Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Phrack

Posted by michael on from the things-man-wasn't-meant-to-know dept.

Anonymous Coward writes "A new issue of the Phrack Magazine, #60 has been released today. It details some decent technique about kernel exploitation (OpenBSD), Cisco remote exploit, how to backdoor a core bzimage kernel and other stuff. The ascii based magazine is available at phrack.org."

3 of 239 comments (clear)

  1. Re:Gray hat? by SuperDuG · · Score: 5, Informative
    I think the one thing that people need to get out of their heads is the common misconception of a "black hat hacker or cracker". The terminology is quite specific as:

    - "sript kiddie" refers to someone with little or no maturity that uses an automated exploit scan program that makes hacks a matter of happenstance if anything else.

    - "cracker" is one step higher from a script kiddie as this is a person who actually has a target in mind, but is not randomly screening. Usually a cracker will gain access by acquring a password (hence cracker). There are many ways to do this, but the more calculated attacks are usually by a cracker that is persistent.

    - "black hat hackers" these are the guys you rarely hear about as they're main goal in life is to be where they shouldn't be and make sure that they're the only ones that know what they are doing. This is the sexiest of illegal hackers as these are the types that actually get into the "unbreakable" systems and really do know their shit. These people work for the government usually (and not just American) and some are even employed without wanting to be (part of a plea bargain). These are the type of people that you want to not be interested in your system as with a certain amount of time they will get into your system.

    I'm not implying you don't know this, I was meerly trying to elaborate further on your post. And not everything these "Evil Hackers" do is all that bad. Many "script kiddie" tools are useful in testing your own systems for holes or exploits, if you have the same toys as they do, they can't beat you.

    Grey hats are where most all computer type people belong, where we all usually do good, but we do know some tricks of the trade. Like an automechanic who knows how to hotwire a car or jimmy a lock open, does that make him a criminal? Same goes for anyone who is a professional locksmith (make the best theives?), doctors (make the best killers?), and bomb squad officiers (make the best bomb builders?). The joy of being a grey hat is knowing enough to protect yourself because you've been there before.

    Case-In-Point ... the most secure server is one that is unplugged and buried in the middle of the earth, and that's still questionable.

    --
    Ignore the "p2p is theft" trolls, they're just uninformed
  2. OpenBSD vulnerability has been fixed in August by OttoM · · Score: 5, Informative
    Patches for OpenBSD 3.0 and 3.1 were submitted August 11, 2002. OpenBSD 3.2 was released with the patched code. See errata page.

    While interesting, the article describes a vulnerability that already has been fixed.

  3. read Kevin Mitnick's story by r5t8i6y3 · · Score: 5, Informative

    this, IMHO, is the most valuable information in Phrack 60:

    Kevin Mitnick wrote a book, "The Art of Deception". The first chapter
    has been deleted by the publisher at the last minute. It's available
    on the internet:
    http://www.wired.com/news/culture/0,1284,56187,00. html
    http://littlegreenguy.fateback.com/chapter1/Chapte r%201%20-%20Banned%20Edition.doc

    [i linked this Phrack quote because Slash adds a space character to strings that wordwrap - can anyone tell me how to prevent this from happening?]