Project Mehem..

Started by Zerored, August 21, 2002, 12:58:16 AM

Previous topic - Next topic
Recently heard of a group called project meyhem...er...is is mehem..ahem..anyway, someone told me it was a group of individuals againsed white and black hats. From what i heard, they are againsed white hats who profit(computer security firms) off of exploits mostly found on the net. Those who contribute (those who post) are also hated by this group (phrack, 2600, heck, even us) also. From what i hear, they arent script kiddies and are ghosts; hard to find. Some even pose as white hats. Anyway, just some thoughts. Havent posted in ages.

okay, I haven't been on in a week now.. I've been fucking sick as hell... still am having difficulty being here but this interested me..

url, anything ?
ahh well, people will be stupid

"My Terminal is my Soul"

No, i heard it by mouth.I will try to get the url. And metty, good luck as we ALL wish you well.

Well, I have to throw in my feelings on this one...
hehe

I dont have a doubt that there is a small group of resentful individuals out there in existence that dont like groups such as cDc, the old L0pht crew, us, etc.

Lord knows we've come across many already. As far as being experienced and highly talented hackers, I find some difficulty believing that. Most intelligent and experienced hackers understand that in the world today, its difficult not to "sell out", but it all depends on how you "sell out". I think the guys of L0pht did it the right way. They work in the industry and make a living using their talents. I wouldnt have shut down the L0pht site and I would have kept it as a "hobby" project if I were them, however I cant speak too negatively about that as Im not entirely aware of all the contract stipulations they had to follow to land the jobs they now have.

In my opinion, if you have the know-how and the ability, by all means make money from it. What would be the point of letting it go to waste, or using your abilities but going hungry because the McDonalds job doesnt adequately put food on the table.

Its hard not to profit off of what you know these days. You have to look at the issue as only having two options. Either you profit off what you know and make money, but risk being labeled a "sell-out" or you work your magic for nothing and scrape every month of your life to get by. I personally feel its wrong to shun someone for making a living. Its the same as if you were a mechanic and instead of fixing your friends cars for free, you opened up a shop and charged money to pay the bills and suddenly your friends get pissed at you. Hacking and security is no different.

Its the turning the underground and hacking into a circus or magic show part of some people "selling out" that I despise. The people like the moron of AntiOnline and such who turned hacking into a freak show by trying to pair it up with the AOL philosophy (so easy, anyone can do it). Thats the part of some sell-outs I dislike.

Back to this group though, as I said I dont doubt they exist, and I dont doubt the existence of their abilities as I havent been given reason to disbelieve, however its not hard to become a ghost online. I did it for years and all it takes is a watchful eye of your back and where you go.
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

Heads up HFX, Taz, Metty, here is the URL : http://phrack.efnet.ru/

This should be interesting.

Not that I am agreeing with anything, but they know their stuff. I've read some of their texts and what some of them wrote can't be bluffed with the normal BS you hear about on IRC. Besides, they make a clear point about most 'whitehat' hackers: they're in it for the notariety. It's the truth. Why else would they spend so much time dealing with a vulnerability and making a POC just to post it on bugtraq? I wouldn't post stuff to bugtraq. And look at Taz's quote:

A good hacker is well-known, a great hacker is unknown

Or something to that extent. You have to agree that posting to bugtraq and other places puts your name/nick on the map, right? And what else does it do for you? Nothing. You don't become a better hacker because of it, nor do you REALLY gain any respect from anyone in the underground. You dont get crap but a useless exploit due to the next patch the company puts out to fix what you spent all those precious hours working on...

My 2 pesos...

Wilnix

PS: Taz - I like the quote and just had to use it to show my point...
alt email address: wilnix@hackphreak.org

