cultdeadcow.com · Domains · Slashdot Mirror

← Back to Domains

Domain: cultdeadcow.com

Stories and comments across the archive that link to cultdeadcow.com.

Stories · 16

Hacktivismo to Release Steganography Tool

Education · 2002-07-04 07:40 · posted by ryuzaki0 · from the say-cheese-in-pig-latin dept. · 201 comments

Anonymonkey writes: "According to this story at , a group called Hacktivismo will release a steganographic tool called Camera/Shy at H2K2 this year. Apparently, it will make it easy for persecuted political groups to hide messages in images. The group has links to the Cult of the Dead Cow, which is, of course, working on Peek-a-Booty."
On Hacktivism

Yro · Censorship · 2002-04-19 07:47 · posted by michael · from the mine-eyes-have-seen-the-coming dept. · 228 comments

z84976 writes "Oxblood Ruffin, of cDc fame, has produced a nice article discussing various aspects of hactivism and some of the approaches used by their own Hacktivismo group in supporting freedom (of thought, mainly) on the internet. Check it out over at The Register when you get a chance."
Bizzare Answers from Cult of the Dead Cow

News · News · 1999-10-22 04:30 · posted by Roblimo · from the people-mommy-warned-you-about dept. · 247 comments
Monday's questions for the Cult of the Dead Cow ranged from serious-tech to silly. Various members of the Cult answered appropriately. Great stuff! One warning: if you are offended by strong language or are a hacker under 18, you should not read this Q&A session. The Cult is one of those groups the assorted nanny-censor programs try to keep away from deity-fearing, good-citizen, mass-average folks because they're commie anachist no-gooders. Or something like that. (And we like them that way!) Click below to learn why these people are A Danger to the Established Order(tm).
tdsanchez asks:
How has the 'mission' and/or purpose of cDc changed as the years have passed, especially with the advent of pervasive internet connectivity and the 'death' of classic dial-up BBS's?
cDc answers:
Obscure Images answers: cDc's mission has never changed. We are still primarily motivated by the desire to dominate the world. I think that if anything, the growth of the internet has just been part of our plans for your tomorrow.
G. Ratte' answers: The mission has never changed... it's always been about us trying to do cool stuff. The Internet has just made it easier to communicate and it's a lot less hassle than when you had to worry about how fresh your long distance codes were, back in the day. Call my dead BBS! Demon Roach Underground, 806/794-4362. 2400 baud! Apple II, baby!
Nighstalker answers: The whole point of cDc is to communicate. While T-shirts and watches and BO2K are the glitz, the core of cDc is communicating to and with the world. The venerable T-File is the heart and soul of cDc and we will never abandon this most basic and venerable facet of the telecom/computer demimonde
Tweety Fish answers: We are currently in the process of training our massive, highly secretive ninja army.
M1000 asks:
How would you define the implementation of security on the major OS today?
- Windows95 / 98
- Commercial Unix
- Linux
- FreeBSD
- NT
- Windows 2000 (NT5)
- etc.
cDc answers:
Nighstalker answers:BR> If it's from MS, the security is crap. everything else is better by comparison. Linux is pretty good if you're a Linux guru. Same thing with any other flavor of UNIX. But no matter how good you are, there's someone out there who is better than you.
"The price of secure connectivity is eternal vigilance!" -- DilDog answers:
- Windows95 / 98 - Shit happens
- Commercial Unix - Shit happens over RPC.
- Linux - When shit happens, you fix it.
- FreeBSD - Shit would happen, but there's no driver for it yet.
- NT - Shit wouldn't happen if you'd just spend a few months performing 300+ modifications to our default installation, you lazy sysadmin. Get your MCSE.
- Windows 2000 (NT5) - Shit happens over DCOM.
--
Tweety Fish answers:
Except for Window95/98, which I would characterize as sucking ass across the board, there's no simple answer to that question. All of those operating systems are (resonably) securable, in theory, but if you want to make the job of securing a box easier, why not run OpenBSD?
xmedar asks:
There is an episode of South Park with cows worshipping a cow clock, and when it is removed by the people, the cows all jump off a cliff, now I've heard that refered to as the Cult of the Dead Cow episode, is it anything to do with cDc or are cults for dead cows just in fashion right now?
cDc answers:
Obscure Images answers: We would like to believe that we were inspirational to the creators of South Park, but we will defer to the obviously natural call of bovinity. -- Reid Fleming answers: Our lawyers will not permit us to comment upon the episode in question. -- G. Ratte' answers: Sure. I hear the next round of Calvin Klein ads will feature Kate Moss munching a big greasy cheeseburger as Kari Wuhrer cleaves an axe through a cow's head. And a roomful of Italian boys with no chest hair look on in quiet desperation. It's a scene straight from one of our industry convention parties. -- Nighstalker answers: The universe is a chaotic system. If Ratte had been screwing around in a sewage treatment plant, rather than an abandoned slaughterhouse, we cound have been called the Cult of Recycled Shit. That the guys from South Park had cult of suicidal cows may be our fault. maybe not. -- Tequila Willy answers: I know this episode well, and I've spent a lot of time studying the various interpretations of this episode. Though the Cult of the Dead Cow interpretation is a very plausible and popular connection to make, there is another very plausible interpretation that I think you will find interesting. The hands on the clock are metaphors for the phallus. The removal of the clock represents castration. The removal of the phallus limits sexual options and limited options are bad. The cows demonstrate their adherence to their principle of "maximum freedom or death" by jumping off the cliff. You might ask yourself, xmedar, whether you have any principles that you would be willing to die for. -- Tweety Fish answers: TV writers (comedy writers especially) tend to be unrepentant fanboys with computers and tight deadlines... you decide.
Effugas asks:
To the various illustrious(translation: I've worshipped you guys for the majority of my life) members of the Cult of the Dead Cow:
Moo.
That being said, I'd like to know what have been the most surprising events in the computer industry for you. Anything's fair game. What just came out of nowhere and knocked the Cult flat on its ass?
cDc answers:
Obscure Images answers: We haven't been knocked on our asses yet by anything that has happened in the computer industry. We're great at believing that whatever we see is directly caused by our underground efforts. We would be knocked on our ass if we didn't believe that. Oh yeah, Linus Torvalds is a cDc simulacra unit. -- Reid Fleming answers: www.realdoll.com www.jerkcity.com -- GA Ellsworth answers: http://www2.promisekeepers.org/ -- G. Ratte' answers: I'm mostly surprised by what hasn't happened. I thought floppy disks would get bigger and bigger 'til they became a 3-foot square, and you'd use 'em for kites when they went bad. I thought for sure bubble memory was going to take off, and pen-based OSes would rule the industry, and I'd have an Amiga clipboard computer running MS's BOB right now. It should have been Atari, not Microsoft. -- Nighstalker answers: Cheap powerful computers. Looking at the list prices of all my Commodore 128 gear shows me that the whole system cost more than a new iMac. Also, PDAs are pretty surprising, how they just suddenly seem to be everywhere. -- White Knight answers: What surprised me most about the computer industry is how much less attractive Kiki Stockhammer is in person. -- Tweety Fish answers: You know they got these things now that can take a picture and put it on the screen thingy? That's so cool!
sinatra asks:
A recent article (forgot the reference) characterized codc members as a bunch of social juveniles bound by no particular ideals, and lacking in both trust and personal respect for other members as well as the (cr|h)acker communities at-large. The evidence presented in the article however was limited to on-stage behavior and a virus of unknown-but-suspicious origin on a distributed CD. The codc archives paint an equally murky picture, depending on the reader's perspective.
So is there a codc code of ethics? Could such a thing ever be enforced?
cDc answers:
Obscure Images answers: I can't answer for everyone, but I will say that I am a moral relativist. I think that the morality of an act is dependent on the context of that action. As for a cDc as a group, we are a very close knit group, very nearly a family, and to think that there would be someone amongst us who would turn on us is an absurdity. The article in question was written by a well known fool who would fit in better at a meeting of the John Birch S ociety than a computer convention. -- Reid Fleming answers: No and no. -- G. Ratte' answers: Lacking in trust and personal respect? I wish I knew the article you're referring to, 'cause those are some pretty strange assumptions. But that's funny, that's interesting. We're the kids the newspapers used to write about being diagnosed with "Pac-Man elbow." We're the kids with the sore thumbs from Atari joysticks playing "Combat" through our adolescence. We're the first generation to grow up hearing a modem squeal every day after school. So if there's any lack of trust and respect for the (cr/h)acker community, it's self-loathing and it's all in the family. Familiarity breeds contempt. The only ethic is to not be, uh, k-lame. Spreading viruses is not good. -- Nighstalker answers: I read that article. The author is an ignorant twat.
For what it's worth, I trust my very life with any cDc member. I trust them implicitly.
I suspect that cDc individually and as a group is far more ethical than Microsoft. Anyone emails me, they get an answer directly from me, not some flack from marketing. -- Tequila Willy answers: Dear Sinatra, Who's codc? I've never heard of them. -- Tweety Fish answers: The nice thing about cDc is we're all cool enough, and all moral enough, that there really is no need for us to enforce much of anything. Personally, I'm constantly entertained by everything every other cDc member ever does, and I'd much rather have that than the 1700 page cDc Moral Guide.
Incidentally, the author of that article also thinks that Richard Stallman should be arrested and charged with monopolistic practices, so, you know, you shouldn't believe everything you read.
[bog-oh] asks:
You folks have been around for so long, surely you've seen the evolution of both terms. Are you quick to take a stand on misuse of either, or do you just take it all in stride? Some of the older security folks out there are damned sure that "hacking" is still purely malicious, and "Cracking" simply means breaking software registrations and the like. What do you feel each term represents these days?
cDc answers:
Obscure Images answers: We would like to take a stand on this nonsense once and for all. We are of the firm opinon that the qualification for being a hacker is not something that can be stated on clear moral grounds. As far as we are concerned, crackers are something you eat. -- Reid Fleming answers: The term "cracker" is divisive, insulting, and should be considered inappropriate in mixed company. Same for "honky" and "caucasian".
"Hacker" on the other hand, is perfectly fine for most social situations. As in: "Hey, you! Hacker! Suck my dick!" -- G. Ratte' answers: Personally, I never use the term "hacking"... it's all just messing around to me, and some of it could get you into trouble. Whatever. "Cracking" means removing software protection, and a "cracker" is a white boy. I don't know when people starting fussing over the terms and using "cracking" to mean system intrusions, but I think it all carries the stench of journalist-invented nonsense. Same with all that "white/black hat" crap. Nobody in this situation uses those terms, and they readily identify the user as an outsider. -- Tequila Willy answers: Dear Bog-Oh,
Your sensitivity is to be applauded in these times largely characterized by egocentric thinking. I appreciate that you've taken the time to ask me what I *feel* about these terms. I feel good about what each term represents. Thank you for asking. -- Tweety Fish answers: A cracker is somebody who cracks warez, and/or a pejorative term for a white person. Any other meaning is never going to catch on in the media, nor with the old school. It's just too complicated to remember the distinction all the time. The people who are hackers by anybody's definition have done some... uh... mischevious things in their time; it's part of the nature of the beast. To say that "a real hacker would never break into a computer system" indicates - to me - a lack of understanding of the original meaning of the word. Of course a real hacker would break into a computer system, if it was an interesting enough problem and they didn't anticipate anybody having a problem with it. I agree that the media should widen it's definition of what a hacker is, but that's not the argument I usually see, especially here on slashdot. I see a lot more of "they aren't a real hacker, because they break into systems and/or do security stuff", which is plain silly.
Personally, I refer to people by whatever term they would like me to use, unless I don't like them.
Besides which, if you are doing something unexpected, unforseen, or disallowed to any system (which is my pocket definition of hacking) somebody is always going to think it's bad, until you laboriously convince them otherwise, on a case by case basis.
Why get caught up in semantic arguments when you could be doing cool things and get noticed for THAT, instead?
phray01 asks: please be honest
- (1)boxers
- (2)briefs
- (3)panties
- (4)thongs
- (5)nothing
- (6)orange
- (7)Hemos the Hamster
cDc answers:
Obscure Images answers: All of the above, though not necessarily at the same time. -- Reid Fleming answers: sacred vestments -- GA Ellsworth answers: Boxers for me.. -- G. Ratte' answers: I refuse to answer this question, as I don't want to encourage your gross masturbatory fantasies. What I choose to cover my massive, pulsating tool swinging handily between my taut legs is my business, and my business only. What should the touch of soft fabric brushing the tender head of my otherwise steely rod matter to the likes of you? Disgusting! -- Nighstalker answers: Sheer to the waist black seamed pantyhose for formal affairs. -- DilDog answers: All of the above. -- Tequila Willy answers: Dear phray01,
The etiquette in this case actually depends upon whether you were east or west of the Mississippi when this unfortunate accident occurred. East of the Mississippi, the gas station attendant should remove the dog's head from your windshield wipers when cleaning the windshield. However, please be prepared to tip for this service. West of the Mississippi, it is usually considered bad manners to expect gas station attendants to remove any animal bits that have been wedged in your car parts. Thank you for asking. -- Tweety Fish answers: I actually try not to wear any slashdot operators that close to my skin. Makes my pants look funny.
Foogle asks:
Let's face it - most people regard the cdc as a bunch of script-kiddies looking for some limelight. The BackOrifice software really made this worse, because it was seen, not as an admin tool, but as an application meant to propogate cracking. How does this make you feel? That is, what are your personal thoughts on the cult's activities and how do you think they should be viewed from the professional side of the industry?
cDc answers:
Obscure Images answers: cDc is not a group of script kiddies. We are united in our interest to hack the world, be it though computers, words, images, sounds, politics, money, or sex. Those who consider us to be script kiddies ought to shut the fuck up and write their own tools. Using tools doesn't make someone a script kiddie, what makes a script kiddie is the use of other people's tools to accomplish things they have no interest in understanding. It is understandable for professionals to be concerned with our reputations, but that is why we've been completely open with our tools. We have software that can be used as very effective tools. -- Reid Fleming answers: Most professionals get it. The trojan horse problem was considered to be low priority a year ago. Things have changed as a direct result of Back Orifice and Netbus.
(By the way, you ever notice that sometimes journalists turn to Russ Cooper for an "independent" perspective on Microsoft? And you ever notice how often he agrees with the Microsoft position?) -- G. Ratte' answers: It's somewhat frustrating when something a lot of effort has gone into is totally misunderstood by so many people. A lot of people seem to have an aversion to the big picture and how BO fits into a larger whole. As for 'the industry,' . Rah rah venture capital, rah rah IPO. "We've got this great new site, Hats4Cats.com, a brave new world of headgear for our feline friends! We're seeking the perfect partners to get this off the ground right, and if you'll just look over this media kit at your leisure after the convention, we'll have someone call you in the next few days about some great opportunities!" That's 'the industry.' 'The industry' can kiss our collective cDc ass. -- Nighstalker answers: Most people couldn't plug in new RAM to their machines or install an application with the aid of an installation wizard. More so for the people that write about the digital underground who are not a part of the digital underground.
