FREQUENCY : inside the hacker mind FREQ29 March 2003 =========================== 1. “The Whole Picture” 2. A Little More on Linux and Windows 3. Optimum Online and You 4. The Truth Behind monster.com 5. So You Want To Start An Ezine 6. The Death of a Hacker 7. Hacker Hating 8. Review – “Pattern Recognition” 9. Crosstalk 10. Closing Arguments 11. Crew =========================== "A people that values its privileges above its principles soon loses both." - Dwight D. Eisenhower 1. “The Whole Picture” Hackers, it can be argued, think like machines. Life is full of ones and zeroes, and it isn’t until you apply a little human creativity that magic really starts to happen. But in order for that magic to happen, in order for that creativity to blossom, you have to question everything. You have to examine things from a hundred different angles simultaneously; is this buffer to small? will this integer lead me straight into a signedness bug? is ten lines of code really necessary? which libraries should I use to ensure maximum portability? Every angle, every fact, is checked and rechecked until near-perfection is achieved, and even then the process of reevaluation continues. As I said, that’s the hacker way. The way of the average person, your non-technical-just-wants-to-use-email type of person commonly does not think along these lines. They’re handed information and assume that it is fact, given their utter lack of understanding. Or perhaps a “reliable source” (Microsoft?) explains something to them, and they naturally believe it to be accurate. This is not limited to technology though; millions of people behave in this manner day in, and day out. They turn on CNN, MSNBC, Fox News, or any other corporate owned station and believe they’re getting the whole story. Why? Because these stations advertise themselves as being fair and balanced, of course! The point of this article is that we can’t place the blame solely on the media, or companies like Microsoft. We have to remember the gullible people who refuse to question things, who take everything at face value because their predefined prejudices prevent further examination. Hackers are bad, that’s that. All Muslims are terrorists, no question about it. Bush says we need war, why look into any further. Sound familiar? From the mundane to the monumental, people generally believe what they’re told. And the truth is, it really doesn’t matter whether they’re right or wrong, it’s the fact that they don’t look into it for themselves. It’s the idea that they have no interest in examining the issue from another perspective. I recall a time when the illusionist David Blaine stood atop a two hundred foot high pole for three days. People marveled at his discipline, amazed by his ability to control his body with a skill only an enlightened monk could achieve. Christopher Reeve spoke of his talent for “mind over matter,” and millions of people equated him with a religious figure. To think, I had the nerve to question an illusionist. I reminded people it was his business to manipulate both eyes and minds. Misdirection and trickery were his tools, and together, they created feats so implausible that they could only be explained through a spiritual gift. He could push a nail through a block of wood as dozens of onlookers watched, he could freeze himself in ice, and even bury himself alive. None of it was real, and everyone knew that. Yet when he stood atop that pole, and celebrities and reporters alike noted how it was no trick this time, everyone believed it. Worse yet, very few even questioned it! A man paid to deceive was being believed, and heralded as a type of god. How? By merely telling people it was real. Now I won’t claim I was right, nor will I admit that I was wrong. All I’ll do is say that I questioned the entire thing, I did research on it, I looked through various sources to see what was going on. Can I prove it was fake? Nope. Just like I can’t prove that a war with Iraq wouldn’t save a lot of dying Iraqis. And Just like I can’t say for sure whether increased vigilance will or will not stop terrorism. What I can do, though, is get as much information about a subject as I can. Should someone ask me about something I know nothing about, rather than feign knowledge, I’ll simply say “I haven’t looked into that thoroughly enough.” Questioning things is important, both in computer hacking, as well as the real world. I use the example of people believing an illusionist “just because”, but this rational applies virtually everywhere. Of course I don’t expect everyone to head to the library and research every single topic they come across. But I will quote a famous tee shirt, “Don’t Hold Strong Opinions About Things You Don’t Understand” (http://www.jinxhackwear.com/scripts/details.asp?productID=71&affID=-1&catID=1&sale=False). And more importantly, learn to go against standard norms from time to time. By doing so, you may begin to feel they’re incorrect, or perhaps you’ll agree with them more than ever. Question everything, whether it’s someone saying hackers or evil, or someone saying hackers are saints. Only then can you come closer to getting the whole picture. -screamer ==================================================================================================== 2. *** A Little More on Linux and Windows *** by: Comrade Crane By now we’ve all grown tired of the debate over Linux and Windows, and I’m sure some are sick of hearing why people still use Windows when they claim to be Linux fans. I’d like to think I have something to add to the discussion though, so give me a chance. First off, in an effort to separate myself from the machine, I’ll explain why I’m writing this article. My first computer experience came from a rundown 386 with nothing but dos installed. As a noobie, I hated the text based interface and confusing commands. For the longest time I just wanted to do what everyone else was doing, point and click! Windows 3.11 was the hot thing to have, and made my dos-only box look pathetically outdated. The Win 3.11 operating environment made me drool, it was actually simple to use and would let me do whatever I wanted without the need of looking up some obscure command. That was my first impression of Windows, but as time went on, and I learned more and more, I realized something I hadn’t seen before. Windows was actually preventing you from using the machine, by putting a messenger between you and the hardware. The problem was plain as day, the messenger wouldn’t do everything you wanted it to do…you could only check a box and hope it