💾 Archived View for gemini.spam.works › mirrors › textfiles › groups › CDC › dead_cow.txt captured on 2023-01-29 at 15:00:00.

View Raw

More Information

⬅️ Previous capture (2020-11-01)

-=-=-=-=-=-=-

BBC Panorama
Interview with  Deth Veggie and Sir Dystic of the Cult of the Dead Cow

CORBIN	
Deth Veggie, what is the Cult of the Dead 
Cow?

DETH VEGGIE	
The Cult of the Dead Cow started out back in 
the early 80s as initially the republished 
text files.  Actually the first e-zines as 
now they're called, and although we were 
involved with the computer underground we 
weren't the same as other hackers.  It sort 
of evolved to the point where it is today 
where it's still today our primary focus 
isn't necessarily technical.  We have a lot 
of like social aims, social activity, but we 
also have.. there's the technical aspect.

CORBIN	
What's the philosophy of Cult of the Dead 
Cow?

DETH VEGGIE	
Well one of our primary functions is, is we 
try to bring information to people that they 
normally wouldn't ever see from other 
channels.  We publish a lot of text files, a 
lot of them are not at all technical but not 
anything that you're likely to find from 
other sources.  We basically like to 
challenge people's thought ideas and make 
them think in new ways.

CORBIN	
And hacking, what's the appeal?

DETH VEGGIE	
well I mean if you consider hacking to be the 
manipulation of a system to make it do 
something, you know, basically you can hack 
anything.  It doesn't have to apply 
specifically to computers.  You can hack 
electronics, media, information, there's 
social hacking, and basically it's a certain 
amount of power.  I mean you can make 
something do something that it wasn't 
intended to do.

CORBIN	
And that's the appeal of it?

DETH VEGGIE	
It's certainly part of the appeal.  It's the 
modern exploration you know.

SIR DYSTIC	
I think for me I consider a hacker to be 
anyone who takes something apart and puts it 
back together better, and currently it seems 
like the output,  the aspect that it takes is 
computer hacking but historically there's 
always been people with that sort of mindset 
or attitude, we can start like people who I 
consider to be of the hacker mindset like 
Benjamin Franklin or Aristotle, people like 
that, you know, they basically did things 
their own way.

CORBIN	
Okay, you've obviously explained that hacking 
can apply to different fields and not just 
computers, but obviously computers is what 
we're talking about here today, and Sir 
Dystic you know when you go on line, when you 
hack, for want of a better word, that's the 
word we're using, what do you feel?  I mean 
what do you get out of it?  What's the appeal 
of it?

SIR DYSTIC	
Well like I said, it's a form of exploration.  
You're trying to, you know, you're exploring 
ideas or computer systems rather than you 
know, geographical land, but it's still the 
idea of being able to go into something and 
find new things that nobody else has 
discovered yet before in the sense of hacking 
being breaking into computers certainly a lot 
of people do it because they're going into 
places that they wouldn't normally be 
allowed.

CORBIN	
And the world at large finds it frightening 
the idea of people hacking into their 
systems?

SIR DYSTIC	
People are frightened by pretty much anybody 
who can do something that they can't and they 
don't understand.

DETH VEGGIE	
I also think that it's important to see that 
the danger isn't from hackers in terms of 
kids.  The danger in terms of computer 
security are from aspects like organised 
crime or espionage, things like that. The 
danger is not from hackers like Sir Dystic or 
myself, or even just other kids out there.

CORBIN	
You showed the way?

DETH VEGGIE	
The way was already out there.  The people 
already were aware of it.  Another thing 
about hackers is that they don't create the 
whole, security holes, they basically just 
find them and exploit them.

SIR DYSTIC	
Discover them.  They discover them.
CORBIN	So would you disclaim all responsibility that 
you put your tools out there and let people 
use them?

SIR DYSTIC	
People use our tools for all sorts of things 
and I mean people can use any product in the 
way it's not prescribed and that in many 
cases is illegal and certainly using a 
programme like Back Orifice to break into a 
computer would be illegal, but in truth it's 
really not even a programme to break into 
computers, it's really once a computer has 
been compromised it allows you to control 
that computer completely.

CORBIN	
Well let's talk about Back Orifice.  Sir 
Dystic why did you write this programme Back 
Orifice?

