if its open source anyways
Regardless of this, I think Mr. Glass is a first class twit-of-the-media and should be debunked as often as possible, and as publicly as possible.
Some things: (Score:2)
1) Brett Glass pointed out *his own* article. That has to be some indicator of cluelessness and/or hubris.
2) He's a MORON. He obviously didn't use the DeMoronizer to fix up the Microsoft Stupid Quotes.
3) What's with the^H^H^H^H^H^H^H^H^H^H^H^H^H^I Love the Hair!
4) If you read what this guy posts on Infoworld.com, you'll see that he's generally clueless compared to everyone else there. He is a critic of open source, but not a very good one. I seem to remember him claiming that Red Hat didn't sell Linux because Linux was free. Red Hat sold bandwidth, because they could mail a CD to you for an effective data rate of 670 Megs per 24 hours for FedEx. Ummmm. Sure.
5) He described BO2K as a trojan horse program. Would he describe PC Anywhere the same way? How about an admin tool released from Microsoft? These are all the same kind of program, and can be used or misused in a wide variety of ways.
6) Brett obviously has no idea what obfuscated code is. He claims that BO2K could have trojans hidden in obfuscated code. Heee hee haw haw.
7) Linux is just as insecure as Windows? Poorly designed and rife with security holes? That's a joke. For goodness sakes, MS Excel has a whole flight simulator hidden away inside of it. Where is the easter egg inside the Linux kernel?
Re:The future of cracking (Score:1)
Brett Glass is worse than clueless (Score:3)
I was at Defcon as a speaker, and
although *some* of the details of this
article were correct (eg great parties to which
windbags like Glass were not invited), overall this is a *horrible* piece on Defcon.
The CIH computer virus was found on
*copies* of the bo2k cd's distributed at
Defcon, not the originals, correct me if I'm wrong.
The idea that bo2k contains obfuscated
trojans is laughable, cosidering it's open
source. Leave it to Glass to connect the
dots... open source + GPL = plot to hide
backdoor. (?!) Brett... if you don't
trust the binaries, compile the source.
And if you don't trust the source,
then show us why... Maybe you
can contribute to some bugs that have already
been spotted and patched in bo2k [bo2k.com].
Of course, this is probably asking
too much from someone that's proud to
amid to secretly tape-recording
comments at a post-conference party and
consiers his own 10-year-old phreaking
activities a passport to the underground.
"one cannot trust the group's output and must regard it as not only untrustworthy but dangerous. "
fear + ignorance = loathing, that's understandable, but I'm disappointed
that Hemos referred to it as "Very well
written coverage".
Re:THE TRUE MESSAGE OF DEF CON (Score:3)
I wasn't able to decide if the author was trying to make jabs at the OSS realm or not -- he dismissed the GPL aspect of BO2k with the "obfuscation" claim, missed every ramification of an open source BO except for the concern of the script kiddies about trojaned exploits.
(aside: Kiddies don't read source. The claim that BO might be obfuscated in the identifier/whitespace sense is bogus -- it would reduce the point of GPLness to a PR tactic which would be quickly noted and cDc would be reviled for it, more than they already are. Obfuscation in the code-structure sense would merely make it unmaintainable, not unusable or unmodifiable)
... and, to resume, he seemed generally to propose (especially with your quoted excerpt) that the darker side of security research is somehow wrong and misguided and should go away (gosh, someone should tell that to street hoodlums), and that open-spec/open-source/open-attack security is somehow a bad thing. He did get right the part about how there's no common code of ethics -- an attribute he might find is shared by many sectors of street criminals, marketing executives and politicians.
He mentions also that defcon's a party, which is true enough, but then forgets that fact for the rest while applying his lofty judgement to the various frivoloties. Defcon is supposed to be gross, overstated and stupid -- it's a party. It's not a particularly serious meeting of minds, in any sense, and interpreting it as such leads to all sorts of depressingly absurd conclusions, such as those found in this article.
