/*
    Interview of Ronald from www.0x000000.com
  by hth (hath-the-hitch.blogspot.com)
  April 2008
  original english version
*/


--] A favorite programming language?

Usually I would say that "whatever does the job", but I like PHP very much for the reason that it's built on top of C, or actually it is C but a scriptable version. It allows me to quickly write things that can do the same as C. I don't have the time to compile software, I write it and run it. It's close to C, that's why I like it. Javascript can be very interesting. As a pre-compiled language it's very fast in execution, and really hard to learn. If there is one (scripting) language that is very comprehensive and hard to learn all the ins-and-outs about, it will be Javascript. That may sounds weird to many, especially to those who are used to C. But, for me it's true. I think most people can pick up C faster than ECMA script and it's dungeons and dragons.

--] What makes a hacker a hacker?

usually a person who lives on the edge of any society or group. Like an outcast, a person who left the cast or role he plays, and went on to discover the boundaries. Such person must be obsessive in what he or she does, because it takes a lot of effort and stamina to be like that. I mean, you have to have a sense of wonder about something.
It can be a long and hard road without any satisfaction besides the discoveries you've made. That is the whole point I guess, the next step is the choice of sharing it, that's what I do on my blog. It's a sort of captain's log on the adventures on the great ocean, nothing more or less. But really, it can't be thaught. Reading blogs and going to talks can give you an edge, but it won't make you better unless you actually try it. In some sense, it's quite strange because I am on top of my game, i can't look elsewhere anymore to learn new stuff. Most things I already know about, so it boils down on just doing it, and sometimes you'll discover something. That's not boasting, for me it's very difficult to learn new techniques from others anymore because most of them I know about, or understand them in depth, although I don't talk about it on my blog. Sure, there are cases that spark my imagination, but those are few.


--] The main IT stuff of this year? an idea for the  next one?

Well, i think that the mechanism of unauthorized request will get alot of attention this year, it already has early this year with the router issues, and other cases. I guess flash will stay an attack vector. I don't care much about flash attacks, nor realplayer or quicktime overflows since I disable most of it. it's also an area that doesn't interest me, but there are a lot of things to be found in those services, that's for sure. Oh, and certainly large botnet attacks, I think they will gain a ton of news this year.

--] The main actual hope for security?

Time to get rid of the features that break security. The Internet wasn't built to transport video, or interconnect all networks automatically. HTTP is stateless for a very good reason, and we broke that. The internet was about information sharing, not for Youtube. Eventually people will get bored, I think 4chan is a good example. The net will become a place for frustration, people will drop it and it will be handed over to the geeks again. Looks like a dark picture, but I really think that it cannot continue in this way. Everything can be hacked, attacked when you connect to the Internet. You just are not safe online, no matter how you turn or bend, there is some attack waiting for you, somewhere. Unless we convert it back how it was and designed for: stateless and scriptless.

--] The worst actual nightmare for security?

I think we are in it already, it's a real nightmare. and no one has all the answers how to solve all of it.


--] How, in your opinion, will threats evolve in the future? (shortand long term)

Unless surfers will become more educated and don't click on every popup or a random shortcut, it will remain like it is. Most bots run still on the same people who click on dancing puppies, and it has less to do with actuall exploits or a stack overflow since that has become much and much harder these days.

--] projects?

yeah I am working on a new project called Teisatsu. This will become a cool project, because it's actually a webbased nmap scanner, and allround network pentest tool, build solely in PHP. It has many features, a custom telnet client, hostname scanner, Google spider and such things. I don't know when it will be ready, maybe in the next month.

--] A favourite quote?

I have many nice quotes from people, but i rather give a verse from the Tao te Ching (written around 500-600 B.C.). This is part one of verse 33 and it sums up everything there needs to be said.

verse 33

Knowing others is intelligence;
knowing yourself is true wisdom.
Mastering others is strength;
mastering yourself is true power.


Merci Henri!

Thanks Ronald! :)