phrack.org:~# cat .bash_history ==Phrack Inc.== Volume 0x0b, Issue 0x3d, Phile #0x04 of 0x0f |=---------------=[ P R O P H I L E O N D I G I T ]=-----------------=| |=-----------------------------------------------------------------------=| |=------------------------=[ Phrack Staff ]=-----------------------------=| |=---=[ Specification Handle: DiGiT AKA: digit, eskimo, icemonkey Handle origin: its not a funny story catch him: digit@security.is Age of your body: 22 Produced in Reykjavik, Iceland Height & Weight: 192cm, 80kg Urlz: none Computers: 2 laptops, 3 intel machines, indigo II, and a sparc station Member of: smapika international Projects: Mostly just stuff for my work and school related things. |=---=[ Favorite things Women: brunettes, blondes, and I prefer they have charisma, ambition, independence, intelligence, sense of humor Cars: German of course ;> Foods: Italian, asian Alcohol: beer, vodka/coke Music: trance/techno, rock, classical Movies: Pianist, godfather, Dune, LOTR, Bad boy bubby, Happiness Books & Authors: Urls: I like: Achiving my goals, honesty, integrity, wachyness I dislike: Waking up very early in the morning, constant rain, stuck in an office all day, fake people |=---=[ Life in 3 sentences No fear. Never give up. Never surrender. |=---=[ Passions | What makes you tick I like to set myself some sort of goal and try to achieve that within a certain amount of time. Being able to be my own boss is probably my greatest passion. I don't like to take orders and I value my independence greatly and the ability to do whatever I want is pretty important to me. In the past I basically quit everything to do almost nothing but computers/inet/hacking. I did that since I was around 16 until I was 20. I audited code around the clock, hacking, wrote exploits, and chatted with my friends on irc from dusk till dawn basically. The biggest experience for me was probably meeting the people that I did and the influence they had on me to improve myself. I probably have meeting antilove/RawPower and crazy-b at the top of my list with regards to that and they both really influenced me a lot and they probably provided me with my greatest experience with regards to hacking. |=---=[ Which research have you done or which one gave you the most fun? None much more than any other. Whenever I found some bug or something that I knew was unknown and the satisfaction of exploiting it was a lot of fun. --=[ Memorable Experiences I will never forget getting run over by a bus when I was 14 and having to stay in a hospital for 3 months and the frequent trips for another year afterwards pretty much is something I will never forget. Also the fact that the longest strike of Icelandic highschool teachers in icelandic history was happening at the exact same time I was stuck in a bed in a hospital. Installing my first Linux system(back in '94 i think) and thinking that the installation floppy shell prompt from the slackware distro was basically a full installation of slackware ;> I had hardly any previous experience with Linux at the time. Spending an absurd amount of time at my computer doing crazy stuff for no other reason other than to get the get the best rush imaginable. Meeting crazy-b for the first time on the same system we were both hacking and then deciding to meet on irc and becoming friends in the process. When crazy-b had to go into the norwegian army he wrote a small program that was a rudimentary irc client that piped input from an irc channel to a script that sent an sms to his phone with the input and also him being able to send an email to his address that piped the content of the mail to the irc channel. This way he could still irc from his mobile phone despite being in the army ;> Meeting the great antilove back in '97 and getting some private samba warez ;> Having antilove visit Iceland twice and doing lots of cool stuff with him like rollerblading, hunting for smapika, acting stupid, him teaching me how to lockpick, finding new bugs, writing exploits, teaching me how to bluebox, etc. Totally destroying my car when me and antilove were driving to a kfc in 2001 because some girl ran a red light at about 80km/h in the morning and then laughing about it the entire day for some reason. All the security.is weekends with the exploits we wrote and the bugs that we found together and with the trademark security.is hamburgers as made by portal. Having lots of fun with mikasoft and ga when they visited Iceland for new years a few years ago and especially when mikasoft was teaching yoga at a new years eve dinner my family was throwing. Also the duck liver paté was disgusting. Going to France with Icelandic friends and meeting a lot of hackers in Paris and having like 10 guys sleeping in the smallest room you could imagine. Then taking a cool train trip from Paris to montpellier and meeting a lot of other hackers and just totally invading montpellier and taking over an internet cafe for a week ;> Also hanging out at the beech with the amazingly