Before being able to post this interview I was told I had to abide by a certain ruleset or else the interview will be cancelled. Because of this, the interviewee shall not be disclosed.

HackTalk: So, what does the anti-sec movement mean to you?

Anonymous: A systematic questioning of the idea of Full disclosure and the legitimacy of ‘hacking’ for money Of course, Hacking extends to security research

HackTalk: Why do you feel that security research is included in the “hacking” category?

Anonymous: Well, Fundamentally, All security research stems from the ‘threat’ of hackers, virus writers, and other such related individuals. It came as a response to hackers, and a reasonable portion of the techniques developed have their roots in the original hacker scene (Not limited to ASLR, SEH table checking, Chroot locking, etc.)

HackTalk: Well you say that you are questioning these things that the InfoSec community and market is putting into the minds of the masses. Do you feel that this is an attempt at a “cyber gentrification” of the hacker scene?

Anonymous: Precisely, Though alot of argument goes on over the topic, I feel its fair to say that the hacker’s scene and ideology is fundamentally rooted in the idea of categorical rejection of the idea or authority or illegitimate profiteering, especially through knowledge. I suppose it wouldn’t be too out there to think that the struggle that the current hacker status quo is experiencing is somewhat analogous to the struggle in the late 90s of Bohem

HackTalk: The “Hackers Manifesto” speaks about how all hackers are hackers, no matter what, hackers exist without race, discrimination, etc. Do you feel that this is now played out and a new “Code of Hackers” should be written as it seems that the Security Industry is blatantly going against the manifesto by putting down the blackhats.

Anonymous: I feel the era of Mentor and ESR is long gone, The culture has gone from one in which innovation in the name of curiosity and creating things for the sake of creation to one obsessed with industry, padding one’s CV with bugtraq posts, and money. In short, I believe its accurate to say that a new manifesto should be written ala Crazy_Consuelo released by PHC back in the era of ~el8. Its depressing to think how much its changed from a relatively open culture where knowledge is shared without fear of reprisal or someone getting rich off an idea that was intended to stay private, Its now far more about Stock options than stack overflows.

HackTalk: What are the fundamental beliefs and practices of anti-sec?

Anonymous: Thats a difficult question to answer. Theres many people in Antisec who are just concerned with looking cool on paper and are fundamentally unconcerned with the social struggle aspect of Antisec. Likewise, The skill range goes all the way from neophytes to those who can legitimately be called great. I won’t name any names, but its apparent to most people which hacks are done just to look good and which ones legitimately further antisec. But if I could put a finger on the fundamental nature of antisec, First and foremost, Its the elimination of Full Disclosure, Secondary and tertiary goals include the eradication of the security industry as a whole and the elimination of script kiddies and the aforementioned (predominantly) Eastern European and Chinese criminals.

HackTalk: So antisec isn’t just about “i r l33t wif 0dayz. PH33R M3!!”

Anonymous: Alot of people make it out to be like that, and alot of people within Antisec practice that. Fundamentally its a chaotic system, Nobody has control over anybody else, Thus alot of things that many feel are detrimental to the cause happen. But I think the core message of Antisec is fundamentally antithetical to self-aggrandization at the expense of others.

HackTalk: So I think the question on everyone’s mind is “Why Imageshack?” Would you like to explain just why a non-InfoSec site was targeted?

Anonymous: Haha, I don’t ever think ‘Antisec’ will ever become a household term like hacker, but its definitely not unreasonable to think that more high profile attacks will occur and certainly some have occured and have yet to be revealed either holding out for a ‘zine release or for a notable event to pass (Blackhat/Defcon anyone?). Hacking sites like say SSANZ will forever be condemned to obscurity, I suspect more of Astalavista and Imageshack style hacks, perhaps of a significantly higher caliber against corporate security sites.

HackTalk: In this time when so many certificates exist for the InfoSec oriented, do you feel that it is either “do or die” for antisec and any other possible movements?

Anonymous: I don’t think the number of certificates in existence is contigency upon if now is the time for action. But I do think the current climate that surrounds infosec currently is leading to a showdown of two fundamentally opposing ideologies, if this particular incarnation of antisec burns out and doesn’t accomplish its goals then I have a feeling that spells the end of antisec for the future, But I’m not a prophet, It could be a long and proloed struggle.