SIR DYSTIC	
That work it essentially came out of.. it was 
a small simple tool I was writing and then 
when I realised the possibilities of how far 
it could be taken, I basically just added 
every feature to it I could think of and we 
tried to point out to the world that this 
really one of the easiest ways that your 
computer can be compromised and when that 
happens there's basically no limit to what a 
remote attacker can do.  All it takes is 
basically coating it, and what I was trying 
to show is that it really doesn't even take 
all that much effort to code that and it's a 
very small, simple programme and it works 
very efficiently.

CORBIN	
So you're saying you wrote it to show up the 
faults in the system.

SIR DYSTIC	
Sure.  I mean my main issue at the time was 
with Windows 95 which was essentially 
released without any security built into it.  
It had very, very, minimal security and that 
was a marketing decision by Microsoft, they 
wanted to have as many people be able to use 
it as possible.  But by sacrificing security 
it's no longer a secure platform.  It's 
certainly not anything that people should be 
doing things like online commerce and online 
banking from but they are marketing it for 
that purpose.

CORBIN	
But they would say that the fact you wrote 
this software is very malicious to show up 
the faults in the thing.

SIR DYSTIC	
It's malicious to for instance show that 
there's a faulty seat belt in a car?  I don't 
understand how that's malicious.

DETH VEGGIE	
I think it's also.. the point is that there 
are already things like that out there.  In 
fact when we released Back Orifice all these 
people came out of the woodwork and went like 
"hey I had something that did this exact same 
thing months ago." And because nobody had 
announced it publicly, nobody was protected 
against it.  Nobody knew that hey, you know, 
when I'm using my credit card to buy shoes on 
line, somebody could be capturing that credit 
card information.  Nobody knew that their 
computer was open to basically anybody who 
wanted to take a look at it.

CORBIN	
But surely when you create something as 
powerful as Back Orifice that could have such 
an evil purpose in the wrong hands, that's 
very irresponsible.

DETH VEGGIE	
What I was going to say is that when we 
released it we consciously made several 
decisions.  We made limitations as far as it 
would go because we didn't want it to be 
abused too much, like things like not making 
it viral in that it wouldn't reproduce 
itself, and not making it polymorphic, things 
like that.

CORBIN	
It wouldn't change itself?

DETH VEGGIE	
So it wouldn't be impossible to control.

SIR DYSTIC	
But basically I mean the anti-virus' response  
to it was they started scanning for the Back 
Orifice programme.  One of the interesting 
things was at that time they also started 
scanning for a bunch of other similar types 
of applications, many of which had been 
around for six months to a year, but they had 
never bothered to scan for those programmes 
because nobody was talking about it, nobody 
was making an issue.  If we'd wanted to be 
malicious about it, we wouldn't have made as 
much noise about it as we could.  We tried to 
get as much media about it as possible 
because by raising the awareness of the issue 
is the only way that anything is going to get 
done about it.  If we'd wanted to be 
malicious we would never have told anybody 
about it and we'd be out there exploiting 
people successfully because.

CORBIN	
Yes, but aren't people using your programme 
in a malicious way?  Isn't that the end 
result of what you've done?

DETH VEGGIE	
I think when we released it we were very -
this may have been kind of idealistic of us 
but I know that I personally, I hoped and I 
really believed that by releasing something 
that was this powerful, Microsoft in this 
case, would be forced to fix the fundamental 
problems.  The fundamental vulnerabilities, 
whether or not someone is using a programme 
to exploit them, are still there and that's a 
problem.  I mean I use Windows computers.  
Most of the world.. you know, single most 
popular operating system, and it's pretty 
scary that there is no security inherent and 
we hoped that we'd be able to force them to 
fix that.  Unfortunately the response turned 
out to be basically spin control from the 
marketing department.

CORBIN	
What about Microsoft's response to your 
product?

DETH VEGGIE	
They basically buried their head in the sand 
and said that it wasn't at all a problem and 
they put out a couple of press releases going 
point by point talking about issues and our 
response at the time was to go through and do 
a point by point response, showing how each 
of their responses was either misleading or 
simply untrue, or many of them at least, 
certainly not all of them.  And you know we 
really didn't even like make that much of a 
big deal of it after that, but within a 
matter of months Back Orifice had become so 
widespread that you could pretty much check 
any sub net in the world and find it on one 
or two machines.

