Interview with Tom.

ecksor · 16-04-2001 07:48PM #1

In an effort to gain more insight to the enigmatic security guru Tom, I wandered down into the dark depths of Phishy to gain more insight into this mysterious character.

[06:55] *** Joins: sysTemT [] has joined #openbsd
[06:55] <sysTemT> lo
[06:55] *** sysTemT [] is now known as ToM
[07:02] [#OpenBSD] Names: (3 total)
[@ChanServ ] [@ecksor ] [ ToM ]
[07:02] <ecksor> Hello.
[07:09] <ToM> how are we
[07:11] <ToM> I wish some body would bring him for a walk it would losen the lad up
[07:11] <ecksor> Right.
[07:12] <ecksor> I was reading your stuff on boards.
[07:13] <ToM> yep
[07:13] <ecksor> I see you work in security.
[07:14] <ToM> no I dont
[07:14] <ToM> I work in Iomega Ireland
[07:14] <ecksor> I see.
[07:14] <ToM> I lied on the boards
[07:14] <ecksor> Why?
[07:15] <ToM> notting else to do
[07:15] <ecksor> I see.
[07:15] <ToM> I work in Iomega and Client Logic as a hardware linux spealist
[07:15] <ecksor> I see.
[07:15] <ecksor> How did you end up at that craic?
[07:16] <ToM> I started off doing security for shell companys back about 2 years ago
[07:17] <ToM> done a few sites ran a shell provider and hosting company with an american lad named adult shells ..
[07:17] <ecksor> What's a shell?
[07:17] <ToM> www.theboxnetwork.net
[07:17] <ToM> thats my new company
[07:17] <ToM> not fully up at the moment
[07:17] <ToM> a shell is a user account on a linux box
[07:17] <ecksor> Is it now.
[07:18] <ToM> I own 2 linux boxes go-dedicated in new mixico and france and I resell business hosting for darklite.com
[07:18] <ToM> I was a jockey for the past 3 years
[07:18] <ToM> but I always knew I would end up in computers
[07:18] <ToM> so I went for a test and an interview and got the job
[07:19] <ToM> simple as that ... I started off doing tech support
[07:19] <ToM> and worked my way up
[07:19] <ecksor> I thought a shell was a command line user interface to a unix like environment (not
necessarily linux), that provided things like job control etc, and not related to an account at all,
apart from the last entry in /etc/passwd.
[07:19] <ToM> I am only 18 btw 19 in june
[07:19] <ecksor> What do I know I suppose.
[07:19] <ecksor> That's an excuse I guess.
[07:20] <ToM> a shell is a user account on a unix box no matter how fancy you make it out to be
[07:20] <ecksor> No, it's a program such as sh/csh/ksh/bash/whatever that does what I just described.
[07:20] <ToM> specialist even
[07:20] <ToM> its not a program I am afraid
[07:20] <ecksor> An account could be made to just run a menu interface or lynx etc, not necessarily a shell
on login.
[07:21] <ToM> yes you mean unix system V or somthing like that
[07:21] <ToM> an interface which lets a users use selected services
[07:21] <ecksor> I mean any unix.
[07:21] <ToM> bbs, *****x etc..
[07:22] <ToM> yes but the main G.I for a menu interface is system V
[07:22] <ecksor> G.I ?
[07:22] <ToM> Graphical Interface
[07:23] <ecksor> System V is a type of unix, originally developed in Bell Labs, latest and last version
being System V Revision 4, developed with Sun Microsystems around 1989, which forms the core of Solaris,
HP/UX, Irix and may more obscure unix variants.
[07:23] <ecksor> It is not a Graphical User Interface.
[07:23] <ToM> are you reading this from some where
[07:23] <ecksor> Nope, I've studied quite a lot about unix.
[07:24] <ToM> yeah right
[07:24] <ToM> who the hell remembers dates like that
[07:24] <ecksor> I do.
[07:24] <ecksor> I've a good memory, ask anyone.
[07:24] <ecksor> Anyway, I might be wrong.
[07:24] <ToM> give me a sec I will go to ilug to be as smart as you
[07:24] <ecksor> It might be around 1988 or 1990.
[07:24] <ecksor> I was being approximate on the date.
[07:25] <ecksor> I unsubscribed from ilug, too much junk.
[07:26] <ToM> ilug is good for hardware problems etc but there should be certain parts you can subscribe to
[07:26] <ToM> rather than the whole freaken mailing list
[07:26] <ecksor> Perhaps.
[07:26] <ToM> what is your profession btw ?
[07:27] <ecksor> Programmer.
[07:27] <ToM> in what ?
[07:27] <ToM> c ?
[07:28] <ecksor> C, Java, Perl, python, VB, JavaScript, VBScript, SQL
[07:28] <ecksor> I know a little bit of Scheme also, currently learning Haskell.
[07:28] <ToM> c would interested have you made anything interesting ?
[07:29] <ecksor> I'm also a good shell scripter.
[07:29] <ecksor> What do you find interesting?
[07:29] <ToM> I have done a few good pices of shell code not released yet but soon
[07:29] <ecksor> I really only use C for unix systems programming exercises, manipulating log files etc.
[07:29] <ToM> huh
[07:29] <ToM> such a waste I am studying c at the moment
[07:30] <ecksor> good for you.
[07:30] <ToM> learned most so far from studying exploits etc..
[07:30] <ecksor> Right.
[07:30] <ToM> but I hope to go to collage at some stage
[07:30] <ecksor> And what do you plan to do with C ?
[07:30] <ToM> to study c etc..
[07:31] <ToM> what do I plan to do with c ... I will start off coding exploits then buy my way into a top
security firm for a few years then open my own
[07:31] <ToM> he he
[07:31] <ecksor> Coding C isn't the most important part of coding exploits.
[07:32] <ToM> want to see a pscanner I edited the c on to make it detect redhat 7
[07:32] <ecksor> More important is a good understanding of ABIs and assembly, followed by an ability to find
the vulnerabilities in the first place.
[07:32] <ecksor> Not really.
[07:32] <ToM> k
[07:33] <ecksor> You haven't asked what an ABI is.
[07:33] <ecksor> Btw, go to whatis.com and look up the word "shell"
[07:35] <ToM> hmm you where reading all your answers from a web site
[07:35] <ToM> lameo
[07:35] *** Parts: ToM [] has left #openbsd

