Sil Interview

All tutorials we have thought to write or that have been compiled that do not explicitly belong in another category.
Post Reply
User avatar
weazy
Ex-Admin
Posts: 1688
Joined: Sun Jul 07, 2002 10:02 am
Location: any given
Contact:

Sil Interview

Post by weazy » Fri May 30, 2003 7:16 pm

Sil has to be one of the coolest people around. He is tremendously knowledgeable and has a great sense ofhumor. Which is why we had to interview him. Our questions in bold.


Why did you decide to create antioffline.com and why the name antioffline?

AntiOffline was conceived as a joke originally. Prior to Packet Storm being sold and the whole John Vranisabitch, Harvard, Ken Williams hoopla, I was a sort of the unofficial spammer at the original Packet Storm's forum. I was in Long Island University taking some comp science classes, and I was religiously there reading just about everything posted, and hanging on the web board asking anything about everything.

Well JP decided to have his so called "change in mission", where he stated he would turn on the underground scene that had made his site popular. I personally never liked AntiOnline nor many other sites that were out at the time, Warforge, AntiOnline, etc. So I decided to poke fun at him. Now AntiOffline itself was at this time located at antiantionline.virtualave, and I had never intended to do more than poke fun. In comes JHH who went out and registered AntiOffline tracked me down like a pimp looking for his $2.00 crackwhore, and he asked if I wanted to run it.

Other than the fact that JP is a 15 year old with very little info-sec experience, his site is full of useless info, and he got thousands of dollars in funding for his worthless site.... why do you not like him (or antionline.com)?

I wouldn't believe everything you read about him. Thousands in funding? I doubt it, what I believe is that his parents may have taken out a loan in order to help his sorry ass out since he dropped out of college and didn't have enough of a brain to do anything for himself. Lets take a thorough look at him for a second and just how much he is worth.

1) Dropped out of college, without having a clue to anything related to security, other then posting some AOL related, over hyped security info.

2) DOES NOT, have any relevant real world work experience other than his kiddie based site.

3) Has posted the most irrelevant articles and information pertaining to the underground scene only to overthrow Carolyn Mienel as top dog media whore.

4) Posted some information about a phantom company who funded him (never ever backed his claim up whatsoever).

Its not JP that I don't like personally, I mean he could croak, get hit by a car and I wouldn't give a hoot. Its his methodology that I don't like since it gave the underground scene such a black eye. There are plenty of people without clues who zero in on his Alice in Wonderland information and believe what he says to be so, its just amazing people are that dumb.

I've learned through the years though not to have hatred or anger towards people. so I believe a lot of people distort the whole AntiOffline vs. JP stance. I don't know him so why would I hate him, sure I joke about it, but at by the time I turn my PC off and stop fscking around, I focus on the things relevant to myself.

All of us at netflood have read nearly every article at your site (antioffline.com)...and we noticed that you said, and this isn't an exact quote, "way back in the day cyberarmy had some useful tools and info", you obviously hold them in low esteem now...why?

Cyberarmy, holy ####, now what's there to be said about them? You can browse over to their forums and see for yourself along with the above stated answer to the AntiOnline response.

There are some cool people I've met from Cyberarmy that actually do have a clue and yes I know I'm a bastard for not mentioning them but its hard trying to pinpoint them since I know a lot of people.

Let me zero this down without getting into a encyclopedic digest of it all:

Webmaster (Nick) is a liar who befriended a couple of newbie (l)users a few years back claiming he made robots for the US military (this is no bullshit and I know a lot of the old Packet Storm Forum members will remember this), all for the sake of attracting visitors.

Webmaster (Nick) actually is a clueless little gimp with no skills whatsoever, and I've proved this time and time again. By claiming he's some security *anything* I decided to go and talk with him on IRC a few times, and he's like this senseless punching bag. Wasn't even fun to talk to. Did not know anything other than configuring html and asking others to fix cgi scripts for him.

Responsible for the "hax0rm3 g1ve m3 w4r3s" kiddiots you see on the scene and I sincerely mean this.

Why do millions of crackheads phj34r your l337 sk1||z?

Hah, that's something I started in order to poke fun at the script kiddiots ;)
There are a lot of people who don't like reading the watered down fairy tale styled articles you see on many news sites. One thing we try never to do is bite our tongues for anyone.

We pretty much call it how we see it without any of the ass kissing, story distorting fashions. The way it should be.

The whole phj34r quote was just funny as hell when I created the banner, call me schizophrenic but I laughed for minutes on end creating many of the things you see on AntiOffline.

How long have you been involved in the IT industry and how did you first get involved with Info-sec (network security)?

Security specific for 3 years now, IT specific its sort of trivial. I was originally a graphic designer at Grey Direct, an advertising agency in NY which had a pretty large (and I mean large) LAN. While being a graphic designer I was always running around fixing, tinkering with things, where I decided to just switch industries.

It was there I switched industries, but prior to that I had dealt with all types of computing related issues, as a graphic designer I was toying with SGI Irix machines, Alpha's, Scitex proprietary machines and OS's, Symbolic Science, etc.

There are always people out there wondering how to break into the info-sec/network security field, what advice would you give them?