CORBIN	
But surely that's the point.  You created it 
and you say you wanted to show up the flaws 
in the system.  But other people out there 
went and used it for nefarious, malicious 
purposes.

SIR DYSTIC	
The fact that it was on those machines 
doesn't actually mean that it's being used 
for malicious purposes.  In fact huge numbers 
of people actually mistakenly infected 
themselves because they heard on the media, 
and this was something I totally didn't 
expect to happen, they heard about Back 
Orifice in the media, they went to our 
website and downloaded it, not looking at the 
documentation at all they went and ran every 
single programme, and one of those programmes 
of course is the programme which runs the 
server on your computer.

CORBIN	
But surely it shows the dangers of creating 
such a powerful tool which, in the wrong 
hands, can really be out of control?

SIR DYSTIC	
Certainly but it's not really any different 
than any other remote administration system.  
Somebody has Microsoft, someone wrote 
administration system installed on their 
computer and their computer's been 
compromised.  You can control the system 
remotely through that.  Ours is just 
incredibly small, efficient and has a lot of 
functionality.

DETH VEGGIE	
I think that we took some of that into 
consideration when we were designing B02K the 
second version, for instance since we made it 
so that it didn't have a default port and 
password so people couldn't accidentally 
install it and they actually had to set it up 
to things.  But in my view I think that the 
ultimate responsibility for these problems 
lies not with us for pointing them out but 
with the people who created a fundamentally 
flawed product in the first place.  It's no 
more the responsibility for people dying in 
Ford Pintos was not Ralph Nader saying hey 
look you've run into a Ford Pinto from behind 
it explodes, it was Ford's responsibility for 
building something that exploded when you ran 
into it.

SIR DYSTIC	
But more importantly than even really forcing 
Microsoft to fix the problem, which obviously 
they're not going to do because that would 
require essentially abandoning one of their 
entire platforms, it's more important that 
people are aware that these are issues.  
People who get their computer and go on line 
first day, it probably never occurred to them 
that it's even possible for their computer to 
be taken over remotely. But the fact that BO 
was so widespread and got so much media 
attention has made so many people aware that  
that's a possibility and maybe their decision 
was okay I'm not going to do on line 
commerce, or I'm not going to do my home 
banking.  Or maybe their decision was I'm not 
going to use Windows 95 because it obviously 
has these problems.  But it's really just 
important that people are aware of the actual 
issues -

DETH VEGGIE	
So that they can make and educated decision.

SIR DYSTIC	
Exactly, as opposed to a decision based on 
Microsoft's marketing.

CORBIN	
I mean you've outlined your reasons for doing 
it very clearly, but I have to say to you 
that most people out there just think that 
these guys shouldn't be doing this kind of 
thing.

SIR DYSTIC	
We don't think the same way as most people.  
We know that.

CORBIN	
Deth Veggie?

DETH VEGGIE	
I actually believe that anyone who thinks 
that way just really doesn't understand the 
situation. 

SIR DYSTIC	
I'll give you an example.  After I released 
it I received hundreds and hundreds of emails 
from various different people and I received 
emails from people who had had their 
computers taken over, and not a single one of 
them blamed me for it.  Not a single one of 
them was mad at me, and every single one of 
them said the same thing to finish which was 
"I'll never let this happen again".

CORBIN	
Aren't you afraid that law enforcement is 
going to be on your back at some point over 
all of this?

DETH VEGGIE	
We've done nothing illegal.  We've talked to 
law enforcement.  They're not happy about it 
but I don't think they are holding a grudge 
against me for it certainly.

CORBIN	
What about Microsoft, how do they feel about 
it?

DETH VEGGIE	
Which part of Microsoft, their marketing 
department, their programmers, Bill Gates 
himself?  I mean everybody is going to have 
their own opinion and certainly anybody in 
marketing is not going to like any negative 
publicity, certainly people who are the 
technical nature I would hope at least 
appreciate the work that went into the 
product.  I mean everybody is going to have 
their own opinion.  I don't expect Microsoft 
to like it but I do expect them to at least 
admit that these are real issues and answer 
to them.

