[ISN] Hackers: Under the hood - Peiter Mudge Zatko
http://www.zdnet.com.au/insight/security/0,39023764,39116620-6,00.htm Name: Peiter Mudge Zatko Handle(s): Mudge, PeiterZ Marital status: Single Current residence: New England, USA Job: Chief Scientist, Intrusic First computer: Tektronix 4051 Best known for: Creating L0phtCrack Area(s) of expertise: "Thinking outside of the box" It's hard to tell if Peiter Mudge Zatko was born eccentric or whether he's just a stickler for privacy. Take the response to ZDNet Australia's request for his age as an example: "[I'm] not trying to be coy, but my age, race, religion, etcetera, are always items I try not to divulge. The rationale is probably quite different than what most people infer. It is as follows: without irrelevant information such as skin colour and the aforementioned items, people are stripped of data that normally would encourage functional fixation." It seems Zatko's brain has been over-clocking from a very young age. "When I was growing up, around the age of five or so, I couldn't wrap my head around 'life'. "The notion of death being an accepted unknown without any further details drove me bonkers," he told ZDNet Australia. Some may argue that existentialist dilemmas such as these belong to adults, or at the very least in the adolescent domain. But Zatko was introduced to a myriad of advanced concepts at an extremely tender age. "In my crib, as an infant, my father sanded down the edges of early 60s-type computer components ... like the face plates of systems with glowing [amber] numeric 'vacuum tube style' readouts," he recalled. The way Zatko speaks of him suggests that his father was his mentor in life. "I asked my father what he believed in -- what his religious beliefs were. He refused to tell me. Instead, he started taking me to churches of different denominations each Sunday and would ask me what my interpretations were. "Several years later I came up with my own 'codified' religious beliefs," Zatko said. And he's fanatical about getting the job done. "Anything that I do, I must engross myself in totally," he said. To Zatko, there's no distinction between work and personal life, and readily admits that his life knows no balance. "There's also no difference between business and personal relationships. When I decided to get into Golden Gloves Boxing and Muay Thai [boxing] it was to master them. When I deal with computers it is to entirely comprehend the socio-psychological interactions and weaknesses they introduce," he revealed. His parents, while educated, came from fairly blue-collar backgrounds. He said his mother "experienced the depression" while his father grew up working on a farm. As a child, Zatko was given musical training, and was taught science and mathematics while maintaining a "respect for manual labour and living off the land". He still holds dear to his heart the values his parents instilled in him while growing up. "I was intentionally given freedom and a feeling of independence at a young age. In looking back the rationale was obvious: learn decision making and life choices while you are still able to be protected paternally," he explained. "I watched people self destruct at the tail-end of high school and in college -- where it was obvious that that was their first taste of freedom." In 2000, Zatko was invited to participate in a security summit chaired by former US President Bill Clinton. "I was afforded the rare opportunity to hang out with him afterwards and engage in some private conversations," he said. "I have tons of stories but they're too long." As one of the founding members of grey hat outfit L0pht Heavy Industries -- which later became the foundation for security firm @Stake -- he was responsible for the creation of L0phtCrack, a product still sold by @Stake. L0pht Crack is a simple product and a remarkably affective password cracker for Windows-based systems. Zatko insists he wrote it to prove a point and not for commercial reasons. "When I first created and wrote it, one of the goals was to show that the Microsoft systems being deployed could not embody 'secure' encrypted passwords ... not that there were some passwords that were stronger than others. "This didn't mean that people should not use Microsoft technology but rather they should understand where their security perimeters needed to be in order to take advantage of the [Microsoft] platform without exposing undue risk to infrastructures," he said. "Is something like L0phtCrack still useful? Yes. Is this an example of people misinterpreting what a tool is showing them and potentially having a false sense of security because of it? Unfortunately, the answer is again yes," he added. Zatko believes that example -- the misuse of a tool like L0phtCrack -- applies to many security products. He has some advice to help improve the situation, though: "Share, be open, communicate, ask questions to all, share the answers that help you with [everyone], do not think in black and white, do not hurt others or yourself. Improve the world, not your own self image -- the former is possible, and the latter is not accomplished without being a part of the former." -- Patrick Gray _________________________________________ ISN mailing list Sponsored by: OSVDB.org --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
participants (1)
-
InfoSec News