Slashdot Mirror
Bizzare Answers from Cult of the Dead Cow
tdsanchez asks:
How has the 'mission' and/or purpose
of cDc changed as the years have passed,
especially with the advent of pervasive
internet
connectivity and the 'death'
of classic dial-up BBS's?
cDc answers:
Obscure Images answers:
cDc's mission has never changed. We are still primarily motivated by the
desire to dominate the world. I think that if anything, the growth of the
internet has just been part of our plans for your tomorrow.
G. Ratte' answers:
The mission has never changed... it's always been about us trying to do
cool stuff.
The Internet has just made it easier to communicate and it's a lot less
hassle than when you had to worry about how fresh your long distance codes
were, back in the day.
Call my dead BBS! Demon Roach Underground, 806/794-4362. 2400 baud!
Apple II, baby!
Nighstalker answers:
The whole point of cDc is to communicate. While T-shirts and watches and
BO2K are the glitz, the core of cDc is communicating to and with the
world. The venerable T-File is the heart and soul of cDc and we will never
abandon this most basic and venerable facet of the telecom/computer
demimonde
Tweety Fish answers:
We are currently in the process of training our massive, highly secretive
ninja army.
M1000 asks:
How would you define the
implementation of security on the major
OS today?
- Windows95 / 98
- Commercial Unix
- Linux
- FreeBSD
- NT
- Windows 2000 (NT5)
- etc.
cDc answers:
Nighstalker answers:BR> If it's from MS, the security is crap. everything else is better by comparison. Linux is pretty good if you're a Linux guru. Same thing with any other flavor of UNIX. But no matter how good you are, there's someone out there who is better than you.
"The price of secure connectivity is eternal vigilance!"
--
DilDog answers:
- Windows95 / 98 - Shit happens
- Commercial Unix - Shit happens over RPC.
- Linux - When shit happens, you fix it.
- FreeBSD - Shit would happen, but there's no driver for it yet.
- NT - Shit wouldn't happen if you'd just spend a few months performing 300+ modifications to our default installation, you lazy sysadmin. Get your MCSE.
- Windows 2000 (NT5) - Shit happens over DCOM.
Tweety Fish answers:
Except for Window95/98, which I would characterize as sucking ass across the board, there's no simple answer to that question. All of those operating systems are (resonably) securable, in theory, but if you want to make the job of securing a box easier, why not run OpenBSD?
xmedar asks:
There is an episode of South Park
with cows worshipping a cow clock, and
when it is removed by the people, the
cows all jump
off a cliff, now I've heard
that refered to as the Cult of the Dead
Cow episode, is it anything to do with
cDc or are cults for dead
cows just in fashion right
now?
cDc answers:
Obscure Images answers:
We would like to believe that we were inspirational to the creators of
South Park, but we will defer to the obviously natural call of bovinity.
--
Reid Fleming answers:
Our lawyers will not permit us to comment upon the episode in question.
--
G. Ratte' answers:
Sure. I hear the next round of Calvin Klein ads will feature Kate Moss
munching a big
greasy cheeseburger as Kari Wuhrer cleaves an axe through a cow's head.
And a roomful of Italian boys with no chest hair look on in quiet
desperation. It's a scene straight from one of our industry convention
parties.
--
Nighstalker answers:
The universe is a chaotic system. If Ratte had been screwing around in a
sewage treatment plant, rather than an abandoned slaughterhouse, we cound
have been called the Cult of Recycled Shit. That the guys from South Park
had cult of suicidal cows may be our fault. maybe not.
--
Tequila Willy answers:
I know this episode well, and I've spent a lot of time studying the
various interpretations of this episode. Though the Cult of the Dead Cow
interpretation is a very plausible and popular connection to make, there
is
another very plausible interpretation that I think you will find
interesting.
The hands on the clock are metaphors for the phallus. The removal of the
clock
represents castration. The removal of the phallus limits sexual options
and
limited options are bad. The cows demonstrate their adherence to their
principle of "maximum freedom or death" by jumping off the cliff. You
might
ask yourself, xmedar, whether you have any principles that you would be
willing to die for.
--
Tweety Fish answers:
TV writers (comedy writers especially) tend to be unrepentant fanboys with
computers and tight deadlines... you decide.
Effugas asks:
To the various
illustrious(translation: I've worshipped
you guys for the majority of my life)
members of the Cult of the Dead Cow:
Moo.
That being said, I'd like to know what have been the most surprising events in the computer industry for you. Anything's fair game. What just came out of nowhere and knocked the Cult flat on its ass?
cDc answers:
Obscure Images answers:
We haven't been knocked on our asses yet by anything that has happened in
the computer industry. We're great at believing that whatever we see is
directly caused by our underground efforts. We would be knocked on our ass
if we didn't believe that. Oh yeah, Linus Torvalds is a cDc simulacra
unit.
--
Reid Fleming answers:
www.realdoll.com
www.jerkcity.com
--
GA Ellsworth answers:
http://www2.promisekeepers.org/
--
G. Ratte' answers:
I'm mostly surprised by what hasn't happened. I thought floppy disks
would get bigger and bigger 'til they became a 3-foot square, and you'd
use 'em for kites when they went bad.
I thought for sure bubble memory was going to take off, and pen-based OSes
would rule the industry, and I'd have an Amiga clipboard computer running
MS's BOB right now. It should have been Atari, not Microsoft.
--
Nighstalker answers:
Cheap powerful computers. Looking at the list prices of all my Commodore
128 gear shows me that the whole system cost more than a new iMac. Also,
PDAs are pretty surprising, how they just suddenly seem to be everywhere.
--
White Knight answers:
What surprised me most about the computer industry is how much less
attractive
Kiki Stockhammer is in person.
--
Tweety Fish answers:
You know they got these things now that can take a picture and put it on
the screen thingy? That's so cool!
sinatra asks:
A recent article (forgot the
reference) characterized codc members as
a bunch of social juveniles bound by no
particular ideals,
and lacking in both trust and
personal respect for other members as
well as the (cr|h)acker communities
at-large. The evidence
presented in the article
however was limited to on-stage behavior
and a virus of unknown-but-suspicious
origin on a distributed
CD. The codc archives paint an
equally murky picture, depending on the
reader's perspective.
So is there a codc code of ethics? Could such a thing ever be enforced?
cDc answers:
Obscure Images answers:
I can't answer for everyone, but I will say that I am a moral relativist.
I
think that the morality of an act is dependent on the context of that
action. As for a cDc as a group, we are a very close knit group, very
nearly a family, and to think that there would be someone amongst us who
would turn on us is an absurdity. The article in question was written by a
well known fool who would fit in better at a meeting of the John Birch S
ociety than a computer convention.
--
Reid Fleming answers:
No and no.
--
G. Ratte' answers:
Lacking in trust and personal respect? I wish I knew the article you're
referring to,
'cause those are some pretty strange assumptions.