I agree with some of what they say... Although, what exactly is wrong with making a living, especially a nice one at that, doing what you've worked your ass off to learn? Many of the people that are so called sell outs, (i.e. L0pht), didn't do it in the same mannor as J.P. - AntiOnline did. They did it through hard work! Very hard work! I say don't hate on them because of their good fortune. That's what it boils down to many times. If you are truly skilled, and come upon that once in a lifetime golden opportunity to make some serious money at it, why not go for it? Everyone, and I do mean, everyone with pride in their work would like to be the best in their field and even recognized for their hard work in some fashion. Don't believe me? What about people who are Nobel Prize winners? Do you call them sell outs? Many researchers, scientists, etc. strive to be published, to some extent so they can be recognized, which is how you become successful in your chosen field and no one cares... but when you link it to InfoSec, all of a sudden, the coined phrase changes and they are now sell outs regardless of their accomplishments. I believe it boils down to this. If doing it for elitism and nothing more... sellout. However, I say if you work your ass off, and try to do something useful, and can profit from it in the meantime since you made it your career choice, and sinceerly want to try and be the best in your field, I say go for it and fuck everyone's opinion! Do it for yourself and so you can feed your family! Nuff said... my $0.025...
*** Sleep: A completely inadequate substitute for caffeine. ***
01010010010101000100011001001101

I agree with most of what has been said, more specifically that of turning know-how into a living for one's self. I see nothing wrong with it whatsoever and think its wrong to label people as "sellouts".

For example, do we call Carpenters and Mechanics sellouts when they use the skills they've learned in life and the talents they have to make a living for themselves? Of course not. Why should we label computer professionals and experts differently? I make a living doing what I do best. Ive done so for years.

One thing I can say though is when you post to Bugtraq and such with your name, handle, whatever, yes you gain notoriety. I see nothing wrong in that. Why you ask? Simply because when you start to gain notoriety comes trust as well. Large companies and individuals trust that what your saying has been thought through and is legit. Its harder to have people listen to you when no one knows who you are then when youve established yourself. Of course with everything, there are limits and people shouldnt let it get o their heads. When you think about it, who are they really gaining notoriety with honestly? What kind of fame comes from the information they post? Not much really. There isnt a Hollywood agent tossing movie deals at thier feet, no corporate sponsor tossing commercial deals at them. The fame they gain simply stays within the security industry and underground in that when someone reads a post from them next time about another hole, most common they say to them self "This must be important because "so-and-so" posted it".

Not knocking anyone here on this, just throwing in my view. And thanx for the compliment Wil ;)
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

Well I had actually planned to comment on some things on their site. Most of that is how they harassed people.. and some other statements they said that are libelous (well actually not really libelous but ignorantly said: mostly that you have to cause damage.. and no white hat/black hat issue.. you are or you are  not). But since three people responded already, I think that I will just comment on those, as good points were made, I think. Besides, I have already railed quite a lot at a person today on this forum that I hope doesn't irritate anyone.. (OT message: but hey, what can you expect from someone who dearly loves sarcasm, satire, puns, and finding errors in works ? I actually agree it is not really nice but you know.. I try to give everyone a chance.. but sometimes it just doesn't work out.. And I have also changed quite a bit after thinking of things this last year.. Grammar/English is not the most important thing and I have good friends that are either not native English speakers or they just have trouble.. I even have one I help.. so much as it is in the form of going through work and tell him about spelling errors or poor mechanics or whatever. Another thing I do that I often do not like is how I say things or how I respond to things.. a lot of that is perfectionism at the extreme but I do not like how I responded to some things.. anyhow..)

Well, Uneek, Will, and Taz all made some good points.. and in case you haven't noticed, I will point them out now. :)

Wilnix:

First thing, you really make a good point about Taz's quote (did you come up with that yourself, Taz ?). Not only did it fit in here, it does make sense. I love that quote. I am very loud in some things but it is imaginable after all I've gone through (and I am not dismissing others.. I know many others have hard times too.. different ways sometimes, but not always)..

I have a lot of hate for different things in me because of crap I've been dealt. But a lot of that is gone and I try not to think of it. I have lately been changing my view points, partly to some friends look at things. It often sounds like I'm just complaining and this and that.. but it wasn't meant that way..

But anyhow.. Taz made a very good point with that quote. It's just like how an animal will hide from others (including humans) and are really good hunters. If you really want to control others or whatever your purpose may be.. then you should keep quiet.. That simple.

As far as Will's comment about Bugtraq.. I would have to say that some do get respect and some do not. But it is  not because they posted on some specific list. It is because they put a lot of time in.. and explore and do many cool things.