[This message has been edited by DeVore (edited 18-04-2001).]

Hobbes · 16-04-2001 08:22PM

lol

spod · 16-04-2001 10:05PM

bless his socks

Lenny · 16-04-2001 10:24PM

f00

logic1 · 16-04-2001 10:34PM

Ah proof of what we all knew Tom actually was. Full of manure. (see my clever way to avoid the boards censor but still seem like a double hard *******? oops....)

.logic.

Gerry · 17-04-2001 12:32AM

Hmm, I'm starting to think maybe I'm not the dumbest ******* around here. "A shell is a user account on a unix box" hahahaha

Koopa · 17-04-2001 04:21AM

heh, fair enough

just in his defence (dunno why im doing this but anyway im bored) a shell does not have to be an interface to a unix system, windows command.com is also a shell, a shell is really just jargon meaning "interface", you can have graphical shells too..

<ecksor> An account could be made to just run a menu interface or lynx etc, not necessarily a shell
on login.

well in this case, lynx, or the menu interface, would be the shell.. by definition

ecksor · 17-04-2001 05:18AM

Hm, how come Tom didn't point all this out?

It depends on context. A shell is generally a "command processor" rather than just a user interface. Windows explorer and command.com are considered shells because they generally allow you to execute any commands on the systems that you have permissions to execute. The first instance I came across the term was on an Amiga system years ago.

A menu interface or web browser will not necessarily allow that functionality. Lynx or the "menu interface" would only be regarded as shells due to being in the "shell" field in the /etc/passwd file.

