Power Hacker 2003

home *** CD-ROM | disk | FTP | other *** search

/ Power Hacker 2003 / Power_Hacker_2003.iso / E-zine / Magazines / default / default6.txt < prev next >

Wrap

Text File | 2002-05-27 | 54.8 KB | 1,217 lines

Default newsletter Issue #6 http://default.net-security.org 28.09.1999 Help Net Security http://www.net-security.org TABLE OF CONTENTS ----------------- I. Editorial II. Default mirrors III. Defaced pages IV. Ech0 Security Scanner - What's that again ? V. Y2K: hoaxes and scams VI. Infection & Vactination VII. Hi, my name is... VIII. Virology 101: A primer to computer viruses IX. More from the ACPO front X. Network Solutions Stumbles on WebMail Offering XI. Securing your Mac XII. Why NT isn't what it is claimed to be XIII. Freedom of the speech related incidents XIV. Meet the underground I. Editorial ----------------- Hey there. It's us again :) Ok let's start with the obvious: Default skipped a week. And as much as I (Thejian) would like to blame the other editors, it was my fault. But then again, my life has been pretty damn hectic lately and I really worked my ass off, which is no excuse of course, but it'll have to do. I'm glad to inform you however that the problem is solved for future issues because we have at least one more editor for the end-formatting in place now which should take care of the problem quite effectively. This also caused a delay in the Telecom-section, but I'm outlining a new series of articles there which will be pretty damn good if I may say so myself, so I hope that if someone actually reads it :)))) they will have some patience, it will be worth it. Due to formatting problems this weeks crypto section has not been included in this issue but is accessible at following url: Doc version > http://default.net-security.org/6/OTP.doc Txt version > http://default.net-security.org/6/OTP.txt Well since I have to go release this thing, thank you all and enjoy the read. It's yet another good one, again if I may say so myself. For the HNS and HNS Default Crew: Berislav Kucan aka BHZ, webmaster Help Net Security bhz@net-security.org Xander Teunissen aka Thejian, co-webmaster Help Net Security thejian@net-security.org Subscribing information: mail majordomo@net-security.org with a message in the body "subscribe news youremail" II. Default mirrors --------------------- http://www.nwo.net/default http://www.403-security.org/default http://www.monitor.hr/security/default http://www.attrition.org/~modify/texts/zines/default http://www.projectgamma.com/archives/zines/default http://www.dark-e.com/default http://ech0.zort.org/default http://www.deepquest.pf/default If you mirror Default, please inform us, so we could add you to the list. III. Defaced pages ------------------- Mirrors thanks to Attrition (www.attrition.org) Site: The Nasdaq Stock Market Web page (www.nasdaq-amex.com) Mirror: http://default.net-security.org/6/nasdaq.jpg Site: First American National Bank (ns1.fanb.com) Mirror: http://default.net-security.org/6/ns1.fanb.com.htm Site: NAACP (www.naacp.org) Mirror: http://default.net-security.org/6/www.naacp.org.htm Site: Bank of Uganda (www.bou.or.ug) Mirror: http://default.net-security.org/6/www.bou.or.ug.htm Site: Arizona Libertarian Party (www.lpaz.org) Mirror: http://default.net-security.org/6/www.lpaz.org.htm Site: I-Phone (www.iphone.com) Mirror: http://default.net-security.org/6/www.iphone.com.htm Site: Defense Contract Management District West (internet.dcmdw.dla.mil) Mirror: http://default.net-security.org/6/internet.dcmdw.dla.mil.htm IV. Ech0 Security Scanner - What's that again ? ------------------------------------------------- Welcome folks. Well I ll give the readers of default a little preview what eSS is. So you ask now what eSS stands for, well thats simpel, it stands for Ech0 Security Scanner. It will be a unix security scanner. So what's special on it ..? Well special about it, is that it will be big * great * huge * with much shit included. It will feature unix network scanning for all simple vulnerabilities which are all-known, like qpop, pop2, pop3, cgi-scan, ftpd, telnetd, imapd, bind, nfs, named, smtp, fingerd, up to advanced features like network maping, system version, firewall scannig with version and many other security holes which can be exploited. It got CKS's famous Cgi scanner implented which scans for about 50 cgi holes. All in one we hope that we can offer you a fast and strong unix security tool/scanner with eSS. If you are interessted in unix security/scanning and C and would like to check out a copy of eSS when it is in beta phase just email to: - info@ech0.de You can also mail us if you have any questions and/or suggestions. For more information and the news feautring Ech0 Security Scanner check out - http://www.ech0.de V. Y2K: as the millenium approaches -------------------------------------- With upcoming Year 2000 and Y2K problem many new programs for its solution are producing. With it, Y2K hoaxes are also spreading. This article is just a compilation of several known Y2K hoaxes. 1) AOL Year 2000 Update Hoax ------------------------------------------------------------------- Do Not DOWNLOAD !! submitted by AngelOfWuv It will come to you as....... "America online year 2000 Update" it will have a File: Y2KFIX.EXE (41229 bytes) DL Time (115200 bps): 1 minute DO NOT DOWNLOAD IT, ITS A VIRUS . 1) IF AOL WANTED TO UPDATE YOUR SYSTEM, THEY WOULD DO IT WHILE YOU WERE ONLINE, NOT THIS WAY 2) IF AOL WERE TO DO IT THIS WAY THEY WOULD JUST SEND YOU AN MAIL TO CONTACT THEIR WEBSIGHT AND THEN DOWNLOAD THE NECESSARY FILE FORWARD TO "TOSEMAIL1" THE REST OF IT GOES AS FOLLOWS: Hello, I am Richard Brunner of the AOL TECH Team and we have recently finished work on this project which is the AOL Year 2000 Update. The function of this program is to make your AOL version completely compatible with the year 2000 bugs that will occur on most computers. This program will work on Windows 3.1, Windows 95, Windows 98, and Macintosh. It has been made to be as user-friendly as possible. You just have to: 1. Double click on the icon 2. Restart your computer and your computer and AOL will automatically be updated. If you experience any problems with this file please report them to this e-mail address. ------------------------------------------------------------------- Y2KFIX.EXE wasn't found anywhere on The Internet. This is just a example of mass mail hoax. Purpose of it is to spread panic to big number of inexperienced computer users. When people get this kind of messages they don't even read it they just forward it to all contacts on their list. 2) Y2KCOUNT trojan horse ------------------------------------------------------------------- To All Microsoft Users, We are excited to announce Microsoft Year 2000 counter. Start the countdown now. Let us all get in the 21 Century. Let us lead the way to the future and we will get you there FASTER and SAFER. Thank you, Microsoft Corporation ------------------------------------------------------------------- This e-mail arrives with attached trojan horse named Y2KCOUNT.EXE which: It drops several files into WINDOWS\SYSTEM folder: PROCLIB.EXE PROCLIB.DLL PROCLIB16.DLL NTSVSRV.DLL It appends NTSVSRV.DLL into the DRIVERS= line under [BOOT] section of SYSTEM.INI file. This modification loads the trojan every time the system boots up. It modifies the registry entry ...