CORBIN	
Talking about law enforcement, moving on from 
Back Orifice specifically but to the whole 
sort of hacker area, it seems, particularly 
in America, that people are getting more 
serious about pursuing people that they 
believe have compromised computers or broken 
in in an unauthorised way.  I mean how do you 
feel about the way that the law if beginning 
to treat this?

DETH VEGGIE	
I don't have a problem with pursuing people 
who have actually broken into computers.  I 
think that my opinion is that when someone 
goes into a computer and damages a system, 
destroys data, things like that, they stop 
being a hacker and they become a criminal, 
and at that point more power to law 
enforcement.  If they're going in and 
destroying things then they should be 
punished.

SIR DYSTIC	
One distinction I'd like to make though is 
that I don't think most people who I would 
consider hackers do any type of hacking for 
personal gain.  They do it for exploration 
purposes, information purposes, but they're 
not out there stealing money from people.  
Those are the organised crime people.  Those 
are people who are thieves anyway and happen 
to have picked up the technical knowledge to 
steal stuff in any way.

CORBIN	
But people don't like the fact that people 
are breaking in to their computers.  They see 
it as their own personal domain, even if 
those people aren't stealing anything it's 
felt to be an invasion of privacy.

SIR DYSTIC	
Invasion of privacy, absolutely, but still, 
one of the other issues is that people who 
are getting caught for what I consider to be 
essentially victimless crimes, breaking into 
a computer, looking around, not stealing 
anything, not deleting anything, are getting 
sentenced to completely unreasonable 
sentences because they're being made examples 
of because the chances of actually catching 
and prosecuting somebody completely for these 
types of crimes happens so rarely that when 
it does happen they want to make and example 
of them.

DETH VEGGIE	
It's not just that, it's that a lot of times 
in the case it'll be like sort of an 
arbitrary monetary damage - okay he caused X 
millions of dollars worth of damage, and then 
it turns out that the person actually didn't 
do any damage.  What they're doing is okay, 
that was the cost to go in and patch the 
holes.  The problem with that is that this 
person did not create those holes.  They're 
not responsible for those holes.  All they 
did was enter through holes that are already 
there, and whether or not that person came in 
and exploited them, somebody else could have 
been doing it, it could have been someone 
coming in to do actual damage.

CORBIN	
Do you think that law enforcement is getting 
the right people when it arrests those that 
it believes are responsible?

DETH VEGGIE	
It's just like any other activity.  Sometimes 
they get the right person and sometimes they 
don't.

SIR DYSTIC	
I think that with the cases that they tend to 
go after tend to be the cases that got the 
most media attention, and the cases that got 
the most media attention are usually not 
malicious or particularly ingenious hacks.  
They're -

DETH VEGGIE	
Web page hacks.

SIR DYSTIC	
Web page hacks, a lot of this service stuff.  
Those aren't dangerous things.  That's not 
somebody stealing millions of dollars from a 
bank which is what you really need to worry 
about.

DETH VEGGIE	
Well I kind of disagree.  Denial of Service 
attacks can be like very malicious and very 
dangerous.

CORBIN	
Well of course we've seen some this year, 
haven't we, in February, a great rash of 
them.  Now again there were tools out there 
that people took advantage of.  I mean did 
you see that coming up?  Was that on the 
horizon?

DETH VEGGIE	
Absolutely.

SIR DYSTIC	
I'd been saying that exactly that was going 
to happen for years and years.  In fact two 
days before the denial of service attacks I 
did an interview with a TV station and talked 
about specifically that, about how in the 
underground there are people who are 
collecting lists of ownable and exploitable 
machines which to be used for some unknown 
purpose in the future, and that's very 
exactly what happened.  But the attacks we've 
seen so far have been very, very low tech and 
very reserved and not particularly successful 
in my opinion.

CORBIN	
What could happen though?

SIR DYSTIC	
What could happen?  I think a worst case 
scenario would be like a programme for 
Windows which was by virusidic and wormed 
itself, that means it copies itself to other 
automatically hacked into other computers and 
if that programme were designed to attack a 
specific website or something it would be so 
widespread that there would be really little 
that they could do without actually cutting 
off access to their legitimate customers 
because they wouldn't be able to distinguish 
between the attacking machines and legitimate 
customers.  All they would see was huge 
amounts of traffic that are overloading their 
servers.