Poor boardwatch. They've gone downhill.
Re:Beware: Brett Glass is an anti-GPL fanatic. (Score:1)
I think Slashdotters' crusade against anti-GPL is also beyond reason.
Re:Some things: (Score:1)
Regardless of this, I think Mr. Glass is a first class twit-of-the-media and should be debunked as often as possible, and as publicly as possible.
One of the leading occupations of media twits is debunking other media twits. It makes for long, self-righteous columns unravelling other long, self-righteous columns. That gets added to a simpering "hard-news" corps whose main function is to give any new product its alottment of drool and "Can it beat X?"-type "analysis" pieces. Then add a lot of pandering to the big-name advertisers, and you have... the US technology press, both print and electronic.
(and, of course, I'm saying this while reading slashdot. oh well. :))
Re:Yeah, well.. (Score:1)
It wasn't strictly name calling, though I'm sure that there are others who would agree that he fits the dictionary definition. I was referring to his use of Microsoft tools that make their users look like Morons. The feature in question is the Microsoft Smart Quote, which turns a regular quote into a smart quote. MS Word and other programs write that smart quote into an undefined character, and on non-Windows systems the quote appears as a question mark. There is a program called the DeMoronizer that will fix these documents up.
I realize that my original article could be taken as a troll, but it's not entirely a troll. My point is that Brett Glass is well known for arguing against open source and free software on other forums, and for using goofy logic to justify himself. Falling victim to the MS Smart Quotes is just another indication that he's no techie.
Re:THE TRUE MESSAGE OF DEF CON (Score:1)
>common code of ethics -- an attribute he might
>find is shared by many sectors of street criminals,
>marketing executives and politicians.
Good Point.
But that's sorta mean to politicians to group them with marketing. *grin*
After reading many more Posts I start to get the idea about whats up with this guy.I allways get a little touchy when Media takes the attitude of My this and we need to, in such a possessive tone.
On the bight side;
* one can't control what he/she doesn't understand
* DefCon is meant to be Fun + Informative, so if he left concerned and confused, then he missed the point!
_Chunk
--Results may vary
Hmm..? :) (Score:1)
How anyone could tell whether or not I interpreted or misinterpreted anything from my post is clearly beyond my mental radar. Hee hee.. I didn't exactly say a whole lot. =P
Re:I asked tough questions, it's true. (Score:1)
Not sure why you would be convinced of this when you have no evidence.
As I'm sure you're aware, you can't just "infect" the ISO image of a CD with a virus.
As you *should* be aware, CIH is an .exe infector.
You must do so at an earlier stage, while the .EXE file is still present in its original form. So, the idea that a machine used only to burn the disks contained the virus doesn't wash. The virus must have been present on the machine where the CD-R image was prepared.
Doesn't sound like you've done much CD burning. I haven't either, but even I know what's wrong with this statement. If, at any point, the files were copied to a writeable media (i.e. the harddrive) they could become infected. On a machine with one CD drive (the CDR) there are two choices: Make an image of the CD, or just copy the files to a temp directory on the harddrive.
For such a small image, I probably would have just copied them to a temp directory,too.
Brett (Score:1)
He's had his 15 minutes ... please
I'd rather . . . (Score:1)
This piece was weak on social insights and nil on technical insights. In addition, Glass has an "illusive" grasp of spelling.
Finally, to cap it all he proposes bringing in the Guardian Angels or something to police the net. Erm, Brett, they already tried. Even as a ha-ha joke this is a bad thing to bring back up.
--------
Guess you haven't read my comments in this thread. (Score:1)
As for the Guardian Angels: What would you propose instead? Certainly there must be some accountability for irresponsible actions taken on the Net. Would you rather that we, as Netizens, self-police -- or have the government do it for us?
