https://readtexts.org/security/w00w00-interview-with-mindw0rk/ ReadTexts About artwork computers conspiracy humor news security survival w00w00 Interview With mindw0rk Added: Nov 12th, 2022 Published: Nov 8th, 2003 Author: Shok & mindw0rk Original Text Wikipedia Wikipedia: w00w00 (pronounced whoo-whoo) was a computer security think tank founded in 1996 and still active until the early 2000s. Although this group was not well known outside Information security circles, its participants have spawned more than a dozen IT companies. The two most famous examples are WhatsApp, the messaging service, and Napster, the pioneering file-sharing company. The official website, explicitly states "there are no members only participants," which at one point included over 30 active participants and spanned 12 countries on five continents. When I, trying to learn more about the world of computer security, asked knowledgeable people which security group is the most authoritative, they answered me: "w00w00". When I asked which is the biggest and most influential - they answered me "w00w00". They answered me "w00w00" when I didn't even have time to finish my question. Now guess who is our guest today? I asked a person who was one of its founders and for whom w00w00 is far from just a name to tell about the group. This is a young, talented guy, whom we will probably hear more than once. Meet - Shok. Shok About w00w00 mindw0rk: Hey, Shok! So, are you ready to shoot? Shok: Of course. Come on, what do you have there? mindw0rk: First of all, tell us about the band in general terms. How it all started, how it changed and what w00w00 is now. Shok: It all started in 1998, when a friend and I decided to make ourselves a private forum for communication, where we could discuss network security issues together. Over time, the discussion grew and we invited familiar guys to participate in it. Topical topics were discussed, conversations were productive, and our ranks were gradually replenished with new smart people, who were brought in by the active inhabitants of the forum. An invitation has always been the only way to get on the team. If one of us invites another person, this means that he vouches for him, completely trusts him and believes that this person can benefit others. w00w00 generally rests solely on trust. After all, how can you discuss important issues and serious research with people you don't know or whom you doubt? By the way, I don't think that w00w00 can be called a band now. We don't even have official members left. We are more of a group of friends united around a forum. mindw0rk: When you say forum, do you mean www forum or IRC? Shok: IRC mindw0rk: And how many people do you usually hang out there? What topics are you discussing? Shok: There are more than 30 people on the forum at all times, although some may be [away] (usually due to time difference). We discuss everything. For example, if someone is doing research in a certain area and has encountered a certain problem, he can share it with us and we will think about solving it together. Or, if one of the participants has found a new bug, we can write an exploit together. Recently discussed the ethics of hacking and areas of research for w00w00 members. By the way, as a result of such discussions, our article on "heap overflow" appeared, as well as documentation on the vulnerabilities of AOL Instant Messanger and Dalnet ircd. mindw0rk: Do you communicate exclusively on the forum, or do you sometimes go out to reallife hangouts? Shok: Of course we're getting out! We periodically hold collective meetings, which we call w00diner. It's just great when there is an opportunity to meet friends and just chat. Most often we gather at large security conferences like Defcon. I still remember with pleasure the lunch we had together in Las Vegas and the recent meeting in San Francisco. It's always fun and interesting. mindw0rk: How many people are on your team now? Tell us a little about the team. Shok: I don't know the exact number of members, but something in the area 30-40. All are very talented, smart guys. Most of the people are from the USA, but there are members from Europe, Australia and a few other countries. The average age in w00w00 is about 24. The youngest member is 19 years old, the oldest is over 30. mindw0rk: Do you have many guys from Russia? Shok: Of those who participated in the discussions on the forum - three (although I don't see them very often): stranjer, solar designer and freelsd. mindw0rk: Which w00w00 is the most active? Shok: I don't think there is much difference between active and inactive group members. It's just that some prefer to share the results of their research with the world, others do not. Personally, I always publish my findings, therefore, from me the official releases of w00w00 came out the most. But this does not mean at all that I am smarter or more competent than the others :) mindw0rk: Does w00w00 have an organizer? What is the overall atmosphere like in the group? Shok: We don't have any official structure, strict rules or leader. Everyone is minding their own business. Anyone who has access to the forum has the right to post their work under the w00w00 label and represent the interests of the group. Unless, of course, it somehow offends other participants. mindw0rk: Were there times when you kicked someone off the team? Shok: I remember only one such case. This happened because it was difficult to find a common language with that person, and many simply did not trust him. And if there is at least one person in w00w00 whom you don't trust, one of the conditions under which it's so great in