BO was released to show up the miserable security of Windows, in the hope that MS would do something other than issue press releases and that users would be made aware of the pitiful security on their machines, particularly when connected to the Internet. BO2K was released in response to the pleas of countless IT professionals who needed a powerful admin tool. -- DilDog answers: I don't feel one way or the other about it. I write code to fill a void whenever I find I need something that doesn't exist. Hence, BO2K.
What Linux is to Commercial Unix, BO2K is to Commercial remote admin tools. I mean, what kind of sick and twisted hax0r would want to use FREE and POWERFUL software without having to pay out of their ass for it. -- Tequila Willy answers: Dear Foogle, Thank you for being concerned about my feelings. However, I disagree with the metaphysical assumptions of your first question. I believe I choose how I feel and that the reaction of "most people" cannot make me feel any particular way. That being said, your second question seems more appropriate. The Cult of the Dead Cow should be viewed as what they are, namely, experts in global domination. -- Tweety Fish answers: So the technical definition of Script Kiddie is one who uses pre-made scripts or tools to hack sites, instead of developing their own tools.. by that definition, how could we possibly be script kiddies?
In the larger sense of BO2K being an application meant to propagate cracking, yes, that might happen, but the way we're doing it does serious work to raise awareness of these issues. I think we're perfectly aware that this can be hard to understand, and we're perfectly willing to keep hammering our message home until people start to get it, and start working to fix these problems.
An_onymous Coward asks:
First of all I've got to say I think cdc is pretty damn cool. I was digging their .txts since I got my first dialup shell account long ago. Now, with you guys being so security minded and all, there's only one question I could think of for you: If you were to build your ideal network, with telnet, ssh, www, ftp, pop3, smtp, file & printer sharing, bind, etc... what would be your ideal configuration to maximize security? Please be specific about Network OSs, routers, network policies, protocols, filesystems, permissions, daemons, firewall rules, and anything else that comes to mind.
cDc answers:
Reid Fleming answers: Dedicated fiber lines in a star configuration. Ultra low tramissions, only a few quanta, to foil optical taps. One-time pad encryption for each packet. All plaintext messages composed in an alien language unknown to anyone but the participants. The actual content of the messages being hidden in subliminal channels too sensitive to be mentioned here. -- DilDog answers: For cryin' out loud. My ideal network doesn't have half of that crap running. It can all be done with DCOM and HTTP. Just kidding!
I -know- this is a Linux crowd, but I'm tellin' ya, take a look at OpenBSD for PROACTIVE security when it comes to that mission critical firewall box, network monitor, webserver, etc. -- Tequila Willy answers: Dear onymous Coward,
First, thank you for your compliments. However I am left wondering how many of our text files you have actually read. All of your questions have already been addressed in detail in our text file, Wet Mount Slide. -- Tweety Fish answers: DUD3 Y3R TRY1N T0 B3 4LL SN34KY 4N' S0C1AL 3N1N33R US AN' SH1T A1N'T Y000? B3TT3R US3 NM4P INST3D!@$#!@%
If you want a genuine answer to that question, I'm sure the l0pht would be able to answer it as specifically as you need for a small fee.
Freshman asks:
Since BO is/was a big deal, I'm wondering what kind of companies have tried to contact you and what they had to say. Did Microsoft ever give you guys a buzz? The DoD maybe? CIA? If so, what did they have to say?
cDc answers:
Tweety Fish answers: We've been in constant communication with the CIA, NSA, and MOSSAD to make sure that the government-specific backdoors built into BO2K meet their tough standards for EoE (Ease of Eavesdropping).. we value the contributions the US and other governments have made to these products, and look forward to working much much more with them in the future.
Microsoft hates us, I think.
rikek asks: I've always wondered... what does a group that produces "script kiddie material" (no offense intended, it's inevitable whether you want it or not) feel about their work? Every now and then I'm plagued by contact with an "3R33+ H@X0R", who is most likely some 14 year old without anything better to do who is causing some minor damage, without a clue as to what a TCP/IP packet is. The ratio of clueful hackers cracking to script kiddies cracking has gone way down over the few years, and products like BO are likely to blame. So what do you guys think about this... would you rather this turned around, or do you feel that distributing tools to nameless masses is a good method at getting back at the real evils?
cDc answers:
Obscure Images answers: There will always be people who ride on the work of others. That's all that script kiddies are, poseurs, trendies or what have you. Back in the old days after War Games came out there were floods of "hackers" out there and these same comments were made. In the end, there is always a shakeout process. Most of the current script kiddies will abandon their activities, leaving the hardcore still in place. -- Reid Fleming answers: I suggest reading the section on Evolutionarily Stable Strategies in The Selfish Gene. -- G. Ratte' answers: It's tricky, and I refuse to get into the kind of age/experience penis-size wars that always come up with this "lamers are running around with dangerous scripts" thing. Back Orifice is distributed the way it is to force an issue. A hell of a lot of people should be upset their computers are wide open. I've always hoped that people interested in our tools would seek out our other material and read up on what we're about. And that they'd be smart enough to figure out that bumming some hapless person's day by screwing up their computer is not a good way to spend an afternoon. The end of all our text files from the last few years says this: "Save yourself, go outside, DO SOMETHING!" -- Nighstalker answers: Virtually anything can be used for evil, as virtually anything can be used for good.
One thing about BO2K is that the author deliberatly made it more difficult for clueless script kiddies to use. They're the ones who constantly plague us with badly mis-spelled complaints about how BO2K doesn't work. The IT professionals sing our praises about the power and ease of use of BO2K.
BO2K is forcing evolution to accelerate in the world of computer security. we regret the damage that is done with BO2K. In the long run, we will all be the better for this. -- Tequila Willy answers: I think you have raised an excellent question. However, I am doubtful that good products like BO can be identified as the cause of the diminishing number of hackers in comparison the the number of script kiddies. I believe that each individual must take responsibility for the character traits that they choose to cultivate in themselves. If the number of script kiddies continues to grow and more individuals choose to take the path of becoming a script kiddie rather than pursuing hacking skills, then this seems more plausibly interpreted as a sign of laziness or a short attention span on the part of those who choose this path. I don't think that BO could be blamed for such a result. That being said, I would prefer to see more hackers than script kiddies but only because I respect the skills of hackers more than the skills of script kiddies. And I would rather participate in a society populated by individuals I can respect. However, I believe your question should lead us to thinking more about what sort of behaviors should or should not be tolerated in cyberspace. And before we can address that question, it would first be helpful to conduct an inquiry into the metaphysics of hacking. I believe that many of the laws regarding computer security issues are misguided because they make fundamental assumptions about the nature of the computer hacking environment that simply are erroneous. -- Tweety Fish answers: The ratio might have changed, but the total number of people with a clue has increased, not decreased. Some 14 year old might get their start by messing with bo2k at school, and then they might start writing plugins, and then they might need to do something stranger, so they'll mod netcat to do suit their needs, and then they might realize how horribly insecure their own system is, and install linux or freeBSD to mitigate that somewhat, and then they might get out of school and go get a job securing corporate networks with all the knowledge they've gained.
Kids will be kids. If computer security was a real priority for operating system vendors, Joe Random 14 year old would need a lot more than something as general purpose as BO2K to start trouble. He'd need... uh... a car, say, or some bleach and ammonia, or a lot of beer.
yoshi asks:
What should application and OS designers do to build systems which are more secure?
cDc answers:
Reid Fleming answers: For starters, they should spend more time and energy on security than UI design, documentation, or product packaging. -- Nighstalker answers: Learn from the mistakes of the past and the solutions of today. It's not that hard to impliment security. It's just easier for lazy coders and indifferent beancounters to blow it off by saying that, "This is not something our customers are demanding in our product." -- Dildog answers: Proactive security measures. Encrypt everything. Eliminate HTTP and go right to HTTPS everywhere. -- Tweety Fish answers: Make security concerns and security audits an integral part of the development.
Alpha42 asks:
Okay.. Here's my question.. what ever happened to Obscure Images?! I haven't seen anything from him in AGES... Don't get me wrong, I thought BO was good and all, and I'm sure it's generated 99% of the PR lately.. but I miss the original cDc stuff.. the files! :) And Obscure?! OH man...
cDc answers:
Obscure Images answers: Hey, I'm still here, and I am as active as I have ever been. I've never been gone, just acting back in the shadows. I do what I can to help plan and implement our projects. Most of it comes without the glory or press attention, but it has to be done for us to be successful. Over the past 10 years I've gone to school, gone out into the world, gotten married, and started to go a bit grey. Not related to my marriage, I assure you. There will be more files from me, it's just a matter of finishing them. Keep your eyes open, your mouths too.
As far as my poetry goes, I have an excuse. It was 10 years ago, I was a typical late teen with clinical depression and the idea that I could write poetry. I stand by my stories, but would rather see the poems fade away like my youth.
Oh yeah, you have seen me, everytime you see our Paramedia Cross logo. -- Tweety Fish answers: Near the end of the cold war, Obscure Images was captured by a splinter faction of the KGB, and forced to write polemics, in verse, in a futile attempt to turn the people of the former Soviet Union back on the true path to communism. He's back now, and doing fine, except for that twitch.
Effugas asks:
What tools, in your minds, would you consider the most useful but least acknowledged tool in your security analysis collection? When backed into a corner, unsure how to whip something into shape, what obscure and strange network(or even non-network!) utility popped into mind and either performed some amazing function you couldn't imagine coding yourself or gave you the necessary cluephone ringing (via source code peek) to pull it off yourself?
cDc answers:
DilDog answers: lsof. Use it.
Anonymous Coward asks: My question is simple:
When will you start to do productive things ?
Ok, here is some context for the question. I know about BO2K ; and saw miscellaneous software at cDc site.
But on the other hand, the cDc has existed much longer than Linux itself, the FreeBSD team, NetBSD, and for probably as long as the FSF itself. One one hand you have a wealth of software (for instance here or here), on the other hand, after 15 years, you have a handful of cracking tools, one Windows administration package, an unorganized set of information, and stickers + temporary tatoos for sale.
In particular, it is a total mystery why since all that time, you haven't done one of the following:
- Review, summarize existing security systems, document and implement a robust security model. Unix model is total crap ; even Multics (design: 1963) was better (Multics achieved B2 security rating).
- Audit publically a freely available Unix (today done by OpenBSD instead).
- Write automatic assembly code analyzer to search for bugs (or at least for C). Commercial tools exist by now, and last time
- I tried to see if a free one existed, all I could found on cDc site was a "Tao of Windows Buffer Overflow" (a re-hash of techniques found for instance in Morris' Internet Worm in 1988. See Spafford's excellent report, and the Worm's FAQ).
- Lent a bunch of your machines, to hold contests such as "the best security model for Linux/BSD, running almost all possible services/servers, CGI, ...".
In this context, when will you stop selling temporary tatoos, and start real programming (other than BO2K)?
cDc answers:
Obscure Images answers: While cDc does some programming, this is not the sole focus of our efforts. To compare us to the other groups you mention you have to realize that we have different goals, as well as methods. We don't feel obligated to do anything for anyone. Our work is directed by our desires and our goals, not the desires of the community. Everything we do is productive in our eyes. We like to think that we've done work every bit as important as any of the above groups. It's all a matter of perspective. We have no problem with the people who have given their time and energy to these other projects, but we are not like them. We do things when we want to, in the way that we want to. -- Reid Fleming answers: Temporary tattoos are a CRITICAL ELEMENT of our security strategy. To suggest otherwise is sheer lunacy. -- G. Ratte' answers: Wow. I don't know when I'm going to be productive. Mom wants grandkids, too. Why should we do those things? Maybe we will, maybe we won't. Why don't you? We do other things. As far as "lend a bunch of your machines to hold contests..." that's funny, what bunch of machines? None of us are wealthy. You looked at our site and blew it off as a "handful of cracking tools & an unorganized bunch of information." That's the first electronic magazine ever, starting in 1984. It was a big deal to me when I was fourteen and bored in a small town, and I was doing something new and exciting and fun. I don't necessarily want to satisfy your weird little computer fetishes. I've got a dog and a cat and a screwy relationship and my picture in SPIN and no job and I'm busy.
Too busy for you.
To quote from cDc #300:
THE POINT by Bryan O'Sullivan
you could spend an hour counting the petals in a flower
it might take you a year to count the veins in each petal
if you spent ten lifetimes, maybe you could count its cells
but you'd have completely missed the point
you fuckhead
--
Nighstalker answers:
And this comes back to my first answer. cDc is NOT ABOUT PROGRAMMING!
Programming and computers are only a means to an end. --
Tequila Willy answers:
Dear Anonymous Coward,
Your question seems very serious and as such seems to be counter productive. The Cult of the Dead Cow exemplifies the very attitude that ought to be cultivated considering the absurd nature of existence. Take a moment to contemplate your death and your own concerns about what counts as productive behavior may shift. You may think to yourself, "I am merely a mortal who will die, but I must live responsibility for the sake of those who will survive me." But of course your friends and family will die and there will come a time when no one alive will even have a memory of your existence. And if that weren't enough, at some point our own Sun will supernova, and when this occurs, human life on earth will be destroyed. At that point, human beings will not even exist to contemplate the fates of those like yourself who died long ago. From this perspective, all human actions seem to take on an equal importance: our concerns are absurd! To live freely and responsibility, a mature human being must realize this point. Having fun, living and loving well, being playful (and hence flexible in your living): these actions take on much greater importance than behaving in a serious (and hence rigid) manner. Your question is foolish because it is not asked with a foolish spirit.
--
Tweety Fish answers:
Read our files. Read our press releases. It's all about style, jackass. Incidentally, the first of your suggestions is a primary goal of the OpenBSD project, like you said. The second suggestion is a fine idea, why don't you do it? (re: spafford's paper and the internet worm, the internet worm didn't run on win32, now, did it?). As for the third suggestion, gee, that's a great idea. Why don't we kick down a couple hundred thousand for a semi-trailer we can turn into the cDc hackmobile, and load it up with all these high-end systems we have sitting around, and hire somebody to drive it around the country so people can mess with it for free!
We do what we're interested in, what's fun, and what's within our resources, plain and simple. And we try to keep it funny.
Descriptions of who these people are are at http://www.cultdeadcow.com/members/.
Bizzare Answers from Cult of the Dead Cow

