Slashdot Mirror
Hackers: Under The Hood
jyre writes "ZDNet Australia has a special report that profiles and interviews five hackers over the next five days. Day 1: Raven Alder's page is up now (inludes photos). Day 2 will be Attrion.org creator, Jericho. Day 3: Adrian Lamo. Day 4: Kevin Mitnick and Day 5: L0phtCrack creator, Mudge."
I love attrion.org! It's the best way to start my day, opening the old browser and surfing on over to attrion! First on my list of things to do in the morning!
:)
Mods don't hurt me
Flying Jesus!
The total amount I care about self-proclaimed "H4xx04s?"
0.
This is to be expected from a mainstream publication that intends to present "hacking" in a mainstream light. I say, read at your own risk.
dude, that's her first grade photo.
But are they going to define hacker? Are people going to see this as a bunch of articles about some scum who break into computers, or are they going to see a bunch of articles about people who have an intimate knowledge of computers? Either the meaning of the word hacker needs to change, or another word for the computer savvy needs to be found.
more high profile 'hackers' explaining their driving influences. Raven Alder bashing script kiddies and suggesting that users learn how to use their toys is a good way to start. I wouldn't argue for a second with a girl that is as cute as Bjork and could audit my security.
"Lame" - Galaxar
Mmmmm... L0pht password cracker. *urgh!* "Me use brute force!" *urgh!*
I'm actually surprised there have not been more television biographies on hackers. It seems A&E Biographies, Discovery Channel, Learning Channel etc. would want to tell these stories.
www.reeddavid.com
You like looking at the IE error page? Weirdo ;P
Everyone should know that it is ATTRITION.org, anyhow (and, at least, the link is correct).
Self-styled 1337 h4x0rs aren't particularly skilled with computers. They just do stupid shit that other more mature computer users won't waste their time on.
If I was a loser I could burgle houses if I chose to. It's not exactly difficult. Even the rich neighborhoods would be easy pickings. I'm sure I could break into many places before I got caught. But I'd still be a loser.
So why are the computerland equivalent of dirty little sneak thieves constantly being feted as heroes and geniuses all the damn time?
I hate movies like 'Hackers' which give zit-faced teenage virgins the idea that they'll get to screw Angelina Jolie if only they could be 1337...
Raven's my coworker. Quite techincally, she rocks. and oh, that tit size comment? ... (a direct quote)
"Fuck you ".
And yes, she's talking about You
da w00t. mtfnpy?
You obviously haven't ever met any really ugly women. Trust me, they get a lot worse than that. Think Jean Teasdale from The Onion.
That's about the most perfect example of what she's talking about anybody could have come up with...
Yeah alright, they had a defacement archive back in the day, they're dried out now. What have they done since then and really what good was the defacement archive? All it really did was encourage defacements.
The other guys have either shown skill, or created something. And lets shut up about "cracker v.s hacker" BS. Hacking is a SKILL SET, you can define black hat, grey hat, white hat from there if you want. Just because someone breaks the law doesn't mean they aren't a good "hacker" and are suddenly a "cracker".
Also remember not all intruders are "dumb kiddies" there takes skill in a real intrusion even if you are using pre-canned exploits. There is a hacking mindset to getting into places. Its the same mindset used in writing unique code, among other things. Its not all dotslash. Thats like saying U.S Special Forces are 'kiddies' since all they do is a pull a trigger. Wrong.
So tired of these people ranting and raving about 'cracking'. Get your head out of your asses and get off the bandwagon.
If you aren't computer-ignorant. But the media are computer-ignorant, and are happy to stay that way.
A few years ago a major New Zealand ISP was "hacked" -- or so the media said. The biggest talkshow host of the time interviewed the alleged "h4x0r" live, and proclaimed him to be a "computer genius". We were all in deadly and imminent danger of being hacked by guys like him he said.
The "hacker" in question was a 13 year old whose friend's older brother worked for the ISP. The older brother had stupidly given his staff login and password to his kid brother, who had, naturally, shared it with his friend, the "genius hacker". This friend then logged in and deleted a bunch of hosted websites. Pretty frikken 1337, huh?
Take the little assholes out and beat them with wet towels, then make them parade naked through the streets. A fit punishment for such computer Uber-Gurus.
Hi. It's really nice to know that whatever I can do technically, that it's my cup size that really matters. I'm 28. I do backbone security, incident response, vulnerability assessment, and pen-testing. I work in varying capacities with Nessus, Snort, and the Open Source Vulnerability Database. And fuck you. http://www.oneeyedcrow.net/securitygeekfemme.html
If they were really oh so 1337, nobody would have ever heard of them, and they wouldn't be talking about their escapades either.
Si tacuisses philosophus mansisses. If you had kept quiet, you would have remained a philosopher.