But that's funny, that's interesting. We're the kids the newspapers used
to write about being diagnosed with "Pac-Man elbow." We're the kids with
the sore thumbs
from Atari joysticks playing "Combat" through our adolescence. We're the
first
generation to grow up hearing a modem squeal every day after school.
So if there's any lack of trust and respect for the (cr/h)acker community,
it's self-loathing and it's all in the family. Familiarity breeds
contempt.
The only ethic is to not be, uh, k-lame. Spreading viruses is not good.
--
Nighstalker answers:
I read that article. The author is an ignorant twat.
For what it's worth, I trust my very life with any cDc member. I trust them implicitly.
I suspect that cDc individually and as a group is far more ethical than
Microsoft. Anyone emails me, they get an answer directly from me, not some
flack from marketing.
--
Tequila Willy answers:
Dear Sinatra,
Who's codc? I've never heard of them.
--
Tweety Fish answers:
The nice thing about cDc is we're all cool enough, and all moral enough,
that there really is no need for us to enforce much of anything.
Personally, I'm constantly entertained by everything every other cDc
member
ever does, and I'd much rather have that than the 1700 page cDc Moral
Guide.
Incidentally, the author of that article also thinks that Richard Stallman should be arrested and charged with monopolistic practices, so, you know, you shouldn't believe everything you read.
[bog-oh] asks:
You folks have been around for so
long, surely you've seen the evolution
of both terms. Are you quick to take a
stand on misuse of
either, or do you just take it
all in stride? Some of the older
security folks out there are damned sure
that "hacking" is still purely
malicious, and "Cracking"
simply means breaking software
registrations and the like. What do you
feel each term represents
these days?
cDc answers:
Obscure Images answers:
We would like to take a stand on this nonsense once and for all. We are of
the firm opinon that the qualification for being a hacker is not something
that can be stated on clear moral grounds. As far as we are concerned,
crackers are something you eat.
--
Reid Fleming answers:
The term "cracker" is divisive, insulting, and should be considered
inappropriate in mixed company. Same for "honky" and "caucasian".
"Hacker" on the other hand, is perfectly fine for most social situations.
As in: "Hey, you! Hacker! Suck my dick!"
--
G. Ratte' answers:
Personally, I never use the term "hacking"... it's all just messing around
to me, and
some of it could get you into trouble. Whatever. "Cracking" means
removing software
protection, and a "cracker" is a white boy. I don't know when people
starting fussing over the terms and using "cracking" to mean system
intrusions, but I think it all carries the stench of journalist-invented
nonsense. Same with all that "white/black hat" crap. Nobody in this
situation uses those terms, and they readily identify the user as an
outsider.
--
Tequila Willy answers:
Dear Bog-Oh,
Your sensitivity is to be applauded in these times largely
characterized
by egocentric thinking. I appreciate that you've taken the time to ask me
what
I *feel* about these terms. I feel good about what each term represents.
Thank
you for asking.
--
Tweety Fish answers:
A cracker is somebody who cracks warez, and/or a pejorative term for a
white person. Any other meaning is never going to catch on in the media,
nor with the old school. It's just too complicated to remember the
distinction all the time. The people who are hackers by anybody's
definition have done some... uh... mischevious things in their time; it's
part of the nature of the beast. To say that "a real hacker would never
break into a computer system" indicates - to me - a lack of understanding
of the original meaning of the word. Of course a real hacker would break
into a computer system, if it was an interesting enough problem and they
didn't anticipate anybody having a problem with it. I agree that the media
should widen it's definition of what a hacker is, but that's not the
argument I usually see, especially here on slashdot. I see a lot more of
"they aren't a real hacker, because they break into systems and/or do
security stuff", which is plain silly.
Personally, I refer to people by whatever term they would like me to use, unless I don't like them.
Besides which, if you are doing something unexpected, unforseen, or disallowed to any system (which is my pocket definition of hacking) somebody is always going to think it's bad, until you laboriously convince them otherwise, on a case by case basis.
Why get caught up in semantic arguments when you could be doing cool things and get noticed for THAT, instead?
phray01 asks:
please be honest
- (1)boxers
- (2)briefs
- (3)panties
- (4)thongs
- (5)nothing
- (6)orange
- (7)Hemos the Hamster
cDc answers:
Obscure Images answers:
All of the above, though not necessarily at the same time.
--
Reid Fleming answers:
sacred vestments
--
GA Ellsworth answers:
Boxers for me..
--
G. Ratte' answers:
I refuse to answer this question, as I don't want to encourage your gross
masturbatory fantasies. What I choose to cover my massive, pulsating tool
swinging handily between my taut legs is my business, and my business
only. What should the touch of soft fabric brushing the tender head of my
otherwise steely rod matter to the likes of you?
Disgusting!
--
Nighstalker answers:
Sheer to the waist black seamed pantyhose for formal affairs.
--
DilDog answers:
All of the above.
--
Tequila Willy answers:
Dear phray01,
The etiquette in this case actually depends upon whether you were east or
west of the Mississippi when this unfortunate accident occurred. East of
the
Mississippi, the gas station attendant should remove the dog's head from
your
windshield wipers when cleaning the windshield. However, please be
prepared to
tip for this service. West of the Mississippi, it is usually considered
bad
manners to expect gas station attendants to remove any animal bits that
have
been wedged in your car parts. Thank you for asking.
--
Tweety Fish answers:
I actually try not to wear any slashdot operators that close to my skin.
Makes my pants look funny.
Foogle asks:
Let's face it - most people regard
the cdc as a bunch of script-kiddies
looking for some limelight. The
BackOrifice software really
made this worse, because it
was seen, not as an admin tool, but as
an application meant to propogate
cracking. How does this
make you feel? That is, what
are your personal thoughts on the cult's
activities and how do you think they
should be viewed from
the professional side of the
industry?
cDc answers:
Obscure Images answers:
cDc is not a group of script kiddies. We are united in our interest to
hack
the world, be it though computers, words, images, sounds, politics, money,
or sex. Those who consider us to be script kiddies ought to shut the fuck
up and write their own tools. Using tools doesn't make someone a script
kiddie, what makes a script kiddie is the use of other people's tools to
accomplish things they have no interest in understanding. It is
understandable for professionals to be concerned with our reputations, but
that is why we've been completely open with our tools. We have software
that can be used as very effective tools.
--
Reid Fleming answers:
Most professionals get it. The trojan horse problem was considered to be
low priority a year ago. Things have changed as a direct result of Back
Orifice and Netbus.
(By the way, you ever notice that sometimes journalists turn to Russ
Cooper for an "independent" perspective on Microsoft? And you ever
notice how often he agrees with the Microsoft position?)