\Shell\OpenHomePage\Command to @="C:\WINDOWS\ SYSTEM\PROCLIB.EXE" This modification loads PROCLIB.EXE upon web/internet access. Upon the next system reboot, it will also rename the WSOCK32.DLL file to NLHVLD.DLL and replace it with PROCLIB16.DLL. This allows the trojan to hook network (specifically internet) connection activity. 3) "Windows will fail" hoax ------------------------------------------------------------------- "Every copy of Windows will fail on January 1st unless you fix it now, to fix it..." 1.Click on "My Computer". 2.Click on "Control Panel". 3.Click on "Regional Settings". 4.Click on the "Date" tab. Where it says, "Short Date Sample" look and see if it shows a "two Digit" year. Of course it does. That's the default setting for Windows 95, 98 and NT. This date RIGHT HERE is the date that feeds application software and WILL NOT rollover in the year 2000. It will rollover to 00. 5.Click on the button across from "Short Date Style" and select the option that shows mm/dd/yyyy. Be sure your selection has four Y's showing, not two. 6.Click "Apply" and then click on "OK" at the bottom. Easy enough to fix. However, every single installation of Windows worldwide is defaulted to fail Y2K rollover. "Thanks and have a great day" ------------------------------------------------------------------- This is a standard e-mail hoax. More information could be found on: http://www.microsoft.com/y2k/hoax/y2khoax.htm 4) Cadillac hoax ------------------------------------------------------------------- Dear **** *********, We regret to inform you that your product purchased from an authorized General Motors Dealership is not compatible with the Year 2000 Problem. Steps are being taken to resolve this problem and the solutions are in the making. The onboard computer in Cadillac models made from 1974 to 1992 are not designed to recognize the year 2000 as the year 2000. Problems may arise in the climate control and repair maintenance modules. Modifications may be made to your Cadillac's onboard computer. The nearest authorized service center is [deleted] located at [deleted]. You can contact this service center at [deleted]. The service to be performed on your model is free of charge, and we apologize for any inconveniences that this may cause you. Sincerely, General Motors, Inc. Cadillac of America ------------------------------------------------------------------- This message was sent to comp.software.year-2000 on Saturday, January 23. Image of the actual letter that was used in the hoax could be found on: http://default.net-security.org/6/cadillac_1.jpg Problems of this hoax written by one hoax analyst: * though a logo decorates the top of the page, no address is associated with it * the letter is not dated * it asserts that the product "is not compatible with the Year 2000 Problem"; but nothing is compatible with the Year 2000 Problem: compatibility must be with the year 2000, not with the Y2K problem * the year 1974 does seem much too early for any automobile to have been made with an on-board computer * the first sentence of the second paragraph is ungrammatical: "The onboard computer... are not designed...." * the recipient is directed to the nearest service center for modifications to the computer, though the first paragraph had asserted that steps "are being taken" and a fix "is in the making", implying that the modification has not yet been readied * only a street address (no city) is given for the nearest service center 5) Fix2001.exe worm ------------------------------------------------------------------- Estimado Cliente: Rogamos actualizar y/o verificar su Sistema Operativo para el correcto funcionamiento de Internet a partir del A_o 2000. Si Ud. es usuario de Windows 95 / 98 puede hacerlo mediante el Software provisto por Microsoft (C) llamado -Fix2001- que se encuentra adjunto en este E-Mail o bien puede ser descargado del sitio WEB de Microsoft (C) HTTP://WWW.MICROSOFT.COM Si Ud. es usuario de otros Sistemas Operativos, por favor, no deje de consultar con sus respectivos soportes tecnicos. Muchas Gracias. Administrador. Internet Customer: We will be glad if you verify your Operative System(s) before Year 2000 to avoid problems with your Internet Connections. If you are a Windows 95 / 98 user, you can check your system using the Fix2001 application that is attached to this E-Mail or downloading it from Microsoft (C) WEB Site: HTTP://WWW.MICROSOFT.COM If you are using another Operative System, please don't wait until Year 2000, ask your OS Technical Support. Thanks. Administrator ------------------------------------------------------------------- W95.Fix2001 is an internet worm. It arrives on an e-mail as a MIME-encoded attachment called Fix2001.exe. The subject of the received e-mail is "Internet problem year 2000". It is sent by a person called "Administrator". More information on this worm and its removal could be found here: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_FIX2001 Conclusion: Hoaxes were always around. New Millennium just gave inspiration to hoax makers. Always be careful and try to read the whole mail you get, because every hoax has its error, a clue that says: "I am a fake". Just DON'T forward this kind of letters to your contacts, because then you will do what the hoax maker wants you to do. It is silly that when newspapers get this kind of hoax, they publish about it as it is real - yet another problem of unqualified journalists. EOF Berislav Kucan aka BHZ, bhz@net-security.org VI. Infection & Vactination ----------------------------- This week we have all the info you could ever want on the new version of DeepThroat. Yes we even have more then one trojan this week! We also have some updates on Back Orifice 2000 plugins. Finally we have our review of The Cleaner.