Anyway, you could pick out a few other inaccuracies in what I said if you looked hard enough, for example svr4 was released in 1990, not 1989, and went up to svr4.2 in 1992, so it wasn't the last relase. And for quite a lot of exploits, an intimate understanding of a system's ABI (application binary interface) isn't that essential either, but then again, for the type of exploits that Tom seemed to be talking about I'd recommend any budding hackers to become familiar with it

[This message has been edited by X_OR (edited 17-04-2001).]

Lenny · 17-04-2001 11:31AM

hmm I wonder if Tom has seen this at all yet

and why hasn't he replyied

Hobbes · 17-04-2001 11:36AM

shell [orig. {Multics} n. techspeak, widely propagated via Unix] 1. [techspeak] The command interpreter used to pass commands to an operating system; so called because it is the part of the operating system that interfaces with the outside world. 2. More generally, any interface program that mediates access to a special resource or server for convenience, efficiency, or security reasons; for this meaning, the usage is usually `a shell around' whatever. This sort of program is also called a `wrapper'. 3. A skeleton program, created by hand or by another program (like, say, a parser generator), which provides the necessary incantations to set up some task and the control flow to drive it (the term driver is sometimes used synonymously). The user is meant to fill in whatever code is needed to get real work done. This usage is common in the AI and Microsoft Windows worlds, and confuses Unix hackers.

Historical note: Apparently, the original Multics shell (sense 1) was so called because it was a shell (sense 3); it ran user programs not by starting up separate processes, but by dynamically linking the programs into its own code, calling them as subroutines, and then dynamically de-linking them on return. The VMS command interpreter still does something very like this.

So Koopa is correct, however I have never heard the term shell used in a windows/dos environment only really in UNIX.

ecksor · 17-04-2001 11:44AM

As I said, it depends on the context, which in this case corresponds to the first definition offered there. Number two corresponds more to what Koopa was describing.

The context that Tom was talking about would suggest a shell such as a sh/csh/ksh etc program on a unix like machine, as distinct from a user account, which Tom seemed to think.

Talliesin · 17-04-2001 05:08PM

however I have never heard the term shell used in a windows/dos environment only really in UNIX.

It doesn't come up as much since you generally have only the one shell, or two if you count the command line as a seperate interface. Since you've the one shell and you're stuck with it you don't spend that much time thinking about it. Even if you are making calls to shell.dll windows coders don't think in terms of "shells".

I have heard it mentioned quite a bit in relation to Win9x and WinNT40 sharing the same shell, although the rest of the OS is quite different, but I've only really noticed it when I accidently deleted a dll on cormac's machine which meant he briefly didn't have one

ecksor · 17-04-2001 05:45PM

Originally posted by ToM-theboxnetwork.net:
Cliph from #hackers_ireland anit he the guy who runs csd.dot-ie.com and dot-ie.com which is an hosting company which was hosting a hacking site for Bedlam for Garda Scanner codes ?

Nope. I'd go into more detail, but none of that is accurate, so no point in bothering.

Since then Bedlam as changed his name servers but if any one from any law firm would like the web logs 3 admins have them logged for future business in these matters.

Law firm? I thought you'd be threatening people with the Guards or something considering the above reference to scanner codes. Anyway, they know where to find me, and are always welcome.

Dude, what is with your spelling and grammar? anit is supposed to be ain't? No punctuation, it's terrible.

ecksor · 17-04-2001 05:49PM

Oh, btw, there are three lines missing from the log just before the line that makes reference to taking someone for a walk, which is why that bit is a bit out of context (my mistake, had to copy/paste in several chunks from my eterm window and wasn't careful).

fisty · 17-04-2001 06:02PM

grow up and stop trying to out do eachother with jargon.
I know a shell definition blah blah shut up like? - you are all like children.
and you are the people in charge of websites and servers, admining and stuff?
its not a competition on who knows the more l33t crap - this board is for security issues not painting someone in an ugly light.
keep your poxy logs off here - nobody cares.

[cut (Admin) - because we are gay]

ecksor · 17-04-2001 06:27PM

I should point out that that post was made from <snip>

[This message has been edited by DeVore (edited 18-04-2001).]

