DEF CON 7.0 Begins, and NYT Coverage

← Back to Stories (view on slashdot.org)

DEF CON 7.0 Begins, and NYT Coverage

Posted by ryuzaki0 on Friday July 9, 1999 @01:38AM from the start-your-engines dept.

Slaab writes "The New York Times covers the upcoming DEF CON 7.0 hackers' conference in Las Vegas here. Notice, they are careful to make the correct distinction between "hackers" and "crackers". " If someone had told me two years ago that the NYT would be covering defcon seven, I would have laughed till I cried. It's a different world. The convention starts this evening.

15 of 129 comments (clear)

Min score:

Reason:

Sort:

Definition of a hacker. (and cracker) by goomba · 1999-07-08 23:07 · Score: 2

For countless decades college people have been
pulling off huge hacks of breaking into buildings and changing their entire look. Most notibly the building that looked like R2D2 this year at a college campus. Im sure you all saw this.

This is exactly the same as breaking into a web server and sticking different pages on the site, as we have all seen. And letting everyone notice it the next morning. There is no difference, they are both hacks pulled off by hackers.

Crackers are people who break codes. Be it cryptology, or copy protection on the latest software, or someones password. This does not include web site alterations and machine alterations (malicious or not.). The process of getting into the system is called the cracking, the process or altertering one from another with what tools and sources you have is called hacking.

End of story. People need to figure this out. And Slashdot readers are a bit behind on the definitions.
Re:Was this supposed to be a joke? by gavinhall · 1999-07-08 23:28 · Score: 2

Posted by Justin Cheung:

Did Eric Raymond really say that about Defcon? the "People who do real work don't bother with Defcon." statement? Maybe I've been missing something, but Defcon is a weekend conference, and "people who do real work" could take off a day or two to head down to LV to mix and mingle. As I recall, Bruce S. from Counterpane (of Blowfish lore) was an invited DefCon speaker a few years back, and I consider him as a person who does "real work". Persons involved in internet security usually find Defcon a great place to speak and talk about their topics of interest. So according to Eric Raymond, I don't "do real work" because I'm going to check out DefCon this year (a few days away from working on Waimea, which i consider to be real work). At first I thought I was wrong about Mr. Raymond.. After meeting him at a few conferences, he seemed like the kind of arrogant person who scoffs at people who don't recognize him or his contributions to the Open Source movement. As a person who admires his contributions, i have to be disappointed in his personality and character. For such a smart, intelligent person, Eric Raymond blows it by acting like a judgemental holier-than-thou jerk.
Interesting article on viruses by ChrisRijk · 1999-07-08 21:06 · Score: 2

Over at VNU Use rs slam anti-virus vendors' attack on Unix security. Basically, some people who sell anti-virus software made some interesting claims about virii on Unix. The article quotes 80,000 different virii for Windows (that few?), and 1 for Unix in the last 15 years.
Some people make arguments that the only reason for this is because Windows is more common/popular. Yeah... 80000x more common? I think not. Besides, there would be a certain presige in writing a Unix virus as they are so rare.
Dammit by NodeZero · 1999-07-08 21:09 · Score: 3

I wanted to go to defcon 7, but nooooo i gotta work (tech support).

user: "I cant clear my screen"

tech: "How are you trying?"

user: "I am turning it on and off"

tech: "*gets his gun*"

Need I say more? ;)

--
- "My name is Legion, for we are many" -Mark 5:9
Re:DefCon Underwater by J.+Pierpont · 1999-07-09 00:36 · Score: 2

But, shouldn't the class/method call be: user.switchTo("linux"); ? It would make sense that the switchTo method is something that the user class can do, and he would have any number of options at his disposal. Linux being one.

Anyhow...

-awc
Feds in Hunter Orange? by Jay · 1999-07-08 21:12 · Score: 2

How do they "Spot the Fed" anyway? Wouldnt the Fed probably just be a normal looking guy? I dont think they would send in a square-jawed, clean-shaven, charcoal-suit-wearin, earphone-listenin, ray-ban sportin guy/girl. (But I would wear that just to get a reaction :) )

--
You think emacs is evil?! You've never used VM's XEDIT have you?!! That's evil, baby!
Re:Was this supposed to be a joke? by kmj9907 · 1999-07-08 21:14 · Score: 2

Uh, I believe he was referring to the big real estate craze in florida during the time of the depression. Property sold like crazy at high rates and alot of people invested. Unfortunately, most of it was swamp (can you say Everglades? I dunno, coulda been) and alot of people lost alot of money.
Groucho Marx made a film (w/ his bros. I suppose, never saw it) making fun of these people, but at the same time he was investing (and losing money!).

kmj
The only reason I keep my ms-dos partition is so I can mount it like the b*tch it is.

--
kmj
The only reason I keep my ms-dos partition is so I can mount it like the b*tch it is.
DefCon Underwater by Mad+Browser · 1999-07-08 21:34 · Score: 3

Too bad Las Vegas is basically underwater right now...

Soggy crackers... mmmmmm....

--
RateVegas.com - Vegas Reviews
1. Re:DefCon Underwater by KrAphtd1nN3r · 1999-07-08 22:41 · Score: 2
  
  I think you made a mistake in your code!!
  It should be more like that!
  
