Interview with Frank Van Vliet aka {}<BR>
By Sugarking (C)2001 SugarKing/HWA<BR>
<BR>
<pre>
Please quote source if using any part of this interview
http://hwa-security.net/
http://hwa-security.net/interviews.html
http://hwa-security.net/frank.html
</pre>
Session Start: Mon Jan 08 17:29:20 2001<br>
[17:36] [SugarKing] alright....ummm.....logging now:)<br>
[17:36] <{}_> erhm let me fix you a new window (:<br>
[17:36] <{}_> there (:<br>
[17:36] [SugarKing] so how did you get into computers? how old were you and how old are you now?<br>
[17:37] <{}_> erhm not that long ago, i was like 10/11 while playing with the old XT of my dad<br>
[17:38] <{}_> he teached my a bit of gwbasic so i could make really irritating music programs with keyboard as keyboard and stuff like that (:<br>
[17:38] <{}_> now i'm 18<br>
[17:38] <{}_> from XT it wend to some old 386<br>
[17:38] <{}_> where i learned vb<br>
[17:38] <{}_> i programmed vb for quite a while<br>
[17:38] [SugarKing] yuck, vb:P<br>
[17:39] <{}_> its less then 2 years i'm into linux<br>
[17:39] <{}_> where i kind'a started with reading the kernel<br>
[17:39] <{}_> kernel tought me C<br>
[17:39] [SugarKing] 2 years? that's a short amount of time<br>
[17:39] <{}_> i had some guide papers besides reading kernel focourse<br>
[17:39] <{}_> well just skipped the 'scriptkiddo' part<br>
[17:39] <{}_> makes you go really fast (:<br>
[17:40] <{}_> most ppl tend to 'hang' in the scriptkiddo part<br>
[17:40] [SugarKing] yeah I would imagine<br>
[17:40] <{}_> get there ego growing while doing more easy thingies<br>
[17:40] [SugarKing] how many hours a day do you spend on your computer?<br>
[17:40] <{}_> like hacking microsoft.com with exploits of others (:<br>
[17:41] <{}_> erhm now i'm a student, i study computertechnologie or whatever it is called in english<br>
[17:41] <{}_> i live at the campus with a 100mbps internet link<br>
[17:41] [SugarKing] heh<br>
[17:41] [SugarKing] what college do you attend?<br>
[17:41] <{}_> in a small room with a computer a bed and a cough and a drawer<br>
[17:41] [SugarKing] hah<br>
[17:42] <{}_> so i'm like erhm 10+ behind pc<br>
[17:42] <{}_> i think i reach 15 when i'm not doing school stuff<br>
[17:42] <{}_> except for weekends<br>
[17:42] <{}_> weekends are 100% with girlfriend so not really computers<br>
[17:43] [SugarKing] heheh<br>
[17:43] <{}_> (she started running linux before i did)<br>
[17:43] <{}_> on school i only really follow math classes<br>
[17:43] [SugarKing] oh? hahah...<br>
[17:43] [SugarKing] nod, math is pretty important<br>
[17:43] [SugarKing] not to mention the most difficult<br>
[17:43] [SugarKing] and the biggest pain in the ass<br>
[17:43] <{}_> nah dunno <br>
[17:43] <{}_> at least the most difficult<br>
[17:44] <{}_> never needed math really<br>
[17:44] <{}_> not in what i'm interested in<br>
[17:44] [SugarKing] what about in C?<br>
[17:44] [SugarKing] what are you interested in?<br>
[17:44] <{}_> right now i'm coding some zero knowledge authentication library<br>
[17:44] <{}_> don't need any math for that really<br>
[17:44] [SugarKing] cool<br>
[17:44] <{}_> just read the papers and implement their idea<br>
[17:45] [SugarKing] so what programming languages do you know, and when did you learn them?<br>
[17:45] <{}_> erhm i code<br> 
[17:45] <{}_> erhm i code C for a year now<br>
[17:46] <{}_> today i read some final thingies out of 'the c programming language' (expensive book, almost a dollar per 3 pages)<br>
[17:46] <{}_> nah 4 pages (:<br>
[17:46] [SugarKing] is that the only thing you mainly code in?<br>
[17:46] [SugarKing]heh<br>
[17:46] <{}_> so now i think i know most C<br>
[17:46] <{}_> kernel is full of gcc magic so trying to get the hang of that to<br>
[17:46] <{}_> yeah i mostly code in C<br>
[17:46] [SugarKing] yeah<br>
[17:46] <{}_> i like to see the asm in my head when i code<br>
[17:46] <{}_> great for optimilisations<br>
