Slashdot Mirror

← Back to Stories (view on slashdot.org)

Five Hackers Who Left a Mark on 2006

Posted by ScuttleMonkey on from the who-stole-the-spotlight dept.

espera un momento writes "eweek.com picks the five hackers who made a significant impact on security and vulnerability research in 2006. These are some interesting choices of the guys (and gal) who dominated the media headlines. The topics covered included Wi-Fi bugs, browser flaws and rootkits."

75 comments

  1. Yummie by jrwr00 · · Score: 1

    Mr. Mrooe sure knows how to makes some good bugs :)

    --
    WulframII - Free Online Mutiplayer 3D Tank Shooting Game
  2. No Americans In The List? by Anonymous Coward · · Score: 0

    A bad omen of things to come America.

    1. Re:No Americans In The List? by everett · · Score: 1

      400,000,000 / 6,000,000,000 ~ = 6/100 1/5

      Statistically it's not that big a deal.

      --
      Sig withheld to protect the innocent.
    2. Re:No Americans In The List? by D4rk+Fx · · Score: 1

      Correct statistical interpretation (July 2006 est): Population of the World: 6,525,170,264 Population of the United States: 298,444,215 Assuming everyone has an equal chance of being picked, (6,525,170,264 - 298,444,215)/6,525,170,264 ~= 95.4263% chance the first person is not from the US.... 95.4263%^5 ~= 79.1297% chance of no-one from the US being picked. It is statistically probable that no-one from the US is picked.

    3. Re:No Americans In The List? by Simon+Garlick · · Score: 1

      Thank you... thank you. For not saying "that big OF a deal".

      I @#$%^& hate that.

      --

      -----
      PGP Key ID 0xCB8FF658
    4. Re:No Americans In The List? by Anonymous Coward · · Score: 0

      I am pretty sure I am from America.

      David Maynor

    5. Re:No Americans In The List? by EXMSFT · · Score: 1

      Read it again.

    6. Re:No Americans In The List? by Anonymous Coward · · Score: 0

      um 4/5 are americans?

  3. Hackers? by lecithin · · Score: 4, Insightful

    Hackers - meaning people involved with information security.

    No, the real folks that really 'left their mark' in 2006 are yet unidentified.

    --
    It could be worse, it could be Monday.
    1. Re:Hackers? by necro2607 · · Score: 1

      "No, the real folks that really 'left their mark' in 2006 are yet unidentified."

      I was thinking something along the same lines.

      When I first started reading this headline I was pretty excited to hear some juicy hacking stories about some kind of "unlit silhouette with voice-masking" interview type of situation, with people sworn to secrecy about who the person actually is, because they engaged in some extremely illegal undercover corporate hack to obtain proprietary secrets from a competitor of the hiring corporation, or whatever.

      Too bad the actual article merely (mis-?)used the word "hacker" in a "security professional" sort of sense, as opposed to the interesting underground type of hacker the somewhat sensationalistic headline implied. Frankly I don't feel these people left much of a mark on 2006 - and like the parent post I'm replying to already said, the hackers who really left a mark will remain unknown...

    2. Re:Hackers? by multisync · · Score: 4, Insightful
      Too bad the actual article merely (mis-?)used the word "hacker" in a "security professional" sort of sense


      That's funny. I was impressed with the fact that e-week didn't (mis-?)use the word "hacker" in a "criminal whose crime is in some way (or possibly not) related to technology" sort of sense.
      --
      I don't care why you're posting AC
    3. Re:Hackers? by Anonymous Coward · · Score: 1, Funny

      Hans Reiser certainly "left a mark", and I guess you could call him a "hacker". But you can't prove it!

      http://geekz.co.uk/lovesraymond/archive/so-i-marri ed-a-kernel-programmer

  4. -1 by Anonymous Coward · · Score: 0

    It's like saying 2006 top 5 classified files. Not every hacker publishes his work.

  5. Ellch and Manor??? by gnasher719 · · Score: 1, Flamebait

    What effect exactly have these two had? Made serious security researchers ridiculous by showing a rigged demo of a supposed exploit that until today hasn't been reproduced by anyone?

  6. Re:Ellch and Manor??? RTFA! by someone1234 · · Score: 5, Informative

    From the article: "However, security researchers who understood the technical nature--and severity--of their findings, Ellch and Maynor were widely celebrated for their work, which was the trigger for the MoKB (Month of Kernel Bugs) project that launched with exploits for Wi-Fi driver vulnerabilities. Since the Black Hat talk, a slew of vendors--including Broadcom, D-Link, Toshiba and Apple--have shipped fixes for the same class of bugs identified by Ellch and Maynor, confirming the validity of their findings. " Look for 'Apple' and 'shipped fixes' in the text.

