Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Know Your Enemy, 2nd Edition 103

Posted by timothy from the about-5'10"-and-arrogant dept.
Ben Rothke writes "Within law enforcement, establishing a modus operandi is one of the crucial things that can make the difference between finding a criminal and not. For example, a daylight murder with a single bullet to the head is quite different from finding a decapitated and mutilated body in a ditch. While both victims are equally dead, the manner of their deaths is radically different. So too with computer crime; knowing the modus operandi of the attacker can mean the difference between finding the perpetrator and not. In Know Your Enemy: Learning about Security Threats, the members of the Honeynet Project have written an excellent security reference that can enable one to begin to understand the motives of those who are attacking and compromising their systems." Read on for the rest of Rothke's review.
Know Your Enemy : Learning about Security Threats (2nd Edition)
author The Honeynet Project
pages 742
publisher Pearson Education
rating 8
reviewer Ben Rothke
ISBN 0321166469
summary Observe intruders without putting your data at risk by building a tempting honeynet.

KYE was not written by a single author, rather by The Honeynet Project. They are a group of 30 individuals with complementary technical and legal skills. This diverse authorship creates a book with an abundance of valuable information.

The book details setting up a honeypot (a single host designed to gain the attention of network intruders) and a honeynet (a network designed to be penetrated to understand the motives of the attackers). If you can get an intruder to attack the bogus network, the double benefit is that 1) the attacker can do no damage to production data, while 2) his activities are being monitored, and with analysis can be understood.

The book's premise is that it is not simply enough to know you have enemies; you need to understanding what exactly it is they are doing, how they are doing it, the tools they are employing, and their objectives. Armed with such information, a company can ensure that they are best using their resources to defend and defeat their enemy.

This is the second edition of KYE and honeynets have changed significantly since the first edition came out. With that, the first five chapters of the book goes into what exactly a honeynet is, and then explains the differences between first and second-generation honeynets. The main difference between the editions is that the first edition focused more on honeypots, or individual hosts. The second edition expands that to networks meant to be broken into, namely honeynets.

The opening chapters also go into details about the specific value of honeynets. For those that entertain the idea that their honeynet is going to enable them to catch the next Kevin Mitnick, they will be clearly disappointed. The main benefit of honeypots and honeynets is information. Information is power, especially in computer security. For most hackers, their greatest fear is not necessarily getting caught, but rather having someone watch and gather information on them without their knowledge. And that is exactly what a honeynet attempts to do.

Chapter 8 (written by an attorney from the U.S. Dept. of Justice) concludes part one of the book with a look at the legal issues involved with honeynets. There are legal issues that one needs to take into consideration before rolling out a honeynet. Failing to take their legal issues to heart can change a honeynet from being an invaluable forensics tool into an expensive legal liability. Those in the corporate arena are well served to work with their legal counsel before deploying a honeynet.

Part 2 (chapters 9-15) goes into the important area of analysis. Collecting data, after all, is only the first part. Analyzing it and making sense of it all is the difference between an experienced detective and a Keystone Cop. The analogy is real in that a honeynet is a potential crime scene.

Data analysis and forensics are crucial in that it is the only way to interpret the various types of data involved. The key for those involved is turnout and extracting different types of data and turning that data into valuable information. Effective forensics enables digital investigators to know the difference between an innocuous attack and a malicious one.

While Part 2 is the most technical section of the book, Part 3 (chapters 16-21) attempts to explain the sociological reasons why whitehats and blackhats do what they do. Just as Clarice Starling in The Silence of the Lambs was able to profile Hannibal Lecter, knowing a profile of your adversary is crucial in containing the damage he can do. Identifying and understanding those attacking your system is just as important as the technical and analytical skills you will use in exposing them.

Know Your Enemy is a unique book in that it details how not to simply install and configure security devices, but how to use those devices to ensure a much greater level of security. It shows how you can take an offensive approach to computer security and to understand the mindset of the attacker. That is something not easily found in other books.

The CD-ROM that comes with the book includes 10 of the book's 21 chapters, a number of informative white papers, all of the open source tools that the authors use, and a video about honeynets.

Those who enjoyed Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Clifford Stoll will similarly find KYE entertaining and invaluable.

