[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 6 Volume 1 1999 Feb 13/14th 99 ========================================================================== "You know its going to be one of those days when you wake up at 4am and go into #insomniacs for some company but everyone else is asleep..." - VeXxation Synopsis -------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... <g> @HWA ------------------------------------------------------------------------- Welcome to HWA.hax0r.news ... #6 S P E C I A L I S S U E tHe |<rAd sT. vA13nt1n3s DaY m4554cr3 1s5u3 "...F.V? (Fantasy Violence) what about R.V? (Real Violence), there are kids shooting each other on the streets abd congress is worrying about the coyote dropping an anvil on the roadrunner" - FProphet'99 ------------------------------------------------------------------------- Issue #6 middle release, Feb 13th 1999 Yes you SHOULD worry. ------------------------------------------------------------------------- 'imapd THIS muthafuckaz' _____/[ INDEX ]\___________________________________________________________ Key Content --------------------------------------------------------------------------- 0.0 .. COPYRIGHTS 0.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC 0.2 .. SOURCES 0.3 .. THIS IS WHO WE ARE 0.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'? 0.5 .. THE HWA_FAQ V1.0 ---------------------------------------------------------------------------- 1.0 .. Greets 1.1 .. Last minute stuff, rumours, newsbytes, mailbag 2.0 .. From the editor 3.0 .. The Future of Hacking by pH4RcYd3 3.1 .. Angelfire Flaws by pH4RcYd3 3.2 .. Some underground prose from Liquid Phire 4.0 .. Intercepted log from a private LoU irc conference courtesy of Ruffneck 5.0 .. Microsoft security advisories 5.1 .. Sun security advisories 5.2 .. eYE security advisories 6.0 .. Arbitrary command execution using Pine 7.0 .. Hacking in Germany by Qubik 8.0 .. Spotlight on: Project Gamma by Qubik 9.0 .. Secret Cyber Sex; Gary, your secret is out! 10.0 .. So is Mr Lewis's Kidney! 11.0 .. Free Email acct's full of security holes? 12.0 .. Quebec government's hacker challenge 13.0 .. News from Tokyo from Wile A.0 .. APPENDICES A.1 .. PHACVW linx and references --------------------------------------------------------------------------- The name Linus means "flaxen-haired" and is of Greek origin ...- Ed "Shouting the loudest does not make you right or true" - FP --------------------------------------------------------------------------- @HWA'99 0.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 0.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Has it occurred to anybody that "AOL for Dummies" is an extremely redundant name for a book? - unknown Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. <g> - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. If you still can't think of anything you're probably not that interesting a person after all so don't worry about it <BeG> Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 0.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. HiR:Hackers Information Report... http://axon.jccc.net/hir/ News & I/O zine ................. http://www.antionline.com/ *News/Hacker site................. http://www.bikkel.com/~demoniz/ *DOWN!* News (New site unconfirmed).......http://cnewz98.hypermart.net/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ ...............http://www.l0pht.com/ NewsTrolls (HNN)..................http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD ..............................http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... * Yes demoniz is now officially retired, if you go to that site though the Bikkel web board (as of this writing) is STILL ACTIVE, www.hwa-iwa.org will also be hosting a webboard as soon as that site comes online perhaps you can visit it and check us out if I can get some decent wwwboard code running I don't really want to write my own, another alternative being considered is a telnet bbs that will be semi-open to all, you will be kept posted. - cruciphux http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=cracker&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=cracker http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=cracker http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=cracker http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. Referenced news links ~~~~~~~~~~~~~~~~~~~~~ http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://www.l0pht.com/cyberul.html http://www.hackernews.com/archive.html?122998.html http://ech0.cjb.net ech0 Security http://net-security.org Net Security ... Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) BEST-OF-SECURITY Subscription Info. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _/_/_/ _/_/ _/_/_/ _/ _/ _/ _/ _/ _/_/_/ _/ _/ _/_/ _/ _/ _/ _/ _/ _/_/_/ _/_/ _/_/_/ Best Of Security "echo subscribe|mail best-of-security-request@suburbia.net" or "echo subscribe|mail best-of-security-request-d@suburbia.net" (weekly digest) For those of you that just don't get the above, try sending a message to best-of-security-request@suburbia.net with a subject and body of subscribe and you will get added to the list (maybe, if the admin likes your email). @HWA 0.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ 'A "thug" was once the name for a ritual strangler, and is taken from the Hindu word Thag... ' - Ed Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ scruciphux@dok.org.......... currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution And an HWA member doing the job of proof reading: vexxation@usa.net ........: currently active/IRC+ proof reading Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ATTENTION: All foreign correspondants please check in or be removed by next issue I need your current emails since contact info was recently lost in a HD mishap and i'm not carrying any deadweight. Plus we need more people sending in info, my apologies for not getting back to you if you sent in January I lost it, please resend. N0Portz ..........................: Australia Qubik ............................: United Kingdom system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland And unofficially yet contributing too much to ignore ;) Spikeman .........................: World media Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed http://www.genocide2600.com/~spikeman/ .. Spikeman's DoS and protection site Contributors to this issue: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ liquid phire......................: underground prose pH4RcYd3 .........................: The Future of Hacking+ Qubik ............................: Hacking in Germany+ Ruffneck .........................: LoU irc log+ Spikeman .........................: daily news updates+ Wile .............................: News from Tokyo :-p 1. We do NOT work for the government in any shape or form. 2. Unchanged since issue #1, @HWA 0.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' <see article in issue #4> this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff 0.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (unchanged) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) *AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? CC - Credit Card phraud CCC - Chaos Computer Club (Germany) EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) PHACV - And variations of same <coff> Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking <software> C - Cracking <systems hacking> V - Virus W - Warfare <cyberwarfare usually as in Jihad> CT - Cyber Terrorism TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. 1.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. Shouts to: * Kevin Mitnick * demoniz * The l0pht crew * tattooman * Dicentra * Pyra * Vexxation * FProphet * TwistedP * NeMstah * the readers * all the people who sent in cool emails and support * our new 'staff' members. kewl sites: + http://www.freshmeat.net/ + http://www.slashdot.org/ + http://www.l0pht.com/ + http://www.2600.com/ + http://hacknews.bikkel.com/ (http://www.bikkel.com/~demoniz/) + http://www.legions.org/ + http://www.genocide2600.com/ + http://www.genocide2600.com/~spikeman/ + http://www.genocide2600.com/~tattooman/ + http://www.hackernews.com/ (Went online same time we started issue 1!) @HWA 1.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ Check out http://c5.hakker.com/ kewl hostname, kewl host, i was bribed to say this and its in German so I dunno if its great or not but check em out anyways, webhosting, email forwarding etc etc ;) (Pages in German) ++ IS YOUR 'FREEMAIL' ACCOUNT FULL OF SECURITY HOLES? Contributed by me, source: ZDNet news, see section 11 for the full article. If you have an account on Hotmail, Yahoo!, or Excite, it's vulnerable to hackers. Ira Winkler investigates the security risks of free e-mail services. http://chkpt.zdnet.com/chkpt/zdnu99021301/www.zdnet.com/zdtv/cybercrime/spyfiles/story/0,3700,2205746,00.html ++ 15 YR OLD AND 18 YR OLD BUSTED FOR ATTEMPTED COMPUTER BREAKINS (HNN/contributed by erehwon) Source: Washington Post Vienna Virginia police have arrested a 15 year old freshman for breaking into the computers at Clemson University and attempting to break into systems at NASA. The Vienna student was arrested Feb. 1 on charges of felony computer trespass and misdemeanor computer fraud. Authorities in South Carolina have arrested Steven Ray McAlister, 18, of Pelzer, S.C., and charged him with conspiracy to commit computer crime, naming the Vienna youth as his co-conspirator. http://search.washingtonpost.com/wp-srv/WPlate/1999-02/12/032l-021299-idx.html ++ Dallas Semi Debuts Single-Chip Temperature Data Logger Contributed to HWA by Spikeman Source: techweb † ††† DS1615 Temperature Recorder integrates a Y2K-compatible †† †† real-time clock, digital thermometer, nonvolatile memory, control†††† logic, and serial interface. http://www.techweb.com/wire/story/TWB19990211S0008††††++ Where's Waldo? Maybe On The Edge Of A Chip Contributed to HWA by Spikeman Source: techweb ††† † Designers have been putting their initials on chips for years, but†††† finer geometries open the possibility of more sophisticated images,†††† such as cartoon characters. http://www.techweb.com/wire/story/TWB19990211S0001 ++ AT&T CEO: Scrap Phone-Access Charges Contributed to HWA by Spikeman Source: techweb †††† Dumping access charges means an end to universal service, a †††† decades-long tradition of low-cost phone service to rural areas. http://www.techweb.com/wire/story/TWB19990210S0016 ††++ DOJ: Microsoft Feared Fair Competition Contributed to HWA by Spikeman Source: techweb †††† The government's lead attorney says Microsoft feared competing†††† with Netscape and relied on exclusionary contracts with ISPs. http://www.techweb.com/wire/story/msftdoj/TWB19990210S0014 ++ Gateway Looks To Serve Networked Homes Contributed to HWA by Spikeman Source: techweb †††† Gateway is designing a server to serve the networked home of the†† †† future. http://www.techweb.com/wire/story/TWB19990210S0017 ++ MTV's Road Rules, a hacker haven? Abe, some dork on Road Rules an MTV show was seen sporting an "official" r00t hat... you mean just anyone can't make a hat with "r00t" on it? geez anyway w00t to the r00t ... contributed by everyone and even discussed on irc and dc-stuff ... (*sigh*) watch for the new HWA.hax0r.news t-shirts and hats to come soon!!! =) (No offense to r00t intended, they rock harder than MTV ever could - Ed ps. add me to the bots! ? whats the #Hack key? ;) <sic> ++ Online Freedom Of Information Sparks Fears Contributed to HWA by Spikeman Source: techweb †††† Requirement to publish disaster information about nation's chemical†† †† plants may be road map for terrorists, lawmakers say. http://www.techweb.com/wire/story/TWB19990210S0015 ++ ONLINE PORN† VIGILANTE "A LIAR" (CULT. 9:20 am) Contributed to HWA by Spikeman Source: ZDNnet news http://www.wired.com/news/news/email/explode-infobeat/culture/story/17789.html ††††††A former hacker made headlines all over the world when he declared war on child pornographers. But his one-man campaign wasn't all it was cracked up to be. By Steve Silberman. ++ FREE PCS -- WITH A CATCH (BUS. 7:28 am) Contributed to HWA by Spikeman Source: ZDNet news http://www.wired.com/news/news/email/explode-infobeat/business/story/17783.html†††††††A California start-up is offering Compaq computers to the†††††††first 10,000 people to sign away their consumer privacy. ++ BT, MICROSOFT IN WIRELESS DEAL (BUS. 7:28 am) Contributed to HWA by Spikeman Source: ZDNet news http://www.wired.com/news/news/email/explode-infobeat/business/story/17784.html†††††††The two companies reach an agreement to develop Internet and†††††††corporate data services for mobile users.