    --
    Patents Drive Free Software as Hurricanes Drive Construction Industry
  7. Re:Ellch and Manor??? RTFA! by MysticOne · · Score: 3, Insightful

    From what I understand, Apple performed an audit of their code and found a few bugs that could potentially be used to exploit a Mac in a similar fashion. However, I don't think such an exploit was ever demonstrated. I think it was a good thing that Apple performed the audit and fixed the problems, but that doesn't say that the "vulnerability" Ellch and Manor "demonstrated" was legitimate. Possible, yes, but still unconfirmed.

  8. double entendre by User+956 · · Score: 3, Funny

    Five Hackers Who Left a Mark on 2006

    Judging by the frequency with which most self-named Hackers change their undergarments, I'd be willing to bet that there are a lot more than five of them that have left a "mark" in the last year, if you know what I mean.

    --
    The theory of relativity doesn't work right in Arkansas.
  9. Enlightening, but not much Impact by genghis_1971 · · Score: 1

    How does discovering the Sony rootkit earn one the title of 'hacker'.

    1. Re:Enlightening, but not much Impact by Anonymous Coward · · Score: 0

      Exactly, moreover they forgot Holy_father, author of first wide spread rootkit - hxdef. Rumors - h_f died recently, btw.

    2. Re:Enlightening, but not much Impact by d3m0nCr4t · · Score: 1

      You're right. According to Sony the guy was a cracker for sure. :p

    3. Re:Enlightening, but not much Impact by Timesprout · · Score: 3, Insightful

      It doesn't. All the quality tools and books Mark has produced earned him that title.

      --
      Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
      What truth?
      There is no dupe
    4. Re:Enlightening, but not much Impact by Anonymous Coward · · Score: 0

      And now he works for microsoft. Say good-bye to Mr. Mark ever blowing the whistle on a corporation again.

    5. Re:Enlightening, but not much Impact by genghis_1971 · · Score: 1

      I see what he did was the antithesis of hacking, not that hacking has a definition any more. Apparently, writing books can earn you that title now.

  10. Re:Ellch and Manor??? RTFA! by someone1234 · · Score: 1

    The question was: "What effect exactly have these two had?" My answer was: "Apple shipped fixes." Good enough for me.

    --
    Patents Drive Free Software as Hurricanes Drive Construction Industry
  11. rootkits by Anonymous Coward · · Score: 0

    "and rootkits"

    Finally an award the Sony Execs can be proud of.

  12. no list of evil hackers by BrentRJones · · Score: 2, Insightful

    We will never know about the top evil hackers of the Internet, they will not leave a single fingerprint. All we will find is the results of their "exploits."

    --
    Help end the use of Sigs. Tomorrow
    1. Re:no list of evil hackers by Anonymous Coward · · Score: 0

      they will not leave a single fingerprint.

      That's not completely true... Have you ever heard of Locard's principle of exchange? It states that on a given crime scene (either in the real world or in the digital world) the perpetrator will take something from the scene and leave something of his behind.

      "Top evil hackers" may never be detected, but to believe that no evidence is ever left behind is rather naive.

    2. Re:no list of evil hackers by BrentRJones · · Score: 1

      In the real world, I believe it. But in the digital world it is possible to leave no traces but wiping the data clean and flushing the RAM and all the caches and well, maybe you have a point!

      --
      Help end the use of Sigs. Tomorrow
  13. An addendum by lightyear4 · · Score: 4, Insightful

    I think Dan Kaminsky deserves at least an honorable mention in this list. Russinovich broke the story -- Kaminsky drove it home. He's the guy who did some amazing research regarding Sony's rootkit and its spread. (Using dns cache to ferret out statistical data was ingenious.) Now, the rootkit debacle did indeed occur in 2005; however, he published his studies on the brink of the new year. This enabled (very successful) class action lawsuits to go forward against Sony in 2006 and undeniably helped educate the general public about drm nastiness.

    At the very least, Kaminsky is on my list.

