[My notes in brackets. These are pieces of an inteview CPM did with David 
 Lawrence. Check the URL if you would like to listen to it. Where I quote
 her comments are done to the best of my typing skills. Listen for yourself
 if you think I heard wrong.]

http://www.audiocast.net/HomeTemplate.cfm?page=audio_play.cfm&id=428&code=tech&scode=geek

October 19, Talking with Carolyn Meinel
David Lawrence

dl: "she has an article in Scientific American, it's a legitimate thing"

cm: "i didn't get into it seriously until 3 years ago.."
cm: "one of my friends forged some email and i said 'how did you do that'"

[CPM on "the way things were"]

cm: "it was only common courtesy that when your server was down you allowed
     someone to get root in order to fix it"

cm: "the most famous hole in sendmail, the debug command.. the whole idea was back in 
     the old days before it was commercial you could kinad forward mail from one 
     host to another..

[CPM on hackers]

cm: "they wanted people to think they were geniouses, when all they were doing
     is taking advantage of people making their systems open.."

cm: "the people who run rt66 are pretty incredible hackers.. they are better than
     me..  some of these guys are better than me, they are so much better you wouldn't 
     believe it..  they kind of enjoyed the idea of punching some people in the nose..
     they have been broken into several times since i have been on there... its been a 
     very open ISP.. "

[Hrm. Some security expert. Her ISP staff is better than her, yet they have
 been broken into so much?]

cm: "what would happen is someone would get into one of the shell accounts through 
     a local exploit..they upgraded to solaris, which is much more resistant to 
     buffer overflows.."

[Uh.. to run a buffer overflow script locally, it would already require shell
 access.]

cm: "you can do it without leaving a trace.. one of the things i went to for that 
     article find a way to detect stealth scans... and we did.. and the guy who wrote
     the NMAP scanner is really mad at me, because i reported how you can foil his stealth
     scanner...   (he retaliating?)  .. he makes a lot of allegations like i was payed off
     under the table to claim that etherpeek software put out by AG Group would detect it..
     yeah, he got real mad, so i guess anyone who is dumb enough to believe etherpeek won't
     detect his stealth scanner deserves to get caught..."

[For the truth, read Fyodor's mail to/from CPM about his scanner. He adequately shows
 that she has little understanding behind the workings of a stealth scanner.]

[Carolyn talks about her 'fictional' account in SciAm magazine, but confuses 
 some terms, specifically 'rootkit'.]

cm: "Nancy has a rootkit on the main administrative machine.. that is why she has
     console access.. nancy's modem allows her to login as root on an SGI box which
     is an entryway.. and her rootkit is dogberry's downfall..."

cm: "buffer overflows are everywhere.. a couple OSs have been hardened against BOs..
     openbsd is incredibly secure.. the HFG guys had to hack NYT because they couldn't
     hack the Happy Hacker site..."

[How does she know they failed? If she recognized them attacking, did she report
 where they attacked from? How does she know it was them? And how does she know
 that they hit NYT because they coudln't get in there, short of knowing and being
 in league with them?]