News · News · 1999-10-22 04:30 · posted by Roblimo · from the people-mommy-warned-you-about dept. · 247 comments
Monday's questions for the Cult of the Dead Cow ranged from serious-tech to silly. Various members of the Cult answered appropriately. Great stuff! One warning: if you are offended by strong language or are a hacker under 18, you should not read this Q&A session. The Cult is one of those groups the assorted nanny-censor programs try to keep away from deity-fearing, good-citizen, mass-average folks because they're commie anachist no-gooders. Or something like that. (And we like them that way!) Click below to learn why these people are A Danger to the Established Order(tm).
tdsanchez asks:
How has the 'mission' and/or purpose of cDc changed as the years have passed, especially with the advent of pervasive internet connectivity and the 'death' of classic dial-up BBS's?
cDc answers:
Obscure Images answers: cDc's mission has never changed. We are still primarily motivated by the desire to dominate the world. I think that if anything, the growth of the internet has just been part of our plans for your tomorrow.
G. Ratte' answers: The mission has never changed... it's always been about us trying to do cool stuff. The Internet has just made it easier to communicate and it's a lot less hassle than when you had to worry about how fresh your long distance codes were, back in the day. Call my dead BBS! Demon Roach Underground, 806/794-4362. 2400 baud! Apple II, baby!
Nighstalker answers: The whole point of cDc is to communicate. While T-shirts and watches and BO2K are the glitz, the core of cDc is communicating to and with the world. The venerable T-File is the heart and soul of cDc and we will never abandon this most basic and venerable facet of the telecom/computer demimonde
Tweety Fish answers: We are currently in the process of training our massive, highly secretive ninja army.
M1000 asks:
How would you define the implementation of security on the major OS today?
- Windows95 / 98
- Commercial Unix
- Linux
- FreeBSD
- NT
- Windows 2000 (NT5)
- etc.
cDc answers:
Nighstalker answers:BR> If it's from MS, the security is crap. everything else is better by comparison. Linux is pretty good if you're a Linux guru. Same thing with any other flavor of UNIX. But no matter how good you are, there's someone out there who is better than you.
"The price of secure connectivity is eternal vigilance!" -- DilDog answers:
- Windows95 / 98 - Shit happens
- Commercial Unix - Shit happens over RPC.
- Linux - When shit happens, you fix it.
- FreeBSD - Shit would happen, but there's no driver for it yet.
- NT - Shit wouldn't happen if you'd just spend a few months performing 300+ modifications to our default installation, you lazy sysadmin. Get your MCSE.
- Windows 2000 (NT5) - Shit happens over DCOM.
--
Tweety Fish answers:
Except for Window95/98, which I would characterize as sucking ass across the board, there's no simple answer to that question. All of those operating systems are (resonably) securable, in theory, but if you want to make the job of securing a box easier, why not run OpenBSD?
xmedar asks:
There is an episode of South Park with cows worshipping a cow clock, and when it is removed by the people, the cows all jump off a cliff, now I've heard that refered to as the Cult of the Dead Cow episode, is it anything to do with cDc or are cults for dead cows just in fashion right now?
cDc answers:
Obscure Images answers: We would like to believe that we were inspirational to the creators of South Park, but we will defer to the obviously natural call of bovinity. -- Reid Fleming answers: Our lawyers will not permit us to comment upon the episode in question. -- G. Ratte' answers: Sure. I hear the next round of Calvin Klein ads will feature Kate Moss munching a big greasy cheeseburger as Kari Wuhrer cleaves an axe through a cow's head. And a roomful of Italian boys with no chest hair look on in quiet desperation. It's a scene straight from one of our industry convention parties. -- Nighstalker answers: The universe is a chaotic system. If Ratte had been screwing around in a sewage treatment plant, rather than an abandoned slaughterhouse, we cound have been called the Cult of Recycled Shit. That the guys from South Park had cult of suicidal cows may be our fault. maybe not. -- Tequila Willy answers: I know this episode well, and I've spent a lot of time studying the various interpretations of this episode. Though the Cult of the Dead Cow interpretation is a very plausible and popular connection to make, there is another very plausible interpretation that I think you will find interesting. The hands on the clock are metaphors for the phallus. The removal of the clock represents castration. The removal of the phallus limits sexual options and limited options are bad. The cows demonstrate their adherence to their principle of "maximum freedom or death" by jumping off the cliff. You might ask yourself, xmedar, whether you have any principles that you would be willing to die for. -- Tweety Fish answers: TV writers (comedy writers especially) tend to be unrepentant fanboys with computers and tight deadlines... you decide.
Effugas asks:
To the various illustrious(translation: I've worshipped you guys for the majority of my life) members of the Cult of the Dead Cow:
Moo.
That being said, I'd like to know what have been the most surprising events in the computer industry for you. Anything's fair game. What just came out of nowhere and knocked the Cult flat on its ass?
cDc answers:
Obscure Images answers: We haven't been knocked on our asses yet by anything that has happened in the computer industry. We're great at believing that whatever we see is directly caused by our underground efforts. We would be knocked on our ass if we didn't believe that. Oh yeah, Linus Torvalds is a cDc simulacra unit. -- Reid Fleming answers: www.realdoll.com www.jerkcity.com -- GA Ellsworth answers: http://www2.promisekeepers.org/ -- G. Ratte' answers: I'm mostly surprised by what hasn't happened. I thought floppy disks would get bigger and bigger 'til they became a 3-foot square, and you'd use 'em for kites when they went bad. I thought for sure bubble memory was going to take off, and pen-based OSes would rule the industry, and I'd have an Amiga clipboard computer running MS's BOB right now. It should have been Atari, not Microsoft. -- Nighstalker answers: Cheap powerful computers. Looking at the list prices of all my Commodore 128 gear shows me that the whole system cost more than a new iMac. Also, PDAs are pretty surprising, how they just suddenly seem to be everywhere. -- White Knight answers: What surprised me most about the computer industry is how much less attractive Kiki Stockhammer is in person. -- Tweety Fish answers: You know they got these things now that can take a picture and put it on the screen thingy? That's so cool!
sinatra asks:
A recent article (forgot the reference) characterized codc members as a bunch of social juveniles bound by no particular ideals, and lacking in both trust and personal respect for other members as well as the (cr|h)acker communities at-large. The evidence presented in the article however was limited to on-stage behavior and a virus of unknown-but-suspicious origin on a distributed CD. The codc archives paint an equally murky picture, depending on the reader's perspective.
So is there a codc code of ethics? Could such a thing ever be enforced?
cDc answers:
Obscure Images answers: I can't answer for everyone, but I will say that I am a moral relativist. I think that the morality of an act is dependent on the context of that action. As for a cDc as a group, we are a very close knit group, very nearly a family, and to think that there would be someone amongst us who would turn on us is an absurdity. The article in question was written by a well known fool who would fit in better at a meeting of the John Birch S ociety than a computer convention. -- Reid Fleming answers: No and no. -- G. Ratte' answers: Lacking in trust and personal respect? I wish I knew the article you're referring to, 'cause those are some pretty strange assumptions. But that's funny, that's interesting. We're the kids the newspapers used to write about being diagnosed with "Pac-Man elbow." We're the kids with the sore thumbs from Atari joysticks playing "Combat" through our adolescence. We're the first generation to grow up hearing a modem squeal every day after school. So if there's any lack of trust and respect for the (cr/h)acker community, it's self-loathing and it's all in the family. Familiarity breeds contempt. The only ethic is to not be, uh, k-lame. Spreading viruses is not good. -- Nighstalker answers: I read that article. The author is an ignorant twat.
For what it's worth, I trust my very life with any cDc member. I trust them implicitly.
I suspect that cDc individually and as a group is far more ethical than Microsoft. Anyone emails me, they get an answer directly from me, not some flack from marketing. -- Tequila Willy answers: Dear Sinatra, Who's codc? I've never heard of them. -- Tweety Fish answers: The nice thing about cDc is we're all cool enough, and all moral enough, that there really is no need for us to enforce much of anything. Personally, I'm constantly entertained by everything every other cDc member ever does, and I'd much rather have that than the 1700 page cDc Moral Guide.
Incidentally, the author of that article also thinks that Richard Stallman should be arrested and charged with monopolistic practices, so, you know, you shouldn't believe everything you read.
[bog-oh] asks:
You folks have been around for so long, surely you've seen the evolution of both terms. Are you quick to take a stand on misuse of either, or do you just take it all in stride? Some of the older security folks out there are damned sure that "hacking" is still purely malicious, and "Cracking" simply means breaking software registrations and the like. What do you feel each term represents these days?
cDc answers:
Obscure Images answers: We would like to take a stand on this nonsense once and for all. We are of the firm opinon that the qualification for being a hacker is not something that can be stated on clear moral grounds. As far as we are concerned, crackers are something you eat. -- Reid Fleming answers: The term "cracker" is divisive, insulting, and should be considered inappropriate in mixed company. Same for "honky" and "caucasian".
"Hacker" on the other hand, is perfectly fine for most social situations. As in: "Hey, you! Hacker! Suck my dick!" -- G. Ratte' answers: Personally, I never use the term "hacking"... it's all just messing around to me, and some of it could get you into trouble. Whatever. "Cracking" means removing software protection, and a "cracker" is a white boy. I don't know when people starting fussing over the terms and using "cracking" to mean system intrusions, but I think it all carries the stench of journalist-invented nonsense. Same with all that "white/black hat" crap. Nobody in this situation uses those terms, and they readily identify the user as an outsider. -- Tequila Willy answers: Dear Bog-Oh,
Your sensitivity is to be applauded in these times largely characterized by egocentric thinking. I appreciate that you've taken the time to ask me what I *feel* about these terms. I feel good about what each term represents. Thank you for asking. -- Tweety Fish answers: A cracker is somebody who cracks warez, and/or a pejorative term for a white person. Any other meaning is never going to catch on in the media, nor with the old school. It's just too complicated to remember the distinction all the time. The people who are hackers by anybody's definition have done some... uh... mischevious things in their time; it's part of the nature of the beast. To say that "a real hacker would never break into a computer system" indicates - to me - a lack of understanding of the original meaning of the word. Of course a real hacker would break into a computer system, if it was an interesting enough problem and they didn't anticipate anybody having a problem with it. I agree that the media should widen it's definition of what a hacker is, but that's not the argument I usually see, especially here on slashdot. I see a lot more of "they aren't a real hacker, because they break into systems and/or do security stuff", which is plain silly.
Personally, I refer to people by whatever term they would like me to use, unless I don't like them.
Besides which, if you are doing something unexpected, unforseen, or disallowed to any system (which is my pocket definition of hacking) somebody is always going to think it's bad, until you laboriously convince them otherwise, on a case by case basis.
Why get caught up in semantic arguments when you could be doing cool things and get noticed for THAT, instead?
phray01 asks: please be honest
- (1)boxers
- (2)briefs
- (3)panties
- (4)thongs
- (5)nothing
- (6)orange
- (7)Hemos the Hamster
cDc answers:
Obscure Images answers: All of the above, though not necessarily at the same time. -- Reid Fleming answers: sacred vestments -- GA Ellsworth answers: Boxers for me.. -- G. Ratte' answers: I refuse to answer this question, as I don't want to encourage your gross masturbatory fantasies. What I choose to cover my massive, pulsating tool swinging handily between my taut legs is my business, and my business only. What should the touch of soft fabric brushing the tender head of my otherwise steely rod matter to the likes of you? Disgusting! -- Nighstalker answers: Sheer to the waist black seamed pantyhose for formal affairs. -- DilDog answers: All of the above. -- Tequila Willy answers: Dear phray01,
The etiquette in this case actually depends upon whether you were east or west of the Mississippi when this unfortunate accident occurred. East of the Mississippi, the gas station attendant should remove the dog's head from your windshield wipers when cleaning the windshield. However, please be prepared to tip for this service. West of the Mississippi, it is usually considered bad manners to expect gas station attendants to remove any animal bits that have been wedged in your car parts. Thank you for asking. -- Tweety Fish answers: I actually try not to wear any slashdot operators that close to my skin. Makes my pants look funny.
Foogle asks:
Let's face it - most people regard the cdc as a bunch of script-kiddies looking for some limelight. The BackOrifice software really made this worse, because it was seen, not as an admin tool, but as an application meant to propogate cracking. How does this make you feel? That is, what are your personal thoughts on the cult's activities and how do you think they should be viewed from the professional side of the industry?
cDc answers:
Obscure Images answers: cDc is not a group of script kiddies. We are united in our interest to hack the world, be it though computers, words, images, sounds, politics, money, or sex. Those who consider us to be script kiddies ought to shut the fuck up and write their own tools. Using tools doesn't make someone a script kiddie, what makes a script kiddie is the use of other people's tools to accomplish things they have no interest in understanding. It is understandable for professionals to be concerned with our reputations, but that is why we've been completely open with our tools. We have software that can be used as very effective tools. -- Reid Fleming answers: Most professionals get it. The trojan horse problem was considered to be low priority a year ago. Things have changed as a direct result of Back Orifice and Netbus.
(By the way, you ever notice that sometimes journalists turn to Russ Cooper for an "independent" perspective on Microsoft? And you ever notice how often he agrees with the Microsoft position?) -- G. Ratte' answers: It's somewhat frustrating when something a lot of effort has gone into is totally misunderstood by so many people. A lot of people seem to have an aversion to the big picture and how BO fits into a larger whole. As for 'the industry,' . Rah rah venture capital, rah rah IPO. "We've got this great new site, Hats4Cats.com, a brave new world of headgear for our feline friends! We're seeking the perfect partners to get this off the ground right, and if you'll just look over this media kit at your leisure after the convention, we'll have someone call you in the next few days about some great opportunities!" That's 'the industry.' 'The industry' can kiss our collective cDc ass. -- Nighstalker answers: Most people couldn't plug in new RAM to their machines or install an application with the aid of an installation wizard. More so for the people that write about the digital underground who are not a part of the digital underground.
BO was released to show up the miserable security of Windows, in the hope that MS would do something other than issue press releases and that users would be made aware of the pitiful security on their machines, particularly when connected to the Internet. BO2K was released in response to the pleas of countless IT professionals who needed a powerful admin tool. -- DilDog answers: I don't feel one way or the other about it. I write code to fill a void whenever I find I need something that doesn't exist. Hence, BO2K.
