Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacker Jeff Moss Sworn Into Homeland Security Advisory Council

Soulskill posted more than 5 years ago | from the different-kind-of-expertise dept.

Security 139

Wolfgang Kandek writes "Hacker Jeff Moss, founder of computer security conferences DEFCON and Black Hat, has been sworn in as one of the new members of the Homeland Security Advisory Council (HSAC) of the DHS. Moss, who goes by the handle 'the Dark Tangent' says he was surprised to be asked to join the council and that he was nominated to bring an 'outside perspective' to its meetings. He said, 'I know there is a new-found emphasis on cybersecurity, and they're looking to diversify the members and to have alternative viewpoints. I think they needed a skeptical outsider's view because that has been missing.'"

Sorry! There are no comments related to the filter you selected.

DC = suits = Borg (5, Insightful)

h00manist (800926) | more than 5 years ago | (#28234455)

Either he resigns in disgust or becomes assimilated.

Re:DC = suits = Borg (-1, Troll)

Anonymous Coward | more than 5 years ago | (#28234493)

When I think of dirty old men, I think of Ike Thomas and when I think about Ike I get a hard on that won't quit.

Sixty years ago,I worked in what was once my Grandfather's Greenhouses. Gramps had died a year earlier and Grandma, now in her seventies had been forced to sell to the competition. I got a job with the new owners and mostly worked the range by myself. That summer, they hired a man to help me get the benches ready for the fall planting.

Ike always looked like he was three days from a shave and his whiskers were dirty white under the brim of his battered felt fedora.

He did nott chew tobacco but the corners of his mouth turned down in a way that, at any moment, I expected a trickle of thin, brown juice to creep down his chin. His bushy, brown eyebrows shaded pale, gray eyes.

Old Ike, he extended his hand, lifted his leg like a dog about to mark a bush and let go the loudest fart I ever heard. The old man winked at me. "Ike Thomas is the name and playing pecker's my game.

I thought he said, "Checkers." I was nineteen, green as grass. I said, "I was never much good at that game."

"Now me," said Ike, "I just love jumping men. . ."

"I'll bet you do."

". . . and grabbing on to their peckers," said Ike.

"I though we were talking about. . ."

"You like jumping old men's peckers?"

I shook my head.

"I reckon we'll have to remedy that." Ike lifted his right leg and let go another tremendous fart. "He said, "We best be getting to work."

That summer of1941 was a more innocent time. I learned most of the sex I knew from those little eight pager cartoon booklets of comic-page characters going at it. Young men read them in the privacy of an outside john, played with themselves, by themselves and didn't brag about it. Sometimes, we got off with a trusted friend and helped each other out.

Under the greenhouse glass, the temperature some times climbed over the hundred degree mark. I had worked stripped to the waist since April and was as browwn as a berry. On only his second day on the job and in the middle of August, Ike wore old fashioned overalls. Those and socks in his hightop work shoes was every stitch he wore. When he bent forward, the bib front billowed out and I could see the white curly hairs on his chest and belly.

"Me? I just love to eat pussy!"I ke licked his lips from corner to corner then stuck it out far enough that the tip could touch the tip of his nose. He said, A man's not a man till he knows first hand, the flavor of a lady's pussy."

"People do that?"

He winked. "Of course the taste of a hard cock ain't to be sneezed at neither. Now you answer me, yes or no. Does a man's cock taste salty or not?"

"I never. . ."

"Well, old Ike's willing to let you find out."

"No way."

"Just teasing," said Ike. "But don't give me no sass or I'll show you my ass." He winked. Might show it to you anyway, if you was to ask."

"Why would I do that?"

"Curiousity, maybe. I'm guessing you never had a good piece of man ass."

"I'm no queer."

"Now don't be getting judgemental. Enjoying what's at hand ain't beiing queer. It's taking pleasure where you find it with anybody willing." Ike slipped a handside the side slit of his overalls and I could tell he was fondling and straightening out his cock. Now I admit I got me a hole that satisfied a few guys."

I swallowed, hard.

Ike winked. "Care to be asshole buddies?"

***

We worked steadily until noon. Ike drew a worn pocket watch from the bib pocket of his loose overalls and croaked, "Bean time. But first its time to reel out our limber hoses and make with the golden arches before lunch."

I followed I ke to the end of the greenhouse where he stopped at the outside wall of the potting shed. He opened his fly, fished inside, and finger-hooked a soft white penis with a pouting foreskin puckered half an inch past the hidden head.

"Yes sir," breathed Ike, "this old peter needs some draining." He exhaled a sigh as a strong, yellow stream splattered against the boards and ran down to soak into the earthen floor.

He caught me looking down at him. He winked. "Like what you're viewing, Boy?"

I looked away.

"You taking a serious interest in old Ike's pecker?"

I shook my head.

"Well you just haul out yourn and let old Ike return the compliment."

Feeling trapped and really having to go, I fumbled at my fly, turned away slightly, withdrew my penis and strained to start.

"Take your time boy. Let it all hang out. Old Ike's the first to admit that he likes looking at another man's pecker." He flicked away the last drop of urine and shook his limp penis vigorously.

I tried not to look interested.

"Yer sir, this old peepee feels so good out, I just might leave it out." He turned to give me a better view.

"What if somebody walks in?"

Ike shrugged. He looked at my strong yellow stream beating against the boards and moved a step closer. "You got a nice one,boy."

I glanccd over at him. His cock was definitely larger and beginning to stick straight out. I nodded toward his crotch. "Don't you think you should put that away?"

"I got me strictly a parlor prick," said Ike. "Barely measures six inches." He grinned. "Of course it's big enough around to make a mouthful." He ran a thumb and forefinger along its length and drawing his foreskin back enough to expose the tip of the pink head. "Yersiree." He grinned, revealing nicotine stained teeth. "I t sure feels good, letting the old boy breathe."

I knew I should button up and move away. I watched his fingers moving up and down the thickening column.

"You like checking out this old man's cock?"

I nodded. In spite of myself, my cock began to swell.

"Maybe we should have ourselves a little pecker pulling party." I ke slid his fingers back and forth on his expandingshaft and winked. "I may be old but I'm not against doing some little pud pulling with a friend."

I shook my head.

"Maybe I 'll give my balls some air. Would you like a viewing of old Ike's hairy balls?"

I swallowed hard and moistened my dry lips.

He opened another button on his fly and pulled out his scrotum. "Good God, It feels good to set 'em free. Now let's see yours."

"Why?"

"Just to show you're neighborly," said Ike.

"I don't think so." I buttoned up and moved into the potting shed.

Ike followed, his cock and balls protruding from the front of his overalls. "Overlook my informality." Ike grinned. "As you can see I ain't bashful."

I nodded and took my sandwich from the brown paper bag.

"Yessir," said Ike. "I just might have to have myself an old fashioned peter pulling all by my lonesome. He unhooked a shoulder strap and let his overalls drop around his ankles.

I took a bite of my sandwich but my eyes remained on Ike.

"Yessiree," said Ike, "I got a good one if I do say so myself. Gets nearly as hard as when I was eighteen. You know why?"

I shook my head.

"Cause I keep excerising him. When I was younger I was pulling on it three time a day. Still like to do him every day I can."

"Some sayyou'll go blind if you do that too much."

"Bull-loney!" Don't you believe that shit. I been puling my pud for close to fifty years and I didn't start till I was fifteen."

I laughed.

"You laughing at my little peter, boy?"

"Your hat." I pointed to the soiled, brown fedora cocked on his head. That and his overalls draped about his ankles were his only items of apparel. In between was a chest full of gray curly hair, two hairy legs. Smack between them stood an erect, pale white cock with a tip of foreskin still hiding the head.

