OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dailydave] The final countdown

From: Lance M. Havok (lmhinfo-pull.com)
Date: Mon Jun 30 2008 - 22:12:08 CDT


Before I write my true, final farewell letter (jokes aside), I will
put some links to the exploit I promised to release months ago. I just
didn't have the thrill to finish it and publish it, so I've used the
version I found in some random hard disk, and the original movie.

http://lul-disclosure.net/exploits/openbsdjizz.c
http://lul-disclosure.net/lulz/openbsdjizz-the_movie.html

It's for OpenBSD 4.0 and it indeed gives you a root shell. Don't ask
me for help about reading the source code. Yes, it's the first
animated exploit on Earth as far as I know. Lul-disclosure is not
under my control, even though I'm a dormant member of the staff since
I pretty much enjoy the idea of 'lulzhats' (neither blackhats nor
whitehats, and hats are awkward). Please give props to those guys. Now
let's get to my rather long letter...

It's been a long wait. It's been a long time since I coded my first
exploit back when I was about 10 and clueless about mostly everything
else. It's been roughly 7 years doing this kind of stuff non-stop,
using a handful nicknames and avoiding public recognition under my
signature as much as possible. After all, nicknames are volatile and
using an alias makes sure I don't get too proud of myself. Polishing
my tongue-in-cheek humor and ironic comedy. Learning languages one
after another and feeling like they were all the same, just to end up
using them all at once and grow incurably insane. It's been a great
time of using my slightly obnoxious bipolar disorder for something
productive and have a fucking blast with it. It's been a great amount
of really high highs and really low lows, not hitting the pipes but
almost there.

At some point I realized It was time to change towards another
direction and my lifestyle didn't really fit well with investing long
periods of time in front of a machine. I was talking the other day
with my friend Mr. B, and I tried to explain this weird philosophy of
mine, of how we've been given the opportunity to live for a short
period of time, and how the 6k million people on this planet can't
waste their life pretending to live them like a cheap scripted drama.

I refuse to accept the idea of running my life like if anything I
could do would change anything in this world. Whether we like it or
not, we ain't unique snowflakes. Today there's nothing you can do that
hasn't been done some other way before. Confidence, betrayal, trust,
friendship... history has got enough stories of all of them and just
because you ignore it doesn't mean they won't happen again to you.
When I say scripted life, It's pretty much a short set of steps that
repeat over and over in mostly every human being out there:

1. Your parents have sex. You literally 'happen' (yeah, you've never
been a tick in a calendar, we are mostly accidents and that's it).
2. You get born. Welcome to Planet Dust, have a nice fucking day!
3. You start babbling your first words, start walking and go to kindergarten.
4. You start going to school. Damn, that was fun shit.
5. You start high school. First kiss, maybe first sex experience
nowadays (alright, if you are a nerd or look like one then this won't
happen, sorry, life's hard).
6. You finish high school and enroll in a nice looking college, and
your mom prepares a nice looking cake for you.
7. You finish college and get a stable girlfriend.
8. You get married with this Elisabeth girl who prepares incredible apple pies.
9. You have kids.
10. ????
11. No profit. The story repeats once again.

So basically we have this choice: either live the short period of time
you've been given to do so, in a manner that is unique and absolutely
different from that of most other people, or conform to the norm and
be a potential frustrated individual for the rest of your repetitive
life. Let's imagine for a second that you have terminal cancer and an
expected life span of 3 months. Are you going to spend them getting a
degree? Avoiding drugs? Avoiding conflict and potentially risky
activities? Playing nice and talking politically correct, even though
you feel like crashing your car away? No way in hell, you will try to
have a blast and experiment almost anything out there. You will do
drugs, you will risk your ass to death (after all, it's inevitable,
and that way you have a little control about how it's gonna happen or
where, probably not a hospital room).

Security is becoming pretty much the opposite of that. The true sense
of hacking is dead. Very few people if anyone truly does it for the
shake of doing it. I resigned from my security industry job past year
and made the decision to avoid doing this for a paycheck. And also
enjoyed the freedom of being able to tell people to shut the fuck up
and not worry about my 'professional reputation' being tarnished. I
could care less. So many people in the industry don't say a word just
because they believe their reputation might be tarnished. Others
simply play better in this happy world of 'everyone is neat and fuzzy'
(even though they might despise each other to the bone).

I don't come from a low end family (actually, the opposite, which
represented further trouble with my rather rebellious attitudes), and
I did have a rather expensive education (until I dropped out, after
getting my high school diploma). I had the opportunity to go through
one of those boring IQ tests (WISC-R if anyone cares, score is
irrelevant since everyone knows I'm mentally troubled in several
ways!) and found out that I didn't want to join Mensa's chocolate club
when I was offered to. I freaking hate chocolate. I had access to
expensive equipment (my mother indeed paid for that SPARC64 1U rack
box, thanks mom!) and I was given literature since I was pretty much
around 4-5. I was talking and writing by that age anyway (and yeah, I
was drawing penises like any normal kid out there, though the fact
that I still do it is clearly not 'normal' per se, but my friends
enjoy the barbecues). And I still despise being pushed towards living
through steps I didn't find the least appealing. And no, I don't have
a police record. I'm clean as a pearl and hard as a pillow! Just
kidding, but I'm clean. I swear. Well, maybe a battery but that was
all.

My current age is irrelevant as well, but don't let the juvenile style
fool you. I emancipated at 16 and started working early as well, and
for some time I truly believed in this whole idea of 'having a stable
life'. That was until I tried it. It didn't feel like it was the kind
of thing you want to run for 30 years. 20 years. 10 years. Definitely
not. Nowadays we are obsessed with extending lifespan. We want to live
forever. That's pretty much bullshit.

Like it's said in Moby Dick (man the harpoons!)... life is only
meaningful thanks to contrast. You can't feel warm if you don't feel
cold in some part of your body. In the same fashion as you can't feel
comfort if you don't experience disgusting situations once in a while.
It's not really about "Life Fast, Die Young" (and leave a corpse in
any case, obviously), it's more about being sure you've truly *lived*
when you are about to die. A long lifespan won't help you to find the
necessary contrast between experiencing life and having a meaningless,
futile one. You can't appreciate the time you've been given here
without knowing it's gonna be short and intense.

And you will likely ask yourself if I'm not on crack, meth or some
other hardcore shit while I'm writing this. Not really. I just feel
there's talent out there, and a lot of potential, being wasted working
in office cubicles. Being forced to live the way they are 'supposed'
to, and not how they would really like. Just because someone has been
in jail, doesn't mean that person is a waste. Just because you look
Arab doesn't mean you want to blow up a freaking circus, and just
because you work in the security industry doesn't mean you have to
take all the bullshit moving around it.

I just feel I'm pretty much done wasting my time with several things
and people around information security, and that it's the right time
to let someone else take the role of bringing some humor and joy over
here, like GOBBLES did in the past, among several others (likely
better than me, I'm such a poser!). There will be always people like
Dave, Brad, Mr. R, the turkey, and some others that keep it real and
fun, but there will be always people that have nothing better to do
than cringing, ranting and talking bullshit about someone else or
their work. And there will be me again some day, haha!

Keep hacking alive, life fast, and don't let the bullshit get to you.
And remember.... it's better to burnout than fade away! (no, this
ain't a suicide note, just in case ;P)

Yours truly,
Lance, the guy who writes long letters and prints them on toilet paper.
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave