Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mitnick on OSS

Hemos posted more than 8 years ago | from the hacking-it-out dept.

Security 286

comforteagle writes "Infamous cracker Kevin Mitnick (turned security consultant) has come out to say that he'd prefer to 'hack' open source code vs proprietary closed code. "Mitnick says that open source software is easier to analyse for security holes, since you can see the code. Proprietary software, on the other hand, requires either reverse engineering, getting your hands on illicit copies of the source code, or using a technique called 'fuzzing'." He further says that open source is more secure, but leaves you wondering questions if enough people are really interested in securing open source code."

cancel ×

286 comments

Captain Obvious (5, Insightful)

Fusen (841730) | more than 8 years ago | (#14598577)

In other news, it's easier to see where you are going when you have your eyes open.

Re:Captain Obvious (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14598606)

mod parent funny

Re:Captain Obvious (1, Redundant)

IAmTheDave (746256) | more than 8 years ago | (#14598634)

Seriously. I know it's Slashdot, but this particular nugget of wisdom - even from beloved Kevin Mitnick - doesn't really count as news.

Beloved? (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14598703)

Mitnick is a fucking idiot. Calling that fuck-nugget a Hacker is a fucking travesty; it's like calling Kevin Warwick an leading figure in AI. Mitnick couldn't "hack" his fucking lawn; hence his amazing technical "insights" like these. The guy was caught, which just goes to show how good he is.

My State of the Union speech (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14598758)

MY STATE OF THE UNION SPEECH by George W. Bush

Mr. Speaker, Vice President Cheney, extreme members of Congress, ladies and gentlemen, boys and girls and children of all ages.

As we boldly enter a new year of hurling before us, I've come before you to tell you that Freedom is spreading like cancer in the Middle East, our economy is even robustier than it was last year and, if we all work together in this coming year, there will be countless more fish to fry, or bake if you're watching your cholesterol.

Tonight, with more and more Americans going back to work, with our nation an active force for goodnicity in the world, the state of our union is truly flamboyiscious. (SP?)

This past year, we have accomplished many things that no one expected and some outright feared.

Our No Child Left Behind Act has not only increased our youngins' ability to read and do math, but we have decreased the student population dramatically, nationwide. Now, when a child graduates high school, not only will he or she be able to print his or her name tag while asking "Do you want fries with that?" they'll be able to add up the menu total.

The past year, we've reframed and totally regurgitated Medicare, creating thousands of jobs in emergency room care.

We have added two million jobs in non-auto construction related fields.

We have plugged the holes of the bankruptcy dykes, who threatened to cheat honest bankers and credit card employers out of their hard squandered cash.

We have tackled such hard questions as how frightened are you of Social Security disappearing, how many hurricanes can FEMA handle and how fast can the House pass a bill when no one is looking?

But we must not rest on our laureates.

The year ahead will present us with challenges both overseas, at home and elsewhere.

I'm going to remind you all that we're living in hysteric times. The decisions we make today will help shape the direction of events for years, even weeks, to come.

Now, recently, there has been a hornet's nest of inflappatory (SP?) rhetoric concerning my involvement with so called "domestic spying." It's true, I have allowed NASA to spy on Americans but let me remind you of one important fact: the world changed after 9/11.

Think about it. 9/10? You're riding your bike whistling a happy tune. 9/12? You're scared stiff. In between? 9/11. Bingo.

If any of you don't remember 9/11, we were attacked by a group of drooling madmen who hate us for our freedoms, so I decided to lessen them.

And, if NASA can safely land people on the Moon, it can handle this finely.

Our "domestic spying" program isn't. (Does that make sense, Karl?) It's a program devoted to "terrorist surveillance" or, as I call it, "terrorist tattling."

If al Qaeda is talking to you? E-mailing you? Sending you a candy-gram? I want to know about it. This program only involves American citizens who are calling known terrorists in another country or another state. We have a list of terrorist groups we're monitoring from al Qaeda to al PETA and al Quaker.

The terrorist tattler program is necessary to protect America from attacks either within our own borders or even closer. Terrorists will use every available weapon at their disposal, from dirty bombs to free speech, to break the will of the American people. I vow I will never let that happen. That's my job.

Some people say that I've broken the law. That's not true. A President has inherent authorities given to him by the Constitution. One of them is breaking the law. I hope this puts an end to the issue.

Oh, yeah, I don't know Jack Abramoff, either.

This year, I'm asking Congress to help me in passing bills that will help all American people struggle.

We're setting a goal of creating two million more jobs, some of them actually in this country.

We will tackle affordable Health Care insurance the way we did Medicare. By this time, next year, Americans will be dancing in the streets, unless they're too old or too sick.

We will help an additional 200,000 unemployed workers get training for a new job. If you could build a Bronco, you can flip a burger. It's the American way.

We should not be content with laws that punish hardworking people who want only to provide for their families, and deny businesses willing workers, and invite chaos at our border. It is time for an immigration policy that permits temporary guest workers to fill jobs Americans will not take, like joining the military. This will not apply to Canadians.

Because marriage is a sacred institution and the foundation of our society, it should not be re-defined by activist judges or odd people. For the good of families, children, and society, I support a constitutional amendment to protect the institution of marriage as long as divorce is left out of the equestrian.

As you all know, the world is facing a possible pandemonium of bird flu. As your President, I vowel that no foreign birds will be allowed in this country without having proper background checks done.

I'm also pleased to report that our ongoing War on Global Terror has had an explosive effect on the world. After 9/11, and our world changed after 9/11, we decided to go after the evil-doers and tackle Afghanistan. I'm proud to report that Afghanistan is now a democracy, the Taliban has started it's own political party and that formerly vicious warlords are now elected officials. Plus, their economy is booming thanks to farmers who grow flowers. From what I understand, they've had a record year.

In Iraq, the Iraqis are standing up so we can sit it out. They now have their own government, their own Constitution, their own problems.

Before the United States of America drove out the Butcherer of Baghdad, Iraq was a country filled with mass graves. Today? There are no more mass graves, just a whole bunch of little ones. Before the United States went to the aid of our Iraqi brothers and sisters, Saddam brutalized his own people. Now that they have their own elected government, Iraqis are free to brutalize each other as they see fit.

