FREQUENCY : inside the hacker mind FREQ28 January 2003 COVER – www.hackermind.net/images/Freq28.gif =========================== 1. “Ethical Behavior in the Digital Age” 2. Disclosure 3. The Dangers of Simplicity 4. Above the Law 5. Counter-Point 6. You Might Be A Hacker 7. Random Stuff From the Net 8. Crosstalk 9. Closing Arguments 10. Crew ============================ “Read with me to find the key.” 1. “Ethical Behavior in the Digital Age” As children, most of us learned right from wrong. If not from parents or teachers, then from the realities of life itself. We knew hitting someone was wrong, we learned it was polite to hold doors, and no matter how often countries went to war, we were assured fighting solves nothing. Now the world is different, new forms of communication have been developed, and with them new ways of interacting. If you’re reading this, odds are you’re one of the people that understand a great deal about “how it all works.” You possess an understanding far superior to many others, even so called “experts.” But as the introduction to the previous issue pointed out, there is a fear associated with knowing too much. Those that have the know how are seen as threats, so naturally, you’re probably seen as a someone to watch out for. This, however, does not mean hackers and others who understand technology go around abusing the power they have obtained. Then again, with laws and governmental agencies insisting hackers are a major threat to the well being of our society, who’s definition of “right” and “wrong” do we go by? When are hackers truly being unethical, and when are governments and politicians simply unable to comprehend what it was they actually did? A common theme in issues of late is sniffing, we always seem to go back to it. There’s a reason for this, not only is it one of the most popular topics of debate when it comes to ethics, it’s also so easy to do. Many of you probably have wireless interface cards, and I’m sure you get a kick out of wardriving. It’s the hacker spirit at its finest, seeking out new ways of getting connected to the net, seeing what you can find by actually driving down the street, and learning more and more about the technology the whole time. Yet you’re also crossing what many would consider the ethical line, you’re doing something you shouldn’t. It’s here we get those ever popular definitions, blackhat, greyhat, and whitehat. What do these mean? Are they accurate depictions of behavior? The first problem with these labels is the matter of definition. According to searchsecurity.com, “White hat describes a hacker (or, if you prefer, cracker) who identifies a security weakness in a computer system or network but, instead of taking malicious advantage of it, exposes the weakness in a way that will allow the system's owners to fix the breach before it is can be taken advantage by others (such as black hat hackers.) Methods of telling the owners about it range from a simple phone call through sending an e-mail note to a Webmaster or administrator all the way to leaving an electronic "calling card" in the system that makes it obvious that security has been breached.” Using this definition, let’s consider little Johnny who breaks into a corporation’s main server using nothing more than a little social engineering and a Linux exploit. Assuming Johnny notifies the corporation (thus risking prison time) before he informs the world, he is, by definition, a white hat. Unfortunately, even once that particular corporation is patched, he prints his findings in 2600, giving the information to everyone. And as many would argue, “exposing” everyone else with the same vulnerability to the evil hackers out there. What do we now consider him? White? Black? Grey? He had good intentions, but if we listened to the security professionals and government agencies out there, he is doing far more harm than good. I’ll let you decide on your own what little Johnny is, but if no one can decide what to label him once and for all, what’s the point of labels in the first place? The Yin-Yang, in all evil there is good, and in all good there is evil. No being is completely one or the other. I may report every vulnerability I find, but should I sniff someone’s connection for a laugh, I’m no longer a white hat. To you, and the rest of the world, I may be…but deep down I know I’m not. What am I? Grey? Who can say for sure? How could there be white hats, and black hats, if we’re all just human beings? Most importantly, the point of this article in fact, whose definition do we follow? “A white hat programs code all day, they don’t break security, that’s immoral!” “A white hat may break security, but they always report what they find!” “A white hat may publish what they find in a magazine, but they never use their knowledge for malicious purposes!” Three distinct opinions of the same thing, similar to the way everyone has differing thoughts of what a hacker is. Let’s push aside the discrepancies and focus on right and wrong. Reading someone’s email, clearly wrong. Viewing someone’s internet traffic…wrong, but it’s not private data stored in their computer, it’s just an http stream going through your computer. Hacking into a computer, wrong? Right? For what reason