Slashdot Mirror
Ask the Cult of the Dead Cow Anything
The Cult of the Dead Cow [cDc] is one of the best-known and oldest groups floating around in the murky world of computer security (on either side of the fence). cDc's best-publicized recent accomplishment is Back Orifice, a program that can be considered either an excellent NT remote sysadmin tool or a cracker's sneaky way into an NT-based network. But there's lots more to cDc than B.O. If you're not famliar with their history, check the cDc files before you post; they go all the way back to 1985. Please confine yourself to one question per post. Tuesday afternoon we'll forward the 10 - 15 questions deemed most interesting by Slashdot moderators and hangers-on to the Cult by e-mail. Answers will appear Friday.
Where do you get the cash and free time to do what you do?
Why is it that every l33t skr1pt k1ddy pretends that you guys are the uber-hacker and the rest of us (thoes who can REMEMBER back to some of the early t-files) just think you're a pack of insane people that should have been locked away years ago (screwdriver flippin my left testicle... it's hammer juggling!)
Hack me, Crack me, Make me bleed
a faster box would be all I need
I've read some articles recently about a new protocol in development which is meant to replace TCP/IP as the standard. If this new protocol is ever implemented, do you think that it will be more open to manipulation (ie. cracking) than TCP/IP because it hasn't had the years of testing that older, proven protocols have? Thanks.
As far as I know you are all considered hackers. Do you consider yourselves hackers or something else. If you consider yourself hackers, would you say that you are the ethical kind like the infamous Captain Crunch?
Is there any dominant OS that you use to hack?
All the major antivirus software now looks for and can remove BO(2K). Why don't they also look for and remove Carbon Copy, PC Anywhere, etc.? They all do the same thing. BO(2K) even does remote administration better, with more features, and in a smaller footprint than other RA utilities. This whole thing smells the attitude, "It's not what your software does or how well it does it... It's who you are and who you associate with." Besides, I dare to say that I trust cDc's software MORE than the proprietary stuff because the entire world is can look at the source. Any shenanigans spotted by anyone would be thrust into the spotlight and fixed in no time. CC/PC Anywhere may have back doors, etc., but I can never really know. Which would YOU trust more?
Why not some other animal?
I think that any such organization would just have to say: themselves :-)
Just curious... Did one or several of your members ever tried to sell some good information you snarfed from those foreign governments to DoD or the CIA or something? If yes, did you meet success? If yes, have you been paid and how much? Have you been beaten up by the Mossad, the SISMI, the GRU or whatever for that? Have you been beaten up by the CIA for that? Did they cut one of your testicles for each byte stolen? Do you recommend it to our young readers as first job? What is the best thing out there in world besides banana in hot chocolate? Thanks.
my question is...
What is the cDc's position on "hackers" generally associating themselves with online porn. I think the image portrayed by this prevents hackers from being taken seriously.
The price we pay for immortality... is death. Narnia The Great Fall
To the various illustrious(translation: I've worshipped you guys for the majority of my life) members of the Cult of the Dead Cow:
Moo.
That being said, I'd like to know what have been the most surprising events in the computer industry for you. Anything's fair game. What just came out of nowhere and knocked the Cult flat on its ass?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
A recent article (forgot the reference) characterized codc members as a bunch of social juveniles bound by no particular ideals, and lacking in both trust and personal respect for other members as well as the (cr|h)acker communities at-large. The evidence presented in the article however was limited to on-stage behavior and a virus of unknown-but-suspicious origin on a distributed CD. The codc archives paint an equally murky picture, depending on the reader's perspective.
So is there a codc code of ethics? Could such a thing ever be enforced?
Is the hacker code in general just marketing hype? Are the press correct in their refusal to differentiate cr from h?
how many times a day do you guys wack your cock and balls to gay pornos??????
You folks have been around for so long, surely you've seen the evolution of both terms. Are you quick to take a stand on misuse of either, or do you just take it all in stride? Some of the older security folks out there are damned sure that "hacking" is still purely malicious, and "Cracking" simply means breaking software registrations and the like. What do you feel each term represents these days?