"I am one hairy S.O.B.," said Ike.

"I laughed at you wearing nothing but a hat."

"Covers up my bald spot," said Ike. "I got more hair on my ass than I got on my head. Want to see?"

"Your head?"

"No, Boy, my hairy ass and around my tight, brown asshole." He turned, reached back with both hands and parted his ass cheeks to reveal the small, puckered opening. "There it is, Boy, the entrance lots of good feelings. Tell me, Boy, how would you like to put it up old Ike's ass?"

"I don't think so."

"That'd be the best damned piece you ever got."

"We shouldn't be talking like this."

"C'mon now, confess, don't this make your cock perk up a little bit?"

"I reckon," I confessed.

"You ever seen an old man's hard cock before," asked Ike.

"My grandpa's when I was twelve or thirteen."

"How'd that come about?"

He was out in the barn and didn't know I was around. He dropped his pants. It was real big he did things to it. He saw me and he turned around real fast but I saw it."

"What did your grandpa do?"

"He said I shouldn't be watching him doing that. He said something like grandma 'wouldn't give him some,' that morning and that I should get out of there and leave a poor man in peace to do what he had to do."

"Did you want to join him."

"I might have if he'd asked. He didn't."

"I like showing off my cock," said Ike. "A hard-on is somethng I always been proud of. A hard-on proves a man's a man. Makes me feel like a man that can do things." He looked up at me and winked. "You getting a hard-on fromall this talk, son?"

I nodded and looked away.

"Then maybe you should pull it out and show old Ike what you got."

"We shouldn't."

"Hey. A man's not a man till he jacked off with a buddy."

I wanted to but I was as nervous as hell.

Ike grinned and fingered his pecker. "C'mon, Boy, between friends, a little cock showing is perfectly fine. Lets see what you got in the cock and balls department."

In spite of my reluctance, I felt the stirring in my crotch. I had curiositythat needed satisfying. It had been a long, long time since I had walked in on my grandfather .

"C'mon let's see it all."

I shook my head.

"You can join the party anytime, said Ike. "Just drop your pants and pump away."

I had the urge. There was a tingling in my crotch. My cock was definitely willing and I had a terrible need to ajust myself down there. But my timidity and the strangeness of it all held me back.

Hope you don't mind if I play out this hand." I ke grinned. "It feels like I got a winner."

I stared at his gnarled hand sliding up and down that pale, white column and I could not look away. I wet my lips and shook my head.

Old Ike's about to spout a geyser." Ike breathed harder as he winked. "Now if I just had a long finger up my ass. You interested, boy?"

I shook my head.

The first, translucent, white glob crested the top of his cock and and arced to the dirt floor. Ike held his cock at the base with thumb and forefinger and tightened noticably with each throb of ejaculation until he was finished.

I could not believe any man could do what he had done in front of another human being.

Ike sighed with pleasure and licked his fingers. "A man ain't a man till he's tasted his own juices."

He squatted, turned on the faucet and picked up the connected hose. He directed the water between his legs and on to his still dripping prick and milked the few remaing drops of white, sticky stuff into the puddle foming at his feet. "Cool water sure feels good on a cock that just shot its wad," said Ike.

***

"Cock-tale telling time," said Old Ike. It was the next day and he rubbed the front of his dirty,worn overalls where his bulge made the fly expand as his fingers smoothed the denim around the outline of his expanding cock.

I wasn't sure what he had in mind but I knew it wasn't something my straight-laced Grandma would approve of.

"Don't you like taking your cock out and jacking it?" Ike licked his lips.

I shook my head in denial.

"Sure you do. A young man in his prime has got to be pulling his pud."

I stared at his caloused hand moving over the growing bulge at his crotch.

"Like I said," continued Ike, "I got me barely six inches when he's standing up." He winked at me. "How much you got, son?"

"Almost seven inches. . ." I stuttered. "Last time I measured."

"And I'm betting it feels real good with your fist wrapped around it."

"I don't do. . ."

"Everybody does it." He scratched his balls and said,"I'll show you mine if you show me yours." Then, looking me in the eye, he lifted his leg like a dog at a tree and let out a long, noisy fart.

Denying that I jacked off, I said, "I saw yours yesterday."

"A man has got to take out his pecker every once in a while." He winked and his fingers played with a button on his fly. Care to join me today?"

"I don't think so."

"What's the matter, boy? You ashamed of what's hanging 'tween your skinny legs?"

"It's not for showing off."

"That would be so with a crowd of strangers but with a friend, in a friendly showdown, where's the harm?

"It shouldn't be shown to other people. My Grandma said that a long time ago when I went to the bathroom against a tree whan I was seven.

"There's nothing like a joint pulling among friends to seal a friendship," said Ike.

I don't think so." I felt very much, ill at ease.

"Then what the fuck is it for," demanded the old man. "A good man shares his cock with his friends. How old are you boy?"

"Nineteen almost twenty."

You ever fucked a woman?"

"No."

"Ever fucked a man?"

"Of course not.

"Son, you ain't never lived till you've fired your load up a man's tight ass. "I didn't know men did that to each other."

"Men shove it up men's asses men all the time. They just don't talk about it like they do pussy."

"You've done that?"

"I admit this old pecker's been up a few manholes. More than a fewhard cocks have shagged this old ass over the years." He shook his head, wistfully, "I still have a hankering for a hard one up the old dirt chute."

"I think that would hurt."

"First time, it usually does," agreed I ke. He took a bite from his sandwich.

I looked at my watch. Ten minutes of our lunch hour had already passed.

"We got time for a quickie," said Ike. "There's no one around to say, stop, if were enjoying ourselves."

He unhooked the slide off the button of one shoulder-strap, pushed the bib of his overalls down to let them fall to his feet.

"Showtime," said Ike. Between his legs, white and hairy, his semi-hard cock emerged from a tangled mass of brown and graypubic hair. The foreskin, still puckered beyond the head of the cock, extended downward forty-five degrees from the horizontal but was definitely on the rise.

I could only stare at the man. Until the day before, I had never seen an older man with an erection besides my grandpa.

Ike moved his fingers along the stalk of his manhood until the head partially emerged, purplish and broad. He removed his hand for a moment and it bobbled obscenely in the subdued light of the potting shed. Ike leaned back against a bin of clay pots like a model on display. "Like I said, boy, it gets the job done."

I found it difficult not to watch. "You shouldn't. . ."

"C'mon, boy. Show Ike your peckeer. I'm betting it's nice and hard."

I grasped my belt and tugged on the open end. I slipped the waistband button and two more before pushing down my blue jeans and shorts down in one move. My cock bounced and slapped my belly as I straightened."

"That's a beaut." Ike stroked his pale, white cock with the purplish-pink head shining. "I'm betting it'll grow some more if you stroke it."

"We really shouldn't. . ."

"Now don't tell me you never stroked your hard peter with a buddy."

"I've done that," I finally admitted,. "But he was the same age as me and it was a long time ago." I though back to the last time Chuck and me jerked each other off in the loft of our old barn. Chuck wanted more as a going away present and we had sucked each other's dicks a little bit.

"Jackin's always better when you do it with somebody," said Ike. "Then you can lend each other a helping hand."

"I don't know about that," I said.

Ike's hand continued moving on his old cock as he leaned over to inspect mine. "God Damn! Boy. That cock looks good enough to eat." Ike licked his lips. "You ever had that baby sucked?"

I shook my head as I watched the old man stroke his hard, pale cock.

