[63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99/2000=] Number 47 Volume 1 1999 Dec 19th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== "This newsletter/ezine has been Declassified for the phearing impaired" ____ / ___|_____ _____ _ __ __ _ __ _ ___ | | / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \ | |__| (_) \ V / __/ | | (_| | (_| | __/ \____\___/ \_/ \___|_| \__,_|\__, |\___| |___/ This is #47 covering Dec 13th to Dec 19th ========================================================================== "ABUSUS NON TOLLIT USUM" ========================================================================== Mailing list members: 468 Can we bump this up somewhat? spread the word! ========================================================================== Today the spotlight may be on you, some interesting machines that have accessed these archives recently... _ _ _ | | | | ___ | |_ | |_| |/ _ \| __| | _ | (_) | |_ |_| |_|\___/ \__| _ _ _ _ | | | (_) | | |__| |_| |_ ___ | __ | | __/ __| | | | | | |_\__ \ |_| |_|_|\__|___/ .gov and .mil activity proxy.gintic.gov.sg doegate.doe.gov sunspot.gsfc.nasa.gov gate1.mcbh.usmc.mil homer.nawcad.navy.mil maggie.nawcad.navy.mil lisa.nawcad.navy.mil msproxy.transcom.mil b-kahuna.hickam.af.mil sc034ws109.nosc.mil infosec.se gate2.mcbutler.usmc.mil sc034ws109.nosc.mil shq-ot-1178.nosc.mil dhcp-036190.scott.af.mil mcreed.lan.teale.ca.gov dodo.nist.gov mc1926.mcclellan.af.mil kwai11.nsf.gov enduser.faa.gov vasfw02,fdic.gov lisa.defcen.gov.au ps1.pbgc.gov guardian.gov.sg amccss229116.scott.af.mil sc022ws224.nosc.mil sheppard2.hurlburt.af.mil marshall.us-state.gov digger1.defence.gov.au firewall.mendoza.gov.ar ipaccess.gov.ru gatekeeper.itsec-debis.de fgoscs.itsec-debis.de fhu-ed4ccdf.fhu.disa.mil citspr.tyndall.af.mil kelsatx2.kelly.af.mil kane.sheppard.af.mil relay5.nima.mil host.198-76-34-33.gsa.gov ntsrvr.vsw.navy.mil saic2.nosc.mil wygate.wy.blm.gov mrwilson.lanl.gov p722ar.npt.nuwc.navy.mil ws088228.ramstein.af.mil car-gw.defence.gov.au unknown-c-23-147.latimes.com nytgate1.nytimes.com There are some interesting machines among these, the *.nosc.mil boxes are from SPAWAR information warfare centres, good Is It Worth It Followup to see our boys keeping up with the news... - Ed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _ ___ ___ _ ___ | | | \ \ / / \ | |__ __ ___ __/ _ \ _ __ _ __ _____ _____ | |_| |\ \ /\ / / _ \ | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __| | _ | \ V V / ___ \ _| | | | (_| |> <| |_| | |_ | | | | __/\ V V /\__ \ |_| |_| \_/\_/_/ \_(_)_| |_|\__,_/_/\_\\___/|_(_)|_| |_|\___| \_/\_/ |___/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= http://welcome.to/HWA.hax0r.news/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ # # @ The HWA website is sponsored by CUBESOFT communications I highly @ # recommend you consider these people for your web hosting needs, # @ @ # Web site sponsored by CUBESOFT networks http://www.csoft.net # @ check them out for great fast web hosting! @ # # # http://www.csoft.net/~hwa @ @ # @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _ _ _ _ _____ _ _ _ | | | | __ _ ___| | _____ _ __( )__| ____| |_| |__ (_) ___ | |_| |/ _` |/ __| |/ / _ \ '__|/ __| _| | __| '_ \| |/ __| | _ | (_| | (__| < __/ | \__ \ |___| |_| | | | | (__ |_| |_|\__,_|\___|_|\_\___|_| |___/_____|\__|_| |_|_|\___| Sadly, due to the traditional ignorance and sensationalizing of the mass media, the once-noble term hacker has become a perjorative. Among true computer people, being called a hacker is a compliment. One of the traits of the true hacker is a profoundly antibureaucratic and democratic spirit. That spirit is best exemplified by the Hacker's Ethic. This ethic was best formulated by Steven Levy in his 1984 book Hackers: Heroes of the Computer Revolution. Its tenets are as follows: 1 - Access to computers should be unlimited and total. 2 - All information should be free. 3 - Mistrust authority - promote decentralization. 4 - Hackers should be judged by their hacking not bogus criteria such as degrees, age, race, or position. 5 - You create art and beauty on a computer, 6 - Computers can change your life for the better. The Internet as a whole reflects this ethic. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _____ _ _ _ | ___|__ _ __ _ __ ___ __ _| |_| |_(_)_ __ __ _ | |_ / _ \| '__| '_ ` _ \ / _` | __| __| | '_ \ / _` | | _| (_) | | | | | | | | (_| | |_| |_| | | | | (_| | |_| \___/|_| |_| |_| |_|\__,_|\__|\__|_|_| |_|\__, | |___/ A Comment on FORMATTING: Oct'99 - Started 80 column mode format, code is still left untouched since formatting will destroy syntax. I received an email recently about the formatting of this newsletter, suggesting that it be formatted to 75 columns in the past I've endevoured to format all text to 80 cols except for articles and site statements and urls which are posted verbatim, I've decided to continue with this method unless more people complain, the zine is best viewed in 1024x768 mode with UEDIT.... - Ed BTW if anyone can suggest a better editor than UEDIT for this thing send me some email i'm finding it lacking in certain areas. Must be able to produce standard ascii. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= __ __ _ | \/ (_)_ __ _ __ ___ _ __ ___ | |\/| | | '__| '__/ _ \| '__/ __| | | | | | | | | | (_) | | \__ \ |_| |_|_|_| |_| \___/|_| |___/ New mirror sites *** http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ *** http://datatwirl.intranova.net * NEW * http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ http://net-security.org/hwahaxornews http://www.sysbreakers.com/hwa http://www.attrition.org/hosted/hwa/ http://www.ducktank.net/hwa/issues.html. http://hwazine.cjb.net/ http://www.hackunlimited.com/files/secu/papers/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ * http://hwa.hax0r.news.8m.com/ * http://www.fortunecity.com/skyscraper/feature/103/ * Crappy free sites but they offer 20M & I need the space... ** Some issues are not located on these sites since they exceed the file size limitations imposed by the sites :-( please only use these if no other recourse is available. *** Most likely to be up to date other than the main site. HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net thanks to airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! and p0lix for the (now expired) digitalgeeks archive tnx guys. http://www.csoft.net/~hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. *DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.projectgamma.com/archives/zines/hwa/ http://www.403-security.org/Htmls/hwa.hax0r.news.htm =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ____ _ / ___| _ _ _ __ ___ _ __ ___(_)___ \___ \| | | | '_ \ / _ \| '_ \/ __| / __| ___) | |_| | | | | (_) | |_) \__ \ \__ \ |____/ \__, |_| |_|\___/| .__/|___/_|___/ |___/ |_| SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ************************************************************************** ____| _| | __| | __ \ _ \ __| | __| | | __/ | _____|_| _| _|\___|\__| Eris Free Net #HWA.hax0r.news ************************************************************************** *** /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed *** *** *** *** please join to discuss or impart news on from the zine and around *** *** the zine or just to hang out, we get some interesting visitors you *** *** could be one of em. *** *** *** *** Note that the channel isn't there to entertain you its purpose is *** *** to bring together people interested and involved in the underground*** *** to chat about current and recent events etc, do drop in to talk or *** *** hangout. Also if you want to promo your site or send in news tips *** *** its the place to be, just remember we're not #hack or #chatzone... *** ************************************************************************** =--------------------------------------------------------------------------= _____ _ _ / ____| | | | | | | ___ _ __ | |_ ___ _ __ | |_ ___ | | / _ \| '_ \| __/ _ \ '_ \| __/ __| | |___| (_) | | | | || __/ | | | |_\__ \ \_____\___/|_| |_|\__\___|_| |_|\__|___/ =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ ABUSUS NON TOLLIT USUM? This is (in case you hadn't guessed) Latin, and loosely translated it means "Just because something is abused, it should not be taken away from those who use it properly). This is our new motto. =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. Creator of Melissa Virus Hired by Rutgers While on Bail ......... 04.0 .. Freedom Officially Launched ..................................... 05.0 .. Free Linux Firewall Available ................................... 06.0 .. Piratecity Being Sued by Fortunecity ............................ 07.0 .. Hacker Stereotyping Continues ................................... 08.0 .. Australian Government Site Defaced In Protest of New Law ........ 09.0 .. Russian News Agency, Itar-Tass, Defaced ......................... 10.0 .. Irish Web Sites Defaced ......................................... 11.0 .. New US Crypto Export Rules Delayed Until January ................ 12.0 .. PGP Cryptography Exportable ..................................... 13.0 .. Police Fear Freedom ............................................. 14.0 .. The NSA, Soon To Not Be So Secret? .............................. 15.0 .. How Much Privacy do You Have? ................................... 16.0 .. Distributed Competition for Eliptic Curve ....................... 17.0 .. Slashdot Lists Top Ten Greatest Hacks ........................... 18.0 .. Feds Plead For Mercy ............................................ 19.0 .. Etoys in Simple Domain Dispute .................................. 20.0 .. Is It Y2K or Coincidence? ....................................... 21.0 .. More information on the PhoneMasters ............................ 22.0 .. RST Breaks Netscape Mail in Eight Hours ......................... 23.0 .. White House May Further Relax Crypto Controls ................... 24.0 .. Status of Bills Before Congress ................................. 25.0 .. Winkler Updates Estimates ....................................... 26.0 .. Cryptogram....................................................... 27.0 .. Hong Kong Blondes Give Extremely Rare Interview ................. 28.0 .. Netscape Password Issue is Not New .............................. 29.0 .. No E-Commerce Sites Offer Even Basic Privacy Protection ......... 30.0 .. Newspaper Fingers Potential Cyber Intruder ...................... 31.0 .. Internet Watchdog Defaced For Third Time ........................ 32.0 .. Security Focus Newsletter #19.................................... 33.0 .. Security Focus Newsletter #22.................................... =-------------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: POSTPONED til further notice, place: TBA.......... Ha.Ha .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ | | ___ __ _ __ _| | | | / _ \/ _` |/ _` | | | |__| __/ (_| | (_| | | |_____\___|\__, |\__,_|_| |___/ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ _ / ___|___ _ __ | |_ __ _ ___| |_ ___ | | / _ \| '_ \| __/ _` |/ __| __/ __| | |__| (_) | | | | || (_| | (__| |_\__ \ \____\___/|_| |_|\__\__,_|\___|\__|___/ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas2@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ ____ / ___| ___ _ _ _ __ ___ ___ ___ \___ \ / _ \| | | | '__/ __/ _ Y __| ___) | (_) | |_| | | | (_| __|__ \ |____/ \___/ \__,_|_| \___\___|___/ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ s News/Humour site+ ................http://www.innerpulse.com News/Techie news site.............http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=hack http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://ech0.cjb.net ech0 Security http://axon.jccc.net/hir/ Hackers Information Report http://net-security.org Net Security http://www.403-security.org Daily news and security related site Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ _ _ / ___| _ _| |__ _ __ ___ (_)___ ___(_) ___ _ __ ___ \___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __| ___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \ |____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html ATTRITION.ORG's Website defacement mirror and announcement lists ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.attrition.org/mirror/attrition/ http://www.attrition.org/security/lists.html -- defaced [web page defacement announce list] This is a public LOW VOLUME (1) mail list to circulate news/info on defaced web sites. To subscribe to Defaced, send mail to majordomo@attrition.org with "subscribe defaced" in the BODY of the mail. There will be two types of posts to this list: 1. brief announcements as we learn of a web defacement. this will include the site, date, and who signed the hack. we will also include a URL of a mirror of the hack. 2. at the end of the day, a summary will be posted of all the hacks of the day. these can be found on the mirror site listed under 'relevant links' This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: mcintyre@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ (1) It is low volume on a normal day. On days of many defacements, traffic may be increased. On a few days, it is a virtual mail flood. You have been warned. ;) -=- -- defaced summary [web page defacement announce list] This is a low traffic mail list to announce all publicly defaced domains on a given day. To subscribe to Defaced-Summary, send mail to majordomo@attrition.org with "subscribe defaced-summary" in the BODY of the mail. There will be ONE type of post to this list: 1. a single nightly piece of mail listing all reported domains. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -=- defaced GM [web page defacement announce list] This is a low traffic mail list to announce all publicly defaced government and military domains on a given day. To subscribe to Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm" in the BODY of the mail. There will be ONE type of post to this list: 1. sporadic pieces of mail for each government (.gov) or military (.mil) system defaced. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is designed primarily for government and military personell charged with tracking security incidents on government run networks. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -- defaced alpha [web page defacement announce list] This is a low traffic mail list to announce via alpha-numeric pagers, all publicly defaced government and military domains on a given day. To subscribe to Defaced-Alpha, send mail to majordomo@attrition.org with "subscribe defaced-alpha" in the BODY of the mail. There will be ONE type of post to this list: 1. sporadic pieces of mail for each government (.gov) or military (.mil) system defaced. the information will only include domain names. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is designed primarily for government and military personell charged with tracking security incidents on government run networks. Further, it is designed for quick response and aimed at law enforcement agencies like DCIS and the FBI. To subscribe to this list, a special mail will be sent to YOUR alpha-numeric pager. A specific response must be made within 12 hours of receiving the mail to be subscribed. If the response is not received, it is assumed the mail was not sent to your pager. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -=- THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) UPDATED Sept/99 - Sent in by Androthi, tnx for the update ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I am pleased to inform you of several changes that will be occurring on June 5th. I hope you find them as exciting as I do. BUGTRAQ moves to a new home --------------------------- First, BUGTRAQ will be moving from its current home at NETSPACE.ORG to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read below. Other than the change of domains nothing of how the list is run changes. I am still the moderator. We play by the same rules. Security Focus will be providing mail archives for BUGTRAQ. The archives go back longer than Netspace's and are more complete than Geek-Girl's. The move will occur one week from today. You will not need to resubscribe. All your information, including subscription options will be moved transparently. Any of you using mail filters (e.g. procmail) to sort incoming mail into mail folders by examining the From address will have to update them to include the new address. The new address will be: BUGTRAQ@SECURITYFOCUS.COM Security Focus also be providing a free searchable vulnerability database. BUGTRAQ es muy bueno -------------------- It has also become apparent that there is a need for forums in the spirit of BUGTRAQ where non-English speaking people or people that don't feel comfortable speaking English can exchange information. As such I've decided to give BUGTRAQ in other languages a try. BUGTRAQ will continue to be the place to submit vulnerability information, but if you feel more comfortable using some other language you can give the other lists a try. All relevant information from the other lists which have not already been covered here will be translated and forwarded on by the list moderator. In the next couple of weeks we will be introducing BUGTRAQ-JP (Japanese) which will be moderated by Nobuo Miwa and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A. from Argentina (the folks that brought you Secure Syslog and the SSH insertion attack). What is Security Focus? ----------------------- Security Focus is an exercise in creating a community and a security resource. We hope to be able to provide a medium where useful and successful resources such as BUGTRAQ can occur, while at the same time providing a comprehensive source of security information. Aside from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl herself!) have moved over to Security Focus to help us with building this new community. The other staff at Security Focus are largely derived from long time supporters of Bugtraq and the community in general. If you are interested in viewing the staff pages, please see the 'About' section on www.securityfocus.com. On the community creating front you will find a set of forums and mailing lists we hope you will find useful. A number of them are not scheduled to start for several weeks but starting today the following list is available: * Incidents' Mailing List. BUGTRAQ has always been about the discussion of new vulnerabilities. As such I normally don't approve messages about break-ins, trojans, viruses, etc with the exception of wide spread cases (Melissa, ADM worm, etc). The other choice people are usually left with is email CERT but this fails to communicate this important information to other that may be potentially affected. The Incidents mailing list is a lightly moderated mailing list to facilitate the quick exchange of security incident information. Topical items include such things as information about rootkits new trojan horses and viruses, source of attacks and tell-tale signs of intrusions. To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body of: SUBS INCIDENTS FirstName, LastName Shortly we'll also be introducing an Information Warfare forum along with ten other forums over the next two months. These forums will be built and moderated by people in the community as well as vendors who are willing to take part in the community building process. *Note to the vendors here* We have several security vendors who have agreed to run forums where they can participate in the online communities. If you would like to take part as well, mail Alfred Huger, ahuger@securityfocus.com. On the information resource front you find a large database of the following: * Vulnerabilities. We are making accessible a free vulnerability database. You can search it by vendor, product and keyword. You will find detailed information on the vulnerability and how to fix it, as well are links to reference information such as email messages, advisories and web pages. You can search by vendor, product and keywords. The database itself is the result of culling through 5 years of BUGTRAQ plus countless other lists and news groups. It's a shining example of how thorough full disclosure has made a significant impact on the industry over the last half decade. * Products. An incredible number of categorized security products from over two hundred different vendors. * Services. A large and focused directory of security services offered by vendors. * Books, Papers and Articles. A vast number of categorized security related books, papers and articles. Available to download directly for our servers when possible. * Tools. A large array of free security tools. Categorized and available for download. * News: A vast number of security news articles going all the way back to 1995. * Security Resources: A directory to other security resources on the net. As well as many other things such as an event calendar. For your convenience the home-page can be personalized to display only information you may be interested in. You can filter by categories, keywords and operating systems, as well as configure how much data to display. I'd like to thank the fine folks at NETSPACE for hosting the site for as long as they have. Their services have been invaluable. I hope you find these changes for the best and the new services useful. I invite you to visit http://www.securityfocus.com/ and check it out for yourself. If you have any comments or suggestions please feel free to contact me at this address or at aleph1@securityfocus.com. Cheers. -- Aleph One / aleph1@underground.org http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed UPDATED Sept/99 - Sent in by Androthi, tnx for the update ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --[ New ISN announcement (New!!) Sender: ISN Mailing List From: mea culpa Subject: Where has ISN been? Comments: To: InfoSec News To: ISN@SECURITYFOCUS.COM It all starts long ago, on a network far away.. Not really. Several months ago the system that hosted the ISN mail list was taken offline. Before that occured, I was not able to retrieve the subscriber list. Because of that, the list has been down for a while. I opted to wait to get the list back rather than attempt to make everyone resubscribe. As you can see from the headers, ISN is now generously being hosted by Security Focus [www.securityfocus.com]. THey are providing the bandwidth, machine, and listserv that runs the list now. Hopefully, this message will find all ISN subscribers, help us weed out dead addresses, and assure you the list is still here. If you have found the list to be valuable in the past, please tell friends and associates about the list. To subscribe, mail listserv@securityfocus.com with "subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn". As usual, comments and suggestions are welcome. I apologize for the down time of the list. Hopefully it won't happen again. ;) mea_culpa www.attrition.org --[ Old ISN welcome message [Last updated on: Mon Nov 04 0:11:23 1998] InfoSec News is a privately run, medium traffic list that caters to distribution of information security news articles. These articles will come from newspapers, magazines, online resources, and more. The subject line will always contain the title of the article, so that you may quickly and effeciently filter past the articles of no interest. This list will contain: o Articles catering to security, hacking, firewalls, new security encryption, products, public hacks, hoaxes, legislation affecting these topics and more. o Information on where to obtain articles in current magazines. o Security Book reviews and information. o Security conference/seminar information. o New security product information. o And anything else that comes to mind.. Feedback is encouraged. The list maintainers would like to hear what you think of the list, what could use improving, and which parts are "right on". Subscribers are also encouraged to submit articles or URLs. If you submit an article, please send either the URL or the article in ASCII text. Further, subscribers are encouraged to give feedback on articles or stories, which may be posted to the list. Please do NOT: * subscribe vanity mail forwards to this list * subscribe from 'free' mail addresses (ie: juno, hotmail) * enable vacation messages while subscribed to mail lists * subscribe from any account with a small quota All of these generate messages to the list owner and make tracking down dead accounts very difficult. I am currently receiving as many as fifty returned mails a day. Any of the above are grounds for being unsubscribed. You are welcome to resubscribe when you address the issue(s). Special thanks to the following for continued contribution: William Knowles, Aleph One, Will Spencer, Jay Dyson, Nicholas Brawn, Felix von Leitner, Phreak Moi and other contributers. ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn ISN Archive: http://www.landfield.com/isn ISN Archive: http://www.jammed.com/Lists/ISN/ ISN is Moderated by 'mea_culpa' . ISN is a private list. Moderation of topics, member subscription, and everything else about the list is solely at his discretion. The ISN membership list is NOT available for sale or disclosure. ISN is a non-profit list. Sponsors are only donating to cover bandwidth and server costs. Win2k Security Advice Mailing List (new added Nov 30th) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To subscribe: send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body to listserv@listserv.ntsecurity.net Welcome to Win2K Security Advice! Thank you for subscribing. If you have any questions or comments about the list please feel free to contact the list moderator, Steve Manzuik, at steve@win2ksecadvice.net. To see what you've missed recently on the list, or to research an item of interest, be sure to visit the Web-based archives located at: http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec ============== NTSecurity.net brings the security community a brand new (Oct 99) and much-requested Windows security mailing list. This new moderated mailing list, Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open discussion of Windows-related security issues. With a firm and unwavering commitment towards timely full disclosure, this new resource promises to become a great forum for open discussion regarding security-related bugs, vulnerabilities, potential exploits, virus, worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community and we openly invite all security minded individuals, be they white hat, gray hat, or black hat, to join the new mailing list. While Win2KSecAdvice was named in the spirit of Microsoft's impending product line name change, and meant to reflect the list's security focus both now and in the long run, it is by no means limited to security topics centered around Windows 2000. Any security issues that pertain to Windows-based networking are relevant for discussion, including all Windows operating systems, MS Office, MS BackOffice, and all related third party applications and hardware. The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to a security risk, it's relevant to the list. The list archives are available on the Web at http://www.ntsecurity.net, which include a List Charter and FAQ, as well as Web-based searchable list archives for your research endeavors. SAVE THIS INFO FOR YOUR REFERENCE: To post to the list simply send your email to win2ksecadvice@listserv.ntsecurity.net To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to listserv@listserv.ntsecurity.net Regards, Steve Manzuik, List Moderator Win2K Security Advice steve@win2ksecadvice.net @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ __ ___ ___ \ \ / / |__ ___ __ _ _ __ _____ ____|__ \ \ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ / \ V V / | | | | (_) | (_| | | | __/\ V V / __/_| \_/\_/ |_| |_|\___/ \__,_|_| \___| \_/\_/ \___(_) Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/programming/IRC+ man in black sas2@usa.net .............