The silent war - combat evolved: Hacker Personas

Persona

Ian Mariano — Mon, 09 Aug 2004 23:25:00 GMT

re: The silent war - combat evolved: Hacker Persona's

Mark — Mon, 09 Aug 2004 23:47:00 GMT

This commentary was obviously aimed at improving Microsoft's image. ;-) Please remember Bill Gates was nothing more than a hacker in a garage when he started Microsoft. When talking security lets try not to give into the mass (left wing) media's stereo typing of all computers hobbists. Not all hackers are bad and not all Windows' is secure. If you didn't leave the door WIDE open, you wouldn't have to worry about unwanted visitors coming in and foregoing your right to sue on the grounds of tresspassing & breaking and entering. >;-P

re: The silent war - combat evolved: Hacker Persona's

Robert Hensing — Tue, 10 Aug 2004 00:09:00 GMT

Q: What's the difference between butt-kissing and brown-nosing?
A: Depth perception

Q: What's the difference between a hacker and a 'hobbyist'?
A: Morals and ethics - both of which hackers demonstrate a lack of but presumably a 'hobbyist' would have.

This is also largley why I agree that companies (any company) should not hire known / convicted hackers to come in and do anything security related for a company. As a hacker (either known or convicted) you've demonstrated (probably) a lack of morals / ethics that as an IT person I would unsettling were I to grant you the keys to the network and say 'go'. Just because you're good at breaking in to an organization doesn't meant you're good at securing that environment, the skill sets at best are orthogonal. Just because you can shoot a gun and kill someone doesn't make you qualified to become a surgeon to save their life.

Kevin Mitnick and Ira Winkler debated this very topic at RSA 2003 in San Francisco last year and it was very entertaining. I fall squarely in the Ira Winkler school of philosophy.

My intent with this post was not to assign blame here, but merely to paint the security landscape for readers who may not know anything about this world I'm attempting to describe. I'm never going to outright assign blame for a problem, I'd rather talk about what the problem is and come up with a solution. It's what I do - I solve problems.

You seem to think that just because something isn't as secure as it could be, that it's perfectly okay to do whatever you want just because you can. I find that alarming. See my point on morals / ethics.

re: The silent war - combat evolved: Hacker Personas

Tim Long — Tue, 10 Aug 2004 13:36:00 GMT

I'm very much enjoying this series of articles and learning a huge amount already. Please keep them coming and feel free to be as politically incorrect as you dam well please!

One question: you keep referring to "leet speak". I can see the origins in simple numberic substitutions but I can't unserstand the phrase. To make sure I properly understand and enjoy the presentations, please could you say a few words about where this term comes from? (ignore the peels of laughter from all those who are already in the clique, I don't care).

Thanks,
--Tim Long

re: Leet Speek

TristanK — Tue, 10 Aug 2004 15:25:00 GMT

How it was explained to me the first time I encountered it (I read the alpha translation right, but figured there was something I missed because what the heck is "eleet"?)

A) The Kids Don't Spell Right
B) They Use Alpha Subsitution
C) They Don't Care If They Don't Spell Right

LeetSpeek:
Q: 4re y0u n0t 1337?
A: j00 will ph34r my 1337 sk1llz! 1 4m 4 1337 H4x0r!

English Translation:
Q: Would one say that one's pretty good?
A: Rather! You should be afraid of my skills. I'm an elite hacker, you know!

1337 = leet. it began as 31337 == eleet == elite, but got chopped.

re: The silent war - combat evolved: Hacker Personas

TristanK — Tue, 10 Aug 2004 15:27:00 GMT

For more wonderful information on Leet, check Wikipedia:
http://en.wikipedia.org/wiki/Leet

re: The silent war - combat evolved: Hacker Personas

Jeroen Frijters — Tue, 10 Aug 2004 18:58:00 GMT

Nice feature that DLL help database, but it would be better if it was actually up to date...

re: The silent war - combat evolved: Hacker Personas

Steve — Tue, 10 Aug 2004 20:16:00 GMT

Changing the subject to the really important part of your post - the first sentence. I thought you might appreciate this.

A few weeks ago I got home from work and found my wife checking plane ticket prices online. I noticed that the date range was November 5th to 14th. :-D Two things went through my head - in this order:
1) She's going to be gone for our 10th anniversary :-(
2) She's going to be gone when Halo 2 releases :-D

Even better, since we home school our kids I'm going to have to take the week off to continue their schooling. 8-D Wahoo! I wonder how fast I can their lessons done on the 9th - I bet I'll be able to do it faster than my wife does.