HackTalk: So, if someone were to feel sympathetic to the cause, how could they help out?

Anonymousc: Read the old school guys, Understand the purpose of antisec. Form a group. Promote antisec publicly. Make operating as a security professional unprofitable

HackTalk: Thank you so much for your time. Any closing words?

Anonymous: The only thing I could think to say to those still reading is to question your ideas about the effectiveness and agenda of the current incarnation of Full Disclosure. The purpose of the security industry, and the fundamental nature of hacker culture. There is no longer any such thing as greyhat, You’re either on the side of Antisec or your with the security industry.

There you have it folks, “the inside scoop” as it were, on the Antisec movement. If you have any questions or comments please leave them here at the blog or contact me at hacktalkblog@gmail.com and I will try my best to answer them.

First and foremost, while I do hang out with some people who are active  contributors to the antisec movement I myself am NOT part of the antisec movement although I do agree with some of their ideals, mostly the need for ZERO disclosure. I will not go off into some ginormous rant about antisec vs infosec because I honestly don’t think I can type that much to defend both sides.

I’ll address the major question I am being flooded with, “Why did “antisec” hack imageshack?” First and foremost, antisec is not a group, it is a movement so stop referring to hacks done that endorse antisec as “hacked by antisec” and instead think of them as “hacked FOR antisec.” The antisec is essentially chaotic in nature and reminds me a LOT of project mayhem from Fight Club. There are cells of groups everywhere all fighting for the same cause and are all essentially decentralized.

I don’t know why some hacking group hacked imageshack in the name of antisec, I honestly don’t. What I DO know is that it was a DAMN smart hack. Essentially they used an already mass established service and defaced it for their own benefits. It reminds me of the guy that would go arond defacing Mc Donalds signs so that people wouldn’t eat at Mc Donalds. In a sort of  “Cyber-Graffiti” the hacker (or group of hackers) was able to spread the word of antisec to the masses. Some people may convert and help the cause, some may fight harder against it, some may not care, but ALL will see. It’s essentially like big businesses using big websites to advertise. There is a steady userbase just waiting to be exploited.

Please people, stop flooding my email with the same question, read my tweets and I’m sure they’ll apply to your question; read this blogpost and realize that I am not endorsing antisec in any way and I don’t even contribute to the movement; read this blogpost and stop referring to the antisec movement as a fucking group already, it’s tired, and old.

If anyone wants to learn more about antisec so they can decide on their position about it I’d be happy to give them some links. If anyone would want a followup article on the  Antisec Movement I’m sure I could get some interviews with some of the contributors to antisec that I know but you’ll have to let me know through a comment on this blog, emailing me at hacktalkblog@gmail.com or sending me a tweet at http://twitter.com/hacktalkblog.

See you in space cowboy.

The first link is to a nice Youtube playlist where a presentation by Mark Russinovich is shown on Malware Analysis and can be found here

The second link is to an article hosted on SAMS and can be found here.

I hope you guys find this helpful and please, drop me a line with any future requests for blog posts and I’ll be happy to write something up. Also, if you want to Guest Post on my blog by all means contact me and let me know so we can work something out.

Anti-sec is just a shortened version of Anti Security. If whitehat hackers represent the Security Industry then blackhat hackers would represent anti-sec. A quick and simple explaination of anti-sec is that there are a group of people that support the idea that fundamentally the whitehats are breeding more trouble for companies by advocating full disclosure and allowing more and my skids to attack sites without knowing how any exploit truely works. By having skids run rampantly though cyberspace companies are scared into thinking they too will be hacked and that it is only a matter of time. This is where another idea of anti-sec comes in. Whitehats feed off of the fear of companies and essentially tell them, “Listen, you WILL be hacked, unless you let me secure your system for a hefty fine.” Whether you believe this or not is your own personal opinion but regardless this article will shed some light onto why the anti-sec movement believes in the things it believes in.

One of the sites I found to have quite a wealth of information on the anti-sec movement is http://romeo.copyandpaste.info . This site has quite a few papers explaining the ideals and motivations of the anti-sec movement and really opened my eyes to just what anti-sec really was and I consider it an invaluable resource. I highly recommend that blackhats and whitehats alike read through the articles on the site and create their opinion on just where they stand on the Sec vs Anti-sec issue.

