Interview with Matt Conover (Shok)
After having posted the article Console IOCTLs Under Linux to HNS
we got a good response so we decided to interview the author: Matt
Conover (Shok). He is a member of w00w00 Security Development,
that with 30+ active members, is currently the largest non-profit
security team in the world.
So here it goes:
How and when did you get interested in computer security?
It was gradual. I was interested in programming and Linux, from there
(with the help of various movies), computer security became an
interest. I first became interested in around '96.
Do you have any special interest in the field of security?
Well, I'm very intrigued by finding new forms of vulnerabilities.
Finding problems in cryptograpic protocols (by this, I also mean
authentication, key exchange, etc.) has also become fairly exciting
within the last year or so. Beyond that, I try to study a wide range
of areas.
What operating systems do you work on? Which ones do you prefer and
why?
I work on most of them. When I'm developing products on Unix, I'll be
sure they port to Linux, BSD, and Solaris. I also work with Windows NT
and Windows 2000. From my background, I prefer Unix, but I have
recently made my peace with Windows.
How did you get involved with w00w00 and when?
w00w00 was created in early 1998. It was originally started
humorously, and I've been there since the beginning. Most people doing
work in computer security have their own connections, and so when
people come together, their connections come with them. This is how
w00w00 grew.
Are you satisfied with the work which you have done within w00w00? Do
you think you've accomplished more as a member?
I think we can always do more, but I'm happy with that's been
happening. Even when we aren't releasing things, there is still a lot
of internal work, and a lot of very brilliant people.
Are there people/groups you look up to in the security scene?
I would call them friends--we like ADM and L0pht, and a lot of
commercial organizations, such as Zero Knowledge Systems and Napster.
As regards you articles, what kind of feedback did you receive?
Thankfully, we've received a lot of positive feedback and no negative.
More commonly, we receive emails from people with additional ideas. We
always appreciate them.
What is your opinion on the "mass spreading" of script kiddies these
days? What infulence do you think it will have on the security scene
in the long run if the trend continues to rise?
Well, it's a tough question. Personally, I keep myself isolated to
w00w00, and so I am not as exposed to it as some might be. w00w00 is a
white hat organization, and we don't support the activities they are
doing. With that said, most are young people just trying to get
themselves into computer security, and the "script kiddie" phase is
the phase were they are beginning to understand security (enough to
use exploits), but not fully aware of the consequences. Most, over
time, will continue their study and eventually outgrow that phase. If
the trend continues to rise, I think it would more imply that there is
a boom of people getting interested in computer security, which is
great. They just need to slow down for a while and finish learning ;)
Rather than an individual picture, Matt gave us the latest picture of
the w00w00 team:
http://www.net-security.org/text/articles/interviews/matt.shtml