At least they didn't regress to the "nice boots" comment you're likely to get at the local g0th club-
LosT
"We are the music makers, and we are the dreamers of dreams."
Feel free to be a self-admitted feminist, but realise that the likes of that group are responsible for banned books in Canada.
Through its decision in the Butler vs. Her Majesty case, the Supreme Court of Canada adopted Catherine MacKinnon's definition of obscenity nearly word for word into Canadian law. This 1992 court decision -- which was vigorously championed by most feminists in Canada and the US -- allows Canadian customs to seize what it judges to be pornography at the border as the material is being imported. In reaching the Butler decision, the Supreme Court acknowledged that it was violating freedom of speech, but it deemed the possible harm that pornography could inflict on women to be of greater legal significance.
Unlike others I generally prefer to keep my opinions of a woman's body to myself. However, I definately can't support any set of ideals that requires mass censorship. I believe that makes me anti-feminist, but moderate.
You, on the other hand, may not be a feminist at all, at least according to that article, although you choose to identify with them.
Pardon me if I came on a bit strong there, but when a select minority-by-choice of people can, at a whim, introduce sweeping censorship laws I get really pissed off.
If you are asking for a change from society's old views of yourself, you might want to avoid clothing yourself in a devil's cloak. In short: Choose a better term than "feminist". I don't believe you are one, and the term carries far too much misandrist baggage for you to be taken seriously.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
First, in the spirit of full disclosure: I know Raven. I know her well enough to be thoroughly impressed by her and her competency. By "thoroughly impressed" I mean "vaguely intimidated", too, and you know, that's not a bad thing to feel. Gives me an incentive to work that much harder. Competition is good.
Reading this thread so far has led me to dismay. What thread dominates? Something that's so crude that it ought to be beneath our dignity to respond, even to condemn it. A few people have jumped on the trolls, modding them down into oblivion or responding to them.
Here's a question: why? All it's doing is giving the trolls publicity. All it's doing is making people think that gender is an issue, because if it wasn't an issue, why would such a firestorm exist? If it wasn't an issue, why wouldn't the trolls just get modded into oblivion and go ignored, like the GNAA trolls?
If you want to make a statement, if you want to condemn the immature and third-grade behavior of the trolls, if you want to say "look, I for one welcome competent people and I don't give a damn what plumbing they've got", the best response is not to jump on the troll bandwagon and respond to them.
Mod them into oblivion, and let them be forgotten.
They are nothing. For nothing, let there be nothing.
If you want to make a statement, if you want to make a stand, if you want to say "look, I have no clue who this woman is, but frankly I'm appalled by some of the behavior here"... well, hey. Respond to this thread. Mod up responses in this thread. Let's take the publicity away from the trolls and put it to productive use. Let's see if we can't get a few dozen Slashdotters to make a positive stand instead of going around and giving the trolls what they want--furor.
It's really nice to know that whatever I can do technically, that it's my cup size that really matters.
You're getting shocked by immature comments on slashdot? Is this your first time here?by raven_alder (772810)
Oh...I guess it is.
P.S. Proud to be unfairly discriminating on the basis of userid, not cup size.
Sounds like a bad chapter from the Acro-nomicon: The Book of the Semantic...
The semantics arguments are just as tired...
LosT
"We are the music makers, and we are the dreamers of dreams."
All feminists don't necessarily agree... just like "hacker" can have a whole bunch of different connotations, so can "feminist". And, like many other minority groups, we are often known by our extremists. I think that makes it all the more important for those of us who *aren't* extremists to use the term rather than abandon it.
For clarity's sake, I am a feminist in the "I believe in equal rights" way, not the "I believe in special treatment" way. I do not believe in or condone banning books. (Indeed, my car has a "Read banned books" sticker on it.) And you can see my take on feminism and porn, as relevant to your linked Foucaultian debate, right on my site. [grin] So, I suspect that we largely agree. Thanks for a thoughtful and intelligent comment. It's refreshing.
and available here
I noticed that in the article you gave some suggestions for what people should learn about.. I'm not nearly advanced enough to delve into any of that, though. I'm not as interested right now in security (just because I don't have the knowledge to approach it at the moment) but I am interested in learning more in general.
;) - perhaps because I'm much better with projects than tests, and the classes I took were centered mostly around tests. I'm still interested in learning more about programming and "how things work" in general, however.
I tried studying CS at my university and found it didn't interest me as much as it did when I studied it on my own (hence my becoming a sociology major
Do you have any suggestions for studying on my own? Would it be best to learn one programming language very well and then apply it to others, or is there a better approach? (One of the things I found frustrating in classes was learning a new language in every class I took, when I don't know any language well at all.) What advice can you give someone who would like to learn more, but doesn't do as well in a traditional CS/EECS/etc academic environment - books, good websites, anything? You also said that you were studying "an unrelated field," so I was curious as to how you went about learning more..