"Well boy, I'd sayyou're packing a real mouthful for some lucky gal or guy." He grinned. "Well c'mon. Let's see you get down to some serious jacking. Old Ike's way ahead of you."

I wrapped my fist around my stiff cock and moved the foreskin up and over the head on the up stroke. On the down stroke the expanded corona of the angry, purple head stared obscenely at the naked old man.

Ike toyed with his modest six inches. "What do you think of this old man's cock?" His fist rode down to his balls and a cockhead smaller than the barrel stared back at mine.

"I guess I'm thinking this is like doing it with my grandpa."

"You ever wish you could a done this with your grandpa?"

"I thought about it a lot."

"Ever see him with a hard-on."

"I told you about that!"

"Ever think about him doing your grandma?"

"I can't imagine her ever doing anything with a man.

"Take my word for it, sonny, we know she did it or you wouldn't be here." Begrudgingly I nodded in agreement.

"Everybody fucks," said old Ike. "They fuck or they jack off."

"If you say so."

"Say sonny, your cocks getting real juicy with slickum. Want old I ke to lick some of it away?"

"You wouldn't."

Ike licked his lips as he kept his hand pistoning up and down his hard cock. "You might be surprised what old Ike might do if he was in the mood for a taste of what comes out of a hard cock."

And that is what he proceded to do. He sucked me dry.

Then he erupted in half-a-dozen spurts shooting out and onto the dirt floor of the potting shed. He gave his cock a flip and shucked t back into his overalls. He unwrapped a sandwich from its wax paper and procede to eat without washing his hands. He took a bite and chewed. "Nothing like it boy, a good jacking clears the cobwebs from your crotch and gives a man an appetite."

***

The following day, We skipped the peliminaries. We dropped our pants. Ike got down on his knees and sucked me until I was hard and good and wet before he stood and turned.

"C'mon boy, Shove that pretty cock up old I ke's tight, brown hole and massage old Ike's prostate.

Ike bent forward and gripped the edge of the potting bench. The lean, white cheeked buttocks parted slightly and exposed the dark brown, crinkly, puckered star of his asshole "Now you go slow and ease it along until you've got it all the way in," he cautioned. "This old ass craves your young cock but it don't want too much too soon. You've got to let this old hole stretch to accomodate you."

"Are you sure you want to do this?"

"Easy boy, easy," he cautioned. "You feel a lot bigger than you look. Put a little more spit in your cock."

"It's awfully tight. I don't know if it's going to go or not."

""It'll go," said Ike. "There's been bigger boys than you up the old shit chute."

I slipped in the the last few inches.. "It's all in."

"I can tell," said Ike. "Your cock hairs are tickling my ass."

"Are you ready," I asked.

"How are you liking old Ike's hairy asshole so far?"

"It's real tight."

"Tighter than your fist?"

"Might be."

"Ready to throw a fuck into a man that reminds you of your grandpa."

"I reckon."

"I want you should do old Ike one more favor."

"What?"

While you're pumpin my ass, would you reach around and play with my dick like you would your own? Would you do that for an old man?"

I reached around and took hold of his hard cock sticking out straight in front of him. I pilled the skin back amd then pulled it up and over the expaded glans. I felt my own cock expand inside him as I manipulated his staff in my fingers. I imagined that my cock extended through him and I was playing with what came out the other side of him.

"C'mon, boy, ram that big cock up the old shitter and make me know it. God Damn! tickle that old prostate and make old Ike come!"

I came. And I came. Ike's tightened up on my cock and I throbbed Roman Candle bursts into that brown hole as I pressed into him. His hairy, scrawny ass flattened against my crotch and we were joined as tightly as two humans can be.

"A man's not a man till he's cum in another man." said old Ike. "You made it, boy. But still, a man's not a man till he's had a hard cock poked up his ass at least once."

Every time I think of that scene, I get another hard-on. Then I remember the next day when old Ike returned the favor.

I never have managed to come that hard again. If only I ke were here.

Re:DC = suits = Borg (0)

easyTree (1042254) | more than 5 years ago | (#28234925)

Is it just me or is something broken with slashdot's 'read the rest of this comment' feature? i.e. why did I need to scroll through fifteen pages of gayness (tm) to find the link which, when clicked, shows no more content ?

Re:DC = suits = Borg (0)

Anonymous Coward | more than 5 years ago | (#28235053)

and you're complaining because you wanted to read even more gay sex...?

Broken-ness everywhere (0)

Anonymous Coward | more than 5 years ago | (#28235181)

A lot of the people who comment on Slashdot are broken, also.

Re:Broken-ness everywhere (1)

Ihmhi (1206036) | more than 5 years ago | (#28235927)

That's only because the dominatrix went a little too far with the riding crop.

Slashdot is broken... (0)

Anonymous Coward | more than 5 years ago | (#28235081)

It's not just you. Slashdot is broken in several ways.

Re:DC = suits = Borg (0)

Anonymous Coward | more than 5 years ago | (#28237189)

TRWTF is Slashdot.

Re:DC = suits = Borg (5, Interesting)

cromar (1103585) | more than 5 years ago | (#28234543)

It's better than hackers not having any voice in government. I commend him. If he is able to turn around even one asinine governmental security policy, it's a step forward at least. Who knows? Maybe the US government will come to recognize us as the valuable resource we are because of our intimate knowledge of the systems that make up the modern world. Maybe hell will freeze over, pigs will fly, and the cows will come home. Well we can hope anyway!

Re:DC = suits = Borg (3, Insightful)

h00manist (800926) | more than 5 years ago | (#28234723)

I've heard of various friends working in governments of threats, bribes, and turning a blind eye. Having a voice is great of course, and resigning in disgust is proper use of that voice. But to stay inside and really use your voice means either being threatened with being fired (at best), or saying things that you are allowed to, meaning, what was approved, not the full unabridged truth. If they let him in on some scope of attacks that happen all the time, say he is going to be helping, and offer him a salary and future "upgrades", he'll want to say. Perhaps he'll find out something about how the security/surveillance works, or something or other, not agree with it, and wish to denounce it. The choices will be laid out.

Re:DC = suits = Borg (3, Interesting)

Hurricane78 (562437) | more than 5 years ago | (#28235297)

Nah. He can still "leak" stuff. (Hey, they asked him to be their expert. If he can't circumvent their "leak protection" [whatever that might be], then nobody can. ^^)

He can also destroy them from within, in case they become/are too evil to bear.

It's nearly impossible for this to be bad for us. :)

Re:DC = suits = Borg (2, Interesting)

ErikTheRed (162431) | more than 5 years ago | (#28236291)

Yeah, but would he be able to avoid canary traps [wikipedia.org] ?

Re:DC = suits = Borg (1)

Hurricane78 (562437) | more than 5 years ago | (#28237013)

Easy. He just would have to spread his version to all other people that he is allowed to discuss this with. A canary trap does not work when people can share the information anyway.

A good social engineer (or spy/agent) should know such stuff. ^^

Re:DC = suits = Borg (0)

Anonymous Coward | more than 5 years ago | (#28235147)

pigs fly... haven't you heard Swine Flu?

Re:DC = suits = Borg (3, Insightful)

crush (19364) | more than 5 years ago | (#28235193)

Give me a break. It's another talented, unethical scumbag joining up with the even bigger scumbags in government so that they can fuck us over more efficiently. Immunity and privilege for him, surveillance for the rest of us.

