Slashdot Mirror

← Back to Stories (view on slashdot.org)

L0pht Heavy Industries in NY Times Magazine

Posted by Roblimo on from the hackers-crackers-whatever dept.

Billy Joe Bob writes "This Sunday's (10/03/99) New York Times Magazine features an article about L0pht Heavy Industries." Not a bad piece for a mainstream pub - good writeup about the personalities involved, how they work, etc. (free NYT reg. required to read.)

7 of 77 comments (clear)

  1. Re:Irresponsible? by Anonymous Coward · · Score: 3

    I think it would be preferable for L0pht to post a "Coming Soon..." article which identifies the vendor, product, and the general nature of the exploit, but stops short of providing full details. The complete details of the exploit could be sent to the vendor immediately and then added to the l0pht article after a warning period.

    This approach has a few nice effects: First, it gives L0pht full credit for the hack without immediately giving the script kiddies access to it. Second, it gives vendors a fighting chance to get fixes made. Third, it gives (astute) users of the product fair warning about the coming exploit allowing them to contact (pressure) the vendor.

  2. how does L0pht *afford* this? by dboyles · · Score: 3

    The warehouse brims with more than 200 computers ranging from state-of-the-art Sun and Digital workstations to nostalgia pieces like Commodore 64's and Apple IIe's. Black cables, yellow cables and jumbles of thin rainbow-colored wires drip from the ceiling, all jacked in to steel racks of oscilloscopes, radio transmitters, D.S.L. modems, I.S.D.N. modems, half-opened C.P.U.'s and a 50-foot roof antenna. The warehouse also contains several small-scale dummy computer networks.

    Where do they get their financial backing for all of this hardware/service/location? Maybe they get a little advertising money and sell a few shirts, but how about the rest of the money? Does L0pht do paid consulting, or what?

    That electicity bill must be through the roof.

    --
    -- "Complacency is a far more dangerous attitude than outrage." -Naomi Littlebear
  3. One funny sentences by Le+douanier · · Score: 3

    '"their only victims are the little people that are customers" -- the people who purchase products like Windows 2000.'

    Buying windows is already asking for being a victim.

    --
    "The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." Bill Gates,
  4. Irresponsible? by FooBarSmith · · Score: 3

    I know they are very big on their neutrality, but some of the attitudes seem irresponsible to me.

    "We were trained by the vendors to go public," says Mudge, "to give them a black eye."

    This was in relation to the coldfusion 'sploit. Not only did it give the vendors a black eye, but also a lot of customers who use coldfusion for whatever reason. They didn't deserve a black eye for it.

    Hypothetical:

    An ISP provided Coldfusion hosting for many high profile sites, these all got hacked due to this exploit and the ISP's reputation suffered. They went bust. Could happen. (Maybe it did?)

    Surely the responsible action would have been to notify Allaire of the exploit and warn them that they were posting it in a week? This would have given Allaire time to fix it and notify their customers. Allaire's reputation suffers a little & only the lazy / stupid customers are damaged.

    From comments later in the article it seems they may be heading in this direction. I hope they do.

    --
    stty erase ^H
  5. Or we all have the same registration :) by Carl · · Score: 3

    Almost all websites have some of the "standard" guest accounts. Here is a list I try first before creating another (bogus) account. Please try to create one of these guest accounts if they don't exist yet. That will save all of use al lot of time and frustration:

    username - password
    test - test
    testuser - testuser
    test_user - test_user (This one works on the NYT)
    test@user.org - test
    test@user.org - testuser
    cypherpunk - cypherpunk
    cyberpunk - cyberpunk

  6. U.S. Government not too Stupid. by Wah · · Score: 3

    "You are performing a valuable service to your country," (Fred) Thompson added, "and we appreciate that and want you to continue."

    (Ceck out IMDB if you don't know who Fred Thompson was, although they don't mention that he is now a Senator, go figure)

    Anyway, just a quick question. To me, it seems that the Hacker Ethic and Open Source Philosophy end up at the same place. The simple idea that information shared is worth more, intrinsically, than information hidden. Can an *expert* (self-appointed would qualify) show me how the two differ?


    --
    +&x
  7. Surprisingly good article by jht · · Score: 3

    You don't normally find articles that well-written on hacking in the "normal" press, so I'm pleased. The normal NY Times policy would be to have Markoff do a hatchet job.

    That said, I think that the computing world needs L0pht, and they need the CDC, for that matter. Hacking should be an above-ground activity, and the information returned should be to help others pursue their knowledge of the systems. L0pht goes out and finds information, then they make it free to all. That's the Right Thing. CDC makes tools to exploit the dumb things vendors do - the tools themselves are not good _or_ evil, but the users may be.

    The only negative that sometimes comes from the activities of these groups is the legions of script kiddies racing off to put their k00l d00dz signatures on websites before the holes get plugged. But on the other hand, the script kiddies will be therre regardless, and get in eventually, anyways - it's the Infinite Monkeys Theorem come to life.

    - -Josh Turiel

    --
    -- Josh Turiel
    "2. Do not eat iPod Shuffle."