  #define unstable 1
  
  const int nt = unstable;
  
  if(nt) { switchTo.linux(); }
  
  --
  "Code free or die!"
Some people need to learn what a virus is. by coug_ · 1999-07-08 21:34 · Score: 2

I was reading through CNet's News.Com site this morning, and decided to read an article titled "Windows NT virus feared." To my surprise, it was about Defcon 7.0, specifically about CdC's Back Orifice 2000. Tim Clark seems to think that Back Orifice 2000 is a virus *and* a trojan all at the same time. He even goes as far as comparing it to "Melissa" and "Worm.ExploreZip." This just seems to be the result of a lack of study and/or research on the subject.
- coug_
Re:Clueless by ethereal · 1999-07-09 22:51 · Score: 2

Well, if I wanted an undetectable remote-administration tool for an NT network, this sounds like a great tool. You pointed out attributes of BO2k: the user isn't alerted on boot or when the tool is running. These aren't necessarily bad things; it just depends on what you are using BO2k for. In some cases these would be features. The AC is right - this is a tool that can be used for good or evil. Using it for evil should be against the law, of course, but it is that attacker who is in the wrong, not the tools they use.

--
Your right to not believe: Americans United for Separation of Church and
Re:Was this supposed to be a joke? by ethereal · 1999-07-09 23:17 · Score: 2

There isn't anything to fix.

Well, for one thing anti-virus companies can probably come out with a detection method for BO2k more quickly if they have the source of the trojan available. This qualifies as a fix to me.
In the larger sense, maybe Microsoft can come up with some fixes to their security system so that an attacker can't run an invisible trojan like this in the first place, or at least can't make it so undetectable. In this case also, BO2k source code is going to help rather than hurt.
Back Orifice is a trojan that exploits the *user* not the OS as all trojans do.

Well, in a sense all trojans have to exploit the user, right? By definition a trojan is non-self-propagating; the user has take action before the trojan can run on a system, as opposed to a virus or worm which are proactive in acquiring system resources. BO2k also seems to be exploiting the OS in the sense that the OS allows it to be made undetectable (by the user).
I would like to see cDc members arrested and prosecuted for terrorism.

I'm not sure that cDc are terrorists any more than people who manufacture fertilizer, fuel oil, or big trucks, for example (at least in this particular case - I'm not an expert on their past history). People who use BO2k to break into systems that don't belong to them should definitely feel the full penalty of the law, of course.
But look at it this way - if cDc can write a trojan like this, then how do you know that a similar trojan doesn't already exist? If BO2k can do what they say it can on NT, then there's no way to be sure that other trojans aren't already doing the same things. I don't know that this is the case, but no one can prove that it isn't - remember, the security loophole that allows BO2k to run undetectably is already present; cDc didn't create it just so they could write BO2k. Hopefully all the coverage of BO2k will result in the quick release of security tools that will uncover it as well as other trojans of the same sort, and will also lead to Microsoft making some changes to their security model so that trojans like BO2k are less likely to run or are less likely to run undetectably.

--
Your right to not believe: Americans United for Separation of Church and
It is "crackers" actually. by Anonymous Coward · 1999-07-08 21:48 · Score: 2

Notice, they are careful to make the correct distinction between "hackers" and "crackers".
Well it doesn't seems so, as they say:
We are not trying to teach you to learn how to hack in a weekend, but what we are trying to do is create an environment where you can hang out with people from all different backgrounds. All of them interested in the same thing, computer security.
Underground+"computer security" equals pretty much crackers for me. Unless you are a cracker, "computer security" is rather boring (yes useful, necessary, but boring), and I can't imagine why people would meet for several days on this subject.
Ok this won't be the only subject, but then this is very present.
The texts, adds and links on the pages make that very clear, for instance, anyway:
Hacking, Cracking, Phreaking, Interviews, Speakers, Hacker Jepoardy, Hacker Death Match, Babes of DEF CON, HNC Goes Wild in Las Vegas, Capture the Flag, DEF CON Social Engineering Contest.... also Watch the Dark Tangent fight to the death in Hacker Death Match!!
But maybe I have missed the talk "The evolution of FreeBSD internals since 4.4BSD", in the program.
It never cease to amaze me, how crackers, or crackers-alike, continuously claim they are "hackers", now even pretending doing the "cracker/hacker" distinction correctly.
1. Re:It is "crackers" actually. by seanb · 1999-07-08 22:06 · Score: 2
  
  "Unless you are a cracker, "computer security" is rather boring (yes useful, necessary, but boring)"
  Actually, I find comp. security quite interesting. Then again, I'm one of those weirdos who likes studying things like the raw math behind crypto. I'm not a cracker, just a nerd/tweak/tinkerer/student/programmer with aspirations toward hackerdom.
Re:Was this supposed to be a joke? by ethereal · 1999-07-08 21:50 · Score: 2

That was sort of funny, but I think ESR has a little bit of a double standard going on here. This article doesn't mention it, but the source for Back Orifice is supposed to be released as well. If BO2k is open-sourced as promised, then not only will there be more chances to collaborate to make it more destructive, but there will also be more chances for security-minded administrators (and shouldn't they all be?) to fix their systems before they are attacked, rather than waiting on Microsoft to figure out what the exploit is and issue a fix.
Maybe ESR can argue that the effects of the BO2k release will be entirely negative (which I'm not sure I agree with), but he should be happy that at least the source is also going to be provided.

--
Your right to not believe: Americans United for Separation of Church and