今天俺在网上搜东西,居然搜出这个来。俺LG好象没被采访稿发出来过哦,估计是哪个x档案的读者把原稿发出来的。发过来一起看看吧。
俺说明一下,采访对象是hitb(hack in the box)的老大,至于hitb是谁,那我就不知道了[s:70]
与世界级黑客的第一次亲密接触
来源:邪恶八进制信息安全团队
作者:无敌最寂寞(孟方明[-273℃@EST])
superlone:morning buddy.let's get it started.Would you please first introduce yourself?
L33tdawg:My name is Dhillon Andrew aka L33tdawg , I am the Founder and Chief Executive Officer for Hack In The Box(
http://www.hackinthebox.org)
superlone: what is Hack In The Box?is it an organization or a free community?
L33tdawg: actually there are 2 parts to HITB.a community centric portion, and a commercial network security company.the brand and site itself began as a community centric project in January 2000.the main target of the portals
www.hackinthebox.org and forum.hackinthebox.org is to help create a community and resource point for the latest network security news, research and discussions.since 2000 our site has grown to a member base of over 50,000 users,including a further 15000 members in our forum.in 2002 we launched our first security conference called HITBSecConf or Hack In The Box Security Conference.this event was part of our community portal branding and as such was and still remains a non-profit effort organized by HITB with the aid of network security professionals who volunteer their time to help put on this yearly event in Malaysia.the 2002 conference was just a 1-day local speakers only.it was only in 2003 that HITBSecConf went truely international by inviting the entire LSD research group who at that time were also known as 'the hackers who broke windows' for their RPC dcom exploit.HITBSecConf2003 was also the second time in the history of LSD research group that they presented as a collective whole(i.e. all 4 members presenting a paper).HITBSecConf2003 was also the last public appearance by the LSD group which disbanded in 2004.for HITBSecConf2004 we had Theo de Raadt (creator of OpenBSD) and John Draper (aka Captain Crunch) as our invited keynote speakers.this was also the year that Adam Gowdiak (formerly member of LSD) single-handedly broke the J2ME security affecting all handphone makers from Motorola to Nokia, Sony Ericsson etc.in 2005 we had Mikko Hypponen (F-Secure Corp) who presented on the future of Mobile viruses, we also had Tony Chor (Group Program Manager for Microsoft) presenting for the first time to the public the new security features within the IE 7 web browser.
superlone: why did you create HITB?i mean what first drew you into creating HITB?
L33tdawg: that's a good question actually .at the start in 2000,it was just as a hobby to create a website / project for me to keep busy and have 'something to do'.i actually wanted to emulate hackernews.com(now defunct).but with a slight twist being that we had an e-zine that we intended to publish monthly.if you look at hitb e-zine from issue 1- 12,you will see we had an article called "A year in the box" which actually talked about the first 12 months of our site's 'life'.
superlone: well,the HITB is now growing more and more stronger and perfect,so can you talk about your next plan for HITB?
L33tdawg: this years plan for HITBSecConf2006 ......well we are actually moving into doing more trainings outside of our conference,as such we are only having 1 HITBSecConf in 2006, in Malaysia only (in 2005 we did HITBSecConf Bahrain and HITBSecConf Malaysia).the plan for 2006 includes keynote speakers Bruce Schneier, Mark Curphey and John Viega.
other cool and notable speakers we've invited include Raoul Chiesa, Van Hauser (THC), Philippe Blondi and several other well known computer security researchers.and we hope to see some submissions from researchers in Asia and Asia Pacific submitting their research ideas (China, Korea, Japan, Philippines, Singapore, Malaysia, Thailand, Indonesia and Australia).our Call for Papers will open on the 27th of February 2006
superlone: for HITBSecConf2006,does it have a main subject?if it does,what is it?
L33tdawg: we never have a main subject for our conferences (yes quite different from other events).the main criteria is that the conference will have the most cutting edge and latest research papers for both attack and defense.when you come to a HITB conference you can be sure you will learn something new and most likely will be just BLOWN AWAY by some of the deep knowledge technical presentations.also because we are a non-profit conference, we always aim to keep the conference affordable for individuals as well as students.for access to our 2-day 2-track event, individuals are charged an early bird rate of USD90 (normal USD120) and students pay only USD45 - USD50.do note that the cost to us to fly down and house over 24 international speakers plus have a conference in one of Kuala Lumpur's most prestigious hotels is not cheap.as such we depend on corporate sponsors to help us put on this conference and to 'keep knowledge free'.that being said though, HITBSecConf is not a 'marketing' conference -- all presentations are screened to ensure 0% vendor pitch -- all sponsors will be exhibitors at our exhibition area in which attendees will find all marketing materials and can ask any questions they want regarding the sponsors proudcts and services.
superlone: OK,and if someone wants to attend HITB conference,what should he do?please briefly introduce the steps to join the conference,OK?