--
G. Ratte' answers:
It's somewhat frustrating when something a lot of effort has gone into is
totally
misunderstood by so many people. A lot of people seem to have an
aversion to the big picture and how BO fits into a larger whole.
As for 'the industry,' . Rah rah venture capital, rah rah IPO.
"We've got this great new site, Hats4Cats.com, a brave new world
of headgear for our feline friends! We're seeking the perfect partners to
get
this off the ground right, and if you'll just look over this media kit at
your leisure
after the convention, we'll have someone call you in the next few days
about some great opportunities!"
That's 'the industry.' 'The industry' can kiss our collective cDc ass.
--
Nighstalker answers:
Most people couldn't plug in new RAM to their machines or install an
application with the aid of an installation wizard. More so for the people
that write about the digital underground who are not a part of the digital
underground.
BO was released to show up the miserable security of Windows, in the hope
that MS would do something other than issue press releases and that users
would be made aware of the pitiful security on their machines,
particularly when connected to the Internet. BO2K was released in response
to the pleas of countless IT professionals who needed a powerful admin
tool.
--
DilDog answers:
I don't feel one way or the other about it. I write code to fill a void
whenever I find I need something that doesn't exist. Hence, BO2K.
What Linux is to Commercial Unix, BO2K is to Commercial remote admin
tools. I mean, what kind of sick and twisted hax0r would want to use FREE
and POWERFUL software without having to pay out of their ass for it.
--
Tequila Willy answers:
Dear Foogle,
Thank you for being concerned about my feelings. However, I disagree
with
the metaphysical assumptions of your first question. I believe I choose
how I
feel and that the reaction of "most people" cannot make me feel any
particular
way. That being said, your second question seems more appropriate. The
Cult of
the Dead Cow should be viewed as what they are, namely, experts in global
domination.
--
Tweety Fish answers:
So the technical definition of Script Kiddie is one who uses pre-made
scripts or tools to hack sites, instead of developing their own tools.. by
that definition, how could we possibly be script kiddies?
In the larger sense of BO2K being an application meant to propagate cracking, yes, that might happen, but the way we're doing it does serious work to raise awareness of these issues. I think we're perfectly aware that this can be hard to understand, and we're perfectly willing to keep hammering our message home until people start to get it, and start working to fix these problems.
An_onymous Coward asks:
First of all I've got to say I think
cdc is pretty damn cool. I was digging
their .txts since I got my first dialup
shell account long ago.
Now, with you guys being so
security minded and all, there's only
one question I could think of for you:
If you were to build your
ideal network, with telnet,
ssh, www, ftp, pop3, smtp, file &
printer sharing, bind, etc... what would
be your ideal configuration to
maximize security? Please be
specific about Network OSs, routers,
network policies, protocols,
filesystems, permissions,
daemons, firewall rules, and
anything else that comes to mind.
cDc answers:
Reid Fleming answers:
Dedicated fiber lines in a star configuration. Ultra low tramissions,
only a few quanta, to foil optical taps. One-time pad encryption for each
packet. All plaintext messages composed in an alien language unknown to
anyone but the participants. The actual content of the messages being
hidden in subliminal channels too sensitive to be mentioned here.
--
DilDog answers:
For cryin' out loud. My ideal network doesn't have half of that crap
running. It can all be done with DCOM and HTTP. Just kidding!
I -know- this is a Linux crowd, but I'm tellin' ya, take a look at OpenBSD
for PROACTIVE security when it comes to that mission critical firewall
box, network monitor, webserver, etc.
--
Tequila Willy answers:
Dear onymous Coward,
First, thank you for your compliments. However I am left wondering how
many of our text files you have actually read. All of your questions have
already been addressed in detail in our text file, Wet Mount Slide.
--
Tweety Fish answers:
DUD3 Y3R TRY1N T0 B3 4LL SN34KY 4N' S0C1AL 3N1N33R US AN' SH1T A1N'T Y000?
B3TT3R US3 NM4P INST3D!@$#!@%
If you want a genuine answer to that question, I'm sure the l0pht would be able to answer it as specifically as you need for a small fee.
Freshman asks:
Since BO is/was a big deal, I'm
wondering what kind of companies have
tried to contact you and what they had
to say.
Did Microsoft ever give you
guys a buzz? The DoD maybe? CIA? If so,
what did they have to say?
cDc answers:
Tweety Fish answers:
We've been in constant communication with the CIA, NSA, and MOSSAD to make
sure that the government-specific backdoors built into BO2K meet their
tough standards for EoE (Ease of Eavesdropping).. we value the
contributions the US and other governments have made to these products,
and
look forward to working much much more with them in the future.
Microsoft hates us, I think.
rikek asks:
I've always wondered... what does a
group that produces "script kiddie
material" (no offense intended, it's
inevitable whether you
want it or not) feel about
their work? Every now and then I'm
plagued by contact with an "3R33+
H@X0R", who is most likely
some 14 year old without
anything better to do who is causing
some minor damage, without a clue as to
what a TCP/IP packet is.
The ratio of clueful hackers
cracking to script kiddies cracking has
gone way down over the few years, and
products like BO are
likely to blame. So what do
you guys think about this... would you
rather this turned around, or do you
feel that distributing tools to
nameless masses is a good
method at getting back at the real
evils?
cDc answers:
Obscure Images answers:
There will always be people who ride on the work of others. That's all
that
script kiddies are, poseurs, trendies or what have you. Back in the old
days after War Games came out there were floods of "hackers" out there and
these same comments were made. In the end, there is always a shakeout
process. Most of the current script kiddies will abandon their activities,
leaving the hardcore still in place.
--
Reid Fleming answers:
I suggest reading the section on Evolutionarily Stable Strategies in
The Selfish Gene.
--
G. Ratte' answers:
It's tricky, and I refuse to get into the kind of age/experience
penis-size wars that
always come up with this "lamers are running around with dangerous
scripts" thing.
Back Orifice is distributed the way it is to force an issue.
A hell of a lot of people should be upset their computers are wide open.
I've always hoped that people interested in our tools would seek out our
other material
and read up on what we're about. And that they'd be smart enough to
figure out that bumming
some hapless person's day by screwing up their computer is not a good way
to spend an afternoon. The end of all our text files from the last few
years says this: "Save yourself, go outside, DO SOMETHING!"
--
Nighstalker answers:
Virtually anything can be used for evil, as virtually anything can be used
for good.
One thing about BO2K is that the author deliberatly made it more difficult for clueless script kiddies to use. They're the ones who constantly plague us with badly mis-spelled complaints about how BO2K doesn't work. The IT professionals sing our praises about the power and ease of use of BO2K.
BO2K is forcing evolution to accelerate in the world of computer security.
we regret the damage that is done with BO2K. In the long run, we will all
be the better for this.
