Randy and Craig (Taran King and Knight Lightning) did an amazing job with Phrack. It was an honor to write for them, and I almost never see them mentioned when people talk about the zine. The zine, and the St. Louis Summercons, were hugely influential. I'm still friends with a bunch of folks from that scene.
If it weren't for a timely late night phone call from Craig needing some more content for an issue, the Conscience of a Hacker would probably not have been written.
Howdy crap The Mentor itself... your Hacker Manifesto marked me as a kid in the 80s. It gave meaning to my life growing in a remote Mexican city where few people understood about computers.
Jesus and the Mary Chain, the Mentor himself in the flesh.
When I was a senior in college studying Anthropology and subcultures (specifically hacker culture), several of my roommates who were engineers and CS majors told me I absolutely needed to read your essay.
To this day, it's still one of the most influential essays I read about the culture and understanding the ethos of an ethical hacker. After getting involved in the scene in the late 90's, I found out reading your essay was almost a rite of passage.
It's an amazing work that is timeless and still resonates to this day.
Thank you for writing that. Those words spoke deeply to me and many others that wander these halls even so many years on. It is odd to look back on years later and happen across the author.
The same is sort of true of the mid-late '90s Phrack scene; I was skimming through some of the front matter on those issues and noticing how many people in the greets sections were people I'm still in touch with. Of course, this stuff got lucrative for us in a way that I'm not sure it was in the late '80s. But you guys had more fun than we did.
All this BBS talk takes me back to about 10 years ago, when I had a business encounter with a consultant engineer from IBM in Chicago. After our business meeting, we went to lunch and this gentleman dropped me off at my place of work in his car (IIRC, it was a Toyota Avalon with white leather interior). We had some small talk during the short drive - about some of my pet projects at the time and what I was doing outside of work, etc. He was very encouraging and appeared very curious. I appreciated that.
Little did I know at the time that I was in the presence of greatness and driving with a legend. He was Ward Christensen. I was so totally ignorant of his awesomeness that I'm ashamed. And so embarrassed now thinking about how vain I was talking to him about my barely getting my feet wet with Android application development. :$
That was my only encounter with Ward. I think I connected the dots a few months later when I read about him in 2600. (@Ward - If you are reading this, hi!! And my apologies for my ignorance).
I once hired this guy, whom I'd met at a 2600 meet up at Union Station in LA, to work for me at one of the first web-development agencies in California. I had him all set up as a sysadmin doing sysadmin'y things, got him a new SGI machine as requested, sat him in the corner and watched him type away happily, doing web-development/sysadmin'y things.
Little did I know that he was writing his seminal paper in a terminal on the side .. "Smashing the Stack for Fun and Profit" has gone on to be one of the most famous of Phrack articles .. if only I'd known, I would've asked to proof-read it first. ;)
I guess he's continued his career as a security researcher .. I really don't know. I extricated myself from that company back then and moved on, myself, to other things .. but it always amuses me to remember looking over his shoulder and seeing MIPS assembly up there and wondering "hmm.. what does this have to do with the website we're building, hmm.." ;)
AlephOne was CTO of SecurityFocus which was acquired by Symantec back in 2002. He stayed on until 2011 and is now at Cisco.
Oh the golden days of #phrack and #2600 in the 90's. Was a teenager armed with a dialup to a BBS with an IRC gateway. The modem so slow I would type lines and wait for the characters to catch up on the screen.
> I was so totally ignorant of his awesomeness that I'm ashamed.
I would speculate it's likely it made for a much more interesting conversation for both of you than if you had been aware of his accomplishments. You also got a much more interesting anecdote as a result of that.
FWIW I hadn't heard of him until your comment. I suspect for every one person I have heard of there's at least a hundred I haven't heard of whose accomplishments are no less great.
Unless you are a narcissist, it must really suck to be so famous that you can never have a conversation with anybody in a symmetric fashion.
In my college days, I often hitchhiked to places instead of taking the train. It was just more fun to talk to people of various kinds.
One day on my way back from a trade show about the future of technology (1992?), I get picked up by this chain smoking hippy guy in an old beat up Ford Escort.
We had a pleasant conversation. And then it suddenly hit me that I was talking to a famous (in my country) radio comedian.
And that’s where the conversation stopped.
It was exactly as you described: I just felt embarrassed talking about mundane stuff like the full color flat LCD panels that were so cool.
After reading the "smashing the stack for fun and profit", I got interested in reverse engineering. The most fun tutorial was from lena151[0]. ARTeam had published several papers for beginners and advanced reverse engineers. Deroko who was a member of the ARTeam had published an article about PEB hooking[2] and was sited from phrack[1]. I miss hacking and reverse engineering. I would like to go back to those times if time would allow me to do so. Sometimes, I end up reading this article[3] again and again.
e-zines that were transmitted over dial up modems via BBSes back in the days before WWW took off seemed so deliciously subversive.
One night I came across an e-zine that shared a BBS phone number for my city. I made several attempts before giving up. An hour later cops showed up at my door. It turned out I was phoning a secondary number for 911. I got pranked pretty good!
Much of the early work on buffer overrun exploitation was published in Phrack. The article Brandon Baker and I did for IEEE Security and Privacy had a sidebar on "Nontraditional literature on buffer overruns" that's got some greatest hits like AlephOne’s Smashing the Stack for Fun and Profit from 1996 [1] and The Advanced return-into-lib(c) Exploits from 2001 [2]. Over the years, a surprising number of people have told me that this was their favorite part of the article!