Re:DC = suits = Borg (2, Funny)

easyTree (1042254) | more than 5 years ago | (#28235395)

At least you partly benefit. Less of your tax dollars needed to fuck you over ;D

Re:DC = suits = Borg (1)

slimey_limey (655670) | more than 5 years ago | (#28236435)

Didn't you mean to say, "more surveillance for the same amount of money"?

Re:DC = suits = Borg (1)

easyTree (1042254) | more than 5 years ago | (#28236563)

No, I meant to say "same amount of surveillance and a nice cash-in-hand bonus for [y]our keepers."

Re:DC = suits = Borg (0, Flamebait)

merc (115854) | more than 5 years ago | (#28237213)

It's another talented, unethical scumbag joining up with the even bigger scumbags in government

Why the hell do you say that? Do you even know Jeff? As someone who does I can tell you your statements are ridiculous, why don't you shut the fuck up before you end up looking even stupider than you already do?

Re:DC = suits = Borg (0)

Anonymous Coward | more than 5 years ago | (#28237355)

yeah, you're absolutely right, because once he gets that key to the DHS lounge with the free soda machine, he's going to completely abandon all he's fought for and against... sounds like parent is just jealous he didn't get nominated...

Re:DC = suits = Borg (1)

TheLink (130905) | more than 5 years ago | (#28234647)

Well it's change. He's probably not one of them yet.

I doubt Obama can replace the entire council. So hope it works out well. Or it's back to "same old same old".

Re:DC = suits = Borg (1)

telchine (719345) | more than 5 years ago | (#28234667)

He's a poacher turned gamekeeper?

Not quite (5, Insightful)

WilliamBaughman (1312511) | more than 5 years ago | (#28234901)

I'll take the bait. The phrase "poacher turned gamekeeper" refers to someone who now protects the interests they previously attacked. Jeff Moss never (in public knowledge) attacked the security of the United States. He has exposed weaknesses in various security systems, but that's often considered helpful. It would be more like a naturalist with a BA in Criminal Justice turned gamekeeper.

Re:Not quite (2, Funny)

hedwards (940851) | more than 5 years ago | (#28235285)

Where have you been? The federal government frowns on talking about obvious security holes because doing so makes them exploitable. As long as we pretend that the DoD and other government agencies are properly securing their networks the crackers can't get in.

Re:Not quite (4, Interesting)

_Sprocket_ (42527) | more than 5 years ago | (#28236519)

Where have you been? The federal government frowns on talking about obvious security holes because doing so makes them exploitable. As long as we pretend that the DoD and other government agencies are properly securing their networks the crackers can't get in.

And where have you been? I've been inside the federal government. I've seen them (us) use all that public knowledge and tools to deal with the security issues we've had. I've attended security conferences on the Fed's dime where information from open discussions were brought back to help deal with our vulnerabilities. The Feds have benefited greatly from open security discourse. That's not to say the Fed is effective with infosec. In recent years they've woken up to the fact that they're sorely lacking. Unfortunately, their response has been to turn the issue in to an exercise in red tape that generates a lot of effort - only a fraction of which goes to actually securing the systems involved. And that's why we get agencies that think they've secured their networks when they haven't (the more redtape exists, the more loopholes there are). It's not all a case of the Emperor's New Clothes.

Re:Not quite (2, Informative)

TubeSteak (669689) | more than 5 years ago | (#28237071)

And that's why we get agencies that think they've secured their networks when they haven't (the more redtape exists, the more loopholes there are).

The name of the House Committee escapes me, but they do yearly reports on computer security and gov't agencies regularly get Ds (up from their previous Fs).

http://csrc.nist.gov/groups/SMA/fisma/index.html [nist.gov] demonstrate its compliance with the security requirements as opposed to how well the requirements are actually implemented.

Re:Not quite (2, Insightful)

_Sprocket_ (42527) | more than 5 years ago | (#28238461)

The name of the House Committee escapes me, but they do yearly reports on computer security and gov't agencies regularly get Ds (up from their previous Fs).

The big question is what do these grades really mean? Do they really provide any true indication as to how effective the Government is at securing their systems? Is a 'D' all that much better than a 'F'? And what does it mean if an organization manages a 'B' (mine did)?

But at the same time, I get a feeling that it sort of does give an impression as to where things are. A 'D' just isn't all that great. But it is better than a 'F'.

My little nook of the Fed world improved over the years. Infosec took on new meaning when the top of the Fed hierarchy started throwing around requirements and putting on their serious face. I would imagine things ARE getting better all in all. It's just darned hard to tell how much better.

http://csrc.nist.gov/groups/SMA/fisma/index.html [nist.gov] demonstrate its compliance with the security requirements as opposed to how well the requirements are actually implemented.

NIST Special Publication 800-53 is what I had in mind. It's generated a ton of work for contractors to bring in auditors. And in my (limited) experience, it's a great opportunity for someone with no infosec background to "get in to security" as auditors are simply required to follow the documentation. Said documentation can be turned on it's ear by a sufficiently adept beurocrat in some cases (and avoided if your auditor isn't too technical in others). But despite my cynicism... it's something. There ARE some good practices in that document. And NIST has put out some nice automated scripts to help hash it all out (best keep an eye on what its doing though). So it's not ALL bad. Just not great.

Re:DC = suits = Borg (1)

Majik Sheff (930627) | more than 5 years ago | (#28234677)

The first image I got was Neo being taken over by Agent Smith. You'll like being me, Missster Anderson!

Re:DC = suits = Borg (4, Funny)

ErikTheRed (162431) | more than 5 years ago | (#28236253)

Oh, I think he'll be fine.

Just don't be surprised when all of a sudden "Hail to the Chief" gets replaced with "All your base are belong to us."

More change for the US (4, Interesting)

Goatboy (22601) | more than 5 years ago | (#28234471)

That Obama chap keeps making some inspired decisions - we could do with someone like him over here (UK) to bring a bit of change.

Re:More change for the US (4, Funny)

Anonymous Coward | more than 5 years ago | (#28234535)

Quite a few of us back here would like him to be over there as well.

Re:More change for the US (0)

Anonymous Coward | more than 5 years ago | (#28234591)

Yeah, because god forbid you have someone intelligent and competent running your country.

Re:More change for the US (3, Insightful)

BitZtream (692029) | more than 5 years ago | (#28234711)

Well, if you stop looking at it as a insult to your team, and more as nothing more than a joke, it was pretty funny. I voted for Obama, and I still thought it was funny as shit.

But ... lets be realistic here, the jury is still out on intelligent and competent, I've seen nothing in particular so far to make me believe he is truly any different. Its practically impossible to tell this early on how its going to play out, you really don't know his agenda yet, just what you're supposed to think it is.

Re:More change for the US (5, Insightful)

Anonymous Coward | more than 5 years ago | (#28234873)

I don't think the jury is still out on intelligent, at least. He did go to an ivy league school, and his daddy wasn't in politics, or rich. He also didn't just barely scrape by with C's, he graduated with honors. Oh, and then he's written his own books (as opposed to authorizing other people to write them, like most politicians). You could argue that the jury is still out on "different" and even "competent" but I don't think you could seriously make an argument that he isn't intelligent.

Re:More change for the US (0, Redundant)

easyTree (1042254) | more than 5 years ago | (#28235481)

But there's more than just intelligence and competence needed to be a good president.

Of course by use of the term 'good president', I probably evoke many different ideas, depending on the reader.

What *should* a president be doing? Is it tough love to fuck over most of the country to allow some american individuals to become so wealthy that they have personal fortunes totalling GDP of twenty countries? Or should every citizen's needs be catered for - to bring into being the ideals found within your constitution?

