"The Untold Truth About Zyklon, The Security Specialist Trying To Make A Difference." Before I begin, let me introduce myself. I go by the name Fluxx. This article is a follow up to the article written by John Howell published on April 3rd. Clarification being the primary objective. The previous article contained a lot of what I like to call FUD (Fear, Uncertainty & Doubt) which usually comes from people lacking the proper information and/or knowledge. I have known "Zyklon" for 3 years now, and we are close friends. It sickens me to see some of the vicious slander that Mr. Howell spews out without knowing this to actually be fact. First of all, Zyklon was an alias he picked out a few years ago because it was catchy, not because he is some Nazi, like Mr. Howell describes him to be. Secondly, his goal is to educate network security administrators of the flaws that their servers are vulnerable to. As Mr. Howell so cleverly pointed out, it's hard to convince a company that they have been breached without them actually seeing the damage. What better way to prove it to a large company, other than to modify their corporate webpage? Sure, it still is illegal entry to computer systems, and some could also say damaging data, but that remains to be seen. I have seen countless system penetrations from Zyklon in the past, and he has always backed up their original html files, and patched their security vulnerabilities, another good point Mr. Howell declined to add. What I would also like to know is, why Mr. Howell is so proud of himself having "caught" Zyklon owning up to his "crimes" on IRC. Does he think IRC logs will stand up in court? I'm sorry to say my friend, they won't. There are many different kinds of hackers out there. Political Activist hackers who do it for a cause. Malicious hackers who do it to cause as much damage as they can, most commonly younger kids on a joy ride. Finally, you've got the average hacker who's curiosity gets the best of him, and all he strives for is to learn, secure and move on. Getting inside of a hackers head is a ride not many have the chance to take. Most commonly refered to as Generation-X techno kids, hackers are not always kids. I personally know hackers who are grandfathers. It has become a lifestyle in the 90's, and the world has finally come to realize that. As technology progresses faster and faster every day towards the year 2000, Internet and corporate network security tightens up ever so slowly. In most cases, that's thanks to people like Zyklon. The world wide web has become a huge medium for companies, and business is good. Customers appreciate stable tight security for their sites, they do not expect to pop up their webpage one Sunday morning and have happy faces all over it. Essentially, breaking down server security now, is the most efficient way in making people more aware of the rising threat. Classically, most webservers run or have access to some sort of cgi-bin directory, which contains many programs available to the advanced browsing user to issue remote commands to the internal server, to retrieve issued requests. Now for normal folk, they would never see these. They would have no need to see them, but for a hacker its the peephole staring directly into the soul of the machine. Mr. Howell also mentioned this, describing it as "a back door (a login that bypasses security) to give access to the Web site's main computer server". This is not entirely true. What occurs is the WWW server software has access levels it needs to fulfill to run one of the cgi-bin programs. A website that is on-line with one of the many vulnerable cgi-bin programs is now open to be exploited. This cgi-bin may be used to issue commands to the computer, remotely (not from the keyboard) to the operating system. A hackers light at the end of the tunnel, metaphorically speaking. Don't get me wrong, this isn't the only way hackers exploit systems. This is one (quite old technique) that STILL is vulnerable on thousands of machines spanning across the world. In the end, hackers will always be here, and like life has shown us, there are always good and bad points to every argument. Let us sit, and idly ponder why such brilliant computer specialists are not working for these large corporatations. Kinda makes you wonder what the current security administrators are doing, eh? Fluxx Born & Raised In Canada.