worked. This led me to UNIX, and eventually Linux. It was here I saw for the first time what a powerful operating system Linux was. Not only could you interact with every element of it, sometimes down to the bit, you could also configure it anyway you liked. With Linux, the computer became yours. It was no longer a television-like device that you merely watched, it was a piece of equipment that was ready to do your bidding. There were problems though, minor setbacks that amounted to undesirable outcomes. For one, almost all of my hardware was incompatible. My modem, scanner, mouse, and other peripheral devices had no drivers written for them…they were dead weight. I suppose a great programmer could write their own, but at this point, my programming skills went little further than shell scripts. Writing a driver was simply out of the question, I was at the mercy of the software. Windows stuck its face out at this point, tempting me once again with its ease of use. The temptation grew as my frustration increased. Linux was not cooperating, it was preventing me from doing the work I wanted to do. On top of this, software was buggy as well. I would download a movie, only to realize my player couldn’t handle it…nope, still no drivers. I found myself, on more than one occasion, switching back to Windows just to use the hardware I had purchased and the videos I had downloaded. Sure, Linux had some great programs…but who cares, I could barely use my equipment! Problems like these prevented me, and others I’m sure, from completely abandoning Windows. Let’s look at today, and give a side by side comparison of the two operating systems. First off, let’s say you like hacking away at code all night, but enjoy listening to music at the same time. Where are the good file sharing programs for Linux? If you know of any, let me know. I heard something about Kazaa for Linux, but have yet to see anything but vaporware. Windows has Kazaa, letting me trade all the files I want to. Then again, Windows doesn’t come with built in compilers that allow you to modify it from the inside out…so back to Linux, where I’m actually invited to program. There’s another advantage of Linux, although few people see it that way (people outside the hacker community of course). Linux actually forces you to learn about what you’re doing. Windows is there to let you point and click, but Linux is much more hands on. This is good for hackers, who enjoy having more control over their computers, but for the general populace it’s a bit of a hassle. Getting an error message when you try to send an email and having to figure it out on your own, or at least look for help online can be quite frustrating. This leads us to Windows, where most problems are easily corrected through drop down menus. Dependencies, you hate them, you know you do. You try compiling a file, and look at that, you need the newest lib* file. No problem, you run off and download it…but wait, that file requires another file first. You could be there all night, finally acquiring all the necessary files, and then realize they won’t compile for some reason! To this day I have programs I’ve never been able to compile, with errors so cryptic I don’t even know where to begin looking for solutions. At least with Windows, as long as you have the right version of the OS you should be in good shape. Alright, enough Windows ass kissing, there’s a lot about Linux that’s a thousand times better. How about stability for one? Windows constantly freezes and screws up, forcing me to save things every three seconds. Programs close for no reason, videos freeze, blue screens appear. In this race, Linux wins by a mile. Nay a blue screen in sight. Combined with all the things I mentioned earlier, Linux is definitely the machine for both software and hardware hackers. It wouldn’t be fair to close this article without saying how much Linux has matured. Linux has become far more user-friendly, complete with support for more and more hardware. This gives me a lot of hope regarding what could possibly be the perfect operating system. But until Linux provides me with everything I need to enjoy my computer, I’ll be forced to keep a dual boot at least. Hopefully, somewhere down the road, I’ll be able to exorcise the Microsoft demon and go completely Linux…I look forward to that day. ==================================================================================================== 3. *** Optimum Online and You *** by: Screamer Chaotix For years the telephone companies of the world have pulled the wool over their customers eyes, forcing ridiculous charges upon them and blinding them from the truth. Hackers rose against this, pointing out these injustices and showing everyone exactly what was happening with the technologies they knew nothing about. Now, a new threat is present. Only this time it's not the telco's, it's the cable company. This article will focus on Optimum Online, a well known cable modem provider in the Connecticut/Long Island area, but I'm certain these tactics are in place all over the country. Optimum Online, like other cable providers, sells you a cable modem and NIC through The Wiz retail outlet, along with their service. Upon installation of their hardware, you register with them online, where you are then presented with their terms of service (mind you, you've already purchased the equipment). Once set up, you're ready to go, and like most people, you'll be amazed by the high speeds. However, if you're like me, you had a few questions before you made your purchase. The first, in my case, was a simple one: "Is this equipment compatible with Linux?" The man at The Wiz assured me it was, although Optimum did not support that particular operating system. I looked at the NIC and noticed it was an ISA, which didn't sit well with me. I asked for a PCI, but he said that's the only one they had. Fair enough, I had his assurance it would work with Linux, so what was there to fear? That was the first problem, but it certainly wasn't the last. The NIC did not work with Linux, and the only way it would was if you wrote your own driver more or less. Unfortunately I really didn't have that kind of time, especially when I was told it would work out of the box. Nonetheless, time went on and I eventually got a card that did work. Problem solved, I was now online and enjoying the incredible speed of my cable modem. Here was where the new problems began to creep in, as pointed out by this email I received from Optimum themselves: ================================== Dear Optimum Online Subscriber: You