"Smashing the Stack for Fun and Profit" is the reason why I work with computers nowadays. I don't even work in security - this is the article that made me realise computers are full of wonder.
That article brought the knowledge to the security scenes, but pirates cracking video games have been exploiting that for a while too. Those familiar with Morris internet worm also knew about it. This as I can really was the first place that broke it down where you could learn it yourself without a guide. It's also one of my favorite as I knew about it, but didn't know how to personally craft one till I read that.
Buffer overflows are common, but control flow injection through memory corruption has a weird little history. You don't see them in the record until RTM's worm (HN connection: pg and rtm were best friends at the time, and pg was a bit player in writeups about the worm). Then: nothing, for 7 years, until Thomas Lopatic publishes the HPUX httpd overflow in '95. It's not like the intervening 7 years were quiet ones in computer security; '88-'95 was more or less the golden age of computer hacking.
The overflow bugs I knew about were used to crash the operating system. They were submitted to DEC who presumably fixed them. As far as I know, using them to inject code hadn't occurred to anyone yet.
Right, there is definitely a longer history of memory corruption vulnerabilities; for instance, there's an old rdist vulnerability that exploits an overflow to overwrite a global variable. What's interesting to me is the initial idea of control flow injection, and how long it took that idea to percolate through to exploit developers.
I was doing software security semi-professionally before the 8lgm Sendmail 8.6.12 vulnerability that set off the modern buffer overflow craze, and worked with a bunch of people frantically reconstructing that exploit (which wasn't published) --- the authors of the first x86 stack overflow vulnerability included my future business partner at Matasano, Dave Goldsmith.
It was light night and day! Before overflows, there was a whole variety of different "kinds" of exploits (you got some command injection with metacharacters, for instance with SunRPC services calling popen and system, but you also got "overwrite a file" or "leak a file" or things like that). Afterwards, it was just: every machine on the Internet had remote code execution via overflows.
It used to be feasible to calibrate an stack exploit for a remote service, for which you didn't even have source, in an hour or two of tinkering. It's crazy to think of how far things have gone since then.
Indeed! Reading those issues, for me, is a stream of shock and awe but always learning because the contributors generally give sufficient instructions to perform/confirm their achievements yourself.
Example ... about halfway through Issue 0x02 it is casually mentioned, "You will find by running ‘qemu-system-i386 -fda pocorgtfo02.pdf’ that the PDF file you are reading is also a bootable disk image." o_O !
Memories come back of the time when Phrack Magazine and digital copies of The Anarchist Cookbook were shared via IPXCOPY.EXE or floppies at 10Base2 LAN parties or other scene gatherings. Interesting ISDN hacks and also ntpwc.c and other things were published in Phrack back then. It's almost like looking at a vintage car magazine now.
The "Paper Feed" section has 2 articles from 2018 and 2 from 2017. The most recent, "20 Years of Escaping the Java Sandbox" [1] is exactly what 16 year old me loved about phrack back in the day.
Well yes, the zines will have a bunch of shellcode and command shell scripts and (from the looks of it) code of some trojans and the like. This will get flagged by AVs, etc.; but that's to be expected, really. :)
While we're talking "old skool" hackerdom, does anybody know/remember Voyager, of the "Hacker's Haven" BBS? I spent so many hours on that site back in the mid to late 90's, making the long-distance dial-up call by beige-boxing off a COCOT phone in a gas-station parking lot, in the wee hours of the night, hoping no cops would pull up and wonder what was going on with the super-long phone cable running from my car to the payphone.
For anybody who wasn't around back then, a "beige box" wasn't actually a "box" involving tone generation like a blue box or a red box. It just meant clipping onto the red and green wires in the demarc box and connecting to an RJ-14 plug to plug into a phone. It worked well with COCOT's (Customer Owned Coin Operated Telephones) because the phone line for a COCOT was just a regular line that you could make long distance calls on. The mechanism that made it a pay-phone was all contained inside the phone itself, as opposed to a "telephone company payphone" where the actual line itself was special. Thos were the ones you could use a red-box on, to simulate dropping quarters into the phone.
Read this all the time as a kid. This was the best. Thanks for making my life in the middle of nowhere infinitely more interesting. You showed me what technology really was.
many moons ago, i was able to escape the restricted shell of the first internet provider in my country, type the magical incantation cat etc/passwd and watch the file scroll on my screen. Then panic, exit the shell, make some dumb gopher search for my class. Never felt so alive until i ... for the first time with my girlfriend :-)
Thank you phrack, could not have done it without you!
(i mean the first thing, Phrack was good but not that good!)
And the fortune it cost. My Amiga based local BBS had a pile of them and most online fellows had one while I couldn't even afford a Zyxel but had to connect through a terrible 2400bps unknown name one. Thankfully it had at least Zmodem which was almost new then. Good ol' times...
I picked up a secondhand 300 baud modem for my Commodore 64 when I went to someone's house to buy some games. It was like some kind of mysterious magic when I actually connected to a BBS.
Later my parents got the long-distance phone bill... And my fun was somewhat dampened.
I had fun thinking about what the different color 'boxes' were e.g. blue boxes, beige boxes etc. I don't think I ever used a blue box, but I messed with payphones and tapped into landlines pretty easily
Think I can safely say that without Phrack I wouldn't have gotten as into computers as I did and never would have had this successful career that followed.
If it weren't for a timely late night phone call from Craig needing some more content for an issue, the Conscience of a Hacker would probably not have been written.