†††††††††††++ CHINESE DISSIDENT APPEALS (POL. 7:28 am) Contributed to HWA by Spikeman Source: ZDNet news http://www.wired.com/news/news/email/explode-infobeat/politics/story/17785.html†††††† A software engineer is fighting the two-year sentence that a†Shanghai court gave him for providing email addresses to†US-based publications. ++ Early Y2K Suit Struck Down Contributed to HWA by Spikeman Source: The Recorder " ...in California Intuit Inc. has won another round in the ongoing Y2K litigation wars. A California judge has dismissed most of the case against it in a combined class action suit, In re Intuit Inc. Year 2000 California Litigation. Plaintiffs had alleged that Intuit's Quicken financial software is not Year 2000 compliant and that consumers had already been damaged as a result. The judge threw out damages and fraud claims, but said plaintiffs could amend their injunctive relief complaint, which centers on the charge that Intuit engaged in unfair business practices." (The Recorder) -- For complete story, see; http://www.lawnewsnetwork.com/stories/feb/e020899k.html) ++ HACKER STEALS WOMAN'S PASSWORD, SENDS PORNO OFFER IN HER NAME - SF Gate 02/04/99 Contributed to HWA by Spikeman Source: SF Gate http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/1999/02/04/state1338EST0026.DTL (02-04) 10:38 PST APTOS, Calif. (AP) -- A 70-year-old woman who used the Internet to learn about quilting and coins was targeted by a hacker who stole her password and used it to send 22,000 pornographic e-mails in her name. "Lucille Nordgren, a grandmother of five, thought America Online was a convenient way to follow her hobbies. She was still reeling on Thursday from the news her account was used to send electronic ads for a web site offering ``incest, fetishes, super young teens, wild orgies and bondage.'' ++ Web Site Won Contributed to HWA by Spikeman The anti-abortion Web site the Nuremberg Files was thrown on the defensive by last week's federal court jury verdict. Then, the site was shut down Friday afternoon by its Internet service provider, MindSpring. However, 54-year-old computer programmer Otis O'Neal "Neal" Horsley, is searching for another ISP. The good news for Horsley is that the judge in the Portland, Ore., case refused to grant an injunction closing down the site. "If I go to jail over this, I take the First Amendment with me," Horsley said. (Fulton County Daily Report -- For complete story, see http://www.lawnewsnetwork.com/stories/feb/e020899h.html) ++ Intel Trying to Oust FTC Lawyer Contributed to HWA by Spikeman Intel is trying to bench the lead government counsel in the Federal Trade Commission's antitrust case against the chip maker. Richard Parker, deputy director of the agency's competition bureau and first chair for the upcoming March 9 trial, is the subject of a motion to disqualify. Intel filed the motion under seal last month. The company declined to comment on its grounds for disqualifying Parker, but Parker's former law firm, O'Melveny & Myers, represented Advanced Micro Devices in its court battles with Intel in the early '90s, and former O'Melveny partner Tom McCoy left the firm to become AMD's general counsel. An FTC spokesperson said that it had cleared Parker's involvement in the case with two ethics experts. (CNET News -- For complete story, see http://www.news.com/News/Item/0,4,32148,00.html?st.ne.ni.lh) Mucho thanks to Spikeman for directing his efforts to our cause of bringing you the news you want to read about in a timely manner ... - Ed @HWA 2.0 From the editor. ~~~~~~~~~~~~~~~~ #include <stdio.h> #include <insight.h> #include <backup.h> main() { printf ("Read commented source!\n\n"); /* *Ok kiddies we're pumping out some more stuff here as we steamroll into *issue #6 i'm wondering if we can really pull off a weekly release as *hoped. I mean hopefully not too many people are getting caught and not *too many sites (bah hahahaha yeah right) are being vandalized by the script *kiddiez etc. Work continues on hwa-iwa.org which is running Debian Linux at *this time, i'm playing around with some stuff there but don't bother port *scanning etc u won't find anything interesting on that box unless you really *want to snarf half written articles <grin> etc ... besides if you did break *in i'd just end up writing a story about it so whats the point? *g* moving *right along, thanks for the continued support everyone and tty next time... */ printf ("EoF.\n"); } www.hwa-iwa.org is now online but not ready for primetime yet, if you go there you will just be presented with a link to the HWA.hax0r.news mirrors the site is under major development and will be announced here when it goes "online for primetime" with webboard and file archives etc etc, stay tuned for more as it becomes available ie: as I get it done ... ;) Issue #6! ... w00t w00t w00t! ... w00t! /`wu:t n & v w00ten /`wu:ten n & v Eng. Unk. 1. A transcursion or transcendance into joy from an otherwise inert state 2. Something Cruciphux can't go a day without typing on Efnet Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. @HWA 3.0 The Future of Hacking by pH4RcYd3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------- The Future of Hacking ========================= by pH4RcYd3!pDX [ pArAd0x ] pH4RcYd3@hotmail.com The future of Hacking some people do not think about...But as I was browsing CyberArmy.com's WWWBoard for some interesting conversations I was bombarded by messages saying "Anyone have a Win98 Spoofer" and "How do you find out someone's IP number in AOL" and such things like that. These tell me one thing about a person...LAMER! These people do not know any other OS except Winblowz and like to nuke and punt people for whatever immature reason. They like to send out virii and scerew up someone's computer for no absolute reason. If I ever met one of these people in person you know what I would see? I would see a 13 yr. old boy (or girl) cowering behind his WinNuke walking around a computer store asking people if they memorized there IP number and if they did, can they give it to him. Now I realize that i'm generalizing packet warriors at around teen years, but I won't be quick to speak for all 13 yr olds. Some of them may have a great understanding of Unix and all its other variations and might be more l33t than yours truly. But if you've ever gotten into a fight with someone from AOL, or any other packet warrior they think there hackers and they try to mailbomb you and nuke you, icmp you, and any other windows based attack. Not to say that I hate AOL, it's just some packet warrior newbies, meaning new to DoS attacks and such are usually from AOL, and they started out using punters. In fact I think AOL is good for people that don't have that much experience with being online and on the internet, AOL provides a lovely user interface, and is definitely user friendly. Now if these people ever got into Linux they would probaly be teardropping and smurfing everybody but that's not the case because there to illiterate to new information. The information they could find on Webpages by spending 2 to 3 hours everyday reading articles is amazing. But they choose not to. I didn't say they were to dumb to learn how to use any other OS, or to learn some of the flaws of a system. They just don't want to, to learn something you have to want to learn it. But when they finally, maybe, when when they r00t there first server, they usually did it by an exploit. Script kiddies aren't that bad, to exploit the bug in the system you must first upload the exploit, to upload something you need an account? How did they get the account? Well probaly by getting the passwd file and cracking it if it's not shadowed. This is better than having them running around IRC shoving packets down peoples throats. At least there out there learning atleast SOMETHING from hacking a server. I would rather have them find some other way to gain entry to a server but hey, somethings will never change. I'm truly interested too see what the future of Hacking will have instore for us. What did u think of this article? Drop me a line at <a href="mailto:pH4RcYd3@hotmail.com">pH4RcYd3@hotmail.com</a> @HWA 3.1 Angelfire Security flaws by pH4RcYd3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ============================ Angelfire Security Flaws by pH4RcYd3(@hotmail.com) pDX![ pArAd0x ] ---------------------------- Slightly reformatted/edited for clarity - Ed Introduction ~~~~~~~~~~~~ Earlier in the year, I found an article on the web that eZoOns wrote about hacking Angelfire. The method of social engineering and method to hack Angelfire was insignificant. I offer you what I think is a better article. Remember this is for educational purposes only and I take no responsibility for what you might do with this information. First Things First ~~~~~~~~~~~~~~~~~~ Well first you have to get the page that you get right after you login to your Angelfire account. This page is called BEDIT.HTML And a couple ines down from the <html> is their password. <font color=teal>Your page <a href="http://www.angelfire.com/ak2/r00t7/index.html"> http://www.angelfire.com/mi/KrazieBread/index.html </a> has been saved. <br> You may have to click Reload or Super-Reload (Shift+Reload) to see your edited page and not your old version when you go to your URL. <br>You can also announce your new page on <a href="http://homepages.whowhere.com/bin/showpage.pl?add">WhoWhere?</a>, <a href="http://newtoo.manifest.com/"><u>What's New Too!</u></a>, or if you really want to get noticed, go to <a href="http://www.submit-it.com/"> <u>Submit It!</u></a><br>Tune up your Web Site at the <a href="http://www.angelfire.com/cgi-bin/ct?ad=websitegarage&vp=/index. clicked&ru=http://www.websitegarage.com/whowhere">Web Site Garage</a>.</font> </td></tr></table></center> <form select method="post" action="http://www.angelfire.com/cgi-bin/bedit"> <input type="hidden" name="storage" value="mi"> <input type="hidden" name="hpd" value="r00t"> <input type="hidden" name="password" value="r00t7"> <-------THE PASSWORD!!! Alright so now you know where the password is, finding the username is a synch because it's in their URL. Http://www.angelfire.com/whatever/USERNAME/ This is a dumb flaw in the Angelfire user security, yet a very dangerous one if used right.Kind of lame actually. Moving in for the Kill ~~~~~~~~~~~~~~~~~~~~~~ Ok first things first 1.) Find some guy that you want to hack and tell him that you found a bug in IE 4.0 and Netscape Communicator that let's you install keyloggers and packet sniffers on their system through a perl script. 2.) Tell the guy you need his bedit.html page because you need some of the info on there, cause if you don't have it the script won't work. 3.) After he sends u the file get the shit you need...Login, and then from the bedit.html page click change e-mail (don't use your real one) one from Hotmail or something. 4.) Whatever you want to do with the page is your choice, but remember.. be mature about it and don't do anything you'll regret later..that line sounded stupid. Conclusion ~~~~~~~~~~ Well I hope you've enjoyed this article. Thanx to eZoOns for discovering this vulnerability in the Angelfire system. And greetz to IllumiTIE, Big Cheese, JellyNuts, Optiklenz, GodsHippy, Legion2000, HcV, HFG, and all black hat hackzers!