=20 DeepThroat 3.1.0 was just released on September 5th. This version fixes many of the bugs that were found in the initial 3.0 release. While I have not tested, there are possible bug problems. Though shortly after the release |Cold| announced he would not be working on Deep Throat for sometime if he ever does. Since he has at least temporarily stopped, he released the source code to the server(Delphi). But not the code for the client. He also released info on the backdoor in this backdoor program. If you try to connect to a normal 2.1 server you can enter: awhothefuckdoyouthinkiamgoddamnit1 as your password. Same with the 3.x servers only you enter: whothefuckdoyouthinkiamgoddamnit3. Also recently due to demand there is a new secure server with no universal password. Yes the long awaited SubSeven 2.0 has just been released. Version 2.0 comes with a lot of new stuff. Now it can not only intercept ICQ messages it can intercept AIM and Microsoft Messenger messages. It can also get the ICQ and AIM user lists and passwords. Like NetMetro below there is a Matrix feature, black screen and green you know.. SubSeven 2.0 has a few other new features to that are not so important. Also there is a completely new editserver. EditServer 2.0 now is setup like a wizard. You have to keep hitting next, I personally liked the old one where you had everything on one screen. But anyways it has a 3 new features. One features makes it so the port and password can never be changed. Another deletes the original server file after it is ran the first time. The third feature password protects the server from other edit servers. So, you can not read the info from a server you have been infected with. If you ever happen to be infected with a 2.0 server you can send it to zemac@dark-e.com. We can remove the password at for you. Lastly subSeven has a new way to infect people. The _Not_ Known way. Sounds scary doesn't it? Actually it's not scary at all it's just another way Microsoft allows programs to load through the registry. Our next trojan is NetMetro. This is actually a decent trojan with some potential future. Most of it's features are normal ones that all the trojans come with now. But, it did have two interesting ones. The first one is Tic-Tac-Toe! You can play the server in Tic-Tac-Toe, which is just cool. Plus to make it better the client can cheat by taking away the server's turn. The other different feature is the Matrix screen. The server's screen goes back and says "The matrix has you", at this point the server is helpless. NetMetro also runs on Windows NT, which is a rare thing. The client has a remove button, so it would appear it infects computers, but I could not see it actually infect. So, at this time the removal info is unknown if it actually does infect. -More info visit: http://www.dark-e.com/archive/trojans/netmetro/index.html Illusion Mailer 0.05 is a new trojan with a new idea. This trojan allows completely anonymous email to be sent to anyone. It works by infecting the someone with server file. Then you connect to them via the client, enter an email address you want to send to and fill out the email. Then the email is sent and cannot be traced, since the IP will be the server computer's IP. Guess what we even have another trojan. This one is called Fuck You AVP. What a wonderful name that is. Actually this is a nasty trojan. When downloading the trojan, and running the client you infect yourself with SubSeven 1.8. Maybe this is a sign not to use trojans or trust them at least. Anyways once running the client your computer tells the person your IP via ICQ and Email. Plus unknown to you but you start advertising it in an IRC channel. As for the real trojan we do not have a clean copy. We do know it runs on port 1212. There have been 4 Back Orifice 2000 plugins released since last time we discussed them. Our first plugin is called Rattler. Rattler emails the Back Orifice 2000 server's location to someone. Unlike ButtTrompet it does not email every time the server goes online it emails every time a new IP address is used by the server. Next we have RC6Encrypt. This is another encryption plugin for Back Orifice 2000. It gives 384 bit encryption. Serphent Encryption is guess what another encryption plugin. This plugin allows fast use of the non-export restricted 256 bit SERPHENT encryption. The last plugin we have is BO STCPIO. This makes Back Orifice 2000 packets very hard to detect. It encrypts the packet header using whatever encryption plugin that is installed. Also one last thing on Back Orifice 2000 that we just learned about, is the US Distribution has been discontinued. The US encryption export laws and cost of the only US download server. Okay we all know there are tons of trojans out there for anyone to use. So, what do you do if you want to protect yourself from them? Simple get a trojan remover. Of course there are a few out there and the good ones all cost money. So we are reviewing them one by one to let you know how effective they are. This week we are checking out The Cleaner. The cleaner is a solid trojan scanner. It has good speed and a large database. If you need something to scan your entire computer then you should get The Cleaner. It does lack some useful features such as background scanning. So, you will have to leave your computer alone for 30 minutes or so to scan. We have also been able to look at the new beta version of The Cleaner. The features appear to remain the same it has a remote update which is cool, and a better looking GUI. Zemac zemac@dark-e.com http://www.dark-e.com VII. Hi, my name is... ----------------------------- Greetings! For those of you who have never heard of me before, my name is Doug Muth, among my many interests, computer viruses are one of them. I was contacted by the folks at Default some time ago about the possibility of writing some articles about computer viruses for the newsletter, and as Douglas Adams would do, I immediately accepted before they realized they had the wrong person! :-) So, a little about myself. Hmm... I first got interested in computer viruses back in 1992 with the Michelangelo scare, which was quite interesting as I didn't even own a computer back then! So I headed over to the local library and checked about 5 different books relating to viruses and computer security, and learned a great deal with that simple action. About a year later, I got into BBSing, and about a year after that in 1994 I found Fido Net's Anti-Virus echos and after awhile of lurking there, started to realize that I know more about viruses than the average person, so I participated and tried to help users out. In 1995, I made the move from BBSes onto the Internet and joined the Usenet equivelent of Fido Net's echos, known as comp.virus. Sometime afterwords, I noted that there didn't seem to be very many webpages on the Internet which discussed viruses in a manner which someone who isn't familliar with them could understand. So, after having ingested way too much caffene, I proceeded to create one. It now resides <http://www.claws-and-paws.com/virus/> for those who are interested. Anyway, as for the articles which I'll be writing for the newsletter, not being a member of the hacking community, I'm not entirely sure of what everyone's background is on virology. I'll try and start out with a simple article and gradually get into more detail. I will also try to highlight any particular nasty viruses which have either just been released or are still "in the wild", or infecting