[ISN] Hackers: Under the hood - Peiter Mudge Zatko

From: InfoSec News (isn@private)
Date: Sun Apr 25 2004 - 23:32:57 PDT

  • Next message: InfoSec News: "[ISN] Feds Making Plans for Security Clearinghouse"

    http://www.zdnet.com.au/insight/security/0,39023764,39116620-6,00.htm
    
    Name: Peiter Mudge Zatko
    Handle(s): Mudge, PeiterZ
    Marital status: Single
    Current residence: New England, USA
    Job: Chief Scientist, Intrusic
    First computer: Tektronix 4051
    Best known for: Creating L0phtCrack
    Area(s) of expertise: "Thinking outside of the box"
    
    
    It's hard to tell if Peiter Mudge Zatko was born eccentric or whether
    he's just a stickler for privacy.
    
    Take the response to ZDNet Australia's request for his age as an
    example: "[I'm] not trying to be coy, but my age, race, religion,
    etcetera, are always items I try not to divulge. The rationale is
    probably quite different than what most people infer. It is as
    follows: without irrelevant information such as skin colour and the
    aforementioned items, people are stripped of data that normally would
    encourage functional fixation."
    
    It seems Zatko's brain has been over-clocking from a very young age.
     
    "When I was growing up, around the age of five or so, I couldn't wrap
    my head around 'life'.
    
    "The notion of death being an accepted unknown without any further
    details drove me bonkers," he told ZDNet Australia.
    
    Some may argue that existentialist dilemmas such as these belong to
    adults, or at the very least in the adolescent domain. But Zatko was
    introduced to a myriad of advanced concepts at an extremely tender
    age.
    
    "In my crib, as an infant, my father sanded down the edges of early
    60s-type computer components ... like the face plates of systems with
    glowing [amber] numeric 'vacuum tube style' readouts," he recalled.
    
    The way Zatko speaks of him suggests that his father was his mentor in
    life.
    
    "I asked my father what he believed in -- what his religious beliefs
    were. He refused to tell me. Instead, he started taking me to churches
    of different denominations each Sunday and would ask me what my
    interpretations were.
    
    "Several years later I came up with my own 'codified' religious
    beliefs," Zatko said.
    
    And he's fanatical about getting the job done. "Anything that I do, I
    must engross myself in totally," he said.
    
    To Zatko, there's no distinction between work and personal life, and
    readily admits that his life knows no balance. "There's also no
    difference between business and personal relationships. When I decided
    to get into Golden Gloves Boxing and Muay Thai [boxing] it was to
    master them. When I deal with computers it is to entirely comprehend
    the socio-psychological interactions and weaknesses they introduce,"  
    he revealed.
    
    His parents, while educated, came from fairly blue-collar backgrounds.  
    He said his mother "experienced the depression" while his father grew
    up working on a farm. As a child, Zatko was given musical training,
    and was taught science and mathematics while maintaining a "respect
    for manual labour and living off the land".
    
    He still holds dear to his heart the values his parents instilled in
    him while growing up. "I was intentionally given freedom and a feeling
    of independence at a young age. In looking back the rationale was
    obvious: learn decision making and life choices while you are still
    able to be protected paternally," he explained. "I watched people self
    destruct at the tail-end of high school and in college -- where it was
    obvious that that was their first taste of freedom."
    
    In 2000, Zatko was invited to participate in a security summit chaired
    by former US President Bill Clinton. "I was afforded the rare
    opportunity to hang out with him afterwards and engage in some private
    conversations," he said. "I have tons of stories but they're too
    long."
    
    As one of the founding members of grey hat outfit L0pht Heavy
    Industries -- which later became the foundation for security firm
    @Stake -- he was responsible for the creation of L0phtCrack, a product
    still sold by @Stake.
    
    L0pht Crack is a simple product and a remarkably affective password
    cracker for Windows-based systems. Zatko insists he wrote it to prove
    a point and not for commercial reasons.
    
    "When I first created and wrote it, one of the goals was to show that
    the Microsoft systems being deployed could not embody 'secure'
    encrypted passwords ... not that there were some passwords that were
    stronger than others.
    
    "This didn't mean that people should not use Microsoft technology but
    rather they should understand where their security perimeters needed
    to be in order to take advantage of the [Microsoft] platform without
    exposing undue risk to infrastructures," he said.
    
    "Is something like L0phtCrack still useful? Yes. Is this an example of
    people misinterpreting what a tool is showing them and potentially
    having a false sense of security because of it? Unfortunately, the
    answer is again yes," he added.
    
    Zatko believes that example -- the misuse of a tool like L0phtCrack --
    applies to many security products. He has some advice to help improve
    the situation, though: "Share, be open, communicate, ask questions to
    all, share the answers that help you with [everyone], do not think in
    black and white, do not hurt others or yourself. Improve the world,
    not your own self image -- the former is possible, and the latter is
    not accomplished without being a part of the former." -- Patrick Gray
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Mon Apr 26 2004 - 03:49:56 PDT