may be running a server from you computer and not even know it. If you use any of the peer-to-peer file services listed below without disabling the file sharing option, the entire Internet can access the files on your hard drive. In addition, use of these services can lead to network problems that may result in your upstream speed being temporarily reduced to control this abuse of service. Aimster, KaZaA, iMesh, Audiogalaxy, eDonkey2000, NeoModus, BearShare, Gnotella, Gnucleus, GTK-Gnutella, LimeWire, Mactella, Morpheus, Phex, Qtella, Shareaza, SwapNut, XoLoX Don't compromise your privacy or the performance of your high-speed connection. ================================== First they "alert" me to the dangers of these file sharing services, and then, one sentence later, say they're an abuse of service. Wonderful, now by merely using KaZaA I was violating their terms of service. How you ask? Running any kind of server on Optimum's network, and as I said, other cable networks most likely, is strictly prohibited. So running KaZaA is a violation of my terms of service, and should I continue doing it, I may be punished. A part of me wonders if the RIAA or MPAA are standing in the shadows, but I won't go into a conspiracy theory. There's a problem here, the terms of service basically give the cable company the right to declare anything a server! Next week ICQ might be forbidden, using DCC could be outlawed, and forget about running telnet, ssh, or ftp on your computer. They claim servers pose a security threat, yet I don't understand why they won't let me take my own chances. There are people in this world who use the internet for more than just email and web browsing after all. Which brings me to my next poing, websites. By now it should be no surprise that many cable companies oppose running webservers on their networks. Out of curiosity, I found myself playing around with Apache one day, just to see what would happen if I set up a site. I made up some html files, threw them in /var/www/html, and went to my ip via my 192.168 address. There was my site, clear as day. Next, I opened port 80 on my layer two switch and asked a friend to head to my ip using a web browser. He did, but could not see anything. Alright, they were filtering port 80. I changed around httpd.conf so that both "Port:" and "Listen:" were set to 81, and asked him to connect again. This time, it worked. This however, did not last long. Today it does not matter which port I use, all incoming http requests are filtered at the gateway. What does this mean? It means I can run a webserver on any port I like and then telnet to the server:port to see that it's there, but making any sort of http (or https) request leads to a connection timeout. Great, now none of my friends can see my site. My solution was really quite simple, although far from practical. I merely installed VNC (Virtual Network Computing) on one of my local machines and gave the ip/port to my friends. This allows them to connect to my internal machine through VNC, open a browser, and see my site as though they were on my LAN. Of course, it's sad I have to take such measures. All I want to do is use the internet the way it's meant to be used, why must their be so many restrictions? You pay for your alotted bandwidth, and as long as you don't uncap your modem, you should be allowed to do whatever you wish. I'm certain there are people who disagree with what I've said. Many have told me the terms of service are what they are, and if I don't like it I should go elsewhere. I'm not really sure where I can go...DSL I suppose, but why should I have to go through the hassle? There are a number of other things I could rant about, but I think what I've said is sufficient. We mustn't let these types of things continue. If we do, one day we'll find ourselves paying for every download, or getting booted because we had the nerve to run ssh. Unless we stand up against the ISPs, we may never have true, unfiltered internet access. ============================================================================================== 4. *** The Truth Behind monster.com *** By: JayX You’re probably considering a job in computers if you’re anything like other hackers, and like everyone else, you have no idea where to start looking. One good resource can be found at http://www.thehackerschoice.com/papers/hackers_go_corporate.txt , that should give you some hints and tips as to go about getting that job. My article on the other hand, regards something I’ve used many times, and am uncertain if I will ever use again. It’s called monster.com, you’ve probably seen commercials for it. Here’s how it works, get ready for a huuuge, extremely technical explanation…you post your resume and potential employers review it. Phew, ok the tough stuff is over. So monster.com accepts your resume (or rather, lets you create one) and posts it for anyone interested to come and take a little look-see. Sounds great so far: it’s free, you don’t have to go to them because they come to you, and there’s really zero effort required. But of course, there’s a problem, you knew there was. Several other sources online have discussed this topic, but in case you missed them, allow me to fill you in. They’re called fake jobs. Maybe you’ll call them bullshit jobs, or foobar jobs, or yeeeeeah righ—ok you get the idea. So what exactly is a fake job? Essentially, it’s nothing but spam. Companies pick up on one single bit of info in your resume and send you an email saying they’d like you to get in touch with them. For example, if you can work in or around Los Angeles California, you might get three companies asking you to get in touch with them because, ta-da!, they have job openings in that area! Wait, you wanted to get into computer security…and this is a nursing job. Don’t think I’m kidding for one second; these companies match up the most miniscule of details and send out their spam in hopes of getting as many applicants as they can. Worse yet, sometimes their spam doesn’t even mention what the job is. Here’s a scenario for you to digest, you’ll be calling in regard to the “job offer” you just received to get a little more information. Hi, my name is John Smith, I’m calling in regard to the reply I received to my application on monster.com. Your name again sir, and where are you located? John Smith, but don’t you have all my information? Sir I have 4000 resumes here. Oh I understand, but you just replied to mine. I replied to 400 other ones too sir, now may I have your phone number and location? Certainly, my number is 300-7777, I’m