--
Tequila Willy answers:
I think you have raised an excellent question. However, I am doubtful
that
good products like BO can be identified as the cause of the diminishing
number
of hackers in comparison the the number of script kiddies. I believe that
each
individual must take responsibility for the character traits that they
choose
to cultivate in themselves. If the number of script kiddies continues to
grow
and more individuals choose to take the path of becoming a script kiddie
rather than pursuing hacking skills, then this seems more plausibly
interpreted as a sign of laziness or a short attention span on the part of
those who choose this path. I don't think that BO could be blamed for such
a
result. That being said, I would prefer to see more hackers than script
kiddies but only because I respect the skills of hackers more than the
skills
of script kiddies. And I would rather participate in a society populated
by
individuals I can respect.
However, I believe your question should lead us to thinking more about
what sort of behaviors should or should not be tolerated in cyberspace.
And
before we can address that question, it would first be helpful to conduct
an
inquiry into the metaphysics of hacking. I believe that many of the laws
regarding computer security issues are misguided because they make
fundamental
assumptions about the nature of the computer hacking environment that
simply
are erroneous.
--
Tweety Fish answers:
The ratio might have changed, but the total number of people with a clue
has increased, not decreased. Some 14 year old might get their start by
messing with bo2k at school, and then they might start writing plugins,
and
then they might need to do something stranger, so they'll mod netcat to do
suit their needs, and then they might realize how horribly insecure their
own system is, and install linux or freeBSD to mitigate that somewhat, and
then they might get out of school and go get a job securing corporate
networks with all the knowledge they've gained.
Kids will be kids. If computer security was a real priority for operating system vendors, Joe Random 14 year old would need a lot more than something as general purpose as BO2K to start trouble. He'd need... uh... a car, say, or some bleach and ammonia, or a lot of beer.
yoshi asks:
What should application and OS
designers do to build systems which are
more secure?
cDc answers:
Reid Fleming answers:
For starters, they should spend more time and energy on security than
UI design, documentation, or product packaging.
--
Nighstalker answers:
Learn from the mistakes of the past and the solutions of today. It's not
that hard to impliment security. It's just easier for lazy coders and
indifferent beancounters to blow it off by saying that, "This is not
something our customers are demanding in our product."
--
Dildog answers:
Proactive security measures. Encrypt everything. Eliminate HTTP and go
right to HTTPS everywhere.
--
Tweety Fish answers:
Make security concerns and security audits an integral part of the
development.
Alpha42 asks:
Okay.. Here's my question..
what ever happened to Obscure Images?! I
haven't seen anything from him in
AGES... Don't get me
wrong, I thought BO was good
and all, and I'm sure it's generated 99%
of the PR lately.. but I miss the
original cDc stuff.. the files!
:) And Obscure?! OH man...
cDc answers:
Obscure Images answers:
Hey, I'm still here, and I am as active as I have ever been.
I've never been gone, just acting back in the shadows. I do what I can to
help plan and implement our projects. Most of it comes without the glory
or
press attention, but it has to be done for us to be successful. Over the
past 10 years I've gone to school, gone out into the world, gotten
married,
and started to go a bit grey. Not related to my marriage, I assure you.
There will be more files from me, it's just a matter of finishing them.
Keep your eyes open, your mouths too.
As far as my poetry goes, I have an excuse. It was 10 years ago, I was a typical late teen with clinical depression and the idea that I could write poetry. I stand by my stories, but would rather see the poems fade away like my youth.
Oh yeah, you have seen me, everytime you see our Paramedia Cross logo.
--
Tweety Fish answers:
Near the end of the cold war, Obscure Images was captured by a splinter
faction of the KGB, and forced to write polemics, in verse, in a futile
attempt to turn the people of the former Soviet Union back on the true
path
to communism. He's back now, and doing fine, except for that twitch.
Effugas asks:
What tools, in your minds, would you
consider the most useful but least
acknowledged tool in your security
analysis collection?
When backed into a corner,
unsure how to whip something into shape,
what obscure and strange network(or even
non-network!) utility popped
into mind and either performed some
amazing function you couldn't imagine
coding yourself or gave
you the necessary cluephone
ringing (via source code peek) to pull
it off yourself?
cDc answers:
DilDog answers:
lsof. Use it.
Anonymous Coward asks:
My question is simple:
When will you start to do productive things ?
Ok, here is some context for the question. I know about BO2K ; and saw miscellaneous software at cDc site.
But on the other hand, the cDc has existed much longer than Linux itself, the FreeBSD team, NetBSD, and for probably as long as the FSF itself. One one hand you have a wealth of software (for instance here or here), on the other hand, after 15 years, you have a handful of cracking tools, one Windows administration package, an unorganized set of information, and stickers + temporary tatoos for sale.
In particular, it is a total mystery why since all that time, you haven't done one of the following:
- Review, summarize existing security systems, document and implement a robust security model. Unix model is total crap ; even Multics (design: 1963) was better (Multics achieved B2 security rating).
- Audit publically a freely available Unix (today done by OpenBSD instead).
- Write automatic assembly code analyzer to search for bugs (or at least for C). Commercial tools exist by now, and last time
- I tried to see if a free one existed, all I could found on cDc site was a "Tao of Windows Buffer Overflow" (a re-hash of techniques found for instance in Morris' Internet Worm in 1988. See Spafford's excellent report, and the Worm's FAQ).
- Lent a bunch of your machines, to hold contests such as "the best security model for Linux/BSD, running almost all possible services/servers, CGI, ...".
cDc answers:
Obscure Images answers:
While cDc does some programming, this is not the sole focus of our
efforts.
To compare us to the other groups you mention you have to realize that we
have different goals, as well as methods. We don't feel obligated to do
anything for anyone. Our work is directed by our desires and our goals,
not
the desires of the community. Everything we do is productive in our eyes.
We like to think that we've done work every bit as important as any of the
above groups. It's all a matter of perspective. We have no problem with
the
people who have given their time and energy to these other projects, but
we
are not like them. We do things when we want to, in the way that we want
to.
--
Reid Fleming answers:
Temporary tattoos are a CRITICAL ELEMENT of our security strategy. To
suggest otherwise is sheer lunacy.
--
G. Ratte' answers:
Wow. I don't know when I'm going to be productive. Mom wants grandkids,
too.
Why should we do those things? Maybe we will, maybe we won't. Why don't
you?
We do other things. As far as "lend a bunch of your machines to hold
contests..." that's funny,
what bunch of machines? None of us are wealthy.
You looked at our site and blew it off as a "handful of cracking tools &
an unorganized bunch of information." That's the first electronic
magazine ever, starting in 1984. It was a big deal to me when I was
fourteen and bored in a small town, and I was doing something new and
exciting and fun. I don't necessarily want to satisfy your weird little
computer fetishes. I've got a dog and a cat and a screwy relationship and
my picture in SPIN and no job and I'm busy.
Too busy for you.