cool french guys and starting a fire and drinking beer and listening to good music. Going to the club La Dune on our FIRST night in montpellier with all the french hackers/etc and buying a lot of champagne for everyone and antilove and nitro buying a ton of vodka for a group of like 20 people and just partying the entire night and watching all the non french people make total asses of themselves. Same night at La dune I will never forget witnessing Candypimp going beserk after drinking way too much and trying to jump into the ocean and then disapeering. we called the police to search for an 'insane' drunk Icelandic person that couldn't speak english anymore and who thought he was in his home city of Akureyri and not 50km away from montpellier and probably even didn't know where we were staying! JimJones was really drunk that night too and he passed out on some tree before waking up again and deciding to take a piss. He went into some ditch and somehow he managed to piss all over himself! If I remember correctly me, nitro, and antilove had to remove his clothes that night because he was too drunk to do it himself. He was then called pissman for the duration of the trip ;> Going to Las vegas with Starcon for blackhat and defcon and actually PAYING for blackhat but I only went to 1 speech(halvars) because my brother took the time to come down from Seattle to visit me. Going to defcon and seeing how amazingly commercial and fake it really is. Just look at the shit being sold there and all those stupid t-shirt stands. The coolest thing about defcon was the K2 party where a lot of people were hanging out and it was a very memorable night and I had nice talks with a lot of cool people. A recent jimjones visit to Iceland where we really didn't do anything except relax and drink beer and eat some BBQ. We also enjoyed a very nice viewing of bad boy bubby which I recommend to anyone that wants a good laugh and some insight into the world of jimjones(based on his lifes story). |=---=[ Open Interview [can give as much detailed answers here as you like] Q: When did you start to play with computers? A: I was probably around 12 years old when I got my first real computer. Q: When did you had your first contact to the 'scene'? A: Boy... I guess it is probably sometime in 1995 and I got involved with some "hackers" doing some questionable things ;> I think I started off by joining #hack on IRCnet and also #shells on efnet(ehrm! ;>) Q: When did you for your first time connect to the internet? A: Was at my school when I was probably around 13 years old and we had a 2400 baud modem and some old dial up program called kermit, i think, that we used to call some line at the Icelandic university. It was basically just a direct connection to a hp-ux box and someone tought me how to use ircii and so basically my first experience with the Internet was also my first time with irc. Q: What other hobbies do you have? A: I like to do stuff with my friends,go see movies, fish, read, go out for drinks, and just anything that comes up. Q: ...and how long did it take until you joined irc? Do you remember the first channel you joined? A: Again this was not very far between since I started irc pretty much the same time. I believe the first channel I joined was #iceland. Q: What's your architecture / OS of choice? A: Im so used to intel so I really can't pick anything else and Linux is still my preferred OS although i have netbsd here somewhere. Q: What do you think about anti.security.is and non-disclosure? A: anti security was a good idea but ultimately it was a failure. The reason it failed was that the people that supported none-disclosure and took part in antisec discussions were constantly arguing amongst themselves about a lot of stuff some of which was for good reasons but also stuff that was totally out there and eventually it lead to antisec dying. I personally believe that none-disclosure is the way to go and I have believed that for some time now. I don't judge people that disclose because I remember disclosing bugs/exploits at one point and so I am not really in a position to flame people that continue to do so. I mean antisec also had some stupid information in some areas specifcally about the true reasons behind antisec were not to create some greater security in the world or something like that which was mentioned in the FAQ and we took a lot of crap for. It was to keep security research where it belongs, with those that actually did it and at most a small tight knit group. That basically meant that people that found bugs, wrote exploits, and hacked wanted to keep their exploits/research private so that they had some nice private warez for some time ;> Full disclosure is for equally selfish reasons because it really boils down to two things: fame and money. People think, rightly so, that by releasing bugs or exploits that they become recognized among their peers and that might eventually lead to a job in security or something like that. People that say they