Example is daemon9 / route from Phrack. He has done some incredible stuff (speaking of which.. Phrack #60 is out !). Another one is Aleph One (of course, he is involved in Bugtraq or he was anyhow) and he has done some great stuff.. And look further back.. yes, LoD v. MoD shouldn't have happened, and there was one group that died quickly (namely Extasyy Elite).. and lots of other stuff who did make posts. But there were a lot of good people involved. Shooting Shark was quite good with Unix and always added his sense of humor and mischief in to what he wrote.

Point is you can but also can not get respect. One thing is certain, though: If you mess up while posting, you are pretty well screwed. It goes along what I was told many, many years ago:

"A good reputation is hard to keep, but a bad reputation is hard to get rid of." That is really a good quote and it is so true. But I don't think anyone should be in it for fame.. that's not what it's about. But there are a lot of people who flame (myself included but it's not in the same way.. I use more wit and cleverness.. and sarcasm and such.. while others curse at others, and who knows what else.. all in a very aggressive way) and one mistake and you can get flamed hard.

That is exactly why you can not let charlatans like Carolyn P. Meinel slander/libel you.

And Will, you're so right... you don't get anything from writing an exploit.. at least not instantly.. and it also depends on where, what you actually accomplish etc.. The only thing there is self satisfaction from doing something neat...


Uneek:

Actually, around the time L0pht dissolved into @Stake (also the time that HNN went down which sucks but oh well..), Uneek and I actually had a convo. He kind of pointed some things out and they are really true. It is how you 'sell out'. The L0pht have done enough and they are entitled to get paid NEW things. People bitch about that, but the truth is.. everyone expects money, so why can't L0pht have money to put food on the table, to pay bills, doctor visits and who knows what else ? Answer is they have every right to it. Saying they sold out IS wrong. How in the fuck will they survive without money ? They can't. Simple as that. And I am willing to bet that, if the same people who shot L0pht had some opportunity, then they TOO would do it. And then their friends and others would tell them that you sold out. So much for friends. Most people need a job so quit bitching about what they do. Spread of knowledge is one thing, but still.. that does not mean you should have to not get any money at all...

As far as JP.. heh, don't even get me started on that moron ! He is a charlatan along side with CPM. Brian Martin did a fine job in his errata section on attrition.org

There are others that are interesting.. anyone remember Se7en ? heh.. he lied so much and he got trapped.. Brian Martin showed lots of evidence just like he did to CPM and JP. The sad thing is so many people slander/libel him but yet, they are the charlatans, not him.

And Uneek made another excellent point.. basically it's experience that you need. Without experience you will fail. Period. And so doing things (for the right or wrong reason) does make you better. Fuck anyone who thinks they have a right to put down others for working hard.. When they themsevles probably can't do much themselves.. perhaps it is jealousy or ignorance or blindness ?

InfoSec.. well, what I like about that mailing list (which I am subscribed to) is that it features a lot of articles.. some interesting, some funny, some are utterly pathetic. Many of the media stuff I posted as of late is from InfoSec.. William Knowles seems decent and some other posters there do too..

And yes, the L0pht did a lot of stuff.. they should be able to support themselves.. especially with all the stuff they've done. Who is anyone to tell another that they are bad because they changed ? It gets absurd actually..

(OT but I think it makes a point)
As some of you know, MetallicA is my favorite band.. Now, likes or dislikes put aside, some things thrown at them are really absurd. Around 1996 (when the album Load was released) they cut their hair. And suddenly, the sold out and they sucked and this and that.. How does that work ? What the fuck does hair have to do with music ? Idiots.. How can changing LOOKS make music sound DIFFERENT ? Yes, I liked their long hair (I have long hair myself though long before I was really into them).. and I do like their older stuff too. But god damnit, CHANGE CAN BE GOOD ! And they are really incredibly talented musician. The stuff they've done.. some balads some really fast and heavy music. Also combinations of both. They also led a path for other musicians. Of course, another thing is them having an issue with Napster. But fuck that, would YOU want your OWN stuff being stolen from you.. something you put a damn lot of work in ? Hell no. The only thing they had an issue was is of their ALBUMS. They actually encourage or at least appreciate boot legs of their live stuff.. I have some on CD and some MP3s of that stuff.. and it really is incredible. They put a lot of work into their songs and they have deep meanings to them. And some of the stuff they wrote about they don't have much experience with that.. Welcome Home (Sanitarium) for instance. It is really beautiful music. The God that Failed.. was about Jame's parents died.. they were Christian Scientists and they believed no medical intervention would be right. Well, god didn't do a damn thing and his parents died. He put it into lyrics and it means a lot to them. Okay, now that I'm done with this way OT part...

