Bizzare Answers from Cult of the Dead Cow

Monday's questions for the Cult of the Dead Cow ranged from serious-tech to silly. Various members of the Cult answered appropriately. Great stuff! One warning: if you are offended by strong language or are a hacker under 18, you should not read this Q&A session. The Cult is one of those groups the assorted nanny-censor programs try to keep away from deity-fearing, good-citizen, mass-average folks because they're commie anachist no-gooders. Or something like that. (And we like them that way!) Click below to learn why these people are A Danger to the Established Order(tm).

tdsanchez asks:
How has the 'mission' and/or purpose of cDc changed as the years have passed, especially with the advent of pervasive internet connectivity and the 'death' of classic dial-up BBS's?

cDc answers:

Obscure Images answers:
cDc's mission has never changed. We are still primarily motivated by the desire to dominate the world. I think that if anything, the growth of the internet has just been part of our plans for your tomorrow.

G. Ratte' answers:
The mission has never changed... it's always been about us trying to do cool stuff. The Internet has just made it easier to communicate and it's a lot less hassle than when you had to worry about how fresh your long distance codes were, back in the day. Call my dead BBS! Demon Roach Underground, 806/794-4362. 2400 baud! Apple II, baby!

Nighstalker answers:
The whole point of cDc is to communicate. While T-shirts and watches and BO2K are the glitz, the core of cDc is communicating to and with the world. The venerable T-File is the heart and soul of cDc and we will never abandon this most basic and venerable facet of the telecom/computer demimonde

Tweety Fish answers:
We are currently in the process of training our massive, highly secretive ninja army.

M1000 asks:
How would you define the implementation of security on the major OS today?

• Windows95 / 98
• Commercial Unix
• Linux
• FreeBSD
• NT
• Windows 2000 (NT5)
• etc.

cDc answers:

Nighstalker answers:BR> If it's from MS, the security is crap. everything else is better by comparison. Linux is pretty good if you're a Linux guru. Same thing with any other flavor of UNIX. But no matter how good you are, there's someone out there who is better than you.

"The price of secure connectivity is eternal vigilance!"
--
DilDog answers:

• Windows95 / 98 - Shit happens
• Commercial Unix - Shit happens over RPC.
• Linux - When shit happens, you fix it.
• FreeBSD - Shit would happen, but there's no driver for it yet.
• NT - Shit wouldn't happen if you'd just spend a few months performing 300+ modifications to our default installation, you lazy sysadmin. Get your MCSE.
• Windows 2000 (NT5) - Shit happens over DCOM.

--
Tweety Fish answers:
Except for Window95/98, which I would characterize as sucking ass across the board, there's no simple answer to that question. All of those operating systems are (resonably) securable, in theory, but if you want to make the job of securing a box easier, why not run OpenBSD?

xmedar asks:
There is an episode of South Park with cows worshipping a cow clock, and when it is removed by the people, the cows all jump off a cliff, now I've heard that refered to as the Cult of the Dead Cow episode, is it anything to do with cDc or are cults for dead cows just in fashion right now?

cDc answers:

Obscure Images answers:
We would like to believe that we were inspirational to the creators of South Park, but we will defer to the obviously natural call of bovinity.
--
Reid Fleming answers:
Our lawyers will not permit us to comment upon the episode in question.
--
G. Ratte' answers:
Sure. I hear the next round of Calvin Klein ads will feature Kate Moss munching a big greasy cheeseburger as Kari Wuhrer cleaves an axe through a cow's head. And a roomful of Italian boys with no chest hair look on in quiet desperation. It's a scene straight from one of our industry convention parties.
-- Nighstalker answers:
The universe is a chaotic system. If Ratte had been screwing around in a sewage treatment plant, rather than an abandoned slaughterhouse, we cound have been called the Cult of Recycled Shit. That the guys from South Park had cult of suicidal cows may be our fault. maybe not.
--
Tequila Willy answers:
I know this episode well, and I've spent a lot of time studying the various interpretations of this episode. Though the Cult of the Dead Cow interpretation is a very plausible and popular connection to make, there is another very plausible interpretation that I think you will find interesting. The hands on the clock are metaphors for the phallus. The removal of the clock represents castration. The removal of the phallus limits sexual options and limited options are bad. The cows demonstrate their adherence to their principle of "maximum freedom or death" by jumping off the cliff. You might ask yourself, xmedar, whether you have any principles that you would be willing to die for.
--
Tweety Fish answers:
TV writers (comedy writers especially) tend to be unrepentant fanboys with computers and tight deadlines... you decide.

Effugas asks:
To the various illustrious(translation: I've worshipped you guys for the majority of my life) members of the Cult of the Dead Cow:

Moo.

That being said, I'd like to know what have been the most surprising events in the computer industry for you. Anything's fair game. What just came out of nowhere and knocked the Cult flat on its ass?

cDc answers:

Obscure Images answers:
We haven't been knocked on our asses yet by anything that has happened in the computer industry. We're great at believing that whatever we see is directly caused by our underground efforts. We would be knocked on our ass if we didn't believe that. Oh yeah, Linus Torvalds is a cDc simulacra unit.
--
Reid Fleming answers:
www.realdoll.com
www.jerkcity.com
--
GA Ellsworth answers:
http://www2.promisekeepers.org/
--
G. Ratte' answers:
I'm mostly surprised by what hasn't happened. I thought floppy disks would get bigger and bigger 'til they became a 3-foot square, and you'd use 'em for kites when they went bad. I thought for sure bubble memory was going to take off, and pen-based OSes would rule the industry, and I'd have an Amiga clipboard computer running MS's BOB right now. It should have been Atari, not Microsoft.
--
Nighstalker answers:
Cheap powerful computers. Looking at the list prices of all my Commodore 128 gear shows me that the whole system cost more than a new iMac. Also, PDAs are pretty surprising, how they just suddenly seem to be everywhere.
--
White Knight answers:
What surprised me most about the computer industry is how much less attractive Kiki Stockhammer is in person.
--
Tweety Fish answers:
You know they got these things now that can take a picture and put it on the screen thingy? That's so cool!

sinatra asks:
A recent article (forgot the reference) characterized codc members as a bunch of social juveniles bound by no particular ideals, and lacking in both trust and personal respect for other members as well as the (cr|h)acker communities at-large. The evidence presented in the article however was limited to on-stage behavior and a virus of unknown-but-suspicious origin on a distributed CD. The codc archives paint an equally murky picture, depending on the reader's perspective.

So is there a codc code of ethics? Could such a thing ever be enforced?

cDc answers:

Obscure Images answers:
I can't answer for everyone, but I will say that I am a moral relativist. I think that the morality of an act is dependent on the context of that action. As for a cDc as a group, we are a very close knit group, very nearly a family, and to think that there would be someone amongst us who would turn on us is an absurdity. The article in question was written by a well known fool who would fit in better at a meeting of the John Birch S ociety than a computer convention.
--
Reid Fleming answers:
No and no.
--
G. Ratte' answers:
Lacking in trust and personal respect? I wish I knew the article you're referring to, 'cause those are some pretty strange assumptions. But that's funny, that's interesting. We're the kids the newspapers used to write about being diagnosed with "Pac-Man elbow." We're the kids with the sore thumbs from Atari joysticks playing "Combat" through our adolescence. We're the first generation to grow up hearing a modem squeal every day after school. So if there's any lack of trust and respect for the (cr/h)acker community, it's self-loathing and it's all in the family. Familiarity breeds contempt. The only ethic is to not be, uh, k-lame. Spreading viruses is not good.
--
Nighstalker answers:
I read that article. The author is an ignorant twat.

For what it's worth, I trust my very life with any cDc member. I trust them implicitly.

I suspect that cDc individually and as a group is far more ethical than Microsoft. Anyone emails me, they get an answer directly from me, not some flack from marketing.
--
Tequila Willy answers:
Dear Sinatra,
Who's codc? I've never heard of them.
--
Tweety Fish answers:
The nice thing about cDc is we're all cool enough, and all moral enough, that there really is no need for us to enforce much of anything. Personally, I'm constantly entertained by everything every other cDc member ever does, and I'd much rather have that than the 1700 page cDc Moral Guide.

Incidentally, the author of that article also thinks that Richard Stallman should be arrested and charged with monopolistic practices, so, you know, you shouldn't believe everything you read.

[bog-oh] asks:
You folks have been around for so long, surely you've seen the evolution of both terms. Are you quick to take a stand on misuse of either, or do you just take it all in stride? Some of the older security folks out there are damned sure that "hacking" is still purely malicious, and "Cracking" simply means breaking software registrations and the like. What do you feel each term represents these days?

cDc answers:

Obscure Images answers:
We would like to take a stand on this nonsense once and for all. We are of the firm opinon that the qualification for being a hacker is not something that can be stated on clear moral grounds. As far as we are concerned, crackers are something you eat.
--
Reid Fleming answers:
The term "cracker" is divisive, insulting, and should be considered inappropriate in mixed company. Same for "honky" and "caucasian".

"Hacker" on the other hand, is perfectly fine for most social situations. As in: "Hey, you! Hacker! Suck my dick!"
--
G. Ratte' answers:
Personally, I never use the term "hacking"... it's all just messing around to me, and some of it could get you into trouble. Whatever. "Cracking" means removing software protection, and a "cracker" is a white boy. I don't know when people starting fussing over the terms and using "cracking" to mean system intrusions, but I think it all carries the stench of journalist-invented nonsense. Same with all that "white/black hat" crap. Nobody in this situation uses those terms, and they readily identify the user as an outsider.
--
Tequila Willy answers:
Dear Bog-Oh,

Your sensitivity is to be applauded in these times largely characterized by egocentric thinking. I appreciate that you've taken the time to ask me what I *feel* about these terms. I feel good about what each term represents. Thank you for asking.
--
Tweety Fish answers:
A cracker is somebody who cracks warez, and/or a pejorative term for a white person. Any other meaning is never going to catch on in the media, nor with the old school. It's just too complicated to remember the distinction all the time. The people who are hackers by anybody's definition have done some... uh... mischevious things in their time; it's part of the nature of the beast. To say that "a real hacker would never break into a computer system" indicates - to me - a lack of understanding of the original meaning of the word. Of course a real hacker would break into a computer system, if it was an interesting enough problem and they didn't anticipate anybody having a problem with it. I agree that the media should widen it's definition of what a hacker is, but that's not the argument I usually see, especially here on slashdot. I see a lot more of "they aren't a real hacker, because they break into systems and/or do security stuff", which is plain silly.

Personally, I refer to people by whatever term they would like me to use, unless I don't like them.

Besides which, if you are doing something unexpected, unforseen, or disallowed to any system (which is my pocket definition of hacking) somebody is always going to think it's bad, until you laboriously convince them otherwise, on a case by case basis.

Why get caught up in semantic arguments when you could be doing cool things and get noticed for THAT, instead?

phray01 asks:
please be honest

• (1)boxers
• (2)briefs
• (3)panties
• (4)thongs
• (5)nothing
• (6)orange
• (7)Hemos the Hamster

cDc answers:

Obscure Images answers:
All of the above, though not necessarily at the same time.
--
Reid Fleming answers:
sacred vestments
--
GA Ellsworth answers:
Boxers for me..
--
G. Ratte' answers:
I refuse to answer this question, as I don't want to encourage your gross masturbatory fantasies. What I choose to cover my massive, pulsating tool swinging handily between my taut legs is my business, and my business only. What should the touch of soft fabric brushing the tender head of my otherwise steely rod matter to the likes of you? Disgusting!
--
Nighstalker answers:
Sheer to the waist black seamed pantyhose for formal affairs.
--
DilDog answers:
All of the above.
--
Tequila Willy answers:
Dear phray01,

The etiquette in this case actually depends upon whether you were east or west of the Mississippi when this unfortunate accident occurred. East of the Mississippi, the gas station attendant should remove the dog's head from your windshield wipers when cleaning the windshield. However, please be prepared to tip for this service. West of the Mississippi, it is usually considered bad manners to expect gas station attendants to remove any animal bits that have been wedged in your car parts. Thank you for asking.
--
Tweety Fish answers:
I actually try not to wear any slashdot operators that close to my skin. Makes my pants look funny.

Foogle asks:
Let's face it - most people regard the cdc as a bunch of script-kiddies looking for some limelight. The BackOrifice software really made this worse, because it was seen, not as an admin tool, but as an application meant to propogate cracking. How does this make you feel? That is, what are your personal thoughts on the cult's activities and how do you think they should be viewed from the professional side of the industry?

cDc answers:

Obscure Images answers:
cDc is not a group of script kiddies. We are united in our interest to hack the world, be it though computers, words, images, sounds, politics, money, or sex. Those who consider us to be script kiddies ought to shut the fuck up and write their own tools. Using tools doesn't make someone a script kiddie, what makes a script kiddie is the use of other people's tools to accomplish things they have no interest in understanding. It is understandable for professionals to be concerned with our reputations, but that is why we've been completely open with our tools. We have software that can be used as very effective tools.
--
Reid Fleming answers:
Most professionals get it. The trojan horse problem was considered to be low priority a year ago. Things have changed as a direct result of Back Orifice and Netbus.

(By the way, you ever notice that sometimes journalists turn to Russ Cooper for an "independent" perspective on Microsoft? And you ever notice how often he agrees with the Microsoft position?)
--
G. Ratte' answers:
It's somewhat frustrating when something a lot of effort has gone into is totally misunderstood by so many people. A lot of people seem to have an aversion to the big picture and how BO fits into a larger whole. As for 'the industry,' . Rah rah venture capital, rah rah IPO. "We've got this great new site, Hats4Cats.com, a brave new world of headgear for our feline friends! We're seeking the perfect partners to get this off the ground right, and if you'll just look over this media kit at your leisure after the convention, we'll have someone call you in the next few days about some great opportunities!" That's 'the industry.' 'The industry' can kiss our collective cDc ass.
--
Nighstalker answers:
Most people couldn't plug in new RAM to their machines or install an application with the aid of an installation wizard. More so for the people that write about the digital underground who are not a part of the digital underground.

BO was released to show up the miserable security of Windows, in the hope that MS would do something other than issue press releases and that users would be made aware of the pitiful security on their machines, particularly when connected to the Internet. BO2K was released in response to the pleas of countless IT professionals who needed a powerful admin tool. --
DilDog answers:
I don't feel one way or the other about it. I write code to fill a void whenever I find I need something that doesn't exist. Hence, BO2K.

What Linux is to Commercial Unix, BO2K is to Commercial remote admin tools. I mean, what kind of sick and twisted hax0r would want to use FREE and POWERFUL software without having to pay out of their ass for it.
--
Tequila Willy answers:
Dear Foogle,
Thank you for being concerned about my feelings. However, I disagree with the metaphysical assumptions of your first question. I believe I choose how I feel and that the reaction of "most people" cannot make me feel any particular way. That being said, your second question seems more appropriate. The Cult of the Dead Cow should be viewed as what they are, namely, experts in global domination.
--
Tweety Fish answers:
So the technical definition of Script Kiddie is one who uses pre-made scripts or tools to hack sites, instead of developing their own tools.. by that definition, how could we possibly be script kiddies?

In the larger sense of BO2K being an application meant to propagate cracking, yes, that might happen, but the way we're doing it does serious work to raise awareness of these issues. I think we're perfectly aware that this can be hard to understand, and we're perfectly willing to keep hammering our message home until people start to get it, and start working to fix these problems.

An_onymous Coward asks:
First of all I've got to say I think cdc is pretty damn cool. I was digging their .txts since I got my first dialup shell account long ago. Now, with you guys being so security minded and all, there's only one question I could think of for you: If you were to build your ideal network, with telnet, ssh, www, ftp, pop3, smtp, file & printer sharing, bind, etc... what would be your ideal configuration to maximize security? Please be specific about Network OSs, routers, network policies, protocols, filesystems, permissions, daemons, firewall rules, and anything else that comes to mind.

cDc answers:

Reid Fleming answers:
Dedicated fiber lines in a star configuration. Ultra low tramissions, only a few quanta, to foil optical taps. One-time pad encryption for each packet. All plaintext messages composed in an alien language unknown to anyone but the participants. The actual content of the messages being hidden in subliminal channels too sensitive to be mentioned here.
--
DilDog answers:
For cryin' out loud. My ideal network doesn't have half of that crap running. It can all be done with DCOM and HTTP. Just kidding!

I -know- this is a Linux crowd, but I'm tellin' ya, take a look at OpenBSD for PROACTIVE security when it comes to that mission critical firewall box, network monitor, webserver, etc.
--
Tequila Willy answers:
Dear onymous Coward,

First, thank you for your compliments. However I am left wondering how many of our text files you have actually read. All of your questions have already been addressed in detail in our text file, Wet Mount Slide.
--
Tweety Fish answers:
DUD3 Y3R TRY1N T0 B3 4LL SN34KY 4N' S0C1AL 3N1N33R US AN' SH1T A1N'T Y000? B3TT3R US3 NM4P INST3D!@$#!@%

If you want a genuine answer to that question, I'm sure the l0pht would be able to answer it as specifically as you need for a small fee.

Freshman asks:
Since BO is/was a big deal, I'm wondering what kind of companies have tried to contact you and what they had to say. Did Microsoft ever give you guys a buzz? The DoD maybe? CIA? If so, what did they have to say?

cDc answers:

Tweety Fish answers:
We've been in constant communication with the CIA, NSA, and MOSSAD to make sure that the government-specific backdoors built into BO2K meet their tough standards for EoE (Ease of Eavesdropping).. we value the contributions the US and other governments have made to these products, and look forward to working much much more with them in the future.