systems outside of those owned by virus researchers. If anyone has any suggestions for what they would like to see in a future article or needs further explanation of something I mention in an existing one, feel free to drop me a line directly. My e-mail address is <dmuth@ot.com>. Cheers! VIII. Virology 101: A primer to computer viruses ------------------------------------------------------------- So, what IS a computer virus? Like its biological counterpart, a virus is a piece of computer code (as opposed to genetic code) which can hide itself inside of one program and infect other programs when the host is run. The most important thing to remember about ANY virus is that it is just another program, and as such can only do what any other program can do. This means that it can format your hard drive, since that's something which a program can do, it can send e-mail (thanks to Microsoft's lack of security on their software), but it can't do things such as damage your hardware, unless you have an ancient ST-506 hard drive that lets you move the heads off the platter or some similar cheesy hardware. Now, there's a few different kinds of viruses, since there are 3 different mediums for viruses to travel in: Files, Boot records, and Documents. File infectors do just that, they infect executable files. Back on the old MS-DOS systems, .EXE and .COM files would be infected, as well as the occaisional virus being able to infect .OVL files, which are loaded by an executable, similar to Win 95's DLLs or UNIX's shared libraries. Some of the nastier ones (like Dark Avenger) would load themselves into memory and remain there, even after the host program was finished executing. You can imagine what happens next, the next time an executable file so much as has its attributes checked, it gets infected. Of course, not all viruses are this nasty. There are others (such as DeathDragon) which, when executed infect one or more other files and exit, running the original (host) program. Furthermore, there is a subclass of file infectors which infect PE EXE files, the format used by Windows 95/98 and Windows NT. Boot infectors are a little more interesting. On hard drives they can either infect the Master Boot Record (MBR) or one of the boot sectors of an individual partition. (More on the difference in a future article!) They travel via floppy disks which have their boot sector infected. A system is normally infected by booting from an infected floppy, at which point the virus code is copied to the hard drive. The MBR may or may not be replaced by the virus. This can lead to interesting complications like not being able to "see" your hard drive when booting from a floppy, such as is the case with the Monkey family. That's why the command FDISK /MBR is *not* your friend! A fair amount of boot infectors are "stealthed", which means they can hide themselves from normal software and some anti-virus programs. That's why booting from a floppy is usually necessary to disinfect your system from a boot sector infector. Of course now you are wondering how you can disinfect your system in this manner if you are infected with Monkey and can't see your harddrive? That will be the subject of a future column as well. Lastly, there are the macro infectors, which infect documents of a particular application which supports macro langauges. The most popular application that macro infectors are written for is Microsoft Word 97. Of course, other products (most of which are written by Microsoft, heh!) which have their own macro langauges can be infected as well. The general concept with document infectors is that Microsoft's lax security allows macros in a given document to be executed as soon as it loaded. At that point, a macro infector can do whatever it wants. It usually infects a "global" area of the application, which contains macros that are executed upon startup, so that when the application is restarted (not that it would /ever/ happen with a Microsoft product) the virus is started up as well. Finally, there are some infectors known as multi-partite, which means they can infect more than one medium. A good example here is One-half, which infects files as well as boot records. As if that isn't bad enough, it goes so far as to start encrypting files on the hard disk, so if you disinfect the virus, you loose the decryption key as well and your data is lost! If I have written this article properly, I think I have succeeded in getting everyone's attention, and maybe even stressing out a few people. Good, because viruses aren't fun and games, they are serious problems in today's computing world! They cost businesses thousands of dollars when dealing with an infection because some employee decided to not to scan the game they brought in from home! Take care, and stay bug free! Doug Muth dmuth@ot.com IX. More from the ACPO front ------------------------------ Hi again All: Natasha again from http://www.antichildporn.org. This is going to be a bit different from my past articles. In fact I pose a question to the Internet community. As you know, we're attempting to element Child Porn on the Internet. The issue we are concerned about is how far to go with this with out infringing on our first amendment rights, or jeopardizing our freedom of speech. Let's take an imaginary situation. We find a verified Child Porn site in *say Russia where we have no legal resources to help us prosecute the individual that is dispensing this filth. What steps can we take to eliminate this site, and prosecute the Admin? We don't hack a site, that's only a quick fix, and we don't condone illegal activities at ACPO. Remember all this is hypothetical, what *if we could block transmission to that site? Would you consider that an infringement of our first amendment rights? Remember these pictures are of Children under 13 years of age in sexual acts with people and some even with animals. Don't the children used/abused in the pictures have any rights? Is, or should Pedophiles first amendment rights come before the children's? Here's another what *if. What if we could find a way to investigate the people that signed up with these pay sites? What if the credit card companies would work with law enforcement and ACPO? Would you feel that that information should be held as confidential information and to be valued as such? What about your privacy issues? Well, that should be enough what ifs for now, but these are questions we are thinking we might have to deal with and would like you're feed back. You can mail me at natasha@infovlad.net or post on our BBS your thoughts http://www.antichildporn.org You'll find the BBS there. Thanks again for this forum. Natasha Grigori Founder ACPO http://www.antichildporn.org/ natasha@infovlad.net X. Network Solutions Stumbles on WebMail Offering ---------------------------------------------------- Many of you may have heard of