Reality TV vs Bas Alberts

[Dave Aitel <dave () immunitysec com>]

One thing that's great about the hacker community is that aside from 
when people (*cough*Tom Ferris)  are being coopted by Microsoft to 
pretend that "responsible disclosure" is a industry consensus (which 
it's not), everyone is creating neat artwork. For example, Eldad Eilam 
(who is this guy again?[2]) wrote a great novel on reverse engineering 
called "Reversing". Not only the is the material top notch, it's 
approachable by beginners, and very readable by non-beginners. I even 
learned a neat Ollydbg trick from the screenshot. My only wish is that 
it had more information on finding bugs via binary analysis. It has 
some, but I think there's always room for more. :>

The new Rootkit book by Greg Hoglund, Jamie Butler is great as well, and 
has a fantastic cover to boot.

I think it's neat that five years ago you would have had to be reading 
bugtraq and phracks and actually working to get information, and now you 
can chill on an airplane and just read Shellcoder's, Rootkits, 
Reversing, etc. It's truly a good time to be a recreational hacker!

Anyways, I think the best art out there right now is performance art. 
Gobbles, for example, was the best performance art in the community 
since Fluffy Bunny stumped generations of FBI agents still figuring out 
the difference between a bullet and an IP packet. And right now, I have 
to say, the best performance art is Bas Alberts going to college. If I 
had enough money, I would definately pay to have a camera team following 
him around campus.

Bas, in case you didn't know, is the member of the Immunity team 
responsible for things like the GOCode, a shellcode which steals sockets 
on any platform from Solaris to Win32, PDB, our internal mostly-python 
debugger, "shellshock" where you can pop from MOSDEF to a shell and 
back, or our entire intermediate language for SPARC, or our php_limit 
exploit, etc. We don't hire people based on their collegate degrees or 
certifications, so it just turns out that he's got a degree in 
Journalism, and not Computer Science, as you might expect. So now he's 
going for another degree somewhere in Canada.

Anyways, this semester his classes include Introduction to Unix, and 
Computer Science 101. Every day we get to hear revelations about things 
he learned. For example, the first day of CS101 they made him fill out a 
form where he listed the languages that he already knew. As you can 
imagine with any security professional at Bas's level, he ran out of 
room. In today's Introduction to Unix, Bas learned that Windows, Unix, 
and Linux are all OPERATING SYSTEMS. And, of course, as he left, the 
professor noted Bas's tattoo, which says "rm -rf /" in 3 inch gothic 
text on his leg.

Anyways, the whole team waits with baited breath every day for the next 
installment. :> I've begged for a weblog but Bas is more shy than new 
bunny.[1]

-dave

[1]http://www.bio.miami.edu/hare/shybun.html
[2]http://www.crackmes.de/users/eldad_eilam