To quote from cDc #300:
THE POINTyou could spend an hour counting the petals in a flower
by Bryan O'Sullivan
it might take you a year to count the veins in each petal
if you spent ten lifetimes, maybe you could count its cells
but you'd have completely missed the point
you fuckhead
--
Nighstalker answers:
And this comes back to my first answer. cDc is NOT ABOUT PROGRAMMING!
Programming and computers are only a means to an end.
--
Tequila Willy answers:
Dear Anonymous Coward,
Your question seems very serious and as such seems to be counter
productive. The Cult of the Dead Cow exemplifies the very attitude that
ought
to be cultivated considering the absurd nature of existence. Take a moment
to
contemplate your death and your own concerns about what counts as
productive
behavior may shift. You may think to yourself, "I am merely a mortal who
will
die, but I must live responsibility for the sake of those who will survive
me." But of course your friends and family will die and there will come a
time
when no one alive will even have a memory of your existence. And if that
weren't enough, at some point our own Sun will supernova, and when this
occurs, human life on earth will be destroyed. At that point, human beings
will not even exist to contemplate the fates of those like yourself who
died
long ago. From this perspective, all human actions seem to take on an
equal
importance: our concerns are absurd! To live freely and responsibility, a
mature human being must realize this point. Having fun, living and loving
well, being playful (and hence flexible in your living): these actions
take on
much greater importance than behaving in a serious (and hence rigid)
manner.
Your question is foolish because it is not asked with a foolish spirit.
--
Tweety Fish answers:
Read our files. Read our press releases. It's all about style, jackass.
Incidentally, the first of your suggestions is a primary goal of the
OpenBSD project, like you said. The second suggestion is a fine idea, why
don't you do it? (re: spafford's paper and the internet worm, the internet
worm didn't run on win32, now, did it?). As for the third suggestion,
gee,
that's a great idea. Why don't we kick down a couple hundred thousand for
a
semi-trailer we can turn into the cDc hackmobile, and load it up with all
these high-end systems we have sitting around, and hire somebody to drive
it around the country so people can mess with it for free!
We do what we're interested in, what's fun, and what's within our resources, plain and simple. And we try to keep it funny.
Descriptions of who these people are are at http://www.cultdeadcow.com/members/.
Using Dennis Chao's work as a base I implemented an interface for the Linux Back Orifice client in Doom! Now you too can Play Doom while you Blow up Windows Machines!
http://www.geocities.com/doomhack/
Joe.
We do what we're interested in, what's fun, and what's within our resources, plain and simple. And we try to keep it funny.
Well said!! It was this kinda attitude that got me into the Internet long ago and it's this kinda attitude that the web needs more of.
Reading this article made me realise how much things have changed in the last 5 years. On the one hand I'm making money creating coroprate sites - on the other hand I miss the days when every time you turned your head, you found another FTP repository of bizarre text files ranging from Blue Box plans to ideas for wolrd domination.
(Whatever happened to the idea of paving the earth anyway??)
A little planning goes a long way...
"When will you start to do productive things ? "
I find it amuzing when people say "it wasn't really productive". Productivity is objective. I can sit all day and not "accomplish" anything physical, yet in my mind I have sorted out many things. Sure, people would say I'm lazy and using excuses. But I'm not.
The cDc has been "productive" as long as I have known of their existance. Whether playing practical jokes or coding BO or other hacks. They have contributed, at the very MINIMUM, fear to the software society. Enough fear to make SOME software vendors actually test their products before shipping. Aside from that, I could go on for hours on what they have done "productively", but that wouldn't be very productive now would it? *grin*
SL33ZE, MCSD
em: joedipshit@hotmail.com
SL33ZE - Artificial Intelligence is No Match For Natural Stupidity -
From the interview...
NT - Shit wouldn't happen if you'd just spend a few months performing 300+ modifications to our default installation, you lazy sysadmin. Get your MCSE.
Which is completely unlike the statement "Shit wouldn't happen if you'd just gone to Red Hat's ftp site to download the latest patches, trolled the newstgroups to find the appropriate HowTos, read BugTraq for three weeks prior to installation, been running the correct firewall, never opened any ports other than 80, never installed anything that had a 'd' at the end, and had Linus Torvalds personally supervising the installation. You stupid BillG-loving Windoze Luzer."
I would like to know how cDc can make blanket statments about WinNT5/"2000" security? Security issues are the primary reason OS's get delayed from ship at Microsoft. Are they basing this statement upon how difficult it was to crack RC2, which is a beta? I'm assuming they at least have used win2k...
-konstant
-konstant
Yes! We are all individuals! I'm not!
I don't see that as a contradiction. "Script kiddie" and "programmer" are not opposites -- the kiddiez are the ones who don't want to UNDERSTAND, not those who don't want to PROGRAM. There is a distinction, believe it or not.
And as for taking them seriously, the idea that swear words and slams will somehow cancel out the talent and effort that the cDc has demonstrated is laughable. They're not going in for a job interview. They aren't modelling this year's fashionable clothes. They don't need presentability because they aren't trying to pass themselves off as anything but a bunch of guys having fun being elite.
Nothing worth doing is worth doing today.
Yeah, especially for that underwear question... what's up with that?
--
Also - after reading this article I have no sympathy for cDc getting the shaft by several anti-virus makers - when your image includes swear words and thinly-veiled slams on serious questions about your group - it's very difficult to take you guys seriously.
Then you MISSED THE POINT!! They don't want to be taken seriously! They are doing what they are interested in and DON'T GIVE A SHIT about you or your opinion. Just because they don't consider programming to be the focus of the group doesn't make them skript kiddies. Programming isn't the main focus of my work either, does that make me a script kiddie? NO! It makes me a fucking Tech Guru. Just because someone isn't a programmer doesn't mean they can't program or should be considered a script kiddie. The CDC developed a useful tool and gave it away. That was just a side affect of their normal lunatic activities, which is exactly the way they like it. Don't blame them for not being 'Suits' just because you think they should be all stodgy and corporate.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Could someone please clarify something about BO2k for me? In the interview with reference to Back Orifice, they state:
A hell of a lot of people should be upset their computers are wide open.
Now, as I understand it, Back Orifice will not run unless the victim (excuse me, "remote client") voluntarily installs it or is tricked into doing so. cDc also repeatedly emphasizes that BO2k can be used as a legitimate administration tool.
Are cDc suggesting that if I can write a remote administration program for an operating system, then that system is "wide open"? On what system is this impossible? If there is such a system, isn't that a failing of the OS rather than a security plus?
I know very little about cracking, but it seems to me the only security compromise in the BO2k scenario is social engineering. "Click on this c00l zip file, dude!"
Where's the security flaw? The fact that, once I have user permissions, I can do bad stuff? I thought... well isn't that obvious???
-konstant
-konstant
Yes! We are all individuals! I'm not!