the situation with Network Solutions Incorporated (NSI), either from online news sources or from the email sent out by NSI themselves. NSI, in offering a new service, has committed a blunder that has many major technology news sources talking. Network Solutions ('the dot com people'), also known as InterNIC, is the company responsible for the registration of domain names ending in .com, ..net, .org, and .edu. Starting this past Wednesday, many adminstrative contacts for registered domains received mail from netsol1@integram.org, a Virginia-based company that handles bulk mailing for NSI, stating that Network Solutions has created a new web-based email service similar to those offered by companies such as Hotmail and Yahoo, called Dot Com Now Mail (http://mail.dotcomnow.com/). Those who had registered domains with Network Solutions (customers of NSI) or Premier Program members (those who registered through NSI associates like Pair) got a special treat -- NSI went ahead and created accounts for every customer who has registered a domain name with them. This in itself would be little more than irritating at worst and appreciated by some at best, were it not for the way NSI went about making these accounts available. To begin with, the account name is generally the last name of the domain's administrative contact (with a number appended, if several people had the same last name). Predictable enough; if my name is Joe Example, my account name is probably example, or example1234. However, the account's password -- which Network Solutions emailed out, unsolicited, in plain text -- is the same as your account name with the letters 'nsi' on the end. If your account name is example, you can log in with the password examplensi. It gets better. When you log in to your account (or anyone else's, since if you have the account name from a quick whois lookup of any domain you like -- perhaps plus a short string of numbers -- the password's an easy guess), you're logging in on their web page in the clear -- no encryption, no SSL, nothing. Also, the password is truncated at eight characters, so if your account name is eight characters long or more, the password's the exact same as the account name. Again, for instance, if your account name is example and your password is examplensi, you can log in as examplen; if your account name is example1234, your password is effectively example1. The password, then, is extrmely insecure. It gets better: you cannot decline this 'service', nor can you terminate your own account online...you have to call Network Solutions, and at the time of this writing I am unaware if they are willing to delete accounts over the phone. For more information, Slashdot has an article and responses available at http://slashdot.org/articles/99/09/16/0054246.shtml, and Attrition has released an advisory at http://www.attrition.org/news/content/99-09-16.001.html. Network Solutions has yet to respond to the questions raised by this move; however, as of Thursday afternoon, they started redirecting http://www.netsol.com/ to http://www.networksolutions.com/, NSI's home site. The problem still exists, though, and anyone who cares to give it a try can check http://mail.dotcomnow.com/ and log in. It is true that this new account does not allow you to make DNS changes or grant you additional permissions, and it is also true that it's easy enough to go to -any- web-based email service and register a name that might be used to impersonate another person or company, but many issues persist -- the default password for these unwanted, unsolicited accounts is far too easy, many of these accounts will surely be compromised or taken over before the legitimate user can access them, many people forget to change their initial passwords, and a great deal of damage can be done even if the accounts can't be used to impersonate someone or gain access to domain registration information. Presumably, each account is tied to a person, in NSI's database -- if Joe Example owns the domain example.com, and the account example@dotcomnow.com is associated with Joe's name in NSI's database, then any time that email address is used for illegal purposes, NSI will come looking for Joe. So if Joe Example's account is taken over before he can even get to it, and that account is used to spam thousands of addresses with ads for child porn, or used to sign up for a web mail service on which illegal material is posted, or used to send out death threats to unsuspecting recipients (yes, the dotcomnow.com mail does include the original source IP address in the headers, but that isn't much of a deterrent), Joe Example could get involved in a very unfortunate situation. I cannot recommend strongly enough that if you own a domain and have received mail from Network Solutions regarding this matter, you log in immediately, change your password to a random string of letters, numbers, and characters, and never use it again...and at the first opportunity, you call NSI and demand that they delete the account. /dev/null null@default.net-security.org XI. Securing your Mac ----------------------- A basical security begins with possibility or not log when your in front of a computer, I must admit that Apple was not concerned by this during the past year. The policy was easy one computer one person, at work or at home should the other people get acces to your box? Not sure you want your boss to read your mails or even take a look to files your store on your mac. One of most known product was atease, it was working with logon profiles and restricted access to make, read, or change setings on the computer. Often used in schools, or any other access it suffered of several bus allowing to bypass certain rights. Many other products are arrived on the market with different kind of restrictions. Use of profiles, startup password, or virtual partioning with encryption. But all those product are external to the OS itself. Well...not for a long time. Apple will introduce MacOs 9 very soon with incredible features: voice fingerprinting, users profiles, and key chains. One of the first OS that will introduce biometric logging. User profile to give some to priviledge to users, and key chain that will keep all your password in one place with one password.This was already used years ago in system 7 pro. At this you have to choose with the access you want to grant. A few files or folders, a whole hard disk, a partion? To restrict an access to a folder, a 5 cents trick would set the attribute of a folder or a file to invisible. Fastfind the searchengine. Using applescript could automate the task, or create a application-like. More seriously, the best solution would be to use encryption.PGP does a great job on conventionnal encryption, plus it's free (http://www.pgpi.com). PGP is really easy to use. It includes a suite of very usefull tools.Encryption of mail files, wiping