IdeaMonk

thoughts, ideas, code and other things...

Friday, April 10, 2009

Back then, the year 2003!


Out of all the worms that have come up, I'm very fond of MSBLASTER. No matter how huge the Storm Worm was or how well the Conficker worm comes into media, it was MSBLASTER that really kicked me into Computer Security.
Back then, I was just another 15 year old school boy, trying to find ways to get into friends' mail accounts, trying to access things which we are not supposed to. And, yes! I too tried to contribute to the quest of knowing how this worm works. So, I wrote a small description of whatever I could uncover from the worms executables and put it up on Astalavista. Boy-o-Boy things were so open those days and newbs like me were so welcome to do all this.
Soon after that, I received comments from more knowlegeable beings, about how the worm actually exploits RPC-DCOM vulnerabilities in Windows. Thats where the fun began - exploits. Though, I haven't ever found/written any vulnerabilities/exploits yet, but using them was great fun. You felt as if you're a god in a windows NT/XP network. School was the best place to try it out. And things like updates & patches were not so automated back then, even on a dial-up in Delhi, you could find loads of Windows XP and 2000 systems that would be vulnerable to RPC-DCOM exploits. KaHT2 has a right to be mentioned here. What's that... hmm its the best a script kiddie could have had... a multithreaded scanner for RPC-DCOM exploits :) [ Psst.. it works even now on old Win 2000 systems at ASE Bangalore :P ]
Hmm so back then,
Astalavista used to be the best place to look for the latest in Hacking/Computer Security. Phrack used to be for gods in this field. SecurityFocus used to be a nice place to get yourself pumped up. milw0rm wasn't that famous, irc.gigachat.net was popular, #whackerz was exciting. K-OTIK (French IT database) was a great place to look for exploits, it was something that milw0rm is now.
K-OTIK evolved into FrSIRT in 2005, and now we get to read news titles like - "FrSIRT puts up exploits for sale" and it is called VUPEN Security these days. Astalavista doesn't excite you anymore. But Dancho Danchev is still upto the good work on Malwares and Crimewares. He still writes a great deal of indepth analysis on malwares these days. The last issue of Phrack was released in April 2008, there has been a great slowdown and lifelessness on Phrack's side. The Underground Myth from issue 0x41 is a nice read on changes that took place. 2600 doesn't bring anything to the mind apart from "the frequency of John Draper's whistle" and "oh yeah there is a zine called 2600, but I'm not gonna purchase it", which is damn good.
So where have all these Hacker's gone ? I believe this short article puts some points to explain it. As far as I see it, the cowboys of computer security are either gone into making money with botnets and malwares OR most of them have become security professionals working for corporations. The ones that remained must've become one of those people who run computer security training programs to survive. Yeah, some of the wrote books too - Ankit Fadia. And, Indian media propelled him to heights, which is something to be sad about. Even his first book had a copy pasted windows 98 password cracking tutorial. The day I read that chapter, I just came back to my PC and looked for the tutorial, and there it was, posted by an anonymous hacker on internet, copy pasted into a book by Fadia. Have fun reading Attrition.org's page dedicated to Ankit. some more...
But all that they teach you is old garbage that gives you an overview and idea on how things work in the world of Computer Security. You don't see the BUZZ now, you don't get the adrenaline rush anymore. All because things have become less open. Add to that, the everlasting contest between Black Hats and White Hats have made the systems more and more secure. To be able to write a new exploit of your own, you would be spending much more time now compared to back then. That's why we hear about commercialization of exploits these days.
DDoS, worms and botnets are still hot topics. Defacements too continue to happen almost everyday. Zone-H still inspires people by letting black hats show off their defacements :)
Dancho Danchev's blog still gives an interesting look into what happens these days.
But, the meaning of the word Hacking has changed for me a lot. Back then the picture of Kevin Mitnick would come upto my mind... back in 2006 I would swear by the words in Jon Erickson in "Hacking - the art of exploitation", which described a hacker as the one who finds unconventional ways to do things and in turn creates technology that changes the world.
These days, I see definitions of a Hacker, as the one projected over Hacker News. I see a Hacker as someone who creates something new, who uses the knowledge and skills to benefit people from the power of technology. I see the Open Source movement to be full of people I can call Hackers. I see a founder of a start up as someone I can call a hacker. I find Wozniak style creative people as Hackers :)
Well, I would like to say that "Hacking" associated with Computer Security, is not yet dead, for malicious intent is still alive. The Security Industry would too survive as long as malwares and worms like Storm worm and Conficker keep making the news.
People hear about how insecure Windows is, and how Linux doesn't have virii and worm issues, but as Linux becomes more and more popular, this might create enough reasons for some people to write virii/worm for Linux. That would be a nice scenario to look at. I believe due to its open-ness Linux doesn't leave any chances for an Anti-Virus Industry to mushroom over it.
Well, all that I wished to say.
Thanks to VX-CHAOS file server for still keeping the article I wrote on MSBLASTER.
You can get aonther copy of it here - mirror. Have fun reading, kind of things I wrote 6 years back (which was a not so accurate :P )
So, how was my ride into Hacking, well, I had great fun using some good exploits, took keyloggers a step further with Project Keynet (never released in public :( ), well its nothing but a Keylogger communicating with PHP based control server, much more like a botnet, so that I get to see live keyboard activity of any computer around the world.
And, this summer I get back to developing some interesting security apps and offensive tools , as my internship ;)
.

Labels: , ,

1 Comments:

At April 10, 2009 at 3:24 AM , Blogger l0nwlf said...

Awesome post ....
Inspiration bulging from each and every pore of it :D

 

Post a Comment

Subscribe to Post Comments [Atom]

<< Home