did you do it, what computer did you get into, did you cause any damage? It’s hard to say, when considering a massive database used by a company, getting access might not sound all that violating. When a user’s home computer comes into question, then it might feel a bit more wrong. What if they had open shares? Those are intended to be, well, shared…is it still wrong? This is not meant to drive you up the wall, only you show you how right and wrong is not always black and white. In the physical world, taking something from someone is wrong because you’re depriving them of something they own. Online, it’s possible to make a copy of something without doing any damage. Other differences exist, but I’m sure you can think them up on your own. In the end, people usually have their own definitions of right and wrong, so maybe it’s a personal thing. Black hats, for simplicity, people who do more harm than good, will rarely see themselves that way. One person’s white is another’s black. To listen to government agencies who know nothing about computers, a black hat is anyone who even thinks about doing damage. To a kid who breaks security for fun, a black hat is someone who damages the machine or its data. To others, a black hat reports what they find to the world. All I ask is that before you label someone, or yourself for that matter, consider whose definition your following. What you consider ethical, someone else may consider completely inappropriate. This was an intro that I had on my mind for a while, and while I could go on and on, I think I’ll end it there. To sum up my feelings on the matter, labels such as cracker, black hat, white hat, grey hat, lamer, script kiddy, and so on seldom describe a person for all their worth. Someone may use a script to do something malicious, and then code a program to help secure systems all over the world the next day…what are they? I can never decide, which is why I see labels as a bad idea. I’d rather judge a person based on who they are and how they act, not label them one way or the other. But hey, that’s just me. Also, the “Most Wanted” section has been removed due to a lack of interest…but if you have something you just need to stick in the zine, feel free to email me. Now, I’ll gladly shut up so you can enjoy Freq XXVIII. -screamer ================================================================================= 2. *** Disclosure *** By: Sad is Tic [444 5 6 623 623] I was glancing through my securityfocus.com newsletter recently when I finally discovered something. I have no idea how long this has been in effect, but something I used to hold near and dear is now gone. Exploits. Visit securityfocus.com and search for all your favorite vulnerabilities, notice something? That’s right, every exploit has been removed (at least, everyone I checked for). There’s two ways of looking at this. On the one hand, not posting the actual exploit code could help cut down on script kiddies who went there for no other reason than to grab a tool to break the law. On the other, it silences information that could help inform people about how exactly the vulnerability affects their systems, thus adding to the knowledge base so people can look for these problems on their own. As an avid, albeit somewhat beginning, programmer, I used to love looking at the exploit code. It allowed me to see first hand how the vulnerabilities could be used to elevate privileges, etc etc. And on more than one occasion I was able to spot similar flaws in several programs I had developed. Would I have seen this without understanding how someone could exploit them? In a word, no. I could read about the theories behind a possible exploit until I was blue in the face, but until I saw someone actually make it happen, I could never really comprehend the problem. Securityfocus.com used to be a place that educated, now it merely informs. “Oh, this has a problem,” or “such and such has a hole, click here to fix it.” That’s great for people that know nothing about computers, but what happened to the former environment of learning? Where you could read about vulnerabilities, see how they worked, try them out for yourself, and get an overall better understanding of the problem? Was that too “hackerish” for them? Did they want to appeal to their corporate sponsors? Or did they just not want the DMCA coming after them? I don’t have the answer, but if anyone does please let us know. The trend of branding certain information “bad” is only going to continue, especially with the aforementioned DMCA. Write a program, go to jail. Doesn’t matter if you never used it, never intended for it to be used for illegal purposes, or never even distributed it! By merely possessing it, or god forbid, writing it, you can face criminal prosecution. I hope we can show that computer programs are not the enemy, they’re just lines of code. Before I conclude, I should humor those of you who disagree. From what I’ve heard through the grapevine, a number of security professionals congratulated securityfocus.com on it’s new strategy. They feel it will cut down on script kiddies, while continuing to allow true hackers and security pros alike to get the information they crave, and then use it as they will. After