Security CommunityLa communauté des experts sécuritéen savoir plus

SecurityVibesQualys Community

Left content

Interview de Mixter au H2K2 NewYork

auteur de l'article Aurélien Cabezon , dans la rubrique Menaces

Commentaires Commentaires fermés sur Interview de Mixter au H2K2 NewYork

Mixter est un ancien « hacker » renommé, il est l’auteur des attaques par déni de service sur Yahoo/eBay/Amazon en 2000. Il était au Meeting H2K2 à NewYork, il nous livre ses impressions.

AC: Can you tell me more about H2K2 itself ? what did you think of the conferences ? which were the main subjects ?

MIXTER: H2K2 (Hope, which happens bi-annually since 1994) is a conference meant to be an alternative to the hacking mainstream with less newbies (such as defcon) and less oriented around the white-hat scene and security companies, rather than grassroots ideas from the hacker community.

I suggest you take a look at the speech schedule on H2K2 because the speeches were so diverse. Some interesting new and not-so-new technologies were discussed, much of which oriented around

privacy and crypto, along with philosophical discussions and updates around topics like the Free Kevin movement, the big brother state, and copyright issues.

AC: who are the most interesting people you met at the H2K2 ?

MIXTER: It is always fun and interesting to meet up with cDc people because they are such a diverse crowd. I managed to meet some chinese developers, and other people from foreign countries which was very interesting since it allowed me to hear new viewpoints. Also, many of the speakers are extremely interesting guys and quite a few of us knew or got to know each other.

AC: which level of skills do they have ?

MIXTER: It entirely varies. It’s not just the amount of skill but the level of dedication to their goals and the effort they put in achieving their own self-chosen goals. Mind you, many of these goals are not directly commercial, however they do make sense. The whole atmosphere was not at all like a hacking competition where you try to look at the other’s skills and evaluate them, though I’m sure a lot of skilled people were there.

AC: Here there any products presented you found interesting ?

MIXTER: Well, H2K2 is not about releasing company products anyways, which is why it avoids the whole marketing hype. There weren’t many actual programs released either, just updates on the status of projects. As speeches with some actual products or code behind them, I found the presentations about Password Probability Matrix, Secure Telephony, Sealand, and Open Source Security Testing interesting.

AC: Hacktivismo announced on its site that it would present during H2K2 a new software called Camera/Shy. Did you worked on this project ?

MIXTER: Actually, if I did anything about C/S it was joining in the discussion and trying to brainstorm about core ideas, and the solutions to the kind of privacy problems that you find in totalitarian countries.

I didn’t work a lot on this project other than beta-testing, and The Pull really is the main author. We have a ‘separate actions’ mode of work at the moment, which is why I almost alone implemented the Six/Four network.

Though Six/Four is different in that it will be a long term effort, and I do need lots of developers, contributors and testers to get involved now.

AC: why are they interested in that kind of software ? What is the goal ?

MIXTER: Our officially stated goal is to improve human rights through the means of technology. Simple as that. We also support freedom of speech and freedom of information. Why these ideals are so important may be revealed from a little article I wrote about a year ago: mixter.void.ru/jfs.html

AC: Do they themselves use steganography to communicate ?

MIXTER: Hacktivismo has security policy and makes sure that what needs to, stay secure and confidential stays secure and confidential. Though those of us who don’t live in totalitarian countries just need crypto, not stega.

AC: Was there a statement about Camera/Shy during H2K2 ? Was it presented, officially or unofficially ?

MIXTER: It was presented and released officially. Please see http://www.hacktivismo.com

AC: How did the people react to the product and how was it presented ? Live demonstration ?

MIXTER: Yes we had a live demonstration. You should be able to get the whole cDc thing in movie format along with other speeches in a few weeks from the H2K2 crew. What can I say, the girls threw their panties…

AC: I heard about a software elaborated by the firm NetIQ. It is supposed to detect and shut down Camera/Shy. Do you know more about that product ?

MIXTER: Actually I don’t care about NutIQ or however they are called. Camera/Shy is about hiding content over a network, NutIQ released a virus scanner for detecting camera/shy locally which does not make any sense as it is not a virus and cannot be used maliciously to damage the users PC. So this claim is totally unfounded. It’s like releasing something that deletes Internet Explorer from your HD and saying you found a bug in IE.

AC: Moreover, how was it possible to developp a product so quickly ? (that would mean that people from hacktivismo or CDC had given explanations about Camera/Shy before it was on line to NetIQ ?

MIXTER: They just waited for the release and made a signature of the .exe file. Doh.

AC: Are there connections betweeen CDC/hacktivismo and some people in NetIQ ?

MIXTER: From our side, no! It seems like Netwhatever would seem to like having a connection to CDC/hacktivismo to get some of the fame for advertising themselves.

AC: Do you know if the people who elaborated Camera/Shy intend to react to the development of that NetIQ product ?

MIXTER: We will have some funny response ready I guess, maybe some local encryption that renders their software unusable, or who knows, we might code a virus scanner that detects and safely removes NutIQ software from your HD.

AC:Did you hear anything about CdC members wishing to help american authorities after the september attacks from last fall ?

MIXTER: I can just say I have an intention to work against terrorism by fighting against control of information and censorship in those countries which manipulate their citizens enough to develop the grounds for raising future generations of terrorists — however, separately from the authorities’ efforts.

AC:Do you have any current project within Hacktivismo ? if yes, what kind of product ?

MIXTER: Yes, the Six/Four System. This is my prime project.

AC: Do you know of any other famous hacker/white hat organizations who attented the meeting ?

MIXTER: A lot of them did, actually… check the speakers’ schedule for some profiles of interesting people and their groups.

AC: Do you know how the people participating or organizing H2K2 consider other hackers meetings (such as BlackHat, Defcon or CCC) ?

MIXTER: As I said above, many of us know each other, and it’s great to come together and talk and find common goals and visions. You always get to know new people, of course. Although they may be famous most of them are very friendly and open and you can freely exchange ideas (I’mreferring to most of the officially listed speakers for H2K2). Kudos to Emmanuel Goldstein and 2600 for giving us the opportunity to get together, talk about projects, exchange our ideas, and have a good time.

AC: Do you think those meetings are a good place to be for hackers or are there more intimate places where people show their real skills during challenges and so one … ?

MIXTER: Certainly.. but the way to get involved in the community is to start your own project or to contribute to existing projects, preferrably those which you consider to make sense or which are important for you. When you start off by that, any of those conferences can give you many opportunities and resources to find new people and ideas and expand on your work.

AC: Thank you very much Mixter, any word to add to this interview ?

MIXTER: Free Analyzer

Vous avez aimé cet article?

Cliquez sur le bouton J'AIME ou partagez le avec vos amis!

Notez L'article

Participez ou lancez la discussion!

Les commentaires sont fermés.




Ce site est une archive des messages à SecurityVibes de Septembre 2000 à Juillet 2014. S'il vous plaît visitez le Qualys Community pour les dernières nouvelles.