Ask the Cult of the Dead Cow Anything

The Cult of the Dead Cow [cDc] is one of the best-known and oldest groups floating around in the murky world of computer security (on either side of the fence). cDc's best-publicized recent accomplishment is Back Orifice, a program that can be considered either an excellent NT remote sysadmin tool or a cracker's sneaky way into an NT-based network. But there's lots more to cDc than B.O. If you're not famliar with their history, check the cDc files before you post; they go all the way back to 1985. Please confine yourself to one question per post. Tuesday afternoon we'll forward the 10 - 15 questions deemed most interesting by Slashdot moderators and hangers-on to the Cult by e-mail. Answers will appear Friday.

random ranting

Why is it that every l33t skr1pt k1ddy pretends that you guys are the uber-hacker and the rest of us (thoes who can REMEMBER back to some of the early t-files) just think you're a pack of insane people that should have been locked away years ago (screwdriver flippin my left testicle... it's hammer juggling!)


Hack me, Crack me, Make me bleed
a faster box would be all I need

Protocols

I've read some articles recently about a new protocol in development which is meant to replace TCP/IP as the standard. If this new protocol is ever implemented, do you think that it will be more open to manipulation (ie. cracking) than TCP/IP because it hasn't had the years of testing that older, proven protocols have? Thanks.

Why is BO treated differently than Carbon Copy?

All the major antivirus software now looks for and can remove BO(2K). Why don't they also look for and remove Carbon Copy, PC Anywhere, etc.? They all do the same thing. BO(2K) even does remote administration better, with more features, and in a smaller footprint than other RA utilities. This whole thing smells the attitude, "It's not what your software does or how well it does it... It's who you are and who you associate with." Besides, I dare to say that I trust cDc's software MORE than the proprietary stuff because the entire world is can look at the source. Any shenanigans spotted by anyone would be thrust into the spotlight and fixed in no time. CC/PC Anywhere may have back doors, etc., but I can never really know. Which would YOU trust more?

Re:Cow2K

At the risk of answering this question for the cdc...

I think that any such organization would just have to say: themselves :-)

cDc

my question is...

What is the cDc's position on "hackers" generally associating themselves with online porn. I think the image portrayed by this prevents hackers from being taken seriously.

Surprise

To the various illustrious(translation: I've worshipped you guys for the majority of my life) members of the Cult of the Dead Cow:

Moo.

That being said, I'd like to know what have been the most surprising events in the computer industry for you. Anything's fair game. What just came out of nowhere and knocked the Cult flat on its ass?

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

white hat or black hat?

A recent article (forgot the reference) characterized codc members as a bunch of social juveniles bound by no particular ideals, and lacking in both trust and personal respect for other members as well as the (cr|h)acker communities at-large. The evidence presented in the article however was limited to on-stage behavior and a virus of unknown-but-suspicious origin on a distributed CD. The codc archives paint an equally murky picture, depending on the reader's perspective.

So is there a codc code of ethics? Could such a thing ever be enforced?

Is the hacker code in general just marketing hype? Are the press correct in their refusal to differentiate cr from h?

Your position on "Hacking" vs "Cracking"

You folks have been around for so long, surely you've seen the evolution of both terms. Are you quick to take a stand on misuse of either, or do you just take it all in stride? Some of the older security folks out there are damned sure that "hacking" is still purely malicious, and "Cracking" simply means breaking software registrations and the like. What do you feel each term represents these days?
-
"In the flesh, on the phone and in your account.... You shouldn't have called you know."

B02K (inevitably)

You released B02K, which does essentially the same thing as microsoft's own software. Yours, however, is seen as a cracker tool, something you've railed against in the past.
If you didn't want it to be seen as a cracker's tool, why did you release it at defcon?

Image

Let's face it - most people regard the cdc as a bunch of script-kiddies looking for some limelight. The BackOrifice software really made this worse, because it was seen, not as an admin tool, but as an application meant to propogate cracking. How does this make you feel? That is, what are your personal thoughts on the cult's activities and how do you think they should be viewed from the professional side of the industry?

is there any other question?

please be honest

(1)boxers
(2)briefs
(3)panties
(4)thongs
(5)nothing
(6)orange
(7)Hemos the Hamster

BO as a remote administration tool

I have noticed that you often promote BO as a "remote administration tool". How do you respond to allegations (mainly in the "popular" computer press) that it is potentially full of back doors, and therefore not suitable as such a tool?

question

I was at defcon, and attended the nearly religious announcement of BO2k. During the demonstration, you mentioned several times that BO2k is a system administration tool. Why did you keep on re-iterating that point? We know your what all of your backgrounds are and if you were to label BO2k as a "system administration" utility, why is it something that you announced at defcon, the largest cracker/hacker gathering in the world? If you really wanted to have it honestly thought of as a "system administration" tool, then why was it not announced at something where Micros~1 would attend?