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black twisted-pair@home.com......: currently active/programming/IRC+ Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sla5h.............................: Croatia N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Wyze1.............................: South Africa Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) Sla5h's email: smuddo@yahoo.com ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ ___ ___ _____ _ ___ | | | \ \ / / \ | ___/ \ / _ \ | |_| |\ \ /\ / / _ \ | |_ / _ \| | | | | _ | \ V V / ___ \ _| _/ ___ \ |_| | |_| |_| \_/\_/_/ \_(_)_|/_/ \_\__\_\ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck, where the fuck, when the fuck etc .. *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ / ___|_ __ ___ ___| |_ ___ | | _| '__/ _ \/ _ \ __/ __| | |_| | | | __/ __/ |_\__ \ \____|_| \___|\___|\__|___/ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs72 Spikeman p0lix Vortexia Wyze1 Pneuma Raven Zym0t1c duro Repluzer astral BHZ ScrewUp Qubik gov-boi _Jeezus_ Haze_ thedeuce ytcracker Folks from #hwa.hax0r,news and #fawkerz Ken Williams/tattooman ex-of PacketStorm, & Kevin Mitnick kewl sites: + http://www.hack.co.za NEW + http://blacksun.box.sk. NEW + http://packetstorm.securify.com/ NEW + http://www.securityportal.com/ NEW + http://www.securityfocus.com/ NEW + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ AMD demostrates 900 MHz chips December 17, 1999 "Advanced Micro Devices Inc. has demonstrated two different versions of its Athlon microprocessor running at 900 MHz. One uses the company's standard 0.18-micron process with aluminum interconnects, while the second is produced at the same line width but comes from AMD's Dresden, Germany, fab and features copper interconnects." Thanks to myself for providing the info from my wired news feed and others from whatever sources, also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yeah we have a message board, feel free to use it, remember there are no stupid questions... well there are but if you ask something really dumb we'll just laugh at ya, lets give the message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org domain comes back online (soon) meanwhile the beseen board is still up... ============================================================================== 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* * Ok i'm nearly caught up here, that sick period really * fucked up all my scheduling, thats what happens when * ya do something all yerself. Anyways enjoy .... next * ish, Christmas/New years issue. * * */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. -= start =--= start =--= start =--= start =--= start =--= start =--= start ____ _ _ / ___|___ _ __ | |_ ___ _ __ | |_ | | / _ \| '_ \| __/ _ \ '_ \| __| | |__| (_) | | | | || __/ | | | |_ \____\___/|_| |_|\__\___|_| |_|\__| / ___|| |_ __ _ _ __| |_ \___ \| __/ _` | '__| __| ___) | || (_| | | | |_ |____/ \__\__,_|_| \__| -= start =--= start =--= start =--= start =--= start =--= start =--= 03.0 Creator of Melissa Virus Hired by Rutgers While on Bail ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by nvirb Rutgers University Foundation hired David L. Smith, the creator of the Melissa Virus, while he was free on $100,000 bail. The University said that he went through the normal hiring process, submitted a resume and had references checked but that he was not recognized as the creator of the virus. (Proves that you never know who works for whom. Remember that the next time you hear someone say 'We don't hire hackers'.) Reuters - via Detroit Free Press http://www.freep.com/news/nw/virus12_19991212.htm Rutgers hired Melissa virus creator December 12, 1999 REUTERS NEW BRUNSWICK, N.J. -- David Smith, the New Jersey computer programmer who pleaded guilty Thursday to creating the destructive Melissa computer virus, was hired as a computer technician by the Rutgers University Foundation while he was on bail, the university said Saturday. A spokeswoman said that when the foundation hired him, it did not recognize Smith as the suspected author of the virus, which infected e-mail systems around the world in March. Smith, 31, submitted a resume in answer to a newspaper advertisement and was hired Sept. 20 while out on $100,000 bail following his arrest in April. He went about his work quietly and unrecognized for two months, trouble-shooting computers in foundation offices. He quit Dec. 3, a week before his court appearance, citing personal reasons. "Now we know what they were," Rutgers spokeswoman Pamela Blake said. Smith went through a normal hiring process, providing credentials supporting his qualifications and references that were checked. "He wasn't recognized," Blake said. "People did not make that connection when he was hired. At no time during the process was the Melissa virus mentioned. None of his references mentioned the virus." None of the foundation's 100 employees or administrators whom Smith worked among recognized him. Interviewers did not ask Smith if he had ever been arrested or was awaiting trial because it is illegal to do so. Smith, of Aberdeen, N.J., faces a maximum five years in prison and $250,000 in fines on the federal charge of knowingly unleashing the virus on more than a million computer networks and e-mail systems and causing $80 million in damage. The foundation is the public university' fund-raising arm that brought in $60.6 million for the fiscal year ending in June. In his position, Smith had access to foundation accounts. An initial review of the foundation's computer system did not turn up any viruses or irregularities, but it continues to be monitored. "Obviously, we're concerned," Blake said. Smith did not have access to the computer systems of the university itself. He is free on bail pending his May 15 sentencing in Newark, N.J., by U.S. District Court Judge Joseph Greenaway. His sentencing in Freehold, N.J., on a state charge of disrupting public communications systems will follow. @HWA 04.0 Freedom Officially Launched ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Anonymous HNN readers got advance notice almost two weeks ago but Zero-Knowledge is set to officially unveil Freedom today. If your looking for complete anonymity while using the Internet then you need Freedom. C|net http://news.cnet.com/news/0-1005-200-1491501.html?tag=st.ne.1002.thed.1005-200-1491501 Freedom 1.0 http://www.zks.net/clickthrough/click.asp?partner_id=542 New product guarantees online anonymity By Courtney Macavinta Staff Writer, CNET News.com December 13, 1999, 3:40 a.m. PT Zero-Knowledge Systems will unveil an online privacy tool today to let Net users conceal their true identities. And just like the company's name implies, it won't know who they are, either. Under a limited release of 10,000 copies per week, Zero-Knowledge's Freedom allows users to create pseudonyms to surf the Web, register at sites, send email, post to newsgroups and chat. But online shoppers, who give up droves of personal information, probably won't use the current version of Freedom because most e-commerce sites rely on credit cards for payment and physical addresses to deliver products. Many people who use the Net to express opinions, meet people, and collect articles and music think they are acting anonymously. But the fact is that their Internet service providers can keep track of them, as can Web sites that employ technologies such as cookies. Moreover, online consumers are routinely asked to hand over their names, ages, home addresses, incomes, credit card numbers and details about their shopping habits. Many comply, adding to data repositories that make it possible for companies to build profiles of people, track their online activities with greater accuracy, and target them with Web advertising. But for those who want to troll the Net incognito, Montreal, Canada-based Zero-Knowledge is about to offer one of the most advanced privacy protection tools. Most products on the market today, such as tools offered by Enonymous and Novell's Digitalme, are personal-information managers that let Net users create various profiles with home or business information that can be used to automatically fill in Web registration forms. Lucent Technologies' ProxyMate also lets people fill in online forms using their true identities or aliases. But with Freedom, users' online activities are encrypted and routed through a globally distributed network of servers that make it impossible to know where users are physically located or who they really are. To ensure that people's actual identities are not linked to their Freedom pseudonyms, they will buy $10 tokens and cash them in for "nyms." So all Zero-Knowledge ever knows about a person is that he or she purchased a token, according to the company. "Zero-Knowledge has no data that can be used to compromise a user's privacy," said Austin Hill, the company's president. Zero-Knowledge Systems, which has raised $14 million in venture capital, also won't be hindered by White House encryption export controls. The U.S. rules require licenses for the strong encryption products, and the FBI is constantly lobbying for so-called key-recovery features that could give them access to a person's private key to unlock their encrypted data. Law enforcement and powerful intellectual property owners--such as the record and music industries--don't want Net users to be completely anonymous because obviously, that makes them harder to bust if they are suspected of trafficking pirated material or committing other Net-based crimes. "I'm not worried about it. We're not exporting or building encryption [from within] the United States," Hill said. "We took an active stance to educate law enforcement [such as] the Department of Justice. Generally the conversation is: 'Can you build in a backdoor?' and we say 'No.'" If presented with a subpoena, however, Zero-Knowledge can shut off a pseudonym if it's being used to allegedly commit crimes. @HWA 05.0 Free Linux Firewall Available ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Kim Phoenix Adaptive Firewall, the first Linux firewall on the market, will be given away for personal use starting today. Phoenix has been certified by the International Computer Security Association (ICSA). Progressive Systems, Inc. http://www.progressive-systems.com @HWA 06.0 Piratecity Being Sued by Fortunecity ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ and Piratecity staff contributed by Overlord Piratecity.com, which offers free web space for underground sites, is being sued by free web page giant Fortunecity.com. The suit claims that Piratecity.com is infringing on Fortunecity.com's copyright without authorization which results in unfair competition, name brand dilution and causes confusion among customers. Piratecity.com intends to contest this litigation and is asking for support. PirateCity.com http://www.piratecity.com/news.htm On behalf of Piratecity. We report receipt of Legal Papers actioned by Fortunecity.com against us claiming copyright infringement. (see below) They bleat on about, no authorization and unfair competition, dilution and causing confusion among customers. This is rich, coming from an organization that systematically allowed the Internet Underground H/V/P/C/A, to upload sites and publicize URLs which guaranteed huge amount of traffic for Fortunecity. Once the site was popular, hit-wise, the site was then removed and the "ERROR 404" traffic was directed to the Fortunecity Homepage. This information was passed directly to John Stevens by a former employee of Fortunecity and this inspired the creation of Piratecity with its "Content Violation Free" concept based on a Fortunecity style Web-based Community catering for the Internet Undergound, now the Underground is flocking to Piratecity and we are signing up 500 new members per week. We intend to contest this litigation and ask for support and help in any way possible and for hackers worldwide to boycott Fortunecity. This is not about copyrights, it is about hits. Please see the letter below. December 9, 1999 BY FACSIMILE AND FEDERAL EXPRESS Dear Mr. Congleton: We are counsel for FortuneCity.com , Inc. (“FortuneCity”), the long time owner of the copyrights, trademarks, trade dress and other intellectual property interests for various graphics, images, marks and trade dress contained on FortuneCity’s web site (collectively, the “Proprietary Interests”). It has recently come to our client’s attention that your web site, uses FortuneCity’s Proprietary Interests without authorization. The posting of FortuneCity’s graphics, images, marks and other Proprietary Interests onto PirateCity.com’s (“Pirate City”) web site constitutes blatant copyright infringement, trademark infringement, unfair competition, dilution, violation of FortuneCity’s trade dress, and other causes of action under state and federal law. Furthermore, the use of FortuneCity’s Proprietary Interests on Pirate City’s web site is likely to cause confusion among consumers, and dilutes the distinctive quality of FortuneCity’s trademarks and trade dress, among other wrongs. Accordingly, on behalf of our client, we hereby demand that you immediately cease all use of FortuneCity’s Proprietary Interests on or in connection with your web site, or otherwise, that infringes our client’s rights in the Proprietary Interests, and that you relinquish all rights you may have sought over the graphics, images, marks and other Proprietary Interests. In the absence of your response in accordance with the foregoing by December 20, 1999, appropriate action will be taken against Pirate City to enjoin Pirate City’s use of the Proprietary Interests. We will also consider seeking temporary, preliminary and permanent injunctive relief, as well as damages for the harm suffered and which continues to be suffered by our client, together with attorney’s fees because of the wrongful deprivation caused by your clearly intentional illegal use of our client’s Proprietary Interests. It is our intention to take action against all persons, jointly and severally, who have acted with respect to the illegal use of these Proprietary Interests. The foregoing does not purport to constitute a complete statement of the position of FortuneCity in connection with this matter, and any and all rights, remedies, claims or defenses otherwise available to us under the circumstances are expressly reserved. Very truly yours, Michael S. Elkin Our Official statement in regard to this matter is as follows: "On behalf of Piratecity.com, I hereby declare that we intend to fight this litigation both inside and outside the Courts. We believe in fair competition, and disagree with allegations to the effect that we are in some way interfering with Fortunecity.com This is wholly untrue, our domain names are completely different. Since these threats came to light, we have been overwhelmed with support from the hacker community. It is independently the intention of these supporters to "destroy" interests of Fortunecity.com by any means possible, should litigation continue". John Stevens. Piratecity.com @HWA 07.0 Hacker Stereotyping Continues ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by no0ne Holywood never gets it right, and now Broadway (or off Broadway in this case) screws it up as well. Arthur Kopit's new off Broadway play 'Y2K' changes the traditional hacker stereotype from nerdy computer geek to evil doer out to take over the world. Mass media should just give up in trying to pigeon hole a culture. NY Times - yes registration is required http://www.nytimes.com/library/review/121299hackers-image-review.html ($$) @HWA 08.0 Australian Government Site Defaced In Protest of New Law ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by no0ne The Australian Broadcasting Authority's (ABA) web site was defaced over the weekend. The main page was replaced with one containing an obscene rant against the new Online Services Amendments law, which will be administered by the ABA. The new law is set to take effect next month. Australian Broadcasting Corporation http://www.abc.net.au/news/science/internet/1999/12/item19991210163329_1.htm Wired http://www.wired.com/news/politics/0,1283,33010,00.html A spokesperson for Electronic Frontiers Australia said that they also oppose the new laws but that defacing web pages does not help the anti-censorship cause. Australian Broadcasting Corporation http://www.abc.net.au/news/science/internet/1999/12/item19991211105245_1.htm ABC #1 Hacker slams Net censorship laws A security breach at a Federal Government Internet website has allowed a computer hacker to post a vitriolic attack on the Federal Government's new Internet censorship laws, which come into place next month. The hacker, calling himself Ned R, overwrote the Australian Broadcasting Authority's (ABA) website with an obscene diatribe against the new laws, which will be administered by the ABA. The hacker described the Australian Government as "clueless' over the provisions of the Online Services Amendments law which have been widely condemned by the Internet industry as "unworkable". Kimberly Heitman, from Electronic Frontiers Australia, says his organisation also opposes the new law, but hacks like that on the ABA website are "misdirected anger". Mr Heitman says the ABA, as public servants, are not responsible for the law and computer hacking of computer websites "doesn't help the cause at all". -=- Wired; Cracker Defiles Aussie Authority by Stewart Taggart 8:30 a.m. 10.Dec.1999 PST SYDNEY, Australia -- For almost half a day, the censor itself was censored. After a cracker defaced and placed obscenities on the homepage of the Australian Broadcasting Authority (ABA) early Friday morning, the regulatory agency was forced to take its Web site offline. See also: All About Aussie Online Laws "We're investigating, and awaiting a report from our ISP," said ABA spokeswoman Anne Hewer. The vandalism was done as a protest against the nation's controversial new online censorship laws, which go into effect 1 January. The ABA is the government agency responsible for regulating and licensing the nation's broadcasting industry and is required to uphold the new law. The Web site crack appears to have occurred sometime in the early hours of Friday morning. In a rambling, jumbled diatribe placed at the bottom of the homepage, the hacker -- identified only as "Ned R." -- taunted the organization. The site remained offline for most of the day Friday, but has since been reactivated. "You can't [^%$#($^] censor me," the cracker wrote. "If a message wants to get out, it will." "People only now can get connectivity the USA has enjoyed for years. And now one of the greatest resources we gave for free speech and free learning will be stifled by a vocal minority with no understanding of the underlying technology." The message ended with the cracker apologizing for his various typos and bad spelling because "I was high on methyldioxymethamphetamines and crack." Passed by Australia's legislature 30 June, Australia's new online content laws institute a complaint-driven system of Internet content regulation that ultimately empowers the ABA to legally force content providers to take down material from Web servers located in Australia. After the ABA investigates a complaint about the content on any Web site regardless of location, it can request that the nation's classification authority for books and movies rate the content. If the content is deemed excessively sexually explicit, violent, or offensive, it can be ordered to be taken down if it is hosted in Australia. ISPs will be required to offer subscribers home filtering software that can block access to similarly offensive sites that are located outside Australia. Free speech advocates have opposed the new law as at best, unworkable and at worst, part of a trend toward circumscribing citizens' rights to think independently. For its part, the Australian government acknowledges the law isn't perfect, but stresses something must be done to protect children against the Internet's more unsavory corners. Ms. Hewer said the ABA has outsourced technical management of its Web site to a commercial ISP, which it has used for about the last 18 months. She said this morning's attack was the second substantive disruption to the site in recent months by opponents of the new online content law, but that the previous attack didn't force the ABA to take its Web site offline. "Last time we didn't shut down the site, but just altered the page," she said. "This time we shut the site down for security reasons." -=- ABC #2 EFA 'understands' hacker's attack on Internet laws An organisation promoting freedom of speech on the Internet says it can understand the motives of a hacker who posted an attack on new censorship laws on a government website. The hacker, calling himself Ned R, targeted the Australian Broadcasting Authority's (ABA) site, writing an obscene attack on new Internet censorship laws, which will come into effect on January 1. Kimberly Heitman, from Electronic Frontiers Australia, says he too opposes the laws but the hacker has not helped the anti-censorship cause through his actions. "It's very much like a graffiti operation," Mr Heitman said. "But ... I think this criticism and indeed the hack is a very misplaced effort by reason of the fact that this is a government or indeed a political decision and not one which the bureaucrats in the ABA can really be held responsible for." @HWA 09.0 Russian News Agency, Itar-Tass, Defaced ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Underprivileged User Russian news agency, Itar-Tass, had its web site defaced yesterday by people opposed to the Russian military campaign in Chechnya. Administrators took the site off line for over an hour to repair the damage. BBC http://news.bbc.co.uk/hi/english/world/europe/newsid_561000/561576.stm Australian Broadcasting Corporation http://www.abc.net.au/news/newslink/weekly/newsnat-13dec1999-51.htm (404) Reuters - via Yahoo http://dailynews.yahoo.com/h/nm/19991212/wr/russia_website_1.html Sunday, 12 December, 1999, 18:15 GMT Hackers attack Russian news site The Russian offensive has caused widespread misery Hackers opposed to the Russian military campaign in Chechnya have attacked the website of the Russian news agency Itar-Tass. The site was out of action for more than an hour while computer technicians repaired the damage. The hackers left a message on the Tass site, which said: "We're here to fight evil and our power is growing." Tass said the hackers had sent an e-mail protesting against the "murder of peaceful Chechens". A spokesman said: "They called themselves 'Princes of Darkness' and 'Angels of Freedom'. They demanded that Russia stop the war in Chechnya." Identity unknown The agency, referring to the hackers as "computer terrorists", reported that it did not know who was responsible for the attack. Russia says its campaign in Chechnya is targeting terrorists responsible for a series of bomb attacks in Russia. But the West, which has widely condemned Russia's actions, says innocent civilians are being killed. The Russian media, including Itar-Tass, have been largely supportive of the campaign, which also enjoys widespread public support, and the tactics being employed. The Chechens accuse Russia's media of unquestioningly publishing government and military propaganda. They have their own website, which they use to report news from the various front lines in Chechnya, and which the Russians say is little more than a forum for misinformation. -=- Reuters Sunday December 12 11:05 AM ET Hackers Raid Tass Agency Web site in Chechen Protest MOSCOW (Reuters) - Russia's Itar-Tass news agency said Sunday its Internet site had been hacked into by ``computer terrorists'' demanding that Russia halt its military campaign in Chechnya. ``They called themselves 'princes of darkness' and 'angels of freedom' and demanded that Russia stop the war in Chechnya,'' a spokesman for the agency said by telephone. Tass said the site raiders had sent an e-mail protesting over the ``murder of peaceful Chechens.'' It added that the identity of the hackers was unknown and that it was working to repair the damage. The West has fiercely criticized Moscow's military campaign to clear the breakaway North Caucasus region of Islamic separatist fighters it calls ``international terrorists,'' saying that innocent people are suffering. Russian media have strongly backed Russia's tactics and the campaign enjoys widespread public support. @HWA 10.0 Irish Web Sites Defaced ~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by John The website for Irish Telecom's company Eircom ISP was defaced at around noon local time last Friday. Earlier last week an Irish radio station FM104 was also defaced. Hack Watch News http://www.iol.ie/~kooltek/welcome.html @HWA 11.0 New US Crypto Export Rules Delayed Until January ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Blaupause The Clinton administration will delay by about a month the release of new rules easing export of encryption products, missing the previously announced Dec 15th deadline. A draft of the new rules has drawn widespread criticism and it appears it's going to take a bit longer to work out the revised crypto legislation. Reuters - via San Jose Mercury News http://www.sjmercury.com/svtech/news/breaking/merc/docs/044439.htm Posted at 2:34 p.m. PST Monday, December 13, 1999 U.S. to delay until January encryption export rules WASHINGTON (Reuters) - The Clinton administration will delay by about a month the release of new rules easing export of computer data-scrambling products, missing a previously announced December 15 deadline, sources familiar with the rules said Monday. In September, the administration announced it would dramatically relax export restrictions on encryption products, which have become an increasingly critical means of securing global communications and electronic commerce on the Internet. The announced easing of export restrictions reflected the growing importance of encryption in commercial, non-military industries, as well as the growth of non-U.S. companies willing and able to meet market demand for encryption products. But a draft of the new administration rules issued last month drew widespread criticism from high-tech companies and Internet advocacy groups, who complained the proposal was unworkable and fell short of the promises announced in September. Sources familiar with the new rules said the administration needed more time than expected to revise the draft rules. Software vendors like Microsoft Corp. and Network Associates Inc., hardware makers like IBM Corp. and Cisco Systems along with privacy and Internet advocacy groups have been lobbying for years for easier encryption exports. @HWA 12.0 PGP Cryptography Exportable ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Network Associates has been granted an export license for the popular PGP software. This allows NAI to ship its full strength encryption software almost anywhere. Specific details regarding the export license and its restrictions where not provided. Info World http://www.infoworld.com/articles/en/xml/99/12/13/991213enpgp.xml Network Associates Inc. http://www.nai.com/asp_set/about_nai/press/releases/pr_template.asp?PR=/PressMedia/12131999.asp&Sel=647 From InfoWorld.com United States grants PGP encryption export license By Nancy Weil The U.S. government has granted Network Associates a license to export its PGP encryption software -- a move that the company termed "landmark" in an announcement Monday. The license will allow Network Associates to ship its full-strength PGP (Pretty Good Privacy) encryption software to most nations worldwide without restriction. Exports to some countries -- such as Cuba and Iraq -- remain off limits even as the Clinton administration moves toward loosening restrictions. The decision to grant the license precedes the expected new export control policy from the White House, another fact hailed by Network Associates in its written announcement Monday. The move will "point the way" for other U.S. companies, including those who sell products online, the Santa Clara-Calif.-based security software vendor said. Additional details regarding the license and its conditions were not provided. The Clinton administration last month circulated a draft of its new proposed regulations for encryption export. Although the new policy proposal loosens restrictions, some members of Congress were chagrined that the draft calls, for example, for export of shrink-wrapped encryption software through retail outlets independent of the manufacturer. That language, according to some critics, would allow traditional retail stores an advantage over e-commerce merchants. U.S. Rep. Zoe Lofgren, a California Democrat, criticized the draft language, but said that she had talked to Clinton and also wrote a follow-up letter to him regarding her concerns, and was assured that he and his staff will work to resolve the remaining issues. The final encryption plan is expected to be released on Wednesday. Network Associates Inc., in Santa Clara, Calif., is at www.nai.com . Nancy Weil is a Boston correspondent for the IDG News Service, an InfoWorld affiliate. @HWA 13.0 Police Fear Freedom ~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench New software from Zero-Knowledge Systems has police concerned. Freedom software lets people remain anonymous while sending e-mail, chatting and visiting Web sites. A spokesperson for the National Association of Chiefs of Police has said "It's going to make it a little more difficult to trace wrongdoers." Nando Times http://www.nandotimes.com/technology/story/body/0,1634,500142292-500169082-500633455-0,00.html Freedom 1.0 http://www.zks.net/clickthrough/click.asp?partner_id=542 (Sure get a lot of publicity don't they? - Ed) Internet anonymity service raises abuse concerns Copyright © 1999 Nando Media Copyright © 1999 Associated Press By DAVID E. KALISH NEW YORK (December 14, 1999 7:05 a.m. EST http://www.nandotimes.com) - A service intended to give Web users anonymity concerns authorities, who fear it could compromise their ability to track illegal activity on the Internet. The service from Zero-Knowledge Systems Inc., based in Montreal, would let people remain anonymous while sending e-mail, chatting and visiting Web sites. Such thoroughness could frustrate law enforcement officials trying to track down shady Web users who send abusive e-mail and exchange such material as child pornography and pirated software. "It's going to make it a little more difficult to trace wrongdoers," said Bob Wallace, a spokesman for the Miami-based National Association of Chiefs of Police. To use the service, Web surfers go to Zero-Knowledge's site, www.freedom.net, and download special software that scrambles information and also lets them use up to five pseudonyms instead of their real e-mail addresses. The Zero-Knowledge technology obscures the sender's Web trail by identifying just the final portion of the computer network used to transmit the information. The service, which works only with Windows 95 and 98 systems, costs $50, though a free 30-day trial is available. The company is limiting the offer to 10,000 users a week through February to make sure it's reliable. "The system has been purposely designed to make sure we have nothing of substance" to identify a user, said Austin Hill, the company's president and co-founder. Zero-Knowledge says it developed the software to address an increasing concern among users that Internet companies are using technology to track people's personal information - everything from buying habits to home addresses to age. Privacy advocates agree that Zero-Knowledge's product fills a demand for greater anonymity. "Anonymous speech is inconvenient and sometimes has bad consequences, but if you removed it we would be living in a very dangerous world," said Jason Catlett, president of Junkbusters Corp., a privacy advocacy and consulting firm in Green Brook, N.J. Zero-Knowledge says it is based in Canada in part because the nation has rules that are less restrictive than the United States in governing the export of encryption technology. But it has met with officials at the U.S. Department of Justice and plans to meet with the Federal Bureau of Investigation to brief them on the service. The company says it has taken steps to minimize the chances its service could be abused. For example, a user can send only a limited number of e-mails, limiting the service's appeal to "spammers" who want to anonymously bombard consumers with marketing messages. @HWA 14.0 The NSA, Soon To Not Be So Secret? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Where has the NSA been and what is its future? Wired takes a look at some of the past shenanigans of the agency and what lies before it in possible upcoming congressional hearings. Wired http://www.wired.com/news/politics/0,1283,33026,00.html Spies Left Out in the Cold by Declan McCullagh 3:00 a.m. 13.Dec.1999 PST It's enough to spook any spy. Congress plans to hold hearings next year that will, for the first time in a quarter century, investigate whether the National Security Agency is too zealous for our own good. Much has changed since those hearings in 1975. Instead of being a place so secretive that the Department of Justice once abandoned a key prosecution rather than reveal the National Security Agency's existence in court, "the Fort" has become enmeshed in popular culture. Techno-thrillers like Enemy of the State, Mercury Rising, Sneakers, and even cut-rate TV series like UPN's 7 Days regularly depict NSA officials -- to their chagrin -- as eavesdrop-happy Nixonites. But one thing has remained the same. The agency is barred from spying inside the United States and is supposed to snoop only on international communications. Through a system reportedly named Echelon, it distributes reports on its findings to the US government and its foreign allies. Do those findings include intercepted email messages and faxes sent by Americans to Americans? Maybe, and that's what's causing all the fuss. News articles on Echelon have captured the zeitgeist of the moment, spurred along by PR stunts like "Jam Echelon" day. Newsweek reported this week that the NSA is going to "help the FBI track terrorists and criminals in the United States." (The agency denied it.) A 6 December New Yorker article also wondered about the future of Fort George Meade. That future could look a lot like the past: congressional action that, in the end, doesn't amount to much. For this article, Wired News reviewed the original documents and transcripts from the Church committee hearings that took place in the Watergate -emboldened Senate in 1975. The Select Committee to Study Governmental Operations with Respect to Intelligence Activities published its final report in April 1976. It wasn't an easy process. NSA defenders tried their best to kick the public out of the hearing room and hold the sessions behind closed doors. "I believe the release of communications intelligence information can cause harm to the national security," complained Senator Barry Goldwater, a Republican who voted against disclosing information on illicit NSA surveillance procedures and refused to sign the final report. "The public's right to know must be responsibly weighed against the impact of release on the public's right to be secure.... Disclosures could severely cripple or even destroy the vital capabilities of this indispensible safeguard to our nation's security," said another senator. But Democratic Senator Frank Church and his allies on the committee prevailed, and disclosed enough information to give any Americans the privacy jitters. Among the findings: Shamrock: In 1945, the NSA's predecessor coerced Western Union, RCA, and ITT Communications to turn over telegraph traffic to the Feds. The project was codenamed Shamrock. "Cooperation may be expected for the complete intercept coverage of this material," an internal agency memo said. James Earl Ray: When the Feds wanted to find the suspect in the Martin Luther King Jr. assassination, they turned to the NSA. Frank Raven, chief of the G Group, received a direct order in May 1968 to place Ray's name on the watch list. It turned up nothing and Ray was eventually nabbed in London, Raven said when interviewed for the book The Puzzle Palace. At another point the FBI demanded complete NSA surveillance of all Quakers, in the mistaken belief that the group was shipping food to Vietnam. Huston plan: Tom Charles Huston, an aide to H.R. Haldeman, organized a meeting in June 1970 between Nixon and his agency chiefs, including the FBI, CIA, NSA, and Defense Intelligence Agency. According to the Nixon papers, the president wanted to collected intelligence about "revolutionary activism." The presidential directive that came out of that meeting ordered the NSA to expand its surveillance and evaluate "domestic intelligence." Peace activists: At the Pentagon's request, the NSA monitored the communications of '60s peace activists. The order came from the military unit responsible for quelling "civil disturbances," which wanted to know if foreign agents were "controlling or attempting to control or influence activities of US 'peace' groups and 'black power' orgs." An internal NSA memo creating the Minaret project said it would focus on people involved in "anti-war movements/demonstrations." Drug war: Civil libertarians like to say that any "war" results in eroded freedom, and they seem to have been right in this case. "This is to express my desire to receive information produced by your agency which will assist the BNDD to more effectively combat the illicit traffic in narcotics and dangerous drugs," wrote John Ingersoll, head of the then-Bureau of Narcotics and Dangerous Drugs. The NSA complied. Ingersoll's April 1970 request appears to have been prompted by President Nixon's public declaration of the so-called war on drugs. The Church committee eventually prepared an exhaustive -- and damning -- 396-page report that detailed how the NSA and other agencies had run amok for the previous few decades. One conclusion by the panel's chairman: Congress has a "particular obligation to examine the NSA, in light of its tremendous potential for abuse.... The danger lies in the ability of NSA to turn its awesome technology against domestic communications." But it's not clear how much has changed. Some experts believe that not even top NSA officials know everything that happens at the agency, and it's a fair bet that the Senate committee didn't get all the information it wanted. That might be happening again. Widespread rumors that the NSA regularly engages in illegal surveillance of US citizens -- a rumor fueled by the Echeleon buzz -- gained more credibility this year when the agency refused to turn over important information to Congress. Citing attorney-client privilege, the NSA declined to reveal information about its internal operating procedures. In an angry response, the House Select Committee on Intelligence drafted a requirement forcing the NSA and the attorney general to prepare a report by the end of January. Committee members expect "a detailed analysis of the legal standards employed by elements of the intelligence community in conducting signals intelligence [electronic or radio communication] activities, including electronic surveillance." President Clinton signed the measure as part of a spending bill, and the chairman of the House Government Reform Committee pledged to hold hearings in 2000. Since then, the NSA has managed to soothe hurt feelings on Capitol Hill, and the House Intelligence committee seems to be trying to limit public scrutiny of the agency by other legislators. The Intelligence committee, headed by Representative Porter Goss (R-Florida), "may seek to either stall hearings before the Government Reform Committee or dissuade intelligence community officials from testifying before it," according to a report in the 2 December issue of Intelligence Newsletter. Not likely, replies a committee staffer. "Chairman [Dan] Burton has pledged to hold the hearings so there will be hearings. A date has not been set yet," said Mark Corallo, a spokesman for the Government Reform committee. Corallo said the law does not allow NSA officials to ignore subpoenas from a non-intelligence committee. One legislator intent on seeing the hearings happen is Representative Bob Barr (R-Georgia), a prominent privacy advocate and former CIA employee who earlier this year asked Burton to schedule them. One Hill source said the hearing is more likely to happen in the second half of the year. Barr said he hopes the hearings will "determine if changes need to be made to existing [law] to ensure that it fits modern technology." "I don't know why anyone would object to hearings to determine if the NSA is operating within the bounds of US law. I would certainly hope not," Barr said in an interview Friday evening. "Oversight has to be a once-in-a-generation.... If Congress doesn't exercise regular as well as periodic oversight, then agencies are going to get away with as much as they can," he said. As preparation, Barr asked the Congressional Research Service, part of the Library of Congress, to prepare a report on the authority of the NSA to intercept electronic communiations -- both inside and outside the country. The conclusion was, well, inconclusive. "We have found no explicit statutory or Executive Order language giving the National Security Agency express authority to engage in interception of wire, oral, or electronic communiations," the 10 November report said. But the researchers said the Foreign Intelligence Surveillance Act (FISA) "appears to anticipate" electronic snooping. Look for that uncertain justification for surveillance to be a big focus of the hearings -- assuming they occur. Advocates haven't been quiet. The ACLU and other groups recently launched echelonwatch.org to focus public attention on the NSA and Echelon. "The hearings are necessary so Congress can determine whether the NSA is listening in on conversations that Congress intended be private absent a court order," said Greg Nojeim, ACLU legislative counsel. "We also hope the hearings would expose any holes in the court order requirement of the FISA that need to be plugged." Marc Rotenberg, director of the Electronic Privacy Information Center, said he hopes for four things: "public hearings, review, reform, and accountability." @HWA 15.0 How Much Privacy do You Have? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Zorro After two months the researchers at Agora, a group of information managers were able to find numerous privacy violating items on the manager of information security at the Regence Group, Kirk Baily. The researchers found a scannable sample of his signature; his speaking schedule over the last two years, copies of his home phone bills, learned the value of his home and even discovered that he had been born by Caesarean section on April 30, 1951, and got a C in English at the University of Washington. (Gives you a sense of the state of privacy in this country today. And people wonder why I use a pseudonym.) NY Times http://www.nytimes.com/library/tech/99/12/biztech/articles/13kirk.html ($$) @HWA 16.0 Distributed Competition for Eliptic Curve ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by McIntyre A team of mathematicians from France's INRIA research lab have brought together Net users from around the world to crack the 8th and hardest problem to Certicom's ECC challenge. The same team has already won the first seven problems but the 8th requires much more computing power. Certicom is offering a prize of $10000 for the first correct solution. If this team wins it, $1000 will go to each of the two people who find the match and the remaining $8000 will be donated to the Apache Software Foundation. Elliptic Curve Discrete Logarithms - download your client today! http://cristal.inria.fr/~harley/ecdl7/readMe.html @HWA 17.0 Slashdot Lists Top Ten Greatest Hacks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Space Rogue We mention this only under a feeling of obligation not because it is newsworthy. Slashdot.org has created a list of what it feels to be the Top 10 Hacks of All Time. To save you the grief of reading it they are, Orson Wells War of the Worlds, Mars Pathfinder, Ken Thompson's cc hack, The AK-47, Bombes and Colossus, Perl, Second Reality, The Apple II, the SR-71 and the Apollo 13 Mission Rescue. HNN does not particularly agree with the /. readership which just goes to show how widely varied the definition of the word 'hack' has become. Slashdot.org http://slashdot.org/article.pl?sid=99/12/13/0943241&mode=thread @HWA 18.0 Feds Plead For Mercy ~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by p_d_coleman and turtlex John Koskinen, chairman of the President's Council on Year 2000 Conversion, has pleaded for mercy. He has asked that those people who pierce computer network security as a 'public service' to withhold their attacks until after New Years. Michael Vatis, head of the National Infrastructure Protection Center, said they had no hard evidence of any planned attacks. (Again we hear the claim of no evidence yet the government continues to spread FUD (Fear Uncertainty and Doubt.)) Reuters - via Yahoo http://dailynews.yahoo.com/h/nm/19991214/tc/yk_hackers_1.html C|Net http://news.cnet.com/news/0-1009-200-1495563.html Tuesday December 14 12:58 PM ET U.S. to Computer Hackers: Give U.S. a Y2K Break By Jim Wolf WASHINGTON (Reuters) - President Clinton's top aide on Y2K matters has urged computer hackers to exercise self-restraint until after year 2000 technology fears largely have passed. In an unusual plea for mercy, John Koskinen, chairman of the President's Council on Year 2000 Conversion, said that some people regard piercing computer network security to be a ``great public service'' because it calls attention to security cracks. ``Hopefully those people will recognize we're going to have enough things going on that (New Year's) weekend that this will not be a particularly good weekend to demonstrate the need for more information security,'' he said on Monday. ``If you want to, in fact, make those points, my hope is (you'll) make them the following weekend,'' when Y2K confusion is expected to have subsided, Koskinen said in reply to a reporter's question. One major concern of authorities is that confusion during the century date change could mask a wide range of malicious anti-U.S. activity, including possible computer-based attacks by hostile nations or guerrillas. Michael Vatis, the FBI agent who serves as the nation's top ''cyber-cop,'' said last week that the interagency outfit he heads -- the National Infrastructure Protection Center -- would be on alert although it had no hard evidence of any planned attacks. ``It's natural to expect there might be people doing stupid things with computers,'' he said of possible cyber attacks timed to exploit any high-tech confusion sparked by the century date change. ``Increased Vigilance'' Urged Bruce McConnell, a former White House information technology expert who now runs the U.N.-sponsored International Y2K Cooperation Center, said viruses timed to trigger on Jan. 1 appeared to be spreading, notably hidden in e-mail attachments. ``Clearly the end of the year is a time for increased vigilance with respect to computer security,'' McConnell said in a telephone interview. Adding to the confusion may be so-called denial-of-service attacks aimed at swamping government or private sector Web sites, according to Clark Staten, executive director of the Chicago-based Emergency Response and Research Institute. Last week, the U.S. Office of Personnel Management announced it would interrupt its Internet services for ``several hours'' during the New Year's weekend as a guard against hackers, power surges and other possible Y2K headaches. The agency said it would bar access during that limited period to the many data banks normally available on its Web site. The Defense Department and the U.S. Agriculture Department said last week they also were considering such precautions. Growing Number Of Computer Viruses Seen Anti-virus software makers have reported a growing number of computer viruses timed to go off on or about Jan. 1, when systems engineered to recognize only the last two digits in a date field may confuse 2000 with 1900. ``We are starting to see an increased frequency of viruses related to the year 2000. Some of them are timed to trigger on January first,'' said Narendar Mangalam, director of security strategy for Computer Associates, an Islandia, New York-based business computing firm. The CERT Coordination Center, a Defense Department-funded computer security project at Carnegie Mellon University in Pittsburgh, said it did not consider Y2K viruses a greater threat than the many others it has tracked. ``There may be viruses that are particularly virulent that I'm not familiar with that are set to go off on January first,'' Shawn Hernan, CERT's team leader for vulnerability handling, said in a telephone interview. ``In general, though, if you are susceptible to viruses that are spreading to be triggered on January first, you're going to be susceptible to those that are triggered to go off on January second and January third, and so on and so forth,'' he said. The best defense, Hernan said, was keeping up to date with anti-virus software updates, avoiding running programs of unknown origin, maintaining backups, paying attention to anomalies and reporting them to network security administrators. @HWA 19.0 Etoys in Simple Domain Dispute ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Bronc Etoys.com is currently in a simple domain dispute with the holder of etoy.com a California art group. While this matter may be of interest to law makers and people who worry about where the Net is going this is a matter best left up to the courts. Unfortunately Ernest Lucha, a spokesperson for the protest group RTMark doesn't feel that way. He and his group have called for the complete destruction of Etoys.com by any means necessary. He claims to have a group of 'hackers' who are working on destroying the company. ZD Net http://www.zdnet.com/intweek/stories/news/0,4164,2408451,00.html The last time anyone set out to electronically destroy anything an international coalition of the worlds most permanent underground groups condemned the action with almost universal support from around the globe. This is nothing more than a simple domain dispute best left up to the courts to decide, calling for a 'complete destruction' is nothing more than an act of terrorism using sensationalistic tactics. By claiming to have 'hackers' on your side you are doing nothing but continuing the stereotype of hackers as bad evil people bent on destruction. LoU-China-Iraq War Histogram - The last group to want 'complete destruction' http://www.hackernews.com/special/1999/louwar/louhist.html International Hacker Coalition Joint Statement - and what happened to them http://www.hackernews.com/special/1999/louwar/jointstat.html ZDNet; Protest Group Out To "Destroy" eToys By Connie Guglielmo, Inter@ctive Week Post Date: December 13, 1999 6:06 PM ET Updated: December 14, 1999 8:51 PM ET A protest group calling for the destruction of online toy seller eToys said it already has a group of hackers working on ways to interfere with site traffic counts and the toy seller's server operations. In a press release sent out Dec. 12, RTMark, a group describing itself as a "machine to improve its shareholders' culture and life - sometimes to the detriment of corporate wealth - put out a call to Internet users to "destroy" eToys by joining in a series of "sabotage" projects intended to lower the company's stock market value as "quickly as possible." Those projects, which RTMark has referred to collectively as a "mutual fund" - the "etoy Fund" - range from a boycott of the eToys site to e-mail campaigns to calling on hackers to interfere with site operations and traffic counts in moves RTMark hopes will cripple the company's servers during the 10 busy shopping days leading up to Christmas. RTMark spokesman Ernest Lucha said the campaign is intended to protest a trademark infringement suit eToys is waging against a European conceptual artist group called "etoy." A Los Angeles judge last month issued a preliminary injunction ordering the award-winning art group to stop using the domain name www.etoy.com or risk fines of up to $10,000 per day. What's raising the ire of protesters, Lucha said, is the fact that 5-year-old etoy registered the domain name in October 1995 - two years before eToys registered its domain name in the U.S. The next court hearing in the trademark infringement suit is scheduled for Dec. 27. Published reports said the two are working on settling the case. RTMark - pronounced "art mark" - is not the only group to protest against the eToys suit. A number of other sites have been established to contest the top toy seller's methods, including Toywar.com and Eviltoy.com. But RTMark recognizes its campaign, launched last week, calls for the most violent action. EToys spokesman Jonathan Cutler said Monday that the toy seller was not aware of RTMark's plans. "Our aim is to destroy the company," said Lucha, acknowledging that this is the first time the 8-year-old group, which has created parodies of George W. Bush's campaign site, has solicited funding for one of its sabotage projects against a specific company. The group, which Lucha said seeks to publicize the widespread corporate abuse of democratic institutions such as courts and elections, is funded through donations that typically average $100. But the etoy Fund is different. "We've got volunteers working on a program that will fake the Web access counts for eToys. We think if we make enough trouble, it will start affecting what investors think of the company and bring down their stock price." But Lucha acknowledged the likely result of the etoy Fund is that it will merely bring attention to the case. He added that RTMark is not working for or on behalf of etoy, and that the art group is not participating in RTMark's efforts. "It's sensationalism," he admitted. "We're trying to call attention to what's going on and make it clear that a lot of people are not happy with the case and what it represents . . . to show how outrageous it is. It fits into a long tradition of corporate bullying, where big corporations are able to use the court system to maintain their power." Asked if he was worried about possible legal reprisals against the group, whose members remain anonymous, Lucha noted RTMark is prepared for the possibility. "This is the first time we've gone after the destruction of a company. The only way it's strictly illegal is if we do damage to them," Lucha said. "We've always known there's a chance that we will be sued or destroyed. If we do, we will go down in a ball of fire with as much noise and publicity as we can." @HWA 20.0 Is It Y2K or Coincidence? ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Maggie Concerned that any technical failure after the New Year will be blamed on the Year 2000 computer problem, the White House plans to release figures today showing how often some systems typically break down. On a daily basis ATMs run out of cash, cellular calls won't go through and cable TV is showing static. It is hoped that by releasing these figures people won't freak out when things that normally break down continue to do so. Washington Post http://washingtonpost.com/wp-srv/WPlate/1999-12/13/116l-121399-idx.html Y2K Bug, or Just Coincidence? U.S. to Release Figures on Everyday System Breakdowns Associated Press Monday, December 13, 1999; Page A04 Lights go out. Computers crash. Flights are delayed, baggage is lost. ATMs run out of cash, cellular calls won't go through and cable TV is showing static. Sound like the nation's worst Y2K fears? In the increasingly complex world of technology, those disasters can occur individually all in a day's work--whether or not that day is the coming New Year's. Concerned that any technical failure in the earliest hours of Jan. 1 will be blamed on the Year 2000 computer problem, the White House plans to release figures today showing how often some systems typically break down. The move is precautionary, to avert public panic at the first sign of a disruption in electricity or another essential service that may coincide with the date rollover but one not caused by the computer glitch. Some failures may take weeks of study before Y2K can be blamed or dismissed as the cause. "Every day, things go wrong, and nobody pays much attention to them, nobody thinks twice about it," said John Koskinen, President Clinton's top Y2K adviser. "But any of those things that happen on January 1st will immediately be presumed to be the indication of a Y2K problem." Even though the nation's electrical utilities are rated more than 99 percent reliable, winter storms can darken neighborhoods and entire regions. Koskinen puts odds at 50-50 that a major ice storm or blizzard will strike America during that critical New Year's weekend. In 1989, for example, a failed switch shut down electricity on New Year's Eve for 90,000 citizens in Maine. The Washington-based Edison Electric Institute said in a report for the White House that any power failure over the Jan. 1 weekend "is almost certain to have occurred because of one of the usual reasons" rather than the Y2K bug. "We have interruptions in the power grid all the time," said Sen. Robert F. Bennett (R-Utah), chairman of the Senate's Special Committee on the Year 2000 Technology Problem. "We have interruptions in the flow of oil around the world all the time. We have all kinds of accidents that take place in computerland, and those that happen on January 1st, people will say were caused by Y2K." Computers and their programming code are at the heart of the Year 2000 problem, over which devices that aren't sufficiently tested or repaired could misinterpret the year "00" as 1900. That could corrupt important electronic records, miscalculate utility bills and interest rates, or cause a variety of havoc with automated systems. But software already is so enormously complex that computers sometimes fail for many other reasons. Microsoft Corp., whose Windows software runs most of the world's personal computers, fields about 29,000 phone calls daily from customers using more than 4,000 programs, who complain that their PCs aren't working right. Consumer Internet connections over phone lines can be infamously feeble, and even the most popular Web destinations experience crashes. Hackers routinely vandalize Web sites that have poor security, frequently attacking dozens of high-profile targets over a holiday weekend. The government has assured travelers that airlines in the United States will be safe, though it has also warned of possible delays and lost baggage. The most recent figures from the Federal Aviation Administration show that only four of every five flights of the nation's largest carriers arrive on schedule, and that for every 1,000 passengers, more than four temporarily lose their luggage en route. That translated into nearly 185,000 mishandled pieces in October. About 10 percent of all credit transactions fail routinely because equipment breaks down or consumers are overextended or forget their ATM password, said Paul Schmelzer, an executive vice president for Orlando-based Star Systems Inc., which process about 2 billion financial transactions annually. He expects those same problems to show up on New Year's. Koskinen said government officials will be looking to see whether the problems detected exceed what is expected. And he noted that it won't be immediately obvious what caused each of the problems. "The focus of the people whose systems aren't working will be to get the systems working," he said. "You're not going to be quite as focused on whether this is Y2K or not." © Copyright 1999 The Associated Press @HWA 21.0 More information on the PhoneMasters ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Michael Although they where busted almost four years ago the PhoneMasters are only now making headlines. After completely rummaging through the nation's phone systems the FBI was able to bring them down with a unique Data Tap. A pretty thorough article on the PhoneMasters has been published by CNN. This article also tries to examine why this story has not received much public attention. CNN http://www.cnn.com/1999/TECH/computing/12/14/phone.hacking/index.html Large-scale phone invasion goes unnoticed by all but FBI December 14, 1999 Web posted at: 3:39 p.m. EST (2039 GMT) In this story: Calling card numbers, credit reports, and more Giving the FBI the "pager treatment" FBI agents turn the tables Not as sexy, but more dangerous Phonemasters' skills gave them a 'power trip' Larger hacks slip under radar By D. Ian Hopper, CNN Interactive Technology Editor and Richard Stenger, CNN Interactive Writer (CNN) - Where have all the hackers gone? That's an understandable question considering the actions that currently pass for a news-making "hack." One might think that the days of Kevin Mitnick's phone hijinks or Robert Morris's computer worm, which disrupted the operations of over 6,000 computers nationwide in 1988, are gone. Sure, there's malignant code like the Melissa virus which struck computers earlier this year, but so many viruses rely on users to knowingly or unknowingly pass them on until they finally strike. When they do strike, they usually just wipe out the user's hard drive - not so horrible, on a global scale. But how about stories of intelligent hackers who download calling card numbers straight out of the data banks of giant phone companies in order to use or resell them, download and resell credit reports or have the ability to reroute or even take down entire telephone networks at will? Those guys are gone, right? Not so fast. They're far from done; they've just gone out of fashion. Calling card numbers, credit reports, and more A group of crackers called the Phonemasters, for example, stole tens of thousands of phone card numbers, found and called private White House telephone lines and rooted around in high-security FBI computer files in the mid-1990s. But the gang behind ones of the largest hacks ever failed to see their names on one FBI list, a request to tap their lines. Some four years after U.S. agents busted the group, the last of three ringleaders now awaits sentencing in federal court. Jonathon Bosanac pleaded guilty to two counts of computer-related fraud in a U.S. court in San Diego last week. The self-proclaimed "Gatsby" faces sentencing on March 2. Two other reputed ringleaders were sentenced in September. Corey "Tabbas" Lindsley received a prison term of 41 months; Calvin "Zibby" Cantrell was given 24 months. The hacker gang downloaded thousands of calling cards from AT&T, Sprint and MCI to sell on the black market, according to federal prosecutors. Some of the reported retail customers included the Sicilian Mafia. "One of the most valuable skills is to be a phone phreaker. If you 'own' the phone system, you have the keys to the kingdom: you can listen to anyone you want to, call forward, switch numbers and route calls," said Matthew Yarbrough, the assistant U.S. attorney in Dallas who served as lead prosecutor in the case. The scope of their activities was astounding. They could listen in on phone calls, alter secure databases and penetrate computer systems of credit report company Equifax and the FBI's National Crime Information Center. Giving the FBI the "pager treatment" The ringleaders even contemplated downloading every calling card in the United States, according to prosecutors. A federal judge estimated that the group caused $1.85 million in business losses over three months. The Phonemasters reportedly performed high-tech pranks, forwarding an FBI phone number to a sex chat line that left the bureau with a $200,000 tab. Some victims -- including a Pennsylvania police department that gave one Phonemaster a ticket -- received the "pager treatment," in which their phone numbers were each sent to thousands of pagers. The Phonemasters, a name coined by authorities, even sold for hundreds of dollars copies of personal credit reports, state motor-vehicle records and addresses or phone numbers of celebrities like Madonna and Danny Bonaduce. "The information, because of the confidential nature, had a lot of value," Yarbrough said. Looking through confidential databases, they warned targets of FBI surveillance that their phones were being tapped. But they never checked to see if their own phones were under surveillance. The Phonemasters went to great measures to avoid detection during their long-distance conference calls, never using their real names and speaking in code, referring to the calling card numbers as "tortillas," prosecutors said. FBI agents turn the tables But they were often aware of the risk. In the transcript of one 1995 conversation, Bosanac hears a strange noise on the line. "What the hell happened?" he asked. "That was the FBI tapping in," Cantrell joked. "You know how ironic that's going to be when they play those tapes in court?" Lindsley said. The FBI was listening, using a unique $70,000 prototype device that recorded every word and keystroke that moved along the phone line in Cantrell's home in Grand Prairie, Texas. It marked the first time the FBI successfully eavesdropped on computer data traveling through telephone lines, federal prosecutors said. In February 1995 a hacker friend told Cantrell his number was on a database of phone numbers under FBI watch. Soon FBI agents raided Cantrell's home, Lindsley's dorm room at the University of Pennsylvania in Philadelphia, and Bosanac's bedroom in his parents' house in Rancho Santa Fe, California. It took more than four years before the three pleaded guilty to counts related to theft and possession of unauthorized calling-card numbers and unauthorized access to computer systems. Lindsley who received one of the longest prison sentences in hacking history, refused to identify the voices of other hackers on tape. Bosanac faces a maximum sentence of 15 years. His attorney Peter Hughes said that Bosanac will likely receive around 20 months in prison, in part because of his plea. After the 1995 raid, Bosanac worked for a San Diego Internet company owned by AT&T, a Phonemaster victim. The company fired him after learning he had had hacked into their system, a federal prosecutor said. Bosanac, who remains free on a $25,000 bond, now works for a San Francisco firm that is aware of his case, Hughes said. Not as sexy, but more dangerous It's understandable if you haven't heard of the Phonemasters. With the exception of local newspapers reporting on hometown criminals or the so-called hacker media reports, the national media has largely ignored the Phonemasters and others like them. "Lately the media has been caught up in Web defacement," said Yarbrough, who also leads the FBI's cyber crimes task force in Dallas. The actions of Web defacers are typically confined to replacing the "home pages," or index files of a Web site with text and images that either - in the case of "hacktivism" - reflect a political or social viewpoint, or simply boast that the hacker had access to the site. Frequently, in an attempt to show no actual malice toward the site administrators, the hacker saves a copy of the original home page on the server or even leaves a text file containing a blueprint of how the hacker got access. In its most common form, Web site defacement causes very little actual damage when compared to a large-scale intrusion like the ones made by the Phonemasters. But the site that has "I own you" scrawled on it is a lot more obvious and brash than illegal charges made on thousands of calling cards. Hence, the graffiti artist gets what many of them want most: publicity. That's not only a shame, say some computer crime observers, but it's also very dangerous. "The web graffiti kids really affect public perception," says Brian Martin, administrator of the Attrition.org site, which logs and comments on computer hacks. "Because of vague wording and unfounded comments, journalists often imply that because a Web page was defaced, an entire network was compromised. That is hardly the truth. Most of the time these kids couldn't touch the internal network." Phonemasters' skills gave them a 'power trip' To Martin, the public should be more worried about people with the skills of the Phonemasters. "The level of knowledge they possess about computer systems, phone systems in particular, is amazing. In many cases they know more than highly paid and specialized technical operators of the systems they are into." Martin suggests the Phonemasters were driven by two quests common to hackers: "learning and exploration." Then the just as common third purpose, a power trip. "They liked having access to any and all kinds of information." Martin has written several essays urging "script-kiddies," a demeaning term for hackers who use ready-made programs written by others for breaking into systems, to cease defacing Web sites. He writes that it's not worth the almost inevitable discovery and punishment by authorities for such little accomplishment as inconveniencing a site administrator for a few hours and scaring some customers. "It disgusts me to see media attention being given to kids with scripts," Martin says. "Their annoying kiddie messages are a waste of time for all involved. Their weak justifications for hacking are only there to make them feel better about their activities and give it some sense of righteousness. The media dutifully inflates their egos when they get lucky and find some big corporate or military server vulnerable to the latest script they got." Larger hacks slip under radar Space Rogue is an employee of Boston-based L0pht Heavy Industries, a hacker think tank, and is the editor of Hacker News Network. He suggests that the Phonemasters have slipped under the national media radar because their intrusions are phone-based, and don't specifically involve the Internet. "The Internet is the hot technology topic at the moment and has been for some time. If it does not involve the Internet, people don't want to report on it. But this is a major crime and should be reported on. I just don't understand it," he says. Like Martin, Space Rogue thinks the skills of the Phonemasters go far beyond the abilities of the Web graffiti artists. "The Phonemasters can not be compared to script-kiddies in any way. The first are knowledgeable people who have learned systems inside and out. Script-kiddies can click a mouse on a button that says 'run'. There is absolutely no comparison." Those "script-kiddies" shouldn't feel like their acts are being ignored by authorities, though. As the Internet continues being a vehicle for commerce, Web site defacements are increasingly having economic consequences. Attacks against electronic business and government sites "both carry big problems. It's not the equivalent anymore to spray painting billboards on the highway," U.S. Attorney Yarbrough warns. If e-commerce sites have to be closed to repair defacements, those companies can lost tens of millions a day in lost revenue, he said. Martin, who mentions that the Phonemasters taught him some tricks as well, praises the Phonemasters for their restraint. "They had the power to destroy entire companies, crash phone networks and more. Yet they didn't." "The real evil is guys with the Phonemasters' skillset, but a lot less ethics," Martin says. @HWA 22.0 RST Breaks Netscape Mail in Eight Hours ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by eprime and John Reliable Software Technologies, a Sterling, Va., software-security company, needed just eight hours break the encryption Netscape Mail uses to scramble users' passwords. The problem affects all current versions of Netscape. Chris Saito, the senior director for product management at Netscape, said that the option to save a password locally was included for convenience. Saito added that Netscape didn't use a stronger encryption algorithm to protect passwords so that "computer experts could still access the information, in case someone forgot their password." (Damn, now that's a Cover Your Ass maneuver if I ever saw one. Netscape must be taking spin lessons from Microsoft.) ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2409537,00.html?chkpt=zdnntop RST Corp - Press Release http://www.rstcorp.com/news/bad-crypto.html ZDNet; Netscape security flaw revealed Researchers have found a potentially serious security flaw in the e-mail system used by Netscape's Web browser. By Sharon Cleary, WSJ Interactive Edition December 15, 1999 5:50 AM PT A software-security firm warned that its researchers have found a potentially serious security flaw in the e-mail system used by Netscape's Web browser. Reliable Software Technologies, a Sterling, Va., software-security company, said Tuesday that two RST engineers needed just eight hours to duplicate the mathematical algorithm Netscape Mail uses to scramble users' passwords. The company said the problem affects all current versions of Netscape. Gary McGraw, vice president for corporate technology at RST, said the Netscape algorithm was "not an obvious sitting duck -- [the password] appears to be scrambled up in a good way, but it's not cryptographically strong." That would allow a determined hacker to reverse-engineer the algorithm and figure out the password. According to RST, the engineers who found the security hole came upon it inadvertently. They were writing a program "to look for badly protected key material, like passwords," says Dr. McGraw, adding that to test the program's validity, they ran it against Netscape's e-mail system because it's a highly popular software system that millions of people use. According to Dr. McGraw, the engineers ran their program against their own e-mail accounts and noticed scrambled versions of their passwords in the "registry" files maintained by the Windows operating system. Algorithm not secure The passwords recorded in the Windows registry weren't saved verbatim, but scrambled by a proprietary algorithm of Netscape's. But that algorithm isn't secure, RST said. By changing their passwords and then checking the registry file repeatedly, RST's engineers were able to decipher the pattern Netscape used to scramble them. "We entered in passwords like 'a' and waited to see what would come out," Dr. McGraw said. "Then we kept changing it. Now it's 'a,' now it's 'b,' now it's 'ab.' " Officials of Netscape, now a division of Dulles, Va.-based America Online Inc. (NYSE: AOL, were concerned by the news but said the unit has no plans to change its algorithm. Chris Saito, the senior director for product management at Netscape, said that the option to save a password locally was included for convenience. Saito added that Netscape didn't use a stronger encryption algorithm to protect passwords so that "computer experts could still access the information, in case someone forgot their password." A key contention between RST and Netscape is whether the scrambled password could be retrieved remotely using code written with the Javascript language. According to RST, a user running Netscape Navigator versions 4.0 through 4.04 could have their vulnerable password stripped by a Javascript run by a rogue Web site. That could be particularly dangerous given that many computer users use only one password for many or all applications that they run: In a worst-case scenario, the discovery of a user's e-mail password could give an unscrupulous hacker easy entry into that user's company intranet, online trading account or bank account. At odds over existance Netscape and RST remained at odds late Tuesday about whether the Javascript vulnerability really existed. Netscape's Saito said the company wasn't aware of the vulnerability and added that a "security fix" would be forthcoming if that vulnerability were proved to exist. If the Javascript vulnerability doesn't exist, a password stealer would have to have physical access to a user's computer to figure out the algorithm. Saito noted that Netscape already has numerous safety features, including a Secure Sockets Layer, which enables users to communicate securely with Web servers, and a protocol for encrypting e-mail messages sent. Barring the presence of the Javascript vulnerability alleged by RST, Saito said Netscape didn't view the password problem as a security issue, adding that "we can't be responsible for physical access to people's machines." "As it stands now, we view this as a machine problem, not a Netscape problem," he said. @HWA 23.0 White House May Further Relax Crypto Controls ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Simple Nomad After receiving complaints from various companies and privacy watchdog groups regarding the White House's November 19 proposal on relaxing crypto rules, it looks like the White House is ready to actually live up to the promises made last September when they announced relaxing controls for crypto export. USA Today http://www.usatoday.com/life/cyber/tech/ctg899.htm 12/15/99- Updated 01:36 PM ET White House ready to relent on crypto By Will Rodger, USATODAY.com Clinton administration officials said Tuesday they intend to further relax export controls over privacy technologies that experts say will make the Internet a safer place. The action comes in the wake of protests lodged by industry and congressional critics alike since the White House released its last proposal Nov. 19. Critics complained then that the White House had backtracked on a Sept. 16 announcement that seemed to promise liberalization across the board. Commerce Undersecretary William Reinsch said Tuesday that his department is preparing new drafts that should address the disputed items. "These are drafts that we intend to share with industry. We’ll be getting those to them shortly." Large Internet companies including Cylink Corp., America Online and RSA Inc. have long pushed for further export liberalization in order to increase sales abroad. Liberalization, they argue, will not just increase US sales, but add greater security to an Internet which is increasingly subject to attacks by hackers and thieves. Privacy activists, likewise, promote encryption to protect email communications and customer databases from snooping on the Internet. Both groups say differing standards around the world have slowed much-needed integration of cryptographic features into word processors, e-mail programs and the like. But the FBI and National Security Agency have long encouraged existing restrictions because they fear that criminals, spies and terrorists will use encryption to thwart their eavesdropping efforts. Those arguments have been seriously undermined by the rapid growth of overseas encryption makers, many of which can produce products equal to the best the US has to offer. The new proposal would: Relax regulations that previously restricted sales to telecom companies with government investors. Treat online and telephone sales of encryption software the same as products sold through brick-and-mortar stores. Let developers of encryption development tools sell their wares abroad without going through an often-cumbersome licensing process. Treat mass-market computer chips used for encryption the same as software products. Free export of "Open Source" computer code for non-proprietary encryption software as long as exporters give notice they are sending the software abroad. The proposals, however, would continue the long-standing practice of requiring industry to apply for export licenses when selling to fore+ign governments. But the proposed changes should cover almost every objection industry lodged last month. "It’s very encouraging and fundamentally quite good because it aims at opening up the market for commercial applications," Cylink Corp. President and CEO William Crowell says. "All of us are pleased that this is an honest effort to move in a less restrictive direction. This is a good process." Roszel Thomsen, a Washington lawyer who represents a wide variety of encryption producers says he’s hopeful if not yet convinced. "The regulatory drafts appear to be heading in the right direction as far as industry is concerned," he says. "The question is whether they will be similarly transparent and faithfully implement the Sept. 16 announcement." @HWA 24.0 Status of Bills Before Congress ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Maggie A new report containing a brief summary of the status of 29 bills proposed during the First Session of the 106th Congress has been released. Some of the topics covered by these bills include Digital Signatures, Encryption, Privacy, Security, Telecommunication/Electronic Commerce and others. Some of these bills are already law and others will be a priority for the second session of the 106th Congress. Status of Key IT Legislation http://www.itpolicy.gsa.gov/mks/regs-leg/legover1.htm @HWA 25.0 Winkler Updates Estimates ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Ira Winkler wrote, in his 1997 book "Corporate Espionage," that there were fewer than 200 'computer geniuses' in the world who actually could find software vulnerabilities and another 1,000 talented individuals who could take those findings and use them to attack computer networks. He has since updated those numbers to 500 to 1,000 computer "geniuses" capable of finding vulnerabilities in software, 5,000 talented people capable of taking advantage of that information and 100,000 'clueless' script kiddies. Washington Post - via Spokane Review http://www.spokane.net/news-story-body.asp?Date=121499&ID=s719168&cat= December 14, 1999 Cyber 'geniuses' help CIA find vulnerabilities Washington Post - WASHINGTON -- In his 1997 book "Corporate Espionage," Ira Winkler, a former analyst and computer expert at the National Security Agency, wrote that there probably were fewer than 200 "computer geniuses" in the world who actually could find software vulnerabilities and another 1,000 hackers talented enough to take those findings and use them to attack computer networks. Another 35,000 to 50,000 "clueless" hackers merely take attacks that already have been published on the Internet and fire away. Winkler updated his estimates recently, saying there now are probably 500 to 1,000 computer "geniuses" capable of finding vulnerabilities in operating systems, 5,000 talented hackers and 100,000 "clueless" cybergeeks hacking around. For anybody in charge of securing large data systems, it's not a pretty picture. But the good news, from a U.S. intelligence perspective, is that 60 or 70 of those computer geniuses -- and possibly more -- work for the CIA, the National Security Agency or the Defense Department. They are on top of most major known vulnerabilities, Winkler said, and presumably have identified others that no one else knows about. The problem, he says, is that many of those geniuses are doing other things besides developing information warfare strategies. "It's not that hard at all," Winkler said. "The process of finding bugs -- it's just a matter of good software testing." @HWA 26.0 Cryptogram ~~~~~~~~~~ (Sorry about formatting of this section, wp problems. - Ed) Crypto-Gram December 15, 1999 by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc. schneier@counterpane.com http://www.counterpane.com A free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. Back issues are available at http://www.counterpane.com. To subscribe or unsubscribe, see below. Copyright (c) 1999 by Bruce Schneier In this issue: "Security Is Not a Product; It's a Process" Sarah Flannery's Public-Key Algorithm ECHELON Technology Counterpane -- Featured Research News New U.S. Crypto Export Regulations -- Draft Counterpane Internet Security News The Doghouse: Egg Fast Software Encryption 2000 European Cellular Encryption Algorithms Comments from Readers "Security Is Not a Product; It's a Process" In April 1999, someone discovered a vulnerability in Microsoft Data Access Components (MDAC) that could let an attacker take control of a remote Windows NT system. This vulnerability was initially reported on a public mailing list. Although the list moderator withheld the details of that risk from the public for more than a week, some clever hacker reverse-engineered the available details to create an exploit. Then, an exploit script (written in PERL) was publicly posted on the Internet. At about the same time, Microsoft created a patch and work-around to prevent attackers from exploiting the vulnerability on users' systems. Microsoft also issued a security bulletin on the topic, as did several other security news outlets. But patches don't magically fix security vulnerabilities. Over Halloween weekend, hackers attacked and defaced more than 25 NT-based Web sites. Seems like a bunch of security administrators didn't bother updating their configurations. This sort of thing goes on all the time. Another example: Microsoft issued a bulletin and a patch for a data access vulnerability in Internet Information Server (IIS) last year. Recently, experts demonstrated that Compaq, Dell, CompuServe, PSINet, and NASDAQ-AMEX never bothered installing the patch and were still vulnerable. A vulnerability is reported and a patch is issued. If you believe the news reports, that's the end of the story. But in most cases patches never get installed. This is why most systems on the Internet are vulnerable to known attacks for which fixes exist. Security is not a product; it's a process. It's the process of paying attention to vendor updates for your products. Not only network and network security products -- browsers, firewalls, network operating systems, Web server software -- but every piece of software you run. Vulnerabilities in your word processor can compromise the security of your network. It's the process of watching your systems, carefully, for signs of attack. Your firewall produces audit logs. So do your UNIX and NT servers. So do your routers and network servers. Learn to read them, daily. Learn what an attack looks like and how to recognize it. No security product acts as magical security dust; they all require time and expertise to make work properly. You have to baby-sit them, every day. The Microsoft bug mentioned above: http://www.microsoft.com/security/bulletins/ms99-025.asp http://www.microsoft.com/security/bulletins/ms99-025faq.asp News report: http://www.fcw.com/pubs/fcw/1999/1101/fcw-newsfedwire-11-01-99.html Why vulnerabilities don't get fixed: http://www.computerworld.com/home/print.nsf/all/991122CD52 Sarah Flannery's Public-Key Algorithm In January 1999, a 16-year old Irish woman named Sarah Flannery made international news by announcing a new public-key algorithm, called Cayley-Purser, that was supposedly faster and better than RSA and ElGamal. The only problem is that no one knew what the algorithm was. Well, it's finally public. Flannery's paper, describing the Cayley-Purser algorithm, has been published on the Internet by an unknown source. It's interesting work, but it's not secure. Flannery herself publishes a break of the algorithm in an appendix. To me, this makes Flannery even more impressive as a young cryptographer. As I have said many times before, anyone can invent a new cryptosystem. Very few people are smart enough to be able to break them. By breaking her own system, Flannery has shown even more promise as a cryptographer. I look forward to more work from her. Flannery's paper: http://cryptome.org/flannery-cp.htm News stories from January: http://www.zdnet.com/zdnn/stories/news/0,4586,2189301,00.html?chkpt=zdnnsmsa http://www.wired.com/news/technology/0,1282,17330,00.html ECHELON Technology The NSA has been patenting, and publishing, technology that is relevant to ECHELON. ECHELON is a code word for an automated global interception system operated by the intelligence agencies of the U.S., the UK, Canada, Australia and New Zealand. (The NSA takes the lead.) According to reports, it is capable of intercepting and processing many types of transmissions, throughout the globe. Over the past few months, the U.S. House of Representatives has been investigating ECHELON. As part of these investigations, the House Select Committee on Intelligence requested documents from the NSA regarding its operating standards for intelligence systems like ECHELON that may intercept communications of Americans. To everyone's surprise, NSA officials invoked attorney-client privilege and refused to disclose the documents. EPIC has taken the NSA to court. I've seen estimates that ECHELON intercepts as many as 3 billion communications everyday, including phone calls, e-mail messages, Internet downloads, satellite transmissions, and so on. The system gathers all of these transmissions indiscriminately, then sorts and distills the information through artificial intelligence programs. Some sources have claimed that ECHELON sifts through 90% of the Internet's traffic. How does it do it? Read U.S. Patent 5,937,422, "Automatically generating a topic description for text and searching and sorting text by topic using the same," assigned to the NSA. Read two papers titled "Text Retrieval via Semantic Forests," written by NSA employees. Semantic Forests, patented by the NSA (the patent does not use the name), were developed to retrieve information "on the output of automatic speech-to-text (speech recognition) systems" and topic labeling. It is described as a functional software program. The researchers tested this program on numerous pools of data, and improved the test results from one year to the next. All this occurred in the window between when the NSA applied for the patent, more than two years ago, and when the patent was granted this year. One of the major technological barriers to implementing ECHELON is automatic searching tools for voice communications. Computers need to "think" like humans when analyzing the often imperfect computer transcriptions of voice conversations. The patent claims that the NSA has solved this problem. First, a computer automatically assigns a label, or topic description, to raw data. This system is far more sophisticated than previous systems because it labels data based on meaning not on keywords. Second, the patent includes an optional pre-processing step which cleans up text, much of which the agency appears to expect will come from human conversations. This pre-processing will remove what the patent calls "stutter phrases." These phrases "frequently occurs [sic] in text based on speech." The pre-processing step will also remove "obvious stop words" such as the article "the." The invention is designed to sift through foreign language documents, either in text, or "where the text may be derived from speech and where the text may be in any language," in the words of the patent. The papers go into more detail on the implementation of this technology. The NSA team ran the software over several pools of documents, some of which were text from spoken words (called SDR), and some regular documents. They ran the tests over each pool separately. Some of the text documents analyzed appear to include data from "Internet discussion groups," though I can't quite determine if these were used to train the software program, or illustrate results. The "30-document average precision" (whatever that is) on one test pool rose significantly in one year, from 19% in 1997 to 27% in 1998. This shows that they're getting better. It appears that the tests on the pool of speech- to text-based documents came in at between 20% to 23% accuracy (see Tables 5 and 6 of the "Semantic Forests TREC7" paper) at the 30-document average. (A "document" in this definition can mean a topic query. In other words, 30 documents can actually mean 30 questions to the database). It's pretty clear to me that this technology can be used to support an ECHELON-like system. I'm surprised the NSA hasn't classified this work. The Semantic Forest papers: http://trec.nist.gov/pubs/trec6/papers/nsa-rev.ps http://trec.nist.gov/pubs/trec7/papers/nsa-rev.pdf The patent: http://www.patents.ibm.com/details?&pn=US05937422__ News reports on this: http://www.independent.co.uk/news/Digital/Features/spies151199.shtml http://www.independent.co.uk/news/Digital/Features/spies221199.shtml General information on ECHELON: http://www.echelonwatch.org http://www.wired.com/news/print/0,1294,32586,00.html Excellent article on ECHELON: http://mediafilter.org/caq/cryptogate/ EPIC files lawsuit against NSA to get ECHELON document released: http://www.epic.org/open_gov/foia/nsa_suit_12_99.html EPIC's complaint: http://www.epic.org/open_gov/FOIA/nsa_comp.pdf NY Times article: http://www.nytimes.com/library/tech/99/12/cyber/articles/04spy.html Counterpane -- Featured Research "Ten Risks of PKI: What You're Not Being Told About Public-Key Infrastructure" C. Ellison and B. Schneier, Computer Security Journal, vol. 16, n. 1, 2000, pp. 1-7. Public-key infrastructure has been oversold as the answer to many network security problems. We discuss the problems that PKI doesn't solve, and that PKI vendors don't like to mention. http://www.counterpane.com/pki-risks.html News There's a product, PawSense, that claims to detect when cats are stepping on your keyboard and a) require a password, just in case it's a human doing it, and b) make a noise that annoys the cat. It's a bizarre form of biometrics, I suppose. http://www.newscientist.com/ns/19991204/newsstory9.html http://www.bitboost.com/pawsense/ And on the more mundane biometrics front, a security system is being developed that can identify people by their gait. http://www.newscientist.com/ns/19991204/newsstory3.html Jon Carroll's essay on the FBI's new anti-terrorist strategy is pretty funny. "Bob, show Mr. Carroll the attractive pen and pencil set we're offering just for a chance to talk to you about terrorism for a few minutes." http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/1999/11/15/DD43291.DTL The German government is going to help fund the GPG effort. GPG is an open-source program that is compatible with (some versions of) PGP. http://www.nytimes.com/library/tech/99/11/cyber/articles/19encrypt.html http://www.gnupg.de/presse.en.html Risks of "anonymous" e-mail accounts: Someone sent a bomb threat from an account from an account named shadowmega@hotmail.com. The police contacted Hotmail, and found that the Hotmail account had been accessed at a particular date and time, using an IP address owned by America Online. Using the AOL information, police identified exactly who was using that IP address at that time and were able to trace the sender to his apartment in Brooklyn. I posted this to comp.risks, and people pointed out that the police didn't need to contact Hotmail. The information is in the e-mail header. This essay describes a copy-protection scheme from several years back that was actually successful (in part because the game it protected was never all that popular). There's a discussion of how software cracking works, and some interesting attempts to psych out what crackers don't like to do and force them to do a lot of it in order to crack the game. It's security through obfuscation, of course, but the author is very clear that copy-protection is ultimately impossible and all you can do is discourage attackers that aren't determined enough. http://www.erasmatazz.com/library/JCGD_Volume_6/Copy_Protection.html I know nothing about the Windows 2000 Encryption Pack, except what I read at this URL: http://www.microsoft.com/windows/professional/beta/downloads/default.asp An interesting article on simulating Web attacks: http://all.net/journal/ntb/simulate/simulate.html And someone's listing of the top ten computer hacks of all time: http://home.cnet.com/specialreports/0-6014-7-1420567.html?tag=st.cn.1f%20d2.tlpg.6014-7-1420567 EPIC (Electronic Privacy Information Center), EFF (Electronic Frontier Foundation), and the ACLU have asked a federal appeals court to block rules that give the FBI power to determine appropriate wiretapping capabilities for new communications systems. The groups claim that the levels of surveillance the FBI wants exceed what it is entitled to under the law. http://www.epic.org/privacy/wiretap/calea/release_11_18_99.html http://www.washingtonpost.com/wp-srv/WPlate/1999-11/18/155l-111899-idx.html http://www.zdnet.com/zdnn/stories/news/0,4586,2397376,00.html?chkpt=zdnntop E-mail eavesdropping: Online bookseller Alibris will plead guilty to charges that they intercepted the e-mail sent by Amazon.com to business partners. This may be the first conviction of industrial e-mail espionage. http://www.computerworld.com/home/print.nsf/all/991129CF52 Seymour Hirsch writes about the NSA's failures in the Internet age: http://cryptome.org/nsa-hersh.htm An NPR report on the same topic (audio): http://www.npr.org/ramfiles/atc/19991129.atc.03.ram Opinions on UNIX and Windows NT security, and the differing philosophies of the two operating systems: http://www.zdnet.com/zdtv/cybercrime/story/0,3700,2382021,00.html Is buggy software inevitable? It is, as long as market forces reward it. There is no liability for buggy software, so there is no economic incentive to create quality software. In fact, there is an economic incentive to create the lowest quality the market will bear. This _Business Week_ article discusses the problem: http://www.businessweek.com/1999/99_49/b3658015.htm The DVD crypto break affects the release of new products: http://www.eet.com/story/OEG19991202S0046 http://www.theregister.co.uk/991203-000006.html The Smart Card Security Users Group (SCSUG), which is composed of Visa, AmEx, Europay, MasterCard, Mondex, JCB, and the National Information Assurance Partnership (NIAP = NIST + NSA). They've written a Protection Profile, and have posted it for comment: http://csrc.nist.gov/cc/sc/sclist.htm PGP got a world-wide export license: http://www.nai.com/asp_set/about_nai/press/releases/pr_template.asp?PR=/PressMedia/12131999.asp&Sel=647 http://www.infoworld.com/articles/en/xml/99/12/13/991213enpgp.xml And two smart card breaks to finish things off: Number 1. A French engineer succeeded in factoring the 640-bit RSA key stored in the chip on the card (all French "CB" credit cards have had a chip since 1990). He contacted the conglomerate (GIE) that makes these cards; now he's being sued by GIE for fraud and intrusion and risks seven years in prison, as well as a 5M-franc ($800K) fine. GIE has also censored TV programs where he should have been interviewed, and claim he is blackmailing them. Meanwhile, they are not fixing the problem. The weakness? The payment terminal: another good illustration of "weakest link in the chain" attack. http://www.pele.org/english/smartcard.htm Number 2. German hackers have succeeded in cracking the Siemens digital signature chip, used in electronic payment and access control systems throughout Germany. It seems that there was an undocumented test mode of the chip that allows someone to dump the card's memory. Already the code has been disassembled, and some private keys have been compromised. http://www.theregister.co.uk/991201-000021.html New U.S. Crypto Export Regulations -- Draft On November 22, the White House released a draft of its new crypto export regulations. These new regulations are part of the changes promised in September. These regulations were due to be released on December 15, but have been delayed until January 15. The regulations do some of what's promised -- allow for export of 56-bit and 64-bit encryption products -- but fall far short of the promises made in September. I have three main objections: One: These regulations affect end-user products only. The primary uses of cryptography are not for end-user products. They do not affect Internet routers, firewalls, VPNs, CAs, etc. They do not affect software toolkits. These regulations do not affect technical assistance. Two: While these regulations permit the export of open-source cryptography code, there are some nasty complications. Near as I can tell, I can post crypto source on my Web page, but if a foreign company wants to use it I am obligated to make them get U.S. approval for the end product. Not only is this ridiculous, it is completely