[17:47] <{}_> besides C i do perl/php/tcl/scriptthingies like bash<br>
[17:47] [SugarKing] ahhh, I was going to say...<br>
[17:47] <{}_> i do asm, but mostly for optimising in C<br>
[17:47] [SugarKing] you did of bit of php on your apache hack...<br>
[17:47] [SugarKing] which was very clever btw<br>
[17:47] <{}_> that was peters php<br>
[17:47] [SugarKing] peter == <a href="mailto:petervd@vuurwerk.nl">hardbeat</a> I presume?<br>
[17:47] <{}_> his passtrou($bla); or something<br>
[17:48] <{}_> still dont know how to spell that word<br>
[17:48] [SugarKing] heh<br>
[17:48] <{}_> yeah peter is <a href="mailto:petervd@vuurwerk.nl">hardbeat</a><br>
[17:48] [SugarKing] does peter also live in the netherlands?<br>
[17:48] <{}_> apache was fun<br>
[17:48] <{}_> took 2 weeks<br>
[17:48] [SugarKing] 2 weeks? that's quite a project<br>
[17:48] <{}_> yeah he does, i meet him regularely for he is the brother of my girlfriend (((:<br>
[17:48] [SugarKing] ahhh<br>
[17:49] [SugarKing] I took a vacation to the Netherlands once, it's a nice country:)<br>
[17:49] <{}_> yeah most real hacks take time<br>
[17:49] <{}_> slashdot also took 2 weeks<br>
[17:49] <{}_> freebsd took 'just' one week<br>
[17:49] [SugarKing] what are your purposes for hacking big sites like apache and slashdot?<br>
[17:49] <{}_> but we cheated on that one (:<br>
[17:49] <{}_> we didnt used configuration bugs to get root<br>
[17:49] [SugarKing] slashdot was also configuration bugs?<br>
[17:50] <{}_> let me start with purpose, thats important (:<br>
[17:50] [SugarKing] ok:)<br>
[17:50] <{}_> hacking big sides got several purposes ofcourse<br>
[17:50] <{}_> first of all, its a mindgame, try to be smarter then them<br>
[17:50] <{}_> great entertainment (:<br>
[17:50] [SugarKing] hah ya<br>
[17:50] <{}_> besides that apache was also hosting its cvs and ftp repositery on that box<br>
[17:50] [SugarKing] yes<br>
[17:51] <{}_> meaning everybody that comes in can do really nasty things<br>
[17:51] <{}_> and distrobutions like redhat dont check EVERY upgrade<br>
[17:51] <{}_> not for 100%<br>
[17:51] <{}_> nah redhat prolly wouldnt check<br>
[17:51] <{}_> but debian wouldnt check for 100%<br>
[17:51] <{}_> for just an update<br>
[17:51] <{}_> and we wrote that paper so admins who read it would start thinking<br>
[17:51] <{}_> those bugs all are just a 'way of thinking'<br>
[17:52] [SugarKing] yeah I think the apache hack was very underminded<br>
[17:52] [SugarKing] it didn't recieve the attention it should have<br>
[17:52] [SugarKing] considering the possibilities<br>
[17:52] <{}_> if those admins see the light and start thinking that way they aren't likely to be surprised by a 'echo could you please come to undernet channel #yourcompany, there are some securitybugs to discuss | wall"<br>
[17:53] <{}_> a friend of mine saw it on CNN's financial news<br>
[17:53] <{}_> or at least it was mentions<br>
[17:53] <{}_> or at least it was mentioned<br>
[17:53] [SugarKing] oh yeah?<br>
[17:53] [SugarKing]never heard about that<br>
[17:53] <{}_> i and <a href="mailto:petervd@vuurwerk.nl">hardbeat</a> secured apache.org before going public with that 'hack'<br>
[17:54] <{}_> on apache.org we tried to be subtile, on slashdot even more subtile<br>
[17:54] <{}_> on freebsd i(we) finally succeeded<br>
[17:54] <{}_> we bypassed attrition (:<br>
[17:55] [SugarKing] yeah <br>
[17:55] <{}_> you can try to look it up, it isnt on attrition.net<br>
[17:55] [SugarKing] heh<br>
[17:55] [SugarKing] what do you plan on doing after college? security consultant?<br>
[17:55] [SugarKing] didn't apache offer you and <a href="mailto:petervd@vuurwerk.nl">hardbeat</a> jobs?<br>
[17:56] <{}_> apache offered us jobs<br>
[17:56] <{}_> but me and peter are both working at the same company now (:<br>
[17:56] <{}_> both happy enough to not leave<br>
[17:56] [SugarKing] what are you doing at this company?<br>