Viva la revolucion,

Hacktalk

Free Programming Resources offers tutorials on all of the following languages:

Covering most(if not all) of the programming languages you could possibly have your eye on learning this website almost instantly becomes a goldmine of information.

In addition to having plenty of links to tutorials they also offer links to compilers, their own section for tutorials, a forum, source code, and much much more.

I could blog about how great this site is all day but I’ve got some tutorials I’ve got to dive on into .

See Ya In Space Cowboy,

HackTalk

“To accomplish the magical transformation of your laptop into a powerful workhorse, you need to do two things: you have to install and configure a VNC server on your desktop computer, and set up a VNC client on your laptop. VNC is a system that allows you to control a remote computer as if you were sitting in front of it. And if you run the VNC client in full screen on your laptop, it’s almost impossible to tell that you are controlling a remote machine. VNC is not the fastest system of its kind, but it is very easy to configure and straightforward in use. And if you run it on your home network, it is fast enough for most tasks.”

Read The Full Story

What’s Wrong With Assembly?

Assembly language has a pretty bad reputation. The common impression about assembly language
programmers today is that they are all hackers or misguided individuals who need enlightenment. Here
are the reasons people give for not using assembly:

• Assembly is hard to learn.
• Assembly is hard to read and understand.
• Assembly is hard to debug.
• Assembly is hard to maintain.
• Assembly is hard to write.
• Assembly language programming is time consuming.
• Improved compiler technology has eliminated the need for assembly language.
• Today, machines are so fast that we no longer need to use assembly.
• If you need more speed, you should use a better algorithm rather than switch to assembly
language.
• Machines have so much memory today, saving space using assembly is not important.
• Assembly language is not portable.

source: The Art Of Assembly

It seems that programming in Assembly really is a waste of time and much more could be accomplished with Assembly but lo’ and behold, many of these reasons to avoid Assembly are merely misconceptions by the misinformed. Now to address each of these misconceptions and shed some light onto the otherwise hidden in the dark language of Assembly.

Assembly is hard to learn. So is any language you don’t already know. Try learning (really learning)
APL, Prolog, or Smalltalk sometime. Once you learn Pascal, learning another language like C, BASIC,
FORTRAN, Modula-2, or Ada is fairly easy because these languages are quite similar to Pascal. On the
other hand, learning a dissimilar language like Prolog is not so simple. Assembly language is also quite different
from Pascal. It will be a little harder to learn than one of the other Pascal-like languages. However,
learning assembly isn’t much more difficult than learning your first programming language.

I’d have to admit that if there is anything hard about Assembly programming it is simply that the syntax used is unlike any other languages that are the buzzwords of today and so many new programmers may be turned of to it because of it’s readability or lack thereof which bring us to our next point.

Assembly is hard to read and understand. It sure is, if you don’t know it. Most people who make
this statement simply don’t know assembly. Of course, it’s very easy to write impossible-to-read assembly
language programs. It’s also quite easy to write impossible-to-read C, Prolog, and APL programs. With
experience, you will find assembly as easy to read as other languages.

As with anything, unfamiliarity can cause confusion but we shouldn’t judge all of our opinions because of unfamiliarity.

Assembly is hard to debug. Same argument as above. If you don’t have much experience debugging
assembly language programs, it’s going to be hard to debug them. Remember what it was like finding
bugs in your first Pascal (or other HLL) programs? Anytime you learn a new programming language you’ll
have problems debugging programs in that language until you gain experience.

Debugging truly is a difficult process, even for the more advanced programmers. Debugging in Assembly is no different; as the complexity of a program grow so does the difficulty of debugging.

Assembly is hard to maintain. C programs are hard to maintain. Indeed, programs are hard to
maintain period. Inexperienced assembly language programmers tend to write hard to maintain programs.
Writing maintainable programs isn’t a talent. It’s a skill you develop through experience.

This is true, the level of expertise of the programmer factors into just how easy the project is to maintain, this is the same for C,Python,PERL, and yes, even Assembly, but it is not a reason to shun Assembly from the ranks.

