Brian Hatch is a hacker in the positive sense - a coder, tinkerer, and tester. I love to prod software into doing things it shouldn't be able to, be it for good or ill.
My love of Linux comes from the fact that all the code is there for your perusal, modifications, and bastardizations. I'm constantly testing and breaking my laptop, putting backdoors and Trojans on them, and occasionally need to reinstall my system from scratch to be sure I haven't irrevocably destroyed any hope of stability and security in my quest to do weird things.
When I'm not tinkering in Linux or security, I'm... Hmmn. Wait, I can't think of a time that I'm not tinkering in security. I should never have gotten a phone with an SSH client.
How long have you been working with Linux?
I first started playing with it in 1993, but it became my primary desktop OS in 1995. That was a laptop, and damn but was that a tricky beast to set up back then. It originally ran via loadlin and everything lived on a DOS partition because I needed to have Windows available for corporate email (Lotus Notes). Luckily I left that company and was able to ditch Windows for good. Of course I'd been using GNU software for a long time before I had Linux on my desktop. SunOS/Solaris and IRIX machines were my usual stomping grounds -- I still have my Indy somewhere in the attic.
The beautiful thing about Linux is that the entire kernel is Free Software/Open Source, as are most of the userland tools. Having the entire code base of your software makes tweaking possible, and allows me to have complete control of my system. For example I've occasionally modified the 'crypt' password hashing function on my systems. Since most password crackers are run offline, or have crypt written in optimized assembly, the results from password crackers would never be valid on my machine. This is the kind of ability you have when a system's source is completely available to you. I can't imagine going back to using something where I can't see each and every line of code.
How did you get interested in computer security?
I don't ever remember getting interested in it -- it seemed to be one of my innate desires for as long as I can remember. I guess I was always paranoid and mistrusting.
Back when I had my first Apple ][ machine, you'd need to boot off the floppy drive or tape. The computer would run the program called 'hello' on the floppy if it was available. Well, I sure didn't want anyone looking at my files and programs, so my hello program was this paranoid thing that required two correct passwords (each more than 10 characters long) to get in or it would reboot the machine. If you correctly authenticated, the thing had a fully functional text file management/program execution environment.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.