The 0XSS Credo

Sun, 05 Nov 2006 07:13:28 GMT
by pdp

Let me explain the new world order. Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! (Hackers)

It is time to move on. In the past couple of months a lot has been said about the importance of XSS (Cross-Site Scripting) attacks. They used to be considered the lamest way to get into someones network and computer, but not any more. They has been abolished by the computer security industry and those who contributed in this field where considered the lowest class hackers, script-kiddies if you like; but not any more. Today, XSS and all other types of related attacks depict the future of our virtual world. We are on the verge of a new type of thinking.

People often think that memory corruption bugs are 1337. Knowing how to debug is 1337. If you know how to play with the stack than you are a true hacker. I've been there and there is nothing new about it. The reason why I entered the world of XSS and web related technologies and abolished the old debuggers is because I saw the future and I got excited about it.

In the future you need to have a pretty good idea of the damn big picture. If you don't, you are on the loosing side. In the future, nothing is certain and everything is complicated. There is no single result; there are ranges of results, each one of which is completely different in nature. How do you handle that? Where is my targeted exploit code? In the future there are no boundaries, your lack of creativeness is what pulls you down. You need to train that. The future hackers develop their skills as well as their mind and body, because they know that everything is related. A hacker mind is not the one who breaks into computer systems; in the future a hacker is one that knows how to manipulate the world because it understands it better than anyone.

It is hard to compete. XSS, CSRF, XML, JavaScript, VBScript, RDF, OWL, RDFS, XSLT, XPATH, XLINK, DOM, HTTP, HTTPS, SMIL, XForms, XSD, XPointer, SVG, Unicode, ISO, Flash, QuickTime, Translators, Inference, Parsers, Regular Expressions, Browsers, Semantic Web, XUL, XAML, Java, HTML, Encryption, URL, URI, URN, SOAP, XML-RPC, Services, Google, Social Networks, Blogs, Splogs, Trackbacks, RSS, RDF+RSS, Annotations, Web APIs, WSDL, PDF, Media Formats, CSS, XSL-FO, XQuery, DTD, WAP and AJAX are just a few of the related technologies one must know about.

It is hard to be. Information Analysis, Strategies, Subliminal Persuasion, Mind Hacking, Languages, Passive Information Gathering, Public Relations, Philosophy, Sociology and Psychology are just a few of the fields a hacker mind must master.

Will todays hacker techniques disappear? No, but the concept will change. The attitude will change. Your current technical skills does not defines you. Your attitude is what speaks about who you are. "Oh no, not another XSS". It is time to open up your mind for a new type of thinking. Your are an extinct species. "Dude, your XSS mojo cannot compete with my buffer overflow. Your skill is not exact." Your dinosaur thinking is what will let you down eventually. Can't you see that something as simple as that can cripple the Internet. It is not the skills that you have, it is your attitude that makes me angry. You will wake up 5 years latter realizing that the world has passed you by. I am just trying to tell you to put down all your stereotypes and realise that something big is going on. For good or bad I am in it.

The world is a simple infinite loop. Everything new is well forgotten old thing. Look at it, there is nothing new in these XSS attacks. XSS is a simple input validation issue; exactly the same as in your memory corruption bug. The only difference is that while you need to comply with the rules of the operating system you are exploiting, I need to comply with the World Wide Web. What's the difference?

That's all I have to say to you.

pdp (architect) | petko d. petkov

Sunday, 5 November, 2006

Archived Comments

Nice one, probably the new "hacker manifesto" :P
Joe PhantomJoe Phantom
Astonished... One of the best post I have read.I think you are completely right. It's time to open our minds. Joe Phantom
youre just jealous because you can't practice unsafe hex