The companion web site for the book is honeynet.org/book. In and of itself, it is a great website, and complements a great book.

Overall, KYE is a most informative book on a fascinating subject. Unlike many computer security books, KYE is light on theory and screen dumps, but heavy on valuable and useful information on security hosts and networks from adversaries. If you are looking for a proactive way to secure your corporate network, Know Your Enemy is the perfect place to start.

You can purchase Know Your Enemy : Learning about Security Threats (2nd Edition) from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.
This discussion has been archived. No new comments can be posted.

Know Your Enemy, 2nd Edition More

Know Your Enemy, 2nd Edition

Comments Filter:

  • Not to be confused with "No, Your Enemy" (Score:3, Funny)

    by Anonymous Coward on Tuesday August 10, 2004 @05:03PM (#9934004)
    My dating guide for single guys.

  • before you know it.... (Score:5, Funny)

    by Crzysdrs ( 801722 ) on Tuesday August 10, 2004 @05:04PM (#9934014)
    We will be getting arrested on code profiling!

    Programmer: I swear I didn't do it.
    FBI: Well, you have a different style of formatting your code, we know it was you.
    • We will be getting arrested on code profiling!

      Maybe. Or maybe we'll just send these people [apple.com] around to pay you a visit.

    • Just remember, the real Sal Wise programs in italics
    • you need to understanding what exactly it is they are doing, how they are doing it, the tools they are employing, and their objectives.
      Many hackers will buy this book. They will analyse the structure of the honeypot and honey net used to detect them. The will alter their strategy so as to counter this. They will use new tools so as to minimize detection and make it harder for analysts to profile. Though their objectives will not change there methods will, and many will mask their behaviour so as not to a

  • Hope its better than the first. (Score:5, Insightful)

    by j_kenpo ( 571930 ) on Tuesday August 10, 2004 @05:08PM (#9934062)
    I remember the first KYE, and I remember the most annoying thing was the last section was a huge dump of IRC logs from a bunch of script kiddies. While it wasn't a bad thing to get to know the enemy, I don't think it warrants the whole last 1/3 of the book being dedicated to it, maybe as an appendix. From the authors description it sounds more like this book is geared towards the wonders of the Honeynet.

  • Simulation... (Score:2, Interesting)

    by Short Circuit ( 52384 ) *
    Has anyone ever made a door game that simulates hacking into a network? It'd make for an entertaining addition to a BBS.

    The other alternative could be to set up a honeynet behind a firewall, either using VMWare or old hardware, and give users access to (some) of the systems.

  • Could someone elaborate on legal issues? (Score:5, Interesting)

    by Tibor the Hun ( 143056 ) on Tuesday August 10, 2004 @05:09PM (#9934074)
    While "Chapter 8 (written by an attorney from the U.S. Dept. of Justice) concludes part one of the book with a look at the legal issues involved with honeynets. There are legal issues that one needs to take into consideration before rolling out a honeynet. Failing to take their legal issues to heart can change a honeynet from being an invaluable forensics tool into an expensive legal liability. Those in the corporate arena are well served to work with their legal counsel before deploying a honeynet." is legally a teriffic summary, could someone (legally) elaborate on the illegalities of honeypots and nets?

    • Re:Could someone elaborate on legal issues? (Score:5, Informative)

      by stratjakt ( 596332 ) on Tuesday August 10, 2004 @05:15PM (#9934141) Journal
      Look up the wiretapping laws in your state/jurisdiction. It varies from place to place. In some states it's legal to tape your phone calls, in some it requires that both parties agree to the recording. (Ie; Linda Tripp running afoul of MD's wiretapping laws when she taped Lewinski)

      Same types of things apply to the internet.

      You think you have some hacker dead to rights, and wind up being sued. You know, those "rights to privacy" slashdotters are always on about - other people have those too.

    • Re:Could someone elaborate on legal issues? (Score:4, Informative)

      by plcurechax ( 247883 ) on Tuesday August 10, 2004 @05:16PM (#9934147) Homepage
      could someone (legally) elaborate on the illegalities of honeypots and nets?

      The many issue is for government (and perhaps government contractors) running honeypots/honeynets and the legal definition of entrapment.

