http://www.zdnet.com.au/insight/security/0,39023764,39116620-3,00.htm Name: Brian Martin Handle(s): Jericho, Security Curmudgeon Age: 30 Place of birth: South Carolina, USA Marital status: Single Current residence: Colorado, USA Job: Independent security consultant First computer: Tandy TRS-80 Best known for: Creating computer security Web site attrition.org The name Brian Martin might not ring a bell in the security sphere but "Jericho" certainly would. Martin is known for his work behind attrition.org, an online resource famous for cataloguing defaced Web sites and security vulnerabilities. He cheerfully admits to "hacking his brains out" in the past. If he was a burglar, Martin would be the type who'd break in and clean up your house. College life was cut short in his second year at architecture school. "I dropped out because I thought the program was horrid and they weren't modern," he said. Despite studying architecture and drafting, he wasn't allowed to use a computer to complete assignments. One of his silliest hacks, he told ZDNet Australia , was "breaking into a machine to run 'satan' [a vulnerability scanner] after its release only to find that we had to install Perl and a new gcc [compiler] for the admin because satan wouldn't compile." "You could tell a hacker [was in] a system back then ... it ran smoother than any other on the network. Every system we hacked was made more secure, stuff fixed and upgraded, and boxes were more streamlined. "It took us a full day to get the machine [to] run satan. We ran it once, laughed, and never used it again," he said. One time, paranoia got the better of him. "I hacked into the phone switch to see if there was a trace on my line ... if there was, my 'investigation' would have been recorded. Back then, half the phone switches had no login. [You'd] connect, ctrl-d to 'wake it up', and you'd have access to 200,000 phone lines," he recalled. But those were memories from a bygone era. Today, he's a reformed character. Sharing his life with three cats, Martin works as a freelance security consultant. But, he's damning in his condemnation of the security industry. "I think the industry sucks. It's self destructing and over run with criminals of one type or another," he said. "Everyone is out for a dollar, they don't care about security any more. It's all about name recognition, egos and cheating people out of money. [It] has been for a while ... to the point where I just don't like it." It's the dishonesty and lack of "real" skills that annoys him the most. Then there's the rampant practise of overcharging for products which Martin describes as "shoddy, band-aid solutions". "Think about it. Consultants are hired to tell customers what security they need but they overcharge these clients, lie about the solutions ... that's fraud ... the industry is full of criminals," he said. Thumbing through his resume is a sobering experience. As a supporter of infamous hacker Kevin Mitnick -- who has been imprisoned three times for computer crime -- Martin sifted through 10 gigabytes of electronic evidence and 1,600 pages of witness testimony in his role as a technical consultant for the defence team. As testament to his versatility as a public speaker, Martin has also delivered presentations to law enforcement agencies, at the famous DefCon hacker conference, and Blackhat briefings. Despite his accomplishments, he once thought about throwing it all away but realised he couldn't bring himself to disconnect from the industry completely. "I like osvdb, and I like my friends in the industry, and working a few days a month to live comfortably is nicer than 40 hours a week in a store," he says. Osvdb is the Open Source Vulnerability Database, a vast online archive of security vulnerabilities, maintained in part by Martin, who formed many of his friendships online. "I'm still good friends with people I met online as far back as 1995," he said. "I met all of the attrition staff online at first, [and] eventually in person. It started out with a few mails, turned into chat for most of the day and eventually led to meeting." "Attrition started with two or three of us, and the rest got involved as they found a piece they wanted to help with," he added. Martin draws no distinction between online communications and face-to-face interaction, and believes anyone who thinks it strange just doesn't understand. "If you meet someone and become good friends through talking and hanging out, then he moves across the country, do you stop being friends with him? Of course not. "Is it really any different that instead of a face-to-face chat, it's done via text? Does it invalidate our conversations, what we talk about, how we choose to bond, and how we become friends?" Friends for life is obviously his mantra ... be they virtual or otherwise. -- Patrick Gray. _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Wed Apr 21 2004 - 05:32:10 PDT