(Karl, I think this is where we should introduce dead soldiers' parents, wives and kids. See if you can get one kid to bring a bunny. Bunnies are cute. Plus, Easter is right around the corner.)

Democracy is on the march in the Middle East, with more and more people choosing ballots over bullets or, sometimes, both.

As you know, even in Palestinia, there were free elections. And, if not free, relatively cheap. We look forward to working with the Humus Party in reaching a peaceful settlement of the Israeli-Palestinian problem as soon as they take Israel's total destruction off the table.

Now, I know, when it comes to my foreign policy of peace, democracy and loving yourself as much as your neighbor does himself, there are some naysayers in this country who say "nay." But, where you say "nay?" I say, "hey, how's it going?" And many brave people with purple fingers say "hey" back, but it's in a different language so I can't quite catch all of it. It's awesome-inspiring.

I suppose that makes me an optometrist. Some people look at a glass and wonder if it's half-empty or half-full of it. I always know it's half-full of it.

Now, in order to protect our great Homeland and to allow it to prosper, I ask Congress to do two things: make my tax cuts permanent and re-authorize the Patriot Act.

Many of my opponents have unfairly said my tax cuts are biased because rich people save the most. Well, a-heh-heh (Karl. People love it when I wink and laugh.), any economist knows that rich people have the most money to save because they have the most money. (Karl. Is this redundant or smart?)

They, then, take their savings and put it back into our great economy, creating new jobs for house servants, valets, car detailers, and tennis pros.

And don't forget the backbone of our country, the small businesses run by entremanures. My tax cuts guarantee them savings when they expand their temp services, limousine services and landscaping enterprises.

As some of you know, the world changed after 9/11 and, since the creation of The Department of Homeland Security, we have not been attacked a second time. Sure, a lot of other countries have, but they don't have Homeland Security departments. We do. They don't. That simple.

Remember, these evildoers we are fighting never sleep. Their vision is dark and dim and they never have their eyes checked. Like the Tin Woodsman in 'The Wizard of Oz,' they have no hearts. They don't even have tin. They kill innocent men, women, children and bunnies (Karl. I guess I'm just in a bunny mood today.). In order to save the children and bunnies, I ask Congress to make Homeland Security a bastardion of our country.

The War on Global Terror will last a bazillion years. In Iraq alone, we're battling "rejectionists," "poo-pooers," "al Qaeda," "foreign fighters," "local fighters," "commuters," "Baathists," "Showerists," and Venutians. We have to be vigilant. We have to stand tall in the saddle.

Now, I know I have my critics because of the war and Homeland Security, and I know this is an election year but, in the spirit of bi-partisanship, I extend a fig towards the opposition and say, if I may use Latin? "Ix-nay."

Every bad thing you say about the War on Global Terror makes the evil-doers laugh and our soldiers cry. Think about it.

So, in closing, in this coming year, we must not look back. We must look in the opposite direction. We must jog on the treadmill of hope towards a more peaceful and zesty future. The road somewhere will be long and, maybe, lumpy. But it's up to us, as pothole filling patriots, to keep that road alive and well. And tread upon it as we do ourselves.

As Franklin Deleanor Roosevelt once said: "We have nothing to fear but fear itself." So, smile and be afraid. I'm in charge.

God bless me. God bless Mommy and Daddy. And Barney. God bless all Americans. God bless der Homeland.

Re:My State of the Union speech (-1, Offtopic)

heinousjay (683506) | more than 8 years ago | (#14599183)

This isn't as clever as you think it is, nor is it really that funny. If it were written in a voice that was even close to George's, it would be a lot better, but it reads like a smarmy socialist is talking, and that just doesn't work. Take it back to the typewriter and polish it up.

Re:Captain Obvious (5, Funny)

kfg (145172) | more than 8 years ago | (#14598809)

First Corollary:

It's easier for others to see where you are going when they have their eyes open.

Second Corollary:

It's easier for others to see where you might go when they have their eyes open.

KFG

Re:Captain Obvious (1)

Lumpy (12016) | more than 8 years ago | (#14598959)

Next week he will announce that it is much easier to add ram to your computer if you remove the cover or access door. As well as the fact that your computer is much more insecure if it is currently ON.

I simply wonder if he is trying to make a security version of "call for help" Tv show/ infocast.

Re:Captain Obvious (0)

Anonymous Coward | more than 8 years ago | (#14599072)

Not too surprised that all of the cubicle dwelling underachievers will be a bit jealous.

Fuzzing and Obfuscation (4, Interesting)

eldavojohn (898314) | more than 8 years ago | (#14598580)

I figured I'd add a little more to how "fuzzing" works as the article left me a little disappointed as to what it actually is. There are a few things online about it, including a decent white paper [events.ccc.de] written by Ilja van Sprundel. There's also a large amount of fuzzing going on to test the security of WAP. It's basically the standard buffer overflow [wikipedia.org] attack.

The crux of this attack is using a buffer overflow to gain superuser privileges. This might be trivial on Windows, so I'll relay the "la/ls" story to you regarding how to gain it in Linux. The part of this trick involves figuring out how to get an executable file from your machine to another user's machine. Let's say you know some company or institution is running a webserver on their unix/linux machines from a server and you go to visit their site. Now, their code isn't completely up to date and there's a security hole in one of their web applications. You know (after toying around with said web app on your home machine) that certain large chunks of hex in a field will result in a submission that essentially writes your binary to their $HOME directory. The name of this file will be, of course, "la."

Now hopefully their home directory is like mine and it's full of crap. So they'll never notice the "la" file but everyday they use that machine, they type "ls" to display the file. One day, their finger slips and they type "la" resulting in the execution of my binary. Instantly, another executable is written, this time called "ps" and a thread is started that simply spin locks on the processor--chewing up cycles. The machine might slow or freeze but an admin will notice this process and go into the users directory (as root) and type "ps -al" to see all the existing processes. Instead, it executes your "ps" virus and subsequently, the spinlocking stops with "ps" printed to output with the super user killing "la" and thinking everything is fixed. In the background however, the "ps" process is active ... silently idling waiting to do it's malicious purpose ...

I'm sure there's a hundred things wrong with what I've said, I'm not a hacker--I just like to point out possible security holes.

Improbable but not impossible.

