[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: Phrack Prophile on digit ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ]
Current issue : #61 | Release date : 2003-08-13 | Editor : Phrack Staff
IntroductionPhrack Staff
LoopbackPhrack Staff
LinenoisePhrack Staff
Toolz ArmoryPhrack Staff
Phrack Prophile on digitPhrack Staff
Advanced Doug Lea's malloc exploitsjp
Hijacking Linux Page Fault Handlerbuffer
The Cerberus ELF interfacemayhem
Polymorphic Shellcode EngineCLET team
Infecting Loadable Kernel Modulestruff
Building IA32 'Unicode-Proof' Shellcodesobscou
Fun with the Spanning Tree ProtocolVladislav V. Myasnyankin & Oleg K. Artemjev
Hacking the Linux Kernel Network Stackbioforge
Kernel Rootkit Experiences & the Futurestealth
Phrack World NewsPhrack Staff
Title : Phrack Prophile on digit
Author : Phrack Staff
phrack.org:~# cat .bash_history

                            ==Phrack Inc.==

              Volume 0x0b, Issue 0x3d, Phile #0x04 of 0x0f

|=---------------=[ P R O P H I L E   O N   D I G I T ]=-----------------=|
|=-----------------------------------------------------------------------=|
|=------------------------=[ Phrack Staff ]=-----------------------------=|


|=---=[ Specification

                  Handle: DiGiT
                     AKA: digit, eskimo, icemonkey
           Handle origin: its not a funny story
               catch him: digit@security.is
        Age of your body: 22
             Produced in Reykjavik, Iceland
         Height & Weight: 192cm, 80kg
                    Urlz: none
               Computers: 2 laptops, 3 intel machines, indigo II, and a
                          sparc station
               Member of: smapika international
                Projects: Mostly just stuff for my work and school related
                          things. 

|=---=[ Favorite things


          Women: brunettes, blondes, and I prefer they have charisma,
                 ambition, independence, intelligence, sense of humor
           Cars: German of course ;>
          Foods: Italian, asian
        Alcohol: beer, vodka/coke
          Music: trance/techno, rock, classical
        Movies: Pianist, godfather, Dune, LOTR, Bad boy bubby, Happiness
Books & Authors: 
           Urls: 
         I like: Achiving my goals, honesty, integrity, wachyness
     I dislike: Waking up very early in the morning, constant rain, stuck
                in an office all day, fake people

|=---=[ Life in 3 sentences


No fear. Never give up. Never surrender.


|=---=[ Passions | What makes you tick

    I like to set myself some sort of goal and try to achieve that within
a certain amount of time. Being able to be my own boss is probably my
greatest passion. I don't like to take orders and I value my independence
greatly and the ability to do whatever I want is pretty important to me.

    In the past I basically quit everything to do almost nothing but
computers/inet/hacking. I did that since I was around 16 until I was 20. I
audited code around the clock, hacking, wrote exploits, and chatted with my
friends on irc from dusk till dawn basically.

    The biggest experience for me was probably meeting the people that I
did and the influence they had on me to improve myself. I probably have
meeting antilove/RawPower and crazy-b at the top of my list with regards to
that and they both really influenced me a lot and they probably provided me
with my greatest experience with regards to hacking.


|=---=[ Which research have you done or which one gave you the most fun?

    None much more than any other. Whenever I found some bug or something
that I knew was unknown and the satisfaction of exploiting it was a lot of
fun.

--=[ Memorable Experiences

    I will never forget getting run over by a bus when I was 14 and having
to stay in a hospital for 3 months and the frequent trips for another year
afterwards pretty much is something I will never forget. Also the fact that
the longest strike of Icelandic highschool teachers in icelandic history
was happening at the exact same time I was stuck in a bed in a hospital.

    Installing my first Linux system(back in '94 i think) and thinking that
the installation floppy shell prompt from the slackware distro was
basically a full installation of slackware ;> I had hardly any previous
experience with Linux at the time.

    Spending an absurd amount of time at my computer doing crazy stuff for
no other reason other than to get the get the best rush imaginable.

    Meeting crazy-b for the first time on the same system we were both
hacking and then deciding to meet on irc and becoming friends in the
process.

    When crazy-b had to go into the norwegian army he wrote a small program
that was a rudimentary irc client that piped input from an irc channel to a
script that sent an sms to his phone with the input and also him being able
to send an email to his address that piped the content of the mail to the
irc channel. This way he could still irc from his mobile phone despite
being in the army ;> 

    Meeting the great antilove back in '97 and getting some private samba
warez ;>

    Having antilove visit Iceland twice and doing lots of cool stuff with
him like rollerblading, hunting for smapika, acting stupid, him teaching me
how to lockpick, finding new bugs, writing exploits, teaching me how to
bluebox, etc.