from Visalia California. Thank you Mr. Smith, we have several openings in our accounting department, please email— Accounting? I was interested in computer security. I’m sorry sir, the only jobs we have available are in accounting. It’s no joke, they don’t care what you were looking for. If you said you could work near LA, they’ll get in touch with you. Now this could be a mixed blessing, like so many other things. A person seeking a job might not care what offer comes along, and will be eternally grateful for so many offers. But why can’t monster.com have one extra selection, one that reads “Only accept close job matches” or something along those lines? They could hide your email from view, that way an employer would have to go through monster.com to find it, and if they offered something you weren’t interested in, you could report it as spamming. Maybe it’s just a dream, but I’m tired of finding responses in my email only to realize their for job openings they’ve sent to about 4000 other people. Companies need to start actually reviewing resumes before emailing people, not sending out their little script bots to scan through them. You can use monster, and similar services, if you like. Just be prepared to get a ton of bogus offers. There’s nothing illegal about offering someone a job, but monster seriously needs to reconsider it’s policies. 5. *** So You Want To Start An Ezine *** By: Da Peng G-files, or text files, are something that have been around since the dawn of the hacker. In a time when there go graphics on the net, people could only express themselves through ascii text and post notes to bulletin boards. Later there came a more involved form of text file, known as the “e-zine.” Based on “zines” (or independent magazines), these electronic publications dispensed the information the world found to controversial. Everything from the latest exploits to bomb making, and sometimes venturing into the world of the downright bizarre was discussed and disseminated to the masses. The beauty of the ezine lie in its anonymity. Those not wishing to give out their real names need only use handles or aliases, or even the ever-popular “anonymous” tag. Information, both right and wrong, was shared and discussed without any question of who the source was. Some frowned upon this concept of course, preferring the information found in “legitimate” books where the author was bound to fact, or at least his/her interpretation of it. Nowhere else was this more visible than university’s and high schools, where teachers insist students learn from the proper sources, and not trust the ezine some stranger scattered across the net. Others felt differently, they found ezines to be a way to get the latest news and information for whatever topic they happened to be interested in. For many of us, that topic was most likely computer hacking. With all this talk about sharing information, one can’t help but wonder what it would be like to create one’s very own publication. After all, it’s a chance to tell the world how you feel, and if you choose to, get feedback from your target audience. There’s no doubt about it, creating an electronic magazine is a lot of fun, but it’s even more so, it’s a lot of work. Let’s begin by examining our first consideration, content. What do you want your ezine to be about? Computers? Telephones? Radio? A little bit of everything? Believe it or not, choosing a topic can be a mind numbing decision. If your favorite topic is radio, and tell your target audience that is what the ezine will be about, you’re more or less bound. Ask yourself this, will you still love radio just as much three years down the road? Are you truly willing to dedicate an entire publication to the subject? Face it, if you’re a hacker you probably have other interests. Thankfully, calling something a “hacker ezine” can ease your pain. This way you can feel free to cover a whole range of topics, from computers to politics, since hackers seem to be getting involved in a little bit of everything these days. Next, the title. You want something catchy, but not too over the top. From what I’ve been told, the title of this particular ezine came from sudden inspiration. Nothing more than a walk through a courtyard, looking off at a distant city. That little bit of inspiration, that curiosity of what types of communications were happening before our very eyes was what led to the simple title “Frequency.” Then again, maybe you want something a little flashier, like Phrack. Just be certain the title you choose is one you can tolerate for years to come. Naming it L33T0 might sound funny now, but will the humor remain years down the road? Now the most important part, the content. Getting people to write for you is a give and take process. In order to generate enough interest, you yourself have to contribute from time to time. Better yet, get a group of friends who have no problems writing in every issue (even better if they ask you if they can). With a constant supply of articles, you might be able to trigger a response and get other people to write in as well. Generally offering something in return is frowned upon, if only because you want articles written from the heart. At the end of the day though, the choice is up to you. But alas, no one is writing for you. What to do, what to do. You’ve tried begging, you’ve tried giving out free stuff, and you’ve tried kidnapping their goldfish (just kidding! …like I said never give out free stuff). How the hell can you get those articles to keep on coming? The simplest answer is a depressing one, you can’t. People will demand each issue be out on time, but never provide you with means to make it happen. Those kind enough to help you along are few and far between, so keep that in mind before you promise a particular delivery date. Waiting for Phrack sure does suck, but in the end, it’s done when it’s done. And finally, readers. You can advertise all you like, but the readers will find you when they find you. And when they do, you might wish they hadn’t. Dealing with your “fanbase” is a difficult thing, especially when people make demands of you and you’re not making a dime off of it. Try to remember one thing, people are generally good natured. You’ll have far more supporters if you treat the readers with the respect they deserve. You might be making the ezine for free, but by taking the initiative you’re also opening yourself up for criticism. I’m reminded of the old saying, if you can’t take the heat then get out of the kitchen. Just remember to be kind to your readers, they’re