Microsoft hates us, I think.

rikek asks:
I've always wondered... what does a group that produces "script kiddie material" (no offense intended, it's inevitable whether you want it or not) feel about their work? Every now and then I'm plagued by contact with an "3R33+ H@X0R", who is most likely some 14 year old without anything better to do who is causing some minor damage, without a clue as to what a TCP/IP packet is. The ratio of clueful hackers cracking to script kiddies cracking has gone way down over the few years, and products like BO are likely to blame. So what do you guys think about this... would you rather this turned around, or do you feel that distributing tools to nameless masses is a good method at getting back at the real evils?

cDc answers:

Obscure Images answers:
There will always be people who ride on the work of others. That's all that script kiddies are, poseurs, trendies or what have you. Back in the old days after War Games came out there were floods of "hackers" out there and these same comments were made. In the end, there is always a shakeout process. Most of the current script kiddies will abandon their activities, leaving the hardcore still in place.
--
Reid Fleming answers:
I suggest reading the section on Evolutionarily Stable Strategies in The Selfish Gene.
--
G. Ratte' answers:
It's tricky, and I refuse to get into the kind of age/experience penis-size wars that always come up with this "lamers are running around with dangerous scripts" thing. Back Orifice is distributed the way it is to force an issue. A hell of a lot of people should be upset their computers are wide open. I've always hoped that people interested in our tools would seek out our other material and read up on what we're about. And that they'd be smart enough to figure out that bumming some hapless person's day by screwing up their computer is not a good way to spend an afternoon. The end of all our text files from the last few years says this: "Save yourself, go outside, DO SOMETHING!"
--
Nighstalker answers:
Virtually anything can be used for evil, as virtually anything can be used for good.

One thing about BO2K is that the author deliberatly made it more difficult for clueless script kiddies to use. They're the ones who constantly plague us with badly mis-spelled complaints about how BO2K doesn't work. The IT professionals sing our praises about the power and ease of use of BO2K.

BO2K is forcing evolution to accelerate in the world of computer security. we regret the damage that is done with BO2K. In the long run, we will all be the better for this.
--
Tequila Willy answers:
I think you have raised an excellent question. However, I am doubtful that good products like BO can be identified as the cause of the diminishing number of hackers in comparison the the number of script kiddies. I believe that each individual must take responsibility for the character traits that they choose to cultivate in themselves. If the number of script kiddies continues to grow and more individuals choose to take the path of becoming a script kiddie rather than pursuing hacking skills, then this seems more plausibly interpreted as a sign of laziness or a short attention span on the part of those who choose this path. I don't think that BO could be blamed for such a result. That being said, I would prefer to see more hackers than script kiddies but only because I respect the skills of hackers more than the skills of script kiddies. And I would rather participate in a society populated by individuals I can respect. However, I believe your question should lead us to thinking more about what sort of behaviors should or should not be tolerated in cyberspace. And before we can address that question, it would first be helpful to conduct an inquiry into the metaphysics of hacking. I believe that many of the laws regarding computer security issues are misguided because they make fundamental assumptions about the nature of the computer hacking environment that simply are erroneous.
--
Tweety Fish answers:
The ratio might have changed, but the total number of people with a clue has increased, not decreased. Some 14 year old might get their start by messing with bo2k at school, and then they might start writing plugins, and then they might need to do something stranger, so they'll mod netcat to do suit their needs, and then they might realize how horribly insecure their own system is, and install linux or freeBSD to mitigate that somewhat, and then they might get out of school and go get a job securing corporate networks with all the knowledge they've gained.

Kids will be kids. If computer security was a real priority for operating system vendors, Joe Random 14 year old would need a lot more than something as general purpose as BO2K to start trouble. He'd need... uh... a car, say, or some bleach and ammonia, or a lot of beer.

yoshi asks:
What should application and OS designers do to build systems which are more secure?

cDc answers:

Reid Fleming answers:
For starters, they should spend more time and energy on security than UI design, documentation, or product packaging.
--
Nighstalker answers:
Learn from the mistakes of the past and the solutions of today. It's not that hard to impliment security. It's just easier for lazy coders and indifferent beancounters to blow it off by saying that, "This is not something our customers are demanding in our product."
--
Dildog answers:
Proactive security measures. Encrypt everything. Eliminate HTTP and go right to HTTPS everywhere.
--
Tweety Fish answers:
Make security concerns and security audits an integral part of the development.

Alpha42 asks:
Okay.. Here's my question.. what ever happened to Obscure Images?! I haven't seen anything from him in AGES... Don't get me wrong, I thought BO was good and all, and I'm sure it's generated 99% of the PR lately.. but I miss the original cDc stuff.. the files! :) And Obscure?! OH man...

cDc answers:

Obscure Images answers:
Hey, I'm still here, and I am as active as I have ever been. I've never been gone, just acting back in the shadows. I do what I can to help plan and implement our projects. Most of it comes without the glory or press attention, but it has to be done for us to be successful. Over the past 10 years I've gone to school, gone out into the world, gotten married, and started to go a bit grey. Not related to my marriage, I assure you. There will be more files from me, it's just a matter of finishing them. Keep your eyes open, your mouths too.

As far as my poetry goes, I have an excuse. It was 10 years ago, I was a typical late teen with clinical depression and the idea that I could write poetry. I stand by my stories, but would rather see the poems fade away like my youth.

Oh yeah, you have seen me, everytime you see our Paramedia Cross logo.
--
Tweety Fish answers:
Near the end of the cold war, Obscure Images was captured by a splinter faction of the KGB, and forced to write polemics, in verse, in a futile attempt to turn the people of the former Soviet Union back on the true path to communism. He's back now, and doing fine, except for that twitch.

Effugas asks:
What tools, in your minds, would you consider the most useful but least acknowledged tool in your security analysis collection? When backed into a corner, unsure how to whip something into shape, what obscure and strange network(or even non-network!) utility popped into mind and either performed some amazing function you couldn't imagine coding yourself or gave you the necessary cluephone ringing (via source code peek) to pull it off yourself?

cDc answers:

DilDog answers:
lsof. Use it.

Anonymous Coward asks:
My question is simple:

When will you start to do productive things ?

Ok, here is some context for the question. I know about BO2K ; and saw miscellaneous software at cDc site.

But on the other hand, the cDc has existed much longer than Linux itself, the FreeBSD team, NetBSD, and for probably as long as the FSF itself. One one hand you have a wealth of software (for instance here or here), on the other hand, after 15 years, you have a handful of cracking tools, one Windows administration package, an unorganized set of information, and stickers + temporary tatoos for sale.

In particular, it is a total mystery why since all that time, you haven't done one of the following:

• Review, summarize existing security systems, document and implement a robust security model. Unix model is total crap ; even Multics (design: 1963) was better (Multics achieved B2 security rating).
• Audit publically a freely available Unix (today done by OpenBSD instead).
• Write automatic assembly code analyzer to search for bugs (or at least for C). Commercial tools exist by now, and last time
• I tried to see if a free one existed, all I could found on cDc site was a "Tao of Windows Buffer Overflow" (a re-hash of techniques found for instance in Morris' Internet Worm in 1988. See Spafford's excellent report, and the Worm's FAQ).
• Lent a bunch of your machines, to hold contests such as "the best security model for Linux/BSD, running almost all possible services/servers, CGI, ...".

In this context, when will you stop selling temporary tatoos, and start real programming (other than BO2K)?

cDc answers:

Obscure Images answers:
While cDc does some programming, this is not the sole focus of our efforts. To compare us to the other groups you mention you have to realize that we have different goals, as well as methods. We don't feel obligated to do anything for anyone. Our work is directed by our desires and our goals, not the desires of the community. Everything we do is productive in our eyes. We like to think that we've done work every bit as important as any of the above groups. It's all a matter of perspective. We have no problem with the people who have given their time and energy to these other projects, but we are not like them. We do things when we want to, in the way that we want to.
--
Reid Fleming answers:
Temporary tattoos are a CRITICAL ELEMENT of our security strategy. To suggest otherwise is sheer lunacy.
--
G. Ratte' answers:
Wow. I don't know when I'm going to be productive. Mom wants grandkids, too. Why should we do those things? Maybe we will, maybe we won't. Why don't you? We do other things. As far as "lend a bunch of your machines to hold contests..." that's funny, what bunch of machines? None of us are wealthy. You looked at our site and blew it off as a "handful of cracking tools & an unorganized bunch of information." That's the first electronic magazine ever, starting in 1984. It was a big deal to me when I was fourteen and bored in a small town, and I was doing something new and exciting and fun. I don't necessarily want to satisfy your weird little computer fetishes. I've got a dog and a cat and a screwy relationship and my picture in SPIN and no job and I'm busy.

Too busy for you.

To quote from cDc #300:

THE POINT
by Bryan O'Sullivan

you could spend an hour counting the petals in a flower
it might take you a year to count the veins in each petal
if you spent ten lifetimes, maybe you could count its cells

but you'd have completely missed the point
you fuckhead

--
Nighstalker answers:
And this comes back to my first answer. cDc is NOT ABOUT PROGRAMMING!

Programming and computers are only a means to an end. --
Tequila Willy answers:

Dear Anonymous Coward,

Your question seems very serious and as such seems to be counter productive. The Cult of the Dead Cow exemplifies the very attitude that ought to be cultivated considering the absurd nature of existence. Take a moment to contemplate your death and your own concerns about what counts as productive behavior may shift. You may think to yourself, "I am merely a mortal who will die, but I must live responsibility for the sake of those who will survive me." But of course your friends and family will die and there will come a time when no one alive will even have a memory of your existence. And if that weren't enough, at some point our own Sun will supernova, and when this occurs, human life on earth will be destroyed. At that point, human beings will not even exist to contemplate the fates of those like yourself who died long ago. From this perspective, all human actions seem to take on an equal importance: our concerns are absurd! To live freely and responsibility, a mature human being must realize this point. Having fun, living and loving well, being playful (and hence flexible in your living): these actions take on much greater importance than behaving in a serious (and hence rigid) manner. Your question is foolish because it is not asked with a foolish spirit.
--
Tweety Fish answers:
Read our files. Read our press releases. It's all about style, jackass. Incidentally, the first of your suggestions is a primary goal of the OpenBSD project, like you said. The second suggestion is a fine idea, why don't you do it? (re: spafford's paper and the internet worm, the internet worm didn't run on win32, now, did it?). As for the third suggestion, gee, that's a great idea. Why don't we kick down a couple hundred thousand for a semi-trailer we can turn into the cDc hackmobile, and load it up with all these high-end systems we have sitting around, and hire somebody to drive it around the country so people can mess with it for free!

We do what we're interested in, what's fun, and what's within our resources, plain and simple. And we try to keep it funny.

Descriptions of who these people are are at http://www.cultdeadcow.com/members/.

Doom / Back Orifice Linux Client.

[jelwell]

Using Dennis Chao's work as a base I implemented an interface for the Linux Back Orifice client in Doom! Now you too can Play Doom while you Blow up Windows Machines!
http://www.geocities.com/doomhack/
Joe.

Re:Doom / Back Orifice Linux Client.

[JohnnyO]

Now, truly, the open source community has reached its pinnacle. :)

Seriously though, I think that programs such as these that allow users to visualize more complicated computer concepts in a simpler form are truly a great idea.

You wouldn't have to train anyone to use a word processor if the word processor could be abstracted to the (virtual) user picking up a pen and paper and starting to write. Drawing a line under your text is much more intuitive than highlighting the text and clicking Format . . . Underline.

Similarly, if you want a bigger font, just write bigger.

JohnnyO

Re:Doom / Back Orifice Linux Client.

[jshare]

That is the most hysterical thing I have seen in a long, long time.

Props to you.

Re:Doom / Back Orifice Linux Client.

[delmoi]

You wouldn't have to train anyone to use a word processor if the word processor could be abstracted to the (virtual) user picking up a pen and paper and starting to write. Drawing a line under your text is much more intuitive than highlighting the text and clicking Format . . . Underline.

You need to 'train' people to write with a pen already, although it usualy happens in elementary school. Anyway, if a person wanted the exsperiance of using a pen and paper, then they could just use a pen and paper...
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:Doom / Back Orifice Linux Client.

[Chandon+Seldon]

You underesitmate the amount of time it takes to teach someone how to wright. Why waste your time emluating smearing a dye on ground up trees when you could design a truely usefull interface?

Re:Doom / Back Orifice Linux Client.

[korpiq]

Now if you'd take a WAD file editor source and modify it to read the directory structure of the BO host, generate a map of it with different directories as separare rooms filled with the files as pickable items, scan the processes' open file descriptors to see in which rooms each should be located at, and sell it in cDc style as "System Manager for Dummies" :D

Re:Doom / Back Orifice Linux Client.

[jelwell]

I thought about generating WAD files on the fly, to represent a port scan on any remote machine, before I wrote the remote windows hack. But it didn't seem as fun. Creating file download seems like it would be kindof exciting, except that there are *so* many files on a windows system. It might be more interesting to actually look for known files of some importance first then store those in behind locked doors...

However your idea presents an entire replacement for gmc. Doom as a file manager...
Joe.

Re:Doom / Back Orifice Linux Client.

[Racine]

>>You underesitmate the amount of time it takes to teach someone how to wright. Why waste your time emluating smearing a dye on ground up trees when
you could design a truely usefull interface?

You also seem to underestimate the amount of time it takes to teach somone how to spell...

Re:Doom / Back Orifice Linux Client.

[cultobill]

You need to 'train' people to write with a pen already, although it usualy happens in elementary school.

Isn't that the idea behind it?

Anyway, if a person wanted the exsperiance of using a pen and paper, then they could just use a pen and paper...

Actually (might just be me), I'd rather use a pen and paper, if I could do half the things I do with StarOffice. Copy/paste, spellcheck, save multiple copies, revert, change formatting after the fact... I could go on, but I think you get the idea.

Viva CDC!

[xenotrope]

Some people love 'em. Some people hate 'em. I congratulate them on doing a job no software firm wants to admit even exists: finding serious flaws in seriously flawed products.


---

Thanks cDc

[Ratface]

We do what we're interested in, what's fun, and what's within our resources, plain and simple. And we try to keep it funny.

Well said!! It was this kinda attitude that got me into the Internet long ago and it's this kinda attitude that the web needs more of.

Reading this article made me realise how much things have changed in the last 5 years. On the one hand I'm making money creating coroprate sites - on the other hand I miss the days when every time you turned your head, you found another FTP repository of bizarre text files ranging from Blue Box plans to ideas for wolrd domination.

(Whatever happened to the idea of paving the earth anyway??)

Re:Thanks cDc

[mischief]

Reading this article made me realise how much things have changed in the last 5 years. On the one hand I'm making money creating coroprate sites - on the other hand I miss the days when every time you turned your head, you found another FTP repository of bizarre text files ranging from Blue Box plans to ideas for wolrd domination.

Aye. In maah deh, y'cud phown t'gels on chatlahn, crack t'lettest version of 'pache and still 'av tahm for a kebab on way home.

moo!

--

Re:Thanks cDc

[mezzo]

Your question is foolish because it is not asked with a foolish spirit.

*laugh* i like that line!

some people take themselves far too seriously.
but then again, i suppose different things have different measure of importance to different people.

Re:Thanks cDc

There use to be the Church of the Urban Druid. Whose main purpose was to raise money from ecological groups and use it to pave the world. They use to have a website, unfortunately I am unable to find it.

cDc

[IanCarlson]

This article gives us one more reason to "b0w to the c0w". I'm impressed. Thank you, cDc-ers and thank you Slashdot.

The most entertaining interview to date!

It may not be news, but it is definately for nerds. This was informative and entertaining. Cool stuff. MORE!!

"Productive" is in the eye of the beholder...

[SL33Z3]

"When will you start to do productive things ? "

I find it amuzing when people say "it wasn't really productive". Productivity is objective. I can sit all day and not "accomplish" anything physical, yet in my mind I have sorted out many things. Sure, people would say I'm lazy and using excuses. But I'm not.

The cDc has been "productive" as long as I have known of their existance. Whether playing practical jokes or coding BO or other hacks. They have contributed, at the very MINIMUM, fear to the software society. Enough fear to make SOME software vendors actually test their products before shipping. Aside from that, I could go on for hours on what they have done "productively", but that wouldn't be very productive now would it? *grin*


SL33ZE, MCSD
em: joedipshit@hotmail.com

Obviously scared to show himself...

G. Ratte' answers:
...What I choose to cover my massive, pulsating tool swinging handily between my taut legs is my business, and my business only.

I wonder if I would get hacked for making fun of him for this comment? [x]Post Anonymously ;-)

Re:Obviously scared to show himself...

yeah, the last time I blew him his legs weren't taut....oops. Uh, never mind.

...

[Signal+11]

Absolutely amazing - most of this article was contradicting itself. For example - they denied that they were script kiddies and such, and then went on to say they didn't "consider programming to be the focus" of their group. Well, which is it? For a closely knit group, you guys sure have alot of conflicting answers. (yes I'm aware that I only included one example - this is for brevity)

Also - after reading this article I have no sympathy for cDc getting the shaft by several anti-virus makers - when your image includes swear words and thinly-veiled slams on serious questions about your group - it's very difficult to take you guys seriously.

--

Re:...

[Garrett+Rooney]

when your image includes swear words and thinly-veiled slams on serious questions about your group - it's very difficult to take you guys seriously.

judging from their responses i really doubt they're going to loose a lot of sleep because you don't take them seriously.

you appear to have missed the point entirely. they don't want you to take them seriously. its all a joke except when its not, if you can't figure out when its not then that's your problem.

Re:...

[vyesue]

I'm not really sure that the cDc is interested in being taken "seriously". I think that's the whole point. Lighten up.

Re:...

[bgarrett]

I don't see that as a contradiction. "Script kiddie" and "programmer" are not opposites -- the kiddiez are the ones who don't want to UNDERSTAND, not those who don't want to PROGRAM. There is a distinction, believe it or not.

And as for taking them seriously, the idea that swear words and slams will somehow cancel out the talent and effort that the cDc has demonstrated is laughable. They're not going in for a job interview. They aren't modelling this year's fashionable clothes. They don't need presentability because they aren't trying to pass themselves off as anything but a bunch of guys having fun being elite.

Re:...

