Yet Another Article on Hacking

metalgeek writes "CNN conducted two interviews about hacking. One with Emmanuel Goldstein is the editor-in-chief of 2600: The Hacker Quarterly. The other is Dr. Charles Palmer, one one the head security guys at IBM. fairly well written article over all."

Credentials

[deefer]

"hacking is the only field where the media believes anyone who says they're a hacker."
Finally. Would MTV please take note?

Still, given the industries recent propensity for requiring certification (CLP, MSCE etc), does this mean that there will be a H4X0rZ certificate? :)

And who will administrate it? Will there be one for NT, one for BeOS, and another for each implementation of *NIX? Must Red Hat start giving the Linux certificate?
Still, can't wait for the new business cards - John Smith, BSc (Hons), h4X0R d00d...

Exam paper for Linux h4X0r d00d accreditation: Pick ONE of the multichoice for each question:
Q1) Packet sniffing is:
a) Using an NIC on the network to examine other traffic not addressed to that NIC.
b) What your dog does to strangers' crotches
c) What the Postal service does to suspicious mail
Q2) A buffer overflow exploit is
a) A data storage area can be flooded with a bit stream, enabling hijacking of the IP register to execute custom code.
b) didn't malloc() properly.
c) Shoe shine boy cleaned your shoes twice & charged you ten times the going rate.
etc...
---------------
NT h4X0r d00d exam as provided by MS
Pick ONE of the multichoice for each question:
Q1) Describe the NT security model
a) Any breaches are hypothetical
b) Any breaches are hypothetical
c) CDC are liars
Q2) Describe B02K
a) A malicious hacking tool
b) A malicious hacking tool
c) CDC are liars
etc....
And there'd have to be a grade at the end of the exam:
0-45% ScriptKiddie. Go back to AOL, stop trying to pass B02K off as your own, and QUIT WANKING!
45%-60% Wannabe. Keep trying!
60%-80% h4X0r. Stay away from milnet, you still aren't covering your tracks.
80%-100% 31337 h4X0r d00d!!! |/\|3 ph33r U! P13323 d0n7 h4X0r u5!!!

Then and Now: Apples and Oranges

[Tackhead]

Once upon a time, "breaking into systems" was the only way you could have more power and connectivity than an 8-bit microcomputer and a 300-baud modem making local phone calls. Today, with Linux distros available for free (remember when paying SCO ~$1000 was the only way to run Linux on hardware that cost less than $10000?), and the 'net being just as cheap as phone service, everyone has root on their own machine. The days when learning about "the big iron running the a Real OS" required breaking into someone else's machine are over.

Today, hacking in the sense of "doing cool stuff with a real OS" (as opposed to, say, reverse-engineering assembly code as part of a copy-protection defeat) doesn't require breaching the security of third party systems. Rather, it's now about knowing how your own system works.

For anyone who hasn't yet read Stephen Levy's "Hackers", (I, like many, was inspired to re-read my dog-eared copy upon the recent /. review), go read it. IMNSHO, open source has become the canonical embodiment of the original TMRC-era philosophy: "Always yield to the hands-on imperative".

> But if you're mobbed by people who are looking for free phone calls, software or exploits,
> you're just an opportunist, possibly even a criminal. [ ... ] While it's certainly
> possible to use hacking ability to commit a crime, once you do this you cease
> being a hacker and commence being a criminal. It's really not a hard distinction to
> make.

Thank you, Mr. Goldstein, for making the distinction. Why the media has steadfastly refused to pick up on this for the past 10-12 years is both unfathomable and unforgivable.