Information Security News mailing list archives
Unix Security -- HOPE 2000
From: William Knowles <wk () C4I ORG>
Date: Fri, 21 Jul 2000 04:57:25 -0500
********************************************************************* HOPE 2000 (H2K) by Carole Fennelly I finally attended my first "hackers" convention this past weekend in NYC, HOPE 2000. Well, that's not exactly true. I only allocated one day (Friday) for the con since I had tons of other work to catch up on and, frankly, I didn't expect much. I was, however, looking forward to meeting up with some friends and I hoped that I could at least settle that burning question: "What is a hacker?". I had company -- my partner, Jon Klein, and our summer intern, Thaylin. We also met up with Brian Martin (Jericho), founder of Attrition.org (home of the definitive Web defacement mirror). Scott Blake, who recruits and manages hackers for Bindview, presented the first scheduled talk: "Selling Out: The Pros and Cons of Working for 'The Man'". Unfortunately, I missed the first half, which Brian tells me offered some useful advice for people unfamiliar with corporate life. Scott apparently made some good points about non-disclosure agreements and contracts -- information anyone entering the industry should possess. I wish someone warned me when I started out. Another valuable piece of advice: Don't lie! If you have a past that is likely to catch up with you, be up-front about it. Scott also advised the audience to be in control of the interview since it is *their* skills which are in demand. I really didn't think it necessary, nor advisable, to feed their already-inflated egos. A major point that I disagreed with though, was the motivation for "selling out": Money. While it certainly is a factor, a person with little job experience should look beyond the instant gratification and consider the type of experience they will gain. Yes, it all comes down to money eventually, but the real payoff may be further down the road. Overall, it was a good presentation for the newcomer to corporate life. High School Horror Tales This had the potential of being a good panel discussion, but -- featuring four high school kids complaining that their teachers and school administrators pick on them -- it missed. Deal with it and quit whining. I'm sure there are real horror stories, such as kids getting suspended or prosecuted by an ignorant administration; but, they seemed to consider adults the enemy -- too bad since only adults can fix the problem. However, audience members made some good points, and were, in fact, more interesting than the speakers. I see the same problem with high school technology programs that plague the entire IT industry -- not enough qualified people. Is a technically competent IT professional really going to teach in a high school for a fraction of the pay they would get at an industry job? MTV: How Did it Happen? For those lucky people who never saw it, MTV produced a special last year titled "True Life: I'm a Hacker". Unfortunately, I did sit through it and it was truly awful -- take my word for it: http://www.projectgamma.com/news/archive/1999/october/102999-0323.shtml http://www.2600.com/news/1999/1019.html This panel discussion, led by Weld Pond (@Stake) and TommEE pickles (ex-MTV employee), debated where MTV went wrong. The general consensus seemed to blame the media for portraying hackers in such a negative light. I'm sorry, but some of the people who participated in the special -- namely Mantis and Shamrock -- did their level best to live down to the stereotype. Case-in-point: Mantis demonstrated his elite hacking skills by downloading a copy of "The Matrix". Oh, yeah - that makes you a hacker all right. It seems to escape many hackers that they are largely responsible for the negative image given to them. Don't blame the media for buying into the garbage you feed them. Hactivism -- Terrorism or a New Hope? Basically, this was a left-wing, liberal diatribe that the Internet should be free for everyone and that companies should be forced to share their resources with the less fortunate. A political activist and street demonstrator, ShapeShifter, just found a new medium to disrupt. The Internet should be free to everyone! Corporations are the enemy! Disrupt them in any way possible to "get the message out"! A BBC reporter commented to me, "How do they [the hackers] expect us to get it right when this is what they serve up to us?" DoS attacks cannot be focussed, and often affect the less fortunate people more than the big corporations. The Legal Panel/DeCSS and DMCA This panel focussed, primarily, on the legal battle between 2600 magazine and the MPAA. If you weren't already aware of the issues, this panel provided little enlightenment. The impression I got was that 2600's defense strategy for making DeCSS source available was to claim it is a free speech issue. It sounded like they were looking for a loophole, which