[pen]

For a closely knit group, you guys sure have alot of conflicting answers.

Yeah, especially for that underwear question... what's up with that?

--

Re:...

[Kintanon]

Also - after reading this article I have no sympathy for cDc getting the shaft by several anti-virus makers - when your image includes swear words and thinly-veiled slams on serious questions about your group - it's very difficult to take you guys seriously.



Then you MISSED THE POINT!! They don't want to be taken seriously! They are doing what they are interested in and DON'T GIVE A SHIT about you or your opinion. Just because they don't consider programming to be the focus of the group doesn't make them skript kiddies. Programming isn't the main focus of my work either, does that make me a script kiddie? NO! It makes me a fucking Tech Guru. Just because someone isn't a programmer doesn't mean they can't program or should be considered a script kiddie. The CDC developed a useful tool and gave it away. That was just a side affect of their normal lunatic activities, which is exactly the way they like it. Don't blame them for not being 'Suits' just because you think they should be all stodgy and corporate.

Kintanon

Re:...

[Hobbex]

Also - after reading this article I have no sympathy for cDc getting the shaft by several anti-virus makers - when your image includes swear words and thinly-veiled slams on serious questions about your group - it's very difficult to take you guys seriously.

No, the cDc should be applauded for being intelligent and competent without trying to be conformist or "serious" in the eyes of management, bankers and other hellspawn. Any idiot PHB can clean up his act and his language, and because of that the rest of the world are hostages to these ridiculous customs. Fuck em.

-
/. is like a steer's horns, a point here, a point there and a lot of bull in between.

Re:...

They are doing what they are interested in and DON'T GIVE A SHIT about you or your opinion. Just because they don't consider programming to be the focus of the group doesn't make them skript kiddies. Programming isn't the main focus of my work either, does that make me a script kiddie? NO! It makes me a fucking Tech Guru. Just because someone isn't a programmer doesn't mean they can't program or should be considered a script kiddie.

And you are the type that makes the BOFH what he really is... a prick.

Re:...

[Signal+11]

My post addressed their wanting to be taken seriously by the industry (ie: releasing a useful software product for administrators) instead of a bunch of l335 d00dz (ie: releasing a trojan horse to take over remote systems). In this case, image is everything. Shades of grey, my friend.

I didn't say I agreed with it. I didn't say I like how the system works. But I have no sympathy for people that understand it yet ignore it, and then whine about how nobody takes them seriously. In the media, not only is image everything, it is the only thing. Why do you think linux isn't making as much progress in corporations as it should? Image - it's young and immature. It has nothing to do with the technical merits. Witness again a young CEO being denied entrance to comdex... the "image" that most people have about the under-18 crowd is why that happened.

--

Re:...

[Kintanon]

And you are the type that makes the BOFH what he really is... a prick.

Exactly, if you're going to be an idiot I'm going to be a prick. If you have some desire to learn more than how to call me to fix your problem I'll be much nicer.

Kintanon

Re:...

[delmoi]

Absolutely amazing - most of this article was contradicting itself. For example - they denied that they were script kiddies and such, and then went on to say they didn't "consider programming to be the focus" of their group.

This is an intresting dicotomy you've drawn. everyone is ether a script kiddie or not in your mind I take it? I'm sure coding is not the focus of Bill Clintons life, does that make him a script kiddie? What about Hether Gram? is she a script kiddie?

Its posible for a group to be more then one thing... for all we know, these guys never hack on machines that arn't there own. Anyway, since these guys have writen at least one tool, they are not script kiddies. a kiddie is someone who uses other's hacks without understanding the technology
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:...

Why should "releasing a useful software product for administrators" mean that they want "to be taken seriously by the industry"? Maybe they just wanted to write / release the program?

And where do they "whine about how nobody takes them seriously"? Doesn't sound much in character to me.

Re:...

[kraig11]

Judging by their comments in the interview, I would say they don't really *want* to be taken seriously. Why would a group that profess to want to be fun loving, etc, aspire to this?

They're right - life's too short to take everything seriously.

Re:...

Programming isn't the main focus of my work either, does that make me a script kiddie? NO! It makes me a fucking Tech Guru. Just because someone isn't a programmer doesn't mean they can't program or should be considered a script kiddie.

However, calling yourself a "Tech Guru" makes you a fucking idiot.

Anonymous Poster (because although I have an account, I don't claim to be a security god Tech Guru, and a million script kiddies [I hate that word] have the tools to fuck me over when I exercise by right to free speech)

First: Cats don't wear hats.

Second:

Personally, I refer to people by whatever term they would like me to use, unless I don't like them.

This is Politically Correct Liberal fascism! TRUE FREEDOM means accepting one's invariable obligation to be as rude as humanly possible to everybody at all times, except to like, uh, you know . . . white guys and Christians. And rich people. Rich people especially. Except Oprah, 'cause she's a chick and she's black so it's okay to be rude to her even though she earns more in a week than you'll earn in your life. If you're rude to xians, white guys, and rich people other than Oprah, you're viciously persecuting an oppressed minority. If, on the other hand, you're polite to "minorities" and chicks, then you are ALSO viciously persecuting that same oppressed minority (white/xian/rich-but-not-Oprah) all over again! Terrible, isn't it?


Contempt for simple decency and good manners is a sign of a dying culture. Period. Kudos to this cDc guy for grasping some faint shadow (at the very least) of that fact.

Re:First: Cats don't wear hats.

[Fenmere,+the+Worm]

Respectfully, I think I can reply to this.

Contempt for simple decency and good manners is a sign of a dying culture. Period.

Speaking as an Anthropology minor. In general, cultures don't "die out." They change maybe, or get assimilated by another culture. And maybe a culture will get wiped off the face of this planet by some grand catastrophy. But they don't generally "rot from within," as some people put it.

In other words, common decency and morals are completely relative. There is no universal standard. I'd bother to illustrate this, but most Anthropology text books do very well, so you might want to just look up cultural relativism. It's very interesting, insightful, and admittedly has some of it's own pitfalls.

On the other hand, AC raises some good points about the various catch 22s that exist in the U.S.'s current cultural climate. But his reactionism simply reduces his words to flame bate. He uses terms, such as "Politically Correct Liberal fascism," that are only really meaningful if you come from the same subculture as he does. Let's ignore those, and translate:

Because certain groups of people, called "minorities," are attempting to shrug off oppression, and other certain groups of people have given them a voice (academics, media, polititians, activists), we have something called "Political Correctness." The problem is that no one can quite agree on what is "Politically Correct." This is because each individual in any said "minority" has had a different experience. This is probably because our country is so incredibly big. In any case, this breeds conflicting messages, and these conflicts are extremely frustrating.

This, I think, is quite true. But it will work itself out, somehow.

Re:First: Cats don't wear hats.

[BurntHombre]

WHAT? Um, dude, what are you smoking? That's one of the weirdest tangents I've ever seen.

Do us all a favor and wake up on the OTHER side of the bed tomorrow morning.

Re:First: Cats don't wear hats.

[synx]

What? You don't like random monologes that go from nowhere, lead to nowhere and have no valuable content in them whatsoever?

Comeone, he was making a joke, and I found it funny. I'd have written that if only I wasn't so damn lazy.

Re:First: Cats don't wear hats.

But his reactionism simply reduces his words to flame bate. He uses terms, such as "Politically Correct Liberal fascism,"

Huh? Correct me if I'm wrong, but he was being sarcastic. Read his last paragraph.

Re:First: Cats don't wear hats.

[Fenmere,+the+Worm]

Huh? Correct me if I'm wrong, but he was being sarcastic. Read his last paragraph.

You know? I think you might be right. But it is so hard to tell which way he is being sarcastic. But the more I read it, the more I'm not sure I interperated it correctly. Still, that last sentence I quoted bugs me itself.

If AC's post is satire, it is good, beautifully twisted, but maybe too subtle for my brutish frontal lobe.

I apologize for any misunderstanding on my part, while still standing by the main point of my reply.

What a touchy subject, no?

I don't know why this stuff seems cool to me....

[mattz]

...i guess i am just a looser who digs programming and farting around and such with hardware and code...The things like cDc, Phrack, and PLA feed my soul. Their fresh, truly cynnical and brash way of answering questions and writing about items of interest really click with the way I view myself and others like me. Ya know, finding people who like hacking computers and stuff is so fskin hard that seeing people like me--except for way much cooler--get in the limelite is just cool. enough said...

Completely unlike Linux

[konstant]

From the interview...

NT - Shit wouldn't happen if you'd just spend a few months performing 300+ modifications to our default installation, you lazy sysadmin. Get your MCSE.

Which is completely unlike the statement "Shit wouldn't happen if you'd just gone to Red Hat's ftp site to download the latest patches, trolled the newstgroups to find the appropriate HowTos, read BugTraq for three weeks prior to installation, been running the correct firewall, never opened any ports other than 80, never installed anything that had a 'd' at the end, and had Linus Torvalds personally supervising the installation. You stupid BillG-loving Windoze Luzer."

I would like to know how cDc can make blanket statments about WinNT5/"2000" security? Security issues are the primary reason OS's get delayed from ship at Microsoft. Are they basing this statement upon how difficult it was to crack RC2, which is a beta? I'm assuming they at least have used win2k...

-konstant

Re:Completely unlike Linux

[Garrett+Rooney]

the difference is that redhat shipped a reasonable secure operating system, then posted patches as updates became avaliable.

nt ships in a configuration the needs roughly 300 modifications before you can start to consider it "secure".

Re:Completely unlike Linux

But the big difference--and this just goes to show you're completely lacking that Golden Clue--is that if a problem pops up with a Unix system (fuck redhat and fuck rpms, too) we can actually fix the goddamn thing ourselves.

RPM and RedHat are excluded from this because the *brain damage* caused by setting up an entire system using only RPMs is too severe to expect the subject to be able to make rational decisions about much of anything else later on. Expecting someone who built their machine with RPMs to have enough of an idea of where everything is to be able to locate a problem subsystem on their own and disable and/or upgrade it without having to download the latest RPM from RedHat and hope they got it worked out properly, is simply asking too much of their poor withered minds.

Re:Completely unlike Linux

You've completely missed the point fuckhead. I am sure Microshaft is willing to make things a bit more secure to suck down that fat $100 bill from your wallet. Al least with linux/BSD/Unix, you can fix it right... FOR FREE. You sir obviously have more money than brains.

Re:Completely unlike Linux

[konstant]

But the big difference--and this just goes to show you're completely lacking that Golden Clue--is that if a problem pops up with a Unix system (fuck redhat and fuck rpms, too) we can actually fix the goddamn thing ourselves.

I don't believe I said anywhere that Microsoft was better than Linux did I? I didn't mean to imply that.

Do you really personally fix the source code yourself when your Linux box gets hacked? You have a lot more skill than I do. I wouldn't know where to start.

-konstant

Re:Completely unlike Linux

[konstant]

You've completely missed the point fuckhead. I am sure Microshaft is willing to make things a bit more secure to suck down that fat $100 bill from your wallet. Al least with linux/BSD/Unix, you can fix it right... FOR FREE. You sir obviously have more money than brains.

I have very little money.

Microsoft releases SR, SPs, and even the entire "Second Editon" of Win98 (sort of a glorified SP) for free. Microsoft does not require that you pay for security fixes. If you are having trouble finding those patches, they can be located at:

http://windowsupdate.microsoft.com

or, if your security issue is in Office, from:

http://officeupdate.com

I do not believe you are stating a fact.

-konstant

Re:Completely unlike Linux

[Zagato-sama]

Yeah I also love the way they "proove" NT sucks by installing BO server on a NT system. As if you couldn't do the same thing with a linux trojan? Security is 25% patches, 75% brainwork. Don't install software from untrusted sources, that's the #1 rule of safe computing. Of course hordes of Linux kiddies will run forward and scream "We're smarter then NT kiddies, so we wouldn't do something this dumb"

Re:Completely unlike Linux

[witz]

Was there a reason you called him a fuckhead?
Or are you just doing your best to be a moronic jackass hiding behind the AC curtain?

Re:Completely unlike Linux

Well, maybe when I'm retired, or unemployed and have the TIME, I'll correct every little issue myself by looking through the source code and recompiling. However, I don't have that kind of time on my hands considering the number of security updates that pop up for ANY system (just 'cause it's RedHat that posts the bug warning doesn't mean it only affects their system, which is a common misconception).

I paid my dues in the halls of Slackware. When I got tired of compiling every damned upgrade to GIMP on my slow system; annoyed by having to download and compile 7 different packages for a specific app to work (*cough* Enlightenment *cough*), only to find that each of the 7 packages also needed 2 other packages for each of them to function and that some of the packages didn't compile properly without tweaking for specific systems! This is when I turned to RedHat and the wonderful RPMs. I assume that you'll reach this point too, eventually.

Re:Completely unlike Linux

The point is that anyone can install this on an NT system, any user. That's where the poor security comes under fire. Under Linux, this would have to be installed by root.

Re:Completely unlike Linux

[.pentai.]

Untrue. Any linux user can run a daemon (as long as it uses a port above 1024) and that means anyone else can get in with that users privelages.

Linux isn't the end-all be-all of security and computing, please, learn this.

Re:Completely unlike Linux

[gavinhall]

Posted by Synsthe:

Okay, I'll have to start this with the obvious here: RedHat isn't Linux.

It's merely a distribution. We all know this, it's been said how many times, yet everybody seems to forget it on occasion when it suits their debate.

Why not compare Debian? ``apt-get upgrade''. Ouch, that was hard. Why not ftp into updates on redhat.com, grab all the rpms and rpm -Uvh *? That's probably too hard too.

Anybody can make blanket statements; MS does it all the time about Linux. If you don't agree with it, that's fine - at least find some valid points to rebut it with though, or just revel in the knowledge that you know better, but do it quietly.


--

Re:Completely unlike Linux

[_Sprocket_]

Any linux user can run a daemon (as long as it uses a port above 1024) and that means anyone else can get in with that users privelages.

So then the question to ask is - can a user with non-privilaged access running their own daemon do the same things that BO does?

Re:Completely unlike Linux

[parasite]

I couldn't agree with you more. The people who BITCH AND MOAN about rpms and other things are the people who don't actually have any work to get done, and have the time to dick around all day long. They NEED TO REALISE the purpose of an operating system is to serve the user and provide a means to an end. And, in 99% of computer usage the *END* does not refer to rewriting a damn program, the end is accomplishing something else.. let me give an example: 99.9% of the people use their car to GET SOMEHWERE, where as there might be a car enthusiast whos only purpose is to make his car better and better, play with a bit, but spend the majority of his time enhancing it. Now if as a requirement to owning a car you HAD to spend 90% of your day fixing it etc.. I somehow doubt too many people would be using cars. Same thing with this, you are the 1% (the original post) so fuck the hell off, get a clue.

Re:Completely unlike Linux

Redhat *is* Linux -- it's Redhat Linux.

Linux isn't Redhat, it's Linux.

And yeah, upgrading slackware packages isn't hard, and automating the entire process for any of the aforementioned distributions isn't that tough either.

Unless you're a journalist/Windows user and you didn't do your homework. Hmm, sounds like a need to RTFM.

Re:Completely unlike Linux

[djneko]

If it's from MS, the security is crap. everything else is better by comparison. Linux is pretty good if you're a Linux guru. Same thing with any other flavor of UNIX. But no matter how good you are, there's someone out there who is better than you.

And you ignored the comments from the other members totally because... ? Did you miss the part from the same member about "Linux: If it breaks, you fix it", meaning that because all the source is available to you, when something is wrong you can get in there and fix it yourself. The kernel for Linux has an official release at least every few months that I see, while the NT kernel is upgraded, what, every couple of years? And you can upgrade parts of the OS, without having to have an insecure, slow browser as part of your OS. Because NT is closed source, you have to rely on Microsoft to provide the security patchs, and Microsoft is the one responsible for the gaping security holes in the first place. Admittedly, they are getting better, but half of the security updates I get for NT are related to IE having some stupid bug in, say, the Favorites which "malicious website operators can exploit" or some such. When was the last time your Linux box was compromised in any way from visiting a web page? (Other than some shitty javascript making Netscape go nuts and break, which it can do very well by itself with no java) That is what I call some very terrible security.

I'm not saying Linux is perfect, far from it. But Linux has the benefit of possibly millions of trained monkeys that fix things in it because they love doing it. MS has a few thousand that fix things because they get told to fix things. IIS had a bug in the FTP code that would shut down HTTP if it recieved unrecognized commands, but the FTP would keep running. The solution was to install SP5, which fixed it. That was the only problem we had with a web server, and we had to install a 50 meg patch to fix it. Not very effecient. Because everyting is so tied together, the FTP daemon can shut down the HTTP daemon under NT. We were rebooting the server approx once an hour because of that bug. A commercial server that hosts over 400 websites, that MS wont provide tech support for anymore, because then only offer support if you host less than 150 websites on a server.

/rant off

Re:Completely unlike Linux

[Zagato-sama]

Actually I believe only a user with NT admin status can install BO2K as it requires access to the registry, as well as system files

Re:Completely unlike Linux

[Zagato-sama]

It might not, but this does leave a backdoor for the assailant to walk into and exploit the system further

Hey! I thought I told you to SHUT UP?!

[Skip666Kent]

"The Horrors of Ivan"

Coming soon, to FOX TV!

Re:Hey! I thought I told you to SHUT UP?!

[Reid+Fleming]

"$.78 or I piss on your flowers!" etc., etc.

wow...

[RyanP]

After meeting bits of cDc at DefCon 7
(Us: Hey G. Ratte, we heard BO2k is going to be open source...
G.Ratte: Open Sores! Ahhhhhh! {runs out of room yelling})
and seeing the BO2k presentation, I must say that you guys are crazy. Yup, crazy-pants. But BO2k is an extrodinary sys admin tool (tunneling throgh ssh makes me weep with joy) and the T-files are...interesting. Keep up the good work!

Sir Dystic

[Gangr33n]

Anyone know where he was?