More Windows Security Stuff

Bob.Yexley.Blog — Tue, 10 Aug 2004 22:55:00 GMT

re: The silent war - combat evolved: Hacker Personas

Moi — Wed, 11 Aug 2004 10:49:00 GMT

Interesting blog.

Here's one question I've never understood - user X installs his Windows OS from CD and now has a bright, shiny new Windows, with a bunch of known vulnerabilities. Being a conscientious sort he knows that he has to go to Windows Update and sort this out. What's to stop his machine being compromised even as he's doing this?

re: The silent war - combat evolved: Hacker Personas

Doug — Wed, 11 Aug 2004 15:33:00 GMT

I think you left out a more siginficant group of hackers and motive: Spam.

There is a big incentive to infiltrate and use machines as mail relays for spam.

The silent war - combat evolved: Hacker Personas

Welcome to Flaphead.com @ Home — Wed, 11 Aug 2004 16:13:00 GMT

Just Changed my password

The Skelly Blog — Wed, 11 Aug 2004 17:18:00 GMT

re: The silent war - combat evolved: Hacker Personas

Robert Hensing — Wed, 11 Aug 2004 18:41:00 GMT

Regarding what's to stop a virgin Windows XP installation from getting hacked while the user is installing the 40+ post SP0 critical updates for that platform, the answre is 'windows firewall'.

If the user builds the OS from the CD and enables the windows firewall BEFORE connecting to the Internet and browsing to the Windows Update web site - they have very little to worry about.

re: The silent war - combat evolved: Hacker Personas

Phil Renouf — Wed, 11 Aug 2004 19:29:00 GMT

Maybe the Windows Firewall will help (or another firewall product), but the right answer is to download the latest service pack and hotfixes from a system that is already patched and up to date, burn them to CD and load them on the new machine before plugging it's network connection in.

I know I have (and I'm sure you have) seen machines get a virus, worm or trojan before you even get a chance to log in the for the first time.

Phil

re: The silent war - combat evolved: Hacker Personas

Jeremy Brayton — Thu, 12 Aug 2004 00:24:00 GMT

http://geekswithblogs.net/jbrayton/archive/2004/07/29/9033.aspx

You get paid to do this kind of stuff, yet I have to shell out CDs or whatever to fix the computers of friends.

The Windows Firewall is remarkable. It's keeping their system stable. It's XP Home. No SP. No patch. No nothing. Vulnerable as a baby's ass at a NAMBLA parade. The firewall is keeping the hacker at bay for now until they find a way around it. Now that SP2 just got released I just have to burn a CD with that on it rather than burn SP1 plus the umpteen million patches released since then. (Download.Ject anyone?)

One thing I don't like is how the term hacker evolved. In the days of Kevin Mitnick, a hacker generally meant a person who "knew a lot about a computer". Now it's only purpose is a retard who spends every waking hour trying to break into a computer.

I prefer to be lumped with the old school term. When I want to figure out how my radio works, I take it apart (hack). When I want to find out how Windows works I proceed to take it apart (hack). I don't necessarily go breaking into systems.

I will admit though that I was once in hacker persona #2. I broke into systems usually just for the knowledge value. Working my way around a SCO system was different than the slackware box I was using. It was a chance for me to learn new things and sadly I jumped at it even if it meant jail time. I never brought down any computer or network but my acts had no morals or merit.

An Admin that rises out of the hacker ashes is one that can best understand both sides of the equation. I find that my little stint at breaking into systems made me understand how to protect myself from such intrusions. You say the 2 things aren't related but if you dig deep enough they really are. It's all in how you process the information. When you break into a system if you reverse engineer what is happening you can devise a way to protect that very same system.

I remember vividly breaking into a couple of Redhat 6.0 default installs (with the big wuftpd 2.6.0 exploit) and patching them. I did nothing else but break in and update what the lame administrator couldn't do themselves. How would you like a hacker to do that? Then again you wouldn't because they might demand money for services and it also makes you look like a complete tool for letting it happen in the first place.

Then again there's no proof I did anything I just said. ;)

re: The silent war - combat evolved: Hacker Personas

Steve Hiner — Thu, 12 Aug 2004 00:40:00 GMT

Just the other week I had to clean up a system because the user decided to use Windows Update right after a reinstall. Pretty annoying that he got infected while trying to do the right thing.