Assembly language is hard. This statement actually has a ring of truth to it. For the longest time
assembly language programmers wrote their programs completely from scratch, often “re-inventing the
wheel.” HLL programmers, especially C, Ada, and Modula-2 programmers, have long enjoyed the benefits
of a standard library package which solves many common programming problems. Assembly language
programmers, on the other hand, have been known to rewrite an integer output routine every time they
need one. This book does not take that approach. Instead, it takes advantage of some work done at the
University of California, Riverside: the UCR Standard Library for 80×86 Assembly Language Programmers.
These subroutines simplify assembly language just as the C standard library aids C programmers. The
library source listings are available electronically via Internet and various other communication services as
well as on a companion diskette.

Of all of the misconceptions about Assembly that have been listed, this is the one that I am slightly experiencing now but I experienced it when learning PERL, I also experienced it when learning Ruby or any other language I have attempted.

Assembly language programming is time consuming. Software engineers estimate that developers spend only about thirty percent of their time coding a solution to a problem. Even if it took twice as much time to write a program in assembly versus some HLL, there would only be a fifteen percent difference in the total project completion time. In fact, good assembly language programmers do not need twice as much time to implement something in assembly language. It is true using a HLL will save some time; however, the savings is insufficient to counter the benefits of using assembly language.

Not much to say here except that numbers don’t lie.

Improved compiler technology has eliminated the need for assembly language. This isn’t
true and probably never will be true. Optimizing compilers are getting better every day. However, assembly
language programmers get better performance by writing their code differently than they would if they
were using some HLL. If assembly language programmers wrote their programs in C and then translated
them manually into assembly, a good C compiler would produce equivalent, or even better, code. Those
who make this claim about compiler technology are comparing their hand-compiled code against that
produced by a compiler. Compilers do a much better job of compiling than humans. Then again, you’ll
never catch an assembly language programmer writing “C code with MOV instructions.” After all, that’s
why you use C compilers.

This really is a load of bollocks as it’s almost like saying, “Pssh, there’s no need for math skills, computers and calculators never mess up at math and do it pretty fast so there is no point in learning how to even bother calculating by hand.” Sure the computer can do the math, but we, the human, programmed the computer. Any good mathmatician could solve an equation with as much grace and ease as a computer.

Today, machines are so fast that we no longer need to use assembly. It is amazing that people
will spend lots of money to buy a machine slightly faster than the one they own, but they won’t spend any
extra time writing their code in assembly so it runs faster on the same hardware. There are many raging
debates about the speed of machines versus the speed of the software, but one fact remains: users always
want more speed. On any given machine, the fastest possible programs will be written in assembly language2.

Assembly programmers get right to the point with their code because they know, and value, speed and space two things that work very well with our modern computers. What’s the point of having 4gb of RAM if just one program will take up 3 of those gb? It seems that as more RAM is added to a system programmers assume it is alright to simply use it all up in their single application.

If you need more speed, you should use a better algorithm rather than switch to assembly
language. Why can’t you use this better algorithm in assembly language? What if you’re already using the
best algorithm you can find and it’s still too slow? This is a totally bogus argument against assembly language.
Any algorithm you can implement in a HLL you can implement in assembly. On the other hand,
there are many algorithms you can implement in assembly which you cannot implement in an HLL.

This is a good point that I’d like to bring up. I constantly hear, “forget assembly, just get a better ‘algo’ .” There truely are times when something will run slow regardless of it being programmed in Assembly or any other language.

Machines have so much memory today, saving space using assembly is not important. If
you give someone an inch, they’ll take a mile. Nowhere in programming does this saying have more application
than in program memory use. For the longest time, programmers were quite happy with 4 Kbytes.
Later, machines had 32 or even 64 Kilobytes. The programs filled up memory accordingly. Today, many
machines have 32 or 64 megabytes of memory installed and some applications use it all. There are lots of
technical reasons why programmers should strive to write shorter programs, though now is not the time to go into that. Let’s just say that space is important and programmers should strive to write programs as short as possible regardless of how much main memory they have in their machine.

Exactly what I was saying earlier about how programs are just beginning to take up way too much RAM now-a-days.