a group breaks down - the opportunity to talk frankly. However, after a few months, the incident was settled and the guy returned to us. mindw0rk: Many consider w00w00 to be one of the most reputable security groups in terms of knowledge. How do you assess the professionalism of your colleagues? Shok: The level in the team, of course, is different, but most, I think, are quite qualified specialists. True, not everyone was invited due to in-depth knowledge. There were cases when we accepted a person who was just starting to study computer technology (naturally, not a complete teapot), but who had some useful skills or was simply nice to all of us. mindw0rk: Who came up with the name of the team? w00w00 stands for something, is there any subtext in it? Shok: No. The name was born as a result of playful chatter on the forum. I don't even remember what the conversation was about. We just liked the word and we decided to christen ourselves that way. And that, IMHO very much even sounds. w00w00! :) mindw0rk: Do you keep in touch with other security groups? Shok: There are many bands in the world that we have good relations with or simply respect. I think the guys from TESO and HERT are closest to us. Many of us are also members of the ADM group. But it seems that ADM has ceased activity or gone underground. Of course, we also have opponents. For example, the PHC organization, which resents the fact that we call ourselves white hats and negatively perceives our public reports of vulnerabilities. mindw0rk: As far as I know, what w00w00 does is more like gray hats. Shok: Possibly. But we're still better known as a white hat team ;p Although, we probably shouldn't unequivocally attribute us to any particular category. There are many people in the ranks of w00w00, each of whom does what he likes. mindw0rk: How many found bugs do you keep aside from the computer world? How long does it take for you to report a new vulnerability? Why do some holes become public, while others do not? Shok: It all depends on the situation. In the past, we sometimes did not contact the development company at all. Now we have become more responsible and, before posting information on the Internet, we first contact the company and give it time to patch up the holes. Unless, of course, they agree to cooperate with us. mindw0rk: And how do companies usually react when you tell them about the holes in their software? Shok: Most of them still care about the safety of their products and greet us in a friendly way. But there are exceptions. An example of interaction with a developer is the recent incident with Microsoft. One guy who is not a member of w00w00 found a vulnerability in Mac OS X Office and contacted tech. product support and reported their findings. But Microsoft employees did not respond and did not react in any way. Then we intervened. This happened just a couple of months after the release of our report on the AOL IM vulnerability. We sent to those. support documentation containing information about all the holes found in the "Office" and told the guys from Microsoft that we were going to release it on the network if they did not take care of the patches. And at the same time they asked why they ignored Josha's warning (that was the name of the guy who first discovered the vulnerability). In the security department of the corporation, they tried to hang that they did not receive anything and did not know any Josha at all. But he kept correspondence with the employees of the corporation. In general, in the end, the guys from Microsoft said that, they say, this happened as a result of internal strife and they are ready to start patching holes :) mindw0rk: Did someone deface sites on behalf of w00w00? Do you… uh… test military and government computer systems? Shok: On behalf of w00w00, there has never been and never will be a deface - that's not what we do. We also did not "officially" investigate government networks. Although, I don't know about individual members. Maybe someone did this in their free time. mindw0rk: w00w00 has some motto. Well, something that would express a collective idea, spirit. Shok: Not official. Although, sometimes we fool around on the forum and invent all sorts of slogans for ourselves. Like: "How do the w00 that you do?", "Got w00?", "Once a w00 always a w00", "w00w00 world domination". But this is all, of course, pronounced in jest. :) mindw0rk: What about the band's logo? Shok: We don't have an official logo either. Just don't want to waste time on such nonsense. The logo that appears on w00w00.org was drawn by Napster two years ago, when his company was not yet so big. To be honest, we generally do not support the site at all now. Sometimes we receive offers from the outside to change the design for free. If a person is trustworthy, we are happy to agree. mindw0rk: Tell me more about w00giving. As I understand it, this is a kind of collection of releases prepared by members of w00w00? Shok: Yes. At the end of 1999, from November to January, we prepared one report every week. But there was not enough time to publicly release them. Therefore, in January 2000 we decided to release all advisors in one heap and called this pack w00giving'99. Unfortunately there was no second w00giving as everyone is too busy right now. mindw0rk: You have a w00w00.mp3 file on your site. What is he and what kind of hryundel is yelling there? Shok: This is a performance by an American comedian who shows drunk people. He says that w000000 is the only international word that all drunks say :) mindw0rk: Shok, have you ever thought about going from a non-profit organization to a commercial