Here's a short summary of the less boring technical things I've done so far. I consider this my personal home page and feel like writing my boring history on this page. If you fall asleep, you've been warned. :P Far from all of this is professional security work, some of it was done for fun and education. I started out in C with maintaining and contributing a bit to the development of eggdrop, the all-purpose IRC bot. My old Tcl script for eggdrop is entity, which is still available, now for 1.6 eggdrop bots. :) It's designed specially for large distributed eggdrop networks and has very efficient channel- and basic intrusion protection. Some people use and like it for its ease of use. This was my first experiences with programming distributed networks, sort of.

The first C code I ever published was targa, which was a combination of existing DoS proof-of-concept attacks, much of it cut and paste. My latest DoS in that direction was targa3, which generates semi-random packets designed to bring down IP stacks. I've used and written tools like targa3, and attacks against the Solaris kernel and some versions of syslog and others professionally during my time at 2XS to test various products and firewalls.

Some open-source security tools I wrote, most of them simple implementations, include spidernet, a distributed host-based intrusion detection system (such as tripwire), with a client/server infrastructure, Q, a cryptography-using remote access server over esoteric protocols, somewhat of an alternative to SSH, and some distributed sniffers, phantom sniffer and e4d. Later on, I've written LibMix, an archive of network, cryptography and other functions, mostly to re-use code that I commonly need in my projects. One of my favorite projects is NSAT (the Network Security Analysis Tool), a network scanner that can identify most common IP-based internet services and their versions. Unlike vulnerability scanner or penetration tools, NSAT does entirely passive information gathering, as it leaves interpretation of the gathered version information up to the user, which also makes less updates necessary. (By the way: if you ever have problems with getting all the results with NSAT, just try tuning up the timeouts in the config file. It's a feature, not a bug...).

Some of the security whitepapers I've written so far include Protecting against the unknown, a buffer overflow howto, Paranoia vs. Transparency, and Automation Potentials for IT security. Also, some c't articles (a german computer magazine) about the Linux firewall and detecting backdoors on UNIX, but they are not publicly available online.

So far, I've worked for 2XS Security in Israel, doing vulnerability management, quality assurance, penetration testing, and development of SASS (StandAlone Security System, an uber-IDS). During the R&D, we did some short-term work for small israeli businesses and big institutions including banks, and ISPs, and assisting the FBI with tackling anti-american/anti-israeli defacers from Pakistan. We still retain a letter of honor from them. Oh well. Personally, I also assisted in Project SODA, a cooperative project with a few israeli white-hats, in which we notified the whole range of Israeli Internet sites of their security problems. The goal was to mitigate the effects of an early escalation of the new uprising in cyberspace. We also advised ISPs in Israel about Anti-DDoS measures, who, at that time (around November 2000) experienced some large-scale distributed DoS attacks. As of mid-2002 2XS Security is not an active company. Because of the political situation in Israel, many employees got drafted. Also, the CTO and founder, Ehud Tenenbaum (aka. Analyzer, the media-labeled "Pentagon Hacker"), has been jailed after four years of ongoing trials. For more information, please see this site that his friends have put up: freeanalyzer.org.

One project I've been involved in, is vantronix, they offer wireless security services, and have an interesting project about providing wireless internet access in metropolitan areas.

Since 2000, I work with the Hacktivismo group, a cDc-sponsored "non-profit research and development group", as I prefer to describe it. Hacktivismo focuses on freedom of information, human rights, and general freedom issues, internationally, around the globe. We try to investigate violations of those freedoms and rights and, as the cypherpunks, try to improve things primarily by technology rather than policy, and prefer the laws of mathematics to the laws of traditional political diplomacy to challenge the governments and supporters exercising totalitarian rule or censorship in their countries. Our first project was originally Peek-A-Booty, the anonymous browsing protocol, which people like Bronc Buster and me helped designing. It later became a private project of one of our ex-members, and is no longer associated with us. I have no overview about this project's development status anymore, but am focusing on current Hacktivismo projects, such as Camera/Shy and The Six/Four System, a successor of Hacktivismo concepts designed for privacy, stealth and anonymous, free access to information, while circumventing censorship. I was the main author to implement Six/Four peer-to-peer protocol, and am happy about anyone getting involved and taking it apart, writing applications for it, or improving it.

Nickname: Mixter

Real Name: Isn't exactly a secret, but I prefer to keep my privacy. Ask me.

Current age: 23

Contact: mixter@hacktivismo.com

Citizenship: German

Residence: Germany, at the moment

Politics: Libertarian

Areas of Interest:

• Maintaining friendships around the world.
• Hacktivismo, and technical projects using the Internet in new ways.
• Distributed applications and decentralized peer-to-peer.
• Philosophy. Mostly, recognizing and challenging established authority.
• Amateur biochemistry and bioinformatics. I'm also into Life Extension.
• Practical security, vulnerabilities. I don't have time for it right now.
• Forcing myself to learn things like openssl or all of ANSI C++.

Music: Classical, Psytrance. I also composed some ambient tracks.

Employment: Recently started as a senior developer at a Germany-based security/crypto company.

Current Projects: Hacktivismo and Six/Four. Right now, I don't feel like getting involved in any new projects.

Maintained Projects: Mostly, nsat and libmix. I have some private projects.

 I'm just putting this here because it is really necessary to clarify some
 disinformation and misconceptions about the 'yahoo DDoS incident', and about my
 role in the emergence of DDoS technology. I would prefer not to be associated
 that much with DDoS technology, positively or negatively, as I don't consider
 the whole subject as that groundbreaking, actually. It mainly concerns a few
 people in the IT security industry professionally dealing with DDoS mitigation.
 As stated verbosely in a public announcement about DDoS
 that I wrote, DDoS tools have been around for long, and TFN v1 was a
 proof-of-concept, designed to replicate the behavior of tools which were
 unavailable to the public and to researchers equally. I immediately posted
 TFN to my site and to PacketStorm Security after finishing it, and from
 there it made its way to Bugtraq advisories. In late 1999, I was writing
 the whitepaper protecting against the unknown,
 during which I realized some upcoming DDoS technologies that would exploit
 general security weaknesses on the Internet and deficits of current
 Internet protocol and routing standards. So, with that whitepaper, I also
 implemented a successor, TFN2K, distributed it, according to full disclosure
 security policy (and -- with escalating DDoS attacks, back then limited to
 IRC, this was an immediate problem, but there wasn't going to be a fix for
 the general problems of the Internet anytime soon, anyways), and announced it
 on the appropriate security forums.

 February 2000, a major distributed DoS was launched against high-profile
 sites around the Internet, and the media was quick to cover it (among other
 reasons, because they were among the prime targets that had been attacked).
 TFN2K was suspected as the program that had been used, simply because it
 was the most popular DDoS proof-of-concept application during that time.
 Later, people found out that a different tool, "mstream", had been used, by
 a Canada-based teenager, to launch off the attacks in question. Now, for
 the mainstream media consumers: I didn't write trinoo (one of the first
 known DDoS tools). I didn't write stacheldraht, but randomizer (a german
 coder, now TESO member, who shrouds his identity in secrecy), did. The FBI
 was never "looking for me", rather, I communicated briefly with the NIPC over
 email, voluntarily offering my technical advice. They then tried to arrange
 an interview in Germany, but at that day, I had a flight booked, so we never
 had the honor of meeting. I am not an FBI informant either, but you don't
 have to take my word for it. Finally, I was never prosecuted for anything
 related to distributed Denial Of Service, or for publishing code in a
 "full-disclosure" manner.