Taz:

Lots of good points just like the other one.. we don't frown upon carpenters or mechanics for making a living.. Hell, I am too ill to work, and the fact that they are healthy enough and often knowledgable enough to get a job.. that's good, not bad.

And hell, for all we know.. the people who throw mud at these people.. also use what we do best.. so they need to quit their bitching..

And their is another point he made.. trust is very important.. and too often it is broken. But people value someone else's view/knowledge/ideas/feelings.. why ? Because of the past.. simple as that.. Who would want to trust someone that has only bad history.. uhh.. no one. And who would go to a shop of some kind if they cheated you... or lied to you.. or did a horrible job ? No one would. Same idea that I brought up with reputation.. you fuck up once and your past is irrelevant.. do well and continue to do well and you're quite fine. Sad how that works but nevertheless it is...

But examples: Don't we all know Brian Martin and at least one of his handles ? Don't we all know Loyd (The Mentor) ? Don't we all know Aleph One... ? Those are good people with lots and lots of knowledge and experience... All different interests but that isn't important.

"You can read all the gfiles in the world, but unless you actually go out and hack, you're going to remain a novice. "

- Loyd


It's about experience.. Simple.


Met

"My Terminal is my Soul"

January 03, 2003, 02:21:10 PM #9 Last Edit: January 03, 2003, 02:23:45 PM by Tazinator
Reminds me of something my grandfather once told me...

QuoteWhenever you do something good, you get an "attaboy" or praise of some sort. The more good things you do, the better the praise gets each time. But all you have to do is screw up once and get an "aww shit" and that cancels out all the "attaboys" you have ever gotten.

Lifes experiences thus far have led me to value that bit of advice he passed to me as I have found it to be 100% true.

In regards to the quote, unfortunately I cant claim credit for that myself. I read it a long time ago and exactly where and by whom escapes me but I thought it was very good. I've had some good catch phrases and quotes myself in the past, no need to plagiarize ;)
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

Yeah, very good points. I guess I just tire of the self proclaimed experts that TALK more then they DO. I've seen a couple in my days in real life and I'm actually pretty good at picking them out after a small conversation. Most of them brag about how "they" did this or that...THEY turns out to be a group of people that person knew or managed or whatever. Everyone in this industry has some sort of skillset. Some have less then others in one area but more in another. Some have skills in multiple areas, others are more experienced in just a few or one...etc...

Everyone started out as a beginner [PLAIN TRUTH]. I just have more respect for people who know what they DONT know and aren't afraid to say so, then these morons screwing up the industry because they THINK they know it all. I've met more programmers then I care to acknowledge that figured they knew everything because they knew C, C++, Delphi, or some other language. These very same people don't even know the difference between their local NT accounts compared to their domain NT accounts...scarey? Only when they pretend that they "forgot" or "had a brain fart".

Nothing makes me more mad these days then that. I can handle a new user who needs help better then somebody who treats me like they know more because they get paid more or are considered an "EXPERT" in their field and then turns out to be without an COMMON SENSE in my world.

"What's the command for ping?" ~A real life example
"How do I login to the workstation with my local account?" ~ Another one
"How do I click on CTRL-ALT-DEL with VNC?"~yet another one
"What's so insecure about frontpage extensions? It's so easy, I don't even need to login to it" ~I'm not kidding....

Anyways, I don't consider myself a hacker. Why? Because I don't want to....where did this come from? I haven't slept in 48 hours...

Wilnix
alt email address: wilnix@hackphreak.org

Quite interesting replies by Taz and Will.
And quite a confusing reply by Met.

I like the quote that Taz's grandfather told him once. As far as the quote I mentioned (maybe not exact words), I sure as hell did not come up with it, but it is a very good point. And it has a lot of meaning to it. I heard it many years ago and for obvious reasons, it has stuck with me.

It is very important to remember these kinds of things and look at them fully. For those who think they don't care, well, they either will care later on or they don't care about their actions at all and it is thus not a concern.

But there are many quotes/sayings/view points/tips/et. al.  like that that have a lot of meaning to them and they are very, very important to think about and remember.