all, if you’re a real hacker, many feel you should be able to write your own exploit code anyway. Damn, I’m still in the process of learning (theoretically, aren’t we all?), and I sure would love to have all sides of the story…but I guess that damn exploit code is a bit too dangerous. Whether it’s their fault or not, I’ve lost interest in Security Focus. If I wanted patches I would go to my vendor’s site. They were a place I turned to for in depth information, but now, those times are behind us. The new world is upon us, and it’s a world where full disclosure is a terrible thing. It’s Microsoft all over the globe, security through obscurity. [.html] ================================================================================= 3. *** The Dangers of Simplicity *** by: Greenwich Mean daisy* As a programmer of five years, I’ve come to realize that more and more hackers are getting their information from all the wrong sources. First, a little history. on* As a teen, I would visit my local mall every weekend to spend whatever allowance I had, but not on the usual stuff other people were buying. While they grabbed up CD’s, movies, junk food, clothes, video games, and everything else you could think of, I was in the bookstore. I was not an outcast by any means, I just enjoyed seeing all the information that was available to me. Each book, once thoroughly consumed, would make you that much better at computers. I suppose it was hacker ego, but I wanted each and every one of them, just to say I knew it all. Money, however, said otherwise. I could afford maybe one book a week, and naturally I seldom got through one in just seven days, so in reality a purchase was not made every weekend. Still, I gathered up quite a collection. From books on C, C++, Unix, Vax/VMS, Visual Basic, to the books that dealt with computational theory, the ones that no teen had any business buying. I ate them up, dove into them as soon as I got them home, making myself smarter by the minute. Today, I seldom hear about kids reading books on computers. From my experience, a great number of them learned by reading text files, or “The Guide to Mostly Harmless Hacking.” They open 2600, try a few things that are written out in detail, and then consider themselves elite because they made something happen. To me, we have morphed from a collection of computer enthusiasts who will do anything to learn about computers, into a bunch of posing wannabes who are too lazy to pick up a real book and read it cover to cover. Where’s the love? Where’s the desire? Where’s that hacker spirit? the* Ask many hackers today if they want to read a book regarding nothing ncurses programming, and they’ll most likely ask, “What can I do with it?” What this means is, what can I break into with it? Well, as far as I know, nothing. On the other hand, ask them if they want to read a text file about how to exploit an Apache hole, and they’re all for it. The fun of learning for the sake of learning is gone, today many hackers merely want the goods, and not the work that used to go along with acquiring them. At the risk of sounding like an old fuddy duddy, I should mention I love 2600, Phrack, and even those Harmless Hacking guides have their moments. I guess my point is this: in my time the fun was in figuring things out through hard work and dedication, allowing yourself to get truly educated. No one learned about exploits from text files, we learned them through programming books. Sure, text files can be a lot of fun, and some can give you some great ideas, but it’s that underlying understanding that’s most important. If you don’t have that, and all you want to do is use someone else’s work, aren’t you nothing more than a script kiddy? Simple articles and “how-to’s” can be fun to read, but when they are relied on as the end all, be all source of information, the hacker population can only go downhill. altair ================================================================================= 4. *** Above the Law *** By: Screamer Chaotix You’ve probably found yourself doing seventy five on the highway at one point or another, and realized you better slow down. Accidents are nothing to laugh about after all, and why kill some mother and her five year old coming back from the toy store, just so you can get to work thirty seconds sooner? You press down on the brake, ease off the gas, and gradually drop down to sixty or so. Suddenly, your car shakes, a sound of thunder roars through your ears, and before you know it, another car has flown past you at over one hundred miles per hour. It’s a State Trooper. He’s probably off to save someone trapped in a traffic accident, or in hot pursuit of a suspect. Funny, his siren isn’t on. The same tale could be told a thousand different ways: the cop who runs the red light, the cop who lets his friend abuse narcotics, the cop who would never give his fellow buddy in blue a ticket. We’ve all seen things like this a hundred times in our lives, and certainly many have seen far greater injustices. They’re paid to uphold the law, to protect the innocent, and serve the public. Yet these police officers; local, state, and even federal authorities, are often worse than the general population. If there’s no other reason