What Linux is to Commercial Unix, BO2K is to Commercial remote admin tools. I mean, what kind of sick and twisted hax0r would want to use FREE and POWERFUL software without having to pay out of their ass for it. -- Tequila Willy answers: Dear Foogle, Thank you for being concerned about my feelings. However, I disagree with the metaphysical assumptions of your first question. I believe I choose how I feel and that the reaction of "most people" cannot make me feel any particular way. That being said, your second question seems more appropriate. The Cult of the Dead Cow should be viewed as what they are, namely, experts in global domination. -- Tweety Fish answers: So the technical definition of Script Kiddie is one who uses pre-made scripts or tools to hack sites, instead of developing their own tools.. by that definition, how could we possibly be script kiddies?
In the larger sense of BO2K being an application meant to propagate cracking, yes, that might happen, but the way we're doing it does serious work to raise awareness of these issues. I think we're perfectly aware that this can be hard to understand, and we're perfectly willing to keep hammering our message home until people start to get it, and start working to fix these problems.
An_onymous Coward asks:
First of all I've got to say I think cdc is pretty damn cool. I was digging their .txts since I got my first dialup shell account long ago. Now, with you guys being so security minded and all, there's only one question I could think of for you: If you were to build your ideal network, with telnet, ssh, www, ftp, pop3, smtp, file & printer sharing, bind, etc... what would be your ideal configuration to maximize security? Please be specific about Network OSs, routers, network policies, protocols, filesystems, permissions, daemons, firewall rules, and anything else that comes to mind.
cDc answers:
Reid Fleming answers: Dedicated fiber lines in a star configuration. Ultra low tramissions, only a few quanta, to foil optical taps. One-time pad encryption for each packet. All plaintext messages composed in an alien language unknown to anyone but the participants. The actual content of the messages being hidden in subliminal channels too sensitive to be mentioned here. -- DilDog answers: For cryin' out loud. My ideal network doesn't have half of that crap running. It can all be done with DCOM and HTTP. Just kidding!
I -know- this is a Linux crowd, but I'm tellin' ya, take a look at OpenBSD for PROACTIVE security when it comes to that mission critical firewall box, network monitor, webserver, etc. -- Tequila Willy answers: Dear onymous Coward,
First, thank you for your compliments. However I am left wondering how many of our text files you have actually read. All of your questions have already been addressed in detail in our text file, Wet Mount Slide. -- Tweety Fish answers: DUD3 Y3R TRY1N T0 B3 4LL SN34KY 4N' S0C1AL 3N1N33R US AN' SH1T A1N'T Y000? B3TT3R US3 NM4P INST3D!@$#!@%
If you want a genuine answer to that question, I'm sure the l0pht would be able to answer it as specifically as you need for a small fee.
Freshman asks:
Since BO is/was a big deal, I'm wondering what kind of companies have tried to contact you and what they had to say. Did Microsoft ever give you guys a buzz? The DoD maybe? CIA? If so, what did they have to say?
cDc answers:
Tweety Fish answers: We've been in constant communication with the CIA, NSA, and MOSSAD to make sure that the government-specific backdoors built into BO2K meet their tough standards for EoE (Ease of Eavesdropping).. we value the contributions the US and other governments have made to these products, and look forward to working much much more with them in the future.
Microsoft hates us, I think.
rikek asks: I've always wondered... what does a group that produces "script kiddie material" (no offense intended, it's inevitable whether you want it or not) feel about their work? Every now and then I'm plagued by contact with an "3R33+ H@X0R", who is most likely some 14 year old without anything better to do who is causing some minor damage, without a clue as to what a TCP/IP packet is. The ratio of clueful hackers cracking to script kiddies cracking has gone way down over the few years, and products like BO are likely to blame. So what do you guys think about this... would you rather this turned around, or do you feel that distributing tools to nameless masses is a good method at getting back at the real evils?
cDc answers:
Obscure Images answers: There will always be people who ride on the work of others. That's all that script kiddies are, poseurs, trendies or what have you. Back in the old days after War Games came out there were floods of "hackers" out there and these same comments were made. In the end, there is always a shakeout process. Most of the current script kiddies will abandon their activities, leaving the hardcore still in place. -- Reid Fleming answers: I suggest reading the section on Evolutionarily Stable Strategies in The Selfish Gene. -- G. Ratte' answers: It's tricky, and I refuse to get into the kind of age/experience penis-size wars that always come up with this "lamers are running around with dangerous scripts" thing. Back Orifice is distributed the way it is to force an issue. A hell of a lot of people should be upset their computers are wide open. I've always hoped that people interested in our tools would seek out our other material and read up on what we're about. And that they'd be smart enough to figure out that bumming some hapless person's day by screwing up their computer is not a good way to spend an afternoon. The end of all our text files from the last few years says this: "Save yourself, go outside, DO SOMETHING!" -- Nighstalker answers: Virtually anything can be used for evil, as virtually anything can be used for good.
One thing about BO2K is that the author deliberatly made it more difficult for clueless script kiddies to use. They're the ones who constantly plague us with badly mis-spelled complaints about how BO2K doesn't work. The IT professionals sing our praises about the power and ease of use of BO2K.
BO2K is forcing evolution to accelerate in the world of computer security. we regret the damage that is done with BO2K. In the long run, we will all be the better for this. -- Tequila Willy answers: I think you have raised an excellent question. However, I am doubtful that good products like BO can be identified as the cause of the diminishing number of hackers in comparison the the number of script kiddies. I believe that each individual must take responsibility for the character traits that they choose to cultivate in themselves. If the number of script kiddies continues to grow and more individuals choose to take the path of becoming a script kiddie rather than pursuing hacking skills, then this seems more plausibly interpreted as a sign of laziness or a short attention span on the part of those who choose this path. I don't think that BO could be blamed for such a result. That being said, I would prefer to see more hackers than script kiddies but only because I respect the skills of hackers more than the skills of script kiddies. And I would rather participate in a society populated by individuals I can respect. However, I believe your question should lead us to thinking more about what sort of behaviors should or should not be tolerated in cyberspace. And before we can address that question, it would first be helpful to conduct an inquiry into the metaphysics of hacking. I believe that many of the laws regarding computer security issues are misguided because they make fundamental assumptions about the nature of the computer hacking environment that simply are erroneous. -- Tweety Fish answers: The ratio might have changed, but the total number of people with a clue has increased, not decreased. Some 14 year old might get their start by messing with bo2k at school, and then they might start writing plugins, and then they might need to do something stranger, so they'll mod netcat to do suit their needs, and then they might realize how horribly insecure their own system is, and install linux or freeBSD to mitigate that somewhat, and then they might get out of school and go get a job securing corporate networks with all the knowledge they've gained.
Kids will be kids. If computer security was a real priority for operating system vendors, Joe Random 14 year old would need a lot more than something as general purpose as BO2K to start trouble. He'd need... uh... a car, say, or some bleach and ammonia, or a lot of beer.
yoshi asks:
What should application and OS designers do to build systems which are more secure?
cDc answers:
Reid Fleming answers: For starters, they should spend more time and energy on security than UI design, documentation, or product packaging. -- Nighstalker answers: Learn from the mistakes of the past and the solutions of today. It's not that hard to impliment security. It's just easier for lazy coders and indifferent beancounters to blow it off by saying that, "This is not something our customers are demanding in our product." -- Dildog answers: Proactive security measures. Encrypt everything. Eliminate HTTP and go right to HTTPS everywhere. -- Tweety Fish answers: Make security concerns and security audits an integral part of the development.
Alpha42 asks:
Okay.. Here's my question.. what ever happened to Obscure Images?! I haven't seen anything from him in AGES... Don't get me wrong, I thought BO was good and all, and I'm sure it's generated 99% of the PR lately.. but I miss the original cDc stuff.. the files! :) And Obscure?! OH man...
cDc answers:
Obscure Images answers: Hey, I'm still here, and I am as active as I have ever been. I've never been gone, just acting back in the shadows. I do what I can to help plan and implement our projects. Most of it comes without the glory or press attention, but it has to be done for us to be successful. Over the past 10 years I've gone to school, gone out into the world, gotten married, and started to go a bit grey. Not related to my marriage, I assure you. There will be more files from me, it's just a matter of finishing them. Keep your eyes open, your mouths too.
As far as my poetry goes, I have an excuse. It was 10 years ago, I was a typical late teen with clinical depression and the idea that I could write poetry. I stand by my stories, but would rather see the poems fade away like my youth.
Oh yeah, you have seen me, everytime you see our Paramedia Cross logo. -- Tweety Fish answers: Near the end of the cold war, Obscure Images was captured by a splinter faction of the KGB, and forced to write polemics, in verse, in a futile attempt to turn the people of the former Soviet Union back on the true path to communism. He's back now, and doing fine, except for that twitch.
Effugas asks:
What tools, in your minds, would you consider the most useful but least acknowledged tool in your security analysis collection? When backed into a corner, unsure how to whip something into shape, what obscure and strange network(or even non-network!) utility popped into mind and either performed some amazing function you couldn't imagine coding yourself or gave you the necessary cluephone ringing (via source code peek) to pull it off yourself?
cDc answers:
DilDog answers: lsof. Use it.
Anonymous Coward asks: My question is simple:
When will you start to do productive things ?
Ok, here is some context for the question. I know about BO2K ; and saw miscellaneous software at cDc site.
But on the other hand, the cDc has existed much longer than Linux itself, the FreeBSD team, NetBSD, and for probably as long as the FSF itself. One one hand you have a wealth of software (for instance here or here), on the other hand, after 15 years, you have a handful of cracking tools, one Windows administration package, an unorganized set of information, and stickers + temporary tatoos for sale.
In particular, it is a total mystery why since all that time, you haven't done one of the following:
- Review, summarize existing security systems, document and implement a robust security model. Unix model is total crap ; even Multics (design: 1963) was better (Multics achieved B2 security rating).
- Audit publically a freely available Unix (today done by OpenBSD instead).
- Write automatic assembly code analyzer to search for bugs (or at least for C). Commercial tools exist by now, and last time
- I tried to see if a free one existed, all I could found on cDc site was a "Tao of Windows Buffer Overflow" (a re-hash of techniques found for instance in Morris' Internet Worm in 1988. See Spafford's excellent report, and the Worm's FAQ).
- Lent a bunch of your machines, to hold contests such as "the best security model for Linux/BSD, running almost all possible services/servers, CGI, ...".
In this context, when will you stop selling temporary tatoos, and start real programming (other than BO2K)?
cDc answers:
Obscure Images answers: While cDc does some programming, this is not the sole focus of our efforts. To compare us to the other groups you mention you have to realize that we have different goals, as well as methods. We don't feel obligated to do anything for anyone. Our work is directed by our desires and our goals, not the desires of the community. Everything we do is productive in our eyes. We like to think that we've done work every bit as important as any of the above groups. It's all a matter of perspective. We have no problem with the people who have given their time and energy to these other projects, but we are not like them. We do things when we want to, in the way that we want to. -- Reid Fleming answers: Temporary tattoos are a CRITICAL ELEMENT of our security strategy. To suggest otherwise is sheer lunacy. -- G. Ratte' answers: Wow. I don't know when I'm going to be productive. Mom wants grandkids, too. Why should we do those things? Maybe we will, maybe we won't. Why don't you? We do other things. As far as "lend a bunch of your machines to hold contests..." that's funny, what bunch of machines? None of us are wealthy. You looked at our site and blew it off as a "handful of cracking tools & an unorganized bunch of information." That's the first electronic magazine ever, starting in 1984. It was a big deal to me when I was fourteen and bored in a small town, and I was doing something new and exciting and fun. I don't necessarily want to satisfy your weird little computer fetishes. I've got a dog and a cat and a screwy relationship and my picture in SPIN and no job and I'm busy.
Too busy for you.
To quote from cDc #300:
THE POINT by Bryan O'Sullivan
you could spend an hour counting the petals in a flower
it might take you a year to count the veins in each petal
if you spent ten lifetimes, maybe you could count its cells
but you'd have completely missed the point
you fuckhead
--
Nighstalker answers:
And this comes back to my first answer. cDc is NOT ABOUT PROGRAMMING!
Programming and computers are only a means to an end. --
Tequila Willy answers:
Dear Anonymous Coward,
Your question seems very serious and as such seems to be counter productive. The Cult of the Dead Cow exemplifies the very attitude that ought to be cultivated considering the absurd nature of existence. Take a moment to contemplate your death and your own concerns about what counts as productive behavior may shift. You may think to yourself, "I am merely a mortal who will die, but I must live responsibility for the sake of those who will survive me." But of course your friends and family will die and there will come a time when no one alive will even have a memory of your existence. And if that weren't enough, at some point our own Sun will supernova, and when this occurs, human life on earth will be destroyed. At that point, human beings will not even exist to contemplate the fates of those like yourself who died long ago. From this perspective, all human actions seem to take on an equal importance: our concerns are absurd! To live freely and responsibility, a mature human being must realize this point. Having fun, living and loving well, being playful (and hence flexible in your living): these actions take on much greater importance than behaving in a serious (and hence rigid) manner. Your question is foolish because it is not asked with a foolish spirit.
--
Tweety Fish answers:
Read our files. Read our press releases. It's all about style, jackass. Incidentally, the first of your suggestions is a primary goal of the OpenBSD project, like you said. The second suggestion is a fine idea, why don't you do it? (re: spafford's paper and the internet worm, the internet worm didn't run on win32, now, did it?). As for the third suggestion, gee, that's a great idea. Why don't we kick down a couple hundred thousand for a semi-trailer we can turn into the cDc hackmobile, and load it up with all these high-end systems we have sitting around, and hire somebody to drive it around the country so people can mess with it for free!
We do what we're interested in, what's fun, and what's within our resources, plain and simple. And we try to keep it funny.
Descriptions of who these people are are at http://www.cultdeadcow.com/members/.
Ask the Cult of the Dead Cow Anything