(Personally, I know little bits of C, C++, Python, Perl, and Java, but not enough to do anything significant in any of those.. I also have written a few little shell scripts that don't do much. Otherwise, I'm pretty clueless - but I'd really like to increase my knowledge.)
Thank you in advance to Raven and/or anyone else who gives me some advice.
If you know how to break into a room, you can help people to shut the door. Most security folk are ex-hackers. It seems like Raven is in that catagory. Not that I know much about her outside of the article.
___
It's the end of my comment as I know it and I feel fine.
Admittedly, my only experience working with her was spending three days on the same team as her during last year's capture-the-flag contest at defcon, but it was pretty clear that she's very good at what she does.
The kind of stuff she does is far above and beyond the sort of "easy pickings" you're imagining.
Don't project your own script-kiddyness onto people actually have skills.
Reading the article, I found absolutely nothing to indicate Raven's past is anything less than aboveboard. She has pretty much the same skillset I do (albeit she's better than me in a few areas). I came by my skillset via purely ethical means, so until and unless I get evidence otherwise, I'm going to assume the same holds true for how she got her skills.
It's really nice to know that whatever I can do technically, that it's my cup size that really matters.
I sympathise, knowing as I do that women never joke about male bodyparts.
I'm 28.
I'm 38. That doesn't matter either.
I do backbone security, incident response, vulnerability assessment, and pen-testing. I work in varying capacities with Nessus, Snort, and the Open Source Vulnerability Database.
Whoopee. You must be so proud. The rest of us are scratching our heads, and wondering how to open the box our Packard-Bell was just delivered in.
Honey, if you have to tell people how great you are, you're not great.
And fuck you.
No thanks, I married somebody much classier than you. But hey, thanks for the offer!
Okay, so you don't want to specialize at the moment. Fair enough. I am assuming that your wanting to understand "how things work" is programming in general and not security programming/code audit?
In short, find something that you are interested in and take it apart. [grin] You don't necessarily have to follow a structured academic program to become proficient in a field, whether your intent is to make it your hobby or to make it your profession. My academic background is entirely not in CS, and though I have many friends in CS academia, what they do can be very different indeed from what I do day to day. I learned mostly by experimentation and research on things that I was interested in.
So, find something that you like. Look at the source code, if it's available. Try to figure out what does what. Change things around, and see if you can make it better. One of the best ways to learn for many people is by doing. If you don't know what needs doing, volunteer for a project that is already established and is looking for people. Open Source is so helpful this way -- it feeds your resume *and* helps the community.
My first programming language was Perl. I was told by many geeks that this was a bad choice -- it would give me bad habits if I ever wanted to move to a language with a more rigorous structure. They were right, but it was both a good and bad thing. When I started doing C, and in particular when I started poking at kernel code, I had a lot of extra learning to do. But Perl was still a good way for me to start, because when I started programming I wanted to do quick scripting, not kernel hacking, and the flexibility of Perl was great for me.
You're getting shocked by immature comments on slashdot? Is this your first time here?
Did you actually read the article that Raven wrote and linked to? It was quite insightful...
Far from my first time here, but the first time I bothered to get a login, yes. [grin] I knew someone was going to bust my chops for that.
And no, I wasn't shocked by the immature comments, but I gave the trolls one reply. Why? I'm not interested in an extensive flamewar, but a lot of women just shut up and look uncomfortable when stupid sexist bullshit happens. So, that was my token protest. I'm not intending on feeding them any more, and I doubt I changed any of their minds, but I probably made a few lurking women feel better.
From the article: Gender is a non-issue... If there's one thing [Raven] hates, it's being type-cast as a "chick hacker".
What a fantastic way to start off an interview: with something the interviewee doesn't consider in any way important! Do these people actually objectively read what they write?
Obligatory Python reference: "And did you write this music in the sheds?"
So when do we get to see some articles on the people that really do matter?
Why is it that programmers get no love? What about the programmers who have changed/influenced culture within the last decade in gaming, corporate, or home use.
*tear* all people want to do is tear our software down and praise the people that do it *tear*
Watch the film Gone In 60 Seconds, with Nicholas Cage. It actually deals with the analogy you raise here. On the one hand you have Memphis, a highly skilled car thief with a passion for cars. There are practically no cars that he can't steal, and he steals them because he just loves cars and driving them (during the timeframe of the film he is stealing them to save his kid brother).
:)
On the other hand you have your dumb car thief. In the actual film someone pulls a gun on the big black guy (character name escapes me) who is driving with the window open. He sums it up with the words 'Anyone can pull a gun on somebody' (after he takes out the wannabe carjacker).
