Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wired Reports On Korea's First Hacker Con

Posted by Zonk on from the so-happy-together dept.

evanwired writes "Quinn Norton offers a great first-hand account of the first South Korean Hacker con. Marked by conservative dress and polite conversation, the group was nevertheless still very much concerned with the shortcomings of computer security." From the article: "A police crackdown three years ago left South Korea's hacking community broken and fragmented. One of the conference's more animated speakers, 'Xpl017Elz,' complained that many of Korea's best and brightest hackers wound up emigrating to more receptive environments with better pay for security researchers. But he also demonstrated a large and difficult divide between how the hacker communities behave in Korea and the United States. Xpl017Elz's presentation focused on four (of a reported seven) attacks he developed against Red Hat's Fedora Core using ExecShield. He demonstrated privilege escalation, where a logged-in user can become root and take over the machine, and remote code execution, wherein an external attacker can gain root without a login."

40 comments

  1. About time... by __aaclcg7560 · · Score: 1

    The police are going after all those Starcraft/WoW hackers. They need do something more productive with their lives. Maybe hacking Minesweeper on Windows Vista?

    1. Re:About time... by Anonymous Coward · · Score: 0

      Alas, There's already a maphack out.

  2. conspiracy theory by everphilski · · Score: 1

    Anyone else notice the only picture thumbnail that worked in the article was the one with RMS?

    1. Re:conspiracy theory by winkydink · · Score: 2, Funny

      Um, perhaps you have your "all Stallman, all the time" filter on? All the thumbs work for me.

      --

      "I'd rather be a lightning rod than a seismometer." -Ken Kesey

    2. Re:conspiracy theory by everphilski · · Score: 1

      ok, now the first 2 work but the third one and on don't work ... they must be having intermittent problems or something

  3. Don't give in! by Anonymous Coward · · Score: 0

    Refuse and resist, comrades!

  4. His name is Xpl017Elz? by glen · · Score: 4, Funny

    Did he get confused when someone explained to him what a secure password is and you shouldn't use your name?

    1. Re:His name is Xpl017Elz? by jovius · · Score: 2, Insightful

      What's the problem with having a secure name then ?

    2. Re:His name is Xpl017Elz? by Labus · · Score: 0, Troll

      Sadly, the book has no further explanation of what the quoted sentence means, or how to use AdSense/AdWords if you are providing borderline adult-content. Good blog and job. My link for more!

    3. Re:His name is Xpl017Elz? by hclyff · · Score: 2, Funny

      Yeah, I wonder what were his parents smoking, giving him a name like this...

    4. Re:His name is Xpl017Elz? by Anonymous Coward · · Score: 0

      'Xpl017Elz' really does look like cyrillic transliteration of something that sounds like [hryupel], a word from Russian designating pig's snout while emphasising the sound that a pig blows: hryu-hryu, you know :) Specifically, 'l0' combination is a replacement for cyrillic 'yu' letter and '17' stands for cyrillic 'p', these replacements are common in computer games with latin-only alphabet for nicknames.

    5. Re:His name is Xpl017Elz? by BurningBridges · · Score: 1

      and there was me thinking it was leetspeak for "exploiter"...

    6. Re:His name is Xpl017Elz? by Anonymous Coward · · Score: 0

      Bilingual transliteration! He must be a genious!

    7. Re:His name is Xpl017Elz? by ediron2 · · Score: 1
      BurningBridges spake:

          And there was me thinking it was leetspeek for 'exploiter'
      I translated it into exploder. Thanks.

      BTW, what d'ya think of this thread's nimroddery and faux stupidity (I hope) on the presenter's nick being referenced in the first place. At first, it's funny, then it gets more and more strained and lame. Sort of like watching nerds struggling at chitchat ... (lightbulb comes on)... um, nevermind!
  5. What?! by hxftw · · Score: 1

    "It's not democracy." I'm from the US, what is this 'democracy' you speak of?

    --
    Just because an idea is popular doesn't make it right.
    1. Re:What?! by Anonymous Coward · · Score: 0

      Democracy is 2 wolves and 1 sheep voting on what to eat for dinner.

    2. Re:What?! by mrobinso · · Score: 0, Redundant

      No. Democracy is 2 wolves and 1 sheep voting on what to eat for dinner, and
      the sheep is carrying a legally registered .45 calibre handgun.

      --
      -- Karma whore? You betcha. --
  6. Wow, shitty submission, shitty editor. by Harik · · Score: 1

    "Hi, we're going to just cut-paste from the article like we always do except we have the reading comprehension of an american highschool football player and can't even pick paragraphs that make sense."

    Every day I'm reminded why I adblock and don't subscribe here. I can get URL Cut & Paste on IRC. And it's realtime.

    1. Re:Wow, shitty submission, shitty editor. by Anonymous Coward · · Score: 0

      It's Zonk! what do you expect, a good article?

  7. Re:Security researchers? by diersing · · Score: 1

    I think the context was more that Security Researchers refer to themselves as hackers. Hence relocating for better pay, if you're an internet-based criminal, you can do that pretty much anywhere.