#%^ Side note; ~~~~~~~~~~ BTW, although Hotmail is a favourite of 'hackers' make sure you all realize that whatever ip you are logged in from when sending a message is INCLUDED in the HEADERS of your message. Not everyone can see these if they are using some shit software by a small concern called Mircosloth or Mickeysnoft or some wacked shit like that so be forewarned, HOTMAIL IS NOT ANONYMOUS and using a hacked acct to send the mail can be incriminating so be careful, use a mail forwarding service like netaddress and nightmail, anyone wanna do an article on anonymous mailing/receiving? - Ed @HWA 3.2 Some underground prose by Liquid Phire ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I really liked this, it grabs you by the short hairs and pulls tightly read it and understand, for this is very much what it is like to be a part of the underground as a newbie and beyond. - Ed Reorder (c) 1999 phiregod i am a hunter, searching this underground of electricity for an indiana jones-esque treasure. i plunge through the piles of bullshit, and sever the arteries of the sane. i found god, and i wasnt pleased, i found the messiah, and i wasnt saved. my very soul did i lay upon the altar, and when i lost it, i found it never was. machiavellian superheros shook my hand and turned their backs. my vision was clouded by the ciggerette smoke, and my voice was hindered by a well meaning gag. i placed my hands on the planchette and found the answer that i already knew. on a bloody sunday, i covered my eyes as to not see the plague. i felt the refreshing rain of revolution on my burning skin and i cried. i climbed the highest mountian i could find, surmounted the greatest challange and i found not even that was enough to distract me from the pain i felt. there are too many people to save, too many to even count. i read every bit of weathered parchment that i coud find, i plundered the the lair of every thief in search of text that would provide redemption. i gazed into the cherubic eyes, i smiled back at the chesire grins, i found no path to follow. at this point it was obvious that i would have to cut the road myself. The line was busy. The line was busy. The line was busy. The line was busy. The line was busy. as a draw another breath through my hookah of modern voodoo an image of a brave new world floods my mind. this sarcophagus of a free medium is merely another channel to convey advertisements. the few that dare to betray what they were born for, are hunted by those that serve the institution that we call a government. this house of cards that we reside in will not protect us from the inevitable storm. i have joined the danse macabre, i close my eyes to avoid the light. in this year 1984 i feel forced to conform to a norm that doesnt exsist. fleeting glimpses of a better place catch my eye as i take the hand of anubis and desend into the world i belong. in these apocalyptic times it is easier to turn away then to face the fight. i listen to the anthems of every power crazed country, i've found occasion to sing along, looking for a cause to fight for. more people here are looking for fame and fortune, i became a god when i lost the desire to obtain what i couldnt have. i was baptized in the runoff the the information super highway, yes, it even rains in hell. i've shed my armor of warez, i burned the castle of manuals, and i'm trying to say what others cant put into words. i followed dante's footsteps, and i drank hamlet's wine. if i'm going to die then i have nothing left to lose. if i seek not fame or fortune, i have nothing left to win. i want every scrap of information that was ever given birth to in this maquis, i seek to become the personifacation of what no one can have. this is the manifesto of the product of modern life; money, comic books, games, knowledge, and sex. i'm not claiming everyone belives this, i doubt many of the few that will read it will understand in a vauge way what i am trying to say. thats not a bad thing, the more poeple that are blind, the easier it will be to slip by unnoticed. this is where i belong, a faceless name, in all the faceless names that swarm the internet. phiregod comments: liquidphire@hotmail.com cc: hwa@press.usmc.net I took the liberty of naming this piece "reorder" the phreaks will understand this one, hope phiregod doesn't mind, keep writing and don't give up, some of us do understand ... - Ed @HWA 4.0 The LoU irc log with comments from ex-LoU member Bronc Buster ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I was unable to release this earlier because my source was not given permission to pass this on, however things have settled somewhat and it is now "ok" to include here so here it is in its' entirety, hopefully it will shed a bit of light on the whole LoU situation or at least add to the intrigue, unabridged please note that none of this information has been confirmed and the source is "unknown" please remember this when reading, however it does look legit and jives with what we have seen in the past regarding the LoU story, machine names of people joining the chat have been REMOVED by me for obvious reasons ... * NOTE * An informative message and some enlightened words follow this log (no apologies for the length we try to put out news with as little 'editing' as possible..) from Bronc Buster whom has, effective two days prior to this writing resigned from LoU on friendly terms. - Ed Subject: IRC log Date: Thu, 21 Jan 1999 19:36:16 +0100 From: "John" <ruffneck@xxxxxxx.xxx> To: <cruciphux@dok.org> Hi! <snip> Here's the complete log of the IRC meeting of LoU and others... <snip> Session Start: Wed Jan 20 02:34:46 1999 * Logging #event to '#event.log' [02:34] *** Now talking in #event [02:38] *** Joins: kInGb0nG (~lil_b0ng@*!*.com) [02:45] *** Joins: m0f0__ (synnergy@*!*.??) [02:46] *** m0f0 is now known as fewer [02:47] <delam> heh [02:47] <m0f0_> is it fixed yet? [02:48] <delam> which problem is that? [02:48] <m0f0_> the bitchx one [02:48] <delam> I'm compiling bitchx right now on the server [02:48] *** Quits: feur (irc, where is the wizard of OZ) [02:48] <m0f0_> ok, i compiled, epic, ircii, sirc.. but i don;t like them all [02:49] *** Quits: m0f0- (Leaving) [02:49] *** Quits: fewer (Leaving) [02:49] *** Quits: m0f0__ (Hey! Where'd my controlling terminal go?) [02:49] *** m0f0_ is now known as m0f0 [02:49] <delam> what did you find bitchx was doing or not doing? [02:49] <m0f0> it says nick not registered yet [02:50] <m0f0> you can join a channel, but not talk in there [02:51] *** Joins: feur (~cifer@*!*.rr.com) [02:51] <delam> weird [02:54] <dyslexia> some people are still getting a no more connectiions i= n your class message [02:55] <delam> that's bizzare.. lemmy check the classes 1 more time [02:55] <m0f0> rehash the server? [02:55] *** Joins: lothos (lothos@*!*.??) [02:57] <delam> class 10 is set to 100, class 2 is set to 50 and class 1 = is set to 400 [02:58] <delam> just HUP'ed to make sure it's loaded [02:58] *** Joins: cd (~gerrie@*!*.net) [02:58] <m0f0> ok, let's see then [03:00] <optiklenz> ok [03:00] *** Joins: sdak (synnergy@*!*.net) [03:00] *** Quits: sdak (BitchX by any other name is still BitchX) [03:00] <m0f0> bitchx still flips here, bleh [03:00] *** Joins: Kanuchsa (das@*!*.com) [03:02] *** Joins: DigiEbola (digi@*!*.net) [03:02] <DigiEbola> ok [03:02] <DigiEbola> cant you this type? [03:02] <m0f0> yeah, you dweeb [03:03] * feur is away, autoaway [log:ON] [page:ON] [03:03] *** Quits: Kanuchsa (: Xing) [03:03] *** Joins: Winn (Winn@*!*.uu.net) [03:03] *** Joins: MsIW (Beachie@*!*.uu.net) [03:04] *** Parts: lothos (lothos@*!*.??) [03:04] *** Joins: lothos (lothos@*!*.jp) [03:05] *** lothos is now known as lothos- [03:06] *** Quits: MsIW (Hey it has been fun! Thanks!!! Hugs!!! Kiss!!!) [03:06] <m0f0> heh [03:07] <DigiEbola> heh [03:07] <Winn> What happned to MS? [03:07] * m0f0 wonders [03:07] <lothos-> . [03:08] <DigiEbola> uggy uggy ircII [03:08] <Winn> shes had dialup probs [03:08] <Winn> delam - dude! [03:08] <delam> hey :) [03:08] *** Joins: Mark668 (~irc@*!*.pacbell.net) [03:08] <feur> allright, we are waiting for some folks then we will begin= , [03:08] <Winn> we're wating for a couple more. [03:08] <delam> winn I think I'm outdated here heh [03:08] <Winn> hehehehe... who;s the oldest here? [03:09] <Mark668> 46 [03:09] <m0f0> woo [03:09] <feur> 49 [03:09] <Mark668> Yo, Lou. [03:09] <DigiEbola> 69 1/2 [03:09] *** Joins: MsIW (Beachie@*!*.uu.net) [03:09] <delam> not to sound like "I remember the old days" but I did mos= t of my IRC in 90-91 [03:10] <Winn> I am not OLD!!! :-) [03:10] <MsIW> Winn is old. [03:10] <MsIW> :) [03:10] <Winn> shut up! [03:10] <MsIW> LOL!!! [03:10] <Winn> 3 years and counting iw [03:10] <feur> 5 minutes and counting [03:10] <Winn> who are we missing? [03:11] <lothos-> I'm ahhh 20. I thought I was old... [03:11] <m0f0> alot [03:11] <delam> I have some old logs with the MOD/LOD wars in #hack on th= e original IRC server :) [03:11] <optiklenz> 24 here [03:11] <optiklenz> who's the oldest? [03:11] <DigiEbola> im going to be 22 next month [03:11] <kInGb0nG> 26 [03:11] <m0f0> i love to be 18 [03:11] * optiklenz waits patiently [03:11] <Winn> i was once... when I was in r'n'r [03:11] <m0f0> esp in the netherlands.. [03:11] <Winn> if that where you are? [03:12] <m0f0> heh [03:12] <dyslexia> heh [03:12] <Winn> Mofo - say hi to Rene. [03:12] <m0f0> hmm [03:12] *** Joins: legions (~fff@*!*.net) [03:12] *** legions is now known as datapleX_ [03:12] <datapleX_> hrm [03:13] <optiklenz> legions? [03:13] <optiklenz> ah [03:13] <DigiEbola> hah [03:13] * datapleX_ shrugs [03:13] <optiklenz> basterd [03:13] <m0f0> he must feel eweet [03:13] <optiklenz> heh [03:13] <kInGb0nG> heh [03:13] <datapleX_> optik: it somehow got to mah alternative in mirc [03:13] <optiklenz> ah [03:13] * DigiEbola is not going say a word about windows tonight. [03:13] *** datapleX_ changes topic to 'bah?' [03:13] *** Quits: datapleX (Read error to datapleX[tcnet06-26.sat.texas.net]: EOF from client) [03:13] <optiklenz> hehe [03:13] *** datapleX_ is now known as datapleX [03:13] <optiklenz> i was going to say that [03:13] <m0f0> bitchx, sirc don't work on this server [03:14] *** Quits: lothos- (Excess Flood) [03:14] <Mark668> I've not used irc much --- what's all the "heh"s mean? [03:14] <delam> hahah japan? :) [03:14] <m0f0> like, doh? [03:14] <optiklenz> when someone says something funny [03:14] <optiklenz> you say heh [03:14] <Mark668> Thanks. [03:14] <DigiEbola> mark: its the digital equivelent to a laugh [03:14] <DigiEbola> heh [03:14] <m0f0> heh [03:14] <DigiEbola> try it [03:14] <DigiEbola> =3D) [03:14] <Mark668> Heheheheheheheh [03:14] <m0f0> aww [03:15] <DigiEbola> THERE YA GO! [03:15] <m0f0> we made him laugh [03:15] *** Joins: maquis (~me@*!*.internic.net) [03:15] * optiklenz claps [03:15] <Mark668> That felt virtually good [03:15] <delam> MuahahahaHAHAHAHaHAHaHA [03:15] <maquis> ahhhh [03:15] <delam> :) [03:15] <m0f0> lol [03:15] <optiklenz> grand job [03:15] <MsIW> welcome maquis [03:15] <maquis> hello all [03:15] <dyslexia> now thats an evil laugh [03:15] <DigiEbola> bwahahaha [03:15] <optiklenz> welcome out of the sockets of being a "heh" virgin [03:15] <maquis> <DEVIOUS CACKLE HERE> [03:15] <Mark668> What time do we start? [03:15] <datapleX> when is the meeting officialing beginning? [03:15] <maquis> I was told 2100 ET [03:15] <optiklenz> I'm not even sure of what this whole things about [03:15] <m0f0> 15 mins ago [03:16] <Winn> <HEH> should trigger Shockwave [03:16] <optiklenz> so again my curiousity is getting the best of me [03:16] <Mark668> Yep. [03:16] *** Joins: lothos (lothos@*!*.net) [03:16] <Mark668> Back in a minute ... I need another glass of wine. [03:16] <Winn> red I hope [03:16] <DigiEbola> curiosity killed the cat, so whylome wont [03:16] <m0f0> hmm, let do some weed then also [03:16] <delam> John Lee used to be the most annoying bastard in IRC back= in 1991 with his substitution program [03:16] *** Joins: Father (Agrosso@*!*.att.net) [03:17] <Winn> welcome father! [03:17] <maquis> <-- genuflects [03:17] <delam> forgive me father for I have sinned [03:17] <Winn> damn right [03:17] <delam> heh [03:18] <DigiEbola> father, yes son, i wanna kill you..... [03:18] <delam> winn I don't think these guys even know our episodes [03:18] * MsIW bows to the higher power [03:18] <m0f0> zZZzz [03:18] <datapleX> digi: I am thinking of an orbital song right now... [03:18] <datapleX> ;) [03:18] <m0f0> i'm thinking of my girl [03:18] <DigiEbola> data: ah youngone [03:18] <m0f0> she's wild [03:19] <DigiEbola> m0f0: does she do things, real fast and then real slo= w? [03:19] <m0f0> heh [03:19] <m0f0> you moron [03:19] <DigiEbola> hahaha [03:19] <m0f0> Digi: what about your gaymate? [03:20] <DigiEbola> m0f0: myself more like it [03:20] <feur> let's begin, as others will join [03:20] *** Joins: pent (dschwarz@*!