the only reason your ezine has any point to it after all. What good is a book that never gets read? Creating an ezine really is a lot of fun, but seeing them die off after only a few issues is a terrible shame. It takes time, effort, and dedication, but yes, you too could be the next internet publisher. Just remember the key points I mentioned above, and for the love of Allah, don’t go insulting your readers Phrack-style (or at least the former Phrack-style). They have great information, but who wants to read (much less write for) an ezine run by a bunch of snobs? Good luck, and remember to enjoy yourself. Making an ezine shouldn’t be a traumatic experience, just have fun. Some days will be better than others, but if you enjoy it more days than you hate it, keep doing it. If on the other hand you feel like it’s a chore every single time you sit down at the computer, maybe you’d be better off just writing code. That’s it for now, peace&love. WAA! ============================================================================================== 6. *** The Death of a Hacker *** By: Myopic I’m a computer junkie, always have been, always will be. Since age 10 I’ve been programming these dumb beasts with the passion of a poet, and receiving the rush of a thrill seeker by conquering their innermost workings. BASIC, assembler, FORTRAN, C, C++…I had to know them all. I had to learn these languages, realizing and appreciating the subtle differences that came with each. The mindset you had with one had to be rethought for another, leading to new forms of creation and simpler ways of accomplishing your goals. For me, the computer was far more than a workstation. It was a tool, a tool to create tools as the old hacker mythos goes. It was a universe in and of itself where I was master, a god who could create and destroy at will. By progressing downward, through it’s inner workings, I became one with the machine. I began manipulating bits, instructing the processor to do what I wanted it to do, exactly how I wanted it done. I was the creator, and the machine before me was far more than a tool, it was a living organism obeying my every command. Then I realized what I had really become. Sitting there, hunched over my keyboard in the wee hours of the morning, I was alone. My plans for the next day consisted of sitting in that same room, writing the same programs time and time again. For a moment, I wondered why I was doing it. Was I improving the world? Was I really having fun? As far as the world was concerned, so what if I was pushing code through my processor at the assembly level. Would my system monitoring tools really benefit mankind at the end of the day? No, and I knew it. There was still the poetic side to it all, creating for the sake of creating. But my creations took months, sometimes even years to perfect, which meant I was sitting at that computer all that time. And as for the second question, was I really having fun…I don’t know. I know for a fact I loved hacking, but deep down I suppose another side of me was constantly asking why. Why was I letting the rest of life pass me by just to bum a few more lines off a program? I knew when I reached the end of the road I would look back on my life. If one really does see their life flash before their eyes, what would I see? Most likely that computer monitor, glowing in the darkness of the room. Would I know if it were morning, afternoon, or night? Probably not, the days seemed to blend into one another. Would I smile at all I had accomplished, congratulate myself on creating programs perhaps a dozen people would ever use? Or would I look back through the years and feel like crying, full of regret because I didn’t leave the house and actually do something? Rising from my computer, I walked to the window and began to question everything about myself. Shyness was something I had grown accustom to, so I never really gave much thought to asking girls out. The concept of joining a club or actually doing something fun with my life was a bit out there, at least for me. Still, something would have to change. I knew if I remained in that room, alone with a machine, the world would pass me by. More importantly, life would pass me by. The thought of this terrified me, and shyness or not, I knew if I didn’t make an effort nothing would ever change. I vowed to not use my computer for an entire week, starting right then and there. It was almost a success…almost. I checked my email and went to a few sites, but for the most part I kept the computer turned off. What did I do to pass the time? I went to a few coffee houses, read some books (mostly computer related of course), and tried to find things around town to partake in. Renting movies gave me a few hours of enjoyment, and I even took a friend or two to see some in the theater. True I had done this stuff before, I was no hermit…but after growing so attached to the computer, living without it seemed like a brand new life. Time went on, and I found more and more things to do to occupy my time. I can’t say my life improved dramatically, but at least by separating myself from the machine for a while I found I could function without it. There were times when pure boredom drew me back, especially when you’re up in the middle of the night…but hey, the only competition then is late night infomercials. To this day I try to stay removed from the computer, only using it on occasion. Like I said I’m still a computer junkie, but I’ve learned to step aside and do other things, no matter what they may be. A simple drive upstate can feel a lot more rewarding than sitting at a computer all day, once you give it a chance. This isn’t meant to depress anyone, only to help put things in perspective. There’s a whole world out there that should be experienced, and since we only go around this carousel once, you can’t afford not to get out there. You can always love computers, and continue to work on them whenever you like. Just be sure to enjoy the finer things in life, you’ll be glad you did. ============================================================================================== 7. *** Hacker Hating *** By: Leonard A friend of mine had a computer problem the other day. Apparently every time he tried running a program it would lock up, but never did before. Naturally he turned to me, being the only person he knows with any knowledge of computers. I told him I would have to play around with the machine a little, see what else was running, find out what he had added or taken off, etc. He said sure, and the next day I was over his