      The rest is mainly a risk taking or adversion decision. At the very least a criminal caught using evident from a honeypot/net may launch a lawsuit.
      • At the very least a criminal caught using evident from a honeypot/net may launch a lawsuit.

        If I were a corporate IT director, I would absolutely not be concerned about this. As other posters have explained, it is not entrapment. A criminal has no reasonable expectation of privacy on someone else's property. If the intruder sued, the corporate lawyers would use every stonewalling tactic in the book, then launch a counter-suit for the intrusion. In the United States anyway, the one with the better lawyer wi
        • Its not so much if they have an expectation to privacy, but do you have a right to record it, just like was already mentioned in some states you can't tape a call you receive. On top of that, never underestimate the litigious nature of the United States and a felon winning a case because his 'rights' to commit a felony were infringed upon.
        • If the intruder sued, the corporate lawyers...

          Sorry I wasn't clear, regardless of whether the lawsuit has merit it does tie up employee time, gathering and presenting evidence, and spends corporate dollars rather than contributing to profitable activities like developing and selling products.

          A risk-adverse organization will avoid this expense whereas a larger organization that determines that it stands to gain from understanding its attackers, and so it may consider it a jusitifible expense.

    • Re:Could someone elaborate on legal issues? (Score:5, Interesting)

      by ewhac ( 5844 ) on Tuesday August 10, 2004 @05:22PM (#9934218) Homepage Journal

      Others have already pointed out the wiretapping statutes you can run afoul of, but there are other concerns as well.

      For example: you deploy a honeynet for forensic analysis. A blackhat enters your network and, as you watch it happen, sets up a child porn server.

      What is your liability in this case? Aiding and abetting? Accessory? Heck, it doesn't even need to be as heinous as child porn -- it could simply be a w4r3z repository, in which case you could face contributory infringement charges.

      Schwab

      • The chapter mentioned child porn, and suggested that the administrators should quickly contact law enforcement if they find this on the network.
        • Wow. Just... wow.

          I could not imagine calling the police and actually telling them that there is illegal material on my network. And even if I did, I would fully expect them to look at me as the main "person of interest."

          There is no way I'd be that trusting. But that's just me.

          John

      • Re:What's the point ? (Score:4, Informative)

        by minas-beede ( 561803 ) on Tuesday August 10, 2004 @06:36PM (#9934874)
        I think your example is probably close to what the book says (not having seen the book.) It's also a rather improbable scenario and seems to imply that if your honeypot/honeynet is vulnerable you bear some sort of liability that you wouldn't if it was just your desktop system that was abused in the same way. I don't understand that, and I also don't think such liability has ever been asserted in any case nor found to have existed by any court. I'm guessing the lawyer is Richard Salgado, who's issued this warning before. Notice that the nature of the warning he gives is that someone succeeds in committing abuse through your honeypot, which is not the goal when you set up the honeypot and is not normally what happens when you set up a honeypot. I think Salgado tries far too hard to find a problem where none exists - but then he's the lawyer, I'm not. (come to think of it, though, that's just how lawyers are.)

        I don't think the wiretap laws apply: you aren't tapping a wire, you're watching traffic deliberately sent to your system. Your system, let me repeat.

        I don't think entrapment applies (not even for law enforcement) the honeypot/honeynet is simply created, not advertised, and the felons seek it out on their own. That is not suggesting to someone that they commit a crime and then arresting them when they do. It's less a crime than for a shapely policewoman to wear a revealing red dress in a bar and then arrest a john who propositions her. If LEAs are worried about entrapment let them not set up honeypots. The book is for non-LEA people anyway.

        P.S. I think that, many years ago, I saw that policewoman. Seriously.
      • I don't think that wiretap laws come into this at all. Let's just remember the recent case where a provider of an email service opened and read email messages sent by users of his service. If I remember correctly, the judge found in favor of this creep. His reasoning was that wiretapping laws covered messages being 'transmitted'. As the emails were on the server and read from what was stored, not what was being transmitted, there was no breach of the wiretap laws. Think the same thing would apply in this c

    • Re:Could someone elaborate on legal issues? (Score:4, Informative)

      by nlawalker ( 804108 ) on Tuesday August 10, 2004 @05:25PM (#9934256)
      IANAL, and I may be completely wrong here, but I'm just kind of curious. Parent brings forward a good topic for discussion.