Those real life quotes that Will posted are hilarious but also sad and scary. The one about ping reminds me of the question (whether really happened or not [wouldn't be surprised if it did]) is dialing 911 and asking them how to reach 911. "What's the number for 911?" .. that among other things.

BTW: to those who offered help on X-Zine, those are some of the quotes I would find great in it...
and Will do  you mind if I use those ?
Another idea is the moron screwing with Uneek at his office and trying to report him for nothing (long past I assume)..
You care to write up about that, Neek

And that all goes with RL stories.. I mean, I once found an X session idle with no one even there. So I pull up a shell prompt and what do I see ? root is logged in. Rather than cause any damage (which isn't exactly right but sometimes it is amusing to frustrate others), I just did a shutdown -h now.
Besides, with me.. I go back and forth of knowledge. This is why I started a paper on UNIX.. to remember these things.. I never finished it though.. I do have a lot of notes in the paper though, so perhaps I can work on it sometime.

Another thing..

Saying a lot of things but not doing much. I think we've all done that in some way or another, perhaps to intimidate others or who knows what else. Makes me think of school children arguing and fighting or abusing other kids.

Personally, while I think I have a great deal of knowledge and experience, I have *MUCH* to learn. One issue is that I tend to lose things rather quickly for not even touching them. Another thing is difficulty with allocating time for things and actually sticking to it. But that does not matter. You either know it or you don't (You can't just say well I used to know this.... but I forgot. And you can't just say I know such and such ... that doesn't mean a damned thing). Personally, I would say I could learn from Neek, Will, Taz and Cobby. Of course, I think they've all learned things from me too. That's how it works. But the truth is, they probably have more experience with networking and security, even though I am decent at it (and am great at looking things up). The difference between them and me, is that I don't do much lately.. I just can't handle it all. And that makes them know more by default. I am quite happy for them though. There is nothing greater than being happy and being able to support themselves.

Even two years ago I was doing more than I am now.  This is why I have finally asked for help on X-Zine.. because if I don't get help it will die. I already feel it is dead but am trying to revive it. If anyone has questions on that, feel free to ask.

As far as the 'expert'... and 'being better' than anyone.. it happens too often. It could be arrogance, it could be that they feel intimidated by the person.. who knows what..

And the kiddies that launch DDoS attacks and say they '0wn so and so', that they are hackers, that they are very mature.. they are pathetic kids who know nothing more than pointing and clicking on Windows 95 or later.

I know that many in the hacking community will say that Steve Gibson is a complete idiot.. While he does have some views that someone around here wouldn't agree with... he is still a good coder (just because he codes in Windows doesn't make him a horrible person... maybe he does use Unix or Linux.. ) and he does a lot of research and some of them are very interesting.

Anyhow, everyone needs to be proud of something, but it can't be overbearing. No one is perfect, and everyone can improve. And I'll be the first one to admit that I sometimes am a bit harsh. But none of this makes me a bad person.  

As far as me being a hacker or not.. It's hard to say.. for one thing, everyone has their own definition.. and it's not like there is some percentage of what you have to do or accomplish either. and given that I don't do much now, I don't know. But I don't need to prove myself to anyone. I don't have to state I am a hacker or not. I believe I have ethics of them, I believe I have the never ending search for knowledge and other things.. but I find that these days, if you even claim it, you just get riddled to death.

But I don't even remember what this whole thread was about with doing other things too... so I will just close it. :)

Oh, and Will, get some sleep.. it's not good for anyone to do that. It effects you in many different ways. heh..

Met


"My Terminal is my Soul"

verry deep discussion here, basicly you have to keep an open mind with a strong guard, or people will just litter your mind. maybe it's just me but hating on somone for making money for what their good at is idiotic, let me see ill go make money at somthing im bad at YEa thats the ticket. Welcome to the new age where stupidity reigns supreme and intellect is shuned. just my 2 rubbles on that

Bah! sleep is not for the wicked!

besides, I just took 3 good days to work on my c skills nad it may pay off for me in a big way....

;D Wilnix
alt email address: wilnix@hackphreak.org

interesting twist....i find that in most cases, if you CALL yourself a hacker, youre prolly a skript kidding DOSer....and it raises mucho questions of what you really know. But i agree with Metgod

SMF spam blocked by CleanTalk