doesn't help to win supporters. The DeCSS issue is a serious one, but it looks like yet another "Free Kevin" campaign for 2600. Bryan Pfaffenberger wrote a good article on this topic for Linux Journal: http://www2.linuxjournal.com/articles/currents/016.html Becoming the Media -- How the Web Is Changing Everything Space Rogue (founder of HNN and former member of L0pht) and Macki (webmaster of 2600) led an informal discussion about online journalism. I found this discussion of particular interest and enjoyed participating along with Kevin Poulsen (editorial directory of SecurityFocus) and other media writers. An Australian audience member brought up a point that I hear often: Writers tend to focus on American issues and forget that their audience is world-wide. Cracking the Hacker Myth: A Scientific Study to Find the Real Story I had been bugging Brian Martin all day to share some of his amusing and cutting observations with the audience at large. When he finally did in this presentation, I missed it. Later, at the bar, I asked him about it after several people commented on his participation and referred to an absurd survey that he challenged. Brian remarked: "There are no accurate statistics or studies about hackers, so this noble group is stepping forward to spend their own money to do just that. Spending their own money to attend conferences and conduct surveys, they are researchers and scientists so they will get it right. When asked how many people would be involved in the survey, and more importantly how they qualified their participants as hackers, the best they could come up with as an 'answer' was a couple more minutes of meaningless babble that did not even begin to answer my questions. Oh, did I mention they are spending their own money to foot the bill of this project?" Wrap-up at the Bar Most "professional" conferences are focussed on the talks and presenters. They get on stage, present material and field questions. End of story. H2K was a bit different. People from the audience lined up at microphones to add their opinions and observations to the topic at hand. Often (especially in the case of the high school kids), the audience speakers were far more intelligent and entertaining than the scheduled speakers. A reporter sitting next to us commented that she learned more from sitting with us at the bar than from the speakers. So, what did I learn from my one day at a hacker con? Well, I learned that trying to define "hacker" is like trying to define "real" rock music. Everyone has their own perception of a "pure" definition. While I think disco and rap were an evil plot by aliens, there are people who consider them a form of rock music. To each his own, I suppose. Hackers have been labeled "criminals", "activists", "pranksters", "geniuses", "subversives" and "innovators", to name just a few. Which is the correct label? Shuffle the deck and pick one. Chances are, it'll fit someone at a hacker con. Would I go to another hacker con? Absolutely -- and next time, I'll plan to stay longer. Oh, not for the talks. With a few notable exceptions, they were quite disappointing but I really enjoyed the offline discussions with people who think "out-of-the-box". Then again, I only spoke to the type of people that I would enjoy speaking to but I guess that's the definition of "hacker" that fits -- the one you seek. Resources A matter of degrees Let the punishment fit the crime. http://www.linuxworld.com/linuxworld/lw-2000-03/lw-03-devnul_3.html Judge silences Websites in Linux DVD 'hack' case Free speech or piracy? http://www.linuxworld.com/linuxworld/lw-2000-01/lw-01-dvd.html Protest draws attention to DMCA The movement against the Digital Millennium Copyright Act is just beginning. http://www.linuxworld.com/linuxworld/lw-2000-03/lw-03-dmca.html ZDNet reviews Jello Biafra's Keynote at H2K http://www.zdtv.com/zdtv/cybercrime/hackingandsecurity/story/1,9955,2598 712,00.html Why Hactivism doesn't work http://www.zdtv.com/zdtv/cybercrime/spyfiles/story/0,9955,2000164,00.html Brock Meeks H2K wrap-up (MSNBC) http://www.msnbc.com/news/435153.asp Why DefCon Beats H2K (ZDNet) http://www.zdnet.com/zdnn/stories/comment/0,5859,2604580,00.html ************************************************************************ About the author ---------------- Carole Fennelly is a partner in Wizard's Keys Corporation, a company specializing in computer security consulting. She has been a Unix system administrator for almost 20 years on various platforms, and provides security consultation to several financial institutions in the New York City area. She is also a regular columnist for SunWorld (http://www.sunworld.com). Visit her site (http://www.wkeys.com/) or reach her at carole.fennelly () sunworld com ********************************************************************* http://www.itworld.com ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Unix Security -- HOPE 2000 William Knowles (Jul 23)