      How are wiretapping or entrapment even applicable? If a honeynet is a secure network (in this case, very light security) and is broken in to by a cracker, snooped around in, and exited, is this not synonymous to someone breaking and entering your home and leaving evidence at the crime scene? No one says that the network has to have a big sign over it that says "Honeynet - Hack here and you'll be caught!" For all anyone knows, it really could be a protected resource, so it's not like you're luring that burglar into the house and having the cops wait for him. As for wiretapping laws, the cracker has illegitimately accessed your system, and any information he leaves behind now exists on your storage property. Who's to say you can't use that information?

      • Re:Could someone elaborate on legal issues? (Score:5, Informative)

        by afay ( 301708 ) on Tuesday August 10, 2004 @06:05PM (#9934631)
        As far as I can tell, entrapment would not apply at all in this case. Entrapment actually has a fairly strict legal definition. Giving someone the opportunity to commit a crime is not enough. The crime must have been suggested by government agents (police, FBI, whatever) and the person must have been unwilling to commit the crime before the agents talked to him/her (they had to convince him).

        A good example of entrapment might be someone who had a regular job, but was very short on money. If the police approached him to make a quick drug sell and earn an easy $5000 and the individual wouldn't have considered selling drugs before the police approached him (upstanding citizen, etc.), then that would be entrapment. Honeypots/nets are only providing an opportunity to commit a crime and don't fit the other two conditions of entrapment.
      • If a honeynet is a secure network (in this case, very light security)
        If you deliberately deploy a less secure network (one that you designed to raise flags on automated scanning tools), then that could be viewed as the legal equivalent to leaving an open window in your house in front of a table with a pile of cash on it. You're inviting a potential criminal to pursue the "low hanging fruit".
    • I looked at the PDF of Chapter 8, and it seemed a little vague. It stated that intruders do not have a reasonable expectation of privacy and owners have a right to monitor their networks, but that there could still be some issues, especially on government-owned networks. They recommended a banner saying that by logging on, the user consented to monitoring. It was still a little confusing; I would have liked to see an example of a court case that found in favor of the intruder.
    • I think Kevin Mitnick can :-) At least he had the time to think about it...

      I have also read The art of deception [amazon.com] by Mitnick. I think people enjoying KYE [amazon.com] will enjoy Mitnicks book as well.

      ---- Friendly request to visit this site [elliottwave.com] if you're interested in elliott waves.

  • Honeypot/Honeynet? (Score:5, Funny)

    by grunt107 ( 739510 ) on Tuesday August 10, 2004 @05:12PM (#9934103)
    So... my #1 suspected enemy is Winnie the Pooh!!!

  • Definition (Score:4, Funny)

    by nlawalker ( 804108 ) on Tuesday August 10, 2004 @05:12PM (#9934106)
    Honeynet (noun): 1. Used to replace another noun indicating a network resource that has been Slashdotted in order to indicate slowness. Syn. Molassesnet, Ketchupnet. Ant. Local Area Network. Usage: "Fsking Slashdot! This place is a honeynet now."

  • How does it compare? (Score:4, Interesting)

    by plcurechax ( 247883 ) on Tuesday August 10, 2004 @05:12PM (#9934107) Homepage

    Is it worth / recommended for the owner the first edition to buy/read the 2nd edition?

    How does it compare to the "additional material" originally presented in Honeypots: Tracking Hackers by Lance Spitzner (member of Honeynet Project) which was to address the growing and changing nature of honeypots and the early evolution of honeynets?

  • I enjoyed Cuckoos Egg years ago.. (Score:5, Interesting)

    by dan dan the dna man ( 461768 ) on Tuesday August 10, 2004 @05:14PM (#9934132) Homepage Journal
    but I wouldn't use it as a textbook on "knowing the enemy" in a modern network environment. Your comparison worries me enough to warrant me not buying the book you're reviewing..
    • Why does it worry you so?