DETH VEGGIE	
A competent security person could basically 
shut down the internet.  I mean it is 
completely technically possible, and the fact 
that it had.. 

CORBIN	
Break down completely?

SIR DYSTIC	
Yes, there are fundamental flaws in the 
internet.

DETH VEGGIE	
- in the protocol that the internet uses, the 
internet protocol, IP, there's fundamental 
problems with it that if somebody who knew 
what they were doing could make the internet 
unusable for a large amount of time.

SIR DYSTIC	
There's another of the CDC members, Mudge, 
actually was testifying before the US Senate, 
was it last year - two years ago and said the 
same thing in front of the US Senate that if 
he or any of the other people that knew this 
sort of thing were inclined, they could take 
down the entire internet and that needs to 
be, you know, those are serious 
vulnerabilities that need to be taken care 
of.

DETH VEGGIE	
But keep in mind that the people who have 
that level of ability is the very, very tip 
of the pyramid.  It's an incredibly small 
number of people and those people have that 
ability because they have worked with 
computers and security for years and years 
and years, and in that time they get over the 
whole.. you know, oh boy I'm breaking into 
somebody's computer and I'm going to go 
change their wallpaper.  You get over that 
really quickly in the first several months.

SIR DYSTIC	
That's really big when you're a 13 year old, 
but..

CORBIN	
You're saying that when you get older ethics 
creep in and you do actually do the right 
thing?

DETH VEGGIE	
Yes, when you're a 13 year old kid it's the 
Beavers and Butthead syndrome, you know, you 
mess stuff up, whereas as you get older and 
you mature, you develop a sense of ethics, of 
right and wrong etc.

CORBIN	
But surely the danger is that if the internet 
is that vulnerable, and there are some people 
who can wreak havoc that someone could pay 
them a great deal of money or..

DETH VEGGIE	
Absolutely.

SIR DYSTIC	
Absolutely  which is why we spend so much 
effort trying to point out these problems to 
people and hoping that.. I mean we can't 
solve the problems.  We can offer solutions 
but nobody has to listen to us.  All we can 
do is raise the awareness of the issues and 
hope that people care enough to make them be 
fixed.

DETH VEGGIE	
It's like with the denial of service things, 
as Sir Dystic said.  That's something that 
we've been talking about for years, not just 
us but people from the hacker community, 
people from the computer security industry 
had been saying for years like hey, look, 
this is a real danger.  And then, but then 
all of a sudden it happens and people act 
like really surprised like on my God, how did 
this happen, it's like well, we've been 
telling you.

SIR DYSTIC	
And like I said..

DETH VEGGIE	
I was surprised it hadn't happened earlier.

SIR DYSTIC	
Exactly, and I'm also surprised that it was 
that badly executed.

DETH VEGGIE	
Yes, that it was that easy to set up.  I 
think that the first couple of them were well 
executed.  I think that the vast majority of 
the ones that we saw were copy cat attacks.

SIR DYSTIC	
True.

DETH VEGGIE	
And those were the ones that were just kind 
of sloppy.

CORBIN	
So what's the answer then, to stop these kind 
of attacks, to bring some kind of security?

DETH VEGGIE	
To stop which kind of attacks?

CORBIN	
Well some of the scenarios that you've 
outlined, whether it be denial of service or 
of organised crime gangs, getting hold of 
people.  I mean what is your message to 
people?

DETH VEGGIE	
There's a technical solution and there's a 
social solution.  The technical solution is 
obviously find every hole and fix it and 
that's never going to happen because there's 
always going to be other problems.  The 
social solution is to make people aware of 
the dangers that go with being on the 
internet and hope that they can use their own 
intelligence to protect themselves some way, 
and granted if all that requires is running 
some product that some company has provided 
that actually protects you, that'd be great, 
but there's no one product that actually 
provides you any great amount of protection 
so far.

SIR DYSTIC	
Well there's varying amounts of protection.

DETH VEGGIE	
What exactly?

CORBIN	
What about laws because Congress is looking 
at various bills to strengthen the law.  Is 
that the answer?