Assembly language is not portable. This is an undeniable fact. An 80×86 assembly language program
written for an IBM PC will not run on an Apple Macintosh4. Indeed, assembly language programs
written for the Apple Macintosh will not run on an Amiga, even though they share the same 680×0 microprocessor.
If you need to run your program on different machines, you’ll have to think long and hard
about using assembly language. Using C (or some other HLL) is no guarantee that your program will be
portable. C programs written for the IBM PC won’t compile and run on a Macintosh. And even if they did,
most Mac owners wouldn’t accept the result.
Portability is probably the biggest complaint people have against assembly language. They refuse to

use assembly because it is not portable, and then they turn around and write equally non-portable programs in C.

This is another complaint I frequently see and upon asking which languages the person codes in I get stuff back like, VB, VB.net, Visual C, all languages that are just not in any way portable which just causes me to chuckle to myself.

Yes, there are lots of lies, misconceptions, myths, and half-truths concerning assembly language.
Whatever you do, make sure you learn assembly language before forming your own opinions. Speaking out in ignorance may impress others who know less than you do, but it won’t impress those who know
the truth.

Couldn’t have said it better myself.

I Want To Learn!

If this article has opened your eyes to Assembly language programming then by all means check out The Art Of Assembly as a free ebook at http://bit.ly/au6Ee

The mission of One Laptop Per Child (OLPC) is a simple one,

The mission of One Laptop per Child (OLPC) is to empower the children of developing countries to learn by providing one connected laptop to every school-age child. In order to accomplish our goal, we need people who believe in what we’re doing and want to help make education for the world’s children a priority, not a privilege.

It’s not a laptop project. It’s an education project

In 2002, MIT Professor Nicholas Negroponte experienced first-hand how connected laptops transformed the lives of children and their families in a remote Cambodian village. A seed was planted: If every child in the world had access to a computer, what potential could be unlocked? What problems could be solved? These questions eventually led to the foundation of One Laptop per Child, and the creation of the XO laptop.

OLPC’s mission is to provide a means for learning, self-expression, and exploration to the nearly two billion children of the developing world with little or no access to education. While children are by nature eager for knowledge, many countries have insufficient resources to devote to education—sometimes less than $20 per year per child (compared to an average of $7,500 in the United States). By giving children their very own connected XO laptop, we are giving them a window to the outside world, access to vast amounts of information, a way to connect with each other, and a springboard into their future. And we’re also helping these countries develop an essential resource—educated, empowered children.

After finding out about this project I just had to get myself into it so I’ve decided I am going to contact the organization and ask permission to print up some OLPC shirts with their logo in the front and their url in the back and where them all around town and set up a small etsy shop to sell the shirts so that I can raise the funds to donate my first $100 and change the life of a young child. If they are cool with me doing this I’ll have more info on where you can pick up your own sweet OLPC shirt in a later blog post.

I’m also going to be looking into other ways to help out with this project as I think it is just so important that young children have access to computers, and even more importantly, the internet, especially in this internet driven age and it is almost a crime that many children may never even lay their hands on a computer if nothing is done. Empowering our youth is our most important investment in our lives as our youth are our future and without them we are doomed not only to economic downfall but technological progression coming to a screeching halt and the minds of potential innovators will never be put to their full potential.

If you know of any other tech-based organizations trying to spread technology to those less fortunate please leave a comment so that I can check them out!

Pros:

• Social Networking sites functionality and integration
• Based on Firefox
• Live Email updates
• Built-in Blog editor
• Built-in “Web Clipboard”
• Media Bar
• Built-in Photo uploader
• Hotkeys for almost every part of the browser
• Capable of using Firefox Add-ons

Cons:

• Yahoo! search as default url search
• Blog poster does not have very useful features for wordpress blogs
• Firefox doesn’t have web clipboard,or media browser.

There are other pros and cons but I wanted to list the ones that really got my attention.

The Bottom Line:

The bottom line is that I really like this browser. It combines a lot of the tools I love in one easy to use package and it’s asthetically a nice looking browser. The fact that I can use add-ons and such that I loved from firefox is another plus because I’m a man who loves his add-ons. After a bit over a week I’m glad to say that I’ll be using flock as my default browser from now on but I’ll alway have a sweet spot for firefox.

Share!