-
"In the flesh, on the phone and in your account.... You shouldn't have called you know."
THIS IS PRE-ALPHA PRIVATE RELEASE CODE!!!
DO NOT USE IT UNLESS YOU ARE A DEVELOPER.
ALL IT DOES IS CRAS
Is there any dominant operating system that you hack?
You released B02K, which does essentially the same thing as microsoft's own software. Yours, however, is seen as a cracker tool, something you've railed against in the past.
If you didn't want it to be seen as a cracker's tool, why did you release it at defcon?
Let's face it - most people regard the cdc as a bunch of script-kiddies looking for some limelight. The BackOrifice software really made this worse, because it was seen, not as an admin tool, but as an application meant to propogate cracking. How does this make you feel? That is, what are your personal thoughts on the cult's activities and how do you think they should be viewed from the professional side of the industry?
please be honest
(1)boxers
(2)briefs
(3)panties
(4)thongs
(5)nothing
(6)orange
(7)Hemos the Hamster
I have noticed that you often promote BO as a "remote administration tool". How do you respond to allegations (mainly in the "popular" computer press) that it is potentially full of back doors, and therefore not suitable as such a tool?
"...Is this world not a call I can screen out" --
Join the cDc in BO2k development, join the programming. Open source, it owns you (next to the cOw of course) MOOOooooo, js
Thanks
Sosumi. just kidding. DONT!
Are you guys into necrophiliac bestiality or something? j.
"My cat's breath smells like cat food." - The Tao of Ralph Wiggum.
Is it my browser or Slashdot that's broken? Whenever I come to this page it's completely empty, saying 0 comments no matter what the threshold.
:)
Someone please forward that to CDC...
I use the best tools to GET THE JOB DONE. And BO works better than any of what you call the "real" remote administration apps out there.
Why shouldn't it be called an RA tool as well? It is, and a good one. What else that matters should weigh in the decision?
BTW, all the major antivirus software now detects and eliminates BO. Why don't they detect Carbon Copy, PC Anywhere, and its ilk and remove them? These programs and BO are all doing the same thing right?
Why a dead cow? :) Why not a hamster, or even a chicken?
kaniff -- Ralph Hart Jr
I heard of your work, though BO, and regard your group and others, including l0pht heavy ind, as a security group. However, I am left to wonder what tools you test your work with, and if you test your items on clean-installed copies of Windows (insert arbitrary version number here). It would go a long way towards deciding on running Win98 under the Bochs emulator just to secure it.
---
Spammed? Click here for free slack on how to fight it!
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
What kind of training did Oxblood Ruffian give to Blondie Wong, and why has he dissolved the alliance between the cDc and HKB?
If Mr. T and Jesse Ventura got in a fight, who'd win?
I forget what 8 was for.
Probably sounded cooler at the time. CDC is also the acronym for the Center of Disease Control which may have also been a factor.
Is it just irony that your acronym, CDC, is the same used for the federal agency, Centers for Disease Control?
-tell me your thougts about macintosh computers!
funny stories/anectotes or general opinion...
do you like macs?
why are there no apple-script based funny email viruses or BO type of software?
do you care about 'style' in computers OS's ? (i didn't say the mac had style, hahaaha ;)
thanks!
Corpses don't put up much of a fight...
RIP Mr. T.
Blar.
cDc, I am interested in where each of you began you learning of computers and coding (programming, hacking, etc), and how each of you became members of cDc. Do you have any books or URL's you suggest? Cheers, -- David
Hate to pick nits.. But 9.81 ms/s is 9.81 meters, which is a measure of distance, not acceleration..
Dear Cowsters, What do you envision as being the preeminent issue (problem, whatever) with regards to computer security (from the individual or corporate perspective) in the next 10 years? Merci
--
I am quite civilized, and I should be brought a beer immediately. -- Bruce Sterling
Are you guys VIRGINS????
When, oh when, will we have a *nix client for bo2k? Believe it or not, I would really like to use it productivly but I need to be able to access it from my linux workstation. VNC is ok but really doesnt cut it.