[17:56] <{}_> ppl will find me in some secret service of goverment later (:<br>
[17:56] [SugarKing]heh<br>
[17:57] <{}_> erhm i read code of others and poison it with comments like /* DANGER: bladiebladiebla this is insecure because of bladiebladiebla */<br>
[17:57] [SugarKing] hahahah<br>
[17:57] <{}_> later some govermental work would be kewl i think<br>
[17:57] [SugarKing] yeah<br>
[17:58] [SugarKing] you have the skills?<br>
[17:58] [SugarKing] erm, no ? on that one<br>
[17:58] <{}_> lol i sure hope they have much beter ppl then me there<br>
[17:58] [SugarKing] what do you think about all those script kiddos out there, that are on attrition?<br>
[17:58] <{}_> like i said, they are all hanging in the scriptkiddophase <br>
[17:59] <{}_> and i do think they enjoy themselves too much to go on <br>
[17:59] <{}_> and really learn stuff<br>
[17:59] <{}_> i hope goverments will soon be able to deal with them (:<br>
[17:59] [SugarKing] yeah<br>
[18:00] <{}_> because of one kiddo i hade detectives at my door once<br>
[18:00] [SugarKing] eh? why?<br>
[18:00] <{}_> and i was a 'whitness' so i wasn't allowed to lie and that stuff<br>
[18:01] <{}_> some kiddo hacked some company<br>
[18:01] <{}_> and they were interrogating some erhm dude that thinks he is a hacker (:<br>
[18:01] [SugarKing] heh<br>
[18:02] <{}_> so the detectives drove 2 hours to my place<br>
[18:03] <{}_> i put them in my room where i had turned on heat to kinda max<br>
[18:03] <{}_> i was just in a tshirt, they were in sweaters etc<br>
[18:03] <{}_> they asked me questions for one hour in that heat<br>
[18:03] <{}_> while koffie was in sight but i didnt offered them <br>
[18:03] <{}_> kinda forgot (:<br>
[18:03] [SugarKing] hahah<br>
[18:03] <{}_> there didnt knew anything more when they left<br>
[18:04] <{}_> but they did spend 5 hours of them time<br>
[18:04] <{}_> because of that uberhaubt mansur (:<br>
[18:04] [SugarKing] heh<br>
[18:06] <{}_> at least i wouldn't know why, everything i do does gets published (:<br>
[18:06] <{}_> also the freebsd story and so<br>
[18:06] [SugarKing] do you plan on doing any more big sites?<br>
[18:06] <{}_> i always do<br>
[18:06] <{}_> but you don't just hack any big site<br>
[18:07] <{}_> something like microsoft.com i would never touch<br>
[18:07] <{}_> first of all they are commercial, and they really need money<br>
[18:07] <{}_> hacks are bad for there business<br>
[18:07] <{}_> they will sue you<br>
[18:07] [SugarKing] yeah<br>
[18:08] <{}_> and if you hack them, nobody will think like 'hey those were nice guys, good for microsoft they helped them'<br>
[18:08] <{}_> they will think 'bad microsoft, bad windows, dont use windows'<br>
[18:08] [SugarKing] nod<br>
[18:08] <{}_> afaik nobody switched from apache to some other httpserver after that hack<br>
[18:09] <{}_> apache ofcourse didnt sued, they were very friendly and understood what we did<br>
[18:09] <{}_> freebsd got from there sponsors a guy to check all there cgi scripts (:<br>
[18:09] [SugarKing] haha<br>
[18:09] <{}_> i keep using we, but sometimes thats me and ahrdbeat, sometimes it me and <a href="mailto:nohican@root66.org">nohican</a><br>
[18:09] <{}_> slashdot/freebsd was me and <a href="mailto:nohican@root66.org">nohican</a><br>
[18:10] <{}_> i work best in pair<br>
[18:10] [SugarKing] why pair?<br>
[18:10] <{}_> works just best, perhaps it is because dcc chat doesnt do treesomes (:<br>
[18:10] [SugarKing] haha<br>
[18:11] <{}_> but i think with threesomes you'll eventually have 1 that backs off<br>
[18:11] <{}_> pairs just work great<br>
[18:11] <{}_> at least thats my experience<br>
[18:11] [SugarKing] yeah<br>
[18:11] [SugarKing] well, I think I'm out of questions, and probably out of your time;)<br>
[18:12] <{}_> lol let take this oppertunitie to pretent i'm a very busy guy ((:<br>
[18:12] [SugarKing] haha;)<br>
Session Close: Mon Jan 08 19:00:42 2001

[END]