One more thing about the article, the beauty of OSS is that it is impossible to implement security through obfuscation [wikipedia.org] --a major pitfall to security in application design.

Re:Fuzzing and Obfuscation (3, Insightful)

muhgcee (188154) | more than 8 years ago | (#14598628)

Granted, you had a disclaimer about mistakes, but...
This is all assuming that the home dir or the working dir is in the path.

Re:Fuzzing and Obfuscation (3, Informative)

MustardMan (52102) | more than 8 years ago | (#14598660)

Agreed. It would take a pretty crappy admin to have "./" in his default path, and even crappier to have it BEFORE the /bin and /sbin.

Re:Fuzzing and Obfuscation (3, Funny)

SchrodingersRoot (943800) | more than 8 years ago | (#14598841)

It would take a pretty crappy admin to have "./" in his default path

I feel there has to be a /. joke to be made from that somehow...

Re:Fuzzing and Obfuscation (0)

Anonymous Coward | more than 8 years ago | (#14598663)

except that the current directory should not be in the path of an admin-user.

So tell me (0)

Anonymous Coward | more than 8 years ago | (#14598670)

How does this "la" file automagically get execute permissions? Enquiring minds want to know...

Re:Fuzzing and Obfuscation (2, Informative)

Anonymous Coward | more than 8 years ago | (#14598672)

The machine might slow or freeze but an admin will notice this process and go into the users directory (as root) and type "ps -al" to see all the existing processes. Instead, it executes your "ps" virus

Do any UNIX-style systems ship with the current directory in $PATH for root? That's a stupid thing to do and as far as I'm aware, this practice died out years ago for precisely the reason you describe.

Re:Fuzzing and Obfuscation (1)

ngyahloon (655557) | more than 8 years ago | (#14598677)

I don think accidentally typing "la" in your home directory will trigger the rogue program since your home directory is rarely in the PATH variable. You have to type the full path of the program $HOME/la or ./la if you're at your home directory. So i'm sure Obfuscation works a bit more elegantly than what you described but i think we get the picture.

Re:Fuzzing and Obfuscation (5, Informative)

ookaze (227977) | more than 8 years ago | (#14598688)

I'm sure there's a hundred things wrong with what I've said, I'm not a hacker

You mean, like what you said there :
The machine might slow or freeze but an admin will notice this process and go into the users directory (as root) and type "ps -al" to see all the existing processes. Instead, it executes your "ps" virus and subsequently, the spinlocking stops with "ps" printed to output with the super user killing "la" and thinking everything is fixed

Of course, unless the superuser deliberately destroyed the security of its Linux and added "." to his PATH, this would never happen, as it would not execute the "ps" in the user's directory.
But I see your point.

Re:Fuzzing and Obfuscation (2, Interesting)

jcaren (862362) | more than 8 years ago | (#14598736)

"The machine might slow or freeze but an admin will notice this process and go into the users directory (as root)"

  Why? - a ps will run from anywhere. I prefer running top - then selecting
  offending processes and killing of required.
  Alternatively, set ulimits on user accounts and have the spinlock process
  kill itself.

"and type "ps -al" to see all the existing processes"

  Quick question - which admins are stupid enough to include '.' in thier path?

I would have thought it much easier to use buffer/encoding overrun in specific daemons (named/sshd) to get root privs - this assumes you are not running a UML instance for external services such as DNS - you can run a live iso/fs match to detect and report "infections".

I lurve UML :-)

Re:Fuzzing and Obfuscation (1)

Tim C (15259) | more than 8 years ago | (#14598910)

Quick question - which admins are stupid enough to include '.' in thier path?

I've seen plenty do it - perhaps not in their login script, but I've definitely seen people add . to their path manually, when running a lot of stuff in the current dir and tired of typing ./ all the time.

However, that was the first thing that sprung to my mind; sure, that's all reasonable, but . isn't in root's path by default (or indeed in that of most user accounts).

Re:Fuzzing and Obfuscation (1)

MikeBabcock (65886) | more than 8 years ago | (#14599211)

I often have ~/bin and ~/sbin in my path ... they're self-writable and executable replacements of system tools I want for myself, but not for the whole system (like my setuid copy of cdrecord).

These are easily over-written in an attack situation, and they could be executed as root if I did 'su' instead of 'su -'. I always do the latter though.

Makes no sense (5, Informative)

brunes69 (86786) | more than 8 years ago | (#14598757)

I'm sure there's a hundred things wrong with what I've said, I'm not a hacker--I just like to point out possible security holes.

Let's dive into what *is* wrong...

First of all, files in your home directory are normally not in your $PATH on any Linux system. Anyone who has their system set up like this, *let alone* having their $HOME have priority over /sbin and /usr/sbin, deserves to be shot.

Secondly, a webserver should (and does by default in any distro I know of) runs as the nobody/httpd/apache/someone user, and does not have a home directory. So any exploit in the web server would not allow you to write a 'la' binary anywhere.

Third, your whole attack scheme is just a big run around for no reason. If you can write a binary called 'la', why wouldn't you just write it as 'ls' in the first place, istead of crossing your fingers and hoping he mistypes? And if you can write a binary to disk, you can also obviously execute it, so why don't you? Why would you wait around? Is it because you hope someone is going to log in as root and run it? Because if that is the case, you will be way out of luck, because root *never* has $HOME in his path (and the webserver shouldn't be able to write to /root anyways).

This isn't how these kinds of attacks work... what *usually* happens is, the buffer overflow allows one to write and execute files as the unprivilidged user. The cracker attacks and does this to gaina remote shell on the machine, as this unprivilidged user. They then use this shell to try to find holes in other system services that may not be remotely exploitable, for example say mysql or postgresql. If mysql is running locally and not set up right, they could use it to gain full superuser privilidge by SELECT'ing to a file. Then, all bets are off.

A Slashdot Orange (5, Funny)

eldavojohn (898314) | more than 8 years ago | (#14598849)

Makes no sense
*a dazed author of the GP lies under an overpass, gleefully singing about possible Linux/Unix flaws*

Alexander "brunes69" de Large: Oy! Lookie what we have here, droogies ... someone who's trying to relay a point without including a complete manual on how to do it!
Droogies: [in unison] HE FORGOT ABOUT PERMISSIONS!
Alexander "brunes69" de Large: [bending over with his cane against his cod piece] That's right. And what happens to slashdotters we viddie that make mistakes?
Droogie A: We brow beat them into a bloody pulp ...
*Alex and the droogs continually beat the poor slashdotter while emitting "Singing in the Rain"*
eldavojohn: Please ... oof! ... I tried to warn you that I don't write viruses for a living!