Win2k crashes on my friend's machine when you exit Unreal Tournament.
Oh, and the RedHat update thing? (the RedHat 6 boxes we code on have been up since the beginning of the semester).
More like, "You go to RedHat's website, download everything in errata (1 command on any decent ftp client, try lftp), and upgrade everything you have installed (also 1 command).
If you do read BugTraq, you'd know that both RedHat and MS have a pretty decent record for acknowledging security holes quickly. The difference is that MS recommends a cheesy workaround and says "wait for the next Service Pack" (which break things more often than not; ZD's Tips for NT Admins include not applying Service Packs unless you know you need them, which is sad). RedHat meanwhile posts the URLs for updated packages in their messages.
You are of course free to run whichever you feel is easier to maintain in a secure state.
Also - after reading this article I have no sympathy for cDc getting the shaft by several anti-virus makers - when your image includes swear words and thinly-veiled slams on serious questions about your group - it's very difficult to take you guys seriously.
/. is like a steer's horns, a point here, a point there and a lot of bull in between.
No, the cDc should be applauded for being intelligent and competent without trying to be conformist or "serious" in the eyes of management, bankers and other hellspawn. Any idiot PHB can clean up his act and his language, and because of that the rest of the world are hostages to these ridiculous customs. Fuck em.
-
BO and the 2k is a series of abilities already present in windows software. -just made so ANYONE can use it. Not just microsnot. The point is that Microsnot puts it in the system in the first place, and nobody knows or cares. BTW, Ive known and hung with these guys in the past, they are right. Dont read the fine print, look at the big picture of what they are trying to tell everyone, and act on it.
Since you've hung out with them, maybe you have an insight I dont. However, Microsoft does release software tools that administer Windows remotely, under the name Microsoft SMS (System Management Server). Their website is:
http://www.microsoft.com/smsmg mt/default.asp?RLD=263
I do not believe you are stating a fact.
-konstant
-konstant
Yes! We are all individuals! I'm not!
As far as I know, the cDc members are great programmers. BO2K is clever code. No script kiddie could come up with this. However, script kiddies use it aplenty (see their comments.)
Additionally, I don't think that having conflicting views goes against a group's unity. If anything, they seem to work well with diverse opinions. Isn't that exactly what the Open Source movement is, as a whole? You can't get two coders to agree on anything out there (e.g. KDE vs. Gnome, BSD vs. Linux), yet we still seem to work as a cohesive whole when the movement comes under fire.
Finally, I think anyone judging a product by the images or words it includes - as a deliberate slam, no less - deserves to miss the point. They claimed BO2K was a statement from the beginning, and it actually makes sense. Did you notice how much Microsoft security is coming under fire lately? I'm starting to get pro-Linux jokes from non-hacker friends in the mail. I don't think they've ever seen a Linux login prompt, much less know what ls does. But still, they're being critical of commercial products because of the sheer amount of macro-viruses and other crap that's been out.
I take the cDc guys seriously for one big reason: BO2K. They proved a point, however juvenile you think they are.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
Find here: ftp://vic.cc.purdue.edu/pub/tools/unix
-=-=-=-=-
-=-=-=-=-
My mom's going to kick you in the face!
For once, we seem to be the self-conscious hackers, the ones who want a proper media image and good public relations, and wish our movement would receive more public recognition. This is exemplified in the hacker/cracker debate that will rage on on Slashdot for years to come, I think.
The cDc are techno-anarchists with a slant for educating the masses despite themselves. I believe them when they say they release Trojans in order to raise awareness. I also believe it's working, to a degree, and that the sacrifice to pay for that is that the hacker image as a whole suffers.
I get the feeling our positions are at odds with one another. We both dwell in the "digital underground" (sounded like a buzzword to me, but hey, the cDc guys used it). We both want to "educate" the masses and show them that consumerism is not the best technological solution.
However, the cDc does so at the cost of their image, and we do it at the cost of efficiency. However, I think that the hacker world needs both kinds: inflamatory anarchists who take nothing seriously, and ethical workers who communicate with the world.
They're right on one thing, though: a cracker is something you eat with cheese on top.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
Reading these guys' statements, I couldn't help but think of something I read last winter, Hugo's Les Miserables. They fit so well with the group of revolutionaries from that, with the varying viewpoints and personalities all united in a weird way towards a common purpose of changing the world to a better place. I just hope the cDc fares better than Hugo's revolutionaries did.
That said, this was definitely a good interview. Lots of interesting stuff from a well known yet secretive group. Those of us who've come a bit late to the world of hacking can do very well to learn from the various different ideals of all the different communities out there. Thanks.
-Mike
Respectfully, I think I can reply to this.
Speaking as an Anthropology minor. In general, cultures don't "die out." They change maybe, or get assimilated by another culture. And maybe a culture will get wiped off the face of this planet by some grand catastrophy. But they don't generally "rot from within," as some people put it.
In other words, common decency and morals are completely relative. There is no universal standard. I'd bother to illustrate this, but most Anthropology text books do very well, so you might want to just look up cultural relativism. It's very interesting, insightful, and admittedly has some of it's own pitfalls.
On the other hand, AC raises some good points about the various catch 22s that exist in the U.S.'s current cultural climate. But his reactionism simply reduces his words to flame bate. He uses terms, such as "Politically Correct Liberal fascism," that are only really meaningful if you come from the same subculture as he does. Let's ignore those, and translate:
Because certain groups of people, called "minorities," are attempting to shrug off oppression, and other certain groups of people have given them a voice (academics, media, polititians, activists), we have something called "Political Correctness." The problem is that no one can quite agree on what is "Politically Correct." This is because each individual in any said "minority" has had a different experience. This is probably because our country is so incredibly big. In any case, this breeds conflicting messages, and these conflicts are extremely frustrating.
This, I think, is quite true. But it will work itself out, somehow.
-- "So far, I have not found the science" -Soul Coughing
I didn't say I agreed with it. I didn't say I like how the system works. But I have no sympathy for people that understand it yet ignore it, and then whine about how nobody takes them seriously. In the media, not only is image everything, it is the only thing. Why do you think linux isn't making as much progress in corporations as it should? Image - it's young and immature. It has nothing to do with the technical merits. Witness again a young CEO being denied entrance to comdex... the "image" that most people have about the under-18 crowd is why that happened.
--
I normally don't expect references to Richard Dawkins out of a hack group.. However, I believe that EVERYONE should sit down with a copy of 'The Blind Watchmaker' once. I've forced it onto most of my friends over the years, and have yet to hear a complaint. Insightful and about as gripping as any book on the sciences can be. Full of well-honed arguments and real-world cases to illustrate them. You'll want to read 'The Selfish Gene', too. They're both in paperback and still in print, so snag a copy off Barnes & Noble.