house. He might as well have had a sign that said "I Don't Trust You" on his forehead, given the way he was staring at me. I sat at his keyboard, he surfed my shoulder. I typed a few commands, he asked what I was doing every step of the way. When I closed in on the problem, he didn't want me fixing it on my own. It was just a resource conflict, and I told him I'd be happy to clean it up for him, but he wouldn't hear of it. I stood, letting him take the chair. He asked me what he should do, and I guided him through it step by step. Nothing happened, I wasn't trying to take over his little WinME box. Yet the whole time I was there, at my friend's house remember, he treated me like I was a monster. Now normally I'd understand this, after all when it comes to security, you shouldn't trust anyone. But come on, I was right there in his house, I wasn't going to do anything. That wasn't the only time. If he wanted a game I owned, I would bring it over, but he would insist on installing it. If the phone rang, he would rush downstairs and get back up as quickly as possible, can't leave me alone with the machine for too long! I can't shake the feeling it's because I consider myself a hacker. I'm always telling him about the programs I write and the things I do, and I think it really scares him. Here I am, his best friend, and he won't trust me with his machine. If he gets a shell account somewhere, let's say from school, he won't even let me login to check it out. Good security? Sure, but where's the trust? He'd let me borrow his car in an instant, he'd lend me money without question, but will he let me into his shell account? Will he let me fix a security vulnerability on his machine? Not a chance in hell. Then there was the time he needed SSH, so I sent the program I'm always using. It was just a simple .exe file, around 350k I'd say. He accepted the file, but told me flat out that it had better not be a virus. Sure I was glad to see he took my advice about not accepting .exe files, or any files from people he didn't know for that matter, but again, no trust. He'd trust me to hold a ladder he was standing on, he'd trust me to drive him somewhere, but computers? No way. Maybe I deserve, after all I am a wiseguy when it comes to computers. I'm always trying to outdo someone else, pulling little electronic pranks, things like that. But I do the same in real life, why won't he trust me when it comes to computers? Maybe it's just hacker hating, maybe it's because he has no idea how to work the machine, and fears me because I do. I think that's the most accurate answer, but not everyone is this way. A lady friend of mine had trouble with her machine once, and she had no problem letting me at her computer. She had full confidence in me, and even turned to me because she knew I was a hacker. In her words, she knew a hacker would be able to help more than anyone else. And when I pointed out a few vulnerabilities she should fix, she was grateful and thanked me for my help. Trust is a hard thing to come by these days, especially if you call yourself a hacker. But don't feel bad when a friend doesn't believe you won't do any harm, not everyone feels that way. I hope this article, if nothing else, has struck a cord with some readers. It's one guy's experience, but I'm sure it speaks for many others. ============================================================================================== 8. *** Review – “Pattern Recognition” *** By: Screamer Chaotix William Gibson, famed author of such classic science fiction novels as "Neuromancer" and "Count Zero" returns for his first journey into the very real present. "Pattern Recognition" is by no means the next "Neuromancer," but is definitely a step in the right direction toward placing Gibson back on top of the cyberpunk pile. Set in or around 2002, Pattern Recognition focuses on Cayce Pollard (fans of Neuromancer already know how to pronounce that first name), a self-proclaimed "footagehead" and logo critique extrordinaire (though she has somewhat of a phobia toward them). The latter lands her jobs where all that is required of her is a simple yes or no. Companies the world over seek her expertise in the field, turning to her as the person who can tell what logos will work, and which will fail. The former credential is self applied as she, and others on a message board she frequents, await the release of the next installment of a mysterious film of unknown origin. Showing up on the net from time to time, new segments enthrall Cayce to learn more about them, and eventually lead her on a journey around the world. It's a world in present time, with a very futuristic feel, leaving the reader slightly confused. Fortunately, words like Google, Hotmail, and hackers (remember the cowboy's?) are in place to make the reader feel more at home. I won't critique Gibson's understanding of technology, or somewhat lack thereof, because he's a writer and nothing more. He tells stories, and cannot be expected to keep up with the monumental advances that occur everyday. For what he does know, Pattern Recognition is a refreshing change from the days of the Sprawl and jacking into the matrix. The only downside being, as was mentioned before, his use of futuristic terms that serve only to confuse the reader. Why a Mac is refered to as a "Cube" I'll never know, is it Gibson's way of saying box? When judged as a writer, Gibson stands above many others. When compared to the writing style of Stephen King for example, Gibson comes out as far more poetic. Using descriptions that make you feel the world surrounding the character, not just see it, he helps to draw you into the story. Another unique feature of this book is it's point of view. While still third person, like previous works, the novel is told "as it happens." He does not say what the character did, he says what they are doing. While somewhat disconcerting at first, the approach really is quite genius. In a story with so much mystery, it's nice to follow along step by step, rather than being informed of events that already transpired. Of course, as the first paragraph pointed out, this is not Neuromancer. Gibson has focused the majority of his attention on describing the world around us through an extensive use of brand names and logos (ironically contrasting the main character's discontent for such things). And while a master of creating the incomprehensible, his attempt to show us our world in a new light falls slightly short. While never detracting from the overall flow of the story, the use of unfamiliar terms to describe