Phrack falls with the leaves

There are probably some SC readers who have never come across Phrack. Like its hard copy bedfellow, 2600, Phrack is a hacker's magazine (hacker in the original sense, not just the computer criminal sense). For the past 20 years, Phrack has provided a slightly irregular, irreverent, but always interesting collection of articles on all aspects of computer security and related topics. Published on the internet as an e-zine, it has always been distributed free of charge.

Phrack has often been the first point of publication of new security issues and exploit techniques. Many buffer overflow enthusiasts first started after issue 49's "Smashing the stack for fun and profit," and the DIY GPS jammer circuit published in issue 60 raised a few eyebrows, not least of which in a funny-shaped building in Washington.

If they were rewritten in a more formal style and passed through a professional typesetting system, many of Phrack's articles would be perfectly at home in high-class academic journals or professional security publications such as SC.

Perhaps unsurprisingly, Phrack has found itself embroiled in controversy. Probably the most infamous example was back in 1989 when it published technical details of the US's "E911" emergency call handling system.

The full story is somewhat complicated (tinyurl.com/arsp8 for a comprehensive discussion), but basically Phrack's publisher was threatened with serious legal action when it was alleged the document was worth tens of thousands of dollars. All criminal charges were eventually dropped, but not until a worrying time has passed for the defendants.

Like 2600, Phrack has always been a worthwhile and hugely entertaining read. There are certainly a few overblown statements and perhaps an element of taking themselves too seriously (the final issue has the editor paraphrasing Lieutenant-General Roméo Dallaire's words regarding the genocide in Rwanda to describe the plight of the hacker). But the technical content and insight into the mindset of the computer security community is invaluable to any security professional.

It will be a shame to see Phrack go. If you have never seen it, I recommend spending some time browsing the site. If nothing else, it will raise a smile. I guarantee you'll learn something too.