*.net) [03:20] <DigiEbola> m0f0: it really is a problem, when i argue with myself.... [03:20] <lothos> let's start [03:20] <maquis> start away [03:21] <Winn> feur - you set the stage please [03:21] <datapleX> WOW...what a great start that was :) [03:21] <MsIW> I agree lothos [03:21] <maquis> ...the drum roll please..... [03:21] <lothos> thanks Ms. IW [03:21] <feur> i understand there is an attorney amongst us [03:22] <Winn> That would be father [03:22] <datapleX> maybe we could start w/ an introduction so that we can establish who is who? [03:22] <optiklenz> that'd be nice [03:22] <Father> Who goes first? [03:22] <m0f0> why are we here? [03:23] <Winn> I am Winn Schwartau, Infowar.Com - no handle. :-) [03:23] <lothos> I am Lothos. :-) [03:23] <Winn> that helps! :) [03:23] <lothos> RootFest organizer, member of LoU [03:23] <optiklenz> I'm Steve Stakton www.legions.org [03:23] <optiklenz> you guys know the handle [03:23] <optiklenz> =3D] [03:23] <m0f0> I am m0f0, now from africa [03:23] <lothos> www.rootfest.org [03:23] <maquis> I am Maquis (Rick) work at Internic...friend of INFOWAR.= COM [03:23] <datapleX> heh [03:23] <delam> I am the Evil Dr. Delam, 2600 writer.. cover of spring 19= 96 :), phrack, empire times, etc, writer of the first keystroke capture prog= ram DEPL.. etc etc [03:23] <dyslexia> i am dyslexia, currently residing underneath you all [03:24] <DigiEbola> I am Digital Ebola , LoU member, Senior Editor of Kee= n Veracity [03:24] <datapleX> uhm...I would be someone no one knows, or really cares= to know [03:24] <lothos> i THOUGHT I'd be in 2600, but the new issue came out and= I guess not... [03:24] <lothos> heh [03:24] <kInGb0nG> kingb0ng, software developer, LoU member [03:24] <maquis> is the new ish out yet, then?? havent seen it anywhere [03:24] <MsIW> I suggest that Winn or Feur begin this gig [03:24] <datapleX> feur: who are you? [03:24] <feur> i am just an old man who futz's with infosec [03:24] <datapleX> k [03:24] <datapleX> ...go ahead [03:25] <Winn> OK. A couple years back, some hackers decided to declare w= ar on France. They wanted CNN to watch and asked me to help. [03:25] * optiklenz slips on his foot warmer [03:25] <Winn> I advised them that would be a bad idea and finally with t= he help of some understanding feds talked them out of it. [03:25] <Winn> So, I guess, we are interested in where the current activities are taking us. Comments? [03:25] <optiklenz> ok [03:26] <Winn> So, recently, as I heard it, LoU chose China and Iraq as targets. Is that right? [03:26] <optiklenz> first I'd like to clear up some misconceptions brough= t about by some bad press [03:26] <Winn> Thank you!! [03:26] <maquis> most of it's bad press. [03:26] <optiklenz> ok [03:27] -pent:#event- betty, come to elite.net for a sec please [03:27] <optiklenz> The press for so long has been so occupied with makin= g news they are not concentrating on reporting the news [03:27] <optiklenz> LoU is devised of members who enjoy all aspects of computing and hold strong ethics [03:28] <optiklenz> A few of the members decided to speak out against the current human rights issue as it is in china [03:28] -pent:#event- he wanted me to call barry person collect, but i chickened out [03:28] -pent:#event- thats the last i saw of him [03:28] <optiklenz> the actions they decided to make was that of those members, and those members alone at that moment, and time LoU was not interested in anything they were doing although our support was there [03:29] -pent:#event- why is the talking screwed up ? [03:29] <optiklenz> Most of the members have high paying network jobs so = no one really had the time [03:29] -pent:#event- : idle : 2 hours 30 mins 56 secs (signon: Tue J= an 19 18:11:19 1999) [03:29] -pent:#event- he fell asleep [03:30] <m0f0> someone kill pent? [03:30] <datapleX> pent: please quit using notices [03:30] <datapleX> who here is a federal agent of some kind? [03:30] <lothos> not me! [03:30] <optiklenz> We never said we were going to "destroy" anything [03:30] <maquis> not me [03:30] <Winn> none I know of [03:31] <lothos> I was told there would be an fbi agent of some sort here. [03:31] <optiklenz> all though by word of mouth, and the press putting in their two cents it was stated that it was our goal to totally shutdown th= ese other countries [03:31] <feur> there is currently none on, if one comes on, we will immediately notify the channel [03:31] <optiklenz> That sounds like something out of a sci-fi flick [03:31] <datapleX> was one invited? [03:31] <Winn> What "manifesto" so-to-speak created the impression of infrastructure targeting? [03:31] <MsIW> major lag back in a minute [03:31] <feur> yes, two were [03:32] <optiklenz> none of them [03:32] <optiklenz> our primary goal was the bring awareness [03:32] <optiklenz> nothing more nothing less [03:32] <MsIW> yes dataplex. one was invited [03:32] *** Quits: MsIW (Hey it has been fun! Thanks!!! Hugs!!! Kiss!!!=0F= ) [03:32] <delam> was it the press that got screwed up or did someone pose = as a member and say this stuff? [03:32] <Winn> Human rights in China... and Iraq? [03:32] <lothos> one was? or two? [03:33] <lothos> mosthated posed as a member for some press release [03:33] *** Joins: MsInfoWar (Beachie@*!*.uu.net) [03:33] <lothos> nationalpost.com or something [03:33] <Winn> and he claimed.....? [03:33] <optiklenz> we brought about the fundamental freedoms bequeathed = to us by the Constitution [03:33] <optiklenz> freedoms that the people we spoke for only wished the= y had [03:33] <lothos> something like LoU were terrorists [03:34] <delam> how do you guys relate to mosthated? [03:34] <optiklenz> we dont [03:34] <optiklenz> I dont even know the guy [03:34] <Winn> that's the spin I heard... how many were in on that 'spin' versus a HR action. [03:34] <optiklenz> none of the members did until he pulled that stunt wi= th the national post [03:34] <feur> optik, did you notify national post [03:34] <optiklenz> you mean the dismanteling of chinese firewalls? [03:34] <optiklenz> I notified no one [03:35] <Winn> If it [03:35] <optiklenz> As far as i was concerned this matter was not that of the press [03:35] <optiklenz> and never should of been [03:35] <feur> notify national post of mosthated's non-affiliation [03:35] <optiklenz> Im not sure if any of the members did [03:35] <Winn> If it's awareness, then did anyone consider an EDT-like action? [03:35] <optiklenz> but I will most definitly look into that [03:36] <optiklenz> I posted a second rebuttal. It explains a lot if you= 'd take the time to read it [03:36] <optiklenz> www.legions.org/reb2.txt [03:36] <Winn> OPTIK: URL? [03:36] <Winn> sorry... [03:36] <optiklenz> members of LoU have met up with 2600, L0pht and other people to clear things up [03:37] <optiklenz> infact just a few weeks ago bronc was at dinner with emmanuel and issac from the 2600 staff setting things straight [03:37] <feur> winn, to get with the program, we got together to help LOU= , not pimp them [03:37] <optiklenz> Things were posted and said that were totally false [03:38] <delam> have you guys been taking any heat from other hackers or from anyone else? [03:38] <optiklenz> no [03:38] <feur> optik, are you under any guidance from counsel now [03:39] <m0f0> only in lame greetings [03:39] <optiklenz> the only thing I fear is some chinese loyalist knocki= ng at my door ready to spike my head into the punch bowl [03:39] <DigiEbola> my fears exactly [03:39] <lothos> the only heat we've gotten that I know about is the cDc/2600/l0pht rebuttal [03:39] <optiklenz> If you guys have the time check out http://pseudo.com they host a show called parse [03:40] <feur> optik, are you under any guidance from counsel now [03:40] <optiklenz> no [03:40] <optiklenz> Im just trying to get things back to normal [03:40] <feur> is anyone in legions represented by counsel [03:40] <optiklenz> as in? [03:40] <optiklenz> a lawyer of some sort? [03:40] <feur> yes [03:40] <optiklenz> lawyers are for criminals [03:41] <lothos> not I. [03:41] <optiklenz> and we have commited no crime [03:41] <DigiEbola> not I. I actually have no lawyer [03:41] <dyslexia> nor i [03:41] <feur> and also buffers for fearful apparitions [03:41] <lothos> I agree with optik, lawyers are for criminals. :-) [03:41] <optiklenz> We'd like to set things straight [03:42] <optiklenz> with you, with the "hacking" community, with federal angencies whomever [03:42] <delam> I'd bet that after the press you probably have some feds curious [03:42] <m0f0> they already are [03:42] <Father> Hmmm. Are lawyers for criminals, or for people whom oth= er people claim are criminals? [03:42] <delam> how do you know? [03:42] <lothos> I got almost 50 .mil and .gov hits to rootfest.org in th= e past four days [03:42] <dyslexia> delam, both wired and the national post have quotes fr= om feds [03:42] <Winn> OPT: Your posting says a polish grp did stuff you got blam= ed for. What happened? [03:42] <maquis> from what i've seen the feds have no clue...they're prol= ly the LAST thing to worry about.... [03:43] <lothos> thats good to know, maquis [03:43] <m0f0> maybe to find us, or to get prove? curious they are [03:43] <optiklenz> Winn> a polish group got the wrong idea and basically went out attacking chinese sites saying they were doing it for our effory= t [03:43] <DigiEbola> I am more worried about .cn, then feds at this time [03:43] <optiklenz> effort rather [03:43] <datapleX> maquis: what does internic have to do with this(if you are representing them at this meeting that is)? [03:43] <maquis> < - not representing internic....mearly logged in from there. :) [03:43] <lothos> i think he said he was with infowar... [03:44] <maquis> < - friend of infowar.com [03:44] <feur> maquis, they probably have high interest due interfere in geopolitical theater [03:44] <datapleX> oh [03:44] <delam> that's a cool place to log in from, can I have an account= ? :) [03:44] <maquis> yeah, right....:) [03:44] <m0f0> yeah, hook us up [03:44] <optiklenz> www.pseudo.com/links/playlast.asp?archtype=3Dvid&show= id=3D21 [03:44] <delam> never hurts to ask :) [03:44] <maquis> har. i can arrange tours though.... :) [03:44] <optiklenz> thats the last parse episode if anyone wants to check= it out [03:44] <delam> cool! [03:45] <DigiEbola> ill remember that when im in the area hehee [03:45] <optiklenz> bronc went on and represented the legions team basica= lly just setting the record straight and telling everyone the real deal [03:45] <DigiEbola> "whats this button do!? ewpzie" [03:45] <Winn> Does your URL rep the real deal? Is this the current position? [03:45] <DigiEbola> bronc did a fine job of representation [03:45] <optiklenz> yes [03:45] <optiklenz> actually if everyone wants [03:45] <optiklenz> play the url i just posted [03:46] <optiklenz> set the buffer to about 25 [03:46] <optiklenz> Thats about when bronc starts talking [03:46] <feur> optik, when all this broke, were you in violation of probation [03:46] <optiklenz> No [03:46] <optiklenz> I went to texas for awhile to stay with a friend [03:47] <optiklenz> to get away from the media, and well everything else that could happen if worst came to worst [03:47] <MsInfoWar> was bronc invited to come tonight? [03:47] <datapleX> is mark awake? [03:47] <optiklenz> Bronc was but he declined [03:47] <optiklenz> he was unsure of what to make of tonights get togethe= r but i will relay everything him [03:47] <optiklenz> to him [03:47] <feur> how members have been contacted by us and other country intelligence or law enforcement agencies [03:47] <Winn> I met up with the EDT this weekend and they want to contin= ue strong HR and political actions. Do you want to continue to speak out? [03:48] <lothos> question. who/what is EDT? [03:48] <optiklenz> We do as long as everyone understands that we are not criminals [03:48] <Winn> Electronic Disruption Theater [03:48] <Winn> They are on line activists [03:48] <datapleX> HR =3D ? [03:49] <optiklenz> and we are merely speaking on what we beleive to be amended [03:49] <lothos> I am NOT a criminal. I'll say that now. [03:49] <optiklenz> data>human rights [03:49] <datapleX> k [03:49] <Winn> To them it's an Art Form to protest. [03:49] <Father> I think that's what RTM & Eugene AlterNIC said. [03:49] <delam> scary [03:49] <DigiEbola> I do not want us to go down as criminals or martyrs [03:50] <optiklenz> Winn> our foremost intent as of right now is to get things cleared [03:50] <optiklenz> before we continue speaking on human rights we'd like= to make certain that people understand who we are and where we are coming fr= om [03:50] <Winn> How can we help get your message across? [03:50] <optiklenz> not precisely where we are coming from but you get th= e idea [03:50] <optiklenz> =3D] [03:50] <DigiEbola> A lot of people have asked us that same question. [03:51] <m0f0> i'm from greek now at the moment [03:51] <optiklenz> Some funding would be nice [03:51] <optiklenz> =3D] [03:51] <DigiEbola> including cbs and nbc from what i understand [03:51] <optiklenz> but i dont see that [03:51] <delam> heh [03:51] <optiklenz> so lets move on shall we [03:51] <optiklenz> heh [03:51] <DigiEbola> what makes you people any different from the rest? [03:51] <maquis> cbs/nbc there's media for ya....urg....TWPPT! [03:51] * optiklenz urges mark to flutter his "heh's" [03:51] * DigiEbola senses pimping. [03:51] <m0f0> lol [03:52] <maquis> theres a difference between the "media" and those of us = in the know like Winn, me, etc. that actually have some credibility in the IT/IS/INFOSEC world... [03:52] <feur> father, as an attorney i know you can only suggest ideas, = non directed, could you be of assistance [03:52] <optiklenz> Winn> Maybe if you make a statement speaking on our bedrock [03:52] <optiklenz> made a statement even [03:53] <maquis> people i have seen trust us more than the Big Media Mongrels... [03:53] <optiklenz> I've visited infowar a few times and I've seen archiv= es of media corrupt media to put it another way [03:53] <Winn> I think that getting unedited, well structured positions o= ut to larger audiences is critical to any message. [03:53] *** Quits: MsInfoWar (Ping timeout for MsInfoWar[1Cust33.tnt4.st-petersburg.fl.da.uu.net]=0F) [03:53] <optiklenz> It's spreaded infectiously [03:53] <maquis> getting raw data, no spin, edits, etc....i agree that's = the way to go.... [03:54] <delam> one point of interest that I know of when you have a "gro= up" with a name is legally there are more things they can do to you.. MOD had problems with that.. the people I was with we stayed away from having a group name [03:54] <maquis> but it can't appear to be from "kiddies" and look immatu= re. like Winn says, wellbalanced and well presented stuff. [03:54] <Mark668> {sorry, I had to attend to other stuff for a minute: hehehehehehe] [03:54] <Father> First, I am not acting as an attorney here (as Winn know= s). [03:54] *** Joins: MsInfoWar (Beachie@*!*.uu.net) [03:54] <DigiEbola> hmm [03:54] <optiklenz> we have no legal name [03:54] <optiklenz> heh [03:54] <lothos> hahah [03:55] <optiklenz> Lets see [03:55] <DigiEbola> I am concerned tho, no body does anything for free [03:55] <optiklenz> one sec [03:55] <optiklenz> Lets take the police department [03:55] <Father> Second, I need to know what (1) what the problem *is*, a= nd (2) what th desired result is. [03:55] <optiklenz> If you have one bad cop and this guy goes out and murders someone [03:55] <optiklenz> is the whole police deparment at fault? [03:55] <optiklenz> do they all get the death sentance? [03:55] <optiklenz> are they all punished ? [03:55] <optiklenz> absolutely not [03:55] <delam> no but there is "racketeering" and conspiracy etc [03:55] <optiklenz> Because then we'd have no cops [03:55] <Father> Sometimes. Not legally, but in fact. [03:55] <optiklenz> if that were the case [03:55] * datapleX feels that isn't a good example... [03:56] <optiklenz> everyone department has a good and a bad [03:56] <optiklenz> to stick us in the middle isn't any different [03:56] <delam> I know what you're saying, but being a group there are la= ws that apply to groups of people that can be more harsh [03:56] <delam> maybe father can help me out on this [03:56] <DigiEbola> I am just trying to understand everyones motives, why give a care about LoU? [03:57] <Father> P.S. I think Winn invited me because I am a former Fed. Pros. Be warned. [03:57] <optiklenz> ok [03:57] <optiklenz> now is a good time to pee my pants i guess [03:57] <feur> digi, we spoke the other night, i believe my generation ha= s an obligation to assist, but not be suckers [03:57] <DigiEbola> Winn is associated with gov, that scares me in itself [03:57] * datapleX cares not about feds because he never did NEthing wron= g [03:57] *** Joins: ice (~ice@i.like.to.eat.negrofish.net) [03:58] <Father> Delam. If a group acts as a group to break the law, various serious penalties come into play that [03:58] <DigiEbola> feur: true, but everyone always has a motive [03:58] <optiklenz> Father> yes but we are not a mafia [03:58] <Father> would not apply to an individual based upon his own separate acts. [03:58] <optiklenz> we are not into "organized crime" [03:58] <feur> i think this groups agenda is somewhat up front [03:58] <Winn> I am associated with hackers and that scares the hell out = of the feds! [03:58] <optiklenz> every member has their own program [03:58] <delam> optik: MOD wasn't mafia either but they had some major problmes [03:58] <dyslexia> Winn, heh [03:58] <Father> Te questions is: did the group have a common purpose to= do something the law says is illegal. [03:59] <optiklenz> We are all adults no one can police what another pers= on does [03:59] <maquis> i'm associated with Winn, that scares the hell out of ME= !!! heheheehe [03:59] <Winn> HA! [03:59] <dyslexia> lol [03:59] <optiklenz> Father> nope [03:59] <optiklenz> never had never will [03:59] <optiklenz> We are a research group [03:59] <Winn> Is this the "Yelling Fire [03:59] <Winn> arguement? [03:59] <datapleX> I thought is was wolf...? [04:00] <datapleX> erm...n/m [04:00] <optiklenz> We've worked with lots of major corporations, and we = are not about to blow our rep [04:00] <optiklenz> its Crying Wolf [04:00] <optiklenz> i beleive [04:00] <optiklenz> Yelling fire is what old people do when they cant get out of bed in time [04:00] <delam> worked with corporations? what kinda work is it, penetration testing? [04:00] <Father> The conclusion that a group had the requisite common purpose is drawn by agents, prosecutors, judges, and jurors. Even Bill Clinton says he didn't lie, because is ain't is. [04:01] <optiklenz> delam> programing, hosting, design, security consultation [04:01] <DigiEbola> our common purpose is research [04:01] <optiklenz> you name [04:01] *** Joins: sreality (sreality@*!*.org) [04:01] <optiklenz> it [04:01] <delam> k [04:01] <Winn> I meant did you offer subtle encouragement for others to t= ake an action and is that really wrong? [04:01] <optiklenz> no [04:01] <optiklenz> No one took any action [04:01] <optiklenz> thats the point we are trying to make [04:02] <optiklenz> none of the members did a cotten pickin thing [04:02] <Father> Winn - the answer to the second part of your question, legally speaking, is yes. [04:02] <Winn> DId others, tho? THe Poles? Ideas are free and legal. [04:02] <optiklenz> The Poles did [04:02] <Winn> Are you saying Dad, that there might be legal culpability = fo their ideas? [04:02] *** Quits: pent (=F9=ED=F9 Total uptime : 0d 0h 42m 42s=0F) [04:02] <DigiEbola> can one be prosecuted for having a idea? [04:02] <optiklenz> We claim no affiliations [04:02] <optiklenz> whatever the polish people do in poland is on them [04:03] <Father> I don't answer to "Dad." [04:03] <lothos> no digi [04:03] <lothos> this isn't 1984 I don't think. [04:03] <Father> Sore point, Winn. [04:03] <optiklenz> what we are saying here to night is we spoke our mind= we let people know what we were thinking and if that is a crime then I shoul= d be sentanced to death [04:03] <optiklenz> because that is something I do [04:03] <optiklenz> time and time again! [04:03] <DigiEbola> lothos: ya never know.... [04:03] <Winn> Sorry, Father... :( I slap myself silly... [04:03] <m0f0> i would be way under ground then [04:04] <Father> Nor "Pop" [04:04] <Father> "Hey you" might work. [04:04] <delam> padre? :) [04:04] <Father> Hmmm. Not bad. [04:05] <Father> Thoughts ain't a crime. [04:05] <optiklenz> yeah [04:05] <Winn> Legally, that is. :-) [04:05] <optiklenz> if it was my next door neighbor could very well sue m= e for harassment [04:05] <optiklenz> =3D] [04:05] <lothos> hahah [04:06] <Father> Two people agreeing (real low threshold) about something= , and one of them doing a little something about it qualifies as a conspira= cy: 5 years, $250K. [04:06] <optiklenz> god knows what I've been thinking [04:06] <optiklenz> heh [04:06] <optiklenz> 250k? [04:06] <Winn> Is that RICO? [04:06] <delam> yeah, that's one I remember [04:06] <optiklenz> hrmm I can grab some k's out of the ole alphabet soup [04:06] <dyslexia> Father, at this point, regardless of what lou has said= , without the help of a rather emphatic media, this whole issue would have gone nowhere, the whole thing has been hyped and kept alive by the media, suerly this cannot be construed as a crime on our part [04:06] <Father> No, general conspiracy statute. [04:06] <optiklenz> but i dont know about doing crime for something I did= nt know was going on [04:07] <optiklenz> crime=3Dtime [04:07] <optiklenz> Im fallin asleep here [04:07] <DigiEbola> hm [04:07] <maquis> the way this administration is going, there may just be= a conspiracy statute..... :) [04:08] <optiklenz> conspiracy of what? [04:08] <m0f0> this is more getting to a discussion [04:08] <Father> Whether you knew something was going on or not is a fact question. As is whether you wanted to encourage something to go on, even= if you didn't know it actually did. Both of those can be conspiracy liabilities. [04:08] <delam> so is the real issue the ability to identify an individua= l on the internet who's making claims or speaking for others? How much pro= of is there of this and have you guys tried to learn the real name etc of th= e guy who did say this stuff. [04:08] <optiklenz> conspiracy of saying that we dont agree on certain issues? [04:08] <datapleX> I thought conspiracy was only against your own country= ? [04:08] <maquis> anything...hell, not to start a new can of worms, but lo= ok at the crypto debate and privacy rights. 'nuff said...and DON'T start a crypto-chat debate! :) [04:08] <Father> Wrong. Two prongs in general conspiracy stattue. [04:09] <optiklenz> delam> theres a polish group, and a few other groups from out of the u.s [04:09] <optiklenz> they are the ones that are attacking these sites [04:09] <optiklenz> not us [04:09] <optiklenz> we wanted to speak out and make things known and noth= ing more [04:09] <optiklenz> and that is all we did [04:09] <Father> First prong: conspiracy to deprive the US gov. of some right to function. [04:09] <lothos> dataplex: that's treason man [04:09] <optiklenz> something we didnt do [04:09] <Father> Second: conspiracy to violate a law on the books, no mat= ter who the victim is. [04:10] <m0f0> can't we just buy a law book or something? [04:10] <optiklenz> another thing we have yet to do [04:10] <delam> father: did the hacker that did make claims in the name o= f this group commit any crimes taht you know of? [04:10] <Winn> Is hacking China illegal? OR Iraq? [04:10] <optiklenz> Why ask us? [04:10] <DigiEbola> well, lets take a step away from us liabilities a mom= ent and focus on .cn actions, you ppl seem to have some insight that they are wanting to get rid of us [04:10] <optiklenz> We did none of that [04:10] <lothos> i agree digi [04:10] <Father> Conspiracy to get unauthorized access to computer is cri= me, no matter who victim is, even Iraq or Iran or Ireland. [04:11] <DigiEbola> i am more worried about .cn then .us [04:11] <lothos> father, even .jp? Hacking isn't illegal in japan i thought... [04:11] <m0f0> then they will thing of something to put you in jail for [04:11] <datapleX> loth: depends on where the hack originates from [04:12] <Father> As long as Japanese computer is hooked up to a computer = in US, hacking into the Japanese computer is US crime. [04:12] <Winn> I suggest that .cn doesnt 'get' it completely. They try to ban sat dishes and now the death penalty for $34K in hacking a bank. Mayb= e a call for detente is called for here. [04:12] <delam> perhaps transport of illegally acquired information from = any other country would be considered illegal by us law? [04:12] <lothos> what if i hack a .jp computer from another .jp computer? would that be illegal? (sorry to stray off topic here..) [04:12] <maquis> delam, HTF are you gonna enforce that one? that's amost = as funny as something AG Reno would say!!! [04:13] <Father> I'll punt on your last question, delam: too fact specifi= c. [04:13] <optiklenz> groups run by little kids with names like HcV, Tougon= g (individual), NIS, Polish Hackers against China, spl0it are the ones doin= g all the illegitimate protest [04:14] <Father> Lothos, depends on whether hacked computer is connected (indirectly) to computer in US. Hey, what omputer worth hacking ain't on the Inernet? [04:14] *** Quits: Mark668 (Read error to Mark668[adsl-209-78-192-20.dsl.pacbell.net]: EOF from client=0F) [04:14] <optiklenz> heh [04:14] <lothos> so if i'm physically on u.s. soil then it'd be a crime? [04:14] *** Joins : Mark668 (irc@*!