--Brett
worse than clueless = a few generations too late (Score:1)
this industry moves much too quickly for people like Glass to even *be* clued. not saying it's impossible, just that he thought he was already in.
-Re: ethics
just a quick comment (i'm not going for status on this post) -- hackers and crackers DO have ethics. that's why the two are distinguished. crackers are lame "kiddie" renditions of hackers, who are the more mature. that's relative, of course. most hackers i know are under 21...
nevertheless, as The Red Book taught us all, no UNIX system can be truly secure *ever*. We may as well stop trying.
At some point, I am going to use this new slashdot username i've recently perloined and go into a big rant on free information and ultimate communication. maybe i'll just write rob and jeff instead...
--kaspar
Did you read the article? (Score:2)
--
The truth about DefCon (Score:1)
I have been constantly confounded by so called 'media' that attempts to find a central theme of DC. The only reason it existed in the first place, was for a bunch of people to get together and hang out. That is still its main focus. Granted there are:
"wild, wild parties -- some open, some whose locations were known only the "right people."
However, the purpose is still the same; now not only the original inner circle meets, but literally hundreds of other groups are doing likewise.
The most accurate theme to apply to DefCon is, "Geek New Year". OK, so we don't have fireworks and dragons, but rather Electonica and the CDC, DOC, DD, et all.
Furthermore, for the author to blast the CDC for its antics is ill informed. He didn't even bother to ask Dildog why he spent the time to code it. Obviously they love publicity. And for them to get into the national media and TV was the Ultimate Hack @ DC7.
If you don't like the smoking...DON'T COME. It's Vegas, smoking is legal, it's 110 outside... go to the damn concession stand... No, better yet, go cover something that your might actually have the ability to grasp.
RANT:
/RANT
Finally, insofar as the social engineering contest goes. We wanted to entertain the real attendees, not to prove that people are uber-31337. Those that violated the spirit of the show by recording the contest, I have no respect for you.
And for those that wonder about me: Yes, I work for a TLA. And, YES I'm a Goon... and damn proud of it.
A personal favorite from Con. [713.org]
-Section9
Re:Defcon... (Score:1)
I'm looking forward to H2000, as well, but I don't have to put DC down just to elevate myself...nor do I have to resort to anonymously posting flame bait.
-Section9
You can tell that Jack Rickard is gone... (Score:1)
All I got out of this article is that hackers like to smoke?
There is no hacker ethic?
cDc can't trust themselves?
The self submission (if that was the case) doesn't help either.
http://www.mp3.com/fudge/ [mp3.com]
Lack of ethics are in most businesses (Score:2)
There are a number of groups trying to change this (such as UNESCO) but I suggest people take a look at the pledge campaign at the Student Pugwash USA web site (http://www.spusa.org/pugwash/ [spusa.org]) as the site has a stock of documents related to ethics and technology.
Re:THE TRUE MESSAGE OF DEF CON (Score:2)
His arguments on the Infoworld Electric fora were thoroughly refuted and he hasn't been seen there for a while.
The gist of his opposition to the GPL is that it prevents people making money off software. Any attempt to disprove this (Look at Red Hat etc) met with personal abuse, denial, a change of subject, or silence.
I think the real reason is that his beloved FreeBSD is released under a licence he considers to be better, yet it's the GPL'd Linux which is running away with the press and the userbase.
--
Re:Some things: (Score:1)
jsm
Re:Ah, but reformatting may not help. (Score:1)
Linux is a moving target. For how long has the source to 2.2.12 been open? Of course it's not possible to guarantee zero security holes, even where the source is available. The question is whether or not opening the source is a benefit to bug-spotting; the answer is a priori yes.
Hamish
Re:Non convincing (Score:1)
You saw quotation marks? I simply saw question marks all over the place. I guess it is asking too much for a site called "internet.com" to be able to use a proper character set. There didn't seem to be any problems with the well over a dozen occurrences of parentheses, though.
Furrfu!
