Captive experts and gullible hackers

Rob Rosenberger, Vmyths co-founder
Thursday, 8 February 2001 I WANT TO write "The Computer Security Critic's Handbook." It would automatically sell 25,000 copies just because of the title. Security experts would place it in their bookshelves and display it on coffee tables. I don't know if buyers would read my book, but what do I care? I get paid either way. I could fill it with Vmyths.com editorials and laugh all the way to the bank. I'd even ask Vmyths.com readers to look for my book in their computer security manager's office. "Hey Craig, I don't see a copy of 'The Computer Security Critic's Handbook.' What, are you closed-minded or something?" Talk about a captive market! Man, I need to find a book agent. 2600 magazine sells a lot of issues for the same reason. It literally "decorates" many computer security managers' offices. You'll probably find the last five issues neatly displayed on top of your own manager's bookcase. Go on, stick your head in the door and look for them. "Ooooh, I notice you read 2600," you'll say. "You must be quite up on the hacker scene." Security managers will smile and nod knowingly. Computer security experts must buy every issue of 2600. It's quite simply the "hacker quarterly" magazine, and hackers & virus writers swarm to it like ants to a picnic basket. Security experts buy every issue if only to keep up appearances.

I first subscribed to 2600 because I had to. Nowadays, I subscribe just to read all the hilarious letters to the editor.

Like I said: a big, captive market. You can sort this captive market into two groups. Just ask the following question: "do you buy 2600 at the newsstand, or do you subscribe to it?" Many captive 2600 readers buy it at the newsstand. Some experts actually subscribe, but they'll only do so at their home address. "Our firm needs to remain incognito in this cloak & cyberdagger world," they'll explain. They worry what will happen if a hacker magazine learns their company's postal address. Only the most brazen 2600 readers (about 5,700 of them) will let their firms pay for a subscription. Each issue comes addressed to "XYZ Company, Computer Security Dept., 123 Main St., Anytown USA." Those security experts recognize their captive-market status. And they don't worry about what will happen if a hacker magazine learns their company's postal address.
I FIRST SUBSCRIBED to 2600 because I had to, and my former boss displayed his five issues on a bookshelf as required. What else could we do? We fell into the captive market; our jobs required us to read what the hackers read. Nowadays, I subscribe to 2600 just to read all the hilarious letters to the editor and all the bizarre personal ads. Yes yes yes, I still read the articles to better understand the hacker mindset ... but the letters section makes me wonder why the FBI fears hackers at all. Take out the national power grid? Bah. Many of 2600's readers can't even take out the garbage.

Take out the national power grid? Bah. Many of 2600's readers can't even take out the garbage. I suppose the FBI fears them for this very reason...

Look at the current issue (v17:4) if you don't believe me. (Many large bookstore chains now carry it.) Some fool named "Katia" wrote multiple letters abou-- oops, my mistake. Katia handles PR for a computer security firm, which makes her smart by default. You go girl! Anyway, another letter in the current issue stands out because it mentions computer viruses:

Our systems were hacked today by www.2600.com, or so the e-mail said... As soon as I clicked on the attachment, my Outlook went on a rampage, e-mailing everyone in my e-mail system with this attachment, and some with jibberish words. I have to say, it made me laugh but then about two hours later, it wasn't as funny because I couldn't get any work done. All in all, you guys [at 2600] are funny, but at the same time you suck.

Remember: the FBI fears dangerous hackers like this guy. 2600 responded "it's truly stunning how many people believe that just because somebody put our web address in an e-mail that we have anything to do with it." This kind of stuff doesn't just happen to hacker magazines. Big companies sometimes find their names buried in the code of certain viruses. They also find their names attached to numerous virus hoaxes: "This information was announced yesterday morning 20/01/01 from IBM..." Some people actually believe every email they read, you know. Vmyths.com exists for just this reason. Well, I guess I should stop rambling. My wife ordered me to take out the garbage this time, "or else." (I keep forgetting to do it.)