I met Peter “Mudge” Zatko at the Cult of the Dead Cow’s hotel bungalow at DefCon 8, the 2000 edition of the notorious hacker conference. My coworker at OpenCola, Oxblood Ruffin, was a member of the the “cDc” and introduced me and the other OpenColans to him and the other nicknames in the group: “Sir Dystic”, “Dildog”, “Deth Veggie”, “Night Stalker”, “Grandmaster Ratte” and many other black-clad, charmingly oddball characters far more interesting than the characters in the movie Hackers. I think I learned more about security in the hour-long group conversation with him than I’ve learned from countless corporate security training videos and training courses. Later at the conference, the cDc would hand out more copies of Back Orifice 2000, a tool that would cause much heartburn to many people at the company where I now work.
He’s now got a big gig: Program Manager at the Strategic Technologies Office at DARPA, the Defense Advanced Research Projects Agency, the R&D office for the Department of Defense. His area of focus? Security, naturally.
Mudge was responsible for the early research into buffer overflow attacks and published one of the first papers on the topic. In 1998, he and others from L0pht Heavy Industries (a.k.a. “The L0pht”, a hacker think tank) testified before a Senate committee, saying that they could take the internet down in 30 minutes. L0pht was acquired by the security company @stake in 1999, and in 2000, the company where I worked, OpenCola, hired them to do some security consulting. He’s met with President Clinton to talk about DOS attacks and worked at BBN as a division scientist.
I’m curious to see what Mudge can do with government gear and a big budget. In the cnet article, he talks about actively responding to threats. "I don’t want people to be putting out virus signatures after a virus has come out," he says. "I want an active defense. I want to be at the sharp pointy end of the stick."
Do not mess with his pointy end! Congrats, Mudge!