Tech · Internet · 1999-10-18 04:00 · posted by Roblimo · from the striking-fear-into-the-hearts-of-model-citizens-everywhere dept. · 63 comments

The Cult of the Dead Cow [cDc] is one of the best-known and oldest groups floating around in the murky world of computer security (on either side of the fence). cDc's best-publicized recent accomplishment is Back Orifice, a program that can be considered either an excellent NT remote sysadmin tool or a cracker's sneaky way into an NT-based network. But there's lots more to cDc than B.O. If you're not famliar with their history, check the cDc files before you post; they go all the way back to 1985. Please confine yourself to one question per post. Tuesday afternoon we'll forward the 10 - 15 questions deemed most interesting by Slashdot moderators and hangers-on to the Cult by e-mail. Answers will appear Friday.
Ask the Cult of the Dead Cow Anything

Tech · Internet · 1999-10-18 04:00 · posted by Roblimo · from the striking-fear-into-the-hearts-of-model-citizens-everywhere dept. · 63 comments

The Cult of the Dead Cow [cDc] is one of the best-known and oldest groups floating around in the murky world of computer security (on either side of the fence). cDc's best-publicized recent accomplishment is Back Orifice, a program that can be considered either an excellent NT remote sysadmin tool or a cracker's sneaky way into an NT-based network. But there's lots more to cDc than B.O. If you're not famliar with their history, check the cDc files before you post; they go all the way back to 1985. Please confine yourself to one question per post. Tuesday afternoon we'll forward the 10 - 15 questions deemed most interesting by Slashdot moderators and hangers-on to the Cult by e-mail. Answers will appear Friday.
cDc Charges MS w/ Distributing Cracker Software

Microsoft · 1999-07-23 04:22 · posted by ryuzaki0 · from the isn't-this-interesting dept. · 356 comments

davidr writes "Microsoft's response to Back Orifice 2000 has been to characterize it as a hacker tool instead of a network administration tool, because it can be installed stealthily and used to monitor users without their knowledge. cDc has reponded by pointing out that Microsoft's own tool, SMS, does the same exact thing! They've called for antivirus software for SMS and challenged Microsoft to recall it. " Read this one. Its interesting. Having never used SMS (hell, I haven't really used windows in a year or so) I'll leave it up to you guys to figure out if this is true.
cDc Releases *NIX Back Orifice Client Open Source

Microsoft · 1998-08-09 21:32 · posted by ryuzaki0 · from the aint-that-spiffy dept. · 0 comments

DilDog writes "Cult of the Dead Cow has released the source code to a *nix compatible client to Back Orifice. It can be downloaded Here." I'm getting the impression that this thing is going to be around for awhile.
cDc Rebuttal to Microsoft

News · News · 1998-08-08 23:09 · posted by CmdrTaco · from the stuff-to-read dept. · 0 comments

DilDog sent us a link to the official cDc response to MSs rebuttal about Back Orifice. It's worth a read if you're at all interested in this thing.
cDc Responds to Questions About Back Orifice