*.pacbell.net) [04:14] <Father> P.S. I may sign off for a while. If I do, I'll be back. [04:15] <optiklenz> lothos> no [04:15] <optiklenz> If you log into a system that is based in japan [04:15] <optiklenz> and from that system access another its not illegal [04:15] <Father> Yep. Question is whether anyone would prosecute. If Jap= an, Inc. asked, someone might. [04:15] <optiklenz> or maybe it is [04:15] <optiklenz> heh [04:16] <m0f0> "heh" [04:16] <Winn> According to FBI, they can git ya for hacking intl based u= pon some interpretation of #1030/1029 [04:16] <optiklenz> ah [04:16] <optiklenz> ok [04:16] <feur> IMHO, a more subtle question at this point is what if acti= ons will .cn and Iraq take legally or illegally [04:16] <optiklenz> what can they do? [04:16] <optiklenz> we've done nothing to any systems in .cn or iraq [04:16] <optiklenz> plus iraq is not even setup to a global network [04:17] <optiklenz> and most of their internal networks are probably blow= n to shreads by now [04:17] <Father> Remember, at the base level, jurisdiction is merely powe= r; like code is merely bits. [04:17] <feur> the purported threat to those countries systems [04:17] <maquis> iraq doesn't have much in the way of connectivity outsid= e the nation.... [04:17] <optiklenz> not even via tymnet [04:17] <Winn> Sometimes the best way to disguise is to emphasize. I stil= l think you need to get LOUD AND CLEAR about what you're really about. [04:17] <optiklenz> and the only x.25 they've heard of is pocket change [04:18] <feur> optik, x.25 and sna, is generally out of the reach and gr= asp of today's hax0rs [04:18] <delam> fact #1: it's hard as hell to prove any crime on the internet, and I'm sure you all know that, therefore #2, you're not worrie= d about any LEGAL actions by china or the US but you're more worried about = non legal actions [04:18] <DigiEbola> exactly [04:19] <DigiEbola> it may be not only to off us, but to test the us gov [04:19] <DigiEbola> if one of us got killed, what would the us do? [04:19] <optiklenz> as i stated what if some chinese loyalist gets the wr= ong idea and decides to use our heads as hunting trophies [04:19] <optiklenz> theres not much they could do [04:19] <lothos> I personally am worried about what .cn would do to us, legally or not. [04:20] <feur> optik, it would not be a chinese loyalist, it would organi= zed chinese gangs [04:20] <optiklenz> yeah [04:20] <optiklenz> thats something to worry about [04:20] <Mark668> Excuse me, I have to disappear for a while ... I'll be back ... I got a message from Betty that I was expected to "say" somethin= g ... if someone would let me know what I'm supposed to say, please private chat me. [04:20] <optiklenz> Mark> who are you again? [04:21] <maquis> most of the .cn gangs alrady operate her in the states... [04:21] <delam> There is a reverse philosophy but it sounds insane, it's = a people-buffer-overflow.. if more people started hacking china, the number= of targets that china would go after would increase beyond what they could h= ave the man power to handle [04:21] <optiklenz> yeah thats the thing [04:21] <DigiEbola> they have a lot of people [04:21] <optiklenz> people totally blew what we said out of proportion [04:22] <Father> Any one gonna be at CFP99? [04:22] <delam> I wish [04:22] <optiklenz> Father> nope [04:22] <maquis> maybe if i can get away from work...always a problem the= se days.... [04:22] <lothos> anyone gonna be at RootFest? :) [04:22] <optiklenz> I'll be lecturing at rootfest though [04:22] <Winn> Via vidtel [04:22] <delam> rootfest in MPLS? [04:22] <lothos> so is winn via video conf [04:22] <optiklenz> yes [04:22] <Mark668> I'm an freelance writer and consultant (see http://www.gibbs.com/mgbio.htm for a ... well, bio) I write for Network World (the weekly Backspin column and, starting on the 25th, a weekly feature called "Gearhead". [04:23] <lothos> that reminds me, winn.. we need to tlak about that still [04:23] <lothos> talk [04:23] <Winn> tomorrow! [04:23] <Father> Signing off. Be back. - Father, aka Padre ;-) [04:23] <delam> heh :) [04:23] <lothos> sure [04:23] <optiklenz> mark> ok [04:23] <DigiEbola> hm [04:23] <lothos> I'll give you a call [04:23] <feur> what can winn and local friends and...., do and gain permission from LOU, to assert some risk management in this somewhat jade= d affair [04:23] <Winn> thanks... > noon [04:24] *** Quits: Father (Leaving=0F) [04:24] <optiklenz> What can you do? [04:24] <lothos> I have a class at noon... would 1pm work CST? [04:24] <Winn> yep! [04:24] <lothos> cool, 1pm CST then. [04:24] <maquis> make it so, Mister Winn..... :) [04:25] <DigiEbola> options options options [04:25] <feur> 1. establish a unified position [04:25] <feur> 2. control disseminations to the media [04:26] <delam> passively time is the best option, actively that's difficult.. the media is the best option I can think of actively [04:26] <feur> 3. establish some DC international attorney to act as buff= er [04:26] <Winn> You need to have a SINGLE mouthpiece if you really want to control the message. Or have a bunch of folks sign the same one. [04:27] <optiklenz> I think getting an attorney would only make people th= ink we have reason to be afraid like we did something criminal that justifies having one [04:27] *** Quits: MsInfoWar (Ping timeout for MsInfoWar[1Cust33.tnt4.st-petersburg.fl.da.uu.net]=0F) [04:27] <feur> optik, the right attorney only acts as a buffer, not an admission ogf guilt [04:27] <optiklenz> Well if i can find an attorney i can afford i'll look into it [04:28] <Winn> Try the EFF maybe or EPIC or the CDC [04:28] <DigiEbola> .cn would care less if we have a attorney [04:28] <DigiEbola> heh [04:28] <delam> If you all did a press conference and were serious about = it, a lawyer would be great to help decide what needs to be said. [04:28] <feur> i took the liberty of contacting an old acquaintance from = the DOJ, who is in private practice in Boston, well known, and would pro bono look into the whole [04:29] <optiklenz> ok well this is a conference with out the "press" [04:29] <optiklenz> frankly Im tired of having people get things wrong [04:29] <optiklenz> not only has it hurt me, but it's done a great deal t= o a lot of other people [04:30] <DigiEbola> ppl will see what they want to see [04:30] <feur> but optik, tonight we hear from you, what do the other members of LOU want to do [04:30] <optiklenz> We are here as representatives of the group [04:30] <optiklenz> We've takin what they think, and what they want into consideration, and we are giving it to you [04:30] <optiklenz> as a whole [04:31] <DigiEbola> part of the reason, the press blew this up, is becaus= e THEY wanted to see someone break stuff in those countries [04:31] <optiklenz> can we take a 5minute bathroom break? [04:31] <feur> i think the next step would be to set up a VMB to chat [04:31] <delam> alliance teleconference? :) [04:31] <delam> ..memories [04:31] <Winn> Free from GTE? [04:32] <optiklenz> great, be back then. [04:32] <delam> winn: now now! shh [04:32] <Winn> heh [04:32] <feur> gte, good stock, lol [04:32] <maquis> naughty boy [04:32] <DigiEbola> brb [04:32] <kInGb0nG> brb [04:32] <Winn> brb? [04:32] <maquis> be right back.. [04:32] <kInGb0nG> be right back [04:32] <maquis> <d'oh! [04:32] <Winn> slap me! :) [04:32] <maquis> < -- SMACKS WINN [04:32] <maquis> hehehehe [04:33] <Winn> damn that stings [04:33] <maquis> btw, winn,nice article on strikeback this week....nice resaerch... [04:33] <Winn> you should see the hate mail! INcluding the Pentagon!!! [04:33] * delam agrees [04:33] <DigiEbola> back [04:33] *** Joins: hjghjkghk (~jailednot@*!*.co.nz) [04:33] *** Quits: dyslexia (Ping timeout for dyslexia[p34-max2.dun.ihug.co.nz]=0F) [04:33] <maquis> winn - wonder why heheheehehe [04:33] *** hjghjkghk is now known as dyslexia [04:33] <maquis> does Rome Labs ring a bell? :) [04:33] <optiklenz> ok im back [04:33] <Winn> heh [04:34] <dyslexia> air force base isn't it? [04:34] <Winn> yup [04:35] <feur> optik, what can winn and company disseminate of tonight's chat, you set the rules [04:35] *** Quits: kInGb0nG (Ping timeout for kInGb0nG[dayoh-a242.gemair.com]=0F) [04:36] *** Joins: kInGb0nG (~lil_b0ng@*!*.com) [04:36] <optiklenz> ok [04:36] *** cd is now known as Nikkita [04:36] <optiklenz> just what we've been talking about [04:36] <lothos> as far as I care, you can disseminate any/all of it [04:36] <Winn> OK: I view this as a PR problem with some potential bad downside. Whatever you decide, it really needs to be coherent and absolut= ely unambiguous. [04:36] <optiklenz> people need to know that we are not the bad guys [04:36] <optiklenz> Winn> we can edit some things out [04:36] <feur> optik, can you provide one summary statement on behalf of = the LOU [04:37] <optiklenz> this can be a joint statement from Inforwar, Infosec, and LOU [04:37] <optiklenz> if thats the way you want it [04:37] <Winn> If we take that route, I will edit it, then pass it to yo = for approval. [04:37] <feur> no, what do you want [04:37] <optiklenz> s/inforwar/infowar [04:37] <dyslexia> whatever will require being signed by all memebers etc [04:37] <lothos> sounds good winn [04:38] <maquis> < - signs in spirit [04:38] <optiklenz> =3D] [04:38] <DigiEbola> heh [04:38] <optiklenz> thanks marquis [04:38] <Nikkita> Optik: thnx to so cold 'hackers' talking negatifly in t= he MEDIA about LOU, youre scratched, but If you didn't though an IP of that countries there is nothing to be afraid of [04:38] <optiklenz> we did nothing [04:38] <optiklenz> marquis, and nikkita [04:38] <optiklenz> heh [04:38] <optiklenz> sounds like a match made in heaven [04:39] <Winn> I suggest I send to OPT, let him and I work out the edits then he adds the names he wants to add, and we all distribute tonights conversation PLUS a 1 pafge statement. [04:39] <Nikkita> optik: so there is nothing to afraid of. [04:39] <maquis> mmmm....nikita..... LOL [04:39] <optiklenz> winn> that works for me [04:39] <Nikkita> maquis: I kill also :P [04:39] <optiklenz> everyone else fine with that? [04:39] <Winn> Send me your contact stuff, and I will get to it AM. You h= ave my voice #. ? [04:39] <maquis> You don't know me, then. :-) [04:40] <DigiEbola> hm [04:40] <optiklenz> Winn> no [04:40] <maquis> heheeheh [04:40] <Nikkita> optik: Other issue [04:40] <DigiEbola> we should do a teleconference [04:40] <Winn> It would be useful to have some form of ID for the participants, even if it is anonymous. Can you do OPT? [04:40] <optiklenz> can i do what? [04:40] <Nikkita> optik: I red what father said about criminal organisati= ons [04:40] <optiklenz> heh [04:41] <optiklenz> Winn> if you mean card everyone [04:41] <optiklenz> im sure i can work something out [04:41] <Winn> heh... no, I don't want to get things wrong, tho. [04:41] * optiklenz use to be really cool with a few of the local bouncer= s [04:41] <optiklenz> =3D] [04:41] <delam> hahah [04:41] <feur> winn, needs some of identification and authentication, or = he is dead as a journalist [04:41] <Nikkita> optik: but If someone hacks something where goverment h= as a investigestion of spionage activity going on, then they will find you/already found you. [04:42] <optiklenz> Winn> mail me at optik@legions.org [04:42] <optiklenz> and i'll respond [04:42] <optiklenz> if you want you can have my pgp key [04:42] <feur> nikkita, i can assure all associated members of LOU are known, down to their dental records [04:42] <lothos> my email is lothos@trifid.net, pgp key is available from www.rootfest.org [04:42] <maquis> feur - now THAT'S class! [04:42] <Winn> OPT" if we can talk voice, I can tape a statement as well. You can call me if you want. Use PGP, mine is on the PGP server. [04:42] <lothos> down to our dental records??? [04:42] <feur> assure that associated intelligence agencies [04:43] <Nikkita> feur: In that case they did something wrong :) [04:43] <DigiEbola> digi@wintermute.unixgeeks.com [04:43] <optiklenz> Winn> heh [04:43] <feur> if you have no teeth, lol [04:43] <Nikkita> Feur: I can assure you that nobody knows about M0f0 [04:43] <Nikkita> feur: That's a advice :) [04:43] <optiklenz> i'm not to excited with the idea of having a voice statement passed around and archived [04:44] <DigiEbola> hm [04:44] <DigiEbola> im still hazy about a bunch of fat guys goin thru my records [04:44] <optiklenz> haha [04:44] <feur> nikkita, you misunderstood my statement [04:44] <Winn> Fine. You make the call. No prob! [04:44] <optiklenz> Winn> trust me on this one bro [04:44] <Nikkita> optik: I there tapping you, there's no way to check tha= t. [04:44] <optiklenz> nikk> actually there is [04:45] <optiklenz> and if they've got a dnr on my line i can very well f= ind out too [04:45] <Nikkita> feur: Well I will let my teeths removed tomorrow or so = :) [04:45] <feur> lol [04:45] <delam> heh [04:45] <maquis> I know a good dentist that doesn't ask any questions...r= oad trip to London! :) [04:45] <maquis> heheehehe [04:45] <Winn> So, tomorrow, we exchange some email... build your story... and we agree not to release until we are all in agreement with it, and yo= u have it 'signed' by your folks. [04:45] <Nikkita> Optik: just trust me on that. [04:46] <optiklenz> Winn> thats the deal [04:46] <Winn> Perfect. Agreed. [04:46] <Nikkita> Maquis: London is just 30 minutes from Amsterdam, pleas= e mail me the adres :) [04:47] <Nikkita> Maquis: Is he expensive :) [04:47] <maquis> HAR! Nikkita, super spy of the 90s should be able to fin= d it.....! [04:48] <Nikkita> maquis: www.dental.record.org ---> www.illegal.dentist.