No self-respecting security professional would want to be seen without a copy of hacker bible The Best of 2600
The year 1984 was an interesting time for me, and coincidentally also for computer security. For myself, I got my first proper girlfriend (hi Lexy!) and my Commodore 64. It's also when I first became interested in computer security.
In the wider and more interesting world, 1984 was also the year that Robert Schifreen and Stephen Gold conducted their ad hoc penetration test of the Prestel network, using a combination of clever shoulder surfing and good old-fashioned hacking skills. I became fascinated in the story and its details, and by a strange twist of fate ended up meeting Robert many years later and as a result I am writing this column today (it was Robert who recommended me to the editor of SC Magazine). I'm glad to say that Robert is still active in the security world, as a visit to his www.securitysavvy.com site will confirm.
Hacking had become a much more commonplace discussion point in 1984 due to the release of the classic film War Games the year before. Dealing with the inadvertent intrusion of a teenage hacker into the US defence system, War Games really brought hacking into the mainstream. The film certainly spurred on my interest in computer security and, for extra anorak points, marked the start of my interest in nuclear command and control systems. For a bit of real nostalgia, I recommend Wired magazine's recent article on the topic, available at www.wired.com/wired/issue/16-08. It is frightening to think this was 25 years ago.
Meanwhile, as a film narrator might say, on the other side of the Atlantic another first was coming. In mid-January 1984 the first issue of 2600 magazine was published – just a few pages covering a number of hacker topics. It became an immediate if somewhat limited success, with many readers signing up for a full year's subscription after the first issue. Unlike many other similar publications that folded, 2600 thrived, becoming a “proper” 24-page magazine in 1987, expanding to a 48-page quarterly publication in 1988.
I was unaware of 2600 for many years, until it started appearing in a few shops in London in the early 1990s. The pilgrimage to Tower Records became a standard feature of my early business trips to London in the 1990s, and the magazine was always a good read. These days it's almost mainstream, with subscriptions over the internet, and is now even available in Borders in Southampton.
Hand in hand with 2600 goes the irreverent radio show Off the Hook, which covers an eclectic range of hacker-related topics (available from www.2600.com/offthehook). It was listening to one of these shows on a recent business commute that I heard about The Best of 2600 book, which I promptly ordered.
The Best of 2600 is a real treasure trove of technical and cultural hacker information. From a historical point of view, it's fascinating to see how the technology has evolved (for example, 2600 covers attacks on pre-internet systems, along with the evolution of the internet), and equally depressing to see how little has been learned about keeping systems secure. There are also articles on new technologies, such as WiFi, the clarity and accuracy of which put most trade journals to shame. There's even suggestions on improving security, such as suggesting the “CVV2” credit card check way back in 1985.
But 2600 is not just a geek reference book on up-and-coming technologies.
Much of the compilation deals with wider issues of hacker culture. There's a detailed discussion of the various hacker trials, where you'll see a different story told than the one in best-selling books like Takedown and Cyberpunk. You get to read Kevin Mitnick giving his side of the story (as an aside, apparently soon he will be writing his own book on the topic, as his legal restrictions expire this year).
In among that there's also amusing tales of how big business security types have been made to look foolish by hackers over the years. The book is fascinating and laugh-out-loud funny in equal measures, and belongs on the shelf of any serious security professional.
Nick Barron is a security consultant. He can be contacted at firstname.lastname@example.org