AOH :: P57-0X04.TXT

Phrack 57 File 04: Editorial policy




                            ==Phrack Inc.==

               Volume 0x0b, Issue 0x39, Phile #0x04 of 0x12

|=-------------------=[ THE PHRACK EDITORIAL POLICY ]=-------------------=|
|=-----------------------------------------------------------------------=|
|=--------------------------=[ phrackstaff ]=----------------------------=|


         "Scholars and academics naturally tend to believe that formal
          knowledge is the most important way of knowing, and perhaps
          they are right, yet even so it is not formal but common
          knowledge which informs nearly all the day-to-day decisions
          and actions people take, even the most learned among them."

                       - William Gosling [Gosling, 1995]


----|  1.  Introduction


Because the editorship of Phrack has moved from being solely under the control
of one person (route) to a group of "phrack staff", it is valuable to reiterate
the editorial policy for the magazine.

Please note that it is not the intention of this article to describe
requirements for what we will or will not accept for publication.  The goal is
to provide a number of pointers for authors which they will hopefully find
useful when writing articles that they intend to submit.

Firstly, we wish to stress that we are dedicated to continuing and improving 
the reputation Phrack has for publishing interesting and original articles.

Articles published in Phrack have always fulfilled two general criteria:

1.  The research described in the article is original and new.

2.  The article is well written.

This has always been what Phrack is all about and it will remain that way.
Each of the sections below describe things to keep in mind if you intend
writing and submitting an article for the magazine.


----|  2.  Subjects for Research


We will never specify particular technology areas that authors should
concentrate on.  What you choose to write about is entirely up to you, assuming
of course that it is related in some way to information security!

Many articles published in Phrack in the past have concentrated on an
individual concept or an individual technology and we would like to see
articles that combine concepts to create new ideas.  For example: distributed
denial of service tools exist because of work done on network agents that can
be remotely controlled.  What other ways can network agents be employed?
Certainly for distributed password sniffing (roll your on Echelon...) and
distributed network scanning, but also for worms and even as agents programmed
to perform autonomous network penetration.  We are as interested in the
evolution of existing ideas as we are in research on entirely new subjects.

A good example of this type of thinking is the editorial written by route in
Phrack 53.   His article describes the properties of server-centric attacks
that most people are familiar with.  In addition however, he talks about
client-centric attacks - an idea which only seems obvious in hindsight and that
certainly deserves much more attention.


----|  3.  Writing in Plain Language


Multiple Phrack articles have been "put into plain language" for general
consumption by third-parties such as online news outlets.  They have taken
the ideas presented in Phrack articles and described them using language and
analogies that their readers can understand.  With concepts such as
distributed denial of service and buffer overflows it is not necessary for the
reader to understand the subject at a very technical level in order to
understand the underlying idea.

It is a fact that as subject matter becomes more technically esoteric and
complex the audience that can understand that type of information gets smaller
and smaller.

When writing about technical subjects it is tempting to write in highly
technical language (and I admit that I am sometimes guilty of this myself), but
please take into consideration the fact that the audience for Phrack is at
varying levels of technical competence;  this is a fact of life.  In addition,
many of the readers of Phrack may not have English as their first language and
this makes it especially important that articles are clear so that we can
maximize the readership.  There is no shame in writing in simple language.

For these reasons we encourage submissions to Phrack to be written in language
that is not excessively technical.  We appreciate however that this is 
difficult to do when writing about subjects which are technical by their very 
nature.


----|  4.  Full Expansion of Ideas


A good article becomes a great article when the idea being presented is carried
through to its full and logical conclusion.

For example: Phrack has published a number of articles on evading network-based
intrusion detection systems (IDS).  Assuming that we have a new technique to
document that allows us to bypass most IDS; of course the article must include
a description of the theory behind the technique, but to make the article
complete is should also include:

*    A description of what fundamental mistake the designers of the IDS made to
     allow the technique to work.

*    A section in the article on what can be done to mitigate the risk of the
     technique.  For example: a patch or a change in the way an IDS is deployed
     or used.

*    A discussion of other technologies that may be affected by similar
     techniques.  For this example this could be firewall technology that
     attempts to perform signature-based content analysis or even anti-virus
     software based on a misuse-detection model.

We encourage ideas to be presented fully and in a way that does not simply look
at the technology in isolation.


----|  5.  Using References


Putting references to other pieces of work has become almost standard practice
for Phrack articles.  This is a very good thing because it allows the reader to
continue their research into the particular subject.

At the end of your article, the list of references should include the author,
the title, the date of the work, and also a URL for where it can be found
online.  For example:

[Stewart, 2000]  Andrew J. Stewart, "Distributed Metastasis: A Computer
                 Network Penetration Methodology", September, 1999. http://www.
                 securityfocus.com/data/library/distributed_metastasis.pdf

In addition to references for related pieces of work, we would like to see
references to any materials that you found useful when performing your research
for the article.  This could include books, manuals, materials found online,
and so on.

Any suggestions that you may have for follow-on work should be included.
Perhaps you are aware of a related technique that might work but have not had
the time to investigate it: include this in your article.


----|  6.  Conclusions


This article should in no way be viewed as an attempt to force people into
writing Phrack articles a certain way.  These are simply some observations
about what has been done in the past and could possibly be improved upon in the
future.  Happy writing!


----|  7.  References


[Gosling, 1995]  William Gosling, "Helmsmen and Heroes - Control Theory as a
                 Key to Past and Future", 1994.

|=[ EOF ]=---------------------------------------------------------------=|


AOH Site layout & design copyright © 2006 AOH