to explain their behavior, one likely possibility is that they’re only human. They possess the same flaws as you or I, the same human imperfections that lead regular joe’s to break the law. So why hate them? This question is much easier to answer: abuse of authority. The officers you see breaking the law are in a position to make your life a living hell. If nothing else, they can take risks that you or I are not allowed to take, simply because there’s no one to stop them. Should you do the same thing, you may be given a ticket, or thrown in jail. Abuse of authority in it’s simplest, most purest form. I’m reminded of a girl from a past law class, one who insisted her father (a Sheriff) had every right in the world to speed as fast as he liked. Her reasoning behind this relied on her father’s training as a police officer. He had been schooled in how to drive with the best of them, and therefore, deserved the right to break the traffic laws. She confessed her father would fly down the highway, with her in the car, in excess of eighty miles per hour for no particular reason. Undoubtedly he had spent a lifetime telling her something to the effect of “I’m trained, but don’t you do that.” Thus engraining in her mind the concept that breaking the law, and risking the lives of others, is alright as long as you know what you’re doing. By that rational, race car drivers should be allowed to fly down the road…I wonder if the cops would let them off the hook. Disgust is what most people feel when they see such violations, but it does not lie solely in traffic offenses. Computer hacking is also very much a part of new law enforcement techniques, as was the case with Vasily Gorshkov and Alexey Ivanov, two Russian hackers who were tricked into the United States. Using the information the hackers provided the FBI with unknowingly, the feds managed to hack into their computers overseas and gather all sorts of information against the men. This type of thing typically outrages people of all types, not just computer hackers. The idea that the federal government would break the law just to apprehend suspects is something that goes against all moral ideals I can think of, especially when they insist such activities are the work of terrorists. Maybe they are, in their minds. But these same acts are clearly not the work of terrorists when they’re the ones gaining something from it. The hacker who does something similar out of pure curiosity faces stiff legal repercussions, and may have to go up against prosecutor’s such as Christopher Painter, who’s lack of technical understanding makes you wonder if he knows what the defendant did. It’s not fair that law enforcement will probably never face these situations, but are we hopeless to fight back? One thing to do is report everything you see, especially if it’s an ongoing thing. For example, here in my home state, the Merritt Parkway is a haven for speeders…unfortunately the State Troopers are the ones doing a lot of it. By reporting their activities to the FBI, I may be fighting a futile battle, but if enough people do the same the feds will step in. And while they themselves can’t be trusted, they’re probably no fans of the State Police and are fully capable of dealing with their indiscretions. For federal abuse, lobbying your representatives is probably the best bet. One voice will never be heard, but by spreading the word on public access television, through flyers, and of course demonstrations, you can gain enough support to actually make a difference. For more information on reporting bad cops, visit www.badcops.info. -screamer 5. *** Counter-Point *** The following is a “point, counterpoint” session between Screamer Chaotix, editor in chief of Frequency, and Dalton Logan, a student at a Connecticut University. The opinions expressed below were gathered from IRC and put together as shown for easier reading. Questions were asked by a fellow student for the purposes of a study regarding computer hackers/hacking. Q. What is a computer hacker? Screamer Chaotix (SC) – A computer hacker, simply put, is a person who enjoys playing with computers. Going beyond a mere hobbyist, they seek to learn all they can about the machines and to make them do incredible things, sometimes things that were never even thought possible. Dalton Logan (DL) – A computer hacker by today’s definition is an individual who uses computers to perform digital pranks, and in some cases, crimes. In the past, computer hackers were exceptional programmers with a love for creating software, but with the creation of the internet and readily available tools, hackers have morphed into computer outlaws in many cases. Q. Can hackers benefit society? DL – If referring to master programmers, absolutely. If referring to today’s hackers, who are only interested in exploiting technology, I find it highly unlikely. Many of them claim their exploits actually improve security, yet few bother to create patches for problems. As long as exploiting and breaking into machines is more fun than improving computers, they serve little use. SC – It’s not fair to ask such a question. After all, how does a basketball player benefit society? They do what they love because they love it, and that’s that. I