Those are bad habits for a writer, Brett - lose them, but quickly.
--
Re:Some things: (Score:1)
I hope you don't take these posts to the heart in generating "karma" cause if you do I'd personally rate you a basher...
1) Brett Glass pointed out *his own* article. That has to be some indicator of cluelessness and/or
hubris.
He made some strong points in the article about the influx of those who have no ethics and it's painfully obvious, but for a "clueless" reported to notice this would be what?... a guess? Don't be so quick to judge.
2) He's a MORON. He obviously didn't use the DeMoronizer to fix up the Microsoft Stupid Quotes.
There go those karma points you worry about
3) What's with the^H^H^H^H^H^H^H^H^H^H^H^H^H^I Love the Hair!
4) If you read what this guy posts on Infoworld.com, you'll see that he's generally clueless compared to everyone else there. He is a critic of open source, but not a very good one. I seem to remember him claiming that Red Hat didn't sell Linux because Linux was free. Red Hat sold bandwidth, because they could mail a CD to you for an effective data rate of 670 Megs per 24
hours for FedEx. Ummmm. Sure.
5) He described BO2K as a trojan horse program. Would he describe PC Anywhere the same way? How about an admin tool released from Microsoft? These are all the same kind of program, and can be used or misused in a wide variety of ways.
I'm sure Microsoft wouldn't embded backdoors other than those used by the NSA on them
6) Brett obviously has no idea what obfuscated code is. He claims that BO2K could have trojans hidden in obfuscated code. Heee hee haw haw.
How do you explain those cDc backdoors?
7) Linux is just as insecure as Windows? Poorly designed and rife with security holes? That's a joke. For goodness sakes, MS Excel has a whole flight simulator hidden away inside of it. Where is the easter egg inside the Linux kernel?
What he should've said is Linux could be as insecure as Windows in the story. Truth of the matter is if you haven't kept up on security issues, Linux does have some problems as much as Windows does. Haven't you read any BugTraQ postings? Just about every other week they're finding some sort of overflow on Linux. Personally I think it's just crappy admining but for the most part linux can be just as insecure as Linux can be... but I wouldn't know I use OpenBSD
Re:Don't blame the author for the formatting. (Score:1)
Over using quotes is not a good way to write. Quotes are for quoting, not for emphasizing a point.
-= Making the world a better place =-
Re:The future of cracking (Score:3)
Not true. Real computer systems are becoming horribly more complex, and therefore have more holes. True, some of the low hanging fruit is gone, but I still see the same stupic mistakes being made all over the place, just usually not in the same place twice.
While movies like War Games inspired us all to crack to the launch mechanisms of the U.S. nuclear missile defense, those days are gone.
I disagree. We're seeing far more goverment sites broken into now than we have in the past.
Truly secure systems are only available for acces locally, while important national systems are better protected than ever by the crackers of yesteryear.
No, they're connecting them to the Internet as fast as they can. The level of clue relative to the number/ability of attackers is decreasing, not increasing.
What this all leads up to is that the only people left will truly be able to wreak havoc are the government and big corporations. Only they have the computing power and the money to be able to work past strong defense systems.
This would seem to demonstrate a lack of understaning about how hacking works. I only need lots of computing power to crack crypto. I can do any of the other hacking I need from a $299 PC. It's not about resources, it's about using your head. Resources never hurt, but they are certainly not required.
And at the same time, I see this electronic power becoming more and more important. So what kind of future do we have to look forward to? Well, I believe that electronic terrorism (or at/corporate action, when it comes down to it, there is really little difference beyod perspective) will bring the world to a standstill. My question, is will that bring about a world like that seen in rollerball (great movie) with Corporations splitting up the world between them, or a 1984 scenario with Big Brother becoming all powerful because all of our lives can be catalogued electronically.
If the corporations hold "the power" then they will be the victims of "terrorist attacks" rather than perpetrators, no?