God Fucking Damnit
Cult of the Dead Cow. Bloody good name.
:-)
Just how did you come up with it?
You are the same decaying organic matter as the rest of us.
Do they reckon they'll cope with the slashdot effect? :)
First Post!?
How has the 'mission' and/or purpose of cDc changed as the years have passed, especially with the advent of pervasive internet connectivity and the 'death' of classic dial-up BBS's?
2. Have they increased thier dosage since then? ;)
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
do you guys hate first posts?
My first question is what does one question per post mean to you? I would also like to know why so many idiots posted nine questions per post in the John Carmack interview last week? And how does one question per post relate to open source in you latest devlopments? If you were told one question per post, how would post one question per post? When you are working on code, do you consider one question per post to be an effective measure of one question per post? Last week Microsoft announced that they add support for one question per post into Win2K? How does that effect you one question per post decision making? Also if there can be only one question per post what do you think of Linux?
3-4 years ago, I sent you a nice little t-file, fiction, called Stuffs, about a girl and her magical flying snack trays, and you said it would be released. Alas, you never did, though on follow up emails, you said the next release. Why? When?
p.s. anyone interested in some cDc reviews of t-files, check out www.etext.org/pub/Zines/BeyondLost (the url may be a bit differant, case sensitive and all)
when Push Comes to Shove
How would you define the implementation of security on the major OS today?
Windows95 / 98
Commercial Unix
Linux
FreeBSD
NT
Windows 2000 (NT5)
etc.
Forth makes me feel all funny sometimes, does it do the same to you? When can we expect to see a bo client for palmos written soley in forth? jerkcity? and finally Do you like Nutella? -An anonymous guy in philly with big, frizzy, thinning hair :)
I should note that I am not personally of the opinion that you might think from reading the above, but I would be interested in the response.
--
second post, bee-otch!
What movie or book best describes your ideal life and life goals?
World altering, personal evolution and getting the girl ala Fight Club or more focused on internal issues of understanding with something like Zen and the Art of Motorcycle Maintance... or something utterly else...?
Any plans to write a back door style program for Linux? or are you guys simply out to get just Microsoft?
God Damnit!
:)
Let me try this again in Plain old text
Forth makes me feel all funny sometimes, does it do the same to you?
When can we expect to see a bo client for palmos written soley in forth?
jerkcity?
and finally
You are all invited over after pumpcon.
-An anonymous guy in philly with big, frizzy, thinning hair
Sorry about that guys
There is an episode of South Park with cows worshipping a cow clock, and when it is removed by the people, the cows all jump off a cliff, now I've heard that refered to as the Cult of the Dead Cow episode, is it anything to do with cDc or are cults for dead cows just in fashion right now?
Any sufficiently advanced man is indistinguishable from God
My question is short, but French. I would like to know:
OU SONT LES BITCHEZ??!
Yeah, calling it that is a good joke, but do you honestly except anyone to BELIEVE it?
This might be a stupid question but i was wondering how you got the name the Cult of the Dead Cow?
Do you have any plans do market B.O. as a system management tool in the real/corporate world?
"I have no respect for a man who can only spell a word one way." - Mark Twain
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
How do you feel about the moron AC's who comment on slashdot saying: FIRST POST!
It's a common fact, the most useful tools, whether they are software or carpenter's tools, can be used for good or bad... netcat, bo2k, these are powerful tools, they have a legitimate purpose, but can be used for "black hat" activities. Should we ban hammers and screwdrivers? They are often used to attack people, and break into property. It is up to the user to decide his/her morals, not the coder. Hell, you're even given the full source code to it all, they've left nothing to hide. jayess
Why are you trying to help microsoft? Why hasn't B02k been released upon the world in virus fashion to destroy all existing microsoft software!!!!!
It seems crackers (stereotypically young WASP males not affiliated with violent ethnic gangs) are prime chicken meat when they are put in prison, so they would like to put the previously mentioned governments out of business, unless said crackers are frequently HIV-infected sexual masochists. Are they?
Seastead this.
Besides cDc being a major organization at the Defcon conventions, does cDc plan on hosting its own convention?