News · News · 1998-07-29 21:29 · posted by CmdrTaco · from the stuff-to-read dept. · 0 comments
Omega from the Cult of the Dead Cow has written up a series of answers to questions posed in the article we ran Wed. on Back Orifice, the remote administration program that will be released on the first week of august at Defcon 6. They talk about buffer underruns and other security holes that will allow B.O. to roam free, as well as answering tons of other questions about what this is and what it will and won't do. I'm not going to taint this with opinions, because frankly I still don't know what I think about this. So read it and decide for yourself. The following is a response from the Cult of the Dead Cow regarding their Back Orifice program. I've posted it unedited (well, I did try to HTML it a bit) for the benefit of interested readers. Read at your own risk.
```
________________________________________________________
                         _   _
  MEDIA RESPONSE        ((___))         MEDIA RESPONSE
     7/29/98            [ x x ]            7/29/98
                            /
                         (' ')
                          (U)

__________________www.cultdeadcow.com___________________
```
With regard to Slashdot's 7/28/98 article about cDc's Back Orifice application (http://www.slashdot.org/articles/980728/1320244.shtml)
- ... read about some interesting software that allows you to remotely, well, administer Windows boxes. The sad part is Microsoft will probably divert this as nothing more than a trivial attack and then throw the technology into a subsequent release of the product. But it is this sort of thing we need to keep Microsoft on their toes. Excuse the bad Latin (again), but Carpete Diem! Update Is this a hoax? It sure looks suspicious. You do need to run a client program, so it doesn't seem that evil- unless munchkins can sneak into your office under cover of darkness and add it to your startup group...
THE CULT OF THE DEAD COW was very interested to read yesterday's feedback on Slashdot regarding cDc's imminent release of BACK ORIFICE. We believe such a tool has been eagerly awaited by the user community and judging from the positive responses, it appears we're right.
We would, however, like to correct a few errors reported about Back Orifice and answer a few questions.
cDc? DON'T THEY PUBLISH TEXT FILES?
cDc enjoys publishing text-files, but there's much more to the CULT OF THE DEAD COW than that. Have you read what we've been up to in China, for instance? Check out cDc #356, or our Media List
- http://www.cultdeadcow.com/cDc_files/cDc-0356.html
  http://www.cultdeadcow.com/news/medialist.htm
IS BACK ORIFICE A HOAX?
The name is "Back Orifice", not "Back Office"; "Back Office" is, as you know, trademarked Microsoft. And yes, Back Orifice is real.
We will be demonstrating it at Defcon 6 in Las Vegas the weekend of August first, so if you're there, you'll see it with your own eyes. Depending on how quickly we recover from hang-overs, gambling debts, debauchery and Microsoft intrigues, it should be available for download from
- http://www.cultdeadcow.com
on Monday, August 3 or thereabouts.
IS IT A TROJAN HORSE?
"Let me get this straight -- if I install this Trojan cum virus on my Windows 95 or 98 system, I'm toast? What a revelation. Major security hole." -- Paul Leach, Microsoft. source: NTBugTraq
We prefer to call Back Orifice a "remote administration tool." I suppose in the most general sense, someone might call Back Orifice a "Trojan Horse," but that would be a gross over-simplification and inaccurate. Trojan Horses generally have very specific, pre-programmed goals -- usually destructive. Unlike most Trojan Horses, there is nothing inherently destructive about Back Orifice. Nelson Minar's observation that Back Orifice _resembles_ a "root-kit for Windows" would be more accurate.
Back Orifice doesn't need to be installed on the end-user's machine _by_ the end-user, contrary to what Paul Leach thinks. (Nor is his judgement about Back Orifice especially useful.)
The security holes in Windows already exist. Sir Dystic points a few of the holes in the OS in cDc #338. Dildog demonstrates in cDc #351, "The Tao of Windows Buffer Overflow",
- http://www.cultdeadcow.com/cDc_files/cDc-351/
a stereotypical security hole in a Microsoft application. In fact, borrowing the words of a well-known security expert, cDc #351 could be subtitled, "If I install a Microsoft application on my Windows 95 or 98 system, I'm toast? What a revelation."
In his file, Dildog posits a situation where one might get an e-mail with a Microsoft NetMeeting 'SpeedDial' CNF file attachment. The e-mail says, "My girlfriend and I want you to watch us fuck while you spank it! Call us soon, we're horny!" Launching the NetMeeting attachment could trigger a buffer overflow exploit which could be used to install a Trojan Horse (or anything else!) onto your system.
Zero, one of Slashdot's readers, was more succinct:
- As for getting it [Back Orifice] to install, I could go through quite an extensive list on possible ways to get it installed. future discovered bugs will open new ways to insert this application. The program itself isn't an exploit
OTHER QUESTIONS?
A few questions voiced by slashdot readers in the message forum:
Q: Tril wants to know: what happens if you try to install Back Orifice on a system that already has it?
A: As it happens, multiple instances of Back Orifice can be installed on a system and be running concurrently, each listening on different (user-configurable) ports.
Q: Bill McCarthy asks: what good would something like BO be in light of well-placed firewall security measures? Is BO something that can pierce firewalls once installed?
A: Depends on how well-placed the security measures are and what they are. Generally Firewalls are more permissive about outbound connections than they are inbound connections. So it is possible to operate BO across a firewall (depending on the circumstances) and it is also possible to install BO across a firewall (depending on the circumstances). But BO in itself isn't designed with Firewall intrusion in mind.
Q: Kent Wang heard that SMS will do the same thing [systems management]. What's the diff?
A: SMS has more (and different) features and whether it actually works as advertised is arguable. BO is free; is only about 120 Kbytes in size; and it works. You can also write your own custom plug-ins for BO: its architecture is easily extensible.
For further details or lucrative film offers, please contact:
The Deth Vegetable
Minister of Propaganda
CULT OF THE DEAD COW
veggie@cultdeadcow.com
.......................................................................
The CULT OF THE DEAD COW (cDc) is the most influential group of hackers in the world. Formed in 1984, the cDc has done everything from publish the longest running e-zine on the Internet to diddling military networks around the globe. We could go on, but who's got the time. Journalists can check out the Medialist link on our Web site for more background information. Cheerio. "cDc. It's alla'bout style, jackass."
cDc Responds to Questions About Back Orifice

News · News · 1998-07-29 21:29 · posted by CmdrTaco · from the stuff-to-read dept. · 0 comments
Omega from the Cult of the Dead Cow has written up a series of answers to questions posed in the article we ran Wed. on Back Orifice, the remote administration program that will be released on the first week of august at Defcon 6. They talk about buffer underruns and other security holes that will allow B.O. to roam free, as well as answering tons of other questions about what this is and what it will and won't do. I'm not going to taint this with opinions, because frankly I still don't know what I think about this. So read it and decide for yourself. The following is a response from the Cult of the Dead Cow regarding their Back Orifice program. I've posted it unedited (well, I did try to HTML it a bit) for the benefit of interested readers. Read at your own risk.
```
________________________________________________________
                         _   _
  MEDIA RESPONSE        ((___))         MEDIA RESPONSE
     7/29/98            [ x x ]            7/29/98
                            /
                         (' ')
                          (U)

__________________www.cultdeadcow.com___________________
```
With regard to Slashdot's 7/28/98 article about cDc's Back Orifice application (http://www.slashdot.org/articles/980728/1320244.shtml)
- ... read about some interesting software that allows you to remotely, well, administer Windows boxes. The sad part is Microsoft will probably divert this as nothing more than a trivial attack and then throw the technology into a subsequent release of the product. But it is this sort of thing we need to keep Microsoft on their toes. Excuse the bad Latin (again), but Carpete Diem! Update Is this a hoax? It sure looks suspicious. You do need to run a client program, so it doesn't seem that evil- unless munchkins can sneak into your office under cover of darkness and add it to your startup group...
THE CULT OF THE DEAD COW was very interested to read yesterday's feedback on Slashdot regarding cDc's imminent release of BACK ORIFICE. We believe such a tool has been eagerly awaited by the user community and judging from the positive responses, it appears we're right.
We would, however, like to correct a few errors reported about Back Orifice and answer a few questions.
cDc? DON'T THEY PUBLISH TEXT FILES?
cDc enjoys publishing text-files, but there's much more to the CULT OF THE DEAD COW than that. Have you read what we've been up to in China, for instance? Check out cDc #356, or our Media List
- http://www.cultdeadcow.com/cDc_files/cDc-0356.html
  http://www.cultdeadcow.com/news/medialist.htm
IS BACK ORIFICE A HOAX?
The name is "Back Orifice", not "Back Office"; "Back Office" is, as you know, trademarked Microsoft. And yes, Back Orifice is real.
We will be demonstrating it at Defcon 6 in Las Vegas the weekend of August first, so if you're there, you'll see it with your own eyes. Depending on how quickly we recover from hang-overs, gambling debts, debauchery and Microsoft intrigues, it should be available for download from
- http://www.cultdeadcow.com
on Monday, August 3 or thereabouts.
IS IT A TROJAN HORSE?
"Let me get this straight -- if I install this Trojan cum virus on my Windows 95 or 98 system, I'm toast? What a revelation. Major security hole." -- Paul Leach, Microsoft. source: NTBugTraq
We prefer to call Back Orifice a "remote administration tool." I suppose in the most general sense, someone might call Back Orifice a "Trojan Horse," but that would be a gross over-simplification and inaccurate. Trojan Horses generally have very specific, pre-programmed goals -- usually destructive. Unlike most Trojan Horses, there is nothing inherently destructive about Back Orifice. Nelson Minar's observation that Back Orifice _resembles_ a "root-kit for Windows" would be more accurate.
Back Orifice doesn't need to be installed on the end-user's machine _by_ the end-user, contrary to what Paul Leach thinks. (Nor is his judgement about Back Orifice especially useful.)
The security holes in Windows already exist. Sir Dystic points a few of the holes in the OS in cDc #338. Dildog demonstrates in cDc #351, "The Tao of Windows Buffer Overflow",
- http://www.cultdeadcow.com/cDc_files/cDc-351/
a stereotypical security hole in a Microsoft application. In fact, borrowing the words of a well-known security expert, cDc #351 could be subtitled, "If I install a Microsoft application on my Windows 95 or 98 system, I'm toast? What a revelation."
In his file, Dildog posits a situation where one might get an e-mail with a Microsoft NetMeeting 'SpeedDial' CNF file attachment. The e-mail says, "My girlfriend and I want you to watch us fuck while you spank it! Call us soon, we're horny!" Launching the NetMeeting attachment could trigger a buffer overflow exploit which could be used to install a Trojan Horse (or anything else!) onto your system.
Zero, one of Slashdot's readers, was more succinct:
- As for getting it [Back Orifice] to install, I could go through quite an extensive list on possible ways to get it installed. future discovered bugs will open new ways to insert this application. The program itself isn't an exploit
OTHER QUESTIONS?
A few questions voiced by slashdot readers in the message forum:
Q: Tril wants to know: what happens if you try to install Back Orifice on a system that already has it?
A: As it happens, multiple instances of Back Orifice can be installed on a system and be running concurrently, each listening on different (user-configurable) ports.
Q: Bill McCarthy asks: what good would something like BO be in light of well-placed firewall security measures? Is BO something that can pierce firewalls once installed?
A: Depends on how well-placed the security measures are and what they are. Generally Firewalls are more permissive about outbound connections than they are inbound connections. So it is possible to operate BO across a firewall (depending on the circumstances) and it is also possible to install BO across a firewall (depending on the circumstances). But BO in itself isn't designed with Firewall intrusion in mind.
Q: Kent Wang heard that SMS will do the same thing [systems management]. What's the diff?
A: SMS has more (and different) features and whether it actually works as advertised is arguable. BO is free; is only about 120 Kbytes in size; and it works. You can also write your own custom plug-ins for BO: its architecture is easily extensible.
For further details or lucrative film offers, please contact:
The Deth Vegetable
Minister of Propaganda
CULT OF THE DEAD COW
veggie@cultdeadcow.com
.......................................................................
The CULT OF THE DEAD COW (cDc) is the most influential group of hackers in the world. Formed in 1984, the cDc has done everything from publish the longest running e-zine on the Internet to diddling military networks around the globe. We could go on, but who's got the time. Journalists can check out the Medialist link on our Web site for more background information. Cheerio. "cDc. It's alla'bout style, jackass."
cDc Responds to Questions About Back Orifice