could go on and on about how hackers have pointed out flaws and protected millions of people, not to mention saved them money by revealing scams, but I’ll leave it at that. Q. What is your take on the hacker subculture as a whole? SC – Like many subcultures, it’s highly misunderstood. This misunderstanding extends from fear, caused mainly by a lack of computer knowledge on the part of the general public. If you don’t understand how something works, you tend to fear those that do, and may even make claims that they can do anything. Aside from this, hackers are usually a friendly group who are anxious to share information and get a better understanding of the computers that connect the world around us. By attending a hacker conference, such as HOPE or HAL, you can see the camaraderie that develops between people who share a common interest. DL – I’m certain Screamer is correct, hackers probably are very friendly, but only to other hackers. If a regular guy off the street tries to set up a business online, those same hackers are quick to get into his servers and make note of every single vulnerability he has. I won’t go so far as to say they’ll cause damage, but I doubt the man just trying to earn a living online will see it as harmless exploration. He’s more likely to view it for what it is, an attack. Screamer, and other hackers, feel safe that their peers won’t damage their computers. You and I on the other hand, we’re open game. And to anyone who says that the hacker subculture are a group of fun loving technology enthusiasts, just look at the name my debate partner uses. Anyone who has to hide behind an alias clearly shows what kind of life they lead. ---> Q. What about aliases? Are they used to hide one’s identity? SC – Handles have been used since long before the internet. They’re not used as “aliases”, because frankly, they don’t work. Dozens of people online know my real name, and that’s fine. Besides, not only hackers use handles…when you enter a chat room, do you always use your real name? The name you choose is a way of identifying yourself the way you want to. DL – Using a handle in a chatroom, and using a handle for virtually everything you do are two different things. My point on the matter is that hackers are not doing actual research, or just having innocent fun, if they have to mask every move they make behind a made up name. Q. Do hackers pose a threat outside of computers? DL – Hackers, by their very nature, are known to be troublemakers. If you’ve seen the documentary “Freedom Downtime,” you see several hackers using a modified ham radio to speak through an external speaker outside McDonalds. The film shows they’re only having fun and not doing any harm, yet how would you feel if someone did that to your speaker? If a group of hackers asked several young girls to take off their clothes for food, wouldn’t it bother you? When you’re the one responsible for any lawsuits that may come about, you too would be a little upset with people like that. Again we see how a hacker’s idea of harmless fun could actually wind up causing damage, even if it’s not intentional. SC - We keep coming back to the idea that hackers are the only ones that cause damage, when in reality, most crimes are committed by a different kind of person…the criminal. A person who loves technology is not automatically a crook, in fact, they’re usually intelligent enough to know that crime doesn’t pay. Mr. Logan makes it seem like hackers are the only ones that pull pranks, yet ironically, if the group of hackers were a group of frat boys, he probably wouldn’t even give it a second thought. The menacing image of the hacker that has been perpetuated in the common media typically generates a feeling of disgust for those that understand how these technologies work. Anyone else, it’s just a prank…but when hackers are involved, it’s a possible felony. Q. Hackers have done wrong in the past. Screamer has made clear through his radio show that as long as no damage is done, he finds most hacks to be morally acceptable. Screamer, when do hackers cross the line? SC – Not counting people who only use the computer as a tool of crime, hackers may cross the line when their curiosity regarding technology puts someone else’s property in jeopardy. I’ve never supported invading a users home PC, because there’s nothing to be learned from that. On the other hand, sniffing a network connection is different. Cars drive by my house all the time, if people believed no one could see them, would I be obligated to not look out my window? Bottom line, causing damage in anyway is crossing the line. Invading someone’s privacy for the sole reason of getting a laugh is wrong. There are others as well, but I think that sums it up. Q. Hackers have done right in the past. Dalton, when do hackers do good in this modern age? DL – I have nothing against open source software writers, people who try to improve technology and make computers easier to use. These hackers are doing good. Screamer may feel hackers are not required to do good, but even if I wanted to go street racing I couldn’t, it’s against the law. Q. To conclude, please explain what future you see for the hacker world. DL – I see hackers causing more trouble and acting