  14. Easy! RMS, Linus, Theo, Steve by Anonymous Coward · · Score: 0

    Hackers? In the "old school" sense of the word?
    That's easy...
    Richard Stallman - GNU as well as being a stubborn free & rights "pusher"
    Linus Torvalds - Same as last year...Linux
    Theo de Raadt - everything must be in auditable source form, NO BLOBs!
    Steve Jobs? Well, maybe not...he's more marketer than hacker
    And finally, oh, I dunno... maybe Mark Shuttleworth?

  15. Re:Ellch and Manor??? RTFA! by Anonymous Coward · · Score: 0

    So these guys finds vulnerabilities in several companies (but not Apples) wifi drivers, the other companies fixed their drivers and Ellch and Manor was saluted for their security work. Apple also releases fixes for "other" issues but not this. On the day when Ellch and Manor where to demonstrate the issue they didn't choose a card with an actual vulnerability, instead they choose to jump on Apple and rig a security flaw in OS X.

    Is this the scenario you think happened?

  16. Wow, talk about missing some details by daveschroeder · · Score: 5, Insightful

    At the Black Hat Briefings in Las Vegas, Jon "Johnny Cache" Ellch teamed up with former SecureWorks researcher David Maynor to warn of exploitable flaws in wireless device drivers. The presentation triggered an outburst from the Mac faithful and an ugly disclosure spat that still hasn't been fully resolved.

    Um, yeah, because nearly all of the news coverage of the vulnerability didn't describe it as the general 802.11 vulnerability that it was, affecting multiple chipsets and drivers and multiple operating systems, including Windows, Mac OS X, and Linux; it described it, and indeed trumpeted it, as vulnerability that affected Apple MacBooks and Mac OS X, with most articles making at best a passing reference that it could affect other platforms, if they even said that. Stories ran under headlines like "MacBook hijacked in 30 seconds -- wirelessly", and made it appear to be exclusively an Apple problem.

    While this was made clear in their demo, they chose to demo on a MacBook with a third party wireless card whose identity was hidden - because of "responsible disclosure" - but then in the next breath tell Brian Krebs at the Washington Post that the MacBook's own integrated wireless is exploitable in the exact same way. How is that "responsible disclosure"? And to top it off, we have a SecureWorks "Senior Researcher" saying that he wants to fix Mac users' "smug" attitude about security (and this helps Mac OS X security in a meaningful way how?) and that many of these people apparently need lit cigarettes jammed into their eyes (to paraphrase). Even if said in jest or in fun, how is that professional? How does that do anything to better Mac OS X security?

    How would a change in "user attitude" change the actual security situation on Mac OS X? I don't see a change in user attitude changing anything. Many Windows users know, at least marginally, that they are the target of innumerable attacks and thousands of pieces of malware. How does that change in any meaningful way the security situation on Windows?

    More to the point: how does the press making a general and serious 802.11 vulnerability affecting numerous chipsets, drivers, and operating systems appear as only a MacBook problem serve a meaningful, or even truthful or accurate, security purpose?

    For Ellch and Maynor, the controversy offered a double-edged sword. In many ways, they were hung out to dry by Apple and SecureWorks, two companies that could not manage the disclosure process in a professional manner. In some corners of the blogosphere, they were unfairly maligned for mentioning that the Mac was vulnerable.

    No. They were maligned for saying they espoused "responsible disclosure", even carefully hiding the third party wireless card, but then saying that the MacBook's integrated wireless was vulnerable in the same way. NO OTHER AFFECTED VENDOR OR OS was treated that way. Only Apple.

    They were maligned for being party to a Washington Post article that made outrageous accusations, like alleging that Apple "leaned on" them to not show this exploit, when there is no proof of that whatsoever.

    They were maligned because after working with Apple engineers for almost a week at Black Hat, they could not provide any information directly to Apple on how, precisely, Apple's integrated drivers were vulnerable. Should they "do Apple's work for them"? No. But these weren't hobbyists. These were people presenting under the guise of an enterprise security company with responsible disclosure, and when you unleash a firestorm of bad PR on one and only one company's new flagship consumer portable, you'd better be prepared to have a little higher degree of interaction with that one vendor.

    However, security researchers who understood the technical nature--and severity--of their findings, Ellch and Maynor were widely celebrated for their work, which was the trigger for the MoKB (Month of Kernel Bugs) project that launched with exploits for Wi-Fi driver vulnerabilities.

    Yes. It was great that the

    1. Re:Wow, talk about missing some details by Anonymous Coward · · Score: 0

      ? And to top it off, we have a SecureWorks "Senior Researcher" saying that he wants to fix Mac users' "smug" attitude about security (and this helps Mac OS X security in a meaningful way how?) and that many of these people apparently need lit cigarettes jammed into their eyes (to paraphrase). Even if said in jest or in fun, how is that professional? How does that do anything to better Mac OS X security?