Nice! He mentioned The Selfish Gene!

I'm reading that book for my humanities class right now (perhaps Reid Fleming went to Boston University...). Anyway, the idea of an ESS being applied to anything outside of genes is condemned by the author; however, I can't say that it isn't tempting to do. For those who are interested, pick up the book and read Chapter 7. -avtr

Re:Nice! He mentioned The Selfish Gene!

[SEGV]

I'm almost finished reading it as well, loved the reference.

The ESS can be applied beyond genes, though. Wasn't it an economist who introduced it? Doesn't it figure into game theory?

--

Re:Nice! He mentioned The Selfish Gene!

[gid-foo]

(perhaps Reid Fleming went to Boston university...). Actually he's the world's toughest milk man. And he didn't go to any freakin sissy-boy college.

Re:Nice! He mentioned The Selfish Gene!

[bonoboy]

Why? Explanation in three words: tit for tat. And yeah, damn nice. Notice this trhead is a little slim, though :)

Re:Nice! He mentioned The Selfish Gene!

[bonoboy]

Yeah Hawks vs Doves, the Prisoner's Dillemma and all that. It's all game theory. ESS's are just formulae for behavioural patterns over generations and iterations of similar events through an organism's life. See below.

Re:You wish

[xENTROPYx]

hehe Seems to me like the cDc are having fun as Anonymous Cowards...

Hmmmm....

[xENTROPYx]

hehe Seems to me that the cDc are having fun on this thread as Anonymous Cowards... Maybe trying to break the moderation system? ;)

Re:Hmmmm....

Power to them...

Re:Hmmmm....

[mochaone]

Do you really think those guys would worry about posting as themselves? Get real dude.

Re:Hmmmm....

[penguinicide]

Worry about it?

You make a very careless and possibly egotistical assumption that they even have logons on slashdot. (I'm not talking about telnet or other...)

Re-read the interview. There are cluse that would lend credibility to the idea.

Please clarify

[konstant]

Could someone please clarify something about BO2k for me? In the interview with reference to Back Orifice, they state:

A hell of a lot of people should be upset their computers are wide open.

Now, as I understand it, Back Orifice will not run unless the victim (excuse me, "remote client") voluntarily installs it or is tricked into doing so. cDc also repeatedly emphasizes that BO2k can be used as a legitimate administration tool.

Are cDc suggesting that if I can write a remote administration program for an operating system, then that system is "wide open"? On what system is this impossible? If there is such a system, isn't that a failing of the OS rather than a security plus?

I know very little about cracking, but it seems to me the only security compromise in the BO2k scenario is social engineering. "Click on this c00l zip file, dude!"

Where's the security flaw? The fact that, once I have user permissions, I can do bad stuff? I thought... well isn't that obvious???

-konstant

Re:Please clarify

Where's the security flaw? The fact that, once I have user permissions, I can do bad stuff? I thought... well isn't that obvious???

Mmm, yeah, that is the problem. Let's say you're on a UNIX box as a "normal user." Try to trash the system or load something like BO that allows others to remotely mess with your system. Pretty hard without root access, isn't it?.

Now get on a Winbox as a "normal user" and try to trash the system or install something like BO that allows others to remotely mess with your system. Pretty easy, isn't it?

Of course, all the Windoze weenies will respond with "Well, duh, if you have root on a UNIX box you can do anything you want! It's no better than Windows you loser!" To which my response is, "Yeah, if you have root. Isn't that what I said?"

The next response is then "Well you CAN secure NT!" to which my response is "Yeah, maybe, but you can't secure 95/98 and how many more people use that compared to NT? Maybe you don't care, but it bugs me that my parents dial into the 'net with their horribly insecure little Win95 box; not that they have anything urgently secret to hide, but I do believe they have the right to a certain amount of privacy that Win95 just doesn't give them if someone just felt like cracking their box out of sheer boredom or just for fun. And sure you can sort of secure NT but the differences between UNIX and NT security is that UNIX systems make the assumption that only root can do anything and you have to try hard to break that; NT comes with the assumption that anyone can do anything and you have to work hard to fix that."

Ok, enough ranting...

Re:Please clarify

[konstant]

Now get on a Winbox as a "normal user" and try to trash the system or install something like BO that allows others to remotely mess with your system. Pretty easy, isn't it?

Ok, that makes sense. Once you get into the Windows box by having the victim install back orifice, you can trash the machine. However, I was under the impression that these problems were well understood before BackOrifice came along.

What I was wondering was what makes BackOrifice itself revolutionary? What does BackOrifice expose that we didn't already know?

Or is it just supposed to be a toolkit, something like root kits in Linux?

-konstant

Re:Please clarify

What I was wondering was what makes BackOrifice itself revolutionary? What does BackOrifice expose that we didn't already know?

Does it expose anything new? Yes and no. Re-read the message you responded to. cDc wants BO and BO2k to make more obvious the fact that normal users can trash a Windows box because of the broken Windows "security model."

You keep pointing out that you have to get BO/BO2k onto the machine before you can take advantage of it. How many exploits have we seen in the last 6 months that give you the opportunity to execute random code from IE or Outlook? Lots. What's worse is that if you take advantage of these exploits, you can take advantage of them if the user you're busting is a normal user with no administrative priviledges once again because of Windows broken so-called "security model."

And this is all completely overlooking all the standard windows API calls that BO/BO2k use to do things like "retrieve all cached passwords from the system as unencrypted strings."

I'm not trying to be insulting here, but are you purposely being dense or do you truly not get it? Try reading the cDc's BO/Bo2k site - they almost certainly explain it better than anyone here would be able to.

Re:Please clarify

[Gangr33n]

Thank you! (damn. I thought it was just me.)

Re:Please clarify

You are right about "installing" BO2K, but, rest assured, that Win9x security BLOWS!!! Go do some research and you'll find out for yourself. If the cDc wanted to hack into your system (while you're on-line of course. NO-ONE can hack into your sys if your not...), I'm quite confidant that they (and a bunch of other's) could quite easliy.

Re:Please clarify

[FreeUser]

You really don't get it, do you?

Under windows 95/98/NT any USER can install a trojan, making the entire system vulnerable to attack.

Under Linux, BSD, and other systems which limits common user's rights and priveleges by default, the user can only damage that to which they have priveleges -- i.e. their own private home directory. Only root can cause systemwide harm, and the root account is restricted to a limited number of people (usually just one or two), and only used for specific system maintenance. Normal users are NEVER given root priveleges in a corporate environment. Even home users of Linux are guided through the process of creating a user account to use for everyday purposes, logging in as root only to do system maintenance (which is very rarely required, I might add).

In other words, if Joe Slacker emails Jim Clueless a self installing copy of BO[2K], and Jim Clueless opens the email on his windows box and foolishly (or curiously) clicks on the attachment, the software installs itself and the box is now vulnerable. Whats worse, some default windows installations will run the software and allow it to install without even requiring Jim Clueless to click the attachment!

On the other hand, if Jane Slacker emails Janice Clueless a self installing (no such thing at present) copy of LinuxTrojan, and Janice clicks on the attachment and installs the software, she can at most harm her own home directory. The rest of the system, to which she does not have write priveleges, is not vulnerable, nor are the other twenty users sharing it with her.

This is just one example of how the windows security model is fundamentally broken, and it is unlikely that any number of kludges or quick fixes will be able to repare it in a reliable manner, short of scrapping the entire thing and building a more secure system from the bottom up (perhaps using BSD code as a starting point). If the example above doesn't make the difference clear, I suggest checking out the numerouse security related web pages and news groups for in-depth analysis and discussions relating to computer security in general and Unix vs. Windows security in particular.

Re:Please clarify

[.pentai.]

So a "normal user" can trash their windows 98 box? GOOD. They have every right to. It's their computer. In a properly setup NT network a normal user can install BO2k, and guess what, he/she is screwed, but the system is fine. If the box isn't setup, well that's as stupid has having /bin/bash setuid root.

Re:Please clarify

[jelwell]

"What I was wondering was what makes BackOrifice itself revolutionary? What does BackOrifice expose that we didn't already know?"

You're right on one point: BackOrifice didn't expose any problem that we didn't know about. The revolution came when theory became reality and users have to deal with second guessing everything they do, and Microsoft has to address the problem to the media who thrives off of reality rather than theory.

Joe.

Re:Please clarify

[alexhmit01]

As an MCSE, NT and Linux user, Computer Engineer, and part time Network Consultant, I get this a lot from various people.

Win 95/98 are not secure. There was no attempt to add security for them. They were designed as a stand alone OS to run simple applications. If you want security, use a network operating system.

Now, the argument that Linux is better than 95 is pretty impressive, I mean, I would expect a clone of a industrial strength operating system used in expensive engineering workstations and server implementations to beat a simple GUI overhaul for a DOS based system. Comparing Linux and Unix to Win95 is silly. The only reason the comparison makes sense is that Linux is inexpensive enough (yes free, for people without high speed connectings it is effectively ~$50) to compete in consumer space if the features are there.

Why does NT a more fair comparison. If you are running either Win95/98/NT/2K, the reason (probably, I'll never ignore insanity as the reason) is to run Win32 applications. WinNT is the more powerful operating system for Win32 applications. Therefore, if you aren't using one of the funky consumer driven features of Win9x, you would be running NT if security or performance mattered.

In 95/98, the goal is for the operating system to support the one to a few users that use the system. Security like that isn't considered, because it isn't designed for an environment with multiple users.

NT on the workstation level is a reasonable comparison with Linux. NT on the server level is a reasonable comparison with Linux, NetWare, and commercial Unix. Linux is not a fair comparison with Win95. Linux is a workstation OS designed to run powerful processes on a machine. 95 is a consumer operating system designed to reach market and get sales. NT is designed for real environments where these issues matter. Anyone with the capability and interest to run Linux is probably deciding between NT and Linux. Most people that are considering Linux know that NT exists. Also, 95/Linux is never the comparison, because the main reason to run 95 over NT is games and other software/hardware support... I've never found anything that only will run under Win95 and Linux, but not NT.

There's still a difference

[aheitner]

Win2k crashes on my friend's machine when you exit Unreal Tournament.

Oh, and the RedHat update thing? (the RedHat 6 boxes we code on have been up since the beginning of the semester).

More like, "You go to RedHat's website, download everything in errata (1 command on any decent ftp client, try lftp), and upgrade everything you have installed (also 1 command).

If you do read BugTraq, you'd know that both RedHat and MS have a pretty decent record for acknowledging security holes quickly. The difference is that MS recommends a cheesy workaround and says "wait for the next Service Pack" (which break things more often than not; ZD's Tips for NT Admins include not applying Service Packs unless you know you need them, which is sad). RedHat meanwhile posts the URLs for updated packages in their messages.

You are of course free to run whichever you feel is easier to maintain in a secure state.

Re:There's still a difference

[konstant]

If you do read BugTraq, you'd know that both RedHat and MS have a pretty decent record for acknowledging security holes quickly. The difference is that MS recommends a cheesy workaround and says "wait for the next Service Pack" (which break things more often than not; ZD's Tips for NT Admins include not applying Service Packs unless you know you need them, which is sad). RedHat meanwhile posts the URLs for updated packages in their messages.

Right now I am browsing Microsoft's "Security Update" website with a new install of Win98:

http://windowsupdate.microsoft.com

I count eleven security patches that are not placed in SR's. Now I am browsing Microsoft's Office Update website:

http://officeupdate.com/

The first four links are for security patches that are not in an SP.

I do not believe you are stating a fact.


-konstant

Re:There's still a difference

Win2k crashes on my friend's machine when you exit Unreal Tournament.

Complain to the people who make Unreal then. They need to release a patch so the game works with Win2k. What the fuck do you want MS to do? Write it for them?

Re:There's still a difference

[mochaone]

What the fuck do you want MS to do?

How about coming through on their promises to build a robust, stable operating system that won't crash because of errant applications. Oh, my bad...they can't.

Re:There's still a difference

(RANT) Thank you, Microsoft! It is so nice to hear your voice in our forum! Seriously though, the situation as described can be abstracted to this: OS X crashes when you exit App Y. This can be caused by ONE thing and ONE thing only - a flaw in the OS. Do you REALLY think that the writers of App Y had in their design documents "Be sure to crash the OS when exiting"? Or is it more likely that some undocumented feature (AKA a BUG) in the OS is the cause of the crash? The short answer is that an app should NEVER cause the OS to crash. The APP can crash all day long if the writers want it to...but the underlying OS should be rock solid. If the OS EVER crashes, it is the fault of the OS vendor (assuming no hardware faults). And yes, I want Microsoft to find the bug in the OS that causes it to crash, and I want them to write the patch to fix it. I don't want MS to add statements to their documentation saying "Don't make API call Z with parameters A, B, and C or the OS will crash." That's just bug documentation. It is STUPID for MS to assume that every developer out there has read every document MS has ever produced regarding their OS. (/RANT)

Re:There's still a difference

Write a system that can be upgraded w/o breaking backward compatibility with applications?

Re:There's still a difference

I've had games crash Linux too so I'm not really sure what your point is. If you're running Unreal on your server then clearly you don't care very much about performence.

Re:There's still a difference

Hmm... That's odd... I used Word 5.5 today on Win2k RC2.

Re:There's still a difference

[MrHat]

There's also a number of security flaws that are neglected by Microsoft and are rolled into service packs, fixed in the interim only by manual and downright abysmal workarounds. (Like "uninstall it".) A couple examples:

MS99-043: "Javascript Redirect" Vulnerability
"Microsoft recommends that customers add sites that they trust to the Trusted Zone, and disable Active Scripting in the Internet Zone."

MS99-025: IIS RDS Vulnerability
"If you don't intentionally use the implicit remoting functionality in the DataFactory object, you should disable it. Please note that you can still use RDS to invoke Business Objects on the server, but an administrator must explicitly enable access to these object by inserting keys for them in the registry."

Even important patches are declared by Microsoft to be "not fully regression tested" and not warranted along with the core Windows 98/NT binaries.

On top of this, NT security administrators must wait for a single company to release a single binary-only patch at their whim. Security administrators cannot analyze or audit the code, and this shows, as Microsoft has made a habit of releasing patches to their previously released patches. Remember NT Service Pack 2?

My $0.02...

Re:Please clarify-here is the clarification

[Gangr33n]

BO and the 2k is a series of abilities already present in windows software. -just made so ANYONE can use it. Not just microsnot. The point is that Microsnot puts it in the system in the first place, and nobody knows or cares. BTW, Ive known and hung with these guys in the past, they are right. Dont read the fine print, look at the big picture of what they are trying to tell everyone, and act on it.

Something cool

[Ermit]

I'll be honest, I enjoyed this Q&A session. I like the cDc boys - Can't say I've ever had more fun than sitting in front of my computer on the school's network (back in HS) and ticking everyone off - I especially love opening/closing the cd-rom multiple times. Even better, say you have a game of quake2 going and there are no more spaces for you. In comes bo to save the day!

Anyway, I applaud cDc for doing something creative with their time and being open enough to share it with /.

lsof?

[LordStrange]

Can someone more clueful than I please define/describe lsof?

Re:lsof?

[Ledge+Kindred]

lsof - 'LS' Open Files. Shows you what files are opened by what processes on a UNIX box. Great for finding out why you can't unmount that partition because some zombie still has a file handle, who's trying to read /etc/passwd, why the hell you can't open /etc/passwd in (rw) mode because someone else has it locked, etc, etc...

Find here: ftp://vic.cc.purdue.edu/pub/tools/unix /lsof/

-=-=-=-=-

Re:lsof?

[razzmataz]

lsof - LiSt Open File Handles....
sort of an ls that gives you a listing of open filehandles, instead of a directory/file listing...

Re:Please clarify-here is the clarification

[konstant]

BO and the 2k is a series of abilities already present in windows software. -just made so ANYONE can use it. Not just microsnot. The point is that Microsnot puts it in the system in the first place, and nobody knows or cares. BTW, Ive known and hung with these guys in the past, they are right. Dont read the fine print, look at the big picture of what they are trying to tell everyone, and act on it.

Since you've hung out with them, maybe you have an insight I dont. However, Microsoft does release software tools that administer Windows remotely, under the name Microsoft SMS (System Management Server). Their website is:

http://www.microsoft.com/smsmg mt/default.asp?RLD=263

I do not believe you are stating a fact.
-konstant

Judge the contents, not the image

[Enoch+Root]

Sig, you're being uptight about this. How does saying that their focus is not programming imply that they're script kiddies?

As far as I know, the cDc members are great programmers. BO2K is clever code. No script kiddie could come up with this. However, script kiddies use it aplenty (see their comments.)

Additionally, I don't think that having conflicting views goes against a group's unity. If anything, they seem to work well with diverse opinions. Isn't that exactly what the Open Source movement is, as a whole? You can't get two coders to agree on anything out there (e.g. KDE vs. Gnome, BSD vs. Linux), yet we still seem to work as a cohesive whole when the movement comes under fire.

Finally, I think anyone judging a product by the images or words it includes - as a deliberate slam, no less - deserves to miss the point. They claimed BO2K was a statement from the beginning, and it actually makes sense. Did you notice how much Microsoft security is coming under fire lately? I'm starting to get pro-Linux jokes from non-hacker friends in the mail. I don't think they've ever seen a Linux login prompt, much less know what ls does. But still, they're being critical of commercial products because of the sheer amount of macro-viruses and other crap that's been out.

I take the cDc guys seriously for one big reason: BO2K. They proved a point, however juvenile you think they are.

"There is no surer way to ruin a good discussion than to contaminate it with the facts."

Re:Judge the contents, not the image

[Signal+11]

Sig, you're being uptight about this. How does saying that their focus is not programming imply that they're script kiddies?