as though they’re doing good for the world. It’s quite ironic how they all seem to want to “one-up” the next guy, they all talk about how many machines they’ve compromised, and how elite they are…and yet still claim they’re benefiting society. They will continue to hide behind aliases, write exploits that do nothing but make millions of innocent people vulnerable, and argue that they should have a right to do so. They will forever be a disgrace to the hackers of the past, the law abiding computer lovers that created Generation D. SC – Hackers will continue doing what they’ve always done, understanding technology and sharing all their findings with the world. They will educate, inform, and reveal to the public just how much technology is used against them. For this they will be labeled as criminals. As we enter a world where knowing how to do something is the equivalent of actually doing it, more and more people will find themselves behind bars for crimes they “most likely” committed, or “would probably” commit. It’s a scary notion, but by spreading the word, hackers can show the world that hiding information is the wrong way to go. ================================================================================= 6. *** You Might Be A Hacker *** [222 333 3333] Top ten signs you yourself may be a “computer hacker” (ooh, ahh) X. You wish you had 16 fingers to count in hex. IX. Your idea of hardcore porn is a process spawning a child. VIII. You worry your term paper won’t compile. VII. You force your friends to refer to you as “The Great Regenerator.” VI. You don’t know any of your friends real names. V. A wild Friday night usually involves scanning a network and calling a bridge. IV. For term papers you end every title with “For Fun and Profit.” III. You wish everything was written in assembler and think C is for sissies. II. A dog on crack could spell better than you. I. 0101100101101111011101010010000001101111011011100110110001111001001000000111001001100101011000010110010000100000011000100110100101101110011000010111001001111001001011100000110100001010 Top ten signs you might be really, really lame. X. Your name is Zero Cool or Neo. IX. You have stickers on top of stickers on your laptop. VIII. The last time you tried to program, the compiler’s error read “what the fuck?” VII. You wonder why this perl code won’t compile. VI. You claim Phrack is beneath you. V. Your nmap scans always come up empty. IV. You beige boxed your own damn house. III. l33t $p34|< 1$ r33t! II. You want to hack a Gibson. I.You really don’t know anything about programming or computer hacking, you just kinda idle in IRC all day. Top five signs you know nothing about computers. V. You have champagne ready for when you finally get it turned on. IV. Windows confuses you. III. Hackers can do anything!!! II. You don’t care what they do, just as long as they work. I.The only solution you can come up with is to reformat. Top three signs you might be Screamer Chaotix. III. You wake up and hope you didn’t do anything too stupid the night before. II. Operators greet you by name. I. You never know when to shut up. ================================================================================= 7. *** Random Stuff From the Net *** -------------------------------------------------------------------------------------------------------------------------- From: Michael Costa To: Date: tuesday, 30 May 2000 4.52pm Subject: Walter Chin Photos of Eva Herzigova CEASE AND DESIST ORDER FOR ALL EVA HERZIGOVA PHOTOS BY WALTER CHIN Let this serve as a 30 day notice to cease and desist all electronic publishing of Eva Herzigova Pictures by Walter Chin that appear on your website. The copyright to these photos are owned by the photographer Walter Chin and his assigns Marek & Associates. If these photos are still available on the internet after said time, we will be forced to pursue further action. (p.s. Walter Chin's electronic publishing syndication rate is $2000 per picture) Thank you for your attention to this matter. If you have any questions please do not hesitate to call me at 212-924-6760 Michael Costa Marek & Associates 170 Fifth Avenue 7th Floor New York, NY 10010 212-924-6760 212-206-0253 fax [A note found online ordering a website owner to remove copyrighted pictures, in this case of supermodel Eva Herzigova. It’s amazing, not only does this person assume he can control where and when his client’s photos appear, he also says the price to put them online is 2000 American dollars, per picture! Do you have to pay that much to use them in a psychology presentation on our images of “perfect beings”, do you have to pay that price to show a friend? No, but even though know one questioned their rightful owner, or assumed the site had taken the photographs, Mr. Costa still seems to think he has a right to say who can put them on the net. How about this, if you don’t want people seeing your work, don’t take the pictures.] -------------------------------------------------------------------------------------------------------------------------- [yale.edu] (You may think twice about going there for computer science.) Workstation Support Servers wss.yale.edu buster.its.yale.edu research.yale.edu classes.yale.edu Computer Science