Re:A Slashdot Orange (0)

Anonymous Coward | more than 8 years ago | (#14598893)

You don't have to be a 'hacker' or write viruses to understand basic UNIX security concepts. Buffer overflows are pretty easy to understand also, and we all do understand them, everyone except you that is.

Re:A Slashdot Orange (1, Offtopic)

eldavojohn (898314) | more than 8 years ago | (#14598935)

*relishing the only self esteem that Dim gets in life, he drives a crude shank into eldavojohn's throat and puts on his AC mask as he hears police moderator sirens in the distance*

Re:Makes no sense (1)

danidude (672839) | more than 8 years ago | (#14599156)

Secondly, a webserver should (and does by default in any distro I know of) runs as the nobody/httpd/apache/someone user, and does not have a home directory. So any exploit in the web server would not allow you to write a 'la' binary anywhere.

Not even in /tmp?! (but i see your point)

Re:Makes no sense (1)

muhgcee (188154) | more than 8 years ago | (#14599168)

Third, your whole attack scheme is just a big run around for no reason. If you can write a binary called 'la', why wouldn't you just write it as 'ls' in the first place, istead of crossing your fingers and hoping he mistypes?

I think the point is, pick something that isn't a real command ('la' seems to ring a bell though...not sure where) because if your working dir is in your path, then it isn't likely to be first in your path. So making the executable file called "ls" won't actually have it run unless you type the full path anyway.

Re:Fuzzing and Obfuscation (1)

TheSkyIsPurple (901118) | more than 8 years ago | (#14598989)

>One more thing about the article, the beauty of OSS is that it is impossible to implement security through obfuscation [wikipedia.org]--a major pitfall to security in application design. Careful with the word impossible. Can you really guarantee that for every OSS project, there are enough people looking through each bit of code trying to look for any "security through obscurity"-type issues? If there are 1,000 submitters, most of whom are working on features, can you guarantee that everyone's code is getting audited? That there is no code where they all thing to themselves "Well, there are enough other people on this... I really don't need to look in here, I have better things to do." Not saying it is epecially prone. I'd even be willing to say it is less prone, but I don't think you can say "impossible"

Re:Fuzzing and Obfuscation (2, Insightful)

TheSkyIsPurple (901118) | more than 8 years ago | (#14599028)

>One more thing about the article, the beauty of OSS is that it is impossible to implement security through obfuscation [wikipedia.org]--a major pitfall to security in application design.

Careful with the word impossible.

Can you really guarantee that for every OSS project, there are enough people looking through each bit of code trying to look for any "security through obscurity"-type issues?

If there are 1,000 submitters, most of whom are working on features, can you guarantee that everyone's code is getting audited? That there is no code where they all thing to themselves "Well, there are enough other people on this... I really don't need to look in here, I have better things to do."

Not saying it is epecially prone. I'd even be willing to say it is less prone, but I don't think you can say "impossible"

Re:Fuzzing and Obfuscation (0)

Anonymous Coward | more than 8 years ago | (#14599145)

Ilja's the best. I don't know any other security professional doing such good work when it comes to fuzzing. Really. If I wasn't living in the Land of the Free I'd marry that Belgian guy.

What is Fuzzing? (5, Informative)

PlayCleverFully (947815) | more than 8 years ago | (#14598583)

Many of you may be unfamiliar with the term "fuzzing."

I was when I read the article and have done some research and fuzzing is:

What is fuzzing?
- Sending semi-random data to an application
- Semi-random: good enough so it'll look like valid data, bad
enough so it might break stuff
- When people hear "fuzzing" they imediately think http, THERE IS MORE TO FUZZING THAN JUST HTTP !!!
- You can fuzz:
-- Network protocols
-- Network stacks
-- Arguments, signals, stdin, envvar, file descriptors, ....
-- Api's (syscalls, library calls)
-- Files

In general, most of the time it is a waste of time, but if you are "lucky" you could find a vulnerability and maybe with a little more research a way to exploit the code.

More information can be found at this PDF Article - http://static.23.nu/md/Pictures/FUZZING.PDF [23.nu] (Very Large 90+ Pages)

Re:What is Fuzzing? (1)

xtracto (837672) | more than 8 years ago | (#14598829)

Posting wihtout reading the article.

When I was at College I spend some of my time cracking software and learning about hacking. For me, the *real* sense of doing that was because of the challenge to reverse-engineer the code. The same was applied for smard cards protocols R.E. (which may be consider hacking =o)).

Now, if we talk about open source applications, I won't say it is "hacking", I would name it more as "code auditing", because, if you find a bug on any given OSS application by seeing at the listings, it is trivial to use it as oposed to the closed source techinques.

I remember creating my frist keygen (a Winzip keygen woohoo!); doing it was cool because of the challenge of running the debugger (w32dasm in that case) and "understanding" the assembler routines (you got to love assembler for that). In contrast, if you have an open source program with the routine, of course you can hack it, but, there is no excitement on doing that... as it is very easy.

Re:What is Fuzzing? (3, Funny)

trandism (835011) | more than 8 years ago | (#14599088)

Posting wihtout reading the article.
what makes you thing it's so important to let us know... We all do that for christ's sakes

Re:What is Fuzzing? (1)

TheKubrix (585297) | more than 8 years ago | (#14598886)

so you did some reasearch within the 3 minute time frame from when the story posted and your comment?

Fuzzing... (-1, Offtopic)

xSquaredAdmin (725927) | more than 8 years ago | (#14598587)

or using a technique called 'fuzzing'. Anyone want to explain what this 'fuzzing' is? Sounds like it's got something to do with furries...

Re: Fuzzing... (5, Funny)

Black Parrot (19622) | more than 8 years ago | (#14598618)

> Anyone want to explain what this 'fuzzing' is?

For teenagers it means to skip shaving for a few days.

Not sure how that helps crack software, though. Maybe it gives you a 1337 look that inspires more experienced crackers to share their secrets.

