"Fear and Flooding in Las Vegas"

Thanks to Brett Glass for pointing out his recent piece in Boardwatch. Very well written coverage about DEFCON 7, as well as the ethical side of hacking.

Beware: Brett Glass is an anti-GPL fanatic.

[Paul+Crowley]

Be warned when reading this that Brett Glass is obsessively, fanatically opposed to the GPL. He used to be on the am-info ("Appraising Microsoft") mailing list, but he would turn every thread into a thread about the evils of the GPL and it became impossible to discuss anything else because everyone was talking about the absurd claims he was making.

Eventually I publically aired the suggestion that we ask the administrator to remove him from the list; he was removed a couple of weeks later, and the list returned to usefulness.

It's a pity, because he's clearly an intelligent and insightful thinker, but his crusade against the GPL is simply beyond all reason.
--

The future of cracking

[TheBeginner]

I think that it is slight ironic how this article and the last go together to prove my point, which of course you do not know yet.

So, to begin, where is the future of cracking (hacking/whatever it is GC (geek chic) to call attempts to trespass into electronic information spaces and either gather or disrupt data) heading in the next century? The fact of the matter is that it is heading away from the majority of us. Computer security systems (real computer security systems) are becoming harder than even to break.

While movies like War Games inspired us all to crack to the launch mechanisms of the U.S. nuclear missile defense, those days are gone. Truly secure systems are only available for acces locally, while important national systems are better protected than ever by the crackers of yesteryear.

What this all leads up to is that the only people left will truly be able to wreak havoc are the government and big corporations. Only they have the computing power and the money to be able to work past strong defense systems.

And at the same time, I see this electronic power becoming more and more important. So what kind of future do we have to look forward to? Well, I believe that electronic terrorism (or government/corporate action, when it comes down to it, there is really little difference beyod perspective) will bring the world to a standstill. My question, is will that bring about a world like that seen in Rollerball (great movie) with Corporations splitting up the world between them, or a 1984 scenario with Big Brother becoming all powerful because all of our lives can be catalogued electronically.

When I think of conferences like DEF CON, I wonder if there purpose should not be to prevent futures like this. So while I am not in support a violently breaking the law, or causing others intentional hurt, I so long live the hackers and even the crackers, for they may be the only hope for a medium between two horrible futures.

Re:The future of cracking

[ryanr]

Computer security systems (real computer security systems) are becoming harder than even to break.

Not true. Real computer systems are becoming horribly more complex, and therefore have more holes. True, some of the low hanging fruit is gone, but I still see the same stupic mistakes being made all over the place, just usually not in the same place twice.

While movies like War Games inspired us all to crack to the launch mechanisms of the U.S. nuclear missile defense, those days are gone.

I disagree. We're seeing far more goverment sites broken into now than we have in the past.

Truly secure systems are only available for acces locally, while important national systems are better protected than ever by the crackers of yesteryear.

No, they're connecting them to the Internet as fast as they can. The level of clue relative to the number/ability of attackers is decreasing, not increasing.

What this all leads up to is that the only people left will truly be able to wreak havoc are the government and big corporations. Only they have the computing power and the money to be able to work past strong defense systems.

This would seem to demonstrate a lack of understaning about how hacking works. I only need lots of computing power to crack crypto. I can do any of the other hacking I need from a $299 PC. It's not about resources, it's about using your head. Resources never hurt, but they are certainly not required.

And at the same time, I see this electronic power becoming more and more important. So what kind of future do we have to look forward to? Well, I believe that electronic terrorism (or at/corporate action, when it comes down to it, there is really little difference beyod perspective) will bring the world to a standstill. My question, is will that bring about a world like that seen in rollerball (great movie) with Corporations splitting up the world between them, or a 1984 scenario with Big Brother becoming all powerful because all of our lives can be catalogued electronically.

If the corporations hold "the power" then they will be the victims of "terrorist attacks" rather than perpetrators, no?

When I think of conferences like DEF CON, I wonder if there purpose should not be to prevent futures like this. So while I am not in support a violently breaking the law, or causing others intentional hurt, I so long live the hackers and even the crackers, for they may be the only hope for a medium between two horrible futures.

The purpose is exchange of information, without regard to the intentions of those who receive it. The current game is very much "pay attention, or lose." The good guys can't find out without the bad guys knowing. So, be one of the good guys paying attention to what's being said.

Brett Glass is worse than clueless

[blue_adept]

I was at Defcon as a speaker, and
although *some* of the details of this
article were correct (eg great parties to which
windbags like Glass were not invited), overall this is a *horrible* piece on Defcon.

The CIH computer virus was found on
*copies* of the bo2k cd's distributed at
Defcon, not the originals, correct me if I'm wrong.

The idea that bo2k contains obfuscated
trojans is laughable, cosidering it's open
source. Leave it to Glass to connect the
dots... open source + GPL = plot to hide
backdoor. (?!) Brett... if you don't
trust the binaries, compile the source.
And if you don't trust the source,
then show us why... Maybe you
can contribute to some bugs that have already
been spotted and patched in bo2k.

Of course, this is probably asking
too much from someone that's proud to
amid to secretly tape-recording
comments at a post-conference party and
consiers his own 10-year-old phreaking
activities a passport to the underground.

"one cannot trust the group's output and must regard it as not only untrustworthy but dangerous. "

fear + ignorance = loathing, that's understandable, but I'm disappointed
that Hemos referred to it as "Very well
written coverage".

Re:THE TRUE MESSAGE OF DEF CON

[aqua]

Like much of that article, that bit seemed to be a mixture of journalistic cynicism, journalistic naivite and journalistic arrogance.

I wasn't able to decide if the author was trying to make jabs at the OSS realm or not -- he dismissed the GPL aspect of BO2k with the "obfuscation" claim, missed every ramification of an open source BO except for the concern of the script kiddies about trojaned exploits.

(aside: Kiddies don't read source. The claim that BO might be obfuscated in the identifier/whitespace sense is bogus -- it would reduce the point of GPLness to a PR tactic which would be quickly noted and cDc would be reviled for it, more than they already are. Obfuscation in the code-structure sense would merely make it unmaintainable, not unusable or unmodifiable)

... and, to resume, he seemed generally to propose (especially with your quoted excerpt) that the darker side of security research is somehow wrong and misguided and should go away (gosh, someone should tell that to street hoodlums), and that open-spec/open-source/open-attack security is somehow a bad thing. He did get right the part about how there's no common code of ethics -- an attribute he might find is shared by many sectors of street criminals, marketing executives and politicians.

He mentions also that defcon's a party, which is true enough, but then forgets that fact for the rest while applying his lofty judgement to the various frivoloties. Defcon is supposed to be gross, overstated and stupid -- it's a party. It's not a particularly serious meeting of minds, in any sense, and interpreting it as such leads to all sorts of depressingly absurd conclusions, such as those found in this article.

Poor boardwatch. They've gone downhill.