      I was reading an article about the soaring crime rate in Jamaica. One of the safety tips the article suggested was to be aware that there are dangers. Knowing that you may be robbed makes you that much less likely to be robbed. The same thing exists in the MacOSX world. Many of the Mac faithful believe that their systems are largely invulnerable to viruses and exploits because that's what the Mac ads said. Sure, MacOSX is not currently a worthwhile target because they are just not that many. As the userbase grows, however, it will be a target and it will be a BAD thing if all these users don't take appropriate precautions.

    2. Re:Wow, talk about missing some details by daveschroeder · · Score: 1

      Many of the Mac faithful believe that their systems are largely invulnerable to viruses and exploits because that's what the Mac ads said.

      But that's also mostly true.

      Sure, MacOSX is not currently a worthwhile target because they are just not that many.

      Ah, marketshare. This actually seems to be the 21st century version of the "Macs have no software" argument. After "Macs have no software" lost its steam (or people saw it as the crap that it was), the new thing is "Macs really are insecure - in fact, possibly horribly insecure - and the only reason you've been almost literally untouched for over five years is because your platform was so boring and your userbase so small."

      It is not only marketshare that protects the Mac platform. Sure, it doesn't hurt, and probably helps a great deal.

      As the userbase grows, however, it will be a target and it will be a BAD thing if all these users don't take appropriate precautions.

      Ok, now we get to the meat of the discussion. So, what precautions, exactly?

      if you're arguing that users should have, e.g., antivirus software instead of thinking that it's ok to run without because there are "no Mac viruses", or that pressure from an informed userbase will change a vendor's attitude and response to security, I guess I would agree (save for the fact that, to date, AV software on Mac OS X has literally done more harm than any malware has, with the 3 separate instances of false-positive problems doing anything from alarming users and having them do things like reinstall their OS when nothing is actually wrong, to actually quarantining critical pieces of the OS (like the swap file), thus crashing the computer and making people further believe that something is wrong or that they're "infected" when in fact they're not). Also, chances are, most things covered by MOAB wouldn't be covered by AV or anti-malware software anyway, so, from that perspective, how would changing a typical user's "attitude" help this situation?

      People thinking that the Mac platform is "more secure" (overall, correctly) is mostly a PR and marketing win for Apple. The only thing I see changing a user's "attitude" doing is getting people to reconsider their decision to perhaps switch to Mac OS X because they're fed up with all the spyware and malware they deal with on a daily basis on Windows. And, for whatever it's worth, I think that's unfair.

      Isn't the real issue how many people are *actually affected* by issues in the day to day, real-life use of their computer?

    3. Re:Wow, talk about missing some details by Anonymous Coward · · Score: 0

      Many of the Mac faithful believe that their systems are largely invulnerable to viruses and exploits because that's what the Mac ads said.

      But that's also mostly true.

      No, it's not true and that's what the exploit shows. There's a perception that they are invulnerable because there's just not that many exploits in the wild, but that's clearly false. They are vulnerable. Arguably not *as* vulnerable as a comparable Windows system, but vulnerable nonetheless.

      Ah, marketshare. This actually seems to be the 21st century version of the "Macs have no software" argument. After "Macs have no software" lost its steam (or people saw it as the crap that it was), the new thing is "Macs really are insecure - in fact, possibly horribly insecure - and the only reason you've been almost literally untouched for over five years is because your platform was so boring and your userbase so small."

      No, this is twisting my words and attacking a straw man. Small marketshare does not equate to lack of software. The fact that I can run X11 and OpenSource apps on MacOSX with a lot greater ease than on a comparable Windows system says a lot. There are only a few applications that most consumers need that don't have either equivalents or platform releases. But marketshare does contribute to how fast a virus propagates. There's a critical mass associated with epidemics and virus propagation. Too few and the incidences get caught within the first few systems. It's ridiculous to claim that userbase and marketshare is not important.

      Isn't the real issue how many people are *actually affected* by issues in the day to day, real-life use of their computer?

      Which is a preposterous statement giving your comments about marketshare. Sheesh.

    4. Re:Wow, talk about missing some details by Anonymous Coward · · Score: 0

      saying that he wants to fix Mac users' "smug" attitude about security (and this helps Mac OS X security in a meaningful way how?)