      • Re:I enjoyed Cuckoos Egg years ago.. (Score:5, Insightful)

        by dan dan the dna man ( 461768 ) on Tuesday August 10, 2004 @06:09PM (#9934660) Homepage Journal
        Because Cuckoos Egg is light on technical details, and is really throwaway, populist fluff. It wasn't written for a technical audience, just a curious one.
        If I want a book to tell me about network security I don't want it written in laymans language - I want it written in a language a competent systems administrator appreciates. It's not about NAT'ing your home system, it's about protecting a network...
        It's a bad parallel to draw as far as I'm concerned. Cuckoos Egg was a great book compared to some of the other books on "Hacking" that proliferated in the early 1990's, but it was never a manual on keeping your systems secured. The internet was a very different beast when that book was written.
        • If I remember correctly, I read that entire book in one long session--it was that *good!*

          I found it a fascinating account of Cliff Stoll's efforts to nab the patient, methodical computer cracker who was halfway around the world in another country with only a small, overlookable anomaly as the only clue that starts the pursuit in full swing.

          I should still have it lying around somewhere (along with Steve Levy's Hackers) so that I could re-read it(them) someday....

          Bryan Taylor
          iamcf13@hotpop.com
          SpamByte cod

  • Honeynet and Hacker Psychology (Score:5, Interesting)

    by cbelt3 ( 741637 ) <cbelt AT yahoo DOT com> on Tuesday August 10, 2004 @05:25PM (#9934252) Journal
    Interesting note in the article : "For most hackers, their greatest fear is not necessarily getting caught, but rather having someone watch and gather information on them without their knowledge. And that is exactly what a honeynet attempts to do. "

    Reminds me of what happened to Gene Hackman's character in The Conversation . I personally think that it's more of a challenge / territorial thing- that once hacked, you become motivated to try again without getting caught. Kind of like a Respawn... I agree with the article that the primary purpose is not to 'catch' the hamsters, but to learn their patterns as they race around in their safe little wheels.

    As far as organizing the system, why not set it up like George Carlin's old joke - When they put you on hold, they play music. Why not just connect all the people on hold together, and let them talk to each other ?

    • When they put you on hold, they play music. Why not just connect all the people on hold together, and let them talk to each other ?

      And charge them $4.95/minute.

      KFG
    • For most hackers, their greatest fear is not necessarily getting caught, but rather having someone watch and gather information on them without their knowledge

      I'd strongly disagree with that. I think that most hackers would place getting caught as being the pinnacle of bad things that can happen as a result of hacking.

    • Re:Honeynet and Hacker Psychology (Score:4, Interesting)

      by minas-beede ( 561803 ) on Tuesday August 10, 2004 @06:44PM (#9934935)
      Interesting note in the article : "For most hackers, their greatest fear is not necessarily getting caught, but rather having someone watch and gather information on them without their knowledge. And that is exactly what a honeynet attempts to do. " Agreed. On a volume basis it's likely that most abuse is committed by spammers. They've suurvived for years precisely because they have not been watched in any manner (at the abuse level - all the attention is focused at and after the destination server.) Do even the crudest honeypot you can think of as an anti-spammer tool and you very likely will succeed in gathering information the spammer would rather you not have. Set up an MTA that doesn't ever deliver anything - you'll trap the test messages sent by spammers (mostly in China, Taiwan, and Korea now.) (Guess how I know.) What the heck, here's one: the spammer sends his test messages to a231.b233@msa.hinet.net. A US spammer has sent tests to smtps1@transedge.com, another to meristar1@cox.net. A more complete open relay honeypot can collect spam evidence as well. All the spam that comes ot the honeypot is spam that doens't get delivered independently of whether the intended victim has any protection mechanisms in place or not. Then there's open proxy honeypots. A few people have done honeypot-like things with wpam zombie servers. It's still a field in which very useful things can be done...

  • Differences (Score:5, Funny)

    by errxn ( 108621 ) on Tuesday August 10, 2004 @05:37PM (#9934357) Homepage Journal
    For example, a daylight murder with a single bullet to the head is quite different from finding a decapitated and mutilated body in a ditch.

    Perhaps, if you happen to be a crime scene investigator and are used to this. For me, both of the above items would fit quite nicely into the "Jesus Christ on a Popsicle Stick, I Just Found a Dead Body, HolyShitHolyShitHolyShit!" category.

  • What gentle prose... (Score:5, Funny)

    by ryanvm ( 247662 ) on Tuesday August 10, 2004 @05:38PM (#9934371)
    For example, a daylight murder with a single bullet to the head is quite different from finding a decapitated and mutilated body in a ditch.