common items (Cube) and talk of robot sex slaves (among other things) leaves the impression that Gibson is still lost in his world of the future. His writing is beautiful, his description elegant, but if Cayce tubed into the Sprawl I wouldn't be surprised in the least. Gibson may never achieve the high standards set by Neuromancer and Count Zero, but compared to some of this other work, this novel is definitely a step in the right direction. But had he let loose his imagination and set this in the distant future, perhaps as the next chapter in his Sprawl saga, it would have had a much firmer grip. Gibson should be applauded for his attempt at something different, as well as for creating such an exciting book. But I'm still waiting for the day when he truly returns, when he creates a novel that is on par with Neuromancer. Until then, Pattern Recognition is well worth your time. 9. *** Crosstalk *** > Frequency, Did you guys catch Kevin Mitnick on The Screen Savers? I thought it was cool seeing him get back online, but Emmanuel seemed a little pissed by all the “don’t hack” stuff. I don’t know, every time one of the hosts said “and what shouldn’t you do!?” and Kevin had to be their lapdog by saying “don’t hack!” it just kind of sickened me. Fun show otherwise, what did you think? [Negative] REPLY> My cable company doesn’t carry TechTV but thanks to Dash I was able to watch a copy of the show on video. I felt the same way; it was cool seeing Woz, Kevin, and Emmanuel all going online, but why they needed all the anti-hacker stuff I had no idea. A kid actually called in and asked what inspired Kevin to hack, and rather than encouraging the kid to play around with computers they just jumped on him, insisting he not try this stuff at home. I didn’t expect Kevin to shout out “Do what I did!” but come on, there was a perfect chance to explain how hacking really is an innocent hobby most times, and it never came up. –screamer > Frequency, Just watched Kevin on the screen savers and I got to tell ya, they really broke him. How else do you go from thinking there’s nothing wrong with viewing source code to admitting you deserved prison time? It hurts me to say it but the Kevin we knew and loved is gone, replaced by a regular Winston Smith. He’s now writing books about how to protect your enterprise, does that sound like the Kevin we knew? Hell, visit his girlfriend’s site and she talks about him making jokes about his ordeal, saying things like (after she read his email and claimed it was his fault for leaving it open) “Oh sure, just like it was DEC’s fault that I read their source code.” [Anonymous] REPLY> It’s pretty harsh to say someone “was broken” just because they don’t feel the way you would like them to about certain issues. Kevin may have always felt that way, in fact, he maintains he was only upset by the unfair treatment he received. Do I believe the actions he committed warranted jail time? No, but he’s entitled to his opinion just like any of us, it doesn’t mean the “old Kevin” is dead. –screamer > Frequency, I saw the episode of the Screen Savers where Kevin finally went back online and it brought a little tear to my eye. I’m not sure if he’ll ever see this, but welcome back to the net Kevin! [Placid] > Frequency, So we just went up to High Alert (Orange)…am I supposed to be doing something? [Shreiker] REPLY> Be extra vigilant, avoid tall buildings and places you suspect might be attacked, tail anyone who looks suspicious, report any odd activity to your local authorities, but remember to go about your daily life as you always would. > Frequency, In response to “Why Pay?” in Freq27, I have a hard time understanding why people think breaking the law is alright as long as it’s easy to do. I could probably sneak a digicam into a movie theater pretty easily, yet you would label me a “true” movie pirate. But if I download the film online, it’s alright because it’s nothing more than a file. When I was younger, my parents taught me the difference between right and wrong. I learned at a young age that I had to pay for things that I wanted, otherwise it was stealing. Now here you come, with your rebellious attitudes and disregard for the set way of things trying to create a pathetic uprising by telling people to throw out those foolish ideas of right and wrong. I love hackers, but stealing is stealing. [l00t] REPLY> You would have to ask the author what message the article was truly meant to spread, but from my own interpretation I think you’re way off base. The article explains how it’s only natural for people to take the cheapest route imaginable, and with movies and music right at their fingertips, why would they pretend to need music stores and movie theaters anymore? You also mention people know the difference between right and wrong, yet a good portion (if not the majority) of the world’s population sees nothing wrong with downloading movies or music. All those *AA companies out there can cry about losing a million here or a million there, but the people downloading files have no trouble sleeping at night. People love music and movies, and as long as that interest remains, they will continue to exist. Sharing files and having access to media you may not have access to otherwise will not kill the industry, it’ll put the power back in the consumer’s hands. –screamer > Frequency, The other day I went onto kazaa and downloaded a song. When I played it it just repeated the chorus over and over, is this the riaa just screwing with us? Is there another company doing this for them? And if so, how can we stop it? [John Bear] REPLY> I’m sure we’ll take heat for this, but there are sites out there that will help determine the validity of files. Visit www.vcdquality.com for an example. As for who’s doing it, from what I understand there was a company that was putting out bogus files by order of the RIAA in an attempt to annoy people to the point of just going out and buying music. If you’re like me, you’re probably laughing right now. Why the MPAA and RIAA think these guerrilla tactics will do any good in the long run, much less paint them in a positive light, is beyond me. –screamer > Frequency, Kevin was just on one of those NetIQ broadcasts. Usually I hate those guys, not only are they full of themselves (listen to their opening! “netiq was the obvious choice” “the combination of netiq and Microsoft” “we decided to go with netiq” blah blah blah), they’re also a big reason why hackers are given such a bad name. They make portscanning seem like corporate espionage for crying out loud! And get this, Kevin