      Because every time someone finds a security issue in OS X we have the same outburst from the Mac users, mostly in the form of personal attacks on the submitter. You think anybody wants to report an issue in OS X in the future? Is it worth 10000 angry emails, including death threats.

      What isn't "great" is that for almost all ordinary people who read any of the coverage, all they saw was "MacBook hijacked in 30 seconds"

      Which was as I understand it true, and that was also the news. Where is the news of reporting about Windows, Solaris, Linux, OpenBSD or 802.11 security issues. The users of those technologies know they are vulnerable to attacks and take caution not to get hacked (Even home users with whatever knowledge they have). For years we have heard that it's next to impossible to take a Mac (It would be something like the mother of all hacks). Turns out the Mac had just the same issue as everybody else. Go figure. Maybe Apple (And the users) should tone down the talk about their non-hackable system, if they do the media will find something else to write about.

    5. Re:Wow, talk about missing some details by daveschroeder · · Score: 4, Insightful

      No, it's not true and that's what the exploit shows. There's a perception that they are invulnerable because there's just not that many exploits in the wild, but that's clearly false. They are vulnerable. Arguably not *as* vulnerable as a comparable Windows system, but vulnerable nonetheless.

      No, it is true. Security isn't just whether or not exploits can or do exist. Security is a much larger issue, which includes how often people in real-life, practical, day-to-day usage situations are actually affected by issues that cause compromises, data loss, recovery and remediation time, and so on. To date, Mac OS X has required virtually none of these, and asserting that it's only because of marketshare is false. This is also not "security through obscurity"; Mac OS X has been out for over five years, and has high market penetrations in "target rich" environments, such as academic, research, and other institutional settings. They do indeed receive scrutiny - no, not as much as Windows, and not as much as open source OSes such as Linux - but plenty of scrutiny nonetheless. These claims that the only or primary reason Mac OS X hasn't been significantly affected to date are only because of marketshare are bogus, not to mention unprovable.

      And this rtsp exploit doesn't "show" anything. There have been NUMEROUS other exploits that can affect Mac OS X (and Windows, and other OSes) in a similar way simply by just visiting a malicious web site. Some of these have been SPECIFICALLY targeted at Mac OS X, and have allowed arbitrary code execution simply by visiting a malicious web site. Are these vulnerabilities severe? Yes. Am I saying this is a good thing? No. I'm saying this is NOTHING NEW, and doesn't prove anything other than Mac OS X, like any other operating system or large software product, has bugs, some of which can be exploited as vulnerabilities. No sensible person claims otherwise. What matters is how Apple responds to the issue.

      No, this is twisting my words and attacking a straw man. Small marketshare does not equate to lack of software. [...]

      No, I'm not saying you said that, and not doing the strawman thing at all. What I'm saying is exactly what I said: that the "Macs have only been relatively trouble free because of low marketshare" is virtually identical to the "Macs have no software [presumably because so few people use them]" argument: they're both at the same time false and passively insulting, as well as untrue.

      But marketshare does contribute to how fast a virus propagates. There's a critical mass associated with epidemics and virus propagation. Too few and the incidences get caught within the first few systems. It's ridiculous to claim that userbase and marketshare is not important.

      Wow. I didn't. I said: "Sure, [low marketshare] doesn't hurt, and probably helps a great deal." Elsewhere, I have said the same thing. Marketshare is absolutely a great protector against the kind of critical mass it's relatively much easier to accomplish on Windows.

      But that is not the only thing that protects the platform! There are other factors as well, such as Mac OS X shipping in a reasonably secure state by default, and not providing facilities and vectors for spread of malware as easily and sometimes ridiculously as they have on Windows. Does this mean it's impossible on Mac OS X? Of course not.

      But I also take issue with this use of "from remote" in security nomenclature in general. There is a HUGE difference between a worm that spreads and/or owns machines completely remotely and externally, with no user interaction of any kind, and someone having to visit a malicious web site (and yes, I know there is precedent for inserting something into, say, advertising on popular sites). As we sit here and talk about this rtsp exploit, dozens (hundreds?) of affected Windows machines at my location alone are being cleaned up from the latest completely remote and automated Windows worm.

      Which is a preposterous statement giving your

    6. Re:Wow, talk about missing some details by daveschroeder · · Score: 1

      Because every time someone finds a security issue in OS X we have the same outburst from the Mac users, mostly in the form of personal attacks on the submitter. You think anybody wants to report an issue in OS X in the future? Is it worth 10000 angry emails, including death threats.

