Slashdot Mirror
"Fear and Flooding in Las Vegas"
Thanks to Brett Glass for pointing out his recent piece in Boardwatch. Very well written coverage about DEFCON 7, as well as the ethical side of hacking.
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
Be warned when reading this that Brett Glass is obsessively, fanatically opposed to the GPL. He used to be on the am-info ("Appraising Microsoft") mailing list, but he would turn every thread into a thread about the evils of the GPL and it became impossible to discuss anything else because everyone was talking about the absurd claims he was making.
Eventually I publically aired the suggestion that we ask the administrator to remove him from the list; he was removed a couple of weeks later, and the list returned to usefulness.
It's a pity, because he's clearly an intelligent and insightful thinker, but his crusade against the GPL is simply beyond all reason.
--
Xenu loves you!
Ok where to start on this *bad* piece.
IMHO, the stupidist line wasn't the 3 paragraph rant on smoke, or the admittion of taping a conversation w/out concent, but this:
" cDc may claim its beef is with Microsoft; however, users -- not Microsoft -- will be hurt as a result of Back Orifice."
If I was a CIO, and the techies came to me with 2 server choices (linux, NT) and I knew that BO2K was out there, I'd definatly stay away from NT! Or if I *had* any NT boxes ( I don't, but that's not the point), I would have them removed because of this. Thus hurting MS monitarily (no outrageous "upgrade" costs)
Also, wasn't the "ExplorZip" virus outbrake over 2 months ago?
-------------------------------------------------
"Even Prophets don't know everything"
Here's Jamie Love, who seems to be the main person from Ralph Nader's organisation driving discussion of Microsoft, announcing that he's created The Unofficial and unauthorized: Brett Glass is unhappy with the GNU General Public License (GPL) page. The discussion that follows is enlightening. To my knowledge, Brett never *did* create his own page representing his arguments.
--
Xenu loves you!
So, to begin, where is the future of cracking (hacking/whatever it is GC (geek chic) to call attempts to trespass into electronic information spaces and either gather or disrupt data) heading in the next century? The fact of the matter is that it is heading away from the majority of us. Computer security systems (real computer security systems) are becoming harder than even to break.
While movies like War Games inspired us all to crack to the launch mechanisms of the U.S. nuclear missile defense, those days are gone. Truly secure systems are only available for acces locally, while important national systems are better protected than ever by the crackers of yesteryear.
What this all leads up to is that the only people left will truly be able to wreak havoc are the government and big corporations. Only they have the computing power and the money to be able to work past strong defense systems.
And at the same time, I see this electronic power becoming more and more important. So what kind of future do we have to look forward to? Well, I believe that electronic terrorism (or government/corporate action, when it comes down to it, there is really little difference beyod perspective) will bring the world to a standstill. My question, is will that bring about a world like that seen in Rollerball (great movie) with Corporations splitting up the world between them, or a 1984 scenario with Big Brother becoming all powerful because all of our lives can be catalogued electronically.
When I think of conferences like DEF CON, I wonder if there purpose should not be to prevent futures like this. So while I am not in support a violently breaking the law, or causing others intentional hurt, I so long live the hackers and even the crackers, for they may be the only hope for a medium between two horrible futures.
14 digits of Pi are all we need.
The so called "journalist" who wrote this should take some english classes. First off, according to MLA format, quotes should be used when you are quoting something, not accentuating a point. (And yes, I am making fun of him with the "journalist" remark) /dev/null. I used to crack/hack/phreak and all that good stuff -- I almost got busted, and I quit and used my powers for good instead of evil. In that time I actually found the most dependable and trust worthy friends I've made in my lifetime. Mostly due to an us-against-them attitude. And for all of the drooling idiots that populated DEF CON, they have a good purpose. To make people realize that there are security problems, and that those drooling idiots can get into their systems. If you want security, don't connect your box to the internet. That is the only security. While this article is talking about how malicious these hackers are, and how they are just a bunch of ruffians who had no parents (ok, I'm improvising) to teach them any better he's missing the point of computer security and DEF CON. As long as there is a reason -- there will be someone doing it. And hackers do have a code of ethics -- the real ones, not in it for the chicks.
Ok, now that I feel better about that I can say what I think about him and the article. Most of his points were fairly
-= Making the world a better place =-
Dacels Jewelers can't be trusted.
OK, I'm going to be mean and this might cost me some karma points, but I've just got to say this:
1) Brett Glass pointed out *his own* article. That has to be some indicator of cluelessness and/or hubris.
2) He's a MORON. He obviously didn't use the DeMoronizer to fix up the Microsoft Stupid Quotes.
3) What's with the^H^H^H^H^H^H^H^H^H^H^H^H^H^I Love the Hair!
4) If you read what this guy posts on Infoworld.com, you'll see that he's generally clueless compared to everyone else there. He is a critic of open source, but not a very good one. I seem to remember him claiming that Red Hat didn't sell Linux because Linux was free. Red Hat sold bandwidth, because they could mail a CD to you for an effective data rate of 670 Megs per 24 hours for FedEx. Ummmm. Sure.
5) He described BO2K as a trojan horse program. Would he describe PC Anywhere the same way? How about an admin tool released from Microsoft? These are all the same kind of program, and can be used or misused in a wide variety of ways.
6) Brett obviously has no idea what obfuscated code is. He claims that BO2K could have trojans hidden in obfuscated code. Heee hee haw haw.
7) Linux is just as insecure as Windows? Poorly designed and rife with security holes? That's a joke. For goodness sakes, MS Excel has a whole flight simulator hidden away inside of it. Where is the easter egg inside the Linux kernel?