When I think of conferences like DEF CON, I wonder if there purpose should not be to prevent futures like this. So while I am not in support a violently breaking the law, or causing others intentional hurt, I so long live the hackers and even the crackers, for they may be the only hope for a medium between two horrible futures.
The purpose is exchange of information, without regard to the intentions of those who receive it. The current game is very much "pay attention, or lose." The good guys can't find out without the bad guys knowing. So, be one of the good guys paying attention to what's being said.
Re:Martha Stuart with a beard!!! (Score:1)
The BO equivalent for Unix has been there for years. We call it "telnetd" and "X".
possibly the most irritating reporter I've met (Score:2)
He also JUMPED on the fact that I slipped and said "infected"... yeah, that MUST be a sign that I REALLY think bo2k is a virus, 'cuz otherwise - after correcting literally dozens of media who used that (incorrect) terminology - I wouldn't have made that slip EVEN ONCE. Never mind that even if BO2K were a purely malicious trojan horse (it's not any of those things) a machine still wouldn't be INFECTED with it, because it STILL wouldn't be a VIRUS.
Finally, I'm not sure where his whole theory about one of us secretly putting CIH on those CDs... why would ANY of us want to make cDc look that stupid? Has anything else we've ever done indicate that we operate that way? Clearly not, but just as clearly, this loser didn't pay much attention to how we do things, choosing instead to feature the conspiracies he chose to see before even talking to any of us.
This isn't reporting. It's paranoid ranting based on a weak, unsubstantiated, and indeed, already disproven version of the facts.
I mean, really. We fucked up and let somebody burn CDs from a machine infected with virii, and then we fucked up doubly by refusing to believe that could have happened. We admitted as much on cultdeadcow.com a couple weeks after defcon... If we could have possibly laid the blame anyplace besides our own slipups, don't you think we would have?
I wish everybody who read this column, Hemos, and everybody on slashdot, could have seen how consummately unprofessional this "reporter" was at the press conference he attended.
And no, we didn't invite him to our party.
- tf
Arggghhh (Score:1)
Brett Glass is an idiot.
CC
Uh comment on abortion way off. (Score:2)
Re:jeez, the author is a twit (Score:1)
Yeah, well.. (Score:2)
I believe you missed a point..
9) He makes a point of saying hackers and crackers, but then goes on to use the two words interchangeably. If that is not an indication of cluelessness, I don't know what is.
Um, another clueless luser, perhaps..? (Score:1)
Practically everything you said is an indication to me that you are either attempting to troll, or.. no, I won't bother flaming too much today. I'll just examine the point you made which almost made sense as opposed to the others which were apparently the work of an underdeveloped brain..
Any OS could be insecure.. If you want total security, don't install any new applications, and don't connect yourself to a network. OpenBSD would be just as subject to security holes as GNU/Linux if you installed the same easily exploitable application onto both systems. OpenBSD may be the most secure "out of the box", but do you expect me to believe, for even one second, that you have never ever installed any other application onto your OpenBSD system since you've got it? Even if that were true, I think you're missing the entire point of having a computer. So.. next time I suggest using the preview button ("Linux can be just as insecure as Linux"??), and I highly recommend you actually try thinking for once in your life. You obviously haven't been lately.
I'm sick of clueless fanatics trying to press their opinions onto us as if they were documented facts. I don't make up shit about *BSD, so why should others make up shit about GNU/Linux? Because they're bitter? Because they're fscking idiots? They want more "mind share" and will do anything to get it, including lie their asses off? It seems the more *BSD folks I meet, I find that almost all of them are assholes and liars. Damn, I want to join that community right away.. However, I know that the grand majority of *BSD users are probably good people, despite what I think of those I have met so far. As such.. Would the actual "clued in" *BSD advocates please be more vocal than those who do a disservice to *BSD users everywhere, and make it so that the signal/noise ratio appears to be a little higher from that community than it looks like right now? =P