It's unfortunate that Microsoft decided to disable the firewall by default. Most users have no idea that the firewall is even there, even fewer know they need to enable it after a fresh install. Enabling it by default might result in more support calls but at least there'd be a lot fewer infected systems out there trying to infect the rest of us.

re: The silent war - combat evolved: Hacker Personas

Moi — Thu, 12 Aug 2004 12:01:00 GMT

Who mentioned Windows XP? Anyway, didn't XP come with the firewall disabled by default until... well, fairly recently? Of course, if your firewall protects you anyway, why apply the fix (assuming it would not be possible to get hit via a trusted source, such as a computer within your own network)?

Actually Phil I'm not sure I could work out how to get Windows Update to download the fixes instead of trying to install them. I guess it is possible, I've never dug deep enough to find out how to do it though. What about your average user who just has the automatic update thing turned on? This also assumes that one can get one machine updated in order to download the fixes before it is compromised itself (it is kind of a chicken-egg situation). Maybe in this case a *n*x machine would be recommended ;-)

Given that it is possible to fall victim to <insert latest discovered vulnerability here> when connecting to the 'net to get the latest fix for that vulnerability from Windows Update, I guess what I'm saying is that I don't think the idea of Windows Update being on the 'net is entirely a good idea. Better, IMO, would be the possibility of dialing up your local MS centre and getting the fixes direct, rather than going through a public network (I suppose one would have to trust that MS keep their networks free of worms and so on...). Having it on CD is the best solution, but the cost to MS of sending out however many million CDs it would need to would be astronomical.

re: The silent war - combat evolved: Hacker Personas

Robert Hensing — Thu, 12 Aug 2004 16:33:00 GMT

On retail XP we had a wizard which ran and if during the install of the OS we detected that you were connected to the Internet we enabled ICF so it was not 'disabled by default' as you imply, it just wasn't always successfully enabled.

XP SP2 turns on the firewall by default on all adapters all the time and has new boot-time security policy that gets applied as soon as the firewall driver loads.

re: The silent war - combat evolved: Hacker Personas

Phil Renouf — Fri, 13 Aug 2004 16:49:00 GMT

Hey Robert,

Why the heck did MS decide to break NMAP with SP2? That was a bit of a surprise!

Phil

re: The silent war - combat evolved: Hacker Personas

Calvin — Mon, 16 Aug 2004 05:07:00 GMT

You left out a rather important type of hacker, "One who is proficient at using or programming a computer; a computer buff."

Not all hackers have malicious intents.

However your advice on passwords is pretty darn good. A special character or two is also a good defense against password cracking http://www.sysopt.com/articles/win2kpass/table.gif

re: The silent war - combat evolved: Hacker Personas

Siddharth — Tue, 17 Aug 2004 01:15:00 GMT

Ugh, just post the whole thing already and quit stalling. I wanna see some new stuff :)

/Siddharth

Don't Use Passwords says Microsoft Guru

Stuart Radcliffe — Tue, 17 Aug 2004 10:29:00 GMT

If you want your system to be secure you shouldn't use passwords. Who would make such an obviously stupid statement? Surprisingly, the answer is Robert Hensing of the Microsoft PSS Security team.

Don't Use Passwords says Microsoft Guru

Stuart Radcliffe — Tue, 17 Aug 2004 10:34:00 GMT

If you want your system to be secure you shouldn't use passwords. Who would make such an obviously stupid statement? Surprisingly, the answer is Robert Hensing of the Microsoft PSS Security team.

Modern malware and the big, bad, scary internet

Bob.Yexley.Blog — Thu, 19 Aug 2004 17:17:00 GMT

Is my son a budding hacker?

Aaron Margosis — Fri, 20 Aug 2004 17:16:00 GMT

My 3.5 year old is starting to read. He pointed to a stop sign and read "S, T, Zero, P". I didn’t think we were teaching him 733t speak. Is he going to be a hacker?

What is really happening on your Windows system? Port Reporter

Tim Rains' WebLog — Thu, 02 Sep 2004 23:54:00 GMT

Another Good Article about Security from Robert Hensing

Walt Ritscher: Thinking about code — Wed, 22 Sep 2004 17:18:00 GMT

Knowing the enemy in information warfare

Bill Knaus' Blog — Mon, 25 Oct 2004 16:41:00 GMT

Anatomy of a Veritas BackupExec Agent Browser hack via TCP 6101

Robert Hensing's Incident Response WebLog — Thu, 27 Jan 2005 20:48:00 GMT

The silent war - combat evolved: Hacker Personas

Blogger Tom — Sat, 05 Mar 2005 01:18:00 GMT

From:http://weblogs.asp.net/robert_hensing/archive/2004/08/09/211383.aspx Okay, yes, I admit - I'm a little too excited about Halo 2 (note to XBox geeks out there, schedule your vacation NOW for around the launch of Halo 2 in November and make sure your XB live account...