Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
SunWorld interviews Jericho, Phiber Optik, and RFP

By Anonymous Zero in News
Wed May 10, 2000 at 01:00:57 AM EST
Tags: Security (all tags)
Security

An interesting feature in SunWorld this month called "Hacker's toolchest" calls to question the value of some high-priced professional security auditors that simply run a port scanner against your network, print the output of the scanner, then charge you thousands of dollars for the printout. Hardly a professional audit. For a much better insight on how a real attack on your network would go down, Carole Fennelly interviews Attrition.org founder Brian Martin a.k.a. Jericho, 2600 contributor and phreaker legend Mark Abene a.k.a. Phiber Optik, and regular BUGTRAQ poster Rain Forest Puppy, the bane of Microsoft. The three discuss how they conduct professional audits and a few of the basic tools they use such as binfo.c, nmap, ghba.c, and whisker.


Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o "Hacker's toolchest"
o Attrition. org
o Also by Anonymous Zero


Display: Sort:
SunWorld interviews Jericho, Phiber Optik, and RFP | 18 comments (18 topical, editorial, 0 hidden)
No interview with security experts... (4.00 / 2) (#3)
by evro on Tue May 09, 2000 at 05:49:59 PM EST

evro voted 1 on this story.

No interview with security experts can be complete until you hear from John Vranesevich, the king of online security.
---
"Asking me who to follow -- don't ask me, I don't know!"

IMO, there shouldn't be a "Attritio... (5.00 / 1) (#2)
by mattc on Tue May 09, 2000 at 06:01:47 PM EST

mattc voted 0 on this story.

IMO, there shouldn't be a "Attrition Defacement Mirror." It just encourages script kiddies - "Gee look, I'm famous!" Besides that, the article is very good.

Re: IMO, there shouldn't be a (none / 0) (#7)
by your_desired_username on Wed May 10, 2000 at 01:27:03 AM EST

Go thumb through that defacement mirror.

If you ever need proof that 99% of script kiddies are dull, unimaginative, and repetitive, there it is.

[ Parent ]
Re: IMO, there shouldn't be a ...you have fuzzy lo (none / 0) (#12)
by tidepool on Wed May 10, 2000 at 09:18:30 AM EST

IMO, there shouldn't be a "Attrition Defacement Mirror." It just encourages script kiddies - "Gee look, I'm famous!" Besides that, the article is very good.

Hrm. Your logic is kinda fuzzy. Do you also believe that there should be no 'cops' TV show, no 'americas most wanted' TV shows / posters, etc?
Just because it may encourage script kiddies, it also gives 'law enforment' (and I use the term lightly) some information to go by. If 3/4th of these were not mirrored, you can bet your ass that the companies would not alert the public that they had been 'hacked'. It would be swept under the rug, and dealt with internally.

I'm not sure this would be a good thing for the companies associates. So, in my eyes, the Attrition mirror is a 3rd party area that 'proves' a site has been broken into - or at least reassurance.

-Ben
tidepool@suspicious.org

[ Parent ]
Re: IMO, there shouldn't be a ...you have fuzzy lo (none / 0) (#13)
by mattc on Wed May 10, 2000 at 11:32:48 AM EST

Well, "Cops"-type shows make the offenders look like idiots (which they are), so I think it is a good thing. :-) On the other hand, committing a computer crime is seen as "cool" by some.

Having a page that proves a company has poor security is a good idea, but how many people really look for something like that before they do business with the company?

BTW, i meant to vote this story +1 but I hit submit by mistake.

[ Parent ]

Re: IMO, there shouldn't be a ...you have fuzzy lo (none / 0) (#16)
by Marcin on Wed May 10, 2000 at 07:04:45 PM EST

Well, "Cops"-type shows make the offenders look like idiots (which they are) [...]

"Put your hands up, all of them! Thaaaat's it.. and unblur your face!" "Oh maaan!"

Futurama rocks. :)
M.
[ Parent ]

.RFP is cool ... (2.67 / 3) (#1)
by davidu on Tue May 09, 2000 at 07:18:56 PM EST

davidu voted 1 on this story.

.RFP is cool

No comment on this one. RFP is a go... (4.00 / 1) (#5)
by tidepool on Tue May 09, 2000 at 09:33:46 PM EST

tidepool voted 1 on this story.

No comment on this one. RFP is a good friend, so it's an instant +1. The article itself is good - it even tries to define hacker from cracker - something that usually suggests the that following article will be full of FUD. This was not the case for this article.