Re: Fuzzing... (1)

Minwee (522556) | more than 8 years ago | (#14598918)

Haven't you seen the movie "Hackers"? When you're breaking into computers the _only_ thing that matters is how cool you look.

In other news... (4, Insightful)

HaloZero (610207) | more than 8 years ago | (#14598592)

He's got the same general (valid) outlook that the rest of us have: open-source code is easier to tinker with because you can see how and why it works. That is an intrinsic element of having open-source code.

Just because Mitnick has said what thousands - neigh - millions have said before, doesn't mean it's new and exciting. Doesn't make it news.

Nay (0)

Anonymous Coward | more than 8 years ago | (#14599148)

straight from the horse's mouth

Umm, yeah... (0, Redundant)

HokieGeek (753741) | more than 8 years ago | (#14598595)

kinda stating the obvious, isn't he? "OSS is easier to hack because it's OSS, which is easier to hack becuase it's OSS, which is easier to hack...."

one question, just for clarification, when he says: "source is more secure, but leaves you wondering questions if enough people are really interested in securing open source code." what he's saying is that it *could* be more secure, if people would care enough about security? i'm not trying to be a smartass, i'm truly confused.

Master of the obvious! (4, Funny)

gasmonso (929871) | more than 8 years ago | (#14598597)

"Mitnick says that open source software is easier to analyse for security holes, since you can see the code."

Once again proving his technical prowess!

http://religiousfreaks.com/ [religiousfreaks.com]

Re:Master of the obvious! (-1, Troll)

erick99 (743982) | more than 8 years ago | (#14598667)

So many clever comments disguising so much . . . well . . . envy.

Re:Master of the obvious! (1)

nomadic (141991) | more than 8 years ago | (#14598754)

" So many clever comments disguising so much . . . well . . . envy."

Envy of what? I don't think parent wished he were a convicted felon too.

Re:Master of the obvious! (0, Troll)

erick99 (743982) | more than 8 years ago | (#14598925)

I think the parent, and many others, wish they had some fame, a good job, and other such things. Nice try, though.

Re:Master of the obvious! (0)

Anonymous Coward | more than 8 years ago | (#14599128)

For being a Slashdot troll, that seems to include you as well. :-)

Re:Master of the obvious! (1)

erick99 (743982) | more than 8 years ago | (#14599179)

Nah, trolls hide their names and sign AC (as you did). I annoy people (with the truth) pretty much up-front.

Re:Master of the obvious! (4, Insightful)

sbrown123 (229895) | more than 8 years ago | (#14599243)

I think the parent, and many others, wish they had some fame, a good job, and other such things. Nice try, though.

Wow, I have a better job than Mitnick, make more $$$ per year than him, don't have to fret with the fame, and I still think he knows less about hacking in todays world than I do. And I've never hacked a system in my life! But your like most lemmings today who believe that if a person roams around talk shows and writes some books on hacking that it he/she must be the defacto guru of hacking. Please. Thats like saying somebody that robbed banks 60 years ago are all-knowing-pros at how to rob the high tech banks of today. Time changes, and with it so do people.

Re:Master of the obvious! (1)

smchris (464899) | more than 8 years ago | (#14598868)


Or social intelligence. Since hacking proprietary code is a felony via the DMCA, he'd probably spend quite a bit of time indoors as a repeat felon.

Re:Master of the obvious! (0)

Anonymous Coward | more than 8 years ago | (#14598894)

Don't you love it when criminals capitalize on the fame their acts bring about.

Prefers? (1, Insightful)

Black Parrot (19622) | more than 8 years ago | (#14598600)

I wonder what he means by "prefers". Is it more fun to sit around reading someone's crappy code than to use the trial-and-error approach crackers use with closed-source software?

The empirical evidence suggests that people don't have an especial lot of trouble cracking CSS.

I guess if you have the source you can grep for reads and examine them for overflow vulnerabilities, but I wonder how much easier even that would be vs. just trying it.

Ask a hacker a question, get a hacker answer (3, Insightful)

AKAImBatman (238306) | more than 8 years ago | (#14598602)

Famous hacker says it's easier to find holes when they let you look at the source! News at 11!

Is this really all that suprising? If you've got a mentality of "how can I break this?" it's much easier to figure out how if you can look at how it's built. Unfortunately, having a hacker able to look at a system is not the same thing as having the original designers catch the issue. If you wait until hackers get ahold of it, they'll find ways to exploit the problem before the patch is in wide distribution. That's what makes this dangerous.

Thankfully, the majority of those who are looking at the code have less selfish reasons, and are happy to share any issues they see. Thus the "many-eyes" philosophy depends heavily on the good will of the common man. Personally, I wouldn't have it any other way. :-)

is it just me? (1, Offtopic)

revery (456516) | more than 8 years ago | (#14598625)

Is it just me, or does Kevin Mitnick (I'm assuming that's Mitnick in the article) look an awful lot like a young Steve Guttenberg [google.com] ?

"Software Academy" coming to a theatre near you?!?

obvious but often denied (0, Insightful)

Anonymous Coward | more than 8 years ago | (#14598630)

Come on now, how many times have I seen the same statement greeted with derision here?

Re:obvious but often denied (1)

aCapitalist (552761) | more than 8 years ago | (#14598751)

The Capt. Obvious comments you've seen here are really "yeah, we can't really deny it since Mitnick is saying it, but we don't like talking about it anyway because it messes with the religion"

Err, no. (4, Insightful)

Paradox (13555) | more than 8 years ago | (#14598916)

Look, everyone knows that opening your source is a double-edged sword. It's not like your intent to open source summons the Buffer Overflow Fairy who magically waves their Valgrind wand and your code is perfect. The whole point is to get the bugs out in the open so that everyone can see them and patches can be submitted by a larger number of contributors. The idea is that it gets rid of the bugs faster.

The fact that Mitnik says this doesn't damage the case for open source at all. The Captain Obvious comments are just pointing out that Mitnik is just saying, "I like easier work over harder work." Or maybe, "It's really fucking tedious to analyze a binary without the source." Does that stop people from finding bizzare bugs in closed source code? [slashdot.org] Absolutely not.