of files with setup of the numbers of pass, pgpdisk and tunneling (X509 protocol). Usually up to 8 pass it's almost impossible to recover datas even using a data bench. The other usefull tool is pgpdisk. It creats a pgp partition, the partion is actualy a virtual one, it's only a encrypted file with the a size u predefine from few k to several giga. Pgp is a all in one, free, and the most reliable software to secure the access to your files or disk. Several other reliable solutions exist for corporate environement. Empower (http://www.empowerpro.com) was often use in companies, it's to me the best of all. It allow many restrictions, from the startup password, desktop restrictions (system folder, or folders), and use of RSA algorythm. The main advantage of this kind of tool is that it doesn't affect the user way of working. No actions are required by the user, and only a master password (from a group of predifined adminisrator) can modify those restrictions. Empower,File guard those software do the same: files and folders protection ( can be usefull against virus), encryption, startup passwords and much more. Few freeware or shareware solutions exist but usualy those commercial are very relyable. The main security problem is to know what you what to protect, and how it could affect the less possible to work. The encryption used are powerfull enought (rsa, des, idea). Don't hesitate to spend few dollars to ensure the access to your mac, or use pgp which is a great product but ask you many handlings, but on the other hand you have more tools. Make sure you define your needs before trying all those products because some has to be installed before you OS that you'll have to format first. by Deepquest deepquest@netscape.net http://www.deepquest.pf XII. Why NT isn't what it is claimed to be. ------------------------------------------- disclaimer: personal opinion by dev :) I was quite often impressed by people's psychology. The only thing I admit to uncle Bill is that he knew how to sell the software (not nowadays, but even before, when Windows 3 refused to be installed on other DOS versions than MS-DOS :) The real life example is Microsoft Windows NT. The commercials would actually make you think NT is not just Unix, but all other you ever wanted to have on your desk. And later, when you see computer *professionals* talking about advanced computing on Windows platforms, especially when you don't understand them, you definitely say ``Yes.''. Special rates exists for users in low-budget countries, where like 94% of the software is illegaly distributed, and you can't hide you just love your new toy. Now the psychology. You never ask yourself if that software really so good, the commercials forced you to believe NT kicks ass and you don't want to even discuss it. Also, the commercials made their type of users, which will never ask more than a system can offer them. I remember a 6 yrs old IBM's slogan they used to propagate OS/2: ``Don't operate within the system limits. Move to a higher level''. Ok, you messed a bit with your NT and you call yourself *computer professional*. More and more you are beeing invited to fix friends' computers. Concerning you personal habbits, you usually work under the administrator account (``who gives a fuck about priviledges, the box is mine after all''),change desktop theme on a daily basis, run mIRC and other professional programs. Now the bad part you never wanted to say out loud, or how the continuos Microsoft's propaganda fooled you (again, right?): Almost every system modification requires machine restart. But you don't mind. You feel you are doing something professional. You have to restart the whole OS so it can update your great changes. Now, if it is a server or something, system downtime is more like a curse. And when it goes into your habbit... On Unix/Linux machines, you have to restart the computer ONLY when 1) hardware fails, b) you change your kernel. The first is most likely not to happen, and kernel is something completely unknown to Windows users, since Microsoft doesn't really want computer gurus. Only (l)users. After all, I doubt their kernel is decent enough to be freely available in source code (even in binary :). For more information on kernels (lol), check out years old MS-DOS 6 book where it says ``it's the hart of every operating system''. Interesting enough, that's the last place where I saw ``kernel'' in Microsoft's world. However, the starting statement means means I can change network IPs, activate /deactivate network interfaces, completely scramble system configuration, and with no restart. New utilities/services are ready to operate when they are installed. Sound card drivers seem so small in that Linux world. I can start/stop sound support on multiple sound cards on the fly (funny, heh?). Modifications are updated automatically or I just have to say specific service to re-read the configuration files. What is more, all I ever wanted is documented under my /usr/doc directory. But who cares, I am the professional and my box isn't any kind of public server, so I can afford the downtime. And I still love my ''Recycle bin''. More downtime. Once you set up your home box and look at the nice Microsoft CD cover (but there's always something new for a professional to explore), BSOD - Blue Screen Of Death appears on your screen. Now what the fuck, you think! Damn Windows. You just throw a curse (restart it) and that's it. Did you ever think there are other, better systems? Nooo. How can it be, everyone's screaming Microsoft, Microsoft, they must have done the great job, I'm sure the price of their products is even underestimated. I like mIRC, after all... Well, NT fans usually argue with me when I mention them the uptime. It's like, ``No, my Windows machine is up for a week''. Hm, no need to say they left it idle just to go for the uptime. However, I met hard nuts who had their NTs up for 4 months. ``Now what do you say?''