says he USED to be a hacker? I don’t care if he hangs out with the 2600 crew or goes to H2K4, he’s made it very clear he wants nothing to do with the title. I hate what they did to him and all, I still think it sucks, but where’s the whole “hackers just play with computers” argument we’ve been hearing? Why does he suddenly want to team up with the NetIQ guys and play the other side of the field? After being in prison for five years, you would think he’d be out saying how there are some hackers that do damage, but most don’t. Sounds to me like he’s doing what Microsoft and every other computer business is doing, making sure everyone knows that hackers are a threat that must be eliminated. My only question is, how long will 2600 support him with that attitude? REPLY> I guess I have no reason to reply, since that was just an opinion…but it’s my ezine so muhahaha! I hate NetIQ myself, not only are they a bunch of frauds –amazing how they always get just the question they need from the live audience- they do indeed paint hackers in a bad light. I suppose my hacker attitude plays into it, I can’t help but hate their “experts” who try to act like hot shit, but that’s just me. As for Kevin, I noticed the same thing. But if I may interject something, and this is pure conspiracy, he’s trying to earn a living right? He wants people to take him seriously so he can get jobs. So what’s he doing? He’s telling people exactly what they want to hear…I shouldn’t speculate, but Kevin is something of a pro at that. Neither you or I know what he says behind closed doors, but in public he’s going to say exactly what he needs to say. Just a thought. -screamer ============================================================================================ 10. *** Closing Arguments *** As you can probably tell from the letters we’ve received, the issue of file sharing is still going strong. While it might not have anything to do with hackers, it is a raging debate that’s consuming internet message boards everywhere you turn. Not surprisingly, people who understand little about the technology seem to be the primary opponents to the file sharing movement. Whether they’re reluctant to accept a new technological medium, or simply want to make as much money as possible, it’s become clear the internet community as a whole embraces these technologies. By going to war with their customers, the MPAA and RIAA are only creating further animosity and essentially prolonging a war they can never win. Perhaps if they embraced these technologies, instead of futilely trying to destroy them, they could have opened a new market long before anyone was interested in services like Napster. Even now, movies that have been pushed back time and time again are available online. The online community, however, is told by the studios that they must wait…for what reason? I’m a huge fan of the original “Cube”, so when I heard a sequel was to be released on July 24th, I called every store I could think of. They spoke as though I were crazy, “Cube 2? Uhh, not that I know of.” Yep, you guessed it…the film was completed, but it’s released was pushed back a year! I wanted the DVD, I wanted it badly and was ready to pay…but look, Cube 2 is now on Kazaa. Should I wait until the official release date, or download the film and rent the DVD at a later date? What would you do? Movies and music are not the only things going on in the world of the hacker though, Kevin Mitnick’s defensivethinking.com getting hacked is causing a lot of hullabaloo (whoa, Word 2000 actually has that word in its dictionary) on the internet. For more information, you can visit http://www.cnn.com/2003/TECH/internet/02/11/hacker.hacked.ap/index.html as of Feb. 11, 2003. Although it’s not really all that shocking, Kevin was not the webmaster, and no damage was done. Thankfully, he showed the world the proper way to react to a computer intrusion in which no damage is done, he wiped out the pages and said it was quite amusing. No customer information was exposed, no harm was inflicted, end of story. Then again, as Kevin said it is quite amusing that people think they’re king of the hill just because they can hack a Kevin Mitnick site. (For your consideration, they exploited a Microsoft flaw.) Cable modem’s and filtering is becoming more and more of a problem. If the article I penned above is not enough to convince you, take a look and see if anyone on your LAN has netbios port 139 open anymore. If you hop into an Optimum Online network, you’ll see everyone (miraculously) has their port 139 filtered…but wait, how is it possible that everyone took the necessary security precautions? That’s right, it isn’t. Optimum has begun using it’s gateway to filter certain ports that have been known to cause problems, most notably, http and netbios ports. Perhaps netbios is another “server” application, I thought it was just peer to peer, but I guess that’s just me. If Optimum says it’s a server, it’s a server. What this means is that even if you and a friend wanted to utilize port 139 for file sharing on the LAN you would not be able to, yet another service shutdown by the dictators at the cable company. Adding insult to injury, the original terms of service I agreed to mentions NOTHING about running servers. That means they can modify their ToS at will, and no matter what, I’m bound by them. I know there are still people who think that’s fair, but if we allow tactics such as these to continue, where will it end? Apparently right here, because that’s all for this issue. Before we close however, I would like to make a request. If anyone has read William Gibson’s newest novel, “Patter Recognition,” feel free to send in a review. Being his first book set in the present, I’m sure the hacker community would enjoy knowing whether it’s worth their time. Dozens of slashdotters have had various thoughts about it, but I’d like to hear it from a hacker perspective. Send a spoiler-free review to articles@hackermind.net. And maybe, juuuust maybe, we’ll send you thirty seven thousand invisible cartons of nothing! -screamer ============================================================================================ 11. *** Crew *** Editor in Chief – Screamer Chaotix Webmaster – Dash Interrupt Network Administrator – Leland D. Peng NT Specialist – Unreal Radio Specialist – w1nt3rmut3 Writers – Comrade Crane, JayX, Da Peng, Myopic, Leonard Cover Design/Layout – Screamer Chaotix Shout Outs – Linux lovers, Microsoft haters, Tony Almeida SEND ARTICLES TO – articles@hackermind.net W W W . H A C K E R M I N D . N E T