  8. security researchers are not full disclosure anymo by Anonymous Coward · · Score: 0

    After dabbling in infosec, I realized that there was a trend
    not to release security bugs back to the community.

    When it comes to linux, is it not amazing the lack of new
    exploits lately? the lack of worms invading us, besides silly
    awstat cgi type worms?

    The people who can find the bugs and create an exploit
    have shut out the rest of us.

    I am quite glad they did. My job seems a lot easier when
    these bugs are known by people who won't abuse them. Criminals
    seem too dumb to make them and the occasional leak is quickly
    traced back to the doofus who shared it.

    the bar has been raised to hack a linux box. good for all of us.
    no more kids searching out the last 0day release and scanning
    the internet for people who did not patch.

  9. Re:hackers suck by brunascle · · Score: 2, Insightful
    Why don't these freaking hackers channel their obvious intelligence into something constructive rather than hacking our stuff?
    you mean, like, finding the holes in your stuff?
  10. Re:Security researchers? by Anonymous Coward · · Score: 0

    Who says they are getting paid? Wishful thinking...

  11. Re:Security researchers? by Vellmont · · Score: 3, Insightful


    Hacking into someone's network uninvited and posting some silly "hacked by" page is not security research.

    I missed the part of the article where this is discussed. Can you please point me to it?

    The article I read talks about someone who's created exploit code to get around a security measure developed by RedHat. I'm no expert at "ExecShield", but independently developing exploits to security measures sure sounds like Security Research to me.

    What you're describing sounds more like script kiddies. It'd be nice if you actually presented some evidence that these guys are actually just script kiddies and not just assuming it because of what I can only assume is personal bias.

    --
    AccountKiller
  12. Is Fedora Core by traveller604 · · Score: 1

    That insecure? What the hell?

  13. Not the first... by Duncan3 · · Score: 1

    Not the first... Not even the first publicized one.

    Not really a dupe article, hrm... maybe Wired writers can't read Korean ;)

    --
    - Adam L. Beberg - The Cosm Project - http://www.mithral.com/
  14. Oblig by $RANDOMLUSER · · Score: 0

    "In Korea, only old people go to Cons."

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  15. First Korean conference? More than Six years ago! by gessel · · Score: 2, Informative

    Trust Wired to get it wrong. The magic of subjective journalism. It is ironic that another /. article describes how the blogosphere is becoming recognized as unreliable.

    I was a speaker there in August 2000 at the First WorldWide Top Hackers Conference 'IS2K' in Seoul Korea at the Millennium Hotel. We spoke for several days and even got to meet Kim Hyong-O, the Member of the National Assembly.

  16. And in the room next door... by IcyNeko · · Score: 1

    Ragnarok Online-Con, where execs talk about how they got their user/ Credit card database hacked.

  17. ExecShield ? by smoker2 · · Score: 1
    Xpl017Elz's presentation focused on four (of a reported seven) attacks he developed against Red Hat's Fedora Core using ExecShield.
    So, does this attack actually use ExecShield to gain elevated privileges, or do the attacks succeed despite ExecShield ?


    According to Redhat:

    It is important to note that ExecShield can only reduce the risk and impact of buffer overflow type security issues. The presence of these technologies should never be seen as a substitute for applying security updates provided by the operating system vendors.and ExecShield does not offer protection for kernel security holes.
    But it seems badly spelled hacker isn't interested in telling Redhat about the supposed flaws in their software (if that is where the exploits are targeted).
    1. Re:ExecShield ? by Anonymous Coward · · Score: 0

      Telling Red Hat about bugs in their software has been proven useless, worthless and certainly a pain in the rear, despite most of it's employees are degree-powered zombies, they are still total clueless fools when it comes to solving these kind of issues, usually security related ones. And they reject existence of the bugs later also.

      Please, Red Hat zealots, stop the cult and get a real life with hookers and chainers.

  18. Red Hat Parasites by Anonymous Coward · · Score: 0
    Xpl017Elz's presentation focused on four (of a reported seven) attacks he developed against Red Hat's Fedora Core using ExecShield. He demonstrated privilege escalation, where a logged-in user can become root and take over the machine, and remote code execution, wherein an external attacker can gain root without a login.


    Ya just gotta love how Red Hat can take a perfectly good OS and slaughter it, and then have the gall to ask for money for a commercial version.

    I hereby declare all Red Hat users and customers complete fools.
  19. Hacking Solitaire by c0d3r · · Score: 1

    I found a bug in solitaire for windows 98 and earlier. When you flip the deck and undo 3 successive times it ends the game.

  20. criminals are not too dumb by Anonymous Coward · · Score: 0

    we just keep quiet about the rootkit on your system

  21. rero by Anonymous Coward · · Score: 0

    rero

    i r rorean racker

    kekeke ^_^

    i hax ur rerhrt

    HACKED BY ROREANS

  22. Power of Community by Anonymous Coward · · Score: 0

    I didn't see the url for the actual conference in the article, but I might have been skimming too fast.

    Just in case I really missed it:

    Power Of Community