= com [04:48] <delam> heh [04:48] <optiklenz> well folks [04:48] <maquis> yep, that's him... :) [04:48] <Nikkita> maquis: ever seen a blond without theet [04:48] <optiklenz> if thats all i'll be out for the night [04:48] <maquis> < -- heading out in a bit himself. [04:49] <delam> yeah winn you sleeping? [04:49] <DigiEbola> I must concur with my associate [04:49] <optiklenz> we'll keep in touch [04:49] <optiklenz> =3D] [04:49] <maquis> seeya opti [04:49] * Nikkita is going to sleep for 4 ours, because he has a milleniu= m update around 5 ours.... [04:49] <DigiEbola> later all [04:49] <maquis> later later and even later! [04:50] <kInGb0nG> later [04:50] <datapleX> so maquis...gonna hook me up wif an internic account? = ;) [04:50] <feur> thank you all for coming on and trusting a bit [04:50] *** Quits: kInGb0nG (the king has left the building=0F) [04:50] *** Quits: DigiEbola (Leaving=0F) [04:50] <maquis> feur: no prob... [04:50] *** Quits: datapleX (later...=0F) [04:50] <Winn> Gentlemen! Thanks ... OPT - not to worry. Tomorrow! [04:50] <delam> nice meeting you guys [04:50] <Nikkita> maquis: and a hit2000.org :) [04:50] <maquis> Later all -- thanks for the invite [04:50] <optiklenz> sure thing [04:50] <maquis> hey, we DO the domain names.... :) [04:50] <delam> check out my cute portrait on the spring issue 1996 of 26= 00 if you like :) [04:50] *** Quits: optiklenz (eprom=0F) [04:50] *** Parts: Winn (Winn@1*!*.uu.net) [04:51] <Nikkita> maquis: I will mail jou a zone file then :) or give me = the IP of root nameserver :) [04:51] <maquis> heehe...NOT! [04:51] <Nikkita> maquis: ptr would do :) [04:52] <maquis> ptr? as in comPuTeR? [04:52] <Nikkita> ptr record :) [04:52] <delam> char *ptr; ? [04:52] <Nikkita> uh... know linux? [04:52] *** Joins: Father (Agrosso@170.*!*.att.net) [04:52] <maquis> Ahhh...leee-nux.... [04:52] * Nikkita tells everyone about DNS howto :) [04:53] <maquis> << - NT (ack!) person [04:53] <feur> ptr as in polish hax0r crew [04:53] <Father> Have I missed anything [04:53] <delam> like jurassic park "Eye Know Yooooooo neeekz" [04:53] <Father> Where is Winn? [04:53] <delam> he left [04:53] <feur> winn, going to sleep [04:54] <Nikkita> Farther: In the Netherlands is privacy exposed trough a software bug not punished, [04:54] <delam> wrapping it up right now father [04:54] <maquis> I'm heading off, all. Thanks for the invites, keep yer heads down, chins up, and.... [04:54] <maquis> ...lets be careful out there. [04:54] <Nikkita> If I use an in America located router to connect to a server in The Netherlands, and USE a bug [04:54] <maquis> Night all...rick.... [04:54] <Nikkita> could I be convicted in America? [04:54] *** Quits: maquis (Leaving=0F) [04:55] <delam> it's indirect, data still was used from america to perfor= m the action... he mentioned indirect before [04:55] <Father> I'm not clear on the question [04:55] <Nikkita> delam: I'm stationed in the Netherlands. [04:56] <delam> so american property was involved in a crime? [04:56] <Nikkita> Could I be convicted cause I used in USA stationed equipment. [04:56] <Nikkita> delam: nope, just the connection [04:56] <Father> What does "in USA stationed equipment"? [04:56] <Nikkita> it has IP traffic, which I use [04:57] <Nikkita> delam: typing cisco as a password in a Cisco router isn= 't hacking... [04:57] <delam> heh, there's alot of definintions to hacking, I agree [04:58] *** Quits: lothos (g'night=0F) [04:58] <dyslexia> heh, it might not be hacking, but it is truly sad how often it works [04:59] <Nikkita> Father: a router is located fysical in USA, I connect t= o that, en then will from ther connect to a server in the Netherlands, [04:59] <delam> that's the state of the world with technology [04:59] <Father> Bottom line: (1) authorized access; (2) on computer connected to Interent; (3) where there is "some" connection to U.S. or Inernational seas, air, shops, or the like, equals prosecutable crime in US., even you and computer(s) never step foot on US soil. Gabish? Broad statute. [04:59] <Father> Nikkita: Yep. You got warrant. [04:59] <Nikkita> father: but I don't do a crime in the Netherlands.. [04:59] <delam> authorized access is the key to this issue.. if authorize= d isn't stated and you guess a password and get in.. have you committed a crime? I'd say no [05:00] <Nikkita> delam: I say no ... [05:00] <Father> So? Its not Netherlands statute. Its US statute. [05:00] <Father> Delam: Guessing password and using it is unauthorized access. [05:00] <Nikkita> Try this for an example at Hotmail... [05:00] <Nikkita> user: john2 [05:00] <Nikkita> pass: john [05:00] <Nikkita> user: hank2 [05:00] <Nikkita> pass: hank [05:01] <Father> No thanks. [05:01] <feur> father, what about statute interpreation, that without warning banner, there is no unauthorized entry, all entry is fine [05:01] <Nikkita> just by guessing... [05:01] <delam> the problem with internet protocols are taht certain TCP/= IP ports do not have the ability built into the protocol to post a banner.. therefore, the issue of "authorized" can never be established by the pers= on running the computer [05:02] <Father> Feur: Wrong. That warning banner issue has to do with whether the US government can monitor you without a warrant. [05:02] <feur> or "rights without remedy" [05:02] <delam> if there is a banner on port 23 taht says "you must work here to enter" and a hacker finds port 21 with no banner and enters, even while guessing a passowrd, have they committed a crime?/ the couldn't see any sign that said "keep out" [05:02] <Nikkita> feur: in Scandinavian countries they MUST have fysical saying that you may not enter whitout authoring. [05:03] <Father> Sign that says keep out is not imortatnt. Sign that say= s come on in is. [05:03] <Father> sorry [05:03] <Father> (Hey, feds are tough.)_ [05:03] <delam> how do you establish "authorized access" when a computer = has been connected to a public network without any signs?? I'd say that impli= es it's meant for the public [05:04] <feur> interesting you say that father, my partner is a crimianl attorney in boston, and is defending an elctronic perimeter intrusion [05:04] <Father> Depends on what the purpose of it being connected is. [05:04] <Nikkita> delam: just like sending mail to another country, that packets will travell along dosen systems without asking for permission [05:04] <delam> you're posed with the problem taht you cannot from the outside determine what it's purpose is, but your intent is to enter [05:05] <Father> Who is your partner? [05:05] <Nikkita> partner? [05:06] <Father> Fleur: who is your partner? [05:06] <Father> Savage? Silverglate? [05:06] <feur> check your message window [05:06] <delam> it's an interesting debate that I haven't seen any clear = cut legal answers for [05:07] <Nikkita> btw: does anyone know about research in hacks commited = in USA and outside of the USA [05:08] <feur> nikkita, check nexus [05:08] <Nikkita> I have the feeling that it 's easer to hack in the USA, cause the high penalties companies don't do alot of there securityes [05:08] <Nikkita> www.nexus.com? [05:08] <Nikkita> or lexus nexus [05:09] <feur> the db lex nex [05:09] <Father> Time for me to go. Feel free to contact me, agrosso@xxx.org [05:09] <Nikkita> good morning :) [05:09] <dyslexia> thanks Ftaher [05:09] <Nikkita> feur: nexus is a security audit tool like satan [05:09] <dyslexia> Father [05:10] <feur> no, private db lex [05:10] <Nikkita> feur: I'll check on that, just have to find a working account :) [05:13] <Nikkita> to all LoU members still here, don't let that affaire helding you of. [05:13] <Nikkita> You did fine in the past remember that. [05:13] *** Quits: Father (Ping timeout for Father[170.arlington-04.va.dial-access.att.net]=0F) [05:15] <Nikkita> Mark: If your are in Holland in June come and look us u= p [05:15] <Nikkita> Dutch scene will have a 3 day during party [05:16] <Nikkita> CCC, Rop Gongrijp and maybe some L0pth members [05:16] <Nikkita> will be ther [05:18] <feur> ok ladies and gentlemen the marat sade is over tonight, please come back to the asylum [05:20] <Nikkita> feur: good bye [05:20] <Nikkita> sleep tighyt [05:20] *** Quits: Nikkita (Leaving=0F) [05:22] <feur> goodnight mofo nikkita [05:24] *** Quits: feur (irc, where is the wizard of OZ=0F) [05:25] <delam> I'm going to shut the server down in a couple minutes [05:25] <dyslexia> bye all [05:26] *** Quits: dyslexia (Nuke a gay whale for Jesus!=0F) [05:27] *** Disconnected Session Close: Wed Jan 20 05:27:08 1999 <snip> -- See Ya! RuffNeck ---- --- -- - ruffneck@xxxxxx.xxx Prior to posting this here I contacted Bronc Buster and he was kind enough to get back to me with some of the inside story on what happened and why.. this is his message with only slight modifications: Delivered-To: dok-cruciphux@dok.org Date: Fri, 12 Feb 1999 15:02:34 -0500 (EST) From: Bronc Buster <bronc@xxxxxxx.com> To: cruciphux <cruciphux@dok.org> cc: contact@hackernews.com Subject: Re: irc log In-Reply-To: <19990212152545.SUKT27696.mail.rdc1.on.home.com@azazel.n0where.org> Message-ID: <xxx> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII I thank you for contacting someone and telling us about this. I'll tell you what this log is, and what it is about. The l00zerz over at Infowar decided they wanted to try and get a peace of the LoU story, so they offered to organize a 'secret' meeting with 'professionals' in the security and intelligance world to offer us advice after the China hacks because it was confermed that the Chinese Govt sent out a memo to some internal security group and told them to 'actively' look for me and Zyklon. Because Winn knows that I know he is nothing but a fake, he tried to exclude me and Zyklon from the meeting altogeather. As you can see from the logs it worked. Once I had been told by other LoU members about it I contacted Winn and Betty asking what this was all about. They said it was nothing and was not going to happen and to not be concerned. As you can see they conspired with the rest of LoU to exclude me (maybe Zyklon as well) so that they could have this meeting. What they talked about I had no idea until I saw this log. I was told it never took place. It's funny, me and Zyklon were the people in hot water, and we were the ones not included. It's a case of nothing more then the people at Infowar wanting a peace of a big story and getting their grubby hands into this whole mess. I don't want to say anything negative about LoU, so suffice it to say, I am no longer affiliated with LoU in any way, shape or form. If you want to print any of this in your news letter, or if HNN wants to print any of this you may, with the exception of anything that I may of let slip out about LoU, or any negative comments against LoU. We parted ways, you guys can see the BS that surrounded it.. Again, thanks for contacting me regards, †† Bronc Buster <snip> 'Nuff said on this story I