News · News · 1998-07-29 21:29 · posted by CmdrTaco · from the stuff-to-read dept. · 0 comments
Omega from the Cult of the Dead Cow has written up a series of answers to questions posed in the article we ran Wed. on Back Orifice, the remote administration program that will be released on the first week of august at Defcon 6. They talk about buffer underruns and other security holes that will allow B.O. to roam free, as well as answering tons of other questions about what this is and what it will and won't do. I'm not going to taint this with opinions, because frankly I still don't know what I think about this. So read it and decide for yourself. The following is a response from the Cult of the Dead Cow regarding their Back Orifice program. I've posted it unedited (well, I did try to HTML it a bit) for the benefit of interested readers. Read at your own risk.
```
________________________________________________________
                         _   _
  MEDIA RESPONSE        ((___))         MEDIA RESPONSE
     7/29/98            [ x x ]            7/29/98
                            /
                         (' ')
                          (U)

__________________www.cultdeadcow.com___________________
```
With regard to Slashdot's 7/28/98 article about cDc's Back Orifice application (http://www.slashdot.org/articles/980728/1320244.shtml)
- ... read about some interesting software that allows you to remotely, well, administer Windows boxes. The sad part is Microsoft will probably divert this as nothing more than a trivial attack and then throw the technology into a subsequent release of the product. But it is this sort of thing we need to keep Microsoft on their toes. Excuse the bad Latin (again), but Carpete Diem! Update Is this a hoax? It sure looks suspicious. You do need to run a client program, so it doesn't seem that evil- unless munchkins can sneak into your office under cover of darkness and add it to your startup group...
THE CULT OF THE DEAD COW was very interested to read yesterday's feedback on Slashdot regarding cDc's imminent release of BACK ORIFICE. We believe such a tool has been eagerly awaited by the user community and judging from the positive responses, it appears we're right.
We would, however, like to correct a few errors reported about Back Orifice and answer a few questions.
cDc? DON'T THEY PUBLISH TEXT FILES?
cDc enjoys publishing text-files, but there's much more to the CULT OF THE DEAD COW than that. Have you read what we've been up to in China, for instance? Check out cDc #356, or our Media List
- http://www.cultdeadcow.com/cDc_files/cDc-0356.html
  http://www.cultdeadcow.com/news/medialist.htm
IS BACK ORIFICE A HOAX?
The name is "Back Orifice", not "Back Office"; "Back Office" is, as you know, trademarked Microsoft. And yes, Back Orifice is real.
We will be demonstrating it at Defcon 6 in Las Vegas the weekend of August first, so if you're there, you'll see it with your own eyes. Depending on how quickly we recover from hang-overs, gambling debts, debauchery and Microsoft intrigues, it should be available for download from
- http://www.cultdeadcow.com
on Monday, August 3 or thereabouts.
IS IT A TROJAN HORSE?
"Let me get this straight -- if I install this Trojan cum virus on my Windows 95 or 98 system, I'm toast? What a revelation. Major security hole." -- Paul Leach, Microsoft. source: NTBugTraq
We prefer to call Back Orifice a "remote administration tool." I suppose in the most general sense, someone might call Back Orifice a "Trojan Horse," but that would be a gross over-simplification and inaccurate. Trojan Horses generally have very specific, pre-programmed goals -- usually destructive. Unlike most Trojan Horses, there is nothing inherently destructive about Back Orifice. Nelson Minar's observation that Back Orifice _resembles_ a "root-kit for Windows" would be more accurate.
Back Orifice doesn't need to be installed on the end-user's machine _by_ the end-user, contrary to what Paul Leach thinks. (Nor is his judgement about Back Orifice especially useful.)
The security holes in Windows already exist. Sir Dystic points a few of the holes in the OS in cDc #338. Dildog demonstrates in cDc #351, "The Tao of Windows Buffer Overflow",
- http://www.cultdeadcow.com/cDc_files/cDc-351/
a stereotypical security hole in a Microsoft application. In fact, borrowing the words of a well-known security expert, cDc #351 could be subtitled, "If I install a Microsoft application on my Windows 95 or 98 system, I'm toast? What a revelation."
In his file, Dildog posits a situation where one might get an e-mail with a Microsoft NetMeeting 'SpeedDial' CNF file attachment. The e-mail says, "My girlfriend and I want you to watch us fuck while you spank it! Call us soon, we're horny!" Launching the NetMeeting attachment could trigger a buffer overflow exploit which could be used to install a Trojan Horse (or anything else!) onto your system.
Zero, one of Slashdot's readers, was more succinct:
- As for getting it [Back Orifice] to install, I could go through quite an extensive list on possible ways to get it installed. future discovered bugs will open new ways to insert this application. The program itself isn't an exploit
OTHER QUESTIONS?
A few questions voiced by slashdot readers in the message forum:
Q: Tril wants to know: what happens if you try to install Back Orifice on a system that already has it?
A: As it happens, multiple instances of Back Orifice can be installed on a system and be running concurrently, each listening on different (user-configurable) ports.
Q: Bill McCarthy asks: what good would something like BO be in light of well-placed firewall security measures? Is BO something that can pierce firewalls once installed?
A: Depends on how well-placed the security measures are and what they are. Generally Firewalls are more permissive about outbound connections than they are inbound connections. So it is possible to operate BO across a firewall (depending on the circumstances) and it is also possible to install BO across a firewall (depending on the circumstances). But BO in itself isn't designed with Firewall intrusion in mind.
Q: Kent Wang heard that SMS will do the same thing [systems management]. What's the diff?
A: SMS has more (and different) features and whether it actually works as advertised is arguable. BO is free; is only about 120 Kbytes in size; and it works. You can also write your own custom plug-ins for BO: its architecture is easily extensible.
For further details or lucrative film offers, please contact:
The Deth Vegetable
Minister of Propaganda
CULT OF THE DEAD COW
veggie@cultdeadcow.com
.......................................................................
The CULT OF THE DEAD COW (cDc) is the most influential group of hackers in the world. Formed in 1984, the cDc has done everything from publish the longest running e-zine on the Internet to diddling military networks around the globe. We could go on, but who's got the time. Journalists can check out the Medialist link on our Web site for more background information. Cheerio. "cDc. It's alla'bout style, jackass."
cDc Responds to Questions About Back Orifice

News · News · 1998-07-29 21:29 · posted by CmdrTaco · from the stuff-to-read dept. · 0 comments
Omega from the Cult of the Dead Cow has written up a series of answers to questions posed in the article we ran Wed. on Back Orifice, the remote administration program that will be released on the first week of august at Defcon 6. They talk about buffer underruns and other security holes that will allow B.O. to roam free, as well as answering tons of other questions about what this is and what it will and won't do. I'm not going to taint this with opinions, because frankly I still don't know what I think about this. So read it and decide for yourself. The following is a response from the Cult of the Dead Cow regarding their Back Orifice program. I've posted it unedited (well, I did try to HTML it a bit) for the benefit of interested readers. Read at your own risk.
```
________________________________________________________
                         _   _
  MEDIA RESPONSE        ((___))         MEDIA RESPONSE
     7/29/98            [ x x ]            7/29/98
                            /
                         (' ')
                          (U)

__________________www.cultdeadcow.com___________________
```
With regard to Slashdot's 7/28/98 article about cDc's Back Orifice application (http://www.slashdot.org/articles/980728/1320244.shtml)
- ... read about some interesting software that allows you to remotely, well, administer Windows boxes. The sad part is Microsoft will probably divert this as nothing more than a trivial attack and then throw the technology into a subsequent release of the product. But it is this sort of thing we need to keep Microsoft on their toes. Excuse the bad Latin (again), but Carpete Diem! Update Is this a hoax? It sure looks suspicious. You do need to run a client program, so it doesn't seem that evil- unless munchkins can sneak into your office under cover of darkness and add it to your startup group...
THE CULT OF THE DEAD COW was very interested to read yesterday's feedback on Slashdot regarding cDc's imminent release of BACK ORIFICE. We believe such a tool has been eagerly awaited by the user community and judging from the positive responses, it appears we're right.
We would, however, like to correct a few errors reported about Back Orifice and answer a few questions.
cDc? DON'T THEY PUBLISH TEXT FILES?
cDc enjoys publishing text-files, but there's much more to the CULT OF THE DEAD COW than that. Have you read what we've been up to in China, for instance? Check out cDc #356, or our Media List
- http://www.cultdeadcow.com/cDc_files/cDc-0356.html
  http://www.cultdeadcow.com/news/medialist.htm
IS BACK ORIFICE A HOAX?
The name is "Back Orifice", not "Back Office"; "Back Office" is, as you know, trademarked Microsoft. And yes, Back Orifice is real.
We will be demonstrating it at Defcon 6 in Las Vegas the weekend of August first, so if you're there, you'll see it with your own eyes. Depending on how quickly we recover from hang-overs, gambling debts, debauchery and Microsoft intrigues, it should be available for download from
- http://www.cultdeadcow.com
on Monday, August 3 or thereabouts.
IS IT A TROJAN HORSE?
"Let me get this straight -- if I install this Trojan cum virus on my Windows 95 or 98 system, I'm toast? What a revelation. Major security hole." -- Paul Leach, Microsoft. source: NTBugTraq
We prefer to call Back Orifice a "remote administration tool." I suppose in the most general sense, someone might call Back Orifice a "Trojan Horse," but that would be a gross over-simplification and inaccurate. Trojan Horses generally have very specific, pre-programmed goals -- usually destructive. Unlike most Trojan Horses, there is nothing inherently destructive about Back Orifice. Nelson Minar's observation that Back Orifice _resembles_ a "root-kit for Windows" would be more accurate.
Back Orifice doesn't need to be installed on the end-user's machine _by_ the end-user, contrary to what Paul Leach thinks. (Nor is his judgement about Back Orifice especially useful.)
The security holes in Windows already exist. Sir Dystic points a few of the holes in the OS in cDc #338. Dildog demonstrates in cDc #351, "The Tao of Windows Buffer Overflow",
- http://www.cultdeadcow.com/cDc_files/cDc-351/
a stereotypical security hole in a Microsoft application. In fact, borrowing the words of a well-known security expert, cDc #351 could be subtitled, "If I install a Microsoft application on my Windows 95 or 98 system, I'm toast? What a revelation."
In his file, Dildog posits a situation where one might get an e-mail with a Microsoft NetMeeting 'SpeedDial' CNF file attachment. The e-mail says, "My girlfriend and I want you to watch us fuck while you spank it! Call us soon, we're horny!" Launching the NetMeeting attachment could trigger a buffer overflow exploit which could be used to install a Trojan Horse (or anything else!) onto your system.
Zero, one of Slashdot's readers, was more succinct:
- As for getting it [Back Orifice] to install, I could go through quite an extensive list on possible ways to get it installed. future discovered bugs will open new ways to insert this application. The program itself isn't an exploit
OTHER QUESTIONS?
A few questions voiced by slashdot readers in the message forum:
Q: Tril wants to know: what happens if you try to install Back Orifice on a system that already has it?
A: As it happens, multiple instances of Back Orifice can be installed on a system and be running concurrently, each listening on different (user-configurable) ports.
Q: Bill McCarthy asks: what good would something like BO be in light of well-placed firewall security measures? Is BO something that can pierce firewalls once installed?
A: Depends on how well-placed the security measures are and what they are. Generally Firewalls are more permissive about outbound connections than they are inbound connections. So it is possible to operate BO across a firewall (depending on the circumstances) and it is also possible to install BO across a firewall (depending on the circumstances). But BO in itself isn't designed with Firewall intrusion in mind.
Q: Kent Wang heard that SMS will do the same thing [systems management]. What's the diff?
A: SMS has more (and different) features and whether it actually works as advertised is arguable. BO is free; is only about 120 Kbytes in size; and it works. You can also write your own custom plug-ins for BO: its architecture is easily extensible.
For further details or lucrative film offers, please contact:
The Deth Vegetable
Minister of Propaganda
CULT OF THE DEAD COW
veggie@cultdeadcow.com
.......................................................................
The CULT OF THE DEAD COW (cDc) is the most influential group of hackers in the world. Formed in 1984, the cDc has done everything from publish the longest running e-zine on the Internet to diddling military networks around the globe. We could go on, but who's got the time. Journalists can check out the Medialist link on our Web site for more background information. Cheerio. "cDc. It's alla'bout style, jackass."
cDc Responds to Questions About Back Orifice