Kind of difficult to paint a track for people to follow on this question. I'll tell you how I got to where I'm at, which is not close enough to where I would like to be ;)

Being a security junkie and shifting my focus to the IT based field, I started off as a tech support junkie at a dot.com and worked my way to Junior Unix Admin at the same dot.com after pestering the bosses. I had seen so many so called "experts" without a clue and kept poking, poking, until I got my chance. Well I maintained a focus on security and integrated security related tasks into my position at this dot.com. After being there for some time I went to another dot.com (StarMedia) as a security engineer focusing only on that, and the rest is pretty much history.

I've spent countless hours studying, reading, making & breaking my own networks, and tinkering around with security related stuff.

I would say: Study study study, focus on one major arena (I have a major focus in networking and firewalls now), and press yourself to do better, it won't happen overnight, but its worth it if you love the industry.

What network hardware/software security products (or network products in general), do you work with on a frequent basis?

Right now I'm a Security Engineer/Senior Unix engineer so I play with the typical Cisco, Checkpoint FW-1, Sun, FreeBSD, Windows, combinations.

Prior to this company I was working at a company where I had the opportunity to dabble with Cisco Pix', Netscreen's, all sorts of IDS' both hardware and software based, NFR, Anzen Flight Jacket, Dragon, Real Secure, Secure.com's 80xx series hw based IDS', Argus Systems products, Baltimore Technologies products, routing equipment: Juniper Routers, Cisco's, Bay Networks, etc, etc.

What's a "day at work" like for you?

Hectic most times but fun. As for administrative stuff (configurational type things) I script mostly everything I do when its *nix based, so many times I'll ./fixit with scripts, although when the "isht" hits the fan, it can become a headache.

I've had some disaster days though. Nowadays I've learned to just relax and do what I can as best as I can. You can't take over the world overnight you know :)

What do you think are some of the biggest info-sec mistakes that most companies make (i.e. mis-configured firewalls, inept security policies, etc)?

Some of the biggest blunders I've seen companies take...

Personally I feel many companies especially within the last few years have grown so fast they often forget to do things right the first time. A few servers go up here and there, then some Venture Capital kicks in and they now have a full blown 200+ network they threw up without taking the time to appropriately assess any security procedures from day one.

So you now have a company who is a major player with a network filled with holes.

Assuming a firewall is the sole solution for this, many of these companies believe by throwing one up (firewall) they're now secure without actually taking the time to fix the original problems. Its kind of like putting up a steel door so no one breaks in your house but leaving the windows unguarded thinking no one is going to pry them open.

Above that, many administrators are swamped with work and or have little knowledge, or care little about security so no one keeps up to date on many of the security related issues. (Bugtraq, etc.)

Lately there have been numerous DDOS attacks against established dotcom's (yahoo, etc), why do you think it has become so prevalent? Is it simply because the tools can be downloaded and implemented so easily?

DDoS tools are only one portion of the problem. Again this goes into some of the understaffed companies who can do little about the situation, and improperly configured networks out there allowing spoofed packets to exit their networks.

If many large backbone ISP's implemented some strong ACL's you would have about half the impact.

Many of the idiots who partake in these attacks can be summed up by reading my semi-humorous/serious RFC31337. 
http://www.antioffline.com/rfc31337.txt

As the owner of antioffline.com, do you feel sites like packetstorm, attrition, and/or antioffline contribute to (or motivate) web defacements, DOS attacks, or malicious activity in general?

Defacements are wrong in any sense, although I do admit I like the super high profile hacks that occur, Microsoft, Slashdot, Whitehouse.gov, etc., it sort of reminds people that there is so much more to security related information untapped, or forgotten. Political hacks some times may seem nice, but I would rather see some of these defacers start non-profit.org's instead of just defacing someone's site.

I don't think Attrition itself motivates anyone and in fact I would bet my right nut by saying they despise many of the defacers' defacements as 98% of them are bullshit rants by morons. There are those idiots though that are likely to think that by having their work featured on Attrition,
that they are some elite shit. Give me a break 99.999999999% of those e-tards couldn't even wipe their asses let alone understand the scope of it all, other than downloading someone else's tools to do something.

Define "script-kiddiot".

One doc sums it all up http://www.antioffline.com/rfc31337.txt

What web sites do you visit on a regular basis?

Typical sites, daemonnews.org, slashdot, kuro5hin, ARSTechnica, SecurityFocus, eSecurityOnline, TheRegister.co.uk, Cryptome.org, Spyking.com, Not too many sites have anything major to say in regards to security in a wholehearted unbiased fashion. Too much commercialism out there now.

Where do you see yourself in the next 5/10/20 years?

5 -- Buying my third house in Sweden
10 -- Expanding my houses in Sweden
20 -- Wondering what I can demolish to expand in Sweden

I try not to worry about the next day too much. I would rather focus on what's in front of me at this point. Sure many people plan on what they would like to do, what they plan on doing, but the world changes so fast anything can happen. My personal quote can summarize it up in one shot.

"I'm never in a rush to get to where I'm going, sooner or later I'm bound to get there." 
 -- sil@antioffline.com

Thank you very much for allowing us to turn the tables on you.

Well thanks for taking the time to question me :)

J. Oquendo
sil@disgraced.org | sil@deficiency.org | sil@antioffline.com
--The Devil is in the Details--

Post Reply