Re:More change for the US (1)

_Sprocket_ (42527) | more than 5 years ago | (#28236551)

But there's more than just intelligence and competence needed to be a good president.

You might have missed the very first sentance of the post you replied to. It read:

I don't think the jury is still out on intelligent, at least.

I don't see why you're trying to turn that in to a debate on being a "good President."

Re:More change for the US (1)

easyTree (1042254) | more than 5 years ago | (#28237389)

Did you actually read my post or just use find/copy/paste ?

The GP is saying that obama is intelligent. I'm accepting that ok, maybe he's intelligent and competent but that those two facets of his personality are not enough to ensure that the country's people get a fair deal from his period of office.

I'm 'trying to turn that into a debate on being a good president' because the thread is focusing too closely on intelligence and comptence. What about ethics? Desire to do the right thing? Huh?

Re:More change for the US (1)

_Sprocket_ (42527) | more than 5 years ago | (#28238257)

Did you actually read my post or just use find/copy/paste ?

I used this thing called "reading comprehension" where you pay attention to what the person wrote and you understand it. It's amazing stuff.

I'm 'trying to turn that into a debate on being a good president' because the thread is focusing too closely on intelligence and comptence. What about ethics? Desire to do the right thing? Huh?

Oh. I see. You meant to reply to BitZtream where those points were put to question. (And good points they are, IMHO).

Re:More change for the US (1)

discord5 (798235) | more than 5 years ago | (#28234717)

Yeah, because god forbid you have someone intelligent and competent running your country.

I think it's the fact that he's not been walking on water yet that has upset some people.

Re:More change for the US (1)

siloko (1133863) | more than 5 years ago | (#28235189)

I think it's the fact that he's not been walking on water yet that has upset some people.

It's true we're pretty tight over here in the UK but even we can stretch to a plane ticket . . .

Re:More change for the US (0, Troll)

Anonymous Coward | more than 5 years ago | (#28234705)

Careful what you wish for -- it seems Germany had an inspiring, charismatic, popular leader a half-century ago and we saw how that worked out.

Change doesn't always mean improvement or even progress. Changing from a Constitutional Republic to a socialist territory run by a dictator (complete with a dozen "czars") is hardly what freedom-minded Americans had in mind. We are now teetering on the edge of financial ruin, committing to an unprecedented level of debt that makes economic collapse and/or hyperinflation a near certainty.

Re:More change for the US (1)

Tigersmind (1549183) | more than 5 years ago | (#28234771)

Godwin'd quiiiiiick

Re:More change for the US (1)

hedwards (940851) | more than 5 years ago | (#28235363)

The scary thing is that the GP is probably able to vote. And worse is poorly educated enough to not know the following:

The czars were killed by communists, Hitler was a fascist, fascists are the mortal enemies of socialists and most of the economic problems have been caused by fascists running the economy.

Which is why fascists are so opposed to proper education, it puts all kinds of holes in their arguments.

Re:More change for the US (0, Offtopic)

HornWumpus (783565) | more than 5 years ago | (#28235569)

Fascists were mortal enemies of communists.

They were both socialists.

Get over it. It's simply a historical fact.

In fascist systems the government takes over the corporations (This happened in Nazi Germany, Mussolini's Italy and Franco's Spain) not the other way around.

You are however correct about most of the economic problems being caused by Fascists...Fascists like Barny Frank.

Re:More change for the US (1, Informative)

Anonymous Coward | more than 5 years ago | (#28235957)

Another misguided person who thinks state control is socialism. If I redefine a fire in my house as a "house warming party" it still won't save my house. By the same token, defining everything you don't like as "socialism" won't help you understand either what socialism is, or what the defining features of fascism are. And if you cannot recognize it, you are powerless to do anything about it.

Re:More change for the US (0)

Anonymous Coward | more than 5 years ago | (#28235683)

I wish your perspective were shared among more in the US.

Re:More change for the US (0)

Anonymous Coward | more than 5 years ago | (#28236397)

I second that. The UK is scraping the bottom of the political barrel right now, and what they're finding is not pretty.

Good for the council (4, Insightful)

Tyrun (944761) | more than 5 years ago | (#28234481)

This is actually a great step forward. Why not have some of the best hackers review our current practices?

Re:Good for the council (1)

Score Whore (32328) | more than 5 years ago | (#28234627)

We already do. They're called the NSA.

Re:Good for the council (4, Interesting)

rtfa-troll (1340807) | more than 5 years ago | (#28235315)

Technically, you are certainly right. The NSA are brilliant in practical cryptography etc.. However, the current security disaster we call the internet is directly linked to the NSA. If they hadn't been so determined to block strong crypto for so many years; if they had actually understood the importance of computing security to the future of their nation; if they had done their job right, many things could be better. Some sensible mechanism like IPSEC could easily be standard everywhere. A civilian standard for basic secure systems could be widely recognised. Many consumer standard systems could have much better security. Having them decide cyber security policy has been a disaster which has left the commercial infrastructure of the USA and the rest of the world needlessly insecure. Having people from the outside who actually see this has to be better.

Re:Good for the council (2, Funny)

Hurricane78 (562437) | more than 5 years ago | (#28235347)

I think he meant white hat hackers. ^^

Good luck with that, Jeff (5, Insightful)

Jawn98685 (687784) | more than 5 years ago | (#28234497)

Seriously. I have no doubt that Jeff has the chops and the "perspective" that has definitely been "missing". I watched the eyes of Richard Clarke and his entourage glaze over at a "town hall" meeting with the "President's Critical Infrastructure Protection Board" (or whatever they called it then) in Portland about 8 or 9 years ago, as some very smart security folks told them what was coming and what needed to be done. Honestly, I don't know if they just couldn't grasp the issues or if they were more interested in political play, but the message was quite plain; "the government" was going to be no help in securing things. Political inertia being what it is, I doubt that much as changed, the current administration's well-meaning efforts notwithstanding. Jeff is in for a frustrating ride, I fear.

Re:Good luck with that, Jeff (5, Interesting)

MeatBag PussRocket (1475317) | more than 5 years ago | (#28234529)

perhaps... just perhaps his background (read: _not a stuffed shirt_ ) will allow him to say "look, this is a problem and if you dont realise it you're an idiot and these are the very real consequences" hes not beholden to any voter or company and has no political baggage. if the sky is falling he can definily say it is without worrying about constituents or political parties

Re:Good luck with that, Jeff (1)

VGPowerlord (621254) | more than 5 years ago | (#28236945)

if the sky is falling he can definily say it is without worrying about constituents or political parties

But if they don't believe him, what good does it do?

Re:Good luck with that, Jeff (5, Interesting)

malkavian (9512) | more than 5 years ago | (#28234719)

He may employ a similar tactic to the one I use when I have to deal with people above me in political clout on issues of a technical nature
Rather than play their game, I simply produce a highly condensed set of the major risks that would be caused if the activity I recommend does not take place, then wander round to whoever it is that's trying to hold it all up/derail it, and get them to sign at the bottom of the page (has to fit on one side of paper) saying they agree that the risk is all on their own head and that they accept it entirely be not performing the activity.
You then leave with a signature, or the support for the activity. You'd be surprised by how many people don't even try to understand the matter until their head is on the block for it. The pen is truly mightier than the sword sometimes.
If they don't sign, they lose a lot of respect for trying to dodge the matter.

Re:Good luck with that, Jeff (5, Informative)

The Dark Tangent (660926) | more than 5 years ago | (#28238273)

Thanks for the encouragement! I serve at the pleasure of the Secretary, and will do my best to give the HSAC and her the information and opinions I think are necessary to make informed and non-lame decisions. The rest will be up to the powers that be. Like someone said in another post, I have no horse in this race. I'll try to make a positive change and if I feel I can't because I am the wrong person for the job then I'll step aside for someone who can.