Dangerous mistake. (3, Insightful)

Mr. Underbridge (666784) | more than 8 years ago | (#14599064)

obvious but often denied: Come on now, how many times have I seen the same statement greeted with derision here?

Now, for what it's worth, much that seems obvious isn't true. It seems like a good notion that open software allows people to more easily figure out how to fix holes. This is certainly true. However, it also makes it easier for hackers to find holes as well.

The fact is, assuming we had two nominally identical projects, one closed-source and one open-source, bugs would be easier to find by *everybody,* good and bad. The question, which Mitnick alluded to, is this - are there sufficiently more good-guy" eyes on the code to ensure that bugs are found/fixed more quickly, to account for the fact that bad guys can find bugs faster?

The answer to that question isn't a guaranteed "Yes." In many cases it works, but I don't think in all. I realize that people around here like the notion of free software. I do too. But that doesn't mean that it works in practice the way it does in theory. We have to actually question how many people are actively maintaining the code compared to how many "bad guys" are looking to exploit it. I think for most projects this ends up working for us, but it's not guaranteed.

In other words, taking for granted that OSS is more secure because it's OSS is a dangerous mistake.

Securing Open Source Code (5, Interesting)

Alcimedes (398213) | more than 8 years ago | (#14598640)

To be honest, when you look at the incentive for securing OSS vs Closed Source code, neither one is all that enticing.

As of now, there's really no penalty with selling code that isn't secure. It's accepted (for some reason) that computer code will have holes, and you really, really have to have a horrible program before anyone will think of ditching it. Even then if it's mission critical (all the more reason to be secure) it seems people are loathe to switch to something else.

So as a coder for a Closed Source app., my motivations would be:

1. Make the boss happy. Get code done.
2. Once program A is done, start work on next money making program.
3. Patch when boss says it's necessary to patch.

For Open Source it's not that much better. The only real motivation to write good code is so that it's either accepted into the project in the first place, and then once accepted everyone doesn't poke holes in your crappy code.

The difference is that people coding OSS are doing it because they want to, so hopefully have a little more motivation to look at the other code in their project. It's interesting to them, so they're a bit more likely IMO to look at it. The person getting paid has no incentive to look at the code (at least while on work time) unless the boss tells them to. Since rehashing old code doesn't usually make money, the only time to look at old code is when a patch is a necessity.

Re:Securing Open Source Code (2, Insightful)

cli_man (681444) | more than 8 years ago | (#14598839)

I agree completely with the parent post. Also I know when I work on any open source projects I make double sure that my code looks right and that I didn't do something stupid because I don't want to get torn apart on a mailling list of my peers.

Also when working on open source it may not be so much that other people are looking over your code for bugs, but that someone might be looking over your code for bugs. I don't know many programmers who like to get shown up on their abilities.

However when working on closed source you tend to just get it working, meet the deadline, and get on with life. Most times you don't have someone looking over your shoulder at each line of code.

Re:Securing Open Source Code (2, Interesting)

kfg (145172) | more than 8 years ago | (#14598846)

For Open Source it's not that much better. The only real motivation to write good code is. . .

. . . called "craftsmanship."

KFG

There's plenty of Milhouse to go around. (5, Funny)

digitaldc (879047) | more than 8 years ago | (#14598647)

Separated [google.com] at birth? [tectonic.co.za]

I'd prefer to hack open source with FEW AUTHORS (5, Insightful)

xxxJonBoyxxx (565205) | more than 8 years ago | (#14598650)

I think I'd agree with Kevin if he said:

"I'd prefer to hack open source with FEW AUTHORS."

There's no doubt that lots of eyes and a security focus have helped Apache, but there's lots of open source shitware (for example, just Google up a list of PHP messageboards) that don't have basic input validation controls, require too much access to the operating system, use plain-text or unsalted MD5 passwords or contain other gaping holes.

Without those extra eyes helping out...yes, many open source projects are easier to hack than similar closed source projects.

Re:I'd prefer to hack open source with FEW AUTHORS (2, Insightful)

kfg (145172) | more than 8 years ago | (#14598949)

. . .there's lots of open source shitware. . .

Indeed there is, and lack of recognition of this is one of the "weaknesses" of OSS, however, let me ask you this question:

How many people run this shitware?

Not much point in spending who knows how many hours going over code that nobody uses. The Mother of all UNIX Holes was found in GNU emacs, because that was someplace worth looking for one.

Thus the code that everybody uses gets harder faster.

KFG

Re:I'd prefer to hack open source with FEW AUTHORS (1)

xxxJonBoyxxx (565205) | more than 8 years ago | (#14599071)

How many people run this shitware?

Often it doesn't matter. For example, if I'm trying to deface site XXX (or inject a form information grabber) and I see that it runs message board YYY, the first thing I do is try to get the source code of message board YYY. In other words, if I know what I'm doing, I'm not using a shotgun/Nessus approach anyway. Instead, I'm first going to drop by as an anonymous web user and see what I can use against you before I fire my first shot.

I disagree with his statement... (3, Informative)

IAAP (937607) | more than 8 years ago | (#14598659)

"... You'd think that with OSS, with more people looking at the code, you're more apt at finding security holes. But are enough people really interested?"

Oh, really? I think so.

In this day and age with all of the security problems (especially with MS), OSS trying to gain market share, I'd think that every OSS coder would be really mindful of any potential holes. Especially if he knew that another developer would be looking at it. I would be really embarassed (if I were a developer) if I got an email saying something to the effect of "Hey dumbass, nice job of preventing buffer overflow there at line: xxx in abcdef.c! Don't worry, no one will EVER exploit that hole!"

Re:I disagree with his statement... (1)

geoffspear (692508) | more than 8 years ago | (#14598872)

Have you ever worked on an open source project?

Did you read every line of code to look for potential security flaws, or did you just write code of your own?

Do you think every single other coder involed in the project read every line of code you wrote, and made sure there was no way it could introduce security holes?

Re:I disagree with his statement... (1)

IAAP (937607) | more than 8 years ago | (#14599044)

Did you read every line of code to look for potential security flaws, or did you just write code of your own?

Do you think every single other coder involed in the project read every line of code you wrote, and made sure there was no way it could introduce security holes?

I would expect that someone would at the very least look at the code that their code is interacting with for blatent holes. I don't expect them to write/run test cases to examine every line of code in the entire builld tree. I would expect it for their module at least. That's proper software developmnt.