Thanks

Why "Cult of the Dead Cow"

Are you guys into necrophiliac bestiality or something? j.

broken?

Is it my browser or Slashdot that's broken? Whenever I come to this page it's completely empty, saying 0 comments no matter what the threshold.

Someone please forward that to CDC... :)

Re:Name?

Why a dead cow? :) Why not a hamster, or even a chicken?
kaniff -- Ralph Hart Jr

Tested on a clean install?

I heard of your work, though BO, and regard your group and others, including l0pht heavy ind, as a security group. However, I am left to wonder what tools you test your work with, and if you test your items on clean-installed copies of Windows (insert arbitrary version number here). It would go a long way towards deciding on running Win98 under the Bochs emulator just to secure it.

---
Spammed? Click here [sputum.com] for free slack on how to fight it!

Mr. T vs. Jesse Ventura - who'd win?

If Mr. T and Jesse Ventura got in a fight, who'd win?

"The Body" would win!

Corpses don't put up much of a fight...

RIP Mr. T.

Where did you begin?

cDc, I am interested in where each of you began you learning of computers and coding (programming, hacking, etc), and how each of you became members of cDc. Do you have any books or URL's you suggest? Cheers, -- David

Cow2K

Dear Cowsters, What do you envision as being the preeminent issue (problem, whatever) with regards to computer security (from the individual or corporate perspective) in the next 10 years? Merci
--

bo2k linux client

When, oh when, will we have a *nix client for bo2k? Believe it or not, I would really like to use it productivly but I need to be able to access it from my linux workstation. VNC is ok but really doesnt cut it.

Name?

Cult of the Dead Cow. Bloody good name.

Just how did you come up with it? :-)

questions for CDC

Do they reckon they'll cope with the slashdot effect? :)
First Post!?

Longevity

How has the 'mission' and/or purpose of cDc changed as the years have passed, especially with the advent of pervasive internet connectivity and the 'death' of classic dial-up BBS's?

Here's a question or two...

1. Who are the sick bastids which came up with 'Trail of Blood' and 'Bunny Lust' (the first two cDc releases that I'm aware of)?

2. Have they increased thier dosage since then? ;)

--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)

Swamp Ratte' you still haven't published "Stuffs"

3-4 years ago, I sent you a nice little t-file, fiction, called Stuffs, about a girl and her magical flying snack trays, and you said it would be released. Alas, you never did, though on follow up emails, you said the next release. Why? When?


p.s. anyone interested in some cDc reviews of t-files, check out www.etext.org/pub/Zines/BeyondLost (the url may be a bit differant, case sensitive and all)

Security

How would you define the implementation of security on the major OS today?

Windows95 / 98
Commercial Unix
Linux
FreeBSD
NT
Windows 2000 (NT5)
etc.

Suggested question

"In real life, if you break into a building, you break the law, the fact that it might have been easy is no defense, and the argument that you were trying to demonstrate how easy it would probably result in the jury laughing you all the way to a guilty verdict. What makes the virtual world different? Is the money people lose when their network is brought down any less real than the money that is lost when a thief breaks into your apartment and steals it? How do you justify making such violations of someones privacy and security easier?"

I should note that I am not personally of the opinion that you might think from reading the above, but I would be interested in the response.

--

Life imitating art...

What movie or book best describes your ideal life and life goals?

World altering, personal evolution and getting the girl ala Fight Club or more focused on internal issues of understanding with something like Zen and the Art of Motorcycle Maintance... or something utterly else...?

BO for Linux

Any plans to write a back door style program for Linux? or are you guys simply out to get just Microsoft?

Re:is there any other question?

dammit. forgot how old you guys are.

(8)depends

cDc and South Park

There is an episode of South Park with cows worshipping a cow clock, and when it is removed by the people, the cows all jump off a cliff, now I've heard that refered to as the Cult of the Dead Cow episode, is it anything to do with cDc or are cults for dead cows just in fashion right now?

my question

My question is short, but French. I would like to know:
OU SONT LES BITCHEZ??!

Marketing

Do you have any plans do market B.O. as a system management tool in the real/corporate world?


"I have no respect for a man who can only spell a word one way." - Mark Twain

Cracker Money

Since modern governments typically back their currency via threats of HIV infected gang rape [deja.com] I was wondering whether you had heard talk of creating an electronic reserve system based on Bovine Reserve Notes, where said Notes could be used to buy cyber protection from the Slaughterhouse Revenue Service?

It seems crackers (stereotypically young WASP males not affiliated with violent ethnic gangs) are prime chicken meat when they are put in prison, so they would like to put the previously mentioned governments out of business, unless said crackers are frequently HIV-infected sexual masochists. Are they?

Conventions?

Besides cDc being a major organization at the Defcon conventions, does cDc plan on hosting its own convention?