Maybe Jeff can explain this (0, Offtopic)

bogaboga (793279) | more than 5 years ago | (#28234573)

I have used Linux and Unix systems for over a decade now. What boggles my mind me is why a [Linux/Unix] "encrypted password" stored in /etc/security/passwd cannot easily be "reverse engineered."

If a known algorithm produces the encrypted password, why can't that algorithm be "reversed" to produce the original password in the first place? Algorithms follow a set of logical instructions.

Even in open source systems, encrypted passwords are not easy to crack. Why?

Could a slashdotter post some "simple to understand code" that produces output I cannot reverse engineer?

Re:Maybe Jeff can explain this (2, Informative)

oldhack (1037484) | more than 5 years ago | (#28234607)

Look up one-way hashing algorithm. The hash (encrypted password) does not contain all the info of the clear password, so you can't get the password out of the hash. It's a feature.

Or maybe that's not your question?

Re:Maybe Jeff can explain this (1, Funny)

Anonymous Coward | more than 5 years ago | (#28234643)

do we have to re-hash this again?!

Re:Maybe Jeff can explain this (1, Informative)

Anonymous Coward | more than 5 years ago | (#28234609)

I'm no pro, but I believe that Salting [wikipedia.org] is used.

Re:Maybe Jeff can explain this (1)

JaredOfEuropa (526365) | more than 5 years ago | (#28234611)

If a known algorithm produces the encrypted password, why can't that algorithm be "reversed" to produce the original password in the first place? Algorithms follow a set of logical instructions.

Some mathematical instructions are easy to execute, but are very hard or non-deterministic to reverse. A simple example: take two (large) numbers x and y, and keep them secret. Multiply them and call the result z. Easy, right? And it is also easy to check if any two numbers are equal to the secret x and y, by comparing their product against z (of course there might be more products that match z in this example). However, if you only know the number z, it will be a lot harder to work out what the numbers x and y are.

Re:Maybe Jeff can explain this (-1, Troll)

Anonymous Coward | more than 5 years ago | (#28234619)

LARGE PRIME NUMBER TIMES LARGE PRIME NUMBER. HERE IS HUMONGULOUS NUMBER WITH 2 PRIME FACTORS. GOOD LUCK.

(I could be wrong but I'm just a glory hound.)

Filter error: Don't use so many caps. It's like YELLING.
That's the Point, bitch

Re:Maybe Jeff can explain this (5, Funny)

Ant P. (974313) | more than 5 years ago | (#28234661)

Could a slashdotter post some "simple to understand code" that produces output I cannot reverse engineer?

function f(int x) { return x/x; }
Find the original value of x, when given f(x) == 1. To get you started, x is not 3853, 178470 or -8956583566.

Re:Maybe Jeff can explain this (0)

Anonymous Coward | more than 5 years ago | (#28234729)

Figures I'd be out of mod points now. *clap* *clap* well done :)

Re:Maybe Jeff can explain this (1)

forgot_my_username (1553781) | more than 5 years ago | (#28235155)

Could a slashdotter post some "simple to understand code" that produces output I cannot reverse engineer?

function f(int x) { return x/x; } Find the original value of x, when given f(x) == 1. To get you started, x is not 3853, 178470 or -8956583566.

OOhhhh!!! ohhh!!! I know, I know!

It is zero!!!

hmmm.... maybe not!

Maybe it is 42!
YES! That is it! 42!

My God! You have done it!! You have discovered the Question.
Isn't reality supposed to be replaced by something far more complex now.

Hmm... mayb#@


this is a sig... Emmanuel
refinancing [erefinancing.org]

Re:Maybe Jeff can explain this (1)

zx-15 (926808) | more than 5 years ago | (#28235531)

f(0); Lameness filter is lame.

Trivial Case is a good teaching example... (1)

Guppy (12314) | more than 5 years ago | (#28236227)

function f(int x) { return x/x; }
Find the original value of x, when given f(x) == 1. To get you started, x is not 3853, 178470 or -8956583566.

This is actually, in a funny kind of way, a good illustration of an aspect of hash functions. In a non-reversible hash function, a certain amount of information gets destroyed. The above algorithm is a trivial example in which all information gets destroyed, and thus every single number is a collision.

Part of what makes a good hash function is throwing away just enough information to make it irreversible, but preserving enough to make it meaningful.

Re:Maybe Jeff can explain this (1)

mail2345 (1201389) | more than 5 years ago | (#28234669)

From what I know, some data is lost in the process of hashing, which while preventing reversal, allows for collisions.
Meaning that even if you could reverse it, there are infinite possibilities for the answer.

Re:Maybe Jeff can explain this (1)

BountyX (1227176) | more than 5 years ago | (#28234699)

Bogaboga, I was under the impression that the passwd file generates hashed values not encrypted ones. Hash algorithms are deterministic in nature so it is infeasible to reverse the hash. Any code I post generating a well-salted hash from a respectable algorithm would be out of your capacity to reverse engineer. A program like John the Ripper, or a rainbow attack would be computationaly hard to find a collision.

Here are the rules for hashing:
Given M, easy to compute h=H(M)
Given h, hard to compute M such that h=H(M) -- "one-way"
Given M, hard to find M' (different from M) such that H(M)=H(M')
(Not always satisfied) Hard to find M,M' such that H(M)=H(M') -- "collision resistant"
Note that 4 implies 3 (i.e. if we could solve 3 we could solve 4), but not conversely. The strange thing about hash functions is that there are typically billions of collisions, or perhaps infinitely many (if the hash function really does take arbitrary-length input; most have some huge limit). But it is computationally hard to find a single one.

Re:Maybe Jeff can explain this (3, Informative)

FooAtWFU (699187) | more than 5 years ago | (#28234747)

Why? Discrete mathematics, my friend, and in particular, modular arithmetic. (You know, from fourth grade, when you'd do 11 / 3 and get "3 remainder 2" - the 'modulo' operation just gives you the 2.) Now suppose you have an algorithm:
a = x % 731
b = x % 129
Now take a number: say, x = 10,000. Easy to compute: a = 497. b = 67. Very easy to calculate. But, working backwards from a and b alone, can you determine x? Suppose a = 616 and b = 100; can you tell me what my number is? It's not quite that easy! You'll need to do a lot more math. Not too much, in this case, as this is a ridiculously simple code and the numbers are small, but a lot more than a simple integer-division-and-remainder operation.

That's not an encrypted message. (Public-key cryptography is related but different.) That's a simple one-way cryptographic hash: a secret number (your password) goes in, and a mysterious hash-value (a and b) comes out, and there's no easy way to map it back. But if you give me the password, it's easy to check that it's right. That hash value is what's in your shadow password file. Except it uses MD5 or SHA or whatever-the-latest-hotness-is.

Now, granted, there's few enough passwords that you can check them all, given enough time. (You might even precompute them all, which is why you add a little random 'salt' to each password that makes them all different. In the example above, the 'salt' could be 'add 12345 to X before hashing it'. You can store the salt next to the encrypted password - you'll need it to check the password. It only protects you from the guy who calculated all the passwords adding +12344 each time - his "rainbow table" of passwords and hashes is now useless.). That's why the shadow-password file isn't usually broadcasted to the world. You try to keep it reasonably secret: not world-readable, certainly not exposed to the Internet. But it's a whole lot better than nothing.