I think they should have lined up J.P. From antionline.com, it'd have thrown a aspect of humor into the article.

-Ben

Re: No comment on this one. RFP is a go... (none / 0) (#15)
by CF on Wed May 10, 2000 at 01:09:56 PM EST

Now that *would* have been funny! Why didn't I think of that? Ask JP to explain in technical detail his techniques..;)

[ Parent ]
Script kiddie audits for script kid... (5.00 / 1) (#4)
by cthulhu on Tue May 09, 2000 at 09:40:33 PM EST

cthulhu voted 1 on this story.

Script kiddie audits for script kiddie tactics.

The writeup is a bit short, but it ... (none / 0) (#6)
by Qtmstr on Wed May 10, 2000 at 12:38:29 AM EST

Qtmstr voted 1 on this story.

The writeup is a bit short, but it is interesting. Can't companies be sued if they advertise a "full security audit" but do not provide it?


Kuro5hin delenda est!

Here I go again... (none / 0) (#8)
by TomG on Wed May 10, 2000 at 03:30:56 AM EST

The article is still referring to hackers the way most the media does. Basically they think that hackers are people who break into computers, or try defend against the same. The first is just annoying, the second is partly true, but only partly. I don't like reading this or seeing it posted in kuro5hin.

Re: Here I go again... (4.00 / 1) (#9)
by friedo on Wed May 10, 2000 at 05:42:25 AM EST

The article is still referring to hackers the way most the media does. Basically they think that hackers are people who break into computers, or try defend against the same. The first is just annoying, the second is partly true, but only partly.

Wrong - the media refers to script kiddies as hackers. These guys are hackers; they know what they're doing, and are respected in their fields. Just because they happen to specialize in security doesn't make them non-hackers or crackers.

- friedo
[ Parent ]

Re: Here I go again... (none / 0) (#10)
by TomG on Wed May 10, 2000 at 06:57:41 AM EST

Wrong wrong. The media refers to script kiddies, crackers and other assorted non-hackers as hackers. And I don't know if those guys are really hackers or not, because I stopped reading the article at the second or third paragraph.

[ Parent ]
Re: Here I go again... (3.00 / 1) (#11)
by dvicci on Wed May 10, 2000 at 07:50:29 AM EST

In that case... you would have missed the following (fourth paragraph, not including the summary):

"The term hacker has been abused by the media and by hacker wannabes to the extent that many people think all hackers are criminals. This is simply not true. For the purposes of this column, I'll define a hacker as 'an expert with informal training.'"

I can't vouche for the author's experience in or with (cr|h)ackers, but at least he's AWARE of the misinterpretation that runs rampant.



[ Parent ]
Re: Here I go again... (none / 0) (#17)
by TomG on Sat May 13, 2000 at 12:45:15 AM EST

I read that paragraph. That's the one I stopped reading. He says that, and he STILL uses hacker wrong.

[ Parent ]
Re: Here I go again... (none / 0) (#18)
by rusty on Sat May 13, 2000 at 01:06:43 AM EST

Don't overlook the fact that a hacker can be a cracker, and vice versa. One who breaks into other's machines can be a script kiddy, in which case the term would be "cracker", or they could be a skilled master of the art of kludging together elegant solutions to sticky problems, who happens to enjoy penetrating computer security, in which case they are both a hacker and a cracker. The key is that the two are not synonyms, in the same way that one can be a "truck driver" and a "master of ju-jitsu", but the two shouldn't be taken to mean the same thing, even when one can be both at the same time. :-)

____
Not the real rusty
[ Parent ]
Re: SunWorld interviews Jericho, Phiber Optik, and (5.00 / 1) (#14)
by CF on Wed May 10, 2000 at 12:27:13 PM EST

I am the author of the article under discussion, and I would like to clarify an issue that has been brought up in this forum and elsewhere:the hackers/crackers debate. True, the editor sensationalised somewhat in the summary. (You should see what he did to my reference to "Sneakers":/). As far as I can tell, there is no hacker certfication and everyone seems to have a different view about "What is a hacker?". For expediency, I tend to the common usage but avoid labeling hackers as "bad". I also used to tell people I took karate, when it was really Tae-Kwon-Do. Perhaps the hackers/crackers issue would make another topic for this forum. There's an article at: http://cbc.ca/news/indepth/words/hack.html on the subject that brings up some interesting points. Regards, CF.

SunWorld interviews Jericho, Phiber Optik, and RFP | 18 comments (18 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!