I want to know what their focus is if it isn't programming. So far the only answer that I've seen is "we do whatever the fsck we want, and worry about the explanation later". That's the message I get. Go to a site like securityfocus.com - then look at cDc's site. Both of them are in the same "business" - computer security. Yet one gets the addition and respect of a corporation, and the other is rejected as a bunch of ranting teenagers. Gee, how could this be? I don't think they're script kiddies - they have a solid understanding of how things work.. but there isn't a term to describe somebody that's between a programmer and where they are.

And why does it take the release of a product that can covertly spy on a system everybody already knows is inherently insecure to make you take them seriously? I appreciate them giving MS a kick in the ass.. but I'm not going to take them seriously for doing that alone.

Any idiot can get up on a soapbox and say he's bucking the system.. but it takes alot of dedication, research, and friendly professional-like conduct to get you taken seriously by the mainstream. cDc doesn't want to play the Mainstream Game.. so in an ironic twist - my parting words are: fuck 'em. Come back when you're willing to walk the walk and talk the talk.

--

Re:Judge the contents, not the image

[Enoch+Root]

I want to know what their focus is if it isn't programming. [...]

I don't think they're quite clear on this, either. The impression I get from cDc is that they're people who like to play with cool toys, and in that sense they're hackers in the oldest sense of the word.

Is the focus of a hacker programming? Well, I don't think it is. I don't program for programming's sake, because then I'd be doing tons of totally useless stuff just because they're cool things to do. (Wait, I do tend to do this... Nevermind.) A hacker uses programming to enrich his understanding of computing, including security. What they say is that a program is a mean to an end, and not an end in itself. I can live with that fact.

So, I guess the word to describe what they are is, quite simply, 'hacker'.

And why does it take the release of a product that can covertly spy on a system everybody already knows is inherently insecure to make you take them seriously?

Hmm? Everybody? Would that be every hacker, or every single computer user? People still think Hotmail is secure because it asks you for a password. They figure Win95 is secure because you can put a power-on password.

What they've done is take an abstract concept, Windows is insecure, and proved it with a concrete example that made the world panic. What is more effective? Pointing out a security hole or exploiting it? Companies scoff when you point out they have open ports. But when a stupid script kiddie comes in and defaces their websites, they all go in a panic and upgrade their security.

The cDc, though clever code, forced the corporate world to acknowledge Win95's security was non-existent. It takes good programming skills, and it takes guts. Two qualities I can admire in a hacker.

Any idiot can get up on a soapbox and say he's bucking the system.. but it takes alot of dedication, research, and friendly professional-like conduct to get you taken seriously by the mainstream.

They're taking the easiest path, but they're shaking up the computing world fastest than you could in years of dedication and putting on a suit and tie every morning. In a world of images and reputation, you can either, as you say, walk the walk, or decide to just run into everybody.

I wouldn't do the things the cDc does, but perhaps for that they deserve my respect.

"There is no surer way to ruin a good discussion than to contaminate it with the facts."

Re:Judge the contents, not the image

[aphrael]

> cDc doesn't want to play the Mainstream Game.. so in an ironic twist - my parting words are: fuck 'em. Come back when you're willing to walk the walk and talk the talk.

> I don't think they're script kiddies - they have a solid understanding of how things work

so which talk, and which walk, are you talking about? They understand the tech side of things, so that's clearly not it ...

I have a great deal of respect for anyone who can enjoy life, do what they want, and get by without playing the mainstream game. And I see very little reason why tech people, in particular, should give in to the mainstream game if they don't want to.

I'm not into the things CDC is into; i'm one of those evil developers for whom security is a buzzword for nap time. But I think it's incredibly cool that they can stay who they want to be, do stuff that they love, and not be forced into a grey suit and a tie.

Re:Judge the contents, not the image

[Mr.+Slippery]

Go to a site like securityfocus.com - then look at cDc's site. Both of them are in the same "business" - computer security.

I think the point was that the cDc's "business" isn't computer security. It's cDc'ing, which is defined as "whatever the fsck the cDc feels like doing." /\/\00.

Re:Judge the contents, not the image

[JJC]

I appreciate them giving MS a kick in the ass.. but I'm not going to take them seriously for doing that alone.

The thing is, nobody's asking you to take them seriously.

Re:Judge the contents, not the image

[Signal+11]

I have a great deal of respect for anyone who can enjoy life, do what they want, and get by without playing the mainstream game. And I see very little reason why tech people, in particular, should give in to the mainstream game if they don't want to.

I pride myself on being unconventional as well. But I don't portray, or try to portray, myself as a mainstream person. cDc seems to want to be taken seriously, yet they are unwilling to invest the necessary effort to do so. For this they will get no sympathy for me. Now, if they boldly came out and said "we're unconventional - the conventional way of doing things is fundamentally flawed and we're not going to use that methodology" I'd be more supportive. But they're asking mainstream media to accept them - something that is 180 opposite of the methodology they're using. Specifically if you wanna attract the suits, you gotta put a suit on. This is how it works out there. In our community, you're judged on how well you code/hack/do neat stuff with your machine. I cannot, and will not, say that this is a better system than what the mainstream uses... they all have their tradeoffs.

Getting out into the Big Blue Room was alot like getting tossed into freezing cold water for me. It shattered alot of conceptions I had about how the world worked. One of them is that people in general are not judged on the basis of their contributions, but rather on deference to a higher authority. Suprise suprise... that's 180 opposite of this culture - where you are judged on the basis of your work, with (a kind of) "authority" being gained solely on that.

--

Re:Judge the contents, not the image

[bluegsr]

So do we need a BO2K IPO to prove they're serious? That's how everyone in the "real world" does it, isn't it?

Re:Judge the contents, not the image

[Signal+11]

I get the impression you're being satirical, but yes.. that would help. But since BO2K is GPL'd they'd basically only be selling support / documentation. I'm certain that if they did this the B02K helpline would have some very interesting stories to tell. :^) I might have to go work there if they ever incorporated. Hehehe.

Anyway, more to the point - RealWorld(tm) generally doesn't take things seriously until they're printed on paper with some nice bar graphs and/or pictures and made into a "press release" by an official company.

--

Re:Judge the contents, not the image

"I don't think they're script kiddies - they have a solid understanding of how things work.. but there isn't a term to describe somebody that's between a programmer and where they are."

So you haven't got a label for them, how terrible, I'm sure they'll be mortified.

Good job you had a solution handy - call them script kiddies, insults solve everything.

Re:Please clarify-here is the clarification

[Gangr33n]

Whether you believe it or not is irrelivant. The SMS is the same type of thing, but with a name and price. If you've ever back-engineered the operating systems, you would know what is there. -Not only that, but you probably would hold a different opinion of those guys at MS.

cDc vs. Slashdot (A lesson learned)

[Enoch+Root]

Well, that was a very nice interview. I've read on the cDc before, but this was the first time we could perceive directly their opinion of Slashdot and the people on it, and how we as a group fit in the whole of the hacker community out there.

For once, we seem to be the self-conscious hackers, the ones who want a proper media image and good public relations, and wish our movement would receive more public recognition. This is exemplified in the hacker/cracker debate that will rage on on Slashdot for years to come, I think.

The cDc are techno-anarchists with a slant for educating the masses despite themselves. I believe them when they say they release Trojans in order to raise awareness. I also believe it's working, to a degree, and that the sacrifice to pay for that is that the hacker image as a whole suffers.

I get the feeling our positions are at odds with one another. We both dwell in the "digital underground" (sounded like a buzzword to me, but hey, the cDc guys used it). We both want to "educate" the masses and show them that consumerism is not the best technological solution.

However, the cDc does so at the cost of their image, and we do it at the cost of efficiency. However, I think that the hacker world needs both kinds: inflamatory anarchists who take nothing seriously, and ethical workers who communicate with the world.

They're right on one thing, though: a cracker is something you eat with cheese on top.

"There is no surer way to ruin a good discussion than to contaminate it with the facts."

Re:cDc vs. Slashdot (A lesson learned)

[whocares]

Can you explain how slashdot is in the computer underground? I for one don't see it. In my mind, for something to be part of an 'underground' it is generally one or more of the following:

- A self-funded grassroots type of thing
- At least semi-obscure
- Self-glorifying, but only in its own ranks
- Happy with being underground

Slashdot seems to me to be a 'webzine' that wants to make it big, be recognized by major media, and IPO. Well, I guess they're a third of the way there!

And yes, it comes down to image, which Slashdot is more concerned about than content. Gee, if everyone is so concerned about cDc not putting out more tools, howcome Rob won't even release his changes to the Slash engine to people who want to use it?

Open sores indeed.

The reason that slashdot and cDc might be at odds is that cDc do what they do because they love it, without expectation of reward. Slashdot people do what they do because they think somehow they're going to get their name on the front page, and people will think they're cool, someone will see their code and give them a job, or they'll get a piece of the next redhat-type IPO.

Re:Completely unlike Linux (OpenBSD)

[Null_Packet]

I didn't see them say Linux was the end-all be-all for everyone; they stated several times that they were aware that this is a primarily Linux crowd. Go look at FTP installs of OpenBSD and then get back to us.

very insightful

[akmed]

Reading these guys' statements, I couldn't help but think of something I read last winter, Hugo's Les Miserables. They fit so well with the group of revolutionaries from that, with the varying viewpoints and personalities all united in a weird way towards a common purpose of changing the world to a better place. I just hope the cDc fares better than Hugo's revolutionaries did.

That said, this was definitely a good interview. Lots of interesting stuff from a well known yet secretive group. Those of us who've come a bit late to the world of hacking can do very well to learn from the various different ideals of all the different communities out there. Thanks.
-Mike

Re:very insightful

[Last+Warrior]

And the meek shall inherit the earth.

Re:very insightful

"a well known yet secretive group"??? They may be well know, but that is primarily because they are anything but secretive. They are grade A media whores (and freely admit it). The only secrecy involved is enough to give them the "hacker mistique" that draws journalists like shit does to flies.

The flop that is NT

[Dissenter]

After Lopht released it's notorious Lopht Crack program, I had hoped to see better things coming out of Redmond this time. Having talked with Muhamed Kadeeb, a Senior Developer on the Windows 2000 project, I think I have come to the conclusion that they can delay Win 2K as long as they want, and it still won't mean a damn. The basic security structure of Windows NT BEGS to be hacked and with these MCSE wielding "sysadmins" that think that having a piece of paper means something, just clicking the 'Next' button on an Install Shield script without thinking about what's going on, installing all sorts of shit on their servers, programs like BO will always find a home.

Also, I think that a serious look should be taken from a different perspective in the OS war. Lets think about the people that are admins on an NT run network vs. people that are admins on Linux run networks. Now I don't think I'm being to stereotypical here when I say that Linux admins are going to be FAR more likely to actually go through the steps necessary to secure that box than an NT admin. We are talking about the difference between a hacker (in the code hacker sense) versus an MCSE peon. Both systems need work to secure. Granted Linux systems are going to be secured tighter thanks to a host of reasons that I won't go into here, but there's always work to be done to get a network running well.

It's not always about the program. Remember there's always a person behind that computer and a lot of this depends more on them than the program.

Dissenter

Re:The flop that is NT

Ok first of all I will admit I have an MCSE cert but I have to agree with the above post. MCSE certifies you to set up an NT based network but it doesn't teach you how to secure it and learn the OS intimately. I did the course in 7 months and I swear I didn't break a sweat. Only reason I took it was to broaden my horizon. I have doing Linux for almost two years and Solaris for almost 3.
i think the biggest problem (and I am sure everyone agrees) is that MS makes everything too easy so you don't need to learn how the OS works. Look at setting up a DNS server on NT versus Linux. Linux isn't much harder but I think you get my point.

This ease of use doesn't let the Administrator get his/her hands dirty by delving into the workings of the OS behind the scenes.

cDc answers

[tolldog]

After reading some of the cDc answers, I am supprised that they were posted. I know that we were warned, but I see the intellgence and wit of a A.C. post.
Had this been posted at any other time, it would have been moderated so far down that nobody would have been anoyed by the answers. I am not looking for censorship or even decency, just that slashdot stay consistent.

Re:cDc answers

[Gangr33n]

Logic would dictate that if this were a consistent censorship area, like you would like, then you would miss information. If truth needs a place to be unleashed among fantasy or lack of understanding of the truth, then consistency is irrelevant. What matters is truth, no matter what form. (or if it gets a 1 on moderation) :)

Re:cDc answers

[tolldog]

I agree with your statement, when truth is censored, truth is lost. In this case, though, it isn't the truth that bothers me, it is the rest of the responses. If I walked up to you and told you what I heard somebody say about your mother, you would have wished that it had never been said, regarldess of stating a simple fact, this is what I heard.
Censorship is a dangerous issue. Facts should not be censored. Peoples comments, maybe, depending on the relevance of what they say. Just because there is a nugget of truth in somebodies answer does not make it a proper statement to make.
My problem is less with slashdot as it is with the cDc. I hope that they are more intelligent than what some of there comments leads one to beleive.

Re:cDc answers

[Gangr33n]

I can understand your perspective, however when a point is made with passion, several things occur. Either hands flail, or volume increases, or different words are used to express the passion behined the statement. I know these guys, and they have matched their vocabulary to fit the image and audience. The intellegent ones look at the facts. The adrenaline seekers see the passion. The chosen blind see nothing.

Re:cDc answers

[Foogle]

Absolute;y. They posted my question (which I made polite despite myself) and answered it in the most pretentious way. Who do these guys think they are? Revolutionaries my ass - there's nothing creative about what they do. the CDC is just a bunch of programmers who have a chip on their shoulder and think that they somehow have the right to crack. And before anyone jumps on me for saying that, I don't care if they say that they built BO[2K] to cure cancer: they're full of shit.

BO[2K] are not administrative tools. Keep telling yourself that if you want, but they were built as cracker-toys. They're made to hide themselves so that "31337 |-|4x0Rs" could trick people into running them and then fuck with their those people's systems. The whole idea disgusts me.

Windows has some shortcomings (heh) but there's no security hole that BO exploits. The fact is, Windows is a single-user OS. It's not built to have permissions and security like a UNIX machine does. So to hear these crackers saying that they're just bringing to light what MS is trying to hide is ridiculous. The average users doesn't want to deal with logging in and whether or not they have permissions for a file. It's a trade-off that most people are willing to make for the sake of simplicity.

Oh forget this: The CDC can all go fuck themselves. They make me sick.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:cDc answers

Windows has some shortcomings (heh) but there's no security hole that BO exploits. The fact is, Windows is a single-user OS. It's not built to have permissions and security like a UNIX machine does. So to hear these crackers saying that they're just bringing to light what MS is trying to hide is ridiculous.

And if Microsoft decided to start positioning Windows as an "Enterprise-class network operating system" and trying to claim that security was a top focus of the basic OS design? Oh wait....

Re:cDc answers

[Foogle]

That's such bull and you know it - Yes, MS does position Windows as an "Enterprise-class network operating system", but not Win98. How far would BO[2K] get on an NT workstation that was decently administered? About as far as they'd get on Linux, or any other OS with permissions. I'm no fan of MS, but I'm less of a fan of CDC, because at least MS isn't passing out cracker tools (And just stop there, because I don't really care if you think that any of MS's products are cracker tools unless you're serious, which you couldn't be).

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:cDc answers

1: How many NT networks are "Properly adminisrtated?" 2: You are an idiot. Learn about the products you support/don't support before you shoot off yer mouth.

Re:cDc answers

[jagger]

I believe it was be franklin who said "anyone who trade essential liberty of temporary security deserves and will recieve niether" (paraphased)

Also it seems to follow that thoses who would trade essential privacy and security for convience is setting themselves up for a fall.

It is easier to not lock the doors on my car and just have push button ignition instead of using keys. Keys are a pain in the butt I might lose them lock them inside the car, etc... It would be easier for me to just do away with keys, security is such a hassle.

Re:cDc answers

[Foogle]

Yeah, I'm an idiot just because I don't hate Windows. It doesn't matter if a lot of NT networks are improperly adminstrated. You could just as easily mis-misadministrate a Linux network, and it would be just as insecure as a badly administrated NT network. But yeah, I must be an idiot.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:cDc answers

[Foogle]

Be that as it may, it's not your place (and certainly not the CDC's place) to determine what liberties/securities I will or will not use.

You're right - it is easier to not lock the doors on your car. You'd be a fool not to use key-based security on your car. I think anyone who uses a non-secure OS is being equally foolish. That said, it's definitely not my choice to make for someone else. Moreover, if you decided to use a push-button ignition, I would not take that as a green-light to break into your car. Doing so would be just as illegal as if you'd put an electric fence around it. Whether or not it's easy has nothing to do with it.

-----------

"You can't shake the Devil's hand and say you're only kidding."

cDc: Cute kids.

[innerFire]

'There is a difference between mere cleverness and true insight.'

-- Jaco Pastorius, musician

Re:cDc: Cute kids.

[Tweety+Fish]

Damn, taken down a notch by Jaco Pastorius!

"There is a difference between a funky bassline and pretentious musical wanking"

-- Tweety Fish, Cute Kid

Re:cDc: Cute kids.

There is a difference between this and that other thing...I knew what they were an hour ago, but my medication has kicked in. Hoooop! Hoooop!

Evolutionarily stable systems

[technos]

I normally don't expect references to Richard Dawkins out of a hack group.. However, I believe that EVERYONE should sit down with a copy of 'The Blind Watchmaker' once. I've forced it onto most of my friends over the years, and have yet to hear a complaint. Insightful and about as gripping as any book on the sciences can be. Full of well-honed arguments and real-world cases to illustrate them. You'll want to read 'The Selfish Gene', too. They're both in paperback and still in print, so snag a copy off Barnes & Noble.
(I advocate the boycott of Amazon.com, and will until they stop all this obvious patent sillyness)

Re: win98 Second Edition free?

[dragonfly_blue]

It is absolutely NOT free. They are asking $19.95 for it plus shipping.

https://order4.microsoft.upgrade.com/scripts/sta rtwin98se1.asp?