Re:Maybe Jeff can explain this (5, Informative)

osu-neko (2604) | more than 5 years ago | (#28234773)

I see a number of people have answered, but none have giving a simple and straightforward explanation to what's wrong with your question.

Simply put: Unix does not store your password. If you've been told Unix stores your password encrypted somewhere, someone was glossing over the details to the point of making false statements. People can't reverse the process of decrypting your password because your password isn't stored there to begin with.

If you want to know what is actually stored, follow the previous advice about looking up hashing algorithms. Quick a dirty answer: when you first type in your password, a hashing algorithm is run over it and a hash code is produced, which is stored. When it prompts anyone for your password, it doesn't know the correct answer, but whatever answer anyone gives, it runs through the same hashing algorithm and sees if it produces the same result. The odds of two different strings producing the same hash result vary with the algorithm but it can be something like 1 in 2^160.

But the short answer is, your password cannot be decrypted because it wasn't encrypted and stored to begin with. There's nothing to decrypt.

Re:Maybe Jeff can explain this (1)

FireFly9 (1504637) | more than 5 years ago | (#28236819)

teews rewsna!!

Re:Maybe Jeff can explain this (2, Insightful)

Tweenk (1274968) | more than 5 years ago | (#28234793)

The password is not encrypted, it is cryptographically hashed (encrpytion is two-way, hashing is one-way). A hash function transforms an arbitrary length input into a fixed length output, so there is no inverse function in the mathematical sense: a single hash value has an infinite number of inputs corresponding to it. Finding a value that produces a given hash is extremely hard: a good hash function will not have any way of computing such a value more effective than brute force (e.g. you try all possible inputs until one of them given you the hash you're looking for).

As for reversing the algorithm: in essence, the generation of the password hash always uses a stateful generator, and this state is not preserved in the hash. When trying to reverse the hash, you must know not only the hash but also the state of the generator at the end of the algorithm, otherwise backtracking to the initial state of the generator defined in the hash function definition can take more than the age of the universe, even if you used all the computing power on earth to break this single password. Another mathematical idea that is frequently used is that if you have two very large prime numbers x and y, you can quickly compute their product z, but you can't easily find x and y if you only have z. Unless you have a quantum computer, which doesn't exist yet.

Real world analogy: it's nearly impossible to find two persons with the same fingerprints, but the fingerprints themselves don't contain any infromation about the name of the person. If you have a fingerprint and a person, you can easily identify if it the fingerprint belongs to the person, but if you only have the fingerprint, you need to check the fingerprints of all people to find a person that has the same fingerprint.

Re:Maybe Jeff can explain this (1)

DMUTPeregrine (612791) | more than 5 years ago | (#28234865)

http://en.wikipedia.org/wiki/Cryptographic_hash_function [wikipedia.org] Read that. It's hard to get the original password, because no one knows how to do the math backwards. It can be easy to change the password, just hash your new password & copy the new hash over, replacing the old. Of course, if there's a secret salt that will fail, but you can probably discover the salt. All that requires physical access in most cases, BTW.

Re:Maybe Jeff can explain this (0)

Anonymous Coward | more than 5 years ago | (#28237791)

Not a sentence!

Well, this sentence no verb, dude!

Re:Maybe Jeff can explain this (4, Informative)

vux984 (928602) | more than 5 years ago | (#28235021)

If a known algorithm produces the encrypted password, why can't that algorithm be "reversed" to produce the original password in the first place?

It has been. But it doesn't really do you any good. The actual password is lost. The reverse of a hash produces infinite solutions. (In the same way the reverse of modulus division produces infinite solutions).

But those solutions are all 'collisions' and they could all be used interchangeably with the original password. So getting any solution is almost as good as getting the original.

Even in open source systems, encrypted passwords are not easy to crack. Why?

Because pretty much all modern encryption is based on the idea that its VERY easy to multiply two stupidly large prime numbers to find an even stupidly larger number. Multiple two 1000 bit prime number numbers and get a 2000 bit non-prime as a result.

But it takes years upon years of processor time to take that stupidly larger number, and factor it back into the original stupidly large primes.

Could a slashdotter post some "simple to understand code" that produces output I cannot reverse engineer?

z = primex * primey;

suppose z = 377, how do you find the factors: 13 and 29?
Now, for encryption, z is thousands of digits instead of 3.

Algorithms that solve this exist, they just won't finish running until after you've died of old age.

Re:Maybe Jeff can explain this (4, Informative)

Bob9113 (14996) | more than 5 years ago | (#28235667)

Could a slashdotter post some "simple to understand code" that produces output I cannot reverse engineer?

While I *love* the first respondent's answer, and giggled like an idiot when I read it, perhaps this will be more a more useful example for understanding how it works.

The modulus operator in arithmetic returns the remainder after integer division. It is commonly noted "x % y", "x mod y", "mod( x, y )", or similar.

So:
3 mod 2 = 1
4 mod 3 = 1
4 mod 2 = 0
5 mod 2 = 1
5 mod 3 = 2
5 mod 4 = 1 ...

Now, suppose a password structure "x:y" -- you are required to enter your password as two digits, separated by a colon (not normal, but just suppose).

You could enter, as your password, "4:3", and the system could store as your password hash "1" -- the result of "4 mod 3". Then, when you attempt to log in next time, if you submit "4:3", the system would take the modulus and check the result, "1", against its internal table of password hashes and allow you in.

Now, suppose you get the table of hashes, and see:
joeSmith: 1

joeSmith has the password hash "1". Is his actual password "3:2", "4:3", "5:2", or "5:4"? Since the modulus of all those pairs is "1", the correct answer cannot be determined from the output alone. Modulus is what is called a "non-reversible function." The output of the modulus function contains less information than the input, so it cannot be reversed.

In this example it is trivial, however, to generate another password combination that results in the same hash. For example, "6:5" also equates to the hash "1". This is called a collision between "6:5" and "4:3". The attacker does not have to know joeSmith's actual password, as long as he can supply input that results in the correct hash. That leads to the next step in identity verification systems: ensuring that it is not possible for a reasonably funded attacker to forge a document which collides with the actual document (or password in this case, which is a special kind of document).

That is a much harder topic.

Re:Maybe Jeff can explain this (1)

RobertLTux (260313) | more than 5 years ago | (#28236537)

well lets see

1 salting: a number is added into the mix to jig the results (and this may not be a known number for a particular setup)

2 the password function itself is designed to be slow and the encoder works one way (no decode)

3 anybody that is running with passwords in the /etc/security/passwd is a complete moron (hint shadow is the correct name of the file) http://www.cyberciti.biz/faq/understanding-etcshadow-file/ [cyberciti.biz]

Jeff (0)

Anonymous Coward | more than 5 years ago | (#28234665)

That Jeff is a pretty cool, I met him once and he's not one of the arrogant hacker types who wear black lipstick and snort coke. A real down to earth geek you can talk to.

And "Spot the Fed" just got a lot more interesting (2, Funny)

RobertLTux (260313) | more than 5 years ago | (#28234811)

I wonder how the rules of "Spot The Fed" will change now that DEFCON is somewhat run by a fed????

PR ploy maybe? (1)

zazenation (1060442) | more than 5 years ago | (#28234697)

I think she just watched the 1993 SciFi movie "Demolition Man" with Sylvester Stallone and Wesley Snipes:
"Send a maniac to capture a maniac".

While I understand the gut PR logic, I fail to understand how it translates into anything but "We're thinking outside the box" political cover. I think Janet Napolitano is anxious to be seen looking open minded after the "Veterans are possible terrorists" memorandum that leaked out.