      This argument is bogus.

      People who don't sensationalize things don't get "10000 angry emails", and your death threat comment is laughable. No one's going to kill anyone for reporting a legitimate security vulnerability (and maybe - *gasp* - even doing it responsibly), and no, Mac "zealots" aren't "just that crazy".

      Which was as I understand it true, and that was also the news.

      Well, not really. It was only "true" with the third party wireless card, since that's all they were able to demo it with, yet all the news coverage made it look like any MacBook was instantly and easily remotely ownable, which is also false.

      Where is the news of reporting about Windows, Solaris, Linux, OpenBSD or 802.11 security issues. The users of those technologies know they are vulnerable to attacks and take caution not to get hacked (Even home users with whatever knowledge they have).

      No, that's not why there was no coverage. There was no coverage because Brian Krebs at the Washington Post is absolutely obsessed with "proving" that Mac OS X is "insecure" and his sensationalistic reporting was the beginning of the massive news coverage - initiated by his own coverage - that followed.

      For years we have heard that it's next to impossible to take a Mac (It would be something like the mother of all hacks). Turns out the Mac had just the same issue as everybody else. Go figure.

      I've never heard anyone worth listening to - including, and especially, Apple itself - say that Mac OS X is unhackable or invincible. And this news coverage wasn't highlighting the fact that, "Hey, this is a cross platform issue that also affects Macs," it was written with the sole purpose of conveying that Macs and Mac OS X are "insecure", that this was a huge and serious vulnerability (that, from the article and to almost all ordinary readers would appear to affect ONLY Apple), etc.

      But it sounds like you're ok with lopsided and unfair news coverage like that because of what you say below:

      Maybe Apple (And the users) should tone down the talk about their non-hackable system, if they do the media will find something else to write about.

      Considering Apple has never said or done this or made this claim, I don't know where this sort of statement comes from. When Apple has commercials like the Mac and the PC and the PC has a cold, that's perfectly fair advertising as far as I'm concerned: it is 100% accurate to say that Windows is generally plagued with massive amounts of viruses, spyware, and other malware, while Mac users generally never have to worry about anything like that at all - and that is 100% true, and has been for the over five years since Mac OS X has been out. If it's more important to you do teach people a "lesson" who enjoy using Mac OS X because it actually gives them less real problems in real-life usage situations, then more power to you, I guess.

    7. Re:Wow, talk about missing some details by Anonymous Coward · · Score: 0

      It is very easy to fill up you inbox with Apple user mail.

      Case mod

      How does "should be hung by my testicles and lit on fire" sound to you? Not very pleasant to me.

    8. Re:Wow, talk about missing some details by Anonymous Coward · · Score: 0

      It's because he claimed to have taken the latest, brand new Power Mac G5, that his parents allegedly gave him no less, and then, without care, gutted it to put in a PC motherboard, and seemed to have a nonchalant attitude about it all, saying things like:

      "It's a good thing my parents don't know anything about computers, because I*m sure they would be really angry if they knew what I did. I have to say that I'm happy - I can keep on using XP."

      "When I showed my friend, who happens to love Apple, he looked sick. He did not say anything to me. He just put his hands on his head and was in shock. I wish I had a picture of that."

      "I put all the parts from the G5 into a box and gave it to my friend."

      In short, he concocted this whole story specifically to get under someone's skin. He did this, and that's the result he wanted, and got.

      But in reality, he just got an extra G5 case that someone had as a service part. Why all the drama, trying to incite people, like he knew he was going to do? Don't try to make it sound like some innocent person got flooded by the evil throngs of Mac Fanbois. He made a bunch of statements designed to look offhanded and casual, like he didn't care he was totally destroying a brand new computer given to him by his parents just to put in a PC motherboard. That's why it got slashdotted and dugg and blogged about everywhere, and that's why his inbox filled up.

      In short, he got exactly what he hoped to get: a huge amount of attention. He could have just told the truth, which was that he happened upon an extra G5 case and decided to try to build a PC out of it. But that wouldn't have gotten him nearly as much attention.

      Nice job, though, finding something from two years ago, where a couple of marginal Mac user nobodies tell someone they should be hung by their testicles, while a SecureWorks "senior researcher" is saying Mac users need "lit cigarettes jammed into their eyes".

    9. Re:Wow, talk about missing some details by Anonymous Coward · · Score: 0

      Huh? You win the award for biggest dipshit of the day.