DETH VEGGIE	
It's not the answer.  I think the problem 
with that is that it's all after the fact.   
I mean you can legislate the heck out of 
something but it's not going to stop people 
from doing things beforehand.  It's not going 
to make it harder for them to do it.  It just 
means that okay if they do it they'll be 
punished.

SIR DYSTIC	
And we know that punishment is definitely a 
deterrent, right?

DETH VEGGIE	
Yes, I mean with the development of money 
instead of the idea of putting money into 
bank vaults they just left the money in paper 
bags on the street and just said well if you 
take that money you'll be in really big 
trouble.  You know, it's important to do 
both.  But some of the laws that are being 
looked at right now are actually 
counterproductive.  Like.. what's the name of 
the law.. the thing that's being..?

DETH VEGGIE	
The reverse engineering thing?

SIR DYSTIC	
Yes, the reverse engineering thing.  If you 
hold on for a second I can find out what's.. 

CORBIN	
No, I know what you mean, yes.  What's the 
dangers of that?

DETH VEGGIE	
Well because that basically prevents people 
from looking at something and seeing if 
there's problems, but the criminals, the 
people who you should worry about, they don't 
care if it's illegal to break into systems, 
so if they're planning on doing that, then 
why would they care if it's illegal to 
backwards engineer it.

SIR DYSTIC	
It's basically trying to make it security 
through obscurity.  

DETH VEGGIE	
If we make it illegal for people to analyse 
this stuff, to find bugs in it, then people 
won't find bugs in it which is just not true.
CORBIN	You're painting a pretty dark picture of all 
of this.  Is that the way you think we're 
going?

DETH VEGGIE	
Of which?

CORBIN	
Of the general vulnerabilities, the dangers.

SIR DYSTIC	
You know the internet is a very dangerous 
place to be and it's being marketed right now 
as being this neat toy that everybody should 
come play with, and you know, get online 
today, and you don't get any warning when you 
log online.  You don't get a warning that 
says look, you are opening yourself up to 
these possible ways of being exploited.  So 
it is, in my opinion, a dark situation and 
like I said, I think that the only way to 
deal with it is use your education, you know.

DETH VEGGIE	
I think you're a little more pessimistic than 
I am.  I think that the internet, although I 
think it's tremendously powerful, like 
tremendous..

SIR DYSTIC	
Potential?

DETH VEGGIE	
Well, I mean it's a very powerful took and 
the potential there is for it to either go to 
very dark future or to a very positive one, 
it just totally depends on how and what 
happens now as to what.. you know, what it 
will develop into.

CORBIN	
Why did you create Back Orifice and release 
it?

SIR DYSTIC	
I released Back Orifice to point out the 
risks that people are putting themselves at 
by using various operating systems which were 
essentially created with no security built 
into them.

CORBIN	
Which one?

SIR DYSTIC	
Well specifically Windows 95 is what the 
original Back Orifice ran on.  Windows 95, 
from what I understand, Microsoft actually 
took in marketing survey when they were 
preparing to create it where they itemised or 
asked people how much they valued each of the 
different features that they wanted to be 
into the product and security was somewhere 
around 24, and of course any time you put 
security into something you sacrifice 
usability.  Every time you have to log into 
something or whatever, you have to.. it makes 
it that much.. or in Microsoft's opinion more 
difficult to use, or more annoying or 
whatever, so they do things like save your 
passwords for you which completely defeats 
the point of having a password, things like 
that, and again it was just a marketing 
decision.  They want to market it to six year 
olds and grandmothers and they don't want to 
have to deal with.. you know, access control 
lists and other, you know, big security words 
that they don't understand.

DETH VEGGIE	
I think fundamentally there's security, be it 
computer security or physical security is 
always at odds with convenience.

SIR DYSTIC	
Oh absolutely.

DETH VEGGIE	
The analogy that I always use is that it 
would be really nice if you didn't need a key 
to start up your car, but that's not the way 
the world works.  That's not reality. 

CORBIN	
That's what you need.

DETH VEGGIE	
Kind of an interesting analogy to that with 
like for instance saving passwords, catching 
passwords is like well we need a key to start 
the car but we'll leave the key in the car.