Re:PR ploy maybe? (2, Interesting)

Repossessed (1117929) | more than 5 years ago | (#28235529)

Jeff is hardly a maniac, he's an expert in computer security. Far from a PR stunt, this is an effort to get somebody who knows how to secure computer systems involved in *gasp* security.

Re:PR ploy maybe? (1)

zazenation (1060442) | more than 5 years ago | (#28236063)

You are taking me far too literally.
Please enhance your calm.

Narc Tangent sells out (4, Interesting)

Anonymous Coward | more than 5 years ago | (#28234825)

I guess I'll give the perspective here of a very small (yet dedicated) section of the hacker community. I have retired from hacking, but the hacker community still interests me, and I feel a responsibility with some others in guiding it.

As far as myself, I was on H/P sub-boards of BBSs in the early/mid 1980s, and did use the Feature Group B (950-XXXX) codes they posted to phreak, but I put that aside because I did not begin to seriously hack (and phreak) until 1989, and I retired in 1996, the day I began working for an ISP. I personally have met many members of LoD, MoD, BoW, l0ck and so forth, have gone to many cons and 2600 meetings, have gone on trashing runs, talked to them on "confs" (conference calls), on BBSs, IRC etc.

Perhaps I'll search for more original links later, but Gweeds speech [theregister.co.uk] at H2K2 in July 2002 is what was really the clarion call of the white hat backlash. That speech was great, and expressed what I felt for a long time but hadn't heard anyone else say.
This [phiral.net] web page is dedicated to the white hat backlash as well.

Actually, the anti-whitehat movement in my mind has itself already split. There are the older people like me, Gweeds and some others who primarily want to delineate this line between hacking and the security industry. They are two separate things, in fact, they are against each other - the security community arrests and jails hackers. The idea that there can be a grey hat who is between white hat and black hat is ridiculous, you are either a hacker, or you are working for the security industry and law enforcement. I think even a lot of anti-hacker people would agree with us on that one.

Most of us are older, most of us don't hack any more, and the people in this movement or tendency that Gweeds became a spokesman for I have noticed are also in the anarchist movement. After all, Gweeds talked about anarchism a lot, I have been involved in the anarchist movement, and I know others of our mindset (some who I feel have expressed sympathetic sentiments are in the cDc).

I myself more than most of this group are in a political plain at the cross-section of anarchism and Marxism. So being one more of a dialectic bent, I think the progression of what has happened - people hacked until the mid 1990s, in the mid 1990s many hackers entered the security industry and the hacking movement died out to a large degree, then Gweeds made his speech in 2002 and the hacking movement is still moribund, but has some more self-awareness now anyhow. The rise and fall of IT with the dot-coms caused a chain of reactions. Perhaps the rise and fall of IT within FIRE (Finance, Insurance and Real Estate) will have some reaction as well.

I think what is more important is I think the expression of the "hacker ethic" has always been bullshit. Whether it was what the Mentor said, or that Phrack or 2600 talked about. 2600 has said things like "Companies should be glad we're hacking as we're showing them holes before the bad guys do" which sounds ridiculous to me from a hacker perspective, and I'm sure sounds ridiculous to law enforcement and companies being hacked. Gweeds, and some of the people who picked up the torch of what he said have refined that.

I myself think another criticism has to be made, not just of the white hats, but of the crowd which I'll call the 4chan/Anonymous crowd. I think what they're doing is a new development, is sort of in the spirit of hacking, but misses the boat in a few ways.

"I miss crime" (0)

Anonymous Coward | more than 5 years ago | (#28234843)

I spot the fed... (pointing to DT)

I remember him (1)

British (51765) | more than 5 years ago | (#28235275)

Many moons ago, after a 2600 meeting, a bunch of us converged at a coffee shop. Dark Tangent & his friends were there. He had a laptop with a webcam attached to it(supposedly recording). Yet he raised a stink when someone else tried to take a picture of him. Do as I say, not as I do?

Re:I remember him (3, Interesting)

The Dark Tangent (660926) | more than 5 years ago | (#28238471)

Um, no, you have remembered incorrectly. There as a girl with you taking film pictures of myself, Dom, K0re, and another person and trying to be clever about it. I turned a non functioning web cam around at your group to essentially say "It works both ways"

Holy Crap! (4, Funny)

Bob9113 (14996) | more than 5 years ago | (#28235357)

This almost makes me believe that the government is serious about cyber-security.

Now, next, add a Constitutional Rights specialist from the EFF or ACLU and I might have an honest-to-goodness heart attack.

Mitnick and Lamo think otherwise (5, Interesting)

It's the tripnaut! (687402) | more than 5 years ago | (#28235591)

Kevin Mitnick and Adrian Lamo do not seem to like the idea of Moss getting the nod. Mitnick prefers Bruce Schneier while Lamo believes Moss is a suit, "the reality is he's as corporate as hiring someone out of Microsoft."

I wonder what the reaction in the tech community would have been had the 2 above gotten the call instead.

Re:Mitnick and Lamo think otherwise (0)

Anonymous Coward | more than 5 years ago | (#28237533)

Does it really matter if you're working for the government how much you were "keeping it real" before?

Listen to (h)Ackbar (1)

FatalTourist (633757) | more than 5 years ago | (#28235733)

It's a trap!

Resistance is futile! (0)

Anonymous Coward | more than 5 years ago | (#28236475)

Judas!

What's next? Theo de Raadt as the cybersecurity czar? Geez .

Sshit (-1, Troll)

Anonymous Coward | more than 5 years ago | (#28236515)

that has lost FreeBSD went out or mislead the The developer the problems

Spot the Fed! (1, Funny)

jcr (53032) | more than 5 years ago | (#28237395)

It's going to be a lot easier at the next Defcon. Or, is he just going wear an "I am the fed" t-shirt for the whole conference?

-jcr

He's an FBI Informant (2, Interesting)

liveammo (977628) | more than 5 years ago | (#28237483)

Of course Jeff Moss was invited into the Homeland Security Advisory Committee, he has been organizing events for over ten years to collect information about hackers in the computer underground. Anyone who goes to DEFCON or Black Hat is immediately "on the radar" of every three letter agency here and abroad. He's an FBI stooge, always has been, always will be.

Jeff Moss' FBI Handler (2, Interesting)

liveammo (977628) | more than 5 years ago | (#28237545)

Jeff Moss initially got started as an FBI informant working with members of the "Legion of Doom"; his FBI handler was named Dick Brandis, a former polygrapher for the Pittsburgh PA Federal Bureau of Investigation. Brandis eventually ended up resigning from the Pittsburgh FBI for taking classified government information home with him and establishing his own network of hackers that Moss et al would get into compromising positions and then blackmail for information and unpublished exploits.

Re:Jeff Moss' FBI Handler (0)

Anonymous Coward | more than 5 years ago | (#28238337)

Got anything besides rumor? Are you coming out as part of that inner hacker circle Jeff Moss was part of? I can't find anything searching google for "jeff moss fbi informant dick brandis pittsburgh" except for penile enhancements. Which may be fine for jeff moss, but I don't need it.

An oxymoron (1)

OutputLogic (1566511) | more than 5 years ago | (#28238223)

Isn't it an oxymoron: "hacker" and "Homeland Security Advisory Council" in one sentence. How about : A well known criminal John Doe joined the police force

OutputLogic [outputlogic.com]

Mystery Anoucement: Hacker Militia... (1)

kk49 (829669) | more than 5 years ago | (#28238335)

In the original 2nd amendment way, Every able-minded hacker is now in the hacker militia, it is now okay to hack computers in foreign countries... ;)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?