- they ask me, supposing I will appologize. Well, for them, and everyone who didn't know, let's just say I know a company with a UNIX machine. Interesting enough, at the time I saw it, it's uptime has been 7.5 years. NT (initial) price, licenses and usage in real world. How much are you willing to pay for an NT? A 350MHz platform with 256MB RAM would be decent enough. Let's say you want the maximum number of licenses, its like over 4,000$ just for the base system. Now, server can't run without the office suite, can it? Professional/Developer version looks nice. You have old computers, they are more like terminals. Terminal server is on the way. Some of you are very advanced, you need Microsoft Visual Studio. And there's always certain ammount for the registered mIRC. That guy Khaled Mardam-Gay just rocks (No harm was ment here, mr. Khaled, I just saw that in someone's VERSION reply). You pay professionals to set up the server, buy some other Windows licenses for other machines and finally you are broke, can't even pay attention :) Now, what kind of system is that, with ``per seat'' licenses? I think 50 licenses is the max , you can't pay more even if you'd like to. And compare that to thousands of users on unix servers every day. The fact is, NT is not even a server in common sense. Server in general is the machine that gives others to use its resources. Or, clients are supposed to take advantage of server's processing power. On real UNIX systems, that involves a lot of real terminals which consist of a monitor/keyboard pair, and they do nothing but provide (in short) more monitors for the same machine, the server can take all the load. In Microsoft sense, NT doesn't give them it's processing power; it is more like all eaten up by the system itself:) (Don't tell me the terminal server is there to achieve the same, I've met it and can shit on it) NT doesn't have telnet (yea, yea I know...) and all it can do is offer internet access, file and printing services. Internet access is so poorly implemented, each service goes through a proxy, instead of a global gateway, like the unix does it. Printing service usually screws up on NTs, that's why HP pulled out that great computer- printer machine that hooks up to the LAN and acts as a network printer. Ok, you don't believe me, NT is still the kickass system. But, lemme ask you, you heared of Hotmail, its microsoft's service. But, guess what, Hotmail runs on Unix machines. Intel, used to be so great partner of Bill's, uses Unixes. Popular, www.windows95.com also used Unixes. You wanted to check out the Compaq site. ``Server busy'', now what the hell.. yes, it's NT specific:) That reminds me of an Intel employee who said ``Days of bloatware (MS Software) are over''. Software availability and treatment of the users. Windows software is so private. No source code, no special documentation. All the Linux stuff is available in source code, and everyone can see it is a high-quality work. Guess what would happen if they would relase NT source code:)) It is implemented so it makes a difference if you click on a file from Word or from the Explorer. Oh god, is that called *software* these days?? When you are installing service packs, or other programs, it is packed so nice, you don't notice it's empty inside. On WindowsXX, user is more like an idiot. There's your monitor. I am your system. Point and click me, be lame. Pay for an upgrade. Get some promotion material in your snailmail. Feel protected. Be a perfect prototype of an ideal manipulation object. What linux can do here. Use linux, get it for free, read /usr/doc, become the professional. Meet unixes, don't say shit when you know shit about them. Meet the powerful structure, you'll kinda despise Microsoft after the new experience. Don't think of a unix console like of a DOS prompt. DOS, just like Windows, doesn't belong into the category of Operating systems (yes, by the definition). Read the paper at www.unix-vs-nt.org, find out more. Someone told me ``I dont give a damn about your Linux, its shit. I'll use it when I see it in every house, just like Windows''. Shit man, don't be a lazy jerk, be one of the people who actually make it happen. Btw, I didn't comment mIRC. It is the-top-of-lamness program, people get excited by mIRC scripts, like they are something, and when there is click-and-nuke, it kicks ass. Hah, a gimme a break. on Linux, I choose from 15 ways to remotely crash my friends computer. By messing in all computer fields, Microsoft completely ruined some standards. It balkanized the web. Office2000 ``save to web'' option doesn't pass any *standard conformance* HTML test. And guess how many jerks will use the option. MSIE is not a browser, it is a crap. For everyone who just needed office suite to pass to Linux, there is StarDivision company working on version 5 of their StarOffice. It was like 120$ for commercial use, but since Sun Microsystems bought them, the StarOffice is completely free for Unix and Windows platforms. Microsoft reached the critical mass of users, and now it is jumping on monkey's back, who's so dumb he doesn't sees a rock coming from behind. If you feel insulted, if you are a Windows user, I am glad. But, don't hate Unix. You can't hate something you don't know (including me:). Dev of net-security. net-security.org/linux XIII. Freedom of the speech related incidents -------------------------------------------- ******************************************************************* Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men. ---Ayn Rand ******************************************************************* Every day the battle between freedom and repression rages through the global ether. Here are this week's links highlights from NewsTrolls(http://www.newstrolls.com): ******************************************************************* Thursday, September 16: Tibetan Nun's Jail Term <http://www.insidechina.com/news.php3?id=92825> Stretched To 20 Years "It said the 23-year-old from Garu nunnery was initially sentenced to three years imprisonment in 1992 for attempting to stage a demonstration in Lhasa with another nun and three monks. Her sentence was extended by six years in 1993 for singing songs about Tibetans love for their country and families in her Drapchi prison cell, it said. She was given another eight or nine years in 1996, after she protested to prison wardens about the Beijing-chosen Panchen Lama, the group said." --------------------------------------------------------------------- Weekend, September 17-19 UK woman jailed for seven years in Burma for <http://news.bbc.co.uk/hi/english/uk/newsid_450000/450339.stm> singing democracy songs in public "Rachel Goldwyn, 28, was sentenced to seven years with labour on Thursday for tying herself to a lamp post in central Yangon and singing pro-democracy slogans...Burma's ruling junta took power in 1988 after violently suppressing pro-democracy demonstrations. It held a general election in 1990 but refused to let parliament convene after a landslide victory by the democratic opposition." Bennett accuses State Department of <http://www.dallasnews.com/technology/0915tech111y2kglobal.htm> witholding info... "Sen. Robert Bennett, R-Utah, chairman of the Senate special committee on the year 2000 problem, said after reviewing the report that the State Department was "withholding information from the public for fear of creating panic." "The information vacuum this helps create may result in the very panic they are striving to avoid," Mr. Bennett said. State Department officials said their embassies and consulates sent back gloomier assessments in June. Those assessments were changed after being shared with the countries being evaluated." ---------------------------------------------------------------------------- Monday, September 