Secrets of a Super Hacker


Date: Thu, 18 Aug 1994 14:25:22 -0600 (MDT)
From: "Rob Slade, Ed. DECrypt & ComNet, VARUG rep, 604-984-4067"
Subject: "Secrets of a Super Hacker" by Fiery

BKSCSUHK.RVW  940609

Loompanics Unlimited
P.O. Box 1197
Port Townsend, WA 98368 206/385-5087 fax 206/385-7785
loompanx@pt.olympus.net
"secrets of a super hacker",
Fiery, 1994; 1-55950-106-5, U$19.95

Despite Loompanics' reputation as a "dark side" publisher, this may be
a very good book.  It deals primarily with social engineering, despite
the purported coverage of other topics.  It would therefore be
valuable reading material around corporate lunchrooms, since
forewarned is just a little bit more paranoid and, therefore,
forearmed.  As those involved with data security in the real world
well know, cracking is basically a con job.  Thus, The Knightmare, if
he really is "super", is a con artist par excellence--and is pulling
off a really great con here!

Revealing the secrets of social engineering poses very little threat
to security.  Con men already exist and will continue to exist.
Cracker wannabes are unlikely to be able to carry off a successful con
if they need to rely on canned advice like this.  On the other hand,
it is much more likely to shock naive and non-technical users into an
awareness of the need for suspicion and proper procedures--albeit
possibly only temporarily.  Thus, this information is almost
inherently of more use in data protection than in data penetration.

As for technical help for the cracker; well, are you really expecting
great technical revelations from someone who knows there is a
difference between baud and bits per second--and gets it backwards?
Or, who thinks 140 and 19,900 baud are standard modem speeds?  Who
thinks Robert Morris' worm found "original" bugs?  (And who doesn't
know the difference between "downgrade" and "denigrate"?)  All the
successful hacks in the book rely on social engineering rather than
technology.  Lots of jargon is thrown in along the lines of, "You need
X," but without saying what X really is, where to get it, or how to
use it.

The official definition of a hacker in the book is of the "good side"
seeker after knowledge.  As it is stated early on, a hacker *could* do
lots of mischief--but doesn't.  In the course of the text, though, the
image is much more convoluted.  The book almost seems to be written by
two people; one who is within the culture and has the standard
confused cracker viewpoint, and another, sardonically aware of pulling
the wool over all the wannabes' eyes.  The chapter on contacting the
*true* hacker community is EST-like in its refusal to define when you
might have made it, or how.

Like I said, buy it for the corporate or institutional lunchroom.
Make sure that the non-techies get first crack at it.  If you'll
pardon the expression.

copyright Robert M. Slade, 1994   BKSCSUHK.RVW  940609