Central Servers plucky.cs.yale.edu netra.cs.yale.edu supermax.cs.yale.edu cyndra.cs.yale.edu cs-www.cs.yale.edu crystal.cs.yale.edu haskell.cs.yale.edu Other Servers compl-print.lit.yale.edu hilbert.math.yale.edu lw2.cs.yale.edu lw4.cs.yale.edu mermel.haskins.yale.edu nmr500.med.yale.internal nmrdata.med.yale.internal paul.haskins.yale.edu sachem70-printer.polisci.yale.edu smokey.haskins.yale.edu supercool.german.yale.edu wavebw.cs.yale.edu yale172023202108.med.yale.edu zoo-alw.cs.yale.edu [Thanks to a great article in the Linenoise section of Phrack 60, all these servers could be found by using software known as “Big Brother.” It should be noted that these were all listed on publicly accessible webpages, but after the Phrack article was released, they were promptly secured with passwords. You can no longer monitor Yale’s network, but thanks to Google’s cached pages, the names of all their servers will be there for some time to come.] 8. *** Crosstalk *** > Frequency, In regard to the Freq27 introduction “The Fear Remains,” I too have come under the wrath of those who feel the knowledge I possess is “dirty.” I can’t say I’ve been hated, or even feared for it, but I have had plenty of job opportunities shot down by people who realize I never took a computer class in my life. I carry no certifications, yet am perfectly capable of installing, maintaining, and troubleshooting a network. This means little. If you don’t have the pretty certs on your resume, or the big ivy league schools, they won’t even consider you. It’s ironic when you consider they’re probably turning away the best of the best, in favor of some pretty boy who graduated Yale on his parents dollar. [Zero Effex] REPLY> I feel your pain! In the school I attend, the teachers always say it’s your know-how that matters, not your certifications. They claim businesses want people who know what they’re doing, and a piece of paper does not guarantee that. In theory this is absolutely correct, but as you pointed out, try getting a job without a certification on your resume and you’ll see the reality of it all. Hopefully if you get some certifications you’ll have better luck, but as many of us know, they’re very expensive and require hours of monotonous studying. They don’t care if you know the stuff you NEED to know, they want you to know how the pins were arranged on 286 processors. Oh yeah, I face that problem everyday. –screamer > Frequency, Congrats on a great intro, “The Fear Remains” is the best yet if you ask me. I think school is a good thing, but agree that teaching yourself is considered a “no-no” in this day in age. The more you know, the more of a threat you pose apparently…as though everyone who understands computers wants to rule the world or something. Just try pointing out a flaw on a high school network and see if you don’t get accused of “hacking” the network! Yet the bonehead who’s paid to fix computer problems knows zilch and sits on his ass all day, doing nothing and getting money for it. When will the business world wake up and realize that you need people who can solve problems, not people who only have pieces of paper? [Lace] REPLY> First off, thanks. Second, no one said school wasn’t a good thing. The point of the article was that school teaches you what you can’t do, hackers on the other hand, go out and make incredible things happen by doing nothing more than playing around. For example, sitting in a computer class at a university, you can learn a whole lot about routing, data encapsulation, NAT, and so on. But they’ll also teach you why Cisco routers are so secure, why no one can hack Netware, or why Windows is the operating system to use. Hackers, by actually using these technologies (as opposed to only reading about them), can show you results to the contrary. They wind up knowing more by doing, not by theorizing. –screamer > Frequency, To reply to your introduction, The Fear Remains, in Freq27, I must say I’m quite appalled. As a computer hacker of twenty years, I was disgusted to read your views on why hackers are hated in the modern world. You say that having knowledge makes you an evil person in the eyes of the public, but please look at the knowledge you speak of. You do not refer to computer programming that can be used to create better, more efficient machines, you talk about getting into email accounts. You feel pity for a child who writes an NT exploit, claiming he did something far greater than what any computer professor could do. Yet, all this individual did was create a program that could be used to break the law. Years ago, hacking was about making things better. You followed the laws, created the best programs possible, and shared your information with the world. When your readers, and other “hackers” of the world begin working toward solutions instead of trying to exploit problems all the time, I will agree with your statements. Until then, any “fear” your so called hackers have directed at them is well earned. If you sniff a network, exploit a machine, crack an email account, or do any sort of mischief, you’re doing it for that simple reason, mischief. You’re not doing it to better the computer world, such as Linus Torvalds and his friends did. You’ll notice those aren’t the ones who are “feared,” it’s the kids out for a laugh. [John C. Miller] REPLY> Your argument proves my point, although I’m sure you had no intention of doing so. By claiming that certain knowledge is bad (or “dirty” as I said in the article), you’ve shown how a great many people in the world feel about hackers who point out vulnerabilities. It just so happens that you are a hacker, one with a very clear, albeit narrow, definition of what a hacker should be. Knowing things, understanding where problems could arise, and having the means to exploit them does not make someone a monster. I too would like to see more hackers work on improving computers, but if you attended a university, and explained to a professor why his code was total garbage, you may be hated as well. The article was meant to show a general feeling toward those that know more than others, and as you’ve shown us, those people are feared. -screamer > Frequency, It seems to me the word hacker has become a way of upsetting people more than anything else. I remember a long time ago how screamer talked about wearing his 2600 shirt as a form of protest, but what exactly was he protesting? By treating the word like something bad, aren’t we destroying our own cause? [Anonymous] REPLY> I wore that shirt, and others like it, to show how proud I was to be a hacker. The protest I spoke of regarded wearing something with pride, something that many people were against. I wouldn’t say I was trying to upset people, but if it pushed a few buttons, all the better. Once hackers come out of hiding and start showing people their normal human beings, maybe things will improve. -screamer ================================================================================= 9. *** Closing Arguments *** Here we are, once again stepping into a new year. 2003, the year of Matrix sequels, and the first chance Kevin Mitnick has had to see exactly what the internet is. I think we should begin by welcoming him back, it’s been 8 years since he’s been online, and things are now completely different. He’ll be greeted by the wonders of pop ups, spam, and instant messages. We hope he finds the same love for the technology that he had so many years ago. It’s a new world, and we hope he enjoys his stay. Welcome to the net, Condor. More flack over the whole “cDc sucks” statement, will this thing ever die? It seems like everyone who defends them does so by saying “they rock” or “they do more than you”, but never actually explain why they deserve to be treated as gods among hackers. Entire movies are made about them, calling them one of the most elite hacker groups in existence, and yet all they ever seem to do is write text files. Now of course, we have nothing against people speaking their mind…but what makes them so special? Answer that, and we’ll be sure to print it. As we mentioned in the intro, the Most Wanted section has been removed. Quite a few people expressed interest in it, yet no one actually sent in an ad…ain’t that always the way? No worries, hacking is all about experimentation, some things work, some thing’s don’t. One thing that seems to be working is the site, which is still receiving a good number of hits everyday. While not the prettiest site in the world, it serves its purpose and is growing all the time. Seems like everywhere I turn there’s someone hating on Linux. This month, my newest teacher (who’s a nice guy with a CCIE, although he won’t let us verify that…) told the class why you should NEVER use Linux. Apparently, once it’s on your machine there’s no way to get it off. Wow, I sure would like to thank him for that bit of knowledge. I know I’ve put it on and taken it off more times than a strip club dancer, but I guess he knows his stuff more than us little hackers do. What’s worse, this prompted a student to bring in several papers (direct from Microsoft.com) explaining how to remove linux and install windows…yeck! After finally making myself 100% windows free, I hate to think about going back. Once you really get into the open source world it’s an amazing feeling. You’re welcome to contribute to the growing tree of information, no one is unwelcome. Write a program, put it on freshmeat.net. Need help with something, just join a forum and ask. Want to share your wealth of knowledge, there’s a lot of people who could use it. Open source software lacks that corporate feel, allowing you to truly use a computer anyway you like, without any mention of licensing fees or copyright protection. I thoroughly intend on putting up a “How to Remove Windows and Install Linux” on hackermind.net…if anyone wants to write it up (make it as detailed as possible), just let me know. That’s it for this month, which has proven to be pretty slow. We hope everyone had a happy holiday season, we’ll see ya next time. -screamer ================================================================================= 10. *** Crew *** Editor in Chief – Screamer Chaotix Webmaster - Dash Interrupt Network Administrator - Leland D. Peng NT Specialist - Unreal Radio Specialist - w1nt3rmut3 Writers – Sad is Tic, Greenwich Mean Shout Outs – Kevin Mitnick, JLH, Jack, Tony Cover – says it all SEND ARTICLES TO – articles@hackermind.net (or else…) WWW.HACKERMIND.NET