(I advocate the boycott of Amazon.com, and will until they stop all this obvious patent sillyness)
.sig: Now legally binding!
Barnes and Nobles, after their recent purchase, is now BOTH the largest retailer AND the largest publisher in the US (I believe). They put many small book shops and publishers out of business every day. I don't feel sorry for them. On the other hand, Amazon.com is a CUSTOMER of these small bookshops. Order a book in Great Britain and it comes from the tiny bookshop down the street. That's money that goes into small businesses pockets. That's more choice, and a much more open system. Sure the Amazon "patent" might be silly, but I'm not going to cry for Barnes and Nobles.
It's 10 PM. Do you know if you're un-American?
I still don't know much about cDc itself. Are your identities secret? Do lots of people know who you are or do you lead two lives or something like that?
Has the cult grown much over time, or is it a group of core members that have been around since the begining?
Do you see each other often, or at all? Or do you just communicate over the net using aliases?
Are you guys geographically separated, or do you all live in one area? Where do you guys live? Is the cDc in the US?
--
grappler
Vidi, Vici, Veni
And you are the type that makes the BOFH what he really is... a prick.
Exactly, if you're going to be an idiot I'm going to be a prick. If you have some desire to learn more than how to call me to fix your problem I'll be much nicer.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
BO[2K] are not administrative tools. Keep telling yourself that if you want, but they were built as cracker-toys. They're made to hide themselves so that "31337 |-|4x0Rs" could trick people into running them and then fuck with their those people's systems. The whole idea disgusts me.
Windows has some shortcomings (heh) but there's no security hole that BO exploits. The fact is, Windows is a single-user OS. It's not built to have permissions and security like a UNIX machine does. So to hear these crackers saying that they're just bringing to light what MS is trying to hide is ridiculous. The average users doesn't want to deal with logging in and whether or not they have permissions for a file. It's a trade-off that most people are willing to make for the sake of simplicity.
Oh forget this: The CDC can all go fuck themselves. They make me sick.
-----------
"You can't shake the Devil's hand and say you're only kidding."
The thing that was clearest in this Q&A session was the overwhelming difference between the 80's hacker and the 90's netgeek. The days when hacking meant figuring out how shit works, and when the morality of it was based on information must be free without any real other goals or intents was never as clear as it seems. There were always kids who attacked other sites for no good reason but a desire to show their stuff, wave their dick, be assholes without being caught. The same vandals who would egg a passing bus might take down a bbs using 99e99 or p1tt...
Hell, the notion that there were switches between me and the longdistance call was cool. The fact that you knew that somewhere there was a computer keeping track of billing was cool. The fact that you knew that it wasn't just magic was a big reason why hackers did what they did. To show that all the things that we take for granted are really exciting if you look at them, and the tricks you can do once you do that are amusing too!
Still I can't forget red blue rainbow black white lemonscented boxes that were supposed to do any number of things if you just followed these instructions and had a soldering iron. Script kiddies of the past.
What amuses me most in seeing this dialog is the sense that there is a productivity to programming something for someone else, that doesn't exist in the explaining the basis of such programs. cDc always was about the how it works and not how to do it. It was about giving you the manual, not selling you the source. OpenSource software is built on OpenSource knowledge of underlying systems. If we don't have the information we don't have the programs. To require a hacker to program for someone else is nonsense. The way you become a hacker is by having other hackers see you can do it yourself. Then they say, "He is a hacker" and you are. If you think you can become a hacker by doing it someone elses way, then you are silly. Original thought, exploration, lack of interest in authority, and a little bit of a desire to show off to people who might actually understand what you are talking about is what fueled the 'hacker' of the 80's.
The geek of the 90's is a different animal, with pratical usage of opensource being a commercial reality, productivity being a primary force behind contribution to a movement, love for knowledge being a real secondary. How many of the people on this channel have actually read their source code cause they wanted to know how it was done? As much as most of ya'll want to feel good because you know how to code, you don't NEED to code most of the time because someone else has done it, or done something close to it before. Hell the art of Unix is to take 5 programs that other people wrote and pipe your data through em without writing a bit of code.
Getting on cDc for being script kiddies is a joke. I am not even sure why we call them script kiddies. Using canned software is as old as the day. Yeah when I got my first modem I had to patch the thing through my game controler port to get dial tone detection, and wrote my first comm program in basic and assembler. When AE came into my hands, I never went back. Fact is that cDc may write tools that people who couldn't normally write, might find useful. Maybe cDc drops a few trojans into the mix... Maybe Microsoft gets burned on the ass because their marketers have whipped their techs in the internal battles so that nothing works right, but atleast it has the 'features'. cDc does what it does and doesn't apologize. The question of why they don't do more is very very well returned. Why don't you!
DLG
Though I disagree with your conclusions, you do make a valid point. The more "accessible" Linux becomes, through easy install, package management, newbie-friendly GUIs, and so forth, the less knowledgable ("brain damaged" to use your colorful expression) the average Linux user will be. This does bring with it a whole host of potential issues on how to preserve and improve Linux's good reputation WRT security. OpenBSD has IMHO found the correct approach, by being proactive about security issues. There is no reason this is incompatable with a system of managed .rpm or .deb packages, but it does require improvements to the underlying default configurations which have not been made yet.
.rpms, and .debs for all their various distributions. We all benefit from a level of responsiveness and security which Microsoft will be lucky to achieve sometime late in the next millenium. By adopting the improvements of other products, like OpenBSD, we can keep them green with envy until the universe goes cold, implodes, or whatever ...
We can fix it ourselves. The beauty of it is, when a security flaw is found, someone does fix it, and the fix propogates as tarballs,
The Future of Human Evolution: Autonomy
BackOrifice is a clever program, but it's not creative -- it's destructive. And the people who wrote it, distribute it, and proclaim long and loud what a great "administration tool" it is should be treated like the scheming anarchists they are. They shouldn't be called revolutionaries or treated like heroes. It doesn't help the situation at all.
-----------
"You can't shake the Devil's hand and say you're only kidding."
You really don't get it, do you?
Under windows 95/98/NT any USER can install a trojan, making the entire system vulnerable to attack.
Wait a second here. Have you ever actually used Windows NT? You know they do have this thing called an 'Administrator' account, quite analogous to root on a UNIX. When properly configured you can have as much control over a user as any UNIX. I know, I run NT at home (along side my Linux and NeXT boxen) and I've had plenty of instances where I could not install something because of the fact I was not Administrator. I mean I hate NT as much as the next guy (I only run it because windows is the only non-Mac OS I can use for my apps) but we dont need to make up lies and half-truths to talk about how crappy it is. There's plenty of real reasons for that.
-Rich
It seems to me, that, overall, BO2K is both a Good Thing and a Bad Thing.
A good thing, because it helps sys admins do their jobs in a much easier manner.
A bad thing, because there are a lot of script kiddies out there causing clueless 80 year old grandparents problems, etc.
