Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Friday, December 16, 2005

Stem the tide...

Why are we losing the battle against the bad guys at grass roots level? It's a complex issue, one that is no doubt fraught with problems, complications and lots of other things that make our brains hurt. However, it all boils down to this -

We're doing things the wrong way round.

Check out any forum with a HiJack This section - see how overrun we are? See how we're barely holding back a tide of crapulence?

Understand that it is just bashing your head against a wall that refuses to budge?

Well, that's the way the cookie crumbles.

And when did HJT become a "security removal" tool, rather than a diagnostic program anyway? Half the nasty stuff that's out there now doesn't even get flagged by it anymore. Sad, but true. The mass usage of custom made batch files is testament to that.

I have often thought we're tackling things in the wrong way - and when the same guy that runs off to check out some red, hot porno, gets infected and turns up looking for a "quick fix" for the tenth time on your website, you do start to think, well, sorry, I'm all out of happy juice to wipe your infected PC down with.

Does it ever dawn on the fixer, well, wait, wouldn't it be more effective if I just got the infection pulled from distribution instead?

Nope - because as a collective of security guys, we're just not zooming in on the actual meat behind the media hype of a lot of stories. We're not hunting down the punks that make this garbage - we're running uphill on a treadmill that's rolling back down the slope.

I used to fix infected machines on HJT forums, too - and nearly suffered from the oft-cited "burn out" effect, where someone tries to take on too many logs, works themselves into the ground and never returns. I realised I had to go down a different route to achieve the goal i had set for myself.

I have often speculated that more damage would be done, more genuine research borne out, if we just dropped the pretence of endlessly cleaning machines, getting little snatches of information from a multitude of forums (uh oh, Chinese whisper time!) and everybody running round wondering what's coming next (when it's already gone), and everyone just went off and set up their own little security weblog instead.

Nothing fancy - after all, this thing looks like a sack of crap and all the CSS is totally hosed - but just set one up and start writing. The power of these things is immense - it's true. Look how rattled people get - it's hilarious. Look how many renegade installers get creamed on a regular basis - and look, am I chatting to the FBI again? I do believe I am. One guy, one weblog, multiple pieces of asskicking goodness.

Imagine five or ten - oh wait, there are. Lots of them, and all of them pushing out the same buttkicking fun every single day, most of them for a lot longer than I have, too.

See the blast radius just increase a few hundred kilometers? Ow, that's gotta' hurt.

Now imagine a great big boatload of the things, all broadcasting with the same frequency, all singing the same song and generating what the people behind these things fear the most:

Ruthless, uncompromising public exposure.

Read this, it's important.

And I quote:

While Hack the Planet is powerful in its simplicity it is weak in its vagueness. Many people do not understand what it means to hack, to be enlightened by the fire of creativity. Hack the Planet is not a destructive force; it is a creative force that aims to change things for the better. It is the optimistic belief that tomorrow can be better than today. It is based on the fundamental idea that change is good. Change brings uncertainty, but I have come to accept and even welcome uncertainty.

When I tell you that I want to Hack the Planet, I do not mean merely the physical geography of earth. I want to hack technology. I want to hack the media. I want to hack the economy. I want to hack society.

It's time to start "hacking the planet" the way it was truly intended. I want you to go out and hack the brains of the people behind the garbage you try to remove every day and find out where they live. Hack the media and set up a kickass weblog that has pictures of bananas and dismantles the wet paperbag arguments of people who should know better. Hack the technology and become the friend of the lame-o script kiddie webpages who we often make fun of, but generally posses a better ground-level technical knowledge than we do. Hack society and form your own little intelligence network that has nothing to do with security, but everything to do with media people, advertisers, money men, people that run small pay-per-click companies, outfits that have been screwed and want to screw somebody back.

In short?

Hack the planet and kick some ass.

posted by paperghost at 8:42 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.