    Totally destroying my car when me and antilove were driving to a kfc in
2001 because some girl ran a red light at about 80km/h in the morning and
then laughing about it the entire day for some reason.

    All the security.is weekends with the exploits we wrote and the bugs
that we found together and with the trademark security.is hamburgers as
made by portal.

    Having lots of fun with mikasoft and ga when they visited Iceland for
new years a few years ago and especially when mikasoft was teaching yoga at
a new years eve dinner my family was throwing. Also the duck liver pat was
disgusting.

    Going to France with Icelandic friends and meeting a lot of hackers in
Paris and having like 10 guys sleeping in the smallest room you could
imagine. Then taking a cool train trip from Paris to montpellier and
meeting a lot of other hackers and just totally invading montpellier and
taking over an internet cafe for a week ;> Also hanging out at the beech
with the amazingly cool french guys and starting a fire and drinking beer
and listening to good music.

    Going to the club La Dune on our FIRST night in montpellier with all
the french hackers/etc and buying a lot of champagne for everyone and
antilove and nitro buying a ton of vodka for a group of like 20 people and
just partying the entire night and watching all the non french people make
total asses of themselves.

    Same night at La dune I will never forget witnessing Candypimp going
beserk after drinking way too much and trying to jump into the ocean and
then disapeering. we called the police to search for an 'insane' drunk
Icelandic person that couldn't speak english anymore and who thought he was
in his home city of Akureyri and not 50km away from montpellier and
probably even didn't know where we were staying!

    JimJones was really drunk that night too and he passed out on some tree
before waking up again and deciding to take a piss. He went into some ditch
and somehow he managed to piss all over himself! If I remember correctly
me, nitro, and antilove had to remove his clothes that night because he was
too drunk to do it himself. He was then called pissman for the duration of
the trip ;> 

    Going to Las vegas with Starcon for blackhat and defcon and actually
PAYING for blackhat but I only went to 1 speech(halvars) because my brother
took the time to come down from Seattle to visit me.

    Going to defcon and seeing how amazingly commercial and fake it really
is. Just look at the shit being sold there and all those stupid t-shirt
stands.

    The coolest thing about defcon was the K2 party where a lot of people
were hanging out and it was a very memorable night and I had nice talks
with a lot of cool people.

    A recent jimjones visit to Iceland where we really didn't do anything
except relax and drink beer and eat some BBQ. We also enjoyed a very nice
viewing of bad boy bubby which I recommend to anyone that wants a good
laugh and some insight into the world of jimjones(based on his lifes story).


|=---=[ Open Interview

[can give as much detailed answers here as you like]

Q: When did you start to play with computers?
A: I was probably around 12 years old when I got my first real computer.

Q: When did you had your first contact to the 'scene'?
A: Boy... I guess it is probably sometime in 1995 and I got involved with
   some "hackers" doing some questionable things ;> I think I started off
   by joining #hack on IRCnet and also #shells on efnet(ehrm! ;>)

Q: When did you for your first time connect to the internet?
A: Was at my school when I was probably around 13 years old and we had a
   2400 baud modem and some old dial up program called kermit, i think,
   that we used to call some line at the Icelandic university. It was
   basically just a direct connection to a hp-ux box and someone tought me
   how to use ircii and so basically my first experience with the Internet
   was also my first time with irc.

Q: What other hobbies do you have?
A: I like to do stuff with my friends,go see movies, fish, read, go out for
   drinks, and just anything that comes up.

Q: ...and how long did it take until you joined irc? Do you remember
   the first channel you joined?
A: Again this was not very far between since I started irc pretty much the
   same time. I believe the first channel I joined was #iceland.

Q: What's your architecture / OS of choice?
A: Im so used to intel so I really can't pick anything else and Linux is
   still my preferred OS although i have netbsd here somewhere.

Q: What do you think about anti.security.is and non-disclosure?
A: anti security was a good idea but ultimately it was a failure. The
   reason it failed was that the people that supported none-disclosure and
   took part in antisec discussions were constantly arguing amongst
   themselves about a lot of stuff some of which was for good reasons but
   also stuff that was totally out there and eventually it lead to antisec
   dying.

   I personally believe that none-disclosure is the way to go and I have
   believed that for some time now. I don't judge people that disclose
   because I remember disclosing bugs/exploits at one point and so I am not
   really in a position to flame people that continue to do so. 

   I mean antisec also had some stupid information in some areas
   specifcally about the true reasons behind antisec were not to create
   some greater security in the world or something like that which was
   mentioned in the FAQ and we took a lot of crap for. It was to keep
   security research where it belongs, with those that actually did it and
   at most a small tight knit group. That basically meant that people that
   found bugs, wrote exploits, and hacked wanted to keep their
   exploits/research private so that they had some nice private warez for
   some time ;>

   Full disclosure is for equally selfish reasons because it really boils
   down to two things: fame and money. People think, rightly so, that by
   releasing bugs or exploits that they become recognized among their peers
   and that might eventually lead to a job in security or something like
   that. People that say they release bugs/exploits for the good of the
   world or something like that are full of shit. 