News · News · 1998-07-29 21:29 · posted by CmdrTaco · from the stuff-to-read dept. · 0 comments
Omega from the Cult of the Dead Cow has written up a series of answers to questions posed in the article we ran Wed. on Back Orifice, the remote administration program that will be released on the first week of august at Defcon 6. They talk about buffer underruns and other security holes that will allow B.O. to roam free, as well as answering tons of other questions about what this is and what it will and won't do. I'm not going to taint this with opinions, because frankly I still don't know what I think about this. So read it and decide for yourself. The following is a response from the Cult of the Dead Cow regarding their Back Orifice program. I've posted it unedited (well, I did try to HTML it a bit) for the benefit of interested readers. Read at your own risk.
```
________________________________________________________
                         _   _
  MEDIA RESPONSE        ((___))         MEDIA RESPONSE
     7/29/98            [ x x ]            7/29/98
                            /
                         (' ')
                          (U)

__________________www.cultdeadcow.com___________________
```
With regard to Slashdot's 7/28/98 article about cDc's Back Orifice application (http://www.slashdot.org/articles/980728/1320244.shtml)
- ... read about some interesting software that allows you to remotely, well, administer Windows boxes. The sad part is Microsoft will probably divert this as nothing more than a trivial attack and then throw the technology into a subsequent release of the product. But it is this sort of thing we need to keep Microsoft on their toes. Excuse the bad Latin (again), but Carpete Diem! Update Is this a hoax? It sure looks suspicious. You do need to run a client program, so it doesn't seem that evil- unless munchkins can sneak into your office under cover of darkness and add it to your startup group...
THE CULT OF THE DEAD COW was very interested to read yesterday's feedback on Slashdot regarding cDc's imminent release of BACK ORIFICE. We believe such a tool has been eagerly awaited by the user community and judging from the positive responses, it appears we're right.
We would, however, like to correct a few errors reported about Back Orifice and answer a few questions.
cDc? DON'T THEY PUBLISH TEXT FILES?
cDc enjoys publishing text-files, but there's much more to the CULT OF THE DEAD COW than that. Have you read what we've been up to in China, for instance? Check out cDc #356, or our Media List
- http://www.cultdeadcow.com/cDc_files/cDc-0356.html
  http://www.cultdeadcow.com/news/medialist.htm
IS BACK ORIFICE A HOAX?
The name is "Back Orifice", not "Back Office"; "Back Office" is, as you know, trademarked Microsoft. And yes, Back Orifice is real.
We will be demonstrating it at Defcon 6 in Las Vegas the weekend of August first, so if you're there, you'll see it with your own eyes. Depending on how quickly we recover from hang-overs, gambling debts, debauchery and Microsoft intrigues, it should be available for download from
- http://www.cultdeadcow.com
on Monday, August 3 or thereabouts.
IS IT A TROJAN HORSE?
"Let me get this straight -- if I install this Trojan cum virus on my Windows 95 or 98 system, I'm toast? What a revelation. Major security hole." -- Paul Leach, Microsoft. source: NTBugTraq
We prefer to call Back Orifice a "remote administration tool." I suppose in the most general sense, someone might call Back Orifice a "Trojan Horse," but that would be a gross over-simplification and inaccurate. Trojan Horses generally have very specific, pre-programmed goals -- usually destructive. Unlike most Trojan Horses, there is nothing inherently destructive about Back Orifice. Nelson Minar's observation that Back Orifice _resembles_ a "root-kit for Windows" would be more accurate.
Back Orifice doesn't need to be installed on the end-user's machine _by_ the end-user, contrary to what Paul Leach thinks. (Nor is his judgement about Back Orifice especially useful.)
The security holes in Windows already exist. Sir Dystic points a few of the holes in the OS in cDc #338. Dildog demonstrates in cDc #351, "The Tao of Windows Buffer Overflow",
- http://www.cultdeadcow.com/cDc_files/cDc-351/
a stereotypical security hole in a Microsoft application. In fact, borrowing the words of a well-known security expert, cDc #351 could be subtitled, "If I install a Microsoft application on my Windows 95 or 98 system, I'm toast? What a revelation."
In his file, Dildog posits a situation where one might get an e-mail with a Microsoft NetMeeting 'SpeedDial' CNF file attachment. The e-mail says, "My girlfriend and I want you to watch us fuck while you spank it! Call us soon, we're horny!" Launching the NetMeeting attachment could trigger a buffer overflow exploit which could be used to install a Trojan Horse (or anything else!) onto your system.
Zero, one of Slashdot's readers, was more succinct:
- As for getting it [Back Orifice] to install, I could go through quite an extensive list on possible ways to get it installed. future discovered bugs will open new ways to insert this application. The program itself isn't an exploit
OTHER QUESTIONS?
A few questions voiced by slashdot readers in the message forum:
Q: Tril wants to know: what happens if you try to install Back Orifice on a system that already has it?
A: As it happens, multiple instances of Back Orifice can be installed on a system and be running concurrently, each listening on different (user-configurable) ports.
Q: Bill McCarthy asks: what good would something like BO be in light of well-placed firewall security measures? Is BO something that can pierce firewalls once installed?
A: Depends on how well-placed the security measures are and what they are. Generally Firewalls are more permissive about outbound connections than they are inbound connections. So it is possible to operate BO across a firewall (depending on the circumstances) and it is also possible to install BO across a firewall (depending on the circumstances). But BO in itself isn't designed with Firewall intrusion in mind.
Q: Kent Wang heard that SMS will do the same thing [systems management]. What's the diff?
A: SMS has more (and different) features and whether it actually works as advertised is arguable. BO is free; is only about 120 Kbytes in size; and it works. You can also write your own custom plug-ins for BO: its architecture is easily extensible.
For further details or lucrative film offers, please contact:
The Deth Vegetable
Minister of Propaganda
CULT OF THE DEAD COW
veggie@cultdeadcow.com
.......................................................................
The CULT OF THE DEAD COW (cDc) is the most influential group of hackers in the world. Formed in 1984, the cDc has done everything from publish the longest running e-zine on the Internet to diddling military networks around the globe. We could go on, but who's got the time. Journalists can check out the Medialist link on our Web site for more background information. Cheerio. "cDc. It's alla'bout style, jackass."
cDc Responds to Questions About Back Orifice

News · News · 1998-07-29 21:29 · posted by CmdrTaco · from the stuff-to-read dept. · 0 comments
Omega from the Cult of the Dead Cow has written up a series of answers to questions posed in the article we ran Wed. on Back Orifice, the remote administration program that will be released on the first week of august at Defcon 6. They talk about buffer underruns and other security holes that will allow B.O. to roam free, as well as answering tons of other questions about what this is and what it will and won't do. I'm not going to taint this with opinions, because frankly I still don't know what I think about this. So read it and decide for yourself. The following is a response from the Cult of the Dead Cow regarding their Back Orifice program. I've posted it unedited (well, I did try to HTML it a bit) for the benefit of interested readers. Read at your own risk.
```
________________________________________________________
                         _   _
  MEDIA RESPONSE        ((___))         MEDIA RESPONSE
     7/29/98            [ x x ]            7/29/98
                            /
                         (' ')
                          (U)

__________________www.cultdeadcow.com___________________
```
With regard to Slashdot's 7/28/98 article about cDc's Back Orifice application (http://www.slashdot.org/articles/980728/1320244.shtml)
- ... read about some interesting software that allows you to remotely, well, administer Windows boxes. The sad part is Microsoft will probably divert this as nothing more than a trivial attack and then throw the technology into a subsequent release of the product. But it is this sort of thing we need to keep Microsoft on their toes. Excuse the bad Latin (again), but Carpete Diem! Update Is this a hoax? It sure looks suspicious. You do need to run a client program, so it doesn't seem that evil- unless munchkins can sneak into your office under cover of darkness and add it to your startup group...
THE CULT OF THE DEAD COW was very interested to read yesterday's feedback on Slashdot regarding cDc's imminent release of BACK ORIFICE. We believe such a tool has been eagerly awaited by the user community and judging from the positive responses, it appears we're right.
We would, however, like to correct a few errors reported about Back Orifice and answer a few questions.
cDc? DON'T THEY PUBLISH TEXT FILES?
cDc enjoys publishing text-files, but there's much more to the CULT OF THE DEAD COW than that. Have you read what we've been up to in China, for instance? Check out cDc #356, or our Media List
- http://www.cultdeadcow.com/cDc_files/cDc-0356.html
  http://www.cultdeadcow.com/news/medialist.htm
IS BACK ORIFICE A HOAX?
The name is "Back Orifice", not "Back Office"; "Back Office" is, as you know, trademarked Microsoft. And yes, Back Orifice is real.
We will be demonstrating it at Defcon 6 in Las Vegas the weekend of August first, so if you're there, you'll see it with your own eyes. Depending on how quickly we recover from hang-overs, gambling debts, debauchery and Microsoft intrigues, it should be available for download from
- http://www.cultdeadcow.com
on Monday, August 3 or thereabouts.
IS IT A TROJAN HORSE?
"Let me get this straight -- if I install this Trojan cum virus on my Windows 95 or 98 system, I'm toast? What a revelation. Major security hole." -- Paul Leach, Microsoft. source: NTBugTraq
We prefer to call Back Orifice a "remote administration tool." I suppose in the most general sense, someone might call Back Orifice a "Trojan Horse," but that would be a gross over-simplification and inaccurate. Trojan Horses generally have very specific, pre-programmed goals -- usually destructive. Unlike most Trojan Horses, there is nothing inherently destructive about Back Orifice. Nelson Minar's observation that Back Orifice _resembles_ a "root-kit for Windows" would be more accurate.
Back Orifice doesn't need to be installed on the end-user's machine _by_ the end-user, contrary to what Paul Leach thinks. (Nor is his judgement about Back Orifice especially useful.)
The security holes in Windows already exist. Sir Dystic points a few of the holes in the OS in cDc #338. Dildog demonstrates in cDc #351, "The Tao of Windows Buffer Overflow",
- http://www.cultdeadcow.com/cDc_files/cDc-351/
a stereotypical security hole in a Microsoft application. In fact, borrowing the words of a well-known security expert, cDc #351 could be subtitled, "If I install a Microsoft application on my Windows 95 or 98 system, I'm toast? What a revelation."
In his file, Dildog posits a situation where one might get an e-mail with a Microsoft NetMeeting 'SpeedDial' CNF file attachment. The e-mail says, "My girlfriend and I want you to watch us fuck while you spank it! Call us soon, we're horny!" Launching the NetMeeting attachment could trigger a buffer overflow exploit which could be used to install a Trojan Horse (or anything else!) onto your system.
Zero, one of Slashdot's readers, was more succinct:
- As for getting it [Back Orifice] to install, I could go through quite an extensive list on possible ways to get it installed. future discovered bugs will open new ways to insert this application. The program itself isn't an exploit
OTHER QUESTIONS?
A few questions voiced by slashdot readers in the message forum:
Q: Tril wants to know: what happens if you try to install Back Orifice on a system that already has it?
A: As it happens, multiple instances of Back Orifice can be installed on a system and be running concurrently, each listening on different (user-configurable) ports.
Q: Bill McCarthy asks: what good would something like BO be in light of well-placed firewall security measures? Is BO something that can pierce firewalls once installed?
A: Depends on how well-placed the security measures are and what they are. Generally Firewalls are more permissive about outbound connections than they are inbound connections. So it is possible to operate BO across a firewall (depending on the circumstances) and it is also possible to install BO across a firewall (depending on the circumstances). But BO in itself isn't designed with Firewall intrusion in mind.
Q: Kent Wang heard that SMS will do the same thing [systems management]. What's the diff?
A: SMS has more (and different) features and whether it actually works as advertised is arguable. BO is free; is only about 120 Kbytes in size; and it works. You can also write your own custom plug-ins for BO: its architecture is easily extensible.
For further details or lucrative film offers, please contact:
The Deth Vegetable
Minister of Propaganda
CULT OF THE DEAD COW
veggie@cultdeadcow.com
.......................................................................
The CULT OF THE DEAD COW (cDc) is the most influential group of hackers in the world. Formed in 1984, the cDc has done everything from publish the longest running e-zine on the Internet to diddling military networks around the globe. We could go on, but who's got the time. Journalists can check out the Medialist link on our Web site for more background information. Cheerio. "cDc. It's alla'bout style, jackass."
Back Office Remote Administration

Microsoft · 1998-07-28 01:20 · posted by ryuzaki0 · from the cdc-strikes-again! dept. · 0 comments

Minga sent us this story where you can read about some interesting software that allows you to remotely, well, administer Windows boxes. The sad part is Microsoft will probably divert this as nothing more than a trivial attack and then throw the technology into a subsequent release of the product. But it is this sort of thing we need to keep Microsoft on their toes. Excuse the bad Latin (again), but Carpete Diem! Update Is this a hoax? It sure looks suspicious. You do need to run a client program, so it doesn't seem that evil- unless munchkins can sneak into your office under cover of darkness and add it to your startup group...