one? What is holding you back from it? Shok: We will never become a commercial organization because that would destroy all the principles that w00w00 is based on. Most of our guys are already working in the field of computer security. And if we become engaged in commerce within the group, there will be a conflict of interest. People simply won't want to share information until they're paid. There will be confusion and eventually w00w00 will fall apart. mindw0rk: What can the future of the computer world expect from w00w00? Shok: I don't think we'll be releasing a pack of w00givins in the near future, although we might have some interesting talks in the next 3-4 months. It is unlikely that the group should grow further - we already have quite a lot of members and, if we continue in the same spirit, the issue of trust can be quite acute. Over the past two years, we haven't spoiled the network with new releases so often. Again, many people have a problem with free time. But I hope this changes soon. Shok About Himself mindw0rk: Why am I all Shok and Shok? Do you have realname? Shok: I'm Matt Conover. :) mindw0rk: Tek-sir, the name is sorted out. And tell me something else about yourself. How old are you, where do you live and what do you do? Shok: I'm 20 years old. I live in the United States of America. I study at the institute in two specialties at once: mathematics and computers (already halfway to my diploma). For the past few years I have been working in the field of computer security. mindw0rk: And how did you find yourself in this very world of this very security? Shok: I got my first computer back in school, at the age of 11. At first, like everyone else, I was engaged in nonsense. A few months before his 14th birthday, he switched to Linux and began to learn C programming. The hobby for computer security began in the same year. I found it very interesting and exciting. It was a challenge to technology that was exciting in its own way. Having entered the script-kidder phase as a teenager, I delved into research - finding new attack techniques and preventing them, learning new technologies (such as .NET), etc. At first, I wandered through IRC hacker channels, where I made acquaintances with people who knew more than me. Through them I met others. So gradually got involved. mindw0rk: How long did it take you to finally recognize yourself as a good specialist? Shok: A year and a half or two. First I had to learn C and Unix, then x86 architecture and assembler, and finally learn to understand exploits and be able to write them myself. mindw0rk: How did you manage to master all this? Shok: I read a lot of serious online documentation (like Phrack magazine), bought smart books, looked at exploits on Packetstorm and Rootshell sites, trying to understand them. I have always believed that it is best to learn from your mistakes. If I manage to do something the first time, I will immediately forget about it. But if a problem arises that I struggle with for an hour or two, I will, of course, remember the solution for a long time. mindw0rk: What does w00w00 mean to you? Shok: In w00w00 I am from the very beginning and loved every minute of life in it. I learned a lot from the other members of the group and many of them became my best friends. mindw0rk: What do you usually work on and what programs do you use for research? Shok: I often use UNIX systems (Linux, Solaris, FreeBSD) and Win2000. I don't have a favorite OS, it all depends on what I want to work on on a given day. The tools I use are vi, gdb, gcc, SoftICE, IDA, Visual Studio and a web browser. mindw0rk: What kind of car do you have at home? Shok: I have two computers at home: a 133rd Pentium with three <4 GB screws each and a more modern P3 800 MHz with an 8 GB screw. Such junk :( Although, I practically don't work for them at home. Because I rarely appear at home. mindw0rk: What is your favorite thing to do on a computer? Shok: First of all, of course, research in the field of inet security. In second place is software engineering. mindw0rk: How serious is computer security in the US? Shok: Seriously enough, especially after 9/11. We now finally have a full-fledged cybersecurity group. I'm not sure about the competence of these guys - I didn't look closely at them. But at least they try to do their job. Here, by the way, there is an opinion everywhere that the guys from the FBI and CIA have to work on antediluvian computers, and their level of knowledge leaves much to be desired. It may be true, but my opinion is that they are much more technical than people think. Of course, the rumors about their incompetence play into the hands of the feds and they are in no hurry to dissuade the people. Someone can get into government networks and come out unscathed, thinking that administrators and secret service agents are mugs. But I think these guys are just watching and waiting for bigger prey to come out of the shadows in time to put on handcuffs. By the way, we discussed this topic a couple of weeks ago :) mindw0rk: About the qualification.. what do you think is the best way to get it? Shok: Patience and work will grind everything :) In addition to reading documentation and books, it is useful to make acquaintances with knowledgeable people - they can help at first. IMHO one of the best forums on the internet - http://www.thehackerschoice.com/forums. The guys from TESO and THC have good knowledge and are always ready to help. However, we also usually lend a helping hand when we are approached. Another good place to get answers to questions is the securityfocus mailing lists: http://online.securityfocus.com/cgi-bin/ sfonline/subscribe.pl mindw0rk: But what about the official sources of knowledge? I mean universities. What institutions do you think provide the best computer education in the world? Shok: Sure, it's Massachusetts Institute of Technology (MIT), Carnagie Mallon University (CMU), California Institute of Technology (Caltech), Georgia Tech, Berkeley Institute, Michigan State University, Illinois State University, and the Davis Institute . mindw0rk: Is it even worth it? Learn so many things, become a specialist… :) Do you think this will be in demand in the near future? And where is the best place to make money, an overly cool expert in the field of computer security. Shok: It's probably the best place to make money in the US. It's just that the economy and the technical industry are well developed here. As for being in demand, a good specialist does not have to worry about it. In our country, for example, there is now a serious shortage of security experts. I think this picture is typical for all developed countries. mindw0rk: So where are you going to work in the future? Shok: I like doing computer security and I'm going to connect my life with it. I just want to get a full time job. Perhaps the best place would be a research group of some institute. Such as CITI (citi.umich.edu), for example. They pay less than in companies, but you get disproportionately higher pleasure. mindw0rk: As new vulnerabilities and attacks emerge, new defenses are constantly being developed. Can you talk about the modern ways that development companies protect their products? Shok: Companies have been releasing more and more "one-size-fits-all" products lately. For example, host-based systems have recently appeared to prevent network attacks that block the reading / writing of an unprivileged process into the memory of a privileged one, thereby preventing it from running in "left" applications. Also my buddy Oded recently wrote an article on how to detect type of integer overflow attack via gcc patch. I'm not sure what direction computer security will take next - wait and see. mindw0rk: Do you think it's possible someday in the future to create something that can't be hacked? Shok: I don't think big programs will ever be fully protected. I can take utilities that I wrote 3-4 years ago and find holes in them now. In addition, new types of attacks are constantly emerging. Until recently, people did not know what stack buffer overflow, heap buffer overflow, integer overflow, format string vulnerability, symlink attack or impersonation vulnerability are. I think that no matter what the developers of protection systems have prepared for us, craftsmen will always be able to pick up a master key. mindw0rk: What operating system do you consider the most secure? Shok: I would give first prize to the OpenWall (OWL) system developed by Solar Designer with nergal and others. Runner-up for OpenBSD, with Dug Song and Niels Provos having a hand in it. mindw0rk: Who are the authorities in the computer world for you? Shok: I respect some guys from Russia: Solar Designer, freelsd, stranjer; guys from Australia: duke, caddis, dice; Europeans: plaguez, halvar, nergal, Oded Horovitz; as well as his countrymen: Bruce Schneier, Dug Song, Niels Provos, horizon, zip. There are many smart people in the world who deserve respect. mindw0rk: Who do you think has made the greatest contribution to the history of computer technology? Shok: The guy who invented the ergonomic keyboard. mindw0rk: What do you do outside of computers? Where do you go to unwind? Shok: I go to concerts. I like hardcore, punk rock, emo and rave. By the way, that's where I met my girlfriend. I like to skate, sunbathe on the beach, travel, snowboard, play hockey, football and other active games. In general, I consider myself quite an ordinary guy :) mindw0rk: And what does the average guy prefer to watch, read and listen to? Shok: I love classical literature. From Russian authors - Dostoevsky and Tolstoy. From computer I prefer: "Unix Network Programming", "Inside Windows 2000", "Undocumented Windows 2000 Secrets", "SPARC Architecture", "Assembly Language Programming", "Solaris Internals: Core Kernel Architecture", "Applied Cryptography", "The Design and Implementation of BSD 4.3" and "Intel Developer manuals" (developer.intel.com). These are books that I grew up with and that taught me a lot. I can imagine how difficult it is to study computer science for those whose native language is not English. Therefore, people who have become specialists , despite the language barrier, I doubly respect. From the magazines I want to highlight: "Scientific American", "American Scientist", "Discover, Newsweek" and "BusinessWeek". Films that I watched with pleasure: "Equilibrium", "Minority Report" ", "Saving Private Ryan", "Pi" and "Momento". My favorites are futuristic pictures like "The Matrix", and some of Spielberg's work. My favorite bands are: Saetia, Atreyu, The Used, Taking Back Sunday, Finch. mindw0rk: The first thing that came to mind about these words: Bill Gates, music, internet, space, career, death? Shok: Bill Gates = Hitler (good idea gone too far), music = great dope, internet = my path in life, space = wilderness, loneliness, career - it's important that work is enjoyable, death is what I fear and for which I am not yet ready. But I believe that life after death continues. mindw0rk: Your wise advice to our readers? Shok: Perseverance is the only way to overcome obstacles to mastery. And, during this journey, do not stop learning! mindw0rk: Danke Shop… in the sense of a sanks for interview, Matt. Shok: Your are welcome :) Atomic Bomb Test Page