CORBIN	
That's what you think Microsoft does.

DETH VEGGIE	
The problem is there's so much encasing 
passwords, the problem is encasing passwords 
that anybody can read.

CORBIN	
So you say you released Back Orifice to show 
up the shortcomings and the security of 
Microsoft systems, but most people say it's 
just a really malicious thing to do, and 
dangerous.

DETH VEGGIE	
Well if they heard about it then I 
accomplished my goal which was to make people 
aware of these problems.

CORBIN	
Yes but it's still out there and people can 
use it against other people in a pretty 
unpleasant way.

SIR DYSTIC	
WellBack Orifice is scanned for in all the 
major anti-virus software, so the only people 
who I guess would technically be at risk to 
it at this point would be people who didn't 
even bother to run a virus scanner, and 
they're going to be vulnerable to gazillion 
different things that are equally if not more 
dangerous.

CORBIN	
What about ordinary people though, who might 
not know about that?

SIR DYSTIC	
That's whose awareness I'm trying to 
increase.  I'm trying to make ordinary people 
aware of these issues. 

DETH VEGGIE	
The problem is, is if we'd just started, you 
know, there wouldn't really be any way for us 
to publicise the fact of these 
vulnerabilities, I mean we could have gone on 
the street corner and started yelling but 
then they'd just throw us in jail because 
we're crazy.  I think there's pretty limited 
amount of things you can do to actually be 
heard.

CORBIN	
But how do you feel when you know that there 
are people out there whose machines have been 
infected as it were, with the software?

DETH VEGGIE	
If they're actually being exploited I feel 
terrible.  I mean I think that's really bad.  
I don't feel responsible.  I think that the 
responsibility ultimately lies with the 
people who actually are responsible for these 
problems which, in this case, would be 
Microsoft.

CORBIN	
Yes, but you created it and put it out there.  
Surely you must bear responsibility or some 
responsibility.

DETH VEGGIE	
I don't feel responsible.  I've actually 
thought about this a lot.  Like I said, I 
feel really bad about it, but I think that 
what Microsoft is doing, the analogy that I 
use is that basically handing out loaded guns 
to school children and what we're doing is 
saying hey, that's really, really dangerous, 
and...

SIR DYSTIC	
We're pointing out to the kids that if you 
pull that trigger you can get hurt.  Probably 
a lot of those kids are going to pull the 
trigger immediately but.. you know, that 
happens.   (laughter)

CORBIN	
Sir Dystic why is the internet so vulnerable? 
In a nutshell.

SIR DYSTIC	
Because it all is essentially using 
technology which was designed 20 plus years 
ago that was not designed for this type of 
use at all.  It was for small, private, 
academic and research originally and it's 
using the exact same protocol since day one.  
There were these fundamental problems in that 
protocol when it was designed and because 
everybody is using that protocol now, it's 
going to take a huge amount of effort to get 
everybody to switch to a new protocol that 
doesn't...

DETH VEGGIE	
They're working on it.

SIR DYSTIC	
Oh yes, sure.

DETH VEGGIE	
But I think another problem isn't just the 
age, it's the fact that because it wasn't 
designed for this, sort of hobble along doing 
this, it was hacked and patched together by a 
million people over the past 25-30 years, 
able to make it possible to function in the 
way that it does.

CORBIN	
So it was sort of added to in little 
exponentially bits and pieces. 

SIR DYSTIC	
Exactly, by lots of different people.

CORBIN	
Rather than a whole system being designed.

SIR DYSTIC	
Exactly, and I mean that's a very sort of 
like over simplification but you don't want 
me to get very technical about it.

CORBIN	
Sir Dystic, why don't you go and work for 
Corporate America, you could make a fortune 
with your skills.

SIR DYSTIC	
What makes you think I don't?

CORBIN	Deth Veggie, why don't you go and work for 
Corporate America?

DETH VEGGIE	
We all have day jobs, but that's separate, 
you know, and a lot of us actually work in 
the computer security industry doing what we 
can to make computers and systems more 
secure.

CORBIN	
Okay. So do you?

SIR DYSTIC	
I work in the computer industry but I don't 
actually do security. I write software for a 
living and I do it in my spare time.
CORBIN	Okay.  Thank you.

(End of Interview)