AOH :: ISN-2973.HTM

Re: Hacking Black Hat

Re: Hacking Black Hat
Re: Hacking Black Hat

Forwarded from: security curmudgeon 

: By Ira Winkler
: I had some issues with last week's column from Frank
: Hayes on "quack hackers" -- 

I had some issues with this week's Ira Winkler ego stroking masturbatory 
fluff piece reprinted in ...

: specifically, with his apparent belief in hackers as some generally 
: noble breed. I believe I first met Hayes when he covered my presentation 
: at the Black Hat conference back in 1997 or so, where I'm sure he also 
: gained exposure to some of the less-than-honest "honest hackers." 

Am I misunderstanding you, or are you suggesting that a significant amount 
of the speakers and/or guests at BH 97 were "less-than-honest 'honest 

Dominique Brezinski
Chris Goggans
Ray Kaplan
Jeremy Rauch
Bruce Schneier 
Peter Shipley
Adam Shostack
Richard Thieme

Ira Winkler
Miles Connley

Now, please, tell me which of those people fit your description (that
I quoted above). I have broken the speaker list into two easy to
define groups (in my eyes), the first being people I know to some
degree or another, that I don't think you can say a word about any
more than would apply to yourself. The second, the people that might
be questionable from my perspective.. three because I simply don't
know (or remember) them, the fourth .. well you know.

Please, tell the world which of the people on the top list are
less-than-honest about anything. Which one of them committed
transgressions that were worse than any of your own Ira.

: I also believe that he has enough exposure to see through the 
: stereotypes that are out there.

Even the stereotypes you have been helping to solidify for a decade?

: The hacker stereotype is that of a socially inept genius spending all 
: his free time in isolation in front of his computer -- driven by 
: never-ending curiosity, striving to understand the intricacies of 
: computer systems and breaking through social and technical barriers to 
: overcome adversity and make the only true advancements in computer 
: security. Again, that's the stereotype.
: I have to admit that the socially inept aspect appears to be accurate
: (see "So, what's wrong with being an introvert?"). 

Hi Ira, you ignorant jackass. You have completely divorced yourself
from reality and lost any credibility you might have had twenty years
ago. Even these days, the stereotype is long past that introverted shy
kid in the basement, transformed into bigger and different things.
Hell, you fall into the same trap that so many journalists do, using
the 'hacker' name in ANY context without qualifying the meaning in
advance. Even those cluebag journalists have finally caught on, giving
the 'hacker' term a bit more leeway than before. It's ok, hold on to
your precious monkey anecdote.

: I'll grant that there may have been a justification of sorts for
: hackers to infiltrate systems, once upon a time. The original hackers
: may have had to intrude on computer systems because there were few

Err, the original hackers had nothing to do with breaking into
systems.  Are you pigeon-holing 'hackers' to mean what you want it to,
again? Or are you completely ignorant of the twenty years (or more)
before the term 'hacker' came to mean someone that broke into systems?
How can you pretend to lay into a journalist for this type of
reporting, when you are just as guilty as those you seek to wave your
ego at?

: As systems and documentation became more widely available, the emphasis 
: on actual technical prowess diminished, and we saw the rise of hacking 
: scripts. Those prewritten tools allowed any inept person to take over a 
: system that was ineptly protected -- hence the derisive term "script 
: kiddie" for a person who cares more about attacking a system than 
: learning about it.

 *  C L O A K
 * Wrap yourself in a cloak of darkness (heh heh heh).
 * Michael S. Baldwin, Matthew Diaz 1982
 * Marcus J. Ranum - 1983 - complete re-write and munging
 * added more options, and all kinds of evil - including the
 * ability to vanish from wtmp and acct as well as utmp. Added more
 * error checking and useful command syntax. Now you can attribute
 * all *YOUR* CPU usage to others when playing hack !!!


        Marcus Ranum 1985
        usage: spy &
        the program will exit cleanly when you log out.

This was pure learning, eh Marcus? The script kiddies that used this a
decade later probably didn't think so.

: Genuine security researchers would not wait to reveal vulnerabilities at 
: Black Hat. They would contact the vendor responsibly as soon as they 
: discover the problem to have it corrected. On the other hand, hackers 

On the other hand, it might actually be that they HAD contacted the
vendor and agreed that a presentation at BlackHat was a good time for
public disclosure of the vulnerability. Or maybe we could argue that
geniune security researchers would not wait until they found a way to
work their research into a business model before releasing said
information to the masses?

HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: 

Site design & layout copyright © 1986-2014 CodeGods