==Phrack Inc.== Volume 0x0b, Issue 0x39, Phile #0x04 of 0x12 |=-------------------=[ THE PHRACK EDITORIAL POLICY ]=-------------------=| |=-----------------------------------------------------------------------=| |=--------------------------=[ phrackstaff ]=----------------------------=| "Scholars and academics naturally tend to believe that formal knowledge is the most important way of knowing, and perhaps they are right, yet even so it is not formal but common knowledge which informs nearly all the day-to-day decisions and actions people take, even the most learned among them." - William Gosling [Gosling, 1995] ----| 1. Introduction Because the editorship of Phrack has moved from being solely under the control of one person (route) to a group of "phrack staff", it is valuable to reiterate the editorial policy for the magazine. Please note that it is not the intention of this article to describe requirements for what we will or will not accept for publication. The goal is to provide a number of pointers for authors which they will hopefully find useful when writing articles that they intend to submit. Firstly, we wish to stress that we are dedicated to continuing and improving the reputation Phrack has for publishing interesting and original articles. Articles published in Phrack have always fulfilled two general criteria: 1. The research described in the article is original and new. 2. The article is well written. This has always been what Phrack is all about and it will remain that way. Each of the sections below describe things to keep in mind if you intend writing and submitting an article for the magazine. ----| 2. Subjects for Research We will never specify particular technology areas that authors should concentrate on. What you choose to write about is entirely up to you, assuming of course that it is related in some way to information security! Many articles published in Phrack in the past have concentrated on an individual concept or an individual technology and we would like to see articles that combine concepts to create new ideas. For example: distributed denial of service tools exist because of work done on network agents that can be remotely controlled. What other ways can network agents be employed? Certainly for distributed password sniffing (roll your on Echelon...) and distributed network scanning, but also for worms and even as agents programmed to perform autonomous network penetration. We are as interested in the evolution of existing ideas as we are in research on entirely new subjects. A good example of this type of thinking is the editorial written by route in Phrack 53. His article describes the properties of server-centric attacks that most people are familiar with. In addition however, he talks about client-centric attacks - an idea which only seems obvious in hindsight and that certainly deserves much more attention. ----| 3. Writing in Plain Language Multiple Phrack articles have been "put into plain language" for general consumption by third-parties such as online news outlets. They have taken the ideas presented in Phrack articles and described them using language and analogies that their readers can understand. With concepts such as distributed denial of service and buffer overflows it is not necessary for the reader to understand the subject at a very technical level in order to understand the underlying idea. It is a fact that as subject matter becomes more technically esoteric and complex the audience that can understand that type of information gets smaller and smaller. When writing about technical subjects it is tempting to write in highly technical language (and I admit that I am sometimes guilty of this myself), but please take into consideration the fact that the audience for Phrack is at varying levels of technical competence; this is a fact of life. In addition, many of the readers of Phrack may not have English as their first language and this makes it especially important that articles are clear so that we can maximize the readership. There is no shame in writing in simple language. For these reasons we encourage submissions to Phrack to be written in language that is not excessively technical. We appreciate however that this is difficult to do when writing about subjects which are technical by their very nature. ----| 4. Full Expansion of Ideas A good article becomes a great article when the idea being presented is carried through to its full and logical conclusion. For example: Phrack has published a number of articles on evading network-based intrusion detection systems (IDS). Assuming that we have a new technique to document that allows us to bypass most IDS; of course the article must include a description of the theory behind the technique, but to make the article complete is should also include: * A description of what fundamental mistake the designers of the IDS made to allow the technique to work. * A section in the article on what can be done to mitigate the risk of the technique. For example: a patch or a change in the way an IDS is deployed or used. * A discussion of other technologies that may be affected by similar techniques. For this example this could be firewall technology that attempts to perform signature-based content analysis or even anti-virus software based on a misuse-detection model. We encourage ideas to be presented fully and in a way that does not simply look at the technology in isolation. ----| 5. Using References Putting references to other pieces of work has become almost standard practice for Phrack articles. This is a very good thing because it allows the reader to continue their research into the particular subject. At the end of your article, the list of references should include the author, the title, the date of the work, and also a URL for where it can be found online. For example: [Stewart, 2000] Andrew J. Stewart, "Distributed Metastasis: A Computer Network Penetration Methodology", September, 1999. http://www. securityfocus.com/data/library/distributed_metastasis.pdf In addition to references for related pieces of work, we would like to see references to any materials that you found useful when performing your research for the article. This could include books, manuals, materials found online, and so on. Any suggestions that you may have for follow-on work should be included. Perhaps you are aware of a related technique that might work but have not had the time to investigate it: include this in your article. ----| 6. Conclusions This article should in no way be viewed as an attempt to force people into writing Phrack articles a certain way. These are simply some observations about what has been done in the past and could possibly be improved upon in the future. Happy writing! ----| 7. References [Gosling, 1995] William Gosling, "Helmsmen and Heroes - Control Theory as a Key to Past and Future", 1994. |=[ EOF ]=---------------------------------------------------------------=|