  17. HD-DVD guy? by sockonafish · · Score: 1

    What about the guy that cracked HD-DVD's encryption scheme? That's surely more significant than most of these, and it happened in 2006.

    1. Re:HD-DVD guy? by Junta · · Score: 1

      One, the act may have technically occurred in 2006, but has yet to leave a mark.

      Two, the stuff released so far is not interesting, the stuff released so far is simply "if you get the key, you can use this to decrypt", which is just a straight implementation of the public spec....

      --
      XML is like violence. If it doesn't solve the problem, use more.
  18. Hey! by CDarklock · · Score: 1

    Where's Kevin Mitnick?! It's a conspiracy!

    --
    Microsoft cheerleader, blue flag waving, you got a problem with that?
  19. I'm no historian... by Anonymous Coward · · Score: 0

    ...but doesn't Moore look like Al Capone?

  20. WOW! by Anonymous Coward · · Score: 0

    Who said hackers are nerds? They all look pretty slick. And that chick is yum!

  21. In the sub-category of "Best Comedy" by netbuzz · · Score: 3, Funny

    Let us not overlook the contributions of Lyger and Jericho at attrition.org, who brought us the tale of "The GPA Hack That Wasn't" ... not to mention those squirrel pictures. http://www.networkworld.com/community/?q=node/9999

  22. Re:Ellch and Manor??? RTFA! by gnasher719 · · Score: 1

    '' The question was: "What effect exactly have these two had?" My answer was: "Apple shipped fixes." Good enough for me. ''

    In that case, can we remove these two from the article, and replace their names with those of the unknown Apple engineers who went through the code and found whatever he found, to those who fixed the problem (probably the same ones), the unknown testers at Apple who made sure that the fix didn't break anything, and their manager who changed priorities to the wireless driver?

  23. Five Hackers Who Left a Mark on 2006 by TheLongestDay · · Score: 0, Redundant

    Paris Hilton not on the list!?

    1. Re: Five Hackers Who Left a Mark on 2006 by Anonymous Coward · · Score: 0

      "Paris Hilton not on the list!?"

      It said "Hackers", not "Hookers"...

  24. Ellch and Maynor are a joke. by DaggertipX · · Score: 2, Insightful

    Exactly, I can point at any OS and say "Hey, I bet there's a security issue there". I can also promise you that if a researcher with talent and skill looks at it, they will find one. This does not mean that I've found a vulnerability, only that I can state the obvious.
    Maynor and Ellch have lost all credibility as far as I, and many others, are concerned. They behaved in an irresponsible and unprofessional manner, and I don't think I'll be able to trust any information they release in the future because of this publicity grabbing stunt.
    If you want to work in this type of field, you can't make fantastic claims and then back out on providing proof if you want to be taken seriously.
    On a sidenote: I also think having them on this list is an insult to the others that are included.

  25. Microsoft lost with vista.... by Anonymous Coward · · Score: 1, Funny
    to a girl...
    Polish researcher Joanna Rutkowska also used the spotlight of the 2006 Black Hat Briefings to showcase new research into rootkits and stealthy malware. In a standing-room-only presentation, she dismantled the new driver-signing mechanism in Windows Vista to plant a rootkit on the operating system and also introduced the world to "Blue Pill," a virtual machine rootkit that remains "100 percent undetectable," even on Windows Vista x64 systems.
  26. Hackers by certel · · Score: 1

    I'm quite surprised that people can find as many exploits as they do.

    --
    [%] Cingular Ringtones
    1. Re:Hackers by pahoran · · Score: 1

      Then you've never been a programmer on a mid-to-large size project under the gun to deliver the software yesterday. And, by the way, YOU didn't set the deadline, your boss did.

      --
      I'd give my right arm to be ambidextrous.
  27. All I know is... by Billosaur · · Score: 3, Funny

    ...Joanna Rutkowska is the best looking of the five.

    --
    GetOuttaMySpace - The Anti-Social Network
    1. Re:All I know is... by Anonymous Coward · · Score: 0
      ...Joanna Rutkowska is the best looking of the five.


      Ehh.. that's not saying much. I work with a Phd in EE and a couple of mathematicians who make her look like dog food.
    2. Re:All I know is... by Deadplant · · Score: 1

      I concur.
      I would totally "hit that" as the kids say.

    3. Re:All I know is... by s7uar7 · · Score: 2, Funny

      Love the +1 Informative moderation :) Is that for people who have are browsing with Lynx?