release bugs/exploits for the good of the world or something like that are full of shit. Q: What do you think about the right of other 'research' groups to forbid other organizations the use of their exploits ("Copyright on exploits")? A: Seriously who would care about a copyright header on some exploit? People would use it anyways. Q: What do you thing about full-disclosure. Is it important or dangerous? A: I know I don't like it and there are a lot of good reasons why it sucks. It ruins bugs! ;> And there are some negative "world issues" because every hacker that wants to make a name for himself will try to write an exploit for it and subsequently release it. Maybe he doesn't release directly to BUGTRAQ but he gives it to lots of "friends" which leak it of course and soon enough its everywhere. What happens next is that every script kiddie and some more advanced script kiddies will use the exploit and deface sites, ruin stuff, and then soon a worm will appear. I do not personally have anything against those things per se but I'm sure a lot of people do. If the vulnerability is unknown or kept private such things would not happen. Full disclosure can definetly be really dangerous and we all know that the people that discover bugs in software aren't on some quest to secure software for the good of the world. They do it for themselves. Also why should hackers do the job for software companies and even if they publish they risk getting sued or something? I also hate all those full disclosure policies that say you need to give a vendor a month or something before publishing and all the other stupid rules. My advice: don't disclose - avoid the hassle. I do however agree to some of the arguments about the necessity of full disclosure. I can't remember any right now so forget that but ultimately full disclosure of any vulnerability is the fuel the drives the information security companies that don't care about anything except their bottom line. Q: If you see or hear about various protection meassures against hackers such as grsecurity, PaX, Owl or strong encryption (SSH, SSL or IPSec) do you think hacking will still be possible in the future? What kind of vulnerabilities will people focus on in the future? A: If we assume that all these programs are successful in stopping most buffer overflow attacks and it has become 'impossible' to evade these programs then just new types of vulnerabilities will be discovered. Logic bugs in programs are just as dangerous as buffer overflows and so hacking will of course be possible in the future the only thing that will change are the vulnerabilities and the methods. Q: How do you feel when yet another XSS vulnerability hits the media? (Do you have a regex covering XSS postings in your spam filter?) A: blah Q: What will hacking in the future look like? More complicated or easier? A: no idea. Q: You have been in the scene for quite a while. If you look back, what was the worst thing that happened to the scene? What was the best that happened? A: This "scene" always comes up. I never followed any specific scene or anything. I was just chatting with my friends and hacking with them and that was about it. Although I guess the commericialization of everything in the scene was probably the worst thing that happened. Didn't bugtraq get sold for millions of dollars? A mailing list! And companies buying exploits how low can u get? Q: If you could turn the clock backwards, what would you do different in your young life ? A: My young life? Portal calls me grandpa. I guess I would go back a few years into the past and avoid losing contact with my old friends. =---=[ One word comments [give a 1-word comment to each of the words on the left] Digital Millennium Copyright Act (DMCA): blabla security.is : sleeping Georges. W. BUSH : war Companies buying exploits from hackers : silly IRC : burp Hacker meetings : colorful Full Disclosure Policy : pseudo anti.security.is : dead Whitehats : dingdong |=---=[ Any suggestions/comments/flames to the scene and/or specific people? Do what you want to do and don't let anyone control you. |=---=[ The future of the computer underground What is the computer underground anyways? People talk about it as if it were some very formal and controlled thing or something. The computer underground as I understand it basically just consists of various groups and places people hang out at and talk and do stuff together in small seperate groups. I have no idea where it is gona go in the future. |=---=[ Shoutouts & Greetings I wana send a big hello to: security.is, antilove(miss u bro), crazy-b(beware of hermaphrodites), cleb(rest in peace man), old ADM pals, JimJones, old #hax guys! stealth, sk8(freesk8.org), mikasoft, ga, ace24, ig-88, ghettodxm, scut, horizon, duke, cheez, starcon, lkm, nitro, bawd, wtf, kewl, joey, Synner/m0nty/Kod/Jackal(crazy greeks) and everyone of my other old friends that I haven't talked to in years. |=[ EOF ]=---------------------------------------------------------------=|