Interview with Bob Toxen, Author of "Real World Linux Security"
by Mirko Zorz - Monday, 16 December 2002.
1. Who is Bob Toxen?

I am cut from standard geek material. I love science fiction, especially Star Trek. From the time I was 14 I was hooked on computers. I was introduced to them with the APL language on the mighty IBM 360/91 at IBM's T.J. Watson Research Lab where my father was a research physicist.

I have lots of electronic toys and have more computers in my house than I can count -- all running exclusively Linux. I love music, especially Gothic, Industrial, and Blues. I dabble in high voltage, pyrotechnics, and holography. For more excitement, I fly my plane, a Piper Arrow, around the Eastern United States and Canada.

At Berkeley we competed for who had the best program, with the most features, most resistance to bad data, was written in the best style, and which ran the fastest. This was good practice for being a programmer and later for doing computer security. This obsession for quality seems universal among Linux developers and lacking in some proprietary software systems.

I was one of the four programmers who ported Unix to the Silicon Graphics hardware for them. Later, I wrote a NFS server for Stratus' non-Unix operating system, debugging it with a LAN analyzer. I wrote several more network servers, one to track Space Shuttle payload data for NASA. This was good training for network security as I learned protocols down to the bit level. It enabled me to understand vulnerabilities and defenses

down to this level too.

How did you gain interest in computer security?

I was a sophomore at the University of California, Berkeley in 1975 when lots of exciting Unix work was being done. Unfortunately, undergraduates were not allowed to do Unix research at this public taxpayer-funded university by "the powers that be". Myself and a few friends solved this by breaking into the Unix system and conducting research without permission. Despite the best efforts of the SysAdmins, we did this for about three years straight until we finished school and headed for the salt mines of Silicon Valley.

One of my original ideas was hacking the kernel so that instead of the erase character being a "#" character, erasing would generate the now universal backspace-space-backspace sequence to obliterate the now erased character. I did the same for line erase, replacing the "@" character with however many backspace-space-backspace sequences were needed to erase the entire line on the screen. Doug Merritt helped with this work.

I created the "lock" program to lock a terminal as a convenience over logging out to maintain security. I started enhancing the Unix Version 6 shell before Bill Joy started on csh and Dr. Bourne did the Bourne Shell. Doug Merritt added vi-like editing to the shell. All of these things now are universal on Unix, Linux, and even Windows but we came up with the ideas.

Our interest in security was to stay in control of the system to make improvements to it as well as the technical challenge. We never damaged anyone's data though the SysAdmins spent lots of time to try to get us out. They never caught Doug, Ross, or I, however hard they tried.

It was wrong for us to do this without permission and, instead, we should have found a sympathetic professor to arrange for us to get legitimate access. One of us (not the three named above) was arrested, spent a night in jail, and had to fight to avoid conviction due to our activities. This was my only less than white hat activity.

What are your favourite security tools and why?

IP Chains/IP Tables

This is the "Killer App" that allowed Linux to be a good Enterprise-class firewall. I find it far easier to configure than Cisco's Pix, cheaper, and more versatile; IP Tables offers all of the features that most organizations need.


Compromised cPanel "Account Suspended" pages redirect to exploit kit

The code redirects visitors to another URL where the Fiesta exploit kit is hosted, which then tries to detect and exploit several vulnerabilities in various software. If it succeeds, the visitors are saddled with a banking Trojan.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 27th