    4. Re:All I know is... by drpimp · · Score: 1

      Speaking of hacking ... I wouldn't mind taking a crack at her box.

      --
      -- Brought to you by Carl's JR
    5. Re:All I know is... by hotdiggitydawg · · Score: 1

      First time I've seen a photo of Mark Russinovich. Anyone else think that photo bears more than a passing resemblance to Neo?

  28. Re:Ellch and Manor??? RTFA! by void+bear(void) · · Score: 2, Informative

    The poorly written code was in the Atheros driver, which was nothing to do with Apple, and indeed other platforms using the same hardware were also vulnerable.

    They still haven't clearly stated that a stock Airport Extreme setup is as vulnerable as shown, as they clearly used a usb wireless device for the demo.

    I would have more respect for these guys if they hadn't come out with the 'poke a lit cigarette in every Apple user's eye' comment which proved they had an axe to grind.

  29. Re:Ellch and Manor??? RTFA! by Anonymous Coward · · Score: 2, Interesting

    Unless I am mistaken both Maynor and Ellch said several times that the "eye" comment was changed by the reporter. They said at Defcon it was the actors in the commerical they were referring to,

  30. Good vs GREAT hacker??? by really? · · Score: 1

    Everybody know good hackers, nobody knows the great ones. Shrug.

    --

    "Consistency is contrary to nature, contrary to life. The only completely consistent people are the dead." A. Huxley
    1. Re:Good vs GREAT hacker??? by netriver · · Score: 1

      What is the Greatness of destruction or chaos ?
        Is the fall of the twin towers a great thing ?

    2. Re:Good vs GREAT hacker??? by really? · · Score: 1

      Just wanting to be unknown does not mean you are necessarily a black hat. Not everyone craves attention, some people do it - hacking - "because it's there".
      I have in the past - think Bitnet and e-mail addresses that!went!just!like!this - publicized stuff for friends who did not want/need the attention, but, who felt that knowledge had to be set free.

      --

      "Consistency is contrary to nature, contrary to life. The only completely consistent people are the dead." A. Huxley
  31. No big deal... by Anonymous Coward · · Score: 0

    Just wanted to wish you luck in your quest. Mine? "True Facts" -- Aargh, it wouldn't BE a fact if it weren't true...

    1. Re:No big deal... by Anonymous Coward · · Score: 0

      Nope. It can be a false fact.

      http://www.answers.com/fact&r=67

      2 c. Something believed to be true or real; a document laced with mistaken facts.

      "Fact" can basically mean that it is provable or demonstrable in some way. As opposed to an "opinion".

    2. Re:No big deal... by Anonymous Coward · · Score: 0
      Wow. I learned something today. Thanks. I guess I should be glad there's one less thing to rant about, opening up a spot of sunshine, as it were, in place of my little snit-cloud.

      BTW, I found the following a few lines down from your reference. It seems to address my needless maunderings.

      USAGE NOTE Fact has a long history of usage in the sense "allegation of fact," as in "This tract was distributed to thousands of American teachers, but the facts and the reasoning are wrong" (Albert Shanker). This practice has led to the introduction of the phrases true facts and real facts, as in The true facts of the case may never be known. These usages may occasion qualms among critics who insist that facts can only be true, but the usages are often useful for emphasis. Throwing in the towel... (apolgies for wandering so far OT)
  32. Ya right by thorkyl · · Score: 1

    A good one would not get caught
    I great on leaves no trace they where there

    --
    -- I am the NRA, enough said...
  33. Hal Turner by Anonymous Coward · · Score: 0

    Where's the Ebaum's World community on this list? We've really done a number on Hal Turner, this past december. We deserve to be recognised.

  34. It's how he found it... by Anonymous Coward · · Score: 1, Insightful

    > How does discovering the Sony rootkit earn one the title of 'hacker'.

    He found it with a rootkit detector he made on his own.

  35. Flame me, Mod me down, I dont care... by ancient_kings · · Score: 0

    this is one of the dumbest articles to be referenced on slashdot. Claiming these 5 "hackers" to left a mark while ignoring the real hackers (who cannot be named) is like going to Estonia to find the top 5 American football players while ignoring the entire North American continent. I'm very much dissappointed this got by you moderators. Quite sad. okay, now mod me down...

  36. H.D. Moore by silk600 · · Score: 1

    HD Moore was by far the biggest contributor to change in security in 2006, metasploit is a hugely influential tool, allowing anyone, regardless of ability, penetrate insecure systems. Use extends to good or evil, but it's definitely significant.