20 Analysis of <http://www.epic.org/crypto/legislation/cesa/analysis.html> The Cyberspace Electronic Security Act of 1999... reveals another huge loophole <http://www.wired.com/news/news/politics/story/21810.html> that threatens privacy... Allan Nairn, recently deported from East Timor also <http://asia.yahoo.com/headlines/200999/world/937825740-90920110917.newsworld.html> confirms that Indonesia's military was in charge of killings ""I actually recognised by face some of them from the streets of Dili as being among the street-level militia leaders. But it turns out all these men were police intelligence and they were being rotated back .. after having fulfilled their assignments in Dili." Nairn also said he saw a police intelligence document referring to a specific operation which had moved out a total of 323,564 people from East Timor." Democracy Party members, Mao Qingxiang and Shu Guang <http://www.insidechina.com/news.php3?id=93561> arrested for subversion... US-based Cultural Revolution scholar and writer, Song Yongyi, who was on leave in China <http://www.insidechina.com/news.php3?id=93445> arrested for "prying into state secrets"... 300 more Falun Gong members <http://www.scmp.com/News/China/Article/FullText_asp_ArticleID-19990920023633631.asp> arrested... ------------------------------------------------------------------ Tuesday, September 21 Is this America???... the people in DC vote 69% in favor of marijuana legalization and the <http://www.washingtonpost.com/wp-srv/local/daily/sept99/pmmarijuana20.htm> RESULTS ARE SUPPRESSED FOR ALMOST A YEAR??? Telecom New Zealand has devised <http://www.cnnfn.com/news/technology/newsbytes/136550.html> a sneaky Internet Tax... Lian Shengde and others speak on the <http://www.scmp.com/News/China/Article/FullText_asp_ArticleID-19990921025737294.asp> horrors of China's labor camps or Laogai... ""One of the obstacles to democracy is laogai, where its victims are tortured and murdered. Its very existence is shameful. In China's mainland, human rights are utterly crushed in the laogai, China's darkest corner." To disguise the exact purpose of the labour camps, each laogai camp had a public business name, the conference was told. The Shanxi Aluminium Products company is also the Shanxi Provincial No 1 Laogai, according to the foundation. Mr Wu estimated four to six million people were today imprisoned in 1,000 camps that are part of the system. Since 1949, 50 million people had gone through the system, he said." Police arrest Malaysian activists after <http://dailynews.yahoo.com/h/ap/19990921/wl/malaysia_anwar_4.html> pro-Anwar demonstrations "``The government can arrest us but more leaders will rise up,'' Tian said in a statement. ``The threats by Mahathir cannot oppress the people anymore.''" ------------------------------------------------------------------------------ Wednesday, September 22 Has the US been tapping Lebanese leaders phones and <http://asia.yahoo.com/headlines/220999/world/938000700-90922114528.newsworld.html> sending the details to Israel??? Financial Times journalist, 30-year-old Sander Thoenes, <http://asia.yahoo.com/headlines/220999/world/938000460-90922114110.newsworld.html> hacked to death and disemboweled by Indonesian militia ----------------------------------------------------------------------------- Thursday, September 23 This one just came in... and it's OUTRAGEOUS! VIRUS WRITING IS AN ART, NOT A CRIME. Finnish Parliament <http://www.helsinki-hs.net/today/230999-05.html> outlaws writing or distributing viruses! "This effectively means for example that anyone who keeps a virus program on their website that is available for downloading by visitors would become liable under the law. Liability for punishment is not limited to cases in which actual harm or hindrance is caused to data systems, or where the data or files of the infected system are corrupted or destroyed in the process. The intention to harm becomes the primary criteria for bringing charges, and this allows the authorities to bring offenders to book even if the virus is caught before it has a chance to operate." In just one week... diva aka Pasty Drone CEO NewsTrolls, Inc. "Free Minds...Free Speech...NewsTrolls" http://www.newstrolls.com pastydrone@newstrolls.com XIV. Meet the underground ------------------------- For this issue I interviewed th3 un1x b0wl1n' t34m, a group which defaced Securitynet.net and Antiterrorism.org. Compared to the indepth interview with v00d00, this was quite a different experience. Some of you might even argue that this shouldn't be in Default, because it kind of encourages the hacker stereotype mainstream media already throw on us. But this section is here to note the diverse opinions in the scene and the different people and their causes in there as well. So here it is, let's all just make up our own mind. ---------------- Thejian: Could you tell us a little bit about the th3 un1x b0wl1n' t34m? Strike: We're just a bunch of bored teenangers trying to get some attention. Thejian: What do you stand for? (Heh if you consider yourselves standing for anything at all that is) Strike: We don't stand for jack shit. Thejian: On your defacements you've lashed out to script kiddies etc, what is a script kiddie? Strike: Script kiddies are kids that has some badass program that will break into a machine for them. They're not real hackers like us. Thejian: Should hacking into servers be a crime when no damage is done and no data is stolen? Is it a felony or a "service"? Strike: It should be a crime. Indeed. That's what makes it exciting, etc. Thejian: Government reactions on defacements were pretty aggressive, was that called for? Strike: Heh, we just wanted to make people angry. Thejian: Why do you deface anyways? Is it all about the doing it for the kicks or is there something as an underlying message, something you hope these defaced pages will change? Strike: The defacements won't change jack shit. We're doing to for fun. And attention. Thejian: You always hear of hacker-ethic etc, but is there such an animal? Strike: Fuck hacker ethics. Thejian: Why is it do you think that so little admins actually try to patch their system and so many leave their systems wide open? Strike: They've never heard of internet security. Thejian: A lot of groups are claiming to go legit nowadays or are claiming that hackers would make the best admins for systems. But when you look at it realistically, would you hire a hacker (who defaced pages just like yours earlier just for kicks)? Strike: I would never hire a hacker as my system administrator. most hackers are pretty selfish and assholes, and they'll try to exploit you. Thejian: Anything you might want to tell our readers (closing shot) ? Strike: The world wide web sucks. We make fun of it by defacing pages. ---------------- Heh, don't say I didn't warn you :) Xander Teunissen aka Thejian, Help Net Security