My point was that in this day, I would think folks writing code would more conscious of potential security holes in their code - not just writing code and to hell with any potential exploints.

On another point, that might be an interesting OSS project - a security project that does exactly what you have mentioned and write test cases.

Re:I disagree with his statement... (1)

Svartalf (2997) | more than 8 years ago | (#14599121)

Do you think that it'd be any different in a closed source shop? It typically isn't. Closed Source, Open Source, doesn't matter- it's just that it's more likely to happen in an Open Sourced project because there's more of an incentive to do so (Sense of craftsmanship, etc...). In Closed Source, for most contexts, it costs a LOT more money to accomplish a proper and thorough audit of code for security purposes. Typically, it's NOT done unless we're talking about the stuff the Phone Switching hardware vendors field, defense contractors, systems and physical security vendors, and so forth. This is because that task seriously eats into profits unless it's a primary function of the process.

Er.... (0, Offtopic)

segedunum (883035) | more than 8 years ago | (#14598666)

I always wonder my questions.

hack??? (0, Offtopic)

AntEater (16627) | more than 8 years ago | (#14598680)

"Kevin Mitnick (turned security consultant) has come out to say that he'd prefer to 'hack' open source code vs proprietary closed code. "

You may now start the never ending "hacker vs. cracker" terminology debate... ...and as long as we're at it:
Linux is better than windows
KDE is better than gnome
emacs is better than vi

Re:hack??? (1)

s31523 (926314) | more than 8 years ago | (#14598796)

and you forgot: "My dad can kick your dad's ass..." lol

Re:hack??? (1)

aurb (674003) | more than 8 years ago | (#14598826)

No. vi is better than emacs. Also gnome is better than kde. I agree with the rest of your points though.

But of course (-1, Troll)

Billosaur (927319) | more than 8 years ago | (#14598704)

Currently he's penning an autobiography to clear up some myths about himself.

Myths such as: he's a hacker, that he perpetrated any fraud or crime, and that he likes cats, and his wife Muffy is *not* actually a lesbian.

Unfortunate (5, Funny)

Anonymous Coward | more than 8 years ago | (#14598714)

Infamous cracker Kevin Mitnick (turned security consultant) has come out to say [...]

Why does race have to enter every discussion on /.?

Re:Unfortunate (1)

Asshat Canada (804093) | more than 8 years ago | (#14598812)


Sir, I bow before your subtle genius.

security consultant indeed. LOL.

Re:Unfortunate (0)

Anonymous Coward | more than 8 years ago | (#14598928)

Come on, mods! This is the funniest thing I've seen on Slashdot in weeks. Real humour, not some rehash of a stupid Soviet Russia joke, ??? Profit, or anything else that always seems to get modded funny.

I wonder who paid him for this? (0)

Anonymous Coward | more than 8 years ago | (#14598724)

Mitnick is a bit of an tired old turd nowadays, though I suppose to some suits at M$ he must appear to be a l33tHaxor - methinks this is another FUD attack by the Redmond Antichrists on that cancerous, commie, UnAmerican Open Source Movement!

How would it have helped Mitnick? (3, Insightful)

jcr (53032) | more than 8 years ago | (#14598740)

The dude was a social engineer. I've seen no evidence that he ever wrote an exploit himself.

-jcr

Conning != "Social Engineering" (1, Interesting)

C10H14N2 (640033) | more than 8 years ago | (#14598820)

Can we please stop calling common conning "social engineering?" The term itself if a con to make a common shyster seem like a legitimate professional. Unless he was involved in, say, eugenics or public education, this term painfully overstates the actions and qualifications of its practitioners.

mod parent up (0)

Anonymous Coward | more than 8 years ago | (#14599108)

it implies there is science to it when the proponents sound more like motivational speakers who are like "learn my pick-up secrets and you can date any woman you want...." yeah right.

plus, social engineering was as term used to refer to the soviets implimenting central social planning well before mitnick turned it into a little money spinner, so to anyone aware of that earlier usage it sounds dreadful.

Re:How would it have helped Mitnick? (3, Interesting)

cli_man (681444) | more than 8 years ago | (#14598944)

I have often said it is easier to just ask for a password then try and get it brute-force. The same could be said for most any computer security.

I have walked into data centers and gotten let into the server rooms by security without showing any ID, or having an appointment, or even knowing anyone in the building. I could have destroyed a couple million dollars of equipment, put a server under my arm, and waived at the security guard at the front door and they would have just waived back.

Point being, if you want into a network why waste the time going though code looking for vunerbilities or trying to brute force your way in somewhere, just submit a patch with a backdoor or ask for the password. Many times you will probably get in.

As a sidenote, the data center I mentioned above I was authorized to be in there doing work just nobody there knew that. And I am not a cracker, I do work a good bit in computer security though which means testing the systems I put in place.

He couldn't hack en egg timer (0)

Anonymous Coward | more than 8 years ago | (#14598741)

Mitnick's 'hacking' mostly involved social engineering.

He is not a true hacker, just a highly technical con artist.

Re:He couldn't hack en egg timer (1)

frinkacheese (790787) | more than 8 years ago | (#14598798)

Yes, and he's still at it. Only this time he's using his technical connery to con people into buying his books...

His views have been proved empirically... (2, Funny)

QuietLagoon (813062) | more than 8 years ago | (#14598742)

We all have seen how difficult it is to hack Microsoft's closed-source, proprietary code.

Re:His views have been proved empirically... (0)

Anonymous Coward | more than 8 years ago | (#14598856)

Samba seems to be doing just fine, considering they are not far from releasing Samba 4. http://nl.samba.org/samba/news/#4.0.0tp1 [samba.org]

Can't wait till it hits ports as net/samba-devel

Hey I've got mod points! (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14598764)

Q. Should I mod Mitnick 'Insightful' or 'Redundant'?

Why not do something CONSTRUCTIVE? (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14598792)

I fail to understand the obsession with hackers and security!

These people are like art critics.

They can't write great code themselves so they pick apart other peoples. A valuable niche job to be sure, but not deserving of some sort of "star" status of their own.

Why is there not more attention on the great developers? I don't see many interviews of kernel devs......