unenforceable. (Although you can see the NSA salivating at the chance to get their hands on all of those foreign products.) Three: These regulations are much too complicated. Instead of simply lifting export restrictions, this proposal just adds to the confusion. Heavy reporting and review requirements have always served the interests of those trying to stop the spread of strong cryptography. There are so many ifs, ands, and buts in these regulations that many will simply not bother. There are enough ambiguities to keep the lawyers busy for years. This is not the simplified and streamlined export process that we have been promised. Rumor has it that the Administration is addressing these (and other) concerns in the final regulations, and that the month delay was to make sure they were addressed. They are redoing the definition of "non-commercial" source code, trying to spell out the screening requirements (which they claim will be easy to comply with), and streamlining any reporting requirements. If this is true, the final version of this could be quite good. People I trust, who are closer to the process than I am, are "guardedly optimistic." We'll see. Draft regulations: http://www.epic.org/crypto/export_controls/draft_regs_11_99.html News reports: http://www.washingtonpost.com/wp-srv/WPlate/1999-11/24/105l-112499-idx.html http://www.computerworld.com/home/news.nsf/all/9911243cryptdraft http://news.cnet.com/category/0-1005-200-1463231.html http://www.zdnet.com/zdnn/stories/news/0,4586,2399788,00.html?chkpt=zdnntop http://www.wired.com/news/politics/0,1283,32732,00.html Counterpane Internet Security News You may have some noticed some changes around Counterpane. Here's the news: Last summer I teamed up with seasoned start-up CEO Tom Rowley to start a new company: Counterpane Internet Security, Inc. This company will address the critical need for higher level security services on the Internet. My motto is: "The fundamental problems in computer security are no longer about technology; they're about applying the technology." We have raised funding, and are now putting the technical and business management teams in place. We're keeping a low profile for now, but we're actively hiring. See http://www.counterpane.com/jobs.html for details. My consulting company, Counterpane Systems, has become the research division and working laboratory of Counterpane Internet Security, Inc. Renamed Counterpane Labs, it will provide ongoing research and critical resources to the newly formed company. Counterpane Labs will continue to engage in cryptography research, and to support the Twofish AES submission. Bruce Schneier's article on attack trees has been published in Dr. Dobb's Journal: http://www.ddj.com/articles/1999/9912/9912a/9912a.htm See also the presentation on the topic at: http://www.counterpane.com/attacktrees.pdf And the discussion on Slashdot: http://slashdot.org/article.pl?sid=99/12/02/232229&mode=thread&threshold=0 The Doghouse: Egg Egg, a UK banking and investment firm, sent customer credit card details out in unencrypted e-mails. "We didn't think [sending credit card details in unsafe e-mails] was a security problem," a spokeswoman for Egg conceded today. "We've now accepted that this was not best business practice." http://www.theregister.co.uk/991130-000015.html Fast Software Encryption 2000 Fast Software Encryption is an annual workshop on cryptography. The first Fast Software Encryption workshop was held in Cambridge in 1993, followed by Leuven in 1994, Cambridge in 1996, Haifa in 1997, Paris in 1998, and Rome in 1999. The workshop concentrates on all aspects of traditional cryptographic algorithms, including the design and analysis of block ciphers, stream ciphers, and hash functions. The seventh Fast Software Encryption workshop, FSE 2000, will be held from 10-12 April 2000, in New York, at the Hilton New York and Towers. It will be in conjunction with the 3rd AES Candidate Conference (same location, 13-14 April 2000). We expect that most people will attend both FSE and AES. Come, experience the wonders of symmetric cryptography. Watch the AES finalists battle it out in a war of cryptanalyses, comparisons, and vague innuendoes. If you're a corporation, please help by sponsoring the event. Register by the end of the year and save some money. Fast Software Encryption Workshop: http://www.counterpane.com/fse.html Third AES Candidate Conference: http://csrc.nist.gov/encryption/aes/round2/conf3/aes3conf.htm European Cellular Encryption Algorithms There's been a lot of bad information about what kinds of encryption are out there, what's been broken, and how bad the situation really is. Here's a summary of what's really going on. GSM is the world's most widely used mobile telephony system (51% market share of all cellular phones, both analog and digital), with over 215 million subscribers in America, Europe, Asia, Africa, and Australia. In the US, GSM is employed in the "Digital PCS" networks of such telecommunications giants as Pacific Bell, Bell South, and Omnipoint. There are four cryptographic algorithms in the GSM standard, although not all the algorithms are necessarily implemented in very GSM system. They are: A3, the authentication algorithm to prevent phone cloning A5/1, the stronger of the two voice-encryption algorithms A5/2, the weaker of the two voice-encryption algorithms A8, the voice-privacy key-generation algorithm (Remember, these voice-encryption algorithms only encrypt voice between the cellphone and the base station. It does not encrypt voice within the phone network. It does not encrypt end to end. It only encrypts the over-the-air portion of the transmission.) These algorithms were developed in secret, and were never published. "Marc Briceno" (with the Smartcard Developer Association) reverse-engineered the algorithms, and then Ian Goldberg and David Wagner at U.C. Berkeley cryptanalyzed them. Most GSM providers use an algorithm called COMP128 for both A3 and A8. This algorithm is cryptographically weak, and it is not difficult to break the algorithm and clone GSM digital phones. The attack takes just 2^19 queries to the GSM smart-card chip, which takes roughly 8 hours over the air. This attack can be performed on as many simultaneous phones in radio range as your rogue base station has channels. The Berkeley group published their COMP128 analysis in April 1998. They also demonstrated that all A8 implementations they looked at, including the few that did not use COMP128, were deliberately weakened. The algorithm takes a 64-bit key, but ten key bits were set to zero. This means that the keys that secure the voice-privacy algorithms are weaker than the documentation indicates. They published and analyzed A5/2 in August 1999. As the weaker of the two voice-encryption algorithms, it proved to be very weak. It can be broken in real-time without any trouble; the work factor is around 2^16. Supposedly this algorithm was developed with "help" from the NSA, so these weaknesses are not surprising. The Berkeley group published A5/1 in May 1999. The first attack was by Jovan Golic, which gives the algorithm a work factor of 2^40. This means that it can be broken in nearly real-time using specialized hardware. Currently the best attack is by Biryukov and Shamir. Earlier this month they showed that they can find the A5/1 key in less than a second on a single PC with 128 MB RAM and two 73 GB hard disks, by analyzing the output of the A5/1 algorithm in the first two minutes of the conversation. All GSM providers and equipment vendors are part of the GSM Association. The algorithms were designed and analyzed by the secretive "SAGE" group (which is really part of ETSI). We don't know who the people are or what their resumes look like. What we do know is that the SAGE security analyses of the ciphers are online at ETSI's homepage in PDF format. Read it; it's entertaining. A5/1 is purported to be a modified French naval cipher. This is mentioned in the leaked Racal document. What's most interesting about these algorithms is how robustly lousy they are. Both voice-encryption algorithms are flawed, but not obviously. The attacks on both A5/1 and A5/2 make use of subtle structures of the algorithm, and result in the ability to decrypt voice traffic in real time on average computer equipment. At the same time, the output of the A8 algorithm that provides key material for A5/1 and A5/2 has been artificially weakened by setting ten key bits to zero. And also, the COMP128 algorithm that provides the keying material that is eventually weakened and fed into the weakened algorithms is, itself, weak. And remember, this encryption only encrypts the over-the-air portion of the transmission. Any legal access required by law enforcement is unaffected; they can always get a warrant and listen at the base station. The only reason to weaken this system is for *illegal* access. Only wiretaps lacking a court authorization need over-the-air intercepts. The industry reaction to this has been predictably clueless. One GSM spokesman claimed that it is impossible to intercept GSM signals off the air, so the encryption breaks are irrelevant. Notwithstanding the fact that GSM interception equipment was once sold openly -- now it's illegal -- certainly the *phone* can receive signals off the air. Estimated cost for a high-quality interception station is well under $10K. GSM analysis: http://www.scard.org/gsm/ http://www.jya.com/crack-a5.htm GSM Association Web site: http://www.gsmworld.com News reports: http://wired.lycos.com/news/politics/0,1283,32900,00.html http://www.nytimes.com/library/tech/99/12/biztech/articles/07code.html Comments from Readers From: bill@carpenter.ORG (WJCarpenter) Subject: Electronic voting, replying to Greg Weiss > Are e-votes more prone to voter coercion? > > I used to agree with you on this. But when talking with someone > about absentee balloting this last week, it seems to me this > problem is equally present in today's non-virtual scenario. How? > Well, absentee ballots enable voter coercion in the privacy of > non-public polling places. E-votes are not particularly more > subvertible than absentee ballot votes at least from the voter > coercion threat. > Now with absentee ballots, there is one further protection. One > can apparently still vote in person at the polling place, and their > polling-place vote takes precedence over their absentee ballot. Hmmm. I had the opportunity to describe the coercion problem to a non-technical person recently, and the absentee ballot parallel was immediately obvious. Equally obvious were the critical differences. First, it is probably true that only a small percentage of voters use absentee ballots (beats me, an ambitious person could easily find out; my guess is that 15-20% is a big number). So, even if the absentee ballot system is completely corrupted by coercion, its effects are limited. Sure, absentee ballots decide some elections, but those are close elections to begin with. There is a dis-incentive to use absentee ballots because you must commit your vote several days in advance of the election. My intuition tells me that for most common cases people make up their minds at the last minute, perhaps even in the voting booth, and they are subconsciously aware of this. It seems likely to me that more people who truly need an absentee ballot (because they will be out of town or whatever) will forgo voting altogether. Electronic voting would presumably be made more convenient, even more convenient than traditional voting booth voting (no standing in line, no finding a parking place, no finding someone to watch your toddler for you). It is this convenience that should make it much more popular than absentee ballots have ever been. One could probably look at the case of electronic filing of tax returns (where you have to actually pay a fee) for how fast something like this could catch on. Electronic voting should be even more popular. Second, the forced delay in the absentee ballot process should be missing from electronic voting. Electronic voting doesn't carry the logistical burden of paper absentee ballots, and so it could be done exactly on election day. The success rate of a coercion scheme is probably related to how long you would have to control someone to keep them from going to the voting booth. (This doesn't mean that electronic voting wouldn't come with an artificial delay if one or more dominating political parties saw an advantage in that.) From: Dave Sill Subject: "Why Computers are Insecure" Regarding your "Why Computers are Insecure" piece, I think you're almost completely wrong. Yes, designing and implementing secure software is very hard, but it's not as hard as you make it sound. Proving security is, of course, impractical for any reasonably complex system, but, then, so is proving correctness. Does the inability to prove that software does the right thing mean we can never build software that works? Of course not. We're in the midst of a software quality crisis, and security problems are just one symptom. The problem is simply that users don't put a premium on reliability or security. Users want features above all else, and they're willing to accept a wide range of bugs as long as a product has the desired features. Until reliability and security are features that users demand, vendors won't go to the expense of providing them. We've got to get up, go to our windows, and shout "I'm as mad as hell, and I'm not going to take it anymore!" We've simply got to stop using poorly designed and implemented software. Yes, "virtually all software is developed using a 'try-and-fix' methodology" -- but that's not the only software development methodology available. Software can be engineered for reliability and security just like it can be engineered to implement certain capabilities. And, yes, Windows 2000 will have many more bugs than any software system in history. But that's due more to Microsoft's poor design and engineering than it is to the mind boggling complexity of the system. From: bartels@pixelmagic.com Subject: "Why Computers are Insecure" > Almost every week the computer press covers another security flaw: > When will it get better? ... I don't believe it ever will.... > Security engineering is different from any other type of engineering. ... > In many ways this is similar to safety engineering. ... > The only reasonable way to "test" security is to perform security reviews. ... > Satan's computer is hard to test. I believe you're missing the real problem here. I was a verification engineer for two years, testing the software in the Boeing 777 fly by wire computer. I've worked on "Satan's computer" as you put it. We played "devil's advocate" continuously looking for flaws in the design or flaws in the code that might lead to a bug. A benchmark to thoroughness, one module consisted of 30 pages of B size "schematics" which showed the arithmetic flow and design for the module. I cant remember the exact number of lines of code, but I seem to recall it was roughly 20 pages of solid code. I spent three months reviewing that one module. Here's the part I think you're missing though. Our group was self driven to do their job. Boeing paid us to do our job, sure. And Boeing could be liable if the plane crashed, absolutely. The FAA gave us the requirements for testing software, yes. But at the heart of it all, I think we were clearly driven by a simple concept: We could all see the consequences if we failed our task. People were putting their lives in our hands. Our software literally keeps the plane in the air. If we didn't do our job, people could die. It was a universally clear cut mission. It was something everyone on the team could identify with. There is not a universally clear consequence to bad encryption systems. Companies who produce systems have no clear cut consequence that the engineers "in the trenches" can identify with. They get paid, either way. They have never been held liable for poorly implemented encryptions systems. From: Greg Guerin Subject: Security engineering comparison I really liked the feature article in Nov 99 Crypto-Gram. The analogy to safety engineering was excellent. It left me with a nagging feeling I'd recently read something about safety engineering, but I couldn't pin it down. The answer recently clicked into place while filing magazine back-issues. There is an article entitled "Safety Critical Embedded Systems" in the Oct 1999 issue of "Embedded Systems Programming": Unfortunately, this particular article isn't on-line, but reprints or back-issues can be ordered. Anyway, the article was a clear concise overview of safety engineering, with an emphasis on embedded systems. I won't try to summarize it, because I'd just end up repeating the whole article. But I will list the safety guidelines at the end of the article: * All safety-related systems have hard real-time deadlines. * Safety always requires some level of redundancy. * Whenever possible, separate and isolate the safety-critical aspects of the system. * Safety is a system issue, not a software issue. * The key to a safe design is predictability. * Err on the side of simplicity. * Good design practices are required. * Good design practices are not enough. * Plan for all your assumptions to be violated. It's kind of eerie to realize that every one of these applies in full measure to security engineering, even the "hard real-time deadline." In safety systems, it means that a fault must be detected quickly enough for it to be acted on in order to avoid an accident. A fault-detector that triggers only after an accident has happened is worthless. In security systems, not detecting a breach in a timely manner diminishes the usefulness of detection. Security systems have the added difficulty of not always being able to detect a breach -- encryption algorithms usually can't tell if they've been cracked or not. From: "Nicholas C. Weaver" Subject: DVD encryption, reason for multiple keys... The reason for the multiple key structure (session key for the DVD, encrypted separately by the 400 odd player keys) was so that if, say, a single key was made public, they could remove that key from future DVDs produced, essentially acting as a limited key rescission measure. A good idea if their encryption algorithm itself wasn't incredibly dinky and highly vulnerable to a known plaintext attack. Also, they probably did deliberately choose a 40-bit scheme, simply to avoid any potential export complications. It would be bad to have a DVD player classed as a "munition," even if it is perfectly useless to actually encrypt real data. One other observation: The encryption never prevented organized, digital, DVD piracy, since that only requires the manufacturing of a bitwise copy of the DVD. It only prevented the organized pirates from removing region encoding information. Similarly, the many keys is probably for region encoding. Since software players were often set up (and I know my computer hardware player is) to specify a region with limited abilities to change it, the different keys probably represented the player acting as a different "region." Finally, the only reason why people bothered to crack the encryption at this time is because there were no players which worked under Linux. If there was a Linux software DVD player, the encryption probably wouldn't have been publicly cracked for months or years, because there wouldn't have been an incentive for it. From: NBII Subject: DVD encryption cracked A good article. In addition to your recommended links, I would suggest you include the following VERY well written treatise on Digital IP and Copyrights by J.P. Barlow: http://www.wired.com/wired/archive/2.03/economy.ideas.html?topic=&topic_set= I have yet to read a better overview of the problems inherent in the current presumptions about IP and how it "will work" in the coming economy. You'll note that, in 1994, he "predicted" what is essentially exactly the problem and the situation you describe. From: Roger Schlafly Subject: Elliptic Curve Public Key Cryptography I'd go with elliptic curves if you need security for decades. The elliptic curve DL problem seems to be much more intrinsically difficult than the RSA problem. Elliptic curve systems also give better protection against Moore's Law. If you accept the Lenstra-Verheul analysis, then you need to use 3000-bit keys with RSA, and almost no one is doing that. CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com. To unsubscribe, visit http://www.counterpane.com/unsubform.html. Back issues are available on http://www.counterpane.com. Please feel free to forward CRYPTO-GRAM to colleagues and friends who will find it valuable. Permission is granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety. CRYPTO-GRAM is written by Bruce Schneier. Schneier is founder and CTO of Counterpane Internet Security Inc., the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of the International Association for Cryptologic Research, EPIC, and VTW. He is a frequent writer and lecturer on computer security and cryptography. Counterpane Internet Security, Inc. is a venture-funded company bringing innovative managed security solutions to the enterprise. http://www.counterpane.com/ Copyright (c) 1999 by Bruce Schneier @HWA 27.0 Hong Kong Blondes Give Extremely Rare Interview ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by n0b0dy Anthony C. LoBaido, a roving international correspondent for World Net Daily, claims to have spent seven weeks with the Hong Kong Blondes in a rare and exclusive interview. The Hong Kong Blondes are a subversive group that is attempting to disrupt China's infrastructure through electronic means. The weird issue here is that this unprecedented interview fails to reveal much in the way of new verifiable data. Which seems weird since this guy supposedly spent seven weeks with them. It does however, seem to tie together all the facts that have already been published about the HKBs. World Net Daily http://www.worldnetdaily.com/bluesky_exnews/19991216_xex_hack_planet.shtml (Hack the planet?) WARS AND RUMORS OF WARS The Beijing hack attack Hong Kong-based cyber warriors build anti-China techno army © 1999 WorldNetDaily.com Editor's Note: Computer hacking - once the shadowy domain of misfits, pranksters techno-critics and spies - has taken center stage. While Y2K "czar" John Koskinen pleads publicly with hackers to cease and desist during the century date-change, reports escalate daily of cyber-terrorism threats and malevolent computer viruses embedded in e-mail, timed to activate on Jan. 1. But there is another side to hacking. WorldNetDaily's roving international correspondent, Anthony C. LoBaido, while enduring seven weeks of one of Hong Kong's hottest summers on record, was allowed into the secret realm of one of the world's leading computer hacking organizations. By Anthony C. LoBaido © 1999 WorldNetDaily.com HONG KONG -- What do blondes, Jack in the Box tacos and 21st century cyber-warfare have in common? Everything, apparently, if you're one of the elite and stealthy soldiers in Hong Kong Blondes' computer hacking universe. These committed soldiers are locked in mortal combat with the government of the People's Republic of China and the transnational corporations who profit from dealing with it. "Human rights are a global concern and we have no second thoughts about attacking the multinational corporations who profit off of the human rights abuses committed against our Chinese brothers and sisters by their own government," says Databyte Cowgirl, one of the leaders of the Hong Kong Blondes. Along with numerous other members of the Hong Kong Blondes, Databyte Cowgirl was interviewed by WorldNetDaily over the course of seven weeks in July and August of 1999, as well as during the past several weeks. "The Chinese government officials are just as bad as the Nazis. Only, for some reason, the multinational corporations find China and other communist regimes around the world to be more politically digestible," she added. "The gross human rights violations of the Chinese leadership, like the logai gulag system, religious persecution, forced organ harvesting, abortion and the crackdown on the Falong Gong Tai Chi movement are the epitome of evil. The only way we have to fight against them is via the high-tech realm." The story of the Hong Kong Blondes is a fascinating, twisted tale, stranger than fiction. To begin, the group was formed by the infamous (to the communist Chinese dictatorship) or renowned (to computer "hackers" the world over) Blondie Wong. Although his name is unfamiliar to the general public of both American and China, Blondie Wong is a man who is well known to the Chinese government, the People's Liberation Army, the National Security Agency of the U.S., the CIA, FBI, Interpol and numerous Fortune 500 companies. Although he now lives in exile in Toronto, Canada, under the protection of armed bodyguards, as a young boy Blondie Wong saw his beloved father stoned to death by Chairman Mao's Red Guards during the Cultural Revolution. Years later he traveled to the United Kingdom, where he entered university and studied to become a teacher. In the summer of 1989, after witnessing the Tienanmen Square massacre on television, Blondie Wong decided to form the Hong Kong Blondes and their sister hacking group, the Yellow Pages. At first, Wong started small -- organizing a close circle of friends he believed he could trust. Later he launched an international recruiting campaign aimed at some of the finest computer engineering universities in America and around the world. Ranging from Cal Tech to MIT, Blondie Wong assembled an elite army of sympathetic hackers. Young men and women who only a few short years before had been high school geeks with thick glasses and pocket protectors now became the front line of attack against the communist Chinese government. They pledged allegiance to Blondie Wong's crusade against communist China and turned their collective computer science and engineering skills into a sharp spear. Within a few months, this spear was capable of penetrating the internal affairs of China's military industrial complex, as well as the Western transnational corporations that do business with China. "One of the reasons that human rights in China are not further ahead is because they have been de-linked from American trade policy," Wong said in a document released through Cult of the Dead Cow, a U.S.-based hacker group that has advised the Blondes on technical issues. "When human rights considerations were associated with doing business with the United States, at least there was the threat of losing trade relations, of some form of punishment. Now this just doesn't exist. Beijing successfully went around Congress and straight to American business, so in effect, businessmen started dictating foreign policy," Wong explained. "By taking the side of profit over conscience, business has set our struggle back so far that they have become our oppressors too," Wong said. To deal with their oppressors, the Blondes began reading the private email of multinational executives and People's Liberation Army officers. They downloaded secure information such as satellite access codes, and even produced forged credentials giving Hong Kong and mainland colleagues access to People's Liberation Army facilities. Closer to home in Hong Kong, the Blondes began meeting at a local Jack in the Box restaurant, where they would munch on tacos while exchanging customized diagnostic software tools with one another. These tools were used to launch attacks against the PLA's computer systems through DoS or "Denial of Service" - in which a system is overloaded with millions of "hits" on a website. Other attack modes include erasing important data, altering and planting disinformation, and "spoofing" or attacking the processor of a computer network so as to gain root privileges -- the ability to execute commands and functions -- within the PLA network. As time progressed, members of the Hong Kong Blondes leadership told WorldNetDaily they began actually to install codes within the PLA computer mainframes. By using cellular modems, they were able to monitor the electromagnetic signals emitted by PLA computers by remote means. The Blondes even planted transmitters within the offices of the Chinese government, People's Liberation Army and foreign corporate headquarters in order to monitor their activities and infiltrate their computer networks. For those who doubt Blondie Wong's legions and capabilities, the group, as if to prove itself, temporarily disabled a key People's Liberation Army military satellite. Several PLA military officers questioned by WorldNetDaily in Hong Kong confirmed this intrusion. In fact, the Chinese government and military officially recognized the unauthorized attack on their hardened, restricted systems in a press release. "In 1999, there were 228 cyber-attacks launched within Hong Kong, in 1998, there were only 34," said Lo Yik Kee, chief superintendent of the newly formed Police Computer Crime Bureau, which will start operations on January 1, 2000. "We've seen a large increase in hacking incidents and due to the transnational nature of this kind of activity, it will only increase in the future." The Jack in the Box restaurant where the Hong Kong Blondes used to meet was closed down, putting an end to the group's taco fests. Yet, the space was renovated into an Internet café, from which the group first launched its PLA infiltrations. Since then, the cyber cafe, which stood near the TST subway station on Hong Kong Island, has been closed down as well. But the hacking unit formed by Blondie Wong continues to grow. According to China's Ministry of Public Security, there were 72,000 cyber-attacks launched against the PLA on mainland Chinese soil in the first nine months of this year. Of those, 165 were admitted to have been "successful." A spokesman for the National Security Agency in Washington, D.C. told WorldNetDaily that there are "less than 1,100 recognized hacking experts worldwide." Blondie Wong and his followers definitely appear to be included in that number. "The PLA is about to launch a fourth division of its military," said Ashton Tyler Baines in a recent interview with WorldNetDaily. A London-born computer programmer who now lives in the New Territories north of Kowloon Island in the Hong Kong Special Administrative Region, Baines has been a member of the Hong Kong Blondes for the past two years. "The PLA wants to control the cyberspace of its enemies, while at the same time preventing attacks on its own cyberspace," she explained. Baines told WorldNetDaily that the Hong Kong Blondes and the Yellow Pages have "already placed over 40 social engineers [computer operators who act as moles for the Blondes] inside the PLA's newly created cyberspace division." "The PLA is in for a rude awakening. We can infiltrate, alter and even crash several of their networks. We're putting in backdoors. We're writing bad code into the CD-ROMs they use as backups for their off-line servers. We have already infected the backup off-site copies of their CD-ROMs. We understand most of their security protocols because we wrote most of them into the software," she added. As one would expect, the Hong Kong Blondes are a secretive group who depend totally on the honor of their members. Yet their leaders told WorldNetDaily they "encourage other interested parties to form their own hacking groups." The Hong Kong Blondes won't disclose the numbers on their membership roster for two reasons. Primary, of course, is concern for the security of their members. But the Blondes also admit they aren't exactly sure just how many elite hackers around the world have aligned themselves with their agenda. "Ironically, we follow Chairman Mao's dictates of warfare. We are organized into small cells which are independent of one another. Cut off one head of a cell, and another will emerge in its place," said Baines. "Anyone can join our cyber army. The goals and objectives are clear and well known in underground hacking circles. First, infiltrate the