IMO, the benefit of the good is outweighed by the harm of the bad. For every computer system that is made more secure through the use of BO2k, there are probably countless others that are penetrated and, in some way, harmed by delinquent teenagers. (I'm a teen still myself - I'm not getting down on my generation in any way - but it seems that younger teens are the main offensive group of BO2k users.)
The use of BO, me thinks, could be oriented so that 3l33+3 h/\X0r d00dz would not have access to it. Possible work arounds could be a corporate membership though a form of sorts. It would deter a large amount of lamers, while still allowing those who use BO for corporate purposes.
Granted, IMHO, the people at codc seem to truly be dedicated to anarchy, and are using this "security" front as a way as to not be decapitated through flames from security personel. It could be otherwise, but this is my take. I hope it is not so.
Also, there is the fact that there are already thousands, if not millions, of copies of the BO software already distributed, which could easily be aquired from a friend or a warez site. (And possibly newer corporate versions, if this feature were integrated. There will definately be people that figure out work arounds. Just because they use BO, they aren't necessarily stupid crap lamers. I know several very good hackers that use BO simply because it's easier that other methods.)
A mere
-------
CAIMLAS
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
-----------
"You can't shake the Devil's hand and say you're only kidding."
Netscape is pretty horrible. It crashes on a regular basis. Of course, when it goes down, only Netscape goes down.
I've had Gnome do wierd things and even had it take out my X Windows sever. That mean all X apps go bye-bye. Of course, the OS was still intact... respawned the server and invited me to log back in.
By far the worse I've had is trying to launch Quake once and it seemed to crash, leaving me with a mangled terminal. The OS was still intact. I could log into it remotely. Of course... I couldn't get to another virtual terminal or back to my X Windows session. I'm sure there was a way to fix this (someone please clue me in if you know). I had to reboot to clear it. Of course... having said that... the OS was actually still running along (a moot point since I couldn't do much with it - probably due to my ignorance).
So there's my worse experiences. What's yours?
As a side note - I use linux as a desktop OS for home and work. Very nicely. The odd thing is, I have also been known to use NT as a desktop OS too. "Linux" and "WinNT" don't always mean "server". 'Course... "Win9x" does usually mean "game machine". ;)
See my friend, it's like this... Microsoft has decided that the common mass of chickenheads that use their software, should not have to be burdened by trivial things like passwords, or user id's. And Therefore they have gone to great lengths to "protect" said chickenheads from this burden. The Scenario: Let's say that Mr. Stew Pitt is doing some online banking, and Internet Explorer caches his userid (SSN) and password, so that Stew won't have to take the trouble to type it in again... Stew thinks "Hey Great! Less to remember! You gotta love that Microsoft..." -Meanwhile- An evil malicious script puppy known as Phil Mypockets is about to send Stew a Trojan that can decrypt the cache file where IE has just saved the login and password for Stew's online banking account. Stew hears the familiar "You've Got Mail!" and sees that there is a "software update" from a helpful "AOL Support Rep". Stew quickly clicks on the attachment... seconds later Phil Mypockets activates the Trojan that has just been unwittingly installed by Stew. -yata yata yata- Phil Mypockets clicks the "enumerate passwords" button on the "trojan-control-panel", unloads Stew Pitt's bank account, and retires in Bora Bora... The Problem: Stew is fucked... he doesn't suspect for a second, the true reality of what has happened... Neither the Bank nor Microsoft are interested in investigating (or publicizing) the possibility that Stew has been "hacked"... therefore, the problem continues... Phil Mypockets tells all his pals how "They Too Can Retire In Bora Bora" and more people get fucked... The Solution: cDc releases BO... they aren't quiet about it... in fact, it's a media circus. Mass hysteria quickly ensues. It's on the cover of every tech rag, it's on the news... Sam fucking Donaldson is doing a special on the Monday evening news entitled "Is the Internet Safe?"... Microsoft gets dogged... they have to respond... yata yata yata... things get done... slowly, things change. "Evolution Morpheus, evolution." The Difference: What most people don't seem to understand is that this shit is out there, happening, everyday. The cDc just publicizes it... that's what makes them the good guys. If they wanted to, they could sit there and code these tools, and then quietly use them to fuck people over. But they don't, and that's the difference. -kill-9
Yes they've written some interesting software. So have alot of other people.
One of the cDc guys even said something to the effect of "no matter how good you are, there is always someone better out there". Maybe they should listen to themselves and drop the attitude.
What about the claim that BO2K shows how "wide-open" your machine really is? Give me a break. That's like saying "Hey - your Linux machine is wide open because I can install a daemon on it if I am root".
Whatever.
These guys get way too much attention turned their way just because they can spout a few bad words and act like they are l33t. I tend to be more impressed with people who contribute software without caring who notices.
SEAL
You're right - it is easier to not lock the doors on your car. You'd be a fool not to use key-based security on your car. I think anyone who uses a non-secure OS is being equally foolish. That said, it's definitely not my choice to make for someone else. Moreover, if you decided to use a push-button ignition, I would not take that as a green-light to break into your car. Doing so would be just as illegal as if you'd put an electric fence around it. Whether or not it's easy has nothing to do with it.
-----------
"You can't shake the Devil's hand and say you're only kidding."
-----------
"You can't shake the Devil's hand and say you're only kidding."
If I'm running as root on my Linux machine and I get tricked into running a trojan horse, or an undetected buffer-overflow allows someone to get as trojan onto my machine, what then? Then that trojan can do JUST as much damage as if it was on the Win98 machine.
So what would you suggest MS do about it? User awareness of the dangers of trojans is a great idea, but it's the only thing that helps to prevent them. I don't blame MS for allowing BO[2K] to crack people's machines, I blame people for being stupid enough to run stuff like "freepics.exe". The only solution would be to make Win98 a multi-user, permissioned operating system. I guarantee you that most users out there do not would choose to stick with what they've got, rather than go through the hassle of learning about read/write/execute/ownership. Even if they knew that it would help to prevent Trojan attacks.
-----------
"You can't shake the Devil's hand and say you're only kidding."
That's a ridiculous analogy, right? Or is it? I agree with you; awareness of trojans needs to be raised. But not by helping to spread them. You're arguing that, by writing/distributing BO[2K], the CDC is helping to prevent trojan attacks. If you believe that then I've got a bridge to sell you.
Look, the CDC has been around long enough for us to understand their MO. They like hacking systems. Moreover, they like helping other people hack systems. They didn't release BackOrifice to stop cracking. Yes, you can use BO2K as a serious admin tool, but that's not the issue for me. The issue for me is the motive behind the release, and the stupidity that anyone in their right mind would believe the hot-air that comes out of the CDC's mouths. They're crackers, plain and simple.
-----------
"You can't shake the Devil's hand and say you're only kidding."