Oxford explains it

There's a couple of very good points they make:

(DilDog)
Windows95 / 98 - Shit happens
Commercial Unix - Shit happens over RPC.
Linux - When shit happens, you fix it.
FreeBSD - Shit would happen, but there's no driver for it yet.
NT - Shit wouldn't happen if you'd just spend a few months performing 300+ modifications to our default installation, you lazy sysadmin. Get your MCSE.
Windows 2000 (NT5) - Shit happens over DCOM.

I have never seen a more accurate description of these OSses.

Also, and that goes out to all you ignorant monkeys out there, they correctly identify the characteristics of a 'cracker', which is NOT intruding into other sites, that would be script kiddies, but BREAKING SOFTWARE PROTECTIONS!!!
If you think I'm wrong, I think you didn't have a computer back in the 80's. Dork!

Last, cDc always has been stirring up shit and I
applaud to them for doing so. Pissing on people who wear suits and don't like being pissed on is cool.

Re:Oxford explains it

[Gangr33n]

thank you, i agree. -goin' all the way back to 52k ram in 1982.

Re:Oxford explains it

thank you, i agree. -goin' all the way back to 52k ram in 1982.

I agree as well -goin' all the way back to 5K (3583 bytes usable :o) in 1981 (Vic-20! :o)

Boy, those were the days..

Re:Oxford explains it

[Gangr33n]

What was the hand-held model? Had a freind with one of those. We wrote weak random number generators, and stuff for it. (thats all it would do!) worked great for D&D though.....

Re:Oxford explains it

[Dr.+Evil]

Timex Sinclair 1000, 1k of ram. Spooky.

I didn't believe that useful BASIC programs could be written in such an environment until I worked with it myself. It used some kind of grammatical rules to save memory. BASIC commands were displayed as text, but consisted of single keystroke/characters.

I just had to mention it, it was such a fun thing to play with. A computer which would run out of memory if you typed too much :-)

Re:Oxford explains it

[Gangr33n]

Yup, that's the beast. Kind of makes me wonder if MS wrote the the OS.

Re:Oxford explains it

What was the hand-held model? Had a freind with one of those. We wrote weak random number generators, and stuff for it. (thats all it would do!) worked great for D&D though.....

Not exactly hand-held... all-in-one keyboard/CPU (find a picture of a first-generation C64, which looked the same except for color.)

It had built-in BASIC ROM (8K) and a RAM expansion slot for (up to) 32K expansion (I was SOOOOO happy when I got my 8K expander - I had so much RAM I didn't know what to do with it all) text mode was 22x23, with "high-res" graphics resolution of 176x184 (if you had RAM expansion)

The first productive program I wrote for it was an assembler (so that I didn't have to type in PEEK/POKE statments in BASIC :o)

Ahh.. another fine trip down memory lane...

Re:Oxford explains it

> BASIC commands were displayed as text, but consisted of single keystroke/characters.

It's called tokenization. Lots of BASICs do it.

Re:cDc in a Nutshell

[Obscure+Images]

Small vocabularies? Are there any special words you would like to see in play? Let us know, we'll try to work them in somewhere.

We're all grown up, and what we do DOES have a higher purpose, but as far as masturbation goes, I'm analogue. Then again I suppose it could be digital, since I'm using digits. Think about that.

I may have a small vocabulary, but I can spell masturbation.

Amazon.com is not evil

[Hard_Code]

Barnes and Nobles, after their recent purchase, is now BOTH the largest retailer AND the largest publisher in the US (I believe). They put many small book shops and publishers out of business every day. I don't feel sorry for them. On the other hand, Amazon.com is a CUSTOMER of these small bookshops. Order a book in Great Britain and it comes from the tiny bookshop down the street. That's money that goes into small businesses pockets. That's more choice, and a much more open system. Sure the Amazon "patent" might be silly, but I'm not going to cry for Barnes and Nobles.

Re:Amazon.com is not evil

[technos]

At some point you have to pick the lesser of the evils. In this case, only a HUGE book merchant is likely to stock such an obscure book, and of the two largest online merchants one has been engaging in shady patent shenanigans this week.

Re:Amazon.com is not evil

[ambiguous+reference]

I'm not sure how much pleasure I'll get from B&N's virtue in the realm of software patents when they control the entire publishing world.

My take on it....

[Eg0r]

Not that I'm so sober or anything, right now...
But it seems to me that cDc must've missed something about /.

• Random people ask random question, but this being a slashdot forum, the questions get a bias towards linux/un*x, to start with.
• Some people then moderate the questions with a bigger bias towards linux/un*x.
• cDc then answers the moderated questions...

Where's the flaw? O.K. cDc may not have time to sample their own questions, being busy hacking/cracking/whatever... So my question is, redaing the questions that were answered, why haven't you sampled your own batch of questions?

Was your intent pleasing the l*nux community? I don't think so reading your answers,,,, and it didn't look either like 'Your questions are so futile I laugh at them'

I don't get it, but then again, I don't get muych when I'm pissed either... (pissed is british english for drunk...)

Cheers,

---

Re:My take on it....

[Tweety+Fish]

We had kinda planned to do this, but just didn't have time.

It was hard enough calling everybody back from top secrets missions, the casinos, the nuclear submarine and whatnot to get 'em to answer these questions.

-tf

Its all a joke except when its not

[fornix]

As Spinal Tap was to the music industry....

Re:"Productive" is in the eye of the beholder...$$

Read that as they haven't gotten rich yet. I can see their point..really. Just about anyone that's been involved in the industry one way or another since '84's made a mint. It's like watching your idiot cousin hit the jackpot.

It's the American Way..

monospace

[patSPLAT]

ahh the pleasures of courier...

while yer at it mr taco, couldn't you set the bgcolor to "#000000" and the text to "#00ff00"?

Seriously though, you can't underestimate the creativity it takes to look at a cga monitor and imagine world domination. (domination=hercules graphics adapter, baby!).

Re:monospace

[Antony+T+Curtis]

CGA was great....

I used to have a great laugh reprogramming the CRTC, creating my own 80x40 text mode on a CGA monitor for some program...

A question in case they are still hanging around:

[grappler]

I still don't know much about cDc itself. Are your identities secret? Do lots of people know who you are or do you lead two lives or something like that?

Has the cult grown much over time, or is it a group of core members that have been around since the begining?

Do you see each other often, or at all? Or do you just communicate over the net using aliases?

Are you guys geographically separated, or do you all live in one area? Where do you guys live? Is the cDc in the US?

--
grappler

Re:cDc in a Nutshell

[TheCodeMaster]

it's spelled masturbation. you fuckhead.

Does Linux have lsof?

I can't find it.

Re:Does Linux have lsof?

Not if you haven't installed it.
On SuSE, the package is called `lsof' (duh).
I have no idea whether it's installed by default or not on this distro, because I'm paradnoid and I just install all the sec-related stuff.

Re:Does Linux have lsof?

/usr/sbin/lsof

Re:Does Linux have lsof?

/usr/bin/lsof on SuSE

206.184.214.35 we have a problem..

Re:Speaking of small vocabularies

Perhaps you should look into your own spelling. I'll agree that perhaps some of their rationalization is bullshit, but some of the rest is dead on. I especially liked their responses to the whole cracker/hacker debate.

Re:cDc in a Nutshell

[Gangr33n]

Oh! M-a-s-t-.....I get it! You spell it A-P-P-L-E!, dont you? :)

No we're not.

I reiterate.

The Sun...

[Chris+Andreasen]

And if that weren't enough, at some point our own Sun will supernova, and when this occurs, human life on earth will be destroyed.
Actually, long before the Sun goes Nova, it will swell up into a Red Giant, and when that happens its size will be so large that it will swallow up Mercury, Venus, Earth and possibly Mars as well. So the Earth will be destroyed by the Sun long before it explodes.
-Chris Andreasen

Re:The Sun...

actually, our sun does not have the mass to supernova.... not sure about the red-giant stage.... i don't think it would red-giant, either

Re:The Sun...

I'm pretty sure it will turn into a red giant - haven't heard anything before about a supernova. The question is, will it swallow Earth or merely get big enough to boil off the seas and cook every last living thing on the planet, cockroaches included?

Re:The Sun...

[thopkins]

It will turn into a red-giant and then a white dwarf. Eventually a neutron star maybe. Sun doesn't have enough mass to be a black hole.

Re: win98 Second Edition free?

You can get Windows 98 SP1 for free which is the exact same thing Windows 98 SE is minus ICS.

Old School Vs. Modern Era

[DLG]

The thing that was clearest in this Q&A session was the overwhelming difference between the 80's hacker and the 90's netgeek. The days when hacking meant figuring out how shit works, and when the morality of it was based on information must be free without any real other goals or intents was never as clear as it seems. There were always kids who attacked other sites for no good reason but a desire to show their stuff, wave their dick, be assholes without being caught. The same vandals who would egg a passing bus might take down a bbs using 99e99 or p1tt...

Hell, the notion that there were switches between me and the longdistance call was cool. The fact that you knew that somewhere there was a computer keeping track of billing was cool. The fact that you knew that it wasn't just magic was a big reason why hackers did what they did. To show that all the things that we take for granted are really exciting if you look at them, and the tricks you can do once you do that are amusing too!

Still I can't forget red blue rainbow black white lemonscented boxes that were supposed to do any number of things if you just followed these instructions and had a soldering iron. Script kiddies of the past.

What amuses me most in seeing this dialog is the sense that there is a productivity to programming something for someone else, that doesn't exist in the explaining the basis of such programs. cDc always was about the how it works and not how to do it. It was about giving you the manual, not selling you the source. OpenSource software is built on OpenSource knowledge of underlying systems. If we don't have the information we don't have the programs. To require a hacker to program for someone else is nonsense. The way you become a hacker is by having other hackers see you can do it yourself. Then they say, "He is a hacker" and you are. If you think you can become a hacker by doing it someone elses way, then you are silly. Original thought, exploration, lack of interest in authority, and a little bit of a desire to show off to people who might actually understand what you are talking about is what fueled the 'hacker' of the 80's.

The geek of the 90's is a different animal, with pratical usage of opensource being a commercial reality, productivity being a primary force behind contribution to a movement, love for knowledge being a real secondary. How many of the people on this channel have actually read their source code cause they wanted to know how it was done? As much as most of ya'll want to feel good because you know how to code, you don't NEED to code most of the time because someone else has done it, or done something close to it before. Hell the art of Unix is to take 5 programs that other people wrote and pipe your data through em without writing a bit of code.

Getting on cDc for being script kiddies is a joke. I am not even sure why we call them script kiddies. Using canned software is as old as the day. Yeah when I got my first modem I had to patch the thing through my game controler port to get dial tone detection, and wrote my first comm program in basic and assembler. When AE came into my hands, I never went back. Fact is that cDc may write tools that people who couldn't normally write, might find useful. Maybe cDc drops a few trojans into the mix... Maybe Microsoft gets burned on the ass because their marketers have whipped their techs in the internal battles so that nothing works right, but atleast it has the 'features'. cDc does what it does and doesn't apologize. The question of why they don't do more is very very well returned. Why don't you!

DLG

Re:Old School Vs. Modern Era

[Gangr33n]

I totally agree. If the world had more '80 style guys, the world might have a better chance. Personal opinion- if there weren't any, this world wouldn have a chance at all. Notice the same spirit in biographies of Winston Churchill, Abraham Lincoln, General Robert E. Lee, our Founding fathers, ect. People need a backbone.

Wait until you try this

[Wah]

You wouldn't have to train anyone to use a word processor if the word processor could be abstracted to the (virtual) user picking up a pen and paper and starting to write

I was reading an article the other day about this new PC-type machine that you didn't need a printer for, it seemed to print characters RIGHT THERE ON THE PAGE. When technology defeats it own purpose, a giant step to the same place has been made.
:0-)

Re:Wait until you try this

[Rev.ViRTUE]

It's called a typewriter.

It's a brand new concept, and some of the more inventive models don't even need any electricity!
Be one of the first to usher in the new age of type-writing.

Only $2,499 (special limited offer!).

Buy Buy Buy!
Deary deary me.

--Nick

Packages not bad, ignorance is

[FreeUser]

Though I disagree with your conclusions, you do make a valid point. The more "accessible" Linux becomes, through easy install, package management, newbie-friendly GUIs, and so forth, the less knowledgable ("brain damaged" to use your colorful expression) the average Linux user will be. This does bring with it a whole host of potential issues on how to preserve and improve Linux's good reputation WRT security. OpenBSD has IMHO found the correct approach, by being proactive about security issues. There is no reason this is incompatable with a system of managed .rpm or .deb packages, but it does require improvements to the underlying default configurations which have not been made yet.

We can fix it ourselves. The beauty of it is, when a security flaw is found, someone does fix it, and the fix propogates as tarballs, .rpms, and .debs for all their various distributions. We all benefit from a level of responsiveness and security which Microsoft will be lucky to achieve sometime late in the next millenium. By adopting the improvements of other products, like OpenBSD, we can keep them green with envy until the universe goes cold, implodes, or whatever ...

How's that?

[Foogle]

How can you say that? What "serious flaw" does BO[2K] point out? It's doesn't - it's a legitimate administration tool. Yeah, right. All BO[2K] does is give a free tool to cracker kiddies that allows them to control someone else's machine once they've tricked them into installing it. And what's more, I hate the argument that software such as pcAnywhere and Carbon Copy already exists. Yeah, it does, but it doesn't hide itself from it's user, does it?

BackOrifice is a clever program, but it's not creative -- it's destructive. And the people who wrote it, distribute it, and proclaim long and loud what a great "administration tool" it is should be treated like the scheming anarchists they are. They shouldn't be called revolutionaries or treated like heroes. It doesn't help the situation at all.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:How's that?

[xenotrope]

I never mentioned BO or BO2K. In fact, I didn't say anything about whether or not they're "legitimate adminstration tool" programmers or "anarchists" or "revolutionaries." I said they point out flaws in products.

You very clearly state that software such as PCAnywhere and Carbon Copy exist for the exact same purposes that BO2K does. BO2K, though, has been designed to be rendered transparent.

The Windows memory environment clearly allows a remote admin tool like this to stay resident with no clear footprint. Is this the fault of the cDc? Or is it the fault of the Windows programmers who've decided to leave just such a security violation in every operating system they've released in the past five years?

To restate my point: the cDc points out serious flaws in seriously flawed software. They wouldn't find these exploits if they didn't exist. They seem to be very fond of OpenBSD, which, you'll notice, is not supported by BO2K.


---

Why don't I ever use PREVIEW??

[Foogle]

Oops :(

-----------

"You can't shake the Devil's hand and say you're only kidding."

Toaster Lore

[Templar]

Kiki Stockhammer was a lot better than Wesley Crusher.

Re:WANKS

[Gangr33n]

SOME of us have that 4 years, and beyond. It shows how ignorant you are for cutting off information that may or may not be accurate before it is even reviewed. People like you spread your ignorance because negativity is contagious. -and you give education a bad name.

cdc interview

[Danbo]

I will be honest, I rarely post, for I am not an Uber-Geek. But I am a damn good deconstructionist, and I think this interview was a total hack. I have never seen anyone jerk-off the /. community so well; but if anyone could and would do it, cdc would. They said nothing at all; it was an amusing game. But they said it well. I say you replace the story icon with the MP's Flying Circus foot, b/c they (especially G Ratte and Tweety B) have really abused our attention with the utmost wit. I commend them.

If jack helped you off your horse, would you help Jack off his horse?

Re:WANKS

[Obscure+Images]

With all of the wanking going on, I am pretty sure you don't have time for a job with a 6 figure salary. Your college education really shows. Your well thought-out and spelled message is simple proof that your 4 years in college were a waste of money. Oh yeah, wank wank wank wank wank. Whew, wanking is work... maybe I could get paid 6 figures for this!

Huh?

[richnut]

You really don't get it, do you?

Under windows 95/98/NT any USER can install a trojan, making the entire system vulnerable to attack.

Wait a second here. Have you ever actually used Windows NT? You know they do have this thing called an 'Administrator' account, quite analogous to root on a UNIX. When properly configured you can have as much control over a user as any UNIX. I know, I run NT at home (along side my Linux and NeXT boxen) and I've had plenty of instances where I could not install something because of the fact I was not Administrator. I mean I hate NT as much as the next guy (I only run it because windows is the only non-Mac OS I can use for my apps) but we dont need to make up lies and half-truths to talk about how crappy it is. There's plenty of real reasons for that.

-Rich

Re:Huh?

[Gangr33n]

uhhh. Yeah, I know NT as well, and know the admin account means nothing. It is what permissions the admin account is structured with. The creator/owners account is the TOP level. But...you probably dont know how a REAL NT network is set up.-or how the environment plays a part.

Re:Huh?

[FreeUser]

Thank you.

I wouldn't normally post an "I agree" comment, but since I'm the one being accused of having never used NT and not understanding it I will add the following comments:

- I never implied there was no Administrator account, just that any user can make the system vulnerable. This is true (as Gangr33n pointed out), and the existence of the Adminsitrator account may obfuscate that unpleasant fact, but the fact remains nevertheless.

- I have and do administer NT boxes at work (they are thankfully being phased out in favor of Linux) and am all too familiar with just how riddled with holes the entire security structure is. There are plenty of things non-Administrator users are capable of doing which they shouldn't be, and which must be manually disabled after each install. Even after wading through countless FAQs, MS web pages, service packs, etc. you can not even be reasonably confident you've gotten everything.

- I used NT at home for video capture before dumping it in favor of Linux, and had more opportunity to become intimate with how crappy it is.

In short, there is nothing untruthful, or half-untruthful, about anything I said, although I do agree there are plenty of reasons for hating NT that I didn't mention.

Re:Huh?

[NighthawkFoo]

Just because NT has an admin account doesn't neccesarily make it more secure. I seem to recall a certain 'screen saver' exploit that allowed any user to get admin access on any NT machine that they had physical access to. Yes, I know that any machine that a user has physical access to is not secure, but have you tried to use a NT machine remotely?