Q: What do you think about the right of other 'research' groups to forbid
   other organizations the use of their exploits ("Copyright on exploits")?
A: Seriously who would care about a copyright header on some exploit?
   People would use it anyways.


Q: What do you thing about full-disclosure. Is it important or dangerous?
A: I know I don't like it and there are a lot of good reasons why it sucks.
   It ruins bugs! ;> And there are some negative "world issues" because
   every hacker that wants to make a name for himself will try to write an
   exploit for it and subsequently release it. Maybe he doesn't release
   directly to BUGTRAQ but he gives it to lots of "friends" which leak it
   of course and soon enough its everywhere. 

   What happens next is that every script kiddie and some more advanced
   script kiddies will use the exploit and deface sites, ruin stuff, and
   then soon a worm will appear. I do not personally have anything against
   those things per se but I'm sure a lot of people do. If the
   vulnerability is unknown or kept private such things would not happen.

   Full disclosure can definetly be really dangerous and we all know that
   the people that discover bugs in software aren't on some quest to secure
   software for the good of the world. They do it for themselves. Also why
   should hackers do the job for software companies and even if they
   publish they risk getting sued or something? I also hate all those full
   disclosure policies that say you need to give a vendor a month or
   something before publishing and all the other stupid rules.
   My advice: don't disclose - avoid the hassle.

   I do however agree to some of the arguments about the necessity of full
   disclosure. I can't remember any right now so forget that but ultimately
   full disclosure of any vulnerability is the fuel the drives the
   information security companies that don't care about anything except
   their bottom line. 


Q: If you see or hear about various protection meassures against hackers
   such as grsecurity, PaX, Owl or strong encryption (SSH, SSL or IPSec)
   do you think hacking will still be possible in the future? What kind of
   vulnerabilities will people focus on in the future?
A: If we assume that all these programs are successful in stopping most
   buffer overflow attacks and it has become 'impossible' to evade these
   programs then just new types of vulnerabilities will be discovered.
   Logic bugs in programs are just as dangerous as buffer overflows and so
   hacking will of course be possible in the future the only thing that
   will change are the vulnerabilities and the methods.

Q: How do you feel when yet another XSS vulnerability hits the media?
   (Do you have a regex covering XSS postings in your spam filter?)
A: blah

Q: What will hacking in the future look like? More complicated or easier?
A: no idea.

Q: You have been in the scene for quite a while. If you look back, what
   was the worst thing that happened to the scene? What was the best 
   that happened?
A: This "scene" always comes up. I never followed any specific scene or
   anything. I was just chatting with my friends and hacking with them and
   that was about it. Although I guess the commericialization of everything
   in the scene was probably the worst thing that happened. Didn't bugtraq
   get sold for millions of dollars? A mailing list! And companies buying 
   exploits how low can u get?  

Q: If you could turn the clock backwards, what would you do different
   in your young life ?
A: My young life? Portal calls me grandpa. I guess I would go back a few
   years into the past and avoid losing contact with my old friends.


=---=[ One word comments

[give a 1-word comment to each of the words on the left]

Digital Millennium Copyright Act (DMCA): blabla 
security.is                            : sleeping
Georges. W. BUSH                       : war
Companies buying exploits from hackers : silly
IRC                                    : burp
Hacker meetings                        : colorful
Full Disclosure Policy                 : pseudo
anti.security.is                       : dead
Whitehats                              : dingdong


|=---=[ Any suggestions/comments/flames to the scene and/or specific people?

Do what you want to do and don't let anyone control you.


|=---=[ The future of the computer underground

    What is the computer underground anyways? People talk about it as if it
were some very formal and controlled thing or something. The computer
underground as I understand it basically just consists of various groups
and places people hang out at and talk and do stuff together in small
seperate groups. I have no idea where it is gona go in the future.


|=---=[ Shoutouts & Greetings


I wana send a big hello to:

security.is, antilove(miss u bro), crazy-b(beware of hermaphrodites),
cleb(rest in peace man), old ADM pals, JimJones, old #hax guys! stealth,
sk8(freesk8.org), mikasoft, ga, ace24, ig-88, ghettodxm, scut, horizon,
duke, cheez, starcon, lkm, nitro, bawd, wtf, kewl, joey,
Synner/m0nty/Kod/Jackal(crazy greeks) and everyone of my other old friends
that I haven't talked to in years.

|=[ EOF ]=---------------------------------------------------------------=|

[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2014, Phrack Magazine.