L33tdawg: well our online registration page and payment gateway (credit card) will open in March / end of March so users can simply go to conference.hackinthebox.org or conference.hitb.org to register online.
superlone: ok.after the HITB talking,now let's turn to talk about yourself.do you consider yourself to be a hacker?
L33tdawg: i would say yes.before i came to work on HITB full time,I was involved with network security work in various capacities.
superlone: In order to be a hacker ,except for the professional techniques,what else do you think we need to learn?
L33tdawg: depends on what you consider to be a hacker.i think at the end of the day anyone with a passion to learn and discover more about computers and how they work / function can be considered a hacker.not specifically just those who 'break' security,but those who tinker to create something cool.
superlone: as for chinese secuirty industry,how much do you know about it?about chinese hackers and the level of chinese hackers?
L33tdawg: well on the industry aspect i don't really know much.as for chinese hackers we are affiliated with XFOCUS which imho has some of the best researchers.remember that it was the XFOCUS guys who were the first to turn LSD's RPC DCOM research into a working exploit targetting all Chinese version of Windows.
superlone: what other chinese seucurity groups or communities do you know besides XFOCUS?
L33tdawg:apart from XFOCUS, i know you are from
www.eviloctal.com.well i'm sure there are many, but seeing that i do not read or speak Chinese, it is a bit difficult to make contact.
superlone:How did you get into the field of Hacking & Security?
L33tdawg: well i got my first computer when i was 12 years old.before this i had been always interested in electronic stuff (VCR etc).from the time i got my first computer i was already 'hacking' in the sense of having to figure out how to get more RAM from my machine so the games would load. my first computer was XT 8088 running at 4.77 MHz with 640KB RAM, 2 x 5.25 floppy drive (360 KB) no HDD.heh,anyway since i was always looking to get more hardware and upgrade my machine. i got a part time job at the local computer shop when i was around 14/15 years old.of course they didn't pay money but they let me work for hardware which was good enough for me at the time -- so working in that shop i got to get better machiens 286, 386, 486, 486 DX2, etc etc.at around the time i was working in the shop,so i started exploring more about networking and how tcp/ip works etc.when i was 17 i was 'hired' by the Petroleum Geoscience department of a university to maintain their UNIX and Windows network.after 18 i actually stopped doing network security stuff and became a writer / journalist.from 98 till 2001 i worked in various publications including PC World, Computer World, HWM, IDG, etc。working as a writer up till being technical editor.from 2002 - 2004 i went back to work (normal job).in 2002 - 2003 i was working in a .com company specialising in SMS technology i was their CTO.in 2004 i went back to working on HITB full time,from 2004 till now i have been working on doing HITB stuff.
superlone: oh...i see.very wonderful experience.well,what operating systems do you work with and what is your favorite?
L33tdawg: well i use Linux (mainly on my servers).although i have old G3 ibook with Gentoo PPC,that i use for checking my e-mail and chatting (like now).i also have Windows XP workstation and a compaq evo n610c with OSx86.currently OS X is one of my favourites,its really a very wonderful operating system,very well designed.
superlone:you know in china,there are young people crazy about hacking.so what do you think of it?
L33tdawg: well i guess that they have a passion and an interest is good.BUT they need to remember that their actions have consequences and with power they need to have control .they must use their knowledge with the proper intentions.
superlone:ok,thanks for your advice.and the world is changing fast as well as the network security industry.many people including me wanna take jobs in network security field.any advice?
L33tdawg: once again you have to be TRULY interested and have a passion for network security and technology.don't get into it just because you think it will make you money.whatever job you do, you must LOVE it -- only then will you be able to put 110% of your effort into it.as for actually getting a job in network security,remember that your basic degree is worth almost nothing,since EVERYONE have basic degree.so you need to make sure you have something that others don't have.
maybe take an extra certification or course to improve your skills.learn a new programming language or start a project on your own (maybe to create a simple port scanner or simple tcp listener) . this way you can learn something new and also how to apply that knowledge in a real world situation.
superlone:thank you very much.you give us a very charming interview.well ,at last as usual,Anything you would like to say/advice to the readers?
L33tdawg:Never stop learning ! i can't really think of anything 'cool' to say lol !thanks for taking the time to interview me.i hope you got the answers you were looking for.
superlone: no i should thank you!would you please leave a contact way or email.i think there will be many people wanna talk to you.
L33tdawg:dhillon@hackinthebox.org or actually use
l33tdawg@hackinthebox.org.got enough spam on dhillon@ !!!hahahahh!see you,bro.
superlone: see ya,bro!
为了尽显原汁原味的采访,特将英文采访贴了出来,关于该采访的中文翻译,详见黑客X档案2006年第3期黑客人物面对面栏目