Stealing cars is legally and morally wrong, in both of the situations above. It's just that at least Nick Cage put in the time and effort to steal something because it meant something to him. Transfer this analogy to the computer world - script kiddies versus 'skilled hackers'.
I wouldn't want someone to break into my house, but if i had the choice between coming home to find a window smashed, glass all over the floor,graffiti on the wall and all my stuff gone compared to finding the Chubb bolt has been surgically removed from the door and a note saying 'Thanks for the Ming Vase', there'd be at least a slither of admiration for the 'skilled criminal', even though I'd want him arrested and that at the end of the day he's still a thief. People who are good at what they do, whether it's for good or for evil, will always be more respected than the crude, lazy fuckers who try and copy them. A lot of people think of Hitler as a good leader (come on, he was), even though he committed such atrocities.
Note that I'm not actually disagreeing with you, in a perfect world we'd not have to choose the lesser of two evils
Mother, do you think they'll like this sig?
But if you lose your keys and you don't have a backup set stashed anywhere, your next step will be to call a professional thief^H^H^H^H^HLocksmith to break into your house and re-key those locks for you.
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
I work in the security industry (okay, so right now I'm on hiatus from the security industry while I finish my Master's, focusing in security) and I've yet to meet one single reputable ex-cracker.
I highly doubt that.
Perhaps you only know one person who admits to doing enough that you would call them a cracker, but I bet you know of a few more people that have at least done something akin to cracking, and probably a whole bunch more who've decided it would be better to never mention anything like that in their past, despite having done it.
Reading the article, I found absolutely nothing to indicate Raven's past is anything less than aboveboard.
I certainly wouldn't claim to know any specfic person's past , but who DIDN'T have a trick or two up their sleeve in college?
I'm not saying something as serious as changing their grades, but little things that they knew they weren't supposed to be doing, but did anyways.
Life is too short to proofread.
Oh and also lose the name Raven (assuming that's a nickname). Is there something wrong or disturbing or embarrasing about your *shock* real name?
That's a very good point, Anonymous.
My wife and I were in Butler, PA about 2-3 years ago to consult a doctor. We arrived early, and decided to wander around a bit and grab a bite to eat.
So, we walked by a storefront with a sign on it that said "Attrition". I glanced in the windows, saw a bunch of hardware, and took a few more steps before I realized "Hey... I *know* who that is!" I went back and poped in with my daughter, just to say hi. Gist of the conversation:
What really registered with me was that here was a fairly well-known web site, being run out of Butler, of all places. No need to live in NY, LA, Chicago, Boston, or any of those other urban sprawls... just find a nice town, get yourself a net connection, and you're in business.
"Great men are not always wise: neither do the aged understand judgement." Job 32:9
Last month I had the privelage of watching a small hacking competition as part of a larger defense contractors conference. (Southeastern Software Engineering Conference). The had a small network set up to simulate a corporate network and teams attempting to attack it. The team that did the best was a red team from Northropp Grumman (which someone said won the Defcon capture-the-flag competition though I never looked it up).
The thing is, their strategy seemed to be to map the network, then run pre-packaged attacks appropriate for the specific device, then install a backdoor and repeat launching off of the machine they'd taken. Security experts in all their interviews repeatedly state that it is undesirable to do this, (ie, use previously written code for the bulk of their pen testing/attacks). Is there a disconnect between what security experts say and what they actually do?
(I do want to add that the team that won was very impressive, taking about a box an hour through the 6ish hours the contest was run. There was a very small time frame which might have necessitated the canned attacks. But the network was representative with at least 1 dedicated firewall, IDS, and honeypot and computers running windows, linux, and solaris. All with reasonable patching.)
I do security
Raven went to Virginia Tech :-) Let's go Hokies! Even castrated turkies can be hackers, too. *gobble gooble*
Part of the problem is how the term "cracker" gets defined. Do I know people who've cracked systems? Yep. Do I know people who've cracked systems they didn't own and didn't have permission to crack? Yep. Did these people always have solid ethical reasons for it? Yep. For instance, RMS has cracked systems several times, and each time with solid ethical reasons for it. I wouldn't call RMS a cracker.
But people who've done these things for less than ethical reasons? No, I haven't met one single person in the industry with that sort of background who's taken in any way seriously.
Admittedly, I don't know the entire backgrounds of every single person I've met. But all the reputable people I've met have been unanimous in this opinion: if in the past someone's decided to disregard all social law and ethical concerns, there's absolutely no reason to suspect that they're now walking the straight and narrow.
The security field runs on integrity. If you don't have integrity, you've got absolutely nothing. Anyone who hires a security geek whose integrity is blemished is making critical gambles with their essential infrastructure.