Hobbes · 18-04-2001 11:39AM

Tom, X_OR was pointing (and I may be wrong) that Fisty has that IP address, not you (we know you do though from another thread).

fisty · 18-04-2001 01:36PM

The moderator should have more sense than to be putting my companies firewall address on the board -
im going to lodge a complaint to the boards.ie admin as the ip logging is for your ADMIN use not - to be posted up on the boards for the public to see.
you can say we use the same firewall but TAKE DOWN THE ADDRESS.

Hobbes · 18-04-2001 01:41PM

erm, while it's true that the IP's can only be seen by the admins, there is no reason they can't post it publically if they feel so. the fact you splatter your IP address anywhere you go on the net means it's not exactly top secret.

As for complaining to the admins, well Devore + X_OR are pretty much as high as you can go.

fisty · 18-04-2001 01:55PM

My complaint has already been sent to the people who maintain the boards overall.
I'm sure they will look on the postings distainfully.
Posting someone's details in this fashion is UNACCEPTABLE and I am sure the people who moderate this board will agree.
The IP of a user is for the ADMINS use - Nobody elses.
As for your comment Hobbes: That just goes to show that your feelings on other people details are as lax as X_Or's.
I just hope this gets cleared up fast.

Celt · 18-04-2001 02:11PM

You really shouldnt post people's ip's publicly on the board .

fisty · 18-04-2001 02:13PM

I appreciate the support WhiteLancer but the longer that address stays there the more likely it is someone will save it to file and possible do something malicious with it.
Could you remove it please as X_Or doesn't seem to give a ****.
Cheers again,
Fisty.

Hobbes · 18-04-2001 02:14PM

We don't normally. It is really only posted when you have someone acting the muppet in certain ways, like oh say threatening the boards.

DeVore · 18-04-2001 02:21PM

Sending emails "demanding" certain actions isnt a good start to getting on my good side after people from your location are threatening the site.

Frankly, you're mailed arrived as I was ringing directory enquiries to get the number for Client Logic. Given that we are at least involved in SOME communication, I'm happy to take this offline and solve it privately.

I dont respond well to threats and demands. Ask around. I'm funny that way.

Tom Murphy.

ps: for two people so ardently into their security... why are you concerned that anyone knows your firewall IP???

Surely the reason for *having* a firewall is to keep bad people at bay... anything else is security-by-obscurity...

Hobbes · 18-04-2001 02:22PM

Originally posted by fisty:
I appreciate the support WhiteLancer but the longer that address stays there the more likely it is someone will save it to file and possible do something malicious with it.

But I thought you guys were masters of security?

So you should have nothing to fear.

Not that a hacker is going gain some advantage by just knowing an IP address. Btw, I'm pretty sure the firewall gets hit a lot more for exploits then you realise and most from people in work web browsing.

fisty · 18-04-2001 02:25PM

I never said I was any kind of security guru and never claimed to be
get your facts straight.
I really know f*ck all and couldn't give 2 Sh*ts about security and never said I did.
I just don't want any tom dick and harry coming across this thread and knowing where i work.
Oh and by the way,
I didn't threaten anybody.

fisty · 18-04-2001 02:28PM

don't you get it.
I'm not worried about my companies security.
other people get paid to take care of that.
I just don't want people knowing where i work.
tom is the security guy.
just get my bloody work domain off this thread.

Hankster · 18-04-2001 02:44PM

I happen to work for the same company Tom works for and I know his real role in life. He is not a security guru of any sorts, but merely a lad who take phone calls.

This is a statement of fact. Tom does what he does, but he's also a liar.

Talliesin · 18-04-2001 02:44PM

I did not know you where a hacker x_0r

I thought everyone here knew X_OR worked in security and has also done programming.
In fact you were claiming to know about security as well.
Maybe you should learn the definitions of words you use, it's always good to have command of the English language.

Jademan · 18-04-2001 02:46PM

He's been a very bold lad i hear, misusing co. resources and the like!

Again FACT.

Hankster · 18-04-2001 02:48PM

I make absolutely no claims to be a secrity guru, ha><0r or anything of sorts. Tom's pulled the wool over your eyes. That's all.

Interview with Tom.

Comments