PLA -- their communications satellites, space program and supercomputers, which can perform billions of operations in a single second. Second, the multinational corporations who are feeding the PLA weapons frenzy. Third, we like to go after COSCO (the Chinese Overseas Shipping Company) which is nothing more than a front for the PLA to acquire the financial muscle it needs to expand and threaten Free Asia and the West." According to Databyte Cowgirl, the Blondes and the Yellow Pages are also targeting the financial operations of Ted Turner's CNN and his Atlanta Braves Baseball team, as well as transnational companies "like Coca-Cola who do business with the Islamic jihad government of Sudan." She was referring to the Sudanese "holy war" that has resulted in the deaths of millions of black South Sudanese Christians since 1983. Additional targets include AT&T's new Lucent Technologies, which will handle future "cashless" transactions over the telephone, and the Hong Kong-based Hutchison Whampoa corporation, the latter with known ties to the People's Liberation Army. Hutchison Wampoa is due to take over the operation of the strategically vital Panama Canal in the year 2000. "It's high time we began attacking the money the elite has stashed away by arming the PLA and profiting on the suffering of the Chinese people," said Baines. "Banking, stocks, bonds, IRAs, gold bullion, money transfers, pension accounts and everything else you can think of. If the CIA can go after the bank accounts of (Serbian President) Milosevich, then we can go after the private bank accounts of China-lovers like Henry Kissinger and Madeleine Albright. Kissinger makes millions of dollars every year speaking and lobbying on behalf of Western multinational engagement with China. That's blood money on his hands and we intend to take it back -- so he'd better be hiding his money under his mattress." Tracey Kinchen, a former M1-5 agent with British Intelligence, assists the Hong Kong Blondes and the Yellow Pages with acquiring fake travel credentials and other sensitive items needed for international travel. Kinchen brings three qualities to the Hong Kong Blondes which its members claim are indispensible. First, she is the group's only natural blonde. Second, she is the spitting image of Hollywood actress Julie Holden. Third, and most importantly they say, she loves Jack in the Box tacos. In an interview with WorldNetDaily conducted at the World Trade Center in Bangkok, Thailand, Kinchen spelled out the reasons she supports the Hong Kong Blondes' efforts. "Blondie Wong and the Hong Kong Blondes would never want to hurt anyone. They follow Ghandi's and Martin Luther King's worldview of non-violence," she told WorldNetDaily. "But they also understand that the nature of warfare has changed. Who could have known that the supercomputers the Pentagon only dreamed about a half century ago would one day become home appliances capable of the most high-tech industrial espionage?" Kinchen said that information technology is the "refuge of last resort" and the "perfect medium to conduct low intensity warfare." "The NSA's budget is eight times larger than the CIA's. They handle most of the intelligence workload. Yet, with all of their state of the art equipment they haven't been able to touch Blondie Wong, or any of us for that matter." While maintaining strict loyalty to Blondie Wong and his compatriot, the shadowy Lemon Li who lives in exile in St Nazare, France, the Hong Kong Blondes and the Yellow Pages are rapidly expanding. In addition to cells at Cal Tech and MIT, the group has set up new cells at Baylor, Texas A&M, West Point, Liberty Baptist -- and the Air Force Academy in Colorado. "Our movement is a lot like witchcraft in colonial Salem," said Michael Ming, a Chinese-born computer science student at Texas A&M University in College Station, Texas. "Most people assume "The Crucible" version of unjust witch hunts in Salem is the truth. But I believe witchcraft was real and powerful in Salem. Not because of the witches, but because the general population believed that it had real power. As long as the PLA knows we're out there, we'll be agitating them and taking away their comfort zone." Ming added, "Now that the NSA, Echelon and PLA understand that we have a virtually undetectable, un-infiltratable, loose-knit organization with total allegiance to Blondie Wong and his goals, we're going to become even more of a threat to them. Even if they found us and took us out, thousands would rise up to take our places. Even the PLA can't kill that fast." The Hong Kong Blondes recently presented this WorldNetDaily reporter with a large mahogany replica of Noah's Ark, complete with 500 animal and people pieces. The ark was hewn by persecuted priests who languish inside the boundaries of mainland China. This band of anarchists, snoops, humanists, Christians, Buddhists and blondes, both real and imagined, has united in pursuit of a common goal -- to "fight the powers that be" by "hacking the planet." This reporter recently said goodbye to the Hong Kong Blondes' Thailand-based cell at the "Pam Pam" restaurant in Bangkok's World Trade Center. Pam Pam is the innocuous name given to Thailand's newest Jack in the Box franchise. The restaurant's menu features every item Jack in the Box lovers crave, from curly fries to sourdough burgers. Conspicuously absent are the tacos. Yet, hanging on the walls of Pam Pam's restaurant are giant pictures of the beloved tacos. And just below those pictures sit a neat row of state of the art computers, just waiting for the birth of a new Hong Kong Blondes cell. Hack the planet. Anthony C. LoBaido is a roving international correspondent for WorldNetDaily. @HWA 28.0 Netscape Password Issue is Not New ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Ryan Looks like the Netscape mess announced yesterday, where people's email passwords are left laying around on your hard drive, was actually first discovered over a year ago and it is much simpler than first thought. To Netscape's credit they are just conforming to the POP3 protocal which sends passwords in the clear anyway. Thievco http://www.thievco.com/advisories/nspreferences.html Security Focus http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-11-1&msg=Pine.LNX.3.96.981106155713.27067A-100000@sprite.netnation.com Netscape Preferences File Issues 11/16/98 This isn't much of an advisory... in fact, the credit goes elsewhere (see below.) I wrote a short piece of code in relation to this, though, so I wanted to publish that. Thanks to Holger van Lengerich for the heads-up. Got this note via Bugtraq: Hi! The Netscape Communicator 4.5 stores the crypted version of used mail-passwords (for imap and pop3) even if you tell Netscape to *not* "remember password" in the preferences dialog. Damage: ======= IMHO this means, that anybody who can read your preferences.js ("prefs.js" in the MS dominion) is problably able to read your mail or even get your plaintext-password. How to reproduce: ================= - start Communicator - be sure "remember password" is disabled in the preferences dialog for the "Incoming Mail Server". - get mails from Server (you get asked for your mail-password) - exit Communicator - edit preferences.js in $HOME/.netscape (MS-Users: prefs.js in your NS-Profile-Path) - search for something like: --- 8< --- user_pref("mail.imap.server.mail.password", "cRYpTPaSswD="); user_pref("mail.imap.server.mail.remember_password", false); --- >8 --- - Now change "false" to "true". - Save the file - Start Communicator - get mails ... now you are not asked for any password but can read all your mail! :( Affected: ========= probably all Communicator-4.5-packages on ALL operating systems. I was able to reproduce this behavior on: - Sun Solaris - Linux (glibc2) - MS Windows NT. Workaround: =========== Don't use Communicator 4.5 to fetch mails from your IMAP/POP server or be very sure that no one can read your Netscape-preferences-file!!! Regards, Holger van Lengerich, "pine"-user :) PS: The preferences.js is send to Netscape on Communicator-crash, isn't it? ---------------------------------------------------------------------------- Holger van Lengerich - University of Paderborn - Dept. of Computer Science System-Administration - Warburger Str. 100 - D 33098 Paderborn - Germany mailto:gimli@uni-paderborn.de - http://www.uni-paderborn.de/admin/gimli I did a little investiagting, and found that he was quite correct. I use Communicator 4.5, and use the POP reader, told it not to remember my password (it prompts each time I launch it) and yet, in my preferences.js file, there's a obscuficated copy of my password. I got curious about the encoding of the password. It's obviously trivially reversable if the algorithm is know, because Netscape can do it. If you've spent any time looking at base-64 encoded text, it was obvious that the password was base-64 encoded. So, I found a handy PERL module to do encoding/decoding, learned enough PERL to write a bit of code to apply it, and looked at the results. I got a string back that was not my original password. I tried it with another password, same results. I did notice one thing though... both my passwords were 7 characters long, and the resulting strings after the decode were also the same length. So, on a hunch, I took each hash and XORed it with the original password (REAL easy in PERL.) I got the same string back, both times. Aha! Here's the note I sent back to Bugtraq: >Does anybody know the algorithm used to encrypt the passwords in >Communicator?? Apparantly, it takes the plaintext, xors it with a fixed string, and base64 encodes the result: use MIME::Base64; print ((decode_base64('NLyIPunfKw==')) ^ ("\x56" . "\xc9" . "\xef" . "\x4a" . "\x9b" . "\xbe" . "\x5a")); You need the MIME perl module. This one is good up to 7 characters, because that's how long a couple of POP passwords I have are :) Should be pretty straightforward to extend beyond 7 characters.. just take the encoded string from the prefs file, base64 decode it, and xor it with your password in plaintext. What you'll get is the fixed string to xor with.. just extend the bytes I have above. The sequence of bytes is non-obvious as to the meaning (at least to me.) It doesn't spell anything in ASCII. Let me know if it doesn't work on your passwords.. I'm curious. I only had a couple to try. After that I went poking around a few home servers at my day job, to see if anyone had voluntarily chosen to save their password on their unix version of Netscape (we haven't rolled out 4.5 yet.) I found a couple, and was able to decode their passwords. I noticed a few other interesting things as well ... such as the fact that it's not just POP/IMAP passwords, it's also HTML publishing passwords and NNTP passwords as well. Plus, as an extra bonus, it creates the preferences.js files on the unix side so that they're world readable. I also managed to get the root password that one of our sysadmins had used to publish a web page and set it to it to save the password! Doh! Bad SA! If you need a version that does more than 7 characters, and you can't figure it out yourself, mail me a copy of your preferences file :) @HWA 29.0 No E-Commerce Sites Offer Even Basic Privacy Protection ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench A study by the Electronic Privacy Information Center has scrutinized privacy policies on 100 of the most popular online shopping sites and compared those policies with fair information practices. The group found that none of the 100 sites met all of the basic criteria for privacy protection. The Washington Post http://washingtonpost.com/wp-dyn/business/A3205-1999Dec16.html?&_ref=30607544 Internet Privacy Eroding, Study Says By John Schwartz Washington Post Staff Writer Friday , December 17, 1999 ; E4 Shoppers who have flocked to online stores for their holiday shopping are losing privacy with every mouse click, according to a new report. The study by the Washington-based Electronic Privacy Information Center scrutinized privacy policies on 100 of the most popular online shopping sites and compared those policies with a set of basic privacy principles that have come to be known as "fair information practices." The group found that none of the 100 sites met all of the basic criteria for privacy protection, which include giving notice of what information is collected and how it is used, offering consumers a choice over whether the information will be used in certain ways, allowing access to data that give consumers a chance to see and correct the information collected, and instituting the kind of security measures that ensure that the information won't fall into the wrong hands. "This study shows that somebody else, other than Santa, is reading your Christmas list," said Jeff Chester, executive director of the Center for Media Education, which also worked on the survey. The online privacy of children is protected by Federal Trade Commission rules, but adults do not share the same degree of privacy protection. The Clinton administration, like the online shopping industry, favors self-regulation over imposition of further government restrictions on electronic commerce. Marc Rotenberg, executive director of the privacy group, said the study shows that self-regulations has failed. "We need legislation to enforce fair information practices," he said. "Consumers are at greater risk than they were in 1997," when the group released its first report. The survey also asked whether the 100 sites used "profile-based" advertising, and whether the sites incorporate "cookies" technology, which gives Web sites basic information on visitors. Profiling is the practice of gathering information about consumers' interests by tracking their movements online. The information is then used to create targeted advertising on Web sites. All but 18 of the top shopping sites did display a privacy policy – a major improvement over the early days of electronic commerce, when such policies were scarce. But that did not satisfy the privacy group: "Companies are posting privacy policies, but these policies are not the same thing as fair information practices," Rotenberg said. The sites also did not perform well by other measures, the group said. It found that 35 of the sites feature profile-based advertising, and 87 percent use cookies. The group concluded that the policies that were posted "are typically confusing, incomplete, and inconsistent." The report, "Surfer Beware III: Privacy Policies Without Privacy Protection," is the third such survey by the group. The privacy consulting group Junkbusters also assisted on the study. The report called for further development of technologies that help consumers protect their privacy and even anonymity when exploring the Internet. A representative of the FTC, the federal government's lead agency in online privacy, disagreed, saying it is continuing to monitor the online market for progress or backsliding. "You can have the convenience of electronic commerce and the control over your personal information," said David Medine, the FTC's associate director for financial practices. "That doesn't have to be a trade-off." Noting how high consumers consistently rank privacy among their concerns about the online world, Medine said that privacy policy presents a market opportunity for online retailers: "We'll start seeing some competition for who has the best privacy policy," he predicted. The FTC will conduct a major privacy study next spring, he said. @HWA 30.0 Newspaper Fingers Potential Cyber Intruder ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench There isn't a lot of information available here but it would appear that a London newspaper The Express has turned in a suspected cyber intruder. The intruder allegedly called The Express and offered to shut down the presses of the competing paper the Daily Mail for £600,000. The Express notified the police, who arrested the 55-year-old suspect from Worthing, East Sussex and charged him with violating the Computer Misuse Act. (Somehow I doubt this guy had the capabilitiy to actually shut down the presses.) The UK Register http://www.theregister.co.uk/991217-000007.html?&_ref=30607544 (Short story! do people get paid for this? christ - Ed ) Posted 17/12/99 11:48am by Linda Harrison Hacker thwarted in newspaper plot The Express newspaper foiled a hacker's plot to bring down its arch-rival's computer system yesterday. The man phoned the paper and offered to stop production of fellow tabloids the Daily Mail and the Mail on Sunday for £600,000 on 7 January. In true Good Samaritan mode, The Express alerted police, who arrested the 55-year-old suspect from Worthing, East Sussex. He was being questioned under the Computer Misuse Act, The Express said. ® @HWA 31.0 Internet Watchdog Defaced For Third Time ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The website of the Australian Broadcasting Authority, a government watchdog group charged with policing upcoming Internet censorship laws, has had its website defaced for the third time in almost as many weeks. Fairfax http://www.it.fairfax.com.au/breaking/19991216/A41879-1999Dec16.html (Geezus this story is even shorter...must be on quaaludes -Ed) Internet watchdog hacked . . . again 9:56 Thursday 16 December 1999 By BARRY PARK THE website of the Australian Broadcasting Authority, a government watchdog charged with policing upcoming Internet censorship laws, has been hacked for the third time in almost as many weeks. The hacker, named "omni", left a short message at the foot of the ABA website after the front page was reposted yesterday. The website was breached twice recently and posted with anti-censorship material. The previous two hacks are believed to have been made by the same person, named "Ned R". @HWA 32.0 Security Focus Newsletter #19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.securityfocus.com/ Security Focus Newsletter #19 Table of Contents: I. INTRODUCTION 1. BindView & SecurityFocus.com announcement: COME PARTY ONLINE WITH US THIS NEW YEAR'S EVE! 2. SecurityFocus.com is looking for staff writers for a series of Solaris and Linux security columns! II. BUGTRAQ SUMMARY 1. SCO Unixware pkginstall/pkgcat Buffer Overflow Vulnerabilities 2. Sendmail Aliases Database Regeneration Vulnerability 3. Solaris snoop (print_domain_name) Buffer Overflow Vulnerability 4. MS IE5 vnd.ms.radio URL Vulnerability 5. GoodTech Telnet Server NT DoS Vulnerability 6. Xshipwars Buffer Overflow Vulnerability 7. Solaris snoop (GETQUOTA) Buffer Overflow Vulnerability 8. Netscape Enterprise Server for NetWare Admin Buffer Overflow Vulnerability 9. Solaris sadmind Buffer Overflow Vulnerability 10. htdig Remote Command Execution Vulnerability 11. Microsoft Help File Trojan Vulnerability 12. SCO Unixware Privileged Program Debugging Vulnerability III. PATCH UPDATES 1. Vulnerability Patched: Solaris snoop (GETQUOTA) Buffer Overflow 2. Vulnerability Patched: Xshipwars Buffer Overflow Vulnerability 3. Vulnerability Patched: htdig Remote Command Execution Vulnerability 4. Vulnerability Patched: Communigate Pro Web Admin DoS Vulnerability 5. Vulnerability Patched: Wu-ftpd message Buffer Overflow Vulnerability IV. SECURITYFOCUS.COM TOP 6 NEWS ARTICLES 1. Cell Phone Crypto Penetrated (December 6, 1999) 2. Microsoft wins high-level security rating (December 7, 1999) 3. Denial-of-service attacks employ zombie PCs to hit networks (December 9, 1999) 4. Security firm says BT's Trustwise digital signature technology can be tricked (December 9, 1999) 5. Government Debates Crypto Export Rules (December 9, 1999) 6. Melissa conviction to stop virus writers? (December 10, 1999) V. INCIDENTS SUMMARY 1. Re: Port scanning (Thread) 2. Scanning from 210.217.26.15 (Thread) 3. rpcbind scans (Thread) 4. Analysis of trin00 (Thread) 5. Analysis of Tribe Flood Network (Thread) 6. ISS information about Trino/Tribe Flood Network 7. ACK probe on port 1324 (Thread) 8. Drat Trojan/Backdoor Analysis (Thread) 9. Y2K Incidents (Thread) 10. sadmind (Thread) 11. ./ttymon (Thread) 12. Another probe: Port 98? (Thread) 13. More probes from DSL line in NYC VI. VULN-DEV RESEARCH LIST SUMMARY 1. Owning privileged processes under UnixWare (Thread) VII. SECURITY JOBS VIII. SECURITY SURVEY RESULTS IX. SECURITY FOCUS TOP 6 TOOLS 1. Cerberus Internet Scanner 1.0 (Windows 2000 and Windows NT) 2. SecurityFocus.com Pager (Win95/98/NT) 3. SpyNet 3.0 (Windows 95/98 and Windows NT) 4. SuperScan 2.0.5 (Windows 2000, Windows 95/98 and Windows NT) 5. Weakness (Dos, Windows 95/98 and Windows NT) 6. Gatekeeper (Java) X. SPONSOR INFORMATION - BindView XI. SUBSCRIBE/UNSUBSCRIBE INFORMATION I. INTRODUCTION ----------------- Welcome to the Security Focus 'week in review' newsletter issue 19 sponsored by BindView, the leader in IT risk management solutions. http://www.bindview.com/ 1. BindView & SecurityFocus.com announcement: COME PARTY ONLINE WITH US THIS NEW YEAR'S EVE! BindView, the leader in IT risk management solutions is throwing an online New Year's Eve Bash for all the people that will be stuck at work waiting for Y2K, or who are online at home. ***CHECK OUT OUR PARTY INVITATIONS! *** The invitations are available for viewing online. Please point your browser to http://webevents.broadcast.com/bindview/y2kvirtualparty/flash2.html or http://webevents.broadcast.com/bindview/y2kvirtualparty/flash.html (NOTE: You may need to download the latest MacroMedia Flash plug-in to get the full effect of the invitation if you want view it in your browser. This should happen automatically when you open the web page.) For more information about the event, you can click on this link http://www.bindview.com/onlineparty to get the full story. ***WE'RE COUNTING ON YOU TO SPREAD THE WORD!*** Invite your friends and colleagues to attend BindView's online New Year's Bash. Forward them this E-mail. For each new registrant that names you as "Referred By", BindView will enter your name in the drawing for the cool prizes provided by our friends and sponsors. So, the more people you refer, the higher your chances of winning! Thank you! We'll see you online on December 31st at 11 p.m. EST! The New Year's Eve Online Party - Created and presented by BindView. Sponsored by Compaq and CMP's TechWeb. Co-sponsored by SecurityFocus.com. 2. SecurityFocus.com is looking for staff writers for a series of Solaris and Linux security columns! SecurityFocus.com is currently looking for staff writers to write articles for the SecurityFocus.com website. In particular we are looking for writers interested in maintaining a weekly column on security issues around Solaris and Linux. The position requires a thorough understanding of networking issues and an ability to closely follow industry developments. Strong technical, writing and analytical skills are essential, along with the ability to meet weekly deadlines. The ideal candidate will have a number of years hands-on experience in networking and product evaluation under Solaris or Linux. This position is flexible in both location of the writer and work hours. Perfect for industry professionals looking to supplement their incomes. Questions or resumes should be forwarded to Alfred Huger . II. BUGTRAQ SUMMARY 1999-12-06 to 1999-12-13 --------------------------------------------- 1. SCO Unixware pkginstall/pkgcat Buffer Overflow Vulnerabilities BugTraq ID: 853 Remote: No Date Published: 1999-12-06 Relevant URL: http://www.securityfocus.com/bid/853 Summary: It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in /etc/security/tcb/privs give them the ability read /etc/shadow. When the oversized buffer data is passed to the programs as argv[1], the stack will be corrupted and it is possible to spawn a program which would "cat" /etc/shadow with the dacread privs. 2. Sendmail Aliases Database Regeneration Vulnerability BugTraq ID: 857 Remote: No Date Published: 1999-12-07 Relevant URL: http://www.securityfocus.com/bid/857 Summary: To regenerate the sendmail aliases database, sendmail is run locally with the -bi parameters. No checks are made against the users priviliges to determine whether they are able to do this or not. Consequently, it is possible for a malicious user to attempt to regenerate the aliases database and then interrupt it, corrupting the database. 3. Solaris snoop (print_domain_name) Buffer Overflow Vulnerability BugTraq ID: 858 Remote: Yes Date Published: 1999-12-07 Relevant URL: http://www.securityfocus.com/bid/858 Summary: If a solaris machine is running snoop in, it may be possible to compromise its security remotely by exploiting a buffer overflow in snoop. The problem is a buffer with a predefined length of 1024 that can be overflowed in the print_domain_name function. The priviliges granted to arbitrary code which could be executed would be those of the user running snoop, root. 4. MS IE5 vnd.ms.radio URL Vulnerability BugTraq ID: 861 Remote: No Date Published: 1999-12-06 Relevant URL: http://www.securityfocus.com/bid/861 Summary: Internet Explorer can handle URLs of type vnd.ms.radio: for streaming audio content. If a URL with 360 or more characters after 'vnd.ms.radio' is specified, a buffer in the file MSDXM.OCX gets overwritten, allowing arbitrary code to be run on the client machine. 5. GoodTech Telnet Server NT DoS Vulnerability BugTraq ID: 862 Remote: Yes Date Published: 1999-12-06 Relevant URL: http://www.securityfocus.com/bid/862 Summary: GoodTech Telnet Server NT 2.2.1 is vulnerable to a remote denial of service attack due to an unchecked buffer. If 23870 or more characters are entered at the username prompt, the software will crash. GoodTech's Telnet Server 95/98 may also be vulnerable to this overflow. 6. Xshipwars Buffer Overflow Vulnerability BugTraq ID: 863 Remote: Yes Date Published: 1999-12-09 Relevant URL: http://www.securityfocus.com/bid/863 Summary: Xshipwars a graphical 'star battle' client/server based game which runs a variety of platforms. Certain versions of the server which facilitates this game (versions before 1.25) had a remotely exploitable buffer overflow. The exploit would result in the execution of arbitrary commands as the UID of the server process. 7. Solaris snoop (GETQUOTA) Buffer Overflow Vulnerability BugTraq ID: 864 Remote: Yes Date Published: 1999-12-09 Relevant URL: http://www.securityfocus.com/bid/864 Summary: Certain versions of Solaris (2.X) ship with a program designed to monitor network traffic accessible from on a hosts ethernet segment. This program, /usr/sbin/snoop is under certain versions of Solaris vulnerable to a remotely exploitable buffer overflow attack. The problem lies in where snoop attempts to decode GETQUOTA requests to the rquotad RPC daemon. Rquotad is an rpc(4) server which returns quotas for a user of a local file system which is mounted by a remote machine over the NFS. The results are used by quota(1M) to display user quotas for remote file systems. An overly long GETQUOTA request will result in a buffer overflow which can be used to execute arbitrary code as root (the privilege which snoop runs at). 8. Netscape Enterprise Server for NetWare Admin Buffer Overflow Vulnerability BugTraq ID: 865 Remote: Yes Date Published: 1999-12-08 Relevant URL: http://www.securityfocus.com/bid/865 Summary: The Netscape Enterprise Server for NetWare 4/5 includes an Admin feature that is vulnerable to denial of service attacks due to an unchecked buffer in admserv.nlm, in the login procedure. If a username longer than 310 characters is supplied, the Admin server crashes. Normal web serving functionalty is unaffected, but remote administration is not possible until the server is restarted. Note: The Enterprise Server for Netware is supported by Netware, not Netscape. Check the web pages in the credit section for more details. 9. Solaris sadmind Buffer Overflow Vulnerability BugTraq ID: 866 Remote: Yes Date Published: 1999-12-10 Relevant URL: http://www.securityfocus.com/bid/866 Summary: Certain versions of Solaris ship with a version of sadmind which is vulnerable to a remotely exploitable buffer overflow attack. sadmind is the daemon used by Solstice AdminSuite applications to perform distributed system administration operations such as adding users. The sadmind daemon is started automatically by the inetd daemon whenever a request to invoke an operation is received. Under vulnerable versions of sadmind (2.6 and 7.0 have been tested), if a long buffer is passed to a NETMGT_PROC_SERVICE request (called via clnt_call()), it is possible to overwrite the stack pointer and execute arbitrary code. The actual buffer in questions appears to hold the client's domain name. The overflow in sadmind takes place in the amsl_verify() function. Because sadmind runs as root any code launched as a result will run as with root privileges, therefore resulting in a root compromise. 10. htdig Remote Command Execution Vulnerability BugTraq ID: 867 Remote: Yes Date Published: 1999-12-09 Relevant URL: http://www.securityfocus.com/bid/867 Summary: htdig is a program which is shipped with Debian GNU/Linux 2.1 that is used for indexing and searching files on webservers. When it attempts to handle non-HTML files, it calls an external program with the document as a parameter - without checking for shell escapes. If files can be created with filenames containing shell escapes, it may be possible to execute aribtrary shell commands on the target webserver due to this problem, leading to a remote compromise. 11. Microsoft Help File Trojan Vulnerability BugTraq ID: 868 Remote: No Date Published: 1999-12-10 Relevant URL: http://www.securityfocus.com/bid/868 Summary: The help files for the Windows Help system (*.cnt, *.hlp) can be edited so that they run an arbitrary executable when selected by a user. The executable will run at the privelege level of the user. The *.cnt files are like tables of contents that tell the help system what to open when each topic is selected. These entries can be edited to cause system and DLL calls and programs to be executed when a topic is chosen. The help files themselves, *.hlp, can be edited in a similar manner. 12. SCO Unixware Privileged Program Debugging Vulnerability BugTraq ID: 869 Remote: No Date Published: 1999-12-10 Relevant URL: http://www.securityfocus.com/bid/869 Summary: Unixware's security model includes the concept of privileges. These can be assigned to processes and allow them to perform tasks that otherwise could only be performed by the root user. They allow programs to run with the minimum required privilege (as opposed to running as root). A vulnerability in Unixware's implementation of privileges allows regular users to attach a debugger to a running privileged program and take over its privileges. Most Unix systems, including Uniware, place a number of restriction on how can regular users interact with setuid and setgid processes. For example they are not allowed to attach a debugger to them and the dynamic linker may ignore variables requesting the preloading of some shared libraries. Unixware's implementation of privileges provides no such protections for privileged programs allowing a user to attach a debugger to a running privileged program which has his same user uid and modifying it. When a program that is listed in the /etc/security/tcb/privs is executed it is granted the privileges listed there. All a malicious has to do to exploit the problem is find a program listed in that file with the privileges it wishes to gain and executable by him. Example of programs executable by anyone with privileges include: /usr/ucb/w (DACREAD), /usr/bin/getdev (DACWRITE), and /usr/ucb/lpr (SETUID). III. PATCH UPDATES 1999-12-06 to 1999-12-13 ------------------------------------------- 1. Vendor: Sun Product: Solaris Vulnerability Patched: Solaris snoop (GETQUOTA) Buffer Overflow BugTraq ID: 864 Relevant URLS: http://www.securityfocus.com/bid/864 http://sunsolve.sun.com Patch Location: http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access Patch IDs: Solaris 7 sparc 108482-01 Solaris 7 x86 108483-01 Solaris 5.6 sparc 108492-01 Solaris 5.6 x86 108493-01 Solaris 5.5 sparc 108501-01 Solaris 5.5 x86 108502-01 Solaris 5.4 sparc 108490-01 Solaris 5.4 x86 108491-01 Solaris 5.3 sparc 108489-01 2. Vendor: Wolfpack Development Product: Xshipwars Vulnerability Patched: Xshipwars Buffer Overflow Vulnerability BugTraq ID: 863 Relevant URLS: http://www.securityfocus.com/bid/863 Patch Location: http://fox.mit.edu/xsw/ 3. Vendor: Debian Product: GNU/Linux Vulnerability Patched: htdig Remote Command Execution Vulnerability BugTraq ID: 867 Relevant URLS: http://www.securityfocus.com/bid/867 http://www.debian.org/security/ Patch Location: Debian GNU/Linux 2.1 alias slink Source archives: http://security.debian.org/dists/stable/updates/source/htdig_3.1.2-4slink6.diff.gz MD5 checksum: 9151d7e15d7a2759958c09e6c21f28de http://security.debian.org/dists/stable/updates/source/htdig_3.1.2-4slink6.dsc MD5 checksum: fc05d22813afaa9fce10e97a5437ed69 http://security.debian.org/dists/stable/updates/source/htdig_3.1.2.orig.tar.gz MD5 checksum: ddd0305d420e2d6025694d4e1448d5f7 Alpha architecture: http://security.debian.org/dists/stable/updates/binary-alpha/htdig_3.1.2-4slink6_alpha.deb MD5 checksum: 1f816b0af2dd5919524d26be2017ec62 Intel ia32 architecture: http://security.debian.org/dists/stable/updates/binary-i386/htdig_3.1.2-4slink6_i386.deb MD5 checksum: da77c99388d3d9d09afecb2c9f345d58 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/binary-m68k/htdig_3.1.2-4slink6_m68k.deb MD5 checksum: 48986e8f5323db7b899c6341b87c3d4d Sun Sparc architecture: http://security.debian.org/dists/stable/updates/binary-sparc/htdig_3.1.2-4slink6_sparc.deb MD5 checksum: fcd3181ad76a72e82db2f769d88ff18c These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. 