Re:Why not do something CONSTRUCTIVE? (1)

robgamble (925419) | more than 8 years ago | (#14599113)

Well I thought he was famous because he got caught. There are lots of people who could run circles around Mitnick technically.

Stating the obvious.. (1)

s31523 (926314) | more than 8 years ago | (#14598838)

I feel insulted... Do we really need a "security expert" to tell us that the preference is to hack open source code vs. just binary object code? I mean, come on...

Re:Stating the obvious.. (1)

Spy der Mann (805235) | more than 8 years ago | (#14598896)

I feel insulted... Do we really need a "security expert" to tell us...

Maybe WE don't. But I know of some people who might.. *cough* mcrsft *cough*. :)

From TFA (1)

smitty_one_each (243267) | more than 8 years ago | (#14598864)

He served five years in prison, including eight months in solitary confinement after it was alleged that he could launch nuclear missiles by whistling into a telephone.
Subsequent to his release, when he was among the victims of a restaurant robbery, the perpetrators had no difficulty locating his wallet in their bag of loot...

Re:From TFA (1)

zippthorne (748122) | more than 8 years ago | (#14599241)

Maybe, but why was he walkin' around protecting a breifcase that only contained two orange lightbulbs and a battery?

That's an "interview"? (0)

Anonymous Coward | more than 8 years ago | (#14598885)

A handful of quotes and a 3-line bio synopsis? Gimme a break.

fuzzing (0)

saboola (655522) | more than 8 years ago | (#14598911)

I was once the victim of a fuzzing. It left me walking bow-legged for weeks.

Missed the Point (5, Interesting)

geekyMD (812672) | more than 8 years ago | (#14598951)

All of you who are commenting that this is an obvious idea may be missing the point.

We all know that security through obfuscation in cryptography is stupid: peer review illuminates the crevices the architect never conceived. But is all open source code subject to this same sort of peer review? If you've ever worked on an open source project, how much time to do sit down and pour over the code looking for security flaws.

Essentially, it's the same problem with Wikipedia: peer-review requires 1) the skill of the peers matches or exceeds the skill of the author, and 2) peers are actually reviewing, and 3) peers are trustworthy. It's the second criterion that Mitnick was questioning.

What's more, since it seems like accidental (and very subtle) bugs result in most security holes that don't get noticed. Wouldn't it then be trivial for someone with a great amount of skill to simply insert a hole? Either by subtle manipulation of existing code or by direct implementation in a segment which they are responsible for coding. If its done well, the 'oops, coding error!' excuse could always be proffered in the event the tampering was detected.

If I wanted to attack a system which I knew ran on OSS (and I had mad coding skillz), I think I would try to obtain some method of working on one of their software packages. Either directly or by 'acquiring' someone else's permissions if that was easier. Then I would insert a piece of backdoor code in a little used (or often used-'hidden in plain sight') code segment. Once the next release is running on that system, exploit the code, and get out. Depending on my goals, the operation could very likely be done before a hole is found and a patch is issued. As a small bonus anyone else installing that software would have the same vulnerability. Of course, some user level app won't be able to induce this scenario, but you get the idea.

Proprietary software doesn't have this vulnerability in so much as the programmers are much more tightly regulated by a company who has legal and monetary interests in controlling its code base and holding its employees accountable. (whether this actually happens is another discussion) ;)

For all the self-righteousness of the open source movement, I remain convinced that the primary reason that more open-source packages are not targeted for attack is because they are not an appealing target. Specific implementations are not in popular use (globally), or they are too close to home. Meaning its preferable to attack your enemy than your family.

Dude... (1)

Svartalf (2997) | more than 8 years ago | (#14599073)

Get real... Apache's an appealing target. Which web server has more exploits for it? IIS.

There is absolutely nothing in your little hypothetical situation that couldn't be accomplished in closed source as well- and in actuality, it'd be easier as the audits wouldn't be as intense (Witness the WMF debacle for proof of something that should have been caught that wasn't in Closed Source software.).

Simply put, what you claim isn't. But I'm confusing this discussion by including facts, aren't I?

I think... (2, Insightful)

mangus_angus (873781) | more than 8 years ago | (#14599076)

Mr. Mitnick is forgetting that most people want to see the proprietary software code because it is closed to prying eyes. Where as OSS being open to everyone is less appealing. And any issues that need to be fixed will be in a shorter time due to more people around the globe working on it. Where as with Proprietary software you have a small team working on it. They also have the added task (in Microsoft's case) of it having to be test on many different systems due to the large and various types of machines the software is being run on.

Mitnick may be a smart guy, BUT... (1)

tkrotchko (124118) | more than 8 years ago | (#14599172)

And he may know a few things more than a typical /. person, but his "theory" hasn't held up under any sort of scrutiny.

What I mean is, in theory, he feels he can crack an OSS based box because he can analyse the source code, but in reality, it's easier to crack a proprietary box. So his theory doesn't appear to hold up to simple analysis of what happens in the real world.

It's kind of like the theory that SUVs are safer than other cars, which would appear to be common sense. But it falls apart when you consider real world applications and SUV's are no more or less safe than anything else.

myth about proprietary sofware (0)

Anonymous Coward | more than 8 years ago | (#14599174)

Other people have mentioned this in the past, but I'll say it again. Commercial companies often say, "commercial software is more secure because the business stands behind it. we can perform better security audit than open souce."

On the surface that may be true, but any professional programmer knows that deadlines never or rarely leave time for exhaustive security audits. More often than not, new features get thrown in at the last minute, so any security bug gets hidden deeper and the problem is compounded. Open source doesn't have those artificial schedule restrictions forcing programmers to write crap code. Not that crap code doesn't occur, because it most definitely does. The difference is that with open source, it's likely to be found earlier than later because there isn't an annoying Project Manager telling people to implement one more feature. Even though some users hate it when developers say, "it will be released when it's ready", that mindset leads to better quality.

Which is a great technical advance... (2, Funny)

jpellino (202698) | more than 8 years ago | (#14599192)

"Mitnick was arrested in 1995 by the FBI for hacking. He served five years in prison, including eight months in solitary confinement after it was alleged that he could launch nuclear missiles by whistling into a telephone." ...following the previous 40 years of whistling past the graveyard to deal with nuclear missiles.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...