Another problem with NT boxes is that Windows applications like to write to the damndest locations. God forbid you want to restrict access to /winnt dirctory - many applications simply won't save your preferences, or simply not run correctly!

Securing the NT computer lab at my school was a nightmare. According to the head Sysadmin, we switched from a NT app server to a Red Hat Linux box because "we stopped the unstoppable Windows NT".

"I may disagree with what you have to say, but I will defend to the death your right to say it"

Our sun will not supernova

Tequila Willy wrote: ...at some point our own Sun will supernova... Our sun will not explode; it does not have sufficient mass. In fact, our sun will turn into a big fat Red Giant in about 4 billion years. It will engulf the earth itself in this fattening stage before going planetary nebula almost 1 billion years later -- ejecting its outer shell of gas and dust into space like a giant cosmic burp. A nice white dwarf will be left behind for the viewing pleasure of those of us living one of Saturn's moons. Class dismissed. Test on Monday.

The Good, the Bad, and the Ugly

[CAIMLAS]

Please, this is not intended as flame bait.

It seems to me, that, overall, BO2K is both a Good Thing and a Bad Thing.

A good thing, because it helps sys admins do their jobs in a much easier manner.

A bad thing, because there are a lot of script kiddies out there causing clueless 80 year old grandparents problems, etc.

IMO, the benefit of the good is outweighed by the harm of the bad. For every computer system that is made more secure through the use of BO2k, there are probably countless others that are penetrated and, in some way, harmed by delinquent teenagers. (I'm a teen still myself - I'm not getting down on my generation in any way - but it seems that younger teens are the main offensive group of BO2k users.)

The use of BO, me thinks, could be oriented so that 3l33+3 h/\X0r d00dz would not have access to it. Possible work arounds could be a corporate membership though a form of sorts. It would deter a large amount of lamers, while still allowing those who use BO for corporate purposes.

Granted, IMHO, the people at codc seem to truly be dedicated to anarchy, and are using this "security" front as a way as to not be decapitated through flames from security personel. It could be otherwise, but this is my take. I hope it is not so.

Also, there is the fact that there are already thousands, if not millions, of copies of the BO software already distributed, which could easily be aquired from a friend or a warez site. (And possibly newer corporate versions, if this feature were integrated. There will definately be people that figure out work arounds. Just because they use BO, they aren't necessarily stupid crap lamers. I know several very good hackers that use BO simply because it's easier that other methods.)

A mere .02 of one of my meekest pieces of US fabric/paper currency.

-------
CAIMLAS

Who?

There is no Muhamed Kadeeb at MS. Unless you spelled his name wrong.

Quit cracking so much smoke

Re:Who?

none with any other spelling of mohammed either. can you say full of it?

Some questions left open..

[mvw]

1. What are your favourite movies?

2. Do you listen to other techno than Kraftwerk?

3. When is you new virus scan software out?

The thing that cDc seems to miss

Generally I respect cDc and what they are trying to do and I have to agree, Windows needs some serious security upgrades at least as a server OS but I don't think that BO shows any Windows security flaws, but rather user security flaws. Question: If used by a computer illeterate user, which is more insecure Windows or Linux? (supposing the person could use Linux) Well, I'd have to say Linux. Think about it, BO relies completely con the idiocy of the user. If the user is smart enough to not install it, there is no problem. So if something like BO existed for Linux, it would rely off of the same method. Not a problem for people who just log in to systems run by a competent administrator, but what about an uneducated user running their own box? People like that probably often run as root, and something like BO could do FAR more damage if installed on a Linuz system as root. So what is my point? My point is that BO does not really reveal any security flaws in Windows itself. You could impliment a program that worked just like it in MacOS, Linux, UNIX or whatever. It exposes security flaws in users. There is nothing you can do to protect a system from its root user, if they are dumb enough to install a back door.

Re:The thing that YOU seem to miss

[Gangr33n]

This was answered in other posts, and on cdc's site. These tools only utilize what is inherent in the operating system. The scary part is MS never told anyone 95 and 98 had 'em. That is the whole point. Flawed security backed by a company knowingly putting raw power in ther for someones use. -Probably their own. (of course, there ARE the NSA keys.)

Missing the point...

[whocares]

Wow. Great interview, made me happy. Can't say the questions themselves did, as about half of them seemed to be posed by people who simply Don't Get It.

What is this "if you're not churning out code you must be a script kiddie" shit? Did any of you fools participate in the BBSes of old? Do you remember a few small things called "community" and "culture" and "having fun"? I've always viewed cDc as a bunch of people who like fucking around with computers, sharing the information they attain, and having fun. They're not coding enough for you? What? That makes them *script kiddies*? These people were putting out textfiles before the term was invented.

Something really bad has happened to online culture since it left BBSes - but I'm guessing most of you are too young to know that, seeing as from general comments, few of the people on Slashdot seem to be out of high school (don't bother replying with "I'm 35 and have been in the community 50 years!" comments - you're in the minority). It ceased to be about having fun and doing cool stuff and became a matter of writing tons of code so you can eventually sell out.

cDc never IPO'ed.

'nuff said.

Re:Missing the point...

[Gangr33n]

Maybe people like us ought to start a bbs revival. Set up a new wave of info, tools, ect. Similar to our origins.....

Re:Missing the point...

[whocares]

You know, I've thought about this before... and I've even known people who have tried to do it. But for some reason, it doesn't seem to work very well. I guess at some point, we were all kids, and we all read the files and we all learned from each other and maybe taught each other - and it happened on a really local level a lot of the time. And maybe there is a new generation of clueless kids who want to learn real stuff, and would develop the bbs ethic... but from my experience, it seems like most kids have figured out that they can just go get an MCSE or some other shite certification, and go out and make money, rather than having any interest in learning/community/anything. But then, I guess every generation thinks the one after them is doomed...

Re:Missing the point...

[Gangr33n]

:) And the problem is, the world doesn't get any better......The deal with BBSes right before the net, a lot of em would interact like the net. One would attatch to a node nearly outside of the area, and that one would stretch a bit farther, and so on. Pretty soon, you had a huge network. Then on the other hand, you had the underground sites. Imagine what could be done utilizing portables, cel-modems and keeping the "pirate radio" mentality of moving every 8 hours or so. betcha it could be dun.

Re:Missing the point...

[whocares]

The hard part is, who can do it? A lot of bbs'es were run by kids who had lots of time on their hands, but a lot of people kind of 'graduated' when they went to work - I know I sort of did. In everyone's quest for The Almighty Buck it's only those who haven't yet been sucked into the make-more-money-to-buy-more-crack circle who have the time and energy to do this stuff... and those kids don't have a clue it seems, these days... maybe we should just be recruiting our neighbours and corrupting them from a young age... hmmm...

Re:Missing the point...

[Gangr33n]

been there....doing that...:)

I prefer fatbrain.com...

..of course, the free shipping I get sorta makes me biased.

A good form letter for reporting B.O. attacks

(That's "Back Orifice", not "Body Odor") Here's a form letter I whipped up that anyone may use, so you won't have to write your own. This is covered under the GPL, so use and modify it as you want.

Be sure to fill in things in ()'s

I'm posting this as Anonymous for obvious reasons. And forgive the formatting, this used to be an 80-column e-mail.

Dear (ISP) Abuse:

At (time) (time zone) ((UTC time) UTC), on (date), the security
software I use on my home computer detected an attempted connection to
my system on UDP port 31337 from an address on the (offending domain) network,
(hostname) ((IP address)).

This behavior is consistent with a "Back Orifice" attack, Back Orifice
being a Trojan Horse program used almost exclusively for illicit purposes
to compromise the security of remote systems. The Back Orifice server
software, once installed on a computer system (usually without the owner's
knowledge) runs a server, usually on port 31337, allowing remote users
to attain unrestircted and unauthorized access to the infected system by
connecting to said port 31337. Certain individuals on the Internet,
commonly known as hackers, crackers, lusers, script kiddies, 31337 h4x0r
d00ds, etc. make it a practice to attempt connections to remote IP
addresses on port 31337, to determine if Back Orifice or some other
Trojan software is running on the remote system, and if it is, to attain
unauthorized access to the remote system, steal and/or destroy data on
the remote system, or launch a denial of service attack or other destructive
activity against the remote system. (31337, the port used by Back Orifice
and other Trojan computer software, is a common term in the 31337 h4x0r d00d
community, being a somewhat twisted form of the word "elite")

Attempted unauthorized access to remote computer systems violates federal
law of the United States, as well as the acceptable use policies of most
Internet Service Providers and computer networks. Even to administrators
of systems that are not vulnerable to such attacks, it is a pain and an
inconvenience to deal with attempts such as this.

I consider this a very serious matter, not because of damage or inconvenience
to me, but because individuals who engage in this behavior often do so on
a large scale. This person who attempted to connect to my system is likely
making hundreds or even thousands of attacks against remote systems every
day, in hopes of finding a system infected with Back Orifice. Of these
hundreds or thousands of systems, it is highly likely that he/she will be
able to gain unauthorized access to one or more of them, violating any
number of computer security laws and personal privacy laws, as well as
potentially doing severe damage both to the data of the attacked computer,
and to the personal privacy of the system's owner. Most likely the
compromised computers will belong to innocent Internet users who knows little
or nothing about Trojan Horse programs or computer viruses, how to recognize
them, how to detect them, and how to remove them. A person's own computer
could be rendered entirely useless to them, their productivity and valuable
data destroyed.

Of the hundreds and thousands of computer that may be attacked by this
individual on your network, a very, very, very tiny number will be running
security software that monitors incoming connections, such as (name of security software),
the security software I use. Thus, most will be completely unaware of the attack against their systems. I felt it was my duty to report this abuse
on behalf of the potentially thousands of internet users who won't be able
to detect or report it on their own. I hope that you will take this issue
seriously and investiage it. I believe that most 31337 h4x0r d00dz who
engage in this type of illicit behavior do so because they will never
be detected or caught. Many do not even know that port monitoring software
exists. Even a warning would probably be enough to send the message to
this individual that his activities CAN be detected and DO have consequences.

Thank you for your time and attention. Below I have included the relevant
portion of my system log file. Please contact me if you have any further
questions regarding this. Again, thank you for your time.

Regards,

(your name)
(your e-mail)

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
(your log file here)

--
(your signature here)

Linux does BSOD?

[_Sprocket_]

I've had games crash Linux too so I'm not really sure what your point is. If you're running Unreal on your server then clearly you don't care very much about performence.

Not to sound like a zealot or anything... but name the game that "crashed Linux" (as a bonus, what exactly do you mean by "crashed Linux").

Netscape is pretty horrible. It crashes on a regular basis. Of course, when it goes down, only Netscape goes down.

I've had Gnome do wierd things and even had it take out my X Windows sever. That mean all X apps go bye-bye. Of course, the OS was still intact... respawned the server and invited me to log back in.

By far the worse I've had is trying to launch Quake once and it seemed to crash, leaving me with a mangled terminal. The OS was still intact. I could log into it remotely. Of course... I couldn't get to another virtual terminal or back to my X Windows session. I'm sure there was a way to fix this (someone please clue me in if you know). I had to reboot to clear it. Of course... having said that... the OS was actually still running along (a moot point since I couldn't do much with it - probably due to my ignorance).

So there's my worse experiences. What's yours?

As a side note - I use linux as a desktop OS for home and work. Very nicely. The odd thing is, I have also been known to use NT as a desktop OS too. "Linux" and "WinNT" don't always mean "server". 'Course... "Win9x" does usually mean "game machine". ;)

Re:cDc in a Nutshell

Not when you do it while you're convincing yourself your an 3l33t3 master.

Get over your own self, you small-minded little twit.

I said their vocabularies are small because they cannot seem to express themselves without a stream of expletives. In my book, that's indicative of a small vocabulary.

By the way, you wankers didn't seem too concerned with the cDc's bad spelling ... seems alittle hypocritical to yell at me just because you disagree with my opinion.

Re:cDc in a Nutshell

Yawn. At least you're friend's .sig has it right..."Open Source != Open Mind"

You guys are the perfect examples.

Re:WANKS

[whocares]

This guy is such a brilliant example, I can't help but reply.

More proof of I was saying, the only thing that kids care about these days is getting their MCSE and working a shit job in a cubicle all day until they get some IPO money. The fact that you believe you can learn everything by getting a 4 year degree exemplifies your ignorance - I've interviewed more people with college degrees in CS who couldn't logically analyze a problem if their life depended on it than I can remember, and more bright hackers who grew up on cDc who were genuine wizards than I can forget. If you think real world experience, the ability to seek out and discover things and share information is useless, well, go back to your cube. Maybe the company will throw you a bone at the end of your 50 years of service, and you can pretend you did something you enjoyed for all that time. At least cDc has a legacy to look back on. And no, you aren't part of it.

And who had ever heard of...

[whocares]

And incidentally, how many of you Slashdot people had even heard of cDc before BackOrifice? Don't all shout at once... Once again, displaying the recent heritage and lack of culture of the Slashdot domain. It's kind of sad, really...

Re:And who had ever heard of...

[jagger]

I have bee wholly cDc 0wned(1) and operated since 1994. I put a quarter in a bubble gum machine and out came this cool looking temporary tattoo. After applying said tattoo to my bare skin I began to understad the cow.....

Moo..... Bow to the cow .....ooM

"Fuck'em if they cant take a joke" -J.R. "BoB" Dobbs


(1) thats 0wned with a zero in case you wanted to know

The Revolution

[fornix]

They fit so well with the group of revolutionaries from that, with the varying viewpoints and personalities all united in a weird way towards a common purpose of changing the world to a better place. I just hope the cDc fares better than Hugo's revolutionaries did.

When the cDc do achieve world domination, which is their stated purpose, and are in charge of everything, what sort of changes can we look forward to? Will it be a benevolent dictatorship or will we be slaves? Free hamburgers, perhaps? Will Bill Gates' wealth be redistributed. Will he be allowed to live? If not, will he be given a choice in the manner in which he is decapitated, and for how long his head shall be placed upon a wall for people to throw things at it? ;)

Re:"Productive" is in the eye of the beholder...$$

[whocares]

You know, in some arenas, "selling out" is considered synonymous with losing your integrity, not with success. I find it sickening that we all hold our breath and wait for IPOs so that we, too, can be part of some corporate conglomerate...

The American Way? I'll go back to the underground where we did it, we were free, we did it *for* free, and LIKED it that way.

Isn't it hip-hop?

[emrys79]

I thought digital underground was a hip-hop group in the 80's. . .

Re:Isn't it hip-hop?

[grrlfox]

They're playing in Austin within the next month or so.....

Just out of curiosity....

[Gangr33n]

Im trying to findout if Sir Dystic was on the interview, or if he changed his name. Any idea?

In support of cDc

[Kvort]

I quote from the article above:
To quote from cDc #300:

THE POINT
by Bryan O'Sullivan

you could spend an hour counting the petals in a flower
it might take you a year to count the veins in each petal
if you spent ten lifetimes, maybe you could count its cells

but you'd have completely missed the point
you fuckhead

I put this on my cubicle wall. I may put a copy of it up next to my mirror. I've always felt that a good kick in the ass is better than a cup of coffee in the morning. :)

After reading all the flamebait and crap people posted, this is particularly relevant.

cDc, enjoy yourselves. (Not that my approval/disapproval would matter to you)

And should our paths ever cross in our respective bids for world domination, may the best man win. :)

>>>>>>>>>> Kvort (now where did I put that flame-retardant clothing?)

Internet is subversive and evil too.

[Convergence]

Ya know what? The Linux kernel is a clever program, but its not creative -- Its destructive to companies trying to sell competing software OS's. Its insecure as its not supported by a trustworthy company. And look at the people who wrote it, distribute it, and proclaim long and loud about what a great "Operating System" it is should be treated like the scheming anarchists they are. After all, the user is dumb, they shouldn't need or even WANT to know how their program works. They shouldn't be called revolutionaries or treated like hero's. It doesn't help the situation at all.

Or how about RMS? Hell, how about Windows?

Windows is a clever program , but it's not creative -- it's destructive. And the people who wrote it, distribute it, and proclaim long and loud what a great "Operating system it is" should be treated like the scheming anarchists they are. They shouldn't be called revolutionaries or treated like heroes. It doesn't help the situation at all.

Or how about the bill of rights..

Its a clever set of laws, but its not creative -- Its destructive. And the people who wrote it, spread the idea, and proclaimed how good and free the laws were should be treated like the scheming anarchists they are. After all, what right does the stupid public have to question the monarchy or nobility? They shouldn't be called revolutionaries or treated like hero's. They should be treated like the criminals they are. It doesn't help the situation at all.


My point is that ANY new idea that people don't like, are unconfortable with can be advocated against in the same way. This SAME argument for something being bad and subversive can be said to apply to Windows, the bill of rights, the weakening of the church centuries ago, the growth of freedom, the growth of the internet, the growth of widespread literacy, cryptography, censorship.

Its also an argument frequently used by organizations in power to `get rid of' subversive material or ideas.

Just of complete curiosity, why couldn't I make the same argument for censorship of the internet? Look at how destructive the internet has been already and how destructive it will be in the future? It has no use, it does nothing fundamentally new that couldn't be done over the telephone, just as the telephone does nothing fundamentally new that couldn't be done under postal mail. Its subversive and destructive. Its a tool that lets people perform evil deeds.

Its information, information or software isn't dangerous or evil on its own, its how it's used.