4. Vendor: Stalker Product: Communigate Pro Vulnerability Patched: Communigate Pro Web Admin DoS Vulnerability BugTraq ID: 860 Relevant URLS: http://www.securityfocus.com/bid/860 http://www.stalker.com Patch Location: ftp://ftp.stalker.com/pub/CommuniGatePro/ (versions 3.2, 3.2b5 and 3.2b7 are fixed) 5. Vendor: Hewlett-Packard Product: HP-UX Vulnerability Patched: Wu-ftpd message Buffer Overflow Vulnerability BugTraq ID: 726 Relevant URLS: http://www.securityfocus.com/bid/726 Patch Location: ftp://us-ffs.external.hp.com/export/patches/hp-ux_patch_matrix/ Patch: PHNE_18377 IV. SECURITYFOCUS.COM TOP 6 NEWS ARTICLES ----------------------------------------- The following represent articles which recieved the highest rate of click throughs when compared to other news articles on the SecurityFocus.com website. 1. Cell Phone Crypto Penetrated (December 6, 1999) Excerpt: Israeli researchers have discovered design flaws that allow the descrambling of supposedly private conversations carried by hundreds of millions of wireless phones. Alex Biryukov and Adi Shamir describe in a paper to be published this week how a PC with 128 MB RAM and large hard drives can penetrate the security of a phone call or data transmission in less than one second. URL: http://wired.lycos.com/news/politics/0,1283,32900,00.html 2. Microsoft wins high-level security rating (December 7, 1999) Excerpt: As Microsoft closes in on completing development of its next-generation Windows 2000 operating system, it finally has managed to receive the elusive C2 security rating for its NT 4.0 operating system. URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2404702,00.html 3. Denial-of-service attacks employ zombie PCs to hit networks (December 9, 1999) Excerpt: A new form of Denial of Service (DoS) attack caused by the trin00 and Tribe Network Flood programs has been wreaking havoc on bandwidth on a larger scale than ever before, according to Chris Klaus, founder and chief technology officer of Internet Security Systems (ISS). URL: http://www2.infoworld.com/articles/en/xml/99/12/09/991209enzombie.xml?Template=/storypages/printarticl e.html 4. Security firm says BT's Trustwise digital signature technology can be tricked (December 9, 1999) Excerpt: The document digitally signed by the Secretary for the Department of Trade and Industry Wednesday can be easily fooled, or "spoofed", according to British security and software development firm Skygate. URL: http://www.zdnet.co.uk/news/1999/48/ns-12055.html 5. Government Debates Crypto Export Rules (December 9, 1999) Excerpt: Should the government care how a company sells its encryption software, whether it's online or in a retail store? Nope, say software industry supporters who advocate changes in U.S. export regulations on encryption technology. They were disappointed by the Clinton Administration's recent draft of new rules. URL: http://www.pcworld.com/pcwtoday/article/0,1510,14287,00.html 6. Melissa conviction to stop virus writers? (December 10, 1999) Excerpt: Law enforcement officials and computer security specialists say that David L. Smith's conviction in the Melissa virus case -- the first successful prosecution of a virus writer in the United States -- will have a strong chilling effect on other authors of malicious code. URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2406928,00.html V. INCIDENTS SUMMARY 1999-12-06 to 1999-12-13 --------------------------------------------- 1. Re: Port scanning (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=Pine.BSF.4.01.9912061621200.13859-100000@officemail.starmedia.com 2. Scanning from 210.217.26.15 (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=Pine.LNX.4.21.9912061947590.16892-100000@kbierman.mn.mediaone.net 3. rpcbind scans (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=19991206170735.25.qmail@securityfocus.com 4. Analysis of trin00 (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=Pine.GUL.4.20.9912071041410.9470-100000@red7.cac.washington.edu 5. Analysis of Tribe Flood Network (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=Pine.GUL.4.20.9912071044490.9470-100000@red7.cac.washington.edu 6. ISS information about Trino/Tribe Flood Network Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=19991207104739.G15707@underground.org 7. ACK probe on port 1324 (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=4.2.0.58.19991207224615.0097cf00@localhost 8. Drat Trojan/Backdoor Analysis (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=19991207163522.21380.qmail@securityfocus.com 9. Y2K Incidents (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=19991209131551.64405.qmail@hotmail.com 10. sadmind (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=Pine.OSF.4.10.9912091025040.3590-100000@library.berkeley.edu 11. ./ttymon (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=013401bf427f$3670b8a0$6600a8c0@ARC.COM 12. Another probe: Port 98? (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=4.2.0.58.19991209113506.03df0a20@localhost 13. More probes from DSL line in NYC Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=4.2.0.58.19991210144007.03e056c0@localhost VI. VULN-DEV RESEARCH LIST SUMMARY 1999-12-06 to 1999-12-13 ---------------------------------------------------------- 1. Owning privileged processes under UnixWare (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-12-1&msg=19991206202445.24096.qmail@securityfocus.com VII. SECURITY JOBS SUMMARY 1999-12-06 to 1999-12-13 --------------------------------------------------- No posts for this newsletter. VIII. SECURITY SURVEY 1999-11-15 to 1999-11-27 ---------------------------------------------- The question for 1999-11-15 to 1999-11-27 was: Secure coding techniques are becoming more widely known and valued. At the same time, programs are getting larger and more complex. Bearing these thoughts in mind, do you think it is getting easier or harder to write secure programs? Easier 15% / 7 votes Harder 84% / 37 votes Total number of votes: 44 votes IX. SECURITY FOCUS TOP 6 TOOLS 1999-12-06 to 1999-12-13 -------------------------------------------------------- 1. Cerberus Internet Scanner 1.0 by David Litchfield URL: http://www.cerberus-infosec.co.uk/ Platforms: Windows 2000 and Windows NT Number of downloads: 1422 NTInfoScan has now been reborn as the Cerberus Internet Scanner (or simply CIS). Though orginally designed to discover vulnerabilities in the Windows NT platform NTInfoScan has been updated so it will also discover security issues in *NIX systems now too, though it still only runs on Windows NT. This is why the name has been changed - because it is no longer NT specific. It is planned that binaries for Linux systems, Sco OpenServer and Solaris 2.x will be offered soon - so watch this space ;-). It has been downloaded over 30,000 times throughout its life by such organizations as the US Air Force, the US Army and various Government bodies from across the world. 2. SecurityFocus.com Pager by SecurityFocus.com URL: http://www.securityfocus.com/pager/sf_pgr20.zip Platforms: Win95/98/NT Number of downloads: 1378 This program allows the user to monitor additions to the Security Focus website without constantly maintaining an open browser. Sitting quietly in the background, it polls the website at a user-specified interval and alerts the user via a blinking icon in the system tray, a popup message or both (also user-configurable). 3. SpyNet 3.0 by Nicula Laurentiu URL: http://members.xoom.com/Laurentiu2/ Platforms: Windows 95/98 and Windows NT Number of Downloads: 1296 SpyNet is a sniffer that literally reconstructs it's capture, live. Reconstructs HTTP, POP3, telnet, login, etc. SpyNet tells you what traffic is going through your system. If a hacker attacks your system, firewalls will tell you so in many situations. But sniffers grab the evidence. Until now, that evidence was very hard to figure out with the naked eye. But, SpyNet literally reconstructs their keystrokes and movements. 4. SuperScan 2.0.5 by Robin Keir URL: http://members.home.com/rkeir/software.html Platforms: Windows 2000, Windows 95/98 and Windows NT Number of downloads: 1175 This is a powerful connect-based TCP port scanner, pinger and hostname resolver. Multithreaded and asynchronous techniques make this program extremely fast and versatile. Perform ping scans and port scans using any IP range or specify a text file to extract addresses from. Scan any port range from a built in list or any given range. Resolve and reverse-lookup any IP address or range. Modify the port list and port descriptions using the built in editor. Connect to any discovered open port using user-specified "helper" applications (e.g. Telnet, Web browser, FTP) and assign a custom helper application to any port. Save the scan list to a text file. Transmission speed control. User friendly interface. Includes help file. 5. Weakness by John Bissell URL: http://www.silcom.com/~royalblu/weakness.zip Platforms: Dos, Windows 95/98 and Windows NT Number of downloads: 989 Weakness is basically a CGI vulnerablity scanner coded for Windows/DOS. Weakness will scan up 94 vulnerablities and output the results of the scan to a text file. Source is included. 6. Gatekeeper by Professional Web Design URL: http://junior.apk.net/~jbarta/tutor/keeper/index.html Platforms: Java Number of downloads: 768 The Gate Keeper is a cool snippet of JavaScript code that you can use to restrict access to some or all of your web pages without the need for any CGI scripting. Anyone who wishes to visit the protected pages will have to know the password. X. SPONSOR INFORMATION - BindView ------------------------------------------ http://www.bindview.com BindView provides IT risk management solutions for managing the security and configuration of run on them. Focusing on the critical elements of the corporate IT infrastructure, BindView's award winning products enable corporate IT professionals to effectively leverage their existing technology to achieve their organization's business goals. XI. SUBSCRIBE/UNSUBSCRIBE INFORMATION ------------------------------------- 1. How do I subscribe? Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body of: SUBSCRIBE SF-NEWS Lastname, Firstname You will receive a confirmation request message to which you will have to anwser. 2. How do I unsubscribe? Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed address with a message body of: UNSUBSCRIBE SF-NEWS If your email address has changed email aleph1@securityfocus.com and I will manualy remove you. 3. How do I disable mail delivery temporarily? If you will are simply going in vacation you can turn off mail delivery without unsubscribing by sending LISTSERV the command: SET SF-NEWS NOMAIL To turn back on e-mail delivery use the command: SET SF-NEWS MAIL 4. Is the list available in a digest format? Yes. The digest generated once a day. 5. How do I subscribe to the digest? To subscribe to the digest join the list normally (see section 0.2.1) and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message body of: SET SF-NEWS DIGEST 6. How do I unsubscribe from the digest? To turn the digest off send a message to LISTSERV with a message body of: SET SF-NEWS NODIGEST If you want to unsubscribe from the list completely follow the instructions of section 0.2.2 next. 7. I seem to not be able to unsubscribe. What is going on? You are probably subscribed from a different address than that from which you are sending commands to LISTSERV from. Either send email from the appropiate address or email the moderator to be unsubscribed manually. Alfred Huger VP of Engineering SecurityFocus.com @HWA 33.0 Security Focus Newsletter #20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Security Focus Newsletter #20 Table of Contents: I. INTRODUCTION 1. Happy Holidays II. BUGTRAQ SUMMARY 1. VDO Live Player Buffer Overflow Vulnerability 2. NT Syskey Reused Keystream Vulnerability 3. FreeBSD 'xsoldier' Buffer Overflow Vulnerability III. PATCH UPDATES 1. Vulnerability Patched: NT LSA DoS (Phantom) 2. Vulnerability Patched: NT Syskey Reused Keystream 3. Vulnerability Patched: Multiple Cisco Cache Engine Attacks IV. SECURITYFOCUS.COM TOP 6 NEWS ARTICLES 1. Waiting for Crypto (Tues Dec 14 1999) 2. Tool for Net privacy under attack (Wed Dec 15 1999) 3. Known vulnerabilities are no. 1 hacker exploit Thu Dec 16 1999 4. Internet watchdog hacked . . . again (Thu Dec 16 1999) 5. Disclosure Case a Pandora's Box of Legal Issues (Fri Dec 17 1999) 6. Hacker thwarted in newspaper plot (Fri Dec 17 1999) V. INCIDENTS SUMMARY 1. Windows Hack'a'Tack trojan and port 31789 (Thread) 2. portmap connection request (Thread) 3. Linux attacks (Thread) 4. strange port (Thread) 5. Massive udp scans -- looks like coordinated traceroutes (Thread) 6. named ADMROCKS exploit replacing sshd1 (Thread) 7. Probes and attempts from uni-duesseldorf.de (Thread) 8. Port 538 -- accident or design? (Thread) 9. new probe tool? DoS spoof? something else? (Thread) 10. Webserver /SmpDsBhgRl exploit? (Thread) 11. Yahoo comprimised? (Thread) 12. 7778? (Thread) 13. POP3 scan from Japan (Thread) 14. FYI -- wide, low-level probe of ... hosts (Thread) 15. Re: Scanning from 210.217.26.15 (Thread) 16. boredom? (Thread) 17. Port 53 (Thread) 18. Domains in .tr and .hk (Thread) 19. Scannings for socks, telnet and other ports (Thread) 20. What is it? (Thread) VI. VULN-DEV RESEARCH LIST SUMMARY 1. rpcclient 2.0.5a crashed services.exe (Thread) 2. Wireless LANs ? VII. SECURITY JOBS Discussion: 1. article that mentions IS security requisites 2. thoughts on article that mentions IS security requisites Seeking Staff: 1. Security Consultants NYC VIII. SECURITY SURVEY RESULTS IX. SECURITY FOCUS TOP 6 TOOLS 1. SecurityFocus.com Pager (Windows 95/98 and Windows NT) 2. SpyNet 3.0 (Windows 95/98 and Windows NT) 3. Webcracker 4.0 (Windows 95/98 and Windows NT) 4. gfcc (GTK+ Firewall Control Center) 0.7.3 (Linux) 5. Bastille Linux 1.0 (Linux) 6. exo 0.3 (Linux and Solaris) X. SPONSOR INFORMATION - CORE SDI XI. SUBSCRIBE/UNSUBSCRIBE INFORMATION I. INTRODUCTION ----------------- Welcome to the SecurityFocus.com 'week in review' newsletter issue 20 sponsored by CORE SDI. http://www.core-sdi.com 1. Happy Holidays Given the time of year, the SecurityFocus.com staff would like to wish you all a joyous holiday season. There will be one more 'week in review' newsletter before the millennium. However, due to the holiday period, we will be paring it down to the essentials. We would like to also thank you all for your support of SecurityFocus.com. Cheers, The SecurityFocus.com Staff II. BUGTRAQ SUMMARY 1999-12-13 to 1999-12-19 --------------------------------------------- 1. VDO Live Player Buffer Overflow Vulnerability BugTraq ID: 872 Remote: Yes Date Published: 1999-12-13 Relevant URL: http://www.securityfocus.com/bid/872 Summary: VDOLive Player v3.02 has an unchecked buffer that can allow arbitrary code to be executed if a specially-crafted .vdo file is loaded. 2. NT Syskey Reused Keystream Vulnerability BugTraq ID: 873 Remote: Yes Date Published: 1999-12-16 Relevant URL: http://www.securityfocus.com/bid/873 Summary: The Syskey utility was included in Service Pack 3 as a means of protecting the SAM database from off-line brute-force attacks. With the previous encryption, it was possible to crack the passwords of a remote machine if a copy of its encrypted SAM databse could be obtained. There are several tools available to the public with which this can be done. Syskey added more encryption to the database, with the goal of making the calculations required to crack it too time-consuming to be feasible. Syskey creates a unique RC4 keystream for each user by incorporating the user's RID, but uses that same keystream to encrypt the LMHash and NTHash of their password (after some obfuscation of the hashes), as well as their previous two passwords (stored in the Password History part of their SAM entry). Due to this keystream re-use, it is possible to eradicate it from the formula. If the final, Syskey-encrypted hashes of the password are XORed together, the result will be the same as the XOR result of the hashes prior to encryption. Therefore, if a potential password is encrypted via the regular NT encryption process, and then obfuscated, the two hashes can be XORed and compared to an XOR of the Syskey hashes to determine if the potential password is correct. Also, even the user-dependent portion of the algorithm can be defeated, making it possible to attack all passwords of 7 characters or less simutaneously, and even to precompute hash lists that will be valid on any machine. This is due to the fact that with passwords of 7 characters or less, the second half of the LMHash is known, and can be XORed with the previous XOR result to obtain the second half of the NTHash, which can then be compared to the hashed version of words in the dictionary file. 3. FreeBSD 'xsoldier' Buffer Overflow Vulnerability BugTraq ID: 871 Remote: No Date Published: 1999-12-15 Relevant URL: http://www.securityfocus.com/bid/871 Summary: Certain versions of FreeBSD (only FreeBSD 3.3-RELEASE has been tested) ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via an X windows console. The binary itself is subject to a buffer overflow attack (which may be launched from the command line) which can be launched to gain root privileges. The overflow itself is in the code written to handle the -display option and is possible overflow by a user supplied long string. III. PATCH UPDATES 1999-12-13 to 1999-12-19 ------------------------------------------- 1. Vendor: Microsoft Product: Windows NT Vulnerability Patched: NT LSA DoS (Phantom) BugTraq ID: 465 Relevant URLS: http://www.securityfocus.com/bid/465 http://www.microsoft.com/security/bulletins/ms99-057.asp http://support.microsoft.com/support/kb/articles/q248/1/85.asp Patch Location: x86: http://www.microsoft.com/downloads/release.asp?ReleaseID=16798 Alpha: http://www.microsoft.com/downloads/release.asp?ReleaseID=16799 2. Vendor: Microsoft Product: Windows NT Vulnerability Patched: NT Syskey Reused Keystream BugTraq ID: 873 Relevant URLS: http://www.securityfocus.com/bid/873 http://www.microsoft.com/security/bulletins/ms99-056.asp http://support.microsoft.com/support/kb/articles/q143/4/75.asp Patch Location: Microsoft's hotfix page: x86: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16798 Alpha: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16799 Direct hotfix download links: x86: http://download.microsoft.com/download/winntsp/Patch/syskey/NT4/EN-US/Q248183.exe Alpha: http://download.microsoft.com/download/winntsp/Patch/syskey/ALPHA/EN-US/Q248183.exe 3. Vendor: Cisco Product: Cisco Cache Engine Vulnerability Patched: Multiple Cisco Cache Engine Attacks BugTraq ID: N/A (Not entered yet) Relevant URLS: http://www.cisco.com/warp/public/707/cacheauth.shtml Patch Location: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/webcache/ce17/ver17/wc17man.htm IV. SECURITYFOCUS.COM TOP 6 NEWS ARTICLES ----------------------------------------- The following represent articles which recieved the highest rate of click throughs when compared to other news articles on the SecurityFocus.com website. 1. Waiting for Crypto (Tues Dec 14 1999) Excerpt: The Clinton administration will delay by about a month the release of new rules easing export of computer data-scrambling products, missing a previously announced December 15 deadline, the Commerce Department said on Monday. URL: http://www.wired.com/news/politics/0,1283,33061,00.html 2. Tool for Net privacy under attack (Wed Dec 15 1999) A small Canadian company is selling a service that promises to let people remain completely anonymous while sending e-mail, chatting and visiting Web sites. While the service is intended to give Internet users greater privacy to communicate ideas or shop online, critics worry it could also allow the unscrupulous to fearlessly send abusive e-mail and exchange illegal goods such as child pornography and pirated software. URL: http://www.technologypost.com/internet/DAILY/19991215090451692.asp?Section=Main 3. Known vulnerabilities are no. 1 hacker exploit Thu Dec 16 1999 The hacker population has grown considerably in the past two years, but the vast majority of them are what Ira Winkler, president of the Internet Security Advisor's Group, calls "ankle biters," whose antics would be easy to protect against if only system administrators weren't so busy trying to keep their printers running. URL: http://www.idg.net/idgns/1999/12/15/KnownVulnerabilitiesAreNo1Hacker.shtml 4. Internet watchdog hacked . . . again (Thu Dec 16 1999) THE website of the Australian Broadcasting Authority, a government watchdog charged with policing upcoming Internet censorship laws, has been hacked for the third time. URL: http://www.it.fairfax.com.au/breaking/19991216/A41879-1999Dec16.html 5. Disclosure Case a Pandora's Box of Legal Issues (Fri Dec 17 1999) Is it legal to deny a news service access to public financial disclosures for federal judges in order to prevent those documents from being published on the Internet? The answers from legal scholars: Yes, no and maybe. URL: http://www.apbnews.com/cjsystem/findingjustice/1999/12/16/judges_legal1216_01.html 6. Hacker thwarted in newspaper plot (Fri Dec 17 1999) The Express newspaper foiled a hacker's plot to bring down its arch-rival's computer system. URL: http://www.theregister.co.uk/991217-000007.html V. INCIDENTS SUMMARY 1999-12-13 to 1999-12-19 --------------------------------------------- 1. Windows Hack'a'Tack trojan and port 31789 (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=000001bf45ad$049cb1e0$0200a8c0@Computer1 2. portmap connection request (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=Pine.LNX.4.10.9912131533490.22467-100000@wr5z.localdomain 3. Linux attacks (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=38553043.598C9072@cc.ttu.ee 4. strange port (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=000101bf4660$5fd061c0$4510a8c0@latinalezzie 5. Massive udp scans -- looks like coordinated traceroutes (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=Pine.NEB.4.05.9912142238390.24618-100000@vals.intramed.rito.no 6. named ADMROCKS exploit replacing sshd1 (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=Pine.LNX.4.10.9912150510040.20239-100000@entropy.muc.muohio.edu 7. Probes and attempts from uni-duesseldorf.de (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=Pine.LNX.4.05.9912151310590.29975-100000@biocserver.BIOC.CWRU.Edu 8. Port 538 -- accident or design? (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=199912151928.OAA30344@netspace.org 9. new probe tool? DoS spoof? something else? (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=17996643.945312662910.JavaMail.imail@seamore.excite.com 10. Webserver /SmpDsBhgRl exploit? (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=38588FDC.6108349B@luna.cs.unm.edu 11. Yahoo comprimised? (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=19991216144254.11286.qmail@securityfocus.com 12. 7778? (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=XFMail.991217020818.Mike.Murray@utoronto.ca 13. POP3 scan from Japan (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=31933968789DD111BEAB0080C81D384CE94C@CT_NT 14. FYI -- wide, low-level probe of ... hosts (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=Pine.GUL.4.21.9912171349220.10893-100000@red2.cac.washington.edu 15. Re: Scanning from 210.217.26.15 (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=199912172014.OAA28234@rgfsparc.cr.usgs.gov 16. boredom? (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=199912171838.NAA13839@disney.Biw.COM 17. Port 53 (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=385A51D3.D7221678@princeton.edu 18. Domains in .tr and .hk (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=0bfa01bf4937$d0dd3490$0201a8c0@aviram 19. Domains in .tr and .hk (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=0bfa01bf4937$d0dd3490$0201a8c0@aviram 20. Scannings for socks, telnet and other ports (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=Pine.LNX.4.21.9912181509150.2934-100000@firewall.anowak.priv.pl 21. What is it? (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=Pine.LNX.4.10.9912190109150.5412-100000@apollo.gestrike-linjen.x.se VI. VULN-DEV RESEARCH LIST SUMMARY 1999-12-13 to 1999-12-19 ---------------------------------------------------------- 1. rpcclient 2.0.5a crashed services.exe (Thread) Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-12-8&msg=3855E805.A72A85AE@thievco.com 2. Wireless LANs ? Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-12-8&msg=19991214142605.U26666@hogia.net VII. SECURITY JOBS SUMMARY 1999-12-13 to 1999-12-19 --------------------------------------------------- Discussion: 1. article that mentions IS security requisites Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-12-15&msg=CB64F884F39FD2118EC600A024E6522C012A38EC@wfhqex05.wangfed.com 2. thoughts on article that mentions IS security requisites Relevant URL: http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-12-15&msg=000c01bf4960$4a3468e0$506faccf@army.mil Seeking Staff: 1. Security Consultants NYC Reply to: Erik Voss, evoss@mrsaratoga.com Requirements: http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-12-15&msg=011301bf4738$94cd81e0$6775010a@saratoga3 VIII. SECURITY SURVEY 1999-12-13 to 1999-12-19 ---------------------------------------------- The question for 1999-12-13 to 1999-12-19 was: Should David Smith, creator of the Melissa virus, go to jail? Yes 34% / 25 votes No 65% / 47 votes Total number of votes: 72 votes IX. SECURITY FOCUS TOP 6 TOOLS 1999-12-13 to 1999-12-19 -------------------------------------------------------- 1. SecurityFocus.com Pager by SecurityFocus.com URL: http://www.securityfocus.com/pager/sf_pgr20.zip Platforms: Win95/98/NT Number of downloads: 2490 This program allows the user to monitor additions to the Security Focus website without constantly maintaining an open browser. Sitting quietly in the background, it polls the website at a user-specified interval and alerts the user via a blinking icon in the system tray, a popup message or both (also user-configurable). 2. SpyNet 3.0 by Nicula Laurentiu URL: http://members.xoom.com/Laurentiu2/ Platforms: Windows 95/98 and Windows NT Number of Downloads: 2096 SpyNet is a sniffer that literally reconstructs it's capture, live. Reconstructs HTTP, POP3, telnet, login, etc. SpyNet tells you what traffic is going through your system. If a hacker attacks your system, firewalls will tell you so in many situations. But sniffers grab the evidence. Until now, that evidence was very hard to figure out with the naked eye. But, SpyNet literally reconstructs their keystrokes and movements. 3. Webcracker 4.0 by Daniel Flam, info@webcracker.net URL: http://www.webcracker.net Platforms: Windows 95/98 and Windows NT Number of Downloads: 1834 This software will allow you to test your restricted-access website to make sure that only authorized users are able to get in. Webcracker is a security tool that allows you to attempt to test id and password combinations on your web site. If you're able to guess a user's password with this program, chances are some hacker will be able to also. Webcracker helps you find these vulnerablilities and fix them before they're exploited by some unknown attacker. 4. gfcc (GTK+ Firewall Control Center) 0.7.3 by Koo Kyoseon, icarus@autostock.co.kr URL: http://icarus.autostock.co.kr/ Platforms: Linux Number of Downloads: 1750 Gfcc has the capability of controling Linux firewall policies and rules based upon ipchains package 5. Bastille Linux 1.0 by Bastille Linux Project URL: http://bastille-linux.sourceforge.net/ Platforms: Linux Number of Downloads: 1638 Bastille Linux is aimed primarily at non-security-experts, who are less knowledgeable about security, but want to run a more secure distribution of Linux. Our goal is to build a more secure distribution based on an well-supported existing distribution. Our solution currently takes the form of a Universal Hardening Program which must be run immediately after installation of Redhat 6.0. Our Hardening Program is most unique in that virtually every task it performs is optional, giving immense flexibility, and that it educates the installing admin before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the greater security. 6. exo 0.3 by Mixter, mixter@newyorkoffice.com URL: http://1337.tsx.org Platforms: Linux and Solaris Number of Downloads: 1204 Exo is a tool that 'sweeps' a range of ports on a list of hosts. It works by sending out raw packets and waiting for replies with two separate threads. This method makes exo able to find open ports without any delay, i.e. effectively at the rate that your bandwidth allows. X. SPONSOR INFORMATION - ------------------------------------------ URL: http://www.core-sdi.com CORE SDI is an international computer security research and development company. It's clients include 3 of the Big 5 chartered accountant firms for whom CORE SDI develops customized security auditing tools as well as several notable computer security product vendors, such as Network Associates. CORE SDI also has extensive experiance dealing with financial and government contracts through out Latin and North America. XI. SUBSCRIBE/UNSUBSCRIBE INFORMATION ------------------------------------- 1. How do I subscribe? Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body of: SUBSCRIBE SF-NEWS Lastname, Firstname You will receive a confirmation request message to which you will have to anwser. 2. How do I unsubscribe? Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed address with a message body of: UNSUBSCRIBE SF-NEWS If your email address has changed email aleph1@securityfocus.com and I will manualy remove you. 3. How do I disable mail delivery temporarily? If you will are simply going in vacation you can turn off mail delivery without unsubscribing by sending LISTSERV the command: SET SF-NEWS NOMAIL To turn back on e-mail delivery use the command: SET SF-NEWS MAIL 4. Is the list available in a digest format? Yes. The digest generated once a day. 5. How do I subscribe to the digest? To subscribe to the digest join the list normally (see section 0.2.1) and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message body of: SET SF-NEWS DIGEST 6. How do I unsubscribe from the digest? To turn the digest off send a message to LISTSERV with a message body of: SET SF-NEWS NODIGEST If you want to unsubscribe from the list completely follow the instructions of section 0.2.2 next. 7. I seem to not be able to unsubscribe. What is going on? You are probably subscribed from a different address than that from which you are sending commands to LISTSERV from. Either send email from the appropiate address or email the moderator to be unsubscribed manually. Alfred Huger VP of Engineering SecurityFocus.com @HWA -=----------=- -=----------=- -=----------=- -=----------=- 0 0 0 o O O O 0 =----------=- -=----------=- -=----------=- -=----------=- -=----------=- =----------=- -=----------=- -=----------=- -=----------=- -=----------=- AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ _ _ /\ | | | | (_) (_) / \ __| |_ _____ _ __| |_ _ ___ _ _ __ __ _ / /\ \ / _` \ \ / / _ \ '__| __| / __| | '_ \ / _` | / ____ \ (_| |\ V / __/ | | |_| \__ \ | | | | (_| | /_/ \_\__,_| \_/ \___|_| \__|_|___/_|_| |_|\__, | __/ | |___/ ADVERTISING IS FREE, SEND IN YOUR ADS TO CRUCIPHUX@DOK.ORG FOR INCLUSION HERE . . ............... . : : . . . . . . __:________ : : ___________ . . . \ < /_____:___ : ( < __( :_______ ) : )______:___\_ (___( : / =====/________|_________/ < | : (________________(====== : (__________________) :wd! . : : : - / - w w w . h a c k u n l i m i t e d . c o m - / - : . . . . . : : . . . . . :...............: . . ***************************************************************************** * * * ATTRITION.ORG http://www.attrition.org * * ATTRITION.ORG Advisory Archive, Hacked Page Mirror * * ATTRITION.ORG DoS Database, Crypto Archive * * ATTRITION.ORG Sarcasm, Rudeness, and More. * * * ***************************************************************************** When people ask you "Who is Kevin Mitnick?" do you have an answer? www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co m www.2600.com ########################################ww.2600.com www.freeke vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick. com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free kevin.com www.k# FREE EVIN! #in.com www.kevinmitnic k.com www.2600.########################################om www.2600.com www.fre ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre http://www.2600.com/ http://www.kevinmitnick.com +-----------------------------------------------------------------------------+ | SmoG Alert .. http://smog.cjb.net/ NEWS on SCIENCE | | =================== http://smog.cjb.net/ NEWS on SECURITY | | NEWS/NEWS/NEWS/NEWS http://smog.cjb.net/ NEWS on THE NET | | http://smog.cjb.net/ NEWS on TECHNOLOGY | +-----------------------------------------------------------------------------+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net * * www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net * * http://www.csoft.net" One of our sponsers, visit them now www.csoft.net * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV * * JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ////////////////////////////////////////////////////////////////////////////// // To place an ad in this section simply type it up and email it to // // hwa@press,usmc.net, put AD! in the subject header please. - Ed // // or cruciphux@dok.org // ////////////////////////////////////////////////////////////////////////////// @HWA HA.HA Humour and puzzles ...etc ~~~~~~~~~~~~~~~~~~~~~~~~~ Don't worry. worry a *lot* Send in submissions for this section please! ............c'mon, you KNOW you wanna...yeah you do...make it fresh and new...be famous... SITE.1 http://smogalert.tripod.com/html/index.htm By: SmoG News and views, lots of interesting stuff here to read, recently underwent a fresh redesign, check it out. You can Send in submissions for this section too if you've found (or RUN) a cool site... @HWA H.W Hacked websites ~~~~~~~~~~~~~~~~ ___| _ \ | | __| _` |\ \ / | | __| _ \ _` | | | ( | ` < | | | __/ ( | \____|_| \__,_| _/\_\\___/ _| \___|\__,_| Note: The hacked site reports stay, especially wsith some cool hits by groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed * Hackers Against Racist Propaganda (See issue #7) Haven't heard from Catharsys in a while for those following their saga visit http://frey.rapidnet.com/~ptah/ for 'the story so far'... Hacker groups breakdown is available at Attrition.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ check out http://www.attrition.org/mirror/attrition/groups.html to see who you are up against. You can often gather intel from IRC as many of these groups maintain a presence by having a channel with their group name as the channel name, others aren't so obvious but do exist. >Hacked Sites Start<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< * Info supplied by the attrition.org mailing list. Listed oldest to most recent... Sorry the list isn't pretty as usual, playing catchup on my workload and email! - Ed Defaced domain: www.compsultant.com Site Title: Compsultant Services Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.compsultant.com Defaced by: DuGo Operating System: BSDI Defaced domain: public-image.com Site Title: Glide Communication Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/public-image.com Defaced by: phreak.nl Operating System: Linux Defaced domain: www.acia.com.br Site Title: ACIA Brazil Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.acia.com.br Defaced by: assdebuger Operating System: Windows NT Defaced domain: www.hotelgolfinho.com.br Site Title: Hotel Golfinho Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.hotelgolfinho.com.br Defaced by: Death Knights Operating System: Linux HIDDEN comments in the HTML. Defaced domain: wuarchive.wustl.edu Site Title: WUArchive at Washington University, St. Louis Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/wuarchive.wustl.edu Defaced by: THC Operating System: Solaris Defaced domain: www.ddd.hu Site Title: 3D Computer Kft. Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.ddd.hu Defaced by: Einstein Operating System: Windows NT Previously defaced on 99.08.21 by 139 R00ted Defaced domain: www.nlc.gov.cn Site Title: Chinese National Library Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.nlc.gov.cn Defaced by: Bosnatek Operating System: Solaris HIDDEN comments in the HTML Defaced domain: www1.nc3a.nato.int Site Title: NATO Consultation, Command and Control Agency Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www1.nc3a.nato.int Defaced by: inferno.br Operating System: Windows NT Defaced domain: rfp.coweta.k12.ga.us Site Title: Coweta Country School System Request for Proposals Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/rfp.coweta.k12.ga.us Defaced by: p4riah Operating System: Windows NT Defaced domain: www.uk.emb.gov.au Site Title: British Information Services Australia Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.uk.emb.gov.au Defaced by: assdebuger Operating System: Windows NT Defaced domain: www.techno-int.com Site Title: Techno International Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.techno-int.com Defaced by: Algorithm Cracker Operating System: SCO Unix Defaced domain: www.techno-int.com Site Title: Techno International Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.techno-int.com Defaced by: bansh33 Operating System: SCO UnixWare 7.0.0 (Netscape-FastTrack/2.01) Potentially offensive content on defaced page. Defaced domain: www.filmworld.com Site Title: Robert Konop (FILMWORLD-DOM) Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.filmworld.com Defaced by: #Hack-org Hacking Team Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.amko-int.com Site Title: AMKO International, Inc Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.amko-int.com Defaced by: Uneek Tech Operating System: BSDI 3.0-3.1 Potentially offensive content on defaced page. Defaced domain: www.mitsubishichips.com Site Title: Mitsubishi Electronics America Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.mitsubishichips.com Operating System: Solaris 2.6 - 2.7 (Netscape-Enterprise/3.5.1) Potentially offensive content on defaced page. Defaced domain: www.sincovam.com.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.sincovam.com.br Defaced by: AssDebugger Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: garfield.ir.ucf.edu Site Title: University of Central Florida Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/garfield.ir.ucf.edu Defaced by: BLN Operating System: Solaris 2.6 - 2.7 (Netscape-Enterprise/3.5.1) Previously defaced on 99.12.08 and 99.12.07 by Potentially offensive content on defaced page. Defaced domain: www.bushmobile.com.au Site Title: Bush Mobile Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.bushmobile.com.au Defaced by: wolfman Operating System: Irix Potentially offensive content on defaced page. Defaced domain: www.bhv.hn Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.bhv.hn Defaced by: acid Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.10 99.12.03 by bean0 acidkl0wn Potentially offensive content on defaced page. Defaced domain: frontpage.wworks.com Site Title: Web Works Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/frontpage.wworks.com Defaced by: PoWeR SuRgE911 Operating System: Windows NT Defaced domain: www.simcity.com Site Title: SimCity Web site Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.simcity.com Defaced by: Toked Hacking Crew Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: mstsrv.pc.maricopa.edu Site Title: Maricopa Community College Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/mstsrv.pc.maricopa.edu Defaced by: Narcissus Operating System: Windows NT Defaced domain: sun-ipv6.redes.unam.mx Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/sun-ipv6.redes.unam.mx Defaced by: ZiD Operating System: Solaris Potentially offensive content on defaced page Defaced domain: www.aba.gov.au Site Title: Australian Broadcast Authority Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.aba.gov.au Defaced by: omni Operating System: Windows NT Previously defaced on 99.11.27 99.12.09 by Ned R. Defaced domain: www.amerisoftinc.com Site Title: Amerisoft, Inc. Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.amerisoftinc.com Defaced by: w0lf Operating System: Irix Defaced domain: www.windway.com.br Site Title: Windway Brazil Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.windway.com.br Defaced by: DHC Operating System: Windows NT Defaced domain: www.vivendofotografia.com.br Site Title: Vivendo Fotografia Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.vivendofotografia.com.br Defaced by: DHC Operating System: Windows NT Defaced domain: www.tecnotica.com.br Site Title: Tecbotica Brazil Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.tecnotica.com.br Defaced by: DHC Operating System: Windows NT Defaced domain: www.schneidercozinhas.com.br Site Title: Schneider Cozinhas Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.schneidercozinhas.com.br Defaced by: DHC Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.rrassociados.com.br Site Title: RR Associados Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.rrassociados.com.br Defaced by: DHC Operating System: Windows NT Defaced domain: www.techno-int.com Site Title: Techno International Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.techno-int.com Defaced by: JxLxMx Operating System: SCO Unix Previously defaced on 99.12.15 99.12.13 by bansh33 and Algorithm Cracker Site Title: Mikuni American Corporation Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.mikuni.com Defaced by: THC Operating System: Solaris Defaced domain: www.windway.com.br Site Title: Windway Brazil Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.windway.com.br Defaced by: p4riah Operating System: Windows NT Previously defaced on 99.12.15 by DHC Potentially offensive content on defaced page. Defaced domain: www.belvideresd.org Site Title: Belvidere School District Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.belvideresd.org Defaced by: Protokol Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.duke.org Site Title: David Duke's Official International Web Site Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.duke.org Defaced by: Niggaz 'Gainst Honkeyz Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.mundointernet.com Site Title: Mundo Internet Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.mundointernet.com Defaced by: UHH Klan Operating System: FreeBSD HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.zauction.com Site Title: ZAuction Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.zauction.com Defaced by: Fuzzball Operating System: Windows NT Defaced domain: www.rainhadapaz.g12.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.rainhadapaz.g12.br Defaced by: CyberSolDier Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: public-image.com Site Title: Glide Communication Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/public-image.com Defaced by: Nexillium Operating System: Linux (Apache 1.3.4) Previously defaced on 99.12.13 by phreak.nl Potentially offensive content on defaced page. Defaced domain: ebdc.med.upenn.edu Site Title: University of Pennsylvania Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/ebdc.med.upenn.edu Defaced by: Einstein Operating System: Windows NT (IIS/4.0) Previously defaced on 99.10.02 by 139_r00ted Potentially offensive content on defaced page. Defaced domain: www.mcse.com Site Title: Apollo Group Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.mcse.com Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.activedev.net Site Title: Active Development Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.activedev.net Defaced by: Pyrostorm666 Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.07 by pyrostorm666 Potentially offensive content on defaced page. Defaced domain: netra.bartlesville.lib.ok.us Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/netra.bartlesville.lib.ok.us Defaced by: hyrax Operating System: Solaris 2.6 - 2.7 (Apache 1.3.6) Potentially offensive content on defaced page. Defaced domain: necora.cif.es Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/necora.cif.es Defaced by: BLN Operating System: Windows NT (IIS/3.0) Potentially offensive content on defaced page. Defaced domain: www.cmi.com.co Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.cmi.com.co Defaced by: Perro Manson Operating System: BSDI 3.0 - 3.1 Potentially offensive content on defaced page Defaced domain: www.amfoundation.org Site Title: Alternative Medicine Foundation Inc. Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.amfoundation.org Defaced by: BLN Operating System: SCO Unix FREE KEVIN reference in the HTML Potentially offensive content on defaced page. Defaced domain: www.adintech.com Site Title: Advanced Inovated Technology, Inc. Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.adintech.com Defaced by: BLN Operating System: SCO Unix Defaced domain: www.tsrinc.com Site Title: Wizards of the Coast, Inc Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.tsrinc.com Defaced by: Cipher Operating System: Windows NT (IIS/4.0) Previously defaced on 99.11.24 by Cipher Potentially offensive content on defaced page. Defaced domain: one-ton.co.uk Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/one-ton.co.uk Defaced by: hyrax Operating System: Linux (Apache 1.2.6) Potentially offensive content on defaced page. Defaced domain: www.stlib.state.nm.us Site Title: New Mexico State Library Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.stlib.state.nm.us Defaced by: Oxygens Operating System: Windows NT Previously defaced on 99.11.07 by hV2k Potentially offensive content on defaced page Defaced domain: www.sincovam.com.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.sincovam.com.br Defaced by: Oxygen Team Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.14 by assdebuger Potentially offensive content on defaced page. Defaced domain: www.techno-int.com Site Title: Techno International Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.techno-int.com Defaced by: morbid root Operating System: SCO UnixWare 7.0.0 (Netscape-FastTrack/2.01) Previously defaced on 99.12.15 and 99.12.13 by bansh33 and AC Potentially offensive content on defaced page. Defaced domain: www.bsu.net Site Title: Boise State University Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.bsu.net Defaced by: Fuby Operating System: Windows NT (IIS/4.0) HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.sdcl.army.mil Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.sdcl.army.mil Defaced by: PHC Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.tecnotica.com.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.tecnotica.com.br Defaced by: Fuby Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.one-ton.co.uk Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.one-ton.co.uk Defaced by: Fuby Operating System: Linux (Apache 1.2.6) Potentially offensive content on defaced page. Defaced domain: www.sincovam.com.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.sincovam.com.br Defaced by: Fuby Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.14 by assdebuger HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.laredo.k12.tx.us Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.laredo.k12.tx.us Defaced by: f1ber Operating System: Windows NT (IIS/3.0) Potentially offensive content on defaced page. Defaced domain: www.thsrock.net Site Title: Trinity High School Rocknet Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.thsrock.net Defaced by: f1ber Operating System: Windows NT (WebSitePro/2.3.15) Potentially offensive content on defaced page. Defaced domain: www.acia.com.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.acia.com.br Defaced by: AssDebuger Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.13 by assdebuger Potentially offensive content on defaced page. Defaced domain: www.super-cyprus.com Site Title: Super Computers Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.super-cyprus.com Defaced by: ReDHacK Operating System: Linux (Apache 1.3.6) Potentially offensive content on defaced page. Defaced domain: www.busimedia.com Site Title: Busimedia Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.busimedia.com Defaced by: pr1sm Operating System: Windows NT (IIS/4.0) HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.cvm.gov.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.cvm.gov.br Defaced by: inferno.br Operating System: Windows NT (IIS/3.0) Potentially offensive content on defaced page. Defaced domain: facepe.pe.gov.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/facepe.pe.gov.br Defaced by: Einstein Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: ninja.dobedo.com Site Title: BeeDo AB Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/ninja.dobedo.com Defaced by: Da Eternal Operating System: Linux (SuSE) (Apache 1.3.6) Potentially offensive content on defaced page. Defaced domain: www.marista.com.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.marista.com.br Defaced by: fybra optica Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.gaymen.com Site Title: Albert J. Productions Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.gaymen.com Defaced by: Hacking 4 Ponies Operating System: Solaris (Apache 1.3.4) Potentially offensive content on defaced page. Defaced domain: www.erotikfotos.com Site Title: Ioannis Galianos Mirror: http://www.attrition.org/mirror/attrition/1999/12/17/www.erotikfotos.com Defaced by: HiP Operating System: BSDI 4.0.1 Potentially offensive content on defaced page. Defaced domain: www.lfcontabilidade.com.br Site Title: LF Contabilidade Mirror: http://www.attrition.org/mirror/attrition/1999/12/17/www.lfcontabilidade.com.br Defaced by: Death Knights Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.bhv.hn Mirror: http://www.attrition.org/mirror/attrition/1999/12/17/www.bhv.hn Defaced by: essaye Operating System: Windows NT (IIS/4.0) Previously defaced on 3 times by Potentially offensive content on defaced page. Defaced domain: www.tractors.com Site Title: Volks Media Corporation Mirror: http://www.attrition.org/mirror/attrition/1999/12/17/www.tractors.com Defaced by: analognet Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.activedev.net Site Title: Active Development Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.activedev.net Defaced by: acidklown Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.07 by pyrostorm666 Potentially offensive content on defaced page. Defaced domain: www.one-ton.co.uk Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.one-ton.co.uk Operating System: Linux (Apache/1.2.6 FrontPage/3.0.4) Potentially offensive content on defaced page. Defaced domain: www.ciavex.ensino.eb.br Site Title: Centro de Instrução de Aviação do Exército Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.ciavex.ensino.eb.br Defaced by: inferno.br Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: ceasa.mg.gov.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/ceasa.mg.gov.br Defaced by: C0VER and FOX-FIRE Operating System: SCO OpenServer Release 5 (Netscape-Communications/1.12) Potentially offensive content on defaced page Defaced domain: www.uncf.org Site Title: United Negro College Fund Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.uncf.org Defaced by: analognet Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.map.org Site Title: MAP International Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.map.org Defaced by: AnalogNet Operating System: Solaris Defaced domain: www.travelersaid.org Site Title: Travelers Aid International Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.travelersaid.org Defaced by: AnalogNet Operating System: Windows NT Defaced domain: www.worldevangelical.org Site Title: World Evangelical Fellowship Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.worldevangelical.org Defaced by: AnalogNe Operating System: Linux Defaced domain: www.wavetec.com Site Title: Wavetech Pvt Ltd Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.wavetec.com Defaced by: pr1sm Operating System: SCO Unix HIDDEN comments in the HTML. Defaced domain: www.aausports.org Site Title: Amateur Athletic Union Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.aausports.org Defaced by: Analognet Operating System: Windows NT Defaced domain: www.fairus.org Site Title: The Federation for American Immigration Reform Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.fairus.org Defaced by: AnalogNet Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.chemmarket.gov.cn Site Title: China Chem Market Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.chemmarket.gov.cn Operating System: Windows NT FREE KEVIN reference in the HTML Defaced domain: www.curearthritis.org Site Title: Arthritis National Research Foundation Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.curearthritis.org Defaced by: Analognet Operating System: Windows NT Defaced domain: www.workplacesolutions.org Site Title: Wider Opportunities for Women Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.workplacesolutions.org Defaced by: hyrax Operating System: Windows NT (IIS/4.0) Previously defaced on 99.10.12 99.10.11 99.12.04 by HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.cphv.org Site Title: Center to Prevent Handgun Violence Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.cphv.org Defaced by: Analognet Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: tiflex.co.uk Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/tiflex.co.uk Defaced by: BLN Operating System: Linux (Apache 1.2.6 FrontPage/3.0.4) Potentially offensive content on defaced page. Defaced domain: tajtec.co.uk Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/tajtec.co.uk Defaced by: BLN Operating System: Linux (Apache 1.2.6) Potentially offensive content on defaced page Defaced domain: www.riverside-gallery.com Site Title: Riverside Gallery Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.riverside-gallery.com Defaced by: BLN Operating System: Linux (Apache 1.2.6) Potentially offensive content on defaced page. Defaced domain: www.dalebrook.com Site Title: Dalebrook Supplies Ltd. Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.dalebrook.com Defaced by: BLN Operating System: Linux (Apache 1.2.6) Potentially offensive content on defaced page. Defaced domain: www.zenworksmaster.com Site Title: ZENMaster Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.zenworksmaster.com Defaced by: BLN Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.thegolftravelcenter.com Site Title: Randy Young Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.thegolftravelcenter.com Defaced by: BLN Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.allamanda.com Site Title: Allamanda Pte Ltd Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.allamanda.com Defaced by: BLN Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.easterntreasures.com Site Title: Van Dale, Jennifer Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.easterntreasures.com Defaced by: BLN Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.netport.com.ni Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.netport.com.ni Defaced by: nemesystm Operating System: Windows NT (IIS/2.0) Potentially offensive content on defaced page. Defaced domain: www.endometriosisassn.org Site Title: Endometriosis Association Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.endometriosisassn.org Defaced by: Analognet Operating System: Linux Defaced domain: www.city.surrey.bc.ca Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.city.surrey.bc.ca Defaced by: unknown Operating System: NT HIDDEN comments in the HTML. Defaced domain: svs.saude.gov.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/svs.saude.gov.br Defaced by: Fuby Operating System: NT Previously defaced on 99.12.18 by OHB HIDDEN comments in the HTML. Defaced domain: www.attriat.com.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.attriat.com.br Defaced by: Oxygen Team Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.americana.sp.gov.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.americana.sp.gov.br Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.map.org Site Title: MAP International Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.map.org Defaced by: pr1sm/FUBY Operating System: Solaris 2.6 - 2.7 (Netscape-Commerce/1.12) Previously defaced on 99.12.18 by Analognet HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.gotti.ind.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.gotti.ind.br Defaced by: Cybersoldiers Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.fairus.org Site Title: FAIR Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.fairus.org Defaced by: Fuby Operating System: NT Previously defaced on 99.12.18 by Analognet HIDDEN comments in the HTML Defaced domain: www.animalwelfare.com Site Title: Animal Welfare Institute Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.animalwelfare.com Defaced by: Analognet Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.acia.com.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.acia.com.br Defaced by: OHB Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.animalwelfare.com Site Title: Animal Welfare Institute Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.animalwelfare.com Defaced by: Analognet Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.sd36.surrey.bc.ca Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.sd36.surrey.bc.ca Defaced by: Nitro Operating System: NT Defaced domain: www.torahacademy.org Site Title: MTC Enterprises Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.torahacademy.org Defaced by: f1ber Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.cellularone.com.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.cellularone.com.br Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: lmd.gsfc.nasa.gov Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/lmd.gsfc.nasa.gov Defaced by: JLM Operating System: Windows NT (IIS/3.0) Previously defaced on 99.05.01 by forpaxe Potentially offensive content on defaced page. Defaced domain: www.one-ton.co.uk Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.one-ton.co.uk Defaced by: Fuby Operating System: Linux Previously defaced on 99.12.16 by hyrax HIDDEN comments in the HTML. Defaced domain: www.tecnotica.com.br Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.tecnotica.com.br Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.16 and 99.12.15 by Potentially offensive content on defaced page. Defaced domain: y2k.dpc.vic.gov.au Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/y2k.dpc.vic.gov.au Defaced by: NET ILLUSION Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page Defaced domain: www.rpbusa.org Site Title: Research to Prevent Blindness Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.rpbusa.org Defaced by: Analognet Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.worldevangelical.org Site Title: World Evangelical Fellowship Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.worldevangelical.org Defaced by: Fuby Operating System: Linux Previously defaced on 99.12.18 by Analognet HIDDEN comments in the HTML. Defaced domain: www.jdfcure.org Site Title: Juvenile Diabetes Foundation International Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.jdfcure.org Defaced by: Analognet Operating System: Windows NT Defaced domain: lmd.gsfc.nasa.gov Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/lmd.gsfc.nasa.gov Defaced by: AC Operating System: Windows NT (IIS/3.0) Previously defaced on 99.05.01 99.12.19 by Potentially offensive content on defaced page. and more sites at the attrition cracked web sites mirror: http://www.attrition.org/mirror/attrition/index.html ------------------------------------------------------------------------- A.0 APPENDICES _________________________________________________________________________ A.1 PHACVW, sekurity, security, cyberwar links ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The links are no longer maintained in this file, there is now a links section on the http://welcome.to/HWA.hax0r.news/ url so check there for current links etc. The hack FAQ (The #hack/alt.2600 faq) http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html Hacker's Jargon File (The quote file) http://www.lysator.liu.se/hackdict/split2/main_index.html New Hacker's Jargon File. http://www.tuxedo.org/~esr/jargon/ HWA.hax0r.news Mirror Sites around the world: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://datatwirl.intranova.net ** NEW ** http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ ** NEW ** http://net-security.org/hwahaxornews ** NEW ** http://www.sysbreakers.com/hwa ** NEW ** http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.hackunlimited.com/zine/hwa/ *UPDATED* http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa.*DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ http://hwa.hax0r.news.8m.com/ http://www.fortunecity.com/skyscraper/feature/103/ International links:(TBC) ~~~~~~~~~~~~~~~~~~~~~~~~~ Foreign correspondants and others please send in news site links that have security news from foreign countries for inclusion in this list thanks... - Ed Belgium.......: http://securax.org/cum/ *New address* Brasil........: http://www.psynet.net/ka0z http://www.elementais.cjb.net Canada .......: http://www.hackcanada.com Croatia.......: http://security.monitor.hr Columbia......: http://www.cascabel.8m.com http://www.intrusos.cjb.net Finland ........http://hackunlimited.com/ Germany ........http://www.alldas.de/ http://www.security-news.com/ Indonesia.....: http://www.k-elektronik.org/index2.html http://members.xoom.com/neblonica/ http://hackerlink.or.id/ Netherlands...: http://security.pine.nl/ Russia........: http://www.tsu.ru/~eugene/ Singapore.....: http://www.icepoint.com South Africa ...http://www.hackers.co.za http://www.hack.co.za http://www.posthuman.za.net Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first and best security related e-zine. .za (South Africa) sites contributed by wyzwun tnx guy... Got a link for this section? email it to hwa@press.usmc.net and i'll review it and post it here if it merits it. @HWA -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- © 1998, 1999 (c) Cruciphux/HWA.hax0r.news (R) { w00t } -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]