think... thanks to Bronc Buster for clearing some of this scenario up, and others for advice on 'handling' you know who you are, also Ruffneck for the log. - Ed @HWA 5.0 Microsoft advisories ~~~~~~~~~~~~~~~~~~~~ [] Back office server 4.0 Approved-By: secnotif@MICROSOFT.COM Date: Fri, 12 Feb 1999 12:42:57 -0800 Sender: Microsoft Product Security Notification Service <MICROSOFT_SECURITY@ANNOUNCE.MICROSOFT.COM> From: Microsoft Product Security <secnotif@MICROSOFT.COM> Subject: Microsoft Security Bulletin (MS99-005) To: MICROSOFT_SECURITY@ANNOUNCE.MICROSOFT.COM Microsoft Security Bulletin (MS99-005) -------------------------------------- >BackOffice Server 4.0 Does Not Delete Installation Setup File Originally Posted: February 12, 1999 Summary ======= > Microsoft (R) has learned of a potential vulnerability in the installer for > BackOffice Server (R) 4.0. The installer asks the user to provide the > account userid and password for selected services and writes these to a file > in order to automate the installation process. However, the file is not > deleted when the installation process completes. As detailed below, > Microsoft recommends that BackOffice 4.0 customers delete this file. Microsoft has received no reports of customers being adversely affected by this problem. However, it is releasing this security bulletin in order to proactively provide customers with information about the problem in order to allow them to take steps to ensure their safe computing. Issue ===== When a user chooses to install SQL Server (R), Exchange Server (R) or Microsoft Transaction Server (R) as part of a BackOffice 4.0 installation, the BackOffice installer program requests the name and password for the accounts associated with these services. Specifically, it asks for the account name and password for the SQL Executive Logon account, the Exchange Services Account, and the MTS Remote Administration Account. These values are stored in <systemdrive>\Program Files\Microsoft Backoffice\Reboot.ini, and used to install the associated services. BackOffice Server does not erase this file when the installation process is completed. This is true regardless of whether the installation process completes successfully or unsuccessfully. By default, the Microsoft BackOffice folder is not shared, so network access to reboot.ini generally does not pose a risk. Users who can log onto the server locally would be able to access the file, but in most cases this ability is granted only to selected users such as administrators. The fix for this problem is to delete the file <systemdrive>\Program Files\Microsoft Backoffice\Reboot.ini after each BackOffice 4.0 installation, whether successful or not. The file is created only by the installer, and, once deleted, will not be re-created unless BackOffice 4.0 is re-installed. Affected Software Versions ========================== The following software versions are affected: - Microsoft BackOffice Server 4.0 What Microsoft is Doing ======================= On February 12th, Microsoft sent this security bulletin to customers subscribing to the Microsoft Product Security Notification Service (see http://www.microsoft.com/security/services/bulletin.asp for more information about this free customer service). Microsoft has published the following Knowledge Base (KB) article on this issue: - Microsoft Knowledge Base (KB) article Q217004, †† BackOffice Installer Tool Does Not Delete Password Cache File. †† http://support.microsoft.com/support/kb/articles/q217/0/04.asp †† (Note: It might take 24 hours from the original posting of this †† bulletin for the KB article to be visible in the Web-based †† Knowledge Base.) What customers Should Do ======================== Microsoft recommends that customers ensure that they delete the file <systemdrive>\Program Files\Microsoft Backoffice\Reboot.ini after the installation program for BackOffice 4.0 completes More Information ================ Please see the following references for more information related to this issue. - Microsoft Security Bulletin MS99-005, †† BackOffice 4.0 Does Not Delete Installation Setup File †† (the Web-posted version of this bulletin), †† http://www.microsoft.com/security/bulletins/ms99-005.asp. - Microsoft Knowledge Base (KB) article Q217004, †† BackOffice Installer Tool Does Not Delete Password Cache File. †† http://support.microsoft.com/support/kb/articles/q217/0/04.asp †† (Note: It might take 24 hours from the original posting of this †† bulletin for the KB article to be visible in the Web-based †† Knowledge Base.) Obtaining Support on this Issue =============================== If you require technical assistance with this issue, please contact Microsoft Technical Support. For information on contacting Microsoft Technical Support, please see http://support.microsoft.com/support/contact/default.asp. Revisions ========= - February 12, 1999: Bulletin Created For additional security-related information about Microsoft products, please visit http://www.microsoft.com/security <snip> Approved-By: secnotif@MICROSOFT.COM X-Mailer: Internet Mail Service (5.5.2524.0) Date: Mon, 8 Feb 1999 15:06:09 -0800 Sender: Microsoft Product Security Notification Service <MICROSOFT_SECURITY@ANNOUNCE.MICROSOFT.COM> From: Microsoft Product Security <secnotif@MICROSOFT.COM> Subject: Microsoft Security Bulletin (MS99-004) To: MICROSOFT_SECURITY@ANNOUNCE.MICROSOFT.COM Microsoft Security Bulletin (MS99-004) -------------------------------------- Patch Available for Authentication Processing Error in Windows NT (r) 4.0 Service Pack 4 Originally Posted: February 8, 1999 Summary ======= > Microsoft has released a patch that eliminates a logic error in Service Pack > 4 for Windows NT 4.0 that could, under certain conditions, allow a user to > log on interactively and connect to network shares using a blank password. > The vulnerability primarily, but not exclusively, affects Windows NT servers > that serve as domain controllers in environments with DOS, Windows 3.1, > Windows for Workgroups, OS/2 or Macintosh clients. In general, customers who > have deployed only Windows NT, Windows 95 and Windows 98 client workstations > are not at risk from this vulnerability. A fully supported patch is available for this vulnerability, and Microsoft recommends that all customers evaluate the risk to their systems and, as appropriate, download and install it on affected computers. Issue ===== The Windows NT Security Account Manager (SAM) database stores the hashed password for each user account in two forms: an "NT hash" form that is used to authenticate users on Windows NT clients, and an "LM hash" form that is used to authenticate users on Windows 95, Windows 98, and downlevel clients such as DOS, Windows 3.1, Windows for Workgroups, OS/2 and Macintosh. When a user changes his password via a Windows NT, Windows 95 or Windows 98 client, both the "NT hash" and "LM hash" forms of the password are updated in the SAM. However, when the user changes his password via a downlevel client, only the "LM hash" form of the password is stored; a null value is stored in the "NT hash" field. This is normal operation. When a user attempts an interactive logon or a network share connection from a Windows NT system, the Windows NT authentication process uses the "NT hash" form of the password. If the "NT hash" is null, the "LM hash" of the password is used for verification. (Windows 95, Windows 98 and downlevel clients always use only the "LM hash" for verification.) The logic error in Service Pack 4 incorrectly allows a null "NT hash" value to be used for authentication from Windows NT systems. The result is that if a user account's password was last changed from a DOS, Windows 3.1, Windows for Workgroups, OS/2 or Macintosh client, a user can logon into that account from a Windows NT system using a blank password. By far the most likely machines to be affected by this vulnerability would be domain controllers running Windows NT 4.0 SP 4, in networks that contain any of the downlevel clients listed above. However, any server or workstation running Windows NT 4.0 SP 4 that contains a SAM database with active users who communicate from downlevel clients would be vulnerable to this problem. For example, a workgroup of Windows NT 4.0 SP 4 systems, one of which is accessed by Windows for Workgroups clients, would be affected by this vulnerability. It is worth reiterating the following points: - Even on an affected network, a user whose most recent †† password change was performed via Windows NT, Windows 95 †† or Windows 98 workstations will have a non-null "NT hash" †† value, and hence will not be at risk. - Customers who are affected by the vulnerability need only †† apply the patch to machines that contain SAM databases †† with active user accounts. - There is no need for users to update or change their passwords †† after applying the patch. Even in vulnerable systems, the SAM †† database entries are valid; the problem lies in the way SP4 †† processes them. The patch corrects the authentication process †† logic in SP4 without changing the SAM database entries in any way. Affected Software Versions ========================== The following software versions are affected: - Microsoft Windows NT 4.0, Service Pack 4 What Microsoft is Doing ======================= On February 8th, Microsoft released a patch that fixes the problem identified above. This patch is available for download from the sites listed below. Microsoft has sent this security bulletin to customers subscribing to the Microsoft Product Security Notification Service (see http://www.microsoft.com/security/services/bulletin.asp for more information about this free customer service). Microsoft has published the following Knowledge Base (KB) article on this issue: - Microsoft Knowledge Base (KB) article Q214840, †† MSV1_0 Incorrectly Allows Network Connections for Specific Accounts †† http://support.microsoft.com/support/kb/articles/q214/8/40.asp †† (Note: It might take 24 hours from the original posting of this †† bulletin for the KB article to be visible in the Web-based †† Knowledge Base.) Microsoft has posted the following hot fixes to address this problem. Please note that the URLs below have been word-wrapped for readability. - Fix for x86 version: †† ftp://ftp.microsoft.com/bussys/winnt/winnt-public †† /fixes/usa/NT40/hotfixes-postSP4/Msv1-fix/msv-fixi.exe - Fix for Alpha version: †† ftp://ftp.microsoft.com/bussys/winnt/winnt-public †† /fixes/usa/NT40/hotfixes-postSP4/Msv1-fix/msv-fixa.exe What Customers Should Do ======================== The patch for this vulnerability is fully supported, and Microsoft recommends that all affected customers apply it. The URLs for the patch are provided above in What Microsoft is Doing. More Information ================ Please see the following references for more information related to this issue. - Microsoft Security Bulletin MS99-004, †† Patch Available for Authentication Processing †† Error in Windows NT 4.0 Service Pack 4 (the †† Web-posted version of this bulletin), †† http://www.microsoft.com/security/bulletins/ms99-004.asp. - Microsoft Knowledge Base (KB) article Q214840, †† MSV1_0 Incorrectly Allows Network Connections for †† Specific Accounts. †† http://support.microsoft.com/support/kb/articles/q214/8/40.asp †† (Note: It might take 24 hours from the original posting †† of this bulletin for the KB article to be visible in the †† Web-based Knowledge Base.) Acknowledgements ================ Microsoft wishes to acknowledge Harry Johnston, School of Computing and Mathematical Sciences, University of Waikato, New Zealand, for discovering this vulnerability and reporting it to us. Obtaining Support on this Issue =============================== This is a supported patch. If you have problems installing this patch or require technical assistance with this patch, please contact Microsoft Technical Support. For information on contacting Microsoft Technical Support, please see http://support.microsoft.com/support/contact/default.asp. Revisions ========= - February 8, 1999: Bulletin Created For additional security-related information about Microsoft products, please visit http://www.microsoft.com/security ----------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR
LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
FOREGOING LIMITATION MAY NOT APPLY.
(c) 1999 Microsoft Corporation. All rights reserved. Terms of Use.