    Yikes - I hope you don't write the church newsletter.
    • For example, a daylight murder with a single bullet to the head is quite different from finding a decapitated and mutilated body in a ditch.

      So... It's like the difference between UT2k4 and Doom3?

      What does that have to do with anything? Am I missing the point?

      m-

    • Re:What gentle prose... (Score:5, Funny)

      by Rob Carr ( 780861 ) on Tuesday August 10, 2004 @06:31PM (#9934830) Homepage Journal
      For example, a daylight murder with a single bullet to the head is quite different from finding a decapitated and mutilated body in a ditch.

      Yikes - I hope you don't write the church newsletter.

      You're right. The church newsletter needs to be clear. The above example mixes elements of MO and signature. Signature is born of the fantasy life of the criminal - it's the sorts of things that don't need to be done to accomplish the crime.

      An MO might be using a 22 to the back of the skull - simple, effective, and it's not likely to leave a lot of blood spatter. This demonstrates criminal sophistication and planning.

      The MO of the body in the ditch would depend on the cause of death, but clearly the homicide is a case of overkill. One does not need to decapitate someone to kill them - severing the carotid arteries is sufficient, if a bit messy and more likely to create blood spatter and other forensic evidence. That would indicate a lack of sophistication. The mutilation and decapitation indicate rage and some of the fantasy aspects of the criminal, and are part of the signature. The presence of the body in the ditch might simply be convenience, but it suggests an attempt to further degrade the victim. Victimology might give us further insight into the criminal's thoughts. Is the victim the primary target, or is the victim standing in for someone else.

      A great book on this topic is the Crime Classification Manual [amazon.com]. It covers this in depth.

      Funny you should mention the church newsletter. I no longer write ours. Perhaps I wasn't clear enough.

      • I second the recommendation of the Crime Classification Manual, which was written by the guy at the FBI who is known for "profiling" serial killers. Suffice it to say that "profiling" criminals does not involve pseudo-ESP insights into the minds of the deranged, but instead involves the application of some common sense insights derived from large aggregations of data -- which is actually more interesting.

        By way of example, there are about 5 reasons someone commits arson: vandalism, thrill-seeking/pervers

        • there are about 5 reasons someone commits arson
          Forgot about tradition, as in our local, quaint yearly celebration of Devil's Night here in Detroit. ;)

          Jonah Hex
        • Isn't that known as "profiling"? I thought that was illegal.

          Let's get this straight - school burns down, it's OK to say it's a teenage male. Bank of New York explodes, it's not OK to say it's a middle eastern man aged 18-34?

          • Profiling is a very well-used tool in law enforcement. Profiling is only illegal when it involves race and other naughty issues.

            As a person who doesn't "get" racism at all, I believe that if sa 80% of Uzi shootings in Toronto are done by black males, 18-25 and 75% of 30-30 shootings are done by while males, 35-50 then when someone is shot with an Uzi, they might want to check the local black male population.

            Racial profiling can also be bad of course, and one must always remember the other 20/25% (in my m

  • Soda profiling. (Score:5, Funny)

    by mikeophile ( 647318 ) on Tuesday August 10, 2004 @05:42PM (#9934394)
    1) Set up soda machine in office.
    2) Track Mountain Dew purchases.
    3) Use data to identify potential "troublemakers".
  • The authors also point out that in countries with weak economies, e.g. Romania, hackers are often interested in financial gain. Not too surprising. If the computer-related job market keeps getting worse, I wonder if there will be an increase in hacking for money.

  • Follow the link, read the excerpts (Score:5, Informative)

    by tsm_sf ( 545316 ) * on Tuesday August 10, 2004 @06:34PM (#9934853) Journal
    The link provided (http://www.honeynet.org/book/ [honeynet.org]) gives two chapters of the book in PDF form. They are both well worth the read. Especially chapter 16 on profiling [honeynet.org]. WARNING: Like all works of sociology, it will make you realize that we are just monkeys.


    Still haven't used the links? Here's an excerpt from ch.16 that I find beautiful. Subject is an analysis of the Jargon File, believe it or not...