If tits were wings it'd be flying around.
I was at Defcon as a speaker, and
although *some* of the details of this
article were correct (eg great parties to which
windbags like Glass were not invited), overall this is a *horrible* piece on Defcon.
The CIH computer virus was found on
*copies* of the bo2k cd's distributed at
Defcon, not the originals, correct me if I'm wrong.
The idea that bo2k contains obfuscated
trojans is laughable, cosidering it's open
source. Leave it to Glass to connect the
dots... open source + GPL = plot to hide
backdoor. (?!) Brett... if you don't
trust the binaries, compile the source.
And if you don't trust the source,
then show us why... Maybe you
can contribute to some bugs that have already
been spotted and patched in bo2k.
Of course, this is probably asking
too much from someone that's proud to
amid to secretly tape-recording
comments at a post-conference party and
consiers his own 10-year-old phreaking
activities a passport to the underground.
"one cannot trust the group's output and must regard it as not only untrustworthy but dangerous. "
fear + ignorance = loathing, that's understandable, but I'm disappointed
that Hemos referred to it as "Very well
written coverage".
"Is this just useless, or is it expensive as well?"
I wasn't able to decide if the author was trying to make jabs at the OSS realm or not -- he dismissed the GPL aspect of BO2k with the "obfuscation" claim, missed every ramification of an open source BO except for the concern of the script kiddies about trojaned exploits.
(aside: Kiddies don't read source. The claim that BO might be obfuscated in the identifier/whitespace sense is bogus -- it would reduce the point of GPLness to a PR tactic which would be quickly noted and cDc would be reviled for it, more than they already are. Obfuscation in the code-structure sense would merely make it unmaintainable, not unusable or unmodifiable)
... and, to resume, he seemed generally to propose (especially with your quoted excerpt) that the darker side of security research is somehow wrong and misguided and should go away (gosh, someone should tell that to street hoodlums), and that open-spec/open-source/open-attack security is somehow a bad thing. He did get right the part about how there's no common code of ethics -- an attribute he might find is shared by many sectors of street criminals, marketing executives and politicians.
He mentions also that defcon's a party, which is true enough, but then forgets that fact for the rest while applying his lofty judgement to the various frivoloties. Defcon is supposed to be gross, overstated and stupid -- it's a party. It's not a particularly serious meeting of minds, in any sense, and interpreting it as such leads to all sorts of depressingly absurd conclusions, such as those found in this article.
Poor boardwatch. They've gone downhill.
There's a smear against the GPL in his article. As he says here, he needn't have named that license: he could have made it clear that his reservations applied to any system of code inspection. But, like I say...
--
Xenu loves you!
There are a number of groups trying to change this (such as UNESCO) but I suggest people take a look at the pledge campaign at the Student Pugwash USA web site (http://www.spusa.org/pugwash/) as the site has a stock of documents related to ethics and technology.
Brett Glass has a long history of being anti-GPL.
His arguments on the Infoworld Electric fora were thoroughly refuted and he hasn't been seen there for a while.
The gist of his opposition to the GPL is that it prevents people making money off software. Any attempt to disprove this (Look at Red Hat etc) met with personal abuse, denial, a change of subject, or silence.
I think the real reason is that his beloved FreeBSD is released under a licence he considers to be better, yet it's the GPL'd Linux which is running away with the press and the userbase.
--
Peter
I remember being interviewed by this guy at the post BO2K launch press conference. He was the one who was TOTALLY convinced that we MUST have hidden a backdoor in BO2K. "You can hide trojans in the source!" he said, over and over again. I tried to get him to tell me what HE would have us do to convince people that BO2K was not backdoored, but he didn't have any answers. He refused to acknowledge that making bo2k open source was anything but a massive conspiracy to make people THINK we hadn't put a backdoor into the code. Finally I said "well, if you're that worried about it, you don't have to use it. anybody who does can read the code"
He also JUMPED on the fact that I slipped and said "infected"... yeah, that MUST be a sign that I REALLY think bo2k is a virus, 'cuz otherwise - after correcting literally dozens of media who used that (incorrect) terminology - I wouldn't have made that slip EVEN ONCE. Never mind that even if BO2K were a purely malicious trojan horse (it's not any of those things) a machine still wouldn't be INFECTED with it, because it STILL wouldn't be a VIRUS.
Finally, I'm not sure where his whole theory about one of us secretly putting CIH on those CDs... why would ANY of us want to make cDc look that stupid? Has anything else we've ever done indicate that we operate that way? Clearly not, but just as clearly, this loser didn't pay much attention to how we do things, choosing instead to feature the conspiracies he chose to see before even talking to any of us.
This isn't reporting. It's paranoid ranting based on a weak, unsubstantiated, and indeed, already disproven version of the facts.
I mean, really. We fucked up and let somebody burn CDs from a machine infected with virii, and then we fucked up doubly by refusing to believe that could have happened. We admitted as much on cultdeadcow.com a couple weeks after defcon... If we could have possibly laid the blame anyplace besides our own slipups, don't you think we would have?
I wish everybody who read this column, Hemos, and everybody on slashdot, could have seen how consummately unprofessional this "reporter" was at the press conference he attended.
And no, we didn't invite him to our party.
- tf
The comment he made about the anti abortion site that told people the location of doctors willing to practise abortion is way off. AFAIK, Cult of the Dead Cow, does not update its pages with ips of hapless victims for people to pick on.. If they did, I would believe that would be wrong. However, they are not doing this. End of story.
I believe you missed a point..
9) He makes a point of saying hackers and crackers, but then goes on to use the two words interchangeably. If that is not an indication of cluelessness, I don't know what is.
~ Kish