Re:CLAIRIFICATION

See my friend, it's like this... Microsoft has decided that the common mass of chickenheads that use their software, should not have to be burdened by trivial things like passwords, or user id's. And Therefore they have gone to great lengths to "protect" said chickenheads from this burden. The Scenario: Let's say that Mr. Stew Pitt is doing some online banking, and Internet Explorer caches his userid (SSN) and password, so that Stew won't have to take the trouble to type it in again... Stew thinks "Hey Great! Less to remember! You gotta love that Microsoft..." -Meanwhile- An evil malicious script puppy known as Phil Mypockets is about to send Stew a Trojan that can decrypt the cache file where IE has just saved the login and password for Stew's online banking account. Stew hears the familiar "You've Got Mail!" and sees that there is a "software update" from a helpful "AOL Support Rep". Stew quickly clicks on the attachment... seconds later Phil Mypockets activates the Trojan that has just been unwittingly installed by Stew. -yata yata yata- Phil Mypockets clicks the "enumerate passwords" button on the "trojan-control-panel", unloads Stew Pitt's bank account, and retires in Bora Bora... The Problem: Stew is fucked... he doesn't suspect for a second, the true reality of what has happened... Neither the Bank nor Microsoft are interested in investigating (or publicizing) the possibility that Stew has been "hacked"... therefore, the problem continues... Phil Mypockets tells all his pals how "They Too Can Retire In Bora Bora" and more people get fucked... The Solution: cDc releases BO... they aren't quiet about it... in fact, it's a media circus. Mass hysteria quickly ensues. It's on the cover of every tech rag, it's on the news... Sam fucking Donaldson is doing a special on the Monday evening news entitled "Is the Internet Safe?"... Microsoft gets dogged... they have to respond... yata yata yata... things get done... slowly, things change. "Evolution Morpheus, evolution." The Difference: What most people don't seem to understand is that this shit is out there, happening, everyday. The cDc just publicizes it... that's what makes them the good guys. If they wanted to, they could sit there and code these tools, and then quietly use them to fuck people over. But they don't, and that's the difference. -kill-9

Re:Why not rate the MacOS?

[Gangr33n]

You are either retarted or you want flame, because you post anon while making a dumb statement and yet you claim to know the other OS's and languages. .....and......"you could spend an hour counting the petals in a flower it might take you a year to count the veins in each petal if you spent ten lifetimes, maybe you could count its cells but you'd have completely missed the point you fuckhead"....By the way, why dont you tell us who wrote MACos?

Laura Longfellow was were it was at.... -nt

I think it was Aegis Paint to DigiPaint that she used to push, but those brain cells have long since passed away...

what he said

[Bastian]

cDc responded to the allegations that BO(2K) is destructive rather than an admin tool because it has a stealth mode with a challenge to Microsoft to recall all its copies of SMS because of its stealth mode.

I do hope that happens since some of my friends who are plugged into the network of a different college fell victim to their networkadmin's questionable usage of "admin software."

Re:what he said

[Foogle]

Oh, so some of your friends in college were tricked into installing SMS through the use of buffer-overflows or trojan horses? No, I doubt that. If, in fact, they had it installed on their machines then either they installed it themselves or their admin did it for them. Either way, although it might have been against their wishes, it was knowingly and possibly just following rules. Face it: an admin has a definite place to ADMINISTRATE a PC. A cracker over a network does not. And furthermore, SMS's installation isn't stealthy. You know when it's being installed. Its an interactive (somewhat) setup. These arguments are just picking at straws -- they avoid the real issue: BO[2K] was built to crack systems without people knowing about it. That was not the purpose of Microsoft's remote-admin software, and in fact, Microsoft's system would be very ineffective for this purpose. And that's a pretty responsible thing for MS to do.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:what he said

Yes, but SMS doesn't come with a kickin' wack a mole game.

Re:what he said

[Tarnar]

Have you tried out BO2k? It's not amazingly easy to set up. BO was easier (i.e. Dumber, more Scr1pt K1dd13), but this program.. I used BO to admin my LAN at home (about a half dozen machines) and it was ok.

Then BO2k comes along, and I'm suddenly no longer afraid to leave these machines connected to the 'net while running BO2k. Encryption (now I feel safe admining a home system from campus), a small memory footprint (good for older machines), stealthy (good for family members who don't NEED another Taskbar icon). This program is legitimate as far as I'm concerned.

What would you think if it WASN'T the cDc that released it, but rather a small group of security specialists with a better media reputation (and a better name..)? You'd hail it as a great IT program. It's small, powerful, free. Like Linux. BO was a script kiddie toy. No denying it. BO2k can be used to the same ends, but dammit, it DOES have legit uses.

Under 18?

You think hackers under 18 should be protected from bad language??? Society should be protected from _them_!!

What a bunch of conceited lamers

[SEAL]

Yes they've written some interesting software. So have alot of other people.

One of the cDc guys even said something to the effect of "no matter how good you are, there is always someone better out there". Maybe they should listen to themselves and drop the attitude.

What about the claim that BO2K shows how "wide-open" your machine really is? Give me a break. That's like saying "Hey - your Linux machine is wide open because I can install a daemon on it if I am root".

Whatever.

These guys get way too much attention turned their way just because they can spout a few bad words and act like they are l33t. I tend to be more impressed with people who contribute software without caring who notices.

SEAL

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:cDc in a Nutshell

[parasite]

'Twit' and 'wanker' are hardly different from fucker, asshole, bastard etc.. The main difference is that they more properly emphasis our vehement hartred for you. They also server to demonstrate we are not up-tight little mommy's boys(/god's children/slaves) like you apparently are.

And what the hell is wrong with wanking, cocksucker?

I doubt they are.

[J.+FoxGlov]

Ratte' started editing the t-files from Lubbock, Texas, a town known for its je ne sais quoi, as Texans say. In reality, it's a pretty boring place.

To a group that meets every so often at hacker conventions and otherwise talks on the net, why should it matter where they live? Why should it matter where anyone lives, so long as they can connect to the net?

If they wanted to use their real names, they would. But their real names are pretty ephemeral and useless, especially if they choose not to use them.

J.

Re: win98 Second Edition free?

[jagger]

I believe that the patch became available after the cd was put on sale. This bothers me greatly at the point that it came out I could only patch 98 by buying a cd even though it would have been easier to download the patch from microsoft directally.

I installed IE 4.0 on one of our NT servers and then I couldn't use some of the web based admin tools anymore. NT directed me to a page to download the update for IE 4.0. I went to the page and couldn't find anything to download. Microsoft did direct me to the page where I could order a cd with the patch for $19.95 or I could wait for the patch to become available on the web.

This is infuriating. If they have the data to put out a bugfix cd why not make it free unless they just want to make a few bucks.

(ps. I removed IE4 replaced it with IE3 and installed Netscape 4 and everyting worked fine)

Re: Powells Technical Bookstore

In the battle of the "lesser of two evils", always pick the third option.

That's why you go to Powells and browse through their catalog of new, used and out of print books. If you've ever had the joy of visiting their Technical Bookstore in Portland Oregon, you would know True Geek Love.

*not a stockholder, just a fan*

Re:Why not rate the MacOS?

No, while his claim is overly broad ("can't be hacked"), it does have a basis in fact. By default, MacOS does not turn on lots and lots of network services, the way that Unix and Linux and NT do. It's rather hard to exploit flaws in server programs that aren't running.

Hackercracker and Crackerhacker

[Sendy]

I think we should introduce some more terms to clearify the situation.

1) Crackercracker: A person who uses so called 'crackertools' to 'crack' a computer.
2) Hackercracker: A person who uses his great skill in using computers to crack a computer.
3) Crackerhacker: A person who uses crackertools to skillfully use a computer.
4) Hackerhacker: A person who uses his supergreat skills in using computers

Well....
Sendy

Re:WANKS

[c-A-d]

Hoo-aah....

That's hitting the Nail on the Hammer!!!!!

Nicely played!

Re:Why not rate the MacOS?

his point does stand. but the mac os (unfortunately) sucks for everything but user interface (where i use it exclusively). serving on a mac is just stupid because of the instability and *lack* of proper remote administration on the mac os. I use macs (running macos) and PCs running various flavours of unix, and i've come to this conclusion over and over again. also, your arrogance *does* make it look like you want to be flamed back to the pit from whence you came. http://www.vhemt.org comes to mind. later.

And...

Such garbage. Why does anyone here care about a bunch of kiddies that have no direction and do nothing for anybody but themselves?

It seems these guys, l0pht and no doubt other are finding it hard to grow out of their childish past-times and somehow still try to gain some respect. That is respect from people other than the 13 yr olds they want to act like.

No one really cares about these people, and I sure didn't until I see this stuff showing up on /. , I mean come on, THIS is news that matters?

I think someone is trying to be some kind of cutting edge news reporter, the only problem is cDc, l0pht etc ad nauseum sure isn't cutting edge news at slashdot, perhaps MTV but not here. Tired, beating the same dead horse, certainly not new or interesting.

I'd much rather read an interview from one of the many good linux security sites out there, not these wannabe chumps.

Re:And...

[smoke]

Sadly enough, you are right. I would have expected 99% of the replies to tell this, but we are probably all scared that the Cult will infiltrate our machines ;)

Re:The thing that YOU seem to miss

What API calls? Look bud, you have to have to have something like that if you want a workable GUI. Answer me this: If some idiot installed something like BO as root, could it not do all what BO does and more? What do you think Microsoft should do, remove the routines from it's OS? All BO does is manipulate disks, maipulate windows, and poll the status of various things. I'm sorry but these are NECESSARY for a GUI OS. If a program doesn't have the right to access the disk then how the hell is anything supposed to get done? If I can't poll the position of the mouse how is it supposed to know how to respond to user input? Look bud, Linux and all the other OSes are just as venurable as Windows to something like this. If I wrote a small application that, when installed as root, would give me permenant, hidden shell access to your computer can you imagine how much trouble I could cause? All that would be doing nothing more than using the features in the OS.

BACK OFFICE 2000!

shit guys. thx for the news.. ive been waiting for the new version of Microsoft Back Office.. Back Office 2000!! im gonna install it in our corporate server.. and im excited for tommorow :) yipeee! sill system administraitor

ooM Demon Roach!

[theLime]

Hell yeah, I think that was the first bbs I ever used. That or the Windmill.

Weird world to know you went to the highschool where cDc was begun.
Oh, and that meat packing plant burned down a few years ago. Just some twisted steel out of concrete now.

Re:"Productive" is in the eye of the beholder...$$

The American Way? I'll go back to the underground where we did it, we were free, we did it *for* free, and LIKED it that way.


We did it *for* free because we were living in our *parents'* garage!

Re:Please clarify-here is the clarification

laughing my ass off at the phrase "back-engineered" I looked at thsi dude's other posts, hoping for more quality entertainment. I clicked 4 random posts.

He's best friends with the cdc, a pro-jazz musician, and the designer of satellites for a shadowy military-microsoft joint conspiracy. The 4th post was much less amusing.

Slashdot user-type #44: Clueless self-important namedropper

Yet another quality flame brought to you by the CIA, and crack cocaine.

Sugar coating the world...

[nyet]

... is whats fundamentally fucked up about our hype-saturated, abstract, image oriented, mass marketed, focus-group obsessive, bottom-line worshipping corporate culture.

Ok, so we should dress up the red-headed step child and make him LOOK respectable and cuddly? What a total waste of time. Any corporation that is incapable of judging something like linux on its own merits simply doesn't deserve it.

Screw it. Don't demean linux or any other good technology with a pretty box with shiny bits just to impress PHBs. I'm sick of pandering to their power-point presentation dulled pea-sized minds.

Eventually, companies like Microsoft will rip off any good idea anybody has (ok, well, maybe 20 years later), claim they invented it, and do all the icky marketing lies^H^H^H^Hwork for you (badly). The aforementioned PHB will buy it because the glossies and paperclip/wizard thingies give him the warm fuzzies. But you will have the last laugh every time you hear him have to reboot his machine. That is, assuming he actually uses it for something other than checking his yahoo email...

Shit. On second thought, you're right. We are all screwed.

BRING IN THE FOCUS GROUPS! THIS PRODUCT NEEDS A CONCEPT! A NICHE TO FILL! A PARADIGM TO SHIFT! A NEAT, 4 NOTE JINGLE (bum bee bum bim)! PENGUINS IN REFLECTIVE BLUE JUMPSUITS! A SUPERBOWL TIE IN!

Think about the big picture

[jagger]

...it's definitely not my choice to make for someone else...

You say that you wouldn't make that choice for others, but for a second imagine that you had to choose between the system with locks and keys and the one without for ALL systems in the world. Which would you choose???

As much as we would like to live in a world where security is unesasary we don't. We live in a world where information is power. We must choose wisely who and what can access that information. Since computers are going to be used for storing sensitive information for a long time yet I would prefer that anything that could be done to secure the system would be done.

The cDc didn't choose to break the security model for win9x, trojans existed for a long time before BO. BO just showed how bad a trojan could be. NetBus is comparable in some respects to BO and was not written by the cDc.

If the cDc had not released BO would there be no threat to win9x users, or would the threat still be there just not as well documented? BO was designed (IMHO) to infuriate the users of win9x, and get them to complain to Microsoft about finding a way to circumvent attacks.

Re:Think about the big picture

[Foogle]

That's a bunch of crap. Yes, computers are used to store valuable information, but anyone who's doing so shouldn't be using Win98. And anyone who does is a moron.

If I'm running as root on my Linux machine and I get tricked into running a trojan horse, or an undetected buffer-overflow allows someone to get as trojan onto my machine, what then? Then that trojan can do JUST as much damage as if it was on the Win98 machine.

So what would you suggest MS do about it? User awareness of the dangers of trojans is a great idea, but it's the only thing that helps to prevent them. I don't blame MS for allowing BO[2K] to crack people's machines, I blame people for being stupid enough to run stuff like "freepics.exe". The only solution would be to make Win98 a multi-user, permissioned operating system. I guarantee you that most users out there do not would choose to stick with what they've got, rather than go through the hassle of learning about read/write/execute/ownership. Even if they knew that it would help to prevent Trojan attacks.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:Think about the big picture

[jagger]

We started this thread with you saying that there is no security hole that bo(2k) exploits. You have just stated the hole that it is meant to address, the user. By raising awareness in users it has helped to make (some of) them reailise that its a big nasty world out there and that they cant just run any program that someone that they dont know sent them over i(cq/rc). I work for a store that has seen its fair share of computers taken out by trojan horses, and every user leaves knowing that they need to be MUCH more careful online. Hopefully they tell their friends and in the end we get more security concious users.

Re:Think about the big picture

[Foogle]

So by that reasoning, AIDS isn't a problem, people who get it are. And, following the same logic, a group of people that helped to infect the public with AIDS would be seen as heroes by you, since they raised awareness of the problem.

That's a ridiculous analogy, right? Or is it? I agree with you; awareness of trojans needs to be raised. But not by helping to spread them. You're arguing that, by writing/distributing BO[2K], the CDC is helping to prevent trojan attacks. If you believe that then I've got a bridge to sell you.

Look, the CDC has been around long enough for us to understand their MO. They like hacking systems. Moreover, they like helping other people hack systems. They didn't release BackOrifice to stop cracking. Yes, you can use BO2K as a serious admin tool, but that's not the issue for me. The issue for me is the motive behind the release, and the stupidity that anyone in their right mind would believe the hot-air that comes out of the CDC's mouths. They're crackers, plain and simple.

-----------

"You can't shake the Devil's hand and say you're only kidding."

(cr/h)acking tools

[jagger]

Microsoft does have a product that allows remote admin of a windows machine. It can hide itself so that there is no visible sign of it running from the console. I believe that is it called SMS. The cDc used this as a rebuttal to anti virus vendors putting bo2k in their databases. I would get you an URL but www.cultdeadcow.com seems to be suffering from the /. effect right now.

You could also consider VNC or Norton's PC Anywhere to be hacking tools because they allow remote access to a computer. Since VNC is GPLed anyone can remove the icon that appears on the system tray to make it effetivley invisible to the user.

you are an idiot.

If you think that compiling is a chore, you must not be doing any real work. Lets say you want to run Apache with PHP3, mod_perl, OpenSSL, shared memory patches, etc. There are RPM's (or other binary packages)for specific configs - but if you want it all you have to configure it yourself and compile it. It's not hard. You just need to turn on your brain and read a few README files. This is not rocket science. In reality a binary dis. that is dynamically linked is only guaranteed to someone on a system with identical libs to the builder of the binary. Also, with RPM's you have no real first hand idea where everything goes on your drives. I am responsible for 18 machines and I have compiled every binary on every server, OS(OK they are all BSD so this is a no brainer, via make buildworld/make installworld), Kernel, daemons. It's not a big deal. Install a base OS, install the necessary daemons, test, harden, test again, good to go. I know where everything is on every machine... A little more time upfront and minimal time later when I need to scale or upgrade. Compiling is not 'scary', BINARY distributions are scary. adam

Re: Hint: Free Clue: Nobody Reads These

We get these occasionally at my ISP, and we just delete 'em. I know a lot of people at the other "big" local ISP's (non-national) in my town, and they do the same thing. Unless we get a whole slew of them at once, or some customer trys to crack our main server with exploits from 5 years ago, nobody really does anything. You can keep sending these though, it probably gives one a good white-person feeling in the middle chest.

cDc web site?

[eagl]

Hello,

Was looking forward to reading stuff from the cDc web site after briefly browsing it from work, but from home my isp's DNS server returns unknown host for www.cultdeadcow.com. I asked a friend to look up the ip address for me, and his isp also returned unknown host.

2 possibilities? First the site is down. Second, some ISP's delete cDc from their DNS tables? Had no trouble finding the site from work even through their firewall (.mil) but I didn't write down the ip addy (stupid me).

Any help would be appreciated. Before I left the site I saw lots of interesting stuff I wanted to spend some time reading (Thanks cDc)

Apologies if this is too far off topic.

Re:cDc web site?

[Kevbo]

I have this problem as well. Cannot hit them from either my ISP of from work. Any ideas?

Re:"Productive" is in the eye of the beholder...$$

[whocares]

Funny, when I was a kid, most kids I knew had less free time than most adults with paying jobs I know now... and they still managed to do lots with it without demanding the sell-out they were 'entitled' to...

Re: Powells Technical Bookstore

[MassacrE]

=)

Powells does kick butt. It is one-of-a-kind. I found all sorts of things there.

first

k&a