    One of the more surprising (and prominent) thematic categories to arise from the analysis is the magic/religion category. While this was one of the a priori thematic categories that we anticipated would emerge from the analysis, it is one that often surprises people who are not familiar with the hacker community. The most common comment that arises when this result is discussed is "You mean hackers are religious??? You've got to be kidding."

    The answer to this quandary can be found in the nature of the technology that lies at the heart of this counterculture. Many members of the hacker community deal with complex operating systems, program applications, and network architectures where it is often not possible to answer with certainty the question "If I perform action A, will the operating system/program/network behave precisely with result B?" That is, because of the complexity of modern operating systems, programs, and network topologies, there is a disconnect between the classical forces of cause and effect. Whenever you have a situation where you cannot logically reconstruct the linkage between cause and effect, you in effect have an instance of "magic."     (emphasis mine)
    • Magic is also what hackers refer to when they don't want you to know how they do something, just like ordinary tricksters.

      Guy1: Hey, Jacktl, how'd you get the admin cg on my server?!

      JackTl: Majik

      Guy1: Arr, I don't like that.

      Me: We should enjoy jacks capacity for mischief and making pretty things on other people's server.

      JackTL: Yeah

      Guy1: Put the CG away or I'll kick you.

      Jack: Ok....[jack now goes limp for about 5 minutes]

      *all of a sudden, about 20 small tanks decend upon guy1 with pull lasers and ta
      • Unfortunatly, I think the guy who wrote that book has had the wool pulled over his head "magically", to put it in the proper terminoliogy.

        Proving only that you didn't follow the link and read the chapter. That quote was included just because I thought it was neat.
        • I'll come out and say it, just from reading that paragraph I can tell this book is a big read for idiots who can't/don't understand the IT culture. About 99% of the IT culture can be inferred from reading, writing, and talking with people who are in the culture, and when people don't make the effort to understand that culture by at least trying to grasp some of the simpler consepts, they make themselves out to be a village idiot.

          Really, I think that most of this book stems from bosses not understanding
          • Sweet Jesus. I totally regret including that blurb now.

            You wrote THREE paragraphs that have NOTHING to do with either my post, the chapter I linked to, or the original article.

            However, I'm starting to see that simply mentioning the Jargon File is something of a troll. I apologize for my naivete. Truly, I must be new here.
            • so what the heck were you saying then?
              • basically that one of the chapters is really interesting.

                Btw, I kind of flew off the handle there... sorry about that. Time to cut back on the coffee, i guess =p
                • And I was making a joke that the guys who wrote the book are morons for making a relitivally simple idea and writing a 3 paragraphs on it.

                  Don't drink coffie. It's a bad solution for not having energy. Read this

                  http://www.ideatown.com/ntxa/index.html

                  I had really bad aggression problems until I started staying off that stuff. Eat fruit salad for breakfast after a good nights rest and if you really need it, take an energy drink instead of coffie since it's more powerful and they usually use a combo
  • I note that the web site claims to provide a downloadable "Foreward" for the book. Yaaaaagh! This is one of the word abuses that makes me think Western civilization is circling the drain. It's Foreword dammit!

    I wouldn't be so sensitive about this if I didn't occasionally see "Foreward" and "Forward" in actual books. Really! I don't know about you, but when I am contradicted by real, bound paper books, it sometimes makes me momentarily doubt myself. (Nothing I read online ever has this effect on me). What

  • These fools did a detailed analysis of the jargon file.
    The jargon file explicitly states that it's about
    "perl hackers" and such as opposed to "l33t h4xors" and such.
    It would prefer you to call the latter "crackers" and not
    taint the word "hacker" with their association at all. At the
    very most, the cracker culture is a subculture of the
    hacker culture that the jargon file describes. This is
    a pretty obvious distinction that someone writing a book on the
    subject really shouldn't have missed.

  • "motives" (Score:3, Informative)

    by alex_tibbles ( 754541 ) on Wednesday August 11, 2004 @05:51AM (#9937944) Journal
    "Modus operandi" mean "means of operation", not motives. Understanding the means by which an attacker compromised a system is useful information but tells you next to nothing about why the attacker did it. Of course, a honeynet can tell you something about motives, perhaps.

Slashdot Top Deals

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Close