[Animats]

l0pht is a successor to Cult of the Dead Cow, which goes back to the 1980s.[1] Their "Tao of Buffer Overflow"[2] is still a good read.

The two big problems in computer security used to be Microsoft and C. Amit Yoran said that publicly when he was Homeland Security's head of computer security. That made him unpopular, and he resigned in 2004. Yoran was then replaced by a Cisco lobbyist who kept his mouth shut. (Yoran did OK; he's now the CEO of RSA.)

[1] http://www.cultdeadcow.com/ [2] http://www.cultdeadcow.com/cDc_files/cDc-351/

[tptacek]

Yoran wasn't making a philosophical point about Microsoft. He was responding to the news cycle: we had just suffered the "Summer of Worms", which, because of Microsoft's position in the market, involved almost exclusively Microsoft systems.

Microsoft, to their credit, responded admirably to the events: they invested a spectacular amount of money shoring up the nuts-and-bolts quality of their software, training their entire development team (one of the largest in the world) on secure coding standards, hiring researchers to revise their libraries and deprecate unsafe interfaces, and adopting hardened C/C++ runtimes.

[kw71]

Successor? I don't think so. I think some individuals were part of both groups. L0pht and cDc were part of the same BBS scene. Like QSD's x.25 address, the phone number for Demon Roach Underground is a number I'll never forget.

[pjc50]

At some point those got replaced by Flash, PDF reader, and Java. Now, as others have pointed out, the main threat is nation-state actions.