Posted by
ryuzaki0
on from the it-took-nine-months dept.
cnvogel wrote to us with the news that Phrack 55 has been released and is ready for download. It took a while, but it's worth the wait. Update: There's an HTML version of Phrack 55 here, and this is the Phrack main page.
I have read only up to the NT article. If you actually bothered to read it, you would see that its not exactly geared towards the skript kiddie.
As a matter of fact phrack has ALWAYS demeaned and derided skript kiddies. A quick peek at the flame-ridden, mean-spirited "Loopback" section will tell you this. Sure, maybe it smacks of hypocrisy to you, but the fact remains - it has never been an exhaustive "mini-cracking howto" for dummies.
I'm guessing when it comes to cracking, you have as much actual computing knowledge as a kiddie. Given that premise, I offer you a challenge.
I will put up an NT machine on the Internet, and using the NT article (and absolutely NO knowledge of NT or x86 assembler) you will crack it.
Sound fair?
And as far as "respectable" goes, where do you think 90% of the stuff from CERT comes from? Hint: it is not from "respectable" corporations like Microsoft who audit their own software. They have no incentive to reveal how bad or insecure their (closed) code is. It is not from "respectable" programmers (like me), who need to actually get their code working. Yes, it is not from skript kiddies either, but there is a happy medium, and that is the marginally sociopathic, intelligent, curious group of computer geeks who think cracking is fun.
You may not respect them, because they seem immature and at best amoral. You may not respect them because they do illegal things. You may not respect them simply because you dislike them, but the fact remains, THEY are the ones finding security problems with NT and Linux, not Microsoft, not Red Hat, and certainly not people like you (or even me) who find finding and writing cracks and exploits personally distasteful.
For all these reasons I submit that announcements like this DO belong on Slashdot.
As good as these are...
by
Millennium
·
· Score: 5
Slashdot really shouldn't post these release notices until the day after a release. Give the mirror sites and more dedicated users some time to get it before Slashdotting the servers.
Besides which, then a list of mirrors can be posted along with the notice, to help reduce the load. Honestly, Slashdot's popularity is a Good Thing, but that popularity gives us a certain responsibility not to overload servers unless it's necessary (i.e. Web servers which typically don't have mirrors).
Of course, if Microsoft owns the server in question, all bets are off. But I doubt that's the case here.
Phrack is underground magazine that started in the days of phreaking. Using different methods to bypass phone charges.
See the jargon file. "phreaking/freek'ing//n./ [from `phone phreak'] 1. The art and science of cracking the phone network (so as, for example, to make free long-distance calls). 2. By extension, security-cracking in any other context (especially, but not exclusively, on communications networks) (see cracking). "
Now adays, and in the old days phrack exposes new security holes, gives ideas about new directions to look for security holes (as in the last issue when they mentioned client apps should be invesitigated - over servers). They also have informative pieces about new and complicated technologies sometimes exposing the underlying system.
Phrack is almost always a difficult read, but new releases always mean more tools for script kiddies to run around with for a month or two.
Slashdot Mirror
I have read only up to the NT article. If you actually bothered to read it, you would see that its not exactly geared towards the skript kiddie.
As a matter of fact phrack has ALWAYS demeaned and derided skript kiddies. A quick peek at the flame-ridden, mean-spirited "Loopback" section will tell you this. Sure, maybe it smacks of hypocrisy to you, but the fact remains - it has never been an exhaustive "mini-cracking howto" for dummies.
I'm guessing when it comes to cracking, you have as much actual computing knowledge as a kiddie. Given that premise, I offer you a challenge.
I will put up an NT machine on the Internet, and using the NT article (and absolutely NO knowledge of NT or x86 assembler) you will crack it.
Sound fair?
And as far as "respectable" goes, where do you think 90% of the stuff from CERT comes from? Hint: it is not from "respectable" corporations like Microsoft who audit their own software. They have no incentive to reveal how bad or insecure their (closed) code is. It is not from "respectable" programmers (like me), who need to actually get their code working. Yes, it is not from skript kiddies either, but there is a happy medium, and that is the marginally sociopathic, intelligent, curious group of computer geeks who think cracking is fun.
You may not respect them, because they seem immature and at best amoral. You may not respect them because they do illegal things. You may not respect them simply because you dislike them, but the fact remains, THEY are the ones finding security problems with NT and Linux, not Microsoft, not Red Hat, and certainly not people like you (or even me) who find finding and writing cracks and exploits personally distasteful.
For all these reasons I submit that announcements like this DO belong on Slashdot.
Slashdot really shouldn't post these release notices until the day after a release. Give the mirror sites and more dedicated users some time to get it before Slashdotting the servers.
Besides which, then a list of mirrors can be posted along with the notice, to help reduce the load. Honestly, Slashdot's popularity is a Good Thing, but that popularity gives us a certain responsibility not to overload servers unless it's necessary (i.e. Web servers which typically don't have mirrors).
Of course, if Microsoft owns the server in question, all bets are off. But I doubt that's the case here.
Phrack is underground magazine that started in the days of phreaking. Using different methods to bypass phone charges.
/freek'ing/ /n./ [from `phone phreak'] 1. The art and science of cracking the phone network (so as, for example, to
See the jargon file. "phreaking
make free long-distance calls). 2. By extension, security-cracking in any other context (especially, but not exclusively, on
communications networks) (see cracking). "
Now adays, and in the old days phrack exposes new security holes, gives ideas about new directions to look for security holes (as in the last issue when they mentioned client apps should be invesitigated - over servers). They also have informative pieces about new and complicated technologies sometimes exposing the underlying system.
Phrack is almost always a difficult read, but new releases always mean more tools for script kiddies to run around with for a month or two.
Joseph Elwell.